static void auth_generate_auth_hmac(struct login_ctx *l) {
struct buf* buf = buf_new();
buf_append_data(buf, l->client_parameters->ptr,
l->client_parameters->len);
buf_append_data(buf, l->server_parameters->ptr,
l->server_parameters->len);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0); /* unknown */
/* <-- random data would go here */
buf_append_data(buf, l->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC message", buf->ptr,
buf->len);
hexdump8x32 ("auth_generate_auth_hmac, HMAC key", l->key_hmac,
sizeof (l->key_hmac));
#endif
sha1_hmac(l->key_hmac, sizeof(l->key_hmac),
buf->ptr, buf->len, l->auth_hmac);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC digest", l->auth_hmac,
sizeof(l->auth_hmac));
#endif
buf_free(buf);
}
void auth_generate_auth_hmac (SESSION * session, unsigned char *auth_hmac,
unsigned int mac_len)
{
(void)mac_len;
struct buf* buf = buf_new();
buf_append_data(buf, session->init_client_packet->ptr,
session->init_client_packet->len);
buf_append_data(buf, session->init_server_packet->ptr,
session->init_server_packet->len);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0); /* unknown */
/* <-- random data would go here */
buf_append_data(buf, session->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC message", buf->ptr,
buf->len);
hexdump8x32 ("auth_generate_auth_hmac, HMAC key", session->key_hmac,
sizeof (session->key_hmac));
#endif
sha1_hmac ( session->key_hmac, sizeof (session->key_hmac),
buf->ptr, buf->len, auth_hmac);
#ifdef DEBUG_LOGIN
hexdump8x32 ("auth_generate_auth_hmac, HMAC digest", auth_hmac,
mac_len);
#endif
buf_free(buf);
}
int send_client_auth (SESSION * session)
{
int ret;
struct buf* buf = buf_new();
buf_append_data(buf, session->auth_hmac, 20);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0);
/* <-- random data would go here */
buf_append_data (buf, session->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32 ("send_client_auth, second client packet", buf->ptr,
buf->len);
#endif
ret = send(session->ap_sock, buf->ptr, buf->len, 0);
if (ret <= 0) {
DSFYDEBUG("send_client_auth(): connection lost\n");
buf_free(buf);
return -1;
}
else if (ret != buf->len) {
DSFYDEBUG("send_client_auth(): only wrote %d of %d bytes\n",
ret, buf->len);
buf_free(buf);
return -1;
}
buf_free(buf);
return 0;
}
int send_client_initial_packet (SESSION * session)
{
int ret;
unsigned int len_idx;
struct buf* b = buf_new();
buf_append_u16 (b, 3); /* protocol version */
len_idx = b->len;
buf_append_u16(b, 0); /* packet length - updated later */
buf_append_u32(b, 0x00000300); /* unknown */
buf_append_u32(b, 0x00030c00); /* unknown */
buf_append_u32(b, session->client_revision);
buf_append_u32(b, 0); /* unknown */
buf_append_u32(b, 0x01000000); /* unknown */
buf_append_data(b, session->client_id, 4);
buf_append_u32(b, 0); /* unknown */
buf_append_data (b, session->client_random_16, 16);
buf_append_data (b, session->my_pub_key, 96);
BN_bn2bin (session->rsa->n, session->rsa_pub_exp);
buf_append_data (b, session->rsa_pub_exp, sizeof(session->rsa_pub_exp));
buf_append_u8 (b, 0); /* length of random data */
buf_append_u8 (b, session->username_len);
buf_append_u16(b, 0x0100); /* unknown */
/* <-- random data would go here */
buf_append_data (b, (unsigned char *) session->username,
session->username_len);
buf_append_u8 (b, 0x40); /* unknown */
/*
* Update length bytes
*
*/
b->ptr[len_idx] = (b->len >> 8) & 0xff;
b->ptr[len_idx+1] = b->len & 0xff;
#ifdef DEBUG_LOGIN
hexdump8x32 ("initial client packet", b->ptr, b->len);
#endif
ret = send (session->ap_sock, b->ptr, b->len, 0);
if (ret <= 0) {
DSFYDEBUG("connection lost\n");
buf_free(b);
return -1;
}
else if (ret != b->len) {
DSFYDEBUG("only wrote %d of %d bytes\n", ret, b->len);
buf_free(b);
return -1;
}
/* save initial server packet for auth hmac generation */
session->init_client_packet = b;
return 0;
}
static int send_client_auth_packet(struct login_ctx *l) {
int ret;
struct buf* buf = buf_new();
buf_append_data(buf, l->auth_hmac, 20);
buf_append_u8(buf, 0); /* random data length */
buf_append_u8(buf, 0); /* unknown */
buf_append_u16(buf, 8); /* puzzle solution length */
buf_append_u32(buf, 0);
/* <-- random data would go here */
buf_append_data (buf, l->puzzle_solution, 8);
#ifdef DEBUG_LOGIN
hexdump8x32("send_client_auth_packet, second client packet", buf->ptr,
buf->len);
#endif
ret = send(l->sock, buf->ptr, buf->len, 0);
if (ret <= 0) {
DSFYDEBUG("Connection was reset\n");
buf_free(buf);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
else if (ret != buf->len) {
DSFYDEBUG("Only wrote %d of %d bytes\n",
ret, buf->len);
buf_free(buf);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
buf_free(buf);
return 0;
}
static int send_client_parameters(struct login_ctx *l) {
int ret;
unsigned char client_pub_key[96];
unsigned char rsa_pub_exp[128];
unsigned int len_idx;
unsigned char bytevalue;
struct buf* b = buf_new();
buf_append_u16 (b, 3); /* protocol version */
len_idx = b->len;
buf_append_u16(b, 0); /* packet length - updated later */
buf_append_u32(b, 0); /* unknown */
buf_append_u32(b, 0x00030c00); /* unknown */
buf_append_u32(b, 99999); /* revision */
buf_append_u32(b, 0); /* unknown */
buf_append_u32(b, 0x01000000); /* unknown */
buf_append_data(b, "\x01\x04\x01\x01", 4); /* client ID */
buf_append_u32(b, 0); /* unknown */
/* Random bytes(?) */
RAND_bytes(l->client_random_16, 16);
buf_append_data (b, l->client_random_16, 16);
BN_bn2bin (l->dh->pub_key, client_pub_key);
buf_append_data (b, client_pub_key, sizeof(client_pub_key));
BN_bn2bin (l->rsa->n, rsa_pub_exp);
buf_append_data (b, rsa_pub_exp, sizeof(rsa_pub_exp));
buf_append_u8 (b, 0); /* length of random data */
bytevalue = strlen(l->username);
buf_append_u8 (b, bytevalue);
buf_append_u16(b, 0x0100); /* unknown */
/* <-- random data would go here */
DSFYDEBUG("Sending username '%s'\n", l->username);
buf_append_data (b, (unsigned char *) l->username,
strlen(l->username));
buf_append_u8 (b, 0x40); /* unknown */
/*
* Update length bytes
*
*/
b->ptr[len_idx] = (b->len >> 8) & 0xff;
b->ptr[len_idx+1] = b->len & 0xff;
ret = send(l->sock, b->ptr, b->len, 0);
if (ret <= 0) {
DSFYDEBUG("connection lost\n");
buf_free(b);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
else if (ret != b->len) {
DSFYDEBUG("only wrote %d of %d bytes\n", ret, b->len);
buf_free(b);
l->error = SP_LOGIN_ERROR_SOCKET_ERROR;
return -1;
}
/* save initial server packet for auth hmac generation */
l->client_parameters = b;
return 0;
}