Commit Graph

10368 Commits

Author SHA1 Message Date
durch 1386a49a99 Add forward_timeout to LP client config
Add forward_timeout (30s default) to LpConfig and wrap send_forward_packet's
connect_send_receive call with tokio::time::timeout, matching the pattern
used by register() with registration_timeout.

This prevents indefinite hangs when forwarding packets through entry gateway.
2026-01-08 15:45:13 +00:00
durch bb76ff82bd Add LpConfig struct and AIDEV-NOTE documentation for KKT+PSQ
- Create config.rs with LpConfig struct (kem_algorithm, psk_ttl, enable_kkt)
- Export LpConfig from lib.rs
- Add AIDEV-NOTE to psk.rs explaining:
  - Why PSQ is embedded in Noise (single round-trip, PSK binding)
  - KEM migration path (X25519 → MlKem768 → XWing)
- Add AIDEV-NOTE to state_machine.rs explaining protocol flow:
  - KKTExchange → Handshaking → Transport state transitions
  - PSK derivation formula (ECDH || PSQ || salt)
2026-01-08 15:45:13 +00:00
durch b5f1bab87b Deduplicate outer_key lookup pattern in nested_session.rs
Extract common state_machine.session().ok().and_then(...) pattern into
two helper methods:
- get_send_key() for encryption (outer_aead_key_for_sending)
- get_recv_key() for decryption (outer_aead_key)

Updated 6 call sites to use the helpers, reducing verbosity.
2026-01-08 15:45:13 +00:00
durch e096ec9c9e Use explicit bincode Options helper in nested_session
Add bincode_options() helper that returns DefaultOptions with explicit
big_endian and varint_encoding configuration. This future-proofs against
bincode 1.x/2.x default changes and makes serialization format explicit.

Updated all 4 bincode usages in nested_session.rs to use the helper.
2026-01-08 15:45:13 +00:00
durch d09e7a296d Return error on session unavailable in handle_subsession_packet
Replace .session().ok() with proper error handling to fail fast when
session is Closed or Processing after state machine processing.

Previously, the code silently continued with outer_key = None, which
could cause protocol errors downstream.

Closes: nym-8de0
2026-01-08 15:45:13 +00:00
durch 4e8411a728 Add semaphore-based connection limiting for LP packet forwarding
Limits concurrent outbound connections when forwarding LP packets to
prevent file descriptor exhaustion under high load.

Key changes:
- Add max_concurrent_forwards config (default 1000)
- Add forward_semaphore to LpHandlerState
- Acquire semaphore permit before connecting in handle_forward_packet
- Return "Gateway at forward capacity" error when at limit

This provides load signaling so clients can choose another gateway
when the current one is overloaded.

Design note: Connection pooling was considered but provides minimal
benefit since telescope setup is one-time and targets are distributed
across many different gateways. See AIDEV-NOTE in LpHandlerState for
full analysis.

Closes: nym-xi3m
2026-01-08 15:45:13 +00:00
durch 70311da0a6 Fix Zeroizing deref in ed25519 to_x25519 conversion
The from_bytes() function expects &[u8], need to deref the Zeroizing
wrapper to get the inner array.
2026-01-08 15:45:13 +00:00
durch bfd8eb3f2d Return Result from KCP session input() for error detection
Change KcpSession::input() to return Result<(), KcpError> so callers
can detect invalid packets instead of silently ignoring them.

- Add ConvMismatch error variant for conversation ID mismatches
- Update driver to propagate errors from session.input()
- Update all test and example callers

Closes: nym-n0kk
2026-01-08 15:45:13 +00:00
durch dcf5840b11 Zeroize Ed25519 key material in to_x25519 conversion
Wrap hash and x25519_bytes in zeroize::Zeroizing to ensure private
key material is cleared from memory after use.

Closes: nym-k55g
2026-01-08 15:45:12 +00:00
durch 9bcae469fc Increase KCP fragment limit from u8 to u16
- Change frg field from u8 to u16 in packet header (25 bytes total)
- Update encode/decode to use get_u16_le/put_u16_le
- Update Segment struct frg field to u16
- Remove truncating cast in session.rs
- Max message size now ~91MB (65,535 fragments × MTU)
- Internal protocol only, no interop concerns

Nym uses KCP for reliability and multiplexing, not standard real-time
use cases. The u8 limit (255 fragments, ~355KB) was insufficient.

Addresses: nym-yih9
2026-01-08 15:45:12 +00:00
durch 65bd47f342 Add gateway-probe localnet mode with WireGuard tunnel support
Adds localnet testing mode to gateway-probe for LP development:
- Add TestMode enum for different probe configurations
- Add --gateway-ip flag for direct gateway testing
- Implement two-hop WireGuard tunnel for localnet
- Add mock ecash support for testing without real credentials
- Add netstack Go bindings for userspace networking
- Restructure probe with mode and common modules
- Update README with localnet mode documentation
2026-01-08 15:45:12 +00:00
durch 637459b153 Add LP telescoping with nested sessions and subsession support
Extends LP protocol with telescoping architecture for nested sessions:
- Add nested session support with KKpsk0 rekeying
- Add subsession support with collision detection
- Implement unified packet format with outer header
- Refactor gateway handlers for single-packet forwarding
- Add TTL-based state cleanup for stale sessions
- Add outer AEAD encryption layer
- Refactor registration client for packet-per-connection model
2026-01-08 15:45:11 +00:00
durch 0a6f78a921 Implement LP registration protocol with KKT/PSQ integration
Initial implementation of the Lewes Protocol (LP) for gateway registration:
- Add nym-lp crate with Noise protocol handshake
- Add LP listener to gateway for handling registrations
- Add LP client for registration flow
- Integrate KKT for post-quantum KEM key exchange
- Integrate PSQ for post-quantum PSK derivation
- Add Ed25519 authentication throughout
- Add docker/localnet support for testing

Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com>
2026-01-08 15:41:43 +00:00
Georgio Nicolas 539216d585 Add KKT cryptographic primitives
Post-quantum Key Encapsulation Mechanism (KEM) Key Transfer protocol.
Enables efficient distribution of post-quantum KEM public keys.

Squashed from georgio/noise-psq branch.
2026-01-08 14:20:40 +00:00
Tommy Verrall 6fb5d002e6 Merge pull request #6313 from promalert/develop
chore: remove repetitive words in comment
2026-01-08 13:25:29 +01:00
import this 122397f460 [feature/operators]: Improve Ansible UX, Nginx indempotency and error handling (#6310)
* make wireguard enabled flag bulletproof

* correct firewall setting

* add nginx handler

* make systemd template case sensitive

* twek nginx and ssl template

* finalize nginx and certbot configs

* add nginx purge command

* fix typo

* add removing vm guide
2026-01-07 13:45:56 +00:00
Simon Wicky 0f927e85d9 serialize gateway data (#6314) 2026-01-07 11:22:40 +01:00
promalert 09d444b78b chore: remove repetitive words in comment
Signed-off-by: promalert <promalert@outlook.com>
2026-01-07 16:47:40 +08:00
nick1231321 0392778cfd Merge pull request #6237 from nymtech/nicolas/sdk-param-support-debug
Add support for additional configurable parameters in nym-vpn
2026-01-05 13:58:41 +00:00
Simon Wicky d08da7f998 [bugfix] Sqlite transaction escalation was causing errors (#6299)
* well that was an easy fix

* change fn name because somebody wasn't happy about my one line fix
2025-12-18 16:53:33 +01:00
Nicolas Constantinides 2a045a3828 Improved code quality 2025-12-17 14:43:01 -05:00
Jack Wampler ae54e86bf4 add pre-resolve stage that returns addrs if we have used static table previously (#6297) 2025-12-17 09:06:43 -07:00
Andrej Mihajlov 177fbaec99 Add Copy+Clone to nym_client_core::client::topology_control::nym_api_provider::Config (#6296) 2025-12-17 10:00:40 +00:00
dependabot[bot] 9a3a6dff59 build(deps): bump SonarSource/sonarqube-scan-action from 6 to 7 (#6294)
Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 6 to 7.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:17:14 +00:00
dependabot[bot] 05fd287ae6 build(deps): bump mikefarah/yq from 4.49.2 to 4.50.1 (#6293)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.49.2 to 4.50.1.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.49.2...v4.50.1)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-version: 4.50.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:15:36 +00:00
dependabot[bot] eda421d3ab build(deps): bump actions/upload-artifact from 5 to 6 (#6292)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:15:14 +00:00
dependabot[bot] 510c754486 build(deps): bump actions/download-artifact from 6 to 7 (#6291)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:14:50 +00:00
dependabot[bot] 198a245b2c build(deps): bump js-yaml from 3.14.1 to 3.14.2 in /documentation/docs (#6290)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:14:26 +00:00
Nicolas Constantinides 12f465fd2d Improved code quality 2025-12-16 17:37:58 -05:00
Nicolas Constantinides 5fc0784c23 Improved code quality 2025-12-16 17:23:46 -05:00
Nicolas Constantinides e08eb3caef Improve logic for mixnet traffic parameters 2025-12-16 14:19:26 -05:00
benedetta davico 9665aab112 Merge pull request #6280 from nymtech/serinko/nip-4_nip-6/protocol_upgrade
Feature: Add ports for SMTP, Whatsup and Session
2025-12-16 08:28:26 -08:00
dependabot[bot] a3223b4f56 build(deps): bump actions/checkout from 4 to 6 (#6243)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-16 14:59:45 +00:00
Simon Wicky 892341fa59 [chore] clippy fixes and use fixed rust version from REQUIRED_RUSTC_VERSION (#6295)
* clippy fix part 1

* use REQUIRED_RUSTC_VERSION instead of stable

* workflow fix

* forgot latest
2025-12-16 13:53:45 +01:00
benedetta davico 1bf4109398 remove 465 for now 2025-12-16 13:02:15 +01:00
benedetta davico 49e3abddf2 typo 2025-12-16 13:01:28 +01:00
benedetta davico ade194f2b2 remove 465 until jan 2025-12-16 09:40:47 +01:00
Nicolas Constantinides fa25986f28 apply formatting (cargo fmt) 2025-12-15 06:11:20 -05:00
nick1231321 e6513154d7 Refactor: improve code readability 2025-12-15 06:11:20 -05:00
Nicolas Constantinides 290dec78a1 Modified MixnetClientConfig and some associated functions to support some new parameters 2025-12-15 06:11:20 -05:00
dependabot[bot] 2f2ab9c356 build(deps): bump next in /nym-node-status-api/nym-node-status-ui (#6289)
Bumps [next](https://github.com/vercel/next.js) from 15.4.9 to 15.4.10.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/compare/v15.4.9...v15.4.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.4.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:12:10 +00:00
dependabot[bot] 59e720af6f build(deps): bump mikefarah/yq from 4.48.1 to 4.49.2 (#6242)
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.48.1 to 4.49.2.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.48.1...v4.49.2)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-version: 4.49.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:07:55 +00:00
dependabot[bot] c202d5cf49 build(deps): bump actions/upload-artifact from 4 to 5 (#6241)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:07:47 +00:00
dependabot[bot] 242859527c build(deps): bump actions/download-artifact from 5 to 6 (#6244)
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:04:57 +00:00
dependabot[bot] e97f7f7940 build(deps): bump pnpm/action-setup from 4.1.0 to 4.2.0 (#6245)
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/v4.1.0...v4.2.0)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:04:17 +00:00
dependabot[bot] bedc978f63 build(deps): bump node-forge from 1.3.1 to 1.3.2 (#6246)
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:03:42 +00:00
dependabot[bot] fb07085b90 build(deps-dev): bump node-forge (#6248)
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.0 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.0...v1.3.2)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:03:23 +00:00
dependabot[bot] 57306c3363 build(deps): bump node-forge (#6250)
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:03:06 +00:00
dependabot[bot] a8b9c8c80a build(deps-dev): bump node-forge in /wasm/client/internal-dev (#6251)
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:02:49 +00:00
dependabot[bot] 53b8231f02 build(deps-dev): bump node-forge in /wasm/mix-fetch/internal-dev (#6260)
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.3.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.3)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:02:11 +00:00