relay.c 41 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498
  1. /* Name: relay.c
  2. *
  3. * This file contains code that the relay station runs once the TLS handshake for
  4. * a tagged flow has been completed.
  5. *
  6. * These functions will extract covert data from the header
  7. * of HTTP GET requests and insert downstream data into leaf resources
  8. *
  9. * It is also responsible for keeping track of the HTTP state of the flow
  10. *
  11. * Slitheen - a decoy routing system for censorship resistance
  12. * Copyright (C) 2017 Cecylia Bocovich (cbocovic@uwaterloo.ca)
  13. *
  14. * This program is free software: you can redistribute it and/or modify
  15. * it under the terms of the GNU General Public License as published by
  16. * the Free Software Foundation, version 3.
  17. *
  18. * This program is distributed in the hope that it will be useful,
  19. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. * GNU General Public License for more details.
  22. *
  23. * You should have received a copy of the GNU General Public License
  24. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  25. *
  26. * Additional permission under GNU GPL version 3 section 7
  27. *
  28. * If you modify this Program, or any covered work, by linking or combining
  29. * it with the OpenSSL library (or a modified version of that library),
  30. * containing parts covered by the terms of the OpenSSL Licence and the
  31. * SSLeay license, the licensors of this Program grant you additional
  32. * permission to convey the resulting work. Corresponding Source for a
  33. * non-source form of such a combination shall include the source code
  34. * for the parts of the OpenSSL library used as well as that of the covered
  35. * work.
  36. */
  37. #include <stdio.h>
  38. #include <stdlib.h>
  39. #include <stdint.h>
  40. #include <regex.h>
  41. #include <sys/socket.h>
  42. #include <sys/types.h>
  43. #include <netinet/in.h>
  44. #include <netdb.h>
  45. #include <unistd.h>
  46. #include <pthread.h>
  47. #include <string.h>
  48. #include <openssl/bio.h>
  49. #include <openssl/evp.h>
  50. #include <openssl/rand.h>
  51. #include "relay.h"
  52. #include "slitheen.h"
  53. #include "flow.h"
  54. #include "crypto.h"
  55. #include "util.h"
  56. /** Called when a TLS application record is received for a
  57. * tagged flow. Upstream packets will be checked for covert
  58. * requests to censored sites, downstream packets will be
  59. * replaced with data from the censored queue or with garbage
  60. *
  61. * Inputs:
  62. * f: the tagged flow
  63. * info: the processed received application packet
  64. *
  65. * Output:
  66. * 0 on success, 1 on failure
  67. */
  68. int replace_packet(flow *f, struct packet_info *info){
  69. if (info == NULL || info->tcp_hdr == NULL){
  70. return 0;
  71. }
  72. #ifdef DEBUG
  73. fprintf(stdout,"Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
  74. fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
  75. fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
  76. fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
  77. fflush(stdout);
  78. #endif
  79. if(info->app_data_len <= 0){
  80. return 0;
  81. }
  82. /* if outgoing, decrypt and look at header */
  83. if(info->ip_hdr->src.s_addr == f->src_ip.s_addr){
  84. read_header(f, info);
  85. return 0;
  86. } else {
  87. #ifdef DEBUG
  88. printf("Current sequence number: %d\n", f->downstream_seq_num);
  89. printf("Received sequence number: %d\n", htonl(info->tcp_hdr->sequence_num));
  90. #endif
  91. uint32_t offset = htonl(info->tcp_hdr->sequence_num) - f->downstream_seq_num;
  92. if(offset == 0)
  93. f->downstream_seq_num += info->app_data_len;
  94. /* if incoming, replace with data from queue */
  95. process_downstream(f, offset, info);
  96. #ifdef DEBUG2
  97. uint8_t *p = (uint8_t *) info->tcp_hdr;
  98. fprintf(stdout, "ip hdr length: %d\n", htons(info->ip_hdr->len));
  99. fprintf(stdout, "Injecting the following packet:\n");
  100. for(int i=0; i< htons(info->ip_hdr->len)-1; i++){
  101. fprintf(stdout, "%02x ", p[i]);
  102. }
  103. fprintf(stdout, "\n");
  104. fflush(stdout);
  105. #endif
  106. }
  107. return 0;
  108. }
  109. /** Reads the HTTP header of upstream data and searches for
  110. * a covert request in an x-slitheen header. Sends this
  111. * request to the indicated site and saves the response to
  112. * the censored queue
  113. *
  114. * Inputs:
  115. * f: the tagged flow
  116. * info: the processed received packet
  117. *
  118. * Ouput:
  119. * 0 on success, 1 on failure
  120. */
  121. int read_header(flow *f, struct packet_info *info){
  122. uint8_t *p = info->app_data;
  123. if (info->tcp_hdr == NULL){
  124. return 0;
  125. }
  126. uint8_t *record_ptr = NULL;
  127. struct record_header *record_hdr;
  128. uint32_t record_length;
  129. if(f->upstream_remaining > 0){
  130. //check to see whether the previous record has finished
  131. if(f->upstream_remaining > info->app_data_len){
  132. //ignore entire packet for now
  133. queue_block *new_block = emalloc(sizeof(queue_block));
  134. uint8_t *block_data = emalloc(info->app_data_len);
  135. memcpy(block_data, p, info->app_data_len);
  136. new_block->len = info->app_data_len;
  137. new_block->offset = 0;
  138. new_block->data = block_data;
  139. new_block->next = NULL;
  140. //add block to upstream data chain
  141. if(f->upstream_queue == NULL){
  142. f->upstream_queue = new_block;
  143. } else {
  144. queue_block *last = f->upstream_queue;
  145. while(last->next != NULL){
  146. last = last->next;
  147. }
  148. last->next = new_block;
  149. }
  150. f->upstream_remaining -= info->app_data_len;
  151. return 0;
  152. } else {
  153. //process what we have
  154. record_hdr = (struct record_header*) f->upstream_queue->data;
  155. record_length = RECORD_LEN(record_hdr);
  156. record_ptr = emalloc(record_length+ RECORD_HEADER_LEN);
  157. queue_block *current = f->upstream_queue;
  158. int32_t offset =0;
  159. while(f->upstream_queue != NULL){
  160. memcpy(record_ptr+offset, current->data, current->len);
  161. offset += current->len;
  162. free(current->data);
  163. f->upstream_queue = current->next;
  164. free(current);
  165. current = f->upstream_queue;
  166. }
  167. memcpy(record_ptr+offset, p, f->upstream_remaining);
  168. p = record_ptr;
  169. record_hdr = (struct record_header*) p;
  170. f->upstream_remaining = 0;
  171. }
  172. } else {
  173. //check to see if the new record is too long
  174. record_hdr = (struct record_header*) p;
  175. record_length = RECORD_LEN(record_hdr);
  176. if(record_length + RECORD_HEADER_LEN > info->app_data_len){
  177. //add info to upstream queue
  178. queue_block *new_block = emalloc(sizeof(queue_block));
  179. uint8_t *block_data = emalloc(info->app_data_len);
  180. memcpy(block_data, p, info->app_data_len);
  181. new_block->len = info->app_data_len;
  182. new_block->data = block_data;
  183. new_block->next = NULL;
  184. //add block to upstream queue
  185. if(f->upstream_queue == NULL){
  186. f->upstream_queue = new_block;
  187. } else {
  188. queue_block *last = f->upstream_queue;
  189. while(last->next != NULL){
  190. last = last->next;
  191. }
  192. last->next = new_block;
  193. }
  194. f->upstream_remaining = record_length - new_block->len;
  195. return 0;
  196. }
  197. }
  198. p+= RECORD_HEADER_LEN;
  199. uint8_t *decrypted_data = emalloc(record_length);
  200. memcpy(decrypted_data, p, record_length);
  201. int32_t decrypted_len = encrypt(f, decrypted_data, decrypted_data, record_length, 0, record_hdr->type, 0, 0);
  202. if(decrypted_len<0){
  203. printf("US: decryption failed!\n");
  204. if(record_ptr != NULL)
  205. free(record_ptr);
  206. free(decrypted_data);
  207. return 0;
  208. }
  209. if(record_hdr->type == 0x15){
  210. printf("received alert %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr, ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port), (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
  211. for(int i=0; i<decrypted_len; i++){
  212. printf("%02x ", decrypted_data[EVP_GCM_TLS_EXPLICIT_IV_LEN + i]);
  213. }
  214. printf("\n");
  215. fflush(stdout);
  216. //TODO: re-encrypt and return
  217. }
  218. #ifdef DEBUG_US
  219. printf("Upstream data: (%x:%d > %x:%d )\n",info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port));
  220. printf("%s\n", decrypted_data+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  221. #endif
  222. /* search through decrypted data for x-ignore */
  223. char *header_ptr = strstr((const char *) decrypted_data+EVP_GCM_TLS_EXPLICIT_IV_LEN, "X-Slitheen");
  224. uint8_t *upstream_data;
  225. if(header_ptr == NULL){
  226. if(record_ptr != NULL)
  227. free(record_ptr);
  228. free(decrypted_data);
  229. return 0;
  230. }
  231. #ifdef DEBUG_US
  232. printf("UPSTREAM: Found x-slitheen header\n");
  233. fflush(stdout);
  234. fprintf(stdout,"UPSTREAM Flow: %x:%d > %x:%d (%s)\n", info->ip_hdr->src.s_addr,ntohs(info->tcp_hdr->src_port), info->ip_hdr->dst.s_addr, ntohs(info->tcp_hdr->dst_port) ,(info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
  235. fprintf(stdout, "Sequence number: %d\n", ntohs(info->tcp_hdr->sequence_num));
  236. #endif
  237. header_ptr += strlen("X-Slitheen: ");
  238. if(*header_ptr == '\r' || *header_ptr == '\0'){
  239. #ifdef DEBUG_US
  240. printf("No messages\n");
  241. #endif
  242. free(decrypted_data);
  243. return 0;
  244. }
  245. int32_t num_messages = 1;
  246. char *messages[50]; //TODO: grow this array
  247. messages[0] = header_ptr;
  248. char *c = header_ptr;
  249. while(*c != '\r' && *c != '\0'){
  250. if(*c == ' '){
  251. *c = '\0';
  252. messages[num_messages] = c+1;
  253. num_messages ++;
  254. }
  255. c++;
  256. }
  257. c++;
  258. *c = '\0';
  259. #ifdef DEBUG_US
  260. printf("UPSTREAM: Found %d messages\n", num_messages);
  261. #endif
  262. for(int i=0; i< num_messages; i++){
  263. char *message = messages[i];
  264. //b64 decode the data
  265. int32_t decode_len = strlen(message);
  266. if(message[decode_len-2] == '='){
  267. decode_len = decode_len*3/4 - 2;
  268. } else if(message[decode_len-1] == '='){
  269. decode_len = decode_len*3/4 - 1;
  270. } else {
  271. decode_len = decode_len*3/4;
  272. }
  273. upstream_data = emalloc(decode_len + 1);
  274. BIO *bio, *b64;
  275. bio = BIO_new_mem_buf(message, -1);
  276. b64 = BIO_new(BIO_f_base64());
  277. bio = BIO_push(b64, bio);
  278. BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
  279. int32_t output_len = BIO_read(bio, upstream_data, strlen(message));
  280. BIO_free_all(bio);
  281. #ifdef DEBUG_US
  282. printf("Decoded to get %d bytes:\n", output_len);
  283. for(int j=0; j< output_len; j++){
  284. printf("%02x ", upstream_data[j]);
  285. }
  286. printf("\n");
  287. fflush(stdout);
  288. #endif
  289. p = upstream_data;
  290. if(i== 0){
  291. //this is the Slitheen ID
  292. #ifdef DEBUG_US
  293. printf("Slitheen ID:");
  294. for(int j=0; j< output_len; j++){
  295. printf("%02x ", p[j]);
  296. }
  297. printf("\n");
  298. #endif
  299. //find stream table or create new one
  300. client *last = clients->first;
  301. while(last != NULL){
  302. if(!memcmp(last->slitheen_id, p, output_len)){
  303. f->streams = last->streams;
  304. f->downstream_queue = last->downstream_queue;
  305. f->client_ptr = last;
  306. break;
  307. #ifdef DEBUG_US
  308. } else {
  309. for(int j=0; j< output_len; j++){
  310. printf("%02x ", last->slitheen_id[j]);
  311. }
  312. printf(" != ");
  313. for(int j=0; j< output_len; j++){
  314. printf("%02x ", p[j]);
  315. }
  316. printf("\n");
  317. #endif
  318. }
  319. last = last->next;
  320. }
  321. if(f->streams == NULL){
  322. //create new client
  323. printf("Creating a new client\n");
  324. client *new_client = emalloc(sizeof(client));
  325. memcpy(new_client->slitheen_id, p, output_len);
  326. new_client->streams = emalloc(sizeof(stream_table));
  327. new_client->streams->first = NULL;
  328. new_client->downstream_queue = emalloc(sizeof(data_queue));
  329. sem_init(&(new_client->queue_lock), 0, 1);
  330. new_client->downstream_queue->first_block = NULL;
  331. new_client->encryption_counter = 0;
  332. new_client->next = NULL;
  333. /* Now generate super encryption keys */
  334. generate_client_super_keys(new_client->slitheen_id, new_client);
  335. //add to client table
  336. if(clients->first == NULL){
  337. clients->first = new_client;
  338. } else {
  339. client *last = clients->first;
  340. while(last->next != NULL){
  341. last = last->next;
  342. }
  343. last->next = new_client;
  344. }
  345. //set f's stream table
  346. f->client_ptr = new_client;
  347. f->streams = new_client->streams;
  348. f->downstream_queue = new_client->downstream_queue;
  349. }
  350. free(upstream_data);
  351. continue;
  352. }
  353. while(output_len > 0){
  354. struct sl_up_hdr *sl_hdr = (struct sl_up_hdr *) p;
  355. uint16_t stream_id = sl_hdr->stream_id;
  356. uint16_t stream_len = ntohs(sl_hdr->len);
  357. p += sizeof(struct sl_up_hdr);
  358. output_len -= sizeof(struct sl_up_hdr);
  359. stream_table *streams = f->streams;
  360. //If a thread for this stream id exists, get the thread info and pipe data
  361. int32_t stream_pipe = -1;
  362. stream *last = streams->first;
  363. if(streams->first != NULL){
  364. if(last->stream_id == stream_id){
  365. stream_pipe = last->pipefd;
  366. } else {
  367. while(last->next != NULL){
  368. last = last->next;
  369. if(last->stream_id == stream_id){
  370. stream_pipe = last->pipefd;
  371. break;
  372. }
  373. }
  374. }
  375. }
  376. if(stream_pipe != -1){
  377. if(stream_len ==0){
  378. printf("Client closed. We are here\n");
  379. close(stream_pipe);
  380. break;
  381. }
  382. #ifdef DEBUG_US
  383. printf("Found stream id %d\n", last->stream_id);
  384. printf("Writing %d bytes to pipe\n", stream_len);
  385. #endif
  386. int32_t bytes_sent = write(stream_pipe, p, stream_len);
  387. if(bytes_sent < 0){
  388. printf("Error sending bytes to stream pipe\n");
  389. }
  390. } else if(stream_len > 0){
  391. /*Else, spawn a thread to handle the proxy to this site*/
  392. pthread_t proxy_thread;
  393. int32_t pipefd[2];
  394. if(pipe(pipefd) < 0){
  395. free(decrypted_data);
  396. if(record_ptr != NULL)
  397. free(record_ptr);
  398. return 1;
  399. }
  400. uint8_t *initial_data = emalloc(stream_len);
  401. memcpy(initial_data, p, stream_len);
  402. struct proxy_thread_data *thread_data =
  403. emalloc(sizeof(struct proxy_thread_data));
  404. thread_data->initial_data = initial_data;
  405. thread_data->initial_len = stream_len;
  406. thread_data->stream_id = stream_id;
  407. thread_data->pipefd = pipefd[0];
  408. thread_data->streams = f->streams;
  409. thread_data->downstream_queue = f->downstream_queue;
  410. thread_data->client = f->client_ptr;
  411. pthread_create(&proxy_thread, NULL, proxy_covert_site, (void *) thread_data);
  412. pthread_detach(proxy_thread);
  413. //add stream to table
  414. stream *new_stream = emalloc(sizeof(stream));
  415. new_stream->stream_id = stream_id;
  416. new_stream->pipefd = pipefd[1];
  417. new_stream->next = NULL;
  418. if(streams->first == NULL){
  419. streams->first = new_stream;
  420. } else {
  421. stream *last = streams->first;
  422. while(last->next != NULL){
  423. last = last->next;
  424. }
  425. last->next = new_stream;
  426. }
  427. } else{
  428. printf("Error, stream len 0\n");
  429. break;
  430. }
  431. output_len -= stream_len;
  432. p += stream_len;
  433. }
  434. free(upstream_data);
  435. }
  436. //save a reference to the proxy threads in a global table
  437. free(decrypted_data);
  438. if(record_ptr != NULL)
  439. free(record_ptr);
  440. return 0;
  441. }
  442. /** Called by spawned pthreads in read_header to send upstream
  443. * data to the censored site and receive responses. Downstream
  444. * data is stored in the slitheen id's downstream_queue. Function and
  445. * thread will terminate when the client closes the connection
  446. * to the covert destination
  447. *
  448. * Input:
  449. * A struct that contains the following information:
  450. * - the tagged flow
  451. * - the initial upstream data + len (including connect request)
  452. * - the read end of the pipe
  453. * - the downstream queue for the client
  454. *
  455. */
  456. void *proxy_covert_site(void *data){
  457. struct proxy_thread_data *thread_data =
  458. (struct proxy_thread_data *) data;
  459. uint8_t *p = thread_data->initial_data;
  460. uint16_t data_len = thread_data->initial_len;
  461. uint16_t stream_id = thread_data->stream_id;
  462. int32_t bytes_sent;
  463. stream_table *streams = thread_data->streams;
  464. data_queue *downstream_queue = thread_data->downstream_queue;
  465. client *clnt = thread_data->client;
  466. struct socks_req *clnt_req = (struct socks_req *) p;
  467. p += 4;
  468. data_len -= 4;
  469. int32_t handle = -1;
  470. //see if it's a connect request
  471. if(clnt_req->cmd != 0x01){
  472. goto err;
  473. }
  474. struct sockaddr_in dest;
  475. dest.sin_family = AF_INET;
  476. uint8_t domain_len;
  477. switch(clnt_req->addr_type){
  478. case 0x01:
  479. //IPv4
  480. dest.sin_addr.s_addr = *((uint32_t*) p);
  481. p += 4;
  482. data_len -= 4;
  483. break;
  484. case 0x03:
  485. //domain name
  486. domain_len = p[0];
  487. p++;
  488. data_len --;
  489. uint8_t *domain_name = emalloc(domain_len+1);
  490. memcpy(domain_name, p, domain_len);
  491. domain_name[domain_len] = '\0';
  492. struct hostent *host;
  493. host = gethostbyname((const char *) domain_name);
  494. dest.sin_addr = *((struct in_addr *) host->h_addr);
  495. p += domain_len;
  496. data_len -= domain_len;
  497. free(domain_name);
  498. break;
  499. case 0x04:
  500. //IPv6
  501. goto err;//TODO: add IPv6 functionality
  502. break;
  503. }
  504. //now set the port
  505. dest.sin_port = *((uint16_t *) p);
  506. p += 2;
  507. data_len -= 2;
  508. handle = socket(AF_INET, SOCK_STREAM, 0);
  509. if(handle < 0){
  510. goto err;
  511. }
  512. struct sockaddr_in my_addr;
  513. socklen_t my_addr_len = sizeof(my_addr);
  514. int32_t error = connect (handle, (struct sockaddr *) &dest, sizeof (struct sockaddr));
  515. #ifdef DEBUG_PROXY
  516. printf("Connected to covert site for stream %d\n", stream_id);
  517. #endif
  518. if(error <0){
  519. goto err;
  520. }
  521. getsockname(handle, (struct sockaddr *) &my_addr, &my_addr_len);
  522. //see if there were extra upstream bytes
  523. if(data_len > 0){
  524. #ifdef DEBUG_PROXY
  525. printf("Data len is %d\n", data_len);
  526. printf("Upstream bytes: ");
  527. for(int i=0; i< data_len; i++){
  528. printf("%02x ", p[i]);
  529. }
  530. printf("\n");
  531. #endif
  532. bytes_sent = send(handle, p,
  533. data_len, 0);
  534. if( bytes_sent <= 0){
  535. goto err;
  536. }
  537. }
  538. uint8_t *buffer = emalloc(BUFSIZ);
  539. int32_t buffer_len = BUFSIZ;
  540. //now select on reading from the pipe and from the socket
  541. for(;;){
  542. fd_set readfds;
  543. fd_set writefds;
  544. int32_t nfds = (handle > thread_data->pipefd) ?
  545. handle +1 : thread_data->pipefd + 1;
  546. FD_ZERO(&readfds);
  547. FD_ZERO(&writefds);
  548. FD_SET(thread_data->pipefd, &readfds);
  549. FD_SET(handle, &readfds);
  550. FD_SET(handle, &writefds);
  551. if (select(nfds, &readfds, &writefds, NULL, NULL) < 0){
  552. printf("select error\n");
  553. break;
  554. }
  555. if(FD_ISSET(thread_data->pipefd, &readfds) && FD_ISSET(handle, &writefds)){
  556. //we have upstream data ready for writing
  557. int32_t bytes_read = read(thread_data->pipefd, buffer, buffer_len);
  558. if(bytes_read > 0){
  559. #ifdef DEBUG_PROXY
  560. printf("PROXY (id %d): read %d bytes from pipe\n", stream_id, bytes_read);
  561. for(int i=0; i< bytes_read; i++){
  562. printf("%02x ", buffer[i]);
  563. }
  564. printf("\n");
  565. printf("%s\n", buffer);
  566. #endif
  567. bytes_sent = send(handle, buffer,
  568. bytes_read, 0);
  569. if( bytes_sent <= 0){
  570. printf("Error sending bytes to covert site (stream %d)\n", stream_id);
  571. break;
  572. } else if (bytes_sent < bytes_read){
  573. printf("Sent less bytes than read to covert site (stream %d)\n", stream_id);
  574. break;
  575. }
  576. } else {
  577. //Client closed the connection, we can delete this stream from the downstream queue
  578. printf("Deleting stream %d from the downstream queue\n", stream_id);
  579. sem_wait(&clnt->queue_lock);
  580. queue_block *last = downstream_queue->first_block;
  581. queue_block *prev = last;
  582. while(last != NULL){
  583. if(last->stream_id == stream_id){
  584. //remove block from queue
  585. printf("removing a block!\n");
  586. fflush(stdout);
  587. if(last == downstream_queue->first_block){
  588. downstream_queue->first_block = last->next;
  589. free(last->data);
  590. free(last);
  591. last = downstream_queue->first_block;
  592. prev = last;
  593. } else {
  594. prev->next = last->next;
  595. free(last->data);
  596. free(last);
  597. last = prev->next;
  598. }
  599. } else {
  600. prev = last;
  601. last = last->next;
  602. }
  603. }
  604. sem_post(&clnt->queue_lock);
  605. printf("Finished deleting from downstream queue\n");
  606. fflush(stdout);
  607. break;
  608. }
  609. }
  610. if (FD_ISSET(handle, &readfds)){
  611. //we have downstream data read for saving
  612. int32_t bytes_read;
  613. bytes_read = recv(handle, buffer, buffer_len, 0);
  614. if(bytes_read > 0){
  615. uint8_t *new_data = emalloc(bytes_read);
  616. memcpy(new_data, buffer, bytes_read);
  617. #ifdef DEBUG_PROXY
  618. printf("PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
  619. for(int i=0; i< bytes_read; i++){
  620. printf("%02x ", buffer[i]);
  621. }
  622. printf("\n");
  623. #endif
  624. //make a new queue block
  625. queue_block *new_block = emalloc(sizeof(queue_block));
  626. new_block->len = bytes_read;
  627. new_block->offset = 0;
  628. new_block->data = new_data;
  629. new_block->next = NULL;
  630. new_block->stream_id = stream_id;
  631. sem_wait(&clnt->queue_lock);
  632. if(downstream_queue->first_block == NULL){
  633. downstream_queue->first_block = new_block;
  634. }
  635. else{
  636. queue_block *last = downstream_queue->first_block;
  637. while(last->next != NULL)
  638. last = last->next;
  639. last->next = new_block;
  640. }
  641. sem_post(&clnt->queue_lock);
  642. } else {
  643. printf("PROXY (id %d): read %d bytes from censored site\n",stream_id, bytes_read);
  644. break;
  645. }
  646. }
  647. }
  648. printf("Closing connection for stream %d\n", stream_id);
  649. //remove self from list
  650. stream *last = streams->first;
  651. stream *prev = last;
  652. if(streams->first != NULL){
  653. if(last->stream_id == stream_id){
  654. streams->first = last->next;
  655. free(last);
  656. } else {
  657. while(last->next != NULL){
  658. prev = last;
  659. last = last->next;
  660. if(last->stream_id == stream_id){
  661. prev->next = last->next;
  662. free(last);
  663. break;
  664. }
  665. }
  666. }
  667. }
  668. if(thread_data->initial_data != NULL){
  669. free(thread_data->initial_data);
  670. }
  671. free(thread_data);
  672. free(buffer);
  673. close(handle);
  674. pthread_detach(pthread_self());
  675. pthread_exit(NULL);
  676. return 0;
  677. err:
  678. //remove self from list
  679. last = streams->first;
  680. prev = last;
  681. if(streams->first != NULL){
  682. if(last->stream_id == stream_id){
  683. streams->first = last->next;
  684. free(last);
  685. } else {
  686. while(last->next != NULL){
  687. prev = last;
  688. last = last->next;
  689. if(last->stream_id == stream_id){
  690. prev->next = last->next;
  691. free(last);
  692. break;
  693. }
  694. }
  695. }
  696. }
  697. if(thread_data->initial_data != NULL){
  698. free(thread_data->initial_data);
  699. }
  700. free(thread_data);
  701. if(handle > 0){
  702. close(handle);
  703. }
  704. pthread_detach(pthread_self());
  705. pthread_exit(NULL);
  706. return 0;
  707. }
  708. /** Replaces downstream record contents with data from the
  709. * censored queue, padding with garbage bytes if no more
  710. * censored data exists.
  711. *
  712. * Inputs:
  713. * f: the tagged flow
  714. * data: a pointer to the received packet's application
  715. * data
  716. * data_len: the length of the packet's application data
  717. * offset: if the packet is misordered, the number of
  718. * application-level bytes in missing packets
  719. *
  720. * Output:
  721. * Returns 0 on sucess
  722. */
  723. int process_downstream(flow *f, int32_t offset, struct packet_info *info){
  724. uint8_t changed = 0;
  725. uint8_t *p = info->app_data;
  726. uint32_t remaining_packet_len = info->app_data_len;
  727. if(f->remaining_record_len > 0){
  728. //ignore bytes until the end of the record
  729. if(f->remaining_record_len > remaining_packet_len){ //ignore entire packet
  730. if(f->outbox_len > 0){
  731. changed = 1;
  732. memcpy(p, f->outbox + f->outbox_offset, remaining_packet_len);
  733. f->outbox_len -= remaining_packet_len;
  734. f->outbox_offset += remaining_packet_len;
  735. }
  736. f->remaining_record_len -= remaining_packet_len;
  737. remaining_packet_len -= remaining_packet_len;
  738. } else {
  739. if(f->outbox_len > 0){
  740. changed = 1;
  741. memcpy(p, f->outbox + f->outbox_offset, f->remaining_record_len);
  742. f->outbox_len = 0;
  743. f->outbox_offset=0;
  744. free(f->outbox);
  745. }
  746. p += f->remaining_record_len;
  747. remaining_packet_len -= f->remaining_record_len;
  748. f->remaining_record_len = 0;
  749. }
  750. }
  751. while(remaining_packet_len > 0){ //while bytes remain in the packet
  752. if(remaining_packet_len < RECORD_HEADER_LEN){
  753. #ifdef DEBUG
  754. printf("partial record header: \n");
  755. for(int i= 0; i< remaining_packet_len; i++){
  756. printf("%02x ", p[i]);
  757. }
  758. printf("\n");
  759. fflush(stdout);
  760. #endif
  761. f->partial_record_header = emalloc(RECORD_HEADER_LEN);
  762. memcpy(f->partial_record_header, p, remaining_packet_len);
  763. f->partial_record_header_len = remaining_packet_len;
  764. remaining_packet_len -= remaining_packet_len;
  765. break;
  766. }
  767. struct record_header *record_hdr;
  768. if(f->partial_record_header_len > 0){
  769. memcpy(f->partial_record_header+ f->partial_record_header_len,
  770. p, RECORD_HEADER_LEN - f->partial_record_header_len);
  771. record_hdr = (struct record_header *) f->partial_record_header;
  772. } else {
  773. record_hdr = (struct record_header*) p;
  774. }
  775. uint32_t record_len = RECORD_LEN(record_hdr);
  776. #ifdef DEBUG
  777. fprintf(stdout,"Flow: %x > %x (%s)\n", info->ip_hdr->src.s_addr, info->ip_hdr->dst.s_addr, (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
  778. fprintf(stdout,"ID number: %u\n", htonl(info->ip_hdr->id));
  779. fprintf(stdout,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
  780. fprintf(stdout,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
  781. fprintf(stdout, "Record:\n");
  782. for(int i=0; i< RECORD_HEADER_LEN; i++){
  783. printf("%02x ", ((uint8_t *) record_hdr)[i]);
  784. }
  785. printf("\n");
  786. fflush(stdout);
  787. #endif
  788. p += (RECORD_HEADER_LEN - f->partial_record_header_len);
  789. remaining_packet_len -= (RECORD_HEADER_LEN - f->partial_record_header_len);
  790. uint8_t *record_ptr = p; //points to the beginning of record data
  791. uint32_t remaining_record_len = record_len;
  792. if(record_len > remaining_packet_len){
  793. int8_t increment_ctr = 1;
  794. f->remaining_record_len = record_len - remaining_packet_len;
  795. if(f->httpstate == PARSE_HEADER || f->httpstate == BEGIN_CHUNK || f->httpstate == END_CHUNK){
  796. #ifdef RESOURCE_DEBUG
  797. printf("record exceeds packet length, FORFEIT\n");
  798. #endif
  799. f->httpstate = FORFEIT_REST;
  800. } else if( f->httpstate == MID_CONTENT || f->httpstate == MID_CHUNK){
  801. f->remaining_response_len -= record_len - 24; //len of IV and padding
  802. if(f->remaining_response_len >= 0 && f->replace_response){
  803. //make a huge record, encrypt it, and then place it in the outbox
  804. f->outbox = emalloc(record_len+1);
  805. f->outbox_len = record_len;
  806. f->outbox_offset = 0;
  807. if(!fill_with_downstream(f, f->outbox + EVP_GCM_TLS_EXPLICIT_IV_LEN , record_len - (EVP_GCM_TLS_EXPLICIT_IV_LEN+ 16))){
  808. //encrypt (not a re-encryption)
  809. int32_t n = encrypt(f, f->outbox, f->outbox,
  810. record_len - 16, 1,
  811. record_hdr->type, 1, 0);
  812. if(n < 0){
  813. fprintf(stdout,"outbox encryption failed\n");
  814. } else {
  815. memcpy(p, f->outbox, remaining_packet_len);
  816. changed = 1;
  817. increment_ctr = 0;
  818. f->outbox_len -= remaining_packet_len;
  819. f->outbox_offset += remaining_packet_len;
  820. }
  821. } else { //failed to fill with downstream data, client unknown
  822. free(f->outbox);
  823. f->outbox = NULL;
  824. f->outbox_len = 0;
  825. f->replace_response = 0;
  826. }
  827. }
  828. if(f->remaining_response_len == 0){
  829. if(f->httpstate == MID_CHUNK)
  830. f->httpstate = END_CHUNK;
  831. else {
  832. f->httpstate = PARSE_HEADER;
  833. }
  834. }
  835. if(f->remaining_response_len < 0){
  836. f->remaining_response_len = 0;
  837. #ifdef RESOURCE_DEBUG
  838. printf("Resource is mid-content and super long record exceeds remaining resource len, FORFEIT\n");
  839. #endif
  840. f->httpstate = FORFEIT_REST;
  841. }
  842. }
  843. if(increment_ctr){//not decrypting record, must increment GCM ctr
  844. fake_encrypt(f, 1);
  845. }
  846. remaining_packet_len -= remaining_packet_len;
  847. if(f->partial_record_header_len > 0){
  848. f->partial_record_header_len = 0;
  849. free(f->partial_record_header);
  850. }
  851. break;
  852. }
  853. //now decrypt the record
  854. int32_t n = encrypt(f, record_ptr, record_ptr, record_len, 1,
  855. record_hdr->type, 0, 0);
  856. if(n < 0){
  857. //do something smarter here
  858. printf("Decryption failed\n");
  859. if(f->partial_record_header_len > 0){
  860. f->partial_record_header_len = 0;
  861. free(f->partial_record_header);
  862. }
  863. return 0;
  864. }
  865. changed = 1;
  866. #ifdef DEBUG_DOWN
  867. printf("Decrypted new record\n");
  868. //printf("Bytes:\n");
  869. //for(int i=0; i< n; i++){
  870. // printf("%02x ", record_ptr[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
  871. //}
  872. //printf("\n");
  873. printf("Text:\n");
  874. printf("%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  875. fflush(stdout);
  876. #endif
  877. p += EVP_GCM_TLS_EXPLICIT_IV_LEN;
  878. char *len_ptr, *needle;
  879. remaining_record_len = n;
  880. while(remaining_record_len > 0){
  881. #ifdef RESOURCE_DEBUG
  882. printf("Current state: %d\n", f->httpstate);
  883. #endif
  884. switch(f->httpstate){
  885. case PARSE_HEADER:
  886. //determine whether it's transfer encoded or otherwise
  887. //figure out what the content-type is
  888. len_ptr = strstr((const char *) p, "Content-Type: image");
  889. if(len_ptr != NULL){
  890. f->replace_response = 1;
  891. memcpy(len_ptr + 14, "sli/theen", 9);
  892. char *c = len_ptr + 14+9;
  893. while(c[0] != '\r'){
  894. c[0] = ' ';
  895. c++;
  896. }
  897. #ifdef RESOURCE_DEBUG
  898. printf("Found and replaced leaf header\n");
  899. #endif
  900. } else {
  901. f->replace_response = 0;
  902. }
  903. //check for 200 OK message
  904. len_ptr = strstr((const char *) p, "200 OK");
  905. if(len_ptr == NULL){
  906. f->replace_response = 0;
  907. }
  908. len_ptr = strstr((const char *) p, "Transfer-Encoding");
  909. if(len_ptr != NULL){
  910. if(!memcmp(len_ptr + 19, "chunked", 7)){
  911. //now find end of header
  912. len_ptr = strstr((const char *) p, "\r\n\r\n");
  913. if(len_ptr != NULL){
  914. f->httpstate = BEGIN_CHUNK;
  915. remaining_record_len -= (((uint8_t *)len_ptr - p) + 4);
  916. p = (uint8_t *) len_ptr + 4;
  917. }
  918. }
  919. } else {
  920. len_ptr = strstr((const char *) p, "Content-Length");
  921. if(len_ptr != NULL){
  922. len_ptr += 15;
  923. f->remaining_response_len = strtol((const char *) len_ptr, NULL, 10);
  924. #ifdef RESOURCE_DEBUG
  925. printf("content-length: %d\n", f->remaining_response_len);
  926. #endif
  927. len_ptr = strstr((const char *) p, "\r\n\r\n");
  928. if(len_ptr != NULL){
  929. f->httpstate = MID_CONTENT;
  930. remaining_record_len -= (((uint8_t *)len_ptr - p) + 4);
  931. p = (uint8_t *) len_ptr + 4;
  932. #ifdef RESOURCE_DEBUG
  933. printf("Remaining record len: %d\n", remaining_record_len);
  934. #endif
  935. } else {
  936. remaining_record_len = 0;
  937. #ifdef RESOURCE_DEBUG
  938. printf("Missing end of header. Sending to FORFEIT_REST\n");
  939. #endif
  940. f->httpstate = FORFEIT_REST;
  941. }
  942. } else {
  943. #ifdef RESOURCE_DEBUG
  944. printf("No content length of transfer encoding field, sending to FORFEIT_REST\n");
  945. #endif
  946. f->httpstate = FORFEIT_REST;
  947. remaining_record_len = 0;
  948. }
  949. }
  950. break;
  951. case MID_CONTENT:
  952. //check if content is replaceable
  953. if(f->remaining_response_len > remaining_record_len){
  954. if(f->replace_response){
  955. fill_with_downstream(f, p, remaining_record_len);
  956. #ifdef DEBUG_DOWN
  957. printf("Replaced with:\n");
  958. for(int i=0; i< remaining_record_len; i++){
  959. printf("%02x ", p[i]);
  960. }
  961. printf("\n");
  962. #endif
  963. }
  964. f->remaining_response_len -= remaining_record_len;
  965. p += remaining_record_len;
  966. remaining_record_len = 0;
  967. } else {
  968. if(f->replace_response){
  969. fill_with_downstream(f, p, remaining_record_len);
  970. #ifdef DEBUG_DOWN
  971. printf("Replaced with:\n");
  972. for(int i=0; i< remaining_record_len; i++){
  973. printf("%02x ", p[i]);
  974. }
  975. printf("\n");
  976. #endif
  977. }
  978. remaining_record_len -= f->remaining_response_len;
  979. p += f->remaining_response_len;
  980. f->httpstate = PARSE_HEADER;
  981. f->remaining_response_len = 0;
  982. }
  983. break;
  984. case BEGIN_CHUNK:
  985. {
  986. int32_t chunk_size = strtol((const char *) p, NULL, 16);
  987. if(chunk_size == 0){
  988. f->httpstate = END_BODY;
  989. } else {
  990. f->httpstate = MID_CHUNK;
  991. }
  992. f->remaining_response_len = chunk_size;
  993. needle = strstr((const char *) p, "\r\n");
  994. if(needle != NULL){
  995. remaining_record_len -= ((uint8_t *) needle - p + 2);
  996. p = (uint8_t *) needle + 2;
  997. } else {
  998. remaining_record_len = 0;
  999. #ifdef RESOURCE_DEBUG
  1000. printf("Error parsing in BEGIN_CHUNK, FORFEIT\n");
  1001. #endif
  1002. f->httpstate = FORFEIT_REST;
  1003. }
  1004. }
  1005. break;
  1006. case MID_CHUNK:
  1007. if(f->remaining_response_len > remaining_record_len){
  1008. if(f->replace_response){
  1009. fill_with_downstream(f, p, remaining_record_len);
  1010. #ifdef DEBUG_DOWN
  1011. printf("Replaced with:\n");
  1012. for(int i=0; i< remaining_record_len; i++){
  1013. printf("%02x ", p[i]);
  1014. }
  1015. printf("\n");
  1016. #endif
  1017. }
  1018. f->remaining_response_len -= remaining_record_len;
  1019. p += remaining_record_len;
  1020. remaining_record_len = 0;
  1021. } else {
  1022. if(f->replace_response){
  1023. fill_with_downstream(f, p, f->remaining_response_len);
  1024. #ifdef DEBUG_DOWN
  1025. printf("Replaced with:\n");
  1026. for(int i=0; i< f->remaining_response_len; i++){
  1027. printf("%02x ", p[i]);
  1028. }
  1029. printf("\n");
  1030. #endif
  1031. }
  1032. remaining_record_len -= f->remaining_response_len;
  1033. p += f->remaining_response_len;
  1034. f->remaining_response_len = 0;
  1035. f->httpstate = END_CHUNK;
  1036. }
  1037. break;
  1038. case END_CHUNK:
  1039. needle = strstr((const char *) p, "\r\n");
  1040. if(needle != NULL){
  1041. f->httpstate = BEGIN_CHUNK;
  1042. p += 2;
  1043. remaining_record_len -= 2;
  1044. } else {
  1045. remaining_record_len = 0;
  1046. printf("Couldn't find end of chunk, sending to FORFEIT_REST\n");
  1047. f->httpstate = FORFEIT_REST;
  1048. }
  1049. break;
  1050. case END_BODY:
  1051. needle = strstr((const char *) p, "\r\n");
  1052. if(needle != NULL){
  1053. f->httpstate = PARSE_HEADER;
  1054. p += 2;
  1055. remaining_record_len -= 2;
  1056. } else {
  1057. remaining_record_len = 0;
  1058. printf("Couldn't find end of body, sending to FORFEIT_REST\n");
  1059. f->httpstate = FORFEIT_REST;
  1060. }
  1061. break;
  1062. case FORFEIT_REST:
  1063. case USE_REST:
  1064. remaining_record_len = 0;
  1065. break;
  1066. default:
  1067. break;
  1068. }
  1069. }
  1070. #ifdef DEBUG_DOWN
  1071. if(changed && f->replace_response){
  1072. printf("Resource is now\n");
  1073. printf("Bytes:\n");
  1074. for(int i=0; i< n; i++){
  1075. printf("%02x ", record_ptr[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
  1076. }
  1077. printf("\n");
  1078. printf("Text:\n");
  1079. printf("%s\n", record_ptr+EVP_GCM_TLS_EXPLICIT_IV_LEN);
  1080. fflush(stdout);
  1081. }
  1082. #endif
  1083. if((n = encrypt(f, record_ptr, record_ptr,
  1084. n + EVP_GCM_TLS_EXPLICIT_IV_LEN, 1, record_hdr->type,
  1085. 1, 1)) < 0){
  1086. printf("UH OH, failed to re-encrypt record\n");
  1087. if(f->partial_record_header_len > 0){
  1088. f->partial_record_header_len = 0;
  1089. free(f->partial_record_header);
  1090. }
  1091. return 0;
  1092. }
  1093. p = record_ptr + record_len;
  1094. remaining_packet_len -= record_len;
  1095. if(f->partial_record_header_len > 0){
  1096. f->partial_record_header_len = 0;
  1097. free(f->partial_record_header);
  1098. }
  1099. }
  1100. if(changed){
  1101. tcp_checksum(info);
  1102. }
  1103. return 0;
  1104. }
  1105. /** Fills a given pointer with downstream data of the specified length. If no downstream data
  1106. * exists, pads it with garbage bytes. All downstream data is accompanied by a stream id and
  1107. * lengths of both the downstream data and garbage data
  1108. *
  1109. * Inputs:
  1110. * data: a pointer to where the downstream data should be entered
  1111. * length: The length of the downstream data required
  1112. *
  1113. */
  1114. int fill_with_downstream(flow *f, uint8_t *data, int32_t length){
  1115. uint8_t *p = data;
  1116. int32_t remaining = length;
  1117. struct slitheen_header *sl_hdr;
  1118. data_queue *downstream_queue = f->downstream_queue;
  1119. client *client_ptr = f->client_ptr;
  1120. if(client_ptr == NULL){
  1121. printf("ERROR: no client\n");
  1122. return 1;
  1123. }
  1124. //Fill as much as we can from the censored_queue
  1125. //Note: need enough for the header and one block of data (16 byte IV, 16 byte
  1126. // block, 16 byte MAC) = header_len + 48.
  1127. while((remaining > (SLITHEEN_HEADER_LEN + 48)) && downstream_queue != NULL && downstream_queue->first_block != NULL){
  1128. //amount of data we'll actualy fill with (16 byte IV and 16 byte MAC)
  1129. int32_t fill_amount = remaining - SLITHEEN_HEADER_LEN - 32;
  1130. fill_amount -= fill_amount % 16; //rounded down to nearest block size
  1131. sem_wait(&client_ptr->queue_lock);
  1132. queue_block *first_block = downstream_queue->first_block;
  1133. int32_t block_length = first_block->len;
  1134. int32_t offset = first_block->offset;
  1135. #ifdef DEBUG
  1136. printf("Censored queue is at %p.\n", first_block);
  1137. printf("This block has %d bytes left\n", block_length - offset);
  1138. printf("We need %d bytes\n", remaining - SLITHEEN_HEADER_LEN);
  1139. #endif
  1140. uint8_t *encrypted_data = p;
  1141. sl_hdr = (struct slitheen_header *) p;
  1142. sl_hdr->counter = ++(client_ptr->encryption_counter);
  1143. sl_hdr->stream_id = first_block->stream_id;
  1144. sl_hdr->len = 0x0000;
  1145. sl_hdr->garbage = 0x0000;
  1146. sl_hdr->zeros = 0x0000;
  1147. p += SLITHEEN_HEADER_LEN;
  1148. remaining -= SLITHEEN_HEADER_LEN;
  1149. p += 16; //iv length
  1150. remaining -= 16;
  1151. if(block_length > offset + fill_amount){
  1152. //use part of the block, update offset
  1153. memcpy(p, first_block->data+offset, fill_amount);
  1154. first_block->offset += fill_amount;
  1155. p += fill_amount;
  1156. sl_hdr->len = fill_amount;
  1157. remaining -= fill_amount;
  1158. } else {
  1159. //use all of the block and free it
  1160. memcpy(p, first_block->data+offset, block_length - offset);
  1161. free(first_block->data);
  1162. downstream_queue->first_block = first_block->next;
  1163. free(first_block);
  1164. p += (block_length - offset);
  1165. sl_hdr->len = (block_length - offset);
  1166. remaining -= (block_length - offset);
  1167. }
  1168. sem_post(&client_ptr->queue_lock);
  1169. //pad to 16 bytes if necessary
  1170. uint8_t padding = 0;
  1171. if(sl_hdr->len %16){
  1172. padding = 16 - (sl_hdr->len)%16;
  1173. memset(p, padding, padding);
  1174. remaining -= padding;
  1175. p += padding;
  1176. }
  1177. p += 16;
  1178. remaining -= 16;
  1179. //fill rest of packet with padding, if needed
  1180. if(remaining < SLITHEEN_HEADER_LEN){
  1181. RAND_bytes(p, remaining);
  1182. sl_hdr->garbage = htons(remaining);
  1183. p += remaining;
  1184. remaining -= remaining;
  1185. }
  1186. int16_t data_len = sl_hdr->len;
  1187. sl_hdr->len = htons(sl_hdr->len);
  1188. //now encrypt
  1189. super_encrypt(client_ptr, encrypted_data, data_len + padding);
  1190. #ifdef DEBUG_DOWN
  1191. printf("DWNSTRM: slitheen header: ");
  1192. for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
  1193. printf("%02x ",((uint8_t *) sl_hdr)[i]);
  1194. }
  1195. printf("\n");
  1196. printf("Sending %d downstream bytes:", data_len);
  1197. for(int i=0; i< data_len+16+16; i++){
  1198. printf("%02x ", ((uint8_t *) sl_hdr)[i+SLITHEEN_HEADER_LEN]);
  1199. }
  1200. printf("\n");
  1201. #endif
  1202. }
  1203. //now, if we need more data, fill with garbage
  1204. if(remaining >= SLITHEEN_HEADER_LEN ){
  1205. sl_hdr = (struct slitheen_header *) p;
  1206. sl_hdr->counter = 0x00;
  1207. sl_hdr->stream_id = 0x00;
  1208. remaining -= SLITHEEN_HEADER_LEN;
  1209. sl_hdr->len = 0x00;
  1210. sl_hdr->garbage = htons(remaining);
  1211. sl_hdr->zeros = 0x0000;
  1212. #ifdef DEBUG_DOWN
  1213. printf("DWNSTRM: slitheen header: ");
  1214. for(int i=0; i< SLITHEEN_HEADER_LEN; i++){
  1215. printf("%02x ", p[i]);
  1216. }
  1217. printf("\n");
  1218. #endif
  1219. //encrypt slitheen header
  1220. super_encrypt(client_ptr, p, 0);
  1221. p += SLITHEEN_HEADER_LEN;
  1222. RAND_bytes(p, remaining);
  1223. } else if(remaining > 0){
  1224. //fill with random data
  1225. RAND_bytes(p, remaining);
  1226. }
  1227. return 0;
  1228. }
  1229. /** Computes the TCP checksum of the data according to RFC 793
  1230. * sum all 16-bit words in the segment, pad the last word if
  1231. * needed
  1232. *
  1233. * there is a pseudo-header prefixed to the segment and
  1234. * included in the checksum:
  1235. *
  1236. * +--------+--------+--------+--------+
  1237. * | Source Address |
  1238. * +--------+--------+--------+--------+
  1239. * | Destination Address |
  1240. * +--------+--------+--------+--------+
  1241. * | zero | PTCL | TCP Length |
  1242. * +--------+--------+--------+--------+
  1243. */
  1244. uint16_t tcp_checksum(struct packet_info *info){
  1245. uint16_t tcp_length = info->app_data_len + info->size_tcp_hdr;
  1246. struct in_addr src = info->ip_hdr->src;
  1247. struct in_addr dst = info->ip_hdr->dst;
  1248. uint8_t proto = IPPROTO_TCP;
  1249. //set the checksum to zero
  1250. info->tcp_hdr->chksum = 0;
  1251. //sum pseudoheader
  1252. uint32_t sum = (ntohl(src.s_addr)) >> 16;
  1253. sum += (ntohl(src.s_addr)) &0xFFFF;
  1254. sum += (ntohl(dst.s_addr)) >> 16;
  1255. sum += (ntohl(dst.s_addr)) & 0xFFFF;
  1256. sum += proto;
  1257. sum += tcp_length;
  1258. //sum tcp header (with zero-d checksum)
  1259. uint8_t *p = (uint8_t *) info->tcp_hdr;
  1260. for(int i=0; i < info->size_tcp_hdr; i+=2){
  1261. sum += (uint16_t) ((p[i] << 8) + p[i+1]);
  1262. }
  1263. //now sum the application data
  1264. p = info->app_data;
  1265. for(int i=0; i< info->app_data_len-1; i+=2){
  1266. sum += (uint16_t) ((p[i] << 8) + p[i+1]);
  1267. }
  1268. if(info->app_data_len %2 != 0){
  1269. sum += (uint16_t) (p[info->app_data_len - 1]) << 8;
  1270. }
  1271. //now add most significant to last significant bits
  1272. sum = (sum >> 16) + (sum & 0xFFFF);
  1273. sum += sum >>16;
  1274. //now subtract from 0xFF
  1275. sum = 0xFFFF - sum;
  1276. //set chksum to calculated value
  1277. info->tcp_hdr->chksum = ntohs(sum);
  1278. return (uint16_t) sum;
  1279. }