|
|
|
|
@ -904,9 +904,16 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// keys inventory operates differently from the rest of the network opcodes...and does not require
|
|
|
|
|
// an established connection to the master, so we will not validate the peer connection state here
|
|
|
|
|
// keys update operates differently from the rest of the network opcodes...and does not require
|
|
|
|
|
// an established connection to the master, so we will not validate the peer connection state here.
|
|
|
|
|
// update is a two-phase flow: (1) auth request frame (80 bytes), then (2) chunked PacketBuffer frames.
|
|
|
|
|
if (peerId > 0 && !peerEntry.peerDefault()) {
|
|
|
|
|
if (mdNetwork->m_peerKeyUpdatePkt.find(peerId) == mdNetwork->m_peerKeyUpdatePkt.end()) {
|
|
|
|
|
if (req->length < 80) {
|
|
|
|
|
LogError(LOG_MASTER, "PEER %u requested enc. key update, but payload length was invalid (%u bytes), no response", peerId, req->length);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// scope intentional
|
|
|
|
|
{
|
|
|
|
|
// get the peer password hash from the frame message
|
|
|
|
|
@ -958,7 +965,7 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
|
|
|
|
|
|
|
|
|
|
// validate hash
|
|
|
|
|
bool validHash = false;
|
|
|
|
|
if (req->length - 8U == 32U) {
|
|
|
|
|
if (req->length >= 80) {
|
|
|
|
|
validHash = true;
|
|
|
|
|
for (uint8_t i = 0; i < 32U; i++) {
|
|
|
|
|
if (peerHash[i] != out[i]) {
|
|
|
|
|
@ -1004,7 +1011,7 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
|
|
|
|
|
|
|
|
|
|
// validate hash
|
|
|
|
|
bool validHash = false;
|
|
|
|
|
if (req->length - 8U == 32U) {
|
|
|
|
|
if (req->length >= 80) {
|
|
|
|
|
validHash = true;
|
|
|
|
|
for (uint8_t i = 0; i < 32U; i++) {
|
|
|
|
|
if (remoteAccessHash[i] != out[i]) {
|
|
|
|
|
@ -1020,6 +1027,17 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mdNetwork->m_peerKeyUpdatePkt.insert(peerId, MetadataNetwork::PacketBufferEntry());
|
|
|
|
|
MetadataNetwork::PacketBufferEntry& pkt = mdNetwork->m_peerKeyUpdatePkt[peerId];
|
|
|
|
|
pkt.buffer = new PacketBuffer(true, "Remote EKC, Key Update");
|
|
|
|
|
pkt.streamId = streamId;
|
|
|
|
|
pkt.locked = false;
|
|
|
|
|
pkt.timeout = 0U;
|
|
|
|
|
|
|
|
|
|
LogInfoEx(LOG_REPL, "PEER %u Remote EKC, Key Update, authenticated transfer streamId = %u", peerId, streamId);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// scope intentional
|
|
|
|
|
{
|
|
|
|
|
DECLARE_UINT8_ARRAY(rawPayload, req->length);
|
|
|
|
|
@ -1027,29 +1045,21 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
|
|
|
|
|
|
|
|
|
|
// Utils::dump(1U, "MetadataNetwork::taskNetworkRx(), KEYS_UPDATE, Raw Payload", rawPayload, req->length);
|
|
|
|
|
|
|
|
|
|
if (mdNetwork->m_peerKeyUpdatePkt.find(peerId) == mdNetwork->m_peerKeyUpdatePkt.end()) {
|
|
|
|
|
mdNetwork->m_peerKeyUpdatePkt.insert(peerId, MetadataNetwork::PacketBufferEntry());
|
|
|
|
|
|
|
|
|
|
MetadataNetwork::PacketBufferEntry& pkt = mdNetwork->m_peerKeyUpdatePkt[peerId];
|
|
|
|
|
pkt.buffer = new PacketBuffer(true, "Remote EKC, Key Update");
|
|
|
|
|
pkt.streamId = streamId;
|
|
|
|
|
|
|
|
|
|
pkt.locked = false;
|
|
|
|
|
} else {
|
|
|
|
|
MetadataNetwork::PacketBufferEntry& pkt = mdNetwork->m_peerKeyUpdatePkt[peerId];
|
|
|
|
|
if (!pkt.locked && pkt.streamId != streamId) {
|
|
|
|
|
LogError(LOG_REPL, "PEER %u Remote EKC, Key Update, stream ID mismatch, expected %u, got %u", peerId, pkt.streamId, streamId);
|
|
|
|
|
pkt.buffer->clear();
|
|
|
|
|
pkt.streamId = streamId;
|
|
|
|
|
delete pkt.buffer;
|
|
|
|
|
pkt.streamId = 0U;
|
|
|
|
|
mdNetwork->m_peerKeyUpdatePkt.erase(peerId);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (pkt.streamId != streamId) {
|
|
|
|
|
// otherwise drop the packet
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MetadataNetwork::PacketBufferEntry& pkt = mdNetwork->m_peerKeyUpdatePkt[peerId];
|
|
|
|
|
if (pkt.locked) {
|
|
|
|
|
while (pkt.locked && pkt.timeout < TIMEOUT_MAX_REPL) {
|
|
|
|
|
pkt.timeout++;
|
|
|
|
|
@ -1059,6 +1069,7 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
|
|
|
|
|
if (pkt.timeout >= TIMEOUT_MAX_REPL) {
|
|
|
|
|
LogError(LOG_STP, "PEER %u Remote EKC, Key Update, timeout waiting for packet buffer to unlock", peerId);
|
|
|
|
|
pkt.buffer->clear();
|
|
|
|
|
delete pkt.buffer;
|
|
|
|
|
pkt.streamId = 0U;
|
|
|
|
|
mdNetwork->m_peerKeyUpdatePkt.erase(peerId);
|
|
|
|
|
break;
|
|
|
|
|
@ -1073,7 +1084,6 @@ void MetadataNetwork::taskNetworkRx(NetPacketRequest* req)
|
|
|
|
|
|
|
|
|
|
if (pkt.buffer->decode(rawPayload, &decompressed, &decompressedLen)) {
|
|
|
|
|
mdNetwork->m_peerKeyUpdatePkt.lock();
|
|
|
|
|
// randomize filename
|
|
|
|
|
std::ostringstream s;
|
|
|
|
|
s << network->m_cryptoLookup->filename();
|
|
|
|
|
|
|
|
|
|
|
Bryan Biedenkapp
6 days ago