mirror of
https://github.com/oxen-io/lokinet.git
synced 2024-11-15 12:13:24 +00:00
b81f7025c9
Replaces custom logging system with spdlog-based oxen logging. This commit mainly replaces the backend logging with the spdlog-based system, but doesn't (yet) convert all the existing LogWarn, etc. to use the new format-based logging. New logging statements will look like: llarp::log::warning(cat, "blah: {}", val); where `cat` should be set up in each .cpp or cluster of .cpp files, as described in the oxen-logging README. As part of spdlog we get fmt, which gives us nice format strings, where are applied generously in this commit. Making types printable now requires two steps: - add a ToString() method - add this specialization: template <> constexpr inline bool llarp::IsToStringFormattable<llarp::Whatever> = true; This will then allow the type to be printed as a "{}" value in a fmt::format string. This is applied to all our printable types here, and all of the `operator<<` are removed. This commit also: - replaces various uses of `operator<<` to ToString() - replaces various uses of std::stringstream with either fmt::format or plain std::string - Rename some to_string and toString() methods to ToString() for consistency (and to work with fmt) - Replace `stringify(...)` and `make_exception` usage with fmt::format (and remove stringify/make_exception from util/str.hpp).
157 lines
3.7 KiB
C++
157 lines
3.7 KiB
C++
#include "encrypted_frame.hpp"
|
|
|
|
#include "crypto.hpp"
|
|
#include <llarp/util/logging.hpp>
|
|
#include <llarp/util/mem.hpp>
|
|
|
|
namespace llarp
|
|
{
|
|
bool
|
|
EncryptedFrame::DoEncrypt(const SharedSecret& shared, bool noDH)
|
|
{
|
|
byte_t* hash = data();
|
|
byte_t* noncePtr = hash + SHORTHASHSIZE;
|
|
byte_t* pubkey = noncePtr + TUNNONCESIZE;
|
|
byte_t* body = pubkey + PUBKEYSIZE;
|
|
|
|
auto crypto = CryptoManager::instance();
|
|
|
|
// if noDH flag, means key exchange has already taken place
|
|
// in this case, set pubkey to random noise and choose a
|
|
// random nonce here
|
|
if (noDH)
|
|
{
|
|
crypto->randbytes(noncePtr, TUNNONCESIZE);
|
|
crypto->randbytes(pubkey, PUBKEYSIZE);
|
|
}
|
|
|
|
TunnelNonce nonce(noncePtr);
|
|
|
|
llarp_buffer_t buf;
|
|
buf.base = body;
|
|
buf.cur = buf.base;
|
|
buf.sz = size() - EncryptedFrameOverheadSize;
|
|
|
|
// encrypt body
|
|
if (!crypto->xchacha20(buf, shared, nonce))
|
|
{
|
|
llarp::LogError("encrypt failed");
|
|
return false;
|
|
}
|
|
|
|
// generate message auth
|
|
buf.base = noncePtr;
|
|
buf.cur = buf.base;
|
|
buf.sz = size() - SHORTHASHSIZE;
|
|
|
|
if (!crypto->hmac(hash, buf, shared))
|
|
{
|
|
llarp::LogError("Failed to generate message auth");
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
EncryptedFrame::EncryptInPlace(const SecretKey& ourSecretKey, const PubKey& otherPubkey)
|
|
{
|
|
// format of frame is
|
|
// <32 bytes keyed hash of following data>
|
|
// <32 bytes nonce>
|
|
// <32 bytes pubkey>
|
|
// <N bytes encrypted payload>
|
|
//
|
|
byte_t* hash = data();
|
|
byte_t* noncePtr = hash + SHORTHASHSIZE;
|
|
byte_t* pubkey = noncePtr + TUNNONCESIZE;
|
|
|
|
SharedSecret shared;
|
|
|
|
auto crypto = CryptoManager::instance();
|
|
|
|
// set our pubkey
|
|
memcpy(pubkey, ourSecretKey.toPublic().data(), PUBKEYSIZE);
|
|
// randomize nonce
|
|
crypto->randbytes(noncePtr, TUNNONCESIZE);
|
|
TunnelNonce nonce(noncePtr);
|
|
|
|
// derive shared key
|
|
if (!crypto->dh_client(shared, otherPubkey, ourSecretKey, nonce))
|
|
{
|
|
llarp::LogError("DH failed");
|
|
return false;
|
|
}
|
|
|
|
return DoEncrypt(shared, false);
|
|
}
|
|
|
|
bool
|
|
EncryptedFrame::DoDecrypt(const SharedSecret& shared)
|
|
{
|
|
ShortHash hash(data());
|
|
byte_t* noncePtr = data() + SHORTHASHSIZE;
|
|
byte_t* body = data() + EncryptedFrameOverheadSize;
|
|
TunnelNonce nonce(noncePtr);
|
|
|
|
auto crypto = CryptoManager::instance();
|
|
|
|
llarp_buffer_t buf;
|
|
buf.base = noncePtr;
|
|
buf.cur = buf.base;
|
|
buf.sz = size() - SHORTHASHSIZE;
|
|
|
|
ShortHash digest;
|
|
if (!crypto->hmac(digest.data(), buf, shared))
|
|
{
|
|
llarp::LogError("Digest failed");
|
|
return false;
|
|
}
|
|
|
|
if (!std::equal(digest.begin(), digest.end(), hash.begin()))
|
|
{
|
|
llarp::LogError("message authentication failed");
|
|
return false;
|
|
}
|
|
|
|
buf.base = body;
|
|
buf.cur = body;
|
|
buf.sz = size() - EncryptedFrameOverheadSize;
|
|
|
|
if (!crypto->xchacha20(buf, shared, nonce))
|
|
{
|
|
llarp::LogError("decrypt failed");
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
EncryptedFrame::DecryptInPlace(const SecretKey& ourSecretKey)
|
|
{
|
|
// format of frame is
|
|
// <32 bytes keyed hash of following data>
|
|
// <32 bytes nonce>
|
|
// <32 bytes pubkey>
|
|
// <N bytes encrypted payload>
|
|
//
|
|
byte_t* noncePtr = data() + SHORTHASHSIZE;
|
|
TunnelNonce nonce(noncePtr);
|
|
PubKey otherPubkey(noncePtr + TUNNONCESIZE);
|
|
|
|
SharedSecret shared;
|
|
|
|
auto crypto = CryptoManager::instance();
|
|
|
|
// use dh_server because we are not the creator of this message
|
|
if (!crypto->dh_server(shared, otherPubkey, ourSecretKey, nonce))
|
|
{
|
|
llarp::LogError("DH failed");
|
|
return false;
|
|
}
|
|
|
|
return DoDecrypt(shared);
|
|
}
|
|
} // namespace llarp
|