Skip to content

Commit

Permalink
More debugging
Browse files Browse the repository at this point in the history
  • Loading branch information
cjdelisle committed Dec 20, 2011
1 parent e14c2e5 commit 7cc5e02
Show file tree
Hide file tree
Showing 9 changed files with 158 additions and 71 deletions.
97 changes: 61 additions & 36 deletions cjdroute.c
View file
Expand Up @@ -37,9 +37,7 @@ struct Context

struct CryptoAuth* ca;

// struct Interface* tun;

// struct UDPInterface* udpContext;
struct Interface* routerIf;

struct SwitchCore* switchCore;

Expand Down Expand Up @@ -100,35 +98,31 @@ static int genconf()
printf
(
"{\n"
" /**\n"
" * Private key:\n"
" * This key corrisponds to the public key: %s.k\n" /* publicKeyBase32 */
" * And the ipv6 address: %s\n" /* address */
" * Your confidentiality and data integrity depend on this key, keep it secret!\n"
" */\n"
" // Private key:\n"
" // This key corrisponds to the public key: %s.k\n" /* publicKeyBase32 */
" // And the ipv6 address: %s\n" /* address */
" // Your confidentiality and data integrity depend on this key, keep it secret!\n"
" //\n"
" \"privateKey\": \"%s\",\n" /* privateKeyHex */
"\n"
" /**\n"
" * Anyone connecting and offering these passwords on connection will be allowed in.\n"
" *\n"
" * WARNING: Currently there is no key derivation done on the password field,\n"
" * DO NOT USE A PASSWORD HERE use something which is truely random and\n"
" * cannot be guessed.\n"
" * Including a username in the beginning of the password string is encouraged\n"
" * to aid in remembering which users are who.\n"
" */\n"
" // Anyone connecting and offering these passwords on connection will be allowed in.\n"
" //\n"
" // WARNING: Currently there is no key derivation done on the password field,\n"
" // DO NOT USE A PASSWORD HERE use something which is truely random and\n"
" // cannot be guessed.\n"
" // Including a username in the beginning of the password string is encouraged\n"
" // to aid in remembering which users are who.\n"
" //\n"
" \"authorizedPasswords\": [\n"
" {\n"
" /** A unique string which is known to the client and server. */\n"
" // A unique string which is known to the client and server.\n"
" \"password\": \"Bob - 2Q4qAPGemxgrydSSetSmOWlE2YO8wYMSG2H1aBPolS3n\",\n"
"\n"
" /** the authentication type, currently only 1 is supported. */\n"
" // the authentication type, currently only 1 is supported.\n"
" \"authType\": 1,\n"
"\n"
" /**\n"
" * How much anti-flood trust to give a client\n"
" * who connects with this password.\n"
" */\n"
" // How much anti-flood trust to give a client\n"
" // who connects with this password.\n"
" \"trust\": 5000\n"
" },\n"
"\n"
Expand All @@ -140,31 +134,31 @@ static int genconf()
" },*/\n"
" ],\n"
"\n"
" /** Interfaces to connect to the switch core. */\n"
" // Interfaces to connect to the switch core.\n"
" \"interfaces\":\n"
" {\n"
" /** The interface which connects over UDP/IP based VPN tunnel. */\n"
" // The interface which connects over UDP/IP based VPN tunnel.\n"
" \"UDPInterface\":\n"
" {\n"
" /** Bind to this port. */\n"
" // Bind to this port.\n"
" \"bind\": \"127.0.0.1:10001\",\n"
"\n"
" /** Nodes to connect to. */\n"
" // Nodes to connect to.\n"
" \"connectTo\":\n"
" {\n"
" \"127.0.0.1:10000\":\n"
" {\n"
" /** Password to present when connecting. */\n"
" // Password to present when connecting.\n"
" \"password\": \"secret\",\n"
"\n"
" /** The method of authenticating, only 1 is supported for now. */\n"
" // The method of authenticating, only 1 is supported for now.\n"
" \"authType\": 1,\n"
"\n"
" /** The public key of the node to connect to. */\n"
" // The public key of the node to connect to.\n"
" \"publicKey\": "
"\"y39gwfy5259s8fj4khntfy95bx6wxu5lbm2m132yx0ucrk0ruyx0.k\",\n"
"\n"
" /** Anti-flood trust level. */\n"
" // Anti-flood trust level.\n"
" \"trust\": 9000\n"
" },\n"
" /* You may connect to as many other nodes as you want.\n"
Expand All @@ -178,7 +172,26 @@ static int genconf()
" */\n"
" }\n"
" }\n"
" },\n"
"\n"
" // Configuration for the router.\n"
" \"router\":\n"
" {\n"
" // The interface which is used for connecting to the cjdns network.\n"
" \"interface\":\n"
" {\n"
" // The type of interface (only TUNInterface is supported for now)\n"
" \"type\": \"TUNInterface\",\n"
"\n"
" // The path to the TUN device of a specific device should be used,\n"
" // this allows you to create a persistent TUN device with permissions set\n"
" // so that cjdns does not need to run as root.\n"
" //\"tunDevicePath\": \"/dev/net/tun0\"\n"
" }\n"
" }\n"
"\n"
" // Version of the config file, used internally for migration.\n"
" \"version\": 0\n"
"}\n",
publicKeyBase32,
address,
Expand Down Expand Up @@ -389,6 +402,17 @@ static void configureUDP(Dict* config, struct Context* ctx)
}
}

static void registerRouter(Dict* config, uint8_t myPubKey[32], struct Context* context)
{
Dict* iface = benc_lookupDictionary(config, BSTR("interface"));
if (benc_stringEquals(benc_lookupString(iface, BSTR("type")), BSTR("TUNInterface"))) {
String* tunPath = benc_lookupString(iface, BSTR("tunDevicePath"));
context->routerIf = TunInterface_new(tunPath, context->base, context->allocator);
}
context->routerModule =
RouterModule_register(context->registry, context->allocator, myPubKey, context->base);
}

int main(int argc, char** argv)
{
Crypto_init();
Expand Down Expand Up @@ -423,8 +447,10 @@ int main(int argc, char** argv)
context.registry = DHTModules_new(context.allocator);
ReplyModule_register(context.registry, context.allocator);

context.routerModule =
RouterModule_register(context.registry, context.allocator, myPubKey, context.base);
// Router
Dict* routerConf = benc_lookupDictionary(&config, BSTR("router"));
registerRouter(routerConf, myPubKey, &context);

SerializationModule_register(context.registry, context.allocator);

// Authed passwords.
Expand All @@ -446,11 +472,10 @@ int main(int argc, char** argv)
return -1;
}

//context.tun = TunInterface_new(NULL, context.base, context.allocator);

SwitchConnectorModule_register(privateKey,
context.registry,
context.routerModule,
context.routerIf,
context.switchCore,
context.base,
context.allocator);
Expand Down
34 changes: 25 additions & 9 deletions crypto/CryptoAuth.c
View file
Expand Up @@ -336,11 +336,13 @@ static inline uint32_t obfuscateNonce(uint32_t* nonce_be, struct Wrapper* wrappe
((uint32_t*)wrapper->context->publicKey));
}

static inline uint32_t deobfuscateNonce(uint32_t* nonce_be, struct Wrapper* wrapper)
static inline uint32_t deobfuscateNonce(uint32_t* nonce_be,
uint8_t herPublicKey[32],
struct Wrapper* wrapper)
{
return CryptoAuth_deobfuscateNonce(nonce_be,
((uint32_t*)wrapper->herPerminentPubKey),
((uint32_t*)wrapper->context->publicKey));
(uint32_t*) herPublicKey,
(uint32_t*)wrapper->context->publicKey);
}

static inline void obfuscateAuth(union Headers_AuthChallenge* auth, struct Wrapper* wrapper)
Expand Down Expand Up @@ -688,14 +690,18 @@ static void receiveMessage(struct Message* received, struct Interface* interface

Message_shift(received, -4);

uint32_t nonce = Endian_bigEndianToHost32(deobfuscateNonce(&header->nonce, wrapper));
uint32_t nonce;
if (!knowHerKey(wrapper) && received->length >= Headers_CryptoAuth_SIZE - 4) {
nonce = Endian_bigEndianToHost32(deobfuscateNonce(&header->nonce,
header->handshake.publicKey,
wrapper));
} else {
nonce = Endian_bigEndianToHost32(deobfuscateNonce(&header->nonce,
wrapper->herPerminentPubKey,
wrapper));
}

if (wrapper->nextNonce < 5) {
if (!knowHerKey(wrapper) && received->length >= sizeof(union Headers_CryptoAuth) - 4) {
memcpy(wrapper->herPerminentPubKey, header->handshake.publicKey, 32);
nonce = Endian_bigEndianToHost32(deobfuscateNonce(&header->nonce, wrapper));
memset(wrapper->herPerminentPubKey, 0, 32);
}
if (nonce > 3 && header->nonce != 0) {
uint8_t secret[32];
getSharedSecret(secret,
Expand Down Expand Up @@ -813,3 +819,13 @@ uint8_t* CryptoAuth_getHerPublicKey(struct Interface* interface)
{
return ((struct Wrapper*) interface->senderContext)->herPerminentPubKey;
}

void CryptoAuth_getSession(struct Session* output, struct Interface* interface)
{
struct Wrapper* wrapper = (struct Wrapper*) interface->senderContext;
output->isInitiator = wrapper->isInitiator;
output->nextNonce = wrapper->nextNonce;
memcpy(output->sharedSecret, wrapper->secret, 32);
assert(!wrapper->authenticatePackets);
output->exists = true;
}
3 changes: 3 additions & 0 deletions crypto/CryptoAuth.h
View file
Expand Up @@ -4,6 +4,7 @@
#include <stdint.h>
#include <stdbool.h>

#include "crypto/Session.h"
#include "interface/Interface.h"
#include "libbenc/benc.h"
#include "memory/MemAllocator.h"
Expand Down Expand Up @@ -149,4 +150,6 @@ static inline uint32_t CryptoAuth_obfuscateNonce(uint32_t nonceAndSalt[2],
#define CryptoAuth_deobfuscateNonce(nonceAndData, theirKey, ourKey) \
CryptoAuth_obfuscateNonce(nonceAndData, ourKey, theirKey)

void CryptoAuth_getSession(struct Session* output, struct Interface* interface);

#endif
1 change: 1 addition & 0 deletions crypto/test/Exports.c
View file
Expand Up @@ -5,6 +5,7 @@
#define CryptoAuth_setAuth Export_CryptoAuth_setAuth
#define CryptoAuth_getPublicKey Export_CryptoAuth_getPublicKey
#define CryptoAuth_getHerPublicKey Export_CryptoAuth_getHerPublicKey
#define CryptoAuth_getSession Exports_CryptoAuth_getSession

#include "crypto/CryptoAuth.c"

Expand Down

0 comments on commit 7cc5e02

Please sign in to comment.