Changeset 7d4acb62

Timestamp:

Apr 10, 2019 7:52:03 PM (2 years ago)

Author:

zzz <zzz@…>

Branches:

master

Children:

9a72c4b

Parents:

cddace2

Message:

i2ptunnel: Display encrypted b32
Blinding: Allow secret flag without attached secret

Files:

• apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java (modified) (2 diffs)
• apps/i2ptunnel/jsp/editServer.jsi (modified) (3 diffs)
• apps/i2ptunnel/jsp/index.jsp (modified) (2 diffs)
• core/java/src/net/i2p/crypto/Blinding.java (modified) (6 diffs)

apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java

@@ -20 +20 @@
 import net.i2p.app.ClientAppManager;
 import net.i2p.app.Outproxy;
+import net.i2p.crypto.Blinding;
 import net.i2p.data.Certificate;
 import net.i2p.data.DataHelper;
@@ -553 +554 @@
         return "";
     }
+    
+    /**
+     *  Works even if tunnel is not running.
+     *  @return "{56 chars}.b32.i2p" or "" if not blinded
+     *  @since 0.9.40
+     */
+    public String getEncryptedBase32(int tunnel) {
+        Destination d = getDestination(tunnel);
+        if (d != null) {
+            int mode = _helper.getEncryptMode(tunnel);
+            if (mode > 1) {
+                try {
+                    String secret = _helper.getBlindedPassword(tunnel);
+                    boolean requireSecret = secret != null && secret.length() > 0;
+                    return Blinding.encode(_context, d.getSigningPublicKey(), requireSecret, false);
+                } catch (RuntimeException re) {}
+            }
+        }
+        return "";
+    }
 
     /**

apps/i2ptunnel/jsp/editServer.jsi

@@ -506 +506 @@
                     if (curSigType == 7 || curSigType == 11) {
                   %>
-                <span class="multiOption"><label title="<%=intl._t("Prevents snooping by floodfills")%>"><input value="2" type="radio" name="encryptMode"<%=(curEncryptMode.equals("2") ? " checked=\"checked\"" : "")%> class="tickbox" />
+                <span class="multiOption"><label title="<%=intl._t("Prevents server discovery by floodfills")%>"><input value="2" type="radio" name="encryptMode"<%=(curEncryptMode.equals("2") ? " checked=\"checked\"" : "")%> class="tickbox" />
                     <%=intl._t("Blinded")%></label></span>
                 <span class="multiOption"><label title="<%=intl._t("Only clients with the password will be able to connect")%>"><input value="3" type="radio" name="encryptMode"<%=(curEncryptMode.equals("3") ? " checked=\"checked\"" : "")%> class="tickbox" />
-                    <%=intl._t("Blinded with password")%></label></span>
+                    <%=intl._t("Blinded with lookup password")%></label></span>
                   <%
                      if (editBean.isAdvanced()) {
@@ -517 +517 @@
                     <%=intl._t("Blinded with shared key")%></label></span>
                 <span class="multiOption"><label title="<%=intl._t("Only clients with the password and key will be able to connect")%>"><input value="5" type="radio" name="encryptMode"<%=(curEncryptMode.equals("5") ? " checked=\"checked\"" : "")%> class="tickbox" />
-                    <%=intl._t("Blinded with shared key and password")%></label></span>
+                    <%=intl._t("Blinded with lookup password and shared key")%></label></span>
                 <span class="multiOption"><label title="<%=intl._t("Only clients with the encryption key will be able to connect")%>"><input value="6" type="radio" name="encryptMode"<%=(curEncryptMode.equals("6") ? " checked=\"checked\"" : "")%> class="tickbox" />
                     <%=intl._t("Blinded with per-user key")%></label></span>
                 <span class="multiOption"><label title="<%=intl._t("Only clients with the password and key will be able to connect")%>"><input value="7" type="radio" name="encryptMode"<%=(curEncryptMode.equals("7") ? " checked=\"checked\"" : "")%> class="tickbox" />
-                    <%=intl._t("Blinded with shared password and per-user key")%></label></span>
+                    <%=intl._t("Blinded with lookup password and per-user key")%></label></span>
                 <%
                         } // isAdvanced()
@@ -554 +554 @@
         <tr>
             <td>
-                <b><%=intl._t("Blinded Password")%>:</b>
+                <b><%=intl._t("Optional lookup password")%>:</b>
                 <input type="password" name="nofilter_blindedPassword" title="<%=intl._t("Set password required to access this service")%>" value="<%=editBean.getBlindedPassword(curTunnel)%>" class="freetext password" />
             </td><td> </td>

apps/i2ptunnel/jsp/index.jsp

@@ -198 +198 @@
     </tr>
 
+    <%
+            String encName = indexBean.getEncryptedBase32(curServer);
+            if (encName != null && encName.length() > 0) {
+      %>
+    <tr>
+        <td class="tunnelDestination" colspan="6">
+            <span class="tunnelDestinationLabel"><b><%=intl._t("Encrypted")%>:</b></span>
+            <%=encName%>
+        </td>
+    </tr>
+    <%
+            } // encName
+      %>
+
     <tr>
         <td class="tunnelDescription" colspan="6">
-            <span class="tunnelDescriptionLabel"><b>Description:</b></span>
+            <span class="tunnelDestinationLabel"><b><%=intl._t("Description")%>:</b></span>
             <%=indexBean.getTunnelDescription(curServer)%>
         </td>
@@ -206 +220 @@
 
         <%
-        }
+        } // for loop
       %>
 

core/java/src/net/i2p/crypto/Blinding.java

@@ -33 +33 @@
     private static final String INFO = "i2pblinding1";
     private static final byte[] INFO_ALPHA = DataHelper.getASCII("I2PGenerateAlpha");
+
+    private static final byte FLAG_TWOBYTE = 0x01;
+    private static final byte FLAG_SECRET = 0x02;
+    private static final byte FLAG_AUTH = 0x04;
 
     // following copied from RouterKeyGenerator
@@ -234 +238 @@
         if ((flag & 0xf8) != 0)
             throw new IllegalArgumentException("Corrupt b32 or unsupported options");
-        if ((flag & 0x01) != 0)
+        if ((flag & FLAG_TWOBYTE) != 0)
             throw new IllegalArgumentException("Two byte sig types unsupported");
-        if ((flag & 0x04) != 0)
+        if ((flag & FLAG_AUTH) != 0)
             throw new IllegalArgumentException("Per-client auth unsupported");
         // TODO two-byte sigtypes
@@ -259 +263 @@
         SigningPublicKey spk = new SigningPublicKey(sigt1, spkData);
         String secret;
-        if ((flag & 0x02) != 0) {
-            if (4 + spkLen > b.length)
-                throw new IllegalArgumentException("No secret data");
-            int secLen = b[3 + spkLen] & 0xff;
-            if (4 + spkLen + secLen != b.length)
-                throw new IllegalArgumentException("Bad b32 length");
-            secret = DataHelper.getUTF8(b, 4 + spkLen, secLen);
+        if ((flag & FLAG_SECRET) != 0) {
+            if (4 + spkLen > b.length) {
+                //throw new IllegalArgumentException("No secret data");
+                secret = null;
+            } else {
+                int secLen = b[3 + spkLen] & 0xff;
+                if (4 + spkLen + secLen != b.length)
+                    throw new IllegalArgumentException("Bad b32 length");
+                secret = DataHelper.getUTF8(b, 4 + spkLen, secLen);
+            }
         } else if (3 + spkLen != b.length) {
             throw new IllegalArgumentException("b32 too long");
@@ -279 +286 @@
      *  PRELIMINARY - Subject to change - see proposal 149
      *
+     *  @return (56 chars).b32.i2p
+     *  @throws IllegalArgumentException on bad inputs
+     *  @throws UnsupportedOperationException unless supported SigTypes
+     *  @since 0.9.40
+     */
+    public static String encode(I2PAppContext ctx, SigningPublicKey key) throws RuntimeException {
+        return encode(ctx, key, false, false, null);
+    }
+
+    /**
+     *  Encode a public key as a new-format b32 address.
+     *  PRELIMINARY - Subject to change - see proposal 149
+     *
+     *  @return (56 chars).b32.i2p
+     *  @throws IllegalArgumentException on bad inputs
+     *  @throws UnsupportedOperationException unless supported SigTypes
+     *  @since 0.9.40
+     */
+    public static String encode(I2PAppContext ctx, SigningPublicKey key,
+                                boolean requireSecret, boolean requireAuth) throws RuntimeException {
+        return encode(ctx, key, requireSecret, requireAuth, null);
+    }
+
+    /**
+     *  Encode a public key as a new-format b32 address.
+     *  PRELIMINARY - Subject to change - see proposal 149
+     *
      *  @param secret may be empty or null
      *  @return (56+ chars).b32.i2p
@@ -285 +319 @@
      *  @since 0.9.40
      */
-    public static String encode(I2PAppContext ctx, SigningPublicKey key, String secret) throws RuntimeException {
+    public static String encode(I2PAppContext ctx, SigningPublicKey key,
+                                boolean requireSecret, boolean requireAuth,
+                                String secret) throws RuntimeException {
         SigType type = key.getType();
         if (type != TYPE && type != TYPER)
@@ -304 +340 @@
         long check = crc.getValue();
         // TODO two-byte sigtypes
-        if (slen > 0)
-            b[0] = 0x02;
+        if (slen > 0 || requireSecret)
+            b[0] = FLAG_SECRET;
+        if (requireAuth)
+            b[0] |= FLAG_AUTH;
         b[1] = (byte) (type.getCode() & 0xff);
         b[2] = (byte) (TYPER.getCode() & 0xff);