static WSPMachine *find_session_machine(WAPEvent *event, WSP_PDU *pdu) {
WSPMachine *sm;
long session_id;
WAPAddrTuple *tuple;
tuple = NULL;
session_id = -1;
switch (event->type) {
case TR_Invoke_Ind:
tuple = wap_addr_tuple_duplicate(
event->u.TR_Invoke_Ind.addr_tuple);
break;
case TR_Invoke_Cnf:
tuple = wap_addr_tuple_duplicate(
event->u.TR_Invoke_Cnf.addr_tuple);
break;
case TR_Result_Cnf:
tuple = wap_addr_tuple_duplicate(
event->u.TR_Result_Cnf.addr_tuple);
break;
case TR_Abort_Ind:
tuple = wap_addr_tuple_duplicate(
event->u.TR_Abort_Ind.addr_tuple);
break;
case S_Connect_Res:
session_id = event->u.S_Connect_Res.session_id;
break;
case S_Resume_Res:
session_id = event->u.S_Resume_Res.session_id;
break;
case Disconnect_Event:
session_id = event->u.Disconnect_Event.session_handle;
break;
case Suspend_Event:
session_id = event->u.Suspend_Event.session_handle;
break;
case S_MethodInvoke_Res:
session_id = event->u.S_MethodInvoke_Res.session_id;
break;
case S_MethodResult_Req:
session_id = event->u.S_MethodResult_Req.session_id;
break;
case S_ConfirmedPush_Req:
session_id = event->u.S_ConfirmedPush_Req.session_id;
break;
case S_Push_Req:
session_id = event->u.S_Push_Req.session_id;
break;
default:
error(0, "WSP: Cannot find machine for %s event",
wap_event_name(event->type));
}
gw_assert(tuple != NULL || session_id != -1);
/* Pre-state-machine tests, according to 7.1.5. After the tests,
* caller will pass the event to sm if sm is not NULL. */
sm = NULL;
/* First test is for MRUEXCEEDED, and we don't have a MRU */
/* Second test is for class 2 TR-Invoke.ind with Connect PDU */
if (event->type == TR_Invoke_Ind &&
event->u.TR_Invoke_Ind.tcl == 2 &&
pdu->type == Connect) {
/* Create a new session, even if there is already
* a session open for this address. The new session
* will take care of killing the old ones. */
sm = machine_create();
gw_assert(tuple != NULL);
sm->addr_tuple = wap_addr_tuple_duplicate(tuple);
sm->connect_handle = event->u.TR_Invoke_Ind.handle;
/* Third test is for class 2 TR-Invoke.ind with Resume PDU */
} else if (event->type == TR_Invoke_Ind &&
event->u.TR_Invoke_Ind.tcl == 2 &&
pdu->type == Resume) {
/* Pass to session identified by session id, not
* the address tuple. */
session_id = pdu->u.Resume.sessionid;
sm = gwlist_search(session_machines, &session_id,
find_by_session_id);
if (sm == NULL) {
/* No session; TR-Abort.req(DISCONNECT) */
send_abort(WSP_ABORT_DISCONNECT,
event->u.TR_Invoke_Ind.handle);
}
/* Fourth test is for a class 1 or 2 TR-Invoke.Ind with no
* session for that address tuple. We also handle class 0
* TR-Invoke.ind here by ignoring them; this seems to be
* an omission in the spec table. */
} else if (event->type == TR_Invoke_Ind) {
sm = gwlist_search(session_machines, tuple,
transaction_belongs_to_session);
if (sm == NULL && (event->u.TR_Invoke_Ind.tcl == 1 ||
event->u.TR_Invoke_Ind.tcl == 2)) {
send_abort(WSP_ABORT_DISCONNECT,
event->u.TR_Invoke_Ind.handle);
}
/* Other tests are for events not handled by the state tables;
* do those later, after we've tried to handle them. */
} else {
if (session_id != -1) {
sm = gwlist_search(session_machines, &session_id,
find_by_session_id);
} else {
sm = gwlist_search(session_machines, tuple,
transaction_belongs_to_session);
}
/* The table doesn't really say what we should do with
* non-Invoke events for which there is no session. But
* such a situation means there is an error _somewhere_
* in the gateway. */
if (sm == NULL) {
error(0, "WSP: Cannot find session machine for event.");
wap_event_dump(event);
}
}
wap_addr_tuple_destroy(tuple);
return sm;
}
/**
* Perform the Announce/Register phase for a particular group/file
* Group & encryption: ->ANNOUNCE <-REGISTER ->KEYINFO <-INFO_ACK
* Group & no encryption: ->ANNOUNCE <-REGISTER ->REG_CONF
* Files within a group: ->FILEINFO <-INFO_ACK
* If client_key == 1, REGISTER is followed by CLIENT_KEY
* Returns 1 if at least one client responded, 0 if none responded
*/
int announce_phase(struct finfo_t *finfo)
{
time_t endtime;
int attempt, resend, announce, regconf, keyinfo, fileinfo, open, anyerror;
int len, rval, rcv_status, last_pass, gotall, gotone, allreg, regdone, i;
unsigned char *packet, *decrypted;
struct uftp_h *header;
struct timeval timeout;
struct sockaddr_in receiver;
if (finfo->file_id) {
log1(0, 0, "File ID: %04X Name: %s", finfo->file_id, finfo->filename);
log1(0, 0, " sending as: %s", finfo->destfname);
switch (finfo->ftype) {
case FTYPE_REG:
log(0, 0, "Bytes: %s Blocks: %d Sections: %d",
printll(finfo->size), finfo->blocks, finfo->sections);
break;
case FTYPE_DIR:
log(0, 0, "Empty directory");
break;
case FTYPE_LINK:
log(0, 0, "Symbolic link to %s", finfo->linkname);
break;
}
} else {
log(0, 0, "Initializing group");
if (sync_mode) {
log0(0, 0, "- Connect -");
}
}
rval = 1;
packet = calloc(mtu, 1);
decrypted = calloc(mtu, 1);
if ((packet == NULL) || (decrypted == NULL)) {
syserror(0, 0, "calloc failed!");
exit(1);
}
header = (struct uftp_h *)packet;
endtime = time(NULL) + announce_time;
announce = (finfo->file_id == 0);
regconf = (announce && (keytype == KEY_NONE));
keyinfo = (announce && (keytype != KEY_NONE));
fileinfo = (finfo->file_id != 0);
open = (destcount == 0);
for (i = 0; i < destcount; i++) {
// At start of group, initialize all clients/proxies to DEST_MUTE.
// At start of file, initialize proxies to DEST_ACTIVE (since they
// don't respond directly to a FILEINFO) and clients to DEST_REGISTERED.
if (announce) {
destlist[i].status = DEST_MUTE;
} else if (!client_error(i)) {
if (destlist[i].clientcnt != -1) {
destlist[i].status = DEST_ACTIVE;
} else {
destlist[i].status = DEST_REGISTERED;
}
}
}
timeout.tv_sec = announce_int / 1000;
timeout.tv_usec = (announce_int % 1000) * 1000;
resend = 1;
attempt = 1;
last_pass = 0;
regdone = 0;
while (time(NULL) < endtime) {
// On the initial pass, or when the announce timeout trips,
// send any necessary messages.
if (resend) {
if (keyinfo && !send_keyinfo(finfo, attempt)) {
continue;
}
if (announce && !send_regconf(finfo, attempt, regconf)) {
continue;
}
if (fileinfo && !send_fileinfo(finfo, attempt)) {
continue;
}
if (announce && !send_announce(finfo, attempt, open)) {
continue;
}
resend = 0;
}
// TODO: Currently, the interval between sends is really an inactivity
// timer, not the actual time between sends. We might want to change
// it to that, and perhaps add an extra "overage" timer in case we're
// still processing responses when we're due to resend, that way we'll
// always wait some minimum amount of time.
if ((rcv_status = read_packet(sock, &receiver, packet, &len,
mtu, &timeout)) == -1) {
continue;
} else if (rcv_status == 0) {
attempt++;
resend = 1;
if (last_pass) break;
continue;
}
if (!validate_packet(packet, len, finfo)) {
continue;
}
if (!handle_announce_phase(packet, decrypted, &receiver, finfo,
announce, open, regconf)) {
continue;
}
if (!open) {
for (i = 0, gotall = 1, allreg = 1;
(i < destcount) && (gotall || allreg); i++) {
if (announce) {
gotall = gotall && ((destlist[i].status == DEST_ACTIVE) ||
(destlist[i].status == DEST_ABORT));
allreg = allreg && ((destlist[i].status == DEST_ACTIVE) ||
(destlist[i].status == DEST_REGISTERED) ||
(destlist[i].status == DEST_ABORT));
} else {
gotall = gotall && ((destlist[i].status == DEST_ACTIVE) ||
(destlist[i].status == DEST_DONE) ||
(client_error(i)));
}
}
if (gotall) {
// Break out right away if this is a file registration.
// For group registration, do one last wait, even if
// encryption is enabled since we can still send a
// REG_CONF for a client behind a proxy.
// Change the wait interval to the client's register_int * 1.5
// to allow for late registers.
// Be careful not to overrun the phase timeout!
if (finfo->file_id != 0) break;
timeout.tv_sec = (int)(register_int / 1000 * 1.5);
timeout.tv_usec = (int)((register_int % 1000) * 1000 * 1.5);
if (timeout.tv_sec > endtime) {
#ifdef WINDOWS
timeout.tv_sec = (long)endtime;
#else
timeout.tv_sec = endtime;
#endif
timeout.tv_usec = 0;
}
if (!last_pass) {
log(0, 0, "Late registers:");
}
last_pass = 1;
send_regconf(finfo, attempt + 1, regconf);
} else if (announce && allreg && !regdone) {
// All have registered, so don't wait to send the next message
resend = 1;
regdone = 1;
}
}
}
for (i = 0, gotone = 0, anyerror = 0; i < destcount; i++) {
gotone = gotone || (((destlist[i].status == DEST_ACTIVE) ||
(destlist[i].status == DEST_DONE)) &&
(destlist[i].clientcnt == -1));
if (destlist[i].status == DEST_REGISTERED) {
log1(0, 0, "Couldn't get INFO_ACK from %s", destlist[i].name);
destlist[i].status = DEST_LOST;
anyerror = 1;
}
if ((destlist[i].status == DEST_MUTE) ||
(destlist[i].status == DEST_ABORT)) {
anyerror = 1;
}
}
if (anyerror && quit_on_error) {
log0(0, 0, "Aboring all clients");
send_abort(finfo, "A client dropped out, aborting all",
&receive_dest, NULL, (keytype != KEY_NONE), 0);
for (i = 0; i < destcount; i++) {
if (destlist[i].status == DEST_ACTIVE) {
destlist[i].status = DEST_ABORT;
}
}
rval = 0;
}
if (!gotone) {
log0(0, 0, "Announce timed out");
rval = 0;
}
if (open) {
send_regconf(finfo, attempt, regconf);
}
if ((finfo->file_id == 0) && sync_mode) {
for (i = 0; i < destcount; i++) {
if (destlist[i].status == DEST_ACTIVE) {
log0(0, 0, "CONNECT;success;%s", destlist[i].name);
} else {
log0(0, 0, "CONNECT;failed;%s", destlist[i].name);
}
}
log0(0, 0, "- Transfer -");
}
free(packet);
free(decrypted);
return rval;
}
/**
* Read in the contents of an ANNOUNCE.
*/
int read_announce(struct group_list_t *group, unsigned char *packet,
union sockaddr_u *src, struct timeval rxtime, int packetlen)
{
struct uftp_h *header;
struct announce_h *announce;
struct enc_info_he *encinfo;
uint8_t *publicmcast, *privatemcast;
uint8_t *he;
unsigned int iplen, extlen;
header = (struct uftp_h *)packet;
announce = (struct announce_h *)(packet + sizeof(struct uftp_h));
encinfo = NULL;
group->phase = PHASE_REGISTERED;
group->version = header->version;
group->group_id = ntohl(header->group_id);
group->group_inst = header->group_inst;
group->src_id = header->src_id;
if (has_proxy) {
group->replyaddr = proxy_info.addr;
} else {
group->replyaddr = *src;
}
group->grtt = unquantize_grtt(header->grtt);
group->rtt = 0;
group->robust = announce->robust;
group->cc_type = announce->cc_type;
group->gsize = unquantize_gsize(header->gsize);
group->blocksize = ntohs(announce->blocksize);
group->last_server_ts.tv_sec = ntohl(announce->tstamp_sec);
group->last_server_ts.tv_usec = ntohl(announce->tstamp_usec);
group->last_server_rx_ts = rxtime;
group->restart = ((group->group_inst != 0) && (strcmp(tempdir, "")));
group->sync_preview = ((announce->flags & FLAG_SYNC_PREVIEW) != 0);
group->sync_mode = group->sync_preview ||
((announce->flags & FLAG_SYNC_MODE) != 0);
iplen = ((announce->flags & FLAG_IPV6) != 0) ?
sizeof(struct in6_addr) : sizeof(struct in_addr);
publicmcast = ((uint8_t *)announce) + sizeof(struct announce_h);
privatemcast = publicmcast + iplen;
if ((announce->flags & FLAG_IPV6) != 0) {
group->multi.sin6.sin6_family = AF_INET6;
#ifdef SOCKADDR_LEN
group->multi.sin6.sin6_len = sizeof(struct sockaddr_in6);
#endif
memcpy(&group->multi.sin6.sin6_addr.s6_addr, privatemcast, iplen);
} else {
group->multi.sin.sin_family = AF_INET;
#ifdef SOCKADDR_LEN
group->multi.sin.sin_len = sizeof(struct sockaddr_in);
#endif
memcpy(&group->multi.sin.sin_addr.s_addr, privatemcast, iplen);
}
group->fileinfo.fd = -1;
if ((announce->hlen * 4U) < sizeof(struct announce_h) + (2U * iplen)) {
glog1(group, "Rejecting ANNOUNCE from %08X: invalid header size",
ntohl(group->src_id));
send_abort(group, "Invalid header size");
return 0;
}
if ((announce->hlen * 4U) > sizeof(struct announce_h) + (2U * iplen)) {
he = (unsigned char *)announce + sizeof(struct announce_h) +
(2U * iplen);
if (*he == EXT_ENC_INFO) {
encinfo = (struct enc_info_he *)he;
extlen = encinfo->extlen * 4U;
if ((extlen > ((announce->hlen * 4U) -
sizeof(struct announce_h))) ||
(extlen < sizeof(struct enc_info_he)) ||
(extlen != (sizeof(struct enc_info_he) +
ntohs(encinfo->keylen) + ntohs(encinfo->dhlen) +
ntohs(encinfo->siglen)))) {
glog1(group, "Rejecting ANNOUNCE from %08X: "
"invalid extension size", ntohl(group->src_id));
send_abort(group, "Invalid extension size");
return 0;
}
}
}
if (encinfo != NULL) {
if (!read_announce_encryption(group, encinfo, packet, packetlen)) {
return 0;
}
} else if (encrypted_only) {
glog1(group, "No unencrypted transfers allowed");
send_abort(group, "No unencrypted transfers allowed");
return 0;
} else {
group->keyextype = KEYEX_NONE;
group->keytype = KEY_NONE;
group->hashtype = HASH_NONE;
group->sigtype = SIG_NONE;
group->client_auth = 0;
}
gettimeofday(&group->expire_time, NULL);
if (4 * group->robust * group->grtt < 1.0) {
add_timeval_d(&group->expire_time, 1.0);
} else {
add_timeval_d(&group->expire_time, 4 * group->robust * group->grtt);
}
group->fileinfo.nak_time.tv_sec = 0;
group->fileinfo.nak_time.tv_usec = 0;
// Size of data packet, used in transmission speed calculations
group->datapacketsize = group->blocksize + sizeof(struct fileseg_h);
if (group->cc_type == CC_TFMCC) {
group->datapacketsize += sizeof(struct tfmcc_data_info_he);
}
if (group->keytype != KEY_NONE) {
group->datapacketsize += ((group->sigtype == SIG_KEYEX) ?
group->server_pubkeylen : (group->sigtype == SIG_HMAC) ?
group->hmaclen : 0) + KEYBLSIZE + sizeof(struct encrypted_h);
}
// 8 = UDP size, 20 = IPv4 size, 40 = IPv6 size
if ((announce->flags & FLAG_IPV6) != 0) {
group->datapacketsize += sizeof(struct uftp_h) + 8 + 40;
} else {
group->datapacketsize += sizeof(struct uftp_h) + 8 + 20;
}
if (group->cc_type != CC_NONE) {
group->loss_history= safe_calloc(0x10000,sizeof(struct loss_history_t));
group->slowstart = 1;
group->seq_wrap = 0;
group->start_txseq = ntohs(header->seq);
group->max_txseq = group->start_txseq;
group->loss_history[group->start_txseq].found = 1;
group->loss_history[group->start_txseq].t = rxtime;
group->loss_history[group->start_txseq].size = packetlen;
}
return 1;
}
/**
* Processes a new incoming ANNOUNCE
*/
void handle_announce(union sockaddr_u *src, unsigned char *packet,
unsigned packetlen, struct timeval rxtime)
{
struct uftp_h *header;
struct announce_h *announce;
uint32_t *addrlist;
int addrlen, rval;
struct group_list_t *group;
time_t t;
struct tm *start_time;
char privname[INET6_ADDRSTRLEN], srcname[INET6_ADDRSTRLEN];
char srcfqdn[DESTNAME_LEN];
header = (struct uftp_h *)packet;
announce = (struct announce_h *)(packet + sizeof(struct uftp_h));
addrlist = (uint32_t *)((unsigned char *)announce + (announce->hlen * 4));
addrlen = (packetlen - sizeof(struct uftp_h) - (announce->hlen * 4)) / 4;
if ((packetlen < sizeof(struct uftp_h) + (announce->hlen * 4U)) ||
((announce->hlen * 4U) < sizeof(struct announce_h))) {
log1(ntohl(header->group_id), header->group_inst, 0,
"Rejecting ANNOUNCE from %08X: invalid message size",
ntohl(header->src_id));
return;
}
if ((addrlen != 0) && (!uid_in_list(addrlist, addrlen))) {
log1(ntohl(header->group_id), header->group_inst, 0,
"Name not in host list");
return;
}
if ((group = find_open_slot()) == NULL ) {
log0(ntohl(header->group_id), header->group_inst, 0,
"Error: maximum number of incoming files exceeded: %d\n", MAXLIST);
return;
}
t = time(NULL);
start_time = localtime(&t);
snprintf(group->start_date, sizeof(group->start_date), "%04d%02d%02d",
start_time->tm_year + 1900,
start_time->tm_mon + 1, start_time->tm_mday);
snprintf(group->start_time, sizeof(group->start_time), "%02d%02d%02d",
start_time->tm_hour, start_time->tm_min, start_time->tm_sec);
if (!read_announce(group, packet, src, rxtime, packetlen)) {
return;
}
if ((rval = getnameinfo((struct sockaddr *)src, family_len(*src),
srcname, sizeof(srcname), NULL, 0, NI_NUMERICHOST)) != 0) {
glog1(group, "getnameinfo failed: %s", gai_strerror(rval));
}
if (!noname) {
if ((rval = getnameinfo((struct sockaddr *)src, family_len(*src),
srcfqdn, sizeof(srcfqdn), NULL, 0, 0)) != 0) {
glog1(group, "getnameinfo failed: %s", gai_strerror(rval));
}
} else {
strncpy(srcfqdn, srcname, sizeof(srcfqdn) - 1);
}
if ((rval = getnameinfo((struct sockaddr *)&group->multi,
family_len(group->multi), privname, sizeof(privname),
NULL, 0, NI_NUMERICHOST)) != 0) {
glog1(group, "getnameinfo failed: %s", gai_strerror(rval));
}
glog2(group, "Received request from %08X at %s (%s)",
ntohl(group->src_id), srcfqdn, srcname);
glog2(group, "Using private multicast address %s", privname);
glog3(group, "grtt = %.6f", group->grtt);
glog3(group, "send time: %d.%06d", group->last_server_ts.tv_sec,
group->last_server_ts.tv_usec);
glog3(group, "receive time: %d.%06d", group->last_server_rx_ts.tv_sec,
group->last_server_rx_ts.tv_usec);
if (status_file) {
fprintf(status_file,
"CONNECT;%04d/%02d/%02d-%02d:%02d:%02d;%08X;%08X;%s;%s\n",
start_time->tm_year + 1900, start_time->tm_mon + 1,
start_time->tm_mday, start_time->tm_hour,
start_time->tm_min, start_time->tm_sec,
ntohl(group->src_id), group->group_id, srcname, srcfqdn);
fflush(status_file);
}
if (group->restart) {
if (group->sync_mode) {
glog1(group, "Sync mode and restart mode incompatible");
send_abort(group, "Sync mode and restart mode incompatible");
return;
}
}
if (!addr_blank(&group->multi)) {
if (server_count > 0) {
if (!is_multicast(&group->multi, 1)) {
glog1(group, "Invalid source specific multicast address: %s",
privname);
send_abort(group, "Invalid source specific multicast address");
return;
}
if (!other_mcast_users(group)) {
if (!multicast_join(listener, group->group_id, &group->multi,
m_interface, interface_count,
server_keys, server_count)) {
send_abort(group, "Error joining multicast group");
return;
}
if (has_proxy) {
if (!multicast_join(listener,group->group_id, &group->multi,
m_interface, interface_count, &proxy_info, 1)) {
send_abort(group, "Error joining multicast group");
return;
}
}
}
} else {
if (!is_multicast(&group->multi, 0)) {
glog1(group, "Invalid multicast address: %s", privname);
send_abort(group, "Invalid multicast address");
return;
}
if (!other_mcast_users(group)) {
if (!multicast_join(listener, group->group_id,
&group->multi, m_interface, interface_count, NULL, 0)) {
send_abort(group, "Error joining multicast group");
return;
}
}
}
group->multi_join = 1;
}
send_register(group);
}
/**
* Read encryption related fields from an ANNOUNCE
*/
int read_announce_encryption(struct group_list_t *group,
struct enc_info_he *encinfo,
const unsigned char *packet, int packetlen)
{
int keyextype, sigtype, keytype, i;
unsigned char *keys;
keys = (unsigned char *)encinfo + sizeof(struct enc_info_he);
// Sanity check the selected encryption parameters
if (!cipher_supported(encinfo->keytype)) {
glog1(group, "Keytype invalid or not supported here");
send_abort(group, "Keytype invalid or not supported here");
return 0;
}
if (!hash_supported(encinfo->hashtype)) {
glog1(group, "Hashtype invalid or not supported here");
send_abort(group, "Hashtype invalid or not supported here");
return 0;
}
keyextype = (encinfo->keyextype_sigtype & 0xF0) >> 4;
sigtype = encinfo->keyextype_sigtype & 0x0F;
if (((sigtype != SIG_HMAC) && (sigtype != SIG_KEYEX) &&
(sigtype != SIG_AUTHENC)) ||
((sigtype == SIG_AUTHENC) && (!is_auth_enc(encinfo->keytype)))) {
glog1(group, "Invalid sigtype specified");
send_abort(group, "Invalid sigtype specified");
return 0;
}
if ((keyextype != KEYEX_RSA) && (keyextype != KEYEX_ECDH_RSA) &&
(keyextype != KEYEX_ECDH_ECDSA)) {
glog1(group, "Invalid keyextype specified");
send_abort(group, "Invalid keyextype specified");
return 0;
}
group->keyextype = keyextype;
group->keytype = encinfo->keytype;
group->hashtype = encinfo->hashtype;
group->sigtype = sigtype;
group->client_auth = ((encinfo->flags & FLAG_CLIENT_AUTH) != 0);
if (!verify_server_fingerprint(keys, ntohs(encinfo->keylen), group)) {
glog1(group, "Failed to verify server key fingerprint");
send_abort(group, "Failed to verify server key fingerprint");
return 0;
}
if ((group->keyextype == KEYEX_RSA) ||
(group->keyextype == KEYEX_ECDH_RSA)) {
keytype = KEYBLOB_RSA;
} else {
keytype = KEYBLOB_EC;
}
// Load server key and select a matching client key
if (keytype == KEYBLOB_RSA) {
if (!import_RSA_key(&group->server_pubkey.rsa, keys,
ntohs(encinfo->keylen))) {
glog0(group, "Failed to load server public key");
send_abort(group, "Failed to load server public key");
return 0;
}
group->server_pubkeylen = RSA_keylen(group->server_pubkey.rsa);
for (i = 0; i < key_count; i++) {
if ((privkey_type[i] == KEYBLOB_RSA) &&
(group->server_pubkeylen == RSA_keylen(privkey[i].rsa))) {
group->client_privkey = privkey[i];
group->client_privkeylen = RSA_keylen(privkey[i].rsa);
break;
}
}
} else {
if (!import_EC_key(&group->server_pubkey.ec, keys,
ntohs(encinfo->keylen), 0)) {
glog0(group, "Failed to load server public key");
send_abort(group, "Failed to load server public key");
return 0;
}
group->server_pubkeylen = ECDSA_siglen(group->server_pubkey.ec);
for (i = 0; i < key_count; i++) {
if ((privkey_type[i] == KEYBLOB_EC) &&
(get_EC_curve(group->server_pubkey.ec) ==
get_EC_curve(privkey[i].ec))) {
group->client_privkey = privkey[i];
group->client_privkeylen = ECDSA_siglen(privkey[i].ec);
break;
}
}
}
if (!group->client_privkey.key) {
glog1(group, "No client key compatible with server key");
send_abort(group, "No client key compatible with server key");
return 0;
}
if (has_proxy) {
if (!proxy_pubkey.key) {
glog1(group, "Response proxy set but haven't gotten key yet");
send_abort(group,"Response proxy set but haven't gotten key yet");
return 0;
}
if (!(((keytype == KEYBLOB_RSA) && (proxy_pubkeytype == KEYBLOB_RSA)) &&
(RSA_keylen(group->server_pubkey.rsa) ==
RSA_keylen(proxy_pubkey.rsa))) &&
!(((keytype == KEYBLOB_EC) && (proxy_pubkeytype==KEYBLOB_EC)) &&
(get_EC_curve(group->server_pubkey.ec) ==
get_EC_curve(proxy_pubkey.ec)))) {
glog1(group, "Response proxy key not compatible with server key");
send_abort(group,
"Response proxy key not compatible with server key");
return 0;
}
}
if ((group->keyextype == KEYEX_ECDH_ECDSA) ||
(group->keyextype == KEYEX_ECDH_RSA)) {
unsigned char *sigcopy;
int siglen;
unsigned char *dhblob = keys + ntohs(encinfo->keylen);
unsigned char *sig = dhblob + ntohs(encinfo->dhlen);
if (!import_EC_key(&group->server_dhkey.ec, dhblob,
ntohs(encinfo->dhlen), 1)) {
glog0(group, "Failed to load server public ECDH key");
send_abort(group, "Failed to load server public ECDH key");
return 0;
}
group->client_dhkey.ec =
gen_EC_key(get_EC_curve(group->server_dhkey.ec), 1, NULL);
if (!group->client_dhkey.key) {
glog0(group, "Failed to generate client ECDH key");
send_abort(group, "Failed to generate client ECDH key");
return 0;
}
if (has_proxy) {
// We already checked if the proxy key exists, so no need to repeat
if (get_EC_curve(group->server_dhkey.ec) !=
get_EC_curve(proxy_dhkey.ec)) {
glog1(group, "Response proxy ECDH key "
"not compatible with server ECDH key");
send_abort(group, "Response proxy ECDH key "
"not compatible with server ECDH key");
return 0;
}
}
siglen = ntohs(encinfo->siglen);
sigcopy = safe_calloc(siglen, 1);
memcpy(sigcopy, sig, siglen);
memset(sig, 0, siglen);
if (keytype == KEYBLOB_RSA) {
if (!verify_RSA_sig(group->server_pubkey.rsa, group->hashtype,
packet, packetlen, sigcopy, siglen)) {
glog1(group, "Signature verification failed");
send_abort(group, "Signature verification failed");
free(sigcopy);
return 0;
}
} else {
if (!verify_ECDSA_sig(group->server_pubkey.ec, group->hashtype,
packet, packetlen, sigcopy, siglen)) {
glog1(group, "Signature verification failed");
send_abort(group, "Signature verification failed");
free(sigcopy);
return 0;
}
}
free(sigcopy);
}
// Calculate keys
if (!calculate_server_keys(group, encinfo)) {
return 0;
}
return 1;
}
/**
* Calculate the master key and do key expansion to determine the symmetric
* cypher key and IV salt, and hash key for the server
*/
int calculate_server_keys(struct group_list_t *group,
const struct enc_info_he *encinfo)
{
unsigned char *seed, *prf_buf;
int explen, len, seedlen;
time_t t;
uint32_t t2;
memcpy(group->rand1, encinfo->rand1, sizeof(encinfo->rand1));
if (!get_random_bytes(group->rand2, sizeof(group->rand2))) {
glog0(group, "Failed to get random bytes for rand2");
send_abort(group, "Failed to get random bytes for rand2");
return 0;
}
// Sets the first 4 bytes of rand2 to the current time
t = time(NULL);
t2 = (uint32_t)(t & 0xFFFFFFFF);
*(uint32_t *)(group->rand2) = t2;
if (group->keyextype == KEYEX_RSA) {
if (!get_random_bytes(group->premaster, MASTER_LEN)) {
glog0(group, "Failed to get random bytes for premaster");
send_abort(group, "Failed to get random bytes for premaster");
return 0;
}
group->premaster_len = MASTER_LEN;
} else {
EC_key_t pubecdh;
if (has_proxy) {
pubecdh = proxy_dhkey.ec;
} else {
pubecdh = group->server_dhkey.ec;
}
if (!get_ECDH_key(pubecdh, group->client_dhkey.ec,
group->premaster, &group->premaster_len)) {
glog0(group, "Failed to calculate ECDH key");
send_abort(group, "Failed to calculate ECDH key");
return 0;
}
}
get_key_info(group->keytype, &group->keylen, &group->ivlen);
group->hmaclen = get_hash_len(group->hashtype);
explen = group->keylen + SALT_LEN + group->hmaclen;
seedlen = RAND_LEN * 2;
seed = safe_calloc(seedlen, 1);
prf_buf = safe_calloc(MASTER_LEN + explen + group->hmaclen, 1);
memcpy(seed, group->rand1, sizeof(group->rand1));
memcpy(seed + sizeof(group->rand1), group->rand2, sizeof(group->rand2));
PRF(group->hashtype, MASTER_LEN, group->premaster, group->premaster_len,
"master secret", seed, seedlen, prf_buf, &len);
memcpy(group->master,prf_buf, sizeof(group->master));
PRF(group->hashtype, explen, group->master, sizeof(group->master),
"key expansion", seed, seedlen, prf_buf, &len);
memcpy(group->hmackey, prf_buf, group->hmaclen);
memcpy(group->key, prf_buf + group->hmaclen, group->keylen);
memcpy(group->salt, prf_buf + group->hmaclen + group->keylen, SALT_LEN);
free(seed);
free(prf_buf);
return 1;
}
/**
* Sends a REGISTER message in response to an ANNOUNCE or on timeout when
* waiting for a KEYINFO or REG_CONF. If the register timeout expired, abort.
*/
void send_register(struct group_list_t *group)
{
struct uftp_h *header;
struct register_h *reg;
unsigned char *buf, *keydata;
struct timeval now, send_time;
unsigned int len, meslen;
union key_t key;
gettimeofday(&now, NULL);
if (cmptimestamp(now, group->expire_time) >= 0) {
glog1(group, "Registration unconfirmed by server");
send_abort(group, "Registration unconfirmed");
return;
}
buf = safe_calloc(MAXMTU, 1);
header = (struct uftp_h *)buf;
reg = (struct register_h *)(buf + sizeof(struct uftp_h));
keydata = (unsigned char *)reg + sizeof(struct register_h);
set_uftp_header(header, REGISTER, group);
reg->func = REGISTER;
if (group->keytype != KEY_NONE) {
memcpy(reg->rand2, group->rand2, RAND_LEN);
if (group->keyextype == KEYEX_RSA) {
if (has_proxy) {
key = proxy_pubkey;
} else {
key = group->server_pubkey;
}
if (!RSA_encrypt(key.rsa, group->premaster, group->premaster_len,
keydata, &len)) {
glog0(group, "Error encrypting premaster secret");
send_abort(group, "Error encrypting premaster secret");
free(buf);
return;
}
} else {
uint16_t keylen;
if (!export_EC_key(group->client_dhkey.ec, keydata, &keylen)) {
glog0(group, "Error exporting ECDH public key");
send_abort(group, "Error exporting ECDH public key");
free(buf);
return;
}
len = keylen;
}
reg->keyinfo_len = htons(len);
} else {
len = 0;
}
gettimeofday(&now, NULL);
if (cmptimestamp(now, group->last_server_rx_ts) <= 0) {
send_time = group->last_server_ts;
} else {
send_time = add_timeval(group->last_server_ts,
diff_timeval(now, group->last_server_rx_ts));
}
reg->tstamp_sec = htonl((uint32_t)send_time.tv_sec);
reg->tstamp_usec = htonl((uint32_t)send_time.tv_usec);
reg->hlen = (sizeof(struct register_h) + len) / 4;
meslen = sizeof(struct uftp_h) + (reg->hlen * 4);
if (nb_sendto(listener, buf, meslen, 0,
(struct sockaddr *)&(group->replyaddr),
family_len(group->replyaddr)) == SOCKET_ERROR) {
gsockerror(group, "Error sending REGISTER");
} else {
glog2(group, "REGISTER sent");
}
glog3(group, "send time: %d.%06d", send_time.tv_sec, send_time.tv_usec);
set_timeout(group, 0);
if (group->client_auth) {
send_client_key(group);
}
free(buf);
}
/**
* Sends a CLIENT_KEY message if the server requested it.
* Always sent right after a REGISTER.
*/
void send_client_key(struct group_list_t *group)
{
struct uftp_h *header;
struct client_key_h *client_key;
unsigned char *buf, *keyblob, *verify;
uint8_t *verifydata;
unsigned int siglen, meslen;
int verifylen;
uint16_t bloblen;
buf = safe_calloc(MAXMTU, 1);
header = (struct uftp_h *)buf;
client_key = (struct client_key_h *)(buf + sizeof(struct uftp_h));
keyblob = (unsigned char *)client_key + sizeof(struct client_key_h);
verifydata = build_verify_data(group, &verifylen);
if (!verifydata) {
glog0(group, "Error getting verify data");
send_abort(group, "Error getting verify data");
goto end;
}
set_uftp_header(header, CLIENT_KEY, group);
client_key->func = CLIENT_KEY;
if ((group->keyextype == KEYEX_RSA) ||
(group->keyextype == KEYEX_ECDH_RSA)) {
if (!export_RSA_key(group->client_privkey.rsa, keyblob, &bloblen)) {
glog0(group, "Error exporting public key");
send_abort(group, "Error exporting public key");
goto end;
}
verify = keyblob + bloblen;
if (!create_RSA_sig(group->client_privkey.rsa, group->hashtype,
verifydata, verifylen, verify, &siglen)) {
glog0(group, "Error signing verify data");
send_abort(group, "Error signing verify data");
goto end;
}
} else {
if (!export_EC_key(group->client_privkey.ec, keyblob, &bloblen)) {
glog0(group, "Error exporting public key");
send_abort(group, "Error exporting public key");
goto end;
}
verify = keyblob + bloblen;
if (!create_ECDSA_sig(group->client_privkey.ec, group->hashtype,
verifydata, verifylen, verify, &siglen)) {
glog0(group, "Error signing verify data");
send_abort(group, "Error signing verify data");
goto end;
}
}
client_key->bloblen = htons(bloblen);
client_key->siglen = htons(siglen);
client_key->hlen = (sizeof(struct client_key_h) + bloblen + siglen) / 4;
meslen = sizeof(struct uftp_h) + (client_key->hlen * 4);
if (nb_sendto(listener, buf, meslen, 0,
(struct sockaddr *)&(group->replyaddr),
family_len(group->replyaddr)) == SOCKET_ERROR) {
gsockerror(group, "Error sending CLIENT_KEY");
} else {
glog2(group, "CLIENT_KEY sent");
}
end:
free(verifydata);
free(buf);
}
/**
* Process an incoming KEYINFO message.
* Expected in response to a REGISTER when encryption is enabled.
*/
void handle_keyinfo(struct group_list_t *group, unsigned char *message,
unsigned meslen, uint32_t src_id)
{
struct keyinfo_h *keyinfo_hdr;
struct destkey *keylist;
int i, keyidx, len, destkeycnt, unauth_keytype, unauth_keylen, unauth_ivlen;
unsigned explen, declen;
uint8_t decgroupmaster[MASTER_LEN], *prf_buf, *iv;
uint64_t ivctr;
keyinfo_hdr = (struct keyinfo_h *)message;
keylist = (struct destkey *)(message + (keyinfo_hdr->hlen * 4));
if ((meslen < (keyinfo_hdr->hlen * 4U)) ||
((keyinfo_hdr->hlen * 4U) < sizeof(struct keyinfo_h))) {
glog1(group, "Rejecting KEYINFO from server: invalid message size");
return;
}
destkeycnt = (meslen - (keyinfo_hdr->hlen * 4)) / sizeof(struct destkey);
// This duplicates uid_in_list, but here it's addressed in a struct array
for (i = 0, keyidx = -1; (i < destkeycnt) && (keyidx == -1); i++) {
if (uid == keylist[i].dest_id) {
keyidx = i;
}
}
// Don't use a cipher in an authentication mode to decrypt the group master
unauth_keytype = unauth_key(group->keytype);
get_key_info(unauth_keytype, &unauth_keylen, &unauth_ivlen);
if (keyidx != -1) {
glog2(group, "Received KEYINFO");
if (group->phase == PHASE_MIDGROUP) {
// We already got the KEYINFO, so no need to reprocess.
// Just resend the KEYINFO_ACK and reset the timeout
send_keyinfo_ack(group);
set_timeout(group, 0);
return;
}
iv = safe_calloc(unauth_ivlen, 1);
ivctr = ntohl(keyinfo_hdr->iv_ctr_lo);
ivctr |= (uint64_t)ntohl(keyinfo_hdr->iv_ctr_hi) << 32;
build_iv(iv, group->salt, unauth_ivlen, uftp_htonll(ivctr), src_id);
if (!decrypt_block(unauth_keytype, iv, group->key, NULL, 0,
keylist[keyidx].groupmaster, MASTER_LEN,
decgroupmaster, &declen) ||
(declen != MASTER_LEN - 1)) {
glog1(group, "Decrypt failed for group master");
send_abort(group, "Decrypt failed for group master");
free(iv);
return;
}
free(iv);
group->groupmaster[0] = group->version;
memcpy(&group->groupmaster[1], decgroupmaster, declen);
explen = group->keylen + SALT_LEN + group->hmaclen;
prf_buf = safe_calloc(explen + group->hmaclen, 1);
PRF(group->hashtype, explen, group->groupmaster,
sizeof(group->groupmaster), "key expansion",
group->rand1, sizeof(group->rand1), prf_buf, &len);
memcpy(group->grouphmackey, prf_buf, group->hmaclen);
memcpy(group->groupkey, prf_buf + group->hmaclen, group->keylen);
memcpy(group->groupsalt, prf_buf + group->hmaclen + group->keylen,
SALT_LEN);
free(prf_buf);
group->phase = PHASE_MIDGROUP;
send_keyinfo_ack(group);
set_timeout(group, 0);
if (group->restart) {
read_restart_file(group);
}
}
}
