static void cryptoAuth(struct Context* ctx)
{
Log_info(ctx->log, "Setting up salsa20/poly1305 benchmark (encryption and decryption only)");
struct Allocator* alloc = Allocator_child(ctx->alloc);
struct CryptoAuth* ca1 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand);
struct CryptoAuth* ca2 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand);
struct CryptoAuth_Session* sess1 =
CryptoAuth_newSession(ca1, alloc, ca2->publicKey, NULL, false, "bench");
struct CryptoAuth_Session* sess2 =
CryptoAuth_newSession(ca2, alloc, ca1->publicKey, NULL, false, "bench");
int size = 1500;
int count = 100000;
struct Message* msg = Message_new(size, 256, alloc);
Random_bytes(ctx->rand, msg->bytes, msg->length);
// setup session
for (int i = 0; i < 2; i++) {
Assert_true(!CryptoAuth_encrypt(sess1, msg));
Assert_true(!CryptoAuth_decrypt(sess2, msg));
Assert_true(!CryptoAuth_encrypt(sess2, msg));
Assert_true(!CryptoAuth_decrypt(sess1, msg));
}
begin(ctx, "salsa20/poly1305", (count * size * 8) / 1024, "kilobits");
for (int i = 0; i < count; i++) {
Assert_true(!CryptoAuth_encrypt(sess1, msg));
Assert_true(!CryptoAuth_decrypt(sess2, msg));
}
done(ctx);
Allocator_free(alloc);
}
/**
* Incoming message from someone we don't know, maybe someone responding to a beacon?
* expects: [ struct LLAddress ][ content ]
*/
static Iface_DEFUN handleUnexpectedIncoming(struct Message* msg,
struct InterfaceController_Iface_pvt* ici)
{
struct InterfaceController_pvt* ic = ici->ic;
struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes;
Message_shift(msg, -lladdr->addrLen, NULL);
if (msg->length < CryptoHeader_SIZE) {
return NULL;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
lladdr = Sockaddr_clone(lladdr, epAlloc);
Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault");
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
Identity_set(ep);
ep->alloc = epAlloc;
ep->ici = ici;
ep->lladdr = lladdr;
ep->alloc = epAlloc;
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
struct CryptoHeader* ch = (struct CryptoHeader*) msg->bytes;
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, ch->publicKey, true, "outer");
if (CryptoAuth_decrypt(ep->caSession, msg)) {
// If the first message is a dud, drop all state for this peer.
// probably some random crap that wandered in the socket.
Allocator_free(epAlloc);
return NULL;
}
Assert_true(!Bits_isZero(ep->caSession->herPublicKey, 32));
Assert_true(Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap) == -1);
int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
Assert_true(index >= 0);
ep->handle = ici->peerMap.handles[index];
Allocator_onFree(epAlloc, closeInterface, ep);
ep->state = InterfaceController_PeerState_UNAUTHENTICATED;
ep->isIncomingConnection = true;
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "handleUnexpectedIncoming() SwitchCore out of space");
Allocator_free(epAlloc);
return NULL;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
Bits_memcpy(ep->addr.key, ep->caSession->herPublicKey, 32);
Bits_memcpy(ep->addr.ip6.bytes, ep->caSession->herIp6, 16);
Log_info(ic->logger, "Added peer [%s] from incoming message",
Address_toString(&ep->addr, msg->alloc)->bytes);
return receivedPostCryptoAuth(msg, ep, ic);
}
int InterfaceController_bootstrapPeer(struct InterfaceController* ifc,
int interfaceNumber,
uint8_t* herPublicKey,
const struct Sockaddr* lladdrParm,
String* password,
String* login,
String* user,
struct Allocator* alloc)
{
struct InterfaceController_pvt* ic = Identity_check((struct InterfaceController_pvt*) ifc);
Assert_true(herPublicKey);
Assert_true(password);
struct InterfaceController_Iface_pvt* ici = ArrayList_OfIfaces_get(ic->icis, interfaceNumber);
if (!ici) {
return InterfaceController_bootstrapPeer_BAD_IFNUM;
}
Log_debug(ic->logger, "bootstrapPeer total [%u]", ici->peerMap.count);
uint8_t ip6[16];
AddressCalc_addressForPublicKey(ip6, herPublicKey);
if (!AddressCalc_validAddress(ip6) || !Bits_memcmp(ic->ca->publicKey, herPublicKey, 32)) {
return InterfaceController_bootstrapPeer_BAD_KEY;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
struct Sockaddr* lladdr = Sockaddr_clone(lladdrParm, epAlloc);
// TODO(cjd): eps are created in 3 places, there should be a factory function.
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
Assert_true(index >= 0);
ep->alloc = epAlloc;
ep->handle = ici->peerMap.handles[index];
ep->lladdr = lladdr;
ep->ici = ici;
ep->isIncomingConnection = false;
Bits_memcpy(ep->addr.key, herPublicKey, 32);
Address_getPrefix(&ep->addr);
Identity_set(ep);
Allocator_onFree(epAlloc, closeInterface, ep);
Allocator_onFree(alloc, freeAlloc, epAlloc);
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, herPublicKey, false, "outer");
CryptoAuth_setAuth(password, login, ep->caSession);
if (user) {
ep->caSession->displayName = String_clone(user, epAlloc);
}
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "bootstrapPeer() SwitchCore out of space");
Allocator_free(epAlloc);
return InterfaceController_bootstrapPeer_OUT_OF_SPACE;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
if (Defined(Log_INFO)) {
struct Allocator* tempAlloc = Allocator_child(alloc);
String* addrStr = Address_toString(&ep->addr, tempAlloc);
Log_info(ic->logger, "Adding peer [%s] from bootstrapPeer()", addrStr->bytes);
Allocator_free(tempAlloc);
}
// We can't just add the node directly to the routing table because we do not know
// the version. We'll send it a switch ping and when it responds, we will know it's
// key (if we don't already) and version number.
sendPing(ep);
return 0;
}
/**
* Expects [ struct LLAddress ][ beacon ]
*/
static Iface_DEFUN handleBeacon(struct Message* msg, struct InterfaceController_Iface_pvt* ici)
{
struct InterfaceController_pvt* ic = ici->ic;
if (!ici->beaconState) {
// accepting beacons disabled.
Log_debug(ic->logger, "[%s] Dropping beacon because beaconing is disabled",
ici->name->bytes);
return NULL;
}
if (msg->length < Headers_Beacon_SIZE) {
Log_debug(ic->logger, "[%s] Dropping runt beacon", ici->name->bytes);
return NULL;
}
struct Sockaddr* lladdrInmsg = (struct Sockaddr*) msg->bytes;
// clear the bcast flag
lladdrInmsg->flags = 0;
Message_shift(msg, -lladdrInmsg->addrLen, NULL);
struct Headers_Beacon beacon;
Message_pop(msg, &beacon, Headers_Beacon_SIZE, NULL);
if (Defined(Log_DEBUG)) {
char* content = Hex_print(&beacon, Headers_Beacon_SIZE, msg->alloc);
Log_debug(ici->ic->logger, "RECV BEACON CONTENT[%s]", content);
}
struct Address addr;
Bits_memset(&addr, 0, sizeof(struct Address));
Bits_memcpy(addr.key, beacon.publicKey, 32);
addr.protocolVersion = Endian_bigEndianToHost32(beacon.version_be);
Address_getPrefix(&addr);
String* printedAddr = NULL;
if (Defined(Log_DEBUG)) {
printedAddr = Address_toString(&addr, msg->alloc);
}
if (addr.ip6.bytes[0] != 0xfc || !Bits_memcmp(ic->ca->publicKey, addr.key, 32)) {
Log_debug(ic->logger, "handleBeacon invalid key [%s]", printedAddr->bytes);
return NULL;
}
if (!Version_isCompatible(addr.protocolVersion, Version_CURRENT_PROTOCOL)) {
if (Defined(Log_DEBUG)) {
Log_debug(ic->logger, "[%s] DROP beacon from [%s] which was version [%d] "
"our version is [%d] making them incompatable", ici->name->bytes,
printedAddr->bytes, addr.protocolVersion, Version_CURRENT_PROTOCOL);
}
return NULL;
}
String* beaconPass = String_newBinary(beacon.password, Headers_Beacon_PASSWORD_LEN, msg->alloc);
int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdrInmsg, &ici->peerMap);
if (epIndex > -1) {
// The password might have changed!
struct Peer* ep = ici->peerMap.values[epIndex];
CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
return NULL;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
struct Sockaddr* lladdr = Sockaddr_clone(lladdrInmsg, epAlloc);
ep->alloc = epAlloc;
ep->ici = ici;
ep->lladdr = lladdr;
int setIndex = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
ep->handle = ici->peerMap.handles[setIndex];
ep->isIncomingConnection = true;
Bits_memcpy(&ep->addr, &addr, sizeof(struct Address));
Identity_set(ep);
Allocator_onFree(epAlloc, closeInterface, ep);
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, beacon.publicKey, false, "outer");
CryptoAuth_setAuth(beaconPass, NULL, ep->caSession);
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "handleBeacon() SwitchCore out of space");
Allocator_free(epAlloc);
return NULL;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
Log_info(ic->logger, "Added peer [%s] from beacon",
Address_toString(&ep->addr, msg->alloc)->bytes);
// This should be safe because this is an outgoing request and we're sure the node will not
// be relocated by moveEndpointIfNeeded()
sendPeer(0xffffffff, PFChan_Core_PEER, ep);
return NULL;
}
static void encryptRndNonceTest()
{
uint8_t buff[44];
Bits_memset(buff, 0, 44);
uint8_t nonce[24];
Bits_memset(nonce, 0, 24);
uint8_t secret[32];
Bits_memset(secret, 0, 32);
struct Message m = { .bytes=&buff[32], .length=HELLOWORLDLEN, .padding=32};
CString_strcpy((char*) m.bytes, HELLOWORLDLOWER);
CryptoAuth_encryptRndNonce(nonce, &m, secret);
uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc";
uint8_t output[57];
Hex_encode(output, 57, m.bytes, m.length);
printf("\n%s\n%s\n", (char*) expected, (char*) output);
Assert_true(!Bits_memcmp(expected, output, 56));
Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret));
Assert_true(m.length == HELLOWORLDLEN && !Bits_memcmp(m.bytes, HELLOWORLDLOWER, m.length));
}
static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger)
{
struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc, NULL);
return Random_newWithSeed(alloc, logger, evilSeed, NULL);
}
struct Context
{
struct Allocator* alloc;
struct CryptoAuth* ca;
struct CryptoAuth_Session* sess;
struct Log* log;
struct EventBase* base;
};
static struct Context* setUp(uint8_t* myPrivateKey,
uint8_t* herPublicKey,
uint8_t* authPassword,
struct Allocator* alloc)
{
struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1);
struct Log* log = ctx->log = FileWriterLog_new(stdout, alloc);
struct EventBase* base = ctx->base = EventBase_new(alloc);
struct CryptoAuth* ca = ctx->ca =
CryptoAuth_new(alloc, myPrivateKey, base, log, evilRandom(alloc, log));
struct CryptoAuth_Session* sess = ctx->sess =
CryptoAuth_newSession(ca, alloc, herPublicKey, NULL, false, Gcc_FILE);
if (authPassword) {
CryptoAuth_setAuth(String_CONST(authPassword), NULL, sess);
}
return ctx;
}
static void testHello(uint8_t* password, uint8_t* expectedOutput)
{
Assert_true(CString_strlen((char*)expectedOutput) == 264);
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Context* ctx = setUp(NULL, HERPUBKEY, password, alloc);
struct Message* msg = Message_new(0, CryptoHeader_SIZE + 12, alloc);
Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL);
Assert_true(!CryptoAuth_encrypt(ctx->sess, msg));
char* actual = Hex_print(msg->bytes, msg->length, alloc);
if (CString_strcmp(actual, expectedOutput)) {
Assert_failure("Test failed.\n"
"Expected %s\n"
" Got %s\n", expectedOutput, actual);
}
Allocator_free(alloc);
}
