Commit Graph

46 Commits

Author SHA1 Message Date
Brian Warner
7955a36bfd switch to new API
This renames all the existing API methods, to use a consistent
"d=get_XYZ()" (for Deferred mode) or "dg.wormhole_got_XYZ()" (for Delegated
mode). It updates cmd_send/cmd_receive/cmd_ssh to use the new API.

Since we now have get_welcome(), apps handle the Welcome message with a
Deferred callback instead of registering a "welcome handler". This lets us
make sure we've finished printing any server message-of-the-day or "you
should update your client" message to stdout before using stdio to ask for
the wormhole code. (Previously, the code-input prompt was overwritten by the
server message, and it was ugly). refs #145. This approach adds an extra
roundtrip to the receiver, but we can fix that (see #145 for details).

Because of that change, the server-is-being-slow message is printed at a
slightly different time, so those tests needed some extra work to exercise it
properly.
2017-05-15 02:13:24 -07:00
Brian Warner
77bb7f5be7 test_wormhole: improve tests of derive_key() 2017-04-19 10:50:52 -04:00
Brian Warner
654bba4d3e test_wormhole: use assertRaises as context manager 2017-04-19 10:50:46 -04:00
Brian Warner
d0fb7a834d tests: exercise DelegatedWormhole 2017-04-19 10:50:31 -04:00
Brian Warner
f541930110 tests: exercise set_trace 2017-04-19 10:49:12 -04:00
Brian Warner
0774ac8c36 test_wormhole: more coverage 2017-04-18 14:05:46 -04:00
Brian Warner
9dde091f2b test_wormhole.py: remove dead code 2017-04-16 10:56:17 -04:00
Brian Warner
781d791e03 test server-reconnection: it worked already
Cool, it actually worked without changes. Closes #42
2017-04-07 09:48:48 -07:00
Brian Warner
992db1846c minor TODO comments 2017-04-06 19:44:27 -07:00
Brian Warner
83e55f1f3e add w.when_key(), fix w.when_verified() to fire later
Previously, w.when_verified() was documented to fire only after a valid
encrypted message was received, but in fact it fired as soon as the shared
key was derived (before any encrypted messages are seen, so no actual
"verification" could occur yet).

This fixes that, and also adds a new w.when_key() API call which fires at the
earlier point. Having something which fires early is useful for the CLI
commands that want to print a pacifier message when the peer is responding
slowly. In particular it helps detect the case where 'wormhole send' has quit
early (after depositing the PAKE message on the server, but before the
receiver has started). In this case, the receiver will compute the shared
key, but then wait forever hoping for a VERSION that will never come. By
starting a timer when w.when_key() fires, and cancelling it when
w.when_verified() fires, we have a good place to tell the user that something
is taking longer than it should have.

This shifts responsibility for notifying Boss.got_verifier, out of Key and
into Receive, since Receive is what notices the first valid encrypted
message. It also shifts the Boss's ordering expectations: it now receives
B.happy() before B.got_verifier(), and consequently got_verifier ought to
arrive in the S2_happy state rather than S1_lonely.
2017-04-06 18:27:41 -07:00
Brian Warner
f957e9b2fb test_wormhole: check when_verified() being called late 2017-04-06 12:26:52 -07:00
Brian Warner
df1b2338b1 tests: exercise Key receiving PAKE before set_code 2017-04-06 12:22:45 -07:00
Brian Warner
8882e6f64e merge test_wormhole_new into test_wormhole 2017-04-06 12:22:45 -07:00
Brian Warner
76f5960517 rewrite welcome handler 2017-04-06 12:22:45 -07:00
Brian Warner
152775c5c0 hush pyflakes 2017-04-06 12:22:45 -07:00
Brian Warner
bbef68c11e remove no-longer-relevant tests 2017-04-06 12:22:45 -07:00
Brian Warner
7c18fb81dd only allow code to be set once 2017-04-06 12:22:44 -07:00
Brian Warner
5f9894ca63 API updates, make most tests pass, disable others
* finally wire up "application versions"
* remove when_verifier (which used to fire after key establishment, but
  before the VERSION message was received or verified)
* fire when_verified and when_version at the same time (after VERSION is
  verified), but with different args
2017-04-06 12:22:44 -07:00
Brian Warner
4234e79161 test_wormhole: fix message-doubling test 2017-04-06 12:21:00 -07:00
Brian Warner
62b069dea6 Wormhole: control stderr 2017-01-12 16:14:42 -08:00
Brian Warner
8b5d884636 add (failing/hanging) test of receiving duplicate messages
it's a pity this causes a hang, rather than a cleaner exception
2016-12-26 15:21:45 -05:00
Brian Warner
face9423dd internals: ensure _API_establish_key is not called twice 2016-12-16 01:33:17 -08:00
laharah
680b01b3fc added api hooks to get notification about key excange
added more coverage to establish key API hook
2016-12-16 01:03:01 -08:00
laharah
33fa6f6ede tests for new establish_key wormhole hook
defered should behave similarly to the `verify` hook
2016-12-16 01:03:01 -08:00
meejah
7fab6b3dff Change UsageError -> InternalError, use click.UsageError for human-visible errors 2016-06-22 02:14:34 -06:00
laharah
8fa40d3cd5 u"" cleanup on test_wormhole.py 2016-06-04 14:09:19 -07:00
laharah
6a73d50fdd added unicode_literals import to all apropriate modules
bug in twisted serverFromString prevents test.common and transit
from using unicode properly should revisit if twisted gets patched
2016-06-04 12:42:59 -07:00
Chris Wolfe
0ad8df3750 flush the correct error 2016-06-02 15:21:31 -07:00
Chris Wolfe
bc7dea8bab add simpler exception message, assert that it is being used 2016-06-02 15:21:31 -07:00
Chris Wolfe
d4d3320277 add failing test, error 2016-06-02 15:21:31 -07:00
Brian Warner
00277c22cf allow MOTD to be displayed multiple times
(one displayed message per received welcome["motd"])

There's not much value in prohibiting the server from sending multiple
MOTD messages, and it would prevent us from using it to display a "your
client is using an old API, please upgrade" message after having already
sent a regular "please donate" MOTD message. (We could send a second
welcome message with ["error"] to kill the client, but ["motd"] is the
most convenient way to deliver a non-fatal warning).
2016-05-28 19:19:22 -07:00
Brian Warner
52e5cbd690 INCOMPATIBILITY: send "current_cli_version", not "current_version"
The reasoning is that this string is only ever likely to refer to the
version of the primary/initial client (the CLI application, written in
Python, that you get with "pip install magic-wormhole"). When there are
other implementations, with unrelated versions, they should obviously
not pay attention to a warning about the other implementation being out
of date.
2016-05-28 19:11:27 -07:00
Brian Warner
0b53094927 INCOMPATIBILITY: send pake message as dict, not raw bytes
This gives us room in the future to put other keys there, like one which
says we want to use Noise for the phase-message encryption instead of
our current HKDF scheme.
2016-05-28 18:30:36 -07:00
Brian Warner
905ec05696 fix welcome-error signalling
The handler was calling _signal_error() incorrectly.
2016-05-26 15:37:24 -07:00
Brian Warner
75877effef finish renaming "confirm" to "version" 2016-05-25 19:13:56 -07:00
Brian Warner
dcdddc9d60 INCOMPATIBILITY: rename "confirm" phase to "version"
This better reflects the purpose of the message. Key confirmation is a
side-effect.

This patch only changes the "phase:" name and the key-derivation string.
A subsequent patch will modify the function and variable names to match.
2016-05-25 19:13:56 -07:00
Brian Warner
7f43561a50 INCOMPATIBILITY: change "confirm" message to include version dict
This gives the two Wormholes a way to signal capabilities to each other,
before the applications start sending their own messages.
2016-05-25 18:27:37 -07:00
Brian Warner
e1c488247f remove redundant test 2016-05-25 18:27:24 -07:00
Brian Warner
5553729a87 w.verify() now stalls until confirmation message is checked
If it succeeds, you get back the verifier string, which can be compared
against the other side. If it fails, the wormhole code didn't match.
2016-05-25 18:05:02 -07:00
Brian Warner
30ab940034 INCOMPATIBLE: change derivation of phase keys to include side
Previously the encryption key used for "phase messages" (anything sent
from one side to the other, protected by the shared PAKE-generated
session key) was derived just from the session key and the phase name.
The two sides would use the same key for their first message (but with
random, thus different, nonces).

This uses the sending side's string (a random 5-byte/10-character hex
string) in the derivation process too, so the two sides use different
keys. This gives us an easy way to reject reflected messages. We already
ignore messages that claim to use a "side" which matches our own (to
ignore server echoes of our own outbound messages). With this change, an
attacker (or the server) can't swap in the payload of an outbound
message, change the "side" to make it look like a peer message, and then
let us decrypt it correctly.

It also changes the derivation function to combine the phase and side
values safely. This didn't matter much when we only had one
externally-provided string, but with two, there's an opportunity for
format confusion if they were combined with a simple delimiter. Now we
hash both values before concatenating them.

This breaks interoperability with clients from before this change. They
will always get WrongPasswordErrors.
2016-05-24 13:47:15 -07:00
Brian Warner
9bd5afe7df make close() always wait 2016-05-23 23:59:49 -07:00
Brian Warner
e11a6f8243 new connection management, test_wormhole passes 2016-05-23 22:53:26 -07:00
Brian Warner
528092dd97 improve error signalling 2016-05-23 00:14:39 -07:00
Brian Warner
c88d6937c2 close(wait=True): wait for connection to be dropped 2016-05-22 18:45:50 -07:00
Brian Warner
c10fd98167 many tests working
* add "released" ack-response for "release" command, to sync w.close()
* move websocket URL to root
* relayurl= should now be a "ws://" URL
* many tests pass (except for test_twisted, which will be removed, and
  test_scripts)
* still moving integration tests from test_twisted to
  test_wormhole.Wormholes
2016-05-22 18:40:44 -07:00
Brian Warner
3da52b0a3e add 'mock', building out test_wormhole 2016-05-22 11:31:00 -07:00