From d0d7bf9b58d5bcc4e4e72caf835a12cec3383d08 Mon Sep 17 00:00:00 2001
From: jdl <jdl@desktop>
Date: Tue, 17 Dec 2024 09:08:45 +0100
Subject: [PATCH] Enabled crypto on conn reader/writer. Working.

---
 node/cmd/client/main.go |  4 ++--
 node/conn.go            | 30 +++++++++++++++++-------
 node/crypto_test.go     |  3 +++
 node/peer.go            |  8 +++----
 node/tmp-server.go      | 51 ++++++++++++++++++++++++++++++-----------
 5 files changed, 69 insertions(+), 27 deletions(-)

diff --git a/node/cmd/client/main.go b/node/cmd/client/main.go
index e98c2cd..66d0493 100644
--- a/node/cmd/client/main.go
+++ b/node/cmd/client/main.go
@@ -10,6 +10,6 @@ func main() {
 	if len(os.Args) != 2 {
 		log.Fatalf("Usage: %s <addr:port>", os.Args[0])
 	}
-	n := node.NewTmpNodeClient()
-	n.RunClient(os.Args[1])
+	n := node.NewTmpNodeClient(os.Args[1])
+	n.RunClient()
 }
diff --git a/node/conn.go b/node/conn.go
index 8c23d1d..3e95220 100644
--- a/node/conn.go
+++ b/node/conn.go
@@ -50,12 +50,9 @@ func (w *connWriter) WriteTo(remoteIP, packetType byte, data []byte) error {
 		ViaIP:      0,
 		DestIP:     remoteIP,
 		PacketType: packetType,
-		DataSize:   uint16(len(data)),
 	}
 
-	buf := w.buf[:len(data)+headerSize]
-	h.Marshal(buf)
-	copy(buf[headerSize:], data)
+	buf := encryptPacket(&h, peer.SharedKey, data, w.buf)
 
 	_, err := w.WriteToUDPAddrPort(buf, *peer.Addr)
 	return err
@@ -68,6 +65,7 @@ type connReader struct {
 	localIP   byte
 	dupChecks [256]*dupCheck
 	lookup    func(byte) *peer
+	buf       []byte
 }
 
 func newConnReader(conn *net.UDPConn, localIP byte, lookup func(byte) *peer) *connReader {
@@ -75,6 +73,7 @@ func newConnReader(conn *net.UDPConn, localIP byte, lookup func(byte) *peer) *co
 		UDPConn: conn,
 		localIP: localIP,
 		lookup:  lookup,
+		buf:     make([]byte, bufferSize),
 	}
 	for i := range r.dupChecks {
 		r.dupChecks[i] = newDupCheck(0)
@@ -91,19 +90,34 @@ func (r *connReader) Read(buf []byte) (remoteAddr netip.AddrPort, h header, data
 			return
 		}
 
-		buf = buf[:n]
+		data = buf[:n]
 
 		if n < headerSize {
 			continue // Packet it soo short.
 		}
 
-		h.Parse(buf)
-		data = buf[headerSize:]
-		if len(data) != int(h.DataSize) {
+		h.Parse(data)
+		if len(data) != headerSize+int(h.DataSize) {
+			log.Printf("Incorrect size")
 			continue // Packet is corrupt.
 		}
 
+		peer := r.lookup(h.SourceIP)
+		if peer == nil {
+			log.Printf("No peer...")
+			continue
+		}
+
+		out, ok := decryptPacket(peer.SharedKey, data, r.buf)
+		if !ok {
+			log.Printf("Decrypt failed...")
+			continue
+		}
+
+		out, data = data, out
+
 		if r.dupChecks[h.SourceIP].IsDup(h.Counter) {
+			log.Printf("Duplicate...")
 			continue
 		}
 
diff --git a/node/crypto_test.go b/node/crypto_test.go
index 502dca5..f0ee9f6 100644
--- a/node/crypto_test.go
+++ b/node/crypto_test.go
@@ -3,6 +3,7 @@ package node
 import (
 	"bytes"
 	"crypto/rand"
+	"log"
 	"reflect"
 	"testing"
 
@@ -20,6 +21,8 @@ func TestEncryptDecryptPacket(t *testing.T) {
 		t.Fatal(err)
 	}
 
+	log.Printf("\n%#v\n%#v\n%#v\n%#v\n", pubKey1, privKey1, pubKey2, privKey2)
+
 	sharedEncKey := [32]byte{}
 	box.Precompute(&sharedEncKey, pubKey2, privKey1)
 
diff --git a/node/peer.go b/node/peer.go
index d93f2df..7f8be25 100644
--- a/node/peer.go
+++ b/node/peer.go
@@ -6,9 +6,9 @@ import (
 )
 
 type peer struct {
-	IP   byte
-	Addr *netip.AddrPort // If we have direct connection, otherwise use mediator.
-	// TODO: SharedKey []byte
+	IP        byte
+	Addr      *netip.AddrPort // If we have direct connection, otherwise use mediator.
+	SharedKey []byte
 }
 
 type peerRepo [256]*atomic.Pointer[peer]
@@ -25,6 +25,6 @@ func (pr peerRepo) Get(ip byte) *peer {
 	return pr[ip].Load()
 }
 
-func (pr peerRepo) Set(ip byte, p *peer) {
+func (pr *peerRepo) Set(ip byte, p *peer) {
 	pr[ip].Store(p)
 }
diff --git a/node/tmp-server.go b/node/tmp-server.go
index 04f6c0a..acae4e5 100644
--- a/node/tmp-server.go
+++ b/node/tmp-server.go
@@ -15,6 +15,10 @@ var (
 	clientIP = byte(2)
 	port     = uint16(5151)
 	netName  = "testnet"
+	pubKey1  = []byte{0x43, 0xde, 0xd4, 0xb2, 0x1d, 0x71, 0x58, 0x9a, 0x96, 0x3a, 0x23, 0xfc, 0x2, 0xe, 0xfa, 0x42, 0x3, 0x94, 0xbc, 0xf8, 0x25, 0xf, 0x54, 0xcc, 0x98, 0x42, 0x8b, 0xe5, 0x27, 0x86, 0x49, 0x33}
+	privKey1 = []byte{0xae, 0x4d, 0xc5, 0xaa, 0xc9, 0xbc, 0x65, 0x41, 0x55, 0xb, 0x61, 0x52, 0xc4, 0x6c, 0xce, 0x2f, 0x1b, 0xf5, 0xb3, 0xbf, 0xb5, 0x54, 0x61, 0x7c, 0x26, 0x2e, 0xba, 0x5a, 0x19, 0xe2, 0x9c, 0xe0}
+	pubKey2  = []byte{0x8c, 0xfe, 0x12, 0xd9, 0x2d, 0x37, 0x5, 0x43, 0xab, 0x70, 0x59, 0x20, 0x3d, 0x82, 0x93, 0x9b, 0xb3, 0xaa, 0x35, 0x23, 0xc1, 0xb4, 0x4, 0x1f, 0x92, 0x97, 0x6f, 0xfd, 0x55, 0x17, 0x5a, 0x4b}
+	privKey2 = []byte{0xd9, 0xe1, 0xc6, 0x64, 0x3e, 0x29, 0x29, 0x78, 0x81, 0x53, 0xc2, 0x31, 0xd9, 0x34, 0x5b, 0x41, 0xf5, 0x80, 0xb0, 0x27, 0x9f, 0x65, 0x85, 0xd4, 0x78, 0xd5, 0x9, 0x2, 0xca, 0x56, 0x42, 0x80}
 )
 
 func must(err error) {
@@ -30,10 +34,14 @@ type TmpNode struct {
 	port    uint16
 	netName string
 	iface   io.ReadWriteCloser
+	pubKey  []byte
+	privKey []byte
 	w       *connWriter
 	r       *connReader
 }
 
+// ----------------------------------------------------------------------------
+
 func NewTmpNodeServer() *TmpNode {
 	n := &TmpNode{
 		localIP: serverIP,
@@ -41,6 +49,8 @@ func NewTmpNodeServer() *TmpNode {
 		peers:   newPeerRepo(),
 		port:    port,
 		netName: netName,
+		pubKey:  pubKey1,
+		privKey: privKey1,
 	}
 
 	var err error
@@ -56,16 +66,25 @@ func NewTmpNodeServer() *TmpNode {
 	n.w = newConnWriter(conn, n.localIP, n.peers.Get)
 	n.r = newConnReader(conn, n.localIP, n.peers.Get)
 
+	n.peers.Set(clientIP, &peer{
+		IP:        clientIP,
+		SharedKey: computeSharedKey(pubKey2, n.privKey),
+	})
+
 	return n
 }
 
-func NewTmpNodeClient() *TmpNode {
+// ----------------------------------------------------------------------------
+
+func NewTmpNodeClient(srvAddrStr string) *TmpNode {
 	n := &TmpNode{
 		localIP: clientIP,
 		network: network,
 		peers:   newPeerRepo(),
 		port:    port,
 		netName: netName,
+		pubKey:  pubKey2,
+		privKey: privKey2,
 	}
 
 	var err error
@@ -81,9 +100,20 @@ func NewTmpNodeClient() *TmpNode {
 	n.w = newConnWriter(conn, n.localIP, n.peers.Get)
 	n.r = newConnReader(conn, n.localIP, n.peers.Get)
 
+	serverAddr, err := netip.ParseAddrPort(fmt.Sprintf("%s:%d", srvAddrStr, port))
+	must(err)
+
+	n.peers.Set(serverIP, &peer{
+		IP:        serverIP,
+		Addr:      &serverAddr,
+		SharedKey: computeSharedKey(pubKey1, n.privKey),
+	})
+
 	return n
 }
 
+// ----------------------------------------------------------------------------
+
 func (n *TmpNode) RunServer() {
 	defer func() {
 		if r := recover(); r != nil {
@@ -100,15 +130,18 @@ func (n *TmpNode) RunServer() {
 	must(err)
 
 	n.peers.Set(h.SourceIP, &peer{
-		IP:   h.SourceIP,
-		Addr: &remoteAddr,
+		IP:        h.SourceIP,
+		Addr:      &remoteAddr,
+		SharedKey: computeSharedKey(pubKey2, n.privKey),
 	})
 
 	go n.readFromIFace()
 	n.readFromConn()
 }
 
-func (n *TmpNode) RunClient(srvAddrStr string) {
+// ----------------------------------------------------------------------------
+
+func (n *TmpNode) RunClient() {
 	defer func() {
 		if r := recover(); r != nil {
 			fmt.Printf("%v", r)
@@ -116,15 +149,7 @@ func (n *TmpNode) RunClient(srvAddrStr string) {
 		}
 	}()
 
-	serverAddr, err := netip.ParseAddrPort(fmt.Sprintf("%s:%d", srvAddrStr, port))
-	must(err)
-
-	log.Printf("Setting %d => %v", serverIP, serverAddr)
-	n.peers.Set(serverIP, &peer{
-		IP:   serverIP,
-		Addr: &serverAddr,
-	})
-
+	log.Printf("Sending to server...")
 	must(n.w.WriteTo(serverIP, 1, []byte{1, 2, 3, 4, 5, 6, 7, 8}))
 
 	go n.readFromIFace()