diff --git a/core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java b/core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java
index 008837a1b2a1a8d6dcec2301f543be7758fac7e6..d950da78e75ea60792a160ca71217e47b6c877ec 100644
--- a/core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java
+++ b/core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java
@@ -65,6 +65,7 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
// LS 2
public static final String PROP_LS_TYPE = "i2cp.leaseSetType";
private static final String PROP_LS_ENCTYPE = "i2cp.leaseSetEncType";
+ private static final String PROP_SECRET = "i2cp.leaseSetSecret";
public RequestLeaseSetMessageHandler(I2PAppContext context) {
this(context, RequestLeaseSetMessage.MESSAGE_TYPE);
@@ -123,7 +124,11 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
if (_ls2Type == DatabaseEntry.KEY_TYPE_LS2) {
leaseSet = new LeaseSet2();
} else if (_ls2Type == DatabaseEntry.KEY_TYPE_ENCRYPTED_LS2) {
- leaseSet = new EncryptedLeaseSet();
+ EncryptedLeaseSet encls2 = new EncryptedLeaseSet();
+ String secret = session.getOptions().getProperty(PROP_SECRET);
+ if (secret != null)
+ encls2.setSecret(secret);
+ leaseSet = encls2;
} else if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) {
leaseSet = new MetaLeaseSet();
} else {
@@ -136,7 +141,7 @@ class RequestLeaseSetMessageHandler extends HandlerImpl {
} else {
leaseSet = new LeaseSet();
}
- // Full Meta and Encrypted support TODO
+ // Full Meta support TODO
for (int i = 0; i < msg.getEndpoints(); i++) {
Lease lease;
if (_ls2Type == DatabaseEntry.KEY_TYPE_META_LS2) {
diff --git a/core/java/src/net/i2p/data/EncryptedLeaseSet.java b/core/java/src/net/i2p/data/EncryptedLeaseSet.java
index e590d17cd5d4b1da43503701aef0eba0459863b0..2610edb8aab28c53183e4e6d53ed5e532358ca27 100644
--- a/core/java/src/net/i2p/data/EncryptedLeaseSet.java
+++ b/core/java/src/net/i2p/data/EncryptedLeaseSet.java
@@ -22,6 +22,8 @@ import net.i2p.util.Log;
*
* PRELIMINARY - Subject to change - see proposal 123
*
+ * Per-client auth TODO
+ *
* @since 0.9.38
*/
public class EncryptedLeaseSet extends LeaseSet2 {
@@ -31,6 +33,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
private LeaseSet2 _decryptedLS2;
private Hash __calculatedHash;
private SigningPrivateKey _alpha;
+ private String _secret;
private final Log _log;
private static final int MIN_ENCRYPTED_SIZE = 8 + 16;
@@ -56,6 +59,16 @@ public class EncryptedLeaseSet extends LeaseSet2 {
return _decryptedLS2;
}
+ /**
+ * Must be set before sign or verify.
+ *
+ * @param secret null or "" for none (default)
+ * @since 0.9.39
+ */
+ public void setSecret(String secret) {
+ _secret = secret;
+ }
+
///// overrides below here
@Override
@@ -84,6 +97,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
* @return null if not decrypted.
* @since 0.9.39
*/
+ @Override
public List<PublicKey> getEncryptionKeys() {
if (_decryptedLS2 != null)
return _decryptedLS2.getEncryptionKeys();
@@ -129,9 +143,9 @@ public class EncryptedLeaseSet extends LeaseSet2 {
SigningPublicKey spk = _destination.getSigningPublicKey();
I2PAppContext ctx = I2PAppContext.getGlobalContext();
if (_published <= 0)
- _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null);
+ _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), _secret);
else
- _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), null, _published);
+ _alpha = Blinding.generateAlpha(ctx, _destination.getSigningPublicKey(), _secret, _published);
SigningPublicKey rv = Blinding.blind(spk, _alpha);
if (_log.shouldDebug())
_log.debug("Blind:" +
@@ -680,6 +694,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
net.i2p.crypto.KeyPair encKeys2 = net.i2p.crypto.KeyGenerator.getInstance().generatePKIKeys(net.i2p.crypto.EncType.ECIES_X25519);
pubKey = encKeys2.getPublic();
ls2.addEncryptionKey(pubKey);
+ ls2.setSecret("foobar");
SigningPrivateKey spk = pkf.getSigningPrivKey();
if (offline) {
now += 365*24*60*60*1000L;
@@ -692,7 +707,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
} else {
ls2.sign(spk);
}
- System.out.println("Created: " + ls2);
+ System.out.println("\nCreated: " + ls2);
if (!ls2.verifySignature()) {
System.out.println("Verify FAILED");
return;
@@ -703,11 +718,11 @@ public class EncryptedLeaseSet extends LeaseSet2 {
ls2.writeBytes(out2);
out2.close();
java.io.ByteArrayInputStream in = new java.io.ByteArrayInputStream(out.toByteArray());
- System.out.println("Size calculated: " + (ls2.size() + ls2.getSignature().length()));
- System.out.println("Size to read in: " + in.available());
+ System.out.println("\nSize calculated: " + (ls2.size() + ls2.getSignature().length()));
+ System.out.println("\nSize to read in: " + in.available());
EncryptedLeaseSet ls3 = new EncryptedLeaseSet();
ls3.readBytes(in);
- System.out.println("Read back: " + ls3);
+ System.out.println("\nRead back: " + ls3);
// required to decrypt
ls3.setDestination(pkf.getDestination());
if (!ls3.verifySignature())
diff --git a/router/java/src/net/i2p/router/client/ClientMessageEventListener.java b/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
index d2a9340677345a5e3b9e29491f29ae6a31b6b5f1..9963bf5ff04cd094bf27144c60483827fab075e9 100644
--- a/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
+++ b/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
@@ -642,6 +642,11 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
_runner.disconnectClient("Duplicate hash of encrypted LS2");
return;
}
+ String secret = cfg.getOptions().getProperty("i2cp.leaseSetSecret");
+ if (secret != null) {
+ EncryptedLeaseSet encls = (EncryptedLeaseSet) ls;
+ encls.setSecret(secret);
+ }
}
if (_log.shouldDebug())
_log.debug("Publishing: " + ls);