std::string security::str(const CryptoPP::Integer& input)
{
const auto input_size = input.MinEncodedSize();
CryptoPP::SecByteBlock block(input_size);
input.Encode(block.BytePtr(), input_size);
return str(block);
// NOTE: CryptoPP::Integer has a weird ostream format (uses prefixes to specify numeric base)
//
/*std::ostringstream oss;
oss << std::hex << input;
return oss.str();*/
}
CK_RV CKKeyObject::CopyInteger(CK_ATTRIBUTE& attribute,
const CryptoPP::Integer& intValue) const
{
CK_ULONG intSize = intValue.MinEncodedSize();
if (attribute.pValue == NULL_PTR)
{
attribute.ulValueLen = intSize;
}
else if (attribute.ulValueLen < intSize)
{
attribute.ulValueLen = (CK_ULONG)-1;
return CKR_BUFFER_TOO_SMALL;
}
else
{
attribute.ulValueLen = intSize;
intValue.Encode((byte*)attribute.pValue, attribute.ulValueLen);
}
return CKR_OK;
}
int CEncryptedStreamSocket::Negotiate(const uchar* pBuffer, uint32_t nLen){
uint32_t nRead = 0;
ASSERT( m_nReceiveBytesWanted > 0 );
try{
while (m_NegotiatingState != ONS_COMPLETE && m_nReceiveBytesWanted > 0){
if (m_nReceiveBytesWanted > 512){
ASSERT( false );
return 0;
}
if (m_pfiReceiveBuffer == NULL){
BYTE* pReceiveBuffer = (BYTE*)malloc(512); // use a fixed size buffer
if (pReceiveBuffer == NULL)
AfxThrowMemoryException();
m_pfiReceiveBuffer = new CSafeMemFile(pReceiveBuffer, 512);
}
const uint32_t nToRead = min(nLen - nRead, m_nReceiveBytesWanted);
m_pfiReceiveBuffer->Write(pBuffer + nRead, nToRead);
nRead += nToRead;
m_nReceiveBytesWanted -= nToRead;
if (m_nReceiveBytesWanted > 0)
return nRead;
const uint32_t nCurrentBytesLen = (uint32_t)m_pfiReceiveBuffer->GetPosition();
if (m_NegotiatingState != ONS_BASIC_CLIENTA_RANDOMPART && m_NegotiatingState != ONS_BASIC_SERVER_DHANSWER){ // don't have the keys yet
BYTE* pCryptBuffer = m_pfiReceiveBuffer->Detach();
RC4Crypt(pCryptBuffer, pCryptBuffer, nCurrentBytesLen, m_pRC4ReceiveKey);
m_pfiReceiveBuffer->Attach(pCryptBuffer, 512);
}
m_pfiReceiveBuffer->SeekToBegin();
switch (m_NegotiatingState){
case ONS_NONE: // would be a bug
ASSERT( false );
return 0;
case ONS_BASIC_CLIENTA_RANDOMPART:{
ASSERT( m_pRC4ReceiveKey == NULL );
uchar achKeyData[21];
md4cpy(achKeyData, thePrefs.GetUserHash());
achKeyData[16] = MAGICVALUE_REQUESTER;
m_pfiReceiveBuffer->Read(achKeyData + 17, 4); // random key part sent from remote client
MD5Sum md5(achKeyData, sizeof(achKeyData));
m_pRC4ReceiveKey = RC4CreateKey(md5.GetRawHash(), 16, NULL);
achKeyData[16] = MAGICVALUE_SERVER;
md5.Calculate(achKeyData, sizeof(achKeyData));
m_pRC4SendKey = RC4CreateKey(md5.GetRawHash(), 16, NULL);
m_NegotiatingState = ONS_BASIC_CLIENTA_MAGICVALUE;
m_nReceiveBytesWanted = 4;
break;
}
case ONS_BASIC_CLIENTA_MAGICVALUE:{
uint32_t dwValue = m_pfiReceiveBuffer->ReadUInt32();
if (dwValue == MAGICVALUE_SYNC){
// yup, the one or the other way it worked, this is an encrypted stream
//DEBUG_ONLY( DebugLog(_T("Received proper magic value, clientIP: %s"), DbgGetIPString()) );
// set the receiver key
m_NegotiatingState = ONS_BASIC_CLIENTA_METHODTAGSPADLEN;
m_nReceiveBytesWanted = 3;
}
else{
DebugLogError(_T("CEncryptedStreamSocket: Received wrong magic value from clientIP %s on a supposly encrytped stream / Wrong Header"), DbgGetIPString());
OnError(ERR_ENCRYPTION);
return (-1);
}
break;
}
case ONS_BASIC_CLIENTA_METHODTAGSPADLEN:
m_dbgbyEncryptionSupported = m_pfiReceiveBuffer->ReadUInt8();
m_dbgbyEncryptionRequested = m_pfiReceiveBuffer->ReadUInt8();
if (m_dbgbyEncryptionRequested != ENM_OBFUSCATION)
AddDebugLogLine(DLP_LOW, false, _T("CEncryptedStreamSocket: Client %s preffered unsupported encryption method (%i)"), DbgGetIPString(), m_dbgbyEncryptionRequested);
m_nReceiveBytesWanted = m_pfiReceiveBuffer->ReadUInt8();
m_NegotiatingState = ONS_BASIC_CLIENTA_PADDING;
//if (m_nReceiveBytesWanted > 16)
// AddDebugLogLine(DLP_LOW, false, _T("CEncryptedStreamSocket: Client %s sent more than 16 (%i) padding bytes"), DbgGetIPString(), m_nReceiveBytesWanted);
if (m_nReceiveBytesWanted > 0)
break;
case ONS_BASIC_CLIENTA_PADDING:{
// ignore the random bytes, send the response, set status complete
CSafeMemFile fileResponse(26);
fileResponse.WriteUInt32(MAGICVALUE_SYNC);
const uint8_t bySelectedEncryptionMethod = ENM_OBFUSCATION; // we do not support any further encryption in this version, so no need to look which the other client preferred
fileResponse.WriteUInt8(bySelectedEncryptionMethod);
SOCKADDR_IN sockAddr = {0};
int nSockAddrLen = sizeof(sockAddr);
GetPeerName((SOCKADDR*)&sockAddr, &nSockAddrLen);
const uint8_t byPaddingLen = theApp.serverconnect->AwaitingTestFromIP(sockAddr.sin_addr.S_un.S_addr) ? 16 : (thePrefs.GetCryptTCPPaddingLength() + 1);
uint8_t byPadding = (uint8_t)(cryptRandomGen.GenerateByte() % byPaddingLen);
fileResponse.WriteUInt8(byPadding);
for (int i = 0; i < byPadding; i++)
fileResponse.WriteUInt8(static_cast<uint8_t>(rand() & 0xFF));
SendNegotiatingData(fileResponse.GetBuffer(), (uint32_t)fileResponse.GetLength());
m_NegotiatingState = ONS_COMPLETE;
m_StreamCryptState = ECS_ENCRYPTING;
//DEBUG_ONLY( DebugLog(_T("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (incoming)"), DbgGetIPString()) );
break;
}
case ONS_BASIC_CLIENTB_MAGICVALUE:{
if (m_pfiReceiveBuffer->ReadUInt32() != MAGICVALUE_SYNC){
DebugLogError(_T("CEncryptedStreamSocket: EncryptedstreamSyncError: Client sent wrong Magic Value as answer, cannot complete handshake (%s)"), DbgGetIPString());
OnError(ERR_ENCRYPTION);
return (-1);
}
m_NegotiatingState = ONS_BASIC_CLIENTB_METHODTAGSPADLEN;
m_nReceiveBytesWanted = 2;
break;
}
case ONS_BASIC_CLIENTB_METHODTAGSPADLEN:{
m_dbgbyEncryptionMethodSet = m_pfiReceiveBuffer->ReadUInt8();
if (m_dbgbyEncryptionMethodSet != ENM_OBFUSCATION){
DebugLogError( _T("CEncryptedStreamSocket: Client %s set unsupported encryption method (%i), handshake failed"), DbgGetIPString(), m_dbgbyEncryptionMethodSet);
OnError(ERR_ENCRYPTION);
return (-1);
}
m_nReceiveBytesWanted = m_pfiReceiveBuffer->ReadUInt8();
m_NegotiatingState = ONS_BASIC_CLIENTB_PADDING;
if (m_nReceiveBytesWanted > 0)
break;
}
case ONS_BASIC_CLIENTB_PADDING:
// ignore the random bytes, the handshake is complete
m_NegotiatingState = ONS_COMPLETE;
m_StreamCryptState = ECS_ENCRYPTING;
//DEBUG_ONLY( DebugLog(_T("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (outgoing)"), DbgGetIPString()) );
break;
case ONS_BASIC_SERVER_DHANSWER:{
ASSERT( !m_cryptDHA.IsZero() );
uchar aBuffer[PRIMESIZE_BYTES + 1];
m_pfiReceiveBuffer->Read(aBuffer, PRIMESIZE_BYTES);
CryptoPP::Integer cryptDHAnswer((byte*)aBuffer, PRIMESIZE_BYTES);
CryptoPP::Integer cryptDHPrime((byte*)dh768_p, PRIMESIZE_BYTES); // our fixed prime
CryptoPP::Integer cryptResult = CryptoPP::a_exp_b_mod_c(cryptDHAnswer, m_cryptDHA, cryptDHPrime);
m_cryptDHA = 0;
DEBUG_ONLY( ZeroMemory(aBuffer, sizeof(aBuffer)) );
ASSERT( cryptResult.MinEncodedSize() <= PRIMESIZE_BYTES );
// create the keys
cryptResult.Encode(aBuffer, PRIMESIZE_BYTES);
aBuffer[PRIMESIZE_BYTES] = MAGICVALUE_REQUESTER;
MD5Sum md5(aBuffer, sizeof(aBuffer));
m_pRC4SendKey = RC4CreateKey(md5.GetRawHash(), 16, NULL);
aBuffer[PRIMESIZE_BYTES] = MAGICVALUE_SERVER;
md5.Calculate(aBuffer, sizeof(aBuffer));
m_pRC4ReceiveKey = RC4CreateKey(md5.GetRawHash(), 16, NULL);
m_NegotiatingState = ONS_BASIC_SERVER_MAGICVALUE;
m_nReceiveBytesWanted = 4;
break;
}
case ONS_BASIC_SERVER_MAGICVALUE:{
uint32_t dwValue = m_pfiReceiveBuffer->ReadUInt32();
if (dwValue == MAGICVALUE_SYNC){
// yup, the one or the other way it worked, this is an encrypted stream
DebugLog(_T("Received proper magic value after DH-Agreement from Serverconnection IP: %s"), DbgGetIPString());
// set the receiver key
m_NegotiatingState = ONS_BASIC_SERVER_METHODTAGSPADLEN;
m_nReceiveBytesWanted = 3;
}
else{
DebugLogError(_T("CEncryptedStreamSocket: Received wrong magic value after DH-Agreement from Serverconnection"), DbgGetIPString());
OnError(ERR_ENCRYPTION);
return (-1);
}
break;
}
case ONS_BASIC_SERVER_METHODTAGSPADLEN:
m_dbgbyEncryptionSupported = m_pfiReceiveBuffer->ReadUInt8();
m_dbgbyEncryptionRequested = m_pfiReceiveBuffer->ReadUInt8();
if (m_dbgbyEncryptionRequested != ENM_OBFUSCATION)
AddDebugLogLine(DLP_LOW, false, _T("CEncryptedStreamSocket: Server %s preffered unsupported encryption method (%i)"), DbgGetIPString(), m_dbgbyEncryptionRequested);
m_nReceiveBytesWanted = m_pfiReceiveBuffer->ReadUInt8();
m_NegotiatingState = ONS_BASIC_SERVER_PADDING;
if (m_nReceiveBytesWanted > 16)
AddDebugLogLine(DLP_LOW, false, _T("CEncryptedStreamSocket: Server %s sent more than 16 (%i) padding bytes"), DbgGetIPString(), m_nReceiveBytesWanted);
if (m_nReceiveBytesWanted > 0)
break;
case ONS_BASIC_SERVER_PADDING:{
// ignore the random bytes (they are decrypted already), send the response, set status complete
CSafeMemFile fileResponse(26);
fileResponse.WriteUInt32(MAGICVALUE_SYNC);
const uint8_t bySelectedEncryptionMethod = ENM_OBFUSCATION; // we do not support any further encryption in this version, so no need to look which the other client preferred
fileResponse.WriteUInt8(bySelectedEncryptionMethod);
uint8_t byPadding = (uint8_t)(cryptRandomGen.GenerateByte() % 16);
fileResponse.WriteUInt8(byPadding);
for (int i = 0; i < byPadding; i++)
fileResponse.WriteUInt8(static_cast<uint8_t>(rand() & 0xFF));
m_NegotiatingState = ONS_BASIC_SERVER_DELAYEDSENDING;
SendNegotiatingData(fileResponse.GetBuffer(), (uint32_t)fileResponse.GetLength(), 0, true); // don't actually send it right now, store it in our sendbuffer
m_StreamCryptState = ECS_ENCRYPTING;
DEBUG_ONLY( DebugLog(_T("CEncryptedStreamSocket: Finished DH Obufscation handshake with Server %s"), DbgGetIPString()) );
break;
}
default:
ASSERT( false );
}
m_pfiReceiveBuffer->SeekToBegin();
}
if (m_pfiReceiveBuffer != NULL)
free(m_pfiReceiveBuffer->Detach());
delete m_pfiReceiveBuffer;
m_pfiReceiveBuffer = NULL;
return nRead;
}
catch(CFileException* error){
// can only be caused by a bug in negationhandling, not by the datastream
error->Delete();
ASSERT( false );
OnError(ERR_ENCRYPTION);
if (m_pfiReceiveBuffer != NULL)
free(m_pfiReceiveBuffer->Detach());
delete m_pfiReceiveBuffer;
m_pfiReceiveBuffer = NULL;
return (-1);
}
}
int CEncryptedStreamSocket::Negotiate(const uint8* pBuffer, uint32 nLen)
{
uint32_t nRead = 0;
wxASSERT( m_nReceiveBytesWanted > 0 );
//DumpMem(pBuffer, nLen, wxT("Negotiate buffer: "));
try {
while (m_NegotiatingState != ONS_COMPLETE && m_nReceiveBytesWanted > 0) {
if (m_nReceiveBytesWanted > 512) {
wxFAIL;
return 0;
}
const uint32_t nToRead = std::min(nLen - nRead, m_nReceiveBytesWanted);
//printf("Reading %i bytes, add from %i position on %i position\n",nToRead, nRead, (int)m_pfiReceiveBuffer.GetPosition());
//DumpMem(pBuffer + nRead, nToRead, wxT("Recv Buffer: "));
m_pfiReceiveBuffer.Write(pBuffer + nRead, nToRead);
nRead += nToRead;
m_nReceiveBytesWanted -= nToRead;
if (m_nReceiveBytesWanted > 0) {
return nRead;
}
if (m_NegotiatingState != ONS_BASIC_CLIENTA_RANDOMPART && m_NegotiatingState != ONS_BASIC_SERVER_DHANSWER) {
// We have the keys, decrypt
//printf("We have the keys, so decrypt away on %s\n", (const char*) unicode2char(DbgGetIPString()));
m_pfiReceiveBuffer.Encrypt();
}
m_pfiReceiveBuffer.Seek(0);
switch (m_NegotiatingState) {
case ONS_NONE: // would be a bug
wxFAIL;
return 0;
case ONS_BASIC_CLIENTA_RANDOMPART: {
//printf("We are on ONS_BASIC_CLIENTA_RANDOMPART, create the keys on %s\n", (const char*) unicode2char(DbgGetIPString()));
// This creates the send/receive keys.
uint8_t achKeyData[21];
md4cpy(achKeyData, thePrefs::GetUserHash().GetHash());
m_pfiReceiveBuffer.Read(achKeyData + 17, 4);
achKeyData[16] = MAGICVALUE_REQUESTER;
//DumpMem(achKeyData, sizeof(achKeyData), wxT("ach:"));
MD5Sum md5(achKeyData, sizeof(achKeyData));
//DumpMem(md5.GetRawHash(), 16, wxT("Md5:"));
m_pfiReceiveBuffer.SetKey(md5);
achKeyData[16] = MAGICVALUE_SERVER;
md5.Calculate(achKeyData, sizeof(achKeyData));
m_pfiSendBuffer.SetKey(md5);
m_NegotiatingState = ONS_BASIC_CLIENTA_MAGICVALUE;
m_nReceiveBytesWanted = 4;
break;
}
case ONS_BASIC_CLIENTA_MAGICVALUE: {
// Check the magic value to confirm encryption works.
//printf("Creating magic value on negotiate on %s\n", (const char*) unicode2char(DbgGetIPString()));
uint32_t dwValue = m_pfiReceiveBuffer.ReadUInt32();
if (dwValue == MAGICVALUE_SYNC) {
// yup, the one or the other way it worked, this is an encrypted stream
//DEBUG_ONLY( DebugLog(_T("Received proper magic value, clientIP: %s"), DbgGetIPString()) );
// set the receiver key
//printf("Magic value works on %s\n", (const char*) unicode2char(DbgGetIPString()));
m_NegotiatingState = ONS_BASIC_CLIENTA_METHODTAGSPADLEN;
m_nReceiveBytesWanted = 3;
} else {
//printf("Wrong magic value: 0x%x != 0x%x on %s\n",dwValue, MAGICVALUE_SYNC, (const char*)unicode2char(DbgGetIPString()));
//DebugLogError(_T("CEncryptedStreamSocket: Received wrong magic value from clientIP %s on a supposly encrytped stream / Wrong Header"), DbgGetIPString());
OnError(ERR_ENCRYPTION);
return (-1);
}
break;
}
case ONS_BASIC_CLIENTA_METHODTAGSPADLEN: {
// Get encryption method and padding.
// Might fall back to padding process, but the bytes will be ignored.
//printf("Getting encryption method on negotiation\n");
m_dbgbyEncryptionSupported = m_pfiReceiveBuffer.ReadUInt8();
m_dbgbyEncryptionRequested = m_pfiReceiveBuffer.ReadUInt8();
if (m_dbgbyEncryptionRequested != ENM_OBFUSCATION) {
//printf("Unsupported encryption method!\n");
// AddDebugLogLine(DLP_LOW, false, _T("CEncryptedStreamSocket: Client %s preffered unsupported encryption method (%i)"), DbgGetIPString(), m_dbgbyEncryptionRequested);
}
m_nReceiveBytesWanted = m_pfiReceiveBuffer.ReadUInt8();
m_NegotiatingState = ONS_BASIC_CLIENTA_PADDING;
if (m_nReceiveBytesWanted > 0) {
// No padding
break;
}
}
case ONS_BASIC_CLIENTA_PADDING: {
//printf("Negotiating on padding, completing\n");
// ignore the random bytes, send the response, set status complete
CMemFile fileResponse(26);
fileResponse.WriteUInt32(MAGICVALUE_SYNC);
const uint8_t bySelectedEncryptionMethod = ENM_OBFUSCATION; // we do not support any further encryption in this version, so no need to look which the other client preferred
fileResponse.WriteUInt8(bySelectedEncryptionMethod);
amuleIPV4Address address;
GetPeer(address);
const uint8_t byPaddingLen = theApp->serverconnect->AwaitingTestFromIP(StringIPtoUint32(address.IPAddress())) ? 16 : (thePrefs::GetCryptTCPPaddingLength() + 1);
uint8_t byPadding = (uint8_t)(GetRandomUint8() % byPaddingLen);
fileResponse.WriteUInt8(byPadding);
for (int i = 0; i < byPadding; i++) {
fileResponse.WriteUInt8((uint8_t)rand());
}
SendNegotiatingData(fileResponse.GetRawBuffer(), (uint32_t)fileResponse.GetLength());
m_NegotiatingState = ONS_COMPLETE;
m_StreamCryptState = ECS_ENCRYPTING;
//DEBUG_ONLY( DebugLog(_T("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (incoming)"), DbgGetIPString()) );
break;
}
case ONS_BASIC_CLIENTB_MAGICVALUE: {
//printf("Negotiating on magic value\n");
if (m_pfiReceiveBuffer.ReadUInt32() != MAGICVALUE_SYNC) {
//DebugLogError(_T("CEncryptedStreamSocket: EncryptedstreamSyncError: Client sent wrong Magic Value as answer, cannot complete handshake (%s)"), DbgGetIPString());
OnError(ERR_ENCRYPTION);
return (-1);
}
m_NegotiatingState = ONS_BASIC_CLIENTB_METHODTAGSPADLEN;
m_nReceiveBytesWanted = 2;
break;
}
case ONS_BASIC_CLIENTB_METHODTAGSPADLEN: {
//printf("Negotiating on client B pad length\n");
m_dbgbyEncryptionMethodSet = m_pfiReceiveBuffer.ReadUInt8();
if (m_dbgbyEncryptionMethodSet != ENM_OBFUSCATION) {
//DebugLogError( _T("CEncryptedStreamSocket: Client %s set unsupported encryption method (%i), handshake failed"), DbgGetIPString(), m_dbgbyEncryptionMethodSet);
OnError(ERR_ENCRYPTION);
return (-1);
}
m_nReceiveBytesWanted = m_pfiReceiveBuffer.ReadUInt8();
m_NegotiatingState = ONS_BASIC_CLIENTB_PADDING;
if (m_nReceiveBytesWanted > 0) {
break;
}
}
case ONS_BASIC_CLIENTB_PADDING:
//printf("Negotiating on client B padding, handshake complete\n");
// ignore the random bytes, the handshake is complete
m_NegotiatingState = ONS_COMPLETE;
m_StreamCryptState = ECS_ENCRYPTING;
//DEBUG_ONLY( DebugLog(_T("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (outgoing)"), DbgGetIPString()) );
break;
case ONS_BASIC_SERVER_DHANSWER: {
wxASSERT( !m_cryptDHA.IsZero() );
uint8_t aBuffer[PRIMESIZE_BYTES + 1];
m_pfiReceiveBuffer.Read(aBuffer, PRIMESIZE_BYTES);
CryptoPP::Integer cryptDHAnswer((byte*)aBuffer, PRIMESIZE_BYTES);
CryptoPP::Integer cryptDHPrime((byte*)dh768_p, PRIMESIZE_BYTES); // our fixed prime
CryptoPP::Integer cryptResult = a_exp_b_mod_c(cryptDHAnswer, m_cryptDHA, cryptDHPrime);
m_cryptDHA = 0;
//DEBUG_ONLY( ZeroMemory(aBuffer, sizeof(aBuffer)) );
wxASSERT( cryptResult.MinEncodedSize() <= PRIMESIZE_BYTES );
// create the keys
cryptResult.Encode(aBuffer, PRIMESIZE_BYTES);
aBuffer[PRIMESIZE_BYTES] = MAGICVALUE_REQUESTER;
MD5Sum md5(aBuffer, sizeof(aBuffer));
m_pfiSendBuffer.SetKey(md5);
aBuffer[PRIMESIZE_BYTES] = MAGICVALUE_SERVER;
md5.Calculate(aBuffer, sizeof(aBuffer));
m_pfiReceiveBuffer.SetKey(md5);
m_NegotiatingState = ONS_BASIC_SERVER_MAGICVALUE;
m_nReceiveBytesWanted = 4;
break;
}
case ONS_BASIC_SERVER_MAGICVALUE: {
uint32_t dwValue = m_pfiReceiveBuffer.ReadUInt32();
if (dwValue == MAGICVALUE_SYNC) {
// yup, the one or the other way it worked, this is an encrypted stream
//DebugLog(_T("Received proper magic value after DH-Agreement from Serverconnection IP: %s"), DbgGetIPString());
// set the receiver key
m_NegotiatingState = ONS_BASIC_SERVER_METHODTAGSPADLEN;
m_nReceiveBytesWanted = 3;
} else {
//DebugLogError(_T("CEncryptedStreamSocket: Received wrong magic value after DH-Agreement from Serverconnection"), DbgGetIPString());
OnError(ERR_ENCRYPTION);
return (-1);
}
break;
}
case ONS_BASIC_SERVER_METHODTAGSPADLEN:
m_dbgbyEncryptionSupported = m_pfiReceiveBuffer.ReadUInt8();
m_dbgbyEncryptionRequested = m_pfiReceiveBuffer.ReadUInt8();
if (m_dbgbyEncryptionRequested != ENM_OBFUSCATION) {
// AddDebugLogLine(DLP_LOW, false, _T("CEncryptedStreamSocket: Server %s preffered unsupported encryption method (%i)"), DbgGetIPString(), m_dbgbyEncryptionRequested);
}
m_nReceiveBytesWanted = m_pfiReceiveBuffer.ReadUInt8();
m_NegotiatingState = ONS_BASIC_SERVER_PADDING;
if (m_nReceiveBytesWanted > 0) {
break;
}
case ONS_BASIC_SERVER_PADDING: {
// ignore the random bytes (they are decrypted already), send the response, set status complete
CMemFile fileResponse(26);
fileResponse.WriteUInt32(MAGICVALUE_SYNC);
const uint8_t bySelectedEncryptionMethod = ENM_OBFUSCATION; // we do not support any further encryption in this version, so no need to look which the other client preferred
fileResponse.WriteUInt8(bySelectedEncryptionMethod);
// Server callback connection only allows 16 bytes of padding.
uint8_t byPadding = (uint8_t)(GetRandomUint8() % 16);
fileResponse.WriteUInt8(byPadding);
for (int i = 0; i < byPadding; i++) {
fileResponse.WriteUInt8((uint8_t)rand());
}
m_NegotiatingState = ONS_BASIC_SERVER_DELAYEDSENDING;
SendNegotiatingData(fileResponse.GetRawBuffer(), (uint32_t)fileResponse.GetLength(), 0, true); // don't actually send it right now, store it in our sendbuffer
m_StreamCryptState = ECS_ENCRYPTING;
//DEBUG_ONLY( DebugLog(_T("CEncryptedStreamSocket: Finished DH Obufscation handshake with Server %s"), DbgGetIPString()) );
break;
}
default:
wxFAIL;
}
m_pfiReceiveBuffer.ResetData();
}
return nRead;
} catch(...) {
// can only be caused by a bug in negationhandling, not by the datastream
//error->Delete();
//printf("Bug on negotiation?\n");
wxFAIL;
OnError(ERR_ENCRYPTION);
m_pfiReceiveBuffer.ResetData();
return (-1);
}
}