protected void CryptPrepareSendData(byte[] pBuffer, uint nLen)
{
if (!IsEncryptionLayerReady)
{
Debug.Assert(false); // must be a bug
return;
}
if (streamCryptState_ == StreamCryptStateEnum.ECS_UNKNOWN)
{
//this happens when the encryption option was not set on a outgoing connection
//or if we try to send before receiving on a incoming connection - both shouldn't happen
streamCryptState_ = StreamCryptStateEnum.ECS_NONE;
MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Overwriting State ECS_UNKNOWN with ECS_NONE because of premature Send() (%s)"), DbgGetIPString());
}
if (streamCryptState_ == StreamCryptStateEnum.ECS_ENCRYPTING)
{
MuleUtilities.RC4Crypt(pBuffer, pBuffer, nLen, rc4SendKey_);
}
}
public virtual int EncryptSendServer(ref byte[] ppbyBuf, int nBufLen, uint dwBaseKey)
{
Debug.Assert(MuleApplication.Instance.Preference.IsServerCryptLayerUDPEnabled);
Debug.Assert(dwBaseKey != 0);
byte byPadLen = 0; // padding disabled for UDP currently
int nCryptedLen = nBufLen + byPadLen + CRYPT_HEADER_WITHOUTPADDING;
byte[] pachCryptedBuffer = new byte[nCryptedLen];
ushort nRandomKeyPart = MpdUtilities.GetRandomUInt16();
byte[] achKeyData = new byte[7];
Array.Copy(BitConverter.GetBytes(dwBaseKey), achKeyData, 4);
achKeyData[4] = MAGICVALUE_UDP_CLIENTSERVER;
Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, achKeyData, 5, 2);
MD5 md5 = MD5.Create();
byte[] rawHash = md5.ComputeHash(achKeyData);
RC4Key keySendKey = null;
MuleUtilities.RC4CreateKey(rawHash, 16, ref keySendKey, true);
// create the semi random byte encryption header
byte bySemiRandomNotProtocolMarker = 0;
int i;
for (i = 0; i < 128; i++)
{
bySemiRandomNotProtocolMarker = MpdUtilities.GetRandomUInt8();
if (bySemiRandomNotProtocolMarker != MuleConstants.PROTOCOL_EDONKEYPROT) // not allowed values
{
break;
}
}
if (i >= 128)
{
// either we have _real_ bad luck or the randomgenerator is a bit messed up
Debug.Assert(false);
bySemiRandomNotProtocolMarker = 0x01;
}
uint dwMagicValue = MAGICVALUE_UDP_SYNC_SERVER;
pachCryptedBuffer[0] = bySemiRandomNotProtocolMarker;
Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, pachCryptedBuffer, 1, 2);
MuleUtilities.RC4Crypt(BitConverter.GetBytes(dwMagicValue), 0,
pachCryptedBuffer, 3, 4, keySendKey);
MuleUtilities.RC4Crypt(new byte[] { byPadLen }, 0, pachCryptedBuffer, 7, 1, keySendKey);
Random rand = new Random();
for (int j = 0; j < byPadLen; j++)
{
byte byRand = (byte)rand.Next(255); // they actually dont really need to be random, but it doesn't hurts either
MuleUtilities.RC4Crypt(new byte[] { byRand }, 0,
pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + j, 1, keySendKey);
}
MuleUtilities.RC4Crypt(ppbyBuf, 0,
pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + byPadLen, (uint)nBufLen, keySendKey);
ppbyBuf = pachCryptedBuffer;
MuleApplication.Instance.Statistics.AddUpDataOverheadCrypt((uint)(nCryptedLen - nBufLen));
return(nCryptedLen);
}
public virtual int DecryptReceivedServer(byte[] pbyBufIn, int nBufLen, out byte[] ppbyBufOut, uint dwBaseKey, uint dbgIP)
{
int nResult = nBufLen;
ppbyBufOut = pbyBufIn;
if (nResult <= CRYPT_HEADER_WITHOUTPADDING ||
!MuleApplication.Instance.Preference.IsServerCryptLayerUDPEnabled ||
dwBaseKey == 0)
{
return(nResult);
}
if (pbyBufIn[0] == MuleConstants.PROTOCOL_EDONKEYPROT)
{
return(nResult); // no encrypted packet (see description on top)
}
// might be an encrypted packet, try to decrypt
byte[] achKeyData = new byte[7];
Array.Copy(BitConverter.GetBytes(dwBaseKey), achKeyData, 4);
achKeyData[4] = MAGICVALUE_UDP_SERVERCLIENT;
Array.Copy(pbyBufIn, 1, achKeyData, 5, 2); // random key part sent from remote server
MD5 md5 = MD5.Create();
byte[] rawHash = md5.ComputeHash(achKeyData);
RC4Key keyReceiveKey = null;
MuleUtilities.RC4CreateKey(rawHash, 16, ref keyReceiveKey, true);
byte[] dwValueBuf = new byte[4];
MuleUtilities.RC4Crypt(pbyBufIn, 3, dwValueBuf, 0, 4, keyReceiveKey);
uint dwValue = BitConverter.ToUInt32(dwValueBuf, 0);
if (dwValue == MAGICVALUE_UDP_SYNC_SERVER)
{
// yup this is an encrypted packet
byte[] byPadLenBuf = new byte[1];
MuleUtilities.RC4Crypt(pbyBufIn, 7, byPadLenBuf, 0, 1, keyReceiveKey);
byte byPadLen = byPadLenBuf[0];
byPadLen &= 15;
nResult -= CRYPT_HEADER_WITHOUTPADDING;
if (nResult <= byPadLen)
{
return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
}
if (byPadLen > 0)
{
MuleUtilities.RC4Crypt(null, null, byPadLen, keyReceiveKey);
}
nResult -= byPadLen;
ppbyBufOut = new byte[nResult];
Array.Copy(pbyBufIn, (nBufLen - nResult), ppbyBufOut, 0, nResult);
MuleUtilities.RC4Crypt(ppbyBufOut, ppbyBufOut, (uint)nResult, keyReceiveKey);
MuleApplication.Instance.Statistics.AddDownDataOverheadCrypt((uint)(nBufLen - nResult));
return(nResult); // done
}
else
{
return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
}
}
public virtual int DecryptReceivedClient(byte[] pbyBufIn, int nBufLen,
out byte[] ppbyBufOut, uint dwIP, out uint nReceiverVerifyKey, out uint nSenderVerifyKey)
{
int nResult = nBufLen;
ppbyBufOut = pbyBufIn;
nReceiverVerifyKey = 0;
nSenderVerifyKey = 0;
if (nResult <= CRYPT_HEADER_WITHOUTPADDING /*|| !MuleApplication.Instance.Preference.IsClientCryptLayerSupported()*/)
{
return(nResult);
}
switch (pbyBufIn[0])
{
case MuleConstants.PROTOCOL_EMULEPROT:
case MuleConstants.PROTOCOL_KADEMLIAPACKEDPROT:
case MuleConstants.PROTOCOL_KADEMLIAHEADER:
case MuleConstants.PROTOCOL_UDPRESERVEDPROT1:
case MuleConstants.PROTOCOL_UDPRESERVEDPROT2:
case MuleConstants.PROTOCOL_PACKEDPROT:
return(nResult); // no encrypted packet (see description on top)
}
// might be an encrypted packet, try to decrypt
RC4Key keyReceiveKey = null;
uint dwValue = 0;
// check the marker bit which type this packet could be and which key to test first, this is only an indicator since old clients have it set random
// see the header for marker bits explanation
byte byCurrentTry = (byte)(((pbyBufIn[0] & 0x03) == 3) ? 1 : (pbyBufIn[0] & 0x03));
byte byTries;
if (MuleApplication.Instance.KadEngine.Preference == null)
{
// if kad never run, no point in checking anything except for ed2k encryption
byTries = 1;
byCurrentTry = 1;
}
else
{
byTries = 3;
}
bool bKadRecvKeyUsed = false;
bool bKad = false;
do
{
byTries--;
MD5 md5 = MD5.Create();
byte[] rawHash = null;
if (byCurrentTry == 0)
{
// kad packet with NodeID as key
bKad = true;
bKadRecvKeyUsed = false;
if (MuleApplication.Instance.KadEngine.Preference != null)
{
byte[] achKeyData = new byte[18];
Array.Copy(MuleApplication.Instance.KadEngine.Preference.KadID.Bytes, 0, achKeyData, 0, 16);
Array.Copy(pbyBufIn, 1, achKeyData, 16, 2); // random key part sent from remote client
rawHash = md5.ComputeHash(achKeyData);
}
}
else if (byCurrentTry == 1)
{
// ed2k packet
bKad = false;
bKadRecvKeyUsed = false;
byte[] achKeyData = new byte[23];
MpdUtilities.Md4Cpy(achKeyData, MuleApplication.Instance.Preference.UserHash);
achKeyData[20] = MAGICVALUE_UDP;
Array.Copy(BitConverter.GetBytes(dwIP), 0, achKeyData, 16, 4);
Array.Copy(pbyBufIn, 1, achKeyData, 21, 2); // random key part sent from remote client
rawHash = md5.ComputeHash(achKeyData);
}
else if (byCurrentTry == 2)
{
// kad packet with ReceiverKey as key
bKad = true;
bKadRecvKeyUsed = true;
if (MuleApplication.Instance.KadEngine.Preference != null)
{
byte[] achKeyData = new byte[6];
Array.Copy(BitConverter.GetBytes(MuleApplication.Instance.KadEngine.Preference.GetUDPVerifyKey(dwIP)),
achKeyData, 4);
Array.Copy(pbyBufIn, 1, achKeyData, 4, 2); // random key part sent from remote client
rawHash = md5.ComputeHash(achKeyData);
}
}
else
{
Debug.Assert(false);
}
MuleUtilities.RC4CreateKey(rawHash, 16, ref keyReceiveKey, true);
byte[] outBuf = new byte[4];
MuleUtilities.RC4Crypt(pbyBufIn, 3, outBuf, 0, 4, keyReceiveKey);
dwIP = BitConverter.ToUInt32(outBuf, 0);
byCurrentTry = (byte)((byCurrentTry + 1) % 3);
} while (dwValue != MAGICVALUE_UDP_SYNC_CLIENT && byTries > 0); // try to decrypt as ed2k as well as kad packet if needed (max 3 rounds)
if (dwValue == MAGICVALUE_UDP_SYNC_CLIENT)
{
// yup this is an encrypted packet
// debugoutput notices
// the following cases are "allowed" but shouldn't happen given that there is only our implementation yet
if (bKad && (pbyBufIn[0] & 0x01) != 0)
{
MpdUtilities.DebugLog(
string.Format("Received obfuscated UDP packet from clientIP: {0} with wrong key marker bits (kad packet, ed2k bit)", MpdUtilities.IP2String(dwIP)));
}
else if (bKad && !bKadRecvKeyUsed && (pbyBufIn[0] & 0x02) != 0)
{
MpdUtilities.DebugLog(
string.Format("Received obfuscated UDP packet from clientIP: {0} with wrong key marker bits (kad packet, nodeid key, recvkey bit)", MpdUtilities.IP2String(dwIP)));
}
else if (bKad && bKadRecvKeyUsed && (pbyBufIn[0] & 0x02) == 0)
{
MpdUtilities.DebugLog(
string.Format("Received obfuscated UDP packet from clientIP: {0} with wrong key marker bits (kad packet, recvkey key, nodeid bit)", MpdUtilities.IP2String(dwIP)));
}
byte byPadLen;
byte[] outBuf = new byte[1];
MuleUtilities.RC4Crypt(pbyBufIn, 7, outBuf, 0, 1, keyReceiveKey);
byPadLen = outBuf[0];
nResult -= CRYPT_HEADER_WITHOUTPADDING;
if (nResult <= byPadLen)
{
MpdUtilities.DebugLogError(
string.Format("Invalid obfuscated UDP packet from clientIP: {0}, Paddingsize ({1}) larger than received bytes",
MpdUtilities.IP2String(dwIP), byPadLen));
return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
}
if (byPadLen > 0)
{
MuleUtilities.RC4Crypt(null, null, byPadLen, keyReceiveKey);
}
nResult -= byPadLen;
if (bKad)
{
if (nResult <= 8)
{
MpdUtilities.DebugLogError(
string.Format("Obfuscated Kad packet with mismatching size (verify keys missing) received from clientIP: {0}",
MpdUtilities.IP2String(dwIP)));
return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk;
}
// read the verify keys
outBuf = new byte[4];
MuleUtilities.RC4Crypt(pbyBufIn, (int)(CRYPT_HEADER_WITHOUTPADDING + byPadLen),
outBuf, 0, 4, keyReceiveKey);
nReceiverVerifyKey = BitConverter.ToUInt32(outBuf, 0);
MuleUtilities.RC4Crypt(pbyBufIn, (int)(CRYPT_HEADER_WITHOUTPADDING + byPadLen + 4),
outBuf, 0, 4, keyReceiveKey);
nSenderVerifyKey = BitConverter.ToUInt32(outBuf, 0);
nResult -= 8;
}
ppbyBufOut = new byte[nResult];
Array.Copy(pbyBufIn, (nBufLen - nResult), ppbyBufOut, 0, nResult);
MuleUtilities.RC4Crypt(ppbyBufOut, ppbyBufOut, (uint)nResult, keyReceiveKey);
MuleApplication.Instance.Statistics.AddDownDataOverheadCrypt((uint)(nBufLen - nResult));
//DEBUG_ONLY( MpdUtilities.DebugLog(("Received obfuscated UDP packet from clientIP: %s, Key: %s, RKey: %u, SKey: %u"), MpdUtilities.IP2String(dwIP), bKad ? (bKadRecvKeyUsed ? ("ReceiverKey") : ("NodeID")) : ("UserHash")
// , nReceiverVerifyKey != 0 ? *nReceiverVerifyKey : 0, nSenderVerifyKey != 0 ? *nSenderVerifyKey : 0) );
return(nResult); // done
}
else
{
MpdUtilities.DebugLogWarning(
string.Format("Obfuscated packet expected but magicvalue mismatch on UDP packet from clientIP: {0}, Possible RecvKey: {1}",
MpdUtilities.IP2String(dwIP), MuleApplication.Instance.KadEngine.Preference.GetUDPVerifyKey(dwIP)));
return(nBufLen); // pass through, let the Receivefunction do the errorhandling on this junk
}
}
public virtual int EncryptSendClient(ref byte[] ppbyBuf, int nBufLen, byte[] pachClientHashOrKadID, bool bKad, uint nReceiverVerifyKey, uint nSenderVerifyKey)
{
Debug.Assert(MuleApplication.Instance.PublicIP != 0 || bKad);
Debug.Assert(MuleApplication.Instance.Preference.IsClientCryptLayerSupported);
Debug.Assert(pachClientHashOrKadID != null || nReceiverVerifyKey != 0);
Debug.Assert((nReceiverVerifyKey == 0 && nSenderVerifyKey == 0) || bKad);
byte byPadLen = 0; // padding disabled for UDP currently
int nCryptHeaderLen = byPadLen + CRYPT_HEADER_WITHOUTPADDING + (bKad ? 8 : 0);
int nCryptedLen = nBufLen + nCryptHeaderLen;
byte[] pachCryptedBuffer = new byte[nCryptedLen];
bool bKadRecKeyUsed = false;
ushort nRandomKeyPart = MpdUtilities.GetRandomUInt16();
MD5 md5 = MD5.Create();
byte[] rawHash = null;
if (bKad)
{
if ((pachClientHashOrKadID == null ||
MpdUtilities.IsNullMd4(pachClientHashOrKadID)) &&
nReceiverVerifyKey != 0)
{
bKadRecKeyUsed = true;
byte[] achKeyData = new byte[6];
Array.Copy(BitConverter.GetBytes(nReceiverVerifyKey), achKeyData, 4);
Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0,
achKeyData, 4, 2);
rawHash = md5.ComputeHash(achKeyData);
//DEBUG_ONLY( DebugLog(_T("Creating obfuscated Kad packet encrypted by ReceiverKey (%u)"), nReceiverVerifyKey) );
}
else if (pachClientHashOrKadID != null && !MpdUtilities.IsNullMd4(pachClientHashOrKadID))
{
byte[] achKeyData = new byte[18];
MpdUtilities.Md4Cpy(achKeyData, pachClientHashOrKadID);
Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0,
achKeyData, 16, 2);
rawHash = md5.ComputeHash(achKeyData);
//DEBUG_ONLY( DebugLog(_T("Creating obfuscated Kad packet encrypted by Hash/NodeID %s"), md4str(pachClientHashOrKadID)) );
}
else
{
ppbyBuf = null;
Debug.Assert(false);
return(nBufLen);
}
}
else
{
byte[] achKeyData = new byte[23];
MpdUtilities.Md4Cpy(achKeyData, pachClientHashOrKadID);
uint dwIP = (uint)MuleApplication.Instance.PublicIP;
Array.Copy(BitConverter.GetBytes(dwIP), 0, achKeyData, 16, 4);
Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, achKeyData, 21, 2);
achKeyData[20] = MAGICVALUE_UDP;
rawHash = md5.ComputeHash(achKeyData);
}
RC4Key keySendKey = null;
MuleUtilities.RC4CreateKey(rawHash, 16, ref keySendKey, true);
// create the semi random byte encryption header
byte bySemiRandomNotProtocolMarker = 0;
int i;
for (i = 0; i < 128; i++)
{
bySemiRandomNotProtocolMarker = MpdUtilities.GetRandomUInt8();
bySemiRandomNotProtocolMarker =
(byte)(bKad ? (bySemiRandomNotProtocolMarker & 0xFE) :
(bySemiRandomNotProtocolMarker | 0x01)); // set the ed2k/kad marker bit
if (bKad)
{
bySemiRandomNotProtocolMarker =
(byte)(bKadRecKeyUsed ? ((bySemiRandomNotProtocolMarker & 0xFE) | 0x02) :
(bySemiRandomNotProtocolMarker & 0xFC)); // set the ed2k/kad and nodeid/reckey markerbit
}
else
{
bySemiRandomNotProtocolMarker = (byte)(bySemiRandomNotProtocolMarker | 0x01); // set the ed2k/kad marker bit
}
bool bOk = false;
switch (bySemiRandomNotProtocolMarker)
{ // not allowed values
case MuleConstants.PROTOCOL_EMULEPROT:
case MuleConstants.PROTOCOL_KADEMLIAPACKEDPROT:
case MuleConstants.PROTOCOL_KADEMLIAHEADER:
case MuleConstants.PROTOCOL_UDPRESERVEDPROT1:
case MuleConstants.PROTOCOL_UDPRESERVEDPROT2:
case MuleConstants.PROTOCOL_PACKEDPROT:
break;
default:
bOk = true;
break;
}
if (bOk)
{
break;
}
}
if (i >= 128)
{
// either we have _really_ bad luck or the randomgenerator is a bit messed up
Debug.Assert(false);
bySemiRandomNotProtocolMarker = 0x01;
}
uint dwMagicValue = MAGICVALUE_UDP_SYNC_CLIENT;
pachCryptedBuffer[0] = bySemiRandomNotProtocolMarker;
Array.Copy(BitConverter.GetBytes(nRandomKeyPart), 0, pachCryptedBuffer, 1, 2);
MuleUtilities.RC4Crypt(BitConverter.GetBytes(dwMagicValue), 0, pachCryptedBuffer, 3, 4, keySendKey);
MuleUtilities.RC4Crypt(BitConverter.GetBytes(byPadLen), 0, pachCryptedBuffer, 7, 1, keySendKey);
Random rand = new Random();
for (int j = 0; j < byPadLen; j++)
{
byte byRand = (byte)rand.Next(255); // they actually dont really need to be random, but it doesn't hurts either
MuleUtilities.RC4Crypt(BitConverter.GetBytes(byRand), 0,
pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + j, 1, keySendKey);
}
if (bKad)
{
MuleUtilities.RC4Crypt(BitConverter.GetBytes(nReceiverVerifyKey), 0,
pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + byPadLen, 4, keySendKey);
MuleUtilities.RC4Crypt(BitConverter.GetBytes(nSenderVerifyKey), 0,
pachCryptedBuffer, CRYPT_HEADER_WITHOUTPADDING + byPadLen + 4, 4, keySendKey);
}
MuleUtilities.RC4Crypt(ppbyBuf, 0,
pachCryptedBuffer, nCryptHeaderLen, (uint)nBufLen, keySendKey);
ppbyBuf = pachCryptedBuffer;
MuleApplication.Instance.Statistics.AddUpDataOverheadCrypt((uint)(nCryptedLen - nBufLen));
return(nCryptedLen);
}
private int SendNegotiatingData(byte[] lpBuf, uint nBufLen, uint nStartCryptFromByte, bool bDelaySend)
{
Debug.Assert(streamCryptState_ == StreamCryptStateEnum.ECS_NEGOTIATING ||
streamCryptState_ == StreamCryptStateEnum.ECS_ENCRYPTING);
Debug.Assert(nStartCryptFromByte <= nBufLen);
Debug.Assert(negotiatingState_ == NegotiatingStateEnum.ONS_BASIC_SERVER_DELAYEDSENDING ||
!bDelaySend);
byte[] pBuffer = null;
bool bProcess = false;
if (lpBuf != null)
{
pBuffer = new byte[nBufLen];
if (nStartCryptFromByte > 0)
{
Array.Copy(lpBuf, pBuffer, nStartCryptFromByte);
}
if (nBufLen - nStartCryptFromByte > 0)
{
MuleUtilities.RC4Crypt(lpBuf, Convert.ToInt32(nStartCryptFromByte),
pBuffer, Convert.ToInt32(nStartCryptFromByte),
nBufLen - nStartCryptFromByte,
rc4SendKey_);
}
if (fiSendBuffer_ != null)
{
// we already have data pending. Attach it and try to send
if (negotiatingState_ == NegotiatingStateEnum.ONS_BASIC_SERVER_DELAYEDSENDING)
{
negotiatingState_ = NegotiatingStateEnum.ONS_COMPLETE;
}
else
{
Debug.Assert(false);
}
fiSendBuffer_.Seek(0, System.IO.SeekOrigin.End);
fiSendBuffer_.Write(pBuffer, 0, Convert.ToInt32(nBufLen));
pBuffer = null;
nStartCryptFromByte = 0;
bProcess = true; // we want to try to send it right now
}
}
if (lpBuf == null || bProcess)
{
// this call is for processing pending data
if (fiSendBuffer_ == null || nStartCryptFromByte != 0)
{
Debug.Assert(false);
return(0); // or not
}
nBufLen = Convert.ToUInt32(fiSendBuffer_.Length);
pBuffer = fiSendBuffer_.Buffer;
fiSendBuffer_ = null;
}
Debug.Assert(fiSendBuffer_ == null);
int result = 0;
if (!bDelaySend)
{
result = base.Send(pBuffer, Convert.ToInt32(nBufLen));
}
if (result == SOCKET_ERROR || bDelaySend)
{
fiSendBuffer_ = MpdObjectManager.CreateSafeMemFile(128);
fiSendBuffer_.Write(pBuffer, 0, Convert.ToInt32(nBufLen));
return(result);
}
else
{
if (result < nBufLen)
{
fiSendBuffer_ = MpdObjectManager.CreateSafeMemFile(128);
fiSendBuffer_.Write(pBuffer, Convert.ToInt32(result), Convert.ToInt32(nBufLen - result));
}
return(result);
}
}
private int Negotiate(byte[] pBuffer, int offset, int nLen)
{
int nRead = 0;
Debug.Assert(receiveBytesWanted_ > 0);
try
{
while (negotiatingState_ != NegotiatingStateEnum.ONS_COMPLETE && receiveBytesWanted_ > 0)
{
if (receiveBytesWanted_ > 512)
{
Debug.Assert(false);
return(0);
}
if (fiReceiveBuffer_ == null)
{
byte[] pReceiveBuffer = new byte[512]; // use a fixed size buffer
fiReceiveBuffer_ = MpdObjectManager.CreateSafeMemFile(pReceiveBuffer);
}
int nToRead = Math.Min(Convert.ToInt32(nLen) - nRead, Convert.ToInt32(receiveBytesWanted_));
fiReceiveBuffer_.Write(pBuffer, nRead, nToRead);
nRead += nToRead;
receiveBytesWanted_ -= Convert.ToUInt32(nToRead);
if (receiveBytesWanted_ > 0)
{
return(nRead);
}
uint nCurrentBytesLen = (uint)fiReceiveBuffer_.Position;
if (negotiatingState_ != NegotiatingStateEnum.ONS_BASIC_CLIENTA_RANDOMPART &&
negotiatingState_ != NegotiatingStateEnum.ONS_BASIC_SERVER_DHANSWER)
{ // don't have the keys yet
byte[] pCryptBuffer = fiReceiveBuffer_.Buffer;
MuleUtilities.RC4Crypt(pCryptBuffer, pCryptBuffer, nCurrentBytesLen, rc4ReceiveKey_);
}
fiReceiveBuffer_.SeekToBegin();
switch (negotiatingState_)
{
case NegotiatingStateEnum.ONS_NONE: // would be a bug
Debug.Assert(false);
return(0);
case NegotiatingStateEnum.ONS_BASIC_CLIENTA_RANDOMPART:
{
Debug.Assert(rc4ReceiveKey_ == null);
byte[] achKeyData = new byte[21];
MpdUtilities.Md4Cpy(achKeyData, MuleApplication.Instance.Preference.UserHash);
achKeyData[16] = Convert.ToByte(MuleConstants.MAGICVALUE_REQUESTER);
fiReceiveBuffer_.Read(achKeyData, 17, 4); // random key part sent from remote client
MD5 md5 = MD5.Create();
rc4ReceiveKey_ =
MuleUtilities.RC4CreateKey(md5.ComputeHash(achKeyData), 16);
achKeyData[16] = Convert.ToByte(MuleConstants.MAGICVALUE_SERVER);
rc4SendKey_ =
MuleUtilities.RC4CreateKey(md5.ComputeHash(achKeyData), 16);
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_CLIENTA_MAGICVALUE;
receiveBytesWanted_ = 4;
break;
}
case NegotiatingStateEnum.ONS_BASIC_CLIENTA_MAGICVALUE:
{
uint dwValue = fiReceiveBuffer_.ReadUInt32();
if (dwValue == MuleConstants.MAGICVALUE_SYNC)
{
// yup, the one or the other way it worked, this is an encrypted stream
//DEBUG_ONLY( MpdUtilities.DebugLog(("Received proper magic value, clientIP: %s"), DbgGetIPString()) );
// set the receiver key
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_CLIENTA_METHODTAGSPADLEN;
receiveBytesWanted_ = 3;
}
else
{
MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Received wrong magic value from clientIP %s on a supposly encrytped stream / Wrong Header"), DbgGetIPString());
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
return(-1);
}
break;
}
case NegotiatingStateEnum.ONS_BASIC_CLIENTA_METHODTAGSPADLEN:
DbgByEncryptionSupported = fiReceiveBuffer_.ReadUInt8();
DbgByEncryptionRequested = fiReceiveBuffer_.ReadUInt8();
if (DbgByEncryptionRequested != Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION))
{
MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_LOW, false, ("CEncryptedStreamSocket: Client %s preffered unsupported encryption method (%i)"), DbgGetIPString(), DbgByEncryptionRequested);
}
receiveBytesWanted_ = fiReceiveBuffer_.ReadUInt8();
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_CLIENTA_PADDING;
if (receiveBytesWanted_ > 0)
{
break;
}
else
{
goto case NegotiatingStateEnum.ONS_BASIC_CLIENTA_PADDING;
}
case NegotiatingStateEnum.ONS_BASIC_CLIENTA_PADDING:
{
// ignore the random bytes, send the response, set status complete
SafeMemFile fileResponse = MpdObjectManager.CreateSafeMemFile(26);
fileResponse.WriteUInt32(MuleConstants.MAGICVALUE_SYNC);
byte bySelectedEncryptionMethod = Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION); // we do not support any further encryption in this version, so no need to look which the other client preferred
fileResponse.WriteUInt8(bySelectedEncryptionMethod);
IPEndPoint remoteEp = RemoteEndPoint as IPEndPoint;
byte byPaddingLen =
MuleApplication.Instance.ServerConnect.AwaitingTestFromIP(BitConverter.ToUInt32(remoteEp.Address.GetAddressBytes(), 0))
? Convert.ToByte(16) :
Convert.ToByte(MuleApplication.Instance.Preference.CryptTCPPaddingLength + 1);
byte byPadding = Convert.ToByte(MpdUtilities.GetRandomUInt8() % byPaddingLen);
fileResponse.WriteUInt8(byPadding);
for (int i = 0; i < byPadding; i++)
{
fileResponse.WriteUInt8(MpdUtilities.GetRandomUInt8());
}
SendNegotiatingData(fileResponse.Buffer, (uint)fileResponse.Length);
negotiatingState_ = NegotiatingStateEnum.ONS_COMPLETE;
streamCryptState_ = StreamCryptStateEnum.ECS_ENCRYPTING;
//DEBUG_ONLY( MpdUtilities.DebugLog(("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (incoming)"), DbgGetIPString()) );
break;
}
case NegotiatingStateEnum.ONS_BASIC_CLIENTB_MAGICVALUE:
{
if (fiReceiveBuffer_.ReadUInt32() != MuleConstants.MAGICVALUE_SYNC)
{
MpdUtilities.DebugLogError(("CEncryptedStreamSocket: EncryptedstreamSyncError: Client sent wrong Magic Value as answer, cannot complete handshake (%s)"), DbgGetIPString());
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
return(-1);
}
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_CLIENTB_METHODTAGSPADLEN;
receiveBytesWanted_ = 2;
break;
}
case NegotiatingStateEnum.ONS_BASIC_CLIENTB_METHODTAGSPADLEN:
{
DbgByEncryptionMethodSet = fiReceiveBuffer_.ReadUInt8();
if (DbgByEncryptionMethodSet != Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION))
{
MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Client %s set unsupported encryption method (%i), handshake failed"),
DbgGetIPString(), DbgByEncryptionMethodSet);
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
return(-1);
}
receiveBytesWanted_ = fiReceiveBuffer_.ReadUInt8();
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_CLIENTB_PADDING;
if (receiveBytesWanted_ > 0)
{
break;
}
else
{
goto case NegotiatingStateEnum.ONS_BASIC_CLIENTB_PADDING;
}
}
case NegotiatingStateEnum.ONS_BASIC_CLIENTB_PADDING:
// ignore the random bytes, the handshake is complete
negotiatingState_ = NegotiatingStateEnum.ONS_COMPLETE;
streamCryptState_ = StreamCryptStateEnum.ECS_ENCRYPTING;
//DEBUG_ONLY( MpdUtilities.DebugLog(("CEncryptedStreamSocket: Finished Obufscation handshake with client %s (outgoing)"), DbgGetIPString()) );
break;
case NegotiatingStateEnum.ONS_BASIC_SERVER_DHANSWER:
{
Debug.Assert(cryptDHA_ != new BigInteger(0));
byte[] aBuffer = new byte[MuleConstants.PRIMESIZE_BYTES + 1];
fiReceiveBuffer_.Read(aBuffer, 0, Convert.ToInt32(MuleConstants.PRIMESIZE_BYTES));
BigInteger cryptDHAnswer =
new BigInteger(aBuffer, (int)MuleConstants.PRIMESIZE_BYTES);
BigInteger cryptDHPrime =
new BigInteger(dh768_p_, (int)MuleConstants.PRIMESIZE_BYTES); // our fixed prime
BigInteger cryptResult =
cryptDHAnswer.modPow(cryptDHA_, cryptDHPrime);
cryptDHA_ = 0;
Array.Clear(aBuffer, 0, aBuffer.Length);
// create the keys
Array.Copy(cryptResult.getBytes(), aBuffer, MuleConstants.PRIMESIZE_BYTES);
aBuffer[MuleConstants.PRIMESIZE_BYTES] = Convert.ToByte(MuleConstants.MAGICVALUE_REQUESTER);
MD5 md5 = MD5.Create();
rc4SendKey_ =
MuleUtilities.RC4CreateKey(md5.ComputeHash(aBuffer), 16);
aBuffer[MuleConstants.PRIMESIZE_BYTES] = Convert.ToByte(MuleConstants.MAGICVALUE_SERVER);
rc4ReceiveKey_ =
MuleUtilities.RC4CreateKey(md5.ComputeHash(aBuffer), 16);
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_SERVER_MAGICVALUE;
receiveBytesWanted_ = 4;
break;
}
case NegotiatingStateEnum.ONS_BASIC_SERVER_MAGICVALUE:
{
uint dwValue = fiReceiveBuffer_.ReadUInt32();
if (dwValue == MuleConstants.MAGICVALUE_SYNC)
{
// yup, the one or the other way it worked, this is an encrypted stream
MpdUtilities.DebugLog(("Received proper magic value after DH-Agreement from Serverconnection IP: %s"), DbgGetIPString());
// set the receiver key
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_SERVER_METHODTAGSPADLEN;
receiveBytesWanted_ = 3;
}
else
{
MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Received wrong magic value after DH-Agreement from Serverconnection"), DbgGetIPString());
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
return(-1);
}
break;
}
case NegotiatingStateEnum.ONS_BASIC_SERVER_METHODTAGSPADLEN:
DbgByEncryptionSupported = fiReceiveBuffer_.ReadUInt8();
DbgByEncryptionRequested = fiReceiveBuffer_.ReadUInt8();
if (DbgByEncryptionRequested != Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION))
{
MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_LOW, false, ("CEncryptedStreamSocket: Server %s preffered unsupported encryption method (%i)"), DbgGetIPString(), DbgByEncryptionRequested);
}
receiveBytesWanted_ = fiReceiveBuffer_.ReadUInt8();
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_SERVER_PADDING;
if (receiveBytesWanted_ > 16)
{
MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_LOW, false, ("CEncryptedStreamSocket: Server %s sent more than 16 (%i) padding bytes"), DbgGetIPString(), receiveBytesWanted_);
}
if (receiveBytesWanted_ > 0)
{
break;
}
else
{
goto case NegotiatingStateEnum.ONS_BASIC_SERVER_PADDING;
}
case NegotiatingStateEnum.ONS_BASIC_SERVER_PADDING:
{
// ignore the random bytes (they are decrypted already), send the response, set status complete
SafeMemFile fileResponse = MpdObjectManager.CreateSafeMemFile(26);
fileResponse.WriteUInt32(MuleConstants.MAGICVALUE_SYNC);
byte bySelectedEncryptionMethod =
Convert.ToByte(EncryptionMethodsEnum.ENM_OBFUSCATION); // we do not support any further encryption in this version, so no need to look which the other client preferred
fileResponse.WriteUInt8(bySelectedEncryptionMethod);
byte byPadding = (byte)(MpdUtilities.GetRandomUInt8() % 16);
fileResponse.WriteUInt8(byPadding);
for (int i = 0; i < byPadding; i++)
{
fileResponse.WriteUInt8(MpdUtilities.GetRandomUInt8());
}
negotiatingState_ = NegotiatingStateEnum.ONS_BASIC_SERVER_DELAYEDSENDING;
SendNegotiatingData(fileResponse.Buffer, (uint)fileResponse.Length, 0, true); // don't actually send it right now, store it in our sendbuffer
streamCryptState_ = StreamCryptStateEnum.ECS_ENCRYPTING;
MpdUtilities.DebugLog(("CEncryptedStreamSocket: Finished DH Obufscation handshake with Server %s"), DbgGetIPString());
break;
}
default:
Debug.Assert(false);
break;
}
fiReceiveBuffer_.SeekToBegin();
}
fiReceiveBuffer_ = null;
return(nRead);
}
catch (Exception)
{
Debug.Assert(false);
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
fiReceiveBuffer_ = null;
return(-1);
}
}
public override int Receive(byte[] lpBuf, int offset, int nBufLen, SocketFlags nFlags)
{
obfuscationBytesReceived_ = base.Receive(lpBuf, offset, nBufLen, nFlags);
fullReceive_ = obfuscationBytesReceived_ == (uint)nBufLen;
if (obfuscationBytesReceived_ == SOCKET_ERROR || obfuscationBytesReceived_ <= 0)
{
return(obfuscationBytesReceived_);
}
switch (streamCryptState_)
{
case StreamCryptStateEnum.ECS_NONE: // disabled, just pass it through
return(obfuscationBytesReceived_);
case StreamCryptStateEnum.ECS_PENDING:
case StreamCryptStateEnum.ECS_PENDING_SERVER:
Debug.Assert(false);
MpdUtilities.DebugLogError(("CEncryptedStreamSocket Received data before sending on outgoing connection"));
streamCryptState_ = StreamCryptStateEnum.ECS_NONE;
return(obfuscationBytesReceived_);
case StreamCryptStateEnum.ECS_UNKNOWN:
{
int nRead = 1;
bool bNormalHeader = false;
switch (lpBuf[offset])
{
case MuleConstants.PROTOCOL_EDONKEYPROT:
case MuleConstants.PROTOCOL_PACKEDPROT:
case MuleConstants.PROTOCOL_EMULEPROT:
bNormalHeader = true;
break;
}
if (!bNormalHeader)
{
StartNegotiation(false);
int nNegRes = Negotiate(lpBuf, offset + nRead, obfuscationBytesReceived_ - nRead);
if (nNegRes == (-1))
{
return(0);
}
nRead += nNegRes;
if (nRead != obfuscationBytesReceived_)
{
// this means we have more data then the current negotiation step required (or there is a bug) and this should never happen
// (note: even if it just finished the handshake here, there still can be no data left, since the other client didnt received our response yet)
MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Client %s sent more data then expected while negotiating, disconnecting (1)"), DbgGetIPString());
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
}
return(0);
}
else
{
// doesn't seems to be encrypted
streamCryptState_ = StreamCryptStateEnum.ECS_NONE;
// if we require an encrypted connection, cut the connection here. This shouldn't happen that often
// at least with other up-to-date eMule clients because they check for incompability before connecting if possible
if (MuleApplication.Instance.Preference.IsClientCryptLayerRequired)
{
// TODO: Remove me when i have been solved
// Even if the Require option is enabled, we currently have to accept unencrypted connection which are made
// for lowid/firewall checks from servers and other from us selected client. Otherwise, this option would
// always result in a lowid/firewalled status. This is of course not nice, but we can't avoid this walkarround
// untill servers and kad completely support encryption too, which will at least for kad take a bit
// only exception is the .ini option ClientCryptLayerRequiredStrict which will even ignore test connections
// Update: New server now support encrypted callbacks
IPEndPoint remote = RemoteEndPoint as IPEndPoint;
uint address = BitConverter.ToUInt32(remote.Address.GetAddressBytes(), 0);
if (MuleApplication.Instance.Preference.IsClientCryptLayerRequiredStrict ||
(!MuleApplication.Instance.ServerConnect.AwaitingTestFromIP(address) &&
!MuleApplication.Instance.ClientList.IsKadFirewallCheckIP(address)))
{
MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_DEFAULT, false, ("Rejected incoming connection because Obfuscation was required but not used %s"), DbgGetIPString());
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION_NOTALLOWED));
return(0);
}
else
{
MpdUtilities.AddDebugLogLine(EDebugLogPriority.DLP_DEFAULT, false, ("Incoming unencrypted firewallcheck connection permitted despite RequireEncryption setting - %s"), DbgGetIPString());
}
}
return(obfuscationBytesReceived_); // buffer was unchanged, we can just pass it through
}
}
case StreamCryptStateEnum.ECS_ENCRYPTING:
// basic obfuscation enabled and set, so decrypt and pass along
MuleUtilities.RC4Crypt(lpBuf, offset, lpBuf, offset, Convert.ToUInt32(obfuscationBytesReceived_), rc4ReceiveKey_);
return(obfuscationBytesReceived_);
case StreamCryptStateEnum.ECS_NEGOTIATING:
{
int nRead = Negotiate(lpBuf, offset, obfuscationBytesReceived_);
if (nRead == (-1))
{
return(0);
}
else if (nRead != obfuscationBytesReceived_ &&
streamCryptState_ != StreamCryptStateEnum.ECS_ENCRYPTING)
{
// this means we have more data then the current negotiation step required (or there is a bug) and this should never happen
MpdUtilities.DebugLogError(("CEncryptedStreamSocket: Client %s sent more data then expected while negotiating, disconnecting (2)"), DbgGetIPString());
OnError(Convert.ToInt32(EMSocketErrorCodeEnum.ERR_ENCRYPTION));
return(0);
}
else if (nRead != (uint)obfuscationBytesReceived_ && streamCryptState_ == StreamCryptStateEnum.ECS_ENCRYPTING)
{
// we finished the handshake and if we this was an outgoing connection it is allowed (but strange and unlikely) that the client sent payload
MpdUtilities.DebugLogWarning(("CEncryptedStreamSocket: Client %s has finished the handshake but also sent payload on a outgoing connection"), DbgGetIPString());
Array.Copy(lpBuf, offset + nRead, lpBuf, offset + 0, obfuscationBytesReceived_ - nRead);
return(obfuscationBytesReceived_ - nRead);
}
else
{
return(0);
}
}
default:
Debug.Assert(false);
return(obfuscationBytesReceived_);
}
}