// This is directly called from SwitchCore, message is not encrypted.
static Iface_DEFUN sendFromSwitch(struct Message* msg, struct Iface* switchIf)
{
struct Peer* ep = Identity_check((struct Peer*) switchIf);
ep->bytesOut += msg->length;
int msgs = PeerLink_send(msg, ep->peerLink);
for (int i = 0; i < msgs; i++) {
msg = PeerLink_poll(ep->peerLink);
Assert_true(!CryptoAuth_encrypt(ep->caSession, msg));
Assert_true(!(((uintptr_t)msg->bytes) % 4) && "alignment fault");
// push the lladdr...
Message_push(msg, ep->lladdr, ep->lladdr->addrLen, NULL);
// very noisy
if (Defined(Log_DEBUG) && false) {
char* printedAddr =
Hex_print(&ep->lladdr[1], ep->lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc);
Log_debug(ep->ici->ic->logger, "Outgoing message to [%s]", printedAddr);
}
Iface_send(&ep->ici->pub.addrIf, msg);
}
return NULL;
}
static void sendBeacon(struct InterfaceController_Iface_pvt* ici, struct Allocator* tempAlloc)
{
if (ici->beaconState < InterfaceController_beaconState_newState_SEND) {
Log_debug(ici->ic->logger, "sendBeacon(%s) -> beaconing disabled", ici->name->bytes);
return;
}
Log_debug(ici->ic->logger, "sendBeacon(%s)", ici->name->bytes);
struct Message* msg = Message_new(0, 128, tempAlloc);
Message_push(msg, &ici->ic->beacon, Headers_Beacon_SIZE, NULL);
if (Defined(Log_DEBUG)) {
char* content = Hex_print(msg->bytes, msg->length, tempAlloc);
Log_debug(ici->ic->logger, "SEND BEACON CONTENT[%s]", content);
}
struct Sockaddr sa = {
.addrLen = Sockaddr_OVERHEAD,
.flags = Sockaddr_flags_BCAST
};
Message_push(msg, &sa, Sockaddr_OVERHEAD, NULL);
Iface_send(&ici->pub.addrIf, msg);
}
static void repeatHello()
{
uint8_t* expectedOutput =
"0000000101641c99f7719f5700000000a693a9fd3f0e27e81ab1100b57b37259"
"4c2adca8671f1fdd050383c91e7d56ec2336c09739fa8e91d8dc5bec63e8fad0"
"74bee22a90642a6ba8555be84c5e35970c5270e8f31f2a5978e0fbdee4542882"
"97568f25a3fc2801aa707d954c78eccb970bcc8cb26867e9dbf0c9d6ef1b3f27"
"24e7e550";
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Context* ctx = setUp(NULL, HERPUBKEY, "password", alloc);
struct Message* msg = Message_new(0, CryptoHeader_SIZE + HELLOWORLDLEN, alloc);
Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL);
Assert_true(!CryptoAuth_encrypt(ctx->sess, msg));
Message_reset(msg);
Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL);
Assert_true(!CryptoAuth_encrypt(ctx->sess, msg));
char* actual = Hex_print(msg->bytes, msg->length, alloc);
if (CString_strcmp(actual, expectedOutput)) {
Assert_failure("Test failed.\n"
"Expected %s\n"
" Got %s\n", expectedOutput, actual);
}
Allocator_free(alloc);
}
static void nodeInfo(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
{
struct Context* const ctx = Identity_check((struct Context*) vcontext);
String* myAddr = Address_toString(ctx->nc->myAddress, requestAlloc);
String* schemeStr = EncodingScheme_serialize(ctx->encodingScheme, requestAlloc);
List* schemeList = EncodingScheme_asList(ctx->encodingScheme, requestAlloc);
Dict* out = Dict_new(requestAlloc);
Dict_putStringC(out, "myAddr", myAddr, requestAlloc);
char* schemeHex = Hex_print(schemeStr->bytes, schemeStr->len, requestAlloc);
Dict_putStringCC(out, "compressedSchemeHex", schemeHex, requestAlloc);
Dict_putListC(out, "encodingScheme", schemeList, requestAlloc);
Dict_putIntC(out, "version", Version_CURRENT_PROTOCOL, requestAlloc);
Dict_putStringCC(out, "error", "none", requestAlloc);
Admin_sendMessage(out, txid, ctx->admin);
}
static Iface_DEFUN handleIncomingFromWire(struct Message* msg, struct Iface* addrIf)
{
struct InterfaceController_Iface_pvt* ici =
Identity_containerOf(addrIf, struct InterfaceController_Iface_pvt, pub.addrIf);
struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes;
if (msg->length < Sockaddr_OVERHEAD || msg->length < lladdr->addrLen) {
Log_debug(ici->ic->logger, "DROP runt");
return NULL;
}
Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault");
Assert_true(!((uintptr_t)lladdr->addrLen % 4) && "alignment fault");
// noisy
if (Defined(Log_DEBUG) && false) {
char* printedAddr = Hex_print(&lladdr[1], lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc);
Log_debug(ici->ic->logger, "Incoming message from [%s]", printedAddr);
}
if (lladdr->flags & Sockaddr_flags_BCAST) {
return handleBeacon(msg, ici);
}
int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap);
if (epIndex == -1) {
return handleUnexpectedIncoming(msg, ici);
}
struct Peer* ep = Identity_check((struct Peer*) ici->peerMap.values[epIndex]);
Message_shift(msg, -lladdr->addrLen, NULL);
CryptoAuth_resetIfTimeout(ep->caSession);
if (CryptoAuth_decrypt(ep->caSession, msg)) {
return NULL;
}
PeerLink_recv(msg, ep->peerLink);
return receivedPostCryptoAuth(msg, ep, ici->ic);
}
/**
* Expects [ struct LLAddress ][ beacon ]
*/
static Iface_DEFUN handleBeacon(struct Message* msg, struct InterfaceController_Iface_pvt* ici)
{
struct InterfaceController_pvt* ic = ici->ic;
if (!ici->beaconState) {
// accepting beacons disabled.
Log_debug(ic->logger, "[%s] Dropping beacon because beaconing is disabled",
ici->name->bytes);
return NULL;
}
if (msg->length < Headers_Beacon_SIZE) {
Log_debug(ic->logger, "[%s] Dropping runt beacon", ici->name->bytes);
return NULL;
}
struct Sockaddr* lladdrInmsg = (struct Sockaddr*) msg->bytes;
// clear the bcast flag
lladdrInmsg->flags = 0;
Message_shift(msg, -lladdrInmsg->addrLen, NULL);
struct Headers_Beacon beacon;
Message_pop(msg, &beacon, Headers_Beacon_SIZE, NULL);
if (Defined(Log_DEBUG)) {
char* content = Hex_print(&beacon, Headers_Beacon_SIZE, msg->alloc);
Log_debug(ici->ic->logger, "RECV BEACON CONTENT[%s]", content);
}
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpy(addr.key, beacon.publicKey, 32);
addr.protocolVersion = Endian_bigEndianToHost32(beacon.version_be);
Address_getPrefix(&addr);
String* printedAddr = NULL;
if (Defined(Log_DEBUG)) {
printedAddr = Address_toString(&addr, msg->alloc);
}
if (addr.ip6.bytes[0] != 0xfc || !Bits_memcmp(ic->ca->publicKey, addr.key, 32)) {
Log_debug(ic->logger, "handleBeacon invalid key [%s]", printedAddr->bytes);
return NULL;
}
if (!Version_isCompatible(addr.protocolVersion, Version_CURRENT_PROTOCOL)) {
if (Defined(Log_DEBUG)) {
Log_debug(ic->logger, "[%s] DROP beacon from [%s] which was version [%d] "
"our version is [%d] making them incompatable", ici->name->bytes,
printedAddr->bytes, addr.protocolVersion, Version_CURRENT_PROTOCOL);
}
return NULL;
}
String* beaconPass = String_newBinary(beacon.password, Headers_Beacon_PASSWORD_LEN, msg->alloc);
int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdrInmsg, &ici->peerMap);
if (epIndex > -1) {
// The password might have changed!
struct Peer* ep = ici->peerMap.values[epIndex];
CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
return NULL;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
struct Sockaddr* lladdr = Sockaddr_clone(lladdrInmsg, epAlloc);
ep->alloc = epAlloc;
ep->ici = ici;
ep->lladdr = lladdr;
int setIndex = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
ep->handle = ici->peerMap.handles[setIndex];
ep->isIncomingConnection = true;
Bits_memcpy(&ep->addr, &addr, sizeof(struct Address));
Identity_set(ep);
Allocator_onFree(epAlloc, closeInterface, ep);
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, beacon.publicKey, false, "outer");
CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "handleBeacon() SwitchCore out of space");
Allocator_free(epAlloc);
return NULL;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
Log_info(ic->logger, "Added peer [%s] from beacon",
Address_toString(&ep->addr, msg->alloc)->bytes);
// This should be safe because this is an outgoing request and we're sure the node will not
// be relocated by moveEndpointIfNeeded()
sendPeer(0xffffffff, PFChan_Core_PEER, ep);
return NULL;
}
static void encryptRndNonceTest()
{
uint8_t buff[44];
Bits_memset(buff, 0, 44);
uint8_t nonce[24];
Bits_memset(nonce, 0, 24);
uint8_t secret[32];
Bits_memset(secret, 0, 32);
struct Message m = { .bytes=&buff[32], .length=HELLOWORLDLEN, .padding=32};
CString_strcpy((char*) m.bytes, HELLOWORLDLOWER);
CryptoAuth_encryptRndNonce(nonce, &m, secret);
uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc";
uint8_t output[57];
Hex_encode(output, 57, m.bytes, m.length);
printf("\n%s\n%s\n", (char*) expected, (char*) output);
Assert_true(!Bits_memcmp(expected, output, 56));
Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret));
Assert_true(m.length == HELLOWORLDLEN && !Bits_memcmp(m.bytes, HELLOWORLDLOWER, m.length));
}
static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger)
{
struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc, NULL);
return Random_newWithSeed(alloc, logger, evilSeed, NULL);
}
struct Context
{
struct Allocator* alloc;
struct CryptoAuth* ca;
struct CryptoAuth_Session* sess;
struct Log* log;
struct EventBase* base;
};
static struct Context* setUp(uint8_t* myPrivateKey,
uint8_t* herPublicKey,
uint8_t* authPassword,
struct Allocator* alloc)
{
struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1);
struct Log* log = ctx->log = FileWriterLog_new(stdout, alloc);
struct EventBase* base = ctx->base = EventBase_new(alloc);
struct CryptoAuth* ca = ctx->ca =
CryptoAuth_new(alloc, myPrivateKey, base, log, evilRandom(alloc, log));
struct CryptoAuth_Session* sess = ctx->sess =
CryptoAuth_newSession(ca, alloc, herPublicKey, NULL, false, Gcc_FILE);
if (authPassword) {
CryptoAuth_setAuth(String_CONST(authPassword), NULL, sess);
}
return ctx;
}
static void testHello(uint8_t* password, uint8_t* expectedOutput)
{
Assert_true(CString_strlen((char*)expectedOutput) == 264);
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Context* ctx = setUp(NULL, HERPUBKEY, password, alloc);
struct Message* msg = Message_new(0, CryptoHeader_SIZE + 12, alloc);
Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL);
Assert_true(!CryptoAuth_encrypt(ctx->sess, msg));
char* actual = Hex_print(msg->bytes, msg->length, alloc);
if (CString_strcmp(actual, expectedOutput)) {
Assert_failure("Test failed.\n"
"Expected %s\n"
" Got %s\n", expectedOutput, actual);
}
Allocator_free(alloc);
}
