2.25.0

Fix typos

ChangeLog

@@ -1,6 +1,71 @@
 # for this file format description,
 # see https://github.com/olivierlacan/keep-a-changelog
 
+## [2.25.0] - 2019-05-09
+### Added
+- Create, publish and handle encrypted LeaseSet2
+- Support of b33 addresses 
+- RedDSA key blinding
+- .b32.i2p addresses in jump links
+- ntcp2.addressv6 parameter
+### Changed
+- Allow HTTP headers without value
+- Set data directory from external storage path for Android
+- addresshelper support is configurable per tunnel
+- gradlew script for android build
+### Fixed
+- Deletion of expired encrypted LeaseSet2 on floodfills
+- ipv6 fallback address
+- SSU incoming packets routing
+
+## [2.24.0] - 2019-03-21
+### Added
+- Support of transient keys for LeaseSet2
+- Support of encrypted LeaseSet2
+- Recognize signature type 11 (RedDSA)
+- Support websocket connections over HTTP proxy
+- Ability to disable full addressbook persist
+### Changed
+- Don't load peer profiles if non-persistant
+- REUSE_ADDR for ipv6 acceptors
+- Reset eTags if addressbook can't be loaded
+### Fixed
+- Build with boost 1.70
+- Filter out unspecified addresses from RouterInfo
+- Check floodfill status change
+- Correct SAM response for invalid key
+- SAM crash on termination for Windows
+- Race condition for publishing
+ 
+## [2.23.0] - 2019-01-21
+### Added
+- Standard LeaseSet2 support
+- Ability to adjust timestamps through the NTP
+- Ability to disable peer profile persist
+- Request permission for android >= 6
+- Initial addressbook to android assets
+- Cancel graceful shutdown for android
+- Russian translation for android
+### Changed
+- Chacha20 and Poly1305 implementation
+- Eliminate extra copy of NTCP2 send buffers
+- Extract content of tunnel.d from assets on android
+- Removed name resolvers from transports
+- Update reseed certificates
+### Fixed
+- LeaseSet published content verification
+- Exclude invalid LeaseSets from the list on a floodfill
+- Build for OpenWrt with openssl 1.1.1
+
+## [2.22.0] - 2018-11-09
+### Added
+- Multiple tunnel config files from tunnels.d folder
+### Changed
+- Fetch own RouterInfo upon SessionRequest for NTCP2
+- Faster XOR between AES blocks for non AVX capable CPUs
+### Fixed
+- Fixed NTCP2 termination send
+
 ## [2.21.1] - 2018-10-22
 ### Changed
 - cost=13 for unpublished NTCP2 address

Makefile

@@ -48,7 +48,7 @@ else ifneq (, $(findstring mingw, $(SYS))$(findstring cygwin, $(SYS)))
 	DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32Service.cpp Win32/Win32App.cpp
 	include Makefile.mingw
 else # not supported
-$(error Not supported platform)
+	$(error Not supported platform)
 endif
 
 ifeq ($(USE_MESHNET),yes)

Makefile.linux

@@ -19,10 +19,7 @@ else ifeq ($(shell expr match ${CXXVER} "4\.[7-9]"),3) # >= 4.7
 	NEEDED_CXXFLAGS += -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1
 else ifeq ($(shell expr match ${CXXVER} "4\.6"),3) # = 4.6
 	NEEDED_CXXFLAGS += -std=c++0x
-else ifeq ($(shell expr match ${CXXVER} "[5-7]\.[0-9]"),3) # gcc >= 5.0
-	NEEDED_CXXFLAGS += -std=c++11
-	LDLIBS = -latomic
-else ifeq ($(shell expr match ${CXXVER} "[7-8]"),1) # gcc 7 ubuntu or gcc 8 arch
+else ifeq ($(shell expr match ${CXXVER} "[5-9]"),1) # gcc >= 5
 	NEEDED_CXXFLAGS += -std=c++11
 	LDLIBS = -latomic
 else # not supported

Makefile.mingw

@@ -3,10 +3,12 @@ CXX = g++
 WINDRES = windres
 CXXFLAGS := ${CXX_DEBUG} -D_MT -DWIN32 -D_WINDOWS -DWIN32_LEAN_AND_MEAN
 NEEDED_CXXFLAGS = -std=c++11
-BOOST_SUFFIX = -mt
 INCFLAGS = -Idaemon -I.
 LDFLAGS := ${LD_DEBUG} -Wl,-Bstatic -static-libgcc -static-libstdc++
 
+# Boost libraries suffix
+BOOST_SUFFIX = -mt
+
 # UPNP Support
 ifeq ($(USE_UPNP),yes)
 	CXXFLAGS += -DUSE_UPNP -DMINIUPNP_STATICLIB

README.md

@@ -1,3 +1,6 @@
+![GitHub release](https://img.shields.io/github/release/PurpleI2P/i2pd.svg?label=latest%20release)
+![GitHub](https://img.shields.io/github/license/PurpleI2P/i2pd.svg)
+
 i2pd
 ====
 
@@ -38,8 +41,12 @@ Resources
 Installing
 ----------
 
-The easiest way to install i2pd is by using
-[precompiled binaries](https://github.com/PurpleI2P/i2pd/releases/latest).
+The easiest way to install i2pd is by using precompiled packages and binaries.
+You can fetch most of them on [release](https://github.com/PurpleI2P/i2pd/releases/latest) page.  
+Please see [documentation](https://i2pd.readthedocs.io/en/latest/user-guide/install/) for more info.
+
+Building
+--------
 See [documentation](https://i2pd.readthedocs.io/en/latest/) for how to build
 i2pd from source on your OS.  
 
@@ -54,11 +61,11 @@ Build instructions:
 
 **Supported systems:**
 
-* GNU/Linux x86/x64		- [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
-* Windows				- [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)
-* Mac OS X				- [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
-* CentOS / Fedora		- [![Build Status](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/status_image/last_build.png)](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/)
-* Docker image     - [![Build Status](https://dockerbuildbadges.quelltext.eu/status.svg?organization=meeh&repository=i2pd)](https://hub.docker.com/r/meeh/i2pd/builds/)
+* GNU/Linux - [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
+* Windows - [![Build status](https://ci.appveyor.com/api/projects/status/1908qe4p48ff1x23?svg=true)](https://ci.appveyor.com/project/PurpleI2P/i2pd)
+* Mac OS X - [![Build Status](https://travis-ci.org/PurpleI2P/i2pd.svg?branch=openssl)](https://travis-ci.org/PurpleI2P/i2pd)
+* CentOS / Fedora / Mageia - [![Build Status](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/status_image/last_build.png)](https://copr.fedorainfracloud.org/coprs/supervillain/i2pd/package/i2pd-git/)
+* Docker image - [![Build Status](https://dockerbuildbadges.quelltext.eu/status.svg?organization=meeh&repository=i2pd)](https://hub.docker.com/r/meeh/i2pd/builds/)
 * FreeBSD
 * Android
 * iOS

Win32/DaemonWin32.cpp

@@ -50,7 +50,7 @@ namespace util
 		if (isDaemon)
 		{
 			LogPrint(eLogDebug, "Daemon: running as service");
-			I2PService service(SERVICE_NAME);
+			I2PService service((PSTR)SERVICE_NAME);
 			if (!I2PService::Run(service))
 			{
 				LogPrint(eLogError, "Daemon: Service failed to run w/err 0x%08lx\n", GetLastError());

Win32/Win32App.cpp

@@ -24,17 +24,22 @@
 #define ID_GRACEFUL_SHUTDOWN 2004
 #define ID_STOP_GRACEFUL_SHUTDOWN 2005
 #define ID_RELOAD 2006
+#define ID_ACCEPT_TRANSIT 2007
+#define ID_DECLINE_TRANSIT 2008
 
 #define ID_TRAY_ICON 2050
 #define WM_TRAYICON (WM_USER + 1)
 
 #define IDT_GRACEFUL_SHUTDOWN_TIMER 2100
 #define FRAME_UPDATE_TIMER 2101
+#define IDT_GRACEFUL_TUNNELCHECK_TIMER 2102
 
 namespace i2p
 {
 namespace win32
 {
+	static DWORD GracefulShutdownEndtime = 0;
+
 	static void ShowPopupMenu (HWND hWnd, POINT *curpos, int wDefaultItem)
 	{
 		HMENU hPopup = CreatePopupMenu();
@@ -42,11 +47,17 @@ namespace win32
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_APP, "Show app");
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_ABOUT, "&About...");
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_SEPARATOR, 0, NULL);
+		if(!i2p::context.AcceptsTunnels())
+			InsertMenu (hPopup, -1,
+				i2p::util::DaemonWin32::Instance ().isGraceful ? MF_BYPOSITION | MF_STRING | MF_GRAYED : MF_BYPOSITION | MF_STRING,
+				ID_ACCEPT_TRANSIT, "Accept &transit");
+		else
+			InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_DECLINE_TRANSIT, "Decline &transit");
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_RELOAD, "&Reload configs");
 		if (!i2p::util::DaemonWin32::Instance ().isGraceful)
 			InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_GRACEFUL_SHUTDOWN, "&Graceful shutdown");
 		else
-			InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_STOP_GRACEFUL_SHUTDOWN, "&Stop graceful shutdown");
+			InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_STOP_GRACEFUL_SHUTDOWN, "Stop &graceful shutdown");
 		InsertMenu (hPopup, -1, MF_BYPOSITION | MF_STRING, ID_EXIT, "E&xit");
 		SetMenuDefaultItem (hPopup, ID_CONSOLE, FALSE);
 		SendMessage (hWnd, WM_INITMENUPOPUP, (WPARAM)hPopup, 0);
@@ -148,7 +159,13 @@ namespace win32
 		s << "; ";
 		s << "Success Rate: " << i2p::tunnel::tunnels.GetTunnelCreationSuccessRate() << "%\n";
 		s << "Uptime: "; ShowUptime(s, i2p::context.GetUptime ());
-		s << "\n";
+		if (GracefulShutdownEndtime != 0)
+		{
+			DWORD GracefulTimeLeft = (GracefulShutdownEndtime - GetTickCount()) / 1000;
+			s << "Graceful shutdown, time left: "; ShowUptime(s, GracefulTimeLeft);
+		}
+		else
+			s << "\n";
 		s << "Inbound: " << i2p::transport::transports.GetInBandwidth() / 1024 << " KiB/s; ";
 		s << "Outbound: " << i2p::transport::transports.GetOutBandwidth() / 1024 << " KiB/s\n";
 		s << "Received: "; ShowTransfered (s, i2p::transport::transports.GetTotalReceivedBytes());
@@ -166,10 +183,13 @@ namespace win32
 
 	static LRESULT CALLBACK WndProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 	{
+		static UINT s_uTaskbarRestart;
+
 		switch (uMsg)
 		{
 			case WM_CREATE:
 			{
+				s_uTaskbarRestart = RegisterWindowMessage(TEXT("TaskbarCreated"));
 				AddTrayIcon (hWnd);
 				break;
 			}
@@ -178,6 +198,7 @@ namespace win32
 				RemoveTrayIcon (hWnd);
 				KillTimer (hWnd, FRAME_UPDATE_TIMER);
 				KillTimer (hWnd, IDT_GRACEFUL_SHUTDOWN_TIMER);
+				KillTimer (hWnd, IDT_GRACEFUL_TUNNELCHECK_TIMER);
 				PostQuitMessage (0);
 				break;
 			}
@@ -197,10 +218,28 @@ namespace win32
 						PostMessage (hWnd, WM_CLOSE, 0, 0);
 						return 0;
 					}
+					case ID_ACCEPT_TRANSIT:
+					{
+						i2p::context.SetAcceptsTunnels (true);
+						std::stringstream text;
+						text << "I2Pd now accept transit tunnels";
+						MessageBox( hWnd, TEXT(text.str ().c_str ()), TEXT("i2pd"), MB_ICONINFORMATION | MB_OK );
+						return 0;
+					}
+					case ID_DECLINE_TRANSIT:
+					{
+						i2p::context.SetAcceptsTunnels (false);
+						std::stringstream text;
+						text << "I2Pd now decline new transit tunnels";
+						MessageBox( hWnd, TEXT(text.str ().c_str ()), TEXT("i2pd"), MB_ICONINFORMATION | MB_OK );
+						return 0;
+					}
 					case ID_GRACEFUL_SHUTDOWN:
 					{
 						i2p::context.SetAcceptsTunnels (false);
 						SetTimer (hWnd, IDT_GRACEFUL_SHUTDOWN_TIMER, 10*60*1000, nullptr); // 10 minutes
+						SetTimer (hWnd, IDT_GRACEFUL_TUNNELCHECK_TIMER, 1000, nullptr); // check tunnels every second
+						GracefulShutdownEndtime = GetTickCount() + 10*60*1000;
 						i2p::util::DaemonWin32::Instance ().isGraceful = true;
 						return 0;
 					}
@@ -208,6 +247,8 @@ namespace win32
 					{
 						i2p::context.SetAcceptsTunnels (true);
 						KillTimer (hWnd, IDT_GRACEFUL_SHUTDOWN_TIMER);
+						KillTimer (hWnd, IDT_GRACEFUL_TUNNELCHECK_TIMER);
+						GracefulShutdownEndtime = 0;
 						i2p::util::DaemonWin32::Instance ().isGraceful = false;
 						return 0;
 					}
@@ -223,7 +264,7 @@ namespace win32
 					{
 						char buf[30];
 						std::string httpAddr; i2p::config::GetOption("http.address", httpAddr);
-						uint16_t	httpPort; i2p::config::GetOption("http.port", httpPort);
+						uint16_t httpPort; i2p::config::GetOption("http.port", httpPort);
 						snprintf(buf, 30, "http://%s:%d", httpAddr.c_str(), httpPort);
 						ShellExecute(NULL, "open", buf, NULL, NULL, SW_SHOWNORMAL);
 						return 0;
@@ -290,14 +331,27 @@ namespace win32
 			}
 			case WM_TIMER:
 			{
-				if (wParam == IDT_GRACEFUL_SHUTDOWN_TIMER)
+				switch(wParam)
 				{
-					PostMessage (hWnd, WM_CLOSE, 0, 0); // exit
-					return 0;
-				}
-				if (wParam == FRAME_UPDATE_TIMER)
-				{
-					InvalidateRect(hWnd, NULL, TRUE);
+					case IDT_GRACEFUL_SHUTDOWN_TIMER:
+					{
+						GracefulShutdownEndtime = 0;
+						PostMessage (hWnd, WM_CLOSE, 0, 0); // exit
+						return 0;
+					}
+					case FRAME_UPDATE_TIMER:
+					{
+						InvalidateRect(hWnd, NULL, TRUE);
+						return 0;
+					}
+					case IDT_GRACEFUL_TUNNELCHECK_TIMER:
+					{
+						if (i2p::tunnel::tunnels.CountTransitTunnels() == 0)
+							PostMessage (hWnd, WM_CLOSE, 0, 0);
+						else
+							SetTimer (hWnd, IDT_GRACEFUL_TUNNELCHECK_TIMER, 1000, nullptr);
+						return 0;
+					}
 				}
 				break;
 			}
@@ -318,6 +372,12 @@ namespace win32
 				EndPaint(hWnd, &ps);
 				break;
 			}
+			default:
+			{
+				if (uMsg == s_uTaskbarRestart)
+					AddTrayIcon (hWnd);
+				break;
+			}
 		}
 		return DefWindowProc( hWnd, uMsg, wParam, lParam);
 	}

Win32/Win32Service.cpp

@@ -297,7 +297,8 @@ void InstallService(PCSTR pszServiceName, PCSTR pszDisplayName, DWORD dwStartTyp
 		FreeHandles(schSCManager, schService);
 		return;
 	}
-	strncat(szPath, " --daemon", MAX_PATH);
+	char SvcOpt[] = " --daemon";
+	strncat(szPath, SvcOpt, strlen(SvcOpt));
 
 	// Open the local default service control manager database
 	schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_CONNECT | SC_MANAGER_CREATE_SERVICE);

Win32/installer.iss

@@ -1,5 +1,5 @@
 #define I2Pd_AppName "i2pd"
-#define I2Pd_ver "2.21.1"
+#define I2Pd_ver "2.25.0"
 #define I2Pd_Publisher "PurpleI2P"
 
 [Setup]
@@ -32,6 +32,7 @@ Source: ..\contrib\i2pd.conf; DestDir: {userappdata}\i2pd; Flags: onlyifdoesntex
 Source: ..\contrib\subscriptions.txt; DestDir: {userappdata}\i2pd; Flags: onlyifdoesntexist
 Source: ..\contrib\tunnels.conf; DestDir: {userappdata}\i2pd; Flags: onlyifdoesntexist
 Source: ..\contrib\certificates\*; DestDir: {userappdata}\i2pd\certificates; Flags: onlyifdoesntexist recursesubdirs createallsubdirs
+Source: ..\contrib\tunnels.d\*; DestDir: {userappdata}\i2pd\tunnels.d; Flags: onlyifdoesntexist recursesubdirs createallsubdirs
 
 [Icons]
 Name: {group}\I2Pd; Filename: {app}\i2pd.exe

android/.gitignore

@@ -12,7 +12,5 @@ local.properties
 build.sh
 android.iml
 build
-gradle
-gradlew
-gradlew.bat
+
 

android/AndroidManifest.xml

@@ -1,20 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="org.purplei2p.i2pd"
-    android:installLocation="auto"
-    android:versionCode="1"
-    android:versionName="2.21.1">
-
-    <uses-sdk
-        android:minSdkVersion="14"
-        android:targetSdkVersion="28" />
+    android:installLocation="auto">
 
     <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
-    <uses-permission android:name="android.permission.INTERNET" /> <!-- normal perm, per https://developer.android.com/guide/topics/permissions/normal-permissions.html -->
+    <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
     <uses-permission android:name="android.permission.READ_PHONE_STATE" />
-    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> <!-- normal perm -->
-    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" /> <!-- required in API 26+ -->
+    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
+
     <application
         android:allowBackup="true"
         android:icon="@drawable/icon"
@@ -53,5 +48,4 @@
                 android:value="org.purplei2p.i2pd.I2PDPermsAskerActivity" />
         </activity>
     </application>
-
 </manifest>

android/assets/addressbook/addresses.csv

@@ -0,0 +1,693 @@
+00.i2p,zmzpltxslembpaupg3srh4bbhv5txgh5jmms6sfj4hzsvlv3xugq
+0ipfs.i2p,cdii3ou5mve5sfxyirs6kogt4tbvivk2d6o25awbcbazjrlhjeza
+0xcc.i2p,gawouxh2sg32cluwlqsnpy3dwedvoqtfroi4evvdvm2pfv7tdadq
+1.fcp.freenet.i2p,cuxbeputgxn75ak4nr7ltp7fjktnzl5sul3wstwnsoytbbpb4ixq
+102chan.i2p,xxu3lso4h2rh6wmrxiou3ax7r7la7x6dhoepnku3jvrlwp35pefq
+1st.i2p,rduua7bhest6rwsmmyttzssfdw3p4eu6bgl3mb4hin32qo3x5zfq
+2.fcp.freenet.i2p,ndsznnipoeyapnsg3gj3yi2dzsqduxwalmujm5mzjm7e6x374tta
+333.i2p,ctvfe2fimcsdfxmzmd42brnbf7ceenwrbroyjx3wzah5eudjyyza
+55cancri.i2p,b4iqenefh2fr4xtuq6civfc6nhnia6e2yo36pf7vcgdvrwmh7xua
+adab.i2p,pxjr6f2cig6v7v7ekam3smdnkqgmgseyy5cdwrozdyejm7jknkha
+alice.i2p,iq26r2ls2qlkhbn62cvgb6a4iib7m5lkoulohdua5z6uvzlovjtq
+always.i2p,wp43sdtuxum6gxbjvyeor35r5yvgtkp3dcu7dv47lx22zeb3relq
+amazone.i2p,e6kq73lsxaeyiwpmykdbdo3uy4ppj64bl7y3viegp6mqrilqybqa
+amiga.i2p,edy2xappzjjh7bxqounevji4wd2binqkv7gft4usrkan45xhbk5q
+amobius.i2p,rj6432agdprun5baai2hj62xfhb4l75uvzl55dhj6z5zzoxv3htq
+anarchistfaq.i2p,xosberjz2geveh5dcstztq5kwew6xx2brrqaorkjf2323bjzcd3q
+animal.i2p,5iedafy32swqq4t2wcmjb4fvg3onscng7ct7wb237jkvrclaftla
+anodex.i2p,25cb5kixhxm6i6c6wequrhi65mez4duc4l5qk6ictbik3tnxlu6a
+anoncoin.i2p,nmi3loretkk4zbili32t2e5wyznwoxcsgzmd2z4ll3msgndyqpfa
+anongw.i2p,owrnciwubb3f3dctvlmnaknb6tjdxtlzvv7klocb45mmhievdjhq
+anonsfw.i2p,ir6hzi66izmvqx3usjl6br3nndkpazonlckrzt3gtltqcy5ralyq
+anonymnet.i2p,77ouyl2ane7ffgydosd4ye42g67aomtc4jrusmi76lds5qonlffa
+anonynanny.i2p,l2lnhq2dynnmf3m46tcbpcmbbn4kifjgt26go6n2hlapy4drhyja
+anonyradio.i2p,cbobsax3rhoyjbk7ii2nd2fnl5bxh3x7bbearokyxgvmudn7o5bq
+antipiracyagency.i2p,by4kcmklz7xnkai6ndfio47kts3rndm6wwleegtxghllimikdapq
+antipiratbyran.i2p,y2qbhrvuciifbszaqqwxd5t75bomp7kzdqx4yxsrkaq542t75k3a
+aosp.i2p,ly7raldsh2na2cgw5yvueyvqqjgx3vbqinecjrqdldgya76i2p2q
+arc2.i2p,rnmosuwvtftfcrk5sk7zoyhyadh2g4dhe2mif5ml7qjisgkyw2na
+archaicbinarybbs.i2p,t7o2tw36cffedgfr6kahewpkrntofnliuapji2e4rucl3os55epa
+archiv.tutorials.i2p,lldr2miowq6353fxy44pnxfk37d6yn2f6kaivzecbmvvnnf5exyq
+archive.i2p,x54d5st3dl6mwgfxj6raiekqkypo5pdvuex3n62szwju7hgefiyq
+archive.syndie.i2p,abbyu5n3mh3nj7pe3b6byldrxswvva5ttxcafsnnseidanurq3kq
+ardor-wallet.i2p,tm23k5ny3umhf6vf3kghnnwacli5zywq5wrr3xcqowbcofuyr4gq
+ardvark.i2p,jcmw2sol3hruwc6rfinonx4e23pjkukkg7lg7xt7xb2gpiyyraiq
+arf.i2p,o46lsq4u7udxg3qqlidrmpj4lb4nr7ldxmbb2x53nftndaeyxqeq
+arkan.i2p,7o5y2lyyrjx5tf6l4fyumywui7msjv5azaaheatvw5sqj7mxbuvq
+asciiwhite.i2p,itbzny5ktuenhjwjfqx3jravolhlj5wullhhr2m4qr6k2emnm5dq
+aspnet.i2p,tsb7zqru57p4q2a7cto2lko4w5cg4lieglwm6t27c44fkphqmf2a
+asylum.i2p,p45ejjw4p2q6nq3mzi6cm6ep35grtzshboidj2lojmrmic22noha
+auchan.i2p,6vxz4yp3vhjwbkmxajj7wiikxafwujig63gkhjknbq6xh4rqpm5a
+aum.i2p,ohdfneqxapfd3fwfbum4tut7z6k3rnr7rrguoxdrrfe2tln2kpbq
+awup.i2p,v6g32duzrkacnrezfbll3pza5u37h7lnukr2wbsk6rqen6prhbga
+b.i2p,272kt3gcx6wjurunzaiiwld7s5p4mpjewfubzmlcvw2vie62ckpq
+bacardi.i2p,hivhnx2v47vh234c7coi2urj5cyvbl4bu3ypjr7snklortyqeljq
+backup.i2p,kepphem42whle3rkfv26wcksmnegdbg6rdp6t3oobdkc2fmzrdkq
+badfish.i2p,f6v26gyr4eipy3a7pi2voulw5qvob6dg7zij6xpo2ywbi5tvbu6a
+badtoyz.i2p,3qz6ubtwlt2c4iasofjirkckq43u5fgkzyg7mlutcsym5gzhijna
+barry.i2p,4kyahq53ol52n23l44tefgeaxqpp3cbb632t5k3umdvqcooevdzq
+bash.i2p,s3wouoilbl3mrefxjhp4qoyujgok34e7y6vmpbu6hx4342ivqo4q
+bdl.i2p,kp6fnuulenbjm7r26pfbmjcq3u7c7kvxeajodvgr5flcnskdgi5a
+bdsm.i2p,pa7fxql5jljegg7j5tglhnnaod2sptq3gxvdn3ji6muqyhgn3poq
+betaguru.i2p,d7cduwwhrcc2voameqfkvd66u3advu4jw2p6pysgax35vq6ovriq
+beyond.i2p,uaicfqlrpjtitqbqkpfujanj5dollzfzee5glsuls67ekw6hlpoa
+bible.i2p,pypz7ca24n3lyp4tm3kvncg3ltp3gd5pgnacc6zltoeffiyyegda
+bible4u.i2p,xs6lr2g5jiaajtb3nkno2zmy34eipitrggooxb7wtey7uko7bqmq
+bigbrother.i2p,tnxiifs6uticzyg6ac4lhv2l5luwi6xra7yngocro56ive5e4jsq
+bitlox.i2p,lqw5khxcdntlv3u4vhn53upcqirplvnc4etjlmoytrzs66ytettq
+bittorrent.i2p,pgax2vz572i4zsp6u6paox5xubmjrkqohq6g4hvlp6ruzzy56l5q
+bk1k.i2p,nlyegmtyfffo5jfgg5h4dxxnlmqko2g36gpaye5a7vd3is35xxfq
+bl.i2p,e73d6uhnfbylza6wqkhxejmqeyfb7thkzw35gn5ojmna64jzyk2a
+black.i2p,sjwueu62qpe6dtv5b322k3f23fl4uz3w6qe6wcrwauiwpnymypfq
+blackbox.i2p,7josyf7zjieoib3ovmr5a4dh5w64kmfh45lv5h436eljtgfegtqa
+blackexchange.i2p,ztgr5kghkyn43fhhkuycroxgfti6cojo3vg4wdd3usqonyvrla5q
+blog.curiosity.i2p,yiz6jec5k7ccxdgnh7msqa4ze52bqqmf6rpq6bqdyojra2erd4ta
+blog.polecat.i2p,orlccceubewvxo3fbdyydq6e4uuidbs4xd5u2gyqbculnowo3ehq
+blog.tinlans.i2p,ylkch2nkrwehakx4z6wiyjbeqwlgasknukdkex6r6yq4xusrjnda
+bluebeam.i2p,lvxp3cbcfwtol57d5pmrsck32t7ndutlxubjb4smaf32bynhlk6a
+blueheron.i2p,anfb5jrhixjmvkyxctqwkezqer7dbob22wge2bh6wsewbhgnftfa
+bnc.i2p,fr4zbcygmx2vdct6nrabakfys4b4derm6jqu2ovppkgqillvlqxa
+bob.i2p,i76m7dwm5hnapljendbie6fc5y3mjlkdlduo3tvbwiwmvhxbpyaa
+bobcat.i2p,ftuukjtcquuvppt726w37boit7gp5hf2yxwfop35prx3grzzzxlq
+bobthebuilder.i2p,qlahgthqhr4uojkkwahnper2cl3ro5f5gtzy5t4lzapbzo4osy6q
+boerse.i2p,7633w56hd53sesr6b532r5qlbdnvyl5bnvama6ign6xryaxol4rq
+bofh.i2p,auvuinzogu6gc4pwsgbjijuszxgcjygciu2wy53pfz7mo5nfpc5a
+boing.i2p,bgsq33bh74j66hn4oh7oovlvuhhdyw22lq2qi2fnv3jyh2ryap3a
+books.manveru.i2p,eb2tisc2vr5jvjqrixrozcujiucwxg4m722stxwho5666ipl67zq
+bote.i2p,bhjhc3lsdqzoyhxwzyrd63kvyg4br6n2337d74blyintae66mr2a
+bozo.i2p,7a2d23h6htprhzrol36vgwgklsbqrnuya4tbaaaspmaeaodt57iq
+brittanyworld.i2p,e76umhhic3474sdxiuax25ixyfg7y3z7oojj4fmxvhgv3ruet6aa
+bt.i2p,uhkuu54pg47zey76h45tnvsdtpkf5bthbtrjgnaloi5m54h4hlaq
+bugfuzz.i2p,ubszn4gsf22vga67rvzzlg4qj2bfcq6o52fmxz46xruawqm6z7rq
+burntout.i2p,lkep3fd7tjvxrs25crr2c3jy7xm4s7bqiua5r327zgpw37sgyerq
+bytepay.i2p,7amc4ztwkzu3cgsaaaw3223ohuihn5hlsqc6gpf2rxdyptdkyugq
+ca.i2pd.i2p,u5safmawcxj5vlrdtqrsqbsndkr5cfenpicgg5euu4xqm73yicba
+cases.i2p,kmpmk2fmineaiwublteqlifg4fkmewnhmxqlcgg7qwecz6daj43a
+cathugger.i2p,vq43xjjcnejqpzfprws5qzrea2siieshu4tglpdepql2w3w3bpba
+cbs.i2p,u3lp7wazvq6opodzwjg5sc5w5kwxehmxd4wcdpt4s4j2k4dx4apq
+cerapadus.i2p,zroed2cxga5zeuu6rcvmp2yfi77nzduw7yhdplbeuqkuyxwbrzaq
+cerebrum.i2p,u5gtsfn267udwfh2uq35jiabkufifvcbgv456zz34cydutsiw2eq
+cgan.i2p,43z65gdr52xe3fxmkumwp3dzhedu4tu4rdtzr24hz5b4awcpfbqa
+chat.i2p,ollpwnp6yidc3obbb3famgt6rw5jg5w3k3a6z7hhaegj6gcohiuq
+chess.fillament.i2p,tv6wbanei647yf5bie4dhg2wmybkjurezlpdfwftc5ajqlfswwya
+chess.i2p,sbnoqznp5yzxals3vs6nzyqaj2fetvonys4e3b3x4ktmfeus54sa
+china.i2p,wit6f2zx6dtuqqze6nhbykrds3idppfirxvhf2f7ydqoqf4xdzeq
+chitanka.i2p,u4s3jneepk3akoez46kqiwikoezi6zyj2ibjkjyi4uuvsbcojzba
+ciaran.i2p,2r3645eete6xwbfu62ogonudcrcgqq25sbnij5v4geru74yrscna
+ciphercraft.i2p,7s5pkqbpbfdkxtwuu2e2iwstbikyewvvscy76lij4x5pfbygbjca
+closedshop.i2p,6fg67mbw2okopzyonsck4bsy3cy7l2fame56uiysr2cezhjhzdbq
+cneal.i2p,g4za73ffigv3ht4jnhzy4dae52djjq7lqcguqsfg3w5cxzqm7nba
+co.i2p,3mvo5eifcwplcsoubtvqkzdahwo2sdhfygfdde7lj2glybk4q22q
+codevoid.i2p,2mukrqwtinsw27uoejtrz74zxtilyhnnfdyso7j3yo6vaa6nzlaa
+colombo-bt.i2p,cyr75zgiu2uuzap5zeosforbgvpfbqos2g6spe4qfulvzpyhnzxa
+complication.i2p,x2av6rwj5e5tp64yhdmifdyleo4wblw4ncrrcrabxwscuevpdv7a
+comwiz.i2p,6p7zqfotzbd66etl5xqy3p6xvr5ijucru3am2xqa7wmnj6vf3djq
+confessions.i2p,lh5vitshufxpmyr44zgyymebo5elc42eda7pxvn5lmtes47c7rxa
+connelly.i2p,5yrris3nigb3fapvzrlrcaew6cdmzdknzvgrc7y2jpn3ntqurweq
+costeira.i2p,abhty5xlmnyab2kqdxcd56352kcescxoux3p6dbqdrghggyygnxa
+cowsay.i2p,q4ghzfpah4ffvm3bhc6fdkrznk5f6jxfjm2daytlparznai5d54q
+crstrack.i2p,mm3zx3besctrx6peq5wzzueil237jdgscuvn5ugwilxrwzyuajja
+crypthost.i2p,zywhrxtnkjc3rxxvxbocom7ml4hnutomgtuvqrwyf3rhuupnq5ca
+crypto.i2p,vffax5jzewwv6pfim55hvhqyynafkygdalvzoqd74lkib3hla3ta
+cryptostorm.i2p,mlu7mswyirjf53usqq7gyamvqc6rqihezgdbevov3dkxmkfo57aq
+curiosity.i2p,eomeif4xrykxlzhawc3icdilje5iammijos6tyizwhrfh3j7qdvq
+cvs.i2p,yd6k7dzpsa2tnlzx4q7xqkmd4qsjk5xk5hbiqpiarwbeyvxaxgba
+danwin1210.i2p,eoqdf4no5dxn4tw5n256kkd4lzz3uk4p47np4mepsykpsdzrnvba
+darknetnow.i2p,gkx3o5fy7mv7l4psqqnhp35d5iun7rt3soci6ylf3rgb7a5a655q
+darknut.i2p,2mk37gtvpk2i63o6vl7vna4dr46rqexxetupgn5efuuins7x3qya
+darkrealm.i2p,gbh4eerxdsph7etxsxznfhvmuiz54trlkenakqep343u4xcoekzq
+darrob.i2p,hz2xhtpeo6btgiwi6od4qj2575ml5o2246rd5orarruyjhd63zja
+dashninja.i2p,dzjzoefy7fx57h5xkdknikvfv3ckbxu2bx5wryn6taud343g2jma
+davidkra.i2p,nq7ca2egm563nir3xegfv52ocgmxstpz56droji4jgnzfoosk45a
+dcherukhin.i2p,qa4boq364ndjdgow4kadycr5vvch7hofzblcqangh3nobzvyew7a
+de-ebook-archiv.i2p,6mhurvyn6b6j6xa4a3wpuz7ovpsejbuncvyl6rnhepasfgdgmn7q
+de-ebooks.i2p,epqdyuuhtydkg5muwwq47n7jvr66pq4jheve7ky5euls6klzwuyq
+dead.i2p,7ko27dxvicr2sezvykkrfiktlghx5y5onup3f2bas5ipocy6ibvq
+deadgod.i2p,63bveyh7wefb44hlia7wtxxb3jal3r67thd6jekmwrtq4ulaaksa
+debian-multimedia.i2p,cylxxz2y35x6cvyrl57wu3brckurtexatyi2i5awz3eeamqwjspq
+decadence.i2p,pw5ys7k2grjb5myydpv6ohikm6nna7y6u2dro44i4rucgulu3ikq
+deepwebradio.i2p,2nait2gdeozkgf6gyhzjfij6mwldwkxxwcvtxobb4b5q5cvtm5la
+def2.i2p,cepsrw27kdegwo7ihzouwvgcvw2obswwjs23ollgj7hk2yrce3da
+def3.i2p,xbf3ots2purqun7orn72ypkpjmrzbfrkj3u654zfe77hbrbow6la
+def4.i2p,yyzdq4fwwmnlojp23drfpfqujln2vcjozjrfzfeuriuqzdq7g4mq
+deploy.i2p,ujzspsqkbz5z272eozsrdv4ukl434h3fuliwrfxxnab74jmd7e6a
+det.i2p,y6d4fs3rpqrctuv77ltfajf5m4tl4kzcu7rtwhxgiohylfxxow4q
+detonate.i2p,nykapdsjjswdkjov7x3jzslhg4ig3cpkhmshxqzijuhbisx25jja
+dev.i2p,cfscxpnm3w3qxnlv3oikewxm4qrot4u6dwp52ec2iuo6m7xb5mna
+di.i2p,3irnooyt5spqiem66upksabez4f3yyrvvjwkmwyzlbealg64mgxa
+diasporg.i2p,edvccoobtjukjgw2os5eetywanbb2mpag5aknkrpia5qx2koksua
+diftracker.i2p,m4mer767ipj7mq6l7gdrmrq37yzvsj3kzezd7n7nsfuctntjseka
+dm.i2p,heysbdivyeugdbggpscco5wje3dsvwgcpp5ot4sopooebnmiqvtq
+docs.i2p,ato242wckzs4eaawlr5matzxudt6t5enw73e4p6r3wajwkxsm3za
+docs.i2p2.i2p,las5l45ulwwf5i72nht6vk33sfkidcpr2okpf5b6mvgbk3a2ujna
+downloads.legion.i2p,xpmxdpuuptlekyhs7mmdwkvry7h2jbvpqpzsijqe3a5ctxgodesq
+dox.i2p,vk27cjdrtegfdnrjqutebgxkpyrfj42trdfbsupl5zn2kp34wb3a
+dropbox.i2p,omax2s5n4mzvymidpuxp2yqknf23asvu54uon6cxl6gdrlblnuiq
+duck.i2p,3u2mqm3mvcyc27yliky3xnr4khpgfd4eeadhwwjneaqhj25a65ua
+dumpteam.i2p,2fwlpuouwxlk2nj4xklvm43m52tqyhqnu2fcfiuv7clvf3wd5nwa
+dust.i2p,u6xgh6zhhhvdvefbqksfljfs3nyjvqcrmyamp5bryz5f4injmniq
+dvdr-core.i2p,fg6l2ej6qrk5rkyfzdptxx5xkcm4kvdla4gg2tun7z7fm5cxxw5q
+dyad.i2p,7n2ljphvp2dep7imoujvydxp4myuxfld3axwfgcny5xc5x6jj6ka
+e-reading.i2p,z54dnry6rxtmzcg7e6y3qtsig5yf5fmehuvakcg5wnuahx3iafuq
+easygpg2.i2p,bwxry5alzx5ihgrd3glah4eotddblzhalvpheppnw4zcajzqoora
+eboochka.i2p,ou7g64d5in4sugv5fgmmzwnunuw5hloixio7puthmrvrkwrp6egq
+ebooks.i2p,bvpy6xf6ivyws6mshhqmdmr36pruh2hvoceznzeag52mpu647nzq
+echelon.i2p,afvtspvugtd32rsalxircjglh3fhcjzk7gxrm3gw4s2yrpvzk6wq
+echo.baffled.i2p,bfr3lyicr72psxvt2umqfb562rtex66w6q3hi3tktzkoyane2iha
+eco.i2p,2dq2o5h6c6a674qaduipp55mid5iktumjbswuwmpsrcqaeowdvwa
+eddysblog.i2p,ieac3ub4g5sy3wuhsbqfembnpp7f3a37xgcx537ytzsmgfzexnbq
+edge.i2p,aknsl5wmzjmwyc4wxutfdwy2w5vgd3vcx52mqx647hcgvyurmqta
+eepdot.i2p,t6edyotbxmxvy56fofdvmragvsj65te2gkhvzv5qnblicutyvgoa
+eepshare-project.i2p,sn26kom4qyuzouppv4lwnk6bqabdydcegtrilybviibwiq2s4nfq
+eepsites.i2p,isskhl4ak3g7qevrarlmblddgr4ugnn3ckalwpjcvxafk5rjgypq
+elf.i2p,duz6ey27ohpcp3llylklzdb63lylolzcixad6bh7rt5tkq42qqpa
+elgoog.i2p,z6hrgkg2ajmuzlrddjlffrgctx7x7fkipm6c4hdzmohyn5wkr4ya
+ems.i2p,734zw4jsegdf55zl3z6s22tqkbxcghu4qvk6q2wevjfmx7xhbn6q
+epub-eepsite.i2p,yxvzjwd4vin6pnjauekdufh7lxaijal3kqe2bhakuf47g5zkb6xa
+es.hiddenanswers.i2p,cw7ge5ey4ekp5iep2kaw6j54boebtqytpcbnvio2bfpccd5ejzfa
+eschaton.i2p,xe75f5hzmrq6rkhsef2geslmi2v2yfngdiysmlmxvh7b4pyyjk4q
+esuwiki.i2p,cwxuiwcpymb72vm5vluba66ofhugyf5qeevvwo7e2fqrxl243coa
+evil.i2p,ljfl7cujtmxfffcydq77pgkqfxhgbikbc6qxjgkvcpn4wzd73a4a
+evilchat.i2p,s5b7l3hzs3ea535vqc5qe2ufnutyxzd63ke5hdvnhz24ltp3pjla
+evilgit.i2p,mx5vyoqhg77yuhthwznsxrepjsemq4uwitx4lxdzetk36ryl5rla
+exch.i2p,vsyjsbbf2pyggtilpqwqnhgcc7mymjxblamarmxe5hmbxaxvcndq
+exchange.gostcoin.i2p,n33uthzyqsbozl2qh5zii2bq2nnvbz6g6c4ew3mwp6uukk6u7wva
+exchanged.i2p,ylmulgfskl6uiwac4hw4ecwqdzd3oxtwaemzj25zc6k5q4rkexra
+exitpoint.i2p,5zmjurq3enudcenegnxu5hqmfmayz4lxvnik6ulch4xssa2ithta
+exotrack.i2p,blbgywsjubw3d2zih2giokakhe3o2cko7jtte4risb3hohbcoyva
+explorer.gostcoin.i2p,ktoacmumifddtqdw6ewns3szxths2hq2fat2o7xnwq4y3auga3za
+fa.i2p,6n6p3aj6xqhevfojj36dixwbl4reopkhymxmatz7ai5sroh75rka
+falafel.i2p,djpn5cbcgmpumwcriuzqistbae66txca2j4apjd2xesfgb7r5zmq
+false.i2p,77mpz4z6s4eenjexleclqb36uxvqjtztqikjfqa4sovojh6gwwha
+false2.i2p,j5i2tfumh3ti5sdtafwzzbpupmlcbg5drysfay2kxbdpsaljrosa
+fantasy-worlds.i2p,62a4xcyyhvfrcq2bkckb7ia37fmrssrgx467tlkxp32fjpq577wq
+fcp.entropy.i2p,de6h6ti5z3mcbdcwucu45vplikqyoeddsu3rqy7s2zy5i47j3peq
+fcp.i2p,ndsznnipoeyapnsg3gj3yi2dzsqduxwalmujm5mzjm7e6x374tta
+fedo.i2p,zoamh7e3k2vf2g6pfy46ho4taujk2f4mxqqsv3gbg554fxbvyfqq
+feedspace.i2p,kvtnpx4jylgeyojfhix4x462sqn5uork3roml4sfzotkxx62i4wa
+ferret.i2p,kkqie5qmja7bkf3iad4zxhrdarwj7kbrx2m3etn5kmba3shgwj4q
+fido.r4sas.i2p,i522xmu63hfbaw2k54cthffcoqmeao6urjyq3jg4hddf6wf57p3q
+fifi4all.i2p,v2stz6bsot7sbjzix5tky5dm5ej7gidmjnkvzqjju5xvz5sz6fwa
+files.hypercubus.i2p,qfglq25jwieszgyt7muz6dambzqsrmjhhszygzzx2ttubc77sffa
+files.i2p,w2sy74xe6oqnuz6sfh5fhkzu7boholgzd5f3anhj47srxwpj2vaa
+files.nickster.i2p,yil7dp2hg5pbqyovsiwb2ig6zjsq4tize3fnwemmqdrr6j5itdtq
+fillament.i2p,udj2kiino4cylstsj4edpz2jsls77e32jvffn2a4knjn4222s2oq
+firerabbit.i2p,awqh7n3wskzl3epyvkdwgarmfybsncm7vye6psg4tpkmplh3mj2q
+flibs.i2p,ocdm33e3h5tdml3yyholj4objdwsrhlugfqjnqgdkslmgdzb6b3a
+flibusta.i2p,zmw2cyw2vj7f6obx3msmdvdepdhnw2ctc4okza2zjxlukkdfckhq
+flipkick.i2p,aso5rzc4ym6g2bcbxjy2n573bmbenkjawva2jg7fhyqhwtwgu6lq
+flock.i2p,hflpi33ko5bi2655lx6bpzstdnjqgzrz23inovqjx5zpntyzyb3q
+floureszination.i2p,vitpvfb25sikuk3crgcvtcdi7hajxnnq2t6weay3no7ulur2wwwq
+forum.fr.i2p,onvelkowkbuwrglhw2cnocggvbdudi75sll5mfirde3cbopjqivq
+forum.i2p,33pebl3dijgihcdxxuxm27m3m4rgldi5didiqmjqjtg4q6fla6ya
+forum.rus.i2p,zd37rfivydhkiyvau27qxwzmerlzbqtthsa5ohtcww62zrygjaga
+forums.i2p,tmlxlzag7lmkgwf6g2msygby3qttxvm6ixlfkq6s6cpgwubp33ya
+fproxy.i2p,keknios3gm6kh6onez6x2bm2t7stv54oanvltuagphgdfjdw5e2a
+fproxy.tino.i2p,fpaituvuvyxp6xdjnv3i27alnj2ifzcvqdweqb6yj5uybotzvyha
+fproxy2.i2p,r4lgw4wmza25g7j5fjocjbwzwthfg4ymcbm52ref3hh2hogskcza
+fr.i2p,ia6xlsnygorllplx2owokahtrkospukvsmysz7i7bzw3vejc4hdq
+freeciv.nightblade.i2p,rluupsgxbvw5t7jno3apyzlrdirjkljft4gdoy4mxxh4fmd4xzta
+freedomarchives.i2p,4ck6oliqfjz3sccpya2q4rh5xkj5xdxkqs76ieml37537nfhwd2q
+freedomforum.i2p,abzmusjcm3p3llj4z7b5kkkexpsxcnsylikokouk5txfim3evqua
+freefallheavens.i2p,giqnkltyugfmsb4ot5ywpvf3ievuswfurk6bjie4hxi2hh2axajq
+freenet.eco.i2p,2kf7ovb35ztqkrurkm76y34jfpwi6go25xj7peznnmxrl7aieo7a
+freshcoffee.i2p,sscuukigp6alcb3ylhkcugoejjfw5jqgtqbsbafw4hyku42lgc3q
+frooze.i2p,m6ofa5dmyse4b4jg7kfmluuuc4pw5jqu6zh4qnboin4vropxepja
+frosk.i2p,63naq7zb3hvbcppj2ng7qwf6ztusp4kwpyrzbt4ptafcdbu4pfjq
+frostmirror.i2p,ycz3imuz6yte2zhlapmsm3bsvc46senvc2jxzwsbfdct5c72qulq
+fs.i2p,ah4r4vzunzfa67atljlbrdgtg3zak5esh7ablpm6xno6fhqij35q
+fsoc.i2p,vaqc4jm2trq7lx2kkglve7rkzxhhaptcwwl32uicx4ehf5k3hx6q
+galen.i2p,4weo7zkxscxbcouiqx4mlnb35uwl2lromikzk33er3fljktyvi2q
+gaming.i2p,rfxberwod6st2zc6gblqswxjl57nucgc3xrbwss43pe3dvqqzj4q
+garden.i2p,qkk2dqx6nocycgt3vinsoc76cxkb4jreybcpgz3fcps2dbe4rowq
+gaytorrents.i2p,fnggbr2t2aulr6rvlo4aehotx6wecfob7u3k2nxsnvtm4xex424q
+general.i2p,5fklrsztdqpl3hkkwwrrw2rdowrq7wwhwb6h7avvk4fhansp4vvq
+gernika.i2p,wpzqv3lxpecdsvcaadvbmrhhwlc7kp4n2mijdv2qjw3zr3ye232a
+ginnegappen.i2p,kbhfkzx5jeqhfgss4xixnf4cb3jpuo432l3hxc32feelcmnr3yja
+git-ssh.crypthost.i2p,llcp7jvz3hgtt3yzkdgjolwobisgvhv4xqa5a4oddejllyozur5a
+git.crypthost.i2p,7frihhdcisdcyrzdbax6jzvx5gvtgwsm7m6kcem2tlaw4jtahbqa
+git.psi.i2p,em763732l4b7b7zhaolctpt6wewwr7zw3nsxfchr6qmceizzmgpa
+git.repo.i2p,vsd2vtgtuua2vwqsal2mpmxm2b2cpn3qzmqjoeumrrw2p4aot7uq
+git.volatile.i2p,gwqdodo2stgwgwusekxpkh3hbtph5jjc3kovmov2e2fbfdxg3woq
+glog.i2p,ciaqmqmd2wnws3hcpyboqymauyz4dbwmkb3gm2eckklgvdca4rgq
+gloinsblog.i2p,zqazjq6ttjtbf2psrtmmjthjeuxaubi742ujrk2eptcsaoam4k7a
+go.i2p,ll6q4lsirhwkln4dqxwqkh2xu4mu3jiy546b4uhe4fypyb4vvx2q
+gonzo2000.i2p,nogsv7okydhbvrewv6hb4xdojncvhkusnyib4lglluc4uw67a37a
+google.i2p,4p3ajq4cotnflmuv7fhef3ptop5qpm3uzzgp5bahxif3nc4w3ffq
+gostcoin.i2p,4gzcllfxktrqzv3uys5k4vgkzbth4gqednwhfpt755yivm3davuq
+gott.i2p,dqows7dpftxxl2bd4bgcpkck6knrysdun6mtqy4ms5dxobbvg3ja
+greenflog.i2p,zny5ftmhzxulxzyczmeat53qjnue2xtqv2clisc7dg76lwfceecq
+gstbtc.i2p,n33uthzyqsbozl2qh5zii2bq2nnvbz6g6c4ew3mwp6uukk6u7wva
+gusion.i2p,4qyfdhizjixe2psu7wcvqufix5wlijocehpb2futurcmlhlktrta
+guttersnipe.i2p,kizkhzes2bzp45widihremo6geepfk7dl6juourkvzuvlc6y3spq
+hack8.i2p,un63fgjgi3auvi7zscznwqfol7ka4johgthvqf635mg3fefsjgpq
+hagen.i2p,e2t6rqd2ysbvs53t5nnaf7drllkgk6kfriq3lfuz6mip6xfg644q
+heisenberg.i2p,jz4quyw7zt63tmw65jfp76fblwadjss4iyi4puqdg3dye7oaqlvq
+heligoland.i2p,gzrjm62ektpqjfsem3r3kwvg6zpjvvhvpjvwfxkm2ay4zu7sp6oq
+hidden.i2p,iqodhhqo473qv5gwhjcs2bsrbhlqtpzgpnuumpastfiyhuwb2kyq
+hiddenanswers.i2p,kj2kbzt27naifij4ki6bklsa2qfewxnkzbkgvximr4ecm7y4ojdq
+hiddenbooru.i2p,zma5du344hy2ip5xcu6xmt4c7dgibnlv5jm4c2fre5nxv44sln3q
+hiddenchan.i2p,6y4tltjdgqwfdcz6tqwc7dxhhuradop2vejatisu64nwjzh5tuwa
+hiddengate.i2p,rvblcu54jvkkfffp3fobhunsvpgfc6546crcgzielzwe2s5m5hbq
+home.duck.i2p,jsh7yfvm2t5urdcnmfzdy4n6vegqskdtlwem53chgxli4ipfmuma
+hopekiller.i2p,kcaelbgsvrkiwpx36b4wxofebrl3njx7rgm5amzfmqwbomt44cxa
+hotline.i2p,6cczi27iuxkm3aivazaemzltdqgh42ljzurqp43uclbz2lid2uqq
+hq.postman.i2p,27ivgyi2xhbwjyqmnx3ufjvc2slg6mv7767hxct74cfwzksjemaq
+http.entropy.i2p,ytu7kz5bdoc26nkpw2hajwt3q7n5rcbg2eokyefhmkxmmslimbdq
+human.i2p,nrtcelq3humyfvoxmzmngpka6tmyifweouku5mbi5av4lc43hzaa
+i2host.i2p,awdf3nnmxxup5q2i6dobhozgcbir7fxpccejwruqcde2ptld443q
+i2jump.i2p,633kqgmwzzu6vhkevwvbf2pfyejt3gkes34i6upa4og57fgdfcxa
+i2p-bt.postman.i2p,jeudwnx7mekjcowpqo6xpkwn7263c57y5piurrjrdzinjziu4fla
+i2p-epub-eepsite.i2p,yxvzjwd4vin6pnjauekdufh7lxaijal3kqe2bhakuf47g5zkb6xa
+i2p-javadocs.i2p,icgmr6hhjudl4yxhtuq4pxvss2pzypwddzowajgs5rdz6f55novq
+i2p-projekt.i2p,udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna
+i2pbote.i2p,tjgidoycrw6s3guetge3kvrvynppqjmvqsosmtbmgqasa6vmsf6a
+i2pbuggenie.i2p,bioq5jbcnfopqwvk7qssaxcl7avzeta6mu72jmxjeowflpcrhf6q
+i2pchan.i2p,tduxyvfs7fzi26znvph3mu2d2ewaess7emomfci22wvownajphuq
+i2pd.i2p,4bpcp4fmvyr46vb4kqjvtxlst6puz4r3dld24umooiy5mesxzspa
+i2pdocs.str4d.i2p,yfvbtrhjac3jutdsqzugog6mbz3jtyhpwovrt2mqc5mzv534y7cq
+i2peek-a-boo.i2p,qgv64klyy4tgk4ranaznet5sjgi7ccsrawtjx3j5tvekvvfl67aa
+i2pforum.i2p,tmipbl5d7ctnz3cib4yd2yivlrssrtpmuuzyqdpqkelzmnqllhda
+i2pjump.i2p,2mwcgdjvfvd3xwumzqzqntual3l57h3zo7lwdmkjboeraudpkyka
+i2plugins.i2p,bb63kmnmbpitsdu45ez54kmogvvljn3yudksurcxiyq7dn5abt7a
+i2pmetrics.i2p,v65p4czypwxrn35zlrfkar2w77vr42acd7gbszegsrqq4u7sip5a
+i2pnews.i2p,tc73n4kivdroccekirco7rhgxdg5f3cjvbaapabupeyzrqwv5guq
+i2podisy.i2p,3c2jzypzjpxuq2ncr3wn3swn5d4isxlulqgccb6oq5f6zylcrvcq
+i2push.i2p,mabdiml4busx53hjh4el5wlyn4go5mgji2dxsfyelagi4v5mzjxq
+i2pwiki.i2p,nrbnshsndzb6homcipymkkngngw4s6twediqottzqdfyvrvjw3pq
+iamevil.i2p,au7jhslyt4cxkjp365bvqvend3hhykrrhbohtjqlgoqrlijbezja
+icu812.i2p,bxgqwfsnr3bgnr6adn62anjcin5nuthqglotb3wn3dgynsfofeva
+id3nt.i2p,ufuqdzsxltiz224vq5gnuslt3a3t72dhy5kq6i2xway53m6pzv6q
+identiguy.i2p,3mzmrus2oron5fxptw7hw2puho3bnqmw2hqy7nw64dsrrjwdilva
+ilcosmista.i2p,6u2rfuq3cyeb7ytjzjxgbfa73ipzpzen5wx3tihyast2f2oeo24q
+ilita.i2p,isxls447iuumsb35pq5r3di6xrxr2igugvshqwhi5hj5gvhwvqba
+illuminati.i2p,syi6jakreatlm2z22u76izyqvbm4yi4yj7hr7jb63lgru5yhwwla
+imhotep.i2p,qegmmhy52bdes2wqot4kfyqyg7xnxm5jzbafdb42rfoafadj2q7a
+in.i2p,r5vbv2akbp6txy5amkftia757klgdy44s6cglqhmstpg65xycyjq
+infosecurity.i2p,v3gkh5kqzawn2l3uzhw6xnszsh6w3nztjmlwil7p4kyrwrsm2dba
+infoserver.i2p,jd3agbakybnhfvkeoxrx7t33iln6suzomv3kxkxf77j7rkonch6q
+inproxy.tino.i2p,ex5yf6eqqmjkrzxnkn6cgvefgne24qxsskqnpmarmajoit43pgma
+inr.i2p,joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq
+instantexchange.i2p,5wiyndm44bysev22kxvczxt37p6o6qroiqykytrvn2yzi55aqfxq
+investigaciones.i2p,n7hqd4asxrdwf3zwo7rzv27y2qkcfmakmz6mjar6aw6hlc4c7mha
+invisible-internet.i2p,jnpykdpp46zenz4p64eb3opadl5g42dls3rurk2cvq6a3g3rvbvq
+io.i2p,tx22i6crnorzuti3x6va4mijsbhoqswy2cfdxjbvprgsq4eerg7q
+irc.00.i2p,bvcja52pppgfspp2ueuipoysjnvvoyblz2h6smpxcmanjquogirq
+irc.arcturus.i2p,5nywlbn35p2nwsymwpfmicu6fxono6g64vwusxbsvmm2qwz6vupq
+irc.baffled.i2p,5zmtoopscym6qagkvpgyn7jnkp6dwnfai745xevkxlou77c2fsjq
+irc.carambar.i2p,hxzbpivxqxy6nuae4t6fnkhcgnhs4c72vt6mmsqfmfhrkn2ca6gq
+irc.cerapadus.i2p,e4ckznxcxvgyikzjmjsu72i2dbj2d76ogexyukklbjvpcnhp6zzq
+irc.dg.i2p,fvp3pkcw4uvijqabwtekcdilklp73gyasuek67wdcs2mucep4caq
+irc.duck.i2p,chdpmm4gxffyn24xx5dhxvfd5httu42i5gtoe6cctjlsf4mbofeq
+irc.echelon.i2p,ez2czsvej5p3z5bquue5q3thujcodfze7ptybctqhnqc7hms5uzq
+irc.freshcoffee.i2p,ubiu2ehtfnrleemgpzsqkahwnvzuaifqa3u4wmaz5maaisd5ycfa
+irc.i2p,l3ohmm4ccxvyuxuajeaddiptci5lsrnxtvtyq7iohphrt3oj2evq
+irc.ilita.i2p,5xeoyfvtddmo5k3kxzv7b3d5risil6333ntqrr3yvx3yubz5tk3a
+irc.ircbnc.i2p,4rqcsqd7xif6r4v55blqvmqu5er6due4eyene3mjorfkts4o3rxa
+irc.killyourtv.i2p,wre4majmg2vnbi6id27et7yw6lnpf56wkbm6ftnlwpvxnktq73hq
+irc.nickster.i2p,dhq3fhd5scw3jqhj5ge7kqfpprfolcgxfjbaw24obohaiqjtdu7a
+irc.orz.i2p,7gifacog4aoons3syybojbbnyqqaaqijhngrehn2xlq3eucuyjcq
+irc.postman.i2p,mpvr7qmek2yz2ekegp5rur573z7e77vp3xqt2lfbco5i6nkfppcq
+irc.r4sas.i2p,hodhusp73gltozgrnianlbploon3rrvhrzfn5mf2g46o7aaau5la
+ircssl.cerapadus.i2p,4x2i745i4w52ss3he2kse6tzwt64pr62yvrcb72lgvrb63fup6ea
+irongeeks.i2p,ecduxoion5uc5hnvzjxff6iiwhdwph6gse3dknyvlo7e6gaeho7a
+iscofsi.i2p,enjgdxs4um2dmhdb2ajff2egrdijkjji3g47m6unb74swbrqsddq
+isotoxin.i2p,wue3ycaccf4texikza3fh6p5yrmtgnooisuypnepo5mo67lmpcqq
+itemname.i2p,o35ut7hgywy35okvgkjkv3ufzv2ejv4luap4oytwbyy2jqy6u4vq
+ivorytower.i2p,fpwrfvidfexsz7dspofkwtkmmizm7lyralfz5kvykffk7gubvxsq
+j.i2p,kjxvohlsf5sdrzxzfcrmvquccnoevi6ytbl63mstsru5wt2dx3ea
+jabber-2.i2p,pvnmzgemetkwcuvt45omgowmeznwk5xw3nc3ygeoz7yekqxy57na
+jabber.duck.i2p,rhdzvvzraqzzm67zpyegb7knpfrjeffitixqzeyymdoz56uh2rtq
+jake.i2p,v2axvy6pqefnla7gun5fmqs4lqe4xfyqovgzcundhxrpcdvfd7cq
+jar.i2p,2fthkmujup3xiiu3yple24n6g4emzdiiimbuqwvpdddtsr3c4nrq
+jazzy.i2p,ha5c3zafwkt6mwqwjcf4oqwvbwz473652ljjadiwrj4gfkfkjofa
+jdot.i2p,kw4jr5qw4bhnj33avkwankjdh3zi7wtahlmgkjwvsv2isskkzgpq
+jhor.i2p,c6rnm7oemydhuwzmhwwwxphkzanez5rnn7fkcs3lpgu6gkgtssoa
+jikx.i2p,aazr55itvyns4lwppvx5njyx5tjdwemw4w6jbmpegdunznod2ieq
+jisko.i2p,jxgfvr663uhr6m65hrgkscshysfshkq32ywdubc4ed7zda3e2pca
+jmg.i2p,oglpnq7zungdukmk6gk5fzj5jp6wibuoihqgks453wztrwos4ggq
+jnymo.i2p,nbfplxgykyfutyadlfko2rmizdsxox2pee2ahboj5mju4s3putda
+jrandom.dev.i2p,htynimemonyzqmn76gworxyfkmqtsa7zcprbrd3i5cxqqm75tuzq
+jrandom.i2p,dqows7dpftxxl2bd4bgcpkck6knrysdun6mtqy4ms5dxobbvg3ja
+jrrecology.i2p,qxi24gpbum3w3kesuxvheyu3p5u5o6tuvoypaolub2gnvbld57xq
+jwebcache.i2p,xdffxnxtjd6ji2zig3cgva7igvl2tiapyjoc7ylbzwqhxudbmvfa
+k1773r.i2p,zam7u6vslhemddz347uusuzjdk5wma4h5hcmcqlng4ybbpdbjhnq
+kaji.i2p,z5ic7gvm2k4doczphtrnrspl2w5sfbss2de4z3ihjijhtjw67ydq
+kaji2.i2p,4lscgc6napekfx7ay5fdcjofeja4fnl7tqcd3fek63t4saavur2a
+keys.echelon.i2p,mwfpkdmjur5ytq4og36ym3ychinv36b2a57f4rmgqmtrwepq3fva
+keys.i2p,6qv4x7ltaxckd4vbay5s4ntqqflq4efk6oke2d5yzicqrmk443ba
+keyserver.sigterm.i2p,isoxvnflrdn7cm76yjlfg5tbcugoito2hur7eidbqmo33xmwz5ga
+killyourtv.i2p,aululz24ugumppq56jsaw3d7mkbmcgo7dl2lgeanvpniyk2cbrda
+knijka.i2p,knjkodsakcxihwk5w5new76hibywia5zqcgoqgjttzsausnd22oa
+knotwork.i2p,2yocdbcjiyfaqgxb4l6oenrrrrie6nydgmbnbfulqg7cik6bozxq
+kohaar.i2p,qchpjehbhqjbxdo7w3m55jbkrtsneb7oqoxcr24qttiq6j5g3z5q
+krabs.i2p,3yamyk5bgfgovg6zpvtvpdjk37ivjj2wog2w7wha5agzgxxkqaca
+kuroneko.i2p,wbit2huhhwlyqp2j4undccuyrodh6qcmzdeyuaoy5o4ym7g5gdgq
+kycklingar.i2p,gctswdhp4447yibxfbqg3uq2bvx63qjeqnaoaux75zw73leakyva
+lazyguy.i2p,ia6xlsnygorllplx2owokahtrkospukvsmysz7i7bzw3vejc4hdq
+legion.i2p,5oirascyhwfy2tr2horw6mixozsre7z6s7jfq7qbnj523q3bkebq
+legwork.i2p,cuss2sgthm5wfipnnztrjdvtaczb22hnmr2ohnaqqqz3jf6ubf3a
+lenta.i2p,nevfjzoo3eeef3lbj2nqsuwj5qh3veiztiw6gzeu2eokcowns3ra
+libertor.i2p,7gajvk4dnnob6wlkoo2zcws7nor3gunvoi7ofalcps5lc76wruuq
+library.i2p,brqqaq44vbeagesj5o3sxcnkc5yivkwouafyxa77ciu7l644ei2a
+lifebox.i2p,pyqjnycm55cuxow22voqj62qysrjdnb6nbyladaiaiirqi7vp2yq
+linuxagent.i2p,ap5riaikrjq2uv5qvy7klzhhqywvqi7wqscyipsewcun7w2eynlq
+lists.i2p2.i2p,vmfwbic2brek2ez223j6fc6bl5mmouzqvbsch45msvyyzih3iqua
+lm.i2p,yeyar743vuwmm6fpgf3x6bzmj7fxb5uxhuoxx4ea76wqssdi4f3q
+lodikon.i2p,u3f67staiwhqxpacya3clmvurdwd2kp7qcthzhstqnhrmlwc2g4a
+lolicatgirls.i2p,a4lzmjyba7aq7hl6okqpds7znnwymolqnr7xhvno2wraqb7uhfla
+lolifox.i2p,7fd2clkiotjnaoeigdtxlkkb24eik675ovezjf67x26ysham4zca
+longhorn.i2p,pohcihzxzttjclrazhs3p76wt3ih737egb5bovqb6ym3du6z3o7a
+lp.i2p,jiklbujn3cbfikf4pca526jgmorx6mxhil3twqmfoteaplx6ddwq
+lucky.i2p,wx36m3wnpt2y6bngdpg3ifrarvtkpwnluarx377bllpgvkuhybaa
+luckypunk.i2p,y4t6cujjxnnrtln3rgmfbgbh46hic7wkef57krd7opitbgngohka
+lunokhod.i2p,3yc6sp7xic4grmpfecbwuij6z3dp5kdgoo362pszaco7io42mnwa
+m16.i2p,ucsr3eveuc4mx5y6gxnoaywd4ojvbel5q3ynns6s5yfw3vusmfva
+mac7.i2p,3yjowssqzydciwa5zx55kazgf7q7w6g7rkocr7bngy35ii44t34q
+madman2003.i2p,a2sam2xbhxbzmeyobphbxrkdwlppoerewq5qvibbyk3ftsr643qq
+magix.i2p,cgfnyxv62msfynsfbv3kju22j2mt6tfnopshhmrcmpcrxyts6xwq
+magnets.i2p,snz46nez6hrrpg6336neinflw56l3vwatk6bzzytwu77xmsfsoca
+manas.i2p,6qolj62ikkoq6wdn3hbvcbdmlvf2rcyv432kgi5uy7mvrczmjtba
+manveru.i2p,pbmbofs76wpjnxi55eqtwg4y6ltyij72o4fm4sxfjol3y57ze5sq
+marcos.i2p,vpo36bsil2voqaou53zshuegssqaroa5mbrzxfmhjywlbojckalq
+marshmallow.i2p,svdqd6j3y3gwryufcl4fkzpmcujgvrvphvk2oy4r7m75xs327e2q
+marxists.i2p,lepah55qyp2fhuwxlz7bwrhzckn4gkuofivnofoeuyfpmke5x2hq
+mattermost.i2p,x5oovnhnuli5fnwtgkbd5z5jvrvdvprqyuofywx6uoxkk4bie6ya
+me.i2p,dbpegthe42sx2yendpesxgispuohjixm4bds7ts5gjxzni5nu6na
+meeh.i2p,4oes3rlgrpbkmzv4lqcfili23h3cvpwslqcfjlk6vvguxyggspwa
+mesh.firerabbit.i2p,3x5wokr4bjy5z3ynji4fyhvwzv4fvgry3xafi5df5h75doezjytq
+messageinabottle.i2p,avfhe3kvrrv7utxn2vre65lg7damxzzsewq3vukwie4llitd254a
+metrics.i2p,z45ieamhex2ihqv7oowk5fz4qq47rbvxhhhbaaiinpajbhuevtpq
+mhatta.i2p,o4rsxdeepfrnncsnjq675xogp5v5qkbfgbt6ooqeyfvlifobrjxq
+microbleu.i2p,mtapervgibruizniems2yyr47pin2wpysyh7m632rigl26vjc6qa
+microsoft.i2p,hvaqr5idszdyrjph34amb4mjosqd3ynggoxlnj7ciqhnx7q6plza
+mindisl0st.i2p,u7rnqhvsuyxd3fabm4kyzn7brgz3i3cporj2emk2jmbpcmltyf7a
+mindspore.i2p,uuh5dd3y2rqa7x2jpggm4p2pg6znarm5uanwsvybe4tk36ymwr4q
+modulus.i2p,ctz3o6hdefrzwt3hlg6rjhdcbjk6irppbndq32u6jnn4lz72f62a
+monerotools.i2p,5bal7dngxde2ddmhuzbtfken6w5nmxmixtjlrlmxt3wbhnemv73q
+monerujo.i2p,puri6y5dtwh6zr4u77ep6ozatun6iz7v4wai2dzxppz7654corlq
+morph.i2p,iovyp2dao5rta6g5v6hke2s4ugx2btkpcljddak2yhxfrx3l4dqa
+mosbot.i2p,5bhmrp43mjwlzf4x64xgdrkwmw4luvng6eq5waa663a7vnkp732a
+mosfet.i2p,s5ynkgagndmpxpf2kmnenv4x72io664gzd2x3qef54ilammnte3q
+moxonom.i2p,gcjdrvnlobgexh7ebv276pwmnoj3yoyaqm3w4vmmdha4lgxfinqq
+mp3.aum.i2p,n7bmu5dwux7f6gedmdik6zrm77bnls4lkzo2vo3bf4bwegk7vkjq
+mp3.tc.i2p,w3ied5s7ldjcvnhxu2gyofe3oogzbplkyxshzfkhspiy2526snsa
+mpaa.i2p,m6cqnglo7xlytwxkdsmwf3d23d6lq5r446c3tktb2tdmuah36zya
+mrbamboo.i2p,tmpmkx6wlbbrgsnexrqlrib7laoegpbfeop7bnyezegii7hecpxa
+mrflibble.i2p,u7k2qcmkrril6yvudvwxjqz7k3dzgp3jdejjjeapej7liselj3eq
+mrplod.i2p,fjn5hxtybxyfyvdf6u5v5seg2sjd47hb5by6sa6ais4w3xnrxwyq
+mtn.i2p,xisk3h6sku3iqj52uriogaajmnku7pwjux7wa4omx2zloamuw6eq
+mtn.i2p-projekt.i2p,f52x5fp6uhq53f5zle5d6rq5un34xgmxgazvilvmzcby37xcmsfa
+mtn.i2p2.i2p,l6kuhtmgvbp57d7jwalj5nksi6nr4gfzbz4oit62lxgipb3llt5a
+mtn.meeh.i2p,h7ylrsuzzynrxp3jql7anoozyqblavj7eqces6o3wngvuuxhs2la
+mudgaard.i2p,yz32lk42gtoesknesfolq3tt4erxxcejcote5pontaeqev3bj2kq
+mush.zeit.i2p,dk3sg23kljawxqp3cb6xz5mnzjlyckzvq5jhqs5gnvdsv7wqn6ha
+music.i2p,akamh76yi6p7xxbvl3qv3yhaockne57yfuh77acogbgpjmwypvia
+mysterious.i2p,p66g2a4nzfkvidd3l7nwphcnfa3ttyu5kiolcb4czec2rn2kvwsq
+mywastedlife.i2p,ceumy3puvvsrru5bmfmtgsajsx5qyehqac7l7a23xpwtfs2bvcgq
+nacl.i2p,bm2fib3tumer72lopjh4nmqomwvqu2sdfyb2hmr6lnk7jbw3vvia
+nano.i2p,ex5ssv7s3hj6jp7hvadxfw3wvbjbvnczxr4pbk7qw26ihiorjmba
+nassai.i2p,v653cocvn3i6bgjdm3ciwbdnu32supglv6gn4fh23bohemsp545q
+neodome.i2p,5hkhjehj3ct2pvcah7dcylwef2oti3xij5myxbv3pd7rocio5vkq
+news-i2pn.i2p,wwcqkwfo5yhe6uribv5tzylk25j5hkdk6gdnyftzd3k7dawlzwca
+news.neodome.i2p,trhwcnygfkeqjj6g4xhmrdp4gsjqsye47lsxshbmwbten4ywt5oq
+news.underscore.i2p,rl7t3kspoktuatjcu7gf7xleu7y6biibs4fspzo24kll6n7hbq4q
+newsbyte.i2p,gsk3rgsejxxrfabjxu5w5plplxsu47aoeoke22vvhlwwllzosnxq
+nibble.i2p,jmdxcpdzqafedn3clc4y7u6o56qocfiffrzbzncmtggqtio5qjpa
+nic.i2p,vzu5ymab6klevpcdudv4ypisjqaznmt44e6lcg7dwiuza4saibxq
+nickster.i2p,zkwsa6kvq2wdhovw5g5wqakpb7rlaylyhfriwmurots5pvwbqauq
+nickster2.i2p,eofzi7npzpk4p5gb4qper4hmwgxo6kepo3dheeblakewedxj2bwq
+nickyb.i2p,gmpxk4tje7mnud32kg2kjmf36f6cpwqakzc2dxuzjnnz4qr5w4sa
+nightblade.i2p,p4gkon7ytswxrbwkl7vruw6mg7kfw5aofovqjgt4c7tnqmbq6lha
+ninja.i2p,q6dg6hlb3egzdqz352ri5rc4fx4gcrdeu3tpiyfxlv73yfjgrhya
+nm.i2p,3itdpqzyn3ii7sivppo4sxxwhvgtpskzkbokrdibim6gqpvlw5ya
+nntp.baffled.i2p,kc6muo2tih5mttbpzecteegvtonuysjidk3emcy4cm4yifzild2a
+nntp.duck.i2p,gvzzor4utsqxswvf6jaglfks7yxudlz2s326ftrk56i4lpd2s47q
+nntp.fr.i2p,npoztnqadfnu4vrokoh6rusoi3yne47s6jurc3lzhcrzzia5eqva
+nntp.i2p,wwdzmeyler4djegvyt2bxmkwrckfgg3epkkwowyb75s47he6df6q
+no.i2p,lpsg4x4gdrf7antxcdy47cl6abcqei5ommgzt55retq7go5ku3ba
+noname56.i2p,oiyoslismzyxuw7ehxoigmtkdj35idim6flmlplddxuiiif6msfa
+nop.i2p,ssag45lathm4gqp46si7c4w4tioyvjpcza5uvz5x2zuljnplylca
+normal.i2p,j5fex634r2altzb3kjvu35qekt2r3hgsqzg5qxoy7dp53heu5pma
+normanabcd.i2p,si2vh43gvxjnw2shwr24j76xyanow4oa6gbu4idookbraoxl3s3a
+nothingburger.i2p,tesfpn757ysc7nih7mxher2b3jstkc3l5fhfcyb5kxhzhvv52trq
+nothingspecial.i2p,wzrwqrp52bilqijrlboclynuev4kzpjzfzlvzl5aqxqt5fdnpbga
+novospice.i2p,ukqap24nwac4gns77s4zy7j5cagt7l7syb5zo7eukfg3zn5gg5qq
+nsa.i2p,nsetvbclpomqxfcit4mghn6z7vdhnza6jdzczby4crnto32uykga
+nvspc.i2p,anlncoi2fzbsadbujidqmtji7hshfw3nrkqvbgdleepbxx3d5xra
+nxt-wallet.i2p,33pp74k4ivy67z332qpyl3qlcqmi6gxqumrow4bldkblxxlxqq5a
+obmen.i2p,vodkv54jaetjw7q2t2iethc4cbi4gjdrmw2ovfmr43mcybt7ekxa
+obscuratus.i2p,i4j37hcmfssokfb6w3npup77v6v4awdxzxa65ranu34urjs4cota
+ogg.aum.i2p,wchgsx6d6p3czloeqvna2db5jr7odw4v4kqrn4gr4qiipfyrbh5q
+ogg.baffled.i2p,tfbvj2xal6lcuxv3hzuw7cw4g3whguombcv2zuotzvul4qtrimgq
+ol.i2p,bnb46culzbssz6aipcjkuytanflz6dtndyhmlaxn3pfiv6zqrohq
+onboard.i2p,qwlgxrmv62mhdu6bgkh4ufnxowxsatfb6tbs2zr666qyunwqnecq
+onelon.i2p,irkvgdnlc6tidoqomre4qr7q4w4qcjfyvbovatgyolk6d4uvcyha
+onhere.i2p,vwjowg5exhxxsmt4uhjeumuecf5tvticndq2qilfnhzrdumcnuva
+oniichan.i2p,nnkikjorplul4dlytwfovkne66lwo7ln26xzuq33isvixw3wu3yq
+onionforum.i2p,yadam2bp6hccgy7uvcigf5cabknovj5hrplcqxnufcu4ey33pu5q
+ooo.i2p,iqp5wt326fyai5jajsa3vkkk5uk56ofn4anocgpe5iwlpisq6l7a
+opal.i2p,li5kue3hfaqhhvaoxiw2ollhhkw765myhwcijgock5rs4erdqdaa
+open4you.i2p,ice6ax5qrzwfwzsy64bctffj6zlzpuzdr5np65zsxlbt7hztyc6a
+opendiftracker.i2p,bikpeyxci4zuyy36eau5ycw665dplun4yxamn7vmsastejdqtfoq
+openforums.i2p,lho7cvuuzddql24utu7x6mzfsdmxqq7virxp5bcqsxzry2vmwj5q
+opentracker.dg2.i2p,w7tpbzncbcocrqtwwm3nezhnnsw4ozadvi2hmvzdhrqzfxfum7wa
+orion.i2p,5vntdqqckjex274sma3uqckwqep2czxs5zew25zlntwoofxk3sga
+orz.i2p,oxomqkekybmyk6befjlouesit5mhstonzvzd2xnvsk7i6uyrqsfq
+os3.i2p,s7x4ww5osrrfein3xgwyq67wnk6lgliw4mzt7shtu66wrb2zdojq
+osiristomb.i2p,t3slf77axkv3qm7c3gzpv3jgmkraoqqe2bojr6h66eipibofsyzq
+ot.knotwork.i2p,cxhvvfkbp2qbv5qojph7zb46molpe2ffanghnerjag3xdmy6ltxq
+outproxy-tor.meeh.i2p,77igjr2pbg73ox5ngqy5ohzvrnur3ezqcogtl4vpuqtrcl3irsqq
+outproxy.h2ik.i2p,nwgvfpfarpnyjjl4pwsxr2zdsppcx5we3kos2vlwicbiukopgaza
+outproxyng.h2ik.i2p,v32zse2zczzgegelwxbx7n5i2lm2xhh2avltg76h6fz5tb53sfxq
+overchan.oniichan.i2p,g7c54d4b7yva4ktpbaabqeu2yx6axalh4gevb44afpbwm23xuuya
+p4bl0.i2p,lkgdfm4w6e2kkjhcdzr4ahhz26s3aunhrn6t2or436o73qh4z7ga
+pants.i2p,xez3clscjfafkqwk6f473ccp3yvac4kh6rdp6dptwxa2lhixizgq
+papel.i2p,mxskjqntn2d34q4ovsnd5mud7cgde734tdjldd3lt4hczh2645zq
+pasta-nojs.i2p,dkkl3ab6iovxfqnp44wsjgqaabznvu7u3hugpzyagbeqlxgvx3la
+paste.crypthost.i2p,2zaj4u4s4l3lgas2h5p6c6pvzr2dckylkrh5ngabursj4oh25ozq
+paste.i2p2.i2p,b2gizskfea4sjxlw6ru2tb6kdrj47dsjc77cijsf5mzh4ogbmfvq
+paste.r4sas.i2p,csen43keji3qiw6uobsgzysxyjd225g6446ylq5uuz6ur2glkzaa
+pastebin.i2p,mnicncxrg2qqi55qftigiitaheugnj4rpysbk7zabdrirgktelqa
+pastethis.i2p,erkqiwnjl7vtysqd3wvddv6tfvnhswarqkbn4blhdlhfxn7cf2ha
+pdforge.i2p,wzeg3ehf6d2mqjqji3sd3rns776thvhe2vam2r6gjlmsqis2dctq
+perv.i2p,f3k3wm4ae7t7ottfjd4hu6is7zsls73izl2gm2qynzficxcdsiwq
+pgp.duck.i2p,wujajyxj3cgsfsbtr3g7g7npv5ft3de6pcstxlav26zq6cxdjmha
+pharos.i2p,vathk2pyvaskeie63yyg4tshjkx5xt6zfvhwhgr3de67q46ob3sa
+pharoz.i2p,vathk2pyvaskeie63yyg4tshjkx5xt6zfvhwhgr3de67q46ob3sa
+phonebooth.i2p,noxia7rv6uvamoy2fkcgyj4ssjpdt4io6lzgx6jl6wujpufxedrq
+photo.i2p,fqhuy77ugd5htnubzkyy5guvwboqn6goahtmn2g7feewvdj7k3iq
+piespy.i2p,vzusfjzcu5ntnvobcvyzc4dcu4j6ommtnpmba2puk3kexgdzrl7a
+pisekot.i2p,7yzdwhy723fodqz4onp6k3nyvixra2sa6dl45tcblhmyoa7i36nq
+pizdabol.i2p,5vik2232yfwyltuwzq7ht2yocla46q76ioacin2bfofgy63hz6wa
+planet.i2p,y45f23mb2apgywmftrjmfg35oynzfwjed7rxs2mh76pbdeh4fatq
+plugins.i2p,wwgtflbaa7od2fxbw4u7q7uugmdclxf56alddvizugwcz5edjgia
+polecat.i2p,het5jrdn35nhkanxmom5mjyggyvmn2wdj2agyqlrv4mhzhtmavwq
+politguy.i2p,6dkkh3wnlwlr6k7wnlp4dbtf7pebjrph5afra2vqgfjnbihdglkq
+pomoyka.i2p,omt56v4jxa4hurbwk44vqbbcwn3eavuynyc24c25cy7grucjh24q
+pool.gostcoin.i2p,m4f4k3eeaj7otbc254ccj7d5hivguqgnohwelkibr4ddk43qhywa
+pop.mail.i2p,bup6pmac7adgzkb5r6eknk2juczkxigolkwqkbmenawkes5s5qfq
+pop.postman.i2p,ipkiowj7x4yjj7jc35yay3c6gauynkkl64gzzyxra3wmyhtfxlya
+pravtor.i2p,2sr27o5x2v2pyqro7wl5nl6krrsbizwrzsky5y7pkohwh24gn6xq
+pris.i2p,ahiwycgzuutdxvfqu3wseqffdnhy675nes57s4it2uysy5pxmz6a
+project-future.i2p,ivqynpfwxzl746gxf376lxqvgktql2lqshzwnwjk2twut6xq7xta
+projectmayhem2012-086.i2p,ehkjj4ptsagxlo27wpv4a5dk4zxqf4kg4p6fh35xrlz4y6mhe4eq
+protokol.i2p,f4xre35ehc5l6ianjvt3zcktxkjlyp2iwdje65qnu2j6vurhy6nq
+proxynet.i2p,7gar5a3n4hzvsgi73iizo65mjza4kujf7feopfxuwu5p6wtwog5a
+psi.i2p,avviiexdngd32ccoy4kuckvc3mkf53ycvzbz6vz75vzhv4tbpk5a
+psy.i2p,s3elzoj3wo6v6wqu5ehd56vevpz2vrhhjc5m6mxoazicrl43y62q
+psyco.i2p,eoilbrgyaiikxzdtmk2zeoalteupjrvcu3ui23p4wvfqo25bb73q
+pt.hiddenanswers.i2p,o5jlxbbnx3byzgmihqye3kysop5jgl3unsrkmurbtr2nrnl2y74a
+ptm.i2p,7dna5745ynxgogpjermnq26hwrqyjdlsibpjfmjxlwig247bjisa
+ptt.i2p,q7r32j7lc3xgrcw2ym33wv4lfgqbez7vtm4lts7n34qfe3iygeha
+pull.git.repo.i2p,3so7htzxzz6h46qvjm3fbd735zl3lrblerlj2xxybhobublcv67q
+push.git.repo.i2p,jef4g5vxnqybm4zpouum3lzbl6ti6456q57nbyj5kfyldkempm3a
+pycache.awup.i2p,w45lkxdnqhil4sgzanmxce62sv3q4szeowcjb2e72a5y5vbhm4ra
+r4sas.i2p,2gafixvoztrndawkmhfxamci5lgd3urwnilxqmlo6ittu552cndq
+radio.r4sas.i2p,cv72xsje5ihg6e24atitmhyk2cbml6eggi6b6fjfh2vgw62gdpla
+ragnarok.i2p,jpzw6kbuzz3ll2mfi3emcaan4gidyt7ysdhu62r5k5xawrva7kca
+ransack.i2p,mqamk4cfykdvhw5kjez2gnvse56gmnqxn7vkvvbuor4k4j2lbbnq
+rasputin-sucks.i2p,fdozdbyak4rul4jwpqfisbkcx4xbrkuvf2o5r6fd3xryyrjgvjiq
+rebel.i2p,nch2arl45crkyk6bklyk2hrdwjf5nztyxdtoshy6llhwqgxho5jq
+red.i2p,fzbdltgsg7jrpz7gmjfvhpcdnw5yrglwspnxqp4zoym3bglntzfa
+redpanda.i2p,3wcnp6afz4cikqzdu2ktb5wfz7hb3ejdbpn7ocpy7fmeqyzbaiea
+redzara.i2p,ty7bt62rw5ryvk44dd3v5sua6c7wnbpxxqb6v4dohajmwmezi7va
+reefer.i2p,4cde25mrrnt5n4nvp5tl62gej33nekfvq2viubmx4xdakhm5pfaa
+relatelist.i2p,utrer5zgnou72hs4eztmk37pmzdtfw3d6s23wwl7nk3lkqpzbdiq
+repo.i2p,uxe3lqueuuyklel23sf5h25zwgqgjwsofrqchhnptd5y6pedzbxa
+repo.r4sas.i2p,ymzx5zgt6qzdg6nhxnecdgbqjd34ery6mpqolnbyo5kcwxadnodq
+reseed.i2p,j7xszhsjy7orrnbdys7yykrssv5imkn4eid7n5ikcnxuhpaaw6cq
+retrobbs-nntp.i2p,fkyzl24oxcxvjzkx74t3533x7qjketzmvzk6bwn3d6hj5t7hlw6q
+retrobbs.i2p,mnn77stihntxdoade3ca2vcf456w6vhhvdsfepdvq5qggikvprxq
+retrobbs2.i2p,ejff7jtyaus37slkwgeqrrcmyhpj26carp7n27f5h6s5vlbeiy6q
+revo-ua.i2p,hpojpumki22xjwhmhe6zkiy44oanyn7u4ctcfe3in2ibwm5l32hq
+riaa.i2p,lfbezn7amkzhswnx7lb4lxihyggl2kuqo5c7vwkcv6bwqmr4cuoa
+rideronthestorm.i2p,xrdc2qc7quhumhglpbcuiqxr42nuffv4xj4a73jbr4ygepitibqq
+romster.i2p,eaf2stdqdbepylt53egvixdi34g2usvgi7a4oixsja6atkran43a
+rootd.i2p,mzbe5wofwn7eaqq4yefrmxizqaxoslwqxrv5qcv2opx5lnhg64dq
+rospravosudie.i2p,z55khrnlj6bzhs5zielutm6ae6t2bbhfuiujwlrp3teubqyc4w7q
+rotten.i2p,j4bm3rvezlejnb44elniagi5v2gazh7jaqrzhbod2pbxmgeb2frq
+rpi.i2p,56p5qxsrvo5ereibevetw2qbj5bronmos7wxunku27g2s4kpbnlq
+rslight.i2p,bitag46q3465nylvzuikfwjcj7ewi4gjkjtvuxhn73f6vsxffyiq
+rsync.thetower.i2p,w4brpcdod7wnfqhwqrxyt4sbf2acouqfk5wyosfpq4mxq4s35kqa
+ru.hiddenanswers.i2p,o6rmndvggfwnuvxwyq54y667fmmurgveerlzufyrhub6w3vkagva
+ru.i2p,m7fqktjgtmsb3x7bvfrdx4tf7htnhytnz5qi2ujjcnph33u3hnja
+rufurus.i2p,7msryymfdta3ssyz34qur6gi4jyfkvca5iyfmnceviipwu7g2wca
+rus.i2p,gh6655arkncnbrzq5tmq4xpn36734d4tdza6flbw5xppye2dt6ga
+ruslibgen.i2p,kk566cv37hivbjafiij5ryoui2ebxnm7b25gb3troniixopaj6nq
+rutor.i2p,tro5tvvtd2qg34naxhvqp4236it36jjaipbda5vnjmggp55navdq
+salt.i2p,6aflphlze6btsbez5cm4x53ydrmwhqrkxsud535d3qjh4wq62rxq
+sasquotch.i2p,p6535uyfk2y6etc3t47vd3oqxydznqior5jxcvq5bdxe5kw5th6q
+schwarzwald.i2p,4gokilzy73mmudufy3pohgatm42fcstx7uzg5hjvnfyphxpnphuq
+sciencebooks.i2p,ypftjpgck75swz3bnsu4nw7rmrlr2vqsn4mwivwt3zcc3rxln5cq
+scp.duck.i2p,ghbpsolpnveizxu4wbs7jbs2vj3kntnsexfcdleyhpqdhfpxleda
+search.i2p,nz4qj6xaw5fda3rsmsax6yjthqy4c7uak2j3dzcehtkgyso4q46q
+secretchat.i2p,cl3j2zxhpw6u6jevny45i557ojhwfxn4g375nnuqhy6lp27mry2q
+secure.thetinhat.i2p,4q3qyzgz3ub5npbmt3vqqege5lg4zy62rhbgage4lpvnujwfpala
+seeker.i2p,ipll7sit24oyhnwawpvokz5u7dabq6klveuqpx3sbi6o5qemy2bq
+seomon.i2p,5mvpsy4h45w4fx7upen7ay3vkrs5klphz5nptmtcqvc3fsajsm4q
+septu.i2p,5lqvih7yzbqacfi63hwnmih57dxopu5g2o5o4e2aorq7bt4ooyra
+serien.i2p,3z5k3anbbk32thinvwcy4g5al7dmb75fagcm3zgh4rzrt3maphda
+ses.i2p,5qfoz6qfgbo7z5sdi26naxstpi2xiltamkcdbhmj6y6q2bo4inja
+shiftfox.i2p,wpvnuzslu7hjy4gujvnphtyckchdoxccrlhbyomsmjizykczyseq
+shoieq3.i2p,3fjk4nfk3mccch4hdreghnyijcvovsi3yucjz3qzj5sxngqk5j6q
+shoronil.i2p,7shqzgmb6tabiwrnwlasruq7pswy2d3emvfhaitehkqgod7i62sa
+short.i2p,z5mt5rvnanlex6r3x3jnjhzzfqpv36r4ylesynigytegjmebauba
+sion.i2p,lcbmmw2tvplvqh2dq5lmpxl3vnd5o4j3bdul5moa23deakjrso5q
+sirup.i2p,aohdp4yajnkitrtw7v2mo3sp7swuqhjfwlsi5xwd7dudzftumsma
+site.games.i2p,zeuczucfxeev3k7tvqlfcdpfbnqggheiknyyb5r2q4utn3d2auja
+skank.i2p,qiii4iqrj3fwv4ucaji2oykcvsob75jviycv3ghw7dhzxg2kq53q
+slack.i2p,gfcsh2yrb2tx7hyvmobriv52skz7qoobn7n7y7n6xaehhh4rpbja
+slacker.i2p,wq7m2wdguzweleb666ygv3bmfhha63zj74rub76vfesbyhsyk6iq
+smeghead.i2p,ojf4czveeuekxqkjvkszvv7eiop5dg7x2p6rgfzl4ng4xrjk6lja
+smtp.mail.i2p,kdn7zx7fgoe4bn5abaaj5cb3e4ql22fklb5veui5yajpj4cxapya
+smtp.postman.i2p,jj7pt6chsziz6oxxnzpqj7mzhxm2xfhcrbh7dl3tegifb577vx5q
+socks1.tor.i2p,sifawcdexgdmoc3krv46pvvz74nzd6fkju2vzykjxsx3egqsb6wq
+sonax.i2p,jmuxdhlok5ggojehesfjlit2e2q3fhzwwfxjndts7vzdshucbjjq
+sponge.i2p,o5hu7phy7udffuhts6w5wn5mw3sepwe3hyvw6kthti33wa2xn5tq
+squid.i2p,r4ll5zkbokgxlttqc2lrojvvey5yar4xr5prnndvnmggnqzjaeoq
+squid2.i2p,hum4wlwizbsckbudcklflei66qxhpxsdkyo4l2rn256smmjleila
+sqz.i2p,3jvbwc7sy4lnhj25nj7yepx7omli4ulqirnawv3mz6qlhgokjgzq
+ssh.i2p,xpvdadaouc4qr75pteymyozc7mcsynjfkuqqkkla542lpcsqionq
+stasher.i2p,6ilgpudnba4kroleunc2weh5txgoxys5yucij5gla6pjyki4oewa
+stats.i2p,7tbay5p4kzeekxvyvbf6v7eauazemsnnl2aoyqhg5jzpr5eke7tq
+status.str4d.i2p,ycyyjo3psqbo45nuz243xvgvwnmzlanzqbzxv3kh6gyjztv7425q
+sto-man.i2p,rg4eilfpe24ws6nctix63qw2dlvd2tqgwdcgdxzji6l5bc4dc7aa
+str4d.i2p,wrrwzdgsppwl2g2bdohhajz3dh45ui6u3y7yuop5ivvfzxtwnipa
+stream.i2p,prmbv3xm63ksoetnhbzqg4nzu2lhqdnqytgsydb7u3quxfrg7rna
+streams.darkrealm.i2p,ud3gcmvysjch4lbjr2khmhqpf7r2x5if4q43xkqdptl4k7lc4muq
+striker.i2p,4gswsrfpbd44hwjoj33jbqfbwzxfkwpuplb3ydq5zm7nfu2pxvdq
+subrosa.i2p,g3lnglrnoual7wyabnwwv37uwhadgbxiqz36pf3f5cwfuxsx4mxq
+subterra.i2p,vdmhe4u26unzgd7ysq6w36ubjncms5wzbhzr2gq576sq4xut5zwq
+sugadude.i2p,yzjn76iyqard64wgggfrnywkxi7tbfkw7mjhpviqz3p2dguey4yq
+suicidal.i2p,yfamynllow5xiqbbca7eh5xn733wtnuti5bi4ovc7dwycntqmiuq
+sungo.i2p,h67s3jw56rwfyoxqxj3fngrluybsgxc2meendngkehzqowxnpj3q
+surrender.adab.i2p,jgz7xglgfgnjfklrytyn427np2ubipztlm5bxrtbiucayglukrta
+susi.i2p,qc6g2qfi2ccw7vjwpst6rwuofgzbeoewsb2usv7rubutf4gzqveq
+syncline.i2p,5kcqmhislu3lmr7llgmdl72yu3efhyriljdc6wp774ftpwlcs5ra
+syndie-project.i2p,xa63tpfoaqt3zru2ehxjjfbpadwj4ha6qsdvtcqtyr3b7hmt4iaq
+syndie.echelon.i2p,vwrl2qmcif722fdkn3ldxcgz76df5cq4qypbndzthxwgmykyewta
+syndie.i2p,7lm3yzpuejhpl4tt4l7o4ndqlu7hgijohofh7oaydx7q7kelenbq
+syndiemedia.i2p,4lrbbblclodhobn3jadt5bf2yab2pxzoz4ey4a2cvrl44tdv3jma
+tabak.i2p,y5o2vwb6kart7ivpnbpk4yte3i7kf2dsx7fy3i6w7htqtxhmbzia
+tahoeserve.i2p,yhs7tsjeznxdenmdho5gjmk755wtredfzipb5t272oi5otipfkoa
+tc.i2p,qkv2yk6rof3rh7n3eelg5niujae6cmdzcpqbv3wsttedxtqqqj7a
+telegram.i2p,i6jow7hymogz2s42xq62gqgej2zdm4xtnmpc6vjcwktdxpdoupja
+templar.i2p,zxeralsujowfpyi2ynyjooxy222pzz4apc2qcwrfx5ikhf64et7q
+terror.i2p,wsijm6aqz4qtuyn2jedpx6imar5uq4yuhjdgtfqumxbqww47vbnq
+thebland.i2p,oiviukgwapzxsrwxsoucpqa47s3wt6nfuhfjxvgbqsyrze2mwrda
+thebreton.i2p,woutbsflcrlgppx4y7ag2kawlqijyenvlwrhbbvbkoaksuhf2hkq
+thedarkside.i2p,fxt3z33nzkrg5kjrk7bp5vvmu7w2vsn4i6jo6cily3hsm6u664ca
+theland.i2p,26ppxbseda6xmim37ksarccdb4q5ctdagfmt2u5aba6xjh452zsa
+thetower.i2p,3xqa5nype64y6fxgqjq6r5w2qpiqftoraj2niebumseat4cj654a
+thornworld.i2p,vinz4ygmodxarocntyjlfwk2wjpvzndlf4hxss2w2t3fk52oplva
+tino.i2p,e4bfnhvaofu4s67ztcgiskos2mqyhskid64dvlqexxs2c2bno3iq
+tinyurl.i2p,mc4oxv3v7dnyzpvok7v5qxkwtgjprgyz6w7x3tag4fipsen6rdwa
+tome.i2p,qktkxwawgixrm5lzofnj5n24zspbnzxy4pvjm7uvaxvmgwrsuvgq
+tor-gw.meeh.i2p,ounrqi7cfemnt66yhnhigt2u27fkctbvct527cp2522ozy3btjza
+tor-www-proxy.i2p,xov45rvjks5fe4ofmpblkj23bnwxgslbypbgvchbr7yul2ujej2q
+torapa.i2p,eejqjtpko6mdd4opvntbpsuandstrebxpbymfhix7avp5obrw5ta
+torrentfinder.i2p,mpc73okj7wq2xl6clofl64cn6v7vrvhpmi6d524nrsvbeuvjxalq
+torrfreedom.i2p,nfrjvknwcw47itotkzmk6mdlxmxfxsxhbhlr5ozhlsuavcogv4hq
+trac.i2p,kyioa2lgdi2za2fwfwajnb3ljz6zwlx7yzjdpnxnch5uw3iqn6ca
+trac.i2p2.i2p,i43xzkihpdq34f2jlmtgiyyay5quafg5rebog7tk7xil2c6kbyoa
+tracker-fr.i2p,qfrvqrfoqkistgzo2oxpfduz4ktkhtqopleozs3emblmm36fepea
+tracker.awup.i2p,dl47cno335ltvqm6noi5zcij5hpvbj7vjkzuofu262efvu6yp6cq
+tracker.crypthost.i2p,ri5a27ioqd4vkik72fawbcryglkmwyy4726uu5j3eg6zqh2jswfq
+tracker.fr.i2p,rzwqr7pfibq5wlcq4a7akm6ohfyhz7hchmy4wz5t55lhd7dwao5q
+tracker.i2p,lsjcplya2b4hhmezz2jy5gqh6zlk3nskisjkhhwapy3jjly4ds5q
+tracker.lodikon.i2p,q2a7tqlyddbyhxhtuia4bmtqpohpp266wsnrkm6cgoahdqrjo3ra
+tracker.mastertracker.i2p,tiwurhqvaaguwpz2shdahqmcfze5ejre52ed2rmoadnjkkilskda
+tracker.postman.i2p,jfcylf4j3gfmqogkltwy7v5m47wp4h7ffrnfsva6grfdavdn7ueq
+tracker.psi.i2p,vmow3h54yljn7zvzbqepdddt5fmygijujycod2q6yznpy2rrzuwa
+tracker.thebland.i2p,s5ikrdyjwbcgxmqetxb3nyheizftms7euacuub2hic7defkh3xhq
+tracker.welterde.i2p,cfmqlafjfmgkzbt4r3jsfyhgsr5abgxryl6fnz3d3y5a365di5aa
+tracker2.postman.i2p,ahsplxkbhemefwvvml7qovzl5a2b5xo5i7lyai7ntdunvcyfdtna
+traditio.i2p,wkpjjloylf6jopu2itgpktr45t2xvpjijxilxd5tq4i7wkqgwhhq
+trevorreznik.i2p,wc2z6o5fxm2saqzpfcawr63lejwccvzkysmgtfudkrigqopzfdma
+true.i2p,pdilhl5vmefyzrrnmak5bnmxqxk2pmw7rpy4f7wbaeppqu2vvugq
+trwcln.i2p,evml6jiiujhulsgxkdu3wcmkwbokxlv4is6w5qj46tp3ajz3hqzq
+trypanom.i2p,tgv5acj4khwvr6t44cmryohybd2e5o2kndysnzae6qwcr4hzda3q
+ts.i2p,nebcjgfx3f7q4wzihqmguwcdeopaf7f6wyk2dojw4bcuku472zxq
+ttc.i2p,wb4tsfyvfv4idgrultsq6o7inza4fxkc7dijsfpncbx7zko4cdlq
+ttp.i2p,uuczclxejmetohwf2vqewovx3qcumdfh5zecjb3xkcdmk6e5j72a
+tumbach.i2p,u6pciacxnpbsq7nwc3tgutywochfd6aysgayijr7jxzoysgxklvq
+tutorials.i2p,zy37tq6ynucp3ufoyeegswqjaeofmj57cpm5ecd7nbanh2h6f2ja
+ugha.i2p,z3f3owc72awbywk4p6qb5l2mxgitvs6ejztggbpn2a3ddmymfjda
+uk.i2p,vydbychnep3mzkzhg43ptewp242issy47whamfbxodc4ma6wc63a
+underground.i2p,dlnuthb6tpw3kchlb7xoztyspy4ehlggjhl44l64vbcrulrfeica
+underscore.i2p,3gmezyig6gvsjbpkq2kihoskpuqpkfrajmhhm7hpyrjuvtasgepa
+unqueued.i2p,3gvn4kwd7z74jxc2sn4ucx52dpvpscxbzjluux3ul4t3eu5g64xq
+up.i2p,25it5olgdo7pht25z6buzd32sw7jvc65oziqeuocfozfhgua655q
+update.dg.i2p,iqj6ysfh3wl26m4buvyna73yhduifv523l7bwuexxak4mgldexja
+update.killyourtv.i2p,gqdfg25jlqtm35qnmt4b7r53d6u2vep4ob23fwd42iyy4j6cvdqq
+update.postman.i2p,u5rbu6yohfafplp6lgbbmmcuip34s7g3zqdd63cp27dl3nbd7gtq
+utansans.i2p,u2oyre7ygqv4qs5xjjijfg3x7ddwtod6nqwgbomuuzljzvnq4rda
+v2mail.i2p,4gg7fykcqe7oaqt4w5fmlarnia7vtmwkv3h45zzgoj6o6crryg5a
+vadino.i2p,aalttzlt3z25ktokesceweabm5yyhhvml2z3rfotndgpfyh6myra
+visibility.i2p,pwgma3snbsgkddxgb54mrxxkt3l4jzchrtp52vxmw7rbkjygylxq
+volatile.i2p,q6rve733tvhgyys57jfw4fymqf3xsnza6dqailcdjcq7w4fa5m3a
+vpnbest.i2p,ov5f74ndsy5rfkuyps56waf42vxncufqu5rzm3vsnxkdtogccaea
+vudu.i2p,3zlwci7pvgep2igygzyjej24ue7mjsktlhaff6crpsr75yquak2q
+w.i2p,j2xorlcb3qxubnthzqu7lt4fvxqn63it4ikwmze55yjkzeeampuq
+wa11ed.city.i2p,7mxwtmala3ycg2sybjwwfil7s6dqck2fbemeutghhwu73rznmqoa
+wahoo.i2p,vqe5vkpe5wbda7lwekcd2jaj44ar3rawgv54u5rcolezbg5f5vwa
+wallet.gostcoin.i2p,reuvum7lgetglafn72chypesvto773oy53zumagrpigkckybrwda
+wallsgetbombed.i2p,tzhea5d65fllm4263wztghgw4ijdgibsca5xsecp6lk4xlsbdeuq
+web.telegram.i2p,re6cgwg2yrkgaixlqvt5ufajbb3w42fsldlq7k5brpvnd5gp6x5a
+wiht.i2p,yojmpj3sh76g3i6ogzgsf7eouipdgdij5o2blcpdgmu5oyjk5xca
+wiki.fr.i2p,lrqa7hw52uxjb5q3pedmjs6hzos5zrod4y6a4e25hu7vcjhohvxq
+wiki.ilita.i2p,r233yskmowqe4od4he4b37wydr5fqzvj3z77v5fdei2etp2kg34a
+wintermute.i2p,4gvlfrdy2rkmem33c342tjntpvqik65wekcvm4275qbkuwotoila
+wspucktracker.i2p,ubd2txda3kllumx7ftg4unzgqy536cn6dd2ax6mlhodczfas7rgq
+www.aum.i2p,3xolizygkzkqrldncjqsb734szznw2u36lliceuacqnbs2n65aeq
+www.baffled.i2p,lqrsfslwu4xnubkk2hofhmuvvr4dia2zevxefinbzdsjurvehtqq
+www.fr.i2p,rmkgvlfwo3vkb3xrr6epoypxasdzzuilv3sckcqbo6c4os5jo2ea
+www.i2p,ojxyenivrrqvycgbxbm3phgisu5abspzq4g2us4fjlwz4tx222va
+www.i2p2.i2p,rjxwbsw4zjhv4zsplma6jmf5nr24e4ymvvbycd3swgiinbvg7oga
+www.imule.i2p,657xcllunctawyjtar5kgh3wpt6z4l7ba6mmam5rf7hev5w2lsvq
+www.infoserver.i2p,fq7xhxkdcauhwn4loufcadiiy24zbei25elnup33a3gfrdzrtlyq
+www.janonymous.i2p,vosqx5qw22hwrzcgsm4ib7hymf5ryovsbtaexqrzmnzshy5bhakq
+www.mail.i2p,nctas6ioo7aaekfstv3o45yh6ywzwa3vznrdae52ouupzke5pyba
+www.nntp.i2p,kly3o7zmetuwyz7xonnhttw4lj2244pkbibjz26uflyfte3b3dka
+www.postman.i2p,rb3srw2gaooyw63q62cp4udrxxa6molr2irbkgrloveylpkkblhq
+www.syndie.i2p,vojgy5ep4wffmtpjmpnbpa4gq64bgn4yicuw6qmhbm6nqa2ysrva
+www1.squid.i2p,vbh3bltd2duwbukafgj6f6vfi6aigwso7snucp5zohnf66a2hkpa
+xc.i2p,mt45a2z3sb2iyy2mwauj4rwa2lwu4peanfy6gx6ybidwnbasusyq
+xeha.i2p,oartgetziabrdemxctowp7bbeggc7ktmj7tr4qgk5y5jcz4prbtq
+xilog.i2p,eoc5i5q52hutnmsmq56edvooulutaxfikddgdz27otmgtsxmiloq
+xmpp.crypthost.i2p,ittkqpjuliwsdewdugkhvgzstejr2jp5tzou7p332lxx4xw7srba
+xmpp.rpi.i2p,3yv65pfwiwfuv4ciwtx34clqps6o2mc3vtyltcbqdkcki6untbca
+xn--l2bl5aw.i2p,d2epikjh5crt2l5xjmtceqw2ho44hzp6x3u7hgjrd4mi4wywikwa
+xolotl.i2p,rwr6rrlmrotxfkxt22mah42cycliy2g5k7hgxyxkpcyyxkd2bgwq
+xotc.i2p,gqgvzum3xdgtaahkjfw3layb33vjrucmw5btyhrppm463cz3c5oq
+z-lab.i2p,s6g2pz3mrwzsl4ts65ox3scqawfj7mzvd7hn2ekiiycawopkriba
+zab.i2p,n4xen5sohufgjhv327ex4qra77f4tpqohlcyoa3atoboknzqazeq
+zcash.i2p,zcashmliuw3yd2ptfyd5sadatcpyxj4ldiqahtjzg73cgoevxp4q
+zener.i2p,mcbyglflte3dhwhqyafsfpnqtcapqkv2sepqd62wzd7fo2dzz4ca
+zerobin.i2p,3564erslxzaoucqasxsjerk4jz2xril7j2cbzd4p7flpb4ut67hq
+zeroman.i2p,gq77fmto535koofcd53f6yzcc5y57ccrxg3pb6twhcodc7v5dutq
+zeronet.i2p,fe6pk5sibhkr64veqxkfochdfptehyxrrbs3edwjs5ckjbjn4bna
+znc.i2p,uw2yt6njjl676fupd72hiezwmd4ouuywowrph6fvhkzhlnvp7jwa
+znc.str4d.i2p,ufkajv3stxpxlwgwwb2ae6oixdjircnbwog77qxpxv7nt67rpcxq
+zzz.i2p,ukeu3k5oycgaauneqgtnvselmt4yemvoilkln7jpvamvfx7dnkdq

android/assets/i2pd.conf

@@ -4,6 +4,7 @@
 
 #logfile = /sdcard/i2pd/i2pd.log
 loglevel = none
+#tunnelsdir = /sdcard/i2pd/tunnels.d
 
 # host = 1.2.3.4
 # port = 4567
@@ -36,7 +37,12 @@ port = 7070
 enabled = true
 address = 127.0.0.1
 port = 4444
-# keys = http-proxy-keys.dat
+inbound.length = 1
+inbound.quantity = 5
+outbound.length = 1
+outbound.quantity = 5
+signaturetype=7
+keys = proxy-keys.dat
 # addresshelper = true
 # outproxy = http://false.i2p
 ## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
@@ -45,7 +51,7 @@ port = 4444
 enabled = true
 address = 127.0.0.1
 port = 4447
-# keys = socks-proxy-keys.dat
+keys = proxy-keys.dat
 # outproxy.enabled = false
 # outproxy = 127.0.0.1
 # outproxyport = 9050
@@ -79,3 +85,6 @@ verify = true
 
 [limits]
 transittunnels = 50
+
+[persist]
+profiles = false

android/assets/tunnels.d

@@ -0,0 +1 @@
+../../contrib/tunnels.d

android/build.gradle

@@ -2,9 +2,10 @@ buildscript {
     repositories {
         mavenCentral()
         jcenter()
+        google()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:2.3.3'
+        classpath 'com.android.tools.build:gradle:3.3.2'
     }
 }
 
@@ -18,25 +19,27 @@ repositories {
 }
 
 dependencies {
-    compile 'com.android.support:support-compat:28.0.0'
+    implementation 'com.android.support:support-compat:28.0.0'
 }
 
 android {
     compileSdkVersion 28
-    buildToolsVersion "28.0.1"
+    buildToolsVersion "28.0.3"
     defaultConfig {
         applicationId "org.purplei2p.i2pd"
         targetSdkVersion 28
         minSdkVersion 14
-        versionCode 1
-        versionName "2.21.1"
+        versionCode 2250
+        versionName "2.25.0"
         ndk {
             abiFilters 'armeabi-v7a'
             abiFilters 'x86'
+            //abiFilters 'arm64-v8a'
+            //abiFilters 'x86_64'
         }
         externalNativeBuild {
             ndkBuild {
-                arguments "-j4"
+                arguments "-j3"
             }
         }
     }
@@ -49,6 +52,15 @@ android {
             assets.srcDirs = ['assets']
         }
     }
+    splits {
+        abi {
+            // change that to true if you need splitted apk
+            enable false
+            reset()
+            include "armeabi-v7a", "arm64-v8a", "x86", "x86_64"
+            universalApk true
+        }
+    }
     signingConfigs {
         orignal {
             storeFile file("i2pdapk.jks")
@@ -70,5 +82,3 @@ android {
         }
     }
 }
-
-

android/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,6 @@
+#Thu Mar 14 18:21:08 MSK 2019
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.1-all.zip

android/gradlew

@@ -0,0 +1,172 @@
+#!/usr/bin/env sh
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
+  cd "$(dirname "$0")"
+fi
+
+exec "$JAVACMD" "$@"

android/gradlew.bat

@@ -0,0 +1,84 @@
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS=
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windows variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

android/jni/Android.mk

@@ -25,43 +25,43 @@ include $(BUILD_SHARED_LIBRARY)
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_system
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_system.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_system.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_date_time
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_date_time.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_date_time.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_filesystem
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_filesystem.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_filesystem.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_program_options
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_program_options.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_program_options.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := crypto
-LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1/$(TARGET_ARCH_ABI)/lib/libcrypto.a
-LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1/include
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/$(TARGET_ARCH_ABI)/lib/libcrypto.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := ssl
-LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1/$(TARGET_ARCH_ABI)/lib/libssl.a
-LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1/include
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/$(TARGET_ARCH_ABI)/lib/libssl.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/include
 LOCAL_STATIC_LIBRARIES := crypto
 include $(PREBUILT_STATIC_LIBRARY)
 

android/jni/Application.mk

@@ -1,27 +1,22 @@
-#APP_ABI := all
-APP_ABI := armeabi-v7a x86
-#APP_ABI := x86
-#APP_ABI := x86_64
-#APP_ABI := armeabi-v7a
-#can be android-3 but will fail for x86 since arch-x86 is not present at ndkroot/platforms/android-3/ . libz is taken from there.
-APP_PLATFORM := android-14
+#APP_ABI := armeabi-v7a x86
+#APP_PLATFORM := android-14
 
-# http://stackoverflow.com/a/21386866/529442 http://stackoverflow.com/a/15616255/529442 to enable c++11 support in Eclipse
-NDK_TOOLCHAIN_VERSION := 4.9
-# APP_STL := stlport_shared  --> does not seem to contain C++11 features
-APP_STL := gnustl_shared
+# ABI arm64-v8a and x86_64 supported only from platform-21
+#APP_ABI := arm64-v8a x86_64
+#APP_PLATFORM := android-21
+
+NDK_TOOLCHAIN_VERSION := clang
+#APP_STL := c++_shared
+APP_STL := c++_static
 
 # Enable c++11 extensions in source code
-APP_CPPFLAGS += -std=c++11
+APP_CPPFLAGS += -std=c++11 -fexceptions -frtti
 
 APP_CPPFLAGS += -DANDROID -D__ANDROID__ -DUSE_UPNP
 ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
 APP_CPPFLAGS += -DANDROID_ARM7A
 endif
 
-# Forcing debug optimization. Use `ndk-build NDK_DEBUG=1` instead.
-#APP_OPTIM  := debug
-
 # git clone https://github.com/PurpleI2P/Boost-for-Android-Prebuilt.git
 # git clone https://github.com/PurpleI2P/OpenSSL-for-Android-Prebuilt.git
 # git clone https://github.com/PurpleI2P/MiniUPnP-for-Android-Prebuilt.git

android/jni/DaemonAndroid.cpp

@@ -39,7 +39,7 @@ namespace android
 		emit resultReady();
 	}
 
-    Controller::Controller(DaemonAndroidImpl& daemon):
+	Controller::Controller(DaemonAndroidImpl& daemon):
 		m_Daemon (daemon)
 	{
 		Worker *worker = new Worker (m_Daemon);
@@ -57,19 +57,21 @@ namespace android
 		workerThread.quit();
 		workerThread.wait();
 		Log.d(TAG"Waiting for daemon worker thread finished.");
-        if(m_Daemon.isRunning())
-        {
-		    Log.d(TAG"Stopping the daemon...");
-            m_Daemon.stop();
-		    Log.d(TAG"Stopped the daemon.");
+		if(m_Daemon.isRunning())
+		{
+			Log.d(TAG"Stopping the daemon...");
+			m_Daemon.stop();
+			Log.d(TAG"Stopped the daemon.");
 		}
 	}
 */
+	std::string dataDir = "";
+
 	DaemonAndroidImpl::DaemonAndroidImpl ()
 		//:
-        /*mutex(nullptr), */
-        //m_IsRunning(false),
-        //m_RunningChangedCallback(nullptr)
+		/*mutex(nullptr), */
+		//m_IsRunning(false),
+		//m_RunningChangedCallback(nullptr)
 	{
 	}
 
@@ -82,10 +84,10 @@ namespace android
 	{
 		//mutex=new QMutex(QMutex::Recursive);
 		//setRunningCallback(0);
-        //m_IsRunning=false;
-		
-		// make sure assets are ready before proceed	
-		i2p::fs::DetectDataDir("", false);
+		//m_IsRunning=false;
+
+		// make sure assets are ready before proceed
+		i2p::fs::DetectDataDir(dataDir, false);
 		int numAttempts = 0;
 		do
 		{
@@ -93,7 +95,7 @@ namespace android
 			numAttempts++;
 			std::this_thread::sleep_for (std::chrono::seconds(1)); // otherwise wait for 1 more second
 		}
-		while (numAttempts <= 10); // 10 seconds max	
+		while (numAttempts <= 10); // 10 seconds max
 		return Daemon.init(argc,argv);
 	}
 
@@ -125,16 +127,16 @@ namespace android
 
 	bool DaemonAndroidImpl::isRunning()
 	{
-        return m_IsRunning;
+		return m_IsRunning;
 	}
 
 	void DaemonAndroidImpl::setRunning(bool newValue)
 	{
-        bool oldValue = m_IsRunning;
+		bool oldValue = m_IsRunning;
 		if(oldValue!=newValue)
 		{
-            m_IsRunning = newValue;
-		    if(m_RunningChangedCallback)
+			m_IsRunning = newValue;
+			if(m_RunningChangedCallback)
 				m_RunningChangedCallback();
 		}
 	}
@@ -183,14 +185,14 @@ namespace android
 		catch (boost::exception& ex)
 		{
 			std::stringstream ss;
-		    ss << boost::diagnostic_information(ex);
-		    return ss.str();
+			ss << boost::diagnostic_information(ex);
+			return ss.str();
 		}
 		catch (std::exception& ex)
 		{
 			std::stringstream ss;
-		    ss << ex.what();
-		    return ss.str();
+			ss << ex.what();
+			return ss.str();
 		}
 		catch(...)
 		{
@@ -203,5 +205,10 @@ namespace android
 	{
 		daemon.stop();
 	}
+
+	void SetDataDir(std::string jdataDir)
+	{
+		dataDir = jdataDir;
+	}
 }
 }

android/jni/DaemonAndroid.h

@@ -7,45 +7,47 @@ namespace i2p
 {
 namespace android
 {
-    class DaemonAndroidImpl
-    {
-    public:
+	class DaemonAndroidImpl
+	{
+	public:
 
 		DaemonAndroidImpl ();
 		~DaemonAndroidImpl ();
 
-        //typedef void (*runningChangedCallback)();
+		//typedef void (*runningChangedCallback)();
 
-        /**
-         * @return success
-         */
-        bool init(int argc, char* argv[]);
-        void start();
-        void stop();
-        void restart();
-        //void setRunningCallback(runningChangedCallback cb);
-        //bool isRunning();
-    private:
-        //void setRunning(bool running);
+		/**
+		 * @return success
+		 */
+		bool init(int argc, char* argv[]);
+		void start();
+		void stop();
+		void restart();
+		//void setRunningCallback(runningChangedCallback cb);
+		//bool isRunning();
+	private:
+		//void setRunning(bool running);
 	private:
 		//QMutex* mutex;
-        //bool m_IsRunning;
+		//bool m_IsRunning;
 		//runningChangedCallback m_RunningChangedCallback;
-    };
+	};
 
 	/**
 	 * returns "ok" if daemon init failed
 	 * returns errinfo if daemon initialized and started okay
 	 */
-    std::string start();
+	std::string start();
 
-    // stops the daemon
-    void stop();
+	// stops the daemon
+	void stop();
 
-    /*
+	// set datadir received from jni
+	void SetDataDir(std::string jdataDir);
+	/*
 	class Worker : public QObject
-    {
-        Q_OBJECT
+	{
+		Q_OBJECT
 	public:
 
 		Worker (DaemonAndroidImpl& daemon);
@@ -54,33 +56,33 @@ namespace android
 
 		DaemonAndroidImpl& m_Daemon;
 
-    public slots:
-        void startDaemon();
-        void restartDaemon();
-        void stopDaemon();
+	public slots:
+		void startDaemon();
+		void restartDaemon();
+		void stopDaemon();
 
-    signals:
-        void resultReady();
-    };
+	signals:
+		void resultReady();
+	};
 
-    class Controller : public QObject
-    {
-        Q_OBJECT
-        QThread workerThread;
-    public:
-        Controller(DaemonAndroidImpl& daemon);
-        ~Controller();
+	class Controller : public QObject
+	{
+		Q_OBJECT
+		QThread workerThread;
+	public:
+		Controller(DaemonAndroidImpl& daemon);
+		~Controller();
 	private:
 		DaemonAndroidImpl& m_Daemon;
 
-    public slots:
-        void handleResults(){}
-    signals:
-        void startDaemon();
-        void stopDaemon();
-        void restartDaemon();
-    };
-    */
+	public slots:
+		void handleResults(){}
+	signals:
+		void startDaemon();
+		void stopDaemon();
+		void restartDaemon();
+	};
+	*/
 }
 }
 

android/jni/i2pd_android.cpp

@@ -1,5 +1,3 @@
-
-//#include <string.h>
 #include <jni.h>
 #include "org_purplei2p_i2pd_I2PD_JNI.h"
 #include "DaemonAndroid.h"
@@ -7,60 +5,90 @@
 #include "Transports.h"
 
 JNIEXPORT jstring JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_getABICompiledWith
-  (JNIEnv * env, jclass clazz) {
+	(JNIEnv *env, jclass clazz) {
 #if defined(__arm__)
-  #if defined(__ARM_ARCH_7A__)
-    #if defined(__ARM_NEON__)
-      #if defined(__ARM_PCS_VFP)
-        #define ABI "armeabi-v7a/NEON (hard-float)"
-      #else
-        #define ABI "armeabi-v7a/NEON"
-      #endif
-    #else
-      #if defined(__ARM_PCS_VFP)
-        #define ABI "armeabi-v7a (hard-float)"
-      #else
-        #define ABI "armeabi-v7a"
-      #endif
-    #endif
-  #else
-   #define ABI "armeabi"
-  #endif
-#elif defined(__i386__)
-   #define ABI "x86"
-#elif defined(__x86_64__)
-   #define ABI "x86_64"
-#elif defined(__mips64)  /* mips64el-* toolchain defines __mips__ too */
-   #define ABI "mips64"
-#elif defined(__mips__)
-   #define ABI "mips"
-#elif defined(__aarch64__)
-   #define ABI "arm64-v8a"
-#else
-   #define ABI "unknown"
+	#if defined(__ARM_ARCH_7A__)
+		#if defined(__ARM_NEON__)
+			#if defined(__ARM_PCS_VFP)
+				#define ABI "armeabi-v7a/NEON (hard-float)"
+				#else
+				#define ABI "armeabi-v7a/NEON"
+			#endif
+			#else
+			#if defined(__ARM_PCS_VFP)
+				#define ABI "armeabi-v7a (hard-float)"
+				#else
+				#define ABI "armeabi-v7a"
+			#endif
+		#endif
+		#else
+		#define ABI "armeabi"
+	#endif
+	#elif defined(__i386__)
+	#define ABI "x86"
+	#elif defined(__x86_64__)
+	#define ABI "x86_64"
+	#elif defined(__mips64)  /* mips64el-* toolchain defines __mips__ too */
+	#define ABI "mips64"
+	#elif defined(__mips__)
+	#define ABI "mips"
+	#elif defined(__aarch64__)
+	#define ABI "arm64-v8a"
+	#else
+	#define ABI "unknown"
 #endif
 
-    return env->NewStringUTF(ABI);
+	return env->NewStringUTF(ABI);
 }
 
 JNIEXPORT jstring JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_startDaemon
-  (JNIEnv * env, jclass clazz) {
+	(JNIEnv *env, jclass clazz) {
 	return env->NewStringUTF(i2p::android::start().c_str());
 }
 
 JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_stopDaemon
-  (JNIEnv * env, jclass clazz) {
+	(JNIEnv *env, jclass clazz) {
 	i2p::android::stop();
 }
 
 JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_stopAcceptingTunnels
-  (JNIEnv * env, jclass clazz) {
+	(JNIEnv *env, jclass clazz) {
 	i2p::context.SetAcceptsTunnels (false);
 }
 
+JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_startAcceptingTunnels
+	(JNIEnv *env, jclass clazz) {
+	i2p::context.SetAcceptsTunnels (true);
+}
+
 JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_onNetworkStateChanged
-  (JNIEnv * env, jclass clazz, jboolean isConnected)
-{
+	(JNIEnv *env, jclass clazz, jboolean isConnected) {
 	bool isConnectedBool = (bool) isConnected;
 	i2p::transport::transports.SetOnline (isConnectedBool);
 }
+
+JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_setDataDir
+	(JNIEnv *env, jclass clazz, jstring jdataDir) {
+
+	/*
+	// Method 1: convert UTF-16 jstring to std::string (https://stackoverflow.com/a/41820336)
+	const jclass stringClass = env->GetObjectClass(jdataDir);
+	const jmethodID getBytes = env->GetMethodID(stringClass, "getBytes", "(Ljava/lang/String;)[B");
+	const jbyteArray stringJbytes = (jbyteArray) env->CallObjectMethod(jdataDir, getBytes, env->NewStringUTF("UTF-8"));
+
+	size_t length = (size_t) env->GetArrayLength(stringJbytes);
+	jbyte* pBytes = env->GetByteArrayElements(stringJbytes, NULL);
+
+	std::string dataDir = std::string((char *)pBytes, length);
+	env->ReleaseByteArrayElements(stringJbytes, pBytes, JNI_ABORT);
+
+	env->DeleteLocalRef(stringJbytes);
+	env->DeleteLocalRef(stringClass); */
+
+	// Method 2: get string chars and make char array.
+	auto dataDir = env->GetStringUTFChars(jdataDir, NULL);
+	env->ReleaseStringUTFChars(jdataDir, dataDir);
+
+	// Set DataDir
+	i2p::android::SetDataDir(dataDir);
+}

android/jni/org_purplei2p_i2pd_I2PD_JNI.h

@@ -13,19 +13,25 @@ extern "C" {
  * Signature: ()Ljava/lang/String;
  */
 JNIEXPORT jstring JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_getABICompiledWith
-  (JNIEnv *, jclass);
+	(JNIEnv *, jclass);
 
 JNIEXPORT jstring JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_startDaemon
-  (JNIEnv *, jclass);
+	(JNIEnv *, jclass);
 
 JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_stopDaemon
-  (JNIEnv *, jclass);
+	(JNIEnv *, jclass);
 
 JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_stopAcceptingTunnels
-  (JNIEnv *, jclass);
+	(JNIEnv *, jclass);
+
+JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_startAcceptingTunnels
+	(JNIEnv *, jclass);
 
 JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_onNetworkStateChanged
-  (JNIEnv * env, jclass clazz, jboolean isConnected);
+	(JNIEnv * env, jclass clazz, jboolean isConnected);
+
+JNIEXPORT void JNICALL Java_org_purplei2p_i2pd_I2PD_1JNI_setDataDir
+	(JNIEnv *env, jclass clazz, jstring jdataDir);
 
 #ifdef __cplusplus
 }

android/res/values-ru/strings.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string name="app_name">i2pd</string>
+    <string name="action_stop">Остановить</string>
+    <string name="action_graceful_stop">Корректная остановка</string>
+    <string name="action_cancel_graceful_stop">Отменить корректную остановку</string>
+    <string name="graceful_stop_is_already_in_progress">Корректная остановка уже запущена</string>
+    <string name="graceful_stop_is_in_progress">Корректная остановка запущена</string>
+    <string name="already_stopped">Уже остановлено</string>
+    <string name="uninitialized">Приложение инициализируется</string>
+    <string name="starting">Приложение запускается</string>
+    <string name="jniLibraryLoaded">Загружены JNI библиотеки</string>
+    <string name="startedOkay">Приложение запущено</string>
+    <string name="startFailed">Запуск не удался</string>
+    <string name="gracefulShutdownInProgress">Корректная остановка запущена</string>
+    <string name="stopped">Приложение было остановлено</string>
+    <string name="remaining">осталось</string>
+    <string name="title_activity_i2_pdperms_asker_prompt">Запрос</string>
+    <string name="permDenied">Права для записи на SD карту отклонены, вам необходимо предоставить их для продолжения</string>
+</resources>

android/res/values/strings.xml

@@ -1,18 +1,20 @@
 <?xml version="1.0" encoding="utf-8"?>
-<resources>
+<resources xmlns:tools="http://schemas.android.com/tools" tools:ignore="MissingTranslation">
     <string name="app_name">i2pd</string>
     <string name="action_stop">Stop</string>
     <string name="action_graceful_stop">Graceful Stop</string>
+    <string name="action_cancel_graceful_stop">Cancel Graceful Stop</string>
     <string name="graceful_stop_is_already_in_progress">Graceful stop is already in progress</string>
     <string name="graceful_stop_is_in_progress">Graceful stop is in progress</string>
     <string name="already_stopped">Already stopped</string>
-    <string name="uninitialized">i2pd initializing</string>
-    <string name="starting">i2pd is starting</string>
-    <string name="jniLibraryLoaded">i2pd: loaded JNI libraries</string>
-    <string name="startedOkay">i2pd started</string>
-    <string name="startFailed">i2pd start failed</string>
-    <string name="gracefulShutdownInProgress">i2pd: graceful shutdown in progress</string>
-    <string name="stopped">i2pd has stopped</string>
+    <string name="uninitialized">Application initializing</string>
+    <string name="starting">Application starting</string>
+    <string name="jniLibraryLoaded">Loaded JNI libraries</string>
+    <string name="startedOkay">Application Started</string>
+    <string name="startFailed">Start failed</string>
+    <string name="gracefulShutdownInProgress">Graceful shutdown in progress</string>
+    <string name="stopped">Application stopped</string>
     <string name="remaining">remaining</string>
     <string name="title_activity_i2_pdperms_asker_prompt">Prompt</string>
+    <string name="permDenied">SD card write permission denied, you need to allow this to continue</string>
 </resources>

android/src/org/purplei2p/i2pd/DaemonSingleton.java

@@ -2,18 +2,18 @@ package org.purplei2p.i2pd;
 
 import java.util.HashSet;
 import java.util.Set;
-
+import android.os.Environment;
 import android.util.Log;
 
+import org.purplei2p.i2pd.R;
+
 public class DaemonSingleton {
-	private static final String TAG="i2pd";
+	private static final String TAG = "i2pd";
 	private static final DaemonSingleton instance = new DaemonSingleton();
 	public interface StateUpdateListener { void daemonStateUpdate(); }
 	private final Set<StateUpdateListener> stateUpdateListeners = new HashSet<>();
 
-	public static DaemonSingleton getInstance() {
-		return instance;
-	}
+	public static DaemonSingleton getInstance() { return instance; }
 
 	public synchronized void addStateChangeListener(StateUpdateListener listener) { stateUpdateListeners.add(listener); }
 	public synchronized void removeStateChangeListener(StateUpdateListener listener) { stateUpdateListeners.remove(listener); }
@@ -33,27 +33,34 @@ public class DaemonSingleton {
 		}
 	}
 
+	public synchronized void startAcceptingTunnels() {
+		if(isStartedOkay()){
+			setState(State.startedOkay);
+			I2PD_JNI.startAcceptingTunnels();
+		}
+	}
+
 	private volatile boolean startedOkay;
 
 	public enum State {
-        uninitialized(R.string.uninitialized),
-        starting(R.string.starting),
-        jniLibraryLoaded(R.string.jniLibraryLoaded),
-        startedOkay(R.string.startedOkay),
-        startFailed(R.string.startFailed),
-        gracefulShutdownInProgress(R.string.gracefulShutdownInProgress),
-        stopped(R.string.stopped);
+		uninitialized(R.string.uninitialized),
+		starting(R.string.starting),
+		jniLibraryLoaded(R.string.jniLibraryLoaded),
+		startedOkay(R.string.startedOkay),
+		startFailed(R.string.startFailed),
+		gracefulShutdownInProgress(R.string.gracefulShutdownInProgress),
+		stopped(R.string.stopped);
 
-        State(int statusStringResourceId) {
-            this.statusStringResourceId = statusStringResourceId;
-        }
+		State(int statusStringResourceId) {
+			this.statusStringResourceId = statusStringResourceId;
+		}
 
-        private final int statusStringResourceId;
+		private final int statusStringResourceId;
 
-        public int getStatusStringResourceId() {
-            return statusStringResourceId;
-        }
-    };
+		public int getStatusStringResourceId() {
+			return statusStringResourceId;
+		}
+	};
 
 	private volatile State state = State.uninitialized;
 
@@ -75,6 +82,7 @@ public class DaemonSingleton {
 				}
 				try {
 					synchronized (DaemonSingleton.this) {
+						I2PD_JNI.setDataDir(Environment.getExternalStorageDirectory().getAbsolutePath() + "/i2pd");
 						daemonStartResult = I2PD_JNI.startDaemon();
 						if("ok".equals(daemonStartResult)){
 							setState(State.startedOkay);
@@ -84,7 +92,6 @@ public class DaemonSingleton {
 				} catch (Throwable tr) {
 					lastThrowable=tr;
 					setState(State.startFailed);
-					return;
 				}
 			}
 

android/src/org/purplei2p/i2pd/ForegroundService.java

@@ -1,5 +1,6 @@
 package org.purplei2p.i2pd;
 
+import android.annotation.TargetApi;
 import android.app.Notification;
 import android.app.NotificationChannel;
 import android.app.NotificationManager;
@@ -16,134 +17,133 @@ import android.util.Log;
 import android.widget.Toast;
 
 public class ForegroundService extends Service {
-    private static final String TAG="FgService";
+	private static final String TAG="FgService";
 
-    private volatile boolean shown;
+	private volatile boolean shown;
 
-    private final DaemonSingleton.StateUpdateListener daemonStateUpdatedListener =
-            new DaemonSingleton.StateUpdateListener() {
+	private final DaemonSingleton.StateUpdateListener daemonStateUpdatedListener =
+			new DaemonSingleton.StateUpdateListener() {
 
-                @Override
-                public void daemonStateUpdate() {
-                    try {
-                        synchronized (ForegroundService.this) {
-                            if (shown) cancelNotification();
-                            showNotification();
-                        }
-                    } catch (Throwable tr) {
-                        Log.e(TAG,"error ignored",tr);
-                    }
-                }
-            };
+				@Override
+				public void daemonStateUpdate() {
+					try {
+						synchronized (ForegroundService.this) {
+							if (shown) cancelNotification();
+							showNotification();
+						}
+					} catch (Throwable tr) {
+						Log.e(TAG,"error ignored",tr);
+					}
+				}
+			};
 
 
-    private NotificationManager notificationManager;
+	private NotificationManager notificationManager;
 
-    // Unique Identification Number for the Notification.
-    // We use it on Notification start, and to cancel it.
-    private int NOTIFICATION = 1;
+	// Unique Identification Number for the Notification.
+	// We use it on Notification start, and to cancel it.
+	private int NOTIFICATION = 1;
 
-    /**
-     * Class for clients to access.  Because we know this service always
-     * runs in the same process as its clients, we don't need to deal with
-     * IPC.
-     */
-    public class LocalBinder extends Binder {
-        ForegroundService getService() {
-            return ForegroundService.this;
-        }
-    }
+	/**
+	 * Class for clients to access.  Because we know this service always
+	 * runs in the same process as its clients, we don't need to deal with
+	 * IPC.
+	 */
+	public class LocalBinder extends Binder {
+		ForegroundService getService() {
+			return ForegroundService.this;
+		}
+	}
 
-    @Override
-    public void onCreate() {
-        notificationManager = (NotificationManager)getSystemService(NOTIFICATION_SERVICE);
+	@Override
+	public void onCreate() {
+		notificationManager = (NotificationManager)getSystemService(NOTIFICATION_SERVICE);
 
-        synchronized (this) {
-            DaemonSingleton.getInstance().addStateChangeListener(daemonStateUpdatedListener);
-            if (!shown) daemonStateUpdatedListener.daemonStateUpdate();
-        }
-        // Tell the user we started.
-//        Toast.makeText(this, R.string.i2pd_service_started, Toast.LENGTH_SHORT).show();
-    }
+		synchronized (this) {
+			DaemonSingleton.getInstance().addStateChangeListener(daemonStateUpdatedListener);
+			if (!shown) daemonStateUpdatedListener.daemonStateUpdate();
+		}
+		// Tell the user we started.
+//		Toast.makeText(this, R.string.i2pd_service_started, Toast.LENGTH_SHORT).show();
+	}
 
-    @Override
-    public int onStartCommand(Intent intent, int flags, int startId) {
-        Log.i("ForegroundService", "Received start id " + startId + ": " + intent);
-        return START_STICKY;
-    }
+	@Override
+	public int onStartCommand(Intent intent, int flags, int startId) {
+		Log.i("ForegroundService", "Received start id " + startId + ": " + intent);
+		return START_STICKY;
+	}
 
-    @Override
-    public void onDestroy() {
-        DaemonSingleton.getInstance().removeStateChangeListener(daemonStateUpdatedListener);
-        cancelNotification();
-    }
+	@Override
+	public void onDestroy() {
+		DaemonSingleton.getInstance().removeStateChangeListener(daemonStateUpdatedListener);
+		cancelNotification();
+	}
 
-    private synchronized void cancelNotification() {
-        // Cancel the persistent notification.
-        notificationManager.cancel(NOTIFICATION);
+	private synchronized void cancelNotification() {
+		// Cancel the persistent notification.
+		notificationManager.cancel(NOTIFICATION);
 
-        stopForeground(true);
+		stopForeground(true);
 
-        // Tell the user we stopped.
-//        Toast.makeText(this, R.string.i2pd_service_stopped, Toast.LENGTH_SHORT).show();
-        shown=false;
-    }
+		// Tell the user we stopped.
+		//Toast.makeText(this, R.string.i2pd_service_stopped, Toast.LENGTH_SHORT).show();
+		shown=false;
+	}
 
-    @Override
-    public IBinder onBind(Intent intent) {
-        return mBinder;
-    }
+	@Override
+	public IBinder onBind(Intent intent) {
+		return mBinder;
+	}
 
-    // This is the object that receives interactions from clients.  See
-    // RemoteService for a more complete example.
-    private final IBinder mBinder = new LocalBinder();
+	// This is the object that receives interactions from clients.  See
+	// RemoteService for a more complete example.
+	private final IBinder mBinder = new LocalBinder();
 
-    /**
-     * Show a notification while this service is running.
-     */
-    private synchronized void showNotification() {
-        // In this sample, we'll use the same text for the ticker and the expanded notification
-        CharSequence text = getText(DaemonSingleton.getInstance().getState().getStatusStringResourceId());
+	/**
+	 * Show a notification while this service is running.
+	 */
+	private synchronized void showNotification() {
+		// In this sample, we'll use the same text for the ticker and the expanded notification
+		CharSequence text = getText(DaemonSingleton.getInstance().getState().getStatusStringResourceId());
 
-        // The PendingIntent to launch our activity if the user selects this notification
-        PendingIntent contentIntent = PendingIntent.getActivity(this, 0,
-                new Intent(this, I2PDActivity.class), 0);
+		// The PendingIntent to launch our activity if the user selects this notification
+		PendingIntent contentIntent = PendingIntent.getActivity(this, 0,
+				new Intent(this, I2PDActivity.class), 0);
 
-        // If earlier version channel ID is not used
-        // https://developer.android.com/reference/android/support/v4/app/NotificationCompat.Builder.html#NotificationCompat.Builder(android.content.Context)
-        String channelId = (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) ? createNotificationChannel() : "";
+		// If earlier version channel ID is not used
+		// https://developer.android.com/reference/android/support/v4/app/NotificationCompat.Builder.html#NotificationCompat.Builder(android.content.Context)
+		String channelId = (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) ? createNotificationChannel() : "";
 
-        // Set the info for the views that show in the notification panel.
-        Notification notification = new NotificationCompat.Builder(this, channelId)
-                .setOngoing(true)
-                .setSmallIcon(R.drawable.itoopie_notification_icon) // the status icon
-                .setPriority(Notification.PRIORITY_DEFAULT)
-                .setCategory(Notification.CATEGORY_SERVICE)
-                .setTicker(text) // the status text
-                .setWhen(System.currentTimeMillis()) // the time stamp
-                .setContentTitle(getText(R.string.app_name)) // the label of the entry
-                .setContentText(text) // the contents of the entry
-                .setContentIntent(contentIntent) // The intent to send when the entry is clicked
-                .build();
+		// Set the info for the views that show in the notification panel.
+		Notification notification = new NotificationCompat.Builder(this, channelId)
+				.setOngoing(true)
+				.setSmallIcon(R.drawable.itoopie_notification_icon) // the status icon
+				.setPriority(Notification.PRIORITY_DEFAULT)
+				.setCategory(Notification.CATEGORY_SERVICE)
+				.setTicker(text) // the status text
+				.setWhen(System.currentTimeMillis()) // the time stamp
+				.setContentTitle(getText(R.string.app_name)) // the label of the entry
+				.setContentText(text) // the contents of the entry
+				.setContentIntent(contentIntent) // The intent to send when the entry is clicked
+				.build();
 
-        // Send the notification.
-        //mNM.notify(NOTIFICATION, notification);
-        startForeground(NOTIFICATION, notification);
-        shown = true;
-    }
+		// Send the notification.
+		//mNM.notify(NOTIFICATION, notification);
+		startForeground(NOTIFICATION, notification);
+		shown = true;
+	}
 
-    @RequiresApi(Build.VERSION_CODES.O)
-    private synchronized String createNotificationChannel() {
-        String channelId = getString(R.string.app_name);
-        CharSequence channelName = "I2Pd service";
-        NotificationChannel chan = new NotificationChannel(channelId, channelName, NotificationManager.IMPORTANCE_LOW);
-        //chan.setLightColor(Color.PURPLE);
-        chan.setLockscreenVisibility(Notification.VISIBILITY_PRIVATE);
-        NotificationManager service = (NotificationManager)getSystemService(Context.NOTIFICATION_SERVICE);
-        service.createNotificationChannel(chan);
-        return channelId;
-    }
+	@RequiresApi(Build.VERSION_CODES.O)
+	private synchronized String createNotificationChannel() {
+		String channelId = getString(R.string.app_name);
+		CharSequence channelName = "I2Pd service";
+		NotificationChannel chan = new NotificationChannel(channelId, channelName, NotificationManager.IMPORTANCE_LOW);
+		//chan.setLightColor(Color.PURPLE);
+		chan.setLockscreenVisibility(Notification.VISIBILITY_PRIVATE);
+		NotificationManager service = (NotificationManager)getSystemService(Context.NOTIFICATION_SERVICE);
+		service.createNotificationChannel(chan);
+		return channelId;
+	}
 
-    private static final DaemonSingleton daemon = DaemonSingleton.getInstance();
+	private static final DaemonSingleton daemon = DaemonSingleton.getInstance();
 }
-

android/src/org/purplei2p/i2pd/I2PDActivity.java

@@ -13,13 +13,16 @@ import java.io.StringWriter;
 import java.util.Timer;
 import java.util.TimerTask;
 
+import android.Manifest;
 import android.app.Activity;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.ServiceConnection;
 import android.content.res.AssetManager;
+import android.content.pm.PackageManager;
 import android.os.Bundle;
+import android.os.Build;
 import android.os.Environment;
 import android.os.IBinder;
 import android.util.Log;
@@ -27,12 +30,15 @@ import android.view.Menu;
 import android.view.MenuItem;
 import android.widget.TextView;
 import android.widget.Toast;
+import android.support.v4.app.ActivityCompat;
+import android.support.v4.content.ContextCompat;
 
 // For future package update checking
 import org.purplei2p.i2pd.BuildConfig;
 
 public class I2PDActivity extends Activity {
 	private static final String TAG = "i2pdActvt";
+	private static final int MY_PERMISSION_REQUEST_WRITE_EXTERNAL_STORAGE = 1;
 	public static final int GRACEFUL_DELAY_MILLIS = 10 * 60 * 1000;
 
 	private TextView textView;
@@ -60,9 +66,9 @@ public class I2PDActivity extends Activity {
 						}
 						DaemonSingleton.State state = daemon.getState();
 						textView.setText(
-						String.valueOf(state)+
-						(DaemonSingleton.State.startFailed.equals(state)?": "+daemon.getDaemonStartResult():"")+
-						(DaemonSingleton.State.gracefulShutdownInProgress.equals(state)?":  "+formatGraceTimeRemaining()+" "+getText(R.string.remaining):"")
+						String.valueOf(getText(state.getStatusStringResourceId()))+
+						(DaemonSingleton.State.startFailed.equals(state) ? ": "+daemon.getDaemonStartResult() : "")+
+						(DaemonSingleton.State.gracefulShutdownInProgress.equals(state) ? ":  "+formatGraceTimeRemaining()+" "+getText(R.string.remaining) : "")
 						);
 					} catch (Throwable tr) {
 						Log.e(TAG,"error ignored",tr);
@@ -93,6 +99,17 @@ public class I2PDActivity extends Activity {
 		daemon.addStateChangeListener(daemonStateUpdatedListener);
 		daemonStateUpdatedListener.daemonStateUpdate();
 
+		 // request permissions
+		if (Build.VERSION.SDK_INT >= 23)
+		{
+			if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) != PackageManager.PERMISSION_GRANTED) 
+			{
+				ActivityCompat.requestPermissions(this,
+					new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+					MY_PERMISSION_REQUEST_WRITE_EXTERNAL_STORAGE);
+			}
+		}
+
 		// set the app be foreground
 		doBindService();
 
@@ -119,6 +136,24 @@ public class I2PDActivity extends Activity {
 		}
 	}
 
+	@Override
+	public void onRequestPermissionsResult(int requestCode, String permissions[], int[] grantResults) 
+	{
+		switch (requestCode) 
+		{
+			case MY_PERMISSION_REQUEST_WRITE_EXTERNAL_STORAGE:
+			{
+				if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) 
+					Log.e(TAG, "Memory permission granted");
+				else 
+					Log.e(TAG, "Memory permission declined");
+					// TODO: terminate
+				return;
+			}
+			default: ;
+		}
+	}
+
 	private static void cancelGracefulStop() {
 		Timer gracefulQuitTimer = getGracefulQuitTimer();
 		if(gracefulQuitTimer!=null) {
@@ -205,7 +240,16 @@ public class I2PDActivity extends Activity {
 			i2pdStop();
 			return true;
 			case R.id.action_graceful_stop:
-			i2pdGracefulStop();
+				if (getGracefulQuitTimer()!= null)
+				{
+					item.setTitle(R.string.action_graceful_stop);
+					i2pdCancelGracefulStop ();
+				}
+				else
+				{
+					item.setTitle(R.string.action_cancel_graceful_stop);	
+					i2pdGracefulStop();
+				}
 			return true;
 		}
 
@@ -248,7 +292,7 @@ public class I2PDActivity extends Activity {
 
 			@Override
 			public void run() {
-				try{
+				try {
 					Log.d(TAG, "grac stopping");
 					if(daemon.isStartedOkay()) {
 						daemon.stopAcceptingTunnels();
@@ -258,16 +302,42 @@ public class I2PDActivity extends Activity {
 							gracefulStopAtMillis = graceStartedMillis + GRACEFUL_DELAY_MILLIS;
 						}
 						rescheduleGraceStop(null,gracefulStopAtMillis);
-						}else{
+					} else {
 						i2pdStop();
 					}
-					} catch(Throwable tr) {
+				} catch(Throwable tr) {
 					Log.e(TAG,"",tr);
 				}
 			}
 
 		},"gracInit").start();
 	}
+	
+	private void i2pdCancelGracefulStop() 
+	{
+		cancelGracefulStop();
+		Toast.makeText(this, R.string.startedOkay, Toast.LENGTH_SHORT).show();
+		new Thread(new Runnable()
+		{
+			@Override
+			public void run() 
+			{
+				try
+				{
+					Log.d(TAG, "grac stopping cancel");
+					if(daemon.isStartedOkay()) 
+						daemon.startAcceptingTunnels();
+					else
+						i2pdStop();
+				}
+				catch(Throwable tr)
+				{
+					Log.e(TAG,"",tr);
+				}
+			}
+
+		},"gracCancel").start();
+	}
 
 	private void rescheduleGraceStop(Timer gracefulQuitTimerOld, long gracefulStopAtMillis) {
 		if(gracefulQuitTimerOld!=null)gracefulQuitTimerOld.cancel();
@@ -400,7 +470,9 @@ public class I2PDActivity extends Activity {
 			}
 
 			// copy assets. If processed file exists, it won't be overwrited
+			copyAsset("addressbook");
 			copyAsset("certificates");
+			copyAsset("tunnels.d");
 			copyAsset("i2pd.conf");
 			copyAsset("subscriptions.txt");
 			copyAsset("tunnels.conf");

android/src/org/purplei2p/i2pd/I2PDPermsAskerActivity.java

@@ -15,157 +15,156 @@ import java.lang.reflect.Method;
 //android.permission.WRITE_EXTERNAL_STORAGE
 public class I2PDPermsAskerActivity extends Activity {
 
-    private static final int PERMISSION_WRITE_EXTERNAL_STORAGE = 0;
+	private static final int PERMISSION_WRITE_EXTERNAL_STORAGE = 0;
 
-    private Button button_request_write_ext_storage_perms;
-    private TextView textview_retry;
+	private Button button_request_write_ext_storage_perms;
+	private TextView textview_retry;
 
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        //if less than Android 6, no runtime perms req system present
-        if (android.os.Build.VERSION.SDK_INT < 23) {
-            startMainActivity();
-            return;
-        }
+	@Override
+	protected void onCreate(Bundle savedInstanceState) {
+		super.onCreate(savedInstanceState);
+		//if less than Android 6, no runtime perms req system present
+		if (android.os.Build.VERSION.SDK_INT < 23) {
+			startMainActivity();
+			return;
+		}
 
 
-        setContentView(R.layout.activity_perms_asker);
-        button_request_write_ext_storage_perms = (Button) findViewById(R.id.button_request_write_ext_storage_perms);
-        textview_retry = (TextView) findViewById(R.id.textview_retry);
+		setContentView(R.layout.activity_perms_asker);
+		button_request_write_ext_storage_perms = (Button) findViewById(R.id.button_request_write_ext_storage_perms);
+		textview_retry = (TextView) findViewById(R.id.textview_retry);
 
-        button_request_write_ext_storage_perms.setOnClickListener(new View.OnClickListener() {
-            @Override
-            public void onClick(View view) {
-                request_write_ext_storage_perms();
-            }
-        });
-        request_write_ext_storage_perms();
-    }
+		button_request_write_ext_storage_perms.setOnClickListener(new View.OnClickListener() {
+			@Override
+			public void onClick(View view) {
+				request_write_ext_storage_perms();
+			}
+		});
+		request_write_ext_storage_perms();
+	}
 
-    private void request_write_ext_storage_perms() {
+	private void request_write_ext_storage_perms() {
 
-        textview_retry.setVisibility(TextView.GONE);
-        button_request_write_ext_storage_perms.setVisibility(Button.GONE);
+		textview_retry.setVisibility(TextView.GONE);
+		button_request_write_ext_storage_perms.setVisibility(Button.GONE);
 
-        Method methodCheckPermission;
-        Method method_shouldShowRequestPermissionRationale;
-        Method method_requestPermissions;
-        try {
-            methodCheckPermission = getClass().getMethod("checkSelfPermission", String.class);
-            method_shouldShowRequestPermissionRationale =
-                    getClass().getMethod("shouldShowRequestPermissionRationale", String.class);
-            method_requestPermissions =
-                    getClass().getMethod("requestPermissions", String[].class, int.class);
-        } catch (NoSuchMethodException e) {
-            throw new RuntimeException(e);
-        }
-        Integer resultObj;
-        try {
-            resultObj = (Integer) methodCheckPermission.invoke(
-                    this, Manifest.permission.WRITE_EXTERNAL_STORAGE);
-        } catch (Throwable e) {
-            throw new RuntimeException(e);
-        }
+		Method methodCheckPermission;
+		Method method_shouldShowRequestPermissionRationale;
+		Method method_requestPermissions;
+		try {
+			methodCheckPermission = getClass().getMethod("checkSelfPermission", String.class);
+			method_shouldShowRequestPermissionRationale =
+					getClass().getMethod("shouldShowRequestPermissionRationale", String.class);
+			method_requestPermissions =
+					getClass().getMethod("requestPermissions", String[].class, int.class);
+		} catch (NoSuchMethodException e) {
+			throw new RuntimeException(e);
+		}
+		Integer resultObj;
+		try {
+			resultObj = (Integer) methodCheckPermission.invoke(
+					this, Manifest.permission.WRITE_EXTERNAL_STORAGE);
+		} catch (Throwable e) {
+			throw new RuntimeException(e);
+		}
 
-        if (resultObj != PackageManager.PERMISSION_GRANTED) {
+		if (resultObj != PackageManager.PERMISSION_GRANTED) {
 
-            // Should we show an explanation?
-            Boolean aBoolean;
-            try {
-                aBoolean = (Boolean) method_shouldShowRequestPermissionRationale.invoke(this,
-                        Manifest.permission.WRITE_EXTERNAL_STORAGE);
-            } catch (Exception e) {
-                throw new RuntimeException(e);
-            }
-            if (aBoolean) {
+			// Should we show an explanation?
+			Boolean aBoolean;
+			try {
+				aBoolean = (Boolean) method_shouldShowRequestPermissionRationale.invoke(this,
+						Manifest.permission.WRITE_EXTERNAL_STORAGE);
+			} catch (Exception e) {
+				throw new RuntimeException(e);
+			}
+			if (aBoolean) {
 
-                // Show an explanation to the user *asynchronously* -- don't block
-                // this thread waiting for the user's response! After the user
-                // sees the explanation, try again to request the permission.
+				// Show an explanation to the user *asynchronously* -- don't block
+				// this thread waiting for the user's response! After the user
+				// sees the explanation, try again to request the permission.
 
-                showExplanation();
+				showExplanation();
 
-            } else {
+			} else {
 
-                // No explanation needed, we can request the permission.
+				// No explanation needed, we can request the permission.
 
-                try {
-                    method_requestPermissions.invoke(this,
-                            new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
-                            PERMISSION_WRITE_EXTERNAL_STORAGE);
-                } catch (Exception e) {
-                    throw new RuntimeException(e);
-                }
-            }
-        } else startMainActivity();
-    }
+				try {
+					method_requestPermissions.invoke(this,
+							new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+							PERMISSION_WRITE_EXTERNAL_STORAGE);
+				} catch (Exception e) {
+					throw new RuntimeException(e);
+				}
+			}
+		} else startMainActivity();
+	}
 
-    @Override
-    public void onRequestPermissionsResult(int requestCode,
-                                           String permissions[], int[] grantResults) {
-        switch (requestCode) {
-            case PERMISSION_WRITE_EXTERNAL_STORAGE: {
-                // If request is cancelled, the result arrays are empty.
-                if (grantResults.length > 0
-                        && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
+	@Override
+	public void onRequestPermissionsResult(int requestCode,
+		String permissions[], int[] grantResults) {
+		switch (requestCode) {
+			case PERMISSION_WRITE_EXTERNAL_STORAGE: {
+				// If request is cancelled, the result arrays are empty.
+				if (grantResults.length > 0
+						&& grantResults[0] == PackageManager.PERMISSION_GRANTED) {
 
-                    // permission was granted, yay! Do the
-                    // contacts-related task you need to do.
+					// permission was granted, yay! Do the
+					// contacts-related task you need to do.
 
-                    startMainActivity();
+					startMainActivity();
 
-                } else {
+				} else {
 
-                    // permission denied, boo! Disable the
-                    // functionality that depends on this permission.
-                    textview_retry.setText("SD card write permission denied, you need to allow this to continue");
-                    textview_retry.setVisibility(TextView.VISIBLE);
-                    button_request_write_ext_storage_perms.setVisibility(Button.VISIBLE);
-                }
-                return;
-            }
+					// permission denied, boo! Disable the
+					// functionality that depends on this permission.
+					textview_retry.setText(R.string.permDenied);
+					textview_retry.setVisibility(TextView.VISIBLE);
+					button_request_write_ext_storage_perms.setVisibility(Button.VISIBLE);
+				}
+			}
 
-            // other 'case' lines to check for other
-            // permissions this app might request.
-        }
-    }
+			// other 'case' lines to check for other
+			// permissions this app might request.
+		}
+	}
 
-    private void startMainActivity() {
-        startActivity(new Intent(this, I2PDActivity.class));
-        finish();
-    }
+	private void startMainActivity() {
+		startActivity(new Intent(this, I2PDActivity.class));
+		finish();
+	}
 
-    private static final int SHOW_EXPLANATION_REQUEST = 1;  // The request code
-    private void showExplanation() {
-        Intent intent = new Intent(this, I2PDPermsExplanationActivity.class);
-        startActivityForResult(intent, SHOW_EXPLANATION_REQUEST);
-    }
+	private static final int SHOW_EXPLANATION_REQUEST = 1;  // The request code
+	private void showExplanation() {
+		Intent intent = new Intent(this, I2PDPermsExplanationActivity.class);
+		startActivityForResult(intent, SHOW_EXPLANATION_REQUEST);
+	}
 
-    @Override
-    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
-        // Check which request we're responding to
-        if (requestCode == SHOW_EXPLANATION_REQUEST) {
-            // Make sure the request was successful
-            if (resultCode == RESULT_OK) {
-                // Request the permission
-                Method method_requestPermissions;
-                try {
-                    method_requestPermissions =
-                            getClass().getMethod("requestPermissions", String[].class, int.class);
-                } catch (NoSuchMethodException e) {
-                    throw new RuntimeException(e);
-                }
-                try {
-                    method_requestPermissions.invoke(this,
-                            new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
-                            PERMISSION_WRITE_EXTERNAL_STORAGE);
-                } catch (Exception e) {
-                    throw new RuntimeException(e);
-                }
-            } else {
-                finish(); //close the app
-            }
-        }
-    }
+	@Override
+	protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+		// Check which request we're responding to
+		if (requestCode == SHOW_EXPLANATION_REQUEST) {
+			// Make sure the request was successful
+			if (resultCode == RESULT_OK) {
+				// Request the permission
+				Method method_requestPermissions;
+				try {
+					method_requestPermissions =
+							getClass().getMethod("requestPermissions", String[].class, int.class);
+				} catch (NoSuchMethodException e) {
+					throw new RuntimeException(e);
+				}
+				try {
+					method_requestPermissions.invoke(this,
+							new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
+							PERMISSION_WRITE_EXTERNAL_STORAGE);
+				} catch (Exception e) {
+					throw new RuntimeException(e);
+				}
+			} else {
+				finish(); //close the app
+			}
+		}
+	}
 }

android/src/org/purplei2p/i2pd/I2PDPermsExplanationActivity.java

@@ -9,30 +9,30 @@ import android.widget.Button;
 
 public class I2PDPermsExplanationActivity extends Activity {
 
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        setContentView(R.layout.activity_perms_explanation);
-        ActionBar actionBar = getActionBar();
-        if(actionBar!=null)actionBar.setHomeButtonEnabled(false);
-        Button button_ok = (Button) findViewById(R.id.button_ok);
-        button_ok.setOnClickListener(new View.OnClickListener() {
-            @Override
-            public void onClick(View view) {
-                returnFromActivity();
-            }
-        });
-    }
+	@Override
+	protected void onCreate(Bundle savedInstanceState) {
+		super.onCreate(savedInstanceState);
+		setContentView(R.layout.activity_perms_explanation);
+		ActionBar actionBar = getActionBar();
+		if(actionBar!=null)actionBar.setHomeButtonEnabled(false);
+		Button button_ok = (Button) findViewById(R.id.button_ok);
+		button_ok.setOnClickListener(new View.OnClickListener() {
+			@Override
+			public void onClick(View view) {
+				returnFromActivity();
+			}
+		});
+	}
 
-    private void returnFromActivity() {
-        Intent data = new Intent();
-        Activity parent = getParent();
-        if (parent == null) {
-            setResult(Activity.RESULT_OK, data);
-        } else {
-            parent.setResult(Activity.RESULT_OK, data);
-        }
-        finish();
-    }
+	private void returnFromActivity() {
+		Intent data = new Intent();
+		Activity parent = getParent();
+		if (parent == null) {
+			setResult(Activity.RESULT_OK, data);
+		} else {
+			parent.setResult(Activity.RESULT_OK, data);
+		}
+		finish();
+	}
 
 }

android/src/org/purplei2p/i2pd/I2PD_JNI.java

@@ -1,21 +1,27 @@
 package org.purplei2p.i2pd;
 
 public class I2PD_JNI {
-    public static native String getABICompiledWith();
+	public static native String getABICompiledWith();
+
 	/**
 	 * returns error info if failed
 	 * returns "ok" if daemon initialized and started okay
 	 */
-    public static native String startDaemon();
-    //should only be called after startDaemon() success
-    public static native void stopDaemon();
+	public static native String startDaemon();
 
-    public static native void stopAcceptingTunnels();
+	//should only be called after startDaemon() success
+	public static native void stopDaemon();
+
+	public static native void stopAcceptingTunnels();
+
+	public static native void startAcceptingTunnels();
 
 	public static native void onNetworkStateChanged(boolean isConnected);
 
+	public static native void setDataDir(String jdataDir);
+
 	public static void loadLibraries() {
-    	System.loadLibrary("gnustl_shared");
-        System.loadLibrary("i2pd");
-    }
+		//System.loadLibrary("c++_shared");
+		System.loadLibrary("i2pd");
+	}
 }

android/src/org/purplei2p/i2pd/NetworkStateChangeReceiver.java

@@ -9,12 +9,12 @@ import android.net.NetworkInfo;
 
 public class NetworkStateChangeReceiver extends BroadcastReceiver {
 
-    private static final String TAG = "i2pd";
+	private static final String TAG = "i2pd";
 
 	//api level 1
-    @Override
-    public void onReceive(final Context context, final Intent intent) {
-        Log.d(TAG,"Network state change");
+	@Override
+	public void onReceive(final Context context, final Intent intent) {
+		Log.d(TAG,"Network state change");
 		try {
 			ConnectivityManager cm = (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE);
 			NetworkInfo activeNetworkInfo = cm.getActiveNetworkInfo();
@@ -26,5 +26,5 @@ public class NetworkStateChangeReceiver extends BroadcastReceiver {
 		} catch (Throwable tr) {
 			Log.d(TAG,"",tr);
 		}
-    }
+	}
 }

android_binary_only/jni/Android.mk

@@ -26,43 +26,43 @@ include $(BUILD_EXECUTABLE)
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_system
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_system.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_system.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_date_time
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_date_time.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_date_time.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_filesystem
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_filesystem.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_filesystem.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := boost_program_options
-LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_64_0/$(TARGET_ARCH_ABI)/lib/libboost_program_options.a
-LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_64_0/include
+LOCAL_SRC_FILES := $(BOOST_PATH)/boost_1_68_0-clang/$(TARGET_ARCH_ABI)/lib/libboost_program_options.a
+LOCAL_EXPORT_C_INCLUDES := $(BOOST_PATH)/boost_1_68_0-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := crypto
-LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1/$(TARGET_ARCH_ABI)/lib/libcrypto.a
-LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1/include
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/$(TARGET_ARCH_ABI)/lib/libcrypto.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/include
 include $(PREBUILT_STATIC_LIBRARY)
 
 LOCAL_PATH := $(call my-dir)
 include $(CLEAR_VARS)
 LOCAL_MODULE := ssl
-LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1/$(TARGET_ARCH_ABI)/lib/libssl.a
-LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1/include
+LOCAL_SRC_FILES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/$(TARGET_ARCH_ABI)/lib/libssl.a
+LOCAL_EXPORT_C_INCLUDES := $(OPENSSL_PATH)/openssl-1.1.1a-clang/include
 LOCAL_STATIC_LIBRARIES := crypto
 include $(PREBUILT_STATIC_LIBRARY)
 

android_binary_only/jni/Application.mk

@@ -1,16 +1,13 @@
-#APP_ABI := all
-#APP_ABI := armeabi-v7a x86
-#APP_ABI := x86
-#APP_ABI := x86_64
-APP_ABI := armeabi-v7a
+APP_ABI := all
+#APP_ABI += x86
+#APP_ABI += x86_64
+#APP_ABI += armeabi-v7a
+#APP_ABI += arm64-v8a
 #can be android-3 but will fail for x86 since arch-x86 is not present at ndkroot/platforms/android-3/ . libz is taken from there.
 APP_PLATFORM := android-14
 
-# http://stackoverflow.com/a/21386866/529442 http://stackoverflow.com/a/15616255/529442 to enable c++11 support in Eclipse
-NDK_TOOLCHAIN_VERSION := 4.9
-# APP_STL := stlport_shared  --> does not seem to contain C++11 features
-#APP_STL := gnustl_shared
-APP_STL := gnustl_static
+NDK_TOOLCHAIN_VERSION := clang
+APP_STL := c++_static
 
 # Enable c++11 extensions in source code
 APP_CPPFLAGS += -std=c++11 -fvisibility=default -fPIE

appveyor.yml

@@ -1,4 +1,4 @@
-version: 2.21.1.{build}
+version: 2.25.0.{build}
 pull_requests:
   do_not_increment_build_number: true
 branches:

build/CMakeLists.txt

@@ -364,8 +364,8 @@ if (NOT ZLIB_FOUND )
     set( ZLIB_EXTRA -DASM686=ON "-DCMAKE_ASM_MASM_FLAGS=/W0 /safeseh" )
   endif()
   ExternalProject_Add(zlib-project
-    URL http://zlib.net/zlib-1.2.8.tar.gz
-    URL_MD5 44d667c142d7cda120332623eab69f40
+    URL https://zlib.net/zlib-1.2.11.tar.gz
+    URL_HASH SHA256=c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1
     PREFIX ${CMAKE_CURRENT_BINARY_DIR}/zlib
     PATCH_COMMAND "${PATCH}" -p0 < ${CMAKE_CURRENT_SOURCE_DIR}/cmake-zlib-static.patch
       && "${PATCH}" -p0 < ${CMAKE_CURRENT_SOURCE_DIR}/cmake-zlib-amd64.patch

build/build_mingw.cmd

@@ -21,6 +21,8 @@ set MSYSTEM=MINGW32
 
 set "xSH=%WD%bash -lc"
 
+set "FILELIST=i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates contrib/tunnels.d"
+
 REM detecting number of processors and subtract 1.
 set /a threads=%NUMBER_OF_PROCESSORS%-1
 
@@ -62,12 +64,12 @@ exit /b 0
 %xSH% "make clean" >> nul
 echo Building i2pd %tag% for win%bitness%:
 echo Build AVX+AESNI...
-%xSH% "make DEBUG=no USE_UPNP=yes USE_AVX=1 USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx_aesni.log 2>&1
+%xSH% "make DEBUG=no USE_UPNP=yes USE_AVX=1 USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx_aesni.zip %FILELIST% && make clean" > build/build_win%bitness%_avx_aesni_%tag%.log 2>&1
 echo Build AVX...
-%xSH% "make DEBUG=no USE_UPNP=yes USE_AVX=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_avx.log 2>&1
+%xSH% "make DEBUG=no USE_UPNP=yes USE_AVX=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_avx.zip %FILELIST% && make clean" > build/build_win%bitness%_avx_%tag%.log 2>&1
 echo Build AESNI...
-%xSH% "make DEBUG=no USE_UPNP=yes USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_aesni.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%_aesni.log 2>&1
+%xSH% "make DEBUG=no USE_UPNP=yes USE_AESNI=1 -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw_aesni.zip %FILELIST% && make clean" > build/build_win%bitness%_aesni_%tag%.log 2>&1
 echo Build without extensions...
-%xSH% "make DEBUG=no USE_UPNP=yes -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip i2pd.exe README.txt contrib/i2pd.conf contrib/tunnels.conf contrib/certificates && make clean" > build/build_win%bitness%.log 2>&1
+%xSH% "make DEBUG=no USE_UPNP=yes -j%threads% && zip -r9 build/i2pd_%tag%_win%bitness%_mingw.zip %FILELIST% && make clean" > build/build_win%bitness%_%tag%.log 2>&1
 
 :EOF

contrib/android_binary_pack/.gitignore

@@ -0,0 +1,2 @@
+archive
+i2pd_*_android_binary.zip

contrib/android_binary_pack/build-archive

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Copyright (c) 2013-2017, The PurpleI2P Project
+#
+# This file is part of Purple i2pd project and licensed under BSD3
+#
+# See full license text in LICENSE file at top of project tree
+
+GITDESC=$(git describe --tags)
+
+declare -A ABILIST=(
+	["armeabi-v7a"]="armv7l"
+	["arm64-v8a"]="aarch64"
+	["x86"]="x86"
+	["x86_64"]="x86_64"
+)
+
+# Remove old files and archives
+if [ -d archive ]; then
+	rm -r archive
+fi
+
+if [ -f i2pd_*_android_binary.zip ]; then
+	rm i2pd_*_android_binary.zip
+fi
+
+# Prepare files for package
+mkdir archive
+
+for ABI in "${!ABILIST[@]}"; do
+	if [ -f ../../android_binary_only/libs/${ABI}/i2pd ]; then
+		cp ../../android_binary_only/libs/${ABI}/i2pd archive/i2pd-${ABILIST[$ABI]}
+	fi
+done
+
+cp i2pd archive/i2pd
+cp -rH ../../android/assets/* archive/
+
+# Compress files
+cd archive
+zip -r6 ../i2pd_${GITDESC}_android_binary.zip .
+
+# Remove temporary folder
+cd ..
+rm -r archive

contrib/android_binary_pack/i2pd

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# Copyright (c) 2013-2019, The PurpleI2P Project
+#
+# This file is part of Purple i2pd project and licensed under BSD3
+#
+# See full license text in LICENSE file at top of project tree
+#
+# That script written for use with Termux.
+
+# https://stackoverflow.com/a/246128
+SOURCE="${0}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )"
+
+arch=$(uname -m)
+
+screenfind=$(which screen)
+if [ -z $screenfind ]; then
+	echo "Can't find 'screen' installed. That script needs it!";
+	exit 1;
+fi
+
+if [ -z i2pd-$arch ]; then
+	echo "Can't find i2pd binary for your archtecture.";
+	exit 1;
+fi
+
+screen -AmdS i2pd ./i2pd-$arch --datadir=$DIR

contrib/certificates/reseed/reseedi2pnetin_at_mail.i2p.crt

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3DCCA8SgAwIBAgIQPxUlcrbHX/xdyJ09E36rJzANBgkqhkiG9w0BAQsFADB3
+MQswCQYDVQQGEwJYWDELMAkGA1UEBxMCWFgxCzAJBgNVBAkTAlhYMR4wHAYDVQQK
+ExVJMlAgQW5vbnltb3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEgMB4GA1UEAwwX
+cmVzZWVkaTJwbmV0aW5AbWFpbC5pMnAwHhcNMTgxMjA3MTYzNDIxWhcNMjgxMjA3
+MTYzNDIxWjB3MQswCQYDVQQGEwJYWDELMAkGA1UEBxMCWFgxCzAJBgNVBAkTAlhY
+MR4wHAYDVQQKExVJMlAgQW5vbnltb3VzIE5ldHdvcmsxDDAKBgNVBAsTA0kyUDEg
+MB4GA1UEAwwXcmVzZWVkaTJwbmV0aW5AbWFpbC5pMnAwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC912NDk6x85uqB4gyQQcded0RVrbWehWOanDRv7kC3
+92jeziPbeMtqrLsfU1MdDtQiGijpNkQ/IIitPw+6vJAIh82gyOUZvsn2XOyb/Fz0
+Fu8OrDghwl39yK8kwtqCFw3VAgafgKxz2oRge9mxFBECi50vYEPIBwNhr4yc/opu
+wWUmzmRyX4gD7vKmRU6ZTwX4LXnwdl+5VbW3updcZKsDuTnKvC9FGhDRR9kIk2G9
+43sLN263nCYPykP7DaB1cUdi1vDEMw5dot+eu16qTIbuypEvYNvbB/9FyCQllm1h
+vBbSku3IYpcnRPmoeyhoR/MmCySRbK5R4SrSsVD1YBpwxgn0Q4+fzEgFzT9P4oez
+HkDGKVP2HdgmXx9j36fEqqvjqzRleWDwEWwIZVRLCFO+hhhT3JAjnNGJTWv1SQGB
+8tz9nyYTJuhvyHE/CO5owFeCdeOGMq2KPge9w34T+mvewTEEhGU8yRAt8Xp8s5Y9
+RCUGvuQ79+edRtj7FJg7yVB8pAQ+VB9msNQvzrTnPYC9Wo7chJhBiraMiIabzIhC
+f34Gg9lkX1N0dVND5rnZWwzBM6JhNG1iZZCRHVPnXdZRixUlqmFpCP/eekshksj/
+6UP/WeGA6X4HyEsC6QEf7eMhcHYjyyTzYagKrwCHg77fmIjF8rmpP2LqWSQW8bDD
+uQIDAQABo2QwYjAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
+CCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wIAYDVR0OBBkEF3Jlc2VlZGkycG5l
+dGluQG1haWwuaTJwMA0GCSqGSIb3DQEBCwUAA4ICAQCWpXs6iuTy/w2R7q7Ua6vl
+JYZwbQ+czk5ydzkBgcNkMMMNRT7sZR9xYvV+ftiL4bFQP/3ZJyo7cYz2Q6+M3oAm
+YDcZWBkLUVihSlMxhWwmeFTKV2EL+bzwY1V/cy7wgukKnFIes75dLP/v25jgjdlw
+Xe6R+fQM0EoHeVzzrWk/qYp6oEwtQXfZnUu/Bf45hRnnHBzzh1wCql41vbEs3Niq
++SVwY1wLT0yC1L8HqjCLX1/L5PAXxbvEGzwnXSkLKK4bPxdmVDZvS9uzXrWmTbNi
+HpKIFnOif16zSgyeaOM7HETIJuVzgooUMtt+Vsr1VGdtm6K7I9J5C+rX/ckU8oaX
+UjmzhWXudN0VTslogsKUCV6xG2CskeE3wnuT8HYXz9NMw6c/kIGH4hY7LcfU8Teu
+QjSy2RRvy6InmZNV5sY9lzzO6romEycSoUlpCa3Ltb/5KKoYZFTsXr8suqJk89lC
+e+TVMHqOZdLK/usqQDcafLypHpw9SH2Tg4jrzV/zLqacbjx6bZD5IrpY0Gf7BXg/
+pikwyA9c490G6ZcWrSEP8bzh6LL2rA2AwxaeJJNVyLHCSLrn/7DezM5J/qhd90Qg
+kcZGJrUOCSWl6mDvUZn5XiQ955XwOnZQ+wsM85B3CVX22x5bp0SYWHCQBPnthPwP
+Q5DD3jExbpwG5n35HEcHYw==
+-----END CERTIFICATE-----

contrib/certificates/reseed/zmx_at_mail.i2p.crt

@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF1TCCA72gAwIBAgIRAJBHySZnvNg3lU00//fwny4wDQYJKoZIhvcNAQELBQAw
-bDELMAkGA1UEBhMCWFgxHjAcBgNVBAoTFUkyUCBBbm9ueW1vdXMgTmV0d29yazEM
-MAoGA1UECxMDSTJQMQswCQYDVQQHEwJYWDELMAkGA1UECRMCWFgxFTATBgNVBAMM
-DHpteEBtYWlsLmkycDAeFw0xNjAxMDExNzE5MTlaFw0yNjAxMDExNzE5MTlaMGwx
-CzAJBgNVBAYTAlhYMR4wHAYDVQQKExVJMlAgQW5vbnltb3VzIE5ldHdvcmsxDDAK
-BgNVBAsTA0kyUDELMAkGA1UEBxMCWFgxCzAJBgNVBAkTAlhYMRUwEwYDVQQDDAx6
-bXhAbWFpbC5pMnAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnDGVU
-iC6pNJ3mfqZRQYACUbQ6SQI05yh3PawHqQrmiW3rD05SXBCF+6b2EpA4U0ThFhtm
-cGyUObtBL749x03SUYcWhknZNq+zrvb9AypaKFpIx2DjFT8vQadn0l71cNaiwxX1
-Wzk1Au6mh9SFPvH5gDF9SQol7dYYKnn9L61V7hvH9fDiZyoi9Cz3ifE3SAWoM2PJ
-lBzbu16tyQE94HvIdZhp8cE/6/kiW1wjSqvT9dfZ4gMuZHOF5E8lkq/bg8tPa/oj
-rglY7ozT/9/IWtJ7ERcDyepmKjq7+Xx4sNXTvc+B7D4XfMjhaxFLtV/kLQ9mqx8R
-UPvPy+atw7mlfUf822YFSft2jBAxNJwCPdhXuuFkTUTIk9YXcChUCSPyv17gej/P
-A++/hdhYI/kIs8AVsaJjytTqwU3A2Pt1QogM8VLsSJ2NY7gSzj868nzIZ4OuoWbz
-KzpnS/3bQkYHrqMtDIjRr1bOudxbu2/ben5v8Qg9wE9uV/8YNhhaKAcfJOV6OXfF
-MYec9DOEVVvECOfYUX35Vtn/w7E6SSL7Gu6QEWviA4Bf2XBh1YFX0ZpBUMY9awNz
-7PDf+z+YGkrQ6ifvLPW9vHW3lmouRWzo5NgJIIvLYBJKmxkf08p94s8YailjiGzA
-dJWXg3HDWgwMe7BY7AJQbU/o35Vv+0CroUsR3wIDAQABo3IwcDAOBgNVHQ8BAf8E
-BAMCAoQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA8GA1UdEwEB/wQF
-MAMBAf8wFQYDVR0OBA4EDHpteEBtYWlsLmkycDAXBgNVHSMEEDAOgAx6bXhAbWFp
-bC5pMnAwDQYJKoZIhvcNAQELBQADggIBAATXH/PNdF40DjD9DcF4W5Ot7CWGskDY
-cR4ywtvU2EcDNEwv4q0FPEpxy5LPaUmTKQ6fsRXUZizjaPLpgCLbv9qYc5xRLrSi
-yk9mrAbJ1iEU+DfHHBcS1VQWtc7+9LA0W3ZIA+pygjPjTxwQqQAcjn4BdfaIQpVa
-VJ2kl5JtbTuYHL80GAQFYnzCCa5GKM7zgcLsyO1mQwnpDvFeSlKJJ6rx1QjhlJu+
-90Ig8IOBCIgokfUv9OdYBl6rmDq9i9pvqJU+H4VepqE1jnDAO+YqQ4laZj7LVVM8
-I9uia+8RKntUOBkUkLB3ouGdVJUmp3kGrkExxUdDHYP9VNJG6ZMwyKO8HXGtoTsR
-TFWIEIbq/biBL9obM/d8fRV5xpfZNbPi6cRzw8REY9UIKECKr7B2B6PnDVVQIQw0
-7SCVjmSYWexOqoJPZ1L7/AZDP/tFvx32cWwCszj5jqUaPo9ZNPb6DxQJDdNaZrFH
-3CA+PbiaeEz9IH0yBY/6wQgO0k3qOyFQrlkC+YRoYUQNc+6xS38l5ZnYUtBAy8ms
-N43eODQ/OhsLzy6PwwXdzvR/0g18SrQyTLfbn2b/kwvbC8Qe40QFfkOf5lPXjdnP
-Ii/lcMuvDMlMhoWGFwWm5bkkXE81TKnFXu2/IMsW6HYb3oiTjkaCap22fCr9l0jj
-fNr8P7NIRyZ8
------END CERTIFICATE-----

contrib/docker/Dockerfile

@@ -24,7 +24,7 @@ RUN mkdir -p "$I2PD_HOME" "$DATA_DIR" \
 # 1. install deps, clone and build.
 # 2. strip binaries.
 # 3. Purge all dependencies and other unrelated packages, including build directory.
-RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool boost-dev build-base openssl-dev openssl git \
+RUN apk --no-cache --virtual build-dependendencies add make gcc g++ libtool zlib-dev boost-dev build-base openssl-dev openssl git \
     && mkdir -p /tmp/build \
     && cd /tmp/build && git clone -b ${GIT_BRANCH} ${REPO_URL} \
     && cd i2pd \

contrib/i2pd.conf

@@ -10,6 +10,11 @@
 ## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
 # tunconf = /var/lib/i2pd/tunnels.conf
 
+## Tunnels config files path
+## Use that path to store separated tunnels in different config files.
+## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+# tunnelsdir = /var/lib/i2pd/tunnels.conf.d
+
 ## Where to write pidfile (don't write by default)
 # pidfile = /var/run/i2pd.pid
 
@@ -88,6 +93,8 @@ ipv6 = false
 ## Address and port service will listen on
 address = 127.0.0.1
 port = 7070
+## Path to web console, default "/"
+# webroot = /
 ## Uncomment following lines to enable Web Console authentication 
 # auth = true
 # user = i2pd
@@ -218,3 +225,7 @@ verify = true
 # inbound.quantity = 3
 # outbound.length = 2
 # outbound.quantity = 3
+
+[persist]
+## Save peer profiles on disk (default: true)
+# profiles = true

contrib/i2pd.service

@@ -11,7 +11,7 @@ RuntimeDirectoryMode=0700
 LogsDirectory=i2pd
 LogsDirectoryMode=0700
 Type=forking
-ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
 ExecReload=/bin/kill -HUP $MAINPID
 PIDFile=/var/run/i2pd/i2pd.pid
 ### Uncomment, if auto restart needed
@@ -23,8 +23,10 @@ KillSignal=SIGQUIT
 #KillSignal=SIGINT
 #TimeoutStopSec=10m
 
-# If you have problems with hanging i2pd, you can try enable this
+# If you have problems with hanging i2pd, you can try increase this
 LimitNOFILE=4096
+# To enable write of coredump uncomment this
+#LimitCORE=infinity
 PrivateDevices=yes
 
 [Install]

contrib/rpm/i2pd-git.spec

@@ -1,7 +1,7 @@
 %define git_hash %(git rev-parse HEAD | cut -c -7)
 
 Name:           i2pd-git
-Version:        2.21.1
+Version:        2.25.0
 Release:        git%{git_hash}%{?dist}
 Summary:        I2P router written in C++
 Conflicts:      i2pd
@@ -47,23 +47,34 @@ cd build
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
     -DWITH_HARDENING=ON \
+%if 0%{?fedora} > 29
+    -DBUILD_SHARED_LIBS:BOOL=OFF \
+    .
+%else
     -DBUILD_SHARED_LIBS:BOOL=OFF
 %endif
+%endif
 
 make %{?_smp_mflags}
 
 
 %install
 cd build
+%if 0%{?mageia}
+cd build
+%endif
 chrpath -d i2pd
-install -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
-install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/i2pd.conf %{buildroot}%{_sysconfdir}/i2pd/i2pd.conf
-install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.conf %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf
-install -d -m 755 %{buildroot}%{_datadir}/i2pd
-%{__cp} -r %{_builddir}/%{name}-%{version}/contrib/certificates/ %{buildroot}%{_datadir}/i2pd/certificates
-install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}%{_unitdir}/i2pd.service
-install -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
-install -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
+%{__install} -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
+%{__install} -D -m 755 %{_builddir}/%{name}-%{version}/contrib/i2pd.conf %{buildroot}%{_sysconfdir}/i2pd/i2pd.conf
+%{__install} -D -m 755 %{_builddir}/%{name}-%{version}/contrib/subscriptions.txt %{buildroot}%{_sysconfdir}/i2pd/subscriptions.txt
+%{__install} -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.conf %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf
+%{__install} -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.d/README %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf.d/README
+%{__install} -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}%{_unitdir}/i2pd.service
+%{__install} -D -m 644 %{_builddir}/%{name}-%{version}/debian/i2pd.1 %{buildroot}%{_mandir}/man1/i2pd.1
+%{__install} -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
+%{__install} -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
+%{__install} -d -m 755 %{buildroot}%{_datadir}/%{name}
+%{__cp} -r %{_builddir}/%{name}-%{version}/contrib/certificates/ %{buildroot}%{_datadir}/%{name}/certificates
 ln -s %{_datadir}/%{name}/certificates %{buildroot}%{_sharedstatedir}/i2pd/certificates
 
 
@@ -87,16 +98,29 @@ getent passwd i2pd >/dev/null || \
 
 
 %files
-%doc LICENSE README.md
+%doc LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf contrib/tunnels.d
 %{_sbindir}/i2pd
-%{_datadir}/i2pd/certificates
 %config(noreplace) %{_sysconfdir}/i2pd/*
-/%{_unitdir}/i2pd.service
-%dir %attr(0700,i2pd,i2pd) %{_localstatedir}/log/i2pd
+%{_unitdir}/i2pd.service
+%{_mandir}/man1/i2pd.1*
 %dir %attr(0700,i2pd,i2pd) %{_sharedstatedir}/i2pd
+%dir %attr(0700,i2pd,i2pd) %{_localstatedir}/log/i2pd
+%{_datadir}/%{name}/certificates
 %{_sharedstatedir}/i2pd/certificates
 
 
 %changelog
+* Thu May 9 2019 orignal <i2porignal@yandex.ru> - 2.25.0
+- update to 2.25.0
+
+* Thu Mar 21 2019 orignal <i2porignal@yandex.ru> - 2.24.0
+- update to 2.24.0
+
+* Mon Jan 21 2019 orignal <i2porignal@yandex.ru> - 2.23.0
+- update to 2.23.0
+
+* Fri Nov 09 2018 r4sas <r4sas@i2pmail.org> - 2.22.0
+- add support of tunnelsdir option
+
 * Thu Feb 01 2018 r4sas <r4sas@i2pmail.org> - 2.18.0
 - Initial i2pd-git based on i2pd 2.18.0-1 spec

contrib/rpm/i2pd.spec

@@ -1,5 +1,5 @@
 Name:           i2pd
-Version:        2.21.1
+Version:        2.25.0
 Release:        1%{?dist}
 Summary:        I2P router written in C++
 Conflicts:      i2pd-git
@@ -45,24 +45,35 @@ cd build
     -DWITH_LIBRARY=OFF \
     -DWITH_UPNP=ON \
     -DWITH_HARDENING=ON \
+%if 0%{?fedora} > 29
+    -DBUILD_SHARED_LIBS:BOOL=OFF \
+    .
+%else
     -DBUILD_SHARED_LIBS:BOOL=OFF
 %endif
+%endif
 
 make %{?_smp_mflags}
 
 
 %install
 cd build
+%if 0%{?mageia}
+cd build
+%endif
 chrpath -d i2pd
 install -D -m 755 i2pd %{buildroot}%{_sbindir}/i2pd
 install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/i2pd.conf %{buildroot}%{_sysconfdir}/i2pd/i2pd.conf
 install -D -m 755 %{_builddir}/%{name}-%{version}/contrib/tunnels.conf %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf
 install -d -m 755 %{buildroot}%{_datadir}/i2pd
+install -d -m 755 %{buildroot}%{_datadir}/i2pd/tunnels.conf.d
 %{__cp} -r %{_builddir}/%{name}-%{version}/contrib/certificates/ %{buildroot}%{_datadir}/i2pd/certificates
+%{__cp} -r %{_builddir}/%{name}-%{version}/contrib/tunnels.d/ %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf.d
 install -D -m 644 %{_builddir}/%{name}-%{version}/contrib/rpm/i2pd.service %{buildroot}%{_unitdir}/i2pd.service
 install -d -m 700 %{buildroot}%{_sharedstatedir}/i2pd
 install -d -m 700 %{buildroot}%{_localstatedir}/log/i2pd
 ln -s %{_datadir}/%{name}/certificates %{buildroot}%{_sharedstatedir}/i2pd/certificates
+ln -s %{_datadir}/i2pd/tunnels.conf.d %{buildroot}%{_sysconfdir}/i2pd/tunnels.conf.d
 
 
 %pre
@@ -89,6 +100,7 @@ getent passwd i2pd >/dev/null || \
 %{_sbindir}/i2pd
 %{_datadir}/i2pd/certificates
 %config(noreplace) %{_sysconfdir}/i2pd/*
+%config(noreplace) %{_sysconfdir}/i2pd/tunnels.conf.d/*
 /%{_unitdir}/i2pd.service
 %dir %attr(0700,i2pd,i2pd) %{_localstatedir}/log/i2pd
 %dir %attr(0700,i2pd,i2pd) %{_sharedstatedir}/i2pd
@@ -96,6 +108,19 @@ getent passwd i2pd >/dev/null || \
 
 
 %changelog
+* Thu May 9 2019 orignal <i2porignal@yandex.ru> - 2.25.0
+- update to 2.25.0
+
+* Thu Mar 21 2019 orignal <i2porignal@yandex.ru> - 2.24.0
+- update to 2.24.0
+
+* Mon Jan 21 2019 orignal <i2porignal@yandex.ru> - 2.23.0
+- update to 2.23.0
+
+* Fri Nov 09 2018 r4sas <r4sas@i2pmail.org> - 2.22.0
+- update to 2.22.0
+- add support of tunnelsdir option
+
 * Thu Oct 22 2018 orignal <i2porignal@yandex.ru> - 2.21.1
 - update to 2.21.1
 

contrib/tunnels.d/IRC-Ilita.conf

@@ -0,0 +1,7 @@
+#[IRC-ILITA]
+#type = client
+#address = 127.0.0.1
+#port = 6669
+#destination = irc.ilita.i2p
+#destinationport = 6667
+#keys = irc-keys.dat

contrib/tunnels.d/IRC-Irc2P.conf

@@ -0,0 +1,7 @@
+#[IRC-IRC2P]
+#type = client
+#address = 127.0.0.1
+#port = 6668
+#destination = irc.postman.i2p
+#destinationport = 6667
+#keys = irc-keys.dat

contrib/tunnels.d/README

@@ -0,0 +1,4 @@
+# In that directory you can store separated config files for every tunnel.
+# Please read documentation for more info.
+#
+# You can find examples in /usr/share/doc/i2pd/tunnels.d directory

daemon/Daemon.cpp

@@ -23,6 +23,7 @@
 #include "ClientContext.h"
 #include "Crypto.h"
 #include "UPnP.h"
+#include "Timestamp.h"
 #include "util.h"
 
 #include "Event.h"
@@ -41,6 +42,7 @@ namespace i2p
 			std::unique_ptr<i2p::http::HTTPServer> httpServer;
 			std::unique_ptr<i2p::client::I2PControlService> m_I2PControlService;
 			std::unique_ptr<i2p::transport::UPnP> UPnP;
+			std::unique_ptr<i2p::util::NTPTimeSync> m_NTPSync;
 #ifdef WITH_EVENTS
 			std::unique_ptr<i2p::event::WebsocketServer> m_WebsocketServer;
 #endif
@@ -152,14 +154,24 @@ namespace i2p
 			i2p::context.SetSupportsV6		 (ipv6);
 			i2p::context.SetSupportsV4		 (ipv4);
 
+			bool ntcp;   i2p::config::GetOption("ntcp", ntcp);
+			i2p::context.PublishNTCPAddress (ntcp, !ipv6);  
 			bool ntcp2; i2p::config::GetOption("ntcp2.enabled", ntcp2);
 			if (ntcp2)
 			{
 				bool published; i2p::config::GetOption("ntcp2.published", published);
 				if (published)
 				{
-					uint16_t port; i2p::config::GetOption("ntcp2.port", port);
-					i2p::context.PublishNTCP2Address (port, true); // publish
+					uint16_t ntcp2port; i2p::config::GetOption("ntcp2.port", ntcp2port);
+					if (!ntcp && !ntcp2port) ntcp2port = port; // use standard port
+					i2p::context.PublishNTCP2Address (ntcp2port, true); // publish
+					if (ipv6)
+					{
+						std::string ipv6Addr; i2p::config::GetOption("ntcp2.addressv6", ipv6Addr);
+						auto addr = boost::asio::ip::address_v6::from_string (ipv6Addr);
+						if (!addr.is_unspecified () && addr != boost::asio::ip::address_v6::any ())
+							i2p::context.UpdateNTCP2V6Address (addr); // set ipv6 address if configured
+					}
 				}
 				else
 					i2p::context.PublishNTCP2Address (port, false); // unpublish
@@ -254,7 +266,7 @@ namespace i2p
 						pos = comma + 1;
 					}
 					while (comma != std::string::npos);
-					LogPrint(eLogInfo, "Daemon: setting restricted routes to use ", idents.size(), " trusted routesrs");
+					LogPrint(eLogInfo, "Daemon: setting restricted routes to use ", idents.size(), " trusted routers");
 					i2p::transport::transports.RestrictRoutesToRouters(idents);
 					restricted = idents.size() > 0;
 				}
@@ -282,6 +294,13 @@ namespace i2p
 				d.UPnP->Start ();
 			}
 
+			bool nettime; i2p::config::GetOption("nettime.enabled", nettime);
+			if (nettime)
+			{
+				d.m_NTPSync = std::unique_ptr<i2p::util::NTPTimeSync>(new i2p::util::NTPTimeSync);
+				d.m_NTPSync->Start ();
+			}
+
 			bool ntcp; i2p::config::GetOption("ntcp", ntcp);
 			bool ssu; i2p::config::GetOption("ssu", ssu);
 			LogPrint(eLogInfo, "Daemon: starting Transports");
@@ -351,11 +370,18 @@ namespace i2p
 			LogPrint(eLogInfo, "Daemon: stopping Tunnels");
 			i2p::tunnel::tunnels.Stop();
 
-			if (d.UPnP) {
+			if (d.UPnP) 
+			{
 				d.UPnP->Stop ();
 				d.UPnP = nullptr;
 			}
 
+			if (d.m_NTPSync)
+			{
+				d.m_NTPSync->Stop ();
+				d.m_NTPSync = nullptr;
+			}
+
 			LogPrint(eLogInfo, "Daemon: stopping Transports");
 			i2p::transport::transports.Stop();
 			LogPrint(eLogInfo, "Daemon: stopping NetDB");

daemon/HTTPServer.cpp

@@ -155,6 +155,8 @@ namespace http {
 
 	static void ShowPageHead (std::stringstream& s)
 	{
+		std::string webroot;
+		i2p::config::GetOption("http.webroot", webroot);
 		s <<
 			"<!DOCTYPE html>\r\n"
 			"<html lang=\"en\">\r\n" /* TODO: Add support for locale */
@@ -173,16 +175,16 @@ namespace http {
 			"<div class=header><b>i2pd</b> webconsole</div>\r\n"
 			"<div class=wrapper>\r\n"
 			"<div class=left>\r\n"
-			"  <a href=\"/\">Main page</a><br>\r\n<br>\r\n"
-			"  <a href=\"/?page=" << HTTP_PAGE_COMMANDS << "\">Router commands</a><br>\r\n"
-			"  <a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATIONS << "\">Local destinations</a><br>\r\n"
-			"  <a href=\"/?page=" << HTTP_PAGE_LEASESETS << "\">LeaseSets</a><br>\r\n"
-			"  <a href=\"/?page=" << HTTP_PAGE_TUNNELS << "\">Tunnels</a><br>\r\n"
-			"  <a href=\"/?page=" << HTTP_PAGE_TRANSIT_TUNNELS << "\">Transit tunnels</a><br>\r\n"
-			"  <a href=\"/?page=" << HTTP_PAGE_TRANSPORTS << "\">Transports</a><br>\r\n"
-			"  <a href=\"/?page=" << HTTP_PAGE_I2P_TUNNELS << "\">I2P tunnels</a><br>\r\n";
+			"  <a href=\"" << webroot << "\">Main page</a><br>\r\n<br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_COMMANDS << "\">Router commands</a><br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATIONS << "\">Local destinations</a><br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_LEASESETS << "\">LeaseSets</a><br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TUNNELS << "\">Tunnels</a><br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TRANSIT_TUNNELS << "\">Transit tunnels</a><br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_TRANSPORTS << "\">Transports</a><br>\r\n"
+			"  <a href=\"" << webroot << "?page=" << HTTP_PAGE_I2P_TUNNELS << "\">I2P tunnels</a><br>\r\n";
 		if (i2p::client::context.GetSAMBridge ())
-			s << "  <a href=\"/?page=" << HTTP_PAGE_SAM_SESSIONS << "\">SAM sessions</a><br>\r\n";
+			s << "  <a href=\"" << webroot << "?page=" << HTTP_PAGE_SAM_SESSIONS << "\">SAM sessions</a><br>\r\n";
 		s <<
 			"</div>\r\n"
 			"<div class=right>";
@@ -321,11 +323,12 @@ namespace http {
 
 	void ShowLocalDestinations (std::stringstream& s)
 	{
+		std::string webroot; i2p::config::GetOption("http.webroot", webroot);
 		s << "<b>Local Destinations:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetDestinations ())
 		{
 			auto ident = it.second->GetIdentHash ();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+			s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident) << "</a><br>\r\n" << std::endl;
 		}
 
@@ -340,7 +343,7 @@ namespace http {
 				{
 					auto ident = dest->GetIdentHash ();
 					auto& name = dest->GetNickname ();
-					s << "<a href=\"/?page=" << HTTP_PAGE_I2CP_LOCAL_DESTINATION << "&i2cp_id=" << it.first << "\">[ ";
+					s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_I2CP_LOCAL_DESTINATION << "&i2cp_id=" << it.first << "\">[ ";
 					s << name << " ]</a> &#8660; " << i2p::client::context.GetAddressBook ().ToAddress(ident) <<"<br>\r\n" << std::endl;
 				}
 			}
@@ -355,7 +358,7 @@ namespace http {
 		{
 			s << "<div class='slide'><label for='slide-lease'><b>LeaseSets:</b> <i>" << dest->GetNumRemoteLeaseSets () << "</i></label>\r\n<input type='checkbox' id='slide-lease'/>\r\n<p class='content'>\r\n";
 			for(auto& it: dest->GetLeaseSets ())
-				s << it.second->GetIdentHash ().ToBase32 () << "<br>\r\n";
+				s << it.first.ToBase32 () << " " << (int)it.second->GetStoreType () << "<br>\r\n";
 			s << "</p>\r\n</div>\r\n";
 		} else
 			s << "<b>LeaseSets:</b> <i>0</i><br>\r\n";
@@ -459,24 +462,35 @@ namespace http {
 			[&s, &counter](const i2p::data::IdentHash dest, std::shared_ptr<i2p::data::LeaseSet> leaseSet)
 			{
 				// create copy of lease set so we extract leases
-				i2p::data::LeaseSet ls(leaseSet->GetBuffer(), leaseSet->GetBufferLen());
+				auto storeType = leaseSet->GetStoreType ();
+				std::unique_ptr<i2p::data::LeaseSet> ls;
+				if (storeType == i2p::data::NETDB_STORE_TYPE_LEASESET)
+					ls.reset (new i2p::data::LeaseSet (leaseSet->GetBuffer(), leaseSet->GetBufferLen()));
+				else
+					ls.reset (new i2p::data::LeaseSet2 (storeType, leaseSet->GetBuffer(), leaseSet->GetBufferLen()));
+				if (!ls) return;
 				s << "<div class='leaseset";
-				if (ls.IsExpired())
+				if (ls->IsExpired())
 					s << " expired"; // additional css class for expired
 				s << "'>\r\n";
-				if (!ls.IsValid())
+				if (!ls->IsValid())
 					s << "<div class='invalid'>!! Invalid !! </div>\r\n";
 				s << "<div class='slide'><label for='slide" << counter << "'>" << dest.ToBase32() << "</label>\r\n";
 				s << "<input type='checkbox' id='slide" << (counter++) << "'/>\r\n<p class='content'>\r\n";
-				s << "<b>Expires:</b> " << ConvertTime(ls.GetExpirationTime()) << "<br>\r\n";
-				auto leases = ls.GetNonExpiredLeases();
-				s << "<b>Non Expired Leases: " << leases.size() << "</b><br>\r\n";
-				for ( auto & l : leases )
-				{
-					s << "<b>Gateway:</b> " << l->tunnelGateway.ToBase64() << "<br>\r\n";
-					s << "<b>TunnelID:</b> " << l->tunnelID << "<br>\r\n";
-					s << "<b>EndDate:</b> " << ConvertTime(l->endDate) << "<br>\r\n";
-				}
+				s << "<b>Store type:</b> " << (int)storeType << "<br>\r\n";
+				s << "<b>Expires:</b> " << ConvertTime(ls->GetExpirationTime()) << "<br>\r\n";
+				if (storeType == i2p::data::NETDB_STORE_TYPE_LEASESET || storeType == i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2)
+				{	
+					// leases information is available
+					auto leases = ls->GetNonExpiredLeases();
+					s << "<b>Non Expired Leases: " << leases.size() << "</b><br>\r\n";
+					for ( auto & l : leases )
+					{
+						s << "<b>Gateway:</b> " << l->tunnelGateway.ToBase64() << "<br>\r\n";
+						s << "<b>TunnelID:</b> " << l->tunnelID << "<br>\r\n";
+						s << "<b>EndDate:</b> " << ConvertTime(l->endDate) << "<br>\r\n";
+					}
+				}	
 				s << "</p>\r\n</div>\r\n</div>\r\n";
 			}
 		);
@@ -510,33 +524,34 @@ namespace http {
 
 	static void ShowCommands (std::stringstream& s, uint32_t token)
 	{
+		std::string webroot; i2p::config::GetOption("http.webroot", webroot);
 		/* commands */
 		s << "<b>Router Commands</b><br>\r\n<br>\r\n";
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_RUN_PEER_TEST << "&token=" << token << "\">Run peer test</a><br>\r\n";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_RUN_PEER_TEST << "&token=" << token << "\">Run peer test</a><br>\r\n";
 		//s << "  <a href=\"/?cmd=" << HTTP_COMMAND_RELOAD_CONFIG << "\">Reload config</a><br>\r\n";
 		if (i2p::context.AcceptsTunnels ())
-			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_DISABLE_TRANSIT << "&token=" << token << "\">Decline transit tunnels</a><br>\r\n";
+			s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_DISABLE_TRANSIT << "&token=" << token << "\">Decline transit tunnels</a><br>\r\n";
 		else
-			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_ENABLE_TRANSIT << "&token=" << token << "\">Accept transit tunnels</a><br>\r\n";
+			s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_ENABLE_TRANSIT << "&token=" << token << "\">Accept transit tunnels</a><br>\r\n";
 #if ((!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) || defined(ANDROID_BINARY))
 		if (Daemon.gracefulShutdownInterval)
-			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_CANCEL << "&token=" << token << "\">Cancel graceful shutdown</a><br>";
+			s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_SHUTDOWN_CANCEL << "&token=" << token << "\">Cancel graceful shutdown</a><br>";
 		else
-			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Start graceful shutdown</a><br>\r\n";
+			s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Start graceful shutdown</a><br>\r\n";
 #elif defined(WIN32_APP)
 		if (i2p::util::DaemonWin32::Instance().isGraceful)
-			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_CANCEL << "&token=" << token << "\">Cancel graceful shutdown</a><br>";
+			s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_SHUTDOWN_CANCEL << "&token=" << token << "\">Cancel graceful shutdown</a><br>";
 		else
-			s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Graceful shutdown</a><br>\r\n";
+			s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_SHUTDOWN_START << "&token=" << token << "\">Graceful shutdown</a><br>\r\n";
 #endif
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_SHUTDOWN_NOW << "&token=" << token << "\">Force shutdown</a><br>\r\n";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_SHUTDOWN_NOW << "&token=" << token << "\">Force shutdown</a><br>\r\n";
 
 		s << "<br>\r\n<b>Logging level</b><br>\r\n";
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=none&token=" << token << "\">[none]</a> ";
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=error&token=" << token << "\">[error]</a> ";
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=warn&token=" << token << "\">[warn]</a> ";
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\">[info]</a> ";
-		s << "  <a href=\"/?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\">[debug]</a><br>\r\n";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=none&token=" << token << "\">[none]</a> ";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=error&token=" << token << "\">[error]</a> ";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=warn&token=" << token << "\">[warn]</a> ";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=info&token=" << token << "\">[info]</a> ";
+		s << "  <a href=\"" << webroot << "?cmd=" << HTTP_COMMAND_LOGLEVEL << "&level=debug&token=" << token << "\">[debug]</a><br>\r\n";
 	}
 
 	void ShowTransitTunnels (std::stringstream& s)
@@ -653,6 +668,7 @@ namespace http {
 
 	void ShowSAMSessions (std::stringstream& s)
 	{
+		std::string webroot; i2p::config::GetOption("http.webroot", webroot);
 		auto sam = i2p::client::context.GetSAMBridge ();
 		if (!sam) {
 			ShowError(s, "SAM disabled");
@@ -662,13 +678,14 @@ namespace http {
 		for (auto& it: sam->GetSessions ())
 		{
 			auto& name = it.second->localDestination->GetNickname ();
-			s << "<a href=\"/?page=" << HTTP_PAGE_SAM_SESSION << "&sam_id=" << it.first << "\">";
+			s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_SAM_SESSION << "&sam_id=" << it.first << "\">";
 			s << name << " (" << it.first << ")</a><br>\r\n" << std::endl;
 		}
 	}
 
 	static void ShowSAMSession (std::stringstream& s, const std::string& id)
 	{
+		std::string webroot; i2p::config::GetOption("http.webroot", webroot);
 		s << "<b>SAM Session:</b><br>\r\n<br>\r\n";
 		auto sam = i2p::client::context.GetSAMBridge ();
 		if (!sam) {
@@ -681,7 +698,7 @@ namespace http {
 			return;
 		}
 		auto& ident = session->localDestination->GetIdentHash();
-		s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+		s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 		s << i2p::client::context.GetAddressBook ().ToAddress(ident) << "</a><br>\r\n";
 		s << "<br>\r\n";
 		s << "<b>Streams:</b><br>\r\n";
@@ -701,11 +718,12 @@ namespace http {
 
 	void ShowI2PTunnels (std::stringstream& s)
 	{
+		std::string webroot; i2p::config::GetOption("http.webroot", webroot);
 		s << "<b>Client Tunnels:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetClientTunnels ())
 		{
 			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+			s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << it.second->GetName () << "</a> &#8656; ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << "<br>\r\n"<< std::endl;
@@ -714,7 +732,7 @@ namespace http {
 		if (httpProxy)
 		{
 			auto& ident = httpProxy->GetLocalDestination ()->GetIdentHash();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+			s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << "HTTP Proxy" << "</a> &#8656; ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << "<br>\r\n"<< std::endl;
@@ -723,7 +741,7 @@ namespace http {
 		if (socksProxy)
 		{
 			auto& ident = socksProxy->GetLocalDestination ()->GetIdentHash();
-			s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+			s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 			s << "SOCKS Proxy" << "</a> &#8656; ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << "<br>\r\n"<< std::endl;
@@ -734,7 +752,7 @@ namespace http {
 			for (auto& it: serverTunnels)
 			{
 				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+				s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 				s << it.second->GetName () << "</a> &#8658; ";
 				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 				s << ":" << it.second->GetLocalPort ();
@@ -748,7 +766,7 @@ namespace http {
 			for (auto& it: clientForwards)
 			{
 				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+				s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 				s << it.second->GetName () << "</a> &#8656; ";
 				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 				s << "<br>\r\n"<< std::endl;
@@ -761,7 +779,7 @@ namespace http {
 			for (auto& it: serverForwards)
 			{
 				auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
-				s << "<a href=\"/?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
+				s << "<a href=\"" << webroot << "?page=" << HTTP_PAGE_LOCAL_DESTINATION << "&b32=" << ident.ToBase32 () << "\">";
 				s << it.second->GetName () << "</a> &#8656; ";
 				s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 				s << "<br>\r\n"<< std::endl;
@@ -780,8 +798,7 @@ namespace http {
 	}
 
 	HTTPConnection::HTTPConnection (std::string hostname, std::shared_ptr<boost::asio::ip::tcp::socket> socket):
-		m_Socket (socket), m_Timer (socket->get_io_service ()), m_BufferLen (0),
-		expected_host(hostname)
+		m_Socket (socket), m_BufferLen (0), expected_host(hostname)
 	{
 		/* cache options */
 		i2p::config::GetOption("http.auth", needAuth);
@@ -844,22 +861,8 @@ namespace http {
 		auto provided = req.GetHeader ("Authorization");
 		if (provided.length () > 0)
 		{
-			bool result = false;
-
-			std::string expected = user + ":" + pass;
-			size_t b64_sz = i2p::data::Base64EncodingBufferSize(expected.length()) + 1;
-			char * b64_creds = new char[b64_sz];
-			std::size_t len = 0;
-			len = i2p::data::ByteStreamToBase64((unsigned char *)expected.c_str(), expected.length(), b64_creds, b64_sz);
-			/* if we decoded properly then check credentials */
-			if(len) {
-				b64_creds[len] = '\0';
-				expected = "Basic ";
-				expected += b64_creds;
-				result = expected == provided;
-			}
-			delete [] b64_creds;
-			return result;
+			std::string expected = "Basic " + i2p::data::ToBase64Standard (user + ":" + pass);
+			if (expected == provided) return true;
 		}
 
 		LogPrint(eLogWarning, "HTTPServer: auth failure from ", m_Socket->remote_endpoint().address ());
@@ -1025,10 +1028,12 @@ namespace http {
 			ShowError(s, "Unknown command: " + cmd);
 			return;
 		}
+		std::string webroot; i2p::config::GetOption("http.webroot", webroot);
+		std::string redirect = "5; url=" + webroot + "?page=commands";
 		s << "<b>SUCCESS</b>:&nbsp;Command accepted<br><br>\r\n";
-		s << "<a href=\"/?page=commands\">Back to commands list</a><br>\r\n";
+		s << "<a href=\"" << webroot << "?page=commands\">Back to commands list</a><br>\r\n";
 		s << "<p>You will be redirected in 5 seconds</b>";
-		res.add_header("Refresh", "5; url=/?page=commands");
+		res.add_header("Refresh", redirect.c_str());
 	}
 
 	void HTTPConnection::SendReply (HTTPRes& reply, std::string& content)

daemon/HTTPServer.h

@@ -39,7 +39,6 @@ namespace http
 		private:
 
 			std::shared_ptr<boost::asio::ip::tcp::socket> m_Socket;
-			boost::asio::deadline_timer m_Timer;
 			char m_Buffer[HTTP_CONNECTION_BUFFER_SIZE + 1];
 			size_t m_BufferLen;
 			std::string m_SendBuffer;

daemon/I2PControl.cpp

@@ -569,8 +569,8 @@ namespace client
 			EVP_PKEY_assign_RSA (pkey, rsa);
 			X509 * x509 = X509_new ();
 			ASN1_INTEGER_set (X509_get_serialNumber (x509), 1);
-			X509_gmtime_adj (X509_get_notBefore (x509), 0);
-			X509_gmtime_adj (X509_get_notAfter (x509), I2P_CONTROL_CERTIFICATE_VALIDITY*24*60*60); // expiration
+			X509_gmtime_adj (X509_getm_notBefore (x509), 0);
+			X509_gmtime_adj (X509_getm_notAfter (x509), I2P_CONTROL_CERTIFICATE_VALIDITY*24*60*60); // expiration
 			X509_set_pubkey (x509, pkey); // public key
 			X509_NAME * name = X509_get_subject_name (x509);
 			X509_NAME_add_entry_by_txt (name, "C",  MBSTRING_ASC, (unsigned char *)"A1", -1, -1, 0); // country (Anonymous proxy)

debian/.gitignore

@@ -1,9 +1,9 @@
+debhelper-build-stamp
 files
 i2pd-dbg.substvars
-i2pd-dbg/
 i2pd.postinst.debhelper
 i2pd.postrm.debhelper
 i2pd.prerm.debhelper
 i2pd.substvars
 i2pd/
-
+i2pd-dbg/

debian/changelog

@@ -1,3 +1,31 @@
+i2pd (2.25.0-1) unstable; urgency=medium
+
+  * updated to version 2.25.0/0.9.40
+
+ -- orignal <orignal@i2pmail.org>  Thu, 9 May 2019 16:00:00 +0000
+
+i2pd (2.24.0-1) unstable; urgency=medium
+
+  * updated to version 2.24.0/0.9.39
+
+ -- orignal <orignal@i2pmail.org>  Thu, 21 Mar 2019 16:00:00 +0000
+
+i2pd (2.23.0-1) unstable; urgency=medium
+
+  * updated to version 2.23.0/0.9.38
+  * update docs, dirs, install, links files
+
+ -- orignal <orignal@i2pmail.org>  Mon, 21 Jan 2019 16:00:00 +0000
+
+i2pd (2.22.0-1) unstable; urgency=medium
+
+  * updated to version 2.22.0/0.9.37
+  * update manpage (1)
+  * update links, install files to support tunnelsdir option
+  * renamed and updated patch (#1210)
+
+ -- r4sas <r4sas@i2pmail.org>  Fri, 09 Nov 2018 02:00:00 +0000
+
 i2pd (2.21.1-1) unstable; urgency=medium
 
   * updated to version 2.21.1

debian/docs

@@ -2,3 +2,4 @@ README.md
 contrib/i2pd.conf
 contrib/subscriptions.txt
 contrib/tunnels.conf
+contrib/tunnels.d

debian/i2pd.1

@@ -45,6 +45,9 @@ Log messages with full CLF-formatted date and time (\fIdisabled\fR by default)
 \fB\-\-datadir=\fR
 Path to storage of i2pd data (RI, keys, peer profiles, ...)
 .TP
+\fB\-\-tunnelsdir=\fR
+Path to tunnels configuration files (default: \fI~/.i2pd/tunnels.d\fR or \fI/var/lib/i2pd/tunnels.d\fR)
+.TP
 \fB\-\-host=\fR
 The external IP address
 .TP

debian/i2pd.init

@@ -18,6 +18,7 @@ DAEMON_OPTS=""            # Arguments to run the daemon with
 PIDFILE=/var/run/$NAME/$NAME.pid
 I2PCONF=/etc/$NAME/i2pd.conf
 TUNCONF=/etc/$NAME/tunnels.conf
+TUNDIR=/etc/$NAME/tunnels.conf.d
 LOGFILE=/var/log/$NAME/$NAME.log
 USER="i2pd"
 
@@ -53,7 +54,7 @@ do_start()
     || return 1
   start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid "$USER" -- \
     --service --daemon --log=file --logfile=$LOGFILE --conf=$I2PCONF --tunconf=$TUNCONF \
-    --pidfile=$PIDFILE $DAEMON_OPTS > /dev/null 2>&1 \
+    --tunnelsdir=$TUNDIR --pidfile=$PIDFILE $DAEMON_OPTS > /dev/null 2>&1 \
     || return 2
   return $?
 }

debian/i2pd.install

@@ -3,4 +3,5 @@ contrib/i2pd.conf      etc/i2pd/
 contrib/tunnels.conf etc/i2pd/
 contrib/subscriptions.txt etc/i2pd/
 contrib/certificates/ usr/share/i2pd/
+contrib/tunnels.d/README etc/i2pd/tunnels.conf.d/
 contrib/apparmor/usr.sbin.i2pd etc/apparmor.d

debian/i2pd.links

@@ -1,4 +1,5 @@
 etc/i2pd/i2pd.conf    var/lib/i2pd/i2pd.conf
 etc/i2pd/tunnels.conf var/lib/i2pd/tunnels.conf
 etc/i2pd/subscriptions.txt var/lib/i2pd/subscriptions.txt
+etc/i2pd/tunnels.conf.d var/lib/i2pd/tunnels.d
 usr/share/i2pd/certificates var/lib/i2pd/certificates

debian/i2pd.openrc

@@ -4,10 +4,11 @@ pidfile="/var/run/i2pd/i2pd.pid"
 logfile="/var/log/i2pd/i2pd.log"
 mainconf="/etc/i2pd/i2pd.conf"
 tunconf="/etc/i2pd/tunnels.conf"
+tundir="/etc/i2pd/tunnels.conf.d"
 
 name="i2pd"
 command="/usr/sbin/i2pd"
-command_args="--service --daemon --log=file --logfile=$logfile --conf=$mainconf --tunconf=$tunconf --pidfile=$pidfile"
+command_args="--service --daemon --log=file --logfile=$logfile --conf=$mainconf --tunconf=$tunconf --tunnelsdir=$tundir --pidfile=$pidfile"
 description="i2p router written in C++"
 required_dirs="/var/lib/i2pd"
 required_files="$mainconf"

debian/patches/02-fix-1210.patch

@@ -6,8 +6,8 @@ Bug: https://github.com/PurpleI2P/i2pd/issues/1210
 Reviewed-By: r4sas <r4sas@i2pmail.org>
 Last-Update: 2018-08-25
 
---- i2pd-2.20.0.orig/contrib/i2pd.service
-+++ i2pd-2.20.0/contrib/i2pd.service
+--- a/contrib/i2pd.service
++++ b/contrib/i2pd.service
 @@ -6,10 +6,10 @@ After=network.target
  [Service]
  User=i2pd
@@ -21,5 +21,5 @@ Last-Update: 2018-08-25
 +#LogsDirectory=i2pd
 +#LogsDirectoryMode=0700
  Type=forking
- ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
+ ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --tunnelsdir=/etc/i2pd/tunnels.conf.d --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
  ExecReload=/bin/kill -HUP $MAINPID

debian/patches/series

@@ -1,2 +1,2 @@
 01-tune-build-opts.patch
-fix-#1210
+02-fix-1210.patch

libi2pd/ChaCha20.cpp

@@ -1,21 +1,24 @@
+/*
+* Copyright (c) 2013-2018, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*
+* Kovri go write your own code
+*
+*/
+
+#include "I2PEndian.h"
 #include "ChaCha20.h"
 
-/**
-   This code is licensed under the MCGSI Public License
-   Copyright 2018 Jeff Becker
-
-   Kovri go write your own code
-
- */
+#if !OPENSSL_AEAD_CHACHA20_POLY1305 
 namespace i2p
 {
 namespace crypto
 {
 namespace chacha
 {
-constexpr int rounds = 20;
-constexpr std::size_t blocksize = 64;
-
 void u32t8le(uint32_t v, uint8_t * p) 
 {
     p[0] = v & 0xff;
@@ -48,44 +51,18 @@ void quarterround(uint32_t *x, int a, int b, int c, int d)
     x[c] += x[d]; x[b] = rotl32(x[b] ^ x[c],  7);
 }
 
-    struct State_t
-    {
-      State_t() {};
-      State_t(State_t &&) = delete;
-      
-      State_t & operator += (const State_t & other)
-      {
-        for(int i = 0; i < 16; i++)
-            data[i] += other.data[i];
-        return *this;
-      }
 
-      void Copy(const State_t & other)
-      {
-           memcpy(data, other.data, sizeof(uint32_t) * 16);
-      }
-      uint32_t data[16];
-    };
+void Chacha20Block::operator << (const Chacha20State & st)
+{
+	int i;
+	for (i = 0; i < 16; i++) 
+		u32t8le(st.data[i], data + (i << 2));
+}
 
-    struct Block_t
-    {
-      Block_t() {};
-      Block_t(Block_t &&) = delete;
-
-      uint8_t data[blocksize];
-
-      void operator << (const State_t & st)
-      {
-        int i;
-        for (i = 0; i < 16; i++) 
-            u32t8le(st.data[i], data + (i << 2));
-      }
-    };
-
-void block(const State_t &input, Block_t & block, int rounds)
+void block (Chacha20State &input, int rounds)
 {
     int i;
-    State_t x;
+    Chacha20State x;
     x.Copy(input);
 
     for (i = rounds; i > 0; i -= 2) 
@@ -100,48 +77,62 @@ void block(const State_t &input, Block_t & block, int rounds)
         quarterround(x.data, 3, 4,  9, 14);
     }
     x += input;
-    block << x;
+    input.block << x;
 
 }
+
+void Chacha20Init (Chacha20State& state, const uint8_t * nonce, const uint8_t * key, uint32_t counter)
+{
+	state.data[0] = 0x61707865;
+	state.data[1] = 0x3320646e;
+	state.data[2] = 0x79622d32;
+	state.data[3] = 0x6b206574;
+	for (size_t i = 0; i < 8; i++) 
+	    state.data[4 + i] = chacha::u8t32le(key + i * 4);
+	
+	state.data[12] = htole32 (counter);
+	for (size_t i = 0; i < 3; i++) 
+	    state.data[13 + i] = chacha::u8t32le(nonce + i * 4);
+}
+
+void Chacha20SetCounter (Chacha20State& state, uint32_t counter)
+{
+	state.data[12] = htole32 (counter);
+	state.offset = 0;
+}	
+
+void Chacha20Encrypt (Chacha20State& state, uint8_t * buf, size_t sz)
+{	
+	if (state.offset > 0)
+	{
+		// previous block if any	
+		auto s = chacha::blocksize - state.offset;		
+		if (sz < s) s = sz;
+		for (size_t i = 0; i < s; i++)
+			buf[i] ^= state.block.data[state.offset + i];
+		buf += s;
+		sz -= s;
+		state.offset += s;
+		if (state.offset >= chacha::blocksize) state.offset = 0;	
+	}
+	for (size_t i = 0; i < sz; i += chacha::blocksize) 
+	{
+	    chacha::block(state, chacha::rounds);
+	    state.data[12]++;
+	    for (size_t j = i; j < i + chacha::blocksize; j++) 
+	    {
+	        if (j >= sz) 
+			{
+				state.offset = j & 0x3F; // % 64
+				break;
+			}
+	        buf[j] ^= state.block.data[j - i];
+	    }
+	}
+}
 } // namespace chacha
 
-
-
-
-
-void chacha20(uint8_t * buf, size_t sz, const uint8_t * nonce, const uint8_t * key, uint32_t counter)
-{
-    chacha::State_t state;
-    chacha::Block_t block;
-    size_t i, j;
-
-    state.data[0] = 0x61707865;
-    state.data[1] = 0x3320646e;
-    state.data[2] = 0x79622d32;
-    state.data[3] = 0x6b206574;
-
-    for (i = 0; i < 8; i++) 
-        state.data[4 + i] = chacha::u8t32le(key + i * 4);
-    
-
-    state.data[12] = counter;
-
-    for (i = 0; i < 3; i++) 
-        state.data[13 + i] = chacha::u8t32le(nonce + i * 4);
-
-    
-    for (i = 0; i < sz; i += chacha::blocksize) 
-    {
-        chacha::block(state, block, chacha::rounds);
-        state.data[12]++;
-        for (j = i; j < i + chacha::blocksize; j++) 
-        {
-            if (j >= sz) break;
-            buf[j] ^= block.data[j - i];
-        }
-    }
-
 }
-
 }
-}
+#endif
+

libi2pd/ChaCha20.h

@@ -1,26 +1,72 @@
-/**
-   This code is licensed under the MCGSI Public License
-   Copyright 2018 Jeff Becker
-
-   Kovri go write your own code
-
- */
+/*
+* Copyright (c) 2013-2018, The PurpleI2P Project
+*
+* This file is part of Purple i2pd project and licensed under BSD3
+*
+* See full license text in LICENSE file at top of project tree
+*
+* Kovri go write your own code
+*
+*/
 #ifndef LIBI2PD_CHACHA20_H
 #define LIBI2PD_CHACHA20_H
 #include <cstdint>
 #include <cstring>
+#include <inttypes.h>
+#include <string.h>
+#include "Crypto.h"
 
+#if !OPENSSL_AEAD_CHACHA20_POLY1305
 namespace i2p
 {
 namespace crypto
 {
-  const std::size_t CHACHA20_KEY_BYTES = 32;
-  const std::size_t CHACHA20_NOUNCE_BYTES = 12;
+ 	const std::size_t CHACHA20_KEY_BYTES = 32;
+  	const std::size_t CHACHA20_NOUNCE_BYTES = 12;
+	
+namespace chacha
+{
+	constexpr std::size_t blocksize = 64;	
+	constexpr int rounds = 20;
 
-  /** encrypt buf in place with chacha20 */
-  void chacha20(uint8_t * buf, size_t sz, const uint8_t * nonce, const uint8_t * key, uint32_t counter=1);
+	struct Chacha20State;
+	struct Chacha20Block
+	{
+	  Chacha20Block () {};
+	  Chacha20Block (Chacha20Block &&) = delete;
 
+	  uint8_t data[blocksize];
+
+	  void operator << (const Chacha20State & st);
+	};
+
+	struct Chacha20State
+	{
+		Chacha20State (): offset (0) {};
+		Chacha20State (Chacha20State &&) = delete;
+
+		Chacha20State & operator += (const Chacha20State & other)
+		{
+			for(int i = 0; i < 16; i++)
+				data[i] += other.data[i];
+			return *this;
+		}
+
+		void Copy(const Chacha20State & other)
+		{
+		   memcpy(data, other.data, sizeof(uint32_t) * 16);
+		}
+		uint32_t data[16];
+		Chacha20Block block;
+		size_t offset; 
+	};
+
+	void Chacha20Init (Chacha20State& state, const uint8_t * nonce, const uint8_t * key, uint32_t counter);
+	void Chacha20SetCounter (Chacha20State& state, uint32_t counter);
+	void Chacha20Encrypt (Chacha20State& state, uint8_t * buf, size_t sz); // encrypt buf in place	
 }
+} 
 }
+#endif
 
 #endif

libi2pd/Config.cpp

@@ -32,6 +32,7 @@ namespace config {
 		options_description general("General options");
 		general.add_options()
 			("help",                                                          "Show this message")
+			("version",                                                       "Show i2pd version")
 			("conf", value<std::string>()->default_value(""),                 "Path to main i2pd config file (default: try ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf)")
 			("tunconf", value<std::string>()->default_value(""),              "Path to config with tunnels list and options (default: try ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)")
 			("tunnelsdir", value<std::string>()->default_value(""),   "Path to extra tunnels' configs folder (default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d")
@@ -72,7 +73,7 @@ namespace config {
 			("limits.coresize", value<uint32_t>()->default_value(0),          "Maximum size of corefile in Kb (0 - use system limit)")
 			("limits.openfiles", value<uint16_t>()->default_value(0),         "Maximum number of open files (0 - use system default)")
 			("limits.transittunnels", value<uint16_t>()->default_value(2500), "Maximum active transit sessions (default:2500)")
-			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Threshold to start probabalistic backoff with ntcp sessions (default: use system limit)")
+			("limits.ntcpsoft", value<uint16_t>()->default_value(0),          "Threshold to start probabilistic backoff with ntcp sessions (default: use system limit)")
 			("limits.ntcphard", value<uint16_t>()->default_value(0),          "Maximum number of ntcp sessions (default: use system limit)")
 			("limits.ntcpthreads", value<uint16_t>()->default_value(1),       "Maximum number of threads used by NTCP DH worker (default: 1)")
 		;
@@ -87,6 +88,7 @@ namespace config {
 			("http.pass", value<std::string>()->default_value(""),              "Password for basic auth (default: random, see logs)")
 			("http.strictheaders", value<bool>()->default_value(true),          "Enable strict host checking on WebUI")
 			("http.hostname", value<std::string>()->default_value("localhost"), "Expected hostname for WebUI")
+			("http.webroot", value<std::string>()->default_value("/"),            "WebUI root path (default: / )")
 		;
 
 		options_description httpproxy("HTTP Proxy options");
@@ -151,8 +153,8 @@ namespace config {
 			("i2pcontrol.address", value<std::string>()->default_value("127.0.0.1"),       "I2PCP listen address")
 			("i2pcontrol.port", value<uint16_t>()->default_value(7650),                    "I2PCP listen port")
 			("i2pcontrol.password", value<std::string>()->default_value("itoopie"),        "I2PCP access password")
-			("i2pcontrol.cert", value<std::string>()->default_value("i2pcontrol.crt.pem"), "I2PCP connection cerificate")
-			("i2pcontrol.key", value<std::string>()->default_value("i2pcontrol.key.pem"),  "I2PCP connection cerificate key")
+			("i2pcontrol.cert", value<std::string>()->default_value("i2pcontrol.crt.pem"), "I2PCP connection certificate")
+			("i2pcontrol.key", value<std::string>()->default_value("i2pcontrol.key.pem"),  "I2PCP connection certificate key")
 		;
 
 		bool upnp_default = false;
@@ -162,7 +164,7 @@ namespace config {
 		options_description upnp("UPnP options");
 		upnp.add_options()
 			("upnp.enabled", value<bool>()->default_value(upnp_default), "Enable or disable UPnP: automatic port forwarding")
-			("upnp.name", value<std::string>()->default_value("I2Pd"),   "Name i2pd appears in UPnP forwardings list")
+			("upnp.name", value<std::string>()->default_value("I2Pd"),   "Name i2pd appears in UPnP forwarding list")
 		;
 
 		options_description precomputation("Precomputation options");
@@ -190,7 +192,7 @@ namespace config {
 				"https://netdb.i2p2.no/,"
 				// "https://us.reseed.i2p2.no:444/," // mamoth's shit
 				// "https://uk.reseed.i2p2.no:444/," // mamoth's shit
-				"https://i2p-0.manas.ca:8443/,"
+				"https://reseed.i2p.net.in/,"
 				"https://download.xxlspeed.com/,"
 				"https://reseed-fr.i2pd.xyz/,"
 				"https://reseed.atomike.ninja/,"
@@ -235,8 +237,27 @@ namespace config {
 		options_description ntcp2("NTCP2 Options");
 		ntcp2.add_options()
 			("ntcp2.enabled", value<bool>()->default_value(true), "Enable NTCP2 (default: enabled)")
-		    ("ntcp2.published", value<bool>()->default_value(false), "Publish NTCP2 (default: disabled)")	
+			("ntcp2.published", value<bool>()->default_value(false), "Publish NTCP2 (default: disabled)")
 			("ntcp2.port", value<uint16_t>()->default_value(0), "Port to listen for incoming NTCP2 connections (default: auto)")
+			("ntcp2.addressv6", value<std::string>()->default_value("::"), "Address to bind NTCP2 on")
+		;
+
+		options_description nettime("Time sync options");
+		nettime.add_options()
+			("nettime.enabled", value<bool>()->default_value(false), "Disable time sync (default: disabled)")
+			("nettime.ntpservers", value<std::string>()->default_value(
+				"0.pool.ntp.org,"
+				"1.pool.ntp.org,"
+				"2.pool.ntp.org,"
+				"3.pool.ntp.org"
+			),  "Comma separated list of NTCP servers")
+			("nettime.ntpsyncinterval", value<int>()->default_value(72),  "NTP sync interval in hours (default: 72)")
+		;
+
+		options_description persist("Network information persisting options");
+		persist.add_options()
+			("persist.profiles", value<bool>()->default_value(true), "Persist peer profiles (default: true)")
+			("persist.addressbook", value<bool>()->default_value(true), "Persist full addresses (default: true)")
 		;
 
 		m_OptionsDesc
@@ -257,6 +278,8 @@ namespace config {
 			.add(websocket)
 			.add(exploratory)
 			.add(ntcp2)
+			.add(nettime)
+			.add(persist)
 		;
 	}
 
@@ -282,6 +305,23 @@ namespace config {
 		{
 			std::cout << "i2pd version " << I2PD_VERSION << " (" << I2P_VERSION << ")" << std::endl;
 			std::cout << m_OptionsDesc;
+			exit(EXIT_SUCCESS);
+		} 
+		else if (m_Options.count("version"))
+		{
+			std::cout << "i2pd version " << I2PD_VERSION << " (" << I2P_VERSION << ")" << std::endl;
+			std::cout << "Boost version "     
+					  << BOOST_VERSION / 100000     << "."  // maj. version
+					  << BOOST_VERSION / 100 % 1000 << "."  // min. version
+					  << BOOST_VERSION % 100                // patch version
+					  << std::endl;
+#if defined(OPENSSL_VERSION_TEXT) 
+			std::cout << OPENSSL_VERSION_TEXT << std::endl;
+#endif
+#if defined(LIBRESSL_VERSION_TEXT)
+			std::cout << LIBRESSL_VERSION_TEXT << std::endl;
+#endif
+
 			exit(EXIT_SUCCESS);
 		}
 	}

libi2pd/Config.h

@@ -32,12 +32,12 @@ namespace config {
    * @param  argc  Cmdline arguments count, should be passed from main().
    * @param  argv  Cmdline parameters array, should be passed from main()
    *
-   * If --help is given in parameters, shows it's list with description
-   * terminates the program with exitcode 0.
+   * If --help is given in parameters, shows its list with description
+   * and terminates the program with exitcode 0.
    *
    * In case of parameter misuse boost throws an exception.
    * We internally handle type boost::program_options::unknown_option,
-   * and then terminate program with exitcode 1.
+   * and then terminate the program with exitcode 1.
    *
    * Other exceptions will be passed to higher level.
    */
@@ -107,7 +107,7 @@ namespace config {
   /**
    * @brief  Check is value explicitly given or default
    * @param  name  Name of checked parameter
-   * @return true if value set to default, false othervise
+   * @return true if value set to default, false otherwise
    */
   bool IsDefault(const char *name);
 }

libi2pd/Crypto.cpp

@@ -8,11 +8,14 @@
 #include <openssl/crypto.h>
 #include "TunnelBase.h"
 #include <openssl/ssl.h>
-#include "Crypto.h"
-#if LEGACY_OPENSSL
+#if OPENSSL_HKDF
+#include <openssl/kdf.h>
+#endif
+#if !OPENSSL_AEAD_CHACHA20_POLY1305
 #include "ChaCha20.h"
 #include "Poly1305.h"
 #endif
+#include "Crypto.h"
 #include "Ed25519.h"
 #include "I2PEndian.h"
 #include "Log.h"
@@ -282,6 +285,7 @@ namespace crypto
 	{
 #if OPENSSL_X25519
 		m_Ctx = EVP_PKEY_CTX_new_id (NID_X25519, NULL);
+		m_Pkey = nullptr;
 #else		
 		m_Ctx = BN_CTX_new ();
 #endif		
@@ -304,8 +308,7 @@ namespace crypto
 	{
 #if OPENSSL_X25519
 		EVP_PKEY_CTX_free (m_Ctx);
-		if (m_Pkey)
-			EVP_PKEY_free (m_Pkey);	
+		if (m_Pkey) EVP_PKEY_free (m_Pkey);	
 #else				
 		BN_CTX_free (m_Ctx);
 #endif		
@@ -314,7 +317,11 @@ namespace crypto
 	void X25519Keys::GenerateKeys ()
 	{
 #if OPENSSL_X25519
-		m_Pkey = nullptr;
+		if (m_Pkey)
+		{ 
+			EVP_PKEY_free (m_Pkey);	
+			m_Pkey = nullptr;
+		}
 		EVP_PKEY_keygen_init (m_Ctx);
 		EVP_PKEY_keygen (m_Ctx, &m_Pkey);
 		EVP_PKEY_CTX_free (m_Ctx);
@@ -341,6 +348,16 @@ namespace crypto
 #endif		
 	}		
 	
+	void X25519Keys::GetPrivateKey (uint8_t * priv) const
+	{
+#if OPENSSL_X25519
+		size_t len = 32;
+		EVP_PKEY_get_raw_private_key (m_Pkey, priv, &len);
+#else
+		memcpy (priv, m_PrivateKey, 32);
+#endif
+	}
+
 // ElGamal
 	void ElGamalEncrypt (const uint8_t * key, const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx, bool zeroPadding)
 	{
@@ -1076,66 +1093,7 @@ namespace crypto
 		if (len < msgLen) return false;
 		if (encrypt && len < msgLen + 16) return false;
 		bool ret = true;
-#if LEGACY_OPENSSL
-		// generate one time poly key
-		uint8_t polyKey[64];
-		memset(polyKey, 0, sizeof(polyKey));
-		chacha20 (polyKey, 64, nonce, key, 0);
-
-		// create Poly1305 message
-		if (!ad) adLen = 0;
-		std::vector<uint8_t> polyMsg(adLen + msgLen + 3*16);
-		size_t offset = 0;
-		uint8_t padding[16]; memset (padding, 0, 16);
-		if (ad)
-		{
-			memcpy (polyMsg.data (), ad, adLen); offset += adLen; // additional authenticated data
-			auto rem = adLen & 0x0F; // %16
-			if (rem)
-			{
-				// padding1
-				rem = 16 - rem;
-				memcpy (polyMsg.data () + offset, padding, rem); offset += rem;
-			}
-		}
-		// encrypt/decrypt data and add to hash
-		if (buf != msg)
-			memcpy (buf, msg, msgLen);
-		if (encrypt)
-		{
-			chacha20 (buf, msgLen, nonce, key, 1); // encrypt
-			memcpy (polyMsg.data () + offset, buf, msgLen); // after encryption
-		}
-		else
-		{
-			memcpy (polyMsg.data () + offset, buf, msgLen); // before decryption
-			chacha20 (buf, msgLen, nonce, key, 1); // decrypt
-		}	
-		offset += msgLen; // encrypted data
-
-		auto rem = msgLen & 0x0F; // %16
-		if (rem)
-		{
-			// padding2
-			rem = 16 - rem;
-			memcpy (polyMsg.data () + offset, padding, rem); offset += rem;
-		}
-		htole64buf (polyMsg.data () + offset, adLen); offset += 8;
-		htole64buf (polyMsg.data () + offset, msgLen); offset += 8;
-
-		if (encrypt)
-		{
-			// calculate Poly1305 tag and write in after encrypted data
-			Poly1305HMAC ((uint32_t *)(buf + msgLen), (uint32_t *)polyKey, polyMsg.data (), offset);
-		}
-		else
-		{
-			uint32_t tag[8];
-			// calculate Poly1305 tag
-			Poly1305HMAC (tag, (uint32_t *)polyKey, polyMsg.data (), offset);
-			if (memcmp (tag, msg + msgLen, 16)) ret = false; // compare with provided
-		}
-#else
+#if OPENSSL_AEAD_CHACHA20_POLY1305
 		int outlen = 0;
 		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
 		if (encrypt)
@@ -1160,10 +1118,162 @@ namespace crypto
 		}
 
 		EVP_CIPHER_CTX_free (ctx);
+#else		
+		chacha::Chacha20State state;
+		// generate one time poly key
+		chacha::Chacha20Init (state, nonce, key, 0);	
+		uint64_t polyKey[8];
+		memset(polyKey, 0, sizeof(polyKey));
+		chacha::Chacha20Encrypt (state, (uint8_t *)polyKey, 64);
+		// create Poly1305 hash
+		Poly1305 polyHash (polyKey);
+		if (!ad) adLen = 0;
+		uint8_t padding[16]; memset (padding, 0, 16);
+		if (ad)
+		{
+			polyHash.Update (ad, adLen);// additional authenticated data
+			auto rem = adLen & 0x0F; // %16
+			if (rem)
+			{
+				// padding1
+				rem = 16 - rem;
+				polyHash.Update (padding, rem);	
+			}
+		}
+		// encrypt/decrypt data and add to hash
+		Chacha20SetCounter (state, 1);
+		if (buf != msg)
+			memcpy (buf, msg, msgLen);
+		if (encrypt)
+		{
+			chacha::Chacha20Encrypt (state, buf, msgLen); // encrypt
+			polyHash.Update (buf, msgLen); // after encryption
+		}
+		else
+		{
+			polyHash.Update (buf, msgLen); // before decryption
+			chacha::Chacha20Encrypt (state, buf, msgLen); // decrypt
+		}	
+
+		auto rem = msgLen & 0x0F; // %16
+		if (rem)
+		{
+			// padding2
+			rem = 16 - rem;
+			polyHash.Update (padding, rem);		
+		}
+		// adLen and msgLen
+		htole64buf (padding, adLen);
+		htole64buf (padding + 8, msgLen);
+		polyHash.Update (padding, 16);	
+		
+		if (encrypt)
+			// calculate Poly1305 tag and write in after encrypted data
+			polyHash.Finish ((uint64_t *)(buf + msgLen));
+		else
+		{
+			uint64_t tag[4];
+			// calculate Poly1305 tag
+			polyHash.Finish (tag);	
+			if (memcmp (tag, msg + msgLen, 16)) ret = false; // compare with provided
+		}
 #endif
 		return ret;
 	}
 
+	void AEADChaCha20Poly1305Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac)
+	{
+		if (bufs.empty ()) return;
+#if OPENSSL_AEAD_CHACHA20_POLY1305
+		int outlen = 0;
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
+		EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), 0, 0, 0);
+		EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, 12, 0);
+		EVP_EncryptInit_ex(ctx, NULL, NULL, key, nonce);
+		for (const auto& it: bufs)	
+			EVP_EncryptUpdate(ctx, it.first, &outlen, it.first, it.second);
+		EVP_EncryptFinal_ex(ctx, NULL, &outlen);
+		EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, mac);
+		EVP_CIPHER_CTX_free (ctx);
+#else		
+		chacha::Chacha20State state;
+		// generate one time poly key
+		chacha::Chacha20Init (state, nonce, key, 0);	
+		uint64_t polyKey[8];
+		memset(polyKey, 0, sizeof(polyKey));
+		chacha::Chacha20Encrypt (state, (uint8_t *)polyKey, 64);
+		Poly1305 polyHash (polyKey);
+		// encrypt buffers	
+		Chacha20SetCounter (state, 1);
+		size_t size = 0;
+		for (const auto& it: bufs)
+		{
+			chacha::Chacha20Encrypt (state, it.first, it.second);
+			polyHash.Update (it.first, it.second); // after encryption
+			size += it.second;
+		}
+		// padding
+		uint8_t padding[16]; 
+		memset (padding, 0, 16);
+		auto rem = size & 0x0F; // %16
+		if (rem)
+		{
+			// padding2
+			rem = 16 - rem;
+			polyHash.Update (padding, rem);		
+		}
+		// adLen and msgLen
+		// adLen is always zero
+		htole64buf (padding + 8, size);
+		polyHash.Update (padding, 16);	
+		// MAC
+		polyHash.Finish ((uint64_t *)mac);	
+#endif		
+	}
+
+	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out)
+	{
+#if OPENSSL_AEAD_CHACHA20_POLY1305
+		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new ();
+		uint32_t iv[4];
+		iv[0] = htole32 (1); memcpy (iv + 1, nonce, 12); // counter | nonce
+		EVP_EncryptInit_ex(ctx, EVP_chacha20 (), NULL, key, (const uint8_t *)iv);
+		int outlen = 0;
+		EVP_EncryptUpdate(ctx, out, &outlen, msg, msgLen);
+		EVP_EncryptFinal_ex(ctx, NULL, &outlen);
+		EVP_CIPHER_CTX_free (ctx);
+#else
+		chacha::Chacha20State state;
+		chacha::Chacha20Init (state, nonce, key, 1);	
+		if (out != msg) memcpy (out, msg, msgLen);
+		chacha::Chacha20Encrypt (state, out, msgLen);
+#endif
+	}
+
+	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info, uint8_t * out)
+	{
+#if OPENSSL_HKDF
+		EVP_PKEY_CTX * pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_HKDF, NULL);
+		EVP_PKEY_derive_init (pctx);
+		EVP_PKEY_CTX_set_hkdf_md (pctx, EVP_sha256());
+		EVP_PKEY_CTX_set1_hkdf_salt (pctx, salt, 32);
+		EVP_PKEY_CTX_set1_hkdf_key (pctx, key, keyLen);
+		if (info.length () > 0)
+			EVP_PKEY_CTX_add1_hkdf_info (pctx, info.c_str (), info.length ());
+		size_t outlen = 64;
+		EVP_PKEY_derive (pctx, out, &outlen);
+		EVP_PKEY_CTX_free (pctx);
+#else
+		uint8_t prk[32]; unsigned int len;
+		HMAC(EVP_sha256(), salt, 32, key, keyLen, prk, &len); 
+		auto l = info.length ();
+		memcpy (out, info.c_str (), l); out[l] = 0x01;
+		HMAC(EVP_sha256(), prk, 32, out, l + 1, out, &len);
+		memcpy (out + 32, info.c_str (), l); out[l + 32] = 0x02;
+		HMAC(EVP_sha256(), prk, 32, out, l + 33, out + 32, &len); 
+#endif
+	}
+
 // init and terminate
 
 /*	std::vector <std::unique_ptr<std::mutex> >  m_OpenSSLMutexes;
@@ -1178,11 +1288,13 @@ namespace crypto
 		}
 	}*/
 
-
+	
 	void InitCrypto (bool precomputation)
 	{
-		i2p::cpu::Detect ();
+		i2p::cpu::Detect ();	
+#if LEGACY_OPENSSL
 		SSL_library_init ();
+#endif
 /*		auto numLocks = CRYPTO_num_locks();
 		for (int i = 0; i < numLocks; i++)
 			m_OpenSSLMutexes.emplace_back (new std::mutex);
@@ -1217,3 +1329,4 @@ namespace crypto
 	}
 }
 }
+

libi2pd/Crypto.h

@@ -3,6 +3,7 @@
 
 #include <inttypes.h>
 #include <string>
+#include <vector>
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/aes.h>
@@ -22,13 +23,19 @@
 // recognize openssl version and features
 #if ((OPENSSL_VERSION_NUMBER < 0x010100000) || defined(LIBRESSL_VERSION_NUMBER)) // 1.0.2 and below or LibreSSL
 #   define LEGACY_OPENSSL 1
+#   define X509_getm_notBefore X509_get_notBefore
+#   define X509_getm_notAfter X509_get_notAfter
 #else
 #   define LEGACY_OPENSSL 0
+#	define OPENSSL_HKDF 1
 #   if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
 #	   define OPENSSL_EDDSA 1
 #	   define OPENSSL_X25519 1
 #	   define OPENSSL_SIPHASH 1
 #   endif
+#   if !defined OPENSSL_NO_CHACHA && !defined OPENSSL_NO_POLY1305 // some builds might not include them
+#	   define OPENSSL_AEAD_CHACHA20_POLY1305 1 
+#   endif
 #endif
 
 namespace i2p
@@ -72,6 +79,7 @@ namespace crypto
 
 			void GenerateKeys ();
 			const uint8_t * GetPublicKey () const { return m_PublicKey; };
+			void GetPrivateKey (uint8_t * priv) const;
 			void Agree (const uint8_t * pub, uint8_t * shared);			
 
 		private:
@@ -107,27 +115,16 @@ namespace crypto
 
 		void operator^=(const ChipherBlock& other) // XOR
 		{
-#ifdef __AVX__
-			if (i2p::cpu::avx)
-			{
-				__asm__
-					(
-						"vmovups (%[buf]), %%xmm0 \n"
-						"vmovups (%[other]), %%xmm1 \n"
-						"vxorps %%xmm0, %%xmm1, %%xmm0 \n"
-						"vmovups %%xmm0, (%[buf]) \n"
-						:
-						: [buf]"r"(buf), [other]"r"(other.buf)
-						: "%xmm0", "%xmm1", "memory"
-						);
-			}
+			if (!(((size_t)buf | (size_t)other.buf) & 0x03)) // multiple of 4 ?
+			{	
+				for (int i = 0; i < 4; i++)
+					reinterpret_cast<uint32_t *>(buf)[i] ^= reinterpret_cast<const uint32_t *>(other.buf)[i];
+			}	
 			else
-#endif
-			{
-				// TODO: implement it better
+			{	
 				for (int i = 0; i < 16; i++)
 					buf[i] ^= other.buf[i];
-			}
+			}					
 		}
 	};
 
@@ -292,6 +289,15 @@ namespace crypto
 // AEAD/ChaCha20/Poly1305
 	bool AEADChaCha20Poly1305 (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen, const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len, bool encrypt); // msgLen is len without tag
 
+	void AEADChaCha20Poly1305Encrypt (const std::vector<std::pair<uint8_t *, size_t> >& bufs, const uint8_t * key, const uint8_t * nonce, uint8_t * mac); // encrypt multiple buffers with zero ad
+
+// ChaCha20
+	void ChaCha20 (const uint8_t * msg, size_t msgLen, const uint8_t * key, const uint8_t * nonce, uint8_t * out);
+
+// HKDF
+
+	void HKDF (const uint8_t * salt, const uint8_t * key, size_t keyLen, const std::string& info, uint8_t * out); // salt - 32, out - 64, info <= 32 
+
 // init and terminate
 	void InitCrypto (bool precomputation);
 	void TerminateCrypto ();

libi2pd/CryptoKey.h

@@ -22,6 +22,7 @@ namespace crypto
 
 			virtual ~CryptoKeyDecryptor () {};
 			virtual bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding) = 0; // 512/514 bytes encrypted, 222 bytes data
+			virtual size_t GetPublicKeyLen () const = 0; // we need it to set key in LS2
 	};
 
 // ElGamal
@@ -43,7 +44,8 @@ namespace crypto
 
 			ElGamalDecryptor (const uint8_t * priv);
 			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
-
+			size_t GetPublicKeyLen () const { return 256; };
+			
 		private:
 
 			uint8_t m_PrivateKey[256];
@@ -73,7 +75,8 @@ namespace crypto
 			ECIESP256Decryptor (const uint8_t * priv);
 			~ECIESP256Decryptor ();
 			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
-
+			size_t GetPublicKeyLen () const { return 64; };
+			
 		private:
 
 			EC_GROUP * m_Curve;
@@ -105,7 +108,8 @@ namespace crypto
 			ECIESGOSTR3410Decryptor (const uint8_t * priv);
 			~ECIESGOSTR3410Decryptor ();
 			bool Decrypt (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx, bool zeroPadding);
-
+			size_t GetPublicKeyLen () const { return 64; };
+			
 		private:
 
 			BIGNUM * m_PrivateKey;

libi2pd/Destination.cpp

@@ -16,7 +16,8 @@ namespace client
 	LeaseSetDestination::LeaseSetDestination (bool isPublic, const std::map<std::string, std::string> * params):
 		m_IsRunning (false), m_Thread (nullptr), m_IsPublic (isPublic),
 		m_PublishReplyToken (0), m_LastSubmissionTime (0), m_PublishConfirmationTimer (m_Service),
-		m_PublishVerificationTimer (m_Service), m_PublishDelayTimer (m_Service), m_CleanupTimer (m_Service)
+		m_PublishVerificationTimer (m_Service), m_PublishDelayTimer (m_Service), m_CleanupTimer (m_Service),
+		m_LeaseSetType (DEFAULT_LEASESET_TYPE)
 	{
 		int inLen   = DEFAULT_INBOUND_TUNNEL_LENGTH;
 		int inQty   = DEFAULT_INBOUND_TUNNELS_QUANTITY;
@@ -66,6 +67,9 @@ namespace client
 					if (it != params->end ()) m_Nickname = it->second;
 					// otherwise we set default nickname in Start when we know local address
 				}
+				it = params->find (I2CP_PARAM_LEASESET_TYPE);
+				if (it != params->end ())
+					m_LeaseSetType = std::stoi(it->second);
 			}
 		}
 		catch (std::exception & ex)
@@ -209,7 +213,7 @@ namespace client
 		return pool->Reconfigure(inLen, outLen, inQuant, outQuant);
 	}
 	
-	std::shared_ptr<const i2p::data::LeaseSet> LeaseSetDestination::FindLeaseSet (const i2p::data::IdentHash& ident)
+	std::shared_ptr<i2p::data::LeaseSet> LeaseSetDestination::FindLeaseSet (const i2p::data::IdentHash& ident)
 	{
 		std::shared_ptr<i2p::data::LeaseSet> remoteLS;
 		{
@@ -268,15 +272,21 @@ namespace client
 		if (!m_Pool) return nullptr;
 		if (!m_LeaseSet)
 			UpdateLeaseSet ();
+		auto ls = GetLeaseSetMt ();
+		return (ls && ls->GetInnerLeaseSet ()) ? ls->GetInnerLeaseSet () : ls; // always non-encrypted
+	}
+
+	std::shared_ptr<const i2p::data::LocalLeaseSet> LeaseSetDestination::GetLeaseSetMt ()
+	{
 		std::lock_guard<std::mutex> l(m_LeaseSetMutex);
 		return m_LeaseSet;
 	}
-
-	void LeaseSetDestination::SetLeaseSet (i2p::data::LocalLeaseSet * newLeaseSet)
+		
+	void LeaseSetDestination::SetLeaseSet (std::shared_ptr<const i2p::data::LocalLeaseSet> newLeaseSet)
 	{
 		{
 			std::lock_guard<std::mutex> l(m_LeaseSetMutex);
-			m_LeaseSet.reset (newLeaseSet);
+			m_LeaseSet = newLeaseSet;
 		}
 		i2p::garlic::GarlicDestination::SetLeaseSetUpdated ();
 		if (m_IsPublic)
@@ -357,51 +367,76 @@ namespace client
 		}
 		i2p::data::IdentHash key (buf + DATABASE_STORE_KEY_OFFSET);
 		std::shared_ptr<i2p::data::LeaseSet> leaseSet;
-		if (buf[DATABASE_STORE_TYPE_OFFSET] == 1) // LeaseSet
+		switch (buf[DATABASE_STORE_TYPE_OFFSET])
 		{
-			LogPrint (eLogDebug, "Destination: Remote LeaseSet");
-			std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
-			auto it = m_RemoteLeaseSets.find (key);
-			if (it != m_RemoteLeaseSets.end ())
+			case i2p::data::NETDB_STORE_TYPE_LEASESET: // 1
+			case i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2: // 3
 			{
-				leaseSet = it->second;
-				if (leaseSet->IsNewer (buf + offset, len - offset))
+				LogPrint (eLogDebug, "Destination: Remote LeaseSet");
+				std::lock_guard<std::mutex> lock(m_RemoteLeaseSetsMutex);
+				auto it = m_RemoteLeaseSets.find (key);
+				if (it != m_RemoteLeaseSets.end ())
 				{
-					leaseSet->Update (buf + offset, len - offset);
+					leaseSet = it->second;
+					if (leaseSet->IsNewer (buf + offset, len - offset))
+					{
+						leaseSet->Update (buf + offset, len - offset);
+						if (leaseSet->IsValid () && leaseSet->GetIdentHash () == key)
+							LogPrint (eLogDebug, "Destination: Remote LeaseSet updated");
+						else
+						{
+							LogPrint (eLogDebug, "Destination: Remote LeaseSet update failed");
+							m_RemoteLeaseSets.erase (it);
+							leaseSet = nullptr;
+						}
+					}
+					else
+						LogPrint (eLogDebug, "Destination: Remote LeaseSet is older. Not updated");
+				}
+				else
+				{
+					if (buf[DATABASE_STORE_TYPE_OFFSET] == i2p::data::NETDB_STORE_TYPE_LEASESET)
+						leaseSet = std::make_shared<i2p::data::LeaseSet> (buf + offset, len - offset); // LeaseSet
+					else
+						leaseSet = std::make_shared<i2p::data::LeaseSet2> (buf[DATABASE_STORE_TYPE_OFFSET], buf + offset, len - offset); // LeaseSet2
 					if (leaseSet->IsValid () && leaseSet->GetIdentHash () == key)
-						LogPrint (eLogDebug, "Destination: Remote LeaseSet updated");
+					{
+						if (leaseSet->GetIdentHash () != GetIdentHash ())
+						{
+							LogPrint (eLogDebug, "Destination: New remote LeaseSet added");
+							m_RemoteLeaseSets[key] = leaseSet;
+						}
+						else
+							LogPrint (eLogDebug, "Destination: Own remote LeaseSet dropped");
+					}
 					else
 					{
-						LogPrint (eLogDebug, "Destination: Remote LeaseSet update failed");
-						m_RemoteLeaseSets.erase (it);
+						LogPrint (eLogError, "Destination: New remote LeaseSet failed");
 						leaseSet = nullptr;
 					}
 				}
-				else
-					LogPrint (eLogDebug, "Destination: Remote LeaseSet is older. Not updated");
+				break;
 			}
-			else
+			case i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2: // 5
 			{
-				leaseSet = std::make_shared<i2p::data::LeaseSet> (buf + offset, len - offset);
-				if (leaseSet->IsValid () && leaseSet->GetIdentHash () == key)
+				auto it2 = m_LeaseSetRequests.find (key);
+				if (it2 != m_LeaseSetRequests.end () && it2->second->requestedBlindedKey)
 				{
-					if (leaseSet->GetIdentHash () != GetIdentHash ())
+					auto ls2 = std::make_shared<i2p::data::LeaseSet2> (buf + offset, len - offset, it2->second->requestedBlindedKey);
+					if (ls2->IsValid ())
 					{
-						LogPrint (eLogDebug, "Destination: New remote LeaseSet added");
-						m_RemoteLeaseSets[key] = leaseSet;
+						m_RemoteLeaseSets[ls2->GetIdentHash ()] = ls2; // ident is not key
+						m_RemoteLeaseSets[key] = ls2; // also store as key for next lookup
+						leaseSet = ls2;
 					}
-					else
-						LogPrint (eLogDebug, "Destination: Own remote LeaseSet dropped");
 				}
 				else
-				{
-					LogPrint (eLogError, "Destination: New remote LeaseSet failed");
-					leaseSet = nullptr;
-				}
+					LogPrint (eLogInfo, "Destination: Couldn't find request for encrypted LeaseSet2");
+				break;
 			}
+			default:
+				LogPrint (eLogError, "Destination: Unexpected client's DatabaseStore type ", buf[DATABASE_STORE_TYPE_OFFSET], ", dropped");
 		}
-		else
-			LogPrint (eLogError, "Destination: Unexpected client's DatabaseStore type ", buf[DATABASE_STORE_TYPE_OFFSET], ", dropped");
 
 		auto it1 = m_LeaseSetRequests.find (key);
 		if (it1 != m_LeaseSetRequests.end ())
@@ -477,7 +512,8 @@ namespace client
 
 	void LeaseSetDestination::Publish ()
 	{
-		if (!m_LeaseSet || !m_Pool)
+		auto leaseSet = GetLeaseSetMt ();
+		if (!leaseSet || !m_Pool)
 		{
 			LogPrint (eLogError, "Destination: Can't publish non-existing LeaseSet");
 			return;
@@ -509,7 +545,7 @@ namespace client
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet. No inbound tunnels");
 			return;
 		}
-		auto floodfill = i2p::data::netdb.GetClosestFloodfill (m_LeaseSet->GetIdentHash (), m_ExcludedFloodfills);
+		auto floodfill = i2p::data::netdb.GetClosestFloodfill (leaseSet->GetIdentHash (), m_ExcludedFloodfills);
 		if (!floodfill)
 		{
 			LogPrint (eLogError, "Destination: Can't publish LeaseSet, no more floodfills found");
@@ -519,7 +555,7 @@ namespace client
 		m_ExcludedFloodfills.insert (floodfill->GetIdentHash ());
 		LogPrint (eLogDebug, "Destination: Publish LeaseSet of ", GetIdentHash ().ToBase32 ());
 		RAND_bytes ((uint8_t *)&m_PublishReplyToken, 4);
-		auto msg = WrapMessage (floodfill, i2p::CreateDatabaseStoreMsg (m_LeaseSet, m_PublishReplyToken, inbound));
+		auto msg = WrapMessage (floodfill, i2p::CreateDatabaseStoreMsg (leaseSet, m_PublishReplyToken, inbound));
 		m_PublishConfirmationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_CONFIRMATION_TIMEOUT));
 		m_PublishConfirmationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishConfirmationTimer,
 			shared_from_this (), std::placeholders::_1));
@@ -542,7 +578,7 @@ namespace client
 				else
 				{
 					LogPrint (eLogWarning, "Destination: Publish confirmation was not received in ", PUBLISH_CONFIRMATION_TIMEOUT,  " seconds from Java floodfill for crypto type ", (int)GetIdentity ()->GetCryptoKeyType ());
-					// Java floodfill never sends confirmantion back for unknown crypto type
+					// Java floodfill never sends confirmation back for unknown crypto type
 					// assume it successive and try to verify
 					m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_VERIFICATION_TIMEOUT));
 					m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer,
@@ -557,26 +593,32 @@ namespace client
 	{
 		if (ecode != boost::asio::error::operation_aborted)
 		{
+			auto ls = GetLeaseSetMt ();
+			if (!ls)
+			{
+				LogPrint (eLogWarning, "Destination: couldn't verify LeaseSet for ", GetIdentHash().ToBase32());
+				return;
+			}	
 			auto s = shared_from_this ();
-			RequestLeaseSet (GetIdentHash (),
-				// "this" added due to bug in gcc 4.7-4.8
-				[s,this](std::shared_ptr<i2p::data::LeaseSet> leaseSet)
+			// we must capture this for gcc 4.7 due the bug
+			RequestLeaseSet (ls->GetStoreHash (),
+				[s, ls, this](std::shared_ptr<const i2p::data::LeaseSet> leaseSet)
 				{
 					if (leaseSet)
 					{
-						if (s->m_LeaseSet && *s->m_LeaseSet == *leaseSet)
+						if (*ls == *leaseSet)
 						{
 							// we got latest LeasetSet
-							LogPrint (eLogDebug, "Destination: published LeaseSet verified for ", GetIdentHash().ToBase32());
+							LogPrint (eLogDebug, "Destination: published LeaseSet verified for ", s->GetIdentHash().ToBase32());
 							s->m_PublishVerificationTimer.expires_from_now (boost::posix_time::seconds(PUBLISH_REGULAR_VERIFICATION_INTERNAL));
 							s->m_PublishVerificationTimer.async_wait (std::bind (&LeaseSetDestination::HandlePublishVerificationTimer, s, std::placeholders::_1));
 							return;
 						}
 						else
-							LogPrint (eLogDebug, "Destination: LeaseSet is different than just published for ", GetIdentHash().ToBase32());
+							LogPrint (eLogDebug, "Destination: LeaseSet is different than just published for ", s->GetIdentHash().ToBase32());
 					}
 					else
-						LogPrint (eLogWarning, "Destination: couldn't find published LeaseSet for ", GetIdentHash().ToBase32());
+						LogPrint (eLogWarning, "Destination: couldn't find published LeaseSet for ", s->GetIdentHash().ToBase32());
 					// we have to publish again
 					s->Publish ();
 				});
@@ -597,7 +639,27 @@ namespace client
 				m_Service.post ([requestComplete](void){requestComplete (nullptr);});
 			return false;
 		}
-		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete));
+		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), dest, requestComplete, nullptr));
+		return true;
+	}
+
+	bool LeaseSetDestination::RequestDestinationWithEncryptedLeaseSet (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, RequestComplete requestComplete)
+	{
+		if (!dest || !m_Pool || !IsReady ())
+		{
+			if (requestComplete)
+				m_Service.post ([requestComplete](void){requestComplete (nullptr);});
+			return false;
+		}	
+		auto storeHash = dest->GetStoreHash ();
+		auto leaseSet = FindLeaseSet (storeHash);	
+		if (leaseSet)
+		{
+			if (requestComplete)
+				m_Service.post ([requestComplete, leaseSet](void){requestComplete (leaseSet);});
+			return true;
+		}
+		m_Service.post (std::bind (&LeaseSetDestination::RequestLeaseSet, shared_from_this (), storeHash, requestComplete, dest));
 		return true;
 	}
 
@@ -616,13 +678,20 @@ namespace client
 			});
 	}
 
-	void LeaseSetDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete)
+	void LeaseSetDestination::CancelDestinationRequestWithEncryptedLeaseSet (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, bool notify)
+	{
+		if (dest)
+			CancelDestinationRequest (dest->GetStoreHash (), notify);
+	}
+
+	void LeaseSetDestination::RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey)
 	{
 		std::set<i2p::data::IdentHash> excluded;
 		auto floodfill = i2p::data::netdb.GetClosestFloodfill (dest, excluded);
 		if (floodfill)
 		{
 			auto request = std::make_shared<LeaseSetRequest> (m_Service);
+			request->requestedBlindedKey = requestedBlindedKey; // for encrypted LeaseSet2
 			if (requestComplete)
 				request->requestComplete.push_back (requestComplete);
 			auto ts = i2p::util::GetSecondsSinceEpoch ();
@@ -769,12 +838,23 @@ namespace client
 		m_DatagramDestination (nullptr), m_RefCounter (0),
 		m_ReadyChecker(GetService())
 	{
-		if (isPublic)
+		if (keys.IsOfflineSignature () && GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
+			SetLeaseSetType (i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2); // offline keys can be published with LS2 only
+
+		m_EncryptionKeyType = GetIdentity ()->GetCryptoKeyType ();
+		// extract encryption type params for LS2
+		if (GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2 && params)
+		{
+			auto it = params->find (I2CP_PARAM_LEASESET_ENCRYPTION_TYPE);
+			if (it != params->end ())
+				m_EncryptionKeyType = std::stoi(it->second);
+		}		
+	
+		if (isPublic && m_EncryptionKeyType == GetIdentity ()->GetCryptoKeyType ()) // TODO: presist key type
 			PersistTemporaryKeys ();
 		else
-			i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (),
-				m_EncryptionPrivateKey, m_EncryptionPublicKey);
-		m_Decryptor = m_Keys.CreateDecryptor (m_EncryptionPrivateKey);
+			i2p::data::PrivateKeys::GenerateCryptoKeyPair (m_EncryptionKeyType, m_EncryptionPrivateKey, m_EncryptionPublicKey);
+		m_Decryptor = i2p::data::PrivateKeys::CreateDecryptor (m_EncryptionKeyType, m_EncryptionPrivateKey);
 		if (isPublic)
 			LogPrint (eLogInfo, "Destination: Local address ", GetIdentHash().ToBase32 (), " created");
 
@@ -906,7 +986,7 @@ namespace client
 		{
 			auto s = GetSharedFromThis ();
 			RequestDestination (dest,
-				[s, streamRequestComplete, port](std::shared_ptr<i2p::data::LeaseSet> ls)
+				[s, streamRequestComplete, port](std::shared_ptr<const i2p::data::LeaseSet> ls)
 				{
 					if (ls)
 						streamRequestComplete(s->CreateStream (ls, port));
@@ -916,6 +996,24 @@ namespace client
 		}
 	}
 
+	void ClientDestination::CreateStream (StreamRequestComplete streamRequestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port)
+	{
+		if (!streamRequestComplete)
+		{
+			LogPrint (eLogError, "Destination: request callback is not specified in CreateStream");
+			return;
+		}
+		auto s = GetSharedFromThis ();
+		RequestDestinationWithEncryptedLeaseSet (dest,
+			[s, streamRequestComplete, port](std::shared_ptr<i2p::data::LeaseSet> ls)
+			{
+				if (ls)
+					streamRequestComplete(s->CreateStream (ls, port));
+				else
+					streamRequestComplete (nullptr);
+			});
+	}
+
 	std::shared_ptr<i2p::stream::Stream> ClientDestination::CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port)
 	{
 		if (m_StreamingDestination)
@@ -1004,9 +1102,10 @@ namespace client
 			return;
 		}
 
-		LogPrint (eLogInfo, "Destination: Creating new temporary keys for address ", ident, ".b32.i2p");
-		i2p::data::PrivateKeys::GenerateCryptoKeyPair(GetIdentity ()->GetCryptoKeyType (),
-				m_EncryptionPrivateKey, m_EncryptionPublicKey);
+		LogPrint (eLogInfo, "Destination: Creating new temporary keys of type for address ", ident, ".b32.i2p");
+		memset (m_EncryptionPrivateKey, 0, 256);
+		memset (m_EncryptionPublicKey, 0, 256);	
+		i2p::data::PrivateKeys::GenerateCryptoKeyPair (GetIdentity ()->GetCryptoKeyType (), m_EncryptionPrivateKey, m_EncryptionPublicKey);
 
 		std::ofstream f1 (path, std::ofstream::binary | std::ofstream::out);
 		if (f1) {
@@ -1019,9 +1118,23 @@ namespace client
 
 	void ClientDestination::CreateNewLeaseSet (std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels)
 	{
-		auto leaseSet = new i2p::data::LocalLeaseSet (GetIdentity (), m_EncryptionPublicKey, tunnels);
-		// sign
-		Sign (leaseSet->GetBuffer (), leaseSet->GetBufferLen () - leaseSet->GetSignatureLen (), leaseSet->GetSignature ()); // TODO
+		std::shared_ptr<i2p::data::LocalLeaseSet> leaseSet;
+		if (GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
+		{
+			leaseSet = std::make_shared<i2p::data::LocalLeaseSet> (GetIdentity (), m_EncryptionPublicKey, tunnels);
+			// sign
+			Sign (leaseSet->GetBuffer (), leaseSet->GetBufferLen () - leaseSet->GetSignatureLen (), leaseSet->GetSignature ()); 
+		}
+		else
+		{
+			// standard LS2 (type 3) first
+			auto keyLen = m_Decryptor ? m_Decryptor->GetPublicKeyLen () : 256;
+			auto ls2 = std::make_shared<i2p::data::LocalLeaseSet2> (i2p::data::NETDB_STORE_TYPE_STANDARD_LEASESET2,
+				m_Keys, m_EncryptionKeyType, keyLen, m_EncryptionPublicKey, tunnels);
+			if (GetLeaseSetType () == i2p::data::NETDB_STORE_TYPE_ENCRYPTED_LEASESET2) // encrypt if type 5
+				ls2 = std::make_shared<i2p::data::LocalEncryptedLeaseSet2> (ls2, m_Keys);
+			leaseSet = ls2;
+		}
 		SetLeaseSet (leaseSet);
 	}
 

libi2pd/Destination.h

@@ -52,6 +52,9 @@ namespace client
 	const int DEFAULT_TAGS_TO_SEND = 40;
 	const char I2CP_PARAM_INBOUND_NICKNAME[] = "inbound.nickname";
 	const char I2CP_PARAM_OUTBOUND_NICKNAME[] = "outbound.nickname";
+	const char I2CP_PARAM_LEASESET_TYPE[] = "i2cp.leaseSetType";
+	const int DEFAULT_LEASESET_TYPE = 1;		
+	const char I2CP_PARAM_LEASESET_ENCRYPTION_TYPE[] = "i2cp.leaseSetEncType";
 
 	// latency
 	const char I2CP_PARAM_MIN_TUNNEL_LATENCY[] = "latency.min";
@@ -79,6 +82,7 @@ namespace client
 			std::list<RequestComplete> requestComplete;
 			std::shared_ptr<i2p::tunnel::OutboundTunnel> outboundTunnel;
 			std::shared_ptr<i2p::tunnel::InboundTunnel> replyTunnel;
+			std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey; // for encrypted LeaseSet2 only
 
 			void Complete (std::shared_ptr<i2p::data::LeaseSet> ls)
 			{
@@ -104,9 +108,11 @@ namespace client
 			boost::asio::io_service& GetService () { return m_Service; };
 			std::shared_ptr<i2p::tunnel::TunnelPool> GetTunnelPool () { return m_Pool; };
 			bool IsReady () const { return m_LeaseSet && !m_LeaseSet->IsExpired () && m_Pool->GetOutboundTunnels ().size () > 0; };
-			std::shared_ptr<const i2p::data::LeaseSet> FindLeaseSet (const i2p::data::IdentHash& ident);
+			std::shared_ptr<i2p::data::LeaseSet> FindLeaseSet (const i2p::data::IdentHash& ident);
 			bool RequestDestination (const i2p::data::IdentHash& dest, RequestComplete requestComplete = nullptr);
+			bool RequestDestinationWithEncryptedLeaseSet (std::shared_ptr<const i2p::data::BlindedPublicKey>  dest, RequestComplete requestComplete = nullptr); 
 			void CancelDestinationRequest (const i2p::data::IdentHash& dest, bool notify = true);
+			void CancelDestinationRequestWithEncryptedLeaseSet (std::shared_ptr<const i2p::data::BlindedPublicKey> dest, bool notify = true);
 
 			// implements GarlicDestination
 			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSet ();
@@ -121,7 +127,9 @@ namespace client
 
 		protected:
 
-			void SetLeaseSet (i2p::data::LocalLeaseSet * newLeaseSet);
+			void SetLeaseSet (std::shared_ptr<const i2p::data::LocalLeaseSet> newLeaseSet);
+			int GetLeaseSetType () const { return m_LeaseSetType; };
+			void SetLeaseSetType (int leaseSetType) { m_LeaseSetType = leaseSetType; };
 			virtual void CleanupDestination () {}; // additional clean up in derived classes
 			// I2CP
 			virtual void HandleDataMessage (const uint8_t * buf, size_t len) = 0;
@@ -131,6 +139,7 @@ namespace client
 
 			void Run ();
 			void UpdateLeaseSet ();
+			std::shared_ptr<const i2p::data::LocalLeaseSet> GetLeaseSetMt ();
 			void Publish ();
 			void HandlePublishConfirmationTimer (const boost::system::error_code& ecode);
 			void HandlePublishVerificationTimer (const boost::system::error_code& ecode);
@@ -139,7 +148,7 @@ namespace client
 			void HandleDatabaseSearchReplyMessage (const uint8_t * buf, size_t len);
 			void HandleDeliveryStatusMessage (std::shared_ptr<I2NPMessage> msg);
 
-			void RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete);
+			void RequestLeaseSet (const i2p::data::IdentHash& dest, RequestComplete requestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> requestedBlindedKey = nullptr);
 			bool SendLeaseSetRequest (const i2p::data::IdentHash& dest, std::shared_ptr<const i2p::data::RouterInfo>  nextFloodfill, std::shared_ptr<LeaseSetRequest> request);
 			void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest);
 			void HandleCleanupTimer (const boost::system::error_code& ecode);
@@ -156,7 +165,7 @@ namespace client
 
 			std::shared_ptr<i2p::tunnel::TunnelPool> m_Pool;
 			std::mutex m_LeaseSetMutex;
-			std::shared_ptr<i2p::data::LocalLeaseSet> m_LeaseSet;
+			std::shared_ptr<const i2p::data::LocalLeaseSet> m_LeaseSet;
 			bool m_IsPublic;
 			uint32_t m_PublishReplyToken;
 			uint64_t m_LastSubmissionTime; // in seconds
@@ -165,6 +174,7 @@ namespace client
 			boost::asio::deadline_timer m_PublishConfirmationTimer, m_PublishVerificationTimer,
 				m_PublishDelayTimer, m_CleanupTimer;
 			std::string m_Nickname;
+			int m_LeaseSetType;
 
 		public:
 
@@ -203,6 +213,7 @@ namespace client
 			std::shared_ptr<i2p::stream::StreamingDestination> GetStreamingDestination (int port = 0) const;
 			// following methods operate with default streaming destination
 			void CreateStream (StreamRequestComplete streamRequestComplete, const i2p::data::IdentHash& dest, int port = 0);
+			void CreateStream (StreamRequestComplete streamRequestComplete, std::shared_ptr<const i2p::data::BlindedPublicKey> dest, int port = 0);
 			std::shared_ptr<i2p::stream::Stream> CreateStream (std::shared_ptr<const i2p::data::LeaseSet> remote, int port = 0);
 			void AcceptStreams (const i2p::stream::StreamingDestination::Acceptor& acceptor);
 			void StopAcceptingStreams ();
@@ -238,6 +249,7 @@ namespace client
 
 			i2p::data::PrivateKeys m_Keys;
 			uint8_t m_EncryptionPublicKey[256], m_EncryptionPrivateKey[256];
+			i2p::data::CryptoKeyType m_EncryptionKeyType;
 			std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> m_Decryptor;
 
 			int m_StreamingAckDelay;

libi2pd/Ed25519.cpp

@@ -121,8 +121,8 @@ namespace crypto
 		return passed;
 	}
 
-	void Ed25519::Sign (const uint8_t * expandedPrivateKey, const uint8_t * publicKeyEncoded, const uint8_t * buf, size_t len,
-		uint8_t * signature) const
+	void Ed25519::Sign (const uint8_t * expandedPrivateKey, const uint8_t * publicKeyEncoded, 
+		const uint8_t * buf, size_t len, uint8_t * signature) const
 	{
 		BN_CTX * bnCtx = BN_CTX_new ();
 		// calculate r
@@ -153,6 +153,44 @@ namespace crypto
 		BN_CTX_free (bnCtx);
 	}
 
+	void Ed25519::SignRedDSA (const uint8_t * privateKey, const uint8_t * publicKeyEncoded, 
+		const uint8_t * buf, size_t len, uint8_t * signature) const
+	{
+		BN_CTX * bnCtx = BN_CTX_new ();
+		// T = 80 random bytes
+		uint8_t T[80];
+		RAND_bytes (T, 80);
+		// calculate r = H*(T || publickey || data)
+		SHA512_CTX ctx;
+		SHA512_Init (&ctx);
+		SHA512_Update (&ctx, T, 80);
+		SHA512_Update (&ctx, publicKeyEncoded, 32); 
+		SHA512_Update (&ctx, buf, len); // data
+		uint8_t digest[64];
+		SHA512_Final (digest, &ctx);
+		BIGNUM * r = DecodeBN<64> (digest); 
+		BN_mod (r, r, l, bnCtx); // % l	
+		EncodeBN (r, digest, 32);
+		// calculate R
+		uint8_t R[EDDSA25519_SIGNATURE_LENGTH/2]; // we must use separate buffer because signature might be inside buf
+		EncodePoint (Normalize (MulB (digest, bnCtx), bnCtx), R); 
+		// calculate S
+		SHA512_Init (&ctx);
+		SHA512_Update (&ctx, R, EDDSA25519_SIGNATURE_LENGTH/2); // R
+		SHA512_Update (&ctx, publicKeyEncoded, EDDSA25519_PUBLIC_KEY_LENGTH); // public key
+		SHA512_Update (&ctx, buf, len); // data
+		SHA512_Final (digest, &ctx);
+		BIGNUM * h = DecodeBN<64> (digest);
+		// S = (r + h*a) % l
+		BIGNUM * a = DecodeBN<EDDSA25519_PRIVATE_KEY_LENGTH> (privateKey); 
+		BN_mod_mul (h, h, a, l, bnCtx); // %l
+		BN_mod_add (h, h, r, l, bnCtx); // %l
+		memcpy (signature, R, EDDSA25519_SIGNATURE_LENGTH/2);
+		EncodeBN (h, signature + EDDSA25519_SIGNATURE_LENGTH/2, EDDSA25519_SIGNATURE_LENGTH/2); // S
+		BN_free (r); BN_free (h); BN_free (a);
+		BN_CTX_free (bnCtx);
+	}
+	
 	EDDSAPoint Ed25519::Sum (const EDDSAPoint& p1, const EDDSAPoint& p2, BN_CTX * ctx) const
 	{
 		// x3 = (x1*y2+y1*x2)*(z1*z2-d*t1*t2)
@@ -411,6 +449,7 @@ namespace crypto
 		}
 	}
 
+#if !OPENSSL_X25519
 	BIGNUM * Ed25519::ScalarMul (const BIGNUM * u, const BIGNUM * k, BN_CTX * ctx) const
 	{
 		BN_CTX_start (ctx);
@@ -488,6 +527,40 @@ namespace crypto
 		EncodeBN (q1, buf, 32);
 		BN_free (p1); BN_free (n); BN_free (q1);
 	}
+#endif
+
+	void Ed25519::BlindPublicKey (const uint8_t * pub, const uint8_t * seed, uint8_t * blinded)
+	{
+		BN_CTX * ctx = BN_CTX_new ();
+		// calculate alpha = seed mod l
+		BIGNUM * alpha = DecodeBN<64> (seed); // seed is in Little Endian 
+		BN_mod (alpha, alpha, l, ctx); // % l
+		uint8_t priv[32];	
+		EncodeBN (alpha, priv, 32); // back to Little Endian
+		BN_free (alpha);
+		// A' = BLIND_PUBKEY(A, alpha) = A + DERIVE_PUBLIC(alpha)
+		auto A1 = Sum (DecodePublicKey (pub, ctx), MulB (priv, ctx), ctx); // pub + B*alpha
+		EncodePublicKey (A1, blinded, ctx);
+		BN_CTX_free (ctx);
+	}
+
+	void Ed25519::BlindPrivateKey (const uint8_t * priv, const uint8_t * seed, uint8_t * blindedPriv, uint8_t * blindedPub)
+	{
+		BN_CTX * ctx = BN_CTX_new ();
+		// calculate alpha = seed mod l
+		BIGNUM * alpha = DecodeBN<64> (seed); // seed is in Little Endian 
+		BN_mod (alpha, alpha, l, ctx); // % l
+		BIGNUM * p = DecodeBN<32> (priv); // priv is in Little Endian 
+		BN_add (alpha, alpha, p); // alpha = alpha + priv
+		// a' = BLIND_PRIVKEY(a, alpha) = (a + alpha) mod L	
+		BN_mod (alpha, alpha, l, ctx); // % l
+		EncodeBN (alpha, blindedPriv, 32);
+		// A' = DERIVE_PUBLIC(a') 	
+		auto A1 = MulB (blindedPriv, ctx);
+		EncodePublicKey (A1, blindedPub, ctx); 
+		BN_free (alpha); BN_free (p);
+		BN_CTX_free (ctx);
+	}
 
 	void Ed25519::ExpandPrivateKey (const uint8_t * key, uint8_t * expandedKey)
 	{
@@ -497,6 +570,18 @@ namespace crypto
 		expandedKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] |= 0x40; // set second bit
 	}
 
+	void Ed25519::CreateRedDSAPrivateKey (uint8_t * priv)
+	{
+		uint8_t seed[32];
+		RAND_bytes (seed, 32);
+		BIGNUM * p = DecodeBN<32> (seed); 	
+		BN_CTX * ctx = BN_CTX_new ();
+		BN_mod (p, p, l, ctx); // % l
+		EncodeBN (p, priv, 32); 
+		BN_CTX_free (ctx);
+		BN_free (p);
+	}	
+	
 	static std::unique_ptr<Ed25519> g_Ed25519;
 	std::unique_ptr<Ed25519>& GetEd25519 ()
 	{

libi2pd/Ed25519.h

@@ -3,6 +3,7 @@
 
 #include <memory>
 #include <openssl/bn.h>
+#include "Crypto.h"
 
 namespace i2p
 {
@@ -75,14 +76,20 @@ namespace crypto
 			EDDSAPoint GeneratePublicKey (const uint8_t * expandedPrivateKey, BN_CTX * ctx) const;
 			EDDSAPoint DecodePublicKey (const uint8_t * buf, BN_CTX * ctx) const;
 			void EncodePublicKey (const EDDSAPoint& publicKey, uint8_t * buf, BN_CTX * ctx) const;
+#if !OPENSSL_X25519
 			void ScalarMul (const uint8_t * p, const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const; // p is point, e is number for x25519
 			void ScalarMulB (const  uint8_t * e, uint8_t * buf, BN_CTX * ctx) const;
+#endif
+			void BlindPublicKey (const uint8_t * pub, const uint8_t * seed, uint8_t * blinded); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
+			void BlindPrivateKey (const uint8_t * priv, const uint8_t * seed, uint8_t * blindedPriv, uint8_t * blindedPub); // for encrypted LeaseSet2, pub - 32, seed - 64, blinded - 32
 
 			bool Verify (const EDDSAPoint& publicKey, const uint8_t * digest, const uint8_t * signature) const;
 			void Sign (const uint8_t * expandedPrivateKey, const uint8_t * publicKeyEncoded, const uint8_t * buf, size_t len, uint8_t * signature) const;
-
+			void SignRedDSA (const uint8_t * privateKey, const uint8_t * publicKeyEncoded, const uint8_t * buf, size_t len, uint8_t * signature) const;
+			
 			static void ExpandPrivateKey (const uint8_t * key, uint8_t * expandedKey); // key - 32 bytes, expandedKey - 64 bytes
-
+			void CreateRedDSAPrivateKey (uint8_t * priv); // priv is 32 bytes
+			
 		private:
 
 			EDDSAPoint Sum (const EDDSAPoint& p1, const EDDSAPoint& p2, BN_CTX * ctx) const;
@@ -100,8 +107,10 @@ namespace crypto
 			BIGNUM * DecodeBN (const uint8_t * buf) const;
 			void EncodeBN (const BIGNUM * bn, uint8_t * buf, size_t len) const;
 
+#if !OPENSSL_X25519
 			// for x25519
 			BIGNUM * ScalarMul (const BIGNUM * p, const BIGNUM * e, BN_CTX * ctx) const; 
+#endif
 
 		private:
 

libi2pd/FS.cpp

@@ -11,6 +11,7 @@
 
 #ifdef _WIN32
 #include <shlobj.h>
+#include <windows.h>
 #endif
 
 #include "Base.h"
@@ -20,187 +21,211 @@
 
 namespace i2p {
 namespace fs {
-  std::string appName = "i2pd";
-  std::string dataDir = "";
+	std::string appName = "i2pd";
+	std::string dataDir = "";
 #ifdef _WIN32
-  std::string dirSep = "\\";
+	std::string dirSep = "\\";
 #else
-  std::string dirSep = "/";
+	std::string dirSep = "/";
 #endif
 
-  const std::string & GetAppName () {
-    return appName;
-  }
+	const std::string & GetAppName () {
+		return appName;
+	}
 
-  void SetAppName (const std::string& name) {
-    appName = name;
-  }
+	void SetAppName (const std::string& name) {
+		appName = name;
+	}
 
-  const std::string & GetDataDir () {
-    return dataDir;
-  }
+	const std::string & GetDataDir () {
+		return dataDir;
+	}
 
-  void DetectDataDir(const std::string & cmdline_param, bool isService) {
-    if (cmdline_param != "") {
-      dataDir = cmdline_param;
-      return;
-    }
+	void DetectDataDir(const std::string & cmdline_param, bool isService) {
+		if (cmdline_param != "") {
+			dataDir = cmdline_param;
+			return;
+		}
 #if defined(WIN32) || defined(_WIN32)
-    char localAppData[MAX_PATH];
-    // check executable directory first
-    GetModuleFileName (NULL, localAppData, MAX_PATH);
-    auto execPath = boost::filesystem::path(localAppData).parent_path();
-    // if config file exists in .exe's folder use it
-    if(boost::filesystem::exists(execPath/"i2pd.conf")) // TODO: magic string
-        dataDir = execPath.string ();
-    else
-    {
-        // otherwise %appdata%
-        SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, 0, localAppData);
-        dataDir = std::string(localAppData) + "\\" + appName;
-    }
-    return;
+		char localAppData[MAX_PATH];
+
+		// check executable directory first
+		if(!GetModuleFileName(NULL, localAppData, MAX_PATH))
+		{
+#if defined(WIN32_APP)
+			MessageBox(NULL, TEXT("Unable to get application path!"), TEXT("I2Pd: error"), MB_ICONERROR | MB_OK);
+#else
+			fprintf(stderr, "Error: Unable to get application path!");
+#endif
+			exit(1);
+		}
+		else
+		{
+			auto execPath = boost::filesystem::path(localAppData).parent_path();
+
+			// if config file exists in .exe's folder use it
+			if(boost::filesystem::exists(execPath/"i2pd.conf")) // TODO: magic string
+				dataDir = execPath.string ();
+			else // otherwise %appdata%
+			{
+				if(SHGetFolderPath(NULL, CSIDL_APPDATA, NULL, 0, localAppData) != S_OK)
+				{
+#if defined(WIN32_APP)
+					MessageBox(NULL, TEXT("Unable to get AppData path!"), TEXT("I2Pd: error"), MB_ICONERROR | MB_OK);
+#else
+					fprintf(stderr, "Error: Unable to get AppData path!");
+#endif
+					exit(1);
+				}
+				else
+					dataDir = std::string(localAppData) + "\\" + appName;
+			}
+		}
+		return;
 #elif defined(MAC_OSX)
-    char *home = getenv("HOME");
-    dataDir = (home != NULL && strlen(home) > 0) ? home : "";
-    dataDir += "/Library/Application Support/" + appName;
-    return;
+		char *home = getenv("HOME");
+		dataDir = (home != NULL && strlen(home) > 0) ? home : "";
+		dataDir += "/Library/Application Support/" + appName;
+		return;
 #else /* other unix */
 #if defined(ANDROID)
-	const char * ext = getenv("EXTERNAL_STORAGE");
-	if (!ext) ext = "/sdcard";
-	if (boost::filesystem::exists(ext))
-	{
-		dataDir = std::string (ext) + "/" + appName;
+		const char * ext = getenv("EXTERNAL_STORAGE");
+		if (!ext) ext = "/sdcard";
+		if (boost::filesystem::exists(ext))
+		{
+			dataDir = std::string (ext) + "/" + appName;
+			return;
+		}
+#endif
+		// otherwise use /data/files
+		char *home = getenv("HOME");
+		if (isService) {
+			dataDir = "/var/lib/" + appName;
+		} else if (home != NULL && strlen(home) > 0) {
+			dataDir = std::string(home) + "/." + appName;
+		} else {
+			dataDir = "/tmp/" + appName;
+		}
 		return;
+#endif
 	}
-	// otherwise use /data/files
-#endif
-    char *home = getenv("HOME");
-    if (isService) {
-      dataDir = "/var/lib/" + appName;
-    } else if (home != NULL && strlen(home) > 0) {
-      dataDir = std::string(home) + "/." + appName;
-    } else {
-      dataDir = "/tmp/" + appName;
-    }
-    return;
-#endif
-  }
 
-  bool Init() {
-    if (!boost::filesystem::exists(dataDir))
-      boost::filesystem::create_directory(dataDir);
-    std::string destinations = DataDirPath("destinations");
-    if (!boost::filesystem::exists(destinations))
-      boost::filesystem::create_directory(destinations);
-	std::string tags = DataDirPath("tags");
-    if (!boost::filesystem::exists(tags))
-	boost::filesystem::create_directory(tags);
-	else
-		i2p::garlic::CleanUpTagsFiles ();
+	bool Init() {
+		if (!boost::filesystem::exists(dataDir))
+			boost::filesystem::create_directory(dataDir);
 
-    return true;
-  }
+		std::string destinations = DataDirPath("destinations");
+		if (!boost::filesystem::exists(destinations))
+			boost::filesystem::create_directory(destinations);
 
-  bool ReadDir(const std::string & path, std::vector<std::string> & files) {
-    if (!boost::filesystem::exists(path))
-      return false;
-    boost::filesystem::directory_iterator it(path);
-    boost::filesystem::directory_iterator end;
+		std::string tags = DataDirPath("tags");
+		if (!boost::filesystem::exists(tags))
+			boost::filesystem::create_directory(tags);
+		else
+			i2p::garlic::CleanUpTagsFiles ();
 
-    for ( ; it != end; it++) {
-      if (!boost::filesystem::is_regular_file(it->status()))
-        continue;
-      files.push_back(it->path().string());
-    }
+		return true;
+	}
 
-    return true;
-  }
+	bool ReadDir(const std::string & path, std::vector<std::string> & files) {
+		if (!boost::filesystem::exists(path))
+			return false;
+		boost::filesystem::directory_iterator it(path);
+		boost::filesystem::directory_iterator end;
 
-  bool Exists(const std::string & path) {
-    return boost::filesystem::exists(path);
-  }
+		for ( ; it != end; it++) {
+			if (!boost::filesystem::is_regular_file(it->status()))
+				continue;
+			files.push_back(it->path().string());
+		}
 
-  uint32_t GetLastUpdateTime (const std::string & path)
-  {
-	 if (!boost::filesystem::exists(path)) return 0;
-	 boost::system::error_code ec;
-	 auto t = boost::filesystem::last_write_time (path, ec);
-	 return ec ? 0 : t;
-  }
+		return true;
+	}
 
-  bool Remove(const std::string & path) {
-    if (!boost::filesystem::exists(path))
-      return false;
-    return boost::filesystem::remove(path);
-  }
+	bool Exists(const std::string & path) {
+		return boost::filesystem::exists(path);
+	}
+
+	uint32_t GetLastUpdateTime (const std::string & path)
+	{
+		if (!boost::filesystem::exists(path))
+			return 0;
+		boost::system::error_code ec;
+		auto t = boost::filesystem::last_write_time (path, ec);
+		return ec ? 0 : t;
+	}
+
+	bool Remove(const std::string & path) {
+		if (!boost::filesystem::exists(path))
+			return false;
+		return boost::filesystem::remove(path);
+	}
 
 	bool CreateDirectory (const std::string& path)
 	{
-		if (boost::filesystem::exists(path) &&
-			boost::filesystem::is_directory (boost::filesystem::status (path))) return true;
+		if (boost::filesystem::exists(path) && boost::filesystem::is_directory (boost::filesystem::status (path)))
+			return true;
 		return boost::filesystem::create_directory(path);
 	}
 
-  void HashedStorage::SetPlace(const std::string &path) {
-    root = path + i2p::fs::dirSep + name;
-  }
+	void HashedStorage::SetPlace(const std::string &path) {
+		root = path + i2p::fs::dirSep + name;
+	}
 
-  bool HashedStorage::Init(const char * chars, size_t count) {
-    if (!boost::filesystem::exists(root)) {
-      boost::filesystem::create_directories(root);
-    }
+	bool HashedStorage::Init(const char * chars, size_t count) {
+		if (!boost::filesystem::exists(root)) {
+			boost::filesystem::create_directories(root);
+		}
 
-    for (size_t i = 0; i < count; i++) {
-      auto p = root + i2p::fs::dirSep + prefix1 + chars[i];
-      if (boost::filesystem::exists(p))
-        continue;
-      if (boost::filesystem::create_directory(p))
-        continue; /* ^ throws exception on failure */
-      return false;
-    }
-    return true;
-  }
+		for (size_t i = 0; i < count; i++) {
+			auto p = root + i2p::fs::dirSep + prefix1 + chars[i];
+			if (boost::filesystem::exists(p))
+				continue;
+			if (boost::filesystem::create_directory(p))
+				continue; /* ^ throws exception on failure */
+			return false;
+		}
+		return true;
+	}
 
-  std::string HashedStorage::Path(const std::string & ident) const {
-    std::string safe_ident = ident;
-    std::replace(safe_ident.begin(), safe_ident.end(), '/',  '-');
-    std::replace(safe_ident.begin(), safe_ident.end(), '\\', '-');
+	std::string HashedStorage::Path(const std::string & ident) const {
+		std::string safe_ident = ident;
+		std::replace(safe_ident.begin(), safe_ident.end(), '/',	'-');
+		std::replace(safe_ident.begin(), safe_ident.end(), '\\', '-');
 
-    std::stringstream t("");
-    t << this->root << i2p::fs::dirSep;
-    t << prefix1 << safe_ident[0] << i2p::fs::dirSep;
-    t << prefix2 << safe_ident    << "." << suffix;
+		std::stringstream t("");
+		t << this->root << i2p::fs::dirSep;
+		t << prefix1 << safe_ident[0] << i2p::fs::dirSep;
+		t << prefix2 << safe_ident    << "." << suffix;
 
-    return t.str();
-  }
+		return t.str();
+	}
 
-  void HashedStorage::Remove(const std::string & ident) {
-    std::string path = Path(ident);
-    if (!boost::filesystem::exists(path))
-      return;
-    boost::filesystem::remove(path);
-  }
+	void HashedStorage::Remove(const std::string & ident) {
+		std::string path = Path(ident);
+		if (!boost::filesystem::exists(path))
+			return;
+		boost::filesystem::remove(path);
+	}
 
-  void HashedStorage::Traverse(std::vector<std::string> & files) {
-    Iterate([&files] (const std::string & fname) {
-        files.push_back(fname);
-    });
-  }
+	void HashedStorage::Traverse(std::vector<std::string> & files) {
+		Iterate([&files] (const std::string & fname) {
+			files.push_back(fname);
+		});
+	}
 
-  void HashedStorage::Iterate(FilenameVisitor v)
-  {
-    boost::filesystem::path p(root);
-    boost::filesystem::recursive_directory_iterator it(p);
-    boost::filesystem::recursive_directory_iterator end;
+	void HashedStorage::Iterate(FilenameVisitor v)
+	{
+		boost::filesystem::path p(root);
+		boost::filesystem::recursive_directory_iterator it(p);
+		boost::filesystem::recursive_directory_iterator end;
 
-    for ( ; it != end; it++) {
-      if (!boost::filesystem::is_regular_file( it->status() ))
-        continue;
-      const std::string & t = it->path().string();
-      v(t);
-    }
-  }
+		for ( ; it != end; it++) {
+			if (!boost::filesystem::is_regular_file( it->status() ))
+				continue;
+			const std::string & t = it->path().string();
+			v(t);
+		}
+	}
 } // fs
 } // i2p

libi2pd/FS.h

@@ -66,7 +66,7 @@ namespace fs {
 
   /** @brief Returns current application name, default 'i2pd' */
 	const std::string & GetAppName ();
-  /** @brief Set applicaton name, affects autodetection of datadir */
+  /** @brief Set application name, affects autodetection of datadir */
 	void SetAppName (const std::string& name);
 
   /** @brief Returns datadir path */

libi2pd/Family.cpp

@@ -64,7 +64,8 @@ namespace data
 									i2p::crypto::bn2buf (x, signingKey, 32);
 									i2p::crypto::bn2buf (y, signingKey + 32, 32);
 									BN_free (x); BN_free (y);
-									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>(signingKey);
+									verifier = std::make_shared<i2p::crypto::ECDSAP256Verifier>();
+									verifier->SetPublicKey (signingKey);
 								}
 								else
 									LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");

libi2pd/Garlic.cpp

@@ -578,7 +578,7 @@ namespace garlic
 							tunnel = from->GetTunnelPool ()->GetNextOutboundTunnel ();
 						else
 							LogPrint (eLogError, "Garlic: Tunnel pool is not set for inbound tunnel");
-						if (tunnel) // we have send it through an outbound tunnel
+						if (tunnel) // we have sent it through an outbound tunnel
 							tunnel->SendTunnelDataMsg (gwHash, gwTunnel, msg);
 						else
 							LogPrint (eLogWarning, "Garlic: No outbound tunnels available for garlic clove");

libi2pd/Gost.cpp

@@ -1,5 +1,6 @@
 #include <string.h>
 #include <array>
+#include <openssl/bn.h>
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include "I2PEndian.h"

libi2pd/HTTP.cpp

@@ -55,12 +55,16 @@ namespace http {
   static std::pair<std::string, std::string> parse_header_line(const std::string& line)
   {
     std::size_t pos = 0;
-    std::size_t len = 2; /* strlen(": ") */
+    std::size_t len = 1; /*: */
     std::size_t max = line.length();
-    if ((pos = line.find(": ", pos)) == std::string::npos)
-      return std::make_pair("", "");
-    while ((pos + len) < max && isspace(line.at(pos + len)))
-      len++;
+    if ((pos = line.find(':', pos)) == std::string::npos)
+      return std::make_pair("", ""); // no ':' found
+	if (pos + 1 < max) // ':' at the end of header is valid
+	{		
+    	while ((pos + len) < max && isspace(line.at(pos + len)))
+      		len++;
+		if (len == 1) return std::make_pair("", ""); // no following space, but something else
+	}
     return std::make_pair(line.substr(0, pos), line.substr(pos + len));
   }
 

libi2pd/I2NPProtocol.cpp

@@ -264,7 +264,7 @@ namespace i2p
 		auto m = NewI2NPShortMessage ();
 		uint8_t * payload = m->GetPayload ();
 		memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetIdentHash (), 32);
-		payload[DATABASE_STORE_TYPE_OFFSET] = 1; // LeaseSet
+		payload[DATABASE_STORE_TYPE_OFFSET] = leaseSet->GetStoreType (); //  1 for LeaseSet
 		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0);
 		size_t size = DATABASE_STORE_HEADER_SIZE;
 		memcpy (payload + size, leaseSet->GetBuffer (), leaseSet->GetBufferLen ());
@@ -279,8 +279,8 @@ namespace i2p
 		if (!leaseSet) return nullptr;
 		auto m = NewI2NPShortMessage ();
 		uint8_t * payload = m->GetPayload ();
-		memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetIdentHash (), 32);
-		payload[DATABASE_STORE_TYPE_OFFSET] = 1; // LeaseSet
+		memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetStoreHash (), 32);
+		payload[DATABASE_STORE_TYPE_OFFSET] = leaseSet->GetStoreType (); // LeaseSet or LeaseSet2
 		htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, replyToken);
 		size_t size = DATABASE_STORE_HEADER_SIZE;
 		if (replyToken && replyTunnel)

libi2pd/I2NPProtocol.h

@@ -75,6 +75,7 @@ namespace i2p
 
 	enum I2NPMessageType
 	{
+		eI2NPDummyMsg = 0,	
 		eI2NPDatabaseStore = 1,
 		eI2NPDatabaseLookup = 2,
 		eI2NPDatabaseSearchReply = 3,

libi2pd/Identity.cpp

@@ -1,8 +1,7 @@
-#include <time.h>
-#include <stdio.h>
 #include "Crypto.h"
 #include "I2PEndian.h"
 #include "Log.h"
+#include "Timestamp.h"
 #include "Identity.h"
 
 namespace i2p
@@ -77,6 +76,7 @@ namespace data
 					LogPrint (eLogError, "Identity: RSA signing key type ", (int)type, " is not supported");
 				break;
 				case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+				case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519:
 				{
 					size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
 					RAND_bytes (m_StandardIdentity.signingKey, padding);
@@ -275,6 +275,13 @@ namespace data
 		return 128;
 	}
 
+	const uint8_t * IdentityEx::GetSigningPublicKeyBuffer () const
+	{
+		auto keyLen = GetSigningPublicKeyLen ();
+		if (keyLen > 128) return nullptr; // P521
+		return m_StandardIdentity.signingKey + 128 - keyLen;
+	}
+
 	size_t IdentityEx::GetSigningPrivateKeyLen () const
 	{
 		if (!m_Verifier) CreateVerifier ();
@@ -318,62 +325,58 @@ namespace data
 		return CRYPTO_KEY_TYPE_ELGAMAL;
 	}
 
-	void IdentityEx::CreateVerifier () const
+	i2p::crypto::Verifier * IdentityEx::CreateVerifier (SigningKeyType keyType)
 	{
-		if (m_Verifier) return; // don't create again
-		auto keyType = GetSigningKeyType ();
 		switch (keyType)
 		{
 			case SIGNING_KEY_TYPE_DSA_SHA1:
-				UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
-			break;
+				return new i2p::crypto::DSAVerifier ();
 			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
-			{
-				size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
-				UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
-				break;
-			}
+				return new i2p::crypto::ECDSAP256Verifier ();
 			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
-			{
-				size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
-				UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
-				break;
-			}
+				return new i2p::crypto::ECDSAP384Verifier ();
 			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
-			{
-				uint8_t signingKey[i2p::crypto::ECDSAP521_KEY_LENGTH];
-				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
-				size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
-				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
-				break;
-			}
+				return new i2p::crypto::ECDSAP521Verifier ();
+			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+				return new i2p::crypto::EDDSA25519Verifier ();
+			case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
+				return new i2p::crypto::GOSTR3410_256_Verifier (i2p::crypto::eGOSTR3410CryptoProA);
+			case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
+				return new i2p::crypto::GOSTR3410_512_Verifier (i2p::crypto::eGOSTR3410TC26A512);
+			case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519:
+				return new i2p::crypto::RedDSA25519Verifier ();
 			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
 			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
 			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
 				LogPrint (eLogError, "Identity: RSA signing key type ", (int)keyType, " is not supported");
 			break;
-			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
-			{
-				size_t padding =  128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
-				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
-				break;
-			}
-			case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
-			{
-				size_t padding =  128 - i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
-				UpdateVerifier (new i2p::crypto::GOSTR3410_256_Verifier (i2p::crypto::eGOSTR3410CryptoProA, m_StandardIdentity.signingKey + padding));
-				break;
-			}
-			case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
-			{
-				// zero padding
-				UpdateVerifier (new i2p::crypto::GOSTR3410_512_Verifier (i2p::crypto::eGOSTR3410TC26A512, m_StandardIdentity.signingKey));
-				break;
-			}
 			default:
 				LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
 		}
+		return nullptr;
+	}
+		
+	void IdentityEx::CreateVerifier () const
+	{
+		if (m_Verifier) return; // don't create again
+		auto verifier = CreateVerifier (GetSigningKeyType ());
+		if (verifier)
+		{
+			auto keyLen = verifier->GetPublicKeyLen ();
+			if (keyLen <= 128)
+				verifier->SetPublicKey (m_StandardIdentity.signingKey + 128 - keyLen);
+			else
+			{
+				// for P521
+				uint8_t * signingKey = new uint8_t[keyLen];	
+				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
+				size_t excessLen = keyLen - 128; 
+				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
+				verifier->SetPublicKey (signingKey);
+				delete[] signingKey;	
+			}		
+		}	
+		UpdateVerifier (verifier); 
 	}
 
 	void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
@@ -407,10 +410,9 @@ namespace data
 		m_Verifier = nullptr;
 	}
 
-	std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> IdentityEx::CreateEncryptor (const uint8_t * key) const
+	std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> IdentityEx::CreateEncryptor (CryptoKeyType keyType, const uint8_t * key)
 	{
-		if (!key) key = GetEncryptionPublicKey (); // use publicKey
-		switch (GetCryptoKeyType ())
+		switch (keyType)
 		{
 			case CRYPTO_KEY_TYPE_ELGAMAL:
 				return std::make_shared<i2p::crypto::ElGamalEncryptor>(key);
@@ -423,9 +425,15 @@ namespace data
 				return std::make_shared<i2p::crypto::ECIESGOSTR3410Encryptor>(key);
 			break;
 			default:
-				LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)GetCryptoKeyType ());
+				LogPrint (eLogError, "Identity: Unknown crypto key type ", (int)keyType);
 		};
 		return nullptr;
+	}		
+
+	std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> IdentityEx::CreateEncryptor (const uint8_t * key) const
+	{
+		if (!key) key = GetEncryptionPublicKey (); // use publicKey
+		return CreateEncryptor (GetCryptoKeyType (), key);
 	}
 
 	PrivateKeys& PrivateKeys::operator=(const Keys& keys)
@@ -433,6 +441,9 @@ namespace data
 		m_Public = std::make_shared<IdentityEx>(Identity (keys));
 		memcpy (m_PrivateKey, keys.privateKey, 256); // 256
 		memcpy (m_SigningPrivateKey, keys.signingPrivateKey, m_Public->GetSigningPrivateKeyLen ());
+		m_OfflineSignature.resize (0);
+		m_TransientSignatureLen = 0;
+		m_TransientSigningPrivateKeyLen = 0;
 		m_Signer = nullptr;
 		CreateSigner ();
 		return *this;
@@ -442,12 +453,23 @@ namespace data
 	{
 		m_Public = std::make_shared<IdentityEx>(*other.m_Public);
 		memcpy (m_PrivateKey, other.m_PrivateKey, 256); // 256
-		memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, m_Public->GetSigningPrivateKeyLen ());
+		m_OfflineSignature = other.m_OfflineSignature;
+		m_TransientSignatureLen = other.m_TransientSignatureLen;
+		m_TransientSigningPrivateKeyLen = other.m_TransientSigningPrivateKeyLen;
+		memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, m_TransientSigningPrivateKeyLen > 0 ? m_TransientSigningPrivateKeyLen : m_Public->GetSigningPrivateKeyLen ());
 		m_Signer = nullptr;
 		CreateSigner ();
 		return *this;
 	}
 
+	size_t PrivateKeys::GetFullLen () const 
+	{ 
+		size_t ret = m_Public->GetFullLen () + 256 + m_Public->GetSigningPrivateKeyLen (); 
+		if (IsOfflineSignature ())
+			ret += m_OfflineSignature.size () + m_TransientSigningPrivateKeyLen;
+		return ret;
+	}
+
 	size_t PrivateKeys::FromBuffer (const uint8_t * buf, size_t len)
 	{
 		m_Public = std::make_shared<IdentityEx>();
@@ -456,11 +478,50 @@ namespace data
 		memcpy (m_PrivateKey, buf + ret, 256); // private key always 256
 		ret += 256;
 		size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen ();
-		if(signingPrivateKeySize + ret > len) return 0; // overflow
+		if(signingPrivateKeySize + ret > len || signingPrivateKeySize > 128) return 0; // overflow
 		memcpy (m_SigningPrivateKey, buf + ret, signingPrivateKeySize);
 		ret += signingPrivateKeySize;
 		m_Signer = nullptr;
-		CreateSigner ();
+		// check if signing private key is all zeros
+		bool allzeros = true;
+		for (size_t i = 0; i < signingPrivateKeySize; i++)
+			if (m_SigningPrivateKey[i]) 
+			{
+				allzeros = false;
+				break;
+			}
+		if (allzeros)
+		{
+			// offline information
+			const uint8_t * offlineInfo = buf + ret;
+			ret += 4; // expires timestamp
+			SigningKeyType keyType = bufbe16toh (buf + ret); ret += 2; // key type
+			std::unique_ptr<i2p::crypto::Verifier> transientVerifier (IdentityEx::CreateVerifier (keyType));
+			if (!transientVerifier) return 0;
+			auto keyLen = transientVerifier->GetPublicKeyLen ();
+			if (keyLen + ret > len) return 0;
+			transientVerifier->SetPublicKey (buf + ret); ret += keyLen;
+			if (m_Public->GetSignatureLen () + ret > len) return 0;
+			if (!m_Public->Verify (offlineInfo, keyLen + 6, buf + ret)) 
+			{
+				LogPrint (eLogError, "Identity: offline signature verification failed");
+				return 0;
+			}
+			ret += m_Public->GetSignatureLen ();
+			m_TransientSignatureLen = transientVerifier->GetSignatureLen ();
+			// copy offline signature
+			size_t offlineInfoLen = buf + ret - offlineInfo;
+			m_OfflineSignature.resize (offlineInfoLen);
+			memcpy (m_OfflineSignature.data (), offlineInfo, offlineInfoLen);
+			// override signing private key 
+			m_TransientSigningPrivateKeyLen = transientVerifier->GetPrivateKeyLen ();
+			if (m_TransientSigningPrivateKeyLen + ret > len || m_TransientSigningPrivateKeyLen > 128) return 0;
+			memcpy (m_SigningPrivateKey, buf + ret, m_TransientSigningPrivateKeyLen);
+			ret += m_TransientSigningPrivateKeyLen;
+			CreateSigner (keyType);
+		}
+		else
+			CreateSigner (m_Public->GetSigningKeyType ());
 		return ret;
 	}
 
@@ -471,8 +532,23 @@ namespace data
 		ret += 256;
 		size_t signingPrivateKeySize = m_Public->GetSigningPrivateKeyLen ();
 		if(ret + signingPrivateKeySize > len) return 0; // overflow
-		memcpy (buf + ret, m_SigningPrivateKey, signingPrivateKeySize);
+		if (IsOfflineSignature ())
+			memset (buf + ret, 0, signingPrivateKeySize);
+		else
+			memcpy (buf + ret, m_SigningPrivateKey, signingPrivateKeySize);
 		ret += signingPrivateKeySize;
+		if (IsOfflineSignature ())
+		{
+			// offline signature
+			auto offlineSignatureLen = m_OfflineSignature.size ();
+			if (ret + offlineSignatureLen > len) return 0;
+			memcpy (buf + ret, m_OfflineSignature.data (), offlineSignatureLen);
+			ret += offlineSignatureLen;
+			// transient private key
+			if (ret + m_TransientSigningPrivateKeyLen > len) return 0;
+			memcpy (buf + ret, m_SigningPrivateKey, m_TransientSigningPrivateKeyLen);
+			ret += m_TransientSigningPrivateKeyLen;
+		}
 		return ret;
 	}
 
@@ -507,38 +583,66 @@ namespace data
 
 	void PrivateKeys::CreateSigner () const
 	{
-		if (m_Signer) return;
-		switch (m_Public->GetSigningKeyType ())
+		if (IsOfflineSignature ())
+			CreateSigner (bufbe16toh (m_OfflineSignature.data () + 4)); // key type
+		else
+			CreateSigner (m_Public->GetSigningKeyType ());
+	}
+	
+	void PrivateKeys::CreateSigner (SigningKeyType keyType) const
+	{
+		if (m_Signer) return;	
+		if (keyType == SIGNING_KEY_TYPE_DSA_SHA1)
+			m_Signer.reset (new i2p::crypto::DSASigner (m_SigningPrivateKey, m_Public->GetStandardIdentity ().signingKey));
+		else if (keyType == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 && !IsOfflineSignature ())
+			m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH)); // TODO: remove public key check
+		else
+		{
+			// public key is not required
+			auto signer = CreateSigner (keyType, m_SigningPrivateKey);
+			if (signer) m_Signer.reset (signer);
+		}	
+	}
+
+	i2p::crypto::Signer * PrivateKeys::CreateSigner (SigningKeyType keyType, const uint8_t * priv)
+	{
+		switch (keyType)
 		{
-			case SIGNING_KEY_TYPE_DSA_SHA1:
-				m_Signer.reset (new i2p::crypto::DSASigner (m_SigningPrivateKey, m_Public->GetStandardIdentity ().signingKey));
-			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
-				m_Signer.reset (new i2p::crypto::ECDSAP256Signer (m_SigningPrivateKey));
+				return new i2p::crypto::ECDSAP256Signer (priv);
 			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
-				m_Signer.reset (new i2p::crypto::ECDSAP384Signer (m_SigningPrivateKey));
+				return new i2p::crypto::ECDSAP384Signer (priv);
 			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
-				m_Signer.reset (new i2p::crypto::ECDSAP521Signer (m_SigningPrivateKey));
+				return new i2p::crypto::ECDSAP521Signer (priv);
 			break;
 			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
 			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
 			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
-				LogPrint (eLogError, "Identity: RSA signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
+				LogPrint (eLogError, "Identity: RSA signing key type ", (int)keyType, " is not supported");
 			break;
 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
-				m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
+				return new i2p::crypto::EDDSA25519Signer (priv, nullptr);
 			break;
 			case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
-				m_Signer.reset (new i2p::crypto::GOSTR3410_256_Signer (i2p::crypto::eGOSTR3410CryptoProA, m_SigningPrivateKey));
+				return new i2p::crypto::GOSTR3410_256_Signer (i2p::crypto::eGOSTR3410CryptoProA, priv);
 			break;
 			case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
-				m_Signer.reset (new i2p::crypto::GOSTR3410_512_Signer (i2p::crypto::eGOSTR3410TC26A512, m_SigningPrivateKey));
+				return new i2p::crypto::GOSTR3410_512_Signer (i2p::crypto::eGOSTR3410TC26A512, priv);
 			break;
+			case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519:
+				return new i2p::crypto::RedDSA25519Signer (priv); 
+			break;	
 			default:
-				LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");
+				LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
 		}
+		return nullptr;
+	}
+
+	size_t PrivateKeys::GetSignatureLen () const
+	{
+		return IsOfflineSignature () ? m_TransientSignatureLen : m_Public->GetSignatureLen ();
 	}
 
 	uint8_t * PrivateKeys::GetPadding()
@@ -583,35 +687,7 @@ namespace data
 			PrivateKeys keys;
 			// signature
 			uint8_t signingPublicKey[512]; // signing public key is 512 bytes max
-			switch (type)
-			{
-				case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
-					i2p::crypto::CreateECDSAP256RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
-				break;
-				case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
-					i2p::crypto::CreateECDSAP384RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
-				break;
-				case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
-					i2p::crypto::CreateECDSAP521RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
-				break;
-				case SIGNING_KEY_TYPE_RSA_SHA256_2048:
-				case SIGNING_KEY_TYPE_RSA_SHA384_3072:
-				case SIGNING_KEY_TYPE_RSA_SHA512_4096:
-					LogPrint (eLogWarning, "Identity: RSA signature type is not supported. Creating EdDSA");
-				// no break here
-				case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
-					i2p::crypto::CreateEDDSA25519RandomKeys (keys.m_SigningPrivateKey, signingPublicKey);
-				break;
-				case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
-					i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410CryptoProA, keys.m_SigningPrivateKey, signingPublicKey);
-				break;
-				case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
-					i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410TC26A512, keys.m_SigningPrivateKey, signingPublicKey);
-				break;
-				default:
-					LogPrint (eLogWarning, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
-					return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
-			}
+			GenerateSigningKeyPair (type, keys.m_SigningPrivateKey, signingPublicKey);
 			// encryption
 			uint8_t publicKey[256];
 			GenerateCryptoKeyPair (cryptoType, keys.m_PrivateKey, publicKey);
@@ -624,6 +700,42 @@ namespace data
 		return PrivateKeys (i2p::data::CreateRandomKeys ()); // DSA-SHA1
 	}
 
+	void PrivateKeys::GenerateSigningKeyPair (SigningKeyType type, uint8_t * priv, uint8_t * pub)
+	{
+		switch (type)
+		{
+			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
+				i2p::crypto::CreateECDSAP256RandomKeys (priv, pub);
+			break;
+			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
+				i2p::crypto::CreateECDSAP384RandomKeys (priv, pub);
+			break;
+			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
+				i2p::crypto::CreateECDSAP521RandomKeys (priv, pub);
+			break;
+			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
+			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
+			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
+				LogPrint (eLogWarning, "Identity: RSA signature type is not supported. Creating EdDSA");
+			// no break here
+			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
+				i2p::crypto::CreateEDDSA25519RandomKeys (priv, pub);
+			break;
+			case SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256:
+				i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410CryptoProA, priv, pub);
+			break;
+			case SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512:
+				i2p::crypto::CreateGOSTR3410RandomKeys (i2p::crypto::eGOSTR3410TC26A512, priv, pub);
+			break;
+			case SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519:
+				i2p::crypto::CreateRedDSA25519RandomKeys (priv, pub);
+			break;	
+			default:
+				LogPrint (eLogWarning, "Identity: Signing key type ", (int)type, " is not supported. Create DSA-SHA1");
+				i2p::crypto::CreateDSARandomKeys (priv, pub); // DSA-SHA1
+		}
+	}
+
 	void PrivateKeys::GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub)
 	{
 		switch (type)
@@ -643,6 +755,27 @@ namespace data
 		}
 	}
 
+	PrivateKeys PrivateKeys::CreateOfflineKeys (SigningKeyType type, uint32_t expires) const
+	{
+		PrivateKeys keys (*this);
+		std::unique_ptr<i2p::crypto::Verifier> verifier (IdentityEx::CreateVerifier (type));		
+		if (verifier)
+		{
+			size_t pubKeyLen = verifier->GetPublicKeyLen ();
+			keys.m_TransientSigningPrivateKeyLen = verifier->GetPrivateKeyLen ();
+			keys.m_TransientSignatureLen = verifier->GetSignatureLen ();
+			keys.m_OfflineSignature.resize (pubKeyLen + m_Public->GetSignatureLen () + 6);
+			htobe32buf (keys.m_OfflineSignature.data (), expires); // expires
+			htobe16buf (keys.m_OfflineSignature.data () + 4, type); // type
+			GenerateSigningKeyPair (type, keys.m_SigningPrivateKey, keys.m_OfflineSignature.data () + 6); // public  key
+			Sign (keys.m_OfflineSignature.data (), pubKeyLen + 6, keys.m_OfflineSignature.data () + 6 + pubKeyLen); // signature	
+			// recreate signer
+			keys.m_Signer = nullptr;
+			keys.CreateSigner (type);
+		}
+		return keys;
+	}
+
 	Keys CreateRandomKeys ()
 	{
 		Keys keys;
@@ -657,15 +790,7 @@ namespace data
 	{
 		uint8_t buf[41]; // ident + yyyymmdd
 		memcpy (buf, (const uint8_t *)ident, 32);
-		time_t t = time (nullptr);
-		struct tm tm;
-#ifdef _WIN32
-		gmtime_s(&tm, &t);
-		sprintf_s((char *)(buf + 32), 9, "%04i%02i%02i", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday);
-#else
-		gmtime_r(&t, &tm);
-		sprintf((char *)(buf + 32), "%04i%02i%02i", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday);
-#endif
+		i2p::util::GetCurrentDate ((char *)(buf + 32));
 		IdentHash key;
 		SHA256(buf, 40, key);
 		return key;

libi2pd/Identity.h

@@ -6,6 +6,7 @@
 #include <string>
 #include <memory>
 #include <atomic>
+#include <vector>
 #include "Base.h"
 #include "Signature.h"
 #include "CryptoKey.h"
@@ -66,9 +67,9 @@ namespace data
 	const uint16_t SIGNING_KEY_TYPE_RSA_SHA512_4096 = 6;
 	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519 = 7;
 	const uint16_t SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519ph = 8; // not implemented
-	// following signature type should never appear in netid=2
 	const uint16_t SIGNING_KEY_TYPE_GOSTR3410_CRYPTO_PRO_A_GOSTR3411_256 = 9;
 	const uint16_t SIGNING_KEY_TYPE_GOSTR3410_TC26_A_512_GOSTR3411_512 = 10; // approved by FSB
+	const uint16_t SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519 = 11; // for LeaseSet2 only
 
 	typedef uint16_t SigningKeyType;
 	typedef uint16_t CryptoKeyType;
@@ -91,14 +92,15 @@ namespace data
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
 			size_t FromBase64(const std::string& s);
 			std::string ToBase64 () const;
-		const Identity& GetStandardIdentity () const { return m_StandardIdentity; };
+			const Identity& GetStandardIdentity () const { return m_StandardIdentity; };
 
 			const IdentHash& GetIdentHash () const { return m_IdentHash; };
-		const uint8_t * GetEncryptionPublicKey () const { return m_StandardIdentity.publicKey; };
-		uint8_t * GetEncryptionPublicKeyBuffer () { return m_StandardIdentity.publicKey; };
+			const uint8_t * GetEncryptionPublicKey () const { return m_StandardIdentity.publicKey; };
+			uint8_t * GetEncryptionPublicKeyBuffer () { return m_StandardIdentity.publicKey; };
 			std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> CreateEncryptor (const uint8_t * key) const;
 			size_t GetFullLen () const { return m_ExtendedLen + DEFAULT_IDENTITY_SIZE; };
 			size_t GetSigningPublicKeyLen () const;
+			const uint8_t * GetSigningPublicKeyBuffer () const; // returns NULL for P521
 			size_t GetSigningPrivateKeyLen () const;
 			size_t GetSignatureLen () const;
 			bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
@@ -107,9 +109,11 @@ namespace data
 			CryptoKeyType GetCryptoKeyType () const;
 			void DropVerifier () const; // to save memory
 
-      bool operator == (const IdentityEx & other) const { return GetIdentHash() == other.GetIdentHash(); }
+  			bool operator == (const IdentityEx & other) const { return GetIdentHash() == other.GetIdentHash(); }
+			void RecalculateIdentHash(uint8_t * buff=nullptr);
 
-    void RecalculateIdentHash(uint8_t * buff=nullptr);
+			static i2p::crypto::Verifier * CreateVerifier (SigningKeyType keyType);
+			static std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> CreateEncryptor (CryptoKeyType keyType, const uint8_t * key);			
 
 		private:
 
@@ -140,11 +144,13 @@ namespace data
 			std::shared_ptr<const IdentityEx> GetPublic () const { return m_Public; };
 			const uint8_t * GetPrivateKey () const { return m_PrivateKey; };
 			const uint8_t * GetSigningPrivateKey () const { return m_SigningPrivateKey; };
-    uint8_t * GetPadding();
-		void RecalculateIdentHash(uint8_t * buf=nullptr) { m_Public->RecalculateIdentHash(buf); }
+			size_t GetSignatureLen () const; // might not match identity
+			bool IsOfflineSignature () const { return m_TransientSignatureLen > 0; };
+    		uint8_t * GetPadding();
+			void RecalculateIdentHash(uint8_t * buf=nullptr) { m_Public->RecalculateIdentHash(buf); }
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
 
-			size_t GetFullLen () const { return m_Public->GetFullLen () + 256 + m_Public->GetSigningPrivateKeyLen (); };
+			size_t GetFullLen () const;
 			size_t FromBuffer (const uint8_t * buf, size_t len);
 			size_t ToBuffer (uint8_t * buf, size_t len) const;
 
@@ -155,18 +161,28 @@ namespace data
 
 			static std::shared_ptr<i2p::crypto::CryptoKeyDecryptor> CreateDecryptor (CryptoKeyType cryptoType, const uint8_t * key);
 			static PrivateKeys CreateRandomKeys (SigningKeyType type = SIGNING_KEY_TYPE_DSA_SHA1, CryptoKeyType cryptoType = CRYPTO_KEY_TYPE_ELGAMAL);
+			static void GenerateSigningKeyPair (SigningKeyType type, uint8_t * priv, uint8_t * pub); 
 			static void GenerateCryptoKeyPair (CryptoKeyType type, uint8_t * priv, uint8_t * pub); // priv and pub are 256 bytes long
+			static i2p::crypto::Signer * CreateSigner (SigningKeyType keyType, const uint8_t * priv);
+
+			// offline keys
+			PrivateKeys CreateOfflineKeys (SigningKeyType type, uint32_t expires) const; 
+			const std::vector<uint8_t>& GetOfflineSignature () const { return m_OfflineSignature; };
 
 		private:
 
 			void CreateSigner () const;
+			void CreateSigner (SigningKeyType keyType) const;
 
 		private:
 
 			std::shared_ptr<IdentityEx> m_Public;
 			uint8_t m_PrivateKey[256];
-			uint8_t m_SigningPrivateKey[1024]; // assume private key doesn't exceed 1024 bytes
+			uint8_t m_SigningPrivateKey[128]; // assume private key doesn't exceed 128 bytes
 			mutable std::unique_ptr<i2p::crypto::Signer> m_Signer;
+			std::vector<uint8_t> m_OfflineSignature; // non zero length, if applicable
+			size_t m_TransientSignatureLen = 0;
+			size_t m_TransientSigningPrivateKeyLen = 0;
 	};
 
 	// kademlia

libi2pd/LeaseSet.cpp

@@ -1,6 +1,10 @@
 #include <string.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+#include <zlib.h> // for crc32
 #include "I2PEndian.h"
 #include "Crypto.h"
+#include "Ed25519.h"
 #include "Log.h"
 #include "Timestamp.h"
 #include "NetDb.hpp"
@@ -12,8 +16,14 @@ namespace i2p
 namespace data
 {
 
+	LeaseSet::LeaseSet (bool storeLeases):
+		m_IsValid (false), m_StoreLeases (storeLeases), m_ExpirationTime (0), m_EncryptionKey (nullptr), 
+		m_Buffer (nullptr), m_BufferLen (0)
+	{
+	}
+
 	LeaseSet::LeaseSet (const uint8_t * buf, size_t len, bool storeLeases):
-		m_IsValid (true), m_StoreLeases (storeLeases), m_ExpirationTime (0)
+		m_IsValid (true), m_StoreLeases (storeLeases), m_ExpirationTime (0), m_EncryptionKey (nullptr)
 	{
 		m_Buffer = new uint8_t[len];
 		memcpy (m_Buffer, buf, len);
@@ -51,7 +61,11 @@ namespace data
 			m_IsValid = false;
 			return;
 		}
-		memcpy (m_EncryptionKey, m_Buffer + size, 256);
+		if (m_StoreLeases)
+		{
+			if (!m_EncryptionKey) m_EncryptionKey = new uint8_t[256];
+			memcpy (m_EncryptionKey, m_Buffer + size, 256);
+		}	
 		size += 256; // encryption key
 		size += m_Identity->GetSigningPublicKeyLen (); // unused signing key
 		uint8_t num = m_Buffer[size];
@@ -64,12 +78,7 @@ namespace data
 			return;
 		}
 
-		// reset existing leases
-		if (m_StoreLeases)
-			for (auto& it: m_Leases)
-				it->isUpdated = false;
-		else
-			m_Leases.clear ();
+		UpdateLeasesBegin ();
 
 		// process leases
 		m_ExpirationTime = 0;
@@ -84,26 +93,7 @@ namespace data
 			leases += 4; // tunnel ID
 			lease.endDate = bufbe64toh (leases);
 			leases += 8; // end date
-			if (ts < lease.endDate + LEASE_ENDDATE_THRESHOLD)
-			{
-				if (lease.endDate > m_ExpirationTime)
-					m_ExpirationTime = lease.endDate;
-				if (m_StoreLeases)
-				{
-					auto ret = m_Leases.insert (std::make_shared<Lease>(lease));
-					if (!ret.second) (*ret.first)->endDate = lease.endDate; // update existing
-					(*ret.first)->isUpdated = true;
-					// check if lease's gateway is in our netDb
-					if (!netdb.FindRouter (lease.tunnelGateway))
-					{
-						// if not found request it
-						LogPrint (eLogInfo, "LeaseSet: Lease's tunnel gateway not found, requesting");
-						netdb.RequestDestination (lease.tunnelGateway);
-					}
-				}
-			}
-			else
-				LogPrint (eLogWarning, "LeaseSet: Lease is expired already ");
+			UpdateLease (lease, ts);
 		}
 		if (!m_ExpirationTime)
 		{
@@ -112,6 +102,29 @@ namespace data
 			return;
 		}
 		m_ExpirationTime += LEASE_ENDDATE_THRESHOLD;
+
+		UpdateLeasesEnd ();
+
+		// verify
+		if (verifySignature && !m_Identity->Verify (m_Buffer, leases - m_Buffer, leases))
+		{
+			LogPrint (eLogWarning, "LeaseSet: verification failed");
+			m_IsValid = false;
+		}
+	}
+
+	void LeaseSet::UpdateLeasesBegin ()
+	{
+		// reset existing leases
+		if (m_StoreLeases)
+			for (auto& it: m_Leases)
+				it->isUpdated = false;
+		else
+			m_Leases.clear ();
+	}
+
+	void LeaseSet::UpdateLeasesEnd ()
+	{
 		// delete old leases
 		if (m_StoreLeases)
 		{
@@ -126,13 +139,30 @@ namespace data
 					++it;
 			}
 		}
+	}
 
-		// verify
-		if (verifySignature && !m_Identity->Verify (m_Buffer, leases - m_Buffer, leases))
+	void LeaseSet::UpdateLease (const Lease& lease, uint64_t ts)
+	{
+		if (ts < lease.endDate + LEASE_ENDDATE_THRESHOLD)
 		{
-			LogPrint (eLogWarning, "LeaseSet: verification failed");
-			m_IsValid = false;
+			if (lease.endDate > m_ExpirationTime)
+				m_ExpirationTime = lease.endDate;
+			if (m_StoreLeases)
+			{
+				auto ret = m_Leases.insert (std::make_shared<Lease>(lease));
+				if (!ret.second) (*ret.first)->endDate = lease.endDate; // update existing
+				(*ret.first)->isUpdated = true;
+				// check if lease's gateway is in our netDb
+				if (!netdb.FindRouter (lease.tunnelGateway))
+				{
+					// if not found request it
+					LogPrint (eLogInfo, "LeaseSet: Lease's tunnel gateway not found, requesting");
+					netdb.RequestDestination (lease.tunnelGateway);
+				}
+			}
 		}
+		else
+			LogPrint (eLogWarning, "LeaseSet: Lease is expired already ");
 	}
 
 	uint64_t LeaseSet::ExtractTimestamp (const uint8_t * buf, size_t len) const
@@ -210,11 +240,461 @@ namespace data
 
 	void LeaseSet::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const
 	{
+		if (!m_EncryptionKey) return;
 		auto encryptor = m_Identity->CreateEncryptor (m_EncryptionKey);
 		if (encryptor)
 			encryptor->Encrypt (data, encrypted, ctx, true);
 	}
 
+	void LeaseSet::SetBuffer (const uint8_t * buf, size_t len)
+	{
+		if (m_Buffer) delete[] m_Buffer;
+		m_Buffer = new uint8_t[len];
+		m_BufferLen = len;
+		memcpy (m_Buffer, buf, len);
+	}
+
+	BlindedPublicKey::BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, SigningKeyType blindedKeyType):
+		m_BlindedSigType (blindedKeyType)
+	{
+		if (!identity) return;
+		auto len = identity->GetSigningPublicKeyLen ();
+		m_PublicKey.resize (len);
+		memcpy (m_PublicKey.data (), identity->GetSigningPublicKeyBuffer (), len);
+		m_SigType = identity->GetSigningKeyType ();
+	}
+
+	BlindedPublicKey::BlindedPublicKey (const std::string& b33)
+	{
+		uint8_t addr[40]; // TODO: define length from b33
+		size_t l = i2p::data::Base32ToByteStream (b33.c_str (), b33.length (), addr, 40);
+		uint32_t checksum = crc32 (0, addr + 3, l - 3); 
+		// checksum is Little Endian
+		addr[0] ^= checksum; addr[1] ^= (checksum >> 8); addr[2] ^= (checksum >> 16);  
+		uint8_t flag = addr[0];
+		size_t offset = 1;	
+		if (flag & 0x01) // two bytes signatures
+		{
+			m_SigType = bufbe16toh (addr + offset); offset += 2;
+			m_BlindedSigType = bufbe16toh (addr + offset); offset += 2;
+		}
+		else // one byte sig
+		{
+			m_SigType = addr[offset]; offset++;
+			m_BlindedSigType = addr[offset]; offset++;
+		}
+		std::unique_ptr<i2p::crypto::Verifier> blindedVerifier (i2p::data::IdentityEx::CreateVerifier (m_SigType));
+		if (blindedVerifier)
+		{
+			auto len = blindedVerifier->GetPublicKeyLen ();
+			if (offset + len <= l)
+			{
+				m_PublicKey.resize (len);
+				memcpy (m_PublicKey.data (), addr + offset, len);
+			}
+			else
+				LogPrint (eLogError, "LeaseSet2: public key in b33 address is too short for signature type ", (int)m_SigType);	
+		}
+		else
+			LogPrint (eLogError, "LeaseSet2: unknown signature type ", (int)m_SigType, " in b33");
+	}
+
+	std::string BlindedPublicKey::ToB33 () const
+	{
+		if (m_PublicKey.size () > 32) return ""; // assume 25519
+		uint8_t addr[35]; char str[60]; // TODO: define actual length
+		addr[0] = 0; // flags
+		addr[1] = m_SigType; // sig type
+		addr[2] = m_BlindedSigType; // blinded sig type
+		memcpy (addr + 3, m_PublicKey.data (), m_PublicKey.size ());
+		uint32_t checksum = crc32 (0, addr + 3, m_PublicKey.size ()); 
+		// checksum is Little Endian
+		addr[0] ^= checksum; addr[1] ^= (checksum >> 8); addr[2] ^= (checksum >> 16); 
+		auto l = ByteStreamToBase32 (addr, m_PublicKey.size () + 3, str, 60);
+		return std::string (str, str + l);
+	}
+
+	void BlindedPublicKey::GetCredential (uint8_t * credential) const
+	{
+		// A = destination's signing public key 
+		// stA = signature type of A, 2 bytes big endian
+		uint16_t stA = htobe16 (GetSigType ());
+		// stA1 = signature type of blinded A, 2 bytes big endian
+		uint16_t stA1 = htobe16 (GetBlindedSigType ());	
+		// credential = H("credential", A || stA || stA1)
+		H ("credential", { {GetPublicKey (), GetPublicKeyLen ()}, {(const uint8_t *)&stA, 2}, {(const uint8_t *)&stA1, 2} }, credential);
+	}
+
+	void BlindedPublicKey::GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const
+	{
+		uint8_t credential[32];
+		GetCredential (credential);
+		// subcredential = H("subcredential", credential || blindedPublicKey)
+		H ("subcredential", { {credential, 32}, {blinded, len} }, subcredential);
+	}
+
+	void BlindedPublicKey::GenerateAlpha (const char * date, uint8_t * seed) const
+	{
+		uint16_t stA = htobe16 (GetSigType ()), stA1 = htobe16 (GetBlindedSigType ());
+		uint8_t salt[32];
+		//seed = HKDF(H("I2PGenerateAlpha", keydata), datestring || secret, "i2pblinding1", 64)	
+		H ("I2PGenerateAlpha", { {GetPublicKey (), GetPublicKeyLen ()}, {(const uint8_t *)&stA, 2}, {(const uint8_t *)&stA1, 2} }, salt);
+		i2p::crypto::HKDF (salt, (const uint8_t *)date, 8, "i2pblinding1", seed);
+	}
+
+	void BlindedPublicKey::GetBlindedKey (const char * date, uint8_t * blindedKey) const
+	{
+		uint8_t seed[64];	
+		GenerateAlpha (date, seed);	
+		i2p::crypto::GetEd25519 ()->BlindPublicKey (GetPublicKey (), seed, blindedKey);
+	}
+
+	void BlindedPublicKey::BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const
+	{
+		uint8_t seed[64];	
+		GenerateAlpha (date, seed);	
+		i2p::crypto::GetEd25519 ()->BlindPrivateKey (priv, seed, blindedPriv, blindedPub);
+	}
+
+	void BlindedPublicKey::H (const std::string& p, const std::vector<std::pair<const uint8_t *, size_t> >& bufs, uint8_t * hash) const 
+	{
+		SHA256_CTX ctx;
+		SHA256_Init (&ctx);
+		SHA256_Update (&ctx, p.c_str (), p.length ());
+		for (const auto& it: bufs)	
+			SHA256_Update (&ctx, it.first, it.second);
+		SHA256_Final (hash, &ctx);
+	}
+
+	i2p::data::IdentHash BlindedPublicKey::GetStoreHash (const char * date) const
+	{
+		i2p::data::IdentHash hash;
+		if (m_BlindedSigType == i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519 ||
+			m_BlindedSigType == SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519)
+		{
+			uint8_t blinded[32];
+			if (date)
+				GetBlindedKey (date, blinded);
+			else
+			{
+				char currentDate[9];
+				i2p::util::GetCurrentDate (currentDate);
+				GetBlindedKey (currentDate, blinded);	
+			}	
+			auto stA1 = htobe16 (m_BlindedSigType);
+			SHA256_CTX ctx;
+			SHA256_Init (&ctx);
+			SHA256_Update (&ctx, (const uint8_t *)&stA1, 2);
+			SHA256_Update (&ctx, blinded, 32);
+			SHA256_Final ((uint8_t *)hash, &ctx);
+		}
+		else
+			LogPrint (eLogError, "LeaseSet2: blinded key type ", (int)m_BlindedSigType, " is not supported");			
+		return hash;
+	}
+
+	LeaseSet2::LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len, bool storeLeases):
+		LeaseSet (storeLeases), m_StoreType (storeType), m_OrigStoreType (storeType)
+	{	
+		SetBuffer (buf, len);
+		if (storeType == NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
+			ReadFromBufferEncrypted (buf, len, nullptr);
+		else
+			ReadFromBuffer (buf, len);
+	}
+
+	LeaseSet2::LeaseSet2 (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key):
+		LeaseSet (true), m_StoreType (NETDB_STORE_TYPE_ENCRYPTED_LEASESET2), m_OrigStoreType (NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
+	{
+		ReadFromBufferEncrypted (buf, len, key);
+	}
+
+	void LeaseSet2::Update (const uint8_t * buf, size_t len, bool verifySignature)
+	{	
+		SetBuffer (buf, len);
+		if (GetStoreType () != NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
+			ReadFromBuffer (buf, len, false, verifySignature);	
+		// TODO: implement encrypted
+	}
+		
+	void LeaseSet2::ReadFromBuffer (const uint8_t * buf, size_t len, bool readIdentity, bool verifySignature)
+	{
+		// standard LS2 header
+		std::shared_ptr<const IdentityEx> identity;
+		if (readIdentity)
+		{	
+			identity = std::make_shared<IdentityEx>(buf, len);
+			SetIdentity (identity);
+		}
+		else
+			identity = GetIdentity ();
+		size_t offset = identity->GetFullLen ();
+		if (offset + 8 >= len) return;
+		m_PublishedTimestamp = bufbe32toh (buf + offset); offset += 4; // published timestamp (seconds)
+		uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
+		SetExpirationTime ((m_PublishedTimestamp + expires)*1000LL); // in milliseconds
+		uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
+		if (flags & LEASESET2_FLAG_OFFLINE_KEYS)
+		{
+			// transient key
+			m_TransientVerifier = ProcessOfflineSignature (identity, buf, len, offset);
+			if (!m_TransientVerifier)
+			{ 
+				LogPrint (eLogError, "LeaseSet2: offline signature failed");
+				return;
+			}
+		}
+		// type specific part
+		size_t s = 0;
+		switch (m_StoreType)
+		{
+			case NETDB_STORE_TYPE_STANDARD_LEASESET2:
+				s = ReadStandardLS2TypeSpecificPart (buf + offset, len - offset);
+			break;
+			case NETDB_STORE_TYPE_META_LEASESET2:
+				s = ReadMetaLS2TypeSpecificPart (buf + offset, len - offset);
+			break;
+			default:
+				LogPrint (eLogWarning, "LeaseSet2: Unexpected store type ", (int)m_StoreType);
+		}
+		if (!s) return;
+		offset += s;
+		if (verifySignature || m_TransientVerifier)
+		{	
+			// verify signature
+			bool verified = m_TransientVerifier ? VerifySignature (m_TransientVerifier, buf, len, offset) :
+				VerifySignature (identity, buf, len, offset);	
+			SetIsValid (verified);	
+		}
+	}
+
+	template<typename Verifier>
+	bool LeaseSet2::VerifySignature (Verifier& verifier, const uint8_t * buf, size_t len, size_t signatureOffset)
+	{
+		if (signatureOffset + verifier->GetSignatureLen () > len) return false;
+		// we assume buf inside DatabaseStore message, so buf[-1] is valid memory
+		// change it for signature verification, and restore back	
+		uint8_t c = buf[-1];
+		const_cast<uint8_t *>(buf)[-1] = m_StoreType;
+		bool verified = verifier->Verify (buf - 1, signatureOffset + 1, buf + signatureOffset); 
+		const_cast<uint8_t *>(buf)[-1] = c;
+		if (!verified)
+			LogPrint (eLogWarning, "LeaseSet2: verification failed");
+		return verified;
+	}
+
+	size_t LeaseSet2::ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len)
+	{
+		size_t offset = 0;
+		// properties
+		uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2; 
+		offset += propertiesLen; // skip for now. TODO: implement properties
+		if (offset + 1 >= len) return 0;
+		// key sections
+		uint16_t currentKeyType = 0;
+		int numKeySections = buf[offset]; offset++;
+		for (int i = 0; i < numKeySections; i++)
+		{
+			uint16_t keyType = bufbe16toh (buf + offset); offset += 2; // encryption key type
+			if (offset + 2 >= len) return 0;
+			uint16_t encryptionKeyLen = bufbe16toh (buf + offset); offset += 2; 
+			if (offset + encryptionKeyLen >= len) return 0;
+			if (IsStoreLeases ()) // create encryptor with leases only
+			{
+				// we pick first valid key, higher key type has higher priority 4-1-0
+				// if two keys with of the same type, pick first
+				auto encryptor = i2p::data::IdentityEx::CreateEncryptor (keyType, buf + offset);
+				if (encryptor && (!m_Encryptor || keyType > currentKeyType))
+				{
+					m_Encryptor = encryptor; // TODO: atomic
+					currentKeyType = keyType;
+				}
+			}
+			offset += encryptionKeyLen; 
+		}	
+		// leases
+		if (offset + 1 >= len) return 0;	
+		int numLeases = buf[offset]; offset++;
+		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
+		if (IsStoreLeases ())
+		{
+			UpdateLeasesBegin ();
+			for (int i = 0; i < numLeases; i++)
+			{
+				if (offset + LEASE2_SIZE > len) return 0;
+				Lease lease;
+				lease.tunnelGateway = buf + offset; offset += 32; // gateway
+				lease.tunnelID = bufbe32toh (buf + offset); offset += 4; // tunnel ID
+				lease.endDate = bufbe32toh (buf + offset)*1000LL; offset += 4; // end date
+				UpdateLease (lease, ts);
+			}
+			UpdateLeasesEnd ();
+		}
+		else
+			offset += numLeases*LEASE2_SIZE; // 40 bytes per lease
+		return offset;
+	}
+
+	size_t LeaseSet2::ReadMetaLS2TypeSpecificPart (const uint8_t * buf, size_t len)
+	{
+		size_t offset = 0;
+		// properties
+		uint16_t propertiesLen = bufbe16toh (buf + offset); offset += 2; 
+		offset += propertiesLen; // skip for now. TODO: implement properties
+		// entries			
+		if (offset + 1 >= len) return 0;
+		int numEntries = buf[offset]; offset++;
+		for (int i = 0; i < numEntries; i++)
+		{
+			if (offset + 40 >= len) return 0;
+			offset += 32; // hash
+			offset += 3; // flags
+ 			offset += 1; // cost
+			offset += 4; // expires
+		}
+		// revocations
+		if (offset + 1 >= len) return 0;
+		int numRevocations = buf[offset]; offset++;	
+		for (int i = 0; i < numRevocations; i++)
+		{
+			if (offset + 32 > len) return 0;
+			offset += 32; // hash
+		}
+		return offset;
+	}
+
+	void LeaseSet2::ReadFromBufferEncrypted (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key)
+	{
+		size_t offset = 0;
+		// blinded key
+		if (len < 2) return;
+		const uint8_t * stA1 = buf + offset; // stA1 = blinded signature type, 2 bytes big endian
+		uint16_t blindedKeyType = bufbe16toh (stA1); offset += 2;
+		std::unique_ptr<i2p::crypto::Verifier> blindedVerifier (i2p::data::IdentityEx::CreateVerifier (blindedKeyType));
+		if (!blindedVerifier) return;
+		auto blindedKeyLen = blindedVerifier->GetPublicKeyLen ();			
+		if (offset + blindedKeyLen >= len) return;
+		const uint8_t * blindedPublicKey = buf + offset;
+		blindedVerifier->SetPublicKey (blindedPublicKey); offset += blindedKeyLen;
+		// expiration
+		if (offset + 8 >= len) return;
+		const uint8_t * publishedTimestamp = buf + offset;
+		m_PublishedTimestamp = bufbe32toh (publishedTimestamp); offset += 4; // published timestamp (seconds)
+		uint16_t expires = bufbe16toh (buf + offset); offset += 2; // expires (seconds)
+		SetExpirationTime ((m_PublishedTimestamp + expires)*1000LL); // in milliseconds
+		uint16_t flags = bufbe16toh (buf + offset); offset += 2; // flags
+		if (flags & LEASESET2_FLAG_OFFLINE_KEYS)
+		{
+			// transient key
+			m_TransientVerifier = ProcessOfflineSignature (blindedVerifier, buf, len, offset);
+			if (!m_TransientVerifier) 
+			{
+				LogPrint (eLogError, "LeaseSet2: offline signature failed");
+				return;
+			}
+		}
+		// outer ciphertext
+		if (offset + 2 > len) return;
+		uint16_t lenOuterCiphertext = bufbe16toh (buf + offset); offset += 2;
+		const uint8_t * outerCiphertext = buf + offset;	
+		offset += lenOuterCiphertext;		
+		// verify signature
+		bool verified = m_TransientVerifier ? VerifySignature (m_TransientVerifier, buf, len, offset) :
+			VerifySignature (blindedVerifier, buf, len, offset);	
+		SetIsValid (verified);
+		// handle ciphertext
+		if (verified && key && lenOuterCiphertext >= 32)
+		{
+			SetIsValid (false); // we must verify it again in Layer 2 
+			if (blindedKeyType == i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519)
+			{
+				// verify blinding
+				char date[9];
+				i2p::util::GetDateString (m_PublishedTimestamp, date);
+				uint8_t blinded[32];
+				key->GetBlindedKey (date, blinded);
+				if (memcmp (blindedPublicKey, blinded, 32))
+				{
+					LogPrint (eLogError, "LeaseSet2: blinded public key doesn't match");
+					return;
+				}	
+			}	
+			// outer key
+			// outerInput = subcredential || publishedTimestamp
+			uint8_t subcredential[36];
+			key->GetSubcredential (blindedPublicKey, blindedKeyLen, subcredential);
+			memcpy (subcredential + 32, publishedTimestamp, 4);
+			// outerSalt = outerCiphertext[0:32]
+			// keys = HKDF(outerSalt, outerInput, "ELS2_L1K", 44)
+			uint8_t keys[64]; // 44 bytes actual data
+			i2p::crypto::HKDF (outerCiphertext, subcredential, 36, "ELS2_L1K", keys);
+			// decrypt Layer 1
+			// outerKey = keys[0:31]
+			// outerIV = keys[32:43]
+			size_t lenOuterPlaintext = lenOuterCiphertext - 32;
+			std::vector<uint8_t> outerPlainText (lenOuterPlaintext);
+			i2p::crypto::ChaCha20 (outerCiphertext + 32, lenOuterPlaintext, keys, keys + 32, outerPlainText.data ());
+			// inner key
+			// innerInput = authCookie || subcredential || publishedTimestamp, TODO: non-empty authCookie
+			// innerSalt = innerCiphertext[0:32]
+			// keys = HKDF(innerSalt, innerInput, "ELS2_L2K", 44)
+			// skip 1 byte flags
+			i2p::crypto::HKDF (outerPlainText.data () + 1, subcredential, 36, "ELS2_L2K", keys); // no authCookie
+			// decrypt Layer 2
+			// innerKey = keys[0:31]
+			// innerIV = keys[32:43]
+			size_t lenInnerPlaintext = lenOuterPlaintext - 32 - 1;
+			std::vector<uint8_t> innerPlainText (lenInnerPlaintext);
+			i2p::crypto::ChaCha20 (outerPlainText.data () + 32 + 1, lenInnerPlaintext, keys, keys + 32, innerPlainText.data ());
+			if (innerPlainText[0] == NETDB_STORE_TYPE_STANDARD_LEASESET2 || innerPlainText[0] == NETDB_STORE_TYPE_META_LEASESET2)
+			{
+				// override store type and buffer
+				m_StoreType = innerPlainText[0]; 
+				SetBuffer (innerPlainText.data () + 1, lenInnerPlaintext - 1);
+				// parse and verify Layer 2
+				ReadFromBuffer (innerPlainText.data () + 1, lenInnerPlaintext - 1);
+			}
+			else
+				LogPrint (eLogError, "LeaseSet2: unexpected LeaseSet type ", (int)innerPlainText[0], " inside encrypted LeaseSet");
+		}	
+	}
+
+	void LeaseSet2::Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const
+	{
+		auto encryptor = m_Encryptor; // TODO: atomic
+		if (encryptor)
+			encryptor->Encrypt (data, encrypted, ctx, true);	
+	}
+
+	uint64_t LeaseSet2::ExtractTimestamp (const uint8_t * buf, size_t len) const
+	{
+		if (len < 8) return 0;	
+		if (m_StoreType == NETDB_STORE_TYPE_ENCRYPTED_LEASESET2)
+		{
+			// encrypted LS2
+			size_t offset = 0;
+			uint16_t blindedKeyType = bufbe16toh (buf + offset); offset += 2;
+			std::unique_ptr<i2p::crypto::Verifier> blindedVerifier (i2p::data::IdentityEx::CreateVerifier (blindedKeyType));
+			if (!blindedVerifier) return 0 ;
+			auto blindedKeyLen = blindedVerifier->GetPublicKeyLen ();			
+			if (offset + blindedKeyLen + 6 >= len) return 0;
+			offset += blindedKeyLen;
+			uint32_t timestamp = bufbe32toh (buf + offset); offset += 4; 
+			uint16_t expires = bufbe16toh (buf + offset); offset += 2; 
+			return (timestamp + expires)* 1000LL;
+		}
+		else
+		{
+			auto identity = GetIdentity ();
+			if (!identity) return 0;
+			size_t offset = identity->GetFullLen ();
+			if (offset + 6 >= len) return 0;
+			uint32_t timestamp = bufbe32toh (buf + offset); offset += 4; 
+			uint16_t expires = bufbe16toh (buf + offset); offset += 2; 
+			return (timestamp + expires)* 1000LL;
+		}
+	}
+
 	LocalLeaseSet::LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * encryptionPublicKey, std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels):
 		m_ExpirationTime (0), m_Identity (identity)
 	{
@@ -255,9 +735,17 @@ namespace data
 	LocalLeaseSet::LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len):
 		m_ExpirationTime (0), m_Identity (identity)
 	{
-		m_BufferLen = len;
-		m_Buffer = new uint8_t[m_BufferLen];
-		memcpy (m_Buffer, buf, len);
+		if (buf)
+		{
+			m_BufferLen = len;
+			m_Buffer = new uint8_t[m_BufferLen];
+			memcpy (m_Buffer, buf, len);
+		}
+		else
+		{
+			m_Buffer = nullptr;
+			m_BufferLen = 0;
+		}
 	}
 
 	bool LocalLeaseSet::IsExpired () const
@@ -299,5 +787,147 @@ namespace data
 		}
 		return ident.Verify(ptr, leases - ptr, leases);
 	}
+
+	LocalLeaseSet2::LocalLeaseSet2 (uint8_t storeType, const i2p::data::PrivateKeys& keys, 
+		uint16_t keyType, uint16_t keyLen, const uint8_t * encryptionPublicKey, 
+		std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels):
+		LocalLeaseSet (keys.GetPublic (), nullptr, 0)
+	{
+		auto identity = keys.GetPublic ();
+		// assume standard LS2 
+		int num = tunnels.size ();
+		if (num > MAX_NUM_LEASES) num = MAX_NUM_LEASES;
+		m_BufferLen = identity->GetFullLen () + 4/*published*/ + 2/*expires*/ + 2/*flag*/ + 2/*properties len*/ +
+			1/*num keys*/ + 2/*key type*/ + 2/*key len*/ + keyLen/*key*/ + 1/*num leases*/ + num*LEASE2_SIZE + keys.GetSignatureLen ();
+		uint16_t flags = 0;
+		if (keys.IsOfflineSignature ()) 
+		{
+			flags |= LEASESET2_FLAG_OFFLINE_KEYS;
+			m_BufferLen += keys.GetOfflineSignature ().size ();	
+		}
+
+		m_Buffer = new uint8_t[m_BufferLen + 1];
+		m_Buffer[0] = storeType;	
+		// LS2 header
+		auto offset = identity->ToBuffer (m_Buffer + 1, m_BufferLen) + 1;
+		auto timestamp = i2p::util::GetSecondsSinceEpoch ();
+		htobe32buf (m_Buffer + offset, timestamp); offset += 4; // published timestamp (seconds)
+		uint8_t * expiresBuf = m_Buffer + offset; offset += 2; // expires, fill later
+		htobe16buf (m_Buffer + offset, flags); offset += 2; // flags
+		if (keys.IsOfflineSignature ())
+		{
+			// offline signature
+			const auto& offlineSignature = keys.GetOfflineSignature ();
+			memcpy (m_Buffer + offset, offlineSignature.data (), offlineSignature.size ());
+			offset += offlineSignature.size ();
+		}
+		htobe16buf (m_Buffer + offset, 0); offset += 2; // properties len
+		// keys	
+		m_Buffer[offset] = 1; offset++; // 1 key
+		htobe16buf (m_Buffer + offset, keyType); offset += 2; // key type 
+		htobe16buf (m_Buffer + offset, keyLen); offset += 2; // key len 	
+		memcpy (m_Buffer + offset, encryptionPublicKey, keyLen); offset += keyLen; // key
+		// leases
+		uint32_t expirationTime = 0; // in seconds
+		m_Buffer[offset] = num; offset++; // num leases
+		for (int i = 0; i < num; i++)
+		{
+			memcpy (m_Buffer + offset, tunnels[i]->GetNextIdentHash (), 32);
+			offset += 32; // gateway id
+			htobe32buf (m_Buffer + offset, tunnels[i]->GetNextTunnelID ());
+			offset += 4; // tunnel id
+			auto ts = tunnels[i]->GetCreationTime () + i2p::tunnel::TUNNEL_EXPIRATION_TIMEOUT - i2p::tunnel::TUNNEL_EXPIRATION_THRESHOLD; // in seconds, 1 minute before expiration
+			if (ts > expirationTime) expirationTime = ts;
+			htobe32buf (m_Buffer + offset, ts);
+			offset += 4; // end date
+		}	
+		// update expiration
+		SetExpirationTime (expirationTime*1000LL);	
+		auto expires = expirationTime - timestamp;
+		htobe16buf (expiresBuf, expires > 0 ? expires : 0);	
+		// sign
+		keys.Sign (m_Buffer, offset, m_Buffer + offset); // LS + leading store type
+	}
+
+	LocalLeaseSet2::LocalLeaseSet2 (uint8_t storeType, std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len):
+		LocalLeaseSet (identity, nullptr, 0)
+	{
+		m_BufferLen = len;
+		m_Buffer = new uint8_t[m_BufferLen + 1];
+		memcpy (m_Buffer + 1, buf, len);
+		m_Buffer[0] = storeType;
+	}
+
+	LocalEncryptedLeaseSet2::LocalEncryptedLeaseSet2 (std::shared_ptr<const LocalLeaseSet2> ls, const i2p::data::PrivateKeys& keys, i2p::data::SigningKeyType blindedKeyType):
+		LocalLeaseSet2 (ls->GetIdentity ()), m_InnerLeaseSet (ls)
+	{
+		size_t lenInnerPlaintext = ls->GetBufferLen () + 1, lenOuterPlaintext = lenInnerPlaintext + 32 + 1,
+			lenOuterCiphertext = lenOuterPlaintext + 32;
+		m_BufferLen = 2/*blinded sig type*/ + 32/*blinded pub key*/ + 4/*published*/ + 2/*expires*/ + 2/*flags*/ + 2/*lenOuterCiphertext*/ + lenOuterCiphertext + 64/*signature*/;
+		m_Buffer = new uint8_t[m_BufferLen + 1]; 
+		m_Buffer[0] = NETDB_STORE_TYPE_ENCRYPTED_LEASESET2;
+		BlindedPublicKey blindedKey (ls->GetIdentity ());
+		auto timestamp = i2p::util::GetSecondsSinceEpoch ();	
+		char date[9];
+		i2p::util::GetDateString (timestamp, date);
+		uint8_t blindedPriv[32], blindedPub[32];
+		blindedKey.BlindPrivateKey (keys.GetSigningPrivateKey (), date, blindedPriv, blindedPub);
+		std::unique_ptr<i2p::crypto::Signer> blindedSigner (i2p::data::PrivateKeys::CreateSigner (blindedKeyType, blindedPriv));
+		auto offset = 1;
+		htobe16buf (m_Buffer + offset, blindedKeyType); offset += 2; // Blinded Public Key Sig Type
+		memcpy (m_Buffer + offset, blindedPub, 32); offset += 32; // Blinded Public Key
+		htobe32buf (m_Buffer + offset, timestamp); offset += 4; // published timestamp (seconds)
+		auto nextMidnight = (timestamp/86400LL + 1)*86400LL; // 86400 = 24*3600 seconds
+		auto expirationTime = ls->GetExpirationTime ()/1000LL; 
+		if (expirationTime > nextMidnight) expirationTime = nextMidnight;
+		SetExpirationTime (expirationTime*1000LL);
+		htobe16buf (m_Buffer + offset, expirationTime > timestamp ? expirationTime - timestamp : 0); offset += 2; // expires
+		uint16_t flags = 0;
+		htobe16buf (m_Buffer + offset, flags); offset += 2; // flags	
+		htobe16buf (m_Buffer + offset, lenOuterCiphertext); offset += 2; // lenOuterCiphertext
+		// outerChipherText
+		// Layer 1	
+		uint8_t subcredential[36];
+		blindedKey.GetSubcredential (blindedPub, 32, subcredential);
+		htobe32buf (subcredential + 32, timestamp); // outerInput = subcredential || publishedTimestamp
+		// keys = HKDF(outerSalt, outerInput, "ELS2_L1K", 44)
+		uint8_t keys1[64]; // 44 bytes actual data
+		RAND_bytes (m_Buffer + offset, 32); // outerSalt = CSRNG(32)	
+		i2p::crypto::HKDF (m_Buffer + offset, subcredential, 36, "ELS2_L1K", keys1);
+		offset += 32; // outerSalt
+		uint8_t * outerPlainText = m_Buffer + offset;	
+		m_Buffer[offset] = 0; offset++; // flag
+		// Layer 2
+		// keys = HKDF(outerSalt, outerInput, "ELS2_L2K", 44)
+		uint8_t keys2[64]; // 44 bytes actual data
+		RAND_bytes (m_Buffer + offset, 32); // innerSalt = CSRNG(32)	
+		i2p::crypto::HKDF (m_Buffer + offset, subcredential, 36, "ELS2_L2K", keys2);
+		offset += 32; // innerSalt 
+		m_Buffer[offset] = ls->GetStoreType (); 
+		memcpy (m_Buffer + offset + 1, ls->GetBuffer (), ls->GetBufferLen ());
+		i2p::crypto::ChaCha20 (m_Buffer + offset, lenInnerPlaintext, keys2, keys2 + 32, m_Buffer + offset); // encrypt Layer 2
+		offset += lenInnerPlaintext;
+		i2p::crypto::ChaCha20 (outerPlainText, lenOuterPlaintext, keys1, keys1 + 32, outerPlainText); // encrypt Layer 1
+		// signature
+		blindedSigner->Sign (m_Buffer, offset, m_Buffer + offset);
+		// store hash
+		m_StoreHash = blindedKey.GetStoreHash (date);		
+	}
+
+	LocalEncryptedLeaseSet2::LocalEncryptedLeaseSet2 (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len):
+		LocalLeaseSet2 (NETDB_STORE_TYPE_ENCRYPTED_LEASESET2, identity, buf, len) 
+	{
+		// fill inner LeaseSet2 
+		auto blindedKey = std::make_shared<BlindedPublicKey>(identity);	
+		i2p::data::LeaseSet2 ls (buf, len, blindedKey); // inner layer
+		if (ls.IsValid ())
+		{
+			m_InnerLeaseSet = std::make_shared<LocalLeaseSet2>(ls.GetStoreType (), identity, ls.GetBuffer (), ls.GetBufferLen ());
+			m_StoreHash = blindedKey->GetStoreHash ();
+		}
+		else
+			LogPrint (eLogError, "LeaseSet2: couldn't extract inner layer");			
+	}
+	
 }
 }

libi2pd/LeaseSet.h

@@ -8,6 +8,7 @@
 #include <memory>
 #include "Identity.h"
 #include "Timestamp.h"
+#include "I2PEndian.h"
 
 namespace i2p
 {
@@ -25,7 +26,7 @@ namespace data
 		IdentHash tunnelGateway;
 		uint32_t tunnelID;
 		uint64_t endDate; // 0 means invalid
-		bool isUpdated; // trasient
+		bool isUpdated; // transient
 		/* return true if this lease expires within t millisecond + fudge factor */
 		bool ExpiresWithin( const uint64_t t, const uint64_t fudge = 1000 ) const {
 			auto expire = i2p::util::GetMillisecondsSinceEpoch ();
@@ -50,14 +51,17 @@ namespace data
 
 	const size_t MAX_LS_BUFFER_SIZE = 3072;
 	const size_t LEASE_SIZE = 44; // 32 + 4 + 8
+	const size_t LEASE2_SIZE = 40; // 32 + 4 + 4	
 	const uint8_t MAX_NUM_LEASES = 16;
+
+	const uint8_t NETDB_STORE_TYPE_LEASESET = 1;
 	class LeaseSet: public RoutingDestination
 	{
 		public:
 
 			LeaseSet (const uint8_t * buf, size_t len, bool storeLeases = true);
-			~LeaseSet () { delete[] m_Buffer; };
-			void Update (const uint8_t * buf, size_t len, bool verifySignature = true);
+			virtual ~LeaseSet () { delete[] m_EncryptionKey; delete[] m_Buffer; };
+			virtual void Update (const uint8_t * buf, size_t len, bool verifySignature = true);
 			bool IsNewer (const uint8_t * buf, size_t len) const;
 			void PopulateLeases (); // from buffer
 
@@ -73,16 +77,34 @@ namespace data
 			bool ExpiresSoon(const uint64_t dlt=1000 * 5, const uint64_t fudge = 0) const ;
 			bool operator== (const LeaseSet& other) const
 			{ return m_BufferLen == other.m_BufferLen && !memcmp (m_Buffer, other.m_Buffer, m_BufferLen); };
+			virtual uint8_t GetStoreType () const { return NETDB_STORE_TYPE_LEASESET; };
+			virtual uint8_t GetOrigStoreType () const { return NETDB_STORE_TYPE_LEASESET; };
+			virtual uint32_t GetPublishedTimestamp () const { return 0; }; // should be set for LeaseSet2 only
+			virtual std::shared_ptr<const i2p::crypto::Verifier> GetTransientVerifier () const { return nullptr; };		  
 
 			// implements RoutingDestination
 			std::shared_ptr<const IdentityEx> GetIdentity () const { return m_Identity; };
 			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const;
 			bool IsDestination () const { return true; };
 
+		protected:
+
+			void UpdateLeasesBegin ();
+			void UpdateLeasesEnd ();
+			void UpdateLease (const Lease& lease, uint64_t ts);
+
+			// called from LeaseSet2
+			LeaseSet (bool storeLeases);
+			void SetBuffer (const uint8_t * buf, size_t len);
+			void SetIdentity (std::shared_ptr<const IdentityEx> identity) { m_Identity = identity; };
+			void SetExpirationTime (uint64_t t) { m_ExpirationTime = t; };
+			void SetIsValid (bool isValid) { m_IsValid = isValid; };
+			bool IsStoreLeases () const { return m_StoreLeases; };
+
 		private:
 
 			void ReadFromBuffer (bool readIdentity = true, bool verifySignature = true);
-			uint64_t ExtractTimestamp (const uint8_t * buf, size_t len) const; // returns max expiration time
+			virtual uint64_t ExtractTimestamp (const uint8_t * buf, size_t len) const; // returns max expiration time
 
 		private:
 
@@ -90,7 +112,7 @@ namespace data
 			std::set<std::shared_ptr<Lease>, LeaseCmp> m_Leases;
 			uint64_t m_ExpirationTime; // in milliseconds
 			std::shared_ptr<const IdentityEx> m_Identity;
-			uint8_t m_EncryptionKey[256];
+			uint8_t * m_EncryptionKey;
 			uint8_t * m_Buffer;
 			size_t m_BufferLen;
 	};
@@ -101,27 +123,123 @@ namespace data
 	 */
 	bool LeaseSetBufferValidate(const uint8_t * ptr, size_t sz, uint64_t & expires);
 
+	const uint8_t NETDB_STORE_TYPE_STANDARD_LEASESET2 = 3;
+	const uint8_t NETDB_STORE_TYPE_ENCRYPTED_LEASESET2 = 5;
+	const uint8_t NETDB_STORE_TYPE_META_LEASESET2 = 7;
+
+	const uint16_t LEASESET2_FLAG_OFFLINE_KEYS = 0x0001;
+
+	class BlindedPublicKey // for encrypted LS2
+	{
+		public:
+
+			BlindedPublicKey (std::shared_ptr<const IdentityEx> identity, SigningKeyType blindedKeyType = i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519);
+			BlindedPublicKey (const std::string& b33); // from b33 without .b32.i2p			
+			std::string ToB33 () const;
+
+			const uint8_t * GetPublicKey () const { return m_PublicKey.data (); };
+			size_t GetPublicKeyLen () const { return m_PublicKey.size (); };
+			SigningKeyType GetSigType () const  { return m_SigType; };
+			SigningKeyType GetBlindedSigType () const  { return m_BlindedSigType; };
+
+			void GetSubcredential (const uint8_t * blinded, size_t len, uint8_t * subcredential) const; // 32 bytes
+			void GetBlindedKey (const char * date, uint8_t * blindedKey) const; // blinded key 32 bytes, date is 8 chars "YYYYMMDD" 
+			void BlindPrivateKey (const uint8_t * priv, const char * date, uint8_t * blindedPriv, uint8_t * blindedPub) const; // blinded key 32 bytes, date is 8 chars "YYYYMMDD" 
+			i2p::data::IdentHash GetStoreHash (const char * date = nullptr) const; // date is 8 chars "YYYYMMDD", use current if null
+
+		private:
+
+			void GetCredential (uint8_t * credential) const; // 32 bytes
+			void GenerateAlpha (const char * date, uint8_t * seed) const; // 64 bytes, date is 8 chars "YYYYMMDD" 
+			void H (const std::string& p, const std::vector<std::pair<const uint8_t *, size_t> >& bufs, uint8_t * hash) const;
+
+		private:
+
+			std::vector<uint8_t> m_PublicKey;
+			i2p::data::SigningKeyType m_SigType, m_BlindedSigType;
+	};
+	
+	class LeaseSet2: public LeaseSet
+	{
+		public:
+
+			LeaseSet2 (uint8_t storeType, const uint8_t * buf, size_t len,  bool storeLeases = true);
+			LeaseSet2 (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key); // store type 5, called from local netdb only
+			uint8_t GetStoreType () const { return m_StoreType; };
+			uint8_t GetOrigStoreType () const { return m_OrigStoreType; };
+			uint32_t GetPublishedTimestamp () const { return m_PublishedTimestamp; };
+			std::shared_ptr<const i2p::crypto::Verifier> GetTransientVerifier () const { return m_TransientVerifier; };
+			void Update (const uint8_t * buf, size_t len, bool verifySignature);
+
+			// implements RoutingDestination
+			void Encrypt (const uint8_t * data, uint8_t * encrypted, BN_CTX * ctx) const;
+
+		private:
+
+			void ReadFromBuffer (const uint8_t * buf, size_t len, bool readIdentity = true, bool verifySignature = true);
+			void ReadFromBufferEncrypted (const uint8_t * buf, size_t len, std::shared_ptr<const BlindedPublicKey> key);
+			size_t ReadStandardLS2TypeSpecificPart (const uint8_t * buf, size_t len);
+			size_t ReadMetaLS2TypeSpecificPart (const uint8_t * buf, size_t len);
+
+			template<typename Verifier>
+			bool VerifySignature (Verifier& verifier, const uint8_t * buf, size_t len, size_t signatureOffset);
+
+			uint64_t ExtractTimestamp (const uint8_t * buf, size_t len) const;
+
+		private:
+
+			uint8_t m_StoreType, m_OrigStoreType;  
+			uint32_t m_PublishedTimestamp = 0;
+			std::shared_ptr<i2p::crypto::Verifier> m_TransientVerifier;
+			std::shared_ptr<i2p::crypto::CryptoKeyEncryptor> m_Encryptor; // for standardLS2
+	};
+
+	// also called from Streaming.cpp 	
+	template<typename Verifier>
+	std::shared_ptr<i2p::crypto::Verifier> ProcessOfflineSignature (const Verifier& verifier, const uint8_t * buf, size_t len, size_t& offset)
+	{
+		if (offset + 6 >= len) return nullptr;
+		const uint8_t * signedData = buf + offset;
+		uint32_t expiresTimestamp = bufbe32toh (buf + offset); offset += 4; // expires timestamp
+		if (expiresTimestamp < i2p::util::GetSecondsSinceEpoch ()) return nullptr;
+		uint16_t keyType = bufbe16toh (buf + offset); offset += 2;
+		std::shared_ptr<i2p::crypto::Verifier> transientVerifier (i2p::data::IdentityEx::CreateVerifier (keyType));
+		if (!transientVerifier) return nullptr;
+		auto keyLen = transientVerifier->GetPublicKeyLen ();
+		if (offset + keyLen >= len) return nullptr;
+		transientVerifier->SetPublicKey (buf + offset); offset += keyLen;
+		if (offset + verifier->GetSignatureLen () >= len) return nullptr;
+		if (!verifier->Verify (signedData, keyLen + 6, buf + offset)) return nullptr;
+		offset += verifier->GetSignatureLen ();	
+		return transientVerifier;
+	}
+
+//------------------------------------------------------------------------------------
 	class LocalLeaseSet
 	{
 		public:
 
 			LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * encryptionPublicKey, std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
 			LocalLeaseSet (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len);
-			~LocalLeaseSet () { delete[] m_Buffer; };
+			virtual ~LocalLeaseSet () { delete[] m_Buffer; };
 
-			const uint8_t * GetBuffer () const { return m_Buffer; };
-			uint8_t * GetSignature () { return m_Buffer + m_BufferLen - GetSignatureLen (); };
-			size_t GetBufferLen () const { return m_BufferLen; };
+			virtual uint8_t * GetBuffer () const { return m_Buffer; };
+			uint8_t * GetSignature () { return GetBuffer () + GetBufferLen () - GetSignatureLen (); };
+			virtual size_t GetBufferLen () const { return m_BufferLen; };
 			size_t GetSignatureLen () const { return m_Identity->GetSignatureLen (); };
 			uint8_t * GetLeases () { return m_Leases; };
 
 			const IdentHash& GetIdentHash () const { return m_Identity->GetIdentHash (); };
+			std::shared_ptr<const IdentityEx> GetIdentity () const { return m_Identity; };
 			bool IsExpired () const;
 			uint64_t GetExpirationTime () const { return m_ExpirationTime; };
 			void SetExpirationTime (uint64_t expirationTime) { m_ExpirationTime = expirationTime; };
 			bool operator== (const LeaseSet& other) const
-			{ return m_BufferLen == other.GetBufferLen ()  && !memcmp (other.GetBuffer (), other.GetBuffer (), m_BufferLen); };
+			{ return GetBufferLen () == other.GetBufferLen () && !memcmp (GetBuffer (), other.GetBuffer (), GetBufferLen ()); };
 
+			virtual uint8_t GetStoreType () const { return NETDB_STORE_TYPE_LEASESET; };
+			virtual const IdentHash& GetStoreHash () const { return GetIdentHash (); }; // differ from ident hash for encrypted LeaseSet2
+			virtual std::shared_ptr<const LocalLeaseSet> GetInnerLeaseSet () const { return nullptr; }; // non-null for encrypted LeaseSet2
 
 		private:
 
@@ -130,6 +248,49 @@ namespace data
 			uint8_t * m_Buffer, * m_Leases;
 			size_t m_BufferLen;
 	};
+
+	class LocalLeaseSet2: public LocalLeaseSet
+	{
+		public:
+
+			LocalLeaseSet2 (uint8_t storeType, const i2p::data::PrivateKeys& keys, 
+				uint16_t keyType, uint16_t keyLen, const uint8_t * encryptionPublicKey, 
+				std::vector<std::shared_ptr<i2p::tunnel::InboundTunnel> > tunnels);
+			LocalLeaseSet2 (uint8_t storeType, std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len);	// from I2CP
+		
+			virtual ~LocalLeaseSet2 () { delete[] m_Buffer; };
+			
+			uint8_t * GetBuffer () const { return m_Buffer + 1; };
+			size_t GetBufferLen () const { return m_BufferLen; };
+
+			uint8_t GetStoreType () const { return m_Buffer[0]; };
+
+		protected:
+
+			LocalLeaseSet2 (std::shared_ptr<const IdentityEx> identity): LocalLeaseSet (identity, nullptr, 0), m_Buffer (nullptr), m_BufferLen(0) {}; // called from LocalEncryptedLeaseSet2
+
+		protected:
+
+			uint8_t * m_Buffer; // 1 byte store type + actual buffer
+			size_t m_BufferLen;
+	};
+
+	class LocalEncryptedLeaseSet2: public LocalLeaseSet2
+	{
+		public:
+
+			LocalEncryptedLeaseSet2 (std::shared_ptr<const LocalLeaseSet2> ls, const i2p::data::PrivateKeys& keys, i2p::data::SigningKeyType blindedKeyType = i2p::data::SIGNING_KEY_TYPE_REDDSA_SHA512_ED25519); 
+
+			LocalEncryptedLeaseSet2 (std::shared_ptr<const IdentityEx> identity, const uint8_t * buf, size_t len); // from I2CP
+
+			const IdentHash& GetStoreHash () const { return m_StoreHash; };
+			std::shared_ptr<const LocalLeaseSet> GetInnerLeaseSet () const { return m_InnerLeaseSet; };
+
+		private:
+
+			IdentHash m_StoreHash;
+			std::shared_ptr<const LocalLeaseSet2> m_InnerLeaseSet;
+	};
 }
 }
 

libi2pd/NTCP2.cpp

@@ -30,7 +30,6 @@ namespace transport
 	NTCP2Establisher::NTCP2Establisher ():
 		m_SessionRequestBuffer (nullptr), m_SessionCreatedBuffer (nullptr), m_SessionConfirmedBuffer (nullptr) 
 	{ 
-		CreateEphemeralKey ();
 	}
 
 	NTCP2Establisher::~NTCP2Establisher () 
@@ -40,7 +39,7 @@ namespace transport
 		delete[] m_SessionConfirmedBuffer;
 	}
 
-	void NTCP2Establisher::MixKey (const uint8_t * inputKeyMaterial, uint8_t * derived)
+	void NTCP2Establisher::MixKey (const uint8_t * inputKeyMaterial)
 	{
 		// temp_key = HMAC-SHA256(ck, input_key_material)
 		uint8_t tempKey[32]; unsigned int len;
@@ -50,7 +49,16 @@ namespace transport
 		HMAC(EVP_sha256(), tempKey, 32, one, 1, m_CK, &len); 	
 		// derived = HMAC-SHA256(temp_key, ck || byte(0x02))
 		m_CK[32] = 2;
-		HMAC(EVP_sha256(), tempKey, 32, m_CK, 33, derived, &len); 	
+		HMAC(EVP_sha256(), tempKey, 32, m_CK, 33, m_K, &len); 	
+	}
+
+	void NTCP2Establisher::MixHash (const uint8_t * buf, size_t len)
+	{
+		SHA256_CTX ctx;
+		SHA256_Init (&ctx);
+		SHA256_Update (&ctx, m_H, 32);
+		SHA256_Update (&ctx, buf, len);
+		SHA256_Final (m_H, &ctx);
 	}
 
 	void NTCP2Establisher::KeyDerivationFunction1 (const uint8_t * pub, i2p::crypto::X25519Keys& priv, const uint8_t * rs, const uint8_t * epub)
@@ -73,14 +81,11 @@ namespace transport
 		SHA256_Update (&ctx, rs, 32);			
 		SHA256_Final (m_H, &ctx);
 		// h = SHA256(h || epub)
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, epub, 32);
-		SHA256_Final (m_H, &ctx);
+		MixHash (epub, 32);
 		// x25519 between pub and priv
 		uint8_t inputKeyMaterial[32];
 		priv.Agree (pub, inputKeyMaterial);
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}
 
 	void NTCP2Establisher::KDF1Alice ()
@@ -95,30 +100,18 @@ namespace transport
 
 	void NTCP2Establisher::KeyDerivationFunction2 (const uint8_t * sessionRequest, size_t sessionRequestLen, const uint8_t * epub)
 	{		
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, sessionRequest + 32, 32); // encrypted payload	
-		SHA256_Final (m_H, &ctx);
+		MixHash (sessionRequest + 32, 32); // encrypted payload	
 
 		int paddingLength =  sessionRequestLen - 64;
 		if (paddingLength > 0)
-		{
-			SHA256_Init (&ctx);
-			SHA256_Update (&ctx, m_H, 32);			
-			SHA256_Update (&ctx, sessionRequest + 64, paddingLength);			
-			SHA256_Final (m_H, &ctx);
-		}	
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, epub, 32); 
-		SHA256_Final (m_H, &ctx);
+			MixHash (sessionRequest + 64, paddingLength);
+		MixHash (epub, 32); 
 
 		// x25519 between remote pub and ephemaral priv
 		uint8_t inputKeyMaterial[32];
 		m_EphemeralKeys.Agree (GetRemotePub (), inputKeyMaterial);
 		
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}
 
 	void NTCP2Establisher::KDF2Alice ()
@@ -135,14 +128,14 @@ namespace transport
 	{
 		uint8_t inputKeyMaterial[32];
 		i2p::context.GetStaticKeys ().Agree (GetRemotePub (), inputKeyMaterial);		 
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}
 
 	void NTCP2Establisher::KDF3Bob ()
 	{
 		uint8_t inputKeyMaterial[32];
 		m_EphemeralKeys.Agree (m_RemoteStaticKey, inputKeyMaterial); 
-		MixKey (inputKeyMaterial, m_K);
+		MixKey (inputKeyMaterial);
 	}
 
 	void NTCP2Establisher::CreateEphemeralKey ()
@@ -170,8 +163,17 @@ namespace transport
 		memset (options, 0, 16);
 		options[1] = 2; // ver	
 		htobe16buf (options + 2, paddingLength); // padLen
-		m3p2Len = i2p::context.GetRouterInfo ().GetBufferLen () + 20; // (RI header + RI + MAC for now) TODO: implement options
+		// m3p2Len	
+		auto bufLen = i2p::context.GetRouterInfo ().GetBufferLen ();
+		m3p2Len = bufLen + 4 + 16; // (RI header + RI + MAC for now) TODO: implement options	
 		htobe16buf (options + 4,  m3p2Len);
+		// fill m3p2 payload (RouterInfo block)	
+		m_SessionConfirmedBuffer = new uint8_t[m3p2Len + 48]; // m3p1 is 48 bytes
+		uint8_t * m3p2 = m_SessionConfirmedBuffer + 48;
+		m3p2[0] = eNTCP2BlkRouterInfo; // block
+		htobe16buf (m3p2 + 1, bufLen + 1); // flag + RI
+		m3p2[3] = 0; // flag 	
+		memcpy (m3p2 + 4, i2p::context.GetRouterInfo ().GetBuffer (), bufLen); // TODO: own RI should be protected by mutex
 		// 2 bytes reserved
 		htobe32buf (options + 8, i2p::util::GetSecondsSinceEpoch ()); // tsA
 		// 4 bytes reserved
@@ -208,23 +210,12 @@ namespace transport
 	void NTCP2Establisher::CreateSessionConfirmedMessagePart1 (const uint8_t * nonce)
 	{
 		// update AD
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, m_SessionCreatedBuffer + 32, 32);	// encrypted payload
-		SHA256_Final (m_H, &ctx);
-
+		MixHash (m_SessionCreatedBuffer + 32, 32);	// encrypted payload
 		int paddingLength = m_SessionCreatedBufferLen - 64;
 		if (paddingLength > 0)
-		{
-			SHA256_CTX ctx1;
-			SHA256_Init (&ctx1);
-			SHA256_Update (&ctx1, m_H, 32);			
-			SHA256_Update (&ctx1, m_SessionCreatedBuffer + 64, paddingLength);			
-			SHA256_Final (m_H, &ctx1);
-		}	
-		// part1 48 bytes 
-		m_SessionConfirmedBuffer = new uint8_t[m3p2Len + 48]; 
+			MixHash (m_SessionCreatedBuffer + 64, paddingLength);	
+
+		// part1 48 bytes  
 		i2p::crypto::AEADChaCha20Poly1305 (i2p::context.GetNTCP2StaticPublicKey (), 32, m_H, 32, m_K, nonce, m_SessionConfirmedBuffer, 48, true); // encrypt
 	}
 
@@ -232,24 +223,13 @@ namespace transport
 	{
 		// part 2
 		// update AD again
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);			
-		SHA256_Update (&ctx, m_SessionConfirmedBuffer, 48);			
-		SHA256_Final (m_H, &ctx);		
-		// fill and encrypt
-		uint8_t * buf = m_SessionConfirmedBuffer + 48;
-		buf[0] = eNTCP2BlkRouterInfo; // block
-		htobe16buf (buf + 1, i2p::context.GetRouterInfo ().GetBufferLen () + 1); // flag + RI
-		buf[3] = 0; // flag 	
-		memcpy (buf + 4, i2p::context.GetRouterInfo ().GetBuffer (), i2p::context.GetRouterInfo ().GetBufferLen ());
+		MixHash (m_SessionConfirmedBuffer, 48);			
+		// encrypt m3p2, it must be filled in SessionRequest
 		KDF3Alice (); 
-		i2p::crypto::AEADChaCha20Poly1305 (buf, m3p2Len - 16, m_H, 32, m_K, nonce, buf, m3p2Len, true); // encrypt 
+		uint8_t * m3p2 = m_SessionConfirmedBuffer + 48;
+		i2p::crypto::AEADChaCha20Poly1305 (m3p2, m3p2Len - 16, m_H, 32, m_K, nonce, m3p2, m3p2Len, true); // encrypt 
 		// update h again
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);			
-		SHA256_Update (&ctx, buf, m3p2Len);			
-		SHA256_Final (m_H, &ctx); //h = SHA256(h || ciphertext)
+		MixHash (m3p2, m3p2Len); //h = SHA256(h || ciphertext)
 	}	
 
 	bool NTCP2Establisher::ProcessSessionRequestMessage (uint16_t& paddingLen)
@@ -339,21 +319,11 @@ namespace transport
 	bool NTCP2Establisher::ProcessSessionConfirmedMessagePart1 (const uint8_t * nonce)
 	{
 		// update AD
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);
-		SHA256_Update (&ctx, m_SessionCreatedBuffer + 32, 32);	// encrypted payload
-		SHA256_Final (m_H, &ctx);
-
+		MixHash (m_SessionCreatedBuffer + 32, 32);	// encrypted payload
 		int paddingLength = m_SessionCreatedBufferLen - 64;
 		if (paddingLength > 0)
-		{
-			SHA256_CTX ctx1;
-			SHA256_Init (&ctx1);
-			SHA256_Update (&ctx1, m_H, 32);			
-			SHA256_Update (&ctx1, m_SessionCreatedBuffer + 64, paddingLength);			
-			SHA256_Final (m_H, &ctx1);
-		}	
+			MixHash (m_SessionCreatedBuffer + 64, paddingLength);
+		
 		if (!i2p::crypto::AEADChaCha20Poly1305 (m_SessionConfirmedBuffer, 32, m_H, 32, m_K, nonce, m_RemoteStaticKey, 32, false)) // decrypt S
 		{
 			LogPrint (eLogWarning, "NTCP2: SessionConfirmed Part1 AEAD verification failed ");
@@ -365,11 +335,7 @@ namespace transport
 	bool NTCP2Establisher::ProcessSessionConfirmedMessagePart2 (const uint8_t * nonce, uint8_t * m3p2Buf)
 	{
 		// update AD again
-		SHA256_CTX ctx;
-		SHA256_Init (&ctx);
-		SHA256_Update (&ctx, m_H, 32);			
-		SHA256_Update (&ctx, m_SessionConfirmedBuffer, 48);			
-		SHA256_Final (m_H, &ctx);		
+		MixHash (m_SessionConfirmedBuffer, 48);		
 
 		KDF3Bob (); 
 		if (i2p::crypto::AEADChaCha20Poly1305 (m_SessionConfirmedBuffer + 48, m3p2Len - 16, m_H, 32, m_K, nonce, m3p2Buf, m3p2Len - 16, false)) // decrypt
@@ -390,6 +356,7 @@ namespace transport
 		TransportSession (in_RemoteRouter, NTCP2_ESTABLISH_TIMEOUT), 
 		m_Server (server), m_Socket (m_Server.GetService ()), 
 		m_IsEstablished (false), m_IsTerminated (false),
+		m_Establisher (new NTCP2Establisher),
 		m_SendSipKey (nullptr), m_ReceiveSipKey (nullptr),
 #if OPENSSL_SIPHASH
 		m_SendMDCtx(nullptr), m_ReceiveMDCtx (nullptr),
@@ -397,7 +364,6 @@ namespace transport
 		m_NextReceivedLen (0), m_NextReceivedBuffer (nullptr), m_NextSendBuffer (nullptr),
 		m_ReceiveSequenceNumber (0), m_SendSequenceNumber (0), m_IsSending (false)
 	{
-		m_Establisher.reset (new NTCP2Establisher);
 		if (in_RemoteRouter) // Alice
 		{
 			m_Establisher->m_RemoteIdentHash = GetRemoteIdentity ()->GetIdentHash ();
@@ -724,12 +690,11 @@ namespace transport
 					}
 					if (memcmp (addr->ntcp2->staticKey, m_Establisher->m_RemoteStaticKey, 32))
 					{
-						LogPrint (eLogError, "NTCP2: Static key mistmatch in SessionConfirmed");				
+						LogPrint (eLogError, "NTCP2: Static key mismatch in SessionConfirmed");				
 						SendTerminationAndTerminate (eNTCP2IncorrectSParameter);				
 						return;
 					}
-
-					i2p::data::netdb.AddRouterInfo (buf.data () + 4, size - 1); // TODO: should insert ri and not parse it twice
+					i2p::data::netdb.PostI2NPMsg (CreateI2NPMessage (eI2NPDummyMsg, buf.data () + 3, size)); // TODO: should insert ri and not parse it twice
 					// TODO: process options
 						
 					// ready to communicate	
@@ -769,11 +734,13 @@ namespace transport
 
 	void NTCP2Session::ClientLogin ()
 	{
+		m_Establisher->CreateEphemeralKey ();
 		SendSessionRequest ();
 	}
 
 	void NTCP2Session::ServerLogin ()
 	{
+		m_Establisher->CreateEphemeralKey ();
 		m_Establisher->m_SessionRequestBuffer = new uint8_t[287]; // 287 bytes max for now
 		boost::asio::async_read (m_Socket, boost::asio::buffer(m_Establisher->m_SessionRequestBuffer, 64), boost::asio::transfer_all (),
 			std::bind(&NTCP2Session::HandleSessionRequestReceived, shared_from_this (),
@@ -816,7 +783,7 @@ namespace transport
 				size_t moreBytes = m_Socket.available(ec);
 				if (!ec && moreBytes >= m_NextReceivedLen)
 				{
-					// read and process messsage immediately if avaliable
+					// read and process message immediately if available
 					moreBytes = boost::asio::read (m_Socket, boost::asio::buffer(m_NextReceivedBuffer, m_NextReceivedLen), boost::asio::transfer_all (), ec);
 					HandleReceived (ec, moreBytes);
 				}
@@ -894,7 +861,7 @@ namespace transport
 				case eNTCP2BlkRouterInfo:
 				{
 					LogPrint (eLogDebug, "NTCP2: RouterInfo flag=", (int)frame[offset]);
-					i2p::data::netdb.AddRouterInfo (frame + offset + 1, size - 1);
+					i2p::data::netdb.PostI2NPMsg (CreateI2NPMessage (eI2NPDummyMsg, frame + offset, size));
 					break;
 				}
 				case eNTCP2BlkI2NPMessage:
@@ -906,6 +873,7 @@ namespace transport
 						break;
 					}
 					auto nextMsg = NewI2NPMessage (size);
+					nextMsg->Align (12); // for possible tunnel msg
 					nextMsg->len = nextMsg->offset + size + 7; // 7 more bytes for full I2NP header
 					memcpy (nextMsg->GetNTCP2Header (), frame + offset, size);
 					nextMsg->FromNTCP2 ();
@@ -919,7 +887,7 @@ namespace transport
 						Terminate ();
 					}
 					else
-						LogPrint (eLogWarning, "NTCP2: Unexpected temination block size ", size);
+						LogPrint (eLogWarning, "NTCP2: Unexpected termination block size ", size);
 				break;
 				case eNTCP2BlkPadding:
 					LogPrint (eLogDebug, "NTCP2: padding");
@@ -932,14 +900,9 @@ namespace transport
 		m_Handler.Flush ();
 	}
 
-	void NTCP2Session::SendNextFrame (const uint8_t * payload, size_t len)
+	void NTCP2Session::SetNextSentFrameLength (size_t frameLen, uint8_t * lengthBuf)
 	{
-		if (IsTerminated ()) return;	
-		uint8_t nonce[12];
-		CreateNonce (m_SendSequenceNumber, nonce); m_SendSequenceNumber++;
-		m_NextSendBuffer = new uint8_t[len + 16 + 2];
-		i2p::crypto::AEADChaCha20Poly1305 (payload, len, nullptr, 0, m_SendKey, nonce, m_NextSendBuffer + 2, len + 16, true);
-#if OPENSSL_SIPHASH
+		#if OPENSSL_SIPHASH
 		EVP_DigestSignInit (m_SendMDCtx, nullptr, nullptr, nullptr, nullptr);
 		EVP_DigestSignUpdate (m_SendMDCtx, m_SendIV.buf, 8); 
 		size_t l = 8;    
@@ -948,12 +911,101 @@ namespace transport
 		i2p::crypto::Siphash<8> (m_SendIV.buf, m_SendIV.buf, 8, m_SendSipKey);
 #endif
 		// length must be in BigEndian
-		htobe16buf (m_NextSendBuffer, (len + 16) ^ le16toh (m_SendIV.key));
-		LogPrint (eLogDebug, "NTCP2: sent length ", len + 16);
+		htobe16buf (lengthBuf, frameLen ^ le16toh (m_SendIV.key));
+		LogPrint (eLogDebug, "NTCP2: sent length ", frameLen);
+	}	
 
-		// send message
+	void NTCP2Session::SendI2NPMsgs (std::vector<std::shared_ptr<I2NPMessage> >& msgs)
+	{
+		if (msgs.empty () || IsTerminated ()) return;
+		
+		size_t totalLen = 0;
+		std::vector<std::pair<uint8_t *, size_t> > encryptBufs;
+		std::vector<boost::asio::const_buffer> bufs; 
+		std::shared_ptr<I2NPMessage> first;
+		uint8_t * macBuf = nullptr;
+		for (auto& it: msgs) 
+		{	
+			it->ToNTCP2 ();
+			auto buf = it->GetNTCP2Header ();
+			auto len = it->GetNTCP2Length ();
+			// block header
+			buf -= 3; 
+			buf[0] = eNTCP2BlkI2NPMessage; // blk
+			htobe16buf (buf + 1, len); // size
+			len += 3; 	
+			totalLen += len;		
+			encryptBufs.push_back ( {buf, len} );
+			if (&it == &msgs.front ()) // first message
+			{
+				// allocate two bytes for length
+				buf -= 2; len += 2;
+				first = it;
+			}	
+			if (&it == &msgs.back () && it->len + 16 < it->maxLen) // last message
+			{	
+				// if it's long enough we add padding and MAC to it
+				// create padding block
+				auto paddingLen = CreatePaddingBlock (totalLen, buf + len, it->maxLen - it->len - 16);
+				if (paddingLen)
+				{
+					encryptBufs.push_back ( {buf + len, paddingLen} );
+					len += paddingLen;
+					totalLen += paddingLen;
+				}
+				macBuf = buf + len;
+				// allocate 16 bytes for MAC
+				len += 16;
+			}	
+				
+			bufs.push_back (boost::asio::buffer (buf, len));
+		}
+
+		if (!macBuf) // last block was not enough for MAC
+		{
+			// allocate send buffer
+			m_NextSendBuffer = new uint8_t[287]; // can be any size > 16, we just allocate 287 frequently
+			// crate padding block
+			auto paddingLen = CreatePaddingBlock (totalLen, m_NextSendBuffer, 287 - 16);
+			// and padding block to encrypt and send
+			if (paddingLen)
+				encryptBufs.push_back ( {m_NextSendBuffer, paddingLen} );			
+			bufs.push_back (boost::asio::buffer (m_NextSendBuffer, paddingLen + 16));
+			macBuf = m_NextSendBuffer + paddingLen;
+			totalLen += paddingLen;		
+		}
+		uint8_t nonce[12];
+		CreateNonce (m_SendSequenceNumber, nonce); m_SendSequenceNumber++;
+		i2p::crypto::AEADChaCha20Poly1305Encrypt (encryptBufs, m_SendKey, nonce, macBuf); // encrypt buffers
+		SetNextSentFrameLength (totalLen + 16, first->GetNTCP2Header () - 5); // frame length right before first block
+			
+		// send buffers
 		m_IsSending = true;	
-		boost::asio::async_write (m_Socket, boost::asio::buffer (m_NextSendBuffer, len + 16 + 2), boost::asio::transfer_all (),
+		boost::asio::async_write (m_Socket, bufs, boost::asio::transfer_all (),
+			std::bind(&NTCP2Session::HandleI2NPMsgsSent, shared_from_this (), std::placeholders::_1, std::placeholders::_2, msgs));
+	}	
+
+	void NTCP2Session::HandleI2NPMsgsSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs)
+	{
+		HandleNextFrameSent (ecode, bytes_transferred);
+		// msgs get destroyed here
+	}
+	
+	void NTCP2Session::EncryptAndSendNextBuffer (size_t payloadLen)
+	{
+		if (IsTerminated ()) 
+		{
+			delete[] m_NextSendBuffer; m_NextSendBuffer = nullptr;
+			return; 
+		}
+		// encrypt
+		uint8_t nonce[12];
+		CreateNonce (m_SendSequenceNumber, nonce); m_SendSequenceNumber++;
+		i2p::crypto::AEADChaCha20Poly1305Encrypt ({ {m_NextSendBuffer + 2, payloadLen} }, m_SendKey, nonce, m_NextSendBuffer + payloadLen + 2);	
+		SetNextSentFrameLength (payloadLen + 16, m_NextSendBuffer);
+		// send
+		m_IsSending = true;	
+		boost::asio::async_write (m_Socket, boost::asio::buffer (m_NextSendBuffer, payloadLen + 16 + 2), boost::asio::transfer_all (),
 			std::bind(&NTCP2Session::HandleNextFrameSent, shared_from_this (), std::placeholders::_1, std::placeholders::_2));
 	}
 
@@ -971,31 +1023,25 @@ namespace transport
 			m_LastActivityTimestamp = i2p::util::GetSecondsSinceEpoch ();
 			m_NumSentBytes += bytes_transferred;
 			i2p::transport::transports.UpdateSentBytes (bytes_transferred);
-			LogPrint (eLogDebug, "NTCP2: Next frame sent");
+			LogPrint (eLogDebug, "NTCP2: Next frame sent ", bytes_transferred);
 			SendQueue ();
 		}	
 	}
-
+	
 	void NTCP2Session::SendQueue ()
 	{
 		if (!m_SendQueue.empty ())
 		{
-			auto buf = m_Server.NewNTCP2FrameBuffer ();
-			uint8_t * payload = buf->data ();
+			std::vector<std::shared_ptr<I2NPMessage> > msgs;
 			size_t s = 0;
-			// add I2NP blocks
 			while (!m_SendQueue.empty ())
 			{
 				auto msg = m_SendQueue.front ();
 				size_t len = msg->GetNTCP2Length (); 
 				if (s + len + 3 <= NTCP2_UNENCRYPTED_FRAME_MAX_SIZE) // 3 bytes block header
 				{
-					payload[s] = eNTCP2BlkI2NPMessage; // blk
-					htobe16buf (payload + s + 1, len); // size
-					s += 3;
-					msg->ToNTCP2 ();
-					memcpy (payload + s, msg->GetNTCP2Header (), len);
-					s += len;
+					msgs.push_back (msg);
+					s += (len + 3);
 					m_SendQueue.pop_front ();
 				}
 				else if (len + 3 > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE)
@@ -1006,46 +1052,55 @@ namespace transport
 				else
 					break;
 			}
-			// add padding block 
-			int paddingSize = (s*NTCP2_MAX_PADDING_RATIO)/100;
-			if (s + paddingSize + 3 > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE) paddingSize = NTCP2_UNENCRYPTED_FRAME_MAX_SIZE - s -3;
-			if (paddingSize) paddingSize = rand () % paddingSize;
-			payload[s] = eNTCP2BlkPadding; // blk
-			htobe16buf (payload + s + 1, paddingSize); // size
-			s += 3;
-			memset (payload + s, 0, paddingSize);			
-			s += paddingSize;
-			// send
-			SendNextFrame (payload, s);
-			m_Server.DeleteNTCP2FrameBuffer (buf);
+			SendI2NPMsgs (msgs);
 		} 
 	}
 
+	size_t NTCP2Session::CreatePaddingBlock (size_t msgLen, uint8_t * buf, size_t len)
+	{
+		if (len < 3) return 0; 
+		len -= 3;
+		if (msgLen < 256) msgLen = 256; // for short message padding should not be always zero
+		size_t paddingSize = (msgLen*NTCP2_MAX_PADDING_RATIO)/100;
+		if (msgLen + paddingSize + 3 > NTCP2_UNENCRYPTED_FRAME_MAX_SIZE) paddingSize = NTCP2_UNENCRYPTED_FRAME_MAX_SIZE - msgLen -3;
+		if (paddingSize > len) paddingSize = len;
+		if (paddingSize) paddingSize = rand () % paddingSize;
+		buf[0] = eNTCP2BlkPadding; // blk
+		htobe16buf (buf + 1, paddingSize); // size
+		memset (buf + 3, 0, paddingSize);			
+		return paddingSize + 3;
+	}	
+		
 	void NTCP2Session::SendRouterInfo ()
 	{
 		if (!IsEstablished ()) return;
 		auto riLen = i2p::context.GetRouterInfo ().GetBufferLen ();
-		int paddingSize = (riLen*NTCP2_MAX_PADDING_RATIO)/100;
-		size_t payloadLen = riLen + paddingSize + 7; // 7 = 2*3 bytes header + 1 byte RI flag 
-		uint8_t * payload = new uint8_t[payloadLen];
-		payload[0] = eNTCP2BlkRouterInfo;
-		htobe16buf (payload + 1, riLen + 1); // size
-		payload[3] = 0; // flag
-		memcpy (payload + 4, i2p::context.GetRouterInfo ().GetBuffer (), riLen);
-		payload[riLen + 4] = eNTCP2BlkPadding;
-		htobe16buf (payload + riLen + 5, paddingSize);
-		RAND_bytes (payload + riLen + 7, paddingSize);
-		SendNextFrame (payload, payloadLen);
-		delete[] payload;
+		size_t payloadLen = riLen + 4; // 3 bytes block header + 1 byte RI flag
+		m_NextSendBuffer = new uint8_t[payloadLen + 16 + 2 + 64]; // up to 64 bytes padding
+		m_NextSendBuffer[2] = eNTCP2BlkRouterInfo;
+		htobe16buf (m_NextSendBuffer + 3, riLen + 1); // size
+		m_NextSendBuffer[5] = 0; // flag
+		memcpy (m_NextSendBuffer + 6, i2p::context.GetRouterInfo ().GetBuffer (), riLen);
+		// padding block
+		auto paddingSize = CreatePaddingBlock (payloadLen, m_NextSendBuffer + 2 + payloadLen, 64);
+		payloadLen += paddingSize;
+		// encrypt and send
+		EncryptAndSendNextBuffer (payloadLen);
 	}
 
 	void NTCP2Session::SendTermination (NTCP2TerminationReason reason)
 	{
-		if (!IsEstablished ()) return;
-		uint8_t payload[12] = { eNTCP2BlkTermination, 0, 9 };
-		htobe64buf (payload + 3, m_ReceiveSequenceNumber);
-		payload[11] = (uint8_t)reason;
-		SendNextFrame (payload, 12);
+		if (!m_SendKey || !m_SendSipKey) return;
+		m_NextSendBuffer = new uint8_t[49]; // 49 = 12 bytes message + 16 bytes MAC + 2 bytes size + up to 19 padding block 		
+		// termination block
+		m_NextSendBuffer[2] = eNTCP2BlkTermination;
+		m_NextSendBuffer[3] = 0; m_NextSendBuffer[4] = 9; // 9 bytes block size
+		htobe64buf (m_NextSendBuffer + 5, m_ReceiveSequenceNumber);	
+		m_NextSendBuffer[13] = (uint8_t)reason;
+		// padding block
+		auto paddingSize = CreatePaddingBlock (12, m_NextSendBuffer + 14, 19);
+		// encrypt and send
+		EncryptAndSendNextBuffer (paddingSize + 12);
 	}
 
 	void NTCP2Session::SendTerminationAndTerminate (NTCP2TerminationReason reason)
@@ -1125,6 +1180,7 @@ namespace transport
 						{
 							m_NTCP2V6Acceptor->open (boost::asio::ip::tcp::v6());
 							m_NTCP2V6Acceptor->set_option (boost::asio::ip::v6_only (true));
+							m_NTCP2V6Acceptor->set_option (boost::asio::socket_base::reuse_address (true));
 							m_NTCP2V6Acceptor->bind (boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v6(), address->port));
 							m_NTCP2V6Acceptor->listen ();
 

libi2pd/NTCP2.h

@@ -73,8 +73,9 @@ namespace transport
 		eNTCP2Banned, // 17
 	};		
 	
+	// RouterInfo flags
+	const uint8_t NTCP2_ROUTER_INFO_FLAG_REQUEST_FLOOD = 0x01;	
 
-	typedef std::array<uint8_t, NTCP2_UNENCRYPTED_FRAME_MAX_SIZE> NTCP2FrameBuffer;
 	struct NTCP2Establisher
 	{
 		NTCP2Establisher ();
@@ -95,7 +96,8 @@ namespace transport
 		void KDF3Alice (); // for SessionConfirmed part 2
 		void KDF3Bob ();
 
-		void MixKey (const uint8_t * inputKeyMaterial, uint8_t * derived);
+		void MixKey (const uint8_t * inputKeyMaterial);
+		void MixHash (const uint8_t * buf, size_t len);
 		void KeyDerivationFunction1 (const uint8_t * pub, i2p::crypto::X25519Keys& priv, const uint8_t * rs, const uint8_t * epub); // for SessionRequest, (pub, priv) for DH
 		void KeyDerivationFunction2 (const uint8_t * sessionRequest, size_t sessionRequestLen, const uint8_t * epub); // for SessionCreate
 		void CreateEphemeralKey ();
@@ -172,8 +174,12 @@ namespace transport
 			void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred);
 			void ProcessNextFrame (const uint8_t * frame, size_t len);
 
-			void SendNextFrame (const uint8_t * payload, size_t len); 
+			void SetNextSentFrameLength (size_t frameLen, uint8_t * lengthBuf);
+			void SendI2NPMsgs (std::vector<std::shared_ptr<I2NPMessage> >& msgs);
+			void HandleI2NPMsgsSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs);
+			void EncryptAndSendNextBuffer (size_t payloadLen);
 			void HandleNextFrameSent (const boost::system::error_code& ecode, std::size_t bytes_transferred);
+			size_t CreatePaddingBlock (size_t msgLen, uint8_t * buf, size_t len);
 			void SendQueue ();
 			void SendRouterInfo ();
 			void SendTermination (NTCP2TerminationReason reason);
@@ -229,9 +235,6 @@ namespace transport
 		
 			void Connect(const boost::asio::ip::address & address, uint16_t port, std::shared_ptr<NTCP2Session> conn);
 
-			NTCP2FrameBuffer * NewNTCP2FrameBuffer () { return m_NTCP2FrameBuffersPool.Acquire(); }
-			void DeleteNTCP2FrameBuffer (NTCP2FrameBuffer * buf) { return m_NTCP2FrameBuffersPool.Release(buf); }
-
 		private:
 
 			void Run ();
@@ -255,8 +258,6 @@ namespace transport
 			std::map<i2p::data::IdentHash, std::shared_ptr<NTCP2Session> > m_NTCP2Sessions; 
 			std::list<std::shared_ptr<NTCP2Session> > m_PendingIncomingSessions;
 
-			i2p::util::MemoryPool<NTCP2FrameBuffer> m_NTCP2FrameBuffersPool;
-
 		public:
 
 			// for HTTP/I2PControl

libi2pd/NTCPSession.cpp

@@ -843,6 +843,7 @@ namespace transport
 							{
 								m_NTCPV6Acceptor->open (boost::asio::ip::tcp::v6());
 								m_NTCPV6Acceptor->set_option (boost::asio::ip::v6_only (true));
+								m_NTCPV6Acceptor->set_option (boost::asio::socket_base::reuse_address (true));
 								m_NTCPV6Acceptor->bind (boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v6(), address->port));
 								m_NTCPV6Acceptor->listen ();
 
@@ -1286,7 +1287,7 @@ namespace transport
 				if (it.second->IsTerminationTimeoutExpired (ts))
 				{
 					auto session = it.second;
-					// Termniate modifies m_NTCPSession, so we postpone it
+					// Terminate modifies m_NTCPSession, so we postpone it
 					m_Service.post ([session] {
 							LogPrint (eLogDebug, "NTCP: No activity for ", session->GetTerminationTimeout (), " seconds");
 							session->Terminate ();

libi2pd/NetDb.cpp

@@ -12,6 +12,7 @@
 #include "I2NPProtocol.h"
 #include "Tunnel.h"
 #include "Transports.h"
+#include "NTCP2.h"
 #include "RouterContext.h"
 #include "Garlic.h"
 #include "NetDb.hpp"
@@ -25,7 +26,7 @@ namespace data
 {
 	NetDb netdb;
 
-	NetDb::NetDb (): m_IsRunning (false), m_Thread (nullptr), m_Reseeder (nullptr), m_Storage("netDb", "r", "routerInfo-", "dat"), m_FloodfillBootstrap(nullptr), m_HiddenMode(false)
+	NetDb::NetDb (): m_IsRunning (false), m_Thread (nullptr), m_Reseeder (nullptr), m_Storage("netDb", "r", "routerInfo-", "dat"), m_PersistProfiles (true), m_HiddenMode(false)
 	{
 	}
 
@@ -43,10 +44,12 @@ namespace data
 		m_Families.LoadCertificates ();
 		Load ();
 
-                uint16_t threshold; i2p::config::GetOption("reseed.threshold", threshold);
+		uint16_t threshold; i2p::config::GetOption("reseed.threshold", threshold);
 		if (m_RouterInfos.size () < threshold) // reseed if # of router less than threshold
 			Reseed ();
 
+		i2p::config::GetOption("persist.profiles", m_PersistProfiles);
+
 		m_IsRunning = true;
 		m_Thread = new std::thread (std::bind (&NetDb::Run, this));
 	}
@@ -55,8 +58,9 @@ namespace data
 	{
 		if (m_IsRunning)
 		{
-			for (auto& it: m_RouterInfos)
-				it.second->SaveProfile ();
+			if (m_PersistProfiles)
+				for (auto& it: m_RouterInfos)
+					it.second->SaveProfile ();
 			DeleteObsoleteProfiles ();
 			m_RouterInfos.clear ();
 			m_Floodfills.clear ();
@@ -98,6 +102,10 @@ namespace data
 							case eI2NPDatabaseLookup:
 								HandleDatabaseLookupMsg (msg);
 							break;
+							case eI2NPDummyMsg:
+								// plain RouterInfo from NTCP2 with flags for now
+								HandleNTCP2RouterInfoMsg (msg);
+							break;
 							default: // WTF?
 								LogPrint (eLogError, "NetDb: unexpected message type ", (int) msg->GetTypeID ());
 								//i2p::HandleI2NPMessage (msg);
@@ -130,7 +138,7 @@ namespace data
 					lastDestinationCleanup = ts;
 				}
 
-				if (ts - lastPublish >= NETDB_PUBLISH_INTERVAL) // update timestamp and publish 
+				if (ts - lastPublish >= NETDB_PUBLISH_INTERVAL) // update timestamp and publish
 				{
 					i2p::context.UpdateTimestamp (ts);
 					if (!m_HiddenMode) Publish ();
@@ -140,7 +148,7 @@ namespace data
 				{
 					auto numRouters = m_RouterInfos.size ();
 					if (!numRouters)
-                    	throw std::runtime_error("No known routers, reseed seems to be totally failed");
+						throw std::runtime_error("No known routers, reseed seems to be totally failed");
 					else // we have peers now
 						m_FloodfillBootstrap = nullptr;
 					if (numRouters < 2500 || ts - lastExploratory >= 90)
@@ -162,30 +170,55 @@ namespace data
 		}
 	}
 
+	void NetDb::SetHidden(bool hide)
+	{
+		// TODO: remove reachable addresses from router info
+		m_HiddenMode = hide;
+	}
+
 	bool NetDb::AddRouterInfo (const uint8_t * buf, int len)
+	{
+		bool updated;
+		AddRouterInfo (buf, len, updated);
+		return updated;
+	}
+
+	std::shared_ptr<const RouterInfo> NetDb::AddRouterInfo (const uint8_t * buf, int len, bool& updated)
 	{
 		IdentityEx identity;
 		if (identity.FromBuffer (buf, len))
-			return AddRouterInfo (identity.GetIdentHash (), buf, len);
-		return false;
+			return AddRouterInfo (identity.GetIdentHash (), buf, len, updated);
+		updated = false;
+		return nullptr;
 	}
 
-  void NetDb::SetHidden(bool hide) {
-    // TODO: remove reachable addresses from router info
-    m_HiddenMode = hide;
-  }
-
 	bool NetDb::AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len)
 	{
-		bool updated = true;
+		bool updated;
+		AddRouterInfo (ident, buf, len, updated);
+		return updated;
+	}
+
+	std::shared_ptr<const RouterInfo> NetDb::AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len, bool& updated)
+	{
+		updated = true;
 		auto r = FindRouter (ident);
 		if (r)
 		{
 			if (r->IsNewer (buf, len))
 			{
+				bool wasFloodfill = r->IsFloodfill ();
 				r->Update (buf, len);
 				LogPrint (eLogInfo, "NetDb: RouterInfo updated: ", ident.ToBase64());
-				// TODO: check if floodfill has been changed
+				if (wasFloodfill != r->IsFloodfill ()) // if floodfill status updated
+				{
+					LogPrint (eLogDebug, "NetDb: RouterInfo floodfill status updated: ", ident.ToBase64());
+					std::unique_lock<std::mutex> l(m_FloodfillsMutex);
+					if (wasFloodfill)
+						m_Floodfills.remove (r);	
+					else	
+						m_Floodfills.push_back (r);
+				}	
 			}
 			else
 			{
@@ -196,7 +229,7 @@ namespace data
 		else
 		{
 			r = std::make_shared<RouterInfo> (buf, len);
-			if (!r->IsUnreachable ())
+			if (!r->IsUnreachable () && r->HasValidAddresses ())
 			{
 				bool inserted = false;
 				{
@@ -223,50 +256,68 @@ namespace data
 		}
 		// take care about requested destination
 		m_Requests.RequestComplete (ident, r);
-		return updated;
+		return r;
 	}
 
-	bool NetDb::AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len,
-		std::shared_ptr<i2p::tunnel::InboundTunnel> from)
+	bool NetDb::AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len)
 	{
 		std::unique_lock<std::mutex> lock(m_LeaseSetsMutex);
 		bool updated = false;
-		if (!from) // unsolicited LS must be received directly
+		auto it = m_LeaseSets.find(ident);
+		if (it != m_LeaseSets.end () && it->second->GetStoreType () == i2p::data::NETDB_STORE_TYPE_LEASESET)
 		{
-			auto it = m_LeaseSets.find(ident);
-			if (it != m_LeaseSets.end ())
+			// we update only is existing LeaseSet is not LeaseSet2
+			uint64_t expires;
+			if(LeaseSetBufferValidate(buf, len, expires))
 			{
-				uint64_t expires;
-				if(LeaseSetBufferValidate(buf, len, expires))
+				if(it->second->GetExpirationTime() < expires)
 				{
-					if(it->second->GetExpirationTime() < expires)
-					{
-						it->second->Update (buf, len, false); // signature is verified already
-						LogPrint (eLogInfo, "NetDb: LeaseSet updated: ", ident.ToBase32());
-						updated = true;
-					}
-					else
-						LogPrint(eLogDebug, "NetDb: LeaseSet is older: ", ident.ToBase32());
-				}
-				else
-					LogPrint(eLogError, "NetDb: LeaseSet is invalid: ", ident.ToBase32());
-			}
-			else
-			{
-				auto leaseSet = std::make_shared<LeaseSet> (buf, len, false); // we don't need leases in netdb
-				if (leaseSet->IsValid ())
-				{
-					LogPrint (eLogInfo, "NetDb: LeaseSet added: ", ident.ToBase32());
-					m_LeaseSets[ident] = leaseSet;
+					it->second->Update (buf, len, false); // signature is verified already
+					LogPrint (eLogInfo, "NetDb: LeaseSet updated: ", ident.ToBase32());
 					updated = true;
 				}
 				else
-					LogPrint (eLogError, "NetDb: new LeaseSet validation failed: ", ident.ToBase32());
+					LogPrint(eLogDebug, "NetDb: LeaseSet is older: ", ident.ToBase32());
 			}
+			else
+				LogPrint(eLogError, "NetDb: LeaseSet is invalid: ", ident.ToBase32());
+		}
+		else
+		{
+			auto leaseSet = std::make_shared<LeaseSet> (buf, len, false); // we don't need leases in netdb
+			if (leaseSet->IsValid ())
+			{
+				LogPrint (eLogInfo, "NetDb: LeaseSet added: ", ident.ToBase32());
+				m_LeaseSets[ident] = leaseSet;
+				updated = true;
+			}
+			else
+				LogPrint (eLogError, "NetDb: new LeaseSet validation failed: ", ident.ToBase32());
 		}
 		return updated;
 	}
 
+	bool NetDb::AddLeaseSet2 (const IdentHash& ident, const uint8_t * buf, int len, uint8_t storeType)
+	{
+		std::unique_lock<std::mutex> lock(m_LeaseSetsMutex);
+		auto leaseSet = std::make_shared<LeaseSet2> (storeType, buf, len, false); // we don't need leases in netdb
+		if (leaseSet->IsValid ())
+		{
+			auto it = m_LeaseSets.find(ident);
+			if (it == m_LeaseSets.end () || it->second->GetStoreType () != storeType ||
+				leaseSet->GetPublishedTimestamp () > it->second->GetPublishedTimestamp ())
+			{
+				// TODO: implement actual update
+				LogPrint (eLogInfo, "NetDb: LeaseSet2 updated: ", ident.ToBase32());
+				m_LeaseSets[ident] = leaseSet;
+				return true;
+			}
+		}
+		else
+			LogPrint (eLogError, "NetDb: new LeaseSet2 validation failed: ", ident.ToBase32());
+		return false;
+	}
+
 	std::shared_ptr<RouterInfo> NetDb::FindRouter (const IdentHash& ident) const
 	{
 		std::unique_lock<std::mutex> l(m_RouterInfosMutex);
@@ -289,6 +340,9 @@ namespace data
 
 	std::shared_ptr<RouterProfile> NetDb::FindRouterProfile (const IdentHash& ident) const
 	{
+		if (!m_PersistProfiles)
+			return nullptr;
+
 		auto router = FindRouter (ident);
 		return router ? router->GetProfile () : nullptr;
 	}
@@ -322,7 +376,7 @@ namespace data
 				}
 				m_FloodfillBootstrap = ri;
 				ReseedFromFloodfill(*ri);
-				// don't try reseed servers if trying to boostrap from floodfill
+				// don't try reseed servers if trying to bootstrap from floodfill
 				return;
 			}
 		}
@@ -388,8 +442,9 @@ namespace data
 
 	void NetDb::VisitStoredRouterInfos(RouterInfoVisitor v)
 	{
-		m_Storage.Iterate([v] (const std::string & filename) {
-        auto ri = std::make_shared<i2p::data::RouterInfo>(filename);
+		m_Storage.Iterate([v] (const std::string & filename)
+		{
+			auto ri = std::make_shared<i2p::data::RouterInfo>(filename);
 				v(ri);
 		});
 	}
@@ -518,18 +573,18 @@ namespace data
 				{
 					if (it->second->IsUnreachable ())
 					{
-						it->second->SaveProfile ();
+						if (m_PersistProfiles) it->second->SaveProfile ();
 						it = m_RouterInfos.erase (it);
 						continue;
 					}
 					++it;
 				}
 			}
-			// clean up expired floodfiils
+			// clean up expired floodfills or not floodfills anymore
 			{
 				std::unique_lock<std::mutex> l(m_FloodfillsMutex);
 				for (auto it = m_Floodfills.begin (); it != m_Floodfills.end ();)
-					if ((*it)->IsUnreachable ())
+					if ((*it)->IsUnreachable () || !(*it)->IsFloodfill ())
 						it = m_Floodfills.erase (it);
 					else
 						++it;
@@ -570,6 +625,17 @@ namespace data
 		transports.SendMessage (from, dest->CreateRequestMessage (nullptr, nullptr));
 	}
 
+	void NetDb::HandleNTCP2RouterInfoMsg (std::shared_ptr<const I2NPMessage> m)
+	{
+		uint8_t flood = m->GetPayload ()[0] & NTCP2_ROUTER_INFO_FLAG_REQUEST_FLOOD;
+		bool updated;
+		auto ri = AddRouterInfo (m->GetPayload () + 1, m->GetPayloadLength () - 1, updated); // without flags
+		if (flood && updated && context.IsFloodfill () && ri)
+		{
+			auto floodMsg = CreateDatabaseStoreMsg (ri, 0); // replyToken = 0
+			Flood (ri->GetIdentHash (), floodMsg);
+		}
+	}
 
 	void NetDb::HandleDatabaseStoreMsg (std::shared_ptr<const I2NPMessage> m)
 	{
@@ -610,12 +676,24 @@ namespace data
 		size_t payloadOffset = offset;
 
 		bool updated = false;
-		if (buf[DATABASE_STORE_TYPE_OFFSET]) // type
+		uint8_t storeType = buf[DATABASE_STORE_TYPE_OFFSET];
+		if (storeType) // LeaseSet or LeaseSet2
 		{
-			LogPrint (eLogDebug, "NetDb: store request: LeaseSet for ", ident.ToBase32());
-			updated = AddLeaseSet (ident, buf + offset, len - offset, m->from);
+			if (!m->from) // unsolicited LS must be received directly
+			{
+				if (storeType == NETDB_STORE_TYPE_LEASESET) // 1
+				{
+					LogPrint (eLogDebug, "NetDb: store request: LeaseSet for ", ident.ToBase32());
+					updated = AddLeaseSet (ident, buf + offset, len - offset);
+				}
+				else // all others are considered as LeaseSet2
+				{
+					LogPrint (eLogDebug, "NetDb: store request: LeaseSet2 of type ", storeType, " for ", ident.ToBase32());
+					updated = AddLeaseSet2 (ident, buf + offset, len - offset, storeType);
+				}
+			}
 		}
-		else
+		else // RouterInfo
 		{
 			LogPrint (eLogDebug, "NetDb: store request: RouterInfo");
 			size_t size = bufbe16toh (buf + offset);
@@ -649,22 +727,7 @@ namespace data
 			{
 				memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + payloadOffset, msgLen);
 				floodMsg->FillI2NPMessageHeader (eI2NPDatabaseStore);
-				std::set<IdentHash> excluded;
-				excluded.insert (i2p::context.GetIdentHash ()); // don't flood to itself
-				excluded.insert (ident); // don't flood back
-				for (int i = 0; i < 3; i++)
-				{
-					auto floodfill = GetClosestFloodfill (ident, excluded);
-					if (floodfill)
-					{
-						auto h = floodfill->GetIdentHash();
-						LogPrint(eLogDebug, "NetDb: Flood lease set for ", ident.ToBase32(), " to ", h.ToBase64());
-						transports.SendMessage (h, CopyI2NPMessage(floodMsg));
-						excluded.insert (h);
-					}
-					else
-						break;
-				}
+				Flood (ident, floodMsg);
 			}
 			else
 				LogPrint (eLogError, "NetDb: Database store message is too long ", floodMsg->len);
@@ -835,7 +898,7 @@ namespace data
 			}
 
 			if (!replyMsg && (lookupType == DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP  ||
-			    lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP))
+				lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP))
 			{
 				auto leaseSet = FindLeaseSet (ident);
 				if (!leaseSet)
@@ -965,6 +1028,26 @@ namespace data
 		}
 	}
 
+	void NetDb::Flood (const IdentHash& ident, std::shared_ptr<I2NPMessage> floodMsg)
+	{
+		std::set<IdentHash> excluded;
+		excluded.insert (i2p::context.GetIdentHash ()); // don't flood to itself
+		excluded.insert (ident); // don't flood back
+		for (int i = 0; i < 3; i++)
+		{
+			auto floodfill = GetClosestFloodfill (ident, excluded);
+			if (floodfill)
+			{
+				auto h = floodfill->GetIdentHash();
+				LogPrint(eLogDebug, "NetDb: Flood lease set for ", ident.ToBase32(), " to ", h.ToBase64());
+				transports.SendMessage (h, CopyI2NPMessage(floodMsg));
+				excluded.insert (h);
+			}
+			else
+				break;
+		}
+	}
+
 	std::shared_ptr<const RouterInfo> NetDb::GetRandomRouter () const
 	{
 		return GetRandomRouter (
@@ -1122,13 +1205,13 @@ namespace data
 		return res;
 	}
 
-  std::shared_ptr<const RouterInfo> NetDb::GetRandomRouterInFamily(const std::string & fam) const {
-    return GetRandomRouter(
-      [fam](std::shared_ptr<const RouterInfo> router)->bool
-      {
-        return router->IsFamily(fam);
-      });
-  }
+	std::shared_ptr<const RouterInfo> NetDb::GetRandomRouterInFamily(const std::string & fam) const {
+		return GetRandomRouter(
+			[fam](std::shared_ptr<const RouterInfo> router)->bool
+		{
+			return router->IsFamily(fam);
+		});
+	}
 
 	std::shared_ptr<const RouterInfo> NetDb::GetClosestNonFloodfill (const IdentHash& destination,
 		const std::set<IdentHash>& excluded) const
@@ -1158,9 +1241,9 @@ namespace data
 		auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 		for (auto it = m_LeaseSets.begin (); it != m_LeaseSets.end ();)
 		{
-			if (ts > it->second->GetExpirationTime () - LEASE_ENDDATE_THRESHOLD)
+			if (!it->second->IsValid () || ts > it->second->GetExpirationTime () - LEASE_ENDDATE_THRESHOLD)
 			{
-				LogPrint (eLogInfo, "NetDb: LeaseSet ", it->second->GetIdentHash ().ToBase64 (), " expired");
+				LogPrint (eLogInfo, "NetDb: LeaseSet ", it->first.ToBase64 (), " expired or invalid");
 				it = m_LeaseSets.erase (it);
 			}
 			else

libi2pd/NetDb.hpp

@@ -54,7 +54,8 @@ namespace data
 
 			bool AddRouterInfo (const uint8_t * buf, int len);
 			bool AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len);
-			bool AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len, std::shared_ptr<i2p::tunnel::InboundTunnel> from);
+			bool AddLeaseSet (const IdentHash& ident, const uint8_t * buf, int len);
+			bool AddLeaseSet2 (const IdentHash& ident, const uint8_t * buf, int len, uint8_t storeType);
 			std::shared_ptr<RouterInfo> FindRouter (const IdentHash& ident) const;
 			std::shared_ptr<LeaseSet> FindLeaseSet (const IdentHash& destination) const;
 			std::shared_ptr<RouterProfile> FindRouterProfile (const IdentHash& ident) const;
@@ -65,7 +66,8 @@ namespace data
 			void HandleDatabaseStoreMsg (std::shared_ptr<const I2NPMessage> msg);
 			void HandleDatabaseSearchReplyMsg (std::shared_ptr<const I2NPMessage> msg);
 			void HandleDatabaseLookupMsg (std::shared_ptr<const I2NPMessage> msg);
-
+			void HandleNTCP2RouterInfoMsg (std::shared_ptr<const I2NPMessage> m);
+		
 			std::shared_ptr<const RouterInfo> GetRandomRouter () const;
 			std::shared_ptr<const RouterInfo> GetRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
 			std::shared_ptr<const RouterInfo> GetHighBandwidthRandomRouter (std::shared_ptr<const RouterInfo> compatibleWith) const;
@@ -110,13 +112,16 @@ namespace data
 			void Run (); // exploratory thread
 			void Explore (int numDestinations);
 			void Publish ();
+			void Flood (const IdentHash& ident, std::shared_ptr<I2NPMessage> floodMsg);
 			void ManageLeaseSets ();
 			void ManageRequests ();
 
-		void ReseedFromFloodfill(const RouterInfo & ri, int numRouters=40, int numFloodfills=20);
+			void ReseedFromFloodfill(const RouterInfo & ri, int numRouters=40, int numFloodfills=20);
 
-    	template<typename Filter>
-        std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;
+			std::shared_ptr<const RouterInfo> AddRouterInfo (const uint8_t * buf, int len, bool& updated);
+			std::shared_ptr<const RouterInfo> AddRouterInfo (const IdentHash& ident, const uint8_t * buf, int len, bool& updated);
+    		template<typename Filter>
+        	std::shared_ptr<const RouterInfo> GetRandomRouter (Filter filter) const;
 
 		private:
 
@@ -140,6 +145,8 @@ namespace data
 			friend class NetDbRequests;
 			NetDbRequests m_Requests;
 
+			bool m_PersistProfiles;
+
 		/** router info we are bootstrapping from or nullptr if we are not currently doing that*/
 		std::shared_ptr<RouterInfo> m_FloodfillBootstrap;
 

libi2pd/Poly1305.cpp

@@ -6,246 +6,20 @@
    Kovri go write your own code
 
  */
+
+#if !OPENSSL_AEAD_CHACHA20_POLY1305 
 namespace i2p
 {
 namespace crypto
 {
-	namespace poly1305 
+
+	void Poly1305HMAC(uint64_t * out, const uint64_t * key, const uint8_t * buf, std::size_t sz)
 	{
-
-		struct LongBlock
-		{
-			unsigned long data[17];
-			operator unsigned long * ()
-			{
-				return data;
-			}
-		};
-
-		struct Block
-		{
-			unsigned char data[17];
-
-			operator uint8_t * ()
-			{
-				return data;
-			}
-
-			Block & operator += (const Block & other)
-			{
-				unsigned short u;
-				unsigned int i;
-				for(u = 0, i = 0; i < 17; i++)
-				{
-					u += (unsigned short) data[i] + (unsigned short) other.data[i];
-					data[i] = (unsigned char) u & 0xff;
-					u >>= 8;
-				}
-				return *this;
-			}
-
-			Block & operator %=(const LongBlock & other)
-			{
-				unsigned long u;
-				unsigned int i;
-				u = 0;
-				for (i = 0; i < 16; i++) {
-					u += other.data[i];
-					data[i] = (unsigned char)u & 0xff;
-					u >>= 8;
-				}
-				u += other.data[16];
-				data[16] = (unsigned char)u & 0x03;
-				u >>= 2;
-				u += (u << 2);
-				for (i = 0; i < 16; i++) {
-					u += data[i];
-					data[i] = (unsigned char)u & 0xff;
-					u >>= 8;
-				}
-				data[16] += (unsigned char)u;
-				return *this;
-			}
-
-			Block & operator = (const Block & other)
-			{
-				memcpy(data, other.data, sizeof(data));
-				return *this;
-			}
-
-			Block & operator ~ ()
-			{
-				static const Block minusp = {
-					0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-					0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-					0xfc
-				};
-				Block orig;
-				unsigned char neg;
-				unsigned int i;
-				orig = *this;
-				*this += minusp;
-				neg = -(data[16] >> 7);
-				for(i = 0; i < 17; i++)
-					data[i] ^= neg & (orig.data[i] ^ data[i]);
-
-				return *this;
-			}
-
-			void PutKey(const uint8_t * key)
-			{
-				data[0] = key[0] & 0xff;
-				data[1] = key[1] & 0xff;
-				data[2] = key[2] & 0xff;
-				data[3] = key[3] & 0x0f;
-				data[4] = key[4] & 0xfc;
-				data[5] = key[5] & 0xff;
-				data[6] = key[6] & 0xff;
-				data[7] = key[7] & 0x0f;
-				data[8] = key[8] & 0xfc;
-				data[9] = key[9] & 0xff;
-				data[10] = key[10] & 0xff;
-				data[11] = key[11] & 0x0f;
-				data[12] = key[12] & 0xfc;
-				data[13] = key[13] & 0xff;
-				data[14] = key[14] & 0xff;
-				data[15] = key[15] & 0x0f;
-				data[16] = 0;
-			}
-
-			void Put(const uint8_t * d, uint8_t last=0)
-			{
-				memcpy(data, d, 17);
-				data[16] = last;
-			}
-		};
-
-		struct Buffer
-		{
-			uint8_t data[POLY1305_BLOCK_BYTES];
-
-			operator uint8_t * ()
-			{
-				return data;
-			}
-		};
-	}
-
-	struct Poly1305
-	{
-#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 8) // older than gcc 4.8
-		Poly1305(const uint8_t * key) : m_Leftover(0), m_Final(0)
-		{
-			memset (&m_H, 0, sizeof (m_H));
-#else 
-		Poly1305(const uint8_t * key) : m_Leftover(0), m_H{0}, m_Final(0)
-		{
-#endif
-			m_R.PutKey(key);
-			m_Pad.Put(key + 16);
-		}
-
-		void Update(const uint8_t * buf, size_t sz)
-		{
-			// process leftover
-			if(m_Leftover)
-			{
-				size_t want = POLY1305_BLOCK_BYTES - m_Leftover;
-				if(want > sz) want = sz;
-				memcpy(m_Buffer + m_Leftover, buf, want);
-				sz -= want;
-				buf += want;
-				m_Leftover += want;
-				if(m_Leftover < POLY1305_BLOCK_BYTES) return;
-				Blocks(m_Buffer, POLY1305_BLOCK_BYTES);
-				m_Leftover = 0;
-			}
-			// process blocks
-			if(sz >= POLY1305_BLOCK_BYTES)
-			{
-				size_t want = (sz & ~(POLY1305_BLOCK_BYTES - 1));
-				Blocks(buf, want);
-				buf += want;
-				sz -= want;
-			}
-			// leftover
-			if(sz)
-			{
-				memcpy(m_Buffer+m_Leftover, buf, sz);
-				m_Leftover += sz;
-			}
-		}
-
-		void Blocks(const uint8_t * buf, size_t sz)
-		{
-			const unsigned char hi = m_Final ^ 1;
-			while (sz >= POLY1305_BLOCK_BYTES) {
-				
-				unsigned long u;
-				
-				unsigned int i, j;
-				m_Msg.Put(buf, hi);
-				/* h += m */
-				m_H += m_Msg;
-
-				/* h *= r */
-				for (i = 0; i < 17; i++) {
-					u = 0;
-					for (j = 0; j <= i ; j++) {
-						u += (unsigned short)m_H.data[j] * m_R.data[i - j];
-					}
-					for (j = i + 1; j < 17; j++) {
-						unsigned long v = (unsigned short)m_H.data[j] * m_R.data[i + 17 - j];
-						v = ((v << 8) + (v << 6)); /* v *= (5 << 6); */
-						u += v;
-					}
-					m_HR[i] = u;
-				}
-				/* (partial) h %= p */
-				m_H %= m_HR;
-				buf += POLY1305_BLOCK_BYTES;
-				sz -= POLY1305_BLOCK_BYTES;
-			}
-		}
-
-		void Finish(uint32_t *& out)
-		{
-			// process leftovers
-			if(m_Leftover)
-			{
-				size_t idx = m_Leftover;
-				m_Buffer[idx++] = 1;
-				for(; idx < POLY1305_BLOCK_BYTES; idx++)
-					m_Buffer[idx] = 0;
-				m_Final = 1;
-				Blocks(m_Buffer, POLY1305_BLOCK_BYTES);
-			}
-
-			// freeze H
-			~m_H;
-			// add pad
-			m_H += m_Pad;
-			// copy digest
-			memcpy(out, m_H, 16);
-		}
-
-		size_t m_Leftover;
-		poly1305::Buffer m_Buffer;
-		poly1305::Block m_H;
-		poly1305::Block m_R;
-		poly1305::Block m_Pad;
-		poly1305::Block m_Msg;
-		poly1305::LongBlock m_HR;
-		uint8_t m_Final;
-		
-	};
-
-	void Poly1305HMAC(uint32_t * out, const uint32_t * key, const uint8_t * buf, std::size_t sz)
-	{
-		const uint8_t * k = (const uint8_t *) key;
-		Poly1305 p(k);
+		Poly1305 p(key);
 		p.Update(buf, sz);
 		p.Finish(out);
-  	}
+	}
 }
 }
+#endif
+

libi2pd/Poly1305.h

@@ -9,20 +9,253 @@
 #define LIBI2PD_POLY1305_H
 #include <cstdint>
 #include <cstring>
+#include "Crypto.h"
 
+#if !OPENSSL_AEAD_CHACHA20_POLY1305 
 namespace i2p
 {
 namespace crypto
 {
-  const std::size_t POLY1305_DIGEST_BYTES = 16;
-  const std::size_t POLY1305_DIGEST_DWORDS = 4;
-  const std::size_t POLY1305_KEY_BYTES = 32;
-  const std::size_t POLY1305_KEY_DWORDS = 8;
-  const std::size_t POLY1305_BLOCK_BYTES = 16;
+	const std::size_t POLY1305_DIGEST_BYTES = 16;
+	const std::size_t POLY1305_DIGEST_DWORDS = 4;
+	const std::size_t POLY1305_KEY_BYTES = 32;
+	const std::size_t POLY1305_KEY_DWORDS = 8;
+	const std::size_t POLY1305_BLOCK_BYTES = 16;
+
+	namespace poly1305
+	{
+
+		struct LongBlock
+		{
+			unsigned long data[17];
+			operator unsigned long * ()
+			{
+				return data;
+			}
+		};
+
+		struct Block
+		{
+			unsigned char data[17];
+
+			void Zero()
+			{
+				memset(data, 0, sizeof(data));
+			}
+
+			operator uint8_t * ()
+			{
+				return data;
+			}
+
+			Block & operator += (const Block & other)
+			{
+				unsigned short u;
+				unsigned int i;
+				for(u = 0, i = 0; i < 17; i++)
+				{
+					u += (unsigned short) data[i] + (unsigned short) other.data[i];
+					data[i] = (unsigned char) u & 0xff;
+					u >>= 8;
+				}
+				return *this;
+			}
+
+			Block & operator %=(const LongBlock & other)
+			{
+				unsigned long u;
+				unsigned int i;
+				u = 0;
+				for (i = 0; i < 16; i++) {
+					u += other.data[i];
+					data[i] = (unsigned char)u & 0xff;
+					u >>= 8;
+				}
+				u += other.data[16];
+				data[16] = (unsigned char)u & 0x03;
+				u >>= 2;
+				u += (u << 2);
+				for (i = 0; i < 16; i++) {
+					u += data[i];
+					data[i] = (unsigned char)u & 0xff;
+					u >>= 8;
+				}
+				data[16] += (unsigned char)u;
+				return *this;
+			}
+
+			Block & operator = (const Block & other)
+			{
+				memcpy(data, other.data, sizeof(data));
+				return *this;
+			}
+
+			Block & operator ~ ()
+			{
+				static const Block minusp = {
+					0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+					0xfc
+				};
+				Block orig;
+				unsigned char neg;
+				unsigned int i;
+				orig = *this;
+				*this += minusp;
+				neg = -(data[16] >> 7);
+				for(i = 0; i < 17; i++)
+					data[i] ^= neg & (orig.data[i] ^ data[i]);
+
+				return *this;
+			}
+
+			void PutKey(const uint64_t * key_l)
+			{
+				const uint8_t * key = (const uint8_t*) key_l;
+				data[0] = key[0] & 0xff;
+				data[1] = key[1] & 0xff;
+				data[2] = key[2] & 0xff;
+				data[3] = key[3] & 0x0f;
+				data[4] = key[4] & 0xfc;
+				data[5] = key[5] & 0xff;
+				data[6] = key[6] & 0xff;
+				data[7] = key[7] & 0x0f;
+				data[8] = key[8] & 0xfc;
+				data[9] = key[9] & 0xff;
+				data[10] = key[10] & 0xff;
+				data[11] = key[11] & 0x0f;
+				data[12] = key[12] & 0xfc;
+				data[13] = key[13] & 0xff;
+				data[14] = key[14] & 0xff;
+				data[15] = key[15] & 0x0f;
+				data[16] = 0;
+			}
+
+			template<typename Int_t>
+			void Put(const Int_t * d, uint8_t last=0)
+			{
+				memcpy(data, d, 16);
+				data[16] = last;
+			}
+		};
+
+		struct Buffer
+		{
+			uint8_t data[POLY1305_BLOCK_BYTES];
+
+			operator uint8_t * ()
+			{
+				return data;
+			}
+		};
+	}
+
+	struct Poly1305
+	{
+		Poly1305(const uint64_t * key)
+		{
+			m_Leftover = 0;
+			m_H.Zero();
+			m_Final = 0;
+			m_R.PutKey(key);
+			m_Pad.Put(key + 2);
+		}
+
+		void Update(const uint8_t * buf, size_t sz)
+		{
+			// process leftover
+			if(m_Leftover)
+			{
+				size_t want = POLY1305_BLOCK_BYTES - m_Leftover;
+				if(want > sz) want = sz;
+				memcpy(m_Buffer + m_Leftover, buf, want);
+				sz -= want;
+				buf += want;
+				m_Leftover += want;
+				if(m_Leftover < POLY1305_BLOCK_BYTES) return;
+				Blocks(m_Buffer, POLY1305_BLOCK_BYTES);
+				m_Leftover = 0;
+			}
+			// process blocks
+			if(sz >= POLY1305_BLOCK_BYTES)
+			{
+				size_t want = (sz & ~(POLY1305_BLOCK_BYTES - 1));
+				Blocks(buf, want);
+				buf += want;
+				sz -= want;
+			}
+			// leftover
+			if(sz)
+			{
+				memcpy(m_Buffer+m_Leftover, buf, sz);
+				m_Leftover += sz;
+			}
+		}
+
+		void Blocks(const uint8_t * buf, size_t sz)
+		{
+			const unsigned char hi = m_Final ^ 1;
+			while (sz >= POLY1305_BLOCK_BYTES) {
+				unsigned long u;
+				unsigned int i, j;
+				m_Msg.Put(buf, hi);
+				/* h += m */
+				m_H += m_Msg;
+
+				/* h *= r */
+				for (i = 0; i < 17; i++) {
+					u = 0;
+					for (j = 0; j <= i ; j++) {
+						u += (unsigned short)m_H.data[j] * m_R.data[i - j];
+					}
+					for (j = i + 1; j < 17; j++) {
+						unsigned long v = (unsigned short)m_H.data[j] * m_R.data[i + 17 - j];
+						v = ((v << 8) + (v << 6)); /* v *= (5 << 6); */
+						u += v;
+					}
+					m_HR[i] = u;
+				}
+				/* (partial) h %= p */
+				m_H %= m_HR;
+				buf += POLY1305_BLOCK_BYTES;
+				sz -= POLY1305_BLOCK_BYTES;
+			}
+		}
+
+		void Finish(uint64_t * out)
+		{
+			// process leftovers
+			if(m_Leftover)
+			{
+				size_t idx = m_Leftover;
+				m_Buffer[idx++] = 1;
+				for(; idx < POLY1305_BLOCK_BYTES; idx++)
+					m_Buffer[idx] = 0;
+				m_Final = 1;
+				Blocks(m_Buffer, POLY1305_BLOCK_BYTES);
+			}
+
+			// freeze H
+			~m_H;
+			// add pad
+			m_H += m_Pad;
+			// copy digest
+			memcpy(out, m_H, 16);
+		}
+
+		size_t m_Leftover;
+		poly1305::Buffer m_Buffer;
+		poly1305::Block m_H;
+		poly1305::Block m_R;
+		poly1305::Block m_Pad;
+		poly1305::Block m_Msg;
+		poly1305::LongBlock m_HR;
+		uint8_t m_Final;
+	};
+	void Poly1305HMAC(uint64_t * out, const uint64_t * key, const uint8_t * buf, std::size_t sz);
 
-  void Poly1305HMAC(uint32_t * out, const uint32_t * key, const uint8_t * buf, std::size_t sz);
-  
 }
 }
+#endif
 
 #endif

libi2pd/Reseed.cpp

@@ -375,7 +375,7 @@ namespace data
 			if (end - contentPos >= contentLength)
 				break; // we are beyond contentLength
 		}
-		if (numFiles) // check if  routers are not outdated
+		if (numFiles) // check if routers are not outdated
 		{
 			auto ts = i2p::util::GetMillisecondsSinceEpoch ();
 			int numOutdated = 0;

libi2pd/RouterContext.cpp

@@ -37,7 +37,7 @@ namespace i2p
 	void RouterContext::CreateNewRouter ()
 	{
 		m_Keys = i2p::data::PrivateKeys::CreateRandomKeys (i2p::data::SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519);
-		SaveKeys ();			
+		SaveKeys ();
 		NewRouterInfo ();
 	}
 
@@ -47,14 +47,17 @@ namespace i2p
 		routerInfo.SetRouterIdentity (GetIdentity ());
 		uint16_t port; i2p::config::GetOption("port", port);
 		if (!port)
+		{
 			port = rand () % (30777 - 9111) + 9111; // I2P network ports range
-		bool ipv4; i2p::config::GetOption("ipv4", ipv4);
-		bool ipv6; i2p::config::GetOption("ipv6", ipv6);
-		bool ssu;    i2p::config::GetOption("ssu", ssu);
-		bool ntcp;   i2p::config::GetOption("ntcp", ntcp);
-		bool ntcp2;  i2p::config::GetOption("ntcp2.enabled", ntcp2);
-		bool nat;  i2p::config::GetOption("nat", nat);	
-		std::string ifname; i2p::config::GetOption("ifname", ifname);
+			if (port == 9150) port = 9151; // Tor browser
+		}
+		bool ipv4;           i2p::config::GetOption("ipv4", ipv4);
+		bool ipv6;           i2p::config::GetOption("ipv6", ipv6);
+		bool ssu;            i2p::config::GetOption("ssu", ssu);
+		bool ntcp;           i2p::config::GetOption("ntcp", ntcp);
+		bool ntcp2;          i2p::config::GetOption("ntcp2.enabled", ntcp2);
+		bool nat;            i2p::config::GetOption("nat", nat);
+		std::string ifname;  i2p::config::GetOption("ifname", ifname);
 		std::string ifname4; i2p::config::GetOption("ifname4", ifname4);
 		std::string ifname6; i2p::config::GetOption("ifname6", ifname6);
 		if (ipv4)
@@ -76,7 +79,7 @@ namespace i2p
 		}
 		if (ipv6)
 		{
-			std::string host = "::";
+			std::string host = "::1";
 			if (!i2p::config::IsDefault("host") && !ipv4) // override if v6 only
 				i2p::config::GetOption("host", host);
 			else if (!ifname.empty())
@@ -100,11 +103,16 @@ namespace i2p
 		m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
 
 		if (ntcp2) // we don't store iv in the address if non published so we must update it from keys
-		{ 
+		{
 			if (!m_NTCP2Keys) NewNTCP2Keys ();
-			UpdateNTCP2Address (true);	
+			UpdateNTCP2Address (true);
+			if (!ntcp) // NTCP2 should replace NTCP
+			{
+				bool published; i2p::config::GetOption("ntcp2.published", published);
+				if (published)
+					PublishNTCP2Address (port, true);
+			}
 		}
-
 	}
 
 	void RouterContext::UpdateRouterInfo ()
@@ -116,15 +124,15 @@ namespace i2p
 
 	void RouterContext::NewNTCP2Keys ()
 	{
+		m_StaticKeys.reset (new i2p::crypto::X25519Keys ());
+		m_StaticKeys->GenerateKeys ();
 		m_NTCP2Keys.reset (new NTCP2PrivateKeys ());
-		RAND_bytes (m_NTCP2Keys->staticPrivateKey, 32);
+		m_StaticKeys->GetPrivateKey (m_NTCP2Keys->staticPrivateKey);
+		memcpy (m_NTCP2Keys->staticPublicKey, m_StaticKeys->GetPublicKey (), 32);
 		RAND_bytes (m_NTCP2Keys->iv, 16);
-		BN_CTX * ctx = BN_CTX_new ();
-		i2p::crypto::GetEd25519 ()->ScalarMulB (m_NTCP2Keys->staticPrivateKey, m_NTCP2Keys->staticPublicKey, ctx); 
-		BN_CTX_free (ctx);
 		// save
 		std::ofstream fk (i2p::fs::DataDirPath (NTCP2_KEYS), std::ofstream::binary | std::ofstream::out);
-		fk.write ((char *)m_NTCP2Keys.get (), sizeof (NTCP2PrivateKeys)); 
+		fk.write ((char *)m_NTCP2Keys.get (), sizeof (NTCP2PrivateKeys));
 	}
 
 	void RouterContext::SetStatus (RouterStatus status)
@@ -166,7 +174,10 @@ namespace i2p
 	{
 		if (!m_NTCP2Keys) return;
 		if (!port)
+		{
 			port = rand () % (30777 - 9111) + 9111; // I2P network ports range
+			if (port == 9150) port = 9151; // Tor browser
+		}
 		bool updated = false;
 		for (auto& address : m_RouterInfo.GetAddresses ())
 		{
@@ -180,7 +191,7 @@ namespace i2p
 			}
 		}
 		if (updated)
-			UpdateRouterInfo ();	
+			UpdateRouterInfo ();
 	}
 
 	void RouterContext::UpdateNTCP2Address (bool enable)
@@ -193,7 +204,7 @@ namespace i2p
 			{
 				found = true;
 				if (!enable)
-				{ 
+				{
 					addresses.erase (it);
 					updated= true;
 				}
@@ -201,14 +212,14 @@ namespace i2p
 			}
 		}
 		if (enable && !found)
-		{	
-			m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv);	
+		{
+			m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv);
 			updated = true;
 		}
 		if (updated)
 			UpdateRouterInfo ();
 	}
-	
+
 	void RouterContext::UpdateAddress (const boost::asio::ip::address& host)
 	{
 		bool updated = false;
@@ -332,6 +343,51 @@ namespace i2p
 		return m_RouterInfo.GetCaps () & i2p::data::RouterInfo::eUnreachable;
 	}
 
+	void RouterContext::PublishNTCPAddress (bool publish, bool v4only)
+	{
+		auto& addresses = m_RouterInfo.GetAddresses ();
+		if (publish)
+		{
+			for (const auto& addr : addresses) // v4
+			{
+				if (addr->transportStyle == i2p::data::RouterInfo::eTransportSSU &&
+					addr->host.is_v4 ())
+				{
+					// insert NTCP address with host/port from SSU
+					m_RouterInfo.AddNTCPAddress (addr->host.to_string ().c_str (), addr->port);
+					break;
+				}
+			}
+			if (!v4only)
+			{
+				for (const auto& addr : addresses) // v6
+				{
+					if (addr->transportStyle == i2p::data::RouterInfo::eTransportSSU &&
+						addr->host.is_v6 ())
+					{
+						// insert NTCP address with host/port from SSU
+						m_RouterInfo.AddNTCPAddress (addr->host.to_string ().c_str (), addr->port);
+						break;
+					}
+				}
+			}
+		}
+		else
+		{
+			for (auto it = addresses.begin (); it != addresses.end ();)
+			{
+				if ((*it)->transportStyle == i2p::data::RouterInfo::eTransportNTCP && !(*it)->IsNTCP2 () &&
+					(!v4only || (*it)->host.is_v4 ()))
+				{
+					it = addresses.erase (it);
+					if (v4only) break; // otherwise might be more than one address
+				}
+				else
+					++it;
+			}
+		}
+	}
+
 	void RouterContext::SetUnreachable ()
 	{
 		// set caps
@@ -341,22 +397,13 @@ namespace i2p
 		caps &= ~i2p::data::RouterInfo::eFloodfill;	// can't be floodfill
 		caps &= ~i2p::data::RouterInfo::eSSUIntroducer; // can't be introducer
 		m_RouterInfo.SetCaps (caps);
-		// remove NTCP address
-		auto& addresses = m_RouterInfo.GetAddresses ();
-		for (auto it = addresses.begin (); it != addresses.end (); ++it)
-		{
-			if ((*it)->transportStyle == i2p::data::RouterInfo::eTransportNTCP && !(*it)->IsNTCP2 () &&
-				(*it)->host.is_v4 ())
-			{
-				addresses.erase (it);
-				break;
-			}
-		}
+		// remove NTCP v4 address
+		PublishNTCPAddress (false);
 		// delete previous introducers
+		auto& addresses = m_RouterInfo.GetAddresses ();
 		for (auto& addr : addresses)
 			if (addr->ssu)
 				addr->ssu->introducers.clear ();
-
 		// update
 		UpdateRouterInfo ();
 	}
@@ -371,27 +418,15 @@ namespace i2p
 		if (m_IsFloodfill)
 			caps |= i2p::data::RouterInfo::eFloodfill;
 		m_RouterInfo.SetCaps (caps);
-
-		auto& addresses = m_RouterInfo.GetAddresses ();
 		// insert NTCP back
 		bool ntcp;   i2p::config::GetOption("ntcp", ntcp);
-		if (ntcp) {
-			for (const auto& addr : addresses)
-			{
-				if (addr->transportStyle == i2p::data::RouterInfo::eTransportSSU &&
-					addr->host.is_v4 ())
-				{
-					// insert NTCP address with host/port from SSU
-					m_RouterInfo.AddNTCPAddress (addr->host.to_string ().c_str (), addr->port);
-					break;
-				}
-			}
-		}
+		if (ntcp)
+			PublishNTCPAddress (true);
 		// delete previous introducers
+		auto& addresses = m_RouterInfo.GetAddresses ();
 		for (auto& addr : addresses)
 			if (addr->ssu)
 				addr->ssu->introducers.clear ();
-
 		// update
 		UpdateRouterInfo ();
 	}
@@ -480,11 +515,11 @@ namespace i2p
 
 		if (!found && port) // we have found NTCP2 v4 but not v6
 		{
-			m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, host, port);	
+			m_RouterInfo.AddNTCP2Address (m_NTCP2Keys->staticPublicKey, m_NTCP2Keys->iv, host, port);
 			updated = true;
 		}
 		if (updated)
-			UpdateRouterInfo ();	
+			UpdateRouterInfo ();
 	}
 
 	void RouterContext::UpdateStats ()
@@ -527,7 +562,7 @@ namespace i2p
 		}
 		// read NTCP2 keys if available
 		std::ifstream n2k (i2p::fs::DataDirPath (NTCP2_KEYS), std::ifstream::in | std::ifstream::binary);
-		if (n2k) 
+		if (n2k)
 		{
 			n2k.seekg (0, std::ios::end);
 			len = n2k.tellg();
@@ -535,8 +570,8 @@ namespace i2p
 			if (len == sizeof (NTCP2PrivateKeys))
 			{
 				m_NTCP2Keys.reset (new NTCP2PrivateKeys ());
-				n2k.read ((char *)m_NTCP2Keys.get (), sizeof (NTCP2PrivateKeys));				
-			}	
+				n2k.read ((char *)m_NTCP2Keys.get (), sizeof (NTCP2PrivateKeys));
+			}
 			n2k.close ();
 		}
 		// read RouterInfo
@@ -631,7 +666,7 @@ namespace i2p
 	i2p::crypto::X25519Keys& RouterContext::GetStaticKeys ()
 	{
 		if (!m_StaticKeys)
-		{	
+		{
 			if (!m_NTCP2Keys) NewNTCP2Keys ();
 			auto x = new i2p::crypto::X25519Keys (m_NTCP2Keys->staticPrivateKey, m_NTCP2Keys->staticPublicKey);
 			if (!m_StaticKeys)
@@ -639,6 +674,6 @@ namespace i2p
 			else
 				delete x;
 		}
-		return *m_StaticKeys;		
-	}	
+		return *m_StaticKeys;
+	}
 }

libi2pd/RouterContext.h

@@ -81,6 +81,7 @@ namespace i2p
 			void UpdateAddress (const boost::asio::ip::address& host);	// called from SSU or Daemon
 			void PublishNTCP2Address (int port, bool publish = true);
 			void UpdateNTCP2Address (bool enable);
+			void PublishNTCPAddress (bool publish, bool v4only = true);
 			bool AddIntroducer (const i2p::data::RouterInfo::Introducer& introducer);
 			void RemoveIntroducer (const boost::asio::ip::udp::endpoint& e);
 			bool IsUnreachable () const;

libi2pd/RouterInfo.cpp

@@ -51,7 +51,7 @@ namespace data
 
 	void RouterInfo::Update (const uint8_t * buf, int len)
 	{
-		// verify signature since we have indentity already
+		// verify signature since we have identity already
 		int l = len - m_RouterIdentity->GetSignatureLen ();
 		if (m_RouterIdentity->Verify (buf, l, buf + l))
 		{
@@ -208,26 +208,21 @@ namespace data
 				{
 					boost::system::error_code ecode;
 					address->host = boost::asio::ip::address::from_string (value, ecode);
-					if (ecode)
+					if (!ecode)
 					{
-						if (address->transportStyle == eTransportNTCP)
-						{
-							supportedTransports |= eNTCPV4; // TODO:
-							address->addressString = value;
-						}
-						else
-						{
-							supportedTransports |= eSSUV4; // TODO:
-							address->addressString = value;
-						}
-					}
-					else
-					{
-						// add supported protocol
-						if (address->host.is_v4 ())
-							supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4;
-						else
-							supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6;
+#if BOOST_VERSION >= 104900
+						if (!address->host.is_unspecified ()) // check if address is valid
+#else
+						address->host.to_string (ecode);
+						if (!ecode)
+#endif
+						{	
+							// add supported protocol
+							if (address->host.is_v4 ())
+								supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4;
+							else
+								supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6;
+						}	
 					}
 				}
 				else if (!strcmp (key, "port"))
@@ -888,7 +883,7 @@ namespace data
 	template<typename Filter>	
 	std::shared_ptr<const RouterInfo::Address> RouterInfo::GetAddress (Filter filter) const
 	{
-		// TODO: make it more gereric using comparator
+		// TODO: make it more generic using comparator
 #if (BOOST_VERSION >= 105300)
 		auto addresses = boost::atomic_load (&m_Addresses);
 #else