From 83cdb2de181bb232bdd0ce2070d2b5e45d1ba672 Mon Sep 17 00:00:00 2001 From: ain ghazal Date: Tue, 16 Jan 2024 17:24:06 +0100 Subject: [PATCH] rename package --- .../{tlsstate => tlssession}/controlmsg.go | 12 +++++++++++- internal/tlssession/doc.go | 3 +++ internal/{tlsstate => tlssession}/tlsbio.go | 2 +- .../{tlsstate => tlssession}/tlshandshake.go | 7 ++++--- .../tlsstate.go => tlssession/tlssession.go} | 18 +++++++++--------- internal/tlsstate/doc.go | 3 --- 6 files changed, 28 insertions(+), 17 deletions(-) rename internal/{tlsstate => tlssession}/controlmsg.go (91%) create mode 100644 internal/tlssession/doc.go rename internal/{tlsstate => tlssession}/tlsbio.go (98%) rename internal/{tlsstate => tlssession}/tlshandshake.go (98%) rename internal/{tlsstate/tlsstate.go => tlssession/tlssession.go} (93%) delete mode 100644 internal/tlsstate/doc.go diff --git a/internal/tlsstate/controlmsg.go b/internal/tlssession/controlmsg.go similarity index 91% rename from internal/tlsstate/controlmsg.go rename to internal/tlssession/controlmsg.go index e91b6e2b..e348cbfe 100644 --- a/internal/tlsstate/controlmsg.go +++ b/internal/tlssession/controlmsg.go @@ -1,4 +1,4 @@ -package tlsstate +package tlssession import ( "bytes" @@ -10,6 +10,16 @@ import ( "github.com/ooni/minivpn/internal/session" ) +// +// The functions in this file deal with control messages. These control +// messages are sent and received over the TLS session once we've gone one +// established. +// +// The control **channel** below us will deal with serializing and deserializing them, +// what we receive at this stage are the cleartext payloads obtained after decrypting +// an application data TLS record. +// + // encodeClientControlMessage returns a byte array with the payload for a control channel packet. // This is the packet that the client sends to the server with the key // material, local options and credentials (if username+password authentication is used). diff --git a/internal/tlssession/doc.go b/internal/tlssession/doc.go new file mode 100644 index 00000000..88c39de2 --- /dev/null +++ b/internal/tlssession/doc.go @@ -0,0 +1,3 @@ +// Package tlssession performs a TLS handshake over the control channel, and then it +// exchanges keys with the server over this secure channel. +package tlssession diff --git a/internal/tlsstate/tlsbio.go b/internal/tlssession/tlsbio.go similarity index 98% rename from internal/tlsstate/tlsbio.go rename to internal/tlssession/tlsbio.go index fe7c3892..6fec09be 100644 --- a/internal/tlsstate/tlsbio.go +++ b/internal/tlssession/tlsbio.go @@ -1,4 +1,4 @@ -package tlsstate +package tlssession import ( "bytes" diff --git a/internal/tlsstate/tlshandshake.go b/internal/tlssession/tlshandshake.go similarity index 98% rename from internal/tlsstate/tlshandshake.go rename to internal/tlssession/tlshandshake.go index 6075331b..3f3bbfb0 100644 --- a/internal/tlsstate/tlshandshake.go +++ b/internal/tlssession/tlshandshake.go @@ -1,12 +1,12 @@ -package tlsstate +package tlssession import ( "crypto/x509" "encoding/hex" "errors" "fmt" - "io/ioutil" "net" + "os" "github.com/ooni/minivpn/internal/model" "github.com/ooni/minivpn/internal/runtimex" @@ -55,7 +55,7 @@ type certPaths struct { // the passed certPaths and return a certConfig with the client and CA certificates. func loadCertAndCAFromPath(pth certPaths) (*certConfig, error) { ca := x509.NewCertPool() - caData, err := ioutil.ReadFile(pth.caPath) + caData, err := os.ReadFile(pth.caPath) if err != nil { return nil, fmt.Errorf("%w: %s", ErrBadCA, err) } @@ -228,6 +228,7 @@ type handshaker interface { // is, the default tls.Client factory; and an error. // we're not using the default factory right now, but it comes handy to be able // to compare the fingerprints with a golang TLS handshake. +// TODO(ainghazal): implement some sort of test that extracts/compares the TLS client hello. func defaultTLSFactory(conn net.Conn, config *tls.Config) (handshaker, error) { c := tls.Client(conn, config) return c, nil diff --git a/internal/tlsstate/tlsstate.go b/internal/tlssession/tlssession.go similarity index 93% rename from internal/tlsstate/tlsstate.go rename to internal/tlssession/tlssession.go index 9af5f0c7..12c6e4ae 100644 --- a/internal/tlsstate/tlsstate.go +++ b/internal/tlssession/tlssession.go @@ -1,4 +1,4 @@ -package tlsstate +package tlssession import ( "context" @@ -11,7 +11,7 @@ import ( tls "github.com/refraction-networking/utls" ) -// Service is the tlsstate service. Make sure you initialize +// Service is the tlssession service. Make sure you initialize // the channels before invoking [Service.StartWorkers]. type Service struct { // NotifyTLS is a channel where we receive incoming notifications. @@ -34,7 +34,7 @@ type Service struct { TLSRecordDown *chan []byte } -// StartWorkers starts the tls-state workers. See the [ARCHITECTURE] +// StartWorkers starts the tlssession workers. See the [ARCHITECTURE] // file for more information about the packet-muxer workers. // // [ARCHITECTURE]: https://github.com/ooni/minivpn/blob/main/ARCHITECTURE.md @@ -69,21 +69,21 @@ type workersState struct { workersManager *workers.Manager } -// worker is the main loop of the tlsstate +// worker is the main loop of the tlssession func (ws *workersState) worker() { defer func() { ws.workersManager.OnWorkerDone() ws.workersManager.StartShutdown() - ws.logger.Debug("tlsstate: worker: done") + ws.logger.Debug("tlssession: worker: done") }() - ws.logger.Debug("tlsstate: worker: started") + ws.logger.Debug("tlssession: worker: started") for { select { case notif := <-ws.notifyTLS: if (notif.Flags & model.NotificationReset) != 0 { if err := ws.tlsAuth(); err != nil { - ws.logger.Warnf("tlsstate: tlsAuth: %s", err.Error()) + ws.logger.Warnf("tlssession: tlsAuth: %s", err.Error()) // TODO: is it worth checking the return value and stopping? } } @@ -135,8 +135,8 @@ func (ws *workersState) tlsAuth() error { // doTLSAuth is the internal implementation of tlsAuth such that tlsAuth // can interrupt this function early if needed. func (ws *workersState) doTLSAuth(conn net.Conn, config *tls.Config, errorch chan<- error) { - ws.logger.Debug("tlsstate: doTLSAuth: started") - defer ws.logger.Debug("tlsstate: doTLSAuth: done") + ws.logger.Debug("tlsession: doTLSAuth: started") + defer ws.logger.Debug("tlssession: doTLSAuth: done") // do the TLS handshake tlsConn, err := tlsHandshakeFn(conn, config) diff --git a/internal/tlsstate/doc.go b/internal/tlsstate/doc.go deleted file mode 100644 index e947683a..00000000 --- a/internal/tlsstate/doc.go +++ /dev/null @@ -1,3 +0,0 @@ -// Package tlsstate performs a TLS handshake over the control channel, and they -// exchanges keys with the server over this secure channel. -package tlsstate