From 01dbec820b1518fd6ae79577e7ca7466e96a97d8 Mon Sep 17 00:00:00 2001 From: Brian Warner Date: Thu, 19 Feb 2015 18:24:10 -0800 Subject: [PATCH] transit: set key on both ends, instead of generate+send --- bin/receive_file.py | 3 ++- bin/send_file.py | 5 ++--- src/wormhole/blocking/transit.py | 24 ++++++++++++++++++------ 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/bin/receive_file.py b/bin/receive_file.py index b5256fe..1809f83 100644 --- a/bin/receive_file.py +++ b/bin/receive_file.py @@ -29,7 +29,8 @@ encrypted_filesize = filesize + SecretBox.NONCE_SIZE+16 # now receive the rest of the owl tdata = data["transit"] -transit_receiver.set_transit_key(tdata["key"]) +transit_key = r.derive_key(APPID+"/transit-key") +transit_receiver.set_transit_key(transit_key) transit_receiver.add_sender_direct_hints(tdata["direct_connection_hints"]) transit_receiver.add_sender_relay_hints(tdata["relay_connection_hints"]) skt = transit_receiver.establish_connection() diff --git a/bin/send_file.py b/bin/send_file.py index 2e15f52..e8c75df 100644 --- a/bin/send_file.py +++ b/bin/send_file.py @@ -1,6 +1,5 @@ from __future__ import print_function import os, sys, json -from binascii import hexlify from nacl.secret import SecretBox from wormhole.blocking.transcribe import Initiator from wormhole.blocking.transit import TransitSender @@ -11,7 +10,6 @@ APPID = "lothar.com/wormhole/file-xfer" filename = sys.argv[1] assert os.path.isfile(filename) transit_sender = TransitSender() -transit_key = transit_sender.get_transit_key() direct_hints = transit_sender.get_direct_hints() relay_hints = transit_sender.get_relay_hints() @@ -22,7 +20,6 @@ data = json.dumps({ "filesize": filesize, }, "transit": { - "key": hexlify(transit_key), "direct_connection_hints": direct_hints, "relay_connection_hints": relay_hints, }, @@ -45,6 +42,8 @@ nonce = os.urandom(SecretBox.NONCE_SIZE) encrypted = box.encrypt(plaintext, nonce) tdata = them_d["transit"] +transit_key = i.derive_key(APPID+"/transit-key") +transit_sender.set_transit_key(transit_key) transit_sender.add_receiver_hints(tdata["direct_connection_hints"]) skt = transit_sender.establish_connection() diff --git a/src/wormhole/blocking/transit.py b/src/wormhole/blocking/transit.py index 22f3343..df90b27 100644 --- a/src/wormhole/blocking/transit.py +++ b/src/wormhole/blocking/transit.py @@ -1,5 +1,5 @@ from __future__ import print_function -import os, threading, socket, SocketServer +import threading, socket, SocketServer from binascii import hexlify from ..util import ipaddrs from ..util.hkdf import HKDF @@ -149,11 +149,11 @@ class MyTCPServer(SocketServer.TCPServer): class TransitSender: def __init__(self): - self.key = os.urandom(32) self.winning = threading.Event() self._negotiation_check_lock = threading.Lock() - def get_transit_key(self): - return self.key + self._have_transit_key = threading.Condition() + self._transit_key = None + def get_direct_hints(self): return [] def get_relay_hints(self): @@ -161,9 +161,21 @@ class TransitSender: def add_receiver_hints(self, hints): self.receiver_hints = hints + def set_transit_key(self, key): + # This _have_transit_key condition/lock protects us against the race + # where the sender knows the hints and the key, and connects to the + # receiver's transit socket before the receiver gets relay message + # (and thus the key). + self._have_transit_key.acquire() + self._transit_key = key + #self.handler_send_handshake = build_receiver_handshake(key) + #self.handler_expected_handshake = build_sender_handshake(key) + "go\n" + self._have_transit_key.notify_all() + self._have_transit_key.release() + def establish_connection(self): - sender_handshake = build_sender_handshake(self.key) - receiver_handshake = build_receiver_handshake(self.key) + sender_handshake = build_sender_handshake(self._transit_key) + receiver_handshake = build_receiver_handshake(self._transit_key) self.listener = None self.connectors = [] self.winning_skt = None