static int handle_data_response(void *object, IP_Port source, uint8_t *packet, uint32_t length) { Onion_Client *onion_c = object; if (length <= (ONION_DATA_RESPONSE_MIN_SIZE + DATA_IN_RESPONSE_MIN_SIZE)) return 1; if (length > MAX_DATA_SIZE) return 1; uint8_t temp_plain[length - ONION_DATA_RESPONSE_MIN_SIZE]; int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion_c->temp_secret_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), temp_plain); if ((uint32_t)len != sizeof(temp_plain)) return 1; uint8_t plain[sizeof(temp_plain) - DATA_IN_RESPONSE_MIN_SIZE]; len = decrypt_data(temp_plain, onion_c->dht->c->self_secret_key, packet + 1, temp_plain + crypto_box_PUBLICKEYBYTES, sizeof(temp_plain) - crypto_box_PUBLICKEYBYTES, plain); if ((uint32_t)len != sizeof(plain)) return 1; if (!onion_c->Onion_Data_Handlers[plain[0]].function) return 1; return onion_c->Onion_Data_Handlers[plain[0]].function(onion_c->Onion_Data_Handlers[plain[0]].object, temp_plain, plain, sizeof(plain)); }
static int handle_announce_response(void *object, IP_Port source, const uint8_t *packet, uint16_t length) { Onion_Client *onion_c = object; if (length < ONION_ANNOUNCE_RESPONSE_MIN_SIZE || length > ONION_ANNOUNCE_RESPONSE_MAX_SIZE) return 1; uint16_t len_nodes = length - ONION_ANNOUNCE_RESPONSE_MIN_SIZE; uint8_t public_key[crypto_box_PUBLICKEYBYTES]; IP_Port ip_port; uint32_t path_num; uint32_t num = check_sendback(onion_c, packet + 1, public_key, &ip_port, &path_num); if (num > onion_c->num_friends) return 1; uint8_t plain[1 + ONION_PING_ID_SIZE + len_nodes]; int len = -1; if (num == 0) { len = decrypt_data(public_key, onion_c->c->self_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES, length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain); } else { if (onion_c->friends_list[num - 1].status == 0) return 1; len = decrypt_data(public_key, onion_c->friends_list[num - 1].temp_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES, length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain); } if ((uint32_t)len != sizeof(plain)) return 1; if (client_add_to_list(onion_c, num, public_key, ip_port, plain[0], plain + 1, path_num) == -1) return 1; if (len_nodes != 0) { Node_format nodes[MAX_SENT_NODES]; int num_nodes = unpack_nodes(nodes, MAX_SENT_NODES, 0, plain + 1 + ONION_PING_ID_SIZE, len_nodes, 0); if (num_nodes <= 0) return 1; if (client_ping_nodes(onion_c, num, nodes, num_nodes, source) == -1) return 1; } //TODO: LAN vs non LAN ips?, if we are connected only to LAN, are we offline? onion_c->last_packet_recv = unix_time(); return 0; }
static int handle_announce_response(void *object, IP_Port source, uint8_t *packet, uint32_t length) { Onion_Client *onion_c = object; if (length < ONION_ANNOUNCE_RESPONSE_MIN_SIZE || length > ONION_ANNOUNCE_RESPONSE_MAX_SIZE) return 1; if ((length - ONION_ANNOUNCE_RESPONSE_MIN_SIZE) % sizeof(Node_format) != 0) return 1; uint16_t num_nodes = (length - ONION_ANNOUNCE_RESPONSE_MIN_SIZE) / sizeof(Node_format); uint8_t public_key[crypto_box_PUBLICKEYBYTES]; IP_Port ip_port; uint32_t num = check_sendback(onion_c, packet + 1, public_key, &ip_port); if (num > onion_c->num_friends) return 1; uint8_t plain[1 + ONION_PING_ID_SIZE + num_nodes * sizeof(Node_format)]; int len = -1; if (num == 0) { len = decrypt_data(public_key, onion_c->dht->c->self_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES, length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain); } else { if (onion_c->friends_list[num - 1].status == 0) return 1; len = decrypt_data(public_key, onion_c->friends_list[num - 1].temp_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES, length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain); } if ((uint32_t)len != sizeof(plain)) return 1; if (client_add_to_list(onion_c, num, public_key, ip_port, plain[0], plain + 1, source) == -1) return 1; Node_format nodes[MAX_SENT_NODES]; memcpy(nodes, plain + 1 + ONION_PING_ID_SIZE, num_nodes * sizeof(Node_format)); if (client_ping_nodes(onion_c, num, nodes, num_nodes, source) == -1) return 1; return 0; }
static int handle_ping_response(void *_dht, IP_Port source, size_t *packet, size_t length) { DHT *dht = _dht; int rc; size_t ping_id; if (length != DHT_PING_SIZE) return 1; PING *ping = dht->ping; if (id_equal(packet + 1, ping->dht->self_public_key)) return 1; // Decrypt ping_id rc = decrypt_data(packet + 1, ping->dht->self_secret_key, packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, sizeof(ping_id) + crypto_box_MACBYTES, (size_t *) &ping_id); if (rc != sizeof(ping_id)) return 1; /* Make sure ping_id is correct. */ int ping_index = is_pinging(ping, source, ping_id); if (!ping_index) return 1; addto_lists(dht, source, packet + 1); return 0; }
static int handle_test_3(void *object, IP_Port source, const uint8_t *packet, uint16_t length) { Onion *onion = object; if (length != (1 + crypto_box_NONCEBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + 1 + crypto_hash_sha256_BYTES + crypto_box_MACBYTES)) return 1; uint8_t plain[1 + crypto_hash_sha256_BYTES]; //print_client_id(packet, length); int len = decrypt_data(test_3_pub_key, onion->dht->self_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES, 1 + crypto_hash_sha256_BYTES + crypto_box_MACBYTES, plain); if (len == -1) return 1; if (memcmp(packet + 1, sb_data, ONION_ANNOUNCE_SENDBACK_DATA_LENGTH) != 0) return 1; memcpy(test_3_ping_id, plain + 1, crypto_hash_sha256_BYTES); //print_client_id(test_3_ping_id, sizeof(test_3_ping_id)); handled_test_3 = 1; return 0; }
static int handle_test_4(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata) { Onion *onion = (Onion *)object; if (length != (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + sizeof("Install gentoo") + crypto_box_MACBYTES)) { return 1; } uint8_t plain[sizeof("Install gentoo")] = {0}; if (memcmp(nonce, packet + 1, crypto_box_NONCEBYTES) != 0) { return 1; } int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion->dht->self_secret_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, sizeof("Install gentoo") + crypto_box_MACBYTES, plain); if (len == -1) { return 1; } if (memcmp(plain, "Install gentoo", sizeof("Install gentoo")) != 0) { return 1; } handled_test_4 = 1; return 0; }
/* handle received packets for not yet established crypto connections. */ static void receive_crypto(void) { uint32_t i; for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) { if (crypto_connections[i].status == CONN_HANDSHAKE_SENT) { uint8_t temp_data[MAX_DATA_SIZE]; uint8_t secret_nonce[crypto_box_NONCEBYTES]; uint8_t public_key[crypto_box_PUBLICKEYBYTES]; uint8_t session_key[crypto_box_PUBLICKEYBYTES]; uint16_t len; if (id_packet(crypto_connections[i].number) == 1) /* if the packet is a friend request drop it (because we are already friends) */ len = read_packet(crypto_connections[i].number, temp_data); if (id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */ len = read_packet(crypto_connections[i].number, temp_data); if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) { if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) { memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES); memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES); increment_nonce(crypto_connections[i].sent_nonce); uint32_t zero = 0; encrypt_precompute(crypto_connections[i].peersessionpublic_key, crypto_connections[i].sessionsecret_key, crypto_connections[i].shared_key); crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */ write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero)); crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */ } } } else if (id_packet(crypto_connections[i].number) != -1) // This should not happen kill the connection if it does crypto_kill(crypto_connections[i].number); } if (crypto_connections[i].status == CONN_NOT_CONFIRMED) { if (id_packet(crypto_connections[i].number) == 3) { uint8_t temp_data[MAX_DATA_SIZE]; uint8_t data[MAX_DATA_SIZE]; int length = read_packet(crypto_connections[i].number, temp_data); int len = decrypt_data(crypto_connections[i].peersessionpublic_key, crypto_connections[i].sessionsecret_key, crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data); uint32_t zero = 0; if (len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) { increment_nonce(crypto_connections[i].recv_nonce); encrypt_precompute(crypto_connections[i].peersessionpublic_key, crypto_connections[i].sessionsecret_key, crypto_connections[i].shared_key); crypto_connections[i].status = CONN_ESTABLISHED; /* connection is accepted so we disable the auto kill by setting it to about 1 month from now. */ kill_connection_in(crypto_connections[i].number, 3000000); } else crypto_kill(crypto_connections[i].number); // This should not happen kill the connection if it does } else if(id_packet(crypto_connections[i].number) != -1) /* This should not happen kill the connection if it does */ crypto_kill(crypto_connections[i].number); } } }
static int handle_ping_request(void *_dht, IP_Port source, size_t *packet, size_t length) { DHT *dht = _dht; int rc; size_t ping_id; if (length != DHT_PING_SIZE) return 1; PING *ping = dht->ping; if (id_equal(packet + 1, ping->dht->self_public_key)) return 1; // Decrypt ping_id rc = decrypt_data(packet + 1, ping->dht->self_secret_key, packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, sizeof(ping_id) + crypto_box_MACBYTES, (size_t *) &ping_id); if (rc != sizeof(ping_id)) return 1; // Send response send_ping_response(ping, source, packet + 1, ping_id); add_toping(ping, packet + 1, source); return 0; }
/* Puts the senders public key in the request in public_key, the data from the request * in data if a friend or ping request was sent to us and returns the length of the data. * packet is the request packet and length is its length. * * return -1 if not valid request. */ int handle_request(uint8_t *self_public_key, uint8_t *self_secret_key, uint8_t *public_key, uint8_t *data, uint8_t *request_id, uint8_t *packet, uint16_t length) { if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && length <= MAX_DATA_SIZE) { if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); uint8_t nonce[crypto_box_NONCEBYTES]; uint8_t temp[MAX_DATA_SIZE]; memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp); if (len1 == -1 || len1 == 0) return -1; request_id[0] = temp[0]; --len1; memcpy(data, temp + 1, len1); return len1; } } return -1; }
int handle_pingres(uint8_t * packet, uint32_t length, IP_Port source) { uint64_t ping_id; if(length != 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + ENCRYPTION_PADDING) { return 1; } if(memcmp(packet + 1, self_public_key, CLIENT_ID_SIZE) == 0)//check if packet is from ourself. { return 1; } int len = decrypt_data(packet + 1, self_secret_key, packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, sizeof(ping_id) + ENCRYPTION_PADDING, (uint8_t *)&ping_id); if(len != sizeof(ping_id)) { return 1; } if(is_pinging(source, ping_id)) { addto_lists(source, packet + 1); return 0; } return 1; }
/* Implementation of svn_auth__password_get_t that decrypts the incoming password using the Windows CryptoAPI and verifies its validity. */ static svn_error_t * windows_ssl_client_cert_pw_decrypter(svn_boolean_t *done, const char **out, apr_hash_t *creds, const char *realmstring, const char *username, apr_hash_t *parameters, svn_boolean_t non_interactive, apr_pool_t *pool) { const svn_string_t *orig; const char *in; SVN_ERR(svn_auth__ssl_client_cert_pw_get(done, &in, creds, realmstring, username, parameters, non_interactive, pool)); if (!*done) return SVN_NO_ERROR; orig = svn_base64_decode_string(svn_string_create(in, pool), pool); orig = decrypt_data(orig, pool); if (orig) { *out = orig->data; *done = TRUE; } else { *done = FALSE; } return SVN_NO_ERROR; }
/* Hook recvfrom and decrypt the data before returning to the program */ ssize_t recvfrom(int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen) { char outbuf[MAX_LEN]; char temp[MAX_LEN]; char *step; int outlen, ret; memset(outbuf,0x00,MAX_LEN); memset(temp,0x00,MAX_LEN); if (!old_recvfrom) old_recvfrom = dlsym(RTLD_NEXT,"recvfrom"); if (sockfd == 0) // Y U CALL ME W/ SOCKFD SET TO ZERO!?!? return old_recvfrom(sockfd, buf, len, flags, src_addr, addrlen); ret = old_recvfrom(sockfd, (void *)temp, MAX_LEN, flags, src_addr, addrlen); if (ret < 1) { // Nothing to decrypt return ret; } if (temp[0] != PACKET_HEADER) { fprintf(stderr,"[!] Client not using same crypto algorithm\n"); return 0; } step=&temp[0]; outlen = decrypt_data(step,ret-HEADER_SIZE,&outbuf[0]); memcpy((void*)buf,(void*)outbuf,(size_t)outlen); return outlen; }
/* Hook recv and decrypt the data before returning to the program */ ssize_t recv(int sockfd, void *buf, size_t len, int flags) { char outbuf[MAX_LEN]; char temp[MAX_LEN]; char *step; int outlen, ret; memset(outbuf,0x00,MAX_LEN); memset(temp,0x00,MAX_LEN); if (!old_recv) old_recv = dlsym(RTLD_NEXT,"recv"); if (sockfd == 0) // Y U CALL ME W/ SOCKFD SET TO ZERO!?!? return old_recv(sockfd, buf, len, flags); ret = old_recv(sockfd, (void *)temp, MAX_LEN, flags); if (ret < 1) { // Nothing to decrypt return ret; } if (temp[0] != PACKET_HEADER) { fprintf(stderr,"[!] Client not using CryptHook\n"); return 0; } step=&temp[0]; outlen = decrypt_data(step,ret - HEADER_SIZE,&outbuf[0]); memcpy((void*)buf,(void*)outbuf,(size_t)outlen); return outlen; }
static int handle_ping_response(void *_dht, IP_Port source, uint8_t *packet, uint32_t length) { DHT *dht = _dht; int rc; uint64_t ping_id; if (length != DHT_PING_SIZE) return 1; PING *ping = dht->ping; if (id_eq(packet + 1, ping->c->self_public_key)) return 1; // Decrypt ping_id rc = decrypt_data(packet + 1, ping->c->self_secret_key, packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, sizeof(ping_id) + ENCRYPTION_PADDING, (uint8_t *) &ping_id); if (rc != sizeof(ping_id)) return 1; /* Make sure ping_id is correct. */ if (!is_pinging(ping, source, ping_id)) return 1; // Associate source ip with client_id addto_lists(dht, source, packet + 1); return 0; }
void Ts2::Link::EndPoint::revNegotiation(const Link::Protocol::LcpNegotiateSessionData& data) { MutexAutoLock lock(&mutex); signMode = data.signMode < getSigningCapability() ? data.signMode : getSigningCapability(); encMode = data.encMode < getEncryptionCapability() ? data.encMode : getEncryptionCapability(); LOG_INFO("EndPoint[%p]: SignMode - %d, EncMode - %d", this, signMode, encMode); if(isServer) { u8 keyMaterial[LCP_NEGOTIATE_SESSION_KEY_MATERIAL_SIZE]; decrypt_data(keyMaterial, data.keyMaterial, ARRAY_SIZE_IN_BYTES(data.keyMaterial), data.iv, *sessionKey); const KeysInKeyMaterial *keys = (KeysInKeyMaterial*)keyMaterial; // Get the key, if it needs if(signMode != Ts2::Security::SIGNING_MODE_NONE) { //signKey = data.signKey; signKey.assign((const char*)keys->sign, ARRAY_SIZE_IN_BYTES(keys->sign)); } if(encMode != Ts2::Security::ENCRYPT_MODE_NONE) { //encKey = data.encKey; encKey.assign((const char*)keys->enc, ARRAY_SIZE_IN_BYTES(keys->enc)); } } if(signMode == Ts2::Security::SIGNING_MODE_NONE) { signKey.clear(); } if(encMode == Ts2::Security::ENCRYPT_MODE_NONE) { encKey.clear(); } }
int handle_ping_request(uint8_t* packet, uint32_t length, IP_Port source) { pingreq_t* p = (pingreq_t*) packet; int rc; uint64_t ping_id; if (length != sizeof(pingreq_t) || id_eq(&p->client_id, self_id)) return 1; // Decrypt ping_id rc = decrypt_data((uint8_t*) &p->client_id, self_secret_key, (uint8_t*) &p->nonce, (uint8_t*) &p->ping_id, sizeof(ping_id) + ENCRYPTION_PADDING, (uint8_t*) &ping_id); if (rc != sizeof(ping_id)) return 1; // Send response send_ping_response(source, &p->client_id, ping_id); send_ping_request(source, &p->client_id); // Make this smarter? return 0; }
int handle_ping_response(uint8_t* packet, uint32_t length, IP_Port source) { pingres_t* p = (pingres_t*) packet; int rc; uint64_t ping_id; if (length != sizeof(pingres_t) || id_eq(&p->client_id, self_id)) return 1; // Decrypt ping_id rc = decrypt_data((uint8_t*) &p->client_id, self_secret_key, (uint8_t*) &p->nonce, (uint8_t*) &p->ping_id, sizeof(ping_id) + ENCRYPTION_PADDING, (uint8_t*) &ping_id); if (rc != sizeof(ping_id)) return 1; // Make sure ping_id is correct if(!is_pinging(source, ping_id)) return 1; // Associate source ip with client_id addto_lists(source, (uint8_t*) &p->client_id); return 0; }
int handle_getnodes(uint8_t * packet, uint32_t length, IP_Port source) { uint64_t ping_id; if(length != 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING) { return 1; } if(memcmp(packet + 1, self_public_key, CLIENT_ID_SIZE) == 0)//check if packet is from ourself. { return 1; } uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE]; int len = decrypt_data(packet + 1, self_secret_key, packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING, plain); if(len != sizeof(ping_id) + CLIENT_ID_SIZE) { return 1; } memcpy(&ping_id, plain, sizeof(ping_id)); sendnodes(source, packet + 1, plain + sizeof(ping_id), ping_id); pingreq(source, packet + 1);//TODO: make this smarter? return 0; }
/* Extract secret nonce, session public key and public_key from a packet(data) with length length. * * return 1 if successful. * return 0 if failure. */ static int handle_cryptohandshake(Net_Crypto *c, uint8_t *public_key, uint8_t *secret_nonce, uint8_t *session_key, uint8_t *data, uint16_t length) { int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES); if (length != 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad) { return 0; } if (data[0] != 2) return 0; uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES]; memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES); int len = decrypt_data(public_key, c->self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES, data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES, crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp); if (len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES) return 0; memcpy(secret_nonce, temp, crypto_box_NONCEBYTES); memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES); return 1; }
/* return 0 if there is no received data in the buffer return -1 if the packet was discarded. return length of received data if successful */ int read_cryptpacket(int crypt_connection_id, uint8_t * data) { if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS) { return 0; } if(crypto_connections[crypt_connection_id].status != 3) { return 0; } uint8_t temp_data[MAX_DATA_SIZE]; int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data); if(length == 0) { return 0; } if(temp_data[0] != 3) { return -1; } int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key, crypto_connections[crypt_connection_id].sessionsecret_key, crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data); if(len != -1) { increment_nonce(crypto_connections[crypt_connection_id].recv_nonce); return len; } return -1; }
void seibu_sound_device::apply_decrypt(UINT8 *rom, UINT8 *opcodes, int length) { for (int i = 0; i < length; i++) { UINT8 src = rom[i]; rom[i] = decrypt_data(i,src); opcodes[i] = decrypt_opcode(i,src); } }
/******************************************************************************** //FUNCTION: // META_CRYPTFS_OP //DESCRIPTION: // META CRYPTFS test main process function. // //PARAMETERS: // //RETURN VALUE: // void // ********************************************************************************/ void META_CRYPTFS_OP(FT_CRYPTFS_REQ *req) { LOGD("req->op:%d\n", req->op); int ret = 0; FT_CRYPTFS_CNF cryptfs_cnf; memcpy(&cryptfs_cnf, req, sizeof(FT_H) + sizeof(CRYPTFS_OP)); cryptfs_cnf.header.id ++; switch (req->op) { case CRYPTFS_OP_QUERY_STATUS: { bool encrypted_status = 0; cryptfs_cnf.m_status = META_SUCCESS; encrypted_status = get_encrypt_phone_status(); LOGD("encrypted_status:%d \n", encrypted_status); cryptfs_cnf.result.query_status_cnf.status = encrypted_status; WriteDataToPC(&cryptfs_cnf, sizeof(FT_CRYPTFS_CNF), NULL, 0); } break; case CRYPTFS_OP_VERIFY: { char* pw = req->cmd.verify_req.pwd; int pw_len = req->cmd.verify_req.length; cryptfs_cnf.m_status = META_SUCCESS; LOGD("pw = %s, pw_len = %d \n", pw, pw_len); if (pw_len < 4 || pw_len > 16) { cryptfs_cnf.result.verify_cnf.decrypt_result = 0; LOGE("Invalid passwd length =%d \n", pw_len); WriteDataToPC(&cryptfs_cnf, sizeof(FT_CRYPTFS_CNF), NULL, 0); break; } if(!decrypt_data(pw)) { cryptfs_cnf.result.verify_cnf.decrypt_result = 1; } else { cryptfs_cnf.result.verify_cnf.decrypt_result = 0; } LOGD("verify result:%d \n", cryptfs_cnf.result.verify_cnf.decrypt_result); WriteDataToPC(&cryptfs_cnf, sizeof(FT_CRYPTFS_CNF), NULL, 0); } break; default: LOGE("Error: unsupport op code = %d\n", req->op); break; } }
/* puts the senders public key in the request in public_key, the data from the request in data if a friend or ping request was sent to us and returns the length of the data. packet is the request packet and length is its length return -1 if not valid request. */ int handle_request(uint8_t *public_key, uint8_t *data, uint8_t *packet, uint16_t length) { if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && length <= MAX_DATA_SIZE + ENCRYPTION_PADDING && memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) { memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES); uint8_t nonce[crypto_box_NONCEBYTES]; memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES); int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES, length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), data); if(len1 == -1) return -1; return len1; } else return -1; }
int handle_sendnodes(uint8_t * packet, uint32_t length, IP_Port source) { uint64_t ping_id; if(length > (1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES + ENCRYPTION_PADDING) || (length - (1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + ENCRYPTION_PADDING)) % (sizeof(Node_format)) != 0 || length < 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + sizeof(Node_format) + ENCRYPTION_PADDING) { return 1; } uint32_t num_nodes = (length - (1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + ENCRYPTION_PADDING)) / sizeof(Node_format); uint8_t plain[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES]; int len = decrypt_data(packet + 1, self_secret_key, packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, sizeof(ping_id) + num_nodes * sizeof(Node_format) + ENCRYPTION_PADDING, plain); if(len != sizeof(ping_id) + num_nodes * sizeof(Node_format)) { return 1; } memcpy(&ping_id, plain, sizeof(ping_id)); if(!is_gettingnodes(source, ping_id)) { return 1; } Node_format nodes_list[MAX_SENT_NODES]; memcpy(nodes_list, plain + sizeof(ping_id), num_nodes * sizeof(Node_format)); uint32_t i; for(i = 0; i < num_nodes; i++) { pingreq(nodes_list[i].ip_port, nodes_list[i].client_id); } addto_lists(source, packet + 1); return 0; }
static gboolean update_peer_session_key (CcnetPeer *peer, const char *content, int clen) { char *buf; int key_len = 0; buf = (char *)decrypt_data (peer, content, clen, &key_len); if (buf) { peer->session_key = g_strndup(buf, key_len); g_free (buf); return TRUE; } else { ccnet_warning ("faied to decrypt session key"); return FALSE; } }
void seibu_sound_decrypt(int cpu_region,int length) { UINT8 *decrypt = auto_malloc(length); UINT8 *rom = memory_region(cpu_region); int i; memory_set_decrypted_region(cpu_region - REGION_CPU1, 0x0000, (length < 0x10000) ? (length - 1) : 0x1fff, decrypt); for (i = 0;i < length;i++) { UINT8 src = rom[i]; rom[i] = decrypt_data(i,src); decrypt[i] = decrypt_opcode(i,src); } if (length > 0x10000) memory_configure_bank_decrypted(1, 0, (length - 0x10000) / 0x8000, decrypt + 0x10000, 0x8000); }
void seibu_sound_decrypt(running_machine &machine,const char *cpu,int length) { address_space &space = machine.device(cpu)->memory().space(AS_PROGRAM); UINT8 *decrypt = auto_alloc_array(machine, UINT8, length); UINT8 *rom = machine.root_device().memregion(cpu)->base(); int i; space.set_decrypted_region(0x0000, (length < 0x10000) ? (length - 1) : 0x1fff, decrypt); for (i = 0;i < length;i++) { UINT8 src = rom[i]; rom[i] = decrypt_data(i,src); decrypt[i] = decrypt_opcode(i,src); } if (length > 0x10000) machine.root_device().membank("bank1")->configure_decrypted_entries(0, (length - 0x10000) / 0x8000, decrypt + 0x10000, 0x8000); }
void seibu_sound_decrypt(running_machine *machine,const char *cpu,int length) { address_space *space = cputag_get_address_space(machine, cpu, ADDRESS_SPACE_PROGRAM); UINT8 *decrypt = auto_alloc_array(machine, UINT8, length); UINT8 *rom = machine->region(cpu)->base(); int i; space->set_decrypted_region(0x0000, (length < 0x10000) ? (length - 1) : 0x1fff, decrypt); for (i = 0;i < length;i++) { UINT8 src = rom[i]; rom[i] = decrypt_data(i,src); decrypt[i] = decrypt_opcode(i,src); } if (length > 0x10000) memory_configure_bank_decrypted(machine, "bank1", 0, (length - 0x10000) / 0x8000, decrypt + 0x10000, 0x8000); }
static int handle_test_4(void *object, IP_Port source, uint8_t *packet, uint32_t length) { Onion *onion = object; if (length != (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + sizeof("Install gentoo") + crypto_box_MACBYTES)) return 1; uint8_t plain[sizeof("Install gentoo")] = {0}; int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion->dht->c->self_secret_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, sizeof("Install gentoo") + crypto_box_MACBYTES, plain); if (len == -1) return 1; if (memcmp(plain, "Install gentoo", sizeof("Install gentoo")) != 0) return 1; handled_test_4 = 1; return 0; }
static gpg_error_t collect_encrypted (void *cookie, const char *data) { receive_ctx_t ctx = cookie; if (!ctx->encrypted) if (!(ctx->encrypted = es_fopenmem (MAX_ENCRYPTED, "w+b,samethread"))) return gpg_error_from_syserror (); if (data) es_fputs (data, ctx->encrypted); if (es_ferror (ctx->encrypted)) return gpg_error_from_syserror (); if (!data) { decrypt_data (ctx); } return 0; }