From eb03d1c54bb31a3e87c10d2ec23845616ed1c6bf Mon Sep 17 00:00:00 2001 From: Davide Beatrici Date: Sun, 12 Aug 2018 04:07:39 +0200 Subject: [PATCH] Protocol: remove RC4 related stuff --- src/Cedar/Connection.c | 14 +--- src/Cedar/Protocol.c | 171 +---------------------------------------- src/Cedar/Protocol.h | 1 - src/Cedar/Session.h | 2 - 4 files changed, 3 insertions(+), 185 deletions(-) diff --git a/src/Cedar/Connection.c b/src/Cedar/Connection.c index af2bd27b..90551a65 100644 --- a/src/Cedar/Connection.c +++ b/src/Cedar/Connection.c @@ -659,11 +659,6 @@ void WriteSendFifo(SESSION *s, TCPSOCK *ts, void *data, UINT size) return; } - if (s->UseFastRC4) - { - Encrypt(ts->SendKey, data, data, size); - } - WriteFifo(ts->SendFifo, data, size); } @@ -676,11 +671,6 @@ void WriteRecvFifo(SESSION *s, TCPSOCK *ts, void *data, UINT size) return; } - if (s->UseFastRC4) - { - Encrypt(ts->RecvKey, data, data, size); - } - WriteFifo(ts->RecvFifo, data, size); } @@ -688,14 +678,14 @@ void WriteRecvFifo(SESSION *s, TCPSOCK *ts, void *data, UINT size) UINT TcpSockRecv(SESSION *s, TCPSOCK *ts, void *data, UINT size) { // Receive - return Recv(ts->Sock, data, size, s->UseSSLDataEncryption); + return Recv(ts->Sock, data, size, s->UseEncrypt); } // TCP socket send UINT TcpSockSend(SESSION *s, TCPSOCK *ts, void *data, UINT size) { // Transmission - return Send(ts->Sock, data, size, s->UseSSLDataEncryption); + return Send(ts->Sock, data, size, s->UseEncrypt); } // Send the data as UDP packet diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c index 0a641f71..d5919c3c 100644 --- a/src/Cedar/Protocol.c +++ b/src/Cedar/Protocol.c @@ -1265,7 +1265,6 @@ bool ServerAccept(CONNECTION *c) char groupname[MAX_SIZE]; UCHAR session_key[SHA1_SIZE]; UCHAR ticket[SHA1_SIZE]; - RC4_KEY_PAIR key_pair; UINT authtype; POLICY *policy; UINT assigned_vlan_id = 0; @@ -1284,7 +1283,6 @@ bool ServerAccept(CONNECTION *c) IP udp_acceleration_client_ip; UCHAR udp_acceleration_client_key[UDP_ACCELERATION_COMMON_KEY_SIZE]; UINT udp_acceleration_client_port; - bool use_fast_rc4; bool admin_mode = false; UINT direction; UINT max_connection; @@ -1643,7 +1641,6 @@ bool ServerAccept(CONNECTION *c) use_compress = PackGetInt(p, "use_compress") == 0 ? false : true; max_connection = PackGetInt(p, "max_connection"); half_connection = PackGetInt(p, "half_connection") == 0 ? false : true; - use_fast_rc4 = PackGetInt(p, "use_fast_rc4") == 0 ? false : true; qos = PackGetInt(p, "qos") ? true : false; client_id = PackGetInt(p, "client_id"); adjust_mss = PackGetInt(p, "adjust_mss"); @@ -3134,10 +3131,6 @@ bool ServerAccept(CONNECTION *c) // Set the parameters s->MaxConnection = max_connection; s->UseEncrypt = use_encrypt; - if (s->UseEncrypt && use_fast_rc4) - { - s->UseFastRC4 = use_fast_rc4; - } s->UseCompress = use_compress; s->HalfConnection = half_connection; s->Timeout = timeout; @@ -3294,26 +3287,6 @@ bool ServerAccept(CONNECTION *c) Free(msg); - - if (s->UseFastRC4) - { - // Generate a RC4 key pair - GenerateRC4KeyPair(&key_pair); - - // Add to Welcome packet - PackAddData(p, "rc4_key_client_to_server", key_pair.ClientToServerKey, sizeof(key_pair.ClientToServerKey)); - PackAddData(p, "rc4_key_server_to_client", key_pair.ServerToClientKey, sizeof(key_pair.ServerToClientKey)); - { - char key1[64], key2[64]; - BinToStr(key1, sizeof(key1), key_pair.ClientToServerKey, 16); - BinToStr(key2, sizeof(key2), key_pair.ServerToClientKey, 16); - Debug( - "Client to Server Key: %s\n" - "Server to Client Key: %s\n", - key1, key2); - } - } - // Brand string for the connection limit { char *branded_cfroms = _SS("BRANDED_C_FROM_S"); @@ -3353,24 +3326,6 @@ bool ServerAccept(CONNECTION *c) ts->Direction = TCP_CLIENT_TO_SERVER; } - if (s->UseFastRC4) - { - // Set the RC4 key information to the first TCP connection - TCPSOCK *ts = (TCPSOCK *)LIST_DATA(c->Tcp->TcpSockList, 0); - Copy(&ts->Rc4KeyPair, &key_pair, sizeof(RC4_KEY_PAIR)); - - InitTcpSockRc4Key(ts, true); - } - - if (s->UseEncrypt && s->UseFastRC4 == false) - { - s->UseSSLDataEncryption = true; - } - else - { - s->UseSSLDataEncryption = false; - } - if (s->Hub->Type == HUB_TYPE_FARM_DYNAMIC && s->Cedar->Server != NULL && s->Cedar->Server->ServerType == SERVER_TYPE_FARM_CONTROLLER) { if (s->Hub->BeingOffline == false) @@ -3536,12 +3491,6 @@ bool ServerAccept(CONNECTION *c) goto CLEANUP; } - // Generate a high-speed RC4 encryption key - if (s->UseFastRC4) - { - GenerateRC4KeyPair(&key_pair); - } - // Add the socket of this connection to the connection list of the session (TCP) sock = c->FirstSock; ts = NewTcpSock(sock); @@ -3581,34 +3530,10 @@ bool ServerAccept(CONNECTION *c) } UnlockList(s->Connection->Tcp->TcpSockList); - if (s->UseFastRC4) - { - // Set the RC4 key information - Copy(&ts->Rc4KeyPair, &key_pair, sizeof(RC4_KEY_PAIR)); - - InitTcpSockRc4Key(ts, true); - } - // Return a success result p = PackError(ERR_NO_ERROR); PackAddInt(p, "direction", direction); - if (s->UseFastRC4) - { - // Add a RC4 key information - PackAddData(p, "rc4_key_client_to_server", key_pair.ClientToServerKey, sizeof(key_pair.ClientToServerKey)); - PackAddData(p, "rc4_key_server_to_client", key_pair.ServerToClientKey, sizeof(key_pair.ServerToClientKey)); - { - char key1[64], key2[64]; - BinToStr(key1, sizeof(key1), key_pair.ClientToServerKey, 16); - BinToStr(key2, sizeof(key2), key_pair.ServerToClientKey, 16); - Debug( - "Client to Server Key: %s\n" - "Server to Client Key: %s\n", - key1, key2); - } - } - HttpServerSend(c->FirstSock, p); FreePack(p); @@ -4345,7 +4270,7 @@ bool ClientAdditionalConnect(CONNECTION *c, THREAD *t) TCPSOCK *ts; UINT err; UINT direction; - RC4_KEY_PAIR key_pair; + // Validate arguments if (c == NULL) { @@ -4409,28 +4334,6 @@ bool ClientAdditionalConnect(CONNECTION *c, THREAD *t) err = GetErrorFromPack(p); direction = PackGetInt(p, "direction"); - if (c->Session->UseFastRC4) - { - // Get the RC4 key information - if (PackGetDataSize(p, "rc4_key_client_to_server") == 16) - { - PackGetData(p, "rc4_key_client_to_server", key_pair.ClientToServerKey); - } - if (PackGetDataSize(p, "rc4_key_server_to_client") == 16) - { - PackGetData(p, "rc4_key_server_to_client", key_pair.ServerToClientKey); - } - { - char key1[64], key2[64]; - BinToStr(key1, sizeof(key1), key_pair.ClientToServerKey, 16); - BinToStr(key2, sizeof(key2), key_pair.ServerToClientKey, 16); - Debug( - "Client to Server Key: %s\n" - "Server to Client Key: %s\n", - key1, key2); - } - } - FreePack(p); p = NULL; @@ -4475,14 +4378,6 @@ bool ClientAdditionalConnect(CONNECTION *c, THREAD *t) ); } - if (c->Session->UseFastRC4) - { - // Set the RC4 encryption key - Copy(&ts->Rc4KeyPair, &key_pair, sizeof(RC4_KEY_PAIR)); - - InitTcpSockRc4Key(ts, false); - } - // Issue the Cancel to the session Cancel(c->Session->Cancel1); @@ -4788,7 +4683,6 @@ bool ClientConnect(CONNECTION *c) char session_name[MAX_SESSION_NAME_LEN + 1]; char connection_name[MAX_CONNECTION_NAME_LEN + 1]; UCHAR session_key[SHA1_SIZE]; - RC4_KEY_PAIR key_pair; POLICY *policy; bool expired = false; IP server_ip; @@ -5137,10 +5031,6 @@ REDIRECTED: c->Session->UseCompress = PackGetInt(p, "use_compress") == 0 ? false : true; c->Session->UseEncrypt = PackGetInt(p, "use_encrypt") == 0 ? false : true; c->Session->NoSendSignature = PackGetBool(p, "no_send_signature"); - if (c->Session->UseEncrypt) - { - c->Session->UseFastRC4 = PackGetInt(p, "use_fast_rc4") == 0 ? false : true; - } c->Session->HalfConnection = PackGetInt(p, "half_connection") == 0 ? false : true; c->Session->IsAzureSession = PackGetInt(p, "is_azure_session") == 0 ? false : true; c->Session->Timeout = PackGetInt(p, "timeout"); @@ -5203,28 +5093,6 @@ REDIRECTED: } } - if (c->Session->UseFastRC4) - { - // Get the RC4 key information - if (PackGetDataSize(p, "rc4_key_client_to_server") == 16) - { - PackGetData(p, "rc4_key_client_to_server", key_pair.ClientToServerKey); - } - if (PackGetDataSize(p, "rc4_key_server_to_client") == 16) - { - PackGetData(p, "rc4_key_server_to_client", key_pair.ServerToClientKey); - } - { - char key1[64], key2[64]; - BinToStr(key1, sizeof(key1), key_pair.ClientToServerKey, 16); - BinToStr(key2, sizeof(key2), key_pair.ServerToClientKey, 16); - Debug( - "Client to Server Key: %s\n" - "Server to Client Key: %s\n", - key1, key2); - } - } - sess->EnableBulkOnRUDP = false; sess->EnableHMacOnBulkOfRUDP = false; if (s->IsRUDPSocket && s->BulkRecvKey != NULL && s->BulkSendKey != NULL) @@ -5405,25 +5273,6 @@ REDIRECTED: ts->Direction = TCP_CLIENT_TO_SERVER; } - if (c->Session->UseFastRC4) - { - // Set the high-speed RC4 encryption key - TCPSOCK *ts = (TCPSOCK *)LIST_DATA(c->Tcp->TcpSockList, 0); - Copy(&ts->Rc4KeyPair, &key_pair, sizeof(key_pair)); - - InitTcpSockRc4Key(ts, false); - } - - // SSL encryption flag - if (c->Session->UseEncrypt && c->Session->UseFastRC4 == false) - { - c->Session->UseSSLDataEncryption = true; - } - else - { - c->Session->UseSSLDataEncryption = false; - } - PrintStatus(sess, L"free"); CLog(c->Cedar->Client, "LC_CONNECT_2", c->Session->ClientOption->AccountName, @@ -5525,7 +5374,6 @@ PACK *PackWelcome(SESSION *s) // Parameters PackAddInt(p, "max_connection", s->MaxConnection); PackAddInt(p, "use_encrypt", s->UseEncrypt == false ? 0 : 1); - PackAddInt(p, "use_fast_rc4", s->UseFastRC4 == false ? 0 : 1); PackAddInt(p, "use_compress", s->UseCompress == false ? 0 : 1); PackAddInt(p, "half_connection", s->HalfConnection == false ? 0 : 1); PackAddInt(p, "timeout", s->Timeout); @@ -5930,8 +5778,6 @@ bool ClientUploadAuth(CONNECTION *c) PackAddInt(p, "max_connection", o->MaxConnection); // Flag to use of cryptography PackAddInt(p, "use_encrypt", o->UseEncrypt == false ? 0 : 1); - // Fast encryption using flag - // PackAddInt(p, "use_fast_rc4", o->UseFastRC4 == false ? 0 : 1); // Data compression flag PackAddInt(p, "use_compress", o->UseCompress == false ? 0 : 1); // Half connection flag @@ -7390,18 +7236,3 @@ PACK *PackAdditionalConnect(UCHAR *session_key) return p; } - - -// Generate a RC4 key pair -void GenerateRC4KeyPair(RC4_KEY_PAIR *k) -{ - // Validate arguments - if (k == NULL) - { - return; - } - - Rand(k->ClientToServerKey, sizeof(k->ClientToServerKey)); - Rand(k->ServerToClientKey, sizeof(k->ServerToClientKey)); -} - diff --git a/src/Cedar/Protocol.h b/src/Cedar/Protocol.h index db7460c1..2fca210c 100644 --- a/src/Cedar/Protocol.h +++ b/src/Cedar/Protocol.h @@ -258,7 +258,6 @@ bool ClientAdditionalConnect(CONNECTION *c, THREAD *t); SOCK *ClientAdditionalConnectToServer(CONNECTION *c); bool ClientUploadAuth2(CONNECTION *c, SOCK *s); bool GetSessionKeyFromPack(PACK *p, UCHAR *session_key, UINT *session_key_32); -void GenerateRC4KeyPair(RC4_KEY_PAIR *k); SOCK *ProxyConnect(CONNECTION *c, char *proxy_host_name, UINT proxy_port, char *server_host_name, UINT server_port, diff --git a/src/Cedar/Session.h b/src/Cedar/Session.h index 0d5b5194..c56338b9 100644 --- a/src/Cedar/Session.h +++ b/src/Cedar/Session.h @@ -217,7 +217,6 @@ struct SESSION UINT64 NextConnectionTime; // Time to put next additional connection IP ServerIP; // IP address of the server bool ClientModeAndUseVLan; // Use a virtual LAN card in client mode - bool UseSSLDataEncryption; // Use SSL data encryption LOCK *TrafficLock; // Traffic data lock LINK *Link; // A reference to the link object SNAT *SecureNAT; // A reference to the SecureNAT object @@ -255,7 +254,6 @@ struct SESSION char SessionKeyStr[64]; // Session key string UINT MaxConnection; // Maximum number of concurrent TCP connections bool UseEncrypt; // Use encrypted communication - bool UseFastRC4; // Use high speed RC4 encryption bool UseCompress; // Use data compression bool HalfConnection; // Half connection mode bool QoS; // VoIP / QoS