cwtch.im
/
tapir
5
2
Fork 2
Code Issues 2 Pull Requests 0 Releases 26 Wiki Activity
Tapir provides a framework for building Anonymous / metadata resistant Services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
80 Commits
12 Branches
976 KiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
tapir/service.go

226 lines
6.5 KiB
Raw Permalink Blame History 

  1. package tapir

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"encoding/binary"

  6. 	"git.openprivacy.ca/cwtch.im/tapir/primitives"

  7. 	"git.openprivacy.ca/openprivacy/connectivity"

  8. 	"git.openprivacy.ca/openprivacy/log"

  9. 	"golang.org/x/crypto/ed25519"

  10. 	"golang.org/x/crypto/nacl/secretbox"

  11. 	"io"

  12. 	"sync"

  13. )

  14. 

  15. 

  16. // ServiceMetrics outlines higher level information about the service e.g. counts of connections

  17. type ServiceMetrics struct {

  18. 	ConnectionCount int

  19. }

  20. 

  21. // Service defines the interface for a Tapir Service

  22. type Service interface {

  23. 	Init(acn connectivity.ACN, privateKey ed25519.PrivateKey, identity *primitives.Identity)

  24. 	Connect(hostname string, application Application) (bool, error)

  25. 	Listen(application Application) error

  26. 	GetConnection(connectionID string) (Connection, error)

  27. 	Metrics() ServiceMetrics

  28. 	Broadcast(message []byte, capability Capability) error

  29. 	WaitForCapabilityOrClose(connectionID string, capability Capability) (Connection, error)

  30. 	Shutdown()

  31. }

  32. 

  33. // Connection Interface

  34. type Connection interface {

  35. 	Hostname() string

  36. 	IsOutbound() bool

  37. 	ID() *primitives.Identity

  38. 	Expect() []byte

  39. 	SetHostname(hostname string)

  40. 	HasCapability(name Capability) bool

  41. 	SetCapability(name Capability)

  42. 	SetEncryptionKey(key [32]byte)

  43. 	Send(message []byte)

  44. 	Close()

  45. 	App() Application

  46. 	SetApp(application Application)

  47. 	IsClosed() bool

  48. 	Broadcast(message []byte, capability Capability) error

  49. }

  50. 

  51. // Connection defines a Tapir Connection

  52. type connection struct {

  53. 	hostname     string

  54. 	conn         io.ReadWriteCloser

  55. 	capabilities sync.Map

  56. 	encrypted    bool

  57. 	key          [32]byte

  58. 	app          Application

  59. 	identity     *primitives.Identity

  60. 	outbound     bool

  61. 	closed       bool

  62. 	MaxLength    int

  63. 	lock         sync.Mutex

  64. 	service      Service

  65. }

  66. 

  67. // NewConnection creates a new Connection

  68. func NewConnection(service Service, id *primitives.Identity, hostname string, outbound bool, conn io.ReadWriteCloser, app Application) Connection {

  69. 	connection := new(connection)

  70. 	connection.hostname = hostname

  71. 	connection.conn = conn

  72. 	connection.app = app

  73. 	connection.identity = id

  74. 	connection.outbound = outbound

  75. 	connection.MaxLength = 8192

  76. 	connection.service = service

  77. 

  78. 	go connection.app.Init(connection)

  79. 	return connection

  80. }

  81. 

  82. // ID returns an identity.Identity encapsulation (for the purposes of cryptographic protocols)

  83. func (c *connection) ID() *primitives.Identity {

  84. 	return c.identity

  85. }

  86. 

  87. // App returns the overarching application using this Connection.

  88. func (c *connection) App() Application {

  89. 	c.lock.Lock()

  90. 	defer c.lock.Unlock()

  91. 	return c.app

  92. }

  93. 

  94. // App returns the overarching application using this Connection.

  95. func (c *connection) SetApp(application Application) {

  96. 	c.lock.Lock()

  97. 	defer c.lock.Unlock()

  98. 	c.app = application

  99. }

  100. 

  101. // Hostname returns the hostname of the connection (if the connection has not been authorized it will return the

  102. // temporary hostname identifier)

  103. func (c *connection) Hostname() string {

  104. 	c.lock.Lock()

  105. 	defer c.lock.Unlock()

  106. 	return c.hostname

  107. }

  108. 

  109. // IsOutbound returns true if this caller was the originator of the connection (i.e. the connection was started

  110. // by calling Connect() rather than Accept()

  111. func (c *connection) IsOutbound() bool {

  112. 	return c.outbound

  113. }

  114. 

  115. // IsClosed returns true if the connection is closed (connections cannot be reopened)

  116. func (c *connection) IsClosed() bool {

  117. 	c.lock.Lock()

  118. 	defer c.lock.Unlock()

  119. 	return c.closed

  120. }

  121. 

  122. // SetHostname sets the hostname on the connection

  123. func (c *connection) SetHostname(hostname string) {

  124. 	c.lock.Lock()

  125. 	defer c.lock.Unlock()

  126. 	log.Debugf("[%v -- %v] Asserting Remote Hostname: %v", c.identity.Hostname(), c.hostname, hostname)

  127. 	c.hostname = hostname

  128. }

  129. 

  130. // SetCapability sets a capability on the connection

  131. func (c *connection) SetCapability(name Capability) {

  132. 	log.Debugf("[%v -- %v] Setting Capability %v", c.identity.Hostname(), c.hostname, name)

  133. 	c.capabilities.Store(name, true)

  134. }

  135. 

  136. // HasCapability checks if the connection has a given capability

  137. func (c *connection) HasCapability(name Capability) bool {

  138. 	_, ok := c.capabilities.Load(name)

  139. 	return ok

  140. }

  141. 

  142. // Close forcibly closes the connection

  143. func (c *connection) Close() {

  144. 	c.lock.Lock()

  145. 	defer c.lock.Unlock()

  146. 	c.closeInner()

  147. }

  148. 

  149. func (c *connection) closeInner() {

  150. 	c.closed = true

  151. 	c.conn.Close()

  152. }

  153. 

  154. // Expect blocks and reads a single Tapir packet , from the connection.

  155. func (c *connection) Expect() []byte {

  156. 	buffer := make([]byte, c.MaxLength)

  157. 	// Multiple goroutines may invoke methods on a Conn simultaneously.

  158. 	// As such we don't need to mutex around closed.

  159. 	n, err := io.ReadFull(c.conn, buffer)

  160. 

  161. 	if n != c.MaxLength || err != nil {

  162. 		log.Debugf("[%v -> %v] Wire Error Reading, Read %d bytes, Error: %v", c.hostname, c.identity.Hostname(), n, err)

  163. 		c.Close() // use the full close function which acquires a lock for the connection state...

  164. 		return []byte{}

  165. 	}

  166. 	c.lock.Lock()

  167. 	defer c.lock.Unlock()

  168. 	if c.encrypted {

  169. 		var decryptNonce [24]byte

  170. 		copy(decryptNonce[:], buffer[:24])

  171. 		decrypted, ok := secretbox.Open(nil, buffer[24:], &decryptNonce, &c.key)

  172. 		if ok {

  173. 			copy(buffer, decrypted)

  174. 		} else {

  175. 			log.Errorf("[%v -> %v] Error Decrypting Message On Wire", c.hostname, c.identity.Hostname())

  176. 			c.closeInner()

  177. 			return []byte{}

  178. 		}

  179. 	}

  180. 	length, _ := binary.Uvarint(buffer[0:2])

  181. 	if length+2 >= uint64(c.MaxLength) {

  182. 		return []byte{}

  183. 	}

  184. 	//cplog.Debugf("[%v -> %v] Wire Receive: (%d) %x", c.hostname, c.ID.Hostname(), len, buffer)

  185. 	return buffer[2 : length+2]

  186. }

  187. 

  188. // SetEncryptionKey turns on application-level encryption on the connection using the given key.

  189. func (c *connection) SetEncryptionKey(key [32]byte) {

  190. 	c.lock.Lock()

  191. 	defer c.lock.Unlock()

  192. 	c.key = key

  193. 	c.encrypted = true

  194. }

  195. 

  196. // Send writes a given message to a Tapir packet (of 1024 bytes in length).

  197. func (c *connection) Send(message []byte) {

  198. 

  199. 	buffer := make([]byte, c.MaxLength)

  200. 	binary.PutUvarint(buffer[0:2], uint64(len(message)))

  201. 	copy(buffer[2:], message)

  202. 

  203. 	c.lock.Lock()

  204. 	defer c.lock.Unlock()

  205. 	if c.encrypted {

  206. 		var nonce [24]byte

  207. 		if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {

  208. 			log.Errorf("Could not read sufficient randomness %v. Closing connection", err)

  209. 			c.closeInner()

  210. 		}

  211. 		// MaxLength - 40 = MaxLength - 24 nonce bytes and 16 auth tag.

  212. 		encrypted := secretbox.Seal(nonce[:], buffer[0:c.MaxLength-40], &nonce, &c.key)

  213. 		copy(buffer, encrypted[0:c.MaxLength])

  214. 	}

  215. 	log.Debugf("[%v -> %v] Wire Send %x", c.identity.Hostname(), c.hostname, buffer)

  216. 	_, err := c.conn.Write(buffer)

  217. 	if err != nil {

  218. 		c.closeInner()

  219. 	}

  220. }

  221. 

  222. // Broadcast sends a message to all active service connections with a given capability

  223. func (c *connection) Broadcast(message []byte, capability Capability) error {

  224. 	return c.service.Broadcast(message, capability)

  225. }