2.19.0

Revert "Read explicitPeer config settings into params"

.travis.yml

@@ -3,7 +3,7 @@ cache:
   apt: true
 os:
 - linux
-- osx
+#- osx
 dist: trusty
 sudo: required
 compiler:

ChangeLog

@@ -1,6 +1,48 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.19.0] - 2018-06-26
+### Added
+- ECIES support for RouterInfo
+- HTTP outproxy authorization
+- AVX/AESNI runtime detection
+- Initial implementation of NTCP2
+- I2CP session reconfigure
+- I2CP method ClientServicesInfo
+- Datagrams to websocks
+### Changed
+- RouterInfo uses EdDSA signature by default
+- Remove stream bans
+- Android build system changed to gradle
+- Multiple changes in QT GUI
+- Dockerfile
+### Fixed
+- zero tunnelID issue
+- tunnels reload
+- headers in webconsole
+- XSS in webconsole from SAM session name
+- build for gcc 8
+- cmake build scripts
+- systemd service files
+- some netbsd issues
+
+## [2.18.0] - 2018-01-30
+### Added
+- Show tunnel nicknames for I2CP destination in WebUI
+- Re-create HTTP and SOCKS proxy by tunnel reload
+- Graceful shutdown as soon as no more transit tunnels
+### Changed
+- Regenerate shared local destination by tunnel reload
+- Use transient local destination by default if not specified
+- Return correct code if pid file can't be created
+- Timing and number of attempts for adressbook requests
+- Certificates list
+### Fixed
+- Malformed addressbook subsctiption request
+- Build with boost 1.66
+- Few race conditions for SAM
+- Check LeaseSet's signature before update
+
 ## [2.17.0] - 2017-12-04
 ### Added
 - Reseed through HTTP and SOCKS proxy
@@ -37,7 +79,7 @@
 
 ## [2.15.0] - 2017-08-17
 ### Added
-- QT GUI 
+- QT GUI
 - Ability to add and remove I2P tunnels without restart
 - Ability to disable SOCKS outproxy option
 ### Changed
@@ -81,7 +123,7 @@
 - Some stats in a main window for Windows version
 ### Changed
 - Reseed servers list
-- MTU of 1488 for ipv6 
+- MTU of 1488 for ipv6
 - Android and Mac OS X versions use OpenSSL 1.1
 - New logo for Android
 ### Fixed
@@ -111,7 +153,7 @@
 ## [2.10.2] - 2016-12-04
 ### Fixed
 - Fixes UPnP discovery bug, producing excessive CPU usage
-- Fixes sudden SSU thread stop for Windows. 
+- Fixes sudden SSU thread stop for Windows.
 
 ## [2.10.1] - 2016-11-07
 ### Fixed
@@ -162,12 +204,12 @@
 - Configurable limit of transit tunnels
 
 ### Changed
-- Speed-up of assymetric crypto for non-x64 platforms
+- Speed-up of asymmetric crypto for non-x64 platforms
 - Refactoring of web-console
 
 ## [2.6.0] - 2016-03-31
 ### Added
-- Gracefull shutdown on SIGINT
+- Graceful shutdown on SIGINT
 - Numeric bandwidth limits (was: by router class)
 - Jumpservices in web-console
 - Logging to syslog

Dockerfile

@@ -1,54 +0,0 @@
-FROM alpine:latest
-
-MAINTAINER Mikal Villa <mikal@sigterm.no>
-
-ENV GIT_BRANCH="master"
-ENV I2PD_PREFIX="/opt/i2pd-${GIT_BRANCH}"
-ENV PATH=${I2PD_PREFIX}/bin:$PATH
-
-ENV GOSU_VERSION=1.7
-ENV GOSU_SHASUM="34049cfc713e8b74b90d6de49690fa601dc040021980812b2f1f691534be8a50  /usr/local/bin/gosu"
-
-RUN mkdir /user && adduser -S -h /user i2pd && chown -R i2pd:nobody /user
-
-
-#
-# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the 
-# image under 20mb we need to remove all the build dependencies in the same "RUN" / layer.
-#
-
-# 1. install deps, clone and build. 
-# 2. strip binaries. 
-# 3. Purge all dependencies and other unrelated packages, including build directory. 
-RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boost-dev build-base openssl-dev openssl git \
-    && mkdir -p /tmp/build \
-    && cd /tmp/build && git clone -b ${GIT_BRANCH} https://github.com/PurpleI2P/i2pd.git \
-    && cd i2pd \
-    && make -j4 \
-    && mkdir -p ${I2PD_PREFIX}/bin \
-    && mv i2pd ${I2PD_PREFIX}/bin/ \
-    && cd ${I2PD_PREFIX}/bin \
-    && strip i2pd \
-    && rm -fr /tmp/build && apk --purge del build-dependendencies build-base fortify-headers boost-dev zlib-dev openssl-dev \
-    boost-python3 python3 gdbm boost-unit_test_framework boost-python linux-headers boost-prg_exec_monitor \
-    boost-serialization boost-signals boost-wave boost-wserialization boost-math boost-graph boost-regex git pcre \
-    libtool g++ gcc pkgconfig
-
-# 2. Adding required libraries to run i2pd to ensure it will run.
-RUN apk --no-cache add boost-filesystem boost-system boost-program_options boost-date_time boost-thread boost-iostreams openssl musl-utils libstdc++
-
-# Gosu is a replacement for su/sudo in docker and not a backdoor :) See https://github.com/tianon/gosu
-RUN wget -O /usr/local/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64 \
-    && echo "${GOSU_SHASUM}" | sha256sum -c && chmod +x /usr/local/bin/gosu
-
-COPY entrypoint.sh /entrypoint.sh
-
-RUN chmod a+x /entrypoint.sh
-RUN echo "export PATH=${PATH}" >> /etc/profile
-
-VOLUME [ "/var/lib/i2pd" ]
-
-EXPOSE 7070 4444 4447 7656 2827 7654 7650
-
-ENTRYPOINT [ "/entrypoint.sh" ]
-

Makefile

@@ -1,9 +1,9 @@
-UNAME := $(shell uname -s)
+SYS := $(shell $(CXX) -dumpmachine)
 SHLIB := libi2pd.so
 ARLIB := libi2pd.a
 SHLIB_CLIENT := libi2pdclient.so
 ARLIB_CLIENT := libi2pdclient.a
-I2PD  := i2pd
+I2PD := i2pd
 GREP := grep
 DEPS := obj/make.dep
 
@@ -23,22 +23,24 @@ ifeq ($(WEBSOCKETS),1)
 	NEEDED_CXXFLAGS += -DWITH_EVENTS
 endif
 
-ifeq ($(UNAME),Darwin)
+ifneq (, $(findstring darwin, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	ifeq ($(HOMEBREW),1)
 		include Makefile.homebrew
 	else
 		include Makefile.osx
 	endif
-else ifeq ($(shell echo $(UNAME) | $(GREP) -Ec '(Free|Open)BSD'),1)
-	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
-	include Makefile.bsd
-else ifeq ($(UNAME),Linux)
+else ifneq (, $(findstring linux, $(SYS))$(findstring gnu, $(SYS)))
 	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
 	include Makefile.linux
-else
+else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS)))
+	DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp
+	include Makefile.bsd
+else ifneq (, $(findstring mingw, $(SYS))$(findstring cygwin, $(SYS)))
 	DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32Service.cpp Win32/Win32App.cpp
 	include Makefile.mingw
+else # not supported
+$(error Not supported platform)
 endif
 
 ifeq ($(USE_MESHNET),yes)

Makefile.bsd

@@ -1,5 +1,5 @@
 CXX = clang++
-CXXFLAGS = -O2
+CXXFLAGS ?= -g -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misleading-indentation
 ## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time
 ## **without** overwriting the CXXFLAGS which we need in order to build.
 ## For example, when adding 'hardening flags' to the build

Makefile.homebrew

@@ -4,7 +4,7 @@ BOOSTROOT = ${BREWROOT}/opt/boost
 SSLROOT = ${BREWROOT}/opt/libressl
 UPNPROOT = ${BREWROOT}/opt/miniupnpc
 CXXFLAGS = -g -Wall -std=c++11 -DMAC_OSX -Wno-overloaded-virtual
-INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include 
+INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include
 
 ifndef TRAVIS
 	CXX = clang++
@@ -33,10 +33,13 @@ endif
 # http://www.hutsby.net/2011/08/macs-with-aes-ni.html
 # Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2
 # Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic
-# note from psi: 2009 macbook does not have aesni
-#ifeq ($(USE_AESNI),yes)
-#	CXXFLAGS += -maes -DAESNI
-#endif
+ifeq ($(USE_AESNI),yes)
+	CXXFLAGS += -maes -DAESNI
+endif
+ifeq ($(USE_AVX),1)
+	CXXFLAGS += -mavx
+endif
+
 
 # Disabled, since it will be the default make rule. I think its better
 # to define the default rule in Makefile and not Makefile.<ostype> - torkel

Makefile.linux

@@ -12,7 +12,7 @@ INCFLAGS ?=
 # detect proper flag for c++11 support by compilers
 CXXVER := $(shell $(CXX) -dumpversion)
 ifeq ($(shell expr match $(CXX) 'clang'),5)
-	NEEDED_CXXFLAGS += -std=c++11 
+	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # gcc >= 4.10
 	NEEDED_CXXFLAGS += -std=c++11
 else ifeq ($(shell expr match ${CXXVER} "4\.[7-9]"),3) # >= 4.7
@@ -21,10 +21,10 @@ else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6
 	NEEDED_CXXFLAGS += -std=c++0x
 else ifeq ($(shell expr match ${CXXVER} "[5-7]\.[0-9]"),3) # gcc >= 5.0
 	NEEDED_CXXFLAGS += -std=c++11
-else ifeq ($(shell expr match ${CXXVER} "7"),1) # gcc 7 ubuntu
+else ifeq ($(shell expr match ${CXXVER} "[7-8]"),1) # gcc 7 ubuntu or gcc 8 arch
 	NEEDED_CXXFLAGS += -std=c++11
 else # not supported
-	$(error Compiler too old)
+$(error Compiler too old)
 endif
 
 NEEDED_CXXFLAGS += -fPIC
@@ -60,7 +60,12 @@ endif
 ifeq ($(USE_AESNI),yes)
 #check if AES-NI is supported by CPU
 ifneq ($(shell $(GREP) -c aes /proc/cpuinfo),0)
-	CPU_FLAGS += -maes -DAESNI
+	machine := $(shell uname -m)
+	ifeq ($(machine), aarch64)
+		CXXFLAGS += -DARM64AES
+	else
+		CPU_FLAGS += -maes -DAESNI
+	endif
 endif
 endif
 

Makefile.osx

@@ -1,7 +1,7 @@
 CXX = clang++
 CXXFLAGS = -Os -Wall -std=c++11 -DMAC_OSX
 #CXXFLAGS = -g -O2 -Wall -std=c++11
-INCFLAGS = -I/usr/local/include 
+INCFLAGS = -I/usr/local/include
 LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib
 
 ifeq ($(USE_STATIC),yes)

README.md

@@ -3,27 +3,27 @@ i2pd
 
 [Русская версия](https://github.com/PurpleI2P/i2pd_docs_ru/blob/master/README.md)
 
-i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.
+i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.  
 
-I2P (Invisible Internet Protocol) is a universal anonymous network layer. 
+I2P (Invisible Internet Protocol) is a universal anonymous network layer.  
 All communications over I2P are anonymous and end-to-end encrypted, participants
-don't reveal their real IP addresses. 
+don't reveal their real IP addresses.  
 
-I2P client is a software used for building and using anonymous I2P 
-networks. Such networks are commonly used for anonymous peer-to-peer 
-applications (filesharing, cryptocurrencies) and anonymous client-server 
-applications (websites, instant messengers, chat-servers).
+I2P client is a software used for building and using anonymous I2P
+networks. Such networks are commonly used for anonymous peer-to-peer
+applications (filesharing, cryptocurrencies) and anonymous client-server
+applications (websites, instant messengers, chat-servers).  
 
 I2P allows people from all around the world to communicate and share information
-without restrictions.
+without restrictions.  
 
 Features
 --------
 
-* Distributed anonymous networking framework
-* End-to-end encrypted communications
-* Small footprint, simple dependencies, fast performance
-* Rich set of APIs for developers of secure applications
+* Distributed anonymous networking framework  
+* End-to-end encrypted communications  
+* Small footprint, simple dependencies, fast performance  
+* Rich set of APIs for developers of secure applications  
 
 Resources
 ---------
@@ -38,10 +38,10 @@ Resources
 Installing
 ----------
 
-The easiest way to install i2pd is by using 
-[precompiled binaries](https://github.com/PurpleI2P/i2pd/releases/latest). 
-See [documentation](https://i2pd.readthedocs.io/en/latest/) for how to build 
-i2pd from source on your OS.
+The easiest way to install i2pd is by using
+[precompiled binaries](https://github.com/PurpleI2P/i2pd/releases/latest).
+See [documentation](https://i2pd.readthedocs.io/en/latest/) for how to build
+i2pd from source on your OS.  
 
 
 Build instructions:
@@ -57,29 +57,30 @@ Build instructions:
 * GNU/Linux x86/x64		- [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
 * Windows				- [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)
 * Mac OS X				- [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
+* CentOS / Fedora		- [![Build Status](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/status_image/last_build.png)](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/)
+* Docker image     - [![Build Status](https://dockerbuildbadges.quelltext.eu/status.svg?organization=meeh&repository=i2pd)](https://hub.docker.com/r/meeh/i2pd/builds/)
 * FreeBSD
-* Android 
+* Android
 * iOS
 
 Using i2pd
 ----------
 
-See [documentation](https://i2pd.readthedocs.io/en/latest/user-guide/run/) and 
+See [documentation](https://i2pd.readthedocs.io/en/latest/user-guide/run/) and
 [example config file](https://github.com/PurpleI2P/i2pd/blob/openssl/contrib/i2pd.conf).
 
 Donations
 ---------
 
-BTC: 1K7Ds6KUeR8ya287UC4rYTjvC96vXyZbDY   
-ZEC: t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ  
-DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF   
+BTC: 3MDoGJW9TLMTCDGrR9bLgWXfm6sjmgy86f  
 LTC: LKQirrYrDeTuAPnpYq5y7LVKtywfkkHi59  
-DOGE: DNXLQKziRPAsD9H3DFNjk4fLQrdaSX893Y  
-ANC: AQJYweYYUqM1nVfLqfoSMpUMfzxvS4Xd7z   
+ETH: 0x9e5bac70d20d1079ceaa111127f4fb3bccce379d  
+DASH: Xw8YUrQpYzP9tZBmbjqxS3M97Q7v3vJKUF  
+ZEC: t1cTckLuXsr1dwVrK4NDzfhehss4NvMadAJ  
 GST: GbD2JSQHBHCKLa9WTHmigJRpyFgmBj4woG  
 
 License
 -------
 
 This project is licensed under the BSD 3-clause license, which can be found in the file
-LICENSE in the root of the project source code.
+LICENSE in the root of the project source code.  

Win32/DaemonWin32.cpp

@@ -21,6 +21,7 @@ namespace util
 		SetConsoleCP(1251);
 		SetConsoleOutputCP(1251);
 		setlocale(LC_ALL, "Russian");
+		setlocale(LC_TIME, "C");
 
 		if (!Daemon_Singleton::init(argc, argv))
 			return false;
@@ -68,6 +69,7 @@ namespace util
 		SetConsoleCP(1251);
 		SetConsoleOutputCP(1251);
 		setlocale(LC_ALL, "Russian");
+		setlocale(LC_TIME, "C");
 #ifdef WIN32_APP
 		if (!i2p::win32::StartWin32App ()) return false;
 

Win32/installer.iss

@@ -1,5 +1,5 @@
 #define I2Pd_AppName "i2pd"
-#define I2Pd_ver "2.17.0"
+#define I2Pd_ver "2.19.0"
 #define I2Pd_Publisher "PurpleI2P"
 
 [Setup]

android/.gitignore

@@ -5,4 +5,11 @@ ant.properties
 local.properties
 build.sh
 bin
-log*
+log*
+.gradle
+android.iml
+build
+gradle
+gradlew
+gradlew.bat
+

android/AndroidManifest.xml

@@ -1,26 +1,56 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-      package="org.purplei2p.i2pd"
-      android:versionCode="1"
-      android:versionName="2.17.0"
-	  android:installLocation="auto">
-    <uses-sdk android:minSdkVersion="14" android:targetSdkVersion="25"/>
-	<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
-    <uses-permission android:name="android.permission.INTERNET"/>
-    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
-	<application android:label="@string/app_name" android:allowBackup="true" android:icon="@drawable/icon">
-	    <receiver android:name=".NetworkStateChangeReceiver">
-	        <intent-filter>
-	            <action android:name="android.net.conn.CONNECTIVITY_CHANGE"/>
-	        </intent-filter>
-	    </receiver>
-	    <activity android:name=".I2PD"
-                  android:label="@string/app_name">
+    package="org.purplei2p.i2pd"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="2.19.0">
+
+    <uses-sdk
+        android:minSdkVersion="14"
+        android:targetSdkVersion="25" />
+
+    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.INTERNET" /> <!-- normal perm, per https://developer.android.com/guide/topics/permissions/normal-permissions.html -->
+    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.READ_PHONE_STATE" />
+    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> <!-- normal perm -->
+    <application
+        android:allowBackup="true"
+        android:icon="@drawable/icon"
+        android:label="@string/app_name"
+        android:theme="@android:style/Theme.Holo.Light.DarkActionBar"
+        >
+        <receiver android:name=".NetworkStateChangeReceiver">
+            <intent-filter>
+                <action android:name="android.net.conn.CONNECTIVITY_CHANGE" />
+            </intent-filter>
+        </receiver>
+
+        <activity
+            android:name=".I2PDPermsAskerActivity"
+            android:label="@string/app_name">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
+
                 <category android:name="android.intent.category.LAUNCHER" />
             </intent-filter>
         </activity>
-        <service android:enabled="true" android:name=".ForegroundService"/>
+        <activity
+            android:name=".I2PDActivity"
+            android:label="@string/app_name" />
+
+        <service
+            android:name=".ForegroundService"
+            android:enabled="true" />
+
+        <activity
+            android:name=".I2PDPermsExplanationActivity"
+            android:label="@string/title_activity_i2_pdperms_asker_prompt"
+            android:parentActivityName=".I2PDPermsAskerActivity">
+            <meta-data
+                android:name="android.support.PARENT_ACTIVITY"
+                android:value="org.purplei2p.i2pd.I2PDPermsAskerActivity" />
+        </activity>
     </application>
-</manifest> 
+
+</manifest>

android/build.gradle

@@ -0,0 +1,64 @@
+buildscript {
+    repositories {
+        mavenCentral()
+        jcenter()
+    }
+    dependencies {
+        classpath 'com.android.tools.build:gradle:2.3.3'
+    }
+}
+
+apply plugin: 'com.android.application'
+
+repositories {
+    jcenter()
+    maven {
+        url 'https://maven.google.com'
+    }
+}
+
+android {
+    compileSdkVersion 25
+    buildToolsVersion "25.0.3"
+    defaultConfig {
+        applicationId "org.purplei2p.i2pd"
+        targetSdkVersion 25
+        minSdkVersion 14
+        versionCode 1
+        versionName "2.19.0"
+        ndk {
+            abiFilters 'armeabi-v7a'
+            //abiFilters 'x86'
+        }
+    }
+    sourceSets {
+        main {
+            manifest.srcFile 'AndroidManifest.xml'
+            java.srcDirs = ['src']
+            res.srcDirs = ['res']
+            jniLibs.srcDirs = ['libs']
+        }
+    }
+    signingConfigs {
+        orignal {
+            storeFile file("i2pdapk.jks")
+            storePassword "android"
+            keyAlias "i2pdapk"
+            keyPassword "android"
+        }
+    }
+    buildTypes {
+        release {
+            minifyEnabled true
+            signingConfig signingConfigs.orignal
+            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-project.txt'
+        }
+    }
+    externalNativeBuild {
+        ndkBuild {
+            path './jni/Android.mk'
+        }
+    }
+}
+
+

android/jni/Application.mk

@@ -11,7 +11,7 @@ NDK_TOOLCHAIN_VERSION := 4.9
 # APP_STL := stlport_shared  --> does not seem to contain C++11 features
 APP_STL := gnustl_shared
 
-# Enable c++11 extentions in source code
+# Enable c++11 extensions in source code
 APP_CPPFLAGS += -std=c++11
 
 APP_CPPFLAGS += -DANDROID -D__ANDROID__ -DUSE_UPNP
@@ -19,7 +19,8 @@ ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
 APP_CPPFLAGS += -DANDROID_ARM7A
 endif
 
-APP_OPTIM  := debug
+# Forcing debug optimization. Use `ndk-build NDK_DEBUG=1` instead.
+#APP_OPTIM  := debug
 
 # git clone https://github.com/PurpleI2P/Boost-for-Android-Prebuilt.git
 # git clone https://github.com/PurpleI2P/OpenSSL-for-Android-Prebuilt.git

android/res/layout/activity_perms_asker.xml

@@ -0,0 +1,27 @@
+<LinearLayout android:id="@+id/main_layout"
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:orientation="vertical"
+    android:paddingBottom="@dimen/vertical_page_margin"
+    android:paddingLeft="@dimen/horizontal_page_margin"
+    android:paddingRight="@dimen/horizontal_page_margin"
+    android:paddingTop="@dimen/vertical_page_margin"
+    tools:context=".I2PDPermsAskerActivity">
+
+    <TextView
+        android:id="@+id/textview_retry"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:layout_marginBottom="@dimen/horizontal_page_margin"
+        android:visibility="gone"
+        />
+
+    <Button
+        android:id="@+id/button_request_write_ext_storage_perms"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:text="Retry requesting the SD card write permissions"
+        android:visibility="gone"/>
+</LinearLayout>

android/res/layout/activity_perms_explanation.xml

@@ -0,0 +1,27 @@
+<LinearLayout android:id="@+id/layout_prompt"
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:orientation="vertical"
+    android:paddingBottom="@dimen/vertical_page_margin"
+    android:paddingLeft="@dimen/horizontal_page_margin"
+    android:paddingRight="@dimen/horizontal_page_margin"
+    android:paddingTop="@dimen/vertical_page_margin"
+    tools:context=".I2PDPermsAskerActivity">
+
+    <TextView
+        android:id="@+id/textview_explanation"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:layout_marginBottom="@dimen/horizontal_page_margin"
+        android:text="SD card write access is required to write the keys and other files to the I2PD folder on SD card."
+        />
+
+    <Button
+        android:id="@+id/button_ok"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:text="OK"
+        />
+</LinearLayout>

android/res/menu/options_main.xml

@@ -1,16 +1,16 @@
-<menu 
+<menu
     xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:app="http://schemas.android.com/apk/res-auto"
-    xmlns:tools="http://schemas.android.com/tools" 
-    tools:context=".I2PD">
+    xmlns:tools="http://schemas.android.com/tools"
+    tools:context=".I2PDActivity">
     <item
-        android:id="@+id/action_graceful_quit"
-        android:title="@string/action_graceful_quit"
+        android:id="@+id/action_graceful_stop"
+        android:title="@string/action_graceful_stop"
         android:orderInCategory="98"
         />
     <item
-        android:id="@+id/action_quit"
-        android:title="@string/action_quit"
+        android:id="@+id/action_stop"
+        android:title="@string/action_stop"
         android:orderInCategory="99"
         />
 </menu>

android/res/values/strings.xml

@@ -1,11 +1,18 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
     <string name="app_name">i2pd</string>
-    <string name="i2pd_started">i2pd started</string>
-    <string name="i2pd_service_started">i2pd service started</string>
-    <string name="i2pd_service_stopped">i2pd service stopped</string>
-    <string name="action_quit">Quit</string>
-    <string name="action_graceful_quit">Graceful Quit</string>
-    <string name="graceful_quit_is_already_in_progress">Graceful quit is already in progress</string>
-    <string name="graceful_quit_is_in_progress">Graceful quit is in progress</string>
+    <string name="action_stop">Stop</string>
+    <string name="action_graceful_stop">Graceful Stop</string>
+    <string name="graceful_stop_is_already_in_progress">Graceful stop is already in progress</string>
+    <string name="graceful_stop_is_in_progress">Graceful stop is in progress</string>
+    <string name="already_stopped">Already stopped</string>
+    <string name="uninitialized">i2pd initializing</string>
+    <string name="starting">i2pd is starting</string>
+    <string name="jniLibraryLoaded">i2pd: loaded JNI libraries</string>
+    <string name="startedOkay">i2pd started</string>
+    <string name="startFailed">i2pd start failed</string>
+    <string name="gracefulShutdownInProgress">i2pd: graceful shutdown in progress</string>
+    <string name="stopped">i2pd has stopped</string>
+    <string name="remaining">remaining</string>
+    <string name="title_activity_i2_pdperms_asker_prompt">Prompt</string>
 </resources>

android/res/values/template-dimens.xml

@@ -0,0 +1,16 @@
+<resources>
+
+    <!-- Define standard dimensions to comply with Holo-style grids and rhythm. -->
+
+    <dimen name="margin_tiny">4dp</dimen>
+    <dimen name="margin_small">8dp</dimen>
+    <dimen name="margin_medium">16dp</dimen>
+    <dimen name="margin_large">32dp</dimen>
+    <dimen name="margin_huge">64dp</dimen>
+
+    <!-- Semantic definitions -->
+
+    <dimen name="horizontal_page_margin">@dimen/margin_medium</dimen>
+    <dimen name="vertical_page_margin">@dimen/margin_medium</dimen>
+
+</resources>

android/src/org/purplei2p/i2pd/DaemonSingleton.java

@@ -8,89 +8,98 @@ import android.util.Log;
 public class DaemonSingleton {
 	private static final String TAG="i2pd";
 	private static final DaemonSingleton instance = new DaemonSingleton();
-	public static interface StateUpdateListener { void daemonStateUpdate(); }
-	private final Set<StateUpdateListener> stateUpdateListeners = new HashSet<StateUpdateListener>();
+	public interface StateUpdateListener { void daemonStateUpdate(); }
+	private final Set<StateUpdateListener> stateUpdateListeners = new HashSet<>();
 
 	public static DaemonSingleton getInstance() {
 		return instance;
 	}
-	
+
 	public synchronized void addStateChangeListener(StateUpdateListener listener) { stateUpdateListeners.add(listener); }
 	public synchronized void removeStateChangeListener(StateUpdateListener listener) { stateUpdateListeners.remove(listener); }
-	
+
+	private synchronized void setState(State newState) {
+		if(newState==null)throw new NullPointerException();
+		State oldState = state;
+		if(oldState==null)throw new NullPointerException();
+		if(oldState.equals(newState))return;
+		state=newState;
+		fireStateUpdate1();
+	}
 	public synchronized void stopAcceptingTunnels() {
 		if(isStartedOkay()){
-			state=State.gracefulShutdownInProgress;
-			fireStateUpdate();
+			setState(State.gracefulShutdownInProgress);
 			I2PD_JNI.stopAcceptingTunnels();
 		}
 	}
-	
-	public void onNetworkStateChange(boolean isConnected) {
-		I2PD_JNI.onNetworkStateChanged(isConnected);
-	}
-	
-	private boolean startedOkay;
 
-	public static enum State {uninitialized,starting,jniLibraryLoaded,startedOkay,startFailed,gracefulShutdownInProgress};
-	
-	private State state = State.uninitialized;
-	
+	private volatile boolean startedOkay;
+
+	public enum State {
+        uninitialized(R.string.uninitialized),
+        starting(R.string.starting),
+        jniLibraryLoaded(R.string.jniLibraryLoaded),
+        startedOkay(R.string.startedOkay),
+        startFailed(R.string.startFailed),
+        gracefulShutdownInProgress(R.string.gracefulShutdownInProgress),
+        stopped(R.string.stopped);
+
+        State(int statusStringResourceId) {
+            this.statusStringResourceId = statusStringResourceId;
+        }
+
+        private final int statusStringResourceId;
+
+        public int getStatusStringResourceId() {
+            return statusStringResourceId;
+        }
+    };
+
+	private volatile State state = State.uninitialized;
+
 	public State getState() { return state; }
-	
-	public synchronized void start() {
-		if(state != State.uninitialized)return;
-		state = State.starting;
-		fireStateUpdate();
+
+	{
+		setState(State.starting);
 		new Thread(new Runnable(){
 
 			@Override
 			public void run() {
 				try {
 					I2PD_JNI.loadLibraries();
-					synchronized (DaemonSingleton.this) {
-						state = State.jniLibraryLoaded;
-						fireStateUpdate();
-					}
+					setState(State.jniLibraryLoaded);
 				} catch (Throwable tr) {
 					lastThrowable=tr;
-					synchronized (DaemonSingleton.this) {
-						state = State.startFailed;
-						fireStateUpdate();
-					}
+					setState(State.startFailed);
 					return;
 				}
 				try {
 					synchronized (DaemonSingleton.this) {
 						daemonStartResult = I2PD_JNI.startDaemon();
 						if("ok".equals(daemonStartResult)){
-							state=State.startedOkay;
+							setState(State.startedOkay);
 							setStartedOkay(true);
-						}else state=State.startFailed;
-						fireStateUpdate();
+						}else setState(State.startFailed);
 					}
 				} catch (Throwable tr) {
 					lastThrowable=tr;
-					synchronized (DaemonSingleton.this) {
-						state = State.startFailed;
-						fireStateUpdate();
-					}
+					setState(State.startFailed);
 					return;
-				}				
+				}
 			}
-			
+
 		}, "i2pdDaemonStart").start();
 	}
 	private Throwable lastThrowable;
 	private String daemonStartResult="N/A";
 
-	private synchronized void fireStateUpdate() {
+	private void fireStateUpdate1() {
 		Log.i(TAG, "daemon state change: "+state);
 		for(StateUpdateListener listener : stateUpdateListeners) {
-			try { 
-				listener.daemonStateUpdate(); 
-			} catch (Throwable tr) { 
-				Log.e(TAG, "exception in listener ignored", tr); 
+			try {
+				listener.daemonStateUpdate();
+			} catch (Throwable tr) {
+				Log.e(TAG, "exception in listener ignored", tr);
 			}
 		}
 	}
@@ -102,7 +111,7 @@ public class DaemonSingleton {
 	public String getDaemonStartResult() {
 		return daemonStartResult;
 	}
-	
+
 	private final Object startedOkayLock = new Object();
 
 	public boolean isStartedOkay() {
@@ -121,6 +130,7 @@ public class DaemonSingleton {
 		if(isStartedOkay()){
 			try {I2PD_JNI.stopDaemon();}catch(Throwable tr){Log.e(TAG, "", tr);}
 			setStartedOkay(false);
+			setState(State.stopped);
 		}
 	}
 }

android/src/org/purplei2p/i2pd/ForegroundService.java

@@ -11,11 +11,32 @@ import android.util.Log;
 import android.widget.Toast;
 
 public class ForegroundService extends Service {
+    private static final String TAG="FgService";
+
+    private volatile boolean shown;
+
+    private final DaemonSingleton.StateUpdateListener daemonStateUpdatedListener =
+            new DaemonSingleton.StateUpdateListener() {
+
+                @Override
+                public void daemonStateUpdate() {
+                    try {
+                        synchronized (ForegroundService.this) {
+                            if (shown) cancelNotification();
+                            showNotification();
+                        }
+                    } catch (Throwable tr) {
+                        Log.e(TAG,"error ignored",tr);
+                    }
+                }
+            };
+
+
     private NotificationManager notificationManager;
 
     // Unique Identification Number for the Notification.
     // We use it on Notification start, and to cancel it.
-    private int NOTIFICATION = R.string.i2pd_started;
+    private int NOTIFICATION = 1;
 
     /**
      * Class for clients to access.  Because we know this service always
@@ -32,29 +53,35 @@ public class ForegroundService extends Service {
     public void onCreate() {
         notificationManager = (NotificationManager)getSystemService(NOTIFICATION_SERVICE);
 
-        // Display a notification about us starting.  We put an icon in the status bar.
-        showNotification();
-        daemon.start();
+        synchronized (this) {
+            DaemonSingleton.getInstance().addStateChangeListener(daemonStateUpdatedListener);
+            if (!shown) daemonStateUpdatedListener.daemonStateUpdate();
+        }
         // Tell the user we started.
-        Toast.makeText(this, R.string.i2pd_service_started, Toast.LENGTH_SHORT).show();
+//        Toast.makeText(this, R.string.i2pd_service_started, Toast.LENGTH_SHORT).show();
     }
 
     @Override
     public int onStartCommand(Intent intent, int flags, int startId) {
         Log.i("ForegroundService", "Received start id " + startId + ": " + intent);
-        daemon.start();
         return START_STICKY;
     }
 
     @Override
     public void onDestroy() {
+        DaemonSingleton.getInstance().removeStateChangeListener(daemonStateUpdatedListener);
+        cancelNotification();
+    }
+
+    private synchronized void cancelNotification() {
         // Cancel the persistent notification.
         notificationManager.cancel(NOTIFICATION);
-        
+
         stopForeground(true);
 
         // Tell the user we stopped.
-        Toast.makeText(this, R.string.i2pd_service_stopped, Toast.LENGTH_SHORT).show();
+//        Toast.makeText(this, R.string.i2pd_service_stopped, Toast.LENGTH_SHORT).show();
+        shown=false;
     }
 
     @Override
@@ -69,13 +96,13 @@ public class ForegroundService extends Service {
     /**
      * Show a notification while this service is running.
      */
-    private void showNotification() {
+    private synchronized void showNotification() {
         // In this sample, we'll use the same text for the ticker and the expanded notification
-        CharSequence text = getText(R.string.i2pd_started);
+        CharSequence text = getText(DaemonSingleton.getInstance().getState().getStatusStringResourceId());
 
         // The PendingIntent to launch our activity if the user selects this notification
         PendingIntent contentIntent = PendingIntent.getActivity(this, 0,
-                new Intent(this, I2PD.class), 0);
+                new Intent(this, I2PDActivity.class), 0);
 
         // Set the info for the views that show in the notification panel.
         Notification notification = new Notification.Builder(this)
@@ -90,8 +117,9 @@ public class ForegroundService extends Service {
         // Send the notification.
         //mNM.notify(NOTIFICATION, notification);
         startForeground(NOTIFICATION, notification);
+        shown=true;
     }
-    
-	private final DaemonSingleton daemon = DaemonSingleton.getInstance();
+
+	private static final DaemonSingleton daemon = DaemonSingleton.getInstance();
 }
 

android/src/org/purplei2p/i2pd/I2PD.java

@@ -1,245 +0,0 @@
-package org.purplei2p.i2pd;
-
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.util.Timer;
-import java.util.TimerTask;
-
-import android.annotation.SuppressLint;
-import android.app.Activity;
-import android.content.ComponentName;
-import android.content.Context;
-import android.content.Intent;
-import android.content.ServiceConnection;
-import android.os.Build;
-import android.os.Bundle;
-import android.os.IBinder;
-import android.util.Log;
-import android.view.Menu;
-import android.view.MenuItem;
-import android.widget.TextView;
-import android.widget.Toast;
-
-public class I2PD extends Activity {
-	private static final String TAG = "i2pd";
-
-	private TextView textView;
-	
-	private final DaemonSingleton daemon = DaemonSingleton.getInstance();
-	
-	private DaemonSingleton.StateUpdateListener daemonStateUpdatedListener = 
-			new DaemonSingleton.StateUpdateListener() {
-		
-		@Override
-		public void daemonStateUpdate() {
-			runOnUiThread(new Runnable(){
-
-				@Override
-				public void run() {
-					try {
-						if(textView==null)return;
-						Throwable tr = daemon.getLastThrowable();
-						if(tr!=null) {
-							textView.setText(throwableToString(tr));
-							return;
-						}
-						DaemonSingleton.State state = daemon.getState();
-						textView.setText(String.valueOf(state)+
-								(DaemonSingleton.State.startFailed.equals(state)?": "+daemon.getDaemonStartResult():""));
-					} catch (Throwable tr) {
-						Log.e(TAG,"error ignored",tr);
-					}
-				}
-			});
-		}
-	};
-	
-    @Override
-    public void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-
-        textView = new TextView(this);
-        setContentView(textView);
-        DaemonSingleton.getInstance().addStateChangeListener(daemonStateUpdatedListener);
-        daemonStateUpdatedListener.daemonStateUpdate();
-
-        //set the app be foreground
-        doBindService();
-    }
-
-    @Override
-	protected void onDestroy() {
-		super.onDestroy();
-		localDestroy();
-	}
-
-	private void localDestroy() {
-		textView = null;
-		DaemonSingleton.getInstance().removeStateChangeListener(daemonStateUpdatedListener);
-		Timer gracefulQuitTimer = getGracefulQuitTimer();
-		if(gracefulQuitTimer!=null) {
-			gracefulQuitTimer.cancel();
-			setGracefulQuitTimer(null);
-		}
-		try{
-            doUnbindService();
-		}catch(Throwable tr){
-			Log.e(TAG, "", tr);
-		}
-	}
-
-	private CharSequence throwableToString(Throwable tr) {
-    	StringWriter sw = new StringWriter(8192);
-    	PrintWriter pw = new PrintWriter(sw);
-    	tr.printStackTrace(pw);
-    	pw.close();
-    	return sw.toString();
-	}
-
-//	private LocalService mBoundService;
-
-    private ServiceConnection mConnection = new ServiceConnection() {
-        public void onServiceConnected(ComponentName className, IBinder service) {
-            // This is called when the connection with the service has been
-            // established, giving us the service object we can use to
-            // interact with the service.  Because we have bound to a explicit
-            // service that we know is running in our own process, we can
-            // cast its IBinder to a concrete class and directly access it.
-//	        mBoundService = ((LocalService.LocalBinder)service).getService();
-
-            // Tell the user about this for our demo.
-//	        Toast.makeText(Binding.this, R.string.local_service_connected,
-//	                Toast.LENGTH_SHORT).show();
-        }
-
-        public void onServiceDisconnected(ComponentName className) {
-            // This is called when the connection with the service has been
-            // unexpectedly disconnected -- that is, its process crashed.
-            // Because it is running in our same process, we should never
-            // see this happen.
-//	        mBoundService = null;
-//	        Toast.makeText(Binding.this, R.string.local_service_disconnected,
-//	                Toast.LENGTH_SHORT).show();
-        }
-    };
-
-	
-    private boolean mIsBound;
-
-    private void doBindService() {
-        // Establish a connection with the service.  We use an explicit
-        // class name because we want a specific service implementation that
-        // we know will be running in our own process (and thus won't be
-        // supporting component replacement by other applications).
-        bindService(new Intent(this,
-                ForegroundService.class), mConnection, Context.BIND_AUTO_CREATE);
-        mIsBound = true;
-    }
-
-    private void doUnbindService() {
-        if (mIsBound) {
-            // Detach our existing connection.
-            unbindService(mConnection);
-            mIsBound = false;
-        }
-    }
-
-	@Override
-	public boolean onCreateOptionsMenu(Menu menu) {
-		// Inflate the menu; this adds items to the action bar if it is present.
-		getMenuInflater().inflate(R.menu.options_main, menu); 
-		return true;
-	}
-
-	@Override
-	public boolean onOptionsItemSelected(MenuItem item) {
-		// Handle action bar item clicks here. The action bar will
-		// automatically handle clicks on the Home/Up button, so long
-		// as you specify a parent activity in AndroidManifest.xml.
-		int id = item.getItemId();
-
-		switch(id){
-        case R.id.action_quit:
-            quit();
-            return true;
-        case R.id.action_graceful_quit:
-            gracefulQuit();
-            return true;
-        }
-
-		return super.onOptionsItemSelected(item);
-	}
-
-    @SuppressLint("NewApi")
-	private void quit() {
-        try {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
-                finishAndRemoveTask();
-            } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
-                finishAffinity();
-            } else {
-                //moveTaskToBack(true);
-                finish();
-            }
-        }catch (Throwable tr) {
-            Log.e(TAG, "", tr);
-        }
-        try{
-            daemon.stopDaemon();
-	    }catch (Throwable tr) {
-	        Log.e(TAG, "", tr);
-	    }
-        System.exit(0);
-    }
-
-    private Timer gracefulQuitTimer;
-    private final Object gracefulQuitTimerLock = new Object();
-    private void gracefulQuit() {
-    	if(getGracefulQuitTimer()!=null){
-	        Toast.makeText(this, R.string.graceful_quit_is_already_in_progress,
-	        		Toast.LENGTH_SHORT).show();
-    		return;
-    	}
-        Toast.makeText(this, R.string.graceful_quit_is_in_progress,
-        		Toast.LENGTH_SHORT).show();
-        new Thread(new Runnable(){
-
-			@Override
-			public void run() {
-				try{
-					Log.d(TAG, "grac stopping");
-			        if(daemon.isStartedOkay()) {
-			        	daemon.stopAcceptingTunnels();
-			            Timer gracefulQuitTimer = new Timer(true);
-						setGracefulQuitTimer(gracefulQuitTimer);
-						gracefulQuitTimer.schedule(new TimerTask(){
-
-			    			@Override
-			    			public void run() {
-			    				quit();	
-			    			}
-			            	
-			            }, 10*60*1000/*milliseconds*/);
-			        }else{
-			        	quit();
-			        }
-				} catch(Throwable tr) {
-					Log.e(TAG,"",tr);
-				}
-			}
-        	
-        },"gracQuitInit").start();
-    }
-
-	private Timer getGracefulQuitTimer() {
-		synchronized (gracefulQuitTimerLock) {
-			return gracefulQuitTimer;
-		}
-	}
-
-	private void setGracefulQuitTimer(Timer gracefulQuitTimer) {
-    	synchronized (gracefulQuitTimerLock) {
-    		this.gracefulQuitTimer = gracefulQuitTimer;
-    	}
-	}
-}

android/src/org/purplei2p/i2pd/I2PDActivity.java

@@ -0,0 +1,285 @@
+package org.purplei2p.i2pd;
+
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.Timer;
+import java.util.TimerTask;
+
+import android.app.Activity;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.ServiceConnection;
+import android.os.Bundle;
+import android.os.IBinder;
+import android.util.Log;
+import android.view.Menu;
+import android.view.MenuItem;
+import android.widget.TextView;
+import android.widget.Toast;
+
+public class I2PDActivity extends Activity {
+    private static final String TAG = "i2pdActvt";
+    public static final int GRACEFUL_DELAY_MILLIS = 10 * 60 * 1000;
+
+    private TextView textView;
+
+	private static final DaemonSingleton daemon = DaemonSingleton.getInstance();
+
+	private final DaemonSingleton.StateUpdateListener daemonStateUpdatedListener =
+			new DaemonSingleton.StateUpdateListener() {
+
+		@Override
+		public void daemonStateUpdate() {
+			runOnUiThread(new Runnable(){
+
+				@Override
+				public void run() {
+					try {
+						if(textView==null)return;
+						Throwable tr = daemon.getLastThrowable();
+						if(tr!=null) {
+							textView.setText(throwableToString(tr));
+							return;
+						}
+						DaemonSingleton.State state = daemon.getState();
+						textView.setText(
+						        String.valueOf(state)+
+                                    (DaemonSingleton.State.startFailed.equals(state)?": "+daemon.getDaemonStartResult():"")+
+                                    (DaemonSingleton.State.gracefulShutdownInProgress.equals(state)?":  "+formatGraceTimeRemaining()+" "+getText(R.string.remaining):"")
+                        );
+					} catch (Throwable tr) {
+						Log.e(TAG,"error ignored",tr);
+					}
+				}
+			});
+		}
+	};
+    private static volatile long graceStartedMillis;
+    private static final Object graceStartedMillis_LOCK=new Object();
+
+    private static String formatGraceTimeRemaining() {
+        long remainingSeconds;
+        synchronized (graceStartedMillis_LOCK){
+            remainingSeconds=Math.round(Math.max(0,graceStartedMillis+GRACEFUL_DELAY_MILLIS-System.currentTimeMillis())/1000.0D);
+        }
+        long remainingMinutes=(long)Math.floor(remainingSeconds/60.0D);
+        long remSec=remainingSeconds-remainingMinutes*60;
+        return remainingMinutes+":"+(remSec/10)+remSec%10;
+    }
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        textView = new TextView(this);
+        setContentView(textView);
+        daemon.addStateChangeListener(daemonStateUpdatedListener);
+        daemonStateUpdatedListener.daemonStateUpdate();
+
+        //set the app be foreground
+        doBindService();
+
+        final Timer gracefulQuitTimer = getGracefulQuitTimer();
+        if(gracefulQuitTimer!=null){
+            long gracefulStopAtMillis;
+            synchronized (graceStartedMillis_LOCK) {
+                gracefulStopAtMillis = graceStartedMillis + GRACEFUL_DELAY_MILLIS;
+            }
+            rescheduleGraceStop(gracefulQuitTimer, gracefulStopAtMillis);
+        }
+    }
+
+    @Override
+	protected void onDestroy() {
+		super.onDestroy();
+        textView = null;
+        daemon.removeStateChangeListener(daemonStateUpdatedListener);
+        //cancelGracefulStop();
+		try{
+            doUnbindService();
+		}catch(Throwable tr){
+			Log.e(TAG, "", tr);
+		}
+	}
+
+    private static void cancelGracefulStop() {
+        Timer gracefulQuitTimer = getGracefulQuitTimer();
+        if(gracefulQuitTimer!=null) {
+            gracefulQuitTimer.cancel();
+            setGracefulQuitTimer(null);
+        }
+    }
+
+    private CharSequence throwableToString(Throwable tr) {
+    	StringWriter sw = new StringWriter(8192);
+    	PrintWriter pw = new PrintWriter(sw);
+    	tr.printStackTrace(pw);
+    	pw.close();
+    	return sw.toString();
+	}
+
+//	private LocalService mBoundService;
+
+    private ServiceConnection mConnection = new ServiceConnection() {
+        public void onServiceConnected(ComponentName className, IBinder service) {
+            // This is called when the connection with the service has been
+            // established, giving us the service object we can use to
+            // interact with the service.  Because we have bound to a explicit
+            // service that we know is running in our own process, we can
+            // cast its IBinder to a concrete class and directly access it.
+//	        mBoundService = ((LocalService.LocalBinder)service).getService();
+
+            // Tell the user about this for our demo.
+//	        Toast.makeText(Binding.this, R.string.local_service_connected,
+//	                Toast.LENGTH_SHORT).show();
+        }
+
+        public void onServiceDisconnected(ComponentName className) {
+            // This is called when the connection with the service has been
+            // unexpectedly disconnected -- that is, its process crashed.
+            // Because it is running in our same process, we should never
+            // see this happen.
+//	        mBoundService = null;
+//	        Toast.makeText(Binding.this, R.string.local_service_disconnected,
+//	                Toast.LENGTH_SHORT).show();
+        }
+    };
+
+
+    private static volatile boolean mIsBound;
+
+    private void doBindService() {
+        synchronized (I2PDActivity.class) {
+            if (mIsBound) return;
+            // Establish a connection with the service.  We use an explicit
+            // class name because we want a specific service implementation that
+            // we know will be running in our own process (and thus won't be
+            // supporting component replacement by other applications).
+            bindService(new Intent(this, ForegroundService.class), mConnection, Context.BIND_AUTO_CREATE);
+            mIsBound = true;
+        }
+    }
+
+    private void doUnbindService() {
+        synchronized (I2PDActivity.class) {
+            if (mIsBound) {
+                // Detach our existing connection.
+                unbindService(mConnection);
+                mIsBound = false;
+            }
+        }
+    }
+
+	@Override
+	public boolean onCreateOptionsMenu(Menu menu) {
+		// Inflate the menu; this adds items to the action bar if it is present.
+		getMenuInflater().inflate(R.menu.options_main, menu);
+		return true;
+	}
+
+	@Override
+	public boolean onOptionsItemSelected(MenuItem item) {
+		// Handle action bar item clicks here. The action bar will
+		// automatically handle clicks on the Home/Up button, so long
+		// as you specify a parent activity in AndroidManifest.xml.
+		int id = item.getItemId();
+
+		switch(id){
+        case R.id.action_stop:
+            i2pdStop();
+            return true;
+        case R.id.action_graceful_stop:
+            i2pdGracefulStop();
+            return true;
+        }
+
+		return super.onOptionsItemSelected(item);
+	}
+
+	private void i2pdStop() {
+        cancelGracefulStop();
+        new Thread(new Runnable(){
+
+            @Override
+            public void run() {
+                Log.d(TAG, "stopping");
+                try{
+                    daemon.stopDaemon();
+                }catch (Throwable tr) {
+                    Log.e(TAG, "", tr);
+                }
+            }
+
+        },"stop").start();
+    }
+
+    private static volatile Timer gracefulQuitTimer;
+
+    private void i2pdGracefulStop() {
+        if(daemon.getState()==DaemonSingleton.State.stopped){
+            Toast.makeText(this, R.string.already_stopped,
+                    Toast.LENGTH_SHORT).show();
+            return;
+        }
+    	if(getGracefulQuitTimer()!=null){
+	        Toast.makeText(this, R.string.graceful_stop_is_already_in_progress,
+	        		Toast.LENGTH_SHORT).show();
+    		return;
+    	}
+        Toast.makeText(this, R.string.graceful_stop_is_in_progress,
+        		Toast.LENGTH_SHORT).show();
+        new Thread(new Runnable(){
+
+			@Override
+			public void run() {
+				try{
+					Log.d(TAG, "grac stopping");
+			        if(daemon.isStartedOkay()) {
+			        	daemon.stopAcceptingTunnels();
+                        long gracefulStopAtMillis;
+                        synchronized (graceStartedMillis_LOCK) {
+                            graceStartedMillis = System.currentTimeMillis();
+                            gracefulStopAtMillis = graceStartedMillis + GRACEFUL_DELAY_MILLIS;
+                        }
+                        rescheduleGraceStop(null,gracefulStopAtMillis);
+			        }else{
+			        	i2pdStop();
+			        }
+				} catch(Throwable tr) {
+					Log.e(TAG,"",tr);
+				}
+			}
+
+        },"gracInit").start();
+    }
+
+    private void rescheduleGraceStop(Timer gracefulQuitTimerOld, long gracefulStopAtMillis) {
+        if(gracefulQuitTimerOld!=null)gracefulQuitTimerOld.cancel();
+        final Timer gracefulQuitTimer = new Timer(true);
+        setGracefulQuitTimer(gracefulQuitTimer);
+        gracefulQuitTimer.schedule(new TimerTask(){
+
+            @Override
+            public void run() {
+                i2pdStop();
+            }
+
+        }, Math.max(0,gracefulStopAtMillis-System.currentTimeMillis()));
+        final TimerTask tickerTask = new TimerTask() {
+            @Override
+            public void run() {
+                daemonStateUpdatedListener.daemonStateUpdate();
+            }
+        };
+        gracefulQuitTimer.scheduleAtFixedRate(tickerTask,0/*start delay*/,1000/*millis period*/);
+    }
+
+    private static Timer getGracefulQuitTimer() {
+        return gracefulQuitTimer;
+	}
+
+	private static void setGracefulQuitTimer(Timer gracefulQuitTimer) {
+   		I2PDActivity.gracefulQuitTimer = gracefulQuitTimer;
+	}
+}

android/src/org/purplei2p/i2pd/I2PDPermsAskerActivity.java

@@ -0,0 +1,171 @@
+package org.purplei2p.i2pd;
+
+import android.Manifest;
+import android.app.Activity;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.os.Bundle;
+import android.view.View;
+import android.widget.Button;
+import android.widget.TextView;
+
+import java.lang.reflect.Method;
+
+//dangerous perms, per https://developer.android.com/guide/topics/permissions/normal-permissions.html :
+//android.permission.WRITE_EXTERNAL_STORAGE
+public class I2PDPermsAskerActivity extends Activity {
+
+    private static final int PERMISSION_WRITE_EXTERNAL_STORAGE = 0;
+
+    private Button button_request_write_ext_storage_perms;
+    private TextView textview_retry;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        //if less than Android 6, no runtime perms req system present
+        if (android.os.Build.VERSION.SDK_INT < 23) {
+            startMainActivity();
+            return;
+        }
+
+
+        setContentView(R.layout.activity_perms_asker);
+        button_request_write_ext_storage_perms = (Button) findViewById(R.id.button_request_write_ext_storage_perms);
+        textview_retry = (TextView) findViewById(R.id.textview_retry);
+
+        button_request_write_ext_storage_perms.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View view) {
+                request_write_ext_storage_perms();
+            }
+        });
+        request_write_ext_storage_perms();
+    }
+
+    private void request_write_ext_storage_perms() {
+
+        textview_retry.setVisibility(TextView.GONE);
+        button_request_write_ext_storage_perms.setVisibility(Button.GONE);
+
+        Method methodCheckPermission;
+        Method method_shouldShowRequestPermissionRationale;
+        Method method_requestPermissions;
+        try {
+            methodCheckPermission = getClass().getMethod("checkSelfPermission", String.class);
+            method_shouldShowRequestPermissionRationale =
+                    getClass().getMethod("shouldShowRequestPermissionRationale", String.class);
+            method_requestPermissions =
+                    getClass().getMethod("requestPermissions", String[].class, int.class);
+        } catch (NoSuchMethodException e) {
+            throw new RuntimeException(e);
+        }
+        Integer resultObj;
+        try {
+            resultObj = (Integer) methodCheckPermission.invoke(
+                    this, Manifest.permission.WRITE_EXTERNAL_STORAGE);
+        } catch (Throwable e) {
+            throw new RuntimeException(e);
+        }
+
+        if (resultObj != PackageManager.PERMISSION_GRANTED) {
+
+            // Should we show an explanation?
+            Boolean aBoolean;
+            try {
+                aBoolean = (Boolean) method_shouldShowRequestPermissionRationale.invoke(this,
+                        Manifest.permission.WRITE_EXTERNAL_STORAGE);
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+            if (aBoolean) {
+
+                // Show an explanation to the user *asynchronously* -- don't block
+                // this thread waiting for the user's response! After the user
+                // sees the explanation, try again to request the permission.
+
+                showExplanation();
+
+            } else {
+
+                // No explanation needed, we can request the permission.
+
+                try {
+                    method_requestPermissions.invoke(this,
+                            new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+                            PERMISSION_WRITE_EXTERNAL_STORAGE);
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        } else startMainActivity();
+    }
+
+    @Override
+    public void onRequestPermissionsResult(int requestCode,
+                                           String permissions[], int[] grantResults) {
+        switch (requestCode) {
+            case PERMISSION_WRITE_EXTERNAL_STORAGE: {
+                // If request is cancelled, the result arrays are empty.
+                if (grantResults.length > 0
+                        && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
+
+                    // permission was granted, yay! Do the
+                    // contacts-related task you need to do.
+
+                    startMainActivity();
+
+                } else {
+
+                    // permission denied, boo! Disable the
+                    // functionality that depends on this permission.
+                    textview_retry.setText("SD card write permission denied, you need to allow this to continue");
+                    textview_retry.setVisibility(TextView.VISIBLE);
+                    button_request_write_ext_storage_perms.setVisibility(Button.VISIBLE);
+                }
+                return;
+            }
+
+            // other 'case' lines to check for other
+            // permissions this app might request.
+        }
+    }
+
+    private void startMainActivity() {
+        startActivity(new Intent(this, I2PDActivity.class));
+        finish();
+    }
+
+    private static final int SHOW_EXPLANATION_REQUEST = 1;  // The request code
+    private void showExplanation() {
+        Intent intent = new Intent(this, I2PDPermsExplanationActivity.class);
+        startActivityForResult(intent, SHOW_EXPLANATION_REQUEST);
+    }
+
+    @Override
+    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+        // Check which request we're responding to
+        if (requestCode == SHOW_EXPLANATION_REQUEST) {
+            // Make sure the request was successful
+            if (resultCode == RESULT_OK) {
+                // Request the permission
+                Method method_requestPermissions;
+                try {
+                    method_requestPermissions =
+                            getClass().getMethod("requestPermissions", String[].class, int.class);
+                } catch (NoSuchMethodException e) {
+                    throw new RuntimeException(e);
+                }
+                try {
+                    method_requestPermissions.invoke(this,
+                            new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+                            PERMISSION_WRITE_EXTERNAL_STORAGE);
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+            } else {
+                finish(); //close the app
+            }
+        }
+    }
+}

android/src/org/purplei2p/i2pd/I2PDPermsExplanationActivity.java

@@ -0,0 +1,38 @@
+package org.purplei2p.i2pd;
+
+import android.app.ActionBar;
+import android.content.Intent;
+import android.os.Bundle;
+import android.app.Activity;
+import android.view.View;
+import android.widget.Button;
+
+public class I2PDPermsExplanationActivity extends Activity {
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        setContentView(R.layout.activity_perms_explanation);
+        ActionBar actionBar = getActionBar();
+        if(actionBar!=null)actionBar.setHomeButtonEnabled(false);
+        Button button_ok = (Button) findViewById(R.id.button_ok);
+        button_ok.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View view) {
+                returnFromActivity();
+            }
+        });
+    }
+
+    private void returnFromActivity() {
+        Intent data = new Intent();
+        Activity parent = getParent();
+        if (parent == null) {
+            setResult(Activity.RESULT_OK, data);
+        } else {
+            parent.setResult(Activity.RESULT_OK, data);
+        }
+        finish();
+    }
+
+}

android/src/org/purplei2p/i2pd/I2PD_JNI.java

@@ -9,9 +9,9 @@ public class I2PD_JNI {
     public static native String startDaemon();
     //should only be called after startDaemon() success
     public static native void stopDaemon();
-    
+
     public static native void stopAcceptingTunnels();
-    
+
 	public static native void onNetworkStateChanged(boolean isConnected);
 
 	public static void loadLibraries() {

android_binary_only/jni/Android.mk

@@ -0,0 +1,74 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := i2pd
+LOCAL_CPP_FEATURES := rtti exceptions
+LOCAL_C_INCLUDES += $(IFADDRS_PATH) $(LIB_SRC_PATH) $(LIB_CLIENT_SRC_PATH) $(DAEMON_SRC_PATH)
+LOCAL_STATIC_LIBRARIES := \
+	boost_system \
+	boost_date_time \
+	boost_filesystem \
+	boost_program_options \
+	crypto ssl \
+	miniupnpc
+LOCAL_LDLIBS := -lz
+
+LOCAL_SRC_FILES := $(IFADDRS_PATH)/ifaddrs.c \
+	$(wildcard $(LIB_SRC_PATH)/*.cpp)\
+	$(wildcard $(LIB_CLIENT_SRC_PATH)/*.cpp)\
+	$(DAEMON_SRC_PATH)/UnixDaemon.cpp \
+	$(DAEMON_SRC_PATH)/Daemon.cpp \
+	$(DAEMON_SRC_PATH)/UPnP.cpp \
+	$(DAEMON_SRC_PATH)/HTTPServer.cpp \
+	$(DAEMON_SRC_PATH)/I2PControl.cpp \
+	$(DAEMON_SRC_PATH)/i2pd.cpp
+include $(BUILD_EXECUTABLE)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_system
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_system.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_date_time
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_date_time.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_filesystem
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_filesystem.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := boost_program_options
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_62_0/$(TARGET_ARCH_ABI)/lib/libboost_program_options.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_62_0/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := crypto
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.0e/$(TARGET_ARCH_ABI)/lib/libcrypto.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.0e/include
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := ssl
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.0e/$(TARGET_ARCH_ABI)/lib/libssl.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.0e/include
+LOCAL_STATIC_LIBRARIES := crypto
+include $(PREBUILT_STATIC_LIBRARY)
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+LOCAL_MODULE := miniupnpc
+LOCAL_SRC_FILES := $(MINIUPNP_PATH)/miniupnp-2.0/$(TARGET_ARCH_ABI)/lib/libminiupnpc.a
+LOCAL_EXPORT_C_INCLUDES := $(MINIUPNP_PATH)/miniupnp-2.0/include
+include $(PREBUILT_STATIC_LIBRARY)

android_binary_only/jni/Application.mk

@@ -0,0 +1,43 @@
+#APP_ABI := all
+#APP_ABI := armeabi-v7a x86
+#APP_ABI := x86
+#APP_ABI := x86_64
+APP_ABI := armeabi-v7a
+#can be android-3 but will fail for x86 since arch-x86 is not present at ndkroot/platforms/android-3/ . libz is taken from there.
+APP_PLATFORM := android-14
+
+# http://stackoverflow.com/a/21386866/529442 http://stackoverflow.com/a/15616255/529442 to enable c++11 support in Eclipse
+NDK_TOOLCHAIN_VERSION := 4.9
+# APP_STL := stlport_shared  --> does not seem to contain C++11 features
+#APP_STL := gnustl_shared
+APP_STL := gnustl_static
+
+# Enable c++11 extensions in source code
+APP_CPPFLAGS += -std=c++11 -fvisibility=default -fPIE
+
+APP_CPPFLAGS += -DANDROID_BINARY -DANDROID -D__ANDROID__ -DUSE_UPNP
+APP_LDFLAGS += -rdynamic -fPIE -pie
+ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
+APP_CPPFLAGS += -DANDROID_ARM7A
+endif
+
+# Forcing debug optimization. Use `ndk-build NDK_DEBUG=1` instead.
+#APP_OPTIM  := debug
+
+# git clone https://github.com/PurpleI2P/Boost-for-Android-Prebuilt.git
+# git clone https://github.com/PurpleI2P/OpenSSL-for-Android-Prebuilt.git
+# git clone https://github.com/PurpleI2P/MiniUPnP-for-Android-Prebuilt.git
+# git clone https://github.com/PurpleI2P/android-ifaddrs.git
+# change to your own
+I2PD_LIBS_PATH = /path/to/libraries
+BOOST_PATH = $(I2PD_LIBS_PATH)/Boost-for-Android-Prebuilt
+OPENSSL_PATH = $(I2PD_LIBS_PATH)/OpenSSL-for-Android-Prebuilt
+MINIUPNP_PATH = $(I2PD_LIBS_PATH)/MiniUPnP-for-Android-Prebuilt
+IFADDRS_PATH = $(I2PD_LIBS_PATH)/android-ifaddrs
+
+# don't change me
+I2PD_SRC_PATH = $(PWD)/..
+
+LIB_SRC_PATH = $(I2PD_SRC_PATH)/libi2pd
+LIB_CLIENT_SRC_PATH = $(I2PD_SRC_PATH)/libi2pd_client
+DAEMON_SRC_PATH = $(I2PD_SRC_PATH)/daemon

appveyor.yml

@@ -1,4 +1,4 @@
-version: 2.17.{build}
+version: 2.19.{build}
 pull_requests:
   do_not_increment_build_number: true
 branches:
@@ -18,7 +18,7 @@ environment:
 
 install:
 - c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Rns gcc-fortran gcc"
-- c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu"
+- c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu "
 
 - c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu"
 

build/.gitignore

@@ -8,6 +8,7 @@
 /CPackConfig.cmake
 /CPackSourceConfig.cmake
 /install_manifest.txt
+/arch.c
 # windows build script
 i2pd*.zip
-build*.log
+build*.log

build/CMakeLists.txt

@@ -26,6 +26,10 @@ option(WITH_WEBSOCKETS "Build with websocket ui" OFF)
 set ( CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake_modules" )
 set ( CMAKE_SOURCE_DIR ".." )
 
+# architecture
+include(TargetArch)
+target_architecture(ARCHITECTURE)
+
 set(LIBI2PD_SRC_DIR ../libi2pd)
 set(LIBI2PD_CLIENT_SRC_DIR ../libi2pd_client)
 
@@ -35,6 +39,7 @@ include_directories(${LIBI2PD_CLIENT_SRC_DIR})
 set (LIBI2PD_SRC
   "${LIBI2PD_SRC_DIR}/BloomFilter.cpp"
   "${LIBI2PD_SRC_DIR}/Config.cpp"
+  "${LIBI2PD_SRC_DIR}/CPU.cpp"  
   "${LIBI2PD_SRC_DIR}/Crypto.cpp"
   "${LIBI2PD_SRC_DIR}/CryptoKey.cpp"
   "${LIBI2PD_SRC_DIR}/Garlic.cpp"
@@ -72,6 +77,10 @@ set (LIBI2PD_SRC
   "${LIBI2PD_SRC_DIR}/api.cpp"
   "${LIBI2PD_SRC_DIR}/Event.cpp"
   "${LIBI2PD_SRC_DIR}/Gost.cpp"
+  "${LIBI2PD_SRC_DIR}/ChaCha20.cpp"	
+  "${LIBI2PD_SRC_DIR}/Poly1305.cpp"
+  "${LIBI2PD_SRC_DIR}/Ed25519.cpp"
+  "${LIBI2PD_SRC_DIR}/NTCP2.cpp"		
 )
 
 if (WITH_WEBSOCKETS)
@@ -79,7 +88,7 @@ if (WITH_WEBSOCKETS)
   find_package(websocketpp REQUIRED)
 endif ()
 
-if (CMAKE_SYSTEM_NAME STREQUAL "Windows" OR MSYS)
+if (WIN32 OR MSYS)
   list (APPEND LIBI2PD_SRC "${CMAKE_SOURCE_DIR}/I2PEndian.cpp")
 endif ()
 
@@ -89,13 +98,17 @@ endif()
 
 add_library(libi2pd ${LIBI2PD_SRC})
 set_target_properties(libi2pd PROPERTIES PREFIX "")
-install(TARGETS libi2pd
-  EXPORT libi2pd
-  ARCHIVE DESTINATION lib
-  COMPONENT Libraries)
+
+if (WITH_LIBRARY)
+  install(TARGETS libi2pd
+    EXPORT libi2pd
+    ARCHIVE DESTINATION lib
+    LIBRARY DESTINATION lib
+    COMPONENT Libraries)
 # TODO Make libi2pd available to 3rd party projects via CMake as imported target
 # FIXME This pulls stdafx
 # install(EXPORT libi2pd DESTINATION ${CMAKE_INSTALL_LIBDIR})
+endif()
 
 set (CLIENT_SRC
   "${LIBI2PD_CLIENT_SRC_DIR}/AddressBook.cpp"
@@ -114,7 +127,17 @@ set (CLIENT_SRC
 if(WITH_WEBSOCKETS)
   list (APPEND CLIENT_SRC "${LIBI2PD_CLIENT_SRC_DIR}/Websocket.cpp")
 endif ()
-add_library(i2pdclient ${CLIENT_SRC})
+
+add_library(libi2pdclient ${CLIENT_SRC})
+set_target_properties(libi2pdclient PROPERTIES PREFIX "")
+
+if (WITH_LIBRARY)
+  install(TARGETS libi2pdclient
+    EXPORT libi2pdclient
+    ARCHIVE DESTINATION lib
+    LIBRARY DESTINATION lib
+    COMPONENT Libraries)
+endif()
 
 set(DAEMON_SRC_DIR ../daemon)
 
@@ -180,6 +203,8 @@ if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
 elseif (CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
   # more tweaks
   if (NOT (MSVC OR MSYS OR APPLE))
+    set (CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -stdlib=libstdc++" ) # required for <atomic>
+    list(APPEND CMAKE_REQUIRED_LIBRARIES "stdc++") # required to link with -stdlib=libstdc++
     set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unused-const-variable -Wno-overloaded-virtual -Wno-c99-extensions" )
   endif()
 endif ()
@@ -190,20 +215,14 @@ if (WITH_HARDENING AND MSVC)
 endif ()
 
 # compiler flags customization (by system)
-if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
+if (UNIX)
   list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-  # "'sleep_for' is not a member of 'std::this_thread'" in gcc 4.7/4.8
-  add_definitions( "-D_GLIBCXX_USE_NANOSLEEP=1" )
-elseif (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
-  list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-  # "'sleep_for' is not a member of 'std::this_thread'" in gcc 4.7/4.8
-  add_definitions( "-D_GLIBCXX_USE_NANOSLEEP=1" )
-elseif (CMAKE_SYSTEM_NAME STREQUAL "Darwin")
-    list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-  elseif (CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
-      list (APPEND DAEMON_SRC "${DAEMON_SRC_DIR}/UnixDaemon.cpp")
-    elseif (CMAKE_SYSTEM_NAME STREQUAL "Windows" OR MSYS)
-        list (APPEND DAEMON_SRC "${CMAKE_SOURCE_DIR}/Win32/DaemonWin32.cpp")
+  if (NOT (CMAKE_SYSTEM_NAME STREQUAL "OpenBSD" OR APPLE))
+    # "'sleep_for' is not a member of 'std::this_thread'" in gcc 4.7/4.8
+    add_definitions( "-D_GLIBCXX_USE_NANOSLEEP=1" )
+  endif ()
+elseif (WIN32 OR MSYS)
+  list (APPEND DAEMON_SRC "${CMAKE_SOURCE_DIR}/Win32/DaemonWin32.cpp")
   if (WITH_GUI)
     list (APPEND DAEMON_SRC "${CMAKE_SOURCE_DIR}/Win32/Win32App.cpp")
     set_source_files_properties("${CMAKE_SOURCE_DIR}/Win32/DaemonWin32.cpp"
@@ -302,7 +321,7 @@ if (WITH_PCH)
       WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
       )
     target_compile_options(libi2pd PRIVATE /FIstdafx.h /Yustdafx.h /Zm155 "/Fp${CMAKE_BINARY_DIR}/stdafx.dir/$<CONFIG>/stdafx.pch")
-    target_compile_options(i2pdclient PRIVATE /FIstdafx.h /Yustdafx.h /Zm155 "/Fp${CMAKE_BINARY_DIR}/stdafx.dir/$<CONFIG>/stdafx.pch")
+    target_compile_options(libi2pdclient PRIVATE /FIstdafx.h /Yustdafx.h /Zm155 "/Fp${CMAKE_BINARY_DIR}/stdafx.dir/$<CONFIG>/stdafx.pch")
   else()
     string(TOUPPER ${CMAKE_BUILD_TYPE} BTU)
     get_directory_property(DEFS DEFINITIONS)
@@ -311,12 +330,12 @@ if (WITH_PCH)
       COMMAND ${CMAKE_CXX_COMPILER} ${FLAGS} -c ${CMAKE_CURRENT_SOURCE_DIR}/../libi2pd/stdafx.h -o ${CMAKE_BINARY_DIR}/stdafx.h.gch
     )
     target_compile_options(libi2pd PRIVATE -include libi2pd/stdafx.h)
-    target_compile_options(i2pdclient PRIVATE -include libi2pd/stdafx.h)
+    target_compile_options(libi2pdclient PRIVATE -include libi2pd/stdafx.h)
   endif()
   target_link_libraries(libi2pd stdafx)
 endif()
 
-target_link_libraries(i2pdclient libi2pd)
+target_link_libraries(libi2pdclient libi2pd)
 
 find_package ( Boost COMPONENTS system filesystem program_options date_time REQUIRED )
 if(NOT DEFINED Boost_INCLUDE_DIRS)
@@ -326,10 +345,6 @@ endif()
 find_package ( OpenSSL REQUIRED )
 if(NOT DEFINED OPENSSL_INCLUDE_DIR)
   message(SEND_ERROR "Could not find OpenSSL. Please download and install it first!")
-else()
-  if(NOT (OPENSSL_VERSION VERSION_LESS 1.1))
-    message(WARNING "Your OpenSSL version ${OPENSSL_VERSION} >=1.1 is experimental: build with v1.0 when possible.")
-  endif()
 endif()
 
 if (WITH_UPNP)
@@ -366,11 +381,13 @@ if (NOT ZLIB_FOUND )
   if (NOT WITH_STATIC)
     set ( ZLIB_LIBRARY debug zlibd optimized zlib CACHE STRING "zlib libraries" FORCE)
   endif ()
+  link_directories(${CMAKE_CURRENT_BINARY_DIR}/zlib/lib)
+else()
+  link_directories(${ZLIB_ROOT}/lib)
 endif ()
 if (WITH_STATIC AND (MSVC OR MSYS))
   set ( ZLIB_LIBRARY debug zlibstaticd optimized zlibstatic CACHE STRING "zlib libraries" FORCE)
 endif ()
-link_directories(${CMAKE_CURRENT_BINARY_DIR}/zlib/lib ${ZLIB_ROOT}/lib)
 
 # load includes
 include_directories( SYSTEM ${Boost_INCLUDE_DIRS} ${OPENSSL_INCLUDE_DIR} ${ZLIB_INCLUDE_DIR} )
@@ -382,6 +399,8 @@ if (WITH_MESHNET)
   message(WARNING "This build will NOT work on mainline i2p")
 endif()
 
+include(CheckAtomic)
+
 
 # show summary
 message(STATUS "---------------------------------------")
@@ -389,6 +408,7 @@ message(STATUS "Build type         : ${CMAKE_BUILD_TYPE}")
 message(STATUS "Compiler vendor    : ${CMAKE_CXX_COMPILER_ID}")
 message(STATUS "Compiler version   : ${CMAKE_CXX_COMPILER_VERSION}")
 message(STATUS "Compiler path      : ${CMAKE_CXX_COMPILER}")
+message(STATUS "Architecture       : ${ARCHITECTURE}")
 message(STATUS "Install prefix:    : ${CMAKE_INSTALL_PREFIX}")
 message(STATUS "Options:")
 message(STATUS "  AESNI            : ${WITH_AESNI}")
@@ -448,7 +468,7 @@ if (WITH_BINARY)
   if (WITH_STATIC)
     set(DL_LIB ${CMAKE_DL_LIBS})
   endif()
-  target_link_libraries( "${PROJECT_NAME}" libi2pd i2pdclient ${DL_LIB} ${Boost_LIBRARIES} ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${MINGW_EXTRA} ${DL_LIB})
+  target_link_libraries( "${PROJECT_NAME}" libi2pd libi2pdclient ${DL_LIB} ${Boost_LIBRARIES} ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARY} ${CMAKE_THREAD_LIBS_INIT} ${MINGW_EXTRA} ${DL_LIB} ${CMAKE_REQUIRED_LIBRARIES})
 
   install(TARGETS "${PROJECT_NAME}" RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT Runtime)
   set (APPS "\${CMAKE_INSTALL_PREFIX}/bin/${PROJECT_NAME}${CMAKE_EXECUTABLE_SUFFIX}")
@@ -461,12 +481,6 @@ if (WITH_BINARY)
       fixup_bundle(\"${APPS}\"   \"\"   \"${DIRS}\")
       " COMPONENT Runtime)
   endif ()
-
-  if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
-    if (NOT (MSVC OR MSYS OR APPLE)) # for Clang build on Linux
-      target_link_libraries("${PROJECT_NAME}" stdc++)
-    endif()
-  endif()
 endif ()
 
 install(FILES ../LICENSE

build/build_mingw.cmd

@@ -6,7 +6,7 @@ REM Copyright (c) 2013-2017, The PurpleI2P Project
 REM This file is part of Purple i2pd project and licensed under BSD3
 REM See full license text in LICENSE file at top of project tree
 
-REM To use that script, you must have installed in your MSYS installation theese packages:
+REM To use that script, you must have installed in your MSYS installation these packages:
 REM Base: git make zip
 REM x86_64: mingw-w64-x86_64-boost mingw-w64-x86_64-openssl mingw-w64-x86_64-gcc
 REM i686: mingw-w64-i686-boost mingw-w64-i686-openssl mingw-w64-i686-gcc
@@ -16,7 +16,8 @@ REM Note: if you installed MSYS64 to different path, edit WD variable (only C:\m
 set "WD=C:\msys64\usr\bin\"
 set MSYS2_PATH_TYPE=inherit
 set CHERE_INVOKING=enabled_from_arguments
-set MSYSTEM=MSYS
+REM set MSYSTEM=MSYS
+set MSYSTEM=MINGW32
 
 set "xSH=%WD%bash -lc"
 
@@ -58,6 +59,7 @@ pause
 exit /b 0
 
 :BUILDING
+%xSH% "make clean" >> nul
 echo Building i2pd %tag% for win%bitness%:
 echo Build AVX+AESNI...
 %xSH% "make USE_UPNP=yes USE_AVX=1 USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx_aesni.log 2>&1

build/cmake_modules/CheckAtomic.cmake

@@ -0,0 +1,106 @@
+# atomic builtins are required for threading support.
+
+INCLUDE(CheckCXXSourceCompiles)
+
+# Sometimes linking against libatomic is required for atomic ops, if
+# the platform doesn't support lock-free atomics.
+
+function(check_working_cxx_atomics varname)
+  set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
+  set(CMAKE_REQUIRED_FLAGS "-std=c++11")
+  CHECK_CXX_SOURCE_COMPILES("
+#include <atomic>
+std::atomic<int> x;
+int main() {
+  return x;
+}
+" ${varname})
+  set(CMAKE_REQUIRED_FLAGS ${OLD_CMAKE_REQUIRED_FLAGS})
+endfunction(check_working_cxx_atomics)
+
+function(check_working_cxx_atomics64 varname)
+  set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})
+  set(CMAKE_REQUIRED_FLAGS "-std=c++11 ${CMAKE_REQUIRED_FLAGS}")
+  CHECK_CXX_SOURCE_COMPILES("
+#include <atomic>
+#include <cstdint>
+std::atomic<uint64_t> x (0);
+int main() {
+  uint64_t i = x.load(std::memory_order_relaxed);
+  return 0;
+}
+" ${varname})
+  set(CMAKE_REQUIRED_FLAGS ${OLD_CMAKE_REQUIRED_FLAGS})
+endfunction(check_working_cxx_atomics64)
+
+
+# This isn't necessary on MSVC, so avoid command-line switch annoyance
+# by only running on GCC-like hosts.
+if (LLVM_COMPILER_IS_GCC_COMPATIBLE)
+  # First check if atomics work without the library.
+  check_working_cxx_atomics(HAVE_CXX_ATOMICS_WITHOUT_LIB)
+  # If not, check if the library exists, and atomics work with it.
+  if(NOT HAVE_CXX_ATOMICS_WITHOUT_LIB)
+    check_library_exists(atomic __atomic_fetch_add_4 "" HAVE_LIBATOMIC)
+    if( HAVE_LIBATOMIC )
+      list(APPEND CMAKE_REQUIRED_LIBRARIES "atomic")
+      check_working_cxx_atomics(HAVE_CXX_ATOMICS_WITH_LIB)
+      if (NOT HAVE_CXX_ATOMICS_WITH_LIB)
+        message(FATAL_ERROR "Host compiler must support std::atomic!")
+      endif()
+    else()
+      message(FATAL_ERROR "Host compiler appears to require libatomic, but cannot find it.")
+    endif()
+  endif()
+endif()
+
+# Check for 64 bit atomic operations.
+if(MSVC)
+  set(HAVE_CXX_ATOMICS64_WITHOUT_LIB True)
+else()
+  check_working_cxx_atomics64(HAVE_CXX_ATOMICS64_WITHOUT_LIB)
+endif()
+
+# If not, check if the library exists, and atomics work with it.
+if(NOT HAVE_CXX_ATOMICS64_WITHOUT_LIB)
+  check_library_exists(atomic __atomic_load_8 "" HAVE_CXX_LIBATOMICS64)
+  if(HAVE_CXX_LIBATOMICS64)
+    list(APPEND CMAKE_REQUIRED_LIBRARIES "atomic")
+    check_working_cxx_atomics64(HAVE_CXX_ATOMICS64_WITH_LIB)
+    if (NOT HAVE_CXX_ATOMICS64_WITH_LIB)
+      message(FATAL_ERROR "Host compiler must support std::atomic!")
+    endif()
+  else()
+    message(FATAL_ERROR "Host compiler appears to require libatomic, but cannot find it.")
+  endif()
+endif()
+
+## TODO: This define is only used for the legacy atomic operations in
+## llvm's Atomic.h, which should be replaced.  Other code simply
+## assumes C++11 <atomic> works.
+CHECK_CXX_SOURCE_COMPILES("
+#ifdef _MSC_VER
+#include <Intrin.h> /* Workaround for PR19898. */
+#include <windows.h>
+#endif
+int main() {
+#ifdef _MSC_VER
+        volatile LONG val = 1;
+        MemoryBarrier();
+        InterlockedCompareExchange(&val, 0, 1);
+        InterlockedIncrement(&val);
+        InterlockedDecrement(&val);
+#else
+        volatile unsigned long val = 1;
+        __sync_synchronize();
+        __sync_val_compare_and_swap(&val, 1, 0);
+        __sync_add_and_fetch(&val, 1);
+        __sync_sub_and_fetch(&val, 1);
+#endif
+        return 0;
+      }
+" LLVM_HAS_ATOMICS)
+
+if( NOT LLVM_HAS_ATOMICS )
+  message(STATUS "Warning: LLVM will be built thread-unsafe because atomic builtins are missing")
+endif()

build/cmake_modules/FindMiniUPnPc.cmake

@@ -24,5 +24,5 @@ else()
   endif()
 
   mark_as_advanced(MINIUPNPC_INCLUDE_DIR MINIUPNPC_LIBRARY)
-  
+
 endif()

build/cmake_modules/TargetArch.cmake

@@ -0,0 +1,134 @@
+# Based on the Qt 5 processor detection code, so should be very accurate
+# https://qt.gitorious.org/qt/qtbase/blobs/master/src/corelib/global/qprocessordetection.h
+# Currently handles arm (v5, v6, v7), x86 (32/64), ia64, and ppc (32/64)
+
+# Regarding POWER/PowerPC, just as is noted in the Qt source,
+# "There are many more known variants/revisions that we do not handle/detect."
+
+set(archdetect_c_code "
+#if defined(__arm__) || defined(__TARGET_ARCH_ARM)
+    #if defined(__ARM_ARCH_7__) \\
+        || defined(__ARM_ARCH_7A__) \\
+        || defined(__ARM_ARCH_7R__) \\
+        || defined(__ARM_ARCH_7M__) \\
+        || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 7)
+        #error cmake_ARCH armv7
+    #elif defined(__ARM_ARCH_6__) \\
+        || defined(__ARM_ARCH_6J__) \\
+        || defined(__ARM_ARCH_6T2__) \\
+        || defined(__ARM_ARCH_6Z__) \\
+        || defined(__ARM_ARCH_6K__) \\
+        || defined(__ARM_ARCH_6ZK__) \\
+        || defined(__ARM_ARCH_6M__) \\
+        || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 6)
+        #error cmake_ARCH armv6
+    #elif defined(__ARM_ARCH_5TEJ__) \\
+        || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 5)
+        #error cmake_ARCH armv5
+    #else
+        #error cmake_ARCH arm
+    #endif
+#elif defined(__i386) || defined(__i386__) || defined(_M_IX86)
+    #error cmake_ARCH i386
+#elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(_M_X64)
+    #error cmake_ARCH x86_64
+#elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+    #error cmake_ARCH ia64
+#elif defined(__ppc__) || defined(__ppc) || defined(__powerpc__) \\
+      || defined(_ARCH_COM) || defined(_ARCH_PWR) || defined(_ARCH_PPC)  \\
+      || defined(_M_MPPC) || defined(_M_PPC)
+    #if defined(__ppc64__) || defined(__powerpc64__) || defined(__64BIT__)
+        #error cmake_ARCH ppc64
+    #else
+        #error cmake_ARCH ppc
+    #endif
+#endif
+
+#error cmake_ARCH unknown
+")
+
+# Set ppc_support to TRUE before including this file or ppc and ppc64
+# will be treated as invalid architectures since they are no longer supported by Apple
+
+function(target_architecture output_var)
+    if(APPLE AND CMAKE_OSX_ARCHITECTURES)
+        # On OS X we use CMAKE_OSX_ARCHITECTURES *if* it was set
+        # First let's normalize the order of the values
+
+        # Note that it's not possible to compile PowerPC applications if you are using
+        # the OS X SDK version 10.6 or later - you'll need 10.4/10.5 for that, so we
+        # disable it by default
+        # See this page for more information:
+        # http://stackoverflow.com/questions/5333490/how-can-we-restore-ppc-ppc64-as-well-as-full-10-4-10-5-sdk-support-to-xcode-4
+
+        # Architecture defaults to i386 or ppc on OS X 10.5 and earlier, depending on the CPU type detected at runtime.
+        # On OS X 10.6+ the default is x86_64 if the CPU supports it, i386 otherwise.
+
+        foreach(osx_arch ${CMAKE_OSX_ARCHITECTURES})
+            if("${osx_arch}" STREQUAL "ppc" AND ppc_support)
+                set(osx_arch_ppc TRUE)
+            elseif("${osx_arch}" STREQUAL "i386")
+                set(osx_arch_i386 TRUE)
+            elseif("${osx_arch}" STREQUAL "x86_64")
+                set(osx_arch_x86_64 TRUE)
+            elseif("${osx_arch}" STREQUAL "ppc64" AND ppc_support)
+                set(osx_arch_ppc64 TRUE)
+            else()
+                message(FATAL_ERROR "Invalid OS X arch name: ${osx_arch}")
+            endif()
+        endforeach()
+
+        # Now add all the architectures in our normalized order
+        if(osx_arch_ppc)
+            list(APPEND ARCH ppc)
+        endif()
+
+        if(osx_arch_i386)
+            list(APPEND ARCH i386)
+        endif()
+
+        if(osx_arch_x86_64)
+            list(APPEND ARCH x86_64)
+        endif()
+
+        if(osx_arch_ppc64)
+            list(APPEND ARCH ppc64)
+        endif()
+    else()
+        file(WRITE "${CMAKE_BINARY_DIR}/arch.c" "${archdetect_c_code}")
+
+        enable_language(C)
+
+        # Detect the architecture in a rather creative way...
+        # This compiles a small C program which is a series of ifdefs that selects a
+        # particular #error preprocessor directive whose message string contains the
+        # target architecture. The program will always fail to compile (both because
+        # file is not a valid C program, and obviously because of the presence of the
+        # #error preprocessor directives... but by exploiting the preprocessor in this
+        # way, we can detect the correct target architecture even when cross-compiling,
+        # since the program itself never needs to be run (only the compiler/preprocessor)
+        try_run(
+            run_result_unused
+            compile_result_unused
+            "${CMAKE_BINARY_DIR}"
+            "${CMAKE_BINARY_DIR}/arch.c"
+            COMPILE_OUTPUT_VARIABLE ARCH
+            CMAKE_FLAGS CMAKE_OSX_ARCHITECTURES=${CMAKE_OSX_ARCHITECTURES}
+        )
+
+        # Parse the architecture name from the compiler output
+        string(REGEX MATCH "cmake_ARCH ([a-zA-Z0-9_]+)" ARCH "${ARCH}")
+
+        # Get rid of the value marker leaving just the architecture name
+        string(REPLACE "cmake_ARCH " "" ARCH "${ARCH}")
+
+        # If we are compiling with an unknown architecture this variable should
+        # already be set to "unknown" but in the case that it's empty (i.e. due
+        # to a typo in the code), then set it to unknown
+        if (NOT ARCH)
+            set(ARCH unknown)
+        endif()
+    endif()
+
+    set(${output_var} "${ARCH}" PARENT_SCOPE)
+endfunction()

build/docker/README.md

@@ -28,7 +28,7 @@ Options are set via docker environment variables. This can be set at run with -e
 
 **Logging**
 
-Logging happens to STDOUT as the best practise with docker containers, since infrastructure systems like kubernetes with ELK integration can automaticly forward the log to say, kibana or greylog without manual setup. :)
+Logging happens to STDOUT as the best practise with docker containers, since infrastructure systems like kubernetes with ELK integration can automatically forward the log to say, kibana or greylog without manual setup. :)
 
 
 

build/docker/old-ubuntu-based/Dockerfile

@@ -5,7 +5,7 @@ RUN apt-get update && apt-get install -y libboost-dev libboost-filesystem-dev \
        libssl-dev git build-essential
 
 RUN git clone https://github.com/PurpleI2P/i2pd.git
-WORKDIR /i2pd 
+WORKDIR /i2pd
 RUN make
 
 CMD ./i2pd

contrib/apparmor/usr.sbin.i2pd

@@ -1,4 +1,4 @@
-# Basic profile for i2pd 
+# Basic profile for i2pd
 # Should work without modifications with Ubuntu/Debian packages
 # Author: Darknet Villain <supervillain@riseup.net>
 #
@@ -17,14 +17,20 @@
   /etc/host.conf r,
   /etc/hosts r,
   /etc/nsswitch.conf r,
+  /etc/resolv.conf r,
   /run/resolvconf/resolv.conf r,
+  /run/systemd/resolve/stub-resolv.conf r,
 
   # path specific (feel free to modify if you have another paths)
   /etc/i2pd/** r,
+  /run/i2pd/i2pd.pid rwk,
   /var/lib/i2pd/** rw,
-  /var/log/i2pd.log w,
-  /var/run/i2pd/i2pd.pid rw,
+  /var/log/i2pd/i2pd.log w,
+  /var/run/i2pd/i2pd.pid rwk,
   /usr/sbin/i2pd mr,
+  /usr/share/i2pd/** r,
 
-
+  # user homedir (if started not by init.d or systemd)
+  owner @{HOME}/.i2pd/   rw,
+  owner @{HOME}/.i2pd/** rwk,
 }

contrib/certificates/router/killyourtv_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFhTCCA22gAwIBAgIELuRWgDANBgkqhkiG9w0BAQ0FADBzMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEcMBoGA1UEAwwTa2lsbHlvdXJ0dkBt
-YWlsLmkycDAeFw0xMzEwMDYyMTM5MzFaFw0yMzEwMDYyMTM5MzFaMHMxCzAJBgNV
-BAYTAlhYMQswCQYDVQQIEwJYWDELMAkGA1UEBxMCWFgxHjAcBgNVBAoTFUkyUCBB
-bm9ueW1vdXMgTmV0d29yazEMMAoGA1UECxMDSTJQMRwwGgYDVQQDDBNraWxseW91
-cnR2QG1haWwuaTJwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAig3u
-niLWm0y/TFJtciHgmWUt20FOdQrxkiSZ87G8xjuGfq7TbGIiVDn7pQZcHidpq+Dk
-47sm+Swqhb4psSijj0AXUEVKlV39jF5IZE+VUgmEtMqQbnBkWudaTJPWcEe9T/Kd
-8Oz2jgsnrD/EGVTMKBBjt/gk8VqTWvpCdCF1GhqcCeUTFHzjhN9jtoRCaJ2DClpO
-Px+86+d3s9PqUFo8gcD/dbbyJCMqUCMBLtIy/Ooouxb9cfWtXfyOlphU+enmdvuA
-0BDewb9pOJg2/kVd9/9moDWcBGChLOlfSlxpDwyUtcclcpvwnG7c6o4or6gqLeOf
-AbCpse623utV7fWlFWG7M4AQ/2emhhe4YoMJQnflydzV8bPRJxRTeW1j/9UfpvLT
-nO5LHp0oBXE0GqAPjxuAr+r5IDXFbkKYNjK5oWQB/Ul3LkexulYdCzHWbGd1Ja5b
-sbiOy6t/hH6G8DD75HYb+PQZaNZWBv90EyOq1JDSUPw6nxVbhiBldi3ipc8/1X51
-FbzBqJ+QO1XKrKqxWxBKoTekuy38KRzsmkSCpY+WJ9f0gLOKtxzVO2HNNqqVFGQf
-RGIbrNA0JSRQ1fgelccfrcRIXIZ3B8Tk/wxCIzCY6Yvg2jezz2xJkVdqOUsznS2v
-+xJe67PYIAeMVtcfO4kmuCvyIYhsUEpob2n/5lkCAwEAAaMhMB8wHQYDVR0OBBYE
-FCLneov6QMtvra5FSoSLhdymi++rMA0GCSqGSIb3DQEBDQUAA4ICAQAIcqbiwjdQ
-M9VlGBiHe5eVsL6OM9zfRqR1wnRg4Q6ce65XDfEOYleBWaaNJA4BdykcA4fkUN1h
-M2D9FDQScsyPTOuzJ6o75TYh0JOtF51yCi9iuemcosxAwsm90ZXGuMDfDYeyND5c
-PAkWfyCP+jwLYbNo/hkNqyv+XWHXPQmT2adRnPXINVUQuBxVPC//C9wv2uDYWhgS
-f8M425VPp4/R/uks9mlzTx08DwacvouD0YOC+HZE4sWq+2smgeBInMiyr/THYzl+
-baMtYgVs8IKUD2gtjfXZoaQNg3eq5SedSf/5F0S/LCdu9/ccQ8CzSEoVTiQFtO78
-SaU37xai8+QTSVpPuINigxCoXmkubBd+voEmWRcBd/XB5L+u+MFU/jXyyBj2BXVj
-6agqVzY53KVYt23/63QliAUWyxT+ns9gRxVN1jrMhHdiDwsdT4NbzHxg1Su4eiHv
-C/wjD3Dga0BRTEGylpHZGzb1U1rZRHM3ho3f1QkmRPPLcBUMTyUTxJm+GEeuhPvp
-+TBf3Kg/YkdpnEMlagqcyHuIrf3m8Z/pTmpOIbekJWbbA7tluvWbMWw2ARB7dUOE
-fHYVISh0DTw2oVXxM82/q8XXHnhEXv2nW3K40x1VabxUN+sF4M/7YA8nJqwsPJei
-749STYJRfZXdIe69M9zpM5unxENAsiPJgQ==
------END CERTIFICATE-----

contrib/certificates/router/str4d_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFezCCA2OgAwIBAgIEHLJfZzANBgkqhkiG9w0BAQ0FADBuMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEXMBUGA1UEAwwOc3RyNGRAbWFpbC5p
-MnAwHhcNMTMxMDI2MTExODQxWhcNMjMxMDI2MTExODQxWjBuMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEXMBUGA1UEAwwOc3RyNGRAbWFpbC5p
-MnAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvw0vTay1IPOgxvwe8
-yt5jGakha20kw9qDb6zbEL87EWEkeOzdu7iUC69lkxVP9Ws8EbLtkeMf/CXg6CC1
-e+w8WpOHj5prOsiOlrIO+2I1tKMaMUuJDX2wK4I5ZSw/Kieimh9xqOBZknDmtwjw
-2HPW8rpxMqrScaGAP6sQD8Gh4XKKkLogfxYPzF8NnC6O8vBkFKVU2WSVZ0jPAQfv
-6luPdA+5lES+5UPWr9Yhv/CX4siGKUTxchqJRf2VU4o5BzzXae4asVA/NY7lKgEw
-eDDufbm0mRFWP4mbmXRlODuJ8GMnJbMQkNcAvZUnUcvpSTnGnIvxyxtXP5P6ic8V
-3b9HV2eIsbfO1xrgyr6/9qgGpXcdDJejhvNg6fZgQeO40bOGQYwV8bNvsNQHqnZl
-KsVhsMQkOubMxcHTBadcifi8PmdeJ5hxyyqJmyrwkmg2ijnN521M6YkoBzl+8VAi
-zLmqKZfvN5t+pb9PZ3U3jHfkeIEwDRYRAOsvVqch5+ZfSv8x/Te6o15zDKPJQtWK
-ty42GV1vERw30oSZQdrRRy/+4+HSRs3/Zb368OdAbcr+f/xPvwceYGWPeNNIoZ/x
-xkIQE3xgEK+eJyPM9McjlCAezZZclT7fWfiEYNJAiS3fGALi+a+cGYWWULxCXpz+
-y397OHhZBhnh7D9K8aPePB8tCwIDAQABoyEwHzAdBgNVHQ4EFgQUezvGHq3h1gbC
-Hs2LLVoll5fIUWMwDQYJKoZIhvcNAQENBQADggIBAF7SG1WBcE1r5eyTp/BLFZfG
-iPtvqu+B1L2HutPum/Xf8A5fxR4kcKAKpVdu6vnDzCRAsAC9YvyETgAzI2nfVgLk
-l9YZ31tSi6qxnMsQsV5o9lt/q2Rvsf2Zi/Ir8AlWtvnP8YG0Aj/8AG8MyhMLaIdj
-M2FuakPs8RqEjoJL9dTOC9VTQpNTwBH9guP9UalWYwlkaXDzMoyO4nswT/GpCpg8
-4m4RO6grzdsEIamD/PCBM5f/vq+y08GaqfXpX9+8CbaX3tdzd3x48wPphmdpkptk
-aRELIpLJZiK+Mos7W+0ZS8SHxGDIosjqVsgbZPmk12+VBcVgLOr8W1D7osS4OY59
-2GMUVV/GhoDh8wR/Td5wpZlcPE0NWmljjVg9+1E8ePAyMZy+U1KCiMlRVdRy518O
-dOzzUUQGqGQHosRrH0ypS3MGbMLmbuWFRiz7q/3mUmW2xikH9I1t/6ZMNUvh+IWL
-kGAaEf2JIv/D8+QsC0Un1W09DgvYz7qmKSeHhBixlLe68vgXtz/Fa+rRMsmPrueo
-4wk/u/VyILo0BJP860APJMZbm+DPfGhV9DF9L5Gx9+d/BlduBVGHc+AQSWbU70dS
-eH4/rgUYRikWlgwUxjY8/QQTlfx5xl28tG0xdO9libN22z7UwTGfm48BQIdrTyER
-hqQ7usTy3oaWD85MbJ0q
------END CERTIFICATE-----

contrib/certificates/router/zzz_at_mail.i2p.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFdzCCA1+gAwIBAgIEcwrwsjANBgkqhkiG9w0BAQ0FADBsMQswCQYDVQQGEwJY
-WDELMAkGA1UECBMCWFgxCzAJBgNVBAcTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnlt
-b3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEVMBMGA1UEAwwMenp6QG1haWwuaTJw
-MB4XDTEzMDkzMDE3NDEyNVoXDTIzMDkzMDE3NDEyNVowbDELMAkGA1UEBhMCWFgx
-CzAJBgNVBAgTAlhYMQswCQYDVQQHEwJYWDEeMBwGA1UEChMVSTJQIEFub255bW91
-cyBOZXR3b3JrMQwwCgYDVQQLEwNJMlAxFTATBgNVBAMMDHp6ekBtYWlsLmkycDCC
-AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJV4ptvhlfrcize9/ARz4lUy
-iLtLMSvSST1BdZjLJTwus05EUs0oiqnv9qXYIWGRB97aKlAmqSxsn4ZgBttCgmev
-IkuiZ8kbdqI5YaT98yKW5P2Prt9p9cPbnz5/qjwZ5L9W+k/Itx7bv2pkNEP0NLYo
-NrgHHTb1hsyRxc0lfPYk2BwsIi8hIWBHNrRpR41EWFXfqPcdsxS8cQhxVj4zLG/R
-aMm4H8T+V1R1Khl4R4qqRgXBP305xqqRoawHmZ/S9/RkF0Ji6IYwBq9iWthWol6W
-sMDn1xhZk9765fk+ohAC2XWuGSFCr02JOILRV3x/8OUxT1GYgYjc7FfyWIekg/pZ
-yotlhL2I3SMWOH3PdG58iDY121hq/LsSKM9aP20rwtvssnw+8Aex01YDkI3bM6yO
-HNi+tRojaJcJciBWv6cuiFKvQdxj/mOhOr0u0lHLlJ4jqES8uvVJkS7X/C4BB7ra
-bJYQgumZMYvVQJFIjo8vZxMXue53o65FRidvAUT29ay54UTiL7jRV9w1wHnzLapU
-xT1v7kWpWJcZ1zzC8coJjW+6ijkk38cVLb80u1Q4kEbmP2rDxw6jRvmqg6DcCKjK
-oqDt+XQ6P5grxAxLT+VMfB404WHHwNs6BB841//4ZnXvy3msMONY/5y0fsblURgh
-IS2UG1TAjR+x7+XikGx9AgMBAAGjITAfMB0GA1UdDgQWBBSvx/fCCP8UeHwjN65p
-EoHjgRfiIzANBgkqhkiG9w0BAQ0FAAOCAgEAYgVE1Aa/Ok5k+Jvujbx72bktRWXo
-Y4UfbWH/426VdgqXt3n9XtJUNM2oI4ODwITM4O15SyXQTLJhnvJz5ELcJV8nqviZ
-RjK2HNX1BW7IEta3tacCvVnjzZ265kCT59uW+qmd+5PiaAYI5lYUn8P6pe+6neSa
-HW6ecXCrdxJetSYfUUuKeV6YHpdzfjtZClLmwl91sJUBKcjK+Q9G/cE6HnwcDH1s
-uXr7SgkBt/qc/OlNuu4fnTqUA58TAumdq9cD+eLBilDFrux1HsUZMuBUp64x5oPi
-gme+3VewsczfFEtrxaG6+l6UA40Lerdx9XECZcDCcFsK6MS1uQ2HYjsyZcWnNT3l
-6eDNUbjrllwxDdRAk0cbWiMuc21CFq/1v2QMXk88EiBjEajqzyXUPmKzwFhit6pr
-5kfjfXNq+pxQSCoaqjpzVKjb3CqMhSlC8cLgrPw6HEgGnjCy4cTLFHlVmD64M778
-tj6rE7CntcmUi8GKmZKyaMyUo3QQUcrjO5IQ4+3iGUgMkZuujyjrZiOJbvircPmK
-4IQEXzJ/G00upqtqKstRybaWSbJ/k6iuturtA2n8MJiCBjhLy8dtTgDbFaDaNF7F
-NHeqQjIJDLhYDy6mi4gya3A0ort777Inl/rWYLo067pYM+EWDw66GdpbEIB0Bp71
-pwvcQcjIzbUzEK0=
------END CERTIFICATE-----

contrib/debian/i2pd.service

@@ -1,27 +0,0 @@
-[Unit]
-Description=I2P Router written in C++
-After=network.target
-
-[Service]
-User=i2pd
-Group=i2pd
-RuntimeDirectory=i2pd
-RuntimeDirectoryMode=0700
-Type=simple
-ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
-ExecReload=/bin/kill -HUP $MAINPID
-PIDFile=/var/run/i2pd/i2pd.pid
-### Uncomment, if auto restart needed
-#Restart=on-failure
-
-### Use SIGINT for gracefull stop daemon.
-# i2pd stops accepting new tunnels and waits ~10 min while old ones do not die.
-KillSignal=SIGINT
-TimeoutStopSec=10m
-
-# If you have problems with hunging i2pd, you can try enable this
-#LimitNOFILE=4096
-PrivateDevices=yes
-
-[Install]
-WantedBy=multi-user.target

contrib/debian/i2pd.service

@@ -0,0 +1 @@
+../i2pd.service

contrib/docker/Dockerfile

@@ -17,13 +17,13 @@ RUN mkdir -p "$I2PD_HOME" "$DATA_DIR" \
     && chown -R i2pd:nobody "$I2PD_HOME"
 
 #
-# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the 
+# Each RUN is a layer, adding the dependencies and building i2pd in one layer takes around 8-900Mb, so to keep the
 # image under 20mb we need to remove all the build dependencies in the same "RUN" / layer.
 #
 
-# 1. install deps, clone and build. 
-# 2. strip binaries. 
-# 3. Purge all dependencies and other unrelated packages, including build directory. 
+# 1. install deps, clone and build.
+# 2. strip binaries.
+# 3. Purge all dependencies and other unrelated packages, including build directory.
 RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boost-dev build-base openssl-dev openssl git \
     && mkdir -p /tmp/build \
     && cd /tmp/build && git clone -b ${GIT_BRANCH} ${REPO_URL} \
@@ -35,7 +35,7 @@ RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boos
     && mv i2pd /usr/local/bin \
     && cd /usr/local/bin \
     && strip i2pd \
-    && rm -fr /tmp/build && apk --purge del build-dependendencies build-base fortify-headers boost-dev zlib-dev openssl-dev \
+    && rm -fr /tmp/build && apk --no-cache --purge del build-dependendencies build-base fortify-headers boost-dev zlib-dev openssl-dev \
     boost-python3 python3 gdbm boost-unit_test_framework boost-python linux-headers boost-prg_exec_monitor \
     boost-serialization boost-signals boost-wave boost-wserialization boost-math boost-graph boost-regex git pcre \
     libtool g++ gcc pkgconfig

contrib/i2pd.conf

@@ -26,15 +26,11 @@
 ## Log messages above this level (debug, *info, warn, error, none)
 ## If you set it to none, logging will be disabled
 # loglevel = info
-
-## Path to storage of i2pd data (RI, keys, peer profiles, ...)
-## Default: ~/.i2pd or /var/lib/i2pd
-# datadir = /var/lib/i2pd
+## Write full CLF-formatted date and time to log (default: write only time)
+# logclftime = true
 
 ## Daemon mode. Router will go to background after start
 # daemon = true
-## Run as a service. Router will use system folders like ‘/var/lib/i2pd’
-# service = true
 
 ## Specify a family, router belongs to (default - none)
 # family =
@@ -54,10 +50,16 @@ ipv4 = true
 ipv6 = false
 
 ## Network interface to bind to
-# ifname = 
+# ifname =
+## You can specify different interfaces for IPv4 and IPv6
+# ifname4 = 
+# ifname6 = 
 
 ## Enable NTCP transport (default = true)
 # ntcp = true
+## If you run i2pd behind a proxy server, you can only use NTCP transport with ntcpproxy option 
+## Should be http://address:port or socks://address:port
+# ntcpproxy = http://127.0.0.1:8118
 ## Enable SSU transport (default = true)
 # ssu = true
 
@@ -69,6 +71,8 @@ ipv6 = false
 ## X - unlimited
 ## Default is X for floodfill, L for regular node
 # bandwidth = L
+## Max % of bandwidth limit for transit. 0-100. 100 by default
+# share = 100
 
 ## Router will not accept transit tunnels, disabling transit traffic completely
 ## (default = false)
@@ -77,46 +81,17 @@ ipv6 = false
 ## Router will be floodfill
 # floodfill = true
 
-[limits]
-## Maximum active transit sessions (default:2500)
-# transittunnels = 2500
-
-[precomputation]
-## Enable or disable elgamal precomputation table
-## By default, enabled on i386 hosts
-# elgamal = true
-
-[upnp]
-## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
-# enabled = false 
-
-## Name i2pd appears in UPnP forwardings list (default = I2Pd)
-# name = I2Pd
-
-[reseed]
-## Enable or disable reseed data verification. 
-verify = true
-## URLs to request reseed data from, separated by comma
-## Default: "mainline" I2P Network reseeds
-# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
-## Path to local reseed data file (.su3) for manual reseeding 
-# file = /path/to/i2pseeds.su3
-## or HTTPS URL to reseed from
-# file = https://legit-website.com/i2pseeds.su3
-
-[addressbook]
-## AddressBook subscription URL for initial setup
-## Default: inr.i2p at "mainline" I2P Network
-# defaulturl = http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt
-## Optional subscriptions URLs, separated by comma
-# subscriptions = http://inr.i2p/export/alive-hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
-
 [http]
+## Web Console settings
 ## Uncomment and set to 'false' to disable Web Console
 # enabled = true
 ## Address and port service will listen on
 address = 127.0.0.1
 port = 7070
+## Uncomment following lines to enable Web Console authentication 
+# auth = true
+# user = i2pd
+# pass = changeme
 
 [httpproxy]
 ## Uncomment and set to 'false' to disable HTTP Proxy
@@ -126,6 +101,11 @@ address = 127.0.0.1
 port = 4444
 ## Optional keys file for proxy local destination
 # keys = http-proxy-keys.dat
+## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+# addresshelper = true
+## Address of a proxy server inside I2P, which is used to visit regular Internet
+# outproxy = http://false.i2p
+## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
 
 [socksproxy]
 ## Uncomment and set to 'false' to disable SOCKS Proxy
@@ -135,13 +115,13 @@ address = 127.0.0.1
 port = 4447
 ## Optional keys file for proxy local destination
 # keys = socks-proxy-keys.dat
-
 ## Socks outproxy. Example below is set to use Tor for all connections except i2p
 ## Uncomment and set to 'true' to enable using of SOCKS outproxy
 # outproxy.enabled = false
 ## Address and port of outproxy
 # outproxy = 127.0.0.1
 # outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
 
 [sam]
 ## Uncomment and set to 'true' to enable SAM Bridge
@@ -170,3 +150,71 @@ enabled = true
 ## Address and port service will listen on
 # address = 127.0.0.1
 # port = 7650
+## Authentication password. "itoopie" by default
+# password = itoopie
+
+[precomputation]
+## Enable or disable elgamal precomputation table
+## By default, enabled on i386 hosts
+# elgamal = true
+
+[upnp]
+## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
+# enabled = false
+## Name i2pd appears in UPnP forwardings list (default = I2Pd)
+# name = I2Pd
+
+[reseed]
+## Options for bootstrapping into I2P network, aka reseeding
+## Enable or disable reseed data verification.
+verify = true
+## URLs to request reseed data from, separated by comma
+## Default: "mainline" I2P Network reseeds
+# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
+## Path to local reseed data file (.su3) for manual reseeding
+# file = /path/to/i2pseeds.su3
+## or HTTPS URL to reseed from
+# file = https://legit-website.com/i2pseeds.su3
+## Path to local ZIP file or HTTPS URL to reseed from
+# zipfile = /path/to/netDb.zip
+## If you run i2pd behind a proxy server, set proxy server for reseeding here
+## Should be http://address:port or socks://address:port
+# proxy = http://127.0.0.1:8118
+## Minimum number of known routers, below which i2pd triggers reseeding. 25 by default
+# threshold = 25
+
+[addressbook]
+## AddressBook subscription URL for initial setup
+## Default: inr.i2p at "mainline" I2P Network
+# defaulturl = http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt
+## Optional subscriptions URLs, separated by comma
+# subscriptions = http://inr.i2p/export/alive-hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+
+[limits]
+## Maximum active transit sessions (default:2500)
+# transittunnels = 2500
+## Limit number of open file descriptors (0 - use system limit)  
+# openfiles = 0
+## Maximum size of corefile in Kb (0 - use system limit) 
+# coresize = 0
+## Threshold to start probabalistic backoff with ntcp sessions (0 - use system limit) 
+# ntcpsoft = 0
+## Maximum number of ntcp sessions (0 - use system limit) 
+# ntcphard = 0
+
+[trust]
+## Enable explicit trust options. false by default
+# enabled = true
+## Make direct I2P connections only to routers in specified Family.
+# family = MyFamily
+## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
+# routers = 
+## Should we hide our router from other routers? false by default
+# hidden = true
+
+[exploratory]
+## Exploratory tunnels settings with default values
+# inbound.length = 2 
+# inbound.quantity = 3
+# outbound.length = 2
+# outbound.quantity = 3

contrib/i2pd.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=I2P Router written in C++
+Documentation=man:i2pd(1) https://i2pd.readthedocs.io/en/latest/
+After=network.target
+
+[Service]
+User=i2pd
+Group=i2pd
+RuntimeDirectory=i2pd
+RuntimeDirectoryMode=0700
+LogsDirectory=i2pd
+LogsDirectoryMode=0700
+Type=forking
+ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/var/run/i2pd/i2pd.pid
+### Uncomment, if auto restart needed
+#Restart=on-failure
+
+KillSignal=SIGQUIT
+# If you have the patience waiting 10 min on restarting/stopping it, uncomment this.
+# i2pd stops accepting new tunnels and waits ~10 min while old ones do not die.
+#KillSignal=SIGINT
+#TimeoutStopSec=10m
+
+# If you have problems with hanging i2pd, you can try enable this
+LimitNOFILE=4096
+PrivateDevices=yes
+
+[Install]
+WantedBy=multi-user.target

contrib/rpm/i2pd-git.spec

@@ -0,0 +1,102 @@
+%define git_hash %(git rev-parse HEAD | cut -c -7)
+
+Name:           i2pd-git
+Version:        2.19.0
+Release:        git%{git_hash}%{?dist}
+Summary:        I2P router written in C++
+Conflicts:      i2pd
+
+License:        BSD
+URL:            https://github.com/PurpleI2P/i2pd
+Source0:        https://github.com/PurpleI2P/i2pd/archive/openssl/i2pd-openssl.tar.gz
+
+%if 0%{?rhel}  == 7
+BuildRequires:  cmake3
+%else
+BuildRequires:  cmake
+%endif
+
+BuildRequires:  chrpath
+BuildRequires:  gcc-c++
+BuildRequires:  zlib-devel
+BuildRequires:  boost-devel
+BuildRequires:  openssl-devel
+BuildRequires:  miniupnpc-devel
+BuildRequires:  systemd-units
+
+Requires:	systemd
+Requires(pre):  %{_sbindir}/useradd %{_sbindir}/groupadd
+
+%description
+C++ implementation of I2P.
+
+%prep
+%setup -q
+
+
+%build
+cd build
+%if 0%{?rhel} == 7
+%cmake3 \
+    -DWITH_LIBRARY=OFF \
+    -DWITH_UPNP=ON \
+    -DWITH_HARDENING=ON \
+    -DBUILD_SHARED_LIBS:BOOL=OFF
+%else
+%cmake \
+    -DWITH_LIBRARY=OFF \
+    -DWITH_UPNP=ON \
+    -DWITH_HARDENING=ON \
+    -DBUILD_SHARED_LIBS:BOOL=OFF
+%endif
+
+make %{?_smp_mflags}
+
+
+%install
+cd build
+chrpath -d i2pd
+install -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/i2pd.conf %{buildroot}%{_sysconfdir}/i2pd/i2pd.conf
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.conf %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf
+install -d -m 755 %{buildroot}%{_datadir}/i2pd
+%{__cp} -r %{_builddir}/%{name}-%{version}/contrib/certificates/ %{buildroot}%{_datadir}/i2pd/certificates
+install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}%{_unitdir}/i2pd.service
+install -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
+install -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
+ln -s %{_datadir}/%{name}/certificates %{buildroot}%{_sharedstatedir}/i2pd/certificates
+
+
+%pre
+getent group i2pd >/dev/null || %{_sbindir}/groupadd -r i2pd
+getent passwd i2pd >/dev/null || \
+  %{_sbindir}/useradd -r -g i2pd -s %{_sbindir}/nologin \
+                      -d %{_sharedstatedir}/i2pd -c 'I2P Service' i2pd
+
+
+%post
+%systemd_post i2pd.service
+
+
+%preun
+%systemd_preun i2pd.service
+
+
+%postun
+%systemd_postun_with_restart i2pd.service
+
+
+%files
+%doc LICENSE README.md
+%{_sbindir}/i2pd
+%{_datadir}/i2pd/certificates
+%config(noreplace) %{_sysconfdir}/i2pd/*
+/%{_unitdir}/i2pd.service
+%dir %attr(0700,i2pd,i2pd) %{_localstatedir}/log/i2pd
+%dir %attr(0700,i2pd,i2pd) %{_sharedstatedir}/i2pd
+%{_sharedstatedir}/i2pd/certificates
+
+
+%changelog
+* Thu Feb 01 2018 r4sas <r4sas@i2pmail.org> - 2.18.0
+- Initial i2pd-git based on i2pd 2.18.0-1 spec

contrib/rpm/i2pd.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=I2P router
-After=network.target
-
-[Service]
-User=i2pd
-Group=i2pd
-Type=simple
-ExecStart=/usr/bin/i2pd --service
-PIDFile=/var/lib/i2pd/i2pd.pid
-Restart=always
-PrivateTmp=true
-
-[Install]
-WantedBy=multi-user.target
-

contrib/rpm/i2pd.service

@@ -0,0 +1 @@
+../i2pd.service

contrib/rpm/i2pd.spec

@@ -1,9 +1,8 @@
-%define build_timestamp %(date +"%Y%m%d")
-
 Name:           i2pd
-Version:        2.17.0
-Release:        %{build_timestamp}git%{?dist}
+Version:        2.19.0
+Release:        1%{?dist}
 Summary:        I2P router written in C++
+Conflicts:      i2pd-git
 
 License:        BSD
 URL:            https://github.com/PurpleI2P/i2pd
@@ -23,32 +22,19 @@ BuildRequires:  openssl-devel
 BuildRequires:  miniupnpc-devel
 BuildRequires:  systemd-units
 
-%description
-C++ implementation of I2P.
-
-
-%package systemd
-Summary:        Files to run I2P router under systemd
-Requires:	i2pd
 Requires:	systemd
 Requires(pre):  %{_sbindir}/useradd %{_sbindir}/groupadd
-Obsoletes:      %{name}-daemon
 
-
-%description systemd
+%description
 C++ implementation of I2P.
 
-This package contains systemd unit file to run i2pd as a system service
-using dedicated user's permissions.
-
-
 %prep
 %setup -q
 
 
 %build
 cd build
-%if 0%{?rhel} == 7 
+%if 0%{?rhel} == 7
 %cmake3 \
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
@@ -68,114 +54,87 @@ make %{?_smp_mflags}
 %install
 cd build
 chrpath -d i2pd
-install -D -m 755 i2pd %{buildroot}%{_bindir}/i2pd
-install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}/%{_unitdir}/i2pd.service
-install -d -m 700 %{buildroot}/%{_sharedstatedir}/i2pd
+install -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/i2pd.conf %{buildroot}%{_sysconfdir}/i2pd/i2pd.conf
+install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.conf %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf
+install -d -m 755 %{buildroot}%{_datadir}/i2pd
+%{__cp} -r %{_builddir}/%{name}-%{version}/contrib/certificates/ %{buildroot}%{_datadir}/i2pd/certificates
+install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}%{_unitdir}/i2pd.service
+install -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
+install -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
+ln -s %{_datadir}/%{name}/certificates %{buildroot}%{_sharedstatedir}/i2pd/certificates
 
 
-%pre systemd
+%pre
 getent group i2pd >/dev/null || %{_sbindir}/groupadd -r i2pd
 getent passwd i2pd >/dev/null || \
   %{_sbindir}/useradd -r -g i2pd -s %{_sbindir}/nologin \
                       -d %{_sharedstatedir}/i2pd -c 'I2P Service' i2pd
 
 
-%post systemd
+%post
 %systemd_post i2pd.service
 
 
-%preun systemd
+%preun
 %systemd_preun i2pd.service
 
 
-%postun systemd
+%postun
 %systemd_postun_with_restart i2pd.service
 
 
 %files
 %doc LICENSE README.md
-%_bindir/i2pd
-
-
-%files systemd
-/%_unitdir/i2pd.service
-%dir %attr(0700,i2pd,i2pd) %_sharedstatedir/i2pd
+%{_sbindir}/i2pd
+%{_datadir}/i2pd/certificates
+%config(noreplace) %{_sysconfdir}/i2pd/*
+/%{_unitdir}/i2pd.service
+%dir %attr(0700,i2pd,i2pd) %{_localstatedir}/log/i2pd
+%dir %attr(0700,i2pd,i2pd) %{_sharedstatedir}/i2pd
+%{_sharedstatedir}/i2pd/certificates
 
 
 %changelog
+* Tue Jun 26 2018 orignal <i2porignal@yandex.ru> - 2.19.0
+- update to 2.19.0
+
+* Mon Feb 05 2018 r4sas <r4sas@i2pmail.org> - 2.18.0-2
+- Fixed blocking system shutdown for 10 minutes (#1089)
+
+* Thu Feb 01 2018 r4sas <r4sas@i2pmail.org> - 2.18.0-1
+- Added to conflicts i2pd-git package
+- Fixed release versioning
+- Fixed paths with double slashes
+
+* Tue Jan 30 2018 orignal <i2porignal@yandex.ru> - 2.18.0
+- update to 2.18.0
+
+* Sat Jan 27 2018 l-n-s <supervillain@riseup.net> - 2.17.0-1
+- Added certificates and default configuration files
+- Merge i2pd with i2pd-systemd package
+- Fixed package changelogs to comply with guidelines
+
 * Mon Dec 04 2017 orignal <i2porignal@yandex.ru> - 2.17.0
-- Added reseed through HTTP and SOCKS proxy
-- Added show status of client services through web console
-- Added change log level through web connsole
-- Added transient keys for tunnels
-- Added i2p.streaming.initialAckDelay parameter
-- Added CRYPTO_TYPE for SAM destination
-- Added signature and crypto type for newkeys BOB command
-- Changed - correct publication of ECIES destinations
-- Changed - disable RSA signatures completely
-- Fixed CVE-2017-17066
-- Fixed possible buffer overflow for RSA-4096
-- Fixed shutdown from web console for Windows
-- Fixed web console page layout
+- update to 2.17.0
 
 * Mon Nov 13 2017 orignal <i2porignal@yandex.ru> - 2.16.0
-- Added https and "Connect" method for HTTP proxy
-- Added outproxy for HTTP proxy
-- Added initial support of ECIES crypto
-- Added NTCP soft and hard descriptors limits
-- Added support full timestamps in logs
-- Changed faster implmentation of GOST R 34.11 hash
-- Changed reject routers with RSA signtures
-- Changed reload config and shudown from Windows GUI
-- Changed update tunnels address(destination) without restart
-- Fixed BOB crashes if destination is not set
-- Fixed correct SAM tunnel name
-- Fixed QT GUI issues
+- update to 2.16.0
 
 * Thu Aug 17 2017 orignal <i2porignal@yandex.ru> - 2.15.0
-- Added QT GUI 
-- Added ability add and remove I2P tunnels without restart
-- Added ability to disable SOCKS outproxy option
-- Changed strip-out Accept-* hedaers in HTTP proxy
-- Changed peer test if nat=false
-- Changed separate output of NTCP and SSU sessions in Transports tab
-- Fixed handle lines with comments in hosts.txt file for address book
-- Fixed run router with empty netdb for testnet
-- Fixed skip expired introducers by iexp
+- update to 2.15.0
 
 * Thu Jun 01 2017 orignal <i2porignal@yandex.ru> - 2.14.0
-- Added transit traffic bandwidth limitation
-- Added NTCP connections through HTTP and SOCKS proxies
-- Added ability to disable address helper for HTTP proxy
-- Changed reseed servers list
+- update to 2.14.0
 
 * Thu Apr 06 2017 orignal <i2porignal@yandex.ru> - 2.13.0
-- Added persist local destination's tags
-- Added GOST signature types 9 and 10
-- Added exploratory tunnels configuration
-- Changed reseed servers list
-- Changed inactive NTCP sockets get closed faster
-- Changed some EdDSA speed up
-- Fixed multiple acceptors for SAM
-- Fixed follow on data after STREAM CREATE for SAM
-- Fixed memory leaks
+- update to 2.13.0
 
 * Tue Feb 14 2017 orignal <i2porignal@yandex.ru> - 2.12.0
-- Additional HTTP and SOCKS proxy tunnels
-- Reseed from ZIP archive
-- 'X' bandwidth code
-- Reduced memory and file descriptors usage
+- update to 2.12.0
 
 * Mon Dec 19 2016 orignal <i2porignal@yandex.ru> - 2.11.0
-- Full support of zero-hops tunnels
-- Tunnel configuration for HTTP and SOCKS proxy
-- Websockets support
-- Multiple acceptors for SAM destination
-- Routing path for UDP tunnels
-- Reseed through a floodfill
-- Use AVX instructions for DHT and HMAC if applicable
-- Fixed UPnP discovery bug, producing excessive CPU usage
-- Handle multiple lookups of the same LeaseSet correctly
+- update to 2.11.0
 
 * Thu Oct 20 2016 Anatolii Vorona <vorona.tolik@gmail.com> - 2.10.0-3
 - add support C7

contrib/tunnels.conf

@@ -30,4 +30,4 @@ keys = irc-keys.dat
 #destinationport = 110
 #keys = pop3-keys.dat
 
-# see more examples in /usr/share/doc/i2pd/configuration.md.gz
+# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/

daemon/Daemon.cpp

@@ -60,8 +60,12 @@ namespace i2p
 			return service;
 		}
 
-		bool Daemon_Singleton::init(int argc, char* argv[])
-		{
+        bool Daemon_Singleton::init(int argc, char* argv[]) {
+            return init(argc, argv, nullptr);
+        }
+
+        bool Daemon_Singleton::init(int argc, char* argv[], std::shared_ptr<std::ostream> logstream)
+        {
 			i2p::config::Init();
 			i2p::config::ParseCmdline(argc, argv);
 
@@ -104,7 +108,10 @@ namespace i2p
 				logs = "file";
 
 			i2p::log::Logger().SetLogLevel(loglevel);
-			if (logs == "file") {
+            if (logstream) {
+                LogPrint(eLogInfo, "Log: will send messages to std::ostream");
+                i2p::log::Logger().SendTo (logstream);
+            } else if (logs == "file") {
 				if (logfile == "")
 					logfile = i2p::fs::DataDirPath("i2pd.log");
 				LogPrint(eLogInfo, "Log: will send messages to ", logfile);
@@ -119,12 +126,6 @@ namespace i2p
 			}
 
 			LogPrint(eLogInfo,	"i2pd v", VERSION, " starting");
-#ifdef AESNI
-			LogPrint(eLogInfo,	"AESNI enabled");
-#endif
-#if defined(__AVX__)
-			LogPrint(eLogInfo,	"AVX enabled"); 
-#endif
 			LogPrint(eLogDebug, "FS: main config file: ", config);
 			LogPrint(eLogDebug, "FS: data directory: ", datadir);
 

daemon/Daemon.h

@@ -3,6 +3,7 @@
 
 #include <memory>
 #include <string>
+#include <ostream>
 
 namespace i2p
 {
@@ -12,8 +13,9 @@ namespace util
 	class Daemon_Singleton
 	{
 		public:
-			virtual bool init(int argc, char* argv[]);
-			virtual bool start();
+            virtual bool init(int argc, char* argv[], std::shared_ptr<std::ostream> logstream);
+            virtual bool init(int argc, char* argv[]);
+            virtual bool start();
 			virtual bool stop();
 			virtual void run () {};
 
@@ -44,19 +46,6 @@ namespace util
 			}
 	};
 
-#elif defined(ANDROID)
-#define Daemon i2p::util::DaemonAndroid::Instance()
-	// dummy, invoked from android/jni/DaemonAndroid.*
-	class DaemonAndroid: public i2p::util::Daemon_Singleton
-	{
-		public:
-			static DaemonAndroid& Instance()
-			{
-				static DaemonAndroid instance;
-				return instance;
-			}
-	};
-
 #elif defined(_WIN32)
 #define Daemon i2p::util::DaemonWin32::Instance()
 	class DaemonWin32 : public Daemon_Singleton
@@ -77,7 +66,18 @@ namespace util
 
 			DaemonWin32 ():isGraceful(false) {}
 	};
-
+#elif (defined(ANDROID) && !defined(ANDROID_BINARY))
+#define Daemon i2p::util::DaemonAndroid::Instance()
+	// dummy, invoked from android/jni/DaemonAndroid.*
+	class DaemonAndroid: public i2p::util::Daemon_Singleton
+	{
+		public:
+			static DaemonAndroid& Instance()
+			{
+				static DaemonAndroid instance;
+				return instance;
+			}
+	};
 #else
 #define Daemon i2p::util::DaemonLinux::Instance()
 	class DaemonLinux : public Daemon_Singleton

daemon/HTTPServer.cpp

@@ -198,7 +198,10 @@ namespace http {
 		s << "<b>ERROR:</b>&nbsp;" << string << "<br>\r\n";
 	}
 
-	void ShowStatus (std::stringstream& s, bool includeHiddenContent)
+    void ShowStatus (
+            std::stringstream& s,
+            bool includeHiddenContent,
+            i2p::http::OutputFormatEnum outputFormat)
 	{
 		s << "<b>Uptime:</b> ";
 		ShowUptime(s, i2p::context.GetUptime ());
@@ -224,7 +227,7 @@ namespace http {
 			default: s << "Unknown";
 		}
 		s << "<br>\r\n";
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
 		if (auto remains = Daemon.gracefulShutdownInterval) {
 			s << "<b>Stopping in:</b> ";
 			s << remains << " seconds";
@@ -245,9 +248,12 @@ namespace http {
 		ShowTraffic (s, i2p::transport::transports.GetTotalTransitTransmittedBytes ());
 		s << " (" << (double) i2p::transport::transports.GetTransitBandwidth () / 1024 << " KiB/s)<br>\r\n";
 		s << "<b>Data path:</b> " << i2p::fs::GetDataDir() << "<br>\r\n";
-		s << "<div class='slide'><label for='slide-info'>Hidden content. Press on text to see.</label>\r\n<input type='checkbox' id='slide-info'/>\r\n<p class='content'>\r\n";
-		if(includeHiddenContent) {
-			s << "<b>Router Ident:</b> " << i2p::context.GetRouterInfo().GetIdentHashBase64() << "<br>\r\n";
+        s << "<div class='slide'>";
+        if((outputFormat==OutputFormatEnum::forWebConsole)||!includeHiddenContent) {
+            s << "<label for='slide-info'>Hidden content. Press on text to see.</label>\r\n<input type='checkbox' id='slide-info'/>\r\n<p class='content'>\r\n";
+        }
+        if(includeHiddenContent) {
+            s << "<b>Router Ident:</b> " << i2p::context.GetRouterInfo().GetIdentHashBase64() << "<br>\r\n";
 			s << "<b>Router Family:</b> " << i2p::context.GetRouterInfo().GetProperty("family") << "<br>\r\n";
 			s << "<b>Router Caps:</b> " << i2p::context.GetRouterInfo().GetProperty("caps") << "<br>\r\n";
 			s << "<b>Our external address:</b>" << "<br>\r\n" ;
@@ -272,9 +278,12 @@ namespace http {
 				}
 				s << address->host.to_string() << ":" << address->port << "<br>\r\n";
 			}
-		}
+        }
 		s << "</p>\r\n</div>\r\n";
-		s << "<b>Routers:</b> " << i2p::data::netdb.GetNumRouters () << " ";
+        if(outputFormat==OutputFormatEnum::forQtUi) {
+            s << "<br>";
+        }
+        s << "<b>Routers:</b> " << i2p::data::netdb.GetNumRouters () << " ";
 		s << "<b>Floodfills:</b> " << i2p::data::netdb.GetNumFloodfills () << " ";
 		s << "<b>LeaseSets:</b> " << i2p::data::netdb.GetNumLeaseSets () << "<br>\r\n";
 
@@ -285,15 +294,17 @@ namespace http {
 		s << "<b>Client Tunnels:</b> " << std::to_string(clientTunnelCount) << " ";
 		s << "<b>Transit Tunnels:</b> " << std::to_string(transitTunnelCount) << "<br>\r\n<br>\r\n";
 
-		s << "<table><caption>Services</caption><tr><th>Service</th><th>State</th></tr>\r\n";
-		s << "<tr><td>" << "HTTP Proxy"		<< "</td><td><div class='" << ((i2p::client::context.GetHttpProxy ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
-		s << "<tr><td>" << "SOCKS Proxy"	<< "</td><td><div class='" << ((i2p::client::context.GetSocksProxy ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
-		s << "<tr><td>" << "BOB"			<< "</td><td><div class='" << ((i2p::client::context.GetBOBCommandChannel ())	? "enabled" : "disabled") << "'></div></td></tr>\r\n";
-		s << "<tr><td>" << "SAM"			<< "</td><td><div class='" << ((i2p::client::context.GetSAMBridge ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
-		s << "<tr><td>" << "I2CP"			<< "</td><td><div class='" << ((i2p::client::context.GetI2CPServer ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
-		bool i2pcontrol; i2p::config::GetOption("i2pcontrol.enabled", i2pcontrol);
-		s << "<tr><td>" << "I2PControl"		<< "</td><td><div class='" << ((i2pcontrol) 									? "enabled" : "disabled") << "'></div></td></tr>\r\n";
-		s << "</table>\r\n";
+        if(outputFormat==OutputFormatEnum::forWebConsole) {
+            s << "<table><caption>Services</caption><tr><th>Service</th><th>State</th></tr>\r\n";
+            s << "<tr><td>" << "HTTP Proxy"		<< "</td><td><div class='" << ((i2p::client::context.GetHttpProxy ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "SOCKS Proxy"	<< "</td><td><div class='" << ((i2p::client::context.GetSocksProxy ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "BOB"			<< "</td><td><div class='" << ((i2p::client::context.GetBOBCommandChannel ())	? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "SAM"			<< "</td><td><div class='" << ((i2p::client::context.GetSAMBridge ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "<tr><td>" << "I2CP"			<< "</td><td><div class='" << ((i2p::client::context.GetI2CPServer ())			? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            bool i2pcontrol; i2p::config::GetOption("i2pcontrol.enabled", i2pcontrol);
+            s << "<tr><td>" << "I2PControl"		<< "</td><td><div class='" << ((i2pcontrol) 									? "enabled" : "disabled") << "'></div></td></tr>\r\n";
+            s << "</table>\r\n";
+        }
 	}
 
 	void ShowLocalDestinations (std::stringstream& s)
@@ -316,8 +327,9 @@ namespace http {
 				if (dest)
 				{
 					auto ident = dest->GetIdentHash ();
-					s << "<a href=\"/?page=" << HTTP_PAGE_I2CP_LOCAL_DESTINATION << "&i2cp_id=" << it.first << "\">";
-					s << i2p::client::context.GetAddressBook ().ToAddress(ident) << "</a><br>\r\n" << std::endl;
+					auto& name = dest->GetNickname ();
+					s << "<a href=\"/?page=" << HTTP_PAGE_I2CP_LOCAL_DESTINATION << "&i2cp_id=" << it.first << "\">[ ";
+					s << name << " ]</a> &#8660; " << i2p::client::context.GetAddressBook ().ToAddress(ident) <<"<br>\r\n" << std::endl;
 				}
 			}
 		}
@@ -492,7 +504,7 @@ namespace http {
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_DISABLE_TRANSIT << "&token=" << token << "\">Decline transit tunnels</a><br>\r\n";
 		else
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_ENABLE_TRANSIT << "&token=" << token << "\">Accept transit tunnels</a><br>\r\n";
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
 		if (Daemon.gracefulShutdownInterval)
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_CANCEL << "&token=" << token << "\">Cancel graceful shutdown</a><br>";
 		else
@@ -504,7 +516,7 @@ namespace http {
 			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Graceful shutdown</a><br>\r\n";
 #endif
 		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_NOW << "&token=" << token << "\">Force shutdown</a><br>\r\n";
-		
+
 		s << "<br>\r\n<b>Logging level</b><br>\r\n";
 		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=none&token=" << token << "\">[none]</a> ";
 		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=error&token=" << token << "\">[error]</a> ";
@@ -648,7 +660,7 @@ namespace http {
 		s << i2p::client::context.GetAddressBook ().ToAddress(ident) << "</a><br>\r\n";
 		s << "<br>\r\n";
 		s << "<b>Streams:</b><br>\r\n";
-		for (const auto& it: session->ListSockets())
+		for (const auto& it: sam->ListSockets(id))
 		{
 			switch (it->GetSocketType ())
 			{
@@ -732,8 +744,9 @@ namespace http {
 		}
 	}
 
-	HTTPConnection::HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket):
-		m_Socket (socket), m_Timer (socket->get_io_service ()), m_BufferLen (0)
+	HTTPConnection::HTTPConnection (std::string hostname, std::shared_ptr<boost::asio::ip::tcp::socket> socket):
+		m_Socket (socket), m_Timer (socket->get_io_service ()), m_BufferLen (0),
+		expected_host(hostname)
 	{
 		/* cache options */
 		i2p::config::GetOption("http.auth", needAuth);
@@ -832,7 +845,28 @@ namespace http {
 			SendReply(res, content);
 			return;
 		}
-
+		bool strictheaders;
+		i2p::config::GetOption("http.strictheaders", strictheaders);
+		if (strictheaders)
+		{
+			std::string http_hostname;
+			i2p::config::GetOption("http.hostname", http_hostname);
+			std::string host = req.GetHeader("Host");
+			auto idx = host.find(':');
+			/* strip out port so it's just host */
+			if (idx != std::string::npos && idx > 0)
+			{
+				host = host.substr(0, idx);
+			}
+			if (!(host == expected_host || host == http_hostname))
+			{
+				/* deny request as it's from a non whitelisted hostname */
+				res.code = 403;
+				content = "host missmatch";
+				SendReply(res, content);
+				return;
+			}
+		}
 		// Html5 head start
 		ShowPageHead (s);
 		if (req.uri.find("page=") != std::string::npos) {
@@ -840,7 +874,7 @@ namespace http {
 		} else if (req.uri.find("cmd=") != std::string::npos) {
 			HandleCommand (req, res, s);
 		} else {
-			ShowStatus (s, true);
+            ShowStatus (s, true, i2p::http::OutputFormatEnum::forWebConsole);
 			res.add_header("Refresh", "10");
 		}
 		ShowPageTail (s);
@@ -930,14 +964,14 @@ namespace http {
 			i2p::context.SetAcceptsTunnels (false);
 		else if (cmd == HTTP_COMMAND_SHUTDOWN_START) {
 			i2p::context.SetAcceptsTunnels (false);
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
 			Daemon.gracefulShutdownInterval = 10*60;
 #elif defined(WIN32_APP)
 			i2p::win32::GracefulShutdown ();
 #endif
 		} else if (cmd == HTTP_COMMAND_SHUTDOWN_CANCEL) {
 			i2p::context.SetAcceptsTunnels (true);
-#if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))
+#if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID))  || defined(ANDROID_BINARY))
 			Daemon.gracefulShutdownInterval = 0;
 #elif defined(WIN32_APP)
 			i2p::win32::StopGracefulShutdown ();
@@ -975,7 +1009,8 @@ namespace http {
 
 	HTTPServer::HTTPServer (const std::string& address, int port):
 		m_IsRunning (false), m_Thread (nullptr), m_Work (m_Service),
-		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port))
+		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint (boost::asio::ip::address::from_string(address), port)),
+		m_Hostname(address)
 	{
 	}
 
@@ -1060,7 +1095,7 @@ namespace http {
 
 	void HTTPServer::CreateConnection(std::shared_ptr<boost::asio::ip::tcp::socket> newSocket)
 	{
-		auto conn = std::make_shared<HTTPConnection> (newSocket);
+		auto conn = std::make_shared<HTTPConnection> (m_Hostname, newSocket);
 		conn->Receive ();
 	}
 } // http

daemon/HTTPServer.h

@@ -10,20 +10,20 @@
 #include <sstream>
 #include "HTTP.h"
 
-namespace i2p 
+namespace i2p
 {
-namespace http 
+namespace http
 {
-	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;		
-	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds	
+	const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192;
+	const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds
 
 	class HTTPConnection: public std::enable_shared_from_this<HTTPConnection>
 	{
 		public:
 
-			HTTPConnection (std::shared_ptr<boost::asio::ip::tcp::socket> socket);
+			HTTPConnection (std::string serverhost, std::shared_ptr<boost::asio::ip::tcp::socket> socket);
 			void Receive ();
-			
+
 		private:
 
 			void HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred);
@@ -46,6 +46,7 @@ namespace http
 			bool needAuth;
 			std::string user;
 			std::string pass;
+			std::string expected_host;
 
 			static std::map<uint32_t, uint32_t> m_Tokens; // token->timestamp in seconds
 	};
@@ -63,11 +64,11 @@ namespace http
 		private:
 
 			void Run ();
- 			void Accept ();
+			void Accept ();
 			void HandleAccept(const boost::system::error_code& ecode,
 				std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
 			void CreateConnection(std::shared_ptr<boost::asio::ip::tcp::socket> newSocket);
-			
+
 		private:
 
 			bool m_IsRunning;
@@ -75,10 +76,12 @@ namespace http
 			boost::asio::io_service m_Service;
 			boost::asio::io_service::work m_Work;
 			boost::asio::ip::tcp::acceptor m_Acceptor;
+			std::string m_Hostname;
 	};
 
     //all the below functions are also used by Qt GUI, see mainwindow.cpp -> getStatusPageHtml
-    void ShowStatus (std::stringstream& s, bool includeHiddenContent);
+    enum OutputFormatEnum { forWebConsole, forQtUi };
+    void ShowStatus (std::stringstream& s, bool includeHiddenContent, OutputFormatEnum outputFormat);
     void ShowLocalDestinations (std::stringstream& s);
     void ShowLeasesSets(std::stringstream& s);
     void ShowTunnels (std::stringstream& s);

daemon/I2PControl.cpp

@@ -35,7 +35,7 @@ namespace client
 	I2PControlService::I2PControlService (const std::string& address, int port):
 		m_IsRunning (false), m_Thread (nullptr),
 		m_Acceptor (m_Service, boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string(address), port)),
-		m_SSLContext (m_Service, boost::asio::ssl::context::sslv23),
+		m_SSLContext (boost::asio::ssl::context::sslv23),
 		m_ShutdownTimer (m_Service)
 	{
 		i2p::config::GetOption("i2pcontrol.password", m_Password);
@@ -65,9 +65,10 @@ namespace client
 		m_MethodHandlers["RouterInfo"]     = &I2PControlService::RouterInfoHandler;
 		m_MethodHandlers["RouterManager"]  = &I2PControlService::RouterManagerHandler;
 		m_MethodHandlers["NetworkSetting"] = &I2PControlService::NetworkSettingHandler;
+		m_MethodHandlers["ClientServicesInfo"]     = &I2PControlService::ClientServicesInfoHandler;
 
 		// I2PControl
-		m_I2PControlHandlers["i2pcontrol.password"] = &I2PControlService::PasswordHandler; 
+		m_I2PControlHandlers["i2pcontrol.password"] = &I2PControlService::PasswordHandler;
 
 		// RouterInfo
 		m_RouterInfoHandlers["i2p.router.uptime"]  = &I2PControlService::UptimeHandler;
@@ -80,18 +81,26 @@ namespace client
 		m_RouterInfoHandlers["i2p.router.net.status"]         = &I2PControlService::NetStatusHandler;
 		m_RouterInfoHandlers["i2p.router.net.tunnels.participating"] = &I2PControlService::TunnelsParticipatingHandler;
 		m_RouterInfoHandlers["i2p.router.net.tunnels.successrate"] =
-&I2PControlService::TunnelsSuccessRateHandler;	
+&I2PControlService::TunnelsSuccessRateHandler;
 		m_RouterInfoHandlers["i2p.router.net.total.received.bytes"]  = &I2PControlService::NetTotalReceivedBytes;
 		m_RouterInfoHandlers["i2p.router.net.total.sent.bytes"]      = &I2PControlService::NetTotalSentBytes;
 
-		// RouterManager	
+		// RouterManager
 		m_RouterManagerHandlers["Reseed"]           = &I2PControlService::ReseedHandler;
-		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler; 
+		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler;
 		m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
 
 		// NetworkSetting
 		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlService::InboundBandwidthLimit;
 		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
+
+		// ClientServicesInfo
+		m_ClientServicesInfoHandlers["I2PTunnel"] = &I2PControlService::I2PTunnelInfoHandler;
+		m_ClientServicesInfoHandlers["HTTPProxy"] = &I2PControlService::HTTPProxyInfoHandler;
+		m_ClientServicesInfoHandlers["SOCKS"] = &I2PControlService::SOCKSInfoHandler;
+		m_ClientServicesInfoHandlers["SAM"] = &I2PControlService::SAMInfoHandler;
+		m_ClientServicesInfoHandlers["BOB"] = &I2PControlService::BOBInfoHandler;
+		m_ClientServicesInfoHandlers["I2CP"] = &I2PControlService::I2CPInfoHandler;
 	}
 
 	I2PControlService::~I2PControlService ()
@@ -133,8 +142,8 @@ namespace client
 				m_Service.run ();
 			} catch (std::exception& ex) {
 				LogPrint (eLogError, "I2PControl: runtime exception: ", ex.what ());
-			}	
-		}	
+			}
+		}
 	}
 
 	void I2PControlService::Accept ()
@@ -160,7 +169,7 @@ namespace client
 	void I2PControlService::Handshake (std::shared_ptr<ssl_socket> socket)
 	{
 		socket->async_handshake(boost::asio::ssl::stream_base::server,
-        	std::bind( &I2PControlService::HandleHandshake, this, std::placeholders::_1, socket));
+		std::bind( &I2PControlService::HandleHandshake, this, std::placeholders::_1, socket));
 	}
 
 	void I2PControlService::HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket)
@@ -168,7 +177,7 @@ namespace client
 		if (ecode) {
 			LogPrint (eLogError, "I2PControl: handshake error: ", ecode.message ());
 			return;
-		}	
+		}
 		//std::this_thread::sleep_for (std::chrono::milliseconds(5));
 		ReadRequest (socket);
 	}
@@ -187,15 +196,15 @@ namespace client
 	}
 
 	void I2PControlService::HandleRequestReceived (const boost::system::error_code& ecode,
- 		size_t bytes_transferred, std::shared_ptr<ssl_socket> socket,
+		size_t bytes_transferred, std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf)
 	{
-		if (ecode) 
+		if (ecode)
 		{
 			LogPrint (eLogError, "I2PControl: read error: ", ecode.message ());
 			return;
-		} 
-		else 
+		}
+		else
 		{
 			bool isHtml = !memcmp (buf->data (), "POST", 4);
 			try
@@ -243,8 +252,8 @@ namespace client
 					response << "{\"id\":" << id << ",\"result\":{";
 					(this->*(it->second))(pt.get_child ("params"), response);
 					response << "},\"jsonrpc\":\"2.0\"}";
-				} 
-				else 
+				}
+				else
 				{
 					LogPrint (eLogWarning, "I2PControl: unknown method ", method);
 					response << "{\"id\":null,\"error\":";
@@ -289,6 +298,13 @@ namespace client
 		ss << "\"" << name << "\":" << std::fixed << std::setprecision(2) << value;
 	}
 
+	void I2PControlService::InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const
+	{
+		std::ostringstream buf;
+		boost::property_tree::write_json (buf, value, false);
+		ss << "\"" << name << "\":" << buf.str();
+	}
+
 	void I2PControlService::SendResponse (std::shared_ptr<ssl_socket> socket,
 		std::shared_ptr<I2PControlBuffer> buf, std::ostringstream& response, bool isHtml)
 	{
@@ -337,9 +353,9 @@ namespace client
 		InsertParam (results, "API", api);
 		results << ",";
 		std::string token = boost::lexical_cast<std::string>(i2p::util::GetSecondsSinceEpoch ());
-		m_Tokens.insert (token);	
+		m_Tokens.insert (token);
 		InsertParam (results, "Token", token);
-	}	
+	}
 
 	void I2PControlService::EchoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
 	{
@@ -364,7 +380,7 @@ namespace client
 			}
 			else
 				LogPrint (eLogError, "I2PControl: I2PControl unknown request: ", it.first);
-		}	
+		}
 	}
 
 	void I2PControlService::PasswordHandler (const std::string& value)
@@ -394,28 +410,28 @@ namespace client
 
 	void I2PControlService::UptimeHandler (std::ostringstream& results)
 	{
-		InsertParam (results, "i2p.router.uptime", (int)i2p::context.GetUptime ()*1000);	
+		InsertParam (results, "i2p.router.uptime", (int)i2p::context.GetUptime ()*1000);
 	}
 
 	void I2PControlService::VersionHandler (std::ostringstream& results)
 	{
 		InsertParam (results, "i2p.router.version", VERSION);
-	}	
+	}
 
 	void I2PControlService::StatusHandler (std::ostringstream& results)
 	{
 		auto dest = i2p::client::context.GetSharedLocalDestination ();
-		InsertParam (results, "i2p.router.status", (dest && dest->IsReady ()) ? "1" : "0"); 
+		InsertParam (results, "i2p.router.status", (dest && dest->IsReady ()) ? "1" : "0");
 	}
 
 	void I2PControlService::NetDbKnownPeersHandler (std::ostringstream& results)
 	{
-		InsertParam (results, "i2p.router.netdb.knownpeers", i2p::data::netdb.GetNumRouters ());	
+		InsertParam (results, "i2p.router.netdb.knownpeers", i2p::data::netdb.GetNumRouters ());
 	}
 
 	void I2PControlService::NetDbActivePeersHandler (std::ostringstream& results)
 	{
-		InsertParam (results, "i2p.router.netdb.activepeers", (int)i2p::transport::transports.GetPeers ().size ());	
+		InsertParam (results, "i2p.router.netdb.activepeers", (int)i2p::transport::transports.GetPeers ().size ());
 	}
 
 	void I2PControlService::NetStatusHandler (std::ostringstream& results)
@@ -457,17 +473,18 @@ namespace client
 		InsertParam (results, "i2p.router.net.total.sent.bytes",     (double)i2p::transport::transports.GetTotalSentBytes ());
 	}
 
+
 // RouterManager
 
 	void I2PControlService::RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
 	{
 		for (auto it = params.begin (); it != params.end (); it++)
 		{
-			if (it != params.begin ()) results << ",";	
+			if (it != params.begin ()) results << ",";
 			LogPrint (eLogDebug, "I2PControl: RouterManager request: ", it->first);
 			auto it1 = m_RouterManagerHandlers.find (it->first);
 			if (it1 != m_RouterManagerHandlers.end ()) {
-				(this->*(it1->second))(results);	
+				(this->*(it1->second))(results);
 			} else
 				LogPrint (eLogError, "I2PControl: RouterManager unknown request: ", it->first);
 		}
@@ -516,7 +533,7 @@ namespace client
 			auto it1 = m_NetworkSettingHandlers.find (it->first);
 			if (it1 != m_NetworkSettingHandlers.end ()) {
 				if (it != params.begin ()) results << ",";
-				(this->*(it1->second))(it->second.data (), results);	
+				(this->*(it1->second))(it->second.data (), results);
 			} else
 				LogPrint (eLogError, "I2PControl: NetworkSetting unknown request: ", it->first);
 		}
@@ -538,7 +555,7 @@ namespace client
 		InsertParam (results, "i2p.router.net.bw.out", bw);
 	}
 
-	// certificate	
+	// certificate
 	void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
 	{
 		FILE *f = NULL;
@@ -586,5 +603,178 @@ namespace client
 		}
 		EVP_PKEY_free (pkey);
 	}
+
+// ClientServicesInfo
+
+	void I2PControlService::ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results)
+	{
+		for (auto it = params.begin (); it != params.end (); it++)
+		{
+			LogPrint (eLogDebug, "I2PControl: ClientServicesInfo request: ", it->first);
+			auto it1 = m_ClientServicesInfoHandlers.find (it->first);
+			if (it1 != m_ClientServicesInfoHandlers.end ())
+			{
+				if (it != params.begin ()) results << ",";
+				(this->*(it1->second))(results);
+			}
+			else
+				LogPrint (eLogError, "I2PControl: ClientServicesInfo unknown request ", it->first);
+		}
+	}
+
+	void I2PControlService::I2PTunnelInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		boost::property_tree::ptree client_tunnels, server_tunnels;
+
+		for (auto& it: i2p::client::context.GetClientTunnels ())
+		{
+			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+			boost::property_tree::ptree ct;
+			ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+			client_tunnels.add_child(it.second->GetName (), ct);
+		}
+
+		auto& serverTunnels = i2p::client::context.GetServerTunnels ();
+		if (!serverTunnels.empty ()) {
+			for (auto& it: serverTunnels)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree st;
+				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				st.put("port", it.second->GetLocalPort ());
+				server_tunnels.add_child(it.second->GetName (), st);
+			}
+		}
+
+		auto& clientForwards = i2p::client::context.GetClientForwards ();
+		if (!clientForwards.empty ())
+		{
+			for (auto& it: clientForwards)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree ct;
+				ct.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				client_tunnels.add_child(it.second->GetName (), ct);
+			}
+		}
+
+		auto& serverForwards = i2p::client::context.GetServerForwards ();
+		if (!serverForwards.empty ())
+		{
+			for (auto& it: serverForwards)
+			{
+				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
+				boost::property_tree::ptree st;
+				st.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+				server_tunnels.add_child(it.second->GetName (), st);
+			}
+		}
+
+		pt.add_child("client", client_tunnels);
+		pt.add_child("server", server_tunnels);
+
+		InsertParam (results, "I2PTunnel", pt);
+	}
+
+	void I2PControlService::HTTPProxyInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+
+		auto httpProxy = i2p::client::context.GetHttpProxy ();
+		if (httpProxy)
+		{
+			auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
+			pt.put("enabled", true);
+			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "HTTPProxy", pt);
+	}
+
+	void I2PControlService::SOCKSInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+
+		auto socksProxy = i2p::client::context.GetSocksProxy ();
+		if (socksProxy)
+		{
+			auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
+			pt.put("enabled", true);
+			pt.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "SOCKS", pt);
+	}
+
+	void I2PControlService::SAMInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto sam = i2p::client::context.GetSAMBridge ();
+		if (sam)
+		{
+			pt.put("enabled", true);
+			boost::property_tree::ptree sam_sessions;
+			for (auto& it: sam->GetSessions ())
+			{
+				boost::property_tree::ptree sam_session, sam_session_sockets;
+				auto& name = it.second->localDestination->GetNickname ();
+				auto& ident = it.second->localDestination->GetIdentHash();
+				sam_session.put("name", name);
+				sam_session.put("address", i2p::client::context.GetAddressBook ().ToAddress(ident));
+
+				for (const auto& socket: sam->ListSockets(it.first))
+				{
+					boost::property_tree::ptree stream;
+					stream.put("type", socket->GetSocketType ());
+					stream.put("peer", socket->GetSocket ().remote_endpoint());
+
+					sam_session_sockets.push_back(std::make_pair("", stream));
+				}
+				sam_session.add_child("sockets", sam_session_sockets);
+				sam_sessions.add_child(it.first, sam_session);
+			}
+
+			pt.add_child("sessions", sam_sessions);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "SAM", pt);
+	}
+
+	void I2PControlService::BOBInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto bob = i2p::client::context.GetBOBCommandChannel ();
+		if (bob)
+		{
+			/* TODO more info */
+			pt.put("enabled", true);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "BOB", pt);
+	}
+
+	void I2PControlService::I2CPInfoHandler (std::ostringstream& results)
+	{
+		boost::property_tree::ptree pt;
+		auto i2cp = i2p::client::context.GetI2CPServer ();
+		if (i2cp)
+		{
+			/* TODO more info */
+			pt.put("enabled", true);
+		}
+		else
+			pt.put("enabled", false);
+
+		InsertParam (results, "I2CP", pt);
+	}
 }
 }

daemon/I2PControl.h

@@ -10,7 +10,7 @@
 #include <map>
 #include <set>
 #include <boost/asio.hpp>
-#include <boost/asio/ssl.hpp> 
+#include <boost/asio/ssl.hpp>
 #include <boost/property_tree/ptree.hpp>
 
 namespace i2p
@@ -57,6 +57,7 @@ namespace client
 			void InsertParam (std::ostringstream& ss, const std::string& name, int value) const;
 			void InsertParam (std::ostringstream& ss, const std::string& name, double value) const;
 			void InsertParam (std::ostringstream& ss, const std::string& name, const std::string& value) const;
+			void InsertParam (std::ostringstream& ss, const std::string& name, const boost::property_tree::ptree& value) const;
 
 			// methods
 			typedef void (I2PControlService::*MethodHandler)(const boost::property_tree::ptree& params, std::ostringstream& results);
@@ -67,6 +68,7 @@ namespace client
 			void RouterInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 			void RouterManagerHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 			void NetworkSettingHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
+			void ClientServicesInfoHandler (const boost::property_tree::ptree& params, std::ostringstream& results);
 
 			// I2PControl
 			typedef void (I2PControlService::*I2PControlRequestHandler)(const std::string& value);
@@ -98,6 +100,15 @@ namespace client
 			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
 			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
 
+			// ClientServicesInfo
+			typedef void (I2PControlService::*ClientServicesInfoRequestHandler)(std::ostringstream& results);
+			void I2PTunnelInfoHandler (std::ostringstream& results);
+			void HTTPProxyInfoHandler (std::ostringstream& results);
+			void SOCKSInfoHandler (std::ostringstream& results);
+			void SAMInfoHandler (std::ostringstream& results);
+			void BOBInfoHandler (std::ostringstream& results);
+			void I2CPInfoHandler (std::ostringstream& results);
+
 		private:
 
 			std::string m_Password;
@@ -115,6 +126,7 @@ namespace client
 			std::map<std::string, RouterInfoRequestHandler> m_RouterInfoHandlers;
 			std::map<std::string, RouterManagerRequestHandler> m_RouterManagerHandlers;
 			std::map<std::string, NetworkSettingRequestHandler> m_NetworkSettingHandlers;
+			std::map<std::string, ClientServicesInfoRequestHandler> m_ClientServicesInfoHandlers;
 	};
 }
 }

daemon/UPnP.h

@@ -42,13 +42,13 @@ namespace transport
 		std::string GetProto (std::shared_ptr<i2p::data::RouterInfo::Address> address);
 
 	private:
-	
+
 		bool m_IsRunning;
         std::unique_ptr<std::thread> m_Thread;
-		std::condition_variable m_Started;	
-		std::mutex m_StartedMutex;	
+		std::condition_variable m_Started;
+		std::mutex m_StartedMutex;
 		boost::asio::io_service m_Service;
-		boost::asio::deadline_timer m_Timer;	
+		boost::asio::deadline_timer m_Timer;
         struct UPNPUrls m_upnpUrls;
         struct IGDdatas m_upnpData;
 

daemon/UnixDaemon.cpp

@@ -13,6 +13,7 @@
 #include "Config.h"
 #include "FS.h"
 #include "Log.h"
+#include "Tunnel.h"
 #include "RouterContext.h"
 #include "ClientContext.h"
 
@@ -137,11 +138,14 @@ namespace i2p
 					LogPrint(eLogError, "Daemon: could not create pid file ", pidfile, ": ", strerror(errno));
 					return false;
 				}
+
+#ifndef ANDROID
 				if (lockf(pidFH, F_TLOCK, 0) != 0)
 				{
 					LogPrint(eLogError, "Daemon: could not lock pid file ", pidfile, ": ", strerror(errno));
 					return false;
 				}
+#endif
 				char pid[10];
 				sprintf(pid, "%d\n", getpid());
 				ftruncate(pidFH, 0);
@@ -183,7 +187,7 @@ namespace i2p
 				if (gracefulShutdownInterval)
 				{
 					gracefulShutdownInterval--; // - 1 second
-					if (gracefulShutdownInterval <= 0)
+					if (gracefulShutdownInterval <= 0 || i2p::tunnel::tunnels.CountTransitTunnels() <= 0)
 					{
 						LogPrint(eLogInfo, "Graceful shutdown");
 						return;

daemon/i2pd.cpp

@@ -22,6 +22,8 @@ int main( int argc, char* argv[] )
 	{
 		if (Daemon.start())
 			Daemon.run ();
+		else
+			return EXIT_FAILURE;
 		Daemon.stop();
 	}
 	return EXIT_SUCCESS;

debian/changelog

@@ -1,3 +1,20 @@
+i2pd (2.19.0-1) unstable; urgency=medium
+
+  * updated to version 2.19.0/0.9.35
+  * update manpage (1)
+  * update docfiles
+  * update build rules
+  * fixes in systemd unit (#1089, #1142, #1154, #1155)
+  * package now building with systemd support
+
+ -- R4SAS <r4sas@i2pmail.org>  Tue, 26 Jun 2018 16:27:45 +0000
+
+i2pd (2.18.0-1) unstable; urgency=low
+
+  * updated to version 2.18.0/0.9.33
+
+ -- orignal <orignal@i2pmail.org>  Tue, 30 Jan 2018 16:00:00 +0000
+
 i2pd (2.17.0-1) unstable; urgency=low
 
   * updated to version 2.17.0/0.9.32
@@ -62,7 +79,7 @@ i2pd (2.10.0-1) unstable; urgency=low
 
   * updated to version 2.10.0/0.9.27
   * reseed.verify set to true by default
-  
+
  -- orignal <orignal@i2pmail.org>  Sun, 16 Oct 2016 13:55:40 +0000
 
 i2pd (2.9.0-1) unstable; urgency=low
@@ -73,7 +90,7 @@ i2pd (2.9.0-1) unstable; urgency=low
   * removed all port assigments in services files
   * fixed logrotate
   * subscriptions.txt and tunnels.conf taken from docs folder
-  
+
  -- orignal <orignal@i2pmail.org>  Fri, 12 Aug 2016 14:25:40 +0000
 
 i2pd (2.7.0-1) unstable; urgency=low

debian/compat

@@ -1 +1 @@
-9
+9

debian/control

@@ -2,18 +2,17 @@ Source: i2pd
 Section: net
 Priority: optional
 Maintainer: R4SAS <r4sas@i2pmail.org>
-Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.1~), gcc (>= 4.7) | clang (>= 3.3), libboost-system-dev (>= 1.46), libboost-date-time-dev, libboost-filesystem-dev, libboost-program-options-dev, libminiupnpc-dev, libssl-dev, zlib1g-dev, dh-apparmor
+Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.17.2~), gcc (>= 4.7) | clang (>= 3.3), libboost-system-dev (>= 1.46), libboost-date-time-dev (>= 1.46), libboost-filesystem-dev (>= 1.46), libboost-program-options-dev (>= 1.46), libminiupnpc-dev, libssl-dev, zlib1g-dev
 Standards-Version: 3.9.6
 Homepage: http://i2pd.website/
 Vcs-Git: git://github.com/PurpleI2P/i2pd.git
-Vcs-Browser: https://github.com/PurpleI2P/i2pd.git
+Vcs-Browser: https://github.com/PurpleI2P/i2pd
 
 Package: i2pd
 Architecture: any
 Pre-Depends: adduser
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Suggests: tor, privoxy, apparmor
-Description: A full-featured C++ implementation of I2P client.
+Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base,
+Description: Full-featured C++ implementation of I2P client.
  I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
  communications over I2P are anonymous and end-to-end encrypted, participants
  don't reveal their real IP addresses.
@@ -25,7 +24,6 @@ Architecture: any
 Priority: extra
 Section: debug
 Depends: i2pd (= ${binary:Version}), ${misc:Depends}
-Suggests: gdb
 Description: i2pd debugging symbols
  I2P (Invisible Internet Protocol) is a universal anonymous network layer. All
  communications over I2P are anonymous and end-to-end encrypted, participants

debian/copyright

@@ -4,6 +4,22 @@ Source: https://github.com/PurpleI2P
 
 Files: *
 Copyright: 2013-2017 PurpleI2P
+License: BSD-3-clause
+
+Files: qt/i2pd_qt/android/src/org/kde/necessitas/ministro/IMinistro.aidl
+       qt/i2pd_qt/android/src/org/kde/necessitas/ministro/IMinistroCallback.aidl
+       qt/i2pd_qt/android/src/org/qtproject/qt5/android/bindings/QtActivity.java
+       qt/i2pd_qt/android/src/org/qtproject/qt5/android/bindings/QtApplication.java
+Copyright: 2011-2013 BogDan Vatra <bogdan@kde.org>
+License: BSD-2-Clause
+
+Files: debian/*
+Copyright: 2013-2015 Kill Your TV <killyourtv@i2pmail.org>
+           2014-2016 hagen <hagen@i2pmail.org>
+           2016-2017 R4SAS <r4sas@i2pmail.org>
+           2017-2018 Yangfl <mmyangfl@gmail.com>
+License: GPL-2+
+
 License: BSD-3-clause
  Copyright (c) 2013-2017, The PurpleI2P Project
  .
@@ -33,11 +49,29 @@ License: BSD-3-clause
  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-Files: debian/*
-Copyright: 2016-2017 R4SAS <r4sas@i2pmail.org>
-           2014-2016 hagen <hagen@i2pmail.org>
-           2013-2015 Kill Your TV <killyourtv@i2pmail.org>
-License: GPL-2.0+
+License: BSD-2-Clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE HOLDERS OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: GPL-2+
  This package is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or

debian/docs

@@ -1 +1,4 @@
 README.md
+contrib/i2pd.conf
+contrib/subscriptions.txt
+contrib/tunnels.conf

debian/i2pd.1

@@ -1,22 +1,19 @@
-.TH I2PD "1" "March 31, 2015"
+.TH "I2PD" "1" "June 20, 2018"
 
-.SH NAME
-i2pd \- Load-balanced unspoofable packet switching network
-
-.SH SYNOPSIS
+.SH "NAME"
+i2pd \- Full-featured C++ implementation of I2P client.
+.SH "SYNOPSIS"
 .B i2pd
 [\fIOPTION1\fR] [\fIOPTION2\fR]...
-
-.SH DESCRIPTION
+.SH "DESCRIPTION"
 i2pd
 is a C++ implementation of the router for the I2P anonymizing network, offering
 a simple layer that identity-sensitive applications can use to securely
 communicate. All data is wrapped with several layers of encryption, and the
 network is both distributed and dynamic, with no trusted parties.
-
 .PP
 Any of the configuration options below can be used in the \fBDAEMON_ARGS\fR variable in \fI/etc/default/i2pd\fR.
-.BR
+.SH "OPTIONS"
 .TP
 \fB\-\-help\fR
 Show available options.
@@ -36,11 +33,14 @@ Where to write pidfile (don\'t write by default)
 \fB\-\-log=\fR
 Logs destination: \fIstdout\fR, \fIfile\fR, \fIsyslog\fR (\fIstdout\fR if not set, \fIfile\fR - otherwise, for compatibility)
 .TP
-\fB\-\-logfile\fR
+\fB\-\-logfile=\fR
 Path to logfile (default - autodetect)
 .TP
 \fB\-\-loglevel=\fR
-Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR)
+Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR, \fInone\fR)
+.TP
+\fB\-\-logclftime\fR
+Log messages with full CLF-formatted date and time (\fIdisabled\fR by default)
 .TP
 \fB\-\-datadir=\fR
 Path to storage of i2pd data (RI, keys, peer profiles, ...)
@@ -51,35 +51,58 @@ The external IP address
 \fB\-\-port=\fR
 The port to listen on for incoming connections
 .TP
-\fB\-\-daemon\fR
-Router will go to background after start
+\fB\-\-ifname=\fR
+The network interface to bind to
 .TP
-\fB\-\-service\fR
-Router will use system folders like \fI/var/lib/i2pd\fR
+\fB\-\-ifname4=\fR
+The network interface to bind to for IPv4 connections
+.TP
+\fB\-\-ifname6=\fR
+The network interface to bind to for IPv6 connections
+.TP
+\fB\-\-ipv4=\fR
+Enable communication through ipv6 (\fIenabled\fR by default)
 .TP
 \fB\-\-ipv6\fR
-Enable communication through ipv6. false by default
+Enable communication through ipv6 (\fIdisabled\fR by default)
+.TP
+\fB\-\-ntcp=\fR
+Enable usage of NTCP transport (\fIenabled\fR by default)
+.TP
+\fB\-\-ntcpproxy=\fR
+Set proxy URL for NTCP transport
+.TP
+\fB\-\-ssu=\fR
+Enable usage of SSU transport (\fIenabled\fR by default)
 .TP
 \fB\-\-notransit\fR
-Router will not accept transit tunnels at startup
+Router will not accept transit tunnels at startup (\fIdisabled\fR by default)
 .TP
 \fB\-\-floodfill\fR
-Router will be floodfill
+Router will be floodfill (\fIdisabled\fR by default)
 .TP
 \fB\-\-bandwidth=\fR
-Bandwidth limit: integer in KBps or letter aliases: \fIL (32KBps)\fR, O (256), P (2048), X (>9000)
+Bandwidth limit: integer in KBps or letter aliases: \fBL (32KBps)\fR, \fIO (256)\fR, \fIP (2048)\fR, \fIX (>9000)\fR
+.TP
+\fB\-\-share=\fR
+Limit of transit traffic from max bandwidth in percents. (default: 100)
+.TP
+\fB\-\-daemon\fR
+Router will go to background after start (\fIdisabled\fR by default)
+.TP
+\fB\-\-service\fR
+Router will use system folders like \fI/var/lib/i2pd\fR (\fIdisabled\fR by default)
 .TP
 \fB\-\-family=\fR
 Name of a family, router belongs to.
 .PP
-See service-specific parameters in example config file \fIcontrib/i2pd.conf\fR
-
-.SH FILES
-.PP
+Switchs, which enabled by default (like \fB\-\-ssu\fR, \fB\-\-ntcp\fR, etc.), can be disabled in config file.
+.RE
+See service-specific parameters in example config file \fI/usr/share/doc/i2pd/i2pd.conf.gz\fR
+.SH "FILES"
 /etc/i2pd/i2pd.conf, /etc/i2pd/tunnels.conf, /etc/default/i2pd
 .RS 4
 i2pd configuration files (when running as a system service)
-
 .RE
 .PP
 /var/lib/i2pd/
@@ -90,16 +113,15 @@ i2pd profile directory (when running as a system service, see \fB\-\-service\fR
 $HOME/.i2pd/
 .RS 4
 i2pd profile directory (when running as a normal user)
+.SH "SEE ALSO"
+Documentation at Read the Docs: \m[blue]\fBhttps://i2pd\&.readthedocs\&.io/en/latest/\fR\m[]
+.SH "AUTHOR"
+This manual page was written by kytv <\m[blue]\fBkillyourtv@i2pmail\&.org\fR\m[]> for the Debian system (but may be used by others).
 .RE
+Updated by hagen <\m[blue]\fBhagen@i2pmail\&.org\fR\m[]> in 2016.
+.RE
+Updated by R4SAS <\m[blue]\fBr4sas@i2pmail\&.org\fR\m[]> in 2018.
 .PP
-/usr/share/doc/i2pd/examples/hosts.txt.gz
-.RS 4
-default I2P hosts file
-.SH AUTHOR
-This manual page was written by kytv <killyourtv@i2pmail.org> for the Debian system (but may be used by others).
-.PP
-Updated by hagen <hagen@i2pmail.org> in 2016.
-.PP
-Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation
-.BR
+Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation.
+.RE
 On Debian systems, the complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fR

debian/i2pd.default

@@ -7,5 +7,5 @@ I2PD_ENABLED="yes"
 # see possible switches in /usr/share/doc/i2pd/configuration.md.gz
 DAEMON_OPTS=""
 
-# If you have problems with hunging i2pd, you can try enable this 
+# If you have problems with hunging i2pd, you can try enable this
 ulimit -n 4096

debian/i2pd.service

@@ -0,0 +1 @@
+../contrib/debian/i2pd.service

debian/i2pd.tmpfile

@@ -0,0 +1 @@
+../contrib/debian/i2pd.tmpfile

debian/lintian-overrides

@@ -0,0 +1,2 @@
+# GPL come from debian/
+i2pd: possible-gpl-code-linked-with-openssl

debian/patches/01-tune-build-opts.patch

@@ -1,12 +1,11 @@
 diff --git a/Makefile b/Makefile
 index bdadfe0..2f71eec 100644
-
 --- a/Makefile
 +++ b/Makefile
 @@ -9,10 +9,10 @@ DEPS := obj/make.dep
- 
+
  include filelist.mk
- 
+
 -USE_AESNI	:= yes
 +USE_AESNI	:= no
 -USE_AVX		:= yes

debian/rules

@@ -5,17 +5,18 @@
 #export DH_VERBOSE=1
 
 DEB_BUILD_MAINT_OPTIONS=hardening=+bindnow
-DPKG_EXPORT_BUILDFLAGS = 1
-include /usr/share/dpkg/buildflags.mk
-CXXFLAGS+=$(CPPFLAGS)
-PREFIX=/usr
+#DPKG_EXPORT_BUILDFLAGS = 1
+#include /usr/share/dpkg/buildflags.mk
+#CXXFLAGS+=$(CPPFLAGS)
+#PREFIX=/usr
 
 %:
 	dh $@ --parallel
-	dh_apparmor --profile-name=usr.sbin.i2pd -pi2pd
+#	dh_apparmor --profile-name=usr.sbin.i2pd -pi2pd
 
 override_dh_strip:
 	dh_strip --dbg-package=i2pd-dbg
 
-override_dh_shlibdeps:
-	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info
+## uncoment this if you have "missing info" problem when building package
+#override_dh_shlibdeps:
+#	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info

docs/Doxyfile

@@ -1638,7 +1638,7 @@ EXTRA_PACKAGES         =
 # following commands have a special meaning inside the header: $title,
 # $datetime, $date, $doxygenversion, $projectname, $projectnumber,
 # $projectbrief, $projectlogo. Doxygen will replace $title with the empy string,
-# for the replacement values of the other commands the user is refered to
+# for the replacement values of the other commands the user is referred to
 # HTML_HEADER.
 # This tag requires that the tag GENERATE_LATEX is set to YES.
 

entrypoint.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-
-ARGS=""
-if [ "${ENABLE_IPV6}" != "" ]; then
-  ARGS="${ARGS} –ipv6"
-fi
-
-if [ "${LOGLEVEL}" != "" ]; then
-  ARGS="${ARGS} –loglevel=${LOGLEVEL}"
-fi
-
-if [ "${ENABLE_AUTH}" != "" ]; then
-  ARGS="${ARGS} –http.auth"
-fi
-
-
-# To make ports exposeable
-DEFAULT_ARGS=" –http.address=0.0.0.0 –httpproxy.address=0.0.0.0 -socksproxy.address=0.0.0.0 –sam.address=0.0.0.0 –bob.address=0.0.0.0 –i2cp.address=0.0.0.0 –i2pcontrol.port=0.0.0.0 –upnp.enabled=false -service "
-
-mkdir -p /var/lib/i2pd && chown -R i2pd:nobody /var/lib/i2pd && chmod u+rw /var/lib/i2pd
-
-gosu i2pd i2pd $DEFAULT_ARGS $ARGS
-
-

libi2pd/Base.cpp

@@ -43,8 +43,8 @@ namespace data
 	const char * GetBase64SubstitutionTable ()
 	{
 		return T64;
-	}	
-	
+	}
+
 	/*
 	* Reverse Substitution Table (built in run time)
 	*/
@@ -53,10 +53,10 @@ namespace data
 	static int isFirstTime = 1;
 
 	/*
-	* Padding 
+	* Padding
 	*/
 
-	static char P64 = '='; 
+	static char P64 = '=';
 
 	/*
 	*
@@ -68,11 +68,11 @@ namespace data
 	*/
 
 	size_t                                /* Number of bytes in the encoded buffer */
-	ByteStreamToBase64 ( 
+	ByteStreamToBase64 (
 		    const uint8_t * InBuffer,           /* Input buffer, binary data */
-		    size_t    InCount,              /* Number of bytes in the input buffer */ 
+		    size_t    InCount,              /* Number of bytes in the input buffer */
 		    char  * OutBuffer,          /* output buffer */
-		size_t len			   /* length of output buffer */	             
+		size_t len			   /* length of output buffer */
 	)
 
 	{
@@ -80,9 +80,9 @@ namespace data
 		unsigned char * pd;
 		unsigned char   acc_1;
 		unsigned char   acc_2;
-		int             i; 
-		int             n; 
-		int             m; 
+		int             i;
+		int             n;
+		int             m;
 		size_t outCount;
 
 		ps = (unsigned char *)InBuffer;
@@ -96,7 +96,7 @@ namespace data
 		pd = (unsigned char *)OutBuffer;
 		for ( i = 0; i<n; i++ ){
 		     acc_1 = *ps++;
-		     acc_2 = (acc_1<<4)&0x30; 
+		     acc_2 = (acc_1<<4)&0x30;
 		     acc_1 >>= 2;              /* base64 digit #1 */
 		     *pd++ = T64[acc_1];
 		     acc_1 = *ps++;
@@ -109,7 +109,7 @@ namespace data
 		     *pd++ = T64[acc_1];
 		     acc_2 &= 0x3f;            /* base64 digit #4 */
 		     *pd++ = T64[acc_2];
-		} 
+		}
 		if ( m == 1 ){
 		     acc_1 = *ps++;
 		     acc_2 = (acc_1<<4)&0x3f;  /* base64 digit #2 */
@@ -122,7 +122,7 @@ namespace data
 		}
 		else if ( m == 2 ){
 		     acc_1 = *ps++;
-		     acc_2 = (acc_1<<4)&0x3f; 
+		     acc_2 = (acc_1<<4)&0x3f;
 		     acc_1 >>= 2;              /* base64 digit #1 */
 		     *pd++ = T64[acc_1];
 		     acc_1 = *ps++;
@@ -133,7 +133,7 @@ namespace data
 		     *pd++ = T64[acc_1];
 		     *pd++ = P64;
 		}
-		
+
 		return outCount;
 	}
 
@@ -148,10 +148,10 @@ namespace data
 	*/
 
 	size_t                              /* Number of output bytes */
-	Base64ToByteStream ( 
+	Base64ToByteStream (
 		      const char * InBuffer,           /* BASE64 encoded buffer */
 		      size_t    InCount,          /* Number of input bytes */
-		      uint8_t  * OutBuffer,	/* output buffer length */ 	
+		      uint8_t  * OutBuffer,	/* output buffer length */
 		  size_t len         	/* length of output buffer */
 	)
 	{
@@ -159,28 +159,28 @@ namespace data
 		unsigned char * pd;
 		unsigned char   acc_1;
 		unsigned char   acc_2;
-		int             i; 
-		int             n; 
-		int             m; 
+		int             i;
+		int             n;
+		int             m;
 		size_t outCount;
 
 		if (isFirstTime) iT64Build();
 		n = InCount/4;
 		m = InCount%4;
-		if (InCount && !m) 
+		if (InCount && !m)
 		     outCount = 3*n;
 		else {
 		     outCount = 0;
 		     return 0;
 		}
-		
+
 		ps = (unsigned char *)(InBuffer + InCount - 1);
 		while ( *ps-- == P64 ) outCount--;
 		ps = (unsigned char *)InBuffer;
-		
+
 		if (outCount > len) return -1;
 		pd = OutBuffer;
-		auto endOfOutBuffer = OutBuffer + outCount;		
+		auto endOfOutBuffer = OutBuffer + outCount;
 		for ( i = 0; i < n; i++ ){
 		     acc_1 = iT64[*ps++];
 		     acc_2 = iT64[*ps++];
@@ -193,7 +193,7 @@ namespace data
 		     acc_1 = iT64[*ps++];
 		     acc_2 |= acc_1 >> 2;
 		     *pd++ = acc_2;
-			  if (pd >= endOfOutBuffer) break;	
+			  if (pd >= endOfOutBuffer) break;
 
 		     acc_2 = iT64[*ps++];
 		     acc_2 |= acc_1 << 6;
@@ -203,13 +203,28 @@ namespace data
 		return outCount;
 	}
 
-	size_t Base64EncodingBufferSize (const size_t input_size) 
+	size_t Base64EncodingBufferSize (const size_t input_size)
 	{
 		auto d = div (input_size, 3);
 		if (d.rem) d.quot++;
 		return 4*d.quot;
 	}
-	
+
+	std::string ToBase64Standard (const std::string& in)
+	{
+		auto len = Base64EncodingBufferSize (in.length ());	
+		char * str = new char[len+1];
+		auto l = ByteStreamToBase64 ((const uint8_t *)in.c_str (), in.length (), str, len);
+		str[l] = 0;
+		// replace '-' by '+' and '~' by '/'
+		for (size_t i = 0; i < l; i++)
+			if (str[i] == '-') str[i] = '+';
+			else if (str[i] == '~') str[i] = '/';
+		std::string s(str);
+		delete[] str;
+		return s;
+	}
+
 	/*
 	*
 	* iT64
@@ -228,20 +243,20 @@ namespace data
 		iT64[(int)P64] = 0;
 	}
 
-	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen) 
+	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen)
 	{
 		int tmp = 0, bits = 0;
 		size_t ret = 0;
 		for (size_t i = 0; i < len; i++)
 		{
-			char ch = inBuf[i];	
+			char ch = inBuf[i];
 			if (ch >= '2' && ch <= '7') // digit
 				ch = (ch - '2') + 26; // 26 means a-z
 			else if (ch >= 'a' && ch <= 'z')
 				ch = ch - 'a'; // a = 0
 			else
 				return 0; // unexpected character
-			
+
 			tmp |= ch;
 			bits += 5;
 			if (bits >= 8)
@@ -261,23 +276,23 @@ namespace data
 		size_t ret = 0, pos = 1;
 		int bits = 8, tmp = inBuf[0];
 		while (ret < outLen && (bits > 0 || pos < len))
-		{ 	
+		{
 			if (bits < 5)
 			{
 				if (pos < len)
 				{
 					tmp <<= 8;
-		      		tmp |= inBuf[pos] & 0xFF;
+					tmp |= inBuf[pos] & 0xFF;
 					pos++;
-		      		bits += 8;
+					bits += 8;
 				}
 				else // last byte
 				{
 					tmp <<= (5 - bits);
-				  	bits = 5;
+					bits = 5;
 				}
-			}	
-		
+			}
+
 			bits -= 5;
 			int ind = (tmp >> bits) & 0x1F;
 			outBuf[ret] = (ind < 26) ? (ind + 'a') : ((ind - 26) + '2');

libi2pd/Base.h

@@ -10,15 +10,18 @@ namespace data {
 	size_t ByteStreamToBase64 (const uint8_t * InBuffer, size_t InCount, char * OutBuffer, size_t len);
 	size_t Base64ToByteStream (const char * InBuffer, size_t InCount, uint8_t * OutBuffer, size_t len );
 	const char * GetBase32SubstitutionTable ();
-	const char * GetBase64SubstitutionTable ();	
-	
+	const char * GetBase64SubstitutionTable ();
+
 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
 
-  /**
+ 	/**
      Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
-   */
-  size_t Base64EncodingBufferSize(const size_t input_size);
+   	*/
+	size_t Base64EncodingBufferSize(const size_t input_size);
+	
+	std::string ToBase64Standard (const std::string& in); // using standard table, for Proxy-Authorization	
+	
 } // data
 } // i2p
 

libi2pd/CPU.cpp

@@ -0,0 +1,43 @@
+#include "CPU.h"
+#if defined(__x86_64__) || defined(__i386__)
+#include <cpuid.h>
+#endif
+#include "Log.h"
+
+#ifndef bit_AES
+#define bit_AES (1 << 25)
+#endif
+#ifndef bit_AVX
+#define bit_AVX (1 << 28)
+#endif
+
+
+namespace i2p
+{
+namespace cpu
+{
+	bool aesni = false;
+	bool avx = false;
+
+	void Detect()
+	{
+#if defined(__x86_64__) || defined(__i386__)
+		int info[4];
+		__cpuid(0, info[0], info[1], info[2], info[3]);
+		if (info[0] >= 0x00000001) {
+			__cpuid(0x00000001, info[0], info[1], info[2], info[3]);
+			aesni = info[2] & bit_AES;  // AESNI
+			avx = info[2] & bit_AVX;  // AVX
+		}
+#endif
+		if(aesni)
+		{
+			LogPrint(eLogInfo, "AESNI enabled");
+		}
+		if(avx)
+		{
+			LogPrint(eLogInfo, "AVX enabled");
+		}
+	}
+}
+}

libi2pd/CPU.h

@@ -0,0 +1,15 @@
+#ifndef LIBI2PD_CPU_H
+#define LIBI2PD_CPU_H
+
+namespace i2p
+{
+namespace cpu
+{
+  extern bool aesni;
+  extern bool avx;
+
+  void Detect();
+}
+}
+
+#endif

libi2pd/ChaCha20.cpp

@@ -0,0 +1,147 @@
+#include "ChaCha20.h"
+
+/**
+   This code is licensed under the MCGSI Public License
+   Copyright 2018 Jeff Becker
+
+   Kovri go write your own code
+
+ */
+namespace i2p
+{
+namespace crypto
+{
+namespace chacha
+{
+constexpr int rounds = 20;
+constexpr std::size_t blocksize = 64;
+
+void u32t8le(uint32_t v, uint8_t * p) 
+{
+    p[0] = v & 0xff;
+    p[1] = (v >> 8) & 0xff;
+    p[2] = (v >> 16) & 0xff;
+    p[3] = (v >> 24) & 0xff;
+}
+
+uint32_t u8t32le(const uint8_t * p) 
+{
+    uint32_t value = p[3];
+
+    value = (value << 8) | p[2];
+    value = (value << 8) | p[1];
+    value = (value << 8) | p[0];
+
+    return value;
+}
+
+uint32_t rotl32(uint32_t x, int n) 
+{
+    return x << n | (x >> (-n & 31));
+}
+
+void quarterround(uint32_t *x, int a, int b, int c, int d) 
+{
+    x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a], 16);
+    x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c], 12);
+    x[a] += x[b]; x[d] = rotl32(x[d] ^ x[a],  8);
+    x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c],  7);
+}
+
+    struct State_t
+    {
+      State_t() {};
+      State_t(State_t &&) = delete;
+      
+      State_t & operator += (const State_t & other)
+      {
+        for(int i = 0; i < 16; i++)
+            data[i] += other.data[i];
+        return *this;
+      }
+
+      void Copy(const State_t & other)
+      {
+           memcpy(data, other.data, sizeof(uint32_t) * 16);
+      }
+      uint32_t data[16];
+    };
+
+    struct Block_t
+    {
+      Block_t() {};
+      Block_t(Block_t &&) = delete;
+
+      uint8_t data[blocksize];
+
+      void operator << (const State_t & st)
+      {
+        int i;
+        for (i = 0; i < 16; i++) 
+            u32t8le(st.data[i], data + (i << 2));
+      }
+    };
+
+void block(const State_t &input, Block_t & block, int rounds)
+{
+    int i;
+    State_t x;
+    x.Copy(input);
+
+    for (i = rounds; i > 0; i -= 2) 
+    {
+        quarterround(x.data, 0, 4,  8, 12);
+        quarterround(x.data, 1, 5,  9, 13);
+        quarterround(x.data, 2, 6, 10, 14);
+        quarterround(x.data, 3, 7, 11, 15);
+        quarterround(x.data, 0, 5, 10, 15);
+        quarterround(x.data, 1, 6, 11, 12);
+        quarterround(x.data, 2, 7,  8, 13);
+        quarterround(x.data, 3, 4,  9, 14);
+    }
+    x += input;
+    block << x;
+
+}
+} // namespace chacha
+
+
+
+
+
+void chacha20(uint8_t * buf, size_t sz, const uint8_t * nonce, const uint8_t * key, uint32_t counter)
+{
+    chacha::State_t state;
+    chacha::Block_t block;
+    size_t i, j;
+
+    state.data[0] = 0x61707865;
+    state.data[1] = 0x3320646e;
+    state.data[2] = 0x79622d32;
+    state.data[3] = 0x6b206574;
+
+    for (i = 0; i < 8; i++) 
+        state.data[4 + i] = chacha::u8t32le(key + i * 4);
+    
+
+    state.data[12] = counter;
+
+    for (i = 0; i < 3; i++) 
+        state.data[13 + i] = chacha::u8t32le(nonce + i * 4);
+
+    
+    for (i = 0; i < sz; i += chacha::blocksize) 
+    {
+        chacha::block(state, block, chacha::rounds);
+        state.data[12]++;
+        for (j = i; j < i + chacha::blocksize; j++) 
+        {
+            if (j >= sz) break;
+            buf[j] ^= block.data[j - i];
+        }
+    }
+
+}
+
+}
+}

libi2pd/ChaCha20.h

@@ -0,0 +1,26 @@
+/**
+   This code is licensed under the MCGSI Public License
+   Copyright 2018 Jeff Becker
+
+   Kovri go write your own code
+
+ */
+#ifndef LIBI2PD_CHACHA20_H
+#define LIBI2PD_CHACHA20_H
+#include <cstdint>
+#include <cstring>
+
+namespace i2p
+{
+namespace crypto
+{
+  const std::size_t CHACHA20_KEY_BYTES = 32;
+  const std::size_t CHACHA20_NOUNCE_BYTES = 12;
+
+  /** encrypt buf in place with chacha20 */
+  void chacha20(uint8_t * buf, size_t sz, const uint8_t * nonce, const uint8_t * key, uint32_t counter=1);
+
+}
+}
+
+#endif

libi2pd/Config.cpp

@@ -37,32 +37,33 @@ namespace config {
 			("pidfile", value<std::string>()->default_value(""),              "Path to pidfile (default: ~/i2pd/i2pd.pid or /var/lib/i2pd/i2pd.pid)")
 			("log", value<std::string>()->default_value(""),                  "Logs destination: stdout, file, syslog (stdout if not set)")
 			("logfile", value<std::string>()->default_value(""),              "Path to logfile (stdout if not set, autodetect if daemon)")
-			("loglevel", value<std::string>()->default_value("info"),         "Set the minimal level of log messages (debug, info, warn, error)")
-			("logclftime", value<bool>()->default_value(false),               "Write full CLF-formatted date and time to log (default: write only time)")
+			("loglevel", value<std::string>()->default_value("info"),         "Set the minimal level of log messages (debug, info, warn, error, none)")
+			("logclftime", bool_switch()->default_value(false),               "Write full CLF-formatted date and time to log (default: disabled, write only time)")
 			("family", value<std::string>()->default_value(""),               "Specify a family, router belongs to")
 			("datadir", value<std::string>()->default_value(""),              "Path to storage of i2pd data (RI, keys, peer profiles, ...)")
 			("host", value<std::string>()->default_value("0.0.0.0"),          "External IP")
 			("ifname", value<std::string>()->default_value(""),               "Network interface to bind to")
 			("ifname4", value<std::string>()->default_value(""),              "Network interface to bind to for ipv4")
 			("ifname6", value<std::string>()->default_value(""),              "Network interface to bind to for ipv6")
-			("nat", value<bool>()->default_value(true),                       "Should we assume we are behind NAT?")
+			("nat", value<bool>()->default_value(true),                       "Should we assume we are behind NAT? (default: enabled)")
 			("port", value<uint16_t>()->default_value(0),                     "Port to listen for incoming connections (default: auto)")
-			("ipv4", value<bool>()->default_value(true),                      "Enable communication through ipv4")
-			("ipv6", value<bool>()->zero_tokens()->default_value(false),      "Enable communication through ipv6")
+			("ipv4", value<bool>()->default_value(true),                      "Enable communication through ipv4 (default: enabled)")
+			("ipv6", bool_switch()->default_value(false),                     "Enable communication through ipv6 (default: disabled)")
 			("netid", value<int>()->default_value(I2PD_NET_ID),               "Specify NetID. Main I2P is 2")
-			("daemon", value<bool>()->zero_tokens()->default_value(false),    "Router will go to background after start")
-			("service", value<bool>()->zero_tokens()->default_value(false),   "Router will use system folders like '/var/lib/i2pd'")
-			("notransit", value<bool>()->zero_tokens()->default_value(false), "Router will not accept transit tunnels at startup")
-			("floodfill", value<bool>()->zero_tokens()->default_value(false), "Router will be floodfill")
+			("daemon", bool_switch()->default_value(false),                   "Router will go to background after start (default: disabled)")
+			("service", bool_switch()->default_value(false),                  "Router will use system folders like '/var/lib/i2pd' (default: disabled)")
+			("notransit", bool_switch()->default_value(false),                "Router will not accept transit tunnels at startup (default: disabled)")
+			("floodfill", bool_switch()->default_value(false),                "Router will be floodfill (default: disabled)")
 			("bandwidth", value<std::string>()->default_value(""),            "Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (>9000)")
-			("share", value<int>()->default_value(100),                       "Limit of transit traffic from max bandwidth in percents. (default: 100")
-			("ntcp", value<bool>()->default_value(true),                      "Enable NTCP transport")
-			("ssu", value<bool>()->default_value(true),                       "Enable SSU transport")
+			("share", value<int>()->default_value(100),                       "Limit of transit traffic from max bandwidth in percents. (default: 100)")
+			("ntcp", value<bool>()->default_value(true),                      "Enable NTCP transport (default: enabled)")
+			("ssu", value<bool>()->default_value(true),                       "Enable SSU transport (default: enabled)")
 			("ntcpproxy", value<std::string>()->default_value(""),            "Proxy URL for NTCP transport")
+			("ntcp2", value<bool>()->default_value(false),                    "Enable NTCP2 (experimental, default: disabled)")
 #ifdef _WIN32
 			("svcctl", value<std::string>()->default_value(""),               "Windows service management ('install' or 'remove')")
-			("insomnia", value<bool>()->zero_tokens()->default_value(false),  "Prevent system from sleeping")
-			("close", value<std::string>()->default_value("ask"),             "Action on close: minimize, exit, ask") // TODO: add custom validator or something
+			("insomnia", bool_switch()->default_value(false),                 "Prevent system from sleeping (default: disabled)")
+			("close", value<std::string>()->default_value("ask"),             "Action on close: minimize, exit, ask")
 #endif
 		;
 
@@ -73,16 +74,19 @@ namespace config {
 			("limits.transittunnels", value<uint16_t>()->default_value(2500), "Maximum active transit sessions (default:2500)")
 			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Threshold to start probabalistic backoff with ntcp sessions (default: use system limit)")
 			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Maximum number of ntcp sessions (default: use system limit)")
+			("limits.ntcpthreads", value<uint16_t>()->default_value(1),       "Maximum number of threads used by NTCP DH worker (default: 1)")
 		;
 
 		options_description httpserver("HTTP Server options");
 		httpserver.add_options()
-			("http.enabled", value<bool>()->default_value(true),               "Enable or disable webconsole")
-			("http.address", value<std::string>()->default_value("127.0.0.1"), "Webconsole listen address")
-			("http.port", value<uint16_t>()->default_value(7070),              "Webconsole listen port")
-			("http.auth", value<bool>()->default_value(false),                 "Enable Basic HTTP auth for webconsole")
-			("http.user", value<std::string>()->default_value("i2pd"),         "Username for basic auth")
-			("http.pass", value<std::string>()->default_value(""),             "Password for basic auth (default: random, see logs)")
+			("http.enabled", value<bool>()->default_value(true),                "Enable or disable webconsole")
+			("http.address", value<std::string>()->default_value("127.0.0.1"),  "Webconsole listen address")
+			("http.port", value<uint16_t>()->default_value(7070),               "Webconsole listen port")
+			("http.auth", value<bool>()->default_value(false),                  "Enable Basic HTTP auth for webconsole")
+			("http.user", value<std::string>()->default_value("i2pd"),          "Username for basic auth")
+			("http.pass", value<std::string>()->default_value(""),              "Password for basic auth (default: random, see logs)")
+			("http.strictheaders", value<bool>()->default_value(true),          "Enable strict host checking on WebUI")
+			("http.hostname", value<std::string>()->default_value("localhost"), "Expected hostname for WebUI")
 		;
 
 		options_description httpproxy("HTTP Proxy options");
@@ -188,7 +192,7 @@ namespace config {
 				// "https://uk.reseed.i2p2.no:444/," // mamoth's shit
 				"https://i2p-0.manas.ca:8443/,"
 				"https://download.xxlspeed.com/,"
-				"https://reseed-ru.lngserv.ru/,"
+				"https://reseed-fr.i2pd.xyz/,"
 				"https://reseed.atomike.ninja/,"
 				"https://reseed.memcpy.io/,"
 				"https://reseed.onion.im/,"
@@ -327,4 +331,3 @@ namespace config {
 
 } // namespace config
 } // namespace i2p
-

libi2pd/Config.h

@@ -47,7 +47,7 @@ namespace config {
    * @brief  Load and parse given config file
    * @param  path  Path to config file
    *
-   * If error occured when opening file path is points to,
+   * If error occurred when opening file path is points to,
    * we show the error message and terminate program.
    *
    * In case of parameter misuse boost throws an exception.
@@ -79,10 +79,10 @@ namespace config {
   }
 
   template<typename T>
-  bool GetOption(const std::string& name, T& value) 
+  bool GetOption(const std::string& name, T& value)
   {
     return GetOption (name.c_str (), value);
-  }	
+  }
 
   bool GetOptionAsAny(const char *name, boost::any& value);
   bool GetOptionAsAny(const std::string& name, boost::any& value);

libi2pd/Crypto.cpp

@@ -8,8 +8,15 @@
 #include <openssl/crypto.h>
 #include "TunnelBase.h"
 #include <openssl/ssl.h>
-#include "Log.h"
 #include "Crypto.h"
+#if LEGACY_OPENSSL
+#include "ChaCha20.h"
+#include "Poly1305.h"
+#else
+#include <openssl/evp.h>
+#endif
+#include "I2PEndian.h"
+#include "Log.h"
 
 namespace i2p
 {
@@ -22,7 +29,7 @@ namespace crypto
 		0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
 		0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
 		0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
- 		0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+		0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
 		0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
 		0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
 		0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
@@ -373,7 +380,7 @@ namespace crypto
 	}
 
 // ECIES
-	void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx)
+	void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
 	{
 		BN_CTX_start (ctx);
 		BIGNUM * q = BN_CTX_get (ctx);
@@ -386,10 +393,19 @@ namespace crypto
 		EC_POINT_mul (curve, p, k, nullptr, nullptr, ctx);
 		BIGNUM * x = BN_CTX_get (ctx), * y = BN_CTX_get (ctx);
 		EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, nullptr);
-		encrypted[0] = 0;
-		bn2buf (x, encrypted + 1, len);
-		bn2buf (y, encrypted + 1 + len, len);
-		RAND_bytes (encrypted + 1 + 2*len, 256 - 2*len);
+		if (zeroPadding)
+		{
+			encrypted[0] = 0;
+			bn2buf (x, encrypted + 1, len);
+			bn2buf (y, encrypted + 1 + len, len);
+			RAND_bytes (encrypted + 1 + 2*len, 256 - 2*len);
+		}	
+		else
+		{
+			bn2buf (x, encrypted, len);
+			bn2buf (y, encrypted + len, len);
+			RAND_bytes (encrypted + 2*len, 256 - 2*len);
+		}
 		// ecryption key and iv
 		EC_POINT_mul (curve, p, nullptr, key, k, ctx);
 		EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, nullptr);
@@ -403,16 +419,21 @@ namespace crypto
 		memcpy (m+33, data, 222);
 		SHA256 (m+33, 222, m+1);
 		// encrypt
-		encrypted[257] = 0;
 		CBCEncryption encryption;
 		encryption.SetKey (shared);
 		encryption.SetIV (iv);
-		encryption.Encrypt (m, 256, encrypted + 258);
+		if (zeroPadding)
+		{
+			encrypted[257] = 0;
+			encryption.Encrypt (m, 256, encrypted + 258);
+		}
+		else
+			encryption.Encrypt (m, 256, encrypted + 256);
 		EC_POINT_free (p);
 		BN_CTX_end (ctx);
 	}
 
-	bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx)
+	bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding)
 	{
 		bool ret = true;
 		BN_CTX_start (ctx);
@@ -421,8 +442,16 @@ namespace crypto
 		int len = BN_num_bytes (q);
 		// point for shared secret
 		BIGNUM * x = BN_CTX_get (ctx), * y = BN_CTX_get (ctx);
-		BN_bin2bn (encrypted + 1, len, x);
-		BN_bin2bn (encrypted + 1 + len, len, y);
+		if (zeroPadding)
+		{
+			BN_bin2bn (encrypted + 1, len, x);
+			BN_bin2bn (encrypted + 1 + len, len, y);
+		}
+		else
+		{
+			BN_bin2bn (encrypted, len, x);
+			BN_bin2bn (encrypted + len, len, y);
+		}
 		auto p = EC_POINT_new (curve);
 		if (EC_POINT_set_affine_coordinates_GFp (curve, p, x, y, nullptr))
 		{
@@ -439,7 +468,10 @@ namespace crypto
 			CBCDecryption decryption;
 			decryption.SetKey (shared);
 			decryption.SetIV (iv);
-			decryption.Decrypt (encrypted + 258, 256, m);
+			if (zeroPadding)	
+				decryption.Decrypt (encrypted + 258, 256, m);
+			else
+				decryption.Decrypt (encrypted + 256, 256, m);	
 			// verify and copy
 			uint8_t hash[32];
 			SHA256 (m + 33, 222, hash);
@@ -479,10 +511,9 @@ namespace crypto
 	const uint64_t IPAD = 0x3636363636363636;
 	const uint64_t OPAD = 0x5C5C5C5C5C5C5C5C;
 
-#if defined(__AVX__)
+
 	static const uint64_t ipads[] = { IPAD, IPAD, IPAD, IPAD };
 	static const uint64_t opads[] = { OPAD, OPAD, OPAD, OPAD };
-#endif
 
 	void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest)
 	// key is 32 bytes
@@ -491,47 +522,73 @@ namespace crypto
 	{
 		uint64_t buf[256];
 		uint64_t hash[12]; // 96 bytes
-#if defined(__AVX__) // for AVX
-		__asm__
-		(
-			"vmovups %[key], %%ymm0 \n"
-			"vmovups %[ipad], %%ymm1 \n"
-			"vmovups %%ymm1, 32(%[buf]) \n"
-			"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
-			"vmovups %%ymm1, (%[buf]) \n"
-			"vmovups %[opad], %%ymm1 \n"
-			"vmovups %%ymm1, 32(%[hash]) \n"
-			"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
-			"vmovups %%ymm1, (%[hash]) \n"
-			"vzeroall \n" // end of AVX
-			"movups %%xmm0, 80(%[hash]) \n" // zero last 16 bytes
-			:
-			: [key]"m"(*(const uint8_t *)key), [ipad]"m"(*ipads), [opad]"m"(*opads),
-				[buf]"r"(buf), [hash]"r"(hash)
-			: "memory", "%xmm0"	// TODO: change to %ymm0 later
-		);
+		if(i2p::cpu::avx)
+		{
+#ifdef AVX
+			__asm__
+				(
+					"vmovups %[key], %%ymm0 \n"
+					"vmovups %[ipad], %%ymm1 \n"
+					"vmovups %%ymm1, 32(%[buf]) \n"
+					"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
+					"vmovups %%ymm1, (%[buf]) \n"
+					"vmovups %[opad], %%ymm1 \n"
+					"vmovups %%ymm1, 32(%[hash]) \n"
+					"vxorps %%ymm0, %%ymm1, %%ymm1 \n"
+					"vmovups %%ymm1, (%[hash]) \n"
+					"vzeroall \n" // end of AVX
+					"movups %%xmm0, 80(%[hash]) \n" // zero last 16 bytes
+					:
+					: [key]"m"(*(const uint8_t *)key), [ipad]"m"(*ipads), [opad]"m"(*opads),
+						[buf]"r"(buf), [hash]"r"(hash)
+					: "memory", "%xmm0"	// TODO: change to %ymm0 later
+					);
 #else
-		// ikeypad
-		buf[0] = key.GetLL ()[0] ^ IPAD;
-		buf[1] = key.GetLL ()[1] ^ IPAD;
-		buf[2] = key.GetLL ()[2] ^ IPAD;
-		buf[3] = key.GetLL ()[3] ^ IPAD;
-		buf[4] = IPAD;
-		buf[5] = IPAD;
-		buf[6] = IPAD;
-		buf[7] = IPAD;
-		// okeypad
-		hash[0] = key.GetLL ()[0] ^ OPAD;
-		hash[1] = key.GetLL ()[1] ^ OPAD;
-		hash[2] = key.GetLL ()[2] ^ OPAD;
-		hash[3] = key.GetLL ()[3] ^ OPAD;
-		hash[4] = OPAD;
-		hash[5] = OPAD;
-		hash[6] = OPAD;
-		hash[7] = OPAD;
-		// fill last 16 bytes with zeros (first hash size assumed 32 bytes in I2P)
-		memset (hash + 10, 0, 16);
+			// ikeypad
+			buf[0] = key.GetLL ()[0] ^ IPAD;
+			buf[1] = key.GetLL ()[1] ^ IPAD;
+			buf[2] = key.GetLL ()[2] ^ IPAD;
+			buf[3] = key.GetLL ()[3] ^ IPAD;
+			buf[4] = IPAD;
+			buf[5] = IPAD;
+			buf[6] = IPAD;
+			buf[7] = IPAD;
+			// okeypad
+			hash[0] = key.GetLL ()[0] ^ OPAD;
+			hash[1] = key.GetLL ()[1] ^ OPAD;
+			hash[2] = key.GetLL ()[2] ^ OPAD;
+			hash[3] = key.GetLL ()[3] ^ OPAD;
+			hash[4] = OPAD;
+			hash[5] = OPAD;
+			hash[6] = OPAD;
+			hash[7] = OPAD;
+			// fill last 16 bytes with zeros (first hash size assumed 32 bytes in I2P)
+			memset (hash + 10, 0, 16);
 #endif
+		}
+		else
+		{
+			// ikeypad
+			buf[0] = key.GetLL ()[0] ^ IPAD;
+			buf[1] = key.GetLL ()[1] ^ IPAD;
+			buf[2] = key.GetLL ()[2] ^ IPAD;
+			buf[3] = key.GetLL ()[3] ^ IPAD;
+			buf[4] = IPAD;
+			buf[5] = IPAD;
+			buf[6] = IPAD;
+			buf[7] = IPAD;
+			// okeypad
+			hash[0] = key.GetLL ()[0] ^ OPAD;
+			hash[1] = key.GetLL ()[1] ^ OPAD;
+			hash[2] = key.GetLL ()[2] ^ OPAD;
+			hash[3] = key.GetLL ()[3] ^ OPAD;
+			hash[4] = OPAD;
+			hash[5] = OPAD;
+			hash[6] = OPAD;
+			hash[7] = OPAD;
+			// fill last 16 bytes with zeros (first hash size assumed 32 bytes in I2P)
+			memset (hash + 10, 0, 16);
+		}
 
 		// concatenate with msg
 		memcpy (buf + 8, msg, len);
@@ -543,7 +600,13 @@ namespace crypto
 	}
 
 // AES
-	#ifdef AESNI
+#ifdef AESNI
+        #ifdef ARM64AES
+                void init_aesenc(void){
+			// TODO: Implementation
+		}
+		
+        #endif
 
 	#define KeyExpansion256(round0,round1) \
 		"pshufd	$0xff, %%xmm2, %%xmm2 \n" \
@@ -567,7 +630,9 @@ namespace crypto
 		"pxor %%xmm4, %%xmm3 \n" \
 		"pxor %%xmm2, %%xmm3 \n" \
 		"movaps	%%xmm3, "#round1"(%[sched]) \n"
+#endif
 
+#ifdef AESNI
 	void ECBCryptoAESNI::ExpandKey (const AESKey& key)
 	{
 		__asm__
@@ -604,8 +669,11 @@ namespace crypto
 			: [key]"r"((const uint8_t *)key), [sched]"r"(GetKeySchedule ()) // input
 			: "%xmm1", "%xmm2", "%xmm3", "%xmm4", "memory" // clogged
 		);
-	}
+	}	
+#endif
 
+
+#if AESNI
 	#define EncryptAES256(sched) \
 		"pxor (%["#sched"]), %%xmm0 \n" \
 		"aesenc	16(%["#sched"]), %%xmm0 \n" \
@@ -622,18 +690,31 @@ namespace crypto
 		"aesenc	192(%["#sched"]), %%xmm0 \n" \
 		"aesenc	208(%["#sched"]), %%xmm0 \n" \
 		"aesenclast	224(%["#sched"]), %%xmm0 \n"
-
-	void ECBEncryptionAESNI::Encrypt (const ChipherBlock * in, ChipherBlock * out)
+#endif
+	
+	void ECBEncryption::Encrypt (const ChipherBlock * in, ChipherBlock * out)
 	{
-		__asm__
-		(
-			"movups	(%[in]), %%xmm0 \n"
-			EncryptAES256(sched)
-			"movups	%%xmm0, (%[out]) \n"
-			: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
-		);
+		if(i2p::cpu::aesni)
+		{
+#ifdef AESNI
+			__asm__
+				(
+					"movups	(%[in]), %%xmm0 \n"
+					EncryptAES256(sched)
+					"movups	%%xmm0, (%[out]) \n"
+					: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
+					);
+#else
+			AES_encrypt (in->buf, out->buf, &m_Key);
+#endif
+		}
+		else
+		{
+			AES_encrypt (in->buf, out->buf, &m_Key);
+		}	
 	}
 
+#ifdef AESNI
 	#define DecryptAES256(sched) \
 		"pxor 224(%["#sched"]), %%xmm0 \n" \
 		"aesdec	208(%["#sched"]), %%xmm0 \n" \
@@ -650,79 +731,130 @@ namespace crypto
 		"aesdec	32(%["#sched"]), %%xmm0 \n" \
 		"aesdec	16(%["#sched"]), %%xmm0 \n" \
 		"aesdeclast (%["#sched"]), %%xmm0 \n"
-
-	void ECBDecryptionAESNI::Decrypt (const ChipherBlock * in, ChipherBlock * out)
+#endif
+	
+	void ECBDecryption::Decrypt (const ChipherBlock * in, ChipherBlock * out)
 	{
-		__asm__
-		(
-			"movups	(%[in]), %%xmm0 \n"
-			DecryptAES256(sched)
-			"movups	%%xmm0, (%[out]) \n"
-			: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
-		);
+		if(i2p::cpu::aesni)
+		{
+#ifdef AESNI
+			__asm__
+				(
+					"movups	(%[in]), %%xmm0 \n"
+					DecryptAES256(sched)
+					"movups	%%xmm0, (%[out]) \n"
+					: : [sched]"r"(GetKeySchedule ()), [in]"r"(in), [out]"r"(out) : "%xmm0", "memory"
+					);
+#else
+			AES_decrypt (in->buf, out->buf, &m_Key);
+#endif
+		}
+		else
+		{
+			AES_decrypt (in->buf, out->buf, &m_Key);
+		}
 	}
 
+#ifdef AESNI
 	#define CallAESIMC(offset) \
 		"movaps "#offset"(%[shed]), %%xmm0 \n"	\
 		"aesimc %%xmm0, %%xmm0 \n" \
 		"movaps %%xmm0, "#offset"(%[shed]) \n"
-
-	void ECBDecryptionAESNI::SetKey (const AESKey& key)
-	{
-		ExpandKey (key); // expand encryption key first
-		// then  invert it using aesimc
-		__asm__
-		(
-			CallAESIMC(16)
-			CallAESIMC(32)
-			CallAESIMC(48)
-			CallAESIMC(64)
-			CallAESIMC(80)
-			CallAESIMC(96)
-			CallAESIMC(112)
-			CallAESIMC(128)
-			CallAESIMC(144)
-			CallAESIMC(160)
-			CallAESIMC(176)
-			CallAESIMC(192)
-			CallAESIMC(208)
-			: : [shed]"r"(GetKeySchedule ()) : "%xmm0", "memory"
-		);
-	}
-
 #endif
 
+	void ECBEncryption::SetKey (const AESKey& key)
+	{
+		if(i2p::cpu::aesni)
+		{
+#ifdef AESNI
+			ExpandKey (key); 
+#else
+			AES_set_encrypt_key (key, 256, &m_Key);
+#endif
+		}
+		else
+		{
+			AES_set_encrypt_key (key, 256, &m_Key);
+		}
+	}
+	
+	void ECBDecryption::SetKey (const AESKey& key)
+	{
+		if(i2p::cpu::aesni)
+		{
+#ifdef AESNI
+			ExpandKey (key); // expand encryption key first
+			// then  invert it using aesimc
+			__asm__
+				(
+					CallAESIMC(16)
+					CallAESIMC(32)
+					CallAESIMC(48)
+					CallAESIMC(64)
+					CallAESIMC(80)
+					CallAESIMC(96)
+					CallAESIMC(112)
+					CallAESIMC(128)
+					CallAESIMC(144)
+					CallAESIMC(160)
+					CallAESIMC(176)
+					CallAESIMC(192)
+					CallAESIMC(208)
+					: : [shed]"r"(GetKeySchedule ()) : "%xmm0", "memory"
+					);
+#else
+			AES_set_decrypt_key (key, 256, &m_Key);
+#endif
+		}
+		else
+		{
+			AES_set_decrypt_key (key, 256, &m_Key);
+		}
+	}
+
 
 	void CBCEncryption::Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
 	{
-#ifdef AESNI
-		__asm__
-		(
-			"movups	(%[iv]), %%xmm1 \n"
-			"1: \n"
-			"movups	(%[in]), %%xmm0 \n"
-			"pxor %%xmm1, %%xmm0 \n"
-			EncryptAES256(sched)
-			"movaps	%%xmm0, %%xmm1 \n"
-			"movups	%%xmm0, (%[out]) \n"
-			"add $16, %[in] \n"
-			"add $16, %[out] \n"
-			"dec %[num] \n"
-			"jnz 1b \n"
-			"movups	%%xmm1, (%[iv]) \n"
-			:
-			: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
-			  [in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
-			: "%xmm0", "%xmm1", "cc", "memory"
-		);
-#else
-		for (int i = 0; i < numBlocks; i++)
+		if(i2p::cpu::aesni)
 		{
-			*m_LastBlock.GetChipherBlock () ^= in[i];
-			m_ECBEncryption.Encrypt (m_LastBlock.GetChipherBlock (), m_LastBlock.GetChipherBlock ());
-			out[i] = *m_LastBlock.GetChipherBlock ();
-		}
+#ifdef AESNI
+			__asm__
+				(
+					"movups	(%[iv]), %%xmm1 \n"
+					"1: \n"
+					"movups	(%[in]), %%xmm0 \n"
+					"pxor %%xmm1, %%xmm0 \n"
+					EncryptAES256(sched)
+					"movaps	%%xmm0, %%xmm1 \n"
+					"movups	%%xmm0, (%[out]) \n"
+					"add $16, %[in] \n"
+					"add $16, %[out] \n"
+					"dec %[num] \n"
+					"jnz 1b \n"
+					"movups	%%xmm1, (%[iv]) \n"
+					:
+					: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
+						[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
+					: "%xmm0", "%xmm1", "cc", "memory"
+					);
+#else
+			for (int i = 0; i < numBlocks; i++)
+			{
+				*m_LastBlock.GetChipherBlock () ^= in[i];
+				m_ECBEncryption.Encrypt (m_LastBlock.GetChipherBlock (), m_LastBlock.GetChipherBlock ());
+				out[i] = *m_LastBlock.GetChipherBlock ();
+			}
 #endif
+		}
+		else
+		{
+			for (int i = 0; i < numBlocks; i++)
+			{
+				*m_LastBlock.GetChipherBlock () ^= in[i];
+				m_ECBEncryption.Encrypt (m_LastBlock.GetChipherBlock (), m_LastBlock.GetChipherBlock ());
+				out[i] = *m_LastBlock.GetChipherBlock ();
+			}
+		}
 	}
 
 	void CBCEncryption::Encrypt (const uint8_t * in, std::size_t len, uint8_t * out)
@@ -735,57 +867,75 @@ namespace crypto
 
 	void CBCEncryption::Encrypt (const uint8_t * in, uint8_t * out)
 	{
+		if(i2p::cpu::aesni)
+		{
 #ifdef AESNI
-		__asm__
-		(
-			"movups	(%[iv]), %%xmm1 \n"
-			"movups	(%[in]), %%xmm0 \n"
-			"pxor %%xmm1, %%xmm0 \n"
-			EncryptAES256(sched)
-			"movups	%%xmm0, (%[out]) \n"
-			"movups	%%xmm0, (%[iv]) \n"
-			:
-			: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
-			  [in]"r"(in), [out]"r"(out)
-			: "%xmm0", "%xmm1", "memory"
-		);
+			__asm__
+				(
+					"movups	(%[iv]), %%xmm1 \n"
+					"movups	(%[in]), %%xmm0 \n"
+					"pxor %%xmm1, %%xmm0 \n"
+					EncryptAES256(sched)
+					"movups	%%xmm0, (%[out]) \n"
+					"movups	%%xmm0, (%[iv]) \n"
+					:
+					: [iv]"r"((uint8_t *)m_LastBlock), [sched]"r"(m_ECBEncryption.GetKeySchedule ()),
+						[in]"r"(in), [out]"r"(out)
+					: "%xmm0", "%xmm1", "memory"
+					);
 #else
-		Encrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
+			Encrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
 #endif
+		}
+		else
+			Encrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
 	}
 
 	void CBCDecryption::Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out)
 	{
-#ifdef AESNI
-		__asm__
-		(
-			"movups	(%[iv]), %%xmm1 \n"
-			"1: \n"
-			"movups	(%[in]), %%xmm0 \n"
-			"movaps %%xmm0, %%xmm2 \n"
-			DecryptAES256(sched)
-			"pxor %%xmm1, %%xmm0 \n"
-			"movups	%%xmm0, (%[out]) \n"
-			"movaps %%xmm2, %%xmm1 \n"
-			"add $16, %[in] \n"
-			"add $16, %[out] \n"
-			"dec %[num] \n"
-			"jnz 1b \n"
-			"movups	%%xmm1, (%[iv]) \n"
-			:
-			: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
-			  [in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
-			: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
-		);
-#else
-		for (int i = 0; i < numBlocks; i++)
+		if(i2p::cpu::aesni)
 		{
-			ChipherBlock tmp = in[i];
-			m_ECBDecryption.Decrypt (in + i, out + i);
-			out[i] ^= *m_IV.GetChipherBlock ();
-			*m_IV.GetChipherBlock () = tmp;
-		}
+#ifdef AESNI
+			__asm__
+				(
+					"movups	(%[iv]), %%xmm1 \n"
+					"1: \n"
+					"movups	(%[in]), %%xmm0 \n"
+					"movaps %%xmm0, %%xmm2 \n"
+					DecryptAES256(sched)
+					"pxor %%xmm1, %%xmm0 \n"
+					"movups	%%xmm0, (%[out]) \n"
+					"movaps %%xmm2, %%xmm1 \n"
+					"add $16, %[in] \n"
+					"add $16, %[out] \n"
+					"dec %[num] \n"
+					"jnz 1b \n"
+					"movups	%%xmm1, (%[iv]) \n"
+					:
+					: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
+						[in]"r"(in), [out]"r"(out), [num]"r"(numBlocks)
+					: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
+					);
+#else
+			for (int i = 0; i < numBlocks; i++)
+			{
+				ChipherBlock tmp = in[i];
+				m_ECBDecryption.Decrypt (in + i, out + i);
+				out[i] ^= *m_IV.GetChipherBlock ();
+				*m_IV.GetChipherBlock () = tmp;
+			}
 #endif
+		}
+		else
+		{
+			for (int i = 0; i < numBlocks; i++)
+			{
+				ChipherBlock tmp = in[i];
+				m_ECBDecryption.Decrypt (in + i, out + i);
+				out[i] ^= *m_IV.GetChipherBlock ();
+				*m_IV.GetChipherBlock () = tmp;
+			}
+		}
 	}
 
 	void CBCDecryption::Decrypt (const uint8_t * in, std::size_t len, uint8_t * out)
@@ -797,98 +947,208 @@ namespace crypto
 
 	void CBCDecryption::Decrypt (const uint8_t * in, uint8_t * out)
 	{
+		if(i2p::cpu::aesni)
+		{
 #ifdef AESNI
-		__asm__
-		(
-			"movups	(%[iv]), %%xmm1 \n"
-			"movups	(%[in]), %%xmm0 \n"
-			"movups	%%xmm0, (%[iv]) \n"
-			DecryptAES256(sched)
-			"pxor %%xmm1, %%xmm0 \n"
-			"movups	%%xmm0, (%[out]) \n"
-			:
-			: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
-			  [in]"r"(in), [out]"r"(out)
-			: "%xmm0", "%xmm1", "memory"
-		);
+			__asm__
+				(
+					"movups	(%[iv]), %%xmm1 \n"
+					"movups	(%[in]), %%xmm0 \n"
+					"movups	%%xmm0, (%[iv]) \n"
+					DecryptAES256(sched)
+					"pxor %%xmm1, %%xmm0 \n"
+					"movups	%%xmm0, (%[out]) \n"
+					:
+					: [iv]"r"((uint8_t *)m_IV), [sched]"r"(m_ECBDecryption.GetKeySchedule ()),
+						[in]"r"(in), [out]"r"(out)
+					: "%xmm0", "%xmm1", "memory"
+					);
 #else
-		Decrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
+			Decrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
 #endif
+		}
+		else
+			Decrypt (1, (const ChipherBlock *)in, (ChipherBlock *)out);
 	}
 
 	void TunnelEncryption::Encrypt (const uint8_t * in, uint8_t * out)
 	{
+		if(i2p::cpu::aesni)
+		{
 #ifdef AESNI
-		__asm__
-		(
-			// encrypt IV
-			"movups	(%[in]), %%xmm0 \n"
-			EncryptAES256(sched_iv)
-			"movaps %%xmm0, %%xmm1 \n"
-			// double IV encryption
-			EncryptAES256(sched_iv)
-			"movups %%xmm0, (%[out]) \n"
-			// encrypt data, IV is xmm1
-			"1: \n"
-			"add $16, %[in] \n"
-			"add $16, %[out] \n"
-			"movups	(%[in]), %%xmm0 \n"
-			"pxor %%xmm1, %%xmm0 \n"
-			EncryptAES256(sched_l)
-			"movaps	%%xmm0, %%xmm1 \n"
-			"movups	%%xmm0, (%[out]) \n"
-			"dec %[num] \n"
-			"jnz 1b \n"
-			:
-			: [sched_iv]"r"(m_IVEncryption.GetKeySchedule ()), [sched_l]"r"(m_LayerEncryption.GetKeySchedule ()),
-			  [in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
-			: "%xmm0", "%xmm1", "cc", "memory"
-		);
+			__asm__
+				(
+					// encrypt IV
+					"movups	(%[in]), %%xmm0 \n"
+					EncryptAES256(sched_iv)
+					"movaps %%xmm0, %%xmm1 \n"
+					// double IV encryption
+					EncryptAES256(sched_iv)
+					"movups %%xmm0, (%[out]) \n"
+					// encrypt data, IV is xmm1
+					"1: \n"
+					"add $16, %[in] \n"
+					"add $16, %[out] \n"
+					"movups	(%[in]), %%xmm0 \n"
+					"pxor %%xmm1, %%xmm0 \n"
+					EncryptAES256(sched_l)
+					"movaps	%%xmm0, %%xmm1 \n"
+					"movups	%%xmm0, (%[out]) \n"
+					"dec %[num] \n"
+					"jnz 1b \n"
+					:
+					: [sched_iv]"r"(m_IVEncryption.GetKeySchedule ()), [sched_l]"r"(m_LayerEncryption.ECB().GetKeySchedule ()),
+						[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
+					: "%xmm0", "%xmm1", "cc", "memory"
+					);
 #else
-		m_IVEncryption.Encrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
-		m_LayerEncryption.SetIV (out);
-		m_LayerEncryption.Encrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
-		m_IVEncryption.Encrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
+			m_IVEncryption.Encrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
+			m_LayerEncryption.SetIV (out);
+			m_LayerEncryption.Encrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
+			m_IVEncryption.Encrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
 #endif
+		}
+		else
+		{
+			m_IVEncryption.Encrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
+			m_LayerEncryption.SetIV (out);
+			m_LayerEncryption.Encrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
+			m_IVEncryption.Encrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
+		}
 	}
 
 	void TunnelDecryption::Decrypt (const uint8_t * in, uint8_t * out)
 	{
+		if(i2p::cpu::aesni)
+		{
 #ifdef AESNI
-		__asm__
-		(
-			// decrypt IV
-			"movups	(%[in]), %%xmm0 \n"
-			DecryptAES256(sched_iv)
-			"movaps %%xmm0, %%xmm1 \n"
-			// double IV encryption
-			DecryptAES256(sched_iv)
-			"movups %%xmm0, (%[out]) \n"
-			// decrypt data, IV is xmm1
-			"1: \n"
-			"add $16, %[in] \n"
-			"add $16, %[out] \n"
-			"movups	(%[in]), %%xmm0 \n"
-			"movaps %%xmm0, %%xmm2 \n"
-			DecryptAES256(sched_l)
-			"pxor %%xmm1, %%xmm0 \n"
-			"movups	%%xmm0, (%[out]) \n"
-			"movaps %%xmm2, %%xmm1 \n"
-			"dec %[num] \n"
-			"jnz 1b \n"
-			:
-			: [sched_iv]"r"(m_IVDecryption.GetKeySchedule ()), [sched_l]"r"(m_LayerDecryption.GetKeySchedule ()),
-				[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
-			: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
-		);
+			__asm__
+				(
+					// decrypt IV
+					"movups	(%[in]), %%xmm0 \n"
+					DecryptAES256(sched_iv)
+					"movaps %%xmm0, %%xmm1 \n"
+					// double IV encryption
+					DecryptAES256(sched_iv)
+					"movups %%xmm0, (%[out]) \n"
+					// decrypt data, IV is xmm1
+					"1: \n"
+					"add $16, %[in] \n"
+					"add $16, %[out] \n"
+					"movups	(%[in]), %%xmm0 \n"
+					"movaps %%xmm0, %%xmm2 \n"
+					DecryptAES256(sched_l)
+					"pxor %%xmm1, %%xmm0 \n"
+					"movups	%%xmm0, (%[out]) \n"
+					"movaps %%xmm2, %%xmm1 \n"
+					"dec %[num] \n"
+					"jnz 1b \n"
+					:
+					: [sched_iv]"r"(m_IVDecryption.GetKeySchedule ()), [sched_l]"r"(m_LayerDecryption.ECB().GetKeySchedule ()),
+						[in]"r"(in), [out]"r"(out), [num]"r"(63) // 63 blocks = 1008 bytes
+					: "%xmm0", "%xmm1", "%xmm2", "cc", "memory"
+					);
 #else
-		m_IVDecryption.Decrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
-		m_LayerDecryption.SetIV (out);
-		m_LayerDecryption.Decrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
-		m_IVDecryption.Decrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
+			m_IVDecryption.Decrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
+			m_LayerDecryption.SetIV (out);
+			m_LayerDecryption.Decrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
+			m_IVDecryption.Decrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
 #endif
+		}
+		else
+		{
+			m_IVDecryption.Decrypt ((const ChipherBlock *)in, (ChipherBlock *)out); // iv
+			m_LayerDecryption.SetIV (out);
+			m_LayerDecryption.Decrypt (in + 16, i2p::tunnel::TUNNEL_DATA_ENCRYPTED_SIZE, out + 16); // data
+			m_IVDecryption.Decrypt ((ChipherBlock *)out, (ChipherBlock *)out); // double iv
+		}
 	}
 
+// AEAD/ChaCha20/Poly1305
+
+	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt)
+	{
+		if (len < msgLen) return false;	
+		if (encrypt && len < msgLen + 16) return false;
+		bool ret = true;
+#if LEGACY_OPENSSL
+		// generate one time poly key
+		uint8_t polyKey[64];
+		memset(polyKey, 0, sizeof(polyKey));
+		chacha20 (polyKey, 64, nonce, key, 0);
+		// encrypt data		
+		memcpy (buf, msg, msgLen);
+		chacha20 (buf, msgLen, nonce, key, 1);
+		
+		// create Poly1305 message
+		if (!ad) adLen = 0;	
+		std::vector<uint8_t> polyMsg(adLen + msgLen + 3*16);
+		size_t offset = 0;
+		uint8_t padding[16]; memset (padding, 0, 16);
+		if (ad)
+		{	
+			memcpy (polyMsg.data (), ad, adLen); offset += adLen; // additional authenticated data
+			auto rem = adLen & 0x0F; // %16
+			if (rem) 
+			{
+				// padding1
+				rem = 16 - rem;
+				memcpy (polyMsg.data () + offset, padding, rem); offset += rem;	
+			}
+		}
+		memcpy (polyMsg.data () + offset, encrypt ? buf : msg, msgLen); offset += msgLen; // encrypted data
+		auto rem = msgLen & 0x0F; // %16
+		if (rem) 
+		{
+			// padding2
+			rem = 16 - rem;
+			memcpy (polyMsg.data () + offset, padding, rem); offset += rem;	
+		}
+		htole64buf (polyMsg.data () + offset, adLen); offset += 8;			
+		htole64buf (polyMsg.data () + offset, msgLen); offset += 8;
+
+		if (encrypt)
+		{
+			// calculate Poly1305 tag and write in after encrypted data		
+			Poly1305HMAC ((uint32_t *)(buf + msgLen), (uint32_t *)polyKey, polyMsg.data (), offset);
+		}
+		else
+		{
+			uint32_t tag[8];
+			// calculate Poly1305 tag
+			Poly1305HMAC (tag, (uint32_t *)polyKey, polyMsg.data (), offset);
+			if (memcmp (tag, msg + msgLen, 16)) ret = false; // compare with provided
+		}	
+#else
+		int outlen = 0;	
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
+		if (encrypt)
+		{
+			EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), 0, 0, 0);
+			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, 0);
+			EVP_EncryptInit_ex(ctx, NULL, NULL, key, nonce);
+			EVP_EncryptUpdate(ctx, NULL, &outlen, ad, adLen);
+			EVP_EncryptUpdate(ctx, buf, &outlen, msg, msgLen);
+			EVP_EncryptFinal_ex(ctx, buf, &outlen);
+			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, buf + msgLen);
+		}
+		else
+		{
+			EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), 0, 0, 0);
+			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, 0);
+			EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, (uint8_t *)(msg + msgLen));
+			EVP_DecryptInit_ex(ctx, NULL, NULL, key, nonce);
+			EVP_DecryptUpdate(ctx, NULL, &outlen, ad, adLen);
+			ret = EVP_DecryptUpdate(ctx, buf, &outlen, msg, msgLen) > 0;
+		}
+	
+		EVP_CIPHER_CTX_free (ctx);	
+#endif
+		return ret;
+	}
+
+// init and terminate
+
 /*	std::vector <std::unique_ptr<std::mutex> >  m_OpenSSLMutexes;
 	static void OpensslLockingCallback(int mode, int type, const char * file, int line)
 	{
@@ -904,6 +1164,7 @@ namespace crypto
 
 	void InitCrypto (bool precomputation)
 	{
+		i2p::cpu::Detect ();
 		SSL_library_init ();
 /*		auto numLocks = CRYPTO_num_locks();
 		for (int i = 0; i < numLocks; i++)

libi2pd/Crypto.h

@@ -16,6 +16,7 @@
 
 #include "Base.h"
 #include "Tag.h"
+#include "CPU.h"
 
 namespace i2p
 {
@@ -24,7 +25,7 @@ namespace crypto
 	bool bn2buf (const BIGNUM * bn, uint8_t * buf, size_t len);
 
 	// DSA
-	DSA * CreateDSA ();	
+	DSA * CreateDSA ();
 
 	// RSA
 	const BIGNUM * GetRSAE ();
@@ -33,78 +34,75 @@ namespace crypto
 	class DHKeys
 	{
 		public:
-			
+
 			DHKeys ();
 			~DHKeys ();
 
 			void GenerateKeys ();
 			const uint8_t * GetPublicKey () const { return m_PublicKey; };
 			void Agree (const uint8_t * pub, uint8_t * shared);
-			
+
 		private:
 
 			DH * m_DH;
 			uint8_t m_PublicKey[256];
-	};	
-	
+	};
+
 	// ElGamal
 	void ElGamalEncrypt (const uint8_t * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding = false);
 	bool ElGamalDecrypt (const uint8_t * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding = false);
 	void GenerateElGamalKeyPair (uint8_t * priv, uint8_t * pub);
 
 	// ECIES
-	void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); // 222 bytes data, 514 bytes encrypted
-	bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx);	
+	void ECIESEncrypt (const EC_GROUP * curve, const EC_POINT * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding = false); // 222 bytes data, 514 bytes encrypted with zeropadding, 512 without
+	bool ECIESDecrypt (const EC_GROUP * curve, const BIGNUM * key, const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding = false);
 	void GenerateECIESKeyPair (const EC_GROUP * curve, BIGNUM *& priv, EC_POINT *& pub);
-	
+
 	// HMAC
-	typedef i2p::data::Tag<32> MACKey;		
+	typedef i2p::data::Tag<32> MACKey;
 	void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest);
 
 	// AES
-	struct ChipherBlock	
+	struct ChipherBlock
 	{
 		uint8_t buf[16];
 
 		void operator^=(const ChipherBlock& other) // XOR
 		{
-#if defined(__AVX__) // AVX
-			__asm__
-			(
-				"vmovups (%[buf]), %%xmm0 \n"	
-				"vmovups (%[other]), %%xmm1 \n"	
-				"vxorps %%xmm0, %%xmm1, %%xmm0 \n"
-				"vmovups %%xmm0, (%[buf]) \n"	
-				: 
-				: [buf]"r"(buf), [other]"r"(other.buf) 
-				: "%xmm0", "%xmm1", "memory"
-			);		
-#elif defined(__SSE__) // SSE
-			__asm__
-			(
-				"movups	(%[buf]), %%xmm0 \n"	
-				"movups	(%[other]), %%xmm1 \n"	
-				"pxor %%xmm1, %%xmm0 \n"
-				"movups	%%xmm0, (%[buf]) \n"
-				: 
-				: [buf]"r"(buf), [other]"r"(other.buf) 
-				: "%xmm0", "%xmm1", "memory"
-			);			
+			if (i2p::cpu::avx)
+			{
+#ifdef AVX
+				__asm__
+					(
+						"vmovups (%[buf]), %%xmm0 \n"
+						"vmovups (%[other]), %%xmm1 \n"
+						"vxorps %%xmm0, %%xmm1, %%xmm0 \n"
+						"vmovups %%xmm0, (%[buf]) \n"
+						:
+						: [buf]"r"(buf), [other]"r"(other.buf)
+						: "%xmm0", "%xmm1", "memory"
+						);
 #else
-			// TODO: implement it better
-			for (int i = 0; i < 16; i++)
-				buf[i] ^= other.buf[i];
+				for (int i = 0; i < 16; i++)
+					buf[i] ^= other.buf[i];
 #endif
-		}	 
+			}
+			else
+			{
+				// TODO: implement it better
+				for (int i = 0; i < 16; i++)
+					buf[i] ^= other.buf[i];
+			}
+		}
 	};
 
 	typedef i2p::data::Tag<32> AESKey;
-	
+
 	template<size_t sz>
 	class AESAlignedBuffer // 16 bytes alignment
 	{
 		public:
-		
+
 			AESAlignedBuffer ()
 			{
 				m_Buf = m_UnalignedBuffer;
@@ -112,22 +110,25 @@ namespace crypto
 				if (rem)
 					m_Buf += (16 - rem);
 			}
-		
+
 			operator uint8_t * () { return m_Buf; };
 			operator const uint8_t * () const { return m_Buf; };
 			ChipherBlock * GetChipherBlock () { return (ChipherBlock *)m_Buf; };
 			const ChipherBlock * GetChipherBlock () const { return (const ChipherBlock *)m_Buf; };
-			
+
 		private:
 
 			uint8_t m_UnalignedBuffer[sz + 15]; // up to 15 bytes alignment
 			uint8_t * m_Buf;
-	};			
+	};
 
 
 #ifdef AESNI
+	#ifdef ARM64AES
+		void init_aesenc(void) __attribute__((constructor));
+	#endif
 	class ECBCryptoAESNI
-	{	
+	{
 		public:
 
 			uint8_t * GetKeySchedule () { return m_KeySchedule; };
@@ -135,110 +136,87 @@ namespace crypto
 		protected:
 
 			void ExpandKey (const AESKey& key);
-		
+
 		private:
 
-			AESAlignedBuffer<240> m_KeySchedule;  // 14 rounds for AES-256, 240 bytes
-	};	
-
-	class ECBEncryptionAESNI: public ECBCryptoAESNI
-	{
-		public:
-		
-			void SetKey (const AESKey& key) { ExpandKey (key); };
-			void Encrypt (const ChipherBlock * in, ChipherBlock * out);	
-	};	
-
-	class ECBDecryptionAESNI: public ECBCryptoAESNI
-	{
-		public:
-		
-			void SetKey (const AESKey& key);
-			void Decrypt (const ChipherBlock * in, ChipherBlock * out);		
-	};	
-
-	typedef ECBEncryptionAESNI ECBEncryption;
-	typedef ECBDecryptionAESNI ECBDecryption;
-
-#else // use openssl
+			AESAlignedBuffer<240> m_KeySchedule;	// 14 rounds for AES-256, 240 bytes
+	};
+#endif
 
+#ifdef AESNI
+	class ECBEncryption: public ECBCryptoAESNI
+#else
 	class ECBEncryption
+#endif
 	{
 		public:
+
+		void SetKey (const AESKey& key);
 		
-			void SetKey (const AESKey& key) 
-			{ 
-				AES_set_encrypt_key (key, 256, &m_Key);
-			}
-			void Encrypt (const ChipherBlock * in, ChipherBlock * out)
-			{
-				AES_encrypt (in->buf, out->buf, &m_Key);
-			}	
+		void Encrypt(const ChipherBlock * in, ChipherBlock * out);
 
-		private:
-
-			AES_KEY m_Key;
-	};	
+	private:
+		AES_KEY m_Key;
+	};
 
+#ifdef AESNI
+	class ECBDecryption: public ECBCryptoAESNI
+#else
 	class ECBDecryption
+#endif
 	{
 		public:
-		
-			void SetKey (const AESKey& key) 
-			{ 
-				AES_set_decrypt_key (key, 256, &m_Key); 
-			}
-			void Decrypt (const ChipherBlock * in, ChipherBlock * out)
-			{
-				AES_decrypt (in->buf, out->buf, &m_Key);
-			}	
 
+			void SetKey (const AESKey& key);
+			void Decrypt (const ChipherBlock * in, ChipherBlock * out);
 		private:
-
 			AES_KEY m_Key;
-	};		
-
-
-#endif			
+	};
 
 	class CBCEncryption
 	{
 		public:
-	
+
 			CBCEncryption () { memset ((uint8_t *)m_LastBlock, 0, 16); };
 
 			void SetKey (const AESKey& key) { m_ECBEncryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_LastBlock, iv, 16); }; // 16 bytes
+			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_LastBlock, 16); };
 
 			void Encrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
 			void Encrypt (const uint8_t * in, std::size_t len, uint8_t * out);
 			void Encrypt (const uint8_t * in, uint8_t * out); // one block
 
+			ECBEncryption & ECB() { return m_ECBEncryption; }
+		
 		private:
 
 			AESAlignedBuffer<16> m_LastBlock;
-			
+
 			ECBEncryption m_ECBEncryption;
 	};
 
 	class CBCDecryption
 	{
 		public:
-	
+
 			CBCDecryption () { memset ((uint8_t *)m_IV, 0, 16); };
 
 			void SetKey (const AESKey& key) { m_ECBDecryption.SetKey (key); }; // 32 bytes
 			void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_IV, iv, 16); }; // 16 bytes
+			void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_IV, 16); };
 
 			void Decrypt (int numBlocks, const ChipherBlock * in, ChipherBlock * out);
 			void Decrypt (const uint8_t * in, std::size_t len, uint8_t * out);
 			void Decrypt (const uint8_t * in, uint8_t * out); // one block
 
+			ECBDecryption & ECB() { return m_ECBDecryption; }
+		
 		private:
 
 			AESAlignedBuffer<16> m_IV;
 			ECBDecryption m_ECBDecryption;
-	};	
+	};
 
 	class TunnelEncryption // with double IV encryption
 	{
@@ -248,18 +226,14 @@ namespace crypto
 			{
 				m_LayerEncryption.SetKey (layerKey);
 				m_IVEncryption.SetKey (ivKey);
-			}	
+			}
 
-			void Encrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)		
+			void Encrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)
 
 		private:
 
 			ECBEncryption m_IVEncryption;
-#ifdef AESNI
-			ECBEncryption m_LayerEncryption;
-#else
 			CBCEncryption m_LayerEncryption;
-#endif
 	};
 
 	class TunnelDecryption // with double IV encryption
@@ -270,84 +244,85 @@ namespace crypto
 			{
 				m_LayerDecryption.SetKey (layerKey);
 				m_IVDecryption.SetKey (ivKey);
-			}			
+			}
 
-			void Decrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)	
+			void Decrypt (const uint8_t * in, uint8_t * out); // 1024 bytes (16 IV + 1008 data)
 
 		private:
 
 			ECBDecryption m_IVDecryption;
-#ifdef AESNI
-			ECBDecryption m_LayerDecryption;
-#else
 			CBCDecryption m_LayerDecryption;
-#endif
-	};	
-	
+	};
+
+// AEAD/ChaCha20/Poly1305
+	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt); // msgLen is len without tag 
+   	
+// init and terminate
 	void InitCrypto (bool precomputation);
 	void TerminateCrypto ();
-}		
-}	
+}
+}
 
 // take care about openssl version
 #include <openssl/opensslv.h>
-#if (OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER) // 1.1.0 or LibreSSL
+#define LEGACY_OPENSSL ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
+#if LEGACY_OPENSSL
 // define getters and setters introduced in 1.1.0
-inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) 
-	{ 
+inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+	{
 		if (d->p) BN_free (d->p);
 		if (d->q) BN_free (d->q);
 		if (d->g) BN_free (d->g);
-		d->p = p; d->q = q; d->g = g; return 1; 
+		d->p = p; d->q = q; d->g = g; return 1;
 	}
-inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) 
-	{ 
+inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+	{
 		if (d->pub_key) BN_free (d->pub_key);
 		if (d->priv_key) BN_free (d->priv_key);
-		d->pub_key = pub_key; d->priv_key = priv_key; return 1; 
-	} 
-inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) 
+		d->pub_key = pub_key; d->priv_key = priv_key; return 1;
+	}
+inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
 	{ *pub_key = d->pub_key; *priv_key = d->priv_key; }
-inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) 
-	{ 
+inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+	{
 		if (sig->r) BN_free (sig->r);
 		if (sig->s) BN_free (sig->s);
-		sig->r = r; sig->s = s; return 1; 
+		sig->r = r; sig->s = s; return 1;
 	}
-inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) 
+inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
 	{ *pr = sig->r; *ps = sig->s; }
 
 inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-	{ 
+	{
 		if (sig->r) BN_free (sig->r);
 		if (sig->s) BN_free (sig->s);
-		sig->r = r; sig->s = s; return 1; 
+		sig->r = r; sig->s = s; return 1;
 	}
 inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
 	{ *pr = sig->r; *ps = sig->s; }
 
-inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) 
+inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
 	{
 		if (r->n) BN_free (r->n);
 		if (r->e) BN_free (r->e);
 		if (r->d) BN_free (r->d);
-		r->n = n; r->e = e; r->d = d; return 1; 
+		r->n = n; r->e = e; r->d = d; return 1;
 	}
 inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
 	{ *n = r->n; *e = r->e; *d = r->d; }
 
 inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-	{ 
+	{
 		if (dh->p) BN_free (dh->p);
 		if (dh->q) BN_free (dh->q);
 		if (dh->g) BN_free (dh->g);
-		dh->p = p; dh->q = q; dh->g = g;  return 1; 
+		dh->p = p; dh->q = q; dh->g = g;  return 1;
 	}
 inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-	{ 
-		if (dh->pub_key) BN_free (dh->pub_key); 
+	{
+		if (dh->pub_key) BN_free (dh->pub_key);
 		if (dh->priv_key) BN_free (dh->priv_key);
-		dh->pub_key = pub_key; dh->priv_key = priv_key; return 1; 
+		dh->pub_key = pub_key; dh->priv_key = priv_key; return 1;
 	}
 inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
 	{ *pub_key = dh->pub_key; *priv_key = dh->priv_key; }

libi2pd/CryptoKey.cpp

@@ -12,9 +12,9 @@ namespace crypto
 		memcpy (m_PublicKey, pub, 256);
 	}
 
-	void ElGamalEncryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx)
+	void ElGamalEncryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
 	{
-		ElGamalEncrypt (m_PublicKey, data, encrypted, ctx, true);
+		ElGamalEncrypt (m_PublicKey, data, encrypted, ctx, zeroPadding);
 	}
 
 	ElGamalDecryptor::ElGamalDecryptor (const uint8_t * priv)
@@ -22,9 +22,9 @@ namespace crypto
 		memcpy (m_PrivateKey, priv, 256);
 	}
 
-	bool ElGamalDecryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx)
+	bool ElGamalDecryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding)
 	{
-		return ElGamalDecrypt (m_PrivateKey, encrypted, data, ctx, true);
+		return ElGamalDecrypt (m_PrivateKey, encrypted, data, ctx, zeroPadding);
 	}
 
 	ECIESP256Encryptor::ECIESP256Encryptor (const uint8_t * pub)
@@ -44,10 +44,10 @@ namespace crypto
 		if (m_PublicKey) EC_POINT_free (m_PublicKey);
 	}
 
-	void ECIESP256Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx)
+	void ECIESP256Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
 	{
 		if (m_Curve && m_PublicKey)
-			ECIESEncrypt (m_Curve, m_PublicKey, data, encrypted, ctx);
+			ECIESEncrypt (m_Curve, m_PublicKey, data, encrypted, ctx, zeroPadding);
 	}
 
 	ECIESP256Decryptor::ECIESP256Decryptor (const uint8_t * priv)
@@ -62,17 +62,17 @@ namespace crypto
 		if (m_PrivateKey) BN_free (m_PrivateKey);
 	}
 
-	bool ECIESP256Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx)
+	bool ECIESP256Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding)
 	{
 		if (m_Curve && m_PrivateKey)
-			return ECIESDecrypt (m_Curve, m_PrivateKey, encrypted, data, ctx);
+			return ECIESDecrypt (m_Curve, m_PrivateKey, encrypted, data, ctx, zeroPadding);
 		return false;
 	}
 
 	void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub)
 	{
 		EC_GROUP * curve = EC_GROUP_new_by_curve_name (NID_X9_62_prime256v1);
-		EC_POINT * p = nullptr; 
+		EC_POINT * p = nullptr;
 		BIGNUM * key = nullptr;
 		GenerateECIESKeyPair (curve, key, p);
 		bn2buf (key, priv, 32);
@@ -81,11 +81,11 @@ namespace crypto
 		BIGNUM * x = BN_new (), * y = BN_new ();
 		EC_POINT_get_affine_coordinates_GFp (curve, p, x, y, NULL);
 		bn2buf (x, pub, 32);
-		bn2buf (y, pub + 32, 32);				
+		bn2buf (y, pub + 32, 32);
 		RAND_bytes (pub + 64, 192);
-		EC_POINT_free (p); 
+		EC_POINT_free (p);
 		BN_free (x); BN_free (y);
-		EC_GROUP_free (curve);	
+		EC_GROUP_free (curve);
 	}
 
 	ECIESGOSTR3410Encryptor::ECIESGOSTR3410Encryptor (const uint8_t * pub)
@@ -104,10 +104,10 @@ namespace crypto
 		if (m_PublicKey) EC_POINT_free (m_PublicKey);
 	}
 
-	void ECIESGOSTR3410Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx)
+	void ECIESGOSTR3410Encryptor::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
 	{
 		if (m_PublicKey)
-			ECIESEncrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PublicKey, data, encrypted, ctx);
+			ECIESEncrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PublicKey, data, encrypted, ctx, zeroPadding);
 	}
 
 	ECIESGOSTR3410Decryptor::ECIESGOSTR3410Decryptor (const uint8_t * priv)
@@ -120,10 +120,10 @@ namespace crypto
 		if (m_PrivateKey) BN_free (m_PrivateKey);
 	}
 
-	bool ECIESGOSTR3410Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx)
+	bool ECIESGOSTR3410Decryptor::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding)
 	{
 		if (m_PrivateKey)
-			return ECIESDecrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PrivateKey, encrypted, data, ctx);
+			return ECIESDecrypt (GetGOSTR3410Curve (eGOSTR3410CryptoProA)->GetGroup (), m_PrivateKey, encrypted, data, ctx, zeroPadding);
 		return false;
 	}
 
@@ -131,7 +131,7 @@ namespace crypto
 	void CreateECIESGOSTR3410RandomKeys (uint8_t * priv, uint8_t * pub)
 	{
 		auto& curve = GetGOSTR3410Curve (eGOSTR3410CryptoProA);
-		EC_POINT * p = nullptr; 
+		EC_POINT * p = nullptr;
 		BIGNUM * key = nullptr;
 		GenerateECIESKeyPair (curve->GetGroup (), key, p);
 		bn2buf (key, priv, 32);
@@ -140,9 +140,9 @@ namespace crypto
 		BIGNUM * x = BN_new (), * y = BN_new ();
 		EC_POINT_get_affine_coordinates_GFp (curve->GetGroup (), p, x, y, NULL);
 		bn2buf (x, pub, 32);
-		bn2buf (y, pub + 32, 32);				
+		bn2buf (y, pub + 32, 32);
 		RAND_bytes (pub + 64, 192);
-		EC_POINT_free (p); 
+		EC_POINT_free (p);
 		BN_free (x); BN_free (y);
 	}
 

libi2pd/CryptoKey.h

@@ -8,20 +8,20 @@ namespace i2p
 {
 namespace crypto
 {
-	class CryptoKeyEncryptor 
+	class CryptoKeyEncryptor
 	{
 		public:
 
 			virtual ~CryptoKeyEncryptor () {};
-			virtual void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) = 0; // 222 bytes data, 512 bytes encrypted
-	};	
+			virtual void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding) = 0; // 222 bytes data, 512/514 bytes encrypted
+	};
 
-	class CryptoKeyDecryptor 
+	class CryptoKeyDecryptor
 	{
 		public:
 
 			virtual ~CryptoKeyDecryptor () {};
-			virtual bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) = 0; // 512 bytes encrypted, 222 bytes data
+			virtual bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding) = 0; // 512/514 bytes encrypted, 222 bytes data
 	};
 
 // ElGamal
@@ -30,7 +30,7 @@ namespace crypto
 		public:
 
 			ElGamalEncryptor (const uint8_t * pub);
-			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); 
+			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding);
 
 		private:
 
@@ -42,7 +42,7 @@ namespace crypto
 		public:
 
 			ElGamalDecryptor (const uint8_t * priv);
-			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); 
+			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
 
 		private:
 
@@ -51,13 +51,13 @@ namespace crypto
 
 // ECIES P256
 
-	class ECIESP256Encryptor: public CryptoKeyEncryptor 
+	class ECIESP256Encryptor: public CryptoKeyEncryptor
 	{
 		public:
 
 			ECIESP256Encryptor (const uint8_t * pub);
 			~ECIESP256Encryptor ();
-			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); 
+			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding);
 
 		private:
 
@@ -72,7 +72,7 @@ namespace crypto
 
 			ECIESP256Decryptor (const uint8_t * priv);
 			~ECIESP256Decryptor ();
-			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); 
+			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
 
 		private:
 
@@ -80,17 +80,17 @@ namespace crypto
 			BIGNUM * m_PrivateKey;
 	};
 
-	void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub);	
+	void CreateECIESP256RandomKeys (uint8_t * priv, uint8_t * pub);
 
 // ECIES GOST R 34.10
 
-	class ECIESGOSTR3410Encryptor: public CryptoKeyEncryptor 
+	class ECIESGOSTR3410Encryptor: public CryptoKeyEncryptor
 	{
 		public:
 
 			ECIESGOSTR3410Encryptor (const uint8_t * pub);
 			~ECIESGOSTR3410Encryptor ();
-			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx); 
+			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding);
 
 		private:
 
@@ -104,7 +104,7 @@ namespace crypto
 
 			ECIESGOSTR3410Decryptor (const uint8_t * priv);
 			~ECIESGOSTR3410Decryptor ();
-			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); 
+			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
 
 		private:
 

libi2pd/CryptoWorker.h

@@ -0,0 +1,81 @@
+#ifndef CRYPTO_WORKER_H_
+#define CRYPTO_WORKER_H_
+
+#include <condition_variable>
+#include <mutex>
+#include <deque>
+#include <thread>
+#include <vector>
+#include <memory>
+
+namespace i2p
+{
+namespace worker
+{
+	template<typename Caller>
+	struct ThreadPool
+	{
+		typedef std::function<void(void)> ResultFunc;
+		typedef std::function<ResultFunc(void)> WorkFunc;
+		typedef std::pair<std::shared_ptr<Caller>, WorkFunc> Job;
+		typedef std::mutex mtx_t;
+		typedef std::unique_lock<mtx_t> lock_t;
+		typedef std::condition_variable cond_t;
+		ThreadPool(int workers)
+		{
+			stop = false;
+			if(workers > 0)
+			{
+				while(workers--)
+				{
+					threads.emplace_back([this] {
+							for (;;)
+							{
+								Job job;
+								{
+									lock_t lock(this->queue_mutex);
+									this->condition.wait(
+										lock, [this] { return this->stop || !this->jobs.empty(); });
+									if (this->stop && this->jobs.empty()) return;
+									job = std::move(this->jobs.front());
+									this->jobs.pop_front();
+								}
+								ResultFunc result = job.second();
+								job.first->GetService().post(result);
+							}
+					});
+				}
+			}
+		};
+
+		void Offer(const Job & job)
+		{
+			{
+				lock_t lock(queue_mutex);
+				if (stop) return;
+				jobs.emplace_back(job);
+			}
+			condition.notify_one();
+		}
+
+		~ThreadPool()
+		{
+			{
+				lock_t lock(queue_mutex);
+				stop = true;
+			}
+			condition.notify_all();
+			for(auto &t: threads) t.join();
+		}
+
+		std::vector<std::thread> threads;
+		std::deque<Job> jobs;
+		mtx_t queue_mutex;
+		cond_t condition;
+		bool stop;
+	};
+}
+}
+
+
+#endif

libi2pd/Datagram.cpp

@@ -11,20 +11,20 @@ namespace i2p
 {
 namespace datagram
 {
-	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner): 
+	DatagramDestination::DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner):
 		m_Owner (owner.get()),
 		m_Receiver (nullptr)
 	{
 		m_Identity.FromBase64 (owner->GetIdentity()->ToBase64());
 	}
-	
+
 	DatagramDestination::~DatagramDestination ()
 	{
 		m_Sessions.clear();
 	}
 
 	void DatagramDestination::SendDatagramTo(const uint8_t * payload, size_t len, const i2p::data::IdentHash & identity, uint16_t fromPort, uint16_t toPort)
-	{	
+	{
 		auto owner = m_Owner;
 		std::vector<uint8_t> v(MAX_DATAGRAM_SIZE);
 		uint8_t * buf = v.data();
@@ -33,11 +33,11 @@ namespace datagram
 		auto signatureLen = m_Identity.GetSignatureLen ();
 		uint8_t * buf1 = signature + signatureLen;
 		size_t headerLen = identityLen + signatureLen;
-		
-		memcpy (buf1, payload, len);	
+
+		memcpy (buf1, payload, len);
 		if (m_Identity.GetSigningKeyType () == i2p::data::SIGNING_KEY_TYPE_DSA_SHA1)
 		{
-			uint8_t hash[32];	
+			uint8_t hash[32];
 			SHA256(buf1, len, hash);
 			owner->Sign (hash, 32, signature);
 		}
@@ -63,10 +63,10 @@ namespace datagram
 			uint8_t hash[32];
 			SHA256(buf + headerLen, len - headerLen, hash);
 			verified = identity.Verify (hash, 32, signature);
-		}	
-		else	
+		}
+		else
 			verified = identity.Verify (buf + headerLen, len - headerLen, signature);
-				
+
 		if (verified)
 		{
 			auto h = identity.GetIdentHash();
@@ -79,7 +79,7 @@ namespace datagram
 				LogPrint (eLogWarning, "DatagramDestination: no receiver for port ", toPort);
 		}
 		else
-			LogPrint (eLogWarning, "Datagram signature verification failed");	
+			LogPrint (eLogWarning, "Datagram signature verification failed");
 	}
 
 	DatagramDestination::Receiver DatagramDestination::FindReceiver(uint16_t port)
@@ -113,24 +113,24 @@ namespace datagram
 		{
 			htobe32buf (msg->GetPayload (), size); // length
 			htobe16buf (buf + 4, fromPort); // source port
-			htobe16buf (buf + 6, toPort); // destination port 
+			htobe16buf (buf + 6, toPort); // destination port
 			buf[9] = i2p::client::PROTOCOL_TYPE_DATAGRAM; // datagram protocol
-			msg->len += size + 4; 
+			msg->len += size + 4;
 			msg->FillI2NPMessageHeader (eI2NPData);
-		}	
+		}
 		else
 			msg = nullptr;
 		return msg;
 	}
 
 	void DatagramDestination::CleanUp ()
-	{			
+	{
 		if (m_Sessions.empty ()) return;
 		auto now = i2p::util::GetMillisecondsSinceEpoch();
 		LogPrint(eLogDebug, "DatagramDestination: clean up sessions");
 		std::unique_lock<std::mutex> lock(m_SessionsMutex);
 		// for each session ...
-		for (auto it = m_Sessions.begin (); it != m_Sessions.end (); ) 
+		for (auto it = m_Sessions.begin (); it != m_Sessions.end (); )
 		{
 			// check if expired
 			if (now - it->second->LastActivity() >= DATAGRAM_SESSION_MAX_IDLE)
@@ -143,7 +143,7 @@ namespace datagram
 				it++;
 		}
 	}
-	
+
 	std::shared_ptr<DatagramSession> DatagramDestination::ObtainSession(const i2p::data::IdentHash & identity)
 	{
 		std::shared_ptr<DatagramSession> session = nullptr;
@@ -169,7 +169,7 @@ namespace datagram
 		}
 		return nullptr;
 	}
-	
+
 	DatagramSession::DatagramSession(i2p::client::ClientDestination * localDestination,
 																	 const i2p::data::IdentHash & remoteIdent) :
 		m_LocalDestination(localDestination),
@@ -203,7 +203,7 @@ namespace datagram
 	{
 		if(!m_RoutingSession)
 			return DatagramSession::Info(nullptr, nullptr, m_LastUse);
-		
+
 		auto routingPath = m_RoutingSession->GetSharedRoutingPath();
 		if (!routingPath)
 			return DatagramSession::Info(nullptr, nullptr, m_LastUse);
@@ -318,7 +318,7 @@ namespace datagram
 			m_RoutingSession->SetSharedRoutingPath(path);
 		}
 		return path;
-	
+
 	}
 
 	void DatagramSession::HandleLeaseSetUpdated(std::shared_ptr<i2p::data::LeaseSet> ls)

libi2pd/Datagram.h

@@ -106,7 +106,7 @@ namespace datagram
     DatagramDestination (std::shared_ptr<i2p::client::ClientDestination> owner);
 			~DatagramDestination ();
 
-    	void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash & ident, uint16_t fromPort = 0, uint16_t toPort = 0);
+	void SendDatagramTo (const uint8_t * payload, size_t len, const i2p::data::IdentHash & ident, uint16_t fromPort = 0, uint16_t toPort = 0);
 			void HandleDataMessagePayload (uint16_t fromPort, uint16_t toPort, const uint8_t * buf, size_t len);
 
 			void SetReceiver (const Receiver& receiver) { m_Receiver = receiver; };

libi2pd/Destination.cpp

@@ -24,9 +24,9 @@ namespace client
 		int outQty  = DEFAULT_OUTBOUND_TUNNELS_QUANTITY;
 		int numTags = DEFAULT_TAGS_TO_SEND;
 		std::shared_ptr<std::vector<i2p::data::IdentHash> > explicitPeers;
-		try 
+		try
 		{
-			if (params) 
+			if (params)
 			{
 				auto it = params->find (I2CP_PARAM_INBOUND_TUNNEL_LENGTH);
 				if (it != params->end ())
@@ -59,10 +59,16 @@ namespace client
 					}
 				}
 				it = params->find (I2CP_PARAM_INBOUND_NICKNAME);
-				if (it != params->end ()) m_Nickname = it->second; // otherwise we set deafult nickname in Start when we know local address
+				if (it != params->end ()) m_Nickname = it->second;
+				else // try outbound
+				{
+					it = params->find (I2CP_PARAM_OUTBOUND_NICKNAME);
+					if (it != params->end ()) m_Nickname = it->second;
+					// otherwise we set deafult nickname in Start when we know local address
+				}
 			}
-		} 
-		catch (std::exception & ex) 
+		}
+		catch (std::exception & ex)
 		{
 			LogPrint(eLogError, "Destination: unable to parse parameters for destination: ", ex.what());
 		}
@@ -163,6 +169,46 @@ namespace client
 			return false;
 	}
 
+	bool LeaseSetDestination::Reconfigure(std::map<std::string, std::string> params)
+	{
+		
+		auto itr = params.find("i2cp.dontPublishLeaseSet");
+		if (itr != params.end())
+		{
+			m_IsPublic = itr->second != "true";
+		}
+		
+		int inLen, outLen, inQuant, outQuant, numTags, minLatency, maxLatency;
+		std::map<std::string, int&> intOpts = {
+			{I2CP_PARAM_INBOUND_TUNNEL_LENGTH, inLen},
+			{I2CP_PARAM_OUTBOUND_TUNNEL_LENGTH, outLen},
+			{I2CP_PARAM_INBOUND_TUNNELS_QUANTITY, inQuant},
+			{I2CP_PARAM_OUTBOUND_TUNNELS_QUANTITY, outQuant},
+			{I2CP_PARAM_TAGS_TO_SEND, numTags},
+			{I2CP_PARAM_MIN_TUNNEL_LATENCY, minLatency},
+			{I2CP_PARAM_MAX_TUNNEL_LATENCY, maxLatency}
+		};
+
+		auto pool = GetTunnelPool();
+		inLen = pool->GetNumInboundHops();
+		outLen = pool->GetNumOutboundHops();
+		inQuant = pool->GetNumInboundTunnels();
+		outQuant = pool->GetNumOutboundTunnels();
+		minLatency = 0;
+		maxLatency = 0;
+		
+		for (auto & opt : intOpts)
+		{
+			itr = params.find(opt.first);
+			if(itr != params.end())
+			{
+				opt.second = std::stoi(itr->second);
+			}
+		}
+		pool->RequireLatency(minLatency, maxLatency);
+		return pool->Reconfigure(inLen, outLen, inQuant, outQuant);
+	}
+	
 	std::shared_ptr<const i2p::data::LeaseSet> LeaseSetDestination::FindLeaseSet (const i2p::data::IdentHash& ident)
 	{
 		std::shared_ptr<i2p::data::LeaseSet> remoteLS;
@@ -235,8 +281,12 @@ namespace client
 		i2p::garlic::GarlicDestination::SetLeaseSetUpdated ();
 		if (m_IsPublic)
 		{
-			m_PublishVerificationTimer.cancel ();
-			Publish ();
+			auto s = shared_from_this ();
+			m_Service.post ([s](void)
+			{
+				s->m_PublishVerificationTimer.cancel ();
+				s->Publish ();
+			});	
 		}
 	}
 
@@ -279,17 +329,17 @@ namespace client
 		switch (typeID)
 		{
 			case eI2NPData:
-				HandleDataMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
+				HandleDataMessage (buf + I2NP_HEADER_SIZE, GetI2NPMessageLength(buf, len) - I2NP_HEADER_SIZE);
 			break;
 			case eI2NPDeliveryStatus:
 				// we assume tunnel tests non-encrypted
 				HandleDeliveryStatusMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf, len), from));
 			break;
 			case eI2NPDatabaseStore:
-				HandleDatabaseStoreMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
+				HandleDatabaseStoreMessage (buf + I2NP_HEADER_SIZE, GetI2NPMessageLength(buf, len) - I2NP_HEADER_SIZE);
 			break;
 			case eI2NPDatabaseSearchReply:
-				HandleDatabaseSearchReplyMessage (buf + I2NP_HEADER_SIZE, bufbe16toh (buf + I2NP_HEADER_SIZE_OFFSET));
+				HandleDatabaseSearchReplyMessage (buf + I2NP_HEADER_SIZE, GetI2NPMessageLength(buf, len) - I2NP_HEADER_SIZE);
 			break;
 			default:
 				i2p::HandleI2NPMessage (CreateI2NPMessage (buf, GetI2NPMessageLength (buf, len), from));
@@ -486,7 +536,7 @@ namespace client
 				m_PublishReplyToken = 0;
 				if (GetIdentity ()->GetCryptoKeyType () == i2p::data::CRYPTO_KEY_TYPE_ELGAMAL)
 				{
-					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT,  " seconds, will try again");				
+					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT,  " seconds, will try again");
 					Publish ();
 				}
 				else
@@ -497,7 +547,7 @@ namespace client
 					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
 					m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
 			shared_from_this (), std::placeholders::_1));
-					
+
 				}
 			}
 		}
@@ -722,14 +772,14 @@ namespace client
 		if (isPublic)
 			PersistTemporaryKeys ();
 		else
-			i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (), 
+			i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (),
 				m_EncryptionPrivateKey, m_EncryptionPublicKey);
-		m_Decryptor = m_Keys.CreateDecryptor (m_EncryptionPrivateKey); 
+		m_Decryptor = m_Keys.CreateDecryptor (m_EncryptionPrivateKey);
 		if (isPublic)
 			LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created");
 
 		// extract streaming params
-		if (params) 
+		if (params)
 		{
 			auto it = params->find (I2CP_PARAM_STREAMING_INITIAL_ACK_DELAY);
 			if (it != params->end ())
@@ -774,7 +824,7 @@ namespace client
 				delete m_DatagramDestination;
 				m_DatagramDestination = nullptr;
 			}
-		  	return true;
+			return true;
 		}
 		else
 			return false;
@@ -809,6 +859,11 @@ namespace client
 	void ClientDestination::HandleDataMessage (const uint8_t * buf, size_t len)
 	{
 		uint32_t length = bufbe32toh (buf);
+		if(length > len - 4)
+		{
+			LogPrint(eLogError, "Destination: Data message length ", length, " exceeds buffer length ", len);
+			return;
+		}
 		buf += 4;
 		// we assume I2CP payload
 		uint16_t fromPort = bufbe16toh (buf + 4), // source
@@ -950,7 +1005,7 @@ namespace client
 		}
 
 		LogPrint (eLogInfo, "Destination: Creating new temporary keys for address ", ident, ".b32.i2p");
-		i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (), 
+		i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (),
 				m_EncryptionPrivateKey, m_EncryptionPublicKey);
 
 		std::ofstream f1 (path, std::ofstream::binary | std::ofstream::out);
@@ -978,7 +1033,7 @@ namespace client
 	bool ClientDestination::Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) const
 	{
 		if (m_Decryptor)
-			return m_Decryptor->Decrypt (encrypted, data, ctx);
+			return m_Decryptor->Decrypt (encrypted, data, ctx, true);
 		else
 			LogPrint (eLogError, "Destinations: decryptor is not set");
 		return false;

libi2pd/Destination.h

@@ -29,7 +29,7 @@ namespace client
 	const uint8_t PROTOCOL_TYPE_DATAGRAM = 17;
 	const uint8_t PROTOCOL_TYPE_RAW = 18;
 	const int PUBLISH_CONFIRMATION_TIMEOUT = 5; // in seconds
-	const int PUBLISH_VERIFICATION_TIMEOUT = 10; // in seconds after successfull publish
+	const int PUBLISH_VERIFICATION_TIMEOUT = 10; // in seconds after successful publish
 	const int PUBLISH_MIN_INTERVAL = 20; // in seconds
 	const int PUBLISH_REGULAR_VERIFICATION_INTERNAL = 100; // in seconds periodically
 	const int LEASESET_REQUEST_TIMEOUT = 5; // in seconds
@@ -51,6 +51,7 @@ namespace client
 	const char I2CP_PARAM_TAGS_TO_SEND[] = "crypto.tagsToSend";
 	const int DEFAULT_TAGS_TO_SEND = 40;
 	const char I2CP_PARAM_INBOUND_NICKNAME[] = "inbound.nickname";
+	const char I2CP_PARAM_OUTBOUND_NICKNAME[] = "outbound.nickname";
 
 	// latency
 	const char I2CP_PARAM_MIN_TUNNEL_LATENCY[] = "latency.min";
@@ -95,6 +96,10 @@ namespace client
 
 			virtual bool Start ();
 			virtual bool Stop ();
+
+			/** i2cp reconfigure */
+			virtual bool Reconfigure(std::map<std::string, std::string> i2cpOpts);
+		
 			bool IsRunning () const { return m_IsRunning; };
 			boost::asio::io_service& GetService () { return m_Service; };
 			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () { return m_Pool; };
@@ -189,9 +194,9 @@ namespace client
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const { m_Keys.Sign (buf, len, signature); };
 
 			// ref counter
-			int Acquire () { return ++m_RefCounter; }; 
+			int Acquire () { return ++m_RefCounter; };
 			int Release () { return --m_RefCounter; };
-			int GetRefCounter () const { return m_RefCounter; }; 
+			int GetRefCounter () const { return m_RefCounter; };
 
 			// streaming
 			std::shared_ptr<i2p::stream::StreamingDestination> CreateStreamingDestination (int port, bool gzip = true); // additional
@@ -238,7 +243,7 @@ namespace client
 			int m_StreamingAckDelay;
 			std::shared_ptr<i2p::stream::StreamingDestination> m_StreamingDestination; // default
 			std::map<uint16_t, std::shared_ptr<i2p::stream::StreamingDestination> > m_StreamingDestinationsByPorts;
-      		i2p::datagram::DatagramDestination * m_DatagramDestination;
+			i2p::datagram::DatagramDestination * m_DatagramDestination;
 			int m_RefCounter; // how many clients(tunnels) use this destination
 
 			boost::asio::deadline_timer m_ReadyChecker;

libi2pd/Ed25519.cpp

@@ -0,0 +1,515 @@
+#include <openssl/sha.h>
+#include "Log.h"
+#include "Crypto.h"
+#include "Ed25519.h"
+
+namespace i2p
+{
+namespace crypto
+{
+	Ed25519::Ed25519 ()
+	{
+		BN_CTX * ctx = BN_CTX_new ();
+		BIGNUM * tmp = BN_new ();
+
+		q = BN_new ();
+		// 2^255-19
+		BN_set_bit (q, 255); // 2^255
+		BN_sub_word (q, 19);
+
+		l = BN_new ();
+		// 2^252 + 27742317777372353535851937790883648493
+		BN_set_bit (l, 252);
+		two_252_2 = BN_dup (l);
+		BN_dec2bn (&tmp, "27742317777372353535851937790883648493");
+		BN_add (l, l, tmp);
+		BN_sub_word (two_252_2, 2); // 2^252 - 2
+
+		 // -121665*inv(121666)
+		d = BN_new ();
+		BN_set_word (tmp, 121666);
+		BN_mod_inverse (tmp, tmp, q, ctx);
+		BN_set_word (d, 121665);
+		BN_set_negative (d, 1);
+		BN_mul (d, d, tmp, ctx);
+
+		// 2^((q-1)/4)
+		I = BN_new ();
+		BN_free (tmp);
+		tmp = BN_dup (q);
+		BN_sub_word (tmp, 1);
+		BN_div_word (tmp, 4);
+		BN_set_word (I, 2);
+		BN_mod_exp (I, I, tmp, q, ctx);
+		BN_free (tmp);
+
+		// 4*inv(5)
+		BIGNUM * By = BN_new ();
+		BN_set_word (By, 5);
+		BN_mod_inverse (By, By, q, ctx);
+		BN_mul_word (By, 4);
+		BIGNUM * Bx = RecoverX (By, ctx);
+		BN_mod (Bx, Bx, q, ctx); // % q
+		BN_mod (By, By, q, ctx); // % q
+
+		// precalculate Bi256 table
+		Bi256Carry = { Bx, By };  // B
+		for (int i = 0; i < 32; i++)
+		{
+			Bi256[i][0] = Bi256Carry; // first point
+			for (int j = 1; j < 128; j++)
+				Bi256[i][j] = Sum (Bi256[i][j-1], Bi256[i][0], ctx); // (256+j+1)^i*B
+			Bi256Carry = Bi256[i][127];
+			for (int j = 0; j < 128; j++) // add first point 128 more times
+				Bi256Carry = Sum (Bi256Carry, Bi256[i][0], ctx);
+		}
+
+		BN_CTX_free (ctx);
+	}
+
+	Ed25519::Ed25519 (const Ed25519& other): q (BN_dup (other.q)), l (BN_dup (other.l)),
+		d (BN_dup (other.d)), I (BN_dup (other.I)), two_252_2 (BN_dup (other.two_252_2)),
+		Bi256Carry (other.Bi256Carry)
+	{
+		for (int i = 0; i < 32; i++)
+			for (int j = 0; j < 128; j++)
+				Bi256[i][j] = other.Bi256[i][j];
+	}
+
+	Ed25519::~Ed25519 ()
+	{
+		BN_free (q);
+		BN_free (l);
+		BN_free (d);
+		BN_free (I);
+		BN_free (two_252_2);
+	}
+
+
+	EDDSAPoint Ed25519::GeneratePublicKey (const uint8_t * expandedPrivateKey, BN_CTX * ctx) const
+	{
+		return MulB (expandedPrivateKey, ctx); // left half of expanded key, considered as Little Endian
+	}
+
+	EDDSAPoint Ed25519::DecodePublicKey (const uint8_t * buf, BN_CTX * ctx) const
+	{
+		return DecodePoint (buf, ctx);
+	}
+
+	void Ed25519::EncodePublicKey (const EDDSAPoint& publicKey, uint8_t * buf, BN_CTX * ctx) const
+	{
+		EncodePoint (Normalize (publicKey, ctx), buf);
+	}
+
+	bool Ed25519::Verify (const EDDSAPoint& publicKey, const uint8_t * digest, const uint8_t * signature) const
+	{
+		BN_CTX * ctx = BN_CTX_new ();
+		BIGNUM * h = DecodeBN<64> (digest);
+		// signature 0..31 - R, 32..63 - S
+		// B*S = R + PK*h => R = B*S - PK*h
+		// we don't decode R, but encode (B*S - PK*h)
+		auto Bs = MulB (signature + EDDSA25519_SIGNATURE_LENGTH/2, ctx); // B*S;
+		BN_mod (h, h, l, ctx); // public key is multiple of B, but B%l = 0
+		auto PKh = Mul (publicKey, h, ctx); // PK*h
+		uint8_t diff[32];
+		EncodePoint (Normalize (Sum (Bs, -PKh, ctx), ctx), diff); // Bs - PKh encoded
+		bool passed = !memcmp (signature, diff, 32); // R
+		BN_free (h);
+		BN_CTX_free (ctx);
+		if (!passed)
+			LogPrint (eLogError, "25519 signature verification failed");
+		return passed;
+	}
+
+	void Ed25519::Sign (const uint8_t * expandedPrivateKey, const uint8_t * publicKeyEncoded, const uint8_t * buf, size_t len,
+		uint8_t * signature) const
+	{
+		BN_CTX * bnCtx = BN_CTX_new ();
+		// calculate r
+		SHA512_CTX ctx;
+		SHA512_Init (&ctx);
+		SHA512_Update (&ctx, expandedPrivateKey + EDDSA25519_PRIVATE_KEY_LENGTH, EDDSA25519_PRIVATE_KEY_LENGTH); // right half of expanded key
+		SHA512_Update (&ctx, buf, len); // data
+		uint8_t digest[64];
+		SHA512_Final (digest, &ctx);
+		BIGNUM * r = DecodeBN<32> (digest); // DecodeBN<64> (digest); // for test vectors
+		// calculate R
+		uint8_t R[EDDSA25519_SIGNATURE_LENGTH/2]; // we must use separate buffer because signature might be inside buf
+		EncodePoint (Normalize (MulB (digest, bnCtx), bnCtx), R); // EncodePoint (Mul (B, r, bnCtx), R); // for test vectors
+		// calculate S
+		SHA512_Init (&ctx);
+		SHA512_Update (&ctx, R, EDDSA25519_SIGNATURE_LENGTH/2); // R
+		SHA512_Update (&ctx, publicKeyEncoded, EDDSA25519_PUBLIC_KEY_LENGTH); // public key
+		SHA512_Update (&ctx, buf, len); // data
+		SHA512_Final (digest, &ctx);
+		BIGNUM * h = DecodeBN<64> (digest);
+		// S = (r + h*a) % l
+		BIGNUM * a = DecodeBN<EDDSA25519_PRIVATE_KEY_LENGTH> (expandedPrivateKey); // left half of expanded key
+		BN_mod_mul (h, h, a, l, bnCtx); // %l
+		BN_mod_add (h, h, r, l, bnCtx); // %l
+		memcpy (signature, R, EDDSA25519_SIGNATURE_LENGTH/2);
+		EncodeBN (h, signature + EDDSA25519_SIGNATURE_LENGTH/2, EDDSA25519_SIGNATURE_LENGTH/2); // S
+		BN_free (r); BN_free (h); BN_free (a);
+		BN_CTX_free (bnCtx);
+	}
+
+	EDDSAPoint Ed25519::Sum (const EDDSAPoint& p1, const EDDSAPoint& p2, BN_CTX * ctx) const
+	{
+		// x3 = (x1*y2+y1*x2)*(z1*z2-d*t1*t2)
+		// y3 = (y1*y2+x1*x2)*(z1*z2+d*t1*t2)
+		// z3 = (z1*z2-d*t1*t2)*(z1*z2+d*t1*t2)
+		// t3 = (y1*y2+x1*x2)*(x1*y2+y1*x2)
+		BIGNUM * x3 = BN_new (), * y3 = BN_new (), * z3 = BN_new (), * t3 = BN_new ();
+
+		BN_mul (x3, p1.x, p2.x, ctx); // A = x1*x2
+		BN_mul (y3, p1.y, p2.y, ctx); // B = y1*y2
+
+		BN_CTX_start (ctx);
+		BIGNUM * t1 = p1.t, * t2 = p2.t;
+		if (!t1) { t1 = BN_CTX_get (ctx); BN_mul (t1, p1.x, p1.y, ctx); }
+		if (!t2) { t2 = BN_CTX_get (ctx); BN_mul (t2, p2.x, p2.y, ctx); }
+		BN_mul (t3, t1, t2, ctx);
+		BN_mul (t3, t3, d, ctx);  // C = d*t1*t2
+
+		if (p1.z)
+		{
+			if (p2.z)
+				BN_mul (z3, p1.z, p2.z, ctx); // D = z1*z2
+			else
+				BN_copy (z3, p1.z); // D = z1
+		}
+		else
+		{
+			if (p2.z)
+				BN_copy (z3, p2.z); // D = z2
+			else
+				BN_one (z3); // D = 1
+		}
+
+		BIGNUM * E = BN_CTX_get (ctx), * F = BN_CTX_get (ctx), * G = BN_CTX_get (ctx), * H = BN_CTX_get (ctx);
+		BN_add (E, p1.x, p1.y);
+		BN_add (F, p2.x, p2.y);
+		BN_mul (E, E, F, ctx); // (x1 + y1)*(x2 + y2)
+		BN_sub (E, E, x3);
+		BN_sub (E, E, y3); // E = (x1 + y1)*(x2 + y2) - A - B
+		BN_sub (F, z3, t3); // F = D - C
+		BN_add (G, z3, t3); // G = D + C
+		BN_add (H, y3, x3); // H = B + A
+
+		BN_mod_mul (x3, E, F, q, ctx); // x3 = E*F
+		BN_mod_mul (y3, G, H, q, ctx); // y3 = G*H
+		BN_mod_mul (z3, F, G, q, ctx); // z3 = F*G
+		BN_mod_mul (t3, E, H, q, ctx); // t3 = E*H
+
+		BN_CTX_end (ctx);
+
+		return EDDSAPoint {x3, y3, z3, t3};
+	}
+
+	void Ed25519::Double (EDDSAPoint& p, BN_CTX * ctx) const
+	{
+		BN_CTX_start (ctx);
+		BIGNUM * x2 = BN_CTX_get (ctx), * y2 = BN_CTX_get (ctx), * z2 = BN_CTX_get (ctx), * t2 = BN_CTX_get (ctx);
+
+		BN_sqr (x2, p.x, ctx); // x2 = A = x^2
+		BN_sqr (y2, p.y, ctx); // y2 = B = y^2
+		if (p.t)
+			BN_sqr (t2, p.t, ctx); // t2 = t^2
+		else
+		{
+			BN_mul (t2, p.x, p.y, ctx); // t = x*y
+			BN_sqr (t2, t2, ctx);  // t2 = t^2
+		}
+		BN_mul (t2, t2, d, ctx);  // t2 = C = d*t^2
+		if (p.z)
+			BN_sqr (z2, p.z, ctx); // z2 = D = z^2
+		else
+			BN_one (z2); // z2 = 1
+
+		BIGNUM * E = BN_CTX_get (ctx), * F = BN_CTX_get (ctx), * G = BN_CTX_get (ctx), * H = BN_CTX_get (ctx);
+		// E = (x+y)*(x+y)-A-B = x^2+y^2+2xy-A-B = 2xy
+		BN_mul (E, p.x, p.y, ctx);
+		BN_lshift1 (E, E);	// E =2*x*y
+		BN_sub (F, z2, t2); // F = D - C
+		BN_add (G, z2, t2); // G = D + C
+		BN_add (H, y2, x2); // H = B + A
+
+		BN_mod_mul (p.x, E, F, q, ctx); // x2 = E*F
+		BN_mod_mul (p.y, G, H, q, ctx); // y2 = G*H
+		if (!p.z) p.z = BN_new ();
+		BN_mod_mul (p.z, F, G, q, ctx); // z2 = F*G
+		if (!p.t) p.t = BN_new ();
+		BN_mod_mul (p.t, E, H, q, ctx); // t2 = E*H
+
+		BN_CTX_end (ctx);
+	}
+
+	EDDSAPoint Ed25519::Mul (const EDDSAPoint& p, const BIGNUM * e, BN_CTX * ctx) const
+	{
+		BIGNUM * zero = BN_new (), * one = BN_new ();
+		BN_zero (zero); BN_one (one);
+		EDDSAPoint res {zero, one};
+		if (!BN_is_zero (e))
+		{
+			int bitCount = BN_num_bits (e);
+			for (int i = bitCount - 1; i >= 0; i--)
+			{
+				Double (res, ctx);
+				if (BN_is_bit_set (e, i)) res = Sum (res, p, ctx);
+			}
+		}
+		return res;
+	}
+
+	EDDSAPoint Ed25519::MulB (const uint8_t * e, BN_CTX * ctx) const // B*e, e is 32 bytes Little Endian
+	{
+		BIGNUM * zero = BN_new (), * one = BN_new ();
+		BN_zero (zero); BN_one (one);
+		EDDSAPoint res {zero, one};
+		bool carry = false;
+		for (int i = 0; i < 32; i++)
+		{
+			uint8_t x = e[i];
+			if (carry)
+			{
+				if (x < 255)
+				{
+					x++;
+					carry = false;
+				}
+				else
+					x = 0;
+			}
+			if (x > 0)
+			{
+				if (x <= 128)
+					res = Sum (res, Bi256[i][x-1], ctx);
+				else
+				{
+					res = Sum (res, -Bi256[i][255-x], ctx); // -Bi[256-x]
+					carry = true;
+				}
+			}
+		}
+		if (carry) res = Sum (res, Bi256Carry, ctx);
+		return res;
+	}
+
+	EDDSAPoint Ed25519::Normalize (const EDDSAPoint& p, BN_CTX * ctx) const
+	{
+		if (p.z)
+		{
+			BIGNUM * x = BN_new (), * y = BN_new ();
+			BN_mod_inverse (y, p.z, q, ctx);
+			BN_mod_mul (x, p.x, y, q, ctx); // x = x/z
+			BN_mod_mul (y, p.y, y, q, ctx); // y = y/z
+			return  EDDSAPoint{x, y};
+		}
+		else
+			return EDDSAPoint{BN_dup (p.x), BN_dup (p.y)};
+	}
+
+	bool Ed25519::IsOnCurve (const EDDSAPoint& p, BN_CTX * ctx) const
+	{
+		BN_CTX_start (ctx);
+		BIGNUM * x2 = BN_CTX_get (ctx), * y2 = BN_CTX_get (ctx), * tmp = BN_CTX_get (ctx);
+		BN_sqr (x2, p.x, ctx); // x^2
+		BN_sqr (y2, p.y, ctx); // y^2
+		// y^2 - x^2 - 1 - d*x^2*y^2
+		BN_mul (tmp, d, x2, ctx);
+		BN_mul (tmp, tmp, y2, ctx);
+		BN_sub (tmp, y2, tmp);
+		BN_sub (tmp, tmp, x2);
+		BN_sub_word (tmp, 1);
+		BN_mod (tmp, tmp, q, ctx); // % q
+		bool ret = BN_is_zero (tmp);
+		BN_CTX_end (ctx);
+		return ret;
+	}
+
+	BIGNUM * Ed25519::RecoverX (const BIGNUM * y, BN_CTX * ctx) const
+	{
+		BN_CTX_start (ctx);
+		BIGNUM * y2 = BN_CTX_get (ctx), * xx = BN_CTX_get (ctx);
+		BN_sqr (y2, y, ctx); // y^2
+		// xx = (y^2 -1)*inv(d*y^2 +1)
+		BN_mul (xx, d, y2, ctx);
+		BN_add_word (xx, 1);
+		BN_mod_inverse (xx, xx, q, ctx);
+		BN_sub_word (y2, 1);
+		BN_mul (xx, y2, xx, ctx);
+		// x = srqt(xx) = xx^(2^252-2)
+		BIGNUM * x = BN_new ();
+		BN_mod_exp (x, xx, two_252_2, q, ctx);
+		// check (x^2 -xx) % q
+		BN_sqr (y2, x, ctx);
+		BN_mod_sub (y2, y2, xx, q, ctx);
+		if (!BN_is_zero (y2))
+			BN_mod_mul (x, x, I, q, ctx);
+		if (BN_is_odd (x))
+			BN_sub (x, q, x);
+		BN_CTX_end (ctx);
+		return x;
+	}
+
+	EDDSAPoint Ed25519::DecodePoint (const uint8_t * buf, BN_CTX * ctx) const
+	{
+		// buf is 32 bytes Little Endian, convert it to Big Endian
+		uint8_t buf1[EDDSA25519_PUBLIC_KEY_LENGTH];
+		for (size_t i = 0; i < EDDSA25519_PUBLIC_KEY_LENGTH/2; i++) // invert bytes
+		{
+			buf1[i] = buf[EDDSA25519_PUBLIC_KEY_LENGTH -1 - i];
+			buf1[EDDSA25519_PUBLIC_KEY_LENGTH -1 - i] = buf[i];
+		}
+		bool isHighestBitSet = buf1[0] & 0x80;
+		if (isHighestBitSet)
+			buf1[0] &= 0x7f; // clear highest bit
+		BIGNUM * y = BN_new ();
+		BN_bin2bn (buf1, EDDSA25519_PUBLIC_KEY_LENGTH, y);
+		BIGNUM * x = RecoverX (y, ctx);
+		if (BN_is_bit_set (x, 0) != isHighestBitSet)
+			BN_sub (x, q, x); // x = q - x
+		BIGNUM * z = BN_new (), * t = BN_new ();
+		BN_one (z); BN_mod_mul (t, x, y, q, ctx); // pre-calculate t
+		EDDSAPoint p {x, y, z, t};
+		if (!IsOnCurve (p, ctx))
+			LogPrint (eLogError, "Decoded point is not on 25519");
+		return p;
+	}
+
+	void Ed25519::EncodePoint (const EDDSAPoint& p, uint8_t * buf) const
+	{
+		EncodeBN (p.y, buf,EDDSA25519_PUBLIC_KEY_LENGTH);
+		if (BN_is_bit_set (p.x, 0)) // highest bit
+			buf[EDDSA25519_PUBLIC_KEY_LENGTH - 1] |= 0x80; // set highest bit
+	}
+
+	template<int len>
+	BIGNUM * Ed25519::DecodeBN (const uint8_t * buf) const
+	{
+		// buf is Little Endian convert it to Big Endian
+		uint8_t buf1[len];
+		for (size_t i = 0; i < len/2; i++) // invert bytes
+		{
+			buf1[i] = buf[len -1 - i];
+			buf1[len -1 - i] = buf[i];
+		}
+		BIGNUM * res = BN_new ();
+		BN_bin2bn (buf1, len, res);
+		return res;
+	}
+
+	void Ed25519::EncodeBN (const BIGNUM * bn, uint8_t * buf, size_t len) const
+	{
+		bn2buf (bn, buf, len);
+		// To Little Endian
+		for (size_t i = 0; i < len/2; i++) // invert bytes
+		{
+			uint8_t tmp = buf[i];
+			buf[i] = buf[len -1 - i];
+			buf[len -1 - i] = tmp;
+		}
+	}
+
+	BIGNUM * Ed25519::ScalarMul (const BIGNUM * u, const BIGNUM * k, BN_CTX * ctx) const
+	{
+		BN_CTX_start (ctx);
+		auto x1 = BN_CTX_get (ctx); BN_copy (x1, u);
+		auto x2 = BN_CTX_get (ctx); BN_one (x2);
+		auto z2 = BN_CTX_get (ctx); BN_zero (z2);
+		auto x3 = BN_CTX_get (ctx); BN_copy (x3, u);
+		auto z3 = BN_CTX_get (ctx); BN_one (z3);
+		auto c121666 = BN_CTX_get (ctx); BN_set_word (c121666, 121666);
+		auto tmp0 = BN_CTX_get (ctx); auto tmp1 = BN_CTX_get (ctx);
+		unsigned int swap = 0;
+		auto bits = BN_num_bits (k);
+		while(bits)
+		{
+			--bits;
+			auto k_t = BN_is_bit_set(k, bits) ? 1 : 0;
+			swap ^= k_t;
+			if (swap) 
+			{
+				std::swap (x2, x3);
+				std::swap (z2, z3);
+			}
+			swap = k_t;
+			BN_mod_sub(tmp0, x3, z3, q, ctx);
+			BN_mod_sub(tmp1, x2, z2, q, ctx);
+			BN_mod_add(x2, x2, z2, q, ctx);
+			BN_mod_add(z2, x3, z3, q, ctx);
+			BN_mod_mul(z3, tmp0, x2, q, ctx);
+			BN_mod_mul(z2, z2, tmp1, q, ctx);
+			BN_mod_sqr(tmp0, tmp1, q, ctx);
+			BN_mod_sqr(tmp1, x2, q, ctx);
+			BN_mod_add(x3, z3, z2, q, ctx);
+			BN_mod_sub(z2, z3, z2, q, ctx);
+			BN_mod_mul(x2, tmp1, tmp0, q, ctx);
+			BN_mod_sub(tmp1, tmp1, tmp0, q, ctx);
+			BN_mod_sqr(z2, z2, q, ctx);
+			BN_mod_mul(z3, tmp1, c121666, q, ctx);
+			BN_mod_sqr(x3, x3, q, ctx);
+			BN_mod_add(tmp0, tmp0, z3, q, ctx);
+			BN_mod_mul(z3, x1, z2, q, ctx);
+			BN_mod_mul(z2, tmp1, tmp0, q, ctx);
+		}
+		if (swap) 
+		{
+			std::swap (x2, x3);
+			std::swap (z2, z3);
+		}
+		BN_mod_inverse (z2, z2, q, ctx);
+		BIGNUM * res =  BN_new (); // not from ctx
+		BN_mod_mul(res, x2, z2, q, ctx);
+		BN_CTX_end (ctx);
+		return res;
+	}
+
+	void Ed25519::ScalarMul (const uint8_t * p, const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
+	{
+		BIGNUM * p1 = DecodeBN<32> (p);
+		uint8_t k[32];
+		memcpy (k, e, 32);
+		k[0] &= 248; k[31] &= 127; k[31] |= 64;
+		BIGNUM * n = DecodeBN<32> (k);
+		BIGNUM * q1 = ScalarMul (p1, n, ctx);
+		EncodeBN (q1, buf, 32);
+		BN_free (p1); BN_free (n); BN_free (q1);
+	}
+
+	void Ed25519::ScalarMulB (const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const
+	{
+		BIGNUM *p1 = BN_new (); BN_set_word (p1, 9);
+		uint8_t k[32];
+		memcpy (k, e, 32);
+		k[0] &= 248; k[31] &= 127; k[31] |= 64;
+		BIGNUM * n = DecodeBN<32> (k);
+		BIGNUM * q1 = ScalarMul (p1, n, ctx);
+		EncodeBN (q1, buf, 32);
+		BN_free (p1); BN_free (n); BN_free (q1);
+	}
+
+	void Ed25519::ExpandPrivateKey (const uint8_t * key, uint8_t * expandedKey)
+	{
+		SHA512 (key, EDDSA25519_PRIVATE_KEY_LENGTH, expandedKey);
+		expandedKey[0] &= 0xF8; // drop last 3 bits
+		expandedKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] &= 0x3F; // drop first 2 bits
+		expandedKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] |= 0x40; // set second bit
+	}
+
+	static std::unique_ptr<Ed25519> g_Ed25519;
+	std::unique_ptr<Ed25519>& GetEd25519 ()
+	{
+		if (!g_Ed25519)
+		{
+			auto c = new Ed25519();
+			if (!g_Ed25519) // make sure it was not created already
+				g_Ed25519.reset (c);
+			else
+				delete c;
+		}
+		return g_Ed25519;
+	}
+}
+}
+

libi2pd/Ed25519.h

@@ -0,0 +1,124 @@
+#ifndef ED25519_H__
+#define ED25519_H__
+
+#include <memory>
+#include <openssl/bn.h>
+
+namespace i2p
+{
+namespace crypto
+{
+	struct EDDSAPoint
+	{
+		BIGNUM * x {nullptr};
+		BIGNUM * y {nullptr};
+		BIGNUM * z {nullptr};
+		BIGNUM * t {nullptr}; // projective coordinates
+
+		EDDSAPoint () {}
+		EDDSAPoint (const EDDSAPoint& other)   { *this = other; }
+		EDDSAPoint (EDDSAPoint&& other)        { *this = std::move (other); }
+		EDDSAPoint (BIGNUM * x1, BIGNUM * y1, BIGNUM * z1 = nullptr, BIGNUM * t1 = nullptr)
+			: x(x1)
+			, y(y1)
+			, z(z1)
+			, t(t1)
+		{}
+		~EDDSAPoint () { BN_free (x); BN_free (y); BN_free(z); BN_free(t); }
+
+		EDDSAPoint& operator=(EDDSAPoint&& other)
+		{
+			if (this != &other)
+			{
+				BN_free (x); x = other.x; other.x = nullptr;
+				BN_free (y); y = other.y; other.y = nullptr;
+				BN_free (z); z = other.z; other.z = nullptr;
+				BN_free (t); t = other.t; other.t = nullptr;
+			}
+			return *this;
+		}
+
+		EDDSAPoint& operator=(const EDDSAPoint& other)
+		{
+			if (this != &other)
+			{
+				BN_free (x); x = other.x ? BN_dup (other.x) : nullptr;
+				BN_free (y); y = other.y ? BN_dup (other.y) : nullptr;
+				BN_free (z); z = other.z ? BN_dup (other.z) : nullptr;
+				BN_free (t); t = other.t ? BN_dup (other.t) : nullptr;
+			}
+			return *this;
+		}
+
+		EDDSAPoint operator-() const
+		{
+			BIGNUM * x1 = NULL, * y1 = NULL, * z1 = NULL, * t1 = NULL;
+			if (x) { x1 = BN_dup (x); BN_set_negative (x1, !BN_is_negative (x)); };
+			if (y) y1 = BN_dup (y);
+			if (z) z1 = BN_dup (z);
+			if (t) { t1 = BN_dup (t); BN_set_negative (t1, !BN_is_negative (t)); };
+			return EDDSAPoint {x1, y1, z1, t1};
+		}
+	};
+
+	const size_t EDDSA25519_PUBLIC_KEY_LENGTH = 32;
+	const size_t EDDSA25519_SIGNATURE_LENGTH = 64;
+	const size_t EDDSA25519_PRIVATE_KEY_LENGTH = 32;
+	class Ed25519
+	{
+		public:
+
+			Ed25519 ();
+			Ed25519 (const Ed25519& other);
+			~Ed25519 ();
+
+			EDDSAPoint GeneratePublicKey (const uint8_t * expandedPrivateKey, BN_CTX * ctx) const;
+			EDDSAPoint DecodePublicKey (const uint8_t * buf, BN_CTX * ctx) const;
+			void EncodePublicKey (const EDDSAPoint& publicKey, uint8_t * buf, BN_CTX * ctx) const;
+			void ScalarMul (const uint8_t * p, const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const; // p is point, e is number for x25519
+			void ScalarMulB (const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const;
+
+			bool Verify (const EDDSAPoint& publicKey, const uint8_t * digest, const uint8_t * signature) const;
+			void Sign (const uint8_t * expandedPrivateKey, const uint8_t * publicKeyEncoded, const uint8_t * buf, size_t len, uint8_t * signature) const;
+
+			static void ExpandPrivateKey (const uint8_t * key, uint8_t * expandedKey); // key - 32 bytes, expandedKey - 64 bytes
+
+		private:
+
+			EDDSAPoint Sum (const EDDSAPoint& p1, const EDDSAPoint& p2, BN_CTX * ctx) const;
+			void Double (EDDSAPoint& p, BN_CTX * ctx) const;
+			EDDSAPoint Mul (const EDDSAPoint& p, const BIGNUM * e, BN_CTX * ctx) const;
+			EDDSAPoint MulB (const uint8_t * e, BN_CTX * ctx) const; // B*e, e is 32 bytes Little Endian
+			EDDSAPoint Normalize (const EDDSAPoint& p, BN_CTX * ctx) const;
+			
+			bool IsOnCurve (const EDDSAPoint& p, BN_CTX * ctx) const;	
+			BIGNUM * RecoverX (const BIGNUM * y, BN_CTX * ctx) const;
+			EDDSAPoint DecodePoint (const uint8_t * buf, BN_CTX * ctx) const;
+			void EncodePoint (const EDDSAPoint& p, uint8_t * buf) const;
+
+			template<int len>
+			BIGNUM * DecodeBN (const uint8_t * buf) const;
+			void EncodeBN (const BIGNUM * bn, uint8_t * buf, size_t len) const;
+
+			// for x25519
+			BIGNUM * ScalarMul (const BIGNUM * p, const BIGNUM * e, BN_CTX * ctx) const; 
+
+		private:
+
+			BIGNUM * q, * l, * d, * I;
+			// transient values
+			BIGNUM * two_252_2; // 2^252-2
+			EDDSAPoint Bi256[32][128]; // per byte, Bi256[i][j] = (256+j+1)^i*B, we don't store zeroes
+			// if j > 128 we use 256 - j and carry 1 to next byte
+			// Bi256[0][0] = B, base point
+			EDDSAPoint Bi256Carry; // Bi256[32][0]
+	};		
+
+	std::unique_ptr<Ed25519>& GetEd25519 ();
+
+}
+}
+
+
+#endif
+

libi2pd/Event.cpp

@@ -30,7 +30,7 @@ namespace i2p
 			}
 		  m_collected[key].Val += val;
 		}
-		
+
 		void EventCore::PumpCollected(EventListener * listener)
 		{
 			std::unique_lock<std::mutex> lock(m_collect_mutex);

libi2pd/Event.h

@@ -29,7 +29,7 @@ namespace i2p
       void CollectEvent(const std::string & type, const std::string & ident, uint64_t val);
 			void SetListener(EventListener * l);
       void PumpCollected(EventListener * l);
-      
+
 		private:
       std::mutex m_collect_mutex;
       struct CollectedEvent
@@ -41,7 +41,7 @@ namespace i2p
       std::map<std::string, CollectedEvent> m_collected;
 			EventListener * m_listener = nullptr;
 		};
-#ifdef WITH_EVENTS		
+#ifdef WITH_EVENTS
 		extern EventCore core;
 #endif
 	}

libi2pd/FS.cpp

@@ -68,7 +68,7 @@ namespace fs {
 #else /* other unix */
 #if defined(ANDROID)
 	const char * ext = getenv("EXTERNAL_STORAGE");
-	if (!ext) ext = "/sdcard";	
+	if (!ext) ext = "/sdcard";
 	if (boost::filesystem::exists(ext))
 	{
 		dataDir = std::string (ext) + "/" + appName;
@@ -96,7 +96,7 @@ namespace fs {
       boost::filesystem::create_directory(destinations);
 	std::string tags = DataDirPath("tags");
     if (!boost::filesystem::exists(tags))
-    	boost::filesystem::create_directory(tags);
+	boost::filesystem::create_directory(tags);
 	else
 		i2p::garlic::CleanUpTagsFiles ();
 
@@ -123,12 +123,12 @@ namespace fs {
   }
 
   uint32_t GetLastUpdateTime (const std::string & path)
-  {	
+  {
 	 if (!boost::filesystem::exists(path)) return 0;
 	 boost::system::error_code ec;
 	 auto t = boost::filesystem::last_write_time (path, ec);
 	 return ec ? 0 : t;
-  }				
+  }
 
   bool Remove(const std::string & path) {
     if (!boost::filesystem::exists(path))
@@ -136,7 +136,7 @@ namespace fs {
     return boost::filesystem::remove(path);
   }
 
-  	bool CreateDirectory (const std::string& path)
+	bool CreateDirectory (const std::string& path)
 	{
 		if (boost::filesystem::exists(path) &&
 			boost::filesystem::is_directory (boost::filesystem::status (path))) return true;

libi2pd/FS.h

@@ -97,7 +97,7 @@ namespace fs {
    * @param files Vector to store found files
    * @return true on success and false if directory not exists
    */
-  bool ReadDir(const std::string & path, std::vector<std::string> & files);		
+  bool ReadDir(const std::string & path, std::vector<std::string> & files);
 
   /**
    * @brief Remove file with given path
@@ -113,9 +113,9 @@ namespace fs {
    */
   bool Exists(const std::string & path);
 
-  uint32_t GetLastUpdateTime (const std::string & path); // seconds since epoch			
- 
-  bool CreateDirectory (const std::string& path);	
+  uint32_t GetLastUpdateTime (const std::string & path); // seconds since epoch
+
+  bool CreateDirectory (const std::string& path);
 
   template<typename T>
   void _ExpandPath(std::stringstream & path, T c) {
@@ -153,7 +153,7 @@ namespace fs {
 		_ExpandPath(s, filenames...);
 
 		return s.str();
-	}	
+	}
 
 } // fs
 } // i2p

libi2pd/Family.cpp

@@ -21,24 +21,24 @@ namespace data
 	void Families::LoadCertificate (const std::string& filename)
 	{
 		SSL_CTX * ctx = SSL_CTX_new (TLS_method ());
-		int ret = SSL_CTX_use_certificate_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); 
+		int ret = SSL_CTX_use_certificate_file (ctx, filename.c_str (), SSL_FILETYPE_PEM);
 		if (ret)
-		{	
+		{
 			SSL * ssl = SSL_new (ctx);
 			X509 * cert = SSL_get_certificate (ssl);
 			if (cert)
-			{	
+			{
 				std::shared_ptr<i2p::crypto::Verifier> verifier;
 				// extract issuer name
 				char name[100];
 				X509_NAME_oneline (X509_get_issuer_name(cert), name, 100);
 				char * cn = strstr (name, "CN=");
 				if (cn)
-				{	
+				{
 					cn += 3;
 					char * family = strstr (cn, ".family");
 					if (family) family[0] = 0;
-				}	
+				}
 				auto pkey = X509_get_pubkey (cert);
 				int keyType = EVP_PKEY_base_id (pkey);
 				switch (keyType)
@@ -65,7 +65,7 @@ namespace data
 									i2p::crypto::bn2buf (y, signingKey + 32, 32);
 									BN_free (x); BN_free (y);
 									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>(signingKey);
-								}	
+								}
 								else
 									LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
 							}
@@ -79,12 +79,12 @@ namespace data
 				EVP_PKEY_free (pkey);
 				if (verifier && cn)
 					m_SigningKeys[cn] = verifier;
-			}	
-			SSL_free (ssl);			
-		}	
+			}
+			SSL_free (ssl);
+		}
 		else
 			LogPrint (eLogError, "Family: Can't open certificate file ", filename);
-		SSL_CTX_free (ctx);		
+		SSL_CTX_free (ctx);
 	}
 
 	void Families::LoadCertificates ()
@@ -105,11 +105,11 @@ namespace data
 			}
 			LoadCertificate (file);
 			numCertificates++;
-		}	
+		}
 		LogPrint (eLogInfo, "Family: ", numCertificates, " certificates loaded");
 	}
 
-	bool Families::VerifyFamily (const std::string& family, const IdentHash& ident, 
+	bool Families::VerifyFamily (const std::string& family, const IdentHash& ident,
 		const char * signature, const char * key)
 	{
 		uint8_t buf[50], signatureBuf[64];
@@ -118,12 +118,12 @@ namespace data
 		{
 			LogPrint (eLogError, "Family: ", family, " is too long");
 			return false;
-		}		
+		}
 
 		memcpy (buf, family.c_str (), len);
 		memcpy (buf + len, (const uint8_t *)ident, 32);
-		len += 32;	
-		Base64ToByteStream (signature, signatureLen, signatureBuf, 64);	
+		len += 32;
+		Base64ToByteStream (signature, signatureLen, signatureBuf, 64);
 		auto it = m_SigningKeys.find (family);
 		if (it != m_SigningKeys.end ())
 			return it->second->Verify (buf, len, signatureBuf);
@@ -136,7 +136,7 @@ namespace data
 		auto filename = i2p::fs::DataDirPath("family", (family + ".key"));
 		std::string sig;
 		SSL_CTX * ctx = SSL_CTX_new (TLS_method ());
-		int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM); 
+		int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM);
 		if (ret)
 		{
 			SSL * ssl = SSL_new (ctx);
@@ -167,15 +167,15 @@ namespace data
 					}
 					else
 						LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
-				}	
-			}	
-			SSL_free (ssl);		
-		}	
+				}
+			}
+			SSL_free (ssl);
+		}
 		else
 			LogPrint (eLogError, "Family: Can't open keys file: ", filename);
-		SSL_CTX_free (ctx);	
+		SSL_CTX_free (ctx);
 		return sig;
-	}	
+	}
 }
 }
 

libi2pd/Family.h

@@ -18,7 +18,7 @@ namespace data
 			Families ();
 			~Families ();
 			void LoadCertificates ();
-			bool VerifyFamily (const std::string& family, const IdentHash& ident, 
+			bool VerifyFamily (const std::string& family, const IdentHash& ident,
 				const char * signature, const char * key = nullptr);
 
 		private:
@@ -28,7 +28,7 @@ namespace data
 		private:
 
 			std::map<std::string, std::shared_ptr<i2p::crypto::Verifier> > m_SigningKeys;
-	};		
+	};
 
 	std::string CreateFamilySignature (const std::string& family, const IdentHash& ident);
 	// return base64 signature of empty string in case of failure