static void cryptoAuth(struct Context* ctx)
{
Log_info(ctx->log, "Setting up salsa20/poly1305 benchmark (encryption and decryption only)");
struct Allocator* alloc = Allocator_child(ctx->alloc);
struct CryptoAuth* ca1 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand);
struct CryptoAuth* ca2 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand);
struct CryptoAuth_Session* sess1 =
CryptoAuth_newSession(ca1, alloc, ca2->publicKey, NULL, false, "bench");
struct CryptoAuth_Session* sess2 =
CryptoAuth_newSession(ca2, alloc, ca1->publicKey, NULL, false, "bench");
int size = 1500;
int count = 100000;
struct Message* msg = Message_new(size, 256, alloc);
Random_bytes(ctx->rand, msg->bytes, msg->length);
// setup session
for (int i = 0; i < 2; i++) {
Assert_true(!CryptoAuth_encrypt(sess1, msg));
Assert_true(!CryptoAuth_decrypt(sess2, msg));
Assert_true(!CryptoAuth_encrypt(sess2, msg));
Assert_true(!CryptoAuth_decrypt(sess1, msg));
}
begin(ctx, "salsa20/poly1305", (count * size * 8) / 1024, "kilobits");
for (int i = 0; i < count; i++) {
Assert_true(!CryptoAuth_encrypt(sess1, msg));
Assert_true(!CryptoAuth_decrypt(sess2, msg));
}
done(ctx);
Allocator_free(alloc);
}
struct NetCore* NetCore_new(uint8_t* privateKey,
struct Allocator* allocator,
struct EventBase* base,
struct Random* rand,
struct Log* log)
{
struct Allocator* alloc = Allocator_child(allocator);
struct NetCore* nc = Allocator_calloc(alloc, sizeof(struct NetCore), 1);
nc->alloc = alloc;
nc->base = base;
nc->rand = rand;
nc->log = log;
struct CryptoAuth* ca = nc->ca = CryptoAuth_new(alloc, privateKey, base, log, rand);
struct EventEmitter* ee = nc->ee = EventEmitter_new(alloc, log, ca->publicKey);
struct Address* myAddress = nc->myAddress = Allocator_calloc(alloc, sizeof(struct Address), 1);
Bits_memcpy(myAddress->key, ca->publicKey, 32);
Address_getPrefix(myAddress);
myAddress->protocolVersion = Version_CURRENT_PROTOCOL;
myAddress->path = 1;
// lower half
struct SwitchCore* switchCore = nc->switchCore = SwitchCore_new(log, alloc, base);
struct SwitchAdapter* switchAdapter = nc->switchAdapter = SwitchAdapter_new(alloc, log);
Iface_plumb(&switchAdapter->switchIf, switchCore->routerIf);
struct ControlHandler* controlHandler = nc->controlHandler =
ControlHandler_new(alloc, log, ee, ca->publicKey);
Iface_plumb(&controlHandler->coreIf, &switchAdapter->controlIf);
struct SwitchPinger* sp = nc->sp = SwitchPinger_new(base, rand, log, myAddress, alloc);
Iface_plumb(&controlHandler->switchPingerIf, &sp->controlHandlerIf);
nc->ifController = InterfaceController_new(ca, switchCore, log, base, sp, rand, alloc, ee);
// session manager
struct SessionManager* sm = nc->sm = SessionManager_new(alloc, base, ca, rand, log, ee);
Iface_plumb(&switchAdapter->sessionManagerIf, &sm->switchIf);
// upper half
struct UpperDistributor* upper = nc->upper = UpperDistributor_new(alloc, log, ee, myAddress);
Iface_plumb(&sm->insideIf, &upper->sessionManagerIf);
struct TUNAdapter* tunAdapt = nc->tunAdapt = TUNAdapter_new(alloc, log, myAddress->ip6.bytes);
Iface_plumb(&tunAdapt->upperDistributorIf, &upper->tunAdapterIf);
return nc;
}
static void encryptRndNonceTest()
{
uint8_t buff[44];
Bits_memset(buff, 0, 44);
uint8_t nonce[24];
Bits_memset(nonce, 0, 24);
uint8_t secret[32];
Bits_memset(secret, 0, 32);
struct Message m = { .bytes=&buff[32], .length=12, .padding=32};
CString_strcpy((char*) m.bytes, "hello world");
CryptoAuth_encryptRndNonce(nonce, &m, secret);
uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc";
uint8_t output[57];
Hex_encode(output, 57, m.bytes, m.length);
//printf("\n%s\n%s\n", (char*) expected, (char*) output);
Assert_true(!Bits_memcmp(expected, output, 56));
Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret));
Assert_true(m.length == 12 && !Bits_memcmp(m.bytes, "hello world", m.length));
}
static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger)
{
struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc);
return Random_newWithSeed(alloc, logger, evilSeed, NULL);
}
static void createNew()
{
struct Allocator* allocator = MallocAllocator_new(BUFFER_SIZE);
struct CryptoAuth* ca =
CryptoAuth_new(allocator, privateKey, eventBase, NULL, evilRandom(allocator, NULL));
/*for (int i = 0; i < 32; i++) {
printf("%.2x", ca->publicKey[i]);
}*/
Assert_true(Bits_memcmp(ca->publicKey, publicKey, 32) == 0);
Allocator_free(allocator);
}
static uint8_t receiveMessage(struct Message* message, struct Interface* iface)
{
Message_pop(message, NULL, 4, NULL);
*((struct Message**)iface->receiverContext) = message;
return Error_NONE;
}
static struct CryptoAuth_Wrapper* setUp(uint8_t* myPrivateKey,
uint8_t* herPublicKey,
uint8_t* authPassword,
struct Message** resultMessage)
{
struct Allocator* allocator = MallocAllocator_new(8192*2);
struct Writer* writer = FileWriter_new(stdout, allocator);
struct Log* logger = WriterLog_new(writer, allocator);
struct CryptoAuth* ca =
CryptoAuth_new(allocator, myPrivateKey, eventBase, logger, evilRandom(allocator, logger));
struct Interface* iface = Allocator_clone(allocator, (&(struct Interface) {
.sendMessage = sendMessage,
.senderContext = resultMessage
}));
struct CryptoAuth_Wrapper* setUp(uint8_t* myPrivateKey,
uint8_t* herPublicKey,
uint8_t* authPassword,
struct Message** resultMessage)
{
struct Allocator* allocator = MallocAllocator_new(8192*2);
struct Log* logger = allocator->malloc(sizeof(struct Log), allocator);
logger->writer = FileWriter_new(stdout, allocator);
struct CryptoAuth* ca = CryptoAuth_new(NULL, allocator, myPrivateKey, eventBase, logger);
struct Interface* iface =
allocator->clone(sizeof(struct Interface), allocator, &(struct Interface) {
.sendMessage = sendMessage,
.senderContext = resultMessage
});
void CryptoAuth_benchmark(struct EventBase* base,
struct Log* logger,
struct Allocator* alloc)
{
struct Random* rand = Random_new(alloc, logger, NULL);
struct Context ctx = {
.ca1 = CryptoAuth_new(alloc, NULL, base, NULL, rand),
.ca2 = CryptoAuth_new(alloc, privateKey, base, NULL, rand),
.if1 = {
.sendMessage = transferMessage,
.senderContext = &ctx.if2,
.allocator = alloc
},
.if2 = {
.sendMessage = transferMessage,
.senderContext = &ctx.if1,
.allocator = alloc
},
.base = base
struct Ducttape* Ducttape_register(uint8_t privateKey[32],
struct DHTModuleRegistry* registry,
struct RouterModule* routerModule,
struct SwitchCore* switchCore,
struct EventBase* eventBase,
struct Allocator* allocator,
struct Log* logger,
struct IpTunnel* ipTun,
struct Random* rand)
{
struct Ducttape_pvt* context = Allocator_calloc(allocator, sizeof(struct Ducttape_pvt), 1);
context->registry = registry;
context->routerModule = routerModule;
context->logger = logger;
context->eventBase = eventBase;
context->alloc = allocator;
Identity_set(context);
context->ipTunnel = ipTun;
ipTun->nodeInterface.receiveMessage = sendToNode;
ipTun->nodeInterface.receiverContext = context;
ipTun->tunInterface.receiveMessage = sendToTun;
ipTun->tunInterface.receiverContext = context;
struct CryptoAuth* cryptoAuth =
CryptoAuth_new(allocator, privateKey, eventBase, logger, rand);
Bits_memcpyConst(context->myAddr.key, cryptoAuth->publicKey, 32);
Address_getPrefix(&context->myAddr);
context->sm = SessionManager_new(incomingFromCryptoAuth,
outgoingFromCryptoAuth,
context,
eventBase,
cryptoAuth,
allocator);
context->pub.sessionManager = context->sm;
Bits_memcpyConst(&context->module, (&(struct DHTModule) {
.name = "Ducttape",
.context = context,
.handleOutgoing = handleOutgoing
}), sizeof(struct DHTModule));
static int init(const uint8_t* privateKey,
uint8_t* publicKey,
const uint8_t* password)
{
printf("\nSetting up:\n");
struct Allocator* allocator = MallocAllocator_new(1048576);
textBuff = Allocator_malloc(allocator, BUFFER_SIZE);
struct Writer* logwriter = FileWriter_new(stdout, allocator);
struct Log* logger = WriterLog_new(logwriter, allocator);
struct Random* rand = Random_new(allocator, logger, NULL);
struct EventBase* base = EventBase_new(allocator);
ca1 = CryptoAuth_new(allocator, NULL, base, logger, rand);
if1 = Allocator_clone(allocator, (&(struct Interface) {
.sendMessage = sendMessageToIf2,
.receiveMessage = recvMessageOnIf2,
.allocator = allocator
}));
int main()
{
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Writer* logwriter = FileWriter_new(stdout, alloc);
struct Log* logger = &(struct Log) { .writer = logwriter };
struct event_base* eventBase = event_base_new();
struct CryptoAuth* ca = CryptoAuth_new(NULL, alloc, NULL, eventBase, logger);
uint8_t publicKey[32];
CryptoAuth_getPublicKey(publicKey, ca);
CryptoAuth_addUser(String_CONST("passwd"), 1, (void*)0x01, ca);
struct SwitchCore* switchCore = SwitchCore_new(logger, alloc);
struct Message* message;
struct Interface iface = {
.sendMessage = messageFromInterface,
.senderContext = &message,
.allocator = alloc
};
SwitchCore_setRouterInterface(&iface, switchCore);
// These are unused.
struct DHTModuleRegistry* registry = DHTModuleRegistry_new(alloc);
struct RouterModule* rm =
RouterModule_register(registry, alloc, publicKey, eventBase, logger, NULL);
struct InterfaceController* ifController =
DefaultInterfaceController_new(ca, switchCore, rm, logger, eventBase, NULL, alloc);
////////////////////////
return reconnectionNewEndpointTest(ifController,
publicKey,
&message,
alloc,
eventBase,
logger,
&iface);
}
struct Ducttape* Ducttape_register(Dict* config,
uint8_t privateKey[32],
struct DHTModuleRegistry* registry,
struct RouterModule* routerModule,
struct Interface* routerIf,
struct SwitchCore* switchCore,
struct event_base* eventBase,
struct Allocator* allocator,
struct Log* logger,
struct Admin* admin)
{
struct Ducttape* context = allocator->calloc(sizeof(struct Ducttape), 1, allocator);
context->registry = registry;
context->routerModule = routerModule;
context->logger = logger;
context->forwardTo = NULL;
AddressMapper_init(&context->addrMap);
struct CryptoAuth* cryptoAuth = CryptoAuth_new(config, allocator, privateKey, eventBase, logger);
CryptoAuth_getPublicKey(context->myAddr.key, cryptoAuth);
Address_getPrefix(&context->myAddr);
context->sm = SessionManager_new(16,
incomingFromCryptoAuth,
outgoingFromCryptoAuth,
context,
eventBase,
cryptoAuth,
allocator);
if (routerIf) {
context->routerIf = routerIf;
routerIf->receiveMessage = ip6FromTun;
routerIf->receiverContext = context;
}
Bits_memcpyConst(&context->module, (&(struct DHTModule) {
.name = "Ducttape",
.context = context,
.handleOutgoing = handleOutgoing
}), sizeof(struct DHTModule));
void encryptRndNonceTest()
{
uint8_t buff[44];
memset(buff, 0, 44);
uint8_t nonce[24];
memset(nonce, 0, 24);
uint8_t secret[32];
memset(secret, 0, 32);
struct Message m = { .bytes=&buff[32], .length=12, .padding=32};
strcpy((char*) m.bytes, "hello world");
Exports_encryptRndNonce(nonce, &m, secret);
uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc";
uint8_t output[57];
Hex_encode(output, 57, m.bytes, m.length);
//printf("\n%s\n%s\n", (char*) expected, (char*) output);
Assert_always(!memcmp(expected, output, 56));
Assert_always(!Exports_decryptRndNonce(nonce, &m, secret));
Assert_always(m.length == 12 && !memcmp(m.bytes, "hello world", m.length));
}
void createNew()
{
uint8_t buff[BUFFER_SIZE];
struct Allocator* allocator = BufferAllocator_new(buff, BUFFER_SIZE);
struct CryptoAuth* ca = CryptoAuth_new(allocator, privateKey, eventBase, NULL);
/*for (int i = 0; i < 32; i++) {
printf("%.2x", ca->publicKey[i]);
}*/
Assert_always(memcmp(ca->publicKey, publicKey, 32) == 0);
}
static void testGetUsers()
{
struct Allocator* allocator = MallocAllocator_new(1<<20);
struct EventBase* base = EventBase_new(allocator);
struct CryptoAuth* ca =
CryptoAuth_new(allocator, NULL, base, NULL, evilRandom(allocator, NULL));
List* users = NULL;
users = CryptoAuth_getUsers(ca, allocator);
Assert_true(List_size(users) == 0);
CryptoAuth_addUser(String_CONST("pass1"), String_CONST("user1"), ca);
users = CryptoAuth_getUsers(ca, allocator);
Assert_true(List_size(users) == 1);
Assert_true(String_equals(String_CONST("user1"), List_getString(users,0)));
CryptoAuth_addUser(String_CONST("pass2"), String_CONST("user2"), ca);
users = CryptoAuth_getUsers(ca, allocator);
Assert_true(List_size(users) == 2);
Assert_true(String_equals(String_CONST("user2"),List_getString(users,0)));
Assert_true(String_equals(String_CONST("user1"),List_getString(users,1)));
Allocator_free(allocator);
}
/*
* This process is started with 2 parameters, they must all be numeric in base 10.
* toAngel the pipe which is used to send data back to the angel process.
* fromAngel the pipe which is used to read incoming data from the angel.
*
* Upon initialization, this process will wait for an initial configuration to be sent to
* it and then it will send an initial response.
*/
int Core_main(int argc, char** argv)
{
struct Except* eh = NULL;
int toAngel;
int fromAngel;
if (argc != 4
|| !(toAngel = atoi(argv[2]))
|| !(fromAngel = atoi(argv[3])))
{
Except_raise(eh, -1, "This is internal to cjdns and shouldn't started manually.");
}
struct Allocator* alloc = MallocAllocator_new(ALLOCATOR_FAILSAFE);
struct EventBase* eventBase = EventBase_new(alloc);
struct Random* rand = Random_new(alloc, eh);
// -------------------- Setup the Pre-Logger ---------------------- //
struct Writer* logWriter = FileWriter_new(stdout, alloc);
struct Log* preLogger = WriterLog_new(logWriter, alloc);
struct IndirectLog* indirectLogger = IndirectLog_new(alloc);
indirectLogger->wrappedLog = preLogger;
struct Log* logger = &indirectLogger->pub;
// The first read inside of getInitialConfig() will begin it waiting.
struct PipeInterface* pi =
PipeInterface_new(fromAngel, toAngel, eventBase, logger, alloc, rand);
Dict* config = getInitialConfig(&pi->generic, eventBase, alloc, eh);
String* privateKeyHex = Dict_getString(config, String_CONST("privateKey"));
Dict* adminConf = Dict_getDict(config, String_CONST("admin"));
String* pass = Dict_getString(adminConf, String_CONST("pass"));
if (!pass || !privateKeyHex) {
Except_raise(eh, -1, "Expected 'pass' and 'privateKey' in configuration.");
}
Log_keys(logger, "Starting core with admin password [%s]", pass->bytes);
uint8_t privateKey[32];
if (privateKeyHex->len != 64
|| Hex_decode(privateKey, 32, (uint8_t*) privateKeyHex->bytes, 64) != 32)
{
Except_raise(eh, -1, "privateKey must be 64 bytes of hex.");
}
struct Admin* admin = Admin_new(&pi->generic, alloc, logger, eventBase, pass);
Dict adminResponse = Dict_CONST(String_CONST("error"), String_OBJ(String_CONST("none")), NULL);
Admin_sendMessageToAngel(&adminResponse, admin);
// --------------------- Setup the Logger --------------------- //
// the prelogger will nolonger be used.
struct Log* adminLogger = AdminLog_registerNew(admin, alloc, rand);
indirectLogger->wrappedLog = adminLogger;
logger = adminLogger;
// CryptoAuth
struct Address addr;
parsePrivateKey(privateKey, &addr, eh);
struct CryptoAuth* cryptoAuth = CryptoAuth_new(alloc, privateKey, eventBase, logger, rand);
struct SwitchCore* switchCore = SwitchCore_new(logger, alloc);
struct DHTModuleRegistry* registry = DHTModuleRegistry_new(alloc);
ReplyModule_register(registry, alloc);
// Router
struct RouterModule* router = RouterModule_register(registry,
alloc,
addr.key,
eventBase,
logger,
admin,
rand);
SerializationModule_register(registry, logger, alloc);
struct IpTunnel* ipTun = IpTunnel_new(logger, eventBase, alloc, rand);
struct Ducttape* dt = Ducttape_register(privateKey,
registry,
router,
switchCore,
eventBase,
alloc,
logger,
admin,
ipTun,
rand);
struct SwitchPinger* sp =
SwitchPinger_new(&dt->switchPingerIf, eventBase, logger, alloc);
// Interfaces.
struct InterfaceController* ifController =
DefaultInterfaceController_new(cryptoAuth,
switchCore,
router,
logger,
eventBase,
sp,
alloc);
// ------------------- Register RPC functions ----------------------- //
SwitchPinger_admin_register(sp, admin, alloc);
UDPInterface_admin_register(eventBase, alloc, logger, admin, ifController);
#ifdef HAS_ETH_INTERFACE
ETHInterface_admin_register(eventBase, alloc, logger, admin, ifController);
#endif
RouterModule_admin_register(router, admin, alloc);
AuthorizedPasswords_init(admin, cryptoAuth, alloc);
Admin_registerFunction("ping", adminPing, admin, false, NULL, admin);
Admin_registerFunction("Core_exit", adminExit, logger, true, NULL, admin);
Core_admin_register(addr.ip6.bytes, dt, logger, alloc, admin, eventBase);
Security_admin_register(alloc, logger, admin);
IpTunnel_admin_register(ipTun, admin, alloc);
struct MemoryContext* mc =
alloc->clone(sizeof(struct MemoryContext), alloc,
&(struct MemoryContext) {
.allocator = alloc,
.admin = admin
});
/*
* This process is started with 2 parameters, they must all be numeric in base 10.
* toAngel the pipe which is used to send data back to the angel process.
* fromAngel the pipe which is used to read incoming data from the angel.
*
* Upon initialization, this process will wait for an initial configuration to be sent to
* it and then it will send an initial response.
*/
int Core_main(int argc, char** argv)
{
struct Except* eh = NULL;
if (argc != 3) {
Except_raise(eh, -1, "This is internal to cjdns and shouldn't started manually.");
}
struct Allocator* alloc = MallocAllocator_new(ALLOCATOR_FAILSAFE);
struct Log* preLogger = FileWriterLog_new(stderr, alloc);
struct EventBase* eventBase = EventBase_new(alloc);
// -------------------- Setup the Pre-Logger ---------------------- //
struct Log* logger = IndirectLog_new(alloc);
IndirectLog_set(logger, preLogger);
// -------------------- Setup the PRNG ---------------------- //
struct Random* rand = LibuvEntropyProvider_newDefaultRandom(eventBase, logger, eh, alloc);
// -------------------- Change Canary Value ---------------------- //
MallocAllocator_setCanary(alloc, (long)Random_int64(rand));
struct Allocator* tempAlloc = Allocator_child(alloc);
// The first read inside of getInitialConfig() will begin it waiting.
struct Pipe* angelPipe = Pipe_named(argv[2], eventBase, eh, alloc);
angelPipe->logger = logger;
angelPipe->onClose = angelDied;
struct Interface* angelIface = FramingInterface_new(65535, &angelPipe->iface, alloc);
Dict* config = getInitialConfig(angelIface, eventBase, tempAlloc, eh);
struct Hermes* hermes = Hermes_new(angelIface, eventBase, logger, alloc);
String* privateKeyHex = Dict_getString(config, String_CONST("privateKey"));
Dict* adminConf = Dict_getDict(config, String_CONST("admin"));
String* pass = Dict_getString(adminConf, String_CONST("pass"));
String* bind = Dict_getString(adminConf, String_CONST("bind"));
if (!(pass && privateKeyHex && bind)) {
if (!pass) {
Except_raise(eh, -1, "Expected 'pass'");
}
if (!bind) {
Except_raise(eh, -1, "Expected 'bind'");
}
if (!privateKeyHex) {
Except_raise(eh, -1, "Expected 'privateKey'");
}
Except_raise(eh, -1, "Expected 'pass', 'privateKey' and 'bind' in configuration.");
}
Log_keys(logger, "Starting core with admin password [%s]", pass->bytes);
uint8_t privateKey[32];
if (privateKeyHex->len != 64
|| Hex_decode(privateKey, 32, (uint8_t*) privateKeyHex->bytes, 64) != 32)
{
Except_raise(eh, -1, "privateKey must be 64 bytes of hex.");
}
struct Sockaddr_storage bindAddr;
if (Sockaddr_parse(bind->bytes, &bindAddr)) {
Except_raise(eh, -1, "bind address [%s] unparsable", bind->bytes);
}
struct AddrInterface* udpAdmin =
UDPAddrInterface_new(eventBase, &bindAddr.addr, alloc, eh, logger);
struct Admin* admin = Admin_new(udpAdmin, alloc, logger, eventBase, pass);
char* boundAddr = Sockaddr_print(udpAdmin->addr, tempAlloc);
Dict adminResponse = Dict_CONST(
String_CONST("bind"), String_OBJ(String_CONST(boundAddr)), NULL
);
Dict response = Dict_CONST(
String_CONST("error"), String_OBJ(String_CONST("none")), Dict_CONST(
String_CONST("admin"), Dict_OBJ(&adminResponse), NULL
));
// This always times out because the angel doesn't respond.
Hermes_callAngel(&response, angelResponse, NULL, alloc, eh, hermes);
// --------------------- Setup the Logger --------------------- //
Dict* logging = Dict_getDict(config, String_CONST("logging"));
String* logTo = Dict_getString(logging, String_CONST("logTo"));
if (logTo && String_equals(logTo, String_CONST("stdout"))) {
// do nothing, continue logging to stdout.
} else {
struct Log* adminLogger = AdminLog_registerNew(admin, alloc, rand);
IndirectLog_set(logger, adminLogger);
logger = adminLogger;
}
// CryptoAuth
struct Address addr;
parsePrivateKey(privateKey, &addr, eh);
struct CryptoAuth* cryptoAuth = CryptoAuth_new(alloc, privateKey, eventBase, logger, rand);
struct Sockaddr* myAddr = Sockaddr_fromBytes(addr.ip6.bytes, Sockaddr_AF_INET6, alloc);
struct SwitchCore* switchCore = SwitchCore_new(logger, alloc);
struct DHTModuleRegistry* registry = DHTModuleRegistry_new(alloc);
ReplyModule_register(registry, alloc);
// Router
struct RouterModule* router = RouterModule_register(registry,
alloc,
addr.key,
eventBase,
logger,
admin,
rand);
SerializationModule_register(registry, logger, alloc);
struct IpTunnel* ipTun = IpTunnel_new(logger, eventBase, alloc, rand, hermes);
struct Ducttape* dt = Ducttape_register(privateKey,
registry,
router,
switchCore,
eventBase,
alloc,
logger,
admin,
ipTun,
rand);
struct SwitchPinger* sp =
SwitchPinger_new(&dt->switchPingerIf, eventBase, logger, alloc);
// Interfaces.
struct InterfaceController* ifController =
DefaultInterfaceController_new(cryptoAuth,
switchCore,
router,
logger,
eventBase,
sp,
rand,
alloc);
// ------------------- Register RPC functions ----------------------- //
SwitchPinger_admin_register(sp, admin, alloc);
UDPInterface_admin_register(eventBase, alloc, logger, admin, ifController);
#ifdef HAS_ETH_INTERFACE
ETHInterface_admin_register(eventBase, alloc, logger, admin, ifController);
#endif
RouterModule_admin_register(router, admin, alloc);
AuthorizedPasswords_init(admin, cryptoAuth, alloc);
Admin_registerFunction("ping", adminPing, admin, false, NULL, admin);
Core_admin_register(myAddr, dt, logger, ipTun, alloc, admin, eventBase);
Security_admin_register(alloc, logger, admin);
IpTunnel_admin_register(ipTun, admin, alloc);
struct Context* ctx = Allocator_clone(alloc, (&(struct Context) {
.allocator = alloc,
.admin = admin,
.logger = logger,
.hermes = hermes
}));
struct TestFramework* TestFramework_setUp(char* privateKey,
struct Allocator* allocator,
struct Log* logger)
{
if (!logger) {
struct Writer* logwriter = FileWriter_new(stdout, allocator);
logger = WriterLog_new(logwriter, allocator);
}
struct Random* rand = Random_new(allocator, logger, NULL);
struct EventBase* base = EventBase_new(allocator);
uint64_t pks[4];
if (!privateKey) {
Random_longs(rand, pks, 4);
privateKey = (char*)pks;
}
uint8_t* publicKey = Allocator_malloc(allocator, 32);
crypto_scalarmult_curve25519_base(publicKey, (uint8_t*)privateKey);
struct Address* myAddress = Allocator_calloc(allocator, sizeof(struct Address), 1);
Bits_memcpyConst(myAddress->key, publicKey, 32);
AddressCalc_addressForPublicKey(myAddress->ip6.bytes, publicKey);
struct SwitchCore* switchCore = SwitchCore_new(logger, allocator);
struct CryptoAuth* ca = CryptoAuth_new(allocator, (uint8_t*)privateKey, base, logger, rand);
struct DHTModuleRegistry* registry = DHTModuleRegistry_new(allocator);
ReplyModule_register(registry, allocator);
struct NodeStore* nodeStore = NodeStore_new(myAddress, 128, allocator, logger, rand);
struct RouterModule* routerModule =
RouterModule_register(registry, allocator, publicKey, base, logger, rand, nodeStore);
struct SearchRunner* searchRunner =
SearchRunner_new(nodeStore, logger, base, routerModule, myAddress->ip6.bytes, allocator);
SerializationModule_register(registry, logger, allocator);
struct IpTunnel* ipTun = IpTunnel_new(logger, base, allocator, rand, NULL);
struct Ducttape* dt =
Ducttape_register((uint8_t*)privateKey, registry, routerModule, searchRunner,
switchCore, base, allocator, logger, ipTun, rand);
struct SwitchPinger* sp = SwitchPinger_new(&dt->switchPingerIf, base, rand, logger, allocator);
// Interfaces.
struct InterfaceController* ifController =
DefaultInterfaceController_new(ca,
switchCore,
routerModule,
logger,
base,
sp,
rand,
allocator);
struct TestFramework* tf = Allocator_clone(allocator, (&(struct TestFramework) {
.alloc = allocator,
.rand = rand,
.eventBase = base,
.logger = logger,
.switchCore = switchCore,
.ducttape = dt,
.cryptoAuth = ca,
.router = routerModule,
.switchPinger = sp,
.ifController = ifController,
.publicKey = publicKey,
.ip = myAddress->ip6.bytes
}));
int main(int argc, char** argv)
{
#ifdef Log_KEYS
fprintf(stderr, "Log_LEVEL = KEYS, EXPECT TO SEE PRIVATE KEYS IN YOUR LOGS!\n");
#endif
Crypto_init();
assert(argc > 0);
if (argc == 1) { // no arguments
if (isatty(STDIN_FILENO)) {
// We were started from a terminal
// The chances an user wants to type in a configuration
// bij hand are pretty slim so we show him the usage
return usage(argv[0]);
} else {
// We assume stdin is a configuration file and that we should
// start routing
}
}
if (argc == 2) { // one argument
if (strcmp(argv[1], "--help") == 0) {
return usage(argv[0]);
} else if (strcmp(argv[1], "--genconf") == 0) {
return genconf();
} else if (strcmp(argv[1], "--getcmds") == 0) {
// Performed after reading the configuration
} else if (strcmp(argv[1], "--pidfile") == 0) {
// Performed after reading the configuration
} else {
fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[1]);
fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]);
return -1;
}
}
if (argc > 2) { // more than one argument?
fprintf(stderr, "%s: too many arguments\n", argv[0]);
fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]);
return -1;
}
struct Context context;
memset(&context, 0, sizeof(struct Context));
context.base = event_base_new();
// Allow it to allocate 4MB
context.allocator = MallocAllocator_new(1<<22);
struct Reader* reader = FileReader_new(stdin, context.allocator);
Dict config;
if (JsonBencSerializer_get()->parseDictionary(reader, context.allocator, &config)) {
fprintf(stderr, "Failed to parse configuration.\n");
return -1;
}
if (argc == 2 && strcmp(argv[1], "--getcmds") == 0) {
return getcmds(&config);
}
if (argc == 2 && strcmp(argv[1], "--pidfile") == 0) {
pidfile(&config);
return 0;
}
char* user = setUser(Dict_getList(&config, BSTR("security")));
// Admin
Dict* adminConf = Dict_getDict(&config, BSTR("admin"));
if (adminConf) {
admin(adminConf, user, &context);
}
// Logging
struct Writer* logwriter = FileWriter_new(stdout, context.allocator);
struct Log logger = { .writer = logwriter };
context.logger = &logger;
struct Address myAddr;
uint8_t privateKey[32];
parsePrivateKey(&config, &myAddr, privateKey);
context.eHandler = AbortHandler_INSTANCE;
context.switchCore = SwitchCore_new(context.logger, context.allocator);
context.ca =
CryptoAuth_new(&config, context.allocator, privateKey, context.base, context.logger);
context.registry = DHTModules_new(context.allocator);
ReplyModule_register(context.registry, context.allocator);
// Router
Dict* routerConf = Dict_getDict(&config, BSTR("router"));
registerRouter(routerConf, myAddr.key, &context);
SerializationModule_register(context.registry, context.allocator);
// Authed passwords.
List* authedPasswords = Dict_getList(&config, BSTR("authorizedPasswords"));
if (authedPasswords) {
authorizedPasswords(authedPasswords, &context);
}
// Interfaces.
Dict* interfaces = Dict_getDict(&config, BSTR("interfaces"));
Dict* udpConf = Dict_getDict(interfaces, BSTR("UDPInterface"));
if (udpConf) {
configureUDP(udpConf, &context);
}
if (udpConf == NULL) {
fprintf(stderr, "No interfaces configured to connect to.\n");
return -1;
}
// pid file
String* pidFile = Dict_getString(&config, BSTR("pidFile"));
if (pidFile) {
Log_info1(context.logger, "Writing pid of process to [%s].\n", pidFile->bytes);
FILE* pf = fopen(pidFile->bytes, "w");
if (!pf) {
Log_critical2(context.logger,
"Failed to open pid file [%s] for writing, errno=%d\n",
pidFile->bytes,
errno);
return -1;
}
fprintf(pf, "%d", getpid());
fclose(pf);
}
Ducttape_register(&config,
privateKey,
context.registry,
context.routerModule,
context.routerIf,
context.switchCore,
context.base,
context.allocator,
context.logger);
uint8_t address[53];
Base32_encode(address, 53, myAddr.key, 32);
Log_info1(context.logger, "Your address is: %s.k\n", address);
uint8_t myIp[40];
Address_printIp(myIp, &myAddr);
Log_info1(context.logger, "Your IPv6 address is: %s\n", myIp);
// Security.
security(Dict_getList(&config, BSTR("security")), context.logger, context.eHandler);
event_base_loop(context.base, 0);
// Never reached.
return 0;
}
static int reconnectionNewEndpointTest(struct InterfaceController* ifController,
uint8_t* pk,
struct Message** fromSwitchPtr,
struct Allocator* alloc,
struct EventBase* eventBase,
struct Log* logger,
struct Interface* routerIf,
struct Random* rand)
{
struct Message* message;
struct Interface iface = {
.sendMessage = messageFromInterface,
.senderContext = &message,
.allocator = alloc
};
uint8_t* buffer = Allocator_malloc(alloc, 512);
struct Message* outgoing =
&(struct Message) { .length = 0, .padding = 512, .bytes = buffer + 512 };
struct CryptoAuth* externalCa = CryptoAuth_new(alloc, NULL, eventBase, logger, rand);
struct Interface* wrapped = CryptoAuth_wrapInterface(&iface, pk, NULL, false, "", externalCa);
CryptoAuth_setAuth(String_CONST("passwd"), 1, wrapped);
struct Interface icIface = {
.allocator = alloc,
.sendMessage = messageFromInterface,
.senderContext = &message
};
InterfaceController_registerPeer(ifController, NULL, NULL, true, false, &icIface);
uint8_t hexBuffer[1025];
for (int i = 0; i < 4; i++) {
outgoing->length = 0;
outgoing->padding = 512;
outgoing->bytes = buffer + 512;
Message_shift(outgoing, 12, NULL);
Bits_memcpyConst(outgoing->bytes, "hello world", 12);
Message_shift(outgoing, SwitchHeader_SIZE, NULL);
Bits_memcpyConst(outgoing->bytes, (&(struct SwitchHeader) {
.label_be = Endian_hostToBigEndian64(1),
.lowBits_be = 0
}), SwitchHeader_SIZE);
wrapped->sendMessage(outgoing, wrapped);
*fromSwitchPtr = NULL;
icIface.receiveMessage(outgoing, &icIface);
message = *fromSwitchPtr;
Assert_true(message);
Assert_true(message->length == 24);
Hex_encode(hexBuffer, 1025, message->bytes, message->length);
printf("%s\n", hexBuffer);
// Need to bounce the packets back when connecting after the first try.
// This is needed to establish the CryptoAuth session and make the InterfaceController
// merge the endpoints.
if (i > 0) {
// Reverse the bits to reverse the path:
uint64_t path;
Bits_memcpyConst(&path, message->bytes, 8);
path = Bits_bitReverse64(path);
Bits_memcpyConst(message->bytes, &path, 8);
printf("sending back response.\n");
routerIf->receiveMessage(message, routerIf);
printf("forwarding response to external cryptoAuth.\n");
iface.receiveMessage(message, &iface);
printf("forwarded.\n");
} else {
printf("not responding because we don't want to establish a connection yet.\n");
}
}
// check everything except the label
Assert_true(!CString_strcmp((char*)hexBuffer+16, "0000000068656c6c6f20776f726c6400"));
// check label: make sure the interface has been switched back into position 0.
uint64_t label_be;
Hex_decode((uint8_t*) &label_be, 8, hexBuffer, 16);
uint64_t rev_label = Bits_bitReverse64(Endian_bigEndianToHost64(label_be));
// check label is decoded to 0
Assert_true(0 == NumberCompress_getDecompressed(rev_label,
NumberCompress_bitsUsedForLabel(rev_label)));
// check no other bits are set
uint64_t out = NumberCompress_getCompressed(0, NumberCompress_bitsUsedForLabel(rev_label));
Assert_true(rev_label == out);
return 0;
}
int main(int argc, char** argv)
{
#ifdef Log_KEYS
fprintf(stderr, "Log_LEVEL = KEYS, EXPECT TO SEE PRIVATE KEYS IN YOUR LOGS!\n");
#endif
Crypto_init();
Assert_true(argc > 0);
if (argc == 2) {
// one argument
if (strcmp(argv[1], "--help") == 0) {
return usage(argv[0]);
} else if (strcmp(argv[1], "--genconf") == 0) {
return genconf();
} else if (strcmp(argv[1], "--pidfile") == 0) {
// Performed after reading the configuration
} else if (strcmp(argv[1], "--reconf") == 0) {
// Performed after reading the configuration
} else if (strcmp(argv[1], "--bench") == 0) {
return benchmark();
} else if (strcmp(argv[1], "--version") == 0) {
printf("Version ID: %s\n", RouterModule_gitVersion());
return 0;
} else {
fprintf(stderr, "%s: unrecognized option '%s'\n", argv[0], argv[1]);
fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]);
return -1;
}
} else if (argc > 2) {
// more than one argument?
fprintf(stderr, "%s: too many arguments\n", argv[0]);
fprintf(stderr, "Try `%s --help' for more information.\n", argv[0]);
return -1;
}
if (isatty(STDIN_FILENO)) {
// We were started from a terminal
// The chances an user wants to type in a configuration
// bij hand are pretty slim so we show him the usage
return usage(argv[0]);
} else {
// We assume stdin is a configuration file and that we should
// start routing
}
struct event_base* eventBase = event_base_new();
// Allow it to allocate 4MB
struct Allocator* allocator = MallocAllocator_new(1<<22);
struct Reader* reader = FileReader_new(stdin, allocator);
Dict config;
if (JsonBencSerializer_get()->parseDictionary(reader, allocator, &config)) {
fprintf(stderr, "Failed to parse configuration.\n");
return -1;
}
// Logging.
struct Writer* logwriter = FileWriter_new(stdout, allocator);
struct Log* logger = &(struct Log) { .writer = logwriter };
// pid file
String* pidFile = Dict_getString(&config, String_CONST("pidFile"));
if (pidFile) {
if (argc == 2 && strcmp(argv[1], "--pidfile") == 0) {
printf("%s", pidFile->bytes);
return 0;
}
Log_info(logger, "Writing pid of process to [%s].\n", pidFile->bytes);
FILE* pf = fopen(pidFile->bytes, "w");
if (!pf) {
Log_critical(logger,
"Failed to open pid file [%s] for writing, errno=%d\n",
pidFile->bytes,
errno);
return -1;
}
fprintf(pf, "%d", (int) getpid());
fclose(pf);
}
// re-configure
if (argc == 2 && strcmp(argv[1], "--reconf") == 0) {
reconf(eventBase, &config, logger, allocator);
return 0;
}
// ca, needed for admin.
struct Address myAddr;
uint8_t privateKey[32];
parsePrivateKey(&config, &myAddr, privateKey);
struct CryptoAuth* cryptoAuth =
CryptoAuth_new(&config, allocator, privateKey, eventBase, logger);
// Admin
char* user = setUser(Dict_getList(&config, String_CONST("security")));
struct Admin* admin = newAdmin(&config, user, logger, eventBase, allocator);
struct SwitchCore* switchCore = SwitchCore_new(logger, allocator);
struct DHTModuleRegistry* registry = DHTModuleRegistry_new(allocator);
ReplyModule_register(registry, allocator);
// Router
struct Interface* routerIf = NULL;
Dict* routerConf = Dict_getDict(&config, String_CONST("router"));
Dict* iface = Dict_getDict(routerConf, String_CONST("interface"));
if (String_equals(Dict_getString(iface, String_CONST("type")), String_CONST("TUNInterface"))) {
String* ifName = Dict_getString(iface, String_CONST("tunDevice"));
char assignedTunName[TUNConfigurator_IFNAMSIZ];
void* tunPtr = TUNConfigurator_initTun(((ifName) ? ifName->bytes : NULL),
assignedTunName,
logger,
AbortHandler_INSTANCE);
struct Jmp jmp;
Jmp_try(jmp) {
TUNConfigurator_setIpAddress(
assignedTunName, myAddr.ip6.bytes, 8, logger, &jmp.handler);
} Jmp_catch {
Log_warn(logger, "Unable to configure ip address [%s]", jmp.message);
}
struct TUNInterface* tun = TUNInterface_new(tunPtr, eventBase, allocator);
routerIf = &tun->iface;
}
struct Log* logger = WriterLog_new(logwriter, allocator);
struct Random* rand = Random_new(allocator, logger, NULL);
struct EventBase* base = EventBase_new(allocator);
ca1 = CryptoAuth_new(allocator, NULL, base, logger, rand);
if1 = Allocator_clone(allocator, (&(struct Interface) {
.sendMessage = sendMessageToIf2,
.receiveMessage = recvMessageOnIf2,
.allocator = allocator
}));
cif1 = CryptoAuth_wrapInterface(if1, publicKey, false, false, ca1);
cif1->receiveMessage = recvMessageOnIf1;
ca2 = CryptoAuth_new(allocator, privateKey, base, logger, rand);
if (password) {
String passStr = {.bytes=(char*)password,.len=strlen((char*)password)};
CryptoAuth_setAuth(&passStr, 1, cif1);
CryptoAuth_addUser(&passStr, 1, userObj, ca2);
}
if2 = Allocator_clone(allocator, (&(struct Interface) {
.sendMessage = sendMessageToIf1,
.allocator = allocator
}));
cif2 = CryptoAuth_wrapInterface(if2, NULL, false, authenticatePackets, ca2);
cif2->receiveMessage = recvMessageOnIf2;
return 0;
}
static void encryptRndNonceTest()
{
uint8_t buff[44];
Bits_memset(buff, 0, 44);
uint8_t nonce[24];
Bits_memset(nonce, 0, 24);
uint8_t secret[32];
Bits_memset(secret, 0, 32);
struct Message m = { .bytes=&buff[32], .length=HELLOWORLDLEN, .padding=32};
CString_strcpy((char*) m.bytes, HELLOWORLDLOWER);
CryptoAuth_encryptRndNonce(nonce, &m, secret);
uint8_t* expected = (uint8_t*) "1391ac5d03ba9f7099bffbb6e6c69d67ae5bd79391a5b94399b293dc";
uint8_t output[57];
Hex_encode(output, 57, m.bytes, m.length);
printf("\n%s\n%s\n", (char*) expected, (char*) output);
Assert_true(!Bits_memcmp(expected, output, 56));
Assert_true(!CryptoAuth_decryptRndNonce(nonce, &m, secret));
Assert_true(m.length == HELLOWORLDLEN && !Bits_memcmp(m.bytes, HELLOWORLDLOWER, m.length));
}
static struct Random* evilRandom(struct Allocator* alloc, struct Log* logger)
{
struct RandomSeed* evilSeed = DeterminentRandomSeed_new(alloc, NULL);
return Random_newWithSeed(alloc, logger, evilSeed, NULL);
}
struct Context
{
struct Allocator* alloc;
struct CryptoAuth* ca;
struct CryptoAuth_Session* sess;
struct Log* log;
struct EventBase* base;
};
static struct Context* setUp(uint8_t* myPrivateKey,
uint8_t* herPublicKey,
uint8_t* authPassword,
struct Allocator* alloc)
{
struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1);
struct Log* log = ctx->log = FileWriterLog_new(stdout, alloc);
struct EventBase* base = ctx->base = EventBase_new(alloc);
struct CryptoAuth* ca = ctx->ca =
CryptoAuth_new(alloc, myPrivateKey, base, log, evilRandom(alloc, log));
struct CryptoAuth_Session* sess = ctx->sess =
CryptoAuth_newSession(ca, alloc, herPublicKey, NULL, false, Gcc_FILE);
if (authPassword) {
CryptoAuth_setAuth(String_CONST(authPassword), NULL, sess);
}
return ctx;
}
static void testHello(uint8_t* password, uint8_t* expectedOutput)
{
Assert_true(CString_strlen((char*)expectedOutput) == 264);
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Context* ctx = setUp(NULL, HERPUBKEY, password, alloc);
struct Message* msg = Message_new(0, CryptoHeader_SIZE + 12, alloc);
Message_push(msg, HELLOWORLD, HELLOWORLDLEN, NULL);
Assert_true(!CryptoAuth_encrypt(ctx->sess, msg));
char* actual = Hex_print(msg->bytes, msg->length, alloc);
if (CString_strcmp(actual, expectedOutput)) {
Assert_failure("Test failed.\n"
"Expected %s\n"
" Got %s\n", expectedOutput, actual);
}
Allocator_free(alloc);
}
