static void ss_relay_readcb(struct bufferevent *buffev, void *_arg) { redsocks_client *client = _arg; struct bufferevent * from = buffev; struct bufferevent * to = client->client; size_t input_size = evbuffer_get_contiguous_space(bufferevent_get_input(from)); size_t output_size = evbuffer_get_length(bufferevent_get_output(to)); assert(buffev == client->relay); redsocks_touch_client(client); if (client->state == ss_connected) { /* decrypt and forward data to client side */ if (output_size < to->wm_write.high) { if (input_size) decrypt_buffer(client, from, to); if (bufferevent_enable(from, EV_READ) == -1) redsocks_log_errno(client, LOG_ERR, "bufferevent_enable"); } else { if (bufferevent_disable(from, EV_READ) == -1) redsocks_log_errno(client, LOG_ERR, "bufferevent_disable"); } } else { redsocks_drop_client(client); } }
static void ss_client_writecb(struct bufferevent *buffev, void *_arg) { redsocks_client *client = _arg; struct bufferevent * from = client->relay; struct bufferevent * to = buffev; size_t input_size = evbuffer_get_contiguous_space(bufferevent_get_input(from)); size_t output_size = evbuffer_get_length(bufferevent_get_output(to)); assert(buffev == client->client); redsocks_touch_client(client); if (process_shutdown_on_write_(client, from, to)) return; if (client->state == ss_connected) { /* encrypt and forward data received from client side */ if (output_size < to->wm_write.high) { if (input_size) decrypt_buffer(client, from, to); if (!(client->relay_evshut & EV_READ) && bufferevent_enable(from, EV_READ) == -1) redsocks_log_errno(client, LOG_ERR, "bufferevent_enable"); } } else { redsocks_drop_client(client); } }
void decrypt_file(FILE* enc_file, FILE* raw_file, unsigned char* key) { int size = file_size(enc_file); char* enc_buf = calloc(1, size); fread(enc_buf, 1, size, enc_file); if(decrypt_buffer(enc_buf, size, (char*)key, 16) != 0) { printf("There was an error decrypting the file!\n"); return; } char* raw_buf = enc_buf; file_header* header = (file_header*) raw_buf; if(header->magic_number != MAGIC) { printf("Invalid password!\n"); return; } if(!check_hostname(header)) { printf("[#] Warning: File not encrypted by current machine.\n"); } printf("=> Decrypted file successfully\n"); int write_size = MIN(header->file_size, size - sizeof(file_header)); fwrite(raw_buf+sizeof(file_header), 1, write_size, raw_file); free(enc_buf); }
void decrypt_IOS(IOS *ios) { u8 key[16]; get_title_key(ios->ticket, key); aes_set_key(key); int i; for (i = 0; i < ios->content_count; i++) { decrypt_buffer(i, ios->encrypted_buffer[i], ios->decrypted_buffer[i], ios->buffer_size[i]); } }
size_t config_read_encrypted_buffer(const char *name, unsigned char **buffer, unsigned const char key[KDF_HASH_LEN]) { _cleanup_free_ unsigned char *encrypted_buffer = NULL; size_t len; len = config_read_buffer(name, &encrypted_buffer); if (!encrypted_buffer) { *buffer = NULL; return 0; } return decrypt_buffer(encrypted_buffer, len, key, buffer); }
static void mainloop(THREAD_DATA *td) { THREAD_DATA::net_t *n = td->net; ticks_ms_t acc, ticks, lticks; /* accumulator, current ticks, last iteration ticks */ int pktl; /* packet length */ uint8_t pkt[MAX_PACKET]; /* buffer space for a packet */ if (connect_to_server(td) != 0) { free_thread_data(td); LogFmt(OP_MOD, "Error performing initial connect"); return; } acc = 0; ticks = get_ticks_ms(); lticks = ticks; ticks_ms_t last_botman_checkin = ticks; ticks_ms_t last_botman_stopcheck = ticks; ticks_ms_t last_config_mtime_check = ticks; while (td->running >= 0) { ticks = get_ticks_ms(); acc += ticks - lticks; lticks = ticks; /* check in with the bot manager */ if (ticks - last_botman_checkin >= BOTMAN_CHECKIN_INTERVAL) { botman_bot_checkin(td->botman_handle); last_botman_checkin = ticks; } if (ticks - last_botman_stopcheck >= BOTMAN_STOPCHECK_INTERVAL) { if (botman_bot_shouldstop(td->botman_handle)) { td->running = -1; } last_botman_stopcheck = ticks; } /* flush out tick events to bots */ if (acc >= STEP_INTERVAL) { libman_expire_timers(td); while(acc >= STEP_INTERVAL) { /* event_tick */ libman_export_event(td, EVENT_TICK, NULL); acc -= STEP_INTERVAL; } } /* if the bot is disconnected, see if it is time to reconnect */ if (n->state == NS_DISCONNECTED) { if (ticks - n->ticks->disconnected > 60000) { free_thread_data(td); init_thread_data(td); connect_to_server(td); } else { usleep(50000); /* 50ms */ continue; } } /* see if the config file has been modified and if so send a reread event */ if (ticks - last_config_mtime_check >= CONFIG_MTIME_POLL_INTERVAL) { struct stat attr; memset(&attr, 0, sizeof(struct stat)); if (stat(td->config->filename, &attr) == 0) { if (td->config->last_modified_time != attr.st_mtime) { libman_export_event(td, EVENT_CONFIG_CHANGE, NULL); td->config->last_modified_time = attr.st_mtime; } } last_config_mtime_check = ticks; } /* use up to STEP_INTERVAL ms for the db thread */ ticks_ms_t ticks_taken = get_ticks_ms() - ticks; ticks_ms_t db_ticks = ticks_taken > STEP_INTERVAL ? STEP_INTERVAL : STEP_INTERVAL - ticks_taken; db_instance_export_events(db_ticks); /* read a packet or wait for a timeout */ ticks_taken = get_ticks_ms() - ticks; ticks_ms_t timeout = ticks_taken > STEP_INTERVAL ? 0 : STEP_INTERVAL - ticks_taken; while (poll(n->pfd, 1, (int)timeout) > 0) { /* process incoming packet, data is waiting */ pktl = (int)read(n->fd, pkt, MAX_PACKET); if (pktl >= 0) { ++n->stats->packets_read; n->ticks->last_pkt_received = get_ticks_ms(); if (n->encrypt->use_encryption) { if (pkt[0] == 0x00) { if (pktl >= 2) { decrypt_buffer(td, &pkt[2], pktl-2); } } else { decrypt_buffer(td, &pkt[1], pktl-1); } } if (td->debug->spew_packets) { spew_packet(pkt, pktl, DIR_INCOMING); } process_incoming_packet(td, pkt, pktl); } ticks_taken = get_ticks_ms() - ticks; timeout = timeout > ticks_taken ? timeout - ticks_taken : 0; } /* update the tick count after potential sleeping in poll() */ ticks = get_ticks_ms(); /* network state specfic actions */ if (n->state == NS_CONNECTING) { /* retransmit connection request if it was lost */ if (ticks - n->ticks->last_connection_request > 15000) { pkt_send_client_key(n->encrypt->client_key); n->ticks->last_connection_request = ticks; } } else if (ticks - n->ticks->last_pkt_received > 30*1000) { /* disconnect if no packets have been received for 30 seconds */ Log(OP_MOD, "No data received for 30 seconds, reconnecting..."); disconnect_from_server(td); continue; } /* transmit player position update if necessary */ if (n->state == NS_CONNECTED && td->in_arena) { if ((ticks - n->ticks->last_pos_update_sent > 100 && td->bot_ship != SHIP_SPECTATOR) || (ticks - n->ticks->last_pos_update_sent > 1000 && td->bot_ship == SHIP_SPECTATOR)) { pkt_send_position_update(td->bot_pos->x, td->bot_pos->y, td->bot_vel->x, td->bot_vel->y); n->ticks->last_pos_update_sent = ticks; } } /* send periodic info/einfo */ if (n->state == NS_CONNECTED) { // subtract 10000 to offset this by 10 seconds from *einfo to avoid filling buffers with commands/responses if (td->periodic->info && ticks - (td->periodic->last_info - 10000U) >= td->periodic->info) { int nhere = player_get_phere(td); PLAYER *parray = player_get_parray(td); for (int i = 0; i < nhere; ++i) { if (parray[i].here && td->enter->send_info) { PrivMessage(&parray[i], "*info"); } } td->periodic->last_info = ticks; } if (td->periodic->einfo && ticks - td->periodic->last_einfo >= td->periodic->einfo) { int nhere = player_get_phere(td); PLAYER *parray = player_get_parray(td); for (int i = 0; i < nhere; ++i) { if (parray[i].here && td->enter->send_einfo) { PrivMessage(&parray[i], "*einfo"); } } td->periodic->last_einfo = ticks; } } /* retransmit reliable packets that have not been acked */ rpacket_list_t *l = n->rel_o->queue; rpacket_list_t::iterator iter = l->begin(); while (iter != l->end()) { RPACKET *rp = *iter; if (ticks - rp->ticks > RELIABLE_RETRANSMIT_INTERVAL) { PACKET *p = allocate_packet(rp->len); memcpy(p->data, rp->data, rp->len); /* update packets retransmit tick */ rp->ticks = ticks; queue_packet(p, SP_HIGH); } ++iter; } /* free absent players if its time */ ticks_ms_t flush_check_interval = 60 * 60 * 1000; if (ticks - td->arena->ticks->last_player_flush > flush_check_interval) { player_free_absent_players(td, flush_check_interval, true); td->arena->ticks->last_player_flush = ticks; } /* write packets generated during loop iteration */ send_outgoing_packets(td); } /* while td->running != 0 */ }
/* handle reading from a client connection */ static void handle_connection_read(int sock, void *data) { data_packet receive_packet; u_int32_t packet_crc32; u_int32_t calculated_crc32; struct crypt_instance *CI; time_t packet_time; time_t current_time; int16_t return_code; unsigned long packet_age = 0L; int bytes_to_recv; int rc; char host_name[MAX_HOSTNAME_LENGTH]; char svc_description[MAX_DESCRIPTION_LENGTH]; char plugin_output[MAX_PLUGINOUTPUT_LENGTH]; int packet_length = sizeof(receive_packet); int plugin_length = MAX_PLUGINOUTPUT_LENGTH; CI = data; /* process all data we get from the client... */ /* read the packet from the client */ bytes_to_recv = sizeof(receive_packet); rc = recvall(sock, (char *)&receive_packet, &bytes_to_recv, socket_timeout); /* recv() error or client disconnect */ if (rc <= 0) { if (bytes_to_recv == OLD_PACKET_LENGTH) { packet_length = OLD_PACKET_LENGTH; plugin_length = OLD_PLUGINOUTPUT_LENGTH; } else { if (debug == TRUE) syslog(LOG_ERR, "End of connection..."); encrypt_cleanup(decryption_method, CI); close(sock); if (mode == SINGLE_PROCESS_DAEMON) return; else do_exit(STATE_OK); } } /* we couldn't read the correct amount of data, so bail out */ if (bytes_to_recv != packet_length) { syslog(LOG_ERR, "Data sent from client was too short (%d < %d), aborting...", bytes_to_recv, packet_length); encrypt_cleanup(decryption_method, CI); close(sock); return; if (mode == SINGLE_PROCESS_DAEMON) return; else do_exit(STATE_CRITICAL); } /* if we're single-process, we need to set things up so we handle the next packet after this one... */ if (mode == SINGLE_PROCESS_DAEMON) register_read_handler(sock, handle_connection_read, (void *)CI); /* decrypt the packet */ decrypt_buffer((char *)&receive_packet, packet_length, password, decryption_method, CI); /* make sure this is the right type of packet */ if (ntohs(receive_packet.packet_version) != NSCA_PACKET_VERSION_3) { syslog(LOG_ERR, "Received invalid packet type/version from client - possibly due to client using wrong password or crypto algorithm?"); /*return;*/ close(sock); if (mode == SINGLE_PROCESS_DAEMON) return; else do_exit(STATE_OK); } /* check the crc 32 value */ packet_crc32 = ntohl(receive_packet.crc32_value); receive_packet.crc32_value = 0L; calculated_crc32 = calculate_crc32((char *)&receive_packet, packet_length); if (packet_crc32 != calculated_crc32) { syslog(LOG_ERR, "Dropping packet with invalid CRC32 - possibly due to client using wrong password or crypto algorithm?"); /*return;*/ close(sock); if (mode == SINGLE_PROCESS_DAEMON) return; else do_exit(STATE_OK); } /* host name */ strncpy(host_name, receive_packet.host_name, sizeof(host_name) - 1); host_name[sizeof(host_name) - 1] = '\0'; /* check the timestamp in the packet */ packet_age = (unsigned long)(current_time - packet_time); if (debug == TRUE) syslog(LOG_ERR, "Time difference in packet: %lu seconds for host %s", packet_age, host_name); if ((max_packet_age > 0 && (packet_age > max_packet_age) && (packet_age >= 0)) || ((max_packet_age > 0) && (packet_age < (0 - max_packet_age)) && (packet_age < 0)) ) { syslog(LOG_ERR, "Dropping packet with stale timestamp for %s - packet was %lu seconds old.", host_name, packet_age); close(sock); if (mode == SINGLE_PROCESS_DAEMON) return; else do_exit(STATE_OK); } /**** GET THE SERVICE CHECK INFORMATION ****/ /* plugin return code */ return_code = ntohs(receive_packet.return_code); /* service description */ strncpy(svc_description, receive_packet.svc_description, sizeof(svc_description) - 1); svc_description[sizeof(svc_description) - 1] = '\0'; /* plugin output */ strncpy(plugin_output, receive_packet.plugin_output, plugin_length - 1); plugin_output[plugin_length - 1] = '\0'; /* log info to syslog facility */ if (debug == TRUE) { if (!strcmp(svc_description, "")) syslog(LOG_NOTICE, "HOST CHECK -> Host Name: '%s', Return Code: '%d', Output: '%s'", host_name, return_code, plugin_output); else syslog(LOG_NOTICE, "SERVICE CHECK -> Host Name: '%s', Service Description: '%s', Return Code: '%d', Output: '%s'", host_name, svc_description, return_code, plugin_output); } /* write the check result to the external command file. * Note: it's OK to hang at this point if the write doesn't succeed, as there's * no way we could handle any other connection properly anyway. so we don't * use poll() - which fails on a pipe with any data, so it would cause us to * only ever write one command at a time into the pipe. */ if (check_result_path == NULL) { write_check_result(host_name, svc_description, return_code, plugin_output, time(NULL)); } else { write_checkresult_file(host_name, svc_description, return_code, plugin_output, time(NULL)); } return; }
GkmDataResult gkm_secret_binary_read (GkmSecretCollection *collection, GkmSecretData *sdata, gconstpointer data, gsize n_data) { gsize offset; guchar major, minor, crypto, hash; guint32 flags; guint32 lock_timeout; time_t mtime, ctime; char *display_name; guint32 tmp; guint32 num_items; guint32 crypto_size; guint32 hash_iterations; guchar salt[8]; ItemInfo *items; GkmSecret* master; GkmSecretObject *obj; EggBuffer to_decrypt = EGG_BUFFER_EMPTY; GkmDataResult res = GKM_DATA_FAILURE; GHashTable *checks = NULL; GkmSecretItem *item; EggBuffer buffer; GList *l, *iteml; int i; display_name = NULL; items = 0; obj = GKM_SECRET_OBJECT (collection); /* The buffer we read from */ egg_buffer_init_static (&buffer, data, n_data); if (buffer.len < KEYRING_FILE_HEADER_LEN || memcmp (buffer.buf, KEYRING_FILE_HEADER, KEYRING_FILE_HEADER_LEN) != 0) { egg_buffer_uninit (&buffer); return GKM_DATA_UNRECOGNIZED; } offset = KEYRING_FILE_HEADER_LEN; major = buffer.buf[offset++]; minor = buffer.buf[offset++]; crypto = buffer.buf[offset++]; hash = buffer.buf[offset++]; if (major != 0 || minor != 0 || crypto != 0 || hash != 0) { egg_buffer_uninit (&buffer); return GKM_DATA_UNRECOGNIZED; } if (!buffer_get_utf8_string (&buffer, offset, &offset, &display_name) || !buffer_get_time (&buffer, offset, &offset, &ctime) || !buffer_get_time (&buffer, offset, &offset, &mtime) || !egg_buffer_get_uint32 (&buffer, offset, &offset, &flags) || !egg_buffer_get_uint32 (&buffer, offset, &offset, &lock_timeout) || !egg_buffer_get_uint32 (&buffer, offset, &offset, &hash_iterations) || !buffer_get_bytes (&buffer, offset, &offset, salt, 8)) goto bail; for (i = 0; i < 4; i++) { if (!egg_buffer_get_uint32 (&buffer, offset, &offset, &tmp)) goto bail; } if (!egg_buffer_get_uint32 (&buffer, offset, &offset, &num_items)) goto bail; items = g_new0 (ItemInfo, num_items + 1); /* Hashed data, without secrets */ if (!read_hashed_item_info (&buffer, &offset, items, num_items)) goto bail; if (!egg_buffer_get_uint32 (&buffer, offset, &offset, &crypto_size)) goto bail; /* Make the crypted part is the right size */ if (crypto_size % 16 != 0) goto bail; /* Ensure the file is large enough to hold all the data (in case it got truncated) */ if (buffer.len < offset + crypto_size) goto bail; /* Copy the data into to_decrypt into non-pageable memory */ egg_buffer_set_allocator (&to_decrypt, egg_secure_realloc); egg_buffer_reserve (&to_decrypt, crypto_size); memcpy (to_decrypt.buf, buffer.buf + offset, crypto_size); to_decrypt.len = crypto_size; if (sdata != NULL) { master = gkm_secret_data_get_master (sdata); if (!decrypt_buffer (&to_decrypt, master, salt, hash_iterations)) goto bail; if (!verify_decrypted_buffer (&to_decrypt)) { res = GKM_DATA_LOCKED; goto bail; } else { offset = 16; /* Skip hash */ if (!read_full_item_info (&to_decrypt, &offset, items, num_items)) goto bail; } } /* Correctly read all data, possibly including the decrypted data. * Now update the keyring and items: */ gkm_secret_object_set_label (obj, display_name); gkm_secret_object_set_modified (obj, mtime); gkm_secret_object_set_created (obj, ctime); if (flags & LOCK_ON_IDLE_FLAG) gkm_secret_collection_set_lock_idle (collection, lock_timeout); else if (flags & LOCK_AFTER_FLAG) gkm_secret_collection_set_lock_after (collection, lock_timeout); /* Build a Hash table where we can track ids we haven't yet seen */ checks = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); iteml = gkm_secret_collection_get_items (collection); for (l = iteml; l; l = g_list_next (l)) g_hash_table_insert (checks, g_strdup (gkm_secret_object_get_identifier (l->data)), "unused"); g_list_free (iteml); for (i = 0; i < num_items; i++) { /* We've seen this id */ g_hash_table_remove (checks, items[i].identifier); item = gkm_secret_collection_get_item (collection, items[i].identifier); if (item == NULL) item = gkm_secret_collection_new_item (collection, items[i].identifier); setup_item_from_info (item, sdata, &items[i]); } g_hash_table_foreach (checks, remove_unavailable_item, collection); res = GKM_DATA_SUCCESS; bail: egg_buffer_uninit (&to_decrypt); if (checks) g_hash_table_destroy (checks); g_free (display_name); for (i = 0; items && i < num_items; i++) free_item_info (&items[i]); g_free (items); return res; }