diff --git a/commandline.c b/commandline.c index 105635e0..6c36ada9 100644 --- a/commandline.c +++ b/commandline.c @@ -398,7 +398,7 @@ int app_mdp_ping(int argc,char **argv,struct command_line_option *o) while(1) { /* Now send the ping packets */ - mdp.packetTypeAndFlags=MDP_TX; + mdp.packetTypeAndFlags=MDP_TX|MDP_NOCRYPT|MDP_NOSIGN; /* Set destination to broadcast */ for(i=0;iout.dst.sid[i]!=0xff) broadcast=0; + + /* broadcast packets cannot be encrypted, so complain if MDP_NOCRYPT + flag is not set. Also, MDP_NOSIGN must also be applied, until + NaCl cryptobox keys can be used for signing. */ + if (broadcast) { + printf("flags=0x%x, target=0x%x\n", + mdp->packetTypeAndFlags,MDP_NOCRYPT|MDP_NOSIGN); + if ((mdp->packetTypeAndFlags&(MDP_NOCRYPT|MDP_NOSIGN)) + !=(MDP_NOCRYPT|MDP_NOSIGN)) + return overlay_mdp_reply_error(mdp_named_socket, + recvaddr_un,recvaddrlen,5, + "Broadcast packets cannot be encrypted " + "or signed (signing will be possible in" + " a future version)."); + } + + /* Prepare the overlay frame for dispatch */ + struct overlay_frame *frame; + frame=calloc(sizeof(overlay_frame),1); + if (!frame) return WHY("calloc() failed to allocate overlay frame"); + frame->type=OF_TYPE_DATA; + + /* Work out the disposition of the frame. For now we are only worried + about the crypto matters, and not compression that may be applied + before encryption (since applying it after is useless as ciphered + text should have maximum entropy). */ + switch(mdp->packetTypeAndFlags&(MDP_NOCRYPT|MDP_NOSIGN)) { + case 0: /* crypted and signed (using CryptBox authcryption primitive) */ + frame->modifiers=OF_CRYPTO_SIGNED|OF_CRYPTO_CIPHERED; break; + case MDP_NOSIGN: + /* ciphered, but not signed. + This means we don't use CryptoBox, but rather a more compact means + of representing the ciphered stream segment. + */ + frame->modifiers=OF_CRYPTO_CIPHERED; break; + case MDP_NOCRYPT: + /* clear text, but signed (need to think about how to implement this + while NaCl cannot sign using CryptoBox keys. We could use a + CryptoSign key, and allow queries as to the authenticity of said key + via authcrypted channel between the parties. */ + frame->modifiers=OF_CRYPTO_SIGNED; break; + case MDP_NOSIGN|MDP_NOCRYPT: /* clear text and no signature */ + frame->modifiers=0; break; + } + frame->ttl=64; /* normal TTL (XXX allow setting this would be a good idea) */ + /* set source to ourselves + XXX should eventually honour binding, which should allow choosing which + local identity. This will be required for openbts integration/SIP:MSIP + gateways etc. */ + overlay_frame_set_me_as_source(frame); + + /* Set destination address */ + if (broadcast) + overlay_frame_set_broadcast_as_destination(frame); + else{ + bcopy(&mdp->out.dst.sid[0],frame->destination,SID_SIZE); + frame->destination_address_status=OA_RESOLVED; + } + + if (overlay_payload_enqueue(OQ_ORDINARY,frame)) + { + if (frame) op_free(frame); + return WHY("Error enqueuing frame"); + } + + WHY("Not implemented"); + overlay_mdp_reply_error(mdp_named_socket,recvaddr_un,recvaddrlen, + 1,"Sending MDP packets not implemented"); + op_free(frame); + } break; case MDP_BIND: /* Bind to port */ return overlay_mdp_process_bind_request(mdp_named_socket,mdp, @@ -297,7 +368,7 @@ int overlay_mdp_dispatch(overlay_mdp_frame *mdp,int flags,int timeout_ms) /* Minimise frame length to save work and prevent accidental disclosure of memory contents. */ - switch(mdp->packetTypeAndFlags) + switch(mdp->packetTypeAndFlags&MDP_TYPE_MASK) { case MDP_TX: len=4+sizeof(mdp->out)+mdp->out.payload_length; break; case MDP_RX: len=4+sizeof(mdp->in)+mdp->out.payload_length; break; diff --git a/overlay_payload.c b/overlay_payload.c index d383a918..a7383629 100644 --- a/overlay_payload.c +++ b/overlay_payload.c @@ -225,6 +225,15 @@ int overlay_frame_set_neighbour_as_destination(overlay_frame *f,overlay_neighbou return 0; } +int overlay_frame_set_broadcast_as_destination(overlay_frame *f) +{ + overlay_broadcast_generate_address(f->destination); + f->destination_address_status=OA_RESOLVED; + + return 0; +} + + unsigned char *overlay_get_my_sid() { diff --git a/serval.h b/serval.h index f3f90e52..02b53bc1 100644 --- a/serval.h +++ b/serval.h @@ -732,8 +732,10 @@ extern unsigned char *overlay_local_identities[OVERLAY_MAX_LOCAL_IDENTITIES]; #define OF_CRYPTO_BITS 0x0c #define OF_CRYPTO_NONE 0x00 #define OF_CRYPTO_CIPHERED 0x04 /* Encrypted frame */ -#define OF_CRYPTO_SIGNED 0x08 /* Encrypted and Digitally signed frame */ -#define OF_CRYPTO_PARANOID 0x0c /* Encrypted and digitally signed frame, with final destination address also encrypted. */ +#define OF_CRYPTO_SIGNED 0x08 /* signed frame */ +/* The following was previously considered, but is not being implemented at this + time. + #define OF_CRYPTO_PARANOID 0x0c Encrypted and digitally signed frame, with final destination address also encrypted. */ /* Data compression */ #define OF_COMPRESS_BITS 0x03 @@ -869,6 +871,8 @@ unsigned char *overlay_get_my_sid(); int overlay_frame_set_me_as_source(overlay_frame *f); int overlay_frame_set_neighbour_as_source(overlay_frame *f,overlay_neighbour *n); int overlay_frame_set_neighbour_as_destination(overlay_frame *f,overlay_neighbour *n); +int overlay_frame_set_broadcast_as_destination(overlay_frame *f); +int overlay_broadcast_generate_address(unsigned char *a); int overlay_update_sequence_number(); int packetEncipher(unsigned char *packet,int maxlen,int *len,int cryptoflags); int overlayServerMode(); @@ -993,6 +997,8 @@ typedef struct sockaddr_mdp { #define MDP_TYPE_MASK 0xff #define MDP_FLAG_MASK 0xff00 #define MDP_FORCE 0x0100 +#define MDP_NOCRYPT 0x0200 +#define MDP_NOSIGN 0x0400 #define MDP_TX 1 typedef struct overlay_mdp_outgoing_frame { sockaddr_mdp dst;