zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
780 Commits
183 Branches
291 MiB
Tree: d83ee27b6a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd83ee27b6a'
${ noResults }
tendermint/p2p/secret_connection.go

340 lines
8.9 KiB
Raw Normal View History

draft of secret_connection
9 years ago
added sts-final doc
9 years ago
draft of secret_connection
9 years ago
Put a SecretConnection before the MConnection; Node Priv/PubKeys
9 years ago
draft of secret_connection
9 years ago
Put a SecretConnection before the MConnection; Node Priv/PubKeys
9 years ago
draft of secret_connection
9 years ago
Godeps <- golang.org/x/crypto/nacl etc
9 years ago
draft of secret_connection
9 years ago
Parallel syntax change; SecretConnection implements net.Conn
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
Parallel syntax change; SecretConnection implements net.Conn
9 years ago
draft of secret_connection
9 years ago
Added secret_connection benchmark test
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
Added link to doc above MakeSecretConnection
9 years ago
Added secret_connection benchmark test
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
fixed handshake test; wrote broken read/write test
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
fixed handshake test; wrote broken read/write test
9 years ago
draft of secret_connection
9 years ago
Parallel syntax change; SecretConnection implements net.Conn
9 years ago
Added secret_connection benchmark test
9 years ago
draft of secret_connection
9 years ago
Added secret_connection benchmark test
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
failing tests for secret_connection
9 years ago
draft of secret_connection
9 years ago
fixed handshake test; wrote broken read/write test
9 years ago
draft of secret_connection
9 years ago
Parallel syntax change; SecretConnection implements net.Conn
9 years ago
draft of secret_connection
9 years ago
 
  1. // Uses nacl's secret_box to encrypt a net.Conn.

  2. // It is (meant to be) an implementation of the STS protocol.

  3. // See docs/sts-final.pdf for more info

  4. package p2p
  5. 

  6. import (
  7. 	"bytes"
  8. 	crand "crypto/rand"
  9. 	"crypto/sha256"
  10. 	"encoding/binary"
  11. 	"errors"
  12. 	"io"
  13. 	"net"
  14. 	"sync"
  15. 	"time"
  16. 

  17. 	"github.com/tendermint/tendermint/Godeps/_workspace/src/golang.org/x/crypto/nacl/box"
  18. 	"github.com/tendermint/tendermint/Godeps/_workspace/src/golang.org/x/crypto/nacl/secretbox"
  19. 	"github.com/tendermint/tendermint/Godeps/_workspace/src/golang.org/x/crypto/ripemd160"
  20. 

  21. 	acm "github.com/tendermint/tendermint/account"
  22. 	bm "github.com/tendermint/tendermint/binary"
  23. 	. "github.com/tendermint/tendermint/common"
  24. )
  25. 

  26. // 2 + 1024 == 1026 total frame size

  27. const dataLenSize = 2 // uint16 to describe the length, is <= dataMaxSize

  28. const dataMaxSize = 1024
  29. const totalFrameSize = dataMaxSize + dataLenSize
  30. const sealedFrameSize = totalFrameSize + secretbox.Overhead
  31. 

  32. // Implements net.Conn

  33. type SecretConnection struct {
  34. 	conn       io.ReadWriteCloser
  35. 	recvBuffer []byte
  36. 	recvNonce  *[24]byte
  37. 	sendNonce  *[24]byte
  38. 	remPubKey  acm.PubKeyEd25519
  39. 	shrSecret  *[32]byte // shared secret

  40. }
  41. 

  42. // Performs handshake and returns a new authenticated SecretConnection.

  43. // Returns nil if error in handshake.

  44. // Caller should call conn.Close()

  45. // See docs/sts-final.pdf for more information.

  46. func MakeSecretConnection(conn io.ReadWriteCloser, locPrivKey acm.PrivKeyEd25519) (*SecretConnection, error) {
  47. 

  48. 	locPubKey := locPrivKey.PubKey().(acm.PubKeyEd25519)
  49. 

  50. 	// Generate ephemeral keys for perfect forward secrecy.

  51. 	locEphPub, locEphPriv := genEphKeys()
  52. 

  53. 	// Write local ephemeral pubkey and receive one too.

  54. 	remEphPub, err := shareEphPubKey(conn, locEphPub)
  55. 

  56. 	// Compute common shared secret.

  57. 	shrSecret := computeSharedSecret(remEphPub, locEphPriv)
  58. 

  59. 	// Sort by lexical order.

  60. 	loEphPub, hiEphPub := sort32(locEphPub, remEphPub)
  61. 

  62. 	// Generate nonces to use for secretbox.

  63. 	recvNonce, sendNonce := genNonces(loEphPub, hiEphPub, locEphPub == loEphPub)
  64. 

  65. 	// Generate common challenge to sign.

  66. 	challenge := genChallenge(loEphPub, hiEphPub)
  67. 

  68. 	// Construct SecretConnection.

  69. 	sc := &SecretConnection{
  70. 		conn:       conn,
  71. 		recvBuffer: nil,
  72. 		recvNonce:  recvNonce,
  73. 		sendNonce:  sendNonce,
  74. 		remPubKey:  nil,
  75. 		shrSecret:  shrSecret,
  76. 	}
  77. 

  78. 	// Sign the challenge bytes for authentication.

  79. 	locSignature := signChallenge(challenge, locPrivKey)
  80. 

  81. 	// Share (in secret) each other's pubkey & challenge signature

  82. 	remPubKey, remSignature, err := shareAuthSignature(sc, locPubKey, locSignature)
  83. 	if err != nil {
  84. 		return nil, err
  85. 	}
  86. 	if !remPubKey.VerifyBytes(challenge[:], remSignature) {
  87. 		return nil, errors.New("Challenge verification failed")
  88. 	}
  89. 

  90. 	// We've authorized.

  91. 	sc.remPubKey = remPubKey
  92. 	return sc, nil
  93. }
  94. 

  95. // Returns authenticated remote pubkey

  96. func (sc *SecretConnection) RemotePubKey() acm.PubKeyEd25519 {
  97. 	return sc.remPubKey
  98. }
  99. 

  100. // Writes encrypted frames of `sealedFrameSize`

  101. // CONTRACT: data smaller than dataMaxSize is read atomically.

  102. func (sc *SecretConnection) Write(data []byte) (n int, err error) {
  103. 	for 0 < len(data) {
  104. 		var frame []byte = make([]byte, totalFrameSize)
  105. 		var chunk []byte
  106. 		if dataMaxSize < len(data) {
  107. 			chunk = data[:dataMaxSize]
  108. 			data = data[dataMaxSize:]
  109. 		} else {
  110. 			chunk = data
  111. 			data = nil
  112. 		}
  113. 		chunkLength := len(chunk)
  114. 		binary.BigEndian.PutUint16(frame, uint16(chunkLength))
  115. 		copy(frame[dataLenSize:], chunk)
  116. 

  117. 		// encrypt the frame

  118. 		var sealedFrame = make([]byte, sealedFrameSize)
  119. 		secretbox.Seal(sealedFrame[:0], frame, sc.sendNonce, sc.shrSecret)
  120. 		// fmt.Printf("secretbox.Seal(sealed:%X,sendNonce:%X,shrSecret:%X\n", sealedFrame, sc.sendNonce, sc.shrSecret)

  121. 		incr2Nonce(sc.sendNonce)
  122. 		// end encryption

  123. 

  124. 		_, err := sc.conn.Write(sealedFrame)
  125. 		if err != nil {
  126. 			return n, err
  127. 		} else {
  128. 			n += len(chunk)
  129. 		}
  130. 	}
  131. 	return
  132. }
  133. 

  134. // CONTRACT: data smaller than dataMaxSize is read atomically.

  135. func (sc *SecretConnection) Read(data []byte) (n int, err error) {
  136. 	if 0 < len(sc.recvBuffer) {
  137. 		n_ := copy(data, sc.recvBuffer)
  138. 		sc.recvBuffer = sc.recvBuffer[n_:]
  139. 		return
  140. 	}
  141. 

  142. 	sealedFrame := make([]byte, sealedFrameSize)
  143. 	_, err = io.ReadFull(sc.conn, sealedFrame)
  144. 	if err != nil {
  145. 		return
  146. 	}
  147. 

  148. 	// decrypt the frame

  149. 	var frame = make([]byte, totalFrameSize)
  150. 	// fmt.Printf("secretbox.Open(sealed:%X,recvNonce:%X,shrSecret:%X\n", sealedFrame, sc.recvNonce, sc.shrSecret)

  151. 	_, ok := secretbox.Open(frame[:0], sealedFrame, sc.recvNonce, sc.shrSecret)
  152. 	if !ok {
  153. 		return n, errors.New("Failed to decrypt SecretConnection")
  154. 	}
  155. 	incr2Nonce(sc.recvNonce)
  156. 	// end decryption

  157. 

  158. 	var chunkLength = binary.BigEndian.Uint16(frame)
  159. 	var chunk = frame[dataLenSize : dataLenSize+chunkLength]
  160. 

  161. 	n = copy(data, chunk)
  162. 	sc.recvBuffer = chunk[n:]
  163. 	return
  164. }
  165. 

  166. // Implements net.Conn

  167. func (sc *SecretConnection) Close() error                  { return sc.conn.Close() }
  168. func (sc *SecretConnection) LocalAddr() net.Addr           { return sc.conn.(net.Conn).LocalAddr() }
  169. func (sc *SecretConnection) RemoteAddr() net.Addr          { return sc.conn.(net.Conn).RemoteAddr() }
  170. func (sc *SecretConnection) SetDeadline(t time.Time) error { return sc.conn.(net.Conn).SetDeadline(t) }
  171. func (sc *SecretConnection) SetReadDeadline(t time.Time) error {
  172. 	return sc.conn.(net.Conn).SetReadDeadline(t)
  173. }
  174. func (sc *SecretConnection) SetWriteDeadline(t time.Time) error {
  175. 	return sc.conn.(net.Conn).SetWriteDeadline(t)
  176. }
  177. 

  178. func genEphKeys() (ephPub, ephPriv *[32]byte) {
  179. 	var err error
  180. 	ephPub, ephPriv, err = box.GenerateKey(crand.Reader)
  181. 	if err != nil {
  182. 		panic("Could not generate ephemeral keypairs")
  183. 	}
  184. 	return
  185. }
  186. 

  187. func shareEphPubKey(conn io.ReadWriteCloser, locEphPub *[32]byte) (remEphPub *[32]byte, err error) {
  188. 	var err1, err2 error
  189. 	var wg sync.WaitGroup
  190. 	wg.Add(2)
  191. 

  192. 	go func() {
  193. 		defer wg.Done()
  194. 		_, err1 = conn.Write(locEphPub[:])
  195. 	}()
  196. 

  197. 	go func() {
  198. 		defer wg.Done()
  199. 		remEphPub = new([32]byte)
  200. 		_, err2 = io.ReadFull(conn, remEphPub[:])
  201. 	}()
  202. 

  203. 	wg.Wait()
  204. 	if err1 != nil {
  205. 		return nil, err1
  206. 	}
  207. 	if err2 != nil {
  208. 		return nil, err2
  209. 	}
  210. 

  211. 	return remEphPub, nil
  212. }
  213. 

  214. func computeSharedSecret(remPubKey, locPrivKey *[32]byte) (shrSecret *[32]byte) {
  215. 	shrSecret = new([32]byte)
  216. 	box.Precompute(shrSecret, remPubKey, locPrivKey)
  217. 	return
  218. }
  219. 

  220. func sort32(foo, bar *[32]byte) (lo, hi *[32]byte) {
  221. 	if bytes.Compare(foo[:], bar[:]) < 0 {
  222. 		lo = foo
  223. 		hi = bar
  224. 	} else {
  225. 		lo = bar
  226. 		hi = foo
  227. 	}
  228. 	return
  229. }
  230. 

  231. func genNonces(loPubKey, hiPubKey *[32]byte, locIsLo bool) (recvNonce, sendNonce *[24]byte) {
  232. 	nonce1 := hash24(append(loPubKey[:], hiPubKey[:]...))
  233. 	nonce2 := new([24]byte)
  234. 	copy(nonce2[:], nonce1[:])
  235. 	nonce2[len(nonce2)-1] ^= 0x01
  236. 	if locIsLo {
  237. 		recvNonce = nonce1
  238. 		sendNonce = nonce2
  239. 	} else {
  240. 		recvNonce = nonce2
  241. 		sendNonce = nonce1
  242. 	}
  243. 	return
  244. }
  245. 

  246. func genChallenge(loPubKey, hiPubKey *[32]byte) (challenge *[32]byte) {
  247. 	return hash32(append(loPubKey[:], hiPubKey[:]...))
  248. }
  249. 

  250. func signChallenge(challenge *[32]byte, locPrivKey acm.PrivKeyEd25519) (signature acm.SignatureEd25519) {
  251. 	signature = locPrivKey.Sign(challenge[:]).(acm.SignatureEd25519)
  252. 	return
  253. }
  254. 

  255. type authSigMessage struct {
  256. 	Key acm.PubKeyEd25519
  257. 	Sig acm.SignatureEd25519
  258. }
  259. 

  260. func shareAuthSignature(sc *SecretConnection, pubKey acm.PubKeyEd25519, signature acm.SignatureEd25519) (acm.PubKeyEd25519, acm.SignatureEd25519, error) {
  261. 	var recvMsg authSigMessage
  262. 	var err1, err2 error
  263. 

  264. 	Parallel(
  265. 		func() {
  266. 			msgBytes := bm.BinaryBytes(authSigMessage{pubKey, signature})
  267. 			_, err1 = sc.Write(msgBytes)
  268. 		},
  269. 		func() {
  270. 			// NOTE relies on atomicity of small data.

  271. 			readBuffer := make([]byte, dataMaxSize)
  272. 			_, err2 = sc.Read(readBuffer)
  273. 			if err2 != nil {
  274. 				return
  275. 			}
  276. 			n := int64(0) // not used.

  277. 			recvMsg = bm.ReadBinary(authSigMessage{}, bytes.NewBuffer(readBuffer), &n, &err2).(authSigMessage)
  278. 		})
  279. 

  280. 	if err1 != nil {
  281. 		return nil, nil, err1
  282. 	}
  283. 	if err2 != nil {
  284. 		return nil, nil, err2
  285. 	}
  286. 

  287. 	return recvMsg.Key, recvMsg.Sig, nil
  288. }
  289. 

  290. func verifyChallengeSignature(challenge *[32]byte, remPubKey acm.PubKeyEd25519, remSignature acm.SignatureEd25519) bool {
  291. 	return remPubKey.VerifyBytes(challenge[:], remSignature)
  292. }
  293. 

  294. //--------------------------------------------------------------------------------

  295. 

  296. // sha256

  297. func hash32(input []byte) (res *[32]byte) {
  298. 	hasher := sha256.New()
  299. 	hasher.Write(input) // does not error

  300. 	resSlice := hasher.Sum(nil)
  301. 	res = new([32]byte)
  302. 	copy(res[:], resSlice)
  303. 	return
  304. }
  305. 

  306. // We only fill in the first 20 bytes with ripemd160

  307. func hash24(input []byte) (res *[24]byte) {
  308. 	hasher := ripemd160.New()
  309. 	hasher.Write(input) // does not error

  310. 	resSlice := hasher.Sum(nil)
  311. 	res = new([24]byte)
  312. 	copy(res[:], resSlice)
  313. 	return
  314. }
  315. 

  316. // ripemd160

  317. func hash20(input []byte) (res *[20]byte) {
  318. 	hasher := ripemd160.New()
  319. 	hasher.Write(input) // does not error

  320. 	resSlice := hasher.Sum(nil)
  321. 	res = new([20]byte)
  322. 	copy(res[:], resSlice)
  323. 	return
  324. }
  325. 

  326. // increment nonce big-endian by 2 with wraparound.

  327. func incr2Nonce(nonce *[24]byte) {
  328. 	incrNonce(nonce)
  329. 	incrNonce(nonce)
  330. }
  331. 

  332. // increment nonce big-endian by 1 with wraparound.

  333. func incrNonce(nonce *[24]byte) {
  334. 	for i := 23; 0 <= i; i-- {
  335. 		nonce[i] += 1
  336. 		if nonce[i] != 0 {
  337. 			return
  338. 		}
  339. 	}
  340. }