nim-libp2p/libp2p/protocols/secure/secure.nim

87 lines
2.8 KiB
Nim
Raw Normal View History

2019-09-06 06:51:46 +00:00
## Nim-LibP2P
2019-09-24 17:48:23 +00:00
## Copyright (c) 2019 Status Research & Development GmbH
2019-09-06 06:51:46 +00:00
## Licensed under either of
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
## at your option.
## This file may not be copied, modified, or distributed except according to
## those terms.
import options
2019-09-06 06:51:46 +00:00
import chronos
import chronicles
2020-03-09 17:27:57 +00:00
import ../protocol,
../../stream/bufferstream,
../../crypto/crypto,
../../connection,
../../peerinfo
2019-09-06 06:51:46 +00:00
type
Secure* = ref object of LPProtocol # base type for secure managers
2020-03-09 17:27:57 +00:00
SecureConn* = ref object of Connection
method readMessage*(c: SecureConn): Future[seq[byte]] {.async, base.} =
doAssert(false, "Not implemented!")
method writeMessage*(c: SecureConn, data: seq[byte]) {.async, base.} =
doAssert(false, "Not implemented!")
2019-09-06 06:51:46 +00:00
method handshake(s: Secure,
conn: Connection,
2020-03-08 03:14:56 +00:00
initiator: bool = false): Future[SecureConn] {.async, base.} =
doAssert(false, "Not implemented!")
proc readLoop(sconn: SecureConn, stream: BufferStream) {.async.} =
try:
while not sconn.closed:
let msg = await sconn.readMessage()
if msg.len == 0:
trace "stream EOF"
return
await stream.pushTo(msg)
except CatchableError as exc:
trace "exception occurred SecioConn.readLoop", exc = exc.msg
finally:
if not sconn.closed:
await sconn.close()
trace "ending secio readLoop", isclosed = sconn.closed()
2020-03-08 03:14:56 +00:00
proc handleConn*(s: Secure, conn: Connection, initiator: bool = false): Future[Connection] {.async, gcsafe.} =
var sconn = await s.handshake(conn, initiator)
proc writeHandler(data: seq[byte]) {.async, gcsafe.} =
trace "sending encrypted bytes", bytes = data.toHex()
await sconn.writeMessage(data)
var stream = newBufferStream(writeHandler)
asyncCheck readLoop(sconn, stream)
result = newConnection(stream)
result.closeEvent.wait()
.addCallback do (udata: pointer):
trace "wrapped connection closed, closing upstream"
if not isNil(sconn) and not sconn.closed:
asyncCheck sconn.close()
result.peerInfo = PeerInfo.init(sconn.peerInfo.publicKey.get())
method init*(s: Secure) {.gcsafe.} =
proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
trace "handling connection"
try:
Noise (#90) * Start ChaCha20Poly1305 integration (BearSSL) * Add Curve25519 (BearSSL) required operations for noise * Fix curve mulgen iterate/derive * Fix misleading header * Add chachapoly proper test * Curve25519 integration tests (failing, something is wrong) * Add few converters, finish c25519 integration tests * Remove implicit converters * removed internal globals * Start noise implementation * Fix public() using proper bear mulgen * Noise protocol WIP * Noise progress * Add a quick nim version of HKDF * Converted hkdf to iterator, useful for noise * Noise protocol implementation progress * Noise progress * XX handshake almost there * noise progress * Noise, testing handshake with test vectors * Noise handshake progress, still wrong somewhere! * Noise handshake success! * Full verified noise XX handshake completed * Fix and rewrite test to be similar to switch one * Start with connection upgrade * Switch chachapoly to CT implementations * Improve HKDF implementation * Use a type insted of tuple for HandshakeResult * Remove unnecessary Let * More cosmetic fixes * Properly check randomBytes result * Fix chachapoly signature * Noise full circle (altho dispatcher is nil cursed) * Allow nil aads in chachapoly routines * Noise implementation up to running full test * Use bearssl HKDF as well * Directly use bearssl rng for curve25519 keys * Add a (disabled/no CI) noise interop test server * WIP on fixing interop issues * More fixes in noise implementation for interop * bump chronos requirement (nimble) * Add a chachapoly test for very small size payloads * Noise, more tracing * Add 2 properly working noise tests * Fix payload packing, following the spec properly (and not go version but rather rust) * Sanity, replace discard with asyncCheck * Small fixes and optimization * Use stew endian2 rather then system endian module * Update nimble deps (chronos) * Minor cosmetic/code sanity fixes * Noise, handle Nonce max * Noise tests, make sure to close secured conns * More polish, improve code readability too * More polish and testing again which test fails * Further polishing * Restore noise tests * Remove useless Future[void] * Remove useless CipherState initializer * add a proper read wait future in second noise test * Remove noise generic secure implementation for now * Few fixes to run eth2 sim * Add more debug info in noise traces * Merge size + payload write in sendEncryptedMessage * Revert secure interface, add outgoing property directly in newNoise * remove sendEncrypted and receiveEncrypted * Use openarray in chachapoly and curve25519 helpers
2020-03-17 12:30:01 +00:00
asyncCheck s.handleConn(conn, false)
trace "connection secured"
except CatchableError as exc:
if not conn.closed():
warn "securing connection failed", msg = exc.msg
await conn.close()
s.handler = handle
2020-03-08 03:14:56 +00:00
method secure*(s: Secure, conn: Connection): Future[Connection] {.async, base, gcsafe.} =
try:
result = await s.handleConn(conn, true)
except CatchableError as exc:
warn "securing connection failed", msg = exc.msg
if not conn.closed():
await conn.close()