2013-07-28 17:06:28 +02:00
|
|
|
/*
|
|
|
|
|
|
|
|
Copyright (c) 2013, Arvid Norberg
|
|
|
|
All rights reserved.
|
|
|
|
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
|
|
modification, are permitted provided that the following conditions
|
|
|
|
are met:
|
|
|
|
|
|
|
|
* Redistributions of source code must retain the above copyright
|
|
|
|
notice, this list of conditions and the following disclaimer.
|
|
|
|
* Redistributions in binary form must reproduce the above copyright
|
|
|
|
notice, this list of conditions and the following disclaimer in
|
|
|
|
the documentation and/or other materials provided with the distribution.
|
|
|
|
* Neither the name of the author nor the names of its
|
|
|
|
contributors may be used to endorse or promote products derived
|
|
|
|
from this software without specific prior written permission.
|
|
|
|
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
|
|
|
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "libtorrent/session.hpp"
|
|
|
|
#include "libtorrent/alert_types.hpp"
|
2017-04-11 06:52:46 +02:00
|
|
|
#include "libtorrent/aux_/path.hpp"
|
2015-09-06 02:58:15 +02:00
|
|
|
#include "libtorrent/session_status.hpp"
|
2015-09-18 06:23:45 +02:00
|
|
|
#include "libtorrent/torrent_info.hpp"
|
2017-02-14 03:56:20 +01:00
|
|
|
#include "libtorrent/hex.hpp" // for to_hex
|
2016-07-02 06:41:48 +02:00
|
|
|
#include "libtorrent/time.hpp"
|
2013-07-28 17:06:28 +02:00
|
|
|
|
|
|
|
#include "test.hpp"
|
2015-05-11 07:30:59 +02:00
|
|
|
#include "test_utils.hpp"
|
2013-07-28 17:06:28 +02:00
|
|
|
#include "setup_transfer.hpp"
|
2015-10-17 16:02:37 +02:00
|
|
|
|
|
|
|
#include "libtorrent/aux_/disable_warnings_push.hpp"
|
|
|
|
|
2013-12-15 22:10:45 +01:00
|
|
|
#include <boost/asio/connect.hpp>
|
2013-07-28 17:06:28 +02:00
|
|
|
|
2013-08-12 05:31:44 +02:00
|
|
|
#ifdef TORRENT_USE_OPENSSL
|
2013-12-15 22:10:45 +01:00
|
|
|
#include <boost/asio/ssl.hpp>
|
2013-08-12 05:31:44 +02:00
|
|
|
|
2015-10-17 16:02:37 +02:00
|
|
|
#include "libtorrent/aux_/disable_warnings_pop.hpp"
|
|
|
|
|
2016-05-25 06:31:52 +02:00
|
|
|
#include <functional>
|
2016-06-20 17:32:06 +02:00
|
|
|
#include <tuple>
|
2016-05-25 06:31:52 +02:00
|
|
|
#include <fstream>
|
|
|
|
#include <iostream>
|
|
|
|
|
|
|
|
using namespace std::placeholders;
|
2017-04-12 20:05:53 +02:00
|
|
|
using namespace lt;
|
2016-06-20 17:32:06 +02:00
|
|
|
using std::ignore;
|
2013-07-28 17:06:28 +02:00
|
|
|
|
|
|
|
int const alert_mask = alert::all_categories
|
|
|
|
& ~alert::progress_notification
|
|
|
|
& ~alert::stats_notification;
|
|
|
|
|
|
|
|
struct test_config_t
|
|
|
|
{
|
|
|
|
char const* name;
|
|
|
|
bool use_ssl_ports;
|
|
|
|
bool seed_has_cert;
|
|
|
|
bool downloader_has_cert;
|
2015-01-06 09:16:03 +01:00
|
|
|
bool downloader_has_ssl_listen_port;
|
2013-07-28 17:06:28 +02:00
|
|
|
bool expected_to_complete;
|
2013-08-12 05:31:44 +02:00
|
|
|
int peer_errors;
|
|
|
|
int ssl_disconnects;
|
2013-07-28 17:06:28 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
test_config_t test_config[] =
|
|
|
|
{
|
2015-01-06 09:16:03 +01:00
|
|
|
// name sslport sd-cert dl-cert dl-port expect peer-error ssl-disconn
|
|
|
|
{"nobody has a cert (connect to regular port)", false, false, false, true, false, 0, 1},
|
|
|
|
{"nobody has a cert (connect to ssl port)", true, false, false, true, false, 1, 1},
|
|
|
|
{"seed has a cert, but not downloader (connect to regular port)", false, true, false, true, false, 0, 1},
|
|
|
|
{"seed has a cert, but not downloader (connect to ssl port)", true, true, false, true, false, 1, 1},
|
|
|
|
{"downloader has a cert, but not seed (connect to regular port)", false, false, true, true, false, 0, 1},
|
|
|
|
{"downloader has a cert, but not seed (connect to ssl port)", true, false, true, true, false, 1, 1},
|
|
|
|
{"both downloader and seed has a cert (connect to regular port)", false, true, true, true, false, 0, 1},
|
|
|
|
{"both downloader and seed has a cert (connect to ssl port)", true, true, true, true, true, 0, 0},
|
|
|
|
// there is a disconnect (or failed connection attempt), that's not a peer
|
|
|
|
// error though, so both counters stay 0
|
|
|
|
{"both downloader and seed has a cert (downloader has no SSL port)", true, true, true, false, false, 0, 0},
|
2013-07-28 17:06:28 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
int peer_disconnects = 0;
|
2013-08-12 05:31:44 +02:00
|
|
|
int peer_errors = 0;
|
|
|
|
int ssl_peer_disconnects = 0;
|
2013-07-28 17:06:28 +02:00
|
|
|
|
2015-04-04 15:31:33 +02:00
|
|
|
bool on_alert(alert const* a)
|
2013-07-28 17:06:28 +02:00
|
|
|
{
|
2015-04-04 20:03:55 +02:00
|
|
|
if (peer_disconnected_alert const* e = alert_cast<peer_disconnected_alert>(a))
|
2014-10-06 05:03:01 +02:00
|
|
|
{
|
2013-07-28 17:06:28 +02:00
|
|
|
++peer_disconnects;
|
2016-02-08 08:01:25 +01:00
|
|
|
if (strcmp(e->error.category().name(), boost::asio::error::get_ssl_category().name()) == 0)
|
2014-10-06 05:03:01 +02:00
|
|
|
++ssl_peer_disconnects;
|
2016-02-08 08:01:25 +01:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("--- peer_errors: %d ssl_disconnects: %d\n"
|
2016-02-08 08:01:25 +01:00
|
|
|
, peer_errors, ssl_peer_disconnects);
|
2014-10-06 05:03:01 +02:00
|
|
|
}
|
|
|
|
|
2015-04-04 20:03:55 +02:00
|
|
|
if (peer_error_alert const* e = alert_cast<peer_error_alert>(a))
|
2013-08-12 05:31:44 +02:00
|
|
|
{
|
2013-08-02 03:12:27 +02:00
|
|
|
++peer_disconnects;
|
2013-08-12 05:31:44 +02:00
|
|
|
++peer_errors;
|
|
|
|
|
2016-02-08 08:01:25 +01:00
|
|
|
if (strcmp(e->error.category().name(), boost::asio::error::get_ssl_category().name()) == 0)
|
2013-08-12 05:31:44 +02:00
|
|
|
++ssl_peer_disconnects;
|
2016-02-08 08:01:25 +01:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("--- peer_errors: %d ssl_disconnects: %d\n"
|
2016-02-08 08:01:25 +01:00
|
|
|
, peer_errors, ssl_peer_disconnects);
|
2013-08-12 05:31:44 +02:00
|
|
|
}
|
2013-07-28 17:06:28 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-08-31 22:19:03 +02:00
|
|
|
void test_ssl(int test_idx, bool use_utp)
|
2013-07-28 17:06:28 +02:00
|
|
|
{
|
2013-08-31 22:19:03 +02:00
|
|
|
// these are declared before the session objects
|
|
|
|
// so that they are destructed last. This enables
|
|
|
|
// the sessions to destruct in parallel
|
|
|
|
session_proxy p1;
|
|
|
|
session_proxy p2;
|
|
|
|
|
2013-07-28 17:06:28 +02:00
|
|
|
test_config_t const& test = test_config[test_idx];
|
|
|
|
|
2016-11-12 19:50:49 +01:00
|
|
|
std::printf("\n%s TEST: %s Protocol: %s\n\n", time_now_string()
|
|
|
|
, test.name, use_utp ? "uTP": "TCP");
|
2013-07-28 17:06:28 +02:00
|
|
|
|
|
|
|
// in case the previous run was terminated
|
|
|
|
error_code ec;
|
|
|
|
remove_all("tmp1_ssl", ec);
|
|
|
|
remove_all("tmp2_ssl", ec);
|
|
|
|
|
2016-02-08 08:01:25 +01:00
|
|
|
int port = 1024 + rand() % 50000;
|
2014-07-06 21:18:00 +02:00
|
|
|
settings_pack sett;
|
|
|
|
sett.set_int(settings_pack::alert_mask, alert_mask);
|
|
|
|
sett.set_int(settings_pack::max_retry_port_bind, 100);
|
2016-02-08 08:01:25 +01:00
|
|
|
|
|
|
|
char listen_iface[100];
|
2016-05-17 15:24:06 +02:00
|
|
|
std::snprintf(listen_iface, sizeof(listen_iface), "0.0.0.0:%ds", port);
|
2016-02-08 08:01:25 +01:00
|
|
|
sett.set_str(settings_pack::listen_interfaces, listen_iface);
|
2014-07-06 21:18:00 +02:00
|
|
|
sett.set_bool(settings_pack::enable_incoming_utp, use_utp);
|
|
|
|
sett.set_bool(settings_pack::enable_outgoing_utp, use_utp);
|
|
|
|
sett.set_bool(settings_pack::enable_incoming_tcp, !use_utp);
|
|
|
|
sett.set_bool(settings_pack::enable_outgoing_tcp, !use_utp);
|
|
|
|
sett.set_bool(settings_pack::enable_dht, false);
|
|
|
|
sett.set_bool(settings_pack::enable_lsd, false);
|
|
|
|
sett.set_bool(settings_pack::enable_upnp, false);
|
|
|
|
sett.set_bool(settings_pack::enable_natpmp, false);
|
2015-09-06 02:58:15 +02:00
|
|
|
// if a peer fails once, don't try it again
|
2015-01-06 09:16:03 +01:00
|
|
|
sett.set_int(settings_pack::max_failcount, 1);
|
2014-07-06 21:18:00 +02:00
|
|
|
|
2017-07-27 22:26:12 +02:00
|
|
|
lt::session ses1(sett, {});
|
2014-07-06 21:18:00 +02:00
|
|
|
|
2016-02-08 08:01:25 +01:00
|
|
|
// this +20 is here to use a different port as ses1
|
|
|
|
port += 20;
|
|
|
|
|
|
|
|
// the +20 below is the port we use for non-SSL connections
|
2015-01-06 09:16:03 +01:00
|
|
|
if (test.downloader_has_ssl_listen_port)
|
2016-05-17 15:24:06 +02:00
|
|
|
std::snprintf(listen_iface, sizeof(listen_iface), "0.0.0.0:%d,0.0.0.0:%ds", port + 20, port);
|
2015-01-06 09:16:03 +01:00
|
|
|
else
|
2016-05-17 15:24:06 +02:00
|
|
|
std::snprintf(listen_iface, sizeof(listen_iface), "0.0.0.0:%d", port + 20);
|
2016-02-08 08:01:25 +01:00
|
|
|
|
|
|
|
sett.set_str(settings_pack::listen_interfaces, listen_iface);
|
2014-07-06 21:18:00 +02:00
|
|
|
|
2017-07-27 22:26:12 +02:00
|
|
|
lt::session ses2(sett, {});
|
2013-07-28 17:06:28 +02:00
|
|
|
|
2013-08-18 00:29:34 +02:00
|
|
|
wait_for_listen(ses1, "ses1");
|
|
|
|
wait_for_listen(ses2, "ses2");
|
|
|
|
|
2013-07-28 17:06:28 +02:00
|
|
|
torrent_handle tor1;
|
|
|
|
torrent_handle tor2;
|
|
|
|
|
|
|
|
create_directory("tmp1_ssl", ec);
|
|
|
|
std::ofstream file("tmp1_ssl/temporary");
|
2016-08-17 23:26:35 +02:00
|
|
|
std::shared_ptr<torrent_info> t = ::create_torrent(&file, "temporary"
|
2014-01-08 07:18:57 +01:00
|
|
|
, 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem")));
|
2013-07-28 17:06:28 +02:00
|
|
|
file.close();
|
|
|
|
|
|
|
|
add_torrent_params addp;
|
2014-01-20 02:01:03 +01:00
|
|
|
addp.save_path = "tmp1_ssl";
|
2017-07-09 16:32:01 +02:00
|
|
|
addp.flags &= ~torrent_flags::paused;
|
|
|
|
addp.flags &= ~torrent_flags::auto_managed;
|
2013-07-28 17:06:28 +02:00
|
|
|
|
|
|
|
peer_disconnects = 0;
|
2013-08-12 05:31:44 +02:00
|
|
|
ssl_peer_disconnects = 0;
|
|
|
|
peer_errors = 0;
|
2013-07-28 17:06:28 +02:00
|
|
|
|
2016-07-10 20:27:42 +02:00
|
|
|
std::tie(tor1, tor2, ignore) = setup_transfer(&ses1, &ses2, nullptr
|
2014-10-06 05:03:01 +02:00
|
|
|
, true, false, false, "_ssl", 16 * 1024, &t, false, &addp, true);
|
2013-07-28 17:06:28 +02:00
|
|
|
|
|
|
|
if (test.seed_has_cert)
|
|
|
|
{
|
2013-07-29 11:26:05 +02:00
|
|
|
tor1.set_ssl_certificate(
|
|
|
|
combine_path("..", combine_path("ssl", "peer_certificate.pem"))
|
|
|
|
, combine_path("..", combine_path("ssl", "peer_private_key.pem"))
|
|
|
|
, combine_path("..", combine_path("ssl", "dhparams.pem"))
|
2013-07-28 17:06:28 +02:00
|
|
|
, "test");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (test.downloader_has_cert)
|
|
|
|
{
|
2013-07-29 11:26:05 +02:00
|
|
|
tor2.set_ssl_certificate(
|
|
|
|
combine_path("..", combine_path("ssl", "peer_certificate.pem"))
|
|
|
|
, combine_path("..", combine_path("ssl", "peer_private_key.pem"))
|
|
|
|
, combine_path("..", combine_path("ssl", "dhparams.pem"))
|
2013-07-28 17:06:28 +02:00
|
|
|
, "test");
|
|
|
|
}
|
|
|
|
|
2014-10-06 05:03:01 +02:00
|
|
|
// make sure they've taken effect
|
|
|
|
if (test.downloader_has_cert || test.seed_has_cert)
|
2015-09-06 02:58:15 +02:00
|
|
|
{
|
|
|
|
// this will cause a round-trip to the main thread, and make sure the
|
|
|
|
// previous async. calls have completed
|
2016-02-24 08:07:27 +01:00
|
|
|
ses1.listen_port();
|
|
|
|
ses2.listen_port();
|
2015-09-06 02:58:15 +02:00
|
|
|
}
|
2014-10-06 05:03:01 +02:00
|
|
|
|
2016-02-10 08:09:12 +01:00
|
|
|
wait_for_alert(ses1, torrent_finished_alert::alert_type, "ses1");
|
|
|
|
wait_for_downloading(ses2, "ses2");
|
|
|
|
|
2014-10-06 05:03:01 +02:00
|
|
|
// connect the peers after setting the certificates
|
2016-02-08 08:01:25 +01:00
|
|
|
if (test.use_ssl_ports == false) port += 20;
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("\n\n%s: ses1: connecting peer port: %d\n\n\n"
|
2015-05-11 07:30:59 +02:00
|
|
|
, time_now_string(), port);
|
2014-10-06 05:03:01 +02:00
|
|
|
tor1.connect_peer(tcp::endpoint(address::from_string("127.0.0.1", ec)
|
|
|
|
, port));
|
|
|
|
|
2013-10-14 10:15:08 +02:00
|
|
|
const int timeout = 40;
|
2013-10-14 10:34:22 +02:00
|
|
|
for (int i = 0; i < timeout; ++i)
|
2013-07-28 17:06:28 +02:00
|
|
|
{
|
2017-04-02 20:22:17 +02:00
|
|
|
print_alerts(ses1, "ses1", true, true, &on_alert);
|
|
|
|
print_alerts(ses2, "ses2", true, true, &on_alert);
|
2013-07-28 17:06:28 +02:00
|
|
|
|
|
|
|
torrent_status st1 = tor1.status();
|
|
|
|
torrent_status st2 = tor2.status();
|
|
|
|
|
|
|
|
if (i % 10 == 0)
|
|
|
|
{
|
2017-01-02 16:16:33 +01:00
|
|
|
std::cout << time_now_string() << " "
|
2013-07-28 17:06:28 +02:00
|
|
|
<< "\033[32m" << int(st1.download_payload_rate / 1000.f) << "kB/s "
|
|
|
|
<< "\033[33m" << int(st1.upload_payload_rate / 1000.f) << "kB/s "
|
|
|
|
<< "\033[0m" << int(st1.progress * 100) << "% "
|
|
|
|
<< st1.num_peers
|
|
|
|
<< ": "
|
|
|
|
<< "\033[32m" << int(st2.download_payload_rate / 1000.f) << "kB/s "
|
|
|
|
<< "\033[31m" << int(st2.upload_payload_rate / 1000.f) << "kB/s "
|
|
|
|
<< "\033[0m" << int(st2.progress * 100) << "% "
|
|
|
|
<< st2.num_peers
|
|
|
|
<< " cc: " << st2.connect_candidates
|
|
|
|
<< std::endl;
|
|
|
|
}
|
|
|
|
|
2013-10-14 10:15:08 +02:00
|
|
|
if (peer_disconnects >= 2)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("too many disconnects (%d), breaking\n", peer_disconnects);
|
2013-10-14 10:15:08 +02:00
|
|
|
break;
|
|
|
|
}
|
2013-07-28 17:06:28 +02:00
|
|
|
|
|
|
|
if (st2.is_finished) break;
|
|
|
|
|
|
|
|
if (st2.state != torrent_status::downloading)
|
|
|
|
{
|
2016-02-10 08:09:12 +01:00
|
|
|
static char const* state_str[] =
|
2013-07-28 17:06:28 +02:00
|
|
|
{"checking (q)", "checking", "dl metadata"
|
|
|
|
, "downloading", "finished", "seeding", "allocating", "checking (r)"};
|
2017-01-02 16:16:33 +01:00
|
|
|
std::cout << "st2 state: " << state_str[st2.state] << std::endl;
|
2013-07-28 17:06:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_CHECK(st1.state == torrent_status::seeding
|
|
|
|
|| st1.state == torrent_status::checking_files);
|
2013-07-30 06:30:19 +02:00
|
|
|
TEST_CHECK(st2.state == torrent_status::downloading
|
2013-07-30 09:13:12 +02:00
|
|
|
|| st2.state == torrent_status::checking_resume_data);
|
2013-07-28 17:06:28 +02:00
|
|
|
|
2016-06-26 15:24:06 +02:00
|
|
|
std::this_thread::sleep_for(lt::milliseconds(100));
|
2013-07-28 17:06:28 +02:00
|
|
|
}
|
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("peer_errors: %d expected_errors: %d\n"
|
2015-01-04 02:04:56 +01:00
|
|
|
, peer_errors, test.peer_errors);
|
2015-01-06 09:16:03 +01:00
|
|
|
TEST_EQUAL(peer_errors > 0, test.peer_errors > 0);
|
2014-10-06 05:03:01 +02:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("ssl_disconnects: %d expected: %d\n", ssl_peer_disconnects, test.ssl_disconnects);
|
2015-01-06 09:16:03 +01:00
|
|
|
TEST_EQUAL(ssl_peer_disconnects > 0, test.ssl_disconnects > 0);
|
2014-10-06 05:03:01 +02:00
|
|
|
|
2016-11-12 19:50:49 +01:00
|
|
|
char const* now = time_now_string();
|
|
|
|
std::printf("%s: EXPECT: %s\n", now, test.expected_to_complete ? "SUCCEESS" : "FAILURE");
|
|
|
|
std::printf("%s: RESULT: %s\n", now, tor2.status().is_seeding ? "SUCCEESS" : "FAILURE");
|
2015-01-06 09:16:03 +01:00
|
|
|
TEST_EQUAL(tor2.status().is_seeding, test.expected_to_complete);
|
2013-08-31 22:19:03 +02:00
|
|
|
|
|
|
|
// this allows shutting down the sessions in parallel
|
|
|
|
p1 = ses1.abort();
|
|
|
|
p2 = ses2.abort();
|
2013-07-28 17:06:28 +02:00
|
|
|
}
|
|
|
|
|
2013-12-15 22:10:45 +01:00
|
|
|
std::string password_callback(int length, boost::asio::ssl::context::password_purpose p
|
|
|
|
, std::string pw)
|
|
|
|
{
|
|
|
|
if (p != boost::asio::ssl::context::for_reading) return "";
|
|
|
|
return pw;
|
|
|
|
}
|
|
|
|
|
|
|
|
struct attack_t
|
|
|
|
{
|
|
|
|
// flags controlling the connection attempt
|
2016-06-18 20:01:38 +02:00
|
|
|
std::uint32_t flags;
|
2013-12-15 22:10:45 +01:00
|
|
|
// whether or not we expect to be able to connect
|
|
|
|
bool expect;
|
|
|
|
};
|
|
|
|
|
|
|
|
enum attack_flags_t
|
|
|
|
{
|
|
|
|
valid_certificate = 1,
|
|
|
|
invalid_certificate = 2,
|
|
|
|
valid_sni_hash = 4,
|
|
|
|
invalid_sni_hash = 8,
|
|
|
|
valid_bittorrent_hash = 16,
|
|
|
|
};
|
|
|
|
|
|
|
|
attack_t attacks[] =
|
|
|
|
{
|
|
|
|
// positive test
|
|
|
|
{ valid_certificate | valid_sni_hash | valid_bittorrent_hash, true},
|
|
|
|
|
|
|
|
// SNI
|
|
|
|
{ valid_certificate | invalid_sni_hash | valid_bittorrent_hash, false},
|
|
|
|
{ valid_certificate | valid_bittorrent_hash, false},
|
|
|
|
|
|
|
|
// certificate
|
|
|
|
{ valid_sni_hash | valid_bittorrent_hash, false},
|
|
|
|
{ invalid_certificate | valid_sni_hash | valid_bittorrent_hash, false},
|
|
|
|
|
|
|
|
// bittorrent hash
|
|
|
|
{ valid_certificate | valid_sni_hash, false},
|
|
|
|
};
|
|
|
|
|
|
|
|
const int num_attacks = sizeof(attacks)/sizeof(attacks[0]);
|
|
|
|
|
2017-04-12 20:05:53 +02:00
|
|
|
bool try_connect(lt::session& ses1, int port
|
2016-08-17 23:26:35 +02:00
|
|
|
, std::shared_ptr<torrent_info> const& t, std::uint32_t flags)
|
2013-12-15 22:10:45 +01:00
|
|
|
{
|
|
|
|
using boost::asio::ssl::context;
|
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("\nMALICIOUS PEER TEST: ");
|
|
|
|
if (flags & invalid_certificate) std::printf("invalid-certificate ");
|
|
|
|
else if (flags & valid_certificate) std::printf("valid-certificate ");
|
|
|
|
else std::printf("no-certificate ");
|
2013-12-15 22:10:45 +01:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
if (flags & invalid_sni_hash) std::printf("invalid-SNI-hash ");
|
|
|
|
else if (flags & valid_sni_hash) std::printf("valid-SNI-hash ");
|
|
|
|
else std::printf("no-SNI-hash ");
|
2013-12-15 22:10:45 +01:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
if (flags & valid_bittorrent_hash) std::printf("valid-bittorrent-hash ");
|
|
|
|
else std::printf("invalid-bittorrent-hash ");
|
2013-12-15 22:10:45 +01:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf(" port: %d\n", port);
|
2013-12-15 22:10:45 +01:00
|
|
|
|
|
|
|
error_code ec;
|
|
|
|
boost::asio::io_service ios;
|
|
|
|
|
|
|
|
// create the SSL context for this torrent. We need to
|
|
|
|
// inject the root certificate, and no other, to
|
|
|
|
// verify other peers against
|
|
|
|
context ctx(ios, context::sslv23);
|
|
|
|
|
|
|
|
ctx.set_options(context::default_workarounds
|
|
|
|
| boost::asio::ssl::context::no_sslv2
|
|
|
|
| boost::asio::ssl::context::single_dh_use);
|
|
|
|
|
|
|
|
// we're a malicious peer, we don't have any interest
|
|
|
|
// in verifying peers
|
|
|
|
ctx.set_verify_mode(context::verify_none, ec);
|
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("Failed to set SSL verify mode: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
TEST_CHECK(!ec);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-12-16 01:42:06 +01:00
|
|
|
std::string certificate = combine_path("..", combine_path("ssl", "peer_certificate.pem"));
|
|
|
|
std::string private_key = combine_path("..", combine_path("ssl", "peer_private_key.pem"));
|
|
|
|
std::string dh_params = combine_path("..", combine_path("ssl", "dhparams.pem"));
|
2013-12-15 22:10:45 +01:00
|
|
|
|
|
|
|
if (flags & invalid_certificate)
|
|
|
|
{
|
2013-12-16 01:42:06 +01:00
|
|
|
certificate = combine_path("..", combine_path("ssl", "invalid_peer_certificate.pem"));
|
|
|
|
private_key = combine_path("..", combine_path("ssl", "invalid_peer_private_key.pem"));
|
2013-12-15 22:10:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: test using a signed certificate with the wrong info-hash in DN
|
|
|
|
|
|
|
|
if (flags & (valid_certificate | invalid_certificate))
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("set_password_callback\n");
|
2016-05-25 06:31:52 +02:00
|
|
|
ctx.set_password_callback(std::bind(&password_callback, _1, _2, "test"), ec);
|
2013-12-15 22:10:45 +01:00
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("Failed to set certificate password callback: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
TEST_CHECK(!ec);
|
|
|
|
return false;
|
|
|
|
}
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("use_certificate_file \"%s\"\n", certificate.c_str());
|
2013-12-15 22:10:45 +01:00
|
|
|
ctx.use_certificate_file(certificate, context::pem, ec);
|
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("Failed to set certificate file: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
TEST_CHECK(!ec);
|
|
|
|
return false;
|
|
|
|
}
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("use_private_key_file \"%s\"\n", private_key.c_str());
|
2013-12-15 22:10:45 +01:00
|
|
|
ctx.use_private_key_file(private_key, context::pem, ec);
|
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("Failed to set private key: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
TEST_CHECK(!ec);
|
|
|
|
return false;
|
|
|
|
}
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("use_tmp_dh_file \"%s\"\n", dh_params.c_str());
|
2013-12-15 22:10:45 +01:00
|
|
|
ctx.use_tmp_dh_file(dh_params, ec);
|
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("Failed to set DH params: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
TEST_CHECK(!ec);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-06 19:49:18 +02:00
|
|
|
boost::asio::ssl::stream<tcp::socket> ssl_sock(ios, ctx);
|
2013-12-15 22:10:45 +01:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("connecting 127.0.0.1:%d\n", port);
|
2013-12-15 22:10:45 +01:00
|
|
|
ssl_sock.lowest_layer().connect(tcp::endpoint(
|
|
|
|
address_v4::from_string("127.0.0.1"), port), ec);
|
2017-04-02 20:22:17 +02:00
|
|
|
print_alerts(ses1, "ses1", true, true, &on_alert);
|
2013-12-15 22:10:45 +01:00
|
|
|
|
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("Failed to connect: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
TEST_CHECK(!ec);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (flags & valid_sni_hash)
|
|
|
|
{
|
2017-02-14 03:56:20 +01:00
|
|
|
std::string name = aux::to_hex(t->info_hash());
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("SNI: %s\n", name.c_str());
|
2013-12-15 22:10:45 +01:00
|
|
|
SSL_set_tlsext_host_name(ssl_sock.native_handle(), name.c_str());
|
|
|
|
}
|
|
|
|
else if (flags & invalid_sni_hash)
|
|
|
|
{
|
|
|
|
char const hex_alphabet[] = "0123456789abcdef";
|
|
|
|
std::string name;
|
|
|
|
name.reserve(40);
|
|
|
|
for (int i = 0; i < 40; ++i)
|
|
|
|
name += hex_alphabet[rand() % 16];
|
2015-06-06 07:22:53 +02:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("SNI: %s\n", name.c_str());
|
2013-12-15 22:10:45 +01:00
|
|
|
SSL_set_tlsext_host_name(ssl_sock.native_handle(), name.c_str());
|
|
|
|
}
|
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("SSL handshake\n");
|
2015-06-06 07:22:53 +02:00
|
|
|
ssl_sock.handshake(boost::asio::ssl::stream_base::client, ec);
|
2013-12-15 22:10:45 +01:00
|
|
|
|
2017-04-02 20:22:17 +02:00
|
|
|
print_alerts(ses1, "ses1", true, true, &on_alert);
|
2013-12-15 22:10:45 +01:00
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("Failed SSL handshake: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
char handshake[] = "\x13" "BitTorrent protocol\0\0\0\0\0\0\0\x04"
|
|
|
|
" " // space for info-hash
|
|
|
|
"aaaaaaaaaaaaaaaaaaaa" // peer-id
|
|
|
|
"\0\0\0\x01\x02"; // interested
|
2015-06-06 07:22:53 +02:00
|
|
|
|
2013-12-15 22:10:45 +01:00
|
|
|
// fill in the info-hash
|
|
|
|
if (flags & valid_bittorrent_hash)
|
|
|
|
{
|
|
|
|
std::memcpy(handshake + 28, &t->info_hash()[0], 20);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
// TODO: also test using a hash that refers to a valid torrent
|
|
|
|
// but that differs from the SNI hash
|
|
|
|
std::generate(handshake + 28, handshake + 48, &rand);
|
|
|
|
}
|
|
|
|
|
|
|
|
// fill in the peer-id
|
|
|
|
std::generate(handshake + 48, handshake + 68, &rand);
|
2014-01-17 02:00:49 +01:00
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("bittorrent handshake\n");
|
2015-06-06 07:22:53 +02:00
|
|
|
boost::asio::write(ssl_sock, boost::asio::buffer(handshake, (sizeof(handshake) - 1)), ec);
|
2017-04-02 20:22:17 +02:00
|
|
|
print_alerts(ses1, "ses1", true, true, &on_alert);
|
2013-12-15 22:10:45 +01:00
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("failed to write bittorrent handshake: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
return false;
|
|
|
|
}
|
2015-06-06 07:22:53 +02:00
|
|
|
|
2013-12-15 22:10:45 +01:00
|
|
|
char buf[68];
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("read bittorrent handshake\n");
|
2015-06-06 07:22:53 +02:00
|
|
|
boost::asio::read(ssl_sock, boost::asio::buffer(buf, sizeof(buf)), ec);
|
2017-04-02 20:22:17 +02:00
|
|
|
print_alerts(ses1, "ses1", true, true, &on_alert);
|
2013-12-15 22:10:45 +01:00
|
|
|
if (ec)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("failed to read bittorrent handshake: %s\n"
|
2013-12-15 22:10:45 +01:00
|
|
|
, ec.message().c_str());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (memcmp(buf, "\x13" "BitTorrent protocol", 20) != 0)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("invalid bittorrent handshake\n");
|
2013-12-15 22:10:45 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (memcmp(buf + 28, &t->info_hash()[0], 20) != 0)
|
|
|
|
{
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("invalid info-hash in bittorrent handshake\n");
|
2013-12-15 22:10:45 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-10-10 02:23:45 +02:00
|
|
|
std::printf("successfully connected over SSL and shook hand over bittorrent\n");
|
2013-12-15 22:10:45 +01:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
void test_malicious_peer()
|
|
|
|
{
|
|
|
|
error_code ec;
|
|
|
|
remove_all("tmp3_ssl", ec);
|
|
|
|
|
|
|
|
// set up session
|
2016-02-08 08:01:25 +01:00
|
|
|
int port = 1024 + rand() % 50000;
|
2014-07-06 21:18:00 +02:00
|
|
|
settings_pack sett;
|
|
|
|
sett.set_int(settings_pack::alert_mask, alert_mask);
|
|
|
|
sett.set_int(settings_pack::max_retry_port_bind, 100);
|
2016-02-08 08:01:25 +01:00
|
|
|
|
|
|
|
char listen_iface[100];
|
2016-05-17 15:24:06 +02:00
|
|
|
std::snprintf(listen_iface, sizeof(listen_iface), "0.0.0.0:%ds", port);
|
2016-02-08 08:01:25 +01:00
|
|
|
sett.set_str(settings_pack::listen_interfaces, listen_iface);
|
2014-07-06 21:18:00 +02:00
|
|
|
sett.set_bool(settings_pack::enable_dht, false);
|
|
|
|
sett.set_bool(settings_pack::enable_lsd, false);
|
|
|
|
sett.set_bool(settings_pack::enable_upnp, false);
|
|
|
|
sett.set_bool(settings_pack::enable_natpmp, false);
|
|
|
|
|
2017-07-27 22:26:12 +02:00
|
|
|
lt::session ses1(sett, {});
|
2013-12-15 22:10:45 +01:00
|
|
|
wait_for_listen(ses1, "ses1");
|
|
|
|
|
|
|
|
// create torrent
|
|
|
|
create_directory("tmp3_ssl", ec);
|
|
|
|
std::ofstream file("tmp3_ssl/temporary");
|
2016-08-17 23:26:35 +02:00
|
|
|
std::shared_ptr<torrent_info> t = ::create_torrent(&file, "temporary"
|
2014-01-08 07:18:57 +01:00
|
|
|
, 16 * 1024, 13, false, combine_path("..", combine_path("ssl", "root_ca_cert.pem")));
|
2013-12-15 22:10:45 +01:00
|
|
|
file.close();
|
|
|
|
|
2014-01-20 02:01:03 +01:00
|
|
|
TEST_CHECK(!t->ssl_cert().empty());
|
|
|
|
|
2013-12-15 22:10:45 +01:00
|
|
|
add_torrent_params addp;
|
2014-01-20 02:01:03 +01:00
|
|
|
addp.save_path = "tmp3_ssl";
|
2017-07-09 16:32:01 +02:00
|
|
|
addp.flags &= ~torrent_flags::paused;
|
|
|
|
addp.flags &= ~torrent_flags::auto_managed;
|
2013-12-15 22:10:45 +01:00
|
|
|
addp.ti = t;
|
|
|
|
|
|
|
|
torrent_handle tor1 = ses1.add_torrent(addp, ec);
|
|
|
|
|
|
|
|
tor1.set_ssl_certificate(
|
2014-01-20 02:01:03 +01:00
|
|
|
combine_path("..", combine_path("ssl", "peer_certificate.pem"))
|
|
|
|
, combine_path("..", combine_path("ssl", "peer_private_key.pem"))
|
|
|
|
, combine_path("..", combine_path("ssl", "dhparams.pem"))
|
2013-12-15 22:10:45 +01:00
|
|
|
, "test");
|
|
|
|
|
2015-04-04 15:31:33 +02:00
|
|
|
alert const* a = wait_for_alert(ses1
|
2015-01-04 02:04:56 +01:00
|
|
|
, torrent_finished_alert::alert_type, "ses1");
|
2015-04-04 15:31:33 +02:00
|
|
|
TEST_CHECK(a);
|
|
|
|
if (a)
|
2015-01-04 02:04:56 +01:00
|
|
|
{
|
|
|
|
TEST_EQUAL(a->type(), torrent_finished_alert::alert_type);
|
|
|
|
}
|
2013-12-15 22:10:45 +01:00
|
|
|
|
|
|
|
for (int i = 0; i < num_attacks; ++i)
|
|
|
|
{
|
2016-02-08 08:01:25 +01:00
|
|
|
bool const success = try_connect(ses1, port, t, attacks[i].flags);
|
2015-01-04 02:04:56 +01:00
|
|
|
TEST_EQUAL(success, attacks[i].expect);
|
2013-12-15 22:10:45 +01:00
|
|
|
}
|
|
|
|
}
|
2013-12-16 07:17:05 +01:00
|
|
|
#endif // TORRENT_USE_OPENSSL
|
2013-12-15 22:10:45 +01:00
|
|
|
|
2015-06-20 18:46:40 +02:00
|
|
|
TORRENT_TEST(malicious_peer)
|
2013-07-28 17:06:28 +02:00
|
|
|
{
|
2015-06-05 08:31:52 +02:00
|
|
|
#ifdef TORRENT_USE_OPENSSL
|
2013-12-15 22:10:45 +01:00
|
|
|
test_malicious_peer();
|
2015-06-20 18:46:40 +02:00
|
|
|
#endif
|
2013-07-28 17:06:28 +02:00
|
|
|
}
|
|
|
|
|
2015-06-20 18:46:40 +02:00
|
|
|
#ifdef TORRENT_USE_OPENSSL
|
|
|
|
TORRENT_TEST(utp_config0) { test_ssl(0, true); }
|
|
|
|
TORRENT_TEST(utp_config1) { test_ssl(1, true); }
|
|
|
|
TORRENT_TEST(utp_config2) { test_ssl(2, true); }
|
|
|
|
TORRENT_TEST(utp_config3) { test_ssl(3, true); }
|
|
|
|
TORRENT_TEST(utp_config4) { test_ssl(4, true); }
|
|
|
|
TORRENT_TEST(utp_config5) { test_ssl(5, true); }
|
|
|
|
TORRENT_TEST(utp_config6) { test_ssl(6, true); }
|
|
|
|
TORRENT_TEST(utp_config7) { test_ssl(7, true); }
|
|
|
|
TORRENT_TEST(utp_config8) { test_ssl(8, true); }
|
|
|
|
|
|
|
|
TORRENT_TEST(tcp_config0) { test_ssl(0, false); }
|
|
|
|
TORRENT_TEST(tcp_config1) { test_ssl(1, false); }
|
|
|
|
TORRENT_TEST(tcp_config2) { test_ssl(2, false); }
|
|
|
|
TORRENT_TEST(tcp_config3) { test_ssl(3, false); }
|
|
|
|
TORRENT_TEST(tcp_config4) { test_ssl(4, false); }
|
|
|
|
TORRENT_TEST(tcp_config5) { test_ssl(5, false); }
|
|
|
|
TORRENT_TEST(tcp_config6) { test_ssl(6, false); }
|
|
|
|
TORRENT_TEST(tcp_config7) { test_ssl(7, false); }
|
|
|
|
TORRENT_TEST(tcp_config8) { test_ssl(8, false); }
|
|
|
|
#endif
|
2013-07-28 17:06:28 +02:00
|
|
|
|