2016-10-18 05:41:20 +03:00
|
|
|
package brontide
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"io"
|
2016-11-08 06:45:00 +03:00
|
|
|
"math"
|
2016-10-18 05:41:20 +03:00
|
|
|
"net"
|
|
|
|
"time"
|
|
|
|
|
2018-06-05 04:34:16 +03:00
|
|
|
"github.com/btcsuite/btcd/btcec"
|
2018-07-31 10:17:17 +03:00
|
|
|
"github.com/lightningnetwork/lnd/lnwire"
|
2016-10-18 05:41:20 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
// Conn is an implementation of net.Conn which enforces an authenticated key
|
|
|
|
// exchange and message encryption protocol dubbed "Brontide" after initial TCP
|
|
|
|
// connection establishment. In the case of a successful handshake, all
|
|
|
|
// messages sent via the .Write() method are encrypted with an AEAD cipher
|
2017-02-23 22:56:47 +03:00
|
|
|
// along with an encrypted length-prefix. See the Machine struct for
|
2016-10-18 05:41:20 +03:00
|
|
|
// additional details w.r.t to the handshake and encryption scheme.
|
|
|
|
type Conn struct {
|
|
|
|
conn net.Conn
|
|
|
|
|
2017-02-23 22:56:47 +03:00
|
|
|
noise *Machine
|
2016-10-18 05:41:20 +03:00
|
|
|
|
|
|
|
readBuf bytes.Buffer
|
|
|
|
}
|
|
|
|
|
|
|
|
// A compile-time assertion to ensure that Conn meets the net.Conn interface.
|
|
|
|
var _ net.Conn = (*Conn)(nil)
|
|
|
|
|
|
|
|
// Dial attempts to establish an encrypted+authenticated connection with the
|
|
|
|
// remote peer located at address which has remotePub as its long-term static
|
|
|
|
// public key. In the case of a handshake failure, the connection is closed and
|
|
|
|
// a non-nil error is returned.
|
2017-10-21 00:45:23 +03:00
|
|
|
func Dial(localPriv *btcec.PrivateKey, netAddr *lnwire.NetAddress,
|
2018-01-23 08:38:58 +03:00
|
|
|
dialer func(string, string) (net.Conn, error)) (*Conn, error) {
|
2016-10-27 05:04:19 +03:00
|
|
|
ipAddr := netAddr.Address.String()
|
2017-10-21 00:45:23 +03:00
|
|
|
var conn net.Conn
|
|
|
|
var err error
|
2018-01-23 08:38:58 +03:00
|
|
|
conn, err = dialer("tcp", ipAddr)
|
2016-10-18 05:41:20 +03:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
b := &Conn{
|
|
|
|
conn: conn,
|
2016-10-27 05:04:19 +03:00
|
|
|
noise: NewBrontideMachine(true, localPriv, netAddr.IdentityKey),
|
2016-10-18 05:41:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// Initiate the handshake by sending the first act to the receiver.
|
|
|
|
actOne, err := b.noise.GenActOne()
|
|
|
|
if err != nil {
|
2016-12-01 06:11:49 +03:00
|
|
|
b.conn.Close()
|
2016-10-18 05:41:20 +03:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if _, err := conn.Write(actOne[:]); err != nil {
|
2016-12-01 06:11:49 +03:00
|
|
|
b.conn.Close()
|
2016-10-18 05:41:20 +03:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2017-10-05 00:56:31 +03:00
|
|
|
// We'll ensure that we get ActTwo from the remote peer in a timely
|
2018-04-03 01:56:41 +03:00
|
|
|
// manner. If they don't respond within 1s, then we'll kill the
|
2017-10-05 00:56:31 +03:00
|
|
|
// connection.
|
2018-04-03 01:56:41 +03:00
|
|
|
conn.SetReadDeadline(time.Now().Add(handshakeReadTimeout))
|
2017-10-05 00:56:31 +03:00
|
|
|
|
2016-10-18 05:41:20 +03:00
|
|
|
// If the first act was successful (we know that address is actually
|
|
|
|
// remotePub), then read the second act after which we'll be able to
|
|
|
|
// send our static public key to the remote peer with strong forward
|
|
|
|
// secrecy.
|
|
|
|
var actTwo [ActTwoSize]byte
|
|
|
|
if _, err := io.ReadFull(conn, actTwo[:]); err != nil {
|
2016-12-01 06:11:49 +03:00
|
|
|
b.conn.Close()
|
2016-10-18 05:41:20 +03:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if err := b.noise.RecvActTwo(actTwo); err != nil {
|
2016-12-01 06:11:49 +03:00
|
|
|
b.conn.Close()
|
2016-10-18 05:41:20 +03:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Finally, complete the handshake by sending over our encrypted static
|
|
|
|
// key and execute the final ECDH operation.
|
|
|
|
actThree, err := b.noise.GenActThree()
|
|
|
|
if err != nil {
|
2016-12-01 06:11:49 +03:00
|
|
|
b.conn.Close()
|
2016-10-18 05:41:20 +03:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if _, err := conn.Write(actThree[:]); err != nil {
|
2016-12-01 06:11:49 +03:00
|
|
|
b.conn.Close()
|
2016-10-18 05:41:20 +03:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2017-10-05 00:56:31 +03:00
|
|
|
// We'll reset the deadline as it's no longer critical beyond the
|
|
|
|
// initial handshake.
|
|
|
|
conn.SetReadDeadline(time.Time{})
|
|
|
|
|
2016-10-18 05:41:20 +03:00
|
|
|
return b, nil
|
|
|
|
}
|
|
|
|
|
2017-04-21 01:50:06 +03:00
|
|
|
// ReadNextMessage uses the connection in a message-oriented instructing it to
|
|
|
|
// read the next _full_ message with the brontide stream. This function will
|
|
|
|
// block until the read succeeds.
|
2017-04-21 01:35:29 +03:00
|
|
|
func (c *Conn) ReadNextMessage() ([]byte, error) {
|
|
|
|
return c.noise.ReadMessage(c.conn)
|
|
|
|
}
|
|
|
|
|
2016-10-18 05:41:20 +03:00
|
|
|
// Read reads data from the connection. Read can be made to time out and
|
2018-04-18 05:02:04 +03:00
|
|
|
// return an Error with Timeout() == true after a fixed time limit; see
|
2016-10-18 05:41:20 +03:00
|
|
|
// SetDeadline and SetReadDeadline.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) Read(b []byte) (n int, err error) {
|
2017-04-21 01:35:29 +03:00
|
|
|
// In order to reconcile the differences between the record abstraction
|
|
|
|
// of our AEAD connection, and the stream abstraction of TCP, we
|
|
|
|
// maintain an intermediate read buffer. If this buffer becomes
|
2018-02-07 06:11:11 +03:00
|
|
|
// depleted, then we read the next record, and feed it into the
|
2017-04-21 01:35:29 +03:00
|
|
|
// buffer. Otherwise, we read directly from the buffer.
|
2016-10-18 05:41:20 +03:00
|
|
|
if c.readBuf.Len() == 0 {
|
|
|
|
plaintext, err := c.noise.ReadMessage(c.conn)
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := c.readBuf.Write(plaintext); err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.readBuf.Read(b)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Write writes data to the connection. Write can be made to time out and
|
2018-04-18 05:02:04 +03:00
|
|
|
// return an Error with Timeout() == true after a fixed time limit; see
|
2016-10-18 05:41:20 +03:00
|
|
|
// SetDeadline and SetWriteDeadline.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) Write(b []byte) (n int, err error) {
|
2016-11-08 06:45:00 +03:00
|
|
|
// If the message doesn't require any chunking, then we can go ahead
|
|
|
|
// with a single write.
|
2017-01-08 06:15:58 +03:00
|
|
|
if len(b) <= math.MaxUint16 {
|
2016-11-08 06:45:00 +03:00
|
|
|
return len(b), c.noise.WriteMessage(c.conn, b)
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we need to split the message into fragments, then we'll write
|
2017-01-08 06:15:58 +03:00
|
|
|
// chunks which maximize usage of the available payload.
|
|
|
|
chunkSize := math.MaxUint16
|
2016-11-08 06:45:00 +03:00
|
|
|
|
|
|
|
bytesToWrite := len(b)
|
|
|
|
bytesWritten := 0
|
|
|
|
for bytesWritten < bytesToWrite {
|
|
|
|
// If we're on the last chunk, then truncate the chunk size as
|
|
|
|
// necessary to avoid an out-of-bounds array memory access.
|
|
|
|
if bytesWritten+chunkSize > len(b) {
|
|
|
|
chunkSize = len(b) - bytesWritten
|
|
|
|
}
|
|
|
|
|
|
|
|
// Slice off the next chunk to be written based on our running
|
|
|
|
// counter and next chunk size.
|
|
|
|
chunk := b[bytesWritten : bytesWritten+chunkSize]
|
|
|
|
if err := c.noise.WriteMessage(c.conn, chunk); err != nil {
|
|
|
|
return bytesWritten, err
|
|
|
|
}
|
|
|
|
|
|
|
|
bytesWritten += len(chunk)
|
|
|
|
}
|
|
|
|
|
|
|
|
return bytesWritten, nil
|
2016-10-18 05:41:20 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// Close closes the connection. Any blocked Read or Write operations will be
|
|
|
|
// unblocked and return errors.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) Close() error {
|
|
|
|
// TODO(roasbeef): reset brontide state?
|
|
|
|
return c.conn.Close()
|
|
|
|
}
|
|
|
|
|
|
|
|
// LocalAddr returns the local network address.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) LocalAddr() net.Addr {
|
|
|
|
return c.conn.LocalAddr()
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemoteAddr returns the remote network address.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) RemoteAddr() net.Addr {
|
|
|
|
return c.conn.RemoteAddr()
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetDeadline sets the read and write deadlines associated with the
|
|
|
|
// connection. It is equivalent to calling both SetReadDeadline and
|
|
|
|
// SetWriteDeadline.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) SetDeadline(t time.Time) error {
|
|
|
|
return c.conn.SetDeadline(t)
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetReadDeadline sets the deadline for future Read calls. A zero value for t
|
|
|
|
// means Read will not time out.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) SetReadDeadline(t time.Time) error {
|
|
|
|
return c.conn.SetReadDeadline(t)
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetWriteDeadline sets the deadline for future Write calls. Even if write
|
|
|
|
// times out, it may return n > 0, indicating that some of the data was
|
|
|
|
// successfully written. A zero value for t means Write will not time out.
|
|
|
|
//
|
|
|
|
// Part of the net.Conn interface.
|
|
|
|
func (c *Conn) SetWriteDeadline(t time.Time) error {
|
|
|
|
return c.conn.SetWriteDeadline(t)
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemotePub returns the remote peer's static public key.
|
|
|
|
func (c *Conn) RemotePub() *btcec.PublicKey {
|
|
|
|
return c.noise.remoteStatic
|
|
|
|
}
|
|
|
|
|
|
|
|
// LocalPub returns the local peer's static public key.
|
|
|
|
func (c *Conn) LocalPub() *btcec.PublicKey {
|
|
|
|
return c.noise.localStatic.PubKey()
|
|
|
|
}
|