/src/c-toxcore/toxcore/announce.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* SPDX-License-Identifier: GPL-3.0-or-later |
2 | | * Copyright © 2020-2025 The TokTok team. |
3 | | */ |
4 | | |
5 | | /** |
6 | | * "Server side" of the DHT announcements protocol. |
7 | | */ |
8 | | |
9 | | #include "announce.h" |
10 | | |
11 | | #include <assert.h> |
12 | | #include <string.h> |
13 | | |
14 | | #include "DHT.h" |
15 | | #include "LAN_discovery.h" |
16 | | #include "attributes.h" |
17 | | #include "ccompat.h" |
18 | | #include "crypto_core.h" |
19 | | #include "forwarding.h" |
20 | | #include "logger.h" |
21 | | #include "mem.h" |
22 | | #include "mono_time.h" |
23 | | #include "network.h" |
24 | | #include "shared_key_cache.h" |
25 | | #include "timed_auth.h" |
26 | | #include "util.h" |
27 | | |
28 | | // Settings for the shared key cache |
29 | 1.76k | #define MAX_KEYS_PER_SLOT 4 |
30 | 1.76k | #define KEYS_TIMEOUT 600 |
31 | | |
32 | | uint8_t announce_response_of_request_type(uint8_t request_type) |
33 | 0 | { |
34 | 0 | switch (request_type) { |
35 | 0 | case NET_PACKET_DATA_SEARCH_REQUEST: |
36 | 0 | return NET_PACKET_DATA_SEARCH_RESPONSE; |
37 | | |
38 | 0 | case NET_PACKET_DATA_RETRIEVE_REQUEST: |
39 | 0 | return NET_PACKET_DATA_RETRIEVE_RESPONSE; |
40 | | |
41 | 0 | case NET_PACKET_STORE_ANNOUNCE_REQUEST: |
42 | 0 | return NET_PACKET_STORE_ANNOUNCE_RESPONSE; |
43 | | |
44 | 0 | default: { |
45 | 0 | assert(false); |
46 | 0 | return NET_PACKET_MAX; |
47 | 0 | } |
48 | 0 | } |
49 | 0 | } |
50 | | |
51 | | typedef struct Announce_Entry { |
52 | | uint64_t store_until; |
53 | | uint8_t data_public_key[CRYPTO_PUBLIC_KEY_SIZE]; |
54 | | uint8_t *data; |
55 | | uint32_t length; |
56 | | } Announce_Entry; |
57 | | |
58 | | struct Announcements { |
59 | | const Logger *log; |
60 | | const Memory *mem; |
61 | | const Random *rng; |
62 | | Forwarding *forwarding; |
63 | | const Mono_Time *mono_time; |
64 | | DHT *dht; |
65 | | Networking_Core *net; |
66 | | const uint8_t *public_key; |
67 | | const uint8_t *secret_key; |
68 | | |
69 | | Shared_Key_Cache *shared_keys; |
70 | | uint8_t hmac_key[CRYPTO_HMAC_KEY_SIZE]; |
71 | | |
72 | | int32_t synch_offset; |
73 | | |
74 | | uint64_t start_time; |
75 | | |
76 | | Announce_Entry entries[ANNOUNCE_BUCKETS * ANNOUNCE_BUCKET_SIZE]; |
77 | | }; |
78 | | |
79 | | void announce_set_synch_offset(Announcements *announce, int32_t synch_offset) |
80 | 0 | { |
81 | 0 | announce->synch_offset = synch_offset; |
82 | 0 | } |
83 | | |
84 | | /** |
85 | | * An entry is considered to be "deleted" for the purposes of the protocol |
86 | | * once it has timed out. |
87 | | */ |
88 | | non_null() |
89 | | static bool entry_is_empty(const Announcements *announce, const Announce_Entry *entry) |
90 | 0 | { |
91 | 0 | return mono_time_get(announce->mono_time) >= entry->store_until; |
92 | 0 | } |
93 | | |
94 | | non_null() |
95 | | static void delete_entry(Announce_Entry *entry) |
96 | 0 | { |
97 | 0 | entry->store_until = 0; |
98 | 0 | } |
99 | | |
100 | | /** Return bits (at most 8) from pk starting at index as uint8_t */ |
101 | | non_null() |
102 | | static uint8_t truncate_pk_at_index(const uint8_t *pk, uint16_t index, uint16_t bits) |
103 | 0 | { |
104 | 0 | assert(bits < 8); |
105 | 0 | const uint8_t i = index / 8; |
106 | 0 | const uint8_t j = index % 8; |
107 | 0 | return ((uint8_t)((i < CRYPTO_PUBLIC_KEY_SIZE ? pk[i] : 0) << j) >> (8 - bits)) | |
108 | 0 | ((i + 1 < CRYPTO_PUBLIC_KEY_SIZE ? pk[i + 1] : 0) >> (16 - bits - j)); |
109 | 0 | } |
110 | | |
111 | | uint16_t announce_get_bucketnum(const uint8_t *base, const uint8_t *pk) |
112 | 0 | { |
113 | 0 | const uint16_t index = bit_by_bit_cmp(base, pk); |
114 | |
|
115 | 0 | return truncate_pk_at_index(base, index + 1, ANNOUNCE_BUCKET_PREFIX_LENGTH) ^ |
116 | 0 | truncate_pk_at_index(pk, index + 1, ANNOUNCE_BUCKET_PREFIX_LENGTH); |
117 | 0 | } |
118 | | |
119 | | non_null() |
120 | | static Announce_Entry *bucket_of_key(Announcements *announce, const uint8_t *pk) |
121 | 0 | { |
122 | 0 | return &announce->entries[announce_get_bucketnum(announce->public_key, pk) * ANNOUNCE_BUCKET_SIZE]; |
123 | 0 | } |
124 | | |
125 | | non_null() |
126 | | static Announce_Entry *get_stored(Announcements *announce, const uint8_t *data_public_key) |
127 | 0 | { |
128 | 0 | Announce_Entry *const bucket = bucket_of_key(announce, data_public_key); |
129 | |
|
130 | 0 | for (uint32_t i = 0; i < ANNOUNCE_BUCKET_SIZE; ++i) { |
131 | 0 | if (pk_equal(bucket[i].data_public_key, data_public_key)) { |
132 | 0 | if (entry_is_empty(announce, &bucket[i])) { |
133 | 0 | break; |
134 | 0 | } |
135 | | |
136 | 0 | return &bucket[i]; |
137 | 0 | } |
138 | 0 | } |
139 | | |
140 | 0 | return nullptr; |
141 | 0 | } |
142 | | |
143 | | non_null() |
144 | | static const Announce_Entry *bucket_of_key_const(const Announcements *announce, const uint8_t *pk) |
145 | 0 | { |
146 | 0 | return &announce->entries[announce_get_bucketnum(announce->public_key, pk) * ANNOUNCE_BUCKET_SIZE]; |
147 | 0 | } |
148 | | |
149 | | non_null() |
150 | | static const Announce_Entry *get_stored_const(const Announcements *announce, const uint8_t *data_public_key) |
151 | 0 | { |
152 | 0 | const Announce_Entry *const bucket = bucket_of_key_const(announce, data_public_key); |
153 | |
|
154 | 0 | for (uint32_t i = 0; i < ANNOUNCE_BUCKET_SIZE; ++i) { |
155 | 0 | if (pk_equal(bucket[i].data_public_key, data_public_key)) { |
156 | 0 | if (entry_is_empty(announce, &bucket[i])) { |
157 | 0 | break; |
158 | 0 | } |
159 | | |
160 | 0 | return &bucket[i]; |
161 | 0 | } |
162 | 0 | } |
163 | | |
164 | 0 | return nullptr; |
165 | 0 | } |
166 | | |
167 | | bool announce_on_stored(const Announcements *announce, const uint8_t *data_public_key, |
168 | | announce_on_retrieve_cb *on_retrieve_callback, void *object) |
169 | 0 | { |
170 | 0 | const Announce_Entry *const entry = get_stored_const(announce, data_public_key); |
171 | |
|
172 | 0 | if (entry == nullptr || entry->data == nullptr) { |
173 | 0 | return false; |
174 | 0 | } |
175 | | |
176 | 0 | if (on_retrieve_callback != nullptr) { |
177 | 0 | on_retrieve_callback(object, entry->data, entry->length); |
178 | 0 | } |
179 | |
|
180 | 0 | return true; |
181 | 0 | } |
182 | | |
183 | | /** |
184 | | * Return existing entry for this key if it exists, else an empty |
185 | | * slot in the key's bucket if one exists, else an entry in the key's bucket |
186 | | * of greatest 2-adic distance greater than that of the key bucket if one |
187 | | * exists, else nullptr. |
188 | | */ |
189 | | non_null() |
190 | | static Announce_Entry *find_entry_slot(Announcements *announce, const uint8_t *data_public_key) |
191 | 0 | { |
192 | 0 | Announce_Entry *const bucket = bucket_of_key(announce, data_public_key); |
193 | |
|
194 | 0 | Announce_Entry *slot = nullptr; |
195 | 0 | uint16_t min_index = bit_by_bit_cmp(announce->public_key, data_public_key); |
196 | |
|
197 | 0 | for (uint32_t i = 0; i < ANNOUNCE_BUCKET_SIZE; ++i) { |
198 | 0 | if (pk_equal(bucket[i].data_public_key, data_public_key)) { |
199 | 0 | return &bucket[i]; |
200 | 0 | } |
201 | | |
202 | 0 | if (entry_is_empty(announce, &bucket[i])) { |
203 | 0 | slot = &bucket[i]; |
204 | 0 | min_index = 0; |
205 | 0 | continue; |
206 | 0 | } |
207 | | |
208 | 0 | const uint16_t index = bit_by_bit_cmp(announce->public_key, bucket[i].data_public_key); |
209 | |
|
210 | 0 | if (index < min_index) { |
211 | 0 | slot = &bucket[i]; |
212 | 0 | min_index = index; |
213 | 0 | } |
214 | 0 | } |
215 | | |
216 | 0 | return slot; |
217 | 0 | } |
218 | | |
219 | | non_null() |
220 | | static bool would_accept_store_request(Announcements *announce, const uint8_t *data_public_key) |
221 | 0 | { |
222 | 0 | return find_entry_slot(announce, data_public_key) != nullptr; |
223 | 0 | } |
224 | | |
225 | | bool announce_store_data(Announcements *announce, const uint8_t *data_public_key, |
226 | | const uint8_t *data, uint32_t length, uint32_t timeout) |
227 | 0 | { |
228 | 0 | if (length > MAX_ANNOUNCEMENT_SIZE) { |
229 | 0 | return false; |
230 | 0 | } |
231 | | |
232 | 0 | Announce_Entry *entry = find_entry_slot(announce, data_public_key); |
233 | |
|
234 | 0 | if (entry == nullptr) { |
235 | 0 | return false; |
236 | 0 | } |
237 | | |
238 | 0 | if (length > 0) { |
239 | 0 | assert(data != nullptr); |
240 | | |
241 | 0 | mem_delete(announce->mem, entry->data); |
242 | |
|
243 | 0 | uint8_t *entry_data = (uint8_t *)mem_balloc(announce->mem, length); |
244 | |
|
245 | 0 | if (entry_data == nullptr) { |
246 | 0 | entry->data = nullptr; // TODO(iphydf): Is this necessary? |
247 | 0 | return false; |
248 | 0 | } |
249 | | |
250 | 0 | memcpy(entry_data, data, length); |
251 | 0 | entry->data = entry_data; |
252 | 0 | } |
253 | | |
254 | 0 | entry->length = length; |
255 | 0 | memcpy(entry->data_public_key, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); |
256 | 0 | entry->store_until = mono_time_get(announce->mono_time) + timeout; |
257 | |
|
258 | 0 | return true; |
259 | 0 | } |
260 | | |
261 | | non_null() |
262 | | static uint32_t calculate_timeout(const Announcements *announce, uint32_t requested_timeout) |
263 | 0 | { |
264 | 0 | const uint64_t uptime = mono_time_get(announce->mono_time) - announce->start_time; |
265 | 0 | const uint32_t max_announcement_timeout = max_u32( |
266 | 0 | (uint32_t)min_u64( |
267 | 0 | MAX_MAX_ANNOUNCEMENT_TIMEOUT, |
268 | 0 | uptime / MAX_ANNOUNCEMENT_TIMEOUT_UPTIME_RATIO), |
269 | 0 | MIN_MAX_ANNOUNCEMENT_TIMEOUT); |
270 | |
|
271 | 0 | return min_u32(max_announcement_timeout, requested_timeout); |
272 | 0 | } |
273 | | |
274 | 0 | #define DATA_SEARCH_TO_AUTH_MAX_SIZE (CRYPTO_PUBLIC_KEY_SIZE * 2 + MAX_PACKED_IPPORT_SIZE + MAX_SENDBACK_SIZE) |
275 | | |
276 | | non_null(1, 2, 3, 4, 7) nullable(5) |
277 | | static int create_data_search_to_auth(const Logger *logger, const uint8_t *data_public_key, |
278 | | const uint8_t *requester_key, |
279 | | const IP_Port *source, const uint8_t *sendback, uint16_t sendback_length, |
280 | | uint8_t *dest, uint16_t max_length) |
281 | 0 | { |
282 | 0 | if (max_length < DATA_SEARCH_TO_AUTH_MAX_SIZE |
283 | 0 | || sendback_length > MAX_SENDBACK_SIZE) { |
284 | 0 | return -1; |
285 | 0 | } |
286 | | |
287 | 0 | memcpy(dest, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); |
288 | 0 | memcpy(dest + CRYPTO_PUBLIC_KEY_SIZE, requester_key, CRYPTO_PUBLIC_KEY_SIZE); |
289 | |
|
290 | 0 | const int ipport_length = pack_ip_port(logger, dest + CRYPTO_PUBLIC_KEY_SIZE * 2, MAX_PACKED_IPPORT_SIZE, source); |
291 | |
|
292 | 0 | if (ipport_length == -1) { |
293 | 0 | return -1; |
294 | 0 | } |
295 | | |
296 | 0 | if (sendback_length > 0) { |
297 | 0 | assert(sendback != nullptr); |
298 | 0 | memcpy(dest + CRYPTO_PUBLIC_KEY_SIZE * 2 + ipport_length, sendback, sendback_length); |
299 | 0 | } |
300 | | |
301 | 0 | return CRYPTO_PUBLIC_KEY_SIZE * 2 + ipport_length + sendback_length; |
302 | 0 | } |
303 | | |
304 | 0 | #define DATA_SEARCH_TIMEOUT 60 |
305 | | |
306 | | non_null() |
307 | | static int create_reply_plain_data_search_request(Announcements *announce, |
308 | | const IP_Port *source, |
309 | | const uint8_t *data, uint16_t length, |
310 | | uint8_t *reply, uint16_t reply_max_length, |
311 | | const uint8_t *to_auth, uint16_t to_auth_length) |
312 | 0 | { |
313 | 0 | if (length != CRYPTO_PUBLIC_KEY_SIZE && |
314 | 0 | length != CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA256_SIZE) { |
315 | 0 | return -1; |
316 | 0 | } |
317 | | |
318 | 0 | const uint8_t *const data_public_key = data; |
319 | |
|
320 | 0 | const uint8_t *previous_hash = nullptr; |
321 | |
|
322 | 0 | if (length == CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA256_SIZE) { |
323 | 0 | previous_hash = data + CRYPTO_PUBLIC_KEY_SIZE; |
324 | 0 | } |
325 | |
|
326 | 0 | const int nodes_max_length = (int)reply_max_length - |
327 | 0 | (CRYPTO_PUBLIC_KEY_SIZE + 1 + CRYPTO_SHA256_SIZE + TIMED_AUTH_SIZE + 1 + 1); |
328 | |
|
329 | 0 | if (nodes_max_length < 0) { |
330 | 0 | return -1; |
331 | 0 | } |
332 | | |
333 | 0 | uint8_t *p = reply; |
334 | |
|
335 | 0 | memcpy(p, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); |
336 | 0 | p += CRYPTO_PUBLIC_KEY_SIZE; |
337 | |
|
338 | 0 | const Announce_Entry *const stored = get_stored_const(announce, data_public_key); |
339 | |
|
340 | 0 | if (stored == nullptr) { |
341 | 0 | *p = 0; |
342 | 0 | ++p; |
343 | 0 | } else { |
344 | 0 | *p = 1; |
345 | 0 | ++p; |
346 | 0 | crypto_sha256(p, stored->data, stored->length); |
347 | 0 | p += CRYPTO_SHA256_SIZE; |
348 | 0 | } |
349 | |
|
350 | 0 | generate_timed_auth(announce->mono_time, DATA_SEARCH_TIMEOUT, announce->hmac_key, |
351 | 0 | to_auth, to_auth_length, p); |
352 | 0 | p += TIMED_AUTH_SIZE; |
353 | |
|
354 | 0 | *p = would_accept_store_request(announce, data_public_key) ? 1 : 0; |
355 | 0 | ++p; |
356 | |
|
357 | 0 | Node_format nodes_list[MAX_SENT_NODES]; |
358 | 0 | const int num_nodes = get_close_nodes(announce->dht, data_public_key, nodes_list, |
359 | 0 | net_family_unspec(), ip_is_lan(&source->ip), true); |
360 | |
|
361 | 0 | if (num_nodes < 0 || num_nodes > MAX_SENT_NODES) { |
362 | 0 | return -1; |
363 | 0 | } |
364 | | |
365 | 0 | *p = num_nodes; |
366 | 0 | ++p; |
367 | |
|
368 | 0 | p += pack_nodes(announce->log, p, nodes_max_length, nodes_list, num_nodes); |
369 | |
|
370 | 0 | const uint32_t reply_len = p - reply; |
371 | |
|
372 | 0 | if (previous_hash != nullptr) { |
373 | 0 | uint8_t hash[CRYPTO_SHA256_SIZE]; |
374 | |
|
375 | 0 | crypto_sha256(hash, reply, reply_len); |
376 | |
|
377 | 0 | if (crypto_sha256_eq(hash, previous_hash)) { |
378 | 0 | return CRYPTO_PUBLIC_KEY_SIZE; |
379 | 0 | } |
380 | 0 | } |
381 | | |
382 | 0 | return reply_len; |
383 | 0 | } |
384 | | |
385 | | non_null() |
386 | | static int create_reply_plain_data_retrieve_request( |
387 | | const Announcements *announce, |
388 | | const IP_Port *source, |
389 | | const uint8_t *data, uint16_t length, |
390 | | uint8_t *reply, uint16_t reply_max_length, |
391 | | const uint8_t *to_auth, uint16_t to_auth_length) |
392 | 0 | { |
393 | 0 | if (length != CRYPTO_PUBLIC_KEY_SIZE + 1 + TIMED_AUTH_SIZE) { |
394 | 0 | return -1; |
395 | 0 | } |
396 | | |
397 | 0 | if (data[CRYPTO_PUBLIC_KEY_SIZE] != 0) { |
398 | 0 | return -1; |
399 | 0 | } |
400 | | |
401 | 0 | const uint8_t *const data_public_key = data; |
402 | 0 | const uint8_t *const auth = data + CRYPTO_PUBLIC_KEY_SIZE + 1; |
403 | |
|
404 | 0 | if (!check_timed_auth(announce->mono_time, DATA_SEARCH_TIMEOUT, announce->hmac_key, |
405 | 0 | to_auth, to_auth_length, auth)) { |
406 | 0 | return -1; |
407 | 0 | } |
408 | | |
409 | 0 | const Announce_Entry *const entry = get_stored_const(announce, data_public_key); |
410 | |
|
411 | 0 | if (entry == nullptr) { |
412 | 0 | return -1; |
413 | 0 | } |
414 | | |
415 | 0 | const uint16_t reply_len = CRYPTO_PUBLIC_KEY_SIZE + 1 + entry->length; |
416 | |
|
417 | 0 | if (reply_max_length < reply_len) { |
418 | 0 | return -1; |
419 | 0 | } |
420 | | |
421 | 0 | memcpy(reply, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); |
422 | 0 | reply[CRYPTO_PUBLIC_KEY_SIZE] = 1; |
423 | 0 | memcpy(reply + CRYPTO_PUBLIC_KEY_SIZE + 1, entry->data, entry->length); |
424 | |
|
425 | 0 | return reply_len; |
426 | 0 | } |
427 | | |
428 | | non_null() |
429 | | static int create_reply_plain_store_announce_request(Announcements *announce, |
430 | | const IP_Port *source, |
431 | | const uint8_t *data, uint16_t length, |
432 | | uint8_t *reply, uint16_t reply_max_length, |
433 | | const uint8_t *to_auth, uint16_t to_auth_length) |
434 | 0 | { |
435 | 0 | const int plain_len = (int)length - (CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE); |
436 | 0 | const int announcement_len = plain_len - (TIMED_AUTH_SIZE + sizeof(uint32_t) + 1); |
437 | |
|
438 | 0 | const uint8_t *const data_public_key = data; |
439 | |
|
440 | 0 | if (announcement_len < 0) { |
441 | 0 | return -1; |
442 | 0 | } |
443 | | |
444 | 0 | VLA(uint8_t, plain, plain_len); |
445 | |
|
446 | 0 | const uint8_t *shared_key = shared_key_cache_lookup(announce->shared_keys, data_public_key); |
447 | |
|
448 | 0 | if (shared_key == nullptr) { |
449 | | /* Error looking up/deriving the shared key */ |
450 | 0 | return -1; |
451 | 0 | } |
452 | | |
453 | 0 | if (decrypt_data_symmetric(announce->mem, shared_key, |
454 | 0 | data + CRYPTO_PUBLIC_KEY_SIZE, |
455 | 0 | data + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, |
456 | 0 | plain_len + CRYPTO_MAC_SIZE, |
457 | 0 | plain) != plain_len) { |
458 | 0 | return -1; |
459 | 0 | } |
460 | | |
461 | 0 | const uint8_t *const auth = plain; |
462 | 0 | uint32_t requested_timeout; |
463 | 0 | net_unpack_u32(plain + TIMED_AUTH_SIZE, &requested_timeout); |
464 | 0 | const uint32_t timeout = calculate_timeout(announce, requested_timeout); |
465 | 0 | const uint8_t announcement_type = plain[TIMED_AUTH_SIZE + sizeof(uint32_t)]; |
466 | 0 | const uint8_t *announcement = plain + TIMED_AUTH_SIZE + sizeof(uint32_t) + 1; |
467 | |
|
468 | 0 | if (!check_timed_auth(announce->mono_time, DATA_SEARCH_TIMEOUT, announce->hmac_key, |
469 | 0 | to_auth, to_auth_length, auth)) { |
470 | 0 | return -1; |
471 | 0 | } |
472 | | |
473 | 0 | if (announcement_type > 1) { |
474 | 0 | return -1; |
475 | 0 | } |
476 | | |
477 | 0 | if (announcement_type == 1) { |
478 | 0 | if (announcement_len != CRYPTO_SHA256_SIZE) { |
479 | 0 | return -1; |
480 | 0 | } |
481 | | |
482 | 0 | Announce_Entry *stored = get_stored(announce, data_public_key); |
483 | |
|
484 | 0 | if (stored == nullptr) { |
485 | 0 | return -1; |
486 | 0 | } |
487 | | |
488 | 0 | uint8_t stored_hash[CRYPTO_SHA256_SIZE]; |
489 | 0 | crypto_sha256(stored_hash, stored->data, stored->length); |
490 | |
|
491 | 0 | if (!crypto_sha256_eq(announcement, stored_hash)) { |
492 | 0 | delete_entry(stored); |
493 | 0 | return -1; |
494 | 0 | } else { |
495 | 0 | stored->store_until = mono_time_get(announce->mono_time) + timeout; |
496 | 0 | } |
497 | 0 | } else { |
498 | 0 | if (!announce_store_data(announce, data_public_key, announcement, announcement_len, timeout)) { |
499 | 0 | return -1; |
500 | 0 | } |
501 | 0 | } |
502 | | |
503 | 0 | const uint16_t reply_len = CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint32_t) + sizeof(uint64_t); |
504 | |
|
505 | 0 | if (reply_max_length < reply_len) { |
506 | 0 | return -1; |
507 | 0 | } |
508 | | |
509 | 0 | memcpy(reply, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); |
510 | 0 | net_pack_u32(reply + CRYPTO_PUBLIC_KEY_SIZE, timeout); |
511 | 0 | net_pack_u64(reply + CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint32_t), |
512 | 0 | mono_time_get(announce->mono_time) + announce->synch_offset); |
513 | 0 | return reply_len; |
514 | 0 | } |
515 | | |
516 | | non_null(1, 2, 3, 7, 9) nullable(5) |
517 | | static int create_reply_plain(Announcements *announce, |
518 | | const uint8_t *requester_key, const IP_Port *source, uint8_t type, |
519 | | const uint8_t *sendback, uint16_t sendback_length, |
520 | | const uint8_t *data, uint16_t length, |
521 | | uint8_t *reply, uint16_t reply_max_length) |
522 | 0 | { |
523 | 0 | if (length < CRYPTO_PUBLIC_KEY_SIZE) { |
524 | 0 | return -1; |
525 | 0 | } |
526 | | |
527 | 0 | const uint8_t *const data_public_key = data; |
528 | |
|
529 | 0 | uint8_t to_auth[DATA_SEARCH_TO_AUTH_MAX_SIZE]; |
530 | 0 | const int to_auth_length = create_data_search_to_auth(announce->log, data_public_key, requester_key, source, |
531 | 0 | sendback, sendback_length, to_auth, DATA_SEARCH_TO_AUTH_MAX_SIZE); |
532 | |
|
533 | 0 | if (to_auth_length == -1) { |
534 | 0 | return -1; |
535 | 0 | } |
536 | | |
537 | 0 | switch (type) { |
538 | 0 | case NET_PACKET_DATA_SEARCH_REQUEST: |
539 | 0 | return create_reply_plain_data_search_request(announce, source, data, length, reply, reply_max_length, to_auth, |
540 | 0 | (uint16_t)to_auth_length); |
541 | | |
542 | 0 | case NET_PACKET_DATA_RETRIEVE_REQUEST: |
543 | 0 | return create_reply_plain_data_retrieve_request(announce, source, data, length, reply, reply_max_length, to_auth, |
544 | 0 | (uint16_t)to_auth_length); |
545 | | |
546 | 0 | case NET_PACKET_STORE_ANNOUNCE_REQUEST: |
547 | 0 | return create_reply_plain_store_announce_request(announce, source, data, length, reply, reply_max_length, to_auth, |
548 | 0 | (uint16_t)to_auth_length); |
549 | | |
550 | 0 | default: |
551 | 0 | return -1; |
552 | 0 | } |
553 | 0 | } |
554 | | |
555 | | non_null(1, 2, 5, 7) nullable(3) |
556 | | static int create_reply(Announcements *announce, const IP_Port *source, |
557 | | const uint8_t *sendback, uint16_t sendback_length, |
558 | | const uint8_t *data, uint16_t length, |
559 | | uint8_t *reply, uint16_t reply_max_length) |
560 | 0 | { |
561 | 0 | const int plain_len = (int)length - (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE); |
562 | |
|
563 | 0 | if (plain_len < (int)sizeof(uint64_t)) { |
564 | 0 | return -1; |
565 | 0 | } |
566 | | |
567 | 0 | VLA(uint8_t, plain, plain_len); |
568 | 0 | const uint8_t *shared_key = dht_get_shared_key_recv(announce->dht, data + 1); |
569 | |
|
570 | 0 | if (decrypt_data_symmetric(announce->mem, shared_key, |
571 | 0 | data + 1 + CRYPTO_PUBLIC_KEY_SIZE, |
572 | 0 | data + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, |
573 | 0 | plain_len + CRYPTO_MAC_SIZE, |
574 | 0 | plain) != plain_len) { |
575 | 0 | return -1; |
576 | 0 | } |
577 | | |
578 | 0 | const int plain_reply_max_len = (int)reply_max_length - |
579 | 0 | (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE); |
580 | |
|
581 | 0 | if (plain_reply_max_len < (int)sizeof(uint64_t)) { |
582 | 0 | return -1; |
583 | 0 | } |
584 | | |
585 | 0 | VLA(uint8_t, plain_reply, plain_reply_max_len); |
586 | |
|
587 | 0 | const int plain_reply_noping_len = create_reply_plain(announce, |
588 | 0 | data + 1, source, data[0], |
589 | 0 | sendback, sendback_length, |
590 | 0 | plain, plain_len - sizeof(uint64_t), |
591 | 0 | plain_reply, plain_reply_max_len - sizeof(uint64_t)); |
592 | |
|
593 | 0 | if (plain_reply_noping_len == -1) { |
594 | 0 | return -1; |
595 | 0 | } |
596 | | |
597 | 0 | memcpy(plain_reply + plain_reply_noping_len, |
598 | 0 | plain + (plain_len - sizeof(uint64_t)), sizeof(uint64_t)); |
599 | |
|
600 | 0 | const uint16_t plain_reply_len = plain_reply_noping_len + sizeof(uint64_t); |
601 | |
|
602 | 0 | const uint8_t response_type = announce_response_of_request_type(data[0]); |
603 | |
|
604 | 0 | return dht_create_packet(announce->mem, announce->rng, announce->public_key, shared_key, |
605 | 0 | response_type, plain_reply, plain_reply_len, reply, reply_max_length); |
606 | 0 | } |
607 | | |
608 | | non_null(1, 2, 3, 5) nullable(7) |
609 | | static void forwarded_request_callback(void *object, const IP_Port *forwarder, |
610 | | const uint8_t *sendback, uint16_t sendback_length, |
611 | | const uint8_t *data, uint16_t length, void *userdata) |
612 | 0 | { |
613 | 0 | Announcements *announce = (Announcements *) object; |
614 | |
|
615 | 0 | uint8_t reply[MAX_FORWARD_DATA_SIZE]; |
616 | |
|
617 | 0 | const int len = create_reply(announce, forwarder, |
618 | 0 | sendback, sendback_length, |
619 | 0 | data, length, reply, sizeof(reply)); |
620 | |
|
621 | 0 | if (len == -1) { |
622 | 0 | return; |
623 | 0 | } |
624 | | |
625 | 0 | forward_reply(announce->net, forwarder, sendback, sendback_length, reply, len); |
626 | 0 | } |
627 | | |
628 | | non_null(1, 2, 3) nullable(5) |
629 | | static int handle_dht_announce_request( |
630 | | void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, void *userdata) |
631 | 0 | { |
632 | 0 | Announcements *announce = (Announcements *)object; |
633 | |
|
634 | 0 | uint8_t reply[MAX_FORWARD_DATA_SIZE]; |
635 | |
|
636 | 0 | const int len |
637 | 0 | = create_reply(announce, source, nullptr, 0, packet, length, reply, sizeof(reply)); |
638 | |
|
639 | 0 | if (len == -1) { |
640 | 0 | return -1; |
641 | 0 | } |
642 | | |
643 | 0 | return sendpacket(announce->net, source, reply, len) == len ? 0 : -1; |
644 | 0 | } |
645 | | |
646 | | Announcements *new_announcements(const Logger *log, const Memory *mem, const Random *rng, const Mono_Time *mono_time, |
647 | | Forwarding *forwarding) |
648 | 1.76k | { |
649 | 1.76k | if (log == nullptr || mono_time == nullptr || forwarding == nullptr) { |
650 | 0 | return nullptr; |
651 | 0 | } |
652 | | |
653 | 1.76k | Announcements *announce = (Announcements *)mem_alloc(mem, sizeof(Announcements)); |
654 | | |
655 | 1.76k | if (announce == nullptr) { |
656 | 0 | return nullptr; |
657 | 0 | } |
658 | | |
659 | 1.76k | announce->log = log; |
660 | 1.76k | announce->mem = mem; |
661 | 1.76k | announce->rng = rng; |
662 | 1.76k | announce->forwarding = forwarding; |
663 | 1.76k | announce->mono_time = mono_time; |
664 | 1.76k | announce->dht = forwarding_get_dht(forwarding); |
665 | 1.76k | announce->net = dht_get_net(announce->dht); |
666 | 1.76k | announce->public_key = dht_get_self_public_key(announce->dht); |
667 | 1.76k | announce->secret_key = dht_get_self_secret_key(announce->dht); |
668 | 1.76k | new_hmac_key(announce->rng, announce->hmac_key); |
669 | 1.76k | announce->shared_keys = shared_key_cache_new(log, mono_time, mem, announce->secret_key, KEYS_TIMEOUT, MAX_KEYS_PER_SLOT); |
670 | 1.76k | if (announce->shared_keys == nullptr) { |
671 | 0 | mem_delete(announce->mem, announce); |
672 | 0 | return nullptr; |
673 | 0 | } |
674 | | |
675 | 1.76k | announce->start_time = mono_time_get(announce->mono_time); |
676 | | |
677 | 1.76k | set_callback_forwarded_request(forwarding, forwarded_request_callback, announce); |
678 | | |
679 | 1.76k | networking_registerhandler(announce->net, NET_PACKET_DATA_SEARCH_REQUEST, handle_dht_announce_request, announce); |
680 | 1.76k | networking_registerhandler(announce->net, NET_PACKET_DATA_RETRIEVE_REQUEST, handle_dht_announce_request, announce); |
681 | 1.76k | networking_registerhandler(announce->net, NET_PACKET_STORE_ANNOUNCE_REQUEST, handle_dht_announce_request, announce); |
682 | | |
683 | 1.76k | return announce; |
684 | 1.76k | } |
685 | | |
686 | | void kill_announcements(Announcements *announce) |
687 | 1.76k | { |
688 | 1.76k | if (announce == nullptr) { |
689 | 0 | return; |
690 | 0 | } |
691 | | |
692 | 1.76k | set_callback_forwarded_request(announce->forwarding, nullptr, nullptr); |
693 | | |
694 | 1.76k | networking_registerhandler(announce->net, NET_PACKET_DATA_SEARCH_REQUEST, nullptr, nullptr); |
695 | 1.76k | networking_registerhandler(announce->net, NET_PACKET_DATA_RETRIEVE_REQUEST, nullptr, nullptr); |
696 | 1.76k | networking_registerhandler(announce->net, NET_PACKET_STORE_ANNOUNCE_REQUEST, nullptr, nullptr); |
697 | | |
698 | 1.76k | crypto_memzero(announce->hmac_key, CRYPTO_HMAC_KEY_SIZE); |
699 | 1.76k | shared_key_cache_free(announce->shared_keys); |
700 | | |
701 | 454k | for (uint32_t i = 0; i < ANNOUNCE_BUCKETS * ANNOUNCE_BUCKET_SIZE; ++i) { |
702 | 452k | mem_delete(announce->mem, announce->entries[i].data); |
703 | 452k | } |
704 | | |
705 | 1.76k | mem_delete(announce->mem, announce); |
706 | 1.76k | } |