コード例 #1
0
//! \todo Optimize writing section data. Right now it only writes one block at a
//!		time, which is of course quite slow (in relative terms).
//!	\todo Refactor this into several different methods for writing each region
//!		of the image. Use a context structure to keep track of shared data between
//!		each of the methods.
//! \todo Refactor the section and boot tag writing code to only have a single
//!		copy of the block writing and encryption loop.
void EncoreBootImage::writeToStream(std::ostream & stream)
{
	// always generate the session key or DEK even if image is unencrypted
	m_sessionKey.randomize();
	
	// prepare to compute CBC-MACs with each KEK
	unsigned i;
	smart_array_ptr<RijndaelCBCMAC> macs(0);
	if (isEncrypted())
	{
		macs = new RijndaelCBCMAC[m_keys.size()];
		for (i=0; i < m_keys.size(); ++i)
		{
			RijndaelCBCMAC mac(m_keys[i]);
			(macs.get())[i] = mac;
		}
	}
	
	// prepare to compute SHA-1 digest over entire image
	CSHA1 hash;
	hash.Reset();
	
	// count of total blocks written to the file
	unsigned fileBlocksWritten = 0;

	// we need some pieces of the header down below
	boot_image_header_t imageHeader;
	prepareImageHeader(imageHeader);
	
	// write plaintext header
	{
		// write header
		assert(sizeOfPaddingForCipherBlocks(sizeof(boot_image_header_t)) == 0);
		stream.write(reinterpret_cast<char *>(&imageHeader), sizeof(imageHeader));
		fileBlocksWritten += numberOfCipherBlocks(sizeof(imageHeader));
		
		// update CBC-MAC over image header
		if (isEncrypted())
		{
			for (i=0; i < m_keys.size(); ++i)
			{
				(macs.get())[i].update(reinterpret_cast<uint8_t *>(&imageHeader), sizeof(imageHeader));
			}
		}
		
		// update SHA-1
		hash.Update(reinterpret_cast<uint8_t *>(&imageHeader), sizeof(imageHeader));
	}
	
	// write plaintext section table
	{
		section_iterator_t it = beginSection();
		for (; it != endSection(); ++it)
		{
			Section * section = *it;
			
			// write header for this section
			assert(sizeOfPaddingForCipherBlocks(sizeof(section_header_t)) == 0);
			section_header_t sectionHeader;
			section->fillSectionHeader(sectionHeader);
			stream.write(reinterpret_cast<char *>(&sectionHeader), sizeof(sectionHeader));
			fileBlocksWritten += numberOfCipherBlocks(sizeof(sectionHeader));
			
			// update CBC-MAC over this entry
			if (isEncrypted())
			{
				for (i=0; i < m_keys.size(); ++i)
				{
					(macs.get())[i].update(reinterpret_cast<uint8_t *>(&sectionHeader), sizeof(sectionHeader));
				}
			}
			
			// update SHA-1
			hash.Update(reinterpret_cast<uint8_t *>(&sectionHeader), sizeof(sectionHeader));
		}
	}
	
	// finished with the CBC-MAC
	if (isEncrypted())
	{
		for (i=0; i < m_keys.size(); ++i)
		{
			(macs.get())[i].finalize();
		}
	}
	
	// write key dictionary
	if (isEncrypted())
	{
		key_iterator_t it = beginKeys();
		for (i=0; it != endKeys(); ++it, ++i)
		{
			// write CBC-MAC result for this key, then update SHA-1
			RijndaelCBCMAC & mac = (macs.get())[i];
			const RijndaelCBCMAC::block_t & macResult = mac.getMAC();
			stream.write(reinterpret_cast<const char *>(&macResult), sizeof(RijndaelCBCMAC::block_t));
			hash.Update(reinterpret_cast<const uint8_t *>(&macResult), sizeof(RijndaelCBCMAC::block_t));
			fileBlocksWritten++;
			
			// encrypt DEK with this key, write it out, and update image digest
			Rijndael cipher;
			cipher.init(Rijndael::CBC, Rijndael::Encrypt, *it, Rijndael::Key16Bytes, imageHeader.m_iv);
			AESKey<128>::key_t wrappedSessionKey;
			cipher.blockEncrypt(m_sessionKey, sizeof(AESKey<128>::key_t) * 8, wrappedSessionKey);
			stream.write(reinterpret_cast<char *>(&wrappedSessionKey), sizeof(wrappedSessionKey));
			hash.Update(reinterpret_cast<uint8_t *>(&wrappedSessionKey), sizeof(wrappedSessionKey));
			fileBlocksWritten++;
		}
	}
	
	// write sections and boot tags
	{
		section_iterator_t it = beginSection();
		for (; it != endSection(); ++it)
		{
			section_iterator_t itCopy = it;
			bool isLastSection = (++itCopy == endSection());
			
			Section * section = *it;
			cipher_block_t block;
			unsigned blockCount = section->getBlockCount();
			unsigned blocksWritten = 0;
			
			Rijndael cipher;
			cipher.init(Rijndael::CBC, Rijndael::Encrypt, m_sessionKey, Rijndael::Key16Bytes, imageHeader.m_iv);
			
			// Compute the number of padding blocks needed to align the section. This first
			// call to getPadBlockCountForOffset() passes an offset that excludes
			// the boot tag for this section.
			unsigned paddingBlocks = getPadBlockCountForSection(section, fileBlocksWritten);
			
			// Insert nop commands as padding to align the start of the section, if
			// the section has special alignment requirements.
			NopCommand nop;
			while (paddingBlocks--)
			{
				blockCount = nop.getBlockCount();
				blocksWritten = 0;
				while (blocksWritten < blockCount)
				{
					nop.getBlocks(blocksWritten, 1, &block);
					
					if (isEncrypted())
					{
						// re-init after encrypt to update IV
						cipher.blockEncrypt(block, sizeof(cipher_block_t) * 8, block);
						cipher.init(Rijndael::CBC, Rijndael::Encrypt, m_sessionKey, Rijndael::Key16Bytes, block);
					}
					
					stream.write(reinterpret_cast<char *>(&block), sizeof(cipher_block_t));
					hash.Update(reinterpret_cast<uint8_t *>(&block), sizeof(cipher_block_t));
					
					blocksWritten++;
					fileBlocksWritten++;
				}
			}
			
			// reinit cipher for boot tag
			cipher.init(Rijndael::CBC, Rijndael::Encrypt, m_sessionKey, Rijndael::Key16Bytes, imageHeader.m_iv);
			
			// write boot tag
			TagCommand tag(*section);
			tag.setLast(isLastSection);
			if (!isLastSection)
			{
				// If this isn't the last section, the tag needs to include any
				// padding for the next section in its length, otherwise the ROM
				// won't be able to find the next section's boot tag.
				unsigned nextSectionOffset = fileBlocksWritten + section->getBlockCount() + 1;
				tag.setSectionLength(section->getBlockCount() + getPadBlockCountForSection(*itCopy, nextSectionOffset));
			}
			blockCount = tag.getBlockCount();
			blocksWritten = 0;
			while (blocksWritten < blockCount)
			{
				tag.getBlocks(blocksWritten, 1, &block);
				
				if (isEncrypted())
				{
					// re-init after encrypt to update IV
					cipher.blockEncrypt(block, sizeof(cipher_block_t) * 8, block);
					cipher.init(Rijndael::CBC, Rijndael::Encrypt, m_sessionKey, Rijndael::Key16Bytes, block);
				}
				
				stream.write(reinterpret_cast<char *>(&block), sizeof(cipher_block_t));
				hash.Update(reinterpret_cast<uint8_t *>(&block), sizeof(cipher_block_t));
				
				blocksWritten++;
				fileBlocksWritten++;
			}
			
			// reinit cipher for section data
			cipher.init(Rijndael::CBC, Rijndael::Encrypt, m_sessionKey, Rijndael::Key16Bytes, imageHeader.m_iv);
			
			// write section data
			blockCount = section->getBlockCount();
			blocksWritten = 0;
			while (blocksWritten < blockCount)
			{
				section->getBlocks(blocksWritten, 1, &block);
				
				// Only encrypt the section contents if the entire boot image is encrypted
				// and the section doesn't have the "leave unencrypted" flag set. Even if the
				// section is unencrypted the boot tag will remain encrypted.
				if (isEncrypted() && !section->getLeaveUnencrypted())
				{
					// re-init after encrypt to update IV
					cipher.blockEncrypt(block, sizeof(cipher_block_t) * 8, block);
					cipher.init(Rijndael::CBC, Rijndael::Encrypt, m_sessionKey, Rijndael::Key16Bytes, block);
				}
				
				stream.write(reinterpret_cast<char *>(&block), sizeof(cipher_block_t));
				hash.Update(reinterpret_cast<uint8_t *>(&block), sizeof(cipher_block_t));
				
				blocksWritten++;
				fileBlocksWritten++;
			}
		}
	}
	
	// write SHA-1 digest over entire image
	{
		// allocate enough room for digest and bytes to pad out to the next cipher block
		const unsigned padBytes = sizeOfPaddingForCipherBlocks(sizeof(sha1_digest_t));
		unsigned digestBlocksSize = sizeof(sha1_digest_t) + padBytes;
		smart_array_ptr<uint8_t> digestBlocks = new uint8_t[digestBlocksSize];
		hash.Final();
		hash.GetHash(digestBlocks.get());
		
		// set the pad bytes to random values
		RandomNumberGenerator rng;
		rng.generateBlock(&(digestBlocks.get())[sizeof(sha1_digest_t)], padBytes);
		
		// encrypt with session key
		if (isEncrypted())
		{
			Rijndael cipher;
			cipher.init(Rijndael::CBC, Rijndael::Encrypt, m_sessionKey, Rijndael::Key16Bytes, imageHeader.m_iv);
			cipher.blockEncrypt(digestBlocks.get(), digestBlocksSize * 8, digestBlocks.get());
		}
		
		// write to the stream
		stream.write(reinterpret_cast<char *>(digestBlocks.get()), digestBlocksSize);
	}
}
コード例 #2
0
ファイル: DCCThr.cpp プロジェクト: suriyanr/IRCclient
// Thread which gets lines from the DCC Q, and processes it.
void DCCThr(XChange *XGlobal) {
char IRC_Line[1024];
IRCLineInterpret LineInterpret;
TCPConnect *DCCChat, *FServChat, *DCCAccept, *SwarmConnect;
DCC_Container_t *DCC_Container;
THR_EXITCODE thr_exit = 1;
THR_HANDLE DCCChatThrH = 0, FileServerThrH = 0, TransferThrH = 0;
bool retvalb;
int retval;
char MyNick[64];
LineParse LineP;
const char *parseptr;
char *tmpbuf;
CSHA1 SHA;
FilesDetail *FD;
char Response[1024];
Helper H;
TCPConnect T; // Just for a little help.
THREADID tempTID;
size_t my_resume_position;
char DotIp[20]; // cant be more than 3 + 1 + 3 + 1 + 3 + 1 + 3
int SwarmIndex;
bool isSwarmed;

   TRACE_INIT_CRASH("DCCThr");
   TRACE();
   H.init(XGlobal);
   while (true) {
      XGlobal->IRC_DCC.getLineAndDelete(IRC_Line);
      if (XGlobal->isIRC_QUIT()) break;
      if (XGlobal->isIRC_DisConnected()) continue;

      LineInterpret = IRC_Line;
      switch (LineInterpret.Command) {

        case IC_CTCPFILESHA1REPLY:
           // Compare FileName, FileSize, SHA1 and update Server UI.
           // If FileSize = 0 and SHA1 = 0, => error string present in FileName
           XGlobal->lock();
           if ( (XGlobal->SHA1_FileName) &&
                (XGlobal->SHA1_SHA1) &&
                (strcasecmp(LineInterpret.FileName, XGlobal->SHA1_FileName) == 0) &&
                (LineInterpret.FileSize == XGlobal->SHA1_FileSize) ) {
              // Reply matches what we are waiting for.
              // Compare SHAs
              if (strcasecmp(XGlobal->SHA1_SHA1, LineInterpret.InfoLine) == 0) {
                 sprintf(Response, "Server 04[%s FILECHECK REPLY]: \"%s\" can be resumed from me", LineInterpret.From.Nick, LineInterpret.FileName);
              }
              else {
                 sprintf(Response, "Server 04[%s FILECHECK REPLY]: \"%s\" CANNOT be resumed from me", LineInterpret.From.Nick, LineInterpret.FileName);
              }
              // Delete the Global as we are done with this.
              delete [] XGlobal->SHA1_FileName;
              XGlobal->SHA1_FileName = NULL;
              delete [] XGlobal->SHA1_SHA1;
              XGlobal->SHA1_SHA1 = NULL;
           }
           else {
              sprintf(Response, "Server 04[%s FILECHECK REPLY]: %s", LineInterpret.From.Nick, LineInterpret.FileName);
           }
           XGlobal->unlock();
           XGlobal->IRC_ToUI.putLine(Response);
           break;

        case IC_CTCPFILESHA1:
           // Reply back to his request with a IC_CTCPFILESHA1REPLY
           // Same thing that we did in the UI to generate IC_CTCPFILESHA1
           // Here we will search for the file in MyFilesDB. If not found
           // there, we use MyPartialFilesDB.
           FD = XGlobal->MyFilesDB.getFilesDetailListMatchingFileName(LineInterpret.FileName);
           if (FD == NULL) {
              // Lets try MyPartialFilesDB.
              FD = XGlobal->MyPartialFilesDB.getFilesDetailListMatchingFileName(LineInterpret.FileName);
              if (FD == NULL) {
                 sprintf(Response, "Server 04[%s FILECHECK]: File: %s FileSize: %lu - We do not have this file.", LineInterpret.From.Nick, LineInterpret.FileName, LineInterpret.FileSize);
                 XGlobal->IRC_ToUI.putLine(Response);
                 sprintf(Response, "NOTICE %s :\001FILESHA1 0 0 I do not have the file requested: %s\001", LineInterpret.From.Nick, LineInterpret.FileName);
                 XGlobal->IRC_ToServer.putLine(Response);
                 break;
              }
              else {
                 // File in MyPartialFilesDB. Prepare filename in Response
                 XGlobal->lock();
                 sprintf(Response, "%s%s%s", XGlobal->PartialDir, DIR_SEP, LineInterpret.FileName);
                 XGlobal->unlock();
              }
           }
           else {
              // File in MyFilesDB. Prepare filename in Response
              XGlobal->lock();
              if (FD->DirName) {
                 sprintf(Response, "%s%s%s%s%s", XGlobal->ServingDir[FD->ServingDirIndex], DIR_SEP, FD->DirName, DIR_SEP, LineInterpret.FileName);
              }
              else {
                 sprintf(Response, "%s%s%s", XGlobal->ServingDir[FD->ServingDirIndex], DIR_SEP, LineInterpret.FileName);
              }
              XGlobal->unlock();
           }

           XGlobal->MyFilesDB.freeFilesDetailList(FD);
           FD = NULL;

           // we are here => Response has full file path.
           tmpbuf = new char[FILE_RESUME_GAP];
           if (getFileResumeChunk(Response, LineInterpret.FileSize, tmpbuf) == false) {
              sprintf(Response, "Server 04[%s FILECHECK]: File: %s FileSize: %lu - Error Reading Chunk.", LineInterpret.From.Nick, LineInterpret.FileName, LineInterpret.FileSize);
              XGlobal->IRC_ToUI.putLine(Response);
              sprintf(Response, "NOTICE %s :\001FILESHA1 0 0 Error reading chunk: %s\001", LineInterpret.From.Nick, LineInterpret.FileName);
              XGlobal->IRC_ToServer.putLine(Response);
              delete [] tmpbuf;
              break;
           }

           SHA.Reset();
           SHA.Update((UINT_8 *) tmpbuf, (UINT_32) FILE_RESUME_GAP);
           SHA.Final();
           SHA.ReportHash(tmpbuf);

           sprintf(Response, "Server 04[%s FILECHECK]: File: %s FileSize: %lu.", LineInterpret.From.Nick, LineInterpret.FileName, LineInterpret.FileSize);
           XGlobal->IRC_ToUI.putLine(Response);
           sprintf(Response, "NOTICE %s :\001FILESHA1 %lu %s %s\001",
                    LineInterpret.From.Nick,
                    LineInterpret.FileSize,
                    tmpbuf,
                    LineInterpret.FileName);
           XGlobal->IRC_ToServer.putLine(Response);
           delete [] tmpbuf;

           break;

        case IC_USERHOST:
           char windowname[32];
           unsigned long longip, myip;
           char *correct_nick;
           COUT(cout << "IC_USERHOST: IRCLine: " << IRC_Line << endl;)
           COUT(LineInterpret.printDebug();)
//      InfoLine contains: [email protected]
//      batata_wada*[email protected] (ircop)
//         We parse it nice and update XGlobal with dotted ip and long ip
//         if its our nick, and update NickList with long ip.

           LineP = LineInterpret.InfoLine;
           LineP.setDeLimiter('@');
           parseptr = LineP.getWord(2);
           longip = T.getLongFromHostName((char *) parseptr);
           T.getDottedIpAddressFromLong(longip, DotIp);

           // Lets get our nick.
           XGlobal->getIRC_Nick(MyNick);
           XGlobal->resetIRC_Nick_Changed();
           LineP.setDeLimiter('=');
           parseptr = LineP.getWord(1);
           correct_nick = new char[strlen(parseptr) + 1];
           strcpy(correct_nick, parseptr);
           if (correct_nick[strlen(correct_nick) - 1] == '*') {
              // Remove the * at end of ircop nick.
              correct_nick[strlen(correct_nick) - 1] = '\0';
           }
           // correct_nick contains corrected nick.

           if (strcasecmp(correct_nick, MyNick) == 0) {
              // Its my own Nick
              XGlobal->putIRC_IP(longip, DotIp);
              sprintf(Response, "Server 09USERHOST: DottedIP: %s LongIP: %lu", DotIp, longip);
              XGlobal->IRC_ToUI.putLine(Response);
           }

           // Update the XGlobal->NickList
           XGlobal->NickList.setNickIP(correct_nick, longip);

           // For testing.
           if (longip != 0) {
              sprintf(Response, "Server 09USERHOST: Nick: %s DottedIP: %s LongIP: %lu", correct_nick, DotIp, longip);
           } 
           else {
              sprintf(Response, "Server 04USERHOST: Nick: %s DottedIP: %s LongIP: %lu", correct_nick, DotIp, longip);
           }
           XGlobal->IRC_ToUI.putLine(Response);

           // If the USERHOST response is of Nick which is same as in
           // XChange->DCCChatnick, then we need to try to Chat with this nick.
           retval = 1;
           XGlobal->lock();
           if (XGlobal->DCCChatNick) {
              retval = strcasecmp(correct_nick, XGlobal->DCCChatNick);
           }
           XGlobal->unlock();

           if (retval == 0) {
              FilesDetail *FD;

              XGlobal->lock();
              delete [] XGlobal->DCCChatNick;
              XGlobal->DCCChatNick = NULL;
              XGlobal->unlock();

              // Check if a DCCChat is already in progress. (allow only 1)
              if (XGlobal->DCCChatInProgress.getCount(NULL) != 0) {
                 sprintf(Response, "Server * 04DCC-CHAT: A CHAT is already in progress.");
                 XGlobal->IRC_ToUI.putLine(Response);
                 delete [] correct_nick;
                 break;
              }

              if (longip != 0) {
                 // Try to connect to his DCCServer as a CHAT.
                 TCPConnect *DCCChat = new TCPConnect;
                 DCCChat->TCPConnectionMethod = XGlobal->getIRC_CM();
                 XGlobal->resetIRC_CM_Changed();
                 retvalb = DCCChat->getConnection(DotIp, DCCSERVER_PORT);
                 Response[0] = '\0';
                 if (retvalb) {
                    // Connection was successful
                    sprintf(Response, "100 %s\n", MyNick);
                    DCCChat->writeData(Response, strlen(Response), DCCSERVER_TIMEOUT);
                    retval = DCCChat->readLine(Response, sizeof(Response) - 1, DCCSERVER_TIMEOUT);
                    LineP = Response;
                    parseptr = LineP.getWord(1);
                    if (retval && strcasecmp(parseptr, "101") == 0) {
                       // Now also check if the nick matches. Else he has some
                       // other client listening at that port.
                       parseptr = LineP.getWord(2);
                       if (strcasecmp(parseptr, correct_nick) == 0) {
                          // We have established a CHAT.
                          // Now we pass the buck on to the DCC Chat Thr
                          // It will add it in DCCChatInProgress etc.
                          COUT(cout << "DCCChatThr: IC_DCC_CHAT (DCC)" << endl;)
                          // Here we spawn a thread to take care of this DCC Chat.
                          // We pass it the ESTABLISED connection
                          // The created thread should free this structure before exiting.
                          DCC_Container = new DCC_Container_t;
                          DCC_CONTAINER_INIT(DCC_Container);
                          DCC_Container->RemoteNick = new char [strlen(parseptr) + 1];
                          strcpy(DCC_Container->RemoteNick, parseptr);
                          DCC_Container->Connection = DCCChat;
                          DCC_Container->XGlobal = XGlobal;

                          // Have to set DCC_Container->RemoteLongIP.
                          DCC_Container->RemoteDottedIP = new char[strlen(DotIp) + 1];
                          strcpy(DCC_Container->RemoteDottedIP, DotIp);
                          DCC_Container->RemoteLongIP = longip;

#ifdef __MINGW32__
                          DCCChatThrH = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) DCCChatThr, DCC_Container, 0, &tempTID);
#else
                          {
                             pthread_attr_t thread_attr;
                             pthread_attr_init(&thread_attr);
                             pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED);
                             pthread_create(&DCCChatThrH, &thread_attr, (void * (*)(void *)) DCCChatThr, DCC_Container);
                          }
#endif
                          delete [] correct_nick;
                          break;
                       }