# # patch "netcmd.cc" # from [ac2aee5342c821fd22c0a4fbc9a66c30886d0b00] # to [feff9457b6ea819cad0007c67d5fbe0cdf0d1cd7] # # patch "netcmd.hh" # from [c1b1608f8cc8ad67cf06df57fa26fdf6447fea4f] # to [e5ff1935d62b436ff4a8d3e63adc492146ff4a90] # # patch "netsync.cc" # from [ff9431fc8061edcd03b381fa419799baa53b09a0] # to [492fe6044e61209e5edb00016262062ade0ee65c] # --- netcmd.cc +++ netcmd.cc @@ -78,29 +78,22 @@ out += static_cast(version); out += static_cast(cmd_code); insert_variable_length_string(payload, out); - if (version < 5) + + I(key().size() == CryptoPP::SHA::DIGESTSIZE); + I(key().size() == hmac_val().size()); + byte keybuf[CryptoPP::SHA::DIGESTSIZE]; + for (size_t i = 0; i < sizeof(keybuf); i++) { - adler32 check(reinterpret_cast(payload.data()), payload.size()); - insert_datum_lsb(check.sum(), out); + keybuf[i] = key()[i] ^ hmac_val()[i]; } - else - { - I(key().size() == CryptoPP::SHA::DIGESTSIZE); - I(key().size() == hmac_val().size()); - byte keybuf[CryptoPP::SHA::DIGESTSIZE]; - for (size_t i = 0; i < sizeof(keybuf); i++) - { - keybuf[i] = key()[i] ^ hmac_val()[i]; - } - CryptoPP::HMAC hmac(keybuf, sizeof(keybuf)); - char digest[CryptoPP::SHA::DIGESTSIZE]; - hmac.CalculateDigest(reinterpret_cast(digest), - reinterpret_cast(out.data() + oldlen), - out.size() - oldlen); - string digest_str(digest, sizeof(digest)); - hmac_val = netsync_hmac_value(digest_str); - out.append(digest_str); - } + CryptoPP::HMAC hmac(keybuf, sizeof(keybuf)); + char digest[CryptoPP::SHA::DIGESTSIZE]; + hmac.CalculateDigest(reinterpret_cast(digest), + reinterpret_cast(out.data() + oldlen), + out.size() - oldlen); + string digest_str(digest, sizeof(digest)); + hmac_val = netsync_hmac_value(digest_str); + out.append(digest_str); } // last should be zero (doesn't mean we're compatible with version 0). @@ -182,22 +175,11 @@ throw bad_decode(F("oversized payload of '%d' bytes") % payload_len); // there might not be enough data yet in the input buffer - if (version < 5) + if (inbuf.size() < pos + payload_len + CryptoPP::SHA::DIGESTSIZE) { - if (inbuf.size() < pos + payload_len + sizeof(u32)) - { - inbuf.reserve(pos + payload_len + sizeof(u32) + constants::bufsz); - return false; - } + inbuf.reserve(pos + payload_len + CryptoPP::SHA::DIGESTSIZE + constants::bufsz); + return false; } - else - { - if (inbuf.size() < pos + payload_len + CryptoPP::SHA::DIGESTSIZE) - { - inbuf.reserve(pos + payload_len + CryptoPP::SHA::DIGESTSIZE + constants::bufsz); - return false; - } - } // out.payload = extract_substring(inbuf, pos, payload_len, "netcmd payload"); // Do this ourselves, so we can swap the strings instead of copying. @@ -209,40 +191,27 @@ pos = 0; // they might have given us bogus data - if (version < 5) + string cmd_digest = extract_substring(inbuf, pos, CryptoPP::SHA::DIGESTSIZE, + "netcmd HMAC"); + inbuf.erase(0, pos); + I(key().size() == CryptoPP::SHA::DIGESTSIZE); + I(key().size() == hmac_val().size()); + byte keybuf[CryptoPP::SHA::DIGESTSIZE]; + for (size_t i = 0; i < sizeof(keybuf); i++) { - payload.erase(0, payload_pos); - u32 checksum = extract_datum_lsb(inbuf, pos, "netcmd checksum"); - inbuf.erase(0, pos); - adler32 check(reinterpret_cast(payload.data()), - payload.size()); - if (checksum != check.sum()) - throw bad_decode(F("bad checksum 0x%x vs. 0x%x") % checksum % check.sum()); + keybuf[i] = key()[i] ^ hmac_val()[i]; } - else - { - string cmd_digest = extract_substring(inbuf, pos, CryptoPP::SHA::DIGESTSIZE, - "netcmd HMAC"); - inbuf.erase(0, pos); - I(key().size() == CryptoPP::SHA::DIGESTSIZE); - I(key().size() == hmac_val().size()); - byte keybuf[CryptoPP::SHA::DIGESTSIZE]; - for (size_t i = 0; i < sizeof(keybuf); i++) - { - keybuf[i] = key()[i] ^ hmac_val()[i]; - } - CryptoPP::HMAC hmac(keybuf, sizeof(keybuf)); - char digest_buf[CryptoPP::SHA::DIGESTSIZE]; - hmac.CalculateDigest(reinterpret_cast(digest_buf), - reinterpret_cast(payload.data()), - payload.size()); - string digest(digest_buf, sizeof(digest_buf)); - if (cmd_digest != digest) - throw bad_decode(F("bad HMAC %s vs. %s") % encode_hexenc(cmd_digest) - % encode_hexenc(digest)); - hmac_val = netsync_hmac_value(digest); - payload.erase(0, payload_pos); - } + CryptoPP::HMAC hmac(keybuf, sizeof(keybuf)); + char digest_buf[CryptoPP::SHA::DIGESTSIZE]; + hmac.CalculateDigest(reinterpret_cast(digest_buf), + reinterpret_cast(payload.data()), + payload.size()); + string digest(digest_buf, sizeof(digest_buf)); + if (cmd_digest != digest) + throw bad_decode(F("bad HMAC %s vs. %s") % encode_hexenc(cmd_digest) + % encode_hexenc(digest)); + hmac_val = netsync_hmac_value(digest); + payload.erase(0, payload_pos); return true; } @@ -303,31 +272,10 @@ } -void -netcmd::read_anonymous_cmd(protocol_role & role, - std::string & pattern, - id & nonce2) const -{ - size_t pos = 0; - // syntax is: - u8 role_byte = extract_datum_lsb(payload, pos, "anonymous netcmd, role"); - if (role_byte != static_cast(source_role) - && role_byte != static_cast(sink_role) - && role_byte != static_cast(source_and_sink_role)) - throw bad_decode(F("unknown role specifier %d") % widen(role_byte)); - role = static_cast(role_byte); - extract_variable_length_string(payload, pattern, pos, - "anonymous netcmd, pattern"); - nonce2 = id(extract_substring(payload, pos, - constants::merkle_hash_length_in_bytes, - "anonymous netcmd, nonce2")); - assert_end_of_buffer(payload, pos, "anonymous netcmd payload"); -} - void -netcmd::read_anonymous_cmd_hmac(protocol_role & role, - std::string & pattern, - rsa_oaep_sha_data & hmac_key_encrypted) const +netcmd::read_anonymous_cmd(protocol_role & role, + std::string & pattern, + rsa_oaep_sha_data & hmac_key_encrypted) const { size_t pos = 0; // syntax is: @@ -346,22 +294,10 @@ assert_end_of_buffer(payload, pos, "anonymous(hmac) netcmd payload"); } -void -netcmd::write_anonymous_cmd(protocol_role role, - std::string const & pattern, - id const & nonce2) -{ - cmd_code = anonymous_cmd; - I(nonce2().size() == constants::merkle_hash_length_in_bytes); - payload = static_cast(role); - insert_variable_length_string(pattern, payload); - payload += nonce2(); -} - void -netcmd::write_anonymous_cmd_hmac(protocol_role role, - std::string const & pattern, - rsa_oaep_sha_data const & hmac_key_encrypted) +netcmd::write_anonymous_cmd(protocol_role role, + std::string const & pattern, + rsa_oaep_sha_data const & hmac_key_encrypted) { cmd_code = anonymous_cmd; payload = static_cast(role); @@ -374,44 +310,11 @@ string & pattern, id & client, id & nonce1, - id & nonce2, + rsa_oaep_sha_data & hmac_key_encrypted, string & signature) const { size_t pos = 0; // syntax is: - // - // - u8 role_byte = extract_datum_lsb(payload, pos, "auth netcmd, role"); - if (role_byte != static_cast(source_role) - && role_byte != static_cast(sink_role) - && role_byte != static_cast(source_and_sink_role)) - throw bad_decode(F("unknown role specifier %d") % widen(role_byte)); - role = static_cast(role_byte); - extract_variable_length_string(payload, pattern, pos, "auth netcmd, pattern"); - client = id(extract_substring(payload, pos, - constants::merkle_hash_length_in_bytes, - "auth netcmd, client identifier")); - nonce1 = id(extract_substring(payload, pos, - constants::merkle_hash_length_in_bytes, - "auth netcmd, nonce1")); - nonce2 = id(extract_substring(payload, pos, - constants::merkle_hash_length_in_bytes, - "auth netcmd, nonce2")); - extract_variable_length_string(payload, signature, pos, - "auth netcmd, signature"); - assert_end_of_buffer(payload, pos, "auth netcmd payload"); -} - -void -netcmd::read_auth_cmd_hmac(protocol_role & role, - string & pattern, - id & client, - id & nonce1, - rsa_oaep_sha_data & hmac_key_encrypted, - string & signature) const -{ - size_t pos = 0; - // syntax is: // // u8 role_byte = extract_datum_lsb(payload, pos, "auth netcmd, role"); @@ -436,74 +339,34 @@ assert_end_of_buffer(payload, pos, "auth(hmac) netcmd payload"); } -void -netcmd::write_auth_cmd(protocol_role role, - string const & pattern, +void +netcmd::write_auth_cmd(protocol_role role, + string const & pattern, id const & client, - id const & nonce1, - id const & nonce2, + id const & nonce1, + rsa_oaep_sha_data const & hmac_key_encrypted, string const & signature) { cmd_code = auth_cmd; I(client().size() == constants::merkle_hash_length_in_bytes); I(nonce1().size() == constants::merkle_hash_length_in_bytes); - I(nonce2().size() == constants::merkle_hash_length_in_bytes); payload = static_cast(role); insert_variable_length_string(pattern, payload); payload += client(); payload += nonce1(); - payload += nonce2(); - insert_variable_length_string(signature, payload); -} - - -void -netcmd::write_auth_cmd_hmac(protocol_role role, - string const & pattern, - id const & client, - id const & nonce1, - rsa_oaep_sha_data const & hmac_key_encrypted, - string const & signature) -{ - cmd_code = auth_cmd; - I(client().size() == constants::merkle_hash_length_in_bytes); - I(nonce1().size() == constants::merkle_hash_length_in_bytes); - payload = static_cast(role); - insert_variable_length_string(pattern, payload); - payload += client(); - payload += nonce1(); insert_variable_length_string(hmac_key_encrypted(), payload); insert_variable_length_string(signature, payload); } -void -netcmd::read_confirm_cmd(string & signature) const -{ - size_t pos = 0; - - // syntax is: - extract_variable_length_string(payload, signature, pos, - "confirm netcmd, signature"); - assert_end_of_buffer(payload, pos, "confirm netcmd payload"); -} - void -netcmd::read_confirm_cmd_hmac() const +netcmd::read_confirm_cmd() const { size_t pos = 0; assert_end_of_buffer(payload, pos, "confirm netcmd payload"); } -void -netcmd::write_confirm_cmd(string const & signature) -{ - cmd_code = confirm_cmd; - payload.clear(); - insert_variable_length_string(signature, payload); -} - void -netcmd::write_confirm_cmd_hmac() +netcmd::write_confirm_cmd() { cmd_code = confirm_cmd; payload.clear(); --- netcmd.hh +++ netcmd.hh @@ -83,48 +83,28 @@ rsa_pub_key const & server_key, id const & nonce); - void read_anonymous_cmd(protocol_role & role, + void read_anonymous_cmd(protocol_role & role, std::string & pattern, - id & nonce2) const; - void read_anonymous_cmd_hmac(protocol_role & role, - std::string & pattern, - rsa_oaep_sha_data & hmac_key_encrypted) const; + rsa_oaep_sha_data & hmac_key_encrypted) const; void write_anonymous_cmd(protocol_role role, std::string const & pattern, - id const & nonce2); - void write_anonymous_cmd_hmac(protocol_role role, - std::string const & pattern, - rsa_oaep_sha_data const & hmac_key_encrypted); + rsa_oaep_sha_data const & hmac_key_encrypted); void read_auth_cmd(protocol_role & role, std::string & pattern, id & client, id & nonce1, - id & nonce2, + rsa_oaep_sha_data & hmac_key_encrypted, std::string & signature) const; - void read_auth_cmd_hmac(protocol_role & role, - std::string & pattern, - id & client, - id & nonce1, - rsa_oaep_sha_data & hmac_key_encrypted, - std::string & signature) const; void write_auth_cmd(protocol_role role, std::string const & pattern, id const & client, id const & nonce1, - id const & nonce2, + rsa_oaep_sha_data const & hmac_key_encrypted, std::string const & signature); - void write_auth_cmd_hmac(protocol_role role, - std::string const & pattern, - id const & client, - id const & nonce1, - rsa_oaep_sha_data const & hmac_key_encrypted, - std::string const & signature); - void read_confirm_cmd(std::string & signature) const; - void read_confirm_cmd_hmac() const; - void write_confirm_cmd(std::string const & signature); - void write_confirm_cmd_hmac(); + void read_confirm_cmd() const; + void write_confirm_cmd(); void read_refine_cmd(merkle_node & node) const; void write_refine_cmd(merkle_node const & node); --- netsync.cc +++ netsync.cc @@ -375,8 +375,7 @@ id const & nonce2, string const & signature, base64 server_key_encoded); - void queue_confirm_cmd(string const & signature); - void queue_confirm_cmd_hmac(); + void queue_confirm_cmd(); void queue_refine_cmd(merkle_node const & node); void queue_send_data_cmd(netcmd_item_type type, id const & item); @@ -406,8 +405,7 @@ id const & client, id const & nonce1, string const & signature); - void respond_to_auth_cmd(id const & nonce2); - void respond_to_auth_cmd_hmac(rsa_oaep_sha_data hmac_key_encrypted); + void respond_to_auth_cmd(rsa_oaep_sha_data hmac_key_encrypted); bool process_confirm_cmd(string const & signature); void respond_to_confirm_cmd(); bool process_refine_cmd(merkle_node const & node); @@ -1421,20 +1419,12 @@ base64 server_key_encoded) { netcmd cmd(protocol_version); - if (protocol_version < 5) - { - cmd.write_anonymous_cmd(role, pattern, nonce2); - write_netcmd_and_try_flush(cmd); - } - else - { - rsa_oaep_sha_data hmac_key_encrypted; - encrypt_rsa(app.lua, remote_peer_key_name, server_key_encoded, - nonce2(), hmac_key_encrypted); - cmd.write_anonymous_cmd_hmac(role, pattern, hmac_key_encrypted); - write_netcmd_and_try_flush(cmd); - session_key = netsync_session_key(nonce2()); - } + rsa_oaep_sha_data hmac_key_encrypted; + encrypt_rsa(app.lua, remote_peer_key_name, server_key_encoded, + nonce2(), hmac_key_encrypted); + cmd.write_anonymous_cmd(role, pattern, hmac_key_encrypted); + write_netcmd_and_try_flush(cmd); + session_key = netsync_session_key(nonce2()); } void @@ -1447,35 +1437,19 @@ base64 server_key_encoded) { netcmd cmd(protocol_version); - if (protocol_version < 5) - { - cmd.write_auth_cmd(role, pattern, client, nonce1, nonce2, signature); - write_netcmd_and_try_flush(cmd); - } - else - { - rsa_oaep_sha_data hmac_key_encrypted; - encrypt_rsa(app.lua, remote_peer_key_name, server_key_encoded, - nonce2(), hmac_key_encrypted); - cmd.write_auth_cmd_hmac(role, pattern, client, nonce1, hmac_key_encrypted, signature); - write_netcmd_and_try_flush(cmd); - session_key = netsync_session_key(nonce2()); - } -} - -void -session::queue_confirm_cmd(string const & signature) -{ - netcmd cmd(protocol_version); - cmd.write_confirm_cmd(signature); + rsa_oaep_sha_data hmac_key_encrypted; + encrypt_rsa(app.lua, remote_peer_key_name, server_key_encoded, + nonce2(), hmac_key_encrypted); + cmd.write_auth_cmd(role, pattern, client, nonce1, hmac_key_encrypted, signature); write_netcmd_and_try_flush(cmd); + session_key = netsync_session_key(nonce2()); } void -session::queue_confirm_cmd_hmac() +session::queue_confirm_cmd() { netcmd cmd(protocol_version); - cmd.write_confirm_cmd_hmac(); + cmd.write_confirm_cmd(); write_netcmd_and_try_flush(cmd); } @@ -2085,21 +2059,8 @@ return false; } -void -session::respond_to_auth_cmd(id const & nonce2) -{ - L(F("Writing netsync v4 or older confirm command")); - base64 sig; - rsa_sha1_signature sig_raw; - base64< arc4 > our_priv; - load_priv_key(app, app.signing_key, our_priv); - make_signature(app.lua, app.signing_key, our_priv, nonce2(), sig); - decode_base64(sig, sig_raw); - queue_confirm_cmd(sig_raw()); -} - void -session::respond_to_auth_cmd_hmac(rsa_oaep_sha_data hmac_key_encrypted) +session::respond_to_auth_cmd(rsa_oaep_sha_data hmac_key_encrypted) { L(F("Writing HMAC confirm command")); base64< arc4 > our_priv; @@ -2107,7 +2068,7 @@ string hmac_key; decrypt_rsa(app.lua, app.signing_key, our_priv, hmac_key_encrypted, hmac_key); session_key = netsync_session_key(hmac_key); - queue_confirm_cmd_hmac(); + queue_confirm_cmd(); } bool @@ -3076,36 +3037,16 @@ string pattern; if (cmd.get_version() < protocol_version) protocol_version = cmd.get_version(); - if (protocol_version < 5) - { - id nonce2; - cmd.read_anonymous_cmd(role, pattern, nonce2); - hexenc hnonce2; - encode_hexenc(nonce2, hnonce2); + rsa_oaep_sha_data hmac_key_encrypted; + cmd.read_anonymous_cmd(role, pattern, hmac_key_encrypted); + L(F("received 'anonymous' netcmd from client for pattern '%s' " + "in %s mode\n") + % pattern % (role == source_and_sink_role ? "source and sink" : + (role == source_role ? "source " : "sink"))); - L(F("received 'anonymous' netcmd from client for pattern '%s' " - "in %s mode with nonce2 '%s'\n") - % pattern % (role == source_and_sink_role ? "source and sink" : - (role == source_role ? "source " : "sink")) - % hnonce2); - - if (!process_anonymous_cmd(role, pattern)) - return false; - respond_to_auth_cmd(nonce2); - } - else - { - rsa_oaep_sha_data hmac_key_encrypted; - cmd.read_anonymous_cmd_hmac(role, pattern, hmac_key_encrypted); - L(F("received 'anonymous' netcmd from client for pattern '%s' " - "in %s mode\n") - % pattern % (role == source_and_sink_role ? "source and sink" : - (role == source_role ? "source " : "sink"))); - - if (!process_anonymous_cmd(role, pattern)) - return false; - respond_to_auth_cmd_hmac(hmac_key_encrypted); - } + if (!process_anonymous_cmd(role, pattern)) + return false; + respond_to_auth_cmd(hmac_key_encrypted); return true; } break; @@ -3119,47 +3060,24 @@ id client, nonce1, nonce2; if (cmd.get_version() < protocol_version) protocol_version = cmd.get_version(); - if (protocol_version < 5) - { - cmd.read_auth_cmd(role, pattern, client, nonce1, nonce2, signature); + rsa_oaep_sha_data hmac_key_encrypted; + cmd.read_auth_cmd(role, pattern, client, nonce1, + hmac_key_encrypted, signature); - hexenc their_key_hash; - encode_hexenc(client, their_key_hash); - hexenc hnonce1, hnonce2; - encode_hexenc(nonce1, hnonce1); - encode_hexenc(nonce2, hnonce2); + hexenc their_key_hash; + encode_hexenc(client, their_key_hash); + hexenc hnonce1; + encode_hexenc(nonce1, hnonce1); - L(F("received 'auth' netcmd from client '%s' for pattern '%s' " - "in %s mode with nonce1 '%s' and nonce2 '%s'\n") - % their_key_hash % pattern % (role == source_and_sink_role ? "source and sink" : - (role == source_role ? "source " : "sink")) - % hnonce1 % hnonce2); + L(F("received 'auth(hmac)' netcmd from client '%s' for pattern '%s' " + "in %s mode with nonce1 '%s'\n") + % their_key_hash % pattern % (role == source_and_sink_role ? "source and sink" : + (role == source_role ? "source " : "sink")) + % hnonce1); - if (!process_auth_cmd(role, pattern, client, nonce1, signature)) - return false; - respond_to_auth_cmd(nonce2); - } - else - { - rsa_oaep_sha_data hmac_key_encrypted; - cmd.read_auth_cmd_hmac(role, pattern, client, nonce1, - hmac_key_encrypted, signature); - - hexenc their_key_hash; - encode_hexenc(client, their_key_hash); - hexenc hnonce1; - encode_hexenc(nonce1, hnonce1); - - L(F("received 'auth(hmac)' netcmd from client '%s' for pattern '%s' " - "in %s mode with nonce1 '%s'\n") - % their_key_hash % pattern % (role == source_and_sink_role ? "source and sink" : - (role == source_role ? "source " : "sink")) - % hnonce1); - - if (!process_auth_cmd(role, pattern, client, nonce1, signature)) - return false; - respond_to_auth_cmd_hmac(hmac_key_encrypted); - } + if (!process_auth_cmd(role, pattern, client, nonce1, signature)) + return false; + respond_to_auth_cmd(hmac_key_encrypted); return true; } break; @@ -3169,16 +3087,7 @@ require(voice == client_voice, "confirm netcmd received in client voice"); { string signature; - if (protocol_version < 5) - { - cmd.read_confirm_cmd(signature); - if (!process_confirm_cmd(signature)) - return false; - } - else - { - cmd.read_confirm_cmd_hmac(); - } + cmd.read_confirm_cmd(); this->authenticated = true; respond_to_confirm_cmd(); return true;