Browse Source

Force Failure if remote attempts to authenticate with a different

identity.
identity
Sarah Jamie Lewis 5 months ago
parent
commit
9c91a4e000

+ 1
- 1
README.md View File

@@ -8,7 +8,7 @@ Tapir has been designed as a replacement to the Ricochet protocol.

## Features

* New Authenticaiton Protocol based on v3 Onion Services
* New Authentication Protocol based on v3 Onion Services
* Bidirectional Application Channels.

**Work In Progress**

+ 9
- 0
applications/auth.go View File

@@ -47,6 +47,15 @@ func (ea AuthApp) Init(connection tapir.Connection) {
return
}

// If we are an outbound connection we can perform an additional check to ensure that the server sent us back the correct long term
// public key
if connection.IsOutbound() && utils.GetTorV3Hostname(remoteAuthMessage.LongTermPublicKey) != connection.Hostname() {
log.Errorf("The remote server (%v) has attempted to authenticate with a different public key %v", connection.Hostname(), utils.GetTorV3Hostname(remoteAuthMessage.LongTermPublicKey))
connection.Close()
return
}

// Perform the triple-diffie-hellman exchange.
key := primitives.Perform3DH(connection.ID(), &ephemeralIdentity, remoteAuthMessage.LongTermPublicKey, remoteAuthMessage.EphemeralPublicKey, connection.IsOutbound())
connection.SetEncryptionKey(key)


+ 2
- 2
applications/auth_test.go View File

@@ -20,8 +20,8 @@ func (mc *MockConnection) Init(outbound bool) {
return
}

func (MockConnection) Hostname() string {
panic("implement me")
func (mc MockConnection) Hostname() string {
return mc.id.Hostname()
}

func (mc MockConnection) IsOutbound() bool {

+ 1
- 0
networks/tor/BaseOnionService.go View File

@@ -54,6 +54,7 @@ func (s *BaseOnionService) WaitForCapabilityOrClose(cid string, name string) (ta
func (s *BaseOnionService) GetConnection(hostname string) (tapir.Connection, error) {
var conn tapir.Connection
s.connections.Range(func(key, value interface{}) bool {
log.Debugf("Checking %v", key)
connection := value.(tapir.Connection)
if connection.Hostname() == hostname {
if !connection.IsClosed() {

+ 1
- 1
primitives/3DH.go View File

@@ -8,7 +8,7 @@ import (
// Perform3DH encapsulates a triple-diffie-hellman key exchange.
// In this exchange Alice and Bob both hold longterm identity keypairs
// Both Alice and Bob generate an additional ephemeral key pair:
// 3 Diffie Hellman exchanges are then performed:
// Three Diffie Hellman exchanges are then performed:
// Alice Long Term <-> Bob Ephemeral
// Alice Ephemeral <-> Bob Long Term
// Alice Ephemeral <-> Bob Ephemeral

+ 2
- 1
service.go View File

@@ -113,6 +113,7 @@ func (c *connection) HasCapability(name string) bool {

// Close forcibly closes the connection
func (c *connection) Close() {
c.closed = true
c.conn.Close()
}

@@ -162,7 +163,7 @@ func (c *connection) Send(message []byte) {
if c.encrypted {
var nonce [24]byte
if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
// TODO: Surface is Error
log.Errorf("Could not read sufficient randomness %v. Closing connection", err)
c.conn.Close()
c.closed = true
}

+ 84
- 0
testing/tapir_malicious_remote_integration_test.go View File

@@ -0,0 +1,84 @@
package testing

import (
"cwtch.im/tapir"
"cwtch.im/tapir/applications"
"cwtch.im/tapir/networks/tor"
"cwtch.im/tapir/primitives"
"git.openprivacy.ca/openprivacy/libricochet-go/connectivity"
"git.openprivacy.ca/openprivacy/libricochet-go/log"
"git.openprivacy.ca/openprivacy/libricochet-go/utils"
"golang.org/x/crypto/ed25519"
"runtime"
"sync"
"testing"
"time"
)

func TestTapirMaliciousRemote(t *testing.T) {

numRoutinesStart := runtime.NumGoroutine()
log.SetLevel(log.LevelDebug)
log.Infof("Number of goroutines open at start: %d", runtime.NumGoroutine())
// Connect to Tor
var acn connectivity.ACN
acn, _ = connectivity.StartTor("./", "")
acn.WaitTillBootstrapped()

// Generate Server Keys, not we generate two sets
id, _ := primitives.InitializeEphemeralIdentity()
id2, sk2 := primitives.InitializeEphemeralIdentity()

// Init the Server running the Simple App.
var service tapir.Service
service = new(tor.BaseOnionService)
// Initialize an onion service with one identity, but the auth app with another, this should
// trigger a failure in authentication protocol
service.Init(acn, sk2, &id)

// Goroutine Management
sg := new(sync.WaitGroup)
sg.Add(1)
go func() {
service.Listen(applications.AuthApp{})
sg.Done()
}()

// Wait for server to come online
time.Sleep(time.Second * 30)
wg := new(sync.WaitGroup)
wg.Add(1)
// Init a Client to Connect to the Server
log.Infof("initializing the client....")
client, _ := genclient(acn)
go connectclientandfail(client, id2.PublicKey(), wg, t)
wg.Wait()
// Wait for Server to Sync
time.Sleep(time.Second * 2)
log.Infof("closing ACN...")
acn.Close()
sg.Wait()
time.Sleep(time.Second * 2)
log.Infof("Number of goroutines open at close: %d", runtime.NumGoroutine())
if numRoutinesStart != runtime.NumGoroutine() {
t.Errorf("Potential goroutine leak: Num Start:%v NumEnd: %v", numRoutinesStart, runtime.NumGoroutine())
}
}

// Client will Connect and launch it's own Echo App goroutine.
func connectclientandfail(client tapir.Service, key ed25519.PublicKey, group *sync.WaitGroup, t *testing.T) {
client.Connect(utils.GetTorV3Hostname(key), applications.AuthApp{})

// Once connected, it shouldn't take long to authenticate and run the application. So for the purposes of this demo
// we will wait a little while then exit.
time.Sleep(time.Second * 5)

log.Infof("Checking connection status...")
conn, err := client.GetConnection(utils.GetTorV3Hostname(key))
if err == nil {
group.Done()
t.Fatalf("Connection should have failed! %v %v", conn, err)
}
log.Infof("Successfully failed to authenticate...")
group.Done()
}

Loading…
Cancel
Save