+#include "meta.h"
+#include "connection.h"
+#include "node.h"
+#include "edge.h"
+#include "graph.h"
+
+#include "system.h"
+
+int mykeyused = 0;
+
+int check_id(char *id)
+{
+ int i;
+
+ for (i = 0; i < strlen(id); i++)
+ if(!isalnum(id[i]) && id[i] != '_')
+ return -1;
+
+ return 0;
+}
+
+/* Generic request routines - takes care of logging and error
+ detection as well */
+
+int send_request(connection_t *c, const char *format, ...)
+{
+ va_list args;
+ char buffer[MAXBUFSIZE];
+ int len, request;
+
+cp
+ /* Use vsnprintf instead of vasprintf: faster, no memory
+ fragmentation, cleanup is automatic, and there is a limit on the
+ input buffer anyway */
+
+ va_start(args, format);
+ len = vsnprintf(buffer, MAXBUFSIZE, format, args);
+ request = va_arg(args, int);
+ va_end(args);
+
+ if(len < 0 || len > MAXBUFSIZE-1)
+ {
+ syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], c->name, c->hostname);
+ return -1;
+ }
+
+ if(debug_lvl >= DEBUG_PROTOCOL)
+ {
+ if(debug_lvl >= DEBUG_META)
+ syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer);
+ else
+ syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname);
+ }
+
+ buffer[len++] = '\n';
+cp
+ return send_meta(c, buffer, len);
+}
+
+int receive_request(connection_t *c)
+{
+ int request;
+cp
+ if(sscanf(c->buffer, "%d", &request) == 1)
+ {
+ if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL))
+ {
+ if(debug_lvl >= DEBUG_META)
+ syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"),
+ c->name, c->hostname, c->buffer);
+ else
+ syslog(LOG_ERR, _("Unknown request from %s (%s)"),
+ c->name, c->hostname);
+
+ return -1;
+ }
+ else
+ {
+ if(debug_lvl >= DEBUG_PROTOCOL)
+ {
+ if(debug_lvl >= DEBUG_META)
+ syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"),
+ request_name[request], c->name, c->hostname, c->buffer);
+ else
+ syslog(LOG_DEBUG, _("Got %s from %s (%s)"),
+ request_name[request], c->name, c->hostname);
+ }
+ }
+
+ if((c->allow_request != ALL) && (c->allow_request != request))
+ {
+ syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname);
+ return -1;
+ }
+
+ if(request_handlers[request](c))
+ /* Something went wrong. Probably scriptkiddies. Terminate. */
+ {
+ syslog(LOG_ERR, _("Error while processing %s from %s (%s)"),
+ request_name[request], c->name, c->hostname);
+ return -1;
+ }
+ }
+ else
+ {
+ syslog(LOG_ERR, _("Bogus data received from %s (%s)"),
+ c->name, c->hostname);
+ return -1;
+ }
+cp
+ return 0;
+}
+
+/* The authentication protocol is described in detail in doc/SECURITY2,
+ the rest will be described in doc/PROTOCOL. */
+
+int send_id(connection_t *c)
+{
+cp
+ return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version);
+}
+
+int id_h(connection_t *c)
+{
+ char name[MAX_STRING_SIZE];
+int bla;
+cp
+ if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2)
+ {
+ syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname);
+ return -1;
+ }
+
+ /* Check if identity is a valid name */
+
+ if(check_id(name))
+ {
+ syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name");
+ return -1;
+ }
+
+ /* If we set c->name in advance, make sure we are connected to the right host */
+
+ if(c->name)
+ {
+ if(strcmp(c->name, name))
+ {
+ syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name);
+ return -1;
+ }
+ }
+ else
+ c->name = xstrdup(name);
+
+ /* Check if version matches */
+
+ if(c->protocol_version != myself->connection->protocol_version)
+ {
+ syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"),
+ c->name, c->hostname, c->protocol_version);
+ return -1;
+ }
+
+ if(bypass_security)
+ {
+ if(!c->config_tree)
+ init_configuration(&c->config_tree);
+ c->allow_request = ACK;
+ return send_ack(c);
+ }
+
+ if(!c->config_tree)
+ {
+ init_configuration(&c->config_tree);
+
+ if((bla = read_connection_config(c)))
+ {
+ syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name);
+ return -1;
+ }
+ }
+
+ if(read_rsa_public_key(c))
+ {
+ return -1;
+ }
+
+ c->allow_request = METAKEY;
+cp
+ return send_metakey(c);
+}
+
+int send_metakey(connection_t *c)
+{
+ char buffer[MAX_STRING_SIZE];
+ int len, x;
+cp
+ len = RSA_size(c->rsa_key);
+
+ /* Allocate buffers for the meta key */
+
+ if(!c->outkey)
+ c->outkey = xmalloc(len);
+
+ if(!c->outctx)
+ c->outctx = xmalloc(sizeof(*c->outctx));
+cp
+ /* Copy random data to the buffer */
+
+ RAND_bytes(c->outkey, len);
+
+ /* The message we send must be smaller than the modulus of the RSA key.
+ By definition, for a key of k bits, the following formula holds:
+
+ 2^(k-1) <= modulus < 2^(k)
+
+ Where ^ means "to the power of", not "xor".
+ This means that to be sure, we must choose our message < 2^(k-1).
+ This can be done by setting the most significant bit to zero.
+ */
+
+ c->outkey[0] &= 0x7F;
+
+ if(debug_lvl >= DEBUG_SCARY_THINGS)
+ {
+ bin2hex(c->outkey, buffer, len);
+ buffer[len*2] = '\0';
+ syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer);
+ }
+
+ /* Encrypt the random data
+
+ We do not use one of the PKCS padding schemes here.
+ This is allowed, because we encrypt a totally random string
+ with a length equal to that of the modulus of the RSA key.
+ */
+
+ if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len)
+ {
+ syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname);
+ return -1;
+ }
+cp
+ /* Convert the encrypted random data to a hexadecimal formatted string */
+
+ bin2hex(buffer, buffer, len);
+ buffer[len*2] = '\0';
+
+ /* Send the meta key */
+
+ x = send_request(c, "%d %s", METAKEY, buffer);
+
+ /* Further outgoing requests are encrypted with the key we just generated */
+
+ EVP_EncryptInit(c->outctx, EVP_bf_cfb(),
+ c->outkey + len - EVP_bf_cfb()->key_len,
+ c->outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len);
+
+ c->status.encryptout = 1;
+cp
+ return x;
+}
+
+int metakey_h(connection_t *c)
+{
+ char buffer[MAX_STRING_SIZE];
+ int len;
+cp
+ if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1)
+ {
+ syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname);
+ return -1;
+ }
+cp
+ len = RSA_size(myself->connection->rsa_key);
+
+ /* Check if the length of the meta key is all right */
+
+ if(strlen(buffer) != len*2)
+ {
+ syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength");
+ return -1;
+ }
+
+ /* Allocate buffers for the meta key */
+cp
+ if(!c->inkey)
+ c->inkey = xmalloc(len);
+
+ if(!c->inctx)
+ c->inctx = xmalloc(sizeof(*c->inctx));
+
+ /* Convert the challenge from hexadecimal back to binary */
+cp
+ hex2bin(buffer,buffer,len);
+
+ /* Decrypt the meta key */
+cp
+ if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */
+ {
+ syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname);
+ return -1;
+ }
+
+ if(debug_lvl >= DEBUG_SCARY_THINGS)
+ {
+ bin2hex(c->inkey, buffer, len);
+ buffer[len*2] = '\0';
+ syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer);
+ }
+
+ /* All incoming requests will now be encrypted. */
+cp
+ EVP_DecryptInit(c->inctx, EVP_bf_cfb(),
+ c->inkey + len - EVP_bf_cfb()->key_len,
+ c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len);
+
+ c->status.decryptin = 1;
+
+ c->allow_request = CHALLENGE;
+cp
+ return send_challenge(c);
+}
+
+int send_challenge(connection_t *c)
+{
+ char buffer[MAX_STRING_SIZE];
+ int len, x;
+cp
+ /* CHECKME: what is most reasonable value for len? */
+
+ len = RSA_size(c->rsa_key);
+
+ /* Allocate buffers for the challenge */
+
+ if(!c->hischallenge)
+ c->hischallenge = xmalloc(len);
+cp
+ /* Copy random data to the buffer */
+
+ RAND_bytes(c->hischallenge, len);
+
+cp
+ /* Convert to hex */
+
+ bin2hex(c->hischallenge, buffer, len);
+ buffer[len*2] = '\0';
+
+cp
+ /* Send the challenge */
+
+ x = send_request(c, "%d %s", CHALLENGE, buffer);
+cp
+ return x;
+}
+
+int challenge_h(connection_t *c)
+{
+ char buffer[MAX_STRING_SIZE];
+ int len;
+cp
+ if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1)
+ {
+ syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname);
+ return -1;
+ }
+
+ len = RSA_size(myself->connection->rsa_key);
+
+ /* Check if the length of the challenge is all right */
+
+ if(strlen(buffer) != len*2)
+ {
+ syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length");
+ return -1;
+ }
+
+ /* Allocate buffers for the challenge */
+
+ if(!c->mychallenge)
+ c->mychallenge = xmalloc(len);
+
+ /* Convert the challenge from hexadecimal back to binary */
+
+ hex2bin(buffer,c->mychallenge,len);
+
+ c->allow_request = CHAL_REPLY;
+
+ /* Rest is done by send_chal_reply() */
+cp
+ return send_chal_reply(c);
+}
+
+int send_chal_reply(connection_t *c)
+{
+ char hash[SHA_DIGEST_LENGTH*2+1];
+cp
+ /* Calculate the hash from the challenge we received */
+
+ SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash);