1
0

SessionManager.c 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  14. */
  15. #include "interface/SessionManager.h"
  16. #include "crypto/CryptoAuth.h"
  17. #include "crypto/AddressCalc.h"
  18. #include "interface/Interface.h"
  19. #include "memory/Allocator.h"
  20. #include "util/Bits.h"
  21. #include "util/events/Time.h"
  22. #include "util/events/Timeout.h"
  23. #include "util/version/Version.h"
  24. #include "wire/Error.h"
  25. #include "wire/Headers.h"
  26. #include "wire/Message.h"
  27. #include <stdint.h>
  28. /** The number of seconds of inactivity before a session should expire. */
  29. #define SESSION_TIMEOUT_SECONDS 600
  30. /** The number of seconds between cleanup cycles. */
  31. #define CLEANUP_CYCLE_SECONDS 20
  32. /** Handle numbers 0-3 are reserved for CryptoAuth nonces. */
  33. #define MIN_FIRST_HANDLE 4
  34. #define MAX_FIRST_HANDLE 100000
  35. struct Ip6
  36. {
  37. uint8_t bytes[16];
  38. };
  39. #define Map_NAME OfSessionsByIp6
  40. #define Map_KEY_TYPE struct Ip6
  41. #define Map_VALUE_TYPE struct SessionManager_Session
  42. #define Map_ENABLE_HANDLES
  43. #include "util/Map.h"
  44. /**
  45. * A SessionManager is a mechanism for getting a crypto session based on a given key.
  46. */
  47. struct SessionManager
  48. {
  49. Interface_CONST_CALLBACK(decryptedIncoming);
  50. Interface_CONST_CALLBACK(encryptedOutgoing);
  51. void* const interfaceContext;
  52. struct EventBase* const eventBase;
  53. struct Map_OfSessionsByIp6 ifaceMap;
  54. struct Allocator* const allocator;
  55. struct Timeout* cleanupInterval;
  56. struct CryptoAuth* cryptoAuth;
  57. /** The first handle number to start with, randomized at startup to reduce collisions. */
  58. uint32_t first;
  59. };
  60. static void cleanup(void* vsm)
  61. {
  62. struct SessionManager* sm = (struct SessionManager*) vsm;
  63. uint64_t nowSecs = Time_currentTimeSeconds(sm->eventBase);
  64. for (uint32_t i = 0; i < sm->ifaceMap.count; i++) {
  65. if (sm->ifaceMap.values[i].lastMessageTime < (nowSecs - SESSION_TIMEOUT_SECONDS)) {
  66. struct Allocator* ifAllocator = sm->ifaceMap.values[i].iface.allocator;
  67. Allocator_free(ifAllocator);
  68. Map_OfSessionsByIp6_remove(i, &sm->ifaceMap);
  69. i--;
  70. }
  71. }
  72. }
  73. static void check(struct SessionManager* sm, int mapIndex)
  74. {
  75. Assert_always(sm->ifaceMap.keys[mapIndex].bytes[0] == 0xfc);
  76. uint8_t* herPubKey = CryptoAuth_getHerPublicKey(&sm->ifaceMap.values[mapIndex].iface);
  77. if (!Bits_isZero(herPubKey, 32)) {
  78. uint8_t ip6[16];
  79. AddressCalc_addressForPublicKey(ip6, herPubKey);
  80. Assert_always(!Bits_memcmp(&sm->ifaceMap.keys[mapIndex], ip6, 16));
  81. }
  82. }
  83. struct SessionManager_Session* SessionManager_getSession(uint8_t* lookupKey,
  84. uint8_t cryptoKey[32],
  85. struct SessionManager* sm)
  86. {
  87. int ifaceIndex = Map_OfSessionsByIp6_indexForKey((struct Ip6*)lookupKey, &sm->ifaceMap);
  88. if (ifaceIndex == -1) {
  89. // Make sure cleanup() doesn't get behind.
  90. cleanup(sm);
  91. struct Allocator* ifAllocator = Allocator_child(sm->allocator);
  92. struct Interface* outsideIf = Allocator_clone(ifAllocator, (&(struct Interface) {
  93. .sendMessage = sm->encryptedOutgoing,
  94. .senderContext = sm->interfaceContext,
  95. .allocator = ifAllocator
  96. }));
  97. struct Interface* insideIf = CryptoAuth_wrapInterface(outsideIf,
  98. cryptoKey,
  99. lookupKey,
  100. false,
  101. "inner",
  102. sm->cryptoAuth);
  103. insideIf->receiveMessage = sm->decryptedIncoming;
  104. insideIf->receiverContext = sm->interfaceContext;
  105. struct SessionManager_Session s = {
  106. .lastMessageTime = Time_currentTimeSeconds(sm->eventBase),
  107. .version = Version_DEFAULT_ASSUMPTION,
  108. // Create a trick interface which pretends to be on both sides of the crypto.
  109. .iface = {
  110. .sendMessage = insideIf->sendMessage,
  111. .senderContext = insideIf->senderContext,
  112. .receiveMessage = outsideIf->receiveMessage,
  113. .receiverContext = outsideIf->receiverContext,
  114. .allocator = ifAllocator
  115. }
  116. };
  117. int index = Map_OfSessionsByIp6_put((struct Ip6*)lookupKey, &s, &sm->ifaceMap);
  118. struct SessionManager_Session* sp = &sm->ifaceMap.values[index];
  119. sp->receiveHandle_be = Endian_hostToBigEndian32(sm->ifaceMap.handles[index] + sm->first);
  120. Bits_memcpyConst(sp->ip6, lookupKey, 16);
  121. return sp;
  122. } else {
  123. // Interface already exists, set the time of last message to "now".
  124. sm->ifaceMap.values[ifaceIndex].lastMessageTime = Time_currentTimeSeconds(sm->eventBase);
  125. uint8_t* herPubKey = CryptoAuth_getHerPublicKey(&sm->ifaceMap.values[ifaceIndex].iface);
  126. if (Bits_isZero(herPubKey, 32) && cryptoKey) {
  127. Bits_memcpyConst(herPubKey, cryptoKey, 32);
  128. }
  129. }
  130. check(sm, ifaceIndex);
  131. return &sm->ifaceMap.values[ifaceIndex];
  132. }
  133. struct SessionManager_Session* SessionManager_sessionForHandle(uint32_t handle,
  134. struct SessionManager* sm)
  135. {
  136. int index = Map_OfSessionsByIp6_indexForHandle(handle - sm->first, &sm->ifaceMap);
  137. if (index < 0) { return NULL; }
  138. check(sm, index);
  139. return &sm->ifaceMap.values[index];
  140. }
  141. uint8_t* SessionManager_getIp6(uint32_t handle, struct SessionManager* sm)
  142. {
  143. int index = Map_OfSessionsByIp6_indexForHandle(handle - sm->first, &sm->ifaceMap);
  144. if (index < 0) { return NULL; }
  145. check(sm, index);
  146. return sm->ifaceMap.keys[index].bytes;
  147. }
  148. struct SessionManager_HandleList* SessionManager_getHandleList(struct SessionManager* sm,
  149. struct Allocator* alloc)
  150. {
  151. struct SessionManager_HandleList* out =
  152. Allocator_malloc(alloc, sizeof(struct SessionManager_HandleList));
  153. uint32_t* buff = Allocator_malloc(alloc, 4 * sm->ifaceMap.count);
  154. Bits_memcpy(buff, sm->ifaceMap.handles, 4 * sm->ifaceMap.count);
  155. out->handles = buff;
  156. out->count = sm->ifaceMap.count;
  157. for (int i = 0; i < (int)out->count; i++) {
  158. buff[i] += sm->first;
  159. }
  160. return out;
  161. }
  162. struct SessionManager* SessionManager_new(Interface_CALLBACK(decryptedIncoming),
  163. Interface_CALLBACK(encryptedOutgoing),
  164. void* interfaceContext,
  165. struct EventBase* eventBase,
  166. struct CryptoAuth* cryptoAuth,
  167. struct Random* rand,
  168. struct Allocator* allocator)
  169. {
  170. struct SessionManager* sm = Allocator_malloc(allocator, sizeof(struct SessionManager));
  171. Bits_memcpyConst(sm, (&(struct SessionManager) {
  172. .decryptedIncoming = decryptedIncoming,
  173. .encryptedOutgoing = encryptedOutgoing,
  174. .interfaceContext = interfaceContext,
  175. .eventBase = eventBase,
  176. .ifaceMap = {
  177. .allocator = allocator
  178. },
  179. .cryptoAuth = cryptoAuth,
  180. .allocator = allocator,
  181. .first = (Random_uint32(rand) % (MAX_FIRST_HANDLE - MIN_FIRST_HANDLE)) + MIN_FIRST_HANDLE,
  182. .cleanupInterval =
  183. Timeout_setInterval(cleanup, sm, 1000 * CLEANUP_CYCLE_SECONDS, eventBase, allocator)
  184. }), sizeof(struct SessionManager));
  185. return sm;
  186. }