Green-Sky/tomato
Green-Sky/tomato
1
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity
tomato/toxcore/shared_key_cache.c
Green Sky 3b6bb15e86 Squashed 'external/toxcore/c-toxcore/' changes from 11ab1d2a723..d9b8fa6098d 
d9b8fa6098d fix: Fake broadcast address for 127.x.x.x
aa649165a57 chore: Add code for future netprof TCP testing
9e5693de5ac chore: add to_string functions for netprof enums
52d915e6a90 cleanup: Heap allocate network profile objects
80fabd4a729 feat: Implement Tox network profiler
05abe083cb6 cleanup: Some random cleanups, mostly related to mem.
5cca24513b8 cleanup: Check that onion IP/Port packing worked.
e092ecd1244 cleanup: Use tox memory allocator in some more places.
3cfe41c7587 fix: Avoid `memcpy`-ing structs into onion ping id data.
e32ac001938 fix: Add more information on why the frame was not sent.
ab887003687 fix: Allow TCP connections to fail `connect` calls.
7603170e663 refactor: Use tox memory in group connection allocations.
5bd8a85eb89 cleanup: Align internal logger with external on type of source line.
e9bf524d9e1 cleanup: Add missing `#include` to sort_test.cc.
d10c966b998 feat: Add `to_string` functions for toxencryptsave errors.
7bfd0dc8003 docs: Update the docs for group join functions
380dde9f2ae test: Add more logging to TCP connection constructor.
0f12f384c8c cleanup: Reduce stack frame sizes to below 4096 bytes.
bc43cec0626 chore: Happy new year!
fbe78f1702e cleanup: Add a `TOX_HIDE_DEPRECATED` check to hide deprecated symbols.
44d9da07e77 refactor: Use tox memory for group moderation/pack allocations.
7f26d520168 refactor: Use tox memory in group chats allocations.
2f62f3d0e77 refactor: Use tox Memory for group allocations.
8a968162041 chore: Add dispatch/events headers to bazel export.
2bbfb35abf6 docs: Output the error code string instead of int. in toxav logging
d55d0e4eaef cleanup: Remove redundant code for checking if group exists
2a6dc643338 chore: Upgrade dependencies for websockify.
fc0650601c1 fix: Allow peers to reconnect to group chats using a password

git-subtree-dir: external/toxcore/c-toxcore
git-subtree-split: d9b8fa6098de6c074038b6664d2572627540b148
2025-01-18 15:53:06 +01:00

172 lines
5.5 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-3.0-or-later
* Copyright © 2022-2025 The TokTok team.
*/
#include "shared_key_cache.h"
#include <stdint.h>
#include <string.h> // memcpy(...)
#include "attributes.h"
#include "ccompat.h"
#include "crypto_core.h"
#include "logger.h"
#include "mem.h"
#include "mono_time.h"
typedef struct Shared_Key {
uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE];
uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE];
uint64_t time_last_requested;
} Shared_Key;
struct Shared_Key_Cache {
Shared_Key *keys;
const uint8_t *self_secret_key;
uint64_t timeout; /** After this time (in seconds), a key is erased on the next housekeeping cycle */
const Mono_Time *mono_time;
const Memory *mem;
const Logger *log;
uint8_t keys_per_slot;
};
non_null()
static bool shared_key_is_empty(const Logger *log, const Shared_Key *k)
{
LOGGER_ASSERT(log, k != nullptr, "shared key must not be NULL");
/*
* Since time can never be 0, we use that to determine if a key slot is empty.
* Additionally this allows us to use crypto_memzero and leave the slot in a valid state.
*/
return k->time_last_requested == 0;
}
non_null()
static void shared_key_set_empty(const Logger *log, Shared_Key *k)
{
crypto_memzero(k, sizeof(Shared_Key));
LOGGER_ASSERT(log, shared_key_is_empty(log, k), "shared key must be empty after clearing it");
}
Shared_Key_Cache *shared_key_cache_new(const Logger *log, const Mono_Time *mono_time, const Memory *mem, const uint8_t *self_secret_key, uint64_t timeout, uint8_t keys_per_slot)
{
if (mono_time == nullptr || self_secret_key == nullptr || timeout == 0 || keys_per_slot == 0) {
return nullptr;
}
// Time must not be zero, since we use that as special value for empty slots
if (mono_time_get(mono_time) == 0) {
// Fail loudly in debug environments
LOGGER_FATAL(log, "time must not be zero (mono_time not initialised?)");
return nullptr;
}
Shared_Key_Cache *res = (Shared_Key_Cache *)mem_alloc(mem, sizeof(Shared_Key_Cache));
if (res == nullptr) {
return nullptr;
}
res->self_secret_key = self_secret_key;
res->mono_time = mono_time;
res->mem = mem;
res->log = log;
res->keys_per_slot = keys_per_slot;
// We take one byte from the public key for each bucket and store keys_per_slot elements there
const size_t cache_size = 256 * keys_per_slot;
Shared_Key *keys = (Shared_Key *)mem_valloc(mem, cache_size, sizeof(Shared_Key));
if (keys == nullptr) {
mem_delete(mem, res);
return nullptr;
}
crypto_memlock(keys, cache_size * sizeof(Shared_Key));
res->keys = keys;
return res;
}
void shared_key_cache_free(Shared_Key_Cache *cache)
{
if (cache == nullptr) {
return;
}
const size_t cache_size = 256 * cache->keys_per_slot;
// Don't leave key material in memory
crypto_memzero(cache->keys, cache_size * sizeof(Shared_Key));
crypto_memunlock(cache->keys, cache_size * sizeof(Shared_Key));
mem_delete(cache->mem, cache->keys);
mem_delete(cache->mem, cache);
}
/* NOTE: On each lookup housekeeping is performed to evict keys that did timeout. */
const uint8_t *shared_key_cache_lookup(Shared_Key_Cache *cache, const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE])
{
// caching the time is not necessary, but calls to mono_time_get(...) are not free
const uint64_t cur_time = mono_time_get(cache->mono_time);
// We can't use the first and last bytes because they are masked in curve25519. Selected 8 for good alignment.
const uint8_t bucket_idx = public_key[8];
Shared_Key *bucket_start = &cache->keys[bucket_idx * cache->keys_per_slot];
const uint8_t *found = nullptr;
// Perform lookup
for (size_t i = 0; i < cache->keys_per_slot; ++i) {
if (shared_key_is_empty(cache->log, &bucket_start[i])) {
continue;
}
if (pk_equal(public_key, bucket_start[i].public_key)) {
found = bucket_start[i].shared_key;
bucket_start[i].time_last_requested = cur_time;
break;
}
}
// Perform housekeeping for this bucket
for (size_t i = 0; i < cache->keys_per_slot; ++i) {
if (shared_key_is_empty(cache->log, &bucket_start[i])) {
continue;
}
const bool timed_out = (bucket_start[i].time_last_requested + cache->timeout) < cur_time;
if (timed_out) {
shared_key_set_empty(cache->log, &bucket_start[i]);
}
}
if (found == nullptr) {
// Insert into cache
uint64_t oldest_timestamp = UINT64_MAX;
size_t oldest_index = 0;
/*
* Find least recently used entry, unused entries are prioritised,
* because their time_last_requested field is zeroed.
*/
for (size_t i = 0; i < cache->keys_per_slot; ++i) {
if (bucket_start[i].time_last_requested < oldest_timestamp) {
oldest_timestamp = bucket_start[i].time_last_requested;
oldest_index = i;
}
}
// Compute the shared key for the cache
if (encrypt_precompute(public_key, cache->self_secret_key, bucket_start[oldest_index].shared_key) != 0) {
// Don't put anything in the cache on error
return nullptr;
}
// update cache entry
memcpy(bucket_start[oldest_index].public_key, public_key, CRYPTO_PUBLIC_KEY_SIZE);
bucket_start[oldest_index].time_last_requested = cur_time;
found = bucket_start[oldest_index].shared_key;
}
return found;
}
Reference in New Issue View Git Blame Copy Permalink