From 249d2d9eb7abda4542a09bd1bbc44a64af4d7ddc Mon Sep 17 00:00:00 2001 From: irungentoo Date: Wed, 26 Mar 2014 20:55:14 -0400 Subject: [PATCH] TCP server testing in progress. --- auto_tests/TCP_test.c | 162 +++++++++++++++++++++++++++++++++++++++++- toxcore/TCP_server.c | 61 +++++++++++++--- toxcore/TCP_server.h | 5 +- 3 files changed, 218 insertions(+), 10 deletions(-) diff --git a/auto_tests/TCP_test.c b/auto_tests/TCP_test.c index 983b07d2..989867b4 100644 --- a/auto_tests/TCP_test.c +++ b/auto_tests/TCP_test.c @@ -21,9 +21,10 @@ #define NUM_PORTS 3 +uint16_t ports[NUM_PORTS] = {12345, 33445, 25643}; + START_TEST(test_basic) { - uint16_t ports[NUM_PORTS] = {12345, 33445, 25643}; uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; crypto_box_keypair(self_public_key, self_secret_key); @@ -80,7 +81,165 @@ START_TEST(test_basic) encrypt_precompute(response_plain, t_secret_key, f_shared_key); memcpy(f_nonce_r, response_plain + crypto_box_BEFORENMBYTES, crypto_box_NONCEBYTES); + uint8_t r_req_p[1 + crypto_box_PUBLICKEYBYTES] = {0}; + memcpy(r_req_p + 1, f_public_key, crypto_box_PUBLICKEYBYTES); + uint8_t r_req[2 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES]; + uint16_t size = 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES; + size = htons(size); + ret = encrypt_data_fast(f_shared_key, f_nonce, r_req_p, 1 + crypto_box_PUBLICKEYBYTES, r_req + 2); + increment_nonce(f_nonce); + memcpy(r_req, &size, 2); + uint32_t i; + for (i = 0; i < sizeof(r_req); ++i) { + ck_assert_msg(send(sock, r_req + i, 1, 0) == 1, "send Failed."); + //ck_assert_msg(send(sock, r_req, sizeof(r_req), 0) == sizeof(r_req), "send Failed."); + do_TCP_server(tcp_s); + c_sleep(50); + } + + do_TCP_server(tcp_s); + c_sleep(50); + uint8_t packet_resp[4096]; + int recv_data_len; + ck_assert_msg((recv_data_len = recv(sock, packet_resp, 2 + 2 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES, + 0)) == 2 + 2 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES, "recv Failed. %u", recv_data_len); + memcpy(&size, packet_resp, 2); + ck_assert_msg(ntohs(size) == 2 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES, "Wrong packet size."); + uint8_t packet_resp_plain[4096]; + ret = decrypt_data_fast(f_shared_key, f_nonce_r, packet_resp + 2, recv_data_len - 2, packet_resp_plain); + ck_assert_msg(ret != -1, "decryption failed"); + increment_nonce(f_nonce_r); + ck_assert_msg(packet_resp_plain[0] == 1, "wrong packet id %u", packet_resp_plain[0]); + ck_assert_msg(packet_resp_plain[1] == 0, "connection not refused %u", packet_resp_plain[1]); + ck_assert_msg(memcmp(packet_resp_plain + 2, f_public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); +} +END_TEST + +struct sec_TCP_con { + sock_t sock; + uint8_t public_key[crypto_box_PUBLICKEYBYTES]; + uint8_t recv_nonce[crypto_box_NONCEBYTES]; + uint8_t sent_nonce[crypto_box_NONCEBYTES]; + uint8_t shared_key[crypto_box_BEFORENMBYTES]; +}; + +struct sec_TCP_con *new_TCP_con(TCP_Server *tcp_s) +{ + struct sec_TCP_con *sec_c = malloc(sizeof(struct sec_TCP_con)); + sock_t sock = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); + struct sockaddr_in6 addr6_loopback = {0}; + addr6_loopback.sin6_family = AF_INET6; + addr6_loopback.sin6_port = htons(ports[rand() % NUM_PORTS]); + addr6_loopback.sin6_addr = in6addr_loopback; + + int ret = connect(sock, (struct sockaddr *)&addr6_loopback, sizeof(addr6_loopback)); + ck_assert_msg(ret == 0, "Failed to connect to TCP relay server"); + + uint8_t f_secret_key[crypto_box_SECRETKEYBYTES]; + crypto_box_keypair(sec_c->public_key, f_secret_key); + random_nonce(sec_c->sent_nonce); + + uint8_t t_secret_key[crypto_box_SECRETKEYBYTES]; + uint8_t handshake_plain[TCP_HANDSHAKE_PLAIN_SIZE]; + crypto_box_keypair(handshake_plain, t_secret_key); + memcpy(handshake_plain + crypto_box_PUBLICKEYBYTES, sec_c->sent_nonce, crypto_box_NONCEBYTES); + uint8_t handshake[TCP_CLIENT_HANDSHAKE_SIZE]; + memcpy(handshake, sec_c->public_key, crypto_box_PUBLICKEYBYTES); + new_nonce(handshake + crypto_box_PUBLICKEYBYTES); + + ret = encrypt_data(tcp_s->public_key, f_secret_key, handshake + crypto_box_PUBLICKEYBYTES, handshake_plain, + TCP_HANDSHAKE_PLAIN_SIZE, handshake + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES); + ck_assert_msg(ret == TCP_CLIENT_HANDSHAKE_SIZE - (crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES), + "Encrypt failed."); + ck_assert_msg(send(sock, handshake, TCP_CLIENT_HANDSHAKE_SIZE - 1, 0) == TCP_CLIENT_HANDSHAKE_SIZE - 1, "send Failed."); + do_TCP_server(tcp_s); + c_sleep(50); + ck_assert_msg(send(sock, handshake + (TCP_CLIENT_HANDSHAKE_SIZE - 1), 1, 0) == 1, "send Failed."); + c_sleep(50); + do_TCP_server(tcp_s); + uint8_t response[TCP_SERVER_HANDSHAKE_SIZE]; + uint8_t response_plain[TCP_HANDSHAKE_PLAIN_SIZE]; + ck_assert_msg(recv(sock, response, TCP_SERVER_HANDSHAKE_SIZE, 0) == TCP_SERVER_HANDSHAKE_SIZE, "recv Failed."); + ret = decrypt_data(tcp_s->public_key, f_secret_key, response, response + crypto_box_NONCEBYTES, + TCP_SERVER_HANDSHAKE_SIZE - crypto_box_NONCEBYTES, response_plain); + ck_assert_msg(ret == TCP_HANDSHAKE_PLAIN_SIZE, "Decrypt Failed."); + encrypt_precompute(response_plain, t_secret_key, sec_c->shared_key); + memcpy(sec_c->recv_nonce, response_plain + crypto_box_BEFORENMBYTES, crypto_box_NONCEBYTES); + sec_c->sock = sock; + return sec_c; +} + +int write_packet_TCP_secure_connection(struct sec_TCP_con *con, uint8_t *data, uint16_t length) +{ + uint8_t packet[sizeof(uint16_t) + length + crypto_box_MACBYTES]; + + uint16_t c_length = htons(length + crypto_box_MACBYTES); + memcpy(packet, &c_length, sizeof(uint16_t)); + int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t)); + + if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t))) + return -1; + + increment_nonce(con->sent_nonce); + + ck_assert_msg(send(con->sock, packet, sizeof(packet), 0) == sizeof(packet), "send failed"); + return 0; +} + +int read_packet_sec_TCP(struct sec_TCP_con *con, uint8_t *data, uint16_t length) +{ + int len; + ck_assert_msg((len = recv(con->sock, data, length, 0)) == length, "wrong len %i\n", len); + ck_assert_msg((len = decrypt_data_fast(con->shared_key, con->recv_nonce, data + 2, length - 2, data)) != -1, + "Decrypt failed"); + increment_nonce(con->recv_nonce); + return len; +} + +START_TEST(test_some) +{ + uint8_t self_public_key[crypto_box_PUBLICKEYBYTES]; + uint8_t self_secret_key[crypto_box_SECRETKEYBYTES]; + crypto_box_keypair(self_public_key, self_secret_key); + TCP_Server *tcp_s = new_TCP_server(1, NUM_PORTS, ports, self_public_key, self_secret_key); + ck_assert_msg(tcp_s != NULL, "Failed to create TCP relay server"); + + struct sec_TCP_con *con1 = new_TCP_con(tcp_s); + struct sec_TCP_con *con2 = new_TCP_con(tcp_s); + struct sec_TCP_con *con3 = new_TCP_con(tcp_s); + + uint8_t requ_p[1 + crypto_box_PUBLICKEYBYTES]; + requ_p[0] = 0; + memcpy(requ_p + 1, con3->public_key, crypto_box_PUBLICKEYBYTES); + write_packet_TCP_secure_connection(con1, requ_p, sizeof(requ_p)); + memcpy(requ_p + 1, con1->public_key, crypto_box_PUBLICKEYBYTES); + write_packet_TCP_secure_connection(con3, requ_p, sizeof(requ_p)); + do_TCP_server(tcp_s); + c_sleep(50); + uint8_t data[2048]; + int len = read_packet_sec_TCP(con1, data, 2 + 1 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES); + ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len); + ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]); + ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]); + ck_assert_msg(memcmp(data + 2, con3->public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); + len = read_packet_sec_TCP(con3, data, 2 + 1 + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES); + ck_assert_msg(len == 1 + 1 + crypto_box_PUBLICKEYBYTES, "wrong len %u", len); + ck_assert_msg(data[0] == 1, "wrong packet id %u", data[0]); + ck_assert_msg(data[1] == 16, "connection not refused %u", data[1]); + ck_assert_msg(memcmp(data + 2, con1->public_key, crypto_box_PUBLICKEYBYTES) == 0, "key in packet wrong"); + + uint8_t test_packet[1024] = {16}; + write_packet_TCP_secure_connection(con3, test_packet, sizeof(test_packet)); + do_TCP_server(tcp_s); + c_sleep(50); + len = read_packet_sec_TCP(con1, data, 2 + 2 + crypto_box_MACBYTES); + ck_assert_msg(len == 2, "wrong len %u", len); + ck_assert_msg(data[0] == 2, "wrong packet id %u", data[0]); + ck_assert_msg(data[1] == 16, "wrong peer id %u", data[1]); + len = read_packet_sec_TCP(con1, data, 2 + sizeof(test_packet) + crypto_box_MACBYTES); + ck_assert_msg(len == 1024, "wrong len %u", len); + ck_assert_msg(memcmp(data, test_packet, sizeof(test_packet)) == 0, "packet is wrong"); } END_TEST @@ -97,6 +256,7 @@ Suite *TCP_suite(void) Suite *s = suite_create("TCP"); DEFTESTCASE_SLOW(basic, 5); + DEFTESTCASE_SLOW(some, 10); return s; } diff --git a/toxcore/TCP_server.c b/toxcore/TCP_server.c index 9d0b0d31..620ff51b 100644 --- a/toxcore/TCP_server.c +++ b/toxcore/TCP_server.c @@ -309,6 +309,35 @@ static int read_packet_TCP_secure_connection(TCP_Secure_Connection *con, uint8_t return len; } +/* return 0 if pending data was sent completely + * return -1 if it wasn't + */ +static int send_pending_data(TCP_Secure_Connection *con) +{ + if (con->last_packet_length == 0) { + return 0; + } + + uint16_t left = con->last_packet_length - con->last_packet_sent; + int len = send(con->sock, con->last_packet + con->last_packet_sent, left, 0); + + if (len <= 0) + return -1; + + if (len == left) { + con->last_packet_length = 0; + con->last_packet_sent = 0; + return 0; + } + + if (len > left) + return -1; + + con->last_packet_sent += len; + return -1; + +} + /* return 1 on success. * return 0 if could not send packet. * return -1 on failure (connection must be killed). @@ -318,26 +347,32 @@ static int write_packet_TCP_secure_connection(TCP_Secure_Connection *con, uint8_ if (length + crypto_box_MACBYTES > MAX_PACKET_SIZE) return -1; + if (send_pending_data(con) == -1) + return 0; + uint8_t packet[sizeof(uint16_t) + length + crypto_box_MACBYTES]; - uint16_t c_length = htons(length) + crypto_box_MACBYTES; + uint16_t c_length = htons(length + crypto_box_MACBYTES); memcpy(packet, &c_length, sizeof(uint16_t)); - uint32_t len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t)); + int len = encrypt_data_fast(con->shared_key, con->sent_nonce, data, length, packet + sizeof(uint16_t)); - if (len != (sizeof(packet) - sizeof(uint16_t))) + if ((unsigned int)len != (sizeof(packet) - sizeof(uint16_t))) return -1; increment_nonce(con->sent_nonce); len = send(con->sock, packet, sizeof(packet), 0); - if (len == sizeof(packet)) + if ((unsigned int)len == sizeof(packet)) return 1; if (len <= 0) return 0; - return -1; + memcpy(con->last_packet, packet, length); + con->last_packet_length = sizeof(packet); + con->last_packet_sent = len; + return 1; } /* Kill a TCP_Secure_Connection @@ -368,6 +403,7 @@ static int handle_TCP_handshake(TCP_Secure_Connection *con, uint8_t *data, uint1 if (len != TCP_HANDSHAKE_PLAIN_SIZE) return -1; + memcpy(con->public_key, data, crypto_box_PUBLICKEYBYTES); uint8_t temp_secret_key[crypto_box_SECRETKEYBYTES]; uint8_t resp_plain[TCP_HANDSHAKE_PLAIN_SIZE]; crypto_box_keypair(resp_plain, temp_secret_key); @@ -427,7 +463,7 @@ static int send_routing_response(TCP_Secure_Connection *con, uint8_t rpid, uint8 */ static int send_connect_notification(TCP_Secure_Connection *con, uint8_t id) { - uint8_t data[2] = {TCP_PACKET_CONNECTION_NOTIFICATION, id}; + uint8_t data[2] = {TCP_PACKET_CONNECTION_NOTIFICATION, id + NUM_RESERVED_PORTS}; return write_packet_TCP_secure_connection(con, data, sizeof(data)); } @@ -437,7 +473,7 @@ static int send_connect_notification(TCP_Secure_Connection *con, uint8_t id) */ static int send_disconnect_notification(TCP_Secure_Connection *con, uint8_t id) { - uint8_t data[2] = {TCP_PACKET_DISCONNECT_NOTIFICATION, id}; + uint8_t data[2] = {TCP_PACKET_DISCONNECT_NOTIFICATION, id + NUM_RESERVED_PORTS}; return write_packet_TCP_secure_connection(con, data, sizeof(data)); } @@ -450,6 +486,14 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, uint8 uint32_t index = ~0; TCP_Secure_Connection *con = &TCP_server->accepted_connection_array[con_id]; + /* If person tries to cennect to himself we deny the request*/ + if (memcmp(con->public_key, public_key, crypto_box_PUBLICKEYBYTES) == 0) { + if (send_routing_response(con, 0, public_key) == -1) + return -1; + + return 0; + } + for (i = 0; i < NUM_CLIENT_CONNECTIONS; ++i) { if (con->connections[i].status == 0) { index = i; @@ -464,7 +508,7 @@ static int handle_TCP_routing_req(TCP_Server *TCP_server, uint32_t con_id, uint8 return 0; } - int ret = send_routing_response(con, index, public_key); + int ret = send_routing_response(con, index + NUM_RESERVED_PORTS, public_key); if (ret == 0) return 0; @@ -801,6 +845,7 @@ static void do_TCP_confirmed(TCP_Server *TCP_server) if (conn->status != TCP_STATUS_CONFIRMED) continue; + send_pending_data(conn); uint8_t packet[MAX_PACKET_SIZE]; int len = read_packet_TCP_secure_connection(conn, packet, sizeof(packet)); diff --git a/toxcore/TCP_server.h b/toxcore/TCP_server.h index 22a992de..9bbfbe17 100644 --- a/toxcore/TCP_server.h +++ b/toxcore/TCP_server.h @@ -26,7 +26,7 @@ #define TCP_MAX_BACKLOG MAX_INCOMMING_CONNECTIONS -#define MAX_PACKET_SIZE 8192 +#define MAX_PACKET_SIZE 2048 #define TCP_HANDSHAKE_PLAIN_SIZE (crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES) #define TCP_SERVER_HANDSHAKE_SIZE (crypto_box_NONCEBYTES + TCP_HANDSHAKE_PLAIN_SIZE + crypto_box_MACBYTES) @@ -65,6 +65,9 @@ typedef struct TCP_Secure_Connection { uint32_t index; uint8_t other_id; } connections[NUM_CLIENT_CONNECTIONS]; + uint8_t last_packet[2 + MAX_PACKET_SIZE]; + uint16_t last_packet_length; + uint16_t last_packet_sent; } TCP_Secure_Connection;