On Wednesday 24 Jul 2013 20:20:57 Nitesh Bharadwaj wrote: > Improvements from previous update: > > 1) Improved and a stable UI for mobile application > 2) A dedicated TCP server on a different port on home node instead of using > fproxy for handling connection to mobiles (on the lines of > SimpleToadletServer) > 3) This server issues a self-signed SSL certificate > 4) A signed MDNS service using ECDSA (modification on MDNS discovery > plugin) broadcasts this server > MDNS packet contains EC signature(homenode name,port,SPKI-hash of server > certificate) and EC public key to verify this signature > 5) Mobile app identifies this service on home LAN, tries to establish SSL > connection with the server and pulls the node reference > 6) Mobile App can connect to another such app via WiFi Direct (WPA using > Push Button Authentication) > > > More Details + Some Problems Faced: > > For #1 UI > Simple UI on a dark background to allow only basic functionality, all > handled by touch buttons only (no savvy stuff) > Divided the screen into two fragments, Upper fragment displays messages and > lower fragment is used to interact with user
There is a related issue with naming, I will post separately. > > For #2 TCP Server > Tried to extend SimpleToadletServer.java to make another server on > different port but it was heavily linked to FProxy and any extension > required rewriting most of the code. So, I started from scratch and > generously copy-pasted required code from SimpleToadletServer. That's fine. NetworkInterface does most of the low-level work anyway. > > For#3 SSL Authentication > I couldn't get the SSL.java in freenet.crypt folder to work. I was getting > all kinds of errors and exceptions.. http://pastebin.com/ZmJwdwMB for > example > To save time, I discarded SSL.java and used a latest SSL implementation > from bouncy castle. A new class BCSSLNetworkInterface extends > freenet.io,NetworkInterface > and essentially does the same work as SSLNetworkInterface. So #2 server > utilizes this BCSSLNetworkInterface to create ServerSockets Nice! The current code is rather flaky and hard to set up and uses some undocumented Sun API's, so using the BC code is a definite improvement, assuming nextgens is happy. We should use this for fproxy SSL support too. > > This is only a one way server authentication. Client (mobile app isn't > authenticated). > Client could be authenticated in a way when the user manually verifies the > received node references on the homenode (by a button click) > after they synchronize Right, this is what we agreed with nextgens. Authenticating the client is useful if it's easy to implement and has zero effect on user interface, but it shouldn't be relied on for security, because the phone may be compromised. > > For #4 MDNS Broadcast: > ECDSA implementation is from Bouncy Castle > The SPKI (public key) is extracted from the self signed certificate from #3 > BC-SSL-TCP server and its SHA1 hash is added to the broadcast Please use SHA256 not SHA1. SHA1 is looking rather weak. > > For #5 MDNS Reception on mobile app > Once mobile app verifies the signature, it extracts SPKI hash from MDNS > packet. In the process of SSL Handshake with the server, it verifies the > obtained certificate by comparing the two SHA1 hashes. Once a secure > connection is established, it pulls the home node reference. A modified > version of Moxie's Android Pinning library is used to authenticate using > SPKI ..https://github.com/moxie0/AndroidPinning > > For #6 WiFi Direct Connection between two apps > Used the example provided in android SDK as the base to establish Wi-Fi > Direct Connection > http://developer.android.com/guide/topics/connectivity/wifip2p.html#discovering > > Work to be done: > > Minor: > 1) Extend support to USB tethered and bluetooth connections with home node > on the mobile. > Requires no change on home node code as the server is on 0.0.0.0 > However, on the mobile, listening multicast on 0.0.0.0 is disallowed to > save battery and so we are listening only multicast *wifi* packets > presently. So, I need to add callbacks to discover newly tethered networks > and start listening on them > 2) Add option on the home TCP server to accept new node references from > the mobile and display them for user verification > > Major: > Add other methods for reference exchange between apps apart from WiFI Direct > 1) QR based exchange > 2) Bluetooth based > 3) Wifi Hotspot on one mobile with normal wifi on other mobile > More discussion is necessary in this respect So far looks good. What about using NFC, BT or QR for channel setup, but then exchange the data over wifi? (Especially in the QR case - we may have a lot of data to transfer with some forms of invites, QR is not going to be both reliable and convenient). Wifi is long range, it's good to use something short range for the initial setup? Laptop to laptop is another use case that should be easy - can they react to each other's broadcasts? Also IIRC nextgens was keen on using the sharing API so you could use e.g. email etc... > > Also, I've realized that next step in this project would be to support > invites IMHO we're not asking you to implement invites, at least not until everything else is perfect. But in future we will want to change it to support invites, and FOAF references and so on; FOAF references basically just means carrying more data, invites may mean we need some sort of one-time tokens to get temporary connections, issued when syncing up with the home node... > > I plan to complete the minor works this week so that a basic level > functionality is achieved i.e. Two people with *high end* mobiles having > this daeknet app should be able to exchange nodereferences and sync them up > back home How high end? For example, a low-to-mid-range smartphone like the Galaxy Ace has wifi (I'm not sure if this includes wifi direct), bluetooth, and a camera - that's enough isn't it? Granted to save battery you might need to explicitly start the app when syncing up with the home node? > > The corresponding code: > Modified Fred: https://github.com/NiteshBharadwaj/fred-staging/tree/next/src > Modified MDNS DIscovery: > https://github.com/NiteshBharadwaj/plugin-MDNSDiscovery-official > The app: > https://github.com/NiteshBharadwaj/Freenet/tree/master/src/freenet/darknetconnector/FProxyConnector Haven't looked at this yet but hope nextgens has.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
