lokinet/llarp/service/protocol.cpp

455 lines
13 KiB
C++
Raw Normal View History

#include <service/protocol.hpp>
2019-04-10 13:19:32 +00:00
#include <path/path.hpp>
2018-12-12 02:04:32 +00:00
#include <routing/handler.hpp>
#include <util/buffer.hpp>
2019-01-11 01:19:36 +00:00
#include <util/logic.hpp>
#include <util/mem.hpp>
2019-06-02 21:19:10 +00:00
#include <util/memfn.hpp>
2019-07-30 23:42:13 +00:00
#include <utility>
2018-07-19 04:58:39 +00:00
namespace llarp
{
namespace service
{
2018-07-22 23:14:29 +00:00
ProtocolMessage::ProtocolMessage()
2018-07-19 04:58:39 +00:00
{
2018-08-09 19:02:17 +00:00
tag.Zero();
2018-07-19 04:58:39 +00:00
}
2018-08-09 19:02:17 +00:00
ProtocolMessage::ProtocolMessage(const ConvoTag& t) : tag(t)
2018-07-19 04:58:39 +00:00
{
}
2019-07-30 23:42:13 +00:00
ProtocolMessage::~ProtocolMessage() = default;
2018-07-19 04:58:39 +00:00
void
ProtocolMessage::PutBuffer(const llarp_buffer_t& buf)
2018-07-19 04:58:39 +00:00
{
payload.resize(buf.sz);
memcpy(payload.data(), buf.base, buf.sz);
}
2018-07-22 23:14:29 +00:00
2018-08-09 19:02:17 +00:00
void
2019-06-28 14:12:20 +00:00
ProtocolMessage::ProcessAsync(path::Path_ptr path, PathID_t from,
2019-06-14 13:13:06 +00:00
std::shared_ptr< ProtocolMessage > self)
2018-08-09 19:02:17 +00:00
{
2019-06-28 14:12:20 +00:00
if(!self->handler->HandleDataMessage(path, from, self))
2019-06-14 13:13:06 +00:00
LogWarn("failed to handle data message from ", path->Name());
2018-08-09 19:02:17 +00:00
}
bool
ProtocolMessage::DecodeKey(const llarp_buffer_t& k, llarp_buffer_t* buf)
2018-08-09 19:02:17 +00:00
{
bool read = false;
if(!BEncodeMaybeReadDictInt("a", proto, read, k, buf))
return false;
if(k == "d")
2018-08-09 19:02:17 +00:00
{
llarp_buffer_t strbuf;
if(!bencode_read_string(buf, &strbuf))
return false;
PutBuffer(strbuf);
return true;
}
if(!BEncodeMaybeReadDictEntry("i", introReply, read, k, buf))
return false;
if(!BEncodeMaybeReadDictInt("n", seqno, read, k, buf))
return false;
2018-08-09 19:02:17 +00:00
if(!BEncodeMaybeReadDictEntry("s", sender, read, k, buf))
return false;
if(!BEncodeMaybeReadDictEntry("t", tag, read, k, buf))
return false;
if(!BEncodeMaybeReadDictInt("v", version, read, k, buf))
return false;
return read;
}
bool
ProtocolMessage::BEncode(llarp_buffer_t* buf) const
{
if(!bencode_start_dict(buf))
return false;
if(!BEncodeWriteDictInt("a", proto, buf))
return false;
if(!bencode_write_bytestring(buf, "d", 1))
return false;
if(!bencode_write_bytestring(buf, payload.data(), payload.size()))
return false;
if(!BEncodeWriteDictEntry("i", introReply, buf))
return false;
if(!BEncodeWriteDictInt("n", seqno, buf))
return false;
2018-08-09 19:02:17 +00:00
if(!BEncodeWriteDictEntry("s", sender, buf))
return false;
if(!tag.IsZero())
{
if(!BEncodeWriteDictEntry("t", tag, buf))
return false;
}
2018-09-17 15:32:37 +00:00
if(!BEncodeWriteDictInt("v", version, buf))
2018-08-09 19:02:17 +00:00
return false;
return bencode_end(buf);
}
2019-07-30 23:42:13 +00:00
ProtocolFrame::~ProtocolFrame() = default;
2018-07-22 23:14:29 +00:00
bool
ProtocolFrame::BEncode(llarp_buffer_t* buf) const
{
if(!bencode_start_dict(buf))
return false;
2018-08-12 17:22:29 +00:00
if(!BEncodeWriteDictMsgType(buf, "A", "H"))
return false;
if(!C.IsZero())
2018-07-22 23:14:29 +00:00
{
if(!BEncodeWriteDictEntry("C", C, buf))
2018-07-22 23:14:29 +00:00
return false;
}
2019-03-08 16:00:45 +00:00
if(D.size() > 0)
{
if(!BEncodeWriteDictEntry("D", D, buf))
return false;
}
if(!BEncodeWriteDictEntry("F", F, buf))
return false;
2019-03-08 16:00:45 +00:00
if(!N.IsZero())
{
if(!BEncodeWriteDictEntry("N", N, buf))
return false;
}
if(R)
{
if(!BEncodeWriteDictInt("R", R, buf))
return false;
}
if(!T.IsZero())
2018-08-09 19:02:17 +00:00
{
if(!BEncodeWriteDictEntry("T", T, buf))
return false;
}
if(!BEncodeWriteDictInt("V", version, buf))
2018-07-22 23:14:29 +00:00
return false;
if(!BEncodeWriteDictEntry("Z", Z, buf))
return false;
return bencode_end(buf);
}
bool
ProtocolFrame::DecodeKey(const llarp_buffer_t& key, llarp_buffer_t* val)
2018-07-22 23:14:29 +00:00
{
bool read = false;
if(key == "A")
2018-08-12 17:22:29 +00:00
{
llarp_buffer_t strbuf;
if(!bencode_read_string(val, &strbuf))
return false;
if(strbuf.sz != 1)
return false;
return *strbuf.cur == 'H';
}
2018-07-22 23:14:29 +00:00
if(!BEncodeMaybeReadDictEntry("D", D, read, key, val))
return false;
if(!BEncodeMaybeReadDictEntry("F", F, read, key, val))
return false;
if(!BEncodeMaybeReadDictEntry("C", C, read, key, val))
2018-07-22 23:14:29 +00:00
return false;
if(!BEncodeMaybeReadDictEntry("N", N, read, key, val))
return false;
if(!BEncodeMaybeReadDictInt("S", S, read, key, val))
return false;
2019-03-08 16:00:45 +00:00
if(!BEncodeMaybeReadDictInt("R", R, read, key, val))
return false;
2018-08-09 19:02:17 +00:00
if(!BEncodeMaybeReadDictEntry("T", T, read, key, val))
return false;
2018-07-22 23:14:29 +00:00
if(!BEncodeMaybeReadVersion("V", version, LLARP_PROTO_VERSION, read, key,
val))
return false;
if(!BEncodeMaybeReadDictEntry("Z", Z, read, key, val))
return false;
return read;
}
2018-08-09 19:02:17 +00:00
bool
ProtocolFrame::DecryptPayloadInto(const SharedSecret& sharedkey,
ProtocolMessage& msg) const
2018-08-09 19:02:17 +00:00
{
2018-12-20 16:49:05 +00:00
Encrypted_t tmp = D;
auto buf = tmp.Buffer();
CryptoManager::instance()->xchacha20(*buf, sharedkey, N);
2019-05-24 02:01:36 +00:00
return bencode_decode_dict(msg, buf);
2018-08-09 19:02:17 +00:00
}
2019-03-08 16:00:45 +00:00
bool
ProtocolFrame::Sign(const Identity& localIdent)
2019-03-08 16:00:45 +00:00
{
Z.Zero();
std::array< byte_t, MAX_PROTOCOL_MESSAGE_SIZE > tmp;
llarp_buffer_t buf(tmp);
// encode
if(!BEncode(&buf))
{
LogError("message too big to encode");
2019-03-08 16:00:45 +00:00
return false;
}
// rewind
buf.sz = buf.cur - buf.base;
buf.cur = buf.base;
// sign
return localIdent.Sign(Z, buf);
2019-03-08 16:00:45 +00:00
}
2018-07-22 23:14:29 +00:00
bool
ProtocolFrame::EncryptAndSign(const ProtocolMessage& msg,
const SharedSecret& sessionKey,
const Identity& localIdent)
2018-07-22 23:14:29 +00:00
{
2019-02-02 23:12:42 +00:00
std::array< byte_t, MAX_PROTOCOL_MESSAGE_SIZE > tmp;
llarp_buffer_t buf(tmp);
2018-08-14 21:17:18 +00:00
// encode message
if(!msg.BEncode(&buf))
2018-09-19 17:04:55 +00:00
{
LogError("message too big to encode");
2018-08-14 21:17:18 +00:00
return false;
2018-09-19 17:04:55 +00:00
}
2018-08-14 21:17:18 +00:00
// rewind
buf.sz = buf.cur - buf.base;
buf.cur = buf.base;
// encrypt
CryptoManager::instance()->xchacha20(buf, sessionKey, N);
2018-08-14 21:17:18 +00:00
// put encrypted buffer
D = buf;
// zero out signature
Z.Zero();
2019-02-02 23:12:42 +00:00
llarp_buffer_t buf2(tmp);
2018-08-14 21:17:18 +00:00
// encode frame
2018-09-21 12:47:07 +00:00
if(!BEncode(&buf2))
2018-09-19 17:04:55 +00:00
{
LogError("frame too big to encode");
DumpBuffer(buf2);
2018-07-22 23:14:29 +00:00
return false;
2018-09-19 17:04:55 +00:00
}
2018-07-22 23:14:29 +00:00
// rewind
2018-09-21 12:47:07 +00:00
buf2.sz = buf2.cur - buf2.base;
buf2.cur = buf2.base;
2018-07-22 23:14:29 +00:00
// sign
if(!localIdent.Sign(Z, buf2))
2018-09-19 17:04:55 +00:00
{
LogError("failed to sign? wtf?!");
2018-09-19 17:04:55 +00:00
return false;
}
return true;
2018-07-22 23:14:29 +00:00
}
2018-08-14 21:17:18 +00:00
struct AsyncFrameDecrypt
2018-08-09 19:02:17 +00:00
{
2019-06-14 13:13:06 +00:00
path::Path_ptr path;
2019-05-22 16:20:50 +00:00
std::shared_ptr< Logic > logic;
2019-05-03 13:15:03 +00:00
std::shared_ptr< ProtocolMessage > msg;
const Identity& m_LocalIdentity;
2018-08-09 19:02:17 +00:00
IDataHandler* handler;
2018-09-17 16:12:42 +00:00
const ProtocolFrame frame;
2019-04-10 13:19:32 +00:00
const Introduction fromIntro;
2018-08-09 19:02:17 +00:00
AsyncFrameDecrypt(std::shared_ptr< Logic > l, const Identity& localIdent,
2019-07-30 23:42:13 +00:00
IDataHandler* h, std::shared_ptr< ProtocolMessage > m,
const ProtocolFrame& f, const Introduction& recvIntro)
2019-07-30 23:42:13 +00:00
: logic(std::move(l))
, msg(std::move(m))
, m_LocalIdentity(localIdent)
2018-08-09 19:02:17 +00:00
, handler(h)
, frame(f)
2019-04-10 13:19:32 +00:00
, fromIntro(recvIntro)
2018-08-09 19:02:17 +00:00
{
}
static void
Work(void* user)
{
2019-07-30 23:42:13 +00:00
auto* self = static_cast< AsyncFrameDecrypt* >(user);
auto crypto = CryptoManager::instance();
SharedSecret K;
SharedSecret sharedKey;
// copy
2018-09-17 16:12:42 +00:00
ProtocolFrame frame(self->frame);
if(!crypto->pqe_decrypt(self->frame.C, K,
pq_keypair_to_secret(self->m_LocalIdentity.pq)))
2018-08-09 19:02:17 +00:00
{
LogError("pqke failed C=", self->frame.C);
2019-05-03 13:15:03 +00:00
self->msg.reset();
2018-08-09 19:02:17 +00:00
delete self;
return;
}
2018-08-14 21:17:18 +00:00
// decrypt
auto buf = frame.D.Buffer();
2018-09-17 16:12:42 +00:00
crypto->xchacha20(*buf, K, self->frame.N);
2019-05-24 02:01:36 +00:00
if(!bencode_decode_dict(*self->msg, buf))
2018-08-09 19:02:17 +00:00
{
LogError("failed to decode inner protocol message");
DumpBuffer(*buf);
2019-05-03 13:15:03 +00:00
self->msg.reset();
2018-08-09 19:02:17 +00:00
delete self;
return;
}
// verify signature of outer message after we parsed the inner message
if(!self->frame.Verify(self->msg->sender))
{
LogError("intro frame has invalid signature Z=", self->frame.Z,
" from ", self->msg->sender.Addr());
2019-05-24 02:01:36 +00:00
Dump< MAX_PROTOCOL_MESSAGE_SIZE >(self->frame);
Dump< MAX_PROTOCOL_MESSAGE_SIZE >(*self->msg);
2019-05-03 13:15:03 +00:00
self->msg.reset();
delete self;
return;
}
2019-04-12 18:37:43 +00:00
if(self->handler->HasConvoTag(self->msg->tag))
{
LogError("dropping duplicate convo tag T=", self->msg->tag);
2019-04-12 18:37:43 +00:00
// TODO: send convotag reset
2019-05-03 13:15:03 +00:00
self->msg.reset();
2019-04-12 18:37:43 +00:00
delete self;
return;
}
// PKE (A, B, N)
SharedSecret sharedSecret;
2019-06-02 21:19:10 +00:00
path_dh_func dh_server =
util::memFn(&Crypto::dh_server, CryptoManager::instance());
if(!self->m_LocalIdentity.KeyExchange(dh_server, sharedSecret,
2018-09-17 16:12:42 +00:00
self->msg->sender, self->frame.N))
{
LogError("x25519 key exchange failed");
2019-05-24 02:01:36 +00:00
Dump< MAX_PROTOCOL_MESSAGE_SIZE >(self->frame);
2019-05-03 13:15:03 +00:00
self->msg.reset();
delete self;
return;
}
std::array< byte_t, 64 > tmp;
// K
std::copy(K.begin(), K.end(), tmp.begin());
// S = HS( K + PKE( A, B, N))
std::copy(sharedSecret.begin(), sharedSecret.end(), tmp.begin() + 32);
2019-02-02 23:12:42 +00:00
crypto->shorthash(sharedKey, llarp_buffer_t(tmp));
2018-08-09 19:02:17 +00:00
self->handler->PutIntroFor(self->msg->tag, self->msg->introReply);
2019-04-10 13:19:32 +00:00
self->handler->PutReplyIntroFor(self->msg->tag, self->fromIntro);
self->handler->PutSenderFor(self->msg->tag, self->msg->sender, true);
self->handler->PutCachedSessionKeyFor(self->msg->tag, sharedKey);
2019-05-03 13:15:03 +00:00
self->msg->handler = self->handler;
std::shared_ptr< ProtocolMessage > msg = std::move(self->msg);
2019-06-14 13:13:06 +00:00
path::Path_ptr path = std::move(self->path);
2019-07-01 13:44:25 +00:00
const PathID_t from = self->frame.F;
2019-06-14 13:13:06 +00:00
self->logic->queue_func(
2019-06-28 14:12:20 +00:00
[=]() { ProtocolMessage::ProcessAsync(path, from, msg); });
2018-08-09 19:02:17 +00:00
delete self;
}
};
2018-08-14 21:17:18 +00:00
ProtocolFrame&
ProtocolFrame::operator=(const ProtocolFrame& other)
{
C = other.C;
D = other.D;
F = other.F;
N = other.N;
Z = other.Z;
T = other.T;
2019-03-08 16:00:45 +00:00
R = other.R;
2018-09-17 13:28:26 +00:00
S = other.S;
version = other.version;
2018-08-14 21:17:18 +00:00
return *this;
}
2018-08-09 19:02:17 +00:00
bool
2019-07-09 13:47:24 +00:00
ProtocolFrame::AsyncDecryptAndVerify(
std::shared_ptr< Logic > logic, path::Path_ptr recvPath,
const std::shared_ptr< llarp::thread::ThreadPool >& worker,
const Identity& localIdent, IDataHandler* handler) const
2018-08-09 19:02:17 +00:00
{
2019-05-03 13:15:03 +00:00
auto msg = std::make_shared< ProtocolMessage >();
2018-08-14 21:17:18 +00:00
if(T.IsZero())
2018-08-09 19:02:17 +00:00
{
LogInfo("Got protocol frame with new convo");
2018-08-09 19:02:17 +00:00
// we need to dh
2019-06-14 13:13:06 +00:00
auto dh = new AsyncFrameDecrypt(logic, localIdent, handler, msg, *this,
recvPath->intro);
2019-06-14 13:13:06 +00:00
dh->path = recvPath;
2019-07-09 13:47:24 +00:00
return worker->addJob(std::bind(&AsyncFrameDecrypt::Work, dh));
2018-08-09 19:02:17 +00:00
}
SharedSecret shared;
2018-08-09 19:02:17 +00:00
if(!handler->GetCachedSessionKeyFor(T, shared))
{
LogError("No cached session for T=", T);
2018-08-09 19:02:17 +00:00
return false;
}
ServiceInfo si;
if(!handler->GetSenderFor(T, si))
{
LogError("No sender for T=", T);
2018-08-09 19:02:17 +00:00
return false;
}
if(!Verify(si))
2018-08-09 19:02:17 +00:00
{
LogError("Signature failure from ", si.Addr());
2018-08-09 19:02:17 +00:00
return false;
}
if(!DecryptPayloadInto(shared, *msg))
2018-08-09 19:02:17 +00:00
{
LogError("failed to decrypt message");
2018-08-09 19:02:17 +00:00
return false;
}
if(T != msg->tag && !msg->tag.IsZero())
{
2019-08-09 12:17:01 +00:00
LogError("convotag missmatch: ", T, " != ", msg->tag);
return false;
}
2019-08-02 09:27:27 +00:00
msg->handler = handler;
const PathID_t fromPath = F;
2019-06-14 13:13:06 +00:00
logic->queue_func(
2019-08-02 09:27:27 +00:00
[=]() { ProtocolMessage::ProcessAsync(recvPath, fromPath, msg); });
2018-08-09 19:02:17 +00:00
return true;
}
2018-09-17 15:32:37 +00:00
bool
ProtocolFrame::operator==(const ProtocolFrame& other) const
{
return C == other.C && D == other.D && N == other.N && Z == other.Z
&& T == other.T && S == other.S && version == other.version;
}
2018-07-22 23:14:29 +00:00
bool
2019-08-02 09:27:27 +00:00
ProtocolFrame::Verify(const ServiceInfo& svc) const
2018-07-22 23:14:29 +00:00
{
2018-09-17 13:28:26 +00:00
ProtocolFrame copy(*this);
2018-07-22 23:14:29 +00:00
// save signature
// zero out signature for verify
2018-08-09 19:02:17 +00:00
copy.Z.Zero();
2018-07-22 23:14:29 +00:00
// serialize
2019-02-02 23:12:42 +00:00
std::array< byte_t, MAX_PROTOCOL_MESSAGE_SIZE > tmp;
llarp_buffer_t buf(tmp);
2018-09-17 15:32:37 +00:00
if(!copy.BEncode(&buf))
2018-07-22 23:14:29 +00:00
{
LogError("bencode fail");
2018-09-17 15:32:37 +00:00
return false;
2018-07-22 23:14:29 +00:00
}
2018-09-17 15:32:37 +00:00
// rewind buffer
buf.sz = buf.cur - buf.base;
buf.cur = buf.base;
// verify
2019-08-02 09:27:27 +00:00
return svc.Verify(buf, Z);
2018-07-22 23:14:29 +00:00
}
bool
ProtocolFrame::HandleMessage(routing::IMessageHandler* h,
ABSL_ATTRIBUTE_UNUSED AbstractRouter* r) const
{
return h->HandleHiddenServiceFrame(*this);
}
2018-07-19 04:58:39 +00:00
} // namespace service
} // namespace llarp