jmg
/
ntunnel
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Wiki Activity
An stunnel like program that utilizes the Noise protocol.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19 Commits
2 Branches
375 KiB
 
 
Tree: 1112dfb6dc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1112dfb6dc'
${ noResults }
ntunnel/ntunnel.py

321 lines
8.1 KiB
Raw Blame History 

  1. from noise.connection import NoiseConnection, Keypair

  2. from cryptography.hazmat.primitives.kdf.hkdf import HKDF

  3. from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes

  4. from cryptography.hazmat.primitives import hashes

  5. from twistednoise import genkeypair

  6. from cryptography.hazmat.backends import default_backend

  7. 

  8. import asyncio

  9. import os.path

  10. import shutil

  11. import socket

  12. import tempfile

  13. import threading

  14. import unittest

  15. 

  16. _backend = default_backend()

  17. 

  18. def _makeunix(path):

  19. 	'''Make a properly formed unix path socket string.'''

  20. 

  21. 	return 'unix:%s' % path

  22. 

  23. def _parsesockstr(sockstr):

  24. 	proto, rem = sockstr.split(':', 1)

  25. 

  26. 	return proto, rem

  27. 

  28. async def connectsockstr(sockstr):

  29. 	proto, rem = _parsesockstr(sockstr)

  30. 

  31. 	reader, writer = await asyncio.open_unix_connection(rem)

  32. 

  33. 	return reader, writer

  34. 

  35. async def listensockstr(sockstr, cb):

  36. 	'''Wrapper for asyncio.start_x_server.

  37. 

  38. 	The format of sockstr is: 'proto:param=value[,param2=value2]'.

  39. 	If the proto has a default parameter, the value can be used

  40. 	directly, like: 'proto:value'.  This is only allowed when the

  41. 	value can unambiguously be determined not to be a param.

  42. 

  43. 	The characters that define 'param' must be all lower case ascii

  44. 	characters and may contain an underscore.  The first character

  45. 	must not be and underscore.

  46. 

  47. 	Supported protocols:

  48. 		unix:

  49. 			Default parameter is path.

  50. 			The path parameter specifies the path to the

  51. 			unix domain socket.  The path MUST start w/ a

  52. 			slash if it is used as a default parameter.

  53. 	'''

  54. 

  55. 	proto, rem = _parsesockstr(sockstr)

  56. 

  57. 	server = await asyncio.start_unix_server(cb, path=rem)

  58. 

  59. 	return server

  60. 

  61. # !!python makemessagelengths.py

  62. _handshakelens = \

  63. [72, 72, 88]

  64. 

  65. def _genciphfun(hash, ad):

  66. 	hkdf = HKDF(algorithm=hashes.SHA256(), length=32,

  67. 	    salt=b'asdoifjsldkjdsf', info=ad, backend=_backend)

  68. 

  69. 	key = hkdf.derive(hash)

  70. 	cipher = Cipher(algorithms.AES(key), modes.ECB(),

  71. 	    backend=_backend)

  72. 	enctor = cipher.encryptor()

  73. 

  74. 	def encfun(data):

  75. 		# Returns the two bytes for length

  76. 		val = len(data)

  77. 		encbytes = enctor.update(data[:16])

  78. 		mask = int.from_bytes(encbytes[:2], byteorder='big') & 0xff

  79. 

  80. 		return (val ^ mask).to_bytes(length=2, byteorder='big')

  81. 

  82. 	def decfun(data):

  83. 		# takes off the data and returns the total

  84. 		# length

  85. 		val = int.from_bytes(data[:2], byteorder='big')

  86. 		encbytes = enctor.update(data[2:2 + 16])

  87. 		mask = int.from_bytes(encbytes[:2], byteorder='big') & 0xff

  88. 

  89. 		return val ^ mask

  90. 

  91. 	return encfun, decfun

  92. 

  93. async def NoiseForwarder(mode, priv_key, rdrwrr, ptsockstr):

  94. 	rdr, wrr = rdrwrr

  95. 

  96. 	proto = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  97. 

  98. 	proto.set_keypair_from_private_bytes(Keypair.STATIC, priv_key)

  99. 

  100. 	proto.set_as_responder()

  101. 

  102. 	proto.start_handshake()

  103. 

  104. 	proto.read_message(await rdr.readexactly(_handshakelens[0]))

  105. 

  106. 	wrr.write(proto.write_message())

  107. 

  108. 	proto.read_message(await rdr.readexactly(_handshakelens[2]))

  109. 

  110. 	if not proto.handshake_finished:	# pragma: no cover

  111. 		raise RuntimeError('failed to finish handshake')

  112. 

  113. 	# generate the keys for lengths

  114. 	_, declenfun = _genciphfun(proto.get_handshake_hash(), b'toresp')

  115. 	enclenfun, _ = _genciphfun(proto.get_handshake_hash(), b'toinit')

  116. 

  117. 	reader, writer = await connectsockstr(ptsockstr)

  118. 

  119. 	async def decses():

  120. 		try:

  121. 			while True:

  122. 				try:

  123. 					msg = await rdr.readexactly(2 + 16)

  124. 				except asyncio.streams.IncompleteReadError:

  125. 					if rdr.at_eof():

  126. 						return 'dec'

  127. 

  128. 				tlen = declenfun(msg)

  129. 				rmsg = await rdr.readexactly(tlen - 16)

  130. 				tmsg = msg[2:] + rmsg

  131. 				writer.write(proto.decrypt(tmsg))

  132. 				await writer.drain()

  133. 		finally:

  134. 			print('foo')

  135. 			# XXX - how to test

  136. 			#writer.write_eof()

  137. 

  138. 	async def encses():

  139. 		while True:

  140. 			ptmsg = await reader.read(65535 - 16) # largest message

  141. 			encmsg = proto.encrypt(ptmsg)

  142. 			wrr.write(enclenfun(encmsg))

  143. 			wrr.write(encmsg)

  144. 			await wrr.drain()

  145. 

  146. 	done, pending = await asyncio.wait((decses(), encses()), return_when=asyncio.FIRST_COMPLETED)

  147. 	for i in done:

  148. 		print('v:', repr(await i))

  149. 

  150. 	done, pending = await asyncio.wait(pending, return_when=asyncio.FIRST_COMPLETED)

  151. 	for i in done:

  152. 		print('v:', repr(await i))

  153. 

  154. 	return done

  155. 

  156. class TestListenSocket(unittest.TestCase):

  157. 	def test_listensockstr(self):

  158. 		# XXX write test

  159. 		pass

  160. 

  161. # https://stackoverflow.com/questions/23033939/how-to-test-python-3-4-asyncio-code

  162. def async_test(f):

  163. 	def wrapper(*args, **kwargs):

  164. 		coro = asyncio.coroutine(f)

  165. 		future = coro(*args, **kwargs)

  166. 		loop = asyncio.get_event_loop()

  167. 

  168. 		# timeout after 2 seconds

  169. 		loop.run_until_complete(asyncio.wait_for(future, 2))

  170. 	return wrapper

  171. 

  172. class Tests_misc(unittest.TestCase):

  173. 	def test_genciphfun(self):

  174. 		enc, dec = _genciphfun(b'0' * 32, b'foobar')

  175. 

  176. 		msg = b'this is a bunch of data'

  177. 

  178. 		tb = enc(msg)

  179. 

  180. 		self.assertEqual(len(msg), dec(tb + msg))

  181. 

  182. 		for i in [ 20, 1384, 64000, 23839, 65535 ]:

  183. 			msg = os.urandom(i)

  184. 			self.assertEqual(len(msg), dec(enc(msg) + msg))

  185. 

  186. class Tests(unittest.TestCase):

  187. 	def setUp(self):

  188. 		# setup temporary directory

  189. 		d = os.path.realpath(tempfile.mkdtemp())

  190. 		self.basetempdir = d

  191. 		self.tempdir = os.path.join(d, 'subdir')

  192. 		os.mkdir(self.tempdir)

  193. 

  194. 		# Generate key pairs

  195. 		self.server_key_pair = genkeypair()

  196. 		self.client_key_pair = genkeypair()

  197. 

  198. 	def tearDown(self):

  199. 		shutil.rmtree(self.basetempdir)

  200. 		self.tempdir = None

  201. 

  202. 	@async_test

  203. 	async def test_server(self):

  204. 		# Path that the server will sit on

  205. 		servsockpath = os.path.join(self.tempdir, 'servsock')

  206. 		servarg = _makeunix(servsockpath)

  207. 

  208. 		# Path that the server will send pt data to

  209. 		servsockpath = os.path.join(self.tempdir, 'servptsock')

  210. 

  211. 		# Setup pt target listener

  212. 		pttarg = _makeunix(servsockpath)

  213. 		ptsock = []

  214. 		def ptsockaccept(reader, writer, ptsock=ptsock):

  215. 			ptsock.append((reader, writer))

  216. 

  217. 		# Bind to pt listener

  218. 		lsock = await listensockstr(pttarg, ptsockaccept)

  219. 

  220. 		nfs = []

  221. 		event = asyncio.Event()

  222. 

  223. 		async def runnf(rdr, wrr):

  224. 			print('a')

  225. 			a = await NoiseForwarder('resp', self.server_key_pair[1], (rdr, wrr), pttarg)

  226. 

  227. 			print('b')

  228. 			nfs.append(a)

  229. 			print('c')

  230. 			event.set()

  231. 			print('d')

  232. 

  233. 		# Setup server listener

  234. 		ssock = await listensockstr(servarg, runnf)

  235. 

  236. 		# Connect to server

  237. 		reader, writer = await connectsockstr(servarg)

  238. 

  239. 		# Create client

  240. 		proto = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  241. 		proto.set_as_initiator()

  242. 

  243. 		# Setup required keys

  244. 		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])

  245. 		proto.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, self.server_key_pair[0])

  246. 

  247. 		proto.start_handshake()

  248. 

  249. 		# Send first message

  250. 		message = proto.write_message()

  251. 		self.assertEqual(len(message), _handshakelens[0])

  252. 		writer.write(message)

  253. 

  254. 		# Get response

  255. 		respmsg = await reader.readexactly(_handshakelens[1])

  256. 		proto.read_message(respmsg)

  257. 

  258. 		# Send final reply

  259. 		message = proto.write_message()

  260. 		writer.write(message)

  261. 

  262. 		# Make sure handshake has completed

  263. 		self.assertTrue(proto.handshake_finished)

  264. 

  265. 		# generate the keys for lengths

  266. 		enclenfun, _ = _genciphfun(proto.get_handshake_hash(), b'toresp')

  267. 		_, declenfun = _genciphfun(proto.get_handshake_hash(), b'toinit')

  268. 

  269. 		# write a test message

  270. 		ptmsg = b'this is a test message that should be a little in length'

  271. 		encmsg = proto.encrypt(ptmsg)

  272. 		writer.write(enclenfun(encmsg))

  273. 		writer.write(encmsg)

  274. 

  275. 		# XXX - how to sync?

  276. 		await asyncio.sleep(.1)

  277. 

  278. 		# read the test message

  279. 		rptmsg = await ptsock[0][0].readexactly(len(ptmsg))

  280. 

  281. 		self.assertEqual(rptmsg, ptmsg)

  282. 

  283. 		# write a different message

  284. 		ptmsg = os.urandom(2843)

  285. 		encmsg = proto.encrypt(ptmsg)

  286. 		writer.write(enclenfun(encmsg))

  287. 		writer.write(encmsg)

  288. 

  289. 		# XXX - how to sync?

  290. 		await asyncio.sleep(.1)

  291. 

  292. 		# read the test message

  293. 		rptmsg = await ptsock[0][0].readexactly(len(ptmsg))

  294. 

  295. 		self.assertEqual(rptmsg, ptmsg)

  296. 

  297. 		# now try the other way

  298. 		ptmsg = os.urandom(912)

  299. 		ptsock[0][1].write(ptmsg)

  300. 

  301. 		# find out how much we need to read

  302. 		encmsg = await reader.readexactly(2 + 16)

  303. 		tlen = declenfun(encmsg)

  304. 

  305. 		# read the rest of the message

  306. 		rencmsg = await reader.readexactly(tlen - 16)

  307. 		tmsg = encmsg[2:] + rencmsg

  308. 		rptmsg = proto.decrypt(tmsg)

  309. 

  310. 		self.assertEqual(rptmsg, ptmsg)

  311. 

  312. 		# shut everything down

  313. 		writer.write_eof()

  314. 		#ptsock[0][1].write_eof()

  315. 

  316. 		# XXX - how to sync?

  317. 		await asyncio.sleep(.1)

  318. 

  319. 		await event.wait()

  320. 		print(repr(nfs))