jmg
/
ntunnel
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Wiki Activity
An stunnel like program that utilizes the Noise protocol.
8 Commits
2 Branches
375 KiB
 
 
Tree: d8407f7ef1
ntunnel/twistednoise.py

227 lines
6.7 KiB
Raw Blame History 

  1. from twisted.trial import unittest

  2. from twisted.test import proto_helpers

  3. from noise.connection import NoiseConnection, Keypair

  4. from twisted.internet.protocol import Factory

  5. from twisted.internet import endpoints, reactor, defer, task

  6. # XXX - shouldn't need to access the underlying primitives, but that's what

  7. # noiseprotocol module requires.

  8. from cryptography.hazmat.primitives.asymmetric import x448

  9. from cryptography.hazmat.primitives import serialization

  10. 

  11. import mock

  12. import os.path

  13. import shutil

  14. import tempfile

  15. import twisted.internet.protocol

  16. 

  17. # Notes:

  18. # Using XK, so that the connecting party's identity is hidden and that the

  19. # server's party's key is known.

  20. 

  21. def genkeypair():

  22. 	'''Generates a keypair, and returns a tuple of (public, private).

  23. 	They are encoded as raw bytes, and sutible for use w/ Noise.'''

  24. 

  25. 	key = x448.X448PrivateKey.generate()

  26. 

  27. 	enc = serialization.Encoding.Raw

  28. 	pubformat = serialization.PublicFormat.Raw

  29. 	privformat = serialization.PrivateFormat.Raw

  30. 	encalgo = serialization.NoEncryption()

  31. 

  32. 	pub = key.public_key().public_bytes(encoding=enc, format=pubformat)

  33. 	priv = key.private_bytes(encoding=enc, format=privformat, encryption_algorithm=encalgo)

  34. 

  35. 	return pub, priv

  36. 

  37. class TwistedNoiseServerProtocol(twisted.internet.protocol.Protocol):

  38. 	'''This class acts as a Noise Protocol responder.  The factory that

  39. 	creates this Protocol is required to have the properties server_key

  40. 	and endpoint.

  41. 

  42. 	The server_key propery is the key for the server that the clients are

  43. 	required to have (due to Noise XK protocol used) to authenticate the

  44. 	server.

  45. 

  46. 	The endpoint property contains the endpoint as a string that will be

  47. 	used w/ clientFromString, see https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.html#clientFromString

  48. 	and https://twistedmatrix.com/documents/current/core/howto/endpoints.html#clients

  49. 	for information on how to use this property.'''

  50. 

  51. 	def connectionMade(self):

  52. 		# Initialize Noise

  53. 		noise = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  54. 		self.noise = noise

  55. 		noise.set_as_responder()

  56. 		noise.set_keypair_from_private_bytes(Keypair.STATIC, self.factory.server_key)

  57. 

  58. 		# Start Handshake

  59. 		noise.start_handshake()

  60. 

  61. 	def encData(self, data):

  62. 		self.transport.write(self.noise.encrypt(data))

  63. 

  64. 	def dataReceived(self, data):

  65. 		if not self.noise.handshake_finished:

  66. 			self.noise.read_message(data)

  67. 			if not self.noise.handshake_finished:

  68. 				self.transport.write(self.noise.write_message())

  69. 			if self.noise.handshake_finished:

  70. 				self.transport.pauseProducing()

  71. 

  72. 				# start the connection to the endpoint

  73. 				ep = endpoints.clientFromString(reactor, self.factory.endpoint)

  74. 				epdef = ep.connect(ClientProxyFactory(self))

  75. 				epdef.addCallback(self.proxyConnected)

  76. 		else:

  77. 			r = self.noise.decrypt(data)

  78. 

  79. 			self.endpoint.transport.write(r)

  80. 

  81. 	def proxyConnected(self, endpoint):

  82. 		self.endpoint = endpoint

  83. 		self.transport.resumeProducing()

  84. 

  85. class ClientProxyProtocol(twisted.internet.protocol.Protocol):

  86. 	def dataReceived(self, data):

  87. 		self.factory.noiseproto.encData(data)

  88. 

  89. class ClientProxyFactory(Factory):

  90. 	protocol = ClientProxyProtocol

  91. 

  92. 	def __init__(self, noiseproto):

  93. 		self.noiseproto = noiseproto

  94. 

  95. class TwistedNoiseServerFactory(Factory):

  96. 	protocol = TwistedNoiseServerProtocol

  97. 

  98. 	def __init__(self, server_key, endpoint):

  99. 		self.server_key = server_key

  100. 		self.endpoint = endpoint

  101. 

  102. class TNServerTest(unittest.TestCase):

  103. 	@defer.inlineCallbacks

  104. 	def setUp(self):

  105. 		d = os.path.realpath(tempfile.mkdtemp())

  106. 		self.basetempdir = d

  107. 		self.tempdir = os.path.join(d, 'subdir')

  108. 		os.mkdir(self.tempdir)

  109. 

  110. 		self.server_key_pair = genkeypair()

  111. 		self.protos = []

  112. 		self.connectionmade = defer.Deferred()

  113. 

  114. 		class AccProtFactory(Factory):

  115. 			protocol = proto_helpers.AccumulatingProtocol

  116. 

  117. 			def __init__(self, tc):

  118. 				self.__tc = tc

  119. 				Factory.__init__(self)

  120. 

  121. 			protocolConnectionMade = self.connectionmade

  122. 

  123. 			def buildProtocol(self, addr):

  124. 				r = Factory.buildProtocol(self, addr)

  125. 				self.__tc.protos.append(r)

  126. 				return r

  127. 

  128. 		sockpath = os.path.join(self.tempdir, 'clientsock')

  129. 		ep = endpoints.UNIXServerEndpoint(reactor, sockpath)

  130. 		lpobj = yield ep.listen(AccProtFactory(self))

  131. 

  132. 		self.testserv = ep

  133. 		self.listenportobj = lpobj

  134. 		self.endpoint = 'unix:path=%s' % sockpath

  135. 

  136. 		factory = TwistedNoiseServerFactory(server_key=self.server_key_pair[1], endpoint=self.endpoint)

  137. 		self.proto = factory.buildProtocol(None)

  138. 		self.tr = proto_helpers.StringTransport()

  139. 		self.proto.makeConnection(self.tr)

  140. 

  141. 		self.client_key_pair = genkeypair()

  142. 

  143. 	def tearDown(self):

  144. 		self.listenportobj.stopListening()

  145. 

  146. 		shutil.rmtree(self.basetempdir)

  147. 		self.tempdir = None

  148. 

  149. 	@defer.inlineCallbacks

  150. 	def test_testprotocol(self):

  151. 		#

  152. 		# How this test is plumbed:

  153. 		#

  154. 		#  proto (NoiseConnection) -> self.tr (StringTransport) ->

  155. 		#    self.proto (TwistedNoiseServerProtocol) ->

  156. 		#    self.proto.endpoint (ClientProxyProtocol) -> unix sock ->

  157. 		#    self.protos[0] (AccumulatingProtocol)

  158. 		#

  159. 		# Create client

  160. 		proto = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  161. 		proto.set_as_initiator()

  162. 

  163. 		# Setup required keys

  164. 		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])

  165. 		proto.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, self.server_key_pair[0])

  166. 

  167. 		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])

  168. 		proto.start_handshake()

  169. 

  170. 		# Send first message

  171. 		message = proto.write_message()

  172. 		self.proto.dataReceived(message)

  173. 

  174. 		# Get response

  175. 		resp = self.tr.value()

  176. 		self.tr.clear()

  177. 

  178. 		# And process it

  179. 		proto.read_message(resp)

  180. 

  181. 		# Send second message

  182. 		message = proto.write_message()

  183. 		self.proto.dataReceived(message)

  184. 

  185. 		# assert handshake finished

  186. 		self.assertTrue(proto.handshake_finished)

  187. 

  188. 		# Make sure incoming data is paused till we establish client

  189. 		# connection, otherwise no place to write the data

  190. 		self.assertEqual(self.tr.producerState, 'paused')

  191. 

  192. 		# Wait for the connection to be made

  193. 		d = yield self.connectionmade

  194. 

  195. 		d = yield task.deferLater(reactor, .1, bool, 1)

  196. 

  197. 		# How to make this ready?

  198. 		self.assertEqual(self.tr.producerState, 'producing')

  199. 

  200. 		# Encrypt the message

  201. 		ptmsg = b'this is a test message'

  202. 		encmsg = proto.encrypt(ptmsg)

  203. 

  204. 		# Feed it into the protocol

  205. 		self.proto.dataReceived(encmsg)

  206. 

  207. 		# wait to pass it through

  208. 		d = yield task.deferLater(reactor, .1, bool, 1)

  209. 

  210. 		# fetch remote end out

  211. 		clientend = self.protos[0]

  212. 		self.assertEqual(clientend.data, ptmsg)

  213. 

  214. 		# send a message the other direction

  215. 		rptmsg = b'this is a different test message going the other way'

  216. 		clientend.transport.write(rptmsg)

  217. 

  218. 		# wait to pass it through

  219. 		d = yield task.deferLater(reactor, .1, bool, 1)

  220. 

  221. 		# receive it and decrypt it

  222. 		resp = self.tr.value()

  223. 		self.assertEqual(proto.decrypt(resp), rptmsg)

  224. 

  225. 		# clean up connection

  226. 		clientend.transport.loseConnection()