source: trunk/libtransmission/handshake.c @ 3450

Last change on this file since 3450 was 3450, checked in by charles, 15 years ago

remove stubs for Azureus extension negotiation

  • Property svn:keywords set to Date Rev Author Id
File size: 31.0 KB
Line 
1/*
2 * This file Copyright (C) 2007 Charles Kerr <charles@rebelbase.com>
3 *
4 * This file is licensed by the GPL version 2.  Works owned by the
5 * Transmission project are granted a special exemption to clause 2(b)
6 * so that the bulk of its code can remain under the MIT license.
7 * This exemption does not extend to derived works not owned by
8 * the Transmission project.
9 *
10 * $Id: handshake.c 3450 2007-10-17 18:53:17Z charles $
11 */
12
13#include <assert.h>
14#include <errno.h>
15#include <inttypes.h>
16#include <limits.h> /* UCHAR_MAX */
17#include <string.h>
18#include <stdio.h>
19
20#include <sys/types.h> /* event.h needs this */
21#include <event.h>
22
23#include "clients.h"
24#include "transmission.h"
25#include "bencode.h"
26#include "crypto.h"
27#include "handshake.h"
28#include "peer-io.h"
29#include "trevent.h"
30#include "utils.h"
31
32/* enable LibTransmission extension protocol */
33#define ENABLE_LTEP */
34
35/* enable fast peers extension protocol */
36/* #define ENABLE_FASTPEER */
37
38/***
39****
40***/
41
42#define HANDSHAKE_NAME "\023BitTorrent protocol"
43
44enum
45{
46    /* BitTorrent Handshake Constants */
47    HANDSHAKE_NAME_LEN             = 20,
48    HANDSHAKE_FLAGS_LEN            = 8,
49    HANDSHAKE_SIZE                 = 68,
50    PEER_ID_LEN                    = 20,
51
52    /* Encryption Constants */
53    PadA_MAXLEN                    = 512,
54    PadB_MAXLEN                    = 512,
55    PadC_MAXLEN                    = 512,
56    PadD_MAXLEN                    = 512,
57    VC_LENGTH                      = 8,
58    KEY_LEN                        = 96,
59    CRYPTO_PROVIDE_PLAINTEXT       = 1,
60    CRYPTO_PROVIDE_CRYPTO          = 2
61};
62
63
64#ifdef ENABLE_LTEP
65#define HANDSHAKE_HAS_LTEP( bits ) ( ( (bits)[5] & 0x10 ) ? 1 : 0 )
66#define HANDSHAKE_SET_LTEP( bits ) ( (bits)[5] |= 0x10 )
67#else
68#define HANDSHAKE_HAS_LTEP( bits ) ( 0 )
69#define HANDSHAKE_SET_LTEP( bits ) ( (void)0 )
70#endif
71
72#ifdef ENABLE_FASTPEER
73#define HANDSHAKE_HAS_FASTEXT( bits ) ( ( (bits)[7] & 0x04 ) ? 1 : 0 )
74#define HANDSHAKE_SET_FASTEXT( bits ) ( (bits)[7] |= 0x04 )
75#else
76#define HANDSHAKE_HAS_FASTEXT( bits ) ( 0 )
77#define HANDSHAKE_SET_FASTEXT( bits ) ( (void)0 )
78#endif
79
80/* http://www.azureuswiki.com/index.php/Extension_negotiation_protocol
81   these macros are to be used if both extended messaging and the
82   azureus protocol is supported, they indicate which protocol is preferred */
83#define HANDSHAKE_GET_EXTPREF( reserved )      ( (reserved)[5] & 0x03 )
84#define HANDSHAKE_SET_EXTPREF( reserved, val ) ( (reserved)[5] |= 0x03 & (val) )
85
86extern const char* getPeerId( void ) ;
87
88struct tr_handshake
89{
90    unsigned int havePeerID                   : 1;
91    unsigned int haveSentBitTorrentHandshake  : 1;
92    unsigned int allowUnencryptedPeers        : 1;
93    tr_peerIo * io;
94    tr_crypto * crypto;
95    struct tr_handle * handle;
96    uint8_t myPublicKey[KEY_LEN];
97    uint8_t mySecret[KEY_LEN];
98    uint8_t state;
99    uint16_t pad_c_len;
100    uint16_t pad_d_len;
101    uint16_t  ia_len;
102    uint32_t crypto_select;
103    uint32_t crypto_provide;
104    uint8_t myReq1[SHA_DIGEST_LENGTH];
105    uint8_t peer_id[PEER_ID_LEN];
106    handshakeDoneCB doneCB;
107    void * doneUserData;
108};
109
110/**
111***
112**/
113
114enum
115{
116    /* incoming */
117    AWAITING_HANDSHAKE,
118    AWAITING_YA,
119    AWAITING_PAD_A,
120    AWAITING_CRYPTO_PROVIDE,
121    AWAITING_PAD_C,
122    AWAITING_IA,
123
124    /* outgoing */
125    AWAITING_YB,
126    AWAITING_VC,
127    AWAITING_CRYPTO_SELECT,
128    AWAITING_PAD_D,
129};
130
131/**
132***
133**/
134
135static void
136myDebug( const char * file, int line, const tr_handshake * handshake, const char * fmt, ... )
137{
138    FILE * fp = tr_getLog( );
139    if( fp != NULL )
140    {
141        va_list args;
142        struct evbuffer * buf = evbuffer_new( );
143        char timestr[64];
144        evbuffer_add_printf( buf, "[%s] %s: ",
145                             tr_getLogTimeStr( timestr, sizeof(timestr) ),
146                             tr_peerIoGetAddrStr( handshake->io ) );
147        va_start( args, fmt );
148        evbuffer_add_vprintf( buf, fmt, args );
149        va_end( args );
150        evbuffer_add_printf( buf, " (%s:%d)\n", file, line );
151
152        fwrite( EVBUFFER_DATA(buf), 1, EVBUFFER_LENGTH(buf), fp );
153        evbuffer_free( buf );
154    }
155}
156
157#define dbgmsg(handshake, fmt...) myDebug(__FILE__, __LINE__, handshake, ##fmt )
158
159static const char* getStateName( short state )
160{
161    const char * str = "f00!";
162    switch( state ) {
163        case AWAITING_HANDSHAKE:      str = "awaiting handshake"; break;
164        case AWAITING_YA:             str = "awaiting ya"; break;
165        case AWAITING_PAD_A:          str = "awaiting pad a"; break;
166        case AWAITING_CRYPTO_PROVIDE: str = "awaiting crypto_provide"; break;
167        case AWAITING_PAD_C:          str = "awaiting pad c"; break;
168        case AWAITING_IA:             str = "awaiting ia"; break;
169        case AWAITING_YB:             str = "awaiting yb"; break;
170        case AWAITING_VC:             str = "awaiting vc"; break;
171        case AWAITING_CRYPTO_SELECT:  str = "awaiting crypto select"; break;
172        case AWAITING_PAD_D:          str = "awaiting pad d"; break;
173    }
174    return str;
175}
176
177static void
178setState( tr_handshake * handshake, short state )
179{
180    dbgmsg( handshake, "setting to state [%s]", getStateName(state) );
181    handshake->state = state;
182}
183
184static void
185setReadState( tr_handshake * handshake, int state )
186{
187    setState( handshake, state );
188}
189
190static uint8_t *
191buildHandshakeMessage( tr_handshake * handshake,
192                       int          * setme_len )
193{
194    uint8_t * buf = tr_new0( uint8_t, HANDSHAKE_SIZE );
195    uint8_t * walk = buf;
196    const uint8_t * torrentHash = tr_cryptoGetTorrentHash( handshake->crypto );
197
198    memcpy( walk, HANDSHAKE_NAME, HANDSHAKE_NAME_LEN );
199    walk += HANDSHAKE_NAME_LEN;
200    memset( walk, 0, HANDSHAKE_FLAGS_LEN );
201    HANDSHAKE_SET_LTEP( walk );
202    HANDSHAKE_SET_FASTEXT( walk );
203
204    walk += HANDSHAKE_FLAGS_LEN;
205    memcpy( walk, torrentHash, SHA_DIGEST_LENGTH );
206    walk += SHA_DIGEST_LENGTH;
207    memcpy( walk, getPeerId(), TR_ID_LEN );
208    walk += TR_ID_LEN;
209
210    assert( walk-buf == HANDSHAKE_SIZE );
211    *setme_len = walk - buf;
212    return buf;
213}
214
215static void
216tr_handshakeDone( tr_handshake * handshake, int isConnected );
217
218enum
219{
220    HANDSHAKE_OK,
221    HANDSHAKE_ENCRYPTION_WRONG,
222    HANDSHAKE_BAD_TORRENT,
223    HANDSHAKE_PEER_IS_SELF,
224};
225
226static int
227parseHandshake( tr_handshake     * handshake,
228                struct evbuffer  * inbuf )
229{
230    uint8_t name[HANDSHAKE_NAME_LEN];
231    uint8_t reserved[HANDSHAKE_FLAGS_LEN];
232    uint8_t hash[SHA_DIGEST_LENGTH];
233
234    dbgmsg( handshake, "payload: need %d, got %d", (int)HANDSHAKE_SIZE, (int)EVBUFFER_LENGTH(inbuf) );
235
236    if( EVBUFFER_LENGTH(inbuf) < HANDSHAKE_SIZE )
237        return READ_MORE;
238
239    /* confirm the protocol */
240    tr_peerIoReadBytes( handshake->io, inbuf, name, HANDSHAKE_NAME_LEN );
241    if( memcmp( name, HANDSHAKE_NAME, HANDSHAKE_NAME_LEN ) )
242        return HANDSHAKE_ENCRYPTION_WRONG;
243
244    /* read the reserved bytes */
245    tr_peerIoReadBytes( handshake->io, inbuf, reserved, HANDSHAKE_FLAGS_LEN );
246
247    /* torrent hash */
248    tr_peerIoReadBytes( handshake->io, inbuf, hash, sizeof(hash) );
249    assert( tr_torrentExists( handshake->handle, hash ) );
250    assert( tr_peerIoHasTorrentHash( handshake->io ) );
251    if( memcmp( hash, tr_peerIoGetTorrentHash(handshake->io), SHA_DIGEST_LENGTH ) ) {
252        dbgmsg( handshake, "peer returned the wrong hash. wtf?" );
253        return HANDSHAKE_BAD_TORRENT;
254    }
255
256    /* peer_id */
257    tr_peerIoReadBytes( handshake->io, inbuf, handshake->peer_id, sizeof(handshake->peer_id) );
258    tr_peerIoSetPeersId( handshake->io, handshake->peer_id );
259
260    /* peer id */
261    handshake->havePeerID = TRUE;
262    dbgmsg( handshake, "peer-id is [%*.*s]", PEER_ID_LEN, PEER_ID_LEN, handshake->peer_id );
263    if( !memcmp( handshake->peer_id, getPeerId(), PEER_ID_LEN ) ) {
264        dbgmsg( handshake, "streuth!  we've connected to ourselves." );
265        return HANDSHAKE_PEER_IS_SELF;
266    }
267
268    /**
269    *** Extensions
270    **/
271
272    if( HANDSHAKE_HAS_LTEP( reserved ) )
273    {
274        tr_peerIoEnableLTEP( handshake->io, 1 );
275        dbgmsg(handshake,"using ltep" );
276    }
277
278    if( HANDSHAKE_HAS_FASTEXT( reserved ) )
279    {
280        tr_peerIoEnableFEXT( handshake->io, 1 );
281        dbgmsg(handshake,"using fext" );
282    }
283       
284    return HANDSHAKE_OK;
285}
286
287/***
288****
289****  OUTGOING CONNECTIONS
290****
291***/
292
293/* 1 A->B: Diffie Hellman Ya, PadA */
294static void
295sendYa( tr_handshake * handshake )
296{
297    int i;
298    int len;
299    const uint8_t * public_key;
300    struct evbuffer * outbuf = evbuffer_new( );
301    uint8_t pad_a[PadA_MAXLEN];
302
303    /* add our public key (Ya) */
304    public_key = tr_cryptoGetMyPublicKey( handshake->crypto, &len );
305    assert( len == KEY_LEN );
306    assert( public_key != NULL );
307    evbuffer_add( outbuf, public_key, len );
308
309    /* add some bullshit padding */
310    len = tr_rand( PadA_MAXLEN );
311    for( i=0; i<len; ++i )
312        pad_a[i] = tr_rand( UCHAR_MAX );
313    evbuffer_add( outbuf, pad_a, len );
314
315    /* send it */
316    setReadState( handshake, AWAITING_YB );
317    tr_peerIoWriteBuf( handshake->io, outbuf );
318
319    /* cleanup */
320    evbuffer_free( outbuf );
321}
322
323static uint32_t
324getCryptoProvide( const tr_handshake * handshake UNUSED )
325{
326    uint32_t i = 0;
327
328    i |= CRYPTO_PROVIDE_CRYPTO; /* always allow crypto */
329
330#if 0
331    /* by the time we send a crypto_provide, we _know_
332     * the peer supports encryption. */
333    if( handshake->allowUnencryptedPeers )
334        i |= CRYPTO_PROVIDE_PLAINTEXT;
335#endif
336
337   return i;
338}
339
340static int
341readYb( tr_handshake * handshake, struct evbuffer * inbuf )
342{
343    int isEncrypted;
344    const uint8_t * secret;
345    uint8_t yb[KEY_LEN];
346    struct evbuffer * outbuf;
347    size_t needlen = HANDSHAKE_NAME_LEN;
348
349    if( EVBUFFER_LENGTH(inbuf) < needlen )
350        return READ_MORE;
351
352    isEncrypted = memcmp( EVBUFFER_DATA(inbuf), HANDSHAKE_NAME, HANDSHAKE_NAME_LEN );
353    if( isEncrypted ) {
354        needlen = KEY_LEN;
355        if( EVBUFFER_LENGTH(inbuf) < needlen )
356            return READ_MORE;
357    }
358
359    dbgmsg( handshake, "got a %s handshake", (isEncrypted ? "encrypted" : "plaintext") );
360
361    tr_peerIoSetEncryption( handshake->io, isEncrypted ? PEER_ENCRYPTION_RC4
362                                                       : PEER_ENCRYPTION_NONE );
363    if( !isEncrypted ) {
364        setState( handshake, AWAITING_HANDSHAKE );
365        return READ_AGAIN;
366    }
367
368    /* compute the secret */
369    evbuffer_remove( inbuf, yb, KEY_LEN );
370    secret = tr_cryptoComputeSecret( handshake->crypto, yb );
371    memcpy( handshake->mySecret, secret, KEY_LEN );
372
373    /* now send these: HASH('req1', S), HASH('req2', SKEY) xor HASH('req3', S),
374     * ENCRYPT(VC, crypto_provide, len(PadC), PadC, len(IA)), ENCRYPT(IA) */
375    outbuf = evbuffer_new( );
376
377    /* HASH('req1', S) */
378    {
379        uint8_t req1[SHA_DIGEST_LENGTH];
380        tr_sha1( req1, "req1", 4, secret, KEY_LEN, NULL );
381        evbuffer_add( outbuf, req1, SHA_DIGEST_LENGTH );
382    }
383
384    /* HASH('req2', SKEY) xor HASH('req3', S) */
385    {
386        int i;
387        uint8_t req2[SHA_DIGEST_LENGTH];
388        uint8_t req3[SHA_DIGEST_LENGTH];
389        uint8_t buf[SHA_DIGEST_LENGTH];
390        tr_sha1( req2, "req2", 4, tr_cryptoGetTorrentHash(handshake->crypto), SHA_DIGEST_LENGTH, NULL );
391        tr_sha1( req3, "req3", 4, secret, KEY_LEN, NULL );
392        for( i=0; i<SHA_DIGEST_LENGTH; ++i )
393            buf[i] = req2[i] ^ req3[i];
394        evbuffer_add( outbuf, buf, SHA_DIGEST_LENGTH );
395    }
396     
397    /* ENCRYPT(VC, crypto_provide, len(PadC), PadC
398     * PadC is reserved for future extensions to the handshake...
399     * standard practice at this time is for it to be zero-length */
400    {
401        uint8_t vc[VC_LENGTH] = { 0, 0, 0, 0, 0, 0, 0, 0 };
402
403        tr_cryptoEncryptInit( handshake->crypto );
404        tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_RC4 );
405     
406        tr_peerIoWriteBytes( handshake->io, outbuf, vc, VC_LENGTH ); 
407        tr_peerIoWriteUint32( handshake->io, outbuf, getCryptoProvide( handshake ) );
408        tr_peerIoWriteUint16( handshake->io, outbuf, 0 );
409    }
410
411    /* ENCRYPT len(IA)), ENCRYPT(IA) */
412    {
413        int msglen;
414        uint8_t * msg = buildHandshakeMessage( handshake, &msglen );
415
416        tr_peerIoWriteUint16( handshake->io, outbuf, msglen );
417        tr_peerIoWriteBytes( handshake->io, outbuf, msg, msglen );
418
419        handshake->haveSentBitTorrentHandshake = 1;
420        tr_free( msg );
421    }
422
423    /* send it */
424    tr_cryptoDecryptInit( handshake->crypto );
425    setReadState( handshake, AWAITING_VC );
426    tr_peerIoWriteBuf( handshake->io, outbuf );
427
428    /* cleanup */
429    evbuffer_free( outbuf );
430    return READ_DONE;
431}
432
433static int
434readVC( tr_handshake * handshake, struct evbuffer * inbuf )
435{
436    const uint8_t key[VC_LENGTH] = { 0, 0, 0, 0, 0, 0, 0, 0 };
437    const int key_len = VC_LENGTH;
438    uint8_t tmp[VC_LENGTH];
439
440    /* note: this works w/o having to `unwind' the buffer if
441     * we read too much, but it is pretty brute-force.
442     * it would be nice to make this cleaner. */
443    for( ;; )
444    {
445        if( EVBUFFER_LENGTH(inbuf) < VC_LENGTH ) {
446            dbgmsg( handshake, "not enough bytes... returning read_more" );
447            return READ_MORE;
448        }
449
450        memcpy( tmp, EVBUFFER_DATA(inbuf), key_len );
451        tr_cryptoDecryptInit( handshake->crypto );
452        tr_cryptoDecrypt( handshake->crypto, key_len, tmp, tmp );
453        if( !memcmp( tmp, key, key_len ) )
454            break;
455
456        evbuffer_drain( inbuf, 1 );
457    }
458
459    dbgmsg( handshake, "got it!" );
460    evbuffer_drain( inbuf, key_len );
461    setState( handshake, AWAITING_CRYPTO_SELECT );
462    return READ_AGAIN;
463}
464
465static int
466readCryptoSelect( tr_handshake * handshake, struct evbuffer * inbuf )
467{
468    uint32_t crypto_select;
469    uint16_t pad_d_len;
470    const size_t needlen = sizeof(uint32_t) + sizeof(uint16_t);
471
472    if( EVBUFFER_LENGTH(inbuf) < needlen )
473        return READ_MORE;
474
475    tr_peerIoReadUint32( handshake->io, inbuf, &crypto_select );
476    handshake->crypto_select = crypto_select;
477    dbgmsg( handshake, "crypto select is %d", (int)crypto_select );
478    if( ! ( crypto_select & getCryptoProvide( handshake ) ) )
479    {
480        dbgmsg( handshake, "peer selected an encryption option we didn't provide" );
481        tr_handshakeDone( handshake, FALSE );
482        return READ_DONE;
483    }
484
485    tr_peerIoReadUint16( handshake->io, inbuf, &pad_d_len );
486    dbgmsg( handshake, "pad_d_len is %d", (int)pad_d_len );
487    assert( pad_d_len <= 512 );
488    handshake->pad_d_len = pad_d_len;
489
490    setState( handshake, AWAITING_PAD_D );
491    return READ_AGAIN;
492}
493
494static int
495readPadD( tr_handshake * handshake, struct evbuffer * inbuf )
496{
497    const size_t needlen = handshake->pad_d_len;
498    uint8_t * tmp;
499
500    dbgmsg( handshake, "pad d: need %d, got %d", (int)needlen, (int)EVBUFFER_LENGTH(inbuf) );
501    if( EVBUFFER_LENGTH(inbuf) < needlen )
502        return READ_MORE;
503
504    tmp = tr_new( uint8_t, needlen );
505    tr_peerIoReadBytes( handshake->io, inbuf, tmp, needlen );
506    tr_free( tmp );
507
508    tr_peerIoSetEncryption( handshake->io,
509                            handshake->crypto_select );
510
511    setState( handshake, AWAITING_HANDSHAKE );
512    return READ_AGAIN;
513}
514
515/***
516****
517****  INCOMING CONNECTIONS
518****
519***/
520
521static int
522readHandshake( tr_handshake * handshake, struct evbuffer * inbuf )
523{
524    uint8_t pstrlen;
525    uint8_t * pstr;
526    uint8_t reserved[HANDSHAKE_FLAGS_LEN];
527    uint8_t hash[SHA_DIGEST_LENGTH];
528    char * client;
529
530/* FIXME: use  readHandshake here */
531
532    dbgmsg( handshake, "payload: need %d, got %d", (int)HANDSHAKE_SIZE, (int)EVBUFFER_LENGTH(inbuf) );
533
534    if( EVBUFFER_LENGTH(inbuf) < HANDSHAKE_SIZE )
535        return READ_MORE;
536
537    pstrlen = EVBUFFER_DATA(inbuf)[0]; /* peek, don't read.  We may be
538                                          handing inbuf to AWAITING_YA */
539
540    if( pstrlen == 19 ) /* unencrypted */
541    {
542        tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_NONE );
543
544        if( !handshake->allowUnencryptedPeers )
545        {
546            dbgmsg( handshake, "peer is unencrypted, and we're disallowing that" );
547            tr_handshakeDone( handshake, FALSE );
548            return READ_DONE;
549        }
550    }
551    else /* encrypted or corrupt */
552    {
553        tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_RC4 );
554
555        if( tr_peerIoIsIncoming( handshake->io ) )
556        {
557            dbgmsg( handshake, "I think peer is sending us an encrypted handshake..." );
558            setState( handshake, AWAITING_YA );
559            return READ_AGAIN;
560        }
561        tr_cryptoDecrypt( handshake->crypto, 1, &pstrlen, &pstrlen );
562
563        if( pstrlen != 19 )
564        {
565            dbgmsg( handshake, "I think peer has sent us a corrupt handshake..." );
566            tr_handshakeDone( handshake, FALSE );
567            return READ_DONE;
568        }
569    }
570
571    evbuffer_drain( inbuf, 1 );
572
573    /* pstr (BitTorrent) */
574    pstr = tr_new( uint8_t, pstrlen+1 );
575    tr_peerIoReadBytes( handshake->io, inbuf, pstr, pstrlen );
576    pstr[pstrlen] = '\0';
577    if( strcmp( (char*)pstr, "BitTorrent protocol" ) ) {
578        tr_free( pstr );
579        tr_handshakeDone( handshake, FALSE );
580        return READ_DONE;
581    }
582    tr_free( pstr );
583
584    /* reserved bytes */
585    tr_peerIoReadBytes( handshake->io, inbuf, reserved, sizeof(reserved) );
586
587    /* torrent hash */
588    tr_peerIoReadBytes( handshake->io, inbuf, hash, sizeof(hash) );
589    if( tr_peerIoIsIncoming( handshake->io ) )
590    {
591        if( !tr_torrentExists( handshake->handle, hash ) )
592        {
593            dbgmsg( handshake, "peer is trying to connect to us for a torrent we don't have." );
594            tr_handshakeDone( handshake, FALSE );
595            return READ_DONE;
596        }
597        else
598        {
599            assert( !tr_peerIoHasTorrentHash( handshake->io ) );
600            tr_peerIoSetTorrentHash( handshake->io, hash );
601        }
602    }
603    else /* outgoing */
604    {
605        assert( tr_peerIoHasTorrentHash( handshake->io ) );
606        if( memcmp( hash, tr_peerIoGetTorrentHash(handshake->io), SHA_DIGEST_LENGTH ) )
607        {
608            dbgmsg( handshake, "peer returned the wrong hash. wtf?" );
609            tr_handshakeDone( handshake, FALSE );
610            return READ_DONE;
611        }
612    }
613
614    /* peer id */
615    tr_peerIoReadBytes( handshake->io, inbuf, handshake->peer_id, sizeof(handshake->peer_id) );
616    tr_peerIoSetPeersId( handshake->io, handshake->peer_id );
617    handshake->havePeerID = TRUE;
618    client = tr_clientForId( handshake->peer_id );
619    dbgmsg( handshake, "peer-id is [%s]", client );
620    tr_free( client );
621    if( !memcmp( handshake->peer_id, getPeerId(), PEER_ID_LEN ) ) {
622        dbgmsg( handshake, "streuth!  we've connected to ourselves." );
623        tr_handshakeDone( handshake, FALSE );
624        return READ_DONE;
625    }
626
627    /**
628    *** Extension negotiation
629    **/
630
631    if( HANDSHAKE_HAS_LTEP( reserved ) )
632    {
633        tr_peerIoEnableLTEP( handshake->io, 1 );
634        dbgmsg( handshake,"using ltep" );
635    }
636    if( HANDSHAKE_HAS_FASTEXT( reserved ) )
637    {
638        tr_peerIoEnableFEXT( handshake->io, 1 );
639        dbgmsg( handshake,"using fext" );
640    }
641   
642    /**
643    ***  If this is an incoming message, then we need to send a response handshake
644    **/
645
646    if( !handshake->haveSentBitTorrentHandshake )
647    {
648        int msgSize;
649        uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
650        tr_peerIoWrite( handshake->io, msg, msgSize );
651        tr_free( msg );
652        handshake->haveSentBitTorrentHandshake = 1;
653    }
654
655    /* we've completed the BT handshake... pass the work on to peer-msgs */
656    tr_handshakeDone( handshake, TRUE );
657    return READ_DONE;
658}
659
660static int
661readYa( tr_handshake * handshake, struct evbuffer  * inbuf )
662{
663    uint8_t ya[KEY_LEN];
664    uint8_t *walk, outbuf[KEY_LEN + PadB_MAXLEN];
665    const uint8_t *myKey, *secret;
666    int len;
667
668dbgmsg( handshake, "in readYa... need %d, have %d", (int)KEY_LEN, (int)EVBUFFER_LENGTH( inbuf ) );
669    if( EVBUFFER_LENGTH( inbuf ) < KEY_LEN )
670        return READ_MORE;
671
672    /* read the incoming peer's public key */
673    evbuffer_remove( inbuf, ya, KEY_LEN );
674    secret = tr_cryptoComputeSecret( handshake->crypto, ya );
675    memcpy( handshake->mySecret, secret, KEY_LEN );
676    tr_sha1( handshake->myReq1, "req1", 4, secret, KEY_LEN, NULL );
677
678dbgmsg( handshake, "sending B->A: Diffie Hellman Yb, PadB" );
679    /* send our public key to the peer */
680    walk = outbuf;
681    myKey = tr_cryptoGetMyPublicKey( handshake->crypto, &len );
682    memcpy( walk, myKey, len );
683    walk += len;
684    len = tr_rand( PadB_MAXLEN );
685    while( len-- )
686        *walk++ = tr_rand( UCHAR_MAX );
687
688    setReadState( handshake, AWAITING_PAD_A );
689    tr_peerIoWrite( handshake->io, outbuf, walk-outbuf );
690    return READ_AGAIN;
691}
692
693static int
694readPadA( tr_handshake * handshake, struct evbuffer * inbuf )
695{
696    uint8_t * pch;
697
698dbgmsg( handshake, "looking to get past pad a... & resync on hash('req',S) ... have %d bytes", (int)EVBUFFER_LENGTH(inbuf) );
699    /**
700    *** Resynchronizing on HASH('req1',S)
701    **/
702
703    pch = memchr( EVBUFFER_DATA(inbuf),
704                  handshake->myReq1[0],
705                  EVBUFFER_LENGTH(inbuf) );
706    if( pch == NULL ) {
707        dbgmsg( handshake, "no luck so far.. draining %d bytes", (int)EVBUFFER_LENGTH(inbuf) );
708        evbuffer_drain( inbuf, EVBUFFER_LENGTH(inbuf) );
709        return READ_MORE;
710    }
711    dbgmsg( handshake, "looking for hash('req',S) ... draining %d bytes", (int)(pch-EVBUFFER_DATA(inbuf)) );
712    evbuffer_drain( inbuf, pch-EVBUFFER_DATA(inbuf) );
713    if( EVBUFFER_LENGTH(inbuf) < SHA_DIGEST_LENGTH )
714        return READ_MORE;
715    if( memcmp( EVBUFFER_DATA(inbuf), handshake->myReq1, SHA_DIGEST_LENGTH ) ) {
716        dbgmsg( handshake, "draining one more byte" );
717        evbuffer_drain( inbuf, 1 );
718        return READ_AGAIN;
719    }
720
721dbgmsg( handshake, "found it... looking setting to awaiting_crypto_provide" );
722    setState( handshake, AWAITING_CRYPTO_PROVIDE );
723    return READ_AGAIN;
724}
725
726static int
727readCryptoProvide( tr_handshake * handshake, struct evbuffer * inbuf )
728{
729    /* HASH('req2', SKEY) xor HASH('req3', S), ENCRYPT(VC, crypto_provide, len(PadC)) */
730
731    int i;
732    uint8_t vc_in[VC_LENGTH];
733    uint8_t req2[SHA_DIGEST_LENGTH];
734    uint8_t req3[SHA_DIGEST_LENGTH];
735    uint8_t obfuscatedTorrentHash[SHA_DIGEST_LENGTH];
736    uint16_t padc_len = 0;
737    uint32_t crypto_provide = 0;
738    const size_t needlen = SHA_DIGEST_LENGTH /* HASH('req1',s) */
739                         + SHA_DIGEST_LENGTH /* HASH('req2', SKEY) xor HASH('req3', S) */
740                         + VC_LENGTH
741                         + sizeof(crypto_provide)
742                         + sizeof(padc_len);
743    tr_torrent * tor = NULL;
744
745    if( EVBUFFER_LENGTH(inbuf) < needlen )
746        return READ_MORE;
747
748    /* TODO: confirm they sent HASH('req1',S) here? */
749    evbuffer_drain( inbuf, SHA_DIGEST_LENGTH );
750
751    /* This next piece is HASH('req2', SKEY) xor HASH('req3', S) ...
752     * we can get the first half of that (the obufscatedTorrentHash)
753     * by building the latter and xor'ing it with what the peer sent us */
754    dbgmsg( handshake, "reading obfuscated torrent hash...\n" );
755    evbuffer_remove( inbuf, req2, SHA_DIGEST_LENGTH );
756    tr_sha1( req3, "req3", 4, handshake->mySecret, KEY_LEN, NULL );
757    for( i=0; i<SHA_DIGEST_LENGTH; ++i )
758        obfuscatedTorrentHash[i] = req2[i] ^ req3[i];
759    tor = tr_torrentFindFromObfuscatedHash( handshake->handle, obfuscatedTorrentHash );
760    if( tor != NULL ) {
761        dbgmsg( handshake, "found the torrent; it's [%s]\n", tor->info.name );
762        tr_peerIoSetTorrentHash( handshake->io, tor->info.hash );
763    } else {
764        dbgmsg( handshake, "can't find that torrent..." );
765        tr_handshakeDone( handshake, FALSE );
766        return READ_DONE;
767    }
768
769    /* next part: ENCRYPT(VC, crypto_provide, len(PadC), */
770
771    tr_cryptoDecryptInit( handshake->crypto );
772
773    tr_peerIoReadBytes( handshake->io, inbuf, vc_in, VC_LENGTH );
774
775    tr_peerIoReadUint32( handshake->io, inbuf, &crypto_provide );
776    handshake->crypto_provide = crypto_provide;
777    dbgmsg( handshake, "crypto_provide is %d\n", (int)crypto_provide );
778
779    tr_peerIoReadUint16( handshake->io, inbuf, &padc_len );
780    dbgmsg( handshake, "padc is %d\n", (int)padc_len );
781    handshake->pad_c_len = padc_len;
782    setState( handshake, AWAITING_PAD_C );
783    return READ_AGAIN;
784}
785
786static int
787readPadC( tr_handshake * handshake, struct evbuffer * inbuf )
788{
789    uint16_t ia_len;
790    const size_t needlen = handshake->pad_c_len + sizeof(uint16_t);
791
792    if( EVBUFFER_LENGTH(inbuf) < needlen )
793        return READ_MORE;
794
795    evbuffer_drain( inbuf, handshake->pad_c_len );
796
797    tr_peerIoReadUint16( handshake->io, inbuf, &ia_len );
798    dbgmsg( handshake, "ia_len is %d", (int)ia_len );
799    handshake->ia_len = ia_len;
800    setState( handshake, AWAITING_IA );
801    return READ_AGAIN;
802}
803
804static int
805readIA( tr_handshake * handshake, struct evbuffer * inbuf )
806{
807    int i;
808    const size_t needlen = handshake->ia_len;
809    struct evbuffer * outbuf = evbuffer_new( );
810    uint32_t crypto_select;
811
812dbgmsg( handshake, "reading IA... have %d, need %d", (int)EVBUFFER_LENGTH(inbuf), (int)needlen );
813    if( EVBUFFER_LENGTH(inbuf) < needlen )
814        return READ_MORE;
815
816dbgmsg( handshake, "reading IA..." );
817    /* parse the handshake ... */
818    i = parseHandshake( handshake, inbuf );
819dbgmsg( handshake, "parseHandshake returned %d", i );
820    if( i != HANDSHAKE_OK ) {
821        tr_handshakeDone( handshake, FALSE );
822        return READ_DONE;
823    }
824
825    /**
826    ***  B->A: ENCRYPT(VC, crypto_select, len(padD), padD), ENCRYPT2(Payload Stream)
827    **/
828
829    tr_cryptoEncryptInit( handshake->crypto );
830
831dbgmsg( handshake, "sending vc" );
832    /* send VC */
833    {
834        uint8_t vc[VC_LENGTH];
835        memset( vc, 0, VC_LENGTH );
836        tr_peerIoWriteBytes( handshake->io, outbuf, vc, VC_LENGTH );
837    }
838
839dbgmsg( handshake, "sending crypto_select" );
840    /* send crypto_select */
841    {
842dbgmsg( handshake, "handshake->crypto_provide is %d", (int)handshake->crypto_provide );
843        if( handshake->crypto_provide & CRYPTO_PROVIDE_CRYPTO )
844            crypto_select = CRYPTO_PROVIDE_CRYPTO;
845        else if( handshake->allowUnencryptedPeers )
846            crypto_select = CRYPTO_PROVIDE_PLAINTEXT;
847        else {
848dbgmsg( handshake, "gronk..." );
849            evbuffer_free( outbuf );
850            tr_handshakeDone( handshake, FALSE );
851            return READ_DONE;
852        }
853
854dbgmsg( handshake, "we select crypto_select as %d...", (int)crypto_select );
855        tr_peerIoWriteUint32( handshake->io, outbuf, crypto_select );
856    }
857
858dbgmsg( handshake, "sending pad d" );
859    /* ENCRYPT(VC, crypto_provide, len(PadC), PadC
860     * PadD is reserved for future extensions to the handshake...
861     * standard practice at this time is for it to be zero-length */
862    {
863        const int len = 0;
864        tr_peerIoWriteUint16( handshake->io, outbuf, len );
865    }
866
867    /* maybe de-encrypt our connection */
868    if( crypto_select == CRYPTO_PROVIDE_PLAINTEXT )
869        tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_NONE );
870
871dbgmsg( handshake, "sending handshake" );
872    /* send our handshake */
873    {
874        int msgSize;
875        uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
876        tr_peerIoWriteBytes( handshake->io, outbuf, msg, msgSize );
877        handshake->haveSentBitTorrentHandshake = 1;
878        tr_free( msg );
879    }
880
881    /* send it out */
882    tr_peerIoWriteBuf( handshake->io, outbuf );
883    evbuffer_free( outbuf );
884
885    /* we've completed the BT handshake... pass the work on to peer-msgs */
886    tr_handshakeDone( handshake, TRUE );
887    return READ_DONE;
888}
889
890/***
891****
892****
893****
894***/
895
896static ReadState
897canRead( struct bufferevent * evin, void * arg )
898{
899    tr_handshake * handshake = (tr_handshake *) arg;
900    struct evbuffer * inbuf = EVBUFFER_INPUT ( evin );
901    ReadState ret;
902    dbgmsg( handshake, "handling canRead; state is [%s]", getStateName(handshake->state) );
903
904    switch( handshake->state )
905    {
906        case AWAITING_HANDSHAKE:       ret = readHandshake    ( handshake, inbuf ); break;
907        case AWAITING_YA:              ret = readYa           ( handshake, inbuf ); break;
908        case AWAITING_PAD_A:           ret = readPadA         ( handshake, inbuf ); break;
909        case AWAITING_CRYPTO_PROVIDE:  ret = readCryptoProvide( handshake, inbuf ); break;
910        case AWAITING_PAD_C:           ret = readPadC         ( handshake, inbuf ); break;
911        case AWAITING_IA:              ret = readIA           ( handshake, inbuf ); break;
912
913        case AWAITING_YB:              ret = readYb           ( handshake, inbuf ); break;
914        case AWAITING_VC:              ret = readVC           ( handshake, inbuf ); break;
915        case AWAITING_CRYPTO_SELECT:   ret = readCryptoSelect ( handshake, inbuf ); break;
916        case AWAITING_PAD_D:           ret = readPadD         ( handshake, inbuf ); break;
917
918        default: assert( 0 );
919    }
920
921    return ret;
922}
923
924static void
925fireDoneFunc( tr_handshake * handshake, int isConnected )
926{
927    const uint8_t * peer_id = isConnected && handshake->havePeerID
928        ? handshake->peer_id
929        : NULL;
930    (*handshake->doneCB)( handshake,
931                          handshake->io,
932                          isConnected,
933                          peer_id,
934                          handshake->doneUserData );
935}
936
937void
938tr_handshakeDone( tr_handshake * handshake, int isOK )
939{
940    dbgmsg( handshake, "handshakeDone: %s", isOK ? "connected" : "aborting" );
941    tr_peerIoSetIOFuncs( handshake->io, NULL, NULL, NULL, NULL );
942
943    fireDoneFunc( handshake, isOK );
944
945    tr_free( handshake );
946}
947
948void
949tr_handshakeAbort( tr_handshake * handshake )
950{
951    tr_handshakeDone( handshake, FALSE );
952}
953
954static void
955gotError( struct bufferevent * evbuf UNUSED, short what, void * arg )
956{
957    tr_handshake * handshake = (tr_handshake *) arg;
958
959    /* if the error happened while we were sending a public key, we might
960     * have encountered a peer that doesn't do encryption... reconnect and
961     * try a plaintext handshake */
962    if(    ( ( handshake->state == AWAITING_YB ) || ( handshake->state == AWAITING_VC ) )
963        && ( handshake->allowUnencryptedPeers )
964        && ( !tr_peerIoReconnect( handshake->io ) ) )
965    {
966        dbgmsg( handshake, "handshake failed, trying plaintext..." );
967        int msgSize; 
968        uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
969        setReadState( handshake, AWAITING_HANDSHAKE );
970        tr_peerIoWrite( handshake->io, msg, msgSize );
971        tr_free( msg );
972    }
973    else
974    {
975        dbgmsg( handshake, "libevent got an error what==%d, errno=%d (%s)",
976                (int)what, errno, strerror(errno) );
977        tr_handshakeDone( handshake, FALSE );
978    }
979}
980
981/**
982***
983**/
984
985tr_handshake*
986tr_handshakeNew( tr_peerIo           * io,
987                 tr_encryption_mode    encryption_mode,
988                 handshakeDoneCB       doneCB,
989                 void                * doneUserData )
990{
991    tr_handshake * handshake;
992
993    handshake = tr_new0( tr_handshake, 1 );
994    handshake->io = io;
995    handshake->crypto = tr_peerIoGetCrypto( io );
996    handshake->allowUnencryptedPeers = encryption_mode!=TR_ENCRYPTION_REQUIRED;
997    handshake->doneCB = doneCB;
998    handshake->doneUserData = doneUserData;
999    handshake->handle = tr_peerIoGetHandle( io );
1000   
1001    tr_peerIoSetIOMode( handshake->io, EV_READ|EV_WRITE, 0 );
1002    tr_peerIoSetIOFuncs( handshake->io, canRead, NULL, gotError, handshake );
1003
1004    if( tr_peerIoIsIncoming( handshake->io ) )
1005        setReadState( handshake, AWAITING_HANDSHAKE );
1006    else
1007        sendYa( handshake );
1008
1009    return handshake;
1010}
1011
1012const struct in_addr *
1013tr_handshakeGetAddr( const struct tr_handshake * handshake, uint16_t * port )
1014{
1015    assert( handshake != NULL );
1016    assert( handshake->io != NULL );
1017
1018    return tr_peerIoGetAddress( handshake->io, port );
1019}
Note: See TracBrowser for help on using the repository browser.