rename package

Author: ainghazal

internal/tlsstate/controlmsg.go renamed to internal/tlssession/controlmsg.go

@@ -1,4 +1,4 @@
-package tlsstate
+package tlssession
 
 import (
 	"bytes"
@@ -10,6 +10,16 @@ import (
 	"github.com/ooni/minivpn/internal/session"
 )
 
+//
+// The functions in this file deal with control messages. These control
+// messages are sent and received over the TLS session once we've gone one
+// established.
+//
+// The control **channel** below us will deal with serializing and deserializing them,
+// what we receive at this stage are the cleartext payloads obtained after decrypting
+// an application data TLS record.
+//
+
 // encodeClientControlMessage returns a byte array with the payload for a control channel packet.
 // This is the packet that the client sends to the server with the key
 // material, local options and credentials (if username+password authentication is used).

internal/tlssession/doc.go

@@ -0,0 +1,3 @@
+// Package tlssession performs a TLS handshake over the control channel, and then it
+// exchanges keys with the server over this secure channel.
+package tlssession

internal/tlsstate/tlsbio.go renamed to internal/tlssession/tlsbio.go

@@ -1,4 +1,4 @@
-package tlsstate
+package tlssession
 
 import (
 	"bytes"

internal/tlsstate/tlshandshake.go renamed to internal/tlssession/tlshandshake.go

@@ -1,12 +1,12 @@
-package tlsstate
+package tlssession
 
 import (
 	"crypto/x509"
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net"
+	"os"
 
 	"github.com/ooni/minivpn/internal/model"
 	"github.com/ooni/minivpn/internal/runtimex"
@@ -55,7 +55,7 @@ type certPaths struct {
 // the passed certPaths and return a certConfig with the client and CA certificates.
 func loadCertAndCAFromPath(pth certPaths) (*certConfig, error) {
 	ca := x509.NewCertPool()
-	caData, err := ioutil.ReadFile(pth.caPath)
+	caData, err := os.ReadFile(pth.caPath)
 	if err != nil {
 		return nil, fmt.Errorf("%w: %s", ErrBadCA, err)
 	}
@@ -228,6 +228,7 @@ type handshaker interface {
 // is, the default tls.Client factory; and an error.
 // we're not using the default factory right now, but it comes handy to be able
 // to compare the fingerprints with a golang TLS handshake.
+// TODO(ainghazal): implement some sort of test that extracts/compares the TLS client hello.
 func defaultTLSFactory(conn net.Conn, config *tls.Config) (handshaker, error) {
 	c := tls.Client(conn, config)
 	return c, nil

internal/tlsstate/tlsstate.go renamed to internal/tlssession/tlssession.go

@@ -1,4 +1,4 @@
-package tlsstate
+package tlssession
 
 import (
 	"context"
@@ -11,7 +11,7 @@ import (
 	tls "github.com/refraction-networking/utls"
 )
 
-// Service is the tlsstate service. Make sure you initialize
+// Service is the tlssession service. Make sure you initialize
 // the channels before invoking [Service.StartWorkers].
 type Service struct {
 	// NotifyTLS is a channel where we receive incoming notifications.
@@ -34,7 +34,7 @@ type Service struct {
 	TLSRecordDown *chan []byte
 }
 
-// StartWorkers starts the tls-state workers. See the [ARCHITECTURE]
+// StartWorkers starts the tlssession workers. See the [ARCHITECTURE]
 // file for more information about the packet-muxer workers.
 //
 // [ARCHITECTURE]: https://github.com/ooni/minivpn/blob/main/ARCHITECTURE.md
@@ -69,21 +69,21 @@ type workersState struct {
 	workersManager *workers.Manager
 }
 
-// worker is the main loop of the tlsstate
+// worker is the main loop of the tlssession
 func (ws *workersState) worker() {
 	defer func() {
 		ws.workersManager.OnWorkerDone()
 		ws.workersManager.StartShutdown()
-		ws.logger.Debug("tlsstate: worker: done")
+		ws.logger.Debug("tlssession: worker: done")
 	}()
 
-	ws.logger.Debug("tlsstate: worker: started")
+	ws.logger.Debug("tlssession: worker: started")
 	for {
 		select {
 		case notif := <-ws.notifyTLS:
 			if (notif.Flags & model.NotificationReset) != 0 {
 				if err := ws.tlsAuth(); err != nil {
-					ws.logger.Warnf("tlsstate: tlsAuth: %s", err.Error())
+					ws.logger.Warnf("tlssession: tlsAuth: %s", err.Error())
 					// TODO: is it worth checking the return value and stopping?
 				}
 			}
@@ -135,8 +135,8 @@ func (ws *workersState) tlsAuth() error {
 // doTLSAuth is the internal implementation of tlsAuth such that tlsAuth
 // can interrupt this function early if needed.
 func (ws *workersState) doTLSAuth(conn net.Conn, config *tls.Config, errorch chan<- error) {
-	ws.logger.Debug("tlsstate: doTLSAuth: started")
-	defer ws.logger.Debug("tlsstate: doTLSAuth: done")
+	ws.logger.Debug("tlsession: doTLSAuth: started")
+	defer ws.logger.Debug("tlssession: doTLSAuth: done")
 
 	// do the TLS handshake
 	tlsConn, err := tlsHandshakeFn(conn, config)