Integration with cjdns

[ghost]

Notes regarding different levels of cjdns integration will go here.

[ghost]

Cjdns implements end-to-end encrypted, peer-to-peer IPv6 networks,
whose address space is defined by the public keys of the participants.

Cjdns networks are source-routed: the decision about routes/paths is made at the packet origin.
This results in very efficient switching without any memory lookups at intermediary nodes.

It consists of the following interdependent components.

• TUN Interface
• IPTunnel Interface
• Router / CJDHT
• CryptoAuth / SessionManager
• Switch
• ETH Interface
• UDP Interface

The C implementation lives at https://github.com/hyperboria/cjdns,
a Golang implementation of CryptoAuth is alpha at https://github.com/lgierth/cryptoauth.

Life of a packet:

                                                     +-------------------+
                                                     | TUNAdapter (tun0) |
                                                     +-----+-------+-----+
                                                           |       |
                                                  fc00::/8 |       | 10.12.34.0/24
                                                           |       | fd12:3:4:5::/64
                                                           |       |
                                              +------------v--+ +--v-----------------+ +----------------------------+
                                              | TUN Interface | | IPTunnel Interface | | MyLittleProtocol Interface |
TUN address: derived from public-key          +---------------+ +--------------------+ +--+-------------------------+
IPTunnel addresses: assigned by server        | fc12::356     | | 10.12.34.56        |    |
                                              +------------+--+ | fd12:3:4:5::6      |    |
                                                           |    +--+-----------------+    |
                                                           |       |                      |
                                    +----------------+  +--v-------v----------------------v--+
Find and maintain paths,            | Router / CJDHT +-->     CryptoAuth / SessionManager    |    Encrypt/decrypt packets,
e.g. 0000.0000.007c.50e3            |                <--+                                    |    mux protocols from above.
                                    +----------------+  +-------------+----------------------+
                                                                      |                           Searching a path is a side-effect
                                                                                                  of establishing a session.
                                                                      |
End-to-end encrypted from here on +-----------------------------------------------------------------------------------------+
                                                                      |
                                                     +----------------v------------+
                                                     | Switch                      |
                                                     +---------------------+-------+
                                                     | 0000.0000.0000.0001 | self  |
                                                     | 0000.0000.0000.0013 | peerA |
                                                     | 0000.0000.0000.0015 | peerB |
                                                     +-----------+-------+-+-------+
                                                                 |       |
Point-to-point encrypted from here on +-------------------------------------------------------------------------------------+
                                                                 |       |
                                                    +------------v--+ +--v------------+
                                                    | UDP Interface | | ETH Interface |
                                                    +---------------+ +---------------+
                                                    | 0.0.0.0:54321 | | wlan0         |
                                                    | [::]:54321    | | eth0          |
                                                    +---------------+ +---------------+

[ghost]

Actionable tasks:

• very simple switch with ping and pong
  • so that we can get to session-state = established
• cjdns support for multihash
  • publicKey = base32(first16bytes(sha512(sha512(privateKey))))
• secio-like interface to go-cryptoauth
• go-cryptoauth -> cjdns peering
  • right now only cjdns -> go-cryptoauth is supported
• authtype 0 support
  • for passwordless udp peering

Stuff to figure out:

• scope of integration
  • replace secio: replaces identity, handshake, crypto
  • transport protocol
    • /cjdns/fc12::3456/ipfs
• how cjdns-compatible do we want to be?

Stuff to integrate:

• identity
  • ed25519
• handshake
  • CryptoAuth
• crypto
  • salsa20, poly1305
• peer routing
  • CJDHT
• net
  • switch

[Kubuxu]

ed25519 currently is not supprted by cjdns, it might be in future, cjdns supports only curve25519 which is variant of ECDH.

The IP in cjdns network is hex(first16bytes(sha512(sha512(publicKey)))) (It is probably what you meant for the support of multihash), where public key is derived using curve25519 from random private key.

I see place for the integration at:

• disabling crypto
• using cjdns admin API to fetch NodeStore and use it to bootstrap Swarm

This way we don't have to implement parts of cjdns in Go but just use existing cjdns stack.

Linking: ipfs/kubo#1316

[ghost]

This is continued in #143