From e87f578c01f80d341d6bbe6aa3143af0536a62ad Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Mon, 24 Jan 2022 12:28:55 -0800 Subject: [PATCH] Expose errors in Send API. --- applications/auth_test.go | 3 ++- .../tokenboard/tokenboard_integration_test.go | 11 +++++++-- go.mod | 2 +- go.sum | 7 ++++++ service.go | 13 +++++++++-- testing/tapir_integration_test.go | 23 +++++++++++++++---- ...tapir_malicious_remote_integration_test.go | 11 ++++++++- 7 files changed, 59 insertions(+), 11 deletions(-) diff --git a/applications/auth_test.go b/applications/auth_test.go index f0b6db1..4b0af50 100644 --- a/applications/auth_test.go +++ b/applications/auth_test.go @@ -58,8 +58,9 @@ func (MockConnection) SetEncryptionKey(key [32]byte) { // no op } -func (MockConnection) Send(message []byte) { +func (MockConnection) Send(message []byte) error { // no op + return nil } func (MockConnection) Close() { diff --git a/applications/tokenboard/tokenboard_integration_test.go b/applications/tokenboard/tokenboard_integration_test.go index 3ac348c..333ac25 100644 --- a/applications/tokenboard/tokenboard_integration_test.go +++ b/applications/tokenboard/tokenboard_integration_test.go @@ -10,6 +10,7 @@ import ( "git.openprivacy.ca/openprivacy/connectivity" torProvider "git.openprivacy.ca/openprivacy/connectivity/tor" "git.openprivacy.ca/openprivacy/log" + "io/ioutil" "os" "runtime" "sync" @@ -74,10 +75,16 @@ func TestTokenBoardApp(t *testing.T) { os.MkdirAll("./tor/", 0700) builder := new(torProvider.TorrcBuilder) - builder.WithHashedPassword("tapir-integration-test").Build("./tor/torrc") + builder.WithSocksPort(9059).WithControlPort(9060).WithHashedPassword("tapir-integration-test").Build("./tor/torrc") + torDataDir := "" + var err error + if torDataDir, err = ioutil.TempDir("./tor/", "data-dir-"); err != nil { + t.Fatalf("could not create data dir") + } // Connect to Tor - acn, err := torProvider.NewTorACNWithAuth("./", "", 9051, torProvider.HashedPasswordAuthenticator{Password: "tapir-integration-test"}) + acn, err := torProvider.NewTorACNWithAuth("./", "", torDataDir, 9060, torProvider.HashedPasswordAuthenticator{Password: "tapir-integration-test"}) + if err != nil { t.Fatalf("could not launch ACN %v", err) } diff --git a/go.mod b/go.mod index 2051182..f1689cc 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module git.openprivacy.ca/cwtch.im/tapir go 1.16 require ( - git.openprivacy.ca/openprivacy/connectivity v1.6.0 + git.openprivacy.ca/openprivacy/connectivity v1.8.1 git.openprivacy.ca/openprivacy/log v1.0.3 github.com/davecgh/go-spew v1.1.1 // indirect github.com/gtank/merlin v0.1.1 diff --git a/go.sum b/go.sum index fcc0d97..cc248ec 100644 --- a/go.sum +++ b/go.sum @@ -4,6 +4,8 @@ git.openprivacy.ca/openprivacy/bine v0.0.4 h1:CO7EkGyz+jegZ4ap8g5NWRuDHA/56KKvGy git.openprivacy.ca/openprivacy/bine v0.0.4/go.mod h1:13ZqhKyqakDsN/ZkQkIGNULsmLyqtXc46XBcnuXm/mU= git.openprivacy.ca/openprivacy/connectivity v1.6.0 h1:j44Kya3GBH4BDGh0f5JD/eNAb77XiQreIZtzcY8Gn28= git.openprivacy.ca/openprivacy/connectivity v1.6.0/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw= +git.openprivacy.ca/openprivacy/connectivity v1.8.1 h1:OjWy+JTAvlrstY8PnGPBp7Ho04JaKHaQ+YdoLwSdaCo= +git.openprivacy.ca/openprivacy/connectivity v1.8.1/go.mod h1:UjQiGBnWbotmBzIw59B8H6efwDadjkKzm3RPT1UaIRw= git.openprivacy.ca/openprivacy/log v1.0.2/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw= git.openprivacy.ca/openprivacy/log v1.0.3 h1:E/PMm4LY+Q9s3aDpfySfEDq/vYQontlvNj/scrPaga0= git.openprivacy.ca/openprivacy/log v1.0.3/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw= @@ -18,6 +20,7 @@ github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643 h1:hLDRPB66XQT/8+wG github.com/mimoo/StrobeGo v0.0.0-20181016162300-f8f6d4d2b643/go.mod h1:43+3pMjjKimDBf5Kr4ZFNGbLql1zKkbImw+fZbw3geM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -38,10 +41,14 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e h1:FDhOuMEY4JVRztM/gsbk+IKUQ8kj74bxZrgw87eMMVc= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/service.go b/service.go index ab01903..9ec9512 100644 --- a/service.go +++ b/service.go @@ -3,6 +3,7 @@ package tapir import ( "crypto/rand" "encoding/binary" + "errors" "git.openprivacy.ca/cwtch.im/tapir/primitives" "git.openprivacy.ca/openprivacy/connectivity" "git.openprivacy.ca/openprivacy/log" @@ -39,7 +40,7 @@ type Connection interface { HasCapability(name Capability) bool SetCapability(name Capability) SetEncryptionKey(key [32]byte) - Send(message []byte) + Send(message []byte) error Close() App() Application SetApp(application Application) @@ -193,7 +194,13 @@ func (c *connection) SetEncryptionKey(key [32]byte) { } // Send writes a given message to a Tapir packet (of 1024 bytes in length). -func (c *connection) Send(message []byte) { +func (c *connection) Send(message []byte) error { + + // We can only encode messages up to maxLength + if len(message) >= c.MaxLength { + log.Errorf("attempting to send a message that is too big") + return errors.New("message too long") + } buffer := make([]byte, c.MaxLength) binary.PutUvarint(buffer[0:2], uint64(len(message))) @@ -206,6 +213,7 @@ func (c *connection) Send(message []byte) { if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil { log.Errorf("Could not read sufficient randomness %v. Closing connection", err) c.closeInner() + return errors.New("could not read random") } // MaxLength - 40 = MaxLength - 24 nonce bytes and 16 auth tag. encrypted := secretbox.Seal(nonce[:], buffer[0:c.MaxLength-40], &nonce, &c.key) @@ -216,6 +224,7 @@ func (c *connection) Send(message []byte) { if err != nil { c.closeInner() } + return err } // Broadcast sends a message to all active service connections with a given capability diff --git a/testing/tapir_integration_test.go b/testing/tapir_integration_test.go index 7af2982..85ab25c 100644 --- a/testing/tapir_integration_test.go +++ b/testing/tapir_integration_test.go @@ -9,6 +9,7 @@ import ( torProvider "git.openprivacy.ca/openprivacy/connectivity/tor" "git.openprivacy.ca/openprivacy/log" "golang.org/x/crypto/ed25519" + "io/ioutil" "os" "runtime" "sync" @@ -63,10 +64,16 @@ func TestTapir(t *testing.T) { // Connect to Tor os.MkdirAll("./tor/", 0700) builder := new(torProvider.TorrcBuilder) - builder.WithHashedPassword("tapir-integration-test").Build("./tor/torrc") + builder.WithSocksPort(9059).WithControlPort(9060).WithHashedPassword("tapir-integration-test").Build("./tor/torrc") + + torDataDir := "" + var err error + if torDataDir, err = ioutil.TempDir("./tor/", "data-dir-"); err != nil { + t.Fatalf("could not create data dir") + } // Connect to Tor - acn, err := torProvider.NewTorACNWithAuth("./", "", 9051, torProvider.HashedPasswordAuthenticator{Password: "tapir-integration-test"}) + acn, err := torProvider.NewTorACNWithAuth("./", "", torDataDir, 9060, torProvider.HashedPasswordAuthenticator{Password: "tapir-integration-test"}) if err != nil { t.Fatalf("could not launch ACN %v", err) } @@ -93,7 +100,7 @@ func TestTapir(t *testing.T) { wg.Add(2) // Init a Client to Connect to the Server client, clienthostname := genclient(acn) - go connectclient(client, id.PublicKey(), wg) + go connectclient(t, client, id.PublicKey(), wg) CheckConnection(service, clienthostname, wg) wg.Wait() // Wait for Server to Sync @@ -120,7 +127,7 @@ func genclient(acn connectivity.ACN) (tapir.Service, string) { } // Client will Connect and launch it's own Echo App goroutine. -func connectclient(client tapir.Service, key ed25519.PublicKey, group *sync.WaitGroup) { +func connectclient(t *testing.T, client tapir.Service, key ed25519.PublicKey, group *sync.WaitGroup) { client.Connect(torProvider.GetTorV3Hostname(key), new(SimpleApp)) // Once connected, it shouldn't take long to authenticate and run the application. So for the purposes of this demo @@ -129,6 +136,14 @@ func connectclient(client tapir.Service, key ed25519.PublicKey, group *sync.Wait conn, _ := client.GetConnection(torProvider.GetTorV3Hostname(key)) log.Debugf("Client has Auth: %v", conn.HasCapability(applications.AuthCapability)) + + // attempt to send a message that is too long + var long [8195]byte + err := conn.Send(long[:]) + if err == nil { + t.Errorf("should have errored on message being too long...") + } + AuthSuccess = true group.Done() } diff --git a/testing/tapir_malicious_remote_integration_test.go b/testing/tapir_malicious_remote_integration_test.go index 3aa3d98..6efaceb 100644 --- a/testing/tapir_malicious_remote_integration_test.go +++ b/testing/tapir_malicious_remote_integration_test.go @@ -8,6 +8,7 @@ import ( torProvider "git.openprivacy.ca/openprivacy/connectivity/tor" "git.openprivacy.ca/openprivacy/log" "golang.org/x/crypto/ed25519" + "io/ioutil" "os" "runtime" "sync" @@ -26,7 +27,15 @@ func TestTapirMaliciousRemote(t *testing.T) { builder.WithHashedPassword("tapir-integration-test").Build("./tor/torrc") // Connect to Tor - acn, err := torProvider.NewTorACNWithAuth("./", "", 9051, torProvider.HashedPasswordAuthenticator{Password: "tapir-integration-test"}) + + torDataDir := "" + var err error + if torDataDir, err = ioutil.TempDir("./tor/", "data-dir-"); err != nil { + t.Fatalf("could not create data dir") + } + + // Connect to Tor + acn, err := torProvider.NewTorACNWithAuth("./", "", torDataDir, 9051, torProvider.HashedPasswordAuthenticator{Password: "tapir-integration-test"}) if err != nil { t.Fatalf("could not launch ACN %v", err) }