poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

integrate cryptoId into peer and connection lifecycle

This commit is contained in:
zelig 2015-01-19 11:21:13 +00:00 committed by Felix Lange
parent 489d956283
commit 1803c65e40
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
p2p/crypto.go
View File

@ -53,6 +53,21 @@ func newCryptoId(id ClientIdentity) (self *cryptoId, err error) {
return return
} }
func (self *cryptoId) Run(remotePubKeyDER []byte) (rw *secretRW) {
if self.initiator {
auth, initNonce, randomPrvKey, randomPubKey, err := initiator.initAuth(remotePubKeyDER, sessionToken)
respNonce, remoteRandomPubKey, _, _ := initiator.verifyAuthResp(response)
} else {
// we are listening connection. we are responders in the haandshake.
// Extract info from the authentication. The initiator starts by sending us a handshake that we need to respond to.
response, remoteRespNonce, remoteInitNonce, remoteRandomPrivKey, _ := responder.verifyAuth(auth, sessionToken, pubInit)
}
initSessionToken, initSecretRW, _ := initiator.newSession(initNonce, respNonce, auth, randomPrvKey, remoteRandomPubKey)
respSessionToken, respSecretRW, _ := responder.newSession(remoteInitNonce, remoteRespNonce, auth, remoteRandomPrivKey, randomPubKey)
}
/* startHandshake is called by peer if it initiated the connection. /* startHandshake is called by peer if it initiated the connection.
By protocol spec, the party who initiates the connection (initiator) will send an 'auth' packet By protocol spec, the party who initiates the connection (initiator) will send an 'auth' packet
New: authInitiator -> E(remote-pubk, S(ecdhe-random, ecdh-shared-secret^nonce) || H(ecdhe-random-pubk) || pubk || nonce || 0x0) New: authInitiator -> E(remote-pubk, S(ecdhe-random, ecdh-shared-secret^nonce) || H(ecdhe-random-pubk) || pubk || nonce || 0x0)

21
p2p/peer.go
View File

@ -222,10 +222,14 @@ func (p *Peer) loop() (reason DiscReason, err error) {
defer close(p.closed) defer close(p.closed)
defer p.conn.Close() defer p.conn.Close()
var readLoop func(chan Msg, chan error, chan bool)
if p.cryptoHandshake { if p.cryptoHandshake {
if err := p.handleCryptoHandshake(); err != nil { if readLoop, err := p.handleCryptoHandshake(); err != nil {
// from here on everything can be encrypted, authenticated
return DiscProtocolError, err // no graceful disconnect return DiscProtocolError, err // no graceful disconnect
} }
} else {
readLoop = p.readLoop
} }
// read loop // read loop
@ -233,7 +237,7 @@ func (p *Peer) loop() (reason DiscReason, err error) {
readErr := make(chan error) readErr := make(chan error)
readNext := make(chan bool, 1) readNext := make(chan bool, 1)
protoDone := make(chan struct{}, 1) protoDone := make(chan struct{}, 1)
go p.readLoop(readMsg, readErr, readNext) go readLoop(readMsg, readErr, readNext)
readNext <- true readNext <- true
if p.runBaseProtocol { if p.runBaseProtocol {
@ -329,8 +333,19 @@ func (p *Peer) dispatch(msg Msg, protoDone chan struct{}) (wait bool, err error)
} }
func (p *Peer) handleCryptoHandshake() (err error) { func (p *Peer) handleCryptoHandshake() (err error) {
// cryptoId is just created for the lifecycle of the handshake
// it is survived by an encrypted readwriter
if p.dialAddr != 0 { // this should have its own method Outgoing() bool
initiator = true
}
// create crypto layer
cryptoId := newCryptoId(p.identity, initiator, sessionToken)
// run on peer
if rw, err := cryptoId.Run(p.Pubkey()); err != nil {
return err
}
p.conn = rw.Run(p.conn)
return nil
} }
func (p *Peer) startBaseProtocol() { func (p *Peer) startBaseProtocol() {