xtunnelsxcipher.cpp

xtunnel nat/fw traversal source code

   TConversationInfoParam tConversation; // = { 0 };
   bzero(&tConversation, sizeof(tConversation));
   strcpy(tConversation.m_szLocalHost, ChildData()->Host());
   strcpy(tConversation.m_szRemoteHost, szHost);
   strcpy(tConversation.m_szRemoteUsername, szUsername);
   memcpy(tConversation.m_pCipherkeyBytes, pOutCipherKeyBytes, 32);
   tConversation.m_tExpires = time(NULL) + EConversationCacheDuration;

#if DEBUG
   TimeCheck("calling SendToMasterServers");
#endif // DEBUG

   iResult = SendToMasterServers(
      szHostPairPassword,
      tSequenceNumber,
      tConversation
   );
#if DEBUG
   CheckResult(iResult, "CreateAndSendCipherkey - SendToMasterServers");
#endif DEBUG
   */
   
   return iResult;
   }

int CXCipher::HandleMessageGlobalXCipherSaysToClearCache(XTunnels::TXTunnelsPacket* /*pReceivedPacket*/)
   {
   TChildToParentPipePacket tPipedInfo = { 0 };
   tPipedInfo.m_ulPacketType = EInfoPacketClearXCipherCache;

	// write whole thing for simplicity -- assume that it'll be less than PIPE_BUF so written atomically 
	long iPipeResult = PipeWrite(g_pChild2ParentInfoPipe, &tPipedInfo, sizeof(tPipedInfo));
	if (sizeof(tPipedInfo) != iPipeResult)
		{
#if DEBUG
		cout << "X-Tunnels: child " << getpid() << " CacheHostPairPassword failed to pipe password info to parent" << endl;
#endif //DEBUG
		}
	else if (-1 == kill(getppid(), SIGUSR2))
		{
#if DEBUG
		cout << "X-Tunnels: child " << getpid() << " CacheHostPairPassword failed to signal password info availability to parent" << endl;
#endif //DEBUG
		}

   exit(0);
   return 0; // just to quiet compiler
   }

int CXCipher::HandleMessageClientRequestXCipherSecureConversationKey(TXTunnelsPacket* pReceivedPacket)
   {
#if DEBUG
   StartTiming("HandleMessageClientRequestXCipherSecureConversationKey started");
#endif // DEBUG

   int iResult = 0;
   TClientRequestXCipherSecureConversationKeyParam tRequestUnpacked = { 0 };
   char* pCurrentReplyPayloadOffset = pReceivedPacket->m_tData.m_pPayload;
   tRequestUnpacked.m_usRemoteUserAtHostSize = XT2HOST16(*(unsigned short*)pCurrentReplyPayloadOffset);
   pCurrentReplyPayloadOffset += sizeof(tRequestUnpacked.m_usRemoteUserAtHostSize);
   memcpy(tRequestUnpacked.m_szRemoteUserAtHost, pCurrentReplyPayloadOffset, tRequestUnpacked.m_usRemoteUserAtHostSize);
   tRequestUnpacked.m_szRemoteUserAtHost[tRequestUnpacked.m_usRemoteUserAtHostSize] = 0;
   pCurrentReplyPayloadOffset += tRequestUnpacked.m_usRemoteUserAtHostSize;
   memcpy(&tRequestUnpacked.m_tConversationSessionGUID, pCurrentReplyPayloadOffset, sizeof(tRequestUnpacked.m_tConversationSessionGUID));

   // this could have been sent to us by another server
   char pCipherKeyBytes[32] = { 0 }; // will turn into 64-character ID string
 
   // string is "user@host"
   char szUsername[EMaxSmallBufferSize] = { 0 };
   char szHost[EMaxSmallBufferSize] = { 0 };
   char* szParse = szUsername;
   for (int iChar = 0; iChar < tRequestUnpacked.m_usRemoteUserAtHostSize; iChar++)
      {
      if (tRequestUnpacked.m_szRemoteUserAtHost[iChar] == '@')
         {
         *szParse = 0;
         szParse = szHost;
         }
      else
         {
         *szParse = tRequestUnpacked.m_szRemoteUserAtHost[iChar];
         szParse++;
         }
      }
   
   if (szHost[0] && szUsername[0])
      {
      MakeCipherkey(szHost, tRequestUnpacked.m_tConversationSessionGUID, pCipherKeyBytes);
      /* don't find it now -- make it from host
      // have we been sent it? Create and send it if not
#if DEBUG
      TimeCheck("calling FindCipherkey");
#endif // DEBUG
      if (FindCipherkey(szUsername, szHost, pCipherKeyBytes))
         {
#if DEBUG
         cout << "X-Cipher: HandleMessageClientRequestXCipherSecureConversationKey got one piped from parent " << endl;
#endif // DEBUG
         }
      else
         {
#if DEBUG
      TimeCheck("calling CreateAndSendCipherkey");
#endif // DEBUG
         iResult = CreateAndSendCipherkey(szUsername, szHost, pCipherKeyBytes);
         }
     */
      }
   else
      {
      iResult = EErrorBadRemoteHostBadClientRequest;
#if DEBUG
      cout << "X-Cipher: Could not parse '" << tRequestUnpacked.m_szRemoteUserAtHost << "' into user and host! " << endl;
#endif // DEBUG
      }
#if DEBUG
   cout << "X-Cipher: HandleMessageClientRequestXCipherSecureConversationKey: user: " << szUsername << " host: " << szHost << endl;
#endif // DEBUG
   
#if DEBUG
      TimeCheck("packing up reply for client");
#endif // DEBUG

   TServerToClientReplyXCipherSecureConversationKeyParam tReplyUnpacked = { 0 };
   tReplyUnpacked.m_usRemoteUserAtHostSize = tRequestUnpacked.m_usRemoteUserAtHostSize;
   strcpy(tReplyUnpacked.m_szRemoteUserAtHost, tRequestUnpacked.m_szRemoteUserAtHost);
   memcpy(&tReplyUnpacked.m_tConversationSessionGUID, &tRequestUnpacked.m_tConversationSessionGUID, sizeof(tRequestUnpacked.m_tConversationSessionGUID));
   tReplyUnpacked.m_dwErrorCode = iResult;
   const char* szErrorMessage = "";
   switch (iResult)
      {
      case 0: szErrorMessage = ""; break;
      case EErrorBadRemoteHost: szErrorMessage = "Unreachable remote address"; break;
      case EErrorBadRemoteHostBadName: szErrorMessage = "Asked for an empty remote host"; break;
      case EErrorBadRemoteHostBadClientRequest: szErrorMessage = "Client request packet was malformed"; break;
      case EErrorBadRemoteHostCouldNotFindPassword: szErrorMessage = "Could not find password for remote host"; break;
      case EErrorBadRemoteHostPasswordsDoNotMatch: szErrorMessage = "Global server passwords do not match"; break;
      case EErrorBadLocalHost: szErrorMessage = "This server is not registered"; break;
      case EErrorNoGlobalServer: szErrorMessage = "Could not reach global server"; break;
      case EErrorProtocolGlobalServer: szErrorMessage = "Global server protocol error"; break;
      case EErrorCommunicationGlobalServer: szErrorMessage = "Global server communication failed"; break;
      case EErrorProtocolMasterServer: szErrorMessage = "Master server protocol error"; break;
      case EErrorCommunicationMasterServer: szErrorMessage = "Master server communication failed"; break;
      default:
         {
         char szErrorMessageTemp[1024] = { 0 };
         sprintf(szErrorMessageTemp, "Unexpected error %d", iResult);
         //szErrorMessage = "Unexpected error";
         szErrorMessage = szErrorMessageTemp;
         }
         break;
      }
   tReplyUnpacked.m_usErrorReasonSize = strlen(szErrorMessage);
   strcpy(tReplyUnpacked.m_szErrorReason, szErrorMessage);
   if (iResult)
      {
      tReplyUnpacked.m_usCipherKeySize = 0;
      }
   else
      {
      //Get32ByteString((unsigned char*)pCipherKeyBytes, tReplyUnpacked.m_szCipherKey);
      GetSHA1DigestString((unsigned char*)pCipherKeyBytes, tReplyUnpacked.m_szCipherKey);

      tReplyUnpacked.m_usCipherKeySize = strlen(tReplyUnpacked.m_szCipherKey);
/*
#if DEBUG
   if (64 != tReplyUnpacked.m_usCipherKeySize)
         cout << "X-Cipher: Expected 64 cipher key length, got " << tReplyUnpacked.m_usCipherKeySize << endl;
#endif // DEBUG
*/
      }
   
	unsigned long ulPacketsize = 
	   sizeof(tReplyUnpacked.m_usRemoteUserAtHostSize)
	   + tReplyUnpacked.m_usRemoteUserAtHostSize
	   + sizeof(tReplyUnpacked.m_tConversationSessionGUID)
	   + sizeof(tReplyUnpacked.m_dwErrorCode)
	   + sizeof(tReplyUnpacked.m_usErrorReasonSize)
	   + tReplyUnpacked.m_usErrorReasonSize
	   + sizeof(tReplyUnpacked.m_usCipherKeySize)
	   + tReplyUnpacked.m_usCipherKeySize;
	g_tSendingPacket.m_tHeaderBasic.commandid = HOST2XT32(EMessage_ServerToClient_ReplyXCipherSecureConversationKey);
	g_tSendingPacket.m_tHeaderBasic.payloadsize = HOST2XT32(ulPacketsize);
   char* pCurrentPayloadOffset = g_tSendingPacket.m_tData.m_pPayload;
   
   *(unsigned short*)pCurrentPayloadOffset = HOST2XT16(tReplyUnpacked.m_usRemoteUserAtHostSize);
   pCurrentPayloadOffset += sizeof(tReplyUnpacked.m_usRemoteUserAtHostSize);
   memcpy(pCurrentPayloadOffset, tReplyUnpacked.m_szRemoteUserAtHost, tReplyUnpacked.m_usRemoteUserAtHostSize);
   pCurrentPayloadOffset += tReplyUnpacked.m_usRemoteUserAtHostSize;

   memcpy(pCurrentPayloadOffset, &tReplyUnpacked.m_tConversationSessionGUID, sizeof(tReplyUnpacked.m_tConversationSessionGUID));
   pCurrentPayloadOffset += sizeof(tReplyUnpacked.m_tConversationSessionGUID);

   *(unsigned long*)pCurrentPayloadOffset = HOST2XT32(tReplyUnpacked.m_dwErrorCode);
   pCurrentPayloadOffset += sizeof(tReplyUnpacked.m_dwErrorCode);

   *(unsigned short*)pCurrentPayloadOffset = HOST2XT16(tReplyUnpacked.m_usErrorReasonSize);
   pCurrentPayloadOffset += sizeof(tReplyUnpacked.m_usErrorReasonSize);
   memcpy(pCurrentPayloadOffset, tReplyUnpacked.m_szErrorReason, tReplyUnpacked.m_usErrorReasonSize);
   pCurrentPayloadOffset += tReplyUnpacked.m_usErrorReasonSize;

   *(unsigned short*)pCurrentPayloadOffset = HOST2XT16(tReplyUnpacked.m_usCipherKeySize);
   pCurrentPayloadOffset += sizeof(tReplyUnpacked.m_usCipherKeySize);
   memcpy(pCurrentPayloadOffset, tReplyUnpacked.m_szCipherKey, tReplyUnpacked.m_usCipherKeySize);
   pCurrentPayloadOffset += tReplyUnpacked.m_usCipherKeySize;

	if (ChildData()->SendPacketToClient(&g_tSendingPacket, ulPacketsize, false))
		return 1;

#if DEBUG
   TimeCheck("HandleMessageClientRequestXCipherSecureConversationKey completed");
#endif // DEBUG
		
   return 0;
   }

int CXCipher::GetConversationIDOrResetRequestFromCaller(int iCallerSocket)
   {
   int iResult = 0;
   unsigned long ulPacketIndex = 1;
   long lEncryptionType = EAlgorithm_None;
   char szUsToCallerEncryptionKey[EMaxSmallBufferSize] = { 0 };
   char szCallerToUsDecryptionKey[EMaxSmallBufferSize] = { 0 };
	unsigned long ulPacketsize = 0;
   TXTunnelsPacket* pReceivedPacket = NULL;

   char szHostPairPassword[EMaxSmallBufferSize] = { 0 };
   uuid_t tSequenceNumber = { 0 };

   pReceivedPacket = GetGlobalOrMasterServerPacket(lEncryptionType, iCallerSocket, 0, szCallerToUsDecryptionKey);
   if (!pReceivedPacket)
		{
#if DEBUG
		cout << "PROTOCOL ERROR: GetConversationIDFromCaller() failed to get EMessageVersion!!" << endl;
#endif // DEBUG
		iResult = XCipher::EErrorProtocolMasterServer;
		goto bail;
		}

   // master server --> CXgsMarshal_GlobalServerCommunication_Version --> global server
   // OR Gidden's reset command
   switch (pReceivedPacket->m_tHeaderBasic.commandid)
      {
      case EMessageVersion:
	      // ignore contents and continue
         break;
         
      case EMessage_GlobalXCipherSaysToClearCache:
         // CHILD would do this
         //return HandleMessageGlobalXCipherSaysToClearCache(pReceivedPacket);
         EmptyHostPairCache();
#if DEBUG
		   cout << "GetConversationIDOrResetRequestFromCaller() emptied host pair cache!" << endl;
#endif // DEBUG
         return 0;
         
      default:
#if DEBUG
		   cout << "PROTOCOL ERROR: GetConversationIDFromCaller() got unknown initial packet type!" << endl;
#endif // DEBUG
		   iResult = XCipher::EErrorProtocolMasterServer;
		   goto bail;
      }
		
   // master server -->CXgsMarshal_GlobalServerCommunication_MasterServerToGlobalServer_Hello --> global server
   pReceivedPacket = GetGlobalOrMasterServerPacket(lEncryptionType, iCallerSocket, EMessageClientHello, szCallerToUsDecryptionKey);
   if (!pReceivedPacket)
		{
#if DEBUG
		cout << "PROTOCOL ERROR: GetConversationIDFromCaller() failed to get EMessageClientHello!!" << endl;
#endif // DEBUG
		iResult = XCipher::EErrorProtocolMasterServer;
		goto bail;
		}
	TXCipherGlobalServerHelloParam tHelloUnpacked;
	bzero(&tHelloUnpacked, sizeof(tHelloUnpacked));
	{
   char* pCurrentHelloPayloadOffset = pReceivedPacket->m_tData.m_pPayload;
	tHelloUnpacked.how = XT2HOST32(*(unsigned long*)pCurrentHelloPayloadOffset);
	pCurrentHelloPayloadOffset += sizeof(tHelloUnpacked.how);
	tHelloUnpacked.useridsize = XT2HOST16(*(unsigned short*)pCurrentHelloPayloadOffset);
	pCurrentHelloPayloadOffset += sizeof(tHelloUnpacked.useridsize);
	memcpy(tHelloUnpacked.m_szUserID, pCurrentHelloPayloadOffset, tHelloUnpacked.useridsize);
	tHelloUnpacked.m_szUserID[tHelloUnpacked.useridsize] = 0;
	pCurrentHelloPayloadOffset += tHelloUnpacked.useridsize;
	tHelloUnpacked.algorithm = XT2HOST32(*(unsigned long*)pCurrentHelloPayloadOffset);
	pCurrentHelloPayloadOffset += sizeof(tHelloUnpacked.algorithm);
	tHelloUnpacked.challengeblobsize = XT2HOST32(*(unsigned long*)pCurrentHelloPayloadOffset);
	pCurrentHelloPayloadOffset += sizeof(tHelloUnpacked.challengeblobsize);
	memcpy(&tHelloUnpacked.challengeblob, pCurrentHelloPayloadOffset, sizeof(tHelloUnpacked.challengeblob));

	int iPasswordFindResult = GetHostPairPassword(
	   tHelloUnpacked.m_szUserID,
      g_szLocalXCipherHost,
      g_szLocalXCipherPassword,
      szHostPairPassword,
      tSequenceNumber
   );
   if (!iPasswordFindResult && memcmp(&tSequenceNumber, &tHelloUnpacked.challengeblob, sizeof(tSequenceNumber)))
      {
      // sequences don't match!
      CleanHostPairCache(tHelloUnpacked.m_szUserID);
      iPasswordFindResult = GetHostPairPassword(
         tHelloUnpacked.m_szUserID,
         g_szLocalXCipherHost,
         g_szLocalXCipherPassword,
         szHostPairPassword,
         tSequenceNumber
      );
      }
   if (iPasswordFindResult)
      {
      // should probably let remote know?
#if DEBUG
		cout << "PROTOCOL ERROR: GetConversationIDFromCaller() failed to get get password!!" << endl;
#endif // DEBUG
		iResult = XCipher::EErrorBadRemoteHostCouldNotFindPassword;
      goto bail;
      }
   if (memcmp(&tSequenceNumber, &tHelloUnpacked.challengeblob, sizeof(tSequenceNumber)))
      {
#if DEBUG
		cout << "PROTOCOL ERROR: GetConversationIDFromCaller() passwords do not match!!" << endl;
#endif // DEBUG
      // should probably let remote know?
		iResult = XCipher::EErrorBadRemoteHostPasswordsDoNotMatch;
      goto bail;
      }
	}

   // master server <-- CXgsMarshal_GlobalServerCommunication_Version <-- global server
	ulPacketsize = sizeof(TVersionParam);
	g_tSendingPacket.m_tHeaderBasic.commandid = HOST2XT32(EMessageVersion);
	g_tSendingPacket.m_tHeaderBasic.payloadsize = HOST2XT32(ulPacketsize);
	g_tSendingPacket.m_tData.m_tVersion.m_byProtocolMajor = XCipher::EGlobalServer_VERSION_PROTOCOL_MAJOR;
	g_tSendingPacket.m_tData.m_tVersion.m_byProtocolMinor = XCipher::EGlobalServer_VERSION_PROTOCOL_MINOR;
	g_tSendingPacket.m_tData.m_tVersion.m_wVersionID = HOST2XT16(ECurrentServerVersion);
	if (SendPacketToGlobalOrMasterServer(&g_tSendingPacket, ulPacketsize, ulPacketIndex, lEncryptionType, iCallerSocket, szUsToCallerEncryptionKey))
		{
#if DEBUG
		cout << "PROTOCOL ERROR: GetConversationIDFromCaller() failed to send EMessageVersion!!" << endl;
#endif // DEBUG
		iResult = XCipher::EErrorCommunicationMasterServer;
		goto bail;
		}

   // master server <-- CXgsMarshal_GlobalServerCommunication_GlobalServerToMasterServer_Challenge <-- global server
	ulPacketsize = sizeof(unsigned long) + sizeof(unsigned long) + sizeof(uuid_t);
	g_tSendingPacket.m_tHeaderBasic.commandid = HOST2XT32(EMessageServerChallenge);
	g_tSendingPacket.m_tHeaderBasic.payloadsize = HOST2XT32(ulPacketsize);
	g_tSendingPacket.m_tData.serverchallenge.algorithm = HOST2XT32(EAlgorithm_SHA1);
	g_tSendingPacket.m_tData.serverchallenge.challengeblobsize = HOST2XT32(sizeof(tSequenceNumber));
	memcpy(&g_tSendingPacket.m_tData.serverchallenge.challengeblob, &tSequenceNumber, sizeof(tSequenceNumber));
	if (SendPacketToGlobalOrMasterServer(&g_tSendingPacket, ulPacketsize, ulPacketIndex, lEncryptionType, iCallerSocket, szUsToCallerEncryptionKey))
		{
#if DEBUG
		cout << "PROTOCOL ERROR: GetConversationIDFromCaller() failed to send EMessageServerChallenge!!" << endl;
#endif // DEBUG
		iResult = XCipher::EErrorCommunicationMasterServer;
		goto bail;
		}

   // master server --> CXgsMarshal_GlobalServerCommunication_ChallengeReply --> global server
   {
   pReceivedPacket = GetGlobalOrMasterServerPacket(lEncryptionType, iCal