Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Wire data encryption check (i.e. deny plaintext).

  • Loading branch information...
commit 5285ac42472fa8127fff3b7154a6e9d83cc6c987 1 parent 85db4b3
@karalabe karalabe authored
View
4 proto/link/link.go
@@ -176,6 +176,10 @@ func (l *Link) Close() error {
func (l *Link) SendDirect(msg *proto.Message) error {
var err error
+ // Sanity check for message data security
+ if !msg.Secure() && len(msg.Data) > 0 {
+ return errors.New("unsecured data, send denied")
+ }
// Flatten and encrypt the headers
if err = l.outCoder.Encode(msg.Head); err != nil {
return err
View
10 proto/link/link_test.go
@@ -133,6 +133,7 @@ func TestDirectSendRecv(t *testing.T) {
}
io.ReadFull(rand.Reader, send.Head.Meta.([]byte))
io.ReadFull(rand.Reader, send.Data)
+ send.Encrypt()
// Send the message from client to server
if err := clientLink.SendDirect(send); err != nil {
@@ -203,12 +204,13 @@ func TestSendRecv(t *testing.T) {
}
io.ReadFull(rand.Reader, send.Head.Meta.([]byte))
io.ReadFull(rand.Reader, send.Data)
+ send.Encrypt()
// Send the message from client to server
select {
case clientLink.Send <- send:
// Ok
- case <-time.After(25 * time.Millisecond):
+ case <-time.After(100 * time.Millisecond):
t.Fatalf("client send timed out")
}
select {
@@ -219,14 +221,14 @@ func TestSendRecv(t *testing.T) {
if bytes.Compare(send.Head.Meta.([]byte), recv.Head.Meta.([]byte)) != 0 || bytes.Compare(send.Data, recv.Data) != 0 {
t.Fatalf("send/receive mismatch: have %+v, want %+v.", recv, send)
}
- case <-time.After(25 * time.Millisecond):
+ case <-time.After(100 * time.Millisecond):
t.Fatalf("server receive timed out")
}
// Send the message from server to client
select {
case serverLink.Send <- send:
// Ok
- case <-time.After(25 * time.Millisecond):
+ case <-time.After(100 * time.Millisecond):
t.Fatalf("server send timed out")
}
select {
@@ -237,7 +239,7 @@ func TestSendRecv(t *testing.T) {
if bytes.Compare(send.Head.Meta.([]byte), recv.Head.Meta.([]byte)) != 0 || bytes.Compare(send.Data, recv.Data) != 0 {
t.Fatalf("send/receive mismatch: have %+v, want %+v.", recv, send)
}
- case <-time.After(25 * time.Millisecond):
+ case <-time.After(100 * time.Millisecond):
t.Fatalf("client receive timed out")
}
}
View
2  proto/pastry/mantenance_test.go
@@ -98,7 +98,7 @@ func TestMaintenance(t *testing.T) {
defer swapConfigs()
originals := 3
- additions := 3
+ additions := 2
// Make sure there are enough ports to use
olds := config.BootPorts
View
12 proto/pastry/routing_test.go
@@ -85,15 +85,17 @@ func TestRouting(t *testing.T) {
// Create the messages to pass around
meta := []byte{0x99, 0x98, 0x97, 0x96}
- head := proto.Header{make([]byte, len(meta)), []byte{0x00, 0x01}, []byte{0x02, 0x03}}
- copy(head.Meta.([]byte), meta)
-
msgs := make([][]proto.Message, originals)
for i := 0; i < originals; i++ {
msgs[i] = make([]proto.Message, originals)
for j := 0; j < originals; j++ {
- msgs[i][j].Head = head
- msgs[i][j].Data = []byte(nodes[i].nodeId.String() + nodes[j].nodeId.String())
+ msgs[i][j] = proto.Message{
+ Head: proto.Header{
+ Meta: meta,
+ },
+ Data: []byte(nodes[i].nodeId.String() + nodes[j].nodeId.String()),
+ }
+ msgs[i][j].Encrypt()
}
}
// Check that each node can route to everybody
View
12 proto/proto.go
@@ -24,8 +24,9 @@ package proto
import (
"crypto/cipher"
"crypto/rand"
- "github.com/karalabe/iris/config"
"io"
+
+ "github.com/karalabe/iris/config"
)
// Baseline message headers.
@@ -39,6 +40,8 @@ type Header struct {
type Message struct {
Head Header // Baseline headers
Data []byte // Payload in plain or ciphertext form
+
+ secure bool // Flag specifying whether the data segment was encrypted or not
}
// Encrypts a plaintext message with a temporary key and IV.
@@ -63,6 +66,8 @@ func (m *Message) Encrypt() error {
stream.XORKeyStream(m.Data, m.Data)
m.Head.Key = key
m.Head.Iv = iv
+
+ m.secure = true
return nil
}
@@ -81,3 +86,8 @@ func (m *Message) Decrypt() error {
m.Head.Iv = nil
return nil
}
+
+// Returns whether the message was secured or not.
+func (m *Message) Secure() bool {
+ return m.secure
+}
View
70 proto/session/session_test.go
@@ -29,7 +29,6 @@ import (
"testing"
"time"
- "github.com/karalabe/iris/config"
"github.com/karalabe/iris/proto"
)
@@ -44,7 +43,7 @@ func TestForward(t *testing.T) {
if err != nil {
t.Fatalf("failed to start the session listener: %v.", err)
}
- sock.Accept(10 * time.Millisecond)
+ sock.Accept(100 * time.Millisecond)
client, err := Dial("localhost", addr.Port, key)
if err != nil {
@@ -59,17 +58,14 @@ func TestForward(t *testing.T) {
// Generate the messages to transmit
msgs := make([]proto.Message, 1000)
for i := 0; i < len(msgs); i++ {
- blob := make([]byte, 768)
- io.ReadFull(rand.Reader, blob)
-
msgs[i] = proto.Message{
Head: proto.Header{
Meta: []byte("meta"),
- Key: blob[0:256],
- Iv: blob[256:512],
},
- Data: blob[512:768],
+ Data: make([]byte, 256),
}
+ io.ReadFull(rand.Reader, msgs[i].Data)
+ msgs[i].Encrypt()
}
// Send from client to server
go func() {
@@ -82,7 +78,7 @@ func TestForward(t *testing.T) {
select {
case msg := <-server.CtrlLink.Recv:
recvs[i] = *msg
- case <-time.After(50 * time.Millisecond):
+ case <-time.After(100 * time.Millisecond):
t.Fatalf("receive timed out")
break
}
@@ -104,7 +100,7 @@ func TestForward(t *testing.T) {
select {
case msg := <-client.CtrlLink.Recv:
recvs[i] = *msg
- case <-time.After(50 * time.Millisecond):
+ case <-time.After(100 * time.Millisecond):
t.Fatalf("receive timed out")
break
}
@@ -126,8 +122,8 @@ func TestForward(t *testing.T) {
if err != nil {
t.Fatalf("failed to close a session: %v.", err)
}
- case <-time.After(25 * time.Millisecond):
- t.Fatalf("failed to tear down session in %v.", 25*time.Millisecond)
+ case <-time.After(100 * time.Millisecond):
+ t.Fatalf("session tear-down timeout.")
}
}
// Tear down the listener
@@ -189,7 +185,7 @@ func benchmarkLatency(b *testing.B, block int) {
if err != nil {
b.Fatalf("failed to start the session listener: %v.", err)
}
- sock.Accept(10 * time.Millisecond)
+ sock.Accept(100 * time.Millisecond)
client, err := Dial("localhost", addr.Port, key)
if err != nil {
@@ -201,23 +197,18 @@ func benchmarkLatency(b *testing.B, block int) {
client.Start(64)
server.Start(64)
- // Create a header of the right size
- msgKey := make([]byte, config.PacketCipherBits/8)
- io.ReadFull(rand.Reader, msgKey)
- cipher, _ := config.PacketCipher(msgKey)
-
- iv := make([]byte, cipher.BlockSize())
- io.ReadFull(rand.Reader, iv)
-
- head := proto.Header{[]byte{0x99, 0x98, 0x97, 0x96}, msgKey, iv}
-
// Generate a large batch of random data to forward
b.SetBytes(int64(block))
msgs := make([]proto.Message, b.N)
for i := 0; i < b.N; i++ {
- msgs[i].Head = head
- msgs[i].Data = make([]byte, block)
+ msgs[i] = proto.Message{
+ Head: proto.Header{
+ Meta: []byte{0x99, 0x98, 0x97, 0x96},
+ },
+ Data: make([]byte, block),
+ }
io.ReadFull(rand.Reader, msgs[i].Data)
+ msgs[i].Encrypt()
}
// Create the client and server runner routines with a sync channel
syncer := make(chan struct{})
@@ -260,8 +251,8 @@ func benchmarkLatency(b *testing.B, block int) {
if err != nil {
b.Fatalf("failed to close a session: %v.", err)
}
- case <-time.After(25 * time.Millisecond):
- b.Fatalf("failed to tear down session in %v.", 25*time.Millisecond)
+ case <-time.After(100 * time.Millisecond):
+ b.Fatalf("session tear-down timeout.")
}
}
// Tear down the listener
@@ -323,7 +314,7 @@ func benchmarkThroughput(b *testing.B, block int) {
if err != nil {
b.Fatalf("failed to start the session listener: %v.", err)
}
- sock.Accept(10 * time.Millisecond)
+ sock.Accept(100 * time.Millisecond)
client, err := Dial("localhost", addr.Port, key)
if err != nil {
@@ -335,23 +326,18 @@ func benchmarkThroughput(b *testing.B, block int) {
client.Start(64)
server.Start(64)
- // Create a header of the right size
- msgKey := make([]byte, config.PacketCipherBits/8)
- io.ReadFull(rand.Reader, msgKey)
- cipher, _ := config.PacketCipher(msgKey)
-
- iv := make([]byte, cipher.BlockSize())
- io.ReadFull(rand.Reader, iv)
-
- head := proto.Header{[]byte{0x99, 0x98, 0x97, 0x96}, msgKey, iv}
-
// Generate a large batch of random data to forward
b.SetBytes(int64(block))
msgs := make([]proto.Message, b.N)
for i := 0; i < b.N; i++ {
- msgs[i].Head = head
- msgs[i].Data = make([]byte, block)
+ msgs[i] = proto.Message{
+ Head: proto.Header{
+ Meta: []byte{0x99, 0x98, 0x97, 0x96},
+ },
+ Data: make([]byte, block),
+ }
io.ReadFull(rand.Reader, msgs[i].Data)
+ msgs[i].Encrypt()
}
// Create the client and server runner routines
var run sync.WaitGroup
@@ -391,8 +377,8 @@ func benchmarkThroughput(b *testing.B, block int) {
if err != nil {
b.Fatalf("failed to close a session: %v.", err)
}
- case <-time.After(25 * time.Millisecond):
- b.Fatalf("failed to tear down session in %v.", 25*time.Millisecond)
+ case <-time.After(100 * time.Millisecond):
+ b.Fatalf("session tear-down timeout.")
}
}
// Tear down the listener
Please sign in to comment.
Something went wrong with that request. Please try again.