Changeset 10bae6a


Ignore:
Timestamp:
Mar 5, 2019 3:43:23 PM (19 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
5b1b4ac
Parents:
bfafdd34
Message:

Data: Update Encrypted LS2 blinding and encryption to match current proposal 123
Hide b32 in console for encrypted LS2

Files:
5 edited

Legend:

Unmodified
Added
Removed
  • apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbRenderer.java

    rbfafdd34 r10bae6a  
    468468                else
    469469                    buf.append(dest.toBase64().substring(0, 6));
    470                 buf.append("</th></tr>\n<tr><td");
    471                 // If the dest is published but not in the addressbook, an extra
    472                 // <td> is appended with an "Add to addressbook" link, so this
    473                 // <td> should not span 2 columns.
    474                 String host = null;
    475                 if (!unpublished) {
    476                     host = _context.namingService().reverseLookup(dest);
    477                 }
    478                 if (unpublished || host != null || !linkSusi) {
    479                     buf.append(" colspan=\"2\"");
    480                 }
    481                 buf.append(">");
    482                 String b32 = key.toBase32();
    483                 buf.append("<a href=\"http://").append(b32).append("\">").append(b32).append("</a></td>");
    484                 if (linkSusi && !unpublished) {
    485                     if (host == null) {
     470                buf.append("</th></tr>\n");
     471                // we don't show a b32 or addressbook links if encrypted
     472                if (type != DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
     473                    buf.append("<tr><td");
     474                    // If the dest is published but not in the addressbook, an extra
     475                    // <td> is appended with an "Add to addressbook" link, so this
     476                    // <td> should not span 2 columns.
     477                    String host = null;
     478                    if (!unpublished) {
     479                        host = _context.namingService().reverseLookup(dest);
     480                    }
     481                    if (unpublished || host != null || !linkSusi) {
     482                        buf.append(" colspan=\"2\"");
     483                    }
     484                    buf.append(">");
     485                    String b32 = key.toBase32();
     486                    buf.append("<a href=\"http://").append(b32).append("\">").append(b32).append("</a></td>");
     487                    if (linkSusi && !unpublished && host == null) {
    486488                        buf.append("<td class=\"addtobook\" colspan=\"2\">").append("<a title=\"").append(_t("Add to addressbook"))
    487489                           .append("\" href=\"/susidns/addressbook.jsp?book=private&amp;destination=")
    488490                           .append(dest.toBase64()).append("#add\">").append(_t("Add to local addressbook")).append("</a></td>");
    489                     }
    490                 } // else probably a client
     491                    } // else probably a client
     492                }
    491493            } else {
    492494                buf.append("<th><b>").append(_t("Destination")).append(":</b> ");
  • core/java/src/net/i2p/crypto/Blinding.java

    rbfafdd34 r10bae6a  
    2828    private static final SigType TYPER = SigType.RedDSA_SHA512_Ed25519;
    2929    private static final String INFO = "i2pblinding1";
     30    private static final byte[] INFO_ALPHA = DataHelper.getASCII("I2PGenerateAlpha");
    3031
    3132    // following copied from RouterKeyGenerator
     
    113114     *  Only for SigType EdDSA_SHA512_Ed25519.
    114115     *
    115      *  @param dest spk must be SigType EdDSA_SHA512_Ed25519
     116     *  @param destspk must be SigType EdDSA_SHA512_Ed25519
    116117     *  @param secret may be null or zero-length
    117118     *  @return SigType RedDSA_SHA512_Ed25519
     
    120121     *  @since 0.9.39
    121122     */
    122     public static SigningPrivateKey generateAlpha(I2PAppContext ctx, Destination dest, String secret) {
     123    public static SigningPrivateKey generateAlpha(I2PAppContext ctx, SigningPublicKey destspk, String secret) {
    123124        long now = ctx.clock().now();
    124         return generateAlpha(ctx, dest, secret, now);
     125        return generateAlpha(ctx, destspk, secret, now);
    125126    }
    126127
     
    137138     *  @since 0.9.39
    138139     */
    139     public static SigningPrivateKey generateAlpha(I2PAppContext ctx, Destination dest,
     140    public static SigningPrivateKey generateAlpha(I2PAppContext ctx, SigningPublicKey destspk,
    140141                                                  String secret, long now) {
    141142        String modVal;
     
    156157        HKDF hkdf = new HKDF(ctx);
    157158        byte[] out = new byte[64];
    158         hkdf.calculate(dest.getHash().getData(), data, INFO, out, out, 32);
     159        int stoff = INFO_ALPHA.length + destspk.length();
     160        byte[] in = new byte[stoff + 4];
     161        // SHA256("I2PGenerateAlpha" || spk || sigtypein || sigtypeout)
     162        System.arraycopy(INFO_ALPHA, 0, in, 0, INFO_ALPHA.length);
     163        System.arraycopy(destspk.getData(), 0, in, INFO_ALPHA.length, destspk.length());
     164        DataHelper.toLong(in, stoff, 2, destspk.getType().getCode());
     165        DataHelper.toLong(in, stoff + 2, 2, TYPER.getCode());
     166        Hash salt = ctx.sha().calculateHash(in);
     167        hkdf.calculate(salt.getData(), data, INFO, out, out, 32);
    159168        byte[] b = EdDSABlinding.reduce(out);
    160169        return new SigningPrivateKey(TYPER, b);
  • core/java/src/net/i2p/data/EncryptedLeaseSet.java

    rbfafdd34 r10bae6a  
    130130        I2PAppContext ctx = I2PAppContext.getGlobalContext();
    131131        if (_published <= 0)
    132             _alpha = Blinding.generateAlpha(ctx, _destination, null);
     132            _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null);
    133133        else
    134             _alpha = Blinding.generateAlpha(ctx, _destination, null, _published);
     134            _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null, _published);
    135135        SigningPublicKey rv = Blinding.blind(spk, _alpha);
    136136        if (_log.shouldDebug())
     
    465465        if (_destination == null)
    466466            throw new IllegalStateException("no known destination to decrypt with");
    467         byte[] credential = hash(ctx, CREDENTIAL, _destination.toByteArray());
     467        SigningPublicKey destspk = _destination.getSigningPublicKey();
     468        int spklen = destspk.length();
     469        byte[] in = new byte[spklen + 4];
     470        // SHA256("credential" || spk || sigtypein || sigtypeout)
     471        System.arraycopy(destspk.getData(), 0, in, 0, spklen);
     472        DataHelper.toLong(in, spklen, 2, destspk.getType().getCode());
     473        DataHelper.toLong(in, spklen + 2, 2, SigType.RedDSA_SHA512_Ed25519.getCode());
     474        byte[] credential = hash(ctx, CREDENTIAL, in);
    468475        byte[] spk = _signingKey.getData();
    469476        byte[] tmp = new byte[credential.length + spk.length];
  • history.txt

    rbfafdd34 r10bae6a  
     12019-03-05 zzz
     2 * Data: Update Encrypted LS2 blinding and encryption
     3
     42019-03-04 zzz
     5 * Console: Fix NPEs displaying encrypted LS2
     6 * Data: Fix NPE in debug logging
     7 * I2CP, NetDB: More fixes for encrypted LS2 (proposal 123)
     8 * NetDB: Call fail callback when lookup is negative cached (thx zab)
     9
     102019-03-02 zzz
     11 * I2CP, NetDB: Fixes for encrypted LS2 (proposal 123)
     12
    1132019-03-01 zzz
    2   * Streaming: Fix sending messages with expired times (ticket #2451)
     14 * Streaming: Fix sending messages with expired times (ticket #2451)
    315
    4162019-02-28 zzz
    5   * Console:
    6     - Fix router logs not shown if first msg is a dup
    7     - Change fallback client names to use b32
     17 * Console:
     18   - Fix router logs not shown if first msg is a dup
     19   - Change fallback client names to use b32
    820
    9212019-02-26 zzz
  • router/java/src/net/i2p/router/RouterVersion.java

    rbfafdd34 r10bae6a  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 12;
     21    public final static long BUILD = 13;
    2222
    2323    /** for example "-test" */
Note: See TracChangeset for help on using the changeset viewer.