nova 0.0.2

data/lib/nova/starbound/encryptors.rb

@@ -0,0 +1,13 @@
+require 'nova/starbound/encryptors/plaintext'
+require 'nova/starbound/encryptors/openssl'
+require 'nova/starbound/encryptors/rbnacl'
+
+module Nova
+  module Starbound
+
+    # A module containing the encryptors that come with starbound.
+    module Encryptors
+
+    end
+  end
+end

data/lib/nova/starbound/encryptors/openssl.rb

@@ -0,0 +1,122 @@
+ require 'digest/sha2'
+
+module Nova
+  module Starbound
+    module Encryptors
+
+      # Handles encryption using the OpenSSL library.  Shares the
+      # shared secret using RSA public key encryption, creates a
+      # HMAC digest of the body using the shared secret as a key, and
+      # encrypts the body using AES-256-CBC encryption.
+      class OpenSSL < Encryptor
+
+        # The RSA key size for the key exchange.
+        RSA_KEY_SIZE = 4096
+
+        # The shared secret size, in bytes.  If RSA_KEY_SIZE is 4096,
+        # this is 256.
+        SECRET_SIZE = RSA_KEY_SIZE / 16
+
+        encryptor_name "openssl/rsa-#{RSA_KEY_SIZE}/aes-256-cbc"
+        register! 1
+
+        # see Encryptor.available?
+        def self.available?
+          @_available ||= begin
+            require 'openssl'
+            true
+          rescue LoadError
+            false
+          end
+        end
+
+        # (see Encryptor#encrypt)
+        def encrypt(packet)
+          packet = packet.clone
+          cipher = ::OpenSSL::Cipher::AES256.new(:CBC)
+          cipher.encrypt
+          cipher.key = options[:shared_secret]
+
+          # we have to fit the packet's nonce size.
+          packet[:nonce] = cipher.iv = ::OpenSSL::Random.random_bytes(24)
+
+          encrypted = cipher.update(packet[:body]) + cipher.final
+
+          packet.body = hmac_digest(encrypted) + encrypted
+          packet
+        end
+
+        # (see Encryptor#decrypt)
+        def decrypt(packet)
+          packet = packet.clone
+          decipher = ::OpenSSL::Cipher::AES256.new(:CBC)
+          decipher.decrypt
+          decipher.key = options[:shared_secret]
+          decipher.iv  = packet[:nonce]
+
+          digest = packet[:body][0..63]
+          actual_body = packet[:body][64..-1]
+
+          if hmac_digest(actual_body) != digest
+            raise EncryptorError, "Digest doesn't match the body."
+          end
+
+          packet.body = decipher.update(actual_body) +
+            decipher.final
+          packet
+        end
+
+        # (see Encryptor#private_key!)
+        def private_key!
+          options[:private] = ::OpenSSL::PKey::RSA.new(RSA_KEY_SIZE)
+        end
+
+        # If we have already recieved the other public key, we'll
+        # generate the secret here, and return the encrypted version
+        # of that secret here.  Otherwise, we'll generate our private
+        # key and return that in DER format.
+        #
+        # @return [String]
+        def public_key
+          if options[:other_public]
+            options[:shared_secret] =
+              ::OpenSSL::Random.random_bytes(SECRET_SIZE)
+            options[:other_public].public_encrypt(
+              options[:shared_secret])
+          else
+            options[:public] ||= options[:private].public_key.to_der
+          end
+        end
+
+        # If we already have a public key, that means that the value
+        # that's passed to this method is the shared secret.
+        # Otherwise, it really is the public key of the other remote.
+        # If the passed value is a shared secret, it's decrypted with
+        # our private key and stored.  If it's the other public key,
+        # it's instantized to a openssl RSA key, and stored.
+        #
+        # @return [void]
+        def other_public_key=(public_key)
+          if options[:public]
+            options[:shared_secret] =
+              options[:private].private_decrypt(public_key)
+          else
+            options[:other_public] =
+              ::OpenSSL::PKey::RSA.new(public_key)
+          end
+        end
+
+        private
+
+        # Provides a digest of the data, using HMAC.
+        #
+        # @return [String]
+        def hmac_digest(body)
+          ::OpenSSL::HMAC.digest(::OpenSSL::Digest::SHA512.new,
+            options[:shared_secret], body.to_s)
+        end
+
+      end
+    end
+  end
+end

data/lib/nova/starbound/encryptors/plaintext.rb

@@ -0,0 +1,64 @@
+module Nova
+  module Starbound
+    module Encryptors
+
+      # The plaintext encryptor.
+      class Plaintext < Encryptor
+
+        encryptor_name "plaintext"
+        register! 0
+
+        # The random provider for this clas.
+        RANDOM = Random.new
+
+        # Whether or not this encryptor is available.  Since it's
+        # plaintext, it's always available.
+        #
+        # @return [true]
+        def self.available?
+          true
+        end
+
+        # Whether or not this encryptor is plaintext.  It is.  This
+        # will always return true for this class.
+        #
+        # @return [true]
+        def self.plaintext?
+          true
+        end
+
+        # (see Encryptor#encrypt)
+        def encrypt(packet)
+          packet = packet.clone
+
+          packet[:nonce] = RANDOM.bytes(24)
+          packet
+        end
+
+        # (see Encryptor#decrypt)
+        def decrypt(packet)
+          packet = packet.clone
+
+          packet
+        end
+
+        # Does nothing.
+        #
+        # @return [nil]
+        def private_key!; end
+
+        # Does nothing.
+        #
+        # @return [String] an empty string.
+        def public_key; ""; end
+
+        # Does nothing.
+        #
+        # @param _ [String] the other "public" key.
+        # @return [nil]
+        def other_public_key=(_); end
+
+      end
+    end
+  end
+end

data/lib/nova/starbound/encryptors/rbnacl.rb

@@ -0,0 +1,67 @@
+module Nova
+  module Starbound
+    module Encryptors
+
+      # Provides encryption using RbNaCl.
+      class RbNaCl < Encryptor
+
+        encryptor_name "rbnacl/1.0.0"
+        register! 2
+
+        # (see Encryptor.available?)
+        def self.available?
+          @_available ||= begin
+            require 'rbnacl'
+            true
+          rescue LoadError
+            false
+          end
+        end
+
+        # (see Encryptor#encrypt)
+        def encrypt(packet)
+          packet = packet.clone
+          packet[:nonce] = Crypto::Random.random_bytes(24)
+          box = Crypto::Box.new(options[:public_key], options[:private_key])
+          enc = box.encrypt(packet[:nonce], packet[:body])
+
+          packet.body = enc
+          packet
+        end
+
+        # (see Encryptor#decrypt)
+        def decrypt(packet)
+          packet = packet.clone
+          box = Crypto::Box.new(options[:public_key], options[:private_key])
+          packet.body = box.decrypt(packet[:nonce], packet[:body])
+
+          packet
+        rescue Crypto::CryptoError => e
+          raise EncryptorError, e
+        end
+
+        # Generates a private key.
+        #
+        # @return [void]
+        def private_key!
+          options[:private_key] = Crypto::PrivateKey.generate
+        end
+
+        # Returns the public key for this remote.
+        #
+        # @return [String]
+        def public_key
+          options[:private_key].public_key.to_bytes
+        end
+
+        # Sets the other public key to the given value.
+        #
+        # @return [void]
+        def other_public_key=(public_key)
+          options[:public_key] = Crypto::PublicKey.new(public_key)
+        end
+
+      end
+    end
+  end
+end

data/lib/nova/starbound/protocol.rb

@@ -0,0 +1,81 @@
+require 'nova/starbound/protocol/exceptions'
+require 'nova/starbound/protocol/encryption'
+require 'nova/starbound/protocol/messages'
+require 'nova/starbound/protocol/packet'
+require 'nova/starbound/protocol/socket'
+
+module Nova
+  module Starbound
+
+    # The basic Starbound protocol.
+    #
+    # @todo More testing.
+    class Protocol
+
+      include Protocol::Socket
+      include Protocol::Encryption
+      include Protocol::Messages
+
+      # The options that was passed to this protocol on
+      # initialization.
+      #
+      # @return [Hash<Symbol, Object>]
+      attr_reader :options
+
+      # The current state of the protocol.  Known values:
+      # +:offline+ (default), +:handshake+, +:online+, +:closing+.
+      #
+      # @return [Symbol]
+      attr_reader :state
+
+      # Perform a handshake with the server.  First sets the state to
+      # +:handshake+.
+      #
+      # @return [void]
+      def handshake
+        @state = :handshake
+        thread
+
+        if options[:type] == :client
+          message  = send :protocol_version, Nova::VERSION
+          response = response_to message
+          check_versions response
+          handle_encryption
+        else
+
+          wait_for_protocol_version
+          handle_server_encryption
+        end
+
+        @state = :online
+      end
+
+      # Initialize the protocol.
+      #
+      # @param options [Hash] the options to initialize the protocol
+      #   with.
+      def initialize(options = {})
+        @options = options
+        @state   = :offline
+
+        super()
+      end
+
+      # Closes the connection.
+      #
+      # @return [void]
+      def close(code = :none)
+        @state = :closing
+
+        if code
+          send :close, Packet::CloseReasons[code].to_s
+        end
+
+        super()
+
+        @state = :offline
+      end
+
+    end
+  end
+end

data/lib/nova/starbound/protocol/encryption.rb

@@ -0,0 +1,48 @@
+module Nova
+  module Starbound
+    class Protocol
+
+      # The encryption used in the protocol.
+      module Encryption
+
+        # The provider used to encrypt the body.
+        #
+        # @return [Encryptor]
+        attr_writer :encryption_provider
+
+        # Initialize the encryption.
+        def initialize
+          @encryption_provider = Encryptors::Plaintext.new
+
+          super()
+        end
+
+        # Gets the encryption provider.
+        #
+        # @raise [NoEncryptionError] if {#state} isn't handshake,
+        #   the encryption provider returns true on
+        #   {Encryptor.plaintext?}, and +:allow_plaintext+ is false.
+        # @return [Encryptor]
+        def encryption_provider
+          raise NoEncryptionError if
+            @encryption_provider.class.plaintext? &&
+            !should_allow_plaintext?
+
+          @encryption_provider
+        end
+
+        private
+
+        # Whether or not plaintext is acceptable.  Checks the state to
+        # see if it's +:handshake+ and the +:allow_plaintext+ option
+        # to return true or false.
+        #
+        # @return [Boolean]
+        def should_allow_plaintext?
+          state == :handshake || options.fetch(:allow_plaintext, false)
+        end
+
+      end
+    end
+  end
+end

data/lib/nova/starbound/protocol/exceptions.rb

@@ -0,0 +1,38 @@
+module Nova
+  module Starbound
+    # Any error that is related to the protocol should inherit this
+    # class.
+    class ProtocolError < StandardError; end
+
+    # When the protocol needs to exit from a connection, this is
+    # raised.  Meant to be raised by a third party; not raised by this
+    # library.
+    class ExitError < StandardError; end
+
+    # Raised when the socket isn't using encryption, and we've
+    # already finished with the handshake, and if the
+    # +:allow_plaintext+ option isn't true.  Used in
+    # {Protocol::Socket}.
+    class NoEncryptionError < ProtocolError; end
+
+    # Raised when the major version of the remote does not match the
+    # major version of this library.  Used in {Protocol::Messages}.
+    class IncompatibleRemoteError < ProtocolError; end
+
+    # The remote closed the connection.  Used in {Protocol::Socket}.
+    class RemoteClosedError < ProtocolError; end
+
+    # Raised when a string is unpacked but it doesn't match any
+    # struct defined here.  Used in {Protocol::Packet}.
+    class NoStructError < ProtocolError; end
+
+    # Raised when a packet is sent when another packet was
+    # expected.  Used in {Protocol::Packet}.
+    class UnacceptablePacketError < ProtocolError; end
+
+    # Raised if the encryptor runs into an error with encrypting
+    # or decrypting the packet.  Used in {Encryptors::OpenSSL} and
+    # {Encryptors::RbNaCl}.
+    class EncryptorError < StandardError; end
+  end
+end

data/lib/nova/starbound/protocol/messages.rb

@@ -0,0 +1,116 @@
+module Nova
+  module Starbound
+    class Protocol
+
+      # Handles messages.
+      module Messages
+
+        # Checks the versions of the remote and us.  If the major
+        # versions don't match, raise an error.
+        #
+        # @raise [IncompatibleRemoteError] if the major versions don't
+        #   match.
+        # @return [void]
+        def check_versions(other_packet)
+          other_packet.expect(:protocol_version)
+          our_major = Nova::VERSION.split('.').first
+          their_major = other_packet.body.split('.').first
+
+          if our_major != their_major
+            raise IncompatibleRemoteError,
+              "Major versions do not match (our: #{our_major}, " +
+              "theirs: #{their_major})"
+          end
+        end
+
+        # Waits for the remote to send their protocol version, and
+        # then checks their version against ours, making sure the
+        # versions match.
+        #
+        # @raise [IncompatibleRemoteError] if the major versions don't
+        #   match.
+        # @return [void]
+        def wait_for_protocol_version
+          pack = read
+
+          check_versions(pack)
+
+          respond_to pack, :protocol_version, Nova::VERSION
+        end
+
+        # Handles setting up encryption with the server.  Sends the
+        # server the list of options we have, and waits for a
+        # response.  The first 4 bytes of the public key correspond
+        # to the index of the encryptor, and the rest is the actual
+        # public key.  It then sends our public key back, but doesn't
+        # wait for a response.
+        #
+        # @return [void]
+        def handle_encryption
+          sent = send :encryption_options,
+            Encryptor.sorted_encryptors.map(&:encryptor_name).join("\n")
+
+          response = response_to sent
+          response.expect(:public_key)
+
+          encryptor = matching_encryptor *response.body.split("\n", 2)
+
+          respond_to response, :public_key, encryptor.public_key
+          self.encryption_provider = encryptor
+        end
+
+        # Handles the server encryption.  Reads a packet, splits the
+        # body by new lines, and searches our encryptors for a
+        # matching encryptor.  Initializes it, and sends back data
+        # to the client containing which encryptor was used and our
+        # public key; waits for a response containing the client's
+        # public key, and then sets the encryption provider.
+        #
+        # @return [void]
+        def handle_server_encryption
+          enc_options = read
+          enc_options.expect(:encryption_options)
+          lines = enc_options.body.split("\n")
+
+          encs = Encryptor.sorted_encryptors.select do |e|
+            lines.include?(e.encryptor_name)
+          end
+
+          preferred = encs.first
+          index = lines.index(preferred.encryptor_name)
+          encryptor = preferred.new
+          encryptor.private_key!
+
+          data = preferred.encryptor_name + "\n"
+
+          out = respond_to enc_options, :public_key, data +
+            encryptor.public_key
+
+          pub_key = response_to out
+          pub_key.expect(:public_key)
+
+          encryptor.other_public_key = pub_key.body
+
+          self.encryption_provider = encryptor
+        end
+
+        private
+
+        # Handles selecting and setting up the encryption for this
+        # protocol, given the name from the remote.
+        #
+        # @return [Encryptor]
+        def matching_encryptor(name, body)
+          enc = Encryptor.encryptors.select { |e|
+            e.encryptor_name == name
+          }.first.new
+          enc.private_key!
+          enc.other_public_key = body
+
+          enc
+        end
+      end
+
+    end
+  end
+end