// Function to check if a SID is reachable via MDP or MSP. int _rpc_sid_is_reachable (sid_t sid) { // Create a MDP socket. int mdp_sockfd; if ((mdp_sockfd = mdp_socket()) < 0) { pfatal("Could not create MDP lookup socket. Aborting."); return -1; } // Init a mdp_frame overlay_mdp_frame mdp; bzero(&mdp,sizeof(mdp)); // Set the packettype to get a routingtable. mdp.packetTypeAndFlags = MDP_ROUTING_TABLE; overlay_mdp_send(mdp_sockfd, &mdp, 0, 0); // Poll until there is nothing left. while (overlay_mdp_client_poll(mdp_sockfd, 200)) { // Create mdp_frame for incoming data. TTL is required but not needed... overlay_mdp_frame recv_frame; int ttl; if (overlay_mdp_recv(mdp_sockfd, &recv_frame, 0, &ttl)) { continue; } // Handle incoming data. int offset=0; while (offset + sizeof(struct overlay_route_record) <= recv_frame.out.payload_length) { // Make new route record struct where all needed information is stored in. struct overlay_route_record *record = &recv_frame.out.route_record; offset += sizeof(struct overlay_route_record); // If the record (aka SID) is reachable, and the record is the desired SID, return 1 and clean up. if ((record->reachable == REACHABLE_INDIRECT || record->reachable == REACHABLE_UNICAST || record->reachable == REACHABLE_BROADCAST || record->reachable == REACHABLE_SELF) && !cmp_sid_t(&record->sid, &sid)) { mdp_close(mdp_sockfd); return 1; } } } mdp_close(mdp_sockfd); return 0; }
int keyring_send_sas_request_client(const char *sid_str, const size_t sid_len, char *sas_buf, const size_t sas_buf_len){ int sent, found = 0, ret = 0, mdp_sockfd = -1; int siglen=SID_SIZE+crypto_sign_edwards25519sha512batch_BYTES; sid_t srcsid; unsigned char dstsid[SID_SIZE] = {0}; unsigned char signature[siglen]; time_ms_t now = gettime_ms(); CHECK_MEM(sas_buf); CHECK(sas_buf_len >= 2 * SAS_SIZE + 1, "Insufficient SAS buffer"); CHECK(sid_len == 2 * SID_SIZE && __fromhexstr(dstsid, sid_str, SID_SIZE) == 0, "Invalid SID"); CHECK((mdp_sockfd = overlay_mdp_client_socket()) >= 0,"Cannot create MDP socket"); CHECK(overlay_mdp_getmyaddr(mdp_sockfd, 0, &srcsid) == 0, "Could not get local address"); int client_port = 32768 + (random() & 32767); CHECK(overlay_mdp_bind(mdp_sockfd, &srcsid, client_port) == 0, "Failed to bind to client socket"); /* request mapping (send request auth-crypted). */ overlay_mdp_frame mdp; memset(&mdp,0,sizeof(mdp)); mdp.packetTypeAndFlags=MDP_TX; mdp.out.queue=OQ_MESH_MANAGEMENT; memmove(mdp.out.dst.sid.binary,dstsid,SID_SIZE); mdp.out.dst.port=MDP_PORT_KEYMAPREQUEST; mdp.out.src.port=client_port; memmove(mdp.out.src.sid.binary,srcsid.binary,SID_SIZE); mdp.out.payload_length=1; mdp.out.payload[0]=KEYTYPE_CRYPTOSIGN; sent = overlay_mdp_send(mdp_sockfd, &mdp, 0,0); if (sent) { DEBUG("Failed to send SAS resolution request: %d", sent); CHECK(mdp.packetTypeAndFlags != MDP_ERROR,"MDP Server error #%d: '%s'",mdp.error.error,mdp.error.message); } time_ms_t timeout = now + 5000; while(now<timeout) { time_ms_t timeout_ms = timeout - gettime_ms(); int result = overlay_mdp_client_poll(mdp_sockfd, timeout_ms); if (result>0) { int ttl=-1; if (overlay_mdp_recv(mdp_sockfd, &mdp, client_port, &ttl)==0) { switch(mdp.packetTypeAndFlags&MDP_TYPE_MASK) { case MDP_ERROR: ERROR("overlay_mdp_recv: %s (code %d)", mdp.error.message, mdp.error.error); break; case MDP_TX: { DEBUG("Received SAS mapping response"); found = 1; break; } break; default: DEBUG("overlay_mdp_recv: Unexpected MDP frame type 0x%x", mdp.packetTypeAndFlags); break; } if (found) break; } } now=gettime_ms(); } unsigned keytype = mdp.out.payload[0]; CHECK(keytype == KEYTYPE_CRYPTOSIGN,"Ignoring SID:SAS mapping with unsupported key type %u", keytype); CHECK(mdp.out.payload_length >= 1 + SAS_SIZE,"Truncated key mapping announcement? payload_length: %d", mdp.out.payload_length); unsigned char *sas_public=&mdp.out.payload[1]; unsigned char *compactsignature = &mdp.out.payload[1+SAS_SIZE]; /* reconstitute signed SID for verification */ memmove(&signature[0],&compactsignature[0],64); memmove(&signature[64],&mdp.out.src.sid.binary[0],SID_SIZE); CHECK(__tohex(sas_buf,sas_public,SAS_SIZE),"Failed to convert signing key"); sas_buf[2*SAS_SIZE] = '\0'; ret = 1; error: if (mdp_sockfd != -1) overlay_mdp_client_close(mdp_sockfd); return ret; }
int overlay_mdp_send(overlay_mdp_frame *mdp,int flags,int timeout_ms) { int len=4; if (mdp_client_socket==-1) if (overlay_mdp_client_init() != 0) return -1; /* Minimise frame length to save work and prevent accidental disclosure of memory contents. */ len=overlay_mdp_relevant_bytes(mdp); if (len<0) return WHY("MDP frame invalid (could not compute length)"); /* Construct name of socket to send to. */ struct sockaddr_un name; name.sun_family = AF_UNIX; if (!FORM_SERVAL_INSTANCE_PATH(name.sun_path, "mdp.socket")) return -1; set_nonblock(mdp_client_socket); int result=sendto(mdp_client_socket, mdp, len, 0, (struct sockaddr *)&name, sizeof(struct sockaddr_un)); set_block(mdp_client_socket); if (result<0) { mdp->packetTypeAndFlags=MDP_ERROR; mdp->error.error=1; snprintf(mdp->error.message,128,"Error sending frame to MDP server."); return WHY_perror("sendto(f)"); } else { if (!(flags&MDP_AWAITREPLY)) { return 0; } } int port=0; if ((mdp->packetTypeAndFlags&MDP_TYPE_MASK) == MDP_TX) port = mdp->out.src.port; time_ms_t started = gettime_ms(); while(timeout_ms>=0 && overlay_mdp_client_poll(timeout_ms)>0){ int ttl=-1; if (!overlay_mdp_recv(mdp, port, &ttl)) { /* If all is well, examine result and return error code provided */ if ((mdp->packetTypeAndFlags&MDP_TYPE_MASK)==MDP_ERROR) return mdp->error.error; else /* Something other than an error has been returned */ return 0; } // work out how much longer we can wait for a valid response time_ms_t now = gettime_ms(); timeout_ms -= (now - started); } /* Timeout */ mdp->packetTypeAndFlags=MDP_ERROR; mdp->error.error=1; snprintf(mdp->error.message,128,"Timeout waiting for reply to MDP packet (packet was successfully sent)."); return -1; /* WHY("Timeout waiting for server response"); */ }
static int keyring_send_sas_request_client(struct subscriber *subscriber){ int sent, client_port, found = 0, ret = 0; int siglen=SID_SIZE+crypto_sign_edwards25519sha512batch_BYTES; unsigned char *srcsid[SID_SIZE] = {0}, *plain = NULL; unsigned char signature[siglen]; time_ms_t now = gettime_ms(); CHECK_ERR(overlay_mdp_getmyaddr(0,(sid_t *)srcsid) == 0,"Could not get local address"); if (subscriber->sas_valid) return 1; CHECK_ERR(now >= subscriber->sas_last_request + 100,"Too soon to ask for SAS mapping again"); CHECK_ERR(my_subscriber,"couldn't request SAS (I don't know who I am)"); DEBUG("Requesting SAS mapping for SID=%s", alloca_tohex_sid(subscriber->sid)); CHECK_ERR(overlay_mdp_bind((sid_t *)my_subscriber->sid,(client_port=32768+(random()&32767))) == 0,"Failed to bind to client socket"); /* request mapping (send request auth-crypted). */ overlay_mdp_frame mdp; memset(&mdp,0,sizeof(mdp)); mdp.packetTypeAndFlags=MDP_TX; mdp.out.queue=OQ_MESH_MANAGEMENT; memmove(mdp.out.dst.sid,subscriber->sid,SID_SIZE); mdp.out.dst.port=MDP_PORT_KEYMAPREQUEST; mdp.out.src.port=client_port; memmove(mdp.out.src.sid,srcsid,SID_SIZE); mdp.out.payload_length=1; mdp.out.payload[0]=KEYTYPE_CRYPTOSIGN; sent = overlay_mdp_send(&mdp, 0,0); if (sent) { DEBUG("Failed to send SAS resolution request: %d", sent); CHECK_ERR(mdp.packetTypeAndFlags != MDP_ERROR,"MDP Server error #%d: '%s'",mdp.error.error,mdp.error.message); } time_ms_t timeout = now + 5000; while(now<timeout) { time_ms_t timeout_ms = timeout - gettime_ms(); int result = overlay_mdp_client_poll(timeout_ms); if (result>0) { int ttl=-1; if (overlay_mdp_recv(&mdp, client_port, &ttl)==0) { switch(mdp.packetTypeAndFlags&MDP_TYPE_MASK) { case MDP_ERROR: ERROR("overlay_mdp_recv: %s (code %d)", mdp.error.message, mdp.error.error); break; case MDP_TX: { DEBUG("Received SAS mapping response"); found = 1; break; } break; default: DEBUG("overlay_mdp_recv: Unexpected MDP frame type 0x%x", mdp.packetTypeAndFlags); break; } if (found) break; } } now=gettime_ms(); if (servalShutdown) break; } unsigned keytype = mdp.out.payload[0]; CHECK_ERR(keytype == KEYTYPE_CRYPTOSIGN,"Ignoring SID:SAS mapping with unsupported key type %u", keytype); CHECK_ERR(mdp.out.payload_length >= 1 + SAS_SIZE,"Truncated key mapping announcement? payload_length: %d", mdp.out.payload_length); plain = (unsigned char*)calloc(mdp.out.payload_length,sizeof(unsigned char)); unsigned long long plain_len=0; unsigned char *sas_public=&mdp.out.payload[1]; unsigned char *compactsignature = &mdp.out.payload[1+SAS_SIZE]; /* reconstitute signed SID for verification */ memmove(&signature[0],&compactsignature[0],64); memmove(&signature[64],&mdp.out.src.sid[0],SID_SIZE); int r=crypto_sign_edwards25519sha512batch_open(plain,&plain_len, signature,siglen, sas_public); CHECK_ERR(r == 0,"SID:SAS mapping verification signature does not verify"); /* These next two tests should never be able to fail, but let's just check anyway. */ CHECK_ERR(plain_len == SID_SIZE,"SID:SAS mapping signed block is wrong length"); CHECK_ERR(memcmp(plain, mdp.out.src.sid, SID_SIZE) == 0,"SID:SAS mapping signed block is for wrong SID"); memmove(subscriber->sas_public, sas_public, SAS_SIZE); subscriber->sas_valid=1; subscriber->sas_last_request=now; ret = 1; error: if (plain) free(plain); return ret; }