static void cryptoAuth(struct Context* ctx) { Log_info(ctx->log, "Setting up salsa20/poly1305 benchmark (encryption and decryption only)"); struct Allocator* alloc = Allocator_child(ctx->alloc); struct CryptoAuth* ca1 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand); struct CryptoAuth* ca2 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand); struct CryptoAuth_Session* sess1 = CryptoAuth_newSession(ca1, alloc, ca2->publicKey, NULL, false, "bench"); struct CryptoAuth_Session* sess2 = CryptoAuth_newSession(ca2, alloc, ca1->publicKey, NULL, false, "bench"); int size = 1500; int count = 100000; struct Message* msg = Message_new(size, 256, alloc); Random_bytes(ctx->rand, msg->bytes, msg->length); // setup session for (int i = 0; i < 2; i++) { Assert_true(!CryptoAuth_encrypt(sess1, msg)); Assert_true(!CryptoAuth_decrypt(sess2, msg)); Assert_true(!CryptoAuth_encrypt(sess2, msg)); Assert_true(!CryptoAuth_decrypt(sess1, msg)); } begin(ctx, "salsa20/poly1305", (count * size * 8) / 1024, "kilobits"); for (int i = 0; i < count; i++) { Assert_true(!CryptoAuth_encrypt(sess1, msg)); Assert_true(!CryptoAuth_decrypt(sess2, msg)); } done(ctx); Allocator_free(alloc); }
struct NetCore* NetCore_new(uint8_t* privateKey, struct Allocator* allocator, struct EventBase* base, struct Random* rand, struct Log* log) { struct Allocator* alloc = Allocator_child(allocator); struct NetCore* nc = Allocator_calloc(alloc, sizeof(struct NetCore), 1); nc->alloc = alloc; nc->base = base; nc->rand = rand; nc->log = log; struct CryptoAuth* ca = nc->ca = CryptoAuth_new(alloc, privateKey, base, log, rand); struct EventEmitter* ee = nc->ee = EventEmitter_new(alloc, log, ca->publicKey); struct Address* myAddress = nc->myAddress = Allocator_calloc(alloc, sizeof(struct Address), 1); Bits_memcpy(myAddress->key, ca->publicKey, 32); Address_getPrefix(myAddress); myAddress->protocolVersion = Version_CURRENT_PROTOCOL; myAddress->path = 1; // lower half struct SwitchCore* switchCore = nc->switchCore = SwitchCore_new(log, alloc, base); struct SwitchAdapter* switchAdapter = nc->switchAdapter = SwitchAdapter_new(alloc, log); Iface_plumb(&switchAdapter->switchIf, switchCore->routerIf); struct ControlHandler* controlHandler = nc->controlHandler = ControlHandler_new(alloc, log, ee, ca->publicKey); Iface_plumb(&controlHandler->coreIf, &switchAdapter->controlIf); struct SwitchPinger* sp = nc->sp = SwitchPinger_new(base, rand, log, myAddress, alloc); Iface_plumb(&controlHandler->switchPingerIf, &sp->controlHandlerIf); nc->ifController = InterfaceController_new(ca, switchCore, log, base, sp, rand, alloc, ee); // session manager struct SessionManager* sm = nc->sm = SessionManager_new(alloc, base, ca, rand, log, ee); Iface_plumb(&switchAdapter->sessionManagerIf, &sm->switchIf); // upper half struct UpperDistributor* upper = nc->upper = UpperDistributor_new(alloc, log, ee, myAddress); Iface_plumb(&sm->insideIf, &upper->sessionManagerIf); struct TUNAdapter* tunAdapt = nc->tunAdapt = TUNAdapter_new(alloc, log, myAddress->ip6.bytes); Iface_plumb(&tunAdapt->upperDistributorIf, &upper->tunAdapterIf); return nc; }
static void encryptRndNonceTest() { uint8_t buff[44]; Bits_memset(buff, 0, 44); uint8_t nonce[24]; Bits_memset(nonce, 0, 24); uint8_t secret[32]; Bits_memset(secret, 0, 32); struct Message m = { .bytes=&buff[32], .length=12, .padding=32}; CString_strcpy((char*) m.bytes, "hello world"); CryptoAuth_encryptRndNonce(nonce, &m, secret); uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc"; uint8_t output[57]; Hex_encode(output, 57, m.bytes, m.length); //printf("\n%s\n%s\n", (char*) expected, (char*) output); Assert_true(!Bits_memcmp(expected, output, 56)); Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret)); Assert_true(m.length == 12 && !Bits_memcmp(m.bytes, "hello world", m.length)); } static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger) { struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc); return Random_newWithSeed(alloc, logger, evilSeed, NULL); } static void createNew() { struct Allocator* allocator = MallocAllocator_new(BUFFER_SIZE); struct CryptoAuth* ca = CryptoAuth_new(allocator, privateKey, eventBase, NULL, evilRandom(allocator, NULL)); /*for (int i = 0; i < 32; i++) { printf("%.2x", ca->publicKey[i]); }*/ Assert_true(Bits_memcmp(ca->publicKey, publicKey, 32) == 0); Allocator_free(allocator); } static uint8_t receiveMessage(struct Message* message, struct Interface* iface) { Message_pop(message, NULL, 4, NULL); *((struct Message**)iface->receiverContext) = message; return Error_NONE; }
static struct CryptoAuth_Wrapper* setUp(uint8_t* myPrivateKey, uint8_t* herPublicKey, uint8_t* authPassword, struct Message** resultMessage) { struct Allocator* allocator = MallocAllocator_new(8192*2); struct Writer* writer = FileWriter_new(stdout, allocator); struct Log* logger = WriterLog_new(writer, allocator); struct CryptoAuth* ca = CryptoAuth_new(allocator, myPrivateKey, eventBase, logger, evilRandom(allocator, logger)); struct Interface* iface = Allocator_clone(allocator, (&(struct Interface) { .sendMessage = sendMessage, .senderContext = resultMessage }));
struct CryptoAuth_Wrapper* setUp(uint8_t* myPrivateKey, uint8_t* herPublicKey, uint8_t* authPassword, struct Message** resultMessage) { struct Allocator* allocator = MallocAllocator_new(8192*2); struct Log* logger = allocator->malloc(sizeof(struct Log), allocator); logger->writer = FileWriter_new(stdout, allocator); struct CryptoAuth* ca = CryptoAuth_new(NULL, allocator, myPrivateKey, eventBase, logger); struct Interface* iface = allocator->clone(sizeof(struct Interface), allocator, &(struct Interface) { .sendMessage = sendMessage, .senderContext = resultMessage });
void CryptoAuth_benchmark(struct EventBase* base, struct Log* logger, struct Allocator* alloc) { struct Random* rand = Random_new(alloc, logger, NULL); struct Context ctx = { .ca1 = CryptoAuth_new(alloc, NULL, base, NULL, rand), .ca2 = CryptoAuth_new(alloc, privateKey, base, NULL, rand), .if1 = { .sendMessage = transferMessage, .senderContext = &ctx.if2, .allocator = alloc }, .if2 = { .sendMessage = transferMessage, .senderContext = &ctx.if1, .allocator = alloc }, .base = base
struct Ducttape* Ducttape_register(uint8_t privateKey[32], struct DHTModuleRegistry* registry, struct RouterModule* routerModule, struct SwitchCore* switchCore, struct EventBase* eventBase, struct Allocator* allocator, struct Log* logger, struct IpTunnel* ipTun, struct Random* rand) { struct Ducttape_pvt* context = Allocator_calloc(allocator, sizeof(struct Ducttape_pvt), 1); context->registry = registry; context->routerModule = routerModule; context->logger = logger; context->eventBase = eventBase; context->alloc = allocator; Identity_set(context); context->ipTunnel = ipTun; ipTun->nodeInterface.receiveMessage = sendToNode; ipTun->nodeInterface.receiverContext = context; ipTun->tunInterface.receiveMessage = sendToTun; ipTun->tunInterface.receiverContext = context; struct CryptoAuth* cryptoAuth = CryptoAuth_new(allocator, privateKey, eventBase, logger, rand); Bits_memcpyConst(context->myAddr.key, cryptoAuth->publicKey, 32); Address_getPrefix(&context->myAddr); context->sm = SessionManager_new(incomingFromCryptoAuth, outgoingFromCryptoAuth, context, eventBase, cryptoAuth, allocator); context->pub.sessionManager = context->sm; Bits_memcpyConst(&context->module, (&(struct DHTModule) { .name = "Ducttape", .context = context, .handleOutgoing = handleOutgoing }), sizeof(struct DHTModule));
static int init(const uint8_t* privateKey, uint8_t* publicKey, const uint8_t* password) { printf("\nSetting up:\n"); struct Allocator* allocator = MallocAllocator_new(1048576); textBuff = Allocator_malloc(allocator, BUFFER_SIZE); struct Writer* logwriter = FileWriter_new(stdout, allocator); struct Log* logger = WriterLog_new(logwriter, allocator); struct Random* rand = Random_new(allocator, logger, NULL); struct EventBase* base = EventBase_new(allocator); ca1 = CryptoAuth_new(allocator, NULL, base, logger, rand); if1 = Allocator_clone(allocator, (&(struct Interface) { .sendMessage = sendMessageToIf2, .receiveMessage = recvMessageOnIf2, .allocator = allocator }));
int main() { struct Allocator* alloc = MallocAllocator_new(1<<20); struct Writer* logwriter = FileWriter_new(stdout, alloc); struct Log* logger = &(struct Log) { .writer = logwriter }; struct event_base* eventBase = event_base_new(); struct CryptoAuth* ca = CryptoAuth_new(NULL, alloc, NULL, eventBase, logger); uint8_t publicKey[32]; CryptoAuth_getPublicKey(publicKey, ca); CryptoAuth_addUser(String_CONST("passwd"), 1, (void*)0x01, ca); struct SwitchCore* switchCore = SwitchCore_new(logger, alloc); struct Message* message; struct Interface iface = { .sendMessage = messageFromInterface, .senderContext = &message, .allocator = alloc }; SwitchCore_setRouterInterface(&iface, switchCore); // These are unused. struct DHTModuleRegistry* registry = DHTModuleRegistry_new(alloc); struct RouterModule* rm = RouterModule_register(registry, alloc, publicKey, eventBase, logger, NULL); struct InterfaceController* ifController = DefaultInterfaceController_new(ca, switchCore, rm, logger, eventBase, NULL, alloc); //////////////////////// return reconnectionNewEndpointTest(ifController, publicKey, &message, alloc, eventBase, logger, &iface); }
struct Ducttape* Ducttape_register(Dict* config, uint8_t privateKey[32], struct DHTModuleRegistry* registry, struct RouterModule* routerModule, struct Interface* routerIf, struct SwitchCore* switchCore, struct event_base* eventBase, struct Allocator* allocator, struct Log* logger, struct Admin* admin) { struct Ducttape* context = allocator->calloc(sizeof(struct Ducttape), 1, allocator); context->registry = registry; context->routerModule = routerModule; context->logger = logger; context->forwardTo = NULL; AddressMapper_init(&context->addrMap); struct CryptoAuth* cryptoAuth = CryptoAuth_new(config, allocator, privateKey, eventBase, logger); CryptoAuth_getPublicKey(context->myAddr.key, cryptoAuth); Address_getPrefix(&context->myAddr); context->sm = SessionManager_new(16, incomingFromCryptoAuth, outgoingFromCryptoAuth, context, eventBase, cryptoAuth, allocator); if (routerIf) { context->routerIf = routerIf; routerIf->receiveMessage = ip6FromTun; routerIf->receiverContext = context; } Bits_memcpyConst(&context->module, (&(struct DHTModule) { .name = "Ducttape", .context = context, .handleOutgoing = handleOutgoing }), sizeof(struct DHTModule));
void encryptRndNonceTest() { uint8_t buff[44]; memset(buff, 0, 44); uint8_t nonce[24]; memset(nonce, 0, 24); uint8_t secret[32]; memset(secret, 0, 32); struct Message m = { .bytes=&buff[32], .length=12, .padding=32}; strcpy((char*) m.bytes, "hello world"); Exports_encryptRndNonce(nonce, &m, secret); uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc"; uint8_t output[57]; Hex_encode(output, 57, m.bytes, m.length); //printf("\n%s\n%s\n", (char*) expected, (char*) output); Assert_always(!memcmp(expected, output, 56)); Assert_always(!Exports_decryptRndNonce(nonce, &m, secret)); Assert_always(m.length == 12 && !memcmp(m.bytes, "hello world", m.length)); } void createNew() { uint8_t buff[BUFFER_SIZE]; struct Allocator* allocator = BufferAllocator_new(buff, BUFFER_SIZE); struct CryptoAuth* ca = CryptoAuth_new(allocator, privateKey, eventBase, NULL); /*for (int i = 0; i < 32; i++) { printf("%.2x", ca->publicKey[i]); }*/ Assert_always(memcmp(ca->publicKey, publicKey, 32) == 0); }
static void testGetUsers() { struct Allocator* allocator = MallocAllocator_new(1<<20); struct EventBase* base = EventBase_new(allocator); struct CryptoAuth* ca = CryptoAuth_new(allocator, NULL, base, NULL, evilRandom(allocator, NULL)); List* users = NULL; users = CryptoAuth_getUsers(ca, allocator); Assert_true(List_size(users) == 0); CryptoAuth_addUser(String_CONST("pass1"), String_CONST("user1"), ca); users = CryptoAuth_getUsers(ca, allocator); Assert_true(List_size(users) == 1); Assert_true(String_equals(String_CONST("user1"), List_getString(users,0))); CryptoAuth_addUser(String_CONST("pass2"), String_CONST("user2"), ca); users = CryptoAuth_getUsers(ca, allocator); Assert_true(List_size(users) == 2); Assert_true(String_equals(String_CONST("user2"),List_getString(users,0))); Assert_true(String_equals(String_CONST("user1"),List_getString(users,1))); Allocator_free(allocator); }
/* * This process is started with 2 parameters, they must all be numeric in base 10. * toAngel the pipe which is used to send data back to the angel process. * fromAngel the pipe which is used to read incoming data from the angel. * * Upon initialization, this process will wait for an initial configuration to be sent to * it and then it will send an initial response. */ int Core_main(int argc, char** argv) { struct Except* eh = NULL; int toAngel; int fromAngel; if (argc != 4 || !(toAngel = atoi(argv[2])) || !(fromAngel = atoi(argv[3]))) { Except_raise(eh, -1, "This is internal to cjdns and shouldn't started manually."); } struct Allocator* alloc = MallocAllocator_new(ALLOCATOR_FAILSAFE); struct EventBase* eventBase = EventBase_new(alloc); struct Random* rand = Random_new(alloc, eh); // -------------------- Setup the Pre-Logger ---------------------- // struct Writer* logWriter = FileWriter_new(stdout, alloc); struct Log* preLogger = WriterLog_new(logWriter, alloc); struct IndirectLog* indirectLogger = IndirectLog_new(alloc); indirectLogger->wrappedLog = preLogger; struct Log* logger = &indirectLogger->pub; // The first read inside of getInitialConfig() will begin it waiting. struct PipeInterface* pi = PipeInterface_new(fromAngel, toAngel, eventBase, logger, alloc, rand); Dict* config = getInitialConfig(&pi->generic, eventBase, alloc, eh); String* privateKeyHex = Dict_getString(config, String_CONST("privateKey")); Dict* adminConf = Dict_getDict(config, String_CONST("admin")); String* pass = Dict_getString(adminConf, String_CONST("pass")); if (!pass || !privateKeyHex) { Except_raise(eh, -1, "Expected 'pass' and 'privateKey' in configuration."); } Log_keys(logger, "Starting core with admin password [%s]", pass->bytes); uint8_t privateKey[32]; if (privateKeyHex->len != 64 || Hex_decode(privateKey, 32, (uint8_t*) privateKeyHex->bytes, 64) != 32) { Except_raise(eh, -1, "privateKey must be 64 bytes of hex."); } struct Admin* admin = Admin_new(&pi->generic, alloc, logger, eventBase, pass); Dict adminResponse = Dict_CONST(String_CONST("error"), String_OBJ(String_CONST("none")), NULL); Admin_sendMessageToAngel(&adminResponse, admin); // --------------------- Setup the Logger --------------------- // // the prelogger will nolonger be used. struct Log* adminLogger = AdminLog_registerNew(admin, alloc, rand); indirectLogger->wrappedLog = adminLogger; logger = adminLogger; // CryptoAuth struct Address addr; parsePrivateKey(privateKey, &addr, eh); struct CryptoAuth* cryptoAuth = CryptoAuth_new(alloc, privateKey, eventBase, logger, rand); struct SwitchCore* switchCore = SwitchCore_new(logger, alloc); struct DHTModuleRegistry* registry = DHTModuleRegistry_new(alloc); ReplyModule_register(registry, alloc); // Router struct RouterModule* router = RouterModule_register(registry, alloc, addr.key, eventBase, logger, admin, rand); SerializationModule_register(registry, logger, alloc); struct IpTunnel* ipTun = IpTunnel_new(logger, eventBase, alloc, rand); struct Ducttape* dt = Ducttape_register(privateKey, registry, router, switchCore, eventBase, alloc, logger, admin, ipTun, rand); struct SwitchPinger* sp = SwitchPinger_new(&dt->switchPingerIf, eventBase, logger, alloc); // Interfaces. struct InterfaceController* ifController = DefaultInterfaceController_new(cryptoAuth, switchCore, router, logger, eventBase, sp, alloc); // ------------------- Register RPC functions ----------------------- // SwitchPinger_admin_register(sp, admin, alloc); UDPInterface_admin_register(eventBase, alloc, logger, admin, ifController); #ifdef HAS_ETH_INTERFACE ETHInterface_admin_register(eventBase, alloc, logger, admin, ifController); #endif RouterModule_admin_register(router, admin, alloc); AuthorizedPasswords_init(admin, cryptoAuth, alloc); Admin_registerFunction("ping", adminPing, admin, false, NULL, admin); Admin_registerFunction("Core_exit", adminExit, logger, true, NULL, admin); Core_admin_register(addr.ip6.bytes, dt, logger, alloc, admin, eventBase); Security_admin_register(alloc, logger, admin); IpTunnel_admin_register(ipTun, admin, alloc); struct MemoryContext* mc = alloc->clone(sizeof(struct MemoryContext), alloc, &(struct MemoryContext) { .allocator = alloc, .admin = admin });
/* * This process is started with 2 parameters, they must all be numeric in base 10. * toAngel the pipe which is used to send data back to the angel process. * fromAngel the pipe which is used to read incoming data from the angel. * * Upon initialization, this process will wait for an initial configuration to be sent to * it and then it will send an initial response. */ int Core_main(int argc, char** argv) { struct Except* eh = NULL; if (argc != 3) { Except_raise(eh, -1, "This is internal to cjdns and shouldn't started manually."); } struct Allocator* alloc = MallocAllocator_new(ALLOCATOR_FAILSAFE); struct Log* preLogger = FileWriterLog_new(stderr, alloc); struct EventBase* eventBase = EventBase_new(alloc); // -------------------- Setup the Pre-Logger ---------------------- // struct Log* logger = IndirectLog_new(alloc); IndirectLog_set(logger, preLogger); // -------------------- Setup the PRNG ---------------------- // struct Random* rand = LibuvEntropyProvider_newDefaultRandom(eventBase, logger, eh, alloc); // -------------------- Change Canary Value ---------------------- // MallocAllocator_setCanary(alloc, (long)Random_int64(rand)); struct Allocator* tempAlloc = Allocator_child(alloc); // The first read inside of getInitialConfig() will begin it waiting. struct Pipe* angelPipe = Pipe_named(argv[2], eventBase, eh, alloc); angelPipe->logger = logger; angelPipe->onClose = angelDied; struct Interface* angelIface = FramingInterface_new(65535, &angelPipe->iface, alloc); Dict* config = getInitialConfig(angelIface, eventBase, tempAlloc, eh); struct Hermes* hermes = Hermes_new(angelIface, eventBase, logger, alloc); String* privateKeyHex = Dict_getString(config, String_CONST("privateKey")); Dict* adminConf = Dict_getDict(config, String_CONST("admin")); String* pass = Dict_getString(adminConf, String_CONST("pass")); String* bind = Dict_getString(adminConf, String_CONST("bind")); if (!(pass && privateKeyHex && bind)) { if (!pass) { Except_raise(eh, -1, "Expected 'pass'"); } if (!bind) { Except_raise(eh, -1, "Expected 'bind'"); } if (!privateKeyHex) { Except_raise(eh, -1, "Expected 'privateKey'"); } Except_raise(eh, -1, "Expected 'pass', 'privateKey' and 'bind' in configuration."); } Log_keys(logger, "Starting core with admin password [%s]", pass->bytes); uint8_t privateKey[32]; if (privateKeyHex->len != 64 || Hex_decode(privateKey, 32, (uint8_t*) privateKeyHex->bytes, 64) != 32) { Except_raise(eh, -1, "privateKey must be 64 bytes of hex."); } struct Sockaddr_storage bindAddr; if (Sockaddr_parse(bind->bytes, &bindAddr)) { Except_raise(eh, -1, "bind address [%s] unparsable", bind->bytes); } struct AddrInterface* udpAdmin = UDPAddrInterface_new(eventBase, &bindAddr.addr, alloc, eh, logger); struct Admin* admin = Admin_new(udpAdmin, alloc, logger, eventBase, pass); char* boundAddr = Sockaddr_print(udpAdmin->addr, tempAlloc); Dict adminResponse = Dict_CONST( String_CONST("bind"), String_OBJ(String_CONST(boundAddr)), NULL ); Dict response = Dict_CONST( String_CONST("error"), String_OBJ(String_CONST("none")), Dict_CONST( String_CONST("admin"), Dict_OBJ(&adminResponse), NULL )); // This always times out because the angel doesn't respond. Hermes_callAngel(&response, angelResponse, NULL, alloc, eh, hermes); // --------------------- Setup the Logger --------------------- // Dict* logging = Dict_getDict(config, String_CONST("logging")); String* logTo = Dict_getString(logging, String_CONST("logTo")); if (logTo && String_equals(logTo, String_CONST("stdout"))) { // do nothing, continue logging to stdout. } else { struct Log* adminLogger = AdminLog_registerNew(admin, alloc, rand); IndirectLog_set(logger, adminLogger); logger = adminLogger; } // CryptoAuth struct Address addr; parsePrivateKey(privateKey, &addr, eh); struct CryptoAuth* cryptoAuth = CryptoAuth_new(alloc, privateKey, eventBase, logger, rand); struct Sockaddr* myAddr = Sockaddr_fromBytes(addr.ip6.bytes, Sockaddr_AF_INET6, alloc); struct SwitchCore* switchCore = SwitchCore_new(logger, alloc); struct DHTModuleRegistry* registry = DHTModuleRegistry_new(alloc); ReplyModule_register(registry, alloc); // Router struct RouterModule* router = RouterModule_register(registry, alloc, addr.key, eventBase, logger, admin, rand); SerializationModule_register(registry, logger, alloc); struct IpTunnel* ipTun = IpTunnel_new(logger, eventBase, alloc, rand, hermes); struct Ducttape* dt = Ducttape_register(privateKey, registry, router, switchCore, eventBase, alloc, logger, admin, ipTun, rand); struct SwitchPinger* sp = SwitchPinger_new(&dt->switchPingerIf, eventBase, logger, alloc); // Interfaces. struct InterfaceController* ifController = DefaultInterfaceController_new(cryptoAuth, switchCore, router, logger, eventBase, sp, rand, alloc); // ------------------- Register RPC functions ----------------------- // SwitchPinger_admin_register(sp, admin, alloc); UDPInterface_admin_register(eventBase, alloc, logger, admin, ifController); #ifdef HAS_ETH_INTERFACE ETHInterface_admin_register(eventBase, alloc, logger, admin, ifController); #endif RouterModule_admin_register(router, admin, alloc); AuthorizedPasswords_init(admin, cryptoAuth, alloc); Admin_registerFunction("ping", adminPing, admin, false, NULL, admin); Core_admin_register(myAddr, dt, logger, ipTun, alloc, admin, eventBase); Security_admin_register(alloc, logger, admin); IpTunnel_admin_register(ipTun, admin, alloc); struct Context* ctx = Allocator_clone(alloc, (&(struct Context) { .allocator = alloc, .admin = admin, .logger = logger, .hermes = hermes }));
struct TestFramework* TestFramework_setUp(char* privateKey, struct Allocator* allocator, struct Log* logger) { if (!logger) { struct Writer* logwriter = FileWriter_new(stdout, allocator); logger = WriterLog_new(logwriter, allocator); } struct Random* rand = Random_new(allocator, logger, NULL); struct EventBase* base = EventBase_new(allocator); uint64_t pks[4]; if (!privateKey) { Random_longs(rand, pks, 4); privateKey = (char*)pks; } uint8_t* publicKey = Allocator_malloc(allocator, 32); crypto_scalarmult_curve25519_base(publicKey, (uint8_t*)privateKey); struct Address* myAddress = Allocator_calloc(allocator, sizeof(struct Address), 1); Bits_memcpyConst(myAddress->key, publicKey, 32); AddressCalc_addressForPublicKey(myAddress->ip6.bytes, publicKey); struct SwitchCore* switchCore = SwitchCore_new(logger, allocator); struct CryptoAuth* ca = CryptoAuth_new(allocator, (uint8_t*)privateKey, base, logger, rand); struct DHTModuleRegistry* registry = DHTModuleRegistry_new(allocator); ReplyModule_register(registry, allocator); struct NodeStore* nodeStore = NodeStore_new(myAddress, 128, allocator, logger, rand); struct RouterModule* routerModule = RouterModule_register(registry, allocator, publicKey, base, logger, rand, nodeStore); struct SearchRunner* searchRunner = SearchRunner_new(nodeStore, logger, base, routerModule, myAddress->ip6.bytes, allocator); SerializationModule_register(registry, logger, allocator); struct IpTunnel* ipTun = IpTunnel_new(logger, base, allocator, rand, NULL); struct Ducttape* dt = Ducttape_register((uint8_t*)privateKey, registry, routerModule, searchRunner, switchCore, base, allocator, logger, ipTun, rand); struct SwitchPinger* sp = SwitchPinger_new(&dt->switchPingerIf, base, rand, logger, allocator); // Interfaces. struct InterfaceController* ifController = DefaultInterfaceController_new(ca, switchCore, routerModule, logger, base, sp, rand, allocator); struct TestFramework* tf = Allocator_clone(allocator, (&(struct TestFramework) { .alloc = allocator, .rand = rand, .eventBase = base, .logger = logger, .switchCore = switchCore, .ducttape = dt, .cryptoAuth = ca, .router = routerModule, .switchPinger = sp, .ifController = ifController, .publicKey = publicKey, .ip = myAddress->ip6.bytes }));
int main(int argc, char** argv) { #ifdef Log_KEYS fprintf(stderr, "Log_LEVEL = KEYS, EXPECT TO SEE PRIVATE KEYS IN YOUR LOGS!\n"); #endif Crypto_init(); assert(argc > 0); if (argc == 1) { // no arguments if (isatty(STDIN_FILENO)) { // We were started from a terminal // The chances an user wants to type in a configuration // bij hand are pretty slim so we show him the usage return usage(argv[0]); } else { // We assume stdin is a configuration file and that we should // start routing } } if (argc == 2) { // one argument if (strcmp(argv[1], "--help") == 0) { return usage(argv[0]); } else if (strcmp(argv[1], "--genconf") == 0) { return genconf(); } else if (strcmp(argv[1], "--getcmds") == 0) { // Performed after reading the configuration } else if (strcmp(argv[1], "--pidfile") == 0) { // Performed after reading the configuration } else { fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[1]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); return -1; } } if (argc > 2) { // more than one argument? fprintf(stderr, "%s: too many arguments\n", argv[0]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); return -1; } struct Context context; memset(&context, 0, sizeof(struct Context)); context.base = event_base_new(); // Allow it to allocate 4MB context.allocator = MallocAllocator_new(1<<22); struct Reader* reader = FileReader_new(stdin, context.allocator); Dict config; if (JsonBencSerializer_get()->parseDictionary(reader, context.allocator, &config)) { fprintf(stderr, "Failed to parse configuration.\n"); return -1; } if (argc == 2 && strcmp(argv[1], "--getcmds") == 0) { return getcmds(&config); } if (argc == 2 && strcmp(argv[1], "--pidfile") == 0) { pidfile(&config); return 0; } char* user = setUser(Dict_getList(&config, BSTR("security"))); // Admin Dict* adminConf = Dict_getDict(&config, BSTR("admin")); if (adminConf) { admin(adminConf, user, &context); } // Logging struct Writer* logwriter = FileWriter_new(stdout, context.allocator); struct Log logger = { .writer = logwriter }; context.logger = &logger; struct Address myAddr; uint8_t privateKey[32]; parsePrivateKey(&config, &myAddr, privateKey); context.eHandler = AbortHandler_INSTANCE; context.switchCore = SwitchCore_new(context.logger, context.allocator); context.ca = CryptoAuth_new(&config, context.allocator, privateKey, context.base, context.logger); context.registry = DHTModules_new(context.allocator); ReplyModule_register(context.registry, context.allocator); // Router Dict* routerConf = Dict_getDict(&config, BSTR("router")); registerRouter(routerConf, myAddr.key, &context); SerializationModule_register(context.registry, context.allocator); // Authed passwords. List* authedPasswords = Dict_getList(&config, BSTR("authorizedPasswords")); if (authedPasswords) { authorizedPasswords(authedPasswords, &context); } // Interfaces. Dict* interfaces = Dict_getDict(&config, BSTR("interfaces")); Dict* udpConf = Dict_getDict(interfaces, BSTR("UDPInterface")); if (udpConf) { configureUDP(udpConf, &context); } if (udpConf == NULL) { fprintf(stderr, "No interfaces configured to connect to.\n"); return -1; } // pid file String* pidFile = Dict_getString(&config, BSTR("pidFile")); if (pidFile) { Log_info1(context.logger, "Writing pid of process to [%s].\n", pidFile->bytes); FILE* pf = fopen(pidFile->bytes, "w"); if (!pf) { Log_critical2(context.logger, "Failed to open pid file [%s] for writing, errno=%d\n", pidFile->bytes, errno); return -1; } fprintf(pf, "%d", getpid()); fclose(pf); } Ducttape_register(&config, privateKey, context.registry, context.routerModule, context.routerIf, context.switchCore, context.base, context.allocator, context.logger); uint8_t address[53]; Base32_encode(address, 53, myAddr.key, 32); Log_info1(context.logger, "Your address is: %s.k\n", address); uint8_t myIp[40]; Address_printIp(myIp, &myAddr); Log_info1(context.logger, "Your IPv6 address is: %s\n", myIp); // Security. security(Dict_getList(&config, BSTR("security")), context.logger, context.eHandler); event_base_loop(context.base, 0); // Never reached. return 0; }
static int reconnectionNewEndpointTest(struct InterfaceController* ifController, uint8_t* pk, struct Message** fromSwitchPtr, struct Allocator* alloc, struct EventBase* eventBase, struct Log* logger, struct Interface* routerIf, struct Random* rand) { struct Message* message; struct Interface iface = { .sendMessage = messageFromInterface, .senderContext = &message, .allocator = alloc }; uint8_t* buffer = Allocator_malloc(alloc, 512); struct Message* outgoing = &(struct Message) { .length = 0, .padding = 512, .bytes = buffer + 512 }; struct CryptoAuth* externalCa = CryptoAuth_new(alloc, NULL, eventBase, logger, rand); struct Interface* wrapped = CryptoAuth_wrapInterface(&iface, pk, NULL, false, "", externalCa); CryptoAuth_setAuth(String_CONST("passwd"), 1, wrapped); struct Interface icIface = { .allocator = alloc, .sendMessage = messageFromInterface, .senderContext = &message }; InterfaceController_registerPeer(ifController, NULL, NULL, true, false, &icIface); uint8_t hexBuffer[1025]; for (int i = 0; i < 4; i++) { outgoing->length = 0; outgoing->padding = 512; outgoing->bytes = buffer + 512; Message_shift(outgoing, 12, NULL); Bits_memcpyConst(outgoing->bytes, "hello world", 12); Message_shift(outgoing, SwitchHeader_SIZE, NULL); Bits_memcpyConst(outgoing->bytes, (&(struct SwitchHeader) { .label_be = Endian_hostToBigEndian64(1), .lowBits_be = 0 }), SwitchHeader_SIZE); wrapped->sendMessage(outgoing, wrapped); *fromSwitchPtr = NULL; icIface.receiveMessage(outgoing, &icIface); message = *fromSwitchPtr; Assert_true(message); Assert_true(message->length == 24); Hex_encode(hexBuffer, 1025, message->bytes, message->length); printf("%s\n", hexBuffer); // Need to bounce the packets back when connecting after the first try. // This is needed to establish the CryptoAuth session and make the InterfaceController // merge the endpoints. if (i > 0) { // Reverse the bits to reverse the path: uint64_t path; Bits_memcpyConst(&path, message->bytes, 8); path = Bits_bitReverse64(path); Bits_memcpyConst(message->bytes, &path, 8); printf("sending back response.\n"); routerIf->receiveMessage(message, routerIf); printf("forwarding response to external cryptoAuth.\n"); iface.receiveMessage(message, &iface); printf("forwarded.\n"); } else { printf("not responding because we don't want to establish a connection yet.\n"); } } // check everything except the label Assert_true(!CString_strcmp((char*)hexBuffer+16, "0000000068656c6c6f20776f726c6400")); // check label: make sure the interface has been switched back into position 0. uint64_t label_be; Hex_decode((uint8_t*) &label_be, 8, hexBuffer, 16); uint64_t rev_label = Bits_bitReverse64(Endian_bigEndianToHost64(label_be)); // check label is decoded to 0 Assert_true(0 == NumberCompress_getDecompressed(rev_label, NumberCompress_bitsUsedForLabel(rev_label))); // check no other bits are set uint64_t out = NumberCompress_getCompressed(0, NumberCompress_bitsUsedForLabel(rev_label)); Assert_true(rev_label == out); return 0; }
int main(int argc, char** argv) { #ifdef Log_KEYS fprintf(stderr, "Log_LEVEL = KEYS, EXPECT TO SEE PRIVATE KEYS IN YOUR LOGS!\n"); #endif Crypto_init(); Assert_true(argc > 0); if (argc == 2) { // one argument if (strcmp(argv[1], "--help") == 0) { return usage(argv[0]); } else if (strcmp(argv[1], "--genconf") == 0) { return genconf(); } else if (strcmp(argv[1], "--pidfile") == 0) { // Performed after reading the configuration } else if (strcmp(argv[1], "--reconf") == 0) { // Performed after reading the configuration } else if (strcmp(argv[1], "--bench") == 0) { return benchmark(); } else if (strcmp(argv[1], "--version") == 0) { printf("Version ID: %s\n", RouterModule_gitVersion()); return 0; } else { fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[1]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); return -1; } } else if (argc > 2) { // more than one argument? fprintf(stderr, "%s: too many arguments\n", argv[0]); fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]); return -1; } if (isatty(STDIN_FILENO)) { // We were started from a terminal // The chances an user wants to type in a configuration // bij hand are pretty slim so we show him the usage return usage(argv[0]); } else { // We assume stdin is a configuration file and that we should // start routing } struct event_base* eventBase = event_base_new(); // Allow it to allocate 4MB struct Allocator* allocator = MallocAllocator_new(1<<22); struct Reader* reader = FileReader_new(stdin, allocator); Dict config; if (JsonBencSerializer_get()->parseDictionary(reader, allocator, &config)) { fprintf(stderr, "Failed to parse configuration.\n"); return -1; } // Logging. struct Writer* logwriter = FileWriter_new(stdout, allocator); struct Log* logger = &(struct Log) { .writer = logwriter }; // pid file String* pidFile = Dict_getString(&config, String_CONST("pidFile")); if (pidFile) { if (argc == 2 && strcmp(argv[1], "--pidfile") == 0) { printf("%s", pidFile->bytes); return 0; } Log_info(logger, "Writing pid of process to [%s].\n", pidFile->bytes); FILE* pf = fopen(pidFile->bytes, "w"); if (!pf) { Log_critical(logger, "Failed to open pid file [%s] for writing, errno=%d\n", pidFile->bytes, errno); return -1; } fprintf(pf, "%d", (int) getpid()); fclose(pf); } // re-configure if (argc == 2 && strcmp(argv[1], "--reconf") == 0) { reconf(eventBase, &config, logger, allocator); return 0; } // ca, needed for admin. struct Address myAddr; uint8_t privateKey[32]; parsePrivateKey(&config, &myAddr, privateKey); struct CryptoAuth* cryptoAuth = CryptoAuth_new(&config, allocator, privateKey, eventBase, logger); // Admin char* user = setUser(Dict_getList(&config, String_CONST("security"))); struct Admin* admin = newAdmin(&config, user, logger, eventBase, allocator); struct SwitchCore* switchCore = SwitchCore_new(logger, allocator); struct DHTModuleRegistry* registry = DHTModuleRegistry_new(allocator); ReplyModule_register(registry, allocator); // Router struct Interface* routerIf = NULL; Dict* routerConf = Dict_getDict(&config, String_CONST("router")); Dict* iface = Dict_getDict(routerConf, String_CONST("interface")); if (String_equals(Dict_getString(iface, String_CONST("type")), String_CONST("TUNInterface"))) { String* ifName = Dict_getString(iface, String_CONST("tunDevice")); char assignedTunName[TUNConfigurator_IFNAMSIZ]; void* tunPtr = TUNConfigurator_initTun(((ifName) ? ifName->bytes : NULL), assignedTunName, logger, AbortHandler_INSTANCE); struct Jmp jmp; Jmp_try(jmp) { TUNConfigurator_setIpAddress( assignedTunName, myAddr.ip6.bytes, 8, logger, &jmp.handler); } Jmp_catch { Log_warn(logger, "Unable to configure ip address [%s]", jmp.message); } struct TUNInterface* tun = TUNInterface_new(tunPtr, eventBase, allocator); routerIf = &tun->iface; }
struct Log* logger = WriterLog_new(logwriter, allocator); struct Random* rand = Random_new(allocator, logger, NULL); struct EventBase* base = EventBase_new(allocator); ca1 = CryptoAuth_new(allocator, NULL, base, logger, rand); if1 = Allocator_clone(allocator, (&(struct Interface) { .sendMessage = sendMessageToIf2, .receiveMessage = recvMessageOnIf2, .allocator = allocator })); cif1 = CryptoAuth_wrapInterface(if1, publicKey, false, false, ca1); cif1->receiveMessage = recvMessageOnIf1; ca2 = CryptoAuth_new(allocator, privateKey, base, logger, rand); if (password) { String passStr = {.bytes=(char*)password,.len=strlen((char*)password)}; CryptoAuth_setAuth(&passStr, 1, cif1); CryptoAuth_addUser(&passStr, 1, userObj, ca2); } if2 = Allocator_clone(allocator, (&(struct Interface) { .sendMessage = sendMessageToIf1, .allocator = allocator })); cif2 = CryptoAuth_wrapInterface(if2, NULL, false, authenticatePackets, ca2); cif2->receiveMessage = recvMessageOnIf2; return 0; }
static void encryptRndNonceTest() { uint8_t buff[44]; Bits_memset(buff, 0, 44); uint8_t nonce[24]; Bits_memset(nonce, 0, 24); uint8_t secret[32]; Bits_memset(secret, 0, 32); struct Message m = { .bytes=&buff[32], .length=HELLOWORLDLEN, .padding=32}; CString_strcpy((char*) m.bytes, HELLOWORLDLOWER); CryptoAuth_encryptRndNonce(nonce, &m, secret); uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc"; uint8_t output[57]; Hex_encode(output, 57, m.bytes, m.length); printf("\n%s\n%s\n", (char*) expected, (char*) output); Assert_true(!Bits_memcmp(expected, output, 56)); Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret)); Assert_true(m.length == HELLOWORLDLEN && !Bits_memcmp(m.bytes, HELLOWORLDLOWER, m.length)); } static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger) { struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc, NULL); return Random_newWithSeed(alloc, logger, evilSeed, NULL); } struct Context { struct Allocator* alloc; struct CryptoAuth* ca; struct CryptoAuth_Session* sess; struct Log* log; struct EventBase* base; }; static struct Context* setUp(uint8_t* myPrivateKey, uint8_t* herPublicKey, uint8_t* authPassword, struct Allocator* alloc) { struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1); struct Log* log = ctx->log = FileWriterLog_new(stdout, alloc); struct EventBase* base = ctx->base = EventBase_new(alloc); struct CryptoAuth* ca = ctx->ca = CryptoAuth_new(alloc, myPrivateKey, base, log, evilRandom(alloc, log)); struct CryptoAuth_Session* sess = ctx->sess = CryptoAuth_newSession(ca, alloc, herPublicKey, NULL, false, Gcc_FILE); if (authPassword) { CryptoAuth_setAuth(String_CONST(authPassword), NULL, sess); } return ctx; } static void testHello(uint8_t* password, uint8_t* expectedOutput) { Assert_true(CString_strlen((char*)expectedOutput) == 264); struct Allocator* alloc = MallocAllocator_new(1<<20); struct Context* ctx = setUp(NULL, HERPUBKEY, password, alloc); struct Message* msg = Message_new(0, CryptoHeader_SIZE + 12, alloc); Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL); Assert_true(!CryptoAuth_encrypt(ctx->sess, msg)); char* actual = Hex_print(msg->bytes, msg->length, alloc); if (CString_strcmp(actual, expectedOutput)) { Assert_failure("Test failed.\n" "Expected %s\n" " Got %s\n", expectedOutput, actual); } Allocator_free(alloc); }