static void cryptoAuth(struct Context* ctx)
{
Log_info(ctx->log, "Setting up salsa20/poly1305 benchmark (encryption and decryption only)");
struct Allocator* alloc = Allocator_child(ctx->alloc);
struct CryptoAuth* ca1 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand);
struct CryptoAuth* ca2 = CryptoAuth_new(alloc, NULL, ctx->base, ctx->log, ctx->rand);
struct CryptoAuth_Session* sess1 =
CryptoAuth_newSession(ca1, alloc, ca2->publicKey, NULL, false, "bench");
struct CryptoAuth_Session* sess2 =
CryptoAuth_newSession(ca2, alloc, ca1->publicKey, NULL, false, "bench");
int size = 1500;
int count = 100000;
struct Message* msg = Message_new(size, 256, alloc);
Random_bytes(ctx->rand, msg->bytes, msg->length);
// setup session
for (int i = 0; i < 2; i++) {
Assert_true(!CryptoAuth_encrypt(sess1, msg));
Assert_true(!CryptoAuth_decrypt(sess2, msg));
Assert_true(!CryptoAuth_encrypt(sess2, msg));
Assert_true(!CryptoAuth_decrypt(sess1, msg));
}
begin(ctx, "salsa20/poly1305", (count * size * 8) / 1024, "kilobits");
for (int i = 0; i < count; i++) {
Assert_true(!CryptoAuth_encrypt(sess1, msg));
Assert_true(!CryptoAuth_decrypt(sess2, msg));
}
done(ctx);
Allocator_free(alloc);
}
/**
* Incoming message from someone we don't know, maybe someone responding to a beacon?
* expects: [ struct LLAddress ][ content ]
*/
static Iface_DEFUN handleUnexpectedIncoming(struct Message* msg,
struct InterfaceController_Iface_pvt* ici)
{
struct InterfaceController_pvt* ic = ici->ic;
struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes;
Message_shift(msg, -lladdr->addrLen, NULL);
if (msg->length < CryptoHeader_SIZE) {
return NULL;
}
struct Allocator* epAlloc = Allocator_child(ici->alloc);
lladdr = Sockaddr_clone(lladdr, epAlloc);
Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault");
struct Peer* ep = Allocator_calloc(epAlloc, sizeof(struct Peer), 1);
Identity_set(ep);
ep->alloc = epAlloc;
ep->ici = ici;
ep->lladdr = lladdr;
ep->alloc = epAlloc;
ep->peerLink = PeerLink_new(ic->eventBase, epAlloc);
struct CryptoHeader* ch = (struct CryptoHeader*) msg->bytes;
ep->caSession = CryptoAuth_newSession(ic->ca, epAlloc, ch->publicKey, true, "outer");
if (CryptoAuth_decrypt(ep->caSession, msg)) {
// If the first message is a dud, drop all state for this peer.
// probably some random crap that wandered in the socket.
Allocator_free(epAlloc);
return NULL;
}
Assert_true(!Bits_isZero(ep->caSession->herPublicKey, 32));
Assert_true(Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap) == -1);
int index = Map_EndpointsBySockaddr_put(&lladdr, &ep, &ici->peerMap);
Assert_true(index >= 0);
ep->handle = ici->peerMap.handles[index];
Allocator_onFree(epAlloc, closeInterface, ep);
ep->state = InterfaceController_PeerState_UNAUTHENTICATED;
ep->isIncomingConnection = true;
ep->switchIf.send = sendFromSwitch;
if (SwitchCore_addInterface(ic->switchCore, &ep->switchIf, epAlloc, &ep->addr.path)) {
Log_debug(ic->logger, "handleUnexpectedIncoming() SwitchCore out of space");
Allocator_free(epAlloc);
return NULL;
}
// We want the node to immedietly be pinged but we don't want it to appear unresponsive because
// the pinger will only ping every (PING_INTERVAL * 8) so we set timeOfLastMessage to
// (now - pingAfterMilliseconds - 1) so it will be considered a "lazy node".
ep->timeOfLastMessage =
Time_currentTimeMilliseconds(ic->eventBase) - ic->pingAfterMilliseconds - 1;
Bits_memcpy(ep->addr.key, ep->caSession->herPublicKey, 32);
Bits_memcpy(ep->addr.ip6.bytes, ep->caSession->herIp6, 16);
Log_info(ic->logger, "Added peer [%s] from incoming message",
Address_toString(&ep->addr, msg->alloc)->bytes);
return receivedPostCryptoAuth(msg, ep, ic);
}
static void receiveHelloWithNoAuth()
{
struct Allocator* alloc = MallocAllocator_new(1<<20);
struct Context* ctx = setUp(PRIVATEKEY, NULL, NULL, alloc);
struct Message* msg = Message_new(132, 0, alloc);
Assert_true(Hex_decode(msg->bytes, msg->length,
"0000000000ffffffffffffff7fffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffff847c0d2c375234f365e660955187a3735a0f7613d1609d3a"
"6a4d8c53aeaa5a22ea9cf275eee0185edf7f211192f12e8e642a325ed76925fe"
"3c76d313b767a10aca584ca0b979dee990a737da7d68366fa3846d43d541de91"
"29ea3e12", 132*2) > 0);
Assert_true(!CryptoAuth_decrypt(ctx->sess, msg));
Assert_true(msg->length == HELLOWORLDLEN);
Assert_true(Bits_memcmp(HELLOWORLD, msg->bytes, HELLOWORLDLEN) == 0);
Allocator_free(alloc);
//printf("bytes=%s length=%u\n", finalOut->bytes, finalOut->length);
}
static Iface_DEFUN handleIncomingFromWire(struct Message* msg, struct Iface* addrIf)
{
struct InterfaceController_Iface_pvt* ici =
Identity_containerOf(addrIf, struct InterfaceController_Iface_pvt, pub.addrIf);
struct Sockaddr* lladdr = (struct Sockaddr*) msg->bytes;
if (msg->length < Sockaddr_OVERHEAD || msg->length < lladdr->addrLen) {
Log_debug(ici->ic->logger, "DROP runt");
return NULL;
}
Assert_true(!((uintptr_t)msg->bytes % 4) && "alignment fault");
Assert_true(!((uintptr_t)lladdr->addrLen % 4) && "alignment fault");
// noisy
if (Defined(Log_DEBUG) && false) {
char* printedAddr = Hex_print(&lladdr[1], lladdr->addrLen - Sockaddr_OVERHEAD, msg->alloc);
Log_debug(ici->ic->logger, "Incoming message from [%s]", printedAddr);
}
if (lladdr->flags & Sockaddr_flags_BCAST) {
return handleBeacon(msg, ici);
}
int epIndex = Map_EndpointsBySockaddr_indexForKey(&lladdr, &ici->peerMap);
if (epIndex == -1) {
return handleUnexpectedIncoming(msg, ici);
}
struct Peer* ep = Identity_check((struct Peer*) ici->peerMap.values[epIndex]);
Message_shift(msg, -lladdr->addrLen, NULL);
CryptoAuth_resetIfTimeout(ep->caSession);
if (CryptoAuth_decrypt(ep->caSession, msg)) {
return NULL;
}
PeerLink_recv(msg, ep->peerLink);
return receivedPostCryptoAuth(msg, ep, ici->ic);
}
