Staticcheck and Connectivtiy Upgrade #38
|
@ -7,3 +7,4 @@ coverage.out
|
||||||
*.db
|
*.db
|
||||||
/applications/tokenboard/tor/
|
/applications/tokenboard/tor/
|
||||||
fuzzing/
|
fuzzing/
|
||||||
|
*.cover.out
|
||||||
|
|
|
@ -42,7 +42,7 @@ func (appchain *ApplicationChain) Init(connection tapir.Connection) {
|
||||||
for i, app := range appchain.apps {
|
for i, app := range appchain.apps {
|
||||||
app.PropagateTranscript(appchain.transcript)
|
app.PropagateTranscript(appchain.transcript)
|
||||||
app.Init(connection)
|
app.Init(connection)
|
||||||
if connection.HasCapability(appchain.capabilities[i]) == false {
|
if !connection.HasCapability(appchain.capabilities[i]) {
|
||||||
connection.Close()
|
connection.Close()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,6 @@ type MockConnection struct {
|
||||||
func (mc *MockConnection) Init(outbound bool) {
|
func (mc *MockConnection) Init(outbound bool) {
|
||||||
mc.id, _ = primitives.InitializeEphemeralIdentity()
|
mc.id, _ = primitives.InitializeEphemeralIdentity()
|
||||||
mc.outbound = outbound
|
mc.outbound = outbound
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (mc MockConnection) Hostname() string {
|
func (mc MockConnection) Hostname() string {
|
||||||
|
|
|
@ -2,7 +2,6 @@ package tokenboard
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"git.openprivacy.ca/cwtch.im/tapir"
|
|
||||||
"git.openprivacy.ca/cwtch.im/tapir/applications"
|
"git.openprivacy.ca/cwtch.im/tapir/applications"
|
||||||
"git.openprivacy.ca/cwtch.im/tapir/networks/tor"
|
"git.openprivacy.ca/cwtch.im/tapir/networks/tor"
|
||||||
"git.openprivacy.ca/cwtch.im/tapir/primitives"
|
"git.openprivacy.ca/cwtch.im/tapir/primitives"
|
||||||
|
@ -39,8 +38,7 @@ type FreePaymentHandler struct {
|
||||||
|
|
||||||
func (fph *FreePaymentHandler) MakePayment() {
|
func (fph *FreePaymentHandler) MakePayment() {
|
||||||
id, sk := primitives.InitializeEphemeralIdentity()
|
id, sk := primitives.InitializeEphemeralIdentity()
|
||||||
var client tapir.Service
|
client := new(tor.BaseOnionService)
|
||||||
client = new(tor.BaseOnionService)
|
|
||||||
client.Init(fph.ACN, sk, &id)
|
client.Init(fph.ACN, sk, &id)
|
||||||
|
|
||||||
tokenApplication := new(applications.TokenApplication)
|
tokenApplication := new(applications.TokenApplication)
|
||||||
|
@ -98,8 +96,7 @@ func TestTokenBoardApp(t *testing.T) {
|
||||||
clientAuditableStore.Init(publicsid)
|
clientAuditableStore.Init(publicsid)
|
||||||
|
|
||||||
// Init the Server running the Simple App.
|
// Init the Server running the Simple App.
|
||||||
var service tapir.Service
|
service := new(tor.BaseOnionService)
|
||||||
service = new(tor.BaseOnionService)
|
|
||||||
service.Init(acn, sk, &sid)
|
service.Init(acn, sk, &sid)
|
||||||
|
|
||||||
// Goroutine Management
|
// Goroutine Management
|
||||||
|
@ -111,8 +108,7 @@ func TestTokenBoardApp(t *testing.T) {
|
||||||
}()
|
}()
|
||||||
|
|
||||||
// Init the Server running the PoW Token App.
|
// Init the Server running the PoW Token App.
|
||||||
var powTokenService tapir.Service
|
powTokenService := new(tor.BaseOnionService)
|
||||||
powTokenService = new(tor.BaseOnionService)
|
|
||||||
spowid, spowk := primitives.InitializeEphemeralIdentity()
|
spowid, spowk := primitives.InitializeEphemeralIdentity()
|
||||||
powTokenService.Init(acn, spowk, &spowid)
|
powTokenService.Init(acn, spowk, &spowid)
|
||||||
sg.Add(1)
|
sg.Add(1)
|
||||||
|
@ -128,8 +124,7 @@ func TestTokenBoardApp(t *testing.T) {
|
||||||
|
|
||||||
time.Sleep(time.Second * 60) // wait for server to initialize
|
time.Sleep(time.Second * 60) // wait for server to initialize
|
||||||
id, sk := primitives.InitializeEphemeralIdentity()
|
id, sk := primitives.InitializeEphemeralIdentity()
|
||||||
var client tapir.Service
|
client := new(tor.BaseOnionService)
|
||||||
client = new(tor.BaseOnionService)
|
|
||||||
client.Init(acn, sk, &id)
|
client.Init(acn, sk, &id)
|
||||||
client.Connect(sid.Hostname(), NewTokenBoardClient(clientAuditableStore, Handler{Store: clientAuditableStore}, &FreePaymentHandler{ACN: acn, TokenService: tokenService, ServerHostname: spowid.Hostname()}))
|
client.Connect(sid.Hostname(), NewTokenBoardClient(clientAuditableStore, Handler{Store: clientAuditableStore}, &FreePaymentHandler{ACN: acn, TokenService: tokenService, ServerHostname: spowid.Hostname()}))
|
||||||
client.WaitForCapabilityOrClose(sid.Hostname(), applications.AuthCapability)
|
client.WaitForCapabilityOrClose(sid.Hostname(), applications.AuthCapability)
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -1,7 +1,7 @@
|
||||||
module git.openprivacy.ca/cwtch.im/tapir
|
module git.openprivacy.ca/cwtch.im/tapir
|
||||||
|
|
||||||
require (
|
require (
|
||||||
git.openprivacy.ca/openprivacy/connectivity v1.4.3
|
git.openprivacy.ca/openprivacy/connectivity v1.4.4
|
||||||
git.openprivacy.ca/openprivacy/log v1.0.2
|
git.openprivacy.ca/openprivacy/log v1.0.2
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
github.com/gtank/merlin v0.1.1
|
github.com/gtank/merlin v0.1.1
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -8,6 +8,8 @@ git.openprivacy.ca/openprivacy/connectivity v1.4.2 h1:rQFIjWunLlRmXL5Efsv+7+1cA7
|
||||||
git.openprivacy.ca/openprivacy/connectivity v1.4.2/go.mod h1:bR0Myx9nm2YzWtsThRelkNMV4Pp7sPDa123O1qsAbVo=
|
git.openprivacy.ca/openprivacy/connectivity v1.4.2/go.mod h1:bR0Myx9nm2YzWtsThRelkNMV4Pp7sPDa123O1qsAbVo=
|
||||||
git.openprivacy.ca/openprivacy/connectivity v1.4.3 h1:i2Ad/U9FlL9dKr2bhRck7lJ8NoWyGtoEfUwoCyMT0fU=
|
git.openprivacy.ca/openprivacy/connectivity v1.4.3 h1:i2Ad/U9FlL9dKr2bhRck7lJ8NoWyGtoEfUwoCyMT0fU=
|
||||||
git.openprivacy.ca/openprivacy/connectivity v1.4.3/go.mod h1:bR0Myx9nm2YzWtsThRelkNMV4Pp7sPDa123O1qsAbVo=
|
git.openprivacy.ca/openprivacy/connectivity v1.4.3/go.mod h1:bR0Myx9nm2YzWtsThRelkNMV4Pp7sPDa123O1qsAbVo=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.4.4 h1:11M3akVCyy/luuhMpZTM1r9Jayl7IHD944Bxsn2FDpU=
|
||||||
|
git.openprivacy.ca/openprivacy/connectivity v1.4.4/go.mod h1:JVRCIdL+lAG6ohBFWiKeC/MN42nnC0sfFszR9XG6vPQ=
|
||||||
git.openprivacy.ca/openprivacy/log v1.0.1/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
|
git.openprivacy.ca/openprivacy/log v1.0.1/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
|
||||||
git.openprivacy.ca/openprivacy/log v1.0.2 h1:HLP4wsw4ljczFAelYnbObIs821z+jgMPCe8uODPnGQM=
|
git.openprivacy.ca/openprivacy/log v1.0.2 h1:HLP4wsw4ljczFAelYnbObIs821z+jgMPCe8uODPnGQM=
|
||||||
git.openprivacy.ca/openprivacy/log v1.0.2/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
|
git.openprivacy.ca/openprivacy/log v1.0.2/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
|
||||||
|
|
|
@ -158,7 +158,7 @@ func (s *BaseOnionService) Listen(app tapir.Application) error {
|
||||||
s.lock.Unlock()
|
s.lock.Unlock()
|
||||||
|
|
||||||
if err == nil {
|
if err == nil {
|
||||||
log.Debugf("Starting a service on %v ", ls.AddressFull())
|
log.Debugf("Starting a service on %v ", s.ls.AddressFull())
|
||||||
for {
|
for {
|
||||||
conn, err := s.ls.Accept()
|
conn, err := s.ls.Accept()
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
|
|
@ -7,8 +7,7 @@ import (
|
||||||
|
|
||||||
func TestBoltPersistence_Open(t *testing.T) {
|
func TestBoltPersistence_Open(t *testing.T) {
|
||||||
os.Remove("test.dbgi")
|
os.Remove("test.dbgi")
|
||||||
var db Service
|
db := new(BoltPersistence)
|
||||||
db = new(BoltPersistence)
|
|
||||||
db.Open("test.dbgi")
|
db.Open("test.dbgi")
|
||||||
db.Setup([]string{"tokens"})
|
db.Setup([]string{"tokens"})
|
||||||
// 2020.02: Fails in WSL1 because of a mmap issue.
|
// 2020.02: Fails in WSL1 because of a mmap issue.
|
||||||
|
|
|
@ -137,7 +137,7 @@ func (as *Store) AppendState(state State) error {
|
||||||
// verify that our state matches the servers signed state
|
// verify that our state matches the servers signed state
|
||||||
// this is *not* a security check, as a rogue server can simply sign any state
|
// this is *not* a security check, as a rogue server can simply sign any state
|
||||||
// however committing to a state allows us to build fraud proofs for malicious servers later on.
|
// however committing to a state allows us to build fraud proofs for malicious servers later on.
|
||||||
if ed25519.Verify(as.identity.PublicKey(), as.LatestCommit, state.SignedProof) == false {
|
if !ed25519.Verify(as.identity.PublicKey(), as.LatestCommit, state.SignedProof) {
|
||||||
return errors.New("state is not consistent, the server is malicious")
|
return errors.New("state is not consistent, the server is malicious")
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -160,7 +160,7 @@ func (as *Store) MergeState(state State) error {
|
||||||
// and not the cause (which could be reordered messages, dropped messages, additional messages or any combination)
|
// and not the cause (which could be reordered messages, dropped messages, additional messages or any combination)
|
||||||
func (as *Store) VerifyFraudProof(fraudCommit []byte, signedFraudProof SignedProof, key ed25519.PublicKey) (bool, error) {
|
func (as *Store) VerifyFraudProof(fraudCommit []byte, signedFraudProof SignedProof, key ed25519.PublicKey) (bool, error) {
|
||||||
|
|
||||||
if ed25519.Verify(key, fraudCommit, signedFraudProof) == false {
|
if !ed25519.Verify(key, fraudCommit, signedFraudProof) {
|
||||||
// This could happen due to misuse of this function (trying to verify a proof with the wrong public key)
|
// This could happen due to misuse of this function (trying to verify a proof with the wrong public key)
|
||||||
// This could happen if the server lies to us and submits a fake state proof, however we cannot use this to
|
// This could happen if the server lies to us and submits a fake state proof, however we cannot use this to
|
||||||
// prove that the server is acting maliciously
|
// prove that the server is acting maliciously
|
||||||
|
|
|
@ -11,7 +11,9 @@ func TestNewTranscript(t *testing.T) {
|
||||||
|
|
||||||
transcript.AddToTranscript("action", []byte("test data"))
|
transcript.AddToTranscript("action", []byte("test data"))
|
||||||
|
|
||||||
if transcript.OutputTranscriptToAudit() != transcript.OutputTranscriptToAudit() {
|
firstAudit := transcript.OutputTranscriptToAudit()
|
||||||
|
secondAudit := transcript.OutputTranscriptToAudit()
|
||||||
|
if firstAudit != secondAudit {
|
||||||
t.Fatalf("Multiple Audit Calls should not impact underlying Transcript")
|
t.Fatalf("Multiple Audit Calls should not impact underlying Transcript")
|
||||||
}
|
}
|
||||||
t.Logf("%v", transcript.OutputTranscriptToAudit())
|
t.Logf("%v", transcript.OutputTranscriptToAudit())
|
||||||
|
|
|
@ -122,7 +122,7 @@ func (ts *TokenServer) SpendToken(token SpentToken, data []byte) error {
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
spent, err := ts.persistanceService.Check(tokenBucket, hex.EncodeToString(token.T))
|
spent, err := ts.persistanceService.Check(tokenBucket, hex.EncodeToString(token.T))
|
||||||
if err != nil || spent == true {
|
if err != nil || spent {
|
||||||
return fmt.Errorf("token: %v has already been spent", token)
|
return fmt.Errorf("token: %v has already been spent", token)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -134,7 +134,7 @@ func (ts *TokenServer) SpendToken(token SpentToken, data []byte) error {
|
||||||
mac.Write(data)
|
mac.Write(data)
|
||||||
computedMAC := mac.Sum(nil)
|
computedMAC := mac.Sum(nil)
|
||||||
result := hmac.Equal(token.MAC, computedMAC)
|
result := hmac.Equal(token.MAC, computedMAC)
|
||||||
if result == true {
|
if result {
|
||||||
if ts.persistanceService == nil {
|
if ts.persistanceService == nil {
|
||||||
ts.seen[hex.EncodeToString(token.T)] = true
|
ts.seen[hex.EncodeToString(token.T)] = true
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -76,8 +76,7 @@ func TestTapir(t *testing.T) {
|
||||||
id, sk := primitives.InitializeEphemeralIdentity()
|
id, sk := primitives.InitializeEphemeralIdentity()
|
||||||
|
|
||||||
// Init the Server running the Simple App.
|
// Init the Server running the Simple App.
|
||||||
var service tapir.Service
|
service := new(tor.BaseOnionService)
|
||||||
service = new(tor.BaseOnionService)
|
|
||||||
service.Init(acn, sk, &id)
|
service.Init(acn, sk, &id)
|
||||||
|
|
||||||
// Goroutine Management
|
// Goroutine Management
|
||||||
|
@ -115,8 +114,7 @@ func TestTapir(t *testing.T) {
|
||||||
|
|
||||||
func genclient(acn connectivity.ACN) (tapir.Service, string) {
|
func genclient(acn connectivity.ACN) (tapir.Service, string) {
|
||||||
id, sk := primitives.InitializeEphemeralIdentity()
|
id, sk := primitives.InitializeEphemeralIdentity()
|
||||||
var client tapir.Service
|
client := new(tor.BaseOnionService)
|
||||||
client = new(tor.BaseOnionService)
|
|
||||||
client.Init(acn, sk, &id)
|
client.Init(acn, sk, &id)
|
||||||
return client, id.Hostname()
|
return client, id.Hostname()
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,8 +37,7 @@ func TestTapirMaliciousRemote(t *testing.T) {
|
||||||
id2, sk2 := primitives.InitializeEphemeralIdentity()
|
id2, sk2 := primitives.InitializeEphemeralIdentity()
|
||||||
|
|
||||||
// Init the Server running the Simple App.
|
// Init the Server running the Simple App.
|
||||||
var service tapir.Service
|
service := new(tor.BaseOnionService)
|
||||||
service = new(tor.BaseOnionService)
|
|
||||||
// Initialize an onion service with one identity, but the auth app with another, this should
|
// Initialize an onion service with one identity, but the auth app with another, this should
|
||||||
// trigger a failure in authentication protocol
|
// trigger a failure in authentication protocol
|
||||||
service.Init(acn, sk2, &id)
|
service.Init(acn, sk2, &id)
|
||||||
|
@ -84,7 +83,7 @@ func connectclientandfail(client tapir.Service, key ed25519.PublicKey, group *sy
|
||||||
conn, err := client.GetConnection(torProvider.GetTorV3Hostname(key))
|
conn, err := client.GetConnection(torProvider.GetTorV3Hostname(key))
|
||||||
if err == nil {
|
if err == nil {
|
||||||
group.Done()
|
group.Done()
|
||||||
t.Fatalf("Connection should have failed! %v %v", conn, err)
|
t.Errorf("Connection should have failed! %v %v", conn, err)
|
||||||
}
|
}
|
||||||
log.Infof("Successfully failed to authenticate...")
|
log.Infof("Successfully failed to authenticate...")
|
||||||
group.Done()
|
group.Done()
|
||||||
|
|
Loading…
Reference in New Issue