ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ssl support for peer connections.

Browse Source
This commit is contained in:
Arthur Britto
2012-04-28 16:17:38 -07:00
parent 10017b06a2
commit 610c3a2ce3
5 changed files with 75 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/ConnectionPool.cpp
View File

@@ -8,6 +8,8 @@
#include "Application.h"
#include "utils.h"
// XXX On Windows make sure OpenSSL PRNG is seeded: EGADS
ConnectionPool::ConnectionPool() :
iConnecting(0),
mCtx(boost::asio::ssl::context::sslv23)
@@ -17,16 +19,16 @@ ConnectionPool::ConnectionPool() :
| boost::asio::ssl::context::no_sslv2
| boost::asio::ssl::context::single_dh_use);
SSL_CTX_set_cipher_list(mCtx.native_handle(), "ALL:!LOW:!EXP:!MD5:@STRENGTH");
if (1 != SSL_CTX_set_cipher_list(mCtx.native_handle(), theConfig.PEER_SSL_CIPHER_LIST.c_str()))
std::runtime_error("Error setting cipher list (no valid ciphers).");
}
void ConnectionPool::start()
{
// XXX Start running policy.
}
// XXX Broken don't send a message to a peer if we got it from the peer.
// XXX Broken: also don't send a message to a peer if we got it from the peer.
void ConnectionPool::relayMessage(Peer* fromPeer, PackedMessage::pointer msg)
{
BOOST_FOREACH(naPeer pair, mConnectedMap)
@@ -138,18 +140,17 @@ bool ConnectionPool::peerConnected(Peer::pointer peer, const NewcoinAddress& na)
return bSuccess;
}
void ConnectionPool::peerDisconnected(Peer::pointer peer)
void ConnectionPool::peerDisconnected(Peer::pointer peer, const ipPort& ipPeer, const NewcoinAddress& naPeer)
{
std::cerr << "ConnectionPool::peerDisconnected: " << peer->mIpPort.first << " " << peer->mIpPort.second << std::endl;
boost::mutex::scoped_lock sl(mPeerLock);
// XXX Don't access member variable directly.
if (peer->mPublicKey.isValid())
if (naPeer.isValid())
{
boost::unordered_map<NewcoinAddress, Peer::pointer>::iterator itCm;
itCm = mConnectedMap.find(peer->mPublicKey);
itCm = mConnectedMap.find(naPeer);
if (itCm == mConnectedMap.end())
{
@@ -164,16 +165,15 @@ void ConnectionPool::peerDisconnected(Peer::pointer peer)
}
}
// XXX Don't access member variable directly.
boost::unordered_map<ipPort, Peer::pointer>::iterator itIp;
itIp = mIpMap.find(peer->mIpPort);
itIp = mIpMap.find(ipPeer);
if (itIp == mIpMap.end())
{
// Did not find it. Not already connecting or connected.
std::cerr << "Internal Error: peer wasn't connected: "
<< peer->mIpPort.first << " " << peer->mIpPort.second << std::endl;
<< ipPeer.first << " " << ipPeer.second << std::endl;
// XXX Bad error.
}
else

2
src/ConnectionPool.h
View File

@@ -54,7 +54,7 @@ public:
bool peerConnected(Peer::pointer peer, const NewcoinAddress& na);
// No longer connected.
void peerDisconnected(Peer::pointer peer);
void peerDisconnected(Peer::pointer peer, const ipPort& ipPeer, const NewcoinAddress& naPeer);
Json::Value getPeersJson();

86
src/Peer.cpp
View File

@@ -25,9 +25,9 @@ void Peer::handle_write(const boost::system::error_code& error, size_t bytes_tra
{
#ifdef DEBUG
if(error)
std::cout << "Peer::handle_write Error: " << error << " bytes: " << bytes_transferred << std::endl;
std::cerr << "Peer::handle_write Error: " << error << " bytes: " << bytes_transferred << std::endl;
else
std::cout << "Peer::handle_write bytes: "<< bytes_transferred << std::endl;
std::cerr << "Peer::handle_write bytes: "<< bytes_transferred << std::endl;
#endif
mSendingPacket=PackedMessage::pointer();
@@ -55,7 +55,7 @@ void Peer::detach()
// mSocketSsl.close();
if (!mIpPort.first.empty()) {
theApp->getConnectionPool().peerDisconnected(shared_from_this());
theApp->getConnectionPool().peerDisconnected(shared_from_this(), mIpPort, mNodePublic);
mIpPort.first.clear();
}
}
@@ -66,7 +66,7 @@ void Peer::connect(const std::string strIp, int iPort)
{
int iPortAct = iPort < 0 ? SYSTEM_PEER_PORT : iPort;
std::cout << "Peer::connect: " << strIp << " " << iPort << std::endl;
std::cerr << "Peer::connect: " << strIp << " " << iPort << std::endl;
mIpPort = make_pair(strIp, iPort);
boost::asio::ip::tcp::resolver::query query(strIp, boost::lexical_cast<std::string>(iPortAct),
@@ -96,11 +96,15 @@ void Peer::connect(const std::string strIp, int iPort)
}
}
// We have an ecrypted connection to the peer.
// Have it say who it is so we know to avoid redundant connections.
// Establish that it really who we are talking to by having it sign a connection detail.
// XXX Also need to establish no man in the middle attack is in progress.
void Peer::handleStart(const boost::system::error_code& error)
{
if (error)
{
std::cout << "Peer::handleStart: failed:" << error << std::endl;
std::cerr << "Peer::handleStart: failed:" << error << std::endl;
detach();
}
else
@@ -115,19 +119,16 @@ void Peer::handleConnect(const boost::system::error_code& error, boost::asio::ip
{
if (error)
{
std::cout << "Socket Connect failed:" << error << std::endl;
std::cerr << "Socket Connect failed:" << error << std::endl;
detach();
}
else
{
std::cout << "Socket Connected." << std::endl;
std::cerr << "Socket Connected." << std::endl;
mSocketSsl.lowest_layer().set_option(boost::asio::ip::tcp::no_delay(true));
mSocketSsl.set_verify_mode(boost::asio::ssl::verify_none);
// XXX Do what?
// mSocketSsl.set_verify_callback(boost::asio::ssl::rfc2818_verification(mDeqSites[0]), mShutdown);
mSocketSsl.async_handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket>::client,
boost::bind(&Peer::handleStart,
shared_from_this(),
@@ -145,24 +146,24 @@ void Peer::connected(const boost::system::error_code& error)
if (iPort == SYSTEM_PEER_PORT)
iPort = -1;
std::cout << "Remote peer: accept: " << strIp << " " << iPort << std::endl;
std::cerr << "Remote peer: accept: " << strIp << " " << iPort << std::endl;
if (error)
{
std::cout << "Remote peer: accept error: " << error << std::endl;
std::cerr << "Remote peer: accept error: " << error << std::endl;
detach();
}
else if (!theApp->getConnectionPool().peerRegister(shared_from_this(), strIp, iPort))
{
std::cout << "Remote peer: rejecting." << std::endl;
std::cerr << "Remote peer: rejecting." << std::endl;
// XXX Reject with a rejection message: already connected
detach();
}
else
{
// Not redundant, add to connection list.
// Not redundant ip and port, add to connection list.
std::cout << "Remote peer: accepted." << std::endl;
std::cerr << "Remote peer: accepted." << std::endl;
//BOOST_LOG_TRIVIAL(info) << "Connected to Peer.";
mIpPort = make_pair(strIp, iPort);
@@ -170,9 +171,6 @@ void Peer::connected(const boost::system::error_code& error)
mSocketSsl.lowest_layer().set_option(boost::asio::ip::tcp::no_delay(true));
mSocketSsl.set_verify_mode(boost::asio::ssl::verify_none);
// XXX Do what?
// mSocketSsl.set_verify_callback(boost::asio::ssl::rfc2818_verification(mDeqSites[0]), mShutdown);
mSocketSsl.async_handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket>::server,
boost::bind(&Peer::handleStart,
shared_from_this(),
@@ -242,7 +240,7 @@ void Peer::handle_read_header(const boost::system::error_code& error)
else
{
detach();
std::cout << "Peer::handle_read_header: Error: " << error << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
std::cerr << "Peer::handle_read_header: Error: " << error << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
}
}
@@ -256,7 +254,7 @@ void Peer::handle_read_body(const boost::system::error_code& error)
else
{
detach();
std::cout << "Peer::handle_read_body: Error: " << error << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
std::cerr << "Peer::handle_read_body: Error: " << error << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
}
}
@@ -283,7 +281,7 @@ void Peer::processReadBuffer()
newcoin::TMHello msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvHello(msg);
else std::cout << "parse error: " << type << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
else std::cerr << "parse error: " << type << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
}
break;
@@ -292,7 +290,7 @@ void Peer::processReadBuffer()
newcoin::TMErrorMsg msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvErrorMessage(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -301,7 +299,7 @@ void Peer::processReadBuffer()
newcoin::TMPing msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvPing(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -310,7 +308,7 @@ void Peer::processReadBuffer()
newcoin::TMGetContacts msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvGetContacts(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -319,7 +317,7 @@ void Peer::processReadBuffer()
newcoin::TMContact msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvContact(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -328,7 +326,7 @@ void Peer::processReadBuffer()
newcoin::TMSearchTransaction msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvSearchTransaction(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -337,7 +335,7 @@ void Peer::processReadBuffer()
newcoin::TMGetAccount msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvGetAccount(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -346,7 +344,7 @@ void Peer::processReadBuffer()
newcoin::TMAccount msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvAccount(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -355,7 +353,7 @@ void Peer::processReadBuffer()
newcoin::TMTransaction msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvTransaction(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -364,7 +362,7 @@ void Peer::processReadBuffer()
newcoin::TMGetLedger msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvGetLedger(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -373,7 +371,7 @@ void Peer::processReadBuffer()
newcoin::TMLedgerData msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvLedger(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -383,7 +381,7 @@ void Peer::processReadBuffer()
newcoin::TM msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recv(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -392,7 +390,7 @@ void Peer::processReadBuffer()
newcoin::TM msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recv(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -401,7 +399,7 @@ void Peer::processReadBuffer()
newcoin::TM msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recv(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -410,7 +408,7 @@ void Peer::processReadBuffer()
newcoin::TM msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recv(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
#endif
@@ -419,7 +417,7 @@ void Peer::processReadBuffer()
newcoin::TMGetObjectByHash msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvGetObjectByHash(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
@@ -428,12 +426,12 @@ void Peer::processReadBuffer()
newcoin::TMObjectByHash msg;
if(msg.ParseFromArray(&mReadbuf[HEADER_SIZE], mReadbuf.size() - HEADER_SIZE))
recvObjectByHash(msg);
else std::cout << "pars error: " << type << std::endl;
else std::cerr << "parse error: " << type << std::endl;
}
break;
default:
std::cout << "Unknown Msg: " << type << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
std::cerr << "Unknown Msg: " << type << std::endl; //else BOOST_LOG_TRIVIAL(info) << "Error: " << error;
}
}
}
@@ -447,15 +445,15 @@ void Peer::recvHello(newcoin::TMHello& packet)
#endif
bool bDetach = true;
if (mPublicKey.isValid())
if (mNodePublic.isValid())
{
std::cerr << "Recv(Hello): Disconnect: Extraneous node public key." << std::endl;
}
else if (!mPublicKey.setNodePublic(packet.nodepublic()))
else if (!mNodePublic.setNodePublic(packet.nodepublic()))
{
std::cerr << "Recv(Hello): Disconnect: Bad node public key." << std::endl;
}
else if (!theApp->getConnectionPool().peerConnected(shared_from_this(), mPublicKey))
else if (!theApp->getConnectionPool().peerConnected(shared_from_this(), mNodePublic))
{
// Already connected, self, or some other reason.
std::cerr << "Recv(Hello): Disconnect: Extraneous connection." << std::endl;
@@ -470,7 +468,7 @@ void Peer::recvHello(newcoin::TMHello& packet)
if (bDetach)
{
mPublicKey.clear();
mNodePublic.clear();
detach();
}
}
@@ -700,7 +698,7 @@ Json::Value Peer::getJson() {
ret["ip"] = mIpPort.first;
ret["port"] = mIpPort.second;
ret["public_key"] = mPublicKey.ToString();
ret["public_key"] = mNodePublic.ToString();
return ret;
}
@@ -825,7 +823,7 @@ void Peer::receiveTransaction(TransactionPtr trans)
}
else
{
std::cout << "Invalid transaction: " << trans->from() << std::endl;
std::cerr << "Invalid transaction: " << trans->from() << std::endl;
}
}

2
src/Peer.h
View File

@@ -28,7 +28,7 @@ public:
static const int psbGotHello=0, psbSentHello=1, psbInMap=2, psbTrusted=3;
static const int psbNoLedgers=4, psbNoTransactions=5, psbDownLevel=6;
NewcoinAddress mPublicKey; // Node public key of peer.
NewcoinAddress mNodePublic; // Node public key of peer.
ipPort mIpPort;
void handleConnect(const boost::system::error_code& error, boost::asio::ip::tcp::resolver::iterator it);

29
src/PeerDoor.cpp
View File

@@ -14,23 +14,35 @@ using namespace std;
using namespace boost::asio::ip;
// Generate DH for SSL connection.
static DH* handleTmpDh(SSL* ssl, int is_export, int keylength)
static DH* handleTmpDh(SSL* ssl, int is_export, int iKeyLength)
{
// We don't care if for export or what length was requested. Always do 512.
static DH* mDh512 = 0;
// We don't care if for export.
static DH* sdh512 = 0;
static DH* sdh1024 = 0;
if (!mDh512)
if (!sdh512 && 512 == iKeyLength)
{
int iCodes;
do {
mDh512 = DH_generate_parameters(512, DH_GENERATOR_5, NULL, NULL);
sdh512 = DH_generate_parameters(512, DH_GENERATOR_5, NULL, NULL);
iCodes = 0;
DH_check(mDh512, &iCodes);
DH_check(sdh512, &iCodes);
} while (iCodes & (DH_CHECK_P_NOT_PRIME|DH_CHECK_P_NOT_SAFE_PRIME|DH_UNABLE_TO_CHECK_GENERATOR|DH_NOT_SUITABLE_GENERATOR));
}
return mDh512;
if (!sdh1024 && 512 != iKeyLength)
{
int iCodes;
do {
sdh1024 = DH_generate_parameters(1024, DH_GENERATOR_5, NULL, NULL);
iCodes = 0;
DH_check(sdh1024, &iCodes);
} while (iCodes & (DH_CHECK_P_NOT_PRIME|DH_CHECK_P_NOT_SAFE_PRIME|DH_UNABLE_TO_CHECK_GENERATOR|DH_NOT_SUITABLE_GENERATOR));
}
return 512 == iKeyLength ? sdh512 : sdh1024;
}
PeerDoor::PeerDoor(boost::asio::io_service& io_service) :
@@ -43,7 +55,8 @@ PeerDoor::PeerDoor(boost::asio::io_service& io_service) :
| boost::asio::ssl::context::single_dh_use);
SSL_CTX_set_tmp_dh_callback(mCtx.native_handle(), handleTmpDh);
SSL_CTX_set_cipher_list(mCtx.native_handle(), "ALL:!LOW:!EXP:!MD5:@STRENGTH");
if (1 != SSL_CTX_set_cipher_list(mCtx.native_handle(), theConfig.PEER_SSL_CIPHER_LIST.c_str()))
std::runtime_error("Error setting cipher list (no valid ciphers).");
cerr << "Peer port: " << theConfig.PEER_IP << " " << theConfig.PEER_PORT << endl;