#include "xalloc.h"
#include "random.h"
#include "compression.h"
+#include "proxy.h"
+#include "address_cache.h"
#include "ed25519/sha512.h"
#include "keys.h"
return true;
}
- case PROXY_SOCKS4: {
- if(c->address.sa.sa_family != AF_INET) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Cannot connect to an IPv6 host through a SOCKS 4 proxy!");
- return false;
- }
-
- const size_t s4reqlen = 9 + (proxyuser ? strlen(proxyuser) : 0);
- uint8_t *s4req = alloca(s4reqlen);
- s4req[0] = 4;
- s4req[1] = 1;
- memcpy(s4req + 2, &c->address.in.sin_port, 2);
- memcpy(s4req + 4, &c->address.in.sin_addr, 4);
-
- if(proxyuser) {
- memcpy(s4req + 8, proxyuser, strlen(proxyuser));
- }
-
- s4req[s4reqlen - 1] = 0;
- c->tcplen = 8;
- return send_meta(c, s4req, s4reqlen);
- }
-
+ case PROXY_SOCKS4:
case PROXY_SOCKS5: {
- size_t len = 3 + 6 + (c->address.sa.sa_family == AF_INET ? 4 : 16);
- c->tcplen = 2;
-
- if(proxypass) {
- len += 3 + strlen(proxyuser) + strlen(proxypass);
- }
-
- uint8_t *s5req = alloca(len);
-
- size_t i = 0;
- s5req[i++] = 5;
- s5req[i++] = 1;
-
- if(proxypass) {
- s5req[i++] = 2;
- s5req[i++] = 1;
- s5req[i++] = strlen(proxyuser);
- memcpy(s5req + i, proxyuser, strlen(proxyuser));
- i += strlen(proxyuser);
- s5req[i++] = strlen(proxypass);
- memcpy(s5req + i, proxypass, strlen(proxypass));
- i += strlen(proxypass);
- c->tcplen += 2;
- } else {
- s5req[i++] = 0;
- }
-
- s5req[i++] = 5;
- s5req[i++] = 1;
- s5req[i++] = 0;
-
- if(c->address.sa.sa_family == AF_INET) {
- s5req[i++] = 1;
- memcpy(s5req + i, &c->address.in.sin_addr, 4);
- i += 4;
- memcpy(s5req + i, &c->address.in.sin_port, 2);
- i += 2;
- c->tcplen += 10;
- } else if(c->address.sa.sa_family == AF_INET6) {
- s5req[i++] = 3;
- memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
- i += 16;
- memcpy(s5req + i, &c->address.in6.sin6_port, 2);
- i += 2;
- c->tcplen += 22;
- } else {
- logger(DEBUG_ALWAYS, LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
- return false;
- }
-
- if(i > len) {
- abort();
- }
-
- return send_meta(c, s5req, len);
+ size_t reqlen = socks_req_len(proxytype, &c->address);
+ uint8_t *req = alloca(reqlen);
+ c->tcplen = create_socks_req(proxytype, req, &c->address);
+ return c->tcplen ? send_meta(c, req, reqlen) : false;
}
case PROXY_SOCKS4A:
case PROXY_EXEC:
return true;
+ case PROXY_NONE:
default:
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown proxy type");
return false;
int minor = 0;
if(experimental) {
- if(c->outgoing && !read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name)) {
+ if(c->outgoing && !ecdsa_active(c->ecdsa) && !(c->ecdsa = read_ecdsa_public_key(&c->config_tree, c->name))) {
minor = 1;
} else {
minor = myself->connection->protocol_minor;
logger(DEBUG_CONNECTIONS, LOG_INFO, "Key successfully received from %s (%s)", c->name, c->hostname);
+ if(!c->node) {
+ c->node = lookup_node(c->name);
+ }
+
+ if(!c->node) {
+ c->node = new_node(c->name);
+ c->node->connection = c;
+ node_add(c->node);
+ }
+
+ if(!c->node->address_cache) {
+ c->node->address_cache = open_address_cache(c->node);
+ }
+
+ add_recent_address(c->node->address_cache, &c->address);
+
// Call invitation-accepted script
environment_t env;
char *address, *port;
return false;
}
- if(experimental) {
- read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name);
+ if(experimental && !ecdsa_active(c->ecdsa)) {
+ c->ecdsa = read_ecdsa_public_key(&c->config_tree, c->name);
}
/* Ignore failures if no key known yet */
}
const size_t len = rsa_size(ctx->rsa);
+ const size_t hexkeylen = HEX_SIZE(len);
char *key = alloca(len);
char *enckey = alloca(len);
- char *hexkey = alloca(2 * len + 1);
+ char *hexkey = alloca(hexkeylen);
/* Create a random key */
if(!cipher_set_key_from_rsa(&ctx->out.cipher, key, len, true)) {
free_legacy_ctx(ctx);
+ memzero(key, len);
return false;
}
if(debug_level >= DEBUG_SCARY_THINGS) {
bin2hex(key, hexkey, len);
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Generated random meta key (unencrypted): %s", hexkey);
+ memzero(hexkey, hexkeylen);
}
/* Encrypt the random data
with a length equal to that of the modulus of the RSA key.
*/
- if(!rsa_public_encrypt(ctx->rsa, key, len, enckey)) {
+ bool encrypted = rsa_public_encrypt(ctx->rsa, key, len, enckey);
+ memzero(key, len);
+
+ if(!encrypted) {
free_legacy_ctx(ctx);
logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
return false;
return false;
}
+ if(!cipher || !digest) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): cipher %d, digest %d", c->name, c->hostname, cipher, digest);
+ return false;
+ }
+
/* Convert the challenge from hexadecimal back to binary */
size_t inlen = hex2bin(hexkey, enckey, len);
if(debug_level >= DEBUG_SCARY_THINGS) {
bin2hex(key, hexkey, len);
logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Received random meta key (unencrypted): %s", hexkey);
+ // Hopefully the user knew what he was doing leaking session keys into logs. We'll do the right thing here anyway.
+ memzero(hexkey, HEX_SIZE(len));
}
/* Check and lookup cipher and digest algorithms */
- if(!cipher || !digest) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): cipher %d, digest %d", c->name, c->hostname, cipher, digest);
- return false;
- }
-
if(!init_crypto_by_nid(&c->legacy->in, cipher, digest)) {
+ memzero(key, len);
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher or digest from %s (%s)", c->name, c->hostname);
return false;
}
- if(!cipher_set_key_from_rsa(&c->legacy->in.cipher, key, len, false)) {
+ bool key_set = cipher_set_key_from_rsa(&c->legacy->in.cipher, key, len, false);
+ memzero(key, len);
+
+ if(!key_set) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error setting RSA key for %s (%s)", c->name, c->hostname);
return false;
}
-
c->status.decryptin = true;
c->allow_request = CHALLENGE;
return false;
}
- if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name)) {
+ if(ecdsa_active(c->ecdsa) || (c->ecdsa = read_ecdsa_public_key(&c->config_tree, c->name))) {
char *knownkey = ecdsa_get_base64_public_key(c->ecdsa);
bool different = strcmp(knownkey, pubkey);
free(knownkey);
n = lookup_node(c->name);
if(!n) {
- n = new_node();
- n->name = xstrdup(c->name);
+ n = new_node(c->name);
node_add(n);
} else {
if(n->connection) {