yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-06-17 06:35:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix

Browse source
This commit is contained in:
ufm 2022-07-03 17:52:46 +03:00
parent aba03d590e
commit 68fbfc6f4b
1 changed files with 98 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

186
src/core/core.go
View file

@ -2,14 +2,14 @@ package core
import ( import (
"context" "context"
"crypto/ed25519"
"crypto/aes" "crypto/aes"
"crypto/cipher" "crypto/cipher"
"crypto/rand" "crypto/ed25519"
"io" "crypto/rand"
"encoding/hex" "encoding/hex"
"errors" "errors"
"fmt" "fmt"
"io"
"io/ioutil" "io/ioutil"
"net" "net"
"net/url" "net/url"
@ -34,7 +34,7 @@ type Core struct {
phony.Inbox phony.Inbox
*iwe.PacketConn *iwe.PacketConn
config *config.NodeConfig // Config config *config.NodeConfig // Config
sgcm map[string] cipher.AEAD sgcm map[string]cipher.AEAD
secret ed25519.PrivateKey secret ed25519.PrivateKey
public ed25519.PublicKey public ed25519.PublicKey
links links links links
@ -56,31 +56,37 @@ func (c *Core) _init() error {
c.log = log.New(ioutil.Discard, "", 0) c.log = log.New(ioutil.Discard, "", 0)
} }
c.sgcm = make(map[string] cipher.AEAD) c.sgcm = make(map[string]cipher.AEAD)
for addr, csecret := range c.config.Secrets { for addr, csecret := range c.config.Secrets {
var gcm cipher.AEAD var gcm cipher.AEAD
switch len(csecret) { switch len(csecret) {
case 16, 24, 32: // Generate GCM case 16, 24, 32: // Generate GCM
ch, err := aes.NewCipher([]byte(csecret)) ch, err := aes.NewCipher([]byte(csecret))
if err != nil { return fmt.Errorf("aes.NewCipher: %w", err) } if err != nil {
gcm, err = cipher.NewGCM(ch) return fmt.Errorf("aes.NewCipher: %w", err)
if err != nil { return fmt.Errorf("cipher.NewGCM: %w", err) } }
default: gcm, err = cipher.NewGCM(ch)
return fmt.Errorf("Secret for %s is incorrect length. Should be 16, 24 or 32 bytes", addr) if err != nil {
} return fmt.Errorf("cipher.NewGCM: %w", err)
}
default:
return fmt.Errorf("Secret for %s is incorrect length. Should be 16, 24 or 32 bytes", addr)
}
if strings.ToLower(addr) == "all" { if strings.ToLower(addr) == "all" {
c.sgcm["0"] = gcm c.sgcm["0"] = gcm
} else { } else {
saddr, err := hex.DecodeString(addr) saddr, err := hex.DecodeString(addr)
if err != nil { return err } if err != nil {
if len(saddr) != ed25519.PublicKeySize { return err
return fmt.Errorf("PublicKey '%s' has the wrong length", addr) }
} if len(saddr) != ed25519.PublicKeySize {
c.sgcm[string(saddr)] = gcm return fmt.Errorf("PublicKey '%s' has the wrong length", addr)
} }
} c.sgcm[string(saddr)] = gcm
}
}
sigPriv, err := hex.DecodeString(c.config.PrivateKey) sigPriv, err := hex.DecodeString(c.config.PrivateKey)
if err != nil { if err != nil {
@ -235,73 +241,77 @@ func (c *Core) ReadFrom(p []byte) (n int, from net.Addr, err error) {
if n == 0 { if n == 0 {
continue continue
} }
switch bs[0] { switch bs[0] {
case typeSessionTraffic: case typeSessionTraffic:
// This is what we want to handle here // This is what we want to handle here
gcm := c.getSecretForAddr(from) gcm := c.getSecretForAddr(from)
if gcm != nil { continue } if gcm != nil {
bs = bs[1:n] continue
}
bs = bs[1:n]
case typeSessionEncTraffic: case typeSessionEncTraffic:
// Encoded traddic. Decode first // Encoded traddic. Decode first
gcm := c.getSecretForAddr(from) gcm := c.getSecretForAddr(from)
if gcm == nil { continue } if gcm == nil {
bs, err = gcm.Open(nil, bs[1:gcm.NonceSize()+1], bs[gcm.NonceSize()+1:n], nil) continue
if err != nil { // If we failed to decrypt the packet, we silently skip it. }
err = nil bs, err = gcm.Open(nil, bs[1:gcm.NonceSize()+1], bs[gcm.NonceSize()+1:n], nil)
continue if err != nil { // If we failed to decrypt the packet, we silently skip it.
} err = nil
continue
}
case typeSessionProto: case typeSessionProto:
var key keyArray var key keyArray
copy(key[:], from.(iwt.Addr)) copy(key[:], from.(iwt.Addr))
data := append([]byte(nil), bs[1:n]...) data := append([]byte(nil), bs[1:n]...)
c.proto.handleProto(nil, key, data) c.proto.handleProto(nil, key, data)
continue continue
default: default:
continue continue
} }
copy(p, bs) copy(p, bs)
if len(p) < len(bs) { if len(p) < len(bs) {
n = len(p) n = len(p)
} else { } else {
n = len(bs) n = len(bs)
} }
return return
} }
} }
func (c *Core) WriteTo(p []byte, addr net.Addr) (n int, err error) { func (c *Core) WriteTo(p []byte, addr net.Addr) (n int, err error) {
buf := make([]byte, 0, 65535) buf := make([]byte, 0, 65535)
gcm := c.getSecretForAddr(addr) gcm := c.getSecretForAddr(addr)
if gcm == nil { // unencrypted traffic if gcm == nil { // unencrypted traffic
buf = append(buf, typeSessionTraffic) buf = append(buf, typeSessionTraffic)
buf = append(buf, p...) buf = append(buf, p...)
n, err = c.PacketConn.WriteTo(buf, addr) n, err = c.PacketConn.WriteTo(buf, addr)
if n > 0 { if n > 0 {
n -= 1 n -= 1
} }
} else { } else {
buf = append(buf, typeSessionEncTraffic) buf = append(buf, typeSessionEncTraffic)
nonce := make([]byte, gcm.NonceSize()) nonce := make([]byte, gcm.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil { if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
return 0, err return 0, err
} }
buf = append(buf, gcm.Seal(nonce, nonce, p, nil)...) buf = append(buf, gcm.Seal(nonce, nonce, p, nil)...)
n, err = c.PacketConn.WriteTo(buf, addr) n, err = c.PacketConn.WriteTo(buf, addr)
if n > 0 { if n > 0 {
n -= 1+len(nonce) n -= 1 + len(nonce)
} }
} }
return return
} }
func (c *Core) getSecretForAddr(addr net.Addr) (ch cipher.AEAD) { func (c *Core) getSecretForAddr(addr net.Addr) (ch cipher.AEAD) {
if ch, exist := c.sgcm[string(ed25519.PublicKey(addr.(iwt.Addr)))]; exist { if ch, exist := c.sgcm[string(ed25519.PublicKey(addr.(iwt.Addr)))]; exist {
return ch return ch
} }
if ch, exist := c.sgcm["0"]; exist { if ch, exist := c.sgcm["0"]; exist {
return ch return ch
} }
return nil return nil
} }