1 /* SPDX-License-Identifier: GPL-3.0-or-later
2 * Copyright © 2016-2018 The TokTok team.
3 * Copyright © 2013 Tox project.
4 */
5
6 /*
7 * An implementation of the DHT as seen in docs/updates/DHT.md
8 */
9 #ifdef HAVE_CONFIG_H
10 #include "config.h"
11 #endif
12
13 #include "DHT.h"
14
15 #include "LAN_discovery.h"
16 #include "logger.h"
17 #include "mono_time.h"
18 #include "network.h"
19 #include "ping.h"
20 #include "state.h"
21 #include "util.h"
22
23 #include <assert.h>
24 #include <stdlib.h>
25 #include <string.h>
26
27 /* The timeout after which a node is discarded completely. */
28 #define KILL_NODE_TIMEOUT (BAD_NODE_TIMEOUT + PING_INTERVAL)
29
30 /* Ping interval in seconds for each random sending of a get nodes request. */
31 #define GET_NODE_INTERVAL 20
32
33 #define MAX_PUNCHING_PORTS 48
34
35 /* Interval in seconds between punching attempts*/
36 #define PUNCH_INTERVAL 3
37
38 /* Time in seconds after which punching parameters will be reset */
39 #define PUNCH_RESET_TIME 40
40
41 #define MAX_NORMAL_PUNCHING_TRIES 5
42
43 #define NAT_PING_REQUEST 0
44 #define NAT_PING_RESPONSE 1
45
46 /* Number of get node requests to send to quickly find close nodes. */
47 #define MAX_BOOTSTRAP_TIMES 5
48
49 typedef struct DHT_Friend_Callback {
50 dht_ip_cb *ip_callback;
51 void *data;
52 int32_t number;
53 } DHT_Friend_Callback;
54
55 struct DHT_Friend {
56 uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE];
57 Client_data client_list[MAX_FRIEND_CLIENTS];
58
59 /* Time at which the last get_nodes request was sent. */
60 uint64_t lastgetnode;
61 /* number of times get_node packets were sent. */
62 uint32_t bootstrap_times;
63
64 /* Symmetric NAT hole punching stuff. */
65 NAT nat;
66
67 uint16_t lock_count;
68 DHT_Friend_Callback callbacks[DHT_FRIEND_MAX_LOCKS];
69
70 Node_format to_bootstrap[MAX_SENT_NODES];
71 unsigned int num_to_bootstrap;
72 };
73
74 typedef struct Cryptopacket_Handler {
75 cryptopacket_handler_cb *function;
76 void *object;
77 } Cryptopacket_Handler;
78
79 struct DHT {
80 const Logger *log;
81 Mono_Time *mono_time;
82 Networking_Core *net;
83
84 bool hole_punching_enabled;
85
86 Client_data close_clientlist[LCLIENT_LIST];
87 uint64_t close_lastgetnodes;
88 uint32_t close_bootstrap_times;
89
90 /* DHT keypair */
91 uint8_t self_public_key[CRYPTO_PUBLIC_KEY_SIZE];
92 uint8_t self_secret_key[CRYPTO_SECRET_KEY_SIZE];
93
94 DHT_Friend *friends_list;
95 uint16_t num_friends;
96
97 Node_format *loaded_nodes_list;
98 uint32_t loaded_num_nodes;
99 unsigned int loaded_nodes_index;
100
101 Shared_Keys shared_keys_recv;
102 Shared_Keys shared_keys_sent;
103
104 struct Ping *ping;
105 Ping_Array *dht_ping_array;
106 Ping_Array *dht_harden_ping_array;
107 uint64_t last_run;
108
109 Cryptopacket_Handler cryptopackethandlers[256];
110
111 Node_format to_bootstrap[MAX_CLOSE_TO_BOOTSTRAP_NODES];
112 unsigned int num_to_bootstrap;
113 };
114
dht_friend_public_key(const DHT_Friend * dht_friend)115 const uint8_t *dht_friend_public_key(const DHT_Friend *dht_friend)
116 {
117 return dht_friend->public_key;
118 }
119
dht_friend_client(const DHT_Friend * dht_friend,size_t index)120 const Client_data *dht_friend_client(const DHT_Friend *dht_friend, size_t index)
121 {
122 return &dht_friend->client_list[index];
123 }
124
dht_get_self_public_key(const DHT * dht)125 const uint8_t *dht_get_self_public_key(const DHT *dht)
126 {
127 return dht->self_public_key;
128 }
dht_get_self_secret_key(const DHT * dht)129 const uint8_t *dht_get_self_secret_key(const DHT *dht)
130 {
131 return dht->self_secret_key;
132 }
133
dht_set_self_public_key(DHT * dht,const uint8_t * key)134 void dht_set_self_public_key(DHT *dht, const uint8_t *key)
135 {
136 memcpy(dht->self_public_key, key, CRYPTO_PUBLIC_KEY_SIZE);
137 }
dht_set_self_secret_key(DHT * dht,const uint8_t * key)138 void dht_set_self_secret_key(DHT *dht, const uint8_t *key)
139 {
140 memcpy(dht->self_secret_key, key, CRYPTO_SECRET_KEY_SIZE);
141 }
142
dht_get_net(const DHT * dht)143 Networking_Core *dht_get_net(const DHT *dht)
144 {
145 return dht->net;
146 }
dht_get_ping(const DHT * dht)147 struct Ping *dht_get_ping(const DHT *dht)
148 {
149 return dht->ping;
150 }
dht_get_close_clientlist(const DHT * dht)151 const Client_data *dht_get_close_clientlist(const DHT *dht)
152 {
153 return dht->close_clientlist;
154 }
dht_get_close_client(const DHT * dht,uint32_t client_num)155 const Client_data *dht_get_close_client(const DHT *dht, uint32_t client_num)
156 {
157 assert(client_num < sizeof(dht->close_clientlist) / sizeof(dht->close_clientlist[0]));
158 return &dht->close_clientlist[client_num];
159 }
dht_get_num_friends(const DHT * dht)160 uint16_t dht_get_num_friends(const DHT *dht)
161 {
162 return dht->num_friends;
163 }
164
dht_get_friend(DHT * dht,uint32_t friend_num)165 DHT_Friend *dht_get_friend(DHT *dht, uint32_t friend_num)
166 {
167 assert(friend_num < dht->num_friends);
168 return &dht->friends_list[friend_num];
169 }
dht_get_friend_public_key(const DHT * dht,uint32_t friend_num)170 const uint8_t *dht_get_friend_public_key(const DHT *dht, uint32_t friend_num)
171 {
172 assert(friend_num < dht->num_friends);
173 return dht->friends_list[friend_num].public_key;
174 }
175
assoc_timeout(uint64_t cur_time,const IPPTsPng * assoc)176 static bool assoc_timeout(uint64_t cur_time, const IPPTsPng *assoc)
177 {
178 return (assoc->timestamp + BAD_NODE_TIMEOUT) <= cur_time;
179 }
180
181 /* Compares pk1 and pk2 with pk.
182 *
183 * return 0 if both are same distance.
184 * return 1 if pk1 is closer.
185 * return 2 if pk2 is closer.
186 */
id_closest(const uint8_t * pk,const uint8_t * pk1,const uint8_t * pk2)187 int id_closest(const uint8_t *pk, const uint8_t *pk1, const uint8_t *pk2)
188 {
189 for (size_t i = 0; i < CRYPTO_PUBLIC_KEY_SIZE; ++i) {
190 const uint8_t distance1 = pk[i] ^ pk1[i];
191 const uint8_t distance2 = pk[i] ^ pk2[i];
192
193 if (distance1 < distance2) {
194 return 1;
195 }
196
197 if (distance1 > distance2) {
198 return 2;
199 }
200 }
201
202 return 0;
203 }
204
205 /* Return index of first unequal bit number.
206 */
bit_by_bit_cmp(const uint8_t * pk1,const uint8_t * pk2)207 static unsigned int bit_by_bit_cmp(const uint8_t *pk1, const uint8_t *pk2)
208 {
209 unsigned int i;
210 unsigned int j = 0;
211
212 for (i = 0; i < CRYPTO_PUBLIC_KEY_SIZE; ++i) {
213 if (pk1[i] == pk2[i]) {
214 continue;
215 }
216
217 for (j = 0; j < 8; ++j) {
218 const uint8_t mask = 1 << (7 - j);
219
220 if ((pk1[i] & mask) != (pk2[i] & mask)) {
221 break;
222 }
223 }
224
225 break;
226 }
227
228 return i * 8 + j;
229 }
230
231 /* Shared key generations are costly, it is therefore smart to store commonly used
232 * ones so that they can re used later without being computed again.
233 *
234 * If shared key is already in shared_keys, copy it to shared_key.
235 * else generate it into shared_key and copy it to shared_keys
236 */
get_shared_key(const Mono_Time * mono_time,Shared_Keys * shared_keys,uint8_t * shared_key,const uint8_t * secret_key,const uint8_t * public_key)237 void get_shared_key(const Mono_Time *mono_time, Shared_Keys *shared_keys, uint8_t *shared_key,
238 const uint8_t *secret_key, const uint8_t *public_key)
239 {
240 uint32_t num = -1;
241 uint32_t curr = 0;
242
243 for (uint32_t i = 0; i < MAX_KEYS_PER_SLOT; ++i) {
244 const int index = public_key[30] * MAX_KEYS_PER_SLOT + i;
245 Shared_Key *const key = &shared_keys->keys[index];
246
247 if (key->stored) {
248 if (id_equal(public_key, key->public_key)) {
249 memcpy(shared_key, key->shared_key, CRYPTO_SHARED_KEY_SIZE);
250 ++key->times_requested;
251 key->time_last_requested = mono_time_get(mono_time);
252 return;
253 }
254
255 if (num != 0) {
256 if (mono_time_is_timeout(mono_time, key->time_last_requested, KEYS_TIMEOUT)) {
257 num = 0;
258 curr = index;
259 } else if (num > key->times_requested) {
260 num = key->times_requested;
261 curr = index;
262 }
263 }
264 } else if (num != 0) {
265 num = 0;
266 curr = index;
267 }
268 }
269
270 encrypt_precompute(public_key, secret_key, shared_key);
271
272 if (num != UINT32_MAX) {
273 Shared_Key *const key = &shared_keys->keys[curr];
274 key->stored = true;
275 key->times_requested = 1;
276 memcpy(key->public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
277 memcpy(key->shared_key, shared_key, CRYPTO_SHARED_KEY_SIZE);
278 key->time_last_requested = mono_time_get(mono_time);
279 }
280 }
281
282 /* Copy shared_key to encrypt/decrypt DHT packet from public_key into shared_key
283 * for packets that we receive.
284 */
dht_get_shared_key_recv(DHT * dht,uint8_t * shared_key,const uint8_t * public_key)285 void dht_get_shared_key_recv(DHT *dht, uint8_t *shared_key, const uint8_t *public_key)
286 {
287 get_shared_key(dht->mono_time, &dht->shared_keys_recv, shared_key, dht->self_secret_key, public_key);
288 }
289
290 /* Copy shared_key to encrypt/decrypt DHT packet from public_key into shared_key
291 * for packets that we send.
292 */
dht_get_shared_key_sent(DHT * dht,uint8_t * shared_key,const uint8_t * public_key)293 void dht_get_shared_key_sent(DHT *dht, uint8_t *shared_key, const uint8_t *public_key)
294 {
295 get_shared_key(dht->mono_time, &dht->shared_keys_sent, shared_key, dht->self_secret_key, public_key);
296 }
297
298 #define CRYPTO_SIZE (1 + CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE)
299
300 /* Create a request to peer.
301 * send_public_key and send_secret_key are the pub/secret keys of the sender.
302 * recv_public_key is public key of receiver.
303 * packet must be an array of MAX_CRYPTO_REQUEST_SIZE big.
304 * Data represents the data we send with the request with length being the length of the data.
305 * request_id is the id of the request (32 = friend request, 254 = ping request).
306 *
307 * return -1 on failure.
308 * return the length of the created packet on success.
309 */
create_request(const uint8_t * send_public_key,const uint8_t * send_secret_key,uint8_t * packet,const uint8_t * recv_public_key,const uint8_t * data,uint32_t length,uint8_t request_id)310 int create_request(const uint8_t *send_public_key, const uint8_t *send_secret_key, uint8_t *packet,
311 const uint8_t *recv_public_key, const uint8_t *data, uint32_t length, uint8_t request_id)
312 {
313 if (!send_public_key || !packet || !recv_public_key || !data) {
314 return -1;
315 }
316
317 if (MAX_CRYPTO_REQUEST_SIZE < length + CRYPTO_SIZE + 1 + CRYPTO_MAC_SIZE) {
318 return -1;
319 }
320
321 uint8_t *const nonce = packet + 1 + CRYPTO_PUBLIC_KEY_SIZE * 2;
322 random_nonce(nonce);
323 uint8_t temp[MAX_CRYPTO_REQUEST_SIZE];
324 memcpy(temp + 1, data, length);
325 temp[0] = request_id;
326 const int len = encrypt_data(recv_public_key, send_secret_key, nonce, temp, length + 1,
327 CRYPTO_SIZE + packet);
328
329 if (len == -1) {
330 crypto_memzero(temp, MAX_CRYPTO_REQUEST_SIZE);
331 return -1;
332 }
333
334 packet[0] = NET_PACKET_CRYPTO;
335 memcpy(packet + 1, recv_public_key, CRYPTO_PUBLIC_KEY_SIZE);
336 memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, send_public_key, CRYPTO_PUBLIC_KEY_SIZE);
337
338 crypto_memzero(temp, MAX_CRYPTO_REQUEST_SIZE);
339 return len + CRYPTO_SIZE;
340 }
341
342 /* Puts the senders public key in the request in public_key, the data from the request
343 * in data if a friend or ping request was sent to us and returns the length of the data.
344 * packet is the request packet and length is its length.
345 *
346 * return -1 if not valid request.
347 */
handle_request(const uint8_t * self_public_key,const uint8_t * self_secret_key,uint8_t * public_key,uint8_t * data,uint8_t * request_id,const uint8_t * packet,uint16_t length)348 int handle_request(const uint8_t *self_public_key, const uint8_t *self_secret_key, uint8_t *public_key, uint8_t *data,
349 uint8_t *request_id, const uint8_t *packet, uint16_t length)
350 {
351 if (!self_public_key || !public_key || !data || !request_id || !packet) {
352 return -1;
353 }
354
355 if (length <= CRYPTO_SIZE + CRYPTO_MAC_SIZE || length > MAX_CRYPTO_REQUEST_SIZE) {
356 return -1;
357 }
358
359 if (!id_equal(packet + 1, self_public_key)) {
360 return -1;
361 }
362
363 memcpy(public_key, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, CRYPTO_PUBLIC_KEY_SIZE);
364 const uint8_t *const nonce = packet + 1 + CRYPTO_PUBLIC_KEY_SIZE * 2;
365 uint8_t temp[MAX_CRYPTO_REQUEST_SIZE];
366 int len1 = decrypt_data(public_key, self_secret_key, nonce,
367 packet + CRYPTO_SIZE, length - CRYPTO_SIZE, temp);
368
369 if (len1 == -1 || len1 == 0) {
370 crypto_memzero(temp, MAX_CRYPTO_REQUEST_SIZE);
371 return -1;
372 }
373
374 request_id[0] = temp[0];
375 --len1;
376 memcpy(data, temp + 1, len1);
377 crypto_memzero(temp, MAX_CRYPTO_REQUEST_SIZE);
378 return len1;
379 }
380
381 #define PACKED_NODE_SIZE_IP4 (1 + SIZE_IP4 + sizeof(uint16_t) + CRYPTO_PUBLIC_KEY_SIZE)
382 #define PACKED_NODE_SIZE_IP6 (1 + SIZE_IP6 + sizeof(uint16_t) + CRYPTO_PUBLIC_KEY_SIZE)
383
384 /* Return packet size of packed node with ip_family on success.
385 * Return -1 on failure.
386 */
packed_node_size(Family ip_family)387 int packed_node_size(Family ip_family)
388 {
389 if (net_family_is_ipv4(ip_family) || net_family_is_tcp_ipv4(ip_family)) {
390 return PACKED_NODE_SIZE_IP4;
391 }
392
393 if (net_family_is_ipv6(ip_family) || net_family_is_tcp_ipv6(ip_family)) {
394 return PACKED_NODE_SIZE_IP6;
395 }
396
397 return -1;
398 }
399
400
401 /* Packs an IP_Port structure into data of max size length.
402 *
403 * Returns size of packed IP_Port data on success
404 * Return -1 on failure.
405 */
pack_ip_port(uint8_t * data,uint16_t length,const IP_Port * ip_port)406 int pack_ip_port(uint8_t *data, uint16_t length, const IP_Port *ip_port)
407 {
408 if (data == nullptr) {
409 return -1;
410 }
411
412 bool is_ipv4;
413 uint8_t net_family;
414
415 if (net_family_is_ipv4(ip_port->ip.family)) {
416 // TODO(irungentoo): use functions to convert endianness
417 is_ipv4 = true;
418 net_family = TOX_AF_INET;
419 } else if (net_family_is_tcp_ipv4(ip_port->ip.family)) {
420 is_ipv4 = true;
421 net_family = TOX_TCP_INET;
422 } else if (net_family_is_ipv6(ip_port->ip.family)) {
423 is_ipv4 = false;
424 net_family = TOX_AF_INET6;
425 } else if (net_family_is_tcp_ipv6(ip_port->ip.family)) {
426 is_ipv4 = false;
427 net_family = TOX_TCP_INET6;
428 } else {
429 return -1;
430 }
431
432 if (is_ipv4) {
433 const uint32_t size = 1 + SIZE_IP4 + sizeof(uint16_t);
434
435 if (size > length) {
436 return -1;
437 }
438
439 data[0] = net_family;
440 memcpy(data + 1, &ip_port->ip.ip.v4, SIZE_IP4);
441 memcpy(data + 1 + SIZE_IP4, &ip_port->port, sizeof(uint16_t));
442 return size;
443 } else {
444 const uint32_t size = 1 + SIZE_IP6 + sizeof(uint16_t);
445
446 if (size > length) {
447 return -1;
448 }
449
450 data[0] = net_family;
451 memcpy(data + 1, &ip_port->ip.ip.v6, SIZE_IP6);
452 memcpy(data + 1 + SIZE_IP6, &ip_port->port, sizeof(uint16_t));
453 return size;
454 }
455 }
456
dht_create_packet(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],const uint8_t * shared_key,const uint8_t type,uint8_t * plain,size_t plain_length,uint8_t * packet)457 static int dht_create_packet(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
458 const uint8_t *shared_key, const uint8_t type, uint8_t *plain, size_t plain_length, uint8_t *packet)
459 {
460 VLA(uint8_t, encrypted, plain_length + CRYPTO_MAC_SIZE);
461 uint8_t nonce[CRYPTO_NONCE_SIZE];
462
463 random_nonce(nonce);
464
465 const int encrypted_length = encrypt_data_symmetric(shared_key, nonce, plain, plain_length, encrypted);
466
467 if (encrypted_length == -1) {
468 return -1;
469 }
470
471 packet[0] = type;
472 memcpy(packet + 1, public_key, CRYPTO_PUBLIC_KEY_SIZE);
473 memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, nonce, CRYPTO_NONCE_SIZE);
474 memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE, encrypted, encrypted_length);
475
476 return 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + encrypted_length;
477 }
478
479 /* Unpack IP_Port structure from data of max size length into ip_port.
480 *
481 * Return size of unpacked ip_port on success.
482 * Return -1 on failure.
483 */
unpack_ip_port(IP_Port * ip_port,const uint8_t * data,uint16_t length,bool tcp_enabled)484 int unpack_ip_port(IP_Port *ip_port, const uint8_t *data, uint16_t length, bool tcp_enabled)
485 {
486 if (data == nullptr) {
487 return -1;
488 }
489
490 bool is_ipv4;
491 Family host_family;
492
493 if (data[0] == TOX_AF_INET) {
494 is_ipv4 = true;
495 host_family = net_family_ipv4;
496 } else if (data[0] == TOX_TCP_INET) {
497 if (!tcp_enabled) {
498 return -1;
499 }
500
501 is_ipv4 = true;
502 host_family = net_family_tcp_ipv4;
503 } else if (data[0] == TOX_AF_INET6) {
504 is_ipv4 = false;
505 host_family = net_family_ipv6;
506 } else if (data[0] == TOX_TCP_INET6) {
507 if (!tcp_enabled) {
508 return -1;
509 }
510
511 is_ipv4 = false;
512 host_family = net_family_tcp_ipv6;
513 } else {
514 return -1;
515 }
516
517 if (is_ipv4) {
518 const uint32_t size = 1 + SIZE_IP4 + sizeof(uint16_t);
519
520 if (size > length) {
521 return -1;
522 }
523
524 ip_port->ip.family = host_family;
525 memcpy(&ip_port->ip.ip.v4, data + 1, SIZE_IP4);
526 memcpy(&ip_port->port, data + 1 + SIZE_IP4, sizeof(uint16_t));
527 return size;
528 } else {
529 const uint32_t size = 1 + SIZE_IP6 + sizeof(uint16_t);
530
531 if (size > length) {
532 return -1;
533 }
534
535 ip_port->ip.family = host_family;
536 memcpy(&ip_port->ip.ip.v6, data + 1, SIZE_IP6);
537 memcpy(&ip_port->port, data + 1 + SIZE_IP6, sizeof(uint16_t));
538 return size;
539 }
540 }
541
542 /* Pack number of nodes into data of maxlength length.
543 *
544 * return length of packed nodes on success.
545 * return -1 on failure.
546 */
pack_nodes(uint8_t * data,uint16_t length,const Node_format * nodes,uint16_t number)547 int pack_nodes(uint8_t *data, uint16_t length, const Node_format *nodes, uint16_t number)
548 {
549 uint32_t packed_length = 0;
550
551 for (uint32_t i = 0; i < number && packed_length < length; ++i) {
552 const int ipp_size = pack_ip_port(data + packed_length, length - packed_length, &nodes[i].ip_port);
553
554 if (ipp_size == -1) {
555 return -1;
556 }
557
558 packed_length += ipp_size;
559
560 if (packed_length + CRYPTO_PUBLIC_KEY_SIZE > length) {
561 return -1;
562 }
563
564 memcpy(data + packed_length, nodes[i].public_key, CRYPTO_PUBLIC_KEY_SIZE);
565 packed_length += CRYPTO_PUBLIC_KEY_SIZE;
566
567 #ifndef NDEBUG
568 const uint32_t increment = ipp_size + CRYPTO_PUBLIC_KEY_SIZE;
569 #endif
570 assert(increment == PACKED_NODE_SIZE_IP4 || increment == PACKED_NODE_SIZE_IP6);
571 }
572
573 return packed_length;
574 }
575
576 /* Unpack data of length into nodes of size max_num_nodes.
577 * Put the length of the data processed in processed_data_len.
578 * tcp_enabled sets if TCP nodes are expected (true) or not (false).
579 *
580 * return number of unpacked nodes on success.
581 * return -1 on failure.
582 */
unpack_nodes(Node_format * nodes,uint16_t max_num_nodes,uint16_t * processed_data_len,const uint8_t * data,uint16_t length,bool tcp_enabled)583 int unpack_nodes(Node_format *nodes, uint16_t max_num_nodes, uint16_t *processed_data_len, const uint8_t *data,
584 uint16_t length, bool tcp_enabled)
585 {
586 uint32_t num = 0;
587 uint32_t len_processed = 0;
588
589 while (num < max_num_nodes && len_processed < length) {
590 const int ipp_size = unpack_ip_port(&nodes[num].ip_port, data + len_processed, length - len_processed, tcp_enabled);
591
592 if (ipp_size == -1) {
593 return -1;
594 }
595
596 len_processed += ipp_size;
597
598 if (len_processed + CRYPTO_PUBLIC_KEY_SIZE > length) {
599 return -1;
600 }
601
602 memcpy(nodes[num].public_key, data + len_processed, CRYPTO_PUBLIC_KEY_SIZE);
603 len_processed += CRYPTO_PUBLIC_KEY_SIZE;
604 ++num;
605
606 #ifndef NDEBUG
607 const uint32_t increment = ipp_size + CRYPTO_PUBLIC_KEY_SIZE;
608 #endif
609 assert(increment == PACKED_NODE_SIZE_IP4 || increment == PACKED_NODE_SIZE_IP6);
610 }
611
612 if (processed_data_len) {
613 *processed_data_len = len_processed;
614 }
615
616 return num;
617 }
618
619 /* Find index in an array with public_key equal to pk.
620 *
621 * return index or UINT32_MAX if not found.
622 */
623 #define INDEX_OF_PK(array, size, pk) \
624 do { \
625 for (uint32_t i = 0; i < size; ++i) { \
626 if (id_equal(array[i].public_key, pk)) { \
627 return i; \
628 } \
629 } \
630 \
631 return UINT32_MAX; \
632 } while (0)
633
index_of_client_pk(const Client_data * array,uint32_t size,const uint8_t * pk)634 static uint32_t index_of_client_pk(const Client_data *array, uint32_t size, const uint8_t *pk)
635 {
636 INDEX_OF_PK(array, size, pk);
637 }
638
index_of_friend_pk(const DHT_Friend * array,uint32_t size,const uint8_t * pk)639 static uint32_t index_of_friend_pk(const DHT_Friend *array, uint32_t size, const uint8_t *pk)
640 {
641 INDEX_OF_PK(array, size, pk);
642 }
643
index_of_node_pk(const Node_format * array,uint32_t size,const uint8_t * pk)644 static uint32_t index_of_node_pk(const Node_format *array, uint32_t size, const uint8_t *pk)
645 {
646 INDEX_OF_PK(array, size, pk);
647 }
648
649 /* Find index of Client_data with ip_port equal to param ip_port.
650 *
651 * return index or UINT32_MAX if not found.
652 */
index_of_client_ip_port(const Client_data * array,uint32_t size,const IP_Port * ip_port)653 static uint32_t index_of_client_ip_port(const Client_data *array, uint32_t size, const IP_Port *ip_port)
654 {
655 for (uint32_t i = 0; i < size; ++i) {
656 if ((net_family_is_ipv4(ip_port->ip.family) && ipport_equal(&array[i].assoc4.ip_port, ip_port)) ||
657 (net_family_is_ipv6(ip_port->ip.family) && ipport_equal(&array[i].assoc6.ip_port, ip_port))) {
658 return i;
659 }
660 }
661
662 return UINT32_MAX;
663 }
664
665 /* Update ip_port of client if it's needed.
666 */
update_client(const Logger * log,const Mono_Time * mono_time,int index,Client_data * client,IP_Port ip_port)667 static void update_client(const Logger *log, const Mono_Time *mono_time, int index, Client_data *client,
668 IP_Port ip_port)
669 {
670 IPPTsPng *assoc;
671 int ip_version;
672
673 if (net_family_is_ipv4(ip_port.ip.family)) {
674 assoc = &client->assoc4;
675 ip_version = 4;
676 } else if (net_family_is_ipv6(ip_port.ip.family)) {
677 assoc = &client->assoc6;
678 ip_version = 6;
679 } else {
680 return;
681 }
682
683 if (!ipport_equal(&assoc->ip_port, &ip_port)) {
684 char ip_str[IP_NTOA_LEN];
685 LOGGER_TRACE(log, "coipil[%u]: switching ipv%d from %s:%u to %s:%u",
686 index, ip_version,
687 ip_ntoa(&assoc->ip_port.ip, ip_str, sizeof(ip_str)),
688 net_ntohs(assoc->ip_port.port),
689 ip_ntoa(&ip_port.ip, ip_str, sizeof(ip_str)),
690 net_ntohs(ip_port.port));
691 }
692
693 if (!ip_is_lan(assoc->ip_port.ip) && ip_is_lan(ip_port.ip)) {
694 return;
695 }
696
697 assoc->ip_port = ip_port;
698 assoc->timestamp = mono_time_get(mono_time);
699 }
700
701 /* Check if client with public_key is already in list of length length.
702 * If it is then set its corresponding timestamp to current time.
703 * If the id is already in the list with a different ip_port, update it.
704 * TODO(irungentoo): Maybe optimize this.
705 *
706 * return True(1) or False(0)
707 */
client_or_ip_port_in_list(const Logger * log,const Mono_Time * mono_time,Client_data * list,uint16_t length,const uint8_t * public_key,IP_Port ip_port)708 static int client_or_ip_port_in_list(const Logger *log, const Mono_Time *mono_time, Client_data *list, uint16_t length,
709 const uint8_t *public_key, IP_Port ip_port)
710 {
711 const uint64_t temp_time = mono_time_get(mono_time);
712 uint32_t index = index_of_client_pk(list, length, public_key);
713
714 /* if public_key is in list, find it and maybe overwrite ip_port */
715 if (index != UINT32_MAX) {
716 update_client(log, mono_time, index, &list[index], ip_port);
717 return 1;
718 }
719
720 /* public_key not in list yet: see if we can find an identical ip_port, in
721 * that case we kill the old public_key by overwriting it with the new one
722 * TODO(irungentoo): maybe we SHOULDN'T do that if that public_key is in a friend_list
723 * and the one who is the actual friend's public_key/address set?
724 * MAYBE: check the other address, if valid, don't nuke? */
725 index = index_of_client_ip_port(list, length, &ip_port);
726
727 if (index == UINT32_MAX) {
728 return 0;
729 }
730
731 IPPTsPng *assoc;
732 int ip_version;
733
734 if (net_family_is_ipv4(ip_port.ip.family)) {
735 assoc = &list[index].assoc4;
736 ip_version = 4;
737 } else {
738 assoc = &list[index].assoc6;
739 ip_version = 6;
740 }
741
742 /* Initialize client timestamp. */
743 assoc->timestamp = temp_time;
744 memcpy(list[index].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
745
746 LOGGER_DEBUG(log, "coipil[%u]: switching public_key (ipv%d)", index, ip_version);
747
748 /* kill the other address, if it was set */
749 memset(assoc, 0, sizeof(IPPTsPng));
750 return 1;
751 }
752
add_to_list(Node_format * nodes_list,uint32_t length,const uint8_t * pk,IP_Port ip_port,const uint8_t * cmp_pk)753 bool add_to_list(Node_format *nodes_list, uint32_t length, const uint8_t *pk, IP_Port ip_port,
754 const uint8_t *cmp_pk)
755 {
756 for (uint32_t i = 0; i < length; ++i) {
757 if (id_closest(cmp_pk, nodes_list[i].public_key, pk) == 2) {
758 uint8_t pk_bak[CRYPTO_PUBLIC_KEY_SIZE];
759 memcpy(pk_bak, nodes_list[i].public_key, CRYPTO_PUBLIC_KEY_SIZE);
760 const IP_Port ip_port_bak = nodes_list[i].ip_port;
761 memcpy(nodes_list[i].public_key, pk, CRYPTO_PUBLIC_KEY_SIZE);
762 nodes_list[i].ip_port = ip_port;
763
764 if (i != length - 1) {
765 add_to_list(nodes_list, length, pk_bak, ip_port_bak, cmp_pk);
766 }
767
768 return true;
769 }
770 }
771
772 return false;
773 }
774
775 /* TODO(irungentoo): change this to 7 when done*/
776 #define HARDENING_ALL_OK 2
777 /* return 0 if not.
778 * return 1 if route request are ok
779 * return 2 if it responds to send node packets correctly
780 * return 4 if it can test other nodes correctly
781 * return HARDENING_ALL_OK if all ok.
782 */
hardening_correct(const Hardening * h)783 static uint8_t hardening_correct(const Hardening *h)
784 {
785 return h->routes_requests_ok + (h->send_nodes_ok << 1) + (h->testing_requests << 2);
786 }
787
788 /*
789 * helper for get_close_nodes(). argument list is a monster :D
790 */
get_close_nodes_inner(uint64_t cur_time,const uint8_t * public_key,Node_format * nodes_list,Family sa_family,const Client_data * client_list,uint32_t client_list_length,uint32_t * num_nodes_ptr,bool is_LAN,uint8_t want_good)791 static void get_close_nodes_inner(uint64_t cur_time, const uint8_t *public_key, Node_format *nodes_list,
792 Family sa_family, const Client_data *client_list, uint32_t client_list_length,
793 uint32_t *num_nodes_ptr, bool is_LAN, uint8_t want_good)
794 {
795 if (!net_family_is_ipv4(sa_family) && !net_family_is_ipv6(sa_family) && !net_family_is_unspec(sa_family)) {
796 return;
797 }
798
799 uint32_t num_nodes = *num_nodes_ptr;
800
801 for (uint32_t i = 0; i < client_list_length; ++i) {
802 const Client_data *const client = &client_list[i];
803
804 /* node already in list? */
805 if (index_of_node_pk(nodes_list, MAX_SENT_NODES, client->public_key) != UINT32_MAX) {
806 continue;
807 }
808
809 const IPPTsPng *ipptp;
810
811 if (net_family_is_ipv4(sa_family)) {
812 ipptp = &client->assoc4;
813 } else if (net_family_is_ipv6(sa_family)) {
814 ipptp = &client->assoc6;
815 } else if (client->assoc4.timestamp >= client->assoc6.timestamp) {
816 ipptp = &client->assoc4;
817 } else {
818 ipptp = &client->assoc6;
819 }
820
821 /* node not in a good condition? */
822 if (assoc_timeout(cur_time, ipptp)) {
823 continue;
824 }
825
826 /* don't send LAN ips to non LAN peers */
827 if (ip_is_lan(ipptp->ip_port.ip) && !is_LAN) {
828 continue;
829 }
830
831 if (!ip_is_lan(ipptp->ip_port.ip) && want_good && hardening_correct(&ipptp->hardening) != HARDENING_ALL_OK
832 && !id_equal(public_key, client->public_key)) {
833 continue;
834 }
835
836 if (num_nodes < MAX_SENT_NODES) {
837 memcpy(nodes_list[num_nodes].public_key, client->public_key, CRYPTO_PUBLIC_KEY_SIZE);
838 nodes_list[num_nodes].ip_port = ipptp->ip_port;
839 ++num_nodes;
840 } else {
841 add_to_list(nodes_list, MAX_SENT_NODES, client->public_key, ipptp->ip_port, public_key);
842 }
843 }
844
845 *num_nodes_ptr = num_nodes;
846 }
847
848 /* Find MAX_SENT_NODES nodes closest to the public_key for the send nodes request:
849 * put them in the nodes_list and return how many were found.
850 *
851 * TODO(irungentoo): For the love of based <your favorite deity, in doubt use
852 * "love"> make this function cleaner and much more efficient.
853 *
854 * want_good : do we want only good nodes as checked with the hardening returned or not?
855 */
get_somewhat_close_nodes(const DHT * dht,const uint8_t * public_key,Node_format * nodes_list,Family sa_family,bool is_LAN,uint8_t want_good)856 static int get_somewhat_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *nodes_list,
857 Family sa_family, bool is_LAN, uint8_t want_good)
858 {
859 uint32_t num_nodes = 0;
860 get_close_nodes_inner(dht->last_run, public_key, nodes_list, sa_family,
861 dht->close_clientlist, LCLIENT_LIST, &num_nodes, is_LAN, 0);
862
863 /* TODO(irungentoo): uncomment this when hardening is added to close friend clients */
864 #if 0
865
866 for (uint32_t i = 0; i < dht->num_friends; ++i) {
867 get_close_nodes_inner(dht->mono_time, public_key, nodes_list, sa_family,
868 dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS,
869 &num_nodes, is_LAN, want_good);
870 }
871
872 #endif
873
874 for (uint32_t i = 0; i < dht->num_friends; ++i) {
875 get_close_nodes_inner(dht->last_run, public_key, nodes_list, sa_family,
876 dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS,
877 &num_nodes, is_LAN, 0);
878 }
879
880 return num_nodes;
881 }
882
get_close_nodes(const DHT * dht,const uint8_t * public_key,Node_format * nodes_list,Family sa_family,bool is_LAN,uint8_t want_good)883 int get_close_nodes(const DHT *dht, const uint8_t *public_key, Node_format *nodes_list, Family sa_family,
884 bool is_LAN, uint8_t want_good)
885 {
886 memset(nodes_list, 0, MAX_SENT_NODES * sizeof(Node_format));
887 return get_somewhat_close_nodes(dht, public_key, nodes_list, sa_family, is_LAN, want_good);
888 }
889
890 typedef struct DHT_Cmp_data {
891 uint64_t cur_time;
892 const uint8_t *base_public_key;
893 Client_data entry;
894 } DHT_Cmp_data;
895
incorrect_hardening(const IPPTsPng * assoc)896 static bool incorrect_hardening(const IPPTsPng *assoc)
897 {
898 return hardening_correct(&assoc->hardening) != HARDENING_ALL_OK;
899 }
900
cmp_dht_entry(const void * a,const void * b)901 static int cmp_dht_entry(const void *a, const void *b)
902 {
903 DHT_Cmp_data cmp1;
904 DHT_Cmp_data cmp2;
905 memcpy(&cmp1, a, sizeof(DHT_Cmp_data));
906 memcpy(&cmp2, b, sizeof(DHT_Cmp_data));
907 const Client_data entry1 = cmp1.entry;
908 const Client_data entry2 = cmp2.entry;
909 const uint8_t *cmp_public_key = cmp1.base_public_key;
910
911 bool t1 = assoc_timeout(cmp1.cur_time, &entry1.assoc4) && assoc_timeout(cmp1.cur_time, &entry1.assoc6);
912 bool t2 = assoc_timeout(cmp2.cur_time, &entry2.assoc4) && assoc_timeout(cmp2.cur_time, &entry2.assoc6);
913
914 if (t1 && t2) {
915 return 0;
916 }
917
918 if (t1) {
919 return -1;
920 }
921
922 if (t2) {
923 return 1;
924 }
925
926 t1 = incorrect_hardening(&entry1.assoc4) && incorrect_hardening(&entry1.assoc6);
927 t2 = incorrect_hardening(&entry2.assoc4) && incorrect_hardening(&entry2.assoc6);
928
929 if (t1 && !t2) {
930 return -1;
931 }
932
933 if (!t1 && t2) {
934 return 1;
935 }
936
937 const int close = id_closest(cmp_public_key, entry1.public_key, entry2.public_key);
938
939 if (close == 1) {
940 return 1;
941 }
942
943 if (close == 2) {
944 return -1;
945 }
946
947 return 0;
948 }
949
950 /* Is it ok to store node with public_key in client.
951 *
952 * return 0 if node can't be stored.
953 * return 1 if it can.
954 */
store_node_ok(const Client_data * client,uint64_t cur_time,const uint8_t * public_key,const uint8_t * comp_public_key)955 static unsigned int store_node_ok(const Client_data *client, uint64_t cur_time, const uint8_t *public_key,
956 const uint8_t *comp_public_key)
957 {
958 return (assoc_timeout(cur_time, &client->assoc4)
959 && assoc_timeout(cur_time, &client->assoc6))
960 || id_closest(comp_public_key, client->public_key, public_key) == 2;
961 }
962
sort_client_list(Client_data * list,uint64_t cur_time,unsigned int length,const uint8_t * comp_public_key)963 static void sort_client_list(Client_data *list, uint64_t cur_time, unsigned int length,
964 const uint8_t *comp_public_key)
965 {
966 // Pass comp_public_key to qsort with each Client_data entry, so the
967 // comparison function can use it as the base of comparison.
968 VLA(DHT_Cmp_data, cmp_list, length);
969
970 for (uint32_t i = 0; i < length; ++i) {
971 cmp_list[i].cur_time = cur_time;
972 cmp_list[i].base_public_key = comp_public_key;
973 cmp_list[i].entry = list[i];
974 }
975
976 qsort(cmp_list, length, sizeof(DHT_Cmp_data), cmp_dht_entry);
977
978 for (uint32_t i = 0; i < length; ++i) {
979 list[i] = cmp_list[i].entry;
980 }
981 }
982
update_client_with_reset(const Mono_Time * mono_time,Client_data * client,const IP_Port * ip_port)983 static void update_client_with_reset(const Mono_Time *mono_time, Client_data *client, const IP_Port *ip_port)
984 {
985 IPPTsPng *ipptp_write = nullptr;
986 IPPTsPng *ipptp_clear = nullptr;
987
988 if (net_family_is_ipv4(ip_port->ip.family)) {
989 ipptp_write = &client->assoc4;
990 ipptp_clear = &client->assoc6;
991 } else {
992 ipptp_write = &client->assoc6;
993 ipptp_clear = &client->assoc4;
994 }
995
996 ipptp_write->ip_port = *ip_port;
997 ipptp_write->timestamp = mono_time_get(mono_time);
998
999 ip_reset(&ipptp_write->ret_ip_port.ip);
1000 ipptp_write->ret_ip_port.port = 0;
1001 ipptp_write->ret_timestamp = 0;
1002
1003 /* zero out other address */
1004 memset(ipptp_clear, 0, sizeof(*ipptp_clear));
1005 }
1006
1007 /* Replace a first bad (or empty) node with this one
1008 * or replace a possibly bad node (tests failed or not done yet)
1009 * that is further than any other in the list
1010 * from the comp_public_key
1011 * or replace a good node that is further
1012 * than any other in the list from the comp_public_key
1013 * and further than public_key.
1014 *
1015 * Do not replace any node if the list has no bad or possibly bad nodes
1016 * and all nodes in the list are closer to comp_public_key
1017 * than public_key.
1018 *
1019 * returns true when the item was stored, false otherwise */
replace_all(const DHT * dht,Client_data * list,uint16_t length,const uint8_t * public_key,IP_Port ip_port,const uint8_t * comp_public_key)1020 static bool replace_all(const DHT *dht,
1021 Client_data *list,
1022 uint16_t length,
1023 const uint8_t *public_key,
1024 IP_Port ip_port,
1025 const uint8_t *comp_public_key)
1026 {
1027 if (!net_family_is_ipv4(ip_port.ip.family) && !net_family_is_ipv6(ip_port.ip.family)) {
1028 return false;
1029 }
1030
1031 if (!store_node_ok(&list[1], dht->last_run, public_key, comp_public_key) &&
1032 !store_node_ok(&list[0], dht->last_run, public_key, comp_public_key)) {
1033 return false;
1034 }
1035
1036 sort_client_list(list, dht->last_run, length, comp_public_key);
1037
1038 Client_data *const client = &list[0];
1039 id_copy(client->public_key, public_key);
1040
1041 update_client_with_reset(dht->mono_time, client, &ip_port);
1042 return true;
1043 }
1044
1045 /* Add node to close list.
1046 *
1047 * simulate is set to 1 if we want to check if a node can be added to the list without adding it.
1048 *
1049 * return -1 on failure.
1050 * return 0 on success.
1051 */
add_to_close(DHT * dht,const uint8_t * public_key,IP_Port ip_port,bool simulate)1052 static int add_to_close(DHT *dht, const uint8_t *public_key, IP_Port ip_port, bool simulate)
1053 {
1054 unsigned int index = bit_by_bit_cmp(public_key, dht->self_public_key);
1055
1056 if (index >= LCLIENT_LENGTH) {
1057 index = LCLIENT_LENGTH - 1;
1058 }
1059
1060 for (uint32_t i = 0; i < LCLIENT_NODES; ++i) {
1061 /* TODO(iphydf): write bounds checking test to catch the case that
1062 * index is left as >= LCLIENT_LENGTH */
1063 Client_data *const client = &dht->close_clientlist[(index * LCLIENT_NODES) + i];
1064
1065 if (!assoc_timeout(dht->last_run, &client->assoc4) ||
1066 !assoc_timeout(dht->last_run, &client->assoc6)) {
1067 continue;
1068 }
1069
1070 if (simulate) {
1071 return 0;
1072 }
1073
1074 id_copy(client->public_key, public_key);
1075 update_client_with_reset(dht->mono_time, client, &ip_port);
1076 return 0;
1077 }
1078
1079 return -1;
1080 }
1081
1082 /* Return 1 if node can be added to close list, 0 if it can't.
1083 */
node_addable_to_close_list(DHT * dht,const uint8_t * public_key,IP_Port ip_port)1084 bool node_addable_to_close_list(DHT *dht, const uint8_t *public_key, IP_Port ip_port)
1085 {
1086 return add_to_close(dht, public_key, ip_port, 1) == 0;
1087 }
1088
is_pk_in_client_list(const Client_data * list,unsigned int client_list_length,uint64_t cur_time,const uint8_t * public_key,IP_Port ip_port)1089 static bool is_pk_in_client_list(const Client_data *list, unsigned int client_list_length, uint64_t cur_time,
1090 const uint8_t *public_key, IP_Port ip_port)
1091 {
1092 const uint32_t index = index_of_client_pk(list, client_list_length, public_key);
1093
1094 if (index == UINT32_MAX) {
1095 return 0;
1096 }
1097
1098 const IPPTsPng *assoc = net_family_is_ipv4(ip_port.ip.family)
1099 ? &list[index].assoc4
1100 : &list[index].assoc6;
1101
1102 return !assoc_timeout(cur_time, assoc);
1103 }
1104
is_pk_in_close_list(DHT * dht,const uint8_t * public_key,IP_Port ip_port)1105 static bool is_pk_in_close_list(DHT *dht, const uint8_t *public_key, IP_Port ip_port)
1106 {
1107 unsigned int index = bit_by_bit_cmp(public_key, dht->self_public_key);
1108
1109 if (index >= LCLIENT_LENGTH) {
1110 index = LCLIENT_LENGTH - 1;
1111 }
1112
1113 return is_pk_in_client_list(dht->close_clientlist + index * LCLIENT_NODES, LCLIENT_NODES, dht->last_run, public_key,
1114 ip_port);
1115 }
1116
1117 /* Check if the node obtained with a get_nodes with public_key should be pinged.
1118 * NOTE: for best results call it after addto_lists.
1119 *
1120 * return false if the node should not be pinged.
1121 * return true if it should.
1122 */
ping_node_from_getnodes_ok(DHT * dht,const uint8_t * public_key,IP_Port ip_port)1123 static bool ping_node_from_getnodes_ok(DHT *dht, const uint8_t *public_key, IP_Port ip_port)
1124 {
1125 bool ret = false;
1126
1127 if (add_to_close(dht, public_key, ip_port, 1) == 0) {
1128 ret = true;
1129 }
1130
1131 {
1132 unsigned int *const num = &dht->num_to_bootstrap;
1133 const uint32_t index = index_of_node_pk(dht->to_bootstrap, *num, public_key);
1134 const bool in_close_list = is_pk_in_close_list(dht, public_key, ip_port);
1135
1136 if (ret && index == UINT32_MAX && !in_close_list) {
1137 if (*num < MAX_CLOSE_TO_BOOTSTRAP_NODES) {
1138 memcpy(dht->to_bootstrap[*num].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
1139 dht->to_bootstrap[*num].ip_port = ip_port;
1140 ++*num;
1141 } else {
1142 // TODO(irungentoo): ipv6 vs v4
1143 add_to_list(dht->to_bootstrap, MAX_CLOSE_TO_BOOTSTRAP_NODES, public_key, ip_port, dht->self_public_key);
1144 }
1145 }
1146 }
1147
1148 for (uint32_t i = 0; i < dht->num_friends; ++i) {
1149 DHT_Friend *dht_friend = &dht->friends_list[i];
1150
1151 bool store_ok = false;
1152
1153 if (store_node_ok(&dht_friend->client_list[1], dht->last_run, public_key, dht_friend->public_key)) {
1154 store_ok = true;
1155 }
1156
1157 if (store_node_ok(&dht_friend->client_list[0], dht->last_run, public_key, dht_friend->public_key)) {
1158 store_ok = true;
1159 }
1160
1161 unsigned int *const friend_num = &dht_friend->num_to_bootstrap;
1162 const uint32_t index = index_of_node_pk(dht_friend->to_bootstrap, *friend_num, public_key);
1163 const bool pk_in_list = is_pk_in_client_list(dht_friend->client_list, MAX_FRIEND_CLIENTS, dht->last_run, public_key,
1164 ip_port);
1165
1166 if (store_ok && index == UINT32_MAX && !pk_in_list) {
1167 if (*friend_num < MAX_SENT_NODES) {
1168 Node_format *const format = &dht_friend->to_bootstrap[*friend_num];
1169 memcpy(format->public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
1170 format->ip_port = ip_port;
1171 ++*friend_num;
1172 } else {
1173 add_to_list(dht_friend->to_bootstrap, MAX_SENT_NODES, public_key, ip_port, dht_friend->public_key);
1174 }
1175
1176 ret = true;
1177 }
1178 }
1179
1180 return ret;
1181 }
1182
1183 /* Attempt to add client with ip_port and public_key to the friends client list
1184 * and close_clientlist.
1185 *
1186 * returns 1+ if the item is used in any list, 0 else
1187 */
addto_lists(DHT * dht,IP_Port ip_port,const uint8_t * public_key)1188 uint32_t addto_lists(DHT *dht, IP_Port ip_port, const uint8_t *public_key)
1189 {
1190 uint32_t used = 0;
1191
1192 /* convert IPv4-in-IPv6 to IPv4 */
1193 if (net_family_is_ipv6(ip_port.ip.family) && ipv6_ipv4_in_v6(ip_port.ip.ip.v6)) {
1194 ip_port.ip.family = net_family_ipv4;
1195 ip_port.ip.ip.v4.uint32 = ip_port.ip.ip.v6.uint32[3];
1196 }
1197
1198 /* NOTE: Current behavior if there are two clients with the same id is
1199 * to replace the first ip by the second.
1200 */
1201 const bool in_close_list = client_or_ip_port_in_list(dht->log, dht->mono_time, dht->close_clientlist, LCLIENT_LIST,
1202 public_key, ip_port);
1203
1204 /* add_to_close should be called only if !in_list (don't extract to variable) */
1205 if (in_close_list || add_to_close(dht, public_key, ip_port, 0)) {
1206 ++used;
1207 }
1208
1209 DHT_Friend *friend_foundip = nullptr;
1210
1211 for (uint32_t i = 0; i < dht->num_friends; ++i) {
1212 const bool in_list = client_or_ip_port_in_list(dht->log, dht->mono_time, dht->friends_list[i].client_list,
1213 MAX_FRIEND_CLIENTS, public_key, ip_port);
1214
1215 /* replace_all should be called only if !in_list (don't extract to variable) */
1216 if (in_list
1217 || replace_all(dht, dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, public_key, ip_port,
1218 dht->friends_list[i].public_key)) {
1219 DHT_Friend *dht_friend = &dht->friends_list[i];
1220
1221 if (id_equal(public_key, dht_friend->public_key)) {
1222 friend_foundip = dht_friend;
1223 }
1224
1225 ++used;
1226 }
1227 }
1228
1229 if (!friend_foundip) {
1230 return used;
1231 }
1232
1233 for (uint32_t i = 0; i < friend_foundip->lock_count; ++i) {
1234 if (friend_foundip->callbacks[i].ip_callback) {
1235 friend_foundip->callbacks[i].ip_callback(friend_foundip->callbacks[i].data,
1236 friend_foundip->callbacks[i].number, ip_port);
1237 }
1238 }
1239
1240 return used;
1241 }
1242
update_client_data(const Mono_Time * mono_time,Client_data * array,size_t size,IP_Port ip_port,const uint8_t * pk)1243 static bool update_client_data(const Mono_Time *mono_time, Client_data *array, size_t size, IP_Port ip_port,
1244 const uint8_t *pk)
1245 {
1246 const uint64_t temp_time = mono_time_get(mono_time);
1247 const uint32_t index = index_of_client_pk(array, size, pk);
1248
1249 if (index == UINT32_MAX) {
1250 return false;
1251 }
1252
1253 Client_data *const data = &array[index];
1254 IPPTsPng *assoc;
1255
1256 if (net_family_is_ipv4(ip_port.ip.family)) {
1257 assoc = &data->assoc4;
1258 } else if (net_family_is_ipv6(ip_port.ip.family)) {
1259 assoc = &data->assoc6;
1260 } else {
1261 return true;
1262 }
1263
1264 assoc->ret_ip_port = ip_port;
1265 assoc->ret_timestamp = temp_time;
1266 return true;
1267 }
1268
1269 /* If public_key is a friend or us, update ret_ip_port
1270 * nodepublic_key is the id of the node that sent us this info.
1271 */
returnedip_ports(DHT * dht,IP_Port ip_port,const uint8_t * public_key,const uint8_t * nodepublic_key)1272 static void returnedip_ports(DHT *dht, IP_Port ip_port, const uint8_t *public_key, const uint8_t *nodepublic_key)
1273 {
1274 /* convert IPv4-in-IPv6 to IPv4 */
1275 if (net_family_is_ipv6(ip_port.ip.family) && ipv6_ipv4_in_v6(ip_port.ip.ip.v6)) {
1276 ip_port.ip.family = net_family_ipv4;
1277 ip_port.ip.ip.v4.uint32 = ip_port.ip.ip.v6.uint32[3];
1278 }
1279
1280 if (id_equal(public_key, dht->self_public_key)) {
1281 update_client_data(dht->mono_time, dht->close_clientlist, LCLIENT_LIST, ip_port, nodepublic_key);
1282 return;
1283 }
1284
1285 for (uint32_t i = 0; i < dht->num_friends; ++i) {
1286 if (id_equal(public_key, dht->friends_list[i].public_key)) {
1287 Client_data *const client_list = dht->friends_list[i].client_list;
1288
1289 if (update_client_data(dht->mono_time, client_list, MAX_FRIEND_CLIENTS, ip_port, nodepublic_key)) {
1290 return;
1291 }
1292 }
1293 }
1294 }
1295
1296 /* Send a getnodes request.
1297 * sendback_node is the node that it will send back the response to (set to NULL to disable this) */
getnodes(DHT * dht,IP_Port ip_port,const uint8_t * public_key,const uint8_t * client_id,const Node_format * sendback_node)1298 static int getnodes(DHT *dht, IP_Port ip_port, const uint8_t *public_key, const uint8_t *client_id,
1299 const Node_format *sendback_node)
1300 {
1301 /* Check if packet is going to be sent to ourself. */
1302 if (id_equal(public_key, dht->self_public_key)) {
1303 return -1;
1304 }
1305
1306 uint8_t plain_message[sizeof(Node_format) * 2] = {0};
1307
1308 Node_format receiver;
1309 memcpy(receiver.public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
1310 receiver.ip_port = ip_port;
1311 memcpy(plain_message, &receiver, sizeof(receiver));
1312
1313 uint64_t ping_id = 0;
1314
1315 if (sendback_node != nullptr) {
1316 memcpy(plain_message + sizeof(receiver), sendback_node, sizeof(Node_format));
1317 ping_id = ping_array_add(dht->dht_harden_ping_array, dht->mono_time, plain_message, sizeof(plain_message));
1318 } else {
1319 ping_id = ping_array_add(dht->dht_ping_array, dht->mono_time, plain_message, sizeof(receiver));
1320 }
1321
1322 if (ping_id == 0) {
1323 return -1;
1324 }
1325
1326 uint8_t plain[CRYPTO_PUBLIC_KEY_SIZE + sizeof(ping_id)];
1327 uint8_t data[1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + sizeof(plain) + CRYPTO_MAC_SIZE];
1328
1329 memcpy(plain, client_id, CRYPTO_PUBLIC_KEY_SIZE);
1330 memcpy(plain + CRYPTO_PUBLIC_KEY_SIZE, &ping_id, sizeof(ping_id));
1331
1332 uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE];
1333 dht_get_shared_key_sent(dht, shared_key, public_key);
1334
1335 const int len = dht_create_packet(dht->self_public_key, shared_key, NET_PACKET_GET_NODES,
1336 plain, sizeof(plain), data);
1337
1338 if (len != sizeof(data)) {
1339 return -1;
1340 }
1341
1342 return sendpacket(dht->net, ip_port, data, len);
1343 }
1344
1345 /* Send a send nodes response: message for IPv6 nodes */
sendnodes_ipv6(const DHT * dht,IP_Port ip_port,const uint8_t * public_key,const uint8_t * client_id,const uint8_t * sendback_data,uint16_t length,const uint8_t * shared_encryption_key)1346 static int sendnodes_ipv6(const DHT *dht, IP_Port ip_port, const uint8_t *public_key, const uint8_t *client_id,
1347 const uint8_t *sendback_data, uint16_t length, const uint8_t *shared_encryption_key)
1348 {
1349 /* Check if packet is going to be sent to ourself. */
1350 if (id_equal(public_key, dht->self_public_key)) {
1351 return -1;
1352 }
1353
1354 if (length != sizeof(uint64_t)) {
1355 return -1;
1356 }
1357
1358 const size_t node_format_size = sizeof(Node_format);
1359
1360 Node_format nodes_list[MAX_SENT_NODES];
1361 const uint32_t num_nodes =
1362 get_close_nodes(dht, client_id, nodes_list, net_family_unspec, ip_is_lan(ip_port.ip), 1);
1363
1364 VLA(uint8_t, plain, 1 + node_format_size * MAX_SENT_NODES + length);
1365
1366 int nodes_length = 0;
1367
1368 if (num_nodes) {
1369 nodes_length = pack_nodes(plain + 1, node_format_size * MAX_SENT_NODES, nodes_list, num_nodes);
1370
1371 if (nodes_length <= 0) {
1372 return -1;
1373 }
1374 }
1375
1376 plain[0] = num_nodes;
1377 memcpy(plain + 1 + nodes_length, sendback_data, length);
1378
1379 const uint32_t crypto_size = 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE;
1380 VLA(uint8_t, data, 1 + nodes_length + length + crypto_size);
1381
1382 const int len = dht_create_packet(dht->self_public_key, shared_encryption_key, NET_PACKET_SEND_NODES_IPV6,
1383 plain, 1 + nodes_length + length, data);
1384
1385 if (len != SIZEOF_VLA(data)) {
1386 return -1;
1387 }
1388
1389 return sendpacket(dht->net, ip_port, data, len);
1390 }
1391
1392 #define CRYPTO_NODE_SIZE (CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t))
1393
handle_getnodes(void * object,IP_Port source,const uint8_t * packet,uint16_t length,void * userdata)1394 static int handle_getnodes(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata)
1395 {
1396 if (length != (CRYPTO_SIZE + CRYPTO_MAC_SIZE + sizeof(uint64_t))) {
1397 return true;
1398 }
1399
1400 DHT *const dht = (DHT *)object;
1401
1402 /* Check if packet is from ourself. */
1403 if (id_equal(packet + 1, dht->self_public_key)) {
1404 return true;
1405 }
1406
1407 uint8_t plain[CRYPTO_NODE_SIZE];
1408 uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE];
1409
1410 dht_get_shared_key_recv(dht, shared_key, packet + 1);
1411 const int len = decrypt_data_symmetric(
1412 shared_key,
1413 packet + 1 + CRYPTO_PUBLIC_KEY_SIZE,
1414 packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE,
1415 CRYPTO_NODE_SIZE + CRYPTO_MAC_SIZE,
1416 plain);
1417
1418 if (len != CRYPTO_NODE_SIZE) {
1419 return true;
1420 }
1421
1422 sendnodes_ipv6(dht, source, packet + 1, plain, plain + CRYPTO_PUBLIC_KEY_SIZE, sizeof(uint64_t), shared_key);
1423
1424 ping_add(dht->ping, packet + 1, source);
1425
1426 return false;
1427 }
1428
1429 /* return false if no
1430 * return true if yes */
sent_getnode_to_node(DHT * dht,const uint8_t * public_key,IP_Port node_ip_port,uint64_t ping_id,Node_format * sendback_node)1431 static bool sent_getnode_to_node(DHT *dht, const uint8_t *public_key, IP_Port node_ip_port, uint64_t ping_id,
1432 Node_format *sendback_node)
1433 {
1434 uint8_t data[sizeof(Node_format) * 2];
1435
1436 if (ping_array_check(dht->dht_ping_array, dht->mono_time, data, sizeof(data), ping_id) == sizeof(Node_format)) {
1437 memset(sendback_node, 0, sizeof(Node_format));
1438 } else if (ping_array_check(dht->dht_harden_ping_array, dht->mono_time, data, sizeof(data), ping_id) == sizeof(data)) {
1439 memcpy(sendback_node, data + sizeof(Node_format), sizeof(Node_format));
1440 } else {
1441 return false;
1442 }
1443
1444 Node_format test;
1445 memcpy(&test, data, sizeof(Node_format));
1446
1447 if (!ipport_equal(&test.ip_port, &node_ip_port) || !id_equal(test.public_key, public_key)) {
1448 return false;
1449 }
1450
1451 return true;
1452 }
1453
1454 /* Function is needed in following functions. */
1455 static int send_hardening_getnode_res(const DHT *dht, const Node_format *sendto, const uint8_t *queried_client_id,
1456 const uint8_t *nodes_data, uint16_t nodes_data_length);
1457
handle_sendnodes_core(void * object,IP_Port source,const uint8_t * packet,uint16_t length,Node_format * plain_nodes,uint16_t size_plain_nodes,uint32_t * num_nodes_out)1458 static int handle_sendnodes_core(void *object, IP_Port source, const uint8_t *packet, uint16_t length,
1459 Node_format *plain_nodes, uint16_t size_plain_nodes, uint32_t *num_nodes_out)
1460 {
1461 DHT *const dht = (DHT *)object;
1462 const uint32_t cid_size = 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + 1 + sizeof(uint64_t) + CRYPTO_MAC_SIZE;
1463
1464 if (length < cid_size) { /* too short */
1465 return 1;
1466 }
1467
1468 const uint32_t data_size = length - cid_size;
1469
1470 if (data_size == 0) {
1471 return 1;
1472 }
1473
1474 if (data_size > sizeof(Node_format) * MAX_SENT_NODES) { /* invalid length */
1475 return 1;
1476 }
1477
1478 VLA(uint8_t, plain, 1 + data_size + sizeof(uint64_t));
1479 uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE];
1480 dht_get_shared_key_sent(dht, shared_key, packet + 1);
1481 const int len = decrypt_data_symmetric(
1482 shared_key,
1483 packet + 1 + CRYPTO_PUBLIC_KEY_SIZE,
1484 packet + 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE,
1485 1 + data_size + sizeof(uint64_t) + CRYPTO_MAC_SIZE,
1486 plain);
1487
1488 if ((unsigned int)len != SIZEOF_VLA(plain)) {
1489 return 1;
1490 }
1491
1492 if (plain[0] > size_plain_nodes) {
1493 return 1;
1494 }
1495
1496 Node_format sendback_node;
1497
1498 uint64_t ping_id;
1499 memcpy(&ping_id, plain + 1 + data_size, sizeof(ping_id));
1500
1501 if (!sent_getnode_to_node(dht, packet + 1, source, ping_id, &sendback_node)) {
1502 return 1;
1503 }
1504
1505 uint16_t length_nodes = 0;
1506 const int num_nodes = unpack_nodes(plain_nodes, plain[0], &length_nodes, plain + 1, data_size, 0);
1507
1508 if (length_nodes != data_size) {
1509 return 1;
1510 }
1511
1512 if (num_nodes != plain[0]) {
1513 return 1;
1514 }
1515
1516 if (num_nodes < 0) {
1517 return 1;
1518 }
1519
1520 /* store the address the *request* was sent to */
1521 addto_lists(dht, source, packet + 1);
1522
1523 *num_nodes_out = num_nodes;
1524
1525 send_hardening_getnode_res(dht, &sendback_node, packet + 1, plain + 1, data_size);
1526 return 0;
1527 }
1528
handle_sendnodes_ipv6(void * object,IP_Port source,const uint8_t * packet,uint16_t length,void * userdata)1529 static int handle_sendnodes_ipv6(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata)
1530 {
1531 DHT *const dht = (DHT *)object;
1532 Node_format plain_nodes[MAX_SENT_NODES];
1533 uint32_t num_nodes;
1534
1535 if (handle_sendnodes_core(object, source, packet, length, plain_nodes, MAX_SENT_NODES, &num_nodes)) {
1536 return 1;
1537 }
1538
1539 if (num_nodes == 0) {
1540 return 0;
1541 }
1542
1543 for (uint32_t i = 0; i < num_nodes; ++i) {
1544 if (ipport_isset(&plain_nodes[i].ip_port)) {
1545 ping_node_from_getnodes_ok(dht, plain_nodes[i].public_key, plain_nodes[i].ip_port);
1546 returnedip_ports(dht, plain_nodes[i].ip_port, plain_nodes[i].public_key, packet + 1);
1547 }
1548 }
1549
1550 return 0;
1551 }
1552
1553 /*----------------------------------------------------------------------------------*/
1554 /*------------------------END of packet handling functions--------------------------*/
1555
dht_addfriend(DHT * dht,const uint8_t * public_key,dht_ip_cb * ip_callback,void * data,int32_t number,uint16_t * lock_count)1556 int dht_addfriend(DHT *dht, const uint8_t *public_key, dht_ip_cb *ip_callback,
1557 void *data, int32_t number, uint16_t *lock_count)
1558 {
1559 const uint32_t friend_num = index_of_friend_pk(dht->friends_list, dht->num_friends, public_key);
1560
1561 uint16_t lock_num;
1562
1563 if (friend_num != UINT32_MAX) { /* Is friend already in DHT? */
1564 DHT_Friend *const dht_friend = &dht->friends_list[friend_num];
1565
1566 if (dht_friend->lock_count == DHT_FRIEND_MAX_LOCKS) {
1567 return -1;
1568 }
1569
1570 lock_num = dht_friend->lock_count;
1571 ++dht_friend->lock_count;
1572 dht_friend->callbacks[lock_num].ip_callback = ip_callback;
1573 dht_friend->callbacks[lock_num].data = data;
1574 dht_friend->callbacks[lock_num].number = number;
1575
1576 if (lock_count) {
1577 *lock_count = lock_num + 1;
1578 }
1579
1580 return 0;
1581 }
1582
1583 DHT_Friend *const temp = (DHT_Friend *)realloc(dht->friends_list, sizeof(DHT_Friend) * (dht->num_friends + 1));
1584
1585 if (temp == nullptr) {
1586 return -1;
1587 }
1588
1589 dht->friends_list = temp;
1590 DHT_Friend *const dht_friend = &dht->friends_list[dht->num_friends];
1591 memset(dht_friend, 0, sizeof(DHT_Friend));
1592 memcpy(dht_friend->public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
1593
1594 dht_friend->nat.nat_ping_id = random_u64();
1595 ++dht->num_friends;
1596
1597 lock_num = dht_friend->lock_count;
1598 ++dht_friend->lock_count;
1599 dht_friend->callbacks[lock_num].ip_callback = ip_callback;
1600 dht_friend->callbacks[lock_num].data = data;
1601 dht_friend->callbacks[lock_num].number = number;
1602
1603 if (lock_count) {
1604 *lock_count = lock_num + 1;
1605 }
1606
1607 dht_friend->num_to_bootstrap = get_close_nodes(dht, dht_friend->public_key, dht_friend->to_bootstrap, net_family_unspec,
1608 1, 0);
1609
1610 return 0;
1611 }
1612
dht_delfriend(DHT * dht,const uint8_t * public_key,uint16_t lock_count)1613 int dht_delfriend(DHT *dht, const uint8_t *public_key, uint16_t lock_count)
1614 {
1615 const uint32_t friend_num = index_of_friend_pk(dht->friends_list, dht->num_friends, public_key);
1616
1617 if (friend_num == UINT32_MAX) {
1618 return -1;
1619 }
1620
1621 DHT_Friend *const dht_friend = &dht->friends_list[friend_num];
1622 --dht_friend->lock_count;
1623
1624 if (dht_friend->lock_count && lock_count) { /* DHT friend is still in use.*/
1625 --lock_count;
1626 dht_friend->callbacks[lock_count].ip_callback = nullptr;
1627 dht_friend->callbacks[lock_count].data = nullptr;
1628 dht_friend->callbacks[lock_count].number = 0;
1629 return 0;
1630 }
1631
1632 --dht->num_friends;
1633
1634 if (dht->num_friends != friend_num) {
1635 memcpy(&dht->friends_list[friend_num],
1636 &dht->friends_list[dht->num_friends],
1637 sizeof(DHT_Friend));
1638 }
1639
1640 if (dht->num_friends == 0) {
1641 free(dht->friends_list);
1642 dht->friends_list = nullptr;
1643 return 0;
1644 }
1645
1646 DHT_Friend *const temp = (DHT_Friend *)realloc(dht->friends_list, sizeof(DHT_Friend) * (dht->num_friends));
1647
1648 if (temp == nullptr) {
1649 return -1;
1650 }
1651
1652 dht->friends_list = temp;
1653 return 0;
1654 }
1655
1656 /* TODO(irungentoo): Optimize this. */
dht_getfriendip(const DHT * dht,const uint8_t * public_key,IP_Port * ip_port)1657 int dht_getfriendip(const DHT *dht, const uint8_t *public_key, IP_Port *ip_port)
1658 {
1659 ip_reset(&ip_port->ip);
1660 ip_port->port = 0;
1661
1662 const uint32_t friend_index = index_of_friend_pk(dht->friends_list, dht->num_friends, public_key);
1663
1664 if (friend_index == UINT32_MAX) {
1665 return -1;
1666 }
1667
1668 DHT_Friend *const frnd = &dht->friends_list[friend_index];
1669 const uint32_t client_index = index_of_client_pk(frnd->client_list, MAX_FRIEND_CLIENTS, public_key);
1670
1671 if (client_index == -1) {
1672 return 0;
1673 }
1674
1675 const Client_data *const client = &frnd->client_list[client_index];
1676 const IPPTsPng *const assocs[] = { &client->assoc6, &client->assoc4, nullptr };
1677
1678 for (const IPPTsPng * const *it = assocs; *it; ++it) {
1679 const IPPTsPng *const assoc = *it;
1680
1681 if (!assoc_timeout(dht->last_run, assoc)) {
1682 *ip_port = assoc->ip_port;
1683 return 1;
1684 }
1685 }
1686
1687 return -1;
1688 }
1689
1690 /* returns number of nodes not in kill-timeout */
do_ping_and_sendnode_requests(DHT * dht,uint64_t * lastgetnode,const uint8_t * public_key,Client_data * list,uint32_t list_count,uint32_t * bootstrap_times,bool sortable)1691 static uint8_t do_ping_and_sendnode_requests(DHT *dht, uint64_t *lastgetnode, const uint8_t *public_key,
1692 Client_data *list, uint32_t list_count, uint32_t *bootstrap_times, bool sortable)
1693 {
1694 uint8_t not_kill = 0;
1695 const uint64_t temp_time = mono_time_get(dht->mono_time);
1696
1697 uint32_t num_nodes = 0;
1698 VLA(Client_data *, client_list, list_count * 2);
1699 VLA(IPPTsPng *, assoc_list, list_count * 2);
1700 unsigned int sort = 0;
1701 bool sort_ok = false;
1702
1703 for (uint32_t i = 0; i < list_count; ++i) {
1704 /* If node is not dead. */
1705 Client_data *client = &list[i];
1706
1707 IPPTsPng *const assocs[] = { &client->assoc6, &client->assoc4 };
1708
1709 for (uint32_t j = 0; j < sizeof(assocs) / sizeof(assocs[0]); ++j) {
1710 IPPTsPng *const assoc = assocs[j];
1711
1712 if (!mono_time_is_timeout(dht->mono_time, assoc->timestamp, KILL_NODE_TIMEOUT)) {
1713 sort = 0;
1714 ++not_kill;
1715
1716 if (mono_time_is_timeout(dht->mono_time, assoc->last_pinged, PING_INTERVAL)) {
1717 getnodes(dht, assoc->ip_port, client->public_key, public_key, nullptr);
1718 assoc->last_pinged = temp_time;
1719 }
1720
1721 /* If node is good. */
1722 if (!assoc_timeout(dht->last_run, assoc)) {
1723 client_list[num_nodes] = client;
1724 assoc_list[num_nodes] = assoc;
1725 ++num_nodes;
1726 }
1727 } else {
1728 ++sort;
1729
1730 /* Timed out should be at beginning, if they are not, sort the list. */
1731 if (sort > 1 && sort < (((j + 1) * 2) - 1)) {
1732 sort_ok = true;
1733 }
1734 }
1735 }
1736 }
1737
1738 if (sortable && sort_ok) {
1739 sort_client_list(list, dht->last_run, list_count, public_key);
1740 }
1741
1742 if ((num_nodes != 0) && (mono_time_is_timeout(dht->mono_time, *lastgetnode, GET_NODE_INTERVAL)
1743 || *bootstrap_times < MAX_BOOTSTRAP_TIMES)) {
1744 uint32_t rand_node = random_u32() % num_nodes;
1745
1746 if ((num_nodes - 1) != rand_node) {
1747 rand_node += random_u32() % (num_nodes - (rand_node + 1));
1748 }
1749
1750 getnodes(dht, assoc_list[rand_node]->ip_port, client_list[rand_node]->public_key, public_key, nullptr);
1751
1752 *lastgetnode = temp_time;
1753 ++*bootstrap_times;
1754 }
1755
1756 return not_kill;
1757 }
1758
1759 /* Ping each client in the "friends" list every PING_INTERVAL seconds. Send a get nodes request
1760 * every GET_NODE_INTERVAL seconds to a random good node for each "friend" in our "friends" list.
1761 */
do_dht_friends(DHT * dht)1762 static void do_dht_friends(DHT *dht)
1763 {
1764 for (size_t i = 0; i < dht->num_friends; ++i) {
1765 DHT_Friend *const dht_friend = &dht->friends_list[i];
1766
1767 for (size_t j = 0; j < dht_friend->num_to_bootstrap; ++j) {
1768 getnodes(dht, dht_friend->to_bootstrap[j].ip_port, dht_friend->to_bootstrap[j].public_key, dht_friend->public_key,
1769 nullptr);
1770 }
1771
1772 dht_friend->num_to_bootstrap = 0;
1773
1774 do_ping_and_sendnode_requests(dht, &dht_friend->lastgetnode, dht_friend->public_key, dht_friend->client_list,
1775 MAX_FRIEND_CLIENTS,
1776 &dht_friend->bootstrap_times, 1);
1777 }
1778 }
1779
1780 /* Ping each client in the close nodes list every PING_INTERVAL seconds.
1781 * Send a get nodes request every GET_NODE_INTERVAL seconds to a random good node in the list.
1782 */
do_Close(DHT * dht)1783 static void do_Close(DHT *dht)
1784 {
1785 for (size_t i = 0; i < dht->num_to_bootstrap; ++i) {
1786 getnodes(dht, dht->to_bootstrap[i].ip_port, dht->to_bootstrap[i].public_key, dht->self_public_key, nullptr);
1787 }
1788
1789 dht->num_to_bootstrap = 0;
1790
1791 uint8_t not_killed = do_ping_and_sendnode_requests(
1792 dht, &dht->close_lastgetnodes, dht->self_public_key, dht->close_clientlist, LCLIENT_LIST, &dht->close_bootstrap_times,
1793 0);
1794
1795 if (not_killed != 0) {
1796 return;
1797 }
1798
1799 /* all existing nodes are at least KILL_NODE_TIMEOUT,
1800 * which means we are mute, as we only send packets to
1801 * nodes NOT in KILL_NODE_TIMEOUT
1802 *
1803 * so: reset all nodes to be BAD_NODE_TIMEOUT, but not
1804 * KILL_NODE_TIMEOUT, so we at least keep trying pings */
1805 const uint64_t badonly = mono_time_get(dht->mono_time) - BAD_NODE_TIMEOUT;
1806
1807 for (size_t i = 0; i < LCLIENT_LIST; ++i) {
1808 Client_data *const client = &dht->close_clientlist[i];
1809
1810 IPPTsPng *const assocs[] = { &client->assoc6, &client->assoc4, nullptr };
1811
1812 for (IPPTsPng * const *it = assocs; *it; ++it) {
1813 IPPTsPng *const assoc = *it;
1814
1815 if (assoc->timestamp) {
1816 assoc->timestamp = badonly;
1817 }
1818 }
1819 }
1820 }
1821
dht_getnodes(DHT * dht,const IP_Port * from_ipp,const uint8_t * from_id,const uint8_t * which_id)1822 void dht_getnodes(DHT *dht, const IP_Port *from_ipp, const uint8_t *from_id, const uint8_t *which_id)
1823 {
1824 getnodes(dht, *from_ipp, from_id, which_id, nullptr);
1825 }
1826
dht_bootstrap(DHT * dht,IP_Port ip_port,const uint8_t * public_key)1827 void dht_bootstrap(DHT *dht, IP_Port ip_port, const uint8_t *public_key)
1828 {
1829 getnodes(dht, ip_port, public_key, dht->self_public_key, nullptr);
1830 }
dht_bootstrap_from_address(DHT * dht,const char * address,uint8_t ipv6enabled,uint16_t port,const uint8_t * public_key)1831 int dht_bootstrap_from_address(DHT *dht, const char *address, uint8_t ipv6enabled,
1832 uint16_t port, const uint8_t *public_key)
1833 {
1834 IP_Port ip_port_v64;
1835 IP *ip_extra = nullptr;
1836 IP_Port ip_port_v4;
1837 ip_init(&ip_port_v64.ip, ipv6enabled);
1838
1839 if (ipv6enabled) {
1840 /* setup for getting BOTH: an IPv6 AND an IPv4 address */
1841 ip_port_v64.ip.family = net_family_unspec;
1842 ip_reset(&ip_port_v4.ip);
1843 ip_extra = &ip_port_v4.ip;
1844 }
1845
1846 if (addr_resolve_or_parse_ip(address, &ip_port_v64.ip, ip_extra)) {
1847 ip_port_v64.port = port;
1848 dht_bootstrap(dht, ip_port_v64, public_key);
1849
1850 if ((ip_extra != nullptr) && ip_isset(ip_extra)) {
1851 ip_port_v4.port = port;
1852 dht_bootstrap(dht, ip_port_v4, public_key);
1853 }
1854
1855 return 1;
1856 }
1857
1858 return 0;
1859 }
1860
1861 /* Send the given packet to node with public_key
1862 *
1863 * return -1 if failure.
1864 */
route_packet(const DHT * dht,const uint8_t * public_key,const uint8_t * packet,uint16_t length)1865 int route_packet(const DHT *dht, const uint8_t *public_key, const uint8_t *packet, uint16_t length)
1866 {
1867 for (uint32_t i = 0; i < LCLIENT_LIST; ++i) {
1868 if (id_equal(public_key, dht->close_clientlist[i].public_key)) {
1869 const Client_data *const client = &dht->close_clientlist[i];
1870 const IPPTsPng *const assocs[] = { &client->assoc6, &client->assoc4, nullptr };
1871
1872 for (const IPPTsPng * const *it = assocs; *it; ++it) {
1873 const IPPTsPng *const assoc = *it;
1874
1875 if (ip_isset(&assoc->ip_port.ip)) {
1876 return sendpacket(dht->net, assoc->ip_port, packet, length);
1877 }
1878 }
1879
1880 break;
1881 }
1882 }
1883
1884 return -1;
1885 }
1886
1887 /* Puts all the different ips returned by the nodes for a friend_num into array ip_portlist.
1888 * ip_portlist must be at least MAX_FRIEND_CLIENTS big.
1889 *
1890 * return the number of ips returned.
1891 * return 0 if we are connected to friend or if no ips were found.
1892 * return -1 if no such friend.
1893 */
friend_iplist(const DHT * dht,IP_Port * ip_portlist,uint16_t friend_num)1894 static int friend_iplist(const DHT *dht, IP_Port *ip_portlist, uint16_t friend_num)
1895 {
1896 if (friend_num >= dht->num_friends) {
1897 return -1;
1898 }
1899
1900 const DHT_Friend *const dht_friend = &dht->friends_list[friend_num];
1901 IP_Port ipv4s[MAX_FRIEND_CLIENTS];
1902 int num_ipv4s = 0;
1903 IP_Port ipv6s[MAX_FRIEND_CLIENTS];
1904 int num_ipv6s = 0;
1905
1906 for (size_t i = 0; i < MAX_FRIEND_CLIENTS; ++i) {
1907 const Client_data *const client = &dht_friend->client_list[i];
1908
1909 /* If ip is not zero and node is good. */
1910 if (ip_isset(&client->assoc4.ret_ip_port.ip)
1911 && !mono_time_is_timeout(dht->mono_time, client->assoc4.ret_timestamp, BAD_NODE_TIMEOUT)) {
1912 ipv4s[num_ipv4s] = client->assoc4.ret_ip_port;
1913 ++num_ipv4s;
1914 }
1915
1916 if (ip_isset(&client->assoc6.ret_ip_port.ip)
1917 && !mono_time_is_timeout(dht->mono_time, client->assoc6.ret_timestamp, BAD_NODE_TIMEOUT)) {
1918 ipv6s[num_ipv6s] = client->assoc6.ret_ip_port;
1919 ++num_ipv6s;
1920 }
1921
1922 if (id_equal(client->public_key, dht_friend->public_key)) {
1923 if (!assoc_timeout(dht->last_run, &client->assoc6)
1924 || !assoc_timeout(dht->last_run, &client->assoc4)) {
1925 return 0; /* direct connectivity */
1926 }
1927 }
1928 }
1929
1930 #ifdef FRIEND_IPLIST_PAD
1931 memcpy(ip_portlist, ipv6s, num_ipv6s * sizeof(IP_Port));
1932
1933 if (num_ipv6s == MAX_FRIEND_CLIENTS) {
1934 return MAX_FRIEND_CLIENTS;
1935 }
1936
1937 int num_ipv4s_used = MAX_FRIEND_CLIENTS - num_ipv6s;
1938
1939 if (num_ipv4s_used > num_ipv4s) {
1940 num_ipv4s_used = num_ipv4s;
1941 }
1942
1943 memcpy(&ip_portlist[num_ipv6s], ipv4s, num_ipv4s_used * sizeof(IP_Port));
1944 return num_ipv6s + num_ipv4s_used;
1945
1946 #else /* !FRIEND_IPLIST_PAD */
1947
1948 /* there must be some secret reason why we can't pad the longer list
1949 * with the shorter one...
1950 */
1951 if (num_ipv6s >= num_ipv4s) {
1952 memcpy(ip_portlist, ipv6s, num_ipv6s * sizeof(IP_Port));
1953 return num_ipv6s;
1954 }
1955
1956 memcpy(ip_portlist, ipv4s, num_ipv4s * sizeof(IP_Port));
1957 return num_ipv4s;
1958
1959 #endif /* !FRIEND_IPLIST_PAD */
1960 }
1961
1962
1963 /* Send the following packet to everyone who tells us they are connected to friend_id.
1964 *
1965 * return ip for friend.
1966 * return number of nodes the packet was sent to. (Only works if more than (MAX_FRIEND_CLIENTS / 4).
1967 */
route_tofriend(const DHT * dht,const uint8_t * friend_id,const uint8_t * packet,uint16_t length)1968 int route_tofriend(const DHT *dht, const uint8_t *friend_id, const uint8_t *packet, uint16_t length)
1969 {
1970 const uint32_t num = index_of_friend_pk(dht->friends_list, dht->num_friends, friend_id);
1971
1972 if (num == UINT32_MAX) {
1973 return 0;
1974 }
1975
1976 uint32_t sent = 0;
1977
1978 IP_Port ip_list[MAX_FRIEND_CLIENTS];
1979 const int ip_num = friend_iplist(dht, ip_list, num);
1980
1981 if (ip_num < (MAX_FRIEND_CLIENTS / 4)) {
1982 return 0; /* Reason for that? */
1983 }
1984
1985 const DHT_Friend *const dht_friend = &dht->friends_list[num];
1986
1987 /* extra legwork, because having the outside allocating the space for us
1988 * is *usually* good(tm) (bites us in the behind in this case though) */
1989
1990 for (uint32_t i = 0; i < MAX_FRIEND_CLIENTS; ++i) {
1991 const Client_data *const client = &dht_friend->client_list[i];
1992 const IPPTsPng *const assocs[] = { &client->assoc4, &client->assoc6, nullptr };
1993
1994 for (const IPPTsPng * const *it = assocs; *it; ++it) {
1995 const IPPTsPng *const assoc = *it;
1996
1997 /* If ip is not zero and node is good. */
1998 if (ip_isset(&assoc->ret_ip_port.ip) && !mono_time_is_timeout(dht->mono_time, assoc->ret_timestamp, BAD_NODE_TIMEOUT)) {
1999 const int retval = sendpacket(dht->net, assoc->ip_port, packet, length);
2000
2001 if ((unsigned int)retval == length) {
2002 ++sent;
2003 break; /* Send one packet per client.*/
2004 }
2005 }
2006 }
2007 }
2008
2009 return sent;
2010 }
2011
2012 /* Send the following packet to one random person who tells us they are connected to friend_id.
2013 *
2014 * return number of nodes the packet was sent to.
2015 */
routeone_tofriend(DHT * dht,const uint8_t * friend_id,const uint8_t * packet,uint16_t length)2016 static int routeone_tofriend(DHT *dht, const uint8_t *friend_id, const uint8_t *packet, uint16_t length)
2017 {
2018 const uint32_t num = index_of_friend_pk(dht->friends_list, dht->num_friends, friend_id);
2019
2020 if (num == UINT32_MAX) {
2021 return 0;
2022 }
2023
2024 const DHT_Friend *const dht_friend = &dht->friends_list[num];
2025
2026 IP_Port ip_list[MAX_FRIEND_CLIENTS * 2];
2027 int n = 0;
2028
2029 /* extra legwork, because having the outside allocating the space for us
2030 * is *usually* good(tm) (bites us in the behind in this case though) */
2031
2032 for (uint32_t i = 0; i < MAX_FRIEND_CLIENTS; ++i) {
2033 const Client_data *const client = &dht_friend->client_list[i];
2034 const IPPTsPng *const assocs[] = { &client->assoc4, &client->assoc6, nullptr };
2035
2036 for (const IPPTsPng * const *it = assocs; *it; ++it) {
2037 const IPPTsPng *const assoc = *it;
2038
2039 /* If ip is not zero and node is good. */
2040 if (ip_isset(&assoc->ret_ip_port.ip) && !mono_time_is_timeout(dht->mono_time, assoc->ret_timestamp, BAD_NODE_TIMEOUT)) {
2041 ip_list[n] = assoc->ip_port;
2042 ++n;
2043 }
2044 }
2045 }
2046
2047 if (n < 1) {
2048 return 0;
2049 }
2050
2051 const int retval = sendpacket(dht->net, ip_list[random_u32() % n], packet, length);
2052
2053 if ((unsigned int)retval == length) {
2054 return 1;
2055 }
2056
2057 return 0;
2058 }
2059
2060 /*----------------------------------------------------------------------------------*/
2061 /*---------------------BEGINNING OF NAT PUNCHING FUNCTIONS--------------------------*/
2062
send_NATping(DHT * dht,const uint8_t * public_key,uint64_t ping_id,uint8_t type)2063 static int send_NATping(DHT *dht, const uint8_t *public_key, uint64_t ping_id, uint8_t type)
2064 {
2065 uint8_t data[sizeof(uint64_t) + 1];
2066 uint8_t packet[MAX_CRYPTO_REQUEST_SIZE];
2067
2068 int num = 0;
2069
2070 data[0] = type;
2071 memcpy(data + 1, &ping_id, sizeof(uint64_t));
2072 /* 254 is NAT ping request packet id */
2073 const int len = create_request(
2074 dht->self_public_key, dht->self_secret_key, packet, public_key, data,
2075 sizeof(uint64_t) + 1, CRYPTO_PACKET_NAT_PING);
2076
2077 if (len == -1) {
2078 return -1;
2079 }
2080
2081 if (type == 0) { /* If packet is request use many people to route it. */
2082 num = route_tofriend(dht, public_key, packet, len);
2083 } else if (type == 1) { /* If packet is response use only one person to route it */
2084 num = routeone_tofriend(dht, public_key, packet, len);
2085 }
2086
2087 if (num == 0) {
2088 return -1;
2089 }
2090
2091 return num;
2092 }
2093
2094 /* Handle a received ping request for. */
handle_NATping(void * object,IP_Port source,const uint8_t * source_pubkey,const uint8_t * packet,uint16_t length,void * userdata)2095 static int handle_NATping(void *object, IP_Port source, const uint8_t *source_pubkey, const uint8_t *packet,
2096 uint16_t length, void *userdata)
2097 {
2098 if (length != sizeof(uint64_t) + 1) {
2099 return 1;
2100 }
2101
2102 DHT *const dht = (DHT *)object;
2103 uint64_t ping_id;
2104 memcpy(&ping_id, packet + 1, sizeof(uint64_t));
2105
2106 uint32_t friendnumber = index_of_friend_pk(dht->friends_list, dht->num_friends, source_pubkey);
2107
2108 if (friendnumber == UINT32_MAX) {
2109 return 1;
2110 }
2111
2112 DHT_Friend *const dht_friend = &dht->friends_list[friendnumber];
2113
2114 if (packet[0] == NAT_PING_REQUEST) {
2115 /* 1 is reply */
2116 send_NATping(dht, source_pubkey, ping_id, NAT_PING_RESPONSE);
2117 dht_friend->nat.recv_nat_ping_timestamp = mono_time_get(dht->mono_time);
2118 return 0;
2119 }
2120
2121 if (packet[0] == NAT_PING_RESPONSE) {
2122 if (dht_friend->nat.nat_ping_id == ping_id) {
2123 dht_friend->nat.nat_ping_id = random_u64();
2124 dht_friend->nat.hole_punching = 1;
2125 return 0;
2126 }
2127 }
2128
2129 return 1;
2130 }
2131
2132 /* Get the most common ip in the ip_portlist.
2133 * Only return ip if it appears in list min_num or more.
2134 * len must not be bigger than MAX_FRIEND_CLIENTS.
2135 *
2136 * return ip of 0 if failure.
2137 */
nat_commonip(IP_Port * ip_portlist,uint16_t len,uint16_t min_num)2138 static IP nat_commonip(IP_Port *ip_portlist, uint16_t len, uint16_t min_num)
2139 {
2140 IP zero;
2141 ip_reset(&zero);
2142
2143 if (len > MAX_FRIEND_CLIENTS) {
2144 return zero;
2145 }
2146
2147 uint16_t numbers[MAX_FRIEND_CLIENTS] = {0};
2148
2149 for (uint32_t i = 0; i < len; ++i) {
2150 for (uint32_t j = 0; j < len; ++j) {
2151 if (ip_equal(&ip_portlist[i].ip, &ip_portlist[j].ip)) {
2152 ++numbers[i];
2153 }
2154 }
2155
2156 if (numbers[i] >= min_num) {
2157 return ip_portlist[i].ip;
2158 }
2159 }
2160
2161 return zero;
2162 }
2163
2164 /* Return all the ports for one ip in a list.
2165 * portlist must be at least len long,
2166 * where len is the length of ip_portlist.
2167 *
2168 * return number of ports and puts the list of ports in portlist.
2169 */
nat_getports(uint16_t * portlist,IP_Port * ip_portlist,uint16_t len,IP ip)2170 static uint16_t nat_getports(uint16_t *portlist, IP_Port *ip_portlist, uint16_t len, IP ip)
2171 {
2172 uint16_t num = 0;
2173
2174 for (uint32_t i = 0; i < len; ++i) {
2175 if (ip_equal(&ip_portlist[i].ip, &ip)) {
2176 portlist[num] = net_ntohs(ip_portlist[i].port);
2177 ++num;
2178 }
2179 }
2180
2181 return num;
2182 }
2183
punch_holes(DHT * dht,IP ip,uint16_t * port_list,uint16_t numports,uint16_t friend_num)2184 static void punch_holes(DHT *dht, IP ip, uint16_t *port_list, uint16_t numports, uint16_t friend_num)
2185 {
2186 if (!dht->hole_punching_enabled) {
2187 return;
2188 }
2189
2190 if (numports > MAX_FRIEND_CLIENTS || numports == 0) {
2191 return;
2192 }
2193
2194 const uint16_t first_port = port_list[0];
2195 uint32_t i;
2196
2197 for (i = 0; i < numports; ++i) {
2198 if (first_port != port_list[i]) {
2199 break;
2200 }
2201 }
2202
2203 if (i == numports) { /* If all ports are the same, only try that one port. */
2204 IP_Port pinging;
2205 ip_copy(&pinging.ip, &ip);
2206 pinging.port = net_htons(first_port);
2207 ping_send_request(dht->ping, pinging, dht->friends_list[friend_num].public_key);
2208 } else {
2209 for (i = 0; i < MAX_PUNCHING_PORTS; ++i) {
2210 /* TODO(irungentoo): Improve port guessing algorithm. */
2211 const uint32_t it = i + dht->friends_list[friend_num].nat.punching_index;
2212 const int8_t sign = (it % 2) ? -1 : 1;
2213 const uint32_t delta = sign * (it / (2 * numports));
2214 const uint32_t index = (it / 2) % numports;
2215 const uint16_t port = port_list[index] + delta;
2216 IP_Port pinging;
2217 ip_copy(&pinging.ip, &ip);
2218 pinging.port = net_htons(port);
2219 ping_send_request(dht->ping, pinging, dht->friends_list[friend_num].public_key);
2220 }
2221
2222 dht->friends_list[friend_num].nat.punching_index += i;
2223 }
2224
2225 if (dht->friends_list[friend_num].nat.tries > MAX_NORMAL_PUNCHING_TRIES) {
2226 const uint16_t port = 1024;
2227 IP_Port pinging;
2228 ip_copy(&pinging.ip, &ip);
2229
2230 for (i = 0; i < MAX_PUNCHING_PORTS; ++i) {
2231 uint32_t it = i + dht->friends_list[friend_num].nat.punching_index2;
2232 pinging.port = net_htons(port + it);
2233 ping_send_request(dht->ping, pinging, dht->friends_list[friend_num].public_key);
2234 }
2235
2236 dht->friends_list[friend_num].nat.punching_index2 += i - (MAX_PUNCHING_PORTS / 2);
2237 }
2238
2239 ++dht->friends_list[friend_num].nat.tries;
2240 }
2241
do_NAT(DHT * dht)2242 static void do_NAT(DHT *dht)
2243 {
2244 const uint64_t temp_time = mono_time_get(dht->mono_time);
2245
2246 for (uint32_t i = 0; i < dht->num_friends; ++i) {
2247 IP_Port ip_list[MAX_FRIEND_CLIENTS];
2248 const int num = friend_iplist(dht, ip_list, i);
2249
2250 /* If already connected or friend is not online don't try to hole punch. */
2251 if (num < MAX_FRIEND_CLIENTS / 2) {
2252 continue;
2253 }
2254
2255 if (dht->friends_list[i].nat.nat_ping_timestamp + PUNCH_INTERVAL < temp_time) {
2256 send_NATping(dht, dht->friends_list[i].public_key, dht->friends_list[i].nat.nat_ping_id, NAT_PING_REQUEST);
2257 dht->friends_list[i].nat.nat_ping_timestamp = temp_time;
2258 }
2259
2260 if (dht->friends_list[i].nat.hole_punching == 1 &&
2261 dht->friends_list[i].nat.punching_timestamp + PUNCH_INTERVAL < temp_time &&
2262 dht->friends_list[i].nat.recv_nat_ping_timestamp + PUNCH_INTERVAL * 2 >= temp_time) {
2263
2264 const IP ip = nat_commonip(ip_list, num, MAX_FRIEND_CLIENTS / 2);
2265
2266 if (!ip_isset(&ip)) {
2267 continue;
2268 }
2269
2270 if (dht->friends_list[i].nat.punching_timestamp + PUNCH_RESET_TIME < temp_time) {
2271 dht->friends_list[i].nat.tries = 0;
2272 dht->friends_list[i].nat.punching_index = 0;
2273 dht->friends_list[i].nat.punching_index2 = 0;
2274 }
2275
2276 uint16_t port_list[MAX_FRIEND_CLIENTS];
2277 const uint16_t numports = nat_getports(port_list, ip_list, num, ip);
2278 punch_holes(dht, ip, port_list, numports, i);
2279
2280 dht->friends_list[i].nat.punching_timestamp = temp_time;
2281 dht->friends_list[i].nat.hole_punching = 0;
2282 }
2283 }
2284 }
2285
2286 /*----------------------------------------------------------------------------------*/
2287 /*-----------------------END OF NAT PUNCHING FUNCTIONS------------------------------*/
2288
2289 #define DHT_HARDENING 0
2290 #define HARDREQ_DATA_SIZE 384 // Attempt to prevent amplification/other attacks
2291
2292 typedef enum Check_Type {
2293 CHECK_TYPE_ROUTE_REQ = 0,
2294 CHECK_TYPE_ROUTE_RES = 1,
2295 CHECK_TYPE_GETNODE_REQ = 2,
2296 CHECK_TYPE_GETNODE_RES = 3,
2297 CHECK_TYPE_TEST_REQ = 4,
2298 CHECK_TYPE_TEST_RES = 5,
2299 } Check_Type;
2300
2301 #if DHT_HARDENING
send_hardening_req(DHT * dht,Node_format * sendto,uint8_t type,uint8_t * contents,uint16_t length)2302 static int send_hardening_req(DHT *dht, Node_format *sendto, uint8_t type, uint8_t *contents, uint16_t length)
2303 {
2304 if (length > HARDREQ_DATA_SIZE - 1) {
2305 return -1;
2306 }
2307
2308 uint8_t packet[MAX_CRYPTO_REQUEST_SIZE];
2309 uint8_t data[HARDREQ_DATA_SIZE] = {0};
2310 data[0] = type;
2311 memcpy(data + 1, contents, length);
2312 const int len = create_request(
2313 dht->self_public_key, dht->self_secret_key, packet, sendto->public_key,
2314 data, sizeof(data), CRYPTO_PACKET_HARDENING);
2315
2316 if (len == -1) {
2317 return -1;
2318 }
2319
2320 return sendpacket(dht->net, sendto->ip_port, packet, len);
2321 }
2322
2323 /* Send a get node hardening request */
send_hardening_getnode_req(DHT * dht,Node_format * dest,Node_format * node_totest,uint8_t * search_id)2324 static int send_hardening_getnode_req(DHT *dht, Node_format *dest, Node_format *node_totest, uint8_t *search_id)
2325 {
2326 uint8_t data[sizeof(Node_format) + CRYPTO_PUBLIC_KEY_SIZE];
2327 memcpy(data, node_totest, sizeof(Node_format));
2328 memcpy(data + sizeof(Node_format), search_id, CRYPTO_PUBLIC_KEY_SIZE);
2329 return send_hardening_req(dht, dest, CHECK_TYPE_GETNODE_REQ, data, sizeof(Node_format) + CRYPTO_PUBLIC_KEY_SIZE);
2330 }
2331 #endif
2332
2333 /* Send a get node hardening response */
send_hardening_getnode_res(const DHT * dht,const Node_format * sendto,const uint8_t * queried_client_id,const uint8_t * nodes_data,uint16_t nodes_data_length)2334 static int send_hardening_getnode_res(const DHT *dht, const Node_format *sendto, const uint8_t *queried_client_id,
2335 const uint8_t *nodes_data, uint16_t nodes_data_length)
2336 {
2337 if (!ip_isset(&sendto->ip_port.ip)) {
2338 return -1;
2339 }
2340
2341 uint8_t packet[MAX_CRYPTO_REQUEST_SIZE];
2342 VLA(uint8_t, data, 1 + CRYPTO_PUBLIC_KEY_SIZE + nodes_data_length);
2343 data[0] = CHECK_TYPE_GETNODE_RES;
2344 memcpy(data + 1, queried_client_id, CRYPTO_PUBLIC_KEY_SIZE);
2345 memcpy(data + 1 + CRYPTO_PUBLIC_KEY_SIZE, nodes_data, nodes_data_length);
2346 const int len = create_request(
2347 dht->self_public_key, dht->self_secret_key, packet, sendto->public_key,
2348 data, SIZEOF_VLA(data), CRYPTO_PACKET_HARDENING);
2349
2350 if (len == -1) {
2351 return -1;
2352 }
2353
2354 return sendpacket(dht->net, sendto->ip_port, packet, len);
2355 }
2356
2357 /* TODO(irungentoo): improve */
get_closelist_IPPTsPng(DHT * dht,const uint8_t * public_key,Family sa_family)2358 static IPPTsPng *get_closelist_IPPTsPng(DHT *dht, const uint8_t *public_key, Family sa_family)
2359 {
2360 for (uint32_t i = 0; i < LCLIENT_LIST; ++i) {
2361 if (!id_equal(dht->close_clientlist[i].public_key, public_key)) {
2362 continue;
2363 }
2364
2365 if (net_family_is_ipv4(sa_family)) {
2366 return &dht->close_clientlist[i].assoc4;
2367 }
2368
2369 if (net_family_is_ipv6(sa_family)) {
2370 return &dht->close_clientlist[i].assoc6;
2371 }
2372 }
2373
2374 return nullptr;
2375 }
2376
2377 /*
2378 * check how many nodes in nodes are also present in the closelist.
2379 * TODO(irungentoo): make this function better.
2380 */
have_nodes_closelist(DHT * dht,Node_format * nodes,uint16_t num)2381 static uint32_t have_nodes_closelist(DHT *dht, Node_format *nodes, uint16_t num)
2382 {
2383 uint32_t counter = 0;
2384
2385 for (uint32_t i = 0; i < num; ++i) {
2386 if (id_equal(nodes[i].public_key, dht->self_public_key)) {
2387 ++counter;
2388 continue;
2389 }
2390
2391 const IPPTsPng *const temp = get_closelist_IPPTsPng(dht, nodes[i].public_key, nodes[i].ip_port.ip.family);
2392
2393 if (temp) {
2394 if (!assoc_timeout(dht->last_run, temp)) {
2395 ++counter;
2396 }
2397 }
2398 }
2399
2400 return counter;
2401 }
2402
2403 /* Interval in seconds between hardening checks */
2404 #define HARDENING_INTERVAL 120
2405
2406 /* Handle a received hardening packet */
handle_hardening(void * object,IP_Port source,const uint8_t * source_pubkey,const uint8_t * packet,uint16_t length,void * userdata)2407 static int handle_hardening(void *object, IP_Port source, const uint8_t *source_pubkey, const uint8_t *packet,
2408 uint16_t length, void *userdata)
2409 {
2410 DHT *const dht = (DHT *)object;
2411
2412 if (length < 2) {
2413 return 1;
2414 }
2415
2416 switch (packet[0]) {
2417 case CHECK_TYPE_GETNODE_REQ: {
2418 if (length != HARDREQ_DATA_SIZE) {
2419 return 1;
2420 }
2421
2422 Node_format node;
2423 Node_format tocheck_node;
2424 node.ip_port = source;
2425 memcpy(node.public_key, source_pubkey, CRYPTO_PUBLIC_KEY_SIZE);
2426 memcpy(&tocheck_node, packet + 1, sizeof(Node_format));
2427
2428 if (getnodes(dht, tocheck_node.ip_port, tocheck_node.public_key, packet + 1 + sizeof(Node_format), &node) == -1) {
2429 return 1;
2430 }
2431
2432 return 0;
2433 }
2434
2435 case CHECK_TYPE_GETNODE_RES: {
2436 if (length <= CRYPTO_PUBLIC_KEY_SIZE + 1) {
2437 return 1;
2438 }
2439
2440 if (length > 1 + CRYPTO_PUBLIC_KEY_SIZE + sizeof(Node_format) * MAX_SENT_NODES) {
2441 return 1;
2442 }
2443
2444 uint16_t length_nodes = length - 1 - CRYPTO_PUBLIC_KEY_SIZE;
2445 Node_format nodes[MAX_SENT_NODES];
2446 const int num_nodes = unpack_nodes(nodes, MAX_SENT_NODES, nullptr, packet + 1 + CRYPTO_PUBLIC_KEY_SIZE,
2447 length_nodes, 0);
2448
2449 /* TODO(irungentoo): MAX_SENT_NODES nodes should be returned at all times
2450 * (right now we have a small network size so it could cause problems for testing and etc..) */
2451 if (num_nodes <= 0) {
2452 return 1;
2453 }
2454
2455 /* NOTE: This should work for now but should be changed to something better. */
2456 if (have_nodes_closelist(dht, nodes, num_nodes) < (uint32_t)((num_nodes + 2) / 2)) {
2457 return 1;
2458 }
2459
2460 IPPTsPng *const temp = get_closelist_IPPTsPng(dht, packet + 1, nodes[0].ip_port.ip.family);
2461
2462 if (temp == nullptr) {
2463 return 1;
2464 }
2465
2466 if (mono_time_is_timeout(dht->mono_time, temp->hardening.send_nodes_timestamp, HARDENING_INTERVAL)) {
2467 return 1;
2468 }
2469
2470 if (!id_equal(temp->hardening.send_nodes_pingedid, source_pubkey)) {
2471 return 1;
2472 }
2473
2474 /* If Nodes look good and the request checks out */
2475 temp->hardening.send_nodes_ok = 1;
2476 return 0;/* success*/
2477 }
2478 }
2479
2480 return 1;
2481 }
2482
2483 #if DHT_HARDENING
2484 #define HARDEN_TIMEOUT 1200
2485
2486 /* Return a random node from all the nodes we are connected to.
2487 * TODO(irungentoo): improve this function.
2488 */
random_node(DHT * dht,Family sa_family)2489 static Node_format random_node(DHT *dht, Family sa_family)
2490 {
2491 uint8_t id[CRYPTO_PUBLIC_KEY_SIZE];
2492
2493 for (uint32_t i = 0; i < CRYPTO_PUBLIC_KEY_SIZE / 4; ++i) { /* populate the id with pseudorandom bytes.*/
2494 const uint32_t t = random_u32();
2495 memcpy(id + i * sizeof(t), &t, sizeof(t));
2496 }
2497
2498 Node_format nodes_list[MAX_SENT_NODES];
2499 memset(nodes_list, 0, sizeof(nodes_list));
2500 const uint32_t num_nodes = get_close_nodes(dht, id, nodes_list, sa_family, 1, 0);
2501
2502 if (num_nodes == 0) {
2503 return nodes_list[0];
2504 }
2505
2506 return nodes_list[random_u32() % num_nodes];
2507 }
2508 #endif
2509
2510 /* Put up to max_num nodes in nodes from the closelist.
2511 *
2512 * return the number of nodes.
2513 */
list_nodes(Client_data * list,size_t length,uint64_t cur_time,Node_format * nodes,uint16_t max_num)2514 static uint16_t list_nodes(Client_data *list, size_t length, uint64_t cur_time, Node_format *nodes,
2515 uint16_t max_num)
2516 {
2517 if (max_num == 0) {
2518 return 0;
2519 }
2520
2521 uint16_t count = 0;
2522
2523 for (size_t i = length; i != 0; --i) {
2524 const IPPTsPng *assoc = nullptr;
2525
2526 if (!assoc_timeout(cur_time, &list[i - 1].assoc4)) {
2527 assoc = &list[i - 1].assoc4;
2528 }
2529
2530 if (!assoc_timeout(cur_time, &list[i - 1].assoc6)) {
2531 if (assoc == nullptr) {
2532 assoc = &list[i - 1].assoc6;
2533 } else if (random_u08() % 2) {
2534 assoc = &list[i - 1].assoc6;
2535 }
2536 }
2537
2538 if (assoc != nullptr) {
2539 memcpy(nodes[count].public_key, list[i - 1].public_key, CRYPTO_PUBLIC_KEY_SIZE);
2540 nodes[count].ip_port = assoc->ip_port;
2541 ++count;
2542
2543 if (count >= max_num) {
2544 return count;
2545 }
2546 }
2547 }
2548
2549 return count;
2550 }
2551
2552 /* Put up to max_num nodes in nodes from the random friends.
2553 *
2554 * return the number of nodes.
2555 */
randfriends_nodes(DHT * dht,Node_format * nodes,uint16_t max_num)2556 uint16_t randfriends_nodes(DHT *dht, Node_format *nodes, uint16_t max_num)
2557 {
2558 if (max_num == 0) {
2559 return 0;
2560 }
2561
2562 uint16_t count = 0;
2563 const uint32_t r = random_u32();
2564
2565 for (size_t i = 0; i < DHT_FAKE_FRIEND_NUMBER; ++i) {
2566 count += list_nodes(dht->friends_list[(i + r) % DHT_FAKE_FRIEND_NUMBER].client_list, MAX_FRIEND_CLIENTS, dht->last_run,
2567 nodes + count, max_num - count);
2568
2569 if (count >= max_num) {
2570 break;
2571 }
2572 }
2573
2574 return count;
2575 }
2576
2577 /* Put up to max_num nodes in nodes from the closelist.
2578 *
2579 * return the number of nodes.
2580 */
closelist_nodes(DHT * dht,Node_format * nodes,uint16_t max_num)2581 uint16_t closelist_nodes(DHT *dht, Node_format *nodes, uint16_t max_num)
2582 {
2583 return list_nodes(dht->close_clientlist, LCLIENT_LIST, dht->last_run, nodes, max_num);
2584 }
2585
2586 #if DHT_HARDENING
do_hardening(DHT * dht)2587 static void do_hardening(DHT *dht)
2588 {
2589 for (uint32_t i = 0; i < LCLIENT_LIST * 2; ++i) {
2590 IPPTsPng *cur_iptspng;
2591 Family sa_family;
2592 const uint8_t *const public_key = dht->close_clientlist[i / 2].public_key;
2593
2594 if (i % 2 == 0) {
2595 cur_iptspng = &dht->close_clientlist[i / 2].assoc4;
2596 sa_family = net_family_ipv4;
2597 } else {
2598 cur_iptspng = &dht->close_clientlist[i / 2].assoc6;
2599 sa_family = net_family_ipv6;
2600 }
2601
2602 if (assoc_timeout(dht->mono_time, cur_iptspng)) {
2603 continue;
2604 }
2605
2606 if (cur_iptspng->hardening.send_nodes_ok == 0) {
2607 if (mono_time_is_timeout(dht->mono_time, cur_iptspng->hardening.send_nodes_timestamp, HARDENING_INTERVAL)) {
2608 Node_format rand_node = random_node(dht, sa_family);
2609
2610 if (!ipport_isset(&rand_node.ip_port)) {
2611 continue;
2612 }
2613
2614 if (id_equal(public_key, rand_node.public_key)) {
2615 continue;
2616 }
2617
2618 Node_format to_test;
2619 to_test.ip_port = cur_iptspng->ip_port;
2620 memcpy(to_test.public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
2621
2622 // TODO(irungentoo): The search id should maybe not be ours?
2623 if (send_hardening_getnode_req(dht, &rand_node, &to_test, dht->self_public_key) > 0) {
2624 memcpy(cur_iptspng->hardening.send_nodes_pingedid, rand_node.public_key, CRYPTO_PUBLIC_KEY_SIZE);
2625 cur_iptspng->hardening.send_nodes_timestamp = mono_time_get(dht->mono_time);
2626 }
2627 }
2628 } else {
2629 if (mono_time_is_timeout(dht->mono_time, cur_iptspng->hardening.send_nodes_timestamp, HARDEN_TIMEOUT)) {
2630 cur_iptspng->hardening.send_nodes_ok = 0;
2631 }
2632 }
2633
2634 // TODO(irungentoo): add the 2 other testers.
2635 }
2636 }
2637 #endif
2638
2639 /*----------------------------------------------------------------------------------*/
2640
cryptopacket_registerhandler(DHT * dht,uint8_t byte,cryptopacket_handler_cb * cb,void * object)2641 void cryptopacket_registerhandler(DHT *dht, uint8_t byte, cryptopacket_handler_cb *cb, void *object)
2642 {
2643 dht->cryptopackethandlers[byte].function = cb;
2644 dht->cryptopackethandlers[byte].object = object;
2645 }
2646
cryptopacket_handle(void * object,IP_Port source,const uint8_t * packet,uint16_t length,void * userdata)2647 static int cryptopacket_handle(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata)
2648 {
2649 DHT *const dht = (DHT *)object;
2650
2651 assert(packet[0] == NET_PACKET_CRYPTO);
2652
2653 if (length <= CRYPTO_PUBLIC_KEY_SIZE * 2 + CRYPTO_NONCE_SIZE + 1 + CRYPTO_MAC_SIZE ||
2654 length > MAX_CRYPTO_REQUEST_SIZE + CRYPTO_MAC_SIZE) {
2655 return 1;
2656 }
2657
2658 // Check if request is for us.
2659 if (id_equal(packet + 1, dht->self_public_key)) {
2660 uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE];
2661 uint8_t data[MAX_CRYPTO_REQUEST_SIZE];
2662 uint8_t number;
2663 const int len = handle_request(dht->self_public_key, dht->self_secret_key, public_key,
2664 data, &number, packet, length);
2665
2666 if (len == -1 || len == 0) {
2667 return 1;
2668 }
2669
2670 if (!dht->cryptopackethandlers[number].function) {
2671 return 1;
2672 }
2673
2674 return dht->cryptopackethandlers[number].function(
2675 dht->cryptopackethandlers[number].object, source, public_key,
2676 data, len, userdata);
2677 }
2678
2679 /* If request is not for us, try routing it. */
2680 const int retval = route_packet(dht, packet + 1, packet, length);
2681
2682 if ((unsigned int)retval == length) {
2683 return 0;
2684 }
2685
2686 return 1;
2687 }
2688
2689 /*----------------------------------------------------------------------------------*/
2690
new_dht(const Logger * log,Mono_Time * mono_time,Networking_Core * net,bool holepunching_enabled)2691 DHT *new_dht(const Logger *log, Mono_Time *mono_time, Networking_Core *net, bool holepunching_enabled)
2692 {
2693 if (net == nullptr) {
2694 return nullptr;
2695 }
2696
2697 DHT *const dht = (DHT *)calloc(1, sizeof(DHT));
2698
2699 if (dht == nullptr) {
2700 return nullptr;
2701 }
2702
2703 dht->mono_time = mono_time;
2704 dht->last_run = mono_time_get(mono_time);
2705 dht->log = log;
2706 dht->net = net;
2707
2708 dht->hole_punching_enabled = holepunching_enabled;
2709
2710 dht->ping = ping_new(mono_time, dht);
2711
2712 if (dht->ping == nullptr) {
2713 kill_dht(dht);
2714 return nullptr;
2715 }
2716
2717 networking_registerhandler(dht->net, NET_PACKET_GET_NODES, &handle_getnodes, dht);
2718 networking_registerhandler(dht->net, NET_PACKET_SEND_NODES_IPV6, &handle_sendnodes_ipv6, dht);
2719 networking_registerhandler(dht->net, NET_PACKET_CRYPTO, &cryptopacket_handle, dht);
2720 cryptopacket_registerhandler(dht, CRYPTO_PACKET_NAT_PING, &handle_NATping, dht);
2721 cryptopacket_registerhandler(dht, CRYPTO_PACKET_HARDENING, &handle_hardening, dht);
2722
2723 crypto_new_keypair(dht->self_public_key, dht->self_secret_key);
2724
2725 dht->dht_ping_array = ping_array_new(DHT_PING_ARRAY_SIZE, PING_TIMEOUT);
2726 dht->dht_harden_ping_array = ping_array_new(DHT_PING_ARRAY_SIZE, PING_TIMEOUT);
2727
2728 if (dht->dht_ping_array == nullptr || dht->dht_harden_ping_array == nullptr) {
2729 kill_dht(dht);
2730 return nullptr;
2731 }
2732
2733 for (uint32_t i = 0; i < DHT_FAKE_FRIEND_NUMBER; ++i) {
2734 uint8_t random_public_key_bytes[CRYPTO_PUBLIC_KEY_SIZE];
2735 uint8_t random_secret_key_bytes[CRYPTO_SECRET_KEY_SIZE];
2736
2737 crypto_new_keypair(random_public_key_bytes, random_secret_key_bytes);
2738
2739 if (dht_addfriend(dht, random_public_key_bytes, nullptr, nullptr, 0, nullptr) != 0) {
2740 kill_dht(dht);
2741 return nullptr;
2742 }
2743 }
2744
2745 return dht;
2746 }
2747
do_dht(DHT * dht)2748 void do_dht(DHT *dht)
2749 {
2750 const uint64_t cur_time = mono_time_get(dht->mono_time);
2751
2752 if (dht->last_run == cur_time) {
2753 return;
2754 }
2755
2756 dht->last_run = cur_time;
2757
2758 // Load friends/clients if first call to do_dht
2759 if (dht->loaded_num_nodes) {
2760 dht_connect_after_load(dht);
2761 }
2762
2763 do_Close(dht);
2764 do_dht_friends(dht);
2765 do_NAT(dht);
2766 ping_iterate(dht->ping);
2767 #if DHT_HARDENING
2768 do_hardening(dht);
2769 #endif
2770 }
2771
kill_dht(DHT * dht)2772 void kill_dht(DHT *dht)
2773 {
2774 networking_registerhandler(dht->net, NET_PACKET_GET_NODES, nullptr, nullptr);
2775 networking_registerhandler(dht->net, NET_PACKET_SEND_NODES_IPV6, nullptr, nullptr);
2776 cryptopacket_registerhandler(dht, CRYPTO_PACKET_NAT_PING, nullptr, nullptr);
2777 cryptopacket_registerhandler(dht, CRYPTO_PACKET_HARDENING, nullptr, nullptr);
2778 ping_array_kill(dht->dht_ping_array);
2779 ping_array_kill(dht->dht_harden_ping_array);
2780 ping_kill(dht->ping);
2781 free(dht->friends_list);
2782 free(dht->loaded_nodes_list);
2783 free(dht);
2784 }
2785
2786 /* new DHT format for load/save, more robust and forward compatible */
2787 // TODO(irungentoo): Move this closer to Messenger.
2788 #define DHT_STATE_COOKIE_GLOBAL 0x159000d
2789
2790 #define DHT_STATE_COOKIE_TYPE 0x11ce
2791 #define DHT_STATE_TYPE_NODES 4
2792
2793 #define MAX_SAVED_DHT_NODES (((DHT_FAKE_FRIEND_NUMBER * MAX_FRIEND_CLIENTS) + LCLIENT_LIST) * 2)
2794
2795 /* Get the size of the DHT (for saving). */
dht_size(const DHT * dht)2796 uint32_t dht_size(const DHT *dht)
2797 {
2798 uint32_t numv4 = 0;
2799 uint32_t numv6 = 0;
2800
2801 for (uint32_t i = 0; i < dht->loaded_num_nodes; ++i) {
2802 numv4 += net_family_is_ipv4(dht->loaded_nodes_list[i].ip_port.ip.family);
2803 numv6 += net_family_is_ipv6(dht->loaded_nodes_list[i].ip_port.ip.family);
2804 }
2805
2806 for (uint32_t i = 0; i < LCLIENT_LIST; ++i) {
2807 numv4 += (dht->close_clientlist[i].assoc4.timestamp != 0);
2808 numv6 += (dht->close_clientlist[i].assoc6.timestamp != 0);
2809 }
2810
2811 for (uint32_t i = 0; i < DHT_FAKE_FRIEND_NUMBER && i < dht->num_friends; ++i) {
2812 const DHT_Friend *const fr = &dht->friends_list[i];
2813
2814 for (uint32_t j = 0; j < MAX_FRIEND_CLIENTS; ++j) {
2815 numv4 += (fr->client_list[j].assoc4.timestamp != 0);
2816 numv6 += (fr->client_list[j].assoc6.timestamp != 0);
2817 }
2818 }
2819
2820 const uint32_t size32 = sizeof(uint32_t);
2821 const uint32_t sizesubhead = size32 * 2;
2822
2823 return size32 + sizesubhead + packed_node_size(net_family_ipv4) * numv4 + packed_node_size(net_family_ipv6) * numv6;
2824 }
2825
2826 /* Save the DHT in data where data is an array of size dht_size(). */
dht_save(const DHT * dht,uint8_t * data)2827 void dht_save(const DHT *dht, uint8_t *data)
2828 {
2829 host_to_lendian_bytes32(data, DHT_STATE_COOKIE_GLOBAL);
2830 data += sizeof(uint32_t);
2831
2832 uint8_t *const old_data = data;
2833
2834 /* get right offset. we write the actual header later. */
2835 data = state_write_section_header(data, DHT_STATE_COOKIE_TYPE, 0, 0);
2836
2837 Node_format *clients = (Node_format *)malloc(MAX_SAVED_DHT_NODES * sizeof(Node_format));
2838
2839 if (clients == nullptr) {
2840 LOGGER_ERROR(dht->log, "could not allocate %u nodes", MAX_SAVED_DHT_NODES);
2841 return;
2842 }
2843
2844 uint32_t num = 0;
2845
2846 if (dht->loaded_num_nodes > 0) {
2847 memcpy(clients, dht->loaded_nodes_list, sizeof(Node_format) * dht->loaded_num_nodes);
2848 num += dht->loaded_num_nodes;
2849 }
2850
2851 for (uint32_t i = 0; i < LCLIENT_LIST; ++i) {
2852 if (dht->close_clientlist[i].assoc4.timestamp != 0) {
2853 memcpy(clients[num].public_key, dht->close_clientlist[i].public_key, CRYPTO_PUBLIC_KEY_SIZE);
2854 clients[num].ip_port = dht->close_clientlist[i].assoc4.ip_port;
2855 ++num;
2856 }
2857
2858 if (dht->close_clientlist[i].assoc6.timestamp != 0) {
2859 memcpy(clients[num].public_key, dht->close_clientlist[i].public_key, CRYPTO_PUBLIC_KEY_SIZE);
2860 clients[num].ip_port = dht->close_clientlist[i].assoc6.ip_port;
2861 ++num;
2862 }
2863 }
2864
2865 for (uint32_t i = 0; i < DHT_FAKE_FRIEND_NUMBER && i < dht->num_friends; ++i) {
2866 const DHT_Friend *const fr = &dht->friends_list[i];
2867
2868 for (uint32_t j = 0; j < MAX_FRIEND_CLIENTS; ++j) {
2869 if (fr->client_list[j].assoc4.timestamp != 0) {
2870 memcpy(clients[num].public_key, fr->client_list[j].public_key, CRYPTO_PUBLIC_KEY_SIZE);
2871 clients[num].ip_port = fr->client_list[j].assoc4.ip_port;
2872 ++num;
2873 }
2874
2875 if (fr->client_list[j].assoc6.timestamp != 0) {
2876 memcpy(clients[num].public_key, fr->client_list[j].public_key, CRYPTO_PUBLIC_KEY_SIZE);
2877 clients[num].ip_port = fr->client_list[j].assoc6.ip_port;
2878 ++num;
2879 }
2880 }
2881 }
2882
2883 state_write_section_header(old_data, DHT_STATE_COOKIE_TYPE, pack_nodes(data, sizeof(Node_format) * num, clients, num),
2884 DHT_STATE_TYPE_NODES);
2885
2886 free(clients);
2887 }
2888
2889 /* Bootstrap from this number of nodes every time dht_connect_after_load() is called */
2890 #define SAVE_BOOTSTAP_FREQUENCY 8
2891
2892 /* Start sending packets after DHT loaded_friends_list and loaded_clients_list are set */
dht_connect_after_load(DHT * dht)2893 int dht_connect_after_load(DHT *dht)
2894 {
2895 if (dht == nullptr) {
2896 return -1;
2897 }
2898
2899 if (!dht->loaded_nodes_list) {
2900 return -1;
2901 }
2902
2903 /* DHT is connected, stop. */
2904 if (dht_non_lan_connected(dht)) {
2905 free(dht->loaded_nodes_list);
2906 dht->loaded_nodes_list = nullptr;
2907 dht->loaded_num_nodes = 0;
2908 return 0;
2909 }
2910
2911 for (uint32_t i = 0; i < dht->loaded_num_nodes && i < SAVE_BOOTSTAP_FREQUENCY; ++i) {
2912 const unsigned int index = dht->loaded_nodes_index % dht->loaded_num_nodes;
2913 dht_bootstrap(dht, dht->loaded_nodes_list[index].ip_port, dht->loaded_nodes_list[index].public_key);
2914 ++dht->loaded_nodes_index;
2915 }
2916
2917 return 0;
2918 }
2919
dht_load_state_callback(void * outer,const uint8_t * data,uint32_t length,uint16_t type)2920 static State_Load_Status dht_load_state_callback(void *outer, const uint8_t *data, uint32_t length, uint16_t type)
2921 {
2922 DHT *dht = (DHT *)outer;
2923
2924 switch (type) {
2925 case DHT_STATE_TYPE_NODES: {
2926 if (length == 0) {
2927 break;
2928 }
2929
2930 free(dht->loaded_nodes_list);
2931 // Copy to loaded_clients_list
2932 dht->loaded_nodes_list = (Node_format *)calloc(MAX_SAVED_DHT_NODES, sizeof(Node_format));
2933
2934 if (dht->loaded_nodes_list == nullptr) {
2935 LOGGER_ERROR(dht->log, "could not allocate %u nodes", MAX_SAVED_DHT_NODES);
2936 dht->loaded_num_nodes = 0;
2937 break;
2938 }
2939
2940 const int num = unpack_nodes(dht->loaded_nodes_list, MAX_SAVED_DHT_NODES, nullptr, data, length, 0);
2941
2942 if (num > 0) {
2943 dht->loaded_num_nodes = num;
2944 } else {
2945 dht->loaded_num_nodes = 0;
2946 }
2947
2948 break;
2949 }
2950
2951 default:
2952 LOGGER_ERROR(dht->log, "Load state (DHT): contains unrecognized part (len %u, type %u)",
2953 length, type);
2954 break;
2955 }
2956
2957 return STATE_LOAD_STATUS_CONTINUE;
2958 }
2959
2960 /* Load the DHT from data of size size.
2961 *
2962 * return -1 if failure.
2963 * return 0 if success.
2964 */
dht_load(DHT * dht,const uint8_t * data,uint32_t length)2965 int dht_load(DHT *dht, const uint8_t *data, uint32_t length)
2966 {
2967 const uint32_t cookie_len = sizeof(uint32_t);
2968
2969 if (length > cookie_len) {
2970 uint32_t data32;
2971 lendian_bytes_to_host32(&data32, data);
2972
2973 if (data32 == DHT_STATE_COOKIE_GLOBAL) {
2974 return state_load(dht->log, dht_load_state_callback, dht, data + cookie_len,
2975 length - cookie_len, DHT_STATE_COOKIE_TYPE);
2976 }
2977 }
2978
2979 return -1;
2980 }
2981
2982 /* return false if we are not connected to the DHT.
2983 * return true if we are.
2984 */
dht_isconnected(const DHT * dht)2985 bool dht_isconnected(const DHT *dht)
2986 {
2987 for (uint32_t i = 0; i < LCLIENT_LIST; ++i) {
2988 const Client_data *const client = &dht->close_clientlist[i];
2989
2990 if (!assoc_timeout(dht->last_run, &client->assoc4) ||
2991 !assoc_timeout(dht->last_run, &client->assoc6)) {
2992 return true;
2993 }
2994 }
2995
2996 return false;
2997 }
2998
2999 /* return false if we are not connected or only connected to lan peers with the DHT.
3000 * return true if we are.
3001 */
dht_non_lan_connected(const DHT * dht)3002 bool dht_non_lan_connected(const DHT *dht)
3003 {
3004 for (uint32_t i = 0; i < LCLIENT_LIST; ++i) {
3005 const Client_data *const client = &dht->close_clientlist[i];
3006
3007 if (!assoc_timeout(dht->last_run, &client->assoc4)
3008 && !ip_is_lan(client->assoc4.ip_port.ip)) {
3009 return true;
3010 }
3011
3012 if (!assoc_timeout(dht->last_run, &client->assoc6)
3013 && !ip_is_lan(client->assoc6.ip_port.ip)) {
3014 return true;
3015 }
3016 }
3017
3018 return false;
3019 }
3020