stochastic-routing-extended 1.0.2

SRX (Stochastic Routing eXtended) — a next-generation VPN protocol with stochastic routing, DPI evasion, post-quantum cryptography, and multi-transport channel splitting
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

//! Routing mask generation from shared seed + session counter.
//!
//! The routing mask determines which transport(s) carry each frame
//! or fragment, enabling multi-transport splitting of a single logical packet.

use sha2::{Digest, Sha256};

use crate::seed::SeedRng;
use crate::transport::TransportKind;

/// A routing mask that maps a frame to one or more transports.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct RoutingMask {
    /// Raw mask value.
    pub value: u32,
    /// Selected transports for this frame.
    pub transports: Vec<TransportKind>,
}

impl RoutingMask {
    /// Generate a routing mask for the given frame counter.
    ///
    /// Deterministic from `(seed, frame_counter, available)` so peers agree without extra messages.
    pub fn generate(
        rng: &mut SeedRng,
        available_transports: &[TransportKind],
        frame_counter: u64,
    ) -> Self {
        if available_transports.is_empty() {
            return Self {
                value: 0,
                transports: Vec::new(),
            };
        }

        let seed = rng.seed_bytes();
        let mut hasher = Sha256::new();
        hasher.update(seed);
        hasher.update(frame_counter.to_be_bytes());
        let digest = hasher.finalize();

        let value = u32::from_be_bytes(digest[0..4].try_into().expect("digest prefix"));

        let mut selected = Vec::new();
        for (i, &t) in available_transports.iter().enumerate() {
            let byte = digest[(i % 32) + 4];
            if (byte & 1) != 0 {
                selected.push(t);
            }
        }

        if selected.is_empty() {
            let idx = (value as usize) % available_transports.len();
            selected.push(available_transports[idx]);
        }

        Self {
            value,
            transports: selected,
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn peers_agree() {
        let kinds = [TransportKind::Tcp, TransportKind::Udp, TransportKind::Quic];
        let mut a = SeedRng::new([0xAAu8; 32]);
        let mut b = SeedRng::new([0xAAu8; 32]);
        let ma = RoutingMask::generate(&mut a, &kinds, 42);
        let mb = RoutingMask::generate(&mut b, &kinds, 42);
        assert_eq!(ma, mb);
    }

    #[test]
    fn empty_available() {
        let mut rng = SeedRng::new([1u8; 32]);
        let m = RoutingMask::generate(&mut rng, &[], 0);
        assert!(m.transports.is_empty());
    }
}