xtunnelsxcipher.cpp

xtunnel nat/fw traversal source code

   }
   
void CXCipher::UpdateConversationCache(TConversationInfoParam& tNewConversation)
   {
   CleanCaches();
   m_cConversationCache.push_back(tNewConversation);
   }
   
void CXCipher::CacheHostPairPassword(
      const char* szRemote,
      const char* szLocal,
      const char* szHostPairPassword,
      uuid_t& tSequenceNumber
   )
   {
   if (!szRemote || !szLocal || !szHostPairPassword)
      return;
      
   TChildToParentPipePacket tPipedInfo = { 0 };
   tPipedInfo.m_ulPacketType = EInfoPacketGotHostKeyPassword;
   strcpy(tPipedInfo.m_tPairPassword.m_szHostOne, szRemote);
   strcpy(tPipedInfo.m_tPairPassword.m_szHostTwo, szLocal);
   strcpy(tPipedInfo.m_tPairPassword.m_szPairPassword, szHostPairPassword);
   tPipedInfo.m_tPairPassword.m_tSequenceNumber = tSequenceNumber;
   tPipedInfo.m_tPairPassword.m_tExpires = time(NULL) + EHostPairCacheDuration;

   // store in our cache
   UpdateHostPairCache(tPipedInfo.m_tPairPassword);
   
   // pipe key pair to parent for future children's use
	// write whole thing for simplicity -- assume that it'll be less than PIPE_BUF so written atomically 
	long iPipeResult = PipeWrite(g_pChild2ParentInfoPipe, &tPipedInfo, sizeof(tPipedInfo));
	if (sizeof(tPipedInfo) != iPipeResult)
		{
#if DEBUG
		cout << "X-Tunnels: child " << getpid() << " CacheHostPairPassword failed to pipe password info to parent" << endl;
#endif //DEBUG
		}
	else if (-1 == kill(getppid(), SIGUSR2))
		{
#if DEBUG
		cout << "X-Tunnels: child " << getpid() << " CacheHostPairPassword failed to signal password info availability to parent" << endl;
#endif //DEBUG
		}
   }

int CXCipher::GetHostPairPassword(
      const char* szRemote,
      const char* szLocal,
      const char* szLocalPassword,
      char* szOutHostPairPassword,
      uuid_t& tOutSequenceNumber
   )
   {
   int iResult = 0;
   szOutHostPairPassword[0] = 0;
   if (!szRemote[0])
      return EErrorBadRemoteHostBadName;
   if (!szLocal[0] || !szLocalPassword[0])
      return EErrorBadLocalHost;
      
   GetHostPairPasswordFromCache(
      szRemote,
      szLocal,
      szOutHostPairPassword,
      tOutSequenceNumber
   );
   
   if (!szOutHostPairPassword[0])
      {
      iResult = GetHostPairPasswordFromGlobalServer(
         szRemote,
         szLocal,
         szLocalPassword,
         szOutHostPairPassword,
         tOutSequenceNumber
      );
      if (!iResult && szOutHostPairPassword[0])
         CacheHostPairPassword(
            szRemote,
            szLocal,
            szOutHostPairPassword,
            tOutSequenceNumber
         );
      }
   
   return iResult;
   }

int CXCipher::GetHostPairPasswordFromGlobalServer(
      const char* szRemote,
      const char* szLocal,
      const char* szLocalPassword,
      char* szOutHostPairPassword,
      uuid_t& tOutSequenceNumber
   )
   {
   int iResult = 0;
	unsigned long ulPacketsize = 0;
   unsigned long ulPacketIndex = 1;
   long lEncryptionType = EAlgorithm_None;
   TXTunnelsPacket* pReceivedPacket = NULL;
   char szMasterToGlobalEncryptionKey[EMaxSmallBufferSize] = { 0 };
   char szGlobalToMasterDecryptionKey[EMaxSmallBufferSize] = { 0 };

   int iGlobalServerSocket = ConnectToGlobalServer();
   if (iGlobalServerSocket < 1)
      return EErrorNoGlobalServer;

   uuid_t tChallengeBlob = { 0 };
	FillWithRandomLongs(&tChallengeBlob, sizeof(tChallengeBlob));
   iResult = DoGlobalOrMasterServerLogin(
      iGlobalServerSocket,
      ulPacketIndex,
      lEncryptionType,
      szLocal,
      tChallengeBlob,
      szLocalPassword,
      szMasterToGlobalEncryptionKey,
      szGlobalToMasterDecryptionKey
   );
   if (iResult)
      return iResult;

   // --> RequestSecureHostKeyPair
   {
   TXCipherGlobalServerRequestSecureHostKeyPairParam tRequestUnpacked = { 0 };
   const char* szFakeRequestID = "1234567890";
   tRequestUnpacked.m_usRequestIDSize = strlen(szFakeRequestID);
   strcpy(tRequestUnpacked.m_szRequestID, szFakeRequestID);
   tRequestUnpacked.m_usSourceSecureHostSize = strlen(szLocal);
   strcpy(tRequestUnpacked.m_szSourceSecureHost, szLocal);
   tRequestUnpacked.m_usDestinationSecureHostSize = strlen(szRemote);
   strcpy(tRequestUnpacked.m_szDestinationSecureHost, szRemote);
   // now pack and send it
	ulPacketsize = 
	   sizeof(tRequestUnpacked.m_usRequestIDSize)
	   + tRequestUnpacked.m_usRequestIDSize
	   + sizeof(tRequestUnpacked.m_usSourceSecureHostSize)
	   + tRequestUnpacked.m_usSourceSecureHostSize
	   + sizeof(tRequestUnpacked.m_usDestinationSecureHostSize)
	   + tRequestUnpacked.m_usDestinationSecureHostSize;
	g_tSendingPacket.m_tHeaderBasic.commandid = HOST2XT32(EMessageGlobalServerCommunication_MasterServerToGlobalServer_RequestSecureHostKeyPair);
	g_tSendingPacket.m_tHeaderBasic.payloadsize = HOST2XT32(ulPacketsize);
   char* pCurrentPayloadOffset = g_tSendingPacket.m_tData.m_pPayload;
   *(unsigned short*)pCurrentPayloadOffset = HOST2XT16(tRequestUnpacked.m_usRequestIDSize);
   pCurrentPayloadOffset += sizeof(tRequestUnpacked.m_usRequestIDSize);
   memcpy(pCurrentPayloadOffset, tRequestUnpacked.m_szRequestID, tRequestUnpacked.m_usRequestIDSize);
   pCurrentPayloadOffset += tRequestUnpacked.m_usRequestIDSize;
   *(unsigned short*)pCurrentPayloadOffset = HOST2XT16(tRequestUnpacked.m_usSourceSecureHostSize);
   pCurrentPayloadOffset += sizeof(tRequestUnpacked.m_usSourceSecureHostSize);
   memcpy(pCurrentPayloadOffset, tRequestUnpacked.m_szSourceSecureHost, tRequestUnpacked.m_usSourceSecureHostSize);
   pCurrentPayloadOffset += tRequestUnpacked.m_usSourceSecureHostSize;
   *(unsigned short*)pCurrentPayloadOffset = HOST2XT16(tRequestUnpacked.m_usDestinationSecureHostSize);
   pCurrentPayloadOffset += sizeof(tRequestUnpacked.m_usDestinationSecureHostSize);
   memcpy(pCurrentPayloadOffset, tRequestUnpacked.m_szDestinationSecureHost, tRequestUnpacked.m_usDestinationSecureHostSize);
   pCurrentPayloadOffset += tRequestUnpacked.m_usDestinationSecureHostSize;
	if (SendPacketToGlobalOrMasterServer(&g_tSendingPacket, ulPacketsize, ulPacketIndex, lEncryptionType, iGlobalServerSocket, szMasterToGlobalEncryptionKey))
		{
		iResult = EErrorCommunicationGlobalServer;
		goto bail;
		}
   }
   
#if DEBUG
      TimeCheck("waiting for EMessageGlobalServerCommunication_GlobalServerToMasterServer_ReplySecureHostKeyPair");
#endif // DEBUG
   // <-- ReplySecureHostKeyPair
   {
   pReceivedPacket = GetGlobalOrMasterServerPacket(lEncryptionType, iGlobalServerSocket, EMessageGlobalServerCommunication_GlobalServerToMasterServer_ReplySecureHostKeyPair, szGlobalToMasterDecryptionKey);
   if (!pReceivedPacket)
		{
#if DEBUG
		   cout << "PROTOCOL ERROR: GetGlobalOrMasterServerPacket() failed to get EMessageGlobalServerCommunication_GlobalServerToMasterServer_ReplySecureHostKeyPair!!" << endl;
#endif // DEBUG
		iResult = EErrorProtocolGlobalServer;
		goto bail;
		}
#if DEBUG
    TimeCheck("got password from master server");
#endif // DEBUG
   TXCipherGlobalServerReplySecureHostKeyPairParam tReplyUnpacked = { 0 };
   char* pCurrentReplyPayloadOffset = pReceivedPacket->m_tData.m_pPayload;
   tReplyUnpacked.m_usRequestIDSize = XT2HOST16(*(unsigned short*)pCurrentReplyPayloadOffset);
   pCurrentReplyPayloadOffset += sizeof(tReplyUnpacked.m_usRequestIDSize);
   memcpy(tReplyUnpacked.m_szRequestID, pCurrentReplyPayloadOffset, tReplyUnpacked.m_usRequestIDSize);
   tReplyUnpacked.m_szRequestID[tReplyUnpacked.m_usRequestIDSize] = 0;
   pCurrentReplyPayloadOffset += tReplyUnpacked.m_usRequestIDSize;
   memcpy(&tReplyUnpacked.m_tSequenceNumber, pCurrentReplyPayloadOffset, tReplyUnpacked.m_usRequestIDSize);
   pCurrentReplyPayloadOffset += sizeof(tReplyUnpacked.m_tSequenceNumber);
   tReplyUnpacked.m_usSecureHostKeyPairPasswordSize = XT2HOST16(*(unsigned short*)pCurrentReplyPayloadOffset);
   pCurrentReplyPayloadOffset += sizeof(tReplyUnpacked.m_usSecureHostKeyPairPasswordSize);
   memcpy(tReplyUnpacked.m_szSecureHostKeyPairPassword, pCurrentReplyPayloadOffset, tReplyUnpacked.m_usSecureHostKeyPairPasswordSize);
   tReplyUnpacked.m_szRequestID[tReplyUnpacked.m_usSecureHostKeyPairPasswordSize] = 0;
   pCurrentReplyPayloadOffset += tReplyUnpacked.m_usSecureHostKeyPairPasswordSize;
   
   strcpy(szOutHostPairPassword, tReplyUnpacked.m_szSecureHostKeyPairPassword);
   memcpy(&tOutSequenceNumber, &tReplyUnpacked.m_tSequenceNumber, 16);
   }

   // that's it, we're done
#if DEBUG
    TimeCheck("calling DisconnectPolitely");
#endif // DEBUG
   DisconnectPolitely(
      iGlobalServerSocket,
      ulPacketIndex,
      lEncryptionType,
      szMasterToGlobalEncryptionKey,
      szGlobalToMasterDecryptionKey
   );
#if DEBUG
    TimeCheck("finished DisconnectingPolitely");
#endif // DEBUG
   
bail:
   
   r_close(iGlobalServerSocket);

#if DEBUG
    TimeCheck("closed global server socket");
#endif // DEBUG
   
#if DEBUG
   CheckResult(iResult, "GetHostPairPasswordFromGlobalServer");
#endif DEBUG
   return iResult;
   }

// piped from child
void  CXCipher::HandleCipherKeyRequest(TCipherKeyRequest& tRequest)
   {
   TParentToChildPipePacket tReply = { 0 };
   tReply.m_ulPacketType = EInfoPacketCipherKey;
   tReply.m_tCipherKey.m_bFoundCipherKey = GetCipherkeyFromCache(
      tRequest.m_szLocalHost,
      tRequest.m_szRemoteHost,
      tRequest.m_szRemoteUsername,
      tReply.m_tCipherKey.m_pCipherkeyBytes
   );

   // pipe reply to child; sequentiality of signals should assure that correct one is listening
	// write whole thing for simplicity -- assume that it'll be less than PIPE_BUF so written atomically 
	long iPipeResult = PipeWrite(g_pParent2ChildInfoPipe, &tReply, sizeof(tReply));
	if (sizeof(tReply) != iPipeResult)
		{
#if DEBUG
		cout << "X-Cipher: HandleCipherKeyRequest failed to pipe cipher key to child" << endl;
#endif //DEBUG
		}
   }

bool CXCipher::FindCipherkey(
   const char* szUsername,
   const char* szHost,
   char* pOutCipherKeyBytes
   )
   {
   TChildToParentPipePacket tPipedRequest = { 0 };
   tPipedRequest.m_ulPacketType = EInfoPacketWantCipherKey;
   tPipedRequest.m_tKeyRequest.m_ulRequesterPID = getpid();
   strcpy(tPipedRequest.m_tKeyRequest.m_szLocalHost, ChildData()->Host());
   strcpy(tPipedRequest.m_tKeyRequest.m_szRemoteHost, szHost);
   strcpy(tPipedRequest.m_tKeyRequest.m_szRemoteUsername, szUsername);

#if DEBUG
   cout << "X-Cipher: child " << getpid() << " FindCipherkey asking parent for "
         << ChildData()->Host() << " & " << szHost << " user " << szUsername << endl;
#endif //DEBUG
   // pipe request to parent
	// write whole thing for simplicity -- assume that it'll be less than PIPE_BUF so written atomically 
	long iPipeResult = PipeWrite(g_pChild2ParentInfoPipe, &tPipedRequest, sizeof(tPipedRequest));
	if (sizeof(tPipedRequest) != iPipeResult)
		{
#if DEBUG
		cout << "X-Cipher: child " << getpid() << " FindCipherkey failed to pipe cipher key request to parent" << endl;
#endif //DEBUG
		}
	else if (-1 == kill(getppid(), SIGUSR2))
		{
#if DEBUG
		cout << "X-Cipher: child " << getpid() << " FindCipherkey failed to signal cipher key request availability to parent" << endl;
#endif //DEBUG
		}

   TParentToChildPipePacket tPipedReply = { 0 };
	iPipeResult = PipeRead(g_pParent2ChildInfoPipe, &tPipedRequest, sizeof(tPipedReply));
	if (sizeof(tPipedReply) != iPipeResult)
		{
#if DEBUG
		cout << "X-Cipher: child " << getpid() << " FindCipherkey failed to pipe cipher key response from parent" << endl;
#endif //DEBUG
      }
	memcpy(pOutCipherKeyBytes, tPipedReply.m_tCipherKey.m_pCipherkeyBytes, 32);
#if DEBUG
   cout << "X-Cipher: child " << getpid() << " FindCipherkey piped response " << tPipedReply.m_tCipherKey.m_pCipherkeyBytes << ", " << (tPipedReply.m_tCipherKey.m_bFoundCipherKey ? "true" : "false") << endl;
#endif //DEBUG

	return tPipedReply.m_tCipherKey.m_bFoundCipherKey;
   }

int CXCipher::MakeCipherkey(
   const char* szHost,
   const uuid_t& tSessionGUID, 
   char* pOutCipherKeyBytes
   )
   {
   char szHostPairPassword[EMaxSmallBufferSize] = { 0 };
   uuid_t tSequenceNumber = { 0 };
   int iResult = GetHostPairPassword(
      szHost,
      g_szLocalXCipherHost,
      g_szLocalXCipherPassword,
      szHostPairPassword,
      tSequenceNumber
   );
   if (iResult)
      {
#if DEBUG
      CheckResult(iResult, "MakeCipherkey - GetHostPairPassword");
 #endif DEBUG
      return iResult;
      }
	unsigned long ulOutDigestSize = 0;
	MakeSHA1SessionKeyColonPasswordDigest(
	   sizeof(tSessionGUID),
	   (char*)&tSessionGUID,
	   szHostPairPassword,
	   ulOutDigestSize,
	   pOutCipherKeyBytes
	   );

	return 0;
   }
   
int CXCipher::CreateAndSendCipherkey(
   const char* /*szUsername*/,
   const char* szHost,
   char* pOutCipherKeyBytes
   )
   {
   FillWithRandomLongs(pOutCipherKeyBytes, 32);
   char szHostPairPassword[EMaxSmallBufferSize] = { 0 };
   uuid_t tSequenceNumber = { 0 };

#if DEBUG
      TimeCheck("calling GetHostPairPassword");
#endif // DEBUG

   int iResult = GetHostPairPassword(
      szHost,
      g_szLocalXCipherHost,
      g_szLocalXCipherPassword,
      szHostPairPassword,
      tSequenceNumber
   );
   if (iResult)
      {
#if DEBUG
      CheckResult(iResult, "CreateAndSendCipherkey - GetHostPairPasswordFromGlobalServer");
 #endif DEBUG
      return iResult;
      }
#if DEBUG
   cout << "X-Cipher: CreateAndSendCipherkey got host pair password " << szHostPairPassword << " [" << strlen(szHostPairPassword) << "] " << endl;
#endif //DEBUG

   /*