add compress and change encrypt for peerUpdate message

gravitl · Nov 22, 2024 · 359dc8f · 359dc8f
1 parent a13e55b
commit 359dc8f
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 19 deletions.
diff --git a/mq/migrate.go b/mq/migrate.go
@@ -88,7 +88,15 @@ func SendPullSYN() error {
 			Host:   host,
 		}
 		msg, _ := json.Marshal(hostUpdate)
-		encrypted, encryptErr := encryptMsg(&host, msg)
+		zipped, err := compressPayload(msg)
+		if err != nil {
+			return err
+		}
+		encrypted, encryptErr := encryptAESGCM(host.TrafficKeyPublic[0:32], zipped)
+		if encryptErr != nil {
+			return encryptErr
+		}
+
 		if encryptErr != nil {
 			continue
 		}

diff --git a/mq/publishers.go b/mq/publishers.go
@@ -55,7 +55,7 @@ func PublishPeerUpdate(replacePeers bool) error {
 
 	for _, host := range hosts {
 		host := host
-		time.Sleep(10 * time.Millisecond)
+		time.Sleep(5 * time.Millisecond)
 		go func(host models.Host) {
 			if err = PublishSingleHostPeerUpdate(&host, allNodes, nil, nil, replacePeers, nil); err != nil {
 				id := host.Name

diff --git a/mq/util.go b/mq/util.go
@@ -1,8 +1,14 @@
 package mq
 
 import (
+	"bytes"
+	"compress/gzip"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
 	"errors"
 	"fmt"
+	"io"
 	"math"
 	"strings"
 	"time"
@@ -66,40 +72,49 @@ func BatchItems[T any](items []T, batchSize int) [][]T {
 	return batches
 }
 
-func encryptMsg(host *models.Host, msg []byte) ([]byte, error) {
-	if host.OS == models.OS_Types.IoT {
-		return msg, nil
-	}
-
-	// fetch server public key to be certain hasn't changed in transit
-	trafficKey, trafficErr := logic.RetrievePrivateTrafficKey()
-	if trafficErr != nil {
-		return nil, trafficErr
+func compressPayload(data []byte) ([]byte, error) {
+	var buf bytes.Buffer
+	zw := gzip.NewWriter(&buf)
+	if _, err := zw.Write(data); err != nil {
+		return nil, err
 	}
-
-	serverPrivKey, err := ncutils.ConvertBytesToKey(trafficKey)
+	zw.Close()
+	return buf.Bytes(), nil
+}
+func encryptAESGCM(key, plaintext []byte) ([]byte, error) {
+	// Create AES block cipher
+	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}
 
-	nodePubKey, err := ncutils.ConvertBytesToKey(host.TrafficKeyPublic)
+	// Create GCM (Galois/Counter Mode) cipher
+	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
 		return nil, err
 	}
 
-	if strings.Contains(host.Version, "0.10.0") {
-		return ncutils.BoxEncrypt(msg, nodePubKey, serverPrivKey)
+	// Create a random nonce
+	nonce := make([]byte, aesGCM.NonceSize())
+	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+		return nil, err
 	}
 
-	return ncutils.Chunk(msg, nodePubKey, serverPrivKey)
+	// Encrypt the data
+	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
+	return ciphertext, nil
 }
 
 func publish(host *models.Host, dest string, msg []byte) error {
-
-	encrypted, encryptErr := encryptMsg(host, msg)
+	zipped, err := compressPayload(msg)
+	if err != nil {
+		return err
+	}
+	encrypted, encryptErr := encryptAESGCM(host.TrafficKeyPublic[0:32], zipped)
 	if encryptErr != nil {
 		return encryptErr
 	}
+
 	if mqclient == nil || !mqclient.IsConnectionOpen() {
 		return errors.New("cannot publish ... mqclient not connected")
 	}

diff --git a/netclient/ncutils/netclientutils.go b/netclient/ncutils/netclientutils.go
@@ -31,3 +31,15 @@ func ConvertBytesToKey(data []byte) (*[32]byte, error) {
 	}
 	return result, err
 }
+
+// ConvertBytesToKey - util to convert bytes to a key to use elsewhere
+func ConvertBytesToKey1(data []byte) ([]byte, error) {
+	var buffer = bytes.NewBuffer(data)
+	var dec = gob.NewDecoder(buffer)
+	var result = []byte{}
+	var err = dec.Decode(result)
+	if err != nil {
+		return nil, err
+	}
+	return result, err
+}