feature: Gets signing server and client infrastructure working.

2024-10-24 11:39:46 -04:00 · 2024-10-24 11:39:46 -04:00 · e527413faf
commit e527413faf
parent a5e479cc0c
13 changed files with 865 additions and 62 deletions
--- a/server/server.go
+++ b/server/server.go
@ -162,7 +162,54 @@ func (bismuth BismuthServer) HandleProxy(conn net.Conn) error {
 				return err
 			}

-			if packet[0] == core.InitiateForwarding {
+			switch packet[0] {
+			case core.GetSigningServers:
+				totalPacketContents := make([]byte, 1)
+				totalPacketContents[0] = core.GetSigningServers
+
+				for index, signServer := range bismuth.SigningServers {
+					totalPacketContents = append(totalPacketContents, []byte(signServer)...)
+
+					if index+1 != len(bismuth.SigningServers) {
+						totalPacketContents = append(totalPacketContents, '\n')
+					}
+				}
+
+				encryptedPacket, err := bismuth.encryptMessage(aead, totalPacketContents)
+
+				if err != nil {
+					return err
+				}
+
+				encryptedPacketLength := make([]byte, 3)
+				core.Int32ToInt24(encryptedPacketLength, uint32(len(encryptedPacket)))
+
+				conn.Write(encryptedPacketLength)
+				conn.Write(encryptedPacket)
+			case core.GetTrustedDomains:
+				totalPacketContents := make([]byte, 1)
+				totalPacketContents[0] = core.GetTrustedDomains
+
+				for index, trustedDomain := range bismuth.TrustedDomains {
+					totalPacketContents = append(totalPacketContents, []byte(trustedDomain)...)
+
+					if index+1 != len(bismuth.TrustedDomains) {
+						totalPacketContents = append(totalPacketContents, '\n')
+					}
+				}
+
+				encryptedPacket, err := bismuth.encryptMessage(aead, totalPacketContents)
+
+				if err != nil {
+					return err
+				}
+
+				encryptedPacketLength := make([]byte, 3)
+				core.Int32ToInt24(encryptedPacketLength, uint32(len(encryptedPacket)))
+
+				conn.Write(encryptedPacketLength)
+				conn.Write(encryptedPacket)
+			case core.InitiateForwarding:
 				bmConn := core.BismuthConn{
 					Aead:       aead,
 					PassedConn: conn,
@ -171,9 +218,13 @@ func (bismuth BismuthServer) HandleProxy(conn net.Conn) error {

 				bmConn.DoInitSteps()

+				metadata := ClientMetadata{
+					ClientPublicKey: clientPublicKey,
+				}
+
 				err := bismuth.HandleConnection(core.BismuthConnWrapped{
 					Bismuth: &bmConn,
-				})
+				}, &metadata)

 				return err
 			}
--- a/server/typing.go
+++ b/server/typing.go
@ -13,14 +13,24 @@ type BismuthServer struct {
 	// Private key to use for transmission
 	PrivateKey *crypto.Key

+	// GopenPGP instance
 	pgp *crypto.PGPHandle

 	// Algorithm to use for encryption (currently XChaCha20Poly1305 is the only option)
 	SymmetricEncryptionAlgorithm int
 	// Servers that are signing this server. If none, this server becomes self-signed
-	// in the clients eyes
+	// in the clients eyes.
 	SigningServers []string
+	// Domains that the certificate is authorized to use. This will be checked by the
+	// signing servers.
+	TrustedDomains []string

 	// Called after a successful handshake & connection.
-	HandleConnection func(conn net.Conn) error
+	HandleConnection func(conn net.Conn, metadata *ClientMetadata) error
+}
+
+// Metadata from the client that may be helpful for the server to have.
+type ClientMetadata struct {
+	// Client's public key
+	ClientPublicKey *crypto.Key
 }
--- a/server/utils.go
+++ b/server/utils.go
@ -4,7 +4,6 @@ import (
 	"crypto/cipher"
 	"crypto/rand"
 	"fmt"
-	"net"

 	"github.com/ProtonMail/gopenpgp/v3/crypto"
 )
@ -41,7 +40,7 @@ func (bismuth BismuthServer) decryptMessage(aead cipher.AEAD, encMsg []byte) ([]
 // Initializes a Bismuth server.
 //
 // Both `pubKey` and `privKey` are armored PGP public and private keys respectively.
-func NewBismuthServer(pubKey string, privKey string, signServers []string, encryptionAlgo int, connHandler func(conn net.Conn) error) (*BismuthServer, error) {
+func NewBismuthServer(pubKey string, privKey string, signServers []string, encryptionAlgo int) (*BismuthServer, error) {
 	publicKey, err := crypto.NewKeyFromArmored(pubKey)

 	if err != nil {
@ -59,7 +58,6 @@ func NewBismuthServer(pubKey string, privKey string, signServers []string, encry
 	bismuth := BismuthServer{
 		PublicKey:                    publicKey,
 		PrivateKey:                   privateKey,
-		HandleConnection:             connHandler,
 		SigningServers:               signServers,
 		SymmetricEncryptionAlgorithm: encryptionAlgo,
 		pgp:                          pgp,