jmg
/
ntunnel
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Wiki Activity
An stunnel like program that utilizes the Noise protocol.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
2 Branches
375 KiB
 
 
Tree: dfcd36caab
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'dfcd36caab'
${ noResults }
ntunnel/twistednoise.py

198 lines
6.0 KiB
Raw Blame History 

  1. from twisted.trial import unittest

  2. from twisted.test import proto_helpers

  3. from noise.connection import NoiseConnection, Keypair

  4. from twisted.internet.protocol import Factory

  5. from twisted.internet import endpoints, reactor,defer

  6. # XXX - shouldn't need to access the underlying primitives, but that's what

  7. # noiseprotocol module requires.

  8. from cryptography.hazmat.primitives.asymmetric import x448

  9. from cryptography.hazmat.primitives import serialization

  10. 

  11. import twisted.internet.protocol

  12. import mock

  13. 

  14. # Notes:

  15. # Using XK, so that the connecting party's identity is hidden and that the

  16. # server's party's key is known.

  17. 

  18. def genkeypair():

  19. 	'''Generates a keypair, and returns a tuple of (public, private).

  20. 	They are encoded as raw bytes, and sutible for use w/ Noise.'''

  21. 

  22. 	key = x448.X448PrivateKey.generate()

  23. 

  24. 	enc = serialization.Encoding.Raw

  25. 	pubformat = serialization.PublicFormat.Raw

  26. 	privformat = serialization.PrivateFormat.Raw

  27. 	encalgo = serialization.NoEncryption()

  28. 

  29. 	pub = key.public_key().public_bytes(encoding=enc, format=pubformat)

  30. 	priv = key.private_bytes(encoding=enc, format=privformat, encryption_algorithm=encalgo)

  31. 

  32. 	return pub, priv

  33. 

  34. class TwistedNoiseServerProtocol(twisted.internet.protocol.Protocol):

  35. 	'''This class acts as a Noise Protocol responder.  The factory that

  36. 	creates this Protocol is required to have the properties server_key

  37. 	and endpoint.

  38. 

  39. 	The server_key propery is the key for the server that the clients are

  40. 	required to have (due to Noise XK protocol used) to authenticate the

  41. 	server.

  42. 

  43. 	The endpoint property contains the endpoint as a string that will be

  44. 	used w/ clientFromString, see https://twistedmatrix.com/documents/current/api/twisted.internet.endpoints.html#clientFromString

  45. 	and https://twistedmatrix.com/documents/current/core/howto/endpoints.html#clients

  46. 	for information on how to use this property.'''

  47. 

  48. 	def connectionMade(self):

  49. 		# Initialize Noise

  50. 		noise = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  51. 		self.noise = noise

  52. 		noise.set_as_responder()

  53. 		noise.set_keypair_from_private_bytes(Keypair.STATIC, self.factory.server_key)

  54. 

  55. 		# Start Handshake

  56. 		noise.start_handshake()

  57. 

  58. 	def dataReceived(self, data):

  59. 		if not self.noise.handshake_finished:

  60. 			self.noise.read_message(data)

  61. 			if not self.noise.handshake_finished:

  62. 				self.transport.write(self.noise.write_message())

  63. 			if self.noise.handshake_finished:

  64. 				self.transport.pauseProducing()

  65. 

  66. 				# start the connection to the endpoint

  67. 				ep = endpoints.clientFromString(reactor, self.factory.endpoint)

  68. 				epdef = ep.connect(ClientProxyFactory(self))

  69. 				epdef.addCallback(self.proxyConnected)

  70. 		else:

  71. 			r = self.noise.decrypt(data)

  72. 

  73. 			self.endpoint.write(r)

  74. 

  75. 	def proxyConnected(self, endpoint):

  76. 		print('pc')

  77. 		self.endpoint = endpoint

  78. 		self.transport.resumeProducing()

  79. 

  80. class ClientProxyProtocol(twisted.internet.protocol.Protocol):

  81. 	pass

  82. 

  83. class ClientProxyFactory(Factory):

  84. 	protocol = ClientProxyProtocol

  85. 

  86. 	def __init__(self, noiseproto):

  87. 		self.noiseproto = noiseproto

  88. 

  89. class TwistedNoiseServerFactory(Factory):

  90. 	protocol = TwistedNoiseServerProtocol

  91. 

  92. 	def __init__(self, server_key, endpoint):

  93. 		self.server_key = server_key

  94. 		self.endpoint = endpoint

  95. 

  96. class TNServerTest(unittest.TestCase):

  97. 	@defer.inlineCallbacks

  98. 	def setUp(self):

  99. 		self.server_key_pair = genkeypair()

  100. 		self.protos = []

  101. 		class AccProtFactory(Factory):

  102. 			protocol = proto_helpers.AccumulatingProtocol

  103. 

  104. 			def __init__(self, tc):

  105. 				self.__tc = tc

  106. 				Factory.__init__(self)

  107. 

  108. 			def buildProtocol(self, addr):

  109. 				r = Factory.buildProtocol(addr)

  110. 				self.__tc.append(r)

  111. 				return r

  112. 

  113. 		for i in range(10000, 20000):

  114. 			ep = endpoints.TCP4ServerEndpoint(reactor, i)

  115. 			try:

  116. 				lpobj = yield ep.listen(AccProtFactory(self))

  117. 			except Exception:

  118. 				continue

  119. 			break

  120. 		else:

  121. 			raise RuntimeError('all ports occupied')

  122. 

  123. 		self.testserv = ep

  124. 		self.listenportobj = lpobj

  125. 		self.endpoint = 'tcp:host=127.0.0.1:port=%d' % i

  126. 		factory = TwistedNoiseServerFactory(server_key=self.server_key_pair[1], endpoint=self.endpoint)

  127. 		self.proto = factory.buildProtocol(('127.0.0.1', 0))

  128. 		self.tr = proto_helpers.StringTransport()

  129. 		self.proto.makeConnection(self.tr)

  130. 

  131. 		self.client_key_pair = genkeypair()

  132. 

  133. 	def tearDown(self):

  134. 		self.listenportobj.stopListening()

  135. 

  136. 	@mock.patch('twisted.internet.endpoints.clientFromString')

  137. 	def test_testprotocol(self, cfs):

  138. 		# Create client

  139. 		proto = NoiseConnection.from_name(b'Noise_XK_448_ChaChaPoly_SHA256')

  140. 		proto.set_as_initiator()

  141. 

  142. 		# Setup required keys

  143. 		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])

  144. 		proto.set_keypair_from_public_bytes(Keypair.REMOTE_STATIC, self.server_key_pair[0])

  145. 

  146. 		proto.set_keypair_from_private_bytes(Keypair.STATIC, self.client_key_pair[1])

  147. 		proto.start_handshake()

  148. 

  149. 		# Send first message

  150. 		message = proto.write_message()

  151. 		self.proto.dataReceived(message)

  152. 

  153. 		# Get response

  154. 		resp = self.tr.value()

  155. 		self.tr.clear()

  156. 

  157. 		# And process it

  158. 		proto.read_message(resp)

  159. 

  160. 		clientconnection = defer.Deferred()

  161. 		cfs().connect.return_value = clientconnection

  162. 

  163. 		# Send second message

  164. 		message = proto.write_message()

  165. 		self.proto.dataReceived(message)

  166. 

  167. 		# assert handshake finished

  168. 		self.assertTrue(proto.handshake_finished)

  169. 

  170. 		# Make sure incoming data is paused till we establish client

  171. 		# connection, otherwise no place to write the data

  172. 		self.assertEqual(self.tr.producerState, 'paused')

  173. 

  174. 		# Make sure that clientFromString is called properly

  175. 		cfs.assert_called_with(reactor, self.endpoint)

  176. 

  177. 		# And that it was connect'ed

  178. 		cfs().connect.assert_called()

  179. 

  180. 		# and that ClientProxyFactory was called properly

  181. 		args = cfs().connect.call_args.args

  182. 		self.assertIsInstance(args[0], ClientProxyFactory)

  183. 		self.assertIs(args[0].noiseproto, self.proto)

  184. 

  185. 		# Simulate that a connection has happened

  186. 		remoteend = proto_helpers.StringTransport()

  187. 		remoteproto = args[0].buildProtocol(None)

  188. 		remoteproto.makeConnection(remoteend)

  189. 

  190. 		# Encrypt the message

  191. 		ptmsg = b'this is a test message'

  192. 		encmsg = proto.encrypt(ptmsg)

  193. 

  194. 		# Feed it into the protocol

  195. 		self.proto.dataReceived(encmsg)

  196. 

  197. 		self.assertEqual(remoteend.value(), ptmsg)