feat(v2): use a separately generated pairing secret as the handshake auth key#36
Open
o1x3 wants to merge 1 commit into
Open
feat(v2): use a separately generated pairing secret as the handshake auth key#36o1x3 wants to merge 1 commit into
o1x3 wants to merge 1 commit into
Conversation
The v2 handshake auth key was the session password, which the relay
also holds. An active relay could swap pubkeys in client_hello /
server_hello and forge matching auth tags on both legs.
This change adds a 32-byte pairing secret generated on the CLI and put
in the QR alongside the assemble code. Both peers use the pairing
secret as sessionSecret. The manager and proxy never see it.
CLI:
- Generates pairingSecret per session and persists it in the saved
session config so reattach after CLI restart still works.
- QR payload goes from a bare code to
lunel://connect?code=<code>&ps=<pairingSecret>. The URL form already
parses on the app side.
- V2SessionTransport now gets sessionSecret = pairingSecret ?? password.
The password fallback covers legacy QR payloads and pre-upgrade saved
sessions.
App:
- parseConnectPayload returns { code, pairingSecret } and extracts the
ps query param.
- pairingSecretRef threads the value into V2SessionTransport.
- PairedSession persists pairingSecret in SecureStore so resumeSession
restores it.
Backward compat: legacy CLIs emit bare codes; the parser returns
pairingSecret = null and the app falls back to wsPassword. Legacy saved
sessions on either side missing pairingSecret also fall back to the
password.
Forward compat: a new CLI paired with a pre-upgrade app will fail the
handshake because the app uses the password while the CLI uses the
pairing secret. The app needs to ship with this change in lockstep with
the CLI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #34.
The v2 handshake auth key was the session password, which the relay also holds. An active relay could swap pubkeys in
client_hello/server_helloand forge matching auth tags on both legs. This PR adds a 32-byte pairing secret that the CLI generates locally and puts in the QR. The manager and proxy never see it.What changes
CLI:
lunel://connect?code=<code>&ps=<pairingSecret>. The URL form already parses on the app side.sessionSecret = pairingSecret ?? password. The password fallback covers legacy QR payloads and pre-upgrade saved sessions.App:
parseConnectPayloadreturns{ code, pairingSecret }and extracts thepsquery param.pairingSecretRefthreads the value into V2SessionTransport.PairedSessionpersistspairingSecretin SecureStore soresumeSessionrestores it.Backward compat
pairingSecret: nulland the app falls back towsPassword. Existing pairings keep working.pairingSecretalso fall back to the password.Forward compat
A new CLI paired with a pre-upgrade app will fail the handshake because the app uses the password while the CLI uses the pairing secret. The app needs to ship with this change in lockstep with the CLI. Hot-updater should make this manageable.
After the fix
The relay still terminates WSS and still gets the session password in a URL param (separate concern, see #11). It does not see the pairing secret, so it cannot forge handshake auth tags.
Tested
Notes
lunel://connect?code=<code>&ps=<secret>and reuses the existinglunel://connect?code=...scheme already handled byparseConnectPayload. Easy to change the param name ifpsclashes with anything planned.