Session(const std::shared_ptr<GlobalGrid::VSocket>& socket,unsigned char* key, unsigned char* claimedThumbprint) {
memcpy(this->key,key,32);
this->socket = socket;
secure_random_bytes(&challenge,16);
verified = false;
memcpy(this->claimedThumbprint,claimedThumbprint,16);
}
void Handshake(const std::shared_ptr<GlobalGrid::VSocket>& socket, void* remoteKey) {
//Remote thumbprint + AES session key
unsigned char thumbprint[16];
Session session(socket);
session.verified = true; //If they can send back a response (properly encoded; that is); we know that we're verified.
secure_random_bytes(session.key,32);
RSA_thumbprint(remoteKey,thumbprint);
//Encrypt second part of message containing AES session key
void* buffy = RSA_Encrypt(remoteKey,session.key,32);
unsigned char* buffy_bytes;
size_t buffy_size;
GlobalGrid::Buffer_Get(buffy,&buffy_bytes,&buffy_size); //Be careful. Buffy bytes!
unsigned char* mander = new unsigned char[16+buffy_size];
memcpy(mander,thumbprint,16);
memcpy(mander+16,buffy_bytes,buffy_size);
socket->Send(mander,16+buffy_size); //Send Charmander into battle.
sessions.insert(session);
delete[] mander;
GlobalGrid::GGObject_Free(buffy);
}
static struct CEntry *MakeConn(struct RPC2_PacketBuffer *pb)
{
struct Init1Body *ib1;
struct CEntry *ce;
say(9, RPC2_DebugLevel, " Request on brand new connection\n");
ib1 = (struct Init1Body *)(pb->Body);
#define INIT1LENGTH \
(sizeof(struct RPC2_PacketHeader) + sizeof(struct Init1Body) - \
sizeof(ib1->Text))
if (pb->Prefix.LengthOfPacket < INIT1LENGTH ||
pb->Prefix.LengthOfPacket <
(INIT1LENGTH + ntohl(ib1->FakeBody_ClientIdent_SeqLen))) {
/* avoid memory reference errors from bogus packets */
say(1, RPC2_DebugLevel, "Ignoring short Init1 packet\n");
return NULL;
}
ce = rpc2_AllocConn(pb->Prefix.PeerAddr);
ce->TimeStampEcho = pb->Header.TimeStamp;
TVTOTS(&pb->Prefix.RecvStamp, ce->RequestTime);
say(15, RPC2_DebugLevel, "makeconn TS %u RQ %u\n", ce->TimeStampEcho,
ce->RequestTime);
switch ((int)pb->Header.Opcode) {
case RPC2_INIT1OPENKIMONO:
ce->SecurityLevel = RPC2_OPENKIMONO;
break;
case RPC2_INIT1AUTHONLY:
ce->SecurityLevel = RPC2_AUTHONLY;
break;
case RPC2_INIT1HEADERSONLY:
ce->SecurityLevel = RPC2_HEADERSONLY;
break;
case RPC2_INIT1SECURE:
ce->SecurityLevel = RPC2_SECURE;
break;
default:
assert(FALSE);
}
if (ce->SecurityLevel != RPC2_OPENKIMONO) {
secure_random_bytes(&ce->NextSeqNumber, sizeof(ce->NextSeqNumber));
ce->EncryptionType = ntohl(ib1->FakeBody_EncryptionType);
}
SetRole(ce, SERVER);
SetState(ce, S_STARTBIND);
ce->PeerHandle = pb->Header.LocalHandle;
ce->sa.peer_spi = pb->Header.LocalHandle;
ce->SubsysId = pb->Header.SubsysId;
ce->PeerUnique = pb->Header.Uniquefier;
ce->SEProcs = NULL;
ce->Color = GetPktColor(pb);
#ifdef RPC2DEBUG
if (RPC2_DebugLevel > 9) {
printf("New Connection %p......\n", ce);
rpc2_PrintCEntry(ce, rpc2_tracefile);
(void)fflush(rpc2_tracefile);
}
#endif
rpc2_NoteBinding(pb->Prefix.PeerAddr, ce->PeerHandle, pb->Header.Uniquefier,
ce->UniqueCID);
return (ce);
}