d4708
/
opentracker
mirror of git://erdgeist.org/opentracker
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

udp now generates a cryptographically secure token for connecting clients. This is later verified.

dynamic-accesslists
erdgeist 13 years ago
parent
3eeb536a44
commit
37db5f94fa
1 changed files with 53 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 61
      ot_udp.c

61
ot_udp.c
Unescape View File

@ -18,15 +18,40 @@
#include "trackerlogic.h" #include "trackerlogic.h"
#include "ot_udp.h" #include "ot_udp.h"
#include "ot_stats.h" #include "ot_stats.h"
#include "ot_rijndael.h"
static const uint8_t g_static_connid[8] = { 0x23, 0x42, 0x05, 0x17, 0xde, 0x41, 0x50, 0xff }; static const uint8_t g_static_connid[8] = { 0x23, 0x42, 0x05, 0x17, 0xde, 0x41, 0x50, 0xff };
static uint32_t g_rijndael_round_key[44] = {0};
static uint32_t g_key_of_the_hour[2] = {0};
static ot_time g_hour_of_the_key;
static void udp_make_connectionid( uint32_t * connid, const ot_ip6 remoteip ) { static void udp_generate_rijndael_round_key() {
/* Touch unused variable */ uint8_t key[16];
(void)remoteip; key[0] = random(); key[1] = random(); key[2] = random(); key[3] = random();
rijndaelKeySetupEnc128( g_rijndael_round_key, key );
/* Use a static secret for now */ g_key_of_the_hour[0] = random();
memcpy( connid, g_static_connid, 8 ); g_hour_of_the_key = g_now_minutes;
}
/* Generate current and previous connection id for ip */
static void udp_make_connectionid( uint32_t connid[4], const ot_ip6 remoteip ) {
uint32_t plain[4], crypt[4];
int age, i;
if( g_now_minutes + 60 > g_hour_of_the_key ) {
g_hour_of_the_key = g_now_minutes;
g_key_of_the_hour[1] = g_key_of_the_hour[0];
g_key_of_the_hour[0] = random();
}
for( age = 0; age < 1; ++age ) {
memcpy( plain, remoteip, sizeof( plain ) );
for( i=0; i<4; ++i ) plain[i] ^= g_key_of_the_hour[age];
rijndaelEncrypt128( g_rijndael_round_key, (uint8_t*)remoteip, (uint8_t*)crypt );
connid[2*age ] = crypt[0] ^ crypt[1];
connid[2*age+1] = crypt[2] ^ crypt[3];
}
} }
/* UDP implementation according to http://xbtt.sourceforge.net/udp_tracker_protocol.html */ /* UDP implementation according to http://xbtt.sourceforge.net/udp_tracker_protocol.html */
@ -35,6 +60,7 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) {
uint32_t *inpacket = (uint32_t*)ws->inbuf; uint32_t *inpacket = (uint32_t*)ws->inbuf;
uint32_t *outpacket = (uint32_t*)ws->outbuf; uint32_t *outpacket = (uint32_t*)ws->outbuf;
uint32_t numwant, left, event, scopeid; uint32_t numwant, left, event, scopeid;
uint32_t connid[4];
uint16_t port, remoteport; uint16_t port, remoteport;
size_t byte_count, scrape_count; size_t byte_count, scrape_count;
@ -44,13 +70,29 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) {
stats_issue_event( EVENT_ACCEPT, FLAG_UDP, (uintptr_t)remoteip ); stats_issue_event( EVENT_ACCEPT, FLAG_UDP, (uintptr_t)remoteip );
stats_issue_event( EVENT_READ, FLAG_UDP, byte_count ); stats_issue_event( EVENT_READ, FLAG_UDP, byte_count );
/* Minimum udp tracker packet size, also catches error */
if( byte_count < 16 )
return 1;
/* Generate the connection id we give out and expect to and from
the requesting ip address, this prevents udp spoofing */
udp_make_connectionid( connid, remoteip );
/* Initialise hash pointer */ /* Initialise hash pointer */
ws->hash = NULL; ws->hash = NULL;
ws->peer_id = NULL; ws->peer_id = NULL;
/* Minimum udp tracker packet size, also catches error */ /* If action is not a ntohl(a) == a == 0, then we
if( byte_count < 16 ) expect the derived connection id in first 64 bit */
if( inpacket[2] && ( inpacket[0] != connid[0] || inpacket[1] != connid[1] ) &&
( inpacket[0] != connid[2] || inpacket[1] != connid[3] ) ) {
const size_t s = sizeof( "Connection ID missmatch." );
outpacket[0] = 3; outpacket[1] = inpacket[3];
memcpy( &outpacket[2], "Connection ID missmatch.", s );
socket_send6( serversocket, ws->outbuf, 8 + s, remoteip, remoteport, 0 );
stats_issue_event( EVENT_CONNID_MISSMATCH, FLAG_UDP, 8 + s );
return 1; return 1;
}
switch( ntohl( inpacket[2] ) ) { switch( ntohl( inpacket[2] ) ) {
case 0: /* This is a connect action */ case 0: /* This is a connect action */
@ -60,7 +102,8 @@ int handle_udp6( int64 serversocket, struct ot_workstruct *ws ) {
outpacket[0] = 0; outpacket[0] = 0;
outpacket[1] = inpacket[3]; outpacket[1] = inpacket[3];
udp_make_connectionid( outpacket + 2, remoteip ); outpacket[2] = connid[0];
outpacket[3] = connid[1];
socket_send6( serversocket, ws->outbuf, 16, remoteip, remoteport, 0 ); socket_send6( serversocket, ws->outbuf, 16, remoteip, remoteport, 0 );
stats_issue_event( EVENT_CONNECT, FLAG_UDP, 16 ); stats_issue_event( EVENT_CONNECT, FLAG_UDP, 16 );
@ -146,6 +189,8 @@ static void* udp_worker( void * args ) {
void udp_init( int64 sock, unsigned int worker_count ) { void udp_init( int64 sock, unsigned int worker_count ) {
pthread_t thread_id; pthread_t thread_id;
if( !g_rijndael_round_key[0] )
udp_generate_rijndael_round_key();
#ifdef _DEBUG #ifdef _DEBUG
fprintf( stderr, " installing %d workers on udp socket %ld", worker_count, (unsigned long)sock ); fprintf( stderr, " installing %d workers on udp socket %ld", worker_count, (unsigned long)sock );
#endif #endif

Write Preview
Loading…
Cancel
Save