nim-codex-dht/codexdht/private/eth/p2p/discoveryv5/sessions.nim

# codex-dht - Codex DHT
# Copyright (c) 2022 Status Research & Development GmbH
# Licensed and distributed under either of
#   * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).
#   * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
#
## Session cache as mentioned at
## https://github.com/ethereum/devp2p/blob/master/discv5/discv5-theory.md#session-cache
##

## A session stores encryption and decryption keys for P2P encryption.
## Since key exchange can be started both ways, and these might not get finalised with
## UDP transport, we can't be sure what encryption key will be used by the other side:
## - the one derived in the key-exchange started by us,
## - the one derived in the key-exchange started by the other node.
## To alleviate this issue, we store two decryption keys in each session.

{.push raises: [Defect].}

import
  std/options,
  stint, stew/endians2, stew/shims/net,
  node, lru

export lru

const
  aesKeySize* = 128 div 8
  keySize = sizeof(NodeId) +
            16 + # max size of ip address (ipv6)
            2 # Sizeof port

type
  AesKey* = array[aesKeySize, byte]
  SessionKey* = array[keySize, byte]
  SessionValue* = array[3 * sizeof(AesKey), byte]
  Sessions* = LRUCache[SessionKey, SessionValue]

func makeKey(id: NodeId, address: Address): SessionKey =
  var pos = 0
  result[pos ..< pos+sizeof(id)] = toBytes(id)
  pos.inc(sizeof(id))
  case address.ip.family
  of IpAddressFamily.IpV4:
    result[pos ..< pos+sizeof(address.ip.address_v4)] = address.ip.address_v4
  of IpAddressFamily.IpV6:
    result[pos ..< pos+sizeof(address.ip.address_v6)] = address.ip.address_v6
  pos.inc(sizeof(address.ip.address_v6))
  result[pos ..< pos+sizeof(address.port)] = toBytes(address.port.uint16)

func swapr*(s: var Sessions, id: NodeId, address: Address) =
  var value: array[3 * sizeof(AesKey), byte]
  let
    key = makeKey(id, address)
    entry = s.get(key)
  if entry.isSome():
    let val = entry.get()
    copyMem(addr value[0], unsafeAddr val[16], sizeof(AesKey))
    copyMem(addr value[16], unsafeAddr val[0], sizeof(AesKey))
    copyMem(addr value[32], unsafeAddr val[32], sizeof(AesKey))
    s.put(key, value)

func store*(s: var Sessions, id: NodeId, address: Address, r, w: AesKey) =
  var value: array[3 * sizeof(AesKey), byte]
  let
    key = makeKey(id, address)
    entry = s.get(key)
  if entry.isSome():
    let val = entry.get()
    copyMem(addr value[0], unsafeAddr val[16], sizeof(r))
  value[16 .. 31] = r
  value[32 .. ^1] = w
  s.put(key, value)

func load*(s: var Sessions, id: NodeId, address: Address, r1, r2, w: var AesKey): bool =
  let res = s.get(makeKey(id, address))
  if res.isSome():
    let val = res.get()
    copyMem(addr r1[0], unsafeAddr val[0], sizeof(r1))
    copyMem(addr r2[0], unsafeAddr val[sizeof(r1)], sizeof(r2))
    copyMem(addr w[0], unsafeAddr val[sizeof(r1) + sizeof(r2)], sizeof(w))
    return true
  else:
    return false

func del*(s: var Sessions, id: NodeId, address: Address) =
  s.del(makeKey(id, address))
Persist providers (#49) * initial providers manager implementation * misc license update * spelling * rename provider tests * add provider tests * reexport provider manager * only update provider record if it changed * small bug in getProvByKey * pass providers to both constructors * fix records retrieval * disable cache during tests * avoid redefining data * adding back tests with cache * use `.errorOption` * proper err msg unpacking 2022-09-29 23:49:55 +00:00			`# codex-dht - Codex DHT`
			`# Copyright (c) 2022 Status Research & Development GmbH`
initial commit based on nim-eth@779d767b024175a51cf74c79ec7513301ebe2f46 2022-02-14 00:51:28 +00:00			`# Licensed and distributed under either of`
			`# * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).`
			`# * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).`
			`# at your option. This file may not be copied, modified, or distributed except according to those terms.`
			`#`
			`## Session cache as mentioned at`
			`## https://github.com/ethereum/devp2p/blob/master/discv5/discv5-theory.md#session-cache`
			`##`

Fix: arrive to working keys in case of simultaneous cross connect (#84) * improve tracing of message exchange run e.g. as ``` nim c -r -d:debug -d:chronicles_enabled=on -d:chronicles_log_level=TRACE -d:chronicles_sinks=textlines[nocolors,stdout] tests/dht/test_providers.nim >err ``` Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add debug on Handshake timeour Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * queue messages during handshake and send later If a handshake was already in progress, messages were dropped. Instead of this, it is better to queue these and send as soon as the handshake is finished and thus the encryption key is known. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * rename handshakeInProgress to keyexchangeInProgress Handshake is also a name of a message, which makes previous name less clear. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * keyexchangeInProgress: do not remove on handshake received This is the wrong direction, not needed Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix cross-connect key exchange Since key exchange can be started both ways simultaneously, and these might not get finalised with UDP transport, we can't be sure what encryption key will be used by the other side: - the one derived in the key-exchange started by us, - the one derived in the key-exchange started by the other node. To alleviate this issue, we store two decryption keys in each session. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> --------- Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> 2023-11-17 19:50:28 +00:00			`## A session stores encryption and decryption keys for P2P encryption.`
			`## Since key exchange can be started both ways, and these might not get finalised with`
			`## UDP transport, we can't be sure what encryption key will be used by the other side:`
			`## - the one derived in the key-exchange started by us,`
			`## - the one derived in the key-exchange started by the other node.`
			`## To alleviate this issue, we store two decryption keys in each session.`

initial commit based on nim-eth@779d767b024175a51cf74c79ec7513301ebe2f46 2022-02-14 00:51:28 +00:00			`{.push raises: [Defect].}`

			`import`
			`std/options,`
			`stint, stew/endians2, stew/shims/net,`
			`node, lru`

			`export lru`

			`const`
			`aesKeySize* = 128 div 8`
			`keySize = sizeof(NodeId) +`
			`16 + # max size of ip address (ipv6)`
			`2 # Sizeof port`

			`type`
			`AesKey* = array[aesKeySize, byte]`
			`SessionKey* = array[keySize, byte]`
Fix: arrive to working keys in case of simultaneous cross connect (#84) * improve tracing of message exchange run e.g. as ``` nim c -r -d:debug -d:chronicles_enabled=on -d:chronicles_log_level=TRACE -d:chronicles_sinks=textlines[nocolors,stdout] tests/dht/test_providers.nim >err ``` Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add debug on Handshake timeour Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * queue messages during handshake and send later If a handshake was already in progress, messages were dropped. Instead of this, it is better to queue these and send as soon as the handshake is finished and thus the encryption key is known. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * rename handshakeInProgress to keyexchangeInProgress Handshake is also a name of a message, which makes previous name less clear. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * keyexchangeInProgress: do not remove on handshake received This is the wrong direction, not needed Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix cross-connect key exchange Since key exchange can be started both ways simultaneously, and these might not get finalised with UDP transport, we can't be sure what encryption key will be used by the other side: - the one derived in the key-exchange started by us, - the one derived in the key-exchange started by the other node. To alleviate this issue, we store two decryption keys in each session. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> --------- Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> 2023-11-17 19:50:28 +00:00			`SessionValue* = array[3 * sizeof(AesKey), byte]`
initial commit based on nim-eth@779d767b024175a51cf74c79ec7513301ebe2f46 2022-02-14 00:51:28 +00:00			`Sessions* = LRUCache[SessionKey, SessionValue]`

			`func makeKey(id: NodeId, address: Address): SessionKey =`
			`var pos = 0`
			`result[pos ..< pos+sizeof(id)] = toBytes(id)`
			`pos.inc(sizeof(id))`
			`case address.ip.family`
			`of IpAddressFamily.IpV4:`
			`result[pos ..< pos+sizeof(address.ip.address_v4)] = address.ip.address_v4`
			`of IpAddressFamily.IpV6:`
			`result[pos ..< pos+sizeof(address.ip.address_v6)] = address.ip.address_v6`
			`pos.inc(sizeof(address.ip.address_v6))`
			`result[pos ..< pos+sizeof(address.port)] = toBytes(address.port.uint16)`

Fix: arrive to working keys in case of simultaneous cross connect (#84) * improve tracing of message exchange run e.g. as ``` nim c -r -d:debug -d:chronicles_enabled=on -d:chronicles_log_level=TRACE -d:chronicles_sinks=textlines[nocolors,stdout] tests/dht/test_providers.nim >err ``` Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add debug on Handshake timeour Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * queue messages during handshake and send later If a handshake was already in progress, messages were dropped. Instead of this, it is better to queue these and send as soon as the handshake is finished and thus the encryption key is known. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * rename handshakeInProgress to keyexchangeInProgress Handshake is also a name of a message, which makes previous name less clear. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * keyexchangeInProgress: do not remove on handshake received This is the wrong direction, not needed Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix cross-connect key exchange Since key exchange can be started both ways simultaneously, and these might not get finalised with UDP transport, we can't be sure what encryption key will be used by the other side: - the one derived in the key-exchange started by us, - the one derived in the key-exchange started by the other node. To alleviate this issue, we store two decryption keys in each session. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> --------- Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> 2023-11-17 19:50:28 +00:00			`func swapr*(s: var Sessions, id: NodeId, address: Address) =`
			`var value: array[3 * sizeof(AesKey), byte]`
			`let`
			`key = makeKey(id, address)`
			`entry = s.get(key)`
			`if entry.isSome():`
			`let val = entry.get()`
			`copyMem(addr value[0], unsafeAddr val[16], sizeof(AesKey))`
			`copyMem(addr value[16], unsafeAddr val[0], sizeof(AesKey))`
			`copyMem(addr value[32], unsafeAddr val[32], sizeof(AesKey))`
			`s.put(key, value)`

initial commit based on nim-eth@779d767b024175a51cf74c79ec7513301ebe2f46 2022-02-14 00:51:28 +00:00			`func store*(s: var Sessions, id: NodeId, address: Address, r, w: AesKey) =`
Fix: arrive to working keys in case of simultaneous cross connect (#84) * improve tracing of message exchange run e.g. as ``` nim c -r -d:debug -d:chronicles_enabled=on -d:chronicles_log_level=TRACE -d:chronicles_sinks=textlines[nocolors,stdout] tests/dht/test_providers.nim >err ``` Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add debug on Handshake timeour Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * queue messages during handshake and send later If a handshake was already in progress, messages were dropped. Instead of this, it is better to queue these and send as soon as the handshake is finished and thus the encryption key is known. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * rename handshakeInProgress to keyexchangeInProgress Handshake is also a name of a message, which makes previous name less clear. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * keyexchangeInProgress: do not remove on handshake received This is the wrong direction, not needed Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix cross-connect key exchange Since key exchange can be started both ways simultaneously, and these might not get finalised with UDP transport, we can't be sure what encryption key will be used by the other side: - the one derived in the key-exchange started by us, - the one derived in the key-exchange started by the other node. To alleviate this issue, we store two decryption keys in each session. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> --------- Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> 2023-11-17 19:50:28 +00:00			`var value: array[3 * sizeof(AesKey), byte]`
			`let`
			`key = makeKey(id, address)`
			`entry = s.get(key)`
			`if entry.isSome():`
			`let val = entry.get()`
			`copyMem(addr value[0], unsafeAddr val[16], sizeof(r))`
			`value[16 .. 31] = r`
			`value[32 .. ^1] = w`
			`s.put(key, value)`
initial commit based on nim-eth@779d767b024175a51cf74c79ec7513301ebe2f46 2022-02-14 00:51:28 +00:00
Fix: arrive to working keys in case of simultaneous cross connect (#84) * improve tracing of message exchange run e.g. as ``` nim c -r -d:debug -d:chronicles_enabled=on -d:chronicles_log_level=TRACE -d:chronicles_sinks=textlines[nocolors,stdout] tests/dht/test_providers.nim >err ``` Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add debug on Handshake timeour Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * queue messages during handshake and send later If a handshake was already in progress, messages were dropped. Instead of this, it is better to queue these and send as soon as the handshake is finished and thus the encryption key is known. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * rename handshakeInProgress to keyexchangeInProgress Handshake is also a name of a message, which makes previous name less clear. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * keyexchangeInProgress: do not remove on handshake received This is the wrong direction, not needed Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix cross-connect key exchange Since key exchange can be started both ways simultaneously, and these might not get finalised with UDP transport, we can't be sure what encryption key will be used by the other side: - the one derived in the key-exchange started by us, - the one derived in the key-exchange started by the other node. To alleviate this issue, we store two decryption keys in each session. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> --------- Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> 2023-11-17 19:50:28 +00:00			`func load*(s: var Sessions, id: NodeId, address: Address, r1, r2, w: var AesKey): bool =`
initial commit based on nim-eth@779d767b024175a51cf74c79ec7513301ebe2f46 2022-02-14 00:51:28 +00:00			`let res = s.get(makeKey(id, address))`
			`if res.isSome():`
			`let val = res.get()`
Fix: arrive to working keys in case of simultaneous cross connect (#84) * improve tracing of message exchange run e.g. as ``` nim c -r -d:debug -d:chronicles_enabled=on -d:chronicles_log_level=TRACE -d:chronicles_sinks=textlines[nocolors,stdout] tests/dht/test_providers.nim >err ``` Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * add debug on Handshake timeour Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * queue messages during handshake and send later If a handshake was already in progress, messages were dropped. Instead of this, it is better to queue these and send as soon as the handshake is finished and thus the encryption key is known. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * rename handshakeInProgress to keyexchangeInProgress Handshake is also a name of a message, which makes previous name less clear. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * keyexchangeInProgress: do not remove on handshake received This is the wrong direction, not needed Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> * fix cross-connect key exchange Since key exchange can be started both ways simultaneously, and these might not get finalised with UDP transport, we can't be sure what encryption key will be used by the other side: - the one derived in the key-exchange started by us, - the one derived in the key-exchange started by the other node. To alleviate this issue, we store two decryption keys in each session. Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> --------- Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com> 2023-11-17 19:50:28 +00:00			`copyMem(addr r1[0], unsafeAddr val[0], sizeof(r1))`
			`copyMem(addr r2[0], unsafeAddr val[sizeof(r1)], sizeof(r2))`
			`copyMem(addr w[0], unsafeAddr val[sizeof(r1) + sizeof(r2)], sizeof(w))`
initial commit based on nim-eth@779d767b024175a51cf74c79ec7513301ebe2f46 2022-02-14 00:51:28 +00:00			`return true`
			`else:`
			`return false`

			`func del*(s: var Sessions, id: NodeId, address: Address) =`
			`s.del(makeKey(id, address))`