254 lines
8.0 KiB
Go
254 lines
8.0 KiB
Go
package channels
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/hmac"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/sha256"
|
|
"encoding/asn1"
|
|
"errors"
|
|
"github.com/golang/protobuf/proto"
|
|
"github.com/s-rah/go-ricochet/utils"
|
|
"github.com/s-rah/go-ricochet/wire/auth"
|
|
"github.com/s-rah/go-ricochet/wire/control"
|
|
"io"
|
|
"log"
|
|
)
|
|
|
|
// HiddenServiceAuthChannel wraps implementation o fim.ricochet.auth.hidden-service"
|
|
type HiddenServiceAuthChannel struct {
|
|
// Methods of Handler are called for events on this channel
|
|
Handler AuthChannelHandler
|
|
// PrivateKey must be set for client-side authentication channels
|
|
PrivateKey *rsa.PrivateKey
|
|
// Server Hostname must be set for client-side authentication channels
|
|
ServerHostname string
|
|
|
|
// Internal state
|
|
clientCookie, serverCookie [16]byte
|
|
channel *Channel
|
|
}
|
|
|
|
// AuthChannelHandler ...
|
|
type AuthChannelHandler interface {
|
|
// Client
|
|
ClientAuthResult(accepted bool, isKnownContact bool)
|
|
|
|
// Server
|
|
ServerAuthValid(hostname string, publicKey rsa.PublicKey) (allowed, known bool)
|
|
ServerAuthInvalid(err error)
|
|
}
|
|
|
|
// Type returns the type string for this channel, e.g. "im.ricochet.chat".
|
|
func (ah *HiddenServiceAuthChannel) Type() string {
|
|
return "im.ricochet.auth.hidden-service"
|
|
}
|
|
|
|
// Singleton Returns whether or not the given channel type is a singleton
|
|
func (ah *HiddenServiceAuthChannel) Singleton() bool {
|
|
return true
|
|
}
|
|
|
|
// OnlyClientCanOpen ...
|
|
func (ah *HiddenServiceAuthChannel) OnlyClientCanOpen() bool {
|
|
return true
|
|
}
|
|
|
|
// Bidirectional Returns whether or not the given channel allows anyone to send messages
|
|
func (ah *HiddenServiceAuthChannel) Bidirectional() bool {
|
|
return false
|
|
}
|
|
|
|
// RequiresAuthentication Returns whether or not the given channel type requires authentication
|
|
func (ah *HiddenServiceAuthChannel) RequiresAuthentication() string {
|
|
return "none"
|
|
}
|
|
|
|
// Closed is called when the channel is closed for any reason.
|
|
func (ah *HiddenServiceAuthChannel) Closed(err error) {
|
|
|
|
}
|
|
|
|
// OpenInbound is the first method called for an inbound channel request.
|
|
// If an error is returned, the channel is rejected. If a RawMessage is
|
|
// returned, it will be sent as the ChannelResult message.
|
|
// Remote -> [Open Authentication Channel] -> Local
|
|
func (ah *HiddenServiceAuthChannel) OpenInbound(channel *Channel, oc *Protocol_Data_Control.OpenChannel) ([]byte, error) {
|
|
ah.channel = channel
|
|
clientCookie, _ := proto.GetExtension(oc, Protocol_Data_AuthHiddenService.E_ClientCookie)
|
|
if len(clientCookie.([]byte)[:]) != 16 {
|
|
// reutrn without opening channel.
|
|
return nil, errors.New("invalid client cookie")
|
|
}
|
|
ah.AddClientCookie(clientCookie.([]byte)[:])
|
|
messageBuilder := new(utils.MessageBuilder)
|
|
channel.Pending = false
|
|
return messageBuilder.ConfirmAuthChannel(ah.channel.ID, ah.GenServerCookie()), nil
|
|
}
|
|
|
|
// OpenOutbound is the first method called for an outbound channel request.
|
|
// If an error is returned, the channel is not opened. If a RawMessage is
|
|
// returned, it will be sent as the OpenChannel message.
|
|
// Local -> [Open Authentication Channel] -> Remote
|
|
func (ah *HiddenServiceAuthChannel) OpenOutbound(channel *Channel) ([]byte, error) {
|
|
ah.channel = channel
|
|
messageBuilder := new(utils.MessageBuilder)
|
|
return messageBuilder.OpenAuthenticationChannel(ah.channel.ID, ah.GenClientCookie()), nil
|
|
}
|
|
|
|
// OpenOutboundResult is called when a response is received for an
|
|
// outbound OpenChannel request. If `err` is non-nil, the channel was
|
|
// rejected and Closed will be called immediately afterwards. `raw`
|
|
// contains the raw protocol message including any extension data.
|
|
// Input: Remote -> [ChannelResult] -> {Client}
|
|
// Output: {Client} -> [Proof] -> Remote
|
|
func (ah *HiddenServiceAuthChannel) OpenOutboundResult(err error, crm *Protocol_Data_Control.ChannelResult) {
|
|
|
|
if err == nil {
|
|
|
|
if crm.GetOpened() {
|
|
serverCookie, _ := proto.GetExtension(crm, Protocol_Data_AuthHiddenService.E_ServerCookie)
|
|
|
|
if len(serverCookie.([]byte)[:]) != 16 {
|
|
ah.channel.SendMessage([]byte{})
|
|
return
|
|
}
|
|
|
|
ah.AddServerCookie(serverCookie.([]byte)[:])
|
|
|
|
publicKeyBytes, _ := asn1.Marshal(rsa.PublicKey{
|
|
N: ah.PrivateKey.PublicKey.N,
|
|
E: ah.PrivateKey.PublicKey.E,
|
|
})
|
|
|
|
clientHostname := utils.GetTorHostname(publicKeyBytes)
|
|
challenge := ah.GenChallenge(clientHostname, ah.ServerHostname)
|
|
|
|
signature, err := rsa.SignPKCS1v15(nil, ah.PrivateKey, crypto.SHA256, challenge)
|
|
|
|
if err != nil {
|
|
ah.channel.SendMessage([]byte{})
|
|
return
|
|
}
|
|
|
|
messageBuilder := new(utils.MessageBuilder)
|
|
proof := messageBuilder.Proof(publicKeyBytes, signature)
|
|
ah.channel.SendMessage(proof)
|
|
}
|
|
}
|
|
}
|
|
|
|
// Packet is called for each raw packet received on this channel.
|
|
// Input: Remote -> [Proof] -> Client
|
|
// OR
|
|
// Input: Remote -> [Result] -> Client
|
|
func (ah *HiddenServiceAuthChannel) Packet(data []byte) {
|
|
res := new(Protocol_Data_AuthHiddenService.Packet)
|
|
err := proto.Unmarshal(data[:], res)
|
|
|
|
if err != nil {
|
|
ah.channel.CloseChannel()
|
|
return
|
|
}
|
|
|
|
if res.GetProof() != nil && ah.channel.Direction == Inbound {
|
|
provisionalClientHostname := utils.GetTorHostname(res.GetProof().GetPublicKey())
|
|
|
|
publicKeyBytes, err := asn1.Marshal(rsa.PublicKey{
|
|
N: ah.PrivateKey.PublicKey.N,
|
|
E: ah.PrivateKey.PublicKey.E,
|
|
})
|
|
|
|
if err != nil {
|
|
ah.Handler.ServerAuthInvalid(err)
|
|
ah.channel.SendMessage([]byte{})
|
|
return
|
|
}
|
|
|
|
serverHostname := utils.GetTorHostname(publicKeyBytes)
|
|
|
|
publicKey := rsa.PublicKey{}
|
|
_, err = asn1.Unmarshal(res.GetProof().GetPublicKey(), &publicKey)
|
|
if err != nil {
|
|
ah.Handler.ServerAuthInvalid(err)
|
|
ah.channel.SendMessage([]byte{})
|
|
return
|
|
}
|
|
|
|
challenge := ah.GenChallenge(provisionalClientHostname, serverHostname)
|
|
|
|
err = rsa.VerifyPKCS1v15(&publicKey, crypto.SHA256, challenge[:], res.GetProof().GetSignature())
|
|
|
|
if err == nil {
|
|
// Signature is Good
|
|
accepted, isKnownContact := ah.Handler.ServerAuthValid(provisionalClientHostname, publicKey)
|
|
|
|
// Send Result
|
|
messageBuilder := new(utils.MessageBuilder)
|
|
result := messageBuilder.AuthResult(accepted, isKnownContact)
|
|
ah.channel.DelegateAuthorization()
|
|
ah.channel.SendMessage(result)
|
|
} else {
|
|
// Auth Failed
|
|
messageBuilder := new(utils.MessageBuilder)
|
|
result := messageBuilder.AuthResult(false, false)
|
|
ah.channel.SendMessage(result)
|
|
ah.Handler.ServerAuthInvalid(err)
|
|
}
|
|
|
|
} else if res.GetResult() != nil && ah.channel.Direction == Outbound {
|
|
ah.Handler.ClientAuthResult(res.GetResult().GetAccepted(), res.GetResult().GetIsKnownContact())
|
|
if res.GetResult().GetAccepted() {
|
|
ah.channel.DelegateAuthorization()
|
|
}
|
|
}
|
|
|
|
// Any other combination of packets is completely invalid
|
|
// Fail the Authorization right here.
|
|
ah.channel.CloseChannel()
|
|
}
|
|
|
|
// AddClientCookie adds a client cookie to the state.
|
|
func (ah *HiddenServiceAuthChannel) AddClientCookie(cookie []byte) {
|
|
copy(ah.clientCookie[:], cookie[:16])
|
|
}
|
|
|
|
// AddServerCookie adds a server cookie to the state.
|
|
func (ah *HiddenServiceAuthChannel) AddServerCookie(cookie []byte) {
|
|
copy(ah.serverCookie[:], cookie[:16])
|
|
}
|
|
|
|
// GenRandom generates a random 16byte cookie string.
|
|
func (ah *HiddenServiceAuthChannel) GenRandom() [16]byte {
|
|
var cookie [16]byte
|
|
io.ReadFull(rand.Reader, cookie[:])
|
|
return cookie
|
|
}
|
|
|
|
// GenClientCookie generates and adds a client cookie to the state.
|
|
func (ah *HiddenServiceAuthChannel) GenClientCookie() [16]byte {
|
|
ah.clientCookie = ah.GenRandom()
|
|
return ah.clientCookie
|
|
}
|
|
|
|
// GenServerCookie generates and adds a server cookie to the state.
|
|
func (ah *HiddenServiceAuthChannel) GenServerCookie() [16]byte {
|
|
ah.serverCookie = ah.GenRandom()
|
|
return ah.serverCookie
|
|
}
|
|
|
|
// GenChallenge constructs the challenge parameter for the AuthHiddenService session.
|
|
// The challenge is the a Sha256HMAC(clientHostname+serverHostname, key=clientCookie+serverCookie)
|
|
func (ah *HiddenServiceAuthChannel) GenChallenge(clientHostname string, serverHostname string) []byte {
|
|
key := make([]byte, 32)
|
|
copy(key[0:16], ah.clientCookie[:])
|
|
copy(key[16:], ah.serverCookie[:])
|
|
log.Printf("CHALLENGE: %s %s %v", clientHostname, serverHostname, key)
|
|
value := []byte(clientHostname + serverHostname)
|
|
mac := hmac.New(sha256.New, key)
|
|
mac.Write(value)
|
|
hmac := mac.Sum(nil)
|
|
return hmac
|
|
}
|