From e49a477a845bfa5fa5dacc7c65f8e0bd38098cb2 Mon Sep 17 00:00:00 2001 From: "zugz (tox)" Date: Thu, 31 Dec 2020 00:00:00 +0000 Subject: [PATCH] feat: add forwarding and announce request handling This is the "server-side" part of the new friend finding system, allowing DHT nodes to store small amounts of data and permit searching for it. A forwarding (proxying) mechanism allows this to be used by TCP clients, and deals with non-transitivity in the network. --- .github/scripts/flags-clang.sh | 4 +- CMakeLists.txt | 4 + auto_tests/BUILD.bazel | 2 + auto_tests/CMakeLists.txt | 2 + auto_tests/Makefile.inc | 10 + auto_tests/TCP_test.c | 10 +- auto_tests/announce_test.c | 123 ++++ auto_tests/forwarding_test.c | 325 +++++++++ other/DHT_bootstrap.c | 5 +- other/analysis/run-clang | 1 + other/bootstrap_daemon/BUILD.bazel | 1 + .../docker/tox-bootstrapd.sha256 | 2 +- other/bootstrap_daemon/src/tox-bootstrapd.c | 50 +- testing/BUILD.bazel | 1 + toxcore/BUILD.bazel | 45 ++ toxcore/DHT.c | 178 ++++- toxcore/DHT.h | 44 +- toxcore/Makefile.inc | 4 + toxcore/Messenger.c | 19 +- toxcore/Messenger.h | 6 + toxcore/TCP_client.c | 36 + toxcore/TCP_client.h | 7 + toxcore/TCP_common.h | 2 + toxcore/TCP_connection.c | 91 ++- toxcore/TCP_connection.h | 29 + toxcore/TCP_server.c | 99 ++- toxcore/TCP_server.h | 5 +- toxcore/announce.c | 689 ++++++++++++++++++ toxcore/announce.h | 67 ++ toxcore/crypto_core.c | 7 +- toxcore/crypto_core.h | 9 + toxcore/crypto_core_test.cc | 25 +- toxcore/forwarding.c | 395 ++++++++++ toxcore/forwarding.h | 125 ++++ toxcore/forwarding_fuzz_test.cc | 50 ++ toxcore/net_crypto.c | 34 + toxcore/net_crypto.h | 21 + toxcore/network.h | 11 + toxcore/onion_announce.c | 2 +- toxcore/ping_array.h | 2 +- toxcore/timed_auth.c | 10 +- toxcore/timed_auth.h | 25 +- toxcore/tox.c | 1 + toxcore/tox.h | 11 + toxcore/tox_api.c | 2 + 45 files changed, 2523 insertions(+), 68 deletions(-) create mode 100644 auto_tests/announce_test.c create mode 100644 auto_tests/forwarding_test.c create mode 100644 toxcore/announce.c create mode 100644 toxcore/announce.h create mode 100644 toxcore/forwarding.c create mode 100644 toxcore/forwarding.h create mode 100644 toxcore/forwarding_fuzz_test.cc diff --git a/.github/scripts/flags-clang.sh b/.github/scripts/flags-clang.sh index 7539415c24..afa842ae38 100644 --- a/.github/scripts/flags-clang.sh +++ b/.github/scripts/flags-clang.sh @@ -50,8 +50,8 @@ add_flag -Wno-unused-function add_flag -Wno-used-but-marked-unused # We use variable length arrays a lot. add_flag -Wno-vla -# Disable warning about Doxygen retval tag -add_flag -fcomment-block-commands=retval +# Disable warnings about unknown Doxygen commands +add_flag -Wno-documentation-unknown-command # Disable specific warning flags for C++. diff --git a/CMakeLists.txt b/CMakeLists.txt index 7ff0818bd0..1d6993adcf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -197,6 +197,8 @@ set(toxcore_PKGCONFIG_REQUIRES) set(toxcore_SOURCES third_party/cmp/cmp.c third_party/cmp/cmp.h + toxcore/announce.c + toxcore/announce.h toxcore/bin_pack.c toxcore/bin_pack.h toxcore/bin_unpack.c @@ -230,6 +232,8 @@ set(toxcore_SOURCES toxcore/events/friend_status_message.c toxcore/events/friend_typing.c toxcore/events/self_connection_status.c + toxcore/forwarding.c + toxcore/forwarding.h toxcore/friend_connection.c toxcore/friend_connection.h toxcore/friend_requests.c diff --git a/auto_tests/BUILD.bazel b/auto_tests/BUILD.bazel index f735942222..5dbf2fd301 100644 --- a/auto_tests/BUILD.bazel +++ b/auto_tests/BUILD.bazel @@ -48,8 +48,10 @@ flaky_tests = { "//c-toxcore/toxcore:TCP_common", "//c-toxcore/toxcore:TCP_connection", "//c-toxcore/toxcore:TCP_server", + "//c-toxcore/toxcore:announce", "//c-toxcore/toxcore:ccompat", "//c-toxcore/toxcore:crypto_core", + "//c-toxcore/toxcore:forwarding", "//c-toxcore/toxcore:friend_connection", "//c-toxcore/toxcore:logger", "//c-toxcore/toxcore:mono_time", diff --git a/auto_tests/CMakeLists.txt b/auto_tests/CMakeLists.txt index 2cc2d93102..cf098f8c32 100644 --- a/auto_tests/CMakeLists.txt +++ b/auto_tests/CMakeLists.txt @@ -19,6 +19,7 @@ function(auto_test target) endfunction() auto_test(TCP) +auto_test(announce) auto_test(conference) auto_test(conference_double_invite) auto_test(conference_invite_merge) @@ -31,6 +32,7 @@ auto_test(dht_getnodes_api) auto_test(encryptsave) auto_test(file_transfer) auto_test(file_saving) +auto_test(forwarding) auto_test(friend_connection) auto_test(friend_request) auto_test(friend_request_spam) diff --git a/auto_tests/Makefile.inc b/auto_tests/Makefile.inc index 70a3c881eb..59adf422c2 100644 --- a/auto_tests/Makefile.inc +++ b/auto_tests/Makefile.inc @@ -5,6 +5,7 @@ libauto_test_support_la_SOURCES = ../auto_tests/auto_test_support.c ../auto_test libauto_test_support_la_LIBADD = libmisc_tools.la libtoxcore.la TESTS = \ + announce_test \ conference_double_invite_test \ conference_invite_merge_test \ conference_peer_nick_test \ @@ -13,6 +14,7 @@ TESTS = \ conference_two_test \ crypto_test \ file_transfer_test \ + forwarding_test \ friend_connection_test \ friend_request_test \ invalid_tcp_proxy_test \ @@ -68,6 +70,10 @@ endif check_PROGRAMS = $(TESTS) +announce_test_SOURCES = ../auto_tests/announce_test.c +announce_test_CFLAGS = $(AUTOTEST_CFLAGS) +announce_test_LDADD = $(AUTOTEST_LDADD) + conference_double_invite_test_SOURCES = ../auto_tests/conference_double_invite_test.c conference_double_invite_test_CFLAGS = $(AUTOTEST_CFLAGS) conference_double_invite_test_LDADD = $(AUTOTEST_LDADD) @@ -108,6 +114,10 @@ file_transfer_test_SOURCES = ../auto_tests/file_transfer_test.c file_transfer_test_CFLAGS = $(AUTOTEST_CFLAGS) file_transfer_test_LDADD = $(AUTOTEST_LDADD) +forwarding_test_SOURCES = ../auto_tests/forwarding_test.c +forwarding_test_CFLAGS = $(AUTOTEST_CFLAGS) +forwarding_test_LDADD = $(AUTOTEST_LDADD) + friend_connection_test_SOURCES = ../auto_tests/friend_connection_test.c friend_connection_test_CFLAGS = $(AUTOTEST_CFLAGS) friend_connection_test_LDADD = $(AUTOTEST_LDADD) diff --git a/auto_tests/TCP_test.c b/auto_tests/TCP_test.c index 33205e8946..47a6126c0c 100644 --- a/auto_tests/TCP_test.c +++ b/auto_tests/TCP_test.c @@ -56,7 +56,7 @@ static void test_basic(void) uint8_t self_secret_key[CRYPTO_SECRET_KEY_SIZE]; crypto_new_keypair(rng, self_public_key, self_secret_key); const Network *ns = system_network(); - TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr); + TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr, nullptr); ck_assert_msg(tcp_s != nullptr, "Failed to create a TCP relay server."); ck_assert_msg(tcp_server_listen_count(tcp_s) == NUM_PORTS, "Failed to bind a TCP relay server to all %d attempted ports.", NUM_PORTS); @@ -306,7 +306,7 @@ static void test_some(void) uint8_t self_public_key[CRYPTO_PUBLIC_KEY_SIZE]; uint8_t self_secret_key[CRYPTO_SECRET_KEY_SIZE]; crypto_new_keypair(rng, self_public_key, self_secret_key); - TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr); + TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr, nullptr); ck_assert_msg(tcp_s != nullptr, "Failed to create TCP relay server"); ck_assert_msg(tcp_server_listen_count(tcp_s) == NUM_PORTS, "Failed to bind to all ports."); @@ -497,7 +497,7 @@ static void test_client(void) uint8_t self_secret_key[CRYPTO_SECRET_KEY_SIZE]; crypto_new_keypair(rng, self_public_key, self_secret_key); const Network *ns = system_network(); - TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr); + TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr, nullptr); ck_assert_msg(tcp_s != nullptr, "Failed to create a TCP relay server."); ck_assert_msg(tcp_server_listen_count(tcp_s) == NUM_PORTS, "Failed to bind the relay server to all ports."); @@ -704,7 +704,7 @@ static void test_tcp_connection(void) uint8_t self_public_key[CRYPTO_PUBLIC_KEY_SIZE]; uint8_t self_secret_key[CRYPTO_SECRET_KEY_SIZE]; crypto_new_keypair(rng, self_public_key, self_secret_key); - TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr); + TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr, nullptr); ck_assert_msg(pk_equal(tcp_server_public_key(tcp_s), self_public_key), "Wrong public key"); TCP_Proxy_Info proxy_info; @@ -815,7 +815,7 @@ static void test_tcp_connection2(void) uint8_t self_public_key[CRYPTO_PUBLIC_KEY_SIZE]; uint8_t self_secret_key[CRYPTO_SECRET_KEY_SIZE]; crypto_new_keypair(rng, self_public_key, self_secret_key); - TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr); + TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, USE_IPV6, NUM_PORTS, ports, self_secret_key, nullptr, nullptr); ck_assert_msg(pk_equal(tcp_server_public_key(tcp_s), self_public_key), "Wrong public key"); TCP_Proxy_Info proxy_info; diff --git a/auto_tests/announce_test.c b/auto_tests/announce_test.c new file mode 100644 index 0000000000..92f2d12933 --- /dev/null +++ b/auto_tests/announce_test.c @@ -0,0 +1,123 @@ +#include +#include + +#include "../toxcore/announce.h" +#include "../toxcore/tox.h" +#include "../testing/misc_tools.h" +#include "../toxcore/mono_time.h" +#include "../toxcore/forwarding.h" +#include "../toxcore/net_crypto.h" +#include "../toxcore/util.h" +#include "auto_test_support.h" +#include "check_compat.h" + +static void test_bucketnum(void) +{ + const Random *rng = system_random(); + ck_assert(rng != nullptr); + uint8_t key1[CRYPTO_PUBLIC_KEY_SIZE], key2[CRYPTO_PUBLIC_KEY_SIZE]; + random_bytes(rng, key1, sizeof(key1)); + memcpy(key2, key1, CRYPTO_PUBLIC_KEY_SIZE); + + ck_assert_msg(get_bucketnum(key1, key2) == 0, "Bad bucketnum"); + + key2[4] ^= 0x09; + key2[5] ^= 0xc5; + + ck_assert_msg(get_bucketnum(key1, key2) == 7, "Bad bucketnum"); + + key2[4] ^= 0x09; + + ck_assert_msg(get_bucketnum(key1, key2) == 17, "Bad bucketnum"); + + key2[5] ^= 0xc5; + key2[31] ^= 0x09; + + ck_assert_msg(get_bucketnum(key1, key2) == 4, "Bad bucketnum"); +} + +typedef struct Announce_Test_Data { + uint8_t data[MAX_ANNOUNCEMENT_SIZE]; + uint16_t length; + bool passed; +} Announce_Test_Data; + +static void test_announce_data(void *object, const uint8_t *data, uint16_t length) +{ + Announce_Test_Data *test_data = (Announce_Test_Data *) object; + test_data->passed = test_data->length == length && memcmp(test_data->data, data, length) == 0; +} + +static void test_store_data(void) +{ + const Random *rng = system_random(); + ck_assert(rng != nullptr); + const Network *ns = system_network(); + ck_assert(ns != nullptr); + Logger *log = logger_new(); + ck_assert(log != nullptr); + logger_callback_log(log, (logger_cb *)print_debug_log, nullptr, nullptr); + Mono_Time *mono_time = mono_time_new(); + Networking_Core *net = new_networking_no_udp(log, ns); + DHT *dht = new_dht(log, rng, ns, mono_time, net, true, true); + Forwarding *forwarding = new_forwarding(log, rng, mono_time, dht); + Announcements *announce = new_announcements(log, rng, mono_time, forwarding); + ck_assert(announce != nullptr); + + /* Just to prevent CI from complaining that set_synch_offset is unused: */ + set_synch_offset(announce, 0); + + Announce_Test_Data test_data; + random_bytes(rng, test_data.data, sizeof(test_data.data)); + test_data.length = sizeof(test_data.data); + + uint8_t key[CRYPTO_PUBLIC_KEY_SIZE]; + random_bytes(rng, key, sizeof(key)); + + ck_assert_msg(!on_stored(announce, key, nullptr, nullptr), "Unstored announcement exists"); + + ck_assert_msg(store_data(announce, key, test_data.data, sizeof(test_data.data), + MAX_MAX_ANNOUNCEMENT_TIMEOUT), "Failed to store announcement"); + + ck_assert_msg(on_stored(announce, key, test_announce_data, &test_data), "Failed to get stored announcement"); + + ck_assert_msg(test_data.passed, "Bad stored announcement data"); + + const uint8_t *const base = dht_get_self_public_key(dht); + ck_assert_msg(store_data(announce, base, test_data.data, sizeof(test_data.data), 1), "failed to store base"); + + uint8_t test_keys[ANNOUNCE_BUCKET_SIZE + 1][CRYPTO_PUBLIC_KEY_SIZE]; + + for (uint8_t i = 0; i < ANNOUNCE_BUCKET_SIZE + 1; ++i) { + memcpy(test_keys[i], base, CRYPTO_PUBLIC_KEY_SIZE); + test_keys[i][i] ^= 1; + ck_assert_msg(store_data(announce, test_keys[i], test_data.data, sizeof(test_data.data), 1), + "Failed to store announcement %d", i); + } + + ck_assert_msg(on_stored(announce, base, nullptr, nullptr), "base was evicted"); + ck_assert_msg(!on_stored(announce, test_keys[0], nullptr, nullptr), "furthest was not evicted"); + ck_assert_msg(!store_data(announce, test_keys[0], nullptr, 0, 1), "furthest evicted closer"); + + kill_announcements(announce); + kill_forwarding(forwarding); + kill_dht(dht); + kill_networking(net); + mono_time_free(mono_time); + logger_kill(log); +} + +static void basic_announce_tests(void) +{ + test_bucketnum(); + test_store_data(); +} + + +int main(void) +{ + setvbuf(stdout, nullptr, _IONBF, 0); + + basic_announce_tests(); + return 0; +} diff --git a/auto_tests/forwarding_test.c b/auto_tests/forwarding_test.c new file mode 100644 index 0000000000..c935c1c64d --- /dev/null +++ b/auto_tests/forwarding_test.c @@ -0,0 +1,325 @@ +#include +#include +#include + +#include "../toxcore/tox.h" +#include "../toxcore/announce.h" +#include "../testing/misc_tools.h" +#include "../toxcore/mono_time.h" +#include "../toxcore/forwarding.h" +#include "../toxcore/net_crypto.h" +#include "../toxcore/util.h" +#include "auto_test_support.h" +#include "check_compat.h" + +#ifndef USE_IPV6 +#define USE_IPV6 1 +#endif + +static inline IP get_loopback(void) +{ + IP ip; +#if USE_IPV6 + ip.family = net_family_ipv6; + ip.ip.v6 = get_ip6_loopback(); +#else + ip.family = net_family_ipv4; + ip.ip.v4 = get_ip4_loopback(); +#endif + return ip; +} + +#define NUM_FORWARDER 20 +#define NUM_FORWARDER_TCP 5 +#define NUM_FORWARDER_DHT (NUM_FORWARDER - NUM_FORWARDER_TCP) +#define NUM_FORWARDING_ITERATIONS 1 +#define FORWARD_SEND_INTERVAL 2 +#define FORWARDER_TCP_RELAY_PORT 36570 +#define FORWARDING_BASE_PORT 36571 + +typedef struct Test_Data { + Networking_Core *net; + uint32_t send_back; + uint64_t sent; + bool returned; +} Test_Data; + +static void test_forwarded_request_cb(void *object, const IP_Port *forwarder, + const uint8_t *sendback, uint16_t sendback_length, + const uint8_t *data, uint16_t length, void *userdata) +{ + Test_Data *test_data = (Test_Data *)object; + uint8_t *index = (uint8_t *)userdata; + + if (length != 12 || memcmp("hello: ", data, 8) != 0) { + printf("[%u] got unexpected data of length %d\n", *index, length); + return; + } + + uint8_t reply[12]; + memcpy(reply, "reply: ", 8); + memcpy(reply + 8, data + 8, 4); + ck_assert_msg(forward_reply(test_data->net, forwarder, sendback, sendback_length, reply, 12), + "[%u] forward_reply failed", *index); +} + +static void test_forwarded_response_cb(void *object, + const uint8_t *data, uint16_t length, void *userdata) +{ + Test_Data *test_data = (Test_Data *)object; + uint8_t *index = (uint8_t *)userdata; + + if (length != 12 || memcmp("reply: ", data, 8) != 0) { + printf("[%u] got unexpected data of length %d\n", *index, length); + return; + } + + uint32_t send_back; + net_unpack_u32(data + 8, &send_back); + + if (test_data->send_back == send_back) { + test_data->returned = true; + } +} + +static bool all_returned(Test_Data *test_data) +{ + for (uint32_t i = 0; i < NUM_FORWARDER; ++i) { + if (!test_data[i].returned) { + return false; + } + } + + return true; +} + +typedef struct Forwarding_Subtox { + Logger *log; + Mono_Time *mono_time; + Networking_Core *net; + DHT *dht; + Net_Crypto *c; + Forwarding *forwarding; + Announcements *announce; +} Forwarding_Subtox; + +static Forwarding_Subtox *new_forwarding_subtox(bool no_udp, uint32_t *index, uint16_t port) +{ + Forwarding_Subtox *subtox = (Forwarding_Subtox *)calloc(1, sizeof(Forwarding_Subtox)); + ck_assert(subtox != nullptr); + + subtox->log = logger_new(); + ck_assert(subtox->log != nullptr); + logger_callback_log(subtox->log, (logger_cb *)print_debug_log, nullptr, index); + subtox->mono_time = mono_time_new(); + + const Random *rng= system_random(); + ck_assert(rng != nullptr); + const Network *ns = system_network(); + ck_assert(ns != nullptr); + + if (no_udp) { + subtox->net = new_networking_no_udp(subtox->log, ns); + } else { + const IP ip = get_loopback(); + subtox->net = new_networking_ex(subtox->log, ns, &ip, port, port, nullptr); + } + + subtox->dht = new_dht(subtox->log, rng, ns, subtox->mono_time, subtox->net, true, true); + + const TCP_Proxy_Info inf = {{{{0}}}}; + subtox->c = new_net_crypto(subtox->log, rng, ns, subtox->mono_time, subtox->dht, &inf); + + subtox->forwarding = new_forwarding(subtox->log, rng, subtox->mono_time, subtox->dht); + ck_assert(subtox->forwarding != nullptr); + + subtox->announce = new_announcements(subtox->log, rng, subtox->mono_time, subtox->forwarding); + ck_assert(subtox->announce != nullptr); + + return subtox; +} + +static void kill_forwarding_subtox(Forwarding_Subtox *subtox) +{ + kill_announcements(subtox->announce); + kill_forwarding(subtox->forwarding); + kill_net_crypto(subtox->c); + kill_dht(subtox->dht); + kill_networking(subtox->net); + mono_time_free(subtox->mono_time); + logger_kill(subtox->log); + free(subtox); +} + +static void test_forwarding(void) +{ + const Random *rng = system_random(); + ck_assert(rng != nullptr); + const Network *ns = system_network(); + ck_assert(ns != nullptr); + + uint32_t index[NUM_FORWARDER]; + Forwarding_Subtox *subtoxes[NUM_FORWARDER]; + Test_Data test_data[NUM_FORWARDER]; + + const IP ip = get_loopback(); + + for (uint32_t i = 0; i < NUM_FORWARDER; ++i) { + index[i] = i + 1; + subtoxes[i] = new_forwarding_subtox(i < NUM_FORWARDER_TCP, &index[i], FORWARDING_BASE_PORT + i); + + test_data[i].net = subtoxes[i]->net; + test_data[i].send_back = 0; + test_data[i].sent = 0; + test_data[i].returned = false; + set_callback_forwarded_request(subtoxes[i]->forwarding, test_forwarded_request_cb, &test_data[i]); + set_callback_forwarded_response(subtoxes[i]->forwarding, test_forwarded_response_cb, &test_data[i]); + set_forwarding_packet_tcp_connection_callback(nc_get_tcp_c(subtoxes[i]->c), test_forwarded_response_cb, &test_data[i]); + } + + printf("testing forwarding via tcp relays and dht\n"); + + struct Tox_Options *opts = tox_options_new(nullptr); + tox_options_set_tcp_port(opts, FORWARDER_TCP_RELAY_PORT); + IP_Port relay_ipport_tcp = {ip, net_htons(FORWARDER_TCP_RELAY_PORT)}; + Tox *relay = tox_new_log(opts, nullptr, nullptr); + tox_options_free(opts); + ck_assert_msg(relay != nullptr, "Failed to create TCP relay"); + + uint8_t dpk[TOX_PUBLIC_KEY_SIZE]; + tox_self_get_dht_id(relay, dpk); + + printf("1-%d connected only to TCP server; %d-%d connected only to DHT\n", + NUM_FORWARDER_TCP, NUM_FORWARDER_TCP + 1, NUM_FORWARDER); + + for (uint32_t i = 0; i < NUM_FORWARDER_TCP; ++i) { + set_tcp_onion_status(nc_get_tcp_c(subtoxes[i]->c), 1); + ck_assert_msg(add_tcp_relay(subtoxes[i]->c, &relay_ipport_tcp, dpk) == 0, + "Failed to add TCP relay"); + } + + IP_Port relay_ipport_udp = {ip, net_htons(tox_self_get_udp_port(relay, nullptr))}; + + for (uint32_t i = NUM_FORWARDER_TCP; i < NUM_FORWARDER; ++i) { + dht_bootstrap(subtoxes[i]->dht, &relay_ipport_udp, dpk); + } + + printf("allowing DHT to populate\n"); + uint16_t dht_establish_iterations = NUM_FORWARDER * 5; + + for (uint32_t n = 0; n < NUM_FORWARDING_ITERATIONS; ++n) { + for (uint32_t i = 0; i < NUM_FORWARDER; ++i) { + test_data[i].sent = 0; + test_data[i].returned = false; + } + + do { + for (uint32_t i = 0; i < NUM_FORWARDER; ++i) { + Forwarding_Subtox *const subtox = subtoxes[i]; + mono_time_update(subtox->mono_time); + networking_poll(subtox->net, &index[i]); + do_net_crypto(subtox->c, &index[i]); + do_dht(subtox->dht); + + if (dht_establish_iterations || + test_data[i].returned || + !mono_time_is_timeout(subtox->mono_time, test_data[i].sent, FORWARD_SEND_INTERVAL)) { + continue; + } + + printf("%u", i + 1); + + if (i < NUM_FORWARDER_TCP) { + printf(" --> TCPRelay"); + } + + const uint16_t chain_length = i < NUM_FORWARDER_TCP ? i % 5 : i % 4 + 1; + uint8_t chain_keys[4 * CRYPTO_PUBLIC_KEY_SIZE]; + + uint32_t chain_i = NUM_FORWARDER_TCP + (random_u32(rng) % NUM_FORWARDER_DHT); + const IP_Port first_ipp = {ip, net_htons(FORWARDING_BASE_PORT + chain_i)}; + + printf(" --> %u", chain_i + 1); + + for (uint16_t j = 0; j < chain_length; ++j) { + // pick random different dht node: + chain_i += 1 + random_u32(rng) % (NUM_FORWARDER_DHT - 1); + chain_i = NUM_FORWARDER_TCP + (chain_i - NUM_FORWARDER_TCP) % NUM_FORWARDER_DHT; + + const uint8_t *dest_pubkey = dht_get_self_public_key(subtoxes[chain_i]->dht); + + memcpy(chain_keys + j * CRYPTO_PUBLIC_KEY_SIZE, dest_pubkey, CRYPTO_PUBLIC_KEY_SIZE); + printf(" --> %u", chain_i + 1); + } + + printf("\n"); + + const uint16_t length = 12; + uint8_t data[12]; + + memcpy(data, "hello: ", 8); + test_data[i].send_back = random_u32(rng); + net_pack_u32(data + 8, test_data[i].send_back); + + if (i < NUM_FORWARDER_TCP) { + IP_Port tcp_forwarder; + + if (!get_random_tcp_conn_ip_port(subtox->c, &tcp_forwarder)) { + continue; + } + + if (send_tcp_forward_request(subtox->log, subtox->c, &tcp_forwarder, &first_ipp, + chain_keys, chain_length, data, length) == 0) { + test_data[i].sent = mono_time_get(subtox->mono_time); + } + } else { + if (send_forward_request(subtox->net, &first_ipp, + chain_keys, chain_length, data, length)) { + test_data[i].sent = mono_time_get(subtox->mono_time); + } + } + } + + tox_iterate(relay, nullptr); + + if (dht_establish_iterations) { + --dht_establish_iterations; + + if (!dht_establish_iterations) { + printf("making forward requests and expecting replies\n"); + } + } + + c_sleep(50); + } while (!all_returned(test_data)); + + // This doesn't really belong in this test. + // It can be removed once the full announce client test is in place. + printf("checking that nodes are marked as announce nodes\n"); + Node_format nodes[MAX_SENT_NODES]; + ck_assert(NUM_FORWARDER - NUM_FORWARDER_TCP > 1); + + for (uint32_t i = NUM_FORWARDER_TCP; i < NUM_FORWARDER; ++i) { + ck_assert_msg(get_close_nodes(subtoxes[i]->dht, dht_get_self_public_key(subtoxes[i]->dht), nodes, net_family_unspec, true, + true) > 0, + "node %u has no nodes marked as announce nodes", i); + } + } + + + for (uint32_t i = 0; i < NUM_FORWARDER; ++i) { + kill_forwarding_subtox(subtoxes[i]); + } + + tox_kill(relay); +} + + +int main(void) +{ + setvbuf(stdout, nullptr, _IONBF, 0); + + test_forwarding(); + + return 0; +} diff --git a/other/DHT_bootstrap.c b/other/DHT_bootstrap.c index 0433385e58..1283b97b7b 100644 --- a/other/DHT_bootstrap.c +++ b/other/DHT_bootstrap.c @@ -149,13 +149,14 @@ int main(int argc, char *argv[]) const Network *ns = system_network(); DHT *dht = new_dht(logger, rng, ns, mono_time, new_networking_ex(logger, ns, &ip, start_port, end_port, nullptr), true, true); Onion *onion = new_onion(logger, mono_time, rng, dht); + Forwarding *forwarding = new_forwarding(logger, rng, mono_time, dht); const Onion_Announce *onion_a = new_onion_announce(logger, rng, mono_time, dht); #ifdef DHT_NODE_EXTRA_PACKETS bootstrap_set_callbacks(dht_get_net(dht), DHT_VERSION_NUMBER, DHT_MOTD, sizeof(DHT_MOTD)); #endif - if (!(onion && onion_a)) { + if (!(onion && forwarding && onion_a)) { printf("Something failed to initialize.\n"); exit(1); } @@ -168,7 +169,7 @@ int main(int argc, char *argv[]) #ifdef TCP_RELAY_ENABLED #define NUM_PORTS 3 uint16_t ports[NUM_PORTS] = {443, 3389, PORT}; - TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, ipv6enabled, NUM_PORTS, ports, dht_get_self_secret_key(dht), onion); + TCP_Server *tcp_s = new_TCP_server(logger, rng, ns, ipv6enabled, NUM_PORTS, ports, dht_get_self_secret_key(dht), onion, forwarding); if (tcp_s == nullptr) { printf("TCP server failed to initialize.\n"); diff --git a/other/analysis/run-clang b/other/analysis/run-clang index ad8df379d2..f2c679139a 100755 --- a/other/analysis/run-clang +++ b/other/analysis/run-clang @@ -20,6 +20,7 @@ run() { -Wno-covered-switch-default \ -Wno-disabled-macro-expansion \ -Wno-documentation-deprecated-sync \ + -Wno-documentation-unknown-command \ -Wno-global-constructors \ -Wno-missing-braces \ -Wno-missing-field-initializers \ diff --git a/other/bootstrap_daemon/BUILD.bazel b/other/bootstrap_daemon/BUILD.bazel index 26ea1a3ea4..395459245e 100644 --- a/other/bootstrap_daemon/BUILD.bazel +++ b/other/bootstrap_daemon/BUILD.bazel @@ -13,6 +13,7 @@ cc_binary( "//c-toxcore/toxcore:DHT", "//c-toxcore/toxcore:LAN_discovery", "//c-toxcore/toxcore:TCP_server", + "//c-toxcore/toxcore:announce", "//c-toxcore/toxcore:ccompat", "//c-toxcore/toxcore:logger", "//c-toxcore/toxcore:mono_time", diff --git a/other/bootstrap_daemon/docker/tox-bootstrapd.sha256 b/other/bootstrap_daemon/docker/tox-bootstrapd.sha256 index 9b123f9789..ce279f6246 100644 --- a/other/bootstrap_daemon/docker/tox-bootstrapd.sha256 +++ b/other/bootstrap_daemon/docker/tox-bootstrapd.sha256 @@ -1 +1 @@ -21f18736f7f4a5d4c6d93347df95dbf16b5ed583dcb47bf463526e03ee50f3e9 /usr/local/bin/tox-bootstrapd +96618672392dc44a2f0a480f6415380e3fc588ace646345d31a297e80f7c271f /usr/local/bin/tox-bootstrapd diff --git a/other/bootstrap_daemon/src/tox-bootstrapd.c b/other/bootstrap_daemon/src/tox-bootstrapd.c index 95a8226ada..e9634216de 100644 --- a/other/bootstrap_daemon/src/tox-bootstrapd.c +++ b/other/bootstrap_daemon/src/tox-bootstrapd.c @@ -28,6 +28,7 @@ #include "../../../toxcore/tox.h" #include "../../../toxcore/LAN_discovery.h" #include "../../../toxcore/TCP_server.h" +#include "../../../toxcore/announce.h" #include "../../../toxcore/logger.h" #include "../../../toxcore/mono_time.h" #include "../../../toxcore/onion_announce.h" @@ -334,10 +335,41 @@ int main(int argc, char *argv[]) return 1; } + Forwarding *forwarding = new_forwarding(logger, rng, mono_time, dht); + + if (forwarding == nullptr) { + log_write(LOG_LEVEL_ERROR, "Couldn't initialize forwarding. Exiting.\n"); + kill_dht(dht); + mono_time_free(mono_time); + kill_networking(net); + logger_kill(logger); + free(motd); + free(tcp_relay_ports); + free(keys_file_path); + return 1; + } + + Announcements *announce = new_announcements(logger, rng, mono_time, forwarding); + + if (announce == nullptr) { + log_write(LOG_LEVEL_ERROR, "Couldn't initialize DHT announcements. Exiting.\n"); + kill_forwarding(forwarding); + kill_dht(dht); + mono_time_free(mono_time); + kill_networking(net); + logger_kill(logger); + free(motd); + free(tcp_relay_ports); + free(keys_file_path); + return 1; + } + Onion *onion = new_onion(logger, mono_time, rng, dht); if (!onion) { log_write(LOG_LEVEL_ERROR, "Couldn't initialize Tox Onion. Exiting.\n"); + kill_announcements(announce); + kill_forwarding(forwarding); kill_dht(dht); mono_time_free(mono_time); kill_networking(net); @@ -353,6 +385,8 @@ int main(int argc, char *argv[]) if (!onion_a) { log_write(LOG_LEVEL_ERROR, "Couldn't initialize Tox Onion Announce. Exiting.\n"); kill_onion(onion); + kill_announcements(announce); + kill_forwarding(forwarding); kill_dht(dht); mono_time_free(mono_time); kill_networking(net); @@ -371,6 +405,8 @@ int main(int argc, char *argv[]) log_write(LOG_LEVEL_ERROR, "Couldn't set MOTD: %s. Exiting.\n", motd); kill_onion_announce(onion_a); kill_onion(onion); + kill_announcements(announce); + kill_forwarding(forwarding); kill_dht(dht); mono_time_free(mono_time); kill_networking(net); @@ -389,6 +425,8 @@ int main(int argc, char *argv[]) log_write(LOG_LEVEL_ERROR, "Couldn't read/write: %s. Exiting.\n", keys_file_path); kill_onion_announce(onion_a); kill_onion(onion); + kill_announcements(announce); + kill_forwarding(forwarding); kill_dht(dht); mono_time_free(mono_time); kill_networking(net); @@ -404,6 +442,8 @@ int main(int argc, char *argv[]) if (tcp_relay_port_count == 0) { log_write(LOG_LEVEL_ERROR, "No TCP relay ports read. Exiting.\n"); kill_onion_announce(onion_a); + kill_announcements(announce); + kill_forwarding(forwarding); kill_onion(onion); kill_dht(dht); mono_time_free(mono_time); @@ -413,8 +453,8 @@ int main(int argc, char *argv[]) return 1; } - tcp_server = new_TCP_server( - logger, rng, ns, enable_ipv6, tcp_relay_port_count, tcp_relay_ports, dht_get_self_secret_key(dht), onion); + tcp_server = new_TCP_server(logger, rng, ns, enable_ipv6, tcp_relay_port_count, tcp_relay_ports, + dht_get_self_secret_key(dht), onion, forwarding); free(tcp_relay_ports); @@ -448,6 +488,8 @@ int main(int argc, char *argv[]) log_write(LOG_LEVEL_ERROR, "Couldn't initialize Tox TCP server. Exiting.\n"); kill_onion_announce(onion_a); kill_onion(onion); + kill_announcements(announce); + kill_forwarding(forwarding); kill_dht(dht); mono_time_free(mono_time); kill_networking(net); @@ -463,6 +505,8 @@ int main(int argc, char *argv[]) kill_TCP_server(tcp_server); kill_onion_announce(onion_a); kill_onion(onion); + kill_announcements(announce); + kill_forwarding(forwarding); kill_dht(dht); mono_time_free(mono_time); kill_networking(net); @@ -543,6 +587,8 @@ int main(int argc, char *argv[]) kill_TCP_server(tcp_server); kill_onion_announce(onion_a); kill_onion(onion); + kill_announcements(announce); + kill_forwarding(forwarding); kill_dht(dht); mono_time_free(mono_time); kill_networking(net); diff --git a/testing/BUILD.bazel b/testing/BUILD.bazel index 68e89a1591..b91e3cb957 100644 --- a/testing/BUILD.bazel +++ b/testing/BUILD.bazel @@ -18,6 +18,7 @@ sh_test( "-Wno-callgraph", "-Wno-enum-names", "-Wno-type-check", + "-Wno-var-unused-in-scope", "+RTS", "-N3", "-RTS", diff --git a/toxcore/BUILD.bazel b/toxcore/BUILD.bazel index 964fbeab1e..c852eb0580 100644 --- a/toxcore/BUILD.bazel +++ b/toxcore/BUILD.bazel @@ -332,6 +332,47 @@ cc_library( ], ) +cc_library( + name = "forwarding", + srcs = ["forwarding.c"], + hdrs = ["forwarding.h"], + visibility = ["//c-toxcore/auto_tests:__pkg__"], + deps = [ + ":DHT", + ":ccompat", + ":network", + ":timed_auth", + ], +) + +cc_fuzz_test( + name = "forwarding_fuzz_test", + srcs = ["forwarding_fuzz_test.cc"], + #corpus = ["//tools/toktok-fuzzer/corpus:forwarding_fuzz_test"], + deps = [ + ":forwarding", + "//c-toxcore/testing/fuzzing:fuzz_support", + "//c-toxcore/testing/fuzzing:fuzz_tox", + ], +) + +cc_library( + name = "announce", + srcs = ["announce.c"], + hdrs = ["announce.h"], + visibility = [ + "//c-toxcore/auto_tests:__pkg__", + "//c-toxcore/other/bootstrap_daemon:__pkg__", + ], + deps = [ + ":LAN_discovery", + ":ccompat", + ":forwarding", + ":timed_auth", + ":util", + ], +) + cc_library( name = "TCP_common", srcs = ["TCP_common.c"], @@ -360,6 +401,7 @@ cc_library( ":TCP_common", ":ccompat", ":crypto_core", + ":forwarding", ":list", ":mono_time", ":onion", @@ -375,6 +417,7 @@ cc_library( deps = [ ":TCP_common", ":ccompat", + ":forwarding", ":mono_time", ":util", ], @@ -552,7 +595,9 @@ cc_library( ], deps = [ ":TCP_server", + ":announce", ":ccompat", + ":forwarding", ":friend_requests", ":logger", ":mono_time", diff --git a/toxcore/DHT.c b/toxcore/DHT.c index 414d7180e3..145b2e9719 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c @@ -224,9 +224,8 @@ int id_closest(const uint8_t *pk, const uint8_t *pk1, const uint8_t *pk2) return 0; } -/** Return index of first unequal bit number. */ -non_null() -static unsigned int bit_by_bit_cmp(const uint8_t *pk1, const uint8_t *pk2) +/** Return index of first unequal bit number between public keys pk1 and pk2. */ +unsigned int bit_by_bit_cmp(const uint8_t *pk1, const uint8_t *pk2) { unsigned int i; unsigned int j = 0; @@ -453,11 +452,11 @@ int packed_node_size(Family ip_family) } -/** @brief Packs an IP_Port structure into data of max size length. +/** @brief Pack an IP_Port structure into data of max size length. * * Packed_length is the offset of data currently packed. * - * @return size of packed IP_Port data on success + * @return size of packed IP_Port data on success. * @retval -1 on failure. */ int pack_ip_port(const Logger *logger, uint8_t *data, uint16_t length, const IP_Port *ip_port) @@ -515,10 +514,15 @@ int pack_ip_port(const Logger *logger, uint8_t *data, uint16_t length, const IP_ } } -non_null() -static int dht_create_packet(const Random *rng, const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], - const uint8_t *shared_key, const uint8_t type, - const uint8_t *plain, size_t plain_length, uint8_t *packet) +/** @brief Encrypt plain and write resulting DHT packet into packet with max size length. + * + * @return size of packet on success. + * @retval -1 on failure. + */ +int dht_create_packet(const Random *rng, const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t *shared_key, const uint8_t type, + const uint8_t *plain, size_t plain_length, + uint8_t *packet, size_t length) { uint8_t *encrypted = (uint8_t *)malloc(plain_length + CRYPTO_MAC_SIZE); uint8_t nonce[CRYPTO_NONCE_SIZE]; @@ -536,6 +540,10 @@ static int dht_create_packet(const Random *rng, const uint8_t public_key[CRYPTO_ return -1; } + if (length < 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + encrypted_length) { + return -1; + } + packet[0] = type; memcpy(packet + 1, public_key, CRYPTO_PUBLIC_KEY_SIZE); memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, nonce, CRYPTO_NONCE_SIZE); @@ -871,7 +879,8 @@ bool add_to_list(Node_format *nodes_list, uint32_t length, const uint8_t *pk, co non_null() static void get_close_nodes_inner(uint64_t cur_time, const uint8_t *public_key, Node_format *nodes_list, Family sa_family, const Client_data *client_list, uint32_t client_list_length, - uint32_t *num_nodes_ptr, bool is_LAN) + uint32_t *num_nodes_ptr, bool is_LAN, + bool want_announce) { if (!net_family_is_ipv4(sa_family) && !net_family_is_ipv6(sa_family) && !net_family_is_unspec(sa_family)) { return; @@ -909,11 +918,21 @@ static void get_close_nodes_inner(uint64_t cur_time, const uint8_t *public_key, continue; } +#ifdef CHECK_ANNOUNCE_NODE + + if (want_announce && !client->announce_node) { + continue; + } + +#endif + if (num_nodes < MAX_SENT_NODES) { memcpy(nodes_list[num_nodes].public_key, client->public_key, CRYPTO_PUBLIC_KEY_SIZE); nodes_list[num_nodes].ip_port = ipptp->ip_port; ++num_nodes; } else { + // TODO(zugz): this could be made significantly more efficient by + // using a version of add_to_list which works with a sorted list. add_to_list(nodes_list, MAX_SENT_NODES, client->public_key, &ipptp->ip_port, public_key); } } @@ -925,30 +944,31 @@ static void get_close_nodes_inner(uint64_t cur_time, const uint8_t *public_key, * Find MAX_SENT_NODES nodes closest to the public_key for the send nodes request: * put them in the nodes_list and return how many were found. * - * TODO(irungentoo): make this function cleaner and much more efficient. + * want_announce: return only nodes which implement the dht announcements protocol. */ non_null() static int get_somewhat_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *nodes_list, - Family sa_family, bool is_LAN) + Family sa_family, bool is_LAN, bool want_announce) { uint32_t num_nodes = 0; get_close_nodes_inner(dht->cur_time, public_key, nodes_list, sa_family, - dht->close_clientlist, LCLIENT_LIST, &num_nodes, is_LAN); + dht->close_clientlist, LCLIENT_LIST, &num_nodes, is_LAN, want_announce); for (uint32_t i = 0; i < dht->num_friends; ++i) { get_close_nodes_inner(dht->cur_time, public_key, nodes_list, sa_family, dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, - &num_nodes, is_LAN); + &num_nodes, is_LAN, want_announce); } return num_nodes; } int get_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *nodes_list, Family sa_family, - bool is_LAN) + bool is_LAN, bool want_announce) { memset(nodes_list, 0, MAX_SENT_NODES * sizeof(Node_format)); - return get_somewhat_close_nodes(dht, public_key, nodes_list, sa_family, is_LAN); + return get_somewhat_close_nodes(dht, public_key, nodes_list, sa_family, + is_LAN, want_announce); } typedef struct DHT_Cmp_Data { @@ -994,6 +1014,109 @@ static int dht_cmp_entry(const void *a, const void *b) return 0; } +#ifdef CHECK_ANNOUNCE_NODE +non_null() +static void set_announce_node_in_list(Client_data *list, uint32_t list_len, const uint8_t *public_key) +{ + const uint32_t index = index_of_client_pk(list, list_len, public_key); + + if (index != UINT32_MAX) { + list[index].announce_node = true; + } +} + +void set_announce_node(DHT *dht, const uint8_t *public_key) +{ + unsigned int index = bit_by_bit_cmp(public_key, dht->self_public_key); + + if (index >= LCLIENT_LENGTH) { + index = LCLIENT_LENGTH - 1; + } + + set_announce_node_in_list(dht->close_clientlist + index * LCLIENT_NODES, LCLIENT_LIST, public_key); + + for (int32_t i = 0; i < dht->num_friends; ++i) { + set_announce_node_in_list(dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, public_key); + } +} + +/** @brief Send data search request, searching for a random key. */ +non_null() +static bool send_announce_ping(DHT *dht, const uint8_t *public_key, const IP_Port *ip_port) +{ + uint8_t plain[CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t)]; + + uint8_t unused_secret_key[CRYPTO_SECRET_KEY_SIZE]; + crypto_new_keypair(dht->rng, plain, unused_secret_key); + + const uint64_t ping_id = ping_array_add(dht->dht_ping_array, + dht->mono_time, + dht->rng, + public_key, CRYPTO_PUBLIC_KEY_SIZE); + memcpy(plain + CRYPTO_PUBLIC_KEY_SIZE, &ping_id, sizeof(ping_id)); + + uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; + dht_get_shared_key_sent(dht, shared_key, public_key); + + uint8_t request[1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + sizeof(plain) + CRYPTO_MAC_SIZE]; + + if (dht_create_packet(dht->rng, dht->self_public_key, shared_key, NET_PACKET_DATA_SEARCH_REQUEST, + plain, sizeof(plain), request, sizeof(request)) != sizeof(request)) { + return false; + } + + return sendpacket(dht->net, ip_port, request, sizeof(request)) == sizeof(request); +} + +/** @brief If the response is valid, set the sender as an announce node. */ +non_null(1, 2, 3) nullable(5) +static int handle_data_search_response(void *object, const IP_Port *source, + const uint8_t *packet, uint16_t length, + void *userdata) +{ + DHT *dht = (DHT *) object; + + const int32_t plain_len = (int32_t)length - (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE); + + if (plain_len < CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t)) { + return 1; + } + + VLA(uint8_t, plain, plain_len); + const uint8_t *public_key = packet + 1; + uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; + dht_get_shared_key_recv(dht, shared_key, public_key); + + if (decrypt_data_symmetric(shared_key, + packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, + packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, + plain_len + CRYPTO_MAC_SIZE, + plain) != plain_len) { + return 1; + } + + uint64_t ping_id; + memcpy(&ping_id, plain + (plain_len - sizeof(uint64_t)), sizeof(ping_id)); + + uint8_t ping_data[CRYPTO_PUBLIC_KEY_SIZE]; + + if (ping_array_check(dht->dht_ping_array, + dht->mono_time, ping_data, + sizeof(ping_data), ping_id) != sizeof(ping_data)) { + return 1; + } + + if (!pk_equal(ping_data, public_key)) { + return 1; + } + + set_announce_node(dht, public_key); + + return 0; + +} +#endif + /** @brief Is it ok to store node with public_key in client. * * return false if node can't be stored. @@ -1134,6 +1257,10 @@ static bool add_to_close(DHT *dht, const uint8_t *public_key, const IP_Port *ip_ pk_copy(client->public_key, public_key); update_client_with_reset(dht->mono_time, client, ip_port); +#ifdef CHECK_ANNOUNCE_NODE + client->announce_node = false; + send_announce_ping(dht, public_key, ip_port); +#endif return true; } @@ -1389,8 +1516,9 @@ bool dht_getnodes(DHT *dht, const IP_Port *ip_port, const uint8_t *public_key, c uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; dht_get_shared_key_sent(dht, shared_key, public_key); - const int len = dht_create_packet(dht->rng, dht->self_public_key, shared_key, NET_PACKET_GET_NODES, - plain, sizeof(plain), data); + const int len = dht_create_packet(dht->rng, + dht->self_public_key, shared_key, NET_PACKET_GET_NODES, + plain, sizeof(plain), data, sizeof(data)); crypto_memzero(shared_key, sizeof(shared_key)); @@ -1420,7 +1548,7 @@ static int sendnodes_ipv6(const DHT *dht, const IP_Port *ip_port, const uint8_t Node_format nodes_list[MAX_SENT_NODES]; const uint32_t num_nodes = - get_close_nodes(dht, client_id, nodes_list, net_family_unspec, ip_is_lan(&ip_port->ip)); + get_close_nodes(dht, client_id, nodes_list, net_family_unspec, ip_is_lan(&ip_port->ip), false); VLA(uint8_t, plain, 1 + node_format_size * MAX_SENT_NODES + length); @@ -1440,8 +1568,9 @@ static int sendnodes_ipv6(const DHT *dht, const IP_Port *ip_port, const uint8_t const uint32_t crypto_size = 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE; VLA(uint8_t, data, 1 + nodes_length + length + crypto_size); - const int len = dht_create_packet(dht->rng, dht->self_public_key, shared_encryption_key, - NET_PACKET_SEND_NODES_IPV6, plain, 1 + nodes_length + length, data); + const int len = dht_create_packet(dht->rng, + dht->self_public_key, shared_encryption_key, NET_PACKET_SEND_NODES_IPV6, + plain, 1 + nodes_length + length, data, SIZEOF_VLA(data)); if (len != SIZEOF_VLA(data)) { return -1; @@ -1663,7 +1792,7 @@ int dht_addfriend(DHT *dht, const uint8_t *public_key, dht_ip_cb *ip_callback, dht_friend_lock(dht_friend, ip_callback, data, number, lock_count); dht_friend->num_to_bootstrap = get_close_nodes(dht, dht_friend->public_key, dht_friend->to_bootstrap, net_family_unspec, - true); + true, false); return 0; } @@ -1930,6 +2059,7 @@ int dht_bootstrap_from_address(DHT *dht, const char *address, bool ipv6enabled, /** @brief Send the given packet to node with public_key. * + * @return number of bytes sent. * @retval -1 if failure. */ int route_packet(const DHT *dht, const uint8_t *public_key, const uint8_t *packet, uint16_t length) @@ -2608,6 +2738,10 @@ DHT *new_dht(const Logger *log, const Random *rng, const Network *ns, Mono_Time networking_registerhandler(dht->net, NET_PACKET_LAN_DISCOVERY, &handle_LANdiscovery, dht); cryptopacket_registerhandler(dht, CRYPTO_PACKET_NAT_PING, &handle_NATping, dht); +#ifdef CHECK_ANNOUNCE_NODE + networking_registerhandler(dht->net, NET_PACKET_DATA_SEARCH_RESPONSE, &handle_data_search_response, dht); +#endif + crypto_new_keypair(rng, dht->self_public_key, dht->self_secret_key); dht->dht_ping_array = ping_array_new(DHT_PING_ARRAY_SIZE, PING_TIMEOUT); diff --git a/toxcore/DHT.h b/toxcore/DHT.h index 656556c7db..0109ed1b2e 100644 --- a/toxcore/DHT.h +++ b/toxcore/DHT.h @@ -70,6 +70,12 @@ extern "C" { #define PACKED_NODE_SIZE_IP4 (1 + SIZE_IP4 + sizeof(uint16_t) + CRYPTO_PUBLIC_KEY_SIZE) #define PACKED_NODE_SIZE_IP6 (1 + SIZE_IP6 + sizeof(uint16_t) + CRYPTO_PUBLIC_KEY_SIZE) +/** + * This define can eventually be removed; it is necessary if a significant + * proportion of dht nodes do not implement the dht announcements protocol. + */ +#define CHECK_ANNOUNCE_NODE + /** * @brief Create a request to peer. * @@ -144,6 +150,11 @@ typedef struct Client_data { uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE]; IPPTsPng assoc4; IPPTsPng assoc6; + +#ifdef CHECK_ANNOUNCE_NODE + /* Responded to data search? */ + bool announce_node; +#endif } Client_data; /*----------------------------------------------------------------------------------*/ @@ -180,16 +191,28 @@ non_null() const Client_data *dht_friend_client(const DHT_Friend *dht_friend, si */ int packed_node_size(Family ip_family); -/** @brief Packs an IP_Port structure into data of max size length. +/** @brief Pack an IP_Port structure into data of max size length. * * Packed_length is the offset of data currently packed. * - * @return size of packed IP_Port data on success + * @return size of packed IP_Port data on success. * @retval -1 on failure. */ non_null() int pack_ip_port(const Logger *logger, uint8_t *data, uint16_t length, const IP_Port *ip_port); +/** @brief Encrypt plain and write resulting DHT packet into packet with max size length. + * + * @return size of packet on success. + * @retval -1 on failure. + */ +non_null() +int dht_create_packet(const Random *rng, + const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t *shared_key, const uint8_t type, + const uint8_t *plain, size_t plain_length, + uint8_t *packet, size_t length); + /** @brief Unpack IP_Port structure from data of max size length into ip_port. * * len_processed is the offset of data currently unpacked. @@ -348,6 +371,10 @@ int dht_getfriendip(const DHT *dht, const uint8_t *public_key, IP_Port *ip_port) non_null() int id_closest(const uint8_t *pk, const uint8_t *pk1, const uint8_t *pk2); +/** Return index of first unequal bit number between public keys pk1 and pk2. */ +non_null() +unsigned int bit_by_bit_cmp(const uint8_t *pk1, const uint8_t *pk2); + /** * Add node to the node list making sure only the nodes closest to cmp_pk are in the list. * @@ -361,19 +388,25 @@ bool add_to_list( non_null() bool node_addable_to_close_list(DHT *dht, const uint8_t *public_key, const IP_Port *ip_port); +#ifdef CHECK_ANNOUNCE_NODE +/** Set node as announce node. */ +non_null() +void set_announce_node(DHT *dht, const uint8_t *public_key); +#endif + /** * Get the (maximum MAX_SENT_NODES) closest nodes to public_key we know * and put them in nodes_list (must be MAX_SENT_NODES big). * * sa_family = family (IPv4 or IPv6) (0 if we don't care)? * is_LAN = return some LAN ips (true or false) - * want_good = do we want tested nodes or not? (TODO(irungentoo)) + * want_announce: return only nodes which implement the dht announcements protocol. * * @return the number of nodes returned. */ non_null() -int get_close_nodes( - const DHT *dht, const uint8_t *public_key, Node_format *nodes_list, Family sa_family, bool is_LAN); +int get_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *nodes_list, Family sa_family, + bool is_LAN, bool want_announce); /** @brief Put up to max_num nodes in nodes from the random friends. @@ -432,6 +465,7 @@ int dht_connect_after_load(DHT *dht); /** @brief Send the given packet to node with public_key. * + * @return number of bytes sent. * @retval -1 if failure. */ non_null() diff --git a/toxcore/Makefile.inc b/toxcore/Makefile.inc index 7c00ffffc2..239154f6d8 100644 --- a/toxcore/Makefile.inc +++ b/toxcore/Makefile.inc @@ -87,6 +87,10 @@ libtoxcore_la_SOURCES = ../third_party/cmp/cmp.c \ ../toxcore/onion_announce.c \ ../toxcore/onion_client.h \ ../toxcore/onion_client.c \ + ../toxcore/announce.h \ + ../toxcore/announce.c \ + ../toxcore/forwarding.h \ + ../toxcore/forwarding.c \ ../toxcore/TCP_client.h \ ../toxcore/TCP_client.c \ ../toxcore/TCP_common.h \ diff --git a/toxcore/Messenger.c b/toxcore/Messenger.c index e0ad0b378f..28c8b0da2f 100644 --- a/toxcore/Messenger.c +++ b/toxcore/Messenger.c @@ -3237,16 +3237,27 @@ Messenger *new_messenger(Mono_Time *mono_time, const Random *rng, const Network return nullptr; } + if (options->dht_announcements_enabled) { + m->forwarding = new_forwarding(m->log, m->rng, m->mono_time, m->dht); + m->announce = new_announcements(m->log, m->rng, m->mono_time, m->forwarding); + } else { + m->forwarding = nullptr; + m->announce = nullptr; + } + m->onion = new_onion(m->log, m->mono_time, m->rng, m->dht); m->onion_a = new_onion_announce(m->log, m->rng, m->mono_time, m->dht); m->onion_c = new_onion_client(m->log, m->rng, m->mono_time, m->net_crypto); m->fr_c = new_friend_connections(m->log, m->mono_time, m->ns, m->onion_c, options->local_discovery_enabled); - if (m->onion == nullptr || m->onion_a == nullptr || m->onion_c == nullptr || m->fr_c == nullptr) { + if ((options->dht_announcements_enabled && (m->forwarding == nullptr || m->announce == nullptr)) || + m->onion == nullptr || m->onion_a == nullptr || m->onion_c == nullptr || m->fr_c == nullptr) { kill_friend_connections(m->fr_c); kill_onion(m->onion); kill_onion_announce(m->onion_a); kill_onion_client(m->onion_c); + kill_announcements(m->announce); + kill_forwarding(m->forwarding); kill_net_crypto(m->net_crypto); kill_dht(m->dht); kill_networking(m->net); @@ -3258,13 +3269,15 @@ Messenger *new_messenger(Mono_Time *mono_time, const Random *rng, const Network if (options->tcp_server_port != 0) { m->tcp_server = new_TCP_server(m->log, m->rng, m->ns, options->ipv6enabled, 1, &options->tcp_server_port, - dht_get_self_secret_key(m->dht), m->onion); + dht_get_self_secret_key(m->dht), m->onion, m->forwarding); if (m->tcp_server == nullptr) { kill_friend_connections(m->fr_c); kill_onion(m->onion); kill_onion_announce(m->onion_a); kill_onion_client(m->onion_c); + kill_announcements(m->announce); + kill_forwarding(m->forwarding); kill_net_crypto(m->net_crypto); kill_dht(m->dht); kill_networking(m->net); @@ -3316,6 +3329,8 @@ void kill_messenger(Messenger *m) kill_onion(m->onion); kill_onion_announce(m->onion_a); kill_onion_client(m->onion_c); + kill_announcements(m->announce); + kill_forwarding(m->forwarding); kill_net_crypto(m->net_crypto); kill_dht(m->dht); kill_networking(m->net); diff --git a/toxcore/Messenger.h b/toxcore/Messenger.h index 797a4a7ff5..4abd7905d0 100644 --- a/toxcore/Messenger.h +++ b/toxcore/Messenger.h @@ -11,6 +11,8 @@ #define C_TOXCORE_TOXCORE_MESSENGER_H #include "TCP_server.h" +#include "announce.h" +#include "forwarding.h" #include "friend_connection.h" #include "friend_requests.h" #include "logger.h" @@ -60,6 +62,7 @@ typedef struct Messenger_Options { bool hole_punching_enabled; bool local_discovery_enabled; + bool dht_announcements_enabled; logger_cb *log_callback; void *log_context; @@ -241,6 +244,9 @@ struct Messenger { Net_Crypto *net_crypto; DHT *dht; + Forwarding *forwarding; + Announcements *announce; + Onion *onion; Onion_Announce *onion_a; Onion_Client *onion_c; diff --git a/toxcore/TCP_client.c b/toxcore/TCP_client.c index 919048a2f3..53866c854e 100644 --- a/toxcore/TCP_client.c +++ b/toxcore/TCP_client.c @@ -57,6 +57,9 @@ struct TCP_Client_Connection { tcp_onion_response_cb *onion_callback; void *onion_callback_object; + forwarded_response_cb *forwarded_response_callback; + void *forwarded_response_callback_object; + /* Can be used by user. */ void *custom_object; uint32_t custom_uint; @@ -527,6 +530,34 @@ void onion_response_handler(TCP_Client_Connection *con, tcp_onion_response_cb *o con->onion_callback_object = object; } +/** @retval 1 on success. + * @retval 0 if could not send packet. + * @retval -1 on failure (connection must be killed). + */ +int send_forward_request_tcp(const Logger *logger, TCP_Client_Connection *con, const IP_Port *dest, const uint8_t *data, uint16_t length) +{ + if (length > MAX_FORWARD_DATA_SIZE) { + return -1; + } + + VLA(uint8_t, packet, 1 + MAX_PACKED_IPPORT_SIZE + length); + packet[0] = TCP_PACKET_FORWARD_REQUEST; + const int ipport_length = pack_ip_port(logger, packet + 1, MAX_PACKED_IPPORT_SIZE, dest); + + if (ipport_length == -1) { + return 0; + } + + memcpy(packet + 1 + ipport_length, data, length); + return write_packet_TCP_secure_connection(logger, &con->con, packet, 1 + ipport_length + length, false); +} + +void forwarding_handler(TCP_Client_Connection *con, forwarded_response_cb *forwarded_response_callback, void *object) +{ + con->forwarded_response_callback = forwarded_response_callback; + con->forwarded_response_callback_object = object; +} + /** Create new TCP connection to ip_port/public_key */ TCP_Client_Connection *new_TCP_connection( const Logger *logger, const Mono_Time *mono_time, const Random *rng, const Network *ns, const IP_Port *ip_port, @@ -785,6 +816,11 @@ static int handle_TCP_client_packet(const Logger *logger, TCP_Client_Connection return 0; } + case TCP_PACKET_FORWARDING: { + conn->forwarded_response_callback(conn->forwarded_response_callback_object, data + 1, length - 1, userdata); + return 0; + } + default: { if (data[0] < NUM_RESERVED_PORTS) { return -1; diff --git a/toxcore/TCP_client.h b/toxcore/TCP_client.h index 9c6e817d66..fdc91de70d 100644 --- a/toxcore/TCP_client.h +++ b/toxcore/TCP_client.h @@ -10,6 +10,7 @@ #define C_TOXCORE_TOXCORE_TCP_CLIENT_H #include "crypto_core.h" +#include "forwarding.h" #include "mono_time.h" #include "network.h" @@ -83,6 +84,12 @@ int send_onion_request(const Logger *logger, TCP_Client_Connection *con, const u non_null() void onion_response_handler(TCP_Client_Connection *con, tcp_onion_response_cb *onion_callback, void *object); +non_null() +int send_forward_request_tcp(const Logger *logger, TCP_Client_Connection *con, const IP_Port *dest, const uint8_t *data, + uint16_t length); +non_null() +void forwarding_handler(TCP_Client_Connection *con, forwarded_response_cb *forwarded_response_callback, void *object); + typedef int tcp_routing_response_cb(void *object, uint8_t connection_id, const uint8_t *public_key); typedef int tcp_routing_status_cb(void *object, uint32_t number, uint8_t connection_id, uint8_t status); diff --git a/toxcore/TCP_common.h b/toxcore/TCP_common.h index ca07bf5741..88c0cb665a 100644 --- a/toxcore/TCP_common.h +++ b/toxcore/TCP_common.h @@ -33,6 +33,8 @@ void wipe_priority_list(TCP_Priority_List *p); #define TCP_PACKET_OOB_RECV 7 #define TCP_PACKET_ONION_REQUEST 8 #define TCP_PACKET_ONION_RESPONSE 9 +#define TCP_PACKET_FORWARD_REQUEST 10 +#define TCP_PACKET_FORWARDING 11 #define TCP_HANDSHAKE_PLAIN_SIZE (CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE) #define TCP_SERVER_HANDSHAKE_SIZE (CRYPTO_NONCE_SIZE + TCP_HANDSHAKE_PLAIN_SIZE + CRYPTO_MAC_SIZE) diff --git a/toxcore/TCP_connection.c b/toxcore/TCP_connection.c index 623a27a24a..cbf6041017 100644 --- a/toxcore/TCP_connection.c +++ b/toxcore/TCP_connection.c @@ -42,6 +42,9 @@ struct TCP_Connections { tcp_onion_cb *tcp_onion_callback; void *tcp_onion_callback_object; + forwarded_response_cb *tcp_forwarded_response_callback; + void *tcp_forwarded_response_callback_object; + TCP_Proxy_Info proxy_info; bool onion_status; @@ -394,6 +397,43 @@ int get_random_tcp_onion_conn_number(const TCP_Connections *tcp_c) return -1; } +/** @brief Return TCP connection number of active TCP connection with ip_port. + * + * return TCP connection number on success. + * return -1 on failure. + */ +non_null() +static int get_conn_number_by_ip_port(TCP_Connections *tcp_c, const IP_Port *ip_port) +{ + for (uint32_t i = 0; i < tcp_c->tcp_connections_length; ++i) { + const IP_Port conn_ip_port = tcp_con_ip_port(tcp_c->tcp_connections[i].connection); + + if (ipport_equal(ip_port, &conn_ip_port) && + tcp_c->tcp_connections[i].status == TCP_CONN_CONNECTED) { + return i; + } + } + + return -1; +} + +/** @brief Put IP_Port of a random onion TCP connection in ip_port. + * + * return true on success. + * return false on failure. + */ +bool tcp_get_random_conn_ip_port(const TCP_Connections *tcp_c, IP_Port *ip_port) +{ + const int index = get_random_tcp_onion_conn_number(tcp_c); + + if (index == -1) { + return false; + } + + *ip_port = tcp_con_ip_port(tcp_c->tcp_connections[index].connection); + return true; +} + /** @brief Send an onion packet via the TCP relay corresponding to tcp_connections_number. * * return 0 on success. @@ -418,6 +458,36 @@ int tcp_send_onion_request(TCP_Connections *tcp_c, uint32_t tcp_connections_numb return -1; } +/* Send a forward request to the TCP relay with IP_Port tcp_forwarder, + * requesting to forward data via a chain of dht nodes starting with dht_node. + * A chain_length of 0 means that dht_node is the final destination of data. + * + * return 0 on success. + * return -1 on failure. + */ +int tcp_send_forward_request(const Logger *logger, TCP_Connections *tcp_c, const IP_Port *tcp_forwarder, + const IP_Port *dht_node, + const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length) +{ + const int index = get_conn_number_by_ip_port(tcp_c, tcp_forwarder); + + if (index == -1) { + return -1; + } + + if (chain_length == 0) { + return send_forward_request_tcp(logger, tcp_c->tcp_connections[index].connection, dht_node, data, + data_length) == 1 ? 0 : -1; + } + + const uint16_t len = forward_chain_packet_size(chain_length, data_length); + VLA(uint8_t, packet, len); + + return create_forward_chain_packet(chain_keys, chain_length, data, data_length, packet) + && send_forward_request_tcp(logger, tcp_c->tcp_connections[index].connection, dht_node, packet, len) == 1 ? 0 : -1; +} + /** @brief Send an oob packet via the TCP relay corresponding to tcp_connections_number. * * return 0 on success. @@ -486,6 +556,15 @@ void set_onion_packet_tcp_connection_callback(TCP_Connections *tcp_c, tcp_onion_ tcp_c->tcp_onion_callback_object = object; } +/** @brief Set the callback for TCP forwarding packets. */ +void set_forwarding_packet_tcp_connection_callback(TCP_Connections *tcp_c, + forwarded_response_cb *tcp_forwarded_response_callback, + void *object) +{ + tcp_c->tcp_forwarded_response_callback = tcp_forwarded_response_callback; + tcp_c->tcp_forwarded_response_callback_object = object; +} + /** @brief Encode tcp_connections_number as a custom ip_port. * * return ip_port. @@ -503,7 +582,6 @@ IP_Port tcp_connections_number_to_ip_port(unsigned int tcp_connections_number) * return true on success. * return false if ip_port is invalid. */ -non_null() bool ip_port_to_tcp_connections_number(const IP_Port *ip_port, unsigned int *tcp_connections_number) { *tcp_connections_number = ip_port->ip.ip.v6.uint32[0]; @@ -1119,6 +1197,16 @@ static int tcp_onion_callback(void *object, const uint8_t *data, uint16_t length return 0; } +non_null() +static void tcp_forwarding_callback(void *object, const uint8_t *data, uint16_t length, void *userdata) +{ + TCP_Connections *tcp_c = (TCP_Connections *)object; + + if (tcp_c->tcp_forwarded_response_callback != nullptr) { + tcp_c->tcp_forwarded_response_callback(tcp_c->tcp_forwarded_response_callback_object, data, length, userdata); + } +} + /** @brief Set callbacks for the TCP relay connection. * * return 0 on success. @@ -1138,6 +1226,7 @@ static int tcp_relay_set_callbacks(TCP_Connections *tcp_c, int tcp_connections_n tcp_con_set_custom_object(con, tcp_c); tcp_con_set_custom_uint(con, tcp_connections_number); onion_response_handler(con, &tcp_onion_callback, tcp_c); + forwarding_handler(con, &tcp_forwarding_callback, tcp_c); routing_response_handler(con, &tcp_response_callback, con); routing_status_handler(con, &tcp_status_callback, con); routing_data_handler(con, &tcp_conn_data_callback, con); diff --git a/toxcore/TCP_connection.h b/toxcore/TCP_connection.h index fd9e12cb51..65ead4d87f 100644 --- a/toxcore/TCP_connection.h +++ b/toxcore/TCP_connection.h @@ -102,6 +102,14 @@ int send_packet_tcp_connection(const TCP_Connections *tcp_c, int connections_num non_null() int get_random_tcp_onion_conn_number(const TCP_Connections *tcp_c); +/** @brief Put IP_Port of a random onion TCP connection in ip_port. + * + * return true on success. + * return false on failure. + */ +non_null() +bool tcp_get_random_conn_ip_port(const TCP_Connections *tcp_c, IP_Port *ip_port); + /** @brief Send an onion packet via the TCP relay corresponding to tcp_connections_number. * * return 0 on success. @@ -121,6 +129,20 @@ int tcp_send_onion_request(TCP_Connections *tcp_c, unsigned int tcp_connections_ non_null() int set_tcp_onion_status(TCP_Connections *tcp_c, bool status); +/** + * Send a forward request to the TCP relay with IP_Port tcp_forwarder, + * requesting to forward data via a chain of dht nodes starting with dht_node. + * A chain_length of 0 means that dht_node is the final destination of data. + * + * return 0 on success. + * return -1 on failure. + */ +non_null() +int tcp_send_forward_request(const Logger *logger, TCP_Connections *tcp_c, const IP_Port *tcp_forwarder, + const IP_Port *dht_node, + const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length); + /** @brief Send an oob packet via the TCP relay corresponding to tcp_connections_number. * * return 0 on success. @@ -146,6 +168,13 @@ typedef int tcp_onion_cb(void *object, const uint8_t *data, uint16_t length, voi non_null(1) nullable(2, 3) void set_onion_packet_tcp_connection_callback(TCP_Connections *tcp_c, tcp_onion_cb *tcp_onion_callback, void *object); +/** @brief Set the callback for TCP forwarding packets. */ +non_null(1) nullable(2, 3) +void set_forwarding_packet_tcp_connection_callback(TCP_Connections *tcp_c, + forwarded_response_cb *tcp_forwarded_response_callback, + void *object); + + typedef int tcp_oob_cb(void *object, const uint8_t *public_key, unsigned int tcp_connections_number, const uint8_t *data, uint16_t length, void *userdata); diff --git a/toxcore/TCP_server.c b/toxcore/TCP_server.c index f999930428..15b5ee26d8 100644 --- a/toxcore/TCP_server.c +++ b/toxcore/TCP_server.c @@ -61,6 +61,7 @@ struct TCP_Server { const Random *rng; const Network *ns; Onion *onion; + Forwarding *forwarding; #ifdef TCP_SERVER_USE_EPOLL int efd; @@ -566,9 +567,9 @@ static int rm_connection_index(TCP_Server *tcp_server, TCP_Secure_Connection *co return -1; } -/* Encode con_id and identifier as a custom IP_Port. +/** @brief Encode con_id and identifier as a custom IP_Port. * - * return ip_port. + * @return ip_port. */ static IP_Port con_id_to_ip_port(uint32_t con_id, uint64_t identifier) { @@ -580,19 +581,19 @@ static IP_Port con_id_to_ip_port(uint32_t con_id, uint64_t identifier) } -/* Decode ip_port created by con_id_to_ip_port to con_id. +/** @brief Decode ip_port created by con_id_to_ip_port to con_id. * - * return true on success. - * return false if ip_port is invalid. + * @retval true on success. + * @retval false if ip_port is invalid. */ non_null() static bool ip_port_to_con_id(const TCP_Server *tcp_server, const IP_Port *ip_port, uint32_t *con_id) { *con_id = ip_port->ip.ip.v6.uint32[0]; - return (net_family_is_tcp_client(ip_port->ip.family) && - *con_id < tcp_server->size_accepted_connections && - tcp_server->accepted_connection_array[*con_id].identifier == ip_port->ip.ip.v6.uint64[1]); + return net_family_is_tcp_client(ip_port->ip.family) && + *con_id < tcp_server->size_accepted_connections && + tcp_server->accepted_connection_array[*con_id].identifier == ip_port->ip.ip.v6.uint64[1]; } non_null() @@ -618,6 +619,42 @@ static int handle_onion_recv_1(void *object, const IP_Port *dest, const uint8_t return 0; } +non_null() +static bool handle_forward_reply_tcp(void *object, const uint8_t *sendback_data, uint16_t sendback_data_len, + const uint8_t *data, uint16_t length) +{ + TCP_Server *tcp_server = (TCP_Server *)object; + + if (sendback_data_len != 1 + sizeof(uint32_t) + sizeof(uint64_t)) { + return false; + } + + if (*sendback_data != SENDBACK_TCP) { + return false; + } + + uint32_t con_id; + uint64_t identifier; + net_unpack_u32(sendback_data + 1, &con_id); + net_unpack_u64(sendback_data + 1 + sizeof(uint32_t), &identifier); + + if (con_id >= tcp_server->size_accepted_connections) { + return false; + } + + TCP_Secure_Connection *con = &tcp_server->accepted_connection_array[con_id]; + + if (con->identifier != identifier) { + return false; + } + + VLA(uint8_t, packet, 1 + length); + memcpy(packet + 1, data, length); + packet[0] = TCP_PACKET_FORWARDING; + + return write_packet_TCP_secure_connection(tcp_server->logger, &con->con, packet, SIZEOF_VLA(packet), false) == 1; +} + /** * @retval 0 on success * @retval -1 on failure @@ -726,6 +763,39 @@ static int handle_TCP_packet(TCP_Server *tcp_server, uint32_t con_id, const uint return -1; } + case TCP_PACKET_FORWARD_REQUEST: { + if (tcp_server->forwarding == nullptr) { + return -1; + } + + const uint16_t sendback_data_len = 1 + sizeof(uint32_t) + sizeof(uint64_t); + uint8_t sendback_data[1 + sizeof(uint32_t) + sizeof(uint64_t)]; + sendback_data[0] = SENDBACK_TCP; + net_pack_u32(sendback_data + 1, con_id); + net_pack_u64(sendback_data + 1 + sizeof(uint32_t), con->identifier); + + IP_Port dest; + const int ipport_length = unpack_ip_port(&dest, data + 1, length - 1, false); + + if (ipport_length == -1) { + return -1; + } + + const uint8_t *const forward_data = data + (1 + ipport_length); + const uint16_t forward_data_len = length - (1 + ipport_length); + + if (forward_data_len > MAX_FORWARD_DATA_SIZE) { + return -1; + } + + send_forwarding(tcp_server->forwarding, &dest, sendback_data, sendback_data_len, forward_data, forward_data_len); + return 0; + } + + case TCP_PACKET_FORWARDING: { + return -1; + } + default: { if (data[0] < NUM_RESERVED_PORTS) { return -1; @@ -866,8 +936,8 @@ static Socket new_listening_TCP_socket(const Logger *logger, const Network *ns, } TCP_Server *new_TCP_server(const Logger *logger, const Random *rng, const Network *ns, - bool ipv6_enabled, uint16_t num_sockets, const uint16_t *ports, - const uint8_t *secret_key, Onion *onion) + bool ipv6_enabled, uint16_t num_sockets, + const uint16_t *ports, const uint8_t *secret_key, Onion *onion, Forwarding *forwarding) { if (num_sockets == 0 || ports == nullptr) { LOGGER_ERROR(logger, "no sockets"); @@ -946,6 +1016,11 @@ TCP_Server *new_TCP_server(const Logger *logger, const Random *rng, const Networ set_callback_handle_recv_1(onion, &handle_onion_recv_1, temp); } + if (forwarding != nullptr) { + temp->forwarding = forwarding; + set_callback_forward_reply(forwarding, &handle_forward_reply_tcp, temp); + } + memcpy(temp->secret_key, secret_key, CRYPTO_SECRET_KEY_SIZE); crypto_derive_public_key(temp->public_key, temp->secret_key); @@ -1309,6 +1384,10 @@ void kill_TCP_server(TCP_Server *tcp_server) set_callback_handle_recv_1(tcp_server->onion, nullptr, nullptr); } + if (tcp_server->forwarding != nullptr) { + set_callback_forward_reply(tcp_server->forwarding, nullptr, nullptr); + } + bs_list_free(&tcp_server->accepted_key_list); #ifdef TCP_SERVER_USE_EPOLL diff --git a/toxcore/TCP_server.h b/toxcore/TCP_server.h index 2bb9ab6694..2224938a09 100644 --- a/toxcore/TCP_server.h +++ b/toxcore/TCP_server.h @@ -10,6 +10,7 @@ #define C_TOXCORE_TOXCORE_TCP_SERVER_H #include "crypto_core.h" +#include "forwarding.h" #include "onion.h" #define MAX_INCOMING_CONNECTIONS 256 @@ -33,10 +34,10 @@ non_null() size_t tcp_server_listen_count(const TCP_Server *tcp_server); /** Create new TCP server instance. */ -non_null(1, 2, 3, 6, 7) nullable(8) +non_null(1, 2, 3, 6, 7) nullable(8, 9) TCP_Server *new_TCP_server(const Logger *logger, const Random *rng, const Network *ns, bool ipv6_enabled, uint16_t num_sockets, const uint16_t *ports, - const uint8_t *secret_key, Onion *onion); + const uint8_t *secret_key, Onion *onion, Forwarding *forwarding); /** Run the TCP_server */ non_null() diff --git a/toxcore/announce.c b/toxcore/announce.c new file mode 100644 index 0000000000..e7be00c702 --- /dev/null +++ b/toxcore/announce.c @@ -0,0 +1,689 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later + * Copyright © 2020-2021 The TokTok team. + */ + +/** + * "Server side" of the DHT announcements protocol. + */ + +#include "announce.h" + +#include +#include +#include + +#include "LAN_discovery.h" +#include "ccompat.h" +#include "timed_auth.h" +#include "util.h" + +uint8_t response_of_request_type(uint8_t request_type) +{ + switch (request_type) { + case NET_PACKET_DATA_SEARCH_REQUEST: + return NET_PACKET_DATA_SEARCH_RESPONSE; + + case NET_PACKET_DATA_RETRIEVE_REQUEST: + return NET_PACKET_DATA_RETRIEVE_RESPONSE; + + case NET_PACKET_STORE_ANNOUNCE_REQUEST: + return NET_PACKET_STORE_ANNOUNCE_RESPONSE; + + default: { + assert(false); + return NET_PACKET_MAX; + } + } +} + +typedef struct Announce_Entry { + uint64_t store_until; + uint8_t data_public_key[CRYPTO_PUBLIC_KEY_SIZE]; + uint8_t *data; + uint32_t length; +} Announce_Entry; + +struct Announcements { + const Logger *log; + const Random *rng; + Forwarding *forwarding; + const Mono_Time *mono_time; + DHT *dht; + Networking_Core *net; + const uint8_t *public_key; + const uint8_t *secret_key; + + Shared_Keys shared_keys; + uint8_t hmac_key[CRYPTO_HMAC_KEY_SIZE]; + + int32_t synch_offset; + + uint64_t start_time; + + Announce_Entry entries[ANNOUNCE_BUCKETS * ANNOUNCE_BUCKET_SIZE]; +}; + +void set_synch_offset(Announcements *announce, int32_t synch_offset) +{ + announce->synch_offset = synch_offset; +} + +/** + * An entry is considered to be "deleted" for the purposes of the protocol + * once it has timed out. + */ +non_null() +static bool entry_is_empty(const Announcements *announce, const Announce_Entry *entry) +{ + return mono_time_get(announce->mono_time) >= entry->store_until; +} + +non_null() +static void delete_entry(Announce_Entry *entry) +{ + entry->store_until = 0; +} + +/** Return bits (at most 8) from pk starting at index as uint8_t */ +non_null() +static uint8_t truncate_pk_at_index(const uint8_t *pk, uint16_t index, uint16_t bits) +{ + assert(bits < 8); + const uint8_t i = index / 8; + const uint8_t j = index % 8; + return ((uint8_t)((i < CRYPTO_PUBLIC_KEY_SIZE ? pk[i] : 0) << j) >> (8 - bits)) | + ((i + 1 < CRYPTO_PUBLIC_KEY_SIZE ? pk[i + 1] : 0) >> (16 - bits - j)); +} + +uint16_t get_bucketnum(const uint8_t *base, const uint8_t *pk) +{ + const uint16_t index = bit_by_bit_cmp(base, pk); + + return truncate_pk_at_index(base, index + 1, ANNOUNCE_BUCKET_PREFIX_LENGTH) ^ + truncate_pk_at_index(pk, index + 1, ANNOUNCE_BUCKET_PREFIX_LENGTH); +} + +non_null() +static Announce_Entry *bucket_of_key(Announcements *announce, const uint8_t *pk) +{ + return &announce->entries[get_bucketnum(announce->public_key, pk) * ANNOUNCE_BUCKET_SIZE]; +} + +non_null() +static Announce_Entry *get_stored(Announcements *announce, const uint8_t *data_public_key) +{ + Announce_Entry *const bucket = bucket_of_key(announce, data_public_key); + + for (uint32_t i = 0; i < ANNOUNCE_BUCKET_SIZE; ++i) { + if (pk_equal(bucket[i].data_public_key, data_public_key)) { + if (entry_is_empty(announce, &bucket[i])) { + break; + } + + return &bucket[i]; + } + } + + return nullptr; +} + +non_null() +static const Announce_Entry *bucket_of_key_const(const Announcements *announce, const uint8_t *pk) +{ + return &announce->entries[get_bucketnum(announce->public_key, pk) * ANNOUNCE_BUCKET_SIZE]; +} + +non_null() +static const Announce_Entry *get_stored_const(const Announcements *announce, const uint8_t *data_public_key) +{ + const Announce_Entry *const bucket = bucket_of_key_const(announce, data_public_key); + + for (uint32_t i = 0; i < ANNOUNCE_BUCKET_SIZE; ++i) { + if (pk_equal(bucket[i].data_public_key, data_public_key)) { + if (entry_is_empty(announce, &bucket[i])) { + break; + } + + return &bucket[i]; + } + } + + return nullptr; +} + + +bool on_stored(const Announcements *announce, const uint8_t *data_public_key, + on_retrieve_cb *on_retrieve_callback, void *object) +{ + const Announce_Entry *const entry = get_stored_const(announce, data_public_key); + + if (entry == nullptr || entry->data == nullptr) { + return false; + } + + if (on_retrieve_callback != nullptr) { + on_retrieve_callback(object, entry->data, entry->length); + } + + return true; +} + +/** + * Return existing entry for this key if it exists, else an empty + * slot in the key's bucket if one exists, else an entry in the key's bucket + * of greatest 2-adic distance greater than that of the key bucket if one + * exists, else nullptr. + */ +non_null() +static Announce_Entry *find_entry_slot(Announcements *announce, const uint8_t *data_public_key) +{ + Announce_Entry *const bucket = bucket_of_key(announce, data_public_key); + + Announce_Entry *slot = nullptr; + uint16_t min_index = bit_by_bit_cmp(announce->public_key, data_public_key); + + for (uint32_t i = 0; i < ANNOUNCE_BUCKET_SIZE; ++i) { + if (pk_equal(bucket[i].data_public_key, data_public_key)) { + return &bucket[i]; + } + + if (entry_is_empty(announce, &bucket[i])) { + slot = &bucket[i]; + min_index = 0; + continue; + } + + const uint16_t index = bit_by_bit_cmp(announce->public_key, bucket[i].data_public_key); + + if (index < min_index) { + slot = &bucket[i]; + min_index = index; + } + } + + return slot; +} + +non_null() +static bool would_accept_store_request(Announcements *announce, const uint8_t *data_public_key) +{ + return find_entry_slot(announce, data_public_key) != nullptr; +} + +bool store_data(Announcements *announce, const uint8_t *data_public_key, + const uint8_t *data, uint32_t length, uint32_t timeout) +{ + if (length > MAX_ANNOUNCEMENT_SIZE) { + return false; + } + + Announce_Entry *entry = find_entry_slot(announce, data_public_key); + + if (entry == nullptr) { + return false; + } + + if (length > 0) { + assert(data != nullptr); + + if (entry->data != nullptr) { + free(entry->data); + } + + entry->data = (uint8_t *)malloc(length); + + if (entry->data == nullptr) { + return false; + } + + memcpy(entry->data, data, length); + } + + entry->length = length; + memcpy(entry->data_public_key, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); + entry->store_until = mono_time_get(announce->mono_time) + timeout; + + return true; +} + +non_null() +static uint32_t calculate_timeout(const Announcements *announce, uint32_t requested_timeout) +{ + const uint64_t uptime = mono_time_get(announce->mono_time) - announce->start_time; + const uint32_t max_announcement_timeout = max_u32( + (uint32_t)min_u64( + MAX_MAX_ANNOUNCEMENT_TIMEOUT, + uptime / MAX_ANNOUNCEMENT_TIMEOUT_UPTIME_RATIO), + MIN_MAX_ANNOUNCEMENT_TIMEOUT); + + return min_u32(max_announcement_timeout, requested_timeout); +} + +#define DATA_SEARCH_TO_AUTH_MAX_SIZE (CRYPTO_PUBLIC_KEY_SIZE * 2 + MAX_PACKED_IPPORT_SIZE + MAX_SENDBACK_SIZE) + +non_null(1, 2, 3, 4, 7) nullable(5) +static int create_data_search_to_auth(const Logger *logger, const uint8_t *data_public_key, + const uint8_t *requester_key, + const IP_Port *source, const uint8_t *sendback, uint16_t sendback_length, + uint8_t *dest, uint16_t max_length) +{ + if (max_length < DATA_SEARCH_TO_AUTH_MAX_SIZE + || sendback_length > MAX_SENDBACK_SIZE) { + return -1; + } + + memcpy(dest, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); + memcpy(dest + CRYPTO_PUBLIC_KEY_SIZE, requester_key, CRYPTO_PUBLIC_KEY_SIZE); + + const int ipport_length = pack_ip_port(logger, dest + CRYPTO_PUBLIC_KEY_SIZE * 2, MAX_PACKED_IPPORT_SIZE, source); + + if (ipport_length == -1) { + return -1; + } + + if (sendback_length > 0) { + assert(sendback != nullptr); + memcpy(dest + CRYPTO_PUBLIC_KEY_SIZE * 2 + ipport_length, sendback, sendback_length); + } + + return CRYPTO_PUBLIC_KEY_SIZE * 2 + ipport_length + sendback_length; +} + +#define DATA_SEARCH_TIMEOUT 60 + +non_null() +static int create_reply_plain_data_search_request(Announcements *announce, + const IP_Port *source, + const uint8_t *data, uint16_t length, + uint8_t *reply, uint16_t reply_max_length, + uint8_t *to_auth, uint16_t to_auth_length) +{ + if (length != CRYPTO_PUBLIC_KEY_SIZE && + length != CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA256_SIZE) { + return -1; + } + + const uint8_t *const data_public_key = data; + + const uint8_t *previous_hash = nullptr; + + if (length == CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_SHA256_SIZE) { + previous_hash = data + CRYPTO_PUBLIC_KEY_SIZE; + } + + const int nodes_max_length = (int)reply_max_length - + (CRYPTO_PUBLIC_KEY_SIZE + 1 + CRYPTO_SHA256_SIZE + TIMED_AUTH_SIZE + 1 + 1); + + if (nodes_max_length < 0) { + return -1; + } + + uint8_t *p = reply; + + memcpy(p, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); + p += CRYPTO_PUBLIC_KEY_SIZE; + + const Announce_Entry *const stored = get_stored_const(announce, data_public_key); + + if (stored == nullptr) { + *p = 0; + ++p; + } else { + *p = 1; + ++p; + crypto_sha256(p, stored->data, stored->length); + p += CRYPTO_SHA256_SIZE; + } + + generate_timed_auth(announce->mono_time, DATA_SEARCH_TIMEOUT, announce->hmac_key, + to_auth, to_auth_length, p); + p += TIMED_AUTH_SIZE; + + *p = would_accept_store_request(announce, data_public_key); + ++p; + + Node_format nodes_list[MAX_SENT_NODES]; + const int num_nodes = get_close_nodes(announce->dht, data_public_key, nodes_list, + net_family_unspec, ip_is_lan(&source->ip), true); + + if (num_nodes < 0 || num_nodes > MAX_SENT_NODES) { + return -1; + } + + *p = num_nodes; + ++p; + + p += pack_nodes(announce->log, p, nodes_max_length, nodes_list, num_nodes); + + const uint32_t reply_len = p - reply; + + if (previous_hash != nullptr) { + uint8_t hash[CRYPTO_SHA256_SIZE]; + + crypto_sha256(hash, reply, reply_len); + + if (crypto_sha256_eq(hash, previous_hash)) { + return CRYPTO_PUBLIC_KEY_SIZE; + } + } + + return reply_len; +} + +non_null() +static int create_reply_plain_data_retrieve_request(Announcements *announce, + const IP_Port *source, + const uint8_t *data, uint16_t length, + uint8_t *reply, uint16_t reply_max_length, + uint8_t *to_auth, uint16_t to_auth_length) +{ + if (length != CRYPTO_PUBLIC_KEY_SIZE + 1 + TIMED_AUTH_SIZE) { + return -1; + } + + if (data[CRYPTO_PUBLIC_KEY_SIZE] != 0) { + return -1; + } + + const uint8_t *const data_public_key = data; + const uint8_t *const auth = data + CRYPTO_PUBLIC_KEY_SIZE + 1; + + if (!check_timed_auth(announce->mono_time, DATA_SEARCH_TIMEOUT, announce->hmac_key, + to_auth, to_auth_length, auth)) { + return -1; + } + + const Announce_Entry *const entry = get_stored_const(announce, data_public_key); + + if (entry == nullptr) { + return -1; + } + + const uint16_t reply_len = CRYPTO_PUBLIC_KEY_SIZE + 1 + entry->length; + + if (reply_max_length < reply_len) { + return -1; + } + + memcpy(reply, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); + reply[CRYPTO_PUBLIC_KEY_SIZE] = 1; + memcpy(reply + CRYPTO_PUBLIC_KEY_SIZE + 1, entry->data, entry->length); + + return reply_len; +} + +non_null() +static int create_reply_plain_store_announce_request(Announcements *announce, + const IP_Port *source, + const uint8_t *data, uint16_t length, + uint8_t *reply, uint16_t reply_max_length, + uint8_t *to_auth, uint16_t to_auth_length) +{ + const int plain_len = (int)length - (CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE); + const int announcement_len = (int)plain_len - (TIMED_AUTH_SIZE + sizeof(uint32_t) + 1); + + const uint8_t *const data_public_key = data; + + if (announcement_len < 0) { + return -1; + } + + VLA(uint8_t, plain, plain_len); + uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; + + get_shared_key(announce->mono_time, &announce->shared_keys, shared_key, + announce->secret_key, data_public_key); + + if (decrypt_data_symmetric(shared_key, + data + CRYPTO_PUBLIC_KEY_SIZE, + data + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, + plain_len + CRYPTO_MAC_SIZE, + plain) != plain_len) { + return -1; + } + + const uint8_t *const auth = plain; + uint32_t requested_timeout; + net_unpack_u32(plain + TIMED_AUTH_SIZE, &requested_timeout); + const uint32_t timeout = calculate_timeout(announce, requested_timeout); + const uint8_t announcement_type = plain[TIMED_AUTH_SIZE + sizeof(uint32_t)]; + const uint8_t *announcement = plain + TIMED_AUTH_SIZE + sizeof(uint32_t) + 1; + + if (!check_timed_auth(announce->mono_time, DATA_SEARCH_TIMEOUT, announce->hmac_key, + to_auth, to_auth_length, auth)) { + return -1; + } + + if (announcement_type > 1) { + return -1; + } + + if (announcement_type == 1) { + if (announcement_len != CRYPTO_SHA256_SIZE) { + return -1; + } + + Announce_Entry *stored = get_stored(announce, data_public_key); + + if (stored == nullptr) { + return -1; + } + + uint8_t stored_hash[CRYPTO_SHA256_SIZE]; + crypto_sha256(stored_hash, stored->data, stored->length); + + if (!crypto_sha256_eq(announcement, stored_hash)) { + delete_entry(stored); + return -1; + } else { + stored->store_until = mono_time_get(announce->mono_time) + timeout; + } + } else { + if (!store_data(announce, data_public_key, announcement, announcement_len, timeout)) { + return -1; + } + } + + const uint16_t reply_len = CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint32_t) + sizeof(uint64_t); + + if (reply_max_length < reply_len) { + return -1; + } + + memcpy(reply, data_public_key, CRYPTO_PUBLIC_KEY_SIZE); + net_pack_u32(reply + CRYPTO_PUBLIC_KEY_SIZE, timeout); + net_pack_u64(reply + CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint32_t), + mono_time_get(announce->mono_time) + announce->synch_offset); + return reply_len; +} + +non_null(1, 2, 3, 7, 9) nullable(5) +static int create_reply_plain(Announcements *announce, + const uint8_t *requester_key, const IP_Port *source, uint8_t type, + const uint8_t *sendback, uint16_t sendback_length, + const uint8_t *data, uint16_t length, + uint8_t *reply, uint16_t reply_max_length) +{ + if (length < CRYPTO_PUBLIC_KEY_SIZE) { + return -1; + } + + const uint8_t *const data_public_key = data; + + uint8_t to_auth[DATA_SEARCH_TO_AUTH_MAX_SIZE]; + const int to_auth_length = create_data_search_to_auth(announce->log, data_public_key, requester_key, source, + sendback, sendback_length, to_auth, DATA_SEARCH_TO_AUTH_MAX_SIZE); + + if (to_auth_length == -1) { + return -1; + } + + switch (type) { + case NET_PACKET_DATA_SEARCH_REQUEST: + return create_reply_plain_data_search_request(announce, source, data, length, reply, reply_max_length, to_auth, + (uint16_t)to_auth_length); + + case NET_PACKET_DATA_RETRIEVE_REQUEST: + return create_reply_plain_data_retrieve_request(announce, source, data, length, reply, reply_max_length, to_auth, + (uint16_t)to_auth_length); + + case NET_PACKET_STORE_ANNOUNCE_REQUEST: + return create_reply_plain_store_announce_request(announce, source, data, length, reply, reply_max_length, to_auth, + (uint16_t)to_auth_length); + + default: + return -1; + } +} + +non_null(1, 2, 5, 7) nullable(3) +static int create_reply(Announcements *announce, const IP_Port *source, + const uint8_t *sendback, uint16_t sendback_length, + const uint8_t *data, uint16_t length, + uint8_t *reply, uint16_t reply_max_length) +{ + const int plain_len = (int)length - (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE); + + if (plain_len < sizeof(uint64_t)) { + return -1; + } + + VLA(uint8_t, plain, plain_len); + uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; + + dht_get_shared_key_recv(announce->dht, shared_key, data + 1); + + if (decrypt_data_symmetric(shared_key, + data + 1 + CRYPTO_PUBLIC_KEY_SIZE, + data + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, + plain_len + CRYPTO_MAC_SIZE, + plain) != plain_len) { + return -1; + } + + const int plain_reply_max_len = (int)reply_max_length - + (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE); + + if (plain_reply_max_len < sizeof(uint64_t)) { + return -1; + } + + VLA(uint8_t, plain_reply, plain_reply_max_len); + + const int plain_reply_noping_len = create_reply_plain(announce, + data + 1, source, data[0], + sendback, sendback_length, + plain, plain_len - sizeof(uint64_t), + plain_reply, plain_reply_max_len - sizeof(uint64_t)); + + if (plain_reply_noping_len == -1) { + return -1; + } + + memcpy(plain_reply + plain_reply_noping_len, + plain + (plain_len - sizeof(uint64_t)), sizeof(uint64_t)); + + const uint16_t plain_reply_len = plain_reply_noping_len + sizeof(uint64_t); + + const uint8_t response_type = response_of_request_type(data[0]); + + return dht_create_packet(announce->rng, announce->public_key, shared_key, response_type, + plain_reply, plain_reply_len, reply, reply_max_length); +} + +non_null(1, 2, 3, 5) nullable(7) +static void forwarded_request_callback(void *object, const IP_Port *forwarder, + const uint8_t *sendback, uint16_t sendback_length, + const uint8_t *data, uint16_t length, void *userdata) +{ + Announcements *announce = (Announcements *) object; + + uint8_t reply[MAX_FORWARD_DATA_SIZE]; + + const int len = create_reply(announce, forwarder, + sendback, sendback_length, + data, length, reply, sizeof(reply)); + + if (len == -1) { + return; + } + + forward_reply(announce->net, forwarder, sendback, sendback_length, reply, len); +} + +non_null(1, 2, 3) nullable(5) +static int handle_dht_announce_request(void *object, const IP_Port *source, + const uint8_t *data, uint16_t length, void *userdata) +{ + Announcements *announce = (Announcements *) object; + + uint8_t reply[MAX_FORWARD_DATA_SIZE]; + + const int len = create_reply(announce, source, + nullptr, 0, + data, length, reply, sizeof(reply)); + + if (len == -1) { + return -1; + } + + return sendpacket(announce->net, source, reply, len) == len ? 0 : -1; +} + +Announcements *new_announcements(const Logger *log, const Random *rng, const Mono_Time *mono_time, + Forwarding *forwarding) +{ + if (log == nullptr || mono_time == nullptr || forwarding == nullptr) { + return nullptr; + } + + Announcements *announce = (Announcements *)calloc(1, sizeof(Announcements)); + + if (announce == nullptr) { + return nullptr; + } + + announce->log = log; + announce->rng = rng; + announce->forwarding = forwarding; + announce->mono_time = mono_time; + announce->dht = forwarding_get_dht(forwarding); + announce->net = dht_get_net(announce->dht); + announce->public_key = dht_get_self_public_key(announce->dht); + announce->secret_key = dht_get_self_secret_key(announce->dht); + new_hmac_key(announce->rng, announce->hmac_key); + + announce->start_time = mono_time_get(announce->mono_time); + + set_callback_forwarded_request(forwarding, forwarded_request_callback, announce); + + networking_registerhandler(announce->net, NET_PACKET_DATA_SEARCH_REQUEST, handle_dht_announce_request, announce); + networking_registerhandler(announce->net, NET_PACKET_DATA_RETRIEVE_REQUEST, handle_dht_announce_request, announce); + networking_registerhandler(announce->net, NET_PACKET_STORE_ANNOUNCE_REQUEST, handle_dht_announce_request, announce); + + return announce; +} + +void kill_announcements(Announcements *announce) +{ + if (announce == nullptr) { + return; + } + + set_callback_forwarded_request(announce->forwarding, nullptr, nullptr); + + networking_registerhandler(announce->net, NET_PACKET_DATA_SEARCH_REQUEST, nullptr, nullptr); + networking_registerhandler(announce->net, NET_PACKET_DATA_RETRIEVE_REQUEST, nullptr, nullptr); + networking_registerhandler(announce->net, NET_PACKET_STORE_ANNOUNCE_REQUEST, nullptr, nullptr); + + crypto_memzero(announce->hmac_key, CRYPTO_HMAC_KEY_SIZE); + crypto_memzero(&announce->shared_keys, sizeof(Shared_Keys)); + + for (uint32_t i = 0; i < ANNOUNCE_BUCKETS * ANNOUNCE_BUCKET_SIZE; ++i) { + if (announce->entries[i].data != nullptr) { + free(announce->entries[i].data); + } + } + + free(announce); +} diff --git a/toxcore/announce.h b/toxcore/announce.h new file mode 100644 index 0000000000..ee8b33cbe0 --- /dev/null +++ b/toxcore/announce.h @@ -0,0 +1,67 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later + * Copyright © 2020-2021 The TokTok team. + */ + +#ifndef C_TOXCORE_TOXCORE_ANNOUNCE_H +#define C_TOXCORE_TOXCORE_ANNOUNCE_H + +#include "forwarding.h" + +#define MAX_ANNOUNCEMENT_SIZE 512 + +typedef void on_retrieve_cb(void *object, const uint8_t *data, uint16_t length); + +uint8_t response_of_request_type(uint8_t request_type); + +typedef struct Announcements Announcements; + +non_null() +Announcements *new_announcements(const Logger *log, const Random *rng, const Mono_Time *mono_time, Forwarding *forwarding); + +/** + * @brief If data is stored, run `on_retrieve_callback` on it. + * + * @return true if data is stored, false otherwise. + */ +non_null(1, 2) nullable(3, 4) +bool on_stored(const Announcements *announce, const uint8_t *data_public_key, + on_retrieve_cb *on_retrieve_callback, void *object); + +non_null() +void set_synch_offset(Announcements *announce, int32_t synch_offset); + +nullable(1) +void kill_announcements(Announcements *announce); + + +/* The declarations below are not public, they are exposed only for tests. */ + +/** @private + * Return xor of first ANNOUNCE_BUCKET_PREFIX_LENGTH bits from one bit after + * base and pk first differ + */ +non_null() +uint16_t get_bucketnum(const uint8_t *base, const uint8_t *pk); + +/** @private */ +non_null(1, 2) nullable(3) +bool store_data(Announcements *announce, const uint8_t *data_public_key, + const uint8_t *data, uint32_t length, uint32_t timeout); + +/** @private */ +#define MAX_MAX_ANNOUNCEMENT_TIMEOUT 900 +#define MIN_MAX_ANNOUNCEMENT_TIMEOUT 10 +#define MAX_ANNOUNCEMENT_TIMEOUT_UPTIME_RATIO 4 + +/** @private + * For efficient lookup and updating, entries are stored as a hash table keyed + * to the first ANNOUNCE_BUCKET_PREFIX_LENGTH bits starting from one bit after + * the first bit in which data public key first differs from the dht key, with + * (2-adically) closest keys preferentially stored within a given bucket. A + * given key appears at most once (even if timed out). + */ +#define ANNOUNCE_BUCKET_SIZE 8 +#define ANNOUNCE_BUCKET_PREFIX_LENGTH 5 +#define ANNOUNCE_BUCKETS 32 // ANNOUNCE_BUCKETS = 2 ** ANNOUNCE_BUCKET_PREFIX_LENGTH + +#endif diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c index b0bca7b4a0..5b360bdc45 100644 --- a/toxcore/crypto_core.c +++ b/toxcore/crypto_core.c @@ -178,6 +178,11 @@ bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2) #endif } +bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2) +{ + return crypto_verify_32(cksum1, cksum2) == 0; +} + uint8_t random_u08(const Random *rng) { uint8_t randnum; @@ -464,7 +469,7 @@ void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_K bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data, size_t length) { - return (crypto_auth_verify(auth, data, length, key) == 0); + return crypto_auth_verify(auth, data, length, key) == 0; } void crypto_sha512(uint8_t *hash, const uint8_t *data, size_t length) diff --git a/toxcore/crypto_core.h b/toxcore/crypto_core.h index 1b984cb6ab..e372e21d9a 100644 --- a/toxcore/crypto_core.h +++ b/toxcore/crypto_core.h @@ -193,6 +193,15 @@ bool public_key_eq(const uint8_t pk1[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t pk2[ non_null() bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2); +/** + * @brief Compare 2 SHA256 checksums of length CRYPTO_SHA256_SIZE, not vulnerable to + * timing attacks. + * + * @return true if both mem locations of length are equal, false if they are not. + */ +non_null() +bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2); + /** * @brief Return a random 8 bit integer. */ diff --git a/toxcore/crypto_core_test.cc b/toxcore/crypto_core_test.cc index 9d4aac41ce..4f2a9f3085 100644 --- a/toxcore/crypto_core_test.cc +++ b/toxcore/crypto_core_test.cc @@ -10,6 +10,8 @@ namespace { +using HmacKey = std::array; +using Hmac = std::array; using ExtPublicKey = std::array; using ExtSecretKey = std::array; using Signature = std::array; @@ -62,12 +64,33 @@ TEST(CryptoCore, Signatures) // Try a few different sizes, including empty 0 length message. for (uint8_t i = 0; i < 100; ++i) { - message.push_back(random_u08(rng)); Signature signature; EXPECT_TRUE(crypto_signature_create( signature.data(), message.data(), message.size(), get_sig_sk(sk.data()))); EXPECT_TRUE(crypto_signature_verify( signature.data(), message.data(), message.size(), get_sig_pk(pk.data()))); + + message.push_back(random_u08(rng)); + } +} + +TEST(CryptoCore, Hmac) +{ + const Random *rng = system_random(); + ASSERT_NE(rng, nullptr); + + HmacKey sk; + new_hmac_key(rng, sk.data()); + + std::vector message; + + // Try a few different sizes, including empty 0 length message. + for (uint8_t i = 0; i < 100; ++i) { + Hmac auth; + crypto_hmac(auth.data(), sk.data(), message.data(), message.size()); + EXPECT_TRUE(crypto_hmac_verify(auth.data(), sk.data(), message.data(), message.size())); + + message.push_back(random_u08(rng)); } } diff --git a/toxcore/forwarding.c b/toxcore/forwarding.c new file mode 100644 index 0000000000..5e885abd21 --- /dev/null +++ b/toxcore/forwarding.c @@ -0,0 +1,395 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later + * Copyright © 2019-2022 The TokTok team. + */ + +#include "forwarding.h" + +#include +#include +#include + +#include "DHT.h" +#include "ccompat.h" +#include "timed_auth.h" + +struct Forwarding { + const Logger *log; + const Random *rng; + DHT *dht; + const Mono_Time *mono_time; + Networking_Core *net; + + uint8_t hmac_key[CRYPTO_HMAC_KEY_SIZE]; + + forward_reply_cb *forward_reply_callback; + void *forward_reply_callback_object; + + forwarded_request_cb *forwarded_request_callback; + void *forwarded_request_callback_object; + + forwarded_response_cb *forwarded_response_callback; + void *forwarded_response_callback_object; +}; + +DHT *forwarding_get_dht(Forwarding *forwarding) +{ + return forwarding->dht; +} + +#define SENDBACK_TIMEOUT 3600 + +bool send_forward_request(Networking_Core *net, const IP_Port *forwarder, + const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length) +{ + if (chain_length == 0 || chain_length > MAX_FORWARD_CHAIN_LENGTH + || data_length > MAX_FORWARD_DATA_SIZE) { + return false; + } + + const uint16_t len = forward_chain_packet_size(chain_length, data_length); + VLA(uint8_t, packet, len); + + return create_forward_chain_packet(chain_keys, chain_length, data, data_length, packet) + && sendpacket(net, forwarder, packet, len) == len; +} + +uint16_t forward_chain_packet_size(uint16_t chain_length, uint16_t data_length) +{ + return chain_length * (1 + CRYPTO_PUBLIC_KEY_SIZE) + data_length; +} + +bool create_forward_chain_packet(const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length, + uint8_t *packet) +{ + if (chain_length == 0 || chain_length > MAX_FORWARD_CHAIN_LENGTH + || data_length > MAX_FORWARD_DATA_SIZE) { + return false; + } + + uint16_t offset = 0; + + for (uint16_t j = 0; j < chain_length; ++j) { + packet[offset] = NET_PACKET_FORWARD_REQUEST; + ++offset; + memcpy(packet + offset, chain_keys + j * CRYPTO_PUBLIC_KEY_SIZE, CRYPTO_PUBLIC_KEY_SIZE); + offset += CRYPTO_PUBLIC_KEY_SIZE; + } + + memcpy(packet + offset, data, data_length); + return true; +} + +non_null() +static uint16_t forwarding_packet_length(uint16_t sendback_data_len, uint16_t data_length) +{ + const uint16_t sendback_len = sendback_data_len == 0 ? 0 : TIMED_AUTH_SIZE + sendback_data_len; + return 1 + 1 + sendback_len + data_length; +} + +non_null(1, 4, 6) nullable(2) +static bool create_forwarding_packet(const Forwarding *forwarding, + const uint8_t *sendback_data, uint16_t sendback_data_len, + const uint8_t *data, uint16_t length, + uint8_t *packet) +{ + packet[0] = NET_PACKET_FORWARDING; + + if (sendback_data_len == 0) { + packet[1] = 0; + memcpy(packet + 1 + 1, data, length); + } else { + const uint16_t sendback_len = TIMED_AUTH_SIZE + sendback_data_len; + + if (sendback_len > MAX_SENDBACK_SIZE) { + return false; + } + + packet[1] = sendback_len; + generate_timed_auth(forwarding->mono_time, SENDBACK_TIMEOUT, forwarding->hmac_key, sendback_data, + sendback_data_len, packet + 1 + 1); + + if (sendback_data_len != 0) { + assert(sendback_data != nullptr); + memcpy(packet + 1 + 1 + TIMED_AUTH_SIZE, sendback_data, sendback_data_len); + } + + memcpy(packet + 1 + 1 + sendback_len, data, length); + } + + return true; +} + +bool send_forwarding(const Forwarding *forwarding, const IP_Port *dest, + const uint8_t *sendback_data, uint16_t sendback_data_len, + const uint8_t *data, uint16_t length) +{ + if (length > MAX_FORWARD_DATA_SIZE) { + return false; + } + + const uint16_t len = forwarding_packet_length(sendback_data_len, length); + VLA(uint8_t, packet, len); + create_forwarding_packet(forwarding, sendback_data, sendback_data_len, data, length, packet); + return sendpacket(forwarding->net, dest, packet, len) == len; +} + +#define FORWARD_REQUEST_MIN_PACKET_SIZE (1 + CRYPTO_PUBLIC_KEY_SIZE) + +non_null(1) nullable(2, 4) +static bool handle_forward_request_dht(const Forwarding *forwarding, + const uint8_t *sendback_data, uint16_t sendback_data_len, + const uint8_t *packet, uint16_t length) +{ + if (length < FORWARD_REQUEST_MIN_PACKET_SIZE) { + return false; + } + + const uint8_t *const public_key = packet + 1; + const uint8_t *const forward_data = packet + (1 + CRYPTO_PUBLIC_KEY_SIZE); + const uint16_t forward_data_len = length - (1 + CRYPTO_PUBLIC_KEY_SIZE); + + if (TIMED_AUTH_SIZE + sendback_data_len > MAX_SENDBACK_SIZE || + forward_data_len > MAX_FORWARD_DATA_SIZE) { + return false; + } + + const uint16_t len = forwarding_packet_length(sendback_data_len, forward_data_len); + VLA(uint8_t, forwarding_packet, len); + + create_forwarding_packet(forwarding, sendback_data, sendback_data_len, forward_data, forward_data_len, + forwarding_packet); + + return route_packet(forwarding->dht, public_key, forwarding_packet, len) == len; +} + +non_null(1, 2) nullable(3, 5) +static int handle_forward_request(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, + void *userdata) +{ + const Forwarding *forwarding = (const Forwarding *)object; + + uint8_t sendback_data[1 + MAX_PACKED_IPPORT_SIZE]; + sendback_data[0] = SENDBACK_IPPORT; + + const int ipport_length = pack_ip_port(forwarding->log, sendback_data + 1, MAX_PACKED_IPPORT_SIZE, source); + + if (ipport_length == -1) { + return 1; + } + + return handle_forward_request_dht(forwarding, sendback_data, 1 + ipport_length, packet, length) ? 0 : 1; +} + +#define MIN_NONEMPTY_SENDBACK_SIZE TIMED_AUTH_SIZE +#define FORWARD_REPLY_MIN_PACKET_SIZE (1 + 1 + MIN_NONEMPTY_SENDBACK_SIZE) + +non_null(1, 2) nullable(3, 5) +static int handle_forward_reply(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, + void *userdata) +{ + const Forwarding *forwarding = (const Forwarding *)object; + + if (length < FORWARD_REPLY_MIN_PACKET_SIZE) { + return 1; + } + + const uint8_t sendback_len = packet[1]; + const uint8_t *const sendback_auth = packet + 1 + 1; + const uint8_t *const sendback_data = sendback_auth + TIMED_AUTH_SIZE; + + if (sendback_len > MAX_SENDBACK_SIZE) { + /* value 0xff is reserved for possible future expansion */ + return 1; + } + + if (sendback_len < TIMED_AUTH_SIZE + 1) { + return 1; + } + + const uint16_t sendback_data_len = sendback_len - TIMED_AUTH_SIZE; + + if (length < 1 + 1 + sendback_len) { + return 1; + } + + const uint8_t *const to_forward = packet + (1 + 1 + sendback_len); + const uint16_t to_forward_len = length - (1 + 1 + sendback_len); + + if (!check_timed_auth(forwarding->mono_time, SENDBACK_TIMEOUT, forwarding->hmac_key, sendback_data, sendback_data_len, + sendback_auth)) { + return 1; + } + + if (sendback_data[0] == SENDBACK_IPPORT) { + IP_Port dest; + + if (unpack_ip_port(&dest, sendback_data + 1, sendback_data_len - 1, false) + != sendback_data_len - 1) { + return 1; + } + + return send_forwarding(forwarding, &dest, nullptr, 0, to_forward, to_forward_len) ? 0 : 1; + } + + if (sendback_data[0] == SENDBACK_FORWARD) { + IP_Port forwarder; + const int ipport_length = unpack_ip_port(&forwarder, sendback_data + 1, sendback_data_len - 1, false); + + if (ipport_length == -1) { + return 1; + } + + const uint8_t *const forward_sendback = sendback_data + (1 + ipport_length); + const uint16_t forward_sendback_len = sendback_data_len - (1 + ipport_length); + + return forward_reply(forwarding->net, &forwarder, forward_sendback, forward_sendback_len, to_forward, + to_forward_len) ? 0 : 1; + } + + if (forwarding->forward_reply_callback == nullptr) { + return 1; + } + + return forwarding->forward_reply_callback(forwarding->forward_reply_callback_object, + sendback_data, sendback_data_len, + to_forward, to_forward_len) ? 0 : 1; +} + +#define FORWARDING_MIN_PACKET_SIZE (1 + 1) + +non_null(1, 2) nullable(3, 5) +static int handle_forwarding(void *object, const IP_Port *source, const uint8_t *packet, uint16_t length, + void *userdata) +{ + const Forwarding *forwarding = (const Forwarding *)object; + + if (length < FORWARDING_MIN_PACKET_SIZE) { + return 1; + } + + const uint8_t sendback_len = packet[1]; + + if (length < 1 + 1 + sendback_len) { + return 1; + } + + const uint8_t *const sendback = packet + 1 + 1; + + const uint8_t *const forwarded = sendback + sendback_len; + const uint16_t forwarded_len = length - (1 + 1 + sendback_len); + + if (forwarded_len >= 1 && forwarded[0] == NET_PACKET_FORWARD_REQUEST) { + VLA(uint8_t, sendback_data, 1 + MAX_PACKED_IPPORT_SIZE + sendback_len); + sendback_data[0] = SENDBACK_FORWARD; + + const int ipport_length = pack_ip_port(forwarding->log, sendback_data + 1, MAX_PACKED_IPPORT_SIZE, source); + + if (ipport_length == -1) { + return 1; + } + + memcpy(sendback_data + 1 + ipport_length, sendback, sendback_len); + + return handle_forward_request_dht(forwarding, sendback_data, 1 + ipport_length + sendback_len, forwarded, + forwarded_len) ? 0 : 1; + } + + if (sendback_len > 0) { + if (forwarding->forwarded_request_callback == nullptr) { + return 1; + } + + forwarding->forwarded_request_callback(forwarding->forwarded_request_callback_object, + source, sendback, sendback_len, + forwarded, forwarded_len, userdata); + return 0; + } else { + if (forwarding->forwarded_response_callback == nullptr) { + return 1; + } + + forwarding->forwarded_response_callback(forwarding->forwarded_response_callback_object, + forwarded, forwarded_len, userdata); + return 0; + } +} + +bool forward_reply(Networking_Core *net, const IP_Port *forwarder, + const uint8_t *sendback, uint16_t sendback_length, + const uint8_t *data, uint16_t length) +{ + if (sendback_length > MAX_SENDBACK_SIZE || + length > MAX_FORWARD_DATA_SIZE) { + return false; + } + + const uint16_t len = 1 + 1 + sendback_length + length; + VLA(uint8_t, packet, len); + packet[0] = NET_PACKET_FORWARD_REPLY; + packet[1] = (uint8_t) sendback_length; + memcpy(packet + 1 + 1, sendback, sendback_length); + memcpy(packet + 1 + 1 + sendback_length, data, length); + return sendpacket(net, forwarder, packet, len) == len; +} + +void set_callback_forwarded_request(Forwarding *forwarding, forwarded_request_cb *function, void *object) +{ + forwarding->forwarded_request_callback = function; + forwarding->forwarded_request_callback_object = object; +} + +void set_callback_forwarded_response(Forwarding *forwarding, forwarded_response_cb *function, void *object) +{ + forwarding->forwarded_response_callback = function; + forwarding->forwarded_response_callback_object = object; +} + +void set_callback_forward_reply(Forwarding *forwarding, forward_reply_cb *function, void *object) +{ + forwarding->forward_reply_callback = function; + forwarding->forward_reply_callback_object = object; +} + +Forwarding *new_forwarding(const Logger *log, const Random *rng, const Mono_Time *mono_time, DHT *dht) +{ + if (log == nullptr || mono_time == nullptr || dht == nullptr) { + return nullptr; + } + + Forwarding *forwarding = (Forwarding *)calloc(1, sizeof(Forwarding)); + + if (forwarding == nullptr) { + return nullptr; + } + + forwarding->log = log; + forwarding->rng = rng; + forwarding->mono_time = mono_time; + forwarding->dht = dht; + forwarding->net = dht_get_net(dht); + + networking_registerhandler(forwarding->net, NET_PACKET_FORWARD_REQUEST, &handle_forward_request, forwarding); + networking_registerhandler(forwarding->net, NET_PACKET_FORWARD_REPLY, &handle_forward_reply, forwarding); + networking_registerhandler(forwarding->net, NET_PACKET_FORWARDING, &handle_forwarding, forwarding); + + new_hmac_key(forwarding->rng, forwarding->hmac_key); + + return forwarding; +} + +void kill_forwarding(Forwarding *forwarding) +{ + if (forwarding == nullptr) { + return; + } + + networking_registerhandler(forwarding->net, NET_PACKET_FORWARD_REQUEST, nullptr, nullptr); + networking_registerhandler(forwarding->net, NET_PACKET_FORWARD_REPLY, nullptr, nullptr); + networking_registerhandler(forwarding->net, NET_PACKET_FORWARDING, nullptr, nullptr); + + crypto_memzero(forwarding->hmac_key, CRYPTO_HMAC_KEY_SIZE); + + free(forwarding); +} diff --git a/toxcore/forwarding.h b/toxcore/forwarding.h new file mode 100644 index 0000000000..36ce8ad894 --- /dev/null +++ b/toxcore/forwarding.h @@ -0,0 +1,125 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later + * Copyright © 2019-2022 The TokTok team. + */ + +#ifndef C_TOXCORE_TOXCORE_FORWARDING_H +#define C_TOXCORE_TOXCORE_FORWARDING_H + +#include "DHT.h" +#include "network.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define SENDBACK_IPPORT 0 +#define SENDBACK_FORWARD 1 +#define SENDBACK_TCP 2 + +#define MAX_SENDBACK_SIZE (0xff - 1) +#define MAX_FORWARD_DATA_SIZE (MAX_UDP_PACKET_SIZE - (1 + 1 + MAX_SENDBACK_SIZE)) + +#define MAX_FORWARD_CHAIN_LENGTH 4 + +#define MAX_PACKED_IPPORT_SIZE (1 + SIZE_IP6 + sizeof(uint16_t)) + +typedef struct Forwarding Forwarding; + +non_null() +DHT *forwarding_get_dht(Forwarding *forwarding); + +/** + * @brief Send data to forwarder for forwarding via chain of dht nodes. + * Destination is last key in the chain. + * + * @param data Must be of length at most MAX_FORWARD_DATA_SIZE. + * @param chain_length Number of intermediate nodes in chain. + * Must be at least 1 and at most MAX_FORWARD_CHAIN_LENGTH. + * @param chain_keys Public keys of chain nodes. Must be of length + * `chain_length * CRYPTO_PUBLIC_KEY_SIZE`. + * + * @return true on success, false otherwise. + */ +non_null() +bool send_forward_request(Networking_Core *net, const IP_Port *forwarder, + const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length); + +/** Returns size of packet written by create_forward_chain_packet. */ +uint16_t forward_chain_packet_size(uint16_t chain_length, uint16_t data_length); + +/** + * @brief Create forward request packet for forwarding data via chain of dht nodes. + * Destination is last key in the chain. + * + * @param data Must be of length at most MAX_FORWARD_DATA_SIZE. + * @param chain_length Number of intermediate nodes in chain. + * Must be at least 1 and at most MAX_FORWARD_CHAIN_LENGTH. + * @param chain_keys Public keys of chain nodes. Must be of length + * `chain_length * CRYPTO_PUBLIC_KEY_SIZE`. + * @param packet Must be of size at least + * `forward_chain_packet_size(chain_length, data_length)` bytes. + * + * @return true on success, false otherwise. + */ +non_null() +bool create_forward_chain_packet(const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length, + uint8_t *packet); + +/** + * @brief Send reply to forwarded packet via forwarder. + * @param sendback Must be of size at most MAX_SENDBACK_SIZE. + * @param data Must be of size at most MAX_FORWARD_DATA_SIZE. + * + * @return true on success, false otherwise. + */ +non_null() +bool forward_reply(Networking_Core *net, const IP_Port *forwarder, + const uint8_t *sendback, uint16_t sendback_length, + const uint8_t *data, uint16_t length); + + +/** + * @brief Set callback to handle a forwarded request. + * To reply to the packet, callback should use `forward_reply()` to send a reply + * forwarded via forwarder, passing the provided sendback. + */ +typedef void forwarded_request_cb(void *object, const IP_Port *forwarder, const uint8_t *sendback, + uint16_t sendback_length, const uint8_t *data, + uint16_t length, void *userdata); +non_null(1) nullable(2, 3) +void set_callback_forwarded_request(Forwarding *forwarding, forwarded_request_cb *function, void *object); + +/** @brief Set callback to handle a forwarded response. */ +typedef void forwarded_response_cb(void *object, const uint8_t *data, uint16_t length, void *userdata); +non_null(1) nullable(2, 3) +void set_callback_forwarded_response(Forwarding *forwarding, forwarded_response_cb *function, void *object); + +/** @brief Send forwarding packet to dest with given sendback data and data. */ +non_null(1, 2, 5) nullable(3) +bool send_forwarding(const Forwarding *forwarding, const IP_Port *dest, + const uint8_t *sendback_data, uint16_t sendback_data_len, + const uint8_t *data, uint16_t length); + +typedef bool forward_reply_cb(void *object, const uint8_t *sendback_data, uint16_t sendback_data_len, + const uint8_t *data, uint16_t length); + +/** + * @brief Set callback to handle a forward reply with an otherwise unhandled + * sendback. + */ +non_null(1) nullable(2, 3) +void set_callback_forward_reply(Forwarding *forwarding, forward_reply_cb *function, void *object); + +non_null() +Forwarding *new_forwarding(const Logger *log, const Random *rng, const Mono_Time *mono_time, DHT *dht); + +nullable(1) +void kill_forwarding(Forwarding *forwarding); + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif diff --git a/toxcore/forwarding_fuzz_test.cc b/toxcore/forwarding_fuzz_test.cc new file mode 100644 index 0000000000..2abd245dd4 --- /dev/null +++ b/toxcore/forwarding_fuzz_test.cc @@ -0,0 +1,50 @@ +#include "forwarding.h" + +#include +#include + +#include "../testing/fuzzing/fuzz_support.h" +#include "../testing/fuzzing/fuzz_tox.h" + +namespace { + +void TestSendForwardRequest(Fuzz_Data &input) +{ + const Network *ns = system_network(); // TODO(iphydf): fuzz_network + assert(ns != nullptr); + + with{} >> with{input, ns} >> [&input](Ptr net) { + with{input} >> [net = std::move(net), &input](const IP_Port &forwarder) { + CONSUME1_OR_RETURN(const uint16_t chain_length, input); + const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE; + CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size); + + send_forward_request( + net.get(), &forwarder, chain_keys, chain_length, input.data, input.size); + }; + }; +} + +void TestForwardReply(Fuzz_Data &input) +{ + const Network *ns = system_network(); // TODO(iphydf): fuzz_network + assert(ns != nullptr); + + with{} >> with{input, ns} >> [&input](Ptr net) { + with{input} >> [net = std::move(net), &input](const IP_Port &forwarder) { + CONSUME1_OR_RETURN(const uint16_t sendback_length, input); + CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length); + + forward_reply(net.get(), &forwarder, sendback, sendback_length, input.data, input.size); + }; + }; +} + +} // namespace + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + fuzz_select_target(data, size, TestSendForwardRequest, TestForwardReply); + return 0; +} diff --git a/toxcore/net_crypto.c b/toxcore/net_crypto.c index aba4d6526d..c34a45734c 100644 --- a/toxcore/net_crypto.c +++ b/toxcore/net_crypto.c @@ -2331,6 +2331,20 @@ int get_random_tcp_con_number(Net_Crypto *c) return ret; } +/** @brief Put IP_Port of a random onion TCP connection in ip_port. + * + * return true on success. + * return false on failure. + */ +bool get_random_tcp_conn_ip_port(Net_Crypto *c, IP_Port *ip_port) +{ + pthread_mutex_lock(&c->tcp_mutex); + const bool ret = tcp_get_random_conn_ip_port(c->tcp_c, ip_port); + pthread_mutex_unlock(&c->tcp_mutex); + + return ret; +} + /** @brief Send an onion packet via the TCP relay corresponding to tcp_connections_number. * * return 0 on success. @@ -2345,6 +2359,26 @@ int send_tcp_onion_request(Net_Crypto *c, unsigned int tcp_connections_number, c return ret; } +/** + * Send a forward request to the TCP relay with IP_Port tcp_forwarder, + * requesting to forward data via a chain of dht nodes starting with dht_node. + * A chain_length of 0 means that dht_node is the final destination of data. + * + * return 0 on success. + * return -1 on failure. + */ +int send_tcp_forward_request(const Logger *logger, Net_Crypto *c, const IP_Port *tcp_forwarder, const IP_Port *dht_node, + const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length) +{ + pthread_mutex_lock(&c->tcp_mutex); + const int ret = tcp_send_forward_request(logger, c->tcp_c, tcp_forwarder, dht_node, + chain_keys, chain_length, data, data_length); + pthread_mutex_unlock(&c->tcp_mutex); + + return ret; +} + /** @brief Copy a maximum of num random TCP relays we are connected to to tcp_relays. * * NOTE that the family of the copied ip ports will be set to TCP_INET or TCP_INET6. diff --git a/toxcore/net_crypto.h b/toxcore/net_crypto.h index c528a208e8..f6e062f3be 100644 --- a/toxcore/net_crypto.h +++ b/toxcore/net_crypto.h @@ -306,6 +306,14 @@ int add_tcp_relay(Net_Crypto *c, const IP_Port *ip_port, const uint8_t *public_k non_null() int get_random_tcp_con_number(Net_Crypto *c); +/** @brief Put IP_Port of a random onion TCP connection in ip_port. + * + * return true on success. + * return false on failure. + */ +non_null() +bool get_random_tcp_conn_ip_port(Net_Crypto *c, IP_Port *ip_port); + /** @brief Send an onion packet via the TCP relay corresponding to tcp_connections_number. * * return 0 on success. @@ -315,6 +323,19 @@ non_null() int send_tcp_onion_request(Net_Crypto *c, unsigned int tcp_connections_number, const uint8_t *data, uint16_t length); +/** + * Send a forward request to the TCP relay with IP_Port tcp_forwarder, + * requesting to forward data via a chain of dht nodes starting with dht_node. + * A chain_length of 0 means that dht_node is the final destination of data. + * + * return 0 on success. + * return -1 on failure. + */ +non_null() +int send_tcp_forward_request(const Logger *logger, Net_Crypto *c, const IP_Port *tcp_forwarder, const IP_Port *dht_node, + const uint8_t *chain_keys, uint16_t chain_length, + const uint8_t *data, uint16_t data_length); + /** @brief Copy a maximum of num random TCP relays we are connected to to tcp_relays. * * NOTE that the family of the copied ip ports will be set to TCP_INET or TCP_INET6. diff --git a/toxcore/network.h b/toxcore/network.h index 28d2159491..5c3149711c 100644 --- a/toxcore/network.h +++ b/toxcore/network.h @@ -170,6 +170,17 @@ typedef enum Net_Packet_Type { NET_PACKET_ONION_RECV_2 = 0x8d, NET_PACKET_ONION_RECV_1 = 0x8e, + NET_PACKET_FORWARD_REQUEST = 0x90, + NET_PACKET_FORWARDING = 0x91, + NET_PACKET_FORWARD_REPLY = 0x92, + + NET_PACKET_DATA_SEARCH_REQUEST = 0x93, + NET_PACKET_DATA_SEARCH_RESPONSE = 0x94, + NET_PACKET_DATA_RETRIEVE_REQUEST = 0x95, + NET_PACKET_DATA_RETRIEVE_RESPONSE = 0x96, + NET_PACKET_STORE_ANNOUNCE_REQUEST = 0x97, + NET_PACKET_STORE_ANNOUNCE_RESPONSE = 0x98, + BOOTSTRAP_INFO_PACKET_ID = 0xf0, /* Only used for bootstrap nodes */ NET_PACKET_MAX = 0xff, /* This type must remain within a single uint8. */ diff --git a/toxcore/onion_announce.c b/toxcore/onion_announce.c index 7d97517c7b..ac983c05e4 100644 --- a/toxcore/onion_announce.c +++ b/toxcore/onion_announce.c @@ -465,7 +465,7 @@ static int handle_announce_request_common( /* Respond with a announce response packet */ Node_format nodes_list[MAX_SENT_NODES]; const unsigned int num_nodes = - get_close_nodes(onion_a->dht, plain + ONION_PING_ID_SIZE, nodes_list, net_family_unspec, ip_is_lan(&source->ip)); + get_close_nodes(onion_a->dht, plain + ONION_PING_ID_SIZE, nodes_list, net_family_unspec, ip_is_lan(&source->ip), false); assert(num_nodes <= UINT8_MAX); diff --git a/toxcore/ping_array.h b/toxcore/ping_array.h index 8707709c4d..fda84cb110 100644 --- a/toxcore/ping_array.h +++ b/toxcore/ping_array.h @@ -27,7 +27,7 @@ typedef struct Ping_Array Ping_Array; * @param size represents the total size of the array and should be a power of 2. * @param timeout represents the maximum timeout in seconds for the entry. * - * @return 0 on success, -1 on failure. + * @return pointer to allocated Ping_Array on success, nullptr on failure. */ struct Ping_Array *ping_array_new(uint32_t size, uint32_t timeout); diff --git a/toxcore/timed_auth.c b/toxcore/timed_auth.c index afe283aca5..ebd5100286 100644 --- a/toxcore/timed_auth.c +++ b/toxcore/timed_auth.c @@ -7,12 +7,16 @@ #include "ccompat.h" +non_null(1,6) nullable(4) static void create_timed_auth_to_hash(const Mono_Time *mono_time, uint16_t timeout, bool previous, const uint8_t *data, uint16_t length, uint8_t *to_hash) { - const uint64_t t = (mono_time_get(mono_time) / timeout) - previous; + const uint64_t t = (mono_time_get(mono_time) / timeout) - (previous ? 1 : 0); memcpy(to_hash, &t, sizeof(t)); - memcpy(to_hash + sizeof(t), data, length); + + if (data != nullptr) { + memcpy(to_hash + sizeof(t), data, length); + } } void generate_timed_auth(const Mono_Time *mono_time, uint16_t timeout, const uint8_t *key, @@ -29,7 +33,7 @@ bool check_timed_auth(const Mono_Time *mono_time, uint16_t timeout, const uint8_ VLA(uint8_t, to_hash, sizeof(uint64_t) + length); for (uint8_t i = 0; i < 2; ++i) { - create_timed_auth_to_hash(mono_time, timeout, i, data, length, to_hash); + create_timed_auth_to_hash(mono_time, timeout, i != 0, data, length, to_hash); if (crypto_hmac_verify(timed_auth, key, to_hash, SIZEOF_VLA(to_hash))) { return true; diff --git a/toxcore/timed_auth.h b/toxcore/timed_auth.h index f936f4d196..691b04d0df 100644 --- a/toxcore/timed_auth.h +++ b/toxcore/timed_auth.h @@ -9,16 +9,27 @@ #define TIMED_AUTH_SIZE CRYPTO_HMAC_SIZE -/* Put timed authentication code of data in timed_auth. */ +/** + * @brief Write timed authentication code of data to timed_auth. + * + * @param timed_auth Must be of size TIMED_AUTH_SIZE. + */ + +non_null(1, 3, 6) nullable(4) void generate_timed_auth(const Mono_Time *mono_time, uint16_t timeout, const uint8_t *key, const uint8_t *data, uint16_t length, uint8_t *timed_auth); -/* Check timed_auth. This succeeds if timed_auth was generated by - * generate_timed_auth at most timeout seconds ago, and fails if at least - * `2*timeout` seconds ago. +/** + * @brief Check timed_auth. This succeeds if `timed_auth` was generated by + * `generate_timed_auth` at most `timeout` seconds ago, and fails if at least + * `2*timeout` seconds ago. More precisely, it succeeds iff + * `current_time / timeout` is equal to or one more than + * `creation_time / timeout`. * - * return true on success, false otherwise. + * @param timed_auth Must be of size TIMED_AUTH_SIZE. + * @return true on success, false otherwise. */ -bool check_timed_auth(const Mono_Time *mono_time, uint16_t timeout, const uint8_t *key, const uint8_t *data, - uint16_t length, const uint8_t *timed_auth); +non_null(1, 3, 6) nullable(4) +bool check_timed_auth(const Mono_Time *mono_time, uint16_t timeout, const uint8_t *key, + const uint8_t *data, uint16_t length, const uint8_t *timed_auth); #endif diff --git a/toxcore/tox.c b/toxcore/tox.c index b0087d367a..6662cbfee3 100644 --- a/toxcore/tox.c +++ b/toxcore/tox.c @@ -486,6 +486,7 @@ Tox *tox_new(const struct Tox_Options *options, Tox_Err_New *error) m_options.tcp_server_port = tox_options_get_tcp_port(opts); m_options.hole_punching_enabled = tox_options_get_hole_punching_enabled(opts); m_options.local_discovery_enabled = tox_options_get_local_discovery_enabled(opts); + m_options.dht_announcements_enabled = tox_options_get_dht_announcements_enabled(opts); if (m_options.udp_disabled) { m_options.local_discovery_enabled = false; diff --git a/toxcore/tox.h b/toxcore/tox.h index c95133c07d..4cd0dea603 100644 --- a/toxcore/tox.h +++ b/toxcore/tox.h @@ -549,6 +549,13 @@ struct Tox_Options { bool local_discovery_enabled; + /** + * Enable storing DHT announcements and forwarding corresponding requests. + * + * Disabling this will cause Tox to ignore the relevant packets. + */ + bool dht_announcements_enabled; + /** * Pass communications through a proxy. */ @@ -681,6 +688,10 @@ bool tox_options_get_local_discovery_enabled(const struct Tox_Options *options); void tox_options_set_local_discovery_enabled(struct Tox_Options *options, bool local_discovery_enabled); +bool tox_options_get_dht_announcements_enabled(const struct Tox_Options *options); + +void tox_options_set_dht_announcements_enabled(struct Tox_Options *options, bool dht_announcements_enabled); + Tox_Proxy_Type tox_options_get_proxy_type(const struct Tox_Options *options); void tox_options_set_proxy_type(struct Tox_Options *options, Tox_Proxy_Type type); diff --git a/toxcore/tox_api.c b/toxcore/tox_api.c index b3e4f1200c..c74b4f6adb 100644 --- a/toxcore/tox_api.c +++ b/toxcore/tox_api.c @@ -124,6 +124,7 @@ ACCESSORS(size_t, savedata_, length) ACCESSORS(tox_log_cb *, log_, callback) ACCESSORS(void *, log_, user_data) ACCESSORS(bool,, local_discovery_enabled) +ACCESSORS(bool,, dht_announcements_enabled) ACCESSORS(bool,, experimental_thread_safety) //!TOKSTYLE+ @@ -149,6 +150,7 @@ void tox_options_default(struct Tox_Options *options) tox_options_set_proxy_type(options, TOX_PROXY_TYPE_NONE); tox_options_set_hole_punching_enabled(options, true); tox_options_set_local_discovery_enabled(options, true); + tox_options_set_dht_announcements_enabled(options, true); tox_options_set_experimental_thread_safety(options, false); } }