ProtoProxy: Modified to use PolarSSL.
This commit is contained in:
parent
ca0e51d89c
commit
8f1890e877
@ -63,9 +63,11 @@ endif()
|
||||
|
||||
# Set include paths to the used libraries:
|
||||
include_directories("../../lib")
|
||||
include_directories("../../lib/polarssl/include")
|
||||
include_directories("../../src")
|
||||
|
||||
|
||||
|
||||
function(flatten_files arg1)
|
||||
set(res "")
|
||||
foreach(f ${${arg1}})
|
||||
@ -77,11 +79,11 @@ endfunction()
|
||||
|
||||
|
||||
# Include the libraries:
|
||||
file(GLOB CRYPTOPP_SRC "../../lib/cryptopp/*.cpp")
|
||||
file(GLOB CRYPTOPP_HDR "../../lib/cryptopp/*.h")
|
||||
flatten_files(CRYPTOPP_SRC)
|
||||
flatten_files(CRYPTOPP_HDR)
|
||||
source_group("CryptoPP" FILES ${CRYPTOPP_SRC} ${CRYPTOPP_HDR})
|
||||
file(GLOB POLARSSL_SRC "../../lib/polarssl/library/*.c")
|
||||
file(GLOB POLARSSL_HDR "../../lib/polarssl/include/polarssl/*.h")
|
||||
flatten_files(POLARSSL_SRC)
|
||||
flatten_files(POLARSSL_HDR)
|
||||
source_group("PolarSSL" FILES ${POLARSSL_SRC} ${POLARSSL_HDR})
|
||||
|
||||
file(GLOB ZLIB_SRC "../../lib/zlib/*.c")
|
||||
file(GLOB ZLIB_HDR "../../lib/zlib/*.h")
|
||||
@ -96,12 +98,14 @@ set(SHARED_SRC
|
||||
../../src/StringUtils.cpp
|
||||
../../src/Log.cpp
|
||||
../../src/MCLogger.cpp
|
||||
../../src/Crypto.cpp
|
||||
)
|
||||
set(SHARED_HDR
|
||||
../../src/ByteBuffer.h
|
||||
../../src/StringUtils.h
|
||||
../../src/Log.h
|
||||
../../src/MCLogger.h
|
||||
../../src/Crypto.h
|
||||
)
|
||||
set(SHARED_OSS_SRC
|
||||
../../src/OSSupport/CriticalSection.cpp
|
||||
@ -145,8 +149,8 @@ add_executable(ProtoProxy
|
||||
${SHARED_HDR}
|
||||
${SHARED_OSS_SRC}
|
||||
${SHARED_OSS_HDR}
|
||||
${CRYPTOPP_SRC}
|
||||
${CRYPTOPP_HDR}
|
||||
${POLARSSL_SRC}
|
||||
${POLARSSL_HDR}
|
||||
${ZLIB_SRC}
|
||||
${ZLIB_HDR}
|
||||
)
|
||||
|
@ -378,13 +378,13 @@ bool cConnection::RelayFromServer(void)
|
||||
}
|
||||
case csEncryptedUnderstood:
|
||||
{
|
||||
m_ServerDecryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
|
||||
m_ServerDecryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
|
||||
DataLog(Buffer, res, "Decrypted %d bytes from the SERVER", res);
|
||||
return DecodeServersPackets(Buffer, res);
|
||||
}
|
||||
case csEncryptedUnknown:
|
||||
{
|
||||
m_ServerDecryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
|
||||
m_ServerDecryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
|
||||
DataLog(Buffer, res, "Decrypted %d bytes from the SERVER", res);
|
||||
return CLIENTSEND(Buffer, res);
|
||||
}
|
||||
@ -423,7 +423,7 @@ bool cConnection::RelayFromClient(void)
|
||||
case csEncryptedUnknown:
|
||||
{
|
||||
DataLog(Buffer, res, "Decrypted %d bytes from the CLIENT", res);
|
||||
m_ServerEncryptor.ProcessData((byte *)Buffer, (byte *)Buffer, res);
|
||||
m_ServerEncryptor.ProcessData((Byte *)Buffer, (Byte *)Buffer, res);
|
||||
return SERVERSEND(Buffer, res);
|
||||
}
|
||||
}
|
||||
@ -473,13 +473,13 @@ bool cConnection::SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a
|
||||
|
||||
|
||||
|
||||
bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer)
|
||||
bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer)
|
||||
{
|
||||
DataLog(a_Data, a_Size, "Encrypting %d bytes to %s", a_Size, a_Peer);
|
||||
const byte * Data = (const byte *)a_Data;
|
||||
const Byte * Data = (const Byte *)a_Data;
|
||||
while (a_Size > 0)
|
||||
{
|
||||
byte Buffer[64 KiB];
|
||||
Byte Buffer[64 KiB];
|
||||
int NumBytes = (a_Size > sizeof(Buffer)) ? sizeof(Buffer) : a_Size;
|
||||
a_Encryptor.ProcessData(Buffer, Data, NumBytes);
|
||||
bool res = SendData(a_Socket, (const char *)Buffer, NumBytes, a_Peer);
|
||||
@ -497,7 +497,7 @@ bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, co
|
||||
|
||||
|
||||
|
||||
bool cConnection::SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
|
||||
bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
|
||||
{
|
||||
AString All;
|
||||
a_Data.ReadAll(All);
|
||||
@ -2701,7 +2701,7 @@ bool cConnection::ParseMetadata(cByteBuffer & a_Buffer, AString & a_Metadata)
|
||||
int Length = 0;
|
||||
switch (Type)
|
||||
{
|
||||
case 0: Length = 1; break; // byte
|
||||
case 0: Length = 1; break; // Byte
|
||||
case 1: Length = 2; break; // short
|
||||
case 2: Length = 4; break; // int
|
||||
case 3: Length = 4; break; // float
|
||||
@ -2860,37 +2860,26 @@ void cConnection::LogMetadata(const AString & a_Metadata, size_t a_IndentCount)
|
||||
void cConnection::SendEncryptionKeyResponse(const AString & a_ServerPublicKey, const AString & a_Nonce)
|
||||
{
|
||||
// Generate the shared secret and encrypt using the server's public key
|
||||
byte SharedSecret[16];
|
||||
byte EncryptedSecret[128];
|
||||
Byte SharedSecret[16];
|
||||
Byte EncryptedSecret[128];
|
||||
memset(SharedSecret, 0, sizeof(SharedSecret)); // Use all zeroes for the initial secret
|
||||
RSA::PublicKey pk;
|
||||
CryptoPP::StringSource src(a_ServerPublicKey, true);
|
||||
ByteQueue bq;
|
||||
src.TransferTo(bq);
|
||||
bq.MessageEnd();
|
||||
pk.Load(bq);
|
||||
RSAES<PKCS1v15>::Encryptor rsaEncryptor(pk);
|
||||
RandomPool rng;
|
||||
time_t CurTime = time(NULL);
|
||||
rng.Put((const byte *)&CurTime, sizeof(CurTime));
|
||||
int EncryptedLength = rsaEncryptor.FixedCiphertextLength();
|
||||
ASSERT(EncryptedLength <= sizeof(EncryptedSecret));
|
||||
rsaEncryptor.Encrypt(rng, SharedSecret, sizeof(SharedSecret), EncryptedSecret);
|
||||
m_ServerEncryptor.SetKey(SharedSecret, 16, MakeParameters(Name::IV(), ConstByteArrayParameter(SharedSecret, 16, true))(Name::FeedbackSize(), 1));
|
||||
m_ServerDecryptor.SetKey(SharedSecret, 16, MakeParameters(Name::IV(), ConstByteArrayParameter(SharedSecret, 16, true))(Name::FeedbackSize(), 1));
|
||||
m_Server.GetPrivateKey().Encrypt(SharedSecret, sizeof(SharedSecret), EncryptedSecret, sizeof(EncryptedSecret));
|
||||
|
||||
m_ServerEncryptor.Init(SharedSecret, SharedSecret);
|
||||
m_ServerDecryptor.Init(SharedSecret, SharedSecret);
|
||||
|
||||
// Encrypt the nonce:
|
||||
byte EncryptedNonce[128];
|
||||
rsaEncryptor.Encrypt(rng, (const byte *)(a_Nonce.data()), a_Nonce.size(), EncryptedNonce);
|
||||
Byte EncryptedNonce[128];
|
||||
m_Server.GetPrivateKey().Encrypt((const Byte *)a_Nonce.data(), a_Nonce.size(), EncryptedNonce, sizeof(EncryptedNonce));
|
||||
|
||||
// Send the packet to the server:
|
||||
Log("Sending PACKET_ENCRYPTION_KEY_RESPONSE to the SERVER");
|
||||
cByteBuffer ToServer(1024);
|
||||
ToServer.WriteByte(0x01); // To server: Encryption key response
|
||||
ToServer.WriteBEShort(EncryptedLength);
|
||||
ToServer.WriteBuf(EncryptedSecret, EncryptedLength);
|
||||
ToServer.WriteBEShort(EncryptedLength);
|
||||
ToServer.WriteBuf(EncryptedNonce, EncryptedLength);
|
||||
ToServer.WriteBEShort((short)sizeof(EncryptedSecret));
|
||||
ToServer.WriteBuf(EncryptedSecret, sizeof(EncryptedSecret));
|
||||
ToServer.WriteBEShort((short)sizeof(EncryptedNonce));
|
||||
ToServer.WriteBuf(EncryptedNonce, sizeof(EncryptedNonce));
|
||||
SERVERSEND(ToServer);
|
||||
m_ServerState = csEncryptedUnderstood;
|
||||
m_IsServerEncrypted = true;
|
||||
|
@ -62,14 +62,12 @@ public:
|
||||
void LogFlush(void);
|
||||
|
||||
protected:
|
||||
typedef CFB_Mode<AES>::Encryption Encryptor;
|
||||
typedef CFB_Mode<AES>::Decryption Decryptor;
|
||||
|
||||
|
||||
cByteBuffer m_ClientBuffer;
|
||||
cByteBuffer m_ServerBuffer;
|
||||
|
||||
Decryptor m_ServerDecryptor;
|
||||
Encryptor m_ServerEncryptor;
|
||||
cAESCFBDecryptor m_ServerDecryptor;
|
||||
cAESCFBEncryptor m_ServerEncryptor;
|
||||
|
||||
AString m_ServerEncryptionBuffer; // Buffer for the data to be sent to the server once encryption is established
|
||||
|
||||
@ -111,10 +109,10 @@ protected:
|
||||
bool SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a_Peer);
|
||||
|
||||
/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
|
||||
bool SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer);
|
||||
bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, int a_Size, const char * a_Peer);
|
||||
|
||||
/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
|
||||
bool SendEncryptedData(SOCKET a_Socket, Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
|
||||
bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
|
||||
|
||||
/// Decodes packets coming from the client, sends appropriate counterparts to the server; returns false if the connection is to be dropped
|
||||
bool DecodeClientsPackets(const char * a_Data, int a_Size);
|
||||
|
@ -74,6 +74,8 @@ typedef unsigned long long UInt64;
|
||||
typedef unsigned int UInt32;
|
||||
typedef unsigned short UInt16;
|
||||
|
||||
typedef unsigned char Byte;
|
||||
|
||||
|
||||
|
||||
|
||||
@ -223,12 +225,8 @@ public:
|
||||
|
||||
|
||||
|
||||
#include "cryptopp/randpool.h"
|
||||
#include "cryptopp/aes.h"
|
||||
#include "cryptopp/rsa.h"
|
||||
#include "cryptopp/modes.h"
|
||||
#include "../../src/Crypto.h"
|
||||
|
||||
using namespace CryptoPP;
|
||||
|
||||
|
||||
|
||||
|
@ -34,12 +34,8 @@ int cServer::Init(short a_ListenPort, short a_ConnectPort)
|
||||
#endif // _WIN32
|
||||
|
||||
printf("Generating protocol encryption keypair...\n");
|
||||
time_t CurTime = time(NULL);
|
||||
RandomPool rng;
|
||||
rng.Put((const byte *)&CurTime, sizeof(CurTime));
|
||||
m_PrivateKey.GenerateRandomWithKeySize(rng, 1024);
|
||||
RSA::PublicKey pk(m_PrivateKey);
|
||||
m_PublicKey = pk;
|
||||
m_PrivateKey.Generate();
|
||||
m_PublicKeyDER = m_PrivateKey.GetPubKeyDER();
|
||||
|
||||
m_ListenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||
sockaddr_in local;
|
||||
|
@ -17,8 +17,8 @@
|
||||
class cServer
|
||||
{
|
||||
SOCKET m_ListenSocket;
|
||||
RSA::PrivateKey m_PrivateKey;
|
||||
RSA::PublicKey m_PublicKey;
|
||||
cRSAPrivateKey m_PrivateKey;
|
||||
AString m_PublicKeyDER;
|
||||
short m_ConnectPort;
|
||||
|
||||
public:
|
||||
@ -27,8 +27,8 @@ public:
|
||||
int Init(short a_ListenPort, short a_ConnectPort);
|
||||
void Run(void);
|
||||
|
||||
RSA::PrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
|
||||
RSA::PublicKey & GetPublicKey (void) { return m_PublicKey; }
|
||||
cRSAPrivateKey & GetPrivateKey(void) { return m_PrivateKey; }
|
||||
const AString & GetPublicKeyDER (void) { return m_PublicKeyDER; }
|
||||
|
||||
short GetConnectPort(void) const { return m_ConnectPort; }
|
||||
} ;
|
||||
|
Loading…
Reference in New Issue
Block a user