Merge branch 'veilidchat-work' into 'main'

0.1.5 prep See merge request veilid/veilid!93
2024-10-01 01:26:08 -04:00 · 2023-07-21 18:33:07 +00:00 · 2023-07-21 18:33:07 +00:00 · dfea276ac4
commit dfea276ac4
parent e27f73fa7a 9d3e847a68
11 changed files with 53 additions and 32 deletions
--- a/veilid-core/src/crypto/envelope.rs
+++ b/veilid-core/src/crypto/envelope.rs
@ -330,7 +330,15 @@ impl Envelope {
        self.sender_id
    }

+    pub fn get_sender_typed_id(&self) -> TypedKey {
+        TypedKey::new(self.crypto_kind, self.sender_id)
+    }
+
    pub fn get_recipient_id(&self) -> PublicKey {
        self.recipient_id
    }
+
+    pub fn get_recipient_typed_id(&self) -> TypedKey {
+        TypedKey::new(self.crypto_kind, self.recipient_id)
+    }
 }
--- a/veilid-core/src/crypto/receipt.rs
+++ b/veilid-core/src/crypto/receipt.rs
@ -207,6 +207,11 @@ impl Receipt {
    pub fn get_sender_id(&self) -> PublicKey {
        self.sender_id
    }
+
+    pub fn get_sender_typed_id(&self) -> TypedKey {
+        TypedKey::new(self.crypto_kind, self.sender_id)
+    }
+
    pub fn get_extra_data(&self) -> &[u8] {
        &self.extra_data
    }
--- a/veilid-core/src/intf/native/network_interfaces/apple.rs
+++ b/veilid-core/src/intf/native/network_interfaces/apple.rs
@ -1,3 +1,4 @@
+#![allow(non_camel_case_types)]
 use super::*;

 use libc::{
--- a/veilid-core/src/intf/native/network_interfaces/mod.rs
+++ b/veilid-core/src/intf/native/network_interfaces/mod.rs
@ -344,9 +344,9 @@ impl NetworkInterfaces {
        let mut last_interfaces = {
            let mut last_interfaces = BTreeMap::<String, NetworkInterface>::new();
            let mut platform_support = PlatformSupport::new()?;
-            platform_support
-                .get_interfaces(&mut last_interfaces)
-                .await?;
+            if let Err(e) = platform_support.get_interfaces(&mut last_interfaces).await {
+                debug!("no network interfaces are enabled: {}", e);
+            }
            last_interfaces
        };

--- a/veilid-core/src/network_manager/mod.rs
+++ b/veilid-core/src/network_manager/mod.rs
@ -954,6 +954,7 @@ impl NetworkManager {
                Ok(v) => v,
                Err(e) => {
                    log_net!(debug "envelope failed to decode: {}", e);
+                    // safe to punish here because relays also check here to ensure they arent forwarding things that don't decode
                    self.address_filter().punish_ip_addr(remote_addr);
                    return Ok(false);
                }
@ -1005,12 +1006,12 @@ impl NetworkManager {

        // Peek at header and see if we need to relay this
        // If the recipient id is not our node id, then it needs relaying
-        let sender_id = TypedKey::new(envelope.get_crypto_kind(), envelope.get_sender_id());
+        let sender_id = envelope.get_sender_typed_id();
        if self.address_filter().is_node_id_punished(sender_id) {
            return Ok(false);
        }

-        let recipient_id = TypedKey::new(envelope.get_crypto_kind(), envelope.get_recipient_id());
+        let recipient_id = envelope.get_recipient_typed_id();
        if !routing_table.matches_own_node_id(&[recipient_id]) {
            // See if the source node is allowed to resolve nodes
            // This is a costly operation, so only outbound-relay permitted
@ -1089,15 +1090,18 @@ impl NetworkManager {
        ) {
            Ok(v) => v,
            Err(e) => {
-                log_net!(debug "failed to decrypt envelope body: {}",e);
-                self.address_filter().punish_ip_addr(remote_addr);
+                log_net!(debug "failed to decrypt envelope body: {}", e);
+                // Can't punish by ip address here because relaying can't decrypt envelope bodies to check
+                // But because the envelope was properly signed by the time it gets here, it is safe to
+                // punish by node id
+                self.address_filter().punish_node_id(sender_id);
                return Ok(false);
            }
        };

        // Cache the envelope information in the routing table
        let source_noderef = match routing_table.register_node_with_existing_connection(
-            TypedKey::new(envelope.get_crypto_kind(), envelope.get_sender_id()),
+            envelope.get_sender_typed_id(),
            connection_descriptor,
            ts,
        ) {
--- a/veilid-core/src/network_manager/network_connection.rs
+++ b/veilid-core/src/network_manager/network_connection.rs
@ -315,7 +315,7 @@ impl NetworkConnection {
                                        return RecvLoopAction::Finish;
                                    }

-                                    // Punish invalid messages
+                                    // Punish invalid framing (tcp framing or websocket framing)
                                    if v.is_invalid_message() {
                                        address_filter.punish_ip_addr(peer_address.to_socket_addr().ip());
                                        return RecvLoopAction::Finish;
--- a/veilid-core/src/rpc_processor/destination.rs
+++ b/veilid-core/src/rpc_processor/destination.rs
@ -319,10 +319,7 @@ impl RPCProcessor {
                };

                // Reply directly to the request's source
-                let sender_node_id = TypedKey::new(
-                    detail.envelope.get_crypto_kind(),
-                    detail.envelope.get_sender_id(),
-                );
+                let sender_node_id = detail.envelope.get_sender_typed_id();

                // This may be a different node's reference than the 'sender' in the case of a relay
                let peer_noderef = detail.peer_noderef.clone();
--- a/veilid-core/src/rpc_processor/mod.rs
+++ b/veilid-core/src/rpc_processor/mod.rs
@ -126,17 +126,9 @@ impl RPCMessageHeader {
    }
    pub fn direct_sender_node_id(&self) -> TypedKey {
        match &self.detail {
-            RPCMessageHeaderDetail::Direct(d) => {
-                TypedKey::new(d.envelope.get_crypto_kind(), d.envelope.get_sender_id())
-            }
-            RPCMessageHeaderDetail::SafetyRouted(s) => TypedKey::new(
-                s.direct.envelope.get_crypto_kind(),
-                s.direct.envelope.get_sender_id(),
-            ),
-            RPCMessageHeaderDetail::PrivateRouted(p) => TypedKey::new(
-                p.direct.envelope.get_crypto_kind(),
-                p.direct.envelope.get_sender_id(),
-            ),
+            RPCMessageHeaderDetail::Direct(d) => d.envelope.get_sender_typed_id(),
+            RPCMessageHeaderDetail::SafetyRouted(s) => s.direct.envelope.get_sender_typed_id(),
+            RPCMessageHeaderDetail::PrivateRouted(p) => p.direct.envelope.get_sender_typed_id(),
        }
    }
 }
@ -1464,10 +1456,7 @@ impl RPCProcessor {
        let msg = match &encoded_msg.header.detail {
            RPCMessageHeaderDetail::Direct(detail) => {
                // Get sender node id
-                let sender_node_id = TypedKey::new(
-                    detail.envelope.get_crypto_kind(),
-                    detail.envelope.get_sender_id(),
-                );
+                let sender_node_id = detail.envelope.get_sender_typed_id();

                // Decode and validate the RPC operation
                let operation = match self.decode_rpc_operation(&encoded_msg) {
--- a/veilid-core/src/rpc_processor/rpc_validate_dial_info.rs
+++ b/veilid-core/src/rpc_processor/rpc_validate_dial_info.rs
@ -104,10 +104,7 @@ impl RPCProcessor {
            // We filter on the -outgoing- protocol capability status not the node's dial info
            // Use the address type though, to ensure we reach an ipv6 capable node if this is
            // an ipv6 address
-            let sender_node_id = TypedKey::new(
-                detail.envelope.get_crypto_kind(),
-                detail.envelope.get_sender_id(),
-            );
+            let sender_node_id = detail.envelope.get_sender_typed_id();
            let routing_domain = detail.routing_domain;
            let node_count = {
                let c = self.config.get();
--- a/veilid-flutter/lib/routing_context.dart
+++ b/veilid-flutter/lib/routing_context.dart
@ -84,6 +84,22 @@ class DHTRecordDescriptor with _$DHTRecordDescriptor {
      _$DHTRecordDescriptorFromJson(json);
 }

+extension DHTRecordDescriptorExt on DHTRecordDescriptor {
+  KeyPair? ownerKeyPair() {
+    if (ownerSecret == null) {
+      return null;
+    }
+    return KeyPair(key: owner, secret: ownerSecret!);
+  }
+
+  TypedKeyPair? ownerTypedKeyPair() {
+    if (ownerSecret == null) {
+      return null;
+    }
+    return TypedKeyPair(kind: key.kind, key: owner, secret: ownerSecret!);
+  }
+}
+
 //////////////////////////////////////
 /// ValueSubkeyRange

--- a/veilid-flutter/lib/veilid_crypto.dart
+++ b/veilid-flutter/lib/veilid_crypto.dart
@ -21,6 +21,8 @@ String cryptoKindToString(CryptoKind kind) {
  return "${String.fromCharCode(kind & 0xFF)}${String.fromCharCode((kind >> 8) & 0xFF)}${String.fromCharCode((kind >> 16) & 0xFF)}${String.fromCharCode((kind >> 24) & 0xFF)}";
 }

+const CryptoKind bestCryptoKind = cryptoKindVLD0;
+
 Uint8List cryptoKindToBytes(CryptoKind kind) {
  var b = Uint8List(4);
  b[0] = kind & 0xFF;
@ -140,6 +142,8 @@ class TypedKeyPair extends Equatable {
  String toJson() => toString();
  factory TypedKeyPair.fromJson(dynamic json) =>
      TypedKeyPair.fromString(json as String);
+  factory TypedKeyPair.fromKeyPair(CryptoKind kind, KeyPair keyPair) =>
+      TypedKeyPair(kind: kind, key: keyPair.key, secret: keyPair.secret);
 }

 typedef CryptoKey = FixedEncodedString43;