search

ssbc / ssb-server

The gossip and replication server for Secure Scuttlebutt - a distributed social network
1.68k stars 164 forks source link

Error on Client Authenticate Step #741

Open adchristodoulou opened 3 years ago

adchristodoulou commented 3 years ago

https://ssbc.github.io/scuttlebutt-protocol-guide/

I'm following the above documentation and implementing SSB in PHP. I've managed to get the client and server hello working using an ssb-room set up on DigitalOcean.

But when I get to step 3 (client authenticate), I'm sending 112 bytes (which I'm verifying), however the logs on my ssb-room docker container give me the below error, and the server sends back 0 bytes. The room itself is working because I'm getting the correct response back from the hello step. Is there any way I can turn on more verbose logging to see if I can debug this?

server error, from net:82.5.113.240:56619~shs: Error: stream ended with:64 but wanted:112 at drain (/home/node/.npm-global/lib/node_modules/ssb-room/node_modules/pull-reader/index.js:43:26) at /home/node/.npm-global/lib/node_modules/ssb-room/node_modules/pull-reader/index.js:63:18 at /home/node/.npm-global/lib/node_modules/ssb-room/node_modules/pull-reader/index.js:20:7 at drain (/home/node/.npm-global/lib/node_modules/ssb-room/node_modules/stream-to-pull-stream/index.js:126:18) at Socket.<anonymous> (/home/node/.npm-global/lib/node_modules/ssb-room/node_modules/stream-to-pull-stream/index.js:147:5) at Socket.emit (events.js:203:15) at TCP._handle.close (net.js:606:12)

`if (($sock = \socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) === false) { echo "socket_create() failed: reason: " . socket_strerror(socket_last_error()) . "\n"; }

        if (socket_connect($sock, $ipAddress, $port) === false) {
            echo "socket_connect() failed: reason: " . socket_strerror(socket_last_error($sock)) . "\n";
        }

        // dd(strlen($this->networkSecretKey), $this->networkSecretKey, strlen($this->networkSecretKey2), $this->networkSecretKey2, strlen($this->networkKeyPair), $this->networkKeyPair, strlen($this->networkPublicKey), $this->networkPublicKey);
        // $signature = \Sodium\crypto_auth($this->ephemeral['public_key'], $this->networkSecretKey);
        if ($package = \Sodium\crypto_auth($this->ephemeral['public_key'], $this->networkSecretKey)) {
            echo 'OK', PHP_EOL;
        } else {
            throw new Exception('Invalid signature');
        }

        // dd(\Sodium\crypto_auth_verify($signature, $this->ephemeral['public_key'], $this->networkSecretKey));

        $send = $package.$this->ephemeral['public_key'];

        // dd(strlen($send), $send);
        $bytes = socket_write($sock, $send, strlen($send));

        echo "Wrote $bytes bytes on first send";

        $buf = 'This is my buffer.';
        if (false !== ($bytes = socket_recv($sock, $buf, 2048, MSG_WAITALL))) {
            echo "Read $bytes bytes from socket_recv(). Closing socket...";
        } else {
            echo "socket_recv() failed; reason: " . socket_strerror(socket_last_error($sock)) . "\n";
        }

        $server_hmac = substr($buf, 0, 32);
        $server_ephemeral_pk = substr($buf, 32, 32);

        // dd(strlen($buf), $buf);

        // dd(\Sodium\crypto_auth_verify($server_hmac, $server_ephemeral_pk, $this->networkSecretKey));

        $curveKey         = sodium_crypto_sign_ed25519_pk_to_curve25519($publicKey);
        $curveMyKey       = sodium_crypto_sign_ed25519_sk_to_curve25519($this->mySecretKey);
        $shared_secret_ab = sodium_crypto_scalarmult($this->ephemeral['secret_key_32'], $server_ephemeral_pk);
        $shared_secret_aB = sodium_crypto_scalarmult($this->ephemeral['secret_key_32'], $curveKey);
        $shared_secret_Ab = sodium_crypto_scalarmult($curveMyKey, $server_ephemeral_pk);

        $detatchedSignatureA = $this->generateDetatchedSignatureA($this->networkSecretKey, $publicKey, hash('sha256', $shared_secret_ab));

        $secretBox = sodium_crypto_box(
            $detatchedSignatureA.$this->myPublicKey, 
            '000000000000000000000000', 
            hash('sha256', $this->networkSecretKey.$shared_secret_ab.$shared_secret_aB)
        );

        // dd(strlen($secretBox), $secretBox);

        $bytes = socket_write($sock, $secretBox);

        echo "Wrote $bytes bytes on second send";

        $buf = 'This is my buffer.';
        if (false !== ($bytes = socket_recv($sock, $buf, 2048, MSG_WAITALL))) {
            echo "Read $bytes bytes from socket_recv(). Closing socket...";
        } else {
            echo "socket_recv() failed; reason: " . socket_strerror(socket_last_error($sock)) . "\n";
        }

        dd($buf);`
clehner commented 3 years ago

Hi @useaquestion, Nice progress on that. That connection rejection looks like #734. That issue is fixed in ssb-server v15.3.0 - not yet in v16. Does that work?

adchristodoulou commented 3 years ago

https://github.com/staltz/ssb-room/issues/21

I'm running an ssb-room through staltz's script. The one-click installer didn't work so I followed the manual instructions, and it appears to work on the front end - i.e. when you visit the IP address directly - http://143.110.168.14/

I'm not sure how to check, upgrade or downgrade my version on ssb-room. Is there documentation on this, or should I try with a different package on a fresh DigitalOcean install?

adchristodoulou commented 3 years ago

I tried to install SSB Server manually on a new Ubuntu 20.04 box, following the instructions. It worked fine until the npm install ssb-server line, at which point I got the below. I'll try on Debian 9. 

root@ssb-server:~# nvm install 10
Downloading and installing node v10.23.0...
Downloading https://nodejs.org/dist/v10.23.0/node-v10.23.0-linux-x64.tar.xz...
######################################################################### 100.0%
Computing checksum with sha256sum
Checksums matched!
Now using node v10.23.0 (npm v6.14.8)
Creating default alias: default -> 10 (-> v10.23.0)
root@ssb-server:~# nvm alias default 10
default -> 10 (-> v10.23.0)
root@ssb-server:~# npm install -g ssb-server
/root/.nvm/versions/node/v10.23.0/bin/sbot -> /root/.nvm/versions/node/v10.23.0/                                                                                                                               lib/node_modules/ssb-server/bin.js
/root/.nvm/versions/node/v10.23.0/bin/ssb-server -> /root/.nvm/versions/node/v10                                                                                                                               .23.0/lib/node_modules/ssb-server/bin.js

> sodium-native@3.2.0 install /root/.nvm/versions/node/v10.23.0/lib/node_modules                                                                                                                               /ssb-server/node_modules/sodium-native
> node-gyp-build "node preinstall.js" "node postinstall.js"

sh: 1: node-gyp-build: Permission denied

> leveldown@5.6.0 install /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb                                                                                                                               -server/node_modules/leveldown
> node-gyp-build

sh: 1: node-gyp-build: Permission denied
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: sodium-native@3.2.0 (node_module                                                                                                                               s/ssb-server/node_modules/sodium-native):
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: sodium-native@3.2.0 install: `no                                                                                                                               de-gyp-build "node preinstall.js" "node postinstall.js"`
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: spawn ENOENT

npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! leveldown@5.6.0 install: `node-gyp-build`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the leveldown@5.6.0 install script.
npm ERR! This is probably not a problem with npm. There is likely additional log                                                                                                                               ging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2020-11-10T19_47_24_294Z-debug.log
adchristodoulou commented 3 years ago

I'm installing ssb-server using the manual instructions on this repo's README.md on Debian 10. Couple of minor points, curl and npm aren't installed by default, so a line to install them first would probably be a good idea.

Turns out it's the same error:

root@ssb-server:~# nvm install 10
Downloading and installing node v10.23.0...
Downloading https://nodejs.org/dist/v10.23.0/node-v10.23.0-linux-x64.tar.xz...
######################################################################### 100.0%
Computing checksum with sha256sum
Checksums matched!
nvm alias default 10Now using node v10.23.0 (npm v6.14.8)
Creating default alias: default -> 10 (-> v10.23.0)
root@ssb-server:~# nvm alias default 10
default -> 10 (-> v10.23.0)
root@ssb-server:~# npm install -g ssb-server
/root/.nvm/versions/node/v10.23.0/bin/sbot -> /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/bin.js
/root/.nvm/versions/node/v10.23.0/bin/ssb-server -> /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/bin.js

> sodium-native@3.2.0 install /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/node_modules/sodium-native
> node-gyp-build "node preinstall.js" "node postinstall.js"

sh: 1: node-gyp-build: Permission denied

> leveldown@5.6.0 install /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/node_modules/leveldown
> node-gyp-build

sh: 1: node-gyp-build: Permission denied
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: sodium-native@3.2.0 (node_modules/ssb-server/node_modules/sodium-native):
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: sodium-native@3.2.0 install: `node-gyp-build "node preinstall.js" "node postinstall.js"`
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: spawn ENOENT

npm ERR! code ELIFECYCLE
npm ERR! syscall spawn
npm ERR! file sh
npm ERR! errno ENOENT
npm ERR! leveldown@5.6.0 install: `node-gyp-build`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the leveldown@5.6.0 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2020-11-10T21_40_26_650Z-debug.log
adchristodoulou commented 3 years ago

Having investigated a bit further, this seems to be because I'm using the root user to run the npm install command. An unrelated thread led me to use the below command, which worked:

root@ssb-server:~# npm install -g ssb-server --unsafe-perm
/root/.nvm/versions/node/v10.23.0/bin/sbot -> /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/bin.js
/root/.nvm/versions/node/v10.23.0/bin/ssb-server -> /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/bin.js

> sodium-native@3.2.0 install /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/node_modules/sodium-native
> node-gyp-build "node preinstall.js" "node postinstall.js"

> leveldown@5.6.0 install /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/node_modules/leveldown
> node-gyp-build

> level@5.0.1 postinstall /root/.nvm/versions/node/v10.23.0/lib/node_modules/ssb-server/node_modules/level
> opencollective-postinstall || exit 0

Thank you for using level!
If you rely on this package, please consider supporting our open collective:
> https://opencollective.com/level/donate

+ ssb-server@15.3.0
added 791 packages from 281 contributors in 20.901s
adchristodoulou commented 3 years ago

I now have an ssb-server v15.3.0 running, and connected to that using my PHP script. I get the same error - both client hello and server hello work, then I get nothing back from my client authenticate step. I'm not quite sure how to read the logs from the ssb-server, so I can't attach that directly.

clehner commented 3 years ago

@useaquestion sounds like it may be a problem with your secret-handshake implementation. Are you able to connect from the same key using the sbot command? (or sbotc or go sbotcli)

Edit: maybe it has to do with that SHS uses crypto_secretbox_easy but we don't have that in PHP.

adchristodoulou commented 3 years ago

Yes, connecting to the same pub works, I'm just trying to see where the logs are stored so that I can debug further. I am noticing that documentation can be a bit everywhere - is there a central location where it's all being stored and compiled?

stale[bot] commented 3 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?