static int reconnectionNewEndpointTest(struct InterfaceController* ifController,
uint8_t* pk,
struct Message** fromSwitchPtr,
struct Allocator* alloc,
struct EventBase* eventBase,
struct Log* logger,
struct Interface* routerIf,
struct Random* rand)
{
struct Message* message;
struct Interface iface = {
.sendMessage = messageFromInterface,
.senderContext = &message,
.allocator = alloc
};
uint8_t* buffer = Allocator_malloc(alloc, 512);
struct Message* outgoing =
&(struct Message) { .length = 0, .padding = 512, .bytes = buffer + 512 };
struct CryptoAuth* externalCa = CryptoAuth_new(alloc, NULL, eventBase, logger, rand);
struct Interface* wrapped = CryptoAuth_wrapInterface(&iface, pk, NULL, false, "", externalCa);
CryptoAuth_setAuth(String_CONST("passwd"), 1, wrapped);
struct Interface icIface = {
.allocator = alloc,
.sendMessage = messageFromInterface,
.senderContext = &message
};
InterfaceController_registerPeer(ifController, NULL, NULL, true, false, &icIface);
uint8_t hexBuffer[1025];
for (int i = 0; i < 4; i++) {
outgoing->length = 0;
outgoing->padding = 512;
outgoing->bytes = buffer + 512;
Message_shift(outgoing, 12, NULL);
Bits_memcpyConst(outgoing->bytes, "hello world", 12);
Message_shift(outgoing, SwitchHeader_SIZE, NULL);
Bits_memcpyConst(outgoing->bytes, (&(struct SwitchHeader) {
.label_be = Endian_hostToBigEndian64(1),
.lowBits_be = 0
}), SwitchHeader_SIZE);
wrapped->sendMessage(outgoing, wrapped);
*fromSwitchPtr = NULL;
icIface.receiveMessage(outgoing, &icIface);
message = *fromSwitchPtr;
Assert_true(message);
Assert_true(message->length == 24);
Hex_encode(hexBuffer, 1025, message->bytes, message->length);
printf("%s\n", hexBuffer);
// Need to bounce the packets back when connecting after the first try.
// This is needed to establish the CryptoAuth session and make the InterfaceController
// merge the endpoints.
if (i > 0) {
// Reverse the bits to reverse the path:
uint64_t path;
Bits_memcpyConst(&path, message->bytes, 8);
path = Bits_bitReverse64(path);
Bits_memcpyConst(message->bytes, &path, 8);
printf("sending back response.\n");
routerIf->receiveMessage(message, routerIf);
printf("forwarding response to external cryptoAuth.\n");
iface.receiveMessage(message, &iface);
printf("forwarded.\n");
} else {
printf("not responding because we don't want to establish a connection yet.\n");
}
}
// check everything except the label
Assert_true(!CString_strcmp((char*)hexBuffer+16, "0000000068656c6c6f20776f726c6400"));
// check label: make sure the interface has been switched back into position 0.
uint64_t label_be;
Hex_decode((uint8_t*) &label_be, 8, hexBuffer, 16);
uint64_t rev_label = Bits_bitReverse64(Endian_bigEndianToHost64(label_be));
// check label is decoded to 0
Assert_true(0 == NumberCompress_getDecompressed(rev_label,
NumberCompress_bitsUsedForLabel(rev_label)));
// check no other bits are set
uint64_t out = NumberCompress_getCompressed(0, NumberCompress_bitsUsedForLabel(rev_label));
Assert_true(rev_label == out);
return 0;
}
static void udpConnectTo(String* connectToAddress,
Dict* config,
struct UDPInterface* udpContext,
struct Context* ctx)
{
String* password = Dict_getString(config, BSTR("password"));
int64_t* authType = Dict_getInt(config, BSTR("authType"));
String* publicKey = Dict_getString(config, BSTR("publicKey"));
int64_t* trust = Dict_getInt(config, BSTR("trust"));
#define FAIL_IF_NULL(cannotBeNull, fieldName) \
if (!cannotBeNull) { \
fprintf(stderr, \
"interfaces.UDPInterface['%s']." fieldName " is not set, " \
"this field is mandatory.\n", \
connectToAddress->bytes); \
exit(-1); \
}
FAIL_IF_NULL(password, "password")
FAIL_IF_NULL(authType, "authType")
FAIL_IF_NULL(publicKey, "publicKey")
FAIL_IF_NULL(trust, "trust")
#undef FAIL_IF_NULL
#define CHECK_RANGE(number, min, max) \
if (number < min || number > max) { \
fprintf(stderr, \
"interfaces.UDPInterface['%s'].number must be between min and max\n", \
connectToAddress->bytes); \
exit(-1); \
}
CHECK_RANGE(*authType, 1, 255)
CHECK_RANGE(*trust, 0, INT64_MAX)
#undef CHECK_RANGE
uint8_t pkBytes[32];
if (publicKey->len < 52 || Base32_decode(pkBytes, 32, (uint8_t*)publicKey->bytes, 52) != 32) {
fprintf(stderr,
"interfaces.UDPInterface['%s'].publicKey could not be parsed.\n",
connectToAddress->bytes);
exit(-1);
}
uint8_t addressBytes[16];
AddressCalc_addressForPublicKey(addressBytes, pkBytes);
if (addressBytes[0] != 0xFC) {
fprintf(stderr,
"interfaces.UDPInterface['%s'].publicKey\n( %s )\nis not in FC00/8 range, "
"it was probably mistranscribed.\n",
connectToAddress->bytes,
publicKey->bytes);
exit(-1);
}
struct Interface* udp =
UDPInterface_addEndpoint(udpContext, connectToAddress->bytes, ctx->eHandler);
struct Interface* authedUdp = CryptoAuth_wrapInterface(udp, pkBytes, false, true, ctx->ca);
CryptoAuth_setAuth(password, *authType, authedUdp);
uint64_t switchAddr_be;
SwitchCore_addInterface(authedUdp, *trust, &switchAddr_be, ctx->switchCore);
struct Address addr;
memset(&addr, 0, sizeof(struct Address));
memcpy(addr.key, pkBytes, 32);
addr.networkAddress_be = switchAddr_be;
RouterModule_addNode(&addr, ctx->routerModule);
}
int InterfaceController_registerPeer(struct InterfaceController* ifController,
uint8_t herPublicKey[32],
String* password,
bool requireAuth,
bool isIncomingConnection,
struct Interface* externalInterface)
{
// This function is overridden by some tests...
if (ifController->registerPeer) {
return ifController->registerPeer(ifController, herPublicKey, password, requireAuth,
isIncomingConnection, externalInterface);
}
struct InterfaceController_pvt* ic =
Identity_check((struct InterfaceController_pvt*) ifController);
if (Map_OfIFCPeerByExernalIf_indexForKey(&externalInterface, &ic->peerMap) > -1) {
return 0;
}
Log_debug(ic->logger, "registerPeer [%p] total [%u]",
(void*)externalInterface, ic->peerMap.count);
uint8_t ip6[16];
if (herPublicKey) {
AddressCalc_addressForPublicKey(ip6, herPublicKey);
if (!AddressCalc_validAddress(ip6)) {
return InterfaceController_registerPeer_BAD_KEY;
}
if (!Bits_memcmp(ic->ca->publicKey, herPublicKey, 32)) {
// can't link with yourself, wiseguy
return InterfaceController_registerPeer_BAD_KEY;
}
} else {
Assert_true(requireAuth);
}
struct Allocator* epAllocator = externalInterface->allocator;
struct InterfaceController_Peer* ep =
Allocator_calloc(epAllocator, sizeof(struct InterfaceController_Peer), 1);
ep->bytesOut = 0;
ep->bytesIn = 0;
ep->external = externalInterface;
int setIndex = Map_OfIFCPeerByExernalIf_put(&externalInterface, &ep, &ic->peerMap);
ep->handle = ic->peerMap.handles[setIndex];
Identity_set(ep);
Allocator_onFree(epAllocator, closeInterface, ep);
// If the other end need needs to supply a valid password to connect
// we will set the connection state to UNAUTHENTICATED so that if the
// packet is invalid, the connection will be dropped right away.
if (requireAuth) {
ep->state = InterfaceController_PeerState_UNAUTHENTICATED;
}
ep->cryptoAuthIf = CryptoAuth_wrapInterface(externalInterface,
herPublicKey,
NULL,
requireAuth,
"outer",
ic->ca);
ep->cryptoAuthIf->receiveMessage = receivedAfterCryptoAuth;
ep->cryptoAuthIf->receiverContext = ep;
// Always use authType 1 until something else comes along, then we'll have to refactor.
if (password) {
CryptoAuth_setAuth(password, 1, ep->cryptoAuthIf);
}
ep->isIncomingConnection = isIncomingConnection;
Bits_memcpyConst(&ep->switchIf, (&(struct Interface) {
.sendMessage = sendFromSwitch,
// ifcontrollerForPeer uses this.
// sendFromSwitch relies on the fact that the
// switchIf is the same memory location as the Peer.
.senderContext = ic,
.allocator = epAllocator
}), sizeof(struct Interface));
int InterfaceController_bootstrapPeer(struct InterfaceController* ifc,
int interfaceNumber,
uint8_t* herPublicKey,
const struct Sockaddr* lladdrParm,
String* password,
String* login,
String* user,
struct Allocator* alloc)
{
struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
Assert_true(herPublicKey);
Assert_true(password);
struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, interfaceNumber);
if (!ici) {
return InterfaceController_bootstrapPeer_BAD_IFNUM;
}
Log_debug(ic->logger, "bootstrapPeer total [%u]", ici->peerMap.count);
uint8_t ip6[16];
AddressCalc_addressForPublicKey(ip6, herPublicKey);
if (!AddressCalc_validAddress(ip6) || !Bits_memcmp(ic->ca->publicKey, herPublicKey, 32)) {
return InterfaceController_bootstrapPeer_BAD_KEY;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
struct Sockaddr* lladdr = Sockaddr_clone(lladdrParm, epAlloc);
// TODO(cjd): eps are created in 3 places, there should be a factory function.
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
Assert_true(index >= 0);
ep->alloc = epAlloc;
ep->handle = ici->peerMap.handles[index];
ep->lladdr = lladdr;
ep->ici = ici;
ep->isIncomingConnection = false;
Bits_memcpy(ep->addr.key, herPublicKey, 32);
Address_getPrefix(&ep->addr);
Identity_set(ep);
Allocator_onFree(epAlloc, closeInterface, ep);
Allocator_onFree(alloc, freeAlloc, epAlloc);
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, herPublicKey, false, "outer");
CryptoAuth_setAuth(password, login, ep->caSession);
if (user) {
ep->caSession->displayName = String_clone(user, epAlloc);
}
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "bootstrapPeer() SwitchCore out of space");
Allocator_free(epAlloc);
return InterfaceController_bootstrapPeer_OUT_OF_SPACE;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
if (Defined(Log_INFO)) {
struct Allocator* tempAlloc = Allocator_child(alloc);
String* addrStr = Address_toString(&ep->addr, tempAlloc);
Log_info(ic->logger, "Adding peer [%s] from bootstrapPeer()", addrStr->bytes);
Allocator_free(tempAlloc);
}
// We can't just add the node directly to the routing table because we do not know
// the version. We'll send it a switch ping and when it responds, we will know it's
// key (if we don't already) and version number.
sendPing(ep);
return 0;
}
/**
* Expects [ struct LLAddress ][ beacon ]
*/
static Iface_DEFUN handleBeacon(struct Message* msg, struct InterfaceController_Iface_pvt* ici)
{
struct InterfaceController_pvt* ic = ici->ic;
if (!ici->beaconState) {
// accepting beacons disabled.
Log_debug(ic->logger, "[%s] Dropping beacon because beaconing is disabled",
ici->name->bytes);
return NULL;
}
if (msg->length < Headers_Beacon_SIZE) {
Log_debug(ic->logger, "[%s] Dropping runt beacon", ici->name->bytes);
return NULL;
}
struct Sockaddr* lladdrInmsg = (struct Sockaddr*) msg->bytes;
// clear the bcast flag
lladdrInmsg->flags = 0;
Message_shift(msg, -lladdrInmsg->addrLen, NULL);
struct Headers_Beacon beacon;
Message_pop(msg, &beacon, Headers_Beacon_SIZE, NULL);
if (Defined(Log_DEBUG)) {
char* content = Hex_print(&beacon, Headers_Beacon_SIZE, msg->alloc);
Log_debug(ici->ic->logger, "RECV BEACON CONTENT[%s]", content);
}
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpy(addr.key, beacon.publicKey, 32);
addr.protocolVersion = Endian_bigEndianToHost32(beacon.version_be);
Address_getPrefix(&addr);
String* printedAddr = NULL;
if (Defined(Log_DEBUG)) {
printedAddr = Address_toString(&addr, msg->alloc);
}
if (addr.ip6.bytes[0] != 0xfc || !Bits_memcmp(ic->ca->publicKey, addr.key, 32)) {
Log_debug(ic->logger, "handleBeacon invalid key [%s]", printedAddr->bytes);
return NULL;
}
if (!Version_isCompatible(addr.protocolVersion, Version_CURRENT_PROTOCOL)) {
if (Defined(Log_DEBUG)) {
Log_debug(ic->logger, "[%s] DROP beacon from [%s] which was version [%d] "
"our version is [%d] making them incompatable", ici->name->bytes,
printedAddr->bytes, addr.protocolVersion, Version_CURRENT_PROTOCOL);
}
return NULL;
}
String* beaconPass = String_newBinary(beacon.password, Headers_Beacon_PASSWORD_LEN, msg->alloc);
int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdrInmsg, &ici->peerMap);
if (epIndex > -1) {
// The password might have changed!
struct Peer* ep = ici->peerMap.values[epIndex];
CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
return NULL;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
struct Sockaddr* lladdr = Sockaddr_clone(lladdrInmsg, epAlloc);
ep->alloc = epAlloc;
ep->ici = ici;
ep->lladdr = lladdr;
int setIndex = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
ep->handle = ici->peerMap.handles[setIndex];
ep->isIncomingConnection = true;
Bits_memcpy(&ep->addr, &addr, sizeof(struct Address));
Identity_set(ep);
Allocator_onFree(epAlloc, closeInterface, ep);
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, beacon.publicKey, false, "outer");
CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "handleBeacon() SwitchCore out of space");
Allocator_free(epAlloc);
return NULL;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
Log_info(ic->logger, "Added peer [%s] from beacon",
Address_toString(&ep->addr, msg->alloc)->bytes);
// This should be safe because this is an outgoing request and we're sure the node will not
// be relocated by moveEndpointIfNeeded()
sendPeer(0xffffffff, PFChan_Core_PEER, ep);
return NULL;
}
static int registerPeer(struct InterfaceController* ifController,
uint8_t herPublicKey[32],
String* password,
bool requireAuth,
bool transient,
struct Interface* externalInterface)
{
struct Context* ic = Identity_cast((struct Context*) ifController);
Log_debug(ic->logger, "registerPeer [%p] total [%u]",
(void*)externalInterface, ic->peerMap.count);
if (Map_OfIFCPeerByExernalIf_indexForKey(&externalInterface, &ic->peerMap) > -1) {
Log_debug(ic->logger, "Skipping registerPeer [%p] because peer is already registered",
(void*)externalInterface);
return 0;
}
uint8_t ip6[16];
if (herPublicKey) {
AddressCalc_addressForPublicKey(ip6, herPublicKey);
if (!AddressCalc_validAddress(ip6)) {
return InterfaceController_registerPeer_BAD_KEY;
}
}
struct Allocator* epAllocator = externalInterface->allocator;
struct IFCPeer* ep = Allocator_calloc(epAllocator, sizeof(struct IFCPeer), 1);
ep->external = externalInterface;
int setIndex = Map_OfIFCPeerByExernalIf_put(&externalInterface, &ep, &ic->peerMap);
ep->handle = ic->peerMap.handles[setIndex];
Identity_set(ep);
Allocator_onFree(epAllocator, closeInterface, ep);
// If the other end need not supply a valid password to connect
// we will set the connection state to HANDSHAKE because we don't
// want the connection to be trashed after the first invalid packet.
if (!requireAuth) {
ep->state = InterfaceController_PeerState_HANDSHAKE;
}
ep->cryptoAuthIf =
CryptoAuth_wrapInterface(externalInterface, herPublicKey, requireAuth, true, ic->ca);
ep->cryptoAuthIf->receiveMessage = receivedAfterCryptoAuth;
ep->cryptoAuthIf->receiverContext = ep;
// Always use authType 1 until something else comes along, then we'll have to refactor.
if (password) {
CryptoAuth_setAuth(password, 1, ep->cryptoAuthIf);
}
ep->transient = transient;
Bits_memcpyConst(&ep->switchIf, (&(struct Interface) {
.sendMessage = sendFromSwitch,
// ifcontrollerForPeer uses this.
// sendFromSwitch relies on the fact that the
// switchIf is the same memory location as the Peer.
.senderContext = ic,
.allocator = epAllocator
}), sizeof(struct Interface));
static void encryptRndNonceTest()
{
uint8_t buff[44];
Bits_memset(buff, 0, 44);
uint8_t nonce[24];
Bits_memset(nonce, 0, 24);
uint8_t secret[32];
Bits_memset(secret, 0, 32);
struct Message m = { .bytes=&buff[32], .length=HELLOWORLDLEN, .padding=32};
CString_strcpy((char*) m.bytes, HELLOWORLDLOWER);
CryptoAuth_encryptRndNonce(nonce, &m, secret);
uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc";
uint8_t output[57];
Hex_encode(output, 57, m.bytes, m.length);
printf("\n%s\n%s\n", (char*) expected, (char*) output);
Assert_true(!Bits_memcmp(expected, output, 56));
Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret));
Assert_true(m.length == HELLOWORLDLEN && !Bits_memcmp(m.bytes, HELLOWORLDLOWER, m.length));
}
static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger)
{
struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc, NULL);
return Random_newWithSeed(alloc, logger, evilSeed, NULL);
}
struct Context
{
struct Allocator* alloc;
struct CryptoAuth* ca;
struct CryptoAuth_Session* sess;
struct Log* log;
struct EventBase* base;
};
static struct Context* setUp(uint8_t* myPrivateKey,
uint8_t* herPublicKey,
uint8_t* authPassword,
struct Allocator* alloc)
{
struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1);
struct Log* log = ctx->log = FileWriterLog_new(stdout, alloc);
struct EventBase* base = ctx->base = EventBase_new(alloc);
struct CryptoAuth* ca = ctx->ca =
CryptoAuth_new(alloc, myPrivateKey, base, log, evilRandom(alloc, log));
struct CryptoAuth_Session* sess = ctx->sess =
CryptoAuth_newSession(ca, alloc, herPublicKey, NULL, false, Gcc_FILE);
if (authPassword) {
CryptoAuth_setAuth(String_CONST(authPassword), NULL, sess);
}
return ctx;
}
static void testHello(uint8_t* password, uint8_t* expectedOutput)
{
Assert_true(CString_strlen((char*)expectedOutput) == 264);
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Context* ctx = setUp(NULL, HERPUBKEY, password, alloc);
struct Message* msg = Message_new(0, CryptoHeader_SIZE + 12, alloc);
Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL);
Assert_true(!CryptoAuth_encrypt(ctx->sess, msg));
char* actual = Hex_print(msg->bytes, msg->length, alloc);
if (CString_strcmp(actual, expectedOutput)) {
Assert_failure("Test failed.\n"
"Expected %s\n"
" Got %s\n", expectedOutput, actual);
}
Allocator_free(alloc);
}