Liking cljdoc? Tell your friends :D

frereth.cp.server.initiate

For coping with Initiate packets

This is the part that possibly establishes a 'connection'

For coping with Initiate packets

This is the part that possibly establishes a 'connection'
raw docstring

build-and-configure-client-basicsclj

(build-and-configure-client-basics
  log-state
  packet
  {:keys [:frereth.cp.shared.templates/srvr-short-sk] :as cookie}
  initiate)

build-new-clientclj

(build-new-client {log-state :frereth.weald.specs/state
                   :keys [:frereth.cp.server.state/cookie-cutter state
                          :frereth.cp.shared/my-keys]}
                  packet
                  {:keys [:frereth.cp.shared.constants/clnt-short-pk]
                   :as initiate})

client-public-key-triad-matches?clj

(client-public-key-triad-matches? log-state
                                  {:keys [:frereth.cp.shared/long-pair]
                                   :as my-keys}
                                  client-short-pk
                                  client-message-box)

client-short-pk-matches-cookie?clj

(client-short-pk-matches-cookie?
  log-state
  {:keys [:frereth.cp.shared.constants/clnt-short-pk] :as initiate}
  hidden-pk)

Does the claimed short-term public key match our cookie?

i.e. Does this client even pretend that it's the one to which we sent that cookie?

Does the claimed short-term public key match our cookie?

i.e. Does this client even pretend that it's the one to which we sent
that cookie?
raw docstring

create-childclj

(create-child log-state
              {:keys [:frereth.cp.server.state/cookie-cutter
                      :frereth.cp.shared/my-keys]}
              packet
              initiate)

decompose-initiate-packetclj

(decompose-initiate-packet packet-length message-packet)

Extract the raw outer portions of a Client Initiate Packet

Extract the raw outer portions of a Client Initiate Packet
raw docstring

(decrypt-cookie log-state
                {:keys [:frereth.cp.server.state/minute-key
                        :frereth.cp.server.state/last-minute-key]
                 :as cookie-cutter}
                hello-cookie)

Open the cookie we sent the client

Open the cookie we sent the client
raw docstring

decrypt-initiate-boxclj

(decrypt-initiate-box log-state shared-key nonce-suffix box)

Decrypts the final 368+M byte box at packet's end

There's a lot of data in here.

Decrypts the final 368+M byte box at packet's end

There's a lot of data in here.
raw docstring

do-fork-child!clj

(do-fork-child!
  {log-state :frereth.weald.specs/state
   :keys [:frereth.weald.specs/logger :frereth.cp.shared/network-packet
          :frereth.cp.shared.specs/clnt-xtn :frereth.cp.shared.specs/srvr-xtn
          :frereth.cp.shared.specs/crypto-key]
   :as builder-params}
  active-client)

do-handleclj

(do-handle {log-state :frereth.weald.specs/state
            :keys [:frereth.weald.specs/logger]
            :as state}
           {:keys [:host :port :message] :as packet})

Deal with an incoming initiate packet

Called mostly for side-effects, but the return value matters.

Deal with an incoming initiate packet

Called mostly for side-effects, but the return value matters.
raw docstring

(extract-cookie log-state
                {:keys [:frereth.cp.server.state/minute-key
                        :frereth.cp.server.state/last-minute-key]
                 :as cookie-cutter}
                initiate)

Verify we can open our original cookie and secrets match

This corresponds to lines 359-368.

Verify we can open our original cookie and secrets match

This corresponds to lines 359-368. 
raw docstring

forward-message-portion!clj

(forward-message-portion! {:keys [:frereth.weald.specs/logger]
                           log-state :frereth.weald.specs/state
                           :as state}
                          {:keys [:frereth.cp.server.state/client-security]
                           child-state :frereth.cp.shared.child/state
                           :as client}
                          {child-message :frereth.cp.shared.constants/message
                           :as client-message-box})

Forward the message to our new(?) child

Forward the message to our new(?) child
raw docstring

nonce-moduloclj


open-client-crypto-boxclj

(open-client-crypto-box log-state
                        {:keys [:frereth.cp.shared.constants/outer-i-nonce]
                         vouch-wrapper
                           :frereth.cp.shared.constants/vouch-wrapper
                         :as initiate}
                        client-short<->server-short)

packet-header-lengthclj


possibly-re-initiate-existing-client-connectionclj

(possibly-re-initiate-existing-client-connection
  {log-state :frereth.weald.specs/state :as state}
  {packet-nonce-bytes :frereth.cp.shared.specs/nonce :as initiate})

Client can send as many Initiate packets as it likes.

If this matches a connection we've already seen, caller can/should skip client initialization and just append the Message portion to the child-handler's queue.

returns: handled? true: client has already seen this message. Discard it. false: Need to forward this message along clint-state truthy: forward message to this existing client falsey: have to allocate/configure a new client

This seems like it ought to be part of a bigger, more comprehensive event handling system.

To be fair, this ns is pretty special.

Client can send as many Initiate packets as it likes.

If this matches a connection we've already seen, caller
can/should skip client initialization and just append the
Message portion to the child-handler's queue.

returns:
  handled?
    true: client has already seen this message. Discard it.
    false: Need to forward this message along
  clint-state
    truthy: forward message to this existing client
    falsey: have to allocate/configure a new client

This seems like it ought to be part of a bigger, more comprehensive
event handling system.

To be fair, this ns *is* pretty special.
raw docstring

unbox-innermost-keyclj

(unbox-innermost-key log-state
                     {:keys [:frereth.cp.shared/long-pair] :as my-keys}
                     {:keys [:frereth.cp.shared.constants/hidden-client-short-pk
                             :frereth.cp.shared.constants/inner-i-nonce
                             :frereth.cp.shared.constants/long-term-public-key]
                      :as client-message-box})

We unwrapped the our original cookie, using the minute-key.

And the actual message box using the client's short-term public key. That box included the client's long-term public key.

Now there's a final box nested that contains the short-term key again, encrypted with the long-term key.

This step verifies that the client really does have access to that long-term key.

It's flagged as "optional" in the reference implementation, but that seems a bit silly.

This corresponds, roughly, to lines 382-391 in the reference implementation.

Note that that includes TODOs re:

  • impose policy limitations on clients: known, maxconn
  • for known clients, retrieve shared secret from cache
We unwrapped the our original cookie, using the minute-key.

And the actual message box using the client's short-term public key.
That box included the client's long-term public key.

Now there's a final box nested that contains the short-term key again,
encrypted with the long-term key.

This step verifies that the client really does have access to that long-term
key.

It's flagged as "optional" in the reference implementation, but that seems
a bit silly.

This corresponds, roughly, to lines 382-391 in the reference implementation.

Note that that includes TODOs re:
* impose policy limitations on clients: known, maxconn
* for known clients, retrieve shared secret from cache
raw docstring

validate-server-nameclj

(validate-server-name log-state
                      {my-name :frereth.cp.shared.specs/srvr-name :as my-keys}
                      {rcvd-name :frereth.cp.shared.constants/srvr-name
                       :as inner-client-box})

cljdoc is a website building & hosting documentation for Clojure/Script libraries

× close