Signing and Better Error Handling in Auth App for early Termination
This commit is contained in:
parent
fb3673fb42
commit
dec3660f46
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "tapir-cwtch"
|
||||
version = "0.1.6"
|
||||
version = "0.1.7"
|
||||
authors = ["Sarah Jamie Lewis <sarah@openprivacy.ca>"]
|
||||
edition = "2018"
|
||||
license = "MIT"
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
use std::sync::Arc;
|
||||
use tapir_cwtch::applications::authentication_app::{AuthenicationApp, AUTHENTICATION_CAPABILITY};
|
||||
use tapir_cwtch::connections::service::Service;
|
||||
use tapir_cwtch::connections::{Connection, ConnectionInterface, OutboundConnection};
|
||||
use tapir_cwtch::primitives::identity::Identity;
|
||||
use tapir_cwtch::primitives::transcript::Transcript;
|
||||
use std::sync::Arc;
|
||||
|
||||
fn main() {
|
||||
let identity = Arc::new(Identity::initialize_ephemeral_identity());
|
||||
|
@ -24,7 +24,7 @@ fn main() {
|
|||
}
|
||||
}
|
||||
};
|
||||
match service.connect("we5hvq7s6uvrdxf5hfqis6xd3s2yxl3jtpway5ziivbtsxunwaee6eyd", outbound_service.clone()) {
|
||||
match service.connect("qz4o3mqhzw6ye3jjadbi3l7g2rldbnkidf255iwsl4vfvrzsl26drfad", outbound_service.clone()) {
|
||||
_ => {}
|
||||
}
|
||||
loop {}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
use std::sync::Arc;
|
||||
use tapir_cwtch::acns::tor::authentication::HashedPassword;
|
||||
use tapir_cwtch::acns::tor::TorProcess;
|
||||
use tapir_cwtch::applications::authentication_app::AuthenicationApp;
|
||||
|
@ -6,7 +6,6 @@ use tapir_cwtch::connections::service::Service;
|
|||
use tapir_cwtch::connections::{Connection, ConnectionInterface, InboundConnection};
|
||||
use tapir_cwtch::primitives::identity::Identity;
|
||||
use tapir_cwtch::primitives::transcript::Transcript;
|
||||
use std::sync::Arc;
|
||||
|
||||
fn main() {
|
||||
let mut auth_control_port = TorProcess::connect(9051)
|
||||
|
@ -23,7 +22,6 @@ fn main() {
|
|||
|
||||
let service = Service::init(identity.clone());
|
||||
|
||||
|
||||
let inbound_service = |conn: Connection<InboundConnection>| {
|
||||
let mut transcript = Transcript::new_transcript("tapir-transcript");
|
||||
let mut auth_app = AuthenicationApp::new(identity);
|
||||
|
|
|
@ -62,13 +62,7 @@ impl TorProcess<TorAuthenticated> {
|
|||
/// Tell the control port to create a new Onion V3 service given the ed25519 secret key...
|
||||
pub fn add_onion_v3(&mut self, secret_key: ed25519_dalek::SecretKey, virtual_port: u16, target_port: u16) -> Result<String, ACNError> {
|
||||
let esk = ExpandedSecretKey::from(&secret_key);
|
||||
match write!(
|
||||
self.conn,
|
||||
"ADD_ONION ED25519-V3:{} Port={},{}\r\n",
|
||||
base64::encode(esk.to_bytes()),
|
||||
virtual_port,
|
||||
target_port
|
||||
) {
|
||||
match write!(self.conn, "ADD_ONION ED25519-V3:{} Port={},{}\r\n", base64::encode(esk.to_bytes()), virtual_port, target_port) {
|
||||
_ => {}
|
||||
}
|
||||
let mut reader = BufReader::new(self.conn.try_clone().unwrap());
|
||||
|
|
|
@ -4,7 +4,7 @@ use crate::connections::{Capability, Connection, ConnectionInterface, InboundCon
|
|||
use crate::primitives::identity::Identity;
|
||||
use crate::primitives::transcript::Transcript;
|
||||
use ed25519_dalek::PublicKey;
|
||||
use integer_encoding::VarInt;
|
||||
use integer_encoding::FixedInt;
|
||||
use serde::Deserialize;
|
||||
use serde::Serialize;
|
||||
use sha3::Digest;
|
||||
|
@ -80,14 +80,20 @@ where
|
|||
longterm_public_key: base64::encode(self.long_term_identity.public_key()),
|
||||
ephemeral_public_key: base64::encode(self.ephemeral_identity.public_key().to_bytes()),
|
||||
};
|
||||
self.local_auth_message_json = serde_json::to_string(&auth_message).unwrap();
|
||||
self.local_auth_message_json = serde_json::to_string(&auth_message).unwrap_or_default();
|
||||
match self.conn.send(&self.local_auth_message_json) {
|
||||
Ok(()) => {
|
||||
self.remote_auth_message_json = String::from_utf8(self.conn.expect().unwrap()).unwrap();
|
||||
let remote_auth_message: AuthMessage = serde_json::from_str(self.remote_auth_message_json.as_str()).unwrap();
|
||||
self.remote_long_term_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.longterm_public_key).unwrap().as_slice()).unwrap();
|
||||
self.remote_ephemeral_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.ephemeral_public_key).unwrap().as_slice()).unwrap();
|
||||
}
|
||||
Ok(()) => match self.conn.expect() {
|
||||
Ok(buffer) => {
|
||||
self.remote_auth_message_json = String::from_utf8(buffer).unwrap_or_default();
|
||||
let remote_auth_message: AuthMessage = serde_json::from_str(self.remote_auth_message_json.as_str()).unwrap_or(AuthMessage {
|
||||
longterm_public_key: "".to_string(),
|
||||
ephemeral_public_key: "".to_string(),
|
||||
});
|
||||
self.remote_long_term_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.longterm_public_key).unwrap_or_default().as_slice()).unwrap_or_default();
|
||||
self.remote_ephemeral_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.ephemeral_public_key).unwrap_or_default().as_slice()).unwrap_or_default();
|
||||
}
|
||||
_ => {}
|
||||
},
|
||||
_ => {
|
||||
// we fall out of the exchange..if the network fails then the protocol will also fail, as nothing will be instantiated...
|
||||
}
|
||||
|
@ -98,7 +104,7 @@ where
|
|||
fn generate_challenge_message(&self) -> Vec<u8> {
|
||||
let mut msg = vec![];
|
||||
let mut len = [0u8; 2];
|
||||
((self.challenge.len() + self.long_term_identity.hostname().as_bytes().len()) as u16).encode_var(&mut len);
|
||||
((self.challenge.len() + self.long_term_identity.hostname().as_bytes().len()) as u16).encode_fixed(&mut len);
|
||||
msg.extend_from_slice(len.as_slice());
|
||||
msg.extend_from_slice(self.challenge.as_slice());
|
||||
msg.extend_from_slice(self.long_term_identity.hostname().as_bytes());
|
||||
|
|
|
@ -117,7 +117,7 @@ impl<Direction> ConnectionInterface for Connection<Direction> {
|
|||
Ok(()) => {
|
||||
// TODO why did I decide to use varints here?!?!
|
||||
let len = u16::decode_var(&msg[0..2]).unwrap().0 as usize;
|
||||
// println!("{} [{}]", len, String::from_utf8(msg[2..len + 2].to_vec()).unwrap());
|
||||
// println!("{} [{}]", len, String::from_utf8(msg[2..len + 2].to_vec()).unwrap());
|
||||
return Ok(msg[2..len + 2].to_vec());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
|
||||
use crate::connections::utils::public_key_to_hostname;
|
||||
use ed25519_dalek::{ExpandedSecretKey, Keypair, PublicKey};
|
||||
use ed25519_dalek::{ExpandedSecretKey, Keypair, PublicKey, Signer};
|
||||
use rand::rngs::OsRng;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use std::intrinsics::transmute;
|
||||
|
@ -13,7 +12,7 @@ use crate::acns::tor::{TorAuthenticated, TorProcess};
|
|||
#[cfg(any(feature = "onionv3"))]
|
||||
use crate::acns::ACNError;
|
||||
#[cfg(any(feature = "onionv3"))]
|
||||
use ed25519_dalek::{SecretKey};
|
||||
use ed25519_dalek::SecretKey;
|
||||
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
/// Identity - An ed25519 keypair, required for established a Tor v3 onion service and used to
|
||||
|
@ -22,7 +21,6 @@ pub struct Identity {
|
|||
keypair: Keypair,
|
||||
}
|
||||
|
||||
|
||||
impl Identity {
|
||||
/// Initialize a persistent identity
|
||||
pub fn initialize(keypair: Keypair) -> Arc<Identity> {
|
||||
|
@ -37,6 +35,11 @@ impl Identity {
|
|||
Identity { keypair }
|
||||
}
|
||||
|
||||
/// Sign a message using the encapsulated secret key
|
||||
pub fn sign(&self, msg: &[u8]) -> ed25519_dalek::Signature {
|
||||
self.keypair.sign(msg)
|
||||
}
|
||||
|
||||
pub fn public_key(&self) -> ed25519_dalek::PublicKey {
|
||||
self.keypair.public.clone()
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue