diff --git a/CMakeLists.txt b/CMakeLists.txt index a829251f8..40719df43 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -114,6 +114,7 @@ endif() if(NOT DEBIAN) if(NOT ANDROID) +if(NOT RPI) if (NOT USE_AVX2) set(CRYPTO_FLAGS -march=core2 -mtune=native) set(CMAKE_ASM_FLAGS "-march=core2") @@ -123,6 +124,7 @@ set(CMAKE_ASM_FLAGS "-march=haswell -mtune=native ${CMAKE_ASM_FLAGS} $ENV{ASFLAG endif() endif() endif() +endif() if(RPI) add_definitions(-DRPI) diff --git a/docs/proto_v0.txt b/docs/proto_v0.txt index 0ec022d03..cfbae7a20 100644 --- a/docs/proto_v0.txt +++ b/docs/proto_v0.txt @@ -742,20 +742,14 @@ transfer ip traffic A: "I", S: uint64_sequence_number, V: 0, - X: "", - Y: "<16 bytes nonce>", - Z: "<64 bytes signature using previously provided signing key>" + X: "" } -X is parsed as an IP packet and the source addresss is extracted. -Next we find the corrisponding signing key for a previously granted address -and use it to validate the siganture of the entire message. If the signing key -cannot be found or the signature is invalid this message is dropped, otherwise -the X value is sent on the appropriate network interface. +X is parsed as an IP packet and the source addresss is extracted and sent on the +appropriate network interface. When we recieve an ip packet from the internet to an exit address, we put it -into a TITM, signed with the router's signing key and send it downstream the -corrisponding path in an LRDM. +into a TITM, and send it downstream the corrisponding path in an LRDM. update exit path message (UXPM) diff --git a/include/llarp/messages/transfer_traffic.hpp b/include/llarp/messages/transfer_traffic.hpp index b73906393..d0a70183f 100644 --- a/include/llarp/messages/transfer_traffic.hpp +++ b/include/llarp/messages/transfer_traffic.hpp @@ -11,11 +11,7 @@ namespace llarp constexpr size_t MaxExitMTU = 1500; struct TransferTrafficMessage final : public IMessage { - using Nonce_t = AlignedBuffer< 16 >; - std::vector< byte_t > X; - Nonce_t Y; - llarp::Signature Z; TransferTrafficMessage& operator=(const TransferTrafficMessage& other); @@ -23,12 +19,6 @@ namespace llarp bool PutBuffer(llarp_buffer_t buf); - bool - Sign(llarp_crypto* c, const llarp::SecretKey& sk); - - bool - Verify(llarp_crypto* c, const llarp::PubKey& pk) const; - bool BEncode(llarp_buffer_t* buf) const override; diff --git a/include/llarp/path.hpp b/include/llarp/path.hpp index 38040bfc0..24ac71b9c 100644 --- a/include/llarp/path.hpp +++ b/include/llarp/path.hpp @@ -317,12 +317,20 @@ namespace llarp m_LastRecvMessage = now; } + /// return true if ALL of the specified roles are supported bool - SupportsRoles(PathRole roles) const + SupportsAllRoles(PathRole roles) const { return (_role & roles) == roles; } + /// return true if ANY of the specified roles are supported + bool + SupportsAnyRoles(PathRole roles) const + { + return (_role & roles) != 0; + } + PathStatus Status() const { diff --git a/include/llarp/pathset.hpp b/include/llarp/pathset.hpp index 1b9c45841..07d25bef9 100644 --- a/include/llarp/pathset.hpp +++ b/include/llarp/pathset.hpp @@ -41,8 +41,10 @@ namespace llarp constexpr PathRole ePathRoleInboundHS = (1 << 1); /// exit traffic capable constexpr PathRole ePathRoleExit = (1 << 2); + /// service node capable + constexpr PathRole ePathRoleSVC = (1 << 3); /// dht message capable - constexpr PathRole ePathRoleDHT = (1 << 3); + constexpr PathRole ePathRoleDHT = (1 << 4); // forward declare struct Path; diff --git a/llarp/exit/endpoint.cpp b/llarp/exit/endpoint.cpp index 7b3d3e6e5..c50b81bf7 100644 --- a/llarp/exit/endpoint.cpp +++ b/llarp/exit/endpoint.cpp @@ -107,8 +107,6 @@ namespace llarp if(!msg.PutBuffer(pkt.Buffer())) return false; msg.S = path->NextSeqNo(); - if(!msg.Sign(m_Parent->Crypto(), m_Parent->Router()->identity)) - return false; if(!path->SendRoutingMessage(&msg, m_Parent->Router())) return false; m_RxRate += buf.sz; diff --git a/llarp/exit/session.cpp b/llarp/exit/session.cpp index 71fed54d7..2dd5ace1b 100644 --- a/llarp/exit/session.cpp +++ b/llarp/exit/session.cpp @@ -52,7 +52,9 @@ namespace llarp llarp::routing::ObtainExitMessage obtain; obtain.S = p->NextSeqNo(); obtain.T = llarp_randint(); + // TODO: set expiratation obtain.X = 0; + // TODO: distinguish between service node traffic obtain.E = 1; if(!obtain.Sign(&router->crypto, m_ExitIdentity)) { @@ -102,9 +104,7 @@ namespace llarp return false; llarp::routing::TransferTrafficMessage transfer; transfer.S = path->NextSeqNo(); - transfer.X.resize(pkt.sz); - memcpy(transfer.X.data(), pkt.buf, pkt.sz); - if(!transfer.Sign(&router->crypto, m_ExitIdentity)) + if(!transfer.PutBuffer(pkt.Buffer())) return false; return path->SendRoutingMessage(&transfer, router); } diff --git a/llarp/exit/transfer_traffic.cpp b/llarp/exit/transfer_traffic.cpp index 3f39c7354..2d0d2fb41 100644 --- a/llarp/exit/transfer_traffic.cpp +++ b/llarp/exit/transfer_traffic.cpp @@ -5,53 +5,15 @@ namespace llarp { namespace routing { - bool - TransferTrafficMessage::Sign(llarp_crypto* c, const llarp::SecretKey& k) - { - byte_t tmp[MaxExitMTU + 512] = {0}; - auto buf = llarp::StackBuffer< decltype(tmp) >(tmp); - // zero out sig - Z.Zero(); - // randomize nonce - Y.Randomize(); - if(!BEncode(&buf)) - return false; - // rewind buffer - buf.sz = buf.cur - buf.base; - return c->sign(Z, k, buf); - } - TransferTrafficMessage& TransferTrafficMessage::operator=(const TransferTrafficMessage& other) { - Z = other.Z; - Y = other.Y; S = other.S; version = other.version; X = other.X; return *this; } - bool - TransferTrafficMessage::Verify(llarp_crypto* c, - const llarp::PubKey& pk) const - { - byte_t tmp[MaxExitMTU + 512] = {0}; - auto buf = llarp::StackBuffer< decltype(tmp) >(tmp); - // make copy - TransferTrafficMessage copy; - copy = *this; - // zero copy's sig - copy.Z.Zero(); - // encode - if(!copy.BEncode(&buf)) - return false; - // rewind buffer - buf.sz = buf.cur - buf.base; - // verify signature - return c->verify(pk, buf, Z); - } - bool TransferTrafficMessage::PutBuffer(llarp_buffer_t buf) { @@ -78,10 +40,6 @@ namespace llarp return false; if(!bencode_write_bytestring(buf, X.data(), X.size())) return false; - if(!BEncodeWriteDictEntry("Y", Y, buf)) - return false; - if(!BEncodeWriteDictEntry("Z", Z, buf)) - return false; return bencode_end(buf); } @@ -89,10 +47,6 @@ namespace llarp TransferTrafficMessage::DecodeKey(llarp_buffer_t key, llarp_buffer_t* buf) { bool read = false; - if(!BEncodeMaybeReadDictEntry("Z", Z, read, key, buf)) - return false; - if(!BEncodeMaybeReadDictEntry("Y", Y, read, key, buf)) - return false; if(!BEncodeMaybeReadDictInt("S", S, read, key, buf)) return false; if(!BEncodeMaybeReadDictInt("V", version, read, key, buf)) diff --git a/llarp/path.cpp b/llarp/path.cpp index 1dca0e5a7..43e34acf4 100644 --- a/llarp/path.cpp +++ b/llarp/path.cpp @@ -447,12 +447,12 @@ namespace llarp // check to see if this path is dead if(_status == ePathEstablished) { - if(SupportsRoles(ePathRoleExit)) + if(SupportsAnyRoles(ePathRoleExit | ePathRoleSVC)) { if(m_LastRecvMessage && now > m_LastRecvMessage && now - m_LastRecvMessage > PATH_ALIVE_TIMEOUT) { - // TODO: send close message + // TODO: send close exit message // r->routerProfiling.MarkPathFail(this); // EnterState(ePathTimeout, now); return; @@ -693,7 +693,7 @@ namespace llarp llarp_router* r) { /// allows exits to close from their end - if(SupportsRoles(ePathRoleExit)) + if(SupportsAnyRoles(ePathRoleExit | ePathRoleSVC)) { if(msg->Verify(&r->crypto, Endpoint())) { @@ -793,14 +793,8 @@ namespace llarp const llarp::routing::TransferTrafficMessage* msg, llarp_router* r) { // check if we can handle exit data - if(!SupportsRoles(ePathRoleExit)) + if(!SupportsAnyRoles(ePathRoleExit | ePathRoleSVC)) return false; - // verify sig - if(!msg->Verify(&r->crypto, Endpoint())) - { - llarp::LogError(Name(), " bad signature on inbound traffic"); - return false; - } MarkActive(r->Now()); // handle traffic if we have a handler return m_ExitTrafficHandler diff --git a/llarp/pathset.cpp b/llarp/pathset.cpp index a38e218a4..8165025e3 100644 --- a/llarp/pathset.cpp +++ b/llarp/pathset.cpp @@ -25,7 +25,7 @@ namespace llarp size_t has = 0; for(const auto& item : m_Paths) { - if(item.second->SupportsRoles(roles)) + if(item.second->SupportsAnyRoles(roles)) { if(!item.second->ExpiresSoon(now)) ++has; @@ -79,7 +79,7 @@ namespace llarp { if(!item.second->IsReady()) continue; - if(!item.second->SupportsRoles(roles)) + if(!item.second->SupportsAnyRoles(roles)) continue; AlignedBuffer< 32 > localDist = item.second->Endpoint() ^ id; if(localDist < dist) @@ -98,7 +98,7 @@ namespace llarp auto itr = m_Paths.begin(); while(itr != m_Paths.end()) { - if(itr->second->IsReady() && itr->second->SupportsRoles(roles)) + if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles)) { if(itr->second->Endpoint() == id) { @@ -120,7 +120,7 @@ namespace llarp auto itr = m_Paths.begin(); while(itr != m_Paths.end()) { - if(itr->second->IsReady() && itr->second->SupportsRoles(roles)) + if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles)) { if(itr->second->Endpoint() == id) { @@ -156,7 +156,7 @@ namespace llarp while(itr != m_Paths.end()) { if(itr->second->Status() == ePathEstablished - && itr->second->SupportsRoles(roles)) + && itr->second->SupportsAnyRoles(roles)) ++count; ++itr; } @@ -279,7 +279,7 @@ namespace llarp auto itr = m_Paths.begin(); while(itr != m_Paths.end()) { - if(itr->second->IsReady() && itr->second->SupportsRoles(roles)) + if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles)) established.push_back(itr->second); ++itr; } diff --git a/llarp/router.cpp b/llarp/router.cpp index f54eb6e16..f083aec81 100644 --- a/llarp/router.cpp +++ b/llarp/router.cpp @@ -594,7 +594,7 @@ llarp_router::GetLinkWithSessionByPubkey(const llarp::RouterID &pubkey) } void -llarp_router::FlushOutboundFor(const llarp::RouterID &remote, +llarp_router::FlushOutboundFor(const llarp::RouterID remote, llarp::ILinkLayer *chosen) { llarp::LogDebug("Flush outbound for ", remote); diff --git a/llarp/router.hpp b/llarp/router.hpp index c73460c99..18820a778 100644 --- a/llarp/router.hpp +++ b/llarp/router.hpp @@ -249,7 +249,7 @@ struct llarp_router /// manually flush outbound message queue for just 1 router void - FlushOutboundFor(const llarp::RouterID &remote, + FlushOutboundFor(const llarp::RouterID remote, llarp::ILinkLayer *chosen = nullptr); /// manually discard all pending messages to remote router diff --git a/llarp/transit_hop.cpp b/llarp/transit_hop.cpp index 3fb0f1357..4156637dd 100644 --- a/llarp/transit_hop.cpp +++ b/llarp/transit_hop.cpp @@ -257,18 +257,10 @@ namespace llarp auto endpoint = r->exitContext.FindEndpointForPath(info.rxID); if(endpoint) { - if(msg->Verify(&r->crypto, endpoint->PubKey())) - { - if(endpoint->SendOutboundTraffic(llarp::ConstBuffer(msg->X))) - return true; - else - llarp::LogError("failed to send outbound traffic for exit on ", - info); - } + if(endpoint->SendOutboundTraffic(llarp::ConstBuffer(msg->X))) + return true; else - { - llarp::LogError("bad signature on exit traffic on ", info); - } + llarp::LogError("failed to send outbound traffic for exit on ", info); } else llarp::LogError("No exit endpoint on ", info); diff --git a/lokinet-bootstrap b/lokinet-bootstrap old mode 100644 new mode 100755 index 701608ae9..b92856a25 --- a/lokinet-bootstrap +++ b/lokinet-bootstrap @@ -4,4 +4,7 @@ if [ "X$1" = "X" ] ; then url="https://i2p.rocks/i2procks.signed" ; else url="$1" ; fi echo "downloading $url" -wget -O $HOME/.lokinet/bootstrap.signed "$url" || echo "failed to download bootstrap from $url" \ No newline at end of file +if [ ! -d $HOME/.lokinet/]; then + mkdir $HOME/.lokinet +fi +wget -O $HOME/.lokinet/bootstrap.signed "$url" || echo "failed to download bootstrap from $url" diff --git a/test/traffic_transfer_unittest.cpp b/test/traffic_transfer_unittest.cpp index a1e89c77f..6556650dc 100644 --- a/test/traffic_transfer_unittest.cpp +++ b/test/traffic_transfer_unittest.cpp @@ -5,35 +5,6 @@ using TransferTrafficMessage = llarp::routing::TransferTrafficMessage; class TransferTrafficTest : public ::testing::Test { - public: - llarp_crypto crypto; - llarp::SecretKey alice; - - TransferTrafficTest() - { - llarp_crypto_init(&crypto); - } - - ~TransferTrafficTest() - { - } - - void - SetUp() - { - crypto.identity_keygen(alice); - } -}; - -TEST_F(TransferTrafficTest, TestSignVerify) -{ - TransferTrafficMessage msg; - msg.X.resize(1024); - msg.S = 100; - crypto.randbytes(msg.X.data(), 1024); - ASSERT_TRUE(msg.Sign(&crypto, alice)); - ASSERT_FALSE(msg.Z.IsZero()); - ASSERT_TRUE(msg.Verify(&crypto, llarp::seckey_topublic(alice))); }; TEST_F(TransferTrafficTest, TestPutBufferOverflow)