/* DHT.c * * An implementation of the DHT as seen in docs/updates/DHT.md * * Copyright (C) 2013 Tox project All Rights Reserved. * * This file is part of Tox. * * Tox is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * Tox is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Tox. If not, see . * */ /*----------------------------------------------------------------------------------*/ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include "DHT.h" #include "LAN_discovery.h" #include "logger.h" #include "network.h" #include "ping.h" #include "util.h" #include /* The timeout after which a node is discarded completely. */ #define KILL_NODE_TIMEOUT (BAD_NODE_TIMEOUT + PING_INTERVAL) /* Ping interval in seconds for each random sending of a get nodes request. */ #define GET_NODE_INTERVAL 20 #define MAX_PUNCHING_PORTS 48 /* Interval in seconds between punching attempts*/ #define PUNCH_INTERVAL 3 #define MAX_NORMAL_PUNCHING_TRIES 5 #define NAT_PING_REQUEST 0 #define NAT_PING_RESPONSE 1 /* Number of get node requests to send to quickly find close nodes. */ #define MAX_BOOTSTRAP_TIMES 5 /* Compares pk1 and pk2 with pk. * * return 0 if both are same distance. * return 1 if pk1 is closer. * return 2 if pk2 is closer. */ int id_closest(const uint8_t *pk, const uint8_t *pk1, const uint8_t *pk2) { size_t i; uint8_t distance1, distance2; for (i = 0; i < CRYPTO_PUBLIC_KEY_SIZE; ++i) { distance1 = pk[i] ^ pk1[i]; distance2 = pk[i] ^ pk2[i]; if (distance1 < distance2) { return 1; } if (distance1 > distance2) { return 2; } } return 0; } /* Return index of first unequal bit number. */ static unsigned int bit_by_bit_cmp(const uint8_t *pk1, const uint8_t *pk2) { unsigned int i, j = 0; for (i = 0; i < CRYPTO_PUBLIC_KEY_SIZE; ++i) { if (pk1[i] == pk2[i]) { continue; } for (j = 0; j < 8; ++j) { if ((pk1[i] & (1 << (7 - j))) != (pk2[i] & (1 << (7 - j)))) { break; } } break; } return i * 8 + j; } /* Shared key generations are costly, it is therefor smart to store commonly used * ones so that they can re used later without being computed again. * * If shared key is already in shared_keys, copy it to shared_key. * else generate it into shared_key and copy it to shared_keys */ void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, const uint8_t *secret_key, const uint8_t *public_key) { uint32_t i, num = ~0, curr = 0; for (i = 0; i < MAX_KEYS_PER_SLOT; ++i) { int index = public_key[30] * MAX_KEYS_PER_SLOT + i; if (shared_keys->keys[index].stored) { if (public_key_cmp(public_key, shared_keys->keys[index].public_key) == 0) { memcpy(shared_key, shared_keys->keys[index].shared_key, CRYPTO_SHARED_KEY_SIZE); ++shared_keys->keys[index].times_requested; shared_keys->keys[index].time_last_requested = unix_time(); return; } if (num != 0) { if (is_timeout(shared_keys->keys[index].time_last_requested, KEYS_TIMEOUT)) { num = 0; curr = index; } else if (num > shared_keys->keys[index].times_requested) { num = shared_keys->keys[index].times_requested; curr = index; } } } else { if (num != 0) { num = 0; curr = index; } } } encrypt_precompute(public_key, secret_key, shared_key); if (num != (uint32_t)~0) { shared_keys->keys[curr].stored = 1; shared_keys->keys[curr].times_requested = 1; memcpy(shared_keys->keys[curr].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); memcpy(shared_keys->keys[curr].shared_key, shared_key, CRYPTO_SHARED_KEY_SIZE); shared_keys->keys[curr].time_last_requested = unix_time(); } } /* Copy shared_key to encrypt/decrypt DHT packet from public_key into shared_key * for packets that we receive. */ void DHT_get_shared_key_recv(DHT *dht, uint8_t *shared_key, const uint8_t *public_key) { get_shared_key(&dht->shared_keys_recv, shared_key, dht->self_secret_key, public_key); } /* Copy shared_key to encrypt/decrypt DHT packet from public_key into shared_key * for packets that we send. */ void DHT_get_shared_key_sent(DHT *dht, uint8_t *shared_key, const uint8_t *public_key) { get_shared_key(&dht->shared_keys_sent, shared_key, dht->self_secret_key, public_key); } /* Create a request to peer. * send_public_key and send_secret_key are the pub/secret keys of the sender. * recv_public_key is public key of receiver. * packet must be an array of MAX_CRYPTO_REQUEST_SIZE big. * Data represents the data we send with the request with length being the length of the data. * request_id is the id of the request (32 = friend request, 254 = ping request). * * return -1 on failure. * return the length of the created packet on success. */ int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_key, uint8_t *packet, const uint8_t *recv_public_key, const uint8_t *data, uint32_t length, uint8_t request_id) { if (!send_public_key || !packet || !recv_public_key || !data) { return -1; } if (MAX_CRYPTO_REQUEST_SIZE < length + 1 + CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE + 1 + CRYPTO_MAC_SIZE) { return -1; } uint8_t *nonce = packet + 1 + CRYPTO_PUBLIC_KEY_SIZE * 2; random_nonce(nonce); uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; // TODO(irungentoo): crypto_memzero before exit function memcpy(temp + 1, data, length); temp[0] = request_id; int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1, 1 + CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE + packet); if (len == -1) { return -1; } packet[0] = NET_PACKET_CRYPTO; memcpy(packet + 1, recv_public_key, CRYPTO_PUBLIC_KEY_SIZE); memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, send_public_key, CRYPTO_PUBLIC_KEY_SIZE); return len + 1 + CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE; } /* Puts the senders public key in the request in public_key, the data from the request * in data if a friend or ping request was sent to us and returns the length of the data. * packet is the request packet and length is its length. * * return -1 if not valid request. */ int handle_request(const uint8_t *self_public_key, const uint8_t *self_secret_key, uint8_t *public_key, uint8_t *data, uint8_t *request_id, const uint8_t *packet, uint16_t length) { if (!self_public_key || !public_key || !data || !request_id || !packet) { return -1; } if (length <= CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE + 1 + CRYPTO_MAC_SIZE || length > MAX_CRYPTO_REQUEST_SIZE) { return -1; } if (public_key_cmp(packet + 1, self_public_key) != 0) { return -1; } memcpy(public_key, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, CRYPTO_PUBLIC_KEY_SIZE); const uint8_t *nonce = packet + 1 + CRYPTO_PUBLIC_KEY_SIZE * 2; uint8_t temp[MAX_CRYPTO_REQUEST_SIZE]; // TODO(irungentoo): crypto_memzero before exit function int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE, length - (CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE + 1), temp); if (len1 == -1 || len1 == 0) { return -1; } request_id[0] = temp[0]; --len1; memcpy(data, temp + 1, len1); return len1; } void to_net_family(IP *ip) { if (ip->family == AF_INET) { ip->family = TOX_AF_INET; } else if (ip->family == AF_INET6) { ip->family = TOX_AF_INET6; } } int to_host_family(IP *ip) { if (ip->family == TOX_AF_INET) { ip->family = AF_INET; return 0; } if (ip->family == TOX_AF_INET6) { ip->family = AF_INET6; return 0; } return -1; } #define PACKED_NODE_SIZE_IP4 (1 + SIZE_IP4 + sizeof(uint16_t) + CRYPTO_PUBLIC_KEY_SIZE) #define PACKED_NODE_SIZE_IP6 (1 + SIZE_IP6 + sizeof(uint16_t) + CRYPTO_PUBLIC_KEY_SIZE) /* Return packet size of packed node with ip_family on success. * Return -1 on failure. */ int packed_node_size(uint8_t ip_family) { if (ip_family == AF_INET) { return PACKED_NODE_SIZE_IP4; } if (ip_family == TCP_INET) { return PACKED_NODE_SIZE_IP4; } if (ip_family == AF_INET6) { return PACKED_NODE_SIZE_IP6; } if (ip_family == TCP_INET6) { return PACKED_NODE_SIZE_IP6; } return -1; } /* Packs an IP_Port structure into data of max size length. * * Returns size of packed IP_Port data on success * Return -1 on failure. */ static int pack_ip_port(uint8_t *data, uint16_t length, const IP_Port *ip_port) { if (data == NULL) { return -1; } bool is_ipv4; uint8_t net_family; if (ip_port->ip.family == AF_INET) { // TODO(irungentoo): use functions to convert endianness is_ipv4 = true; net_family = TOX_AF_INET; } else if (ip_port->ip.family == TCP_INET) { is_ipv4 = true; net_family = TOX_TCP_INET; } else if (ip_port->ip.family == AF_INET6) { is_ipv4 = false; net_family = TOX_AF_INET6; } else if (ip_port->ip.family == TCP_INET6) { is_ipv4 = false; net_family = TOX_TCP_INET6; } else { return -1; } if (is_ipv4) { uint32_t size = 1 + SIZE_IP4 + sizeof(uint16_t); if (size > length) { return -1; } data[0] = net_family; memcpy(data + 1, &ip_port->ip.ip4, SIZE_IP4); memcpy(data + 1 + SIZE_IP4, &ip_port->port, sizeof(uint16_t)); return size; } else { uint32_t size = 1 + SIZE_IP6 + sizeof(uint16_t); if (size > length) { return -1; } data[0] = net_family; memcpy(data + 1, &ip_port->ip.ip6, SIZE_IP6); memcpy(data + 1 + SIZE_IP6, &ip_port->port, sizeof(uint16_t)); return size; } } static int DHT_create_packet(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t *shared_key, const uint8_t type, uint8_t *plain, size_t plain_length, uint8_t *packet) { uint8_t encrypted[plain_length + CRYPTO_MAC_SIZE]; uint8_t nonce[CRYPTO_NONCE_SIZE]; random_nonce(nonce); int encrypted_length = encrypt_data_symmetric(shared_key, nonce, plain, plain_length, encrypted); if (encrypted_length == -1) { return -1; } packet[0] = type; memcpy(packet + 1, public_key, CRYPTO_PUBLIC_KEY_SIZE); memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, nonce, CRYPTO_NONCE_SIZE); memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, encrypted, encrypted_length); return 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + encrypted_length; } /* Unpack IP_Port structure from data of max size length into ip_port. * * Return size of unpacked ip_port on success. * Return -1 on failure. */ static int unpack_ip_port(IP_Port *ip_port, const uint8_t *data, uint16_t length, uint8_t tcp_enabled) { if (data == NULL) { return -1; } bool is_ipv4; uint8_t host_family; if (data[0] == TOX_AF_INET) { is_ipv4 = true; host_family = AF_INET; } else if (data[0] == TOX_TCP_INET) { if (!tcp_enabled) { return -1; } is_ipv4 = true; host_family = TCP_INET; } else if (data[0] == TOX_AF_INET6) { is_ipv4 = false; host_family = AF_INET6; } else if (data[0] == TOX_TCP_INET6) { if (!tcp_enabled) { return -1; } is_ipv4 = false; host_family = TCP_INET6; } else { return -1; } if (is_ipv4) { uint32_t size = 1 + SIZE_IP4 + sizeof(uint16_t); if (size > length) { return -1; } ip_port->ip.family = host_family; memcpy(&ip_port->ip.ip4, data + 1, SIZE_IP4); memcpy(&ip_port->port, data + 1 + SIZE_IP4, sizeof(uint16_t)); return size; } else { uint32_t size = 1 + SIZE_IP6 + sizeof(uint16_t); if (size > length) { return -1; } ip_port->ip.family = host_family; memcpy(&ip_port->ip.ip6, data + 1, SIZE_IP6); memcpy(&ip_port->port, data + 1 + SIZE_IP6, sizeof(uint16_t)); return size; } } /* Pack number of nodes into data of maxlength length. * * return length of packed nodes on success. * return -1 on failure. */ int pack_nodes(uint8_t *data, uint16_t length, const Node_format *nodes, uint16_t number) { uint32_t i, packed_length = 0; for (i = 0; i < number && packed_length < length; ++i) { int ipp_size = pack_ip_port(data + packed_length, length - packed_length, &nodes[i].ip_port); if (ipp_size == -1) { return -1; } packed_length += ipp_size; if (packed_length + CRYPTO_PUBLIC_KEY_SIZE > length) { return -1; } memcpy(data + packed_length, nodes[i].public_key, CRYPTO_PUBLIC_KEY_SIZE); packed_length += CRYPTO_PUBLIC_KEY_SIZE; uint32_t increment = ipp_size + CRYPTO_PUBLIC_KEY_SIZE; assert(increment == PACKED_NODE_SIZE_IP4 || increment == PACKED_NODE_SIZE_IP6); } return packed_length; } /* Unpack data of length into nodes of size max_num_nodes. * Put the length of the data processed in processed_data_len. * tcp_enabled sets if TCP nodes are expected (true) or not (false). * * return number of unpacked nodes on success. * return -1 on failure. */ int unpack_nodes(Node_format *nodes, uint16_t max_num_nodes, uint16_t *processed_data_len, const uint8_t *data, uint16_t length, uint8_t tcp_enabled) { uint32_t num = 0, len_processed = 0; while (num < max_num_nodes && len_processed < length) { int ipp_size = unpack_ip_port(&nodes[num].ip_port, data + len_processed, length - len_processed, tcp_enabled); if (ipp_size == -1) { return -1; } len_processed += ipp_size; if (len_processed + CRYPTO_PUBLIC_KEY_SIZE > length) { return -1; } memcpy(nodes[num].public_key, data + len_processed, CRYPTO_PUBLIC_KEY_SIZE); len_processed += CRYPTO_PUBLIC_KEY_SIZE; ++num; uint32_t increment = ipp_size + CRYPTO_PUBLIC_KEY_SIZE; assert(increment == PACKED_NODE_SIZE_IP4 || increment == PACKED_NODE_SIZE_IP6); } if (processed_data_len) { *processed_data_len = len_processed; } return num; } /* Check if client with public_key is already in list of length length. * If it is then set its corresponding timestamp to current time. * If the id is already in the list with a different ip_port, update it. * TODO(irungentoo): Maybe optimize this. * * return True(1) or False(0) */ static int client_or_ip_port_in_list(Logger *log, Client_data *list, uint16_t length, const uint8_t *public_key, IP_Port ip_port) { uint32_t i; uint64_t temp_time = unix_time(); /* if public_key is in list, find it and maybe overwrite ip_port */ for (i = 0; i < length; ++i) { if (id_equal(list[i].public_key, public_key)) { /* Refresh the client timestamp. */ if (ip_port.ip.family == AF_INET) { if (!ipport_equal(&list[i].assoc4.ip_port, &ip_port)) { LOGGER_TRACE(log, "coipil[%u]: switching ipv4 from %s:%u to %s:%u", i, ip_ntoa(&list[i].assoc4.ip_port.ip), ntohs(list[i].assoc4.ip_port.port), ip_ntoa(&ip_port.ip), ntohs(ip_port.port)); } if (LAN_ip(list[i].assoc4.ip_port.ip) != 0 && LAN_ip(ip_port.ip) == 0) { return 1; } list[i].assoc4.ip_port = ip_port; list[i].assoc4.timestamp = temp_time; } else if (ip_port.ip.family == AF_INET6) { if (!ipport_equal(&list[i].assoc4.ip_port, &ip_port)) { LOGGER_TRACE(log, "coipil[%u]: switching ipv6 from %s:%u to %s:%u", i, ip_ntoa(&list[i].assoc6.ip_port.ip), ntohs(list[i].assoc6.ip_port.port), ip_ntoa(&ip_port.ip), ntohs(ip_port.port)); } if (LAN_ip(list[i].assoc6.ip_port.ip) != 0 && LAN_ip(ip_port.ip) == 0) { return 1; } list[i].assoc6.ip_port = ip_port; list[i].assoc6.timestamp = temp_time; } return 1; } } /* public_key not in list yet: see if we can find an identical ip_port, in * that case we kill the old public_key by overwriting it with the new one * TODO(irungentoo): maybe we SHOULDN'T do that if that public_key is in a friend_list * and the one who is the actual friend's public_key/address set? */ for (i = 0; i < length; ++i) { /* MAYBE: check the other address, if valid, don't nuke? */ if ((ip_port.ip.family == AF_INET) && ipport_equal(&list[i].assoc4.ip_port, &ip_port)) { /* Initialize client timestamp. */ list[i].assoc4.timestamp = temp_time; memcpy(list[i].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); LOGGER_DEBUG(log, "coipil[%u]: switching public_key (ipv4)", i); /* kill the other address, if it was set */ memset(&list[i].assoc6, 0, sizeof(list[i].assoc6)); return 1; } if ((ip_port.ip.family == AF_INET6) && ipport_equal(&list[i].assoc6.ip_port, &ip_port)) { /* Initialize client timestamp. */ list[i].assoc6.timestamp = temp_time; memcpy(list[i].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); LOGGER_DEBUG(log, "coipil[%u]: switching public_key (ipv6)", i); /* kill the other address, if it was set */ memset(&list[i].assoc4, 0, sizeof(list[i].assoc4)); return 1; } } return 0; } /* Check if client with public_key is already in node format list of length length. * * return 1 if true. * return 0 if false. */ static int client_in_nodelist(const Node_format *list, uint16_t length, const uint8_t *public_key) { uint32_t i; for (i = 0; i < length; ++i) { if (id_equal(list[i].public_key, public_key)) { return 1; } } return 0; } /* return friend number from the public_key. * return -1 if a failure occurs. */ static int friend_number(const DHT *dht, const uint8_t *public_key) { uint32_t i; for (i = 0; i < dht->num_friends; ++i) { if (id_equal(dht->friends_list[i].public_key, public_key)) { return i; } } return -1; } /* Add node to the node list making sure only the nodes closest to cmp_pk are in the list. */ bool add_to_list(Node_format *nodes_list, unsigned int length, const uint8_t *pk, IP_Port ip_port, const uint8_t *cmp_pk) { uint8_t pk_bak[CRYPTO_PUBLIC_KEY_SIZE]; IP_Port ip_port_bak; unsigned int i; for (i = 0; i < length; ++i) { if (id_closest(cmp_pk, nodes_list[i].public_key, pk) == 2) { memcpy(pk_bak, nodes_list[i].public_key, CRYPTO_PUBLIC_KEY_SIZE); ip_port_bak = nodes_list[i].ip_port; memcpy(nodes_list[i].public_key, pk, CRYPTO_PUBLIC_KEY_SIZE); nodes_list[i].ip_port = ip_port; if (i != (length - 1)) { add_to_list(nodes_list, length, pk_bak, ip_port_bak, cmp_pk); } return 1; } } return 0; } /* TODO(irungentoo): change this to 7 when done*/ #define HARDENING_ALL_OK 2 /* return 0 if not. * return 1 if route request are ok * return 2 if it responds to send node packets correctly * return 4 if it can test other nodes correctly * return HARDENING_ALL_OK if all ok. */ static uint8_t hardening_correct(const Hardening *h) { return h->routes_requests_ok + (h->send_nodes_ok << 1) + (h->testing_requests << 2); } /* * helper for get_close_nodes(). argument list is a monster :D */ static void get_close_nodes_inner(const uint8_t *public_key, Node_format *nodes_list, sa_family_t sa_family, const Client_data *client_list, uint32_t client_list_length, uint32_t *num_nodes_ptr, uint8_t is_LAN, uint8_t want_good) { if ((sa_family != AF_INET) && (sa_family != AF_INET6) && (sa_family != 0)) { return; } uint32_t num_nodes = *num_nodes_ptr; uint32_t i; for (i = 0; i < client_list_length; i++) { const Client_data *client = &client_list[i]; /* node already in list? */ if (client_in_nodelist(nodes_list, MAX_SENT_NODES, client->public_key)) { continue; } const IPPTsPng *ipptp = NULL; if (sa_family == AF_INET) { ipptp = &client->assoc4; } else if (sa_family == AF_INET6) { ipptp = &client->assoc6; } else { if (client->assoc4.timestamp >= client->assoc6.timestamp) { ipptp = &client->assoc4; } else { ipptp = &client->assoc6; } } /* node not in a good condition? */ if (is_timeout(ipptp->timestamp, BAD_NODE_TIMEOUT)) { continue; } /* don't send LAN ips to non LAN peers */ if (LAN_ip(ipptp->ip_port.ip) == 0 && !is_LAN) { continue; } if (LAN_ip(ipptp->ip_port.ip) != 0 && want_good && hardening_correct(&ipptp->hardening) != HARDENING_ALL_OK && !id_equal(public_key, client->public_key)) { continue; } if (num_nodes < MAX_SENT_NODES) { memcpy(nodes_list[num_nodes].public_key, client->public_key, CRYPTO_PUBLIC_KEY_SIZE); nodes_list[num_nodes].ip_port = ipptp->ip_port; num_nodes++; } else { add_to_list(nodes_list, MAX_SENT_NODES, client->public_key, ipptp->ip_port, public_key); } } *num_nodes_ptr = num_nodes; } /* Find MAX_SENT_NODES nodes closest to the public_key for the send nodes request: * put them in the nodes_list and return how many were found. * * TODO(irungentoo): For the love of based make this function cleaner and much more efficient. * * want_good : do we want only good nodes as checked with the hardening returned or not? */ static int get_somewhat_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *nodes_list, sa_family_t sa_family, uint8_t is_LAN, uint8_t want_good) { uint32_t num_nodes = 0, i; get_close_nodes_inner(public_key, nodes_list, sa_family, dht->close_clientlist, LCLIENT_LIST, &num_nodes, is_LAN, 0); /* TODO(irungentoo): uncomment this when hardening is added to close friend clients */ #if 0 for (i = 0; i < dht->num_friends; ++i) { get_close_nodes_inner(dht, public_key, nodes_list, sa_family, dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, &num_nodes, is_LAN, want_good); } #endif for (i = 0; i < dht->num_friends; ++i) { get_close_nodes_inner(public_key, nodes_list, sa_family, dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, &num_nodes, is_LAN, 0); } return num_nodes; } int get_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *nodes_list, sa_family_t sa_family, uint8_t is_LAN, uint8_t want_good) { memset(nodes_list, 0, MAX_SENT_NODES * sizeof(Node_format)); return get_somewhat_close_nodes(dht, public_key, nodes_list, sa_family, is_LAN, want_good); } static uint8_t cmp_public_key[CRYPTO_PUBLIC_KEY_SIZE]; static int cmp_dht_entry(const void *a, const void *b) { Client_data entry1, entry2; memcpy(&entry1, a, sizeof(Client_data)); memcpy(&entry2, b, sizeof(Client_data)); int t1 = is_timeout(entry1.assoc4.timestamp, BAD_NODE_TIMEOUT) && is_timeout(entry1.assoc6.timestamp, BAD_NODE_TIMEOUT); int t2 = is_timeout(entry2.assoc4.timestamp, BAD_NODE_TIMEOUT) && is_timeout(entry2.assoc6.timestamp, BAD_NODE_TIMEOUT); if (t1 && t2) { return 0; } if (t1) { return -1; } if (t2) { return 1; } t1 = hardening_correct(&entry1.assoc4.hardening) != HARDENING_ALL_OK && hardening_correct(&entry1.assoc6.hardening) != HARDENING_ALL_OK; t2 = hardening_correct(&entry2.assoc4.hardening) != HARDENING_ALL_OK && hardening_correct(&entry2.assoc6.hardening) != HARDENING_ALL_OK; if (t1 != t2) { if (t1) { return -1; } if (t2) { return 1; } } int close = id_closest(cmp_public_key, entry1.public_key, entry2.public_key); if (close == 1) { return 1; } if (close == 2) { return -1; } return 0; } /* Is it ok to store node with public_key in client. * * return 0 if node can't be stored. * return 1 if it can. */ static unsigned int store_node_ok(const Client_data *client, const uint8_t *public_key, const uint8_t *comp_public_key) { if ((is_timeout(client->assoc4.timestamp, BAD_NODE_TIMEOUT) && is_timeout(client->assoc6.timestamp, BAD_NODE_TIMEOUT)) || (id_closest(comp_public_key, client->public_key, public_key) == 2)) { return 1; } return 0; } static void sort_client_list(Client_data *list, unsigned int length, const uint8_t *comp_public_key) { memcpy(cmp_public_key, comp_public_key, CRYPTO_PUBLIC_KEY_SIZE); qsort(list, length, sizeof(Client_data), cmp_dht_entry); } /* Replace a first bad (or empty) node with this one * or replace a possibly bad node (tests failed or not done yet) * that is further than any other in the list * from the comp_public_key * or replace a good node that is further * than any other in the list from the comp_public_key * and further than public_key. * * Do not replace any node if the list has no bad or possibly bad nodes * and all nodes in the list are closer to comp_public_key * than public_key. * * returns True(1) when the item was stored, False(0) otherwise */ static int replace_all(Client_data *list, uint16_t length, const uint8_t *public_key, IP_Port ip_port, const uint8_t *comp_public_key) { if ((ip_port.ip.family != AF_INET) && (ip_port.ip.family != AF_INET6)) { return 0; } if (store_node_ok(&list[1], public_key, comp_public_key) || store_node_ok(&list[0], public_key, comp_public_key)) { sort_client_list(list, length, comp_public_key); IPPTsPng *ipptp_write = NULL; IPPTsPng *ipptp_clear = NULL; Client_data *client = &list[0]; if (ip_port.ip.family == AF_INET) { ipptp_write = &client->assoc4; ipptp_clear = &client->assoc6; } else { ipptp_write = &client->assoc6; ipptp_clear = &client->assoc4; } id_copy(client->public_key, public_key); ipptp_write->ip_port = ip_port; ipptp_write->timestamp = unix_time(); ip_reset(&ipptp_write->ret_ip_port.ip); ipptp_write->ret_ip_port.port = 0; ipptp_write->ret_timestamp = 0; /* zero out other address */ memset(ipptp_clear, 0, sizeof(*ipptp_clear)); return 1; } return 0; } /* Add node to close list. * * simulate is set to 1 if we want to check if a node can be added to the list without adding it. * * return -1 on failure. * return 0 on success. */ static int add_to_close(DHT *dht, const uint8_t *public_key, IP_Port ip_port, bool simulate) { unsigned int i; unsigned int index = bit_by_bit_cmp(public_key, dht->self_public_key); if (index > LCLIENT_LENGTH) { index = LCLIENT_LENGTH - 1; } for (i = 0; i < LCLIENT_NODES; ++i) { Client_data *client = &dht->close_clientlist[(index * LCLIENT_NODES) + i]; if (is_timeout(client->assoc4.timestamp, BAD_NODE_TIMEOUT) && is_timeout(client->assoc6.timestamp, BAD_NODE_TIMEOUT)) { if (!simulate) { IPPTsPng *ipptp_write = NULL; IPPTsPng *ipptp_clear = NULL; if (ip_port.ip.family == AF_INET) { ipptp_write = &client->assoc4; ipptp_clear = &client->assoc6; } else { ipptp_write = &client->assoc6; ipptp_clear = &client->assoc4; } id_copy(client->public_key, public_key); ipptp_write->ip_port = ip_port; ipptp_write->timestamp = unix_time(); ip_reset(&ipptp_write->ret_ip_port.ip); ipptp_write->ret_ip_port.port = 0; ipptp_write->ret_timestamp = 0; /* zero out other address */ memset(ipptp_clear, 0, sizeof(*ipptp_clear)); } return 0; } } return -1; } /* Return 1 if node can be added to close list, 0 if it can't. */ bool node_addable_to_close_list(DHT *dht, const uint8_t *public_key, IP_Port ip_port) { if (add_to_close(dht, public_key, ip_port, 1) == 0) { return 1; } return 0; } static bool is_pk_in_client_list(Client_data *list, unsigned int client_list_length, const uint8_t *public_key, IP_Port ip_port) { unsigned int i; for (i = 0; i < client_list_length; ++i) { if ((ip_port.ip.family == AF_INET && !is_timeout(list[i].assoc4.timestamp, BAD_NODE_TIMEOUT)) || (ip_port.ip.family == AF_INET6 && !is_timeout(list[i].assoc6.timestamp, BAD_NODE_TIMEOUT))) { if (public_key_cmp(list[i].public_key, public_key) == 0) { return 1; } } } return 0; } /* Check if the node obtained with a get_nodes with public_key should be pinged. * NOTE: for best results call it after addto_lists; * * return 0 if the node should not be pinged. * return 1 if it should. */ static unsigned int ping_node_from_getnodes_ok(DHT *dht, const uint8_t *public_key, IP_Port ip_port) { bool ret = 0; if (add_to_close(dht, public_key, ip_port, 1) == 0) { ret = 1; } if (ret && !client_in_nodelist(dht->to_bootstrap, dht->num_to_bootstrap, public_key)) { if (dht->num_to_bootstrap < MAX_CLOSE_TO_BOOTSTRAP_NODES) { memcpy(dht->to_bootstrap[dht->num_to_bootstrap].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); dht->to_bootstrap[dht->num_to_bootstrap].ip_port = ip_port; ++dht->num_to_bootstrap; } else { // TODO(irungentoo): ipv6 vs v4 add_to_list(dht->to_bootstrap, MAX_CLOSE_TO_BOOTSTRAP_NODES, public_key, ip_port, dht->self_public_key); } } unsigned int i; for (i = 0; i < dht->num_friends; ++i) { bool store_ok = 0; DHT_Friend *dht_friend = &dht->friends_list[i]; if (store_node_ok(&dht_friend->client_list[1], public_key, dht_friend->public_key)) { store_ok = 1; } if (store_node_ok(&dht_friend->client_list[0], public_key, dht_friend->public_key)) { store_ok = 1; } if (store_ok && !client_in_nodelist(dht_friend->to_bootstrap, dht_friend->num_to_bootstrap, public_key) && !is_pk_in_client_list(dht_friend->client_list, MAX_FRIEND_CLIENTS, public_key, ip_port)) { if (dht_friend->num_to_bootstrap < MAX_SENT_NODES) { memcpy(dht_friend->to_bootstrap[dht_friend->num_to_bootstrap].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); dht_friend->to_bootstrap[dht_friend->num_to_bootstrap].ip_port = ip_port; ++dht_friend->num_to_bootstrap; } else { add_to_list(dht_friend->to_bootstrap, MAX_SENT_NODES, public_key, ip_port, dht_friend->public_key); } ret = 1; } } return ret; } /* Attempt to add client with ip_port and public_key to the friends client list * and close_clientlist. * * returns 1+ if the item is used in any list, 0 else */ int addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key) { uint32_t i, used = 0; /* convert IPv4-in-IPv6 to IPv4 */ if ((ip_port.ip.family == AF_INET6) && IPV6_IPV4_IN_V6(ip_port.ip.ip6)) { ip_port.ip.family = AF_INET; ip_port.ip.ip4.uint32 = ip_port.ip.ip6.uint32[3]; } /* NOTE: Current behavior if there are two clients with the same id is * to replace the first ip by the second. */ if (!client_or_ip_port_in_list(dht->log, dht->close_clientlist, LCLIENT_LIST, public_key, ip_port)) { if (add_to_close(dht, public_key, ip_port, 0)) { used++; } } else { used++; } DHT_Friend *friend_foundip = 0; for (i = 0; i < dht->num_friends; ++i) { if (!client_or_ip_port_in_list(dht->log, dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, public_key, ip_port)) { if (replace_all(dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, public_key, ip_port, dht->friends_list[i].public_key)) { DHT_Friend *dht_friend = &dht->friends_list[i]; if (public_key_cmp(public_key, dht_friend->public_key) == 0) { friend_foundip = dht_friend; } used++; } } else { DHT_Friend *dht_friend = &dht->friends_list[i]; if (public_key_cmp(public_key, dht_friend->public_key) == 0) { friend_foundip = dht_friend; } used++; } } if (friend_foundip) { uint32_t j; for (j = 0; j < friend_foundip->lock_count; ++j) { if (friend_foundip->callbacks[j].ip_callback) { friend_foundip->callbacks[j].ip_callback(friend_foundip->callbacks[j].data, friend_foundip->callbacks[j].number, ip_port); } } } return used; } /* If public_key is a friend or us, update ret_ip_port * nodepublic_key is the id of the node that sent us this info. */ static int returnedip_ports(DHT *dht, IP_Port ip_port, const uint8_t *public_key, const uint8_t *nodepublic_key) { uint32_t i, j; uint64_t temp_time = unix_time(); uint32_t used = 0; /* convert IPv4-in-IPv6 to IPv4 */ if ((ip_port.ip.family == AF_INET6) && IPV6_IPV4_IN_V6(ip_port.ip.ip6)) { ip_port.ip.family = AF_INET; ip_port.ip.ip4.uint32 = ip_port.ip.ip6.uint32[3]; } if (id_equal(public_key, dht->self_public_key)) { for (i = 0; i < LCLIENT_LIST; ++i) { if (id_equal(nodepublic_key, dht->close_clientlist[i].public_key)) { if (ip_port.ip.family == AF_INET) { dht->close_clientlist[i].assoc4.ret_ip_port = ip_port; dht->close_clientlist[i].assoc4.ret_timestamp = temp_time; } else if (ip_port.ip.family == AF_INET6) { dht->close_clientlist[i].assoc6.ret_ip_port = ip_port; dht->close_clientlist[i].assoc6.ret_timestamp = temp_time; } ++used; break; } } } else { for (i = 0; i < dht->num_friends; ++i) { if (id_equal(public_key, dht->friends_list[i].public_key)) { for (j = 0; j < MAX_FRIEND_CLIENTS; ++j) { if (id_equal(nodepublic_key, dht->friends_list[i].client_list[j].public_key)) { if (ip_port.ip.family == AF_INET) { dht->friends_list[i].client_list[j].assoc4.ret_ip_port = ip_port; dht->friends_list[i].client_list[j].assoc4.ret_timestamp = temp_time; } else if (ip_port.ip.family == AF_INET6) { dht->friends_list[i].client_list[j].assoc6.ret_ip_port = ip_port; dht->friends_list[i].client_list[j].assoc6.ret_timestamp = temp_time; } ++used; goto end; } } } } } end: return 0; } /* Send a getnodes request. sendback_node is the node that it will send back the response to (set to NULL to disable this) */ static int getnodes(DHT *dht, IP_Port ip_port, const uint8_t *public_key, const uint8_t *client_id, const Node_format *sendback_node) { /* Check if packet is going to be sent to ourself. */ if (id_equal(public_key, dht->self_public_key)) { return -1; } uint8_t plain_message[sizeof(Node_format) * 2] = {0}; Node_format receiver; memcpy(receiver.public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); receiver.ip_port = ip_port; memcpy(plain_message, &receiver, sizeof(receiver)); uint64_t ping_id = 0; if (sendback_node != NULL) { memcpy(plain_message + sizeof(receiver), sendback_node, sizeof(Node_format)); ping_id = ping_array_add(&dht->dht_harden_ping_array, plain_message, sizeof(plain_message)); } else { ping_id = ping_array_add(&dht->dht_ping_array, plain_message, sizeof(receiver)); } if (ping_id == 0) { return -1; } uint8_t plain[CRYPTO_PUBLIC_KEY_SIZE + sizeof(ping_id)]; uint8_t data[1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + sizeof(plain) + CRYPTO_MAC_SIZE]; memcpy(plain, client_id, CRYPTO_PUBLIC_KEY_SIZE); memcpy(plain + CRYPTO_PUBLIC_KEY_SIZE, &ping_id, sizeof(ping_id)); uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; DHT_get_shared_key_sent(dht, shared_key, public_key); int len = DHT_create_packet(dht->self_public_key, shared_key, NET_PACKET_GET_NODES, plain, sizeof(plain), data); if (len != sizeof(data)) { return -1; } return sendpacket(dht->net, ip_port, data, len); } /* Send a send nodes response: message for IPv6 nodes */ static int sendnodes_ipv6(const DHT *dht, IP_Port ip_port, const uint8_t *public_key, const uint8_t *client_id, const uint8_t *sendback_data, uint16_t length, const uint8_t *shared_encryption_key) { /* Check if packet is going to be sent to ourself. */ if (id_equal(public_key, dht->self_public_key)) { return -1; } if (length != sizeof(uint64_t)) { return -1; } size_t Node_format_size = sizeof(Node_format); Node_format nodes_list[MAX_SENT_NODES]; uint32_t num_nodes = get_close_nodes(dht, client_id, nodes_list, 0, LAN_ip(ip_port.ip) == 0, 1); uint8_t plain[1 + Node_format_size * MAX_SENT_NODES + length]; int nodes_length = 0; if (num_nodes) { nodes_length = pack_nodes(plain + 1, Node_format_size * MAX_SENT_NODES, nodes_list, num_nodes); if (nodes_length <= 0) { return -1; } } plain[0] = num_nodes; memcpy(plain + 1 + nodes_length, sendback_data, length); uint8_t data[1 + nodes_length + length + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE]; int len = DHT_create_packet(dht->self_public_key, shared_encryption_key, NET_PACKET_SEND_NODES_IPV6, plain, 1 + nodes_length + length, data); if (len != sizeof(data)) { return -1; } return sendpacket(dht->net, ip_port, data, len); } static int handle_getnodes(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata) { if (length != (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_PUBLIC_KEY_SIZE + sizeof( uint64_t) + CRYPTO_MAC_SIZE)) { return 1; } DHT *dht = (DHT *)object; /* Check if packet is from ourself. */ if (id_equal(packet + 1, dht->self_public_key)) { return 1; } uint8_t plain[CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t)]; uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; DHT_get_shared_key_recv(dht, shared_key, packet + 1); int len = decrypt_data_symmetric(shared_key, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t) + CRYPTO_MAC_SIZE, plain); if (len != CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t)) { return 1; } sendnodes_ipv6(dht, source, packet + 1, plain, plain + CRYPTO_PUBLIC_KEY_SIZE, sizeof(uint64_t), shared_key); add_to_ping(dht->ping, packet + 1, source); return 0; } /* return 0 if no return 1 if yes */ static uint8_t sent_getnode_to_node(DHT *dht, const uint8_t *public_key, IP_Port node_ip_port, uint64_t ping_id, Node_format *sendback_node) { uint8_t data[sizeof(Node_format) * 2]; if (ping_array_check(data, sizeof(data), &dht->dht_ping_array, ping_id) == sizeof(Node_format)) { memset(sendback_node, 0, sizeof(Node_format)); } else if (ping_array_check(data, sizeof(data), &dht->dht_harden_ping_array, ping_id) == sizeof(data)) { memcpy(sendback_node, data + sizeof(Node_format), sizeof(Node_format)); } else { return 0; } Node_format test; memcpy(&test, data, sizeof(Node_format)); if (!ipport_equal(&test.ip_port, &node_ip_port) || public_key_cmp(test.public_key, public_key) != 0) { return 0; } return 1; } /* Function is needed in following functions. */ static int send_hardening_getnode_res(const DHT *dht, const Node_format *sendto, const uint8_t *queried_client_id, const uint8_t *nodes_data, uint16_t nodes_data_length); static int handle_sendnodes_core(void *object, IP_Port source, const uint8_t *packet, uint16_t length, Node_format *plain_nodes, uint16_t size_plain_nodes, uint32_t *num_nodes_out) { DHT *dht = (DHT *)object; uint32_t cid_size = 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + 1 + sizeof(uint64_t) + CRYPTO_MAC_SIZE; if (length < cid_size) { /* too short */ return 1; } uint32_t data_size = length - cid_size; if (data_size == 0) { return 1; } if (data_size > sizeof(Node_format) * MAX_SENT_NODES) { /* invalid length */ return 1; } uint8_t plain[1 + data_size + sizeof(uint64_t)]; uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]; DHT_get_shared_key_sent(dht, shared_key, packet + 1); int len = decrypt_data_symmetric( shared_key, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, 1 + data_size + sizeof(uint64_t) + CRYPTO_MAC_SIZE, plain); if ((unsigned int)len != sizeof(plain)) { return 1; } if (plain[0] > size_plain_nodes) { return 1; } Node_format sendback_node; uint64_t ping_id; memcpy(&ping_id, plain + 1 + data_size, sizeof(ping_id)); if (!sent_getnode_to_node(dht, packet + 1, source, ping_id, &sendback_node)) { return 1; } uint16_t length_nodes = 0; int num_nodes = unpack_nodes(plain_nodes, plain[0], &length_nodes, plain + 1, data_size, 0); if (length_nodes != data_size) { return 1; } if (num_nodes != plain[0]) { return 1; } if (num_nodes < 0) { return 1; } /* store the address the *request* was sent to */ addto_lists(dht, source, packet + 1); *num_nodes_out = num_nodes; send_hardening_getnode_res(dht, &sendback_node, packet + 1, plain + 1, data_size); return 0; } static int handle_sendnodes_ipv6(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata) { DHT *dht = (DHT *)object; Node_format plain_nodes[MAX_SENT_NODES]; uint32_t num_nodes; if (handle_sendnodes_core(object, source, packet, length, plain_nodes, MAX_SENT_NODES, &num_nodes)) { return 1; } if (num_nodes == 0) { return 0; } uint32_t i; for (i = 0; i < num_nodes; i++) { if (ipport_isset(&plain_nodes[i].ip_port)) { ping_node_from_getnodes_ok(dht, plain_nodes[i].public_key, plain_nodes[i].ip_port); returnedip_ports(dht, plain_nodes[i].ip_port, plain_nodes[i].public_key, packet + 1); } } return 0; } /*----------------------------------------------------------------------------------*/ /*------------------------END of packet handling functions--------------------------*/ int DHT_addfriend(DHT *dht, const uint8_t *public_key, void (*ip_callback)(void *data, int32_t number, IP_Port), void *data, int32_t number, uint16_t *lock_count) { int friend_num = friend_number(dht, public_key); uint16_t lock_num; if (friend_num != -1) { /* Is friend already in DHT? */ DHT_Friend *dht_friend = &dht->friends_list[friend_num]; if (dht_friend->lock_count == DHT_FRIEND_MAX_LOCKS) { return -1; } lock_num = dht_friend->lock_count; ++dht_friend->lock_count; dht_friend->callbacks[lock_num].ip_callback = ip_callback; dht_friend->callbacks[lock_num].data = data; dht_friend->callbacks[lock_num].number = number; if (lock_count) { *lock_count = lock_num + 1; } return 0; } DHT_Friend *temp = (DHT_Friend *)realloc(dht->friends_list, sizeof(DHT_Friend) * (dht->num_friends + 1)); if (temp == NULL) { return -1; } dht->friends_list = temp; DHT_Friend *dht_friend = &dht->friends_list[dht->num_friends]; memset(dht_friend, 0, sizeof(DHT_Friend)); memcpy(dht_friend->public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); dht_friend->nat.NATping_id = random_64b(); ++dht->num_friends; lock_num = dht_friend->lock_count; ++dht_friend->lock_count; dht_friend->callbacks[lock_num].ip_callback = ip_callback; dht_friend->callbacks[lock_num].data = data; dht_friend->callbacks[lock_num].number = number; if (lock_count) { *lock_count = lock_num + 1; } dht_friend->num_to_bootstrap = get_close_nodes(dht, dht_friend->public_key, dht_friend->to_bootstrap, 0, 1, 0); return 0; } int DHT_delfriend(DHT *dht, const uint8_t *public_key, uint16_t lock_count) { int friend_num = friend_number(dht, public_key); if (friend_num == -1) { return -1; } DHT_Friend *dht_friend = &dht->friends_list[friend_num]; --dht_friend->lock_count; if (dht_friend->lock_count && lock_count) { /* DHT friend is still in use.*/ --lock_count; dht_friend->callbacks[lock_count].ip_callback = NULL; dht_friend->callbacks[lock_count].data = NULL; dht_friend->callbacks[lock_count].number = 0; return 0; } --dht->num_friends; if (dht->num_friends != friend_num) { memcpy(&dht->friends_list[friend_num], &dht->friends_list[dht->num_friends], sizeof(DHT_Friend)); } if (dht->num_friends == 0) { free(dht->friends_list); dht->friends_list = NULL; return 0; } DHT_Friend *temp = (DHT_Friend *)realloc(dht->friends_list, sizeof(DHT_Friend) * (dht->num_friends)); if (temp == NULL) { return -1; } dht->friends_list = temp; return 0; } /* TODO(irungentoo): Optimize this. */ int DHT_getfriendip(const DHT *dht, const uint8_t *public_key, IP_Port *ip_port) { uint32_t i, j; ip_reset(&ip_port->ip); ip_port->port = 0; for (i = 0; i < dht->num_friends; ++i) { /* Equal */ if (id_equal(dht->friends_list[i].public_key, public_key)) { for (j = 0; j < MAX_FRIEND_CLIENTS; ++j) { Client_data *client = &dht->friends_list[i].client_list[j]; if (id_equal(client->public_key, public_key)) { IPPTsPng *assoc = NULL; uint32_t a; for (a = 0, assoc = &client->assoc6; a < 2; a++, assoc = &client->assoc4) { if (!is_timeout(assoc->timestamp, BAD_NODE_TIMEOUT)) { *ip_port = assoc->ip_port; return 1; } } } } return 0; } } return -1; } /* returns number of nodes not in kill-timeout */ static uint8_t do_ping_and_sendnode_requests(DHT *dht, uint64_t *lastgetnode, const uint8_t *public_key, Client_data *list, uint32_t list_count, uint32_t *bootstrap_times, bool sortable) { uint32_t i; uint8_t not_kill = 0; uint64_t temp_time = unix_time(); uint32_t num_nodes = 0; Client_data *client_list[list_count * 2]; IPPTsPng *assoc_list[list_count * 2]; unsigned int sort = 0; bool sort_ok = 0; for (i = 0; i < list_count; i++) { /* If node is not dead. */ Client_data *client = &list[i]; IPPTsPng *assoc; uint32_t a; for (a = 0, assoc = &client->assoc6; a < 2; a++, assoc = &client->assoc4) { if (!is_timeout(assoc->timestamp, KILL_NODE_TIMEOUT)) { sort = 0; not_kill++; if (is_timeout(assoc->last_pinged, PING_INTERVAL)) { getnodes(dht, assoc->ip_port, client->public_key, public_key, NULL); assoc->last_pinged = temp_time; } /* If node is good. */ if (!is_timeout(assoc->timestamp, BAD_NODE_TIMEOUT)) { client_list[num_nodes] = client; assoc_list[num_nodes] = assoc; ++num_nodes; } } else { ++sort; /* Timed out should be at beginning, if they are not, sort the list. */ if (sort > 1 && sort < (((i + 1) * 2) - 1)) { sort_ok = 1; } } } } if (sortable && sort_ok) { sort_client_list(list, list_count, public_key); } if ((num_nodes != 0) && (is_timeout(*lastgetnode, GET_NODE_INTERVAL) || *bootstrap_times < MAX_BOOTSTRAP_TIMES)) { uint32_t rand_node = rand() % (num_nodes); if ((num_nodes - 1) != rand_node) { rand_node += rand() % (num_nodes - (rand_node + 1)); } getnodes(dht, assoc_list[rand_node]->ip_port, client_list[rand_node]->public_key, public_key, NULL); *lastgetnode = temp_time; ++*bootstrap_times; } return not_kill; } /* Ping each client in the "friends" list every PING_INTERVAL seconds. Send a get nodes request * every GET_NODE_INTERVAL seconds to a random good node for each "friend" in our "friends" list. */ static void do_DHT_friends(DHT *dht) { unsigned int i, j; for (i = 0; i < dht->num_friends; ++i) { DHT_Friend *dht_friend = &dht->friends_list[i]; for (j = 0; j < dht_friend->num_to_bootstrap; ++j) { getnodes(dht, dht_friend->to_bootstrap[j].ip_port, dht_friend->to_bootstrap[j].public_key, dht_friend->public_key, NULL); } dht_friend->num_to_bootstrap = 0; do_ping_and_sendnode_requests(dht, &dht_friend->lastgetnode, dht_friend->public_key, dht_friend->client_list, MAX_FRIEND_CLIENTS, &dht_friend->bootstrap_times, 1); } } /* Ping each client in the close nodes list every PING_INTERVAL seconds. * Send a get nodes request every GET_NODE_INTERVAL seconds to a random good node in the list. */ static void do_Close(DHT *dht) { unsigned int i; for (i = 0; i < dht->num_to_bootstrap; ++i) { getnodes(dht, dht->to_bootstrap[i].ip_port, dht->to_bootstrap[i].public_key, dht->self_public_key, NULL); } dht->num_to_bootstrap = 0; uint8_t not_killed = do_ping_and_sendnode_requests(dht, &dht->close_lastgetnodes, dht->self_public_key, dht->close_clientlist, LCLIENT_LIST, &dht->close_bootstrap_times, 0); if (!not_killed) { /* all existing nodes are at least KILL_NODE_TIMEOUT, * which means we are mute, as we only send packets to * nodes NOT in KILL_NODE_TIMEOUT * * so: reset all nodes to be BAD_NODE_TIMEOUT, but not * KILL_NODE_TIMEOUT, so we at least keep trying pings */ uint64_t badonly = unix_time() - BAD_NODE_TIMEOUT; size_t j, a; for (j = 0; j < LCLIENT_LIST; j++) { Client_data *client = &dht->close_clientlist[j]; IPPTsPng *assoc; for (a = 0, assoc = &client->assoc4; a < 2; a++, assoc = &client->assoc6) { if (assoc->timestamp) { assoc->timestamp = badonly; } } } } } void DHT_getnodes(DHT *dht, const IP_Port *from_ipp, const uint8_t *from_id, const uint8_t *which_id) { getnodes(dht, *from_ipp, from_id, which_id, NULL); } void DHT_bootstrap(DHT *dht, IP_Port ip_port, const uint8_t *public_key) { getnodes(dht, ip_port, public_key, dht->self_public_key, NULL); } int DHT_bootstrap_from_address(DHT *dht, const char *address, uint8_t ipv6enabled, uint16_t port, const uint8_t *public_key) { IP_Port ip_port_v64; IP *ip_extra = NULL; IP_Port ip_port_v4; ip_init(&ip_port_v64.ip, ipv6enabled); if (ipv6enabled) { /* setup for getting BOTH: an IPv6 AND an IPv4 address */ ip_port_v64.ip.family = AF_UNSPEC; ip_reset(&ip_port_v4.ip); ip_extra = &ip_port_v4.ip; } if (addr_resolve_or_parse_ip(address, &ip_port_v64.ip, ip_extra)) { ip_port_v64.port = port; DHT_bootstrap(dht, ip_port_v64, public_key); if ((ip_extra != NULL) && ip_isset(ip_extra)) { ip_port_v4.port = port; DHT_bootstrap(dht, ip_port_v4, public_key); } return 1; } return 0; } /* Send the given packet to node with public_key * * return -1 if failure. */ int route_packet(const DHT *dht, const uint8_t *public_key, const uint8_t *packet, uint16_t length) { uint32_t i; for (i = 0; i < LCLIENT_LIST; ++i) { if (id_equal(public_key, dht->close_clientlist[i].public_key)) { const Client_data *client = &dht->close_clientlist[i]; if (ip_isset(&client->assoc6.ip_port.ip)) { return sendpacket(dht->net, client->assoc6.ip_port, packet, length); } if (ip_isset(&client->assoc4.ip_port.ip)) { return sendpacket(dht->net, client->assoc4.ip_port, packet, length); } break; } } return -1; } /* Puts all the different ips returned by the nodes for a friend_num into array ip_portlist. * ip_portlist must be at least MAX_FRIEND_CLIENTS big. * * return the number of ips returned. * return 0 if we are connected to friend or if no ips were found. * return -1 if no such friend. */ static int friend_iplist(const DHT *dht, IP_Port *ip_portlist, uint16_t friend_num) { if (friend_num >= dht->num_friends) { return -1; } DHT_Friend *dht_friend = &dht->friends_list[friend_num]; Client_data *client; IP_Port ipv4s[MAX_FRIEND_CLIENTS]; int num_ipv4s = 0; IP_Port ipv6s[MAX_FRIEND_CLIENTS]; int num_ipv6s = 0; int i; for (i = 0; i < MAX_FRIEND_CLIENTS; ++i) { client = &(dht_friend->client_list[i]); /* If ip is not zero and node is good. */ if (ip_isset(&client->assoc4.ret_ip_port.ip) && !is_timeout(client->assoc4.ret_timestamp, BAD_NODE_TIMEOUT)) { ipv4s[num_ipv4s] = client->assoc4.ret_ip_port; ++num_ipv4s; } if (ip_isset(&client->assoc6.ret_ip_port.ip) && !is_timeout(client->assoc6.ret_timestamp, BAD_NODE_TIMEOUT)) { ipv6s[num_ipv6s] = client->assoc6.ret_ip_port; ++num_ipv6s; } if (id_equal(client->public_key, dht_friend->public_key)) { if (!is_timeout(client->assoc6.timestamp, BAD_NODE_TIMEOUT) || !is_timeout(client->assoc4.timestamp, BAD_NODE_TIMEOUT)) { return 0; /* direct connectivity */ } } } #ifdef FRIEND_IPLIST_PAD memcpy(ip_portlist, ipv6s, num_ipv6s * sizeof(IP_Port)); if (num_ipv6s == MAX_FRIEND_CLIENTS) { return MAX_FRIEND_CLIENTS; } int num_ipv4s_used = MAX_FRIEND_CLIENTS - num_ipv6s; if (num_ipv4s_used > num_ipv4s) { num_ipv4s_used = num_ipv4s; } memcpy(&ip_portlist[num_ipv6s], ipv4s, num_ipv4s_used * sizeof(IP_Port)); return num_ipv6s + num_ipv4s_used; #else /* !FRIEND_IPLIST_PAD */ /* there must be some secret reason why we can't pad the longer list * with the shorter one... */ if (num_ipv6s >= num_ipv4s) { memcpy(ip_portlist, ipv6s, num_ipv6s * sizeof(IP_Port)); return num_ipv6s; } memcpy(ip_portlist, ipv4s, num_ipv4s * sizeof(IP_Port)); return num_ipv4s; #endif /* !FRIEND_IPLIST_PAD */ } /* Send the following packet to everyone who tells us they are connected to friend_id. * * return ip for friend. * return number of nodes the packet was sent to. (Only works if more than (MAX_FRIEND_CLIENTS / 4). */ int route_tofriend(const DHT *dht, const uint8_t *friend_id, const uint8_t *packet, uint16_t length) { int num = friend_number(dht, friend_id); if (num == -1) { return 0; } uint32_t i, sent = 0; uint8_t friend_sent[MAX_FRIEND_CLIENTS] = {0}; IP_Port ip_list[MAX_FRIEND_CLIENTS]; int ip_num = friend_iplist(dht, ip_list, num); if (ip_num < (MAX_FRIEND_CLIENTS / 4)) { return 0; /* Reason for that? */ } DHT_Friend *dht_friend = &dht->friends_list[num]; Client_data *client; /* extra legwork, because having the outside allocating the space for us * is *usually* good(tm) (bites us in the behind in this case though) */ uint32_t a; for (a = 0; a < 2; a++) { for (i = 0; i < MAX_FRIEND_CLIENTS; ++i) { if (friend_sent[i]) {/* Send one packet per client.*/ continue; } client = &dht_friend->client_list[i]; IPPTsPng *assoc = NULL; if (!a) { assoc = &client->assoc4; } else { assoc = &client->assoc6; } /* If ip is not zero and node is good. */ if (ip_isset(&assoc->ret_ip_port.ip) && !is_timeout(assoc->ret_timestamp, BAD_NODE_TIMEOUT)) { int retval = sendpacket(dht->net, assoc->ip_port, packet, length); if ((unsigned int)retval == length) { ++sent; friend_sent[i] = 1; } } } } return sent; } /* Send the following packet to one random person who tells us they are connected to friend_id. * * return number of nodes the packet was sent to. */ static int routeone_tofriend(DHT *dht, const uint8_t *friend_id, const uint8_t *packet, uint16_t length) { int num = friend_number(dht, friend_id); if (num == -1) { return 0; } DHT_Friend *dht_friend = &dht->friends_list[num]; Client_data *client; IP_Port ip_list[MAX_FRIEND_CLIENTS * 2]; int n = 0; uint32_t i; /* extra legwork, because having the outside allocating the space for us * is *usually* good(tm) (bites us in the behind in this case though) */ uint32_t a; for (a = 0; a < 2; a++) { for (i = 0; i < MAX_FRIEND_CLIENTS; ++i) { client = &dht_friend->client_list[i]; IPPTsPng *assoc = NULL; if (!a) { assoc = &client->assoc4; } else { assoc = &client->assoc6; } /* If ip is not zero and node is good. */ if (ip_isset(&assoc->ret_ip_port.ip) && !is_timeout(assoc->ret_timestamp, BAD_NODE_TIMEOUT)) { ip_list[n] = assoc->ip_port; ++n; } } } if (n < 1) { return 0; } int retval = sendpacket(dht->net, ip_list[rand() % n], packet, length); if ((unsigned int)retval == length) { return 1; } return 0; } /*----------------------------------------------------------------------------------*/ /*---------------------BEGINNING OF NAT PUNCHING FUNCTIONS--------------------------*/ static int send_NATping(DHT *dht, const uint8_t *public_key, uint64_t ping_id, uint8_t type) { uint8_t data[sizeof(uint64_t) + 1]; uint8_t packet[MAX_CRYPTO_REQUEST_SIZE]; int num = 0; data[0] = type; memcpy(data + 1, &ping_id, sizeof(uint64_t)); /* 254 is NAT ping request packet id */ int len = create_request(dht->self_public_key, dht->self_secret_key, packet, public_key, data, sizeof(uint64_t) + 1, CRYPTO_PACKET_NAT_PING); if (len == -1) { return -1; } if (type == 0) { /* If packet is request use many people to route it. */ num = route_tofriend(dht, public_key, packet, len); } else if (type == 1) { /* If packet is response use only one person to route it */ num = routeone_tofriend(dht, public_key, packet, len); } if (num == 0) { return -1; } return num; } /* Handle a received ping request for. */ static int handle_NATping(void *object, IP_Port source, const uint8_t *source_pubkey, const uint8_t *packet, uint16_t length, void *userdata) { if (length != sizeof(uint64_t) + 1) { return 1; } DHT *dht = (DHT *)object; uint64_t ping_id; memcpy(&ping_id, packet + 1, sizeof(uint64_t)); int friendnumber = friend_number(dht, source_pubkey); if (friendnumber == -1) { return 1; } DHT_Friend *dht_friend = &dht->friends_list[friendnumber]; if (packet[0] == NAT_PING_REQUEST) { /* 1 is reply */ send_NATping(dht, source_pubkey, ping_id, NAT_PING_RESPONSE); dht_friend->nat.recvNATping_timestamp = unix_time(); return 0; } if (packet[0] == NAT_PING_RESPONSE) { if (dht_friend->nat.NATping_id == ping_id) { dht_friend->nat.NATping_id = random_64b(); dht_friend->nat.hole_punching = 1; return 0; } } return 1; } /* Get the most common ip in the ip_portlist. * Only return ip if it appears in list min_num or more. * len must not be bigger than MAX_FRIEND_CLIENTS. * * return ip of 0 if failure. */ static IP NAT_commonip(IP_Port *ip_portlist, uint16_t len, uint16_t min_num) { IP zero; ip_reset(&zero); if (len > MAX_FRIEND_CLIENTS) { return zero; } uint32_t i, j; uint16_t numbers[MAX_FRIEND_CLIENTS] = {0}; for (i = 0; i < len; ++i) { for (j = 0; j < len; ++j) { if (ip_equal(&ip_portlist[i].ip, &ip_portlist[j].ip)) { ++numbers[i]; } } if (numbers[i] >= min_num) { return ip_portlist[i].ip; } } return zero; } /* Return all the ports for one ip in a list. * portlist must be at least len long, * where len is the length of ip_portlist. * * return number of ports and puts the list of ports in portlist. */ static uint16_t NAT_getports(uint16_t *portlist, IP_Port *ip_portlist, uint16_t len, IP ip) { uint32_t i; uint16_t num = 0; for (i = 0; i < len; ++i) { if (ip_equal(&ip_portlist[i].ip, &ip)) { portlist[num] = ntohs(ip_portlist[i].port); ++num; } } return num; } static void punch_holes(DHT *dht, IP ip, uint16_t *port_list, uint16_t numports, uint16_t friend_num) { if (!dht->hole_punching_enabled) { return; } if (numports > MAX_FRIEND_CLIENTS || numports == 0) { return; } uint32_t i; uint32_t top = dht->friends_list[friend_num].nat.punching_index + MAX_PUNCHING_PORTS; uint16_t firstport = port_list[0]; for (i = 0; i < numports; ++i) { if (firstport != port_list[i]) { break; } } if (i == numports) { /* If all ports are the same, only try that one port. */ IP_Port pinging; ip_copy(&pinging.ip, &ip); pinging.port = htons(firstport); send_ping_request(dht->ping, pinging, dht->friends_list[friend_num].public_key); } else { for (i = dht->friends_list[friend_num].nat.punching_index; i != top; ++i) { /* TODO(irungentoo): Improve port guessing algorithm. */ uint16_t port = port_list[(i / 2) % numports] + (i / (2 * numports)) * ((i % 2) ? -1 : 1); IP_Port pinging; ip_copy(&pinging.ip, &ip); pinging.port = htons(port); send_ping_request(dht->ping, pinging, dht->friends_list[friend_num].public_key); } dht->friends_list[friend_num].nat.punching_index = i; } if (dht->friends_list[friend_num].nat.tries > MAX_NORMAL_PUNCHING_TRIES) { top = dht->friends_list[friend_num].nat.punching_index2 + MAX_PUNCHING_PORTS; uint16_t port = 1024; IP_Port pinging; ip_copy(&pinging.ip, &ip); for (i = dht->friends_list[friend_num].nat.punching_index2; i != top; ++i) { pinging.port = htons(port + i); send_ping_request(dht->ping, pinging, dht->friends_list[friend_num].public_key); } dht->friends_list[friend_num].nat.punching_index2 = i - (MAX_PUNCHING_PORTS / 2); } ++dht->friends_list[friend_num].nat.tries; } static void do_NAT(DHT *dht) { uint32_t i; uint64_t temp_time = unix_time(); for (i = 0; i < dht->num_friends; ++i) { IP_Port ip_list[MAX_FRIEND_CLIENTS]; int num = friend_iplist(dht, ip_list, i); /* If already connected or friend is not online don't try to hole punch. */ if (num < MAX_FRIEND_CLIENTS / 2) { continue; } if (dht->friends_list[i].nat.NATping_timestamp + PUNCH_INTERVAL < temp_time) { send_NATping(dht, dht->friends_list[i].public_key, dht->friends_list[i].nat.NATping_id, NAT_PING_REQUEST); dht->friends_list[i].nat.NATping_timestamp = temp_time; } if (dht->friends_list[i].nat.hole_punching == 1 && dht->friends_list[i].nat.punching_timestamp + PUNCH_INTERVAL < temp_time && dht->friends_list[i].nat.recvNATping_timestamp + PUNCH_INTERVAL * 2 >= temp_time) { IP ip = NAT_commonip(ip_list, num, MAX_FRIEND_CLIENTS / 2); if (!ip_isset(&ip)) { continue; } uint16_t port_list[MAX_FRIEND_CLIENTS]; uint16_t numports = NAT_getports(port_list, ip_list, num, ip); punch_holes(dht, ip, port_list, numports, i); dht->friends_list[i].nat.punching_timestamp = temp_time; dht->friends_list[i].nat.hole_punching = 0; } } } /*----------------------------------------------------------------------------------*/ /*-----------------------END OF NAT PUNCHING FUNCTIONS------------------------------*/ #define HARDREQ_DATA_SIZE 384 /* Attempt to prevent amplification/other attacks*/ #define CHECK_TYPE_ROUTE_REQ 0 #define CHECK_TYPE_ROUTE_RES 1 #define CHECK_TYPE_GETNODE_REQ 2 #define CHECK_TYPE_GETNODE_RES 3 #define CHECK_TYPE_TEST_REQ 4 #define CHECK_TYPE_TEST_RES 5 #if DHT_HARDENING static int send_hardening_req(DHT *dht, Node_format *sendto, uint8_t type, uint8_t *contents, uint16_t length) { if (length > HARDREQ_DATA_SIZE - 1) { return -1; } uint8_t packet[MAX_CRYPTO_REQUEST_SIZE]; uint8_t data[HARDREQ_DATA_SIZE] = {0}; data[0] = type; memcpy(data + 1, contents, length); int len = create_request(dht->self_public_key, dht->self_secret_key, packet, sendto->public_key, data, sizeof(data), CRYPTO_PACKET_HARDENING); if (len == -1) { return -1; } return sendpacket(dht->net, sendto->ip_port, packet, len); } /* Send a get node hardening request */ static int send_hardening_getnode_req(DHT *dht, Node_format *dest, Node_format *node_totest, uint8_t *search_id) { uint8_t data[sizeof(Node_format) + CRYPTO_PUBLIC_KEY_SIZE]; memcpy(data, node_totest, sizeof(Node_format)); memcpy(data + sizeof(Node_format), search_id, CRYPTO_PUBLIC_KEY_SIZE); return send_hardening_req(dht, dest, CHECK_TYPE_GETNODE_REQ, data, sizeof(Node_format) + CRYPTO_PUBLIC_KEY_SIZE); } #endif /* Send a get node hardening response */ static int send_hardening_getnode_res(const DHT *dht, const Node_format *sendto, const uint8_t *queried_client_id, const uint8_t *nodes_data, uint16_t nodes_data_length) { if (!ip_isset(&sendto->ip_port.ip)) { return -1; } uint8_t packet[MAX_CRYPTO_REQUEST_SIZE]; uint8_t data[1 + CRYPTO_PUBLIC_KEY_SIZE + nodes_data_length]; data[0] = CHECK_TYPE_GETNODE_RES; memcpy(data + 1, queried_client_id, CRYPTO_PUBLIC_KEY_SIZE); memcpy(data + 1 + CRYPTO_PUBLIC_KEY_SIZE, nodes_data, nodes_data_length); int len = create_request(dht->self_public_key, dht->self_secret_key, packet, sendto->public_key, data, sizeof(data), CRYPTO_PACKET_HARDENING); if (len == -1) { return -1; } return sendpacket(dht->net, sendto->ip_port, packet, len); } /* TODO(irungentoo): improve */ static IPPTsPng *get_closelist_IPPTsPng(DHT *dht, const uint8_t *public_key, sa_family_t sa_family) { uint32_t i; for (i = 0; i < LCLIENT_LIST; ++i) { if (public_key_cmp(dht->close_clientlist[i].public_key, public_key) != 0) { continue; } if (sa_family == AF_INET) { return &dht->close_clientlist[i].assoc4; } if (sa_family == AF_INET6) { return &dht->close_clientlist[i].assoc6; } } return NULL; } /* * check how many nodes in nodes are also present in the closelist. * TODO(irungentoo): make this function better. */ static uint32_t have_nodes_closelist(DHT *dht, Node_format *nodes, uint16_t num) { uint32_t counter = 0; uint32_t i; for (i = 0; i < num; ++i) { if (id_equal(nodes[i].public_key, dht->self_public_key)) { ++counter; continue; } IPPTsPng *temp = get_closelist_IPPTsPng(dht, nodes[i].public_key, nodes[i].ip_port.ip.family); if (temp) { if (!is_timeout(temp->timestamp, BAD_NODE_TIMEOUT)) { ++counter; } } } return counter; } /* Interval in seconds between hardening checks */ #define HARDENING_INTERVAL 120 #define HARDEN_TIMEOUT 1200 /* Handle a received hardening packet */ static int handle_hardening(void *object, IP_Port source, const uint8_t *source_pubkey, const uint8_t *packet, uint16_t length, void *userdata) { DHT *dht = (DHT *)object; if (length < 2) { return 1; } switch (packet[0]) { case CHECK_TYPE_GETNODE_REQ: { if (length != HARDREQ_DATA_SIZE) { return 1; } Node_format node, tocheck_node; node.ip_port = source; memcpy(node.public_key, source_pubkey, CRYPTO_PUBLIC_KEY_SIZE); memcpy(&tocheck_node, packet + 1, sizeof(Node_format)); if (getnodes(dht, tocheck_node.ip_port, tocheck_node.public_key, packet + 1 + sizeof(Node_format), &node) == -1) { return 1; } return 0; } case CHECK_TYPE_GETNODE_RES: { if (length <= CRYPTO_PUBLIC_KEY_SIZE + 1) { return 1; } if (length > 1 + CRYPTO_PUBLIC_KEY_SIZE + sizeof(Node_format) * MAX_SENT_NODES) { return 1; } uint16_t length_nodes = length - 1 - CRYPTO_PUBLIC_KEY_SIZE; Node_format nodes[MAX_SENT_NODES]; int num_nodes = unpack_nodes(nodes, MAX_SENT_NODES, 0, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, length_nodes, 0); /* TODO(irungentoo): MAX_SENT_NODES nodes should be returned at all times (right now we have a small network size so it could cause problems for testing and etc..) */ if (num_nodes <= 0) { return 1; } /* NOTE: This should work for now but should be changed to something better. */ if (have_nodes_closelist(dht, nodes, num_nodes) < (uint32_t)((num_nodes + 2) / 2)) { return 1; } IPPTsPng *temp = get_closelist_IPPTsPng(dht, packet + 1, nodes[0].ip_port.ip.family); if (temp == NULL) { return 1; } if (is_timeout(temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL)) { return 1; } if (public_key_cmp(temp->hardening.send_nodes_pingedid, source_pubkey) != 0) { return 1; } /* If Nodes look good and the request checks out */ temp->hardening.send_nodes_ok = 1; return 0;/* success*/ } } return 1; } #if DHT_HARDENING /* Return a random node from all the nodes we are connected to. * TODO(irungentoo): improve this function. */ static Node_format random_node(DHT *dht, sa_family_t sa_family) { uint8_t id[CRYPTO_PUBLIC_KEY_SIZE]; uint32_t i; for (i = 0; i < CRYPTO_PUBLIC_KEY_SIZE / 4; ++i) { /* populate the id with pseudorandom bytes.*/ uint32_t t = rand(); memcpy(id + i * sizeof(t), &t, sizeof(t)); } Node_format nodes_list[MAX_SENT_NODES]; memset(nodes_list, 0, sizeof(nodes_list)); uint32_t num_nodes = get_close_nodes(dht, id, nodes_list, sa_family, 1, 0); if (num_nodes == 0) { return nodes_list[0]; } return nodes_list[rand() % num_nodes]; } #endif /* Put up to max_num nodes in nodes from the closelist. * * return the number of nodes. */ static uint16_t list_nodes(Client_data *list, unsigned int length, Node_format *nodes, uint16_t max_num) { if (max_num == 0) { return 0; } uint16_t count = 0; unsigned int i; for (i = length; i != 0; --i) { IPPTsPng *assoc = NULL; if (!is_timeout(list[i - 1].assoc4.timestamp, BAD_NODE_TIMEOUT)) { assoc = &list[i - 1].assoc4; } if (!is_timeout(list[i - 1].assoc6.timestamp, BAD_NODE_TIMEOUT)) { if (assoc == NULL) { assoc = &list[i - 1].assoc6; } else if (rand() % 2) { assoc = &list[i - 1].assoc6; } } if (assoc != NULL) { memcpy(nodes[count].public_key, list[i - 1].public_key, CRYPTO_PUBLIC_KEY_SIZE); nodes[count].ip_port = assoc->ip_port; ++count; if (count >= max_num) { return count; } } } return count; } /* Put up to max_num nodes in nodes from the random friends. * * return the number of nodes. */ uint16_t randfriends_nodes(DHT *dht, Node_format *nodes, uint16_t max_num) { if (max_num == 0) { return 0; } uint16_t count = 0; unsigned int i, r = rand(); for (i = 0; i < DHT_FAKE_FRIEND_NUMBER; ++i) { count += list_nodes(dht->friends_list[(i + r) % DHT_FAKE_FRIEND_NUMBER].client_list, MAX_FRIEND_CLIENTS, nodes + count, max_num - count); if (count >= max_num) { break; } } return count; } /* Put up to max_num nodes in nodes from the closelist. * * return the number of nodes. */ uint16_t closelist_nodes(DHT *dht, Node_format *nodes, uint16_t max_num) { return list_nodes(dht->close_clientlist, LCLIENT_LIST, nodes, max_num); } #if DHT_HARDENING static void do_hardening(DHT *dht) { uint32_t i; for (i = 0; i < LCLIENT_LIST * 2; ++i) { IPPTsPng *cur_iptspng; sa_family_t sa_family; uint8_t *public_key = dht->close_clientlist[i / 2].public_key; if (i % 2 == 0) { cur_iptspng = &dht->close_clientlist[i / 2].assoc4; sa_family = AF_INET; } else { cur_iptspng = &dht->close_clientlist[i / 2].assoc6; sa_family = AF_INET6; } if (is_timeout(cur_iptspng->timestamp, BAD_NODE_TIMEOUT)) { continue; } if (cur_iptspng->hardening.send_nodes_ok == 0) { if (is_timeout(cur_iptspng->hardening.send_nodes_timestamp, HARDENING_INTERVAL)) { Node_format rand_node = random_node(dht, sa_family); if (!ipport_isset(&rand_node.ip_port)) { continue; } if (id_equal(public_key, rand_node.public_key)) { continue; } Node_format to_test; to_test.ip_port = cur_iptspng->ip_port; memcpy(to_test.public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE); // TODO(irungentoo): The search id should maybe not be ours? if (send_hardening_getnode_req(dht, &rand_node, &to_test, dht->self_public_key) > 0) { memcpy(cur_iptspng->hardening.send_nodes_pingedid, rand_node.public_key, CRYPTO_PUBLIC_KEY_SIZE); cur_iptspng->hardening.send_nodes_timestamp = unix_time(); } } } else { if (is_timeout(cur_iptspng->hardening.send_nodes_timestamp, HARDEN_TIMEOUT)) { cur_iptspng->hardening.send_nodes_ok = 0; } } // TODO(irungentoo): add the 2 other testers. } } #endif /*----------------------------------------------------------------------------------*/ void cryptopacket_registerhandler(DHT *dht, uint8_t byte, cryptopacket_handler_callback cb, void *object) { dht->cryptopackethandlers[byte].function = cb; dht->cryptopackethandlers[byte].object = object; } static int cryptopacket_handle(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata) { DHT *dht = (DHT *)object; if (packet[0] == NET_PACKET_CRYPTO) { if (length <= CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE + 1 + CRYPTO_MAC_SIZE || length > MAX_CRYPTO_REQUEST_SIZE + CRYPTO_MAC_SIZE) { return 1; } if (public_key_cmp(packet + 1, dht->self_public_key) == 0) { // Check if request is for us. uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE]; uint8_t data[MAX_CRYPTO_REQUEST_SIZE]; uint8_t number; int len = handle_request(dht->self_public_key, dht->self_secret_key, public_key, data, &number, packet, length); if (len == -1 || len == 0) { return 1; } if (!dht->cryptopackethandlers[number].function) { return 1; } return dht->cryptopackethandlers[number].function(dht->cryptopackethandlers[number].object, source, public_key, data, len, userdata); } /* If request is not for us, try routing it. */ int retval = route_packet(dht, packet + 1, packet, length); if ((unsigned int)retval == length) { return 0; } } return 1; } /*----------------------------------------------------------------------------------*/ DHT *new_DHT(Logger *log, Networking_Core *net, bool holepunching_enabled) { /* init time */ unix_time_update(); if (net == NULL) { return NULL; } DHT *dht = (DHT *)calloc(1, sizeof(DHT)); if (dht == NULL) { return NULL; } dht->log = log; dht->net = net; dht->hole_punching_enabled = holepunching_enabled; dht->ping = new_ping(dht); if (dht->ping == NULL) { kill_DHT(dht); return NULL; } networking_registerhandler(dht->net, NET_PACKET_GET_NODES, &handle_getnodes, dht); networking_registerhandler(dht->net, NET_PACKET_SEND_NODES_IPV6, &handle_sendnodes_ipv6, dht); networking_registerhandler(dht->net, NET_PACKET_CRYPTO, &cryptopacket_handle, dht); cryptopacket_registerhandler(dht, CRYPTO_PACKET_NAT_PING, &handle_NATping, dht); cryptopacket_registerhandler(dht, CRYPTO_PACKET_HARDENING, &handle_hardening, dht); new_symmetric_key(dht->secret_symmetric_key); crypto_new_keypair(dht->self_public_key, dht->self_secret_key); ping_array_init(&dht->dht_ping_array, DHT_PING_ARRAY_SIZE, PING_TIMEOUT); ping_array_init(&dht->dht_harden_ping_array, DHT_PING_ARRAY_SIZE, PING_TIMEOUT); uint32_t i; for (i = 0; i < DHT_FAKE_FRIEND_NUMBER; ++i) { uint8_t random_key_bytes[CRYPTO_PUBLIC_KEY_SIZE]; random_bytes(random_key_bytes, sizeof(random_key_bytes)); if (DHT_addfriend(dht, random_key_bytes, 0, 0, 0, 0) != 0) { kill_DHT(dht); return NULL; } } return dht; } void do_DHT(DHT *dht) { unix_time_update(); if (dht->last_run == unix_time()) { return; } // Load friends/clients if first call to do_DHT if (dht->loaded_num_nodes) { DHT_connect_after_load(dht); } do_Close(dht); do_DHT_friends(dht); do_NAT(dht); do_to_ping(dht->ping); #if DHT_HARDENING do_hardening(dht); #endif dht->last_run = unix_time(); } void kill_DHT(DHT *dht) { networking_registerhandler(dht->net, NET_PACKET_GET_NODES, NULL, NULL); networking_registerhandler(dht->net, NET_PACKET_SEND_NODES_IPV6, NULL, NULL); cryptopacket_registerhandler(dht, CRYPTO_PACKET_NAT_PING, NULL, NULL); cryptopacket_registerhandler(dht, CRYPTO_PACKET_HARDENING, NULL, NULL); ping_array_free_all(&dht->dht_ping_array); ping_array_free_all(&dht->dht_harden_ping_array); kill_ping(dht->ping); free(dht->friends_list); free(dht->loaded_nodes_list); free(dht); } /* new DHT format for load/save, more robust and forward compatible */ // TODO(irungentoo): Move this closer to Messenger. #define DHT_STATE_COOKIE_GLOBAL 0x159000d #define DHT_STATE_COOKIE_TYPE 0x11ce #define DHT_STATE_TYPE_NODES 4 #define MAX_SAVED_DHT_NODES (((DHT_FAKE_FRIEND_NUMBER * MAX_FRIEND_CLIENTS) + LCLIENT_LIST) * 2) /* Get the size of the DHT (for saving). */ uint32_t DHT_size(const DHT *dht) { uint32_t numv4 = 0, numv6 = 0, i, j; for (i = 0; i < LCLIENT_LIST; ++i) { numv4 += (dht->close_clientlist[i].assoc4.timestamp != 0); numv6 += (dht->close_clientlist[i].assoc6.timestamp != 0); } for (i = 0; i < DHT_FAKE_FRIEND_NUMBER && i < dht->num_friends; ++i) { DHT_Friend *fr = &dht->friends_list[i]; for (j = 0; j < MAX_FRIEND_CLIENTS; ++j) { numv4 += (fr->client_list[j].assoc4.timestamp != 0); numv6 += (fr->client_list[j].assoc6.timestamp != 0); } } uint32_t size32 = sizeof(uint32_t), sizesubhead = size32 * 2; return size32 + sizesubhead + (packed_node_size(AF_INET) * numv4) + (packed_node_size(AF_INET6) * numv6); } static uint8_t *z_state_save_subheader(uint8_t *data, uint32_t len, uint16_t type) { host_to_lendian32(data, len); data += sizeof(uint32_t); host_to_lendian32(data, (host_tolendian16(DHT_STATE_COOKIE_TYPE) << 16) | host_tolendian16(type)); data += sizeof(uint32_t); return data; } /* Save the DHT in data where data is an array of size DHT_size(). */ void DHT_save(DHT *dht, uint8_t *data) { host_to_lendian32(data, DHT_STATE_COOKIE_GLOBAL); data += sizeof(uint32_t); uint32_t num, i, j; uint8_t *old_data = data; /* get right offset. we write the actual header later. */ data = z_state_save_subheader(data, 0, 0); Node_format clients[MAX_SAVED_DHT_NODES]; for (num = 0, i = 0; i < LCLIENT_LIST; ++i) { if (dht->close_clientlist[i].assoc4.timestamp != 0) { memcpy(clients[num].public_key, dht->close_clientlist[i].public_key, CRYPTO_PUBLIC_KEY_SIZE); clients[num].ip_port = dht->close_clientlist[i].assoc4.ip_port; ++num; } if (dht->close_clientlist[i].assoc6.timestamp != 0) { memcpy(clients[num].public_key, dht->close_clientlist[i].public_key, CRYPTO_PUBLIC_KEY_SIZE); clients[num].ip_port = dht->close_clientlist[i].assoc6.ip_port; ++num; } } for (i = 0; i < DHT_FAKE_FRIEND_NUMBER && i < dht->num_friends; ++i) { DHT_Friend *fr = &dht->friends_list[i]; for (j = 0; j < MAX_FRIEND_CLIENTS; ++j) { if (fr->client_list[j].assoc4.timestamp != 0) { memcpy(clients[num].public_key, fr->client_list[j].public_key, CRYPTO_PUBLIC_KEY_SIZE); clients[num].ip_port = fr->client_list[j].assoc4.ip_port; ++num; } if (fr->client_list[j].assoc6.timestamp != 0) { memcpy(clients[num].public_key, fr->client_list[j].public_key, CRYPTO_PUBLIC_KEY_SIZE); clients[num].ip_port = fr->client_list[j].assoc6.ip_port; ++num; } } } z_state_save_subheader(old_data, pack_nodes(data, sizeof(Node_format) * num, clients, num), DHT_STATE_TYPE_NODES); } /* Bootstrap from this number of nodes every time DHT_connect_after_load() is called */ #define SAVE_BOOTSTAP_FREQUENCY 8 /* Start sending packets after DHT loaded_friends_list and loaded_clients_list are set */ int DHT_connect_after_load(DHT *dht) { if (dht == NULL) { return -1; } if (!dht->loaded_nodes_list) { return -1; } /* DHT is connected, stop. */ if (DHT_non_lan_connected(dht)) { free(dht->loaded_nodes_list); dht->loaded_nodes_list = NULL; dht->loaded_num_nodes = 0; return 0; } unsigned int i; for (i = 0; i < dht->loaded_num_nodes && i < SAVE_BOOTSTAP_FREQUENCY; ++i) { unsigned int index = dht->loaded_nodes_index % dht->loaded_num_nodes; DHT_bootstrap(dht, dht->loaded_nodes_list[index].ip_port, dht->loaded_nodes_list[index].public_key); ++dht->loaded_nodes_index; } return 0; } static int dht_load_state_callback(void *outer, const uint8_t *data, uint32_t length, uint16_t type) { DHT *dht = (DHT *)outer; switch (type) { case DHT_STATE_TYPE_NODES: if (length == 0) { break; } { free(dht->loaded_nodes_list); // Copy to loaded_clients_list dht->loaded_nodes_list = (Node_format *)calloc(MAX_SAVED_DHT_NODES, sizeof(Node_format)); int num = unpack_nodes(dht->loaded_nodes_list, MAX_SAVED_DHT_NODES, NULL, data, length, 0); if (num > 0) { dht->loaded_num_nodes = num; } else { dht->loaded_num_nodes = 0; } } /* localize declarations */ break; #ifdef TOX_DEBUG default: fprintf(stderr, "Load state (DHT): contains unrecognized part (len %u, type %u)\n", length, type); break; #endif } return 0; } /* Load the DHT from data of size size. * * return -1 if failure. * return 0 if success. */ int DHT_load(DHT *dht, const uint8_t *data, uint32_t length) { uint32_t cookie_len = sizeof(uint32_t); if (length > cookie_len) { uint32_t data32; lendian_to_host32(&data32, data); if (data32 == DHT_STATE_COOKIE_GLOBAL) { return load_state(dht_load_state_callback, dht, data + cookie_len, length - cookie_len, DHT_STATE_COOKIE_TYPE); } } return -1; } /* return 0 if we are not connected to the DHT. * return 1 if we are. */ int DHT_isconnected(const DHT *dht) { uint32_t i; unix_time_update(); for (i = 0; i < LCLIENT_LIST; ++i) { const Client_data *client = &dht->close_clientlist[i]; if (!is_timeout(client->assoc4.timestamp, BAD_NODE_TIMEOUT) || !is_timeout(client->assoc6.timestamp, BAD_NODE_TIMEOUT)) { return 1; } } return 0; } /* return 0 if we are not connected or only connected to lan peers with the DHT. * return 1 if we are. */ int DHT_non_lan_connected(const DHT *dht) { uint32_t i; unix_time_update(); for (i = 0; i < LCLIENT_LIST; ++i) { const Client_data *client = &dht->close_clientlist[i]; if (!is_timeout(client->assoc4.timestamp, BAD_NODE_TIMEOUT) && LAN_ip(client->assoc4.ip_port.ip) == -1) { return 1; } if (!is_timeout(client->assoc6.timestamp, BAD_NODE_TIMEOUT) && LAN_ip(client->assoc6.ip_port.ip) == -1) { return 1; } } return 0; }