Skip to content

Commit

Permalink
Merge branch 'i2p.i2p.2.4.0-single-blind-cache' of i2pgit.org:idk/i2p…
Browse files Browse the repository at this point in the history 
….i2p into i2p.i2p.2.4.0-test3
  • Loading branch information
eyedeekay committed Oct 12, 2023
2 parents 7d0c857 + 4a2cfb5 commit c59b9b5
Show file tree
Hide file tree
Showing 3 changed files with 109 additions and 98 deletions.
145 changes: 69 additions & 76 deletions apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,89 +89,82 @@ protected void processForm() {
addFormError(_t("Requires hostname, destination, or blinded Base32"));
return;
}
// from BlindCache
List<Hash> clientBase32s = _context.netDbSegmentor().lookupClientBySigningPublicKey(spk);
// TODO: This updates all of the blind data for all clients, turning the blind cache into a shared context for the owner of an encrypted leaseSet.
// This is probably not ideal, with some social-engineering a service operator who owns an encrypted destination could associate 2 tunnels.
// How realistic is it? Maybe not very, but I don't like it. Still, this is better than nothing.
for (Hash clientBase32 : clientBase32s) {
BlindData bdold = _context.clientNetDb(clientBase32).getBlindData(spk);
if (bdold != null && d == null)
d = bdold.getDestination();
if (d != null && _context.clientManager().isLocal(d)) {
// don't bother translating
addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager.");
return;
}
BlindData bdold = _context.netDb().getBlindData(spk);
if (bdold != null && d == null)
d = bdold.getDestination();
if (d != null && _context.clientManager().isLocal(d)) {
// don't bother translating
addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager.");
return;
}

SigType blindType;
if (bdin != null) {
blindType = bdin.getBlindedSigType();
} else if (bdold != null) {
blindType = bdold.getBlindedSigType();
} else {
blindType = Blinding.getDefaultBlindedType(spk.getType());
}
SigType blindType;
if (bdin != null) {
blindType = bdin.getBlindedSigType();
} else if (bdold != null) {
blindType = bdold.getBlindedSigType();
} else {
blindType = Blinding.getDefaultBlindedType(spk.getType());
}

int atype;
PrivateKey pk;
if (_mode == 4 || _mode == 5) {
atype = BlindData.AUTH_PSK;
// use supplied pk
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else if (_mode == 6 || _mode == 7) {
atype = BlindData.AUTH_DH;
// create new pk
b = new byte[32];
_context.random().nextBytes(b);
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else {
// modes 2 and 3
atype = BlindData.AUTH_NONE;
pk = null;
int atype;
PrivateKey pk;
if (_mode == 4 || _mode == 5) {
atype = BlindData.AUTH_PSK;
// use supplied pk
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else if (_mode == 6 || _mode == 7) {
atype = BlindData.AUTH_DH;
// create new pk
b = new byte[32];
_context.random().nextBytes(b);
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else {
// modes 2 and 3
atype = BlindData.AUTH_NONE;
pk = null;
}
if (_mode == 2 || _mode == 4 || _mode == 6)
_secret = null;
if (bdin != null) {
// more checks based on supplied b33
if (bdin.getSecretRequired() && _secret == null) {
addFormError(_t("Destination requires lookup password"));
return;
}
if (_mode == 2 || _mode == 4 || _mode == 6)
_secret = null;
if (bdin != null) {
// more checks based on supplied b33
if (bdin.getSecretRequired() && _secret == null) {
addFormError(_t("Destination requires lookup password"));
return;
}
if (!bdin.getSecretRequired() && _secret != null) {
addFormError(_t("Destination does not require lookup password"));
return;
}
if (bdin.getAuthRequired() && pk == null) {
addFormError(_t("Destination requires encryption key"));
return;
}
if (!bdin.getAuthRequired() && pk != null) {
addFormError(_t("Destination does not require encryption key"));
return;
}
if (!bdin.getSecretRequired() && _secret != null) {
addFormError(_t("Destination does not require lookup password"));
return;
}

// to BlindCache
BlindData bdout;
if (d != null) {
bdout = new BlindData(_context, d, blindType, _secret, atype, pk);
} else {
bdout = new BlindData(_context, spk, blindType, _secret, atype, pk);
if (bdin.getAuthRequired() && pk == null) {
addFormError(_t("Destination requires encryption key"));
return;
}
if (bdold != null) {
if (_log.shouldDebug())
_log.debug("already cached: " + bdold);
if (!bdin.getAuthRequired() && pk != null) {
addFormError(_t("Destination does not require encryption key"));
return;
}
try {
_context.clientNetDb(clientBase32).setBlindData(bdout);
addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32()));
if (_mode == 6 || _mode == 7) {
addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64());
}
} catch (IllegalArgumentException iae) {
addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage());
}

// to BlindCache
BlindData bdout;
if (d != null) {
bdout = new BlindData(_context, d, blindType, _secret, atype, pk);
} else {
bdout = new BlindData(_context, spk, blindType, _secret, atype, pk);
}
if (bdold != null) {
if (_log.shouldDebug())
_log.debug("already cached: " + bdold);
}
try {
_context.netDb().setBlindData(bdout);
addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32()));
if (_mode == 6 || _mode == 7) {
addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64());
}
} catch (IllegalArgumentException iae) {
addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage());
}
}
} else if (_action.equals(_t("Delete key")) && _revokes != null) {
Expand Down
2 changes: 1 addition & 1 deletion apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ private boolean render(StringBuilder buf, boolean local) {
}
// LS2
if (!local) {
List<BlindData> bdata = _context.netDbSegmentor().getLocalClientsBlindData();
List<BlindData> bdata = _context.netDb().getBlindData();
if (bdata.size() > 1)
Collections.sort(bdata, new BDComparator());
for (BlindData bd : bdata) {
Expand Down
60 changes: 39 additions & 21 deletions router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,12 +180,13 @@ public KademliaNetworkDatabaseFacade(RouterContext context, Hash dbid) {
_peerSelector = createPeerSelector();
_publishingLeaseSets = new HashMap<Hash, RepublishLeaseSetJob>(8);
_activeRequests = new HashMap<Hash, SearchJob>(8);
if (!isMainDb())
if (!isMainDb()) {
_reseedChecker = null;
else
_blindCache = null;
} else {
_reseedChecker = new ReseedChecker(context);
_blindCache = new BlindCache(context);

_blindCache = new BlindCache(context);
}
_localKey = null;
if (_log.shouldLog(Log.DEBUG))
_log.debug("Created KademliaNetworkDatabaseFacade for id: " + dbid);
Expand Down Expand Up @@ -223,6 +224,20 @@ public ReseedChecker reseedChecker() {
return _reseedChecker;
}

/**
* We still always use a single blind cache in the main Db(for now),
* see issue #421 on i2pgit.org/i2p-hackers/i2p.i2p for details.
* This checks if we're the main DB already and returns our blind
* cache if we are. If not, it looks up the main Db and gets it.
*
* @return
*/
protected BlindCache blindCache() {
if (isMainDb())
return _blindCache;
return _context.netDb().blindCache();
}

KBucketSet<Hash> getKBuckets() { return _kb; }
DataStore getDataStore() { return _ds; }

Expand Down Expand Up @@ -269,7 +284,8 @@ public synchronized void shutdown() {
_exploreKeys.clear();
if (_negativeCache != null)
_negativeCache.clear();
_blindCache.shutdown();
if (isMainDb())
blindCache().shutdown();
}

public synchronized void restart() {
Expand All @@ -280,7 +296,8 @@ public synchronized void restart() {
}
_ds.restart();
_exploreKeys.clear();
_blindCache.startup();
if (isMainDb())
blindCache().startup();

_initialized = true;

Expand Down Expand Up @@ -370,7 +387,8 @@ public synchronized void startup() {
throw new RuntimeException("Unable to initialize netdb storage", ioe);
}
_negativeCache = new NegativeLookupCache(_context);
_blindCache.startup();
if (isMainDb())
blindCache().startup();

createHandlers();

Expand Down Expand Up @@ -558,7 +576,7 @@ protected int getKBucketSetSize() {
*/
@Override
public BlindData getBlindData(SigningPublicKey spk) {
return _blindCache.getData(spk);
return blindCache().getData(spk);
}

/**
Expand All @@ -569,7 +587,7 @@ public BlindData getBlindData(SigningPublicKey spk) {
public void setBlindData(BlindData bd) {
if (_log.shouldWarn())
_log.warn("Adding to blind cache: " + bd);
_blindCache.addToCache(bd);
blindCache().addToCache(bd);
}

/**
Expand All @@ -578,7 +596,7 @@ public void setBlindData(BlindData bd) {
*/
@Override
public List<BlindData> getBlindData() {
return _blindCache.getData();
return blindCache().getData();
}

/**
Expand All @@ -589,7 +607,7 @@ public List<BlindData> getBlindData() {
*/
@Override
public boolean removeBlindData(SigningPublicKey spk) {
return _blindCache.removeBlindData(spk);
return blindCache().removeBlindData(spk);
}

/**
Expand All @@ -599,7 +617,7 @@ public boolean removeBlindData(SigningPublicKey spk) {
*/
@Override
public void routingKeyChanged() {
_blindCache.rollover();
blindCache().rollover();
if (_log.shouldInfo())
_log.info("UTC rollover, blind cache updated");
}
Expand All @@ -620,7 +638,7 @@ public DatabaseEntry lookupLocally(Hash key) {
if (ls.isCurrent(Router.CLOCK_FUDGE_FACTOR)) {
return rv;
} else {
key = _blindCache.getHash(key);
key = blindCache().getHash(key);
fail(key);
}
} else if (type == DatabaseEntry.KEY_TYPE_ROUTERINFO) {
Expand Down Expand Up @@ -676,7 +694,7 @@ public void lookupLeaseSet(Hash key, Job onFindJob, Job onFailedLookupJob,
} else {
//if (_log.shouldLog(Log.DEBUG))
// _log.debug("leaseSet not found locally, running search");
key = _blindCache.getHash(key);
key = blindCache().getHash(key);
search(key, onFindJob, onFailedLookupJob, timeoutMs, true, fromLocalDest);
}
//if (_log.shouldLog(Log.DEBUG))
Expand All @@ -693,7 +711,7 @@ public void lookupLeaseSet(Hash key, Job onFindJob, Job onFailedLookupJob,
*/
public void lookupLeaseSetRemotely(Hash key, Hash fromLocalDest) {
if (!_initialized) return;
key = _blindCache.getHash(key);
key = blindCache().getHash(key);
if (isNegativeCached(key))
return;
search(key, null, null, 20*1000, true, fromLocalDest);
Expand All @@ -710,7 +728,7 @@ public void lookupLeaseSetRemotely(Hash key, Hash fromLocalDest) {
public void lookupLeaseSetRemotely(Hash key, Job onFindJob, Job onFailedLookupJob,
long timeoutMs, Hash fromLocalDest) {
if (!_initialized) return;
key = _blindCache.getHash(key);
key = blindCache().getHash(key);
if (isNegativeCached(key))
return;
search(key, onFindJob, onFailedLookupJob, timeoutMs, true, fromLocalDest);
Expand All @@ -728,7 +746,7 @@ public LeaseSet lookupLeaseSetLocally(Hash key) {
if (ls.isCurrent(Router.CLOCK_FUDGE_FACTOR)) {
return ls;
} else {
key = _blindCache.getHash(key);
key = blindCache().getHash(key);
fail(key);
// this was an interesting key, so either refetch it or simply explore with it
_exploreKeys.add(key);
Expand Down Expand Up @@ -764,7 +782,7 @@ public void lookupDestination(Hash key, Job onFinishedJob, long timeoutMs, Hash
_log.info("Negative cached, not searching dest: " + key);
_context.jobQueue().addJob(onFinishedJob);
} else {
key = _blindCache.getHash(key);
key = blindCache().getHash(key);
search(key, onFinishedJob, onFinishedJob, timeoutMs, true, fromLocalDest);
}
}
Expand Down Expand Up @@ -1120,7 +1138,7 @@ public LeaseSet store(Hash key, LeaseSet leaseSet) throws IllegalArgumentExcepti
// set dest or key before validate() calls verifySignature() which
// will do the decryption
encls = (EncryptedLeaseSet) leaseSet;
BlindData bd = _blindCache.getReverseData(leaseSet.getSigningKey());
BlindData bd = blindCache().getReverseData(leaseSet.getSigningKey());
if (bd != null) {
if (_log.shouldWarn())
_log.warn("Found blind data for encls: " + bd);
Expand Down Expand Up @@ -1162,15 +1180,15 @@ public LeaseSet store(Hash key, LeaseSet leaseSet) throws IllegalArgumentExcepti
// recursion
Destination dest = decls.getDestination();
store(dest.getHash(), decls);
_blindCache.setBlinded(dest);
blindCache().setBlinded(dest);
}
} else if (type == DatabaseEntry.KEY_TYPE_LS2 || type == DatabaseEntry.KEY_TYPE_META_LS2) {
// if it came in via garlic
LeaseSet2 ls2 = (LeaseSet2) leaseSet;
if (ls2.isBlindedWhenPublished()) {
Destination dest = leaseSet.getDestination();
if (dest != null)
_blindCache.setBlinded(dest, null, null);
blindCache().setBlinded(dest, null, null);
}
}

Expand Down

0 comments on commit c59b9b5

Please sign in to comment.