freezeout-core 0.2.0

Freezeout Poker core types.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189

// Copyright (C) 2025  Vince Vasta.
// SPDX-License-Identifier: Apache-2.0

//! TLS and Noise protocol encrypted WebSocket connection types.
use anyhow::{Result, anyhow, bail};
use bytes::BytesMut;
use futures_util::{SinkExt, StreamExt};
use snow::{TransportState, params::NoiseParams};
use std::sync::LazyLock;
use tokio::{
    io::{AsyncRead, AsyncWrite},
    net::TcpStream,
};
use tokio_tungstenite::{
    self as websocket, MaybeTlsStream, WebSocketStream,
    tungstenite::{Message as WsMessage, protocol::WebSocketConfig},
};

use crate::message::SignedMessage;

static NOISE_PARAMS: LazyLock<NoiseParams> =
    LazyLock::new(|| "Noise_NN_25519_ChaChaPoly_BLAKE2s".parse().unwrap());

/// Maximum message length.
const MAX_MSG_LEN: usize = 16384;

/// The client connection type.
pub type ClientConnection = EncryptedConnection<MaybeTlsStream<TcpStream>>;

/// A noise protocol encrypted WebSocket connection for [SignedMessage].
pub struct EncryptedConnection<S> {
    stream: WebSocketStream<S>,
    transport: TransportState,
}

impl<S> EncryptedConnection<S>
where
    S: AsyncRead + AsyncWrite + Unpin,
{
    /// Sends a [SignedMessage].
    pub async fn send(&mut self, msg: &SignedMessage) -> Result<()> {
        let mut buf = BytesMut::zeroed(MAX_MSG_LEN);
        let len = self.transport.write_message(&msg.serialize(), &mut buf)?;
        self.stream
            .send(WsMessage::binary(buf.freeze().slice(..len)))
            .await?;
        Ok(())
    }

    /// Waits for a [SignedMessage].
    pub async fn recv(&mut self) -> Option<Result<SignedMessage>> {
        let mut buf = [0u8; MAX_MSG_LEN];
        loop {
            match self.stream.next().await {
                Some(Ok(WsMessage::Binary(payload))) => {
                    break Some(
                        self.transport
                            .read_message(&payload, &mut buf)
                            .map_err(anyhow::Error::from)
                            .and_then(|len| SignedMessage::deserialize_and_verify(&buf[..len])),
                    );
                }
                Some(Ok(_)) => continue,
                Some(Err(e)) => break Some(Err(anyhow!("Connection error: {e}"))),
                None => break None,
            }
        }
    }

    /// Closes this connection.
    pub async fn close(&mut self) {
        let _ = self.stream.close(None).await;
    }
}

/// Creates an [EncryptedConnection] from a server stream.
pub async fn accept_async<S>(stream: S) -> Result<EncryptedConnection<S>>
where
    S: AsyncRead + AsyncWrite + Unpin,
{
    let config = WebSocketConfig::default().max_message_size(Some(MAX_MSG_LEN));
    let mut stream = websocket::accept_async_with_config(stream, Some(config)).await?;

    // Start Noise protocol handshake with the client.
    let mut noise = snow::Builder::new(NOISE_PARAMS.clone()).build_responder()?;
    let mut buf = BytesMut::zeroed(MAX_MSG_LEN);

    // <- e
    match stream.next().await {
        Some(Ok(WsMessage::Binary(payload))) => {
            noise
                .read_message(&payload, &mut buf)
                .map_err(|e| anyhow!("Responder Noise handshake invalid message {e}"))?;
        }
        Some(Ok(_)) => {
            bail!("Responder Noise handshake failed non binary stream");
        }
        Some(Err(e)) => bail!("Responder Noise handshake failed {e}"),
        None => bail!("Responder Noise handshake failed stream closed"),
    };

    // -> e, ee
    let len = noise.write_message(&[], &mut buf)?;
    stream
        .send(WsMessage::binary(buf.freeze().slice(..len)))
        .await?;

    let transport = noise.into_transport_mode()?;

    Ok(EncryptedConnection { stream, transport })
}

/// Connects to a server and returns an [EncryptedConnection] if successful.
pub async fn connect_async(url: &str) -> Result<ClientConnection> {
    let config = WebSocketConfig::default().max_message_size(Some(MAX_MSG_LEN));
    let (mut stream, _) = websocket::connect_async_with_config(url, Some(config), false).await?;

    // Start Noise protocol handshake.
    let mut noise = snow::Builder::new(NOISE_PARAMS.clone()).build_initiator()?;

    // -> e
    let mut buf = BytesMut::zeroed(MAX_MSG_LEN);
    let len = noise.write_message(&[], &mut buf)?;
    stream
        .send(WsMessage::binary(buf.freeze().slice(..len)))
        .await?;

    // <- e, ee
    match stream.next().await {
        Some(Ok(WsMessage::Binary(payload))) => {
            let mut buf = BytesMut::zeroed(MAX_MSG_LEN);
            noise
                .read_message(&payload, &mut buf)
                .map_err(|e| anyhow!("Initiator Noise handshake invalid message {e}"))?;
        }
        Some(Ok(_)) => {
            bail!("Initiator Noise handshake failed non binary stream");
        }
        Some(Err(e)) => bail!("Initiator Noise handshake failed {e}"),
        None => bail!("Initiator Noise handshake failed stream closed"),
    };

    let transport = noise.into_transport_mode()?;
    Ok(EncryptedConnection { stream, transport })
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::{crypto::SigningKey, message::Message};
    use tokio::net::TcpListener;

    #[tokio::test]
    async fn encrypted_websocket_connection() {
        let addr = "127.0.0.1:12345";

        let (tx, rx) = tokio::sync::oneshot::channel();

        let listener = TcpListener::bind(addr).await.unwrap();
        tokio::spawn(async move {
            let (stream, _) = listener.accept().await.unwrap();
            let mut con = accept_async(stream).await.unwrap();

            let msg = con.recv().await.unwrap().unwrap();
            assert!(matches!(msg.message(), Message::JoinServer { nickname} if nickname == "Bob"));

            let msg = con.recv().await.unwrap().unwrap();
            assert!(matches!(msg.message(), Message::JoinTable));

            tx.send(()).unwrap();
        });

        let url = format!("ws://{addr}");
        let mut con = connect_async(&url).await.unwrap();
        let keypair = SigningKey::default();
        let msg = SignedMessage::new(
            &keypair,
            Message::JoinServer {
                nickname: "Bob".to_string(),
            },
        );
        con.send(&msg).await.unwrap();

        let msg = SignedMessage::new(&keypair, Message::JoinTable);
        con.send(&msg).await.unwrap();

        rx.await.unwrap();
    }
}