-
-
Notifications
You must be signed in to change notification settings - Fork 3k
/
pnet.go
92 lines (76 loc) · 2.07 KB
/
pnet.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package libp2p
import (
"bytes"
"context"
"fmt"
"time"
"github.com/ipfs/kubo/repo"
"github.com/libp2p/go-libp2p"
"github.com/libp2p/go-libp2p/core/host"
"github.com/libp2p/go-libp2p/core/pnet"
"go.uber.org/fx"
"golang.org/x/crypto/salsa20"
"golang.org/x/crypto/sha3"
)
type PNetFingerprint []byte
func PNet(repo repo.Repo) (opts Libp2pOpts, fp PNetFingerprint, err error) {
swarmkey, err := repo.SwarmKey()
if err != nil || swarmkey == nil {
return opts, nil, err
}
psk, err := pnet.DecodeV1PSK(bytes.NewReader(swarmkey))
if err != nil {
return opts, nil, fmt.Errorf("failed to configure private network: %s", err)
}
opts.Opts = append(opts.Opts, libp2p.PrivateNetwork(psk))
return opts, pnetFingerprint(psk), nil
}
func PNetChecker(repo repo.Repo, ph host.Host, lc fx.Lifecycle) error {
// TODO: better check?
swarmkey, err := repo.SwarmKey()
if err != nil || swarmkey == nil {
return err
}
done := make(chan struct{})
lc.Append(fx.Hook{
OnStart: func(_ context.Context) error {
go func() {
t := time.NewTicker(30 * time.Second)
defer t.Stop()
<-t.C // swallow one tick
for {
select {
case <-t.C:
if len(ph.Network().Peers()) == 0 {
log.Warn("We are in private network and have no peers.")
log.Warn("This might be configuration mistake.")
}
case <-done:
return
}
}
}()
return nil
},
OnStop: func(_ context.Context) error {
close(done)
return nil
},
})
return nil
}
func pnetFingerprint(psk pnet.PSK) []byte {
var pskArr [32]byte
copy(pskArr[:], psk)
enc := make([]byte, 64)
zeros := make([]byte, 64)
out := make([]byte, 16)
// We encrypt data first so we don't feed PSK to hash function.
// Salsa20 function is not reversible thus increasing our security margin.
salsa20.XORKeyStream(enc, zeros, []byte("finprint"), &pskArr)
// Then do Shake-128 hash to reduce its length.
// This way if for some reason Shake is broken and Salsa20 preimage is possible,
// attacker has only half of the bytes necessary to recreate psk.
sha3.ShakeSum128(out, enc)
return out
}