whoops those aren't bits are they
Change-Id: I2aaf2bbed5d2467a16d58e9a241d497d9ad2db5b
diff --git a/runtime/internal/flow/conn/grpc/conn.go b/runtime/internal/flow/conn/grpc/conn.go
index 08fa993..c3a532e 100644
--- a/runtime/internal/flow/conn/grpc/conn.go
+++ b/runtime/internal/flow/conn/grpc/conn.go
@@ -10,6 +10,7 @@
"errors"
"fmt"
"io"
+ "log"
"net"
"time"
@@ -28,7 +29,7 @@
secretKey *[32]byte
sharedKey *[32]byte
binding []byte
- nonce [24]byte // TODO: do I need a second nonce?
+ nonce [24]byte // TODO: do I need a second nonce? Does this need to be random?
counter uint64 // Why is this so weirdly handled in advanceNonce?
}
@@ -36,6 +37,7 @@
resBuf := make([]byte, 4096) // TODO better (dynamic) size or way of reading?
bytesRead, err := c.rawConn.Read(resBuf)
if err != nil {
+ log.Fatalf("Could not read.\n")
return bytesRead, err
}
@@ -43,10 +45,12 @@
out, ok := box.OpenAfterPrecomputation(tmp, resBuf[:bytesRead], c.currentNonce(), c.sharedKey)
c.advanceNonce() // TODO: defer? Is there harm in advancing often than necessary (i.e. on error)?
if !ok {
+ log.Fatalf("Could not unbox.\n")
return -1, err
}
copy(b, out)
// should we return bytesRead or len(b)?
+ log.Fatalf("It worked!\n")
return bytesRead, errors.New("Wait, did this work?")
}
@@ -57,10 +61,12 @@
c.advanceNonce()
bytesCopied, err := io.Copy(c.rawConn, bytes.NewReader(out))
if err != nil {
+ log.Fatalf("Could not write.\n")
return int(bytesCopied), err
}
if bytesCopied != int64(len(out)) {
errMsg := fmt.Sprintf("Did not write entire message. Expected to write %d bytes but wrote %d.", len(out), bytesCopied)
+ log.Fatalf("Did not write entire message. Expected to write %d bytes but wrote %d.", len(out), bytesCopied)
return -1, errors.New(errMsg)
}
return int(bytesCopied), nil
diff --git a/runtime/internal/flow/conn/grpc/grpc.go b/runtime/internal/flow/conn/grpc/grpc.go
index b6e6dba..3dc24bf 100644
--- a/runtime/internal/flow/conn/grpc/grpc.go
+++ b/runtime/internal/flow/conn/grpc/grpc.go
@@ -7,8 +7,8 @@
// TODO(krakauer): better name
import (
- "bufio"
- "bytes"
+ _ "bufio"
+ _ "bytes"
"crypto/rand"
"encoding/binary"
_ "errors"
@@ -79,29 +79,22 @@
// 6 - Caveat and discharge support
func ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
log.Printf("In ServerHandshake.\n")
- return setupSharedSecrets(rawConn, false)
+ return setupSharedSecrets(rawConn, true)
}
// Generates the shared key and channel bindings for both the server and client handshakes.
func setupSharedSecrets(rawConn net.Conn, doprint bool) (net.Conn, credentials.AuthInfo, error) {
- // TODO sk
- // TODO a lot
- pk, _, err := box.GenerateKey(rand.Reader)
- // We know that pk is 32 bits, so it's safe to downcast to uint32. TODO make this a helper
- pk64, err := binary.ReadUvarint(bufio.NewReader(bytes.NewReader(pk[:])))
- if err != nil {
- return nil, nil, err
- }
-
+ pk, sk, err := box.GenerateKey(rand.Reader)
setupReq := &handshake.Setup{
// Versions are typedefed uint32s.
MinVersion: uint32(version.Supported.Min),
MaxVersion: uint32(version.Supported.Max),
- PeerNaclPublicKey: uint32(pk64),
+ PeerNaclPublicKey: binary.LittleEndian.Uint32(pk[:]),
Mtu: defaultMtu,
}
if doprint {
log.Printf("setupReq: %v", setupReq)
+ log.Printf("pk: %v", pk)
}
// Now we have to send this message to the server... do we just send it over rawConn while using box?
@@ -136,14 +129,34 @@
}
return nil, nil, err
}
- if doprint {
- log.Printf("setupRes: %v", setupRes)
- }
+
// TODO: negotiate stuff with the remote (version, mtu, etc.). For now, we are using identical
// protos, so get this working after.
+ var sharedKey [32]byte
+ var peerPublicKey = make([]byte, 32) // TODO does this need both?
+ binary.LittleEndian.PutUint32(peerPublicKey, setupRes.PeerNaclPublicKey)
+ var peerPublicKeyArr [32]byte
+ copy(peerPublicKeyArr[:], peerPublicKey)
+ box.Precompute(&sharedKey, &peerPublicKeyArr, sk)
+ if doprint {
+ log.Printf("setupRes: %v", setupRes)
+ log.Printf("peerPublicKeyArr: %v", peerPublicKeyArr)
+ log.Printf("sharedKey: %v\n", sharedKey)
+ }
- // TODO: wrong, just getting this to compile
- return rawConn, GRPCInfo{}, nil
+ // TODO: maybe this should use a constructor. Also, we can just read the keys directly into this.
+ // Declare this at the beginning.
+ secureConn := &conn{
+ rawConn: rawConn,
+ publicKey: pk,
+ secretKey: sk,
+ sharedKey: &sharedKey,
+ // binding: /* TODO */,
+ }
+
+ log.Printf("secureConn: %#v\n", secureConn)
+
+ return secureConn, GRPCInfo{}, nil
}
func SecurityProtocol() string {
diff --git a/runtime/internal/flow/conn/grpc/handshake/handshake.pb.go b/runtime/internal/flow/conn/grpc/handshake/handshake.pb.go
index aa92d02..c917089 100644
--- a/runtime/internal/flow/conn/grpc/handshake/handshake.pb.go
+++ b/runtime/internal/flow/conn/grpc/handshake/handshake.pb.go
@@ -31,7 +31,7 @@
type Setup struct {
MinVersion uint32 `protobuf:"varint,1,opt,name=min_version,json=minVersion" json:"min_version,omitempty"`
MaxVersion uint32 `protobuf:"varint,2,opt,name=max_version,json=maxVersion" json:"max_version,omitempty"`
- PeerNaclPublicKey uint32 `protobuf:"varint,3,opt,name=peer_nacl_public_key,json=peerNaclPublicKey" json:"peer_nacl_public_key,omitempty"`
+ PeerNaclPublicKey []byte `protobuf:"bytes,3,opt,name=peer_nacl_public_key,json=peerNaclPublicKey,proto3" json:"peer_nacl_public_key,omitempty"`
Mtu uint64 `protobuf:"varint,4,opt,name=mtu" json:"mtu,omitempty"`
}
@@ -47,15 +47,15 @@
func init() { proto.RegisterFile("handshake.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
- // 154 bytes of a gzipped FileDescriptorProto
+ // 156 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xe2, 0xe2, 0xcf, 0x48, 0xcc, 0x4b,
0x29, 0xce, 0x48, 0xcc, 0x4e, 0xd5, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x84, 0x0b, 0x28,
0xf5, 0x30, 0x72, 0xb1, 0x06, 0xa7, 0x96, 0x94, 0x16, 0x08, 0xc9, 0x73, 0x71, 0xe7, 0x66, 0xe6,
0xc5, 0x97, 0xa5, 0x16, 0x15, 0x67, 0xe6, 0xe7, 0x49, 0x30, 0x2a, 0x30, 0x6a, 0xf0, 0x06, 0x71,
0x01, 0x85, 0xc2, 0x20, 0x22, 0x60, 0x05, 0x89, 0x15, 0x70, 0x05, 0x4c, 0x50, 0x05, 0x89, 0x15,
0x30, 0x05, 0xfa, 0x5c, 0x22, 0x05, 0xa9, 0xa9, 0x45, 0xf1, 0x79, 0x89, 0xc9, 0x39, 0xf1, 0x05,
- 0xa5, 0x49, 0x39, 0x99, 0xc9, 0xf1, 0xd9, 0xa9, 0x95, 0x12, 0xcc, 0x60, 0x95, 0x82, 0x20, 0x39,
- 0x3f, 0xa0, 0x54, 0x00, 0x58, 0xc6, 0x3b, 0xb5, 0x52, 0x48, 0x80, 0x8b, 0x39, 0xb7, 0xa4, 0x54,
- 0x82, 0x05, 0x28, 0xcf, 0x12, 0x04, 0x62, 0x26, 0xb1, 0x81, 0x1d, 0x68, 0x0c, 0x08, 0x00, 0x00,
- 0xff, 0xff, 0x1b, 0x09, 0xff, 0xbc, 0xb3, 0x00, 0x00, 0x00,
+ 0xa5, 0x49, 0x39, 0x99, 0xc9, 0xf1, 0xd9, 0xa9, 0x95, 0x12, 0xcc, 0x40, 0x95, 0x3c, 0x41, 0x82,
+ 0x20, 0x39, 0x3f, 0xa0, 0x54, 0x00, 0x58, 0xc6, 0x3b, 0xb5, 0x52, 0x48, 0x80, 0x8b, 0x39, 0xb7,
+ 0xa4, 0x54, 0x82, 0x05, 0x28, 0xcf, 0x12, 0x04, 0x62, 0x26, 0xb1, 0x81, 0x1d, 0x68, 0x0c, 0x08,
+ 0x00, 0x00, 0xff, 0xff, 0x88, 0x92, 0x36, 0xc3, 0xb3, 0x00, 0x00, 0x00,
}
diff --git a/runtime/internal/flow/conn/grpc/handshake/handshake.proto b/runtime/internal/flow/conn/grpc/handshake/handshake.proto
index 2158c9e..c8bd337 100644
--- a/runtime/internal/flow/conn/grpc/handshake/handshake.proto
+++ b/runtime/internal/flow/conn/grpc/handshake/handshake.proto
@@ -5,6 +5,6 @@
message Setup {
uint32 min_version = 1;
uint32 max_version = 2;
- uint32 peer_nacl_public_key = 3;
+ bytes peer_nacl_public_key = 3; // TODO would this be better off as a byte array?
uint64 mtu = 4;
}
