- build-and-configure-client-basics
- build-new-client
- client-public-key-triad-matches?
- client-short-pk-matches-cookie?
- create-child
- decompose-initiate-packet
- decrypt-cookie
- decrypt-initiate-box
- do-fork-child!
- do-handle
- extract-cookie
- forward-message-portion!
- nonce-modulo
- open-client-crypto-box
- packet-header-length
- possibly-re-initiate-existing-client-connection
- unbox-innermost-key
- validate-server-name
frereth.cp.server.initiate
For coping with Initiate packets
This is the part that possibly establishes a 'connection'
For coping with Initiate packets This is the part that possibly establishes a 'connection'
build-and-configure-client-basicsclj
(build-and-configure-client-basics
log-state
packet
{:keys [:frereth.cp.shared.templates/srvr-short-sk] :as cookie}
initiate)build-new-clientclj
(build-new-client {log-state :frereth.weald.specs/state
:keys [:frereth.cp.server.state/cookie-cutter state
:frereth.cp.shared/my-keys]}
packet
{:keys [:frereth.cp.shared.constants/clnt-short-pk]
:as initiate})client-public-key-triad-matches?clj
(client-public-key-triad-matches? log-state
{:keys [:frereth.cp.shared/long-pair]
:as my-keys}
client-short-pk
client-message-box)client-short-pk-matches-cookie?clj
(client-short-pk-matches-cookie?
log-state
{:keys [:frereth.cp.shared.constants/clnt-short-pk] :as initiate}
hidden-pk)Does the claimed short-term public key match our cookie?
i.e. Does this client even pretend that it's the one to which we sent that cookie?
Does the claimed short-term public key match our cookie? i.e. Does this client even pretend that it's the one to which we sent that cookie?
create-childclj
(create-child log-state
{:keys [:frereth.cp.server.state/cookie-cutter
:frereth.cp.shared/my-keys]}
packet
initiate)decompose-initiate-packetclj
(decompose-initiate-packet packet-length message-packet)Extract the raw outer portions of a Client Initiate Packet
Extract the raw outer portions of a Client Initiate Packet
decrypt-cookieclj
(decrypt-cookie log-state
{:keys [:frereth.cp.server.state/minute-key
:frereth.cp.server.state/last-minute-key]
:as cookie-cutter}
hello-cookie)Open the cookie we sent the client
Open the cookie we sent the client
decrypt-initiate-boxclj
(decrypt-initiate-box log-state shared-key nonce-suffix box)Decrypts the final 368+M byte box at packet's end
There's a lot of data in here.
Decrypts the final 368+M byte box at packet's end There's a lot of data in here.
do-fork-child!clj
(do-fork-child!
{log-state :frereth.weald.specs/state
:keys [:frereth.weald.specs/logger :frereth.cp.shared/network-packet
:frereth.cp.shared.specs/clnt-xtn :frereth.cp.shared.specs/srvr-xtn
:frereth.cp.shared.specs/crypto-key]
:as builder-params}
active-client)do-handleclj
(do-handle {log-state :frereth.weald.specs/state
:keys [:frereth.weald.specs/logger]
:as state}
{:keys [:host :port :message] :as packet})Deal with an incoming initiate packet
Called mostly for side-effects, but the return value matters.
Deal with an incoming initiate packet Called mostly for side-effects, but the return value matters.
extract-cookieclj
(extract-cookie log-state
{:keys [:frereth.cp.server.state/minute-key
:frereth.cp.server.state/last-minute-key]
:as cookie-cutter}
initiate)Verify we can open our original cookie and secrets match
This corresponds to lines 359-368.
Verify we can open our original cookie and secrets match This corresponds to lines 359-368.
forward-message-portion!clj
(forward-message-portion! {:keys [:frereth.weald.specs/logger]
log-state :frereth.weald.specs/state
:as state}
{:keys [:frereth.cp.server.state/client-security]
child-state :frereth.cp.shared.child/state
:as client}
{child-message :frereth.cp.shared.constants/message
:as client-message-box})Forward the message to our new(?) child
Forward the message to our new(?) child
open-client-crypto-boxclj
(open-client-crypto-box log-state
{:keys [:frereth.cp.shared.constants/outer-i-nonce]
vouch-wrapper
:frereth.cp.shared.constants/vouch-wrapper
:as initiate}
client-short<->server-short)possibly-re-initiate-existing-client-connectionclj
(possibly-re-initiate-existing-client-connection
{log-state :frereth.weald.specs/state :as state}
{packet-nonce-bytes :frereth.cp.shared.specs/nonce :as initiate})Client can send as many Initiate packets as it likes.
If this matches a connection we've already seen, caller can/should skip client initialization and just append the Message portion to the child-handler's queue.
returns: handled? true: client has already seen this message. Discard it. false: Need to forward this message along clint-state truthy: forward message to this existing client falsey: have to allocate/configure a new client
This seems like it ought to be part of a bigger, more comprehensive event handling system.
To be fair, this ns is pretty special.
Client can send as many Initiate packets as it likes.
If this matches a connection we've already seen, caller
can/should skip client initialization and just append the
Message portion to the child-handler's queue.
returns:
handled?
true: client has already seen this message. Discard it.
false: Need to forward this message along
clint-state
truthy: forward message to this existing client
falsey: have to allocate/configure a new client
This seems like it ought to be part of a bigger, more comprehensive
event handling system.
To be fair, this ns *is* pretty special.unbox-innermost-keyclj
(unbox-innermost-key log-state
{:keys [:frereth.cp.shared/long-pair] :as my-keys}
{:keys [:frereth.cp.shared.constants/hidden-client-short-pk
:frereth.cp.shared.constants/inner-i-nonce
:frereth.cp.shared.constants/long-term-public-key]
:as client-message-box})We unwrapped the our original cookie, using the minute-key.
And the actual message box using the client's short-term public key. That box included the client's long-term public key.
Now there's a final box nested that contains the short-term key again, encrypted with the long-term key.
This step verifies that the client really does have access to that long-term key.
It's flagged as "optional" in the reference implementation, but that seems a bit silly.
This corresponds, roughly, to lines 382-391 in the reference implementation.
Note that that includes TODOs re:
- impose policy limitations on clients: known, maxconn
- for known clients, retrieve shared secret from cache
We unwrapped the our original cookie, using the minute-key. And the actual message box using the client's short-term public key. That box included the client's long-term public key. Now there's a final box nested that contains the short-term key again, encrypted with the long-term key. This step verifies that the client really does have access to that long-term key. It's flagged as "optional" in the reference implementation, but that seems a bit silly. This corresponds, roughly, to lines 382-391 in the reference implementation. Note that that includes TODOs re: * impose policy limitations on clients: known, maxconn * for known clients, retrieve shared secret from cache
validate-server-nameclj
(validate-server-name log-state
{my-name :frereth.cp.shared.specs/srvr-name :as my-keys}
{rcvd-name :frereth.cp.shared.constants/srvr-name
:as inner-client-box})cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close