Context Navigation

source: trunk/libtransmission/handshake.c @ 3450

Visit:

Last change on this file since 3450 was 3450, checked in by charles, 15 years ago
remove stubs for Azureus extension negotiation
Property svn:keywords set to `Date Rev Author Id`
File size: 31.0 KB

Line
1	/*
2	* This file Copyright (C) 2007 Charles Kerr <charles@rebelbase.com>
3	*
4	* This file is licensed by the GPL version 2. Works owned by the
5	* Transmission project are granted a special exemption to clause 2(b)
6	* so that the bulk of its code can remain under the MIT license.
7	* This exemption does not extend to derived works not owned by
8	* the Transmission project.
9	*
10	* $Id: handshake.c 3450 2007-10-17 18:53:17Z charles $
11	*/
12
13	#include <assert.h>
14	#include <errno.h>
15	#include <inttypes.h>
16	#include <limits.h> /* UCHAR_MAX */
17	#include <string.h>
18	#include <stdio.h>
19
20	#include <sys/types.h> /* event.h needs this */
21	#include <event.h>
22
23	#include "clients.h"
24	#include "transmission.h"
25	#include "bencode.h"
26	#include "crypto.h"
27	#include "handshake.h"
28	#include "peer-io.h"
29	#include "trevent.h"
30	#include "utils.h"
31
32	/* enable LibTransmission extension protocol */
33	#define ENABLE_LTEP */
34
35	/* enable fast peers extension protocol */
36	/* #define ENABLE_FASTPEER */
37
38	/***
39	****
40	***/
41
42	#define HANDSHAKE_NAME "\023BitTorrent protocol"
43
44	enum
45	{
46	/* BitTorrent Handshake Constants */
47	HANDSHAKE_NAME_LEN = 20,
48	HANDSHAKE_FLAGS_LEN = 8,
49	HANDSHAKE_SIZE = 68,
50	PEER_ID_LEN = 20,
51
52	/* Encryption Constants */
53	PadA_MAXLEN = 512,
54	PadB_MAXLEN = 512,
55	PadC_MAXLEN = 512,
56	PadD_MAXLEN = 512,
57	VC_LENGTH = 8,
58	KEY_LEN = 96,
59	CRYPTO_PROVIDE_PLAINTEXT = 1,
60	CRYPTO_PROVIDE_CRYPTO = 2
61	};
62
63
64	#ifdef ENABLE_LTEP
65	#define HANDSHAKE_HAS_LTEP( bits ) ( ( (bits)[5] & 0x10 ) ? 1 : 0 )
66	#define HANDSHAKE_SET_LTEP( bits ) ( (bits)[5] \|= 0x10 )
67	#else
68	#define HANDSHAKE_HAS_LTEP( bits ) ( 0 )
69	#define HANDSHAKE_SET_LTEP( bits ) ( (void)0 )
70	#endif
71
72	#ifdef ENABLE_FASTPEER
73	#define HANDSHAKE_HAS_FASTEXT( bits ) ( ( (bits)[7] & 0x04 ) ? 1 : 0 )
74	#define HANDSHAKE_SET_FASTEXT( bits ) ( (bits)[7] \|= 0x04 )
75	#else
76	#define HANDSHAKE_HAS_FASTEXT( bits ) ( 0 )
77	#define HANDSHAKE_SET_FASTEXT( bits ) ( (void)0 )
78	#endif
79
80	/* http://www.azureuswiki.com/index.php/Extension_negotiation_protocol
81	these macros are to be used if both extended messaging and the
82	azureus protocol is supported, they indicate which protocol is preferred */
83	#define HANDSHAKE_GET_EXTPREF( reserved ) ( (reserved)[5] & 0x03 )
84	#define HANDSHAKE_SET_EXTPREF( reserved, val ) ( (reserved)[5] \|= 0x03 & (val) )
85
86	extern const char* getPeerId( void ) ;
87
88	struct tr_handshake
89	{
90	unsigned int havePeerID : 1;
91	unsigned int haveSentBitTorrentHandshake : 1;
92	unsigned int allowUnencryptedPeers : 1;
93	tr_peerIo * io;
94	tr_crypto * crypto;
95	struct tr_handle * handle;
96	uint8_t myPublicKey[KEY_LEN];
97	uint8_t mySecret[KEY_LEN];
98	uint8_t state;
99	uint16_t pad_c_len;
100	uint16_t pad_d_len;
101	uint16_t ia_len;
102	uint32_t crypto_select;
103	uint32_t crypto_provide;
104	uint8_t myReq1[SHA_DIGEST_LENGTH];
105	uint8_t peer_id[PEER_ID_LEN];
106	handshakeDoneCB doneCB;
107	void * doneUserData;
108	};
109
110	/**
111	***
112	**/
113
114	enum
115	{
116	/* incoming */
117	AWAITING_HANDSHAKE,
118	AWAITING_YA,
119	AWAITING_PAD_A,
120	AWAITING_CRYPTO_PROVIDE,
121	AWAITING_PAD_C,
122	AWAITING_IA,
123
124	/* outgoing */
125	AWAITING_YB,
126	AWAITING_VC,
127	AWAITING_CRYPTO_SELECT,
128	AWAITING_PAD_D,
129	};
130
131	/**
132	***
133	**/
134
135	static void
136	myDebug( const char * file, int line, const tr_handshake * handshake, const char * fmt, ... )
137	{
138	FILE * fp = tr_getLog( );
139	if( fp != NULL )
140	{
141	va_list args;
142	struct evbuffer * buf = evbuffer_new( );
143	char timestr[64];
144	evbuffer_add_printf( buf, "[%s] %s: ",
145	tr_getLogTimeStr( timestr, sizeof(timestr) ),
146	tr_peerIoGetAddrStr( handshake->io ) );
147	va_start( args, fmt );
148	evbuffer_add_vprintf( buf, fmt, args );
149	va_end( args );
150	evbuffer_add_printf( buf, " (%s:%d)\n", file, line );
151
152	fwrite( EVBUFFER_DATA(buf), 1, EVBUFFER_LENGTH(buf), fp );
153	evbuffer_free( buf );
154	}
155	}
156
157	#define dbgmsg(handshake, fmt...) myDebug(__FILE__, __LINE__, handshake, ##fmt )
158
159	static const char* getStateName( short state )
160	{
161	const char * str = "f00!";
162	switch( state ) {
163	case AWAITING_HANDSHAKE: str = "awaiting handshake"; break;
164	case AWAITING_YA: str = "awaiting ya"; break;
165	case AWAITING_PAD_A: str = "awaiting pad a"; break;
166	case AWAITING_CRYPTO_PROVIDE: str = "awaiting crypto_provide"; break;
167	case AWAITING_PAD_C: str = "awaiting pad c"; break;
168	case AWAITING_IA: str = "awaiting ia"; break;
169	case AWAITING_YB: str = "awaiting yb"; break;
170	case AWAITING_VC: str = "awaiting vc"; break;
171	case AWAITING_CRYPTO_SELECT: str = "awaiting crypto select"; break;
172	case AWAITING_PAD_D: str = "awaiting pad d"; break;
173	}
174	return str;
175	}
176
177	static void
178	setState( tr_handshake * handshake, short state )
179	{
180	dbgmsg( handshake, "setting to state [%s]", getStateName(state) );
181	handshake->state = state;
182	}
183
184	static void
185	setReadState( tr_handshake * handshake, int state )
186	{
187	setState( handshake, state );
188	}
189
190	static uint8_t *
191	buildHandshakeMessage( tr_handshake * handshake,
192	int * setme_len )
193	{
194	uint8_t * buf = tr_new0( uint8_t, HANDSHAKE_SIZE );
195	uint8_t * walk = buf;
196	const uint8_t * torrentHash = tr_cryptoGetTorrentHash( handshake->crypto );
197
198	memcpy( walk, HANDSHAKE_NAME, HANDSHAKE_NAME_LEN );
199	walk += HANDSHAKE_NAME_LEN;
200	memset( walk, 0, HANDSHAKE_FLAGS_LEN );
201	HANDSHAKE_SET_LTEP( walk );
202	HANDSHAKE_SET_FASTEXT( walk );
203
204	walk += HANDSHAKE_FLAGS_LEN;
205	memcpy( walk, torrentHash, SHA_DIGEST_LENGTH );
206	walk += SHA_DIGEST_LENGTH;
207	memcpy( walk, getPeerId(), TR_ID_LEN );
208	walk += TR_ID_LEN;
209
210	assert( walk-buf == HANDSHAKE_SIZE );
211	*setme_len = walk - buf;
212	return buf;
213	}
214
215	static void
216	tr_handshakeDone( tr_handshake * handshake, int isConnected );
217
218	enum
219	{
220	HANDSHAKE_OK,
221	HANDSHAKE_ENCRYPTION_WRONG,
222	HANDSHAKE_BAD_TORRENT,
223	HANDSHAKE_PEER_IS_SELF,
224	};
225
226	static int
227	parseHandshake( tr_handshake * handshake,
228	struct evbuffer * inbuf )
229	{
230	uint8_t name[HANDSHAKE_NAME_LEN];
231	uint8_t reserved[HANDSHAKE_FLAGS_LEN];
232	uint8_t hash[SHA_DIGEST_LENGTH];
233
234	dbgmsg( handshake, "payload: need %d, got %d", (int)HANDSHAKE_SIZE, (int)EVBUFFER_LENGTH(inbuf) );
235
236	if( EVBUFFER_LENGTH(inbuf) < HANDSHAKE_SIZE )
237	return READ_MORE;
238
239	/* confirm the protocol */
240	tr_peerIoReadBytes( handshake->io, inbuf, name, HANDSHAKE_NAME_LEN );
241	if( memcmp( name, HANDSHAKE_NAME, HANDSHAKE_NAME_LEN ) )
242	return HANDSHAKE_ENCRYPTION_WRONG;
243
244	/* read the reserved bytes */
245	tr_peerIoReadBytes( handshake->io, inbuf, reserved, HANDSHAKE_FLAGS_LEN );
246
247	/* torrent hash */
248	tr_peerIoReadBytes( handshake->io, inbuf, hash, sizeof(hash) );
249	assert( tr_torrentExists( handshake->handle, hash ) );
250	assert( tr_peerIoHasTorrentHash( handshake->io ) );
251	if( memcmp( hash, tr_peerIoGetTorrentHash(handshake->io), SHA_DIGEST_LENGTH ) ) {
252	dbgmsg( handshake, "peer returned the wrong hash. wtf?" );
253	return HANDSHAKE_BAD_TORRENT;
254	}
255
256	/* peer_id */
257	tr_peerIoReadBytes( handshake->io, inbuf, handshake->peer_id, sizeof(handshake->peer_id) );
258	tr_peerIoSetPeersId( handshake->io, handshake->peer_id );
259
260	/* peer id */
261	handshake->havePeerID = TRUE;
262	dbgmsg( handshake, "peer-id is [%.s]", PEER_ID_LEN, PEER_ID_LEN, handshake->peer_id );
263	if( !memcmp( handshake->peer_id, getPeerId(), PEER_ID_LEN ) ) {
264	dbgmsg( handshake, "streuth! we've connected to ourselves." );
265	return HANDSHAKE_PEER_IS_SELF;
266	}
267
268	/**
269	*** Extensions
270	**/
271
272	if( HANDSHAKE_HAS_LTEP( reserved ) )
273	{
274	tr_peerIoEnableLTEP( handshake->io, 1 );
275	dbgmsg(handshake,"using ltep" );
276	}
277
278	if( HANDSHAKE_HAS_FASTEXT( reserved ) )
279	{
280	tr_peerIoEnableFEXT( handshake->io, 1 );
281	dbgmsg(handshake,"using fext" );
282	}
283
284	return HANDSHAKE_OK;
285	}
286
287	/***
288	****
289	**** OUTGOING CONNECTIONS
290	****
291	***/
292
293	/* 1 A->B: Diffie Hellman Ya, PadA */
294	static void
295	sendYa( tr_handshake * handshake )
296	{
297	int i;
298	int len;
299	const uint8_t * public_key;
300	struct evbuffer * outbuf = evbuffer_new( );
301	uint8_t pad_a[PadA_MAXLEN];
302
303	/* add our public key (Ya) */
304	public_key = tr_cryptoGetMyPublicKey( handshake->crypto, &len );
305	assert( len == KEY_LEN );
306	assert( public_key != NULL );
307	evbuffer_add( outbuf, public_key, len );
308
309	/* add some bullshit padding */
310	len = tr_rand( PadA_MAXLEN );
311	for( i=0; i<len; ++i )
312	pad_a[i] = tr_rand( UCHAR_MAX );
313	evbuffer_add( outbuf, pad_a, len );
314
315	/* send it */
316	setReadState( handshake, AWAITING_YB );
317	tr_peerIoWriteBuf( handshake->io, outbuf );
318
319	/* cleanup */
320	evbuffer_free( outbuf );
321	}
322
323	static uint32_t
324	getCryptoProvide( const tr_handshake * handshake UNUSED )
325	{
326	uint32_t i = 0;
327
328	i \|= CRYPTO_PROVIDE_CRYPTO; /* always allow crypto */
329
330	#if 0
331	/* by the time we send a crypto_provide, we _know_
332	* the peer supports encryption. */
333	if( handshake->allowUnencryptedPeers )
334	i \|= CRYPTO_PROVIDE_PLAINTEXT;
335	#endif
336
337	return i;
338	}
339
340	static int
341	readYb( tr_handshake * handshake, struct evbuffer * inbuf )
342	{
343	int isEncrypted;
344	const uint8_t * secret;
345	uint8_t yb[KEY_LEN];
346	struct evbuffer * outbuf;
347	size_t needlen = HANDSHAKE_NAME_LEN;
348
349	if( EVBUFFER_LENGTH(inbuf) < needlen )
350	return READ_MORE;
351
352	isEncrypted = memcmp( EVBUFFER_DATA(inbuf), HANDSHAKE_NAME, HANDSHAKE_NAME_LEN );
353	if( isEncrypted ) {
354	needlen = KEY_LEN;
355	if( EVBUFFER_LENGTH(inbuf) < needlen )
356	return READ_MORE;
357	}
358
359	dbgmsg( handshake, "got a %s handshake", (isEncrypted ? "encrypted" : "plaintext") );
360
361	tr_peerIoSetEncryption( handshake->io, isEncrypted ? PEER_ENCRYPTION_RC4
362	: PEER_ENCRYPTION_NONE );
363	if( !isEncrypted ) {
364	setState( handshake, AWAITING_HANDSHAKE );
365	return READ_AGAIN;
366	}
367
368	/* compute the secret */
369	evbuffer_remove( inbuf, yb, KEY_LEN );
370	secret = tr_cryptoComputeSecret( handshake->crypto, yb );
371	memcpy( handshake->mySecret, secret, KEY_LEN );
372
373	/* now send these: HASH('req1', S), HASH('req2', SKEY) xor HASH('req3', S),
374	* ENCRYPT(VC, crypto_provide, len(PadC), PadC, len(IA)), ENCRYPT(IA) */
375	outbuf = evbuffer_new( );
376
377	/* HASH('req1', S) */
378	{
379	uint8_t req1[SHA_DIGEST_LENGTH];
380	tr_sha1( req1, "req1", 4, secret, KEY_LEN, NULL );
381	evbuffer_add( outbuf, req1, SHA_DIGEST_LENGTH );
382	}
383
384	/* HASH('req2', SKEY) xor HASH('req3', S) */
385	{
386	int i;
387	uint8_t req2[SHA_DIGEST_LENGTH];
388	uint8_t req3[SHA_DIGEST_LENGTH];
389	uint8_t buf[SHA_DIGEST_LENGTH];
390	tr_sha1( req2, "req2", 4, tr_cryptoGetTorrentHash(handshake->crypto), SHA_DIGEST_LENGTH, NULL );
391	tr_sha1( req3, "req3", 4, secret, KEY_LEN, NULL );
392	for( i=0; i<SHA_DIGEST_LENGTH; ++i )
393	buf[i] = req2[i] ^ req3[i];
394	evbuffer_add( outbuf, buf, SHA_DIGEST_LENGTH );
395	}
396
397	/* ENCRYPT(VC, crypto_provide, len(PadC), PadC
398	* PadC is reserved for future extensions to the handshake...
399	* standard practice at this time is for it to be zero-length */
400	{
401	uint8_t vc[VC_LENGTH] = { 0, 0, 0, 0, 0, 0, 0, 0 };
402
403	tr_cryptoEncryptInit( handshake->crypto );
404	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_RC4 );
405
406	tr_peerIoWriteBytes( handshake->io, outbuf, vc, VC_LENGTH );
407	tr_peerIoWriteUint32( handshake->io, outbuf, getCryptoProvide( handshake ) );
408	tr_peerIoWriteUint16( handshake->io, outbuf, 0 );
409	}
410
411	/* ENCRYPT len(IA)), ENCRYPT(IA) */
412	{
413	int msglen;
414	uint8_t * msg = buildHandshakeMessage( handshake, &msglen );
415
416	tr_peerIoWriteUint16( handshake->io, outbuf, msglen );
417	tr_peerIoWriteBytes( handshake->io, outbuf, msg, msglen );
418
419	handshake->haveSentBitTorrentHandshake = 1;
420	tr_free( msg );
421	}
422
423	/* send it */
424	tr_cryptoDecryptInit( handshake->crypto );
425	setReadState( handshake, AWAITING_VC );
426	tr_peerIoWriteBuf( handshake->io, outbuf );
427
428	/* cleanup */
429	evbuffer_free( outbuf );
430	return READ_DONE;
431	}
432
433	static int
434	readVC( tr_handshake * handshake, struct evbuffer * inbuf )
435	{
436	const uint8_t key[VC_LENGTH] = { 0, 0, 0, 0, 0, 0, 0, 0 };
437	const int key_len = VC_LENGTH;
438	uint8_t tmp[VC_LENGTH];
439
440	/* note: this works w/o having to `unwind' the buffer if
441	* we read too much, but it is pretty brute-force.
442	* it would be nice to make this cleaner. */
443	for( ;; )
444	{
445	if( EVBUFFER_LENGTH(inbuf) < VC_LENGTH ) {
446	dbgmsg( handshake, "not enough bytes... returning read_more" );
447	return READ_MORE;
448	}
449
450	memcpy( tmp, EVBUFFER_DATA(inbuf), key_len );
451	tr_cryptoDecryptInit( handshake->crypto );
452	tr_cryptoDecrypt( handshake->crypto, key_len, tmp, tmp );
453	if( !memcmp( tmp, key, key_len ) )
454	break;
455
456	evbuffer_drain( inbuf, 1 );
457	}
458
459	dbgmsg( handshake, "got it!" );
460	evbuffer_drain( inbuf, key_len );
461	setState( handshake, AWAITING_CRYPTO_SELECT );
462	return READ_AGAIN;
463	}
464
465	static int
466	readCryptoSelect( tr_handshake * handshake, struct evbuffer * inbuf )
467	{
468	uint32_t crypto_select;
469	uint16_t pad_d_len;
470	const size_t needlen = sizeof(uint32_t) + sizeof(uint16_t);
471
472	if( EVBUFFER_LENGTH(inbuf) < needlen )
473	return READ_MORE;
474
475	tr_peerIoReadUint32( handshake->io, inbuf, &crypto_select );
476	handshake->crypto_select = crypto_select;
477	dbgmsg( handshake, "crypto select is %d", (int)crypto_select );
478	if( ! ( crypto_select & getCryptoProvide( handshake ) ) )
479	{
480	dbgmsg( handshake, "peer selected an encryption option we didn't provide" );
481	tr_handshakeDone( handshake, FALSE );
482	return READ_DONE;
483	}
484
485	tr_peerIoReadUint16( handshake->io, inbuf, &pad_d_len );
486	dbgmsg( handshake, "pad_d_len is %d", (int)pad_d_len );
487	assert( pad_d_len <= 512 );
488	handshake->pad_d_len = pad_d_len;
489
490	setState( handshake, AWAITING_PAD_D );
491	return READ_AGAIN;
492	}
493
494	static int
495	readPadD( tr_handshake * handshake, struct evbuffer * inbuf )
496	{
497	const size_t needlen = handshake->pad_d_len;
498	uint8_t * tmp;
499
500	dbgmsg( handshake, "pad d: need %d, got %d", (int)needlen, (int)EVBUFFER_LENGTH(inbuf) );
501	if( EVBUFFER_LENGTH(inbuf) < needlen )
502	return READ_MORE;
503
504	tmp = tr_new( uint8_t, needlen );
505	tr_peerIoReadBytes( handshake->io, inbuf, tmp, needlen );
506	tr_free( tmp );
507
508	tr_peerIoSetEncryption( handshake->io,
509	handshake->crypto_select );
510
511	setState( handshake, AWAITING_HANDSHAKE );
512	return READ_AGAIN;
513	}
514
515	/***
516	****
517	**** INCOMING CONNECTIONS
518	****
519	***/
520
521	static int
522	readHandshake( tr_handshake * handshake, struct evbuffer * inbuf )
523	{
524	uint8_t pstrlen;
525	uint8_t * pstr;
526	uint8_t reserved[HANDSHAKE_FLAGS_LEN];
527	uint8_t hash[SHA_DIGEST_LENGTH];
528	char * client;
529
530	/* FIXME: use readHandshake here */
531
532	dbgmsg( handshake, "payload: need %d, got %d", (int)HANDSHAKE_SIZE, (int)EVBUFFER_LENGTH(inbuf) );
533
534	if( EVBUFFER_LENGTH(inbuf) < HANDSHAKE_SIZE )
535	return READ_MORE;
536
537	pstrlen = EVBUFFER_DATA(inbuf)[0]; /* peek, don't read. We may be
538	handing inbuf to AWAITING_YA */
539
540	if( pstrlen == 19 ) /* unencrypted */
541	{
542	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_NONE );
543
544	if( !handshake->allowUnencryptedPeers )
545	{
546	dbgmsg( handshake, "peer is unencrypted, and we're disallowing that" );
547	tr_handshakeDone( handshake, FALSE );
548	return READ_DONE;
549	}
550	}
551	else /* encrypted or corrupt */
552	{
553	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_RC4 );
554
555	if( tr_peerIoIsIncoming( handshake->io ) )
556	{
557	dbgmsg( handshake, "I think peer is sending us an encrypted handshake..." );
558	setState( handshake, AWAITING_YA );
559	return READ_AGAIN;
560	}
561	tr_cryptoDecrypt( handshake->crypto, 1, &pstrlen, &pstrlen );
562
563	if( pstrlen != 19 )
564	{
565	dbgmsg( handshake, "I think peer has sent us a corrupt handshake..." );
566	tr_handshakeDone( handshake, FALSE );
567	return READ_DONE;
568	}
569	}
570
571	evbuffer_drain( inbuf, 1 );
572
573	/* pstr (BitTorrent) */
574	pstr = tr_new( uint8_t, pstrlen+1 );
575	tr_peerIoReadBytes( handshake->io, inbuf, pstr, pstrlen );
576	pstr[pstrlen] = '\0';
577	if( strcmp( (char*)pstr, "BitTorrent protocol" ) ) {
578	tr_free( pstr );
579	tr_handshakeDone( handshake, FALSE );
580	return READ_DONE;
581	}
582	tr_free( pstr );
583
584	/* reserved bytes */
585	tr_peerIoReadBytes( handshake->io, inbuf, reserved, sizeof(reserved) );
586
587	/* torrent hash */
588	tr_peerIoReadBytes( handshake->io, inbuf, hash, sizeof(hash) );
589	if( tr_peerIoIsIncoming( handshake->io ) )
590	{
591	if( !tr_torrentExists( handshake->handle, hash ) )
592	{
593	dbgmsg( handshake, "peer is trying to connect to us for a torrent we don't have." );
594	tr_handshakeDone( handshake, FALSE );
595	return READ_DONE;
596	}
597	else
598	{
599	assert( !tr_peerIoHasTorrentHash( handshake->io ) );
600	tr_peerIoSetTorrentHash( handshake->io, hash );
601	}
602	}
603	else /* outgoing */
604	{
605	assert( tr_peerIoHasTorrentHash( handshake->io ) );
606	if( memcmp( hash, tr_peerIoGetTorrentHash(handshake->io), SHA_DIGEST_LENGTH ) )
607	{
608	dbgmsg( handshake, "peer returned the wrong hash. wtf?" );
609	tr_handshakeDone( handshake, FALSE );
610	return READ_DONE;
611	}
612	}
613
614	/* peer id */
615	tr_peerIoReadBytes( handshake->io, inbuf, handshake->peer_id, sizeof(handshake->peer_id) );
616	tr_peerIoSetPeersId( handshake->io, handshake->peer_id );
617	handshake->havePeerID = TRUE;
618	client = tr_clientForId( handshake->peer_id );
619	dbgmsg( handshake, "peer-id is [%s]", client );
620	tr_free( client );
621	if( !memcmp( handshake->peer_id, getPeerId(), PEER_ID_LEN ) ) {
622	dbgmsg( handshake, "streuth! we've connected to ourselves." );
623	tr_handshakeDone( handshake, FALSE );
624	return READ_DONE;
625	}
626
627	/**
628	*** Extension negotiation
629	**/
630
631	if( HANDSHAKE_HAS_LTEP( reserved ) )
632	{
633	tr_peerIoEnableLTEP( handshake->io, 1 );
634	dbgmsg( handshake,"using ltep" );
635	}
636	if( HANDSHAKE_HAS_FASTEXT( reserved ) )
637	{
638	tr_peerIoEnableFEXT( handshake->io, 1 );
639	dbgmsg( handshake,"using fext" );
640	}
641
642	/**
643	*** If this is an incoming message, then we need to send a response handshake
644	**/
645
646	if( !handshake->haveSentBitTorrentHandshake )
647	{
648	int msgSize;
649	uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
650	tr_peerIoWrite( handshake->io, msg, msgSize );
651	tr_free( msg );
652	handshake->haveSentBitTorrentHandshake = 1;
653	}
654
655	/* we've completed the BT handshake... pass the work on to peer-msgs */
656	tr_handshakeDone( handshake, TRUE );
657	return READ_DONE;
658	}
659
660	static int
661	readYa( tr_handshake * handshake, struct evbuffer * inbuf )
662	{
663	uint8_t ya[KEY_LEN];
664	uint8_t *walk, outbuf[KEY_LEN + PadB_MAXLEN];
665	const uint8_t myKey, secret;
666	int len;
667
668	dbgmsg( handshake, "in readYa... need %d, have %d", (int)KEY_LEN, (int)EVBUFFER_LENGTH( inbuf ) );
669	if( EVBUFFER_LENGTH( inbuf ) < KEY_LEN )
670	return READ_MORE;
671
672	/* read the incoming peer's public key */
673	evbuffer_remove( inbuf, ya, KEY_LEN );
674	secret = tr_cryptoComputeSecret( handshake->crypto, ya );
675	memcpy( handshake->mySecret, secret, KEY_LEN );
676	tr_sha1( handshake->myReq1, "req1", 4, secret, KEY_LEN, NULL );
677
678	dbgmsg( handshake, "sending B->A: Diffie Hellman Yb, PadB" );
679	/* send our public key to the peer */
680	walk = outbuf;
681	myKey = tr_cryptoGetMyPublicKey( handshake->crypto, &len );
682	memcpy( walk, myKey, len );
683	walk += len;
684	len = tr_rand( PadB_MAXLEN );
685	while( len-- )
686	*walk++ = tr_rand( UCHAR_MAX );
687
688	setReadState( handshake, AWAITING_PAD_A );
689	tr_peerIoWrite( handshake->io, outbuf, walk-outbuf );
690	return READ_AGAIN;
691	}
692
693	static int
694	readPadA( tr_handshake * handshake, struct evbuffer * inbuf )
695	{
696	uint8_t * pch;
697
698	dbgmsg( handshake, "looking to get past pad a... & resync on hash('req',S) ... have %d bytes", (int)EVBUFFER_LENGTH(inbuf) );
699	/**
700	*** Resynchronizing on HASH('req1',S)
701	**/
702
703	pch = memchr( EVBUFFER_DATA(inbuf),
704	handshake->myReq1[0],
705	EVBUFFER_LENGTH(inbuf) );
706	if( pch == NULL ) {
707	dbgmsg( handshake, "no luck so far.. draining %d bytes", (int)EVBUFFER_LENGTH(inbuf) );
708	evbuffer_drain( inbuf, EVBUFFER_LENGTH(inbuf) );
709	return READ_MORE;
710	}
711	dbgmsg( handshake, "looking for hash('req',S) ... draining %d bytes", (int)(pch-EVBUFFER_DATA(inbuf)) );
712	evbuffer_drain( inbuf, pch-EVBUFFER_DATA(inbuf) );
713	if( EVBUFFER_LENGTH(inbuf) < SHA_DIGEST_LENGTH )
714	return READ_MORE;
715	if( memcmp( EVBUFFER_DATA(inbuf), handshake->myReq1, SHA_DIGEST_LENGTH ) ) {
716	dbgmsg( handshake, "draining one more byte" );
717	evbuffer_drain( inbuf, 1 );
718	return READ_AGAIN;
719	}
720
721	dbgmsg( handshake, "found it... looking setting to awaiting_crypto_provide" );
722	setState( handshake, AWAITING_CRYPTO_PROVIDE );
723	return READ_AGAIN;
724	}
725
726	static int
727	readCryptoProvide( tr_handshake * handshake, struct evbuffer * inbuf )
728	{
729	/* HASH('req2', SKEY) xor HASH('req3', S), ENCRYPT(VC, crypto_provide, len(PadC)) */
730
731	int i;
732	uint8_t vc_in[VC_LENGTH];
733	uint8_t req2[SHA_DIGEST_LENGTH];
734	uint8_t req3[SHA_DIGEST_LENGTH];
735	uint8_t obfuscatedTorrentHash[SHA_DIGEST_LENGTH];
736	uint16_t padc_len = 0;
737	uint32_t crypto_provide = 0;
738	const size_t needlen = SHA_DIGEST_LENGTH /* HASH('req1',s) */
739	+ SHA_DIGEST_LENGTH /* HASH('req2', SKEY) xor HASH('req3', S) */
740	+ VC_LENGTH
741	+ sizeof(crypto_provide)
742	+ sizeof(padc_len);
743	tr_torrent * tor = NULL;
744
745	if( EVBUFFER_LENGTH(inbuf) < needlen )
746	return READ_MORE;
747
748	/* TODO: confirm they sent HASH('req1',S) here? */
749	evbuffer_drain( inbuf, SHA_DIGEST_LENGTH );
750
751	/* This next piece is HASH('req2', SKEY) xor HASH('req3', S) ...
752	* we can get the first half of that (the obufscatedTorrentHash)
753	* by building the latter and xor'ing it with what the peer sent us */
754	dbgmsg( handshake, "reading obfuscated torrent hash...\n" );
755	evbuffer_remove( inbuf, req2, SHA_DIGEST_LENGTH );
756	tr_sha1( req3, "req3", 4, handshake->mySecret, KEY_LEN, NULL );
757	for( i=0; i<SHA_DIGEST_LENGTH; ++i )
758	obfuscatedTorrentHash[i] = req2[i] ^ req3[i];
759	tor = tr_torrentFindFromObfuscatedHash( handshake->handle, obfuscatedTorrentHash );
760	if( tor != NULL ) {
761	dbgmsg( handshake, "found the torrent; it's [%s]\n", tor->info.name );
762	tr_peerIoSetTorrentHash( handshake->io, tor->info.hash );
763	} else {
764	dbgmsg( handshake, "can't find that torrent..." );
765	tr_handshakeDone( handshake, FALSE );
766	return READ_DONE;
767	}
768
769	/* next part: ENCRYPT(VC, crypto_provide, len(PadC), */
770
771	tr_cryptoDecryptInit( handshake->crypto );
772
773	tr_peerIoReadBytes( handshake->io, inbuf, vc_in, VC_LENGTH );
774
775	tr_peerIoReadUint32( handshake->io, inbuf, &crypto_provide );
776	handshake->crypto_provide = crypto_provide;
777	dbgmsg( handshake, "crypto_provide is %d\n", (int)crypto_provide );
778
779	tr_peerIoReadUint16( handshake->io, inbuf, &padc_len );
780	dbgmsg( handshake, "padc is %d\n", (int)padc_len );
781	handshake->pad_c_len = padc_len;
782	setState( handshake, AWAITING_PAD_C );
783	return READ_AGAIN;
784	}
785
786	static int
787	readPadC( tr_handshake * handshake, struct evbuffer * inbuf )
788	{
789	uint16_t ia_len;
790	const size_t needlen = handshake->pad_c_len + sizeof(uint16_t);
791
792	if( EVBUFFER_LENGTH(inbuf) < needlen )
793	return READ_MORE;
794
795	evbuffer_drain( inbuf, handshake->pad_c_len );
796
797	tr_peerIoReadUint16( handshake->io, inbuf, &ia_len );
798	dbgmsg( handshake, "ia_len is %d", (int)ia_len );
799	handshake->ia_len = ia_len;
800	setState( handshake, AWAITING_IA );
801	return READ_AGAIN;
802	}
803
804	static int
805	readIA( tr_handshake * handshake, struct evbuffer * inbuf )
806	{
807	int i;
808	const size_t needlen = handshake->ia_len;
809	struct evbuffer * outbuf = evbuffer_new( );
810	uint32_t crypto_select;
811
812	dbgmsg( handshake, "reading IA... have %d, need %d", (int)EVBUFFER_LENGTH(inbuf), (int)needlen );
813	if( EVBUFFER_LENGTH(inbuf) < needlen )
814	return READ_MORE;
815
816	dbgmsg( handshake, "reading IA..." );
817	/* parse the handshake ... */
818	i = parseHandshake( handshake, inbuf );
819	dbgmsg( handshake, "parseHandshake returned %d", i );
820	if( i != HANDSHAKE_OK ) {
821	tr_handshakeDone( handshake, FALSE );
822	return READ_DONE;
823	}
824
825	/**
826	*** B->A: ENCRYPT(VC, crypto_select, len(padD), padD), ENCRYPT2(Payload Stream)
827	**/
828
829	tr_cryptoEncryptInit( handshake->crypto );
830
831	dbgmsg( handshake, "sending vc" );
832	/* send VC */
833	{
834	uint8_t vc[VC_LENGTH];
835	memset( vc, 0, VC_LENGTH );
836	tr_peerIoWriteBytes( handshake->io, outbuf, vc, VC_LENGTH );
837	}
838
839	dbgmsg( handshake, "sending crypto_select" );
840	/* send crypto_select */
841	{
842	dbgmsg( handshake, "handshake->crypto_provide is %d", (int)handshake->crypto_provide );
843	if( handshake->crypto_provide & CRYPTO_PROVIDE_CRYPTO )
844	crypto_select = CRYPTO_PROVIDE_CRYPTO;
845	else if( handshake->allowUnencryptedPeers )
846	crypto_select = CRYPTO_PROVIDE_PLAINTEXT;
847	else {
848	dbgmsg( handshake, "gronk..." );
849	evbuffer_free( outbuf );
850	tr_handshakeDone( handshake, FALSE );
851	return READ_DONE;
852	}
853
854	dbgmsg( handshake, "we select crypto_select as %d...", (int)crypto_select );
855	tr_peerIoWriteUint32( handshake->io, outbuf, crypto_select );
856	}
857
858	dbgmsg( handshake, "sending pad d" );
859	/* ENCRYPT(VC, crypto_provide, len(PadC), PadC
860	* PadD is reserved for future extensions to the handshake...
861	* standard practice at this time is for it to be zero-length */
862	{
863	const int len = 0;
864	tr_peerIoWriteUint16( handshake->io, outbuf, len );
865	}
866
867	/* maybe de-encrypt our connection */
868	if( crypto_select == CRYPTO_PROVIDE_PLAINTEXT )
869	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_NONE );
870
871	dbgmsg( handshake, "sending handshake" );
872	/* send our handshake */
873	{
874	int msgSize;
875	uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
876	tr_peerIoWriteBytes( handshake->io, outbuf, msg, msgSize );
877	handshake->haveSentBitTorrentHandshake = 1;
878	tr_free( msg );
879	}
880
881	/* send it out */
882	tr_peerIoWriteBuf( handshake->io, outbuf );
883	evbuffer_free( outbuf );
884
885	/* we've completed the BT handshake... pass the work on to peer-msgs */
886	tr_handshakeDone( handshake, TRUE );
887	return READ_DONE;
888	}
889
890	/***
891	****
892	****
893	****
894	***/
895
896	static ReadState
897	canRead( struct bufferevent * evin, void * arg )
898	{
899	tr_handshake * handshake = (tr_handshake *) arg;
900	struct evbuffer * inbuf = EVBUFFER_INPUT ( evin );
901	ReadState ret;
902	dbgmsg( handshake, "handling canRead; state is [%s]", getStateName(handshake->state) );
903
904	switch( handshake->state )
905	{
906	case AWAITING_HANDSHAKE: ret = readHandshake ( handshake, inbuf ); break;
907	case AWAITING_YA: ret = readYa ( handshake, inbuf ); break;
908	case AWAITING_PAD_A: ret = readPadA ( handshake, inbuf ); break;
909	case AWAITING_CRYPTO_PROVIDE: ret = readCryptoProvide( handshake, inbuf ); break;
910	case AWAITING_PAD_C: ret = readPadC ( handshake, inbuf ); break;
911	case AWAITING_IA: ret = readIA ( handshake, inbuf ); break;
912
913	case AWAITING_YB: ret = readYb ( handshake, inbuf ); break;
914	case AWAITING_VC: ret = readVC ( handshake, inbuf ); break;
915	case AWAITING_CRYPTO_SELECT: ret = readCryptoSelect ( handshake, inbuf ); break;
916	case AWAITING_PAD_D: ret = readPadD ( handshake, inbuf ); break;
917
918	default: assert( 0 );
919	}
920
921	return ret;
922	}
923
924	static void
925	fireDoneFunc( tr_handshake * handshake, int isConnected )
926	{
927	const uint8_t * peer_id = isConnected && handshake->havePeerID
928	? handshake->peer_id
929	: NULL;
930	(*handshake->doneCB)( handshake,
931	handshake->io,
932	isConnected,
933	peer_id,
934	handshake->doneUserData );
935	}
936
937	void
938	tr_handshakeDone( tr_handshake * handshake, int isOK )
939	{
940	dbgmsg( handshake, "handshakeDone: %s", isOK ? "connected" : "aborting" );
941	tr_peerIoSetIOFuncs( handshake->io, NULL, NULL, NULL, NULL );
942
943	fireDoneFunc( handshake, isOK );
944
945	tr_free( handshake );
946	}
947
948	void
949	tr_handshakeAbort( tr_handshake * handshake )
950	{
951	tr_handshakeDone( handshake, FALSE );
952	}
953
954	static void
955	gotError( struct bufferevent * evbuf UNUSED, short what, void * arg )
956	{
957	tr_handshake * handshake = (tr_handshake *) arg;
958
959	/* if the error happened while we were sending a public key, we might
960	* have encountered a peer that doesn't do encryption... reconnect and
961	* try a plaintext handshake */
962	if( ( ( handshake->state == AWAITING_YB ) \|\| ( handshake->state == AWAITING_VC ) )
963	&& ( handshake->allowUnencryptedPeers )
964	&& ( !tr_peerIoReconnect( handshake->io ) ) )
965	{
966	dbgmsg( handshake, "handshake failed, trying plaintext..." );
967	int msgSize;
968	uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
969	setReadState( handshake, AWAITING_HANDSHAKE );
970	tr_peerIoWrite( handshake->io, msg, msgSize );
971	tr_free( msg );
972	}
973	else
974	{
975	dbgmsg( handshake, "libevent got an error what==%d, errno=%d (%s)",
976	(int)what, errno, strerror(errno) );
977	tr_handshakeDone( handshake, FALSE );
978	}
979	}
980
981	/**
982	***
983	**/
984
985	tr_handshake*
986	tr_handshakeNew( tr_peerIo * io,
987	tr_encryption_mode encryption_mode,
988	handshakeDoneCB doneCB,
989	void * doneUserData )
990	{
991	tr_handshake * handshake;
992
993	handshake = tr_new0( tr_handshake, 1 );
994	handshake->io = io;
995	handshake->crypto = tr_peerIoGetCrypto( io );
996	handshake->allowUnencryptedPeers = encryption_mode!=TR_ENCRYPTION_REQUIRED;
997	handshake->doneCB = doneCB;
998	handshake->doneUserData = doneUserData;
999	handshake->handle = tr_peerIoGetHandle( io );
1000
1001	tr_peerIoSetIOMode( handshake->io, EV_READ\|EV_WRITE, 0 );
1002	tr_peerIoSetIOFuncs( handshake->io, canRead, NULL, gotError, handshake );
1003
1004	if( tr_peerIoIsIncoming( handshake->io ) )
1005	setReadState( handshake, AWAITING_HANDSHAKE );
1006	else
1007	sendYa( handshake );
1008
1009	return handshake;
1010	}
1011
1012	const struct in_addr *
1013	tr_handshakeGetAddr( const struct tr_handshake * handshake, uint16_t * port )
1014	{
1015	assert( handshake != NULL );
1016	assert( handshake->io != NULL );
1017
1018	return tr_peerIoGetAddress( handshake->io, port );
1019	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: