Refactor auth and increase MSS to 16384

geph-official · Mar 17, 2024 · 3227056 · 3227056
1 parent 400d18e
commit 3227056
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 11 deletions.
diff --git a/binaries/geph5-bridge/src/main.rs b/binaries/geph5-bridge/src/main.rs
@@ -72,7 +72,7 @@ async fn broker_upload_loop(control_listen: SocketAddr, control_cookie: String)
             "uploading..."
         );
         broker_rpc
-            .put_bridge(Mac::new(
+            .insert_bridge(Mac::new(
                 BridgeDescriptor {
                     control_listen,
                     control_cookie: control_cookie.clone(),

diff --git a/binaries/geph5-broker/src/rpc_impl.rs b/binaries/geph5-broker/src/rpc_impl.rs
@@ -92,7 +92,10 @@ impl BrokerProtocol for BrokerImpl {
         Ok(RouteDescriptor::Race(routes))
     }
 
-    async fn put_exit(&self, descriptor: Mac<Signed<ExitDescriptor>>) -> Result<(), GenericError> {
+    async fn insert_exit(
+        &self,
+        descriptor: Mac<Signed<ExitDescriptor>>,
+    ) -> Result<(), GenericError> {
         let descriptor =
             descriptor.verify(blake3::hash(CONFIG_FILE.wait().exit_token.as_bytes()).as_bytes())?;
         let pubkey = descriptor.pubkey;
@@ -110,7 +113,7 @@ impl BrokerProtocol for BrokerImpl {
         Ok(())
     }
 
-    async fn put_bridge(&self, descriptor: Mac<BridgeDescriptor>) -> Result<(), GenericError> {
+    async fn insert_bridge(&self, descriptor: Mac<BridgeDescriptor>) -> Result<(), GenericError> {
         let descriptor = descriptor
             .verify(blake3::hash(CONFIG_FILE.wait().bridge_token.as_bytes()).as_bytes())?;
 

diff --git a/binaries/geph5-client/src/client/inner.rs b/binaries/geph5-client/src/client/inner.rs
@@ -8,7 +8,7 @@ use geph5_misc_rpc::{
 };
 use nursery_macro::nursery;
 use picomux::{LivenessConfig, PicoMux};
-use sillad::{dialer::Dialer as _, Pipe};
+use sillad::{dialer::Dialer as _, EitherPipe, Pipe};
 use smol::future::FutureExt as _;
 use smol_timeout::TimeoutExt;
 use std::{
@@ -113,8 +113,31 @@ async fn client_inner(ctx: AnyCtx<Config>, authed_pipe: impl Pipe) -> anyhow::Re
 
 #[tracing::instrument(skip_all, fields(pubkey = hex::encode(pubkey.as_bytes())))]
 async fn client_auth(mut pipe: impl Pipe, pubkey: VerifyingKey) -> anyhow::Result<impl Pipe> {
-    match pipe.shared_secret() {
-        Some(_) => todo!(),
+    match pipe.shared_secret().map(|s| s.to_owned()) {
+        Some(ss) => {
+            tracing::debug!("using shared secret for authentication");
+            let challenge = rand::random();
+            let client_hello = ClientHello {
+                credentials: Default::default(), // no authentication support yet
+                crypt_hello: ClientCryptHello::SharedSecretChallenge(challenge),
+            };
+            write_prepend_length(&client_hello.stdcode(), &mut pipe).await?;
+
+            let mac = blake3::keyed_hash(&challenge, &ss);
+            let exit_response: ExitHello =
+                stdcode::deserialize(&read_prepend_length(&mut pipe).await?)?;
+            match exit_response.inner {
+                ExitHelloInner::SharedSecretResponse(response_mac) => {
+                    if mac == response_mac {
+                        tracing::debug!("authentication successful with shared secret");
+                        Ok(EitherPipe::Left(pipe))
+                    } else {
+                        anyhow::bail!("authentication failed with shared secret");
+                    }
+                }
+                _ => anyhow::bail!("unexpected response from server"),
+            }
+        }
         None => {
             tracing::debug!("requiring full authentication");
             let my_esk = x25519_dalek::EphemeralSecret::random_from_rng(rand::thread_rng());
@@ -141,7 +164,9 @@ async fn client_auth(mut pipe: impl Pipe, pubkey: VerifyingKey) -> anyhow::Resul
                     let shared_secret = my_esk.diffie_hellman(&their_epk);
                     let read_key = blake3::derive_key("e2c", shared_secret.as_bytes());
                     let write_key = blake3::derive_key("c2e", shared_secret.as_bytes());
-                    Ok(ClientExitCryptPipe::new(pipe, read_key, write_key))
+                    Ok(EitherPipe::Right(ClientExitCryptPipe::new(
+                        pipe, read_key, write_key,
+                    )))
                 }
             }
         }

diff --git a/binaries/geph5-exit/src/listen.rs b/binaries/geph5-exit/src/listen.rs
@@ -80,7 +80,7 @@ async fn broker_loop() -> anyhow::Result<()> {
                     blake3::hash(broker.auth_token.as_bytes()).as_bytes(),
                 );
                 client
-                    .put_exit(to_upload)
+                    .insert_exit(to_upload)
                     .await?
                     .map_err(|e| anyhow::anyhow!(e.0))?;
 

diff --git a/libraries/geph5-broker-protocol/src/lib.rs b/libraries/geph5-broker-protocol/src/lib.rs
@@ -20,8 +20,11 @@ pub use bridge::*;
 pub trait BrokerProtocol {
     async fn get_exits(&self) -> Result<Signed<ExitList>, GenericError>;
     async fn get_routes(&self, exit_b2e: SocketAddr) -> Result<RouteDescriptor, GenericError>;
-    async fn put_exit(&self, descriptor: Mac<Signed<ExitDescriptor>>) -> Result<(), GenericError>;
-    async fn put_bridge(&self, descriptor: Mac<BridgeDescriptor>) -> Result<(), GenericError>;
+    async fn insert_exit(
+        &self,
+        descriptor: Mac<Signed<ExitDescriptor>>,
+    ) -> Result<(), GenericError>;
+    async fn insert_bridge(&self, descriptor: Mac<BridgeDescriptor>) -> Result<(), GenericError>;
 }
 
 pub const DOMAIN_EXIT_DESCRIPTOR: &str = "exit-descriptor";

diff --git a/libraries/picomux/src/lib.rs b/libraries/picomux/src/lib.rs
@@ -40,7 +40,7 @@ use crate::frame::{Header, PingInfo};
 
 const INIT_WINDOW: usize = 10;
 const MAX_WINDOW: usize = 500;
-const MSS: usize = 4096;
+const MSS: usize = 16384;
 
 #[derive(Clone, Copy, Debug)]
 pub struct LivenessConfig {

diff --git a/libraries/sillad-sosistab3/src/lib.rs b/libraries/sillad-sosistab3/src/lib.rs
@@ -193,4 +193,8 @@ impl<P: Pipe> Pipe for SosistabPipe<P> {
     fn remote_addr(&self) -> Option<&str> {
         self.lower.remote_addr()
     }
+
+    fn shared_secret(&self) -> Option<&[u8]> {
+        Some(self.state.shared_secret())
+    }
 }
diff --git a/libraries/sillad-sosistab3/src/state.rs b/libraries/sillad-sosistab3/src/state.rs
@@ -6,6 +6,7 @@ use chacha20poly1305::{AeadInPlace, ChaCha20Poly1305, Key, KeyInit};
 use smallvec::{SmallVec, ToSmallVec};
 
 pub struct State {
+    shared_secret: Vec<u8>,
     send_aead: ChaCha20Poly1305,
     send_nonce: u64,
     send_buf: Vec<u8>,
@@ -37,6 +38,7 @@ impl State {
         let recv_aead = ChaCha20Poly1305::new(recv_key);
 
         State {
+            shared_secret: ss.to_vec(),
             send_aead,
             send_nonce: 0,
             send_buf: vec![],
@@ -45,6 +47,10 @@ impl State {
         }
     }
 
+    pub fn shared_secret(&self) -> &[u8] {
+        &self.shared_secret
+    }
+
     fn send_nonce(&mut self) -> [u8; 12] {
         let mut nonce = [0u8; 12];
         nonce[..8].copy_from_slice(&self.send_nonce.to_le_bytes());