void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-04-18 21:16:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix to software update repeat downloads.

Browse source
This commit is contained in:
Adam Ierymenko 2017-01-12 14:34:52 -08:00
parent e7bab66d29
commit e1727d6297
3 changed files with 80 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
make-mac.mk
View file

@ -24,7 +24,7 @@ ifeq ($(ZT_OFFICIAL_RELEASE),1)
CODESIGN_APP_CERT="Developer ID Application: ZeroTier, Inc (8ZD9JUCZ4V)"
CODESIGN_INSTALLER_CERT="Developer ID Installer: ZeroTier, Inc (8ZD9JUCZ4V)"
else
DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"download\""
DEFS+=-DZT_SOFTWARE_UPDATE_DEFAULT="\"disable\""
endif
ifeq ($(ZT_ENABLE_CLUSTER),1)

117
service/SoftwareUpdater.cpp
View file

@ -258,9 +258,10 @@ SoftwareUpdater::SoftwareUpdater(Node &node,const std::string &homePath) :
_lastCheckTime(0),
_homePath(homePath),
_channel(ZT_SOFTWARE_UPDATE_DEFAULT_CHANNEL),
_latestBinLength(0),
_latestBinValid(false)
_latestValid(false),
_downloadLength(0)
{
// Check for a cached newer update. If there's a cached update that is not newer, delete.
}
SoftwareUpdater::~SoftwareUpdater()
@ -286,6 +287,7 @@ void SoftwareUpdater::setUpdateDistribution(bool distribute)
uint8_t sha512[ZT_SHA512_DIGEST_LEN];
SHA512::hash(sha512,d.bin.data(),(unsigned int)d.bin.length());
if (!memcmp(sha512,metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct
d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE] = d.bin.length(); // override with correct value -- setting this in meta json is optional
_dist[Array<uint8_t,16>(sha512)] = d;
printf("update-dist.d: %s\n",u->c_str());
}
@ -351,19 +353,24 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
if ((len <= ZT_SOFTWARE_UPDATE_MAX_SIZE)&&(hash.length() >= 16)) {
if (_latestMeta != req) {
_latestMeta = req;
_latestBin = "";
memcpy(_latestBinHashPrefix.data,hash.data(),16);
_latestBinLength = len;
_latestBinValid = false;
printf("<< LATEST\n%s\n",OSUtils::jsonDump(req).c_str());
_latestValid = false;
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S + ZT_SOFTWARE_UPDATE_META_FILENAME).c_str());
OSUtils::rm((_homePath + ZT_PATH_SEPARATOR_S + ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str());
_download = std::string();
memcpy(_downloadHashPrefix.data,hash.data(),16);
_downloadLength = len;
}
Buffer<128> gd;
gd.append((uint8_t)VERB_GET_DATA);
gd.append(_latestBinHashPrefix.data,16);
gd.append((uint32_t)_latestBin.length());
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
printf(">> GET_DATA @%u\n",(unsigned int)_latestBin.length());
if ((_downloadLength > 0)&&(_download.length() < _downloadLength)) {
Buffer<128> gd;
gd.append((uint8_t)VERB_GET_DATA);
gd.append(_downloadHashPrefix.data,16);
gd.append((uint32_t)_download.length());
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
printf(">> GET_DATA @%u\n",(unsigned int)_download.length());
}
}
}
@ -379,7 +386,7 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20);
printf("<< GET_DATA @%u from %.10llx for %s\n",(unsigned int)idx,origin,Utils::hex(reinterpret_cast<const uint8_t *>(data) + 1,16).c_str());
std::map< Array<uint8_t,16>,_D >::iterator d(_dist.find(Array<uint8_t,16>(reinterpret_cast<const uint8_t *>(data) + 1)));
if ((d != _dist.end())&&(idx < d->second.bin.length())) {
if ((d != _dist.end())&&(idx < (unsigned long)d->second.bin.length())) {
Buffer<ZT_SOFTWARE_UPDATE_CHUNK_SIZE + 128> buf;
buf.append((uint8_t)VERB_DATA);
buf.append(reinterpret_cast<const uint8_t *>(data) + 1,16);
@ -392,21 +399,21 @@ void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void
break;
case VERB_DATA:
if ((len >= 21)&&(!memcmp(_latestBinHashPrefix.data,reinterpret_cast<const uint8_t *>(data) + 1,16))) {
if ((len >= 21)&&(_downloadLength > 0)&&(!memcmp(_downloadHashPrefix.data,reinterpret_cast<const uint8_t *>(data) + 1,16))) {
unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8;
idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20);
printf("<< DATA @%u / %u bytes (we now have %u bytes)\n",(unsigned int)idx,(unsigned int)(len - 21),(unsigned int)_latestBin.length());
if (idx == _latestBin.length()) {
_latestBin.append(reinterpret_cast<const char *>(data) + 21,len - 21);
if (_latestBin.length() < _latestBinLength) {
printf("<< DATA @%u / %u bytes (we now have %u bytes)\n",(unsigned int)idx,(unsigned int)(len - 21),(unsigned int)_download.length());
if (idx == (unsigned long)_download.length()) {
_download.append(reinterpret_cast<const char *>(data) + 21,len - 21);
if (_download.length() < _downloadLength) {
Buffer<128> gd;
gd.append((uint8_t)VERB_GET_DATA);
gd.append(_latestBinHashPrefix.data,16);
gd.append((uint32_t)_latestBin.length());
gd.append(_downloadHashPrefix.data,16);
gd.append((uint32_t)_download.length());
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
printf(">> GET_DATA @%u\n",(unsigned int)_latestBin.length());
printf(">> GET_DATA @%u\n",(unsigned int)_download.length());
}
}
}
@ -447,44 +454,50 @@ bool SoftwareUpdater::check(const uint64_t now)
printf(">> GET_LATEST\n");
}
if (_latestBinLength > 0) {
if (_latestBin.length() >= _latestBinLength) {
if (_latestBinValid) {
return true;
} else {
// This is the very important security validation part that makes sure
// this software update doesn't have cooties.
if (_latestValid)
return true;
try {
// (1) Check the hash itself to make sure the image is basically okay
uint8_t sha512[ZT_SHA512_DIGEST_LEN];
SHA512::hash(sha512,_latestBin.data(),(unsigned int)_latestBin.length());
if (Utils::hex(sha512,ZT_SHA512_DIGEST_LEN) == OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"~")) {
// (2) Check signature by signing authority
std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE]));
if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_latestBin.data(),(unsigned int)_latestBin.length(),sig.data(),(unsigned int)sig.length())) {
// If we passed both of these, the update is good!
_latestBinValid = true;
if (_downloadLength > 0) {
if (_download.length() >= _downloadLength) {
// This is the very important security validation part that makes sure
// this software update doesn't have cooties.
try {
// (1) Check the hash itself to make sure the image is basically okay
uint8_t sha512[ZT_SHA512_DIGEST_LEN];
SHA512::hash(sha512,_download.data(),(unsigned int)_download.length());
if (Utils::hex(sha512,ZT_SHA512_DIGEST_LEN) == OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"~")) {
// (2) Check signature by signing authority
std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE]));
if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_download.data(),(unsigned int)_download.length(),sig.data(),(unsigned int)sig.length())) {
// If we passed both of these, the update is good!
if (OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + ZT_SOFTWARE_UPDATE_META_FILENAME).c_str(),OSUtils::jsonDump(_latestMeta)) && OSUtils::writeFile((_homePath + ZT_PATH_SEPARATOR_S + ZT_SOFTWARE_UPDATE_BIN_FILENAME).c_str(),_download)) {
_latestValid = true;
printf("VALID UPDATE\n%s\n",OSUtils::jsonDump(_latestMeta).c_str());
return true;
} else {
_latestMeta = nlohmann::json();
_latestValid = false;
}
_download = std::string();
_downloadLength = 0;
return _latestValid;
}
} catch ( ... ) {} // any exception equals verification failure
printf("INVALID UPDATE (!!!)\n%s\n",OSUtils::jsonDump(_latestMeta).c_str());
}
} catch ( ... ) {} // any exception equals verification failure
// If we get here, checks failed.
_latestMeta = nlohmann::json();
_latestBin = "";
_latestBinLength = 0;
_latestBinValid = false;
}
// If we get here, checks failed.
printf("INVALID UPDATE (!!!)\n%s\n",OSUtils::jsonDump(_latestMeta).c_str());
_latestMeta = nlohmann::json();
_latestValid = false;
_download = std::string();
_downloadLength = 0;
} else {
Buffer<128> gd;
gd.append((uint8_t)VERB_GET_DATA);
gd.append(_latestBinHashPrefix.data,16);
gd.append((uint32_t)_latestBin.length());
gd.append(_downloadHashPrefix.data,16);
gd.append((uint32_t)_download.length());
_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
printf(">> GET_DATA @%u\n",(unsigned int)_latestBin.length());
printf(">> GET_DATA @%u\n",(unsigned int)_download.length());
}
}
@ -493,8 +506,6 @@ bool SoftwareUpdater::check(const uint64_t now)
void SoftwareUpdater::apply()
{
if ((_latestBin.length() > 0)&&(_latestBinValid)) {
}
}
} // namespace ZeroTier

19
service/SoftwareUpdater.hpp
View file

@ -69,6 +69,16 @@
*/
#define ZT_SOFTWARE_UPDATE_DEFAULT_CHANNEL "release"
/**
* Filename for latest update's meta JSON
*/
#define ZT_SOFTWARE_UPDATE_META_FILENAME "latest-update.json"
/**
* Filename for latest update's binary image
*/
#define ZT_SOFTWARE_UPDATE_BIN_FILENAME "latest-update.exe"
#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR "versionMajor"
#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR "versionMinor"
#define ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION "versionRev"
@ -188,10 +198,11 @@ private:
std::map< Array<uint8_t,16>,_D > _dist; // key is first 16 bytes of hash
nlohmann::json _latestMeta;
std::string _latestBin;
Array<uint8_t,16> _latestBinHashPrefix;
unsigned long _latestBinLength;
bool _latestBinValid;
bool _latestValid;
std::string _download;
Array<uint8_t,16> _downloadHashPrefix;
unsigned long _downloadLength;
};
} // namespace ZeroTier