2 files changed, 406 insertions, 0 deletions
diff --git a/service/SoftwareUpdater.cpp b/service/SoftwareUpdater.cpp
new file mode 100644
index 00000000..3c77a55a
--- /dev/null
+++ b/service/SoftwareUpdater.cpp
@@ -0,0 +1,235 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "SoftwareUpdater.hpp"
+
+#include "../version.h"
+
+#include "../node/Constants.hpp"
+#include "../node/Utils.hpp"
+#include "../node/SHA512.hpp"
+#include "../node/Buffer.hpp"
+#include "../node/Node.hpp"
+#include "../osdep/OSUtils.hpp"
+
+namespace ZeroTier {
+
+SoftwareUpdater::SoftwareUpdater(Node &node,const char *homePath,bool updateDistributor) :
+	_node(node),
+	_lastCheckTime(OSUtils::now()), // check in the future in case we just started, in which case we're probably offline
+	_homePath(homePath)
+{
+	// Load all updates we are distributing if we are an update distributor and have an update-dist.d folder
+	if (updateDistributor) {
+		std::string udd(_homePath + ZT_PATH_SEPARATOR_S + "update-dist.d");
+		std::vector<std::string> ud(OSUtils::listDirectory(udd.c_str()));
+		for(std::vector<std::string>::iterator u(ud.begin());u!=ud.end();++u) {
+			// Each update has a companion .json file describing it. Other files are ignored.
+			if ((u->length() > 5)&&(u->substr(u->length() - 5,5) == ".json")) {
+				std::string buf;
+				if (OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + *u).c_str(),buf)) {
+					try {
+						_D d;
+						d.meta = OSUtils::jsonParse(buf);
+						std::string metaHash = OSUtils::jsonBinFromHex(d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH]);
+						if ((metaHash.length() == ZT_SHA512_DIGEST_LEN)&&(OSUtils::readFile((udd + ZT_PATH_SEPARATOR_S + u->substr(0,u->length() - 5)).c_str(),d.bin))) {
+							uint8_t sha512[ZT_SHA512_DIGEST_LEN];
+							SHA512::hash(sha512,d.bin.data(),(unsigned int)d.bin.length());
+							if (!memcmp(sha512,metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct
+								_dist[Array<uint8_t,16>(sha512)] = d;
+							}
+						}
+					} catch ( ... ) {} // ignore bad meta JSON, etc.
+				}
+			}
+		}
+	}
+}
+
+SoftwareUpdater::~SoftwareUpdater()
+{
+}
+
+void SoftwareUpdater::handleSoftwareUpdateUserMessage(uint64_t origin,const void *data,unsigned int len)
+{
+	if (!len) return;
+	try {
+		const MessageVerb v = (MessageVerb)reinterpret_cast<const uint8_t *>(data)[0];
+		switch(v) {
+			case VERB_GET_LATEST:
+			case VERB_LATEST: {
+				nlohmann::json req = OSUtils::jsonParse(std::string(reinterpret_cast<const char *>(data) + 1,len - 1));
+				if (req.is_object()) {
+					const unsigned int rvMaj = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR],0);
+					const unsigned int rvMin = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR],0);
+					const unsigned int rvRev = (unsigned int)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION],0);
+					if (v == VERB_GET_LATEST) {
+
+						if (_dist.size() > 0) {
+							const nlohmann::json *latest = (const nlohmann::json *)0;
+							const std::string rSigner = OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY],"");
+							for(std::map< Array<uint8_t,16>,_D >::const_iterator d(_dist.begin());d!=_dist.end();++d) {
+								if (OSUtils::jsonString(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY],"") == rSigner) {
+									const unsigned int dvMaj = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR],0);
+									const unsigned int dvMin = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR],0);
+									const unsigned int dvRev = (unsigned int)OSUtils::jsonInt(d->second.meta[ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION],0);
+									if (Utils::compareVersion(dvMaj,dvMin,dvRev,rvMaj,rvMin,rvRev) > 0)
+										latest = &(d->second.meta);
+								}
+							}
+							if (latest) {
+								std::string lj;
+								lj.push_back((char)VERB_LATEST);
+								lj.append(OSUtils::jsonDump(*latest));
+								_node.sendUserMessage(origin,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,lj.data(),(unsigned int)lj.length());
+							}
+						} // else no reply, since we have nothing to distribute
+
+					} else { // VERB_LATEST
+
+						if ((origin == ZT_SOFTWARE_UPDATE_SERVICE)&&
+							  (Utils::compareVersion(rvMaj,rvMin,rvRev,ZEROTIER_ONE_VERSION_MAJOR,ZEROTIER_ONE_VERSION_MINOR,ZEROTIER_ONE_VERSION_REVISION) > 0)&&
+							  (OSUtils::jsonString(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY],"") == ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY)) {
+							const unsigned long len = (unsigned long)OSUtils::jsonInt(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE],0);
+							const std::string hash = OSUtils::jsonBinFromHex(req[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH]);
+							if ((len <= ZT_SOFTWARE_UPDATE_MAX_SIZE)&&(hash.length() >= 16)) {
+								if (_latestMeta != req) {
+									_latestMeta = req;
+									_latestBin = "";
+									memcpy(_latestBinHashPrefix.data,hash.data(),16);
+									_latestBinLength = len;
+									_latestBinValid = false;
+								}
+
+								Buffer<128> gd;
+								gd.append((uint8_t)VERB_GET_DATA);
+								gd.append(_latestBinHashPrefix.data,16);
+								gd.append((uint32_t)_latestBin.length());
+								_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
+							}
+						}
+
+					}
+				}
+			}	break;
+
+			case VERB_GET_DATA:
+				if ((len >= 21)&&(_dist.size() > 0)) {
+					std::map< Array<uint8_t,16>,_D >::iterator d(_dist.find(Array<uint8_t,16>(reinterpret_cast<const uint8_t *>(data) + 1)));
+					if (d != _dist.end()) {
+						unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24;
+						idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16;
+						idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8;
+						idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20);
+						if (idx < d->second.bin.length()) {
+							Buffer<ZT_SOFTWARE_UPDATE_CHUNK_SIZE + 128> buf;
+							buf.append((uint8_t)VERB_DATA);
+							buf.append(reinterpret_cast<const uint8_t *>(data) + 1,16);
+							buf.append((uint32_t)idx);
+							buf.append(d->second.bin.data() + idx,std::max((unsigned long)ZT_SOFTWARE_UPDATE_CHUNK_SIZE,(unsigned long)(d->second.bin.length() - idx)));
+							_node.sendUserMessage(origin,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,buf.data(),buf.size());
+						}
+					}
+				}
+				break;
+
+			case VERB_DATA:
+				if ((len >= 21)&&(!memcmp(_latestBinHashPrefix.data,reinterpret_cast<const uint8_t *>(data) + 1,16))) {
+					unsigned long idx = (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 17) << 24;
+					idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 18) << 16;
+					idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 19) << 8;
+					idx |= (unsigned long)*(reinterpret_cast<const uint8_t *>(data) + 20);
+					if (idx == _latestBin.length())
+						_latestBin.append(reinterpret_cast<const char *>(data) + 21,len - 21);
+
+					if (_latestBin.length() < _latestBinLength) {
+						Buffer<128> gd;
+						gd.append((uint8_t)VERB_GET_DATA);
+						gd.append(_latestBinHashPrefix.data,16);
+						gd.append((uint32_t)_latestBin.length());
+						_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
+					}
+				}
+				break;
+
+			default:
+				break;
+		}
+	} catch ( ... ) {
+		// Discard bad messages
+	}
+}
+
+nlohmann::json SoftwareUpdater::check()
+{
+	if (_latestBinLength > 0) {
+		if (_latestBin.length() >= _latestBinLength) {
+			if (_latestBinValid) {
+				return _latestMeta;
+			} else {
+				// This is the important security verification part!
+
+				try {
+					// (1) Check the hash itself to make sure the image is basically okay
+					uint8_t sha512[ZT_SHA512_DIGEST_LEN];
+					SHA512::hash(sha512,_latestBin.data(),(unsigned int)_latestBin.length());
+					if (Utils::hex(sha512,ZT_SHA512_DIGEST_LEN) == OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"")) {
+						// (2) Check signature by signing authority
+						std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE]));
+						if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_latestBin.data(),(unsigned int)_latestBin.length(),sig.data(),(unsigned int)sig.length())) {
+							// If we passed both of these, the update is good!
+							_latestBinValid = true;
+							return _latestMeta;
+						}
+					}
+				} catch ( ... ) {} // any exception equals verification failure
+
+				// If we get here, checks failed.
+				_latestMeta = nlohmann::json();
+				_latestBin = "";
+				_latestBinLength = 0;
+				_latestBinValid = false;
+			}
+		} else {
+			Buffer<128> gd;
+			gd.append((uint8_t)VERB_GET_DATA);
+			gd.append(_latestBinHashPrefix.data,16);
+			gd.append((uint32_t)_latestBin.length());
+			_node.sendUserMessage(ZT_SOFTWARE_UPDATE_SERVICE,ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE,gd.data(),gd.size());
+		}
+	}
+
+	const uint64_t now = OSUtils::now();
+	if ((now - _lastCheckTime) >= ZT_SOFTWARE_UPDATE_CHECK_PERIOD) {
+	}
+
+	return nlohmann::json();
+}
+
+void SoftwareUpdater::apply()
+{
+	if ((_latestBin.length() == _latestBinLength)&&(_latestBinLength > 0)&&(_latestBinValid)) {
+	}
+}
+
+} // namespace ZeroTier
diff --git a/service/SoftwareUpdater.hpp b/service/SoftwareUpdater.hpp
new file mode 100644
index 00000000..5fb465f8
--- /dev/null
+++ b/service/SoftwareUpdater.hpp
@@ -0,0 +1,171 @@
+/*
+ * ZeroTier One - Network Virtualization Everywhere
+ * Copyright (C) 2011-2016  ZeroTier, Inc.  https://www.zerotier.com/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ZT_SOFTWAREUPDATER_HPP
+#define ZT_SOFTWAREUPDATER_HPP
+
+#include <stdint.h>
+
+#include <vector>
+#include <map>
+#include <string>
+
+#include "../include/ZeroTierOne.h"
+#include "../node/Identity.hpp"
+#include "../node/Array.hpp"
+
+#include "../ext/json/json.hpp"
+
+/**
+ * VERB_USER_MESSAGE type ID for software update messages
+ */
+#define ZT_SOFTWARE_UPDATE_USER_MESSAGE_TYPE 1000
+
+/**
+ * ZeroTier address of node that provides software updates
+ */
+#define ZT_SOFTWARE_UPDATE_SERVICE 0xc1243d3869ULL
+
+/**
+ * ZeroTier identity that must be used to sign software updates
+ */
+#define ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY ""
+
+/**
+ * Chunk size for in-band downloads (can be changed, designed to always fit in one UDP packet easily)
+ */
+#define ZT_SOFTWARE_UPDATE_CHUNK_SIZE 1380
+
+/**
+ * Sanity limit for the size of an update binary image
+ */
+#define ZT_SOFTWARE_UPDATE_MAX_SIZE (1024 * 1024 * 256)
+
+/**
+ * How often (ms) do we check?
+ */
+#define ZT_SOFTWARE_UPDATE_CHECK_PERIOD (60 * 60 * 1000)
+
+#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MAJOR "versionMajor"
+#define ZT_SOFTWARE_UPDATE_JSON_VERSION_MINOR "versionMinor"
+#define ZT_SOFTWARE_UPDATE_JSON_VERSION_REVISION "versionRev"
+#define ZT_SOFTWARE_UPDATE_JSON_EXPECT_SIGNED_BY "expectedSigner"
+#define ZT_SOFTWARE_UPDATE_JSON_PLATFORM "platform"
+#define ZT_SOFTWARE_UPDATE_JSON_ARCHITECTURE "arch"
+#define ZT_SOFTWARE_UPDATE_JSON_WORD_SIZE "wordSize"
+#define ZT_SOFTWARE_UPDATE_JSON_VENDOR "vendor"
+#define ZT_SOFTWARE_UPDATE_JSON_CHANNEL "channel"
+#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNED_BY "updateSigner"
+#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE "updateSig"
+#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH "updateHash"
+#define ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE "updateSize"
+#define ZT_SOFTWARE_UPDATE_JSON_EXEC_ARGS "updateExecArgs"
+
+namespace ZeroTier {
+
+class Node;
+
+/**
+ * This class handles retrieving and executing updates, or serving them
+ */
+class SoftwareUpdater
+{
+public:
+	/**
+	 * Each message begins with an 8-bit message verb
+	 */
+	enum MessageVerb
+	{
+		/**
+		 * Payload: JSON containing current system platform, version, etc.
+		 */
+		VERB_GET_LATEST = 1,
+
+		/**
+		 * Payload: JSON describing latest update for this target. (No response is sent if there is none.)
+		 */
+		VERB_LATEST = 2,
+
+		/**
+		 * Payload:
+		 *   <[16] first 128 bits of hash of data object>
+		 *   <[4] 32-bit index of chunk to get>
+		 */
+		VERB_GET_DATA = 3,
+
+		/**
+		 * Payload:
+		 *   <[16] first 128 bits of hash of data object>
+		 *   <[4] 32-bit index of chunk>
+		 *   <[...] chunk data>
+		 */
+		VERB_DATA = 4
+	};
+
+	SoftwareUpdater(Node &node,const char *homePath,bool updateDistributor);
+	~SoftwareUpdater();
+
+	/**
+	 * Handle a software update user message
+	 *
+	 * @param origin ZeroTier address of message origin
+	 * @param data Message payload
+	 * @param len Length of message
+	 */
+	void handleSoftwareUpdateUserMessage(uint64_t origin,const void *data,unsigned int len);
+
+	/**
+	 * Check for updates and do other update-related housekeeping
+	 *
+	 * It should be called about every 10 seconds.
+	 *
+	 * @return Null JSON object or update information if there is an update downloaded and ready
+	 */
+	nlohmann::json check();
+
+	/**
+	 * Apply any ready update now
+	 *
+	 * Depending on the platform this function may never return and may forcibly
+	 * exit the process. It does nothing if no update is ready.
+	 */
+	void apply();
+
+private:
+	Node &_node;
+	uint64_t _lastCheckTime;
+	std::string _homePath;
+
+	// Offered software updates if we are an update host (we have update-dist.d and update hosting is enabled)
+	struct _D
+	{
+		nlohmann::json meta;
+		std::string bin;
+	};
+	std::map< Array<uint8_t,16>,_D > _dist; // key is first 16 bytes of hash
+
+	nlohmann::json _latestMeta;
+	std::string _latestBin;
+	Array<uint8_t,16> _latestBinHashPrefix;
+	unsigned long _latestBinLength;
+	bool _latestBinValid;
+};
+
+} // namespace ZeroTier
+
+#endif