diff --git a/external/oxen-libquic b/external/oxen-libquic index f64ecf62f0..b01fd9e349 160000 --- a/external/oxen-libquic +++ b/external/oxen-libquic @@ -1 +1 @@ -Subproject commit f64ecf62f00534fb09ef371322d276bc58549b9e +Subproject commit b01fd9e349515034d2412eb3bc1e5784287caf95 diff --git a/llarp/crypto/crypto.cpp b/llarp/crypto/crypto.cpp index 10bc5a09be..da583b2d1d 100644 --- a/llarp/crypto/crypto.cpp +++ b/llarp/crypto/crypto.cpp @@ -262,9 +262,12 @@ namespace llarp } void crypto::derive_decrypt_outer_wrapping( - const Ed25519SecretKey& local_sk, const PubKey& remote, const SymmNonce& nonce, uspan encrypted) + const Ed25519SecretKey& local_sk, + SharedSecret& shared, + const PubKey& remote, + const SymmNonce& nonce, + uspan encrypted) { - SharedSecret shared; // derive shared secret using ephemeral pubkey and our secret key (and nonce) if (!crypto::dh_server(shared, remote, local_sk, nonce)) { diff --git a/llarp/crypto/crypto.hpp b/llarp/crypto/crypto.hpp index efbcabbb16..e0faaf3776 100644 --- a/llarp/crypto/crypto.hpp +++ b/llarp/crypto/crypto.hpp @@ -73,7 +73,11 @@ namespace llarp /// pubkey and the provided nonce. The encrypted payload is mutated in-place. Will throw on failure of either /// the server DH derivation or the xchacha20 payload mutation void derive_decrypt_outer_wrapping( - const Ed25519SecretKey& local, const PubKey& remote, const SymmNonce& nonce, uspan encrypted); + const Ed25519SecretKey& local, + SharedSecret& shared, + const PubKey& remote, + const SymmNonce& nonce, + uspan encrypted); bool make_scalar(AlignedBuffer<32>& out, const PubKey& k, uint64_t i); diff --git a/llarp/handlers/session.cpp b/llarp/handlers/session.cpp index 851f6516b9..e5dc1546f4 100644 --- a/llarp/handlers/session.cpp +++ b/llarp/handlers/session.cpp @@ -36,6 +36,12 @@ namespace llarp::handlers _running = false; + if (_cc_publisher) + { + log::debug(logcat, "ClientContact publish ticker stopped!"); + _cc_publisher->stop(); + } + Lock_t l{paths_mutex}; _sessions.stop_sessions(send_close); diff --git a/llarp/link/link_manager.cpp b/llarp/link/link_manager.cpp index dbf831b73e..28e1283b38 100644 --- a/llarp/link/link_manager.cpp +++ b/llarp/link/link_manager.cpp @@ -1267,16 +1267,16 @@ namespace llarp log::trace(logcat, "Deserializing frame: {}", buffer_printer{frames.front()}); SymmNonce nonce; - PubKey remote_pk; ustring hop_payload; + SharedSecret shared; - std::tie(nonce, remote_pk, hop_payload) = + std::tie(nonce, shared, hop_payload) = PathBuildMessage::deserialize_hop(oxenc::bt_dict_consumer{frames.front()}, _router.identity()); log::trace(logcat, "Deserializing hop payload: {}", buffer_printer{hop_payload}); auto hop = path::TransitHop::deserialize_hop( - oxenc::bt_dict_consumer{hop_payload}, from, _router, remote_pk, nonce); + oxenc::bt_dict_consumer{hop_payload}, from, _router, std::move(shared)); hop->started = _router.now(); set_conn_persist(hop->downstream(), hop->expiry_time() + 10s); diff --git a/llarp/messages/common.hpp b/llarp/messages/common.hpp index 48f37d01a2..c70ccac66e 100644 --- a/llarp/messages/common.hpp +++ b/llarp/messages/common.hpp @@ -48,6 +48,8 @@ namespace llarp return std::move(btdp).str(); } + // inline static std::string serialize(const SymmNonce& nonce, std::string_view) + inline static std::string serialize(const SymmNonce& nonce, const HopID& hop_id, const ustring_view& payload) { return serialize( diff --git a/llarp/messages/path.hpp b/llarp/messages/path.hpp index 1b5efa2435..802958732b 100644 --- a/llarp/messages/path.hpp +++ b/llarp/messages/path.hpp @@ -122,8 +122,8 @@ namespace llarp - Generate the XOR nonce by hashing the symmetric key from DH (`hop.shared`) and truncating Bt-encoded contents: + - 'k' : shared pubkey used to derive symmetric key - 'n' : symmetric nonce used for DH key-exchange - - 's' : shared pubkey used to derive symmetric key - 'x' : encrypted payload - 'l' : path lifetime - 'r' : rxID (the path ID for messages going *to* the hop) @@ -171,26 +171,26 @@ namespace llarp buffer_printer{hop_payload}); oxenc::bt_dict_producer btdp; - + btdp.append("k", ephemeral_key.to_pubkey().to_view()); btdp.append("n", hop.nonce.to_view()); - btdp.append("s", ephemeral_key.to_pubkey().to_view()); btdp.append("x", hop_payload); return std::move(btdp).str(); } - inline static std::tuple deserialize_hop( + inline static std::tuple deserialize_hop( oxenc::bt_dict_consumer&& btdc, const Ed25519SecretKey& local_sk) { SymmNonce nonce; PubKey remote_pk; ustring hop_payload; + SharedSecret shared; try { + remote_pk.from_string(btdc.require("k")); nonce.from_string(btdc.require("n")); - remote_pk.from_string(btdc.require("s")); - hop_payload = btdc.require("x"); + hop_payload = btdc.require("x"); } catch (const std::exception& e) { @@ -207,7 +207,7 @@ namespace llarp try { - crypto::derive_decrypt_outer_wrapping(local_sk, remote_pk, nonce, to_uspan(hop_payload)); + crypto::derive_decrypt_outer_wrapping(local_sk, shared, remote_pk, nonce, to_uspan(hop_payload)); } catch (...) { @@ -222,7 +222,7 @@ namespace llarp remote_pk.to_string(), buffer_printer{hop_payload}); - return {std::move(nonce), std::move(remote_pk), std::move(hop_payload)}; + return {std::move(nonce), std::move(shared), std::move(hop_payload)}; } } // namespace PathBuildMessage } // namespace llarp diff --git a/llarp/messages/session.hpp b/llarp/messages/session.hpp index 60db08131f..11a0049191 100644 --- a/llarp/messages/session.hpp +++ b/llarp/messages/session.hpp @@ -82,6 +82,7 @@ namespace llarp SymmNonce nonce; RouterID shared_pubkey; ustring payload; + SharedSecret shared; try { @@ -89,7 +90,7 @@ namespace llarp shared_pubkey = RouterID{btdc.require("s")}; payload = btdc.require("x"); - crypto::derive_decrypt_outer_wrapping(local, shared_pubkey, nonce, to_uspan(payload)); + crypto::derive_decrypt_outer_wrapping(local, shared, shared_pubkey, nonce, to_uspan(payload)); { RouterID remote; diff --git a/llarp/path/path.cpp b/llarp/path/path.cpp index 9541fa6c45..218264d7dd 100644 --- a/llarp/path/path.cpp +++ b/llarp/path/path.cpp @@ -219,11 +219,9 @@ namespace llarp::path }); } - bool Path::is_ready() const + bool Path::is_ready(std::chrono::milliseconds now) const { - // if (is_expired(llarp::time_now_ms())) - // return false; - return _established; + return _established ? is_expired(now) : false; } RouterID Path::upstream_rid() diff --git a/llarp/path/path.hpp b/llarp/path/path.hpp index b135dffbda..dc2e7237cb 100644 --- a/llarp/path/path.hpp +++ b/llarp/path/path.hpp @@ -126,7 +126,7 @@ namespace llarp bool send_path_data_message(std::string body); - bool is_ready() const; + bool is_ready(std::chrono::milliseconds now = llarp::time_now_ms()) const; RouterID upstream_rid(); const RouterID& upstream_rid() const; diff --git a/llarp/path/path_context.cpp b/llarp/path/path_context.cpp index 56267f4af2..86cf03108f 100644 --- a/llarp/path/path_context.cpp +++ b/llarp/path/path_context.cpp @@ -57,22 +57,6 @@ namespace llarp::path } } - intro_set PathContext::get_recent_ccs() const - { - Lock_t l{paths_mutex}; - - intro_set intros; - auto now = llarp::time_now_ms(); - - for (auto& [_, p] : _path_map) - { - if (p->is_ready() and not p->is_expired(now)) - intros.emplace(p->intro); - } - - return intros; - } - void PathContext::drop_path(const std::shared_ptr& path) { Lock_t l{paths_mutex}; diff --git a/llarp/path/path_context.hpp b/llarp/path/path_context.hpp index fc54a36bf9..90321369de 100644 --- a/llarp/path/path_context.hpp +++ b/llarp/path/path_context.hpp @@ -47,8 +47,6 @@ namespace llarp::path void drop_paths(std::vector> droplist); - intro_set get_recent_ccs() const; - private: const RouterID _local_rid; diff --git a/llarp/path/path_handler.cpp b/llarp/path/path_handler.cpp index 48d4682304..4c9579e5be 100644 --- a/llarp/path/path_handler.cpp +++ b/llarp/path/path_handler.cpp @@ -263,7 +263,7 @@ namespace llarp::path for (const auto& [_, p] : _paths) { - if (p->is_ready() and not p->intro.is_expired(now)) + if (p and p->is_ready(now)) intros.emplace(p->intro); } @@ -350,7 +350,8 @@ namespace llarp::path for (auto& [_, p] : _paths) { - dissociate_hop_ids(p); + if (p) + dissociate_hop_ids(p); } _paths.clear(); @@ -555,7 +556,7 @@ namespace llarp::path // the same entity from knowing they are part of the same path // (unless they're adjacent in the path; nothing we can do about that obviously). - // i from n_hops downto 0 + // i from n_hops down to 0 for (int i = n_hops - 1; i >= 0; --i) { const auto& next_rid = i == n_hops - 1 ? path_hops[i].rc.router_id() : path_hops[i + 1].rc.router_id(); diff --git a/llarp/path/path_handler.hpp b/llarp/path/path_handler.hpp index 3b82e07212..aca8398578 100644 --- a/llarp/path/path_handler.hpp +++ b/llarp/path/path_handler.hpp @@ -130,7 +130,7 @@ namespace llarp Router& _router; size_t num_hops; std::chrono::milliseconds last_build{0s}; - std::chrono::milliseconds build_interval_limit = MIN_PATH_BUILD_INTERVAL; + std::chrono::milliseconds build_interval_limit{MIN_PATH_BUILD_INTERVAL}; std::set snode_blacklist; diff --git a/llarp/path/path_types.hpp b/llarp/path/path_types.hpp index 1956834300..3f17d63b41 100644 --- a/llarp/path/path_types.hpp +++ b/llarp/path/path_types.hpp @@ -31,7 +31,7 @@ namespace llarp /// next hop's router id RouterID upstream; // lifetime - std::chrono::milliseconds lifetime = DEFAULT_LIFETIME; + std::chrono::milliseconds lifetime{DEFAULT_LIFETIME}; nlohmann::json ExtractStatus() const; @@ -51,8 +51,8 @@ namespace llarp }; // milliseconds waiting between builds on a path per router - static constexpr auto MIN_PATH_BUILD_INTERVAL = 500ms; - static constexpr auto PATH_BUILD_RATE = 100ms; + static constexpr auto MIN_PATH_BUILD_INTERVAL{500ms}; + static constexpr auto PATH_BUILD_RATE{100ms}; } // namespace path } // namespace llarp diff --git a/llarp/path/transit_hop.cpp b/llarp/path/transit_hop.cpp index dc46efd374..9867772e9a 100644 --- a/llarp/path/transit_hop.cpp +++ b/llarp/path/transit_hop.cpp @@ -10,7 +10,7 @@ namespace llarp::path static auto logcat = log::Cat("transit-hop"); std::shared_ptr TransitHop::deserialize_hop( - oxenc::bt_dict_consumer&& btdc, const RouterID& src, Router& r, const PubKey& remote_pk, const SymmNonce& nonce) + oxenc::bt_dict_consumer&& btdc, const RouterID& src, Router& r, SharedSecret secret) { auto hop = std::make_shared(); @@ -34,13 +34,14 @@ namespace llarp::path throw std::runtime_error{PathBuildMessage::BAD_LIFETIME}; hop->downstream() = src; + hop->shared = std::move(secret); if (r.path_context()->has_transit_hop(hop)) throw std::runtime_error{PathBuildMessage::BAD_PATHID}; // TODO: get this from the first dh - if (!crypto::dh_server(hop->shared, remote_pk, r.identity(), nonce)) - throw std::runtime_error{PathBuildMessage::BAD_CRYPTO}; + // if (!crypto::dh_server(hop->shared, remote_pk, r.identity(), nonce)) + // throw std::runtime_error{PathBuildMessage::BAD_CRYPTO}; // generate hash of hop key for nonce mutation ShortHash xor_hash; diff --git a/llarp/path/transit_hop.hpp b/llarp/path/transit_hop.hpp index 13da518f30..d651c0903d 100644 --- a/llarp/path/transit_hop.hpp +++ b/llarp/path/transit_hop.hpp @@ -27,19 +27,15 @@ namespace llarp // This static factory function is used in path-build logic. The exceptions thrown are the exact response // bodies passed to message::respond(...) function static std::shared_ptr deserialize_hop( - oxenc::bt_dict_consumer&& btdc, - const RouterID& src, - Router& r, - const PubKey& remote_pk, - const SymmNonce& nonce); + oxenc::bt_dict_consumer&& btdc, const RouterID& src, Router& r, SharedSecret secret); SharedSecret shared; SymmNonce nonceXOR; - std::chrono::milliseconds started = 0s; + std::chrono::milliseconds started{0s}; // 10 minutes default - std::chrono::milliseconds lifetime = DEFAULT_LIFETIME; + std::chrono::milliseconds lifetime{DEFAULT_LIFETIME}; uint8_t version; - std::chrono::milliseconds _last_activity = 0s; + std::chrono::milliseconds _last_activity{0s}; bool terminal_hop{false}; RouterID& upstream() { return _upstream; } diff --git a/llarp/router/router.cpp b/llarp/router/router.cpp index b4696c71d7..951cff1a18 100644 --- a/llarp/router/router.cpp +++ b/llarp/router/router.cpp @@ -218,7 +218,7 @@ namespace llarp } else { - _session_endpoint->start_tickers(); + // _session_endpoint->start_tickers(); // Resolve needed ONS values now that we have the necessary things prefigured _session_endpoint->resolve_ons_mappings(); }