SessionManager.c 9.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  14. */
  15. #include "interface/SessionManager.h"
  16. #include "crypto/CryptoAuth.h"
  17. #include "crypto/AddressCalc.h"
  18. #include "interface/Interface.h"
  19. #include "memory/Allocator.h"
  20. #include "util/Bits.h"
  21. #include "util/events/Time.h"
  22. #include "util/events/Timeout.h"
  23. #include "util/version/Version.h"
  24. #include "wire/Error.h"
  25. #include "wire/Headers.h"
  26. #include "wire/Message.h"
  27. #include <stdint.h>
  28. /** The number of seconds of inactivity before a session should expire. */
  29. #define SESSION_TIMEOUT_SECONDS 600
  30. /** The number of seconds between cleanup cycles. */
  31. #define CLEANUP_CYCLE_SECONDS 20
  32. /** Number of milliseconds between state change announcements. */
  33. #define STATE_UPDATE_TIME 8000
  34. /** Handle numbers 0-3 are reserved for CryptoAuth nonces. */
  35. #define MIN_FIRST_HANDLE 4
  36. #define MAX_FIRST_HANDLE 100000
  37. struct SessionManager_Session_pvt
  38. {
  39. struct SessionManager_Session pub;
  40. struct SessionManager* const sm;
  41. Identity
  42. };
  43. struct Ip6
  44. {
  45. uint8_t bytes[16];
  46. };
  47. #define Map_NAME OfSessionsByIp6
  48. #define Map_KEY_TYPE struct Ip6
  49. #define Map_VALUE_TYPE struct SessionManager_Session_pvt*
  50. #define Map_ENABLE_HANDLES
  51. #include "util/Map.h"
  52. /**
  53. * A SessionManager is a mechanism for getting a crypto session based on a given key.
  54. */
  55. struct SessionManager
  56. {
  57. /** Trick interface which is used for receiving and sending to the inside/outside world. */
  58. struct Interface iface;
  59. Interface_CONST_CALLBACK(encryptedOutgoing);
  60. void* const interfaceContext;
  61. struct EventBase* const eventBase;
  62. struct Map_OfSessionsByIp6 ifaceMap;
  63. struct Allocator* const allocator;
  64. struct Timeout* cleanupInterval;
  65. struct CryptoAuth* cryptoAuth;
  66. /** The first handle number to start with, randomized at startup to reduce collisions. */
  67. uint32_t first;
  68. };
  69. static void cleanup(void* vsm)
  70. {
  71. struct SessionManager* sm = (struct SessionManager*) vsm;
  72. uint64_t now = Time_currentTimeMilliseconds(sm->eventBase);
  73. for (uint32_t i = 0; i < sm->ifaceMap.count; i++) {
  74. uint64_t lastMsg = sm->ifaceMap.values[i]->pub.timeOfLastIn;
  75. if (sm->ifaceMap.values[i]->pub.timeOfLastOut > lastMsg) {
  76. lastMsg = sm->ifaceMap.values[i]->pub.timeOfLastOut;
  77. }
  78. if (lastMsg < (now - (SESSION_TIMEOUT_SECONDS * 1000))) {
  79. struct Allocator* ifAllocator = sm->ifaceMap.values[i]->pub.external.allocator;
  80. Map_OfSessionsByIp6_remove(i, &sm->ifaceMap);
  81. Allocator_free(ifAllocator);
  82. i--;
  83. }
  84. }
  85. }
  86. static void check(struct SessionManager* sm, int mapIndex)
  87. {
  88. Assert_true(sm->ifaceMap.keys[mapIndex].bytes[0] == 0xfc);
  89. uint8_t* herPubKey = CryptoAuth_getHerPublicKey(sm->ifaceMap.values[mapIndex]->pub.internal);
  90. if (!Bits_isZero(herPubKey, 32)) {
  91. uint8_t ip6[16];
  92. AddressCalc_addressForPublicKey(ip6, herPubKey);
  93. Assert_true(!Bits_memcmp(&sm->ifaceMap.keys[mapIndex], ip6, 16));
  94. }
  95. }
  96. static void stateChange(struct SessionManager_Session_pvt* ss,
  97. uint64_t prevTimeOfLastIn,
  98. uint64_t prevTimeOfLastOut,
  99. int prevCryptoAuthState)
  100. {
  101. }
  102. static uint8_t sendMessage(struct Message* msg, struct Interface* iface)
  103. {
  104. struct SessionManager_Session_pvt* ss =
  105. Identity_check((struct SessionManager_Session_pvt*)iface);
  106. uint64_t timeOfLastOut = ss->pub.timeOfLastOut;
  107. ss->pub.timeOfLastOut = Time_currentTimeMilliseconds(ss->sm->eventBase);
  108. int prevState = ss->pub.cryptoAuthState;
  109. ss->pub.cryptoAuthState = CryptoAuth_getState(ss->pub.internal);
  110. if ((ss->pub.timeOfLastOut - timeOfLastOut) > STATE_UPDATE_TIME
  111. || prevState != ss->pub.cryptoAuthState)
  112. {
  113. stateChange(ss, ss->pub.timeOfLastIn, timeOfLastOut, prevState);
  114. }
  115. return Interface_sendMessage(&ss->sm->iface, msg);
  116. }
  117. static uint8_t receiveMessage(struct Message* msg, struct Interface* iface)
  118. {
  119. struct SessionManager_Session_pvt* ss =
  120. Identity_check((struct SessionManager_Session_pvt*)iface->receiverContext);
  121. // nonce added by CryptoAuth
  122. Message_pop(msg, NULL, 4, NULL);
  123. uint64_t timeOfLastIn = ss->pub.timeOfLastIn;
  124. ss->pub.timeOfLastIn = Time_currentTimeMilliseconds(ss->sm->eventBase);
  125. int prevState = ss->pub.cryptoAuthState;
  126. ss->pub.cryptoAuthState = CryptoAuth_getState(ss->pub.internal);
  127. if ((ss->pub.timeOfLastIn - timeOfLastIn) > STATE_UPDATE_TIME
  128. || prevState != ss->pub.cryptoAuthState)
  129. {
  130. stateChange(ss, timeOfLastIn, ss->pub.timeOfLastOut, prevState);
  131. }
  132. return Interface_receiveMessage(&ss->sm->iface, msg);
  133. }
  134. struct SessionManager_Session* SessionManager_getSession(uint8_t* lookupKey,
  135. uint8_t cryptoKey[32],
  136. struct SessionManager* sm)
  137. {
  138. int ifaceIndex = Map_OfSessionsByIp6_indexForKey((struct Ip6*)lookupKey, &sm->ifaceMap);
  139. if (ifaceIndex == -1) {
  140. // Make sure cleanup() doesn't get behind.
  141. cleanup(sm);
  142. struct Allocator* ifAlloc = Allocator_child(sm->allocator);
  143. struct SessionManager_Session_pvt* ss =
  144. Allocator_clone(ifAlloc, (&(struct SessionManager_Session_pvt) {
  145. .pub = {
  146. .version = Version_DEFAULT_ASSUMPTION,
  147. .external = {
  148. .sendMessage = sendMessage,
  149. .allocator = ifAlloc
  150. },
  151. },
  152. .sm = sm
  153. }));
  154. Identity_set(ss);
  155. // const hack
  156. Bits_memcpyConst((void*)&ss->pub.external.senderContext, &ss, sizeof(char*));
  157. Bits_memcpyConst(ss->pub.ip6, lookupKey, 16);
  158. ss->pub.internal = CryptoAuth_wrapInterface(&ss->pub.external,
  159. cryptoKey,
  160. lookupKey,
  161. false,
  162. "inner",
  163. sm->cryptoAuth);
  164. ss->pub.internal->receiveMessage = receiveMessage;
  165. ss->pub.internal->receiverContext = ss;
  166. ifaceIndex = Map_OfSessionsByIp6_put((struct Ip6*)lookupKey, &ss, &sm->ifaceMap);
  167. ss->pub.receiveHandle_be =
  168. Endian_hostToBigEndian32(sm->ifaceMap.handles[ifaceIndex] + sm->first);
  169. } else {
  170. uint8_t* herPubKey =
  171. CryptoAuth_getHerPublicKey(sm->ifaceMap.values[ifaceIndex]->pub.internal);
  172. if (Bits_isZero(herPubKey, 32) && cryptoKey) {
  173. Bits_memcpyConst(herPubKey, cryptoKey, 32);
  174. }
  175. }
  176. check(sm, ifaceIndex);
  177. return &Identity_check(sm->ifaceMap.values[ifaceIndex])->pub;
  178. }
  179. struct SessionManager_Session* SessionManager_sessionForHandle(uint32_t handle,
  180. struct SessionManager* sm)
  181. {
  182. int index = Map_OfSessionsByIp6_indexForHandle(handle - sm->first, &sm->ifaceMap);
  183. if (index < 0) { return NULL; }
  184. check(sm, index);
  185. return &Identity_check(sm->ifaceMap.values[index])->pub;
  186. }
  187. uint8_t* SessionManager_getIp6(uint32_t handle, struct SessionManager* sm)
  188. {
  189. int index = Map_OfSessionsByIp6_indexForHandle(handle - sm->first, &sm->ifaceMap);
  190. if (index < 0) { return NULL; }
  191. check(sm, index);
  192. return sm->ifaceMap.keys[index].bytes;
  193. }
  194. struct SessionManager_HandleList* SessionManager_getHandleList(struct SessionManager* sm,
  195. struct Allocator* alloc)
  196. {
  197. struct SessionManager_HandleList* out =
  198. Allocator_malloc(alloc, sizeof(struct SessionManager_HandleList));
  199. uint32_t* buff = Allocator_malloc(alloc, 4 * sm->ifaceMap.count);
  200. Bits_memcpy(buff, sm->ifaceMap.handles, 4 * sm->ifaceMap.count);
  201. out->handles = buff;
  202. out->count = sm->ifaceMap.count;
  203. for (int i = 0; i < (int)out->count; i++) {
  204. buff[i] += sm->first;
  205. }
  206. return out;
  207. }
  208. struct SessionManager* SessionManager_new(Interface_CALLBACK(decryptedIncoming),
  209. Interface_CALLBACK(encryptedOutgoing),
  210. void* interfaceContext,
  211. struct EventBase* eventBase,
  212. struct CryptoAuth* cryptoAuth,
  213. struct Random* rand,
  214. struct Allocator* allocator)
  215. {
  216. struct SessionManager* sm = Allocator_malloc(allocator, sizeof(struct SessionManager));
  217. Bits_memcpyConst(sm, (&(struct SessionManager) {
  218. .iface = {
  219. .receiveMessage = decryptedIncoming,
  220. .receiverContext = interfaceContext,
  221. .sendMessage = encryptedOutgoing,
  222. .senderContext = interfaceContext
  223. },
  224. .eventBase = eventBase,
  225. .ifaceMap = {
  226. .allocator = allocator
  227. },
  228. .cryptoAuth = cryptoAuth,
  229. .allocator = allocator,
  230. .first = (Random_uint32(rand) % (MAX_FIRST_HANDLE - MIN_FIRST_HANDLE)) + MIN_FIRST_HANDLE,
  231. .cleanupInterval =
  232. Timeout_setInterval(cleanup, sm, 1000 * CLEANUP_CYCLE_SECONDS, eventBase, allocator)
  233. }), sizeof(struct SessionManager));
  234. return sm;
  235. }