// This is directly called from SwitchCore, message is not encrypted. static Iface_DEFUN sendFromSwitch(struct Message* msg, struct Iface* switchIf) { struct Peer* ep = Identity_check((struct Peer*) switchIf); ep->bytesOut += msg->length; int msgs = PeerLink_send(msg, ep->peerLink); for (int i = 0; i < msgs; i++) { msg = PeerLink_poll(ep->peerLink); Assert_true(!CryptoAuth_encrypt(ep->caSession, msg)); Assert_true(!(((uintptr_t)msg->bytes) % 4) && "alignment fault"); // push the lladdr... Message_push(msg, ep->lladdr, ep->lladdr->addrLen, NULL); // very noisy if (Defined(Log_DEBUG) && false) { char* printedAddr = Hex_print(&ep->lladdr[1], ep->lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc); Log_debug(ep->ici->ic->logger, "Outgoing message to [%s]", printedAddr); } Iface_send(&ep->ici->pub.addrIf, msg); } return NULL; }
static void sendBeacon(struct InterfaceController_Iface_pvt* ici, struct Allocator* tempAlloc) { if (ici->beaconState < InterfaceController_beaconState_newState_SEND) { Log_debug(ici->ic->logger, "sendBeacon(%s) -> beaconing disabled", ici->name->bytes); return; } Log_debug(ici->ic->logger, "sendBeacon(%s)", ici->name->bytes); struct Message* msg = Message_new(0, 128, tempAlloc); Message_push(msg, &ici->ic->beacon, Headers_Beacon_SIZE, NULL); if (Defined(Log_DEBUG)) { char* content = Hex_print(msg->bytes, msg->length, tempAlloc); Log_debug(ici->ic->logger, "SEND BEACON CONTENT[%s]", content); } struct Sockaddr sa = { .addrLen = Sockaddr_OVERHEAD, .flags = Sockaddr_flags_BCAST }; Message_push(msg, &sa, Sockaddr_OVERHEAD, NULL); Iface_send(&ici->pub.addrIf, msg); }
static void repeatHello() { uint8_t* expectedOutput = "0000000101641c99f7719f5700000000a693a9fd3f0e27e81ab1100b57b37259" "4c2adca8671f1fdd050383c91e7d56ec2336c09739fa8e91d8dc5bec63e8fad0" "74bee22a90642a6ba8555be84c5e35970c5270e8f31f2a5978e0fbdee4542882" "97568f25a3fc2801aa707d954c78eccb970bcc8cb26867e9dbf0c9d6ef1b3f27" "24e7e550"; struct Allocator* alloc = MallocAllocator_new(1<<20); struct Context* ctx = setUp(NULL, HERPUBKEY, "password", alloc); struct Message* msg = Message_new(0, CryptoHeader_SIZE + HELLOWORLDLEN, alloc); Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL); Assert_true(!CryptoAuth_encrypt(ctx->sess, msg)); Message_reset(msg); Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL); Assert_true(!CryptoAuth_encrypt(ctx->sess, msg)); char* actual = Hex_print(msg->bytes, msg->length, alloc); if (CString_strcmp(actual, expectedOutput)) { Assert_failure("Test failed.\n" "Expected %s\n" " Got %s\n", expectedOutput, actual); } Allocator_free(alloc); }
static void nodeInfo(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc) { struct Context* const ctx = Identity_check((struct Context*) vcontext); String* myAddr = Address_toString(ctx->nc->myAddress, requestAlloc); String* schemeStr = EncodingScheme_serialize(ctx->encodingScheme, requestAlloc); List* schemeList = EncodingScheme_asList(ctx->encodingScheme, requestAlloc); Dict* out = Dict_new(requestAlloc); Dict_putStringC(out, "myAddr", myAddr, requestAlloc); char* schemeHex = Hex_print(schemeStr->bytes, schemeStr->len, requestAlloc); Dict_putStringCC(out, "compressedSchemeHex", schemeHex, requestAlloc); Dict_putListC(out, "encodingScheme", schemeList, requestAlloc); Dict_putIntC(out, "version", Version_CURRENT_PROTOCOL, requestAlloc); Dict_putStringCC(out, "error", "none", requestAlloc); Admin_sendMessage(out, txid, ctx->admin); }
static Iface_DEFUN handleIncomingFromWire(struct Message* msg, struct Iface* addrIf) { struct InterfaceController_Iface_pvt* ici = Identity_containerOf(addrIf, struct InterfaceController_Iface_pvt, pub.addrIf); struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes; if (msg->length < Sockaddr_OVERHEAD || msg->length < lladdr->addrLen) { Log_debug(ici->ic->logger, "DROP runt"); return NULL; } Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault"); Assert_true(!((uintptr_t)lladdr->addrLen % 4) && "alignment fault"); // noisy if (Defined(Log_DEBUG) && false) { char* printedAddr = Hex_print(&lladdr[1], lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc); Log_debug(ici->ic->logger, "Incoming message from [%s]", printedAddr); } if (lladdr->flags & Sockaddr_flags_BCAST) { return handleBeacon(msg, ici); } int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap); if (epIndex == -1) { return handleUnexpectedIncoming(msg, ici); } struct Peer* ep = Identity_check((struct Peer*) ici->peerMap.values[epIndex]); Message_shift(msg, -lladdr->addrLen, NULL); CryptoAuth_resetIfTimeout(ep->caSession); if (CryptoAuth_decrypt(ep->caSession, msg)) { return NULL; } PeerLink_recv(msg, ep->peerLink); return receivedPostCryptoAuth(msg, ep, ici->ic); }
/** * Expects [ struct LLAddress ][ beacon ] */ static Iface_DEFUN handleBeacon(struct Message* msg, struct InterfaceController_Iface_pvt* ici) { struct InterfaceController_pvt* ic = ici->ic; if (!ici->beaconState) { // accepting beacons disabled. Log_debug(ic->logger, "[%s] Dropping beacon because beaconing is disabled", ici->name->bytes); return NULL; } if (msg->length < Headers_Beacon_SIZE) { Log_debug(ic->logger, "[%s] Dropping runt beacon", ici->name->bytes); return NULL; } struct Sockaddr* lladdrInmsg = (struct Sockaddr*) msg->bytes; // clear the bcast flag lladdrInmsg->flags = 0; Message_shift(msg, -lladdrInmsg->addrLen, NULL); struct Headers_Beacon beacon; Message_pop(msg, &beacon, Headers_Beacon_SIZE, NULL); if (Defined(Log_DEBUG)) { char* content = Hex_print(&beacon, Headers_Beacon_SIZE, msg->alloc); Log_debug(ici->ic->logger, "RECV BEACON CONTENT[%s]", content); } struct Address addr; Bits_memset(&addr, 0, sizeof(struct Address)); Bits_memcpy(addr.key, beacon.publicKey, 32); addr.protocolVersion = Endian_bigEndianToHost32(beacon.version_be); Address_getPrefix(&addr); String* printedAddr = NULL; if (Defined(Log_DEBUG)) { printedAddr = Address_toString(&addr, msg->alloc); } if (addr.ip6.bytes[0] != 0xfc || !Bits_memcmp(ic->ca->publicKey, addr.key, 32)) { Log_debug(ic->logger, "handleBeacon invalid key [%s]", printedAddr->bytes); return NULL; } if (!Version_isCompatible(addr.protocolVersion, Version_CURRENT_PROTOCOL)) { if (Defined(Log_DEBUG)) { Log_debug(ic->logger, "[%s] DROP beacon from [%s] which was version [%d] " "our version is [%d] making them incompatable", ici->name->bytes, printedAddr->bytes, addr.protocolVersion, Version_CURRENT_PROTOCOL); } return NULL; } String* beaconPass = String_newBinary(beacon.password, Headers_Beacon_PASSWORD_LEN, msg->alloc); int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdrInmsg, &ici->peerMap); if (epIndex > -1) { // The password might have changed! struct Peer* ep = ici->peerMap.values[epIndex]; CryptoAuth_setAuth(beaconPass, NULL, ep->caSession); return NULL; } struct Allocator* epAlloc = Allocator_child(ici->alloc); struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1); struct Sockaddr* lladdr = Sockaddr_clone(lladdrInmsg, epAlloc); ep->alloc = epAlloc; ep->ici = ici; ep->lladdr = lladdr; int setIndex = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap); ep->handle = ici->peerMap.handles[setIndex]; ep->isIncomingConnection = true; Bits_memcpy(&ep->addr, &addr, sizeof(struct Address)); Identity_set(ep); Allocator_onFree(epAlloc, closeInterface, ep); ep->peerLink = PeerLink_new(ic->eventBase, epAlloc); ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, beacon.publicKey, false, "outer"); CryptoAuth_setAuth(beaconPass, NULL, ep->caSession); ep->switchIf.send = sendFromSwitch; if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) { Log_debug(ic->logger, "handleBeacon() SwitchCore out of space"); Allocator_free(epAlloc); return NULL; } // We want the node to immedietly be pinged but we don't want it to appear unresponsive because // the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to // (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node". ep->timeOfLastMessage = Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1; Log_info(ic->logger, "Added peer [%s] from beacon", Address_toString(&ep->addr, msg->alloc)->bytes); // This should be safe because this is an outgoing request and we're sure the node will not // be relocated by moveEndpointIfNeeded() sendPeer(0xffffffff, PFChan_Core_PEER, ep); return NULL; }
static void encryptRndNonceTest() { uint8_t buff[44]; Bits_memset(buff, 0, 44); uint8_t nonce[24]; Bits_memset(nonce, 0, 24); uint8_t secret[32]; Bits_memset(secret, 0, 32); struct Message m = { .bytes=&buff[32], .length=HELLOWORLDLEN, .padding=32}; CString_strcpy((char*) m.bytes, HELLOWORLDLOWER); CryptoAuth_encryptRndNonce(nonce, &m, secret); uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc"; uint8_t output[57]; Hex_encode(output, 57, m.bytes, m.length); printf("\n%s\n%s\n", (char*) expected, (char*) output); Assert_true(!Bits_memcmp(expected, output, 56)); Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret)); Assert_true(m.length == HELLOWORLDLEN && !Bits_memcmp(m.bytes, HELLOWORLDLOWER, m.length)); } static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger) { struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc, NULL); return Random_newWithSeed(alloc, logger, evilSeed, NULL); } struct Context { struct Allocator* alloc; struct CryptoAuth* ca; struct CryptoAuth_Session* sess; struct Log* log; struct EventBase* base; }; static struct Context* setUp(uint8_t* myPrivateKey, uint8_t* herPublicKey, uint8_t* authPassword, struct Allocator* alloc) { struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1); struct Log* log = ctx->log = FileWriterLog_new(stdout, alloc); struct EventBase* base = ctx->base = EventBase_new(alloc); struct CryptoAuth* ca = ctx->ca = CryptoAuth_new(alloc, myPrivateKey, base, log, evilRandom(alloc, log)); struct CryptoAuth_Session* sess = ctx->sess = CryptoAuth_newSession(ca, alloc, herPublicKey, NULL, false, Gcc_FILE); if (authPassword) { CryptoAuth_setAuth(String_CONST(authPassword), NULL, sess); } return ctx; } static void testHello(uint8_t* password, uint8_t* expectedOutput) { Assert_true(CString_strlen((char*)expectedOutput) == 264); struct Allocator* alloc = MallocAllocator_new(1<<20); struct Context* ctx = setUp(NULL, HERPUBKEY, password, alloc); struct Message* msg = Message_new(0, CryptoHeader_SIZE + 12, alloc); Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL); Assert_true(!CryptoAuth_encrypt(ctx->sess, msg)); char* actual = Hex_print(msg->bytes, msg->length, alloc); if (CString_strcmp(actual, expectedOutput)) { Assert_failure("Test failed.\n" "Expected %s\n" " Got %s\n", expectedOutput, actual); } Allocator_free(alloc); }