2019-09-06 06:51:46 +00:00
|
|
|
## Nim-LibP2P
|
2019-09-24 17:48:23 +00:00
|
|
|
## Copyright (c) 2019 Status Research & Development GmbH
|
2019-09-06 06:51:46 +00:00
|
|
|
## Licensed under either of
|
|
|
|
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
|
|
|
|
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
|
|
|
|
## at your option.
|
|
|
|
## This file may not be copied, modified, or distributed except according to
|
|
|
|
## those terms.
|
|
|
|
|
2020-02-25 05:06:57 +00:00
|
|
|
import options
|
2019-09-06 06:51:46 +00:00
|
|
|
import chronos
|
2020-02-25 05:06:57 +00:00
|
|
|
import chronicles
|
2020-03-09 17:27:57 +00:00
|
|
|
import ../protocol,
|
2020-02-25 05:06:57 +00:00
|
|
|
../../stream/bufferstream,
|
|
|
|
../../crypto/crypto,
|
|
|
|
../../connection,
|
2020-03-23 06:03:36 +00:00
|
|
|
../../peerinfo,
|
|
|
|
../../utility
|
2019-09-06 06:51:46 +00:00
|
|
|
|
|
|
|
type
|
|
|
|
Secure* = ref object of LPProtocol # base type for secure managers
|
2020-03-09 17:27:57 +00:00
|
|
|
SecureConn* = ref object of Connection
|
|
|
|
|
|
|
|
method readMessage*(c: SecureConn): Future[seq[byte]] {.async, base.} =
|
|
|
|
doAssert(false, "Not implemented!")
|
|
|
|
|
|
|
|
method writeMessage*(c: SecureConn, data: seq[byte]) {.async, base.} =
|
|
|
|
doAssert(false, "Not implemented!")
|
2019-09-06 06:51:46 +00:00
|
|
|
|
2020-03-04 19:45:14 +00:00
|
|
|
method handshake(s: Secure,
|
|
|
|
conn: Connection,
|
2020-03-08 03:14:56 +00:00
|
|
|
initiator: bool = false): Future[SecureConn] {.async, base.} =
|
2020-02-25 05:06:57 +00:00
|
|
|
doAssert(false, "Not implemented!")
|
|
|
|
|
|
|
|
proc readLoop(sconn: SecureConn, stream: BufferStream) {.async.} =
|
|
|
|
try:
|
|
|
|
while not sconn.closed:
|
|
|
|
let msg = await sconn.readMessage()
|
|
|
|
if msg.len == 0:
|
|
|
|
trace "stream EOF"
|
|
|
|
return
|
|
|
|
|
|
|
|
await stream.pushTo(msg)
|
|
|
|
except CatchableError as exc:
|
|
|
|
trace "exception occurred SecioConn.readLoop", exc = exc.msg
|
|
|
|
finally:
|
|
|
|
if not sconn.closed:
|
|
|
|
await sconn.close()
|
|
|
|
trace "ending secio readLoop", isclosed = sconn.closed()
|
|
|
|
|
2020-03-08 03:14:56 +00:00
|
|
|
proc handleConn*(s: Secure, conn: Connection, initiator: bool = false): Future[Connection] {.async, gcsafe.} =
|
|
|
|
var sconn = await s.handshake(conn, initiator)
|
2020-02-25 05:06:57 +00:00
|
|
|
proc writeHandler(data: seq[byte]) {.async, gcsafe.} =
|
2020-03-23 06:03:36 +00:00
|
|
|
trace "sending encrypted bytes", bytes = data.shortLog
|
2020-02-25 05:06:57 +00:00
|
|
|
await sconn.writeMessage(data)
|
|
|
|
|
|
|
|
var stream = newBufferStream(writeHandler)
|
|
|
|
asyncCheck readLoop(sconn, stream)
|
|
|
|
result = newConnection(stream)
|
|
|
|
result.closeEvent.wait()
|
|
|
|
.addCallback do (udata: pointer):
|
|
|
|
trace "wrapped connection closed, closing upstream"
|
|
|
|
if not isNil(sconn) and not sconn.closed:
|
|
|
|
asyncCheck sconn.close()
|
|
|
|
|
|
|
|
result.peerInfo = PeerInfo.init(sconn.peerInfo.publicKey.get())
|
|
|
|
|
|
|
|
method init*(s: Secure) {.gcsafe.} =
|
|
|
|
proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
|
|
|
|
trace "handling connection"
|
|
|
|
try:
|
Noise (#90)
* Start ChaCha20Poly1305 integration (BearSSL)
* Add Curve25519 (BearSSL) required operations for noise
* Fix curve mulgen iterate/derive
* Fix misleading header
* Add chachapoly proper test
* Curve25519 integration tests (failing, something is wrong)
* Add few converters, finish c25519 integration tests
* Remove implicit converters
* removed internal globals
* Start noise implementation
* Fix public() using proper bear mulgen
* Noise protocol WIP
* Noise progress
* Add a quick nim version of HKDF
* Converted hkdf to iterator, useful for noise
* Noise protocol implementation progress
* Noise progress
* XX handshake almost there
* noise progress
* Noise, testing handshake with test vectors
* Noise handshake progress, still wrong somewhere!
* Noise handshake success!
* Full verified noise XX handshake completed
* Fix and rewrite test to be similar to switch one
* Start with connection upgrade
* Switch chachapoly to CT implementations
* Improve HKDF implementation
* Use a type insted of tuple for HandshakeResult
* Remove unnecessary Let
* More cosmetic fixes
* Properly check randomBytes result
* Fix chachapoly signature
* Noise full circle (altho dispatcher is nil cursed)
* Allow nil aads in chachapoly routines
* Noise implementation up to running full test
* Use bearssl HKDF as well
* Directly use bearssl rng for curve25519 keys
* Add a (disabled/no CI) noise interop test server
* WIP on fixing interop issues
* More fixes in noise implementation for interop
* bump chronos requirement (nimble)
* Add a chachapoly test for very small size payloads
* Noise, more tracing
* Add 2 properly working noise tests
* Fix payload packing, following the spec properly (and not go version but
rather rust)
* Sanity, replace discard with asyncCheck
* Small fixes and optimization
* Use stew endian2 rather then system endian module
* Update nimble deps (chronos)
* Minor cosmetic/code sanity fixes
* Noise, handle Nonce max
* Noise tests, make sure to close secured conns
* More polish, improve code readability too
* More polish and testing again which test fails
* Further polishing
* Restore noise tests
* Remove useless Future[void]
* Remove useless CipherState initializer
* add a proper read wait future in second noise test
* Remove noise generic secure implementation for now
* Few fixes to run eth2 sim
* Add more debug info in noise traces
* Merge size + payload write in sendEncryptedMessage
* Revert secure interface, add outgoing property directly in newNoise
* remove sendEncrypted and receiveEncrypted
* Use openarray in chachapoly and curve25519 helpers
2020-03-17 12:30:01 +00:00
|
|
|
asyncCheck s.handleConn(conn, false)
|
2020-02-25 05:06:57 +00:00
|
|
|
trace "connection secured"
|
|
|
|
except CatchableError as exc:
|
|
|
|
if not conn.closed():
|
|
|
|
warn "securing connection failed", msg = exc.msg
|
|
|
|
await conn.close()
|
|
|
|
|
|
|
|
s.handler = handle
|
|
|
|
|
2020-03-08 03:14:56 +00:00
|
|
|
method secure*(s: Secure, conn: Connection): Future[Connection] {.async, base, gcsafe.} =
|
|
|
|
try:
|
|
|
|
result = await s.handleConn(conn, true)
|
|
|
|
except CatchableError as exc:
|
|
|
|
warn "securing connection failed", msg = exc.msg
|
|
|
|
if not conn.closed():
|
|
|
|
await conn.close()
|