removing dead code
This commit is contained in:
@@ -22,7 +22,7 @@ hkdf = { workspace = true, optional = true }
|
||||
hmac = { workspace = true, optional = true }
|
||||
jwt-simple = { workspace = true, optional = true }
|
||||
libcrux-psq = { workspace = true, optional = true }
|
||||
libcrux-curve25519 = { workspace = true }
|
||||
libcrux-curve25519 = { workspace = true, optional = true }
|
||||
cipher = { workspace = true, optional = true }
|
||||
x25519-dalek = { workspace = true, features = ["static_secrets"], optional = true }
|
||||
ed25519-dalek = { workspace = true, features = ["rand_core"], optional = true }
|
||||
@@ -50,7 +50,7 @@ nym-test-utils = { workspace = true }
|
||||
default = []
|
||||
aead = ["dep:aead", "aead/std", "aes-gcm-siv", "generic-array"]
|
||||
naive_jwt = ["asymmetric", "jwt-simple"]
|
||||
libcrux_x25519 = ["libcrux-psq"]
|
||||
libcrux_x25519 = ["libcrux-psq", "libcrux-curve25519"]
|
||||
serde = ["dep:serde", "serde_bytes", "ed25519-dalek/serde", "x25519-dalek/serde"]
|
||||
asymmetric = ["x25519-dalek", "ed25519-dalek", "curve25519-dalek", "sha2", "zeroize"]
|
||||
hashing = ["blake3", "digest", "hkdf", "hmac", "generic-array", "sha2", "zeroize"]
|
||||
|
||||
@@ -7,7 +7,7 @@ use std::fmt::{self, Debug, Display, Formatter};
|
||||
use std::ops::Deref;
|
||||
use std::str::FromStr;
|
||||
use thiserror::Error;
|
||||
use zeroize::{Zeroize, ZeroizeOnDrop, Zeroizing};
|
||||
use zeroize::{Zeroize, ZeroizeOnDrop};
|
||||
|
||||
#[cfg(feature = "rand")]
|
||||
use rand::{CryptoRng, RngCore};
|
||||
@@ -45,6 +45,9 @@ pub enum KeyRecoveryError {
|
||||
#[source]
|
||||
source: bs58::decode::Error,
|
||||
},
|
||||
|
||||
#[error("the x25519 private key could not be converted to its PSQ representation")]
|
||||
IncompatiblePSQPrivateKey,
|
||||
}
|
||||
|
||||
#[derive(Zeroize, ZeroizeOnDrop)]
|
||||
@@ -415,37 +418,46 @@ impl AsRef<[u8]> for PrivateKey {
|
||||
|
||||
// libcrux-psq conversion
|
||||
#[cfg(feature = "libcrux_x25519")]
|
||||
impl From<PrivateKey> for libcrux_psq::handshake::types::DHPrivateKey {
|
||||
fn from(key: PrivateKey) -> libcrux_psq::handshake::types::DHPrivateKey {
|
||||
Self::from(&key)
|
||||
impl TryFrom<PrivateKey> for libcrux_psq::handshake::types::DHPrivateKey {
|
||||
type Error = KeyRecoveryError;
|
||||
|
||||
fn try_from(
|
||||
key: PrivateKey,
|
||||
) -> Result<libcrux_psq::handshake::types::DHPrivateKey, Self::Error> {
|
||||
Self::try_from(&key)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "libcrux_x25519")]
|
||||
impl From<libcrux_psq::handshake::types::DHPrivateKey> for PrivateKey {
|
||||
fn from(key: libcrux_psq::handshake::types::DHPrivateKey) -> PrivateKey {
|
||||
// SAFETY: we're using valid x25519 private key
|
||||
// #[allow(clippy::unwrap_used)]
|
||||
// SAFETY: the DHPrivateKey is guaranteed to be 32 bytes in length
|
||||
#[allow(clippy::unwrap_used)]
|
||||
PrivateKey::from_bytes(key.as_ref()).unwrap()
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "libcrux_x25519")]
|
||||
impl From<&PrivateKey> for libcrux_psq::handshake::types::DHPrivateKey {
|
||||
fn from(key: &PrivateKey) -> libcrux_psq::handshake::types::DHPrivateKey {
|
||||
// SAFETY: we're using valid x25519 private key
|
||||
// #[allow(clippy::unwrap_used)]
|
||||
let mut private_key_bytes = Zeroizing::new(key.to_bytes());
|
||||
impl TryFrom<&PrivateKey> for libcrux_psq::handshake::types::DHPrivateKey {
|
||||
type Error = KeyRecoveryError;
|
||||
|
||||
fn try_from(
|
||||
key: &PrivateKey,
|
||||
) -> Result<libcrux_psq::handshake::types::DHPrivateKey, Self::Error> {
|
||||
let mut private_key_bytes = zeroize::Zeroizing::new(key.to_bytes());
|
||||
libcrux_curve25519::clamp(&mut private_key_bytes);
|
||||
libcrux_psq::handshake::types::DHPrivateKey::from_bytes(&private_key_bytes).unwrap()
|
||||
match libcrux_psq::handshake::types::DHPrivateKey::from_bytes(&private_key_bytes) {
|
||||
Ok(key) => Ok(key),
|
||||
Err(_) => Err(KeyRecoveryError::IncompatiblePSQPrivateKey),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "libcrux_x25519")]
|
||||
impl From<&libcrux_psq::handshake::types::DHPrivateKey> for PrivateKey {
|
||||
fn from(key: &libcrux_psq::handshake::types::DHPrivateKey) -> PrivateKey {
|
||||
// SAFETY: we're using valid x25519 private key
|
||||
// #[allow(clippy::unwrap_used)]
|
||||
// SAFETY: the DHPrivateKey is guaranteed to be 32 bytes in length
|
||||
#[allow(clippy::unwrap_used)]
|
||||
PrivateKey::from_bytes(key.as_ref()).unwrap()
|
||||
}
|
||||
}
|
||||
@@ -460,18 +472,22 @@ impl From<PublicKey> for libcrux_psq::handshake::types::DHPublicKey {
|
||||
#[cfg(feature = "libcrux_x25519")]
|
||||
impl From<libcrux_psq::handshake::types::DHPublicKey> for PublicKey {
|
||||
fn from(key: libcrux_psq::handshake::types::DHPublicKey) -> PublicKey {
|
||||
// SAFETY: we're using correct 32 bytes representation
|
||||
// #[allow(clippy::unwrap_used)]
|
||||
// SAFETY: the DHPublicKey is guaranteed to be 32 bytes in length
|
||||
#[allow(clippy::unwrap_used)]
|
||||
PublicKey::from_bytes(key.as_ref()).unwrap()
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "libcrux_x25519")]
|
||||
impl From<KeyPair> for libcrux_psq::handshake::types::DHKeyPair {
|
||||
fn from(key: KeyPair) -> libcrux_psq::handshake::types::DHKeyPair {
|
||||
libcrux_psq::handshake::types::DHKeyPair::from(
|
||||
libcrux_psq::handshake::types::DHPrivateKey::from(&key.private_key),
|
||||
)
|
||||
impl TryFrom<KeyPair> for libcrux_psq::handshake::types::DHKeyPair {
|
||||
type Error = KeyRecoveryError;
|
||||
|
||||
fn try_from(
|
||||
key: KeyPair,
|
||||
) -> Result<libcrux_psq::handshake::types::DHKeyPair, KeyRecoveryError> {
|
||||
Ok(libcrux_psq::handshake::types::DHKeyPair::from(
|
||||
libcrux_psq::handshake::types::DHPrivateKey::try_from(&key.private_key)?,
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -106,7 +106,7 @@ impl<'a> KKTInitiator<'a> {
|
||||
) -> Result<ProcessedKKTResponse, KKTError> {
|
||||
let decrypted_response_bytes = self.carrier.decrypt(&response.encrypted_frame)?;
|
||||
let response_frame = KKTFrame::from_bytes(&decrypted_response_bytes)?;
|
||||
initiator_ingest_response(&mut self.context, &response_frame, self.expected_hash)
|
||||
initiator_ingest_response(&self.context, &response_frame, self.expected_hash)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@
|
||||
use crate::error::MalformedLpPacketError;
|
||||
use bytes::{BufMut, BytesMut};
|
||||
use num_enum::{IntoPrimitive, TryFromPrimitive};
|
||||
use nym_crypto::asymmetric::ed25519;
|
||||
use std::fmt;
|
||||
use std::fmt::Display;
|
||||
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
|
||||
@@ -226,16 +225,20 @@ impl ForwardPacketData {
|
||||
b.len()
|
||||
)));
|
||||
}
|
||||
// Ipv6Addr::from_octets is not available until 1.91 so we have to use
|
||||
// the slightly less obvious u128 conversion
|
||||
// SAFETY: we ensured we have sufficient data, and the length is correct for casting
|
||||
#[allow(clippy::unwrap_used)]
|
||||
let ipv6 = IpAddr::V6(Ipv6Addr::from_octets(b[1..17].try_into().unwrap()));
|
||||
let ipv6 = IpAddr::V6(Ipv6Addr::from_bits(u128::from_be_bytes(
|
||||
b[1..17].try_into().unwrap(),
|
||||
)));
|
||||
let port = u16::from_le_bytes([b[17], b[18]]);
|
||||
(SocketAddr::new(ipv6, port), 19)
|
||||
} else {
|
||||
// IPv4. Length check done at the start
|
||||
// SAFETY: we ensured we have sufficient data, and the length is correct for casting
|
||||
#[allow(clippy::unwrap_used)]
|
||||
let ipv4 = IpAddr::V4(Ipv4Addr::from_octets(b[1..5].try_into().unwrap()));
|
||||
|
||||
// Ipv4Addr::from_octets is not available until 1.91
|
||||
let ipv4 = IpAddr::V4(Ipv4Addr::new(b[1], b[2], b[3], b[4]));
|
||||
let port = u16::from_le_bytes([b[5], b[6]]);
|
||||
(SocketAddr::new(ipv4, port), 7)
|
||||
};
|
||||
|
||||
@@ -42,7 +42,7 @@ pub trait LpHandshakeChannel: Sized {
|
||||
expected_size: usize,
|
||||
) -> Result<M, LpTransportError> {
|
||||
let bytes = self.read_n_bytes(expected_size).await?;
|
||||
M::try_from_bytes(bytes).map_err(Into::into)
|
||||
M::try_from_bytes(bytes)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+21
-42
@@ -5,10 +5,11 @@ use crate::{LpError, LpMessage};
|
||||
use bytes::BytesMut;
|
||||
use libcrux_psq::Channel;
|
||||
use nym_lp_packet::{EncryptedLpPacket, InnerHeader, LpHeader, LpPacket, OuterHeader};
|
||||
use nym_lp_transport::traits::LpTransportChannel;
|
||||
use tracing::error;
|
||||
|
||||
pub(crate) const CIPHERTEXT_OVERHEAD: usize = 25;
|
||||
// wtf, why are those different?!
|
||||
pub(crate) const ENC_OVERHEAD: usize = 26;
|
||||
pub(crate) const DEC_OVERHEAD: usize = 25;
|
||||
|
||||
/// Parse only the outer header from raw packet bytes.
|
||||
///
|
||||
@@ -24,45 +25,20 @@ pub fn parse_lp_header_only(src: &[u8]) -> Result<OuterHeader, LpError> {
|
||||
Ok(OuterHeader::parse(src)?)
|
||||
}
|
||||
|
||||
// /// Parses a complete Lewes Protocol packet from a byte slice (e.g., a UDP datagram payload).
|
||||
// ///
|
||||
// /// # Arguments
|
||||
// /// * `outer_header` - The parsed OuterHeader from the underlying stream
|
||||
// /// * `plaintext` - the decrypted plaintext of the remainer of the packet
|
||||
// ///
|
||||
// /// # Errors
|
||||
// /// * `LpError::InsufficientBufferSize` - Packet too small
|
||||
// pub fn parse_lp_packet(outer_header: OuterHeader, plaintext: &[u8]) -> Result<LpPacket, LpError> {
|
||||
// todo!()
|
||||
// // if plaintext.len() < InnerHeader::SIZE {
|
||||
// // return Err(LpError::InsufficientBufferSize);
|
||||
// // }
|
||||
// //
|
||||
// // let inner_header = InnerHeader::parse(plaintext)?;
|
||||
// // let payload = &plaintext[InnerHeader::SIZE..];
|
||||
// // let message = LpMessage::decode_content(payload, inner_header.message_type)?;
|
||||
// //
|
||||
// // Ok(LpPacket {
|
||||
// // header: LpHeader {
|
||||
// // outer: outer_header,
|
||||
// // inner: inner_header,
|
||||
// // },
|
||||
// // message,
|
||||
// // })
|
||||
// }
|
||||
|
||||
pub(crate) fn encrypt_data(
|
||||
plaintext: &[u8],
|
||||
transport: &mut libcrux_psq::session::Transport,
|
||||
) -> Result<Vec<u8>, LpError> {
|
||||
let mut ciphertext = vec![0u8; plaintext.len() + CIPHERTEXT_OVERHEAD + 64];
|
||||
let n = transport.write_message(&*plaintext, &mut ciphertext)?;
|
||||
let mut ciphertext = vec![0u8; plaintext.len() + ENC_OVERHEAD];
|
||||
let n = transport.write_message(plaintext, &mut ciphertext)?;
|
||||
|
||||
if plaintext.len() + CIPHERTEXT_OVERHEAD != n {
|
||||
// TODO: check consistency
|
||||
error!("FIXME: inconsistent ciphertext overhead")
|
||||
if plaintext.len() + ENC_OVERHEAD != n {
|
||||
error!(
|
||||
"FIXME: inconsistent ciphertext overhead. expected: {ENC_OVERHEAD}, actual: {}",
|
||||
n - plaintext.len()
|
||||
);
|
||||
ciphertext.truncate(n);
|
||||
}
|
||||
ciphertext.truncate(n);
|
||||
|
||||
Ok(ciphertext)
|
||||
}
|
||||
@@ -71,17 +47,20 @@ pub(crate) fn decrypt_data(
|
||||
ciphertext: &[u8],
|
||||
transport: &mut libcrux_psq::session::Transport,
|
||||
) -> Result<Vec<u8>, LpError> {
|
||||
if ciphertext.len() < CIPHERTEXT_OVERHEAD {
|
||||
if ciphertext.len() < DEC_OVERHEAD {
|
||||
return Err(LpError::InsufficientBufferSize);
|
||||
}
|
||||
let mut plaintext = vec![0u8; ciphertext.len() - CIPHERTEXT_OVERHEAD];
|
||||
let mut plaintext = vec![0u8; ciphertext.len() - DEC_OVERHEAD];
|
||||
|
||||
let (_, n) = transport.read_message(&ciphertext, &mut plaintext)?;
|
||||
if n != ciphertext.len() - CIPHERTEXT_OVERHEAD {
|
||||
let (_, n) = transport.read_message(ciphertext, &mut plaintext)?;
|
||||
if n != ciphertext.len() - DEC_OVERHEAD {
|
||||
// TODO: check consistency
|
||||
error!("FIXME: inconsistent ciphertext overhead")
|
||||
error!(
|
||||
"FIXME: inconsistent ciphertext overhead. expected: {DEC_OVERHEAD}, actual: {}",
|
||||
ciphertext.len() - n
|
||||
);
|
||||
plaintext.truncate(n);
|
||||
}
|
||||
plaintext.truncate(n);
|
||||
Ok(plaintext)
|
||||
}
|
||||
|
||||
@@ -102,7 +81,7 @@ pub fn decrypt_lp_packet(
|
||||
packet: EncryptedLpPacket,
|
||||
transport: &mut libcrux_psq::session::Transport,
|
||||
) -> Result<LpPacket, LpError> {
|
||||
if packet.ciphertext().len() < InnerHeader::SIZE + CIPHERTEXT_OVERHEAD {
|
||||
if packet.ciphertext().len() < InnerHeader::SIZE + ENC_OVERHEAD {
|
||||
return Err(LpError::InsufficientBufferSize);
|
||||
}
|
||||
|
||||
|
||||
@@ -19,7 +19,6 @@ use libcrux_psq::{Channel, IntoSession};
|
||||
use nym_kkt::initiator::KKTInitiator;
|
||||
use nym_kkt::keys::EncapsulationKey;
|
||||
use nym_kkt::message::{KKTRequest, KKTResponse};
|
||||
use nym_kkt_ciphersuite::KEM;
|
||||
use nym_lp_transport::traits::LpHandshakeChannel;
|
||||
use rand09::SeedableRng;
|
||||
use tracing::debug;
|
||||
@@ -141,7 +140,6 @@ where
|
||||
|
||||
// 4. generate and send PSQ request
|
||||
let protocol = self.initiator_data.protocol_version;
|
||||
let kem = ciphersuite.kem();
|
||||
let conn = self.inner_state.connection;
|
||||
|
||||
// note: the clone is cheap due to internal Arcs
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
use crate::peer::{LpLocalPeer, LpRemotePeer};
|
||||
use nym_kkt_ciphersuite::{Ciphersuite, HashFunction, IntoEnumIterator, KEM, SignatureScheme};
|
||||
use nym_kkt_ciphersuite::{HashFunction, IntoEnumIterator, KEM, SignatureScheme};
|
||||
use nym_lp_packet::version;
|
||||
use nym_lp_transport::traits::LpHandshakeChannel;
|
||||
|
||||
@@ -116,7 +116,6 @@ mod tests {
|
||||
use libcrux_psq::session::{Session, SessionBinding};
|
||||
use libcrux_psq::{Channel, IntoSession};
|
||||
use nym_kkt::initiator::KKTInitiator;
|
||||
use nym_kkt::message::KKTRequest;
|
||||
use nym_kkt::responder::KKTResponder;
|
||||
use nym_kkt_ciphersuite::{HashFunction, KEM, SignatureScheme};
|
||||
use nym_test_utils::helpers::{
|
||||
|
||||
@@ -15,10 +15,9 @@ use crate::{LpError, LpMessage, LpPacket, ReceivingKeyCounterValidator};
|
||||
use libcrux_psq::handshake::types::{Authenticator, DHPublicKey};
|
||||
use libcrux_psq::session::{Session, SessionBinding};
|
||||
use nym_kkt::keys::EncapsulationKey;
|
||||
use nym_kkt_ciphersuite::{Ciphersuite, HashFunction, HashLength, KEM, SignatureScheme};
|
||||
use nym_kkt_ciphersuite::Ciphersuite;
|
||||
use nym_lp_packet::{ApplicationData, EncryptedLpPacket, LpHeader};
|
||||
use nym_lp_transport::LpHandshakeChannel;
|
||||
use nym_lp_transport::traits::LpTransportChannel;
|
||||
use std::fmt::{Debug, Formatter};
|
||||
|
||||
pub type SessionId = [u8; 32];
|
||||
@@ -98,9 +97,6 @@ impl Debug for LpSession {
|
||||
|
||||
impl LpSession {
|
||||
/// Creates a new session after completed KTT/PSQ exchange
|
||||
///
|
||||
/// # Arguments
|
||||
|
||||
pub fn new(
|
||||
mut psq_session: Session,
|
||||
session_binding: PersistentSessionBinding,
|
||||
@@ -157,7 +153,7 @@ impl LpSession {
|
||||
&self.session_binding
|
||||
}
|
||||
|
||||
pub(crate) fn active_transport(&mut self) -> &mut libcrux_psq::session::Transport {
|
||||
pub fn active_transport(&mut self) -> &mut libcrux_psq::session::Transport {
|
||||
&mut self.active_transport
|
||||
}
|
||||
|
||||
|
||||
@@ -213,7 +213,7 @@ impl LpStateMachine {
|
||||
mut state: LpTransportState,
|
||||
input: LpInput,
|
||||
) -> (LpState, Option<Result<LpAction, LpError>>) {
|
||||
let mut session = &mut state.session;
|
||||
let session = &mut state.session;
|
||||
match input {
|
||||
LpInput::ReceivePacket(packet) => {
|
||||
// Check if packet lp_id matches our session
|
||||
@@ -263,12 +263,12 @@ impl LpStateMachine {
|
||||
}
|
||||
LpInput::SendData(data) => {
|
||||
// Encrypt and send application data
|
||||
let result_action = match self.prepare_data_packet(&mut session, data) {
|
||||
let result_action = match self.prepare_data_packet(session, data) {
|
||||
Ok(packet) => Some(Ok(LpAction::SendPacket(packet))),
|
||||
Err(e) => {
|
||||
// If prepare fails, should we close? Let's report error and stay Transport for now.
|
||||
// Alternative: transition to Closed state.
|
||||
Some(Err(e.into()))
|
||||
Some(Err(e))
|
||||
}
|
||||
};
|
||||
// Remain in transport state
|
||||
|
||||
@@ -709,158 +709,6 @@ where
|
||||
}))
|
||||
}
|
||||
|
||||
/// Sends a ForwardPacket message to the entry gateway for forwarding to the exit gateway.
|
||||
///
|
||||
/// This method constructs a ForwardPacket containing the target gateway's identity,
|
||||
/// address, and the inner LP packet bytes, encrypts it through the outer session
|
||||
/// (client-entry), and receives the response from the exit gateway via the entry gateway.
|
||||
///
|
||||
/// Uses the persistent TCP connection established during handshake.
|
||||
/// Multiple forward packets can be sent on the same connection.
|
||||
///
|
||||
/// # Arguments
|
||||
/// * `forward_data` - encapsulated target gateway's ed25519 identity, socket address and serialised inner LP packet
|
||||
///
|
||||
/// # Returns
|
||||
/// * `Ok(Vec<u8>)` - Decrypted response bytes from the exit gateway
|
||||
///
|
||||
/// # Errors
|
||||
/// Returns an error if:
|
||||
/// - Handshake has not been completed
|
||||
/// - Serialization fails
|
||||
/// - Encryption or network transmission fails
|
||||
/// - Response decryption fails
|
||||
///
|
||||
/// # Example Flow
|
||||
/// ```ignore
|
||||
/// // Construct inner packet for exit gateway (ClientHello, handshake, etc.)
|
||||
/// let inner_packet = LpPacket::new(...);
|
||||
/// let inner_bytes = serialize_lp_packet(&inner_packet, &mut BytesMut::new())?;
|
||||
///
|
||||
/// // Forward through entry gateway
|
||||
/// let response_bytes = client.send_forward_packet(
|
||||
/// exit_identity,
|
||||
/// "2.2.2.2:41264".to_string(),
|
||||
/// inner_bytes.to_vec(),
|
||||
/// ).await?;
|
||||
/// ```
|
||||
pub async fn send_forward_packet_with_response(
|
||||
&mut self,
|
||||
forward_data: ForwardPacketData,
|
||||
) -> Result<Vec<u8>> {
|
||||
let target_address = forward_data.target_lp_address;
|
||||
|
||||
tracing::debug!(
|
||||
"Sending ForwardPacket to {target_address} ({} inner bytes)",
|
||||
forward_data.inner_packet_bytes.len()
|
||||
);
|
||||
|
||||
// 1. Serialize the ForwardPacketData
|
||||
let input = convert_forward_data(forward_data)?;
|
||||
|
||||
// 2. Encrypt and prepare packet via state machine
|
||||
let state_machine = self.state_machine_mut()?;
|
||||
|
||||
let action = state_machine
|
||||
.process_input(input)
|
||||
.ok_or(LpClientError::UnexpectedStateMachineHalt)??;
|
||||
|
||||
let forward_packet = match action {
|
||||
LpAction::SendPacket(packet) => packet,
|
||||
action => return Err(LpClientError::UnexpectedStateMachineAction { action }),
|
||||
};
|
||||
|
||||
// 3. Send and receive on persistent connection with timeout
|
||||
// let response_packet = tokio::time::timeout(self.config.forward_timeout, async {
|
||||
// todo!()
|
||||
// // self.try_send_packet(&forward_packet).await?;
|
||||
// // self.try_receive_packet().await
|
||||
// })
|
||||
// .await
|
||||
// .map_err(|_| {
|
||||
// LpClientError::Transport(format!(
|
||||
// "Forward packet timeout after {:?}",
|
||||
// self.config.forward_timeout
|
||||
// ))
|
||||
// })??;
|
||||
// tracing::trace!("Received response packet from entry gateway");
|
||||
|
||||
todo!()
|
||||
//
|
||||
// // 4. Decrypt via state machine (re-borrow)
|
||||
// let state_machine = self
|
||||
// .state_machine
|
||||
// .as_mut()
|
||||
// .ok_or_else(|| LpClientError::transport("State machine disappeared unexpectedly"))?;
|
||||
// let action = state_machine
|
||||
// .process_input(LpInput::ReceivePacket(response_packet))
|
||||
// .ok_or(LpClientError::UnexpectedStateMachineHalt)?
|
||||
// .map_err(|e| {
|
||||
// LpClientError::Transport(format!("Failed to decrypt forward response: {e}"))
|
||||
// })?;
|
||||
//
|
||||
// // 5. Extract decrypted response data
|
||||
// let response_data = try_convert_forward_response(action)?;
|
||||
//
|
||||
// tracing::debug!(
|
||||
// "Successfully received forward response from {target_address} ({} bytes)",
|
||||
// response_data.len()
|
||||
// );
|
||||
//
|
||||
// Ok(response_data)
|
||||
}
|
||||
|
||||
/// Wrap data in an LP packet for UDP transmission to the data plane (port 51264).
|
||||
///
|
||||
/// This method encrypts the provided data using the established LP session
|
||||
/// and returns serialized LP packet bytes ready to send over UDP.
|
||||
///
|
||||
/// # Prerequisites
|
||||
/// - Handshake must be completed (`perform_handshake()`)
|
||||
///
|
||||
/// # Arguments
|
||||
/// * `data` - Raw application data to wrap (e.g., Sphinx packet bytes)
|
||||
///
|
||||
/// # Returns
|
||||
/// * `Ok(Vec<u8>)` - Serialized LP packet bytes (outer header + encrypted payload)
|
||||
///
|
||||
/// # Wire Format
|
||||
/// The returned bytes are in LP wire format:
|
||||
/// - Outer header (12B): receiver_idx(4) + counter(8) - always cleartext
|
||||
/// - Encrypted payload: proto(1) + reserved(3) + msg_type(4) + content + tag(16)
|
||||
///
|
||||
/// # Usage
|
||||
/// After LP handshake, wrap Sphinx packets before sending to gateway's LP data port:
|
||||
/// ```ignore
|
||||
/// client.perform_handshake().await?;
|
||||
/// let sphinx_bytes = build_sphinx_packet(...);
|
||||
/// let lp_bytes = client.wrap_data(&sphinx_bytes)?;
|
||||
/// socket.send_to(&lp_bytes, gateway_lp_data_address).await?; // UDP:51264
|
||||
/// ```
|
||||
pub fn wrap_data(&mut self, data: &[u8]) -> Result<Vec<u8>> {
|
||||
let state_machine = self.state_machine_mut()?;
|
||||
|
||||
// Process data through state machine to create LP packet
|
||||
let action = state_machine
|
||||
.process_input(LpInput::SendData(LpData::new_opaque(data.to_vec())))
|
||||
.ok_or(LpClientError::UnexpectedStateMachineHalt)??;
|
||||
|
||||
let packet = match action {
|
||||
LpAction::SendPacket(packet) => packet,
|
||||
action => return Err(LpClientError::UnexpectedStateMachineAction { action }),
|
||||
};
|
||||
|
||||
// Get outer AEAD key for encryption
|
||||
|
||||
// Serialize the packet with outer AEAD encryption
|
||||
let mut buf = BytesMut::new();
|
||||
todo!()
|
||||
// serialize_lp_packet(&packet, &mut buf, Some(outer_key))
|
||||
// .map_err(|e| LpClientError::Transport(format!("Failed to serialize LP packet: {e}")))?;
|
||||
//
|
||||
// Ok(buf.to_vec())
|
||||
}
|
||||
|
||||
/// Get the LP session ID (receiver_idx) for this client.
|
||||
///
|
||||
/// This ID is included in the outer header of LP packets and is used by
|
||||
|
||||
@@ -127,11 +127,13 @@ impl<'a, S> LpHandshakeChannel for NestedConnection<'a, S>
|
||||
where
|
||||
S: LpTransportChannel + LpHandshakeChannel + Unpin,
|
||||
{
|
||||
#[allow(clippy::unimplemented)]
|
||||
async fn write_all_and_flush(&mut self, _: &[u8]) -> Result<(), LpTransportError> {
|
||||
// this is not being called instead we implement `send_handshake_message` directly
|
||||
unimplemented!()
|
||||
}
|
||||
|
||||
#[allow(clippy::unimplemented)]
|
||||
async fn read_n_bytes(&mut self, _: usize) -> Result<Vec<u8>, LpTransportError> {
|
||||
// this is not being called instead we implement `receive_handshake_message` directly
|
||||
unimplemented!()
|
||||
|
||||
@@ -5,25 +5,6 @@ use crate::LpClientError;
|
||||
use nym_lp::state_machine::{LpAction, LpData, LpInput};
|
||||
use nym_lp::{EncryptedLpPacket, LpPacket, LpStateMachine};
|
||||
|
||||
/// Serializes an LP packet to bytes.
|
||||
///
|
||||
/// # Arguments
|
||||
/// * `packet` - The LP packet to serialize
|
||||
///
|
||||
/// # Returns
|
||||
/// * `Ok(Vec<u8>)` - Serialized packet bytes
|
||||
///
|
||||
/// # Errors
|
||||
/// Returns an error if serialization fails
|
||||
pub(crate) fn serialize_packet(packet: &LpPacket) -> Result<Vec<u8>, LpClientError> {
|
||||
todo!()
|
||||
// let mut buf = BytesMut::new();
|
||||
// // Use outer AEAD key when available (after PSK derivation)
|
||||
// serialize_lp_packet(packet, &mut buf, outer_key)
|
||||
// .map_err(|e| LpClientError::Transport(format!("Failed to serialize LP packet: {}", e)))?;
|
||||
// Ok(buf.to_vec())
|
||||
}
|
||||
|
||||
/// Attempt to prepare the provided data for sending by wrapping it in appropriate `LpAction`,
|
||||
/// and attempting to extract `EncryptedLpPacket` from the provided state machine.
|
||||
pub(crate) fn prepare_send_packet(
|
||||
|
||||
Generated
-105
@@ -2871,43 +2871,6 @@ version = "0.15.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
|
||||
|
||||
[[package]]
|
||||
name = "hax-lib"
|
||||
version = "0.3.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "543f93241d32b3f00569201bfce9d7a93c92c6421b23c77864ac929dc947b9fc"
|
||||
dependencies = [
|
||||
"hax-lib-macros",
|
||||
"num-bigint",
|
||||
"num-traits",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hax-lib-macros"
|
||||
version = "0.3.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f8755751e760b11021765bb04cb4a6c4e24742688d9f3aa14c2079638f537b0f"
|
||||
dependencies = [
|
||||
"hax-lib-macros-types",
|
||||
"proc-macro-error2",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn 2.0.100",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hax-lib-macros-types"
|
||||
version = "0.3.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f177c9ae8ea456e2f71ff3c1ea47bf4464f772a05133fcbba56cd5ba169035a2"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"uuid",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "heck"
|
||||
version = "0.4.1"
|
||||
@@ -3841,51 +3804,6 @@ version = "0.2.175"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543"
|
||||
|
||||
[[package]]
|
||||
name = "libcrux-curve25519"
|
||||
version = "0.0.6"
|
||||
source = "git+https://github.com/cryspen/libcrux?rev=b17f8687b67cdcfc10b55aeecc998bbbca28f775#b17f8687b67cdcfc10b55aeecc998bbbca28f775"
|
||||
dependencies = [
|
||||
"libcrux-hacl-rs",
|
||||
"libcrux-macros",
|
||||
"libcrux-secrets",
|
||||
"libcrux-traits",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "libcrux-hacl-rs"
|
||||
version = "0.0.4"
|
||||
source = "git+https://github.com/cryspen/libcrux?rev=b17f8687b67cdcfc10b55aeecc998bbbca28f775#b17f8687b67cdcfc10b55aeecc998bbbca28f775"
|
||||
dependencies = [
|
||||
"libcrux-macros",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "libcrux-macros"
|
||||
version = "0.0.3"
|
||||
source = "git+https://github.com/cryspen/libcrux?rev=b17f8687b67cdcfc10b55aeecc998bbbca28f775#b17f8687b67cdcfc10b55aeecc998bbbca28f775"
|
||||
dependencies = [
|
||||
"quote",
|
||||
"syn 2.0.100",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "libcrux-secrets"
|
||||
version = "0.0.5"
|
||||
source = "git+https://github.com/cryspen/libcrux?rev=b17f8687b67cdcfc10b55aeecc998bbbca28f775#b17f8687b67cdcfc10b55aeecc998bbbca28f775"
|
||||
dependencies = [
|
||||
"hax-lib",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "libcrux-traits"
|
||||
version = "0.0.6"
|
||||
source = "git+https://github.com/cryspen/libcrux?rev=b17f8687b67cdcfc10b55aeecc998bbbca28f775#b17f8687b67cdcfc10b55aeecc998bbbca28f775"
|
||||
dependencies = [
|
||||
"libcrux-secrets",
|
||||
"rand 0.9.2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "libloading"
|
||||
version = "0.7.4"
|
||||
@@ -4438,7 +4356,6 @@ dependencies = [
|
||||
"curve25519-dalek",
|
||||
"ed25519-dalek",
|
||||
"jwt-simple",
|
||||
"libcrux-curve25519",
|
||||
"nym-pemstore",
|
||||
"rand 0.8.5",
|
||||
"rand 0.9.2",
|
||||
@@ -5795,28 +5712,6 @@ dependencies = [
|
||||
"version_check",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-error-attr2"
|
||||
version = "2.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-error2"
|
||||
version = "2.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
|
||||
dependencies = [
|
||||
"proc-macro-error-attr2",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn 2.0.100",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-hack"
|
||||
version = "0.5.20+deprecated"
|
||||
|
||||
Reference in New Issue
Block a user