Changeset 973aab8 for core


Ignore:
Timestamp:
May 28, 2019 3:12:20 PM (10 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
a3fe746
Parents:
0c7c1945
Message:

Blinding:

  • Blinding only throws IAE
  • Remove context arg from encode()
  • Hook in new form args on /configkeyring
  • Show b33 on /configkeyring
  • Remove support for appended secret in b33
  • Persist cache immediately when storing secret or privkey
  • Fix i2ptunnel for std. ls2
  • Add auth/secret required flags to BlindData?

more to do

Location:
core/java/src/net/i2p
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/Blinding.java

    r0c7c1945 r973aab8  
    5454     *  @param alpha must be SigType RedDSA_SHA512_Ed25519
    5555     *  @return SigType RedDSA_SHA512_Ed25519
    56      *  @throws UnsupportedOperationException unless supported SigTypes
    57      *  @throws IllegalArgumentException on bad inputs
     56     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
    5857     */
    5958    public static SigningPublicKey blind(SigningPublicKey key, SigningPrivateKey alpha) {
     
    6160        if ((type != TYPE && type != TYPER) ||
    6261            alpha.getType() != TYPER)
    63             throw new UnsupportedOperationException();
     62            throw new IllegalArgumentException("Unsupported blinding from " + type + " to " + alpha.getType());
    6463        try {
    6564            EdDSAPublicKey jk = SigUtil.toJavaEdDSAKey(key);
     
    7877     *  @param alpha must be SigType RedDSA_SHA512_Ed25519
    7978     *  @return SigType RedDSA_SHA512_Ed25519
    80      *  @throws UnsupportedOperationException unless supported SigTypes
    81      *  @throws IllegalArgumentException on bad inputs
     79     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
    8280     */
    8381    public static SigningPrivateKey blind(SigningPrivateKey key, SigningPrivateKey alpha) {
     
    8583        if ((type != TYPE && type != TYPER) ||
    8684            alpha.getType() != TYPER)
    87             throw new UnsupportedOperationException();
     85            throw new IllegalArgumentException("Unsupported blinding from " + type + " to " + alpha.getType());
    8886        try {
    8987            EdDSAPrivateKey jk = SigUtil.toJavaEdDSAKey(key);
     
    102100     *  @param alpha must be SigType RedDSA_SHA512_Ed25519
    103101     *  @return SigType EdDSA_SHA512_Ed25519
    104      *  @throws UnsupportedOperationException unless supported SigTypes
    105      *  @throws IllegalArgumentException on bad inputs
     102     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
    106103     */
    107104    public static SigningPrivateKey unblind(SigningPrivateKey key, SigningPrivateKey alpha) {
    108105        if (key.getType() != TYPER || alpha.getType() != TYPER)
    109             throw new UnsupportedOperationException();
     106            throw new IllegalArgumentException("Unsupported blinding from " + key.getType() + " / " + alpha.getType());
    110107        try {
    111108            EdDSAPrivateKey bjk = SigUtil.toJavaEdDSAKey(key);
     
    125122     *  @param secret may be null or zero-length
    126123     *  @return SigType RedDSA_SHA512_Ed25519
    127      *  @throws UnsupportedOperationException unless supported SigTypes
    128      *  @throws IllegalArgumentException on bad inputs
     124     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
    129125     *  @since 0.9.39
    130126     */
     
    142138     *  @param now for what time?
    143139     *  @return SigType RedDSA_SHA512_Ed25519
    144      *  @throws UnsupportedOperationException unless supported SigTypes
    145      *  @throws IllegalArgumentException on bad inputs
     140     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
    146141     *  @since 0.9.39
    147142     */
    148143    public static SigningPrivateKey generateAlpha(I2PAppContext ctx, SigningPublicKey destspk,
    149144                                                  String secret, long now) {
     145        SigType type = destspk.getType();
     146        if (type != TYPE && type != TYPER)
     147            throw new IllegalArgumentException("Unsupported blinding from " + type);
    150148        String modVal;
    151149        synchronized(_fmt) {
     
    171169        System.arraycopy(INFO_ALPHA, 0, in, 0, INFO_ALPHA.length);
    172170        System.arraycopy(destspk.getData(), 0, in, INFO_ALPHA.length, destspk.length());
    173         DataHelper.toLong(in, stoff, 2, destspk.getType().getCode());
     171        DataHelper.toLong(in, stoff, 2, type.getCode());
    174172        DataHelper.toLong(in, stoff + 2, 2, TYPER.getCode());
    175173        Hash salt = ctx.sha().calculateHash(in);
     
    199197    /**
    200198     *  Decode a new-format b32 address.
    201      *  PRELIMINARY - Subject to change - see proposal 149
     199     *  See proposal 149.
    202200     *
    203201     *  @param address ending with ".b32.i2p"
    204      *  @throws IllegalArgumentException on bad inputs
    205      *  @throws UnsupportedOperationException unless supported SigTypes
    206      *  @since 0.9.40
    207      */
    208     public static BlindData decode(I2PAppContext ctx, String address) throws RuntimeException {
     202     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
     203     *  @since 0.9.40
     204     */
     205    public static BlindData decode(I2PAppContext ctx, String address) throws IllegalArgumentException {
    209206        address = address.toLowerCase(Locale.US);
    210207        if (!address.endsWith(".b32.i2p"))
     
    220217    /**
    221218     *  Decode a new-format b32 address.
    222      *  PRELIMINARY - Subject to change - see proposal 149
     219     *  See proposal 149.
     220     *  NOTE: Not for external use, use decode(String)
    223221     *
    224222     *  @param b 35+ bytes
    225223     *  @return BlindData structure, use getUnblindedPubKey() for the result
    226      *  @throws IllegalArgumentException on bad inputs
    227      *  @throws UnsupportedOperationException unless supported SigTypes
    228      *  @since 0.9.40
    229      */
    230     public static BlindData decode(I2PAppContext ctx, byte[] b) throws RuntimeException {
     224     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
     225     *  @since 0.9.40
     226     */
     227    public static BlindData decode(I2PAppContext ctx, byte[] b) throws IllegalArgumentException {
    231228        Checksum crc = new CRC32();
    232229        crc.update(b, 3, b.length - 3);
     
    240237        if ((flag & FLAG_TWOBYTE) != 0)
    241238            throw new IllegalArgumentException("Two byte sig types unsupported");
    242         if ((flag & FLAG_AUTH) != 0)
    243             throw new IllegalArgumentException("Per-client auth unsupported");
    244239        // TODO two-byte sigtypes
    245240        int st1 = b[1] & 0xff;
     
    262257        System.arraycopy(b, 3, spkData, 0, spkLen);
    263258        SigningPublicKey spk = new SigningPublicKey(sigt1, spkData);
    264         String secret;
    265         if ((flag & FLAG_SECRET) != 0) {
    266             if (4 + spkLen > b.length) {
    267                 //throw new IllegalArgumentException("No secret data");
    268                 secret = null;
    269             } else {
    270                 int secLen = b[3 + spkLen] & 0xff;
    271                 if (4 + spkLen + secLen != b.length)
    272                     throw new IllegalArgumentException("Bad b32 length");
    273                 secret = DataHelper.getUTF8(b, 4 + spkLen, secLen);
    274             }
    275         } else if (3 + spkLen != b.length) {
     259        if (3 + spkLen != b.length)
    276260            throw new IllegalArgumentException("b32 too long");
    277         } else {
    278             secret = null;
    279         }
    280         BlindData rv = new BlindData(ctx, spk, sigt2, secret);
     261        BlindData rv = new BlindData(ctx, spk, sigt2, null);
     262        if ((flag & FLAG_SECRET) != 0)
     263            rv.setSecretRequired();
     264        if ((flag & FLAG_AUTH) != 0)
     265            rv.setAuthRequired();
    281266        return rv;
    282267    }
     
    284269    /**
    285270     *  Encode a public key as a new-format b32 address.
    286      *  PRELIMINARY - Subject to change - see proposal 149
     271     *  See proposal 149.
    287272     *
    288273     *  @return (56 chars).b32.i2p
    289      *  @throws IllegalArgumentException on bad inputs
    290      *  @throws UnsupportedOperationException unless supported SigTypes
    291      *  @since 0.9.40
    292      */
    293     public static String encode(I2PAppContext ctx, SigningPublicKey key) throws RuntimeException {
    294         return encode(ctx, key, false, false, null);
     274     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
     275     *  @since 0.9.40
     276     */
     277    public static String encode(SigningPublicKey key) throws IllegalArgumentException {
     278        return encode(key, false, false);
    295279    }
    296280
    297281    /**
    298282     *  Encode a public key as a new-format b32 address.
    299      *  PRELIMINARY - Subject to change - see proposal 149
     283     *  See proposal 149.
    300284     *
    301285     *  @return (56 chars).b32.i2p
    302      *  @throws IllegalArgumentException on bad inputs
    303      *  @throws UnsupportedOperationException unless supported SigTypes
    304      *  @since 0.9.40
    305      */
    306     public static String encode(I2PAppContext ctx, SigningPublicKey key,
    307                                 boolean requireSecret, boolean requireAuth) throws RuntimeException {
    308         return encode(ctx, key, requireSecret, requireAuth, null);
    309     }
    310 
    311     /**
    312      *  Encode a public key as a new-format b32 address.
    313      *  PRELIMINARY - Subject to change - see proposal 149
    314      *
    315      *  @param secret may be empty or null
    316      *  @return (56+ chars).b32.i2p
    317      *  @throws IllegalArgumentException on bad inputs
    318      *  @throws UnsupportedOperationException unless supported SigTypes
    319      *  @since 0.9.40
    320      */
    321     public static String encode(I2PAppContext ctx, SigningPublicKey key,
    322                                 boolean requireSecret, boolean requireAuth,
    323                                 String secret) throws RuntimeException {
     286     *  @throws IllegalArgumentException on bad inputs or unsupported SigTypes
     287     *  @since 0.9.40
     288     */
     289    public static String encode(SigningPublicKey key,
     290                                boolean requireSecret, boolean requireAuth) throws IllegalArgumentException {
    324291        SigType type = key.getType();
    325292        if (type != TYPE && type != TYPER)
    326             throw new UnsupportedOperationException();
    327         byte sdata[] = (secret != null) ? DataHelper.getUTF8(secret) : null;
    328         int slen = (secret != null) ? 1 + sdata.length : 0;
    329         if (slen > 256)
    330             throw new IllegalArgumentException("secret too long");
     293            throw new IllegalArgumentException("Unsupported blinding from " + type);
    331294        byte[] d = key.getData();
    332         byte[] b = new byte[d.length + slen + 3];
     295        byte[] b = new byte[d.length + 3];
    333296        System.arraycopy(d, 0, b, 3, d.length);
    334         if (slen > 0) {
    335             b[3 + d.length] = (byte) sdata.length;
    336             System.arraycopy(sdata, 0, b, 4 + d.length, sdata.length);
    337         }
    338297        Checksum crc = new CRC32();
    339298        crc.update(b, 3, b.length - 3);
    340299        long check = crc.getValue();
    341300        // TODO two-byte sigtypes
    342         if (slen > 0 || requireSecret)
     301        if (requireSecret)
    343302            b[0] = FLAG_SECRET;
    344303        if (requireAuth)
     
    368327        SigningPrivateKey priv = (SigningPrivateKey) keys[1];
    369328        I2PAppContext ctx = I2PAppContext.getGlobalContext();
    370         //String b32 = encode(ctx, pub, null);
    371         String b32 = encode(ctx, pub, "foobarbaz");
     329        //String b32 = encode(pub, null);
     330        String b32 = encode(pub, "foobarbaz");
    372331        System.out.println("pub b32 is " + b32);
    373332        BlindData bd = decode(ctx, b32);
  • core/java/src/net/i2p/data/BlindData.java

    r0c7c1945 r973aab8  
    2424    private Destination _dest;
    2525    private long _routingKeyGenMod;
     26    private boolean _secretRequired;
     27    private boolean _authRequired;
    2628
    2729    /**
     
    4042     */
    4143    public static final int AUTH_PSK = 3;
     44    /**
     45     * Enabled, unspecified type
     46     * @since 0.9.41
     47     */
     48    public static final int AUTH_ON = 999;
    4249
    4350    /**
     
    8491        _authType = authType;
    8592        _authKey = authKey;
     93        if (secret != null)
     94            _secretRequired = true;
     95        if (authKey != null)
     96            _authRequired = true;
    8697        // defer until needed
    8798        //calculate();
     
    197208        _blindHash = _context.sha().calculateHash(hashData);
    198209    }
    199    
     210
     211    /**
     212     *  b33 format
     213     *  @since 0.9.41
     214     */
     215    public synchronized String toBase32() {
     216        return Blinding.encode(_clearSPK, _secret != null, _authKey != null);
     217    }
     218
     219    /**
     220     *  @since 0.9.41
     221     */
     222    public void setSecretRequired() {
     223        _secretRequired = true;
     224    }
     225
     226    /**
     227     *  @since 0.9.41
     228     */
     229    public boolean getSecretRequired() {
     230        return _secretRequired;
     231    }
     232
     233    /**
     234     *  @since 0.9.41
     235     */
     236    public void setAuthRequired() {
     237        _authRequired = true;
     238    }
     239
     240    /**
     241     *  @since 0.9.41
     242     */
     243    public boolean getAuthRequired() {
     244        return _authRequired;
     245    }
     246
    200247    @Override
    201248    public synchronized String toString() {
     
    220267        else
    221268            buf.append("\n\tDestination: unknown");
     269        buf.append("\n\tB32             : ").append(toBase32());
    222270        buf.append(']');
    223271        return buf.toString();
  • core/java/src/net/i2p/data/PrivateKeyFile.java

    r0c7c1945 r973aab8  
    770770                type == SigType.RedDSA_SHA512_Ed25519) {
    771771                I2PAppContext ctx = I2PAppContext.getGlobalContext();
    772                 s.append("\nBlinded B32: ").append(Blinding.encode(ctx, spk));
     772                s.append("\nBlinded B32: ").append(Blinding.encode(spk));
    773773            }
    774774        }
Note: See TracChangeset for help on using the changeset viewer.