Browse Source

Brand new API v0.2

new_api-fix_app
Sarah Jamie Lewis 5 years ago
parent
commit
5d767174b1
  1. 2
      .travis.yml
  2. 15
      Godeps/Godeps.json
  3. 5
      Godeps/Readme
  4. 10
      LICENSE
  5. 2
      README.md
  6. 36
      application/application.go
  7. 57
      authhandler.go
  8. 32
      authhandler_test.go
  9. 34
      channels/channel.go
  10. 146
      channels/chatchannel.go
  11. 124
      channels/chatchannel_test.go
  12. 148
      channels/contactrequestchannel.go
  13. 226
      channels/contactrequestchannel_test.go
  14. 51
      channels/handler.go
  15. 253
      channels/hiddenserviceauthchannel.go
  16. 163
      channels/hiddenserviceauthchannel_test.go
  17. 94
      connection/autoconnectionhandler.go
  18. 36
      connection/autoconnectionhandler_test.go
  19. 114
      connection/channelmanager.go
  20. 62
      connection/channelmanager_test.go
  21. 321
      connection/connection.go
  22. 88
      connection/connection_test.go
  23. 28
      connection/handler.go
  24. 61
      connection/inboundconnectionhandler.go
  25. 62
      connection/outboundconnectionhandler.go
  26. 98
      examples/echobot/main.go
  27. 51
      handlers.go
  28. BIN
      logo.png
  29. 39
      messagebuilder_test.go
  30. 534
      openconnection.go
  31. 7
      openconnection_test.go
  32. 32
      policies/timeoutpolicy.go
  33. 30
      policies/timeoutpolicy_test.go
  34. 183
      ricochet.go
  35. 70
      ricochet_test.go
  36. 210
      standardricochetservice.go
  37. 120
      standardricochetservice_bad_usage_error_test.go
  38. 129
      standardricochetservice_test.go
  39. 78
      standardricochetservice_unauth_test.go
  40. 73
      standardricochetservice_unknown_contact_test.go
  41. 15
      testing/private_key
  42. 15
      testing/private_key_auth_fail_test
  43. 3
      testing/tests.sh
  44. 25
      utils/crypto.go
  45. 27
      utils/error.go
  46. 135
      utils/messagebuilder.go
  47. 74
      utils/messagebuilder_test.go
  48. 2
      utils/networkresolver.go
  49. 3
      vendor/github.com/golang/protobuf/AUTHORS
  50. 3
      vendor/github.com/golang/protobuf/CONTRIBUTORS
  51. 31
      vendor/github.com/golang/protobuf/LICENSE
  52. 43
      vendor/github.com/golang/protobuf/proto/Makefile
  53. 229
      vendor/github.com/golang/protobuf/proto/clone.go
  54. 970
      vendor/github.com/golang/protobuf/proto/decode.go
  55. 1362
      vendor/github.com/golang/protobuf/proto/encode.go
  56. 300
      vendor/github.com/golang/protobuf/proto/equal.go
  57. 587
      vendor/github.com/golang/protobuf/proto/extensions.go
  58. 898
      vendor/github.com/golang/protobuf/proto/lib.go
  59. 311
      vendor/github.com/golang/protobuf/proto/message_set.go
  60. 484
      vendor/github.com/golang/protobuf/proto/pointer_reflect.go
  61. 270
      vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
  62. 872
      vendor/github.com/golang/protobuf/proto/properties.go
  63. 854
      vendor/github.com/golang/protobuf/proto/text.go
  64. 895
      vendor/github.com/golang/protobuf/proto/text_parser.go
  65. 3
      vendor/golang.org/x/net/AUTHORS
  66. 3
      vendor/golang.org/x/net/CONTRIBUTORS
  67. 27
      vendor/golang.org/x/net/LICENSE
  68. 22
      vendor/golang.org/x/net/PATENTS
  69. 18
      vendor/golang.org/x/net/proxy/direct.go
  70. 140
      vendor/golang.org/x/net/proxy/per_host.go
  71. 94
      vendor/golang.org/x/net/proxy/proxy.go
  72. 210
      vendor/golang.org/x/net/proxy/socks5.go
  73. 2
      wire/auth/auth_message.go
  74. 0
      wire/chat/chat.go
  75. 2
      wire/contact/request.go
  76. 0
      wire/control/control_message.go

2
.travis.yml

@ -16,6 +16,6 @@ install:
script:
- cd $TRAVIS_BUILD_DIR && ./tests.sh
- cd $TRAVIS_BUILD_DIR && ./testing/tests.sh
- test -z "$GOFMT"
- goveralls -coverprofile=./coverage.out -service travis-ci

15
Godeps/Godeps.json

@ -0,0 +1,15 @@
{
"ImportPath": "github.com/s-rah/go-ricochet",
"GoVersion": "go1.7",
"GodepVersion": "v79",
"Deps": [
{
"ImportPath": "github.com/golang/protobuf/proto",
"Rev": "8ee79997227bf9b34611aee7946ae64735e6fd93"
},
{
"ImportPath": "golang.org/x/net/proxy",
"Rev": "60c41d1de8da134c05b7b40154a9a82bf5b7edb9"
}
]
}

5
Godeps/Readme

@ -0,0 +1,5 @@
This directory tree is generated automatically by godep.
Please do not edit.
See https://github.com/tools/godep for more information.

10
LICENSE

@ -25,8 +25,8 @@ SOFTWARE.
--------------------------------------------------------------------------------
Autogenerated protobuf code was generated using the proto file from Ricochet.
They are covered under the following license.
Autogenerated protobuf code was generated using the proto file from Ricochet.
They are covered under the following license.
Ricochet - https://ricochet.im/
Copyright (C) 2014, John Brooks <john.brooks@dereferenced.net>
@ -61,10 +61,4 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------
The go-ricochet logo is based on an image by Olga Shalakhina
<osshalakhina@gmail.com> who in turn modified the original gopher images made by
Renee French. The image is licensed under Creative Commons 3.0 Attributions.
--------------------------------------------------------------------------------
go-ricochet is not affiliated with or endorsed by Ricochet.im or the Tor Project.

2
README.md

@ -1,7 +1,5 @@
# GoRicochet [![Build Status](https://travis-ci.org/s-rah/go-ricochet.svg?branch=master)](https://travis-ci.org/s-rah/go-ricochet) [![Go Report Card](https://goreportcard.com/badge/github.com/s-rah/go-ricochet)](https://goreportcard.com/report/github.com/s-rah/go-ricochet) [![Coverage Status](https://coveralls.io/repos/github/s-rah/go-ricochet/badge.svg?branch=master)](https://coveralls.io/github/s-rah/go-ricochet?branch=master)
![GoRicochet](logo.png)
GoRicochet is an experimental implementation of the [Ricochet Protocol](https://ricochet.im)
in Go.

36
application/application.go

@ -0,0 +1,36 @@
package application
import (
"errors"
"github.com/s-rah/go-ricochet/channels"
"github.com/s-rah/go-ricochet/connection"
)
// RicochetApplication bundles many useful constructs that are
// likely standard in a ricochet application
type RicochetApplication struct {
connection *Connection
}
// NewRicochetApplication ...
func NewRicochetApplication(connection *Connection) *RicochetApplication {
ra := new(RicochetApplication)
ra.connection = connection
return ra
}
// SendMessage ...
func (ra *RicochetApplication) SendChatMessage(message []string) error {
return ra.connection.Do(func() error {
channel := ra.connection.Channel("im.ricochet.chat", channels.Outbound)
if channel != nil {
chatchannel, ok := (*channel.Handler).(*channels.ChatChannel)
if ok {
chatchannel.SendMessage(message)
}
} else {
return errors.New("")
}
return nil
})
}

57
authhandler.go

@ -1,57 +0,0 @@
package goricochet
import (
"crypto/hmac"
"crypto/rand"
"crypto/sha256"
"io"
)
// AuthenticationHandler manages the state required for the AuthHiddenService
// authentication scheme for ricochet.
type AuthenticationHandler struct {
clientCookie [16]byte
serverCookie [16]byte
}
// AddClientCookie adds a client cookie to the state.
func (ah *AuthenticationHandler) AddClientCookie(cookie []byte) {
copy(ah.clientCookie[:], cookie[:16])
}
// AddServerCookie adds a server cookie to the state.
func (ah *AuthenticationHandler) AddServerCookie(cookie []byte) {
copy(ah.serverCookie[:], cookie[:16])
}
// GenRandom generates a random 16byte cookie string.
func (ah *AuthenticationHandler) GenRandom() [16]byte {
var cookie [16]byte
io.ReadFull(rand.Reader, cookie[:])
return cookie
}
// GenClientCookie generates and adds a client cookie to the state.
func (ah *AuthenticationHandler) GenClientCookie() [16]byte {
ah.clientCookie = ah.GenRandom()
return ah.clientCookie
}
// GenServerCookie generates and adds a server cookie to the state.
func (ah *AuthenticationHandler) GenServerCookie() [16]byte {
ah.serverCookie = ah.GenRandom()
return ah.serverCookie
}
// GenChallenge constructs the challenge parameter for the AuthHiddenService session.
// The challenge is the a Sha256HMAC(clientHostname+serverHostname, key=clientCookie+serverCookie)
func (ah *AuthenticationHandler) GenChallenge(clientHostname string, serverHostname string) []byte {
key := make([]byte, 32)
copy(key[0:16], ah.clientCookie[:])
copy(key[16:], ah.serverCookie[:])
value := []byte(clientHostname + serverHostname)
mac := hmac.New(sha256.New, key)
mac.Write(value)
hmac := mac.Sum(nil)
return hmac
}

32
authhandler_test.go

@ -1,32 +0,0 @@
package goricochet
import "testing"
import "bytes"
func TestGenChallenge(t *testing.T) {
authHandler := new(AuthenticationHandler)
authHandler.AddClientCookie([]byte("abcdefghijklmnop"))
authHandler.AddServerCookie([]byte("qrstuvwxyz012345"))
challenge := authHandler.GenChallenge("test.onion", "notareal.onion")
expectedChallenge := []byte{0xf5, 0xdb, 0xfd, 0xf0, 0x3d, 0x94, 0x14, 0xf1, 0x4b, 0x37, 0x93, 0xe2, 0xa5, 0x11, 0x4a, 0x98, 0x31, 0x90, 0xea, 0xb8, 0x95, 0x7a, 0x2e, 0xaa, 0xd0, 0xd2, 0x0c, 0x74, 0x95, 0xba, 0xab, 0x73}
t.Log(challenge, expectedChallenge)
if bytes.Compare(challenge[:], expectedChallenge[:]) != 0 {
t.Errorf("AuthenticationHandler Challenge Is Invalid, Got %x, Expected %x", challenge, expectedChallenge)
}
}
func TestGenClientCookie(t *testing.T) {
authHandler := new(AuthenticationHandler)
clientCookie := authHandler.GenClientCookie()
if clientCookie != authHandler.clientCookie {
t.Errorf("AuthenticationHandler Client Cookies are Different %x %x", clientCookie, authHandler.clientCookie)
}
}
func TestGenServerCookie(t *testing.T) {
authHandler := new(AuthenticationHandler)
serverCookie := authHandler.GenServerCookie()
if serverCookie != authHandler.serverCookie {
t.Errorf("AuthenticationHandler Server Cookies are Different %x %x", serverCookie, authHandler.serverCookie)
}
}

34
channels/channel.go

@ -0,0 +1,34 @@
package channels
// Direction indicated whether we or the remote peer opened the channel
type Direction int
const (
// Inbound indcates the channel was opened by the remote peer
Inbound Direction = iota
// Outbound indicated the channel was opened by us
Outbound
)
// AuthChannelResult captures the result of an authentication flow
type AuthChannelResult struct {
Accepted bool
IsKnownContact bool
}
// Channel holds the state of a channel on an open connection
type Channel struct {
ID int32
Type string
Direction Direction
Handler *Handler
Pending bool
ServerHostname string
ClientHostname string
// Functions for updating the underlying Connection
SendMessage func([]byte)
CloseChannel func()
DelegateAuthorization func()
}

146
channels/chatchannel.go

@ -0,0 +1,146 @@
package channels
import (
"crypto/rand"
"github.com/golang/protobuf/proto"
"github.com/s-rah/go-ricochet/utils"
"github.com/s-rah/go-ricochet/wire/chat"
"github.com/s-rah/go-ricochet/wire/control"
"math"
"math/big"
"time"
)
// ChatChannel implements the ChannelHandler interface for a channel of
// type "im.ricochet.chat". The channel may be inbound or outbound.
//
// ChatChannel implements protocol-level sanity and state validation, but
// does not handle or acknowledge chat messages. The application must provide
// a ChatChannelHandler implementation to handle chat events.
type ChatChannel struct {
// Methods of Handler are called for chat events on this channel
Handler ChatChannelHandler
channel *Channel
lastMessageID uint32
}
// ChatChannelHandler is implemented by an application type to receive
// events from a ChatChannel.
//
// Note that ChatChannelHandler is composable with other interfaces, including
// ConnectionHandler; there is no need to use a distinct type as a
// ChatChannelHandler.
type ChatChannelHandler interface {
// ChatMessage is called when a chat message is received. Return true to acknowledge
// the message successfully, and false to NACK and refuse the message.
ChatMessage(messageID uint32, when time.Time, message string) bool
// ChatMessageAck is called when an acknowledgement of a sent message is received.
ChatMessageAck(messageID uint32)
}
// SendMessage sends a given message using this channe
func (cc *ChatChannel) SendMessage(message string) {
messageBuilder := new(utils.MessageBuilder)
//TODO Implement Chat Number
data := messageBuilder.ChatMessage(message, cc.lastMessageID)
cc.lastMessageID++
cc.channel.SendMessage(data)
}
// Acknowledge indicates the given messageID was received
func (cc *ChatChannel) Acknowledge(messageID uint32) {
messageBuilder := new(utils.MessageBuilder)
cc.channel.SendMessage(messageBuilder.AckChatMessage(messageID))
}
// Type returns the type string for this channel, e.g. "im.ricochet.chat".
func (cc *ChatChannel) Type() string {
return "im.ricochet.chat"
}
// Closed is called when the channel is closed for any reason.
func (cc *ChatChannel) Closed(err error) {
}
// OnlyClientCanOpen - for chat channels any side can open
func (cc *ChatChannel) OnlyClientCanOpen() bool {
return false
}
// Singleton - for chat channels there can only be one instance per direction
func (cc *ChatChannel) Singleton() bool {
return true
}
// Bidirectional - for chat channels are not bidrectional
func (cc *ChatChannel) Bidirectional() bool {
return false
}
// RequiresAuthentication - chat channels require hidden service auth
func (cc *ChatChannel) RequiresAuthentication() string {
return "im.ricochet.auth.hidden-service"
}
// OpenInbound is the first method called for an inbound channel request.
// If an error is returned, the channel is rejected. If a RawMessage is
// returned, it will be sent as the ChannelResult message.
func (cc *ChatChannel) OpenInbound(channel *Channel, raw *Protocol_Data_Control.OpenChannel) ([]byte, error) {
cc.channel = channel
id, err := rand.Int(rand.Reader, big.NewInt(math.MaxUint32))
if err != nil {
return nil, err
}
cc.lastMessageID = uint32(id.Uint64())
cc.channel.Pending = false
messageBuilder := new(utils.MessageBuilder)
return messageBuilder.AckOpenChannel(channel.ID), nil
}
// OpenOutbound is the first method called for an outbound channel request.
// If an error is returned, the channel is not opened. If a RawMessage is
// returned, it will be sent as the OpenChannel message.
func (cc *ChatChannel) OpenOutbound(channel *Channel) ([]byte, error) {
cc.channel = channel
id, err := rand.Int(rand.Reader, big.NewInt(math.MaxUint32))
if err != nil {
return nil, err
}
cc.lastMessageID = uint32(id.Uint64())
messageBuilder := new(utils.MessageBuilder)
return messageBuilder.OpenChannel(channel.ID, cc.Type()), nil
}
// OpenOutboundResult is called when a response is received for an
// outbound OpenChannel request. If `err` is non-nil, the channel was
// rejected and Closed will be called immediately afterwards. `raw`
// contains the raw protocol message including any extension data.
func (cc *ChatChannel) OpenOutboundResult(err error, crm *Protocol_Data_Control.ChannelResult) {
if err == nil {
if crm.GetOpened() {
cc.channel.Pending = false
}
}
}
// Packet is called for each raw packet received on this channel.
func (cc *ChatChannel) Packet(data []byte) {
if !cc.channel.Pending {
res := new(Protocol_Data_Chat.Packet)
err := proto.Unmarshal(data, res)
if err == nil {
if res.GetChatMessage() != nil {
ack := cc.Handler.ChatMessage(res.GetChatMessage().GetMessageId(), time.Now(), res.GetChatMessage().GetMessageText())
if ack {
cc.Acknowledge(res.GetChatMessage().GetMessageId())
} else {
//XXX
}
} else if res.GetChatAcknowledge() != nil {
cc.Handler.ChatMessageAck(res.GetChatMessage().GetMessageId())
}
// XXX?
}
}
}

124
channels/chatchannel_test.go

@ -0,0 +1,124 @@
package channels
import (
"github.com/golang/protobuf/proto"
"github.com/s-rah/go-ricochet/utils"
"github.com/s-rah/go-ricochet/wire/chat"
"github.com/s-rah/go-ricochet/wire/control"
"testing"
"time"
)
func TestChatChannelOptions(t *testing.T) {
chatChannel := new(ChatChannel)
if chatChannel.Type() != "im.ricochet.chat" {
t.Errorf("ChatChannel has wrong type %s", chatChannel.Type())
}
if chatChannel.OnlyClientCanOpen() {
t.Errorf("ChatChannel should be able to be opened by everyone")
}
if !chatChannel.Singleton() {
t.Errorf("ChatChannel should be a Singelton")
}
if chatChannel.Bidirectional() {
t.Errorf("ChatChannel should not be bidirectional")
}
if chatChannel.RequiresAuthentication() != "im.ricochet.auth.hidden-service" {
t.Errorf("ChatChannel should require im.ricochet.auth.hidden-service. Instead requires: %s", chatChannel.RequiresAuthentication())
}
}
func TestChatChannelOpenInbound(t *testing.T) {
messageBuilder := new(utils.MessageBuilder)
ocm := messageBuilder.OpenChannel(2, "im.ricochet.chat")
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ocm[:], res)
opm := res.GetOpenChannel()
chatChannel := new(ChatChannel)
channel := Channel{ID: 1}
response, err := chatChannel.OpenInbound(&channel, opm)
if err == nil {
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
} else {
t.Errorf("Error while parsing chatchannel openinbound output: %v", err)
}
}
func TestChatChannelOpenOutbound(t *testing.T) {
chatChannel := new(ChatChannel)
channel := Channel{ID: 1}
response, err := chatChannel.OpenOutbound(&channel)
if err == nil {
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
if res.GetOpenChannel() != nil {
// XXX
} else {
t.Errorf("ChatChannel OpenOutbound was not an OpenChannelRequest %v", err)
}
} else {
t.Errorf("Error while parsing openputput output: %v", err)
}
}
type TestChatChannelHandler struct {
}
func (tcch *TestChatChannelHandler) ChatMessage(messageID uint32, when time.Time, message string) bool {
return true
}
func (tcch *TestChatChannelHandler) ChatMessageAck(messageID uint32) {
}
func TestChatChannelOperations(t *testing.T) {
// We test OpenOutboundElsewhere
chatChannel := new(ChatChannel)
chatChannel.Handler = new(TestChatChannelHandler)
channel := Channel{ID: 5}
channel.SendMessage = func(data []byte) {
res := new(Protocol_Data_Chat.Packet)
err := proto.Unmarshal(data, res)
if res.GetChatMessage() != nil {
if err == nil {
if res.GetChatMessage().GetMessageId() != 0 {
t.Log("Got Message ID:", res.GetChatMessage().GetMessageId())
return
}
t.Errorf("message id was 0 should be random")
return
}
t.Errorf("error sending chat message: %v", err)
}
}
chatChannel.OpenOutbound(&channel)
messageBuilder := new(utils.MessageBuilder)
ack := messageBuilder.AckOpenChannel(5)
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ack[:], res)
cr := res.GetChannelResult()
chatChannel.OpenOutboundResult(nil, cr)
if channel.Pending {
t.Errorf("After Successful Result ChatChannel Is Still Pending")
}
chat := messageBuilder.ChatMessage("message text", 0)
chatChannel.Packet(chat)
chatChannel.SendMessage("hello")
}

148
channels/contactrequestchannel.go

@ -0,0 +1,148 @@
package channels
import (
"errors"
"github.com/golang/protobuf/proto"
"github.com/s-rah/go-ricochet/utils"
"github.com/s-rah/go-ricochet/wire/contact"
"github.com/s-rah/go-ricochet/wire/control"
)
// ContactRequestChannel implements the ChannelHandler interface for a channel of
// type "im.ricochet.contact.request". The channel may be inbound or outbound.
// a ContactRequestChannelHandler implementation to handle chat events.
type ContactRequestChannel struct {
// Methods of Handler are called for chat events on this channel
Handler ContactRequestChannelHandler
channel *Channel
}
// ContactRequestChannelHandler is implemented by an application type to receive
// events from a ContactRequestChannel.
//
// Note that ContactRequestChannelHandler is composable with other interfaces, including
// ConnectionHandler; there is no need to use a distinct type as a
// ContactRequestChannelHandler.
type ContactRequestChannelHandler interface {
GetContactDetails() (string, string)
ContactRequest(name string, message string) string
ContactRequestRejected()
ContactRequestAccepted()
ContactRequestError()
}
// OnlyClientCanOpen - only clients can open contact requests
func (crc *ContactRequestChannel) OnlyClientCanOpen() bool {
return true
}
// Singleton - only one contact request can be opened per side
func (crc *ContactRequestChannel) Singleton() bool {
return true
}
// Bidirectional - only clients can send messages
func (crc *ContactRequestChannel) Bidirectional() bool {
return false
}
// RequiresAuthentication - contact requests require hidden service auth
func (crc *ContactRequestChannel) RequiresAuthentication() string {
return "im.ricochet.auth.hidden-service"
}
// Type returns the type string for this channel, e.g. "im.ricochet.chat".
func (crc *ContactRequestChannel) Type() string {
return "im.ricochet.contact.request"
}
// Closed is called when the channel is closed for any reason.
func (crc *ContactRequestChannel) Closed(err error) {
}
// OpenInbound is the first method called for an inbound channel request.
// If an error is returned, the channel is rejected. If a RawMessage is
// returned, it will be sent as the ChannelResult message.
func (crc *ContactRequestChannel) OpenInbound(channel *Channel, oc *Protocol_Data_Control.OpenChannel) ([]byte, error) {
crc.channel = channel
contactRequestI, err := proto.GetExtension(oc, Protocol_Data_ContactRequest.E_ContactRequest)
if err == nil {
contactRequest, check := contactRequestI.(*Protocol_Data_ContactRequest.ContactRequest)
if check {
if len(contactRequest.GetNickname()) > int(Protocol_Data_ContactRequest.Limits_NicknameMaxCharacters) {
// Violation of the Protocol
return nil, errors.New("invalid nickname")
}
if len(contactRequest.GetMessageText()) > int(Protocol_Data_ContactRequest.Limits_MessageMaxCharacters) {
// Violation of the Protocol
return nil, errors.New("invalid message")
}
result := crc.Handler.ContactRequest(contactRequest.GetNickname(), contactRequest.GetMessageText())
messageBuilder := new(utils.MessageBuilder)
return messageBuilder.ReplyToContactRequestOnResponse(channel.ID, result), nil
}
}
return nil, errors.New("could not parse contact request extension")
}
// OpenOutbound is the first method called for an outbound channel request.
// If an error is returned, the channel is not opened. If a RawMessage is
// returned, it will be sent as the OpenChannel message.
func (crc *ContactRequestChannel) OpenOutbound(channel *Channel) ([]byte, error) {
crc.channel = channel
name, message := crc.Handler.GetContactDetails()
messageBuilder := new(utils.MessageBuilder)
return messageBuilder.OpenContactRequestChannel(channel.ID, name, message), nil
}
// OpenOutboundResult is called when a response is received for an
// outbound OpenChannel request. If `err` is non-nil, the channel was
// rejected and Closed will be called immediately afterwards. `raw`
// contains the raw protocol message including any extension data.
func (crc *ContactRequestChannel) OpenOutboundResult(err error, crm *Protocol_Data_Control.ChannelResult) {
if err == nil {
if crm.GetOpened() {
responseI, err := proto.GetExtension(crm, Protocol_Data_ContactRequest.E_Response)
if err == nil {
response, check := responseI.(*Protocol_Data_ContactRequest.Response)
if check {
crc.handleStatus(response.GetStatus().String())
return
}
}
}
}
crc.channel.SendMessage([]byte{})
}
func (crc *ContactRequestChannel) handleStatus(status string) {
switch status {
case "Accepted":
crc.Handler.ContactRequestAccepted()
case "Pending":
break
case "Rejected":
crc.Handler.ContactRequestRejected()
break
case "Error":
crc.Handler.ContactRequestError()
break
}
}
// Packet is called for each raw packet received on this channel.
func (crc *ContactRequestChannel) Packet(data []byte) {
if !crc.channel.Pending {
response := new(Protocol_Data_ContactRequest.Response)
err := proto.Unmarshal(data, response)
if err == nil {
crc.handleStatus(response.GetStatus().String())
return
}
}
crc.channel.SendMessage([]byte{})
}

226
channels/contactrequestchannel_test.go

@ -0,0 +1,226 @@
package channels
import (
"github.com/golang/protobuf/proto"
"github.com/s-rah/go-ricochet/utils"
"github.com/s-rah/go-ricochet/wire/contact"
"github.com/s-rah/go-ricochet/wire/control"
"testing"
)
type TestContactRequestHandler struct {
Received bool
}
func (tcrh *TestContactRequestHandler) GetContactDetails() (string, string) {
return "", ""
}
func (tcrh *TestContactRequestHandler) ContactRequest(name string, message string) string {
if name == "test_nickname" && message == "test_message" {
tcrh.Received = true
}
return "Pending"
}
func (tcrh *TestContactRequestHandler) ContactRequestRejected() {
}
func (tcrh *TestContactRequestHandler) ContactRequestAccepted() {
}
func (tcrh *TestContactRequestHandler) ContactRequestError() {
}
func TestContactRequestOptions(t *testing.T) {
contactRequestChannel := new(ContactRequestChannel)
if contactRequestChannel.Type() != "im.ricochet.contact.request" {
t.Errorf("ContactRequestChannel has wrong type %s", contactRequestChannel.Type())
}
if !contactRequestChannel.OnlyClientCanOpen() {
t.Errorf("ContactRequestChannel Should be Client Open Only")
}
if !contactRequestChannel.Singleton() {
t.Errorf("ContactRequestChannel Should be a Singelton")
}
if contactRequestChannel.Bidirectional() {
t.Errorf("ContactRequestChannel Should not be bidirectional")
}
if contactRequestChannel.RequiresAuthentication() != "im.ricochet.auth.hidden-service" {
t.Errorf("ContactRequestChannel should requires im.ricochet.auth.hidden-service Authentication. Instead defines: %s", contactRequestChannel.RequiresAuthentication())
}
}
func TestContactRequestOpenOutbound(t *testing.T) {
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
response, err := contactRequestChannel.OpenOutbound(&channel)
if err == nil {
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
if res.GetOpenChannel() != nil {
// XXX
} else {
t.Errorf("ContactReuqest OpenOutbound was not an OpenChannelRequest %v", err)
}
} else {
t.Errorf("Error while parsing openputput output: %v", err)
}
}
func TestContactRequestOpenOutboundResult(t *testing.T) {
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
contactRequestChannel.OpenOutbound(&channel)
messageBuilder := new(utils.MessageBuilder)
ack := messageBuilder.ReplyToContactRequestOnResponse(1, "Accepted")
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ack[:], res)
cr := res.GetChannelResult()
contactRequestChannel.OpenOutboundResult(nil, cr)
}
func TestContactRequestOpenInbound(t *testing.T) {
opm := BuildOpenChannel("test_nickname", "test_message")
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
response, err := contactRequestChannel.OpenInbound(&channel, opm)
if err == nil {
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
responseI, err := proto.GetExtension(res.GetChannelResult(), Protocol_Data_ContactRequest.E_Response)
if err == nil {
response, check := responseI.(*Protocol_Data_ContactRequest.Response)
if check {
if response.GetStatus().String() != "Pending" {
t.Errorf("Contact Request Response should have been Pending, but instead was: %v", response.GetStatus().String())
}
} else {
t.Errorf("Error while parsing openinbound output: %v", err)
}
} else {
t.Errorf("Error while parsing openinbound output: %v", err)
}
} else {
t.Errorf("Error while parsing openinbound output: %v", err)
}
if !handler.Received {
t.Errorf("Contact Request was not received by Handler")
}
}
func TestContactRequestPacket(t *testing.T) {
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
contactRequestChannel.OpenOutbound(&channel)
messageBuilder := new(utils.MessageBuilder)
ack := messageBuilder.ReplyToContactRequestOnResponse(1, "Pending")
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ack[:], res)
cr := res.GetChannelResult()
contactRequestChannel.OpenOutboundResult(nil, cr)
ackp := messageBuilder.ReplyToContactRequest(1, "Accepted")
contactRequestChannel.Packet(ackp)
}
func TestContactRequestRejected(t *testing.T) {
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
contactRequestChannel.OpenOutbound(&channel)
messageBuilder := new(utils.MessageBuilder)
ack := messageBuilder.ReplyToContactRequestOnResponse(1, "Pending")
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ack[:], res)
cr := res.GetChannelResult()
contactRequestChannel.OpenOutboundResult(nil, cr)
ackp := messageBuilder.ReplyToContactRequest(1, "Rejected")
contactRequestChannel.Packet(ackp)
}
func TestContactRequestError(t *testing.T) {
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
contactRequestChannel.OpenOutbound(&channel)
messageBuilder := new(utils.MessageBuilder)
ack := messageBuilder.ReplyToContactRequestOnResponse(1, "Pending")
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ack[:], res)
cr := res.GetChannelResult()
contactRequestChannel.OpenOutboundResult(nil, cr)
ackp := messageBuilder.ReplyToContactRequest(1, "Error")
contactRequestChannel.Packet(ackp)
}
func BuildOpenChannel(nickname string, message string) *Protocol_Data_Control.OpenChannel {
// Construct the Open Authentication Channel Message
messageBuilder := new(utils.MessageBuilder)
ocm := messageBuilder.OpenContactRequestChannel(1, nickname, message)
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ocm[:], res)
return res.GetOpenChannel()
}
func TestInvalidNickname(t *testing.T) {
opm := BuildOpenChannel("this nickname is far too long at well over the limit of 30 characters", "test_message")
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
_, err := contactRequestChannel.OpenInbound(&channel, opm)
if err == nil {
t.Errorf("Open Inbound should have failed because of invalid nickname")
}
}
func TestInvalidMessage(t *testing.T) {
var message string
for i := 0; i < 2001; i++ {
message += "a"
}
opm := BuildOpenChannel("test_nickname", message)
contactRequestChannel := new(ContactRequestChannel)
handler := new(TestContactRequestHandler)
contactRequestChannel.Handler = handler
channel := Channel{ID: 1}
_, err := contactRequestChannel.OpenInbound(&channel, opm)
if err == nil {
t.Errorf("Open Inbound should have failed because of invalid message")
}
}

51
channels/handler.go

@ -0,0 +1,51 @@
package channels
import (
"github.com/s-rah/go-ricochet/wire/control"
)
// Handler reacts to low-level events on a protocol channel. There
// should be a unique instance of a ChannelHandler type per channel.
//
// Applications generally don't need to implement ChannelHandler directly;
// instead, use the built-in implementations for common channel types, and
// their individual callback interfaces. ChannelHandler is useful when
// implementing new channel types, or modifying low level default behavior.
type Handler interface {
// Type returns the type string for this channel, e.g. "im.ricochet.chat".
Type() string
// Closed is called when the channel is closed for any reason.
Closed(err error)
// OnlyClientCanOpen indicates if only a client can open a given channel
OnlyClientCanOpen() bool
// Singleton indicates if a channel can only have one instance per direction
Singleton() bool
// Bidirectional indicates if messages can be send by either side
Bidirectional() bool
// RequiresAuthentication describes what authentication is needed for the channel
RequiresAuthentication() string
// OpenInbound is the first method called for an inbound channel request.
// If an error is returned, the channel is rejected. If a RawMessage is
// returned, it will be sent as the ChannelResult message.
OpenInbound(channel *Channel, raw *Protocol_Data_Control.OpenChannel) ([]byte, error)
// OpenOutbound is the first method called for an outbound channel request.
// If an error is returned, the channel is not opened. If a RawMessage is
// returned, it will be sent as the OpenChannel message.
OpenOutbound(channel *Channel) ([]byte, error)
// OpenOutboundResult is called when a response is received for an
// outbound OpenChannel request. If `err` is non-nil, the channel was
// rejected and Closed will be called immediately afterwards. `raw`
// contains the raw protocol message including any extension data.
OpenOutboundResult(err error, raw *Protocol_Data_Control.ChannelResult)
// Packet is called for each raw packet received on this channel.
Packet(data []byte)
}

253
channels/hiddenserviceauthchannel.go

@ -0,0 +1,253 @@
package channels
import (
"crypto"
"crypto/hmac"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"encoding/asn1"
"errors"
"github.com/golang/protobuf/proto"
"github.com/s-rah/go-ricochet/utils"
"github.com/s-rah/go-ricochet/wire/auth"
"github.com/s-rah/go-ricochet/wire/control"
"io"
"log"
)
// HiddenServiceAuthChannel wraps implementation o fim.ricochet.auth.hidden-service"
type HiddenServiceAuthChannel struct {
// Methods of Handler are called for events on this channel
Handler AuthChannelHandler
// PrivateKey must be set for client-side authentication channels
PrivateKey *rsa.PrivateKey
// Server Hostname must be set for client-side authentication channels
ServerHostname string
// Internal state
clientCookie, serverCookie [16]byte
channel *Channel
}
// AuthChannelHandler ...
type AuthChannelHandler interface {
// Client
ClientAuthResult(accepted bool, isKnownContact bool)
// Server
ServerAuthValid(hostname string, publicKey rsa.PublicKey) (allowed, known bool)
ServerAuthInvalid(err error)
}
// Type returns the type string for this channel, e.g. "im.ricochet.chat".
func (ah *HiddenServiceAuthChannel) Type() string {
return "im.ricochet.auth.hidden-service"
}
// Singleton Returns whether or not the given channel type is a singleton
func (ah *HiddenServiceAuthChannel) Singleton() bool {
return true
}
// OnlyClientCanOpen ...
func (ah *HiddenServiceAuthChannel) OnlyClientCanOpen() bool {
return true
}
// Bidirectional Returns whether or not the given channel allows anyone to send messages
func (ah *HiddenServiceAuthChannel) Bidirectional() bool {
return false
}
// RequiresAuthentication Returns whether or not the given channel type requires authentication
func (ah *HiddenServiceAuthChannel) RequiresAuthentication() string {
return "none"
}
// Closed is called when the channel is closed for any reason.
func (ah *HiddenServiceAuthChannel) Closed(err error) {
}
// OpenInbound is the first method called for an inbound channel request.
// If an error is returned, the channel is rejected. If a RawMessage is
// returned, it will be sent as the ChannelResult message.
// Remote -> [Open Authentication Channel] -> Local
func (ah *HiddenServiceAuthChannel) OpenInbound(channel *Channel, oc *Protocol_Data_Control.OpenChannel) ([]byte, error) {
ah.channel = channel
clientCookie, _ := proto.GetExtension(oc, Protocol_Data_AuthHiddenService.E_ClientCookie)
if len(clientCookie.([]byte)[:]) != 16 {
// reutrn without opening channel.
return nil, errors.New("invalid client cookie")
}
ah.AddClientCookie(clientCookie.([]byte)[:])
messageBuilder := new(utils.MessageBuilder)
channel.Pending = false
return messageBuilder.ConfirmAuthChannel(ah.channel.ID, ah.GenServerCookie()), nil
}
// OpenOutbound is the first method called for an outbound channel request.
// If an error is returned, the channel is not opened. If a RawMessage is
// returned, it will be sent as the OpenChannel message.
// Local -> [Open Authentication Channel] -> Remote
func (ah *HiddenServiceAuthChannel) OpenOutbound(channel *Channel) ([]byte, error) {
ah.channel = channel
messageBuilder := new(utils.MessageBuilder)
return messageBuilder.OpenAuthenticationChannel(ah.channel.ID, ah.GenClientCookie()), nil
}
// OpenOutboundResult is called when a response is received for an
// outbound OpenChannel request. If `err` is non-nil, the channel was
// rejected and Closed will be called immediately afterwards. `raw`
// contains the raw protocol message including any extension data.
// Input: Remote -> [ChannelResult] -> {Client}
// Output: {Client} -> [Proof] -> Remote
func (ah *HiddenServiceAuthChannel) OpenOutboundResult(err error, crm *Protocol_Data_Control.ChannelResult) {
if err == nil {
if crm.GetOpened() {
serverCookie, _ := proto.GetExtension(crm, Protocol_Data_AuthHiddenService.E_ServerCookie)
if len(serverCookie.([]byte)[:]) != 16 {
ah.channel.SendMessage([]byte{})
return
}
ah.AddServerCookie(serverCookie.([]byte)[:])
publicKeyBytes, _ := asn1.Marshal(rsa.PublicKey{
N: ah.PrivateKey.PublicKey.N,
E: ah.PrivateKey.PublicKey.E,
})
clientHostname := utils.GetTorHostname(publicKeyBytes)
challenge := ah.GenChallenge(clientHostname, ah.ServerHostname)
signature, err := rsa.SignPKCS1v15(nil, ah.PrivateKey, crypto.SHA256, challenge)
if err != nil {
ah.channel.SendMessage([]byte{})
return
}
messageBuilder := new(utils.MessageBuilder)
proof := messageBuilder.Proof(publicKeyBytes, signature)
ah.channel.SendMessage(proof)
}
}
}
// Packet is called for each raw packet received on this channel.
// Input: Remote -> [Proof] -> Client
// OR
// Input: Remote -> [Result] -> Client
func (ah *HiddenServiceAuthChannel) Packet(data []byte) {
res := new(Protocol_Data_AuthHiddenService.Packet)
err := proto.Unmarshal(data[:], res)
if err != nil {
ah.channel.CloseChannel()
return
}
if res.GetProof() != nil && ah.channel.Direction == Inbound {
provisionalClientHostname := utils.GetTorHostname(res.GetProof().GetPublicKey())
publicKeyBytes, err := asn1.Marshal(rsa.PublicKey{
N: ah.PrivateKey.PublicKey.N,
E: ah.PrivateKey.PublicKey.E,
})
if err != nil {
ah.Handler.ServerAuthInvalid(err)
ah.channel.SendMessage([]byte{})
return
}
serverHostname := utils.GetTorHostname(publicKeyBytes)
publicKey := rsa.PublicKey{}
_, err = asn1.Unmarshal(res.GetProof().GetPublicKey(), &publicKey)
if err != nil {
ah.Handler.ServerAuthInvalid(err)
ah.channel.SendMessage([]byte{})
return
}
challenge := ah.GenChallenge(provisionalClientHostname, serverHostname)
err = rsa.VerifyPKCS1v15(&publicKey, crypto.SHA256, challenge[:], res.GetProof().GetSignature())
if err == nil {
// Signature is Good
accepted, isKnownContact := ah.Handler.ServerAuthValid(provisionalClientHostname, publicKey)
// Send Result
messageBuilder := new(utils.MessageBuilder)
result := messageBuilder.AuthResult(accepted, isKnownContact)
ah.channel.DelegateAuthorization()
ah.channel.SendMessage(result)
} else {
// Auth Failed
messageBuilder := new(utils.MessageBuilder)
result := messageBuilder.AuthResult(false, false)
ah.channel.SendMessage(result)
ah.Handler.ServerAuthInvalid(err)
}
} else if res.GetResult() != nil && ah.channel.Direction == Outbound {
ah.Handler.ClientAuthResult(res.GetResult().GetAccepted(), res.GetResult().GetIsKnownContact())
if res.GetResult().GetAccepted() {
ah.channel.DelegateAuthorization()
}
}
// Any other combination of packets is completely invalid
// Fail the Authorization right here.
ah.channel.CloseChannel()
}
// AddClientCookie adds a client cookie to the state.
func (ah *HiddenServiceAuthChannel) AddClientCookie(cookie []byte) {
copy(ah.clientCookie[:], cookie[:16])
}
// AddServerCookie adds a server cookie to the state.
func (ah *HiddenServiceAuthChannel) AddServerCookie(cookie []byte) {
copy(ah.serverCookie[:], cookie[:16])
}
// GenRandom generates a random 16byte cookie string.
func (ah *HiddenServiceAuthChannel) GenRandom() [16]byte {
var cookie [16]byte
io.ReadFull(rand.Reader, cookie[:])
return cookie
}
// GenClientCookie generates and adds a client cookie to the state.
func (ah *HiddenServiceAuthChannel) GenClientCookie() [16]byte {
ah.clientCookie = ah.GenRandom()
return ah.clientCookie
}
// GenServerCookie generates and adds a server cookie to the state.
func (ah *HiddenServiceAuthChannel) GenServerCookie() [16]byte {
ah.serverCookie = ah.GenRandom()
return ah.serverCookie
}
// GenChallenge constructs the challenge parameter for the AuthHiddenService session.
// The challenge is the a Sha256HMAC(clientHostname+serverHostname, key=clientCookie+serverCookie)
func (ah *HiddenServiceAuthChannel) GenChallenge(clientHostname string, serverHostname string) []byte {
key := make([]byte, 32)
copy(key[0:16], ah.clientCookie[:])
copy(key[16:], ah.serverCookie[:])
log.Printf("CHALLENGE: %s %s %v", clientHostname, serverHostname, key)
value := []byte(clientHostname + serverHostname)
mac := hmac.New(sha256.New, key)
mac.Write(value)
hmac := mac.Sum(nil)
return hmac
}

163
channels/hiddenserviceauthchannel_test.go

@ -0,0 +1,163 @@
package channels
import (
"bytes"
"crypto/rsa"
"github.com/golang/protobuf/proto"
"github.com/s-rah/go-ricochet/utils"
"github.com/s-rah/go-ricochet/wire/control"
"testing"
)
func TestGenChallenge(t *testing.T) {
authHandler := new(HiddenServiceAuthChannel)
authHandler.AddClientCookie([]byte("abcdefghijklmnop"))
authHandler.AddServerCookie([]byte("qrstuvwxyz012345"))
challenge := authHandler.GenChallenge("test.onion", "notareal.onion")
expectedChallenge := []byte{0xf5, 0xdb, 0xfd, 0xf0, 0x3d, 0x94, 0x14, 0xf1, 0x4b, 0x37, 0x93, 0xe2, 0xa5, 0x11, 0x4a, 0x98, 0x31, 0x90, 0xea, 0xb8, 0x95, 0x7a, 0x2e, 0xaa, 0xd0, 0xd2, 0x0c, 0x74, 0x95, 0xba, 0xab, 0x73}
t.Log(challenge, expectedChallenge)
if bytes.Compare(challenge[:], expectedChallenge[:]) != 0 {
t.Errorf("HiddenServiceAuthChannel Challenge Is Invalid, Got %x, Expected %x", challenge, expectedChallenge)
}
}
func TestGenClientCookie(t *testing.T) {
authHandler := new(HiddenServiceAuthChannel)
clientCookie := authHandler.GenClientCookie()
if clientCookie != authHandler.clientCookie {
t.Errorf("HiddenServiceAuthChannel Client Cookies are Different %x %x", clientCookie, authHandler.clientCookie)
}
}
func TestGenServerCookie(t *testing.T) {
authHandler := new(HiddenServiceAuthChannel)
serverCookie := authHandler.GenServerCookie()
if serverCookie != authHandler.serverCookie {
t.Errorf("HiddenServiceAuthChannel Server Cookies are Different %x %x", serverCookie, authHandler.serverCookie)
}
}
func TestHiddenServiceAuthChannelOptions(t *testing.T) {
hiddenServiceAuthChannel := new(HiddenServiceAuthChannel)
if hiddenServiceAuthChannel.Type() != "im.ricochet.auth.hidden-service" {
t.Errorf("AuthHiddenService has wrong type %s", hiddenServiceAuthChannel.Type())
}
if !hiddenServiceAuthChannel.OnlyClientCanOpen() {
t.Errorf("AuthHiddenService Should be Client Open Only")
}
if !hiddenServiceAuthChannel.Singleton() {
t.Errorf("AuthHiddenService Should be a Singelton")
}
if hiddenServiceAuthChannel.Bidirectional() {
t.Errorf("AuthHiddenService Should not be bidirectional")
}
if hiddenServiceAuthChannel.RequiresAuthentication() != "none" {
t.Errorf("AuthHiddenService should require no authorization. Instead requires: %s", hiddenServiceAuthChannel.RequiresAuthentication())
}
}
func GetOpenAuthenticationChannelMessage() *Protocol_Data_Control.OpenChannel {
// Construct the Open Authentication Channel Message
messageBuilder := new(utils.MessageBuilder)
ocm := messageBuilder.OpenAuthenticationChannel(1, [16]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0})
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ocm[:], res)
return res.GetOpenChannel()
}
func TestAuthenticationOpenInbound(t *testing.T) {
opm := GetOpenAuthenticationChannelMessage()
authHandler := new(HiddenServiceAuthChannel)
channel := Channel{ID: 1}
response, err := authHandler.OpenInbound(&channel, opm)
if err == nil {
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
if res.GetChannelResult() == nil || !res.GetChannelResult().GetOpened() {
t.Errorf("Response not a Open Channel Result %v", res)
}
} else {
t.Errorf("HiddenServiceAuthChannel OpenOutbound Failed: %v", err)
}
}
func TestAuthenticationOpenOutbound(t *testing.T) {
authHandler := new(HiddenServiceAuthChannel)
channel := Channel{ID: 1}
response, err := authHandler.OpenOutbound(&channel)
if err == nil {
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
if res.GetOpenChannel() == nil {
t.Errorf("Open Channel Packet not included %v", res)
}
} else {
t.Errorf("HiddenServiceAuthChannel OpenInbound Failed: %v", err)
}
}
type SimpleTestAuthHandler struct {
}
// Client
func (stah *SimpleTestAuthHandler) ClientAuthResult(accepted bool, isKnownContact bool) {
}
// Server
func (stah *SimpleTestAuthHandler) ServerAuthValid(hostname string, publicKey rsa.PublicKey) (allowed, known bool) {
return true, true
}
func (stah *SimpleTestAuthHandler) ServerAuthInvalid(err error) {
}
func TestAuthenticationOpenOutboundResult(t *testing.T) {
privateKey, _ := utils.LoadPrivateKeyFromFile("../testing/private_key")
authHandlerA := new(HiddenServiceAuthChannel)
authHandlerB := new(HiddenServiceAuthChannel)
simpleTestAuthHandler := new(SimpleTestAuthHandler)
authHandlerA.ServerHostname = "kwke2hntvyfqm7dr"
authHandlerA.PrivateKey = privateKey
authHandlerA.Handler = simpleTestAuthHandler
channelA := Channel{ID: 1, Direction: Outbound}
channelA.SendMessage = func(message []byte) {
authHandlerB.Packet(message)
}
channelA.DelegateAuthorization = func() {}
channelA.CloseChannel = func() {}
response, _ := authHandlerA.OpenOutbound(&channelA)
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
authHandlerB.ServerHostname = "kwke2hntvyfqm7dr"
authHandlerB.PrivateKey = privateKey
authHandlerB.Handler = simpleTestAuthHandler
channelB := Channel{ID: 1, Direction: Inbound}
channelB.SendMessage = func(message []byte) {
authHandlerA.Packet(message)
}
channelB.DelegateAuthorization = func() {}
channelB.CloseChannel = func() {}
response, _ = authHandlerB.OpenInbound(&channelB, res.GetOpenChannel())
res = new(Protocol_Data_Control.Packet)
proto.Unmarshal(response[:], res)
authHandlerA.OpenOutboundResult(nil, res.GetChannelResult())
}

94
connection/autoconnectionhandler.go

@ -0,0 +1,94 @@
package connection
import (
"crypto/rsa"
"github.com/s-rah/go-ricochet/channels"
"github.com/s-rah/go-ricochet/utils"
"log"
)
// AutoConnectionHandler implements the ConnectionHandler interface on behalf of
// the provided application type by automatically providing support for any
// built-in channel type whose high level interface is implemented by the
// application. For example, if the application's type implements the
// ChatChannelHandler interface, `im.ricochet.chat` will be available to the peer.
//
// The application handler can be any other type. To override or augment any of
// AutoConnectionHandler's behavior (such as adding new channel types, or reacting
// to connection close events), this type can be embedded in the type that it serves.
type AutoConnectionHandler struct {
handlerMap map[string]func() channels.Handler
connection *Connection
authResultChannel chan channels.AuthChannelResult
sach func(hostname string, publicKey rsa.PublicKey) (allowed, known bool)
}
// Init ...
func (ach *AutoConnectionHandler) Init(privateKey *rsa.PrivateKey, serverHostname string) {
ach.handlerMap = make(map[string]func() channels.Handler)
ach.RegisterChannelHandler("im.ricochet.auth.hidden-service", func() channels.Handler {
hsau := new(channels.HiddenServiceAuthChannel)
hsau.PrivateKey = privateKey
hsau.Handler = ach
hsau.ServerHostname = serverHostname
return hsau
})
ach.authResultChannel = make(chan channels.AuthChannelResult)
}
// SetServerAuthHandler ...
func (ach *AutoConnectionHandler) SetServerAuthHandler(sach func(hostname string, publicKey rsa.PublicKey) (allowed, known bool)) {
ach.sach = sach
}
// OnReady ...
func (ach *AutoConnectionHandler) OnReady(oc *Connection) {
ach.connection = oc
}
// OnClosed is called when the OpenConnection has closed for any reason.
func (ach *AutoConnectionHandler) OnClosed(err error) {
}
// WaitForAuthenticationEvent ...
func (ach *AutoConnectionHandler) WaitForAuthenticationEvent() channels.AuthChannelResult {
return <-ach.authResultChannel
}
// ClientAuthResult ...
func (ach *AutoConnectionHandler) ClientAuthResult(accepted bool, isKnownContact bool) {
log.Printf("Got auth result %v %v", accepted, isKnownContact)
ach.authResultChannel <- channels.AuthChannelResult{Accepted: accepted, IsKnownContact: isKnownContact}
}
// ServerAuthValid ...
func (ach *AutoConnectionHandler) ServerAuthValid(hostname string, publicKey rsa.PublicKey) (allowed, known bool) {
// Do something
accepted, isKnownContact := ach.sach(hostname, publicKey)
ach.authResultChannel <- channels.AuthChannelResult{Accepted: accepted, IsKnownContact: isKnownContact}
return accepted, isKnownContact
}
// ServerAuthInvalid ...
func (ach *AutoConnectionHandler) ServerAuthInvalid(err error) {
ach.authResultChannel <- channels.AuthChannelResult{Accepted: false, IsKnownContact: false}
}
// RegisterChannelHandler ...
func (ach *AutoConnectionHandler) RegisterChannelHandler(ctype string, handler func() channels.Handler) {
_, exists := ach.handlerMap[ctype]
if !exists {
ach.handlerMap[ctype] = handler
}
}
// OnOpenChannelRequest ...
func (ach *AutoConnectionHandler) OnOpenChannelRequest(ctype string) (channels.Handler, error) {
handler, ok := ach.handlerMap[ctype]
if ok {
h := handler()
log.Printf("Got Channel Handler")
return h, nil
}
return nil, utils.UnknownChannelTypeError
}

36
connection/autoconnectionhandler_test.go

@ -0,0 +1,36 @@
package connection
import (
"github.com/golang/protobuf/proto"
"github.com/s-rah/go-ricochet/utils"
"github.com/s-rah/go-ricochet/wire/control"
"testing"
)
// Test sending valid packets
func TestInit(t *testing.T) {
ach := new(AutoConnectionHandler)
privateKey, err := utils.LoadPrivateKeyFromFile("../testing/private_key")
ach.Init(privateKey, "")
// Construct the Open Authentication Channel Message
messageBuilder := new(utils.MessageBuilder)
ocm := messageBuilder.OpenAuthenticationChannel(1, [16]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0})
// We have just constructed this so there is little
// point in doing error checking here in the test
res := new(Protocol_Data_Control.Packet)
proto.Unmarshal(ocm[:], res)
opm := res.GetOpenChannel()
//ocmessage, _ := proto.Marshal(opm)
handler, err := ach.OnOpenChannelRequest(opm.GetChannelType())
if err == nil {
if handler.Type() != "im.ricochet.auth.hidden-service" {
t.Errorf("Failed to authentication handler: %v", handler.Type())
}
} else {
t.Errorf("Failed to build handler: %v", err)
}
}

114
connection/channelmanager.go

@ -0,0 +1,114 @@
package connection
import (
"errors"
"github.com/s-rah/go-ricochet/channels"
)
// ChannelManager encapsulates the logic for server and client side assignment
// and removal of channels.
type ChannelManager struct {
channels map[int32]*channels.Channel
nextFreeChannel int32
isClient bool
}
// NewClientChannelManager construsts a new channel manager enforcing behaviour
// of a ricochet client
func NewClientChannelManager() *ChannelManager {
channelManager := new(ChannelManager)
channelManager.channels = make(map[int32]*channels.Channel)
channelManager.nextFreeChannel = 1
channelManager.isClient = true
return channelManager
}
// NewServerChannelManager construsts a new channel manager enforcing behaviour
// from a ricochet server
func NewServerChannelManager() *ChannelManager {
channelManager := new(ChannelManager)
channelManager.channels = make(map[int32]*channels.Channel)
channelManager.nextFreeChannel = 2
channelManager.isClient = false
return channelManager
}
// OpenChannelRequest constructs a channel type ready for processing given a request
// from the client.
func (cm *ChannelManager) OpenChannelRequest(chandler channels.Handler) (*channels.Channel, error) {
// Some channels only allow us to open one of them per connection
if chandler.Singleton() && cm.Channel(chandler.Type(), channels.Outbound) != nil {
return nil, errors.New("Connection already has channel of type " + chandler.Type())
}
channel := new(channels.Channel)
channel.ID = cm.nextFreeChannel
cm.nextFreeChannel += 2
channel.Type = chandler.Type()
channel.Handler = &chandler
channel.Pending = true
channel.Direction = channels.Outbound
cm.channels[channel.ID] = channel
return channel, nil
}
// OpenChannelRequestFromPeer constructs a channel type ready for processing given a request
// from the remote peer.
func (cm *ChannelManager) OpenChannelRequestFromPeer(channelID int32, chandler channels.Handler) (*channels.Channel, error) {
if cm.isClient && (channelID%2) != 0 {
// Server is trying to open odd numbered channels
return nil, errors.New("server may only open even numbered channels")
} else if !cm.isClient && (channelID%2) == 0 {
// Server is trying to open odd numbered channels
return nil, errors.New("client may only open odd numbered channels")
}