#include #include #include #include #include "buffer.hpp" #include "router.hpp" namespace llarp { template < typename User > struct AsyncPathKeyExchangeContext { typedef llarp::path::Path Path_t; typedef llarp::path::PathSet PathSet_t; PathSet_t* pathset = nullptr; Path_t* path = nullptr; typedef std::function< void(AsyncPathKeyExchangeContext< User >*) > Handler; User* user = nullptr; Handler result; size_t idx = 0; llarp_threadpool* worker = nullptr; llarp_logic* logic = nullptr; llarp_crypto* crypto = nullptr; LR_CommitMessage LRCM; static void HandleDone(void* u) { AsyncPathKeyExchangeContext< User >* ctx = static_cast< AsyncPathKeyExchangeContext< User >* >(u); ctx->result(ctx); delete ctx; } static void GenerateNextKey(void* u) { AsyncPathKeyExchangeContext< User >* ctx = static_cast< AsyncPathKeyExchangeContext< User >* >(u); // current hop auto& hop = ctx->path->hops[ctx->idx]; auto& frame = ctx->LRCM.frames[ctx->idx]; // generate key ctx->crypto->encryption_keygen(hop.commkey); hop.nonce.Randomize(); // do key exchange if(!ctx->crypto->dh_client(hop.shared, hop.rc.enckey, hop.commkey, hop.nonce)) { llarp::LogError("Failed to generate shared key for path build"); delete ctx; return; } // generate nonceXOR valueself->hop->pathKey ctx->crypto->shorthash(hop.nonceXOR, llarp::Buffer(hop.shared)); ++ctx->idx; bool isFarthestHop = ctx->idx == ctx->path->hops.size(); if(isFarthestHop) { hop.upstream = hop.rc.pubkey; } else { hop.upstream = ctx->path->hops[ctx->idx].rc.pubkey; } // build record LR_CommitRecord record; record.version = LLARP_PROTO_VERSION; record.txid = hop.txID; record.rxid = hop.rxID; record.tunnelNonce = hop.nonce; record.nextHop = hop.upstream; record.commkey = llarp::seckey_topublic(hop.commkey); auto buf = frame.Buffer(); buf->cur = buf->base + EncryptedFrame::OverheadSize; // encode record if(!record.BEncode(buf)) { // failed to encode? llarp::LogError("Failed to generate Commit Record"); delete ctx; return; } // use ephameral keypair for frame SecretKey framekey; ctx->crypto->encryption_keygen(framekey); if(!frame.EncryptInPlace(framekey, hop.rc.enckey, ctx->crypto)) { llarp::LogError("Failed to encrypt LRCR"); delete ctx; return; } if(isFarthestHop) { // farthest hop llarp_logic_queue_job(ctx->logic, {ctx, &HandleDone}); } else { // next hop llarp_threadpool_queue_job(ctx->worker, {ctx, &GenerateNextKey}); } } AsyncPathKeyExchangeContext(llarp_crypto* c) : crypto(c) { } /// Generate all keys asynchronously and call hadler when done void AsyncGenerateKeys(Path_t* p, llarp_logic* l, llarp_threadpool* pool, User* u, Handler func) { path = p; logic = l; user = u; result = func; worker = pool; for(size_t idx = 0; idx < MAXHOPS; ++idx) { LRCM.frames[idx].Randomize(); } llarp_threadpool_queue_job(pool, {this, &GenerateNextKey}); } }; void pathbuilder_generated_keys(AsyncPathKeyExchangeContext< path::Builder >* ctx) { RouterID remote = ctx->path->Upstream(); auto router = ctx->user->router; if(!router) { llarp::LogError("null router"); return; } const ILinkMessage* msg = &ctx->LRCM; if(!router->SendToOrQueue(remote, msg)) { llarp::LogError("failed to send LRCM"); return; } // persist session with router until this path is done router->PersistSessionUntil(remote, ctx->path->ExpireTime()); // add own path router->paths.AddOwnPath(ctx->pathset, ctx->path); } namespace path { Builder::Builder(llarp_router* p_router, struct llarp_dht_context* p_dht, size_t pathNum, size_t hops) : llarp::path::PathSet(pathNum) , router(p_router) , dht(p_dht) , numHops(hops) { p_router->paths.AddPathBuilder(this); p_router->crypto.encryption_keygen(enckey); } Builder::~Builder() { router->paths.RemovePathBuilder(this); } bool Builder::SelectHop(llarp_nodedb* db, const RouterContact& prev, RouterContact& cur, size_t hop) { if(hop == 0 && router->NumberOfConnectedRouters()) return router->GetRandomConnectedRouter(cur); size_t tries = 5; do { --tries; llarp_nodedb_select_random_hop(db, prev, cur, hop); } while(router->routerProfiling.IsBad(cur.pubkey) && tries > 0); return !router->routerProfiling.IsBad(cur.pubkey); } const byte_t* Builder::GetTunnelEncryptionSecretKey() const { return enckey; } bool Builder::ShouldBuildMore(llarp_time_t now) const { return llarp::path::PathSet::ShouldBuildMore(now) && now > lastBuild && now - lastBuild > buildIntervalLimit; } void Builder::BuildOne() { std::vector< RouterContact > hops; if(SelectHops(router->nodedb, hops)) Build(hops); } bool Builder::SelectHops(llarp_nodedb* nodedb, std::vector< RouterContact >& hops) { hops.resize(numHops); size_t idx = 0; while(idx < numHops) { if(idx == 0) { if(!SelectHop(nodedb, hops[0], hops[0], 0)) { llarp::LogError("failed to select first hop"); return false; } } else { if(!SelectHop(nodedb, hops[idx - 1], hops[idx], idx)) { /// TODO: handle this failure properly llarp::LogWarn("Failed to select hop ", idx); return false; } } ++idx; } return true; } llarp_time_t Builder::Now() const { return router->Now(); } void Builder::Build(const std::vector< RouterContact >& hops) { lastBuild = Now(); // async generate keys AsyncPathKeyExchangeContext< Builder >* ctx = new AsyncPathKeyExchangeContext< Builder >(&router->crypto); ctx->pathset = this; auto path = new llarp::path::Path(hops, this); path->SetBuildResultHook(std::bind(&llarp::path::Builder::HandlePathBuilt, this, std::placeholders::_1)); ctx->AsyncGenerateKeys(path, router->logic, router->tp, this, &pathbuilder_generated_keys); } void Builder::HandlePathBuilt(Path* p) { buildIntervalLimit = MIN_PATH_BUILD_INTERVAL; PathSet::HandlePathBuilt(p); } void Builder::HandlePathBuildTimeout(Path* p) { // linear backoff buildIntervalLimit += 1000; PathSet::HandlePathBuildTimeout(p); } void Builder::ManualRebuild(size_t num) { llarp::LogDebug("manual rebuild ", num); while(num--) BuildOne(); } } // namespace path } // namespace llarp