Commit Graph

560 Commits

Author SHA1 Message Date
laharah
57d117e4f0 u"" cleanup on rendezvous_websocket.py 2016-06-04 14:09:19 -07:00
laharah
8537d90527 u"" cleanup on rendezvous.py 2016-06-04 14:09:19 -07:00
laharah
2c38795476 u"" cleanup on transit_server.py 2016-06-04 14:09:19 -07:00
laharah
64f7348d05 u"" cleanup on util.py and codes.py 2016-06-04 14:09:19 -07:00
laharah
2c25b4d97d u"" cleanup on wormhole.py 2016-06-04 14:09:19 -07:00
laharah
6a73d50fdd added unicode_literals import to all apropriate modules
bug in twisted serverFromString prevents test.common and transit
from using unicode properly should revisit if twisted gets patched
2016-06-04 12:42:59 -07:00
laharah
33758abd18 added a dict_factory as a new row_factory for the database 2016-06-04 12:28:09 -07:00
Brian Warner
7c15cf7353 code input: don't eat "b" under GNU readline
GNU libreadline, and the libedit-based library shipped on stock OS-X
python, require different key-binding syntaxes to enable tab completion.
The previous commit to fix this (0977ef0) added both binding commands
Unfortunately when GNU libreadline is given the libedit-style
command (i.e. "bind ^I rl_complete"), it binds the letter "b" to a
non-existent command "ind", or something, and as a result the letter "b"
doesn't work anymore.

This patch uses the readline docstring to sense which flavor is
installed, and only runs the one binding command that's appropriate.

refs #37
2016-06-04 00:52:27 -07:00
Brian Warner
996c739b2a oops, fix tests
In some tests, we artificially call _event_connected() without first
initiating a connection.
2016-06-03 23:30:31 -07:00
Brian Warner
a1ce0d8df0 record websocket establishment in timing data 2016-06-03 22:55:52 -07:00
Brian Warner
e13b95660b test_transit: tolerate a localhost-only system
e.g. Appveyor . Refs #16.
2016-06-03 21:46:56 -07:00
Brian Warner
682fe0ae2c transit: allow 127.0.0.1 if that's all we've got
The appveyor tests were failing because their VMs only have 127.0.0.1,
and stripping it out resulted in an empty hint list, which meant Transit
couldn't work at all.
2016-06-03 18:22:53 -07:00
higs4281
55f2fcc3a7 remove commented line 2016-06-03 18:18:34 -07:00
higs4281
eaed2f0a12 Prevent transmit from suggesting 127.0.0.1
The test runs the listener locally, which can turn up 127.0.0.1.
The added code in transmit stops the hint.
2016-06-03 18:18:34 -07:00
Brian Warner
26445c3fc4 test_scripts: fix on windows 2016-06-03 16:43:22 -07:00
Brian Warner
a8c2fb14b1 expire channels faster: 2 hours, not 3 days
With increased usage, I'm seeing a buildup of stale channels. Since the
channels aren't properly ephemeral yet (where they get closed as soon as
the last subscriber disconnects), clients which terminate without
calling close() tend to leave the channel lying around. We don't have
"persistent wormholes" yet, so channels should be much more ephemeral
than they currently are.
2016-06-03 16:23:28 -07:00
Brian Warner
48cc85e88c add file-mode checks to directory test
This new test failed before fixing _extract_file, and now it passes.
2016-06-03 16:05:51 -07:00
Brian Warner
71512809a9 extract _extract_file, add test 2016-06-03 15:38:49 -07:00
Kurt Neufeld
e6f5b9cea4 verify that extracted files are inside abs_destname
also fixed bug where TwistedReceiver.abs_destname was not in fact
absolute.
2016-06-03 14:32:52 -07:00
Kurt Neufeld
b04e434ad4 restore file permissions when extracting zipfile 2016-06-03 12:36:11 -07:00
Kurt Neufeld
608af12b1d verified that ZIP_DEFLATED compresses the files
The docs are a bit misleading but that's how I interpret them.
2016-06-03 11:53:45 -07:00
Brian Warner
0977ef02c4 do tab-completion on OS-X stock python too (libedit)
Apple's stock python doesn't use GNU libreadline, instead it uses BSD
libedit with a readline compatibility interface. The syntax to enable
tab completion is different for libedit. By including both bindings,
autocomplete should work on both flavors.

Closes #37. Thanks to @wsanchez for the catch and the fix.
2016-06-02 20:55:02 -07:00
meejah
5b23669cf3 use ipaddress not ipaddr 2016-06-02 16:20:12 -07:00
Chris Wolfe
0ad8df3750 flush the correct error 2016-06-02 15:21:31 -07:00
Chris Wolfe
65713d8652 make the error message for the cli a bit more specific 2016-06-02 15:21:31 -07:00
Chris Wolfe
bc7dea8bab add simpler exception message, assert that it is being used 2016-06-02 15:21:31 -07:00
Chris Wolfe
5be436b81d raise a specific error when spaces are detected, pass along the docstring to the user 2016-06-02 15:21:31 -07:00
Chris Wolfe
d4d3320277 add failing test, error 2016-06-02 15:21:31 -07:00
Brian Warner
00277c22cf allow MOTD to be displayed multiple times
(one displayed message per received welcome["motd"])

There's not much value in prohibiting the server from sending multiple
MOTD messages, and it would prevent us from using it to display a "your
client is using an old API, please upgrade" message after having already
sent a regular "please donate" MOTD message. (We could send a second
welcome message with ["error"] to kill the client, but ["motd"] is the
most convenient way to deliver a non-fatal warning).
2016-05-28 19:19:22 -07:00
Brian Warner
ea6619bc46 change hostname of public relay
This is an alias for the same host, so it's not really an incompatible
change. The new hostname is my personal domain, and seems a bit more
suitable for this service.
2016-05-28 19:13:44 -07:00
Brian Warner
52e5cbd690 INCOMPATIBILITY: send "current_cli_version", not "current_version"
The reasoning is that this string is only ever likely to refer to the
version of the primary/initial client (the CLI application, written in
Python, that you get with "pip install magic-wormhole"). When there are
other implementations, with unrelated versions, they should obviously
not pay attention to a warning about the other implementation being out
of date.
2016-05-28 19:11:27 -07:00
Brian Warner
0b53094927 INCOMPATIBILITY: send pake message as dict, not raw bytes
This gives us room in the future to put other keys there, like one which
says we want to use Noise for the phase-message encryption instead of
our current HKDF scheme.
2016-05-28 18:30:36 -07:00
Brian Warner
6a108f93e6 switch most everything to use new utility functions 2016-05-28 18:19:45 -07:00
Brian Warner
3850c164f7 move utility functions to util.py, add new ones 2016-05-28 18:13:32 -07:00
Brian Warner
0d30101d7c SCHEMA CHANGE: add 'request_id' to nameplates table
This will be useful for the upcoming "persistent wormhole" mode. A
client might send an allocation request, crash/terminate before
receiving a response, then restart, then re-send the request. If the
server sees a request with the same request_id a previous request, it
can return the same nameplate.

We'll need code changes on both sides to support this (nothing sends or
checks request_id yet), but this lands the schema change early to reduce
future disruption.
2016-05-28 11:46:14 -07:00
Brian Warner
cca2f3cf13 internal rename msg_id, for consistency 2016-05-28 11:19:53 -07:00
Brian Warner
00efdfa4e2 comment out unfinished function
at this point, it's just an idea
2016-05-27 18:47:14 -07:00
Brian Warner
5fe7d320ab oops, pass blur_usage to apps properly, add tests 2016-05-27 18:44:41 -07:00
Brian Warner
eebc9ebd54 rewrite pruning, add full tests
Apparently it was broken: the first time the LoopingCall fired, it would
throw an exception, and never try again. Now it should be fixed.
2016-05-27 18:42:17 -07:00
Brian Warner
0b3863fb52 remove dead code 2016-05-27 18:41:34 -07:00
Brian Warner
5dddeddffd fix "wormhole-server restart" default ports to match plain "start"
now that was confusing.
2016-05-27 18:40:37 -07:00
Brian Warner
1c963170c3 wormhole-server: add count-channels, count-events 2016-05-26 17:45:41 -07:00
Brian Warner
56fec496e2 send transit abilities to far end too, for the future
This will allow a future peer to figure out what transit modes we can
and cannot do, and thus avoid spinning up expensive modes that we won't
be able to use (e.g. WebRTC).
2016-05-26 16:26:00 -07:00
Brian Warner
db31ffe075 minor shuffles 2016-05-26 15:49:45 -07:00
Brian Warner
7acb68d2ee allow WelcomeError to interrupt input_code() 2016-05-26 15:38:19 -07:00
Brian Warner
905ec05696 fix welcome-error signalling
The handler was calling _signal_error() incorrectly.
2016-05-26 15:37:24 -07:00
Brian Warner
80c88387ef improve formatting of error messages 2016-05-26 15:36:44 -07:00
Brian Warner
19702e01ac make send pay attention to receiver errors correctly
Errors like "Refusing to overwrite existing file" would leave the sender
hanging, because it was looking for the "error" key in the wrong place.
2016-05-25 22:44:18 -07:00
Brian Warner
de627ccbef fix --dump-timing= on py3, wants a text-mode file 2016-05-25 22:06:26 -07:00
Brian Warner
708bcf36d4 INCOMPATIBILITY: send+expect hash of data after xfer
This enhances the ACK that wormhole-receive returns when it finishes
receiving all the data to be a dictionary. The dict includes the SHA256
hash of everything it received, and the sender checks this for a match
before declaring the transfer to be a success. This guards against data
being shuffled somehow during transit.
2016-05-25 19:36:56 -07:00
Brian Warner
d8f6126916 transit.writeToFile: add hasher= argument 2016-05-25 19:35:50 -07:00
Brian Warner
01ec5fb2a6 rename test_transit_twisted.py, drop the twisted 2016-05-25 19:21:54 -07:00
Brian Warner
75877effef finish renaming "confirm" to "version" 2016-05-25 19:13:56 -07:00
Brian Warner
dcdddc9d60 INCOMPATIBILITY: rename "confirm" phase to "version"
This better reflects the purpose of the message. Key confirmation is a
side-effect.

This patch only changes the "phase:" name and the key-derivation string.
A subsequent patch will modify the function and variable names to match.
2016-05-25 19:13:56 -07:00
Brian Warner
424474cd7e remove unused _derive_confirmation_key() 2016-05-25 19:13:56 -07:00
Brian Warner
7f43561a50 INCOMPATIBILITY: change "confirm" message to include version dict
This gives the two Wormholes a way to signal capabilities to each other,
before the applications start sending their own messages.
2016-05-25 18:27:37 -07:00
Brian Warner
e1c488247f remove redundant test 2016-05-25 18:27:24 -07:00
Brian Warner
5553729a87 w.verify() now stalls until confirmation message is checked
If it succeeds, you get back the verifier string, which can be compared
against the other side. If it fails, the wormhole code didn't match.
2016-05-25 18:05:02 -07:00
Brian Warner
8b56892a76 drop peer messages if we're closing
This should remove a few Unhandled Errors when the code was wrong.
2016-05-25 16:29:56 -07:00
Brian Warner
a251e58967 oops, fix tests to use /v1 too 2016-05-25 00:34:13 -07:00
Brian Warner
1fabf18f0e INCOMPATIBILITY: move relay url to /v1
This should make it cleaner to add a /v2 in the future.
2016-05-25 00:29:23 -07:00
Brian Warner
f2050c5fd4 internal renaming: hint objects vs hint structs 2016-05-25 00:23:12 -07:00
Brian Warner
7aa55e6b65 INCOMPATIBILITY: deliver hints as JSON, not strings
The file-send protocol now sends a "hints-v1" key in the "transit"
message, which contains a list of JSON data structures that describe the
connection hints (a mixture of direct, tor, and relay hints, for now).
Previously the direct/tor and relay hints were sent in different keys,
and all were sent as strings like "tcp:hostname:1234" which had to be
parsed by the recipient.

The new structures include a version string, to make it easier to add
new types in the future. Transit logs+ignores hints it cannot
understand.
2016-05-25 00:11:17 -07:00
Brian Warner
afdbbe84c3 cmd_send: allow multiple things in a single message 2016-05-24 19:30:55 -07:00
Brian Warner
8e7c6f16cb cmd_receive: tolerate unrecognized messages
at the expense of not failing quickly when the sender doesn't send an
offer
2016-05-24 19:30:21 -07:00
Brian Warner
1b5f3e125e cmd_receive: add underscore prefix to all internal methods 2016-05-24 19:14:56 -07:00
Brian Warner
812fd0b4da INCOMPATIBILITY: send "transit" message before offer/answer
In the future, both sides should expect to receive "transit" messages at
any time, and they will add to the list of hints that they should try.
For now, each side only sends a single transit message, before they send
the offer (sender) or answer (receiver).
2016-05-24 18:59:04 -07:00
Brian Warner
1a9e565fc3 cmd_send: turn into a self-contained class
This will make it easier to maintain state.
2016-05-24 17:44:41 -07:00
Brian Warner
ac1db705fe INCOMPATIBLE CHANGE: put offer/answer in their own keys
This moves us slowly towards a file-transfer protocol that exchanges
multiple messages, with a single offer (sender->receiver) and
answer (receiver->sender), and one or more connection hint messages (in
either direction) that appear gradually over time as connection
providers come online.

At present the protocol still expects the whole hint list to be present
in the offer/answer message.
2016-05-24 17:32:30 -07:00
Brian Warner
96f25ec7a2 rename phase1 to offer/answer
rearrange cmd_send a bit to do less before the Wormhole is built
2016-05-24 16:41:13 -07:00
Brian Warner
0414051df2 remove wormhole/twisted/ 2016-05-24 16:26:17 -07:00
Brian Warner
c06bc83d3f remove unused twisted/eventual.py 2016-05-24 16:25:37 -07:00
Brian Warner
c218b939c0 move wormhole.twisted.tor_manager up to wormhole/ 2016-05-24 16:25:12 -07:00
Brian Warner
7140565b99 move wormhole.twisted.ipaddrs up to wormhole/ 2016-05-24 16:23:52 -07:00
Brian Warner
0e1a4dd513 move wormhole.twisted.transit up to wormhole.transit 2016-05-24 16:22:37 -07:00
Brian Warner
4b3d53ba4e log+ignore unrecognized phase messages
This should enable forwards-compatibility with clients which send extra
data, like a pre-PAKE "auxdata" message that hints we should spin up a
tor client (because they can connect to it) while we're waiting for the
user to type in the wormhole code.
2016-05-24 16:15:43 -07:00
Brian Warner
783cd984f6 add 'coverage' environment for tox 2016-05-24 16:03:39 -07:00
Brian Warner
90e6d23c17 change server default port to match new public relay 2016-05-24 14:12:10 -07:00
Brian Warner
30ab940034 INCOMPATIBLE: change derivation of phase keys to include side
Previously the encryption key used for "phase messages" (anything sent
from one side to the other, protected by the shared PAKE-generated
session key) was derived just from the session key and the phase name.
The two sides would use the same key for their first message (but with
random, thus different, nonces).

This uses the sending side's string (a random 5-byte/10-character hex
string) in the derivation process too, so the two sides use different
keys. This gives us an easy way to reject reflected messages. We already
ignore messages that claim to use a "side" which matches our own (to
ignore server echoes of our own outbound messages). With this change, an
attacker (or the server) can't swap in the payload of an outbound
message, change the "side" to make it look like a peer message, and then
let us decrypt it correctly.

It also changes the derivation function to combine the phase and side
values safely. This didn't matter much when we only had one
externally-provided string, but with two, there's an opportunity for
format confusion if they were combined with a simple delimiter. Now we
hash both values before concatenating them.

This breaks interoperability with clients from before this change. They
will always get WrongPasswordErrors.
2016-05-24 13:47:15 -07:00
Brian Warner
97c5d08b6a internally, _derive_key now takes bytes
The w.derive_key(purpose) API still requires unicode.
2016-05-24 13:31:03 -07:00
Brian Warner
7c8e5fb062 factor out key-derivation, prepare for change 2016-05-24 13:26:08 -07:00
Brian Warner
77661bf94e use new relay URL, for new protocol 2016-05-24 13:10:45 -07:00
Brian Warner
c5b174dd6a Merge branch 'master' into new-proto 2016-05-24 13:08:21 -07:00
Brian Warner
fb2ffe1963 add --signal-error to restart too 2016-05-24 12:59:02 -07:00
Brian Warner
a2b88dbf61 server: add --signal-error CLI argument 2016-05-24 12:46:42 -07:00
Brian Warner
1ef6218b5b remove old twisted/transcribe.py, now just wormhole.py 2016-05-24 00:01:22 -07:00
Brian Warner
3a062eaa26 bring scripts and tests up to date
* use wormhole instead of transcribe.py
* send() no longer waits
* get_verifier -> verify
* derive_key demands a length
2016-05-24 00:00:44 -07:00
Brian Warner
e2aa43d0a9 transit: expose desired key length 2016-05-24 00:00:21 -07:00
Brian Warner
2c64805ea1 fix input_code 2016-05-24 00:00:04 -07:00
Brian Warner
9bd5afe7df make close() always wait 2016-05-23 23:59:49 -07:00
Brian Warner
e11a6f8243 new connection management, test_wormhole passes 2016-05-23 22:53:26 -07:00
Brian Warner
7bcefa78e6 remove test_twisted, now in test_wormhole 2016-05-23 22:53:26 -07:00
Brian Warner
528092dd97 improve error signalling 2016-05-23 00:14:39 -07:00
Brian Warner
c88d6937c2 close(wait=True): wait for connection to be dropped 2016-05-22 18:45:50 -07:00
Brian Warner
c10fd98167 many tests working
* add "released" ack-response for "release" command, to sync w.close()
* move websocket URL to root
* relayurl= should now be a "ws://" URL
* many tests pass (except for test_twisted, which will be removed, and
  test_scripts)
* still moving integration tests from test_twisted to
  test_wormhole.Wormholes
2016-05-22 18:40:44 -07:00
Brian Warner
3da52b0a3e add 'mock', building out test_wormhole 2016-05-22 11:31:00 -07:00
Brian Warner
0ee56e12b0 change 'list' protocol, make room for nameplate attributes 2016-05-22 11:01:44 -07:00
Brian Warner
53bbcc33f6 new file, state-machine based 2016-05-20 18:49:20 -07:00
Brian Warner
181ef04a91 break out more message components, use SidedMessage 2016-05-20 16:39:59 -07:00
Brian Warner
05aa5ca76e WIP Wormhole 2016-05-20 13:51:05 -07:00