mirror of
https://github.com/oxen-io/lokinet.git
synced 2024-11-15 12:13:24 +00:00
657214992b
Lots of code was using 32-byte nonces for xchacha20 symmetric encryption, but this just means 8 extra bytes per packet wasted as chacha is only using the first 24 bytes of that nonce anyway. Changing this resulted in a lot of dead/dying code breaking, so this commit also removes a lot of that (and comments a couple places with TODO instead) Also nounce -> nonce where it came up.
225 lines
5.3 KiB
C++
225 lines
5.3 KiB
C++
#pragma once
|
|
|
|
#include "info.hpp"
|
|
#include "intro.hpp"
|
|
#include "protocol_type.hpp"
|
|
#include "tag.hpp"
|
|
|
|
#include <llarp/crypto/types.hpp>
|
|
#include <llarp/dns/srv_data.hpp>
|
|
#include <llarp/net/ip_range.hpp>
|
|
#include <llarp/net/traffic_policy.hpp>
|
|
#include <llarp/util/bencode.hpp>
|
|
#include <llarp/util/status.hpp>
|
|
#include <llarp/util/time.hpp>
|
|
|
|
#include <algorithm>
|
|
#include <functional>
|
|
#include <iostream>
|
|
#include <optional>
|
|
#include <vector>
|
|
|
|
namespace llarp::service
|
|
{
|
|
constexpr std::size_t MAX_INTROSET_SIZE = 4096;
|
|
// 10 seconds clock skew permitted for introset expiration
|
|
constexpr llarp_time_t MAX_INTROSET_TIME_DELTA = 10s;
|
|
|
|
struct IntroSet
|
|
{
|
|
ServiceInfo address_keys;
|
|
std::vector<Introduction> intros;
|
|
PQPubKey sntru_pubkey;
|
|
Tag topic;
|
|
std::vector<llarp::dns::SRVTuple> SRVs;
|
|
llarp_time_t time_signed = 0s;
|
|
|
|
IntroSet() = default;
|
|
|
|
explicit IntroSet(std::string bt_payload);
|
|
|
|
/// ethertypes we advertise that we speak
|
|
std::vector<ProtocolType> supported_protocols;
|
|
/// aonnuce that these ranges are reachable via our endpoint
|
|
/// only set when we support exit traffic ethertype is supported
|
|
std::set<IPRange> owned_ranges;
|
|
|
|
/// policies about traffic that we are willing to carry
|
|
/// a protocol/range whitelist or blacklist
|
|
/// only set when we support exit traffic ethertype
|
|
std::optional<net::TrafficPolicy> exit_policy;
|
|
|
|
Signature signature;
|
|
uint64_t version = llarp::constants::proto_version;
|
|
|
|
bool
|
|
OtherIsNewer(const IntroSet& other) const
|
|
{
|
|
return time_signed < other.time_signed;
|
|
}
|
|
|
|
std::string
|
|
ToString() const;
|
|
|
|
llarp_time_t
|
|
GetNewestIntroExpiration() const;
|
|
|
|
bool
|
|
GetNewestIntro(Introduction& intro) const;
|
|
|
|
bool
|
|
HasExpiredIntros(llarp_time_t now) const;
|
|
|
|
/// return true if any of our intros expires soon given a delta
|
|
bool
|
|
HasStaleIntros(llarp_time_t now, llarp_time_t delta) const;
|
|
|
|
bool
|
|
IsExpired(llarp_time_t now) const;
|
|
|
|
std::vector<llarp::dns::SRVData>
|
|
GetMatchingSRVRecords(std::string_view service_proto) const;
|
|
|
|
std::string
|
|
bt_encode() const;
|
|
|
|
bool
|
|
BDecode(llarp_buffer_t* buf)
|
|
{
|
|
return bencode_decode_dict(*this, buf);
|
|
}
|
|
|
|
bool
|
|
decode_key(const llarp_buffer_t& key, llarp_buffer_t* buf);
|
|
|
|
bool
|
|
verify(llarp_time_t now) const;
|
|
|
|
util::StatusObject
|
|
ExtractStatus() const;
|
|
};
|
|
|
|
inline bool
|
|
operator<(const IntroSet& lhs, const IntroSet& rhs)
|
|
{
|
|
return lhs.address_keys < rhs.address_keys;
|
|
}
|
|
|
|
inline bool
|
|
operator==(const IntroSet& lhs, const IntroSet& rhs)
|
|
{
|
|
return std::tie(
|
|
lhs.address_keys,
|
|
lhs.intros,
|
|
lhs.sntru_pubkey,
|
|
lhs.time_signed,
|
|
lhs.version,
|
|
lhs.topic,
|
|
lhs.signature)
|
|
== std::tie(
|
|
rhs.address_keys,
|
|
rhs.intros,
|
|
rhs.sntru_pubkey,
|
|
rhs.time_signed,
|
|
rhs.version,
|
|
rhs.topic,
|
|
rhs.signature);
|
|
}
|
|
|
|
inline bool
|
|
operator!=(const IntroSet& lhs, const IntroSet& rhs)
|
|
{
|
|
return !(lhs == rhs);
|
|
}
|
|
|
|
/// public version of the introset that is encrypted
|
|
struct EncryptedIntroSet
|
|
{
|
|
PubKey derivedSigningKey;
|
|
llarp_time_t signedAt = 0s;
|
|
ustring introsetPayload;
|
|
SymmNonce nonce;
|
|
std::optional<Tag> topic;
|
|
Signature sig;
|
|
|
|
EncryptedIntroSet() = default;
|
|
|
|
explicit EncryptedIntroSet(
|
|
std::string signing_key,
|
|
std::chrono::milliseconds signed_at,
|
|
std::string enc_payload,
|
|
std::string nonce,
|
|
std::string sig);
|
|
|
|
explicit EncryptedIntroSet(std::string bt_payload);
|
|
|
|
bool
|
|
Sign(const PrivateKey& k);
|
|
|
|
bool
|
|
IsExpired(llarp_time_t now) const;
|
|
|
|
std::string
|
|
bt_encode() const;
|
|
|
|
bool
|
|
BDecode(llarp_buffer_t* buf)
|
|
{
|
|
return bencode_decode_dict(*this, buf);
|
|
}
|
|
|
|
bool
|
|
decode_key(const llarp_buffer_t& key, llarp_buffer_t* buf);
|
|
|
|
bool
|
|
OtherIsNewer(const EncryptedIntroSet& other) const;
|
|
|
|
/// verify signature and timestamp
|
|
bool
|
|
verify(llarp_time_t now) const;
|
|
|
|
static bool
|
|
verify(uint8_t* introset, size_t introset_size, uint8_t* key, uint8_t* sig);
|
|
|
|
static bool
|
|
verify(std::string introset, std::string key, std::string sig);
|
|
|
|
std::string
|
|
ToString() const;
|
|
|
|
util::StatusObject
|
|
ExtractStatus() const;
|
|
|
|
IntroSet
|
|
decrypt(const PubKey& root) const;
|
|
};
|
|
|
|
inline bool
|
|
operator<(const EncryptedIntroSet& lhs, const EncryptedIntroSet& rhs)
|
|
{
|
|
return lhs.derivedSigningKey < rhs.derivedSigningKey;
|
|
}
|
|
|
|
inline bool
|
|
operator==(const EncryptedIntroSet& lhs, const EncryptedIntroSet& rhs)
|
|
{
|
|
return std::tie(lhs.signedAt, lhs.derivedSigningKey, lhs.nonce, lhs.sig)
|
|
== std::tie(rhs.signedAt, rhs.derivedSigningKey, rhs.nonce, rhs.sig);
|
|
}
|
|
|
|
inline bool
|
|
operator!=(const EncryptedIntroSet& lhs, const EncryptedIntroSet& rhs)
|
|
{
|
|
return !(lhs == rhs);
|
|
}
|
|
|
|
using EncryptedIntroSetLookupHandler = std::function<void(const std::vector<EncryptedIntroSet>&)>;
|
|
using IntroSetLookupHandler = std::function<void(const std::vector<IntroSet>&)>;
|
|
|
|
} // namespace llarp::service
|
|
|
|
template <>
|
|
constexpr inline bool llarp::IsToStringFormattable<llarp::service::IntroSet> = true;
|
|
template <>
|
|
constexpr inline bool llarp::IsToStringFormattable<llarp::service::EncryptedIntroSet> = true;
|