From 3c7c49684ce431dd68c78e37d5ea4c781cbe0e51 Mon Sep 17 00:00:00 2001 From: John Smith Date: Mon, 13 Mar 2023 16:14:31 -0400 Subject: [PATCH 1/7] try multiple cryptosystems --- veilid-core/Cargo.toml | 2 +- .../src/crypto/{none => }/blake3digest512.rs | 0 veilid-core/src/crypto/mod.rs | 57 ++++- veilid-core/src/crypto/none/mod.rs | 202 ++++++++++-------- veilid-core/src/crypto/tests/test_types.rs | 20 +- .../src/crypto/vld0/blake3digest512.rs | 70 ------ veilid-core/src/crypto/vld0/mod.rs | 16 +- veilid-core/src/lib.rs | 1 - veilid-core/src/veilid_config.rs | 183 +++++++++------- 9 files changed, 281 insertions(+), 270 deletions(-) rename veilid-core/src/crypto/{none => }/blake3digest512.rs (100%) delete mode 100644 veilid-core/src/crypto/vld0/blake3digest512.rs diff --git a/veilid-core/Cargo.toml b/veilid-core/Cargo.toml index b293390d..926c0fd2 100644 --- a/veilid-core/Cargo.toml +++ b/veilid-core/Cargo.toml @@ -10,7 +10,7 @@ license = "LGPL-2.0-or-later OR MPL-2.0 OR (MIT AND BSD-3-Clause)" crate-type = ["cdylib", "staticlib", "rlib"] [features] -default = [ "enable-crypto-vld0" ] +default = [ "enable-crypto-none", "enable-crypto-vld0" ] enable-crypto-vld0 = [] enable-crypto-none = [] rt-async-std = ["async-std", "async-std-resolver", "async_executors/async_std", "rtnetlink?/smol_socket", "veilid-tools/rt-async-std"] diff --git a/veilid-core/src/crypto/none/blake3digest512.rs b/veilid-core/src/crypto/blake3digest512.rs similarity index 100% rename from veilid-core/src/crypto/none/blake3digest512.rs rename to veilid-core/src/crypto/blake3digest512.rs diff --git a/veilid-core/src/crypto/mod.rs b/veilid-core/src/crypto/mod.rs index dbe666f8..ec32c677 100644 --- a/veilid-core/src/crypto/mod.rs +++ b/veilid-core/src/crypto/mod.rs @@ -1,3 +1,4 @@ +mod blake3digest512; mod byte_array_types; mod dh_cache; mod envelope; @@ -6,9 +7,13 @@ mod types; mod value; pub mod crypto_system; +#[cfg(feature = "enable-crypto-none")] +pub mod none; pub mod tests; +#[cfg(feature = "enable-crypto-vld0")] pub mod vld0; +pub use blake3digest512::*; pub use byte_array_types::*; pub use crypto_system::*; pub use dh_cache::*; @@ -16,6 +21,10 @@ pub use envelope::*; pub use receipt::*; pub use types::*; pub use value::*; + +#[cfg(feature = "enable-crypto-none")] +pub use none::*; +#[cfg(feature = "enable-crypto-vld0")] pub use vld0::*; use crate::*; @@ -24,11 +33,26 @@ use hashlink::linked_hash_map::Entry; use hashlink::LruCache; use serde::{Deserialize, Serialize}; -// Handle to a particular cryptosystem +/// Handle to a particular cryptosystem pub type CryptoSystemVersion = Arc; -/// Crypto kinds in order of preference, best cryptosystem is the first one, worst is the last one -pub const VALID_CRYPTO_KINDS: [CryptoKind; 1] = [CRYPTO_KIND_VLD0]; +cfg_if! { + if #[cfg(all(feature = "enable-crypto-none", feature = "enable-crypto-vld0"))] { + /// Crypto kinds in order of preference, best cryptosystem is the first one, worst is the last one + pub const VALID_CRYPTO_KINDS: [CryptoKind; 2] = [CRYPTO_KIND_VLD0, CRYPTO_KIND_NONE]; + } + else if #[cfg(feature = "enable-crypto-none")] { + /// Crypto kinds in order of preference, best cryptosystem is the first one, worst is the last one + pub const VALID_CRYPTO_KINDS: [CryptoKind; 1] = [CRYPTO_KIND_NONE]; + } + else if #[cfg(feature = "enable-crypto-vld0")] { + /// Crypto kinds in order of preference, best cryptosystem is the first one, worst is the last one + pub const VALID_CRYPTO_KINDS: [CryptoKind; 1] = [CRYPTO_KIND_VLD0]; + } + else { + compile_error!("No crypto kinds enabled, specify an enable-crypto- feature"); + } +} /// Number of cryptosystem signatures to keep on structures if many are present beyond the ones we consider valid pub const MAX_CRYPTO_KINDS: usize = 3; /// Return the best cryptosystem kind we support @@ -36,7 +60,7 @@ pub fn best_crypto_kind() -> CryptoKind { VALID_CRYPTO_KINDS[0] } -// Version number of envelope format +/// Version number of envelope format pub type EnvelopeVersion = u8; /// Envelope versions in order of preference, best envelope version is the first one, worst is the last one @@ -51,7 +75,10 @@ pub fn best_envelope_version() -> EnvelopeVersion { struct CryptoInner { dh_cache: DHCache, flush_future: Option>, + #[cfg(feature = "enable-crypto-vld0")] crypto_vld0: Option>, + #[cfg(feature = "enable-crypto-none")] + crypto_none: Option>, } struct CryptoUnlockedInner { @@ -72,7 +99,10 @@ impl Crypto { CryptoInner { dh_cache: DHCache::new(DH_CACHE_SIZE), flush_future: None, + #[cfg(feature = "enable-crypto-vld0")] crypto_vld0: None, + #[cfg(feature = "enable-crypto-none")] + crypto_none: None, } } @@ -90,7 +120,15 @@ impl Crypto { inner: Arc::new(Mutex::new(Self::new_inner())), }; - out.inner.lock().crypto_vld0 = Some(Arc::new(vld0::CryptoSystemVLD0::new(out.clone()))); + #[cfg(feature = "enable-crypto-vld0")] + { + out.inner.lock().crypto_vld0 = Some(Arc::new(vld0::CryptoSystemVLD0::new(out.clone()))); + } + + #[cfg(feature = "enable-crypto-none")] + { + out.inner.lock().crypto_none = Some(Arc::new(none::CryptoSystemNONE::new(out.clone()))); + } out } @@ -203,7 +241,10 @@ impl Crypto { pub fn get(&self, kind: CryptoKind) -> Option { let inner = self.inner.lock(); match kind { + #[cfg(feature = "enable-crypto-vld0")] CRYPTO_KIND_VLD0 => Some(inner.crypto_vld0.clone().unwrap()), + #[cfg(feature = "enable-crypto-none")] + CRYPTO_KIND_NONE => Some(inner.crypto_none.clone().unwrap()), _ => None, } } @@ -262,10 +303,16 @@ impl Crypto { /// Generate keypair /// Does not require startup/init pub fn generate_keypair(crypto_kind: CryptoKind) -> Result { + #[cfg(feature = "enable-crypto-vld0")] if crypto_kind == CRYPTO_KIND_VLD0 { let kp = vld0_generate_keypair(); return Ok(TypedKeyPair::new(crypto_kind, kp)); } + #[cfg(feature = "enable-crypto-none")] + if crypto_kind == CRYPTO_KIND_NONE { + let kp = none_generate_keypair(); + return Ok(TypedKeyPair::new(crypto_kind, kp)); + } Err(VeilidAPIError::generic("invalid crypto kind")) } diff --git a/veilid-core/src/crypto/none/mod.rs b/veilid-core/src/crypto/none/mod.rs index fd2b42a4..e4109b77 100644 --- a/veilid-core/src/crypto/none/mod.rs +++ b/veilid-core/src/crypto/none/mod.rs @@ -1,62 +1,68 @@ -pub mod blake3digest512; -pub use blake3digest512::*; - use super::*; - -use chacha20::cipher::{KeyIvInit, StreamCipher}; -use chacha20::XChaCha20; -use chacha20poly1305 as ch; -use chacha20poly1305::aead::{AeadInPlace, NewAead}; -use core::convert::TryInto; -use curve25519_dalek as cd; use digest::Digest; -use ed25519_dalek as ed; -use x25519_dalek as xd; +use rand::RngCore; -const AEAD_OVERHEAD: usize = 16; -pub const CRYPTO_KIND_VLD0: CryptoKind = FourCC([b'V', b'L', b'D', b'0']); +const AEAD_OVERHEAD: usize = PUBLIC_KEY_LENGTH; +pub const CRYPTO_KIND_NONE: CryptoKind = FourCC([b'N', b'O', b'N', b'E']); -fn ed25519_to_x25519_pk(key: &ed::PublicKey) -> Result { - let bytes = key.to_bytes(); - let compressed = cd::edwards::CompressedEdwardsY(bytes); - let point = compressed - .decompress() - .ok_or_else(|| VeilidAPIError::internal("ed25519_to_x25519_pk failed"))?; - let mp = point.to_montgomery(); - Ok(xd::PublicKey::from(mp.to_bytes())) -} -fn ed25519_to_x25519_sk(key: &ed::SecretKey) -> Result { - let exp = ed::ExpandedSecretKey::from(key); - let bytes: [u8; ed::EXPANDED_SECRET_KEY_LENGTH] = exp.to_bytes(); - let lowbytes: [u8; 32] = bytes[0..32].try_into().map_err(VeilidAPIError::internal)?; - Ok(xd::StaticSecret::from(lowbytes)) -} - -pub fn vld0_generate_keypair() -> KeyPair { +pub fn none_generate_keypair() -> KeyPair { let mut csprng = VeilidRng {}; - let keypair = ed::Keypair::generate(&mut csprng); - let dht_key = PublicKey::new(keypair.public.to_bytes()); - let dht_key_secret = SecretKey::new(keypair.secret.to_bytes()); - + let mut pub_bytes = [0u8; PUBLIC_KEY_LENGTH]; + let mut sec_bytes = [0u8; SECRET_KEY_LENGTH]; + csprng.fill_bytes(&mut pub_bytes); + for n in 0..PUBLIC_KEY_LENGTH { + sec_bytes[n] = !pub_bytes[n]; + } + let dht_key = PublicKey::new(pub_bytes); + let dht_key_secret = SecretKey::new(sec_bytes); KeyPair::new(dht_key, dht_key_secret) } -/// V0 CryptoSystem +fn do_xor_32(a: &[u8], b: &[u8]) -> [u8; 32] { + let mut out = [0u8; 32]; + for n in 0..32 { + out[n] = a[n] ^ b[n]; + } + out +} + +fn do_xor_inplace(a: &mut [u8], key: &[u8]) { + for n in 0..a.len() { + a[n] ^= key[n % key.len()]; + } +} + +fn do_xor_b2b(a: &[u8], b: &mut [u8], key: &[u8]) { + for n in 0..a.len() { + b[n] = a[n] ^ key[n % key.len()]; + } +} + +fn is_bytes_eq_32(a: &[u8], v: u8) -> bool { + for n in 0..32 { + if a[n] != v { + return false; + } + } + true +} + +/// None CryptoSystem #[derive(Clone)] -pub struct CryptoSystemVLD0 { +pub struct CryptoSystemNONE { crypto: Crypto, } -impl CryptoSystemVLD0 { +impl CryptoSystemNONE { pub fn new(crypto: Crypto) -> Self { Self { crypto } } } -impl CryptoSystem for CryptoSystemVLD0 { +impl CryptoSystem for CryptoSystemNONE { // Accessors fn kind(&self) -> CryptoKind { - CRYPTO_KIND_VLD0 + CRYPTO_KIND_NONE } fn crypto(&self) -> Crypto { @@ -70,17 +76,17 @@ impl CryptoSystem for CryptoSystemVLD0 { secret: &SecretKey, ) -> Result { self.crypto - .cached_dh_internal::(self, key, secret) + .cached_dh_internal::(self, key, secret) } // Generation fn random_nonce(&self) -> Nonce { - let mut nonce = [0u8; 24]; + let mut nonce = [0u8; NONCE_LENGTH]; random_bytes(&mut nonce).unwrap(); Nonce::new(nonce) } fn random_shared_secret(&self) -> SharedSecret { - let mut s = [0u8; 32]; + let mut s = [0u8; SHARED_SECRET_LENGTH]; random_bytes(&mut s).unwrap(); SharedSecret::new(s) } @@ -89,14 +95,11 @@ impl CryptoSystem for CryptoSystemVLD0 { key: &PublicKey, secret: &SecretKey, ) -> Result { - let pk_ed = ed::PublicKey::from_bytes(&key.bytes).map_err(VeilidAPIError::internal)?; - let pk_xd = ed25519_to_x25519_pk(&pk_ed)?; - let sk_ed = ed::SecretKey::from_bytes(&secret.bytes).map_err(VeilidAPIError::internal)?; - let sk_xd = ed25519_to_x25519_sk(&sk_ed)?; - Ok(SharedSecret::new(sk_xd.diffie_hellman(&pk_xd).to_bytes())) + let s = do_xor_32(&key.bytes, &secret.bytes); + Ok(SharedSecret::new(s)) } fn generate_keypair(&self) -> KeyPair { - vld0_generate_keypair() + none_generate_keypair() } fn generate_hash(&self, data: &[u8]) -> PublicKey { PublicKey::new(*blake3::hash(data).as_bytes()) @@ -123,7 +126,6 @@ impl CryptoSystem for CryptoSystemVLD0 { } fn validate_hash(&self, data: &[u8], dht_key: &PublicKey) -> bool { let bytes = *blake3::hash(data).as_bytes(); - bytes == dht_key.bytes } fn validate_hash_reader( @@ -154,22 +156,21 @@ impl CryptoSystem for CryptoSystemVLD0 { dht_key_secret: &SecretKey, data: &[u8], ) -> Result { - let mut kpb: [u8; SECRET_KEY_LENGTH + PUBLIC_KEY_LENGTH] = - [0u8; SECRET_KEY_LENGTH + PUBLIC_KEY_LENGTH]; - - kpb[..SECRET_KEY_LENGTH].copy_from_slice(&dht_key_secret.bytes); - kpb[SECRET_KEY_LENGTH..].copy_from_slice(&dht_key.bytes); - let keypair = ed::Keypair::from_bytes(&kpb) - .map_err(|e| VeilidAPIError::parse_error("Keypair is invalid", e))?; + if !is_bytes_eq_32(&do_xor_32(&dht_key.bytes, &dht_key_secret.bytes), 0xFFu8) { + return Err(VeilidAPIError::parse_error( + "Keypair is invalid", + "invalid keys", + )); + } let mut dig = Blake3Digest512::new(); dig.update(data); - - let sig = keypair - .sign_prehashed(dig, None) - .map_err(VeilidAPIError::internal)?; - - let dht_sig = Signature::new(sig.to_bytes()); + let sig = dig.finalize(); + let in_sig_bytes: [u8; SIGNATURE_LENGTH] = sig.into(); + let mut sig_bytes = [0u8; SIGNATURE_LENGTH]; + sig_bytes[0..32].copy_from_slice(&in_sig_bytes[0..32]); + sig_bytes[32..64].copy_from_slice(&do_xor_32(&in_sig_bytes[32..64], &dht_key_secret.bytes)); + let dht_sig = Signature::new(sig_bytes.into()); Ok(dht_sig) } fn verify( @@ -178,16 +179,29 @@ impl CryptoSystem for CryptoSystemVLD0 { data: &[u8], signature: &Signature, ) -> Result<(), VeilidAPIError> { - let pk = ed::PublicKey::from_bytes(&dht_key.bytes) - .map_err(|e| VeilidAPIError::parse_error("Public key is invalid", e))?; - let sig = ed::Signature::from_bytes(&signature.bytes) - .map_err(|e| VeilidAPIError::parse_error("Signature is invalid", e))?; - let mut dig = Blake3Digest512::new(); dig.update(data); + let sig = dig.finalize(); + let in_sig_bytes: [u8; SIGNATURE_LENGTH] = sig.into(); + let mut verify_bytes = [0u8; SIGNATURE_LENGTH]; + verify_bytes[0..32] + .copy_from_slice(&do_xor_32(&in_sig_bytes[0..32], &signature.bytes[0..32])); + verify_bytes[32..64] + .copy_from_slice(&do_xor_32(&in_sig_bytes[32..64], &signature.bytes[32..64])); + + if !is_bytes_eq_32(&verify_bytes[0..32], 0u8) { + return Err(VeilidAPIError::parse_error( + "Verification failed", + "signature 0..32 is invalid", + )); + } + if !is_bytes_eq_32(&do_xor_32(&verify_bytes[32..64], &dht_key.bytes), 0xFFu8) { + return Err(VeilidAPIError::parse_error( + "Verification failed", + "signature 32..64 is invalid", + )); + } - pk.verify_prehashed(dig, None, &sig) - .map_err(|e| VeilidAPIError::parse_error("Verification failed", e))?; Ok(()) } @@ -200,14 +214,21 @@ impl CryptoSystem for CryptoSystemVLD0 { body: &mut Vec, nonce: &Nonce, shared_secret: &SharedSecret, - associated_data: Option<&[u8]>, + _associated_data: Option<&[u8]>, ) -> Result<(), VeilidAPIError> { - let key = ch::Key::from(shared_secret.bytes); - let xnonce = ch::XNonce::from(nonce.bytes); - let aead = ch::XChaCha20Poly1305::new(&key); - aead.decrypt_in_place(&xnonce, associated_data.unwrap_or(b""), body) - .map_err(map_to_string) - .map_err(VeilidAPIError::generic) + let mut blob = nonce.bytes.to_vec(); + blob.extend_from_slice(&[0u8; 8]); + let blob = do_xor_32(&blob, &shared_secret.bytes); + + if body.len() < AEAD_OVERHEAD { + return Err(VeilidAPIError::generic("invalid length")); + } + if &body[body.len() - AEAD_OVERHEAD..] != &blob { + return Err(VeilidAPIError::generic("invalid keyblob")); + } + body.truncate(body.len() - AEAD_OVERHEAD); + do_xor_inplace(body, &blob); + Ok(()) } fn decrypt_aead( @@ -229,15 +250,14 @@ impl CryptoSystem for CryptoSystemVLD0 { body: &mut Vec, nonce: &Nonce, shared_secret: &SharedSecret, - associated_data: Option<&[u8]>, + _associated_data: Option<&[u8]>, ) -> Result<(), VeilidAPIError> { - let key = ch::Key::from(shared_secret.bytes); - let xnonce = ch::XNonce::from(nonce.bytes); - let aead = ch::XChaCha20Poly1305::new(&key); - - aead.encrypt_in_place(&xnonce, associated_data.unwrap_or(b""), body) - .map_err(map_to_string) - .map_err(VeilidAPIError::generic) + let mut blob = nonce.bytes.to_vec(); + blob.extend_from_slice(&[0u8; 8]); + let blob = do_xor_32(&blob, &shared_secret.bytes); + do_xor_inplace(body, &blob); + body.append(&mut blob.to_vec()); + Ok(()) } fn encrypt_aead( @@ -261,8 +281,10 @@ impl CryptoSystem for CryptoSystemVLD0 { nonce: &Nonce, shared_secret: &SharedSecret, ) { - let mut cipher = XChaCha20::new(&shared_secret.bytes.into(), &nonce.bytes.into()); - cipher.apply_keystream(body); + let mut blob = nonce.bytes.to_vec(); + blob.extend_from_slice(&[0u8; 8]); + let blob = do_xor_32(&blob, &shared_secret.bytes); + do_xor_inplace(body, &blob); } fn crypt_b2b_no_auth( @@ -272,8 +294,10 @@ impl CryptoSystem for CryptoSystemVLD0 { nonce: &Nonce, shared_secret: &SharedSecret, ) { - let mut cipher = XChaCha20::new(&shared_secret.bytes.into(), &nonce.bytes.into()); - cipher.apply_keystream_b2b(in_buf, out_buf).unwrap(); + let mut blob = nonce.bytes.to_vec(); + blob.extend_from_slice(&[0u8; 8]); + let blob = do_xor_32(&blob, &shared_secret.bytes); + do_xor_b2b(in_buf, out_buf, &blob); } fn crypt_no_auth_aligned_8( diff --git a/veilid-core/src/crypto/tests/test_types.rs b/veilid-core/src/crypto/tests/test_types.rs index 739d0e5f..d61b1cff 100644 --- a/veilid-core/src/crypto/tests/test_types.rs +++ b/veilid-core/src/crypto/tests/test_types.rs @@ -55,20 +55,14 @@ pub async fn test_sign_and_verify(vcrypto: CryptoSystemVersion) { let a2 = vcrypto .sign(&dht_key2, &dht_key_secret2, LOREM_IPSUM.as_bytes()) .unwrap(); - let b1 = vcrypto + let _b1 = vcrypto .sign(&dht_key, &dht_key_secret2, LOREM_IPSUM.as_bytes()) - .unwrap(); - let b2 = vcrypto + .unwrap_err(); + let _b2 = vcrypto .sign(&dht_key2, &dht_key_secret, LOREM_IPSUM.as_bytes()) - .unwrap(); - assert_ne!(a1, b1); - assert_ne!(a2, b2); - assert_ne!(a1, b2); - assert_ne!(a2, b1); + .unwrap_err(); + assert_ne!(a1, a2); - assert_ne!(b1, b2); - assert_ne!(a1, b2); - assert_ne!(b1, a2); assert_eq!( vcrypto.verify(&dht_key, LOREM_IPSUM.as_bytes(), &a1), @@ -79,10 +73,10 @@ pub async fn test_sign_and_verify(vcrypto: CryptoSystemVersion) { Ok(()) ); assert!(vcrypto - .verify(&dht_key, LOREM_IPSUM.as_bytes(), &b1) + .verify(&dht_key, LOREM_IPSUM.as_bytes(), &a2) .is_err()); assert!(vcrypto - .verify(&dht_key2, LOREM_IPSUM.as_bytes(), &b2) + .verify(&dht_key2, LOREM_IPSUM.as_bytes(), &a1) .is_err()); // Try verifications that should work diff --git a/veilid-core/src/crypto/vld0/blake3digest512.rs b/veilid-core/src/crypto/vld0/blake3digest512.rs deleted file mode 100644 index 1db950af..00000000 --- a/veilid-core/src/crypto/vld0/blake3digest512.rs +++ /dev/null @@ -1,70 +0,0 @@ -use digest::generic_array::typenum::U64; -use digest::{Digest, Output}; -use generic_array::GenericArray; - -pub struct Blake3Digest512 { - dig: blake3::Hasher, -} - -impl Digest for Blake3Digest512 { - type OutputSize = U64; - - fn new() -> Self { - Self { - dig: blake3::Hasher::new(), - } - } - - fn update(&mut self, data: impl AsRef<[u8]>) { - self.dig.update(data.as_ref()); - } - - fn chain(mut self, data: impl AsRef<[u8]>) -> Self - where - Self: Sized, - { - self.update(data); - self - } - - fn finalize(self) -> Output { - let mut b = [0u8; 64]; - self.dig.finalize_xof().fill(&mut b); - let mut out = GenericArray::::default(); - for n in 0..64 { - out[n] = b[n]; - } - out - } - - fn finalize_reset(&mut self) -> Output { - let mut b = [0u8; 64]; - self.dig.finalize_xof().fill(&mut b); - let mut out = GenericArray::::default(); - for n in 0..64 { - out[n] = b[n]; - } - self.reset(); - out - } - - fn reset(&mut self) { - self.dig.reset(); - } - - fn output_size() -> usize { - 64 - } - - fn digest(data: &[u8]) -> Output { - let mut dig = blake3::Hasher::new(); - dig.update(data); - let mut b = [0u8; 64]; - dig.finalize_xof().fill(&mut b); - let mut out = GenericArray::::default(); - for n in 0..64 { - out[n] = b[n]; - } - out - } -} diff --git a/veilid-core/src/crypto/vld0/mod.rs b/veilid-core/src/crypto/vld0/mod.rs index fd2b42a4..c8539381 100644 --- a/veilid-core/src/crypto/vld0/mod.rs +++ b/veilid-core/src/crypto/vld0/mod.rs @@ -1,6 +1,3 @@ -pub mod blake3digest512; -pub use blake3digest512::*; - use super::*; use chacha20::cipher::{KeyIvInit, StreamCipher}; @@ -75,12 +72,12 @@ impl CryptoSystem for CryptoSystemVLD0 { // Generation fn random_nonce(&self) -> Nonce { - let mut nonce = [0u8; 24]; + let mut nonce = [0u8; NONCE_LENGTH]; random_bytes(&mut nonce).unwrap(); Nonce::new(nonce) } fn random_shared_secret(&self) -> SharedSecret { - let mut s = [0u8; 32]; + let mut s = [0u8; SHARED_SECRET_LENGTH]; random_bytes(&mut s).unwrap(); SharedSecret::new(s) } @@ -165,12 +162,15 @@ impl CryptoSystem for CryptoSystemVLD0 { let mut dig = Blake3Digest512::new(); dig.update(data); - let sig = keypair + let sig_bytes = keypair .sign_prehashed(dig, None) .map_err(VeilidAPIError::internal)?; - let dht_sig = Signature::new(sig.to_bytes()); - Ok(dht_sig) + let sig = Signature::new(sig_bytes.to_bytes()); + + self.verify(dht_key, &data, &sig)?; + + Ok(sig) } fn verify( &self, diff --git a/veilid-core/src/lib.rs b/veilid-core/src/lib.rs index 39f6bbae..f6cc2f76 100644 --- a/veilid-core/src/lib.rs +++ b/veilid-core/src/lib.rs @@ -35,7 +35,6 @@ mod veilid_layer_filter; pub use self::api_tracing_layer::ApiTracingLayer; pub use self::core_context::{api_startup, api_startup_json, UpdateCallback}; -pub use self::crypto::vld0_generate_keypair; pub use self::veilid_api::*; pub use self::veilid_config::*; pub use self::veilid_layer_filter::*; diff --git a/veilid-core/src/veilid_config.rs b/veilid-core/src/veilid_config.rs index b4e9aed5..ce5f07c5 100644 --- a/veilid-core/src/veilid_config.rs +++ b/veilid-core/src/veilid_config.rs @@ -919,8 +919,99 @@ impl VeilidConfig { Ok(()) } - // Get the node id from config if one is specified - // Must be done -after- protected store startup + #[cfg(not(test))] + async fn init_node_id( + &self, + vcrypto: CryptoSystemVersion, + protected_store: intf::ProtectedStore, + ) -> Result<(TypedKey, TypedSecret), VeilidAPIError> { + let ck = vcrypto.kind(); + let mut node_id = self.inner.read().network.routing_table.node_id.get(ck); + let mut node_id_secret = self + .inner + .read() + .network + .routing_table + .node_id_secret + .get(ck); + + // See if node id was previously stored in the protected store + if node_id.is_none() { + debug!("pulling node_id_{} from storage", ck); + if let Some(s) = protected_store + .load_user_secret_string(format!("node_id_{}", ck)) + .await + .map_err(VeilidAPIError::internal)? + { + debug!("node_id_{} found in storage", ck); + node_id = match TypedKey::from_str(s.as_str()) { + Ok(v) => Some(v), + Err(_) => { + debug!("node id in protected store is not valid"); + None + } + } + } else { + debug!("node_id_{} not found in storage", ck); + } + } + + // See if node id secret was previously stored in the protected store + if node_id_secret.is_none() { + debug!("pulling node id secret from storage"); + if let Some(s) = protected_store + .load_user_secret_string(format!("node_id_secret_{}", ck)) + .await + .map_err(VeilidAPIError::internal)? + { + debug!("node_id_secret_{} found in storage", ck); + node_id_secret = match TypedSecret::from_str(s.as_str()) { + Ok(v) => Some(v), + Err(_) => { + debug!("node id secret in protected store is not valid"); + None + } + } + } else { + debug!("node_id_secret_{} not found in storage", ck); + } + } + + // If we have a node id from storage, check it + let (node_id, node_id_secret) = + if let (Some(node_id), Some(node_id_secret)) = (node_id, node_id_secret) { + // Validate node id + if !vcrypto.validate_keypair(&node_id.value, &node_id_secret.value) { + apibail_generic!(format!( + "node_id_secret_{} and node_id_key_{} don't match", + ck, ck + )); + } + (node_id, node_id_secret) + } else { + // If we still don't have a valid node id, generate one + debug!("generating new node_id_{}", ck); + let kp = vcrypto.generate_keypair(); + (TypedKey::new(ck, kp.key), TypedSecret::new(ck, kp.secret)) + }; + info!("Node Id: {}", node_id); + + // Save the node id / secret in storage + protected_store + .save_user_secret_string(format!("node_id_{}", ck), node_id.to_string()) + .await + .map_err(VeilidAPIError::internal)?; + protected_store + .save_user_secret_string(format!("node_id_secret_{}", ck), node_id_secret.to_string()) + .await + .map_err(VeilidAPIError::internal)?; + + Ok((node_id, node_id_secret)) + } + + /// Get the node id from config if one is specified + /// Must be done -after- protected store startup + #[cfg_attr(test, allow(unused_variables))] pub async fn init_node_ids( &self, crypto: Crypto, @@ -934,88 +1025,14 @@ impl VeilidConfig { .get(ck) .expect("Valid crypto kind is not actually valid."); - let mut node_id = self.inner.read().network.routing_table.node_id.get(ck); - let mut node_id_secret = self - .inner - .read() - .network - .routing_table - .node_id_secret - .get(ck); - - // See if node id was previously stored in the protected store - if node_id.is_none() { - debug!("pulling node_id_{} from storage", ck); - if let Some(s) = protected_store - .load_user_secret_string(format!("node_id_{}", ck)) - .await - .map_err(VeilidAPIError::internal)? - { - debug!("node_id_{} found in storage", ck); - node_id = match TypedKey::from_str(s.as_str()) { - Ok(v) => Some(v), - Err(_) => { - debug!("node id in protected store is not valid"); - None - } - } - } else { - debug!("node_id_{} not found in storage", ck); - } - } - - // See if node id secret was previously stored in the protected store - if node_id_secret.is_none() { - debug!("pulling node id secret from storage"); - if let Some(s) = protected_store - .load_user_secret_string(format!("node_id_secret_{}", ck)) - .await - .map_err(VeilidAPIError::internal)? - { - debug!("node_id_secret_{} found in storage", ck); - node_id_secret = match TypedSecret::from_str(s.as_str()) { - Ok(v) => Some(v), - Err(_) => { - debug!("node id secret in protected store is not valid"); - None - } - } - } else { - debug!("node_id_secret_{} not found in storage", ck); - } - } - - // If we have a node id from storage, check it + #[cfg(test)] + let (node_id, node_id_secret) = { + let kp = vcrypto.generate_keypair(); + (TypedKey::new(ck, kp.key), TypedSecret::new(ck, kp.secret)) + }; + #[cfg(not(test))] let (node_id, node_id_secret) = - if let (Some(node_id), Some(node_id_secret)) = (node_id, node_id_secret) { - // Validate node id - if !vcrypto.validate_keypair(&node_id.value, &node_id_secret.value) { - apibail_generic!(format!( - "node_id_secret_{} and node_id_key_{} don't match", - ck, ck - )); - } - (node_id, node_id_secret) - } else { - // If we still don't have a valid node id, generate one - debug!("generating new node_id_{}", ck); - let kp = vcrypto.generate_keypair(); - (TypedKey::new(ck, kp.key), TypedSecret::new(ck, kp.secret)) - }; - info!("Node Id: {}", node_id); - - // Save the node id / secret in storage - protected_store - .save_user_secret_string(format!("node_id_{}", ck), node_id.to_string()) - .await - .map_err(VeilidAPIError::internal)?; - protected_store - .save_user_secret_string( - format!("node_id_secret_{}", ck), - node_id_secret.to_string(), - ) - .await - .map_err(VeilidAPIError::internal)?; + self.init_node_id(vcrypto, protected_store.clone()).await?; // Save for config out_node_id.add(node_id); From 894acc18e351fea1e1b8730d0d916c8c49725b1c Mon Sep 17 00:00:00 2001 From: John Smith Date: Mon, 13 Mar 2023 16:43:07 -0400 Subject: [PATCH 2/7] xfer --- veilid-cli/Cargo.toml | 2 +- veilid-core/src/crypto/types/crypto_typed_set.rs | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/veilid-cli/Cargo.toml b/veilid-cli/Cargo.toml index 92fccf4e..3a9ad7b6 100644 --- a/veilid-cli/Cargo.toml +++ b/veilid-cli/Cargo.toml @@ -43,7 +43,7 @@ flexi_logger = { version = "^0", features = ["use_chrono_for_offset"] } thiserror = "^1" crossbeam-channel = "^0" hex = "^0" -veilid-core = { path = "../veilid-core", default_features = false } +veilid-core = { path = "../veilid-core" } json = "^0" [dev-dependencies] diff --git a/veilid-core/src/crypto/types/crypto_typed_set.rs b/veilid-core/src/crypto/types/crypto_typed_set.rs index e1edbe01..19932b67 100644 --- a/veilid-core/src/crypto/types/crypto_typed_set.rs +++ b/veilid-core/src/crypto/types/crypto_typed_set.rs @@ -195,9 +195,10 @@ where write!(f, "[")?; let mut first = true; for x in &self.items { - if !first { - write!(f, ",")?; + if first { first = false; + } else { + write!(f, ",")?; } write!(f, "{}", x)?; } From dae2e7c10f37e43b55020024611729d7d09a250b Mon Sep 17 00:00:00 2001 From: John Smith Date: Mon, 13 Mar 2023 17:57:51 -0400 Subject: [PATCH 3/7] xfer --- veilid-core/Cargo.toml | 3 ++- veilid-flutter/rust/Cargo.toml | 5 +++-- veilid-server/Cargo.toml | 6 ++++-- veilid-wasm/Cargo.toml | 7 ++++++- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/veilid-core/Cargo.toml b/veilid-core/Cargo.toml index 926c0fd2..66d2aa04 100644 --- a/veilid-core/Cargo.toml +++ b/veilid-core/Cargo.toml @@ -10,7 +10,8 @@ license = "LGPL-2.0-or-later OR MPL-2.0 OR (MIT AND BSD-3-Clause)" crate-type = ["cdylib", "staticlib", "rlib"] [features] -default = [ "enable-crypto-none", "enable-crypto-vld0" ] +default = [ "enable-crypto-vld0" ] +crypto-test = [ "enable-crypto-vld0", "enable-crypto-none" ] enable-crypto-vld0 = [] enable-crypto-none = [] rt-async-std = ["async-std", "async-std-resolver", "async_executors/async_std", "rtnetlink?/smol_socket", "veilid-tools/rt-async-std"] diff --git a/veilid-flutter/rust/Cargo.toml b/veilid-flutter/rust/Cargo.toml index 933a37df..8b8b0773 100644 --- a/veilid-flutter/rust/Cargo.toml +++ b/veilid-flutter/rust/Cargo.toml @@ -7,12 +7,13 @@ edition = "2021" crate-type = ["cdylib", "staticlib", "rlib"] [features] -default = [ "rt-tokio" ] +default = [ "rt-tokio", "veilid-core/default" ] +crypto-test = [ "rt-tokio", "veilid-core/crypto-test"] rt-async-std = [ "veilid-core/rt-async-std", "async-std", "opentelemetry/rt-async-std", "opentelemetry-otlp/grpc-sys"] rt-tokio = [ "veilid-core/rt-tokio", "tokio", "tokio-stream", "tokio-util", "opentelemetry/rt-tokio"] [dependencies] -veilid-core = { path="../../veilid-core" } +veilid-core = { path="../../veilid-core", default-features = false } tracing = { version = "^0", features = ["log", "attributes"] } tracing-subscriber = "^0" parking_lot = "^0" diff --git a/veilid-server/Cargo.toml b/veilid-server/Cargo.toml index 9a31f676..72664670 100644 --- a/veilid-server/Cargo.toml +++ b/veilid-server/Cargo.toml @@ -11,13 +11,15 @@ name = "veilid-server" path = "src/main.rs" [features] -default = [ "rt-tokio" ] +default = [ "rt-tokio", "veilid-core/default" ] +crypto-test = [ "rt-tokio", "veilid-core/crypto-test"] + rt-async-std = [ "veilid-core/rt-async-std", "async-std", "opentelemetry/rt-async-std", "opentelemetry-otlp/grpc-sys" ] rt-tokio = [ "veilid-core/rt-tokio", "tokio", "tokio-stream", "tokio-util", "opentelemetry/rt-tokio", "console-subscriber" ] tracking = [ "veilid-core/tracking" ] [dependencies] -veilid-core = { path = "../veilid-core" } +veilid-core = { path = "../veilid-core", default-features = false } tracing = { version = "^0", features = ["log", "attributes"] } tracing-subscriber = { version = "^0", features = ["env-filter"] } tracing-appender = "^0" diff --git a/veilid-wasm/Cargo.toml b/veilid-wasm/Cargo.toml index 2d21b445..b253fbf1 100644 --- a/veilid-wasm/Cargo.toml +++ b/veilid-wasm/Cargo.toml @@ -8,8 +8,13 @@ license = "LGPL-2.0-or-later OR MPL-2.0 OR (MIT AND BSD-3-Clause)" [lib] crate-type = ["cdylib", "rlib"] + +[features] +default = [ "veilid-core/rt-tokio", "veilid-core/default" ] +crypto-test = [ "veilid-core/rt-tokio", "veilid-core/crypto-test"] + [dependencies] -veilid-core = { path = "../veilid-core" } +veilid-core = { path = "../veilid-core", default-features = false } tracing = { version = "^0", features = ["log", "attributes"] } tracing-wasm = "^0" From df931a93294ccd6fd573a4df78666f261180f0de Mon Sep 17 00:00:00 2001 From: John Smith Date: Mon, 13 Mar 2023 20:59:57 -0400 Subject: [PATCH 4/7] fixes --- veilid-core/src/routing_table/debug.rs | 17 ++++------------- veilid-core/src/veilid_api/debug.rs | 7 ++----- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/veilid-core/src/routing_table/debug.rs b/veilid-core/src/routing_table/debug.rs index a3409bb3..6b4772e9 100644 --- a/veilid-core/src/routing_table/debug.rs +++ b/veilid-core/src/routing_table/debug.rs @@ -108,18 +108,16 @@ impl RoutingTable { out } - pub(crate) fn debug_info_entries(&self, limit: usize, min_state: BucketEntryState) -> String { + pub(crate) fn debug_info_entries(&self, min_state: BucketEntryState) -> String { let inner = self.inner.read(); let inner = &*inner; let cur_ts = get_aligned_timestamp(); let mut out = String::new(); - let mut b = 0; - let mut cnt = 0; out += &format!("Entries: {}\n", inner.bucket_entry_count()); - for ck in &VALID_CRYPTO_KINDS { + let mut b = 0; let blen = inner.buckets[ck].len(); while b < blen { let filtered_entries: Vec<(&PublicKey, &Arc)> = inner.buckets[ck][b] @@ -142,14 +140,6 @@ impl RoutingTable { BucketEntryState::Dead => "D", } ); - - cnt += 1; - if cnt >= limit { - break; - } - } - if cnt >= limit { - break; } } b += 1; @@ -174,12 +164,13 @@ impl RoutingTable { const COLS: usize = 16; out += "Buckets:\n"; for ck in &VALID_CRYPTO_KINDS { + out += &format!(" {}:\n", ck); let rows = inner.buckets[ck].len() / COLS; let mut r = 0; let mut b = 0; while r < rows { let mut c = 0; - out += format!(" {:>3}: ", b).as_str(); + out += format!(" {:>3}: ", b).as_str(); while c < COLS { let mut cnt = 0; for e in inner.buckets[ck][b].entries() { diff --git a/veilid-core/src/veilid_api/debug.rs b/veilid-core/src/veilid_api/debug.rs index db5faee7..c744fa3b 100644 --- a/veilid-core/src/veilid_api/debug.rs +++ b/veilid-core/src/veilid_api/debug.rs @@ -360,12 +360,9 @@ impl VeilidAPI { let args: Vec = args.split_whitespace().map(|s| s.to_owned()).collect(); let mut min_state = BucketEntryState::Unreliable; - let mut limit = 20; for arg in args { if let Some(ms) = get_bucket_entry_state(&arg) { min_state = ms; - } else if let Some(lim) = get_number(&arg) { - limit = lim; } else { apibail_invalid_argument!("debug_entries", "unknown", arg); } @@ -373,7 +370,7 @@ impl VeilidAPI { // Dump routing table entries let routing_table = self.network_manager()?.routing_table(); - Ok(routing_table.debug_info_entries(limit, min_state)) + Ok(routing_table.debug_info_entries(min_state)) } async fn debug_entry(&self, args: String) -> Result { @@ -881,7 +878,7 @@ impl VeilidAPI { help buckets [dead|reliable] dialinfo - entries [dead|reliable] [limit] + entries [dead|reliable] entry nodeinfo config [key [new value]] From e91044e33de52ac406006f7a174177e89d4f4da8 Mon Sep 17 00:00:00 2001 From: John Smith Date: Tue, 14 Mar 2023 14:52:02 -0400 Subject: [PATCH 5/7] crash fixes --- veilid-core/Cargo.toml | 1 + veilid-core/src/routing_table/bucket_entry.rs | 18 ++++++-- veilid-core/src/routing_table/mod.rs | 6 +++ .../src/routing_table/routing_table_inner.rs | 46 +++++++++++++------ veilid-server/Cargo.toml | 1 + 5 files changed, 54 insertions(+), 18 deletions(-) diff --git a/veilid-core/Cargo.toml b/veilid-core/Cargo.toml index 66d2aa04..d9c064d8 100644 --- a/veilid-core/Cargo.toml +++ b/veilid-core/Cargo.toml @@ -12,6 +12,7 @@ crate-type = ["cdylib", "staticlib", "rlib"] [features] default = [ "enable-crypto-vld0" ] crypto-test = [ "enable-crypto-vld0", "enable-crypto-none" ] +crypto-test-none = [ "enable-crypto-none" ] enable-crypto-vld0 = [] enable-crypto-none = [] rt-async-std = ["async-std", "async-std-resolver", "async_executors/async_std", "rtnetlink?/smol_socket", "veilid-tools/rt-async-std"] diff --git a/veilid-core/src/routing_table/bucket_entry.rs b/veilid-core/src/routing_table/bucket_entry.rs index 1c7d46df..c94577dd 100644 --- a/veilid-core/src/routing_table/bucket_entry.rs +++ b/veilid-core/src/routing_table/bucket_entry.rs @@ -126,19 +126,27 @@ impl BucketEntryInner { pub fn node_ids(&self) -> TypedKeySet { self.node_ids.clone() } + /// Add a node id for a particular crypto kind. - /// Returns any previous existing node id associated with that crypto kind - pub fn add_node_id(&mut self, node_id: TypedKey) -> Option { + /// Returns Ok(Some(node)) any previous existing node id associated with that crypto kind + /// Returns Ok(None) if no previous existing node id was associated with that crypto kind + /// Results Err() if this operation would add more crypto kinds than we support + pub fn add_node_id(&mut self, node_id: TypedKey) -> EyreResult> { if let Some(old_node_id) = self.node_ids.get(node_id.kind) { // If this was already there we do nothing if old_node_id == node_id { - return None; + return Ok(None); } + // Won't change number of crypto kinds self.node_ids.add(node_id); - return Some(old_node_id); + return Ok(Some(old_node_id)); + } + // Check to ensure we aren't adding more crypto kinds than we support + if self.node_ids.len() == MAX_CRYPTO_KINDS { + bail!("too many crypto kinds for this node"); } self.node_ids.add(node_id); - None + Ok(None) } pub fn best_node_id(&self) -> TypedKey { self.node_ids.best().unwrap() diff --git a/veilid-core/src/routing_table/mod.rs b/veilid-core/src/routing_table/mod.rs index 60e7dfc4..01381d0e 100644 --- a/veilid-core/src/routing_table/mod.rs +++ b/veilid-core/src/routing_table/mod.rs @@ -590,6 +590,12 @@ impl RoutingTable { fn queue_bucket_kicks(&self, node_ids: TypedKeySet) { for node_id in node_ids.iter() { + // Skip node ids we didn't add to buckets + if !VALID_CRYPTO_KINDS.contains(&node_id.kind) { + continue; + } + + // Put it in the kick queue let x = self.unlocked_inner.calculate_bucket_index(node_id); self.unlocked_inner.kick_queue.lock().insert(x); } diff --git a/veilid-core/src/routing_table/routing_table_inner.rs b/veilid-core/src/routing_table/routing_table_inner.rs index 40f2f30d..de736853 100644 --- a/veilid-core/src/routing_table/routing_table_inner.rs +++ b/veilid-core/src/routing_table/routing_table_inner.rs @@ -604,21 +604,33 @@ impl RoutingTableInner { } // Update buckets with new node ids we may have learned belong to this entry - fn update_bucket_entries(&mut self, entry: Arc, node_ids: &[TypedKey]) { + fn update_bucket_entries( + &mut self, + entry: Arc, + node_ids: &[TypedKey], + ) -> EyreResult<()> { entry.with_mut_inner(|e| { let existing_node_ids = e.node_ids(); for node_id in node_ids { - if !existing_node_ids.contains(node_id) { - // Add new node id to entry - if let Some(old_node_id) = e.add_node_id(*node_id) { - // Remove any old node id for this crypto kind + // Skip node ids that exist already + if existing_node_ids.contains(node_id) { + continue; + } + + // Add new node id to entry + let ck = node_id.kind; + if let Some(old_node_id) = e.add_node_id(*node_id)? { + // Remove any old node id for this crypto kind + if VALID_CRYPTO_KINDS.contains(&ck) { let bucket_index = self.unlocked_inner.calculate_bucket_index(&old_node_id); let bucket = self.get_bucket_mut(bucket_index); bucket.remove_entry(&old_node_id.value); self.unlocked_inner.kick_queue.lock().insert(bucket_index); } + } - // Bucket the entry appropriately + // Bucket the entry appropriately + if VALID_CRYPTO_KINDS.contains(&ck) { let bucket_index = self.unlocked_inner.calculate_bucket_index(node_id); let bucket = self.get_bucket_mut(bucket_index); bucket.add_existing_entry(node_id.value, entry.clone()); @@ -627,6 +639,7 @@ impl RoutingTableInner { self.unlocked_inner.kick_queue.lock().insert(bucket_index); } } + Ok(()) }) } @@ -636,7 +649,7 @@ impl RoutingTableInner { fn create_node_ref( &mut self, outer_self: RoutingTable, - node_ids: &[TypedKey], + node_ids: &TypedKeySet, update_func: F, ) -> Option where @@ -651,11 +664,12 @@ impl RoutingTableInner { // Look up all bucket entries and make sure we only have zero or one // If we have more than one, pick the one with the best cryptokind to add node ids to let mut best_entry: Option> = None; - for node_id in node_ids { + for node_id in node_ids.iter() { + // Ignore node ids we don't support if !VALID_CRYPTO_KINDS.contains(&node_id.kind) { - log_rtab!(error "can't look up node id with invalid crypto kind"); - return None; + continue; } + // Find the first in crypto sort order let bucket_index = self.unlocked_inner.calculate_bucket_index(node_id); let bucket = self.get_bucket(bucket_index); if let Some(entry) = bucket.entry(&node_id.value) { @@ -673,7 +687,10 @@ impl RoutingTableInner { // If the entry does exist already, update it if let Some(best_entry) = best_entry { // Update the entry with all of the node ids - self.update_bucket_entries(best_entry.clone(), node_ids); + if let Err(e) = self.update_bucket_entries(best_entry.clone(), node_ids) { + log_rtab!(debug "Not registering new ids for existing node: {}", e); + return None; + } // Make a noderef to return let nr = NodeRef::new(outer_self.clone(), best_entry.clone(), None); @@ -694,7 +711,10 @@ impl RoutingTableInner { self.unlocked_inner.kick_queue.lock().insert(bucket_entry); // Update the other bucket entries with the remaining node ids - self.update_bucket_entries(new_entry.clone(), node_ids); + if let Err(e) = self.update_bucket_entries(new_entry.clone(), node_ids) { + log_rtab!(debug "Not registering new node: {}", e); + return None; + } // Make node ref to return let nr = NodeRef::new(outer_self.clone(), new_entry.clone(), None); @@ -832,7 +852,7 @@ impl RoutingTableInner { descriptor: ConnectionDescriptor, timestamp: Timestamp, ) -> Option { - let out = self.create_node_ref(outer_self, &[node_id], |_rti, e| { + let out = self.create_node_ref(outer_self, &TypedKeySet::from(node_id), |_rti, e| { // this node is live because it literally just connected to us e.touch_last_seen(timestamp); }); diff --git a/veilid-server/Cargo.toml b/veilid-server/Cargo.toml index 72664670..67f85e66 100644 --- a/veilid-server/Cargo.toml +++ b/veilid-server/Cargo.toml @@ -13,6 +13,7 @@ path = "src/main.rs" [features] default = [ "rt-tokio", "veilid-core/default" ] crypto-test = [ "rt-tokio", "veilid-core/crypto-test"] +crypto-test-none = [ "rt-tokio", "veilid-core/crypto-test-none"] rt-async-std = [ "veilid-core/rt-async-std", "async-std", "opentelemetry/rt-async-std", "opentelemetry-otlp/grpc-sys" ] rt-tokio = [ "veilid-core/rt-tokio", "tokio", "tokio-stream", "tokio-util", "opentelemetry/rt-tokio", "console-subscriber" ] From ce1eca606cfb643e06788cc9556105aa045c45b9 Mon Sep 17 00:00:00 2001 From: John Smith Date: Tue, 14 Mar 2023 17:44:32 -0400 Subject: [PATCH 6/7] xfer --- veilid-cli/src/peers_table_view.rs | 20 +++----------------- veilid-cli/src/ui.rs | 2 +- veilid-core/src/network_manager/mod.rs | 2 +- veilid-core/src/veilid_api/types.rs | 2 +- 4 files changed, 6 insertions(+), 20 deletions(-) diff --git a/veilid-cli/src/peers_table_view.rs b/veilid-cli/src/peers_table_view.rs index 82593c71..41992584 100644 --- a/veilid-cli/src/peers_table_view.rs +++ b/veilid-cli/src/peers_table_view.rs @@ -52,8 +52,8 @@ impl TableViewItem for PeerTableData { match column { PeerTableColumn::NodeId => self .node_ids - .best() - .map(|n| n.value.encode()) + .first() + .cloned() .unwrap_or_else(|| "???".to_owned()), PeerTableColumn::Address => format!( "{:?}:{}", @@ -78,21 +78,7 @@ impl TableViewItem for PeerTableData { Self: Sized, { match column { - PeerTableColumn::NodeId => { - let n1 = self - .node_ids - .best() - .map(|n| n.value.encode()) - .unwrap_or_else(|| "???".to_owned()); - - let n2 = other - .node_ids - .best() - .map(|n| n.value.encode()) - .unwrap_or_else(|| "???".to_owned()); - - n1.cmp(&n2) - } + PeerTableColumn::NodeId => self.to_column(column).cmp(&other.to_column(column)), PeerTableColumn::Address => self.to_column(column).cmp(&other.to_column(column)), PeerTableColumn::LatencyAvg => self .peer_stats diff --git a/veilid-cli/src/ui.rs b/veilid-cli/src/ui.rs index 793e71cf..0d217823 100644 --- a/veilid-cli/src/ui.rs +++ b/veilid-cli/src/ui.rs @@ -753,7 +753,7 @@ impl UI { .full_screen(); let peers_table_view = PeersTableView::new() - .column(PeerTableColumn::NodeId, "Node Id", |c| c.width(43)) + .column(PeerTableColumn::NodeId, "Node Id", |c| c.width(48)) .column(PeerTableColumn::Address, "Address", |c| c) .column(PeerTableColumn::LatencyAvg, "Ping", |c| c.width(8)) .column(PeerTableColumn::TransferDownAvg, "Down", |c| c.width(8)) diff --git a/veilid-core/src/network_manager/mod.rs b/veilid-core/src/network_manager/mod.rs index 5884c69a..a01b5bdd 100644 --- a/veilid-core/src/network_manager/mod.rs +++ b/veilid-core/src/network_manager/mod.rs @@ -1551,7 +1551,7 @@ impl NetworkManager { if let Some(nr) = routing_table.lookup_node_ref(k) { let peer_stats = nr.peer_stats(); let peer = PeerTableData { - node_ids: nr.node_ids(), + node_ids: nr.node_ids().iter().map(|x| x.to_string()).collect(), peer_address: v.last_connection.remote(), peer_stats, }; diff --git a/veilid-core/src/veilid_api/types.rs b/veilid-core/src/veilid_api/types.rs index 57bfd6d1..73abb9a7 100644 --- a/veilid-core/src/veilid_api/types.rs +++ b/veilid-core/src/veilid_api/types.rs @@ -267,7 +267,7 @@ pub struct VeilidStateAttachment { )] #[archive_attr(repr(C), derive(CheckBytes))] pub struct PeerTableData { - pub node_ids: TypedKeySet, + pub node_ids: Vec, pub peer_address: PeerAddress, pub peer_stats: PeerStats, } From bf55baa0522d6d39ef2f99d34a122ba2fa286536 Mon Sep 17 00:00:00 2001 From: John Smith Date: Tue, 14 Mar 2023 23:48:16 +0000 Subject: [PATCH 7/7] fix --- veilid-core/src/rpc_processor/rpc_route.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/veilid-core/src/rpc_processor/rpc_route.rs b/veilid-core/src/rpc_processor/rpc_route.rs index 5ba33922..14ddccc8 100644 --- a/veilid-core/src/rpc_processor/rpc_route.rs +++ b/veilid-core/src/rpc_processor/rpc_route.rs @@ -150,8 +150,10 @@ impl RPCProcessor { remote_sr_pubkey: TypedKey, pr_pubkey: TypedKey, ) -> Result, RPCError> { - // Get sender id - let sender_id = detail.envelope.get_sender_id(); + // Get sender id of the peer with the crypto kind of the route + let Some(sender_id) = detail.peer_noderef.node_ids().get(pr_pubkey.kind) else { + return Ok(NetworkResult::invalid_message("route node doesnt have a required crypto kind for routed operation")); + }; // Look up the private route and ensure it's one in our spec store // Ensure the route is validated, and construct a return safetyspec that matches the inbound preferences @@ -162,7 +164,7 @@ impl RPCProcessor { &pr_pubkey, &routed_operation.signatures, &routed_operation.data, - sender_id, + sender_id.value, |rssd, rsd| { ( rsd.secret_key,