cwtch.im
/
tapir
5
2
Fork 2
Code Issues 2 Pull Requests 0 Releases 19 Wiki Activity
Tapir provides a framework for building Anonymous / metadata resistant Services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 Commits
12 Branches
2.0 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
tapir/service.go

222 lines
6.3 KiB
Raw Permalink Blame History 

  1. package tapir

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"cwtch.im/tapir/primitives"

  6. 	"encoding/binary"

  7. 	"git.openprivacy.ca/openprivacy/connectivity"

  8. 	"git.openprivacy.ca/openprivacy/log"

  9. 	"golang.org/x/crypto/ed25519"

  10. 	"golang.org/x/crypto/nacl/secretbox"

  11. 	"io"

  12. 	"sync"

  13. )

  14. 

  15. // ServiceMetrics outlines higher level information about the service e.g. counts of connections

  16. type ServiceMetrics struct {

  17. 	ConnectionCount int

  18. }

  19. 

  20. // Service defines the interface for a Tapir Service

  21. type Service interface {

  22. 	Init(acn connectivity.ACN, privateKey ed25519.PrivateKey, identity *primitives.Identity)

  23. 	Connect(hostname string, application Application) (bool, error)

  24. 	Listen(application Application) error

  25. 	GetConnection(connectionID string) (Connection, error)

  26. 	Metrics() ServiceMetrics

  27. 	Broadcast(message []byte, capability Capability) error

  28. 	WaitForCapabilityOrClose(connectionID string, capability Capability) (Connection, error)

  29. 	Shutdown()

  30. }

  31. 

  32. // Connection Interface

  33. type Connection interface {

  34. 	Hostname() string

  35. 	IsOutbound() bool

  36. 	ID() *primitives.Identity

  37. 	Expect() []byte

  38. 	SetHostname(hostname string)

  39. 	HasCapability(name Capability) bool

  40. 	SetCapability(name Capability)

  41. 	SetEncryptionKey(key [32]byte)

  42. 	Send(message []byte)

  43. 	Close()

  44. 	App() Application

  45. 	SetApp(application Application)

  46. 	IsClosed() bool

  47. 	Broadcast(message []byte, capability Capability) error

  48. }

  49. 

  50. // Connection defines a Tapir Connection

  51. type connection struct {

  52. 	hostname     string

  53. 	conn         io.ReadWriteCloser

  54. 	capabilities sync.Map

  55. 	encrypted    bool

  56. 	key          [32]byte

  57. 	app          Application

  58. 	identity     *primitives.Identity

  59. 	outbound     bool

  60. 	closed       bool

  61. 	MaxLength    int

  62. 	lock         sync.Mutex

  63. 	service      Service

  64. }

  65. 

  66. // NewConnection creates a new Connection

  67. func NewConnection(service Service, id *primitives.Identity, hostname string, outbound bool, conn io.ReadWriteCloser, app Application) Connection {

  68. 	connection := new(connection)

  69. 	connection.hostname = hostname

  70. 	connection.conn = conn

  71. 	connection.app = app

  72. 	connection.identity = id

  73. 	connection.outbound = outbound

  74. 	connection.MaxLength = 8192

  75. 	connection.service = service

  76. 	go connection.app.Init(connection)

  77. 	return connection

  78. }

  79. 

  80. // ID returns an identity.Identity encapsulation (for the purposes of cryptographic protocols)

  81. func (c *connection) ID() *primitives.Identity {

  82. 	return c.identity

  83. }

  84. 

  85. // App returns the overarching application using this Connection.

  86. func (c *connection) App() Application {

  87. 	c.lock.Lock()

  88. 	defer c.lock.Unlock()

  89. 	return c.app

  90. }

  91. 

  92. // App returns the overarching application using this Connection.

  93. func (c *connection) SetApp(application Application) {

  94. 	c.lock.Lock()

  95. 	defer c.lock.Unlock()

  96. 	c.app = application

  97. }

  98. 

  99. // Hostname returns the hostname of the connection (if the connection has not been authorized it will return the

  100. // temporary hostname identifier)

  101. func (c *connection) Hostname() string {

  102. 	c.lock.Lock()

  103. 	defer c.lock.Unlock()

  104. 	return c.hostname

  105. }

  106. 

  107. // IsOutbound returns true if this caller was the originator of the connection (i.e. the connection was started

  108. // by calling Connect() rather than Accept()

  109. func (c *connection) IsOutbound() bool {

  110. 	return c.outbound

  111. }

  112. 

  113. // IsClosed returns true if the connection is closed (connections cannot be reopened)

  114. func (c *connection) IsClosed() bool {

  115. 	c.lock.Lock()

  116. 	defer c.lock.Unlock()

  117. 	return c.closed

  118. }

  119. 

  120. // SetHostname sets the hostname on the connection

  121. func (c *connection) SetHostname(hostname string) {

  122. 	c.lock.Lock()

  123. 	defer c.lock.Unlock()

  124. 	log.Debugf("[%v -- %v] Asserting Remote Hostname: %v", c.identity.Hostname(), c.hostname, hostname)

  125. 	c.hostname = hostname

  126. }

  127. 

  128. // SetCapability sets a capability on the connection

  129. func (c *connection) SetCapability(name Capability) {

  130. 	log.Debugf("[%v -- %v] Setting Capability %v", c.identity.Hostname(), c.hostname, name)

  131. 	c.capabilities.Store(name, true)

  132. }

  133. 

  134. // HasCapability checks if the connection has a given capability

  135. func (c *connection) HasCapability(name Capability) bool {

  136. 	_, ok := c.capabilities.Load(name)

  137. 	return ok

  138. }

  139. 

  140. // Close forcibly closes the connection

  141. func (c *connection) Close() {

  142. 	c.lock.Lock()

  143. 	defer c.lock.Unlock()

  144. 	c.closed = true

  145. 	c.conn.Close()

  146. }

  147. 

  148. // Expect blocks and reads a single Tapir packet , from the connection.

  149. func (c *connection) Expect() []byte {

  150. 	buffer := make([]byte, c.MaxLength)

  151. 	n, err := io.ReadFull(c.conn, buffer)

  152. 

  153. 	if n != c.MaxLength || err != nil {

  154. 		log.Debugf("[%v -> %v] Wire Error Reading, Read %d bytes, Error: %v", c.hostname, c.identity.Hostname(), n, err)

  155. 		c.conn.Close()

  156. 		c.closed = true

  157. 		return []byte{}

  158. 	}

  159. 	c.lock.Lock()

  160. 	defer c.lock.Unlock()

  161. 	if c.encrypted {

  162. 		var decryptNonce [24]byte

  163. 		copy(decryptNonce[:], buffer[:24])

  164. 		decrypted, ok := secretbox.Open(nil, buffer[24:], &decryptNonce, &c.key)

  165. 		if ok {

  166. 			copy(buffer, decrypted)

  167. 		} else {

  168. 			log.Errorf("[%v -> %v] Error Decrypting Message On Wire", c.hostname, c.identity.Hostname())

  169. 			c.conn.Close()

  170. 			c.closed = true

  171. 			return []byte{}

  172. 		}

  173. 	}

  174. 	length, _ := binary.Uvarint(buffer[0:2])

  175. 	if length+2 >= uint64(c.MaxLength) {

  176. 		return []byte{}

  177. 	}

  178. 	//cplog.Debugf("[%v -> %v] Wire Receive: (%d) %x", c.hostname, c.ID.Hostname(), len, buffer)

  179. 	return buffer[2 : length+2]

  180. }

  181. 

  182. // SetEncryptionKey turns on application-level encryption on the connection using the given key.

  183. func (c *connection) SetEncryptionKey(key [32]byte) {

  184. 	c.lock.Lock()

  185. 	defer c.lock.Unlock()

  186. 	c.key = key

  187. 	c.encrypted = true

  188. }

  189. 

  190. // Send writes a given message to a Tapir packet (of 1024 bytes in length).

  191. func (c *connection) Send(message []byte) {

  192. 

  193. 	buffer := make([]byte, c.MaxLength)

  194. 	binary.PutUvarint(buffer[0:2], uint64(len(message)))

  195. 	copy(buffer[2:], message)

  196. 

  197. 	c.lock.Lock()

  198. 	defer c.lock.Unlock()

  199. 	if c.encrypted {

  200. 		var nonce [24]byte

  201. 		if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {

  202. 			log.Errorf("Could not read sufficient randomness %v. Closing connection", err)

  203. 			c.conn.Close()

  204. 			c.closed = true

  205. 		}

  206. 		// MaxLength - 40 = MaxLength - 24 nonce bytes and 16 auth tag.

  207. 		encrypted := secretbox.Seal(nonce[:], buffer[0:c.MaxLength-40], &nonce, &c.key)

  208. 		copy(buffer, encrypted[0:c.MaxLength])

  209. 	}

  210. 	log.Debugf("[%v -> %v] Wire Send %x", c.identity.Hostname(), c.hostname, buffer)

  211. 	_, err := c.conn.Write(buffer)

  212. 	if err != nil {

  213. 		c.conn.Close()

  214. 		c.closed = true

  215. 	}

  216. }

  217. 

  218. // Broadcast sends a message to all active service connections with a given capability

  219. func (c *connection) Broadcast(message []byte, capability Capability) error {

  220. 	return c.service.Broadcast(message, capability)

  221. }