secure connection works

This commit is contained in:
open-trade 2022-01-20 15:41:11 +08:00
parent ce0f1f75de
commit 70c213a60a
3 changed files with 108 additions and 21 deletions

View File

@ -1,13 +1,13 @@
import Websock from "./websock";
import * as message from "./message.js";
import * as rendezvous from "./rendezvous.js";
import { loadVp9, loadOpus } from "./codec";
import * as globals from "./globals";
import Websock from './websock';
import * as message from './message.js';
import * as rendezvous from './rendezvous.js';
import { loadVp9, loadOpus } from './codec';
import * as globals from './globals';
const PORT = 21116;
const HOST = "rs-sg.rustdesk.com";
const licenceKey = "";
const SCHEMA = "ws://";
const HOST = 'rs-sg.rustdesk.com';
const licenceKey = '';
const SCHEMA = 'ws://';
export default class Connection {
_msgs: any[];
@ -38,7 +38,7 @@ export default class Connection {
await ws.open();
const connType = rendezvous.ConnType.DEFAULT_CONN;
const natType = rendezvous.NatType.SYMMETRIC;
const punchHoleRequest = rendezvous.PunchHoleRequest.fromJSON({
const punchHoleRequest = rendezvous.PunchHoleRequest.fromPartial({
id,
licenceKey,
connType,
@ -72,9 +72,9 @@ export default class Connection {
const uuid = rr.uuid;
const ws = new Websock(uri);
await ws.open();
console.log("Connected to relay server");
console.log('Connected to relay server');
this._ws = ws;
const requestRelay = rendezvous.RequestRelay.fromJSON({
const requestRelay = rendezvous.RequestRelay.fromPartial({
licenceKey,
uuid,
});
@ -85,8 +85,60 @@ export default class Connection {
async secure(pk: Uint8Array | undefined) {
if (pk) {
const RS_PK = 'OeVuKk5nlHiXp+APNn0Y3pC1Iwpwn44JGqrQCsWqmBw=';
let pk_id = await globals.verify(pk, RS_PK);
try {
pk = await globals.verify(pk, RS_PK).catch();
if (pk?.length != 32) {
pk = undefined;
}
} catch (e) {
console.error(e);
pk = undefined;
}
if (!pk) console.error('Handshake failed: invalid public key from rendezvous server');
}
if (!pk) {
// send an empty message out in case server is setting up secure and waiting for first message
await this._ws?.sendMessage({});
return;
}
const msg = this._ws?.parseMessage(await this._ws?.next());
let signedId: any = msg?.signedId;
if (!signedId) {
console.error("Handshake failed: invalid message type");
await this._ws?.sendMessage({});
return;
}
try {
signedId = await globals.verify(signedId.id, Uint8Array.from(pk!));
} catch (e) {
console.error(e);
// fall back to non-secure connection in case pk mismatch
console.error("pk mismatch, fall back to non-secure");
const publicKey = message.PublicKey.fromPartial({});
await this._ws?.sendMessage({ publicKey });
return;
}
signedId = new TextDecoder().decode(signedId!);
const tmp = signedId.split('\0');
const id = tmp[0];
let theirPk = tmp[1];
if (id != this._id!) {
console.error("Handshake failed: sign failure");
await this._ws?.sendMessage({});
return;
}
theirPk = globals.decodeBase64(theirPk);
if (theirPk.length != 32) {
console.error("Handshake failed: invalid public box key length from peer");
await this._ws?.sendMessage({});
return;
}
const [mySk, asymmetricValue] = globals.genBoxKeyPair();
const secretKey = globals.genSecretKey();
const symmetricValue = globals.seal(secretKey, theirPk, mySk);
const publicKey = message.PublicKey.fromPartial({ asymmetricValue, symmetricValue });
await this._ws?.sendMessage({ publicKey });
this._ws?.setSecretKey(secretKey)
}
}
@ -97,17 +149,17 @@ async function testDelay() {
}
function getDefaultUri(isRelay: Boolean = false): string {
const host = localStorage.getItem("host");
return SCHEMA + (host || HOST) + ":" + (PORT + (isRelay ? 3 : 2));
const host = localStorage.getItem('host');
return SCHEMA + (host || HOST) + ':' + (PORT + (isRelay ? 3 : 2));
}
function getrUriFromRs(uri: string): string {
if (uri.indexOf(":") > 0) {
const tmp = uri.split(":");
if (uri.indexOf(':') > 0) {
const tmp = uri.split(':');
const port = parseInt(tmp[1]);
uri = tmp[0] + ":" + (port + 2);
uri = tmp[0] + ':' + (port + 2);
} else {
uri += ":" + (PORT + 3);
uri += ':' + (PORT + 3);
}
return SCHEMA + uri;
}

View File

@ -23,8 +23,38 @@ export async function verify(signed, pk) {
await _sodium.ready;
sodium = _sodium;
}
pk = sodium.from_base64(pk, sodium.base64_variants.ORIGINAL);
if (typeof pk == 'string') {
pk = decodeBase64(pk);
}
return sodium.crypto_sign_open(signed, pk);
}
export function decodeBase64(pk) {
return sodium.from_base64(pk, sodium.base64_variants.ORIGINAL);
}
export function genBoxKeyPair() {
const pair = sodium.crypto_box_keypair();
const sk = pair.privateKey;
const pk = pair.publicKey;
return [sk, pk];
}
export function genSecretKey() {
return sodium.crypto_secretbox_keygen();
}
export function seal(unsigned, theirPk, ourSk) {
const nonce = Uint8Array.from(Array(24).fill(0));
return sodium.crypto_box_easy(unsigned, nonce, theirPk, ourSk);
}
export function encrypt(unsigned, nonce, key) {
return sodium.crypto_secretbox_easy(unsigned, nonce, key);
}
export function decrypt(signed, nonce, key) {
return sodium.crypto_secretbox_open_easy(signed, nonce, key);
}
window.startConn = startConn;

View File

@ -10,6 +10,7 @@ export default class Websock {
_buf: Uint8Array[];
_status: any;
_latency: number;
_secretKey: any;
constructor(uri: string) {
this._eventHandlers = {
@ -30,16 +31,20 @@ export default class Websock {
return this._latency;
}
setSecretKey(key: any) {
this._secretKey = key;
}
sendMessage(data: any) {
this._websocket.send(
message.Message.encode(message.Message.fromJSON(data)).finish()
message.Message.encode(message.Message.fromPartial(data)).finish()
);
}
sendRendezvous(data: any) {
this._websocket.send(
rendezvous.RendezvousMessage.encode(
rendezvous.RendezvousMessage.fromJSON(data)
rendezvous.RendezvousMessage.fromPartial(data)
).finish()
);
}