durch
bb76ff82bd
Add LpConfig struct and AIDEV-NOTE documentation for KKT+PSQ
...
- Create config.rs with LpConfig struct (kem_algorithm, psk_ttl, enable_kkt)
- Export LpConfig from lib.rs
- Add AIDEV-NOTE to psk.rs explaining:
- Why PSQ is embedded in Noise (single round-trip, PSK binding)
- KEM migration path (X25519 → MlKem768 → XWing)
- Add AIDEV-NOTE to state_machine.rs explaining protocol flow:
- KKTExchange → Handshaking → Transport state transitions
- PSK derivation formula (ECDH || PSQ || salt)
2026-01-08 15:45:13 +00:00
durch
b5f1bab87b
Deduplicate outer_key lookup pattern in nested_session.rs
...
Extract common state_machine.session().ok().and_then(...) pattern into
two helper methods:
- get_send_key() for encryption (outer_aead_key_for_sending)
- get_recv_key() for decryption (outer_aead_key)
Updated 6 call sites to use the helpers, reducing verbosity.
2026-01-08 15:45:13 +00:00
durch
e096ec9c9e
Use explicit bincode Options helper in nested_session
...
Add bincode_options() helper that returns DefaultOptions with explicit
big_endian and varint_encoding configuration. This future-proofs against
bincode 1.x/2.x default changes and makes serialization format explicit.
Updated all 4 bincode usages in nested_session.rs to use the helper.
2026-01-08 15:45:13 +00:00
durch
d09e7a296d
Return error on session unavailable in handle_subsession_packet
...
Replace .session().ok() with proper error handling to fail fast when
session is Closed or Processing after state machine processing.
Previously, the code silently continued with outer_key = None, which
could cause protocol errors downstream.
Closes: nym-8de0
2026-01-08 15:45:13 +00:00
durch
4e8411a728
Add semaphore-based connection limiting for LP packet forwarding
...
Limits concurrent outbound connections when forwarding LP packets to
prevent file descriptor exhaustion under high load.
Key changes:
- Add max_concurrent_forwards config (default 1000)
- Add forward_semaphore to LpHandlerState
- Acquire semaphore permit before connecting in handle_forward_packet
- Return "Gateway at forward capacity" error when at limit
This provides load signaling so clients can choose another gateway
when the current one is overloaded.
Design note: Connection pooling was considered but provides minimal
benefit since telescope setup is one-time and targets are distributed
across many different gateways. See AIDEV-NOTE in LpHandlerState for
full analysis.
Closes: nym-xi3m
2026-01-08 15:45:13 +00:00
durch
70311da0a6
Fix Zeroizing deref in ed25519 to_x25519 conversion
...
The from_bytes() function expects &[u8], need to deref the Zeroizing
wrapper to get the inner array.
2026-01-08 15:45:13 +00:00
durch
bfd8eb3f2d
Return Result from KCP session input() for error detection
...
Change KcpSession::input() to return Result<(), KcpError> so callers
can detect invalid packets instead of silently ignoring them.
- Add ConvMismatch error variant for conversation ID mismatches
- Update driver to propagate errors from session.input()
- Update all test and example callers
Closes: nym-n0kk
2026-01-08 15:45:13 +00:00
durch
dcf5840b11
Zeroize Ed25519 key material in to_x25519 conversion
...
Wrap hash and x25519_bytes in zeroize::Zeroizing to ensure private
key material is cleared from memory after use.
Closes: nym-k55g
2026-01-08 15:45:12 +00:00
durch
9bcae469fc
Increase KCP fragment limit from u8 to u16
...
- Change frg field from u8 to u16 in packet header (25 bytes total)
- Update encode/decode to use get_u16_le/put_u16_le
- Update Segment struct frg field to u16
- Remove truncating cast in session.rs
- Max message size now ~91MB (65,535 fragments × MTU)
- Internal protocol only, no interop concerns
Nym uses KCP for reliability and multiplexing, not standard real-time
use cases. The u8 limit (255 fragments, ~355KB) was insufficient.
Addresses: nym-yih9
2026-01-08 15:45:12 +00:00
durch
65bd47f342
Add gateway-probe localnet mode with WireGuard tunnel support
...
Adds localnet testing mode to gateway-probe for LP development:
- Add TestMode enum for different probe configurations
- Add --gateway-ip flag for direct gateway testing
- Implement two-hop WireGuard tunnel for localnet
- Add mock ecash support for testing without real credentials
- Add netstack Go bindings for userspace networking
- Restructure probe with mode and common modules
- Update README with localnet mode documentation
2026-01-08 15:45:12 +00:00
durch
637459b153
Add LP telescoping with nested sessions and subsession support
...
Extends LP protocol with telescoping architecture for nested sessions:
- Add nested session support with KKpsk0 rekeying
- Add subsession support with collision detection
- Implement unified packet format with outer header
- Refactor gateway handlers for single-packet forwarding
- Add TTL-based state cleanup for stale sessions
- Add outer AEAD encryption layer
- Refactor registration client for packet-per-connection model
2026-01-08 15:45:11 +00:00
durch
0a6f78a921
Implement LP registration protocol with KKT/PSQ integration
...
Initial implementation of the Lewes Protocol (LP) for gateway registration:
- Add nym-lp crate with Noise protocol handshake
- Add LP listener to gateway for handling registrations
- Add LP client for registration flow
- Integrate KKT for post-quantum KEM key exchange
- Integrate PSQ for post-quantum PSK derivation
- Add Ed25519 authentication throughout
- Add docker/localnet support for testing
Co-authored-by: Jędrzej Stuczyński <jedrzej.stuczynski@gmail.com >
2026-01-08 15:41:43 +00:00
Georgio Nicolas
539216d585
Add KKT cryptographic primitives
...
Post-quantum Key Encapsulation Mechanism (KEM) Key Transfer protocol.
Enables efficient distribution of post-quantum KEM public keys.
Squashed from georgio/noise-psq branch.
2026-01-08 14:20:40 +00:00
Tommy Verrall
6fb5d002e6
Merge pull request #6313 from promalert/develop
...
chore: remove repetitive words in comment
2026-01-08 13:25:29 +01:00
import this
122397f460
[feature/operators]: Improve Ansible UX, Nginx indempotency and error handling ( #6310 )
...
* make wireguard enabled flag bulletproof
* correct firewall setting
* add nginx handler
* make systemd template case sensitive
* twek nginx and ssl template
* finalize nginx and certbot configs
* add nginx purge command
* fix typo
* add removing vm guide
2026-01-07 13:45:56 +00:00
Simon Wicky
0f927e85d9
serialize gateway data ( #6314 )
2026-01-07 11:22:40 +01:00
promalert
09d444b78b
chore: remove repetitive words in comment
...
Signed-off-by: promalert <promalert@outlook.com >
2026-01-07 16:47:40 +08:00
nick1231321
0392778cfd
Merge pull request #6237 from nymtech/nicolas/sdk-param-support-debug
...
Add support for additional configurable parameters in nym-vpn
2026-01-05 13:58:41 +00:00
Simon Wicky
d08da7f998
[bugfix] Sqlite transaction escalation was causing errors ( #6299 )
...
* well that was an easy fix
* change fn name because somebody wasn't happy about my one line fix
2025-12-18 16:53:33 +01:00
Nicolas Constantinides
2a045a3828
Improved code quality
2025-12-17 14:43:01 -05:00
Jack Wampler
ae54e86bf4
add pre-resolve stage that returns addrs if we have used static table previously ( #6297 )
2025-12-17 09:06:43 -07:00
Andrej Mihajlov
177fbaec99
Add Copy+Clone to nym_client_core::client::topology_control::nym_api_provider::Config ( #6296 )
2025-12-17 10:00:40 +00:00
dependabot[bot]
9a3a6dff59
build(deps): bump SonarSource/sonarqube-scan-action from 6 to 7 ( #6294 )
...
Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action ) from 6 to 7.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases )
- [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: SonarSource/sonarqube-scan-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:17:14 +00:00
dependabot[bot]
05fd287ae6
build(deps): bump mikefarah/yq from 4.49.2 to 4.50.1 ( #6293 )
...
Bumps [mikefarah/yq](https://github.com/mikefarah/yq ) from 4.49.2 to 4.50.1.
- [Release notes](https://github.com/mikefarah/yq/releases )
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt )
- [Commits](https://github.com/mikefarah/yq/compare/v4.49.2...v4.50.1 )
---
updated-dependencies:
- dependency-name: mikefarah/yq
dependency-version: 4.50.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:15:36 +00:00
dependabot[bot]
eda421d3ab
build(deps): bump actions/upload-artifact from 5 to 6 ( #6292 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:15:14 +00:00
dependabot[bot]
510c754486
build(deps): bump actions/download-artifact from 6 to 7 ( #6291 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:14:50 +00:00
dependabot[bot]
198a245b2c
build(deps): bump js-yaml from 3.14.1 to 3.14.2 in /documentation/docs ( #6290 )
...
Bumps [js-yaml](https://github.com/nodeca/js-yaml ) from 3.14.1 to 3.14.2.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2 )
---
updated-dependencies:
- dependency-name: js-yaml
dependency-version: 3.14.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-17 09:14:26 +00:00
Nicolas Constantinides
12f465fd2d
Improved code quality
2025-12-16 17:37:58 -05:00
Nicolas Constantinides
5fc0784c23
Improved code quality
2025-12-16 17:23:46 -05:00
Nicolas Constantinides
e08eb3caef
Improve logic for mixnet traffic parameters
2025-12-16 14:19:26 -05:00
benedetta davico
9665aab112
Merge pull request #6280 from nymtech/serinko/nip-4_nip-6/protocol_upgrade
...
Feature: Add ports for SMTP, Whatsup and Session
2025-12-16 08:28:26 -08:00
dependabot[bot]
a3223b4f56
build(deps): bump actions/checkout from 4 to 6 ( #6243 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-16 14:59:45 +00:00
Simon Wicky
892341fa59
[chore] clippy fixes and use fixed rust version from REQUIRED_RUSTC_VERSION ( #6295 )
...
* clippy fix part 1
* use REQUIRED_RUSTC_VERSION instead of stable
* workflow fix
* forgot latest
2025-12-16 13:53:45 +01:00
benedetta davico
1bf4109398
remove 465 for now
2025-12-16 13:02:15 +01:00
benedetta davico
49e3abddf2
typo
2025-12-16 13:01:28 +01:00
benedetta davico
ade194f2b2
remove 465 until jan
2025-12-16 09:40:47 +01:00
Nicolas Constantinides
fa25986f28
apply formatting (cargo fmt)
2025-12-15 06:11:20 -05:00
nick1231321
e6513154d7
Refactor: improve code readability
2025-12-15 06:11:20 -05:00
Nicolas Constantinides
290dec78a1
Modified MixnetClientConfig and some associated functions to support some new parameters
2025-12-15 06:11:20 -05:00
dependabot[bot]
2f2ab9c356
build(deps): bump next in /nym-node-status-api/nym-node-status-ui ( #6289 )
...
Bumps [next](https://github.com/vercel/next.js ) from 15.4.9 to 15.4.10.
- [Release notes](https://github.com/vercel/next.js/releases )
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js )
- [Commits](https://github.com/vercel/next.js/compare/v15.4.9...v15.4.10 )
---
updated-dependencies:
- dependency-name: next
dependency-version: 15.4.10
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:12:10 +00:00
dependabot[bot]
59e720af6f
build(deps): bump mikefarah/yq from 4.48.1 to 4.49.2 ( #6242 )
...
Bumps [mikefarah/yq](https://github.com/mikefarah/yq ) from 4.48.1 to 4.49.2.
- [Release notes](https://github.com/mikefarah/yq/releases )
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt )
- [Commits](https://github.com/mikefarah/yq/compare/v4.48.1...v4.49.2 )
---
updated-dependencies:
- dependency-name: mikefarah/yq
dependency-version: 4.49.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:07:55 +00:00
dependabot[bot]
c202d5cf49
build(deps): bump actions/upload-artifact from 4 to 5 ( #6241 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:07:47 +00:00
dependabot[bot]
242859527c
build(deps): bump actions/download-artifact from 5 to 6 ( #6244 )
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:04:57 +00:00
dependabot[bot]
e97f7f7940
build(deps): bump pnpm/action-setup from 4.1.0 to 4.2.0 ( #6245 )
...
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/pnpm/action-setup/releases )
- [Commits](https://github.com/pnpm/action-setup/compare/v4.1.0...v4.2.0 )
---
updated-dependencies:
- dependency-name: pnpm/action-setup
dependency-version: 4.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:04:17 +00:00
dependabot[bot]
bedc978f63
build(deps): bump node-forge from 1.3.1 to 1.3.2 ( #6246 )
...
Bumps [node-forge](https://github.com/digitalbazaar/forge ) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md )
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2 )
---
updated-dependencies:
- dependency-name: node-forge
dependency-version: 1.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:03:42 +00:00
dependabot[bot]
fb07085b90
build(deps-dev): bump node-forge ( #6248 )
...
Bumps [node-forge](https://github.com/digitalbazaar/forge ) from 1.3.0 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md )
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.0...v1.3.2 )
---
updated-dependencies:
- dependency-name: node-forge
dependency-version: 1.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:03:23 +00:00
dependabot[bot]
57306c3363
build(deps): bump node-forge ( #6250 )
...
Bumps [node-forge](https://github.com/digitalbazaar/forge ) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md )
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2 )
---
updated-dependencies:
- dependency-name: node-forge
dependency-version: 1.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:03:06 +00:00
dependabot[bot]
a8b9c8c80a
build(deps-dev): bump node-forge in /wasm/client/internal-dev ( #6251 )
...
Bumps [node-forge](https://github.com/digitalbazaar/forge ) from 1.3.1 to 1.3.2.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md )
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2 )
---
updated-dependencies:
- dependency-name: node-forge
dependency-version: 1.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:02:49 +00:00
dependabot[bot]
53b8231f02
build(deps-dev): bump node-forge in /wasm/mix-fetch/internal-dev ( #6260 )
...
Bumps [node-forge](https://github.com/digitalbazaar/forge ) from 1.3.1 to 1.3.3.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md )
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.3 )
---
updated-dependencies:
- dependency-name: node-forge
dependency-version: 1.3.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:02:11 +00:00
dependabot[bot]
fbcd384fc7
build(deps): bump node-forge in /wasm/zknym-lib/internal-dev ( #6261 )
...
Bumps [node-forge](https://github.com/digitalbazaar/forge ) from 1.3.1 to 1.3.3.
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md )
- [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.3 )
---
updated-dependencies:
- dependency-name: node-forge
dependency-version: 1.3.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:01:50 +00:00