jmg
/
ntunnel
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Wiki Activity
An stunnel like program that utilizes the Noise protocol.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
375 KiB
 
 
Tree: 2888bc3a73
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2888bc3a73'
${ noResults }
ntunnel/twistednoise.py

195 lines
5.8 KiB
Raw Blame History 

  1. from twisted.trial import unittest

  2. from twisted.test import proto_helpers

  3. from noise.connection import NoiseConnection, Keypair

  4. from twisted.internet.protocol import Factory

  5. from twisted.internet import endpoints, reactor, defer, task

  6. # XXX - shouldn't need to access the underlying primitives, but that's what

  7. # noiseprotocol module requires.

  8. from cryptography.hazmat.primitives.asymmetric import x448

  9. from cryptography.hazmat.primitives import serialization

  10. 

  11. import twisted.internet.protocol

  12. import mock

  13. 

  14. # Notes:

  15. # Using XK, so that the connecting party's identity is hidden and that the

  16. # server's party's key is known.

  17. 

  18. def genkeypair():

  19. 	'''Generates a keypair, and returns a tuple of (public, private).

  20. 	They are encoded as raw bytes, and sutible for use w/ Noise.'''

  21. 

  22. 	key = x448.X448PrivateKey.generate()

  23. 

  24. 	enc = serialization.Encoding.Raw

  25. 	pubformat = serialization.PublicFormat.Raw

  26. 	privformat = serialization.PrivateFormat.Raw

  27. 	encalgo = serialization.NoEncryption()

  28. 

  29. 	pub = key.public_key().public_bytes(encoding=enc, format=pubformat)

  30. 	priv = key.private_bytes(encoding=enc, format=privformat, encryption_algorithm=encalgo)

  31. 

  32. 	return pub, priv

  33. 

  34. class TwistedNoiseServerProtocol(twisted.internet.protocol.Protocol):

  35. 	'''This class acts as a Noise Protocol responder.  The factory that

  36. 	creates this Protocol is required to have the properties server_key

  37. 	and endpoint.

  38. 

  39. 	The server_key propery is the key for the server that the clients are

  40. 	required to have (due to Noise XK protocol used) to authenticate the

  41. 	server.

  42. 

  43. 	The endpoint property contains the endpoint as a string that will be

  44. 	used w/ clientFromString, see https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.html#clientFromString

  45. 	and https://twistedmatrix.com/documents/current/core/howto/endpoints.html#clients

  46. 	for information on how to use this property.'''

  47. 

  48. 	def connectionMade(self):

  49. 		# Initialize Noise

  50. 		noise = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  51. 		self.noise = noise

  52. 		noise.set_as_responder()

  53. 		noise.set_keypair_from_private_bytes(Keypair.STATIC, self.factory.server_key)

  54. 

  55. 		# Start Handshake

  56. 		noise.start_handshake()

  57. 

  58. 	def dataReceived(self, data):

  59. 		if not self.noise.handshake_finished:

  60. 			self.noise.read_message(data)

  61. 			if not self.noise.handshake_finished:

  62. 				self.transport.write(self.noise.write_message())

  63. 			if self.noise.handshake_finished:

  64. 				self.transport.pauseProducing()

  65. 

  66. 				# start the connection to the endpoint

  67. 				ep = endpoints.clientFromString(reactor, self.factory.endpoint)

  68. 				epdef = ep.connect(ClientProxyFactory(self))

  69. 				epdef.addCallback(self.proxyConnected)

  70. 		else:

  71. 			r = self.noise.decrypt(data)

  72. 

  73. 			self.endpoint.transport.write(r)

  74. 

  75. 	def proxyConnected(self, endpoint):

  76. 		self.endpoint = endpoint

  77. 		self.transport.resumeProducing()

  78. 

  79. class ClientProxyProtocol(twisted.internet.protocol.Protocol):

  80. 	pass

  81. 

  82. class ClientProxyFactory(Factory):

  83. 	protocol = ClientProxyProtocol

  84. 

  85. 	def __init__(self, noiseproto):

  86. 		self.noiseproto = noiseproto

  87. 

  88. class TwistedNoiseServerFactory(Factory):

  89. 	protocol = TwistedNoiseServerProtocol

  90. 

  91. 	def __init__(self, server_key, endpoint):

  92. 		self.server_key = server_key

  93. 		self.endpoint = endpoint

  94. 

  95. class TNServerTest(unittest.TestCase):

  96. 	@defer.inlineCallbacks

  97. 	def setUp(self):

  98. 		self.server_key_pair = genkeypair()

  99. 		self.protos = []

  100. 		self.connectionmade = defer.Deferred()

  101. 

  102. 		class AccProtFactory(Factory):

  103. 			protocol = proto_helpers.AccumulatingProtocol

  104. 

  105. 			def __init__(self, tc):

  106. 				self.__tc = tc

  107. 				Factory.__init__(self)

  108. 

  109. 			protocolConnectionMade = self.connectionmade

  110. 

  111. 			def buildProtocol(self, addr):

  112. 				r = Factory.buildProtocol(self, addr)

  113. 				self.__tc.protos.append(r)

  114. 				return r

  115. 

  116. 		for i in range(10000, 20000):

  117. 			ep = endpoints.TCP4ServerEndpoint(reactor, i, interface='127.0.0.1')

  118. 			try:

  119. 				lpobj = yield ep.listen(AccProtFactory(self))

  120. 			except Exception:	# pragma: no cover

  121. 				continue

  122. 			break

  123. 		else:	# pragma: no cover

  124. 			raise RuntimeError('all ports occupied')

  125. 

  126. 		self.testserv = ep

  127. 		self.listenportobj = lpobj

  128. 		self.endpoint = 'tcp:host=127.0.0.1:port=%d' % i

  129. 		factory = TwistedNoiseServerFactory(server_key=self.server_key_pair[1], endpoint=self.endpoint)

  130. 		self.proto = factory.buildProtocol(('127.0.0.1', 0))

  131. 		self.tr = proto_helpers.StringTransport()

  132. 		self.proto.makeConnection(self.tr)

  133. 

  134. 		self.client_key_pair = genkeypair()

  135. 

  136. 	def tearDown(self):

  137. 		self.listenportobj.stopListening()

  138. 

  139. 	@defer.inlineCallbacks

  140. 	def test_testprotocol(self):

  141. 		# Create client

  142. 		proto = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  143. 		proto.set_as_initiator()

  144. 

  145. 		# Setup required keys

  146. 		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])

  147. 		proto.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, self.server_key_pair[0])

  148. 

  149. 		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])

  150. 		proto.start_handshake()

  151. 

  152. 		# Send first message

  153. 		message = proto.write_message()

  154. 		self.proto.dataReceived(message)

  155. 

  156. 		# Get response

  157. 		resp = self.tr.value()

  158. 		self.tr.clear()

  159. 

  160. 		# And process it

  161. 		proto.read_message(resp)

  162. 

  163. 		# Send second message

  164. 		message = proto.write_message()

  165. 		self.proto.dataReceived(message)

  166. 

  167. 		# assert handshake finished

  168. 		self.assertTrue(proto.handshake_finished)

  169. 

  170. 		# Make sure incoming data is paused till we establish client

  171. 		# connection, otherwise no place to write the data

  172. 		self.assertEqual(self.tr.producerState, 'paused')

  173. 

  174. 		# Wait for the connection to be made

  175. 		d = yield self.connectionmade

  176. 

  177. 		d = yield task.deferLater(reactor, .1, bool, 1)

  178. 

  179. 		# How to make this ready?

  180. 		self.assertEqual(self.tr.producerState, 'producing')

  181. 

  182. 		# Encrypt the message

  183. 		ptmsg = b'this is a test message'

  184. 		encmsg = proto.encrypt(ptmsg)

  185. 

  186. 		# Feed it into the protocol

  187. 		self.proto.dataReceived(encmsg)

  188. 

  189. 		d = yield task.deferLater(reactor, .1, bool, 1)

  190. 

  191. 		clientend = self.protos[0]

  192. 		self.assertEqual(clientend.data, ptmsg)

  193. 

  194. 		clientend.transport.loseConnection()