Signing and Better Error Handling in Auth App for early Termination

This commit is contained in:
Sarah Jamie Lewis 2021-01-13 04:14:38 -08:00
parent fb3673fb42
commit dec3660f46
7 changed files with 28 additions and 27 deletions

View File

@ -1,6 +1,6 @@
[package]
name = "tapir-cwtch"
version = "0.1.6"
version = "0.1.7"
authors = ["Sarah Jamie Lewis <sarah@openprivacy.ca>"]
edition = "2018"
license = "MIT"

View File

@ -1,9 +1,9 @@
use std::sync::Arc;
use tapir_cwtch::applications::authentication_app::{AuthenicationApp, AUTHENTICATION_CAPABILITY};
use tapir_cwtch::connections::service::Service;
use tapir_cwtch::connections::{Connection, ConnectionInterface, OutboundConnection};
use tapir_cwtch::primitives::identity::Identity;
use tapir_cwtch::primitives::transcript::Transcript;
use std::sync::Arc;
fn main() {
let identity = Arc::new(Identity::initialize_ephemeral_identity());
@ -24,7 +24,7 @@ fn main() {
}
}
};
match service.connect("we5hvq7s6uvrdxf5hfqis6xd3s2yxl3jtpway5ziivbtsxunwaee6eyd", outbound_service.clone()) {
match service.connect("qz4o3mqhzw6ye3jjadbi3l7g2rldbnkidf255iwsl4vfvrzsl26drfad", outbound_service.clone()) {
_ => {}
}
loop {}

View File

@ -1,4 +1,4 @@
use std::sync::Arc;
use tapir_cwtch::acns::tor::authentication::HashedPassword;
use tapir_cwtch::acns::tor::TorProcess;
use tapir_cwtch::applications::authentication_app::AuthenicationApp;
@ -6,7 +6,6 @@ use tapir_cwtch::connections::service::Service;
use tapir_cwtch::connections::{Connection, ConnectionInterface, InboundConnection};
use tapir_cwtch::primitives::identity::Identity;
use tapir_cwtch::primitives::transcript::Transcript;
use std::sync::Arc;
fn main() {
let mut auth_control_port = TorProcess::connect(9051)
@ -23,7 +22,6 @@ fn main() {
let service = Service::init(identity.clone());
let inbound_service = |conn: Connection<InboundConnection>| {
let mut transcript = Transcript::new_transcript("tapir-transcript");
let mut auth_app = AuthenicationApp::new(identity);

View File

@ -62,13 +62,7 @@ impl TorProcess<TorAuthenticated> {
/// Tell the control port to create a new Onion V3 service given the ed25519 secret key...
pub fn add_onion_v3(&mut self, secret_key: ed25519_dalek::SecretKey, virtual_port: u16, target_port: u16) -> Result<String, ACNError> {
let esk = ExpandedSecretKey::from(&secret_key);
match write!(
self.conn,
"ADD_ONION ED25519-V3:{} Port={},{}\r\n",
base64::encode(esk.to_bytes()),
virtual_port,
target_port
) {
match write!(self.conn, "ADD_ONION ED25519-V3:{} Port={},{}\r\n", base64::encode(esk.to_bytes()), virtual_port, target_port) {
_ => {}
}
let mut reader = BufReader::new(self.conn.try_clone().unwrap());

View File

@ -4,7 +4,7 @@ use crate::connections::{Capability, Connection, ConnectionInterface, InboundCon
use crate::primitives::identity::Identity;
use crate::primitives::transcript::Transcript;
use ed25519_dalek::PublicKey;
use integer_encoding::VarInt;
use integer_encoding::FixedInt;
use serde::Deserialize;
use serde::Serialize;
use sha3::Digest;
@ -80,14 +80,20 @@ where
longterm_public_key: base64::encode(self.long_term_identity.public_key()),
ephemeral_public_key: base64::encode(self.ephemeral_identity.public_key().to_bytes()),
};
self.local_auth_message_json = serde_json::to_string(&auth_message).unwrap();
self.local_auth_message_json = serde_json::to_string(&auth_message).unwrap_or_default();
match self.conn.send(&self.local_auth_message_json) {
Ok(()) => {
self.remote_auth_message_json = String::from_utf8(self.conn.expect().unwrap()).unwrap();
let remote_auth_message: AuthMessage = serde_json::from_str(self.remote_auth_message_json.as_str()).unwrap();
self.remote_long_term_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.longterm_public_key).unwrap().as_slice()).unwrap();
self.remote_ephemeral_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.ephemeral_public_key).unwrap().as_slice()).unwrap();
}
Ok(()) => match self.conn.expect() {
Ok(buffer) => {
self.remote_auth_message_json = String::from_utf8(buffer).unwrap_or_default();
let remote_auth_message: AuthMessage = serde_json::from_str(self.remote_auth_message_json.as_str()).unwrap_or(AuthMessage {
longterm_public_key: "".to_string(),
ephemeral_public_key: "".to_string(),
});
self.remote_long_term_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.longterm_public_key).unwrap_or_default().as_slice()).unwrap_or_default();
self.remote_ephemeral_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.ephemeral_public_key).unwrap_or_default().as_slice()).unwrap_or_default();
}
_ => {}
},
_ => {
// we fall out of the exchange..if the network fails then the protocol will also fail, as nothing will be instantiated...
}
@ -98,7 +104,7 @@ where
fn generate_challenge_message(&self) -> Vec<u8> {
let mut msg = vec![];
let mut len = [0u8; 2];
((self.challenge.len() + self.long_term_identity.hostname().as_bytes().len()) as u16).encode_var(&mut len);
((self.challenge.len() + self.long_term_identity.hostname().as_bytes().len()) as u16).encode_fixed(&mut len);
msg.extend_from_slice(len.as_slice());
msg.extend_from_slice(self.challenge.as_slice());
msg.extend_from_slice(self.long_term_identity.hostname().as_bytes());

View File

@ -117,7 +117,7 @@ impl<Direction> ConnectionInterface for Connection<Direction> {
Ok(()) => {
// TODO why did I decide to use varints here?!?!
let len = u16::decode_var(&msg[0..2]).unwrap().0 as usize;
// println!("{} [{}]", len, String::from_utf8(msg[2..len + 2].to_vec()).unwrap());
// println!("{} [{}]", len, String::from_utf8(msg[2..len + 2].to_vec()).unwrap());
return Ok(msg[2..len + 2].to_vec());
}
}

View File

@ -1,6 +1,5 @@
use crate::connections::utils::public_key_to_hostname;
use ed25519_dalek::{ExpandedSecretKey, Keypair, PublicKey};
use ed25519_dalek::{ExpandedSecretKey, Keypair, PublicKey, Signer};
use rand::rngs::OsRng;
use serde::{Deserialize, Serialize};
use std::intrinsics::transmute;
@ -13,7 +12,7 @@ use crate::acns::tor::{TorAuthenticated, TorProcess};
#[cfg(any(feature = "onionv3"))]
use crate::acns::ACNError;
#[cfg(any(feature = "onionv3"))]
use ed25519_dalek::{SecretKey};
use ed25519_dalek::SecretKey;
#[derive(Serialize, Deserialize, Debug)]
/// Identity - An ed25519 keypair, required for established a Tor v3 onion service and used to
@ -22,7 +21,6 @@ pub struct Identity {
keypair: Keypair,
}
impl Identity {
/// Initialize a persistent identity
pub fn initialize(keypair: Keypair) -> Arc<Identity> {
@ -37,6 +35,11 @@ impl Identity {
Identity { keypair }
}
/// Sign a message using the encapsulated secret key
pub fn sign(&self, msg: &[u8]) -> ed25519_dalek::Signature {
self.keypair.sign(msg)
}
pub fn public_key(&self) -> ed25519_dalek::PublicKey {
self.keypair.public.clone()
}