Major update - symmetric encryption, UDP hole punching, code cleanup.

Reviewed-on: #1
2024-12-24 18:37:43 +00:00
parent ee4f5e012c
commit 3bd73cfd34
48 changed files with 1739 additions and 1291 deletions
--- a/hub/api/api.go
+++ b/hub/api/api.go
@@ -15,7 +15,6 @@ import (
 	"git.crumpington.com/lib/go/sqliteutil"
 	"golang.org/x/crypto/bcrypt"
 	"golang.org/x/crypto/nacl/box"
-	"golang.org/x/crypto/nacl/sign"
 )

 //go:embed migrations
@@ -146,7 +145,7 @@ type PeerCreateArgs struct {
 	Name     string
 	PublicIP []byte
 	Port     uint16
-	Mediator bool
+	Relay    bool
 }

 // Create the intention to add a peer. The returned code is used to complete
@@ -184,11 +183,6 @@ func (a *API) Peer_Create(creationCode string) (*m.PeerConfig, error) {
 		return nil, err
 	}

-	signPubKey, signPrivKey, err := sign.GenerateKey(rand.Reader)
-	if err != nil {
-		return nil, err
-	}
-
 	// Get peer IP.
 	peerIP := byte(0)

@@ -208,15 +202,14 @@ func (a *API) Peer_Create(creationCode string) (*m.PeerConfig, error) {
 	}

 	peer := &Peer{
-		PeerIP:     peerIP,
-		Version:    idgen.NextID(0),
-		APIKey:     idgen.NewToken(),
-		Name:       args.Name,
-		PublicIP:   args.PublicIP,
-		Port:       args.Port,
-		Mediator:   args.Mediator,
-		EncPubKey:  encPubKey[:],
-		SignPubKey: signPubKey[:],
+		PeerIP:   peerIP,
+		Version:  idgen.NextID(0),
+		APIKey:   idgen.NewToken(),
+		Name:     args.Name,
+		PublicIP: args.PublicIP,
+		Port:     args.Port,
+		Relay:    args.Relay,
+		PubKey:   encPubKey[:],
 	}

 	if err := db.Peer_Insert(a.db, peer); err != nil {
@@ -226,17 +219,15 @@ func (a *API) Peer_Create(creationCode string) (*m.PeerConfig, error) {
 	conf := a.Config_Get()

 	return &m.PeerConfig{
-		PeerIP:      peer.PeerIP,
-		HubAddress:  conf.HubAddress,
-		APIKey:      peer.APIKey,
-		Network:     conf.VPNNetwork,
-		PublicIP:    peer.PublicIP,
-		Port:        peer.Port,
-		Mediator:    peer.Mediator,
-		EncPubKey:   encPubKey[:],
-		EncPrivKey:  encPrivKey[:],
-		SignPubKey:  signPubKey[:],
-		SignPrivKey: signPrivKey[:],
+		PeerIP:     peer.PeerIP,
+		HubAddress: conf.HubAddress,
+		APIKey:     peer.APIKey,
+		Network:    conf.VPNNetwork,
+		PublicIP:   peer.PublicIP,
+		Port:       peer.Port,
+		Relay:   peer.Relay,
+		PubKey:     encPubKey[:],
+		PrivKey:    encPrivKey[:],
 	}, nil
 }

--- a/hub/api/db/generated.go
+++ b/hub/api/db/generated.go
@@ -307,18 +307,17 @@ func Session_List(
 // ----------------------------------------------------------------------------

 type Peer struct {
-	PeerIP     byte
-	Version    int64
-	APIKey     string
-	Name       string
-	PublicIP   []byte
-	Port       uint16
-	Mediator   bool
-	EncPubKey  []byte
-	SignPubKey []byte
+	PeerIP   byte
+	Version  int64
+	APIKey   string
+	Name     string
+	PublicIP []byte
+	Port     uint16
+	Relay    bool
+	PubKey   []byte
 }

-const Peer_SelectQuery = "SELECT PeerIP,Version,APIKey,Name,PublicIP,Port,Mediator,EncPubKey,SignPubKey FROM peers"
+const Peer_SelectQuery = "SELECT PeerIP,Version,APIKey,Name,PublicIP,Port,Relay,PubKey FROM peers"

 func Peer_Insert(
 	tx TX,
@@ -329,7 +328,7 @@ func Peer_Insert(
 		return err
 	}

-	_, err = tx.Exec("INSERT INTO peers(PeerIP,Version,APIKey,Name,PublicIP,Port,Mediator,EncPubKey,SignPubKey) VALUES(?,?,?,?,?,?,?,?,?)", row.PeerIP, row.Version, row.APIKey, row.Name, row.PublicIP, row.Port, row.Mediator, row.EncPubKey, row.SignPubKey)
+	_, err = tx.Exec("INSERT INTO peers(PeerIP,Version,APIKey,Name,PublicIP,Port,Relay,PubKey) VALUES(?,?,?,?,?,?,?,?)", row.PeerIP, row.Version, row.APIKey, row.Name, row.PublicIP, row.Port, row.Relay, row.PubKey)
 	return err
 }

@@ -342,7 +341,7 @@ func Peer_Update(
 		return err
 	}

-	result, err := tx.Exec("UPDATE peers SET Version=?,Name=?,PublicIP=?,Port=?,Mediator=? WHERE PeerIP=?", row.Version, row.Name, row.PublicIP, row.Port, row.Mediator, row.PeerIP)
+	result, err := tx.Exec("UPDATE peers SET Version=?,Name=?,PublicIP=?,Port=?,Relay=? WHERE PeerIP=?", row.Version, row.Name, row.PublicIP, row.Port, row.Relay, row.PeerIP)
 	if err != nil {
 		return err
 	}
@@ -370,7 +369,7 @@ func Peer_UpdateFull(
 		return err
 	}

-	result, err := tx.Exec("UPDATE peers SET Version=?,APIKey=?,Name=?,PublicIP=?,Port=?,Mediator=?,EncPubKey=?,SignPubKey=? WHERE PeerIP=?", row.Version, row.APIKey, row.Name, row.PublicIP, row.Port, row.Mediator, row.EncPubKey, row.SignPubKey, row.PeerIP)
+	result, err := tx.Exec("UPDATE peers SET Version=?,APIKey=?,Name=?,PublicIP=?,Port=?,Relay=?,PubKey=? WHERE PeerIP=?", row.Version, row.APIKey, row.Name, row.PublicIP, row.Port, row.Relay, row.PubKey, row.PeerIP)
 	if err != nil {
 		return err
 	}
@@ -420,8 +419,8 @@ func Peer_Get(
 	err error,
 ) {
 	row = &Peer{}
-	r := tx.QueryRow("SELECT PeerIP,Version,APIKey,Name,PublicIP,Port,Mediator,EncPubKey,SignPubKey FROM peers WHERE PeerIP=?", PeerIP)
-	err = r.Scan(&row.PeerIP, &row.Version, &row.APIKey, &row.Name, &row.PublicIP, &row.Port, &row.Mediator, &row.EncPubKey, &row.SignPubKey)
+	r := tx.QueryRow("SELECT PeerIP,Version,APIKey,Name,PublicIP,Port,Relay,PubKey FROM peers WHERE PeerIP=?", PeerIP)
+	err = r.Scan(&row.PeerIP, &row.Version, &row.APIKey, &row.Name, &row.PublicIP, &row.Port, &row.Relay, &row.PubKey)
 	return
 }

@@ -435,7 +434,7 @@ func Peer_GetWhere(
 ) {
 	row = &Peer{}
 	r := tx.QueryRow(query, args...)
-	err = r.Scan(&row.PeerIP, &row.Version, &row.APIKey, &row.Name, &row.PublicIP, &row.Port, &row.Mediator, &row.EncPubKey, &row.SignPubKey)
+	err = r.Scan(&row.PeerIP, &row.Version, &row.APIKey, &row.Name, &row.PublicIP, &row.Port, &row.Relay, &row.PubKey)
 	return
 }

@@ -455,7 +454,7 @@ func Peer_Iterate(
 		defer rows.Close()
 		for rows.Next() {
 			row := &Peer{}
-			err := rows.Scan(&row.PeerIP, &row.Version, &row.APIKey, &row.Name, &row.PublicIP, &row.Port, &row.Mediator, &row.EncPubKey, &row.SignPubKey)
+			err := rows.Scan(&row.PeerIP, &row.Version, &row.APIKey, &row.Name, &row.PublicIP, &row.Port, &row.Relay, &row.PubKey)
 			if !yield(row, err) {
 				return
 			}
--- a/hub/api/db/sanitize-validate.go
+++ b/hub/api/db/sanitize-validate.go
@@ -51,7 +51,7 @@ func Peer_Sanitize(p *Peer) {
 		}
 	}
 	if p.Port == 0 {
-		p.Port = 515
+		p.Port = 456
 	}
 }

--- a/hub/api/db/tables.defs
+++ b/hub/api/db/tables.defs
@@ -20,7 +20,6 @@ TABLE peers OF Peer (
  Name       string,
  PublicIP   []byte,
  Port       uint16,
-  Mediator   bool,
-  EncPubKey  []byte NoUpdate,
-  SignPubKey []byte NoUpdate
+  Relay      bool,
+  PubKey     []byte NoUpdate
 );
--- a/hub/api/db/written.go
+++ b/hub/api/db/written.go
@@ -1,12 +1,12 @@
 package db

-import "vppn/fasttime"
+import "time"

 func Session_UpdateLastSeenAt(
 	tx TX,
 	id string,
 ) (err error) {
-	_, err = tx.Exec("UPDATE sessions SET LastSeenAt=? WHERE SessionID=?", fasttime.Now(), id)
+	_, err = tx.Exec("UPDATE sessions SET LastSeenAt=? WHERE SessionID=?", time.Now().Unix(), id)
 	return err
 }

--- a/hub/api/migrations/2024-11-30-init.sql
+++ b/hub/api/migrations/2024-11-30-init.sql
@@ -22,7 +22,6 @@ CREATE TABLE peers (
  Name       TEXT    NOT NULL UNIQUE,      -- For humans.
  PublicIP   BLOB    NOT NULL,
  Port       INTEGER NOT NULL,
-  Mediator   INTEGER NOT NULL DEFAULT 0,   -- Boolean if peer will forward packets. Must also have public address.
-  EncPubKey  BLOB    NOT NULL,
-  SignPubKey BLOB    NOT NULL
+  Relay      INTEGER NOT NULL DEFAULT 0,   -- Boolean if peer will forward packets. Must also have public address.
+  PubKey     BLOB    NOT NULL
 ) WITHOUT ROWID;