int BusyWithClassicConnection(EvalContext *ctx, ServerConnectionState *conn)
{
time_t tloc, trem = 0;
char recvbuffer[CF_BUFSIZE + CF_BUFEXT], check[CF_BUFSIZE];
char sendbuffer[CF_BUFSIZE] = { 0 };
char filename[CF_BUFSIZE], buffer[CF_BUFSIZE], args[CF_BUFSIZE], out[CF_BUFSIZE];
long time_no_see = 0;
unsigned int len = 0;
int drift, plainlen, received, encrypted = 0;
ServerFileGetState get_args;
Item *classes;
memset(recvbuffer, 0, CF_BUFSIZE + CF_BUFEXT);
memset(&get_args, 0, sizeof(get_args));
received = ReceiveTransaction(conn->conn_info, recvbuffer, NULL);
if (received == -1 || received == 0)
{
return false;
}
if (strlen(recvbuffer) == 0)
{
Log(LOG_LEVEL_WARNING, "Got NULL transmission, skipping!");
return true;
}
/* Don't process request if we're signalled to exit. */
if (IsPendingTermination())
{
return false;
}
ProtocolCommandClassic command = GetCommandClassic(recvbuffer);
switch (command)
{
/* Plain text authentication; this MUST be the first command client
using classic protocol is sending. */
case PROTOCOL_COMMAND_AUTH_PLAIN:
SetConnectionData(conn, (char *) (recvbuffer + strlen("CAUTH ")));
if (conn->username == NULL || IsUserNameValid(conn->username) == false)
{
Log(LOG_LEVEL_INFO, "Client is sending wrong username: '******'", conn->username);
RefuseAccess(conn, recvbuffer);
return false;
}
/* This is used only for forcing correct state of state machine while
connecting and authenticating user using classic protocol. */
conn->user_data_set = true;
return true;
/* This MUST be exactly second command client using classic protocol is sending.
This is where key agreement takes place. */
case PROTOCOL_COMMAND_AUTH_SECURE:
/* First command was ommited by client; this is protocol violation. */
if (!conn->user_data_set)
{
Log(LOG_LEVEL_INFO, "Client is not verified; rejecting connection");
RefuseAccess(conn, recvbuffer);
return false;
}
conn->rsa_auth = AuthenticationDialogue(conn, recvbuffer, received);
if (!conn->rsa_auth)
{
Log(LOG_LEVEL_INFO, "Auth dialogue error");
RefuseAccess(conn, recvbuffer);
return false;
}
return true;
default:
break;
}
/* At this point we should have both user_data_set and rsa_auth set to perform any operation.
We can check only for second one as without first it won't be set up. */
if (!conn->rsa_auth)
{
Log(LOG_LEVEL_INFO, "Server refusal due to no RSA authentication [command: %d]", command);
RefuseAccess(conn, recvbuffer);
return false;
}
/* We have to have key at this point. */
assert(conn->session_key);
/* At this point we can safely do next switch and make sure user is authenticated. */
switch (command)
{
case PROTOCOL_COMMAND_EXEC:
memset(args, 0, CF_BUFSIZE);
sscanf(recvbuffer, "EXEC %255[^\n]", args);
if (!AllowedUser(conn->username))
{
Log(LOG_LEVEL_INFO, "Server refusal due to non-allowed user");
RefuseAccess(conn, recvbuffer);
return false;
}
if (!AccessControl(ctx, CommandArg0(CFRUNCOMMAND), conn, false))
{
Log(LOG_LEVEL_INFO, "Server refusal due to denied access to requested object");
RefuseAccess(conn, recvbuffer);
return false;
}
if (!MatchClasses(ctx, conn))
{
Log(LOG_LEVEL_INFO, "Server refusal due to failed class/context match");
Terminate(conn->conn_info);
return false;
}
DoExec(ctx, conn, args);
Terminate(conn->conn_info);
return false;
case PROTOCOL_COMMAND_VERSION:
snprintf(sendbuffer, sizeof(sendbuffer), "OK: %s", Version());
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return conn->user_data_set;
case PROTOCOL_COMMAND_GET:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "GET %d %[^\n]", &(get_args.buf_size), filename);
if ((get_args.buf_size < 0) || (get_args.buf_size > CF_BUFSIZE))
{
Log(LOG_LEVEL_INFO, "GET buffer out of bounds");
RefuseAccess(conn, recvbuffer);
return false;
}
if (!AccessControl(ctx, filename, conn, false))
{
Log(LOG_LEVEL_INFO, "Access denied to get object");
RefuseAccess(conn, recvbuffer);
return true;
}
memset(sendbuffer, 0, sizeof(sendbuffer));
if (get_args.buf_size >= CF_BUFSIZE)
{
get_args.buf_size = 2048;
}
get_args.connect = conn;
get_args.encrypt = false;
get_args.replybuff = sendbuffer;
get_args.replyfile = filename;
CfGetFile(&get_args);
return true;
case PROTOCOL_COMMAND_GET_SECURE:
memset(buffer, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SGET %u %d", &len, &(get_args.buf_size));
if (received != len + CF_PROTO_OFFSET)
{
Log(LOG_LEVEL_VERBOSE, "Protocol error SGET");
RefuseAccess(conn, recvbuffer);
return false;
}
plainlen = DecryptString(conn->encryption_type, recvbuffer + CF_PROTO_OFFSET, buffer, conn->session_key, len);
cfscanf(buffer, strlen("GET"), strlen("dummykey"), check, sendbuffer, filename);
if (strcmp(check, "GET") != 0)
{
Log(LOG_LEVEL_INFO, "SGET/GET problem");
RefuseAccess(conn, recvbuffer);
return true;
}
if ((get_args.buf_size < 0) || (get_args.buf_size > 8192))
{
Log(LOG_LEVEL_INFO, "SGET bounding error");
RefuseAccess(conn, recvbuffer);
return false;
}
if (get_args.buf_size >= CF_BUFSIZE)
{
get_args.buf_size = 2048;
}
Log(LOG_LEVEL_DEBUG, "Confirm decryption, and thus validity of caller");
Log(LOG_LEVEL_DEBUG, "SGET '%s' with blocksize %d", filename, get_args.buf_size);
if (!AccessControl(ctx, filename, conn, true))
{
Log(LOG_LEVEL_INFO, "Access control error");
RefuseAccess(conn, recvbuffer);
return false;
}
memset(sendbuffer, 0, sizeof(sendbuffer));
get_args.connect = conn;
get_args.encrypt = true;
get_args.replybuff = sendbuffer;
get_args.replyfile = filename;
CfEncryptGetFile(&get_args);
return true;
case PROTOCOL_COMMAND_OPENDIR_SECURE:
memset(buffer, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SOPENDIR %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_VERBOSE, "Protocol error OPENDIR: %d", len);
RefuseAccess(conn, recvbuffer);
return false;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "OPENDIR", 7) != 0)
{
Log(LOG_LEVEL_INFO, "Opendir failed to decrypt");
RefuseAccess(conn, recvbuffer);
return true;
}
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "OPENDIR %[^\n]", filename);
if (!AccessControl(ctx, filename, conn, true)) /* opendir don't care about privacy */
{
Log(LOG_LEVEL_INFO, "Access error");
RefuseAccess(conn, recvbuffer);
return false;
}
CfSecOpenDirectory(conn, sendbuffer, filename);
return true;
case PROTOCOL_COMMAND_OPENDIR:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "OPENDIR %[^\n]", filename);
if (!AccessControl(ctx, filename, conn, true)) /* opendir don't care about privacy */
{
Log(LOG_LEVEL_INFO, "DIR access error");
RefuseAccess(conn, recvbuffer);
return false;
}
CfOpenDirectory(conn, sendbuffer, filename);
return true;
case PROTOCOL_COMMAND_SYNC_SECURE:
memset(buffer, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SSYNCH %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_VERBOSE, "Protocol error SSYNCH: %d", len);
RefuseAccess(conn, recvbuffer);
return false;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (plainlen < 0)
{
DebugBinOut((char *) conn->session_key, 32, "Session key");
Log(LOG_LEVEL_ERR, "Bad decrypt (%d)", len);
}
if (strncmp(recvbuffer, "SYNCH", 5) != 0)
{
Log(LOG_LEVEL_INFO, "No synch");
RefuseAccess(conn, recvbuffer);
return true;
}
/* roll through, no break */
case PROTOCOL_COMMAND_SYNC:
memset(filename, 0, CF_BUFSIZE);
sscanf(recvbuffer, "SYNCH %ld STAT %[^\n]", &time_no_see, filename);
trem = (time_t) time_no_see;
if ((time_no_see == 0) || (filename[0] == '\0'))
{
break;
}
if ((tloc = time((time_t *) NULL)) == -1)
{
Log(LOG_LEVEL_INFO, "Couldn't read system clock. (time: %s)", GetErrorStr());
SendTransaction(conn->conn_info, "BAD: clocks out of synch", 0, CF_DONE);
return true;
}
drift = (int) (tloc - trem);
if (!AccessControl(ctx, filename, conn, true))
{
Log(LOG_LEVEL_INFO, "Access control in sync");
RefuseAccess(conn, recvbuffer);
return true;
}
if (DENYBADCLOCKS && (drift * drift > CLOCK_DRIFT * CLOCK_DRIFT))
{
snprintf(sendbuffer, sizeof(sendbuffer),
"BAD: Clocks are too far unsynchronized %ld/%ld",
(long) tloc, (long) trem);
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
return true;
}
else
{
Log(LOG_LEVEL_DEBUG, "Clocks were off by %ld", (long) tloc - (long) trem);
StatFile(conn, sendbuffer, filename);
}
return true;
case PROTOCOL_COMMAND_MD5_SECURE:
sscanf(recvbuffer, "SMD5 %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decryption error");
RefuseAccess(conn, recvbuffer);
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "MD5", 3) != 0)
{
Log(LOG_LEVEL_INFO, "MD5 protocol error");
RefuseAccess(conn, recvbuffer);
return false;
}
/* roll through, no break */
case PROTOCOL_COMMAND_MD5:
CompareLocalHash(conn, sendbuffer, recvbuffer);
return true;
case PROTOCOL_COMMAND_VAR_SECURE:
sscanf(recvbuffer, "SVAR %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error SVAR");
RefuseAccess(conn, "decrypt error SVAR");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
encrypted = true;
if (strncmp(recvbuffer, "VAR", 3) != 0)
{
Log(LOG_LEVEL_INFO, "VAR protocol defect");
RefuseAccess(conn, "decryption failure");
return false;
}
/* roll through, no break */
case PROTOCOL_COMMAND_VAR:
if (!LiteralAccessControl(ctx, recvbuffer, conn, encrypted))
{
Log(LOG_LEVEL_INFO, "Literal access failure");
RefuseAccess(conn, recvbuffer);
return false;
}
GetServerLiteral(ctx, conn, sendbuffer, recvbuffer, encrypted);
return true;
case PROTOCOL_COMMAND_CONTEXT_SECURE:
sscanf(recvbuffer, "SCONTEXT %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error SCONTEXT, len,received = %d,%d", len, received);
RefuseAccess(conn, "decrypt error SCONTEXT");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
encrypted = true;
if (strncmp(recvbuffer, "CONTEXT", 7) != 0)
{
Log(LOG_LEVEL_INFO, "CONTEXT protocol defect...");
RefuseAccess(conn, "Decryption failed?");
return false;
}
/* roll through, no break */
case PROTOCOL_COMMAND_CONTEXT:
if ((classes = ContextAccessControl(ctx, recvbuffer, conn, encrypted)) == NULL)
{
Log(LOG_LEVEL_INFO, "Context access failure on %s", recvbuffer);
RefuseAccess(conn, recvbuffer);
return false;
}
ReplyServerContext(conn, encrypted, classes);
return true;
case PROTOCOL_COMMAND_QUERY_SECURE:
sscanf(recvbuffer, "SQUERY %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error SQUERY");
RefuseAccess(conn, "decrypt error SQUERY");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "QUERY", 5) != 0)
{
Log(LOG_LEVEL_INFO, "QUERY protocol defect");
RefuseAccess(conn, "decryption failure");
return false;
}
if (!LiteralAccessControl(ctx, recvbuffer, conn, true))
{
Log(LOG_LEVEL_INFO, "Query access failure");
RefuseAccess(conn, recvbuffer);
return false;
}
if (GetServerQuery(conn, recvbuffer, true)) /* always encrypt */
{
return true;
}
break;
case PROTOCOL_COMMAND_CALL_ME_BACK:
sscanf(recvbuffer, "SCALLBACK %u", &len);
if ((len >= sizeof(out)) || (received != (len + CF_PROTO_OFFSET)))
{
Log(LOG_LEVEL_INFO, "Decrypt error CALL_ME_BACK");
RefuseAccess(conn, "decrypt error CALL_ME_BACK");
return true;
}
memcpy(out, recvbuffer + CF_PROTO_OFFSET, len);
plainlen = DecryptString(conn->encryption_type, out, recvbuffer, conn->session_key, len);
if (strncmp(recvbuffer, "CALL_ME_BACK collect_calls", strlen("CALL_ME_BACK collect_calls")) != 0)
{
Log(LOG_LEVEL_INFO, "CALL_ME_BACK protocol defect");
RefuseAccess(conn, "decryption failure");
return false;
}
if (!LiteralAccessControl(ctx, recvbuffer, conn, true))
{
Log(LOG_LEVEL_INFO, "Query access failure");
RefuseAccess(conn, recvbuffer);
return false;
}
if (ReceiveCollectCall(conn))
{
return true;
}
case PROTOCOL_COMMAND_AUTH_PLAIN:
case PROTOCOL_COMMAND_AUTH_SECURE:
case PROTOCOL_COMMAND_AUTH:
case PROTOCOL_COMMAND_CONTEXTS:
case PROTOCOL_COMMAND_BAD:
Log(LOG_LEVEL_WARNING, "Unexpected protocol command");
}
strcpy(sendbuffer, "BAD: Request denied");
SendTransaction(conn->conn_info, sendbuffer, 0, CF_DONE);
Log(LOG_LEVEL_INFO, "Closing connection, due to request: '%s'", recvbuffer);
return false;
}
int KeyAuthentication(struct Image *ip)
{ char sendbuffer[CF_EXPANDSIZE],in[CF_BUFSIZE],*out,*decrypted_cchall;
BIGNUM *nonce_challenge, *bn = NULL;
unsigned long err;
unsigned char digest[EVP_MAX_MD_SIZE];
int encrypted_len,nonce_len = 0,len;
char cant_trust_server, keyname[CF_BUFSIZE];
RSA *server_pubkey = NULL;
if (COMPATIBILITY_MODE)
{
return true;
}
if (PUBKEY == NULL || PRIVKEY == NULL)
{
CfLog(cferror,"No public/private key pair found\n","");
return false;
}
/* Generate a random challenge to authenticate the server */
nonce_challenge = BN_new();
BN_rand(nonce_challenge,CF_NONCELEN,0,0);
nonce_len = BN_bn2mpi(nonce_challenge,in);
ChecksumString(in,nonce_len,digest,'m');
/* We assume that the server bound to the remote socket is the official one i.e. = root's */
if (OptionIs(CONTEXTID,"HostnameKeys",true))
{
snprintf(keyname,CF_BUFSIZE,"root-%s",ip->server);
Debug("KeyAuthentication(with hostname key %s)\n",keyname);
}
else
{
snprintf(keyname,CF_BUFSIZE,"root-%s",CONN->remoteip);
Debug("KeyAuthentication(with IP keyname %s)\n",keyname);
}
if (server_pubkey = HavePublicKey(keyname))
{
cant_trust_server = 'y';
/* encrypted_len = BN_num_bytes(server_pubkey->n);*/
encrypted_len = RSA_size(server_pubkey);
}
else
{
cant_trust_server = 'n'; /* have to trust server, since we can't verify id */
encrypted_len = nonce_len;
}
snprintf(sendbuffer,CF_BUFSIZE,"SAUTH %c %d %d",cant_trust_server,encrypted_len,nonce_len);
if ((out = malloc(encrypted_len)) == NULL)
{
FatalError("memory failure");
}
if (server_pubkey != NULL)
{
if (RSA_public_encrypt(nonce_len,in,out,server_pubkey,RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
snprintf(OUTPUT,CF_BUFSIZE,"Public encryption failed = %s\n",ERR_reason_error_string(err));
CfLog(cferror,OUTPUT,"");
free(out);
return false;
}
memcpy(sendbuffer+CF_RSA_PROTO_OFFSET,out,encrypted_len);
}
else
{
memcpy(sendbuffer+CF_RSA_PROTO_OFFSET,in,nonce_len);
}
/* proposition C1 - Send challenge / nonce */
SendTransaction(CONN->sd,sendbuffer,CF_RSA_PROTO_OFFSET+encrypted_len,CF_DONE);
BN_free(bn);
BN_free(nonce_challenge);
free(out);
if (DEBUG||D2)
{
RSA_print_fp(stdout,PUBKEY,0);
}
/*Send the public key - we don't know if server has it */
/* proposition C2 */
memset(sendbuffer,0,CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->n,sendbuffer);
SendTransaction(CONN->sd,sendbuffer,len,CF_DONE); /* No need to encrypt the public key ... */
/* proposition C3 */
memset(sendbuffer,0,CF_EXPANDSIZE);
len = BN_bn2mpi(PUBKEY->e,sendbuffer);
SendTransaction(CONN->sd,sendbuffer,len,CF_DONE);
/* check reply about public key - server can break connection here */
/* proposition S1 */
memset(in,0,CF_BUFSIZE);
if (ReceiveTransaction(CONN->sd,in,NULL) == -1)
{
CfLog(cferror,"Protocol transaction broken off",NULL);
return false;
}
if (BadProtoReply(in))
{
CfLog(cferror,in,"");
return false;
}
/* Get challenge response - should be md5 of challenge */
/* proposition S2 */
memset(in,0,CF_BUFSIZE);
if (ReceiveTransaction(CONN->sd,in,NULL) == -1)
{
CfLog(cferror,"Protocol transaction broken off",NULL);
return false;
}
if (!ChecksumsMatch(digest,in,'m'))
{
snprintf(OUTPUT,CF_BUFSIZE,"Challenge response from server %s/%s was incorrect!",ip->server,CONN->remoteip);
CfLog(cferror,OUTPUT,"");
return false;
}
else
{
char server[CF_EXPANDSIZE];
ExpandVarstring(ip->server,server,NULL);
if (cant_trust_server == 'y') /* challenge reply was correct */
{
Verbose("\n...............................................................\n");
snprintf(OUTPUT,CF_BUFSIZE,"Strong authentication of server=%s connection confirmed\n",server);
CfLog(cfverbose,OUTPUT,"");
}
else
{
if (ip->trustkey == 'y')
{
snprintf(OUTPUT,CF_BUFSIZE,"Trusting server identity and willing to accept key from %s=%s",server,CONN->remoteip);
CfLog(cferror,OUTPUT,"");
}
else
{
snprintf(OUTPUT,CF_BUFSIZE,"Not authorized to trust the server=%s's public key (trustkey=false)\n",server);
CfLog(cferror,OUTPUT,"");
return false;
}
}
}
/* Receive counter challenge from server */
Debug("Receive counter challenge from server\n");
/* proposition S3 */
memset(in,0,CF_BUFSIZE);
encrypted_len = ReceiveTransaction(CONN->sd,in,NULL);
if (encrypted_len < 0)
{
CfLog(cferror,"Protocol transaction sent illegal cipher length",NULL);
return false;
}
if ((decrypted_cchall = malloc(encrypted_len)) == NULL)
{
FatalError("memory failure");
}
if (RSA_private_decrypt(encrypted_len,in,decrypted_cchall,PRIVKEY,RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
snprintf(OUTPUT,CF_BUFSIZE,"Private decrypt failed = %s, abandoning\n",ERR_reason_error_string(err));
CfLog(cferror,OUTPUT,"");
return false;
}
/* proposition C4 */
ChecksumString(decrypted_cchall,nonce_len,digest,'m');
Debug("Replying to counter challenge with md5\n");
SendTransaction(CONN->sd,digest,16,CF_DONE);
free(decrypted_cchall);
/* If we don't have the server's public key, it will be sent */
if (server_pubkey == NULL)
{
RSA *newkey = RSA_new();
Debug("Collecting public key from server!\n");
/* proposition S4 - conditional */
if ((len = ReceiveTransaction(CONN->sd,in,NULL)) <= 0)
{
CfLog(cferror,"Protocol error in RSA authentation from IP %s\n",ip->server);
return false;
}
if ((newkey->n = BN_mpi2bn(in,len,NULL)) == NULL)
{
err = ERR_get_error();
snprintf(OUTPUT,CF_BUFSIZE,"Private decrypt failed = %s\n",ERR_reason_error_string(err));
CfLog(cferror,OUTPUT,"");
RSA_free(newkey);
return false;
}
/* proposition S5 - conditional */
if ((len=ReceiveTransaction(CONN->sd,in,NULL)) == 0)
{
CfLog(cfinform,"Protocol error in RSA authentation from IP %s\n",ip->server);
RSA_free(newkey);
return false;
}
if ((newkey->e = BN_mpi2bn(in,len,NULL)) == NULL)
{
err = ERR_get_error();
snprintf(OUTPUT,CF_BUFSIZE,"Private decrypt failed = %s\n",ERR_reason_error_string(err));
CfLog(cferror,OUTPUT,"");
RSA_free(newkey);
return false;
}
SavePublicKey(keyname,newkey);
server_pubkey = RSAPublicKey_dup(newkey);
RSA_free(newkey);
}
/* proposition C5 */
GenerateRandomSessionKey();
DebugBinOut(CONN->session_key,CF_BLOWFISHSIZE);
if (CONN->session_key == NULL)
{
CfLog(cferror,"A random session key could not be established","");
return false;
}
else
{
Debug("Generated session key\n");
DebugBinOut(CONN->session_key,CF_BLOWFISHSIZE);
}
/* blowfishmpisize = BN_bn2mpi((BIGNUM *)CONN->session_key,in); */
DebugBinOut(CONN->session_key,CF_BLOWFISHSIZE);
encrypted_len = RSA_size(server_pubkey);
Debug("Encrypt %d to %d\n",CF_BLOWFISHSIZE,encrypted_len);
if ((out = malloc(encrypted_len)) == NULL)
{
FatalError("memory failure");
}
if (RSA_public_encrypt(CF_BLOWFISHSIZE,CONN->session_key,out,server_pubkey,RSA_PKCS1_PADDING) <= 0)
{
err = ERR_get_error();
snprintf(OUTPUT,CF_BUFSIZE,"Public encryption failed = %s\n",ERR_reason_error_string(err));
CfLog(cferror,OUTPUT,"");
free(out);
return false;
}
Debug("Encryption succeeded\n");
SendTransaction(CONN->sd,out,encrypted_len,CF_DONE);
DebugBinOut(out,encrypted_len);
if (server_pubkey != NULL)
{
RSA_free(server_pubkey);
}
free(out);
return true;
}
