// Executes the server side authentication and returns either the agreed secret
// session key or the a failure reason.
func (l *Listener) serverAuth(strm *stream.Stream, req *authRequest) ([]byte, error) {
// Create a new STS session
stsSess, err := sts.New(rand.Reader, config.StsGroup, config.StsGenerator,
config.StsCipher, config.StsCipherBits, config.StsSigHash)
if err != nil {
return nil, fmt.Errorf("failed to create STS session: %v", err)
}
// Accept the incoming key exchange request and send back own exp + auth token
exp, token, err := stsSess.Accept(rand.Reader, l.key, req.Exp)
if err != nil {
return nil, fmt.Errorf("failed to accept incoming exchange: %v", err)
}
if err = strm.Send(authChallenge{exp, token}); err != nil {
return nil, fmt.Errorf("failed to encode auth challenge: %v", err)
}
if err = strm.Flush(); err != nil {
return nil, fmt.Errorf("failed to flush auth challenge: %v", err)
}
// Receive the foreign auth token and if verifies conclude session
resp := new(authResponse)
if err = strm.Recv(resp); err != nil {
return nil, fmt.Errorf("failed to decode auth response: %v", err)
}
if err = stsSess.Finalize(&l.key.PublicKey, resp.Token); err != nil {
return nil, fmt.Errorf("failed to finalize exchange: %v", err)
}
return stsSess.Secret()
}
// Initializes a stream into an encrypted tunnel link.
func (o *Overlay) initServerTunnel(strm *stream.Stream) error {
// Set a socket deadline for finishing the handshake
strm.Sock().SetDeadline(time.Now().Add(config.IrisTunnelInitTimeout))
defer strm.Sock().SetDeadline(time.Time{})
// Fetch the unencrypted client initiator
init := new(initPacket)
if err := strm.Recv(init); err != nil {
return err
}
o.lock.RLock()
c, ok := o.conns[init.ConnId]
o.lock.RUnlock()
if !ok {
return errors.New("connection not found")
}
c.tunLock.RLock()
tun, ok := c.tunLive[init.TunId]
c.tunLock.RUnlock()
if !ok {
return errors.New("tunnel not found")
}
// Create the encrypted link
hasher := func() hash.Hash { return config.HkdfHash.New() }
hkdf := hkdf.New(hasher, tun.secret, config.HkdfSalt, config.HkdfInfo)
conn := link.New(strm, hkdf, true)
// Send and retrieve an authorization to verify both directions
auth := &proto.Message{
Head: proto.Header{
Meta: &authPacket{Id: tun.id},
},
}
if err := conn.SendDirect(auth); err != nil {
return err
}
if msg, err := conn.RecvDirect(); err != nil {
return err
} else if auth, ok := msg.Head.Meta.(*authPacket); !ok || auth.Id != tun.id {
return errors.New("protocol violation")
}
conn.Start(config.IrisTunnelBuffer)
// Send back the initialized link to the pending tunnel
select {
case tun.initDone <- conn:
// Connection handled by initiator
return nil
case <-tun.initStop:
// Initiator timed out or terminated, close
conn.Close()
return nil // No error, since tunnel was handled, albeit not as expected
}
}
// Client side of the STS session negotiation.
func clientAuth(strm *stream.Stream, key *rsa.PrivateKey) ([]byte, error) {
// Set an overall time limit for the handshake to complete
strm.Sock().SetDeadline(time.Now().Add(config.SessionShakeTimeout))
defer strm.Sock().SetDeadline(time.Time{})
// Create a new empty session
stsSess, err := sts.New(rand.Reader, config.StsGroup, config.StsGenerator, config.StsCipher, config.StsCipherBits, config.StsSigHash)
if err != nil {
return nil, fmt.Errorf("failed to create new session: %v", err)
}
// Initiate a key exchange, send the exponential
exp, err := stsSess.Initiate()
if err != nil {
return nil, fmt.Errorf("failed to initiate key exchange: %v", err)
}
req := &initRequest{
Auth: &authRequest{exp},
}
if err = strm.Send(req); err != nil {
return nil, fmt.Errorf("failed to send auth request: %v", err)
}
if err = strm.Flush(); err != nil {
return nil, fmt.Errorf("failed to flush auth request: %v", err)
}
// Receive the foreign exponential and auth token and if verifies, send own auth
chall := new(authChallenge)
if err = strm.Recv(chall); err != nil {
return nil, fmt.Errorf("failed to receive auth challenge: %v", err)
}
token, err := stsSess.Verify(rand.Reader, key, &key.PublicKey, chall.Exp, chall.Token)
if err != nil {
return nil, fmt.Errorf("failed to verify acceptor auth token: %v", err)
}
if err = strm.Send(authResponse{token}); err != nil {
return nil, fmt.Errorf("failed to send auth response: %v", err)
}
if err = strm.Flush(); err != nil {
return nil, fmt.Errorf("failed to flush auth response: %v", err)
}
return stsSess.Secret()
}
// Server side of the STS session negotiation.
func (l *Listener) serverHandle(strm *stream.Stream, timeout time.Duration) {
// Make sure the authentication is synced with the sink
defer l.pendWait.Done()
// Set an overall time limit for the handshake to complete
strm.Sock().SetDeadline(time.Now().Add(config.SessionShakeTimeout))
defer strm.Sock().SetDeadline(time.Time{})
// Fetch the session request and multiplex on the contents
req := new(initRequest)
if err := strm.Recv(req); err != nil {
log.Printf("session: failed to retrieve initiation request: %v", err)
if err = strm.Close(); err != nil {
log.Printf("session: failed to close uninitialized stream: %v.", err)
}
return
}
switch {
case req.Auth != nil:
// Authenticate and clean up if unsuccessful
secret, err := l.serverAuth(strm, req.Auth)
if err != nil {
log.Printf("session: failed to authenticate remote stream: %v.", err)
if err = strm.Close(); err != nil {
log.Printf("session: failed to close unauthenticated stream: %v.", err)
}
return
}
// Create the session and link a data channel to it
sess := newSession(strm, secret, true)
if err = l.serverLink(sess); err != nil {
log.Printf("session: failed to retrieve data link: %v.", err)
if err = strm.Close(); err != nil {
log.Printf("session: failed to close unlinked stream: %v.", err)
}
return
}
// Session setup complete, send upstream
select {
case l.Sink <- sess:
// Ok
case <-time.After(timeout):
log.Printf("session: established session not handled in %v, dropping.", timeout)
if err = sess.Close(); err != nil {
log.Printf("session: failed to close established session: %v.", err)
}
}
case req.Link != nil:
// Extract the temporary session id and link this stream to it
l.pendLock.Lock()
res, ok := l.pends[req.Link.Id]
l.pendLock.Unlock()
if ok {
select {
case res <- strm:
// Ok, link succeeded
default:
log.Printf("session: established data stream not handled.")
if err := strm.Close(); err != nil {
log.Printf("session: failed to close established data stream: %v.", err)
}
}
}
}
}