Ejemplo n.º 1
0
 protected void CryptPrepareSendData(byte[] pBuffer, uint nLen)
 {
     if (!IsEncryptionLayerReady)
     {
         Debug.Assert(false); // must be a bug
         return;
     }
     if (streamCryptState_ == StreamCryptStateEnum.ECS_UNKNOWN)
     {
         //this happens when the encryption option was not set on a outgoing connection
         //or if we try to send before receiving on a incoming connection - both shouldn't happen
         streamCryptState_ = StreamCryptStateEnum.ECS_NONE;
         MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Overwriting State ECS_UNKNOWN with ECS_NONE because of premature Send() (%s)"), DbgGetIPString());
     }
     if (streamCryptState_ == StreamCryptStateEnum.ECS_ENCRYPTING)
     {
         MuleUtilities.RC4Crypt(pBuffer, pBuffer, nLen, rc4SendKey_);
     }
 }
        public virtual int EncryptSendServer(ref byte[] ppbyBuf, int nBufLen, uint dwBaseKey)
        {
            Debug.Assert(MuleApplication.Instance.Preference.IsServerCryptLayerUDPEnabled);
            Debug.Assert(dwBaseKey != 0);

            byte byPadLen    = 0;               // padding disabled for UDP currently
            int  nCryptedLen = nBufLen + byPadLen + CRYPT_HEADER_WITHOUTPADDING;

            byte[] pachCryptedBuffer = new byte[nCryptedLen];

            ushort nRandomKeyPart = MpdUtilities.GetRandomUInt16();

            byte[] achKeyData = new byte[7];
            Array.Copy(BitConverter.GetBytes(dwBaseKey), achKeyData, 4);
            achKeyData[4] = MAGICVALUE_UDP_CLIENTSERVER;
            Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, achKeyData, 5, 2);
            MD5 md5 = MD5.Create();

            byte[] rawHash    = md5.ComputeHash(achKeyData);
            RC4Key keySendKey = null;

            MuleUtilities.RC4CreateKey(rawHash, 16, ref keySendKey, true);

            // create the semi random byte encryption header
            byte bySemiRandomNotProtocolMarker = 0;
            int  i;

            for (i = 0; i < 128; i++)
            {
                bySemiRandomNotProtocolMarker = MpdUtilities.GetRandomUInt8();
                if (bySemiRandomNotProtocolMarker != MuleConstants.PROTOCOL_EDONKEYPROT) // not allowed values
                {
                    break;
                }
            }
            if (i >= 128)
            {
                // either we have _real_ bad luck or the randomgenerator is a bit messed up
                Debug.Assert(false);
                bySemiRandomNotProtocolMarker = 0x01;
            }

            uint dwMagicValue = MAGICVALUE_UDP_SYNC_SERVER;

            pachCryptedBuffer[0] = bySemiRandomNotProtocolMarker;
            Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, pachCryptedBuffer, 1, 2);
            MuleUtilities.RC4Crypt(BitConverter.GetBytes(dwMagicValue), 0,
                                   pachCryptedBuffer, 3, 4, keySendKey);
            MuleUtilities.RC4Crypt(new byte[] { byPadLen }, 0, pachCryptedBuffer, 7, 1, keySendKey);

            Random rand = new Random();

            for (int j = 0; j < byPadLen; j++)
            {
                byte byRand = (byte)rand.Next(255);     // they actually dont really need to be random, but it doesn't hurts either
                MuleUtilities.RC4Crypt(new byte[] { byRand }, 0,
                                       pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + j, 1, keySendKey);
            }
            MuleUtilities.RC4Crypt(ppbyBuf, 0,
                                   pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + byPadLen, (uint)nBufLen, keySendKey);

            ppbyBuf = pachCryptedBuffer;

            MuleApplication.Instance.Statistics.AddUpDataOverheadCrypt((uint)(nCryptedLen - nBufLen));
            return(nCryptedLen);
        }
        public virtual int DecryptReceivedServer(byte[] pbyBufIn, int nBufLen, out byte[] ppbyBufOut, uint dwBaseKey, uint dbgIP)
        {
            int nResult = nBufLen;

            ppbyBufOut = pbyBufIn;

            if (nResult <= CRYPT_HEADER_WITHOUTPADDING ||
                !MuleApplication.Instance.Preference.IsServerCryptLayerUDPEnabled ||
                dwBaseKey == 0)
            {
                return(nResult);
            }

            if (pbyBufIn[0] == MuleConstants.PROTOCOL_EDONKEYPROT)
            {
                return(nResult); // no encrypted packet (see description on top)
            }
            // might be an encrypted packet, try to decrypt
            byte[] achKeyData = new byte[7];
            Array.Copy(BitConverter.GetBytes(dwBaseKey), achKeyData, 4);
            achKeyData[4] = MAGICVALUE_UDP_SERVERCLIENT;
            Array.Copy(pbyBufIn, 1, achKeyData, 5, 2); // random key part sent from remote server
            MD5 md5 = MD5.Create();

            byte[] rawHash       = md5.ComputeHash(achKeyData);
            RC4Key keyReceiveKey = null;

            MuleUtilities.RC4CreateKey(rawHash, 16, ref keyReceiveKey, true);

            byte[] dwValueBuf = new byte[4];
            MuleUtilities.RC4Crypt(pbyBufIn, 3, dwValueBuf, 0, 4, keyReceiveKey);
            uint dwValue = BitConverter.ToUInt32(dwValueBuf, 0);

            if (dwValue == MAGICVALUE_UDP_SYNC_SERVER)
            {
                // yup this is an encrypted packet
                byte[] byPadLenBuf = new byte[1];
                MuleUtilities.RC4Crypt(pbyBufIn, 7, byPadLenBuf, 0, 1, keyReceiveKey);
                byte byPadLen = byPadLenBuf[0];
                byPadLen &= 15;
                nResult  -= CRYPT_HEADER_WITHOUTPADDING;
                if (nResult <= byPadLen)
                {
                    return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
                }
                if (byPadLen > 0)
                {
                    MuleUtilities.RC4Crypt(null, null, byPadLen, keyReceiveKey);
                }
                nResult   -= byPadLen;
                ppbyBufOut = new byte[nResult];
                Array.Copy(pbyBufIn, (nBufLen - nResult), ppbyBufOut, 0, nResult);
                MuleUtilities.RC4Crypt(ppbyBufOut, ppbyBufOut, (uint)nResult, keyReceiveKey);

                MuleApplication.Instance.Statistics.AddDownDataOverheadCrypt((uint)(nBufLen - nResult));
                return(nResult); // done
            }
            else
            {
                return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
            }
        }
        public virtual int DecryptReceivedClient(byte[] pbyBufIn, int nBufLen,
                                                 out byte[] ppbyBufOut, uint dwIP, out uint nReceiverVerifyKey, out uint nSenderVerifyKey)
        {
            int nResult = nBufLen;

            ppbyBufOut         = pbyBufIn;
            nReceiverVerifyKey = 0;
            nSenderVerifyKey   = 0;

            if (nResult <= CRYPT_HEADER_WITHOUTPADDING /*|| !MuleApplication.Instance.Preference.IsClientCryptLayerSupported()*/)
            {
                return(nResult);
            }

            switch (pbyBufIn[0])
            {
            case MuleConstants.PROTOCOL_EMULEPROT:
            case MuleConstants.PROTOCOL_KADEMLIAPACKEDPROT:
            case MuleConstants.PROTOCOL_KADEMLIAHEADER:
            case MuleConstants.PROTOCOL_UDPRESERVEDPROT1:
            case MuleConstants.PROTOCOL_UDPRESERVEDPROT2:
            case MuleConstants.PROTOCOL_PACKEDPROT:
                return(nResult);    // no encrypted packet (see description on top)
            }

            // might be an encrypted packet, try to decrypt
            RC4Key keyReceiveKey = null;
            uint   dwValue       = 0;
            // check the marker bit which type this packet could be and which key to test first, this is only an indicator since old clients have it set random
            // see the header for marker bits explanation
            byte byCurrentTry = (byte)(((pbyBufIn[0] & 0x03) == 3) ? 1 : (pbyBufIn[0] & 0x03));
            byte byTries;

            if (MuleApplication.Instance.KadEngine.Preference == null)
            {
                // if kad never run, no point in checking anything except for ed2k encryption
                byTries      = 1;
                byCurrentTry = 1;
            }
            else
            {
                byTries = 3;
            }
            bool bKadRecvKeyUsed = false;
            bool bKad            = false;

            do
            {
                byTries--;
                MD5    md5     = MD5.Create();
                byte[] rawHash = null;
                if (byCurrentTry == 0)
                {
                    // kad packet with NodeID as key
                    bKad            = true;
                    bKadRecvKeyUsed = false;
                    if (MuleApplication.Instance.KadEngine.Preference != null)
                    {
                        byte[] achKeyData = new byte[18];
                        Array.Copy(MuleApplication.Instance.KadEngine.Preference.KadID.Bytes, 0, achKeyData, 0, 16);
                        Array.Copy(pbyBufIn, 1, achKeyData, 16, 2); // random key part sent from remote client
                        rawHash = md5.ComputeHash(achKeyData);
                    }
                }
                else if (byCurrentTry == 1)
                {
                    // ed2k packet
                    bKad            = false;
                    bKadRecvKeyUsed = false;
                    byte[] achKeyData = new byte[23];
                    MpdUtilities.Md4Cpy(achKeyData, MuleApplication.Instance.Preference.UserHash);
                    achKeyData[20] = MAGICVALUE_UDP;
                    Array.Copy(BitConverter.GetBytes(dwIP), 0, achKeyData, 16, 4);
                    Array.Copy(pbyBufIn, 1, achKeyData, 21, 2); // random key part sent from remote client
                    rawHash = md5.ComputeHash(achKeyData);
                }
                else if (byCurrentTry == 2)
                {
                    // kad packet with ReceiverKey as key
                    bKad            = true;
                    bKadRecvKeyUsed = true;
                    if (MuleApplication.Instance.KadEngine.Preference != null)
                    {
                        byte[] achKeyData = new byte[6];
                        Array.Copy(BitConverter.GetBytes(MuleApplication.Instance.KadEngine.Preference.GetUDPVerifyKey(dwIP)),
                                   achKeyData, 4);
                        Array.Copy(pbyBufIn, 1, achKeyData, 4, 2); // random key part sent from remote client
                        rawHash = md5.ComputeHash(achKeyData);
                    }
                }
                else
                {
                    Debug.Assert(false);
                }

                MuleUtilities.RC4CreateKey(rawHash, 16, ref keyReceiveKey, true);
                byte[] outBuf = new byte[4];
                MuleUtilities.RC4Crypt(pbyBufIn, 3, outBuf, 0, 4, keyReceiveKey);
                dwIP         = BitConverter.ToUInt32(outBuf, 0);
                byCurrentTry = (byte)((byCurrentTry + 1) % 3);
            } while (dwValue != MAGICVALUE_UDP_SYNC_CLIENT && byTries > 0); // try to decrypt as ed2k as well as kad packet if needed (max 3 rounds)

            if (dwValue == MAGICVALUE_UDP_SYNC_CLIENT)
            {
                // yup this is an encrypted packet
                // debugoutput notices
                // the following cases are "allowed" but shouldn't happen given that there is only our implementation yet
                if (bKad && (pbyBufIn[0] & 0x01) != 0)
                {
                    MpdUtilities.DebugLog(
                        string.Format("Received obfuscated UDP packet from clientIP: {0} with wrong key marker bits (kad packet, ed2k bit)", MpdUtilities.IP2String(dwIP)));
                }
                else if (bKad && !bKadRecvKeyUsed && (pbyBufIn[0] & 0x02) != 0)
                {
                    MpdUtilities.DebugLog(
                        string.Format("Received obfuscated UDP packet from clientIP: {0} with wrong key marker bits (kad packet, nodeid key, recvkey bit)", MpdUtilities.IP2String(dwIP)));
                }
                else if (bKad && bKadRecvKeyUsed && (pbyBufIn[0] & 0x02) == 0)
                {
                    MpdUtilities.DebugLog(
                        string.Format("Received obfuscated UDP packet from clientIP: {0} with wrong key marker bits (kad packet, recvkey key, nodeid bit)", MpdUtilities.IP2String(dwIP)));
                }

                byte   byPadLen;
                byte[] outBuf = new byte[1];
                MuleUtilities.RC4Crypt(pbyBufIn, 7, outBuf, 0, 1, keyReceiveKey);
                byPadLen = outBuf[0];

                nResult -= CRYPT_HEADER_WITHOUTPADDING;
                if (nResult <= byPadLen)
                {
                    MpdUtilities.DebugLogError(
                        string.Format("Invalid obfuscated UDP packet from clientIP: {0}, Paddingsize ({1}) larger than received bytes",
                                      MpdUtilities.IP2String(dwIP), byPadLen));
                    return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
                }
                if (byPadLen > 0)
                {
                    MuleUtilities.RC4Crypt(null, null, byPadLen, keyReceiveKey);
                }
                nResult -= byPadLen;

                if (bKad)
                {
                    if (nResult <= 8)
                    {
                        MpdUtilities.DebugLogError(
                            string.Format("Obfuscated Kad packet with mismatching size (verify keys missing) received from clientIP: {0}",
                                          MpdUtilities.IP2String(dwIP)));
                        return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk;
                    }
                    // read the verify keys
                    outBuf = new byte[4];
                    MuleUtilities.RC4Crypt(pbyBufIn, (int)(CRYPT_HEADER_WITHOUTPADDING + byPadLen),
                                           outBuf, 0, 4, keyReceiveKey);
                    nReceiverVerifyKey = BitConverter.ToUInt32(outBuf, 0);
                    MuleUtilities.RC4Crypt(pbyBufIn, (int)(CRYPT_HEADER_WITHOUTPADDING + byPadLen + 4),
                                           outBuf, 0, 4, keyReceiveKey);
                    nSenderVerifyKey = BitConverter.ToUInt32(outBuf, 0);
                    nResult         -= 8;
                }

                ppbyBufOut = new byte[nResult];
                Array.Copy(pbyBufIn, (nBufLen - nResult), ppbyBufOut, 0, nResult);

                MuleUtilities.RC4Crypt(ppbyBufOut, ppbyBufOut, (uint)nResult, keyReceiveKey);
                MuleApplication.Instance.Statistics.AddDownDataOverheadCrypt((uint)(nBufLen - nResult));
                //DEBUG_ONLY( MpdUtilities.DebugLog(("Received obfuscated UDP packet from clientIP: %s, Key: %s, RKey: %u, SKey: %u"), MpdUtilities.IP2String(dwIP), bKad ? (bKadRecvKeyUsed ? ("ReceiverKey") : ("NodeID")) : ("UserHash")
                //	, nReceiverVerifyKey != 0 ? *nReceiverVerifyKey : 0, nSenderVerifyKey != 0 ? *nSenderVerifyKey : 0) );
                return(nResult); // done
            }
            else
            {
                MpdUtilities.DebugLogWarning(
                    string.Format("Obfuscated packet expected but magicvalue mismatch on UDP packet from clientIP: {0}, Possible RecvKey: {1}",
                                  MpdUtilities.IP2String(dwIP), MuleApplication.Instance.KadEngine.Preference.GetUDPVerifyKey(dwIP)));
                return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
            }
        }
        public virtual int EncryptSendClient(ref byte[] ppbyBuf, int nBufLen, byte[] pachClientHashOrKadID, bool bKad, uint nReceiverVerifyKey, uint nSenderVerifyKey)
        {
            Debug.Assert(MuleApplication.Instance.PublicIP != 0 || bKad);
            Debug.Assert(MuleApplication.Instance.Preference.IsClientCryptLayerSupported);
            Debug.Assert(pachClientHashOrKadID != null || nReceiverVerifyKey != 0);
            Debug.Assert((nReceiverVerifyKey == 0 && nSenderVerifyKey == 0) || bKad);

            byte byPadLen        = 0;           // padding disabled for UDP currently
            int  nCryptHeaderLen = byPadLen + CRYPT_HEADER_WITHOUTPADDING + (bKad ? 8 : 0);

            int nCryptedLen = nBufLen + nCryptHeaderLen;

            byte[] pachCryptedBuffer = new byte[nCryptedLen];
            bool   bKadRecKeyUsed    = false;

            ushort nRandomKeyPart = MpdUtilities.GetRandomUInt16();
            MD5    md5            = MD5.Create();

            byte[] rawHash = null;
            if (bKad)
            {
                if ((pachClientHashOrKadID == null ||
                     MpdUtilities.IsNullMd4(pachClientHashOrKadID)) &&
                    nReceiverVerifyKey != 0)
                {
                    bKadRecKeyUsed = true;
                    byte[] achKeyData = new byte[6];
                    Array.Copy(BitConverter.GetBytes(nReceiverVerifyKey), achKeyData, 4);
                    Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0,
                               achKeyData, 4, 2);
                    rawHash = md5.ComputeHash(achKeyData);
                    //DEBUG_ONLY( DebugLog(_T("Creating obfuscated Kad packet encrypted by ReceiverKey (%u)"), nReceiverVerifyKey) );
                }
                else if (pachClientHashOrKadID != null && !MpdUtilities.IsNullMd4(pachClientHashOrKadID))
                {
                    byte[] achKeyData = new byte[18];
                    MpdUtilities.Md4Cpy(achKeyData, pachClientHashOrKadID);
                    Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0,
                               achKeyData, 16, 2);
                    rawHash = md5.ComputeHash(achKeyData);
                    //DEBUG_ONLY( DebugLog(_T("Creating obfuscated Kad packet encrypted by Hash/NodeID %s"), md4str(pachClientHashOrKadID)) );
                }
                else
                {
                    ppbyBuf = null;
                    Debug.Assert(false);
                    return(nBufLen);
                }
            }
            else
            {
                byte[] achKeyData = new byte[23];
                MpdUtilities.Md4Cpy(achKeyData, pachClientHashOrKadID);
                uint dwIP = (uint)MuleApplication.Instance.PublicIP;
                Array.Copy(BitConverter.GetBytes(dwIP), 0, achKeyData, 16, 4);
                Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, achKeyData, 21, 2);
                achKeyData[20] = MAGICVALUE_UDP;
                rawHash        = md5.ComputeHash(achKeyData);
            }
            RC4Key keySendKey = null;

            MuleUtilities.RC4CreateKey(rawHash, 16, ref keySendKey, true);

            // create the semi random byte encryption header
            byte bySemiRandomNotProtocolMarker = 0;
            int  i;

            for (i = 0; i < 128; i++)
            {
                bySemiRandomNotProtocolMarker = MpdUtilities.GetRandomUInt8();
                bySemiRandomNotProtocolMarker =
                    (byte)(bKad ? (bySemiRandomNotProtocolMarker & 0xFE) :
                           (bySemiRandomNotProtocolMarker | 0x01)); // set the ed2k/kad marker bit
                if (bKad)
                {
                    bySemiRandomNotProtocolMarker =
                        (byte)(bKadRecKeyUsed ? ((bySemiRandomNotProtocolMarker & 0xFE) | 0x02) :
                               (bySemiRandomNotProtocolMarker & 0xFC)); // set the ed2k/kad and nodeid/reckey markerbit
                }
                else
                {
                    bySemiRandomNotProtocolMarker = (byte)(bySemiRandomNotProtocolMarker | 0x01); // set the ed2k/kad marker bit
                }
                bool bOk = false;
                switch (bySemiRandomNotProtocolMarker)
                { // not allowed values
                case MuleConstants.PROTOCOL_EMULEPROT:
                case MuleConstants.PROTOCOL_KADEMLIAPACKEDPROT:
                case MuleConstants.PROTOCOL_KADEMLIAHEADER:
                case MuleConstants.PROTOCOL_UDPRESERVEDPROT1:
                case MuleConstants.PROTOCOL_UDPRESERVEDPROT2:
                case MuleConstants.PROTOCOL_PACKEDPROT:
                    break;

                default:
                    bOk = true;
                    break;
                }
                if (bOk)
                {
                    break;
                }
            }
            if (i >= 128)
            {
                // either we have _really_ bad luck or the randomgenerator is a bit messed up
                Debug.Assert(false);
                bySemiRandomNotProtocolMarker = 0x01;
            }

            uint dwMagicValue = MAGICVALUE_UDP_SYNC_CLIENT;

            pachCryptedBuffer[0] = bySemiRandomNotProtocolMarker;
            Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, pachCryptedBuffer, 1, 2);
            MuleUtilities.RC4Crypt(BitConverter.GetBytes(dwMagicValue), 0, pachCryptedBuffer, 3, 4, keySendKey);
            MuleUtilities.RC4Crypt(BitConverter.GetBytes(byPadLen), 0, pachCryptedBuffer, 7, 1, keySendKey);

            Random rand = new Random();

            for (int j = 0; j < byPadLen; j++)
            {
                byte byRand = (byte)rand.Next(255);     // they actually dont really need to be random, but it doesn't hurts either
                MuleUtilities.RC4Crypt(BitConverter.GetBytes(byRand), 0,
                                       pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + j, 1, keySendKey);
            }

            if (bKad)
            {
                MuleUtilities.RC4Crypt(BitConverter.GetBytes(nReceiverVerifyKey), 0,
                                       pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + byPadLen, 4, keySendKey);
                MuleUtilities.RC4Crypt(BitConverter.GetBytes(nSenderVerifyKey), 0,
                                       pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + byPadLen + 4, 4, keySendKey);
            }

            MuleUtilities.RC4Crypt(ppbyBuf, 0,
                                   pachCryptedBuffer, nCryptHeaderLen, (uint)nBufLen, keySendKey);
            ppbyBuf = pachCryptedBuffer;

            MuleApplication.Instance.Statistics.AddUpDataOverheadCrypt((uint)(nCryptedLen - nBufLen));
            return(nCryptedLen);
        }
Ejemplo n.º 6
0
        private int SendNegotiatingData(byte[] lpBuf, uint nBufLen, uint nStartCryptFromByte, bool bDelaySend)
        {
            Debug.Assert(streamCryptState_ == StreamCryptStateEnum.ECS_NEGOTIATING ||
                         streamCryptState_ == StreamCryptStateEnum.ECS_ENCRYPTING);
            Debug.Assert(nStartCryptFromByte <= nBufLen);
            Debug.Assert(negotiatingState_ == NegotiatingStateEnum.ONS_BASIC_SERVER_DELAYEDSENDING ||
                         !bDelaySend);

            byte[] pBuffer  = null;
            bool   bProcess = false;

            if (lpBuf != null)
            {
                pBuffer = new byte[nBufLen];
                if (nStartCryptFromByte > 0)
                {
                    Array.Copy(lpBuf, pBuffer, nStartCryptFromByte);
                }
                if (nBufLen - nStartCryptFromByte > 0)
                {
                    MuleUtilities.RC4Crypt(lpBuf, Convert.ToInt32(nStartCryptFromByte),
                                           pBuffer, Convert.ToInt32(nStartCryptFromByte),
                                           nBufLen - nStartCryptFromByte,
                                           rc4SendKey_);
                }
                if (fiSendBuffer_ != null)
                {
                    // we already have data pending. Attach it and try to send
                    if (negotiatingState_ == NegotiatingStateEnum.ONS_BASIC_SERVER_DELAYEDSENDING)
                    {
                        negotiatingState_ = NegotiatingStateEnum.ONS_COMPLETE;
                    }
                    else
                    {
                        Debug.Assert(false);
                    }
                    fiSendBuffer_.Seek(0, System.IO.SeekOrigin.End);
                    fiSendBuffer_.Write(pBuffer, 0, Convert.ToInt32(nBufLen));
                    pBuffer             = null;
                    nStartCryptFromByte = 0;
                    bProcess            = true; // we want to try to send it right now
                }
            }
            if (lpBuf == null || bProcess)
            {
                // this call is for processing pending data
                if (fiSendBuffer_ == null || nStartCryptFromByte != 0)
                {
                    Debug.Assert(false);
                    return(0);                                                   // or not
                }
                nBufLen       = Convert.ToUInt32(fiSendBuffer_.Length);
                pBuffer       = fiSendBuffer_.Buffer;
                fiSendBuffer_ = null;
            }
            Debug.Assert(fiSendBuffer_ == null);
            int result = 0;

            if (!bDelaySend)
            {
                result = base.Send(pBuffer, Convert.ToInt32(nBufLen));
            }
            if (result == SOCKET_ERROR || bDelaySend)
            {
                fiSendBuffer_ = MpdObjectManager.CreateSafeMemFile(128);
                fiSendBuffer_.Write(pBuffer, 0, Convert.ToInt32(nBufLen));
                return(result);
            }
            else
            {
                if (result < nBufLen)
                {
                    fiSendBuffer_ = MpdObjectManager.CreateSafeMemFile(128);
                    fiSendBuffer_.Write(pBuffer, Convert.ToInt32(result), Convert.ToInt32(nBufLen - result));
                }
                return(result);
            }
        }
Ejemplo n.º 7
0
        private int Negotiate(byte[] pBuffer, int offset, int nLen)
        {
            int nRead = 0;

            Debug.Assert(receiveBytesWanted_ > 0);
            try
            {
                while (negotiatingState_ != NegotiatingStateEnum.ONS_COMPLETE && receiveBytesWanted_ > 0)
                {
                    if (receiveBytesWanted_ > 512)
                    {
                        Debug.Assert(false);
                        return(0);
                    }

                    if (fiReceiveBuffer_ == null)
                    {
                        byte[] pReceiveBuffer = new byte[512]; // use a fixed size buffer
                        fiReceiveBuffer_ = MpdObjectManager.CreateSafeMemFile(pReceiveBuffer);
                    }
                    int nToRead = Math.Min(Convert.ToInt32(nLen) - nRead, Convert.ToInt32(receiveBytesWanted_));
                    fiReceiveBuffer_.Write(pBuffer, nRead, nToRead);
                    nRead += nToRead;
                    receiveBytesWanted_ -= Convert.ToUInt32(nToRead);
                    if (receiveBytesWanted_ > 0)
                    {
                        return(nRead);
                    }
                    uint nCurrentBytesLen = (uint)fiReceiveBuffer_.Position;

                    if (negotiatingState_ != NegotiatingStateEnum.ONS_BASIC_CLIENTA_RANDOMPART &&
                        negotiatingState_ != NegotiatingStateEnum.ONS_BASIC_SERVER_DHANSWER)
                    { // don't have the keys yet
                        byte[] pCryptBuffer = fiReceiveBuffer_.Buffer;
                        MuleUtilities.RC4Crypt(pCryptBuffer, pCryptBuffer, nCurrentBytesLen, rc4ReceiveKey_);
                    }
                    fiReceiveBuffer_.SeekToBegin();

                    switch (negotiatingState_)
                    {
                    case NegotiatingStateEnum.ONS_NONE:     // would be a bug
                        Debug.Assert(false);
                        return(0);

                    case NegotiatingStateEnum.ONS_BASIC_CLIENTA_RANDOMPART:
                    {
                        Debug.Assert(rc4ReceiveKey_ == null);

                        byte[] achKeyData = new byte[21];
                        MpdUtilities.Md4Cpy(achKeyData, MuleApplication.Instance.Preference.UserHash);
                        achKeyData[16] = Convert.ToByte(MuleConstants.MAGICVALUE_REQUESTER);
                        fiReceiveBuffer_.Read(achKeyData, 17, 4);         // random key part sent from remote client

                        MD5 md5 = MD5.Create();
                        rc4ReceiveKey_ =
                            MuleUtilities.RC4CreateKey(md5.ComputeHash(achKeyData), 16);
                        achKeyData[16] = Convert.ToByte(MuleConstants.MAGICVALUE_SERVER);
                        rc4SendKey_    =
                            MuleUtilities.RC4CreateKey(md5.ComputeHash(achKeyData), 16);

                        negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_CLIENTA_MAGICVALUE;
                        receiveBytesWanted_ = 4;
                        break;
                    }

                    case NegotiatingStateEnum.ONS_BASIC_CLIENTA_MAGICVALUE:
                    {
                        uint dwValue = fiReceiveBuffer_.ReadUInt32();
                        if (dwValue == MuleConstants.MAGICVALUE_SYNC)
                        {
                            // yup, the one or the other way it worked, this is an encrypted stream
                            //DEBUG_ONLY( MpdUtilities.DebugLog(("Received proper magic value, clientIP: %s"), DbgGetIPString()) );
                            // set the receiver key
                            negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_CLIENTA_METHODTAGSPADLEN;
                            receiveBytesWanted_ = 3;
                        }
                        else
                        {
                            MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Received wrong magic value from clientIP %s on a supposly encrytped stream / Wrong Header"), DbgGetIPString());
                            OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
                            return(-1);
                        }
                        break;
                    }

                    case NegotiatingStateEnum.ONS_BASIC_CLIENTA_METHODTAGSPADLEN:
                        DbgByEncryptionSupported = fiReceiveBuffer_.ReadUInt8();
                        DbgByEncryptionRequested = fiReceiveBuffer_.ReadUInt8();
                        if (DbgByEncryptionRequested != Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION))
                        {
                            MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_LOW, false, ("CEncryptedStreamSocket: Client %s preffered unsupported encryption method (%i)"), DbgGetIPString(), DbgByEncryptionRequested);
                        }
                        receiveBytesWanted_ = fiReceiveBuffer_.ReadUInt8();
                        negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_CLIENTA_PADDING;
                        if (receiveBytesWanted_ > 0)
                        {
                            break;
                        }
                        else
                        {
                            goto case NegotiatingStateEnum.ONS_BASIC_CLIENTA_PADDING;
                        }

                    case NegotiatingStateEnum.ONS_BASIC_CLIENTA_PADDING:
                    {
                        // ignore the random bytes, send the response, set status complete
                        SafeMemFile fileResponse = MpdObjectManager.CreateSafeMemFile(26);
                        fileResponse.WriteUInt32(MuleConstants.MAGICVALUE_SYNC);
                        byte bySelectedEncryptionMethod = Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION);         // we do not support any further encryption in this version, so no need to look which the other client preferred
                        fileResponse.WriteUInt8(bySelectedEncryptionMethod);

                        IPEndPoint remoteEp = RemoteEndPoint as IPEndPoint;

                        byte byPaddingLen =
                            MuleApplication.Instance.ServerConnect.AwaitingTestFromIP(BitConverter.ToUInt32(remoteEp.Address.GetAddressBytes(), 0))
                                        ? Convert.ToByte(16) :
                            Convert.ToByte(MuleApplication.Instance.Preference.CryptTCPPaddingLength + 1);
                        byte byPadding = Convert.ToByte(MpdUtilities.GetRandomUInt8() % byPaddingLen);

                        fileResponse.WriteUInt8(byPadding);
                        for (int i = 0; i < byPadding; i++)
                        {
                            fileResponse.WriteUInt8(MpdUtilities.GetRandomUInt8());
                        }
                        SendNegotiatingData(fileResponse.Buffer, (uint)fileResponse.Length);
                        negotiatingState_ = NegotiatingStateEnum.ONS_COMPLETE;
                        streamCryptState_ = StreamCryptStateEnum.ECS_ENCRYPTING;
                        //DEBUG_ONLY( MpdUtilities.DebugLog(("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (incoming)"), DbgGetIPString()) );
                        break;
                    }

                    case NegotiatingStateEnum.ONS_BASIC_CLIENTB_MAGICVALUE:
                    {
                        if (fiReceiveBuffer_.ReadUInt32() != MuleConstants.MAGICVALUE_SYNC)
                        {
                            MpdUtilities.DebugLogError(("CEncryptedStreamSocket: EncryptedstreamSyncError: Client sent wrong Magic Value as answer, cannot complete handshake (%s)"), DbgGetIPString());
                            OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
                            return(-1);
                        }
                        negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_CLIENTB_METHODTAGSPADLEN;
                        receiveBytesWanted_ = 2;
                        break;
                    }

                    case NegotiatingStateEnum.ONS_BASIC_CLIENTB_METHODTAGSPADLEN:
                    {
                        DbgByEncryptionMethodSet = fiReceiveBuffer_.ReadUInt8();
                        if (DbgByEncryptionMethodSet != Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION))
                        {
                            MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Client %s set unsupported encryption method (%i), handshake failed"),
                                                       DbgGetIPString(), DbgByEncryptionMethodSet);
                            OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
                            return(-1);
                        }
                        receiveBytesWanted_ = fiReceiveBuffer_.ReadUInt8();
                        negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_CLIENTB_PADDING;
                        if (receiveBytesWanted_ > 0)
                        {
                            break;
                        }
                        else
                        {
                            goto case NegotiatingStateEnum.ONS_BASIC_CLIENTB_PADDING;
                        }
                    }

                    case NegotiatingStateEnum.ONS_BASIC_CLIENTB_PADDING:
                        // ignore the random bytes, the handshake is complete
                        negotiatingState_ = NegotiatingStateEnum.ONS_COMPLETE;
                        streamCryptState_ = StreamCryptStateEnum.ECS_ENCRYPTING;
                        //DEBUG_ONLY( MpdUtilities.DebugLog(("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (outgoing)"), DbgGetIPString()) );
                        break;

                    case NegotiatingStateEnum.ONS_BASIC_SERVER_DHANSWER:
                    {
                        Debug.Assert(cryptDHA_ != new BigInteger(0));
                        byte[] aBuffer = new byte[MuleConstants.PRIMESIZE_BYTES + 1];
                        fiReceiveBuffer_.Read(aBuffer, 0, Convert.ToInt32(MuleConstants.PRIMESIZE_BYTES));
                        BigInteger cryptDHAnswer =
                            new BigInteger(aBuffer, (int)MuleConstants.PRIMESIZE_BYTES);
                        BigInteger cryptDHPrime =
                            new BigInteger(dh768_p_, (int)MuleConstants.PRIMESIZE_BYTES);          // our fixed prime
                        BigInteger cryptResult =
                            cryptDHAnswer.modPow(cryptDHA_, cryptDHPrime);

                        cryptDHA_ = 0;
                        Array.Clear(aBuffer, 0, aBuffer.Length);

                        // create the keys
                        Array.Copy(cryptResult.getBytes(), aBuffer, MuleConstants.PRIMESIZE_BYTES);
                        aBuffer[MuleConstants.PRIMESIZE_BYTES] = Convert.ToByte(MuleConstants.MAGICVALUE_REQUESTER);
                        MD5 md5 = MD5.Create();

                        rc4SendKey_ =
                            MuleUtilities.RC4CreateKey(md5.ComputeHash(aBuffer), 16);
                        aBuffer[MuleConstants.PRIMESIZE_BYTES] = Convert.ToByte(MuleConstants.MAGICVALUE_SERVER);
                        rc4ReceiveKey_ =
                            MuleUtilities.RC4CreateKey(md5.ComputeHash(aBuffer), 16);

                        negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_SERVER_MAGICVALUE;
                        receiveBytesWanted_ = 4;
                        break;
                    }

                    case NegotiatingStateEnum.ONS_BASIC_SERVER_MAGICVALUE:
                    {
                        uint dwValue = fiReceiveBuffer_.ReadUInt32();
                        if (dwValue == MuleConstants.MAGICVALUE_SYNC)
                        {
                            // yup, the one or the other way it worked, this is an encrypted stream
                            MpdUtilities.DebugLog(("Received proper magic value after DH-Agreement from Serverconnection IP: %s"), DbgGetIPString());
                            // set the receiver key
                            negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_SERVER_METHODTAGSPADLEN;
                            receiveBytesWanted_ = 3;
                        }
                        else
                        {
                            MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Received wrong magic value after DH-Agreement from Serverconnection"), DbgGetIPString());
                            OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
                            return(-1);
                        }
                        break;
                    }

                    case NegotiatingStateEnum.ONS_BASIC_SERVER_METHODTAGSPADLEN:
                        DbgByEncryptionSupported = fiReceiveBuffer_.ReadUInt8();
                        DbgByEncryptionRequested = fiReceiveBuffer_.ReadUInt8();
                        if (DbgByEncryptionRequested != Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION))
                        {
                            MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_LOW, false, ("CEncryptedStreamSocket: Server %s preffered unsupported encryption method (%i)"), DbgGetIPString(), DbgByEncryptionRequested);
                        }
                        receiveBytesWanted_ = fiReceiveBuffer_.ReadUInt8();
                        negotiatingState_   = NegotiatingStateEnum.ONS_BASIC_SERVER_PADDING;
                        if (receiveBytesWanted_ > 16)
                        {
                            MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_LOW, false, ("CEncryptedStreamSocket: Server %s sent more than 16 (%i) padding bytes"), DbgGetIPString(), receiveBytesWanted_);
                        }
                        if (receiveBytesWanted_ > 0)
                        {
                            break;
                        }
                        else
                        {
                            goto case NegotiatingStateEnum.ONS_BASIC_SERVER_PADDING;
                        }

                    case NegotiatingStateEnum.ONS_BASIC_SERVER_PADDING:
                    {
                        // ignore the random bytes (they are decrypted already), send the response, set status complete
                        SafeMemFile fileResponse = MpdObjectManager.CreateSafeMemFile(26);
                        fileResponse.WriteUInt32(MuleConstants.MAGICVALUE_SYNC);
                        byte bySelectedEncryptionMethod =
                            Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION);         // we do not support any further encryption in this version, so no need to look which the other client preferred
                        fileResponse.WriteUInt8(bySelectedEncryptionMethod);
                        byte byPadding = (byte)(MpdUtilities.GetRandomUInt8() % 16);
                        fileResponse.WriteUInt8(byPadding);
                        for (int i = 0; i < byPadding; i++)
                        {
                            fileResponse.WriteUInt8(MpdUtilities.GetRandomUInt8());
                        }

                        negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_SERVER_DELAYEDSENDING;
                        SendNegotiatingData(fileResponse.Buffer, (uint)fileResponse.Length, 0, true);         // don't actually send it right now, store it in our sendbuffer
                        streamCryptState_ = StreamCryptStateEnum.ECS_ENCRYPTING;
                        MpdUtilities.DebugLog(("CEncryptedStreamSocket: Finished DH Obufscation handshake with Server %s"), DbgGetIPString());
                        break;
                    }

                    default:
                        Debug.Assert(false);
                        break;
                    }
                    fiReceiveBuffer_.SeekToBegin();
                }

                fiReceiveBuffer_ = null;
                return(nRead);
            }
            catch (Exception)
            {
                Debug.Assert(false);
                OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
                fiReceiveBuffer_ = null;
                return(-1);
            }
        }
Ejemplo n.º 8
0
        public override int Receive(byte[] lpBuf, int offset, int nBufLen, SocketFlags nFlags)
        {
            obfuscationBytesReceived_ = base.Receive(lpBuf, offset, nBufLen, nFlags);

            fullReceive_ = obfuscationBytesReceived_ == (uint)nBufLen;

            if (obfuscationBytesReceived_ == SOCKET_ERROR || obfuscationBytesReceived_ <= 0)
            {
                return(obfuscationBytesReceived_);
            }
            switch (streamCryptState_)
            {
            case StreamCryptStateEnum.ECS_NONE:     // disabled, just pass it through
                return(obfuscationBytesReceived_);

            case StreamCryptStateEnum.ECS_PENDING:
            case StreamCryptStateEnum.ECS_PENDING_SERVER:
                Debug.Assert(false);
                MpdUtilities.DebugLogError(("CEncryptedStreamSocket Received data before sending on outgoing connection"));
                streamCryptState_ = StreamCryptStateEnum.ECS_NONE;
                return(obfuscationBytesReceived_);

            case StreamCryptStateEnum.ECS_UNKNOWN:
            {
                int  nRead         = 1;
                bool bNormalHeader = false;
                switch (lpBuf[offset])
                {
                case MuleConstants.PROTOCOL_EDONKEYPROT:
                case MuleConstants.PROTOCOL_PACKEDPROT:
                case MuleConstants.PROTOCOL_EMULEPROT:
                    bNormalHeader = true;
                    break;
                }
                if (!bNormalHeader)
                {
                    StartNegotiation(false);
                    int nNegRes = Negotiate(lpBuf, offset + nRead, obfuscationBytesReceived_ - nRead);
                    if (nNegRes == (-1))
                    {
                        return(0);
                    }
                    nRead += nNegRes;
                    if (nRead != obfuscationBytesReceived_)
                    {
                        // this means we have more data then the current negotiation step required (or there is a bug) and this should never happen
                        // (note: even if it just finished the handshake here, there still can be no data left, since the other client didnt received our response yet)
                        MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Client %s sent more data then expected while negotiating, disconnecting (1)"), DbgGetIPString());
                        OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
                    }
                    return(0);
                }
                else
                {
                    // doesn't seems to be encrypted
                    streamCryptState_ = StreamCryptStateEnum.ECS_NONE;

                    // if we require an encrypted connection, cut the connection here. This shouldn't happen that often
                    // at least with other up-to-date eMule clients because they check for incompability before connecting if possible
                    if (MuleApplication.Instance.Preference.IsClientCryptLayerRequired)
                    {
                        // TODO: Remove me when i have been solved
                        // Even if the Require option is enabled, we currently have to accept unencrypted connection which are made
                        // for lowid/firewall checks from servers and other from us selected client. Otherwise, this option would
                        // always result in a lowid/firewalled status. This is of course not nice, but we can't avoid this walkarround
                        // untill servers and kad completely support encryption too, which will at least for kad take a bit
                        // only exception is the .ini option ClientCryptLayerRequiredStrict which will even ignore test connections
                        // Update: New server now support encrypted callbacks

                        IPEndPoint remote  = RemoteEndPoint as IPEndPoint;
                        uint       address = BitConverter.ToUInt32(remote.Address.GetAddressBytes(), 0);

                        if (MuleApplication.Instance.Preference.IsClientCryptLayerRequiredStrict ||
                            (!MuleApplication.Instance.ServerConnect.AwaitingTestFromIP(address) &&
                             !MuleApplication.Instance.ClientList.IsKadFirewallCheckIP(address)))
                        {
                            MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_DEFAULT, false, ("Rejected incoming connection because Obfuscation was required but not used %s"), DbgGetIPString());
                            OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION_NOTALLOWED));
                            return(0);
                        }
                        else
                        {
                            MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_DEFAULT, false, ("Incoming unencrypted firewallcheck connection permitted despite RequireEncryption setting  - %s"), DbgGetIPString());
                        }
                    }

                    return(obfuscationBytesReceived_);        // buffer was unchanged, we can just pass it through
                }
            }

            case StreamCryptStateEnum.ECS_ENCRYPTING:
                // basic obfuscation enabled and set, so decrypt and pass along
                MuleUtilities.RC4Crypt(lpBuf, offset, lpBuf, offset, Convert.ToUInt32(obfuscationBytesReceived_), rc4ReceiveKey_);
                return(obfuscationBytesReceived_);

            case StreamCryptStateEnum.ECS_NEGOTIATING:
            {
                int nRead = Negotiate(lpBuf, offset, obfuscationBytesReceived_);
                if (nRead == (-1))
                {
                    return(0);
                }
                else if (nRead != obfuscationBytesReceived_ &&
                         streamCryptState_ != StreamCryptStateEnum.ECS_ENCRYPTING)
                {
                    // this means we have more data then the current negotiation step required (or there is a bug) and this should never happen
                    MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Client %s sent more data then expected while negotiating, disconnecting (2)"), DbgGetIPString());
                    OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
                    return(0);
                }
                else if (nRead != (uint)obfuscationBytesReceived_ && streamCryptState_ == StreamCryptStateEnum.ECS_ENCRYPTING)
                {
                    // we finished the handshake and if we this was an outgoing connection it is allowed (but strange and unlikely) that the client sent payload
                    MpdUtilities.DebugLogWarning(("CEncryptedStreamSocket: Client %s has finished the handshake but also sent payload on a outgoing connection"), DbgGetIPString());
                    Array.Copy(lpBuf, offset + nRead, lpBuf, offset + 0, obfuscationBytesReceived_ - nRead);
                    return(obfuscationBytesReceived_ - nRead);
                }
                else
                {
                    return(0);
                }
            }

            default:
                Debug.Assert(false);
                return(obfuscationBytesReceived_);
            }
        }