PktTypeExec PktType = iota
PktTypeTrns PktType = iota
PktTypeExecFat PktType = iota
+ PktTypeArea PktType = iota
MaxPathSize = 1<<8 - 1
)
var (
- MagicNNCPPv3 [8]byte = [8]byte{'N', 'N', 'C', 'P', 'P', 0, 0, 3}
- MagicNNCPEv5 [8]byte = [8]byte{'N', 'N', 'C', 'P', 'E', 0, 0, 5}
- BadMagic error = errors.New("Unknown magic number")
- BadPktType error = errors.New("Unknown packet type")
+ BadPktType error = errors.New("Unknown packet type")
PktOverhead int64
PktEncOverhead int64
PktOverhead = int64(n)
buf.Reset()
- dummyId, err := NodeIdFromString("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
+ dummyId, err := NodeIdFromString(DummyB32Id)
if err != nil {
panic(err)
}
pktEnc := PktEnc{
- Magic: MagicNNCPEv5,
+ Magic: MagicNNCPEv5.B,
Sender: dummyId,
Recipient: dummyId,
}
return nil, errors.New("Too long path")
}
pkt := Pkt{
- Magic: MagicNNCPPv3,
+ Magic: MagicNNCPPv3.B,
Type: typ,
Nice: nice,
PathLen: uint8(len(path)),
return nil, err
}
tbs := PktTbs{
- Magic: MagicNNCPEv5,
+ Magic: MagicNNCPEv5.B,
Nice: nice,
Sender: our.Id,
Recipient: their.Id,
signature := new([ed25519.SignatureSize]byte)
copy(signature[:], ed25519.Sign(our.SignPrv, tbsBuf.Bytes()))
pktEnc := PktEnc{
- Magic: MagicNNCPEv5,
+ Magic: MagicNNCPEv5.B,
Nice: nice,
Sender: our.Id,
Recipient: their.Id,
curve25519.ScalarMult(sharedKey, prvEph, their.ExchPub)
key := make([]byte, chacha20poly1305.KeySize)
- blake3.DeriveKey(key, string(MagicNNCPEv5[:]), sharedKey[:])
+ blake3.DeriveKey(key, string(MagicNNCPEv5.B[:]), sharedKey[:])
aead, err := chacha20poly1305.New(key)
if err != nil {
return nil, err
return nil, io.ErrUnexpectedEOF
}
if padSize > 0 {
- blake3.DeriveKey(key, string(MagicNNCPEv5[:])+" PAD", sharedKey[:])
+ blake3.DeriveKey(key, string(MagicNNCPEv5.B[:])+" PAD", sharedKey[:])
xof := blake3.New(32, key).XOF()
if _, err = io.CopyN(out, xof, padSize); err != nil {
return nil, err
return pktEncRaw, nil
}
-func TbsVerify(our *NodeOur, their *Node, pktEnc *PktEnc) ([]byte, bool, error) {
+func TbsPrepare(our *NodeOur, their *Node, pktEnc *PktEnc) []byte {
tbs := PktTbs{
- Magic: MagicNNCPEv5,
+ Magic: MagicNNCPEv5.B,
Nice: pktEnc.Nice,
Sender: their.Id,
Recipient: our.Id,
}
var tbsBuf bytes.Buffer
if _, err := xdr.Marshal(&tbsBuf, &tbs); err != nil {
- return nil, false, err
+ panic(err)
}
- return tbsBuf.Bytes(), ed25519.Verify(their.SignPub, tbsBuf.Bytes(), pktEnc.Sign[:]), nil
+ return tbsBuf.Bytes()
+}
+
+func TbsVerify(our *NodeOur, their *Node, pktEnc *PktEnc) ([]byte, bool, error) {
+ tbs := TbsPrepare(our, their, pktEnc)
+ return tbs, ed25519.Verify(their.SignPub, tbs, pktEnc.Sign[:]), nil
}
func PktEncRead(
nodes map[NodeId]*Node,
data io.Reader,
out io.Writer,
-) (*Node, int64, error) {
+ signatureVerify bool,
+ sharedKeyCached []byte,
+) ([]byte, *Node, int64, error) {
var pktEnc PktEnc
_, err := xdr.Unmarshal(data, &pktEnc)
if err != nil {
- return nil, 0, err
- }
- if pktEnc.Magic != MagicNNCPEv5 {
- return nil, 0, BadMagic
- }
- their, known := nodes[*pktEnc.Sender]
- if !known {
- return nil, 0, errors.New("Unknown sender")
- }
- if *pktEnc.Recipient != *our.Id {
- return nil, 0, errors.New("Invalid recipient")
+ return nil, nil, 0, err
+ }
+ switch pktEnc.Magic {
+ case MagicNNCPEv1.B:
+ err = MagicNNCPEv1.TooOld()
+ case MagicNNCPEv2.B:
+ err = MagicNNCPEv2.TooOld()
+ case MagicNNCPEv3.B:
+ err = MagicNNCPEv3.TooOld()
+ case MagicNNCPEv4.B:
+ err = MagicNNCPEv4.TooOld()
+ case MagicNNCPEv5.B:
+ default:
+ err = BadMagic
}
- tbsRaw, verified, err := TbsVerify(our, their, &pktEnc)
if err != nil {
- return nil, 0, err
+ return nil, nil, 0, err
}
- if !verified {
- return their, 0, errors.New("Invalid signature")
+ if *pktEnc.Recipient != *our.Id {
+ return nil, nil, 0, errors.New("Invalid recipient")
+ }
+ var tbsRaw []byte
+ var their *Node
+ if signatureVerify {
+ their = nodes[*pktEnc.Sender]
+ if their == nil {
+ return nil, nil, 0, errors.New("Unknown sender")
+ }
+ var verified bool
+ tbsRaw, verified, err = TbsVerify(our, their, &pktEnc)
+ if err != nil {
+ return nil, nil, 0, err
+ }
+ if !verified {
+ return nil, their, 0, errors.New("Invalid signature")
+ }
+ } else {
+ tbsRaw = TbsPrepare(our, &Node{Id: pktEnc.Sender}, &pktEnc)
}
ad := blake3.Sum256(tbsRaw)
sharedKey := new([32]byte)
- curve25519.ScalarMult(sharedKey, our.ExchPrv, &pktEnc.ExchPub)
+ if sharedKeyCached == nil {
+ curve25519.ScalarMult(sharedKey, our.ExchPrv, &pktEnc.ExchPub)
+ } else {
+ copy(sharedKey[:], sharedKeyCached)
+ }
key := make([]byte, chacha20poly1305.KeySize)
- blake3.DeriveKey(key, string(MagicNNCPEv5[:]), sharedKey[:])
+ blake3.DeriveKey(key, string(MagicNNCPEv5.B[:]), sharedKey[:])
aead, err := chacha20poly1305.New(key)
if err != nil {
- return their, 0, err
+ return sharedKey[:], their, 0, err
}
nonce := make([]byte, aead.NonceSize())
sizeBuf := make([]byte, 8+aead.Overhead())
if _, err = io.ReadFull(data, sizeBuf); err != nil {
- return their, 0, err
+ return sharedKey[:], their, 0, err
}
sizeBuf, err = aead.Open(sizeBuf[:0], nonce, sizeBuf, ad[:])
if err != nil {
- return their, 0, err
+ return sharedKey[:], their, 0, err
}
size := int64(binary.BigEndian.Uint64(sizeBuf))
lr := io.LimitedReader{R: data, N: size}
written, err := aeadProcess(aead, nonce, ad[:], false, &lr, out)
if err != nil {
- return their, int64(written), err
+ return sharedKey[:], their, int64(written), err
}
if written != int(size) {
- return their, int64(written), io.ErrUnexpectedEOF
+ return sharedKey[:], their, int64(written), io.ErrUnexpectedEOF
}
- return their, size, nil
+ return sharedKey[:], their, size, nil
}