Examples with SessionKeyManager net.i2p.crypto.SessionKeyManager used on opensource projects

Example 1 with SessionKeyManager

use of net.i2p.crypto.SessionKeyManager in project i2p.i2p by i2p.

the class TestJob method sendTest.

private void sendTest(I2NPMessage m) {
    // garlic route that DeliveryStatusMessage to ourselves so the endpoints and gateways
    // can't tell its a test.  to simplify this, we encrypt it with a random key and tag,
    // remembering that key+tag so that we can decrypt it later.  this means we can do the
    // garlic encryption without any ElGamal (yay)
    PayloadGarlicConfig payload = new PayloadGarlicConfig();
    payload.setCertificate(Certificate.NULL_CERT);
    payload.setId(getContext().random().nextLong(I2NPMessage.MAX_ID_VALUE));
    payload.setPayload(m);
    payload.setRecipient(getContext().router().getRouterInfo());
    payload.setDeliveryInstructions(DeliveryInstructions.LOCAL);
    payload.setExpiration(m.getMessageExpiration());
    SessionKey encryptKey = getContext().keyGenerator().generateSessionKey();
    SessionTag encryptTag = new SessionTag(true);
    _encryptTag = encryptTag;
    SessionKey sentKey = new SessionKey();
    Set<SessionTag> sentTags = null;
    GarlicMessage msg = GarlicMessageBuilder.buildMessage(getContext(), payload, sentKey, sentTags, getContext().keyManager().getPublicKey(), encryptKey, encryptTag);
    if (msg == null) {
        // overloaded / unknown peers / etc
        scheduleRetest();
        return;
    }
    Set<SessionTag> encryptTags = new RemovableSingletonSet<SessionTag>(encryptTag);
    // Register the single tag with the appropriate SKM
    if (_cfg.isInbound() && !_pool.getSettings().isExploratory()) {
        SessionKeyManager skm = getContext().clientManager().getClientSessionKeyManager(_pool.getSettings().getDestination());
        if (skm != null)
            skm.tagsReceived(encryptKey, encryptTags);
    } else {
        getContext().sessionKeyManager().tagsReceived(encryptKey, encryptTags);
    }
    if (_log.shouldLog(Log.DEBUG))
        _log.debug("Sending garlic test of " + _outTunnel + " / " + _replyTunnel);
    getContext().tunnelDispatcher().dispatchOutbound(msg, _outTunnel.getSendTunnelId(0), _replyTunnel.getReceiveTunnelId(0), _replyTunnel.getPeer(0));
}

Example 2 with SessionKeyManager

use of net.i2p.crypto.SessionKeyManager in project i2p.i2p by i2p.

the class GarlicMessageBuilder method needsTags.

/**
 *  @param local non-null; do not use this method for the router's SessionKeyManager
 *  @param minTagOverride 0 for no override, > 0 to override SKM's settings
 */
static boolean needsTags(RouterContext ctx, PublicKey key, Hash local, int minTagOverride) {
    SessionKeyManager skm = ctx.clientManager().getClientSessionKeyManager(local);
    if (skm == null)
        return true;
    SessionKey curKey = skm.getCurrentKey(key);
    if (curKey == null)
        return true;
    if (minTagOverride > 0)
        return skm.shouldSendTags(key, curKey, minTagOverride);
    return skm.shouldSendTags(key, curKey);
}

Example 3 with SessionKeyManager

use of net.i2p.crypto.SessionKeyManager in project i2p.i2p by i2p.

the class GarlicMessageReceiver method receive.

public void receive(GarlicMessage message) {
    PrivateKey decryptionKey;
    SessionKeyManager skm;
    if (_clientDestination != null) {
        LeaseSetKeys keys = _context.keyManager().getKeys(_clientDestination);
        skm = _context.clientManager().getClientSessionKeyManager(_clientDestination);
        if (keys != null && skm != null) {
            decryptionKey = keys.getDecryptionKey();
        } else {
            if (_log.shouldLog(Log.WARN))
                _log.warn("Not trying to decrypt a garlic routed message to a disconnected client");
            return;
        }
    } else {
        decryptionKey = _context.keyManager().getPrivateKey();
        skm = _context.sessionKeyManager();
    }
    CloveSet set = _context.garlicMessageParser().getGarlicCloves(message, decryptionKey, skm);
    if (set != null) {
        for (int i = 0; i < set.getCloveCount(); i++) {
            GarlicClove clove = set.getClove(i);
            handleClove(clove);
        }
    } else {
        if (_log.shouldLog(Log.WARN))
            _log.warn("CloveMessageParser failed to decrypt the message [" + message.getUniqueId() + "]", new Exception("Decrypt garlic failed"));
        _context.statManager().addRateData("crypto.garlic.decryptFail", 1);
        _context.messageHistory().messageProcessingError(message.getUniqueId(), message.getClass().getName(), "Garlic could not be decrypted");
    }
}

Example 4 with SessionKeyManager

use of net.i2p.crypto.SessionKeyManager in project i2p.i2p by i2p.

the class OutboundClientMessageJobHelper method createGarlicMessage.

/**
 * Build a garlic message that will be delivered to the router on which the target is located.
 * Inside the message are two cloves: one containing the payload with instructions for
 * delivery to the (now local) destination, and the other containing a DeliveryStatusMessage with
 * instructions for delivery to an inbound tunnel of this router.
 *
 * How the DeliveryStatusMessage is wrapped can vary - it can be simply sent to a tunnel (as above),
 * wrapped in a GarlicMessage and source routed a few hops before being tunneled, source routed the
 * entire way back, or not wrapped at all - in which case the payload clove contains a SourceRouteBlock
 * and a request for a reply.
 *
 * For now, its just a tunneled DeliveryStatusMessage
 *
 * Unused?
 *
 * @param wrappedKey output parameter that will be filled with the sessionKey used
 * @param wrappedTags output parameter that will be filled with the sessionTags used
 * @param bundledReplyLeaseSet if specified, the given LeaseSet will be packaged with the message (allowing
 *                             much faster replies, since their netDb search will return almost instantly)
 * @param replyTunnel non-null if requireAck is true or bundledReplyLeaseSet is non-null
 * @param requireAck if true, bundle replyToken in an ack clove
 * @return garlic, or null if no tunnels were found (or other errors)
 */
/**
 **
 *    static GarlicMessage createGarlicMessage(RouterContext ctx, long replyToken, long expiration, PublicKey recipientPK,
 *                                             Payload data, Hash from, Destination dest, TunnelInfo replyTunnel,
 *                                             SessionKey wrappedKey, Set<SessionTag> wrappedTags,
 *                                             boolean requireAck, LeaseSet bundledReplyLeaseSet) {
 *        PayloadGarlicConfig dataClove = buildDataClove(ctx, data, dest, expiration);
 *        return createGarlicMessage(ctx, replyToken, expiration, recipientPK, dataClove, from, dest, replyTunnel,
 *                                   0, 0, wrappedKey, wrappedTags, requireAck, bundledReplyLeaseSet);
 *    }
 ***
 */
/**
 * Allow the app to specify the data clove directly, which enables OutboundClientMessage to resend the
 * same payload (including expiration and unique id) in different garlics (down different tunnels)
 *
 * This is called from OCMOSJ
 *
 * @param tagsToSendOverride if &gt; 0, use this instead of skm's default
 * @param lowTagsOverride if &gt; 0, use this instead of skm's default
 * @param wrappedKey output parameter that will be filled with the sessionKey used
 * @param wrappedTags output parameter that will be filled with the sessionTags used
 * @param replyTunnel non-null if requireAck is true or bundledReplyLeaseSet is non-null
 * @param requireAck if true, bundle replyToken in an ack clove
 * @param bundledReplyLeaseSet may be null; if non-null, put it in a clove
 * @return garlic, or null if no tunnels were found (or other errors)
 */
static GarlicMessage createGarlicMessage(RouterContext ctx, long replyToken, long expiration, PublicKey recipientPK, PayloadGarlicConfig dataClove, Hash from, Destination dest, TunnelInfo replyTunnel, int tagsToSendOverride, int lowTagsOverride, SessionKey wrappedKey, Set<SessionTag> wrappedTags, boolean requireAck, LeaseSet bundledReplyLeaseSet) {
    SessionKeyManager skm = ctx.clientManager().getClientSessionKeyManager(from);
    if (skm == null)
        return null;
    GarlicConfig config = createGarlicConfig(ctx, replyToken, expiration, recipientPK, dataClove, from, dest, replyTunnel, requireAck, bundledReplyLeaseSet, skm);
    if (config == null)
        return null;
    // no use sending tags unless we have a reply token set up already
    int tagsToSend = replyToken >= 0 ? (tagsToSendOverride > 0 ? tagsToSendOverride : skm.getTagsToSend()) : 0;
    int lowThreshold = lowTagsOverride > 0 ? lowTagsOverride : skm.getLowThreshold();
    GarlicMessage msg = GarlicMessageBuilder.buildMessage(ctx, config, wrappedKey, wrappedTags, tagsToSend, lowThreshold, skm);
    return msg;
}

Example 5 with SessionKeyManager

use of net.i2p.crypto.SessionKeyManager in project i2p.i2p by i2p.

the class SessionEncryptionTest method testNoSessions1.

public void testNoSessions1() throws Exception {
    Object[] keys = KeyGenerator.getInstance().generatePKIKeypair();
    PublicKey pubKey = (PublicKey) keys[0];
    PrivateKey privKey = (PrivateKey) keys[1];
    SessionKeyManager skm = new TransientSessionKeyManager(_context);
    SessionKey curKey = skm.createSession(pubKey);
    byte[] msg = DataHelper.getASCII("msg 1");
    byte[] emsg = _context.elGamalAESEngine().encrypt(msg, pubKey, curKey, null, null, 64);
    byte[] dmsg = _context.elGamalAESEngine().decrypt(emsg, privKey, skm);
    assertTrue(DataHelper.eq(dmsg, msg));
}