clientcontact logic (squash)

- unorganized amalgamation of cc logic
- session-related logic still local

llarp/address/address.hpp

@@ -80,7 +80,6 @@ namespace llarp
         std::string name() const { return _pubkey.to_string(); }
 
         std::string to_string() const { return name().append(_tld); }
-
         static constexpr bool to_string_formattable{true};
     };
 

llarp/contact/client_contact.cpp

@@ -5,29 +5,32 @@ namespace llarp
     static auto logcat = log::Cat("client-intro");
 
     ClientContact::ClientContact(
-        Ed25519Hash pk,
+        Ed25519PrivateData private_data,
+        PubKey pk,
         const std::unordered_set<dns::SRVData>& srvs,
         uint16_t proto_flags,
         std::optional<net::ExitPolicy> policy)
-        : derived_privatekey{std::move(pk)},
+        : derived_privatekey{std::move(private_data)},
+          pubkey{std::move(pk)},
           SRVs{srvs.begin(), srvs.end()},
           protos{proto_flags},
           exit_policy{std::move(policy)}
     {}
 
-    ClientContact::ClientContact(std::string_view buf)
+    ClientContact::ClientContact(std::string&& buf)
     {
-        bt_decode(buf);
+        bt_decode(oxenc::bt_dict_consumer{std::move(buf)});
     }
 
     ClientContact ClientContact::generate(
-        Ed25519Hash&& pk,
+        Ed25519PrivateData&& private_data,
+        PubKey&& pk,
         const std::unordered_set<dns::SRVData>& srvs,
         uint16_t proto_flags,
         std::optional<net::ExitPolicy> policy)
     {
         log::info(logcat, "Generating new ClientContact...");
-        return ClientContact{std::move(pk), srvs, proto_flags, std::move(policy)};
+        return ClientContact{std::move(private_data), std::move(pk), srvs, proto_flags, std::move(policy)};
     }
 
     void ClientContact::handle_updated_field(intro_set iset)
@@ -57,10 +60,10 @@ namespace llarp
 
     void ClientContact::bt_encode(std::vector<unsigned char>& buf) const
     {
-        bt_encode(oxenc::bt_dict_producer{reinterpret_cast<char*>(buf.data()), buf.size()});
+        buf.resize(bt_encode(oxenc::bt_dict_producer{reinterpret_cast<char*>(buf.data()), buf.size()}));
     }
 
-    void ClientContact::bt_encode(oxenc::bt_dict_producer&& btdp) const
+    size_t ClientContact::bt_encode(oxenc::bt_dict_producer&& btdp) const
     {
         btdp.append("a", pubkey.to_view());
 
@@ -82,21 +85,23 @@ namespace llarp
             for (auto& s : SRVs)
                 s.bt_encode(sublist.append_dict());
         }
-    }
 
-    void ClientContact::bt_decode(std::string_view buf)
-    {
-        try
-        {
-            bt_decode(oxenc::bt_dict_consumer{buf});
-        }
-        catch (const std::exception& e)
-        {
-            log::critical(logcat, "ClientContact deserialization failed: {}", e.what());
-            throw;
-        }
+        return btdp.view().size();
     }
 
+    // void ClientContact::bt_decode(std::string_view buf)
+    // {
+    //     try
+    //     {
+    //         bt_decode(oxenc::bt_dict_consumer{buf});
+    //     }
+    //     catch (const std::exception& e)
+    //     {
+    //         log::critical(logcat, "ClientContact deserialization failed: {}", e.what());
+    //         throw;
+    //     }
+    // }
+
     void ClientContact::bt_decode(oxenc::bt_dict_consumer&& btdc)
     {
         pubkey.from_string(btdc.require<std::string_view>("a"));
@@ -117,7 +122,6 @@ namespace llarp
 
         protos = btdc.require<uint16_t>("p");
 
-        // ditto as above
         if (btdc.skip_until("s"))
         {
             auto sublist = btdc.consume_list_consumer();
@@ -133,20 +137,37 @@ namespace llarp
         return intros.rbegin()->is_expired(now);
     }
 
-    EncryptedClientContact ClientContact::encrypt_and_sign()
+    EncryptedClientContact ClientContact::encrypt_and_sign() const
     {
         EncryptedClientContact enc{};
-        
+
         try
         {
+            enc.blinded_pubkey = derived_privatekey.to_pubkey();
             bt_encode(enc.encrypted);
 
+            if (not crypto::xchacha20(enc.encrypted.data(), enc.encrypted.size(), pubkey.data(), enc.nonce.data()))
+                throw std::runtime_error{"Failed to encrypt ClientContact bt-payload!"};
+
+            enc.signed_at = llarp::time_now_ms();
+
+            oxenc::bt_dict_producer btdp;
+            enc.bt_encode(btdp);
+
+            auto view = btdp.view_for_signing<unsigned char>();
+
+            if (not crypto::sign(enc.sig, derived_privatekey, view.data(), view.size()))
+                throw std::runtime_error{"Failed to sign EncryptedClientContact payload!"};
+
+            btdp.append("~", enc.sig.to_view());
+
+            enc._bt_payload = std::move(btdp).str();
         }
         catch (const std::exception& e)
         {
             log::warning(logcat, "Exception encrypting and signing client contact: {}", e.what());
+            throw;
         }
-
 
         return enc;
     }
@@ -157,12 +178,12 @@ namespace llarp
         return EncryptedClientContact{buf};
     }
 
-    EncryptedClientContact::EncryptedClientContact(std::string_view buf)
+    EncryptedClientContact::EncryptedClientContact(std::string_view buf) : _bt_payload{buf}
     {
-        bt_decode(oxenc::bt_dict_consumer{buf});
+        bt_decode(oxenc::bt_dict_consumer{_bt_payload});
     }
 
-    void EncryptedClientContact::bt_encode(oxenc::bt_dict_producer&& btdp) const
+    void EncryptedClientContact::bt_encode(oxenc::bt_dict_producer& btdp) const
     {
         btdp.append("i", blinded_pubkey.to_view());
         btdp.append("n", nonce.to_view());
@@ -193,6 +214,27 @@ namespace llarp
         }
     }
 
+    std::optional<ClientContact> EncryptedClientContact::decrypt(const PubKey& root)
+    {
+        std::optional<ClientContact> cc = std::nullopt;
+        std::string payload{_bt_payload};
+
+        if (crypto::xchacha20(
+                reinterpret_cast<unsigned char*>(payload.data()), payload.size(), root.data(), nonce.data()))
+        {
+            log::debug(logcat, "EncryptedClientContact decrypted successfully...");
+            cc = ClientContact{std::move(payload)};
+        }
+
+        return cc;
+    }
+
+    bool EncryptedClientContact::verify() const
+    {
+        return crypto::verify(
+            blinded_pubkey, reinterpret_cast<const unsigned char*>(_bt_payload.data()), _bt_payload.size(), sig);
+    }
+
     bool EncryptedClientContact::is_expired(std::chrono::milliseconds now) const
     {
         return now >= signed_at + path::DEFAULT_LIFETIME;

llarp/contact/client_contact.hpp

@@ -5,6 +5,7 @@
 
 #include <llarp/constants/version.hpp>
 #include <llarp/crypto/crypto.hpp>
+#include <llarp/dht/key.hpp>
 #include <llarp/dns/srv_data.hpp>
 #include <llarp/net/net.hpp>
 #include <llarp/net/traffic_policy.hpp>
@@ -46,41 +47,61 @@ namespace llarp
         TCP2QUIC = 1 << 5,
     };
 
+    /** TODO:
+            - LocalCC
+                - holds the derived Ed25519PrivateData
+            - RemoteCC:
+
+     */
+
     /** ClientContact
         On the wire we encode the data as a dict containing:
             - "" : the CC format version, which must be == ClientContact::VERSION to be parsed successfully
             - "a" : public key of the remote client instance
+            - "e" : (optional) exit policy containing sublists of accepted protocols and routed IP ranges
             - "i" : list of client introductions corresponding to the different pivots through which paths can be built
                     to the client instance
             - "p" : supported protocols indicating the traffic accepted by the client instance; this indicates if the
                     client is embedded and therefore requires a tunneled connection. Serialized as a bitwise flag of
                     above protocol_flag enums
-            - "s" : SRV records for lokinet DNS lookup
+            - "s" : (optional) SRV records for lokinet DNS lookup
     */
     struct ClientContact
     {
+        friend struct EncryptedClientContact;
         friend class handlers::SessionEndpoint;
 
         inline static constexpr uint8_t CC_VERSION{0};
         inline static constexpr size_t MAX_CC_SIZE{4096};
 
+        ~ClientContact() = default;
+
       protected:
         ClientContact() = default;
-        ClientContact(std::string_view buf);
+        ClientContact(std::string&& buf);
 
         ClientContact(
-            Ed25519Hash pk,
+            Ed25519PrivateData private_data,
+            PubKey pk,
             const std::unordered_set<dns::SRVData>& srvs,
             uint16_t proto_flags,
             std::optional<net::ExitPolicy> policy = std::nullopt);
 
+        /** Parameters:
+            - `private_data` : derived private subkey data
+            - `pubkey` : master identity key pubkey
+            - `srvs` : SRV records (optional, can be empty)
+            - `proto_flags` : client-supported protocols
+            - `policy` : exit-related traffic policy (optional)
+         */
         static ClientContact generate(
-            Ed25519Hash&& pk,
+            Ed25519PrivateData&& private_data,
+            PubKey&& pubkey,
             const std::unordered_set<dns::SRVData>& srvs,
             uint16_t proto_flags,
             std::optional<net::ExitPolicy> policy = std::nullopt);
 
-        EncryptedClientContact encrypt_and_sign();
+        EncryptedClientContact encrypt_and_sign() const;
 
         template <typename... Opt>
         void regenerate(intro_set iset, Opt&&... args)
@@ -95,9 +116,7 @@ namespace llarp
             _regenerate();
         }
 
-        ~ClientContact() = default;
-
-        Ed25519Hash derived_privatekey;
+        Ed25519PrivateData derived_privatekey;
 
         PubKey pubkey;
 
@@ -114,7 +133,7 @@ namespace llarp
 
         void bt_encode(std::vector<unsigned char>& buf) const;
 
-        void bt_encode(oxenc::bt_dict_producer&& btdp) const;
+        size_t bt_encode(oxenc::bt_dict_producer&& btdp) const;
 
         // Throws like a MF (for now)
         void bt_decode(std::string_view buf);
@@ -135,38 +154,46 @@ namespace llarp
     };
 
     /** EncryptedClientContact
-            "i" blinded local routerID
+            "i" blinded local PubKey (routerID)
             "n" nounce
             "t" signing time
             "x" encrypted payload
-            "~" signature
+            "~" signature   (signed with blinded derived scalar `b`)
     */
     struct EncryptedClientContact
     {
         friend struct dht::CCNode;
         friend struct ClientContact;
 
-      protected:
         EncryptedClientContact() : nonce{SymmNonce::make_random()}, encrypted(ClientContact::MAX_CC_SIZE) {}
 
-        static EncryptedClientContact construct();
-
         static EncryptedClientContact deserialize(std::string_view buf);
 
-        //   protected:
+      protected:
         explicit EncryptedClientContact(std::string_view buf);
 
         PubKey blinded_pubkey;
         SymmNonce nonce;
         std::chrono::milliseconds signed_at{0s};
         std::vector<unsigned char> encrypted;
-        Signature sig;
+        Signature sig{};
 
-        void bt_encode(oxenc::bt_dict_producer&& btdp) const;
+        std::string _bt_payload;
+
+        // Does not encode signature, meant to be called prior to signing
+        void bt_encode(oxenc::bt_dict_producer& btdp) const;
 
         void bt_decode(oxenc::bt_dict_consumer&& btdc);
 
       public:
+        dht::Key_t key() const { return dht::Key_t{blinded_pubkey.data()}; }
+
+        std::optional<ClientContact> decrypt(const PubKey& root);
+
+        std::string_view bt_payload() const { return _bt_payload; }
+
+        bool verify() const;
+
         bool is_expired(std::chrono::milliseconds now = time_now_ms()) const;
     };
 }  //  namespace llarp

llarp/contact/contactdb.cpp

@@ -10,28 +10,28 @@ namespace llarp
         _introset_nodes = std::make_unique<dht::Bucket<dht::ISNode>>(_local_key, llarp::randint);
     }
 
-    // std::optional<ClientContact> ContactDB::get_decrypted_cc(RouterID remote) const
-    // {
-    //     std::optional<ClientContact> ret = std::nullopt;
+    std::optional<ClientContact> ContactDB::get_decrypted_cc(RouterID remote) const
+    {
+        std::optional<ClientContact> ret = std::nullopt;
 
-    //     (void)remote;
-    //     // TESTNET: TODO: finish this after implementing CC encrypt/decrypt
+        if (auto enc = get_encrypted_cc(dht::Key_t::derive_from_rid(remote)))
+            ret = enc->decrypt(remote);
 
-    //     return ret;
-    // }
+        return ret;
+    }
 
-    // std::optional<EncryptedClientContact> ContactDB::get_encrypted_cc(const dht::Key_t& key) const
-    // {
-    //     std::optional<EncryptedClientContact> enc = std::nullopt;
+    std::optional<EncryptedClientContact> ContactDB::get_encrypted_cc(const dht::Key_t& key) const
+    {
+        std::optional<EncryptedClientContact> enc = std::nullopt;
 
-    //     auto& clientcontacts = _cc_nodes->nodes;
+        auto& clientcontacts = _cc_nodes->nodes;
 
-    //     if (auto itr = clientcontacts.find(key);
-    //         itr != clientcontacts.end() && not itr->second.client_contact.is_expired())
-    //         enc = itr->second.client_contact;
+        if (auto itr = clientcontacts.find(key);
+            itr != clientcontacts.end() && not itr->second.client_contact.is_expired())
+            enc = itr->second.client_contact;
 
-    //     return enc;
-    // }
+        return enc;
+    }
 
     std::optional<service::IntroSetOld> ContactDB::get_decrypted_introset(RouterID remote) const
     {
@@ -67,4 +67,9 @@ namespace llarp
         _introset_nodes->put_node(std::move(enc));
     }
 
+    void ContactDB::put_cc(EncryptedClientContact enc)
+    {
+        _cc_nodes->put_node(enc);
+    }
+
 }  //  namespace llarp