mirror of
https://github.com/oxen-io/lokinet.git
synced 2024-11-19 09:25:28 +00:00
Merge branch 'master' of https://github.com/neuroscr/loki-network
This commit is contained in:
Ryan Tharp
commit
43e3bede6a
@ -114,6 +114,7 @@ endif()
|
||||
|
||||
if(NOT DEBIAN)
|
||||
if(NOT ANDROID)
|
||||
if(NOT RPI)
|
||||
if (NOT USE_AVX2)
|
||||
set(CRYPTO_FLAGS -march=core2 -mtune=native)
|
||||
set(CMAKE_ASM_FLAGS "-march=core2")
|
||||
@ -123,6 +124,7 @@ set(CMAKE_ASM_FLAGS "-march=haswell -mtune=native ${CMAKE_ASM_FLAGS} $ENV{ASFLAG
|
||||
endif()
|
||||
endif()
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(RPI)
|
||||
add_definitions(-DRPI)
|
||||
|
||||
@ -742,20 +742,14 @@ transfer ip traffic
|
||||
A: "I",
|
||||
S: uint64_sequence_number,
|
||||
V: 0,
|
||||
X: "<N bytes ip packet>",
|
||||
Y: "<16 bytes nonce>",
|
||||
Z: "<64 bytes signature using previously provided signing key>"
|
||||
X: "<N bytes ip packet>"
|
||||
}
|
||||
|
||||
X is parsed as an IP packet and the source addresss is extracted.
|
||||
Next we find the corrisponding signing key for a previously granted address
|
||||
and use it to validate the siganture of the entire message. If the signing key
|
||||
cannot be found or the signature is invalid this message is dropped, otherwise
|
||||
the X value is sent on the appropriate network interface.
|
||||
X is parsed as an IP packet and the source addresss is extracted and sent on the
|
||||
appropriate network interface.
|
||||
|
||||
When we recieve an ip packet from the internet to an exit address, we put it
|
||||
into a TITM, signed with the router's signing key and send it downstream the
|
||||
corrisponding path in an LRDM.
|
||||
into a TITM, and send it downstream the corrisponding path in an LRDM.
|
||||
|
||||
update exit path message (UXPM)
|
||||
|
||||
|
||||
@ -11,11 +11,7 @@ namespace llarp
|
||||
constexpr size_t MaxExitMTU = 1500;
|
||||
struct TransferTrafficMessage final : public IMessage
|
||||
{
|
||||
using Nonce_t = AlignedBuffer< 16 >;
|
||||
|
||||
std::vector< byte_t > X;
|
||||
Nonce_t Y;
|
||||
llarp::Signature Z;
|
||||
|
||||
TransferTrafficMessage&
|
||||
operator=(const TransferTrafficMessage& other);
|
||||
@ -23,12 +19,6 @@ namespace llarp
|
||||
bool
|
||||
PutBuffer(llarp_buffer_t buf);
|
||||
|
||||
bool
|
||||
Sign(llarp_crypto* c, const llarp::SecretKey& sk);
|
||||
|
||||
bool
|
||||
Verify(llarp_crypto* c, const llarp::PubKey& pk) const;
|
||||
|
||||
bool
|
||||
BEncode(llarp_buffer_t* buf) const override;
|
||||
|
||||
|
||||
@ -317,12 +317,20 @@ namespace llarp
|
||||
m_LastRecvMessage = now;
|
||||
}
|
||||
|
||||
/// return true if ALL of the specified roles are supported
|
||||
bool
|
||||
SupportsRoles(PathRole roles) const
|
||||
SupportsAllRoles(PathRole roles) const
|
||||
{
|
||||
return (_role & roles) == roles;
|
||||
}
|
||||
|
||||
/// return true if ANY of the specified roles are supported
|
||||
bool
|
||||
SupportsAnyRoles(PathRole roles) const
|
||||
{
|
||||
return (_role & roles) != 0;
|
||||
}
|
||||
|
||||
PathStatus
|
||||
Status() const
|
||||
{
|
||||
|
||||
@ -41,8 +41,10 @@ namespace llarp
|
||||
constexpr PathRole ePathRoleInboundHS = (1 << 1);
|
||||
/// exit traffic capable
|
||||
constexpr PathRole ePathRoleExit = (1 << 2);
|
||||
/// service node capable
|
||||
constexpr PathRole ePathRoleSVC = (1 << 3);
|
||||
/// dht message capable
|
||||
constexpr PathRole ePathRoleDHT = (1 << 3);
|
||||
constexpr PathRole ePathRoleDHT = (1 << 4);
|
||||
|
||||
// forward declare
|
||||
struct Path;
|
||||
|
||||
@ -107,8 +107,6 @@ namespace llarp
|
||||
if(!msg.PutBuffer(pkt.Buffer()))
|
||||
return false;
|
||||
msg.S = path->NextSeqNo();
|
||||
if(!msg.Sign(m_Parent->Crypto(), m_Parent->Router()->identity))
|
||||
return false;
|
||||
if(!path->SendRoutingMessage(&msg, m_Parent->Router()))
|
||||
return false;
|
||||
m_RxRate += buf.sz;
|
||||
|
||||
@ -52,7 +52,9 @@ namespace llarp
|
||||
llarp::routing::ObtainExitMessage obtain;
|
||||
obtain.S = p->NextSeqNo();
|
||||
obtain.T = llarp_randint();
|
||||
// TODO: set expiratation
|
||||
obtain.X = 0;
|
||||
// TODO: distinguish between service node traffic
|
||||
obtain.E = 1;
|
||||
if(!obtain.Sign(&router->crypto, m_ExitIdentity))
|
||||
{
|
||||
@ -102,9 +104,7 @@ namespace llarp
|
||||
return false;
|
||||
llarp::routing::TransferTrafficMessage transfer;
|
||||
transfer.S = path->NextSeqNo();
|
||||
transfer.X.resize(pkt.sz);
|
||||
memcpy(transfer.X.data(), pkt.buf, pkt.sz);
|
||||
if(!transfer.Sign(&router->crypto, m_ExitIdentity))
|
||||
if(!transfer.PutBuffer(pkt.Buffer()))
|
||||
return false;
|
||||
return path->SendRoutingMessage(&transfer, router);
|
||||
}
|
||||
|
||||
@ -5,53 +5,15 @@ namespace llarp
|
||||
{
|
||||
namespace routing
|
||||
{
|
||||
bool
|
||||
TransferTrafficMessage::Sign(llarp_crypto* c, const llarp::SecretKey& k)
|
||||
{
|
||||
byte_t tmp[MaxExitMTU + 512] = {0};
|
||||
auto buf = llarp::StackBuffer< decltype(tmp) >(tmp);
|
||||
// zero out sig
|
||||
Z.Zero();
|
||||
// randomize nonce
|
||||
Y.Randomize();
|
||||
if(!BEncode(&buf))
|
||||
return false;
|
||||
// rewind buffer
|
||||
buf.sz = buf.cur - buf.base;
|
||||
return c->sign(Z, k, buf);
|
||||
}
|
||||
|
||||
TransferTrafficMessage&
|
||||
TransferTrafficMessage::operator=(const TransferTrafficMessage& other)
|
||||
{
|
||||
Z = other.Z;
|
||||
Y = other.Y;
|
||||
S = other.S;
|
||||
version = other.version;
|
||||
X = other.X;
|
||||
return *this;
|
||||
}
|
||||
|
||||
bool
|
||||
TransferTrafficMessage::Verify(llarp_crypto* c,
|
||||
const llarp::PubKey& pk) const
|
||||
{
|
||||
byte_t tmp[MaxExitMTU + 512] = {0};
|
||||
auto buf = llarp::StackBuffer< decltype(tmp) >(tmp);
|
||||
// make copy
|
||||
TransferTrafficMessage copy;
|
||||
copy = *this;
|
||||
// zero copy's sig
|
||||
copy.Z.Zero();
|
||||
// encode
|
||||
if(!copy.BEncode(&buf))
|
||||
return false;
|
||||
// rewind buffer
|
||||
buf.sz = buf.cur - buf.base;
|
||||
// verify signature
|
||||
return c->verify(pk, buf, Z);
|
||||
}
|
||||
|
||||
bool
|
||||
TransferTrafficMessage::PutBuffer(llarp_buffer_t buf)
|
||||
{
|
||||
@ -78,10 +40,6 @@ namespace llarp
|
||||
return false;
|
||||
if(!bencode_write_bytestring(buf, X.data(), X.size()))
|
||||
return false;
|
||||
if(!BEncodeWriteDictEntry("Y", Y, buf))
|
||||
return false;
|
||||
if(!BEncodeWriteDictEntry("Z", Z, buf))
|
||||
return false;
|
||||
return bencode_end(buf);
|
||||
}
|
||||
|
||||
@ -89,10 +47,6 @@ namespace llarp
|
||||
TransferTrafficMessage::DecodeKey(llarp_buffer_t key, llarp_buffer_t* buf)
|
||||
{
|
||||
bool read = false;
|
||||
if(!BEncodeMaybeReadDictEntry("Z", Z, read, key, buf))
|
||||
return false;
|
||||
if(!BEncodeMaybeReadDictEntry("Y", Y, read, key, buf))
|
||||
return false;
|
||||
if(!BEncodeMaybeReadDictInt("S", S, read, key, buf))
|
||||
return false;
|
||||
if(!BEncodeMaybeReadDictInt("V", version, read, key, buf))
|
||||
|
||||
@ -447,12 +447,12 @@ namespace llarp
|
||||
// check to see if this path is dead
|
||||
if(_status == ePathEstablished)
|
||||
{
|
||||
if(SupportsRoles(ePathRoleExit))
|
||||
if(SupportsAnyRoles(ePathRoleExit | ePathRoleSVC))
|
||||
{
|
||||
if(m_LastRecvMessage && now > m_LastRecvMessage
|
||||
&& now - m_LastRecvMessage > PATH_ALIVE_TIMEOUT)
|
||||
{
|
||||
// TODO: send close message
|
||||
// TODO: send close exit message
|
||||
// r->routerProfiling.MarkPathFail(this);
|
||||
// EnterState(ePathTimeout, now);
|
||||
return;
|
||||
@ -693,7 +693,7 @@ namespace llarp
|
||||
llarp_router* r)
|
||||
{
|
||||
/// allows exits to close from their end
|
||||
if(SupportsRoles(ePathRoleExit))
|
||||
if(SupportsAnyRoles(ePathRoleExit | ePathRoleSVC))
|
||||
{
|
||||
if(msg->Verify(&r->crypto, Endpoint()))
|
||||
{
|
||||
@ -793,14 +793,8 @@ namespace llarp
|
||||
const llarp::routing::TransferTrafficMessage* msg, llarp_router* r)
|
||||
{
|
||||
// check if we can handle exit data
|
||||
if(!SupportsRoles(ePathRoleExit))
|
||||
if(!SupportsAnyRoles(ePathRoleExit | ePathRoleSVC))
|
||||
return false;
|
||||
// verify sig
|
||||
if(!msg->Verify(&r->crypto, Endpoint()))
|
||||
{
|
||||
llarp::LogError(Name(), " bad signature on inbound traffic");
|
||||
return false;
|
||||
}
|
||||
MarkActive(r->Now());
|
||||
// handle traffic if we have a handler
|
||||
return m_ExitTrafficHandler
|
||||
|
||||
@ -25,7 +25,7 @@ namespace llarp
|
||||
size_t has = 0;
|
||||
for(const auto& item : m_Paths)
|
||||
{
|
||||
if(item.second->SupportsRoles(roles))
|
||||
if(item.second->SupportsAnyRoles(roles))
|
||||
{
|
||||
if(!item.second->ExpiresSoon(now))
|
||||
++has;
|
||||
@ -79,7 +79,7 @@ namespace llarp
|
||||
{
|
||||
if(!item.second->IsReady())
|
||||
continue;
|
||||
if(!item.second->SupportsRoles(roles))
|
||||
if(!item.second->SupportsAnyRoles(roles))
|
||||
continue;
|
||||
AlignedBuffer< 32 > localDist = item.second->Endpoint() ^ id;
|
||||
if(localDist < dist)
|
||||
@ -98,7 +98,7 @@ namespace llarp
|
||||
auto itr = m_Paths.begin();
|
||||
while(itr != m_Paths.end())
|
||||
{
|
||||
if(itr->second->IsReady() && itr->second->SupportsRoles(roles))
|
||||
if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles))
|
||||
{
|
||||
if(itr->second->Endpoint() == id)
|
||||
{
|
||||
@ -120,7 +120,7 @@ namespace llarp
|
||||
auto itr = m_Paths.begin();
|
||||
while(itr != m_Paths.end())
|
||||
{
|
||||
if(itr->second->IsReady() && itr->second->SupportsRoles(roles))
|
||||
if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles))
|
||||
{
|
||||
if(itr->second->Endpoint() == id)
|
||||
{
|
||||
@ -156,7 +156,7 @@ namespace llarp
|
||||
while(itr != m_Paths.end())
|
||||
{
|
||||
if(itr->second->Status() == ePathEstablished
|
||||
&& itr->second->SupportsRoles(roles))
|
||||
&& itr->second->SupportsAnyRoles(roles))
|
||||
++count;
|
||||
++itr;
|
||||
}
|
||||
@ -279,7 +279,7 @@ namespace llarp
|
||||
auto itr = m_Paths.begin();
|
||||
while(itr != m_Paths.end())
|
||||
{
|
||||
if(itr->second->IsReady() && itr->second->SupportsRoles(roles))
|
||||
if(itr->second->IsReady() && itr->second->SupportsAnyRoles(roles))
|
||||
established.push_back(itr->second);
|
||||
++itr;
|
||||
}
|
||||
|
||||
@ -594,7 +594,7 @@ llarp_router::GetLinkWithSessionByPubkey(const llarp::RouterID &pubkey)
|
||||
}
|
||||
|
||||
void
|
||||
llarp_router::FlushOutboundFor(const llarp::RouterID &remote,
|
||||
llarp_router::FlushOutboundFor(const llarp::RouterID remote,
|
||||
llarp::ILinkLayer *chosen)
|
||||
{
|
||||
llarp::LogDebug("Flush outbound for ", remote);
|
||||
|
||||
@ -249,7 +249,7 @@ struct llarp_router
|
||||
|
||||
/// manually flush outbound message queue for just 1 router
|
||||
void
|
||||
FlushOutboundFor(const llarp::RouterID &remote,
|
||||
FlushOutboundFor(const llarp::RouterID remote,
|
||||
llarp::ILinkLayer *chosen = nullptr);
|
||||
|
||||
/// manually discard all pending messages to remote router
|
||||
|
||||
@ -257,18 +257,10 @@ namespace llarp
|
||||
auto endpoint = r->exitContext.FindEndpointForPath(info.rxID);
|
||||
if(endpoint)
|
||||
{
|
||||
if(msg->Verify(&r->crypto, endpoint->PubKey()))
|
||||
{
|
||||
if(endpoint->SendOutboundTraffic(llarp::ConstBuffer(msg->X)))
|
||||
return true;
|
||||
else
|
||||
llarp::LogError("failed to send outbound traffic for exit on ",
|
||||
info);
|
||||
}
|
||||
if(endpoint->SendOutboundTraffic(llarp::ConstBuffer(msg->X)))
|
||||
return true;
|
||||
else
|
||||
{
|
||||
llarp::LogError("bad signature on exit traffic on ", info);
|
||||
}
|
||||
llarp::LogError("failed to send outbound traffic for exit on ", info);
|
||||
}
|
||||
else
|
||||
llarp::LogError("No exit endpoint on ", info);
|
||||
|
||||
3
lokinet-bootstrap
Normal file → Executable file
3
lokinet-bootstrap
Normal file → Executable file
@ -4,4 +4,7 @@
|
||||
|
||||
if [ "X$1" = "X" ] ; then url="https://i2p.rocks/i2procks.signed" ; else url="$1" ; fi
|
||||
echo "downloading $url"
|
||||
if [ ! -d $HOME/.lokinet/]; then
|
||||
mkdir $HOME/.lokinet
|
||||
fi
|
||||
wget -O $HOME/.lokinet/bootstrap.signed "$url" || echo "failed to download bootstrap from $url"
|
||||
@ -5,35 +5,6 @@ using TransferTrafficMessage = llarp::routing::TransferTrafficMessage;
|
||||
|
||||
class TransferTrafficTest : public ::testing::Test
|
||||
{
|
||||
public:
|
||||
llarp_crypto crypto;
|
||||
llarp::SecretKey alice;
|
||||
|
||||
TransferTrafficTest()
|
||||
{
|
||||
llarp_crypto_init(&crypto);
|
||||
}
|
||||
|
||||
~TransferTrafficTest()
|
||||
{
|
||||
}
|
||||
|
||||
void
|
||||
SetUp()
|
||||
{
|
||||
crypto.identity_keygen(alice);
|
||||
}
|
||||
};
|
||||
|
||||
TEST_F(TransferTrafficTest, TestSignVerify)
|
||||
{
|
||||
TransferTrafficMessage msg;
|
||||
msg.X.resize(1024);
|
||||
msg.S = 100;
|
||||
crypto.randbytes(msg.X.data(), 1024);
|
||||
ASSERT_TRUE(msg.Sign(&crypto, alice));
|
||||
ASSERT_FALSE(msg.Z.IsZero());
|
||||
ASSERT_TRUE(msg.Verify(&crypto, llarp::seckey_topublic(alice)));
|
||||
};
|
||||
|
||||
TEST_F(TransferTrafficTest, TestPutBufferOverflow)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user