static int handle_data_response(void *object, IP_Port source, uint8_t *packet, uint32_t length)
{
Onion_Client *onion_c = object;
if (length <= (ONION_DATA_RESPONSE_MIN_SIZE + DATA_IN_RESPONSE_MIN_SIZE))
return 1;
if (length > MAX_DATA_SIZE)
return 1;
uint8_t temp_plain[length - ONION_DATA_RESPONSE_MIN_SIZE];
int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion_c->temp_secret_key, packet + 1,
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), temp_plain);
if ((uint32_t)len != sizeof(temp_plain))
return 1;
uint8_t plain[sizeof(temp_plain) - DATA_IN_RESPONSE_MIN_SIZE];
len = decrypt_data(temp_plain, onion_c->dht->c->self_secret_key, packet + 1, temp_plain + crypto_box_PUBLICKEYBYTES,
sizeof(temp_plain) - crypto_box_PUBLICKEYBYTES, plain);
if ((uint32_t)len != sizeof(plain))
return 1;
if (!onion_c->Onion_Data_Handlers[plain[0]].function)
return 1;
return onion_c->Onion_Data_Handlers[plain[0]].function(onion_c->Onion_Data_Handlers[plain[0]].object, temp_plain, plain,
sizeof(plain));
}
static int handle_announce_response(void *object, IP_Port source, const uint8_t *packet, uint16_t length)
{
Onion_Client *onion_c = object;
if (length < ONION_ANNOUNCE_RESPONSE_MIN_SIZE || length > ONION_ANNOUNCE_RESPONSE_MAX_SIZE)
return 1;
uint16_t len_nodes = length - ONION_ANNOUNCE_RESPONSE_MIN_SIZE;
uint8_t public_key[crypto_box_PUBLICKEYBYTES];
IP_Port ip_port;
uint32_t path_num;
uint32_t num = check_sendback(onion_c, packet + 1, public_key, &ip_port, &path_num);
if (num > onion_c->num_friends)
return 1;
uint8_t plain[1 + ONION_PING_ID_SIZE + len_nodes];
int len = -1;
if (num == 0) {
len = decrypt_data(public_key, onion_c->c->self_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH,
packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES,
length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain);
} else {
if (onion_c->friends_list[num - 1].status == 0)
return 1;
len = decrypt_data(public_key, onion_c->friends_list[num - 1].temp_secret_key,
packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH,
packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES,
length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain);
}
if ((uint32_t)len != sizeof(plain))
return 1;
if (client_add_to_list(onion_c, num, public_key, ip_port, plain[0], plain + 1, path_num) == -1)
return 1;
if (len_nodes != 0) {
Node_format nodes[MAX_SENT_NODES];
int num_nodes = unpack_nodes(nodes, MAX_SENT_NODES, 0, plain + 1 + ONION_PING_ID_SIZE, len_nodes, 0);
if (num_nodes <= 0)
return 1;
if (client_ping_nodes(onion_c, num, nodes, num_nodes, source) == -1)
return 1;
}
//TODO: LAN vs non LAN ips?, if we are connected only to LAN, are we offline?
onion_c->last_packet_recv = unix_time();
return 0;
}
static int handle_announce_response(void *object, IP_Port source, uint8_t *packet, uint32_t length)
{
Onion_Client *onion_c = object;
if (length < ONION_ANNOUNCE_RESPONSE_MIN_SIZE || length > ONION_ANNOUNCE_RESPONSE_MAX_SIZE)
return 1;
if ((length - ONION_ANNOUNCE_RESPONSE_MIN_SIZE) % sizeof(Node_format) != 0)
return 1;
uint16_t num_nodes = (length - ONION_ANNOUNCE_RESPONSE_MIN_SIZE) / sizeof(Node_format);
uint8_t public_key[crypto_box_PUBLICKEYBYTES];
IP_Port ip_port;
uint32_t num = check_sendback(onion_c, packet + 1, public_key, &ip_port);
if (num > onion_c->num_friends)
return 1;
uint8_t plain[1 + ONION_PING_ID_SIZE + num_nodes * sizeof(Node_format)];
int len = -1;
if (num == 0) {
len = decrypt_data(public_key, onion_c->dht->c->self_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH,
packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES,
length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain);
} else {
if (onion_c->friends_list[num - 1].status == 0)
return 1;
len = decrypt_data(public_key, onion_c->friends_list[num - 1].temp_secret_key,
packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH,
packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES,
length - (1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES), plain);
}
if ((uint32_t)len != sizeof(plain))
return 1;
if (client_add_to_list(onion_c, num, public_key, ip_port, plain[0], plain + 1, source) == -1)
return 1;
Node_format nodes[MAX_SENT_NODES];
memcpy(nodes, plain + 1 + ONION_PING_ID_SIZE, num_nodes * sizeof(Node_format));
if (client_ping_nodes(onion_c, num, nodes, num_nodes, source) == -1)
return 1;
return 0;
}
static int handle_ping_response(void *_dht, IP_Port source, size_t *packet, size_t length)
{
DHT *dht = _dht;
int rc;
size_t ping_id;
if (length != DHT_PING_SIZE)
return 1;
PING *ping = dht->ping;
if (id_equal(packet + 1, ping->dht->self_public_key))
return 1;
// Decrypt ping_id
rc = decrypt_data(packet + 1,
ping->dht->self_secret_key,
packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + crypto_box_MACBYTES,
(size_t *) &ping_id);
if (rc != sizeof(ping_id))
return 1;
/* Make sure ping_id is correct. */
int ping_index = is_pinging(ping, source, ping_id);
if (!ping_index)
return 1;
addto_lists(dht, source, packet + 1);
return 0;
}
static int handle_test_3(void *object, IP_Port source, const uint8_t *packet, uint16_t length)
{
Onion *onion = object;
if (length != (1 + crypto_box_NONCEBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + 1 + crypto_hash_sha256_BYTES +
crypto_box_MACBYTES))
return 1;
uint8_t plain[1 + crypto_hash_sha256_BYTES];
//print_client_id(packet, length);
int len = decrypt_data(test_3_pub_key, onion->dht->self_secret_key, packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH,
packet + 1 + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH + crypto_box_NONCEBYTES,
1 + crypto_hash_sha256_BYTES + crypto_box_MACBYTES, plain);
if (len == -1)
return 1;
if (memcmp(packet + 1, sb_data, ONION_ANNOUNCE_SENDBACK_DATA_LENGTH) != 0)
return 1;
memcpy(test_3_ping_id, plain + 1, crypto_hash_sha256_BYTES);
//print_client_id(test_3_ping_id, sizeof(test_3_ping_id));
handled_test_3 = 1;
return 0;
}
static int handle_test_4(void *object, IP_Port source, const uint8_t *packet, uint16_t length, void *userdata)
{
Onion *onion = (Onion *)object;
if (length != (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + sizeof("Install gentoo") +
crypto_box_MACBYTES)) {
return 1;
}
uint8_t plain[sizeof("Install gentoo")] = {0};
if (memcmp(nonce, packet + 1, crypto_box_NONCEBYTES) != 0) {
return 1;
}
int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion->dht->self_secret_key, packet + 1,
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, sizeof("Install gentoo") + crypto_box_MACBYTES, plain);
if (len == -1) {
return 1;
}
if (memcmp(plain, "Install gentoo", sizeof("Install gentoo")) != 0) {
return 1;
}
handled_test_4 = 1;
return 0;
}
/* handle received packets for not yet established crypto connections. */
static void receive_crypto(void)
{
uint32_t i;
for (i = 0; i < MAX_CRYPTO_CONNECTIONS; ++i) {
if (crypto_connections[i].status == CONN_HANDSHAKE_SENT) {
uint8_t temp_data[MAX_DATA_SIZE];
uint8_t secret_nonce[crypto_box_NONCEBYTES];
uint8_t public_key[crypto_box_PUBLICKEYBYTES];
uint8_t session_key[crypto_box_PUBLICKEYBYTES];
uint16_t len;
if (id_packet(crypto_connections[i].number) == 1)
/* if the packet is a friend request drop it (because we are already friends) */
len = read_packet(crypto_connections[i].number, temp_data);
if (id_packet(crypto_connections[i].number) == 2) { /* handle handshake packet. */
len = read_packet(crypto_connections[i].number, temp_data);
if (handle_cryptohandshake(public_key, secret_nonce, session_key, temp_data, len)) {
if (memcmp(public_key, crypto_connections[i].public_key, crypto_box_PUBLICKEYBYTES) == 0) {
memcpy(crypto_connections[i].sent_nonce, secret_nonce, crypto_box_NONCEBYTES);
memcpy(crypto_connections[i].peersessionpublic_key, session_key, crypto_box_PUBLICKEYBYTES);
increment_nonce(crypto_connections[i].sent_nonce);
uint32_t zero = 0;
encrypt_precompute(crypto_connections[i].peersessionpublic_key,
crypto_connections[i].sessionsecret_key,
crypto_connections[i].shared_key);
crypto_connections[i].status = CONN_ESTABLISHED; /* connection status needs to be 3 for write_cryptpacket() to work */
write_cryptpacket(i, ((uint8_t *)&zero), sizeof(zero));
crypto_connections[i].status = CONN_NOT_CONFIRMED; /* set it to its proper value right after. */
}
}
} else if (id_packet(crypto_connections[i].number) != -1) // This should not happen kill the connection if it does
crypto_kill(crypto_connections[i].number);
}
if (crypto_connections[i].status == CONN_NOT_CONFIRMED) {
if (id_packet(crypto_connections[i].number) == 3) {
uint8_t temp_data[MAX_DATA_SIZE];
uint8_t data[MAX_DATA_SIZE];
int length = read_packet(crypto_connections[i].number, temp_data);
int len = decrypt_data(crypto_connections[i].peersessionpublic_key,
crypto_connections[i].sessionsecret_key,
crypto_connections[i].recv_nonce, temp_data + 1, length - 1, data);
uint32_t zero = 0;
if (len == sizeof(uint32_t) && memcmp(((uint8_t *)&zero), data, sizeof(uint32_t)) == 0) {
increment_nonce(crypto_connections[i].recv_nonce);
encrypt_precompute(crypto_connections[i].peersessionpublic_key,
crypto_connections[i].sessionsecret_key,
crypto_connections[i].shared_key);
crypto_connections[i].status = CONN_ESTABLISHED;
/* connection is accepted so we disable the auto kill by setting it to about 1 month from now. */
kill_connection_in(crypto_connections[i].number, 3000000);
} else
crypto_kill(crypto_connections[i].number); // This should not happen kill the connection if it does
} else if(id_packet(crypto_connections[i].number) != -1)
/* This should not happen
kill the connection if it does */
crypto_kill(crypto_connections[i].number);
}
}
}
static int handle_ping_request(void *_dht, IP_Port source, size_t *packet, size_t length)
{
DHT *dht = _dht;
int rc;
size_t ping_id;
if (length != DHT_PING_SIZE)
return 1;
PING *ping = dht->ping;
if (id_equal(packet + 1, ping->dht->self_public_key))
return 1;
// Decrypt ping_id
rc = decrypt_data(packet + 1,
ping->dht->self_secret_key,
packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + crypto_box_MACBYTES,
(size_t *) &ping_id);
if (rc != sizeof(ping_id))
return 1;
// Send response
send_ping_response(ping, source, packet + 1, ping_id);
add_toping(ping, packet + 1, source);
return 0;
}
/* Puts the senders public key in the request in public_key, the data from the request
* in data if a friend or ping request was sent to us and returns the length of the data.
* packet is the request packet and length is its length.
*
* return -1 if not valid request.
*/
int handle_request(uint8_t *self_public_key, uint8_t *self_secret_key, uint8_t *public_key, uint8_t *data,
uint8_t *request_id, uint8_t *packet, uint16_t length)
{
if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
length <= MAX_DATA_SIZE) {
if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {
memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
uint8_t nonce[crypto_box_NONCEBYTES];
uint8_t temp[MAX_DATA_SIZE];
memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES);
int len1 = decrypt_data(public_key, self_secret_key, nonce,
packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES,
length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), temp);
if (len1 == -1 || len1 == 0)
return -1;
request_id[0] = temp[0];
--len1;
memcpy(data, temp + 1, len1);
return len1;
}
}
return -1;
}
int handle_pingres(uint8_t * packet, uint32_t length, IP_Port source)
{
uint64_t ping_id;
if(length != 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + ENCRYPTION_PADDING)
{
return 1;
}
if(memcmp(packet + 1, self_public_key, CLIENT_ID_SIZE) == 0)//check if packet is from ourself.
{
return 1;
}
int len = decrypt_data(packet + 1, self_secret_key, packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + ENCRYPTION_PADDING, (uint8_t *)&ping_id);
if(len != sizeof(ping_id))
{
return 1;
}
if(is_pinging(source, ping_id))
{
addto_lists(source, packet + 1);
return 0;
}
return 1;
}
/* Implementation of svn_auth__password_get_t that decrypts
the incoming password using the Windows CryptoAPI and verifies its
validity. */
static svn_error_t *
windows_ssl_client_cert_pw_decrypter(svn_boolean_t *done,
const char **out,
apr_hash_t *creds,
const char *realmstring,
const char *username,
apr_hash_t *parameters,
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
const svn_string_t *orig;
const char *in;
SVN_ERR(svn_auth__ssl_client_cert_pw_get(done, &in, creds, realmstring,
username, parameters,
non_interactive, pool));
if (!*done)
return SVN_NO_ERROR;
orig = svn_base64_decode_string(svn_string_create(in, pool), pool);
orig = decrypt_data(orig, pool);
if (orig)
{
*out = orig->data;
*done = TRUE;
}
else
{
*done = FALSE;
}
return SVN_NO_ERROR;
}
/* Hook recvfrom and decrypt the data before returning to the program */
ssize_t recvfrom(int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen) {
char outbuf[MAX_LEN];
char temp[MAX_LEN];
char *step;
int outlen, ret;
memset(outbuf,0x00,MAX_LEN);
memset(temp,0x00,MAX_LEN);
if (!old_recvfrom)
old_recvfrom = dlsym(RTLD_NEXT,"recvfrom");
if (sockfd == 0) // Y U CALL ME W/ SOCKFD SET TO ZERO!?!?
return old_recvfrom(sockfd, buf, len, flags, src_addr, addrlen);
ret = old_recvfrom(sockfd, (void *)temp, MAX_LEN, flags, src_addr, addrlen);
if (ret < 1) { // Nothing to decrypt
return ret;
}
if (temp[0] != PACKET_HEADER) {
fprintf(stderr,"[!] Client not using same crypto algorithm\n");
return 0;
}
step=&temp[0];
outlen = decrypt_data(step,ret-HEADER_SIZE,&outbuf[0]);
memcpy((void*)buf,(void*)outbuf,(size_t)outlen);
return outlen;
}
/* Hook recv and decrypt the data before returning to the program */
ssize_t recv(int sockfd, void *buf, size_t len, int flags) {
char outbuf[MAX_LEN];
char temp[MAX_LEN];
char *step;
int outlen, ret;
memset(outbuf,0x00,MAX_LEN);
memset(temp,0x00,MAX_LEN);
if (!old_recv)
old_recv = dlsym(RTLD_NEXT,"recv");
if (sockfd == 0) // Y U CALL ME W/ SOCKFD SET TO ZERO!?!?
return old_recv(sockfd, buf, len, flags);
ret = old_recv(sockfd, (void *)temp, MAX_LEN, flags);
if (ret < 1) { // Nothing to decrypt
return ret;
}
if (temp[0] != PACKET_HEADER) {
fprintf(stderr,"[!] Client not using CryptHook\n");
return 0;
}
step=&temp[0];
outlen = decrypt_data(step,ret - HEADER_SIZE,&outbuf[0]);
memcpy((void*)buf,(void*)outbuf,(size_t)outlen);
return outlen;
}
static int handle_ping_response(void *_dht, IP_Port source, uint8_t *packet, uint32_t length)
{
DHT *dht = _dht;
int rc;
uint64_t ping_id;
if (length != DHT_PING_SIZE)
return 1;
PING *ping = dht->ping;
if (id_eq(packet + 1, ping->c->self_public_key))
return 1;
// Decrypt ping_id
rc = decrypt_data(packet + 1,
ping->c->self_secret_key,
packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + ENCRYPTION_PADDING,
(uint8_t *) &ping_id);
if (rc != sizeof(ping_id))
return 1;
/* Make sure ping_id is correct. */
if (!is_pinging(ping, source, ping_id))
return 1;
// Associate source ip with client_id
addto_lists(dht, source, packet + 1);
return 0;
}
void Ts2::Link::EndPoint::revNegotiation(const Link::Protocol::LcpNegotiateSessionData& data)
{
MutexAutoLock lock(&mutex);
signMode = data.signMode < getSigningCapability() ? data.signMode : getSigningCapability();
encMode = data.encMode < getEncryptionCapability() ? data.encMode : getEncryptionCapability();
LOG_INFO("EndPoint[%p]: SignMode - %d, EncMode - %d", this, signMode, encMode);
if(isServer) {
u8 keyMaterial[LCP_NEGOTIATE_SESSION_KEY_MATERIAL_SIZE];
decrypt_data(keyMaterial, data.keyMaterial, ARRAY_SIZE_IN_BYTES(data.keyMaterial), data.iv, *sessionKey);
const KeysInKeyMaterial *keys = (KeysInKeyMaterial*)keyMaterial;
// Get the key, if it needs
if(signMode != Ts2::Security::SIGNING_MODE_NONE) {
//signKey = data.signKey;
signKey.assign((const char*)keys->sign, ARRAY_SIZE_IN_BYTES(keys->sign));
}
if(encMode != Ts2::Security::ENCRYPT_MODE_NONE) {
//encKey = data.encKey;
encKey.assign((const char*)keys->enc, ARRAY_SIZE_IN_BYTES(keys->enc));
}
}
if(signMode == Ts2::Security::SIGNING_MODE_NONE) {
signKey.clear();
}
if(encMode == Ts2::Security::ENCRYPT_MODE_NONE) {
encKey.clear();
}
}
int handle_ping_request(uint8_t* packet, uint32_t length, IP_Port source)
{
pingreq_t* p = (pingreq_t*) packet;
int rc;
uint64_t ping_id;
if (length != sizeof(pingreq_t) || id_eq(&p->client_id, self_id))
return 1;
// Decrypt ping_id
rc = decrypt_data((uint8_t*) &p->client_id,
self_secret_key,
(uint8_t*) &p->nonce,
(uint8_t*) &p->ping_id,
sizeof(ping_id) + ENCRYPTION_PADDING,
(uint8_t*) &ping_id);
if (rc != sizeof(ping_id))
return 1;
// Send response
send_ping_response(source, &p->client_id, ping_id);
send_ping_request(source, &p->client_id); // Make this smarter?
return 0;
}
int handle_ping_response(uint8_t* packet, uint32_t length, IP_Port source)
{
pingres_t* p = (pingres_t*) packet;
int rc;
uint64_t ping_id;
if (length != sizeof(pingres_t) || id_eq(&p->client_id, self_id))
return 1;
// Decrypt ping_id
rc = decrypt_data((uint8_t*) &p->client_id,
self_secret_key,
(uint8_t*) &p->nonce,
(uint8_t*) &p->ping_id,
sizeof(ping_id) + ENCRYPTION_PADDING,
(uint8_t*) &ping_id);
if (rc != sizeof(ping_id))
return 1;
// Make sure ping_id is correct
if(!is_pinging(source, ping_id))
return 1;
// Associate source ip with client_id
addto_lists(source, (uint8_t*) &p->client_id);
return 0;
}
int handle_getnodes(uint8_t * packet, uint32_t length, IP_Port source)
{
uint64_t ping_id;
if(length != 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING)
{
return 1;
}
if(memcmp(packet + 1, self_public_key, CLIENT_ID_SIZE) == 0)//check if packet is from ourself.
{
return 1;
}
uint8_t plain[sizeof(ping_id) + CLIENT_ID_SIZE];
int len = decrypt_data(packet + 1, self_secret_key, packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + CLIENT_ID_SIZE + ENCRYPTION_PADDING, plain);
if(len != sizeof(ping_id) + CLIENT_ID_SIZE)
{
return 1;
}
memcpy(&ping_id, plain, sizeof(ping_id));
sendnodes(source, packet + 1, plain + sizeof(ping_id), ping_id);
pingreq(source, packet + 1);//TODO: make this smarter?
return 0;
}
/* Extract secret nonce, session public key and public_key from a packet(data) with length length.
*
* return 1 if successful.
* return 0 if failure.
*/
static int handle_cryptohandshake(Net_Crypto *c, uint8_t *public_key, uint8_t *secret_nonce,
uint8_t *session_key, uint8_t *data, uint16_t length)
{
int pad = (- crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES);
if (length != 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES
+ crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad) {
return 0;
}
if (data[0] != 2)
return 0;
uint8_t temp[crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES];
memcpy(public_key, data + 1, crypto_box_PUBLICKEYBYTES);
int len = decrypt_data(public_key, c->self_secret_key, data + 1 + crypto_box_PUBLICKEYBYTES,
data + 1 + crypto_box_PUBLICKEYBYTES + crypto_box_NONCEBYTES,
crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + pad, temp);
if (len != crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES)
return 0;
memcpy(secret_nonce, temp, crypto_box_NONCEBYTES);
memcpy(session_key, temp + crypto_box_NONCEBYTES, crypto_box_PUBLICKEYBYTES);
return 1;
}
/* return 0 if there is no received data in the buffer
return -1 if the packet was discarded.
return length of received data if successful */
int read_cryptpacket(int crypt_connection_id, uint8_t * data)
{
if(crypt_connection_id < 0 || crypt_connection_id >= MAX_CRYPTO_CONNECTIONS)
{
return 0;
}
if(crypto_connections[crypt_connection_id].status != 3)
{
return 0;
}
uint8_t temp_data[MAX_DATA_SIZE];
int length = read_packet(crypto_connections[crypt_connection_id].number, temp_data);
if(length == 0)
{
return 0;
}
if(temp_data[0] != 3)
{
return -1;
}
int len = decrypt_data(crypto_connections[crypt_connection_id].peersessionpublic_key,
crypto_connections[crypt_connection_id].sessionsecret_key,
crypto_connections[crypt_connection_id].recv_nonce, temp_data + 1, length - 1, data);
if(len != -1)
{
increment_nonce(crypto_connections[crypt_connection_id].recv_nonce);
return len;
}
return -1;
}
void seibu_sound_device::apply_decrypt(UINT8 *rom, UINT8 *opcodes, int length)
{
for (int i = 0; i < length; i++)
{
UINT8 src = rom[i];
rom[i] = decrypt_data(i,src);
opcodes[i] = decrypt_opcode(i,src);
}
}
/********************************************************************************
//FUNCTION:
// META_CRYPTFS_OP
//DESCRIPTION:
// META CRYPTFS test main process function.
//
//PARAMETERS:
//
//RETURN VALUE:
// void
//
********************************************************************************/
void META_CRYPTFS_OP(FT_CRYPTFS_REQ *req)
{
LOGD("req->op:%d\n", req->op);
int ret = 0;
FT_CRYPTFS_CNF cryptfs_cnf;
memcpy(&cryptfs_cnf, req, sizeof(FT_H) + sizeof(CRYPTFS_OP));
cryptfs_cnf.header.id ++;
switch (req->op) {
case CRYPTFS_OP_QUERY_STATUS:
{
bool encrypted_status = 0;
cryptfs_cnf.m_status = META_SUCCESS;
encrypted_status = get_encrypt_phone_status();
LOGD("encrypted_status:%d \n", encrypted_status);
cryptfs_cnf.result.query_status_cnf.status = encrypted_status;
WriteDataToPC(&cryptfs_cnf, sizeof(FT_CRYPTFS_CNF), NULL, 0);
}
break;
case CRYPTFS_OP_VERIFY:
{
char* pw = req->cmd.verify_req.pwd;
int pw_len = req->cmd.verify_req.length;
cryptfs_cnf.m_status = META_SUCCESS;
LOGD("pw = %s, pw_len = %d \n", pw, pw_len);
if (pw_len < 4 || pw_len > 16) {
cryptfs_cnf.result.verify_cnf.decrypt_result = 0;
LOGE("Invalid passwd length =%d \n", pw_len);
WriteDataToPC(&cryptfs_cnf, sizeof(FT_CRYPTFS_CNF), NULL, 0);
break;
}
if(!decrypt_data(pw)) {
cryptfs_cnf.result.verify_cnf.decrypt_result = 1;
}
else {
cryptfs_cnf.result.verify_cnf.decrypt_result = 0;
}
LOGD("verify result:%d \n", cryptfs_cnf.result.verify_cnf.decrypt_result);
WriteDataToPC(&cryptfs_cnf, sizeof(FT_CRYPTFS_CNF), NULL, 0);
}
break;
default:
LOGE("Error: unsupport op code = %d\n", req->op);
break;
}
}
/* puts the senders public key in the request in public_key, the data from the request
in data if a friend or ping request was sent to us and returns the length of the data.
packet is the request packet and length is its length
return -1 if not valid request. */
int handle_request(uint8_t *public_key, uint8_t *data, uint8_t *packet, uint16_t length)
{
if (length > crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
length <= MAX_DATA_SIZE + ENCRYPTION_PADDING &&
memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {
memcpy(public_key, packet + 1 + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
uint8_t nonce[crypto_box_NONCEBYTES];
memcpy(nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2, crypto_box_NONCEBYTES);
int len1 = decrypt_data(public_key, self_secret_key, nonce, packet + 1 + crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES,
length - (crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1), data);
if(len1 == -1)
return -1;
return len1;
} else
return -1;
}
int handle_sendnodes(uint8_t * packet, uint32_t length, IP_Port source)
{
uint64_t ping_id;
if(length > (1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id)
+ sizeof(Node_format) * MAX_SENT_NODES + ENCRYPTION_PADDING) ||
(length - (1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id)
+ ENCRYPTION_PADDING)) % (sizeof(Node_format)) != 0 ||
length < 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES + sizeof(ping_id)
+ sizeof(Node_format) + ENCRYPTION_PADDING)
{
return 1;
}
uint32_t num_nodes = (length - (1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES
+ sizeof(ping_id) + ENCRYPTION_PADDING)) / sizeof(Node_format);
uint8_t plain[sizeof(ping_id) + sizeof(Node_format) * MAX_SENT_NODES];
int len = decrypt_data(packet + 1, self_secret_key, packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + num_nodes * sizeof(Node_format) + ENCRYPTION_PADDING, plain);
if(len != sizeof(ping_id) + num_nodes * sizeof(Node_format))
{
return 1;
}
memcpy(&ping_id, plain, sizeof(ping_id));
if(!is_gettingnodes(source, ping_id))
{
return 1;
}
Node_format nodes_list[MAX_SENT_NODES];
memcpy(nodes_list, plain + sizeof(ping_id), num_nodes * sizeof(Node_format));
uint32_t i;
for(i = 0; i < num_nodes; i++)
{
pingreq(nodes_list[i].ip_port, nodes_list[i].client_id);
}
addto_lists(source, packet + 1);
return 0;
}
static gboolean
update_peer_session_key (CcnetPeer *peer,
const char *content,
int clen)
{
char *buf;
int key_len = 0;
buf = (char *)decrypt_data (peer, content, clen, &key_len);
if (buf) {
peer->session_key = g_strndup(buf, key_len);
g_free (buf);
return TRUE;
} else {
ccnet_warning ("faied to decrypt session key");
return FALSE;
}
}
void seibu_sound_decrypt(int cpu_region,int length)
{
UINT8 *decrypt = auto_malloc(length);
UINT8 *rom = memory_region(cpu_region);
int i;
memory_set_decrypted_region(cpu_region - REGION_CPU1, 0x0000, (length < 0x10000) ? (length - 1) : 0x1fff, decrypt);
for (i = 0;i < length;i++)
{
UINT8 src = rom[i];
rom[i] = decrypt_data(i,src);
decrypt[i] = decrypt_opcode(i,src);
}
if (length > 0x10000)
memory_configure_bank_decrypted(1, 0, (length - 0x10000) / 0x8000, decrypt + 0x10000, 0x8000);
}
void seibu_sound_decrypt(running_machine &machine,const char *cpu,int length)
{
address_space &space = machine.device(cpu)->memory().space(AS_PROGRAM);
UINT8 *decrypt = auto_alloc_array(machine, UINT8, length);
UINT8 *rom = machine.root_device().memregion(cpu)->base();
int i;
space.set_decrypted_region(0x0000, (length < 0x10000) ? (length - 1) : 0x1fff, decrypt);
for (i = 0;i < length;i++)
{
UINT8 src = rom[i];
rom[i] = decrypt_data(i,src);
decrypt[i] = decrypt_opcode(i,src);
}
if (length > 0x10000)
machine.root_device().membank("bank1")->configure_decrypted_entries(0, (length - 0x10000) / 0x8000, decrypt + 0x10000, 0x8000);
}
void seibu_sound_decrypt(running_machine *machine,const char *cpu,int length)
{
address_space *space = cputag_get_address_space(machine, cpu, ADDRESS_SPACE_PROGRAM);
UINT8 *decrypt = auto_alloc_array(machine, UINT8, length);
UINT8 *rom = machine->region(cpu)->base();
int i;
space->set_decrypted_region(0x0000, (length < 0x10000) ? (length - 1) : 0x1fff, decrypt);
for (i = 0;i < length;i++)
{
UINT8 src = rom[i];
rom[i] = decrypt_data(i,src);
decrypt[i] = decrypt_opcode(i,src);
}
if (length > 0x10000)
memory_configure_bank_decrypted(machine, "bank1", 0, (length - 0x10000) / 0x8000, decrypt + 0x10000, 0x8000);
}
static int handle_test_4(void *object, IP_Port source, uint8_t *packet, uint32_t length)
{
Onion *onion = object;
if (length != (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + sizeof("Install gentoo") + crypto_box_MACBYTES))
return 1;
uint8_t plain[sizeof("Install gentoo")] = {0};
int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion->dht->c->self_secret_key, packet + 1,
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, sizeof("Install gentoo") + crypto_box_MACBYTES, plain);
if (len == -1)
return 1;
if (memcmp(plain, "Install gentoo", sizeof("Install gentoo")) != 0)
return 1;
handled_test_4 = 1;
return 0;
}
static gpg_error_t
collect_encrypted (void *cookie, const char *data)
{
receive_ctx_t ctx = cookie;
if (!ctx->encrypted)
if (!(ctx->encrypted = es_fopenmem (MAX_ENCRYPTED, "w+b,samethread")))
return gpg_error_from_syserror ();
if (data)
es_fputs (data, ctx->encrypted);
if (es_ferror (ctx->encrypted))
return gpg_error_from_syserror ();
if (!data)
{
decrypt_data (ctx);
}
return 0;
}
