1 /*
2 * UFTP - UDP based FTP with multicast
3 *
4 * Copyright (C) 2001-2020 Dennis A. Bush, Jr. bush@tcnj.edu
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 *
19 * Additional permission under GNU GPL version 3 section 7
20 *
21 * If you modify this program, or any covered work, by linking or
22 * combining it with the OpenSSL project's OpenSSL library (or a
23 * modified version of that library), containing parts covered by the
24 * terms of the OpenSSL or SSLeay licenses, the copyright holder
25 * grants you additional permission to convey the resulting work.
26 * Corresponding Source for a non-source form of such a combination
27 * shall include the source code for the parts of OpenSSL used as well
28 * as that of the covered work.
29 */
30
31 #include <stdlib.h>
32 #include <string.h>
33 #include <errno.h>
34
35 #ifdef WINDOWS
36
37 #include <ws2tcpip.h>
38 #include <io.h>
39
40 #include "win_func.h"
41
42 #else // if WINDOWS
43
44 #include <sys/time.h>
45 #include <netdb.h>
46 #include <unistd.h>
47 #include <netinet/in.h>
48 #include <sys/socket.h>
49 #include <arpa/inet.h>
50
51 #endif
52
53 #include "proxy.h"
54 #include "proxy_common.h"
55 #include "proxy_upstream.h"
56
57 /**
58 * Look for a given group in the global group list
59 * Returns a pointer to the group in the list, or NULL if not found
60 */
find_group(uint32_t group_id,uint8_t group_inst)61 struct pr_group_list_t *find_group(uint32_t group_id, uint8_t group_inst)
62 {
63 int i;
64
65 for (i = 0; i < MAXLIST; i++) {
66 if ((group_list[i].group_id == group_id) &&
67 (group_list[i].group_inst == group_inst)) {
68 return &group_list[i];
69 }
70 }
71
72 return NULL;
73 }
74
75
76 /**
77 * Look for a given client in the group's client list
78 * Returns the client's index in the list, or -1 if not found
79 */
find_client(struct pr_group_list_t * group,uint32_t id)80 int find_client(struct pr_group_list_t *group, uint32_t id)
81 {
82 int i;
83
84 for (i = 0; i < group->destcount; i++) {
85 if (group->destinfo[i].id == id) {
86 return i;
87 }
88 }
89 return -1;
90 }
91
92 /**
93 * Checks to see if the multicast address used for the given group list member
94 * is also being used by either another member or the public address list
95 */
other_mcast_users(struct pr_group_list_t * group)96 int other_mcast_users(struct pr_group_list_t *group)
97 {
98 int i;
99
100 for (i = 0; i < pub_multi_count; i++) {
101 if (addr_equal(&group->privatemcast, &pub_multi[i])) {
102 return 1;
103 }
104 }
105 for (i = 0; i < MAXLIST; i++) {
106 if ((&group_list[i] != group) && (group_list[i].group_id != 0) &&
107 (addr_equal(&group->privatemcast,
108 &group_list[i].privatemcast))) {
109 return 1;
110 }
111 }
112 return 0;
113 }
114
115 /**
116 * Clean up a group list entry. Free malloc'ed structures, drop the
117 * multicast group (if no one else is using it) and free the slot.
118 */
group_cleanup(struct pr_group_list_t * group)119 void group_cleanup(struct pr_group_list_t *group)
120 {
121 int i;
122
123 for (i = 0; i < MAX_PEND; i++) {
124 free(group->pending[i].naklist);
125 }
126
127 if (!addr_blank(&group->privatemcast) && (proxy_type != CLIENT_PROXY) &&
128 !other_mcast_users(group) && group->multi_join) {
129 multicast_leave(listener, group->group_id, &group->privatemcast,
130 m_interface, interface_count, server_fp, server_fp_count);
131 }
132 if (group->server_pubkey.key) {
133 if (group->server_pubkeytype == KEYBLOB_RSA) {
134 free_RSA_key(group->server_pubkey.rsa);
135 } else {
136 free_EC_key(group->server_pubkey.ec);
137 }
138 }
139 free_EC_key(group->server_dhkey.ec);
140 free_EC_key(group->proxy_u_dhkey.ec);
141 free_EC_key(group->proxy_d_dhkey.ec);
142 free(group->s_context);
143 free(group->p_context);
144 free(group->c_context1);
145 free(group->c_context2);
146 for (i = 0; i < group->destcount; i++) {
147 if (group->destinfo[i].client_pubkey.key) {
148 if (group->destinfo[i].client_pubkeytype == KEYBLOB_RSA) {
149 free_RSA_key(group->destinfo[i].client_pubkey.rsa);
150 } else {
151 free_EC_key(group->destinfo[i].client_pubkey.ec);
152 }
153 }
154 free_EC_key(group->destinfo[i].client_dhkey.ec);
155 free(group->destinfo[i].c_context1);
156 free(group->destinfo[i].c_context2);
157 }
158 memset(group, 0, sizeof(struct pr_group_list_t));
159 }
160
161 /**
162 * Initializes the uftp header of an outgoing packet
163 */
set_uftp_header(struct uftp_h * header,int func,struct pr_group_list_t * group)164 void set_uftp_header(struct uftp_h *header, int func,
165 struct pr_group_list_t *group)
166 {
167 header->version = group->version;
168 header->func = func;
169 header->group_id = htonl(group->group_id);
170 header->group_inst = group->group_inst;
171 header->src_id = uid;
172 switch (func) {
173 case REGISTER:
174 case KEYINFO_ACK:
175 case FILEINFO_ACK:
176 case STATUS:
177 case COMPLETE:
178 header->seq = htons(group->send_seq_up++);
179 break;
180 case PROXY_KEY:
181 case KEYINFO:
182 header->seq = 0;
183 header->grtt = quantize_grtt(group->grtt);
184 header->gsize = quantize_gsize(group->gsize);
185 break;
186 }
187 // ABORTs will set seq and src_id themselves depending on the direction
188 }
189
190 /**
191 * Sets the timeout time for a given group list member
192 */
set_timeout(struct pr_group_list_t * group,int pending_reset,int rescale)193 void set_timeout(struct pr_group_list_t *group, int pending_reset, int rescale)
194 {
195 int pending, i;
196
197 if (group->phase == PR_PHASE_READY) {
198 if (!rescale) {
199 gettimeofday(&group->start_phase_timeout_time, NULL);
200 }
201 group->phase_timeout_time = group->start_phase_timeout_time;
202 add_timeval_d(&group->phase_timeout_time, 2 * group->grtt);
203 }
204
205 glog5(group, "set timeout: pending_reset=%d", pending_reset);
206 for (pending = 0, i = 0; (i < MAX_PEND) && !pending; i++) {
207 if (group->pending[i].msg != 0) {
208 glog5(group, "set timeout: found pending %s",
209 func_name(group->pending[i].msg));
210 pending = group->pending[i].msg;
211 }
212 }
213 if (pending) {
214 if (pending_reset) {
215 if (!rescale) {
216 gettimeofday(&group->start_timeout_time, NULL);
217 }
218 group->timeout_time = group->start_timeout_time;
219 add_timeval_d(&group->timeout_time, 1 * group->grtt);
220 }
221 } else {
222 if (!rescale) {
223 gettimeofday(&group->start_timeout_time, NULL);
224 }
225 group->timeout_time = group->start_timeout_time;
226 if (group->robust * group->grtt < 1.0) {
227 add_timeval_d(&group->timeout_time, 1.0);
228 } else {
229 add_timeval_d(&group->timeout_time, group->robust * group->grtt);
230 }
231 }
232 }
233
234 /**
235 * Returns the maximum number of clients that can be listed in a given message
236 */
max_msg_dest(struct pr_group_list_t * group,int func,int hlen)237 int max_msg_dest(struct pr_group_list_t *group, int func, int hlen)
238 {
239 switch (func) {
240 case REGISTER:
241 return (group->blocksize / sizeof(uint32_t));
242 case KEYINFO:
243 return (group->blocksize / sizeof(struct destkey));
244 case FILEINFO_ACK:
245 return (group->blocksize / sizeof(uint32_t));
246 case COMPLETE:
247 return (group->blocksize / sizeof(uint32_t));
248 default:
249 return 0;
250 }
251 }
252
253 /**
254 * Sends a pending aggregate message for a given group and message
255 */
send_pending(struct pr_group_list_t * group,int pendidx)256 void send_pending(struct pr_group_list_t *group, int pendidx)
257 {
258 switch (group->pending[pendidx].msg) {
259 case REGISTER:
260 send_register(group, pendidx);
261 break;
262 case FILEINFO_ACK:
263 send_fileinfo_ack(group, pendidx);
264 break;
265 case STATUS:
266 send_status(group, pendidx);
267 break;
268 case COMPLETE:
269 send_complete(group, pendidx);
270 break;
271 default:
272 glog1(group, "Tried to send pending on invalid type %s",
273 func_name(group->pending[pendidx].msg));
274 return;
275 }
276 if ((group->pending[pendidx].count <= 0) ||
277 (group->pending[pendidx].msg == STATUS)) {
278 // Finish the cleanup we started in load_pending
279 // Always do this for a STATUS, since we don't have a pending list
280 free(group->pending[pendidx].naklist);
281 memset(&group->pending[pendidx], 0, sizeof(struct pr_pending_info_t));
282 }
283 }
284
285 /**
286 * Sends all pending aggregate message for a given group
287 */
send_all_pending(struct pr_group_list_t * group)288 void send_all_pending(struct pr_group_list_t *group)
289 {
290 int i;
291
292 for (i = 0; i < MAX_PEND; i++) {
293 if (group->pending[i].msg != 0) {
294 send_pending(group, i);
295 }
296 }
297 }
298
299 /**
300 * Add the NAKs in the given STATUS message to the list of pending NAKs
301 */
add_naks_to_pending(struct pr_group_list_t * group,int pendidx,const unsigned char * message)302 void add_naks_to_pending(struct pr_group_list_t *group, int pendidx,
303 const unsigned char *message)
304 {
305 const unsigned char *naks;
306 unsigned i;
307
308 naks = message + sizeof(struct status_h);
309 for (i = 0; i < group->blocksize; i++) {
310 group->pending[pendidx].naklist[i] |= naks[i];
311 }
312 }
313
314 /**
315 * Puts the given message on the pending message list. If it doesn't match
316 * any pending message and there are no open slots, first send what's pending.
317 * If the pending list is full after adding the given message, then send.
318 */
check_pending(struct pr_group_list_t * group,int hostidx,const unsigned char * message)319 void check_pending(struct pr_group_list_t *group, int hostidx,
320 const unsigned char *message)
321 {
322 const struct fileinfoack_h *fileinfoack;
323 const struct status_h *status;
324 const struct complete_h *complete;
325 const uint8_t *func;
326 struct pr_pending_info_t *pending;
327 int match, pendidx, hlen;
328 int64_t tstamp_usec;
329
330 func = message;
331 fileinfoack = (const struct fileinfoack_h *)message;
332 status = (const struct status_h *)message;
333 complete = (const struct complete_h *)message;
334
335 glog3(group, "check_timeout: looking for pending %s", func_name(*func));
336 for (pendidx = 0; pendidx < MAX_PEND; pendidx++) {
337 pending = &group->pending[pendidx];
338 if (group->pending[pendidx].msg == 0) {
339 glog3(group, "check_timeout: found empty slot %d", pendidx);
340 match = 1;
341 break;
342 }
343
344 match = (*func == pending->msg);
345 switch (*func) {
346 case REGISTER:
347 // REGISTER always matches itself
348 break;
349 case FILEINFO_ACK:
350 match = match && (ntohs(fileinfoack->file_id) == pending->file_id);
351 break;
352 case STATUS:
353 match = match && ((ntohs(status->file_id) == pending->file_id) &&
354 (ntohs(status->section) == pending->section));
355 break;
356 case COMPLETE:
357 match = match && ((ntohs(complete->file_id) == pending->file_id) &&
358 (complete->status == pending->comp_status));
359 break;
360 default:
361 glog1(group, "Tried to check pending on invalid type %s",
362 func_name(*func));
363 return;
364 }
365 if (match) {
366 break;
367 }
368 }
369
370 if (!match) {
371 send_all_pending(group);
372 pendidx = 0;
373 pending = &group->pending[pendidx];
374 }
375
376 glog3(group, "check_timeout: found match at slot %d", pendidx);
377 pending->msg = *func;
378 if (group->destinfo[hostidx].pending != pendidx) {
379 group->destinfo[hostidx].pending = pendidx;
380 pending->count++;
381 }
382
383 switch (*func) {
384 case REGISTER:
385 hlen = sizeof(struct register_h);
386 if (pending->count == 1) {
387 gettimeofday(&pending->rx_tstamp, NULL);
388 pending->tstamp = group->destinfo[hostidx].regtime;
389 glog3(group, "send time = %d.%06d",
390 pending->tstamp.tv_sec, pending->tstamp.tv_usec);
391 glog3(group, "rx time = %d.%06d",
392 pending->rx_tstamp.tv_sec, pending->rx_tstamp.tv_usec);
393 }
394 break;
395 case FILEINFO_ACK:
396 hlen = sizeof(struct fileinfoack_h);
397 if (pending->count == 1) {
398 pending->partial = 1;
399 gettimeofday(&pending->rx_tstamp, NULL);
400 if (group->version == UFTP4_VER_NUM) {
401 pending->tstamp.tv_sec = ntohl(fileinfoack->tstamp_hi);
402 pending->tstamp.tv_usec = ntohl(fileinfoack->tstamp_lo);
403 } else {
404 tstamp_usec = (int64_t)ntohl(fileinfoack->tstamp_hi) << 32;
405 tstamp_usec |= ntohl(fileinfoack->tstamp_lo);
406 pending->tstamp = usec_to_tv(tstamp_usec);
407 }
408 glog3(group, "send time = %d.%06d",
409 pending->tstamp.tv_sec, pending->tstamp.tv_usec);
410 glog3(group, "rx time = %d.%06d",
411 pending->rx_tstamp.tv_sec, pending->rx_tstamp.tv_usec);
412 }
413 pending->file_id = ntohs(fileinfoack->file_id);
414 pending->partial = pending->partial &&
415 ((fileinfoack->flags & FLAG_PARTIAL) != 0);
416 break;
417 case STATUS:
418 hlen = sizeof(struct status_h);
419 pending->file_id = ntohs(status->file_id);
420 pending->section = ntohs(status->section);
421 if (!pending->naklist) {
422 pending->naklist = safe_calloc(group->blocksize, 1);
423 }
424 add_naks_to_pending(group, pendidx, message);
425 break;
426 case COMPLETE:
427 hlen = sizeof(struct complete_h);
428 pending->file_id = ntohs(complete->file_id);
429 pending->comp_status = complete->status;
430 break;
431 }
432
433 if ((*func != STATUS) &&
434 (pending->count == max_msg_dest(group, *func, hlen))) {
435 send_pending(group, pendidx);
436 } else {
437 int total_pending, i;
438
439 glog3(group, "check_timeout: getting pending count for %s",
440 func_name(*func));
441 for (total_pending = 0, i = 0; i < MAX_PEND; i++) {
442 glog3(group, "check_timeout: adding %d pending for %d",
443 group->pending[i].count, i);
444 total_pending += group->pending[i].count;
445 }
446 if (total_pending == 1) {
447 set_timeout(group, 1, 0);
448 }
449 }
450 }
451
452 /**
453 * Check for any client that hasn't fully registered.
454 * If the abort parameter is set, send an ABORT to the server and client.
455 * Returns 1 if any aren't fully registered, 0 if all are registered.
456 */
check_unfinished_clients(struct pr_group_list_t * group,int abort_session)457 int check_unfinished_clients(struct pr_group_list_t *group, int abort_session)
458 {
459 int hostidx, found;
460 struct pr_destinfo_t *dest;
461
462 if (group->keytype == KEY_NONE) {
463 return 0;
464 }
465
466 found = 0;
467 for (hostidx = 0; hostidx < group->destcount; hostidx++) {
468 dest = &group->destinfo[hostidx];
469 if ((group->group_id != 0) &&
470 (dest->state != PR_CLIENT_READY)) {
471 if (abort_session) {
472 send_downstream_abort(group, dest->id,
473 "Client not fully registered at proxy", 0);
474 send_upstream_abort(group, dest->id,
475 "Client not fully registered at proxy");
476 }
477 found = 1;
478 }
479 }
480 return found;
481 }
482
483 /**
484 * Load a message body with the list of pending clients
485 */
load_pending(struct pr_group_list_t * group,int pendidx,int func,uint32_t * addrlist,int listlen)486 int load_pending(struct pr_group_list_t *group, int pendidx, int func,
487 uint32_t *addrlist, int listlen)
488 {
489 int hostidx, cnt;
490 struct pr_destinfo_t *dest;
491
492 for (cnt = 0, hostidx = 0;
493 (hostidx < group->destcount) && (cnt < listlen); hostidx++) {
494 dest = &group->destinfo[hostidx];
495 if (dest->pending == pendidx) {
496 addrlist[cnt++] = dest->id;
497 dest->pending = -1;
498 group->pending[pendidx].count--;
499 }
500 }
501 if (group->pending[pendidx].count <= 0) {
502 // Don't zero out the whole pending struct.
503 // We need to clear the message now to set timeouts properly but
504 // we still use the other fields just before sending the message.
505 // The full cleanup is done in send_pending
506 group->pending[pendidx].count = 0;
507 group->pending[pendidx].msg = 0;
508 }
509
510 return cnt;
511 }
512
513 /**
514 * Forward a message unmodified to the next hop, resigning if necessary.
515 */
forward_message(struct pr_group_list_t * group,const union sockaddr_u * src,unsigned char * packet,int packetlen)516 void forward_message(struct pr_group_list_t *group,
517 const union sockaddr_u *src,
518 unsigned char *packet, int packetlen)
519 {
520 struct uftp_h *header;
521 struct announce_h *announce;
522 struct enc_info_he *encinfo;
523 union sockaddr_u dest;
524 unsigned int meslen, siglen;
525 int hostidx, rval, iplen, resign;
526 char destname[INET6_ADDRSTRLEN], destport[PORTNAME_LEN];
527 uint8_t *sig, *sigcopy;
528
529 header = (struct uftp_h *)packet;
530 meslen = (unsigned int)packetlen;
531
532 memset(&dest, 0, sizeof(dest));
533 if (!memcmp(src, &group->up_addr, sizeof(*src))) {
534 if (proxy_type == RESPONSE_PROXY) {
535 // Response proxy, no downstream forwarding
536 set_timeout(group, 0, 0);
537 return;
538 } else if (proxy_type == SERVER_PROXY) {
539 dest = down_addr;
540 } else {
541 if (header->func == ANNOUNCE) {
542 dest = group->publicmcast;
543 } else {
544 dest = group->privatemcast;
545 }
546 }
547 } else {
548 dest = group->up_addr;
549 if (proxy_type != SERVER_PROXY) {
550 hostidx = find_client(group, header->src_id);
551 if (hostidx == -1) {
552 glog1(group, "Couldn't find receiver in list");
553 return;
554 }
555 }
556 }
557
558 // If we're sending an ANNOUNCE with ECDH under V4,
559 // verify the signature and resign
560 resign = 0;
561 if ((proxy_type != SERVER_PROXY) && (header->func == ANNOUNCE) &&
562 (group->keytype != KEY_NONE) && (group->version == UFTP4_VER_NUM)) {
563 announce = (struct announce_h *)(packet + sizeof(struct uftp_h));
564 iplen = ((announce->flags & FLAG_IPV6) != 0) ? 16 : 4;
565 encinfo = (struct enc_info_he *) ((uint8_t *)announce +
566 sizeof(struct announce_h) + iplen + iplen);
567 sig = (uint8_t *)encinfo + sizeof(struct enc_info_he) +
568 ntohs(encinfo->keylen) + ntohs(encinfo->dhlen);
569 siglen = ntohs(encinfo->siglen);
570 resign = 1;
571 }
572 if (resign) {
573 sigcopy = safe_calloc(siglen, 1);
574 memcpy(sigcopy, sig, siglen);
575 memset(sig, 0, siglen);
576 if (group->proxy_privkeytype == KEYBLOB_RSA) {
577 if (!create_RSA_sig(group->proxy_privkey.rsa, group->hashtype,
578 packet, meslen, sigcopy, &siglen)) {
579 glog0(group, "Signature creation failed");
580 free(sigcopy);
581 return;
582 }
583 } else {
584 if (!create_ECDSA_sig(group->proxy_privkey.ec, group->hashtype,
585 packet, meslen, sigcopy, &siglen)) {
586 glog0(group, "Signature creation failed");
587 free(sigcopy);
588 return;
589 }
590 }
591 memcpy(sig, sigcopy, siglen);
592 free(sigcopy);
593 }
594
595 if (nb_sendto(listener, packet, meslen, 0, (struct sockaddr *)&dest,
596 family_len(dest)) == SOCKET_ERROR) {
597 gsockerror(group, "Error forwarding message");
598 if ((rval = getnameinfo((struct sockaddr *)&dest, family_len(dest),
599 destname, sizeof(destname), destport, sizeof(destport),
600 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
601 glog1(group, "getnameinfo failed: %s", gai_strerror(rval));
602 }
603 glog2(group, "Dest: %s:%s", destname, destport);
604 }
605 set_timeout(group, 0, 0);
606 }
607
608 /**
609 * Process an HB_REQ message
610 */
handle_hb_request(const union sockaddr_u * src,unsigned char * packet,unsigned packetlen)611 void handle_hb_request(const union sockaddr_u *src,
612 unsigned char *packet, unsigned packetlen)
613 {
614 struct hb_req_h *hbreq;
615 unsigned char *keyblob, *sig;
616 union key_t key;
617 unsigned char fingerprint[HMAC_LEN];
618 unsigned int fplen, bloblen, siglen;
619 char destname[INET6_ADDRSTRLEN], destport[PORTNAME_LEN];
620 int resp, rval;
621
622 hbreq = (struct hb_req_h *)(packet + sizeof(struct uftp_h));
623
624 if ((rval = getnameinfo((const struct sockaddr *)src, family_len(*src),
625 destname, sizeof(destname), destport, sizeof(destport),
626 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
627 log1(0, 0, 0, "getnameinfo failed: %s", gai_strerror(rval));
628 }
629 if ((packetlen < sizeof(struct uftp_h) + (hbreq->hlen * 4)) ||
630 ((hbreq->hlen * 4) < sizeof(struct hb_req_h))) {
631 log1(0,0,0, "Rejecting HB_REQ from %s: invalid message size", destname);
632 return;
633 }
634 log2(0, 0, 0, "Received HB_REQ from %s", destname);
635 if ((proxy_type == SERVER_PROXY) && have_down_fingerprint) {
636 if (addr_equal(&down_addr, src)) {
637 resp = HB_AUTH_OK;
638 } else if (down_nonce != ntohl(hbreq->nonce)) {
639 resp = HB_AUTH_CHALLENGE;
640 } else {
641 keyblob = (unsigned char *)hbreq + sizeof(struct hb_req_h);
642 bloblen = ntohs(hbreq->bloblen);
643 sig = keyblob + bloblen;
644 siglen = ntohs(hbreq->siglen);
645
646 // First check key fingerprint, then check signature
647 if (keyblob[0] == KEYBLOB_RSA) {
648 if (!import_RSA_key(&key.rsa, keyblob, bloblen)) {
649 log1(0, 0, 0, "Failed to import public key from HB_REQ");
650 resp = HB_AUTH_FAILED;
651 goto end;
652 }
653
654 hash(HASH_SHA1, keyblob, bloblen, fingerprint, &fplen);
655 if (memcmp(down_fingerprint, fingerprint, fplen)) {
656 log1(0, 0, 0, "Failed to verify HB_REQ fingerprint");
657 resp = HB_AUTH_FAILED;
658 free_RSA_key(key.rsa);
659 goto end;
660 }
661
662 if (!verify_RSA_sig(key.rsa, HASH_SHA1,
663 (unsigned char *)&hbreq->nonce,
664 sizeof(hbreq->nonce), sig, siglen)) {
665 log1(0, 0, 0, "Failed to verify HB_REQ signature");
666 resp = HB_AUTH_FAILED;
667 free_RSA_key(key.rsa);
668 goto end;
669 }
670 free_RSA_key(key.rsa);
671 } else {
672 if (!import_EC_key(&key.ec, keyblob, bloblen, 0)) {
673 log1(0, 0, 0, "Failed to import public key from HB_REQ");
674 resp = HB_AUTH_FAILED;
675 goto end;
676 }
677
678 hash(HASH_SHA1, keyblob, bloblen, fingerprint, &fplen);
679 if (memcmp(down_fingerprint, fingerprint, fplen)) {
680 log1(0, 0, 0, "Failed to verify HB_REQ fingerprint");
681 resp = HB_AUTH_FAILED;
682 free_EC_key(key.ec);
683 goto end;
684 }
685
686 if (!verify_ECDSA_sig(key.ec, HASH_SHA1,
687 (unsigned char *)&hbreq->nonce,
688 sizeof(hbreq->nonce), sig, siglen)) {
689 log1(0, 0, 0, "Failed to verify HB_REQ signature");
690 resp = HB_AUTH_FAILED;
691 free_EC_key(key.ec);
692 goto end;
693 }
694 free_EC_key(key.ec);
695 }
696
697 down_addr = *src;
698 log2(0, 0, 0, "Using %s:%s as downstream address:port",
699 destname, destport);
700 down_nonce = rand32();
701 resp = HB_AUTH_OK;
702 }
703 } else {
704 resp = HB_AUTH_OK;
705 }
706
707 end:
708 send_hb_response(src, resp);
709 }
710
711 /**
712 * Process an KEY_REQ message
713 */
handle_key_req(const union sockaddr_u * src,const unsigned char * packet,unsigned packetlen)714 void handle_key_req(const union sockaddr_u *src,
715 const unsigned char *packet, unsigned packetlen)
716 {
717 const struct uftp_h *header;
718 const struct key_req_h *keyreq;
719 struct timeval current_timestamp;
720 char destname[INET6_ADDRSTRLEN];
721 int rval;
722
723 header = (const struct uftp_h *)packet;
724 keyreq = (const struct key_req_h *)(packet + sizeof(struct uftp_h));
725 if (header->version != UFTP4_VER_NUM) {
726 log1(0, 0, 0, "invalid version for KEY_REQ");
727 return;
728 }
729
730 if ((rval = getnameinfo((const struct sockaddr *)src, family_len(*src),
731 destname, sizeof(destname), NULL, 0, NI_NUMERICHOST)) != 0) {
732 log1(0, 0, 0, "getnameinfo failed: %s", gai_strerror(rval));
733 }
734 if ((packetlen < sizeof(struct uftp_h) + (keyreq->hlen * 4U)) ||
735 ((keyreq->hlen * 4U) < sizeof(struct key_req_h))) {
736 log1(0,0,0,"Rejecting KEY_REQ from %s: invalid message size", destname);
737 return;
738 }
739 log2(0, 0, 0, "Received KEY_REQ from %s", destname);
740
741 gettimeofday(¤t_timestamp, NULL);
742 if (diff_sec(current_timestamp, last_key_req) > KEY_REQ_LIMIT) {
743 send_v4_proxy_key();
744 }
745 }
746
747 /**
748 * Sends an HB_RESP in response to an HB_REQ
749 */
send_hb_response(const union sockaddr_u * src,int response)750 void send_hb_response(const union sockaddr_u *src, int response)
751 {
752 unsigned char *packet;
753 struct uftp_h *header;
754 struct hb_resp_h *hbresp;
755 char destname[INET6_ADDRSTRLEN], destport[PORTNAME_LEN];
756 int meslen, rval;
757
758 packet = safe_calloc(sizeof(struct uftp_h) + sizeof(struct hb_resp_h), 1);
759
760 header = (struct uftp_h *)packet;
761 hbresp = (struct hb_resp_h *)(packet + sizeof(struct uftp_h));
762 header->version = UFTP_VER_NUM;
763 header->func = HB_RESP;
764 header->src_id = uid;
765 hbresp->func = HB_RESP;
766 hbresp->hlen = sizeof(struct hb_resp_h) / 4;
767 hbresp->authenticated = response;
768 if (response == HB_AUTH_CHALLENGE) {
769 hbresp->nonce = htonl(down_nonce);
770 }
771
772 meslen = sizeof(struct uftp_h) + sizeof(struct hb_resp_h);
773 if (nb_sendto(listener, packet, meslen, 0, (const struct sockaddr *)src,
774 family_len(*src)) == SOCKET_ERROR) {
775 sockerror(0, 0, 0, "Error sending HB_RESP");
776 } else {
777 if ((rval = getnameinfo((const struct sockaddr *)src,
778 family_len(*src), destname, sizeof(destname), destport,
779 sizeof(destport), NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
780 log1(0, 0, 0, "getnameinfo failed: %s", gai_strerror(rval));
781 }
782 log2(0, 0, 0, "Sent HB_RESP to %s:%s", destname, destport);
783 }
784 free(packet);
785 }
786
787 /**
788 * Sends a PROXY_KEY message to each public multicast address.
789 */
send_v4_proxy_key()790 void send_v4_proxy_key()
791 {
792 unsigned char *packet, *keyblob, *dhblob, *sig;
793 struct uftp_h *header;
794 struct proxy_key_4_h *proxykey;
795 uint32_t nonce;
796 unsigned int meslen, siglen;
797 uint16_t bloblen, dhlen;
798 char pubname[INET6_ADDRSTRLEN];
799 int rval, i;
800
801 packet = safe_calloc(MAXMTU, 1);
802
803 header = (struct uftp_h *)packet;
804 proxykey = (struct proxy_key_4_h *)(packet + sizeof(struct uftp_h));
805 keyblob = (unsigned char *)proxykey + sizeof(struct proxy_key_4_h);
806 header->version = UFTP4_VER_NUM;
807 header->func = PROXY_KEY;
808 header->src_id = uid;
809 proxykey->func = PROXY_KEY;
810 nonce = htonl(rand32());
811 proxykey->nonce = nonce;
812
813 if (privkey_type[0] == KEYBLOB_RSA) {
814 if (!export_RSA_key(privkey[0].rsa, keyblob, &bloblen)) {
815 log0(0, 0, 0, "Error exporting public key");
816 free(packet);
817 return;
818 }
819 } else {
820 if (!export_EC_key(privkey[0].ec, keyblob, &bloblen)) {
821 log0(0, 0, 0, "Error exporting public key");
822 free(packet);
823 return;
824 }
825 }
826 dhblob = keyblob + bloblen;
827 if (v4_dhkey.key) {
828 if (!export_EC_key(v4_dhkey.ec, dhblob, &dhlen)) {
829 log0(0, 0, 0, "Error exporting public key");
830 free(packet);
831 return;
832 }
833 } else {
834 dhlen = 0;
835 }
836 sig = dhblob + dhlen;
837 if (privkey_type[0] == KEYBLOB_RSA) {
838 if (!create_RSA_sig(privkey[0].rsa, HASH_SHA1, (unsigned char *)&nonce,
839 sizeof(nonce), sig, &siglen)) {
840 log0(0, 0, 0, "Error signing nonce");
841 free(packet);
842 return;
843 }
844 } else {
845 if (!create_ECDSA_sig(privkey[0].ec, HASH_SHA1, (unsigned char *)&nonce,
846 sizeof(nonce), sig, &siglen)) {
847 log0(0, 0, 0, "Error signing nonce");
848 free(packet);
849 return;
850 }
851 }
852 proxykey->bloblen = htons(bloblen);
853 proxykey->dhlen = htons(dhlen);
854 proxykey->siglen = htons(siglen);
855 proxykey->hlen = (uint8_t)((sizeof(struct proxy_key_4_h) +
856 bloblen + dhlen + siglen) / 4);
857
858 meslen = sizeof(struct uftp_h) + (proxykey->hlen * 4);
859 for (i = 0; i < pub_multi_count; i++) {
860 if (nb_sendto(listener, packet, meslen, 0,
861 (struct sockaddr *)&pub_multi[i],
862 family_len(pub_multi[i])) == SOCKET_ERROR) {
863 sockerror(0, 0, 0, "Error sending PROXY_KEY_4");
864 } else {
865 if ((rval = getnameinfo((struct sockaddr *)&pub_multi[i],
866 family_len(pub_multi[i]), pubname, sizeof(pubname), NULL, 0,
867 NI_NUMERICHOST)) != 0) {
868 log1(0, 0, 0, "getnameinfo failed: %s", gai_strerror(rval));
869 }
870 log2(0, 0, 0, "Sent PROXY_KEY_4 to %s", pubname);
871 }
872 }
873 free(packet);
874 }
875
876 /**
877 * Sends an ABORT message upstream to a server
878 */
send_upstream_abort(struct pr_group_list_t * group,uint32_t addr,const char * message)879 void send_upstream_abort(struct pr_group_list_t *group, uint32_t addr,
880 const char *message)
881 {
882 unsigned char *buf;
883 struct uftp_h *header;
884 struct abort_h *abort_hdr;
885 int payloadlen;
886
887 buf = safe_calloc(MAXMTU, 1);
888
889 header = (struct uftp_h *)buf;
890 abort_hdr = (struct abort_h *)(buf + sizeof(struct uftp_h));
891
892 set_uftp_header(header, ABORT, group);
893 header->seq = group->send_seq_up++;
894 header->src_id = uid;
895 abort_hdr->func = ABORT;
896 abort_hdr->hlen = sizeof(struct abort_h) / 4;
897 abort_hdr->flags = 0;
898 abort_hdr->host = addr;
899 strncpy(abort_hdr->message, message, sizeof(abort_hdr->message) - 1);
900 payloadlen = sizeof(struct uftp_h) + sizeof(struct abort_h);
901
902 // Proxies should never need to send an encrypted ABORT
903
904 if (nb_sendto(listener, buf, payloadlen, 0,
905 (struct sockaddr *)&group->up_addr,
906 family_len(group->up_addr)) == SOCKET_ERROR) {
907 gsockerror(group, "Error sending ABORT");
908 }
909
910 if (addr == 0) {
911 group_cleanup(group);
912 }
913 free(buf);
914 }
915
916 /**
917 * Sends an ABORT message downstream to clients
918 */
send_downstream_abort(struct pr_group_list_t * group,uint32_t dest_id,const char * message,int current)919 void send_downstream_abort(struct pr_group_list_t *group, uint32_t dest_id,
920 const char *message, int current)
921 {
922 unsigned char *buf;
923 struct uftp_h *header;
924 struct abort_h *abort_hdr;
925 int payloadlen;
926
927 buf = safe_calloc(MAXMTU, 1);
928
929 header = (struct uftp_h *)buf;
930 abort_hdr = (struct abort_h *)(buf + sizeof(struct uftp_h));
931
932 set_uftp_header(header, ABORT, group);
933 header->seq = group->send_seq_down++;
934 header->src_id = uid;
935 header->grtt = quantize_grtt(group->grtt);
936 header->gsize = quantize_gsize(group->gsize);
937 abort_hdr->func = ABORT;
938 abort_hdr->hlen = sizeof(struct abort_h) / 4;
939 if ((dest_id == 0) && current) {
940 abort_hdr->flags |= FLAG_CURRENT_FILE;
941 }
942 abort_hdr->host = dest_id;
943 strncpy(abort_hdr->message, message, sizeof(abort_hdr->message) - 1);
944 payloadlen = sizeof(struct uftp_h) + sizeof(struct abort_h);
945
946 // Proxies should never need to send an encrypted ABORT
947
948 if (nb_sendto(listener, buf, payloadlen, 0,
949 (struct sockaddr *)&group->privatemcast,
950 family_len(group->privatemcast)) == SOCKET_ERROR) {
951 gsockerror(group, "Error sending ABORT");
952 }
953
954 free(buf);
955 }
956
957 /**
958 * Handles an ABORT message from a client or server
959 * and forwards if necessary.
960 */
handle_abort(struct pr_group_list_t * group,const union sockaddr_u * src,const unsigned char * message,unsigned meslen,uint32_t src_id)961 void handle_abort(struct pr_group_list_t *group, const union sockaddr_u *src,
962 const unsigned char *message, unsigned meslen,
963 uint32_t src_id)
964 {
965 const struct abort_h *abort_hdr;
966 int upstream, hostidx, current;
967
968 abort_hdr = (const struct abort_h *)message;
969
970 upstream = (addr_equal(&group->up_addr, src));
971 if (meslen < (abort_hdr->hlen * 4U) ||
972 ((abort_hdr->hlen * 4U) < sizeof(struct abort_h))) {
973 glog1(group, "Rejecting ABORT from %s: invalid message size",
974 upstream ? "server" : "client");
975 }
976
977 if (upstream) {
978 if ((abort_hdr->host == 0) || abort_hdr->host == uid ) {
979 glog1(group, "Transfer aborted by server: %s", abort_hdr->message);
980 current = ((abort_hdr->flags & FLAG_CURRENT_FILE) != 0);
981 if (proxy_type != RESPONSE_PROXY) {
982 send_downstream_abort(group, 0, abort_hdr->message, current);
983 }
984 if (!current) {
985 group_cleanup(group);
986 }
987 } else {
988 if (proxy_type != RESPONSE_PROXY) {
989 send_downstream_abort(group, abort_hdr->host,
990 abort_hdr->message, 0);
991 }
992 }
993 } else {
994 if ((hostidx = find_client(group, src_id)) != -1) {
995 glog1(group, "Transfer aborted by %s: %s",
996 group->destinfo[hostidx].name, abort_hdr->message);
997 } else {
998 glog1(group, "Transfer aborted by %08X: %s",
999 ntohl(src_id), abort_hdr->message);
1000 }
1001 send_upstream_abort(group, src_id, abort_hdr->message);
1002 }
1003 }
1004
1005 /**
1006 * Verifies a server's or client's public key fingerprint
1007 * Returns 1 on success, 0 on failure
1008 */
verify_fingerprint(const struct fp_list_t * fplist,int listlen,const unsigned char * keyblob,uint16_t bloblen,struct pr_group_list_t * group,uint32_t id)1009 int verify_fingerprint(const struct fp_list_t *fplist, int listlen,
1010 const unsigned char *keyblob, uint16_t bloblen,
1011 struct pr_group_list_t *group, uint32_t id)
1012 {
1013 unsigned char fingerprint[HMAC_LEN];
1014 unsigned int fplen;
1015 int found, keyidx;
1016
1017 if (listlen == 0) {
1018 return 1;
1019 }
1020
1021 for (keyidx = 0, found = 0; (keyidx < listlen) && !found; keyidx++) {
1022 if (fplist[keyidx].uid == id) {
1023 keyidx--;
1024 found = 1;
1025 }
1026 }
1027 if (!found) {
1028 return 0;
1029 }
1030 if (!fplist[keyidx].has_fingerprint) {
1031 return 1;
1032 }
1033
1034 hash(HASH_SHA1, keyblob, bloblen, fingerprint, &fplen);
1035 if (memcmp(fplist[keyidx].fingerprint, fingerprint, fplen)) {
1036 return 0;
1037 } else {
1038 return 1;
1039 }
1040 }
1041
1042 /**
1043 * Returns the verify_data string used in certain messages. This value
1044 * is then run through the PRF with the result going into the message.
1045 */
build_v4_verify_data(struct pr_group_list_t * group,int hostidx,int * verifylen,int full)1046 uint8_t *build_v4_verify_data(struct pr_group_list_t *group, int hostidx,
1047 int *verifylen, int full)
1048 {
1049 uint8_t *verifydata, *keyblob;
1050 uint32_t group_id;
1051 struct pr_destinfo_t *dest;
1052 union key_t key;
1053 int iplen, keytype;
1054 uint16_t bloblen;
1055
1056 iplen = (group->privatemcast.ss.ss_family == AF_INET6) ?
1057 sizeof(struct in6_addr) : sizeof(struct in_addr);
1058 if (hostidx != -1) {
1059 dest = &group->destinfo[hostidx];
1060 }
1061 *verifylen = 0;
1062 if (!full) {
1063 verifydata = safe_calloc(sizeof(group->group_id) +
1064 iplen + sizeof(group->rand1) +
1065 sizeof(group->rand2) + sizeof(group->premaster), 1);
1066 } else {
1067 verifydata = safe_calloc(sizeof(group->group_id) +
1068 iplen + sizeof(group->rand1) +
1069 sizeof(group->rand2) + sizeof(group->premaster) +
1070 PUBKEY_LEN + sizeof(group->groupmaster), 1);
1071 }
1072
1073 group_id = htonl(group->group_id);
1074 memcpy(verifydata, &group_id, sizeof(group_id));
1075 *verifylen += sizeof(group_id);
1076 if (group->privatemcast.ss.ss_family == AF_INET6) {
1077 memcpy(verifydata + *verifylen,
1078 &group->privatemcast.sin6.sin6_addr.s6_addr, iplen);
1079 } else {
1080 memcpy(verifydata + *verifylen,
1081 &group->privatemcast.sin.sin_addr.s_addr, iplen);
1082 }
1083 *verifylen += iplen;
1084 memcpy(verifydata + *verifylen, group->rand1, sizeof(group->rand1));
1085 *verifylen += sizeof(group->rand1);
1086 if (hostidx == -1) {
1087 memcpy(verifydata + *verifylen, group->rand2, sizeof(group->rand2));
1088 *verifylen += sizeof(group->rand2);
1089 memcpy(verifydata + *verifylen, group->premaster, group->premaster_len);
1090 *verifylen += group->premaster_len;
1091 } else {
1092 memcpy(verifydata + *verifylen, dest->rand2, sizeof(dest->rand2));
1093 *verifylen += sizeof(dest->rand2);
1094 memcpy(verifydata + *verifylen, dest->premaster, dest->premaster_len);
1095 *verifylen += dest->premaster_len;
1096 }
1097
1098 if (full) {
1099 if (group->client_auth) {
1100 if (hostidx == -1) {
1101 key = group->proxy_privkey;
1102 keytype = group->proxy_privkeytype;
1103 } else {
1104 key = dest->client_pubkey;
1105 keytype = dest->client_pubkeytype;
1106 }
1107 keyblob = verifydata + *verifylen;
1108 if (keytype == KEYBLOB_RSA) {
1109 if (!export_RSA_key(key.rsa, keyblob, &bloblen)) {
1110 free(verifydata);
1111 return NULL;
1112 }
1113 } else {
1114 if (!export_EC_key(key.ec, keyblob, &bloblen)) {
1115 free(verifydata);
1116 return NULL;
1117 }
1118 }
1119 *verifylen += bloblen;
1120 }
1121 memcpy(verifydata + *verifylen, group->groupmaster,
1122 sizeof(group->groupmaster));
1123 *verifylen += sizeof(group->groupmaster);
1124 }
1125
1126 return verifydata;
1127 }
1128
1129
1130