psk: workers needs lazy init for random values

Author: ignoramous

src/core/psk.js

@@ -3,11 +3,12 @@ import * as bufutil from "../commons/bufutil.js";
 import { csprng, hkdfalgkeysz, hkdfraw, sha512 } from "../commons/crypto.js";
 import * as envutil from "../commons/envutil.js";
 import * as util from "../commons/util.js";
+import * as system from "../system.js";
 import { log } from "./log.js";
 
 export const keysize = 64; // bytes
-
-let sessionSecret = csprng(keysize); // start with random secret
+export const serverid = "888811119999";
+let sessionSecret = null; // lazily initialized
 const pskctx = bufutil.fromStr("presharedkeyforclient");
 // hex: 790bb45383670663ce9a39480be2de5426179506c8a6b2be922af055896438dd06dd320e68cd81348a32d679c026f73be64fdbbc46c43bfbc0f98160ffae2452
 export const fixedID64 = new Uint8Array([
@@ -24,6 +25,10 @@ const pskfixedsalt = new Uint8Array([
   215, 155, 17, 183, 198, 68, 34, 44, 171, 8, 145, 166, 227, 206,
 ]);
 
+((_main) => {
+  system.when("prepare").then(prep);
+})();
+
 export class PskCred {
   /** @type {Uint8Array} client id */
   id;
@@ -65,7 +70,19 @@ export class PskCred {
   }
 }
 
-export const staticPskCred = new PskCred(fixedID64, csprng(64));
+// lazily init with "prep()" is due to limitations imposed on Workers.
+// ✘ core:user:serverless-dns: Uncaught Error: Disallowed operation called within global scope.
+// Asynchronous I/O (ex: fetch() or connect()), setting a timeout, and generating random values
+// are not allowed within global scope. To fix this error, perform this operation within a handler.
+// https://developers.cloudflare.com/workers/runtime-apis/handlers/
+function prep() {
+  log.i("psk: prepared");
+  staticPskCred = new PskCred(fixedID64, csprng(keysize));
+  sessionSecret = csprng(keysize);
+}
+
+/** @type {PskCred?} */
+export let staticPskCred = null; // lazily initialized
 export const recentPskCreds = new LfuCache("psk", 1000);
 
 /**
@@ -91,6 +108,11 @@ export async function generateTlsPsk(clientid) {
   // www.rfc-editor.org/rfc/rfc9257.html#section-8
   // www.rfc-editor.org/rfc/rfc9258.html#section-4
   const k256 = await pskSessionKey();
+  if (bufutil.emptyBuf(k256)) {
+    log.e("psk: no session key set yet");
+    return null;
+  }
+
   // www.rfc-editor.org/rfc/rfc9257.html#section-4.2
   const clientpsk = await hkdfraw(k256, clientid);
 
@@ -124,8 +146,8 @@ export async function newSession(seed, newctxstr) {
  */
 async function pskSessionKey() {
   const nokey = null;
-  if (bufutil.emptyBuf(pskctx)) {
-    log.e("key: ctx missing");
+  if (bufutil.emptyBuf(pskctx) || bufutil.emptyBuf(sessionSecret)) {
+    log.e("key: ctx or secret not set");
     return nokey;
   }
 

src/server-node.js

@@ -53,6 +53,7 @@ class Stats {
     this.tlserr = 0;
     this.tlspsks = 0;
     this.tlspskd = 0;
+    this.tlspskmiss = 0;
     this.tottlspsk = 0;
     this.fasttls = 0;
     this.totfasttls = 0;
@@ -70,7 +71,7 @@ class Stats {
     return (
       `reqs=${this.noreqs} c=${this.nofchecks} ` +
       `drops=${this.nofdrops}/tot=${this.nofconns}/open=${this.openconns} ` +
-      `to=${this.noftimeouts}/tlserr=${this.tlserr} ` +
+      `to=${this.noftimeouts}/tlserr=${this.tlserr}/tlspskmiss=${this.tlspskmiss} ` +
       `tls0=${this.fasttls}/tls0miss=${this.totfasttls}/tlsadjs=${this.noftlsadjs} ` +
       `tlspsks=${this.tlspsks}/tlspskd=${this.tlspskd}/tlspsktot=${this.tottlspsk} ` +
       `n=${this.bp[4]}/adj=${this.bp[3]} ` +
@@ -374,7 +375,6 @@ function systemUp() {
     sessionTimeout: 60 * 60 * 24 * 7, // 7d in secs
   };
   if (allowTlsPsk) {
-    const idhexhint = psk.staticPskCred.idhexhint;
     // tlsOpts.enableTrace = true;
     /**
      * @param {TLSSocket} _socket - TLS Socket
@@ -384,7 +384,12 @@ function systemUp() {
     tlsOpts.pskCallback = (_socket, idhex) => {
       stats.tottlspsk += 1;
       if (!bufutil.isHex(idhex)) return;
+      if (psk.staticPskCred == null) {
+        stats.tlspskmiss += 1;
+        return null; // unlikely
+      }
 
+      // const idhexhint = psk.staticPskCred.idhexhint;
       // openssl s_client -reconnect -tls1_2 -psk_identity 790bb45383670663ce9a39480be2de5426179506c8a6b2be922af055896438dd06dd320e68cd81348a32d679c026f73be64fdbbc46c43bfbc0f98160ffae2452
       // -psk "$TLS_PSK" -connect dns.rethinkdns.localhost:10000 -debug -cipher "PSK-AES128-GCM-SHA256"
       // TODO: confirm key is compatible with socket.getCipher();
@@ -397,24 +402,27 @@ function systemUp() {
         }
         return psk.staticPskCred.key;
       }
+
       /** @type {psk.PskCred?} */
       const creds = psk.recentPskCreds.get(idhex);
       if (creds && creds.ok()) {
         stats.tlspskd += 1;
         // log.d("TLS PSK: known client", creds.idhexhint);
         return creds.key;
       }
+
       // async callbacks are not possible yet, and so, generate the
       // missing credentials in the next microtask and fail this one;
       // hopefully, the next time this same idhex connects, we'll have
       // generated the corresponding PSK credentials to serve it.
       psk.generateTlsPsk(bufutil.hex2buf(idhex));
       // log.d("TLS PSK: unknown client id", idhex);
+      stats.tlspskmiss += 1;
       return null;
     };
-    const serverhint = idhexhint;
-    tlsOpts.pskIdentityHint = serverhint;
-    log.i("TLS PSK identity hint", serverhint);
+    tlsOpts.pskIdentityHint =
+      psk.staticPskCred == null ? psk.serverid : psk.staticPskCred.idhexhint;
+    log.i("TLS PSK identity hint", tlsOpts.pskIdentityHint);
   }
   // nodejs.org/api/http2.html#http2createsecureserveroptions-onrequesthandler
   const h2Opts = {