Start `enc` socket wrapper

Fortune for rsh's current commit: Curse − 凶
exchange-unsafe
Avril 3 years ago
parent d271f164fa
commit 62f3c384b2
Signed by: flanchan
GPG Key ID: 284488987C31F630

@ -2,6 +2,7 @@
use super::*; use super::*;
use std::time::Duration; use std::time::Duration;
/*
pub mod fail; pub mod fail;
pub use fail::Failures; pub use fail::Failures;
@ -18,23 +19,25 @@ pub enum Leniency
/// Immediately disconnect the socket on **any** malformed/missed message. /// Immediately disconnect the socket on **any** malformed/missed message.
None, None,
} }
*/
/// A capability (permission) for a raw socket's data transmission. /// A capability (permission) for a raw socket's data transmission.
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum RawSockCapability pub enum RawSockCapability
{ {
/// Process /// Process messages that aren't signed.
AllowUnsignedMessages, AllowUnsignedMessages,
/// Do not disconnect the socket when a malformed message is received, just ignore the message. /// Do not disconnect the socket when a malformed message is received, just ignore the message.
SoftFail, SoftFail,
/// Throttle the number of messages to process /// Throttle the number of messages to process
RateLimit{ tx: usize, rx: usize }, RateLimit { tx: usize, rx: usize },
/// The request response timeout for messages with an expected response. /// The request response timeout for messages with an expected response.
RecvRespTimeout { tx: Duration, rx: Duration }, RecvRespTimeout { tx: Duration, rx: Duration },
/// Max number of bytes to read for a single message.
//TODO: Implement this for message
MaxMessageSize(usize),
} }
/// A collection of `RawSockCapability`s for a specific connection.
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct RawSockCapabilities;

@ -1,6 +1,6 @@
//! Socket handlers //! Socket handlers
use super::*; use super::*;
use std::collections::HashSet;
use std::net::{ use std::net::{
SocketAddr, SocketAddr,
}; };
@ -9,9 +9,16 @@ use tokio::io::{
AsyncRead AsyncRead
}; };
use tokio::task::JoinHandle; use tokio::task::JoinHandle;
use tokio::sync::{
mpsc,
oneshot,
};
use futures::Future; use futures::Future;
use bytes::Bytes;
use cancel::*; use cancel::*;
pub mod enc;
/// Details of a newly accepted raw socket peer. /// Details of a newly accepted raw socket peer.
/// ///
@ -32,20 +39,48 @@ pub struct RawSockPeerTrusted
/// The socket's details /// The socket's details
pub sock_details: RawSockPeerAccepted, pub sock_details: RawSockPeerAccepted,
/// /// Capabilities for this peer
pub cap_allow: cap::RawSockCapabilities, pub cap_allow: HashSet<cap::RawSockCapability>,
}
/// A raw, received message from a `RawPeer`.
#[derive(Debug)]
pub struct RawMessage{
message_bytes: Bytes,
}
/// A connected raw peer, created and handled by `handle_new_socket_with_shutdown()`.
#[derive(Debug)]
pub struct RawPeer{
info: RawSockPeerTrusted,
rx: mpsc::Receiver<RawMessage>,
} }
/// Handles a **newly connected** raw socket. /// Handles a **newly connected** raw socket.
/// ///
/// This will handle setting up socket peer encryption and validation. /// This will handle setting up socket peer encryption and validation.
pub fn handle_new_socket_with_shutdown<R, W, C: cancel::CancelFuture + 'static + Send>(sock_details: RawSockPeerAccepted, tx: W, rx: R, shutdown: C) -> JoinHandle<eyre::Result<()>> pub fn handle_new_socket_with_shutdown<R, W, C: cancel::CancelFuture + 'static + Send>(
sock_details: RawSockPeerAccepted,
set_peer: oneshot::Sender<RawPeer>,
tx: W, rx: R,
shutdown: C
) -> JoinHandle<eyre::Result<()>>
where R: AsyncRead + Unpin + Send + 'static, where R: AsyncRead + Unpin + Send + 'static,
W: AsyncWrite + Unpin + Send + 'static W: AsyncWrite + Unpin + Send + 'static
{ {
tokio::spawn(async move { tokio::spawn(async move {
match { match {
with_cancel!(async move { with_cancel!(async move {
// Create empty cap
let mut sock_details = RawSockPeerTrusted {
sock_details,
cap_allow: HashSet::new(),
};
// Set up encryption
//TODO: Find caps for this peer.
Ok(()) Ok(())
}, shutdown) }, shutdown)

@ -0,0 +1,58 @@
//! Socket encryption wrapper
use super::*;
use cryptohelpers::{
rsa::{
RsaPublicKey,
RsaPrivateKey,
},
sha256,
};
use chacha20stream::{
AsyncSink,
};
use std::sync::Arc;
use tokio::{
sync::{
RwLock,
},
io::{
self,
DuplexStream,
},
};
/// Encrypted socket information.
#[derive(Debug)]
struct ESockInfo {
us: RsaPrivateKey,
them: Option<RsaPublicKey>,
}
/// A tx+rx socket.
#[pin_project]
#[derive(Debug)]
pub struct ESock<W, R> {
info: RwLock<ESockInfo>,
#[pin]
// Raw (not encrypted) reader
rx: R,
#[pin]
tx: AsyncSink<W>,
}
/// Write half for `ESock`.
#[pin_project]
#[derive(Debug)]
pub struct ESockWriteHalf<W>(Arc<ESockInfo>, #[pin] AsyncSink<W>);
/// Read half for `ESock`.
#[pin_project]
#[derive(Debug)]
pub struct ESockReadHalf<R>(
Arc<ESockInfo>,
#[pin] R, // read from this (raw.)
#[pin] AsyncSink<DuplexStream>, // sink raw from `R` here, outputs decrypted bytes into next.
#[pin] DuplexStream, // read decrypted bytes from here.
);
Loading…
Cancel
Save