struct CryptoAuth_Session* CryptoAuth_newSession(struct CryptoAuth* ca,
struct Allocator* alloc,
const uint8_t herPublicKey[32],
const uint8_t herIp6[16],
const bool requireAuth,
char* displayName)
{
struct CryptoAuth_pvt* context = Identity_check((struct CryptoAuth_pvt*) ca);
struct CryptoAuth_Session_pvt* session =
Allocator_calloc(alloc, sizeof(struct CryptoAuth_Session_pvt), 1);
Identity_set(session);
session->context = context;
session->requireAuth = requireAuth;
session->pub.displayName = String_new(displayName, alloc);
session->timeOfLastPacket = Time_currentTimeSeconds(context->eventBase);
session->alloc = alloc;
if (herPublicKey != NULL) {
Bits_memcpyConst(session->pub.herPublicKey, herPublicKey, 32);
uint8_t calculatedIp6[16];
AddressCalc_addressForPublicKey(calculatedIp6, herPublicKey);
Bits_memcpyConst(session->pub.herIp6, calculatedIp6, 16);
if (herIp6 != NULL) {
Assert_true(!Bits_memcmp(calculatedIp6, herIp6, 16));
}
} else if (herIp6) {
Bits_memcpyConst(session->pub.herIp6, herIp6, 16);
}
return &session->pub;
}
static void getIp6(struct CryptoAuth_Session_pvt* session, uint8_t* addr)
{
Assert_true(knowHerKey(session));
uint8_t ip6[16];
AddressCalc_addressForPublicKey(ip6, session->pub.herPublicKey);
AddrTools_printIp(addr, ip6);
}
static void getIp6(struct CryptoAuth_Wrapper* wrapper, uint8_t* addr)
{
if (knowHerKey(wrapper)) {
uint8_t ip6[16];
AddressCalc_addressForPublicKey(ip6, wrapper->herPerminentPubKey);
AddrTools_printIp(addr, ip6);
}
}
static void check(struct SessionManager* sm, int mapIndex)
{
Assert_true(sm->ifaceMap.keys[mapIndex].bytes[0] == 0xfc);
uint8_t* herPubKey = CryptoAuth_getHerPublicKey(sm->ifaceMap.values[mapIndex]->pub.internal);
if (!Bits_isZero(herPubKey, 32)) {
uint8_t ip6[16];
AddressCalc_addressForPublicKey(ip6, herPubKey);
Assert_true(!Bits_memcmp(&sm->ifaceMap.keys[mapIndex], ip6, 16));
}
}
int main()
{
char* pingBenc = "d1:q4:ping4:txid4:abcde";
struct Allocator* alloc = MallocAllocator_new(1<<22);
struct TestFramework* tf = TestFramework_setUp("0123456789abcdefghijklmnopqrstuv", alloc, NULL);
struct Ducttape_pvt* dt = Identity_cast((struct Ducttape_pvt*) tf->ducttape);
struct Allocator* allocator = MallocAllocator_new(85000);
uint16_t buffLen = sizeof(struct Ducttape_IncomingForMe) + 8 + strlen(pingBenc);
uint8_t* buff = allocator->calloc(buffLen, 1, allocator);
struct Headers_SwitchHeader* sh = (struct Headers_SwitchHeader*) buff;
sh->label_be = Endian_hostToBigEndian64(4);
struct Headers_IP6Header* ip6 = (struct Headers_IP6Header*) &sh[1];
uint8_t herPublicKey[32];
Base32_decode(herPublicKey, 32,
(uint8_t*) "0z5tscp8td1sc6cv4htp7jbls79ltqxw9pbg190x0kbm1lguqtx0", 52);
AddressCalc_addressForPublicKey(ip6->sourceAddr, herPublicKey);
struct Headers_UDPHeader* udp = (struct Headers_UDPHeader*) &ip6[1];
ip6->hopLimit = 0;
ip6->nextHeader = 17;
udp->sourceAndDestPorts = 0;
udp->length_be = Endian_hostToBigEndian16(strlen(pingBenc));
strncpy((char*)(udp + 1), pingBenc, strlen(pingBenc));
dt->switchInterface.receiveMessage = catchResponse;
dt->switchInterface.receiverContext = NULL;
// bad checksum
udp->checksum_be = 1;
struct Message m = { .bytes = buff, .length = buffLen, .padding = 0 };
Ducttape_injectIncomingForMe(&m, &dt->public, herPublicKey);
Assert_always(!dt->switchInterface.receiverContext);
// zero checksum
udp->checksum_be = 0;
struct Message m2 = { .bytes = buff, .length = buffLen, .padding = 0 };
Ducttape_injectIncomingForMe(&m2, &dt->public, herPublicKey);
Assert_always(dt->switchInterface.receiverContext);
// good checksum
udp->checksum_be =
Checksum_udpIp6(ip6->sourceAddr, (uint8_t*) udp, strlen(pingBenc) + Headers_UDPHeader_SIZE);
struct Message m3 = { .bytes = buff, .length = buffLen, .padding = 0 };
Ducttape_injectIncomingForMe(&m3, &dt->public, herPublicKey);
Assert_always(dt->switchInterface.receiverContext);
}
int Key_parse(String* key, uint8_t keyBytesOut[32], uint8_t ip6Out[16])
{
if (!key || key->len < 52) {
return Key_parse_TOO_SHORT;
}
if (key->bytes[52] != '.' || key->bytes[53] != 'k') {
return Key_parse_MALFORMED;
}
if (Base32_decode(keyBytesOut, 32, (uint8_t*)key->bytes, 52) != 32) {
return Key_parse_DECODE_FAILED;
}
if (ip6Out) {
AddressCalc_addressForPublicKey(ip6Out, keyBytesOut);
if (!AddressCalc_validAddress(ip6Out)) {
return Key_parse_INVALID;
}
}
return 0;
}
static int genAddress(uint8_t addressOut[40],
uint8_t privateKeyHexOut[65],
uint8_t publicKeyBase32Out[53])
{
struct Address address;
uint8_t privateKey[32];
for (;;) {
randombytes(privateKey, 32);
crypto_scalarmult_curve25519_base(address.key, privateKey);
AddressCalc_addressForPublicKey(address.ip6.bytes, address.key);
// Brute force for keys until one matches FC00:/8
if (address.ip6.bytes[0] == 0xFC) {
Hex_encode(privateKeyHexOut, 65, privateKey, 32);
Base32_encode(publicKeyBase32Out, 53, address.key, 32);
Address_printIp(addressOut, &address);
return 0;
}
}
}
static void parsePrivateKey(Dict* config, struct Address* addr, uint8_t privateKey[32])
{
String* privateKeyStr = Dict_getString(config, BSTR("privateKey"));
if (privateKeyStr == NULL) {
fprintf(stderr, "Could not extract private key from configuration.\n");
} else if (privateKeyStr->len != 64) {
fprintf(stderr, "Private key is not 32 bytes long.\n");
} else if (Hex_decode(privateKey, 32, (uint8_t*)privateKeyStr->bytes, 64) != 32) {
fprintf(stderr, "Failed to parse private key.\n");
} else {
crypto_scalarmult_curve25519_base(addr->key, privateKey);
AddressCalc_addressForPublicKey(addr->ip6.bytes, addr->key);
if (addr->ip6.bytes[0] != 0xFC) {
fprintf(stderr, "Ip address is outside of the FC00/8 range, "
"invalid private key.\n");
} else {
return;
}
}
exit(-1);
}
int main(int argc, char** argv)
{
struct Allocator* alloc = MallocAllocator_new(1<<22);
struct Random* rand = Random_new(alloc, NULL, NULL);
uint8_t privateKey[32];
uint8_t publicKey[32];
uint8_t ip[16];
uint8_t hexPrivateKey[65];
uint8_t printedIp[40];
for (;;) {
Random_bytes(rand, privateKey, 32);
crypto_scalarmult_curve25519_base(publicKey, privateKey);
if (AddressCalc_addressForPublicKey(ip, publicKey)) {
Hex_encode(hexPrivateKey, 65, privateKey, 32);
AddrTools_printIp(printedIp, ip);
printf("%s %s\n", hexPrivateKey, printedIp);
}
}
return 0;
}
int main()
{
/* verify public key */
struct Address address;
crypto_scalarmult_curve25519_base(address.key, privateKey);
AddressCalc_addressForPublicKey(address.ip6.bytes, address.key);
uint8_t privateKeyHexOut[65];
uint8_t publicKeyHexOut[65];
uint8_t publicKeyBase32Out[53];
Hex_encode(privateKeyHexOut, 65, privateKey, 32);
Hex_encode(publicKeyHexOut, 65, publicKey, 32);
printf("Private key %s (hex)\n\nExpect:\nPublic Key: %s (hex)\n"
"Public Key: %s (base32)\nAddress: %s\n",
privateKeyHexOut,
publicKeyHexOut,
publicKeyBase32,
ipv6);
uint8_t addressOut[40];
Hex_encode(publicKeyHexOut, 65, address.key, 32);
Base32_encode(publicKeyBase32Out, 53, address.key, 32);
Address_printIp(addressOut, &address);
printf("\nGot:\nPublic Key: %s (hex)\n"
"Public Key: %s (base32)\nAddress: %s\n",
publicKeyHexOut,
publicKeyBase32Out,
addressOut);
Assert_always(0 == memcmp(address.key, publicKey, 32));
Assert_always(0 == strcmp(publicKeyBase32, (char*) publicKeyBase32Out));
Assert_always(0 == strcmp(ipv6, (char*) addressOut));
}
static int genAddress(uint8_t addressOut[40],
uint8_t privateKeyHexOut[65],
uint8_t publicKeyBase32Out[53],
uint8_t privateKey[32])
{
struct Address address;
crypto_scalarmult_curve25519_base(address.key, privateKey);
AddressCalc_addressForPublicKey(address.ip6.bytes, address.key);
// Brute force for keys until one matches FC00:/8
if(
address.ip6.bytes[0] == 0xFC// &&
//(address.ip6.bytes[15] & 0xF) == (address.ip6.bytes[15] & 0x0F << 4) &&
//address.ip6.bytes[14] == address.ip6.bytes[15]
)
{
Hex_encode(privateKeyHexOut, 65, privateKey, 32);
Base32_encode(publicKeyBase32Out, 53, address.key, 32);
Address_printIp(addressOut, &address);
return 1;
}
return 0;
}
int InterfaceController_bootstrapPeer(struct InterfaceController* ifc,
int interfaceNumber,
uint8_t* herPublicKey,
const struct Sockaddr* lladdrParm,
String* password,
String* login,
String* user,
struct Allocator* alloc)
{
struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
Assert_true(herPublicKey);
Assert_true(password);
struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, interfaceNumber);
if (!ici) {
return InterfaceController_bootstrapPeer_BAD_IFNUM;
}
Log_debug(ic->logger, "bootstrapPeer total [%u]", ici->peerMap.count);
uint8_t ip6[16];
AddressCalc_addressForPublicKey(ip6, herPublicKey);
if (!AddressCalc_validAddress(ip6) || !Bits_memcmp(ic->ca->publicKey, herPublicKey, 32)) {
return InterfaceController_bootstrapPeer_BAD_KEY;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
struct Sockaddr* lladdr = Sockaddr_clone(lladdrParm, epAlloc);
// TODO(cjd): eps are created in 3 places, there should be a factory function.
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
Assert_true(index >= 0);
ep->alloc = epAlloc;
ep->handle = ici->peerMap.handles[index];
ep->lladdr = lladdr;
ep->ici = ici;
ep->isIncomingConnection = false;
Bits_memcpy(ep->addr.key, herPublicKey, 32);
Address_getPrefix(&ep->addr);
Identity_set(ep);
Allocator_onFree(epAlloc, closeInterface, ep);
Allocator_onFree(alloc, freeAlloc, epAlloc);
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, herPublicKey, false, "outer");
CryptoAuth_setAuth(password, login, ep->caSession);
if (user) {
ep->caSession->displayName = String_clone(user, epAlloc);
}
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "bootstrapPeer() SwitchCore out of space");
Allocator_free(epAlloc);
return InterfaceController_bootstrapPeer_OUT_OF_SPACE;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
if (Defined(Log_INFO)) {
struct Allocator* tempAlloc = Allocator_child(alloc);
String* addrStr = Address_toString(&ep->addr, tempAlloc);
Log_info(ic->logger, "Adding peer [%s] from bootstrapPeer()", addrStr->bytes);
Allocator_free(tempAlloc);
}
// We can't just add the node directly to the routing table because we do not know
// the version. We'll send it a switch ping and when it responds, we will know it's
// key (if we don't already) and version number.
sendPing(ep);
return 0;
}
int InterfaceController_registerPeer(struct InterfaceController* ifController,
uint8_t herPublicKey[32],
String* password,
bool requireAuth,
bool isIncomingConnection,
struct Interface* externalInterface)
{
// This function is overridden by some tests...
if (ifController->registerPeer) {
return ifController->registerPeer(ifController, herPublicKey, password, requireAuth,
isIncomingConnection, externalInterface);
}
struct InterfaceController_pvt* ic =
Identity_check((struct InterfaceController_pvt*) ifController);
if (Map_OfIFCPeerByExernalIf_indexForKey(&externalInterface, &ic->peerMap) > -1) {
return 0;
}
Log_debug(ic->logger, "registerPeer [%p] total [%u]",
(void*)externalInterface, ic->peerMap.count);
uint8_t ip6[16];
if (herPublicKey) {
AddressCalc_addressForPublicKey(ip6, herPublicKey);
if (!AddressCalc_validAddress(ip6)) {
return InterfaceController_registerPeer_BAD_KEY;
}
if (!Bits_memcmp(ic->ca->publicKey, herPublicKey, 32)) {
// can't link with yourself, wiseguy
return InterfaceController_registerPeer_BAD_KEY;
}
} else {
Assert_true(requireAuth);
}
struct Allocator* epAllocator = externalInterface->allocator;
struct InterfaceController_Peer* ep =
Allocator_calloc(epAllocator, sizeof(struct InterfaceController_Peer), 1);
ep->bytesOut = 0;
ep->bytesIn = 0;
ep->external = externalInterface;
int setIndex = Map_OfIFCPeerByExernalIf_put(&externalInterface, &ep, &ic->peerMap);
ep->handle = ic->peerMap.handles[setIndex];
Identity_set(ep);
Allocator_onFree(epAllocator, closeInterface, ep);
// If the other end need needs to supply a valid password to connect
// we will set the connection state to UNAUTHENTICATED so that if the
// packet is invalid, the connection will be dropped right away.
if (requireAuth) {
ep->state = InterfaceController_PeerState_UNAUTHENTICATED;
}
ep->cryptoAuthIf = CryptoAuth_wrapInterface(externalInterface,
herPublicKey,
NULL,
requireAuth,
"outer",
ic->ca);
ep->cryptoAuthIf->receiveMessage = receivedAfterCryptoAuth;
ep->cryptoAuthIf->receiverContext = ep;
// Always use authType 1 until something else comes along, then we'll have to refactor.
if (password) {
CryptoAuth_setAuth(password, 1, ep->cryptoAuthIf);
}
ep->isIncomingConnection = isIncomingConnection;
Bits_memcpyConst(&ep->switchIf, (&(struct Interface) {
.sendMessage = sendFromSwitch,
// ifcontrollerForPeer uses this.
// sendFromSwitch relies on the fact that the
// switchIf is the same memory location as the Peer.
.senderContext = ic,
.allocator = epAllocator
}), sizeof(struct Interface));
/**
* This is called as sendMessage() by the switch.
* There is only one switch interface which sends all traffic.
* message is aligned on the beginning of the switch header.
*/
static uint8_t incomingFromSwitch(struct Message* message, struct Interface* switchIf)
{
struct Ducttape* context = switchIf->senderContext;
struct Headers_SwitchHeader* switchHeader = (struct Headers_SwitchHeader*) message->bytes;
Message_shift(message, -Headers_SwitchHeader_SIZE);
// The label comes in reversed from the switch because the switch doesn't know that we aren't
// another switch ready to parse more bits, bit reversing the label yields the source address.
switchHeader->label_be = Bits_bitReverse64(switchHeader->label_be);
if (Headers_getMessageType(switchHeader) == Headers_SwitchHeader_TYPE_CONTROL) {
uint8_t labelStr[20];
uint64_t label = Endian_bigEndianToHost64(switchHeader->label_be);
AddrTools_printPath(labelStr, label);
if (message->length < Control_HEADER_SIZE) {
Log_info1(context->logger, "dropped runt ctrl packet from [%s]", labelStr);
return Error_NONE;
} else {
Log_debug1(context->logger, "ctrl packet from [%s]", labelStr);
}
struct Control* ctrl = (struct Control*) message->bytes;
bool pong = false;
if (ctrl->type_be == Control_ERROR_be) {
if (message->length < Control_Error_MIN_SIZE) {
Log_info1(context->logger, "dropped runt error packet from [%s]", labelStr);
return Error_NONE;
}
Log_info2(context->logger,
"error packet from [%s], error type [%d]",
labelStr,
Endian_bigEndianToHost32(ctrl->content.error.errorType_be));
RouterModule_brokenPath(Endian_bigEndianToHost64(switchHeader->label_be),
context->routerModule);
uint8_t causeType = Headers_getMessageType(&ctrl->content.error.cause);
if (causeType == Headers_SwitchHeader_TYPE_CONTROL) {
if (message->length < Control_Error_MIN_SIZE + Control_HEADER_SIZE) {
Log_info1(context->logger,
"error packet from [%s] containing runt cause packet",
labelStr);
return Error_NONE;
}
struct Control* causeCtrl = (struct Control*) &(&ctrl->content.error.cause)[1];
if (causeCtrl->type_be != Control_PING_be) {
Log_info3(context->logger,
"error packet from [%s] caused by [%s] packet ([%d])",
labelStr,
Control_typeString(causeCtrl->type_be),
Endian_bigEndianToHost16(causeCtrl->type_be));
} else {
Log_debug2(context->logger,
"error packet from [%s] in response to ping, length: [%d].",
labelStr,
message->length);
// errors resulting from pings are forwarded back to the pinger.
pong = true;
}
} else if (causeType != Headers_SwitchHeader_TYPE_DATA) {
Log_info1(context->logger,
"error packet from [%s] containing cause of unknown type [%d]",
labelStr);
}
} else if (ctrl->type_be == Control_PONG_be) {
pong = true;
} else if (ctrl->type_be == Control_PING_be) {
ctrl->type_be = Control_PONG_be;
Message_shift(message, Headers_SwitchHeader_SIZE);
switchIf->receiveMessage(message, switchIf);
} else {
Log_info2(context->logger,
"control packet of unknown type from [%s], type [%d]",
labelStr, Endian_bigEndianToHost16(ctrl->type_be));
}
if (pong) {
// Shift back over the header
Message_shift(message, Headers_SwitchHeader_SIZE);
context->switchPingerIf->receiveMessage(message, context->switchPingerIf);
}
return Error_NONE;
}
uint8_t* herKey = extractPublicKey(message, switchHeader->label_be, context->logger);
int herAddrIndex;
if (herKey) {
uint8_t herAddrStore[16];
AddressCalc_addressForPublicKey(herAddrStore, herKey);
if (herAddrStore[0] != 0xFC) {
Log_debug(context->logger,
"Got message from peer whose address is not in fc00::/8 range.\n");
return 0;
}
herAddrIndex = AddressMapper_put(switchHeader->label_be, herAddrStore, &context->addrMap);
} else {
herAddrIndex = AddressMapper_indexOf(switchHeader->label_be, &context->addrMap);
if (herAddrIndex == -1) {
uint64_t label = Endian_bigEndianToHost64(switchHeader->label_be);
struct Node* n = RouterModule_getNode(label, context->routerModule);
if (n) {
herAddrIndex = AddressMapper_put(switchHeader->label_be,
n->address.ip6.bytes,
&context->addrMap);
} else {
#ifdef Log_DEBUG
uint8_t switchAddr[20];
AddrTools_printPath(switchAddr, Endian_bigEndianToHost64(switchHeader->label_be));
Log_debug1(context->logger,
"Dropped traffic packet from unknown node. (%s)\n",
&switchAddr);
#endif
return 0;
}
}
}
// If the source address is the same as the router address, no third layer of crypto.
context->routerAddress = context->addrMap.entries[herAddrIndex].address;
// This is needed so that the priority and other information
// from the switch header can be passed on properly.
context->switchHeader = switchHeader;
context->session = SessionManager_getSession(context->routerAddress, herKey, context->sm);
// This goes to incomingFromCryptoAuth()
// then incomingFromRouter() then core()
context->layer = OUTER_LAYER;
context->session->receiveMessage(message, context->session);
return 0;
}
static int registerPeer(struct InterfaceController* ifController,
uint8_t herPublicKey[32],
String* password,
bool requireAuth,
bool transient,
struct Interface* externalInterface)
{
struct Context* ic = Identity_cast((struct Context*) ifController);
Log_debug(ic->logger, "registerPeer [%p] total [%u]",
(void*)externalInterface, ic->peerMap.count);
if (Map_OfIFCPeerByExernalIf_indexForKey(&externalInterface, &ic->peerMap) > -1) {
Log_debug(ic->logger, "Skipping registerPeer [%p] because peer is already registered",
(void*)externalInterface);
return 0;
}
uint8_t ip6[16];
if (herPublicKey) {
AddressCalc_addressForPublicKey(ip6, herPublicKey);
if (!AddressCalc_validAddress(ip6)) {
return InterfaceController_registerPeer_BAD_KEY;
}
}
struct Allocator* epAllocator = externalInterface->allocator;
struct IFCPeer* ep = Allocator_calloc(epAllocator, sizeof(struct IFCPeer), 1);
ep->external = externalInterface;
int setIndex = Map_OfIFCPeerByExernalIf_put(&externalInterface, &ep, &ic->peerMap);
ep->handle = ic->peerMap.handles[setIndex];
Identity_set(ep);
Allocator_onFree(epAllocator, closeInterface, ep);
// If the other end need not supply a valid password to connect
// we will set the connection state to HANDSHAKE because we don't
// want the connection to be trashed after the first invalid packet.
if (!requireAuth) {
ep->state = InterfaceController_PeerState_HANDSHAKE;
}
ep->cryptoAuthIf =
CryptoAuth_wrapInterface(externalInterface, herPublicKey, requireAuth, true, ic->ca);
ep->cryptoAuthIf->receiveMessage = receivedAfterCryptoAuth;
ep->cryptoAuthIf->receiverContext = ep;
// Always use authType 1 until something else comes along, then we'll have to refactor.
if (password) {
CryptoAuth_setAuth(password, 1, ep->cryptoAuthIf);
}
ep->transient = transient;
Bits_memcpyConst(&ep->switchIf, (&(struct Interface) {
.sendMessage = sendFromSwitch,
// ifcontrollerForPeer uses this.
// sendFromSwitch relies on the fact that the
// switchIf is the same memory location as the Peer.
.senderContext = ic,
.allocator = epAllocator
}), sizeof(struct Interface));
static uint8_t decryptHandshake(struct CryptoAuth_Wrapper* wrapper,
const uint32_t nonce,
struct Message* message,
union Headers_CryptoAuth* header)
{
if (message->length < Headers_CryptoAuth_SIZE) {
cryptoAuthDebug0(wrapper, "DROP runt");
return Error_UNDERSIZE_MESSAGE;
}
// handshake
// nextNonce 0: recieving hello.
// nextNonce 1: recieving key, we sent hello.
// nextNonce 2: recieving first data packet or duplicate hello.
// nextNonce 3: recieving first data packet.
// nextNonce >3: handshake complete
if (knowHerKey(wrapper)) {
if (Bits_memcmp(wrapper->herPerminentPubKey, header->handshake.publicKey, 32)) {
cryptoAuthDebug0(wrapper, "DROP a packet with different public key than this session");
return Error_AUTHENTICATION;
}
} else if (!Bits_isZero(wrapper->herIp6, 16)) {
uint8_t calculatedIp6[16];
AddressCalc_addressForPublicKey(calculatedIp6, header->handshake.publicKey);
if (Bits_memcmp(wrapper->herIp6, calculatedIp6, 16)) {
cryptoAuthDebug0(wrapper, "DROP packet with public key not matching ip6 for session");
return Error_AUTHENTICATION;
}
}
if (wrapper->nextNonce < 2 && nonce == UINT32_MAX && !wrapper->requireAuth) {
// Reset without knowing key is allowed until state reaches 2.
// this is because we don't know that the other end knows our key until we
// have received a valid packet from them.
// We can't allow the upper layer to see this message because it's not authenticated.
if (!knowHerKey(wrapper)) {
Bits_memcpyConst(wrapper->herPerminentPubKey, header->handshake.publicKey, 32);
}
Message_shift(message, -Headers_CryptoAuth_SIZE, NULL);
message->length = 0;
reset(wrapper);
wrapper->user = NULL;
cryptoAuthDebug0(wrapper, "Got a connect-to-me message, sending a hello");
// Send an empty response (to initiate the connection).
encryptHandshake(message, wrapper, 1);
return Error_NONE;
}
String* user = NULL;
uint8_t passwordHashStore[32];
uint8_t* passwordHash = tryAuth(header, passwordHashStore, wrapper, &user);
if (wrapper->requireAuth && !user) {
cryptoAuthDebug0(wrapper, "DROP message because auth was not given");
return Error_AUTHENTICATION;
}
if (passwordHash == NULL && header->handshake.auth.challenge.type != 0) {
cryptoAuthDebug0(wrapper, "DROP message with unrecognized authenticator");
return Error_AUTHENTICATION;
}
// What the nextNonce will become if this packet is valid.
uint32_t nextNonce;
// The secret for decrypting this message.
uint8_t sharedSecret[32];
uint8_t* herPermKey = NULL;
if (nonce < 2) {
if (nonce == 0) {
cryptoAuthDebug(wrapper, "Received a hello packet, using auth: %d",
(passwordHash != NULL));
} else {
cryptoAuthDebug0(wrapper, "Received a repeat hello packet");
}
// Decrypt message with perminent keys.
if (!knowHerKey(wrapper) || wrapper->nextNonce == 0) {
herPermKey = header->handshake.publicKey;
#ifdef Log_DEBUG
if (Bits_isZero(header->handshake.publicKey, 32)) {
cryptoAuthDebug0(wrapper, "Node sent public key of ZERO!");
}
#endif
} else {
herPermKey = wrapper->herPerminentPubKey;
if (Bits_memcmp(header->handshake.publicKey, herPermKey, 32)) {
cryptoAuthDebug0(wrapper, "DROP packet contains different perminent key");
return Error_AUTHENTICATION;
}
}
getSharedSecret(sharedSecret,
wrapper->context->privateKey,
herPermKey,
passwordHash,
wrapper->context->logger);
nextNonce = 2;
} else {
if (nonce == 2) {
cryptoAuthDebug0(wrapper, "Received a key packet");
} else if (nonce == 3) {
cryptoAuthDebug0(wrapper, "Received a repeat key packet");
} else {
cryptoAuthDebug(wrapper, "Received a packet of unknown type! nonce=%u", nonce);
}
if (Bits_memcmp(header->handshake.publicKey, wrapper->herPerminentPubKey, 32)) {
cryptoAuthDebug0(wrapper, "DROP packet contains different perminent key");
return Error_AUTHENTICATION;
}
if (!wrapper->isInitiator) {
cryptoAuthDebug0(wrapper, "DROP a stray key packet");
return Error_AUTHENTICATION;
}
// We sent the hello, this is a key
getSharedSecret(sharedSecret,
wrapper->ourTempPrivKey,
wrapper->herPerminentPubKey,
passwordHash,
wrapper->context->logger);
nextNonce = 4;
}
// Shift it on top of the authenticator before the encrypted public key
Message_shift(message, 48 - Headers_CryptoAuth_SIZE, NULL);
#ifdef Log_KEYS
uint8_t sharedSecretHex[65];
printHexKey(sharedSecretHex, sharedSecret);
uint8_t nonceHex[49];
Hex_encode(nonceHex, 49, header->handshake.nonce, 24);
uint8_t cipherHex[65];
printHexKey(cipherHex, message->bytes);
Log_keys(wrapper->context->logger,
"Decrypting message with:\n"
" nonce: %s\n"
" secret: %s\n"
" cipher: %s\n",
nonceHex, sharedSecretHex, cipherHex);
#endif
// Decrypt her temp public key and the message.
if (decryptRndNonce(header->handshake.nonce, message, sharedSecret) != 0) {
// just in case
Bits_memset(header, 0, Headers_CryptoAuth_SIZE);
cryptoAuthDebug(wrapper, "DROP message with nonce [%d], decryption failed", nonce);
return Error_AUTHENTICATION;
}
Assert_ifParanoid(!Bits_isZero(header->handshake.encryptedTempKey, 32));
#ifdef Log_KEYS
uint8_t tempKeyHex[65];
Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32);
Log_keys(wrapper->context->logger,
"Unwrapping temp public key:\n"
" %s\n",
tempKeyHex);
#endif
Message_shift(message, -32, NULL);
// Post-decryption checking
if (nonce == 0) {
// A new hello packet
if (!Bits_memcmp(wrapper->herTempPubKey, header->handshake.encryptedTempKey, 32)) {
// possible replay attack or duped packet
cryptoAuthDebug0(wrapper, "DROP dupe hello packet with same temp key");
return Error_AUTHENTICATION;
}
} else if (nonce == 2 && wrapper->nextNonce >= 4) {
// we accept a new key packet and let it change the session since the other end might have
// killed off the session while it was in the midst of setting up.
if (!Bits_memcmp(wrapper->herTempPubKey, header->handshake.encryptedTempKey, 32)) {
Assert_true(!Bits_isZero(wrapper->herTempPubKey, 32));
cryptoAuthDebug0(wrapper, "DROP dupe key packet with same temp key");
return Error_AUTHENTICATION;
}
} else if (nonce == 3 && wrapper->nextNonce >= 4) {
// Got a repeat key packet, make sure the temp key is the same as the one we know.
if (Bits_memcmp(wrapper->herTempPubKey, header->handshake.encryptedTempKey, 32)) {
Assert_true(!Bits_isZero(wrapper->herTempPubKey, 32));
cryptoAuthDebug0(wrapper, "DROP repeat key packet with different temp key");
return Error_AUTHENTICATION;
}
}
// If Alice sent a hello packet then Bob sent a hello packet and they crossed on the wire,
// somebody has to yield and the other has to stand firm otherwise they will either deadlock
// each believing their hello packet is superior or they will livelock, each switching to the
// other's session and never synchronizing.
// In this event whoever has the lower permanent public key wins.
// If we receive a (possibly repeat) key packet
if (nextNonce == 4) {
if (wrapper->nextNonce <= 4) {
// and have not yet begun sending "run" data
Assert_true(wrapper->nextNonce <= nextNonce);
wrapper->nextNonce = nextNonce;
wrapper->user = user;
Bits_memcpyConst(wrapper->herTempPubKey, header->handshake.encryptedTempKey, 32);
} else {
// It's a (possibly repeat) key packet and we have begun sending run data.
// We will change the shared secret to the one specified in the new key packet but
// intentionally avoid de-incrementing the nonce just in case
getSharedSecret(wrapper->sharedSecret,
wrapper->ourTempPrivKey,
header->handshake.encryptedTempKey,
NULL,
wrapper->context->logger);
cryptoAuthDebug0(wrapper, "New key packet but we are already sending data");
}
} else if (nextNonce == 2 && (!wrapper->isInitiator || wrapper->established)) {
// This is a hello packet and we are either in ESTABLISHED state or we are
// not the initiator of the connection.
// If the case is that we are in ESTABLISHED state, the other side tore down the session
// and we have not so lets tear it down.
// If we are not in ESTABLISHED state then we don't allow resetting of the session unless
// they are the sender of the hello packet or their permanent public key is lower.
// this is a tie-breaker in case hello packets cross on the wire.
if (wrapper->established) {
reset(wrapper);
}
// We got a (possibly repeat) hello packet and we have not sent any hello packet,
// new session.
if (wrapper->nextNonce == 3 && nextNonce == 2) {
// We sent a key packet so the next packet is a repeat key but we got another hello
// We'll just keep steaming along sending repeat key packets
nextNonce = 3;
}
Assert_true(wrapper->nextNonce <= nextNonce);
wrapper->nextNonce = nextNonce;
wrapper->user = user;
Bits_memcpyConst(wrapper->herTempPubKey, header->handshake.encryptedTempKey, 32);
} else if (nextNonce == 2
&& Bits_memcmp(header->handshake.publicKey, wrapper->context->pub.publicKey, 32) < 0)
{
// It's a hello and we are the initiator but their permant public key is numerically lower
// than ours, this is so that in the event of two hello packets crossing on the wire, the
// nodes will agree on who is the initiator.
cryptoAuthDebug0(wrapper, "Incoming hello from node with lower key, resetting");
reset(wrapper);
Assert_true(wrapper->nextNonce <= nextNonce);
wrapper->nextNonce = nextNonce;
wrapper->user = user;
Bits_memcpyConst(wrapper->herTempPubKey, header->handshake.encryptedTempKey, 32);
} else {
cryptoAuthDebug0(wrapper, "Incoming hello from node with higher key, not resetting");
}
if (herPermKey && herPermKey != wrapper->herPerminentPubKey) {
Bits_memcpyConst(wrapper->herPerminentPubKey, herPermKey, 32);
}
// If this is a handshake which was initiated in reverse because we
// didn't know the other node's key, now send what we were going to send.
if (wrapper->bufferedMessage) {
// This can only happen when we have received a (maybe repeat) hello packet.
Assert_true(wrapper->nextNonce == 2);
struct Message* bm = wrapper->bufferedMessage;
wrapper->bufferedMessage = NULL;
cryptoAuthDebug0(wrapper, "Sending buffered message");
sendMessage(bm, &wrapper->externalInterface);
Allocator_free(bm->alloc);
}
if (message->length == 0 && Headers_isSetupPacket(&header->handshake.auth)) {
return Error_NONE;
}
Bits_memset(&wrapper->replayProtector, 0, sizeof(struct ReplayProtector));
setRequiredPadding(wrapper);
return callReceivedMessage(wrapper, message);
}
static int handleOutgoing(struct DHTMessage* dmessage,
void* vcontext)
{
struct Ducttape* context = (struct Ducttape*) vcontext;
struct Message message =
{ .length = dmessage->length, .bytes = (uint8_t*) dmessage->bytes, .padding = 512 };
Message_shift(&message, Headers_UDPHeader_SIZE);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message.bytes;
uh->sourceAndDestPorts = 0;
uh->length_be = Endian_hostToBigEndian16(dmessage->length);
uh->checksum_be = 0;
uint16_t payloadLength = message.length;
Message_shift(&message, Headers_IP6Header_SIZE);
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message.bytes;
header->versionClassAndFlowLabel = 0;
header->flowLabelLow_be = 0;
header->nextHeader = 17;
header->hopLimit = 0;
header->payloadLength_be = Endian_hostToBigEndian16(payloadLength);
Bits_memcpyConst(header->sourceAddr,
context->myAddr.ip6.bytes,
Address_SEARCH_TARGET_SIZE);
Bits_memcpyConst(header->destinationAddr,
dmessage->address->ip6.bytes,
Address_SEARCH_TARGET_SIZE);
context->ip6Header = header;
context->switchHeader = NULL;
sendToRouter(dmessage->address, &message, context);
return 0;
}
// Aligned on the beginning of the content.
static inline bool isRouterTraffic(struct Message* message, struct Headers_IP6Header* ip6)
{
if (ip6->nextHeader != 17 || ip6->hopLimit != 0) {
return false;
}
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
return message->length >= Headers_UDPHeader_SIZE
&& uh->sourceAndDestPorts == 0
&& (int) Endian_bigEndianToHost16(uh->length_be) == message->length - Headers_UDPHeader_SIZE;
}
/**
* Message which is for us, message is aligned on the beginning of the content.
* this is called from core() which calls through an interfaceMap.
*/
static inline uint8_t incomingForMe(struct Message* message,
struct Ducttape* context,
uint8_t herPubKey[32])
{
struct Address addr;
AddressCalc_addressForPublicKey(addr.ip6.bytes, herPubKey);
if (memcmp(addr.ip6.bytes, context->ip6Header->sourceAddr, 16)) {
#ifdef Log_DEBUG
uint8_t keyAddr[40];
Address_printIp(keyAddr, &addr);
Bits_memcpyConst(addr.ip6.bytes, context->ip6Header->sourceAddr, 16);
uint8_t srcAddr[40];
Address_printIp(srcAddr, &addr);
Log_debug2(context->logger,
"Dropped packet because source address is not same as key.\n"
" %s source addr\n"
" %s hash of key\n",
srcAddr,
keyAddr);
#endif
return Error_INVALID;
}
if (message->length == 0) {
#ifdef Log_WARN
uint8_t keyAddr[40];
uint8_t ipv6Hex[80];
Address_printIp(keyAddr, &addr);
Hex_encode(ipv6Hex, 80, (uint8_t*) context->ip6Header, 40);
Log_warn2(context->logger,
"Got ipv6 packet from %s which has no content!\nIPv6 Header: [%s]",
keyAddr, ipv6Hex);
#endif
return Error_INVALID;
}
if (isRouterTraffic(message, context->ip6Header)) {
// Shift off the UDP header.
Message_shift(message, -Headers_UDPHeader_SIZE);
addr.path = Endian_bigEndianToHost64(context->switchHeader->label_be);
Bits_memcpyConst(addr.key, herPubKey, 32);
return incomingDHT(message, &addr, context);
}
// RouterModule_addNode(&addr, context->routerModule);
if (!context->routerIf) {
Log_warn(context->logger,
"Dropping message because there is no router interface configured.\n");
return Error_UNDELIVERABLE;
}
// Now write a message to the TUN device.
// Need to move the ipv6 header forward up to the content because there's a crypto header
// between the ipv6 header and the content which just got eaten.
Message_shift(message, Headers_IP6Header_SIZE);
uint16_t sizeDiff = message->bytes - (uint8_t*)context->ip6Header;
if (sizeDiff) {
context->ip6Header->payloadLength_be =
Endian_hostToBigEndian16(
Endian_bigEndianToHost16(context->ip6Header->payloadLength_be) - sizeDiff);
memmove(message->bytes, context->ip6Header, Headers_IP6Header_SIZE);
}
context->routerIf->sendMessage(message, context->routerIf);
return Error_NONE;
}
uint8_t Ducttape_injectIncomingForMe(struct Message* message,
struct Ducttape* context,
uint8_t herPublicKey[32])
{
struct Headers_SwitchHeader sh;
Bits_memcpyConst(&sh, message->bytes, Headers_SwitchHeader_SIZE);
context->switchHeader = &sh;
Message_shift(message, -Headers_SwitchHeader_SIZE);
struct Headers_IP6Header ip6;
Bits_memcpyConst(&ip6, message->bytes, Headers_IP6Header_SIZE);
context->ip6Header = &ip6;
Message_shift(message, -Headers_IP6Header_SIZE);
return incomingForMe(message, context, herPublicKey);
}
/**
* Send a message to another switch.
* Switchheader will precede the message.
*/
static inline uint8_t sendToSwitch(struct Message* message,
struct Headers_SwitchHeader* destinationSwitchHeader,
struct Ducttape* context)
{
Message_shift(message, Headers_SwitchHeader_SIZE);
struct Headers_SwitchHeader* switchHeaderLocation =
(struct Headers_SwitchHeader*) message->bytes;
if (destinationSwitchHeader != switchHeaderLocation) {
memmove(message->bytes, destinationSwitchHeader, Headers_SwitchHeader_SIZE);
}
return context->switchInterface.receiveMessage(message, &context->switchInterface);
}
/**
* This is called as sendMessage() by the switch.
* There is only one switch interface which sends all traffic.
* message is aligned on the beginning of the switch header.
*/
static uint8_t incomingFromSwitch(struct Message* message, struct Interface* switchIf)
{
struct Context* context = switchIf->senderContext;
struct Headers_SwitchHeader* switchHeader = (struct Headers_SwitchHeader*) message->bytes;
Message_shift(message, -Headers_SwitchHeader_SIZE);
// The label comes in reversed from the switch because the switch doesn't know that we aren't
// another switch ready to parse more bits, bit reversing the label yields the source address.
switchHeader->label_be = Bits_bitReverse64(switchHeader->label_be);
if (Headers_getMessageType(switchHeader) == MessageType_CONTROL) {
struct Control* ctrl = (struct Control*) (switchHeader + 1);
if (ctrl->type_be == Control_ERROR_be) {
if (memcmp(&ctrl->content.error.cause.label_be, &switchHeader->label_be, 8)) {
Log_warn(context->logger,
"Different label for cause than return packet, this shouldn't happen. "
"Perhaps a packet was corrupted.\n");
return 0;
}
uint32_t errType_be = ctrl->content.error.errorType_be;
if (errType_be == Endian_bigEndianToHost32(Error_MALFORMED_ADDRESS)) {
Log_info(context->logger, "Got malformed-address error, removing route.\n");
RouterModule_brokenPath(switchHeader->label_be, context->routerModule);
return 0;
}
Log_info1(context->logger,
"Got error packet, error type: %d",
Endian_bigEndianToHost32(errType_be));
}
return 0;
}
uint8_t* herKey = extractPublicKey(message, switchHeader->label_be, context->logger);
int herAddrIndex;
if (herKey) {
uint8_t herAddrStore[16];
AddressCalc_addressForPublicKey(herAddrStore, herKey);
if (herAddrStore[0] != 0xFC) {
Log_debug(context->logger,
"Got message from peer whose address is not in fc00::/8 range.\n");
return 0;
}
herAddrIndex = AddressMapper_put(switchHeader->label_be, herAddrStore, &context->addrMap);
} else {
herAddrIndex = AddressMapper_indexOf(switchHeader->label_be, &context->addrMap);
if (herAddrIndex == -1) {
struct Node* n = RouterModule_getNode(switchHeader->label_be, context->routerModule);
if (n) {
herAddrIndex = AddressMapper_put(switchHeader->label_be,
n->address.ip6.bytes,
&context->addrMap);
} else {
#ifdef Log_DEBUG
uint8_t switchAddr[20];
struct Address addr;
addr.networkAddress_be = switchHeader->label_be;
Address_printNetworkAddress(switchAddr, &addr);
Log_debug1(context->logger,
"Dropped traffic packet from unknown node. (%s)\n",
&switchAddr);
#endif
return 0;
}
}
}
uint8_t* herAddr = context->addrMap.addresses[herAddrIndex];
// This is needed so that the priority and other information
// from the switch header can be passed on properly.
context->switchHeader = switchHeader;
context->session = SessionManager_getSession(herAddr, herKey, context->sm);
// This goes to incomingFromCryptoAuth()
// then incomingFromRouter() then core()
context->layer = OUTER_LAYER;
context->session->receiveMessage(message, context->session);
return 0;
}
/**
* This is called as sendMessage() by the switch.
* There is only one switch interface which sends all traffic.
* message is aligned on the beginning of the switch header.
*/
static uint8_t incomingFromSwitch(struct Message* message, struct Interface* switchIf)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*)switchIf->senderContext);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, true);
struct Headers_SwitchHeader* switchHeader = (struct Headers_SwitchHeader*) message->bytes;
Message_shift(message, -Headers_SwitchHeader_SIZE);
// The label comes in reversed from the switch because the switch doesn't know that we aren't
// another switch ready to parse more bits, bit reversing the label yields the source address.
switchHeader->label_be = Bits_bitReverse64(switchHeader->label_be);
if (Headers_getMessageType(switchHeader) == Headers_SwitchHeader_TYPE_CONTROL) {
return handleControlMessage(context, message, switchHeader, switchIf);
}
if (message->length < 8) {
Log_info(context->logger, "runt");
return Error_INVALID;
}
#ifdef Version_2_COMPAT
translateVersion2(message, dtHeader);
#endif
// #1 try to get the session using the handle.
uint32_t nonceOrHandle = Endian_bigEndianToHost32(((uint32_t*)message->bytes)[0]);
struct SessionManager_Session* session = NULL;
if (nonceOrHandle > 3) {
// Run message, it's a handle.
session = SessionManager_sessionForHandle(nonceOrHandle, context->sm);
Message_shift(message, -4);
if (session) {
uint32_t nonce = Endian_bigEndianToHost32(((uint32_t*)message->bytes)[0]);
if (nonce == ~0u) {
Log_debug(context->logger, "Got connectToMe packet at switch layer");
return 0;
}
debugHandlesAndLabel(context->logger, session,
Endian_bigEndianToHost64(switchHeader->label_be),
"running session nonce[%u]",
nonce);
dtHeader->receiveHandle = nonceOrHandle;
} else {
Log_debug(context->logger, "Got message with unrecognized handle");
}
} else if (message->length >= Headers_CryptoAuth_SIZE) {
union Headers_CryptoAuth* caHeader = (union Headers_CryptoAuth*) message->bytes;
uint8_t ip6[16];
uint8_t* herKey = caHeader->handshake.publicKey;
AddressCalc_addressForPublicKey(ip6, herKey);
// a packet which claims to be "from us" causes problems
if (AddressCalc_validAddress(ip6) && Bits_memcmp(ip6, &context->myAddr, 16)) {
session = SessionManager_getSession(ip6, herKey, context->sm);
debugHandlesAndLabel(context->logger, session,
Endian_bigEndianToHost64(switchHeader->label_be),
"new session nonce[%d]", nonceOrHandle);
dtHeader->receiveHandle = Endian_bigEndianToHost32(session->receiveHandle_be);
} else {
Log_debug(context->logger, "Got message with invalid ip addr");
}
}
if (!session) {
#ifdef Log_INFO
uint8_t path[20];
AddrTools_printPath(path, Endian_bigEndianToHost64(switchHeader->label_be));
Log_info(context->logger, "Dropped traffic packet from unknown node. [%s]", path);
#endif
return 0;
}
// This is needed so that the priority and other information
// from the switch header can be passed on properly.
dtHeader->switchHeader = switchHeader;
// This goes to incomingFromCryptoAuth()
// then incomingFromRouter() then core()
dtHeader->layer = Ducttape_SessionLayer_OUTER;
if (session->iface.receiveMessage(message, &session->iface) == Error_AUTHENTICATION) {
debugHandlesAndLabel(context->logger, session,
Endian_bigEndianToHost64(switchHeader->label_be),
"Failed decrypting message NoH[%d] state[%d]",
nonceOrHandle, CryptoAuth_getState(&session->iface));
return Error_AUTHENTICATION;
}
return 0;
}
static bool ip6MatchesKey(uint8_t ip6[16], uint8_t key[32])
{
uint8_t calculatedIp6[16];
AddressCalc_addressForPublicKey(calculatedIp6, key);
return !Bits_memcmp(ip6, calculatedIp6, 16);
}
static void udpConnectTo(String* connectToAddress,
Dict* config,
struct UDPInterface* udpContext,
struct Context* ctx)
{
String* password = Dict_getString(config, BSTR("password"));
int64_t* authType = Dict_getInt(config, BSTR("authType"));
String* publicKey = Dict_getString(config, BSTR("publicKey"));
int64_t* trust = Dict_getInt(config, BSTR("trust"));
#define FAIL_IF_NULL(cannotBeNull, fieldName) \
if (!cannotBeNull) { \
fprintf(stderr, \
"interfaces.UDPInterface['%s']." fieldName " is not set, " \
"this field is mandatory.\n", \
connectToAddress->bytes); \
exit(-1); \
}
FAIL_IF_NULL(password, "password")
FAIL_IF_NULL(authType, "authType")
FAIL_IF_NULL(publicKey, "publicKey")
FAIL_IF_NULL(trust, "trust")
#undef FAIL_IF_NULL
#define CHECK_RANGE(number, min, max) \
if (number < min || number > max) { \
fprintf(stderr, \
"interfaces.UDPInterface['%s'].number must be between min and max\n", \
connectToAddress->bytes); \
exit(-1); \
}
CHECK_RANGE(*authType, 1, 255)
CHECK_RANGE(*trust, 0, INT64_MAX)
#undef CHECK_RANGE
uint8_t pkBytes[32];
if (publicKey->len < 52 || Base32_decode(pkBytes, 32, (uint8_t*)publicKey->bytes, 52) != 32) {
fprintf(stderr,
"interfaces.UDPInterface['%s'].publicKey could not be parsed.\n",
connectToAddress->bytes);
exit(-1);
}
uint8_t addressBytes[16];
AddressCalc_addressForPublicKey(addressBytes, pkBytes);
if (addressBytes[0] != 0xFC) {
fprintf(stderr,
"interfaces.UDPInterface['%s'].publicKey\n( %s )\nis not in FC00/8 range, "
"it was probably mistranscribed.\n",
connectToAddress->bytes,
publicKey->bytes);
exit(-1);
}
struct Interface* udp =
UDPInterface_addEndpoint(udpContext, connectToAddress->bytes, ctx->eHandler);
struct Interface* authedUdp = CryptoAuth_wrapInterface(udp, pkBytes, false, true, ctx->ca);
CryptoAuth_setAuth(password, *authType, authedUdp);
uint64_t switchAddr_be;
SwitchCore_addInterface(authedUdp, *trust, &switchAddr_be, ctx->switchCore);
struct Address addr;
memset(&addr, 0, sizeof(struct Address));
memcpy(addr.key, pkBytes, 32);
addr.networkAddress_be = switchAddr_be;
RouterModule_addNode(&addr, ctx->routerModule);
}
int main()
{
// This is valid benc but it takes over 75k of memory (on an amd64)
// to build a structure representing it.
char* evilBenc =
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"d1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:ad1:a"
"3:lol"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee";
struct Ducttape* dt = TestFramework_setUp();
struct Allocator* allocator = MallocAllocator_new(85000);
uint16_t buffLen = sizeof(struct Ducttape_IncomingForMe) + 8 + strlen(evilBenc);
uint8_t* buff = allocator->calloc(buffLen, 1, allocator);
struct Headers_IP6Header* ip6 = (struct Headers_IP6Header*) (buff + Headers_SwitchHeader_SIZE);
uint8_t* herPublicKey = (uint8_t*) "0123456789abcdefghijklmnopqrstuv";
AddressCalc_addressForPublicKey(ip6->sourceAddr, herPublicKey);
struct Headers_UDPHeader* udp = (struct Headers_UDPHeader*) (ip6 + 1);
ip6->hopLimit = 0;
ip6->nextHeader = 17;
udp->sourceAndDestPorts = 0;
udp->length_be = Endian_hostToBigEndian16(strlen(evilBenc));
strncpy((char*)(udp + 1), evilBenc, strlen(evilBenc));
struct Message m = { .bytes = buff, .length = buffLen, .padding = 0 };
Ducttape_injectIncomingForMe(&m, dt, herPublicKey);
}
int main()
{
AddressCalc_addressForPublicKey(nodeCjdnsIp6, fakePubKey);
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Log* logger = FileWriterLog_new(stdout, alloc);
struct Random* rand = Random_new(alloc, logger, NULL);
struct EventBase* eb = EventBase_new(alloc);
struct IpTunnel* ipTun = IpTunnel_new(logger, eb, alloc, rand);
struct Sockaddr_storage ip6ToGive;
Sockaddr_parse("fd01:0101:0101:0101:0101:0101:0101:0101", &ip6ToGive);
IpTunnel_allowConnection(fakePubKey, &ip6ToGive.addr, 0, NULL, 0, ipTun);
struct Message* message;
Message_STACK(message, 64, 512);
message->alloc = alloc;
const char* requestForAddresses =
"d"
"1:q" "21:IpTunnel_getAddresses"
"4:txid" "4:abcd"
"e";
CString_strcpy((char*)message->bytes, requestForAddresses);
message->length = CString_strlen(requestForAddresses);
Message_shift(message, Headers_UDPHeader_SIZE, NULL);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
uh->srcPort_be = 0;
uh->destPort_be = 0;
uh->length_be = Endian_hostToBigEndian16(message->length - Headers_UDPHeader_SIZE);
uint16_t* checksum = &uh->checksum_be;
*checksum = 0;
uint32_t length = message->length;
Message_shift(message, Headers_IP6Header_SIZE, NULL);
struct Headers_IP6Header* ip = (struct Headers_IP6Header*) message->bytes;
ip->versionClassAndFlowLabel = 0;
ip->flowLabelLow_be = 0;
ip->payloadLength_be = Endian_hostToBigEndian16(length);
ip->nextHeader = 17;
ip->hopLimit = 255;
Bits_memset(ip->sourceAddr, 0, 32);
Headers_setIpVersion(ip);
Message_shift(message, RouteHeader_SIZE + DataHeader_SIZE, NULL);
struct RouteHeader* rh = (struct RouteHeader*) message->bytes;
struct DataHeader* dh = (struct DataHeader*) &rh[1];
Bits_memset(rh, 0, RouteHeader_SIZE + DataHeader_SIZE);
Bits_memcpy(rh->ip6, nodeCjdnsIp6, 16);
Bits_memcpy(rh->publicKey, fakePubKey, 32);
DataHeader_setContentType(dh, ContentType_IPTUN);
*checksum = Checksum_udpIp6(ip->sourceAddr, (uint8_t*) uh, length);
int origCap = message->capacity;
int origLen = message->length;
struct Iface nodeIface = { .send = responseWithIpCallback };
Iface_plumb(&nodeIface, &ipTun->nodeInterface);
struct Iface tunIface = { .send = messageToTun };
Iface_plumb(&tunIface, &ipTun->tunInterface);
Iface_send(&nodeIface, message);
Assert_true(called == 2);
called = 0;
// This is a hack, reusing the message will cause breakage if IpTunnel is refactored.
Message_reset(message);
Message_shift(message, origCap, NULL);
message->length = origLen;
Bits_memcpy(ip->sourceAddr, fakeIp6ToGive, 16);
// This can't be zero.
Bits_memset(ip->destinationAddr, 1, 16);
Iface_send(&nodeIface, message);
Assert_true(called == 1);
Allocator_free(alloc);
return 0;
}
static int handleOutgoing(struct DHTMessage* dmessage,
void* vcontext)
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*) vcontext);
struct Message message = {
.length = dmessage->length,
.bytes = (uint8_t*) dmessage->bytes,
.padding = 512,
.capacity = DHTMessage_MAX_SIZE
};
Message_shift(&message, Headers_UDPHeader_SIZE);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message.bytes;
uh->sourceAndDestPorts = 0;
uh->length_be = Endian_hostToBigEndian16(dmessage->length);
uh->checksum_be = 0;
uint16_t payloadLength = message.length;
Message_shift(&message, Headers_IP6Header_SIZE);
struct Headers_IP6Header* header = (struct Headers_IP6Header*) message.bytes;
header->versionClassAndFlowLabel = 0;
header->flowLabelLow_be = 0;
header->nextHeader = 17;
header->hopLimit = 0;
header->payloadLength_be = Endian_hostToBigEndian16(payloadLength);
Bits_memcpyConst(header->sourceAddr,
context->myAddr.ip6.bytes,
Address_SEARCH_TARGET_SIZE);
Bits_memcpyConst(header->destinationAddr,
dmessage->address->ip6.bytes,
Address_SEARCH_TARGET_SIZE);
#ifdef Log_DEBUG
Assert_true(!((uintptr_t)dmessage->bytes % 4) || !"alignment fault");
#endif
uh->checksum_be =
Checksum_udpIp6(header->sourceAddr, (uint8_t*) uh, message.length - Headers_IP6Header_SIZE);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(&message, true);
dtHeader->ip6Header = header;
dtHeader->switchLabel = dmessage->address->path;
struct SessionManager_Session* session =
SessionManager_getSession(dmessage->address->ip6.bytes,
dmessage->address->key,
context->sm);
if (session->version == Version_DEFAULT_ASSUMPTION && dmessage->replyTo) {
int64_t* verPtr = Dict_getInt(dmessage->replyTo->asDict, String_CONST("p"));
session->version = (verPtr) ? *verPtr : Version_DEFAULT_ASSUMPTION;
}
if (session->version == Version_DEFAULT_ASSUMPTION) {
struct Node* n = RouterModule_getNode(dmessage->address->path, context->routerModule);
if (n) {
n->version = session->version =
(n->version > session->version) ? n->version : session->version;
}
}
sendToRouter(&message, dtHeader, session, context);
return 0;
}
// Aligned on the beginning of the content.
static inline bool isRouterTraffic(struct Message* message, struct Headers_IP6Header* ip6)
{
if (ip6->nextHeader != 17 || ip6->hopLimit != 0) {
return false;
}
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
return message->length >= Headers_UDPHeader_SIZE
&& uh->sourceAndDestPorts == 0
&& (int) Endian_bigEndianToHost16(uh->length_be) ==
(message->length - Headers_UDPHeader_SIZE);
}
#define debugHandles(logger, session, message, ...) \
do { \
uint8_t ip[40]; \
AddrTools_printIp(ip, session->ip6); \
Log_debug(logger, "ver[%u] send[%d] recv[%u] ip[%s] " message, \
session->version, \
Endian_hostToBigEndian32(session->sendHandle_be), \
Endian_hostToBigEndian32(session->receiveHandle_be), \
ip, \
__VA_ARGS__); \
} while (0)
//CHECKFILES_IGNORE expecting a ;
#define debugHandles0(logger, session, message) \
debugHandles(logger, session, message "%s", "")
#define debugHandlesAndLabel(logger, session, label, message, ...) \
do { \
uint8_t path[20]; \
AddrTools_printPath(path, label); \
debugHandles(logger, session, "path[%s] " message, path, __VA_ARGS__); \
} while (0)
//CHECKFILES_IGNORE expecting a ;
#define debugHandlesAndLabel0(logger, session, label, message) \
debugHandlesAndLabel(logger, session, label, "%s", message)
/**
* Message which is for us, message is aligned on the beginning of the content.
* this is called from core() which calls through an interfaceMap.
*/
static inline uint8_t incomingForMe(struct Message* message,
struct Ducttape_MessageHeader* dtHeader,
struct SessionManager_Session* session,
struct Ducttape_pvt* context,
uint8_t herPublicKey[32])
{
struct Address addr;
Bits_memcpyConst(addr.ip6.bytes, session->ip6, 16);
//AddressCalc_addressForPublicKey(addr.ip6.bytes, herPubKey);
if (Bits_memcmp(addr.ip6.bytes, dtHeader->ip6Header->sourceAddr, 16)) {
#ifdef Log_DEBUG
uint8_t keyAddr[40];
Address_printIp(keyAddr, &addr);
Bits_memcpyConst(addr.ip6.bytes, dtHeader->ip6Header->sourceAddr, 16);
uint8_t srcAddr[40];
Address_printIp(srcAddr, &addr);
Log_debug(context->logger,
"Dropped packet because source address is not same as key.\n"
" %s source addr\n"
" %s hash of key\n",
srcAddr,
keyAddr);
#endif
return Error_INVALID;
}
if (isRouterTraffic(message, dtHeader->ip6Header)) {
// Check the checksum.
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
if (Checksum_udpIp6(dtHeader->ip6Header->sourceAddr, (uint8_t*)uh, message->length)) {
#ifdef Log_DEBUG
uint8_t keyAddr[40];
Address_printIp(keyAddr, &addr);
Log_debug(context->logger,
"Router packet with incorrect checksum, from [%s]", keyAddr);
#endif
return Error_INVALID;
}
// Shift off the UDP header.
Message_shift(message, -Headers_UDPHeader_SIZE);
addr.path = Endian_bigEndianToHost64(dtHeader->switchHeader->label_be);
Bits_memcpyConst(addr.key, herPublicKey, 32);
return incomingDHT(message, &addr, context);
}
if (!context->userIf) {
Log_warn(context->logger,
"Dropping message because there is no router interface configured.\n");
return Error_UNDELIVERABLE;
}
// prevent router advertizement schenanigans
if (dtHeader->ip6Header->hopLimit == 255) {
dtHeader->ip6Header->hopLimit--;
}
// Now write a message to the TUN device.
// Need to move the ipv6 header forward up to the content because there's a crypto header
// between the ipv6 header and the content which just got eaten.
Message_shift(message, Headers_IP6Header_SIZE);
uint16_t sizeDiff = message->bytes - (uint8_t*)dtHeader->ip6Header;
if (sizeDiff) {
dtHeader->ip6Header->payloadLength_be =
Endian_hostToBigEndian16(
Endian_bigEndianToHost16(dtHeader->ip6Header->payloadLength_be) - sizeDiff);
Bits_memmoveConst(message->bytes, dtHeader->ip6Header, Headers_IP6Header_SIZE);
}
TUNMessageType_push(message, Ethernet_TYPE_IP6);
context->userIf->sendMessage(message, context->userIf);
return Error_NONE;
}
uint8_t Ducttape_injectIncomingForMe(struct Message* message,
struct Ducttape* dt,
uint8_t herPublicKey[32])
{
struct Ducttape_pvt* context = Identity_cast((struct Ducttape_pvt*)dt);
struct Ducttape_MessageHeader* dtHeader = getDtHeader(message, true);
struct Headers_SwitchHeader sh;
Bits_memcpyConst(&sh, message->bytes, Headers_SwitchHeader_SIZE);
dtHeader->switchHeader = &sh;
Message_shift(message, -Headers_SwitchHeader_SIZE);
struct Headers_IP6Header ip6;
Bits_memcpyConst(&ip6, message->bytes, Headers_IP6Header_SIZE);
dtHeader->ip6Header = &ip6;
Message_shift(message, -Headers_IP6Header_SIZE);
struct SessionManager_Session s;
AddressCalc_addressForPublicKey(s.ip6, herPublicKey);
s.version = Version_CURRENT_PROTOCOL;
return incomingForMe(message, dtHeader, &s, context, herPublicKey);
}
/**
* Send a message to another switch.
* Switchheader will precede the message.
*/
static inline uint8_t sendToSwitch(struct Message* message,
struct Ducttape_MessageHeader* dtHeader,
struct SessionManager_Session* session,
struct Ducttape_pvt* context)
{
uint64_t label = dtHeader->switchLabel;
if (CryptoAuth_getState(&session->iface) >= CryptoAuth_HANDSHAKE3) {
debugHandlesAndLabel0(context->logger, session, label, "layer2 sending run message");
uint32_t sendHandle_be = session->sendHandle_be;
#ifdef Version_2_COMPAT
if (session->version < 3) {
sendHandle_be |= HANDLE_FLAG_BIT_be;
}
#endif
Message_push(message, &sendHandle_be, 4);
} else {
debugHandlesAndLabel0(context->logger, session, label, "layer2 sending start message");
#ifdef Version_2_COMPAT
if (session->version < 3) {
Message_push(message, &session->receiveHandle_be, 4);
}
#endif
}
Message_shift(message, Headers_SwitchHeader_SIZE);
Assert_true(message->bytes == (uint8_t*)dtHeader->switchHeader);
return context->switchInterface.receiveMessage(message, &context->switchInterface);
}
int main()
{
AddressCalc_addressForPublicKey(nodeCjdnsIp6, fakePubKey);
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Writer* w = FileWriter_new(stdout, alloc);
struct Log* logger = WriterLog_new(w, alloc);
struct Random* rand = Random_new(alloc, logger, NULL);
struct EventBase* eb = EventBase_new(alloc);
struct IpTunnel* ipTun = IpTunnel_new(logger, eb, alloc, rand, NULL);
struct Sockaddr_storage ip6ToGive;
Sockaddr_parse("fd01:0101:0101:0101:0101:0101:0101:0101", &ip6ToGive);
IpTunnel_allowConnection(fakePubKey, &ip6ToGive.addr, NULL, ipTun);
struct Message* message;
Message_STACK(message, 64, 512);
message->alloc = alloc;
const char* requestForAddresses =
"d"
"1:q" "21:IpTunnel_getAddresses"
"4:txid" "4:abcd"
"e";
CString_strcpy((char*)message->bytes, requestForAddresses);
message->length = CString_strlen(requestForAddresses);
Message_shift(message, Headers_UDPHeader_SIZE, NULL);
struct Headers_UDPHeader* uh = (struct Headers_UDPHeader*) message->bytes;
uh->srcPort_be = 0;
uh->destPort_be = 0;
uh->length_be = Endian_hostToBigEndian16(message->length - Headers_UDPHeader_SIZE);
uint16_t* checksum = &uh->checksum_be;
*checksum = 0;
uint32_t length = message->length;
Message_shift(message, Headers_IP6Header_SIZE, NULL);
struct Headers_IP6Header* ip = (struct Headers_IP6Header*) message->bytes;
ip->versionClassAndFlowLabel = 0;
ip->flowLabelLow_be = 0;
ip->payloadLength_be = Endian_hostToBigEndian16(length);
ip->nextHeader = 17;
ip->hopLimit = 255;
Bits_memset(ip->sourceAddr, 0, 32);
Headers_setIpVersion(ip);
Message_shift(message, IpTunnel_PacketInfoHeader_SIZE, NULL);
struct IpTunnel_PacketInfoHeader* pi = (struct IpTunnel_PacketInfoHeader*) message->bytes;
Bits_memcpyConst(pi->nodeIp6Addr, nodeCjdnsIp6, 16);
Bits_memcpyConst(pi->nodeKey, fakePubKey, 32);
*checksum = Checksum_udpIp6(ip->sourceAddr, (uint8_t*) uh, length);
ipTun->nodeInterface.receiveMessage = responseWithIpCallback;
ipTun->nodeInterface.sendMessage(message, &ipTun->nodeInterface);
Assert_true(called);
called = 0;
// Now create a message for someone else.
Message_shift(message,
Headers_UDPHeader_SIZE
+ Headers_IP6Header_SIZE
+ IpTunnel_PacketInfoHeader_SIZE,
NULL);
Bits_memcpyConst(ip->sourceAddr, fakeIp6ToGive, 16);
// This can't be zero.
Bits_memset(ip->destinationAddr, 1, 16);
ipTun->tunInterface.receiveMessage = messageToTun;
ipTun->nodeInterface.sendMessage(message, &ipTun->nodeInterface);
Assert_true(called);
Allocator_free(alloc);
return 0;
}
static uint8_t encryptHandshake(struct Message* message,
struct CryptoAuth_Wrapper* wrapper,
int setupMessage)
{
Message_shift(message, sizeof(union Headers_CryptoAuth), NULL);
union Headers_CryptoAuth* header = (union Headers_CryptoAuth*) message->bytes;
// garbage the auth challenge and set the nonce which follows it
Random_bytes(wrapper->context->rand, (uint8_t*) &header->handshake.auth,
sizeof(union Headers_AuthChallenge) + 24);
// set the permanent key
Bits_memcpyConst(&header->handshake.publicKey, wrapper->context->pub.publicKey, 32);
if (!knowHerKey(wrapper)) {
return genReverseHandshake(message, wrapper, header);
} else if (!Bits_isZero(wrapper->herIp6, 16)) {
// If someone starts a CA session and then discovers the key later and memcpy's it into the
// result of getHerPublicKey() then we want to make sure they didn't memcpy in an invalid
// key.
uint8_t calculatedIp6[16];
AddressCalc_addressForPublicKey(calculatedIp6, wrapper->herPerminentPubKey);
Assert_true(!Bits_memcmp(wrapper->herIp6, calculatedIp6, 16));
}
if (wrapper->bufferedMessage) {
// We wanted to send a message but we didn't know the peer's key so we buffered it
// and sent a connectToMe.
// Now we just discovered their key and we're sending a hello packet.
// Lets send 2 hello packets instead and on one will attach our buffered message.
// This can never happen when the machine is beyond the first hello packet because
// it should have been sent either by this or in the recipet of a hello packet from
// the other node.
Assert_true(wrapper->nextNonce == 0);
struct Message* bm = wrapper->bufferedMessage;
wrapper->bufferedMessage = NULL;
cryptoAuthDebug0(wrapper, "Sending buffered message");
sendMessage(bm, &wrapper->externalInterface);
Allocator_free(bm->alloc);
}
// Password auth
uint8_t* passwordHash = NULL;
struct CryptoAuth_Auth auth;
if (wrapper->password != NULL) {
passwordHash = hashPassword(&auth, wrapper->password, wrapper->authType);
Bits_memcpyConst(header->handshake.auth.bytes,
&auth.challenge,
sizeof(union Headers_AuthChallenge));
}
header->handshake.auth.challenge.type = wrapper->authType;
// Packet authentication option is deprecated, it must always be enabled.
Headers_setPacketAuthRequired(&header->handshake.auth, 1);
// This is a special packet which the user should never see.
Headers_setSetupPacket(&header->handshake.auth, setupMessage);
// Set the session state
uint32_t sessionState_be = Endian_hostToBigEndian32(wrapper->nextNonce);
header->nonce = sessionState_be;
if (wrapper->nextNonce == 0 || wrapper->nextNonce == 2) {
// If we're sending a hello or a key
// Here we make up a temp keypair
Random_bytes(wrapper->context->rand, wrapper->ourTempPrivKey, 32);
crypto_scalarmult_curve25519_base(wrapper->ourTempPubKey, wrapper->ourTempPrivKey);
#ifdef Log_KEYS
uint8_t tempPrivateKeyHex[65];
Hex_encode(tempPrivateKeyHex, 65, wrapper->ourTempPrivKey, 32);
uint8_t tempPubKeyHex[65];
Hex_encode(tempPubKeyHex, 65, header->handshake.encryptedTempKey, 32);
Log_keys(wrapper->context->logger, "Generating temporary keypair\n"
" myTempPrivateKey=%s\n"
" myTempPublicKey=%s\n",
tempPrivateKeyHex, tempPubKeyHex);
#endif
}
Bits_memcpyConst(header->handshake.encryptedTempKey, wrapper->ourTempPubKey, 32);
#ifdef Log_KEYS
uint8_t tempKeyHex[65];
Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32);
Log_keys(wrapper->context->logger,
"Wrapping temp public key:\n"
" %s\n",
tempKeyHex);
#endif
cryptoAuthDebug(wrapper, "Sending %s%s packet",
((wrapper->nextNonce & 1) ? "repeat " : ""),
((wrapper->nextNonce < 2) ? "hello" : "key"));
uint8_t sharedSecret[32];
if (wrapper->nextNonce < 2) {
getSharedSecret(sharedSecret,
wrapper->context->privateKey,
wrapper->herPerminentPubKey,
passwordHash,
wrapper->context->logger);
wrapper->isInitiator = true;
Assert_true(wrapper->nextNonce <= 1);
wrapper->nextNonce = 1;
} else {
// Handshake2
// herTempPubKey was set by receiveMessage()
Assert_ifParanoid(!Bits_isZero(wrapper->herTempPubKey, 32));
getSharedSecret(sharedSecret,
wrapper->context->privateKey,
wrapper->herTempPubKey,
passwordHash,
wrapper->context->logger);
Assert_true(wrapper->nextNonce <= 3);
wrapper->nextNonce = 3;
#ifdef Log_KEYS
uint8_t tempKeyHex[65];
Hex_encode(tempKeyHex, 65, wrapper->herTempPubKey, 32);
Log_keys(wrapper->context->logger,
"Using their temp public key:\n"
" %s\n",
tempKeyHex);
#endif
}
// Shift message over the encryptedTempKey field.
Message_shift(message, 32 - Headers_CryptoAuth_SIZE, NULL);
encryptRndNonce(header->handshake.nonce, message, sharedSecret);
#ifdef Log_KEYS
uint8_t sharedSecretHex[65];
printHexKey(sharedSecretHex, sharedSecret);
uint8_t nonceHex[49];
Hex_encode(nonceHex, 49, header->handshake.nonce, 24);
uint8_t cipherHex[65];
printHexKey(cipherHex, message->bytes);
Log_keys(wrapper->context->logger,
"Encrypting message with:\n"
" nonce: %s\n"
" secret: %s\n"
" cipher: %s\n",
nonceHex, sharedSecretHex, cipherHex);
#endif
// Shift it back -- encryptRndNonce adds 16 bytes of authenticator.
Message_shift(message, Headers_CryptoAuth_SIZE - 32 - 16, NULL);
return wrapper->wrappedInterface->sendMessage(message, wrapper->wrappedInterface);
}
static void adminPeerStats(Dict* args, void* vcontext, String* txid, struct Allocator* alloc)
{
struct Context* context = Identity_check((struct Context*)vcontext);
struct InterfaceController_PeerStats* stats = NULL;
int64_t* page = Dict_getInt(args, String_CONST("page"));
int i = (page) ? *page * ENTRIES_PER_PAGE : 0;
int count = InterfaceController_getPeerStats(context->ic, alloc, &stats);
String* bytesIn = String_CONST("bytesIn");
String* bytesOut = String_CONST("bytesOut");
String* pubKey = String_CONST("publicKey");
String* addr = String_CONST("addr");
String* state = String_CONST("state");
String* last = String_CONST("last");
String* switchLabel = String_CONST("switchLabel");
String* isIncoming = String_CONST("isIncoming");
String* user = String_CONST("user");
String* version = String_CONST("version");
String* duplicates = String_CONST("duplicates");
String* lostPackets = String_CONST("lostPackets");
String* receivedOutOfRange = String_CONST("receivedOutOfRange");
List* list = List_new(alloc);
for (int counter=0; i < count && counter++ < ENTRIES_PER_PAGE; i++) {
Dict* d = Dict_new(alloc);
Dict_putInt(d, bytesIn, stats[i].bytesIn, alloc);
Dict_putInt(d, bytesOut, stats[i].bytesOut, alloc);
Dict_putString(d, addr, Address_toString(&stats[i].addr, alloc), alloc);
Dict_putString(d, pubKey, Key_stringify(stats[i].addr.key, alloc), alloc);
String* stateString = String_new(InterfaceController_stateString(stats[i].state), alloc);
Dict_putString(d, state, stateString, alloc);
Dict_putInt(d, last, stats[i].timeOfLastMessage, alloc);
uint8_t labelStack[20];
AddrTools_printPath(labelStack, stats[i].addr.path);
Dict_putString(d, switchLabel, String_new((char*)labelStack, alloc), alloc);
Dict_putInt(d, isIncoming, stats[i].isIncomingConnection, alloc);
Dict_putInt(d, duplicates, stats[i].duplicates, alloc);
Dict_putInt(d, lostPackets, stats[i].lostPackets, alloc);
Dict_putInt(d, receivedOutOfRange, stats[i].receivedOutOfRange, alloc);
if (stats[i].user) {
Dict_putString(d, user, stats[i].user, alloc);
}
uint8_t address[16];
AddressCalc_addressForPublicKey(address, stats[i].addr.key);
Dict_putInt(d, version, stats[i].addr.protocolVersion, alloc);
List_addDict(list, d, alloc);
}
Dict* resp = Dict_new(alloc);
Dict_putList(resp, String_CONST("peers"), list, alloc);
Dict_putInt(resp, String_CONST("total"), count, alloc);
if (i < count) {
Dict_putInt(resp, String_CONST("more"), 1, alloc);
}
Dict_putString(resp, String_CONST("deprecation"),
String_CONST("publicKey,switchLabel,version will soon be removed"), alloc);
Admin_sendMessage(resp, txid, context->admin);
}
static struct Address* createAddress(int mostSignificantAddressSpaceByte, int* hops)
{
uint64_t path = getPath(hops);
struct Address address = { .path = 0 };
if (!genKeys) {
if ((int)(sizeof(KEYS) / sizeof(*KEYS)) < (nextKey + 1)) {
missingKey();
}
Bits_memcpyConst(address.key, KEYS[nextKey], 32);
if (AddressCalc_addressForPublicKey(address.ip6.bytes, address.key)
&& (mostSignificantAddressSpaceByte == -1
|| address.ip6.bytes[8] == mostSignificantAddressSpaceByte))
{
nextKey++;
uint8_t publicKeyHex[65];
Hex_encode(publicKeyHex, 65, address.key, 32);
printf("created new key: [%s]\n", publicKeyHex);
address.path = path;
return Allocator_clone(alloc, &address);
} else {
uint8_t publicKeyHex[65];
Hex_encode(publicKeyHex, 65, address.key, 32);
printf("bad key: [%s]\n", publicKeyHex);
if (address.ip6.ints.three) {
uint8_t printedAddr[40];
AddrTools_printIp(printedAddr, address.ip6.bytes);
printf("addr: [%s]\n", printedAddr);
}
missingKey();
}
}
for (;;) {
Random_bytes(rand, address.key, 32);
// Brute force for keys until one matches FC00:/8
if (AddressCalc_addressForPublicKey(address.ip6.bytes, address.key)
&& (mostSignificantAddressSpaceByte == -1
|| address.ip6.bytes[8] == mostSignificantAddressSpaceByte))
{
uint8_t publicKeyHex[65];
Hex_encode(publicKeyHex, 65, address.key, 32);
printf("created new key: [%s]\n", publicKeyHex);
address.path = path;
return Allocator_clone(alloc, &address);
}
}
}
static struct Address* randomIp(int* hops)
{
return createAddress(-1, hops);
}
// This creates a random address which is a peer
static struct Address* randomAddress()
{
return randomIp((int[]){0,1}/*0x13*/);
}
static void encryptHandshake(struct Message* message,
struct CryptoAuth_Session_pvt* session,
int setupMessage)
{
Message_shift(message, sizeof(union CryptoHeader), NULL);
union CryptoHeader* header = (union CryptoHeader*) message->bytes;
// garbage the auth challenge and set the nonce which follows it
Random_bytes(session->context->rand, (uint8_t*) &header->handshake.auth,
sizeof(union CryptoHeader_Challenge) + 24);
// set the permanent key
Bits_memcpyConst(&header->handshake.publicKey, session->context->pub.publicKey, 32);
Assert_true(knowHerKey(session));
uint8_t calculatedIp6[16];
AddressCalc_addressForPublicKey(calculatedIp6, session->pub.herPublicKey);
if (!Bits_isZero(session->pub.herIp6, 16)) {
// If someone starts a CA session and then discovers the key later and memcpy's it into the
// result of getHerPublicKey() then we want to make sure they didn't memcpy in an invalid
// key.
Assert_true(!Bits_memcmp(session->pub.herIp6, calculatedIp6, 16));
}
// Password auth
uint8_t* passwordHash = NULL;
uint8_t passwordHashStore[32];
if (session->password != NULL) {
hashPassword(passwordHashStore,
&header->handshake.auth,
session->login,
session->password,
session->authType);
passwordHash = passwordHashStore;
} else {
header->handshake.auth.challenge.type = session->authType;
header->handshake.auth.challenge.additional = 0;
}
// Set the session state
header->nonce = Endian_hostToBigEndian32(session->nextNonce);
if (session->nextNonce == 0 || session->nextNonce == 2) {
// If we're sending a hello or a key
// Here we make up a temp keypair
Random_bytes(session->context->rand, session->ourTempPrivKey, 32);
crypto_scalarmult_curve25519_base(session->ourTempPubKey, session->ourTempPrivKey);
if (Defined(Log_KEYS)) {
uint8_t tempPrivateKeyHex[65];
Hex_encode(tempPrivateKeyHex, 65, session->ourTempPrivKey, 32);
uint8_t tempPubKeyHex[65];
Hex_encode(tempPubKeyHex, 65, session->ourTempPubKey, 32);
Log_keys(session->context->logger, "Generating temporary keypair\n"
" myTempPrivateKey=%s\n"
" myTempPublicKey=%s\n",
tempPrivateKeyHex, tempPubKeyHex);
}
}
Bits_memcpyConst(header->handshake.encryptedTempKey, session->ourTempPubKey, 32);
if (Defined(Log_KEYS)) {
uint8_t tempKeyHex[65];
Hex_encode(tempKeyHex, 65, header->handshake.encryptedTempKey, 32);
Log_keys(session->context->logger,
"Wrapping temp public key:\n"
" %s\n",
tempKeyHex);
}
cryptoAuthDebug(session, "Sending %s%s packet",
((session->nextNonce & 1) ? "repeat " : ""),
((session->nextNonce < 2) ? "hello" : "key"));
uint8_t sharedSecret[32];
if (session->nextNonce < 2) {
getSharedSecret(sharedSecret,
session->context->privateKey,
session->pub.herPublicKey,
passwordHash,
session->context->logger);
session->isInitiator = true;
Assert_true(session->nextNonce <= 1);
session->nextNonce = 1;
} else {
// Handshake2
// herTempPubKey was set by decryptHandshake()
Assert_ifParanoid(!Bits_isZero(session->herTempPubKey, 32));
getSharedSecret(sharedSecret,
session->context->privateKey,
session->herTempPubKey,
passwordHash,
session->context->logger);
Assert_true(session->nextNonce <= 3);
session->nextNonce = 3;
if (Defined(Log_KEYS)) {
uint8_t tempKeyHex[65];
Hex_encode(tempKeyHex, 65, session->herTempPubKey, 32);
Log_keys(session->context->logger,
"Using their temp public key:\n"
" %s\n",
tempKeyHex);
}
}
// Shift message over the encryptedTempKey field.
Message_shift(message, 32 - CryptoHeader_SIZE, NULL);
encryptRndNonce(header->handshake.nonce, message, sharedSecret);
if (Defined(Log_KEYS)) {
uint8_t sharedSecretHex[65];
printHexKey(sharedSecretHex, sharedSecret);
uint8_t nonceHex[49];
Hex_encode(nonceHex, 49, header->handshake.nonce, 24);
uint8_t cipherHex[65];
printHexKey(cipherHex, message->bytes);
Log_keys(session->context->logger,
"Encrypting message with:\n"
" nonce: %s\n"
" secret: %s\n"
" cipher: %s\n",
nonceHex, sharedSecretHex, cipherHex);
}
// Shift it back -- encryptRndNonce adds 16 bytes of authenticator.
Message_shift(message, CryptoHeader_SIZE - 32 - 16, NULL);
}
struct TestFramework* TestFramework_setUp(char* privateKey,
struct Allocator* allocator,
struct Log* logger)
{
if (!logger) {
struct Writer* logwriter = FileWriter_new(stdout, allocator);
logger = WriterLog_new(logwriter, allocator);
}
struct Random* rand = Random_new(allocator, logger, NULL);
struct EventBase* base = EventBase_new(allocator);
uint64_t pks[4];
if (!privateKey) {
Random_longs(rand, pks, 4);
privateKey = (char*)pks;
}
uint8_t* publicKey = Allocator_malloc(allocator, 32);
crypto_scalarmult_curve25519_base(publicKey, (uint8_t*)privateKey);
struct Address* myAddress = Allocator_calloc(allocator, sizeof(struct Address), 1);
Bits_memcpyConst(myAddress->key, publicKey, 32);
AddressCalc_addressForPublicKey(myAddress->ip6.bytes, publicKey);
struct SwitchCore* switchCore = SwitchCore_new(logger, allocator);
struct CryptoAuth* ca = CryptoAuth_new(allocator, (uint8_t*)privateKey, base, logger, rand);
struct DHTModuleRegistry* registry = DHTModuleRegistry_new(allocator);
ReplyModule_register(registry, allocator);
struct NodeStore* nodeStore = NodeStore_new(myAddress, 128, allocator, logger, rand);
struct RouterModule* routerModule =
RouterModule_register(registry, allocator, publicKey, base, logger, rand, nodeStore);
struct SearchRunner* searchRunner =
SearchRunner_new(nodeStore, logger, base, routerModule, myAddress->ip6.bytes, allocator);
SerializationModule_register(registry, logger, allocator);
struct IpTunnel* ipTun = IpTunnel_new(logger, base, allocator, rand, NULL);
struct Ducttape* dt =
Ducttape_register((uint8_t*)privateKey, registry, routerModule, searchRunner,
switchCore, base, allocator, logger, ipTun, rand);
struct SwitchPinger* sp = SwitchPinger_new(&dt->switchPingerIf, base, rand, logger, allocator);
// Interfaces.
struct InterfaceController* ifController =
DefaultInterfaceController_new(ca,
switchCore,
routerModule,
logger,
base,
sp,
rand,
allocator);
struct TestFramework* tf = Allocator_clone(allocator, (&(struct TestFramework) {
.alloc = allocator,
.rand = rand,
.eventBase = base,
.logger = logger,
.switchCore = switchCore,
.ducttape = dt,
.cryptoAuth = ca,
.router = routerModule,
.switchPinger = sp,
.ifController = ifController,
.publicKey = publicKey,
.ip = myAddress->ip6.bytes
}));
