From 76c28b7e4eb918e4974d29165d1a91a91941a560 Mon Sep 17 00:00:00 2001 From: Martichou Date: Tue, 13 Feb 2024 01:39:12 +0100 Subject: [PATCH] feat: add TcpListener & parse proto This is a start; implementing the whole protocol will take time and will be done one part after another. For now I get the first frame and I'm happy with that. Signed-off-by: Martichou --- .github/workflows/build_ubuntu.yml | 2 + .github/workflows/clippy.yml | 2 + .gitignore | 1 + .vscode/settings.json | 3 + Cargo.lock | 294 ++++++++++++- Cargo.toml | 6 +- build.rs | 16 + src/main.rs | 35 +- src/manager.rs | 137 ++++++ src/proto_src/device_to_device_messages.proto | 81 ++++ src/proto_src/offline_wire_formats.proto | 403 ++++++++++++++++++ src/proto_src/securegcm.proto | 308 +++++++++++++ src/proto_src/securemessage.proto | 126 ++++++ src/proto_src/ukey.proto | 105 +++++ src/proto_src/wire_format.proto | 236 ++++++++++ src/utils.rs | 25 ++ 16 files changed, 1760 insertions(+), 20 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 build.rs create mode 100644 src/manager.rs create mode 100644 src/proto_src/device_to_device_messages.proto create mode 100644 src/proto_src/offline_wire_formats.proto create mode 100644 src/proto_src/securegcm.proto create mode 100644 src/proto_src/securemessage.proto create mode 100644 src/proto_src/ukey.proto create mode 100644 src/proto_src/wire_format.proto diff --git a/.github/workflows/build_ubuntu.yml b/.github/workflows/build_ubuntu.yml index 572ec2b..efd0eb2 100644 --- a/.github/workflows/build_ubuntu.yml +++ b/.github/workflows/build_ubuntu.yml @@ -20,4 +20,6 @@ jobs: - uses: actions/checkout@v3 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 + - name: Install Protoc + uses: arduino/setup-protoc@v3 - run: cargo build \ No newline at end of file diff --git a/.github/workflows/clippy.yml b/.github/workflows/clippy.yml index b59b904..1af457c 100644 --- a/.github/workflows/clippy.yml +++ b/.github/workflows/clippy.yml @@ -20,4 +20,6 @@ jobs: - uses: actions/checkout@v3 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 + - name: Install Protoc + uses: arduino/setup-protoc@v3 - run: cargo clippy --all-features --all \ No newline at end of file diff --git a/.gitignore b/.gitignore index ea8c4bf..b24d538 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /target +proto_comp/ \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..e931c34 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "rust-analyzer.showUnlinkedFileNotification": false +} \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index 0d849f1..5c28138 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -83,6 +83,12 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" +[[package]] +name = "bitflags" +version = "2.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" + [[package]] name = "bytes" version = "1.5.0" @@ -125,6 +131,40 @@ version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" +[[package]] +name = "either" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a" + +[[package]] +name = "equivalent" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" + +[[package]] +name = "errno" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "fastrand" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" + +[[package]] +name = "fixedbitset" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80" + [[package]] name = "flume" version = "0.11.0" @@ -212,12 +252,27 @@ dependencies = [ "allocator-api2", ] +[[package]] +name = "heck" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" + [[package]] name = "hermit-abi" version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0c62115964e08cb8039170eb33c1d0e2388a256930279edca206fff675f82c3" +[[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys 0.52.0", +] + [[package]] name = "if-addrs" version = "0.10.2" @@ -225,7 +280,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cabb0019d51a643781ff15c9c8a3e5dedc365c47211270f4e8f82812fedd8f0a" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.48.0", +] + +[[package]] +name = "indexmap" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177" +dependencies = [ + "equivalent", + "hashbrown", ] [[package]] @@ -238,6 +303,15 @@ dependencies = [ "mach", ] +[[package]] +name = "itertools" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1c173a5686ce8bfa551b3563d0c2170bf24ca44da99c7ca4bfdab5418c3fe57" +dependencies = [ + "either", +] + [[package]] name = "lazy_static" version = "1.4.0" @@ -250,6 +324,12 @@ version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +[[package]] +name = "linux-raw-sys" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" + [[package]] name = "lock_api" version = "0.4.11" @@ -320,9 +400,15 @@ checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09" dependencies = [ "libc", "wasi", - "windows-sys", + "windows-sys 0.48.0", ] +[[package]] +name = "multimap" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" + [[package]] name = "nu-ansi-term" version = "0.46.0" @@ -364,6 +450,16 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" +[[package]] +name = "petgraph" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1d3afd2628e69da2be385eb6f2fd57c8ac7977ceeff6dc166ff1657b0e386a9" +dependencies = [ + "fixedbitset", + "indexmap", +] + [[package]] name = "pin-project-lite" version = "0.2.13" @@ -383,13 +479,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b2d323e8ca7996b3e23126511a523f7e62924d93ecd5ae73b333815b0eb3dce" dependencies = [ "autocfg", - "bitflags", + "bitflags 1.3.2", "cfg-if", "concurrent-queue", "libc", "log", "pin-project-lite", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -398,6 +494,16 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +[[package]] +name = "prettyplease" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5" +dependencies = [ + "proc-macro2", + "syn", +] + [[package]] name = "proc-macro2" version = "1.0.78" @@ -407,6 +513,60 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "prost" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "146c289cda302b98a28d40c8b3b90498d6e526dd24ac2ecea73e4e491685b94a" +dependencies = [ + "bytes", + "prost-derive", +] + +[[package]] +name = "prost-build" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c55e02e35260070b6f716a2423c2ff1c3bb1642ddca6f99e1f26d06268a0e2d2" +dependencies = [ + "bytes", + "heck", + "itertools", + "log", + "multimap", + "once_cell", + "petgraph", + "prettyplease", + "prost", + "prost-types", + "regex", + "syn", + "tempfile", + "which", +] + +[[package]] +name = "prost-derive" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efb6c9a1dd1def8e2124d17e83a20af56f1570d6c2d2bd9e266ccb768df3840e" +dependencies = [ + "anyhow", + "itertools", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "prost-types" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "193898f59edcf43c26227dcd4c8427f00d99d61e95dcde58dabd49fa291d470e" +dependencies = [ + "prost", +] + [[package]] name = "quote" version = "1.0.35" @@ -499,6 +659,8 @@ dependencies = [ "log", "mdns-sd", "once_cell", + "prost", + "prost-build", "rand", "sys_metrics", "tokio", @@ -512,6 +674,19 @@ version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +[[package]] +name = "rustix" +version = "0.38.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +dependencies = [ + "bitflags 2.4.2", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.52.0", +] + [[package]] name = "scopeguard" version = "1.2.0" @@ -579,7 +754,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -617,6 +792,18 @@ dependencies = [ "serde", ] +[[package]] +name = "tempfile" +version = "3.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a365e8cd18e44762ef95d87f284f4b5cd04107fec2ff3052bd6a3e6069669e67" +dependencies = [ + "cfg-if", + "fastrand", + "rustix", + "windows-sys 0.52.0", +] + [[package]] name = "thread_local" version = "1.1.7" @@ -634,13 +821,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" dependencies = [ "backtrace", + "bytes", "libc", "mio", "num_cpus", "pin-project-lite", "socket2 0.5.5", "tokio-macros", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -742,6 +930,18 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "winapi" version = "0.3.9" @@ -770,7 +970,16 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.0", ] [[package]] @@ -779,13 +988,28 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +dependencies = [ + "windows_aarch64_gnullvm 0.52.0", + "windows_aarch64_msvc 0.52.0", + "windows_i686_gnu 0.52.0", + "windows_i686_msvc 0.52.0", + "windows_x86_64_gnu 0.52.0", + "windows_x86_64_gnullvm 0.52.0", + "windows_x86_64_msvc 0.52.0", ] [[package]] @@ -794,42 +1018,84 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" + [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" + [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +[[package]] +name = "windows_i686_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" + [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +[[package]] +name = "windows_i686_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" + [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" + [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" + [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" + [[package]] name = "zerocopy" version = "0.7.32" diff --git a/Cargo.toml b/Cargo.toml index 7ee60ce..28045ce 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,7 +7,7 @@ edition = "2021" [dependencies] anyhow = "1.0" -tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "sync", "time"] } +tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "sync", "time", "io-util"] } log = "0.4" tracing-subscriber = { version = "0.3", features = ["env-filter"] } base64 = "0.21" @@ -16,3 +16,7 @@ mdns-sd = "0.10" sys_metrics = "0.2.6" once_cell = "1.0" tokio-util = { version = "0.7", features = ["rt"] } +prost = "0.12" + +[build-dependencies] +prost-build = "0.12" \ No newline at end of file diff --git a/build.rs b/build.rs new file mode 100644 index 0000000..16a9c09 --- /dev/null +++ b/build.rs @@ -0,0 +1,16 @@ +extern crate prost_build; + +fn main() { + prost_build::compile_protos( + &[ + "src/proto_src/device_to_device_messages.proto", + "src/proto_src/offline_wire_formats.proto", + "src/proto_src/securegcm.proto", + "src/proto_src/securemessage.proto", + "src/proto_src/ukey.proto", + "src/proto_src/wire_format.proto", + ], + &["src/proto_src"], + ) + .unwrap(); +} diff --git a/src/main.rs b/src/main.rs index ab9f181..b3b8ec9 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,13 +1,32 @@ +#[macro_use] +extern crate log; + +use manager::TcpServer; use mdns::MDnsServer; +use tokio::net::TcpListener; use tokio_util::{sync::CancellationToken, task::TaskTracker}; use utils::DeviceType; -#[macro_use] -extern crate log; - +mod manager; mod mdns; mod utils; +pub mod sharing_nearby { + include!(concat!(env!("OUT_DIR"), "/sharing.nearby.rs")); +} + +pub mod securemessage { + include!(concat!(env!("OUT_DIR"), "/securemessage.rs")); +} + +pub mod securegcm { + include!(concat!(env!("OUT_DIR"), "/securegcm.rs")); +} + +pub mod location_nearby_connections { + include!(concat!(env!("OUT_DIR"), "/location.nearby.connections.rs")); +} + #[tokio::main] async fn main() -> Result<(), anyhow::Error> { @@ -22,9 +41,15 @@ async fn main() -> Result<(), anyhow::Error> { let tracker = TaskTracker::new(); let token = CancellationToken::new(); - let service_port = 1234; + let tcp_listener = TcpListener::bind("0.0.0.0:0").await?; + let binded_addr = tcp_listener.local_addr()?; + info!("TcpListener on: {}", binded_addr); + + let server = TcpServer::new(tcp_listener)?; + let ctk = token.clone(); + tracker.spawn(async move { server.run(ctk).await }); - let mdns = MDnsServer::new(service_port, DeviceType::Laptop)?; + let mdns = MDnsServer::new(binded_addr.port(), DeviceType::Laptop)?; let ctk = token.clone(); tracker.spawn(async move { mdns.run(ctk).await }); diff --git a/src/manager.rs b/src/manager.rs new file mode 100644 index 0000000..3e9c57f --- /dev/null +++ b/src/manager.rs @@ -0,0 +1,137 @@ +use std::collections::HashMap; +use std::net::SocketAddr; +use std::sync::{Arc, Mutex}; + +use prost::Message; +use tokio::net::{TcpListener, TcpStream}; +use tokio_util::sync::CancellationToken; + +use crate::location_nearby_connections::OfflineFrame; +use crate::utils::stream_read_exact; + +const INNER_NAME: &str = "TcpServer"; + +#[allow(dead_code)] +#[derive(Debug, Clone)] +pub enum State { + Initial, + ReceivedConnectionRequest, + SentUkeyServerInit, + ReceivedUkeyClientFinish, + SentConnectionResponse, + SentPairedKeyResult, + ReceivedPairedKeyResult, + WaitingForUserConsent, + ReceivingFiles, + Disconnected, +} + +type ArcState = Arc>>; + +pub struct TcpServer { + tcp_listener: TcpListener, + states: ArcState, +} + +impl TcpServer { + pub fn new(tcp_listener: TcpListener) -> Result { + Ok(Self { + tcp_listener, + states: Arc::default(), + }) + } + + pub async fn run(&self, ctk: CancellationToken) -> Result<(), anyhow::Error> { + info!("{INNER_NAME}: service starting"); + + loop { + let cctk = ctk.clone(); + let states = self.states.clone(); + + tokio::select! { + _ = ctk.cancelled() => { + info!("{INNER_NAME}: tracker cancelled, breaking"); + break; + } + r = self.tcp_listener.accept() => { + match r { + Ok((socket, remote_addr)) => { + trace!("New client: {remote_addr}"); + + tokio::spawn(async move { + let copied_state; + { // Ensure the lock guard is dropped pretty fast + let mut states_lock = states.lock().unwrap(); + copied_state = states_lock.entry(remote_addr).or_insert(State::Initial).clone(); + } + + // info!("State is: {:?}", state); + let r = Self::handle_new_client(socket, cctk, copied_state).await; + match r { + Ok(new_state) => { + let mut states_lock = states.lock().unwrap(); + states_lock.entry(remote_addr).and_modify(|e| { *e = new_state }); + } + Err(e) => { + error!("Error while handling client: {e}"); + let mut states_lock = states.lock().unwrap(); + states_lock.remove(&remote_addr); + } + } + }); + }, + Err(err) => { + error!("TcpListener: error accepting: {}", err); + } + } + } + } + } + + Ok(()) + } + + pub async fn handle_new_client( + mut socket: TcpStream, + _ctk: CancellationToken, + _state: State, + ) -> Result { + // Buffer for the 4-byte length + let mut length_buf = [0u8; 4]; + stream_read_exact(&mut socket, &mut length_buf).await?; + + let msg_length = u32::from_be_bytes(length_buf) as usize; + // Ensure the message length is not unreasonably big to avoid allocation attacks + if msg_length > 5 * 1024 * 1024 { + error!("Message length too big"); + return Err(anyhow::Error::msg("value")); + } + + // Allocate buffer for the actual message and read it + let mut msg_buf = vec![0u8; msg_length]; + stream_read_exact(&mut socket, &mut msg_buf).await?; + + info!("Received message of length: {}", msg_length); + let offline_frame = OfflineFrame::decode(&*msg_buf); + let offline_frame = offline_frame.unwrap(); + + match offline_frame.version() { + crate::location_nearby_connections::offline_frame::Version::UnknownVersion => { + todo!() + } + crate::location_nearby_connections::offline_frame::Version::V1 => { + let v1_frame = offline_frame.v1.unwrap(); + match v1_frame.r#type() { + crate::location_nearby_connections::v1_frame::FrameType::UnknownFrameType => todo!(), + crate::location_nearby_connections::v1_frame::FrameType::ConnectionRequest => todo!(), + crate::location_nearby_connections::v1_frame::FrameType::ConnectionResponse => todo!(), + crate::location_nearby_connections::v1_frame::FrameType::PayloadTransfer => todo!(), + crate::location_nearby_connections::v1_frame::FrameType::BandwidthUpgradeNegotiation => todo!(), + crate::location_nearby_connections::v1_frame::FrameType::KeepAlive => todo!(), + crate::location_nearby_connections::v1_frame::FrameType::Disconnection => todo!(), + crate::location_nearby_connections::v1_frame::FrameType::PairedKeyEncryption => todo!(), + } + } + } + } +} diff --git a/src/proto_src/device_to_device_messages.proto b/src/proto_src/device_to_device_messages.proto new file mode 100644 index 0000000..5600373 --- /dev/null +++ b/src/proto_src/device_to_device_messages.proto @@ -0,0 +1,81 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto2"; + +package securegcm; + +import "securemessage.proto"; + +option optimize_for = LITE_RUNTIME; +option java_package = "com.google.security.cryptauth.lib.securegcm"; +option java_outer_classname = "DeviceToDeviceMessagesProto"; +option objc_class_prefix = "SGCM"; + +// Used by protocols between devices +message DeviceToDeviceMessage { + // the payload of the message + optional bytes message = 1; + + // the sequence number of the message - must be increasing. + optional int32 sequence_number = 2; +} + +// sent as the first message from initiator to responder +// in an unauthenticated Diffie-Hellman Key Exchange +message InitiatorHello { + // The session public key to send to the responder + optional securemessage.GenericPublicKey public_dh_key = 1; + + // The protocol version + optional int32 protocol_version = 2 [default = 0]; +} + +// sent inside the header of the first message from the responder to the +// initiator in an unauthenticated Diffie-Hellman Key Exchange +message ResponderHello { + // The session public key to send to the initiator + optional securemessage.GenericPublicKey public_dh_key = 1; + + // The protocol version + optional int32 protocol_version = 2 [default = 0]; +} + +// Type of curve +enum Curve { ED_25519 = 1; } + +// A convenience proto for encoding curve points in affine representation +message EcPoint { + required Curve curve = 1; + + // x and y are encoded in big-endian two's complement + // client MUST verify (x,y) is a valid point on the specified curve + required bytes x = 2; + required bytes y = 3; +} + +message SpakeHandshakeMessage { + // Each flow in the protocol bumps this counter + optional int32 flow_number = 1; + + // Some (but not all) SPAKE flows send a point on an elliptic curve + optional EcPoint ec_point = 2; + + // Some (but not all) SPAKE flows send a hash value + optional bytes hash_value = 3; + + // The last flow of a SPAKE protocol can send an optional payload, + // since the key exchange is already complete on the sender's side. + optional bytes payload = 4; +} diff --git a/src/proto_src/offline_wire_formats.proto b/src/proto_src/offline_wire_formats.proto new file mode 100644 index 0000000..c112004 --- /dev/null +++ b/src/proto_src/offline_wire_formats.proto @@ -0,0 +1,403 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto2"; + +package location.nearby.connections; + +option optimize_for = LITE_RUNTIME; +option java_outer_classname = "OfflineWireFormatsProto"; +option java_package = "com.google.location.nearby.connections.proto"; +option objc_class_prefix = "GNCP"; + +message OfflineFrame { + enum Version { + UNKNOWN_VERSION = 0; + V1 = 1; + } + optional Version version = 1; + + // Right now there's only 1 version, but if there are more, exactly one of + // the following fields will be set. + optional V1Frame v1 = 2; +} + +message V1Frame { + enum FrameType { + UNKNOWN_FRAME_TYPE = 0; + CONNECTION_REQUEST = 1; + CONNECTION_RESPONSE = 2; + PAYLOAD_TRANSFER = 3; + BANDWIDTH_UPGRADE_NEGOTIATION = 4; + KEEP_ALIVE = 5; + DISCONNECTION = 6; + PAIRED_KEY_ENCRYPTION = 7; + } + optional FrameType type = 1; + + // Exactly one of the following fields will be set. + optional ConnectionRequestFrame connection_request = 2; + optional ConnectionResponseFrame connection_response = 3; + optional PayloadTransferFrame payload_transfer = 4; + optional BandwidthUpgradeNegotiationFrame bandwidth_upgrade_negotiation = 5; + optional KeepAliveFrame keep_alive = 6; + optional DisconnectionFrame disconnection = 7; + optional PairedKeyEncryptionFrame paired_key_encryption = 8; +} + +message ConnectionRequestFrame { + // Should always match cs/symbol:location.nearby.proto.connections.Medium + // LINT.IfChange + enum Medium { + UNKNOWN_MEDIUM = 0; + MDNS = 1 [deprecated = true]; + BLUETOOTH = 2; + WIFI_HOTSPOT = 3; + BLE = 4; + WIFI_LAN = 5; + WIFI_AWARE = 6; + NFC = 7; + WIFI_DIRECT = 8; + WEB_RTC = 9; + BLE_L2CAP = 10; + USB = 11; + } + // LINT.ThenChange(//depot/google3/third_party/nearby/proto/connections_enums.proto) + + optional string endpoint_id = 1; + optional string endpoint_name = 2; + optional bytes handshake_data = 3; + // A random number generated for each outgoing connection that is presently + // used to act as a tiebreaker when 2 devices connect to each other + // simultaneously; this can also be used for other initialization-scoped + // things in the future. + optional int32 nonce = 4; + // The mediums this device supports upgrading to. This list should be filtered + // by both the strategy and this device's individual limitations. + repeated Medium mediums = 5; + optional bytes endpoint_info = 6; + optional MediumMetadata medium_metadata = 7; + optional int32 keep_alive_interval_millis = 8; + optional int32 keep_alive_timeout_millis = 9; + // The type of {@link Device} object. + optional int32 device_type = 10 [default = 0]; + // The bytes of serialized {@link Device} object. + optional bytes device_info = 11; +} + +message ConnectionResponseFrame { + // This doesn't need to send back endpoint_id and endpoint_name (like + // the ConnectionRequestFrame does) because those have already been + // transmitted out-of-band, at the time this endpoint was discovered. + + // One of: + // + // - ConnectionsStatusCodes.STATUS_OK + // - ConnectionsStatusCodes.STATUS_CONNECTION_REJECTED. + optional int32 status = 1 [deprecated = true]; + optional bytes handshake_data = 2; + + // Used to replace the status integer parameter with a meaningful enum item. + // Map ConnectionsStatusCodes.STATUS_OK to ACCEPT and + // ConnectionsStatusCodes.STATUS_CONNECTION_REJECTED to REJECT. + // Flag: connection_replace_status_with_response_connectionResponseFrame + enum ResponseStatus { + UNKNOWN_RESPONSE_STATUS = 0; + ACCEPT = 1; + REJECT = 2; + } + optional ResponseStatus response = 3; + optional OsInfo os_info = 4; + // A bitmask value to indicate which medium supports Multiplex transmission + // feature. Each supporting medium could utilize one bit starting from the + // least significant bit in this field. eq. BT utilizes the LSB bit which 0x01 + // means bt supports multiplex while 0x00 means not. Refer to ClientProxy.java + // for the bit usages. + optional int32 multiplex_socket_bitmask = 5; + optional int32 nearby_connections_version = 6; +} + +message PayloadTransferFrame { + enum PacketType { + UNKNOWN_PACKET_TYPE = 0; + DATA = 1; + CONTROL = 2; + } + + message PayloadHeader { + enum PayloadType { + UNKNOWN_PAYLOAD_TYPE = 0; + BYTES = 1; + FILE = 2; + STREAM = 3; + } + optional int64 id = 1; + optional PayloadType type = 2; + optional int64 total_size = 3; + optional bool is_sensitive = 4; + optional string file_name = 5; + optional string parent_folder = 6; + } + + // Accompanies DATA packets. + message PayloadChunk { + enum Flags { + LAST_CHUNK = 0x1; + } + optional int32 flags = 1; + optional int64 offset = 2; + optional bytes body = 3; + } + + // Accompanies CONTROL packets. + message ControlMessage { + enum EventType { + UNKNOWN_EVENT_TYPE = 0; + PAYLOAD_ERROR = 1; + PAYLOAD_CANCELED = 2; + PAYLOAD_RECEIVED_ACK = 3; + } + + optional EventType event = 1; + optional int64 offset = 2; + } + + optional PacketType packet_type = 1; + optional PayloadHeader payload_header = 2; + + // Exactly one of the following fields will be set, depending on the type. + optional PayloadChunk payload_chunk = 3; + optional ControlMessage control_message = 4; +} + +message BandwidthUpgradeNegotiationFrame { + enum EventType { + UNKNOWN_EVENT_TYPE = 0; + UPGRADE_PATH_AVAILABLE = 1; + LAST_WRITE_TO_PRIOR_CHANNEL = 2; + SAFE_TO_CLOSE_PRIOR_CHANNEL = 3; + CLIENT_INTRODUCTION = 4; + UPGRADE_FAILURE = 5; + CLIENT_INTRODUCTION_ACK = 6; + } + + // Accompanies UPGRADE_PATH_AVAILABLE and UPGRADE_FAILURE events. + message UpgradePathInfo { + // Should always match cs/symbol:location.nearby.proto.connections.Medium + enum Medium { + UNKNOWN_MEDIUM = 0; + MDNS = 1 [deprecated = true]; + BLUETOOTH = 2; + WIFI_HOTSPOT = 3; + BLE = 4; + WIFI_LAN = 5; + WIFI_AWARE = 6; + NFC = 7; + WIFI_DIRECT = 8; + WEB_RTC = 9; + // 10 is reserved. + USB = 11; + } + + // Accompanies Medium.WIFI_HOTSPOT. + message WifiHotspotCredentials { + optional string ssid = 1; + optional string password = 2; + optional int32 port = 3; + optional string gateway = 4 [default = "0.0.0.0"]; + // This field can be a band or frequency + optional int32 frequency = 5 [default = -1]; + } + + // Accompanies Medium.WIFI_LAN. + message WifiLanSocket { + optional bytes ip_address = 1; + optional int32 wifi_port = 2; + } + + // Accompanies Medium.BLUETOOTH. + message BluetoothCredentials { + optional string service_name = 1; + optional string mac_address = 2; + } + + // Accompanies Medium.WIFI_AWARE. + message WifiAwareCredentials { + optional string service_id = 1; + optional bytes service_info = 2; + optional string password = 3; + } + + // Accompanies Medium.WIFI_DIRECT. + message WifiDirectCredentials { + optional string ssid = 1; + optional string password = 2; + optional int32 port = 3; + optional int32 frequency = 4; + optional string gateway = 5 [default = "0.0.0.0"]; + } + + // Accompanies Medium.WEB_RTC + message WebRtcCredentials { + optional string peer_id = 1; + optional LocationHint location_hint = 2; + } + + optional Medium medium = 1; + + // Exactly one of the following fields will be set. + optional WifiHotspotCredentials wifi_hotspot_credentials = 2; + optional WifiLanSocket wifi_lan_socket = 3; + optional BluetoothCredentials bluetooth_credentials = 4; + optional WifiAwareCredentials wifi_aware_credentials = 5; + optional WifiDirectCredentials wifi_direct_credentials = 6; + optional WebRtcCredentials web_rtc_credentials = 8; + + // Disable Encryption for this upgrade medium to improve throughput. + optional bool supports_disabling_encryption = 7; + + // An ack will be sent after the CLIENT_INTRODUCTION frame. + optional bool supports_client_introduction_ack = 9; + } + + // Accompanies CLIENT_INTRODUCTION events. + message ClientIntroduction { + optional string endpoint_id = 1; + optional bool supports_disabling_encryption = 2; + } + + // Accompanies CLIENT_INTRODUCTION_ACK events. + message ClientIntroductionAck {} + + optional EventType event_type = 1; + + // Exactly one of the following fields will be set. + optional UpgradePathInfo upgrade_path_info = 2; + optional ClientIntroduction client_introduction = 3; + optional ClientIntroductionAck client_introduction_ack = 4; +} + +message KeepAliveFrame { + // And ack will be sent after receiving KEEP_ALIVE frame. + optional bool ack = 1; +} + +// Informs the remote side to immediately severe the socket connection. +// Used in bandwidth upgrades to get around a race condition, but may be used +// in other situations to trigger a faster disconnection event than waiting for +// socket closed on the remote side. +message DisconnectionFrame { + // Apply safe-to-disconnect protocol if true. + optional bool request_safe_to_disconnect = 1; + + // Ack of receiving Disconnection frame will be sent to the sender + // frame. + optional bool ack_safe_to_disconnect = 2; +} + +// A paired key encryption packet sent between devices, contains signed data. +message PairedKeyEncryptionFrame { + // The encrypted data (raw authentication token for the established + // connection) in byte array format. + optional bytes signed_data = 1; +} + +message MediumMetadata { + // True if local device supports 5GHz. + optional bool supports_5_ghz = 1; + // WiFi LAN BSSID, in the form of a six-byte MAC address: XX:XX:XX:XX:XX:XX + optional string bssid = 2; + // IP address, in network byte order: the highest order byte of the address is + // in byte[0]. + optional bytes ip_address = 3; + // True if local device supports 6GHz. + optional bool supports_6_ghz = 4; + // True if local device has mobile radio. + optional bool mobile_radio = 5; + // The frequency of the WiFi LAN AP(in MHz). Or -1 is not associated with an + // AP over WiFi, -2 represents the active network uses an Ethernet transport. + optional int32 ap_frequency = 6 [default = -1]; + // Available channels on the local device. + optional AvailableChannels available_channels = 7; + // Usable WiFi Direct client channels on the local device. + optional WifiDirectCliUsableChannels wifi_direct_cli_usable_channels = 8; + // Usable WiFi LAN channels on the local device. + optional WifiLanUsableChannels wifi_lan_usable_channels = 9; + // Usable WiFi Aware channels on the local device. + optional WifiAwareUsableChannels wifi_aware_usable_channels = 10; + // Usable WiFi Hotspot STA channels on the local device. + optional WifiHotspotStaUsableChannels wifi_hotspot_sta_usable_channels = 11; +} + +// Available channels on the local device. +message AvailableChannels { + repeated int32 channels = 1 [packed = true]; +} + +// Usable WiFi Direct client channels on the local device. +message WifiDirectCliUsableChannels { + repeated int32 channels = 1 [packed = true]; +} + +// Usable WiFi LAN channels on the local device. +message WifiLanUsableChannels { + repeated int32 channels = 1 [packed = true]; +} + +// Usable WiFi Aware channels on the local device. +message WifiAwareUsableChannels { + repeated int32 channels = 1 [packed = true]; +} + +// Usable WiFi Hotspot STA channels on the local device. +message WifiHotspotStaUsableChannels { + repeated int32 channels = 1 [packed = true]; +} + +// LocationHint is used to specify a location as well as format. +message LocationHint { + // Location is the location, provided in the format specified by format. + optional string location = 1; + + // the format of location. + optional LocationStandard.Format format = 2; +} + +message LocationStandard { + enum Format { + UNKNOWN = 0; + // E164 country codes: + // https://en.wikipedia.org/wiki/List_of_country_calling_codes + // e.g. +1 for USA + E164_CALLING = 1; + + // ISO 3166-1 alpha-2 country codes: + // https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 + ISO_3166_1_ALPHA_2 = 2; + } +} + +// Device capability for OS information. +message OsInfo { + enum OsType { + UNKNOWN_OS_TYPE = 0; + ANDROID = 1; + CHROME_OS = 2; + WINDOWS = 3; + APPLE = 4; + LINUX = 100; // g3 test environment + } + + optional OsType type = 1; +} diff --git a/src/proto_src/securegcm.proto b/src/proto_src/securegcm.proto new file mode 100644 index 0000000..0325f06 --- /dev/null +++ b/src/proto_src/securegcm.proto @@ -0,0 +1,308 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto2"; + +package securegcm; + +option optimize_for = LITE_RUNTIME; +option java_package = "com.google.security.cryptauth.lib.securegcm"; +option java_outer_classname = "SecureGcmProto"; +option objc_class_prefix = "SGCM"; + +// Message used only during enrollment +// Field numbers should be kept in sync with DeviceInfo in: +// java/com/google/security/cryptauth/backend/services/common/common.proto +message GcmDeviceInfo { + // This field's name does not match the one in DeviceInfo for legacy reasons. + // Consider using long_device_id and device_type instead when enrolling + // non-android devices. + optional fixed64 android_device_id = 1; + + // Used for device_address of DeviceInfo field 2, but for GCM capable devices. + optional bytes gcm_registration_id = 102; + + // Used for device_address of DeviceInfo field 2, but for iOS devices. + optional bytes apn_registration_id = 202; + + // Does the user have notifications enabled for the given device address. + optional bool notification_enabled = 203 [default = true]; + + // Used for device_address of DeviceInfo field 2, a Bluetooth Mac address for + // the device (e.g., to be used with EasyUnlock) + optional string bluetooth_mac_address = 302; + + // SHA-256 hash of the device master key (from the key exchange). + // Differs from DeviceInfo field 3, which contains the actual master key. + optional bytes device_master_key_hash = 103; + + // A SecureMessage.EcP256PublicKey + required bytes user_public_key = 4; + + // device's model name + // (e.g., an android.os.Build.MODEL or UIDevice.model) + optional string device_model = 7; + + // device's locale + optional string locale = 8; + + // The handle for user_public_key (and implicitly, a master key) + optional bytes key_handle = 9; + + // The initial counter value for the device, sent by the device + optional int64 counter = 12 [default = 0]; + + // The Operating System version on the device + // (e.g., an android.os.Build.DISPLAY or UIDevice.systemVersion) + optional string device_os_version = 13; + + // The Operating System version number on the device + // (e.g., an android.os.Build.VERSION.SDK_INT) + optional int64 device_os_version_code = 14; + + // The Operating System release on the device + // (e.g., an android.os.Build.VERSION.RELEASE) + optional string device_os_release = 15; + + // The Operating System codename on the device + // (e.g., an android.os.Build.VERSION.CODENAME or UIDevice.systemName) + optional string device_os_codename = 16; + + // The software version running on the device + // (e.g., Authenticator app version string) + optional string device_software_version = 17; + + // The software version number running on the device + // (e.g., Authenticator app version code) + optional int64 device_software_version_code = 18; + + // Software package information if applicable + // (e.g., com.google.android.apps.authenticator2) + optional string device_software_package = 19; + + // Size of the display in thousandths of an inch (e.g., 7000 mils = 7 in) + optional int32 device_display_diagonal_mils = 22; + + // For Authzen capable devices, their Authzen protocol version + optional int32 device_authzen_version = 24; + + // Not all devices have device identifiers that fit in 64 bits. + optional bytes long_device_id = 29; + + // The device manufacturer name + // (e.g., android.os.Build.MANUFACTURER) + optional string device_manufacturer = 31; + + // Used to indicate which type of device this is. + optional DeviceType device_type = 32 [default = ANDROID]; + + // Fields corresponding to screenlock type/features and hardware features + // should be numbered in the 400 range. + + // Is this device using a secure screenlock (e.g., pattern or pin unlock) + optional bool using_secure_screenlock = 400 [default = false]; + + // Is auto-unlocking the screenlock (e.g., when at "home") supported? + optional bool auto_unlock_screenlock_supported = 401 [default = false]; + + // Is auto-unlocking the screenlock (e.g., when at "home") enabled? + optional bool auto_unlock_screenlock_enabled = 402 [default = false]; + + // Does the device have a Bluetooth (classic) radio? + optional bool bluetooth_radio_supported = 403 [default = false]; + + // Is the Bluetooth (classic) radio on? + optional bool bluetooth_radio_enabled = 404 [default = false]; + + // Does the device hardware support a mobile data connection? + optional bool mobile_data_supported = 405 [default = false]; + + // Does the device support tethering? + optional bool tethering_supported = 406 [default = false]; + + // Does the device have a BLE radio? + optional bool ble_radio_supported = 407 [default = false]; + + // Is the device a "Pixel Experience" Android device? + optional bool pixel_experience = 408 [default = false]; + + // Is the device running in the ARC++ container on a chromebook? + optional bool arc_plus_plus = 409 [default = false]; + + // Is the value set in |using_secure_screenlock| reliable? On some Android + // devices, the platform API to get the screenlock state is not trustworthy. + // See b/32212161. + optional bool is_screenlock_state_flaky = 410 [default = false]; + + // A list of multi-device software features supported by the device. + repeated SoftwareFeature supported_software_features = 411; + + // A list of multi-device software features currently enabled (active) on the + // device. + repeated SoftwareFeature enabled_software_features = 412; + + // The enrollment session id this is sent with + optional bytes enrollment_session_id = 1000; + + // A copy of the user's OAuth token + optional string oauth_token = 1001; +} + +// This enum is used by iOS devices as values for device_display_diagonal_mils +// in GcmDeviceInfo. There is no good way to calculate it on those devices. +enum AppleDeviceDiagonalMils { + // This is the mils diagonal on an iPhone 5. + APPLE_PHONE = 4000; + // This is the mils diagonal on an iPad mini. + APPLE_PAD = 7900; +} + +// This should be kept in sync with DeviceType in: +// java/com/google/security/cryptauth/backend/services/common/common_enums.proto +enum DeviceType { + UNKNOWN = 0; + ANDROID = 1; + CHROME = 2; + IOS = 3; + BROWSER = 4; + OSX = 5; +} + +// MultiDevice features which may be supported and enabled on a device. See +enum SoftwareFeature { + UNKNOWN_FEATURE = 0; + BETTER_TOGETHER_HOST = 1; + BETTER_TOGETHER_CLIENT = 2; + EASY_UNLOCK_HOST = 3; + EASY_UNLOCK_CLIENT = 4; + MAGIC_TETHER_HOST = 5; + MAGIC_TETHER_CLIENT = 6; + SMS_CONNECT_HOST = 7; + SMS_CONNECT_CLIENT = 8; +} + +// A list of "reasons" that can be provided for calling server-side APIs. +// This is particularly important for calls that can be triggered by different +// kinds of events. Please try to keep reasons as generic as possible, so that +// codes can be re-used by various callers in a sensible fashion. +enum InvocationReason { + REASON_UNKNOWN = 0; + // First run of the software package invoking this call + REASON_INITIALIZATION = 1; + // Ordinary periodic actions (e.g. monthly master key rotation) + REASON_PERIODIC = 2; + // Slow-cycle periodic action (e.g. yearly keypair rotation???) + REASON_SLOW_PERIODIC = 3; + // Fast-cycle periodic action (e.g. daily sync for Smart Lock users) + REASON_FAST_PERIODIC = 4; + // Expired state (e.g. expired credentials, or cached entries) was detected + REASON_EXPIRATION = 5; + // An unexpected protocol failure occurred (so attempting to repair state) + REASON_FAILURE_RECOVERY = 6; + // A new account has been added to the device + REASON_NEW_ACCOUNT = 7; + // An existing account on the device has been changed + REASON_CHANGED_ACCOUNT = 8; + // The user toggled the state of a feature (e.g. Smart Lock enabled via BT) + REASON_FEATURE_TOGGLED = 9; + // A "push" from the server caused this action (e.g. a sync tickle) + REASON_SERVER_INITIATED = 10; + // A local address change triggered this (e.g. GCM registration id changed) + REASON_ADDRESS_CHANGE = 11; + // A software update has triggered this + REASON_SOFTWARE_UPDATE = 12; + // A manual action by the user triggered this (e.g. commands sent via adb) + REASON_MANUAL = 13; + // A custom key has been invalidated on the device (e.g. screen lock is + // disabled). + REASON_CUSTOM_KEY_INVALIDATION = 14; + // Periodic action triggered by auth_proximity + REASON_PROXIMITY_PERIODIC = 15; +} + +enum Type { + ENROLLMENT = 0; + TICKLE = 1; + TX_REQUEST = 2; + TX_REPLY = 3; + TX_SYNC_REQUEST = 4; + TX_SYNC_RESPONSE = 5; + TX_PING = 6; + DEVICE_INFO_UPDATE = 7; + TX_CANCEL_REQUEST = 8; + + // DEPRECATED (can be re-used after Aug 2015) + PROXIMITYAUTH_PAIRING = 10; + + // The kind of identity assertion generated by a "GCM V1" device (i.e., + // an Android phone that has registered with us a public and a symmetric + // key) + GCMV1_IDENTITY_ASSERTION = 11; + + // Device-to-device communications are protected by an unauthenticated + // Diffie-Hellman exchange. The InitiatorHello message is simply the + // initiator's public DH key, and is not encoded as a SecureMessage, so + // it doesn't have a tag. + // The ResponderHello message (which is sent by the responder + // to the initiator), on the other hand, carries a payload that is protected + // by the derived shared key. It also contains the responder's + // public DH key. ResponderHelloAndPayload messages have the + // DEVICE_TO_DEVICE_RESPONDER_HELLO tag. + DEVICE_TO_DEVICE_RESPONDER_HELLO_PAYLOAD = 12; + + // Device-to-device communications are protected by an unauthenticated + // Diffie-Hellman exchange. Once the initiator and responder + // agree on a shared key (through Diffie-Hellman), they will use messages + // tagged with DEVICE_TO_DEVICE_MESSAGE to exchange data. + DEVICE_TO_DEVICE_MESSAGE = 13; + + // Notification to let a device know it should contact a nearby device. + DEVICE_PROXIMITY_CALLBACK = 14; + + // Device-to-device communications are protected by an unauthenticated + // Diffie-Hellman exchange. During device-to-device authentication, the first + // message from initiator (the challenge) is signed and put into the payload + // of the message sent back to the initiator. + UNLOCK_KEY_SIGNED_CHALLENGE = 15; + + // Specialty (corp only) features + LOGIN_NOTIFICATION = 101; +} + +message GcmMetadata { + required Type type = 1; + optional int32 version = 2 [default = 0]; +} + +message Tickle { + // Time after which this tickle should expire + optional fixed64 expiry_time = 1; +} + +message LoginNotificationInfo { + // Time at which the server received the login notification request. + optional fixed64 creation_time = 2; + + // Must correspond to user_id in LoginNotificationRequest, if set. + optional string email = 3; + + // Host where the user's credentials were used to login, if meaningful. + optional string host = 4; + + // Location from where the user's credentials were used, if meaningful. + optional string source = 5; + + // Type of login, e.g. ssh, gnome-screensaver, or web. + optional string event_type = 6; +} diff --git a/src/proto_src/securemessage.proto b/src/proto_src/securemessage.proto new file mode 100644 index 0000000..5118d35 --- /dev/null +++ b/src/proto_src/securemessage.proto @@ -0,0 +1,126 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Proto definitions for SecureMessage format + +syntax = "proto2"; + +package securemessage; + +option optimize_for = LITE_RUNTIME; +option java_package = "com.google.security.cryptauth.lib.securemessage"; +option java_outer_classname = "SecureMessageProto"; +option objc_class_prefix = "SMSG"; + +message SecureMessage { + // Must contain a HeaderAndBody message + required bytes header_and_body = 1; + // Signature of header_and_body + required bytes signature = 2; +} + +// Supported "signature" schemes (both symmetric key and public key based) +enum SigScheme { + HMAC_SHA256 = 1; + ECDSA_P256_SHA256 = 2; + // Not recommended -- use ECDSA_P256_SHA256 instead + RSA2048_SHA256 = 3; +} + +// Supported encryption schemes +enum EncScheme { + // No encryption + NONE = 1; + AES_256_CBC = 2; +} + +message Header { + required SigScheme signature_scheme = 1; + required EncScheme encryption_scheme = 2; + // Identifies the verification key + optional bytes verification_key_id = 3; + // Identifies the decryption key + optional bytes decryption_key_id = 4; + // Encryption may use an IV + optional bytes iv = 5; + // Arbitrary per-protocol public data, to be sent with the plain-text header + optional bytes public_metadata = 6; + // The length of some associated data this is not sent in this SecureMessage, + // but which will be bound to the signature. + optional uint32 associated_data_length = 7 [default = 0]; +} + +message HeaderAndBody { + // Public data about this message (to be bound in the signature) + required Header header = 1; + // Payload data + required bytes body = 2; +} + +// Must be kept wire-format compatible with HeaderAndBody. Provides the +// SecureMessage code with a consistent wire-format representation that +// remains stable irrespective of protobuf implementation choices. This +// low-level representation of a HeaderAndBody should not be used by +// any code outside of the SecureMessage library implementation/tests. +message HeaderAndBodyInternal { + // A raw (wire-format) byte encoding of a Header, suitable for hashing + required bytes header = 1; + // Payload data + required bytes body = 2; +} + +// ------- +// The remainder of the messages defined here are provided only for +// convenience. They are not needed for SecureMessage proper, but are +// commonly useful wherever SecureMessage might be applied. +// ------- + +// A list of supported public key types +enum PublicKeyType { + EC_P256 = 1; + RSA2048 = 2; + // 2048-bit MODP group 14, from RFC 3526 + DH2048_MODP = 3; +} + +// A convenience proto for encoding NIST P-256 elliptic curve public keys +message EcP256PublicKey { + // x and y are encoded in big-endian two's complement (slightly wasteful) + // Client MUST verify (x,y) is a valid point on NIST P256 + required bytes x = 1; + required bytes y = 2; +} + +// A convenience proto for encoding RSA public keys with small exponents +message SimpleRsaPublicKey { + // Encoded in big-endian two's complement + required bytes n = 1; + optional int32 e = 2 [default = 65537]; +} + +// A convenience proto for encoding Diffie-Hellman public keys, +// for use only when Elliptic Curve based key exchanges are not possible. +// (Note that the group parameters must be specified separately) +message DhPublicKey { + // Big-endian two's complement encoded group element + required bytes y = 1; +} + +message GenericPublicKey { + required PublicKeyType type = 1; + optional EcP256PublicKey ec_p256_public_key = 2; + optional SimpleRsaPublicKey rsa2048_public_key = 3; + // Use only as a last resort + optional DhPublicKey dh2048_public_key = 4; +} diff --git a/src/proto_src/ukey.proto b/src/proto_src/ukey.proto new file mode 100644 index 0000000..327d8d3 --- /dev/null +++ b/src/proto_src/ukey.proto @@ -0,0 +1,105 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto2"; + +package securegcm; + +option optimize_for = LITE_RUNTIME; +option java_package = "com.google.security.cryptauth.lib.securegcm"; +option java_outer_classname = "UkeyProto"; + +message Ukey2Message { + enum Type { + UNKNOWN_DO_NOT_USE = 0; + ALERT = 1; + CLIENT_INIT = 2; + SERVER_INIT = 3; + CLIENT_FINISH = 4; + } + + optional Type message_type = 1; // Identifies message type + optional bytes message_data = 2; // Actual message, to be parsed according to + // message_type +} + +message Ukey2Alert { + enum AlertType { + // Framing errors + BAD_MESSAGE = 1; // The message could not be deserialized + BAD_MESSAGE_TYPE = 2; // message_type has an undefined value + INCORRECT_MESSAGE = 3; // message_type received does not correspond to + // expected type at this stage of the protocol + BAD_MESSAGE_DATA = 4; // Could not deserialize message_data as per + // value inmessage_type + + // ClientInit and ServerInit errors + BAD_VERSION = 100; // version is invalid; server cannot find + // suitable version to speak with client. + BAD_RANDOM = 101; // Random data is missing or of incorrect + // length + BAD_HANDSHAKE_CIPHER = 102; // No suitable handshake ciphers were found + BAD_NEXT_PROTOCOL = 103; // The next protocol is missing, unknown, or + // unsupported + BAD_PUBLIC_KEY = 104; // The public key could not be parsed + + // Other errors + INTERNAL_ERROR = 200; // An internal error has occurred. error_message + // may contain additional details for logging + // and debugging. + } + + optional AlertType type = 1; + optional string error_message = 2; +} + +enum Ukey2HandshakeCipher { + RESERVED = 0; + P256_SHA512 = 100; // NIST P-256 used for ECDH, SHA512 used for + // commitment + CURVE25519_SHA512 = 200; // Curve 25519 used for ECDH, SHA512 used for + // commitment +} + +message Ukey2ClientInit { + optional int32 version = 1; // highest supported version for rollback + // protection + optional bytes random = 2; // random bytes for replay/reuse protection + + // One commitment (hash of ClientFinished containing public key) per supported + // cipher + message CipherCommitment { + optional Ukey2HandshakeCipher handshake_cipher = 1; + optional bytes commitment = 2; + } + repeated CipherCommitment cipher_commitments = 3; + + // Next protocol that the client wants to speak. + optional string next_protocol = 4; +} + +message Ukey2ServerInit { + optional int32 version = 1; // highest supported version for rollback + // protection + optional bytes random = 2; // random bytes for replay/reuse protection + + // Selected Cipher and corresponding public key + optional Ukey2HandshakeCipher handshake_cipher = 3; + optional bytes public_key = 4; +} + +message Ukey2ClientFinished { + optional bytes public_key = 1; // public key matching selected handshake + // cipher +} diff --git a/src/proto_src/wire_format.proto b/src/proto_src/wire_format.proto new file mode 100644 index 0000000..6853e22 --- /dev/null +++ b/src/proto_src/wire_format.proto @@ -0,0 +1,236 @@ +// Copyright 2020 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Brought from: //depot/google3/location/nearby/sharing/proto/wire_format.proto +// At CL 317565061 + +syntax = "proto2"; + +package sharing.nearby; + +// Required in Chrome. +option optimize_for = LITE_RUNTIME; + +// File metadata. Does not include the actual bytes of the file. +// NEXT_ID=6 +message FileMetadata { + enum Type { + UNKNOWN = 0; + IMAGE = 1; + VIDEO = 2; + APP = 3; + AUDIO = 4; + } + + // The human readable name of this file (eg. 'Cookbook.pdf'). + optional string name = 1; + + // The type of file (eg. 'IMAGE' from 'dog.jpg'). Specifying a type helps + // provide a richer experience on the receiving side. + optional Type type = 2 [default = UNKNOWN]; + + // The FILE payload id that will be sent as a follow up containing the actual + // bytes of the file. + optional int64 payload_id = 3; + + // The total size of the file. + optional int64 size = 4; + + // The mimeType of file (eg. 'image/jpeg' from 'dog.jpg'). Specifying a + // mimeType helps provide a richer experience on receiving side. + optional string mime_type = 5 [default = "application/octet-stream"]; + + // A uuid for the attachment. Should be unique across all attachments. + optional int64 id = 6; +} + +// NEXT_ID=5 +message TextMetadata { + enum Type { + UNKNOWN = 0; + TEXT = 1; + // Open with browsers. + URL = 2; + // Open with map apps. + ADDRESS = 3; + // Dial. + PHONE_NUMBER = 4; + } + + // The title of the text content. + optional string text_title = 2; + + // The type of text (phone number, url, address, or plain text). + optional Type type = 3 [default = UNKNOWN]; + + // The BYTE payload id that will be sent as a follow up containing the actual + // bytes of the text. + optional int64 payload_id = 4; + + // The size of the text content. + optional int64 size = 5; + + // A uuid for the attachment. Should be unique across all attachments. + optional int64 id = 6; +} + +// NEXT_ID=5 +message WifiCredentialsMetadata { + enum SecurityType { + UNKNOWN_SECURITY_TYPE = 0; + OPEN = 1; + WPA_PSK = 2; + WEP = 3; + } + + // The Wifi network name. This will be sent in introduction. + optional string ssid = 2; + + // The security type of network (OPEN, WPA_PSK, WEP). + optional SecurityType security_type = 3 [default = UNKNOWN_SECURITY_TYPE]; + + // The BYTE payload id that will be sent as a follow up containing the + // password. + optional int64 payload_id = 4; + + // A uuid for the attachment. Should be unique across all attachments. + optional int64 id = 5; +} + +// A frame used when sending messages over the wire. +// NEXT_ID=3 +message Frame { + enum Version { + UNKNOWN_VERSION = 0; + V1 = 1; + } + optional Version version = 1; + + // Right now there's only 1 version, but if there are more, exactly one of + // the following fields will be set. + optional V1Frame v1 = 2; +} + +// NEXT_ID=7 +message V1Frame { + enum FrameType { + UNKNOWN_FRAME_TYPE = 0; + INTRODUCTION = 1; + RESPONSE = 2; + PAIRED_KEY_ENCRYPTION = 3; + PAIRED_KEY_RESULT = 4; + CERTIFICATE_INFO = 5; + CANCEL = 6; + } + + optional FrameType type = 1; + + // Exactly one of the following fields will be set. + optional IntroductionFrame introduction = 2; + optional ConnectionResponseFrame connection_response = 3; + optional PairedKeyEncryptionFrame paired_key_encryption = 4; + optional PairedKeyResultFrame paired_key_result = 5; + optional CertificateInfoFrame certificate_info = 6; +} + +// An introduction packet sent by the sending side. Contains a list of files +// they'd like to share. +// NEXT_ID=4 +message IntroductionFrame { + repeated FileMetadata file_metadata = 1; + repeated TextMetadata text_metadata = 2; + // The required app package to open the content. May be null. + optional string required_package = 3; + repeated WifiCredentialsMetadata wifi_credentials_metadata = 4; +} + +// A response packet sent by the receiving side. Accepts or rejects the list of +// files. +// NEXT_ID=2 +message ConnectionResponseFrame { + enum Status { + UNKNOWN = 0; + ACCEPT = 1; + REJECT = 2; + NOT_ENOUGH_SPACE = 3; + UNSUPPORTED_ATTACHMENT_TYPE = 4; + TIMED_OUT = 5; + } + + // The receiving side's response. + optional Status status = 1; +} + +// A paired key encryption packet sent between devices, contains signed data. +// NEXT_ID=3 +message PairedKeyEncryptionFrame { + // The encrypted data in byte array format. + optional bytes signed_data = 1; + + // The hash of a certificate id. + optional bytes secret_id_hash = 2; + + // An optional encrypted data in byte array format. + optional bytes optional_signed_data = 3; +} + +// A paired key verification result packet sent between devices. +// NEXT_ID=2 +message PairedKeyResultFrame { + enum Status { + UNKNOWN = 0; + SUCCESS = 1; + FAIL = 2; + UNABLE = 3; + } + + // The verification result. + optional Status status = 1; +} + +// A package containing certificate info to be shared to remote device offline. +// NEXT_ID=2 +message CertificateInfoFrame { + // The public certificates to be shared with remote devices. + repeated PublicCertificate public_certificate = 1; +} + +// A public certificate from the local device. +// NEXT_ID=8 +message PublicCertificate { + // The unique id of the public certificate. + optional bytes secret_id = 1; + + // A bytes representation of a Secret Key owned by contact, to decrypt the + // metadata_key stored within the advertisement. + optional bytes authenticity_key = 2; + + // A bytes representation a public key of X509Certificate, owned by contact, + // to decrypt encrypted UKEY2 (from Nearby Connections API) as a hand shake in + // contact verification phase. + optional bytes public_key = 3; + + // The time in millis from epoch when this certificate becomes effective. + optional int64 start_time = 4; + + // The time in millis from epoch when this certificate expires. + optional int64 end_time = 5; + + // The encrypted metadata in bytes, contains personal information of the + // device/user who created this certificate. Needs to be decrypted into bytes, + // and converted back to EncryptedMetadata object to access fields. + optional bytes encrypted_metadata_bytes = 6; + + // The tag for verifying metadata_encryption_key. + optional bytes metadata_encryption_key_tag = 7; +} + +// NEXT_ID=3 +message WifiCredentials { + // Wi-Fi password. + optional string password = 1; + // True if the network is a hidden network that is not broadcasting its SSID. + // Default is false. + optional bool hidden_ssid = 2 [default = false]; +} \ No newline at end of file diff --git a/src/utils.rs b/src/utils.rs index 2c4cd56..53da937 100644 --- a/src/utils.rs +++ b/src/utils.rs @@ -1,6 +1,8 @@ use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine}; use rand::Rng; +use tokio::{io::AsyncReadExt, net::TcpStream}; +#[derive(Debug)] #[allow(dead_code)] pub enum DeviceType { Unknown = 0, @@ -9,6 +11,19 @@ pub enum DeviceType { Laptop = 3, } +#[allow(dead_code)] +impl DeviceType { + pub fn from_raw_value(value: i32) -> Self { + match value { + 0 => DeviceType::Unknown, + 1 => DeviceType::Phone, + 2 => DeviceType::Tablet, + 3 => DeviceType::Laptop, + _ => DeviceType::Unknown, + } + } +} + pub fn gen_mdns_name(endpoint_id: [u8; 4]) -> String { let mut name_b = Vec::new(); @@ -43,3 +58,13 @@ pub fn gen_mdns_endpoint_info(device_type: u8, device_name: &str) -> String { URL_SAFE_NO_PAD.encode(&record) } + +pub async fn stream_read_exact( + socket: &mut TcpStream, + buf: &mut [u8], +) -> Result<(), anyhow::Error> { + match socket.read_exact(buf).await { + Ok(_) => Ok(()), + Err(e) => Err(e.into()), + } +}