Changeset 7d4acb62


Ignore:
Timestamp:
Apr 10, 2019 7:52:03 PM (15 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
9a72c4b
Parents:
cddace2
Message:

i2ptunnel: Display encrypted b32
Blinding: Allow secret flag without attached secret

Files:
4 edited

Legend:

Unmodified
Added
Removed
  • apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java

    rcddace2 r7d4acb62  
    2020import net.i2p.app.ClientAppManager;
    2121import net.i2p.app.Outproxy;
     22import net.i2p.crypto.Blinding;
    2223import net.i2p.data.Certificate;
    2324import net.i2p.data.DataHelper;
     
    553554        return "";
    554555    }
     556   
     557    /**
     558     *  Works even if tunnel is not running.
     559     *  @return "{56 chars}.b32.i2p" or "" if not blinded
     560     *  @since 0.9.40
     561     */
     562    public String getEncryptedBase32(int tunnel) {
     563        Destination d = getDestination(tunnel);
     564        if (d != null) {
     565            int mode = _helper.getEncryptMode(tunnel);
     566            if (mode > 1) {
     567                try {
     568                    String secret = _helper.getBlindedPassword(tunnel);
     569                    boolean requireSecret = secret != null && secret.length() > 0;
     570                    return Blinding.encode(_context, d.getSigningPublicKey(), requireSecret, false);
     571                } catch (RuntimeException re) {}
     572            }
     573        }
     574        return "";
     575    }
    555576
    556577    /**
  • apps/i2ptunnel/jsp/editServer.jsi

    rcddace2 r7d4acb62  
    506506                    if (curSigType == 7 || curSigType == 11) {
    507507                  %>
    508                 <span class="multiOption"><label title="<%=intl._t("Prevents snooping by floodfills")%>"><input value="2" type="radio" name="encryptMode"<%=(curEncryptMode.equals("2") ? " checked=\"checked\"" : "")%> class="tickbox" />
     508                <span class="multiOption"><label title="<%=intl._t("Prevents server discovery by floodfills")%>"><input value="2" type="radio" name="encryptMode"<%=(curEncryptMode.equals("2") ? " checked=\"checked\"" : "")%> class="tickbox" />
    509509                    <%=intl._t("Blinded")%></label></span>
    510510                <span class="multiOption"><label title="<%=intl._t("Only clients with the password will be able to connect")%>"><input value="3" type="radio" name="encryptMode"<%=(curEncryptMode.equals("3") ? " checked=\"checked\"" : "")%> class="tickbox" />
    511                     <%=intl._t("Blinded with password")%></label></span>
     511                    <%=intl._t("Blinded with lookup password")%></label></span>
    512512                  <%
    513513                     if (editBean.isAdvanced()) {
     
    517517                    <%=intl._t("Blinded with shared key")%></label></span>
    518518                <span class="multiOption"><label title="<%=intl._t("Only clients with the password and key will be able to connect")%>"><input value="5" type="radio" name="encryptMode"<%=(curEncryptMode.equals("5") ? " checked=\"checked\"" : "")%> class="tickbox" />
    519                     <%=intl._t("Blinded with shared key and password")%></label></span>
     519                    <%=intl._t("Blinded with lookup password and shared key")%></label></span>
    520520                <span class="multiOption"><label title="<%=intl._t("Only clients with the encryption key will be able to connect")%>"><input value="6" type="radio" name="encryptMode"<%=(curEncryptMode.equals("6") ? " checked=\"checked\"" : "")%> class="tickbox" />
    521521                    <%=intl._t("Blinded with per-user key")%></label></span>
    522522                <span class="multiOption"><label title="<%=intl._t("Only clients with the password and key will be able to connect")%>"><input value="7" type="radio" name="encryptMode"<%=(curEncryptMode.equals("7") ? " checked=\"checked\"" : "")%> class="tickbox" />
    523                     <%=intl._t("Blinded with shared password and per-user key")%></label></span>
     523                    <%=intl._t("Blinded with lookup password and per-user key")%></label></span>
    524524                <%
    525525                        } // isAdvanced()
     
    554554        <tr>
    555555            <td>
    556                 <b><%=intl._t("Blinded Password")%>:</b>
     556                <b><%=intl._t("Optional lookup password")%>:</b>
    557557                <input type="password" name="nofilter_blindedPassword" title="<%=intl._t("Set password required to access this service")%>" value="<%=editBean.getBlindedPassword(curTunnel)%>" class="freetext password" />
    558558            </td><td> </td>
  • apps/i2ptunnel/jsp/index.jsp

    rcddace2 r7d4acb62  
    198198    </tr>
    199199
     200    <%
     201            String encName = indexBean.getEncryptedBase32(curServer);
     202            if (encName != null && encName.length() > 0) {
     203      %>
     204    <tr>
     205        <td class="tunnelDestination" colspan="6">
     206            <span class="tunnelDestinationLabel"><b><%=intl._t("Encrypted")%>:</b></span>
     207            <%=encName%>
     208        </td>
     209    </tr>
     210    <%
     211            } // encName
     212      %>
     213
    200214    <tr>
    201215        <td class="tunnelDescription" colspan="6">
    202             <span class="tunnelDescriptionLabel"><b>Description:</b></span>
     216            <span class="tunnelDestinationLabel"><b><%=intl._t("Description")%>:</b></span>
    203217            <%=indexBean.getTunnelDescription(curServer)%>
    204218        </td>
     
    206220
    207221        <%
    208         }
     222        } // for loop
    209223      %>
    210224
  • core/java/src/net/i2p/crypto/Blinding.java

    rcddace2 r7d4acb62  
    3333    private static final String INFO = "i2pblinding1";
    3434    private static final byte[] INFO_ALPHA = DataHelper.getASCII("I2PGenerateAlpha");
     35
     36    private static final byte FLAG_TWOBYTE = 0x01;
     37    private static final byte FLAG_SECRET = 0x02;
     38    private static final byte FLAG_AUTH = 0x04;
    3539
    3640    // following copied from RouterKeyGenerator
     
    234238        if ((flag & 0xf8) != 0)
    235239            throw new IllegalArgumentException("Corrupt b32 or unsupported options");
    236         if ((flag & 0x01) != 0)
     240        if ((flag & FLAG_TWOBYTE) != 0)
    237241            throw new IllegalArgumentException("Two byte sig types unsupported");
    238         if ((flag & 0x04) != 0)
     242        if ((flag & FLAG_AUTH) != 0)
    239243            throw new IllegalArgumentException("Per-client auth unsupported");
    240244        // TODO two-byte sigtypes
     
    259263        SigningPublicKey spk = new SigningPublicKey(sigt1, spkData);
    260264        String secret;
    261         if ((flag & 0x02) != 0) {
    262             if (4 + spkLen > b.length)
    263                 throw new IllegalArgumentException("No secret data");
    264             int secLen = b[3 + spkLen] & 0xff;
    265             if (4 + spkLen + secLen != b.length)
    266                 throw new IllegalArgumentException("Bad b32 length");
    267             secret = DataHelper.getUTF8(b, 4 + spkLen, secLen);
     265        if ((flag & FLAG_SECRET) != 0) {
     266            if (4 + spkLen > b.length) {
     267                //throw new IllegalArgumentException("No secret data");
     268                secret = null;
     269            } else {
     270                int secLen = b[3 + spkLen] & 0xff;
     271                if (4 + spkLen + secLen != b.length)
     272                    throw new IllegalArgumentException("Bad b32 length");
     273                secret = DataHelper.getUTF8(b, 4 + spkLen, secLen);
     274            }
    268275        } else if (3 + spkLen != b.length) {
    269276            throw new IllegalArgumentException("b32 too long");
     
    279286     *  PRELIMINARY - Subject to change - see proposal 149
    280287     *
     288     *  @return (56 chars).b32.i2p
     289     *  @throws IllegalArgumentException on bad inputs
     290     *  @throws UnsupportedOperationException unless supported SigTypes
     291     *  @since 0.9.40
     292     */
     293    public static String encode(I2PAppContext ctx, SigningPublicKey key) throws RuntimeException {
     294        return encode(ctx, key, false, false, null);
     295    }
     296
     297    /**
     298     *  Encode a public key as a new-format b32 address.
     299     *  PRELIMINARY - Subject to change - see proposal 149
     300     *
     301     *  @return (56 chars).b32.i2p
     302     *  @throws IllegalArgumentException on bad inputs
     303     *  @throws UnsupportedOperationException unless supported SigTypes
     304     *  @since 0.9.40
     305     */
     306    public static String encode(I2PAppContext ctx, SigningPublicKey key,
     307                                boolean requireSecret, boolean requireAuth) throws RuntimeException {
     308        return encode(ctx, key, requireSecret, requireAuth, null);
     309    }
     310
     311    /**
     312     *  Encode a public key as a new-format b32 address.
     313     *  PRELIMINARY - Subject to change - see proposal 149
     314     *
    281315     *  @param secret may be empty or null
    282316     *  @return (56+ chars).b32.i2p
     
    285319     *  @since 0.9.40
    286320     */
    287     public static String encode(I2PAppContext ctx, SigningPublicKey key, String secret) throws RuntimeException {
     321    public static String encode(I2PAppContext ctx, SigningPublicKey key,
     322                                boolean requireSecret, boolean requireAuth,
     323                                String secret) throws RuntimeException {
    288324        SigType type = key.getType();
    289325        if (type != TYPE && type != TYPER)
     
    304340        long check = crc.getValue();
    305341        // TODO two-byte sigtypes
    306         if (slen > 0)
    307             b[0] = 0x02;
     342        if (slen > 0 || requireSecret)
     343            b[0] = FLAG_SECRET;
     344        if (requireAuth)
     345            b[0] |= FLAG_AUTH;
    308346        b[1] = (byte) (type.getCode() & 0xff);
    309347        b[2] = (byte) (TYPER.getCode() & 0xff);
Note: See TracChangeset for help on using the changeset viewer.