2021-03-09 22:24:35 +00:00
|
|
|
#include "intro_set.hpp"
|
|
|
|
#include <llarp/crypto/crypto.hpp>
|
|
|
|
#include <llarp/path/path.hpp>
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
#include <oxenmq/bt_serialize.h>
|
2020-08-31 20:07:17 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
namespace llarp::service
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
util::StatusObject
|
|
|
|
EncryptedIntroSet::ExtractStatus() const
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
const auto sz = introsetPayload.size();
|
|
|
|
return {
|
|
|
|
{"location", derivedSigningKey.ToString()}, {"signedAt", to_json(signedAt)}, {"size", sz}};
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
EncryptedIntroSet::BEncode(llarp_buffer_t* buf) const
|
|
|
|
{
|
|
|
|
if (not bencode_start_dict(buf))
|
|
|
|
return false;
|
|
|
|
if (not BEncodeWriteDictEntry("d", derivedSigningKey, buf))
|
|
|
|
return false;
|
|
|
|
if (not BEncodeWriteDictEntry("n", nounce, buf))
|
|
|
|
return false;
|
|
|
|
if (not BEncodeWriteDictInt("s", signedAt.count(), buf))
|
|
|
|
return false;
|
|
|
|
if (not bencode_write_bytestring(buf, "x", 1))
|
|
|
|
return false;
|
|
|
|
if (not bencode_write_bytestring(buf, introsetPayload.data(), introsetPayload.size()))
|
|
|
|
return false;
|
|
|
|
if (not BEncodeWriteDictEntry("z", sig, buf))
|
|
|
|
return false;
|
|
|
|
return bencode_end(buf);
|
|
|
|
}
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
bool
|
|
|
|
EncryptedIntroSet::DecodeKey(const llarp_buffer_t& key, llarp_buffer_t* buf)
|
|
|
|
{
|
|
|
|
bool read = false;
|
|
|
|
if (key == "x")
|
2020-01-27 21:30:41 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
llarp_buffer_t strbuf;
|
|
|
|
if (not bencode_read_string(buf, &strbuf))
|
2020-01-27 21:30:41 +00:00
|
|
|
return false;
|
2021-02-02 14:35:40 +00:00
|
|
|
if (strbuf.sz > MAX_INTROSET_SIZE)
|
2020-01-27 21:30:41 +00:00
|
|
|
return false;
|
2021-02-02 14:35:40 +00:00
|
|
|
introsetPayload.resize(strbuf.sz);
|
|
|
|
std::copy_n(strbuf.base, strbuf.sz, introsetPayload.data());
|
|
|
|
return true;
|
2020-01-27 21:30:41 +00:00
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
if (not BEncodeMaybeReadDictEntry("d", derivedSigningKey, read, key, buf))
|
|
|
|
return false;
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (not BEncodeMaybeReadDictEntry("n", nounce, read, key, buf))
|
|
|
|
return false;
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (not BEncodeMaybeReadDictInt("s", signedAt, read, key, buf))
|
|
|
|
return false;
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (not BEncodeMaybeReadDictEntry("z", sig, read, key, buf))
|
|
|
|
return false;
|
|
|
|
return read;
|
|
|
|
}
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
bool
|
|
|
|
EncryptedIntroSet::OtherIsNewer(const EncryptedIntroSet& other) const
|
|
|
|
{
|
|
|
|
return signedAt < other.signedAt;
|
|
|
|
}
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
std::ostream&
|
|
|
|
EncryptedIntroSet::print(std::ostream& out, int levels, int spaces) const
|
|
|
|
{
|
|
|
|
Printer printer(out, levels, spaces);
|
|
|
|
printer.printAttribute("d", derivedSigningKey);
|
|
|
|
printer.printAttribute("n", nounce);
|
|
|
|
printer.printAttribute("s", signedAt.count());
|
|
|
|
printer.printAttribute("x", "[" + std::to_string(introsetPayload.size()) + " bytes]");
|
|
|
|
printer.printAttribute("z", sig);
|
|
|
|
return out;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::optional<IntroSet>
|
|
|
|
EncryptedIntroSet::MaybeDecrypt(const PubKey& root) const
|
|
|
|
{
|
|
|
|
SharedSecret k(root);
|
|
|
|
IntroSet i;
|
|
|
|
std::vector<byte_t> payload = introsetPayload;
|
|
|
|
llarp_buffer_t buf(payload);
|
|
|
|
CryptoManager::instance()->xchacha20(buf, k, nounce);
|
|
|
|
if (not i.BDecode(&buf))
|
|
|
|
return {};
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
EncryptedIntroSet::IsExpired(llarp_time_t now) const
|
|
|
|
{
|
|
|
|
return now >= signedAt + path::default_lifetime;
|
|
|
|
}
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
bool
|
|
|
|
EncryptedIntroSet::Sign(const PrivateKey& k)
|
|
|
|
{
|
|
|
|
signedAt = llarp::time_now_ms();
|
|
|
|
if (not k.toPublic(derivedSigningKey))
|
|
|
|
return false;
|
|
|
|
sig.Zero();
|
|
|
|
std::array<byte_t, MAX_INTROSET_SIZE + 128> tmp;
|
|
|
|
llarp_buffer_t buf(tmp);
|
|
|
|
if (not BEncode(&buf))
|
|
|
|
return false;
|
|
|
|
buf.sz = buf.cur - buf.base;
|
|
|
|
buf.cur = buf.base;
|
|
|
|
if (not CryptoManager::instance()->sign(sig, k, buf))
|
|
|
|
return false;
|
|
|
|
LogDebug("signed encrypted introset: ", *this);
|
|
|
|
return true;
|
|
|
|
}
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
bool
|
|
|
|
EncryptedIntroSet::Verify(llarp_time_t now) const
|
|
|
|
{
|
|
|
|
if (IsExpired(now))
|
|
|
|
return false;
|
|
|
|
std::array<byte_t, MAX_INTROSET_SIZE + 128> tmp;
|
|
|
|
llarp_buffer_t buf(tmp);
|
|
|
|
EncryptedIntroSet copy(*this);
|
|
|
|
copy.sig.Zero();
|
|
|
|
if (not copy.BEncode(&buf))
|
|
|
|
return false;
|
|
|
|
LogDebug("verify encrypted introset: ", copy, " sig = ", sig);
|
|
|
|
buf.sz = buf.cur - buf.base;
|
|
|
|
buf.cur = buf.base;
|
|
|
|
return CryptoManager::instance()->verify(derivedSigningKey, buf, sig);
|
|
|
|
}
|
|
|
|
|
|
|
|
util::StatusObject
|
|
|
|
IntroSet::ExtractStatus() const
|
|
|
|
{
|
|
|
|
util::StatusObject obj{{"published", to_json(T)}};
|
|
|
|
std::vector<util::StatusObject> introsObjs;
|
|
|
|
std::transform(
|
|
|
|
I.begin(),
|
|
|
|
I.end(),
|
|
|
|
std::back_inserter(introsObjs),
|
|
|
|
[](const auto& intro) -> util::StatusObject { return intro.ExtractStatus(); });
|
|
|
|
obj["intros"] = introsObjs;
|
|
|
|
if (!topic.IsZero())
|
|
|
|
obj["topic"] = topic.ToString();
|
|
|
|
return obj;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
IntroSet::DecodeKey(const llarp_buffer_t& key, llarp_buffer_t* buf)
|
|
|
|
{
|
|
|
|
bool read = false;
|
|
|
|
if (!BEncodeMaybeReadDictEntry("a", A, read, key, buf))
|
|
|
|
return false;
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (key == "i")
|
2020-01-27 21:30:41 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
return BEncodeReadList(I, buf);
|
2020-01-27 21:30:41 +00:00
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!BEncodeMaybeReadDictEntry("k", K, read, key, buf))
|
|
|
|
return false;
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!BEncodeMaybeReadDictEntry("n", topic, read, key, buf))
|
|
|
|
return false;
|
2020-01-27 21:30:41 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (key == "s")
|
2020-01-27 21:30:41 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
byte_t* begin = buf->cur;
|
|
|
|
if (not bencode_discard(buf))
|
2020-01-27 21:30:41 +00:00
|
|
|
return false;
|
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
byte_t* end = buf->cur;
|
2019-02-08 19:43:25 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
std::string_view srvString(reinterpret_cast<char*>(begin), end - begin);
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
try
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-03 18:12:21 +00:00
|
|
|
oxenmq::bt_deserialize(srvString, SRVs);
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
2021-02-03 18:12:21 +00:00
|
|
|
catch (const oxenmq::bt_deserialize_invalid& err)
|
2021-02-02 14:35:40 +00:00
|
|
|
{
|
|
|
|
LogError("Error decoding SRV records from IntroSet: ", err.what());
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2021-02-02 14:35:40 +00:00
|
|
|
}
|
|
|
|
read = true;
|
|
|
|
}
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!BEncodeMaybeReadDictInt("t", T, read, key, buf))
|
|
|
|
return false;
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (key == "w")
|
|
|
|
{
|
|
|
|
W.emplace();
|
|
|
|
return bencode_decode_dict(*W, buf);
|
|
|
|
}
|
2020-08-31 20:07:17 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!BEncodeMaybeReadDictInt("v", version, read, key, buf))
|
|
|
|
return false;
|
2020-08-31 20:07:17 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!BEncodeMaybeReadDictEntry("z", Z, read, key, buf))
|
|
|
|
return false;
|
2020-08-31 20:07:17 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (read)
|
|
|
|
return true;
|
2020-08-31 20:07:17 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
return bencode_discard(buf);
|
|
|
|
}
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
bool
|
|
|
|
IntroSet::BEncode(llarp_buffer_t* buf) const
|
|
|
|
{
|
|
|
|
if (!bencode_start_dict(buf))
|
|
|
|
return false;
|
|
|
|
if (!BEncodeWriteDictEntry("a", A, buf))
|
|
|
|
return false;
|
|
|
|
// start introduction list
|
|
|
|
if (!bencode_write_bytestring(buf, "i", 1))
|
|
|
|
return false;
|
|
|
|
if (!BEncodeWriteList(I.begin(), I.end(), buf))
|
|
|
|
return false;
|
|
|
|
// end introduction list
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
// pq pubkey
|
|
|
|
if (!BEncodeWriteDictEntry("k", K, buf))
|
|
|
|
return false;
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
// topic tag
|
|
|
|
if (topic.ToString().size())
|
|
|
|
{
|
|
|
|
if (!BEncodeWriteDictEntry("n", topic, buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (SRVs.size())
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-03 18:12:21 +00:00
|
|
|
std::string serial = oxenmq::bt_serialize(SRVs);
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!bencode_write_bytestring(buf, "s", 1))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!buf->write(serial.begin(), serial.end()))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2021-02-02 14:35:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Timestamp published
|
|
|
|
if (!BEncodeWriteDictInt("t", T.count(), buf))
|
|
|
|
return false;
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
// write version
|
|
|
|
if (!BEncodeWriteDictInt("v", version, buf))
|
|
|
|
return false;
|
|
|
|
if (W)
|
|
|
|
{
|
|
|
|
if (!BEncodeWriteDictEntry("w", *W, buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
return false;
|
2021-02-02 14:35:40 +00:00
|
|
|
}
|
|
|
|
if (!BEncodeWriteDictEntry("z", Z, buf))
|
|
|
|
return false;
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
return bencode_end(buf);
|
|
|
|
}
|
2020-08-31 20:07:17 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
bool
|
|
|
|
IntroSet::HasExpiredIntros(llarp_time_t now) const
|
|
|
|
{
|
|
|
|
for (const auto& i : I)
|
|
|
|
if (now >= i.expiresAt)
|
|
|
|
return true;
|
|
|
|
return false;
|
|
|
|
}
|
2020-08-31 20:07:17 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
bool
|
|
|
|
IntroSet::IsExpired(llarp_time_t now) const
|
|
|
|
{
|
|
|
|
return GetNewestIntroExpiration() < now;
|
|
|
|
}
|
2019-01-11 00:12:43 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
std::vector<llarp::dns::SRVData>
|
|
|
|
IntroSet::GetMatchingSRVRecords(std::string_view service_proto) const
|
|
|
|
{
|
|
|
|
std::vector<llarp::dns::SRVData> records;
|
|
|
|
|
|
|
|
for (const auto& tuple : SRVs)
|
|
|
|
{
|
|
|
|
if (std::get<0>(tuple) == service_proto)
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
records.push_back(llarp::dns::SRVData::fromTuple(tuple));
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
return records;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
IntroSet::Verify(llarp_time_t now) const
|
|
|
|
{
|
|
|
|
std::array<byte_t, MAX_INTROSET_SIZE> tmp;
|
|
|
|
llarp_buffer_t buf(tmp);
|
|
|
|
IntroSet copy;
|
|
|
|
copy = *this;
|
|
|
|
copy.Z.Zero();
|
|
|
|
if (!copy.BEncode(&buf))
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
// rewind and resize buffer
|
|
|
|
buf.sz = buf.cur - buf.base;
|
|
|
|
buf.cur = buf.base;
|
|
|
|
if (!A.Verify(buf, Z))
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
return false;
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
// validate PoW
|
|
|
|
if (W && !W->IsValid(now))
|
2020-08-31 23:25:58 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
return false;
|
2020-08-31 23:25:58 +00:00
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
// valid timestamps
|
|
|
|
// add max clock skew
|
|
|
|
now += MAX_INTROSET_TIME_DELTA;
|
|
|
|
for (const auto& intro : I)
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
if (intro.expiresAt > now && intro.expiresAt - now > path::default_lifetime)
|
2019-01-26 12:33:34 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!W)
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
LogWarn("intro has too high expire time");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (intro.expiresAt - W->extendedLifetime > path::default_lifetime)
|
|
|
|
{
|
|
|
|
return false;
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
if (IsExpired(now))
|
2019-01-11 00:12:43 +00:00
|
|
|
{
|
2021-02-02 14:35:40 +00:00
|
|
|
LogWarn("introset expired: ", *this);
|
|
|
|
return false;
|
2019-01-11 00:12:43 +00:00
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
return true;
|
|
|
|
}
|
2019-02-24 23:46:37 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
llarp_time_t
|
|
|
|
IntroSet::GetNewestIntroExpiration() const
|
|
|
|
{
|
|
|
|
llarp_time_t t = 0s;
|
|
|
|
for (const auto& intro : I)
|
|
|
|
t = std::max(intro.expiresAt, t);
|
|
|
|
return t;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::ostream&
|
|
|
|
IntroSet::print(std::ostream& stream, int level, int spaces) const
|
|
|
|
{
|
|
|
|
Printer printer(stream, level, spaces);
|
|
|
|
printer.printAttribute("A", A);
|
|
|
|
printer.printAttribute("I", I);
|
|
|
|
printer.printAttribute("K", K);
|
2019-02-24 23:46:37 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
std::string _topic = topic.ToString();
|
2019-02-24 23:46:37 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
if (!_topic.empty())
|
|
|
|
{
|
|
|
|
printer.printAttribute("topic", _topic);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
printer.printAttribute("topic", topic);
|
|
|
|
}
|
2019-02-24 23:46:37 +00:00
|
|
|
|
2021-02-02 14:35:40 +00:00
|
|
|
printer.printAttribute("T", T.count());
|
|
|
|
if (W)
|
|
|
|
{
|
|
|
|
printer.printAttribute("W", *W);
|
2019-02-24 23:46:37 +00:00
|
|
|
}
|
2021-02-02 14:35:40 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
printer.printAttribute("W", "NULL");
|
|
|
|
}
|
|
|
|
printer.printAttribute("V", version);
|
|
|
|
printer.printAttribute("Z", Z);
|
|
|
|
|
|
|
|
return stream;
|
|
|
|
}
|
|
|
|
} // namespace llarp::service
|