| … | |
… | |
| 280 | |
280 | |
| 281 | sub error { |
281 | sub error { |
| 282 | my ($self, $msg) = @_; |
282 | my ($self, $msg) = @_; |
| 283 | |
283 | |
| 284 | if ($self->{node} && $self->{node}{transport} == $self) { |
284 | if ($self->{node} && $self->{node}{transport} == $self) { |
|
|
285 | $self->{node}->fail (transport_error => $msg); |
| 285 | $self->{node}->clr_transport; |
286 | $self->{node}->clr_transport; |
| 286 | } |
287 | } |
| 287 | $AnyEvent::MP::Base::WARN->("$self->{peerhost}:$self->{peerport}: $msg"); |
288 | $AnyEvent::MP::Base::WARN->("$self->{peerhost}:$self->{peerport}: $msg"); |
| 288 | $self->destroy; |
289 | $self->destroy; |
| 289 | } |
290 | } |
| … | |
… | |
| 326 | The greeting consists of two text lines that are ended by either an ASCII |
327 | The greeting consists of two text lines that are ended by either an ASCII |
| 327 | CR LF pair, or a single ASCII LF (recommended). |
328 | CR LF pair, or a single ASCII LF (recommended). |
| 328 | |
329 | |
| 329 | =head2 GREETING |
330 | =head2 GREETING |
| 330 | |
331 | |
|
|
332 | All the lines until after authentication must not exceed 4kb in length, |
|
|
333 | including delimiter. Afterwards there is no limit on the packet size that |
|
|
334 | can be received. |
|
|
335 | |
|
|
336 | =head3 First Greeting Line |
|
|
337 | |
|
|
338 | Example: |
|
|
339 | |
|
|
340 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
|
|
341 | |
| 331 | The first line contains strings separated (not ended) by C<;> |
342 | The first line contains strings separated (not ended) by C<;> |
| 332 | characters. The first even ixtrings are fixed by the protocol, the |
343 | characters. The first even ixtrings are fixed by the protocol, the |
| 333 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
344 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
| 334 | characters themselves. |
345 | characters themselves. |
| 335 | |
346 | |
| 336 | All the lines until after authentication must not exceed 4kb in length, including delimiter. |
|
|
| 337 | |
|
|
| 338 | The fixed strings are: |
347 | The fixed strings are: |
| 339 | |
348 | |
| 340 | =over 4 |
349 | =over 4 |
| 341 | |
350 | |
| 342 | =item C<aemp> |
351 | =item protocol identification |
| 343 | |
352 | |
| 344 | The constant C<aemp> to identify the protocol. |
353 | The constant C<aemp> to identify the protocol. |
| 345 | |
354 | |
| 346 | =item protocol version |
355 | =item protocol version |
| 347 | |
356 | |
| 348 | The protocol version supported by this end, currently C<0>. If the |
357 | The protocol version supported by this end, currently C<0>. If the |
| 349 | versions don't match then no communication is possible. Minor extensions |
358 | versions don't match then no communication is possible. Minor extensions |
| 350 | are supposed to be handled by addign additional key-value pairs. |
359 | are supposed to be handled through additional key-value pairs. |
| 351 | |
360 | |
| 352 | =item a token uniquely identifying the current node instance |
361 | =item a token uniquely identifying the current node instance |
| 353 | |
362 | |
| 354 | This is a string that must change between restarts. It usually contains |
363 | This is a string that must change between restarts. It usually contains |
| 355 | things like the current time, the (OS) process id or similar values, but |
364 | things like the current time, the (OS) process id or similar values, but |
| … | |
… | |
| 396 | |
405 | |
| 397 | Indicates that the other side supports TLS (version should be 1.0) and |
406 | Indicates that the other side supports TLS (version should be 1.0) and |
| 398 | wishes to do a TLS handshake. |
407 | wishes to do a TLS handshake. |
| 399 | |
408 | |
| 400 | =back |
409 | =back |
|
|
410 | |
|
|
411 | =head3 Second Greeting Line |
| 401 | |
412 | |
| 402 | After this greeting line there will be a second line containing a |
413 | After this greeting line there will be a second line containing a |
| 403 | cryptographic nonce, i.e. random data of high quality. To keep the |
414 | cryptographic nonce, i.e. random data of high quality. To keep the |
| 404 | protocol text-only, these are usually 32 base64-encoded octets, but |
415 | protocol text-only, these are usually 32 base64-encoded octets, but |
| 405 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
416 | it could be anything that doesn't contain any ASCII CR or ASCII LF |
| 406 | characters. |
417 | characters. |
| 407 | |
418 | |
| 408 | Example of the two lines of greeting: |
419 | I<< The two nonces B<must> be different, and an aemp implementation |
|
|
420 | B<must> check and fail when they are identical >>. |
| 409 | |
421 | |
| 410 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
422 | Example of a nonce line: |
|
|
423 | |
| 411 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
424 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
| 412 | |
425 | |
| 413 | =head2 TLS handshake |
426 | =head2 TLS handshake |
| 414 | |
427 | |
| 415 | If, after the handshake, both sides indicate interest in TLS, then the |
428 | I<< If, after the handshake, both sides indicate interest in TLS, then the |
| 416 | connection I<must> use TLS, or fail. |
429 | connection B<must> use TLS, or fail.>> |
| 417 | |
430 | |
| 418 | Both sides compare their nonces, and the side who sent the lower nonce |
431 | Both sides compare their nonces, and the side who sent the lower nonce |
| 419 | value ("string" comparison on the raw octet values) becomes the client, |
432 | value ("string" comparison on the raw octet values) becomes the client, |
| 420 | and the one with the higher nonce the server. |
433 | and the one with the higher nonce the server. |
| 421 | |
434 | |
| … | |
… | |
| 480 | This must be one of the framing protocols offered by the other side in the |
493 | This must be one of the framing protocols offered by the other side in the |
| 481 | greeting. Each side must accept the choice of the other side. |
494 | greeting. Each side must accept the choice of the other side. |
| 482 | |
495 | |
| 483 | =back |
496 | =back |
| 484 | |
497 | |
| 485 | Example: |
498 | Example of an authentication reply: |
| 486 | |
499 | |
| 487 | hmac_md6_64_256;363d5175df38bd9eaddd3f6ca18aa1c0c4aa22f0da245ac638d048398c26b8d3;json |
500 | hmac_md6_64_256;363d5175df38bd9eaddd3f6ca18aa1c0c4aa22f0da245ac638d048398c26b8d3;json |
| 488 | |
501 | |
| 489 | =head2 DATA PHASE |
502 | =head2 DATA PHASE |
| 490 | |
503 | |
| 491 | After this, packets get exchanged using the chosen framing protocol. It is |
504 | After this, packets get exchanged using the chosen framing protocol. It is |
| 492 | quite possible that both sides use a different framing protocol. |
505 | quite possible that both sides use a different framing protocol. |
| 493 | |
506 | |
|
|
507 | =head2 FULL EXAMPLE |
|
|
508 | |
|
|
509 | This is an actual protocol dump of a handshake, followed by a single data |
|
|
510 | packet. The greater than/less than lines indicate the direction of the |
|
|
511 | transfer only. |
|
|
512 | |
|
|
513 | > aemp;0;nndKd+gn;10.0.0.1:4040;hmac_md6_64_256,cleartext;json,storable;provider=AE-0.0;peeraddr=127.0.0.1:1235 |
|
|
514 | > sRG8bbc4TDbkpvH8FTP4HBs87OhepH6VuApoZqXXskuG |
|
|
515 | < aemp;0;nmpKd+gh;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256,cleartext;json,storable;provider=AE-0.0;peeraddr=127.0.0.1:58760 |
|
|
516 | < dCEUcL/LJVSTJcx8byEsOzrwhzJYOq+L3YcopA5T6EAo |
|
|
517 | > hmac_md6_64_256;9513d4b258975accfcb2ab7532b83690e9c119a502c612203332a591c7237788;json |
|
|
518 | < hmac_md6_64_256;0298d6ba2240faabb2b2e881cf86b97d70a113ca74a87dc006f9f1e9d3010f90;json |
|
|
519 | > ["","lookup","pinger","10.0.0.1:4040#nndKd+gn.a","resolved"] |
|
|
520 | |
| 494 | =head1 SEE ALSO |
521 | =head1 SEE ALSO |
| 495 | |
522 | |
| 496 | L<AnyEvent>. |
523 | L<AnyEvent>. |
| 497 | |
524 | |
| 498 | =head1 AUTHOR |
525 | =head1 AUTHOR |
