| Package | Description |
|---|---|
| net.i2p.crypto |
Core cryptographic primitives and algorithms used throughout I2P.
|
| net.i2p.crypto.x25519 |
Implementation of X25519 elliptic curve Diffie-Hellman key exchange for I2P.
|
| net.i2p.data |
These classes define the common data structures used by the various I2P protocols.
|
| net.i2p.data.i2np |
This package defines the low-level messages sent between routers,
called Invisible Internet Network Protocol (I2NP).
|
| net.i2p.router |
The I2P router application handles I2P network communication.
|
| net.i2p.router.crypto |
Router-specific cryptographic operations and implementations for I2P security.
|
| net.i2p.router.crypto.ratchet |
Implementation of ECIES-X25519-AEAD-Ratchet cryptographic protocol
(I2P proposal 144), providing forward secrecy and enhanced security
for I2P transport communications.
|
| net.i2p.router.message |
Garlic message creation, parsing, and source routing for I2P communications.
|
| net.i2p.router.networkdb.kademlia |
Kademlia DHT implementation and floodfill router functionality for I2P.
|
| net.i2p.router.tunnel.pool |
Tunnel pool management, creation, and peer selection for I2P's anonymous routing system.
|
| Modifier and Type | Method and Description |
|---|---|
PublicKey |
KeyPair.getPublic() |
static PublicKey |
KeyGenerator.getPublicKey(PrivateKey priv)
Convert a PrivateKey to its corresponding PublicKey.
|
| Modifier and Type | Method and Description |
|---|---|
SessionTag |
SessionKeyManager.consumeNextAvailableTag(PublicKey target,
SessionKey key)
Retrieve the next available session tag for identifying the use of the given
key when communicating with the target.
|
SessionKey |
SessionKeyManager.createSession(PublicKey target)
Generate a new session key and associate it with the specified target.
|
void |
SessionKeyManager.createSession(PublicKey target,
SessionKey key)
Associate a new session key with the specified target.
|
byte[] |
ElGamalEngine.encrypt(byte[] data,
PublicKey publicKey)
Deprecated.
encrypt the data to the public key
|
void |
SessionKeyManager.failTags(PublicKey target)
Mark all of the tags delivered to the target up to this point as invalid, since the peer
has failed to respond when they should have.
|
void |
SessionKeyManager.failTags(PublicKey target,
SessionKey key,
TagSetHandle ts) |
int |
SessionKeyManager.getAvailableTags(PublicKey target,
SessionKey key)
Determine (approximately) how many available session tags for the current target
have been confirmed and are available
|
long |
SessionKeyManager.getAvailableTimeLeft(PublicKey target,
SessionKey key)
Determine how long the available tags will be available for before expiring, in
milliseconds
|
SessionKey |
SessionKeyManager.getCurrentKey(PublicKey target)
Retrieve the session key currently associated with encryption to the target,
or null if a new session key should be generated.
|
SessionKey |
SessionKeyManager.getCurrentOrNewKey(PublicKey target)
Retrieve the session key currently associated with encryption to the target.
|
boolean |
SessionKeyManager.shouldSendTags(PublicKey target,
SessionKey key)
Determine if tags should be sent to the target.
|
boolean |
SessionKeyManager.shouldSendTags(PublicKey target,
SessionKey key,
int lowThreshold)
Determine if tags should be sent to the target with the specified threshold.
|
void |
SessionKeyManager.tagsAcked(PublicKey target,
SessionKey key,
TagSetHandle ts) |
TagSetHandle |
SessionKeyManager.tagsDelivered(PublicKey target,
SessionKey key,
Set<SessionTag> sessionTags)
Take note of the fact that the given sessionTags associated with the key for
encryption to the target have definitely been received at the target (aka call this
method after receiving an ack to a message delivering them)
|
| Constructor and Description |
|---|
KeyPair(PublicKey publicKey,
PrivateKey privateKey) |
| Modifier and Type | Method and Description |
|---|---|
static SessionKey |
X25519DH.dh(PrivateKey priv,
PublicKey pub)
DH
|
| Modifier and Type | Field and Description |
|---|---|
protected PublicKey |
LeaseSet._encryptionKey |
protected PublicKey |
KeysAndCert._publicKey |
| Modifier and Type | Method and Description |
|---|---|
static PublicKey |
PublicKey.create(byte[] data,
int off)
Pull from cache or return new.
|
static PublicKey |
PublicKey.create(InputStream in)
Pull from cache or return new.
|
PublicKey |
LeaseSet.getEncryptionKey() |
PublicKey |
LeaseSet2.getEncryptionKey()
If more than one key, return the first supported one.
|
PublicKey |
LeaseSet.getEncryptionKey(Set<EncType> supported)
If more than one key, return the first supported one.
|
PublicKey |
EncryptedLeaseSet.getEncryptionKey(Set<EncType> supported)
If more than one key, return the first supported one.
|
PublicKey |
LeaseSet2.getEncryptionKey(Set<EncType> supported)
If more than one key, return the first supported one.
|
PublicKey |
KeysAndCert.getPublicKey()
Valid for RouterIdentities.
|
PublicKey |
PrivateKey.toPublic()
Derives a new PublicKey object derived from the secret contents
of this PrivateKey.
|
(package private) PublicKey |
PublicKey.toTypedKey(KeyCertificate kcert)
Up-convert this from an untyped (type 0) PK to a typed PK based on the Key Cert given.
|
| Modifier and Type | Method and Description |
|---|---|
List<PublicKey> |
EncryptedLeaseSet.getEncryptionKeys() |
List<PublicKey> |
LeaseSet2.getEncryptionKeys()
This returns all the keys.
|
| Modifier and Type | Method and Description |
|---|---|
void |
MetaLeaseSet.addEncryptionKey(PublicKey key) |
void |
LeaseSet2.addEncryptionKey(PublicKey key)
Add an encryption key.
|
void |
LeaseSet.setEncryptionKey(PublicKey encryptionKey)
Sets the encryption key for this leaseset.
|
void |
MetaLeaseSet.setEncryptionKey(PublicKey key) |
void |
KeysAndCert.setPublicKey(PublicKey key)
Sets the public key.
|
| Constructor and Description |
|---|
KeyCertificate(SigningPublicKey spk,
PublicKey pk)
A KeyCertificate with enc type from the given public key,
and the signature type and extra data from the given public key.
|
PrivateKey(EncType type,
byte[] data,
PublicKey pubKey) |
PrivateKeyFile(File file,
PublicKey pubkey,
SigningPublicKey spubkey,
Certificate cert,
PrivateKey pk,
SigningPrivateKey spk) |
PrivateKeyFile(File file,
PublicKey pubkey,
SigningPublicKey spubkey,
Certificate cert,
PrivateKey pk,
SigningPrivateKey spk,
byte[] padding) |
| Modifier and Type | Method and Description |
|---|---|
PublicKey |
DatabaseLookupMessage.getRatchetPublicKey()
The included session key or null if unset.
|
| Modifier and Type | Method and Description |
|---|---|
EncryptedBuildRecord |
BuildRequestRecord.encryptECIESRecord(RouterContext ctx,
PublicKey toKey,
Hash toPeer)
Encrypts the record using ECIES.
|
EncryptedBuildRecord |
BuildRequestRecord.encryptRecord(I2PAppContext ctx,
PublicKey toKey,
Hash toPeer)
Encrypts the record using ElGamal.
|
void |
DatabaseLookupMessage.setReplySession(PublicKey pubKey)
Ratchet.
|
| Modifier and Type | Method and Description |
|---|---|
PublicKey |
KeyManager.getPublicKey()
Router key
|
| Modifier and Type | Method and Description |
|---|---|
void |
KeyManager.setKeys(PublicKey key1,
PrivateKey key2,
SigningPublicKey key3,
SigningPrivateKey key4)
Configure the router's keys.
|
| Modifier and Type | Method and Description |
|---|---|
SessionTag |
TransientSessionKeyManager.consumeNextAvailableTag(PublicKey target,
SessionKey key)
Retrieve the next available session tag for identifying the use of the given
key when communicating with the target.
|
void |
TransientSessionKeyManager.createSession(PublicKey target,
SessionKey key)
Associate a new session key with the specified target.
|
byte[] |
ElGamalAESEngine.encrypt(byte[] data,
PublicKey target,
SessionKey key,
long paddedSize)
Deprecated.
unused
|
byte[] |
ElGamalAESEngine.encrypt(byte[] data,
PublicKey target,
SessionKey key,
Set<SessionTag> tagsForDelivery,
long paddedSize)
Deprecated.
unused
|
byte[] |
ElGamalAESEngine.encrypt(byte[] data,
PublicKey target,
SessionKey key,
Set<SessionTag> tagsForDelivery,
SessionTag currentTag,
long paddedSize)
Encrypt the data to the target using the given key and deliver the specified tags
No new session key
This is the one called from GarlicMessageBuilder and is the primary entry point.
|
byte[] |
ElGamalAESEngine.encrypt(byte[] data,
PublicKey target,
SessionKey key,
Set<SessionTag> tagsForDelivery,
SessionTag currentTag,
SessionKey newKey,
long paddedSize)
Encrypt the unencrypted data to the target.
|
void |
TransientSessionKeyManager.failTags(PublicKey target)
Deprecated.
unused and rather drastic
|
void |
TransientSessionKeyManager.failTags(PublicKey target,
SessionKey key,
TagSetHandle ts)
Mark these tags as invalid, since the peer
has failed to ack them in time.
|
int |
TransientSessionKeyManager.getAvailableTags(PublicKey target,
SessionKey key)
Determine (approximately) how many available session tags for the current target
have been confirmed and are available
|
long |
TransientSessionKeyManager.getAvailableTimeLeft(PublicKey target,
SessionKey key)
Determine how long the available tags will be available for before expiring, in
milliseconds
|
SessionKey |
TransientSessionKeyManager.getCurrentKey(PublicKey target)
Retrieve the session key currently associated with encryption to the target,
or null if a new session key should be generated.
|
SessionKey |
TransientSessionKeyManager.getCurrentOrNewKey(PublicKey target)
Retrieve the session key currently associated with encryption to the target.
|
boolean |
TransientSessionKeyManager.shouldSendTags(PublicKey target,
SessionKey key,
int lowThreshold) |
void |
TransientSessionKeyManager.tagsAcked(PublicKey target,
SessionKey key,
TagSetHandle ts)
Mark these tags as acked, start to use them (if we haven't already)
If the set was previously failed, it will be added back in.
|
TagSetHandle |
TransientSessionKeyManager.tagsDelivered(PublicKey target,
SessionKey key,
Set<SessionTag> sessionTags)
Take note of the fact that the given sessionTags associated with the key for
encryption to the target have been sent.
|
| Modifier and Type | Class and Description |
|---|---|
(package private) class |
NextSessionKey
X25519 public key with identifier for next session key exchange in ratchet protocol
|
| Modifier and Type | Method and Description |
|---|---|
static PublicKey |
Elligator2.decode(AtomicBoolean alternative,
byte[] representative)
From javascript version documentation:
Returns an array with the point and the second argument of the corresponding call to the `encode` function.
|
static PublicKey |
Elligator2.decode(byte[] representative)
From javascript version documentation:
Returns an array with the point and the second argument of the corresponding call to the `encode` function.
|
PublicKey |
RatchetTagSet.getRemoteKey()
The far-end's public key.
|
PublicKey |
SessionKeyAndNonce.getRemoteKey()
For inbound ES, else null.
|
| Modifier and Type | Method and Description |
|---|---|
(package private) void |
RatchetSKM.ackRequested(PublicKey target,
int id,
int n) |
RatchetEntry |
RatchetSKM.consumeNextAvailableTag(PublicKey target)
Outbound.
|
RatchetEntry |
MuxedPQSKM.consumeNextAvailableTag(PublicKey target)
EC/PQ
|
RatchetEntry |
MuxedSKM.consumeNextAvailableTag(PublicKey target)
EC only
|
SessionTag |
RatchetSKM.consumeNextAvailableTag(PublicKey target,
SessionKey key) |
SessionTag |
MuxedPQSKM.consumeNextAvailableTag(PublicKey target,
SessionKey key)
ElG only
|
SessionTag |
MuxedSKM.consumeNextAvailableTag(PublicKey target,
SessionKey key)
ElG only
|
SessionKey |
MuxedPQSKM.createSession(PublicKey target)
ElG only
|
SessionKey |
MuxedSKM.createSession(PublicKey target)
ElG only
|
(package private) boolean |
RatchetSKM.createSession(PublicKey target,
Destination d,
HandshakeState state,
ReplyCallback callback)
Inbound or outbound.
|
void |
RatchetSKM.createSession(PublicKey target,
SessionKey key) |
void |
MuxedPQSKM.createSession(PublicKey target,
SessionKey key)
ElG only
|
void |
MuxedSKM.createSession(PublicKey target,
SessionKey key)
ElG only
|
(package private) static PrivateKey |
ECIESAEADEngine.doDH(PrivateKey privkey,
PublicKey pubkey) |
byte[] |
Elligator2.encode(PublicKey point)
Use for on-the-wire.
|
protected static byte[] |
Elligator2.encode(PublicKey point,
boolean alternative)
Deprecated.
|
byte[] |
ECIESAEADEngine.encrypt(CloveSet cloves,
PublicKey target)
Encrypt the data to the target using the given key from an anonymous source,
for netdb lookups.
|
byte[] |
ECIESAEADEngine.encrypt(CloveSet cloves,
PublicKey target,
Destination to,
PrivateKey priv,
RatchetSKM keyManager,
ReplyCallback callback)
Encrypt the data to the target using the given key and deliver the specified tags
No new session key
This is the one called from GarlicMessageBuilder and is the primary entry point.
|
void |
RatchetSKM.failTags(PublicKey target)
Deprecated.
unused and rather drastic
|
void |
RatchetSKM.failTags(PublicKey target,
SessionKey key,
TagSetHandle ts) |
void |
MuxedPQSKM.failTags(PublicKey target,
SessionKey key,
TagSetHandle ts)
ElG only
|
void |
MuxedSKM.failTags(PublicKey target,
SessionKey key,
TagSetHandle ts)
ElG only
|
int |
RatchetSKM.getAvailableTags(PublicKey target,
SessionKey key)
Determine (approximately) how many available session tags for the current target
have been confirmed and are available
|
int |
MuxedPQSKM.getAvailableTags(PublicKey target,
SessionKey key) |
int |
MuxedSKM.getAvailableTags(PublicKey target,
SessionKey key) |
long |
RatchetSKM.getAvailableTimeLeft(PublicKey target,
SessionKey key)
Determine how long the available tags will be available for before expiring, in
milliseconds
|
long |
MuxedPQSKM.getAvailableTimeLeft(PublicKey target,
SessionKey key) |
long |
MuxedSKM.getAvailableTimeLeft(PublicKey target,
SessionKey key) |
SessionKey |
RatchetSKM.getCurrentKey(PublicKey target) |
SessionKey |
MuxedPQSKM.getCurrentKey(PublicKey target)
ElG only
|
SessionKey |
MuxedSKM.getCurrentKey(PublicKey target)
ElG only
|
SessionKey |
RatchetSKM.getCurrentOrNewKey(PublicKey target) |
SessionKey |
MuxedPQSKM.getCurrentOrNewKey(PublicKey target)
ElG only
|
SessionKey |
MuxedSKM.getCurrentOrNewKey(PublicKey target)
ElG only
|
(package private) Destination |
RatchetSKM.getDestination(PublicKey target) |
(package private) boolean |
RatchetSKM.isDuplicate(PublicKey pk) |
(package private) void |
RatchetSKM.nextKeyReceived(PublicKey target,
NextSessionKey key) |
(package private) void |
RatchetSKM.receivedACK(PublicKey target,
int id,
int n) |
(package private) void |
RatchetSKM.registerCallback(PublicKey target,
int id,
int n,
ReplyCallback callback) |
(package private) boolean |
RatchetSKM.registerTimer(PublicKey target,
Destination d,
SimpleTimer2.TimedEvent timer)
Side effect - binds this session to the supplied destination.
|
boolean |
MuxedPQSKM.shouldSendTags(PublicKey target,
SessionKey key)
ElG only
|
boolean |
MuxedSKM.shouldSendTags(PublicKey target,
SessionKey key)
ElG only
|
boolean |
RatchetSKM.shouldSendTags(PublicKey target,
SessionKey key,
int lowThreshold) |
boolean |
MuxedPQSKM.shouldSendTags(PublicKey target,
SessionKey key,
int lowThreshold)
ElG only
|
boolean |
MuxedSKM.shouldSendTags(PublicKey target,
SessionKey key,
int lowThreshold)
ElG only
|
void |
RatchetSKM.tagsAcked(PublicKey target,
SessionKey key,
TagSetHandle ts) |
void |
MuxedPQSKM.tagsAcked(PublicKey target,
SessionKey key,
TagSetHandle ts)
ElG only
|
void |
MuxedSKM.tagsAcked(PublicKey target,
SessionKey key,
TagSetHandle ts)
ElG only
|
TagSetHandle |
RatchetSKM.tagsDelivered(PublicKey target,
SessionKey key,
Set<SessionTag> sessionTags) |
TagSetHandle |
MuxedPQSKM.tagsDelivered(PublicKey target,
SessionKey key,
Set<SessionTag> sessionTags)
ElG only
|
TagSetHandle |
MuxedSKM.tagsDelivered(PublicKey target,
SessionKey key,
Set<SessionTag> sessionTags)
ElG only
|
(package private) boolean |
RatchetSKM.updateSession(PublicKey target,
HandshakeState oldState,
HandshakeState state,
ReplyCallback callback,
SplitKeys split)
Inbound or outbound.
|
| Constructor and Description |
|---|
Elg2KeyPair(PublicKey publicKey,
PrivateKey privateKey,
byte[] enc) |
RatchetTagSet(HKDF hkdf,
SessionTagListener lsnr,
PublicKey remoteKey,
SessionKey rootKey,
SessionKey data,
long date,
int tagsetid,
int keyid,
int minSize,
int maxSize)
Inbound ES Tagset
|
SessionKeyAndNonce(byte[] data,
int id,
int nonce,
PublicKey remoteKey)
For inbound Existing Session
|
| Modifier and Type | Method and Description |
|---|---|
PublicKey |
GarlicConfig.getRecipientPublicKey() |
| Modifier and Type | Method and Description |
|---|---|
static GarlicMessage |
GarlicMessageBuilder.buildMessage(RouterContext ctx,
GarlicConfig config,
Set<SessionTag> wrappedTags,
PublicKey target,
SessionKey encryptKey,
SessionTag encryptTag)
ELGAMAL_2048 only.
|
(package private) static GarlicMessage |
OutboundClientMessageJobHelper.createGarlicMessage(RouterContext ctx,
long replyToken,
long expiration,
PublicKey recipientPK,
PayloadGarlicConfig dataClove,
Hash from,
Destination dest,
TunnelInfo replyTunnel,
int tagsToSendOverride,
int lowTagsOverride,
SessionKey wrappedKey,
Set<SessionTag> wrappedTags,
boolean requireAck,
LeaseSet bundledReplyLeaseSet,
ReplyCallback callback)
Allow the app to specify the data clove directly, which enables OutboundClientMessage to resend the
same payload (including expiration and unique id) in different garlics (down different tunnels)
This is called from OCMOSJ
|
(package private) static boolean |
GarlicMessageBuilder.needsTags(RouterContext ctx,
PublicKey key,
Hash local,
int minTagOverride)
ELGAMAL_2048 only; returns false for others
|
void |
GarlicConfig.setRecipientPublicKey(PublicKey recipientPublicKey)
Public key of the router to receive and process this clove.
|
| Constructor and Description |
|---|
WrappedMessage(GarlicMessage msg,
SessionKeyManager skm,
PublicKey sentTo,
SessionKey sentKey,
TagSetHandle tsh) |
| Modifier and Type | Method and Description |
|---|---|
static void |
BuildMessageGenerator.createRecord(int recordNum,
int hop,
TunnelBuildMessage msg,
TunnelCreatorConfig cfg,
Hash replyRouter,
long replyTunnel,
RouterContext ctx,
PublicKey peerKey,
Properties props)
Place the asymmetrically encrypted record in the specified record slot,
containing the hop's configuration (as well as the reply info, if it is an outbound endpoint)
|