rswim 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2cdad1327bf5ba2e7fd3a2d975b7f0ad507d99952b9c2b2d01269f4f3b813f25
-  data.tar.gz: 2050c00ddb9eec045103645d269683ad0454d664d92026f6849f80428e1483ff
+  metadata.gz: 1acfab8998ff5ebd1919f16fd0e27c2f708224aedb004376ccbe2f5818bb6648
+  data.tar.gz: 5c85faa591b08d74d38b2fb091ee56b1e836af3e863005e51cbd55e35df2f255
 SHA512:
-  metadata.gz: 17a26dc6da80bc10db656b7127f2e72c7bb77d962eec38fc63830aa5b5d4642c8e3650fb8c4d2b860efac2e1eaa12c590c98f31dc1e4092adec31018c8b558bf
-  data.tar.gz: 9563514c494f896b54098b80b1636a20323a84d07b5f9b689577e592592edc6ae480449fcf7020ae1ad79b72084a7d087967983f9b2229a712de9d4712e95d8e
+  metadata.gz: a7c312893d1e1363675ad17ab97d7ad87dd016ab39ef4debb208016e970fdf9d8f1813fcfbe7f1c39ad8c0933765cf7b94fda82405dd732daa6bd9b3de2bba6e
+  data.tar.gz: 858683dc2c970daaefb085e467249a62b37a1e88e6ad556d5a944112bd51e463cda530168ee0a4abda0d35b175a3aceb031e4b4346dea44f1205c900b43647d4

data/.gitignore

@@ -15,4 +15,5 @@
 # rspec failure tracking
 .rspec_status
 .byebug_history
+.ruby-version
 .DS_Store

data/CHANGELOG.md

@@ -1,3 +1,4 @@
 # 1.0.0 Complete implementation for UDP plus simple, human readable serialisation of messages
 # 2.0.0 Piggyback custom state on the liveness propagation mechanism using `RSwim::Node#append_custom_state`
-# 2.1.0 Use non-blocking I/O by means of `Fiber.shedule` with the scheduler provided by the Async gem
+# 2.1.0 Use non-blocking I/O by means of `Fiber.shedule` with the scheduler provided by the Async gem
+# 2.2.0 Encrypted messages between peers. Run UDP Sender in fiber instead of thread to make whole node single threaded.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rswim (2.1.0)
+    rswim (2.2.0)
       async (~> 1.30)
       slop (~> 4.9)
       zeitwerk (~> 2.2)
@@ -15,12 +15,12 @@ GEM
       timers (~> 4.1)
     byebug (11.1.3)
     coderay (1.1.3)
-    console (1.13.1)
+    console (1.14.0)
       fiber-local
-    diff-lcs (1.4.4)
-    ffi (1.15.4)
+    diff-lcs (1.5.0)
+    ffi (1.15.5)
     fiber-local (1.0.0)
-    formatador (0.3.0)
+    formatador (1.1.0)
     fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
@@ -38,7 +38,7 @@ GEM
       guard (~> 2.1)
       guard-compat (~> 1.1)
       rspec (>= 2.99.0, < 4.0)
-    listen (3.7.0)
+    listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     lumberjack (1.2.8)
@@ -52,28 +52,28 @@ GEM
       coderay (~> 1.1)
       method_source (~> 1.0)
     rake (12.3.3)
-    rb-fsevent (0.11.0)
+    rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
     ruby-progressbar (1.11.0)
     shellany (0.0.1)
     slop (4.9.1)
-    thor (1.1.0)
+    thor (1.2.1)
     timers (4.3.3)
-    zeitwerk (2.4.2)
+    zeitwerk (2.5.4)
 
 PLATFORMS
   ruby

data/README.md

@@ -4,11 +4,14 @@ RSwim is a Ruby implementation of the SWIM gossip protocol, a mechanism for disc
 
 It is an implementation inspired by the original [SWIM: Scalable Weakly-consistent Infection-style Process Group Membership Protocol](https://www.cs.cornell.edu/projects/Quicksilver/public_pdfs/SWIM.pdf) paper by Abhinandan Das, Indranil Gupta, Ashish Motivala.
 
-The implementation is kept intentionally simple and limited to the features described in the paper, except for the addition in version 2.0.0 of the ability to piggyback custom state on the liveness propagation mechanism, see `RSwim::Node#append_custom_state`
+The implementation is kept intentionally simple and includes only the features described in the paper along with a few additions after version 2.0.0:
+
+- The ability to piggyback custom state on the liveness propagation mechanism was added in version 2.0.0, see `RSwim::Node#append_custom_state`
+- Encryption of messsages between peers based on a shared secret was introduced in version 2.2.0, see module `RSwim::Serialization::Encrypted`
 
 No attempts have been made to address known security issues such as Byzantine attacks.
 
-Currently RSwim runs on UDP with a custom, human readable serialization format.
+Currently RSwim runs on UDP. In the unencrypted mode it uses a custom, human readable serialization format. Peers in unencrypted mode cannot communicate with peers in encrypted mode.
 
 
 ## Installation
@@ -34,6 +37,9 @@ Example:
 ```ruby
   require 'rswim'
 
+  RSwim.encrypted = true
+  RSwim.shared_secret = 'santa 2000'
+
   port = 4545
 
   # known, running nodes to connect with initially.

data/bin/encrypt

@@ -0,0 +1,25 @@
+#!/usr/bin/env ruby --jit
+
+require 'openssl'
+require 'console'
+
+cipher = OpenSSL::Cipher::AES256.new :CBC
+cipher.encrypt
+iv = cipher.random_iv
+cipher.key = key = Digest::SHA256.digest 'SecretPassword'
+cipher_text = cipher.update('This is a secret message') + cipher.final
+
+Console.logger.info cipher_text, 'got this after encrypting'
+
+begin
+  decipher = OpenSSL::Cipher::AES256.new :CBC
+  decipher.decrypt
+  decipher.iv = iv # previously saved
+  decipher.key = Digest::SHA256.digest 'mismatch'
+  plain_text = decipher.update(cipher_text) + decipher.final
+
+  Console.logger.info plain_text, 'got this after decrypting'
+rescue OpenSSL::Cipher::CipherError => e
+  Console.logger.error('Error while decrypting')
+  Console.logger.failure(decipher, e)
+end

data/bin/run_node

@@ -8,6 +8,8 @@ PORT = 4545
 opts = Slop.parse do |o|
   o.array '-s', '--seeds', 'a comma separated list of seed nodes'
   o.bool '-d', '--debug', 'turn on debug logging'
+  o.bool '-e', '--encrypted', 'use encrypted mode'
+  o.string '--secret', 'shared secret for encrypted mode', default: 'santa 2000'
   o.on '--help' do
     puts o
     exit
@@ -21,6 +23,12 @@ end
 puts "Ruby version: #{RUBY_VERSION}"
 
 RSwim::Logger.level = ::Logger::DEBUG if opts.debug?
+
+if opts.encrypted?
+  RSwim.encrypted = true
+  RSwim.shared_secret = opts[:secret]
+end
+
 seed_hosts = opts[:seeds]
 abort 'EOF' if seed_hosts.nil?
 

data/lib/rswim/encryption.rb

@@ -0,0 +1,43 @@
+module RSwim
+  module Encryption
+    class << self
+      def encrypt(message)
+        message = message.dup.force_encoding('UTF-8')
+        salt = cipher.random_iv        
+        cipher_text = cipher.update(message) + cipher.final
+        [cipher_text, salt]
+      rescue StandardError => e
+        raise Error, "Failed to encrypt: #{e.message}"
+      end
+
+      def decrypt(cipher_text, salt)
+        decipher.iv = salt
+        message = decipher.update(cipher_text) + decipher.final
+        message.force_encoding('UTF-8')
+      rescue StandardError => e
+        raise Error, "Failed to decrypt: #{e.message}"        
+      end
+
+      private
+
+      def cipher
+        @_cipher ||= begin
+          cipher = OpenSSL::Cipher::AES256.new :CBC
+          cipher.encrypt
+          cipher.key = Digest::SHA256.digest(RSwim.shared_secret)
+          cipher
+        end
+      end
+
+      def decipher
+        @_decipher ||= begin
+          cipher = OpenSSL::Cipher::AES256.new :CBC
+          cipher.decrypt
+          cipher.key = Digest::SHA256.digest(RSwim.shared_secret)
+          cipher
+        end
+      end
+    end
+
+  end
+end

data/lib/rswim/integration/udp/io_loop.rb

@@ -3,36 +3,6 @@
 module RSwim
   module Integration
     module UDP
-      class Sender
-        def initialize(port, out_q)
-          @out_q = out_q
-          @port = port
-          @out_s = UDPSocket.new
-        end
-
-        def run
-          Async do
-            loop do
-              wire_messages = @out_q.pop
-              wire_messages.each do |(host, wire_message)|
-                logger.debug "about to send message to #{host} on port #{@port}"
-                Fiber.schedule do
-                  @out_s.send(wire_message, 0, host, @port)
-                rescue StandardError => e
-                  logger.debug("Error while sending: #{e}")
-                end
-              end
-            end
-          end
-        end
-
-        private
-
-        def logger
-          @_logger ||= RSwim::Logger.new(self.class, $stderr)
-        end
-      end
-
       class IOLoop < RSwim::IOLoop
         def initialize(agent, serializer, deserializer, directory, sleep_time_seconds, my_host, port)
           super(agent, serializer, deserializer, directory, sleep_time_seconds)
@@ -46,7 +16,7 @@ module RSwim
           @in_s = UDPSocket.new
           @in_s.bind(@my_host, @port)
           @out_q = Queue.new
-          Thread.new { Sender.new(@port, @out_q).run }.abort_on_exception = true
+          Fiber.schedule { Sender.new(@port, @out_q).run }
         end
 
         def read

data/lib/rswim/integration/udp/sender.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module RSwim
+  module Integration
+    module UDP
+      class Sender
+        def initialize(port, out_q)
+          @out_q = out_q
+          @port = port
+          @out_s = UDPSocket.new
+        end
+
+        def run
+          Async do
+            loop do
+              wire_messages = @out_q.pop
+              wire_messages.each do |(host, wire_message)|
+                logger.debug "about to send message to #{host} on port #{@port}"
+                Fiber.schedule do
+                  @out_s.send(wire_message, 0, host, @port)
+                rescue StandardError => e
+                  logger.debug("Error while sending: #{e}")
+                end
+              end
+            end
+          end
+        end
+
+        private
+
+        def logger
+          @_logger ||= RSwim::Logger.new(self.class, $stderr)
+        end
+      end
+    end
+  end
+end

data/lib/rswim/io_loop.rb

@@ -12,8 +12,8 @@ module RSwim
     end
 
     def run
-      before_run
       Async do
+        before_run
         start_producer
         loop do
           in_messages = consume_read_buffer

data/lib/rswim/node.rb

@@ -7,11 +7,13 @@ module RSwim
     end
 
     def initialize(my_host, seed_hosts, t_ms, r_ms)
+      RSwim.validate_config!
       @my_host = my_host
       @directory = Directory.new
       @my_id = @directory.id(@my_host)
-      @deserializer = Integration::Deserializer.new(@directory, @my_id)
-      @serializer = Integration::Serializer.new(@directory)
+      serialization = RSwim.encrypted ? Serialization::Encrypted : Serialization::Simple
+      @deserializer = serialization::Deserializer.new(@directory, @my_id)
+      @serializer = serialization::Serializer.new(@directory)
       @seed_ids = seed_hosts.map { |host| @directory.id(host) }
       @t_ms = t_ms
       @r_ms = r_ms

data/lib/rswim/serialization/encrypted/deserializer.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module RSwim
+  module Serialization::Encrypted
+    class Deserializer
+      def initialize(directory, my_id)
+        @directory = directory
+        @my_id = my_id
+      end
+
+      def deserialize(sender_host, wire_message)
+        outer = JSON.parse(wire_message)
+        cipher_text, salt = outer.values_at('message', 'salt').map { |s| Base64.decode64(s) }
+        inner = JSON.parse(Encryption.decrypt(cipher_text, salt), symbolize_names: true)
+
+        from = @directory.id(sender_host)
+        payload = {}
+        payload[:target_id] = @directory.id(inner[:target]) unless inner[:target].nil?
+        payload[:updates] = inner[:updates].to_a.map do |u|
+          UpdateEntry.new(
+            @directory.id(u[:host]),
+            u[:status].to_sym,
+            u[:incarnation_number].to_i,
+            u[:custom_state]
+          )
+        end
+        Message.new(@my_id, from, inner[:type].to_sym, payload)
+      rescue StandardError => e
+        logger.debug("Failed to parse wire message")
+        nil
+      end
+
+      protected
+
+      def logger
+        @_logger ||= RSwim::Logger.new(self.class, $stderr)
+      end
+    end
+  end
+end

data/lib/rswim/serialization/encrypted/serializer.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module RSwim
+  module Serialization::Encrypted
+    class Serializer
+      def initialize(directory)
+        @directory = directory
+      end
+
+      def serialize(message)
+        unencrypted = serialize_unencrypted(message)
+        cipher_text, salt = Encryption.encrypt(unencrypted).map { |s| Base64.encode64(s) }
+        { message: cipher_text, salt: salt }.to_json
+      end
+
+      protected
+
+      def logger
+        @_logger ||= RSwim::Logger.new(self.class, STDERR)
+      end
+
+      private
+
+      def serialize_unencrypted(message)
+        out = {}
+        out[:type] = message.type
+        out[:target] = @directory.host(message.payload[:target_id]) if message.type == :ping_req
+        out[:updates] = message.payload[:updates].to_a.map do |update|
+          {
+            host: @directory.host(update.member_id),
+            status: update.status,
+            incarnation_number: update.incarnation_number,
+            custom_state: update.custom_state
+          }
+        end
+
+        out.to_json
+      end
+    end
+  end
+end

data/lib/rswim/{integration → serialization/simple}/deserializer.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module RSwim
-  module Integration
+  module Serialization::Simple
     class Deserializer
       def initialize(directory, my_id)
         @directory = directory

data/lib/rswim/{integration → serialization/simple}/serializer.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module RSwim
-  module Integration
+  module Serialization::Simple
     class Serializer
       def initialize(directory)
         @directory = directory

data/lib/rswim/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RSwim
-  VERSION = '2.1.0'
+  VERSION = '2.2.0'
 end

data/lib/rswim.rb

@@ -4,8 +4,14 @@ require 'logger'
 require 'socket'
 require 'zeitwerk'
 require 'async'
+require 'openssl'
+require 'base64'
 
-# frozen_string_literal: true
+cipher = OpenSSL::Cipher::AES256.new :CBC
+cipher.encrypt
+iv = cipher.random_iv
+cipher.key = key = Digest::SHA256.digest 'SecretPassword'
+cipher_text = cipher.update('This is a secret message') + cipher.final
 
 class MyInflector < Zeitwerk::Inflector
   def camelize(basename, _abspath)
@@ -31,5 +37,19 @@ module RSwim
   # Roundtrip time, millis
   R_MS = 10_000
 
+  class << self
+    attr_accessor :encrypted, :shared_secret
+
+    def validate_config!
+      validate_shared_secret! if @encrypted
+      true
+    end
+
+    def validate_shared_secret!
+      raise Error, 'Encrypted mode was set, but no shared secret configured' if @shared_secret.nil?
+      raise Error, 'Shared secret too short' if @shared_secret.length < 8
+    end
+  end
+
   class Error < StandardError; end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rswim
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Erik Madsen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-10-10 00:00:00.000000000 Z
+date: 2022-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: zeitwerk
@@ -147,7 +147,6 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
-- ".ruby-version"
 - ".travis.yml"
 - CHANGELOG.md
 - Gemfile
@@ -158,15 +157,16 @@ files:
 - Rakefile
 - bin/async_loop
 - bin/console
+- bin/encrypt
 - bin/run_node
 - bin/setup
 - lib/rswim.rb
 - lib/rswim/agent.rb
 - lib/rswim/directory.rb
-- lib/rswim/integration/deserializer.rb
-- lib/rswim/integration/serializer.rb
+- lib/rswim/encryption.rb
 - lib/rswim/integration/udp/io_loop.rb
 - lib/rswim/integration/udp/node.rb
+- lib/rswim/integration/udp/sender.rb
 - lib/rswim/io_loop.rb
 - lib/rswim/logger.rb
 - lib/rswim/member/ack_responder.rb
@@ -191,6 +191,10 @@ files:
 - lib/rswim/node.rb
 - lib/rswim/pipe.rb
 - lib/rswim/protocol_state.rb
+- lib/rswim/serialization/encrypted/deserializer.rb
+- lib/rswim/serialization/encrypted/serializer.rb
+- lib/rswim/serialization/simple/deserializer.rb
+- lib/rswim/serialization/simple/serializer.rb
 - lib/rswim/status_report.rb
 - lib/rswim/update_entry.rb
 - lib/rswim/version.rb
@@ -219,7 +223,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: Ruby implementation of the SWIM gossip protocol

data/.ruby-version

@@ -1 +0,0 @@
-3.0.2