diff options
author | irungentoo <irungentoo@gmail.com> | 2013-10-27 20:13:20 -0400 |
---|---|---|
committer | irungentoo <irungentoo@gmail.com> | 2013-10-27 20:13:20 -0400 |
commit | f607d66f39146feac5938cacc3a9fd48420f0572 (patch) | |
tree | 98dad61340099bf877c70e70eec616cfe0ee6153 | |
parent | a6edd9dad6e299f7f5680ff6e846ec6c2213a3db (diff) |
Added some hardening functions to test get nodes.
-rw-r--r-- | toxcore/DHT.c | 109 |
1 files changed, 105 insertions, 4 deletions
diff --git a/toxcore/DHT.c b/toxcore/DHT.c index 661ac98a..60e8b88f 100644 --- a/toxcore/DHT.c +++ b/toxcore/DHT.c | |||
@@ -765,7 +765,8 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32 | |||
765 | { | 765 | { |
766 | DHT *dht = object; | 766 | DHT *dht = object; |
767 | 767 | ||
768 | if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES )) | 768 | if (length != ( 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + |
769 | crypto_box_MACBYTES )) | ||
769 | return 1; | 770 | return 1; |
770 | 771 | ||
771 | /* Check if packet is from ourself. */ | 772 | /* Check if packet is from ourself. */ |
@@ -785,7 +786,8 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32 | |||
785 | return 1; | 786 | return 1; |
786 | 787 | ||
787 | sendnodes(dht, source, packet + 1, plain, plain + CLIENT_ID_SIZE); | 788 | sendnodes(dht, source, packet + 1, plain, plain + CLIENT_ID_SIZE); |
788 | sendnodes_ipv6(dht, source, packet + 1, plain, plain + CLIENT_ID_SIZE); /* TODO: prevent possible amplification attacks */ | 789 | sendnodes_ipv6(dht, source, packet + 1, plain, |
790 | plain + CLIENT_ID_SIZE); /* TODO: prevent possible amplification attacks */ | ||
789 | 791 | ||
790 | add_toping(dht->ping, packet + 1, source); | 792 | add_toping(dht->ping, packet + 1, source); |
791 | //send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */ | 793 | //send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */ |
@@ -804,13 +806,17 @@ static uint8_t sent_getnode_to_node(DHT *dht, uint8_t *client_id, IP_Port node_i | |||
804 | NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_secretbox_NONCEBYTES, | 806 | NODES_ENCRYPTED_MESSAGE_LENGTH - crypto_secretbox_NONCEBYTES, |
805 | plain_message) != sizeof(uint64_t) + sizeof(Node_format) * 2) | 807 | plain_message) != sizeof(uint64_t) + sizeof(Node_format) * 2) |
806 | return 0; | 808 | return 0; |
809 | |||
807 | uint64_t comp_time; | 810 | uint64_t comp_time; |
808 | memcpy(&comp_time, plain_message, sizeof(uint64_t)); | 811 | memcpy(&comp_time, plain_message, sizeof(uint64_t)); |
809 | uint64_t temp_time = unix_time(); | 812 | uint64_t temp_time = unix_time(); |
813 | |||
810 | if (comp_time + PING_TIMEOUT < temp_time || temp_time < comp_time) | 814 | if (comp_time + PING_TIMEOUT < temp_time || temp_time < comp_time) |
811 | return 0; | 815 | return 0; |
816 | |||
812 | Node_format test; | 817 | Node_format test; |
813 | memcpy(&test, plain_message + sizeof(uint64_t), sizeof(Node_format)); | 818 | memcpy(&test, plain_message + sizeof(uint64_t), sizeof(Node_format)); |
819 | |||
814 | if (!ipport_equal(&test.ip_port, &node_ip_port) || memcmp(test.client_id, client_id, CLIENT_ID_SIZE) != 0) | 820 | if (!ipport_equal(&test.ip_port, &node_ip_port) || memcmp(test.client_id, client_id, CLIENT_ID_SIZE) != 0) |
815 | return 0; | 821 | return 0; |
816 | 822 | ||
@@ -818,6 +824,9 @@ static uint8_t sent_getnode_to_node(DHT *dht, uint8_t *client_id, IP_Port node_i | |||
818 | return 1; | 824 | return 1; |
819 | } | 825 | } |
820 | 826 | ||
827 | /* Function is needed in following functions. */ | ||
828 | static int send_hardening_getnode_res(DHT *dht, Node_format *sendto, Node_format *list, uint16_t num_nodes); | ||
829 | |||
821 | static int handle_sendnodes(void *object, IP_Port source, uint8_t *packet, uint32_t length) | 830 | static int handle_sendnodes(void *object, IP_Port source, uint8_t *packet, uint32_t length) |
822 | { | 831 | { |
823 | DHT *dht = object; | 832 | DHT *dht = object; |
@@ -845,6 +854,7 @@ static int handle_sendnodes(void *object, IP_Port source, uint8_t *packet, uint3 | |||
845 | return 1; | 854 | return 1; |
846 | 855 | ||
847 | Node_format sendback_node; | 856 | Node_format sendback_node; |
857 | |||
848 | if (!sent_getnode_to_node(dht, packet + 1, source, plain + num_nodes * Node4_format_size, &sendback_node)) | 858 | if (!sent_getnode_to_node(dht, packet + 1, source, plain + num_nodes * Node4_format_size, &sendback_node)) |
849 | return 1; | 859 | return 1; |
850 | 860 | ||
@@ -868,6 +878,7 @@ static int handle_sendnodes(void *object, IP_Port source, uint8_t *packet, uint3 | |||
868 | num_nodes = num_nodes_ok; | 878 | num_nodes = num_nodes_ok; |
869 | } | 879 | } |
870 | 880 | ||
881 | send_hardening_getnode_res(dht, &sendback_node, nodes_list, num_nodes); | ||
871 | addto_lists(dht, source, packet + 1); | 882 | addto_lists(dht, source, packet + 1); |
872 | 883 | ||
873 | for (i = 0; i < num_nodes; ++i) { | 884 | for (i = 0; i < num_nodes; ++i) { |
@@ -905,6 +916,7 @@ static int handle_sendnodes_ipv6(void *object, IP_Port source, uint8_t *packet, | |||
905 | return 1; | 916 | return 1; |
906 | 917 | ||
907 | Node_format sendback_node; | 918 | Node_format sendback_node; |
919 | |||
908 | if (!sent_getnode_to_node(dht, packet + 1, source, plain + num_nodes * Node_format_size, &sendback_node)) | 920 | if (!sent_getnode_to_node(dht, packet + 1, source, plain + num_nodes * Node_format_size, &sendback_node)) |
909 | return 1; | 921 | return 1; |
910 | 922 | ||
@@ -912,6 +924,7 @@ static int handle_sendnodes_ipv6(void *object, IP_Port source, uint8_t *packet, | |||
912 | Node_format nodes_list[MAX_SENT_NODES]; | 924 | Node_format nodes_list[MAX_SENT_NODES]; |
913 | memcpy(nodes_list, plain, num_nodes * sizeof(Node_format)); | 925 | memcpy(nodes_list, plain, num_nodes * sizeof(Node_format)); |
914 | 926 | ||
927 | send_hardening_getnode_res(dht, &sendback_node, nodes_list, num_nodes); | ||
915 | addto_lists(dht, source, packet + 1); | 928 | addto_lists(dht, source, packet + 1); |
916 | 929 | ||
917 | for (i = 0; i < num_nodes; ++i) { | 930 | for (i = 0; i < num_nodes; ++i) { |
@@ -1552,12 +1565,100 @@ static void do_NAT(DHT *dht) | |||
1552 | /*----------------------------------------------------------------------------------*/ | 1565 | /*----------------------------------------------------------------------------------*/ |
1553 | /*-----------------------END OF NAT PUNCHING FUNCTIONS------------------------------*/ | 1566 | /*-----------------------END OF NAT PUNCHING FUNCTIONS------------------------------*/ |
1554 | 1567 | ||
1568 | #define HARDREQ_DATA_SIZE 768 /* Attempt to prevent amplification/other attacks*/ | ||
1555 | 1569 | ||
1556 | /* Handle a received ping request for. */ | 1570 | #define CHECK_TYPE_GETNODE_REQ 0 |
1571 | #define CHECK_TYPE_GETNODE_RES 1 | ||
1572 | |||
1573 | static int send_hardening_req(DHT *dht, Node_format *sendto, uint8_t type, uint8_t *contents, uint16_t length) | ||
1574 | { | ||
1575 | if (length > HARDREQ_DATA_SIZE - 1) | ||
1576 | return -1; | ||
1577 | |||
1578 | uint8_t packet[MAX_DATA_SIZE]; | ||
1579 | uint8_t data[HARDREQ_DATA_SIZE] = {0}; | ||
1580 | data[0] = type; | ||
1581 | memcpy(data + 1, contents, length); | ||
1582 | int len = create_request(dht->c->self_public_key, dht->c->self_secret_key, packet, sendto->client_id, data, | ||
1583 | sizeof(data), CRYPTO_PACKET_HARDENING); | ||
1584 | |||
1585 | if (len == -1) | ||
1586 | return -1; | ||
1587 | |||
1588 | return sendpacket(dht->c->lossless_udp->net, sendto->ip_port, packet, len); | ||
1589 | } | ||
1590 | |||
1591 | /* Send a get node hardening request */ | ||
1592 | static int send_hardening_getnode_req(DHT *dht, Node_format *dest, Node_format *node_totest, uint8_t *search_id) | ||
1593 | { | ||
1594 | uint8_t data[sizeof(Node_format) + CLIENT_ID_SIZE]; | ||
1595 | memcpy(data, node_totest, sizeof(Node_format)); | ||
1596 | memcpy(data + sizeof(Node_format), search_id, CLIENT_ID_SIZE); | ||
1597 | return send_hardening_req(dht, dest, CHECK_TYPE_GETNODE_REQ, data, sizeof(Node_format) + CLIENT_ID_SIZE); | ||
1598 | } | ||
1599 | |||
1600 | /* Send a get node hardening response */ | ||
1601 | static int send_hardening_getnode_res(DHT *dht, Node_format *sendto, Node_format *list, uint16_t num_nodes) | ||
1602 | { | ||
1603 | if (!ip_isset(&sendto->ip_port.ip)) | ||
1604 | return -1; | ||
1605 | |||
1606 | uint8_t packet[MAX_DATA_SIZE]; | ||
1607 | uint8_t data[1 + num_nodes * sizeof(Node_format)]; | ||
1608 | data[0] = CHECK_TYPE_GETNODE_RES; | ||
1609 | memcpy(data + 1, list, num_nodes * sizeof(Node_format)); | ||
1610 | int len = create_request(dht->c->self_public_key, dht->c->self_secret_key, packet, sendto->client_id, data, | ||
1611 | sizeof(data), CRYPTO_PACKET_HARDENING); | ||
1612 | |||
1613 | if (len == -1) | ||
1614 | return -1; | ||
1615 | |||
1616 | return sendpacket(dht->c->lossless_udp->net, sendto->ip_port, packet, len); | ||
1617 | } | ||
1618 | |||
1619 | /* Handle a received hardening packet */ | ||
1557 | static int handle_hardening(void *object, IP_Port source, uint8_t *source_pubkey, uint8_t *packet, uint32_t length) | 1620 | static int handle_hardening(void *object, IP_Port source, uint8_t *source_pubkey, uint8_t *packet, uint32_t length) |
1558 | { | 1621 | { |
1559 | DHT *dht = object; | 1622 | DHT *dht = object; |
1560 | return 0;/* success*/ | 1623 | |
1624 | if (length < 2) { | ||
1625 | return 1; | ||
1626 | } | ||
1627 | |||
1628 | switch (packet[0]) { | ||
1629 | case CHECK_TYPE_GETNODE_REQ: { | ||
1630 | if (length != HARDREQ_DATA_SIZE) | ||
1631 | return 1; | ||
1632 | |||
1633 | Node_format node, tocheck_node; | ||
1634 | node.ip_port = source; | ||
1635 | memcpy(node.client_id, source_pubkey, CLIENT_ID_SIZE); | ||
1636 | memcpy(&tocheck_node, packet + 1, sizeof(Node_format)); | ||
1637 | |||
1638 | if (getnodes(dht, tocheck_node.ip_port, tocheck_node.client_id, packet + 1 + sizeof(Node_format), &node) == -1) | ||
1639 | return 1; | ||
1640 | |||
1641 | return 0; | ||
1642 | } | ||
1643 | |||
1644 | case CHECK_TYPE_GETNODE_RES: { | ||
1645 | if ((length - 1) % sizeof(Node_format) != 0) | ||
1646 | return 1; | ||
1647 | |||
1648 | uint16_t num = (length - 1) / sizeof(Node_format); | ||
1649 | |||
1650 | if (num > MAX_SENT_NODES || num == 0) | ||
1651 | return 1; | ||
1652 | |||
1653 | Node_format nodes[num]; | ||
1654 | memcpy(nodes, packet + 1, sizeof(Node_format)*num); | ||
1655 | /* If Nodes look good and the request checks out */ | ||
1656 | //TODO | ||
1657 | return 0;/* success*/ | ||
1658 | } | ||
1659 | } | ||
1660 | |||
1661 | return 1; | ||
1561 | } | 1662 | } |
1562 | 1663 | ||
1563 | /*----------------------------------------------------------------------------------*/ | 1664 | /*----------------------------------------------------------------------------------*/ |