app/vppn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

Enabled crypto on conn reader/writer. Working.

Browse Source
This commit is contained in:
jdl
2024-12-17 09:08:45 +01:00
parent bb379ec350
commit d0d7bf9b58
5 changed files with 69 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
node/cmd/client/main.go
View File

@@ -10,6 +10,6 @@ func main() {
if len(os.Args) != 2 { if len(os.Args) != 2 {
log.Fatalf("Usage: %s <addr:port>", os.Args[0]) log.Fatalf("Usage: %s <addr:port>", os.Args[0])
} }
n := node.NewTmpNodeClient() n := node.NewTmpNodeClient(os.Args[1])
n.RunClient(os.Args[1]) n.RunClient()
} }

30
node/conn.go
View File

@@ -50,12 +50,9 @@ func (w *connWriter) WriteTo(remoteIP, packetType byte, data []byte) error {
ViaIP: 0, ViaIP: 0,
DestIP: remoteIP, DestIP: remoteIP,
PacketType: packetType, PacketType: packetType,
DataSize: uint16(len(data)),
} }
buf := w.buf[:len(data)+headerSize] buf := encryptPacket(&h, peer.SharedKey, data, w.buf)
h.Marshal(buf)
copy(buf[headerSize:], data)
_, err := w.WriteToUDPAddrPort(buf, *peer.Addr) _, err := w.WriteToUDPAddrPort(buf, *peer.Addr)
return err return err
@@ -68,6 +65,7 @@ type connReader struct {
localIP byte localIP byte
dupChecks [256]*dupCheck dupChecks [256]*dupCheck
lookup func(byte) *peer lookup func(byte) *peer
buf []byte
} }
func newConnReader(conn *net.UDPConn, localIP byte, lookup func(byte) *peer) *connReader { func newConnReader(conn *net.UDPConn, localIP byte, lookup func(byte) *peer) *connReader {
@@ -75,6 +73,7 @@ func newConnReader(conn *net.UDPConn, localIP byte, lookup func(byte) *peer) *co
UDPConn: conn, UDPConn: conn,
localIP: localIP, localIP: localIP,
lookup: lookup, lookup: lookup,
buf: make([]byte, bufferSize),
} }
for i := range r.dupChecks { for i := range r.dupChecks {
r.dupChecks[i] = newDupCheck(0) r.dupChecks[i] = newDupCheck(0)
@@ -91,19 +90,34 @@ func (r *connReader) Read(buf []byte) (remoteAddr netip.AddrPort, h header, data
return return
} }
buf = buf[:n] data = buf[:n]
if n < headerSize { if n < headerSize {
continue // Packet it soo short. continue // Packet it soo short.
} }
h.Parse(buf) h.Parse(data)
data = buf[headerSize:] if len(data) != headerSize+int(h.DataSize) {
if len(data) != int(h.DataSize) { log.Printf("Incorrect size")
continue // Packet is corrupt. continue // Packet is corrupt.
} }
peer := r.lookup(h.SourceIP)
if peer == nil {
log.Printf("No peer...")
continue
}
out, ok := decryptPacket(peer.SharedKey, data, r.buf)
if !ok {
log.Printf("Decrypt failed...")
continue
}
out, data = data, out
if r.dupChecks[h.SourceIP].IsDup(h.Counter) { if r.dupChecks[h.SourceIP].IsDup(h.Counter) {
log.Printf("Duplicate...")
continue continue
} }

3
node/crypto_test.go
View File

@@ -3,6 +3,7 @@ package node
import ( import (
"bytes" "bytes"
"crypto/rand" "crypto/rand"
"log"
"reflect" "reflect"
"testing" "testing"
@@ -20,6 +21,8 @@ func TestEncryptDecryptPacket(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
log.Printf("\n%#v\n%#v\n%#v\n%#v\n", pubKey1, privKey1, pubKey2, privKey2)
sharedEncKey := [32]byte{} sharedEncKey := [32]byte{}
box.Precompute(&sharedEncKey, pubKey2, privKey1) box.Precompute(&sharedEncKey, pubKey2, privKey1)

4
node/peer.go
View File

@@ -8,7 +8,7 @@ import (
type peer struct { type peer struct {
IP byte IP byte
Addr *netip.AddrPort // If we have direct connection, otherwise use mediator. Addr *netip.AddrPort // If we have direct connection, otherwise use mediator.
// TODO: SharedKey []byte SharedKey []byte
} }
type peerRepo [256]*atomic.Pointer[peer] type peerRepo [256]*atomic.Pointer[peer]
@@ -25,6 +25,6 @@ func (pr peerRepo) Get(ip byte) *peer {
return pr[ip].Load() return pr[ip].Load()
} }
func (pr peerRepo) Set(ip byte, p *peer) { func (pr *peerRepo) Set(ip byte, p *peer) {
pr[ip].Store(p) pr[ip].Store(p)
} }

47
node/tmp-server.go
View File

@@ -15,6 +15,10 @@ var (
clientIP = byte(2) clientIP = byte(2)
port = uint16(5151) port = uint16(5151)
netName = "testnet" netName = "testnet"
pubKey1 = []byte{0x43, 0xde, 0xd4, 0xb2, 0x1d, 0x71, 0x58, 0x9a, 0x96, 0x3a, 0x23, 0xfc, 0x2, 0xe, 0xfa, 0x42, 0x3, 0x94, 0xbc, 0xf8, 0x25, 0xf, 0x54, 0xcc, 0x98, 0x42, 0x8b, 0xe5, 0x27, 0x86, 0x49, 0x33}
privKey1 = []byte{0xae, 0x4d, 0xc5, 0xaa, 0xc9, 0xbc, 0x65, 0x41, 0x55, 0xb, 0x61, 0x52, 0xc4, 0x6c, 0xce, 0x2f, 0x1b, 0xf5, 0xb3, 0xbf, 0xb5, 0x54, 0x61, 0x7c, 0x26, 0x2e, 0xba, 0x5a, 0x19, 0xe2, 0x9c, 0xe0}
pubKey2 = []byte{0x8c, 0xfe, 0x12, 0xd9, 0x2d, 0x37, 0x5, 0x43, 0xab, 0x70, 0x59, 0x20, 0x3d, 0x82, 0x93, 0x9b, 0xb3, 0xaa, 0x35, 0x23, 0xc1, 0xb4, 0x4, 0x1f, 0x92, 0x97, 0x6f, 0xfd, 0x55, 0x17, 0x5a, 0x4b}
privKey2 = []byte{0xd9, 0xe1, 0xc6, 0x64, 0x3e, 0x29, 0x29, 0x78, 0x81, 0x53, 0xc2, 0x31, 0xd9, 0x34, 0x5b, 0x41, 0xf5, 0x80, 0xb0, 0x27, 0x9f, 0x65, 0x85, 0xd4, 0x78, 0xd5, 0x9, 0x2, 0xca, 0x56, 0x42, 0x80}
) )
func must(err error) { func must(err error) {
@@ -30,10 +34,14 @@ type TmpNode struct {
port uint16 port uint16
netName string netName string
iface io.ReadWriteCloser iface io.ReadWriteCloser
pubKey []byte
privKey []byte
w *connWriter w *connWriter
r *connReader r *connReader
} }
// ----------------------------------------------------------------------------
func NewTmpNodeServer() *TmpNode { func NewTmpNodeServer() *TmpNode {
n := &TmpNode{ n := &TmpNode{
localIP: serverIP, localIP: serverIP,
@@ -41,6 +49,8 @@ func NewTmpNodeServer() *TmpNode {
peers: newPeerRepo(), peers: newPeerRepo(),
port: port, port: port,
netName: netName, netName: netName,
pubKey: pubKey1,
privKey: privKey1,
} }
var err error var err error
@@ -56,16 +66,25 @@ func NewTmpNodeServer() *TmpNode {
n.w = newConnWriter(conn, n.localIP, n.peers.Get) n.w = newConnWriter(conn, n.localIP, n.peers.Get)
n.r = newConnReader(conn, n.localIP, n.peers.Get) n.r = newConnReader(conn, n.localIP, n.peers.Get)
n.peers.Set(clientIP, &peer{
IP: clientIP,
SharedKey: computeSharedKey(pubKey2, n.privKey),
})
return n return n
} }
func NewTmpNodeClient() *TmpNode { // ----------------------------------------------------------------------------
func NewTmpNodeClient(srvAddrStr string) *TmpNode {
n := &TmpNode{ n := &TmpNode{
localIP: clientIP, localIP: clientIP,
network: network, network: network,
peers: newPeerRepo(), peers: newPeerRepo(),
port: port, port: port,
netName: netName, netName: netName,
pubKey: pubKey2,
privKey: privKey2,
} }
var err error var err error
@@ -81,9 +100,20 @@ func NewTmpNodeClient() *TmpNode {
n.w = newConnWriter(conn, n.localIP, n.peers.Get) n.w = newConnWriter(conn, n.localIP, n.peers.Get)
n.r = newConnReader(conn, n.localIP, n.peers.Get) n.r = newConnReader(conn, n.localIP, n.peers.Get)
serverAddr, err := netip.ParseAddrPort(fmt.Sprintf("%s:%d", srvAddrStr, port))
must(err)
n.peers.Set(serverIP, &peer{
IP: serverIP,
Addr: &serverAddr,
SharedKey: computeSharedKey(pubKey1, n.privKey),
})
return n return n
} }
// ----------------------------------------------------------------------------
func (n *TmpNode) RunServer() { func (n *TmpNode) RunServer() {
defer func() { defer func() {
if r := recover(); r != nil { if r := recover(); r != nil {
@@ -102,13 +132,16 @@ func (n *TmpNode) RunServer() {
n.peers.Set(h.SourceIP, &peer{ n.peers.Set(h.SourceIP, &peer{
IP: h.SourceIP, IP: h.SourceIP,
Addr: &remoteAddr, Addr: &remoteAddr,
SharedKey: computeSharedKey(pubKey2, n.privKey),
}) })
go n.readFromIFace() go n.readFromIFace()
n.readFromConn() n.readFromConn()
} }
func (n *TmpNode) RunClient(srvAddrStr string) { // ----------------------------------------------------------------------------
func (n *TmpNode) RunClient() {
defer func() { defer func() {
if r := recover(); r != nil { if r := recover(); r != nil {
fmt.Printf("%v", r) fmt.Printf("%v", r)
@@ -116,15 +149,7 @@ func (n *TmpNode) RunClient(srvAddrStr string) {
} }
}() }()
serverAddr, err := netip.ParseAddrPort(fmt.Sprintf("%s:%d", srvAddrStr, port)) log.Printf("Sending to server...")
must(err)
log.Printf("Setting %d => %v", serverIP, serverAddr)
n.peers.Set(serverIP, &peer{
IP: serverIP,
Addr: &serverAddr,
})
must(n.w.WriteTo(serverIP, 1, []byte{1, 2, 3, 4, 5, 6, 7, 8})) must(n.w.WriteTo(serverIP, 1, []byte{1, 2, 3, 4, 5, 6, 7, 8}))
go n.readFromIFace() go n.readFromIFace()