aboutsummaryrefslogtreecommitdiff
path: root/shard/lib/net
diff options
context:
space:
mode:
Diffstat (limited to 'shard/lib/net')
-rw-r--r--shard/lib/net/chan.ex_ (renamed from shard/lib/net/chan.ex)0
-rw-r--r--shard/lib/net/tcpconn.ex211
-rw-r--r--shard/lib/net/tcpserver.ex3
3 files changed, 167 insertions, 47 deletions
diff --git a/shard/lib/net/chan.ex b/shard/lib/net/chan.ex_
index 5aba960..5aba960 100644
--- a/shard/lib/net/chan.ex
+++ b/shard/lib/net/chan.ex_
diff --git a/shard/lib/net/tcpconn.ex b/shard/lib/net/tcpconn.ex
index 543341a..35bf9d1 100644
--- a/shard/lib/net/tcpconn.ex
+++ b/shard/lib/net/tcpconn.ex
@@ -1,7 +1,15 @@
defmodule SNet.TCPConn do
+ @moduledoc"""
+ Secret handshake as described in this document:
+ https://ssbc.github.io/scuttlebutt-protocol-guide/#peer-connections
+
+ Does not implement the stream protocol, we don't hide the length of packets.
+ (TODO ^)
+ """
+
+
use GenServer, restart: :temporary
- require Salty.Box.Curve25519xchacha20poly1305, as: Box
- require Salty.Sign.Ed25519, as: Sign
+
require Logger
def start_link(state) do
@@ -9,60 +17,166 @@ defmodule SNet.TCPConn do
end
def init(state) do
- GenServer.cast(self(), :handshake)
- {:ok, state}
- end
+ if state.is_client do
+ GenServer.cast(self(), :client_handshake)
+ else
+ GenServer.cast(self(), :server_handshake)
+ end
- def handle_call(:get_host_str, _from, state) do
- {:reply, "#{state.his_pkey|>Base.encode16|>String.downcase}@#{to_string(:inet_parse.ntoa(state.addr))}:#{state.port}", state}
+ {:ok, {addr, port}} = :inet.peername state.socket
+ {:ok, %{state | addr: addr, port: port}}
end
- def handle_cast(:handshake, state) do
- socket = state.socket
- {srv_pkey, srv_skey} = Shard.Keys.get_peer_keypair
- {:ok, sess_pkey, sess_skey} = Box.keypair
- {:ok, challenge} = Salty.Random.buf 32
+ def handle_call(:get_peer_info, _from, state) do
+ {:reply, {:tcp4, state.addr, state.port}, state}
+ end
- # Exchange public keys and challenge
- hello = {srv_pkey, sess_pkey, challenge, state.my_port}
- :gen_tcp.send(socket, :erlang.term_to_binary hello)
- {:ok, pkt} = :gen_tcp.recv(socket, 0)
- {cli_pkey, cli_sess_pkey, cli_challenge, his_port} = :erlang.binary_to_term(pkt, [:safe])
- # Do challenge and check their challenge
- {:ok, cli_challenge_sign} = Sign.sign_detached(cli_challenge, srv_skey)
- pkt = encode_pkt(cli_challenge_sign, cli_sess_pkey, sess_skey)
- :gen_tcp.send(socket, pkt)
+ def handle_cast(:client_handshake, state) do
+ socket = state.socket
- {:ok, pkt} = :gen_tcp.recv(socket, 0)
- challenge_sign = decode_pkt(pkt, cli_sess_pkey, sess_skey)
- :ok = Sign.verify_detached(challenge_sign, challenge, cli_pkey)
+ net_key = Application.get_env(:shard, :network_key)
+ {:ok, cli_eph_pk, cli_eph_sk} = :enacl.box_keypair
+
+ [srv_longterm_pk] = state.his_auth
+ cli_longterm_pk = state.my_auth
+ cli_longterm_sk = Keys.get_sk cli_longterm_pk
+
+ # 1. Client hello
+ {:ok, cli_hello_hmac} = :enacl.auth(cli_eph_pk, net_key)
+ cli_hello = cli_hello_hmac <> cli_eph_pk
+ :gen_tcp.send(socket, cli_hello)
+
+ # 2. Server hello
+ {:ok, srv_hello} = :gen_tcp.recv(socket, 0)
+ 64 = byte_size srv_hello
+ srv_hmac = :binary.part srv_hello, 0, 32
+ srv_eph_pk = :binary.part srv_hello, 32, 32
+ true = :enacl.auth_verify(srv_hmac, srv_eph_pk, net_key)
+
+ # Shared secret derivation
+ sh_sec_ab = :enacl.curve25519_scalarmult(cli_eph_sk, srv_eph_pk)
+ sh_sec_aB = :enacl.curve25519_scalarmult(cli_eph_sk, :enacl.crypto_sign_ed25519_public_to_curve25519(srv_longterm_pk))
+
+ # 3. Client authenticate
+ msg1 = net_key <> srv_longterm_pk <> :crypto.hash(:sha256, sh_sec_ab)
+ det_sign_A = :enacl.sign_detached(msg1, cli_longterm_sk)
+ key3 = :crypto.hash(:sha256, net_key <> sh_sec_ab <> sh_sec_aB)
+ cli_auth = :crypto.secretbox(det_sign_A <> cli_longterm_pk, <<0 :: 24*8>>, key3)
+ :gen_tcp.send(socket, cli_auth)
+
+ # Shared secret derivation, again
+ sh_sec_Ab = :enacl.curve25519_scalarmult(:enacl.crypto_sign_ed25519_secret_to_curve25519(cli_longterm_sk), srv_eph_pk)
+
+ # 4. Server accept
+ {:ok, srv_accept} = :gen_tcp.recv(socket, 0)
+ key4 = :crypto.hash(:sha256, net_key <> sh_sec_ab <> sh_sec_aB <> sh_sec_Ab)
+ {:ok, det_sign_B} = :enacl.secretbox_open(srv_accept, <<0 :: 24*8>>, key4)
+ true = :enacl.sign_verify_detached(det_sign_B, net_key <> det_sign_A <> cli_longterm_pk <> :crypto.sha256(sh_sec_ab), srv_longterm_pk)
+
+ # Derive secrets and initial nonces for stream communication
+ secret_common = :crypto.hash(:sha256, :crypto.hash(:sha256, net_key <> sh_sec_ab <> sh_sec_aB <> sh_sec_Ab))
+ secret_cli2srv = :crypto.hash(:sha256, secret_common <> srv_longterm_pk)
+ secret_srv2cli = :crypto.hash(:sha256, secret_common <> cli_longterm_pk)
+ {:ok, hmac1} = :enacl.auth(srv_eph_pk, net_key)
+ nonce_cli2srv = :binary.part(hmac1, 0, 24)
+ {:ok, hmac2} = :enacl.auth(cli_eph_pk, net_key)
+ nonce_srv2cli = :binary.part(hmac2, 0, 24)
+
+ # Set up the rest
+ :inet.setopts(socket, [active: true])
+ {:ok, {addr, port}} = :inet.peername socket
+ state = %{
+ socket: socket,
+ my_pk: cli_longterm_pk,
+ his_pk: srv_longterm_pk,
+ secret_send: secret_cli2srv,
+ secret_recv: secret_srv2cli,
+ nonce_send: nonce_cli2srv,
+ nonce_recv: nonce_srv2cli,
+ addr: addr,
+ port: port,
+ # his_port: his_port
+ }
+
+ GenServer.cast(Shard.Manager, {:peer_up, state.his_pk, self(), addr, port})
+ Logger.info "New peer: #{print_id state} at #{inspect addr}:#{port}"
- expected_suffix = Application.get_env(:shard, :peer_id_suffix)
- len = byte_size(expected_suffix)
- ^len = :binary.longest_common_suffix([cli_pkey, expected_suffix])
+ {:noreply, state}
+ end
- if srv_pkey == cli_pkey do
- exit :normal
- end
+ def handle_cast(:server_handshake, state) do
+ socket = state.socket
- # Connected
+ net_key = Application.get_env(:shard, :network_key)
+ {:ok, srv_eph_pk, srv_eph_sk} = :enacl.box_keypair
+
+ srv_longterm_pk = state.my_auth
+ srv_longterm_sk = Keys.get_sk srv_longterm_pk
+
+ # 1. Client hello
+ {:ok, cli_hello} = :gen_tcp.recv(socket, 0)
+ 64 = byte_size cli_hello
+ cli_hmac = :binary.part cli_hello, 0, 32
+ cli_eph_pk = :binary.part cli_hello, 32, 32
+ true = :enacl.auth_verify(cli_hmac, cli_eph_pk, net_key)
+
+ # 2. Server hello
+ {:ok, srv_hello_hmac} = :enacl.auth(srv_eph_pk, net_key)
+ srv_hello = srv_hello_hmac <> srv_eph_pk
+ :gen_tcp.send(socket, srv_hello)
+
+ # Shared secret derivation
+ sh_sec_ab = :enacl.curve25519_scalarmult(srv_eph_sk, cli_eph_pk)
+ sh_sec_aB = :enacl.curve25519_scalarmult(:enacl.crypto_sign_ed25519_secret_to_curve25519(srv_longterm_sk), cli_eph_pk)
+
+ # 3. Client authenticate
+ {:ok, cli_auth} = :gen_tcp.recv(socket, 0)
+ key3 = :crypto.hash(:sha256, net_key <> sh_sec_ab <> sh_sec_aB)
+ {:ok, cli_auth_plain} = :enacl.secretbox_open(cli_auth, <<0 :: 24*8>>, key3)
+ 96 = byte_size cli_auth_plain
+ det_sign_A = :binary.part(cli_auth_plain, 0, 64)
+ cli_longterm_pk = :binary.part(cli_auth_plain, 64, 32)
+ true = :enacl.sign_verify_deteached(det_sign_A, net_key <> srv_longterm_pk <> :crypto.hash(:sha256, sh_sec_ab), cli_longterm_pk)
+
+ # Shared secret derivation
+ sh_sec_Ab = :enacl.curve25519_scalarmult(srv_eph_sk, :enacl.crypto_sign_ed25519_public_to_curve25519(cli_longterm_pk))
+
+ # TODO: here we can stop if we don't like the client's longterm pk
+
+ # 4. Server accept
+ det_sign_B = :enacl.sign_detached(net_key <> det_sign_A <> cli_longterm_pk <> :crypto.hash(:sha256, sh_sec_ab), srv_longterm_sk)
+ key4 = :crypto.hash(:sha256, net_key <> sh_sec_ab <> sh_sec_aB <> sh_sec_Ab)
+ msg4 = :enacl.secretbox(det_sign_B, <<0 :: 24*8>>, key4)
+ :gen_tcp.send(socket, msg4)
+
+ # Derive secrets and initial nonces for stream communication
+ secret_common = :crypto.hash(:sha256, :crypto.hash(:sha256, net_key <> sh_sec_ab <> sh_sec_aB <> sh_sec_Ab))
+ secret_cli2srv = :crypto.hash(:sha256, secret_common <> srv_longterm_pk)
+ secret_srv2cli = :crypto.hash(:sha256, secret_common <> cli_longterm_pk)
+ {:ok, hmac1} = :enacl.auth(srv_eph_pk, net_key)
+ nonce_cli2srv = :binary.part(hmac1, 0, 24)
+ {:ok, hmac2} = :enacl.auth(cli_eph_pk, net_key)
+ nonce_srv2cli = :binary.part(hmac2, 0, 24)
+
+ # Set up the rest
:inet.setopts(socket, [active: true])
-
{:ok, {addr, port}} = :inet.peername socket
- state =%{ socket: socket,
- my_pkey: srv_pkey,
- my_skey: srv_skey,
- his_pkey: cli_pkey,
- conn_my_pkey: sess_pkey,
- conn_my_skey: sess_skey,
- conn_his_pkey: cli_sess_pkey,
- addr: addr,
- port: port,
- his_port: his_port
- }
- GenServer.cast(Shard.Manager, {:peer_up, cli_pkey, self(), addr, his_port})
+ state = %{
+ socket: socket,
+ my_pk: cli_longterm_pk,
+ his_pk: srv_longterm_pk,
+ secret_send: secret_srv2cli,
+ secret_recv: secret_cli2srv,
+ nonce_send: nonce_srv2cli,
+ nonce_recv: nonce_cli2srv,
+ addr: addr,
+ port: port,
+ # his_port: his_port
+ }
+
+ GenServer.cast(Shard.Manager, {:peer_up, state.his_pk, self(), addr, port})
Logger.info "New peer: #{print_id state} at #{inspect addr}:#{port}"
{:noreply, state}
@@ -75,6 +189,11 @@ defmodule SNet.TCPConn do
{:noreply, state}
end
+ defp next_nonce(nonce) do
+ i = :crypto.bytes_to_integer(nonce)
+ <<i+1 :: 24*8>>
+ end
+
defp encode_pkt(pkt, pk, sk) do
{:ok, n} = Salty.Random.buf Box.noncebytes
{:ok, msg} = Box.easy(pkt, n, pk, sk)
@@ -91,7 +210,7 @@ defmodule SNet.TCPConn do
def handle_info({:tcp, _socket, raw_data}, state) do
msg = decode_pkt(raw_data, state.conn_his_pkey, state.conn_my_skey)
msg_data = :erlang.binary_to_term(msg, [:safe])
- Shard.Manager.dispatch(state.his_pkey, msg_data)
+ Shard.Manager.incoming(state.his_pkey, msg_data)
{:noreply, state}
end
@@ -102,7 +221,7 @@ defmodule SNet.TCPConn do
end
defp print_id(state) do
- state.his_pkey
+ state.his_pk
|> binary_part(0, 8)
|> Base.encode16
|> String.downcase
diff --git a/shard/lib/net/tcpserver.ex b/shard/lib/net/tcpserver.ex
index 46552a4..1aa5738 100644
--- a/shard/lib/net/tcpserver.ex
+++ b/shard/lib/net/tcpserver.ex
@@ -18,7 +18,8 @@ defmodule SNet.TCPServer do
defp loop_acceptor(socket, my_port) do
{:ok, client} = :gen_tcp.accept(socket)
- {:ok, pid} = DynamicSupervisor.start_child(Shard.DynamicSupervisor, {SNet.TCPConn, %{socket: client, my_port: my_port}})
+ {:ok, pid} = DynamicSupervisor.start_child(Shard.DynamicSupervisor,
+ {SNet.TCPConn, %{socket: client, my_port: my_port, is_client: false}})
:ok = :gen_tcp.controlling_process(client, pid)
loop_acceptor(socket, my_port)
end