--- AnyEvent-MP/MP/Transport.pm	2009/08/03 15:40:53	1.11
+++ AnyEvent-MP/MP/Transport.pm	2009/08/04 07:50:52	1.16
@@ -1,6 +1,6 @@
 =head1 NAME
 
-AnyEvent::MP::Transport - actual transport protocol
+AnyEvent::MP::Transport - actual transport protocol handler
 
 =head1 SYNOPSIS
 
@@ -8,8 +8,8 @@
 
 =head1 DESCRIPTION
 
-This is the superclass for MP transports, most of which is considered an
-implementation detail.
+This implements the actual transport protocol for MP (it represents a
+single link), most of which is considered an implementation detail.
 
 See the "PROTOCOL" section below if you want to write another client for
 this protocol.
@@ -113,7 +113,7 @@
 
 our @FRAMINGS = qw(json storable); # the framing types we accept and send, in order of preference
 our @AUTH_SND = qw(hmac_md6_64_256); # auth types we send
-our @AUTH_RCV = (@AUTH_SND, qw(hex_secret)); # auth types we accept
+our @AUTH_RCV = (@AUTH_SND, qw(cleartext)); # auth types we accept
 
 #AnyEvent::Handle::register_write_type mp_record => sub {
 #};
@@ -143,7 +143,6 @@
 
       $self->{hdl} = new AnyEvent::Handle
          fh       => delete $arg{fh},
-         rbuf_max => 64 * 1024,
          autocork => 1,
          no_delay => 1,
          on_error => sub {
@@ -160,26 +159,28 @@
       $greeting_kv->{peeraddr} = AnyEvent::Socket::format_hostport $self->{peerhost}, $self->{peerport};
 
       # send greeting
-      my $lgreeting1 = "aemp;$PROTOCOL_VERSION;$PROTOCOL_VERSION" # version, min
+      my $lgreeting1 = "aemp;$PROTOCOL_VERSION"
                      . ";$AnyEvent::MP::Base::UNIQ"
                      . ";$AnyEvent::MP::Base::NODE"
                      . ";" . (join ",", @AUTH_RCV)
                      . ";" . (join ",", @FRAMINGS)
                      . (join "", map ";$_=$greeting_kv->{$_}", keys %$greeting_kv);
+
       my $lgreeting2 = MIME::Base64::encode_base64 AnyEvent::MP::Base::nonce (33), "";
 
       $self->{hdl}->push_write ("$lgreeting1\012$lgreeting2\012");
 
       # expect greeting
+      $self->{hdl}->rbuf_max (4 * 1024);
       $self->{hdl}->push_read (line => sub {
          my $rgreeting1 = $_[1];
 
-         my ($aemp, $version, $version_min, $uniq, $rnode, $auths, $framings, @kv) = split /;/, $rgreeting1;
+         my ($aemp, $version, $uniq, $rnode, $auths, $framings, @kv) = split /;/, $rgreeting1;
 
          if ($aemp ne "aemp") {
             return $self->error ("unparsable greeting");
-         } elsif ($version_min > $PROTOCOL_VERSION) {
-            return $self->error ("version mismatch (we: $PROTOCOL_VERSION, they: $version_min .. $version)");
+         } elsif ($version != $PROTOCOL_VERSION) {
+            return $self->error ("version mismatch (we: $PROTOCOL_VERSION, they: $version)");
          }
 
          my $s_auth;
@@ -228,11 +229,11 @@
             require Digest::HMAC_MD6;
 
             my $key   = Digest::MD6::md6 ($secret);
-            my $lauth = Digest::HMAC_MD6::hmac_md6_base64 ($key, "$lgreeting1\012$lgreeting2\012$rgreeting1\012$rgreeting2\012", 64, 256);
+            my $lauth = Digest::HMAC_MD6::hmac_md6_hex ($key, "$lgreeting1\012$lgreeting2\012$rgreeting1\012$rgreeting2\012", 64, 256);
 
             my $rauth =
-               $s_auth eq "hmac_md6_64_256" ? Digest::HMAC_MD6::hmac_md6_base64 ($key, "$rgreeting1\012$rgreeting2\012$lgreeting1\012$lgreeting2\012", 64, 256)
-             : $s_auth eq "hex_secret"      ? unpack "H*", $secret
+               $s_auth eq "hmac_md6_64_256" ? Digest::HMAC_MD6::hmac_md6_hex ($key, "$rgreeting1\012$rgreeting2\012$lgreeting1\012$lgreeting2\012", 64, 256)
+             : $s_auth eq "cleartext"       ? unpack "H*", $secret
              : die;
 
             $lauth ne $rauth # echo attack?
@@ -240,7 +241,7 @@
 
             $self->{hdl}->push_write ("$s_auth;$lauth;$s_framing\012");
 
-            $self->{hdl}->rbuf_max (64); # enough for 44 reply bytes or so
+            # reasd the authentication response
             $self->{hdl}->push_read (line => sub {
                my ($hdl, $rline) = @_;
 
@@ -257,13 +258,16 @@
 
                $self->connected;
 
+               my $src_node = $self->{node};
+
                $hdl->push_write ($self->{s_framing} => $_)
                   for @$queue;
 
                my $rmsg; $rmsg = sub  {
                   $_[0]->push_read ($r_framing => $rmsg);
 
-                  AnyEvent::MP::Base::_inject ($_[1]);
+                  local $AnyEvent::MP::Base::SRCNODE = $src_node;
+                  AnyEvent::MP::Base::_inject (@{ $_[1] });
                };
                $hdl->push_read ($r_framing => $rmsg);
             });
@@ -324,12 +328,22 @@
 
 =head2 GREETING
 
+All the lines until after authentication must not exceed 4kb in length,
+including delimiter. Afterwards there is no limit on the packet size that
+can be received.
+
+=head3 First Greeting Line
+
+Example:
+
+   aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0
+
 The first line contains strings separated (not ended) by C<;>
-characters. The first seven strings are fixed by the protocol, the
+characters. The first even ixtrings are fixed by the protocol, the
 remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;>
 characters themselves.
 
-The seven fixed strings are:
+The fixed strings are:
 
 =over 4
 
@@ -339,11 +353,9 @@
 
 =item protocol version
 
-The (maximum) protocol version supported by this end, currently C<0>.
-
-=item minimum protocol version
-
-The minimum protocol version supported by this end, currently C<0>.
+The protocol version supported by this end, currently C<0>. If the
+versions don't match then no communication is possible. Minor extensions
+are supposed to be handled by addign additional key-value pairs.
 
 =item a token uniquely identifying the current node instance
 
@@ -395,21 +407,25 @@
 
 =back
 
+=head3 Second Greeting Line
+
 After this greeting line there will be a second line containing a
 cryptographic nonce, i.e. random data of high quality. To keep the
 protocol text-only, these are usually 32 base64-encoded octets, but
 it could be anything that doesn't contain any ASCII CR or ASCII LF
 characters.
 
-Example of the two lines of greeting:
+I<< The two nonces B<must> be different, and an aemp implementation
+B<must> check and fail when they are identical >>.
 
-   aemp;0;0;e7d.4a76f48f;10.0.0.1:4040;hmac_md6_64_256,hex_secret;json,storable;provider=AE-0.0;peeraddr=127.0.0.1:1235
-   XntegV2Guvss0qNn7phCPnoU87xqxV+4Mqm/5y4iQm6a
+Example of a nonce line:
+
+   p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4
 
 =head2 TLS handshake
 
-If, after the handshake, both sides indicate interest in TLS, then the
-connection I<must> use TLS, or fail.
+I<< If, after the handshake, both sides indicate interest in TLS, then the
+connection B<must> use TLS, or fail.>>
 
 Both sides compare their nonces, and the side who sent the lower nonce
 value ("string" comparison on the raw octet values) becomes the client,
@@ -430,9 +446,46 @@
 
 This must be one of the methods offered by the other side in the greeting.
 
+The currently supported authentication methods are:
+
+=over 4
+
+=item cleartext
+
+This is simply the shared secret, lowercase-hex-encoded. This method is of
+course very insecure, unless TLS is used, which is why this module will
+accept, but not generate, cleartext auth replies.
+
+=item hmac_md6_64_256
+
+This method uses an MD6 HMAC with 64 bit blocksize and 256 bit hash. First, the shared secret
+is hashed with MD6:
+
+   key = MD6 (secret)
+
+This secret is then used to generate the "local auth reply", by taking
+the two local greeting lines and the two remote greeting lines (without
+line endings), appending \012 to all of them, concatenating them and
+calculating the MD6 HMAC with the key.
+
+   lauth = HMAC_MD6 key, "lgreeting1\012lgreeting2\012rgreeting1\012rgreeting2\012"
+
+This authentication token is then lowercase-hex-encoded and sent to the
+other side.
+
+Then the remote auth reply is generated using the same method, but local
+and remote greeting lines swapped:
+
+   rauth = HMAC_MD6 key, "rgreeting1\012rgreeting2\012lgreeting1\012lgreeting2\012"
+
+This is the token that is expected from the other side.
+
+=back
+
 =item the authentication data
 
-The authentication data itself, usually base64 or hex-encoded data.
+The authentication data itself, usually base64 or hex-encoded data, see
+above.
 
 =item the framing protocol chosen
 
@@ -441,15 +494,29 @@
 
 =back
 
-Example (the actual reply matching the previous example):
+Example of an authentication reply:
 
-   hmac_md6_64_256;wIlLedBY956UCGSISG9mBZRDTG8xUi73/sVse2DSQp0;json
+   hmac_md6_64_256;363d5175df38bd9eaddd3f6ca18aa1c0c4aa22f0da245ac638d048398c26b8d3;json
 
 =head2 DATA PHASE
 
 After this, packets get exchanged using the chosen framing protocol. It is
 quite possible that both sides use a different framing protocol.
 
+=head2 FULL EXAMPLE
+
+This is an actual protocol dump of an handshake, followed by a single data
+packet. The greater than/less than lines indicate the direction of the
+transfer only.
+
+   > aemp;0;nndKd+gn;10.0.0.1:4040;hmac_md6_64_256,cleartext;json,storable;provider=AE-0.0;peeraddr=127.0.0.1:1235
+   > sRG8bbc4TDbkpvH8FTP4HBs87OhepH6VuApoZqXXskuG
+   < aemp;0;nmpKd+gh;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256,cleartext;json,storable;provider=AE-0.0;peeraddr=127.0.0.1:58760
+   < dCEUcL/LJVSTJcx8byEsOzrwhzJYOq+L3YcopA5T6EAo
+   > hmac_md6_64_256;9513d4b258975accfcb2ab7532b83690e9c119a502c612203332a591c7237788;json
+   < hmac_md6_64_256;0298d6ba2240faabb2b2e881cf86b97d70a113ca74a87dc006f9f1e9d3010f90;json
+   > ["","wkp","pinger","10.0.0.1:4040#nndKd+gn.a","resolved"]
+
 =head1 SEE ALSO
 
 L<AnyEvent>.