| … | |
… | |
| 6 | |
6 | |
| 7 | use AnyEvent::MP::Transport; |
7 | use AnyEvent::MP::Transport; |
| 8 | |
8 | |
| 9 | =head1 DESCRIPTION |
9 | =head1 DESCRIPTION |
| 10 | |
10 | |
| 11 | This implements the actual transport protocol for MP (it represents a |
11 | This module implements (and documents) the actual transport protocol for |
| 12 | single link), most of which is considered an implementation detail. |
12 | AEMP. |
| 13 | |
13 | |
| 14 | See the "PROTOCOL" section below if you want to write another client for |
14 | See the "PROTOCOL" section below if you want to write another client for |
| 15 | this protocol. |
15 | this protocol. |
| 16 | |
16 | |
| 17 | =head1 FUNCTIONS/METHODS |
17 | =head1 FUNCTIONS/METHODS |
| … | |
… | |
| 385 | |
385 | |
| 386 | =back |
386 | =back |
| 387 | |
387 | |
| 388 | =head1 PROTOCOL |
388 | =head1 PROTOCOL |
| 389 | |
389 | |
| 390 | The protocol is relatively simple, and consists of three phases which are |
390 | The AEMP protocol is relatively simple, and consists of three phases which |
| 391 | symmetrical for both sides: greeting (followed by optionally switching to |
391 | are symmetrical for both sides: greeting (followed by optionally switching |
| 392 | TLS mode), authentication and packet exchange. |
392 | to TLS mode), authentication and packet exchange. |
| 393 | |
393 | |
| 394 | the protocol is designed to allow both full-text and binary streams. |
394 | The protocol is designed to allow both full-text and binary streams. |
| 395 | |
395 | |
| 396 | The greeting consists of two text lines that are ended by either an ASCII |
396 | The greeting consists of two text lines that are ended by either an ASCII |
| 397 | CR LF pair, or a single ASCII LF (recommended). |
397 | CR LF pair, or a single ASCII LF (recommended). |
| 398 | |
398 | |
| 399 | =head2 GREETING |
399 | =head2 GREETING |
| 400 | |
400 | |
| 401 | All the lines until after authentication must not exceed 4kb in length, |
401 | All the lines until after authentication must not exceed 4kb in length, |
| 402 | including delimiter. Afterwards there is no limit on the packet size that |
402 | including line delimiter. Afterwards there is no limit on the packet size |
| 403 | can be received. |
403 | that can be received. |
| 404 | |
404 | |
| 405 | =head3 First Greeting Line |
405 | =head3 First Greeting Line |
| 406 | |
406 | |
| 407 | Example: |
407 | Example: |
| 408 | |
408 | |
| 409 | aemp;0;fec.4a7720fc;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256;json,storable;provider=AE-0.0 |
409 | aemp;0;rain;tls_md6_64_256,hmac_md6_64_256,tls_anon,cleartext;json,storable;timeout=12;peeraddr=10.0.0.1:48082 |
| 410 | |
410 | |
| 411 | The first line contains strings separated (not ended) by C<;> |
411 | The first line contains strings separated (not ended) by C<;> |
| 412 | characters. The first even ixtrings are fixed by the protocol, the |
412 | characters. The first five strings are fixed by the protocol, the |
| 413 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
413 | remaining strings are C<KEY=VALUE> pairs. None of them may contain C<;> |
| 414 | characters themselves. |
414 | characters themselves (when escaping is needed, use C<%3b> to represent |
|
|
415 | C<;> and C<%25> to represent C<%>)- |
| 415 | |
416 | |
| 416 | The fixed strings are: |
417 | The fixed strings are: |
| 417 | |
418 | |
| 418 | =over 4 |
419 | =over 4 |
| 419 | |
420 | |
| 420 | =item protocol identification |
421 | =item protocol identification |
| 421 | |
422 | |
| 422 | The constant C<aemp> to identify the protocol. |
423 | The constant C<aemp> to identify this protocol. |
| 423 | |
424 | |
| 424 | =item protocol version |
425 | =item protocol version |
| 425 | |
426 | |
| 426 | The protocol version supported by this end, currently C<0>. If the |
427 | The protocol version supported by this end, currently C<0>. If the |
| 427 | versions don't match then no communication is possible. Minor extensions |
428 | versions don't match then no communication is possible. Minor extensions |
| 428 | are supposed to be handled through additional key-value pairs. |
429 | are supposed to be handled through additional key-value pairs. |
| 429 | |
430 | |
| 430 | =item the node id |
431 | =item the node ID |
| 431 | |
432 | |
| 432 | This is the node ID of the connecting node. |
433 | This is the node ID of the connecting node. |
| 433 | |
434 | |
| 434 | =item the acceptable authentication methods |
435 | =item the acceptable authentication methods |
| 435 | |
436 | |
| 436 | A comma-separated list of authentication methods supported by the |
437 | A comma-separated list of authentication methods supported by the |
| 437 | node. Note that AnyEvent::MP supports a C<hex_secret> authentication |
438 | node. Note that AnyEvent::MP supports a C<hex_secret> authentication |
| 438 | method that accepts a cleartext password (hex-encoded), but will not use |
439 | method that accepts a clear-text password (hex-encoded), but will not use |
| 439 | this auth method itself. |
440 | this authentication method itself. |
| 440 | |
441 | |
| 441 | The receiving side should choose the first auth method it supports. |
442 | The receiving side should choose the first authentication method it |
|
|
443 | supports. |
| 442 | |
444 | |
| 443 | =item the acceptable framing formats |
445 | =item the acceptable framing formats |
| 444 | |
446 | |
| 445 | A comma-separated list of packet encoding/framign formats understood. The |
447 | A comma-separated list of packet encoding/framing formats understood. The |
| 446 | receiving side should choose the first framing format it supports for |
448 | receiving side should choose the first framing format it supports for |
| 447 | sending packets (which might be different from the format it has to accept). |
449 | sending packets (which might be different from the format it has to accept). |
| 448 | |
450 | |
| 449 | =back |
451 | =back |
| 450 | |
452 | |
| 451 | The remaining arguments are C<KEY=VALUE> pairs. The following key-value |
453 | The remaining arguments are C<KEY=VALUE> pairs. The following key-value |
| 452 | pairs are known at this time: |
454 | pairs are known at this time: |
| 453 | |
455 | |
| 454 | =over 4 |
456 | =over 4 |
| 455 | |
|
|
| 456 | =item provider=<module-version> |
|
|
| 457 | |
|
|
| 458 | The software provider for this implementation. For AnyEvent::MP, this is |
|
|
| 459 | C<AE-0.0> or whatever version it currently is at. |
|
|
| 460 | |
|
|
| 461 | =item peeraddr=<host>:<port> |
|
|
| 462 | |
|
|
| 463 | The peer address (socket address of the other side) as seen locally. |
|
|
| 464 | |
|
|
| 465 | =item tls=<major>.<minor> |
|
|
| 466 | |
|
|
| 467 | Indicates that the other side supports TLS (version should be 1.0) and |
|
|
| 468 | wishes to do a TLS handshake. |
|
|
| 469 | |
457 | |
| 470 | =item timeout=<seconds> |
458 | =item timeout=<seconds> |
| 471 | |
459 | |
| 472 | The amount of time after which this node should be detected as dead unless |
460 | The amount of time after which this node should be detected as dead unless |
| 473 | some data has been received. The node is responsible to send traffic |
461 | some data has been received. The node is responsible to send traffic |
| 474 | reasonably more often than this interval (such as every timeout minus five |
462 | reasonably more often than this interval (such as every timeout minus five |
| 475 | seconds). |
463 | seconds). |
|
|
464 | |
|
|
465 | =item provider=<module-version> |
|
|
466 | |
|
|
467 | The software provider for this implementation. For AnyEvent::MP, this is |
|
|
468 | C<AE-0.0> or whatever version it currently is at. |
|
|
469 | |
|
|
470 | =item peeraddr=<host>:<port> |
|
|
471 | |
|
|
472 | The peer address (socket address of the other side) as seen locally. |
|
|
473 | |
|
|
474 | =item tls=<major>.<minor> |
|
|
475 | |
|
|
476 | Indicates that the other side supports TLS (version should be 1.0) and |
|
|
477 | wishes to do a TLS handshake. |
| 476 | |
478 | |
| 477 | =back |
479 | =back |
| 478 | |
480 | |
| 479 | =head3 Second Greeting Line |
481 | =head3 Second Greeting Line |
| 480 | |
482 | |
| … | |
… | |
| 485 | characters. |
487 | characters. |
| 486 | |
488 | |
| 487 | I<< The two nonces B<must> be different, and an aemp implementation |
489 | I<< The two nonces B<must> be different, and an aemp implementation |
| 488 | B<must> check and fail when they are identical >>. |
490 | B<must> check and fail when they are identical >>. |
| 489 | |
491 | |
| 490 | Example of a nonce line: |
492 | Example of a nonce line (yes, it's random-looking because it is random |
|
|
493 | data): |
| 491 | |
494 | |
| 492 | p/I122ql7kJR8lumW3lXlXCeBnyDAvz8NQo3x5IFowE4 |
495 | 2XYhdG7/O6epFa4wuP0ujAEx1rXYWRcOypjUYK7eF6yWAQr7gwIN9m/2+mVvBrTPXz5GJDgfGm9d8QRABAbmAP/s |
| 493 | |
496 | |
| 494 | =head2 TLS handshake |
497 | =head2 TLS handshake |
| 495 | |
498 | |
| 496 | I<< If, after the handshake, both sides indicate interest in TLS, then the |
499 | I<< If, after the handshake, both sides indicate interest in TLS, then the |
| 497 | connection B<must> use TLS, or fail. >> |
500 | connection B<must> use TLS, or fail to continue. >> |
| 498 | |
501 | |
| 499 | Both sides compare their nonces, and the side who sent the lower nonce |
502 | Both sides compare their nonces, and the side who sent the lower nonce |
| 500 | value ("string" comparison on the raw octet values) becomes the client, |
503 | value ("string" comparison on the raw octet values) becomes the client, |
| 501 | and the one with the higher nonce the server. |
504 | and the one with the higher nonce the server. |
| 502 | |
505 | |
| … | |
… | |
| 524 | =over 4 |
527 | =over 4 |
| 525 | |
528 | |
| 526 | =item cleartext |
529 | =item cleartext |
| 527 | |
530 | |
| 528 | This is simply the shared secret, lowercase-hex-encoded. This method is of |
531 | This is simply the shared secret, lowercase-hex-encoded. This method is of |
| 529 | course very insecure, unless TLS is used, which is why this module will |
532 | course very insecure if TLS is not used (and not completely secure even |
| 530 | accept, but not generate, cleartext auth replies. |
533 | if TLS is used), which is why this module will accept, but not generate, |
|
|
534 | cleartext auth replies. |
| 531 | |
535 | |
| 532 | =item hmac_md6_64_256 |
536 | =item hmac_md6_64_256 |
| 533 | |
537 | |
| 534 | This method uses an MD6 HMAC with 64 bit blocksize and 256 bit hash. First, the shared secret |
538 | This method uses an MD6 HMAC with 64 bit blocksize and 256 bit hash, and |
| 535 | is hashed with MD6: |
539 | requires a shared secret. It is the preferred auth method when a shared |
|
|
540 | secret is available. |
|
|
541 | |
|
|
542 | First, the shared secret is hashed with MD6: |
| 536 | |
543 | |
| 537 | key = MD6 (secret) |
544 | key = MD6 (secret) |
| 538 | |
545 | |
| 539 | This secret is then used to generate the "local auth reply", by taking |
546 | This secret is then used to generate the "local auth reply", by taking |
| 540 | the two local greeting lines and the two remote greeting lines (without |
547 | the two local greeting lines and the two remote greeting lines (without |
| 541 | line endings), appending \012 to all of them, concatenating them and |
548 | line endings), appending \012 to all of them, concatenating them and |
| 542 | calculating the MD6 HMAC with the key. |
549 | calculating the MD6 HMAC with the key: |
| 543 | |
550 | |
| 544 | lauth = HMAC_MD6 key, "lgreeting1\012lgreeting2\012rgreeting1\012rgreeting2\012" |
551 | lauth = HMAC_MD6 key, "lgreeting1\012lgreeting2\012rgreeting1\012rgreeting2\012" |
| 545 | |
552 | |
| 546 | This authentication token is then lowercase-hex-encoded and sent to the |
553 | This authentication token is then lowercase-hex-encoded and sent to the |
| 547 | other side. |
554 | other side. |
| … | |
… | |
| 553 | |
560 | |
| 554 | This is the token that is expected from the other side. |
561 | This is the token that is expected from the other side. |
| 555 | |
562 | |
| 556 | =item tls_anon |
563 | =item tls_anon |
| 557 | |
564 | |
| 558 | This type is only valid iff TLS was enabled and the TLS handshake |
565 | This type is only valid I<iff> TLS was enabled and the TLS handshake |
| 559 | was successful. It has no authentication data, as the server/client |
566 | was successful. It has no authentication data, as the server/client |
| 560 | certificate was successfully verified. |
567 | certificate was successfully verified. |
| 561 | |
568 | |
| 562 | This authentication type is slightly less secure than the others, as it |
569 | This authentication type is somewhat insecure, as it allows a |
| 563 | allows a man-in-the-middle attacker to change some of the connection |
570 | man-in-the-middle attacker to change some of the connection parameters |
| 564 | parameters (such as the framing format), although there is no known attack |
571 | (such as the framing format), although there is no known attack that |
| 565 | that exploits this in a way that is worse than just denying the service. |
572 | exploits this in a way that is worse than just denying the service. |
| 566 | |
573 | |
| 567 | By default, this implementation accepts but uses this authentication |
574 | By default, this implementation accepts but never generates this auth |
| 568 | method. |
575 | reply. |
| 569 | |
576 | |
| 570 | =item tls_md6_64_256 |
577 | =item tls_md6_64_256 |
| 571 | |
578 | |
| 572 | This type is only valid iff TLS was enabled and the TLS handshake |
579 | This type is only valid I<iff> TLS was enabled and the TLS handshake was |
| 573 | was successful. |
580 | successful. |
| 574 | |
581 | |
| 575 | This authentication type simply calculates: |
582 | This authentication type simply calculates: |
| 576 | |
583 | |
| 577 | lauth = MD6 "rgreeting1\012rgreeting2\012lgreeting1\012lgreeting2\012" |
584 | lauth = MD6 "rgreeting1\012rgreeting2\012lgreeting1\012lgreeting2\012" |
| 578 | |
585 | |
| 579 | and lowercase-hex encodes the result and sends it as authentication |
586 | and lowercase-hex encodes the result and sends it as authentication |
| 580 | data. No shared secret is required (authentication is done by TLS). The |
587 | data. No shared secret is required (authentication is done by TLS). The |
| 581 | checksum solely exists to make tinkering with the greeting hard. |
588 | checksum exists only to make tinkering with the greeting hard. |
| 582 | |
589 | |
| 583 | =back |
590 | =back |
| 584 | |
591 | |
| 585 | =item the authentication data |
592 | =item the authentication data |
| 586 | |
593 | |
| … | |
… | |
| 588 | above. |
595 | above. |
| 589 | |
596 | |
| 590 | =item the framing protocol chosen |
597 | =item the framing protocol chosen |
| 591 | |
598 | |
| 592 | This must be one of the framing protocols offered by the other side in the |
599 | This must be one of the framing protocols offered by the other side in the |
| 593 | greeting. Each side must accept the choice of the other side. |
600 | greeting. Each side must accept the choice of the other side, and generate |
|
|
601 | packets in the format it chose itself. |
| 594 | |
602 | |
| 595 | =back |
603 | =back |
| 596 | |
604 | |
| 597 | Example of an authentication reply: |
605 | Example of an authentication reply: |
| 598 | |
606 | |
| … | |
… | |
| 607 | |
615 | |
| 608 | This is an actual protocol dump of a handshake, followed by a single data |
616 | This is an actual protocol dump of a handshake, followed by a single data |
| 609 | packet. The greater than/less than lines indicate the direction of the |
617 | packet. The greater than/less than lines indicate the direction of the |
| 610 | transfer only. |
618 | transfer only. |
| 611 | |
619 | |
| 612 | > aemp;0;nndKd+gn;10.0.0.1:4040;hmac_md6_64_256,cleartext;json,storable;provider=AE-0.0;peeraddr=127.0.0.1:1235 |
620 | > aemp;0;anon/57Cs1CggVJjzYaQp13XXg4;tls_md6_64_256,hmac_md6_64_256,tls_anon,cleartext;json,storable;provider=AE-0.8;timeout=12;peeraddr=10.0.0.17:4040 |
| 613 | > sRG8bbc4TDbkpvH8FTP4HBs87OhepH6VuApoZqXXskuG |
621 | > yLgdG1ov/02shVkVQer3wzeuywZK+oraTdEQBmIqWHaegxSGDG4g+HqogLQbvdypFOsoDWJ1Sh4ImV4DMhvUBwTK |
| 614 | < aemp;0;nmpKd+gh;127.0.0.1:1235,[::1]:1235;hmac_md6_64_256,cleartext;json,storable;provider=AE-0.0;peeraddr=127.0.0.1:58760 |
622 | |
| 615 | < dCEUcL/LJVSTJcx8byEsOzrwhzJYOq+L3YcopA5T6EAo |
623 | < aemp;0;ruth;tls_md6_64_256,hmac_md6_64_256,tls_anon,cleartext;json,storable;provider=AE-0.8;timeout=12;peeraddr=10.0.0.1:37108 |
| 616 | > hmac_md6_64_256;9513d4b258975accfcb2ab7532b83690e9c119a502c612203332a591c7237788;json |
624 | < +xMQXP8ElfNmuvEhsmcp+s2wCJOuQAsPxSg3d2Ewhs6gBnJz+ypVdWJ/wAVrXqlIJfLeVS/CBy4gEGkyWHSuVb1L |
| 617 | < hmac_md6_64_256;0298d6ba2240faabb2b2e881cf86b97d70a113ca74a87dc006f9f1e9d3010f90;json |
625 | |
| 618 | > ["","lookup","pinger","10.0.0.1:4040#nndKd+gn.a","resolved"] |
626 | > hmac_md6_64_256;5ad913855742ae5a03a5aeb7eafa4c78629de136bed6acd73eea36c9e98df44a;json |
|
|
627 | |
|
|
628 | < hmac_md6_64_256;84cd590976f794914c2ca26dac3a207a57a6798b9171289c114de07cf0c20401;json |
|
|
629 | < ["","AnyEvent::MP::_spawn","57Cs1CggVJjzYaQp13XXg4.c","AnyEvent::MP::Global::connect",0,"anon/57Cs1CggVJjzYaQp13XXg4"] |
|
|
630 | ... |
|
|
631 | |
|
|
632 | The shared secret in use was C<8ugxrtw6H5tKnfPWfaSr4HGhE8MoJXmzTT1BWq7sLutNcD0IbXprQlZjIbl7MBKoeklG3IEfY9GlJthC0pENzk>. |
| 619 | |
633 | |
| 620 | =head1 SEE ALSO |
634 | =head1 SEE ALSO |
| 621 | |
635 | |
| 622 | L<AnyEvent::MP>. |
636 | L<AnyEvent::MP>. |
| 623 | |
637 | |
