mailbox: add mailbox package

Author: guggero

go.mod

@@ -1,26 +1,19 @@
 module github.com/lightninglabs/terminal-connect
 
 require (
-	github.com/golang/protobuf v1.4.3
-	github.com/grpc-ecosystem/grpc-gateway v1.14.3
-	golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 // indirect
-	golang.org/x/sys v0.0.0-20210426080607-c94f62235c83 // indirect
-	golang.org/x/text v0.3.3 // indirect
-	google.golang.org/grpc v1.29.1
-	google.golang.org/protobuf v1.23.0
+	github.com/btcsuite/btcd v0.21.0-beta.0.20210513141527-ee5896bad5be
+	github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f
+	github.com/golang/protobuf v1.5.2
+	github.com/grpc-ecosystem/grpc-gateway v1.16.0
+	github.com/kkdai/bstream v0.0.0-20181106074824-b3251f7901ec
+	github.com/lightningnetwork/lnd v0.13.0-beta.rc5.0.20210727141148-c3962528e29f
+	github.com/stretchr/testify v1.7.0
+	golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0
+	google.golang.org/grpc v1.38.0
+	google.golang.org/protobuf v1.26.0
+	nhooyr.io/websocket v1.8.7
 )
 
 replace git.schwanenlied.me/yawning/bsaes.git => github.com/Yawning/bsaes v0.0.0-20180720073208-c0276d75487e
 
-// Fix incompatibility of etcd go.mod package.
-// See https://github.com/etcd-io/etcd/issues/11154
-replace go.etcd.io/etcd => go.etcd.io/etcd v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b
-
-replace (
-	github.com/lightningnetwork/lnd => github.com/guggero/lnd v0.11.0-beta.rc4.0.20210601120905-1ba56b534c9f
-	github.com/lightningnetwork/lnd/cert => github.com/guggero/lnd/cert v1.0.4-0.20210601120905-1ba56b534c9f
-	github.com/lightningnetwork/lnd/healthcheck => github.com/guggero/lnd/healthcheck v0.0.0-20210601120905-1ba56b534c9f
-	github.com/lightningnetwork/lnd/kvdb => github.com/guggero/lnd/kvdb v0.0.0-20210601120905-1ba56b534c9f
-)
-
 go 1.16

go.sum

@@ -0,0 +1,168 @@
+package mailbox
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"regexp"
+
+	"github.com/grpc-ecosystem/grpc-gateway/runtime"
+	"github.com/lightninglabs/terminal-connect/hashmailrpc"
+	"nhooyr.io/websocket"
+)
+
+var (
+	receivePath = "/v1/terminal-connect/hashmail/receive"
+	sendPath    = "/v1/terminal-connect/hashmail/send"
+	addrFormat  = "wss://%s%s?method=POST"
+
+	resultPattern    = regexp.MustCompile("{\"result\":(.*)}")
+	defaultMarshaler = &runtime.JSONPb{OrigName: true, EmitDefaults: false}
+)
+
+// ClientConn is a type that establishes a base transport connection to a
+// mailbox server using a REST/WebSocket connection. This type can be used to
+// initiate a mailbox transport connection from a browser/WASM environment.
+type ClientConn struct {
+	*connKit
+
+	receiveSocket *websocket.Conn
+	sendSocket    *websocket.Conn
+
+	receiveInitialized bool
+}
+
+// NewClientConn creates a new client connection with the given receive and send
+// session identifiers. The context given as the first parameter will be used
+// throughout the connection lifetime.
+func NewClientConn(ctx context.Context, receiveSID,
+	sendSID [64]byte) *ClientConn {
+
+	c := &ClientConn{}
+	c.connKit = &connKit{
+		ctx:        ctx,
+		impl:       c,
+		receiveSID: receiveSID,
+		sendSID:    sendSID,
+	}
+
+	return c
+}
+
+// Dial returns a net.Conn abstraction over the mailbox connection.
+func (c *ClientConn) Dial(_ context.Context, serverHost string) (net.Conn,
+	error) {
+
+	c.connKit.serverAddr = serverHost
+
+	connectMsg := NewMsgConnect(ProtocolVersion)
+	return c, c.SendControlMsg(connectMsg)
+}
+
+// ReceiveControlMsg tries to receive a control message over the underlying
+// mailbox connection.
+//
+// NOTE: This is part of the Conn interface.
+func (c *ClientConn) ReceiveControlMsg(receive ControlMsg) error {
+	if c.receiveSocket == nil {
+		receiveAddr := fmt.Sprintf(
+			addrFormat, c.serverAddr, receivePath,
+		)
+		receiveSocket, _, err := websocket.Dial(c.ctx, receiveAddr, nil)
+		if err != nil {
+			return err
+		}
+		c.receiveSocket = receiveSocket
+	}
+
+	if !c.receiveInitialized {
+		receiveInit := &hashmailrpc.CipherBoxDesc{
+			StreamId: c.receiveSID[:],
+		}
+		receiveInitBytes, err := defaultMarshaler.Marshal(receiveInit)
+		if err != nil {
+			return err
+		}
+
+		err = c.receiveSocket.Write(
+			c.ctx, websocket.MessageText, receiveInitBytes,
+		)
+		if err != nil {
+			return err
+		}
+
+		c.receiveInitialized = true
+	}
+
+	_, msg, err := c.receiveSocket.Read(c.ctx)
+	if err != nil {
+		return err
+	}
+	unwrapped := stripJSONWrapper(string(msg))
+
+	mailboxMsg := &hashmailrpc.CipherBox{}
+	err = defaultMarshaler.Unmarshal([]byte(unwrapped), mailboxMsg)
+	if err != nil {
+		return err
+	}
+
+	return receive.Deserialize(mailboxMsg.Msg)
+}
+
+// SendControlMsg tries to send a control message over the underlying mailbox
+// connection.
+//
+// NOTE: This is part of the Conn interface.
+func (c *ClientConn) SendControlMsg(controlMsg ControlMsg) error {
+	if c.sendSocket == nil {
+		sendAddr := fmt.Sprintf(addrFormat, c.serverAddr, sendPath)
+		sendSocket, _, err := websocket.Dial(c.ctx, sendAddr, nil)
+		if err != nil {
+			return err
+		}
+
+		c.sendSocket = sendSocket
+	}
+
+	payloadBytes, err := controlMsg.Serialize()
+	if err != nil {
+		return err
+	}
+
+	sendInit := &hashmailrpc.CipherBox{
+		Desc: &hashmailrpc.CipherBoxDesc{
+			StreamId: c.sendSID[:],
+		},
+		Msg: payloadBytes,
+	}
+	sendInitBytes, err := defaultMarshaler.Marshal(sendInit)
+	if err != nil {
+		return err
+	}
+	return c.sendSocket.Write(c.ctx, websocket.MessageText, sendInitBytes)
+}
+
+// Close closes the underlying mailbox connection.
+//
+// NOTE: This is part of the net.Conn interface.
+func (c *ClientConn) Close() error {
+	var returnErr error
+	if c.receiveSocket != nil {
+		returnErr = c.receiveSocket.Close(
+			websocket.StatusGoingAway, "bye",
+		)
+	}
+	if c.sendSocket != nil {
+		returnErr = c.sendSocket.Close(
+			websocket.StatusGoingAway, "bye",
+		)
+	}
+
+	return returnErr
+}
+
+var _ Conn = (*ClientConn)(nil)
+
+func stripJSONWrapper(wrapped string) string {
+	return resultPattern.ReplaceAllString(wrapped, "${1}")
+}

mailbox/client_conn.go

@@ -0,0 +1,136 @@
+package mailbox
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"math/big"
+
+	"github.com/btcsuite/btcd/btcec"
+	"github.com/kkdai/bstream"
+	"github.com/lightningnetwork/lnd/aezeed"
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+const (
+	ClientPointPreimage = "TerminalConnectClient"
+	ServerPointPreimage = "TerminalConnectServer"
+	NumPasswordWords    = 8 // TODO: make shorter by masking leftover bits.
+	NumPasswordBytes    = (NumPasswordWords * aezeed.BitsPerWord) / 8
+)
+
+var (
+	nonce = [12]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12}
+)
+
+// NewPassword generates a new one-time-use password, represented as a set of
+// mnemonic words and the raw entropy itself.
+func NewPassword() ([NumPasswordWords]string, [NumPasswordBytes]byte, error) {
+	var (
+		passwordEntropy [NumPasswordBytes]byte
+		password        [NumPasswordWords]string
+	)
+	if _, err := rand.Read(passwordEntropy[:]); err != nil {
+		return password, passwordEntropy, err
+	}
+
+	cipherBits := bstream.NewBStreamReader(passwordEntropy[:])
+	for i := 0; i < NumPasswordWords; i++ {
+		index, err := cipherBits.ReadBits(aezeed.BitsPerWord)
+		if err != nil {
+			return password, passwordEntropy, err
+		}
+
+		password[i] = aezeed.DefaultWordList[index]
+	}
+
+	return password, passwordEntropy, nil
+}
+
+// PasswordMnemonicToEntropy reverses the mnemonic word encoding and returns the
+// raw password entropy bytes.
+func PasswordMnemonicToEntropy(
+	password [NumPasswordWords]string) [NumPasswordBytes]byte {
+
+	var passwordEntropy [NumPasswordBytes]byte
+	cipherBits := bstream.NewBStreamWriter(NumPasswordBytes)
+	for _, word := range password {
+		index := uint64(aezeed.ReverseWordMap[word])
+		cipherBits.WriteBits(index, aezeed.BitsPerWord)
+	}
+
+	copy(passwordEntropy[:], cipherBits.Bytes())
+
+	return passwordEntropy
+}
+
+// TODO(guggero): Implement using "hash-and-increment" algorithm.
+func GeneratorPoint(preimage string) (*btcec.PublicKey, error) {
+	hash := sha256.Sum256([]byte(preimage))
+	_, pubKey := btcec.PrivKeyFromBytes(btcec.S256(), hash[:])
+	return pubKey, nil
+}
+
+// TODO(guggero): Implement in an actually secure way.
+func SPAKE2MaskPoint(ephemeralPubKey *btcec.PublicKey,
+	generatorPointPreimage string, password []byte) (*btcec.PublicKey,
+	error) {
+
+	g, err := GeneratorPoint(generatorPointPreimage)
+	if err != nil {
+		return nil, err
+	}
+
+	// Use PBKDF2 here?
+	pwHash := sha256.Sum256(password)
+	blindingPoint := &btcec.PublicKey{}
+	blindingPoint.X, blindingPoint.Y = btcec.S256().ScalarMult(
+		g.X, g.Y, pwHash[:],
+	)
+
+	result := &btcec.PublicKey{Curve: btcec.S256()}
+	result.X, result.Y = btcec.S256().Add(
+		blindingPoint.X, blindingPoint.Y,
+		ephemeralPubKey.X, ephemeralPubKey.Y,
+	)
+	return result, nil
+}
+
+// TODO(guggero): Implement in an actually secure way.
+func SPAKE2UnmaskPoint(blindedKey *btcec.PublicKey,
+	generatorPointPreimage string, password []byte) (*btcec.PublicKey,
+	error) {
+
+	g, err := GeneratorPoint(generatorPointPreimage)
+	if err != nil {
+		return nil, err
+	}
+
+	// Use PBKDF2 here?
+	pwHash := sha256.Sum256(password)
+	blindingPoint := &btcec.PublicKey{}
+	blindingPoint.X, blindingPoint.Y = btcec.S256().ScalarMult(
+		g.X, g.Y, pwHash[:],
+	)
+
+	result := &btcec.PublicKey{Curve: btcec.S256()}
+	negY := new(big.Int).Neg(blindedKey.Y)
+	negY = negY.Mod(negY, btcec.S256().P)
+	result.X, result.Y = blindedKey.Curve.Add(
+		blindedKey.X, blindedKey.Y, blindedKey.X, negY,
+	)
+	return result, nil
+}
+
+// TODO(guggero): Implement in an actually secure way.
+func Encrypt(plainText []byte, secret []byte) ([]byte, error) {
+	cipher, _ := chacha20poly1305.New(secret)
+
+	return cipher.Seal(nil, nonce[:], plainText, nil), nil
+}
+
+// TODO(guggero): Implement in an actually secure way.
+func Decrypt(cipherText []byte, secret []byte) ([]byte, error) {
+	cipher, _ := chacha20poly1305.New(secret)
+
+	return cipher.Open(nil, nonce[:], cipherText, nil)
+}