don't overwrite our RC, hide parameter.

6 years ago · b23dab09fb
parent 0f97494998
commit b23dab09fb
11 changed files with 136 additions and 65 deletions
--- a/2
+++ b/2
@ -97,7 +97,7 @@ shared: shared-configure
 testnet: 
 	cp $(EXE) $(TESTNET_EXE)
 	mkdir -p $(TESTNET_ROOT)
-	python3 contrib/testnet/genconf.py --bin=$(TESTNET_EXE) --svc=$(TESTNET_SERVERS) --clients=$(TESTNET_CLIENTS) --dir=$(TESTNET_ROOT) --out $(TESTNET_CONF)
+	python3 contrib/testnet/genconf.py --bin=$(TESTNET_EXE) --svc=$(TESTNET_SERVERS) --clients=$(TESTNET_CLIENTS) --dir=$(TESTNET_ROOT) --out $(TESTNET_CONF) --connect=3
 	LLARP_DEBUG=$(TESTNET_DEBUG) supervisord -n -d $(TESTNET_ROOT) -l $(TESTNET_LOG) -c $(TESTNET_CONF)

 test: debug
--- a/include/llarp/dht/context.hpp
+++ b/include/llarp/dht/context.hpp
@ -69,11 +69,15 @@ namespace llarp
      std::vector< V > valuesFound;
      TXOwner whoasked;

+      virtual bool
+      Validate(const V& value) const = 0;
+
      void
      OnFound(const Key_t& askedPeer, const V& value)
      {
        peersAsked.insert(askedPeer);
-        valuesFound.push_back(value);
+        if(Validate(value))
+          valuesFound.push_back(value);
      }

      virtual void
@ -116,6 +120,9 @@ namespace llarp
      Context();
      ~Context();

+      llarp_crypto*
+      Crypto();
+
      /// on behalf of whoasked request introset for target from dht router with
      /// key askpeer
      void
--- a/include/llarp/router_contact.hpp
+++ b/include/llarp/router_contact.hpp
@ -33,13 +33,13 @@ namespace llarp
    }

    // advertised addresses
-    std::vector< AddressInfo > addrs = {};
+    std::vector< AddressInfo > addrs;
    // public encryption public key
    llarp::PubKey enckey;
    // public signing public key
    llarp::PubKey pubkey;
    // advertised exits
-    std::vector< ExitInfo > exits = {};
+    std::vector< ExitInfo > exits;
    // signature
    llarp::Signature signature;
    /// node nickname, yw kee
--- a/include/llarp/service/IntroSet.hpp
+++ b/include/llarp/service/IntroSet.hpp
@ -28,7 +28,7 @@ namespace llarp

      IntroSet() = default;

-      IntroSet(const IntroSet&& other)
+      IntroSet(IntroSet&& other)
      {
        A       = std::move(other.A);
        I       = std::move(other.I);
@ -136,4 +136,4 @@ namespace llarp
  }  // namespace service
 }  // namespace llarp

-#endif
+#endif
--- a/llarp/address_info.cpp
+++ b/llarp/address_info.cpp
@ -75,14 +75,7 @@ namespace llarp
    // encryption public key
    if(llarp_buffer_eq(key, "e"))
    {
-      if(!bencode_read_string(buf, &strbuf))
-        return false;
-
-      if(strbuf.sz != PUBKEYSIZE)
-        return false;
-
-      pubkey = strbuf.base;
-      return true;
+      return pubkey.BDecode(buf);
    }

    // ip address
--- a/llarp/dht/context.cpp
+++ b/llarp/dht/context.cpp
@ -46,6 +46,13 @@ namespace llarp
      {
      }

+      bool
+      Validate(const RouterID &) const
+      {
+        // TODO: check with lokid
+        return true;
+      }
+
      void
      Start(const TXOwner &peer)
      {
@ -70,13 +77,9 @@ namespace llarp
        llarp::LogInfo("got ", valuesFound.size(), " routers from exploration");
        for(const auto &pk : valuesFound)
        {
-          RouterContact rc;
-          if(!llarp_nodedb_get_rc(parent->router->nodedb, pk, rc))
-          {
-            // try connecting to it we don't know it
-            // this triggers a dht lookup
-            parent->router->TryEstablishTo(pk);
-          }
+          // try connecting to it we don't know it
+          // this triggers a dht lookup
+          parent->router->TryEstablishTo(pk);
        }
      }
    };
@ -192,7 +195,7 @@ namespace llarp
      {
        // we are the target, give them our RC
        replies.emplace_back(
-            new GotRouterMessage(requester, txid, {router->rc}, false));
+            new GotRouterMessage(requester, txid, {router->rc()}, false));
        return;
      }
      Key_t next;
@ -322,6 +325,23 @@ namespace llarp
        peersAsked.insert(ctx->OurKey());
      }

+      bool
+      Validate(const service::IntroSet &value) const
+      {
+        if(!value.VerifySignature(parent->Crypto()))
+        {
+          llarp::LogWarn(
+              "Got introset with invalid signature from service lookup");
+          return false;
+        }
+        if(value.A.Addr() != target)
+        {
+          llarp::LogWarn("got introset with wrong target from service lookup");
+          return false;
+        }
+        return true;
+      }
+
      void
      DoNextRequest(const Key_t &nextPeer)
      {
@ -444,6 +464,18 @@ namespace llarp
      {
      }

+      bool
+      Validate(const service::IntroSet &introset) const
+      {
+        if(I.A != introset.A)
+        {
+          llarp::LogWarn(
+              "publish introset acknoledgement acked a different service");
+          return false;
+        }
+        return true;
+      }
+
      void
      Start(const TXOwner &peer)
      {
@ -522,6 +554,22 @@ namespace llarp
      {
      }

+      bool
+      Validate(const service::IntroSet &introset) const
+      {
+        if(!introset.VerifySignature(parent->Crypto()))
+        {
+          llarp::LogWarn("got introset from tag lookup with invalid signature");
+          return false;
+        }
+        if(introset.topic != target)
+        {
+          llarp::LogWarn("got introset with missmatched topic in tag lookup");
+          return false;
+        }
+        return true;
+      }
+
      void
      Start(const TXOwner &peer)
      {
@ -611,6 +659,17 @@ namespace llarp
        peersAsked.insert(ctx->OurKey());
      }

+      bool
+      Validate(const RouterContact &rc) const
+      {
+        if(!rc.VerifySignature(parent->Crypto()))
+        {
+          llarp::LogWarn("rc has invalid signature from lookup result");
+          return false;
+        }
+        return true;
+      }
+
      bool
      GetNextPeer(Key_t &next, const std::set< Key_t > &exclude)
      {
@ -631,12 +690,6 @@ namespace llarp
            new FindRouterMessage(parent->OurKey(), target, peer.txid));
      }

-      void
-      SendTo(const Key_t &peer, IMessage *msg) const
-      {
-        return parent->DHTSendTo(peer, msg);
-      }
-
      virtual void
      SendReply()
      {
@ -717,5 +770,11 @@ namespace llarp
      tx->Start(peer);
    }

+    llarp_crypto *
+    Context::Crypto()
+    {
+      return &router->crypto;
+    }
+
  }  // namespace dht
 }  // namespace llarp
--- a/llarp/dht/find_router.cpp
+++ b/llarp/dht/find_router.cpp
@ -22,7 +22,7 @@ namespace llarp
        if(path)
        {
          replies.emplace_back(
-              new GotRouterMessage(K.data(), txid, {dht.router->rc}, false));
+              new GotRouterMessage(K.data(), txid, {dht.router->rc()}, false));
          return true;
        }
        return false;
--- a/llarp/link/utp.cpp
+++ b/llarp/link/utp.cpp
@ -167,14 +167,12 @@ namespace llarp
      OutboundLinkEstablished(LinkLayer* p)
      {
        OnLinkEstablished(p);
-        KeyExchangeNonce nonce;
-        nonce.Randomize();
-        OutboundHandshake(nonce);
+        OutboundHandshake();
      }

      // send first message
      void
-      OutboundHandshake(const KeyExchangeNonce& n);
+      OutboundHandshake();

      // mix keys
      bool
@ -561,7 +559,7 @@ namespace llarp
        : BaseSession(p)
    {
      p->router->crypto.shorthash(sessionKey,
-                                  ConstBuffer(p->router->rc.pubkey));
+                                  InitBuffer(p->router->pubkey(), PUBKEYSIZE));
      remoteRC.Clear();
      sock = s;
      assert(s == sock);
@ -602,16 +600,24 @@ namespace llarp
    }

    void
-    BaseSession::OutboundHandshake(const KeyExchangeNonce& n)
+    BaseSession::OutboundHandshake()
    {
+      // set session key
      Router()->crypto.shorthash(sessionKey, ConstBuffer(remoteRC.pubkey));

      byte_t tmp[LinkIntroMessage::MaxSize];
      auto buf = StackBuffer< decltype(tmp) >(tmp);
+      // build our RC
      LinkIntroMessage msg;
-      msg.rc = Router()->rc;
-      msg.N  = n;
-      msg.P  = DefaultLinkSessionLifetime;
+      msg.rc = Router()->rc();
+      if(!msg.rc.VerifySignature(&Router()->crypto))
+      {
+        llarp::LogError("our RC is invalid? closing session to", remoteAddr);
+        Close();
+        return;
+      }
+      msg.N.Randomize();
+      msg.P = DefaultLinkSessionLifetime;
      if(!msg.Sign(&Router()->crypto, Router()->identity))
      {
        llarp::LogError("failed to sign LIM for outbound handshake to ",
@ -643,9 +649,9 @@ namespace llarp
        llarp::LogError("failed to mix keys for outbound session to ",
                        remoteAddr);
        Close();
+        return;
      }
-      else
-        EnterState(eSessionReady);
+      EnterState(eSessionReady);
    }

    llarp_router*
--- a/llarp/router.cpp
+++ b/llarp/router.cpp
@ -93,7 +93,7 @@ llarp_router_try_connect(struct llarp_router *router,
      std::make_unique< TryConnectJob >(remote, link, numretries, router)));
  TryConnectJob *job = itr.first->second.get();
  // try establishing async
-  job->Attempt();
+  llarp_logic_queue_job(router->logic, {job, &on_try_connecting});
  return true;
 }

@ -175,11 +175,12 @@ llarp_router::SendToOrQueue(const llarp::RouterID &remote,
  q.emplace(buf.sz);
  memcpy(q.back().data(), buf.base, buf.sz);

+  llarp::RouterContact remoteRC;
  // we don't have an open session to that router right now
-  if(llarp_nodedb_get_rc(nodedb, remote, rc))
+  if(llarp_nodedb_get_rc(nodedb, remote, remoteRC))
  {
    // try connecting directly as the rc is loaded from disk
-    llarp_router_try_connect(this, rc, 10);
+    llarp_router_try_connect(this, remoteRC, 10);
    return true;
  }

@ -264,13 +265,13 @@ bool
 llarp_router::SaveRC()
 {
  llarp::LogDebug("verify RC signature");
-  if(!rc.VerifySignature(&crypto))
+  if(!rc().VerifySignature(&crypto))
  {
-    rc.Dump< MAX_RC_SIZE >();
+    rc().Dump< MAX_RC_SIZE >();
    llarp::LogError("RC has bad signature not saving");
    return false;
  }
-  return rc.Write(our_rc_file.string().c_str());
+  return rc().Write(our_rc_file.string().c_str());
 }

 void
@ -364,6 +365,7 @@ llarp_router::TryEstablishTo(const llarp::RouterID &remote)
  }
  else
  {
+    llarp::LogInfo("looking up router ", remote);
    // dht lookup as we don't know it
    dht->impl.LookupRouter(
        remote,
@ -377,7 +379,10 @@ llarp_router::HandleDHTLookupForTryEstablishTo(
    const std::vector< llarp::RouterContact > &results)
 {
  for(const auto &result : results)
-    async_verify_RC(result);
+  {
+    llarp_nodedb_put_rc(nodedb, result);
+    llarp_router_try_connect(this, result, 10);
+  }
 }

 size_t
@ -614,7 +619,7 @@ llarp_router::Run()
    if(!a.isPrivate())
    {
      llarp::LogInfo("Loading Addr: ", a, " into our RC");
-      rc.addrs.push_back(addr);
+      _rc.addrs.push_back(addr);
    }
  };
  if(this->publicOverride)
@ -640,19 +645,18 @@ llarp_router::Run()
      this->addrInfo.ip   = *publicAddr.addr6();
      this->addrInfo.port = publicAddr.port();
      llarp::LogInfo("Loaded our public ", publicAddr, " override into RC!");
-      // we need the link to set the pubkey
-      rc.addrs.push_back(this->addrInfo);
+      _rc.addrs.push_back(this->addrInfo);
    }
  }
  // set public encryption key
-  rc.enckey = llarp::seckey_topublic(encryption);
-  llarp::LogInfo("Your Encryption pubkey ", rc.enckey);
+  _rc.enckey = llarp::seckey_topublic(encryption);
+  llarp::LogInfo("Your Encryption pubkey ", rc().enckey);
  // set public signing key
-  rc.pubkey = llarp::seckey_topublic(identity);
-  llarp::LogInfo("Your Identity pubkey ", rc.pubkey);
+  _rc.pubkey = llarp::seckey_topublic(identity);
+  llarp::LogInfo("Your Identity pubkey ", rc().pubkey);

  llarp::LogInfo("Signing rc...");
-  if(!rc.Sign(&crypto, identity))
+  if(!_rc.Sign(&crypto, identity))
  {
    llarp::LogError("failed to sign rc");
    return;
@ -971,9 +975,9 @@ namespace llarp
    {
      if(StrEq(key, "nickname"))
      {
-        self->rc.SetNick(val);
+        self->_rc.SetNick(val);
        // set logger name here
-        _glog.nodeName = self->rc.Nick();
+        _glog.nodeName = self->rc().Nick();
      }
      if(StrEq(key, "encryption-privkey"))
      {
--- a/llarp/router.hpp
+++ b/llarp/router.hpp
@ -47,7 +47,13 @@ struct llarp_router
  fs::path our_rc_file = "rc.signed";

  // our router contact
-  llarp::RouterContact rc;
+  llarp::RouterContact _rc;
+
+  const llarp::RouterContact &
+  rc() const
+  {
+    return _rc;
+  }

  // our ipv4 public setting
  bool publicOverride = false;
--- a/llarp/router_contact.cpp
+++ b/llarp/router_contact.cpp
@ -223,13 +223,9 @@ namespace llarp
  RouterContact &
  RouterContact::operator=(const RouterContact &other)
  {
-    addrs.clear();
-    exits.clear();
-    addrs = other.addrs;
-    exits = other.exits;
-
-    signature = other.signature;
-
+    addrs        = other.addrs;
+    exits        = other.exits;
+    signature    = other.signature;
    last_updated = other.last_updated;
    enckey       = other.enckey;
    pubkey       = other.pubkey;