diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbRenderer.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbRenderer.java
index ac8fd4fb7f7ab7f4c8f1e422e612675dd1215474..c2653c7e862b03310058e06206912441bc71504d 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbRenderer.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbRenderer.java
@@ -934,7 +934,9 @@ class NetDbRenderer {
}
if (full) {
buf.append("</td></tr><tr><td><b>").append(_t("Signing Key")).append(":</b></td><td colspan=\"2\">")
- .append(info.getIdentity().getSigningPublicKey().getType().toString());
+ .append(info.getIdentity().getSigningPublicKey().getType());
+ buf.append("</td></tr><tr><td><b>").append(_t("Encryption Key")).append(":</b></td><td colspan=\"2\">")
+ .append(info.getIdentity().getPublicKey().getType());
}
buf.append("</td></tr>\n<tr>")
.append("<td><b>").append(_t("Addresses")).append(":</b></td><td colspan=\"2\"");
diff --git a/router/java/src/net/i2p/data/router/RouterPrivateKeyFile.java b/router/java/src/net/i2p/data/router/RouterPrivateKeyFile.java
index 2f466ca055d80a18a42cbc5ae7ca2bc7acdaa7e8..9c1363f01cf12e7a4108794c451afcbba674bbaf 100644
--- a/router/java/src/net/i2p/data/router/RouterPrivateKeyFile.java
+++ b/router/java/src/net/i2p/data/router/RouterPrivateKeyFile.java
@@ -7,6 +7,7 @@ import java.io.FileInputStream;
import java.io.InputStream;
import java.io.IOException;
+import net.i2p.crypto.EncType;
import net.i2p.crypto.SigType;
import net.i2p.data.DataFormatException;
import net.i2p.data.Destination;
@@ -36,7 +37,10 @@ public class RouterPrivateKeyFile extends PrivateKeyFile {
in = new BufferedInputStream(new FileInputStream(this.file));
RouterIdentity ri = new RouterIdentity();
ri.readBytes(in);
- privKey = new PrivateKey();
+ EncType etype = ri.getPublicKey().getType();
+ if (etype == null)
+ throw new DataFormatException("Unknown enc type");
+ privKey = new PrivateKey(etype);
privKey.readBytes(in);
SigType type = ri.getSigningPublicKey().getType();
if (type == null)
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java
index 4396eeedd878a1770e8b81c1bee9e771a763a315..fbf68fb2f6f1cb8f541703e0c573625d735c09a3 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java
@@ -2,6 +2,7 @@ package net.i2p.router.networkdb.kademlia;
import java.util.List;
+import net.i2p.crypto.EncType;
import net.i2p.crypto.SigType;
import net.i2p.data.Hash;
import net.i2p.data.router.RouterAddress;
@@ -139,6 +140,11 @@ class FloodfillMonitorJob extends JobImpl {
RouterInfo ri = getContext().router().getRouterInfo();
if (ri == null)
return false;
+
+ // temp until router ratchet SKM implemented
+ if (ri.getIdentity().getPublicKey().getType() != EncType.ELGAMAL_2048)
+ return false;
+
char bw = ri.getBandwidthTier().charAt(0);
// Only if class N, O, P, X
if (bw != Router.CAPABILITY_BW128 && bw != Router.CAPABILITY_BW256 &&
diff --git a/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java b/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java
index 9c060a99f7c65fa96fb6bc28064c36b52098cb45..61bfdfa2c9241e9364f9826274600e634cf6d9b4 100644
--- a/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java
+++ b/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java
@@ -56,6 +56,8 @@ public class CreateRouterInfoJob extends JobImpl {
public static final String KEYS_FILENAME = "router.keys";
public static final String KEYS2_FILENAME = "router.keys.dat";
static final String PROP_ROUTER_SIGTYPE = "router.sigType";
+ /** @since 0.9.48 */
+ static final String PROP_ROUTER_ENCTYPE = "router.encType";
private static final SigType DEFAULT_SIGTYPE = SigType.EdDSA_SHA512_Ed25519;
private static final EncType DEFAULT_ENCTYPE = EncType.ELGAMAL_2048;
@@ -106,8 +108,7 @@ public class CreateRouterInfoJob extends JobImpl {
// not necessary, in constructor
//info.setPeers(new HashSet());
info.setPublished(getCurrentPublishDate(ctx));
- // TODO
- EncType etype = DEFAULT_ENCTYPE;
+ EncType etype = getEncTypeConfig(ctx);
KeyPair keypair = ctx.keyGenerator().generatePKIKeys(etype);
PublicKey pubkey = keypair.getPublic();
PrivateKey privkey = keypair.getPrivate();
@@ -196,6 +197,24 @@ public class CreateRouterInfoJob extends JobImpl {
return cstype;
}
+ /**
+ * The configured EncType to expect on read-in
+ * @since 0.9.48
+ */
+ public static EncType getEncTypeConfig(RouterContext ctx) {
+ EncType cstype = DEFAULT_ENCTYPE;
+ String sstype = ctx.getProperty(PROP_ROUTER_ENCTYPE);
+ if (sstype != null) {
+ EncType ntype = EncType.parseEncType(sstype);
+ if (ntype != null)
+ cstype = ntype;
+ }
+ // fallback?
+ if (cstype != EncType.ELGAMAL_2048 && !cstype.isAvailable())
+ cstype = EncType.ELGAMAL_2048;
+ return cstype;
+ }
+
/**
* We probably don't want to expose the exact time at which a router published its info.
* perhaps round down to the nearest minute? 10 minutes? 30 minutes? day?
diff --git a/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java b/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java
index c2cbc2dda96617d1c491d2e389ae99137d7e5e6c..c2adebc12ce70f487cf93e69c09593b75acaf3f1 100644
--- a/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java
+++ b/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java
@@ -15,6 +15,7 @@ import java.io.InputStream;
import java.io.IOException;
import java.util.concurrent.atomic.AtomicBoolean;
+import net.i2p.crypto.EncType;
import net.i2p.crypto.KeyGenerator;
import net.i2p.crypto.SigType;
import net.i2p.data.Certificate;
@@ -115,22 +116,27 @@ class LoadRouterInfoJob extends JobImpl {
PrivateKey privkey = kd.privateKey;
SigningPrivateKey signingPrivKey = kd.signingPrivateKey;
SigType stype = signingPubKey.getType();
+ EncType etype = pubkey.getType();
- // check if the sigtype config changed
+ // check if the sigtype or enctype config changed
SigType cstype = CreateRouterInfoJob.getSigTypeConfig(getContext());
boolean sigTypeChanged = stype != cstype;
- if (sigTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_SIGTYPE) == null) {
+ EncType cetype = CreateRouterInfoJob.getEncTypeConfig(getContext());
+ boolean encTypeChanged = etype != cetype;
+ if ((sigTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_SIGTYPE) == null) ||
+ (encTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_ENCTYPE) == null)) {
// Not explicitly configured, and default has changed
// Give a 25% chance of rekeying for each restart
// TODO reduce to ~3 (i.e. increase probability) in future release
- if (getContext().random().nextInt(4) > 0) {
+ if (getContext().random().nextInt(16) > 0) {
sigTypeChanged = false;
+ encTypeChanged = false;
if (_log.shouldWarn())
_log.warn("Deferring RI rekey from " + stype + " to " + cstype);
}
}
- if (sigTypeChanged || shouldRebuild(privkey)) {
+ if (sigTypeChanged || encTypeChanged || shouldRebuild(privkey)) {
if (_us != null) {
Hash h = _us.getIdentity().getHash();
_log.logAlways(Log.WARN, "Deleting old router identity " + h.toBase64());
@@ -143,6 +149,8 @@ class LoadRouterInfoJob extends JobImpl {
}
if (sigTypeChanged)
_log.logAlways(Log.WARN, "Rebuilding RouterInfo with new signature type " + cstype);
+ if (encTypeChanged)
+ _log.logAlways(Log.WARN, "Rebuilding RouterInfo with new encryption type " + cetype);
// windows... close before deleting
if (fis1 != null) {
try { fis1.close(); } catch (IOException ioe) {}