diff --git a/Makefile b/Makefile index aa7dba3..8e99fbb 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ NAME = i2p-tools -DOCKER_IMAGE = martin61/$(NAME) +DOCKER_IMAGE = MDrollette/$(NAME) all: build diff --git a/cmd/reseed.go b/cmd/reseed.go index fcfac59..c328139 100644 --- a/cmd/reseed.go +++ b/cmd/reseed.go @@ -7,7 +7,7 @@ import ( "runtime" "time" - "github.com/martin61/i2p-tools/reseed" + "github.com/MDrollette/i2p-tools/reseed" "github.com/codegangsta/cli" ) diff --git a/cmd/utils.go b/cmd/utils.go index 7ce4307..ac0ebad 100644 --- a/cmd/utils.go +++ b/cmd/utils.go @@ -2,22 +2,22 @@ package cmd import ( "bufio" + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/x509" - "crypto/elliptic" - "crypto/ecdsa" + "crypto/x509/pkix" "encoding/asn1" "encoding/pem" - "fmt" + "fmt"ss "io/ioutil" "os" "strings" "time" - "crypto/x509/pkix" - "github.com/martin61/i2p-tools/reseed" - "github.com/martin61/i2p-tools/su3" + "github.com/MDrollette/i2p-tools/reseed" + "github.com/MDrollette/i2p-tools/su3" ) func loadPrivateKey(path string) (*rsa.PrivateKey, error) { @@ -123,7 +123,6 @@ func createSigningCertificate(signerId string) error { keyOut.Close() fmt.Println("\tSigning private key saved to:", privFile) - // CRL crlFile := signerFile(signerId) + ".crl" crlOut, err := os.OpenFile(crlFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) @@ -131,9 +130,9 @@ func createSigningCertificate(signerId string) error { return fmt.Errorf("failed to open %s for writing: %s", crlFile, err) } crlcert, err := x509.ParseCertificate(signerCert) - if err != nil { - return fmt.Errorf("Certificate with unknown critical extension was not parsed: %s", err) - } + if err != nil { + return fmt.Errorf("Certificate with unknown critical extension was not parsed: %s", err) + } now := time.Now() revokedCerts := []pkix.RevokedCertificate{ @@ -155,13 +154,12 @@ func createSigningCertificate(signerId string) error { crlOut.Close() fmt.Printf("\tSigning CRL saved to: %s\n", crlFile) - return nil } func createTLSCertificate(host string) error { fmt.Println("Generating TLS keys. This may take a minute...") -// priv, err := rsa.GenerateKey(rand.Reader, 4096) + // priv, err := rsa.GenerateKey(rand.Reader, 4096) priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) if err != nil { return err @@ -187,8 +185,7 @@ func createTLSCertificate(host string) error { if err != nil { return fmt.Errorf("failed to open %s for writing: %s\n", privFile, err) } -// pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) - secp384r1, err := asn1.Marshal(asn1.ObjectIdentifier{1, 3, 132, 0, 34}) // http://www.ietf.org/rfc/rfc5480.txt + secp384r1, err := asn1.Marshal(asn1.ObjectIdentifier{1, 3, 132, 0, 34}) // http://www.ietf.org/rfc/rfc5480.txt pem.Encode(keyOut, &pem.Block{Type: "EC PARAMETERS", Bytes: secp384r1}) ecder, err := x509.MarshalECPrivateKey(priv) pem.Encode(keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: ecder}) @@ -197,7 +194,6 @@ func createTLSCertificate(host string) error { keyOut.Close() fmt.Printf("\tTLS private key saved to: %s\n", privFile) - // CRL crlFile := host + ".crl" crlOut, err := os.OpenFile(crlFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) @@ -205,9 +201,9 @@ func createTLSCertificate(host string) error { return fmt.Errorf("failed to open %s for writing: %s", crlFile, err) } crlcert, err := x509.ParseCertificate(tlsCert) - if err != nil { - return fmt.Errorf("Certificate with unknown critical extension was not parsed: %s", err) - } + if err != nil { + return fmt.Errorf("Certificate with unknown critical extension was not parsed: %s", err) + } now := time.Now() revokedCerts := []pkix.RevokedCertificate{ @@ -229,6 +225,5 @@ func createTLSCertificate(host string) error { crlOut.Close() fmt.Printf("\tTLS CRL saved to: %s\n", crlFile) - return nil } diff --git a/cmd/verify.go b/cmd/verify.go index e028326..fe3e55e 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -4,8 +4,8 @@ import ( "fmt" "io/ioutil" - "github.com/martin61/i2p-tools/reseed" - "github.com/martin61/i2p-tools/su3" + "github.com/MDrollette/i2p-tools/reseed" + "github.com/MDrollette/i2p-tools/su3" "github.com/codegangsta/cli" ) diff --git a/history.txt b/history.txt deleted file mode 100644 index 78c4d9c..0000000 --- a/history.txt +++ /dev/null @@ -1,30 +0,0 @@ -2016-12-21 - * deactivating previous random time delta, makes only sense when patching ri too - * app.Version = "0.1.6" - -2016-10-09 - * seed the math random generator with time.Now().UnixNano() - * added 6h+6h random time delta at su3-age to increase anonymity - * app.Version = "0.1.5" - - -2016-05-15 - * README.md updated - * allowed routerInfos age increased from 96 to 192 hours - * app.Version = "0.1.4" - -2016-03-05 - * app.Version = "0.1.3" - * CRL creation added - -2016-01-31 - * allowed TLS ciphers updated (hardened) - * TLS certificate generation: RSA 4096 --> ECDSAWithSHA512 384bit secp384r1 - * ECDHE handshake: only CurveP384 + CurveP521, default CurveP256 removed - * TLS certificate valid: 2y --> 5y - * throttled.PerDay(4) --> PerHour(4), to enable limited testing - * su3 RebuildInterval: 24h --> 90h, higher anonymity for the running i2p-router - * numRi per su3 file: 75 --> 77 - -2016-01 - * fork from https://github.com/MDrollette/i2p-tools \ No newline at end of file diff --git a/main.go b/main.go index 6065f68..be67457 100644 --- a/main.go +++ b/main.go @@ -4,7 +4,7 @@ import ( "os" "runtime" - "github.com/martin61/i2p-tools/cmd" + "github.com/MDrollette/i2p-tools/cmd" "github.com/codegangsta/cli" ) @@ -14,10 +14,10 @@ func main() { app := cli.NewApp() app.Name = "i2p-tools" - app.Version = "0.1.6" + app.Version = "0.1.7" app.Usage = "I2P tools and reseed server" - app.Author = "martin61" - app.Email = "noemail" + app.Author = "MDrollette" + app.Email = "matt@rows.io" app.Flags = []cli.Flag{} app.Commands = []cli.Command{ cmd.NewReseedCommand(), diff --git a/reseed/server.go b/reseed/server.go index 36ab460..dc75193 100644 --- a/reseed/server.go +++ b/reseed/server.go @@ -10,10 +10,10 @@ import ( "os" "strconv" - "gopkg.in/throttled/throttled.v2" - "gopkg.in/throttled/throttled.v2/store" "github.com/gorilla/handlers" "github.com/justinas/alice" + "gopkg.in/throttled/throttled.v2" + "gopkg.in/throttled/throttled.v2/store" ) const ( @@ -82,12 +82,11 @@ func NewServer(prefix string, trustProxy bool) *Server { tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, }, - CurvePreferences: []tls.CurveID{tls.CurveP384, tls.CurveP521}, // default CurveP256 removed + CurvePreferences: []tls.CurveID{tls.CurveP384, tls.CurveP521}, // default CurveP256 removed } h := &http.Server{TLSConfig: config} server := Server{Server: h, Reseeder: nil} -// th := throttled.RateLimit(throttled.PerDay(4), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000)) th := throttled.RateLimit(throttled.PerHour(4), &throttled.VaryBy{RemoteAddr: true}, store.NewMemStore(200000)) middlewareChain := alice.New() diff --git a/reseed/service.go b/reseed/service.go index c018de8..6b13ed0 100644 --- a/reseed/service.go +++ b/reseed/service.go @@ -15,7 +15,7 @@ import ( "sync" "time" - "github.com/martin61/i2p-tools/su3" + "github.com/MDrollette/i2p-tools/su3" ) type routerInfo struct { @@ -265,15 +265,9 @@ func (db *LocalNetDbImpl) RouterInfos() (routerInfos []routerInfo, err error) { continue } - // added 6h+6h random time delta to increase Anonymity - //rr := rand.New(rand.NewSource(time.Now().UnixNano())) - //now := file.ModTime() - //then := now.Add(-1 * time.Duration(rr.Intn(60*60*6) + 60*60*6) * time.Second) - routerInfos = append(routerInfos, routerInfo{ Name: file.Name(), ModTime: file.ModTime(), - //ModTime: then, Data: riBytes, }) } diff --git a/reseed/utils.go b/reseed/utils.go index 28468a2..dac32bf 100644 --- a/reseed/utils.go +++ b/reseed/utils.go @@ -1,9 +1,8 @@ package reseed import ( - "crypto/rand" -// "crypto/rsa" "crypto/ecdsa" + "crypto/rand" "crypto/x509" "crypto/x509/pkix" "encoding/pem" @@ -34,7 +33,6 @@ func SignerFilename(signer string) string { return strings.Replace(signer, "@", "_at_", 1) + ".crt" } -//func NewTLSCertificate(host string, priv *rsa.PrivateKey) ([]byte, error) { func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) { notBefore := time.Now() notAfter := notBefore.Add(5 * 365 * 24 * time.Hour) @@ -57,7 +55,6 @@ func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) { }, NotBefore: notBefore, NotAfter: notAfter, -// SignatureAlgorithm: x509.SHA256WithRSA, SignatureAlgorithm: x509.ECDSAWithSHA512, KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, diff --git a/su3/su3.go b/su3/su3.go index a05f61f..b059716 100644 --- a/su3/su3.go +++ b/su3/su3.go @@ -3,8 +3,7 @@ package su3 import ( "bytes" "crypto" - crypto_rand "crypto/rand" - //math_rand "math/rand" + "crypto/rand" "crypto/rsa" "crypto/x509" "encoding/binary" @@ -54,13 +53,7 @@ type Su3File struct { } func NewSu3File() *Su3File { - - // added 6h random time delta to increase Anonymity - //rr := math_rand.New(math_rand.NewSource(time.Now().UnixNano())) - //now := time.Now().Unix() - rr.Int63n(60*60*6) - return &Su3File{ - //Version: []byte(strconv.FormatInt(now, 10)), Version: []byte(strconv.FormatInt(time.Now().Unix(), 10)), SignatureType: SIGTYPE_RSA_SHA512, } @@ -85,7 +78,7 @@ func (s *Su3File) Sign(privkey *rsa.PrivateKey) error { h.Write(s.BodyBytes()) digest := h.Sum(nil) - sig, err := rsa.SignPKCS1v15(crypto_rand.Reader, privkey, 0, digest) + sig, err := rsa.SignPKCS1v15(rand.Reader, privkey, 0, digest) if nil != err { return err }