Commit Graph

50 Commits

Author SHA1 Message Date
Brian Warner
a2ed35ceb8 remove old files, lots of type work 2017-04-06 12:21:00 -07:00
Brian Warner
16c477424c more demo work 2017-04-06 12:21:00 -07:00
Brian Warner
3c9c0e58ab move to _connection.py, add more state machines
Starting on defining manager state machines for nameplates, mailboxes, the
PAKE key-establishment process, and the bit that knows it can drop the
connection when both nameplates and mailboxes have been released.
2017-04-06 12:21:00 -07:00
Brian Warner
14c8e76364 onConnect, start manual tests, doesn't work yet 2017-04-06 12:21:00 -07:00
Brian Warner
b826e8c73c hack args till they work, add ALLOW_CLOSE
the diagram is a lot simpler if the only way to shut things down is to
terminate the whole process
2017-04-06 12:21:00 -07:00
Brian Warner
d136028fa8 try adding args 2017-04-06 12:21:00 -07:00
Brian Warner
73f3d86107 state machine should be complete, I think 2017-04-06 12:21:00 -07:00
Brian Warner
b3763f9e78 show "you can use tabs" reminder if code was input without completion
refs #15
2017-01-12 16:14:42 -08:00
Brian Warner
62b069dea6 Wormhole: control stderr 2017-01-12 16:14:42 -08:00
Brian Warner
e500f4a100 rx: tolerate duplicate peer messages
closes #121
2016-12-26 15:27:14 -05:00
Brian Warner
face9423dd internals: ensure _API_establish_key is not called twice 2016-12-16 01:33:17 -08:00
laharah
01318d1130 added notification to cmd_receive plus reactor cleanup
Added a try finally block around verify to ensure notification
deferreds are being cleaned out of the reactor
2016-12-16 01:03:01 -08:00
laharah
a2ab1863cf added the new key waiter to be cleaned up on error in wormhole
Also, set new print statment to print to args.stdout
2016-12-16 01:03:01 -08:00
laharah
680b01b3fc added api hooks to get notification about key excange
added more coverage to establish key API hook
2016-12-16 01:03:01 -08:00
Brian Warner
cdb5c19010 websockets: turn on autoPingInterval to expire stale connections
With this, both clients and servers will send a PING at least once every
minute, and will drop connections that haven't seen any traffic for 10
minutes.

This should help keep NAT table entries alive, and will drop connections
that are no longer viable because their NAT entries have expired.

closes #60
2016-07-03 21:51:56 -07:00
meejah
7fab6b3dff Change UsageError -> InternalError, use click.UsageError for human-visible errors 2016-06-22 02:14:34 -06:00
meejah
e16b53817e Refactor to use Click 2016-06-22 01:11:07 -06:00
laharah
2c25b4d97d u"" cleanup on wormhole.py 2016-06-04 14:09:19 -07:00
laharah
6a73d50fdd added unicode_literals import to all apropriate modules
bug in twisted serverFromString prevents test.common and transit
from using unicode properly should revisit if twisted gets patched
2016-06-04 12:42:59 -07:00
Brian Warner
996c739b2a oops, fix tests
In some tests, we artificially call _event_connected() without first
initiating a connection.
2016-06-03 23:30:31 -07:00
Brian Warner
a1ce0d8df0 record websocket establishment in timing data 2016-06-03 22:55:52 -07:00
Chris Wolfe
bc7dea8bab add simpler exception message, assert that it is being used 2016-06-02 15:21:31 -07:00
Chris Wolfe
5be436b81d raise a specific error when spaces are detected, pass along the docstring to the user 2016-06-02 15:21:31 -07:00
Brian Warner
00277c22cf allow MOTD to be displayed multiple times
(one displayed message per received welcome["motd"])

There's not much value in prohibiting the server from sending multiple
MOTD messages, and it would prevent us from using it to display a "your
client is using an old API, please upgrade" message after having already
sent a regular "please donate" MOTD message. (We could send a second
welcome message with ["error"] to kill the client, but ["motd"] is the
most convenient way to deliver a non-fatal warning).
2016-05-28 19:19:22 -07:00
Brian Warner
52e5cbd690 INCOMPATIBILITY: send "current_cli_version", not "current_version"
The reasoning is that this string is only ever likely to refer to the
version of the primary/initial client (the CLI application, written in
Python, that you get with "pip install magic-wormhole"). When there are
other implementations, with unrelated versions, they should obviously
not pay attention to a warning about the other implementation being out
of date.
2016-05-28 19:11:27 -07:00
Brian Warner
0b53094927 INCOMPATIBILITY: send pake message as dict, not raw bytes
This gives us room in the future to put other keys there, like one which
says we want to use Noise for the phase-message encryption instead of
our current HKDF scheme.
2016-05-28 18:30:36 -07:00
Brian Warner
6a108f93e6 switch most everything to use new utility functions 2016-05-28 18:19:45 -07:00
Brian Warner
3850c164f7 move utility functions to util.py, add new ones 2016-05-28 18:13:32 -07:00
Brian Warner
00efdfa4e2 comment out unfinished function
at this point, it's just an idea
2016-05-27 18:47:14 -07:00
Brian Warner
db31ffe075 minor shuffles 2016-05-26 15:49:45 -07:00
Brian Warner
7acb68d2ee allow WelcomeError to interrupt input_code() 2016-05-26 15:38:19 -07:00
Brian Warner
905ec05696 fix welcome-error signalling
The handler was calling _signal_error() incorrectly.
2016-05-26 15:37:24 -07:00
Brian Warner
75877effef finish renaming "confirm" to "version" 2016-05-25 19:13:56 -07:00
Brian Warner
dcdddc9d60 INCOMPATIBILITY: rename "confirm" phase to "version"
This better reflects the purpose of the message. Key confirmation is a
side-effect.

This patch only changes the "phase:" name and the key-derivation string.
A subsequent patch will modify the function and variable names to match.
2016-05-25 19:13:56 -07:00
Brian Warner
424474cd7e remove unused _derive_confirmation_key() 2016-05-25 19:13:56 -07:00
Brian Warner
7f43561a50 INCOMPATIBILITY: change "confirm" message to include version dict
This gives the two Wormholes a way to signal capabilities to each other,
before the applications start sending their own messages.
2016-05-25 18:27:37 -07:00
Brian Warner
5553729a87 w.verify() now stalls until confirmation message is checked
If it succeeds, you get back the verifier string, which can be compared
against the other side. If it fails, the wormhole code didn't match.
2016-05-25 18:05:02 -07:00
Brian Warner
8b56892a76 drop peer messages if we're closing
This should remove a few Unhandled Errors when the code was wrong.
2016-05-25 16:29:56 -07:00
Brian Warner
4b3d53ba4e log+ignore unrecognized phase messages
This should enable forwards-compatibility with clients which send extra
data, like a pre-PAKE "auxdata" message that hints we should spin up a
tor client (because they can connect to it) while we're waiting for the
user to type in the wormhole code.
2016-05-24 16:15:43 -07:00
Brian Warner
30ab940034 INCOMPATIBLE: change derivation of phase keys to include side
Previously the encryption key used for "phase messages" (anything sent
from one side to the other, protected by the shared PAKE-generated
session key) was derived just from the session key and the phase name.
The two sides would use the same key for their first message (but with
random, thus different, nonces).

This uses the sending side's string (a random 5-byte/10-character hex
string) in the derivation process too, so the two sides use different
keys. This gives us an easy way to reject reflected messages. We already
ignore messages that claim to use a "side" which matches our own (to
ignore server echoes of our own outbound messages). With this change, an
attacker (or the server) can't swap in the payload of an outbound
message, change the "side" to make it look like a peer message, and then
let us decrypt it correctly.

It also changes the derivation function to combine the phase and side
values safely. This didn't matter much when we only had one
externally-provided string, but with two, there's an opportunity for
format confusion if they were combined with a simple delimiter. Now we
hash both values before concatenating them.

This breaks interoperability with clients from before this change. They
will always get WrongPasswordErrors.
2016-05-24 13:47:15 -07:00
Brian Warner
97c5d08b6a internally, _derive_key now takes bytes
The w.derive_key(purpose) API still requires unicode.
2016-05-24 13:31:03 -07:00
Brian Warner
7c8e5fb062 factor out key-derivation, prepare for change 2016-05-24 13:26:08 -07:00
Brian Warner
2c64805ea1 fix input_code 2016-05-24 00:00:04 -07:00
Brian Warner
9bd5afe7df make close() always wait 2016-05-23 23:59:49 -07:00
Brian Warner
e11a6f8243 new connection management, test_wormhole passes 2016-05-23 22:53:26 -07:00
Brian Warner
528092dd97 improve error signalling 2016-05-23 00:14:39 -07:00
Brian Warner
c88d6937c2 close(wait=True): wait for connection to be dropped 2016-05-22 18:45:50 -07:00
Brian Warner
c10fd98167 many tests working
* add "released" ack-response for "release" command, to sync w.close()
* move websocket URL to root
* relayurl= should now be a "ws://" URL
* many tests pass (except for test_twisted, which will be removed, and
  test_scripts)
* still moving integration tests from test_twisted to
  test_wormhole.Wormholes
2016-05-22 18:40:44 -07:00
Brian Warner
3da52b0a3e add 'mock', building out test_wormhole 2016-05-22 11:31:00 -07:00
Brian Warner
53bbcc33f6 new file, state-machine based 2016-05-20 18:49:20 -07:00