Navigation

← Previous Changeset
Next Changeset →

Changeset 1564

Timestamp:

02/22/08 21:03:41 (6 months ago)

Author:

till

Message:

honeytrap
- submitNebula: HMAC protected submissions
- submitNebula: non-blocking connection handling

Files:

honeytrap/trunk/src/modules/htm_submitNebula.c (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeytrap/trunk/src/modules/htm_submitNebula.c

r1561	r1564
37	37	#include <readconf.h>
38	38	#include <sha512.h>
	39	#include <signals.h>
39	40	#include <sock.h>
40	41	#include <tcpip.h>
…	…
58	59
59	60
	61	// hmac stuff
	62	#define HMAC_HASH_SIZE 128 // for sha512
	63	#define HMAC_BLOCK_SIZE 256 // for sha512
	64	#define IPAD_VAL 0x36
	65	#define OPAD_VAL 0x5C
	66
	67	u_char k[HMAC_BLOCK_SIZE];
	68	u_char k_ipad[HMAC_BLOCK_SIZE];
	69	u_char k_opad[HMAC_BLOCK_SIZE];
	70
	71
	72
60	73	void plugin_init(void) {
	74	int i;
	75
61	76	plugin_register_hooks();
62	77	register_plugin_confopts(module_name, config_keywords, sizeof(config_keywords)/sizeof(char *));
…	…
65	80	exit(EXIT_FAILURE);
66	81	}
	82
	83	// initialize HMAC pads
	84	memset(k_ipad, IPAD_VAL, HMAC_BLOCK_SIZE);
	85	memset(k_opad, OPAD_VAL, HMAC_BLOCK_SIZE);
	86	if (nebula_secret) for (i=0; i<strlen(nebula_secret); i++) {
	87	k_ipad[i] ^= nebula_secret[i];
	88	k_opad[i] ^= nebula_secret[i];
	89	}
	90
67	91	return;
68	92	}
…	…
118	142	}
119	143
	144
	145	// calculate HMAC
	146	char hmac(u_char *msg, ssize_t len) {
	147	u_char inner, outer;
	148
	149	// append inner padding to message
	150	if ((msg = realloc(msg, len+HMAC_BLOCK_SIZE)) == NULL) {
	151	fprintf(stderr, "Error - Unable to allocate memory: %s.\n", strerror(errno));
	152	return(NULL);
	153	}
	154	memcpy(*msg+len, k_ipad, HMAC_BLOCK_SIZE);
	155
	156	// compute inner hash
	157	if ((inner = (u_char ) mem_sha512sum(msg, len+HMAC_BLOCK_SIZE)) == NULL) {
	158	fprintf(stderr, "Error - Unable to compute inner HMAC SHA512 hash.\n");
	159	return(NULL);
	160	}
	161
	162	// append outer padding to iner hash
	163	if ((inner = realloc(inner, HMAC_HASH_SIZE+HMAC_BLOCK_SIZE)) == NULL) {
	164	fprintf(stderr, "Error - Unable to allocate memory: %s.\n", strerror(errno));
	165	free(inner);
	166	return(NULL);
	167	}
	168	memcpy(&inner[HMAC_HASH_SIZE], k_opad, HMAC_BLOCK_SIZE);
	169
	170	// compute outer hash
	171	if ((outer = (u_char *) mem_sha512sum(inner, HMAC_HASH_SIZE+HMAC_BLOCK_SIZE)) == NULL)
	172	fprintf(stderr, "Error - Unable to compute outer HMAC SHA512 hash.\n");
	173
	174	free(inner);
	175	return((char *) outer);
	176	}
	177
	178
	179	// submit attack to a Nebula server
120	180	int submit_nebula(Attack *attack) {
121	181	struct hostent *host;
122	182	u_char *cbuf, response[9];
123		u_int32_t cbuf_len, rand_no;
	183	u_int32_t cbuf_len, nonce;
	184	u_int16_t hmac_len;
124	185	struct sockaddr_in sock;
125		int sock_fd;
	186	int sock_fd, bytes_read, total_bytes;
126	187	char *sha512sum;
127	188
128		cbuf_len = 0;
129		cbuf = NULL;
130		host = NULL;
	189	struct timeval r_timeout;
	190	fd_set rfds;
	191
	192	cbuf_len = 0;
	193	cbuf = NULL;
	194	host = NULL;
131	195
132	196	/* no data - nothing todo */
…	…
166	230
167	231
168		// get random number
169		srand(time(0));
170		rand_no = (u_int32_t) (RAND_MAX * (rand() / (RAND_MAX + 1.0)));
171
172		// hash secret with random number
	232	// get nonce from server
	233	FD_ZERO(&rfds);
	234	FD_SET(sigpipe[0], &rfds);
	235	FD_SET(sock_fd, &rfds);
	236
	237	r_timeout.tv_sec = 10;
	238	r_timeout.tv_usec = 0;
	239
	240	/* wait for incoming data, close connection on timeout */
	241	logmsg(LOG_DEBUG, 1, "SubmitNebula - Waiting for nonce, timeout is %d seconds.\n",
	242	(u_int16_t) r_timeout.tv_sec);
	243
	244	switch (select(MAX(sigpipe[0], sock_fd) + 1, &rfds, NULL, NULL, &r_timeout)) {
	245	case -1:
	246	if (errno == EINTR) {
	247	if (check_sigpipe() == -1) exit(EXIT_FAILURE);
	248	break;
	249	}
	250	logmsg(LOG_ERR, 1, "SubmitNebula Error - Select failed: %m.\n");
	251	close(sock_fd);
	252	return(-1);
	253	case 0:
	254	logmsg(LOG_ERR, 1, "SubmitNebula Warning - Did not receive nonce within %u seconds.\n", (unsigned int) r_timeout.tv_sec);
	255	close(sock_fd);
	256	return(-1);
	257	default:
	258	if (FD_ISSET(sigpipe[0], &rfds) && (check_sigpipe() == -1)) exit(EXIT_FAILURE);
	259	if (FD_ISSET(sock_fd, &rfds)) {
	260	logmsg(LOG_DEBUG, 1, "SubmitNebula - Reading nonce.\n");
	261	for (bytes_read = 1, total_bytes = 0; bytes_read && total_bytes < 4; total_bytes += bytes_read)
	262	bytes_read = read(sock_fd, &nonce+total_bytes, 4);
	263
	264	if (bytes_read < 0) {
	265	logmsg(LOG_ERR, 1, "SubmitNebula Error - Unable to read from socket: %m.\n");
	266	close(sock_fd);
	267	return(-1);
	268	}
	269	logmsg(LOG_DEBUG, 1, "SubmitNebula - Nonce received.\n");
	270	}
	271	}
	272
	273
	274	// hash secret with nonce
173	275	if ((cbuf = malloc(strlen(nebula_secret)+4)) == NULL) {
174	276	logmsg(LOG_ERR, 1, "SubmitNebula Error - Unable to allocate memory: %m.\n");
…	…
177	279	}
178	280	memcpy(cbuf, nebula_secret, strlen(nebula_secret));
179		memcpy(cbuf+strlen(nebula_secret), &~~rand_no~~, 4);
	281	memcpy(cbuf+strlen(nebula_secret), &nonce, 4);
180	282	if ((sha512sum = mem_sha512sum(cbuf, strlen(nebula_secret)+4)) == NULL) {
181	283	logmsg(LOG_ERR, 1, "SubmitNebula Error - Unable to hash secret.\n");
…	…
184	286	}
185	287
186		~~// send random number~~
187		~~if (write(sock_fd, &rand_no, 4) == -1) {~~
188		~~logmsg(LOG_ERR, 1, "SubmitNebula Error - Writing to socket failed: %m.\n");~~
189		~~close(sock_fd);~~
190		~~return(-1);~~
191		}
192
193	288	// send hashed secret
194	289	if (write(sock_fd, sha512sum, 128) == -1) {
…	…
212	307	}
213	308	if (strncmp((char *) response, "KNOWN", 5) == 0) {
214		logmsg(LOG_WARN, 1, "SubmitNebula - Attack hash is already known, skipping submission.\n");
	309	logmsg(LOG_WARN, 1, "SubmitNebula - Attack hash is already known to the server, skipping submission.\n");
215	310	close(sock_fd);
216	311	return(0);
…	…
281	376	}
282	377
	378	// append protocol and port to cattack for HMAC calculation
	379	if ((cbuf = realloc(cbuf, cbuf_len+3)) == NULL) {
	380	logmsg(LOG_ERR, 1, "SubmitNebula Error - Unable to allocate memory: %m.\n");
	381	close(sock_fd);
	382	return(-1);
	383	}
	384	memcpy(cbuf+cbuf_len, &attack->a_conn.protocol, 1);
	385	memcpy(cbuf+cbuf_len+1, &attack->a_conn.l_port, 2);
	386
	387	sha512sum = hmac(&cbuf, cbuf_len+3);
	388	free(cbuf);
	389
	390	// send length of HMAC
	391	hmac_len = strlen(sha512sum);
	392	if (write(sock_fd, &hmac_len, sizeof(hmac_len)) == -1) {
	393	logmsg(LOG_ERR, 1, "SubmitNebula Error - Writing to socket failed: %m.\n");
	394	close(sock_fd);
	395	return(-1);
	396	}
	397
	398	// send HMAC
	399	if (write(sock_fd, sha512sum, strlen(sha512sum)) == -1) {
	400	logmsg(LOG_ERR, 1, "SubmitNebula Error - Writing to socket failed: %m.\n");
	401	close(sock_fd);
	402	return(-1);
	403	}
	404	free(sha512sum);
	405
283	406	// wait for OK
284	407	logmsg(LOG_DEBUG, 1, "SubmitNebula - Attack sent, waiting for OK.\n");
285		if (!read_line(sock_fd, (char *) response, 8, 10)) {
	408	if (!read_line(sock_fd, (char *) response, 9, 10)) {
286	409	logmsg(LOG_WARN, 1, "SubmitNebula Warning - Nebula server did not respond within 10 seconds.\n");
287	410	} else if (strlen((char ) response) != 2 \|\| strncmp((char ) response, "OK", 2) != 0)
…	…
289	412
290	413	close(sock_fd);
291		~~free(cbuf);~~
292	414
293	415	logmsg(LOG_NOISY, 1, "SubmitNebula - Submission complete.\n");

Navigation

Changeset 1564

Legend:

honeytrap/trunk/src/modules/htm_submitNebula.c

Download in other formats: