From 2c6c056dfae0da5b47d90ca10e21a4332f29c3ba Mon Sep 17 00:00:00 2001
From: rkonfj <rkonfj@gmail.com>
Date: Sun, 10 Mar 2024 16:35:14 +0800
Subject: [PATCH] Chacha20Poly1305 as the default algo

---
 README.md                                   | 10 ++++++----
 cmd/pgcli/vpn/vpn.go                        |  2 +-
 p2p/config.go                               | 17 +++++++++--------
 secure/aescbc/aescbc.go                     | 14 +++++++-------
 secure/chacha20poly1305/chacha20poly1305.go |  2 +-
 5 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 087121a..883896f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-# PeerGuard - Another p2p network library in Go 
+# PeerGuard
+
+Another p2p network library in Go 
 
 ## Get Started
 
@@ -14,10 +16,10 @@ $ pgserve -l 127.0.0.1:9987 --secret-key 5172554832d76672d1959a5ac63c5ab9 \
 $ caddy reverse-proxy --from https://synf.in/pg --to 127.0.0.1:9987
 ```
 
-### Follow the steps below to run VPN nodes in different networks
-#### 1. Generate a network secret
+### Follow the steps below to run VPN nodes in different physical networks
+#### 1. Generate a private network secret
 ```
-# pgcli secret --secret-key 5172554832d76672d1959a5ac63c5ab9 > ~/.peerguard_network_secret.json
+$ pgcli secret --secret-key 5172554832d76672d1959a5ac63c5ab9 > ~/.peerguard_network_secret.json
 ```
 #### 2. Run a VPN daemon
 ```
diff --git a/cmd/pgcli/vpn/vpn.go b/cmd/pgcli/vpn/vpn.go
index cb07ea1..4d2ef24 100644
--- a/cmd/pgcli/vpn/vpn.go
+++ b/cmd/pgcli/vpn/vpn.go
@@ -34,7 +34,7 @@ func init() {
 	Cmd.Flags().String("ipv4", "", "ipv4 address prefix (i.e. 100.99.0.1/24)")
 	Cmd.Flags().String("ipv6", "", "ipv6 address prefix (i.e. fd00::1/64)")
 	Cmd.Flags().String("tun", "pg0", "tun name")
-	Cmd.Flags().Int("mtu", 1391, "mtu")
+	Cmd.Flags().Int("mtu", 1436, "mtu")
 
 	Cmd.Flags().String("key", "", "curve25519 private key in base64-url format (default generate a new one)")
 	Cmd.Flags().String("secret-file", "", "p2p network secret file (default ~/.peerguard_network_secret.json)")
diff --git a/p2p/config.go b/p2p/config.go
index c6fd4aa..5f920e4 100644
--- a/p2p/config.go
+++ b/p2p/config.go
@@ -6,9 +6,15 @@ import (
 
 	"github.com/rkonfj/peerguard/peer"
 	"github.com/rkonfj/peerguard/secure"
-	"github.com/rkonfj/peerguard/secure/aescbc"
+	"github.com/rkonfj/peerguard/secure/chacha20poly1305"
 )
 
+var defaultSymmAlgo func(secure.ProvideSecretKey) secure.SymmAlgo = chacha20poly1305.New
+
+func SetDefaultSymmAlgo(symmAlgo func(secure.ProvideSecretKey) secure.SymmAlgo) {
+	defaultSymmAlgo = symmAlgo
+}
+
 type Config struct {
 	UDPPort         int
 	PeerID          peer.PeerID
@@ -49,16 +55,11 @@ func ListenPeerID(id string) Option {
 
 func ListenPeerSecure() Option {
 	return func(cfg *Config) error {
-		if cfg.SymmAlgo != nil {
-			return errors.New("repeat secure options")
-		}
 		priv, err := secure.GenerateCurve25519()
 		if err != nil {
 			return err
 		}
-		cfg.SymmAlgo = aescbc.NewAESCBC(priv.SharedKey)
-		cfg.PeerID = peer.PeerID(priv.PublicKey.String())
-		return nil
+		return ListenPeerCurve25519(priv.String())(cfg)
 	}
 }
 
@@ -71,7 +72,7 @@ func ListenPeerCurve25519(privateKey string) Option {
 		if err != nil {
 			return err
 		}
-		cfg.SymmAlgo = aescbc.NewAESCBC(priv.SharedKey)
+		cfg.SymmAlgo = defaultSymmAlgo(priv.SharedKey)
 		cfg.PeerID = peer.PeerID(priv.PublicKey.String())
 		return nil
 	}
diff --git a/secure/aescbc/aescbc.go b/secure/aescbc/aescbc.go
index f84df69..507aa89 100644
--- a/secure/aescbc/aescbc.go
+++ b/secure/aescbc/aescbc.go
@@ -82,13 +82,6 @@ type AESCBC struct {
 	provideSecretKey secure.ProvideSecretKey
 }
 
-func NewAESCBC(provideSecretKey secure.ProvideSecretKey) *AESCBC {
-	return &AESCBC{
-		cipher:           lru.New[string, cipher.Block](128),
-		provideSecretKey: provideSecretKey,
-	}
-}
-
 func (s *AESCBC) Encrypt(b []byte, pubKey string) ([]byte, error) {
 	if s == nil {
 		return nil, errors.New("aesCBC is nil")
@@ -152,3 +145,10 @@ func (s *AESCBC) ensureChiperBlock(pubKey string) (cipher.Block, error) {
 
 	return block, nil
 }
+
+func New(provideSecretKey secure.ProvideSecretKey) secure.SymmAlgo {
+	return &AESCBC{
+		cipher:           lru.New[string, cipher.Block](128),
+		provideSecretKey: provideSecretKey,
+	}
+}
diff --git a/secure/chacha20poly1305/chacha20poly1305.go b/secure/chacha20poly1305/chacha20poly1305.go
index d5902a4..2932032 100644
--- a/secure/chacha20poly1305/chacha20poly1305.go
+++ b/secure/chacha20poly1305/chacha20poly1305.go
@@ -85,7 +85,7 @@ func (s *Chacha20Poly1305) ensureChiperAEAD(pubKey string) (cipher.AEAD, error)
 
 }
 
-func New(provideSecretKey secure.ProvideSecretKey) *Chacha20Poly1305 {
+func New(provideSecretKey secure.ProvideSecretKey) secure.SymmAlgo {
 	return &Chacha20Poly1305{
 		cipher:           lru.New[string, cipher.AEAD](128),
 		provideSecretKey: provideSecretKey,