grabbed packaging scripts and fluff from abandoned repo

.gitignore

@@ -37,3 +37,4 @@ testnet_tmp
 vsproject/
 
 daemon.ini
+lokinet-win32.exe

CMakeLists.txt

@@ -98,8 +98,8 @@ if(CMAKE_BUILD_TYPE MATCHES "[Dd][Ee][Bb][Uu][Gg]")
   add_cxxflags("${DEBUG_FLAGS}")
 endif()
 
-set(CRYPTO_FLAGS "-march=native")
-set(CMAKE_ASM_FLAGS "-march=native")
+set(CRYPTO_FLAGS "-march=native $ENV{CFLAGS}")
+set(CMAKE_ASM_FLAGS "-march=native $ENV{CFLAGS}")
 
 add_cflags("-Wall -Wno-deprecated-declarations ${OPTIMIZE_FLAGS} ${CRYPTO_FLAGS}")
 add_cxxflags("-Wall -Wno-deprecated-declarations ${OPTIMIZE_FLAGS} ${CRYPTO_FLAGS}")
@@ -130,7 +130,11 @@ if(JEMALLOC)
   set(MALLOC_LIB jemalloc)
 endif()
 
-#set(FS_LIB stdc++fs)
+if (WIN32)
+add_cxxflags("-std=c++17")
+set(FS_LIB stdc++fs)
+endif(WIN32)
+
 set(LIBS ${THREAD_LIB} ${MALLOC_LIB} ${FS_LIB})
 
 set(LIB lokinet)
@@ -197,7 +201,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
   set(ISOLATE_PROC_SRC llarp/linux/netns.cpp)
 endif()
 
-
+if(NOT WIN32)
 set(CXX_COMPAT_SRC
   vendor/cppbackport-master/lib/fs/rename.cpp
   vendor/cppbackport-master/lib/fs/filestatus.cpp
@@ -217,6 +221,7 @@ set(CXX_COMPAT_SRC
   vendor/cppbackport-master/lib/fs/direntry.cpp
 )
 include_directories(vendor/cppbackport-master/lib)
+endif(NOT WIN32)
 
 set(LIB_PLATFORM_SRC
 # string stuff
@@ -541,21 +546,18 @@ if(WITH_STATIC)
     endif()
     target_link_libraries(${STATIC_LIB} ${CRYPTOGRAPHY_LIB} ${LIBS} ${PLATFORM_LIB})
     if(NOT WITH_SHARED)
-
       target_link_libraries(${EXE} ${STATIC_LINK_LIBS} ${STATIC_LIB} ${PLATFORM_LIB})
       target_link_libraries(${CLIENT_EXE} ${STATIC_LINK_LIBS} ${STATIC_LIB} ${PLATFORM_LIB})
       target_link_libraries(${RC_EXE} ${STATIC_LINK_LIBS} ${STATIC_LIB} ${PLATFORM_LIB})
       target_link_libraries(${TEST_EXE} ${STATIC_LINK_LIBS} gtest_main ${STATIC_LIB} ${PLATFORM_LIB})
+      target_link_libraries(${DNS_EXE} ${STATIC_LIB} ${PLATFORM_LIB} ${THREAD_LIB})
       if (WIN32)
         target_link_libraries(${EXE} ${STATIC_LINK_LIBS} ${STATIC_LIB} ${PLATFORM_LIB} ws2_32 iphlpapi)
         target_link_libraries(${CLIENT_EXE} ${STATIC_LINK_LIBS} ${STATIC_LIB} ${PLATFORM_LIB} ws2_32 iphlpapi)
         target_link_libraries(${RC_EXE} ${STATIC_LINK_LIBS} ${STATIC_LIB} ${PLATFORM_LIB} ws2_32 iphlpapi)
         target_link_libraries(${TEST_EXE} ${STATIC_LINK_LIBS} gtest_main ${STATIC_LIB} ${PLATFORM_LIB} ws2_32 iphlpapi)
-      endif(WIN32)
-      if (WIN32)
         target_link_libraries(${DNS_EXE} ${STATIC_LIB} ${PLATFORM_LIB} ${THREAD_LIB} ws2_32 iphlpapi)
       endif(WIN32)
-      target_link_libraries(${DNS_EXE} ${STATIC_LIB} ${PLATFORM_LIB} ${THREAD_LIB})
     endif(NOT WITH_SHARED)
   endif(WITH_STATIC)
   if(ANDROID)

README-windows.md

@@ -0,0 +1,50 @@
+# lokinet builder for windows
+
+## Building for Windows (mingw-w64 native, or wow64/linux/unix cross-compiler)
+
+    #i686 or x86_64
+
+    $ pacman -Sy base-devel mingw-w64-$ARCH-toolchain git libtool autoconf cmake (or your distro/OS package mgr)
+    $ git clone https://github.com/loki-project/loki-network.git
+    $ cd loki-network
+    $ mkdir -p build; cd build
+    $ cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_COMPILER=gcc -DCMAKE_CXX_COMPILER=g++ -DDNS_PORT=53
+
+    # if cross-compiling do
+    $ mkdir -p build; cd build
+    $ export COMPILER=clang # if using clang for windows
+    $ cmake .. -DCMAKE_BUILD_TYPE=[Debug|Release] -DCMAKE_C_COMPILER=$ARCH-w64-mingw32-[gcc|clang] -DCMAKE_CXX_COMPILER=$ARCH-w64-mingw32-[g|clang]++ -DDNS_PORT=53 -DCMAKE_TOOLCHAIN_FILE=../contrib/cross/mingw[32].cmake
+
+## running
+
+if the machine you run lokinet on has a public address (at the moment) it `will` automatically become a relay, 
+otherwise it will run in client mode.
+
+
+**NEVER** run lokinet with elevated privileges.
+
+to set up a lokinet to start on boot:
+
+    C:\> (not ready yet. TODO: write up some SCM install code in the win32 setup)
+
+alternatively:
+
+set up the configs and bootstrap (first time only):
+
+    C:\> lokinet -g && lokinet-bootstrap
+    
+run it (foreground):
+    
+    C:\> lokinet
+
+to force client mode edit `$APPDATA/.lokinet/daemon.ini`
+
+comment out the `[bind]` section, so it looks like this:
+
+    ...
+    
+    # [bind]
+    # {B7F2ECAC-BB10-4736-8BBD-6E9444E27030}=1090
+
+
+-despair

contrib/cross/mingw.cmake

@@ -0,0 +1,26 @@
+set(CMAKE_SYSTEM_NAME Windows)
+set(TOOLCHAIN_PREFIX x86_64-w64-mingw32)
+
+add_definitions("-DWINNT_CROSS_COMPILE")
+
+# target environment on the build host system
+# second one is for non-root installs
+set(CMAKE_FIND_ROOT_PATH /usr/${TOOLCHAIN_PREFIX} /home/$ENV{USER}/mingw32 /home/$ENV{USER}/mingw32/${TOOLCHAIN_PREFIX})
+
+# modify default behavior of FIND_XXX() commands
+set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
+set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
+set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
+
+# cross compilers to use
+if($ENV{COMPILER} MATCHES "clang")
+set(USING_CLANG ON)
+set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-clang)
+set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-clang++)
+else()
+set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc)
+set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-g++)
+endif()
+
+set(CMAKE_RC_COMPILER ${TOOLCHAIN_PREFIX}-windres)
+set(WIN64_CROSS_COMPILE ON)

contrib/cross/mingw32.cmake

@@ -0,0 +1,26 @@
+set(CMAKE_SYSTEM_NAME Windows)
+set(TOOLCHAIN_PREFIX i686-w64-mingw32)
+
+add_definitions("-DWINNT_CROSS_COMPILE")
+
+# target environment on the build host system
+# second one is for non-root installs
+set(CMAKE_FIND_ROOT_PATH /usr/${TOOLCHAIN_PREFIX} /home/$ENV{USER}/mingw32 /home/$ENV{USER}/mingw32/${TOOLCHAIN_PREFIX})
+
+# modify default behavior of FIND_XXX() commands
+set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
+set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
+set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
+
+# cross compilers to use
+if($ENV{COMPILER} MATCHES "clang")
+set(USING_CLANG ON)
+set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-clang)
+set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-clang++)
+else()
+set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc)
+set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-g++)
+endif()
+
+set(CMAKE_RC_COMPILER ${TOOLCHAIN_PREFIX}-windres)
+set(WOW64_CROSS_COMPILE ON)

contrib/lokinet-bootstrap-winnt/.gitignore

@@ -0,0 +1,4 @@
+*.o
+mbedtls/
+*.a
+*.exe

contrib/lokinet-bootstrap-winnt/COPYING

@@ -0,0 +1,17 @@
+Copyright (c)2018 Rick V. All rights reserved.
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+1. The origin of this software must not be misrepresented; you must not
+claim that you wrote the original software. If you use this software
+in a product, an acknowledgment in the product documentation would be
+appreciated but is not required.
+2. Altered source versions must be plainly marked as such, and must not be
+misrepresented as being the original software.
+3. This notice may not be removed or altered from any source distribution.

contrib/lokinet-bootstrap-winnt/Makefile

@@ -0,0 +1,54 @@
+# makefile for windows bootstrap
+# requires mbedtls to be installed somewhere, for both native and windows targets
+# requires wget to be installed for ca bundle download
+
+# to build: 
+# $ [g]make prepare;[g]make lokinet-bootstrap
+
+# set this beforehand if you use clang
+CC ?= i686-w64-mingw32-gcc
+NATIVE_CC ?= cc
+
+# set these for the native system
+INCLUDE ?=
+LIBS ?=
+
+# set these for 32-bit windows if cross-compiling
+WINNT_INCLUDE ?=
+WINNT_LIBS ?=
+
+.PHONY: download prepare all default
+
+# windows target only
+.c.o:
+	$(CC) $(WINNT_INCLUDE) -Ofast -march=core2 -mfpmath=sse $< -c
+
+zpipe: zpipe.c miniz.c
+	$(NATIVE_CC) $(INCLUDE) $(LIBS) $^ -s -static -o $@
+
+base64enc: base64enc.c
+	$(NATIVE_CC) $(INCLUDE) $(LIBS) $^ -s -static -o $@ -lmbedx509 -lmbedtls -lmbedcrypto
+
+download:
+	wget -O ./cacert.pem https://curl.haxx.se/ca/cacert.pem
+
+prepare: zpipe base64enc download
+	./zpipe < cacert.pem > data.enc
+	./base64enc < data.enc > out.bin
+	sed -ie "s/.\{76\}/&\n/g" out.bin
+	sed -i 's/.*/\"&\"/g' out.bin
+	sed -i '49,2192d' bootstrap.c
+	echo ';' >> out.bin
+	sed -i '48r out.bin' bootstrap.c
+
+lokinet-bootstrap: bootstrap.o miniz.o
+	$(CC) $(WINNT_LIBS) -static -s $^ -o $@.exe -lmbedx509 -lmbedtls -lmbedcrypto -lws2_32
+
+clean:
+	-@rm lokinet-bootstrap.exe
+	-@rm base64enc
+	-@rm zpipe
+	-@rm cacert.pem
+	-@rm data.enc
+	-@rm out.*
+	-@rm *.o

contrib/lokinet-bootstrap-winnt/README.md

@@ -0,0 +1,35 @@
+# LokiNET bootstrap for Windows
+
+This is a tiny executable that does the same thing as the `lokinet-bootstrap` shell script for Linux, specifically for the purpose of bypassing broken or outdated versions of Schannel that do not support current versions of TLS.
+
+# Building
+
+## requirements
+
+- mbedtls 2.13.0 or later, for both host and windows
+- wget for host (to download Netscape CA bundle from cURL website)
+- Also included is a patch that can be applied to the mbedtls source to enable features like AES-NI in protected mode, plus some networking fixes for win32
+
+native build:
+
+    $ export INCLUDE=/mingw32/include LIBS=/mingw32/lib # or a different path
+    $ export CC=cc # change these if you use clang
+    $ export NATIVE_CC=$CC
+    $ export WINNT_INCLUDE=$INCLUDE WINNT_LIBS=$LIBS
+    $ make prepare;make lokinet-bootstrap
+
+cross-compile build:
+
+    $ export INCLUDE=/usr/local/include LIBS=/usr/local/lib # or a different path
+    $ export CC=i686-w64-mingw32-gcc # change these if you use clang, make sure these are in your system $PATH!
+    $ export NATIVE_CC=cc
+    $ export WINNT_INCLUDE=/path/to/win32/headers WINNT_LIBS=/path/to/win32/libs
+    $ make prepare;make lokinet-bootstrap
+
+# Usage
+
+   C:\>lokinet-bootstrap [uri] [local download path]
+
+this is also included in the lokinet installer package.
+
+-despair86

contrib/lokinet-bootstrap-winnt/base64enc.c

@@ -0,0 +1,54 @@
+/*
+* Copyright (c)2018 Rick V. All rights reserved.
+*
+* This software is provided 'as-is', without any express or implied
+* warranty. In no event will the authors be held liable for any damages
+* arising from the use of this software.
+*
+* Permission is granted to anyone to use this software for any purpose,
+* including commercial applications, and to alter it and redistribute it
+* freely, subject to the following restrictions:
+*
+* 1. The origin of this software must not be misrepresented; you must not
+* claim that you wrote the original software. If you use this software
+* in a product, an acknowledgment in the product documentation would be
+* appreciated but is not required.
+* 2. Altered source versions must be plainly marked as such, and must not be
+* misrepresented as being the original software.
+* 3. This notice may not be removed or altered from any source distribution.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "sysconf.h"
+#ifdef HAVE_SETMODE
+# define SET_BINARY_MODE(handle) setmode(handle, O_BINARY)
+#else
+# define SET_BINARY_MODE(handle) ((void)0)
+#endif
+#include <mbedtls/base64.h>
+#include <mbedtls/error.h>
+
+main(argc, argv)
+char** argv;
+{
+	int size,r, inl;
+	unsigned char in[524288];
+	unsigned char out[1048576];
+	unsigned char err[1024];
+	memset(&in, 0, 524288);
+	memset(&out, 0, 1048576);
+	SET_BINARY_MODE(0);
+	/* Read up to 512K of data from stdin */
+	inl = fread(in, 1, 524288, stdin);
+	r = mbedtls_base64_encode(out, 1048576, &size, in, inl);
+	if (r)
+	{
+		mbedtls_strerror(r, err, 1024);
+		printf("error: %s\n", err);
+		return r;
+	}
+	fprintf(stdout, "%s", out);
+	return 0;
+}

contrib/lokinet-bootstrap-winnt/mbedtls-win32.patch

@@ -0,0 +1,205 @@
+diff -ruN polarssl-master/include/mbedtls/aesni.h polarssl/include/mbedtls/aesni.h
+--- polarssl-master/include/mbedtls/aesni.h	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/include/mbedtls/aesni.h	2018-04-17 15:47:59.320514100 -0500
+@@ -26,17 +26,16 @@
+ 
+ #include "aes.h"
+ 
++/* 
++ * despair: This code appears to be 32-bit clean. Remove the CPP macros
++ * that restrict usage to AMD64 and EM64T processors.
++ * Obviously, you still need to have this insn set available in order to
++ * use it in either of protected or long mode anyway.
++ */
++
+ #define MBEDTLS_AESNI_AES      0x02000000u
+ #define MBEDTLS_AESNI_CLMUL    0x00000002u
+ 
+-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
+-    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
+-    ! defined(MBEDTLS_HAVE_X86_64)
+-#define MBEDTLS_HAVE_X86_64
+-#endif
+-
+-#if defined(MBEDTLS_HAVE_X86_64)
+-
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+@@ -107,6 +106,4 @@
+ }
+ #endif
+ 
+-#endif /* MBEDTLS_HAVE_X86_64 */
+-
+ #endif /* MBEDTLS_AESNI_H */
+diff -ruN polarssl-master/include/mbedtls/bn_mul.h polarssl/include/mbedtls/bn_mul.h
+--- polarssl-master/include/mbedtls/bn_mul.h	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/include/mbedtls/bn_mul.h	2018-04-17 15:42:09.045117300 -0500
+@@ -754,7 +754,9 @@
+ #if defined(MBEDTLS_HAVE_SSE2)
+ 
+ #define EMIT __asm _emit
+-
++/* Because the Visual C++ inline assembler STILL does
++   not support MMX insns! reeeeee (old -GM flag no longer exists)
++ */
+ #define MULADDC_HUIT                            \
+     EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
+     EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
+diff -ruN polarssl-master/include/mbedtls/config.h polarssl/include/mbedtls/config.h
+--- polarssl-master/include/mbedtls/config.h	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/include/mbedtls/config.h	2018-04-17 17:27:18.350938700 -0500
+@@ -91,7 +91,7 @@
+  *
+  * Uncomment if the CPU supports SSE2 (IA-32 specific).
+  */
+-//#define MBEDTLS_HAVE_SSE2
++#define MBEDTLS_HAVE_SSE2
+ 
+ /**
+  * \def MBEDTLS_HAVE_TIME
+@@ -1571,7 +1571,7 @@
+  * Module:  library/aesni.c
+  * Caller:  library/aes.c
+  *
+- * Requires: MBEDTLS_HAVE_ASM
++ * Requires: None. Enable only for i386 or AMD64 targets only! -despair
+  *
+  * This modules adds support for the AES-NI instructions on x86-64
+  */
+@@ -1850,7 +1850,7 @@
+  * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
+  *
+  */
+-//#define MBEDTLS_CMAC_C
++#define MBEDTLS_CMAC_C
+ 
+ /**
+  * \def MBEDTLS_CTR_DRBG_C
+@@ -2055,7 +2055,7 @@
+  *
+  * Uncomment to enable the HAVEGE random generator.
+  */
+-//#define MBEDTLS_HAVEGE_C
++#define MBEDTLS_HAVEGE_C
+ 
+ /**
+  * \def MBEDTLS_HMAC_DRBG_C
+diff -ruN polarssl-master/library/aes.c polarssl/library/aes.c
+--- polarssl-master/library/aes.c	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/library/aes.c	2018-04-17 16:51:37.098413400 -0500
+@@ -514,7 +514,7 @@
+ #endif
+     ctx->rk = RK = ctx->buf;
+ 
+-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
++#if defined(MBEDTLS_AESNI_C)
+     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
+         return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
+ #endif
+@@ -621,7 +621,7 @@
+ 
+     ctx->nr = cty.nr;
+ 
+-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
++#if defined(MBEDTLS_AESNI_C)
+     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
+     {
+         mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
+@@ -850,7 +850,7 @@
+                     const unsigned char input[16],
+                     unsigned char output[16] )
+ {
+-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
++#if defined(MBEDTLS_AESNI_C)
+     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
+         return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
+ #endif
+diff -ruN polarssl-master/library/aesni.c polarssl/library/aesni.c
+--- polarssl-master/library/aesni.c	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/library/aesni.c	2018-04-17 16:09:26.050605000 -0500
+@@ -30,7 +30,16 @@
+ #include MBEDTLS_CONFIG_FILE
+ #endif
+ 
+-#if defined(MBEDTLS_AESNI_C)
++
++/* 
++ * despair: This code appears to be 32-bit clean. Remove the CPP macros
++ * that restrict usage to AMD64 and EM64T processors.
++ * Obviously, you still need to have this insn set available in order to
++ * use it in either of protected or long mode anyway.
++ * GCC or Clang only, no MSVC here, sorry. (Must pass -march=core2 or later
++ * if your compiler's default is anything older or generic.)
++ */
++#if defined(MBEDTLS_AESNI_C) && !defined(_MSC_VER)
+ 
+ #include "mbedtls/aesni.h"
+ 
+@@ -40,8 +49,6 @@
+ #define asm __asm
+ #endif
+ 
+-#if defined(MBEDTLS_HAVE_X86_64)
+-
+ /*
+  * AES-NI support detection routine
+  */
+@@ -459,6 +466,4 @@
+     return( 0 );
+ }
+ 
+-#endif /* MBEDTLS_HAVE_X86_64 */
+-
+ #endif /* MBEDTLS_AESNI_C */
+diff -ruN polarssl-master/library/entropy_poll.c polarssl/library/entropy_poll.c
+--- polarssl-master/library/entropy_poll.c	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/library/entropy_poll.c	2018-04-17 15:52:13.013004200 -0500
+@@ -56,6 +56,12 @@
+ #include <windows.h>
+ #include <wincrypt.h>
+ 
++/* 
++ * WARNING(despair): The next release of PolarSSL will remove the existing codepaths
++ * to enable Windows RT and UWP app support. This also breaks NT 5.x and early Longhorn.
++ *
++ * TODO(despair): create CPP macro to switch between old and new CAPI codepaths
++ */
+ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
+                            size_t *olen )
+ {
+diff -ruN polarssl-master/library/gcm.c polarssl/library/gcm.c
+--- polarssl-master/library/gcm.c	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/library/gcm.c	2018-04-17 16:53:18.630262400 -0500
+@@ -126,7 +126,7 @@
+     ctx->HL[8] = vl;
+     ctx->HH[8] = vh;
+ 
+-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
++#if defined(MBEDTLS_AESNI_C)
+     /* With CLMUL support, we need only h, not the rest of the table */
+     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
+         return( 0 );
+@@ -217,7 +217,7 @@
+     unsigned char lo, hi, rem;
+     uint64_t zh, zl;
+ 
+-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
++#if defined(MBEDTLS_AESNI_C)
+     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
+         unsigned char h[16];
+ 
+diff -ruN polarssl-master/library/net_sockets.c polarssl/library/net_sockets.c
+--- polarssl-master/library/net_sockets.c	2018-03-16 11:25:12.000000000 -0500
++++ polarssl/library/net_sockets.c	2018-04-17 15:50:08.118440600 -0500
+@@ -51,7 +51,8 @@
+ /* Enables getaddrinfo() & Co */
+ #define _WIN32_WINNT 0x0501
+ #include <ws2tcpip.h>
+-
++/* despair: re-enable Windows 2000/XP */
++#include <wspiapi.h>
+ #include <winsock2.h>
+ #include <windows.h>
+ 

contrib/lokinet-bootstrap-winnt/sysconf.h

@@ -0,0 +1,95 @@
+/**
+ * sysconf.h -- system-dependent macros and settings
+ *
+ * Copyright (C) 2002-2004 Cosmin Truta.
+ * Permission to use and distribute freely.
+ * No warranty.
+ **/
+
+#ifndef SYSCONF_H
+#define SYSCONF_H
+
+
+ /*****************************************************************************/
+ /* Platform identifiers */
+
+
+ /* Detect Unix. */
+#if defined(unix) || defined(__linux__) || defined(BSD) || defined(__CYGWIN__)
+  /* Add more systems here. */
+# ifndef UNIX
+#  define UNIX
+# endif
+#endif
+
+/* Detect MS-DOS. */
+#if defined(__MSDOS__)
+# ifndef MSDOS
+#  define MSDOS
+# endif
+#endif
+
+/* TO DO: Detect OS/2. */
+
+/* Detect Windows. */
+#if defined(_WIN32) || defined(__WIN32__)
+# ifndef WIN32
+#  define WIN32
+# endif
+#endif
+#if defined(_WIN64)
+# ifndef WIN64
+#  define WIN64
+# endif
+#endif
+#if defined(_WINDOWS) || defined(WIN32) || defined(WIN64)
+# ifndef WINDOWS
+#  define WINDOWS
+# endif
+#endif
+
+/* Enable POSIX-friendly symbols on Microsoft (Visual) C. */
+#ifdef _MSC_VER
+# define _POSIX_
+#endif
+
+
+/*****************************************************************************/
+/* Library access */
+
+
+#if defined(UNIX)
+# include <unistd.h>
+#endif
+
+#if defined(_POSIX_VERSION)
+# include <fcntl.h>
+# ifndef HAVE_ISATTY
+#  define HAVE_ISATTY
+# endif
+#endif
+
+#if defined(MSDOS) || defined(OS2) || defined(WINDOWS) || defined(__CYGWIN__)
+  /* Add more systems here, e.g. MacOS 9 and earlier. */
+# include <fcntl.h>
+# include <io.h>
+# ifndef HAVE_ISATTY
+#  define HAVE_ISATTY
+# endif
+# ifndef HAVE_SETMODE
+#  define HAVE_SETMODE
+# endif
+#endif
+
+/* Standard I/O handles. */
+#define STDIN  0
+#define STDOUT 1
+#define STDERR 2
+
+/* Provide a placeholder for O_BINARY, if it doesn't exist. */
+#ifndef O_BINARY
+# define O_BINARY 0
+#endif
+
+
+#endif  /* SYSCONF_H */

contrib/lokinet-bootstrap-winnt/zpipe.c

@@ -0,0 +1,204 @@
+/* zpipe.c: example of proper use of zlib's inflate() and deflate()
+   Not copyrighted -- provided to the public domain
+   Version 1.4  11 December 2005  Mark Adler */
+
+   /* Version history:
+	  1.0  30 Oct 2004  First version
+	  1.1   8 Nov 2004  Add void casting for unused return values
+						Use switch statement for inflate() return values
+	  1.2   9 Nov 2004  Add assertions to document zlib guarantees
+	  1.3   6 Apr 2005  Remove incorrect assertion in inf()
+	  1.4  11 Dec 2005  Add hack to avoid MSDOS end-of-line conversions
+						Avoid some compiler warnings for input and output buffers
+	*/
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include "miniz.h"
+
+#if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__CYGWIN__)
+#  include <fcntl.h>
+#  include <io.h>
+#  define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#  define SET_BINARY_MODE(file)
+#endif
+
+#define CHUNK 16384
+
+	/* Compress from file source to file dest until EOF on source.
+	   def() returns Z_OK on success, Z_MEM_ERROR if memory could not be
+	   allocated for processing, Z_STREAM_ERROR if an invalid compression
+	   level is supplied, Z_VERSION_ERROR if the version of zlib.h and the
+	   version of the library linked do not match, or Z_ERRNO if there is
+	   an error reading or writing the files. */
+int def(FILE *source, FILE *dest, int level)
+{
+	int ret, flush;
+	unsigned have;
+	z_stream strm;
+	unsigned char in[CHUNK];unsigned char out[CHUNK];
+
+	/* allocate deflate state */
+	strm.zalloc = Z_NULL;
+	strm.zfree = Z_NULL;
+	strm.opaque = Z_NULL;
+	ret = deflateInit(&strm, level);
+	if (ret != Z_OK)
+		return ret;
+
+	/* compress until end of file */
+	do {
+		strm.avail_in = fread(in, 1, CHUNK, source);
+		if (ferror(source)) {
+			(void)deflateEnd(&strm);
+			return Z_ERRNO;
+		}
+		flush = feof(source) ? Z_FINISH : Z_NO_FLUSH;
+		strm.next_in = in;
+
+		/* run deflate() on input until output buffer not full, finish
+		   compression if all of source has been read in */
+		do {
+			strm.avail_out = CHUNK;
+			strm.next_out = out;
+			ret = deflate(&strm, flush);    /* no bad return value */
+			assert(ret != Z_STREAM_ERROR);  /* state not clobbered */
+			have = CHUNK - strm.avail_out;
+			if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
+				(void)deflateEnd(&strm);
+				return Z_ERRNO;
+			}
+		} while (strm.avail_out == 0);
+		assert(strm.avail_in == 0);     /* all input will be used */
+
+		/* done when last data in file processed */
+	} while (flush != Z_FINISH);
+	assert(ret == Z_STREAM_END);        /* stream will be complete */
+
+	/* clean up and return */
+	(void)deflateEnd(&strm);
+	return Z_OK;
+}
+
+/* Decompress from file source to file dest until stream ends or EOF.
+   inf() returns Z_OK on success, Z_MEM_ERROR if memory could not be
+   allocated for processing, Z_DATA_ERROR if the deflate data is
+   invalid or incomplete, Z_VERSION_ERROR if the version of zlib.h and
+   the version of the library linked do not match, or Z_ERRNO if there
+   is an error reading or writing the files. */
+int inf(FILE *source, FILE *dest)
+{
+	int ret;
+	unsigned have;
+	z_stream strm;
+	unsigned char in[CHUNK];
+	unsigned char out[CHUNK];
+
+	/* allocate inflate state */
+	strm.zalloc = Z_NULL;
+	strm.zfree = Z_NULL;
+	strm.opaque = Z_NULL;
+	strm.avail_in = 0;
+	strm.next_in = Z_NULL;
+	ret = inflateInit(&strm);
+	if (ret != Z_OK)
+		return ret;
+
+	/* decompress until deflate stream ends or end of file */
+	do {
+		strm.avail_in = fread(in, 1, CHUNK, source);
+		if (ferror(source)) {
+			(void)inflateEnd(&strm);
+			return Z_ERRNO;
+		}
+		if (strm.avail_in == 0)
+			break;
+		strm.next_in = in;
+
+		/* run inflate() on input until output buffer not full */
+		do {
+			strm.avail_out = CHUNK;
+			strm.next_out = out;
+			ret = inflate(&strm, Z_NO_FLUSH);
+			assert(ret != Z_STREAM_ERROR);  /* state not clobbered */
+			switch (ret) {
+			case Z_NEED_DICT:
+				ret = Z_DATA_ERROR;     /* and fall through */
+			case Z_DATA_ERROR:
+			case Z_MEM_ERROR:
+				(void)inflateEnd(&strm);
+				return ret;
+			}
+			have = CHUNK - strm.avail_out;
+			if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
+				(void)inflateEnd(&strm);
+				return Z_ERRNO;
+			}
+		} while (strm.avail_out == 0);
+
+		/* done when inflate() says it's done */
+	} while (ret != Z_STREAM_END);
+
+	/* clean up and return */
+	(void)inflateEnd(&strm);
+	return ret == Z_STREAM_END ? Z_OK : Z_DATA_ERROR;
+}
+
+/* report a zlib or i/o error */
+void zerr(int ret)
+{
+	fputs("zpipe: ", stderr);
+	switch (ret) {
+	case Z_ERRNO:
+		if (ferror(stdin))
+			fputs("error reading stdin\n", stderr);
+		if (ferror(stdout))
+			fputs("error writing stdout\n", stderr);
+		break;
+	case Z_STREAM_ERROR:
+		fputs("invalid compression level\n", stderr);
+		break;
+	case Z_DATA_ERROR:
+		fputs("invalid or incomplete deflate data\n", stderr);
+		break;
+	case Z_MEM_ERROR:
+		fputs("out of memory\n", stderr);
+		break;
+	case Z_VERSION_ERROR:
+		fputs("zlib version mismatch!\n", stderr);
+	}
+}
+
+/* compress or decompress from stdin to stdout */
+int main(int argc, char **argv)
+{
+	int ret;
+
+	/* avoid end-of-line conversions */
+	SET_BINARY_MODE(stdin);
+	SET_BINARY_MODE(stdout);
+
+	/* do compression if no arguments */
+	if (argc == 1) {
+		ret = def(stdin, stdout, Z_DEFAULT_COMPRESSION);
+		if (ret != Z_OK)
+			zerr(ret);
+		return ret;
+	}
+
+	/* do decompression if -d specified */
+	else if (argc == 2 && strcmp(argv[1], "-d") == 0) {
+		ret = inf(stdin, stdout);
+		if (ret != Z_OK)
+			zerr(ret);
+		return ret;
+	}
+
+	/* otherwise, report usage */
+	else {
+		fputs("zpipe usage: zpipe [-d] < source > dest\n", stderr);
+		return 1;
+	}
+}

contrib/tuntapv9-ndis/README.md

@@ -0,0 +1,17 @@
+# TUN/TAP driver v9 for Windows
+
+in order to set up tunnels on Windows, you will need
+to instal this driver.
+
+* v9.9.2.3 is for Windows 2000/XP/2003 (NDIS 5.0-based)
+* v9.21.2 is for Windows Vista/7/8.1 and 10 (NDIS 6.0, forward-compatible with NDIS 10.0)
+
+to instal, extract the corresponding version of the driver for your
+platform and run `%ARCH%/install_tap.cmd` in an elevated shell
+
+to remove *ALL* virtual tunnel adapters, run `%ARCH%/del_tap.cmd` in an elevated shell. Use the
+Device Manager snap-in to remove individual adapter instances.
+
+Both are signed by OpenVPN Inc, and are available for 32- and 64-bit archs.
+
+-despair86

crypto/csrng/randombytes_salsa20_random.c

@@ -41,13 +41,9 @@
 #ifdef _WIN32
 #include <windows.h>
 #include <sys/timeb.h>
-#define RtlGenRandom SystemFunction036
-#if defined(__cplusplus)
-extern "C"
-#endif
-    BOOLEAN NTAPI
-    RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
-#pragma comment(lib, "advapi32.lib")
+#include <wincrypt.h>
+#include <bcrypt.h>
+typedef NTSTATUS (FAR PASCAL* CNGAPI_DRBG)(BCRYPT_ALG_HANDLE, UCHAR*, ULONG, ULONG);
 #ifdef __BORLANDC__
 #define _ftime ftime
 #define _timeb timeb
@@ -73,7 +69,7 @@ extern "C"
 
 #ifndef TLS
 #ifdef _WIN32
-#define TLS __declspec(thread)
+#define TLS __thread
 #else
 #define TLS
 #endif
@@ -114,10 +110,7 @@ static uint64_t
 sodium_hrtime(void)
 {
   struct _timeb tb;
-#pragma warning(push)
-#pragma warning(disable : 4996)
   _ftime(&tb);
-#pragma warning(pop)
   return ((uint64_t)tb.time) * 1000000U + ((uint64_t)tb.millitm) * 1000U;
 }
 
@@ -391,9 +384,39 @@ randombytes_salsa20_random_stir(void)
 #endif
 
 #else /* _WIN32 */
-  if(!RtlGenRandom((PVOID)m0, (ULONG)sizeof m0))
+  HANDLE hCAPINg;
+  BOOL rtld;
+  CNGAPI_DRBG getrandom;
+  HCRYPTPROV hProv;
+  /* load bcrypt dynamically, see if we're already loaded */
+  hCAPINg = GetModuleHandle("bcrypt.dll");
+  /* otherwise, load CNG manually */
+  if (!hCAPINg)
   {
-    sodium_misuse(); /* LCOV_EXCL_LINE */
+	 hCAPINg = LoadLibraryEx("bcrypt.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32); 
+	 rtld = TRUE;
+  }
+  if (hCAPINg)
+  {
+	 /* call BCryptGenRandom(2) */
+	 getrandom = GetProcAddress(hCAPINg, "BCryptGenRandom");
+	 if(!BCRYPT_SUCCESS(getrandom(NULL, m0, sizeof m0,BCRYPT_USE_SYSTEM_PREFERRED_RNG)))
+	 {
+		 sodium_misuse();
+	 }
+	 /* don't leak lib refs */
+	 if (rtld)
+		 FreeLibrary(hCAPINg);
+  }
+  /* if that fails use the regular ARC4-SHA1 RNG (!!!) *cringes* */
+  else
+  {
+	 CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
+	 if (!CryptGenRandom(hProv, sizeof m0, m0)) 
+	 {
+		 sodium_misuse(); /* LCOV_EXCL_LINE */
+	 }
+	CryptReleaseContext(hProv, 0);
   }
 #endif
 

crypto/secmem/secmem.c

@@ -1,3 +1,7 @@
+/* [Rtl]SecureZeroMemory is an inline procedure in the windows headers */
+#ifdef _WIN32
+#include <windows.h>
+#endif
 #include <sodium/utils.h>
 
 void

llarp/fs.hpp

@@ -8,9 +8,8 @@
 #define PATH_SEP "/"
 #endif
 
-#if 0
+#ifdef _WIN32
 #include <experimental/filesystem>
-
 namespace fs = std::experimental::filesystem;
 #else
 #include "filesystem.h"

win32-setup/lokinet-win32.iss

@@ -0,0 +1,120 @@
+; Script generated by the Inno Script Studio Wizard.
+; SEE THE DOCUMENTATION FOR DETAILS ON CREATING INNO SETUP SCRIPT FILES!
+
+#define MyAppName "loki-network"
+#define MyAppVersion "0.0.3"
+#define MyAppPublisher "Loki Project"
+#define MyAppURL "https://loki.network"
+#define MyAppExeName "lokinet.exe"
+; change this to avoid compiler errors  -despair
+#define DevPath "D:\dev\external\llarpd-builder\"
+#include <idp.iss>
+
+; inno setup script ©2018 rick v for loki project
+; all rights reserved? not sure which licence we're 
+; under. lokinet appears to be under the zlib licence
+; unless we've pivoted to the GPL for whatever reason.
+; -despair
+
+[Setup]
+; NOTE: The value of AppId uniquely identifies this application.
+; Do not use the same AppId value in installers for other applications.
+; (To generate a new GUID, click Tools | Generate GUID inside the IDE.)
+AppId={{11335EAC-0385-4C78-A3AA-67731326B653}
+AppName={#MyAppName}
+AppVersion={#MyAppVersion}
+;AppVerName={#MyAppName} {#MyAppVersion}
+AppPublisher={#MyAppPublisher}
+AppPublisherURL={#MyAppURL}
+AppSupportURL={#MyAppURL}
+AppUpdatesURL={#MyAppURL}
+DefaultDirName={pf}\{#MyAppName}
+DefaultGroupName={#MyAppName}
+AllowNoIcons=yes
+LicenseFile={#DevPath}deps\llarp\LICENSE
+OutputDir={#DevPath}win32-setup
+OutputBaseFilename=lokinet-win32
+Compression=lzma
+SolidCompression=yes
+VersionInfoVersion=0.0.3
+VersionInfoCompany=Loki Project
+VersionInfoDescription=lokinet installer for win32
+VersionInfoTextVersion=0.0.3
+VersionInfoProductName=loki-network
+VersionInfoProductVersion=0.0.3
+VersionInfoProductTextVersion=0.0.3
+InternalCompressLevel=ultra64
+MinVersion=0,5.0
+; uncomment if you are shipping the 64-bit build
+;ArchitecturesInstallIn64BitMode=x64
+VersionInfoCopyright=Copyright ©2018 Loki Project
+
+[Languages]
+Name: "english"; MessagesFile: "compiler:Default.isl"
+
+[Tasks]
+Name: "desktopicon"; Description: "{cm:CreateDesktopIcon}"; GroupDescription: "{cm:AdditionalIcons}"; Flags: unchecked
+Name: "quicklaunchicon"; Description: "{cm:CreateQuickLaunchIcon}"; GroupDescription: "{cm:AdditionalIcons}"; Flags: unchecked; OnlyBelowVersion: 0,6.1
+
+[Files]
+; we're grabbing the builds from jenkins-ci now, which are fully linked
+Source: "{#DevPath}build\lokinet.exe"; DestDir: "{app}"; Flags: ignoreversion
+Source: "{#DevPath}build\dns.exe"; DestDir: "{app}"; Flags: ignoreversion
+Source: "{#DevPath}build\llarpc.exe"; DestDir: "{app}"; Flags: ignoreversion
+Source: "{#DevPath}build\rcutil.exe"; DestDir: "{app}"; Flags: ignoreversion
+; delet this after finishing setup, we only need it to extract the drivers
+; and download an initial RC
+Source: "{#DevPath}lokinet-bootstrap.exe"; DestDir: "{tmp}"; Flags: deleteafterinstall
+Source: "{#DevPath}win32-setup\7z.exe"; DestDir: "{tmp}"; Flags: deleteafterinstall
+; Copy the correct tuntap driver for the selected platform
+Source: "{tmp}\tuntapv9.7z"; DestDir: "{app}"; Flags: ignoreversion external; OnlyBelowVersion: 0, 6.0
+Source: "{tmp}\tuntapv9_n6.7z"; DestDir: "{app}"; Flags: ignoreversion external; MinVersion: 0,6.0
+
+; NOTE: Don't use "Flags: ignoreversion" on any shared system files
+
+[UninstallDelete]
+Type: filesandordirs; Name: "{app}\tap-windows*"
+
+[UninstallRun]
+Filename: "{app}\tap-windows-9.21.2\remove.bat"; WorkingDir: "{app}\tap-windows-9.21.2"; MinVersion: 0,6.0; Flags: runascurrentuser
+Filename: "{app}\tap-windows-9.9.2\remove.bat"; WorkingDir: "{app}\tap-windows-9.9.2"; OnlyBelowVersion: 0,6.0; Flags: runascurrentuser
+
+[Code]
+procedure InitializeWizard();
+var
+  Version: TWindowsVersion;
+  S: String;
+begin
+  GetWindowsVersionEx(Version);
+  if Version.NTPlatform and
+     (Version.Major < 6) and
+     (Version.Minor = 0) then
+  begin
+    // Windows 2000, XP, .NET Svr 2003
+    // these have a horribly crippled WinInet that issues Triple-DES as its most secure
+    // cipher suite
+    idpAddFile('http://www.rvx86.net/files/tuntapv9.7z', ExpandConstant('{tmp}\tuntapv9.7z'));
+  end
+  else
+  begin
+    // current versions of windows :-)
+    idpAddFile('https://github.com/despair86/lokinet-builder/raw/master/contrib/tuntapv9-ndis/tap-windows-9.21.2.7z', ExpandConstant('{tmp}\tuntapv9_n6.7z'));
+  end;
+    idpDownloadAfter(wpReady);
+end;
+
+[Icons]
+Name: "{group}\{#MyAppName}"; Filename: "{app}\{#MyAppExeName}"
+Name: "{group}\{cm:ProgramOnTheWeb,{#MyAppName}}"; Filename: "{#MyAppURL}"
+Name: "{group}\{cm:UninstallProgram,{#MyAppName}}"; Filename: "{uninstallexe}"
+Name: "{commondesktop}\{#MyAppName}"; Filename: "{app}\{#MyAppExeName}"; Tasks: desktopicon
+Name: "{userappdata}\Microsoft\Internet Explorer\Quick Launch\{#MyAppName}"; Filename: "{app}\{#MyAppExeName}"; Tasks: quicklaunchicon
+
+[Run]
+Filename: "{app}\{#MyAppExeName}"; Description: "{cm:LaunchProgram,{#StringChange(MyAppName, '&', '&&')}}"; Flags: nowait postinstall skipifsilent
+; wait until either one of these terminates
+Filename: "{tmp}\7z.exe"; Description: "extract TUN/TAP-v9 driver"; WorkingDir: "{app}"; Parameters: "x tuntapv9.7z"; OnlyBelowVersion: 0, 6.0; StatusMsg: "Extracting driver..."; Flags: runascurrentuser
+Filename: "{tmp}\7z.exe"; Description: "extract TUN/TAP-v9 driver"; WorkingDir: "{app}"; Parameters: "x tuntapv9_n6.7z"; MinVersion: 0, 6.0; StatusMsg: "Extracting driver..."; Flags: runascurrentuser 
+; then ask to install driver
+Filename: "{app}\tap-windows-9.9.2\install.bat"; Description: "Install TUN/TAP-v9 driver"; WorkingDir: "{app}\tap-windows-9.9.2"; OnlyBelowVersion: 0, 6.0; StatusMsg: "Installing driver..."; Flags: runascurrentuser postinstall
+Filename: "{app}\tap-windows-9.21.2\install.bat"; Description: "Install TUN/TAP-v9 driver"; WorkingDir: "{app}\tap-windows-9.21.2"; MinVersion: 0, 6.0; StatusMsg: "Installing driver..."; Flags: runascurrentuser postinstall