- package conn
-
- import (
- "bytes"
- "errors"
- "io"
- "testing"
-
- gogotypes "github.com/gogo/protobuf/types"
- "github.com/gtank/merlin"
- "github.com/stretchr/testify/assert"
- "golang.org/x/crypto/chacha20poly1305"
-
- "github.com/tendermint/tendermint/crypto"
- "github.com/tendermint/tendermint/crypto/ed25519"
- cryptoenc "github.com/tendermint/tendermint/crypto/encoding"
- "github.com/tendermint/tendermint/libs/protoio"
- tmp2p "github.com/tendermint/tendermint/proto/p2p"
- )
-
- type buffer struct {
- next bytes.Buffer
- }
-
- func (b *buffer) Read(data []byte) (n int, err error) {
- return b.next.Read(data)
- }
-
- func (b *buffer) Write(data []byte) (n int, err error) {
- return b.next.Write(data)
- }
-
- func (b *buffer) Bytes() []byte {
- return b.next.Bytes()
- }
-
- func (b *buffer) Close() error {
- return nil
- }
-
- type evilConn struct {
- secretConn *SecretConnection
- buffer *buffer
-
- locEphPub *[32]byte
- locEphPriv *[32]byte
- remEphPub *[32]byte
- privKey crypto.PrivKey
-
- readStep int
- writeStep int
- readOffset int
-
- shareEphKey bool
- badEphKey bool
- shareAuthSignature bool
- badAuthSignature bool
- }
-
- func newEvilConn(shareEphKey, badEphKey, shareAuthSignature, badAuthSignature bool) *evilConn {
- privKey := ed25519.GenPrivKey()
- locEphPub, locEphPriv := genEphKeys()
- var rep [32]byte
- c := &evilConn{
- locEphPub: locEphPub,
- locEphPriv: locEphPriv,
- remEphPub: &rep,
- privKey: privKey,
-
- shareEphKey: shareEphKey,
- badEphKey: badEphKey,
- shareAuthSignature: shareAuthSignature,
- badAuthSignature: badAuthSignature,
- }
-
- return c
- }
-
- func (c *evilConn) Read(data []byte) (n int, err error) {
- if !c.shareEphKey {
- return 0, io.EOF
- }
-
- switch c.readStep {
- case 0:
- if !c.badEphKey {
- lc := *c.locEphPub
- bz, err := protoio.MarshalDelimited(&gogotypes.BytesValue{Value: lc[:]})
- if err != nil {
- panic(err)
- }
- copy(data, bz[c.readOffset:])
- n = len(data)
- } else {
- bz, err := protoio.MarshalDelimited(&gogotypes.BytesValue{Value: []byte("drop users;")})
- if err != nil {
- panic(err)
- }
- copy(data, bz)
- n = len(data)
- }
- c.readOffset += n
-
- if n >= 32 {
- c.readOffset = 0
- c.readStep = 1
- if !c.shareAuthSignature {
- c.readStep = 2
- }
- }
-
- return n, nil
- case 1:
- signature := c.signChallenge()
- if !c.badAuthSignature {
- pkpb, err := cryptoenc.PubKeyToProto(c.privKey.PubKey())
- if err != nil {
- panic(err)
- }
- bz, err := protoio.MarshalDelimited(&tmp2p.AuthSigMessage{PubKey: pkpb, Sig: signature})
- if err != nil {
- panic(err)
- }
- n, err = c.secretConn.Write(bz)
- if err != nil {
- panic(err)
- }
- if c.readOffset > len(c.buffer.Bytes()) {
- return len(data), nil
- }
- copy(data, c.buffer.Bytes()[c.readOffset:])
- } else {
- bz, err := protoio.MarshalDelimited(&gogotypes.BytesValue{Value: []byte("select * from users;")})
- if err != nil {
- panic(err)
- }
- n, err = c.secretConn.Write(bz)
- if err != nil {
- panic(err)
- }
- if c.readOffset > len(c.buffer.Bytes()) {
- return len(data), nil
- }
- copy(data, c.buffer.Bytes())
- }
- c.readOffset += len(data)
- return n, nil
- default:
- return 0, io.EOF
- }
- }
-
- func (c *evilConn) Write(data []byte) (n int, err error) {
- switch c.writeStep {
- case 0:
- var (
- bytes gogotypes.BytesValue
- remEphPub [32]byte
- )
- err := protoio.UnmarshalDelimited(data, &bytes)
- if err != nil {
- panic(err)
- }
- copy(remEphPub[:], bytes.Value)
- c.remEphPub = &remEphPub
- c.writeStep = 1
- if !c.shareAuthSignature {
- c.writeStep = 2
- }
- return len(data), nil
- case 1:
- // Signature is not needed, therefore skipped.
- return len(data), nil
- default:
- return 0, io.EOF
- }
- }
-
- func (c *evilConn) Close() error {
- return nil
- }
-
- func (c *evilConn) signChallenge() []byte {
- // Sort by lexical order.
- loEphPub, hiEphPub := sort32(c.locEphPub, c.remEphPub)
-
- transcript := merlin.NewTranscript("TENDERMINT_SECRET_CONNECTION_TRANSCRIPT_HASH")
-
- transcript.AppendMessage(labelEphemeralLowerPublicKey, loEphPub[:])
- transcript.AppendMessage(labelEphemeralUpperPublicKey, hiEphPub[:])
-
- // Check if the local ephemeral public key was the least, lexicographically
- // sorted.
- locIsLeast := bytes.Equal(c.locEphPub[:], loEphPub[:])
-
- // Compute common diffie hellman secret using X25519.
- dhSecret, err := computeDHSecret(c.remEphPub, c.locEphPriv)
- if err != nil {
- panic(err)
- }
-
- transcript.AppendMessage(labelDHSecret, dhSecret[:])
-
- // Generate the secret used for receiving, sending, challenge via HKDF-SHA2
- // on the transcript state (which itself also uses HKDF-SHA2 to derive a key
- // from the dhSecret).
- recvSecret, sendSecret := deriveSecrets(dhSecret, locIsLeast)
-
- const challengeSize = 32
- var challenge [challengeSize]byte
- challengeSlice := transcript.ExtractBytes(labelSecretConnectionMac, challengeSize)
-
- copy(challenge[:], challengeSlice[0:challengeSize])
-
- sendAead, err := chacha20poly1305.New(sendSecret[:])
- if err != nil {
- panic(errors.New("invalid send SecretConnection Key"))
- }
- recvAead, err := chacha20poly1305.New(recvSecret[:])
- if err != nil {
- panic(errors.New("invalid receive SecretConnection Key"))
- }
-
- b := &buffer{}
- c.secretConn = &SecretConnection{
- conn: b,
- recvBuffer: nil,
- recvNonce: new([aeadNonceSize]byte),
- sendNonce: new([aeadNonceSize]byte),
- recvAead: recvAead,
- sendAead: sendAead,
- }
- c.buffer = b
-
- // Sign the challenge bytes for authentication.
- locSignature, err := signChallenge(&challenge, c.privKey)
- if err != nil {
- panic(err)
- }
-
- return locSignature
- }
-
- // TestMakeSecretConnection creates an evil connection and tests that
- // MakeSecretConnection errors at different stages.
- func TestMakeSecretConnection(t *testing.T) {
- testCases := []struct {
- name string
- conn *evilConn
- errMsg string
- }{
- {"refuse to share ethimeral key", newEvilConn(false, false, false, false), "EOF"},
- {"share bad ethimeral key", newEvilConn(true, true, false, false), "wrong wireType"},
- {"refuse to share auth signature", newEvilConn(true, false, false, false), "EOF"},
- {"share bad auth signature", newEvilConn(true, false, true, true), "failed to decrypt SecretConnection"},
- {"all good", newEvilConn(true, false, true, false), ""},
- }
-
- for _, tc := range testCases {
- tc := tc
- t.Run(tc.name, func(t *testing.T) {
- privKey := ed25519.GenPrivKey()
- _, err := MakeSecretConnection(tc.conn, privKey)
- if tc.errMsg != "" {
- if assert.Error(t, err) {
- assert.Contains(t, err.Error(), tc.errMsg)
- }
- } else {
- assert.NoError(t, err)
- }
- })
- }
- }
|