catshadow

package module
v0.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2020 License: AGPL-3.0 Imports: 25 Imported by: 1

README 

.. image:: https://travis-ci.org/katzenpost/catshadow.svg?branch=master
  :target: https://travis-ci.org/katzenpost/catshadow

.. image:: https://godoc.org/github.com/katzenpost/catshadow?status.svg
  :target: https://godoc.org/github.com/katzenpost/catshadow


the catshadow client
====================

Catshadow is a mix network messaging system. This repository contains
a client library which can be used with a Katzenpost mix network. It
not only uses strong modern end to end encryption (Noise + Double
Ratchet), but it is also designed to reduce the amount of metadata
leaked onto the network.

This code is actively being developed and is intended
to be used with our Qt user interface, catchat:

* https://github.com/katzenpost/catchat


contact
=======

* IRC: irc.oftc.net #katzenpost <irc://irc.oftc.net/#katzenpost>
* Mailing List <https://lists.mixnetworks.org/listinfo/katzenpost>


disclaimer
==========

Katzenpost is still pre-alpha.  DO NOT DEPEND ON IT FOR STRONG SECURITY OR ANONYMITY.


testing
=======

optional docker tests
---------------------

To run the optional docker tests firstly, see our docker repo
and start your local dockerized mix network:

https://github.com/katzenpost/docker

A couple of minutes after startup run the tests like this:
::

   GORACE=history_size=7 go test -tags=docker_test -race -v -run Docker

This will run our docker based integration tests for the catshadow library.


design
======

It is my understanding that in terms of the analysis presented in this
blog post ( Brian Warner's **"Petmail mailbox-server delivery protocol"**
http://www.lothar.com/blog/53-petmail-delivery/ ),
the catshadow messaging system can be described as:

**S1, M0, R1, Rev0**

Here I rephrase the definitions of the above messaging system
properties: Catshadow clients can compare delivery tokens to determine
if they share contacts. However the message spool server cannot tell
which message came from which sender, not even that two messages came
from the same sender, nor can it determine how many senders might be
configured for each recipient. The recipient cannot use the transport
information to identify the sender. The recipient depends upon
information not visible to the mailbox server to identify the sender,
which means a legitimate (but annoying) sender could flood the server
without revealing which sender they are. Finally, the revocation
behavior is such that the recipient can revoke one or more senders
without involving the remaining senders.

Clients make use of a Sphinx SURB based protocol to retrieve messages
from their remote spool service. The mix network has several providers
which operate spool services which clients can interact with. The
spool service is in fact a seperate process which uses our CBOR/HTTP
over unix domain socket plugin system to communicate with the mix server.

Over time I plan on replacing the spool services with gradually more
sophisticated spool services until I finally have a replicating CRDT
based spool service which can help eliminate single points of failure
in this messaging system.

Clients make use of the PANDA protocol for exchanging spool identities
and the Signal Double Ratchet keys. That is, this messaging system creates
bidirectional metadata leakage resistant communications channels which
are composed with two unidirection channels. Each unidirectional channel
contains the required information to write to a correspondant's
remote message spool.

Katzenpost is a variant of the Loopix design and as such makes use of
the Poisson mix strategy and therefore must be properly tuned. Tuning
of the Poisson mix strategy has not been publicly solved yet but I
suspect the solution has something to do with a discrete network event
simulator and possibly some machine learning algorithms as
well. Perhaps we all should consider the tuning of this mixnet
messaging system as half of its design.

Another unfinished design area is: The Catshadow client periodically
polls the client's remote message spool where the intervals between
polling are the result of a Poisson process. Currently, tuning this
Poisson procress is left unfinished, however, I can state that the
goal in tuning this would be to reduce vulnerability to a long term
statistical disclosure attack where the passive adversary or
compromised Provider tries to link clients with their spool
service.


**"The Loopix Anonymity System"**:

https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-piotrowska.pdf


the longer design overview
--------------------------

The design of this messaging is not yet fully specified but is
partially specified in these specification documents:

* https://github.com/katzenpost/docs/blob/master/drafts/client.rst
* https://github.com/katzenpost/docs/blob/master/drafts/deaddrop.rst
* https://github.com/katzenpost/docs/blob/master/drafts/decoy_traffic.rst
* https://github.com/katzenpost/docs/blob/master/drafts/panda.txt

Whereas all those specifications assume the existence of the core
Katzenpost specifications here which mostly covers the design of
the server infrastructure:

* https://github.com/katzenpost/docs/blob/master/specs/mixnet.rst
* https://github.com/katzenpost/docs/blob/master/specs/wire-protocol.rst
* https://github.com/katzenpost/docs/blob/master/specs/kaetzchen.rst
* https://github.com/katzenpost/docs/blob/master/specs/sphinx_replay_detection.rst
* https://github.com/katzenpost/docs/blob/master/specs/sphinx.rst
* https://github.com/katzenpost/docs/blob/master/specs/end_to_end.rst
* https://github.com/katzenpost/docs/blob/master/specs/pki.rst
* https://github.com/katzenpost/docs/blob/master/specs/certificate.rst

There is an older copy of our core Katzenpost specifications rendered
in Latex if you prefer to read it that way:
https://panoramix-project.eu/wp-content/uploads/2019/03/D7.2.pdf


code organization
=================

This repository contains a small amount of high level client
code. This client depends on lots of code in other Katzenpost
repositories including my fork of agl's PANDA and agl's Signal Double
Ratchet:

* https://github.com/katzenpost/doubleratchet
* https://github.com/katzenpost/panda
* https://github.com/katzenpost/channels
* https://github.com/katzenpost/memspool
* https://github.com/katzenpost/client
* https://github.com/katzenpost/minclient
* https://github.com/katzenpost/core


license
=======

AGPL: see LICENSE file for details.


acknowledgments
===============

* I would like to thank Leif Ryge for feedback during the design of this
  client and many of its protocols.

* I would like to also thank Adam Langely for writing [Pond](https://github.com/agl/pond)
  which has very obviously inspired a few of our design choices and has provided some
  code that we use such as the PANDA cryptographic protocol and the Signal Double Ratchet.


supported by
============

The development of the Catshadow Katzenpost client has been supported by the Samsung Next Stack Zero grant.
See **Announcing the Samsung NEXT Stack Zero Grant recipients**.

https://samsungnext.com/whats-next/category/podcasts/decentralization-samsung-next-stack-zero-grant-recipients/

Documentation

Index

Constants

View Source 
const (
	// DoubleRatchetPayloadLength is the length of the payload encrypted by the ratchet.
	DoubleRatchetPayloadLength = common.SpoolPayloadLength - ratchet.DoubleRatchetOverhead

	// MessageExpirationDuration is the duration of time after which messages will be removed.
	MessageExpirationDuration = 168 * time.Hour

	// MessageIDLen is the length of our message IDs which are used the keys in a map
	// to reference individual messages of a conversation.
	MessageIDLen = 4

	// GarbageCollectionInterval is the time interval between garbage collecting
	// old messages.
	GarbageCollectionInterval = 120 * time.Minute
)
View Source 
const ReadInboxLambdaPDivisor = 4

ReadInboxLambdaPDivisor is used to divide our LambdaP parameter to determine our new lambda parameter for our poisson process which is used in selecting time intervals between attempting to retreive messages from our remote Provider.

Variables

This section is empty.

Functions

func LoadStateWriter 

func LoadStateWriter(log *logging.Logger, stateFile string, passphrase []byte) (*StateWriter, *State, error)

LoadStateWriter decrypts the given stateFile and returns the State as well as a new StateWriter.

func NewContactExchangeBytes 

func NewContactExchangeBytes(spoolWriteDescriptor *memspoolClient.SpoolWriteDescriptor, signedKeyExchange *ratchet.SignedKeyExchange) ([]byte, error)

NewContactExchangeBytes returns serialized contact exchange information.

Types

type Client 

type Client struct {
	worker.Worker

	EventSink chan interface{}
	// contains filtered or unexported fields
}

Client is the mixnet client which interacts with other clients and services on the network.

func New 

func New(logBackend *log.Backend, mixnetClient *client.Client, stateWorker *StateWriter, state *State) (*Client, error)

New creates a new Client instance given a mixnetClient, stateWorker and state. This constructor is used to load the previously saved state of a Client.

func NewClientAndRemoteSpool 

func NewClientAndRemoteSpool(logBackend *log.Backend, mixnetClient *client.Client, stateWorker *StateWriter, user string, linkKey *ecdh.PrivateKey) (*Client, error)

NewClientAndRemoteSpool creates a new Client and creates a new remote spool for collecting messages destined to this Client. The Client is associated with this remote spool and this state is preserved in the encrypted statefile, of course. This constructor of Client is used when creating a new Client as opposed to loading the previously saved state for an existing Client.

func (*Client) CreateRemoteSpool 

func (c *Client) CreateRemoteSpool() error

CreateRemoteSpool creates a remote spool for collecting messages destined to this Client. This method blocks until the reply from the remote spool service is received or the round trip timeout is reached.

func (*Client) GetAllConversations added in v0.0.3 

func (c *Client) GetAllConversations() map[string]map[MessageID]*Message

func (*Client) GetContacts added in v0.0.3 

func (c *Client) GetContacts() map[string]*Contact

XXX do we even need this method?

func (*Client) GetConversation added in v0.0.3 

func (c *Client) GetConversation(nickname string) map[MessageID]*Message

func (*Client) NewContact 

func (c *Client) NewContact(nickname string, sharedSecret []byte)

NewContact adds a new contact to the Client's state. This starts the PANDA protocol instance for this contact where intermediate states will be preserved in the encrypted statefile such that progress on the PANDA key exchange can be continued at a later time after program shutdown or restart.

func (*Client) RemoveContact 

func (c *Client) RemoveContact(nickname string)

RemoveContact removes a contact from the Client's state.

func (*Client) SendMessage 

func (c *Client) SendMessage(nickname string, message []byte) MessageID

SendMessage sends a message to the Client contact with the given nickname.

func (*Client) Shutdown 

func (c *Client) Shutdown()

Shutdown shuts down the client.

func (*Client) Start 

func (c *Client) Start()

Start starts the client worker goroutine and the read-inbox worker goroutine.

type Contact 

type Contact struct {

	// Nickname is also unique locally.
	Nickname string

	// IsPending is true if the key exchange has not been completed.
	IsPending bool
	// contains filtered or unexported fields
}

Contact is a communications contact that we have bidirectional communication with.

func NewContact 

func NewContact(nickname string, id uint64, spoolReadDescriptor *memspoolClient.SpoolReadDescriptor, session *client.Session) (*Contact, error)

NewContact creates a new Contact or returns an error.

func (*Contact) Destroy added in v0.0.4 

func (c *Contact) Destroy()

func (*Contact) ID 

func (c *Contact) ID() uint64

ID returns the Contact ID.

func (*Contact) MarshalBinary 

func (c *Contact) MarshalBinary() ([]byte, error)

MarshalBinary does what you expect and returns a serialized Contact.

func (*Contact) UnmarshalBinary 

func (c *Contact) UnmarshalBinary(data []byte) error

UnmarshalBinary does what you expect and initializes the given Contact with deserialized Contact fields from the given binary blob.

type KeyExchangeCompletedEvent added in v0.0.3 

type KeyExchangeCompletedEvent struct {
	// Nickname is the nickname of the contact with whom our key
	// exchange has been completed.
	Nickname string
	// Err is a key exchange error or is set to nil on success.
	Err error
}

KeyExchangeCompletedEvent is an event signaling the completion of a key exchange or failure if Err is non-nil.

type Message 

type Message struct {
	Plaintext []byte
	Timestamp time.Time
	Outbound  bool
}

Message encapsulates message that is sent or received.

type MessageDeliveredEvent added in v0.0.3 

type MessageDeliveredEvent struct {
	// Nickname is the nickname of the recipient of our delivered message.
	Nickname string

	// MessageID is the key in the conversation map referencing a specific message.
	MessageID MessageID
}

MessageDeliveredEvent is an event signaling that the message has been delivered to the remote spool.

type MessageID added in v0.0.3 

type MessageID [MessageIDLen]byte

type MessageReceivedEvent added in v0.0.3 

type MessageReceivedEvent struct {
	// Nickname is the nickname from whom we received a message.
	Nickname string
	// Message is the message content which was received.
	Message []byte
	// Timestamp is the time the message was received.
	Timestamp time.Time
}

MessageReceivedEvent is the event signaling that a message was received.

type MessageSentEvent added in v0.0.3 

type MessageSentEvent struct {
	// Nickname is the nickname of the recipient of our delivered message.
	Nickname string

	// MessageID is the key in the conversation map referencing a specific message.
	MessageID MessageID
}

MessageSentEvent is an event signaling that the message was sent.

type SentMessageDescriptor added in v0.0.3 

type SentMessageDescriptor struct {
	// Nickname is the contact nickname to whom a message was sent.
	Nickname string

	// MessageID is the key in the conversation map referencing a specific message.
	MessageID MessageID
}

type State 

type State struct {
	SpoolReadDescriptor *client.SpoolReadDescriptor
	Contacts            []*Contact
	User                string
	Provider            string
	LinkKey             *ecdh.PrivateKey
	Conversations       map[string]map[MessageID]*Message
}

State is the struct type representing the Client's state which is encrypted and persisted to disk.

type StateWriter 

type StateWriter struct {
	worker.Worker
	// contains filtered or unexported fields
}

StateWriter takes ownership of the Client's encrypted statefile and has a worker goroutine which writes updates to disk.

func NewStateWriter 

func NewStateWriter(log *logging.Logger, stateFile string, passphrase []byte) (*StateWriter, error)

NewStateWriter is a constructor for StateWriter which is to be used when creating the statefile for the first time.

func (*StateWriter) Start 

func (w *StateWriter) Start()

Start starts the StateWriter's worker goroutine.

Source Files

View all Source files

Directories

Path Synopsis
Package config implements the configuration for catshadow.
 Package config implements the configuration for catshadow.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.