Context Navigation

source: trunk/libtransmission/handshake.c @ 7623

Visit:

Last change on this file since 7623 was 7623, checked in by charles, 12 years ago
(trunk libT) two bugfixes in one: (1) fix leaking tr_handshake objects reported by BentMyWookie? (2) fix yet another permutation of the tr_isBandwidth() assertion failure -- maybe the last one? -- reported by Waldorf
Property svn:keywords set to `Date Rev Author Id`
File size: 36.1 KB

Line
1	/*
2	* This file Copyright (C) 2007-2008 Charles Kerr <charles@transmissionbt.com>
3	*
4	* This file is licensed by the GPL version 2. Works owned by the
5	* Transmission project are granted a special exemption to clause 2(b)
6	* so that the bulk of its code can remain under the MIT license.
7	* This exemption does not extend to derived works not owned by
8	* the Transmission project.
9	*
10	* $Id: handshake.c 7623 2009-01-06 00:24:44Z charles $
11	*/
12
13	#include <assert.h>
14	#include <errno.h>
15	#include <inttypes.h>
16	#include <limits.h> /* UCHAR_MAX */
17	#include <string.h>
18	#include <stdio.h>
19
20	#include <event.h>
21
22	#include "transmission.h"
23	#include "session.h"
24	#include "bencode.h"
25	#include "clients.h"
26	#include "crypto.h"
27	#include "handshake.h"
28	#include "peer-io.h"
29	#include "peer-mgr.h"
30	#include "torrent.h"
31	#include "trevent.h"
32	#include "utils.h"
33
34	/* enable LibTransmission extension protocol */
35	#define ENABLE_LTEP * /
36	/* fast extensions */
37	#define ENABLE_FAST * /
38
39	/***
40	****
41	***/
42
43	#define HANDSHAKE_NAME "\023BitTorrent protocol"
44
45	enum
46	{
47	/* BitTorrent Handshake Constants */
48	HANDSHAKE_NAME_LEN = 20,
49	HANDSHAKE_FLAGS_LEN = 8,
50	HANDSHAKE_SIZE = 68,
51	PEER_ID_LEN = 20,
52	INCOMING_HANDSHAKE_LEN = 48,
53
54	/* Encryption Constants */
55	PadA_MAXLEN = 512,
56	PadB_MAXLEN = 512,
57	PadC_MAXLEN = 512,
58	PadD_MAXLEN = 512,
59	VC_LENGTH = 8,
60	KEY_LEN = 96,
61	CRYPTO_PROVIDE_PLAINTEXT = 1,
62	CRYPTO_PROVIDE_CRYPTO = 2
63	};
64
65
66	#ifdef ENABLE_LTEP
67	#define HANDSHAKE_HAS_LTEP( bits ) ( ( ( bits )[5] & 0x10 ) ? 1 : 0 )
68	#define HANDSHAKE_SET_LTEP( bits ) ( ( bits )[5] \|= 0x10 )
69	#else
70	#define HANDSHAKE_HAS_LTEP( bits ) ( 0 )
71	#define HANDSHAKE_SET_LTEP( bits ) ( (void)0 )
72	#endif
73
74	#ifdef ENABLE_FAST
75	#define HANDSHAKE_HAS_FASTEXT( bits ) ( ( ( bits )[7] & 0x04 ) ? 1 : 0 )
76	#define HANDSHAKE_SET_FASTEXT( bits ) ( ( bits )[7] \|= 0x04 )
77	#else
78	#define HANDSHAKE_HAS_FASTEXT( bits ) ( 0 )
79	#define HANDSHAKE_SET_FASTEXT( bits ) ( (void)0 )
80	#endif
81
82	/* http://www.azureuswiki.com/index.php/Extension_negotiation_protocol
83	these macros are to be used if both extended messaging and the
84	azureus protocol is supported, they indicate which protocol is preferred */
85	#define HANDSHAKE_GET_EXTPREF( reserved ) ( ( reserved )[5] & 0x03 )
86	#define HANDSHAKE_SET_EXTPREF( reserved, val ) ( ( reserved )[5] \|= 0x03 &\
87	( val ) )
88
89	struct tr_handshake
90	{
91	tr_bool havePeerID;
92	tr_bool haveSentBitTorrentHandshake;
93	tr_peerIo * io;
94	tr_crypto * crypto;
95	tr_session * session;
96	uint8_t myPublicKey[KEY_LEN];
97	uint8_t mySecret[KEY_LEN];
98	uint8_t state;
99	tr_encryption_mode encryptionMode;
100	uint16_t pad_c_len;
101	uint16_t pad_d_len;
102	uint16_t ia_len;
103	uint32_t crypto_select;
104	uint32_t crypto_provide;
105	uint8_t myReq1[SHA_DIGEST_LENGTH];
106	uint8_t peer_id[PEER_ID_LEN];
107	handshakeDoneCB doneCB;
108	void * doneUserData;
109	};
110
111	/**
112	***
113	**/
114
115	enum
116	{
117	/* incoming */
118	AWAITING_HANDSHAKE,
119	AWAITING_PEER_ID,
120	AWAITING_YA,
121	AWAITING_PAD_A,
122	AWAITING_CRYPTO_PROVIDE,
123	AWAITING_PAD_C,
124	AWAITING_IA,
125	AWAITING_PAYLOAD_STREAM,
126
127	/* outgoing */
128	AWAITING_YB,
129	AWAITING_VC,
130	AWAITING_CRYPTO_SELECT,
131	AWAITING_PAD_D,
132	};
133
134	/**
135	***
136	**/
137
138	#define dbgmsg( handshake, ... ) \
139	do { \
140	if( tr_deepLoggingIsActive( ) ) \
141	tr_deepLog( __FILE__, __LINE__, tr_peerIoGetAddrStr( handshake->io ), __VA_ARGS__ ); \
142	} while( 0 )
143
144	static const char*
145	getStateName( short state )
146	{
147	const char * str = "f00!";
148
149	switch( state )
150	{
151	case AWAITING_HANDSHAKE:
152	str = "awaiting handshake"; break;
153
154	case AWAITING_PEER_ID:
155	str = "awaiting peer id"; break;
156
157	case AWAITING_YA:
158	str = "awaiting ya"; break;
159
160	case AWAITING_PAD_A:
161	str = "awaiting pad a"; break;
162
163	case AWAITING_CRYPTO_PROVIDE:
164	str = "awaiting crypto_provide"; break;
165
166	case AWAITING_PAD_C:
167	str = "awaiting pad c"; break;
168
169	case AWAITING_IA:
170	str = "awaiting ia"; break;
171
172	case AWAITING_YB:
173	str = "awaiting yb"; break;
174
175	case AWAITING_VC:
176	str = "awaiting vc"; break;
177
178	case AWAITING_CRYPTO_SELECT:
179	str = "awaiting crypto select"; break;
180
181	case AWAITING_PAD_D:
182	str = "awaiting pad d"; break;
183	}
184	return str;
185	}
186
187	static void
188	setState( tr_handshake * handshake,
189	short state )
190	{
191	dbgmsg( handshake, "setting to state [%s]", getStateName( state ) );
192	handshake->state = state;
193	}
194
195	static void
196	setReadState( tr_handshake * handshake,
197	int state )
198	{
199	setState( handshake, state );
200	}
201
202	static uint8_t *
203	buildHandshakeMessage( tr_handshake * handshake,
204	int * setme_len )
205	{
206	uint8_t * buf = tr_new0( uint8_t, HANDSHAKE_SIZE );
207	uint8_t * walk = buf;
208	const uint8_t * torrentHash = tr_cryptoGetTorrentHash( handshake->crypto );
209	const tr_torrent * tor = tr_torrentFindFromHash( handshake->session, torrentHash );
210	const uint8_t * peer_id = tor && tor->peer_id ? tor->peer_id : tr_getPeerId( );
211
212	memcpy( walk, HANDSHAKE_NAME, HANDSHAKE_NAME_LEN );
213	walk += HANDSHAKE_NAME_LEN;
214	memset( walk, 0, HANDSHAKE_FLAGS_LEN );
215	HANDSHAKE_SET_LTEP( walk );
216	HANDSHAKE_SET_FASTEXT( walk );
217
218	walk += HANDSHAKE_FLAGS_LEN;
219	memcpy( walk, torrentHash, SHA_DIGEST_LENGTH );
220	walk += SHA_DIGEST_LENGTH;
221	memcpy( walk, peer_id, PEER_ID_LEN );
222	walk += PEER_ID_LEN;
223
224	assert( strlen( ( const char* )peer_id ) == PEER_ID_LEN );
225	assert( walk - buf == HANDSHAKE_SIZE );
226	*setme_len = walk - buf;
227	return buf;
228	}
229
230	static int tr_handshakeDone( tr_handshake * handshake,
231	int isConnected );
232
233	enum
234	{
235	HANDSHAKE_OK,
236	HANDSHAKE_ENCRYPTION_WRONG,
237	HANDSHAKE_BAD_TORRENT,
238	HANDSHAKE_PEER_IS_SELF,
239	};
240
241	static int
242	parseHandshake( tr_handshake * handshake,
243	struct evbuffer * inbuf )
244	{
245	uint8_t name[HANDSHAKE_NAME_LEN];
246	uint8_t reserved[HANDSHAKE_FLAGS_LEN];
247	uint8_t hash[SHA_DIGEST_LENGTH];
248	const tr_torrent * tor;
249	const uint8_t * peer_id;
250
251	dbgmsg( handshake, "payload: need %d, got %zu",
252	(int)HANDSHAKE_SIZE, EVBUFFER_LENGTH( inbuf ) );
253
254	if( EVBUFFER_LENGTH( inbuf ) < HANDSHAKE_SIZE )
255	return READ_LATER;
256
257	/* confirm the protocol */
258	tr_peerIoReadBytes( handshake->io, inbuf, name, HANDSHAKE_NAME_LEN );
259	if( memcmp( name, HANDSHAKE_NAME, HANDSHAKE_NAME_LEN ) )
260	return HANDSHAKE_ENCRYPTION_WRONG;
261
262	/* read the reserved bytes */
263	tr_peerIoReadBytes( handshake->io, inbuf, reserved, HANDSHAKE_FLAGS_LEN );
264
265	/* torrent hash */
266	tr_peerIoReadBytes( handshake->io, inbuf, hash, sizeof( hash ) );
267	assert( tr_peerIoHasTorrentHash( handshake->io ) );
268	if( !tr_torrentExists( handshake->session, hash )
269	\|\| memcmp( hash, tr_peerIoGetTorrentHash( handshake->io ),
270	SHA_DIGEST_LENGTH ) )
271	{
272	dbgmsg( handshake, "peer returned the wrong hash. wtf?" );
273	return HANDSHAKE_BAD_TORRENT;
274	}
275
276	/* peer_id */
277	tr_peerIoReadBytes( handshake->io, inbuf, handshake->peer_id,
278	sizeof( handshake->peer_id ) );
279	tr_peerIoSetPeersId( handshake->io, handshake->peer_id );
280
281	/* peer id */
282	handshake->havePeerID = TRUE;
283	dbgmsg( handshake, "peer-id is [%.s]", PEER_ID_LEN, PEER_ID_LEN,
284	handshake->peer_id );
285
286	tor = tr_torrentFindFromHash( handshake->session, hash );
287	peer_id = tor && tor->peer_id ? tor->peer_id : tr_getPeerId( );
288	if( !memcmp( handshake->peer_id, peer_id, PEER_ID_LEN ) )
289	{
290	dbgmsg( handshake, "streuth! we've connected to ourselves." );
291	return HANDSHAKE_PEER_IS_SELF;
292	}
293
294	/**
295	*** Extensions
296	**/
297
298	tr_peerIoEnableLTEP( handshake->io, HANDSHAKE_HAS_LTEP( reserved ) );
299
300	tr_peerIoEnableFEXT( handshake->io, HANDSHAKE_HAS_FASTEXT( reserved ) );
301
302	return HANDSHAKE_OK;
303	}
304
305	/***
306	****
307	**** OUTGOING CONNECTIONS
308	****
309	***/
310
311	/* 1 A->B: Diffie Hellman Ya, PadA */
312	static void
313	sendYa( tr_handshake * handshake )
314	{
315	int len;
316	const uint8_t * public_key;
317	struct evbuffer * outbuf = tr_getBuffer( );
318	uint8_t pad_a[PadA_MAXLEN];
319
320	/* add our public key (Ya) */
321	public_key = tr_cryptoGetMyPublicKey( handshake->crypto, &len );
322	assert( len == KEY_LEN );
323	assert( public_key );
324	evbuffer_add( outbuf, public_key, len );
325
326	/* add some bullshit padding */
327	len = tr_cryptoRandInt( PadA_MAXLEN );
328	tr_cryptoRandBuf( pad_a, len );
329	evbuffer_add( outbuf, pad_a, len );
330
331	/* send it */
332	setReadState( handshake, AWAITING_YB );
333	tr_peerIoWriteBuf( handshake->io, outbuf, FALSE );
334
335	/* cleanup */
336	tr_releaseBuffer( outbuf );
337	}
338
339	static uint32_t
340	getCryptoProvide( const tr_handshake * handshake )
341	{
342	uint32_t provide = 0;
343
344	switch( handshake->encryptionMode )
345	{
346	case TR_ENCRYPTION_REQUIRED:
347	case TR_ENCRYPTION_PREFERRED:
348	provide \|= CRYPTO_PROVIDE_CRYPTO;
349	break;
350
351	case TR_CLEAR_PREFERRED:
352	provide \|= CRYPTO_PROVIDE_CRYPTO \| CRYPTO_PROVIDE_PLAINTEXT;
353	break;
354	}
355
356	return provide;
357	}
358
359	static uint32_t
360	getCryptoSelect( const tr_handshake * handshake,
361	uint32_t crypto_provide )
362	{
363	uint32_t choices[4];
364	int i, nChoices = 0;
365
366	switch( handshake->encryptionMode )
367	{
368	case TR_ENCRYPTION_REQUIRED:
369	choices[nChoices++] = CRYPTO_PROVIDE_CRYPTO;
370	break;
371
372	case TR_ENCRYPTION_PREFERRED:
373	choices[nChoices++] = CRYPTO_PROVIDE_CRYPTO;
374	choices[nChoices++] = CRYPTO_PROVIDE_PLAINTEXT;
375	break;
376
377	case TR_CLEAR_PREFERRED:
378	choices[nChoices++] = CRYPTO_PROVIDE_PLAINTEXT;
379	choices[nChoices++] = CRYPTO_PROVIDE_CRYPTO;
380	break;
381	}
382
383	for( i = 0; i < nChoices; ++i )
384	if( crypto_provide & choices[i] )
385	return choices[i];
386
387	return 0;
388	}
389
390	static int
391	readYb( tr_handshake * handshake,
392	struct evbuffer * inbuf )
393	{
394	int isEncrypted;
395	const uint8_t * secret;
396	uint8_t yb[KEY_LEN];
397	struct evbuffer * outbuf;
398	size_t needlen = HANDSHAKE_NAME_LEN;
399
400	if( EVBUFFER_LENGTH( inbuf ) < needlen )
401	return READ_LATER;
402
403	isEncrypted = memcmp( EVBUFFER_DATA( inbuf ), HANDSHAKE_NAME, HANDSHAKE_NAME_LEN );
404	if( isEncrypted )
405	{
406	needlen = KEY_LEN;
407	if( EVBUFFER_LENGTH( inbuf ) < needlen )
408	return READ_LATER;
409	}
410
411	dbgmsg( handshake, "got a %s handshake",
412	( isEncrypted ? "encrypted" : "plaintext" ) );
413
414	tr_peerIoSetEncryption( handshake->io, isEncrypted ? PEER_ENCRYPTION_RC4
415	: PEER_ENCRYPTION_NONE );
416	if( !isEncrypted )
417	{
418	setState( handshake, AWAITING_HANDSHAKE );
419	return READ_NOW;
420	}
421
422	/* compute the secret */
423	evbuffer_remove( inbuf, yb, KEY_LEN );
424	secret = tr_cryptoComputeSecret( handshake->crypto, yb );
425	memcpy( handshake->mySecret, secret, KEY_LEN );
426
427	/* now send these: HASH('req1', S), HASH('req2', SKEY) xor HASH('req3', S),
428	* ENCRYPT(VC, crypto_provide, len(PadC), PadC, len(IA)), ENCRYPT(IA) */
429	outbuf = tr_getBuffer( );
430
431	/* HASH('req1', S) */
432	{
433	uint8_t req1[SHA_DIGEST_LENGTH];
434	tr_sha1( req1, "req1", 4, secret, KEY_LEN, NULL );
435	evbuffer_add( outbuf, req1, SHA_DIGEST_LENGTH );
436	}
437
438	/* HASH('req2', SKEY) xor HASH('req3', S) */
439	{
440	int i;
441	uint8_t req2[SHA_DIGEST_LENGTH];
442	uint8_t req3[SHA_DIGEST_LENGTH];
443	uint8_t buf[SHA_DIGEST_LENGTH];
444	tr_sha1( req2, "req2", 4,
445	tr_cryptoGetTorrentHash( handshake->crypto ),
446	SHA_DIGEST_LENGTH, NULL );
447	tr_sha1( req3, "req3", 4, secret, KEY_LEN, NULL );
448	for( i = 0; i < SHA_DIGEST_LENGTH; ++i )
449	buf[i] = req2[i] ^ req3[i];
450	evbuffer_add( outbuf, buf, SHA_DIGEST_LENGTH );
451	}
452
453	/* ENCRYPT(VC, crypto_provide, len(PadC), PadC
454	* PadC is reserved for future extensions to the handshake...
455	* standard practice at this time is for it to be zero-length */
456	{
457	uint8_t vc[VC_LENGTH] = { 0, 0, 0, 0, 0, 0, 0, 0 };
458
459	tr_cryptoEncryptInit( handshake->crypto );
460	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_RC4 );
461
462	tr_peerIoWriteBytes( handshake->io, outbuf, vc, VC_LENGTH );
463	tr_peerIoWriteUint32( handshake->io, outbuf,
464	getCryptoProvide( handshake ) );
465	tr_peerIoWriteUint16( handshake->io, outbuf, 0 );
466	}
467
468	/* ENCRYPT len(IA)), ENCRYPT(IA) */
469	{
470	int msglen;
471	uint8_t * msg = buildHandshakeMessage( handshake, &msglen );
472
473	tr_peerIoWriteUint16( handshake->io, outbuf, msglen );
474	tr_peerIoWriteBytes( handshake->io, outbuf, msg, msglen );
475
476	handshake->haveSentBitTorrentHandshake = 1;
477	tr_free( msg );
478	}
479
480	/* send it */
481	tr_cryptoDecryptInit( handshake->crypto );
482	setReadState( handshake, AWAITING_VC );
483	tr_peerIoWriteBuf( handshake->io, outbuf, FALSE );
484
485	/* cleanup */
486	tr_releaseBuffer( outbuf );
487	return READ_LATER;
488	}
489
490	static int
491	readVC( tr_handshake * handshake,
492	struct evbuffer * inbuf )
493	{
494	const uint8_t key[VC_LENGTH] = { 0, 0, 0, 0, 0, 0, 0, 0 };
495	const int key_len = VC_LENGTH;
496	uint8_t tmp[VC_LENGTH];
497
498	/* note: this works w/o having to `unwind' the buffer if
499	* we read too much, but it is pretty brute-force.
500	* it would be nice to make this cleaner. */
501	for( ; ; )
502	{
503	if( EVBUFFER_LENGTH( inbuf ) < VC_LENGTH )
504	{
505	dbgmsg( handshake, "not enough bytes... returning read_more" );
506	return READ_LATER;
507	}
508
509	memcpy( tmp, EVBUFFER_DATA( inbuf ), key_len );
510	tr_cryptoDecryptInit( handshake->crypto );
511	tr_cryptoDecrypt( handshake->crypto, key_len, tmp, tmp );
512	if( !memcmp( tmp, key, key_len ) )
513	break;
514
515	evbuffer_drain( inbuf, 1 );
516	}
517
518	dbgmsg( handshake, "got it!" );
519	evbuffer_drain( inbuf, key_len );
520	setState( handshake, AWAITING_CRYPTO_SELECT );
521	return READ_NOW;
522	}
523
524	static int
525	readCryptoSelect( tr_handshake * handshake,
526	struct evbuffer * inbuf )
527	{
528	uint32_t crypto_select;
529	uint16_t pad_d_len;
530	const size_t needlen = sizeof( uint32_t ) + sizeof( uint16_t );
531
532	if( EVBUFFER_LENGTH( inbuf ) < needlen )
533	return READ_LATER;
534
535	tr_peerIoReadUint32( handshake->io, inbuf, &crypto_select );
536	handshake->crypto_select = crypto_select;
537	dbgmsg( handshake, "crypto select is %d", (int)crypto_select );
538	if( !( crypto_select & getCryptoProvide( handshake ) ) )
539	{
540	dbgmsg( handshake,
541	"peer selected an encryption option we didn't provide" );
542	return tr_handshakeDone( handshake, FALSE );
543	}
544
545	tr_peerIoReadUint16( handshake->io, inbuf, &pad_d_len );
546	dbgmsg( handshake, "pad_d_len is %d", (int)pad_d_len );
547
548	if( pad_d_len > 512 )
549	{
550	dbgmsg( handshake, "encryption handshake: pad_d_len is too long" );
551	return tr_handshakeDone( handshake, FALSE );
552	}
553
554	handshake->pad_d_len = pad_d_len;
555
556	setState( handshake, AWAITING_PAD_D );
557	return READ_NOW;
558	}
559
560	static int
561	readPadD( tr_handshake * handshake,
562	struct evbuffer * inbuf )
563	{
564	const size_t needlen = handshake->pad_d_len;
565	uint8_t * tmp;
566
567	dbgmsg( handshake, "pad d: need %zu, got %zu",
568	needlen, EVBUFFER_LENGTH( inbuf ) );
569	if( EVBUFFER_LENGTH( inbuf ) < needlen )
570	return READ_LATER;
571
572	tmp = tr_new( uint8_t, needlen );
573	tr_peerIoReadBytes( handshake->io, inbuf, tmp, needlen );
574	tr_free( tmp );
575
576	tr_peerIoSetEncryption( handshake->io,
577	handshake->crypto_select );
578
579	setState( handshake, AWAITING_HANDSHAKE );
580	return READ_NOW;
581	}
582
583	/***
584	****
585	**** INCOMING CONNECTIONS
586	****
587	***/
588
589	static int
590	readHandshake( tr_handshake * handshake,
591	struct evbuffer * inbuf )
592	{
593	uint8_t pstrlen;
594	uint8_t * pstr;
595	uint8_t reserved[HANDSHAKE_FLAGS_LEN];
596	uint8_t hash[SHA_DIGEST_LENGTH];
597
598	dbgmsg( handshake, "payload: need %d, got %zu",
599	(int)INCOMING_HANDSHAKE_LEN, EVBUFFER_LENGTH( inbuf ) );
600
601	if( EVBUFFER_LENGTH( inbuf ) < INCOMING_HANDSHAKE_LEN )
602	return READ_LATER;
603
604	pstrlen = EVBUFFER_DATA( inbuf )[0]; /* peek, don't read. We may be
605	handing inbuf to AWAITING_YA */
606
607	if( pstrlen == 19 ) /* unencrypted */
608	{
609	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_NONE );
610
611	if( handshake->encryptionMode == TR_ENCRYPTION_REQUIRED )
612	{
613	dbgmsg( handshake,
614	"peer is unencrypted, and we're disallowing that" );
615	return tr_handshakeDone( handshake, FALSE );
616	}
617	}
618	else /* encrypted or corrupt */
619	{
620	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_RC4 );
621
622	if( tr_peerIoIsIncoming( handshake->io ) )
623	{
624	dbgmsg( handshake,
625	"I think peer is sending us an encrypted handshake..." );
626	setState( handshake, AWAITING_YA );
627	return READ_NOW;
628	}
629	tr_cryptoDecrypt( handshake->crypto, 1, &pstrlen, &pstrlen );
630
631	if( pstrlen != 19 )
632	{
633	dbgmsg( handshake,
634	"I think peer has sent us a corrupt handshake..." );
635	return tr_handshakeDone( handshake, FALSE );
636	}
637	}
638
639	evbuffer_drain( inbuf, 1 );
640
641	/* pstr (BitTorrent) */
642	pstr = tr_new( uint8_t, pstrlen + 1 );
643	tr_peerIoReadBytes( handshake->io, inbuf, pstr, pstrlen );
644	pstr[pstrlen] = '\0';
645	if( strcmp( (char*)pstr, "BitTorrent protocol" ) )
646	{
647	tr_free( pstr );
648	return tr_handshakeDone( handshake, FALSE );
649	}
650	tr_free( pstr );
651
652	/* reserved bytes */
653	tr_peerIoReadBytes( handshake->io, inbuf, reserved, sizeof( reserved ) );
654
655	/**
656	*** Extensions
657	**/
658
659	tr_peerIoEnableLTEP( handshake->io, HANDSHAKE_HAS_LTEP( reserved ) );
660
661	tr_peerIoEnableFEXT( handshake->io, HANDSHAKE_HAS_FASTEXT( reserved ) );
662
663	/* torrent hash */
664	tr_peerIoReadBytes( handshake->io, inbuf, hash, sizeof( hash ) );
665	if( tr_peerIoIsIncoming( handshake->io ) )
666	{
667	if( !tr_torrentExists( handshake->session, hash ) )
668	{
669	dbgmsg( handshake, "peer is trying to connect to us for a torrent we don't have." );
670	return tr_handshakeDone( handshake, FALSE );
671	}
672	else
673	{
674	assert( !tr_peerIoHasTorrentHash( handshake->io ) );
675	tr_peerIoSetTorrentHash( handshake->io, hash );
676	}
677	}
678	else /* outgoing */
679	{
680	assert( tr_peerIoHasTorrentHash( handshake->io ) );
681	if( memcmp( hash, tr_peerIoGetTorrentHash( handshake->io ),
682	SHA_DIGEST_LENGTH ) )
683	{
684	dbgmsg( handshake, "peer returned the wrong hash. wtf?" );
685	return tr_handshakeDone( handshake, FALSE );
686	}
687	}
688
689	/**
690	*** If it's an incoming message, we need to send a response handshake
691	**/
692
693	if( !handshake->haveSentBitTorrentHandshake )
694	{
695	int msgSize;
696	uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
697	tr_peerIoWrite( handshake->io, msg, msgSize, FALSE );
698	tr_free( msg );
699	handshake->haveSentBitTorrentHandshake = 1;
700	}
701
702	setReadState( handshake, AWAITING_PEER_ID );
703	return READ_NOW;
704	}
705
706	static int
707	readPeerId( tr_handshake * handshake,
708	struct evbuffer * inbuf )
709	{
710	int peerIsGood;
711	char client[128];
712	tr_torrent * tor;
713	const uint8_t * peer_id;
714
715	if( EVBUFFER_LENGTH( inbuf ) < PEER_ID_LEN )
716	return READ_LATER;
717
718	/* peer id */
719	tr_peerIoReadBytes( handshake->io, inbuf, handshake->peer_id, PEER_ID_LEN );
720	tr_peerIoSetPeersId( handshake->io, handshake->peer_id );
721	handshake->havePeerID = TRUE;
722	tr_clientForId( client, sizeof( client ), handshake->peer_id );
723	dbgmsg( handshake, "peer-id is [%s] ... isIncoming is %d", client,
724	tr_peerIoIsIncoming( handshake->io ) );
725
726	/* if we've somehow connected to ourselves, don't keep the connection */
727	tor = tr_torrentFindFromHash( handshake->session, tr_peerIoGetTorrentHash( handshake->io ) );
728	peer_id = tor && tor->peer_id ? tor->peer_id : tr_getPeerId( );
729	peerIsGood = memcmp( handshake->peer_id, peer_id, PEER_ID_LEN ) != 0;
730	dbgmsg( handshake, "isPeerGood == %d", peerIsGood );
731	return tr_handshakeDone( handshake, peerIsGood );
732	}
733
734	static int
735	readYa( tr_handshake * handshake,
736	struct evbuffer * inbuf )
737	{
738	uint8_t ya[KEY_LEN];
739	uint8_t * walk, outbuf[KEY_LEN + PadB_MAXLEN];
740	const uint8_t myKey, secret;
741	int len;
742
743	dbgmsg( handshake, "in readYa... need %d, have %zu",
744	(int)KEY_LEN, EVBUFFER_LENGTH( inbuf ) );
745	if( EVBUFFER_LENGTH( inbuf ) < KEY_LEN )
746	return READ_LATER;
747
748	/* read the incoming peer's public key */
749	evbuffer_remove( inbuf, ya, KEY_LEN );
750	secret = tr_cryptoComputeSecret( handshake->crypto, ya );
751	memcpy( handshake->mySecret, secret, KEY_LEN );
752	tr_sha1( handshake->myReq1, "req1", 4, secret, KEY_LEN, NULL );
753
754	dbgmsg( handshake, "sending B->A: Diffie Hellman Yb, PadB" );
755	/* send our public key to the peer */
756	walk = outbuf;
757	myKey = tr_cryptoGetMyPublicKey( handshake->crypto, &len );
758	memcpy( walk, myKey, len );
759	walk += len;
760	len = tr_cryptoRandInt( PadB_MAXLEN );
761	tr_cryptoRandBuf( walk, len );
762	walk += len;
763
764	setReadState( handshake, AWAITING_PAD_A );
765	tr_peerIoWrite( handshake->io, outbuf, walk - outbuf, FALSE );
766	return READ_NOW;
767	}
768
769	static int
770	readPadA( tr_handshake * handshake,
771	struct evbuffer * inbuf )
772	{
773	uint8_t * pch;
774
775	dbgmsg( handshake, "looking to get past pad a... & resync on hash('req',S) ... have %zu bytes",
776	EVBUFFER_LENGTH( inbuf ) );
777	/**
778	*** Resynchronizing on HASH('req1',S)
779	**/
780
781	pch = memchr( EVBUFFER_DATA( inbuf ),
782	handshake->myReq1[0],
783	EVBUFFER_LENGTH( inbuf ) );
784	if( pch == NULL )
785	{
786	dbgmsg( handshake, "no luck so far.. draining %zu bytes",
787	EVBUFFER_LENGTH( inbuf ) );
788	evbuffer_drain( inbuf, EVBUFFER_LENGTH( inbuf ) );
789	return READ_LATER;
790	}
791	dbgmsg( handshake, "looking for hash('req',S) ... draining %d bytes",
792	(int)( pch - EVBUFFER_DATA( inbuf ) ) );
793	evbuffer_drain( inbuf, pch - EVBUFFER_DATA( inbuf ) );
794	if( EVBUFFER_LENGTH( inbuf ) < SHA_DIGEST_LENGTH )
795	return READ_LATER;
796	if( memcmp( EVBUFFER_DATA( inbuf ), handshake->myReq1,
797	SHA_DIGEST_LENGTH ) )
798	{
799	dbgmsg( handshake, "draining one more byte" );
800	evbuffer_drain( inbuf, 1 );
801	return READ_NOW;
802	}
803
804	dbgmsg( handshake,
805	"found it... looking setting to awaiting_crypto_provide" );
806	setState( handshake, AWAITING_CRYPTO_PROVIDE );
807	return READ_NOW;
808	}
809
810	static int
811	readCryptoProvide( tr_handshake * handshake,
812	struct evbuffer * inbuf )
813	{
814	/* HASH('req2', SKEY) xor HASH('req3', S), ENCRYPT(VC, crypto_provide,
815	len(PadC)) */
816
817	int i;
818	uint8_t vc_in[VC_LENGTH];
819	uint8_t req2[SHA_DIGEST_LENGTH];
820	uint8_t req3[SHA_DIGEST_LENGTH];
821	uint8_t obfuscatedTorrentHash[SHA_DIGEST_LENGTH];
822	uint16_t padc_len = 0;
823	uint32_t crypto_provide = 0;
824	const size_t needlen = SHA_DIGEST_LENGTH /* HASH('req1',s) */
825	+ SHA_DIGEST_LENGTH /* HASH('req2', SKEY) xor
826	HASH('req3', S) */
827	+ VC_LENGTH
828	+ sizeof( crypto_provide )
829	+ sizeof( padc_len );
830	tr_torrent * tor = NULL;
831
832	if( EVBUFFER_LENGTH( inbuf ) < needlen )
833	return READ_LATER;
834
835	/* TODO: confirm they sent HASH('req1',S) here? */
836	evbuffer_drain( inbuf, SHA_DIGEST_LENGTH );
837
838	/* This next piece is HASH('req2', SKEY) xor HASH('req3', S) ...
839	* we can get the first half of that (the obufscatedTorrentHash)
840	* by building the latter and xor'ing it with what the peer sent us */
841	dbgmsg( handshake, "reading obfuscated torrent hash..." );
842	evbuffer_remove( inbuf, req2, SHA_DIGEST_LENGTH );
843	tr_sha1( req3, "req3", 4, handshake->mySecret, KEY_LEN, NULL );
844	for( i = 0; i < SHA_DIGEST_LENGTH; ++i )
845	obfuscatedTorrentHash[i] = req2[i] ^ req3[i];
846	if( ( tor =
847	tr_torrentFindFromObfuscatedHash( handshake->session,
848	obfuscatedTorrentHash ) ) )
849	{
850	dbgmsg( handshake, "got INCOMING connection's encrypted handshake for torrent [%s]",
851	tor->info.name );
852	tr_peerIoSetTorrentHash( handshake->io, tor->info.hash );
853	if( !tr_torrentAllowsPex( tor )
854	&& tr_peerMgrPeerIsSeed( handshake->session->peerMgr,
855	tor->info.hash,
856	tr_peerIoGetAddress( handshake->io, NULL ) ) )
857	{
858	dbgmsg( handshake, "a peer has tried to reconnect to us!" );
859	return tr_handshakeDone( handshake, FALSE );
860	}
861	}
862	else
863	{
864	dbgmsg( handshake, "can't find that torrent..." );
865	return tr_handshakeDone( handshake, FALSE );
866	}
867
868	/* next part: ENCRYPT(VC, crypto_provide, len(PadC), */
869
870	tr_cryptoDecryptInit( handshake->crypto );
871
872	tr_peerIoReadBytes( handshake->io, inbuf, vc_in, VC_LENGTH );
873
874	tr_peerIoReadUint32( handshake->io, inbuf, &crypto_provide );
875	handshake->crypto_provide = crypto_provide;
876	dbgmsg( handshake, "crypto_provide is %d", (int)crypto_provide );
877
878	tr_peerIoReadUint16( handshake->io, inbuf, &padc_len );
879	dbgmsg( handshake, "padc is %d", (int)padc_len );
880	handshake->pad_c_len = padc_len;
881	setState( handshake, AWAITING_PAD_C );
882	return READ_NOW;
883	}
884
885	static int
886	readPadC( tr_handshake * handshake,
887	struct evbuffer * inbuf )
888	{
889	uint16_t ia_len;
890	const size_t needlen = handshake->pad_c_len + sizeof( uint16_t );
891
892	if( EVBUFFER_LENGTH( inbuf ) < needlen )
893	return READ_LATER;
894
895	evbuffer_drain( inbuf, handshake->pad_c_len );
896
897	tr_peerIoReadUint16( handshake->io, inbuf, &ia_len );
898	dbgmsg( handshake, "ia_len is %d", (int)ia_len );
899	handshake->ia_len = ia_len;
900	setState( handshake, AWAITING_IA );
901	return READ_NOW;
902	}
903
904	static int
905	readIA( tr_handshake * handshake,
906	struct evbuffer * inbuf )
907	{
908	const size_t needlen = handshake->ia_len;
909	struct evbuffer * outbuf;
910	uint32_t crypto_select;
911
912	dbgmsg( handshake, "reading IA... have %zu, need %zu",
913	EVBUFFER_LENGTH( inbuf ), needlen );
914	if( EVBUFFER_LENGTH( inbuf ) < needlen )
915	return READ_LATER;
916
917	/**
918	*** B->A: ENCRYPT(VC, crypto_select, len(padD), padD), ENCRYPT2(Payload Stream)
919	**/
920
921	tr_cryptoEncryptInit( handshake->crypto );
922	outbuf = tr_getBuffer( );
923
924	dbgmsg( handshake, "sending vc" );
925	/* send VC */
926	{
927	uint8_t vc[VC_LENGTH];
928	memset( vc, 0, VC_LENGTH );
929	tr_peerIoWriteBytes( handshake->io, outbuf, vc, VC_LENGTH );
930	}
931
932	/* send crypto_select */
933	crypto_select = getCryptoSelect( handshake, handshake->crypto_provide );
934	if( crypto_select )
935	{
936	dbgmsg( handshake, "selecting crypto mode '%d'", (int)crypto_select );
937	tr_peerIoWriteUint32( handshake->io, outbuf, crypto_select );
938	}
939	else
940	{
941	dbgmsg( handshake, "peer didn't offer an encryption mode we like." );
942	evbuffer_free( outbuf );
943	return tr_handshakeDone( handshake, FALSE );
944	}
945
946	dbgmsg( handshake, "sending pad d" );
947	/* ENCRYPT(VC, crypto_provide, len(PadD), PadD
948	* PadD is reserved for future extensions to the handshake...
949	* standard practice at this time is for it to be zero-length */
950	{
951	const int len = 0;
952	tr_peerIoWriteUint16( handshake->io, outbuf, len );
953	}
954
955	/* maybe de-encrypt our connection */
956	if( crypto_select == CRYPTO_PROVIDE_PLAINTEXT )
957	tr_peerIoSetEncryption( handshake->io, PEER_ENCRYPTION_NONE );
958
959	dbgmsg( handshake, "sending handshake" );
960	/* send our handshake */
961	{
962	int msgSize;
963	uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
964	tr_peerIoWriteBytes( handshake->io, outbuf, msg, msgSize );
965	handshake->haveSentBitTorrentHandshake = 1;
966	tr_free( msg );
967	}
968
969	/* send it out */
970	tr_peerIoWriteBuf( handshake->io, outbuf, FALSE );
971	tr_releaseBuffer( outbuf );
972
973	/* now await the handshake */
974	setState( handshake, AWAITING_PAYLOAD_STREAM );
975	return READ_NOW;
976	}
977
978	static int
979	readPayloadStream( tr_handshake * handshake,
980	struct evbuffer * inbuf )
981	{
982	int i;
983	const size_t needlen = HANDSHAKE_SIZE;
984
985	dbgmsg( handshake, "reading payload stream... have %zu, need %zu",
986	EVBUFFER_LENGTH( inbuf ), needlen );
987	if( EVBUFFER_LENGTH( inbuf ) < needlen )
988	return READ_LATER;
989
990	/* parse the handshake ... */
991	i = parseHandshake( handshake, inbuf );
992	dbgmsg( handshake, "parseHandshake returned %d", i );
993	if( i != HANDSHAKE_OK )
994	return tr_handshakeDone( handshake, FALSE );
995
996	/* we've completed the BT handshake... pass the work on to peer-msgs */
997	return tr_handshakeDone( handshake, TRUE );
998	}
999
1000	/***
1001	****
1002	****
1003	****
1004	***/
1005
1006	static ReadState
1007	canRead( struct tr_peerIo * io, void * arg, size_t * piece )
1008	{
1009	tr_handshake * handshake = arg;
1010	struct evbuffer * inbuf = tr_peerIoGetReadBuffer( io );
1011	ReadState ret;
1012	tr_bool readyForMore = TRUE;
1013
1014	/* no piece data in handshake */
1015	*piece = 0;
1016
1017	dbgmsg( handshake, "handling canRead; state is [%s]",
1018	getStateName( handshake->state ) );
1019
1020	while( readyForMore )
1021	{
1022	switch( handshake->state )
1023	{
1024	case AWAITING_HANDSHAKE:
1025	ret = readHandshake ( handshake, inbuf ); break;
1026
1027	case AWAITING_PEER_ID:
1028	ret = readPeerId ( handshake, inbuf ); break;
1029
1030	case AWAITING_YA:
1031	ret = readYa ( handshake, inbuf ); break;
1032
1033	case AWAITING_PAD_A:
1034	ret = readPadA ( handshake, inbuf ); break;
1035
1036	case AWAITING_CRYPTO_PROVIDE:
1037	ret = readCryptoProvide( handshake, inbuf ); break;
1038
1039	case AWAITING_PAD_C:
1040	ret = readPadC ( handshake, inbuf ); break;
1041
1042	case AWAITING_IA:
1043	ret = readIA ( handshake, inbuf ); break;
1044
1045	case AWAITING_PAYLOAD_STREAM:
1046	ret = readPayloadStream( handshake, inbuf ); break;
1047
1048	case AWAITING_YB:
1049	ret = readYb ( handshake, inbuf ); break;
1050
1051	case AWAITING_VC:
1052	ret = readVC ( handshake, inbuf ); break;
1053
1054	case AWAITING_CRYPTO_SELECT:
1055	ret = readCryptoSelect ( handshake, inbuf ); break;
1056
1057	case AWAITING_PAD_D:
1058	ret = readPadD ( handshake, inbuf ); break;
1059
1060	default:
1061	assert( 0 );
1062	}
1063
1064	if( ret != READ_NOW )
1065	readyForMore = FALSE;
1066	else if( handshake->state == AWAITING_PAD_C )
1067	readyForMore = EVBUFFER_LENGTH( inbuf ) >= handshake->pad_c_len;
1068	else if( handshake->state == AWAITING_PAD_D )
1069	readyForMore = EVBUFFER_LENGTH( inbuf ) >= handshake->pad_d_len;
1070	else if( handshake->state == AWAITING_IA )
1071	readyForMore = EVBUFFER_LENGTH( inbuf ) >= handshake->ia_len;
1072	}
1073
1074	return ret;
1075	}
1076
1077	static int
1078	fireDoneFunc( tr_handshake * handshake,
1079	int isConnected )
1080	{
1081	const uint8_t * peer_id = isConnected && handshake->havePeerID
1082	? handshake->peer_id
1083	: NULL;
1084	const int success = ( *handshake->doneCB )( handshake,
1085	handshake->io,
1086	isConnected,
1087	peer_id,
1088	handshake->
1089	doneUserData );
1090
1091	return success;
1092	}
1093
1094	static void
1095	tr_handshakeFree( tr_handshake * handshake )
1096	{
1097	if( handshake->io )
1098	tr_peerIoUnref( handshake->io ); /* balanced by the ref in tr_handshakeNew */
1099
1100	tr_free( handshake );
1101	}
1102
1103	static int
1104	tr_handshakeDone( tr_handshake * handshake,
1105	int isOK )
1106	{
1107	tr_bool success;
1108
1109	dbgmsg( handshake, "handshakeDone: %s", isOK ? "connected" : "aborting" );
1110	tr_peerIoSetIOFuncs( handshake->io, NULL, NULL, NULL, NULL );
1111
1112	success = fireDoneFunc( handshake, isOK );
1113
1114	tr_handshakeFree( handshake );
1115
1116	return success ? READ_LATER : READ_ERR;
1117	}
1118
1119	void
1120	tr_handshakeAbort( tr_handshake * handshake )
1121	{
1122	tr_handshakeDone( handshake, FALSE );
1123	}
1124
1125	static void
1126	gotError( tr_peerIo * io UNUSED,
1127	short what,
1128	void * arg )
1129	{
1130	tr_handshake * handshake = (tr_handshake *) arg;
1131
1132	/* if the error happened while we were sending a public key, we might
1133	* have encountered a peer that doesn't do encryption... reconnect and
1134	* try a plaintext handshake */
1135	if( ( ( handshake->state == AWAITING_YB )
1136	\|\| ( handshake->state == AWAITING_VC ) )
1137	&& ( handshake->encryptionMode != TR_ENCRYPTION_REQUIRED )
1138	&& ( !tr_peerIoReconnect( handshake->io ) ) )
1139	{
1140	int msgSize;
1141	uint8_t * msg;
1142	dbgmsg( handshake, "handshake failed, trying plaintext..." );
1143	msg = buildHandshakeMessage( handshake, &msgSize );
1144	handshake->haveSentBitTorrentHandshake = 1;
1145	setReadState( handshake, AWAITING_HANDSHAKE );
1146	tr_peerIoWrite( handshake->io, msg, msgSize, FALSE );
1147	tr_free( msg );
1148	}
1149	else
1150	{
1151	dbgmsg( handshake, "libevent got an error what==%d, errno=%d (%s)",
1152	(int)what, errno, tr_strerror( errno ) );
1153	tr_handshakeDone( handshake, FALSE );
1154	}
1155	}
1156
1157	/**
1158	***
1159	**/
1160
1161	tr_handshake*
1162	tr_handshakeNew( tr_peerIo * io,
1163	tr_encryption_mode encryptionMode,
1164	handshakeDoneCB doneCB,
1165	void * doneUserData )
1166	{
1167	tr_handshake * handshake;
1168
1169	handshake = tr_new0( tr_handshake, 1 );
1170	handshake->io = io;
1171	handshake->crypto = tr_peerIoGetCrypto( io );
1172	handshake->encryptionMode = encryptionMode;
1173	handshake->doneCB = doneCB;
1174	handshake->doneUserData = doneUserData;
1175	handshake->session = tr_peerIoGetSession( io );
1176
1177	tr_peerIoRef( io ); /* balanced by the unref in tr_handshakeFree */
1178	tr_peerIoSetIOFuncs( handshake->io, canRead, NULL, gotError, handshake );
1179
1180	if( tr_peerIoIsIncoming( handshake->io ) )
1181	setReadState( handshake, AWAITING_HANDSHAKE );
1182	else if( encryptionMode != TR_CLEAR_PREFERRED )
1183	sendYa( handshake );
1184	else
1185	{
1186	int msgSize;
1187	uint8_t * msg = buildHandshakeMessage( handshake, &msgSize );
1188	handshake->haveSentBitTorrentHandshake = 1;
1189	setReadState( handshake, AWAITING_HANDSHAKE );
1190	tr_peerIoWrite( handshake->io, msg, msgSize, FALSE );
1191	tr_free( msg );
1192	}
1193
1194	return handshake;
1195	}
1196
1197	struct tr_peerIo*
1198	tr_handshakeGetIO( tr_handshake * handshake )
1199	{
1200	assert( handshake );
1201	assert( handshake->io );
1202
1203	return handshake->io;
1204	}
1205
1206	struct tr_peerIo*
1207	tr_handshakeStealIO( tr_handshake * handshake )
1208	{
1209	struct tr_peerIo * io;
1210
1211	assert( handshake );
1212	assert( handshake->io );
1213
1214	io = handshake->io;
1215	handshake->io = NULL;
1216	return io;
1217	}
1218
1219	const tr_address *
1220	tr_handshakeGetAddr( const struct tr_handshake * handshake,
1221	tr_port * port )
1222	{
1223	assert( handshake );
1224	assert( handshake->io );
1225
1226	return tr_peerIoGetAddress( handshake->io, port );
1227	}
1228

Note: See TracBrowser for help on using the repository browser.

Download in other formats: