From e8a7ad74760ab498ce3dceb0838d23218ee32c2b Mon Sep 17 00:00:00 2001 From: Sergey Cherepanov Date: Sat, 11 Feb 2023 22:52:20 +0300 Subject: [PATCH] handshake proto and implementation --- Makefile | 1 + net/secureservice/handshake/handshake.go | 245 ++++++ net/secureservice/handshake/handshake_test.go | 507 +++++++++++ .../handshake/handshakeproto/handshake.pb.go | 813 ++++++++++++++++++ .../handshakeproto/protos/handshake.proto | 69 ++ 5 files changed, 1635 insertions(+) create mode 100644 net/secureservice/handshake/handshake.go create mode 100644 net/secureservice/handshake/handshake_test.go create mode 100644 net/secureservice/handshake/handshakeproto/handshake.pb.go create mode 100644 net/secureservice/handshake/handshakeproto/protos/handshake.proto diff --git a/Makefile b/Makefile index 5484c4c1..afdfa9d2 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,7 @@ proto: protoc --gogofaster_out=$(PKGMAP):. --go-drpc_out=protolib=github.com/gogo/protobuf:. commonspace/spacesyncproto/protos/*.proto protoc --gogofaster_out=$(PKGMAP):. --go-drpc_out=protolib=github.com/gogo/protobuf:. commonfile/fileproto/protos/*.proto protoc --gogofaster_out=$(PKGMAP):. --go-drpc_out=protolib=github.com/gogo/protobuf:. net/streampool/testservice/protos/*.proto + protoc --gogofaster_out=:. net/secureservice/handshake/handshakeproto/protos/*.proto deps: go mod download diff --git a/net/secureservice/handshake/handshake.go b/net/secureservice/handshake/handshake.go new file mode 100644 index 00000000..8c13cb97 --- /dev/null +++ b/net/secureservice/handshake/handshake.go @@ -0,0 +1,245 @@ +package handshake + +import ( + "encoding/binary" + "errors" + "github.com/anytypeio/any-sync/net/secureservice/handshake/handshakeproto" + "github.com/libp2p/go-libp2p/core/sec" + "golang.org/x/exp/slices" + "io" + "sync" +) + +const headerSize = 5 // 1 byte for type + 4 byte for uint32 size + +const ( + msgTypeCred = byte(1) + msgTypeAck = byte(2) +) + +type handshakeError struct { + e handshakeproto.Error +} + +func (he handshakeError) Error() string { + return he.e.String() +} + +var ( + ErrUnexpectedPayload = handshakeError{handshakeproto.Error_UnexpectedPayload} + ErrDeadlineExceeded = handshakeError{handshakeproto.Error_DeadlineExceeded} + ErrInvalidCredentials = handshakeError{handshakeproto.Error_InvalidCredentials} + ErrPeerDeclinedCredentials = errors.New("remote peer declined the credentials") + ErrSkipVerifyNotAllowed = handshakeError{handshakeproto.Error_SkipVerifyNotAllowed} + ErrUnexpected = handshakeError{handshakeproto.Error_Unexpected} + + ErrGotNotAHandshakeMessage = errors.New("go not a handshake message") +) + +var handshakePool = &sync.Pool{New: func() any { + return &handshake{ + remoteCred: &handshakeproto.Credentials{}, + remoteAck: &handshakeproto.Ack{}, + localAck: &handshakeproto.Ack{}, + buf: make([]byte, 0, 1024), + } +}} + +type CredentialChecker interface { + MakeCredentials(sc sec.SecureConn) *handshakeproto.Credentials + CheckCredential(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error) +} + +func OutgoingHandshake(sc sec.SecureConn, cc CredentialChecker) (err error) { + h := newHandshake() + defer h.release() + h.conn = sc + localCred := cc.MakeCredentials(sc) + if err = h.writeCredentials(localCred); err != nil { + h.tryWriteErrAndClose(err) + return err + } + msg, err := h.readMsg() + if err != nil { + h.tryWriteErrAndClose(err) + return err + } + if msg.ack != nil { + if msg.ack.Error == handshakeproto.Error_InvalidCredentials { + return ErrPeerDeclinedCredentials + } + return handshakeError{e: msg.ack.Error} + } + + if err = cc.CheckCredential(sc, msg.cred); err != nil { + h.tryWriteErrAndClose(err) + return err + } + + if err = h.writeAck(handshakeproto.Error_Null); err != nil { + h.tryWriteErrAndClose(err) + return err + } + + msg, err = h.readMsg() + if err != nil { + h.tryWriteErrAndClose(err) + return err + } + if msg.ack == nil { + err = ErrUnexpectedPayload + h.tryWriteErrAndClose(err) + return err + } + if msg.ack.Error == handshakeproto.Error_Null { + return nil + } else { + _ = h.conn.Close() + return handshakeError{e: msg.ack.Error} + } +} + +func IncomingHandshake(sc sec.SecureConn, cc CredentialChecker) (err error) { + h := newHandshake() + defer h.release() + h.conn = sc + + msg, err := h.readMsg() + if err != nil { + h.tryWriteErrAndClose(err) + return err + } + if msg.ack != nil { + return ErrUnexpectedPayload + } + if err = cc.CheckCredential(sc, msg.cred); err != nil { + h.tryWriteErrAndClose(err) + return err + } + + if err = h.writeCredentials(cc.MakeCredentials(sc)); err != nil { + h.tryWriteErrAndClose(err) + return err + } + + msg, err = h.readMsg() + if err != nil { + h.tryWriteErrAndClose(err) + return err + } + if msg.ack == nil { + err = ErrUnexpectedPayload + h.tryWriteErrAndClose(err) + return err + } + if msg.ack.Error != handshakeproto.Error_Null { + if msg.ack.Error == handshakeproto.Error_InvalidCredentials { + return ErrPeerDeclinedCredentials + } + return handshakeError{e: msg.ack.Error} + } + if err = h.writeAck(handshakeproto.Error_Null); err != nil { + h.tryWriteErrAndClose(err) + return err + } + return +} + +func newHandshake() *handshake { + return handshakePool.Get().(*handshake) +} + +type handshake struct { + conn sec.SecureConn + remoteCred *handshakeproto.Credentials + remoteAck *handshakeproto.Ack + localAck *handshakeproto.Ack + buf []byte +} + +func (h *handshake) writeCredentials(cred *handshakeproto.Credentials) (err error) { + h.buf = slices.Grow(h.buf, cred.Size()+headerSize)[:cred.Size()+headerSize] + n, err := cred.MarshalToSizedBuffer(h.buf[headerSize:]) + if err != nil { + return err + } + return h.writeData(msgTypeCred, n) +} + +func (h *handshake) tryWriteErrAndClose(err error) { + if err == ErrGotNotAHandshakeMessage { + // if we got unexpected message - just close the connection + _ = h.conn.Close() + return + } + var ackErr handshakeproto.Error + if he, ok := err.(handshakeError); ok { + ackErr = he.e + } else { + ackErr = handshakeproto.Error_Unexpected + } + _ = h.writeAck(ackErr) + _ = h.conn.Close() +} + +func (h *handshake) writeAck(ackErr handshakeproto.Error) (err error) { + h.localAck.Error = ackErr + h.buf = slices.Grow(h.buf, h.localAck.Size()+headerSize)[:h.localAck.Size()+headerSize] + n, err := h.localAck.MarshalTo(h.buf[headerSize:]) + if err != nil { + return err + } + return h.writeData(msgTypeAck, n) +} + +func (h *handshake) writeData(tp byte, size int) (err error) { + h.buf[0] = tp + binary.LittleEndian.PutUint32(h.buf[1:headerSize], uint32(size)) + _, err = h.conn.Write(h.buf[:size+headerSize]) + return err +} + +type message struct { + cred *handshakeproto.Credentials + ack *handshakeproto.Ack +} + +func (h *handshake) readMsg() (msg message, err error) { + h.buf = slices.Grow(h.buf, headerSize)[:headerSize] + if _, err = io.ReadFull(h.conn, h.buf[:headerSize]); err != nil { + return + } + tp := h.buf[0] + if tp != msgTypeCred && tp != msgTypeAck { + err = ErrGotNotAHandshakeMessage + return + } + size := binary.LittleEndian.Uint32(h.buf[1:headerSize]) + h.buf = slices.Grow(h.buf, int(size))[:size] + if _, err = io.ReadFull(h.conn, h.buf[:size]); err != nil { + return + } + switch tp { + case msgTypeCred: + if err = h.remoteCred.Unmarshal(h.buf[:size]); err != nil { + return + } + msg.cred = h.remoteCred + case msgTypeAck: + if err = h.remoteAck.Unmarshal(h.buf[:size]); err != nil { + return + } + msg.ack = h.remoteAck + } + return +} + +func (h *handshake) release() { + h.buf = h.buf[:0] + h.conn = nil + h.localAck.Error = 0 + h.remoteAck.Error = 0 + h.remoteCred.Type = 0 + h.remoteCred.Payload = h.remoteCred.Payload[:0] + handshakePool.Put(h) +} diff --git a/net/secureservice/handshake/handshake_test.go b/net/secureservice/handshake/handshake_test.go new file mode 100644 index 00000000..63292428 --- /dev/null +++ b/net/secureservice/handshake/handshake_test.go @@ -0,0 +1,507 @@ +package handshake + +import ( + "github.com/anytypeio/any-sync/net/secureservice/handshake/handshakeproto" + "github.com/anytypeio/any-sync/util/keys/asymmetric/signingkey" + peer2 "github.com/anytypeio/any-sync/util/peer" + "github.com/libp2p/go-libp2p/core/crypto" + "github.com/libp2p/go-libp2p/core/network" + "github.com/libp2p/go-libp2p/core/peer" + "github.com/libp2p/go-libp2p/core/sec" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "net" + _ "net/http/pprof" + "testing" + "time" +) + +var noVerifyChecker = &testCredChecker{ + makeCred: &handshakeproto.Credentials{Type: handshakeproto.CredentialsType_SkipVerify}, + checkCred: func(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error) { + return + }, +} + +func TestOutgoingHandshake(t *testing.T) { + t.Run("success", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + msg, err := h.readMsg() + require.NoError(t, err) + require.Nil(t, msg.ack) + require.NoError(t, noVerifyChecker.CheckCredential(c2, msg.cred)) + // send credential message + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // receive ack + msg, err = h.readMsg() + require.NoError(t, err) + require.Equal(t, handshakeproto.Error_Null, msg.ack.Error) + // send ack + require.NoError(t, h.writeAck(handshakeproto.Error_Null)) + resErr := <-hanshareResCh + assert.NoError(t, resErr) + }) + t.Run("write cred err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + _ = c2.Close() + require.Error(t, <-hanshareResCh) + }) + t.Run("read cred err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + _, err := h.readMsg() + require.NoError(t, err) + _ = c2.Close() + require.Error(t, <-hanshareResCh) + }) + t.Run("ack err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + _, err := h.readMsg() + require.NoError(t, err) + require.NoError(t, h.writeAck(ErrInvalidCredentials.e)) + require.EqualError(t, <-hanshareResCh, ErrPeerDeclinedCredentials.Error()) + }) + t.Run("cred err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, &testCredChecker{makeCred: noVerifyChecker.makeCred, checkErr: ErrInvalidCredentials}) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + _, err := h.readMsg() + require.NoError(t, err) + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + msg, err := h.readMsg() + require.NoError(t, err) + assert.Equal(t, ErrInvalidCredentials.e, msg.ack.Error) + require.EqualError(t, <-hanshareResCh, ErrInvalidCredentials.Error()) + }) + t.Run("write ack err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + _, err := h.readMsg() + require.NoError(t, err) + // write credentials and close conn + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + _ = c2.Close() + require.Error(t, <-hanshareResCh) + }) + t.Run("read ack err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + _, err := h.readMsg() + require.NoError(t, err) + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // read ack and close conn + _, err = h.readMsg() + require.NoError(t, err) + _ = c2.Close() + require.Error(t, <-hanshareResCh) + }) + t.Run("write cred instead ack", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + _, err := h.readMsg() + require.NoError(t, err) + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // read ack + _, err = h.readMsg() + require.NoError(t, err) + // write cred instead ack + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + msg, err := h.readMsg() + require.NoError(t, err) + assert.Equal(t, handshakeproto.Error_UnexpectedPayload, msg.ack.Error) + require.Error(t, <-hanshareResCh) + }) + t.Run("final ack error", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // receive credential message + msg, err := h.readMsg() + require.NoError(t, err) + require.Nil(t, msg.ack) + require.NoError(t, noVerifyChecker.CheckCredential(c2, msg.cred)) + // send credential message + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // receive ack + msg, err = h.readMsg() + require.NoError(t, err) + require.Equal(t, handshakeproto.Error_Null, msg.ack.Error) + // send ack + require.NoError(t, h.writeAck(handshakeproto.Error_UnexpectedPayload)) + resErr := <-hanshareResCh + assert.Error(t, resErr) + }) +} + +func TestIncomingHandshake(t *testing.T) { + t.Run("success", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // wait credentials + msg, err := h.readMsg() + require.NoError(t, err) + require.Nil(t, msg.ack) + require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type) + // write ack + require.NoError(t, h.writeAck(handshakeproto.Error_Null)) + // wait ack + msg, err = h.readMsg() + require.NoError(t, err) + assert.Equal(t, handshakeproto.Error_Null, msg.ack.Error) + require.NoError(t, <-hanshareResCh) + }) + t.Run("write cred err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + _ = c2.Close() + require.Error(t, <-hanshareResCh) + }) + t.Run("read cred err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write credentials and close conn + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + _ = c2.Close() + require.Error(t, <-hanshareResCh) + }) + t.Run("write ack instead cred", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write ack instead cred + require.NoError(t, h.writeAck(handshakeproto.Error_Null)) + require.Error(t, <-hanshareResCh) + }) + t.Run("invalid cred", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, &testCredChecker{makeCred: noVerifyChecker.makeCred, checkErr: ErrInvalidCredentials}) + }() + h := newHandshake() + h.conn = c2 + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // except ack with error + msg, err := h.readMsg() + require.NoError(t, err) + require.Nil(t, msg.cred) + require.Equal(t, handshakeproto.Error_InvalidCredentials, msg.ack.Error) + + require.EqualError(t, <-hanshareResCh, ErrInvalidCredentials.Error()) + }) + t.Run("write cred instead ack", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // read cred + _, err := h.readMsg() + require.NoError(t, err) + // write cred instead ack + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // expect ack with error + msg, err := h.readMsg() + require.Equal(t, handshakeproto.Error_UnexpectedPayload, msg.ack.Error) + require.Error(t, <-hanshareResCh) + }) + t.Run("read ack err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // read cred and close conn + _, err := h.readMsg() + require.NoError(t, err) + _ = c2.Close() + + require.Error(t, <-hanshareResCh) + }) + t.Run("write ack with invalid", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // wait credentials + msg, err := h.readMsg() + require.NoError(t, err) + require.Nil(t, msg.ack) + require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type) + // write ack + require.NoError(t, h.writeAck(handshakeproto.Error_InvalidCredentials)) + + assert.EqualError(t, <-hanshareResCh, ErrPeerDeclinedCredentials.Error()) + }) + t.Run("write ack with err", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // wait credentials + msg, err := h.readMsg() + require.NoError(t, err) + require.Nil(t, msg.ack) + require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type) + // write ack + require.NoError(t, h.writeAck(handshakeproto.Error_Unexpected)) + + assert.EqualError(t, <-hanshareResCh, ErrUnexpected.Error()) + }) + t.Run("final ack error", func(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + // write credentials + require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2))) + // wait credentials + msg, err := h.readMsg() + require.NoError(t, err) + require.Nil(t, msg.ack) + require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type) + // write ack and close conn + require.NoError(t, h.writeAck(handshakeproto.Error_Null)) + _ = c2.Close() + require.Error(t, <-hanshareResCh) + }) +} + +func TestNotAHandshakeMessage(t *testing.T) { + c1, c2 := newConnPair(t) + var hanshareResCh = make(chan error, 1) + go func() { + hanshareResCh <- IncomingHandshake(c1, noVerifyChecker) + }() + h := newHandshake() + h.conn = c2 + _, err := c2.Write([]byte("some unexpected bytes")) + require.Error(t, err) + assert.EqualError(t, <-hanshareResCh, ErrGotNotAHandshakeMessage.Error()) +} + +func TestEndToEnd(t *testing.T) { + c1, c2 := newConnPair(t) + var ( + inRes = make(chan error, 1) + outRes = make(chan error, 1) + ) + st := time.Now() + go func() { + outRes <- OutgoingHandshake(c1, noVerifyChecker) + }() + go func() { + inRes <- IncomingHandshake(c2, noVerifyChecker) + }() + assert.NoError(t, <-outRes) + assert.NoError(t, <-inRes) + t.Log("dur", time.Since(st)) +} + +func BenchmarkHandshake(b *testing.B) { + c1, c2 := newConnPair(b) + var ( + inRes = make(chan error) + outRes = make(chan error) + done = make(chan struct{}) + ) + defer close(done) + go func() { + for { + select { + case outRes <- OutgoingHandshake(c1, noVerifyChecker): + case <-done: + return + } + } + }() + go func() { + for { + select { + case inRes <- IncomingHandshake(c2, noVerifyChecker): + case <-done: + return + } + } + }() + + b.ReportAllocs() + b.ResetTimer() + + for i := 0; i < b.N; i++ { + <-outRes + <-inRes + } +} + +type testCredChecker struct { + makeCred *handshakeproto.Credentials + checkCred func(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error) + checkErr error +} + +func (t *testCredChecker) MakeCredentials(sc sec.SecureConn) *handshakeproto.Credentials { + return t.makeCred +} + +func (t *testCredChecker) CheckCredential(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error) { + if t.checkErr != nil { + return t.checkErr + } + if t.checkCred != nil { + return t.checkCred(sc, cred) + } + return nil +} + +func newConnPair(t require.TestingT) (sc1, sc2 *secConn) { + c1, c2 := net.Pipe() + sk1, _, err := signingkey.GenerateRandomEd25519KeyPair() + require.NoError(t, err) + sk1b, err := sk1.Raw() + signKey1, err := crypto.UnmarshalEd25519PrivateKey(sk1b) + require.NoError(t, err) + sk2, _, err := signingkey.GenerateRandomEd25519KeyPair() + require.NoError(t, err) + sk2b, err := sk2.Raw() + signKey2, err := crypto.UnmarshalEd25519PrivateKey(sk2b) + require.NoError(t, err) + peerId1, err := peer2.IdFromSigningPubKey(sk1.GetPublic()) + require.NoError(t, err) + peerId2, err := peer2.IdFromSigningPubKey(sk2.GetPublic()) + require.NoError(t, err) + sc1 = &secConn{ + Conn: c1, + localKey: signKey1, + remotePeer: peerId2, + } + sc2 = &secConn{ + Conn: c2, + localKey: signKey2, + remotePeer: peerId1, + } + return +} + +type secConn struct { + net.Conn + localKey crypto.PrivKey + remotePeer peer.ID +} + +func (s *secConn) LocalPeer() peer.ID { + skB, _ := s.localKey.Raw() + sk, _ := signingkey.NewSigningEd25519PubKeyFromBytes(skB) + lp, _ := peer2.IdFromSigningPubKey(sk) + return lp +} + +func (s *secConn) LocalPrivateKey() crypto.PrivKey { + return s.localKey +} + +func (s *secConn) RemotePeer() peer.ID { + return s.remotePeer +} + +func (s *secConn) RemotePublicKey() crypto.PubKey { + return nil +} + +func (s *secConn) ConnState() network.ConnectionState { + return network.ConnectionState{} +} diff --git a/net/secureservice/handshake/handshakeproto/handshake.pb.go b/net/secureservice/handshake/handshakeproto/handshake.pb.go new file mode 100644 index 00000000..d38b7e3d --- /dev/null +++ b/net/secureservice/handshake/handshakeproto/handshake.pb.go @@ -0,0 +1,813 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: net/secureservice/handshake/handshakeproto/protos/handshake.proto + +package handshakeproto + +import ( + fmt "fmt" + proto "github.com/gogo/protobuf/proto" + io "io" + math "math" + math_bits "math/bits" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +type CredentialsType int32 + +const ( + // SkipVerify using when identity is not required, for example in p2p cases + CredentialsType_SkipVerify CredentialsType = 0 + // SignedPeerIds using a payload containing PayloadSignedPeerIds message + CredentialsType_SignedPeerIds CredentialsType = 1 +) + +var CredentialsType_name = map[int32]string{ + 0: "SkipVerify", + 1: "SignedPeerIds", +} + +var CredentialsType_value = map[string]int32{ + "SkipVerify": 0, + "SignedPeerIds": 1, +} + +func (x CredentialsType) String() string { + return proto.EnumName(CredentialsType_name, int32(x)) +} + +func (CredentialsType) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_60283fc75f020893, []int{0} +} + +type Error int32 + +const ( + Error_Null Error = 0 + Error_Unexpected Error = 1 + Error_InvalidCredentials Error = 2 + Error_UnexpectedPayload Error = 3 + Error_SkipVerifyNotAllowed Error = 4 + Error_DeadlineExceeded Error = 5 +) + +var Error_name = map[int32]string{ + 0: "Null", + 1: "Unexpected", + 2: "InvalidCredentials", + 3: "UnexpectedPayload", + 4: "SkipVerifyNotAllowed", + 5: "DeadlineExceeded", +} + +var Error_value = map[string]int32{ + "Null": 0, + "Unexpected": 1, + "InvalidCredentials": 2, + "UnexpectedPayload": 3, + "SkipVerifyNotAllowed": 4, + "DeadlineExceeded": 5, +} + +func (x Error) String() string { + return proto.EnumName(Error_name, int32(x)) +} + +func (Error) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_60283fc75f020893, []int{1} +} + +type Credentials struct { + Type CredentialsType `protobuf:"varint,1,opt,name=type,proto3,enum=anyHandshake.CredentialsType" json:"type,omitempty"` + Payload []byte `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"` +} + +func (m *Credentials) Reset() { *m = Credentials{} } +func (m *Credentials) String() string { return proto.CompactTextString(m) } +func (*Credentials) ProtoMessage() {} +func (*Credentials) Descriptor() ([]byte, []int) { + return fileDescriptor_60283fc75f020893, []int{0} +} +func (m *Credentials) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Credentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_Credentials.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *Credentials) XXX_Merge(src proto.Message) { + xxx_messageInfo_Credentials.Merge(m, src) +} +func (m *Credentials) XXX_Size() int { + return m.Size() +} +func (m *Credentials) XXX_DiscardUnknown() { + xxx_messageInfo_Credentials.DiscardUnknown(m) +} + +var xxx_messageInfo_Credentials proto.InternalMessageInfo + +func (m *Credentials) GetType() CredentialsType { + if m != nil { + return m.Type + } + return CredentialsType_SkipVerify +} + +func (m *Credentials) GetPayload() []byte { + if m != nil { + return m.Payload + } + return nil +} + +type PayloadSignedPeerIds struct { + // account identity + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + // sign of (localPeerId + remotePeerId) + Sign []byte `protobuf:"bytes,2,opt,name=sign,proto3" json:"sign,omitempty"` +} + +func (m *PayloadSignedPeerIds) Reset() { *m = PayloadSignedPeerIds{} } +func (m *PayloadSignedPeerIds) String() string { return proto.CompactTextString(m) } +func (*PayloadSignedPeerIds) ProtoMessage() {} +func (*PayloadSignedPeerIds) Descriptor() ([]byte, []int) { + return fileDescriptor_60283fc75f020893, []int{1} +} +func (m *PayloadSignedPeerIds) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PayloadSignedPeerIds) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_PayloadSignedPeerIds.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *PayloadSignedPeerIds) XXX_Merge(src proto.Message) { + xxx_messageInfo_PayloadSignedPeerIds.Merge(m, src) +} +func (m *PayloadSignedPeerIds) XXX_Size() int { + return m.Size() +} +func (m *PayloadSignedPeerIds) XXX_DiscardUnknown() { + xxx_messageInfo_PayloadSignedPeerIds.DiscardUnknown(m) +} + +var xxx_messageInfo_PayloadSignedPeerIds proto.InternalMessageInfo + +func (m *PayloadSignedPeerIds) GetIdentity() []byte { + if m != nil { + return m.Identity + } + return nil +} + +func (m *PayloadSignedPeerIds) GetSign() []byte { + if m != nil { + return m.Sign + } + return nil +} + +type Ack struct { + Error Error `protobuf:"varint,1,opt,name=error,proto3,enum=anyHandshake.Error" json:"error,omitempty"` +} + +func (m *Ack) Reset() { *m = Ack{} } +func (m *Ack) String() string { return proto.CompactTextString(m) } +func (*Ack) ProtoMessage() {} +func (*Ack) Descriptor() ([]byte, []int) { + return fileDescriptor_60283fc75f020893, []int{2} +} +func (m *Ack) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Ack) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_Ack.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *Ack) XXX_Merge(src proto.Message) { + xxx_messageInfo_Ack.Merge(m, src) +} +func (m *Ack) XXX_Size() int { + return m.Size() +} +func (m *Ack) XXX_DiscardUnknown() { + xxx_messageInfo_Ack.DiscardUnknown(m) +} + +var xxx_messageInfo_Ack proto.InternalMessageInfo + +func (m *Ack) GetError() Error { + if m != nil { + return m.Error + } + return Error_Null +} + +func init() { + proto.RegisterEnum("anyHandshake.CredentialsType", CredentialsType_name, CredentialsType_value) + proto.RegisterEnum("anyHandshake.Error", Error_name, Error_value) + proto.RegisterType((*Credentials)(nil), "anyHandshake.Credentials") + proto.RegisterType((*PayloadSignedPeerIds)(nil), "anyHandshake.PayloadSignedPeerIds") + proto.RegisterType((*Ack)(nil), "anyHandshake.Ack") +} + +func init() { + proto.RegisterFile("net/secureservice/handshake/handshakeproto/protos/handshake.proto", fileDescriptor_60283fc75f020893) +} + +var fileDescriptor_60283fc75f020893 = []byte{ + // 362 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x51, 0xcd, 0x8e, 0xda, 0x30, + 0x18, 0x8c, 0x21, 0xb4, 0xe8, 0x2b, 0xa5, 0xc6, 0xa5, 0x55, 0x54, 0xa9, 0x11, 0xe2, 0x44, 0x39, + 0x40, 0xff, 0x5e, 0x80, 0x16, 0xaa, 0x72, 0x41, 0x28, 0xb4, 0x3d, 0x70, 0x73, 0xe3, 0xaf, 0x60, + 0x61, 0x39, 0x91, 0x13, 0x28, 0xb9, 0xed, 0x23, 0xec, 0x63, 0xed, 0x91, 0xe3, 0x1e, 0x57, 0xf0, + 0x22, 0x2b, 0x0c, 0x2c, 0x61, 0x4f, 0x7b, 0xb1, 0xe7, 0x1b, 0x8f, 0x67, 0xc6, 0x32, 0xf4, 0x34, + 0xa6, 0xdd, 0x04, 0xc3, 0xa5, 0xc1, 0x04, 0xcd, 0x4a, 0x86, 0xd8, 0x9d, 0x73, 0x2d, 0x92, 0x39, + 0x5f, 0xe4, 0x50, 0x6c, 0xa2, 0x34, 0xea, 0xda, 0x35, 0x39, 0xb3, 0x1d, 0x4b, 0xb0, 0x0a, 0xd7, + 0xd9, 0xcf, 0x13, 0xd7, 0x9c, 0xc2, 0x8b, 0xef, 0x06, 0x05, 0xea, 0x54, 0x72, 0x95, 0xb0, 0x4f, + 0xe0, 0xa6, 0x59, 0x8c, 0x1e, 0x69, 0x90, 0x56, 0xf5, 0xf3, 0xfb, 0x4e, 0x5e, 0xdb, 0xc9, 0x09, + 0x7f, 0x65, 0x31, 0x06, 0x56, 0xca, 0x3c, 0x78, 0x1e, 0xf3, 0x4c, 0x45, 0x5c, 0x78, 0x85, 0x06, + 0x69, 0x55, 0x82, 0xd3, 0xd8, 0xfc, 0x01, 0xf5, 0xf1, 0x01, 0x4e, 0xe4, 0x4c, 0xa3, 0x18, 0x23, + 0x9a, 0xa1, 0x48, 0xd8, 0x3b, 0x28, 0x4b, 0x6b, 0x94, 0x66, 0x36, 0xa8, 0x12, 0x3c, 0xcc, 0x8c, + 0x81, 0x9b, 0xc8, 0x99, 0x3e, 0x5a, 0x59, 0xdc, 0xfc, 0x08, 0xc5, 0x5e, 0xb8, 0x60, 0x1f, 0xa0, + 0x84, 0xc6, 0x44, 0xe6, 0x58, 0xee, 0xf5, 0x65, 0xb9, 0xc1, 0xfe, 0x28, 0x38, 0x28, 0xda, 0x5f, + 0xe1, 0xd5, 0xa3, 0xb2, 0xac, 0x0a, 0x30, 0x59, 0xc8, 0xf8, 0x0f, 0x1a, 0xf9, 0x2f, 0xa3, 0x0e, + 0xab, 0xc1, 0xcb, 0x8b, 0x56, 0x94, 0xb4, 0xaf, 0x08, 0x94, 0xac, 0x0d, 0x2b, 0x83, 0x3b, 0x5a, + 0x2a, 0x45, 0x9d, 0xfd, 0xb5, 0xdf, 0x1a, 0xd7, 0x31, 0x86, 0x29, 0x0a, 0x4a, 0xd8, 0x5b, 0x60, + 0x43, 0xbd, 0xe2, 0x4a, 0x8a, 0x5c, 0x00, 0x2d, 0xb0, 0x37, 0x50, 0x3b, 0xeb, 0x8e, 0xaf, 0xa6, + 0x45, 0xe6, 0x41, 0xfd, 0x9c, 0x3a, 0x8a, 0xd2, 0x9e, 0x52, 0xd1, 0x7f, 0x14, 0xd4, 0x65, 0x75, + 0xa0, 0x7d, 0xe4, 0x42, 0x49, 0x8d, 0x83, 0x75, 0x88, 0x28, 0x50, 0xd0, 0xd2, 0xb7, 0xfe, 0xcd, + 0xd6, 0x27, 0x9b, 0xad, 0x4f, 0xee, 0xb6, 0x3e, 0xb9, 0xde, 0xf9, 0xce, 0x66, 0xe7, 0x3b, 0xb7, + 0x3b, 0xdf, 0x99, 0xb6, 0x9f, 0xfe, 0xf3, 0x7f, 0x9f, 0xd9, 0xed, 0xcb, 0x7d, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xa0, 0x48, 0xdf, 0x7a, 0x2e, 0x02, 0x00, 0x00, +} + +func (m *Credentials) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Credentials) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Credentials) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Payload) > 0 { + i -= len(m.Payload) + copy(dAtA[i:], m.Payload) + i = encodeVarintHandshake(dAtA, i, uint64(len(m.Payload))) + i-- + dAtA[i] = 0x12 + } + if m.Type != 0 { + i = encodeVarintHandshake(dAtA, i, uint64(m.Type)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func (m *PayloadSignedPeerIds) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PayloadSignedPeerIds) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PayloadSignedPeerIds) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Sign) > 0 { + i -= len(m.Sign) + copy(dAtA[i:], m.Sign) + i = encodeVarintHandshake(dAtA, i, uint64(len(m.Sign))) + i-- + dAtA[i] = 0x12 + } + if len(m.Identity) > 0 { + i -= len(m.Identity) + copy(dAtA[i:], m.Identity) + i = encodeVarintHandshake(dAtA, i, uint64(len(m.Identity))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *Ack) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Ack) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Ack) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Error != 0 { + i = encodeVarintHandshake(dAtA, i, uint64(m.Error)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil +} + +func encodeVarintHandshake(dAtA []byte, offset int, v uint64) int { + offset -= sovHandshake(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *Credentials) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Type != 0 { + n += 1 + sovHandshake(uint64(m.Type)) + } + l = len(m.Payload) + if l > 0 { + n += 1 + l + sovHandshake(uint64(l)) + } + return n +} + +func (m *PayloadSignedPeerIds) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Identity) + if l > 0 { + n += 1 + l + sovHandshake(uint64(l)) + } + l = len(m.Sign) + if l > 0 { + n += 1 + l + sovHandshake(uint64(l)) + } + return n +} + +func (m *Ack) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Error != 0 { + n += 1 + sovHandshake(uint64(m.Error)) + } + return n +} + +func sovHandshake(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozHandshake(x uint64) (n int) { + return sovHandshake(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *Credentials) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Credentials: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Credentials: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType) + } + m.Type = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Type |= CredentialsType(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Payload", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthHandshake + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthHandshake + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Payload = append(m.Payload[:0], dAtA[iNdEx:postIndex]...) + if m.Payload == nil { + m.Payload = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipHandshake(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthHandshake + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PayloadSignedPeerIds) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PayloadSignedPeerIds: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PayloadSignedPeerIds: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthHandshake + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthHandshake + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...) + if m.Identity == nil { + m.Identity = []byte{} + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Sign", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthHandshake + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthHandshake + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Sign = append(m.Sign[:0], dAtA[iNdEx:postIndex]...) + if m.Sign == nil { + m.Sign = []byte{} + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipHandshake(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthHandshake + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Ack) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Ack: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Ack: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType) + } + m.Error = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHandshake + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Error |= Error(b&0x7F) << shift + if b < 0x80 { + break + } + } + default: + iNdEx = preIndex + skippy, err := skipHandshake(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthHandshake + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipHandshake(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowHandshake + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowHandshake + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowHandshake + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthHandshake + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupHandshake + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthHandshake + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthHandshake = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowHandshake = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupHandshake = fmt.Errorf("proto: unexpected end of group") +) diff --git a/net/secureservice/handshake/handshakeproto/protos/handshake.proto b/net/secureservice/handshake/handshakeproto/protos/handshake.proto new file mode 100644 index 00000000..8f014248 --- /dev/null +++ b/net/secureservice/handshake/handshakeproto/protos/handshake.proto @@ -0,0 +1,69 @@ +syntax = "proto3"; +package anyHandshake; + +option go_package = "net/secureservice/handshake/handshakeproto"; + +/* + +Alice opens a new connection with Bob +1. TLS handshake done successfully; both sides know local and remote peer identifiers. + +2. Alice sends a Credentials message to Bob + +3. Bob receives Alice's message and validates her credentials + 3.1 If credentials are valid, Bob sends his credentials to Alice + 3.2 If credentials are invalid, Bob sends an Ack message with an error and closes the connection + +4. Alice receives Bob's message + 4.1 If it is a credentials message, Alice validates it + 4.1.1 If credentials are valid, Alice sends Ack message with error=Null + 4.1.2 If credentials are invalid, Alice sends an Ack message with an error and closes the connection + 4.2 If it is an Ack message, Alice has an error about why the handshake was unsuccessful + +5. Bob receives an Ack message from Alice + 5.1 If error == Null, Bob sends Ack with error=Null to Alice - handshake successful + 5.2 If error != Null, Bob has an error about why the handshake was unsuccessful + + +Successful handshake scheme: + Alice -> [CREDENTIALS] -> Bob + Bob -> [CREDENTIALS] -> Alice + Alice -> [Ack:Error=Null] -> Bob + Bob -> [Ack:Error=Null] -> Alice + + */ + +message Credentials { + CredentialsType type = 1; + bytes payload = 2; +} + +enum CredentialsType { + // SkipVerify using when identity is not required, for example in p2p cases + SkipVerify = 0; + // SignedPeerIds using a payload containing PayloadSignedPeerIds message + SignedPeerIds = 1; +} + + +message PayloadSignedPeerIds { + // account identity + bytes identity = 1; + // sign of (localPeerId + remotePeerId) + bytes sign = 2; +} + + +message Ack { + Error error = 1; +} + + +enum Error { + Null = 0; + Unexpected = 1; + InvalidCredentials = 2; + UnexpectedPayload = 3; + SkipVerifyNotAllowed = 4; + DeadlineExceeded = 5; +} \ No newline at end of file