ntunnel/twistednoise.py

from noise.connection import NoiseConnection, Keypair
from twisted.trial import unittest
from twisted.test import proto_helpers
from twisted.internet.protocol import Factory
from twisted.internet import endpoints, reactor, defer, task
# XXX - shouldn't need to access the underlying primitives, but that's what
# noiseprotocol module requires.
from cryptography.hazmat.primitives.asymmetric import x448
from cryptography.hazmat.primitives import serialization

import mock
import os.path
import shutil
import tempfile
import twisted.internet.protocol

__author__ = 'John-Mark Gurney'
__copyright__ = 'Copyright 2019 John-Mark Gurney.  All rights reserved.'
__license__ = '2-clause BSD license'

# Copyright 2019 John-Mark Gurney.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

# Notes:
# Using XK, so that the connecting party's identity is hidden and that the
# server's party's key is known.
#
# The client and server class names are used to refer to the initiator and
# responder sides.  Even though both client and server each have a server
# component (listen in on a socket to start comms), and a client component
# (create connection).
#
# Noise packets are 16 bytes + length of data
#
# Proposed method to hide message lengths:
# Immediately after handshake completes, each side generates and sends
# an n byte key that will be used for encrypting (algo tbd) their own
# byte counts.  The length field will be encrypted via
# E(pktnum, key) XOR 2 byte length.
#
# Note that authenticating the message length is NOT needed.  This is
# because the noise message blocks themselves are authenticated.  The
# worse that could happen is that a larger read (64k) is done, and then
# the connection aborts because of decryption failure.
#

def _makeunix(path):
	'''Make a properly formed unix path socket string.'''

	return 'unix:%s' % path

def genkeypair():
	'''Generates a keypair, and returns a tuple of (public, private).
	They are encoded as raw bytes, and sutible for use w/ Noise.'''

	key = x448.X448PrivateKey.generate()

	enc = serialization.Encoding.Raw
	pubformat = serialization.PublicFormat.Raw
	privformat = serialization.PrivateFormat.Raw
	encalgo = serialization.NoEncryption()

	pub = key.public_key().public_bytes(encoding=enc, format=pubformat)
	priv = key.private_bytes(encoding=enc, format=privformat, encryption_algorithm=encalgo)

	return pub, priv

class TwistedNoiseProtocol(twisted.internet.protocol.Protocol):
	'''This class acts as a Noise Protocol responder.  The factory that
	creates this Protocol is required to have the properties server_key
	and endpoint.

	The server_key propery is the key for the server that the clients are
	required to have (due to Noise XK protocol used) to authenticate the
	server.

	The endpoint property contains the endpoint as a string that will be
	used w/ clientFromString, see https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.html#clientFromString
	and https://twistedmatrix.com/documents/current/core/howto/endpoints.html#clients
	for information on how to use this property.'''

	def connectionMade(self):
		# Initialize Noise
		noise = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')
		self.noise = noise
		if self.mode == 'resp':
			noise.set_as_responder()
		elif self.mode == 'init':
			noise.set_as_initiator()

		noise.set_keypair_from_private_bytes(Keypair.STATIC, self.factory.priv_key)
		if hasattr(self.factory, 'pub_key'):
			noise.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, self.factory.pub_key)

		# Start Handshake
		noise.start_handshake()

	def encData(self, data):
		'''Receive plain text data, encrypt it, and send it down the
		wire.'''

		self.transport.write(self.noise.encrypt(data))

	def dataReceived(self, data):
		'''Receive encrypted data, and write it to the endpoint that
		was connected via the plaintextConnected method.'''

		if not self.noise.handshake_finished:
			self.noise.read_message(data)
			if not self.noise.handshake_finished:
				self.transport.write(self.noise.write_message())

			if self.noise.handshake_finished:
				self.handshakeFinished()
		else:
			r = self.noise.decrypt(data)

			self.endpoint.transport.write(r)

	def handshakeFinished(self):	# pragma: no cover
		'''This function is called when the handshake has been
		completed.  This is used to start data flowing, and to
		do any necessary connection work.'''

		raise NotImplementedError

	def plaintextConnected(self, endpoint):
		'''Connect the plain text endpoint to the factory.  All the
		decrypted data will be written to this protocol,
		(specifically, it's transport).'''

		self.endpoint = endpoint
		self.transport.resumeProducing()

class TwistedNoiseServerProtocol(TwistedNoiseProtocol):
	mode = 'resp'

	def handshakeFinished(self):
		self.transport.pauseProducing()

		# start the connection to the endpoint
		ep = endpoints.clientFromString(reactor, self.factory.endpoint)
		epdef = ep.connect(ServerPTProxyFactory(self))
		epdef.addCallback(self.plaintextConnected)

class TwistedNoiseServerFactory(Factory):
	protocol = TwistedNoiseServerProtocol

	def __init__(self, priv_key, endpoint):
		self.priv_key = priv_key
		self.endpoint = endpoint

# Supporting classes for TwistedNoiseServer
class PTProxyProtocol(twisted.internet.protocol.Protocol):
	'''Simple protocol then when data is received, encrypts the data
	w/ the connected noise protocol.'''

	def dataReceived(self, data):
		self.factory.noiseproto.encData(data)

class ServerPTProxyFactory(Factory):
	protocol = PTProxyProtocol

	def __init__(self, noiseproto):
		self.noiseproto = noiseproto

class TwistedNoiseClientProtocol(TwistedNoiseProtocol):
	mode = 'init'

class ClientPTFactory(Factory):
	protocol = TwistedNoiseClientProtocol

	def __init__(self, priv_key, servpub, sockstr):
		self.priv_key = priv_key
		self.pub_key = servpub
		self.sockstr = sockstr

class TNServerTest(unittest.TestCase):
	@defer.inlineCallbacks
	def setUp(self):
		# setup temporary directory
		d = os.path.realpath(tempfile.mkdtemp())
		self.basetempdir = d
		self.tempdir = os.path.join(d, 'subdir')
		os.mkdir(self.tempdir)

		# Generate key pairs
		self.server_key_pair = genkeypair()
		self.client_key_pair = genkeypair()

		# Server's PT client will be here
		self.protos = []
		self.connectionmade = defer.Deferred()

		class AccProtFactory(Factory):
			protocol = proto_helpers.AccumulatingProtocol

			def __init__(self, tc):
				self.__tc = tc
				Factory.__init__(self)

			protocolConnectionMade = self.connectionmade

			def buildProtocol(self, addr):
				r = Factory.buildProtocol(self, addr)
				self.__tc.protos.append(r)
				return r

		self.AccProtFactory = AccProtFactory

		# Setup PT client endpoint
		sockpath = os.path.join(self.tempdir, 'servptsock')
		ep = endpoints.UNIXServerEndpoint(reactor, sockpath)
		lpobj = yield ep.listen(AccProtFactory(self))

		self.testserv = ep
		self.listenportobj = lpobj
		self.endpoint = _makeunix(sockpath)

		# Setup server, and configure where to connect to.
		self.servfactory = TwistedNoiseServerFactory(priv_key=self.server_key_pair[1], endpoint=self.endpoint)

	@defer.inlineCallbacks
	def tearDown(self):
		d = yield self.listenportobj.stopListening()

		shutil.rmtree(self.basetempdir)
		self.tempdir = None

	@defer.inlineCallbacks
	def test_testserver(self):
		#
		# How this test is plumbed:
		#
		#  proto (NoiseConnection) -> self.tr (StringTransport) ->
		#    self.proto (TwistedNoiseServerProtocol) ->
		#    self.proto.endpoint (PTProxyProtocol) -> unix sock ->
		#    self.protos[0] (AccumulatingProtocol)
		#

		# Generate a server protocol, and bind it to a string
		# transport for testing
		self.proto = self.servfactory.buildProtocol(None)
		self.tr = proto_helpers.StringTransport()
		self.proto.makeConnection(self.tr)

		# Create client
		proto = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')
		proto.set_as_initiator()

		# Setup required keys
		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])
		proto.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, self.server_key_pair[0])

		proto.start_handshake()

		# Send first message
		message = proto.write_message()
		self.proto.dataReceived(message)

		# Get response
		resp = self.tr.value()
		self.tr.clear()

		# And process it
		proto.read_message(resp)

		# Send second message
		message = proto.write_message()
		self.proto.dataReceived(message)

		# assert handshake finished
		self.assertTrue(proto.handshake_finished)

		# Make sure incoming data is paused till we establish client
		# connection, otherwise no place to write the data
		self.assertEqual(self.tr.producerState, 'paused')

		# Wait for the connection to be made
		d = yield self.connectionmade

		d = yield task.deferLater(reactor, .1, bool, 1)

		# How to make this ready?
		self.assertEqual(self.tr.producerState, 'producing')

		# Encrypt the message
		ptmsg = b'this is a test message'
		encmsg = proto.encrypt(ptmsg)

		# Feed it into the protocol
		self.proto.dataReceived(encmsg)

		# XXX - fix
		# wait to pass it through
		d = yield task.deferLater(reactor, .1, bool, 1)

		# fetch remote end out
		clientend = self.protos[0]
		self.assertEqual(clientend.data, ptmsg)

		# send a message the other direction
		rptmsg = b'this is a different test message going the other way'
		clientend.transport.write(rptmsg)

		# XXX - fix
		# wait to pass it through
		d = yield task.deferLater(reactor, .1, bool, 1)

		# receive it and decrypt it
		resp = self.tr.value()
		self.assertEqual(proto.decrypt(resp), rptmsg)

		if False:
			import time
			s = time.time()
			cnt = 40000
			blksz = 1024
			rnd = os.urandom(blksz)
			for i in range(0, cnt):
				proto.encrypt(rnd)
			e = time.time()

			print('%f MB/sec' % (1.0 * cnt * blksz / (e - s) / 1024 / 1024))

		# clean up connection
		clientend.transport.loseConnection()

	@defer.inlineCallbacks
	def test_clientserver(self):
		# Path that the client "listener" will sit on.
		cptsockpath = os.path.join(self.tempdir, 'clientptsock')

		# Path that the server will sit on
		servsockpath = os.path.join(self.tempdir, 'servsock')

		# Start up the server
		servep = endpoints.serverFromString(reactor, _makeunix(servsockpath))
		servlpobj = yield servep.listen(self.servfactory)

		# Start up the client half
		clientep = endpoints.serverFromString(reactor, _makeunix(cptsockpath))
		clientlpobj = yield clientep.listen(ClientPTFactory(self.client_key_pair[1], self.server_key_pair[0], _makeunix(servsockpath)))

		# Conenct to the client
		clptep = endpoints.clientFromString(reactor, _makeunix(cptsockpath))
		clptconobj = yield clptep.connect(self.AccProtFactory(self))

		# The client plain text connection
		clptproto = self.protos[-1]

		clptproto.transport.write('this is a test')

		# Clean up
		d = yield servlpobj.stopListening()
		d = yield clientlpobj.stopListening()