void auth_generate_auth_hmac (SESSION * session, unsigned char *auth_hmac,
unsigned int mac_len)
{
(void)mac_len;
struct buf* buf = buf_new();
buf_append_data(buf, session->init_client_packet->ptr,
session->init_client_packet->len);
buf_append_data(buf, session->init_server_packet->ptr,
session->init_server_packet->len);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0); /* unknown */
/* <-- random data would go here */
buf_append_data(buf, session->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC message", buf->ptr,
buf->len);
hexdump8x32 ("auth_generate_auth_hmac, HMAC key", session->key_hmac,
sizeof (session->key_hmac));
#endif
sha1_hmac ( session->key_hmac, sizeof (session->key_hmac),
buf->ptr, buf->len, auth_hmac);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC digest", auth_hmac,
mac_len);
#endif
buf_free(buf);
}
static void auth_generate_auth_hmac(struct login_ctx *l) {
struct buf* buf = buf_new();
buf_append_data(buf, l->client_parameters->ptr,
l->client_parameters->len);
buf_append_data(buf, l->server_parameters->ptr,
l->server_parameters->len);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0); /* unknown */
/* <-- random data would go here */
buf_append_data(buf, l->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC message", buf->ptr,
buf->len);
hexdump8x32 ("auth_generate_auth_hmac, HMAC key", l->key_hmac,
sizeof (l->key_hmac));
#endif
sha1_hmac(l->key_hmac, sizeof(l->key_hmac),
buf->ptr, buf->len, l->auth_hmac);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC digest", l->auth_hmac,
sizeof(l->auth_hmac));
#endif
buf_free(buf);
}
int send_client_auth (SESSION * session)
{
int ret;
struct buf* buf = buf_new();
buf_append_data(buf, session->auth_hmac, 20);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0);
/* <-- random data would go here */
buf_append_data (buf, session->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32 ("send_client_auth, second client packet", buf->ptr,
buf->len);
#endif
ret = send(session->ap_sock, buf->ptr, buf->len, 0);
if (ret <= 0) {
DSFYDEBUG("send_client_auth(): connection lost\n");
buf_free(buf);
return -1;
}
else if (ret != buf->len) {
DSFYDEBUG("send_client_auth(): only wrote %d of %d bytes\n",
ret, buf->len);
buf_free(buf);
return -1;
}
buf_free(buf);
return 0;
}
int send_client_initial_packet (SESSION * session)
{
int ret;
unsigned int len_idx;
struct buf* b = buf_new();
buf_append_u16 (b, 3); /* protocol version */
len_idx = b->len;
buf_append_u16(b, 0); /* packet length - updated later */
buf_append_u32(b, 0x00000300); /* unknown */
buf_append_u32(b, 0x00030c00); /* unknown */
buf_append_u32(b, session->client_revision);
buf_append_u32(b, 0); /* unknown */
buf_append_u32(b, 0x01000000); /* unknown */
buf_append_data(b, session->client_id, 4);
buf_append_u32(b, 0); /* unknown */
buf_append_data (b, session->client_random_16, 16);
buf_append_data (b, session->my_pub_key, 96);
BN_bn2bin (session->rsa->n, session->rsa_pub_exp);
buf_append_data (b, session->rsa_pub_exp, sizeof(session->rsa_pub_exp));
buf_append_u8 (b, 0); /* length of random data */
buf_append_u8 (b, session->username_len);
buf_append_u16(b, 0x0100); /* unknown */
/* <-- random data would go here */
buf_append_data (b, (unsigned char *) session->username,
session->username_len);
buf_append_u8 (b, 0x40); /* unknown */
/*
* Update length bytes
*
*/
b->ptr[len_idx] = (b->len >> 8) & 0xff;
b->ptr[len_idx+1] = b->len & 0xff;
#ifdef DEBUG_LOGIN
hexdump8x32 ("initial client packet", b->ptr, b->len);
#endif
ret = send (session->ap_sock, b->ptr, b->len, 0);
if (ret <= 0) {
DSFYDEBUG("connection lost\n");
buf_free(b);
return -1;
}
else if (ret != b->len) {
DSFYDEBUG("only wrote %d of %d bytes\n", ret, b->len);
buf_free(b);
return -1;
}
/* save initial server packet for auth hmac generation */
session->init_client_packet = b;
return 0;
}
static int send_client_auth_packet(struct login_ctx *l) {
int ret;
struct buf* buf = buf_new();
buf_append_data(buf, l->auth_hmac, 20);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0);
/* <-- random data would go here */
buf_append_data (buf, l->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32("send_client_auth_packet, second client packet", buf->ptr,
buf->len);
#endif
ret = send(l->sock, buf->ptr, buf->len, 0);
if (ret <= 0) {
DSFYDEBUG("Connection was reset\n");
buf_free(buf);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
else if (ret != buf->len) {
DSFYDEBUG("Only wrote %d of %d bytes\n",
ret, buf->len);
buf_free(buf);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_free(buf);
return 0;
}
/*
* Request ads
* The response is plain XML
*
*/
int cmd_requestad (SESSION * session, unsigned char ad_type)
{
CHANNEL *ch;
int ret;
char buf[100];
struct buf* b = buf_new();
_snprintf(buf, sizeof(buf), "RequestAd-with-type-%d", ad_type);
ch = channel_register (buf, dump_generic, NULL);
DSFYDEBUG
("allocated channel %d, retrieving ads with type id %d\n",
ch->channel_id, ad_type);
buf_append_u16(b, ch->channel_id);
buf_append_u8(b, ad_type);
ret = packet_write (session, CMD_REQUESTAD, b->ptr, b->len);
DSFYDEBUG ("packet_write() returned %d\n", ret);
buf_free(b);
return ret;
}
static int receive_server_parameters(struct login_ctx *l) {
char buf[512];
unsigned char padlen, username_len;
unsigned short chalen[4];
int normalize;
int ret;
struct buf* save = buf_new();
/* read 2 status bytes */
ret = block_read(l->sock, l->server_random_16, 2);
if(ret < 2) {
DSFYDEBUG("Failed to read status bytes, return value was %d, errno is %d\n", ret, errno);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
if (l->server_random_16[0] != 0) {
DSFYDEBUG("Bad response: %#02x %#02x\n",
l->server_random_16[0], l->server_random_16[1]);
switch (l->server_random_16[1]) {
case 1: /* client upgrade required */
l->error = SP_LOGIN_ERROR_UPGRADE_REQUIRED;
return -1;
case 3: /* user not found */
l->error = SP_LOGIN_ERROR_USER_NOT_FOUND;
return -1;
case 4: /* account has been disabled */
l->error = SP_LOGIN_ERROR_USER_BANNED;
return -1;
case 6: /* you need to complete your account details */
l->error = SP_LOGIN_ERROR_USER_NEED_TO_COMPLETE_DETAILS;
return -1;
case 9: /* country mismatch */
l->error = SP_LOGIN_ERROR_USER_COUNTRY_MISMATCH;
return -1;
default: /* unknown error */
l->error = SP_LOGIN_ERROR_OTHER_PERMANENT;
return -1;
}
}
/* read remaining 14 random bytes */
ret = block_read(l->sock, l->server_random_16 + 2, 14);
if(ret < 14) {
DSFYDEBUG("Failed to read server random\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, l->server_random_16, 16);
/* read public key */
ret = block_read(l->sock, l->remote_pub_key, 96);
if (ret != 96) {
DSFYDEBUG("Failed to read 'remote_pub_key'\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, l->remote_pub_key, 96);
/* read server blob */
ret = block_read(l->sock, buf, 256);
if (ret != 256) {
DSFYDEBUG("Failed to read 'random_256', got %d of 256 bytes\n", ret);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, buf, 256);
/* read salt */
ret = block_read(l->sock, l->salt, 10);
if (ret != 10) {
DSFYDEBUG("Failed to read 'salt'\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, l->salt, 10);
/* read padding length */
ret = block_read(l->sock, &padlen, 1);
if (ret != 1) {
DSFYDEBUG("Failed to read 'padding length'\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
assert (padlen > 0);
buf_append_u8(save, padlen);
/* read username length */
ret = block_read(l->sock, &username_len, 1);
if (ret != 1) {
DSFYDEBUG("Failed to read 'username_len'\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_u8(save, username_len);
/* read challenge lengths */
ret = block_read(l->sock, chalen, 8);
if (ret != 8) {
DSFYDEBUG("Failed to read challenge lengths\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, chalen, 8);
/* read packet padding */
ret = block_read(l->sock, buf, padlen);
if (ret != padlen) {
DSFYDEBUG("Failed to read 'padding'\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, buf, padlen);
/* read username */
ret = block_read(l->sock,
l->username, username_len);
if (ret != username_len) {
DSFYDEBUG("Failed to read 'username'\n");
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, l->username, username_len);
l->username[username_len] = 0;
/* read puzzle challenge */
{
int puzzle_len = ntohs(chalen[0]);
int len1 = ntohs(chalen[1]);
int len2 = ntohs(chalen[2]);
int len3 = ntohs(chalen[3]);
int totlen = puzzle_len + len1 + len2 + len3;
struct buf* b = buf_new();
buf_extend(b, totlen);
DSFYDEBUG("Reading a total of %d bytes puzzle challenge\n", totlen);
ret = block_read(l->sock, b->ptr, totlen);
if (ret != totlen) {
DSFYDEBUG("Failed to read puzzle\n");
buf_free(b);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_append_data(save, b->ptr, totlen);
if (b->ptr[0] == 1) {
l->puzzle_denominator = b->ptr[1];
memcpy(&normalize, b->ptr + 2, sizeof(int));
l->puzzle_magic = ntohl(normalize);
}
else {
DSFYDEBUG("Unexpected puzzle challenge with first byte 0x%02x\n", b->ptr[0]);
hexdump8x32("receive_server_parameters, puzzle", b->ptr, totlen);
l->error = SP_LOGIN_ERROR_OTHER_PERMANENT;
buf_free(b);
return -1;
}
buf_free(b);
}
l->server_parameters = save;
return 0;
}
static int send_client_parameters(struct login_ctx *l) {
int ret;
unsigned char client_pub_key[96];
unsigned char rsa_pub_exp[128];
unsigned int len_idx;
unsigned char bytevalue;
struct buf* b = buf_new();
buf_append_u16 (b, 3); /* protocol version */
len_idx = b->len;
buf_append_u16(b, 0); /* packet length - updated later */
buf_append_u32(b, 0); /* unknown */
buf_append_u32(b, 0x00030c00); /* unknown */
buf_append_u32(b, 99999); /* revision */
buf_append_u32(b, 0); /* unknown */
buf_append_u32(b, 0x01000000); /* unknown */
buf_append_data(b, "\x01\x04\x01\x01", 4); /* client ID */
buf_append_u32(b, 0); /* unknown */
/* Random bytes(?) */
RAND_bytes(l->client_random_16, 16);
buf_append_data (b, l->client_random_16, 16);
BN_bn2bin (l->dh->pub_key, client_pub_key);
buf_append_data (b, client_pub_key, sizeof(client_pub_key));
BN_bn2bin (l->rsa->n, rsa_pub_exp);
buf_append_data (b, rsa_pub_exp, sizeof(rsa_pub_exp));
buf_append_u8 (b, 0); /* length of random data */
bytevalue = strlen(l->username);
buf_append_u8 (b, bytevalue);
buf_append_u16(b, 0x0100); /* unknown */
/* <-- random data would go here */
DSFYDEBUG("Sending username '%s'\n", l->username);
buf_append_data (b, (unsigned char *) l->username,
strlen(l->username));
buf_append_u8 (b, 0x40); /* unknown */
/*
* Update length bytes
*
*/
b->ptr[len_idx] = (b->len >> 8) & 0xff;
b->ptr[len_idx+1] = b->len & 0xff;
ret = send(l->sock, b->ptr, b->len, 0);
if (ret <= 0) {
DSFYDEBUG("connection lost\n");
buf_free(b);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
else if (ret != b->len) {
DSFYDEBUG("only wrote %d of %d bytes\n", ret, b->len);
buf_free(b);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
/* save initial server packet for auth hmac generation */
l->client_parameters = b;
return 0;
}
ssize_t block_read (int fd, void *buf, size_t nbyte)
{
unsigned int idx;
ssize_t n;
fd_set rfds;
struct timeval tv;
int ret;
idx = 0;
while (idx < nbyte) {
if ((n = recv (fd, (char *)buf + idx, nbyte - idx, 0)) <= 0) {
#ifdef _WIN32
if(n == -1 && WSAGetLastError() == WSAEWOULDBLOCK) {
#else
if(n == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
#endif
FD_ZERO(&rfds);
FD_SET(fd, &rfds);
tv.tv_sec = 2;
tv.tv_usec = 0;
ret = select(fd + 1, &rfds, NULL, NULL, &tv);
if(!FD_ISSET(fd, &rfds))
return -1;
continue;
}
return n;
}
idx += n;
}
return idx;
}
ssize_t block_write (int fd, const void *buf, size_t nbyte)
{
unsigned int idx;
ssize_t n;
fd_set wfds;
idx = 0;
while (idx < nbyte) {
if ((n = send (fd, (char *)buf + idx, nbyte - idx, 0)) <= 0) {
#ifdef _WIN32
if(n == -1 && WSAGetLastError() == WSAEWOULDBLOCK) {
#else
if(n == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
#endif
FD_ZERO(&wfds);
FD_SET(fd, &wfds);
if(select(fd + 1, NULL, &wfds, NULL, NULL) < 0)
return -1;
continue;
}
return n;
}
idx += n;
}
return idx;
}
#ifdef __APPLE__
#include <mach/mach_time.h>
#include <sys/types.h>
#include <sys/time.h>
#endif
int get_millisecs(void) {
#ifdef _WIN32
/* FIXME: Affected by timezone and DST */
return GetTickCount();
#elif __linux__
struct timespec ts;
clock_gettime(CLOCK_MONOTONIC, &ts);
return ts.tv_sec * 1000 + ts.tv_nsec / 1000000;
#elif __APPLE__
static mach_timebase_info_data_t mtid;
static uint64_t first_mat;
uint64_t elapsed_ns;
if(!mtid.denom) {
mach_timebase_info(&mtid);
first_mat = mach_absolute_time();
}
elapsed_ns = (mach_absolute_time() - first_mat) * mtid.numer / mtid.denom;
return elapsed_ns / 1000000;
#else
static struct timeval first_tv;
struct timeval tv;
if(first_tv.tv_sec == 0)
gettimeofday(&first_tv, NULL);
gettimeofday(&tv, NULL);
tv.tv_sec -= first_tv.tv_sec;
if(tv.tv_usec < first_tv.tv_usec) {
tv.tv_sec--;
tv.tv_usec += 1000000;
}
tv.tv_usec -= first_tv.tv_usec;
return tv.tv_sec * 1000 + tv.tv_usec/1000;
#endif
}
struct buf* despotify_inflate(unsigned char* data, int len) {
int done, offset, rc;
struct buf *b;
struct z_stream_s z;
if(!len)
return NULL;
memset(&z, 0, sizeof z);
rc = inflateInit2(&z, -MAX_WBITS);
if (rc != Z_OK) {
DSFYDEBUG("error: inflateInit() returned %d\n", rc);
return NULL;
}
z.next_in = data;
z.avail_in = len;
b = buf_new();
buf_extend(b, 4096);
offset = 0;
done = 0;
while(!done) {
z.avail_out = b->size - offset;
z.next_out = b->ptr + offset;
rc = inflate(&z, Z_NO_FLUSH);
switch (rc) {
case Z_OK:
/* inflated fine */
if (z.avail_out == 0) {
/* zlib needs more output buffer */
offset = b->size;
buf_extend(b, b->size * 2);
}
break;
case Z_STREAM_END:
/* end of input */
done = 1;
break;
default:
/* error */
DSFYDEBUG("error: inflate() returned %d\n", rc);
done = 1;
buf_free(b);
b = NULL;
break;
}
}
if (b) {
b->len = b->size - z.avail_out;
buf_append_u8(b, 0); /* null terminate string */
}
inflateEnd(&z);
return b;
}
int read_server_initial_packet (SESSION * session)
{
char buf[512];
unsigned char padlen;
int ret;
struct buf* save = buf_new();
/* read 2 status bytes */
ret = block_read(session->ap_sock, session->server_random_16, 2);
if (ret < 2) {
DSFYDEBUG("Failed to read status bytes\n");
DSFYDEBUG("Remote host was %s:%d\n",
session->server_host, session->server_port);
if (ret > 0)
hexdump8x32
("read_server_initial_packet, server_random_16",
session->server_random_16, ret);
return -90;
}
#ifdef DEBUG_LOGIN
hexdump8x32 ("read_server_initial_packet, server_random_16",
session->server_random_16, ret);
#endif
if (session->server_random_16[0] != 0) {
DSFYDEBUG("Bad response: %#02x %#02x\n",
session->server_random_16[0],
session->server_random_16[1]);
switch (session->server_random_16[1]) {
case 1: /* client upgrade required */
return -11;
case 3: /* user not found */
return -13;
case 4: /* account has been disabled */
return -14;
case 6: /* you need to complete your account details */
return -16;
case 9: /* country mismatch */
return -19;
default: /* unknown error */
return -91;
}
}
/* read remaining 14 random bytes */
ret = block_read(session->ap_sock, session->server_random_16 + 2, 14);
if (ret < 14) {
DSFYDEBUG("Failed to read server random\n");
DSFYDEBUG("Remote host was %s:%d\n",
session->server_host, session->server_port);
if (ret > 0)
hexdump8x32("read_server_initial_packet, server_random_16",
session->server_random_16+2, ret);
return -92;
}
buf_append_data(save, session->server_random_16, 16);
/* read public key */
ret = block_read(session->ap_sock, session->remote_pub_key, 96);
if (ret != 96) {
DSFYDEBUG("Failed to read 'remote_pub_key'\n");
return -93;
}
buf_append_data(save, session->remote_pub_key, 96);
#ifdef DEBUG_LOGIN
hexdump8x32 ("read_server_initial_packet, server pub key",
session->remote_pub_key, 96);
#endif
/* read server blob */
ret = block_read(session->ap_sock, session->random_256, 256);
if (ret != 256) {
DSFYDEBUG("Failed to read 'random_256', got %d of 256 bytes\n", ret);
return -94;
}
buf_append_data(save, session->random_256, 256);
#ifdef DEBUG_LOGIN
hexdump8x32 ("read_server_initial_packet, random_256",
session->random_256, 256);
#endif
/* read salt */
ret = block_read(session->ap_sock, session->salt, 10);
if (ret != 10) {
DSFYDEBUG("Failed to read 'salt'\n");
return -95;
}
buf_append_data(save, session->salt, 10);
#ifdef DEBUG_LOGIN
hexdump8x32 ("read_server_initial_packet, salt", session->salt, 10);
#endif
/* read padding length */
ret = block_read(session->ap_sock, &padlen, 1);
if (ret != 1) {
DSFYDEBUG("Failed to read 'padding length'\n");
return -96;
}
assert (padlen > 0);
buf_append_u8(save, padlen);
/* read username length */
ret = block_read(session->ap_sock, &session->username_len, 1);
if (ret != 1) {
DSFYDEBUG("Failed to read 'username_len'\n");
return -97;
}
buf_append_u8(save, session->username_len);
/* read challenge lengths */
unsigned short chalen[4];
ret = block_read(session->ap_sock, chalen, 8);
if (ret != 8) {
DSFYDEBUG("Failed to read challenge lengths\n");
return -98;
}
buf_append_data(save, chalen, 8);
/* read packet padding */
ret = block_read(session->ap_sock, buf, padlen);
if (ret != padlen) {
DSFYDEBUG("Failed to read 'padding'\n");
return -99;
}
buf_append_data(save, buf, padlen);
#ifdef DEBUG_LOGIN
hexdump8x32 ("read_server_initial_packet, padding", buf, padlen);
#endif
/* read username */
ret = block_read(session->ap_sock,
session->username, session->username_len);
if (ret != session->username_len) {
DSFYDEBUG("Failed to read 'username'\n");
return -100;
}
buf_append_data(save, session->username, session->username_len);
session->username[session->username_len] = 0;
#ifdef DEBUG_LOGIN
hexdump8x32 ("read_server_initial_packet, username",
session->username, session->username_len);
#endif
/* read puzzle challenge */
{
int puzzle_len = ntohs(chalen[0]);
int len1 = ntohs(chalen[1]);
int len2 = ntohs(chalen[2]);
int len3 = ntohs(chalen[3]);
int totlen = puzzle_len + len1 + len2 + len3;
int normalize = 0;
struct buf* b = buf_new();
buf_extend(b, totlen);
ret = block_read(session->ap_sock, b->ptr, totlen);
if (ret != totlen) {
DSFYDEBUG("Failed to read puzzle\n");
buf_free(b);
return -101;
}
buf_append_data(save, b->ptr, totlen);
#ifdef DEBUG_LOGIN
hexdump8x32("read_server_initial_packet, puzzle", b->ptr, totlen);
#endif
if (b->ptr[0] == 1) {
session->puzzle_denominator = b->ptr[1];
memcpy(&normalize, b->ptr+2, sizeof(int));
session->puzzle_magic = ntohl(normalize);
}
else {
DSFYDEBUG("Unexpected puzzle challenge\n");
hexdump8x32("read_server_initial_packet, puzzle", b->ptr, totlen);
buf_free(b);
return -102;
}
buf_free(b);
}
session->init_server_packet = save;
return 0;
}