LP: announced KEM key hashes (#6349)

* announce KEM key hashes and use generated value within LpStateMachine

* added digest of remote KEM key into LpSession

* changed  constructor to LpSession to take explicit key materials for local and remote

this makes it easier to change keys required by each party without having to change all the interfaces everywhere again

* extended the changes to LpStateMachine constructor

* modify the interface to LpRegistrationHandler and LpListener

* gateway probe fixes

* temp nym-lp-client fixes

* review nits

* remove network test

* introduced v2/nym-nodes/described endpoint for returning nodes description alongside LP data

* missed V1 -> V2 description replacements

* removed deprecated call within mix-fetch

* use old v1 call in network stats
This commit is contained in:
Jędrzej Stuczyński
2026-01-22 14:29:33 +00:00
committed by GitHub
parent 7462926bcf
commit c1ddcc75cf
75 changed files with 2930 additions and 2334 deletions
+23 -21
View File
@@ -11,8 +11,8 @@ mod tests {
use nym_gateway::GatewayError;
use nym_gateway::node::lp_listener::handler::LpConnectionHandler;
use nym_gateway::node::lp_listener::{
LpDebug, LpHandlerState, MixForwardingReceiver, PeerControlRequest, WireguardGatewayData,
mix_forwarding_channels,
LpDebug, LpHandlerState, LpLocalPeer, MixForwardingReceiver, PeerControlRequest,
WireguardGatewayData, mix_forwarding_channels,
};
use nym_gateway::node::{ActiveClientsStore, GatewayStorage, LpConfig};
use nym_registration_client::{LpClientError, LpRegistrationClient};
@@ -46,7 +46,7 @@ mod tests {
}
struct Party {
ed25519_keys: Arc<ed25519::KeyPair>,
peer: LpLocalPeer,
x25519_wg_keys: Arc<x25519::KeyPair>,
socket_addr: SocketAddr,
}
@@ -58,10 +58,15 @@ mod tests {
rng.fill_bytes(&mut ip);
rng.fill_bytes(&mut port);
let ed25519_keys = Arc::new(ed25519::KeyPair::new(rng));
let x25519_wg_keys = Arc::new(x25519::KeyPair::new(rng));
let lp_x25519_keys = Arc::new(ed25519_keys.to_x25519());
Party {
ed25519_keys: Arc::new(ed25519::KeyPair::new(rng)),
x25519_wg_keys: Arc::new(x25519::KeyPair::new(rng)),
peer: LpLocalPeer::new(ed25519_keys, lp_x25519_keys.clone())
.with_kem_psq_key(lp_x25519_keys),
x25519_wg_keys,
socket_addr: SocketAddr::from((ip, u16::from_le_bytes(port))),
}
}
@@ -207,10 +212,8 @@ mod tests {
// use in-memory database (no need for persistency)
storage,
// reuse the same identity we just generated
local_identity: base.ed25519_keys.clone(),
local_lp_peer: base.peer.clone(),
// we don't care about metrics - all zeroes are perfectly fine
metrics: Default::default(),
// no clients at the beginning
@@ -386,8 +389,8 @@ mod tests {
let mut entry = Gateway::mock(&mut gateway_rng).await?;
let mut client = LpRegistrationClient::<MockIOStream>::new_with_default_config(
client_data.base.ed25519_keys,
*entry.base.ed25519_keys.public_key(),
client_data.base.peer.ed25519().clone(),
entry.base.peer.as_remote(),
entry.base.socket_addr,
client_data.base.socket_addr.ip(),
);
@@ -436,7 +439,7 @@ mod tests {
// 6. perform registration with entry only
let wg_keypair = client_data.base.x25519_wg_keys;
let gateway_identity = entry.base.ed25519_keys.public_key();
let gateway_identity = entry.base.peer.ed25519().public_key();
let registration_result = client
.register(
&wg_keypair,
@@ -477,8 +480,8 @@ mod tests {
let mut entry = Gateway::mock(&mut gateway_rng).await?;
let mut client = LpRegistrationClient::<MockIOStream>::new_with_default_config(
client_data.base.ed25519_keys,
*entry.base.ed25519_keys.public_key(),
client_data.base.peer.ed25519().clone(),
entry.base.peer.as_remote(),
entry.base.socket_addr,
client_data.base.socket_addr.ip(),
);
@@ -502,7 +505,7 @@ mod tests {
// 4. perform registration with entry only
// but WITHOUT performing the handshake
let wg_keypair = client_data.base.x25519_wg_keys;
let gateway_identity = entry.base.ed25519_keys.public_key();
let gateway_identity = entry.base.peer.ed25519().public_key();
let registration_result = client
.register(
&wg_keypair,
@@ -537,8 +540,8 @@ mod tests {
let mut exit = Gateway::mock(&mut exit_rng).await?;
let mut entry_client = LpRegistrationClient::<MockIOStream>::new_with_default_config(
client_data.base.ed25519_keys.clone(),
*entry.base.ed25519_keys.public_key(),
client_data.base.peer.ed25519().clone(),
entry.base.peer.as_remote(),
entry.base.socket_addr,
client_data.base.socket_addr.ip(),
);
@@ -636,10 +639,9 @@ mod tests {
// technically we should use different ephemeral keys than we had for the entry
// but crypto is going to work the same
let mut nested_session = NestedLpSession::new(
exit.base.ed25519_keys.public_key().to_bytes(),
exit.base.socket_addr.to_string(),
client_data.base.ed25519_keys,
*exit.base.ed25519_keys.public_key(),
client_data.base.peer.ed25519().clone(),
exit.base.peer.as_remote(),
);
// 13. Perform handshake and registration with exit gateway (all via entry forwarding)
@@ -647,7 +649,7 @@ mod tests {
.handshake_and_register(
&mut entry_client,
&client_data.base.x25519_wg_keys,
exit.base.ed25519_keys.public_key(),
exit.base.peer.ed25519().public_key(),
&client_data.ticket_provider,
TicketType::V1WireguardExit,
client_data.base.socket_addr.ip(),
@@ -659,7 +661,7 @@ mod tests {
let entry_registration_result = entry_client
.register(
&client_data.base.x25519_wg_keys,
entry.base.ed25519_keys.public_key(),
entry.base.peer.ed25519().public_key(),
&client_data.ticket_provider,
TicketType::V1WireguardEntry,
)