Fixing up API

This commit is contained in:
Sarah Jamie Lewis 2021-01-12 04:19:49 -08:00
parent e36d4e2c0a
commit e105d30ac3
4 changed files with 28 additions and 24 deletions

View File

@ -1,17 +1,15 @@
# Tapir-rs: Tiny Anonymous Peer (in Rust)
A prototype for the inevitable transition of Cwtch and other Open Privacy projects from Golang to Rust!
Very WIP. Currently supports authentication over Tor v3 onion services aligned with https://cwtch.im
Very WIP:
## Examples
## Primitives
Run an ephemeral server:
* Identity - Done!
* Transcript - Done!
cargo run --example simple_server
## Applications
* TranscriptApp
* AuthenticationApp
Update `examples/simple_client.rs` to connect to the address generated by `simple_server` and then run:
## Networks
* Base Onion Service
cargo run --example simple_client
Both the server and client should authenticate each other.

View File

@ -1,9 +1,9 @@
use tapir::acns::tor::authentication::HashedPassword;
use ed25519_dalek::SecretKey;
use tapir::primitives::identity::Identity;
use tapir::connections::{OutboundConnection, Connection, InboundConnection, ConnectionInterface};
use tapir::connections::{OutboundConnection, Connection, ConnectionInterface};
use tapir::primitives::transcript::Transcript;
use tapir::applications::authentication_app::{AuthenicationApp, AuthenticationCapability};
use tapir::applications::authentication_app::{AuthenicationApp, AUTHENTICATION_CAPABILITY};
use tapir::connections::service::Service;
use rand::rngs::OsRng;
use tapir::acns::tor::TorProcess;
@ -26,19 +26,19 @@ fn main() {
let identity = identity.clone();
let outbound_identity = identity.clone();
let outbound_service = |mut conn: Connection<OutboundConnection>| {
let outbound_service = |conn: Connection<OutboundConnection>| {
let mut transcript = Transcript::new_transcript("tapir-transcript");
let mut auth_app = AuthenicationApp::new(outbound_identity);
match auth_app.run_outbound(conn, &mut transcript) {
Ok(conn) => {
println!("Authenticated {} {}", conn.hostname(), conn.has_capability(&AuthenticationCapability));
println!("Authenticated {} {}", conn.hostname(), conn.has_capability(&AUTHENTICATION_CAPABILITY));
}
Err(err) => {
println!("Error: {:?}", err);
}
}
};
match service.connect("lzry2bfjkdzlx64aksxw5jpz6qdnvjoekpkzjqclpd4wz25dbv2pasid", outbound_service.clone()) {
match service.connect("5x6q5vwn5lgwy5u5c7pr3nl2ktfovomkmemlatnnycgm4dpt4kxvokyd", outbound_service.clone()) {
_ => {}
}
loop {}

View File

@ -1,7 +1,7 @@
use tapir::acns::tor::authentication::HashedPassword;
use ed25519_dalek::SecretKey;
use tapir::primitives::identity::Identity;
use tapir::connections::{OutboundConnection, Connection, InboundConnection, ConnectionInterface};
use tapir::connections::{Connection, InboundConnection, ConnectionInterface};
use tapir::primitives::transcript::Transcript;
use tapir::applications::authentication_app::AuthenicationApp;
use tapir::connections::service::Service;
@ -25,7 +25,7 @@ fn main() {
let service = Service::init(identity.clone());
let identity = identity.clone();
let inbound_service = |mut conn: Connection<InboundConnection>| {
let inbound_service = |conn: Connection<InboundConnection>| {
let mut transcript = Transcript::new_transcript("tapir-transcript");
let mut auth_app = AuthenicationApp::new(identity);
match auth_app.run_inbound(conn, &mut transcript) {
@ -38,7 +38,7 @@ fn main() {
}
};
let mut service = service.listen(10029, inbound_service.clone()).unwrap_or_else(|_| panic!());
let mut _service = service.listen(10029, inbound_service.clone()).unwrap_or_else(|_| panic!());
loop {}
}

View File

@ -78,11 +78,17 @@ impl<Direction> AuthenticationSession<Direction> where Direction:Clone {
ephemeral_public_key: base64::encode(self.ephemeral_identity.public_key().to_bytes()),
};
self.local_auth_message_json = serde_json::to_string(&auth_message).unwrap();
self.conn.send(&self.local_auth_message_json);
self.remote_auth_message_json = String::from_utf8(self.conn.expect().unwrap()).unwrap();
let remote_auth_message: AuthMessage = serde_json::from_str(self.remote_auth_message_json.as_str()).unwrap();
self.remote_long_term_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.longterm_public_key).unwrap().as_slice()).unwrap();
self.remote_ephemeral_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.ephemeral_public_key).unwrap().as_slice()).unwrap();
match self.conn.send(&self.local_auth_message_json) {
Ok(()) => {
self.remote_auth_message_json = String::from_utf8(self.conn.expect().unwrap()).unwrap();
let remote_auth_message: AuthMessage = serde_json::from_str(self.remote_auth_message_json.as_str()).unwrap();
self.remote_long_term_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.longterm_public_key).unwrap().as_slice()).unwrap();
self.remote_ephemeral_identity = PublicKey::from_bytes(base64::decode(&remote_auth_message.ephemeral_public_key).unwrap().as_slice()).unwrap();
}
_ => {
// we fall out of the exchange..if the network fails then the protocol will also fail, as nothing will be instantiated...
}
};
}
/// generate the message for the local challenge based a new transcript hash.
@ -106,7 +112,7 @@ impl<Direction> AuthenticationSession<Direction> where Direction:Clone {
cmp_challenge.extend_from_slice(public_key_to_hostname(&self.remote_long_term_identity).as_bytes());
if remote_challenge.ct_eq(cmp_challenge.as_slice()).unwrap_u8() == 1 {
self.conn.set_hostname(&public_key_to_hostname(&self.remote_long_term_identity));
self.conn.set_capability(&AuthenticationCapability);
self.conn.set_capability(&AUTHENTICATION_CAPABILITY);
return Ok(self.conn.try_clone());
}
self.conn.shutdown();