Refactor - SecureSession to SessionContext

This commit is contained in:
John Jones 2017-03-19 07:42:52 -05:00
parent 8463e0b06b
commit 69cbff9cd6
6 changed files with 67 additions and 62 deletions

View file

@ -0,0 +1,43 @@
/***
* Holds the details of communication between two hosts
*/
enum IPTrafficType { TCP, UDP };
struct SessionContext {
// to get the connection started
char* host;
int port;
enum IPTrafficType traffic_type;
// once the connection is established
struct Stream* insecure_stream;
struct Stream* secure_stream;
struct Stream* default_stream;
// filled in during negotiations
char* chosen_curve;
char* chosen_cipher;
char* chosen_hash;
unsigned char* shared_key; // a shared key based off of the ephemeral private key
size_t shared_key_size;
unsigned char* mac;
size_t mac_size;
/**
* The mac function to use
* @param 1 the incoming data bytes
* @param 2 the size of the incoming array
* @param 3 the results. Must be allocated to correct size (or larger)
* @returns true(1) on success, false(0) otherwise
*/
int (*mac_function)(const unsigned char*, size_t, unsigned char*);
// local only stuff
char local_nonce[16];
struct EphemeralPrivateKey* ephemeral_private_key;
struct StretchedKey* local_stretched_key;
// remote stuff
char remote_nonce[16];
struct PublicKey remote_key;
char* remote_peer_id;
struct StretchedKey* remote_stretched_key;
unsigned char* remote_ephemeral_public_key;
size_t remote_ephemeral_public_key_size;
};

View file

@ -2,50 +2,12 @@
#include "libp2p/crypto/key.h" #include "libp2p/crypto/key.h"
#include "libp2p/crypto/rsa.h" #include "libp2p/crypto/rsa.h"
#include "libp2p/conn/session.h"
/** /**
* A secure connection * Handling of a secure connection
*/ */
enum IPTrafficType { TCP, UDP };
struct SecureSession {
// to get the connection started
char* host;
int port;
enum IPTrafficType traffic_type;
// once the connection is established
struct Stream* insecure_stream;
struct Stream* secure_stream;
struct Stream* default_stream;
// filled in during negotiations
char* chosen_curve;
char* chosen_cipher;
char* chosen_hash;
unsigned char* shared_key; // a shared key based off of the ephemeral private key
size_t shared_key_size;
unsigned char* mac;
size_t mac_size;
/**
* The mac function to use
* @param 1 the incoming data bytes
* @param 2 the size of the incoming array
* @param 3 the results. Must be allocated to correct size (or larger)
* @returns true(1) on success, false(0) otherwise
*/
int (*mac_function)(const unsigned char*, size_t, unsigned char*);
// local only stuff
char local_nonce[16];
struct EphemeralPrivateKey* ephemeral_private_key;
struct StretchedKey* local_stretched_key;
// remote stuff
char remote_nonce[16];
struct PublicKey remote_key;
char* remote_peer_id;
struct StretchedKey* remote_stretched_key;
unsigned char* remote_ephemeral_public_key;
size_t remote_ephemeral_public_key_size;
};
/*** /***
* performs initial communication over an insecure channel to share * performs initial communication over an insecure channel to share
@ -55,4 +17,4 @@ struct SecureSession {
* @param remote_requested the other side is who asked for the upgrade * @param remote_requested the other side is who asked for the upgrade
* @returns true(1) on success, false(0) otherwise * @returns true(1) on success, false(0) otherwise
*/ */
int libp2p_secio_handshake(struct SecureSession* session, struct RsaPrivateKey* private_key, int remote_requested); int libp2p_secio_handshake(struct SessionContext* session, struct RsaPrivateKey* private_key, int remote_requested);

View file

@ -16,7 +16,7 @@
*/ */
int libp2p_net_multistream_close(void* stream_context) { int libp2p_net_multistream_close(void* stream_context) {
struct SecureSession* secure_context = (struct SecureSession*)stream_context; struct SessionContext* secure_context = (struct SessionContext*)stream_context;
struct Stream* stream = secure_context->insecure_stream; struct Stream* stream = secure_context->insecure_stream;
close((intptr_t)stream->socket_descriptor); close((intptr_t)stream->socket_descriptor);
return 1; return 1;
@ -30,7 +30,7 @@ int libp2p_net_multistream_close(void* stream_context) {
* @returns the number of bytes written * @returns the number of bytes written
*/ */
int libp2p_net_multistream_write(void* stream_context, const unsigned char* data, size_t data_length) { int libp2p_net_multistream_write(void* stream_context, const unsigned char* data, size_t data_length) {
struct SecureSession* secure_context = (struct SecureSession*)stream_context; struct SessionContext* secure_context = (struct SessionContext*)stream_context;
struct Stream* stream = secure_context->insecure_stream; struct Stream* stream = secure_context->insecure_stream;
int num_bytes = 0; int num_bytes = 0;
@ -57,7 +57,7 @@ int libp2p_net_multistream_write(void* stream_context, const unsigned char* data
* @returns number of bytes received * @returns number of bytes received
*/ */
int libp2p_net_multistream_read(void* stream_context, unsigned char** results, size_t* results_size) { int libp2p_net_multistream_read(void* stream_context, unsigned char** results, size_t* results_size) {
struct SecureSession* secure_context = (struct SecureSession*)stream_context; struct SessionContext* secure_context = (struct SessionContext*)stream_context;
struct Stream* stream = secure_context->insecure_stream; struct Stream* stream = secure_context->insecure_stream;
int bytes = 0; int bytes = 0;
size_t buffer_size = 65535; size_t buffer_size = 65535;
@ -135,7 +135,7 @@ struct Stream* libp2p_net_multistream_connect(const char* hostname, int port) {
if (stream == NULL) if (stream == NULL)
goto exit; goto exit;
struct SecureSession session; struct SessionContext session;
session.insecure_stream = stream; session.insecure_stream = stream;
session.default_stream = stream; session.default_stream = stream;
@ -170,7 +170,7 @@ int libp2p_net_multistream_negotiate(struct Stream* stream) {
size_t results_length = 0; size_t results_length = 0;
int retVal = 0; int retVal = 0;
// send the protocol id // send the protocol id
struct SecureSession secure_session; struct SessionContext secure_session;
secure_session.insecure_stream = stream; secure_session.insecure_stream = stream;
secure_session.default_stream = stream; secure_session.default_stream = stream;
if (!libp2p_net_multistream_write(&secure_session, (unsigned char*)protocolID, strlen(protocolID))) if (!libp2p_net_multistream_write(&secure_session, (unsigned char*)protocolID, strlen(protocolID)))

View file

@ -29,8 +29,8 @@ const char* SupportedHashes = "SHA256,SHA512";
* Create a new SecureSession struct * Create a new SecureSession struct
* @returns a pointer to a new SecureSession object * @returns a pointer to a new SecureSession object
*/ */
struct SecureSession* libp2p_secio_secure_session_new() { struct SessionContext* libp2p_secio_secure_session_new() {
struct SecureSession* ss = (struct SecureSession*) malloc(sizeof(struct SecureSession)); struct SessionContext* ss = (struct SessionContext*) malloc(sizeof(struct SessionContext));
if (ss == NULL) if (ss == NULL)
return NULL; return NULL;
ss->insecure_stream = NULL; ss->insecure_stream = NULL;
@ -42,7 +42,7 @@ struct SecureSession* libp2p_secio_secure_session_new() {
* Clean up resources from a SecureSession struct * Clean up resources from a SecureSession struct
* @param in the SecureSession to be deallocated * @param in the SecureSession to be deallocated
*/ */
void libp2p_secio_secure_session_free(struct SecureSession* in) { void libp2p_secio_secure_session_free(struct SessionContext* in) {
//TODO: should we close the socket? //TODO: should we close the socket?
free(in); free(in);
} }
@ -371,7 +371,7 @@ int libp2p_secio_stretch_keys(char* cipherType, char* hashType, unsigned char* s
return retVal; return retVal;
} }
int libp2p_secio_make_mac_and_cipher(struct SecureSession* session, struct StretchedKey* stretched_key) { int libp2p_secio_make_mac_and_cipher(struct SessionContext* session, struct StretchedKey* stretched_key) {
// mac // mac
if (strcmp(session->chosen_hash, "SHA1") == 0) { if (strcmp(session->chosen_hash, "SHA1") == 0) {
stretched_key->mac_size = 40; stretched_key->mac_size = 40;
@ -410,7 +410,7 @@ int libp2p_secio_make_mac_and_cipher(struct SecureSession* session, struct Stret
* @param data_length the number of bytes to write * @param data_length the number of bytes to write
* @returns the number of bytes written * @returns the number of bytes written
*/ */
int libp2p_secio_unencrypted_write(struct SecureSession* session, unsigned char* bytes, size_t data_length) { int libp2p_secio_unencrypted_write(struct SessionContext* session, unsigned char* bytes, size_t data_length) {
int num_bytes = 0; int num_bytes = 0;
if (data_length > 0) { // only do this is if there is something to send if (data_length > 0) { // only do this is if there is something to send
@ -461,7 +461,7 @@ int libp2p_secio_unencrypted_write(struct SecureSession* session, unsigned char*
* @param results_size the size of the results * @param results_size the size of the results
* @returns the number of bytes read * @returns the number of bytes read
*/ */
int libp2p_secio_unencrypted_read(struct SecureSession* session, unsigned char** results, size_t* results_size) { int libp2p_secio_unencrypted_read(struct SessionContext* session, unsigned char** results, size_t* results_size) {
uint32_t buffer_size; uint32_t buffer_size;
// first read the 4 byte integer // first read the 4 byte integer
@ -524,7 +524,7 @@ int libp2p_secio_unencrypted_read(struct SecureSession* session, unsigned char**
* @param outgoing_size the amount of memory allocated * @param outgoing_size the amount of memory allocated
* @returns true(1) on success, otherwise false(0) * @returns true(1) on success, otherwise false(0)
*/ */
int libp2p_secio_encrypt(const struct SecureSession* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size) { int libp2p_secio_encrypt(const struct SessionContext* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size) {
unsigned char* buffer = NULL; unsigned char* buffer = NULL;
size_t buffer_size = 0; size_t buffer_size = 0;
@ -564,7 +564,7 @@ int libp2p_secio_encrypt(const struct SecureSession* session, const unsigned cha
* @returns the number of bytes written * @returns the number of bytes written
*/ */
int libp2p_secio_encrypted_write(void* stream_context, const unsigned char* bytes, size_t num_bytes) { int libp2p_secio_encrypted_write(void* stream_context, const unsigned char* bytes, size_t num_bytes) {
struct SecureSession* session = (struct SecureSession*) stream_context; struct SessionContext* session = (struct SessionContext*) stream_context;
// writer uses the local cipher and mac // writer uses the local cipher and mac
unsigned char* buffer = NULL; unsigned char* buffer = NULL;
size_t buffer_size = 0; size_t buffer_size = 0;
@ -584,7 +584,7 @@ int libp2p_secio_encrypted_write(void* stream_context, const unsigned char* byte
* @param outgoing_size the amount of memory allocated for the results * @param outgoing_size the amount of memory allocated for the results
* @returns number of unencrypted bytes * @returns number of unencrypted bytes
*/ */
int libp2p_secio_decrypt(const struct SecureSession* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size) { int libp2p_secio_decrypt(const struct SessionContext* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size) {
size_t data_section_size = incoming_size - 32; size_t data_section_size = incoming_size - 32;
*outgoing_size = 0; *outgoing_size = 0;
unsigned char* buffer; unsigned char* buffer;
@ -626,7 +626,7 @@ int libp2p_secio_decrypt(const struct SecureSession* session, const unsigned cha
* @returns the number of bytes read * @returns the number of bytes read
*/ */
int libp2p_secio_encrypted_read(void* stream_context, unsigned char** bytes, size_t* num_bytes) { int libp2p_secio_encrypted_read(void* stream_context, unsigned char** bytes, size_t* num_bytes) {
struct SecureSession* session = (struct SecureSession*)stream_context; struct SessionContext* session = (struct SessionContext*)stream_context;
// reader uses the remote cipher and mac // reader uses the remote cipher and mac
// read the data // read the data
unsigned char* incoming = NULL; unsigned char* incoming = NULL;
@ -645,7 +645,7 @@ int libp2p_secio_encrypted_read(void* stream_context, unsigned char** bytes, siz
* @param remote_requested it is the other side that requested the upgrade to secio * @param remote_requested it is the other side that requested the upgrade to secio
* @returns true(1) on success, false(0) otherwise * @returns true(1) on success, false(0) otherwise
*/ */
int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivateKey* private_key, int remote_requested) { int libp2p_secio_handshake(struct SessionContext* local_session, struct RsaPrivateKey* private_key, int remote_requested) {
int retVal = 0; int retVal = 0;
size_t results_size = 0, bytes_written = 0; size_t results_size = 0, bytes_written = 0;
unsigned char* propose_in_bytes = NULL; // the remote protobuf unsigned char* propose_in_bytes = NULL; // the remote protobuf

View file

@ -28,7 +28,7 @@ int test_multistream_get_list() {
size_t response_size; size_t response_size;
char* filtered = NULL; char* filtered = NULL;
struct SecureSession session; struct SessionContext session;
session.insecure_stream = libp2p_net_multistream_connect("104.131.131.82", 4001); session.insecure_stream = libp2p_net_multistream_connect("104.131.131.82", 4001);
if (*((int*)session.insecure_stream->socket_descriptor) < 0) if (*((int*)session.insecure_stream->socket_descriptor) < 0)

View file

@ -20,7 +20,7 @@ int test_secio_handshake() {
unsigned char final_id[final_id_size]; unsigned char final_id[final_id_size];
struct PrivateKey* private_key = NULL; struct PrivateKey* private_key = NULL;
struct SecureSession secure_session = {0}; struct SessionContext secure_session = {0};
// 1) take the private key and turn it back into bytes (decode base 64) // 1) take the private key and turn it back into bytes (decode base 64)
decode_base64_size = libp2p_crypto_encoding_base64_decode_size(strlen(orig_priv_key)); decode_base64_size = libp2p_crypto_encoding_base64_decode_size(strlen(orig_priv_key));
@ -85,8 +85,8 @@ int test_secio_handshake() {
return retVal; return retVal;
} }
int libp2p_secio_encrypt(const struct SecureSession* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size); int libp2p_secio_encrypt(const struct SessionContext* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size);
int libp2p_secio_decrypt(const struct SecureSession* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size); int libp2p_secio_decrypt(const struct SessionContext* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size);
int test_secio_encrypt_decrypt() { int test_secio_encrypt_decrypt() {
unsigned char* original = "This is a test message"; unsigned char* original = "This is a test message";
@ -95,7 +95,7 @@ int test_secio_encrypt_decrypt() {
size_t encrypted_size = 0; size_t encrypted_size = 0;
unsigned char* results = NULL; unsigned char* results = NULL;
size_t results_size = 0; size_t results_size = 0;
struct SecureSession secure_session; struct SessionContext secure_session;
struct StretchedKey stretched_key; struct StretchedKey stretched_key;
secure_session.local_stretched_key = &stretched_key; secure_session.local_stretched_key = &stretched_key;
secure_session.remote_stretched_key = &stretched_key; secure_session.remote_stretched_key = &stretched_key;