Add basic cryptosign support.

Author: aarlt

CMakeLists.txt

@@ -3,6 +3,7 @@ cmake_minimum_required(VERSION 2.8)
 project(autobahn-cpp)
 
 option(AUTOBAHN_BUILD_EXAMPLES "Build examples" ON)
+option(AUTOBAHN_BUILD_EXAMPLES_BOTAN "Build Botan cryptosign example" OFF)
 option(AUTOBAHN_USE_LIBCXX "Use libc++ instead of libstdc++ when building with Clang" ON)
 
 include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Includes/CMakeLists.txt)

autobahn/wamp_challenge.hpp

@@ -51,6 +51,9 @@ class wamp_challenge
     int iterations() const;
     int keylen() const;
 
+    void set_channel_id(std::string channel_id);
+    const std::string & channel_id() const;
+
 private:
     // authmethod
     std::string m_authmethod;
@@ -65,6 +68,9 @@ class wamp_challenge
     std::string m_salt;
     int m_iterations;
     int m_keylen;
+
+    // if authmethod is "cryptosign"
+    std::string m_channel_id;
 };
 
 } // namespace autobahn

autobahn/wamp_challenge.ipp

@@ -48,6 +48,8 @@ inline const std::string & wamp_challenge::challenge() const { return m_challeng
 inline const std::string & wamp_challenge::salt() const { return m_salt; }
 inline int wamp_challenge::iterations() const { return m_iterations; }
 inline int wamp_challenge::keylen() const { return m_keylen; }
+inline void wamp_challenge::set_channel_id(std::string channel_id) { m_channel_id = std::move(channel_id); }
+inline const std::string & wamp_challenge::channel_id() const { return m_channel_id; }
 
 
 } // namespace autobahn

autobahn/wamp_session.hpp

@@ -130,7 +130,8 @@ class wamp_session :
     boost::future<uint64_t> join(
             const std::string& realm,
             const std::vector<std::string>& authmethods = std::vector<std::string>(),
-            const std::string& authid = "");
+            const std::string& authid = "",
+            const std::map<std::string, std::string>& authentication_extra = {});
 
     /*!
      * Leave the realm.

autobahn/wamp_session.ipp

@@ -140,7 +140,8 @@ inline boost::future<void> wamp_session::stop()
 inline boost::future<uint64_t> wamp_session::join(
         const std::string& realm,
         const std::vector<std::string>& authentication_methods,
-        const std::string& authentication_id)
+        const std::string& authentication_id,
+        const std::map<std::string, std::string>& authentication_extra)
 {
     msgpack::zone zone;
     std::unordered_map<std::string, msgpack::object> roles;
@@ -168,6 +169,14 @@ inline boost::future<uint64_t> wamp_session::join(
     details["authmethods"] = msgpack::object(authentication_methods, zone);
     details["authid"] = msgpack::object(authentication_id, zone);
 
+    if (!authentication_extra.empty()) {
+      std::unordered_map<std::string, msgpack::object> authextra;
+      for (auto const &a : authentication_extra) {
+        authextra[a.first] = msgpack::object(a.second, zone);
+      }
+      details["authextra"] = msgpack::object(authextra, zone);
+    }
+
     auto message = std::make_shared<wamp_message>(3, std::move(zone));
     message->set_field(0, static_cast<int>(message_type::HELLO));
     message->set_field(1, realm);
@@ -744,16 +753,52 @@ inline void wamp_session::process_challenge(wamp_message&& message)
                 std::cerr << "failed to parse challenge details" << std::endl;
             }
             throw protocol_error("wampcra authentication: Failed parse challange details");
-        };
+        }
     /////////////////////////////////////////
     // ticket authentication
     /////////////////////////////////////////
     } else if ( whatAuth == "ticket" ) {
         // make the challenge object
         challenge_object = wamp_challenge("ticket");
-    }
-    else {
-        throw protocol_error("not supported challenge type - can now only handle 'wampcra' and 'ticket'");
+    /////////////////////////////////////////
+    // cryptosign authentication
+    /////////////////////////////////////////
+    } else if (whatAuth == "cryptosign") {
+        if (!message.is_field_type(2, msgpack::type::MAP)) {
+            throw protocol_error("CHALLENGE - Details must be a dictionary");
+        }
+
+        std::string challenge, channel_id;
+        // parse the details, and fill variables above
+        try {
+            std::unordered_map<std::string, msgpack::object> details;
+            message.field(2).convert(details);
+            auto itr = details.find("challenge");
+            if (itr != details.end()) {
+                challenge = itr->second.as<std::string>();
+            } else {
+                throw protocol_error(
+                  "cryptosign must always introduce a challenge ( in details )");
+            }
+            itr = details.find("channel_id");
+            if (itr != details.end()) {
+                channel_id = itr->second.as<std::string>();
+            }
+
+            // make the challenge object
+            challenge_object = wamp_challenge("cryptosign", challenge);
+            if (!channel_id.empty()) {
+                challenge_object.set_channel_id(channel_id);
+            }
+        } catch (const std::exception &) {
+            if (m_debug_enabled) {
+                std::cerr << "failed to parse challenge details" << std::endl;
+            }
+            throw protocol_error("cryptosign authentication: Failed parse challenge details");
+        }
+    } else {
+        throw protocol_error("not supported challenge type - can now only handle "
+                             "'wampcra', 'ticket' and 'cryptosign'");
     }
 
     // I am not sure if this is neccesary. Looking at other

cmake/Modules/FindBotan2.cmake

@@ -0,0 +1,41 @@
+if(MSVC OR MINGW)
+    message(FATAL_ERROR "Using system Botan 2 library in Window not supported")
+endif()
+
+if(TARGET Botan2::Botan2)
+    message(STATUS "Target Botan::Botan already exists. Skipping searching")
+    return()
+endif()
+
+find_package(PkgConfig REQUIRED QUIET)
+find_package(PackageHandleStandardArgs REQUIRED QUIET)
+
+
+pkg_check_modules(Botan2
+        botan-2
+        )
+
+find_library(Botan2_FullLibraryPath
+        ${Botan2_LIBRARIES}
+        PATHS ${Botan2_LIBRARY_DIRS}
+        NO_DEFAULT_PATH
+        )
+
+find_package_handle_standard_args(Botan2
+        REQUIRED_VARS Botan2_LIBRARIES Botan2_INCLUDE_DIRS
+        VERSION_VAR Botan2_VERSION
+        )
+message("Botan2_INCLUDE_DIRS ${Botan2_INCLUDE_DIRS}")
+
+if(Botan2_FOUND)
+    if(NOT TARGET Botan2::Botan2)
+        add_library(Botan2::Botan2
+                UNKNOWN IMPORTED GLOBAL
+                )
+        set_target_properties(Botan2::Botan2 PROPERTIES
+                INTERFACE_INCLUDE_DIRECTORIES ${Botan2_INCLUDE_DIRS}
+                IMPORTED_LOCATION ${Botan2_FullLibraryPath}
+                LINK_FLAGS ${Botan2_LDFLAGS_OTHER}
+                )
+    endif()
+endif()

examples/CMakeLists.txt

@@ -1,4 +1,6 @@
-set(CMAKE_EXE_LINKER_FLAGS " -static")
+if (!APPLE)
+    set(CMAKE_EXE_LINKER_FLAGS " -static")
+endif()
 
 add_library(examples_parameters parameters.cpp parameters.hpp)
 target_include_directories(examples_parameters PUBLIC ${Boost_INCLUDE_DIRS})
@@ -17,6 +19,13 @@ make_example(publisher publisher.cpp)
 make_example(subscriber subscriber.cpp)
 make_example(wampcra wampcra.cpp)
 make_example(websocket_callee websocket_callee.cpp)
+make_example(cryptosign-openssl cryptosign-openssl.cpp)
+if (AUTOBAHN_BUILD_EXAMPLES_BOTAN)
+    find_package(Botan2 REQUIRED)
+    make_example(cryptosign-botan cryptosign-botan.cpp)
+    target_include_directories(cryptosign-botan PRIVATE ${BOTAN_INCLUDE_DIRS})
+    target_link_libraries(cryptosign-botan Botan2::Botan2)
+endif()
 
 if(UNIX)
     make_example(uds uds.cpp)

examples/cryptosign-botan.cpp

@@ -0,0 +1,183 @@
+///////////////////////////////////////////////////////////////////////////////
+//
+// Copyright (c) Crossbar.io Technologies GmbH and contributors
+//
+// Boost Software License - Version 1.0 - August 17th, 2003
+//
+// Permission is hereby granted, free of charge, to any person or organization
+// obtaining a copy of the software and accompanying documentation covered by
+// this license (the "Software") to use, reproduce, display, distribute,
+// execute, and transmit the Software, and to prepare derivative works of the
+// Software, and to permit third-parties to whom the Software is furnished to
+// do so, all subject to the following:
+//
+// The copyright notices in the Software and this entire statement, including
+// the above license grant, this restriction and the following disclaimer,
+// must be included in all copies of the Software, in whole or in part, and
+// all derivative works of the Software, unless such copies or derivative
+// works are solely in the form of machine-executable object code generated by
+// a source language processor.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+// SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+// FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#include "parameters.hpp"
+
+#include <botan/auto_rng.h>
+#include <botan/ecdsa.h>
+#include <botan/ec_group.h>
+#include <botan/pubkey.h>
+#include <botan/hex.h>
+#include <botan/ed25519.h>
+
+#include <autobahn/autobahn.hpp>
+#include <utility>
+#include <autobahn/wamp_websocketpp_websocket_transport.hpp>
+#include <websocketpp/config/asio_no_tls_client.hpp>
+#include <websocketpp/client.hpp>
+#include <boost/version.hpp>
+#include <iostream>
+#include <memory>
+#include <string>
+#include <tuple>
+
+void add2(autobahn::wamp_invocation invocation)
+{
+    auto a = invocation->argument<uint64_t>(0);
+    auto b = invocation->argument<uint64_t>(1);
+
+    std::cerr << "Procedure com.examples.calculator.add2 invoked: " << a << ", " << b << std::endl;
+
+    invocation->result(std::make_tuple(a + b));
+}
+
+class auth_wamp_session :
+    public autobahn::wamp_session
+{
+public:
+  boost::promise<autobahn::wamp_authenticate> challenge_future;
+  Botan::Ed25519_PrivateKey m_private_key;
+
+  auth_wamp_session(
+      boost::asio::io_service& io,
+      bool debug_enabled,
+      const Botan::secure_vector<uint8_t>& private_key) :
+        autobahn::wamp_session(io, debug_enabled),
+        m_private_key(private_key)
+  {
+  }
+
+  boost::future<autobahn::wamp_authenticate> on_challenge(const autobahn::wamp_challenge& challenge)
+  {
+    Botan::AutoSeeded_RNG rng;
+    Botan::PK_Signer signer(m_private_key, rng, "Pure");
+    signer.update(Botan::hex_decode(challenge.challenge()));
+    std::cerr << "responding to auth challenge: " << challenge.challenge() << std::endl;
+    std::string signature = Botan::hex_encode(signer.signature(rng));
+    challenge_future.set_value(autobahn::wamp_authenticate(signature + challenge.challenge()));
+    std::cerr << "signature: " << signature << std::endl;
+    return challenge_future.get_future();
+  }
+};
+
+typedef websocketpp::client<websocketpp::config::asio_client> client;
+
+int main(int argc, char** argv)
+{
+    std::cerr << "Boost: " << BOOST_VERSION << std::endl;
+    try {
+        auto parameters = get_parameters(argc, argv);
+
+        std::cerr << "Connecting to realm: " << parameters->realm() << std::endl;
+
+        boost::asio::io_service io;
+        bool debug = parameters->debug();
+
+        client ws_clinet;
+        ws_clinet.init_asio(&io);
+        auto transport = std::make_shared < autobahn::wamp_websocketpp_websocket_transport<websocketpp::config::asio_client> >(
+            ws_clinet, "ws://127.0.0.1:8080/ws", debug);
+
+        Botan::secure_vector<uint8_t> privateKey(32, 0);
+        auto session = std::make_shared<auth_wamp_session>(io, debug, privateKey);
+
+        // Create a thread to run the telemetry loop
+        transport->attach(std::static_pointer_cast<autobahn::wamp_transport_handler>(session));
+
+        // Make sure the continuation futures we use do not run out of scope prematurely.
+        // Since we are only using one thread here this can cause the io service to block
+        // as a future generated by a continuation will block waiting for its promise to be
+        // fulfilled when it goes out of scope. This would prevent the session from receiving
+        // responses from the router.
+        boost::future<void> connect_future;
+        boost::future<void> start_future;
+        boost::future<void> join_future;
+        boost::future<void> provide_future;
+
+        connect_future = transport->connect().then([&](boost::future<void> connected) {
+            try {
+                connected.get();
+            } catch (const std::exception& e) {
+                std::cerr << e.what() << std::endl;
+                io.stop();
+                return;
+            }
+
+            std::cerr << "transport connected" << std::endl;
+
+            start_future = session->start().then([&](boost::future<void> started) {
+                try {
+                    started.get();
+                } catch (const std::exception& e) {
+                    std::cerr << e.what() << std::endl;
+                    io.stop();
+                    return;
+                }
+
+                std::cerr << "session started" << std::endl;
+
+                std::vector<std::string> authmethods{"cryptosign"};
+                std::string pubkey{"3b6a27bcceb6a42d62a3a8d02a6f0d73653215771de243a63ac048a18b59da29"};
+                join_future = session->join(parameters->realm(), authmethods, "", {{"pubkey", pubkey}}).then([&](boost::future<uint64_t> joined) {
+                    try {
+                        std::cerr << "joined realm: " << joined.get() << std::endl;
+                    } catch (const std::exception& e) {
+                        std::cerr << e.what() << std::endl;
+                        io.stop();
+                        return;
+                    }
+
+                    provide_future = session->provide("com.examples.calculator.add2", &add2).then(
+                        [&](boost::future<autobahn::wamp_registration> registration) {
+                        try {
+                            std::cerr << "registered procedure:" << registration.get().id() << std::endl;
+                        } catch (const std::exception& e) {
+                            std::cerr << e.what() << std::endl;
+                            io.stop();
+                            return;
+                        }
+                    });
+                });
+            });
+        });
+
+        std::cerr << "starting io service" << std::endl;
+
+        io.run();
+
+        std::cerr << "stopped io service" << std::endl;
+    }
+    catch (const std::exception& e) {
+        std::cerr << "exception: " << e.what() << std::endl;
+        return -1;
+    }
+
+    return 0;
+}