anyproto/any-sync
1
0
Fork 0
mirror of https://github.com/anyproto/any-sync.git synced 2025-06-10 18:10:54 +09:00
Code Activity

handshake proto and implementation

Browse source
This commit is contained in:
Sergey Cherepanov 2023-02-11 22:52:20 +03:00
parent f6d3a85a7f
commit e8a7ad7476
No known key found for this signature in database
GPG key ID: 87F8EDE8FBDF637C
5 changed files with 1635 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Makefile
View file

@ -16,6 +16,7 @@ proto:
protoc --gogofaster_out=$(PKGMAP):. --go-drpc_out=protolib=github.com/gogo/protobuf:. commonspace/spacesyncproto/protos/*.proto
protoc --gogofaster_out=$(PKGMAP):. --go-drpc_out=protolib=github.com/gogo/protobuf:. commonfile/fileproto/protos/*.proto
protoc --gogofaster_out=$(PKGMAP):. --go-drpc_out=protolib=github.com/gogo/protobuf:. net/streampool/testservice/protos/*.proto
protoc --gogofaster_out=:. net/secureservice/handshake/handshakeproto/protos/*.proto
deps:
go mod download

245
net/secureservice/handshake/handshake.go Normal file
View file

@ -0,0 +1,245 @@
package handshake
import (
"encoding/binary"
"errors"
"github.com/anytypeio/any-sync/net/secureservice/handshake/handshakeproto"
"github.com/libp2p/go-libp2p/core/sec"
"golang.org/x/exp/slices"
"io"
"sync"
)
const headerSize = 5 // 1 byte for type + 4 byte for uint32 size
const (
msgTypeCred = byte(1)
msgTypeAck = byte(2)
)
type handshakeError struct {
e handshakeproto.Error
}
func (he handshakeError) Error() string {
return he.e.String()
}
var (
ErrUnexpectedPayload = handshakeError{handshakeproto.Error_UnexpectedPayload}
ErrDeadlineExceeded = handshakeError{handshakeproto.Error_DeadlineExceeded}
ErrInvalidCredentials = handshakeError{handshakeproto.Error_InvalidCredentials}
ErrPeerDeclinedCredentials = errors.New("remote peer declined the credentials")
ErrSkipVerifyNotAllowed = handshakeError{handshakeproto.Error_SkipVerifyNotAllowed}
ErrUnexpected = handshakeError{handshakeproto.Error_Unexpected}
ErrGotNotAHandshakeMessage = errors.New("go not a handshake message")
)
var handshakePool = &sync.Pool{New: func() any {
return &handshake{
remoteCred: &handshakeproto.Credentials{},
remoteAck: &handshakeproto.Ack{},
localAck: &handshakeproto.Ack{},
buf: make([]byte, 0, 1024),
}
}}
type CredentialChecker interface {
MakeCredentials(sc sec.SecureConn) *handshakeproto.Credentials
CheckCredential(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error)
}
func OutgoingHandshake(sc sec.SecureConn, cc CredentialChecker) (err error) {
h := newHandshake()
defer h.release()
h.conn = sc
localCred := cc.MakeCredentials(sc)
if err = h.writeCredentials(localCred); err != nil {
h.tryWriteErrAndClose(err)
return err
}
msg, err := h.readMsg()
if err != nil {
h.tryWriteErrAndClose(err)
return err
}
if msg.ack != nil {
if msg.ack.Error == handshakeproto.Error_InvalidCredentials {
return ErrPeerDeclinedCredentials
}
return handshakeError{e: msg.ack.Error}
}
if err = cc.CheckCredential(sc, msg.cred); err != nil {
h.tryWriteErrAndClose(err)
return err
}
if err = h.writeAck(handshakeproto.Error_Null); err != nil {
h.tryWriteErrAndClose(err)
return err
}
msg, err = h.readMsg()
if err != nil {
h.tryWriteErrAndClose(err)
return err
}
if msg.ack == nil {
err = ErrUnexpectedPayload
h.tryWriteErrAndClose(err)
return err
}
if msg.ack.Error == handshakeproto.Error_Null {
return nil
} else {
_ = h.conn.Close()
return handshakeError{e: msg.ack.Error}
}
}
func IncomingHandshake(sc sec.SecureConn, cc CredentialChecker) (err error) {
h := newHandshake()
defer h.release()
h.conn = sc
msg, err := h.readMsg()
if err != nil {
h.tryWriteErrAndClose(err)
return err
}
if msg.ack != nil {
return ErrUnexpectedPayload
}
if err = cc.CheckCredential(sc, msg.cred); err != nil {
h.tryWriteErrAndClose(err)
return err
}
if err = h.writeCredentials(cc.MakeCredentials(sc)); err != nil {
h.tryWriteErrAndClose(err)
return err
}
msg, err = h.readMsg()
if err != nil {
h.tryWriteErrAndClose(err)
return err
}
if msg.ack == nil {
err = ErrUnexpectedPayload
h.tryWriteErrAndClose(err)
return err
}
if msg.ack.Error != handshakeproto.Error_Null {
if msg.ack.Error == handshakeproto.Error_InvalidCredentials {
return ErrPeerDeclinedCredentials
}
return handshakeError{e: msg.ack.Error}
}
if err = h.writeAck(handshakeproto.Error_Null); err != nil {
h.tryWriteErrAndClose(err)
return err
}
return
}
func newHandshake() *handshake {
return handshakePool.Get().(*handshake)
}
type handshake struct {
conn sec.SecureConn
remoteCred *handshakeproto.Credentials
remoteAck *handshakeproto.Ack
localAck *handshakeproto.Ack
buf []byte
}
func (h *handshake) writeCredentials(cred *handshakeproto.Credentials) (err error) {
h.buf = slices.Grow(h.buf, cred.Size()+headerSize)[:cred.Size()+headerSize]
n, err := cred.MarshalToSizedBuffer(h.buf[headerSize:])
if err != nil {
return err
}
return h.writeData(msgTypeCred, n)
}
func (h *handshake) tryWriteErrAndClose(err error) {
if err == ErrGotNotAHandshakeMessage {
// if we got unexpected message - just close the connection
_ = h.conn.Close()
return
}
var ackErr handshakeproto.Error
if he, ok := err.(handshakeError); ok {
ackErr = he.e
} else {
ackErr = handshakeproto.Error_Unexpected
}
_ = h.writeAck(ackErr)
_ = h.conn.Close()
}
func (h *handshake) writeAck(ackErr handshakeproto.Error) (err error) {
h.localAck.Error = ackErr
h.buf = slices.Grow(h.buf, h.localAck.Size()+headerSize)[:h.localAck.Size()+headerSize]
n, err := h.localAck.MarshalTo(h.buf[headerSize:])
if err != nil {
return err
}
return h.writeData(msgTypeAck, n)
}
func (h *handshake) writeData(tp byte, size int) (err error) {
h.buf[0] = tp
binary.LittleEndian.PutUint32(h.buf[1:headerSize], uint32(size))
_, err = h.conn.Write(h.buf[:size+headerSize])
return err
}
type message struct {
cred *handshakeproto.Credentials
ack *handshakeproto.Ack
}
func (h *handshake) readMsg() (msg message, err error) {
h.buf = slices.Grow(h.buf, headerSize)[:headerSize]
if _, err = io.ReadFull(h.conn, h.buf[:headerSize]); err != nil {
return
}
tp := h.buf[0]
if tp != msgTypeCred && tp != msgTypeAck {
err = ErrGotNotAHandshakeMessage
return
}
size := binary.LittleEndian.Uint32(h.buf[1:headerSize])
h.buf = slices.Grow(h.buf, int(size))[:size]
if _, err = io.ReadFull(h.conn, h.buf[:size]); err != nil {
return
}
switch tp {
case msgTypeCred:
if err = h.remoteCred.Unmarshal(h.buf[:size]); err != nil {
return
}
msg.cred = h.remoteCred
case msgTypeAck:
if err = h.remoteAck.Unmarshal(h.buf[:size]); err != nil {
return
}
msg.ack = h.remoteAck
}
return
}
func (h *handshake) release() {
h.buf = h.buf[:0]
h.conn = nil
h.localAck.Error = 0
h.remoteAck.Error = 0
h.remoteCred.Type = 0
h.remoteCred.Payload = h.remoteCred.Payload[:0]
handshakePool.Put(h)
}

507
net/secureservice/handshake/handshake_test.go Normal file
View file

@ -0,0 +1,507 @@
package handshake
import (
"github.com/anytypeio/any-sync/net/secureservice/handshake/handshakeproto"
"github.com/anytypeio/any-sync/util/keys/asymmetric/signingkey"
peer2 "github.com/anytypeio/any-sync/util/peer"
"github.com/libp2p/go-libp2p/core/crypto"
"github.com/libp2p/go-libp2p/core/network"
"github.com/libp2p/go-libp2p/core/peer"
"github.com/libp2p/go-libp2p/core/sec"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"net"
_ "net/http/pprof"
"testing"
"time"
)
var noVerifyChecker = &testCredChecker{
makeCred: &handshakeproto.Credentials{Type: handshakeproto.CredentialsType_SkipVerify},
checkCred: func(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error) {
return
},
}
func TestOutgoingHandshake(t *testing.T) {
t.Run("success", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// receive credential message
msg, err := h.readMsg()
require.NoError(t, err)
require.Nil(t, msg.ack)
require.NoError(t, noVerifyChecker.CheckCredential(c2, msg.cred))
// send credential message
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// receive ack
msg, err = h.readMsg()
require.NoError(t, err)
require.Equal(t, handshakeproto.Error_Null, msg.ack.Error)
// send ack
require.NoError(t, h.writeAck(handshakeproto.Error_Null))
resErr := <-hanshareResCh
assert.NoError(t, resErr)
})
t.Run("write cred err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
t.Run("read cred err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// receive credential message
_, err := h.readMsg()
require.NoError(t, err)
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
t.Run("ack err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// receive credential message
_, err := h.readMsg()
require.NoError(t, err)
require.NoError(t, h.writeAck(ErrInvalidCredentials.e))
require.EqualError(t, <-hanshareResCh, ErrPeerDeclinedCredentials.Error())
})
t.Run("cred err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, &testCredChecker{makeCred: noVerifyChecker.makeCred, checkErr: ErrInvalidCredentials})
}()
h := newHandshake()
h.conn = c2
// receive credential message
_, err := h.readMsg()
require.NoError(t, err)
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
msg, err := h.readMsg()
require.NoError(t, err)
assert.Equal(t, ErrInvalidCredentials.e, msg.ack.Error)
require.EqualError(t, <-hanshareResCh, ErrInvalidCredentials.Error())
})
t.Run("write ack err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// receive credential message
_, err := h.readMsg()
require.NoError(t, err)
// write credentials and close conn
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
t.Run("read ack err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// receive credential message
_, err := h.readMsg()
require.NoError(t, err)
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// read ack and close conn
_, err = h.readMsg()
require.NoError(t, err)
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
t.Run("write cred instead ack", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// receive credential message
_, err := h.readMsg()
require.NoError(t, err)
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// read ack
_, err = h.readMsg()
require.NoError(t, err)
// write cred instead ack
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
msg, err := h.readMsg()
require.NoError(t, err)
assert.Equal(t, handshakeproto.Error_UnexpectedPayload, msg.ack.Error)
require.Error(t, <-hanshareResCh)
})
t.Run("final ack error", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- OutgoingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// receive credential message
msg, err := h.readMsg()
require.NoError(t, err)
require.Nil(t, msg.ack)
require.NoError(t, noVerifyChecker.CheckCredential(c2, msg.cred))
// send credential message
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// receive ack
msg, err = h.readMsg()
require.NoError(t, err)
require.Equal(t, handshakeproto.Error_Null, msg.ack.Error)
// send ack
require.NoError(t, h.writeAck(handshakeproto.Error_UnexpectedPayload))
resErr := <-hanshareResCh
assert.Error(t, resErr)
})
}
func TestIncomingHandshake(t *testing.T) {
t.Run("success", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// wait credentials
msg, err := h.readMsg()
require.NoError(t, err)
require.Nil(t, msg.ack)
require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type)
// write ack
require.NoError(t, h.writeAck(handshakeproto.Error_Null))
// wait ack
msg, err = h.readMsg()
require.NoError(t, err)
assert.Equal(t, handshakeproto.Error_Null, msg.ack.Error)
require.NoError(t, <-hanshareResCh)
})
t.Run("write cred err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
t.Run("read cred err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write credentials and close conn
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
t.Run("write ack instead cred", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write ack instead cred
require.NoError(t, h.writeAck(handshakeproto.Error_Null))
require.Error(t, <-hanshareResCh)
})
t.Run("invalid cred", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, &testCredChecker{makeCred: noVerifyChecker.makeCred, checkErr: ErrInvalidCredentials})
}()
h := newHandshake()
h.conn = c2
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// except ack with error
msg, err := h.readMsg()
require.NoError(t, err)
require.Nil(t, msg.cred)
require.Equal(t, handshakeproto.Error_InvalidCredentials, msg.ack.Error)
require.EqualError(t, <-hanshareResCh, ErrInvalidCredentials.Error())
})
t.Run("write cred instead ack", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// read cred
_, err := h.readMsg()
require.NoError(t, err)
// write cred instead ack
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// expect ack with error
msg, err := h.readMsg()
require.Equal(t, handshakeproto.Error_UnexpectedPayload, msg.ack.Error)
require.Error(t, <-hanshareResCh)
})
t.Run("read ack err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// read cred and close conn
_, err := h.readMsg()
require.NoError(t, err)
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
t.Run("write ack with invalid", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// wait credentials
msg, err := h.readMsg()
require.NoError(t, err)
require.Nil(t, msg.ack)
require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type)
// write ack
require.NoError(t, h.writeAck(handshakeproto.Error_InvalidCredentials))
assert.EqualError(t, <-hanshareResCh, ErrPeerDeclinedCredentials.Error())
})
t.Run("write ack with err", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// wait credentials
msg, err := h.readMsg()
require.NoError(t, err)
require.Nil(t, msg.ack)
require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type)
// write ack
require.NoError(t, h.writeAck(handshakeproto.Error_Unexpected))
assert.EqualError(t, <-hanshareResCh, ErrUnexpected.Error())
})
t.Run("final ack error", func(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
// write credentials
require.NoError(t, h.writeCredentials(noVerifyChecker.MakeCredentials(c2)))
// wait credentials
msg, err := h.readMsg()
require.NoError(t, err)
require.Nil(t, msg.ack)
require.Equal(t, handshakeproto.CredentialsType_SkipVerify, msg.cred.Type)
// write ack and close conn
require.NoError(t, h.writeAck(handshakeproto.Error_Null))
_ = c2.Close()
require.Error(t, <-hanshareResCh)
})
}
func TestNotAHandshakeMessage(t *testing.T) {
c1, c2 := newConnPair(t)
var hanshareResCh = make(chan error, 1)
go func() {
hanshareResCh <- IncomingHandshake(c1, noVerifyChecker)
}()
h := newHandshake()
h.conn = c2
_, err := c2.Write([]byte("some unexpected bytes"))
require.Error(t, err)
assert.EqualError(t, <-hanshareResCh, ErrGotNotAHandshakeMessage.Error())
}
func TestEndToEnd(t *testing.T) {
c1, c2 := newConnPair(t)
var (
inRes = make(chan error, 1)
outRes = make(chan error, 1)
)
st := time.Now()
go func() {
outRes <- OutgoingHandshake(c1, noVerifyChecker)
}()
go func() {
inRes <- IncomingHandshake(c2, noVerifyChecker)
}()
assert.NoError(t, <-outRes)
assert.NoError(t, <-inRes)
t.Log("dur", time.Since(st))
}
func BenchmarkHandshake(b *testing.B) {
c1, c2 := newConnPair(b)
var (
inRes = make(chan error)
outRes = make(chan error)
done = make(chan struct{})
)
defer close(done)
go func() {
for {
select {
case outRes <- OutgoingHandshake(c1, noVerifyChecker):
case <-done:
return
}
}
}()
go func() {
for {
select {
case inRes <- IncomingHandshake(c2, noVerifyChecker):
case <-done:
return
}
}
}()
b.ReportAllocs()
b.ResetTimer()
for i := 0; i < b.N; i++ {
<-outRes
<-inRes
}
}
type testCredChecker struct {
makeCred *handshakeproto.Credentials
checkCred func(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error)
checkErr error
}
func (t *testCredChecker) MakeCredentials(sc sec.SecureConn) *handshakeproto.Credentials {
return t.makeCred
}
func (t *testCredChecker) CheckCredential(sc sec.SecureConn, cred *handshakeproto.Credentials) (err error) {
if t.checkErr != nil {
return t.checkErr
}
if t.checkCred != nil {
return t.checkCred(sc, cred)
}
return nil
}
func newConnPair(t require.TestingT) (sc1, sc2 *secConn) {
c1, c2 := net.Pipe()
sk1, _, err := signingkey.GenerateRandomEd25519KeyPair()
require.NoError(t, err)
sk1b, err := sk1.Raw()
signKey1, err := crypto.UnmarshalEd25519PrivateKey(sk1b)
require.NoError(t, err)
sk2, _, err := signingkey.GenerateRandomEd25519KeyPair()
require.NoError(t, err)
sk2b, err := sk2.Raw()
signKey2, err := crypto.UnmarshalEd25519PrivateKey(sk2b)
require.NoError(t, err)
peerId1, err := peer2.IdFromSigningPubKey(sk1.GetPublic())
require.NoError(t, err)
peerId2, err := peer2.IdFromSigningPubKey(sk2.GetPublic())
require.NoError(t, err)
sc1 = &secConn{
Conn: c1,
localKey: signKey1,
remotePeer: peerId2,
}
sc2 = &secConn{
Conn: c2,
localKey: signKey2,
remotePeer: peerId1,
}
return
}
type secConn struct {
net.Conn
localKey crypto.PrivKey
remotePeer peer.ID
}
func (s *secConn) LocalPeer() peer.ID {
skB, _ := s.localKey.Raw()
sk, _ := signingkey.NewSigningEd25519PubKeyFromBytes(skB)
lp, _ := peer2.IdFromSigningPubKey(sk)
return lp
}
func (s *secConn) LocalPrivateKey() crypto.PrivKey {
return s.localKey
}
func (s *secConn) RemotePeer() peer.ID {
return s.remotePeer
}
func (s *secConn) RemotePublicKey() crypto.PubKey {
return nil
}
func (s *secConn) ConnState() network.ConnectionState {
return network.ConnectionState{}
}

813
net/secureservice/handshake/handshakeproto/handshake.pb.go Normal file
View file

@ -0,0 +1,813 @@
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: net/secureservice/handshake/handshakeproto/protos/handshake.proto
package handshakeproto
import (
fmt "fmt"
proto "github.com/gogo/protobuf/proto"
io "io"
math "math"
math_bits "math/bits"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
type CredentialsType int32
const (
// SkipVerify using when identity is not required, for example in p2p cases
CredentialsType_SkipVerify CredentialsType = 0
// SignedPeerIds using a payload containing PayloadSignedPeerIds message
CredentialsType_SignedPeerIds CredentialsType = 1
)
var CredentialsType_name = map[int32]string{
0: "SkipVerify",
1: "SignedPeerIds",
}
var CredentialsType_value = map[string]int32{
"SkipVerify": 0,
"SignedPeerIds": 1,
}
func (x CredentialsType) String() string {
return proto.EnumName(CredentialsType_name, int32(x))
}
func (CredentialsType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_60283fc75f020893, []int{0}
}
type Error int32
const (
Error_Null Error = 0
Error_Unexpected Error = 1
Error_InvalidCredentials Error = 2
Error_UnexpectedPayload Error = 3
Error_SkipVerifyNotAllowed Error = 4
Error_DeadlineExceeded Error = 5
)
var Error_name = map[int32]string{
0: "Null",
1: "Unexpected",
2: "InvalidCredentials",
3: "UnexpectedPayload",
4: "SkipVerifyNotAllowed",
5: "DeadlineExceeded",
}
var Error_value = map[string]int32{
"Null": 0,
"Unexpected": 1,
"InvalidCredentials": 2,
"UnexpectedPayload": 3,
"SkipVerifyNotAllowed": 4,
"DeadlineExceeded": 5,
}
func (x Error) String() string {
return proto.EnumName(Error_name, int32(x))
}
func (Error) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_60283fc75f020893, []int{1}
}
type Credentials struct {
Type CredentialsType `protobuf:"varint,1,opt,name=type,proto3,enum=anyHandshake.CredentialsType" json:"type,omitempty"`
Payload []byte `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
}
func (m *Credentials) Reset() { *m = Credentials{} }
func (m *Credentials) String() string { return proto.CompactTextString(m) }
func (*Credentials) ProtoMessage() {}
func (*Credentials) Descriptor() ([]byte, []int) {
return fileDescriptor_60283fc75f020893, []int{0}
}
func (m *Credentials) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Credentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Credentials.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Credentials) XXX_Merge(src proto.Message) {
xxx_messageInfo_Credentials.Merge(m, src)
}
func (m *Credentials) XXX_Size() int {
return m.Size()
}
func (m *Credentials) XXX_DiscardUnknown() {
xxx_messageInfo_Credentials.DiscardUnknown(m)
}
var xxx_messageInfo_Credentials proto.InternalMessageInfo
func (m *Credentials) GetType() CredentialsType {
if m != nil {
return m.Type
}
return CredentialsType_SkipVerify
}
func (m *Credentials) GetPayload() []byte {
if m != nil {
return m.Payload
}
return nil
}
type PayloadSignedPeerIds struct {
// account identity
Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
// sign of (localPeerId + remotePeerId)
Sign []byte `protobuf:"bytes,2,opt,name=sign,proto3" json:"sign,omitempty"`
}
func (m *PayloadSignedPeerIds) Reset() { *m = PayloadSignedPeerIds{} }
func (m *PayloadSignedPeerIds) String() string { return proto.CompactTextString(m) }
func (*PayloadSignedPeerIds) ProtoMessage() {}
func (*PayloadSignedPeerIds) Descriptor() ([]byte, []int) {
return fileDescriptor_60283fc75f020893, []int{1}
}
func (m *PayloadSignedPeerIds) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PayloadSignedPeerIds) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PayloadSignedPeerIds.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PayloadSignedPeerIds) XXX_Merge(src proto.Message) {
xxx_messageInfo_PayloadSignedPeerIds.Merge(m, src)
}
func (m *PayloadSignedPeerIds) XXX_Size() int {
return m.Size()
}
func (m *PayloadSignedPeerIds) XXX_DiscardUnknown() {
xxx_messageInfo_PayloadSignedPeerIds.DiscardUnknown(m)
}
var xxx_messageInfo_PayloadSignedPeerIds proto.InternalMessageInfo
func (m *PayloadSignedPeerIds) GetIdentity() []byte {
if m != nil {
return m.Identity
}
return nil
}
func (m *PayloadSignedPeerIds) GetSign() []byte {
if m != nil {
return m.Sign
}
return nil
}
type Ack struct {
Error Error `protobuf:"varint,1,opt,name=error,proto3,enum=anyHandshake.Error" json:"error,omitempty"`
}
func (m *Ack) Reset() { *m = Ack{} }
func (m *Ack) String() string { return proto.CompactTextString(m) }
func (*Ack) ProtoMessage() {}
func (*Ack) Descriptor() ([]byte, []int) {
return fileDescriptor_60283fc75f020893, []int{2}
}
func (m *Ack) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Ack) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Ack.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Ack) XXX_Merge(src proto.Message) {
xxx_messageInfo_Ack.Merge(m, src)
}
func (m *Ack) XXX_Size() int {
return m.Size()
}
func (m *Ack) XXX_DiscardUnknown() {
xxx_messageInfo_Ack.DiscardUnknown(m)
}
var xxx_messageInfo_Ack proto.InternalMessageInfo
func (m *Ack) GetError() Error {
if m != nil {
return m.Error
}
return Error_Null
}
func init() {
proto.RegisterEnum("anyHandshake.CredentialsType", CredentialsType_name, CredentialsType_value)
proto.RegisterEnum("anyHandshake.Error", Error_name, Error_value)
proto.RegisterType((*Credentials)(nil), "anyHandshake.Credentials")
proto.RegisterType((*PayloadSignedPeerIds)(nil), "anyHandshake.PayloadSignedPeerIds")
proto.RegisterType((*Ack)(nil), "anyHandshake.Ack")
}
func init() {
proto.RegisterFile("net/secureservice/handshake/handshakeproto/protos/handshake.proto", fileDescriptor_60283fc75f020893)
}
var fileDescriptor_60283fc75f020893 = []byte{
// 362 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x51, 0xcd, 0x8e, 0xda, 0x30,
0x18, 0x8c, 0x21, 0xb4, 0xe8, 0x2b, 0xa5, 0xc6, 0xa5, 0x55, 0x54, 0xa9, 0x11, 0xe2, 0x44, 0x39,
0x40, 0xff, 0x5e, 0x80, 0x16, 0xaa, 0x72, 0x41, 0x28, 0xb4, 0x3d, 0x70, 0x73, 0xe3, 0xaf, 0x60,
0x61, 0x39, 0x91, 0x13, 0x28, 0xb9, 0xed, 0x23, 0xec, 0x63, 0xed, 0x91, 0xe3, 0x1e, 0x57, 0xf0,
0x22, 0x2b, 0x0c, 0x2c, 0x61, 0x4f, 0x7b, 0xb1, 0xe7, 0x1b, 0x8f, 0x67, 0xc6, 0x32, 0xf4, 0x34,
0xa6, 0xdd, 0x04, 0xc3, 0xa5, 0xc1, 0x04, 0xcd, 0x4a, 0x86, 0xd8, 0x9d, 0x73, 0x2d, 0x92, 0x39,
0x5f, 0xe4, 0x50, 0x6c, 0xa2, 0x34, 0xea, 0xda, 0x35, 0x39, 0xb3, 0x1d, 0x4b, 0xb0, 0x0a, 0xd7,
0xd9, 0xcf, 0x13, 0xd7, 0x9c, 0xc2, 0x8b, 0xef, 0x06, 0x05, 0xea, 0x54, 0x72, 0x95, 0xb0, 0x4f,
0xe0, 0xa6, 0x59, 0x8c, 0x1e, 0x69, 0x90, 0x56, 0xf5, 0xf3, 0xfb, 0x4e, 0x5e, 0xdb, 0xc9, 0x09,
0x7f, 0x65, 0x31, 0x06, 0x56, 0xca, 0x3c, 0x78, 0x1e, 0xf3, 0x4c, 0x45, 0x5c, 0x78, 0x85, 0x06,
0x69, 0x55, 0x82, 0xd3, 0xd8, 0xfc, 0x01, 0xf5, 0xf1, 0x01, 0x4e, 0xe4, 0x4c, 0xa3, 0x18, 0x23,
0x9a, 0xa1, 0x48, 0xd8, 0x3b, 0x28, 0x4b, 0x6b, 0x94, 0x66, 0x36, 0xa8, 0x12, 0x3c, 0xcc, 0x8c,
0x81, 0x9b, 0xc8, 0x99, 0x3e, 0x5a, 0x59, 0xdc, 0xfc, 0x08, 0xc5, 0x5e, 0xb8, 0x60, 0x1f, 0xa0,
0x84, 0xc6, 0x44, 0xe6, 0x58, 0xee, 0xf5, 0x65, 0xb9, 0xc1, 0xfe, 0x28, 0x38, 0x28, 0xda, 0x5f,
0xe1, 0xd5, 0xa3, 0xb2, 0xac, 0x0a, 0x30, 0x59, 0xc8, 0xf8, 0x0f, 0x1a, 0xf9, 0x2f, 0xa3, 0x0e,
0xab, 0xc1, 0xcb, 0x8b, 0x56, 0x94, 0xb4, 0xaf, 0x08, 0x94, 0xac, 0x0d, 0x2b, 0x83, 0x3b, 0x5a,
0x2a, 0x45, 0x9d, 0xfd, 0xb5, 0xdf, 0x1a, 0xd7, 0x31, 0x86, 0x29, 0x0a, 0x4a, 0xd8, 0x5b, 0x60,
0x43, 0xbd, 0xe2, 0x4a, 0x8a, 0x5c, 0x00, 0x2d, 0xb0, 0x37, 0x50, 0x3b, 0xeb, 0x8e, 0xaf, 0xa6,
0x45, 0xe6, 0x41, 0xfd, 0x9c, 0x3a, 0x8a, 0xd2, 0x9e, 0x52, 0xd1, 0x7f, 0x14, 0xd4, 0x65, 0x75,
0xa0, 0x7d, 0xe4, 0x42, 0x49, 0x8d, 0x83, 0x75, 0x88, 0x28, 0x50, 0xd0, 0xd2, 0xb7, 0xfe, 0xcd,
0xd6, 0x27, 0x9b, 0xad, 0x4f, 0xee, 0xb6, 0x3e, 0xb9, 0xde, 0xf9, 0xce, 0x66, 0xe7, 0x3b, 0xb7,
0x3b, 0xdf, 0x99, 0xb6, 0x9f, 0xfe, 0xf3, 0x7f, 0x9f, 0xd9, 0xed, 0xcb, 0x7d, 0x00, 0x00, 0x00,
0xff, 0xff, 0xa0, 0x48, 0xdf, 0x7a, 0x2e, 0x02, 0x00, 0x00,
}
func (m *Credentials) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Credentials) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Credentials) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if len(m.Payload) > 0 {
i -= len(m.Payload)
copy(dAtA[i:], m.Payload)
i = encodeVarintHandshake(dAtA, i, uint64(len(m.Payload)))
i--
dAtA[i] = 0x12
}
if m.Type != 0 {
i = encodeVarintHandshake(dAtA, i, uint64(m.Type))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PayloadSignedPeerIds) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PayloadSignedPeerIds) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PayloadSignedPeerIds) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if len(m.Sign) > 0 {
i -= len(m.Sign)
copy(dAtA[i:], m.Sign)
i = encodeVarintHandshake(dAtA, i, uint64(len(m.Sign)))
i--
dAtA[i] = 0x12
}
if len(m.Identity) > 0 {
i -= len(m.Identity)
copy(dAtA[i:], m.Identity)
i = encodeVarintHandshake(dAtA, i, uint64(len(m.Identity)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Ack) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Ack) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Ack) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.Error != 0 {
i = encodeVarintHandshake(dAtA, i, uint64(m.Error))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func encodeVarintHandshake(dAtA []byte, offset int, v uint64) int {
offset -= sovHandshake(v)
base := offset
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return base
}
func (m *Credentials) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Type != 0 {
n += 1 + sovHandshake(uint64(m.Type))
}
l = len(m.Payload)
if l > 0 {
n += 1 + l + sovHandshake(uint64(l))
}
return n
}
func (m *PayloadSignedPeerIds) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Identity)
if l > 0 {
n += 1 + l + sovHandshake(uint64(l))
}
l = len(m.Sign)
if l > 0 {
n += 1 + l + sovHandshake(uint64(l))
}
return n
}
func (m *Ack) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Error != 0 {
n += 1 + sovHandshake(uint64(m.Error))
}
return n
}
func sovHandshake(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
func sozHandshake(x uint64) (n int) {
return sovHandshake(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (m *Credentials) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Credentials: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Credentials: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType)
}
m.Type = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Type |= CredentialsType(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Payload", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthHandshake
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthHandshake
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Payload = append(m.Payload[:0], dAtA[iNdEx:postIndex]...)
if m.Payload == nil {
m.Payload = []byte{}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipHandshake(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthHandshake
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *PayloadSignedPeerIds) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: PayloadSignedPeerIds: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: PayloadSignedPeerIds: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Identity", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthHandshake
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthHandshake
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Identity = append(m.Identity[:0], dAtA[iNdEx:postIndex]...)
if m.Identity == nil {
m.Identity = []byte{}
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Sign", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthHandshake
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthHandshake
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Sign = append(m.Sign[:0], dAtA[iNdEx:postIndex]...)
if m.Sign == nil {
m.Sign = []byte{}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipHandshake(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthHandshake
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Ack) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Ack: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Ack: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Error", wireType)
}
m.Error = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowHandshake
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Error |= Error(b&0x7F) << shift
if b < 0x80 {
break
}
}
default:
iNdEx = preIndex
skippy, err := skipHandshake(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthHandshake
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipHandshake(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
depth := 0
for iNdEx < l {
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowHandshake
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
wireType := int(wire & 0x7)
switch wireType {
case 0:
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowHandshake
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
iNdEx++
if dAtA[iNdEx-1] < 0x80 {
break
}
}
case 1:
iNdEx += 8
case 2:
var length int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowHandshake
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
length |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if length < 0 {
return 0, ErrInvalidLengthHandshake
}
iNdEx += length
case 3:
depth++
case 4:
if depth == 0 {
return 0, ErrUnexpectedEndOfGroupHandshake
}
depth--
case 5:
iNdEx += 4
default:
return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
}
if iNdEx < 0 {
return 0, ErrInvalidLengthHandshake
}
if depth == 0 {
return iNdEx, nil
}
}
return 0, io.ErrUnexpectedEOF
}
var (
ErrInvalidLengthHandshake = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowHandshake = fmt.Errorf("proto: integer overflow")
ErrUnexpectedEndOfGroupHandshake = fmt.Errorf("proto: unexpected end of group")
)

69
net/secureservice/handshake/handshakeproto/protos/handshake.proto Normal file
View file

@ -0,0 +1,69 @@
syntax = "proto3";
package anyHandshake;
option go_package = "net/secureservice/handshake/handshakeproto";
/*
Alice opens a new connection with Bob
1. TLS handshake done successfully; both sides know local and remote peer identifiers.
2. Alice sends a Credentials message to Bob
3. Bob receives Alice's message and validates her credentials
3.1 If credentials are valid, Bob sends his credentials to Alice
3.2 If credentials are invalid, Bob sends an Ack message with an error and closes the connection
4. Alice receives Bob's message
4.1 If it is a credentials message, Alice validates it
4.1.1 If credentials are valid, Alice sends Ack message with error=Null
4.1.2 If credentials are invalid, Alice sends an Ack message with an error and closes the connection
4.2 If it is an Ack message, Alice has an error about why the handshake was unsuccessful
5. Bob receives an Ack message from Alice
5.1 If error == Null, Bob sends Ack with error=Null to Alice - handshake successful
5.2 If error != Null, Bob has an error about why the handshake was unsuccessful
Successful handshake scheme:
Alice -> [CREDENTIALS] -> Bob
Bob -> [CREDENTIALS] -> Alice
Alice -> [Ack:Error=Null] -> Bob
Bob -> [Ack:Error=Null] -> Alice
*/
message Credentials {
CredentialsType type = 1;
bytes payload = 2;
}
enum CredentialsType {
// SkipVerify using when identity is not required, for example in p2p cases
SkipVerify = 0;
// SignedPeerIds using a payload containing PayloadSignedPeerIds message
SignedPeerIds = 1;
}
message PayloadSignedPeerIds {
// account identity
bytes identity = 1;
// sign of (localPeerId + remotePeerId)
bytes sign = 2;
}
message Ack {
Error error = 1;
}
enum Error {
Null = 0;
Unexpected = 1;
InvalidCredentials = 2;
UnexpectedPayload = 3;
SkipVerifyNotAllowed = 4;
DeadlineExceeded = 5;
}