nim-libp2p/libp2p/protocols/secure/secure.nim

## Nim-LibP2P
## Copyright (c) 2019 Status Research & Development GmbH
## Licensed under either of
##  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
##  * MIT license ([LICENSE-MIT](LICENSE-MIT))
## at your option.
## This file may not be copied, modified, or distributed except according to
## those terms.

import options
import chronos
import chronicles
import ../protocol,
       ../../stream/bufferstream,
       ../../crypto/crypto,
       ../../connection,
       ../../peerinfo

type
  Secure* = ref object of LPProtocol # base type for secure managers
  SecureConn* = ref object of Connection

method readMessage*(c: SecureConn): Future[seq[byte]] {.async, base.} =
  doAssert(false, "Not implemented!")

method writeMessage*(c: SecureConn, data: seq[byte]) {.async, base.} =
  doAssert(false, "Not implemented!")

method handshake(s: Secure,
                 conn: Connection,
                 initiator: bool = false): Future[SecureConn] {.async, base.} =
  doAssert(false, "Not implemented!")

proc readLoop(sconn: SecureConn, stream: BufferStream) {.async.} =
  try:
    while not sconn.closed:
      let msg = await sconn.readMessage()
      if msg.len == 0:
        trace "stream EOF"
        return

      await stream.pushTo(msg)
  except CatchableError as exc:
    trace "exception occurred SecioConn.readLoop", exc = exc.msg
  finally:
    if not sconn.closed:
      await sconn.close()
    trace "ending secio readLoop", isclosed = sconn.closed()

proc handleConn*(s: Secure, conn: Connection, initiator: bool = false): Future[Connection] {.async, gcsafe.} =
  var sconn = await s.handshake(conn, initiator)
  proc writeHandler(data: seq[byte]) {.async, gcsafe.} =
    trace "sending encrypted bytes", bytes = data.toHex()
    await sconn.writeMessage(data)

  var stream = newBufferStream(writeHandler)
  asyncCheck readLoop(sconn, stream)
  result = newConnection(stream)
  result.closeEvent.wait()
    .addCallback do (udata: pointer):
      trace "wrapped connection closed, closing upstream"
      if not isNil(sconn) and not sconn.closed:
        asyncCheck sconn.close()

  result.peerInfo = PeerInfo.init(sconn.peerInfo.publicKey.get())

method init*(s: Secure) {.gcsafe.} =
  proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
    trace "handling connection"
    try:
      asyncCheck s.handleConn(conn, false)
      trace "connection secured"
    except CatchableError as exc:
      if not conn.closed():
        warn "securing connection failed", msg = exc.msg
        await conn.close()

  s.handler = handle

method secure*(s: Secure, conn: Connection): Future[Connection] {.async, base, gcsafe.} =
  try:
    result = await s.handleConn(conn, true)
  except CatchableError as exc:
    warn "securing connection failed", msg = exc.msg
    if not conn.closed():
      await conn.close()
plaintext security 2019-09-06 06:51:46 +00:00			`## Nim-LibP2P`
changed copyright year 2019-09-24 17:48:23 +00:00			`## Copyright (c) 2019 Status Research & Development GmbH`
plaintext security 2019-09-06 06:51:46 +00:00			`## Licensed under either of`
			`## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))`
			`## * MIT license ([LICENSE-MIT](LICENSE-MIT))`
			`## at your option.`
			`## This file may not be copied, modified, or distributed except according to`
			`## those terms.`

feat: move connection handling logic to base class 2020-02-25 05:06:57 +00:00			`import options`
plaintext security 2019-09-06 06:51:46 +00:00			`import chronos`
feat: move connection handling logic to base class 2020-02-25 05:06:57 +00:00			`import chronicles`
move SecureConn to secure.nim 2020-03-09 17:27:57 +00:00			`import ../protocol,`
feat: move connection handling logic to base class 2020-02-25 05:06:57 +00:00			`../../stream/bufferstream,`
			`../../crypto/crypto,`
			`../../connection,`
			`../../peerinfo`
plaintext security 2019-09-06 06:51:46 +00:00
			`type`
			`Secure* = ref object of LPProtocol # base type for secure managers`
move SecureConn to secure.nim 2020-03-09 17:27:57 +00:00			`SecureConn* = ref object of Connection`

			`method readMessage*(c: SecureConn): Future[seq[byte]] {.async, base.} =`
			`doAssert(false, "Not implemented!")`

			`method writeMessage*(c: SecureConn, data: seq[byte]) {.async, base.} =`
			`doAssert(false, "Not implemented!")`
plaintext security 2019-09-06 06:51:46 +00:00
Fix and refactoring of some procedures which are able to return nil as result (#97) * Fix do not return nil as result. * Fix mplex test to properly raise. 2020-03-04 19:45:14 +00:00			`method handshake(s: Secure,`
			`conn: Connection,`
move `secure` to base as well 2020-03-08 03:14:56 +00:00			`initiator: bool = false): Future[SecureConn] {.async, base.} =`
feat: move connection handling logic to base class 2020-02-25 05:06:57 +00:00			`doAssert(false, "Not implemented!")`

			`proc readLoop(sconn: SecureConn, stream: BufferStream) {.async.} =`
			`try:`
			`while not sconn.closed:`
			`let msg = await sconn.readMessage()`
			`if msg.len == 0:`
			`trace "stream EOF"`
			`return`

			`await stream.pushTo(msg)`
			`except CatchableError as exc:`
			`trace "exception occurred SecioConn.readLoop", exc = exc.msg`
			`finally:`
			`if not sconn.closed:`
			`await sconn.close()`
			`trace "ending secio readLoop", isclosed = sconn.closed()`

move `secure` to base as well 2020-03-08 03:14:56 +00:00			`proc handleConn*(s: Secure, conn: Connection, initiator: bool = false): Future[Connection] {.async, gcsafe.} =`
			`var sconn = await s.handshake(conn, initiator)`
feat: move connection handling logic to base class 2020-02-25 05:06:57 +00:00			`proc writeHandler(data: seq[byte]) {.async, gcsafe.} =`
			`trace "sending encrypted bytes", bytes = data.toHex()`
			`await sconn.writeMessage(data)`

			`var stream = newBufferStream(writeHandler)`
			`asyncCheck readLoop(sconn, stream)`
			`result = newConnection(stream)`
			`result.closeEvent.wait()`
			`.addCallback do (udata: pointer):`
			`trace "wrapped connection closed, closing upstream"`
			`if not isNil(sconn) and not sconn.closed:`
			`asyncCheck sconn.close()`

			`result.peerInfo = PeerInfo.init(sconn.peerInfo.publicKey.get())`

			`method init*(s: Secure) {.gcsafe.} =`
			`proc handle(conn: Connection, proto: string) {.async, gcsafe.} =`
			`trace "handling connection"`
			`try:`
Noise (#90) * Start ChaCha20Poly1305 integration (BearSSL) * Add Curve25519 (BearSSL) required operations for noise * Fix curve mulgen iterate/derive * Fix misleading header * Add chachapoly proper test * Curve25519 integration tests (failing, something is wrong) * Add few converters, finish c25519 integration tests * Remove implicit converters * removed internal globals * Start noise implementation * Fix public() using proper bear mulgen * Noise protocol WIP * Noise progress * Add a quick nim version of HKDF * Converted hkdf to iterator, useful for noise * Noise protocol implementation progress * Noise progress * XX handshake almost there * noise progress * Noise, testing handshake with test vectors * Noise handshake progress, still wrong somewhere! * Noise handshake success! * Full verified noise XX handshake completed * Fix and rewrite test to be similar to switch one * Start with connection upgrade * Switch chachapoly to CT implementations * Improve HKDF implementation * Use a type insted of tuple for HandshakeResult * Remove unnecessary Let * More cosmetic fixes * Properly check randomBytes result * Fix chachapoly signature * Noise full circle (altho dispatcher is nil cursed) * Allow nil aads in chachapoly routines * Noise implementation up to running full test * Use bearssl HKDF as well * Directly use bearssl rng for curve25519 keys * Add a (disabled/no CI) noise interop test server * WIP on fixing interop issues * More fixes in noise implementation for interop * bump chronos requirement (nimble) * Add a chachapoly test for very small size payloads * Noise, more tracing * Add 2 properly working noise tests * Fix payload packing, following the spec properly (and not go version but rather rust) * Sanity, replace discard with asyncCheck * Small fixes and optimization * Use stew endian2 rather then system endian module * Update nimble deps (chronos) * Minor cosmetic/code sanity fixes * Noise, handle Nonce max * Noise tests, make sure to close secured conns * More polish, improve code readability too * More polish and testing again which test fails * Further polishing * Restore noise tests * Remove useless Future[void] * Remove useless CipherState initializer * add a proper read wait future in second noise test * Remove noise generic secure implementation for now * Few fixes to run eth2 sim * Add more debug info in noise traces * Merge size + payload write in sendEncryptedMessage * Revert secure interface, add outgoing property directly in newNoise * remove sendEncrypted and receiveEncrypted * Use openarray in chachapoly and curve25519 helpers 2020-03-17 12:30:01 +00:00			`asyncCheck s.handleConn(conn, false)`
feat: move connection handling logic to base class 2020-02-25 05:06:57 +00:00			`trace "connection secured"`
			`except CatchableError as exc:`
			`if not conn.closed():`
			`warn "securing connection failed", msg = exc.msg`
			`await conn.close()`

			`s.handler = handle`

move `secure` to base as well 2020-03-08 03:14:56 +00:00			`method secure*(s: Secure, conn: Connection): Future[Connection] {.async, base, gcsafe.} =`
			`try:`
			`result = await s.handleConn(conn, true)`
			`except CatchableError as exc:`
			`warn "securing connection failed", msg = exc.msg`
			`if not conn.closed():`
			`await conn.close()`