- OpenBSD CVS update:
- [packet.h packet.c] ssh2 packet format - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c] [channels.h channels.c] channel layer support for ssh2 - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h] DSA, keyexchange, algorithm agreement for ssh2
This commit is contained in:
parent
193ba88dd6
commit
33b13568b5
|
@ -1,5 +1,13 @@
|
|||
20000404
|
||||
- Add tests for RAND_add function when searching for OpenSSL
|
||||
- OpenBSD CVS update:
|
||||
- [packet.h packet.c]
|
||||
ssh2 packet format
|
||||
- [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
|
||||
[channels.h channels.c]
|
||||
channel layer support for ssh2
|
||||
- [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
|
||||
DSA, keyexchange, algorithm agreement for ssh2
|
||||
|
||||
20000403
|
||||
- Wrote entropy collection routines for systems that lack /dev/random
|
||||
|
|
|
@ -31,7 +31,7 @@ LDFLAGS=-L. @LDFLAGS@
|
|||
|
||||
TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
|
||||
|
||||
LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hostfile.o key.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o
|
||||
LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o
|
||||
|
||||
SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o
|
||||
|
||||
|
|
460
channels.c
460
channels.c
|
@ -13,10 +13,11 @@
|
|||
* There is also code for initiating connection forwarding for X11 connections,
|
||||
* arbitrary tcp/ip connections, and the authentication agent connection.
|
||||
*
|
||||
* SSH2 support added by Markus Friedl.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: channels.c,v 1.20 2000/04/01 01:09:23 damien Exp $");
|
||||
RCSID("$Id: channels.c,v 1.21 2000/04/04 04:39:00 damien Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "packet.h"
|
||||
|
@ -31,6 +32,8 @@ RCSID("$Id: channels.c,v 1.20 2000/04/01 01:09:23 damien Exp $");
|
|||
#include "nchan.h"
|
||||
#include "compat.h"
|
||||
|
||||
#include "ssh2.h"
|
||||
|
||||
/* Maximum number of fake X11 displays to try. */
|
||||
#define MAX_DISPLAYS 1000
|
||||
|
||||
|
@ -165,6 +168,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
|||
|
||||
/* Do initial allocation if this is the first call. */
|
||||
if (channels_alloc == 0) {
|
||||
chan_init();
|
||||
channels_alloc = 10;
|
||||
channels = xmalloc(channels_alloc * sizeof(Channel));
|
||||
for (i = 0; i < channels_alloc; i++)
|
||||
|
@ -237,9 +241,28 @@ channel_free(int id)
|
|||
if (c == NULL)
|
||||
packet_disconnect("channel free: bad local channel %d", id);
|
||||
debug("channel_free: channel %d: status: %s", id, channel_open_message());
|
||||
if (c->dettach_user != NULL) {
|
||||
debug("channel_free: channel %d: dettaching channel user", id);
|
||||
c->dettach_user(c->self, NULL);
|
||||
}
|
||||
if (c->sock != -1) {
|
||||
shutdown(c->sock, SHUT_RDWR);
|
||||
close(c->sock);
|
||||
c->sock = -1;
|
||||
}
|
||||
if (compat20) {
|
||||
if (c->rfd != -1) {
|
||||
close(c->rfd);
|
||||
c->rfd = -1;
|
||||
}
|
||||
if (c->wfd != -1) {
|
||||
close(c->wfd);
|
||||
c->wfd = -1;
|
||||
}
|
||||
if (c->efd != -1) {
|
||||
close(c->efd);
|
||||
c->efd = -1;
|
||||
}
|
||||
}
|
||||
buffer_free(&c->input);
|
||||
buffer_free(&c->output);
|
||||
|
@ -295,6 +318,32 @@ channel_pre_open_15(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
}
|
||||
|
||||
void
|
||||
channel_pre_open_20(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
if (c->istate == CHAN_INPUT_OPEN &&
|
||||
c->remote_window > 0 &&
|
||||
buffer_len(&c->input) < c->remote_window)
|
||||
FD_SET(c->rfd, readset);
|
||||
if (c->ostate == CHAN_OUTPUT_OPEN ||
|
||||
c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
||||
if (buffer_len(&c->output) > 0) {
|
||||
FD_SET(c->wfd, writeset);
|
||||
} else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
|
||||
chan_obuf_empty(c);
|
||||
}
|
||||
}
|
||||
/** XXX check close conditions, too */
|
||||
if (c->efd != -1) {
|
||||
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
|
||||
buffer_len(&c->extended) > 0)
|
||||
FD_SET(c->efd, writeset);
|
||||
else if (c->extended_usage == CHAN_EXTENDED_READ &&
|
||||
buffer_len(&c->extended) < c->remote_window)
|
||||
FD_SET(c->efd, readset);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
channel_pre_input_draining(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
|
@ -483,15 +532,27 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
SSH_CHANNEL_OPENING, newsock, newsock, -1,
|
||||
c->local_window_max, c->local_maxpacket,
|
||||
0, xstrdup(buf));
|
||||
|
||||
packet_start(SSH_MSG_PORT_OPEN);
|
||||
packet_put_int(newch);
|
||||
packet_put_string(c->path, strlen(c->path));
|
||||
packet_put_int(c->host_port);
|
||||
if (have_hostname_in_open) {
|
||||
packet_put_string(buf, strlen(buf));
|
||||
if (compat20) {
|
||||
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
||||
packet_put_cstring("direct-tcpip");
|
||||
packet_put_int(newch);
|
||||
packet_put_int(c->local_window_max);
|
||||
packet_put_int(c->local_maxpacket);
|
||||
packet_put_string(c->path, strlen(c->path));
|
||||
packet_put_int(c->host_port);
|
||||
packet_put_cstring(remote_hostname);
|
||||
packet_put_int(remote_port);
|
||||
packet_send();
|
||||
} else {
|
||||
packet_start(SSH_MSG_PORT_OPEN);
|
||||
packet_put_int(newch);
|
||||
packet_put_string(c->path, strlen(c->path));
|
||||
packet_put_int(c->host_port);
|
||||
if (have_hostname_in_open) {
|
||||
packet_put_string(buf, strlen(buf));
|
||||
}
|
||||
packet_send();
|
||||
}
|
||||
packet_send();
|
||||
xfree(remote_hostname);
|
||||
}
|
||||
}
|
||||
|
@ -569,6 +630,56 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
return -1;
|
||||
}
|
||||
buffer_consume(&c->output, len);
|
||||
if (compat20 && len > 0) {
|
||||
c->local_consumed += len;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
int
|
||||
channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
char buf[16*1024];
|
||||
int len;
|
||||
|
||||
if (c->efd != -1) {
|
||||
if (c->extended_usage == CHAN_EXTENDED_WRITE &&
|
||||
FD_ISSET(c->efd, writeset) &&
|
||||
buffer_len(&c->extended) > 0) {
|
||||
len = write(c->efd, buffer_ptr(&c->extended),
|
||||
buffer_len(&c->extended));
|
||||
debug("channel %d: written %d to efd %d",
|
||||
c->self, len, c->efd);
|
||||
if (len > 0) {
|
||||
buffer_consume(&c->extended, len);
|
||||
c->local_consumed += len;
|
||||
}
|
||||
} else if (c->extended_usage == CHAN_EXTENDED_READ &&
|
||||
FD_ISSET(c->efd, readset)) {
|
||||
len = read(c->efd, buf, sizeof(buf));
|
||||
debug("channel %d: read %d from efd %d",
|
||||
c->self, len, c->efd);
|
||||
if (len > 0)
|
||||
buffer_append(&c->extended, buf, len);
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
int
|
||||
channel_check_window(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
if (!(c->flags & CHAN_CLOSE_SENT) &&
|
||||
c->local_window < c->local_window_max/2 &&
|
||||
c->local_consumed > 0) {
|
||||
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_put_int(c->local_consumed);
|
||||
packet_send();
|
||||
debug("channel %d: window %d sent adjust %d",
|
||||
c->self, c->local_window,
|
||||
c->local_consumed);
|
||||
c->local_window += c->local_consumed;
|
||||
c->local_consumed = 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
@ -580,6 +691,15 @@ channel_post_open_1(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
channel_handle_wfd(c, readset, writeset);
|
||||
}
|
||||
|
||||
void
|
||||
channel_post_open_2(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
channel_handle_rfd(c, readset, writeset);
|
||||
channel_handle_wfd(c, readset, writeset);
|
||||
channel_handle_efd(c, readset, writeset);
|
||||
channel_check_window(c, readset, writeset);
|
||||
}
|
||||
|
||||
void
|
||||
channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
|
||||
{
|
||||
|
@ -595,6 +715,16 @@ channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
}
|
||||
|
||||
void
|
||||
channel_handler_init_20(void)
|
||||
{
|
||||
channel_pre[SSH_CHANNEL_OPEN] = &channel_pre_open_20;
|
||||
channel_pre[SSH_CHANNEL_PORT_LISTENER] = &channel_pre_listener;
|
||||
|
||||
channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_2;
|
||||
channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener;
|
||||
}
|
||||
|
||||
void
|
||||
channel_handler_init_13(void)
|
||||
{
|
||||
|
@ -636,7 +766,9 @@ channel_handler_init(void)
|
|||
channel_pre[i] = NULL;
|
||||
channel_post[i] = NULL;
|
||||
}
|
||||
if (compat13)
|
||||
if (compat20)
|
||||
channel_handler_init_20();
|
||||
else if (compat13)
|
||||
channel_handler_init_13();
|
||||
else
|
||||
channel_handler_init_15();
|
||||
|
@ -660,8 +792,7 @@ channel_handler(chan_fn *ftab[], fd_set * readset, fd_set * writeset)
|
|||
if (ftab[c->type] == NULL)
|
||||
continue;
|
||||
(*ftab[c->type])(c, readset, writeset);
|
||||
if (!compat13)
|
||||
chan_delete_if_full_closed(c);
|
||||
chan_delete_if_full_closed(c);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -700,27 +831,39 @@ channel_output_poll()
|
|||
c->istate != CHAN_INPUT_WAIT_DRAIN)
|
||||
continue;
|
||||
}
|
||||
if (compat20 && (c->flags & CHAN_CLOSE_SENT)) {
|
||||
debug("channel: %d: no data after CLOSE", c->self);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Get the amount of buffered data for this channel. */
|
||||
len = buffer_len(&c->input);
|
||||
if (len > 0) {
|
||||
/* Send some data for the other side over the secure connection. */
|
||||
if (packet_is_interactive()) {
|
||||
if (len > 1024)
|
||||
len = 512;
|
||||
if (compat20) {
|
||||
if (len > c->remote_window)
|
||||
len = c->remote_window;
|
||||
if (len > c->remote_maxpacket)
|
||||
len = c->remote_maxpacket;
|
||||
} else {
|
||||
/* Keep the packets at reasonable size. */
|
||||
if (len > packet_get_maxsize())
|
||||
len = packet_get_maxsize()/2;
|
||||
if (packet_is_interactive()) {
|
||||
if (len > 1024)
|
||||
len = 512;
|
||||
} else {
|
||||
/* Keep the packets at reasonable size. */
|
||||
if (len > packet_get_maxsize()/2)
|
||||
len = packet_get_maxsize()/2;
|
||||
}
|
||||
}
|
||||
if (len > 0) {
|
||||
packet_start(SSH_MSG_CHANNEL_DATA);
|
||||
packet_start(compat20 ?
|
||||
SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_put_string(buffer_ptr(&c->input), len);
|
||||
packet_send();
|
||||
buffer_consume(&c->input, len);
|
||||
c->remote_window -= len;
|
||||
debug("channel %d: send data len %d", c->self, len);
|
||||
debug("channel %d: send data len %d", c->self, len);
|
||||
}
|
||||
} else if (c->istate == CHAN_INPUT_WAIT_DRAIN) {
|
||||
if (compat13)
|
||||
|
@ -731,6 +874,23 @@ debug("channel %d: send data len %d", c->self, len);
|
|||
*/
|
||||
chan_ibuf_empty(c);
|
||||
}
|
||||
/* Send extended data, i.e. stderr */
|
||||
if (compat20 &&
|
||||
c->remote_window > 0 &&
|
||||
(len = buffer_len(&c->extended)) > 0 &&
|
||||
c->extended_usage == CHAN_EXTENDED_READ) {
|
||||
if (len > c->remote_window)
|
||||
len = c->remote_window;
|
||||
if (len > c->remote_maxpacket)
|
||||
len = c->remote_maxpacket;
|
||||
packet_start(SSH2_MSG_CHANNEL_EXTENDED_DATA);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_put_int(SSH2_EXTENDED_DATA_STDERR);
|
||||
packet_put_string(buffer_ptr(&c->extended), len);
|
||||
packet_send();
|
||||
buffer_consume(&c->extended, len);
|
||||
c->remote_window -= len;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -766,10 +926,63 @@ channel_input_data(int type, int plen)
|
|||
/* Get the data. */
|
||||
data = packet_get_string(&data_len);
|
||||
|
||||
packet_integrity_check(plen, 4 + 4 + data_len, SSH_MSG_CHANNEL_DATA);
|
||||
if (compat20){
|
||||
if (data_len > c->local_maxpacket) {
|
||||
log("channel %d: rcvd big packet %d, maxpack %d",
|
||||
c->self, data_len, c->local_maxpacket);
|
||||
}
|
||||
if (data_len > c->local_window) {
|
||||
log("channel %d: rcvd too much data %d, win %d",
|
||||
c->self, data_len, c->local_window);
|
||||
xfree(data);
|
||||
return;
|
||||
}
|
||||
c->local_window -= data_len;
|
||||
}else{
|
||||
packet_integrity_check(plen, 4 + 4 + data_len, type);
|
||||
}
|
||||
buffer_append(&c->output, data, data_len);
|
||||
xfree(data);
|
||||
}
|
||||
void
|
||||
channel_input_extended_data(int type, int plen)
|
||||
{
|
||||
int id;
|
||||
int tcode;
|
||||
char *data;
|
||||
unsigned int data_len;
|
||||
Channel *c;
|
||||
|
||||
/* Get the channel number and verify it. */
|
||||
id = packet_get_int();
|
||||
c = channel_lookup(id);
|
||||
|
||||
if (c == NULL)
|
||||
packet_disconnect("Received extended_data for bad channel %d.", id);
|
||||
if (c->type != SSH_CHANNEL_OPEN) {
|
||||
log("channel %d: ext data for non open", id);
|
||||
return;
|
||||
}
|
||||
tcode = packet_get_int();
|
||||
if (c->efd == -1 ||
|
||||
c->extended_usage != CHAN_EXTENDED_WRITE ||
|
||||
tcode != SSH2_EXTENDED_DATA_STDERR) {
|
||||
log("channel %d: bad ext data", c->self);
|
||||
return;
|
||||
}
|
||||
data = packet_get_string(&data_len);
|
||||
if (data_len > c->local_window) {
|
||||
log("channel %d: rcvd too much extended_data %d, win %d",
|
||||
c->self, data_len, c->local_window);
|
||||
xfree(data);
|
||||
return;
|
||||
}
|
||||
debug("channel %d: rcvd ext data %d", c->self, data_len);
|
||||
c->local_window -= data_len;
|
||||
buffer_append(&c->extended, data, data_len);
|
||||
xfree(data);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Returns true if no channel has too much buffered data, and false if one or
|
||||
|
@ -785,7 +998,7 @@ channel_not_very_much_buffered_data()
|
|||
for (i = 0; i < channels_alloc; i++) {
|
||||
c = &channels[i];
|
||||
if (c->type == SSH_CHANNEL_OPEN) {
|
||||
if (buffer_len(&c->input) > packet_get_maxsize()) {
|
||||
if (!compat20 && buffer_len(&c->input) > packet_get_maxsize()) {
|
||||
debug("channel %d: big input buffer %d",
|
||||
c->self, buffer_len(&c->input));
|
||||
return 0;
|
||||
|
@ -886,7 +1099,8 @@ channel_input_open_confirmation(int type, int plen)
|
|||
int id, remote_id;
|
||||
Channel *c;
|
||||
|
||||
packet_integrity_check(plen, 4 + 4, type);
|
||||
if (!compat20)
|
||||
packet_integrity_check(plen, 4 + 4, type);
|
||||
|
||||
id = packet_get_int();
|
||||
c = channel_lookup(id);
|
||||
|
@ -898,6 +1112,18 @@ channel_input_open_confirmation(int type, int plen)
|
|||
/* Record the remote channel number and mark that the channel is now open. */
|
||||
c->remote_id = remote_id;
|
||||
c->type = SSH_CHANNEL_OPEN;
|
||||
|
||||
if (compat20) {
|
||||
c->remote_window = packet_get_int();
|
||||
c->remote_maxpacket = packet_get_int();
|
||||
if (c->cb_fn != NULL && c->cb_event == type) {
|
||||
debug("callback start");
|
||||
c->cb_fn(c->self, c->cb_arg);
|
||||
debug("callback done");
|
||||
}
|
||||
debug("channel %d: open confirm rwindow %d rmax %d", c->self,
|
||||
c->remote_window, c->remote_maxpacket);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -906,7 +1132,8 @@ channel_input_open_failure(int type, int plen)
|
|||
int id;
|
||||
Channel *c;
|
||||
|
||||
packet_integrity_check(plen, 4, type);
|
||||
if (!compat20)
|
||||
packet_integrity_check(plen, 4, type);
|
||||
|
||||
id = packet_get_int();
|
||||
c = channel_lookup(id);
|
||||
|
@ -914,11 +1141,64 @@ channel_input_open_failure(int type, int plen)
|
|||
if (c==NULL || c->type != SSH_CHANNEL_OPENING)
|
||||
packet_disconnect("Received open failure for "
|
||||
"non-opening channel %d.", id);
|
||||
|
||||
if (compat20) {
|
||||
int reason = packet_get_int();
|
||||
char *msg = packet_get_string(NULL);
|
||||
log("channel_open_failure: %d: reason %d: %s", id, reason, msg);
|
||||
xfree(msg);
|
||||
}
|
||||
/* Free the channel. This will also close the socket. */
|
||||
channel_free(id);
|
||||
}
|
||||
|
||||
void
|
||||
channel_input_channel_request(int type, int plen)
|
||||
{
|
||||
int id;
|
||||
Channel *c;
|
||||
|
||||
id = packet_get_int();
|
||||
c = channel_lookup(id);
|
||||
|
||||
if (c == NULL ||
|
||||
(c->type != SSH_CHANNEL_OPEN && c->type != SSH_CHANNEL_LARVAL))
|
||||
packet_disconnect("Received request for "
|
||||
"non-open channel %d.", id);
|
||||
if (c->cb_fn != NULL && c->cb_event == type) {
|
||||
debug("callback start");
|
||||
c->cb_fn(c->self, c->cb_arg);
|
||||
debug("callback done");
|
||||
} else {
|
||||
char *service = packet_get_string(NULL);
|
||||
debug("channel: %d rcvd request for %s", c->self, service);
|
||||
debug("cb_fn %p cb_event %d", c->cb_fn , c->cb_event);
|
||||
xfree(service);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
channel_input_window_adjust(int type, int plen)
|
||||
{
|
||||
Channel *c;
|
||||
int id, adjust;
|
||||
|
||||
if (!compat20)
|
||||
return;
|
||||
|
||||
/* Get the channel number and verify it. */
|
||||
id = packet_get_int();
|
||||
c = channel_lookup(id);
|
||||
|
||||
if (c == NULL || c->type != SSH_CHANNEL_OPEN) {
|
||||
log("Received window adjust for "
|
||||
"non-open channel %d.", id);
|
||||
return;
|
||||
}
|
||||
adjust = packet_get_int();
|
||||
debug("channel %d: rcvd adjust %d", id, adjust);
|
||||
c->remote_window += adjust;
|
||||
}
|
||||
|
||||
/*
|
||||
* Stops listening for channels, and removes any unix domain sockets that we
|
||||
* might have.
|
||||
|
@ -983,6 +1263,10 @@ channel_still_open()
|
|||
case SSH_CHANNEL_CLOSED:
|
||||
case SSH_CHANNEL_AUTH_SOCKET:
|
||||
continue;
|
||||
case SSH_CHANNEL_LARVAL:
|
||||
if (!compat20)
|
||||
fatal("cannot happen: SSH_CHANNEL_LARVAL");
|
||||
continue;
|
||||
case SSH_CHANNEL_OPENING:
|
||||
case SSH_CHANNEL_OPEN:
|
||||
case SSH_CHANNEL_X11_OPEN:
|
||||
|
@ -1024,6 +1308,7 @@ channel_open_message()
|
|||
case SSH_CHANNEL_CLOSED:
|
||||
case SSH_CHANNEL_AUTH_SOCKET:
|
||||
continue;
|
||||
case SSH_CHANNEL_LARVAL:
|
||||
case SSH_CHANNEL_OPENING:
|
||||
case SSH_CHANNEL_OPEN:
|
||||
case SSH_CHANNEL_X11_OPEN:
|
||||
|
@ -1156,17 +1441,26 @@ channel_request_remote_forwarding(u_short listen_port, const char *host_to_conne
|
|||
num_permitted_opens++;
|
||||
|
||||
/* Send the forward request to the remote side. */
|
||||
packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
|
||||
packet_put_int(port_to_connect);
|
||||
packet_put_string(host_to_connect, strlen(host_to_connect));
|
||||
packet_put_int(listen_port);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
/*
|
||||
* Wait for response from the remote side. It will send a disconnect
|
||||
* message on failure, and we will never see it here.
|
||||
*/
|
||||
packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
|
||||
if (compat20) {
|
||||
const char *address_to_bind = "0.0.0.0";
|
||||
packet_start(SSH2_MSG_GLOBAL_REQUEST);
|
||||
packet_put_cstring("tcpip-forward");
|
||||
packet_put_char(0); /* boolean: want reply */
|
||||
packet_put_cstring(address_to_bind);
|
||||
packet_put_int(listen_port);
|
||||
} else {
|
||||
packet_start(SSH_CMSG_PORT_FORWARD_REQUEST);
|
||||
packet_put_int(port_to_connect);
|
||||
packet_put_cstring(host_to_connect);
|
||||
packet_put_int(listen_port);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
/*
|
||||
* Wait for response from the remote side. It will send a disconnect
|
||||
* message on failure, and we will never see it here.
|
||||
*/
|
||||
packet_read_expect(&payload_len, SSH_SMSG_SUCCESS);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1839,3 +2133,97 @@ auth_input_open_request(int type, int plen)
|
|||
packet_put_int(newch);
|
||||
packet_send();
|
||||
}
|
||||
|
||||
void
|
||||
channel_open(int id)
|
||||
{
|
||||
Channel *c = channel_lookup(id);
|
||||
if (c == NULL) {
|
||||
log("channel_open: %d: bad id", id);
|
||||
return;
|
||||
}
|
||||
packet_start(SSH2_MSG_CHANNEL_OPEN);
|
||||
packet_put_cstring(c->ctype);
|
||||
packet_put_int(c->self);
|
||||
packet_put_int(c->local_window);
|
||||
packet_put_int(c->local_maxpacket);
|
||||
packet_send();
|
||||
debug("channel open %d", id);
|
||||
}
|
||||
void
|
||||
channel_request(int id, char *service, int wantconfirm)
|
||||
{
|
||||
channel_request_start(id, service, wantconfirm);
|
||||
packet_send();
|
||||
debug("channel request %d: %s", id, service) ;
|
||||
}
|
||||
void
|
||||
channel_request_start(int id, char *service, int wantconfirm)
|
||||
{
|
||||
Channel *c = channel_lookup(id);
|
||||
if (c == NULL) {
|
||||
log("channel_request: %d: bad id", id);
|
||||
return;
|
||||
}
|
||||
packet_start(SSH2_MSG_CHANNEL_REQUEST);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_put_cstring(service);
|
||||
packet_put_char(wantconfirm);
|
||||
}
|
||||
void
|
||||
channel_register_callback(int id, int mtype, channel_callback_fn *fn, void *arg)
|
||||
{
|
||||
Channel *c = channel_lookup(id);
|
||||
if (c == NULL) {
|
||||
log("channel_register_callback: %d: bad id", id);
|
||||
return;
|
||||
}
|
||||
c->cb_event = mtype;
|
||||
c->cb_fn = fn;
|
||||
c->cb_arg = arg;
|
||||
}
|
||||
void
|
||||
channel_register_cleanup(int id, channel_callback_fn *fn)
|
||||
{
|
||||
Channel *c = channel_lookup(id);
|
||||
if (c == NULL) {
|
||||
log("channel_register_cleanup: %d: bad id", id);
|
||||
return;
|
||||
}
|
||||
c->dettach_user = fn;
|
||||
}
|
||||
void
|
||||
channel_cancel_cleanup(int id)
|
||||
{
|
||||
Channel *c = channel_lookup(id);
|
||||
if (c == NULL) {
|
||||
log("channel_cancel_cleanup: %d: bad id", id);
|
||||
return;
|
||||
}
|
||||
c->dettach_user = NULL;
|
||||
}
|
||||
|
||||
void
|
||||
channel_set_fds(int id, int rfd, int wfd, int efd, int extusage)
|
||||
{
|
||||
Channel *c = channel_lookup(id);
|
||||
if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
|
||||
fatal("channel_activate for non-larval channel %d.", id);
|
||||
if (rfd > channel_max_fd_value)
|
||||
channel_max_fd_value = rfd;
|
||||
if (wfd > channel_max_fd_value)
|
||||
channel_max_fd_value = wfd;
|
||||
if (efd > channel_max_fd_value)
|
||||
channel_max_fd_value = efd;
|
||||
c->type = SSH_CHANNEL_OPEN;
|
||||
c->rfd = rfd;
|
||||
c->wfd = wfd;
|
||||
c->efd = efd;
|
||||
c->extended_usage = extusage;
|
||||
/* XXX window size? */
|
||||
c->local_window = c->local_window_max = c->local_maxpacket/2;
|
||||
packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_put_int(c->local_window);
|
||||
packet_send();
|
||||
}
|
||||
|
|
15
channels.h
15
channels.h
|
@ -1,4 +1,4 @@
|
|||
/* RCSID("$Id: channels.h,v 1.5 2000/04/01 01:09:23 damien Exp $"); */
|
||||
/* RCSID("$Id: channels.h,v 1.6 2000/04/04 04:39:01 damien Exp $"); */
|
||||
|
||||
#ifndef CHANNELS_H
|
||||
#define CHANNELS_H
|
||||
|
@ -30,6 +30,7 @@ typedef struct Channel {
|
|||
/* peer can be reached over encrypted connection, via packet-sent */
|
||||
int istate; /* input from channel (state of receive half) */
|
||||
int ostate; /* output to channel (state of transmit half) */
|
||||
int flags; /* close sent/rcvd */
|
||||
int rfd; /* read fd */
|
||||
int wfd; /* write fd */
|
||||
int efd; /* extended fd */
|
||||
|
@ -66,21 +67,30 @@ typedef struct Channel {
|
|||
#define CHAN_EXTENDED_READ 1
|
||||
#define CHAN_EXTENDED_WRITE 2
|
||||
|
||||
void channel_set_fds(int id, int rfd, int wfd, int efd, int extusage);
|
||||
void channel_open(int id);
|
||||
void channel_request(int id, char *service, int wantconfirm);
|
||||
void channel_request_start(int id, char *service, int wantconfirm);
|
||||
void channel_register_callback(int id, int mtype, channel_callback_fn *fn, void *arg);
|
||||
void channel_register_cleanup(int id, channel_callback_fn *fn);
|
||||
void channel_cancel_cleanup(int id);
|
||||
Channel *channel_lookup(int id);
|
||||
|
||||
int
|
||||
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
||||
int window, int maxpack, int extended_usage, char *remote_name);
|
||||
|
||||
void channel_input_channel_request(int type, int plen);
|
||||
void channel_input_close(int type, int plen);
|
||||
void channel_input_close_confirmation(int type, int plen);
|
||||
void channel_input_data(int type, int plen);
|
||||
void channel_input_extended_data(int type, int plen);
|
||||
void channel_input_ieof(int type, int plen);
|
||||
void channel_input_oclose(int type, int plen);
|
||||
void channel_input_open_confirmation(int type, int plen);
|
||||
void channel_input_open_failure(int type, int plen);
|
||||
void channel_input_port_open(int type, int plen);
|
||||
void channel_input_window_adjust(int type, int plen);
|
||||
void channel_input_open(int type, int plen);
|
||||
|
||||
/* Sets specific protocol options. */
|
||||
|
@ -218,4 +228,7 @@ void auth_input_request_forwarding(struct passwd * pw);
|
|||
/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
|
||||
void auth_input_open_request(int type, int plen);
|
||||
|
||||
/* XXX */
|
||||
int channel_connect_to(const char *host, u_short host_port);
|
||||
|
||||
#endif
|
||||
|
|
33
compat.c
33
compat.c
|
@ -28,15 +28,46 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: compat.c,v 1.3 1999/11/25 00:54:59 damien Exp $");
|
||||
RCSID("$Id: compat.c,v 1.4 2000/04/04 04:39:01 damien Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "packet.h"
|
||||
|
||||
int compat13 = 0;
|
||||
int compat20 = 0;
|
||||
int datafellows = 0;
|
||||
|
||||
void
|
||||
enable_compat20(void)
|
||||
{
|
||||
fatal("protocol 2.0 not implemented");
|
||||
}
|
||||
void
|
||||
enable_compat13(void)
|
||||
{
|
||||
verbose("Enabling compatibility mode for protocol 1.3");
|
||||
compat13 = 1;
|
||||
}
|
||||
/* datafellows bug compatibility */
|
||||
void
|
||||
compat_datafellows(const char *version)
|
||||
{
|
||||
int i;
|
||||
size_t len;
|
||||
static const char *check[] = {
|
||||
"2.0.1",
|
||||
"2.1.0.beta.9",
|
||||
"2.1.0.pre.3",
|
||||
"2.1.0.public.beta.1",
|
||||
NULL
|
||||
};
|
||||
for (i = 0; check[i]; i++) {
|
||||
len = strlen(check[i]);
|
||||
if (strlen(version) >= len &&
|
||||
(strncmp(version, check[i], len) == 0)) {
|
||||
log("datafellows: %.200s", version);
|
||||
datafellows = 1;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
6
compat.h
6
compat.h
|
@ -26,10 +26,14 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
/* RCSID("$Id: compat.h,v 1.3 1999/11/25 00:54:59 damien Exp $"); */
|
||||
/* RCSID("$Id: compat.h,v 1.4 2000/04/04 04:39:01 damien Exp $"); */
|
||||
|
||||
#ifndef COMPAT_H
|
||||
#define COMPAT_H
|
||||
void enable_compat13(void);
|
||||
void enable_compat20(void);
|
||||
void compat_datafellows(const char *s);
|
||||
extern int compat13;
|
||||
extern int compat20;
|
||||
extern int datafellows;
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,309 @@
|
|||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Markus Friedl.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: dsa.c,v 1.1 2000/04/03 20:06:14 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "compat.h"
|
||||
|
||||
#if HAVE_OPENSSL
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dh.h>
|
||||
# include <openssl/rsa.h>
|
||||
# include <openssl/dsa.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/pem.h>
|
||||
#endif /* HAVE_OPENSSL */
|
||||
#if HAVE_SSL
|
||||
# include <ssl/bn.h>
|
||||
# include <ssl/dh.h>
|
||||
# include <ssl/rsa.h>
|
||||
# include <ssl/dsa.h>
|
||||
# include <ssl/evp.h>
|
||||
# include <ssl/bio.h>
|
||||
# include <ssl/pem.h>
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
#include <ssl/hmac.h>
|
||||
#include "kex.h"
|
||||
#include "key.h"
|
||||
|
||||
#define INTBLOB_LEN 20
|
||||
#define SIGBLOB_LEN (2*INTBLOB_LEN)
|
||||
|
||||
Key *
|
||||
dsa_serverkey_from_blob(
|
||||
char *serverhostkey, int serverhostkeylen)
|
||||
{
|
||||
Buffer b;
|
||||
char *ktype;
|
||||
int rlen;
|
||||
DSA *dsa;
|
||||
Key *key;
|
||||
|
||||
/* fetch & parse DSA/DSS pubkey */
|
||||
key = key_new(KEY_DSA);
|
||||
dsa = key->dsa;
|
||||
buffer_init(&b);
|
||||
buffer_append(&b, serverhostkey, serverhostkeylen);
|
||||
ktype = buffer_get_string(&b, NULL);
|
||||
if (strcmp(KEX_DSS, ktype) != 0) {
|
||||
log("dsa_serverkey_from_blob: cannot handle type %s", ktype);
|
||||
key_free(key);
|
||||
return NULL;
|
||||
}
|
||||
buffer_get_bignum2(&b, dsa->p);
|
||||
buffer_get_bignum2(&b, dsa->q);
|
||||
buffer_get_bignum2(&b, dsa->g);
|
||||
buffer_get_bignum2(&b, dsa->pub_key);
|
||||
rlen = buffer_len(&b);
|
||||
if(rlen != 0)
|
||||
log("dsa_serverkey_from_blob: remaining bytes in serverhostkey %d", rlen);
|
||||
buffer_free(&b);
|
||||
|
||||
log("keytype %s", ktype);
|
||||
#ifdef DEBUG_DSS
|
||||
DSA_print_fp(stderr, dsa, 8);
|
||||
#endif
|
||||
return key;
|
||||
}
|
||||
DSA *
|
||||
dsa_load_private(char *filename)
|
||||
{
|
||||
DSA *dsa;
|
||||
BIO *in;
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
if (in == NULL)
|
||||
fatal("BIO_new failed");
|
||||
if (BIO_read_filename(in, filename) <= 0)
|
||||
fatal("BIO_read failed %s: %s", filename, strerror(errno));
|
||||
fprintf(stderr, "read DSA private key\n");
|
||||
dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
|
||||
if (dsa == NULL)
|
||||
fatal("PEM_read_bio_DSAPrivateKey failed %s", filename);
|
||||
BIO_free(in);
|
||||
return dsa;
|
||||
}
|
||||
Key *
|
||||
dsa_get_serverkey(char *filename)
|
||||
{
|
||||
Key *k = key_new(KEY_EMPTY);
|
||||
k->type = KEY_DSA;
|
||||
k->dsa = dsa_load_private(filename);
|
||||
#ifdef DEBUG_DSS
|
||||
DSA_print_fp(stderr, dsa, 8);
|
||||
#endif
|
||||
return k;
|
||||
}
|
||||
int
|
||||
dsa_make_serverkey_blob(Key *key, unsigned char **blobp, unsigned int *lenp)
|
||||
{
|
||||
Buffer b;
|
||||
int len;
|
||||
unsigned char *buf;
|
||||
|
||||
if (key == NULL || key->type != KEY_DSA)
|
||||
return 0;
|
||||
buffer_init(&b);
|
||||
buffer_put_cstring(&b, KEX_DSS);
|
||||
buffer_put_bignum2(&b, key->dsa->p);
|
||||
buffer_put_bignum2(&b, key->dsa->q);
|
||||
buffer_put_bignum2(&b, key->dsa->g);
|
||||
buffer_put_bignum2(&b, key->dsa->pub_key);
|
||||
len = buffer_len(&b);
|
||||
buf = xmalloc(len);
|
||||
memcpy(buf, buffer_ptr(&b), len);
|
||||
memset(buffer_ptr(&b), 0, len);
|
||||
buffer_free(&b);
|
||||
if (lenp != NULL)
|
||||
*lenp = len;
|
||||
if (blobp != NULL)
|
||||
*blobp = buf;
|
||||
return len;
|
||||
}
|
||||
int
|
||||
dsa_sign(
|
||||
Key *key,
|
||||
unsigned char **sigp, int *lenp,
|
||||
unsigned char *hash, int hlen)
|
||||
{
|
||||
unsigned char *digest;
|
||||
unsigned char *ret;
|
||||
DSA_SIG *sig;
|
||||
EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
unsigned int rlen;
|
||||
unsigned int slen;
|
||||
unsigned int len;
|
||||
unsigned char sigblob[SIGBLOB_LEN];
|
||||
Buffer b;
|
||||
|
||||
if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
|
||||
log("dsa_sign: no DSA key");
|
||||
return -1;
|
||||
}
|
||||
digest = xmalloc(evp_md->md_size);
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, hash, hlen);
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
|
||||
sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
|
||||
|
||||
rlen = BN_num_bytes(sig->r);
|
||||
slen = BN_num_bytes(sig->s);
|
||||
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
|
||||
log("bad sig size %d %d", rlen, slen);
|
||||
DSA_SIG_free(sig);
|
||||
return -1;
|
||||
}
|
||||
log("sig size %d %d", rlen, slen);
|
||||
|
||||
memset(sigblob, 0, SIGBLOB_LEN);
|
||||
BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
|
||||
BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
|
||||
DSA_SIG_free(sig);
|
||||
|
||||
if (datafellows) {
|
||||
log("datafellows");
|
||||
ret = xmalloc(SIGBLOB_LEN);
|
||||
memcpy(ret, sigblob, SIGBLOB_LEN);
|
||||
if (lenp != NULL)
|
||||
*lenp = SIGBLOB_LEN;
|
||||
if (sigp != NULL)
|
||||
*sigp = ret;
|
||||
} else {
|
||||
/* ietf-drafts */
|
||||
buffer_init(&b);
|
||||
buffer_put_cstring(&b, KEX_DSS);
|
||||
buffer_put_string(&b, sigblob, SIGBLOB_LEN);
|
||||
len = buffer_len(&b);
|
||||
ret = xmalloc(len);
|
||||
memcpy(ret, buffer_ptr(&b), len);
|
||||
buffer_free(&b);
|
||||
if (lenp != NULL)
|
||||
*lenp = len;
|
||||
if (sigp != NULL)
|
||||
*sigp = ret;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
int
|
||||
dsa_verify(
|
||||
Key *key,
|
||||
unsigned char *signature, int signaturelen,
|
||||
unsigned char *hash, int hlen)
|
||||
{
|
||||
Buffer b;
|
||||
unsigned char *digest;
|
||||
DSA_SIG *sig;
|
||||
EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
char *ktype;
|
||||
unsigned char *sigblob;
|
||||
char *txt;
|
||||
unsigned int len;
|
||||
int rlen;
|
||||
int ret;
|
||||
|
||||
if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
|
||||
log("dsa_verify: no DSA key");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (datafellows && signaturelen != SIGBLOB_LEN) {
|
||||
log("heh? datafellows ssh2 complies with ietf-drafts????");
|
||||
datafellows = 0;
|
||||
}
|
||||
|
||||
log("len %d datafellows %d", signaturelen, datafellows);
|
||||
|
||||
/* fetch signature */
|
||||
if (datafellows) {
|
||||
sigblob = signature;
|
||||
len = signaturelen;
|
||||
} else {
|
||||
/* ietf-drafts */
|
||||
buffer_init(&b);
|
||||
buffer_append(&b, (char *) signature, signaturelen);
|
||||
ktype = buffer_get_string(&b, NULL);
|
||||
sigblob = (unsigned char *)buffer_get_string(&b, &len);
|
||||
rlen = buffer_len(&b);
|
||||
if(rlen != 0)
|
||||
log("remaining bytes in signature %d", rlen);
|
||||
buffer_free(&b);
|
||||
}
|
||||
|
||||
if (len != SIGBLOB_LEN) {
|
||||
fatal("bad sigbloblen %d != SIGBLOB_LEN", len);
|
||||
}
|
||||
|
||||
/* parse signature */
|
||||
sig = DSA_SIG_new();
|
||||
sig->r = BN_new();
|
||||
sig->s = BN_new();
|
||||
BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
|
||||
BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
|
||||
if (!datafellows) {
|
||||
memset(sigblob, 0, len);
|
||||
xfree(sigblob);
|
||||
}
|
||||
|
||||
/* sha1 the signed data (== session_id == hash) */
|
||||
digest = xmalloc(evp_md->md_size);
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, hash, hlen);
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
|
||||
ret = DSA_do_verify(digest, evp_md->md_size, sig, key->dsa);
|
||||
|
||||
memset(digest, 0, evp_md->md_size);
|
||||
xfree(digest);
|
||||
DSA_SIG_free(sig);
|
||||
|
||||
switch (ret) {
|
||||
case 1:
|
||||
txt = "correct";
|
||||
break;
|
||||
case 0:
|
||||
txt = "incorrect";
|
||||
break;
|
||||
case -1:
|
||||
default:
|
||||
txt = "error";
|
||||
break;
|
||||
}
|
||||
log("dsa_verify: signature %s", txt);
|
||||
return ret;
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
#ifndef DSA_H
|
||||
#define DSA_H
|
||||
|
||||
Key *dsa_serverkey_from_blob(char *serverhostkey, int serverhostkeylen);
|
||||
Key *dsa_get_serverkey(char *filename);
|
||||
int dsa_make_serverkey_blob(Key *key, unsigned char **blobp, unsigned int *lenp);
|
||||
|
||||
int
|
||||
dsa_sign(
|
||||
Key *key,
|
||||
unsigned char **sigp, int *lenp,
|
||||
unsigned char *hash, int hlen);
|
||||
|
||||
int
|
||||
dsa_verify(
|
||||
Key *key,
|
||||
unsigned char *signature, int signaturelen,
|
||||
unsigned char *hash, int hlen);
|
||||
|
||||
#endif
|
|
@ -0,0 +1,64 @@
|
|||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Markus Friedl.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: hmac.c,v 1.1 2000/04/03 20:06:15 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
#include "getput.h"
|
||||
|
||||
#if HAVE_OPENSSL
|
||||
# include <openssl/hmac.h>
|
||||
#endif /* HAVE_OPENSSL */
|
||||
#if HAVE_SSL
|
||||
# include <ssl/hmac.h>
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
unsigned char *
|
||||
hmac(
|
||||
EVP_MD *evp_md,
|
||||
unsigned int seqno,
|
||||
unsigned char *data, int datalen,
|
||||
unsigned char *key, int keylen)
|
||||
{
|
||||
HMAC_CTX c;
|
||||
static unsigned char m[EVP_MAX_MD_SIZE];
|
||||
unsigned char b[4];
|
||||
|
||||
if (key == NULL)
|
||||
fatal("hmac: no key");
|
||||
HMAC_Init(&c, key, keylen, evp_md);
|
||||
PUT_32BIT(b, seqno);
|
||||
HMAC_Update(&c, b, sizeof b);
|
||||
HMAC_Update(&c, data, datalen);
|
||||
HMAC_Final(&c, m, NULL);
|
||||
HMAC_cleanup(&c);
|
||||
return(m);
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
#ifndef HMAC_H
|
||||
#define HMAC_H
|
||||
|
||||
unsigned char *
|
||||
hmac(
|
||||
EVP_MD *evp_md,
|
||||
unsigned int seqno,
|
||||
unsigned char *data, int datalen,
|
||||
unsigned char *key, int len);
|
||||
|
||||
#endif
|
|
@ -0,0 +1,407 @@
|
|||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Markus Friedl.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: kex.c,v 1.1 2000/04/04 04:39:02 damien Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh2.h"
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
#include "cipher.h"
|
||||
#include "compat.h"
|
||||
|
||||
#if HAVE_OPENSSL
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dh.h>
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dh.h>
|
||||
# include <openssl/pem.h>
|
||||
#endif /* HAVE_OPENSSL */
|
||||
#if HAVE_SSL
|
||||
# include <ssl/bn.h>
|
||||
# include <ssl/dh.h>
|
||||
# include <ssl/crypto.h>
|
||||
# include <ssl/bio.h>
|
||||
# include <ssl/bn.h>
|
||||
# include <ssl/dh.h>
|
||||
# include <ssl/pem.h>
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
#include "entropy.h"
|
||||
#include "kex.h"
|
||||
|
||||
Buffer *
|
||||
kex_init(char *myproposal[PROPOSAL_MAX])
|
||||
{
|
||||
char c = 0;
|
||||
unsigned char cookie[16];
|
||||
u_int32_t rand = 0;
|
||||
int i;
|
||||
Buffer *ki = xmalloc(sizeof(*ki));
|
||||
for (i = 0; i < 16; i++) {
|
||||
if (i % 4 == 0)
|
||||
rand = arc4random();
|
||||
cookie[i] = rand & 0xff;
|
||||
rand >>= 8;
|
||||
}
|
||||
buffer_init(ki);
|
||||
buffer_append(ki, (char *)cookie, sizeof cookie);
|
||||
for (i = 0; i < PROPOSAL_MAX; i++)
|
||||
buffer_put_cstring(ki, myproposal[i]);
|
||||
buffer_append(ki, &c, 1); /* boolean first_kex_packet_follows */
|
||||
buffer_put_int(ki, 0); /* uint32 0 (reserved for future extension) */
|
||||
return ki;
|
||||
}
|
||||
|
||||
/* diffie-hellman-group1-sha1 */
|
||||
|
||||
DH *
|
||||
new_dh_group1()
|
||||
{
|
||||
static char *group1 =
|
||||
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
|
||||
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
|
||||
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
|
||||
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
|
||||
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
|
||||
"FFFFFFFF" "FFFFFFFF";
|
||||
DH *dh;
|
||||
int ret;
|
||||
dh = DH_new();
|
||||
if(dh == NULL)
|
||||
fatal("DH_new");
|
||||
ret = BN_hex2bn(&dh->p,group1);
|
||||
if(ret<0)
|
||||
fatal("BN_hex2bn");
|
||||
dh->g = BN_new();
|
||||
if(dh->g == NULL)
|
||||
fatal("DH_new g");
|
||||
BN_set_word(dh->g,2);
|
||||
|
||||
seed_rng();
|
||||
if (DH_generate_key(dh) == 0)
|
||||
fatal("DH_generate_key");
|
||||
seed_rng();
|
||||
|
||||
return dh;
|
||||
}
|
||||
|
||||
void
|
||||
bignum_print(BIGNUM *b)
|
||||
{
|
||||
BN_print_fp(stderr,b);
|
||||
}
|
||||
|
||||
void
|
||||
dump_digest(unsigned char *digest, int len)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i< len; i++){
|
||||
fprintf(stderr, "%02x", digest[i]);
|
||||
if(i%2!=0)
|
||||
fprintf(stderr, " ");
|
||||
}
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
|
||||
unsigned char *
|
||||
kex_hash(
|
||||
char *client_version_string,
|
||||
char *server_version_string,
|
||||
char *ckexinit, int ckexinitlen,
|
||||
char *skexinit, int skexinitlen,
|
||||
char *serverhostkeyblob, int sbloblen,
|
||||
BIGNUM *client_dh_pub,
|
||||
BIGNUM *server_dh_pub,
|
||||
BIGNUM *shared_secret)
|
||||
{
|
||||
Buffer b;
|
||||
static unsigned char digest[EVP_MAX_MD_SIZE];
|
||||
EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_put_string(&b, client_version_string, strlen(client_version_string));
|
||||
buffer_put_string(&b, server_version_string, strlen(server_version_string));
|
||||
|
||||
/* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
|
||||
buffer_put_int(&b, ckexinitlen+1);
|
||||
buffer_put_char(&b, SSH2_MSG_KEXINIT);
|
||||
buffer_append(&b, ckexinit, ckexinitlen);
|
||||
buffer_put_int(&b, skexinitlen+1);
|
||||
buffer_put_char(&b, SSH2_MSG_KEXINIT);
|
||||
buffer_append(&b, skexinit, skexinitlen);
|
||||
|
||||
buffer_put_string(&b, serverhostkeyblob, sbloblen);
|
||||
buffer_put_bignum2(&b, client_dh_pub);
|
||||
buffer_put_bignum2(&b, server_dh_pub);
|
||||
buffer_put_bignum2(&b, shared_secret);
|
||||
|
||||
#ifdef DEBUG_KEX
|
||||
buffer_dump(&b);
|
||||
#endif
|
||||
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
|
||||
buffer_free(&b);
|
||||
|
||||
#ifdef DEBUG_KEX
|
||||
dump_digest(digest, evp_md->md_size);
|
||||
#endif
|
||||
return digest;
|
||||
}
|
||||
|
||||
unsigned char *
|
||||
derive_key(int id, int need, char unsigned *hash, BIGNUM *shared_secret)
|
||||
{
|
||||
Buffer b;
|
||||
EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
char c = id;
|
||||
int have;
|
||||
int mdsz = evp_md->md_size;
|
||||
unsigned char *digest = xmalloc(((need+mdsz-1)/mdsz)*mdsz);
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_put_bignum2(&b, shared_secret);
|
||||
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); /* shared_secret K */
|
||||
EVP_DigestUpdate(&md, hash, mdsz); /* transport-06 */
|
||||
EVP_DigestUpdate(&md, &c, 1); /* key id */
|
||||
EVP_DigestUpdate(&md, hash, mdsz); /* session id */
|
||||
EVP_DigestFinal(&md, digest, NULL);
|
||||
|
||||
/* expand */
|
||||
for (have = mdsz; need > have; have += mdsz) {
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
|
||||
EVP_DigestUpdate(&md, hash, mdsz);
|
||||
EVP_DigestUpdate(&md, digest, have);
|
||||
EVP_DigestFinal(&md, digest + have, NULL);
|
||||
}
|
||||
buffer_free(&b);
|
||||
#ifdef DEBUG_KEX
|
||||
fprintf(stderr, "Digest '%c'== ", c);
|
||||
dump_digest(digest, need);
|
||||
#endif
|
||||
return digest;
|
||||
}
|
||||
|
||||
#define NKEYS 6
|
||||
|
||||
#define MAX_PROP 20
|
||||
#define SEP ","
|
||||
|
||||
char *
|
||||
get_match(char *client, char *server)
|
||||
{
|
||||
char *sproposals[MAX_PROP];
|
||||
char *p;
|
||||
int i, j, nproposals;
|
||||
|
||||
for ((p = strtok(server, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
|
||||
if (i < MAX_PROP)
|
||||
sproposals[i] = p;
|
||||
else
|
||||
break;
|
||||
}
|
||||
nproposals = i;
|
||||
|
||||
for ((p = strtok(client, SEP)), i=0; p; (p = strtok(NULL, SEP)), i++) {
|
||||
for (j = 0; j < nproposals; j++)
|
||||
if (strcmp(p, sproposals[j]) == 0)
|
||||
return xstrdup(p);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
void
|
||||
choose_enc(Enc *enc, char *client, char *server)
|
||||
{
|
||||
char *name = get_match(client, server);
|
||||
if (name == NULL)
|
||||
fatal("no matching cipher found: client %s server %s", client, server);
|
||||
enc->type = cipher_number(name);
|
||||
|
||||
switch (enc->type) {
|
||||
case SSH_CIPHER_3DES_CBC:
|
||||
enc->key_len = 24;
|
||||
enc->iv_len = 8;
|
||||
enc->block_size = 8;
|
||||
break;
|
||||
case SSH_CIPHER_BLOWFISH_CBC:
|
||||
case SSH_CIPHER_CAST128_CBC:
|
||||
enc->key_len = 16;
|
||||
enc->iv_len = 8;
|
||||
enc->block_size = 8;
|
||||
break;
|
||||
case SSH_CIPHER_ARCFOUR:
|
||||
enc->key_len = 16;
|
||||
enc->iv_len = 0;
|
||||
enc->block_size = 8;
|
||||
break;
|
||||
default:
|
||||
fatal("unsupported cipher %s", name);
|
||||
}
|
||||
enc->name = name;
|
||||
enc->enabled = 0;
|
||||
enc->iv = NULL;
|
||||
enc->key = NULL;
|
||||
}
|
||||
void
|
||||
choose_mac(Mac *mac, char *client, char *server)
|
||||
{
|
||||
char *name = get_match(client, server);
|
||||
if (name == NULL)
|
||||
fatal("no matching mac found: client %s server %s", client, server);
|
||||
if (strcmp(name, "hmac-md5") == 0) {
|
||||
mac->md = EVP_md5();
|
||||
} else if (strcmp(name, "hmac-sha1") == 0) {
|
||||
mac->md = EVP_sha1();
|
||||
} else if (strcmp(name, "hmac-ripemd160@openssh.com") == 0) {
|
||||
mac->md = EVP_ripemd160();
|
||||
} else {
|
||||
fatal("unsupported mac %s", name);
|
||||
}
|
||||
mac->name = name;
|
||||
mac->mac_len = mac->md->md_size;
|
||||
mac->key_len = datafellows ? 16 : mac->mac_len;
|
||||
mac->key = NULL;
|
||||
mac->enabled = 0;
|
||||
}
|
||||
void
|
||||
choose_comp(Comp *comp, char *client, char *server)
|
||||
{
|
||||
char *name = get_match(client, server);
|
||||
if (name == NULL)
|
||||
fatal("no matching comp found: client %s server %s", client, server);
|
||||
if (strcmp(name, "zlib") == 0) {
|
||||
comp->type = 1;
|
||||
} else if (strcmp(name, "none") == 0) {
|
||||
comp->type = 0;
|
||||
} else {
|
||||
fatal("unsupported comp %s", name);
|
||||
}
|
||||
comp->name = name;
|
||||
}
|
||||
void
|
||||
choose_kex(Kex *k, char *client, char *server)
|
||||
{
|
||||
k->name = get_match(client, server);
|
||||
if (k->name == NULL)
|
||||
fatal("no kex alg");
|
||||
if (strcmp(k->name, KEX_DH1) != 0)
|
||||
fatal("bad kex alg %s", k->name);
|
||||
}
|
||||
void
|
||||
choose_hostkeyalg(Kex *k, char *client, char *server)
|
||||
{
|
||||
k->hostkeyalg = get_match(client, server);
|
||||
if (k->hostkeyalg == NULL)
|
||||
fatal("no hostkey alg");
|
||||
if (strcmp(k->hostkeyalg, KEX_DSS) != 0)
|
||||
fatal("bad hostkey alg %s", k->hostkeyalg);
|
||||
}
|
||||
|
||||
Kex *
|
||||
kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server)
|
||||
{
|
||||
int i;
|
||||
int mode;
|
||||
int ctos; /* direction: if true client-to-server */
|
||||
int need;
|
||||
Kex *k;
|
||||
|
||||
k = xmalloc(sizeof(*k));
|
||||
memset(k, 0, sizeof(*k));
|
||||
k->server = server;
|
||||
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
int nenc, nmac, ncomp;
|
||||
ctos = (!k->server && mode == MODE_OUT) || (k->server && mode == MODE_IN);
|
||||
nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC;
|
||||
nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC;
|
||||
ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC;
|
||||
choose_enc (&k->enc [mode], cprop[nenc], sprop[nenc]);
|
||||
choose_mac (&k->mac [mode], cprop[nmac], sprop[nmac]);
|
||||
choose_comp(&k->comp[mode], cprop[ncomp], sprop[ncomp]);
|
||||
log("kex: %s %s %s %s",
|
||||
ctos ? "client->server" : "server->client",
|
||||
k->enc[mode].name,
|
||||
k->mac[mode].name,
|
||||
k->comp[mode].name);
|
||||
}
|
||||
choose_kex(k, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
|
||||
choose_hostkeyalg(k, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
|
||||
sprop[PROPOSAL_SERVER_HOST_KEY_ALGS]);
|
||||
for (i = 0; i < PROPOSAL_MAX; i++) {
|
||||
xfree(cprop[i]);
|
||||
xfree(sprop[i]);
|
||||
}
|
||||
need = 0;
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
if (need < k->enc[mode].key_len)
|
||||
need = k->enc[mode].key_len;
|
||||
if (need < k->enc[mode].iv_len)
|
||||
need = k->enc[mode].iv_len;
|
||||
if (need < k->mac[mode].key_len)
|
||||
need = k->mac[mode].key_len;
|
||||
}
|
||||
/* need runden? */
|
||||
#define WE_NEED 32
|
||||
k->we_need = WE_NEED;
|
||||
k->we_need = need;
|
||||
return k;
|
||||
}
|
||||
|
||||
int
|
||||
kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret)
|
||||
{
|
||||
int i;
|
||||
int mode;
|
||||
int ctos;
|
||||
unsigned char *keys[NKEYS];
|
||||
|
||||
for (i = 0; i < NKEYS; i++)
|
||||
keys[i] = derive_key('A'+i, k->we_need, hash, shared_secret);
|
||||
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
ctos = (!k->server && mode == MODE_OUT) || (k->server && mode == MODE_IN);
|
||||
k->enc[mode].iv = keys[ctos ? 0 : 1];
|
||||
k->enc[mode].key = keys[ctos ? 2 : 3];
|
||||
k->mac[mode].key = keys[ctos ? 4 : 5];
|
||||
}
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,111 @@
|
|||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Markus Friedl.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#ifndef KEX_H
|
||||
#define KEX_H
|
||||
|
||||
#define KEX_DH1 "diffie-hellman-group1-sha1"
|
||||
#define KEX_DSS "ssh-dss"
|
||||
|
||||
enum kex_init_proposals {
|
||||
PROPOSAL_KEX_ALGS,
|
||||
PROPOSAL_SERVER_HOST_KEY_ALGS,
|
||||
PROPOSAL_ENC_ALGS_CTOS,
|
||||
PROPOSAL_ENC_ALGS_STOC,
|
||||
PROPOSAL_MAC_ALGS_CTOS,
|
||||
PROPOSAL_MAC_ALGS_STOC,
|
||||
PROPOSAL_COMP_ALGS_CTOS,
|
||||
PROPOSAL_COMP_ALGS_STOC,
|
||||
PROPOSAL_LANG_CTOS,
|
||||
PROPOSAL_LANG_STOC,
|
||||
PROPOSAL_MAX
|
||||
};
|
||||
|
||||
enum kex_modes {
|
||||
MODE_IN,
|
||||
MODE_OUT,
|
||||
MODE_MAX
|
||||
};
|
||||
|
||||
typedef struct Kex Kex;
|
||||
typedef struct Mac Mac;
|
||||
typedef struct Comp Comp;
|
||||
typedef struct Enc Enc;
|
||||
|
||||
struct Enc {
|
||||
int type;
|
||||
int enabled;
|
||||
int block_size;
|
||||
unsigned char *key;
|
||||
unsigned char *iv;
|
||||
int key_len;
|
||||
int iv_len;
|
||||
char *name;
|
||||
};
|
||||
struct Mac {
|
||||
EVP_MD *md;
|
||||
int enabled;
|
||||
int mac_len;
|
||||
unsigned char *key;
|
||||
int key_len;
|
||||
char *name;
|
||||
};
|
||||
struct Comp {
|
||||
int type;
|
||||
int enabled;
|
||||
char *name;
|
||||
};
|
||||
struct Kex {
|
||||
Enc enc [MODE_MAX];
|
||||
Mac mac [MODE_MAX];
|
||||
Comp comp[MODE_MAX];
|
||||
int we_need;
|
||||
int server;
|
||||
char *name;
|
||||
char *hostkeyalg;
|
||||
};
|
||||
|
||||
Buffer *kex_init(char *myproposal[PROPOSAL_MAX]);
|
||||
DH *new_dh_group1();
|
||||
Kex *kex_choose_conf(char *cprop[PROPOSAL_MAX], char *sprop[PROPOSAL_MAX], int server);
|
||||
int kex_derive_keys(Kex *k, unsigned char *hash, BIGNUM *shared_secret);
|
||||
void bignum_print(BIGNUM *b);
|
||||
void packet_set_kex(Kex *k);
|
||||
|
||||
unsigned char *
|
||||
kex_hash(
|
||||
char *client_version_string,
|
||||
char *server_version_string,
|
||||
char *ckexinit, int ckexinitlen,
|
||||
char *skexinit, int skexinitlen,
|
||||
char *serverhostkeyblob, int sbloblen,
|
||||
BIGNUM *client_dh_pub,
|
||||
BIGNUM *server_dh_pub,
|
||||
BIGNUM *shared_secret);
|
||||
|
||||
#endif
|
389
nchan.c
389
nchan.c
|
@ -28,7 +28,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: nchan.c,v 1.6 2000/04/01 01:09:24 damien Exp $");
|
||||
RCSID("$Id: nchan.c,v 1.7 2000/04/04 04:39:02 damien Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
|
||||
|
@ -37,138 +37,169 @@ RCSID("$Id: nchan.c,v 1.6 2000/04/01 01:09:24 damien Exp $");
|
|||
#include "channels.h"
|
||||
#include "nchan.h"
|
||||
|
||||
static void chan_send_ieof(Channel *c);
|
||||
static void chan_send_oclose(Channel *c);
|
||||
static void chan_shutdown_write(Channel *c);
|
||||
static void chan_shutdown_read(Channel *c);
|
||||
#include "ssh2.h"
|
||||
#include "compat.h"
|
||||
|
||||
/* functions manipulating channel states */
|
||||
/*
|
||||
* EVENTS update channel input/output states execute ACTIONS
|
||||
*/
|
||||
|
||||
/* events concerning the INPUT from socket for channel (istate) */
|
||||
void
|
||||
chan_rcvd_oclose(Channel *c)
|
||||
chan_event_fn *chan_rcvd_oclose = NULL;
|
||||
chan_event_fn *chan_read_failed = NULL;
|
||||
chan_event_fn *chan_ibuf_empty = NULL;
|
||||
/* events concerning the OUTPUT from channel for socket (ostate) */
|
||||
chan_event_fn *chan_rcvd_ieof = NULL;
|
||||
chan_event_fn *chan_write_failed = NULL;
|
||||
chan_event_fn *chan_obuf_empty = NULL;
|
||||
/*
|
||||
* ACTIONS: should never update the channel states
|
||||
*/
|
||||
static void chan_send_ieof1(Channel *c);
|
||||
static void chan_send_oclose1(Channel *c);
|
||||
static void chan_send_close2(Channel *c);
|
||||
static void chan_send_eof2(Channel *c);
|
||||
|
||||
/* channel cleanup */
|
||||
chan_event_fn *chan_delete_if_full_closed = NULL;
|
||||
|
||||
/* helper */
|
||||
static void chan_shutdown_write(Channel *c);
|
||||
static void chan_shutdown_read(Channel *c);
|
||||
|
||||
/*
|
||||
* SSH1 specific implementation of event functions
|
||||
*/
|
||||
|
||||
static void
|
||||
chan_rcvd_oclose1(Channel *c)
|
||||
{
|
||||
debug("channel %d: rcvd oclose", c->self);
|
||||
switch (c->istate) {
|
||||
case CHAN_INPUT_WAIT_OCLOSE:
|
||||
debug("channel %d: INPUT_WAIT_OCLOSE -> INPUT_CLOSED [rcvd OCLOSE]", c->self);
|
||||
debug("channel %d: input wait_oclose -> closed", c->self);
|
||||
c->istate = CHAN_INPUT_CLOSED;
|
||||
break;
|
||||
case CHAN_INPUT_OPEN:
|
||||
debug("channel %d: INPUT_OPEN -> INPUT_CLOSED [rvcd OCLOSE, send IEOF]", c->self);
|
||||
debug("channel %d: input open -> closed", c->self);
|
||||
chan_shutdown_read(c);
|
||||
chan_send_ieof(c);
|
||||
chan_send_ieof1(c);
|
||||
c->istate = CHAN_INPUT_CLOSED;
|
||||
break;
|
||||
case CHAN_INPUT_WAIT_DRAIN:
|
||||
/* both local read_failed and remote write_failed */
|
||||
log("channel %d: INPUT_WAIT_DRAIN -> INPUT_CLOSED [rvcd OCLOSE, send IEOF]", c->self);
|
||||
debug("channel %d: INPUT_WAIT_DRAIN -> INPUT_CLOSED [rvcd OCLOSE, send IEOF]", c->self);
|
||||
chan_send_ieof(c);
|
||||
log("channel %d: input drain -> closed", c->self);
|
||||
chan_send_ieof1(c);
|
||||
c->istate = CHAN_INPUT_CLOSED;
|
||||
break;
|
||||
default:
|
||||
error("protocol error: chan_rcvd_oclose %d for istate %d", c->self, c->istate);
|
||||
error("channel %d: protocol error: chan_rcvd_oclose for istate %d",
|
||||
c->self, c->istate);
|
||||
return;
|
||||
}
|
||||
}
|
||||
void
|
||||
chan_read_failed(Channel *c)
|
||||
static void
|
||||
chan_read_failed_12(Channel *c)
|
||||
{
|
||||
debug("channel %d: read failed", c->self);
|
||||
switch (c->istate) {
|
||||
case CHAN_INPUT_OPEN:
|
||||
debug("channel %d: INPUT_OPEN -> INPUT_WAIT_DRAIN [read failed]", c->self);
|
||||
debug("channel %d: input open -> drain", c->self);
|
||||
chan_shutdown_read(c);
|
||||
c->istate = CHAN_INPUT_WAIT_DRAIN;
|
||||
break;
|
||||
default:
|
||||
error("internal error: we do not read, but chan_read_failed %d for istate %d",
|
||||
c->self, c->istate);
|
||||
error("channel %d: internal error: we do not read, but chan_read_failed for istate %d",
|
||||
c->self, c->istate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
void
|
||||
chan_ibuf_empty(Channel *c)
|
||||
static void
|
||||
chan_ibuf_empty1(Channel *c)
|
||||
{
|
||||
debug("channel %d: ibuf empty", c->self);
|
||||
if (buffer_len(&c->input)) {
|
||||
error("internal error: chan_ibuf_empty %d for non empty buffer", c->self);
|
||||
error("channel %d: internal error: chan_ibuf_empty for non empty buffer",
|
||||
c->self);
|
||||
return;
|
||||
}
|
||||
switch (c->istate) {
|
||||
case CHAN_INPUT_WAIT_DRAIN:
|
||||
debug("channel %d: INPUT_WAIT_DRAIN -> INPUT_WAIT_OCLOSE [inbuf empty, send IEOF]", c->self);
|
||||
chan_send_ieof(c);
|
||||
debug("channel %d: input drain -> wait_oclose", c->self);
|
||||
chan_send_ieof1(c);
|
||||
c->istate = CHAN_INPUT_WAIT_OCLOSE;
|
||||
break;
|
||||
default:
|
||||
error("internal error: chan_ibuf_empty %d for istate %d", c->self, c->istate);
|
||||
error("channel %d: internal error: chan_ibuf_empty for istate %d",
|
||||
c->self, c->istate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* events concerning the OUTPUT from channel for socket (ostate) */
|
||||
void
|
||||
chan_rcvd_ieof(Channel *c)
|
||||
static void
|
||||
chan_rcvd_ieof1(Channel *c)
|
||||
{
|
||||
debug("channel %d: rcvd ieof", c->self);
|
||||
switch (c->ostate) {
|
||||
case CHAN_OUTPUT_OPEN:
|
||||
debug("channel %d: OUTPUT_OPEN -> OUTPUT_WAIT_DRAIN [rvcd IEOF]", c->self);
|
||||
debug("channel %d: output open -> drain", c->self);
|
||||
c->ostate = CHAN_OUTPUT_WAIT_DRAIN;
|
||||
break;
|
||||
case CHAN_OUTPUT_WAIT_IEOF:
|
||||
debug("channel %d: OUTPUT_WAIT_IEOF -> OUTPUT_CLOSED [rvcd IEOF]", c->self);
|
||||
debug("channel %d: output wait_ieof -> closed", c->self);
|
||||
c->ostate = CHAN_OUTPUT_CLOSED;
|
||||
break;
|
||||
default:
|
||||
error("protocol error: chan_rcvd_ieof %d for ostate %d", c->self, c->ostate);
|
||||
error("channel %d: protocol error: chan_rcvd_ieof for ostate %d",
|
||||
c->self, c->ostate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
void
|
||||
chan_write_failed(Channel *c)
|
||||
static void
|
||||
chan_write_failed1(Channel *c)
|
||||
{
|
||||
debug("channel %d: write failed", c->self);
|
||||
switch (c->ostate) {
|
||||
case CHAN_OUTPUT_OPEN:
|
||||
debug("channel %d: OUTPUT_OPEN -> OUTPUT_WAIT_IEOF [write failed]", c->self);
|
||||
chan_send_oclose(c);
|
||||
debug("channel %d: output open -> wait_ieof", c->self);
|
||||
chan_send_oclose1(c);
|
||||
c->ostate = CHAN_OUTPUT_WAIT_IEOF;
|
||||
break;
|
||||
case CHAN_OUTPUT_WAIT_DRAIN:
|
||||
debug("channel %d: OUTPUT_WAIT_DRAIN -> OUTPUT_CLOSED [write failed]", c->self);
|
||||
chan_send_oclose(c);
|
||||
debug("channel %d: output wait_drain -> closed", c->self);
|
||||
chan_send_oclose1(c);
|
||||
c->ostate = CHAN_OUTPUT_CLOSED;
|
||||
break;
|
||||
default:
|
||||
error("internal error: chan_write_failed %d for ostate %d", c->self, c->ostate);
|
||||
error("channel %d: internal error: chan_write_failed for ostate %d",
|
||||
c->self, c->ostate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
void
|
||||
chan_obuf_empty(Channel *c)
|
||||
static void
|
||||
chan_obuf_empty1(Channel *c)
|
||||
{
|
||||
debug("channel %d: obuf empty", c->self);
|
||||
if (buffer_len(&c->output)) {
|
||||
debug("internal error: chan_obuf_empty %d for non empty buffer", c->self);
|
||||
error("channel %d: internal error: chan_obuf_empty for non empty buffer",
|
||||
c->self);
|
||||
return;
|
||||
}
|
||||
switch (c->ostate) {
|
||||
case CHAN_OUTPUT_WAIT_DRAIN:
|
||||
debug("channel %d: OUTPUT_WAIT_DRAIN -> OUTPUT_CLOSED [obuf empty, send OCLOSE]", c->self);
|
||||
chan_send_oclose(c);
|
||||
debug("channel %d: output drain -> closed", c->self);
|
||||
chan_send_oclose1(c);
|
||||
c->ostate = CHAN_OUTPUT_CLOSED;
|
||||
break;
|
||||
default:
|
||||
error("internal error: chan_obuf_empty %d for ostate %d", c->self, c->ostate);
|
||||
error("channel %d: internal error: chan_obuf_empty for ostate %d",
|
||||
c->self, c->ostate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* ACTIONS: should never update the channel states: c->istate or c->ostate
|
||||
*/
|
||||
static void
|
||||
chan_send_ieof(Channel *c)
|
||||
chan_send_ieof1(Channel *c)
|
||||
{
|
||||
debug("channel %d: send ieof", c->self);
|
||||
switch (c->istate) {
|
||||
case CHAN_INPUT_OPEN:
|
||||
case CHAN_INPUT_WAIT_DRAIN:
|
||||
|
@ -177,13 +208,15 @@ chan_send_ieof(Channel *c)
|
|||
packet_send();
|
||||
break;
|
||||
default:
|
||||
error("internal error: channel %d: cannot send IEOF for istate %d", c->self, c->istate);
|
||||
error("channel %d: internal error: cannot send ieof for istate %d",
|
||||
c->self, c->istate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_send_oclose(Channel *c)
|
||||
chan_send_oclose1(Channel *c)
|
||||
{
|
||||
debug("channel %d: send oclose", c->self);
|
||||
switch (c->ostate) {
|
||||
case CHAN_OUTPUT_OPEN:
|
||||
case CHAN_OUTPUT_WAIT_DRAIN:
|
||||
|
@ -194,40 +227,246 @@ chan_send_oclose(Channel *c)
|
|||
packet_send();
|
||||
break;
|
||||
default:
|
||||
error("internal error: channel %d: cannot send OCLOSE for ostate %d", c->self, c->istate);
|
||||
error("channel %d: internal error: cannot send oclose for ostate %d",
|
||||
c->self, c->ostate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_delete_if_full_closed1(Channel *c)
|
||||
{
|
||||
if (c->istate == CHAN_INPUT_CLOSED && c->ostate == CHAN_OUTPUT_CLOSED) {
|
||||
debug("channel %d: full closed", c->self);
|
||||
channel_free(c->self);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* the same for SSH2
|
||||
*/
|
||||
static void
|
||||
chan_rcvd_oclose2(Channel *c)
|
||||
{
|
||||
debug("channel %d: rcvd close", c->self);
|
||||
if (c->flags & CHAN_CLOSE_RCVD)
|
||||
error("channel %d: protocol error: close rcvd twice", c->self);
|
||||
c->flags |= CHAN_CLOSE_RCVD;
|
||||
if (c->type == SSH_CHANNEL_LARVAL) {
|
||||
/* tear down larval channels immediately */
|
||||
c->ostate = CHAN_OUTPUT_CLOSED;
|
||||
c->istate = CHAN_INPUT_CLOSED;
|
||||
return;
|
||||
}
|
||||
switch (c->ostate) {
|
||||
case CHAN_OUTPUT_OPEN:
|
||||
/* wait until a data from the channel is consumed if a CLOSE is received */
|
||||
debug("channel %d: output open -> drain", c->self);
|
||||
c->ostate = CHAN_OUTPUT_WAIT_DRAIN;
|
||||
break;
|
||||
}
|
||||
switch (c->istate) {
|
||||
case CHAN_INPUT_OPEN:
|
||||
debug("channel %d: input open -> closed", c->self);
|
||||
chan_shutdown_read(c);
|
||||
break;
|
||||
case CHAN_INPUT_WAIT_DRAIN:
|
||||
debug("channel %d: input drain -> closed", c->self);
|
||||
chan_send_eof2(c);
|
||||
break;
|
||||
}
|
||||
c->istate = CHAN_INPUT_CLOSED;
|
||||
}
|
||||
static void
|
||||
chan_ibuf_empty2(Channel *c)
|
||||
{
|
||||
debug("channel %d: ibuf empty", c->self);
|
||||
if (buffer_len(&c->input)) {
|
||||
error("channel %d: internal error: chan_ibuf_empty for non empty buffer",
|
||||
c->self);
|
||||
return;
|
||||
}
|
||||
switch (c->istate) {
|
||||
case CHAN_INPUT_WAIT_DRAIN:
|
||||
debug("channel %d: input drain -> closed", c->self);
|
||||
if (!(c->flags & CHAN_CLOSE_SENT))
|
||||
chan_send_eof2(c);
|
||||
c->istate = CHAN_INPUT_CLOSED;
|
||||
break;
|
||||
default:
|
||||
error("channel %d: internal error: chan_ibuf_empty for istate %d",
|
||||
c->self, c->istate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_rcvd_ieof2(Channel *c)
|
||||
{
|
||||
debug("channel %d: rcvd eof", c->self);
|
||||
if (c->ostate == CHAN_OUTPUT_OPEN) {
|
||||
debug("channel %d: output open -> drain", c->self);
|
||||
c->ostate = CHAN_OUTPUT_WAIT_DRAIN;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_write_failed2(Channel *c)
|
||||
{
|
||||
debug("channel %d: write failed", c->self);
|
||||
switch (c->ostate) {
|
||||
case CHAN_OUTPUT_OPEN:
|
||||
debug("channel %d: output open -> closed", c->self);
|
||||
chan_shutdown_write(c); // ??
|
||||
c->ostate = CHAN_OUTPUT_CLOSED;
|
||||
break;
|
||||
case CHAN_OUTPUT_WAIT_DRAIN:
|
||||
debug("channel %d: output drain -> closed", c->self);
|
||||
chan_shutdown_write(c);
|
||||
c->ostate = CHAN_OUTPUT_CLOSED;
|
||||
break;
|
||||
default:
|
||||
error("channel %d: internal error: chan_write_failed for ostate %d",
|
||||
c->self, c->ostate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_obuf_empty2(Channel *c)
|
||||
{
|
||||
debug("channel %d: obuf empty", c->self);
|
||||
if (buffer_len(&c->output)) {
|
||||
error("internal error: chan_obuf_empty %d for non empty buffer",
|
||||
c->self);
|
||||
return;
|
||||
}
|
||||
switch (c->ostate) {
|
||||
case CHAN_OUTPUT_WAIT_DRAIN:
|
||||
debug("channel %d: output drain -> closed", c->self);
|
||||
chan_shutdown_write(c);
|
||||
c->ostate = CHAN_OUTPUT_CLOSED;
|
||||
break;
|
||||
default:
|
||||
error("channel %d: internal error: chan_obuf_empty for ostate %d",
|
||||
c->self, c->ostate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_send_eof2(Channel *c)
|
||||
{
|
||||
debug("channel %d: send eof", c->self);
|
||||
switch (c->istate) {
|
||||
case CHAN_INPUT_WAIT_DRAIN:
|
||||
packet_start(SSH2_MSG_CHANNEL_EOF);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_send();
|
||||
break;
|
||||
default:
|
||||
error("channel %d: internal error: cannot send eof for istate %d",
|
||||
c->self, c->istate);
|
||||
break;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_send_close2(Channel *c)
|
||||
{
|
||||
debug("channel %d: send close", c->self);
|
||||
if (c->ostate != CHAN_OUTPUT_CLOSED ||
|
||||
c->istate != CHAN_INPUT_CLOSED) {
|
||||
error("channel %d: internal error: cannot send close for istate/ostate %d/%d",
|
||||
c->self, c->istate, c->ostate);
|
||||
} else if (c->flags & CHAN_CLOSE_SENT) {
|
||||
error("channel %d: internal error: already sent close", c->self);
|
||||
} else {
|
||||
packet_start(SSH2_MSG_CHANNEL_CLOSE);
|
||||
packet_put_int(c->remote_id);
|
||||
packet_send();
|
||||
c->flags |= CHAN_CLOSE_SENT;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_delete_if_full_closed2(Channel *c)
|
||||
{
|
||||
if (c->istate == CHAN_INPUT_CLOSED && c->ostate == CHAN_OUTPUT_CLOSED) {
|
||||
if (!(c->flags & CHAN_CLOSE_SENT)) {
|
||||
chan_send_close2(c);
|
||||
}
|
||||
if ((c->flags & CHAN_CLOSE_SENT) &&
|
||||
(c->flags & CHAN_CLOSE_RCVD)) {
|
||||
debug("channel %d: full closed2", c->self);
|
||||
channel_free(c->self);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* shared */
|
||||
void
|
||||
chan_init_iostates(Channel *c)
|
||||
{
|
||||
c->ostate = CHAN_OUTPUT_OPEN;
|
||||
c->istate = CHAN_INPUT_OPEN;
|
||||
c->flags = 0;
|
||||
}
|
||||
|
||||
/* init */
|
||||
void
|
||||
chan_init(void)
|
||||
{
|
||||
if (compat20) {
|
||||
chan_rcvd_oclose = chan_rcvd_oclose2;
|
||||
chan_read_failed = chan_read_failed_12;
|
||||
chan_ibuf_empty = chan_ibuf_empty2;
|
||||
|
||||
chan_rcvd_ieof = chan_rcvd_ieof2;
|
||||
chan_write_failed = chan_write_failed2;
|
||||
chan_obuf_empty = chan_obuf_empty2;
|
||||
|
||||
chan_delete_if_full_closed = chan_delete_if_full_closed2;
|
||||
} else {
|
||||
chan_rcvd_oclose = chan_rcvd_oclose1;
|
||||
chan_read_failed = chan_read_failed_12;
|
||||
chan_ibuf_empty = chan_ibuf_empty1;
|
||||
|
||||
chan_rcvd_ieof = chan_rcvd_ieof1;
|
||||
chan_write_failed = chan_write_failed1;
|
||||
chan_obuf_empty = chan_obuf_empty1;
|
||||
|
||||
chan_delete_if_full_closed = chan_delete_if_full_closed1;
|
||||
}
|
||||
}
|
||||
|
||||
/* helper */
|
||||
static void
|
||||
chan_shutdown_write(Channel *c)
|
||||
{
|
||||
buffer_consume(&c->output, buffer_len(&c->output));
|
||||
if (compat20 && c->type == SSH_CHANNEL_LARVAL)
|
||||
return;
|
||||
/* shutdown failure is allowed if write failed already */
|
||||
debug("channel %d: shutdown_write", c->self);
|
||||
if (shutdown(c->sock, SHUT_WR) < 0)
|
||||
debug("chan_shutdown_write failed for #%d/fd%d: %.100s",
|
||||
c->self, c->sock, strerror(errno));
|
||||
debug("channel %d: close_write", c->self);
|
||||
if (c->sock != -1) {
|
||||
if (shutdown(c->sock, SHUT_WR) < 0)
|
||||
debug("channel %d: chan_shutdown_write: shutdown() failed for fd%d: %.100s",
|
||||
c->self, c->sock, strerror(errno));
|
||||
} else {
|
||||
if (close(c->wfd) < 0)
|
||||
log("channel %d: chan_shutdown_write: close() failed for fd%d: %.100s",
|
||||
c->self, c->wfd, strerror(errno));
|
||||
c->wfd = -1;
|
||||
}
|
||||
}
|
||||
static void
|
||||
chan_shutdown_read(Channel *c)
|
||||
{
|
||||
debug("channel %d: shutdown_read", c->self);
|
||||
if (shutdown(c->sock, SHUT_RD) < 0)
|
||||
error("chan_shutdown_read failed for #%d/fd%d [i%d o%d]: %.100s",
|
||||
c->self, c->sock, c->istate, c->ostate, strerror(errno));
|
||||
}
|
||||
void
|
||||
chan_delete_if_full_closed(Channel *c)
|
||||
{
|
||||
if (c->istate == CHAN_INPUT_CLOSED && c->ostate == CHAN_OUTPUT_CLOSED) {
|
||||
debug("channel %d: full closed", c->self);
|
||||
channel_free(c->self);
|
||||
if (compat20 && c->type == SSH_CHANNEL_LARVAL)
|
||||
return;
|
||||
debug("channel %d: close_read", c->self);
|
||||
if (c->sock != -1) {
|
||||
if (shutdown(c->sock, SHUT_RD) < 0)
|
||||
error("channel %d: chan_shutdown_read: shutdown() failed for fd%d [i%d o%d]: %.100s",
|
||||
c->self, c->sock, c->istate, c->ostate, strerror(errno));
|
||||
} else {
|
||||
if (close(c->rfd) < 0)
|
||||
log("channel %d: chan_shutdown_read: close() failed for fd%d: %.100s",
|
||||
c->self, c->rfd, strerror(errno));
|
||||
c->rfd = -1;
|
||||
}
|
||||
}
|
||||
void
|
||||
chan_init_iostates(Channel *c)
|
||||
{
|
||||
c->ostate = CHAN_OUTPUT_OPEN;
|
||||
c->istate = CHAN_INPUT_OPEN;
|
||||
}
|
||||
|
|
30
nchan.h
30
nchan.h
|
@ -27,7 +27,7 @@
|
|||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* RCSID("$Id: nchan.h,v 1.4 2000/04/01 01:09:24 damien Exp $"); */
|
||||
/* RCSID("$Id: nchan.h,v 1.5 2000/04/04 04:39:02 damien Exp $"); */
|
||||
|
||||
#ifndef NCHAN_H
|
||||
#define NCHAN_H
|
||||
|
@ -72,17 +72,25 @@
|
|||
#define CHAN_OUTPUT_WAIT_IEOF 0x40
|
||||
#define CHAN_OUTPUT_CLOSED 0x80
|
||||
|
||||
/* EVENTS for the input state */
|
||||
void chan_rcvd_oclose(Channel * c);
|
||||
void chan_read_failed(Channel * c);
|
||||
void chan_ibuf_empty(Channel * c);
|
||||
#define CHAN_CLOSE_SENT 0x01
|
||||
#define CHAN_CLOSE_RCVD 0x02
|
||||
|
||||
/* EVENTS for the output state */
|
||||
void chan_rcvd_ieof(Channel * c);
|
||||
void chan_write_failed(Channel * c);
|
||||
void chan_obuf_empty(Channel * c);
|
||||
|
||||
/* Channel EVENTS */
|
||||
typedef void chan_event_fn(Channel * c);
|
||||
|
||||
/* for the input state */
|
||||
extern chan_event_fn *chan_rcvd_oclose;
|
||||
extern chan_event_fn *chan_read_failed;
|
||||
extern chan_event_fn *chan_ibuf_empty;
|
||||
|
||||
/* for the output state */
|
||||
extern chan_event_fn *chan_rcvd_ieof;
|
||||
extern chan_event_fn *chan_write_failed;
|
||||
extern chan_event_fn *chan_obuf_empty;
|
||||
|
||||
extern chan_event_fn *chan_delete_if_full_closed;
|
||||
|
||||
void chan_init_iostates(Channel * c);
|
||||
|
||||
void chan_delete_if_full_closed(Channel *c);
|
||||
void chan_init(void);
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
.TL
|
||||
OpenSSH Channel Close Protocol 2.0 Implementation
|
||||
.SH
|
||||
Channel Input State Diagram
|
||||
.PS
|
||||
reset
|
||||
l=1
|
||||
s=1.2
|
||||
ellipsewid=s*ellipsewid
|
||||
boxwid=s*boxwid
|
||||
ellipseht=s*ellipseht
|
||||
S1: ellipse "INPUT" "OPEN"
|
||||
move right 2*l from last ellipse.e
|
||||
S3: ellipse invis
|
||||
move down l from last ellipse.s
|
||||
S4: ellipse "INPUT" "CLOSED"
|
||||
move down l from 1st ellipse.s
|
||||
S2: ellipse "INPUT" "WAIT" "DRAIN"
|
||||
arrow from S1.e to S4.n
|
||||
box invis "rcvd CLOSE/" "shutdown_read" with .sw at last arrow.c
|
||||
arrow "ibuf_empty ||" "rcvd CLOSE/" "send EOF" "" from S2.e to S4.w
|
||||
arrow from S1.s to S2.n
|
||||
box invis "read_failed/" "shutdown_read" with .e at last arrow.c
|
||||
ellipse wid .9*ellipsewid ht .9*ellipseht at S4
|
||||
arrow "start" "" from S1.w+(-0.5,0) to S1.w
|
||||
.PE
|
||||
.SH
|
||||
Channel Output State Diagram
|
||||
.PS
|
||||
S1: ellipse "OUTPUT" "OPEN"
|
||||
move right 2*l from last ellipse.e
|
||||
S3: ellipse invis
|
||||
move down l from last ellipse.s
|
||||
S4: ellipse "OUTPUT" "CLOSED"
|
||||
move down l from 1st ellipse.s
|
||||
S2: ellipse "OUTPUT" "WAIT" "DRAIN"
|
||||
arrow from S1.e to S4.n
|
||||
box invis "write_failed/" "shutdown_write" with .sw at last arrow.c
|
||||
arrow "obuf_empty ||" "write_failed/" "shutdown_write" "" from S2.e to S4.w
|
||||
arrow from S1.s to S2.n
|
||||
box invis "rcvd EOF ||" "rcvd CLOSE/" "-" with .e at last arrow.c
|
||||
ellipse wid .9*ellipsewid ht .9*ellipseht at S4
|
||||
arrow "start" "" from S1.w+(-0.5,0) to S1.w
|
||||
.PE
|
||||
.SH
|
||||
Notes
|
||||
.PP
|
||||
The input buffer is filled with data from the socket
|
||||
(the socket represents the local consumer/producer of the
|
||||
forwarded channel).
|
||||
The data is then sent over the INPUT-end (transmit-end) of the channel to the
|
||||
remote peer.
|
||||
Data sent by the peer is received on the OUTPUT-end (receive-end),
|
||||
saved in the output buffer and written to the socket.
|
||||
.PP
|
||||
If the local protocol instance has forwarded all data on the
|
||||
INPUT-end of the channel, it sends an EOF message to the peer.
|
||||
.PP
|
||||
A CLOSE message is sent to the peer if
|
||||
both the INPUT- and the OUTOUT-half of the local
|
||||
end of the channel are closed.
|
||||
.PP
|
||||
The channel can be deallocated by a protocol instance
|
||||
if a CLOSE message he been both sent and received.
|
514
packet.c
514
packet.c
|
@ -11,11 +11,13 @@
|
|||
*
|
||||
* This file contains code implementing the packet protocol and communication
|
||||
* with the other side. This same code is used both on client and server side.
|
||||
*
|
||||
*
|
||||
* SSH2 packet format added by Markus Friedl.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: packet.c,v 1.13 2000/04/01 01:09:25 damien Exp $");
|
||||
RCSID("$Id: packet.c,v 1.14 2000/04/04 04:39:03 damien Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
|
@ -30,6 +32,22 @@ RCSID("$Id: packet.c,v 1.13 2000/04/01 01:09:25 damien Exp $");
|
|||
#include "deattack.h"
|
||||
#include "channels.h"
|
||||
|
||||
#include "compat.h"
|
||||
#include "ssh2.h"
|
||||
|
||||
#include <ssl/bn.h>
|
||||
#include <ssl/dh.h>
|
||||
#include <ssl/hmac.h>
|
||||
#include "buffer.h"
|
||||
#include "kex.h"
|
||||
#include "hmac.h"
|
||||
|
||||
#ifdef PACKET_DEBUG
|
||||
#define DBG(x) x
|
||||
#else
|
||||
#define DBG(x)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This variable contains the file descriptors used for communicating with
|
||||
* the other side. connection_in is used for reading; connection_out for
|
||||
|
@ -81,11 +99,45 @@ static int initialized = 0;
|
|||
/* Set to true if the connection is interactive. */
|
||||
static int interactive_mode = 0;
|
||||
|
||||
/* True if SSH2 packet format is used */
|
||||
int use_ssh2_packet_format = 0;
|
||||
|
||||
/* Session key information for Encryption and MAC */
|
||||
Kex *kex = NULL;
|
||||
|
||||
void
|
||||
packet_set_kex(Kex *k)
|
||||
{
|
||||
if( k->mac[MODE_IN ].key == NULL ||
|
||||
k->enc[MODE_IN ].key == NULL ||
|
||||
k->enc[MODE_IN ].iv == NULL ||
|
||||
k->mac[MODE_OUT].key == NULL ||
|
||||
k->enc[MODE_OUT].key == NULL ||
|
||||
k->enc[MODE_OUT].iv == NULL)
|
||||
fatal("bad KEX");
|
||||
kex = k;
|
||||
}
|
||||
void
|
||||
clear_enc_keys(Enc *enc, int len)
|
||||
{
|
||||
memset(enc->iv, 0, len);
|
||||
memset(enc->key, 0, len);
|
||||
xfree(enc->iv);
|
||||
xfree(enc->key);
|
||||
enc->iv = NULL;
|
||||
enc->key = NULL;
|
||||
}
|
||||
void
|
||||
packet_set_ssh2_format(void)
|
||||
{
|
||||
debug("use_ssh2_packet_format");
|
||||
use_ssh2_packet_format = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Sets the descriptors used for communication. Disables encryption until
|
||||
* packet_set_encryption_key is called.
|
||||
*/
|
||||
|
||||
void
|
||||
packet_set_connection(int fd_in, int fd_out)
|
||||
{
|
||||
|
@ -225,6 +277,7 @@ packet_get_protocol_flags()
|
|||
* Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
|
||||
*/
|
||||
|
||||
/*** XXXXX todo: kex means re-init */
|
||||
void
|
||||
packet_start_compression(int level)
|
||||
{
|
||||
|
@ -242,7 +295,7 @@ packet_start_compression(int level)
|
|||
|
||||
void
|
||||
packet_encrypt(CipherContext * cc, void *dest, void *src,
|
||||
unsigned int bytes)
|
||||
unsigned int bytes)
|
||||
{
|
||||
cipher_encrypt(cc, dest, src, bytes);
|
||||
}
|
||||
|
@ -254,7 +307,7 @@ packet_encrypt(CipherContext * cc, void *dest, void *src,
|
|||
|
||||
void
|
||||
packet_decrypt(CipherContext * cc, void *dest, void *src,
|
||||
unsigned int bytes)
|
||||
unsigned int bytes)
|
||||
{
|
||||
int i;
|
||||
|
||||
|
@ -266,15 +319,11 @@ packet_decrypt(CipherContext * cc, void *dest, void *src,
|
|||
* (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com)
|
||||
*/
|
||||
|
||||
switch (cc->type) {
|
||||
case SSH_CIPHER_NONE:
|
||||
if (cc->type == SSH_CIPHER_NONE || compat20) {
|
||||
i = DEATTACK_OK;
|
||||
break;
|
||||
default:
|
||||
} else {
|
||||
i = detect_attack(src, bytes, NULL);
|
||||
break;
|
||||
}
|
||||
|
||||
if (i == DEATTACK_DETECTED)
|
||||
packet_disconnect("crc32 compensation attack: network attack detected");
|
||||
|
||||
|
@ -289,8 +338,11 @@ packet_decrypt(CipherContext * cc, void *dest, void *src,
|
|||
|
||||
void
|
||||
packet_set_encryption_key(const unsigned char *key, unsigned int keylen,
|
||||
int cipher)
|
||||
int cipher)
|
||||
{
|
||||
if (keylen < 20)
|
||||
fatal("keylen too small: %d", keylen);
|
||||
|
||||
/* All other ciphers use the same key in both directions for now. */
|
||||
cipher_set_key(&receive_context, cipher, key, keylen, 0);
|
||||
cipher_set_key(&send_context, cipher, key, keylen, 1);
|
||||
|
@ -299,7 +351,7 @@ packet_set_encryption_key(const unsigned char *key, unsigned int keylen,
|
|||
/* Starts constructing a packet to send. */
|
||||
|
||||
void
|
||||
packet_start(int type)
|
||||
packet_start1(int type)
|
||||
{
|
||||
char buf[9];
|
||||
|
||||
|
@ -309,6 +361,29 @@ packet_start(int type)
|
|||
buffer_append(&outgoing_packet, buf, 9);
|
||||
}
|
||||
|
||||
void
|
||||
packet_start2(int type)
|
||||
{
|
||||
char buf[4+1+1];
|
||||
|
||||
buffer_clear(&outgoing_packet);
|
||||
memset(buf, 0, sizeof buf);
|
||||
/* buf[0..3] = payload_len; */
|
||||
/* buf[4] = pad_len; */
|
||||
buf[5] = type & 0xff;
|
||||
buffer_append(&outgoing_packet, buf, sizeof buf);
|
||||
}
|
||||
|
||||
void
|
||||
packet_start(int type)
|
||||
{
|
||||
DBG(debug("packet_start[%d]",type));
|
||||
if (use_ssh2_packet_format)
|
||||
packet_start2(type);
|
||||
else
|
||||
packet_start1(type);
|
||||
}
|
||||
|
||||
/* Appends a character to the packet data. */
|
||||
|
||||
void
|
||||
|
@ -333,6 +408,18 @@ packet_put_string(const char *buf, unsigned int len)
|
|||
{
|
||||
buffer_put_string(&outgoing_packet, buf, len);
|
||||
}
|
||||
void
|
||||
packet_put_cstring(const char *str)
|
||||
{
|
||||
buffer_put_string(&outgoing_packet, str, strlen(str));
|
||||
}
|
||||
|
||||
void
|
||||
packet_put_raw(const char *buf, unsigned int len)
|
||||
{
|
||||
buffer_append(&outgoing_packet, buf, len);
|
||||
}
|
||||
|
||||
|
||||
/* Appends an arbitrary precision integer to packet data. */
|
||||
|
||||
|
@ -341,6 +428,11 @@ packet_put_bignum(BIGNUM * value)
|
|||
{
|
||||
buffer_put_bignum(&outgoing_packet, value);
|
||||
}
|
||||
void
|
||||
packet_put_bignum2(BIGNUM * value)
|
||||
{
|
||||
buffer_put_bignum2(&outgoing_packet, value);
|
||||
}
|
||||
|
||||
/*
|
||||
* Finalizes and sends the packet. If the encryption key has been set,
|
||||
|
@ -348,7 +440,7 @@ packet_put_bignum(BIGNUM * value)
|
|||
*/
|
||||
|
||||
void
|
||||
packet_send()
|
||||
packet_send1()
|
||||
{
|
||||
char buf[8], *cp;
|
||||
int i, padding, len;
|
||||
|
@ -418,6 +510,139 @@ packet_send()
|
|||
*/
|
||||
}
|
||||
|
||||
/*
|
||||
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
|
||||
*/
|
||||
void
|
||||
packet_send2()
|
||||
{
|
||||
unsigned char *macbuf = NULL;
|
||||
char *cp;
|
||||
unsigned int packet_length = 0;
|
||||
unsigned int i, padlen, len;
|
||||
u_int32_t rand = 0;
|
||||
static unsigned int seqnr = 0;
|
||||
int type;
|
||||
Enc *enc = NULL;
|
||||
Mac *mac = NULL;
|
||||
Comp *comp = NULL;
|
||||
int block_size;
|
||||
|
||||
if (kex != NULL) {
|
||||
enc = &kex->enc[MODE_OUT];
|
||||
mac = &kex->mac[MODE_OUT];
|
||||
comp = &kex->comp[MODE_OUT];
|
||||
}
|
||||
block_size = enc ? enc->block_size : 8;
|
||||
|
||||
cp = buffer_ptr(&outgoing_packet);
|
||||
type = cp[5] & 0xff;
|
||||
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "plain: ");
|
||||
buffer_dump(&outgoing_packet);
|
||||
#endif
|
||||
|
||||
if (comp && comp->enabled) {
|
||||
len = buffer_len(&outgoing_packet);
|
||||
/* skip header, compress only payload */
|
||||
buffer_consume(&outgoing_packet, 5);
|
||||
buffer_clear(&compression_buffer);
|
||||
buffer_compress(&outgoing_packet, &compression_buffer);
|
||||
buffer_clear(&outgoing_packet);
|
||||
buffer_append(&outgoing_packet, "\0\0\0\0\0", 5);
|
||||
buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
|
||||
buffer_len(&compression_buffer));
|
||||
DBG(debug("compression: raw %d compressed %d", len,
|
||||
buffer_len(&outgoing_packet)));
|
||||
}
|
||||
|
||||
/* sizeof (packet_len + pad_len + payload) */
|
||||
len = buffer_len(&outgoing_packet);
|
||||
|
||||
/*
|
||||
* calc size of padding, alloc space, get random data,
|
||||
* minimum padding is 4 bytes
|
||||
*/
|
||||
padlen = block_size - (len % block_size);
|
||||
if (padlen < 4)
|
||||
padlen += block_size;
|
||||
buffer_append_space(&outgoing_packet, &cp, padlen);
|
||||
if (enc && enc->type != SSH_CIPHER_NONE) {
|
||||
for (i = 0; i < padlen; i++) {
|
||||
if (i % 4 == 0)
|
||||
rand = arc4random();
|
||||
cp[i] = rand & 0xff;
|
||||
rand <<= 8;
|
||||
}
|
||||
}
|
||||
/* packet_length includes payload, padding and padding length field */
|
||||
packet_length = buffer_len(&outgoing_packet) - 4;
|
||||
cp = buffer_ptr(&outgoing_packet);
|
||||
PUT_32BIT(cp, packet_length);
|
||||
cp[4] = padlen & 0xff;
|
||||
DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
|
||||
|
||||
/* compute MAC over seqnr and packet(length fields, payload, padding) */
|
||||
if (mac && mac->enabled) {
|
||||
macbuf = hmac( mac->md, seqnr,
|
||||
(unsigned char *) buffer_ptr(&outgoing_packet),
|
||||
buffer_len(&outgoing_packet),
|
||||
mac->key, mac->key_len
|
||||
);
|
||||
DBG(debug("done calc HMAC out #%d", seqnr));
|
||||
}
|
||||
/* encrypt packet and append to output buffer. */
|
||||
buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));
|
||||
packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
|
||||
buffer_len(&outgoing_packet));
|
||||
/* append unencrypted MAC */
|
||||
if (mac && mac->enabled)
|
||||
buffer_append(&output, (char *)macbuf, mac->mac_len);
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "encrypted: ");
|
||||
buffer_dump(&output);
|
||||
#endif
|
||||
/* increment sequence number for outgoing packets */
|
||||
if (++seqnr == 0)
|
||||
log("outgoing seqnr wraps around");
|
||||
buffer_clear(&outgoing_packet);
|
||||
|
||||
if (type == SSH2_MSG_NEWKEYS) {
|
||||
if (kex==NULL || mac==NULL || enc==NULL || comp==NULL)
|
||||
fatal("packet_send2: no KEX");
|
||||
if (mac->md != NULL)
|
||||
mac->enabled = 1;
|
||||
debug("cipher_set_key_iv send_context");
|
||||
cipher_set_key_iv(&send_context, enc->type,
|
||||
enc->key, enc->key_len,
|
||||
enc->iv, enc->iv_len);
|
||||
clear_enc_keys(enc, kex->we_need);
|
||||
if (comp->type != 0 && comp->enabled == 0) {
|
||||
comp->enabled = 1;
|
||||
if (! packet_compression)
|
||||
packet_start_compression(6);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
packet_send()
|
||||
{
|
||||
if (use_ssh2_packet_format)
|
||||
packet_send2();
|
||||
else
|
||||
packet_send1();
|
||||
DBG(debug("packet_send done"));
|
||||
}
|
||||
|
||||
void
|
||||
packet_send_and_wait()
|
||||
{
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
}
|
||||
|
||||
/*
|
||||
* Waits until a packet has been received, and returns its type. Note that
|
||||
* no other data is processed until this returns, so this function should not
|
||||
|
@ -430,6 +655,7 @@ packet_read(int *payload_len_ptr)
|
|||
int type, len;
|
||||
fd_set set;
|
||||
char buf[8192];
|
||||
DBG(debug("packet_read()"));
|
||||
|
||||
/* Since we are blocking, ensure that all written packets have been sent. */
|
||||
packet_write_wait();
|
||||
|
@ -483,7 +709,7 @@ packet_read_expect(int *payload_len_ptr, int expected_type)
|
|||
type = packet_read(payload_len_ptr);
|
||||
if (type != expected_type)
|
||||
packet_disconnect("Protocol error: expected packet type %d, got %d",
|
||||
expected_type, type);
|
||||
expected_type, type);
|
||||
}
|
||||
|
||||
/* Checks if a full packet is available in the data received so far via
|
||||
|
@ -502,15 +728,13 @@ packet_read_expect(int *payload_len_ptr, int expected_type)
|
|||
*/
|
||||
|
||||
int
|
||||
packet_read_poll(int *payload_len_ptr)
|
||||
packet_read_poll1(int *payload_len_ptr)
|
||||
{
|
||||
unsigned int len, padded_len;
|
||||
unsigned char *ucp;
|
||||
char buf[8], *cp, *msg;
|
||||
char buf[8], *cp;
|
||||
unsigned int checksum, stored_checksum;
|
||||
|
||||
restart:
|
||||
|
||||
/* Check if input size is less than minimum packet size. */
|
||||
if (buffer_len(&input) < 4 + 8)
|
||||
return SSH_MSG_NONE;
|
||||
|
@ -543,7 +767,7 @@ restart:
|
|||
|
||||
/* Compute packet checksum. */
|
||||
checksum = crc32((unsigned char *) buffer_ptr(&incoming_packet),
|
||||
buffer_len(&incoming_packet) - 4);
|
||||
buffer_len(&incoming_packet) - 4);
|
||||
|
||||
/* Skip padding. */
|
||||
buffer_consume(&incoming_packet, 8 - len % 8);
|
||||
|
@ -552,7 +776,7 @@ restart:
|
|||
|
||||
if (len != buffer_len(&incoming_packet))
|
||||
packet_disconnect("packet_read_poll: len %d != buffer_len %d.",
|
||||
len, buffer_len(&incoming_packet));
|
||||
len, buffer_len(&incoming_packet));
|
||||
|
||||
ucp = (unsigned char *) buffer_ptr(&incoming_packet) + len - 4;
|
||||
stored_checksum = GET_32BIT(ucp);
|
||||
|
@ -566,7 +790,7 @@ restart:
|
|||
buffer_uncompress(&incoming_packet, &compression_buffer);
|
||||
buffer_clear(&incoming_packet);
|
||||
buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
|
||||
buffer_len(&compression_buffer));
|
||||
buffer_len(&compression_buffer));
|
||||
}
|
||||
/* Get packet type. */
|
||||
buffer_get(&incoming_packet, &buf[0], 1);
|
||||
|
@ -574,29 +798,208 @@ restart:
|
|||
/* Return length of payload (without type field). */
|
||||
*payload_len_ptr = buffer_len(&incoming_packet);
|
||||
|
||||
/* Handle disconnect message. */
|
||||
if ((unsigned char) buf[0] == SSH_MSG_DISCONNECT) {
|
||||
msg = packet_get_string(NULL);
|
||||
log("Received disconnect: %.900s", msg);
|
||||
xfree(msg);
|
||||
fatal_cleanup();
|
||||
}
|
||||
|
||||
/* Ignore ignore messages. */
|
||||
if ((unsigned char) buf[0] == SSH_MSG_IGNORE)
|
||||
goto restart;
|
||||
|
||||
/* Send debug messages as debugging output. */
|
||||
if ((unsigned char) buf[0] == SSH_MSG_DEBUG) {
|
||||
msg = packet_get_string(NULL);
|
||||
debug("Remote: %.900s", msg);
|
||||
xfree(msg);
|
||||
goto restart;
|
||||
}
|
||||
/* Return type. */
|
||||
return (unsigned char) buf[0];
|
||||
}
|
||||
|
||||
int
|
||||
packet_read_poll2(int *payload_len_ptr)
|
||||
{
|
||||
unsigned int padlen, need;
|
||||
unsigned char buf[8], *macbuf;
|
||||
unsigned char *ucp;
|
||||
char *cp;
|
||||
static unsigned int packet_length = 0;
|
||||
static unsigned int seqnr = 0;
|
||||
int type;
|
||||
int maclen, block_size;
|
||||
Enc *enc = NULL;
|
||||
Mac *mac = NULL;
|
||||
Comp *comp = NULL;
|
||||
|
||||
if (kex != NULL) {
|
||||
enc = &kex->enc[MODE_IN];
|
||||
mac = &kex->mac[MODE_IN];
|
||||
comp = &kex->comp[MODE_IN];
|
||||
}
|
||||
maclen = mac && mac->enabled ? mac->mac_len : 0;
|
||||
block_size = enc ? enc->block_size : 8;
|
||||
|
||||
if (packet_length == 0) {
|
||||
/*
|
||||
* check if input size is less than the cipher block size,
|
||||
* decrypt first block and extract length of incoming packet
|
||||
*/
|
||||
if (buffer_len(&input) < block_size)
|
||||
return SSH_MSG_NONE;
|
||||
buffer_clear(&incoming_packet);
|
||||
buffer_append_space(&incoming_packet, &cp, block_size);
|
||||
packet_decrypt(&receive_context, cp, buffer_ptr(&input),
|
||||
block_size);
|
||||
ucp = (unsigned char *) buffer_ptr(&incoming_packet);
|
||||
packet_length = GET_32BIT(ucp);
|
||||
if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
|
||||
buffer_dump(&incoming_packet);
|
||||
packet_disconnect("Bad packet length %d.", packet_length);
|
||||
}
|
||||
DBG(debug("input: packet len %d", packet_length+4));
|
||||
buffer_consume(&input, block_size);
|
||||
}
|
||||
/* we have a partial packet of block_size bytes */
|
||||
need = 4 + packet_length - block_size;
|
||||
DBG(debug("partial packet %d, need %d, maclen %d", block_size,
|
||||
need, maclen));
|
||||
if (need % block_size != 0)
|
||||
fatal("padding error: need %d block %d mod %d",
|
||||
need, block_size, need % block_size);
|
||||
/*
|
||||
* check if the entire packet has been received and
|
||||
* decrypt into incoming_packet
|
||||
*/
|
||||
if (buffer_len(&input) < need + maclen)
|
||||
return SSH_MSG_NONE;
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "read_poll enc/full: ");
|
||||
buffer_dump(&input);
|
||||
#endif
|
||||
buffer_append_space(&incoming_packet, &cp, need);
|
||||
packet_decrypt(&receive_context, cp, buffer_ptr(&input), need);
|
||||
buffer_consume(&input, need);
|
||||
/*
|
||||
* compute MAC over seqnr and packet,
|
||||
* increment sequence number for incoming packet
|
||||
*/
|
||||
if (mac && mac->enabled) {
|
||||
macbuf = hmac( mac->md, seqnr,
|
||||
(unsigned char *) buffer_ptr(&incoming_packet),
|
||||
buffer_len(&incoming_packet),
|
||||
mac->key, mac->key_len
|
||||
);
|
||||
if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
|
||||
packet_disconnect("Corrupted HMAC on input.");
|
||||
DBG(debug("HMAC #%d ok", seqnr));
|
||||
buffer_consume(&input, mac->mac_len);
|
||||
}
|
||||
if (++seqnr == 0)
|
||||
log("incoming seqnr wraps around");
|
||||
|
||||
/* get padlen */
|
||||
cp = buffer_ptr(&incoming_packet) + 4;
|
||||
padlen = *cp & 0xff;
|
||||
DBG(debug("input: padlen %d", padlen));
|
||||
if (padlen < 4)
|
||||
packet_disconnect("Corrupted padlen %d on input.", padlen);
|
||||
|
||||
/* skip packet size + padlen, discard padding */
|
||||
buffer_consume(&incoming_packet, 4 + 1);
|
||||
buffer_consume_end(&incoming_packet, padlen);
|
||||
|
||||
DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet)));
|
||||
if (comp && comp->enabled) {
|
||||
buffer_clear(&compression_buffer);
|
||||
buffer_uncompress(&incoming_packet, &compression_buffer);
|
||||
buffer_clear(&incoming_packet);
|
||||
buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
|
||||
buffer_len(&compression_buffer));
|
||||
DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet)));
|
||||
}
|
||||
/*
|
||||
* get packet type, implies consume.
|
||||
* return length of payload (without type field)
|
||||
*/
|
||||
buffer_get(&incoming_packet, (char *)&buf[0], 1);
|
||||
*payload_len_ptr = buffer_len(&incoming_packet);
|
||||
|
||||
/* reset for next packet */
|
||||
packet_length = 0;
|
||||
|
||||
/* extract packet type */
|
||||
type = (unsigned char)buf[0];
|
||||
|
||||
if (type == SSH2_MSG_NEWKEYS) {
|
||||
if (kex==NULL || mac==NULL || enc==NULL || comp==NULL)
|
||||
fatal("packet_read_poll2: no KEX");
|
||||
if (mac->md != NULL)
|
||||
mac->enabled = 1;
|
||||
debug("cipher_set_key_iv receive_context");
|
||||
cipher_set_key_iv(&receive_context, enc->type,
|
||||
enc->key, enc->key_len,
|
||||
enc->iv, enc->iv_len);
|
||||
clear_enc_keys(enc, kex->we_need);
|
||||
if (comp->type != 0 && comp->enabled == 0) {
|
||||
comp->enabled = 1;
|
||||
if (! packet_compression)
|
||||
packet_start_compression(6);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "read/plain[%d]:\r\n",type);
|
||||
buffer_dump(&incoming_packet);
|
||||
#endif
|
||||
return (unsigned char)type;
|
||||
}
|
||||
|
||||
int
|
||||
packet_read_poll(int *payload_len_ptr)
|
||||
{
|
||||
char *msg;
|
||||
for (;;) {
|
||||
int type = use_ssh2_packet_format ?
|
||||
packet_read_poll2(payload_len_ptr):
|
||||
packet_read_poll1(payload_len_ptr);
|
||||
|
||||
if(compat20) {
|
||||
int reason;
|
||||
if (type != 0)
|
||||
DBG(debug("received packet type %d", type));
|
||||
switch(type) {
|
||||
case SSH2_MSG_IGNORE:
|
||||
break;
|
||||
case SSH2_MSG_DEBUG:
|
||||
packet_get_char();
|
||||
msg = packet_get_string(NULL);
|
||||
debug("Remote: %.900s", msg);
|
||||
xfree(msg);
|
||||
msg = packet_get_string(NULL);
|
||||
xfree(msg);
|
||||
break;
|
||||
case SSH2_MSG_DISCONNECT:
|
||||
reason = packet_get_int();
|
||||
msg = packet_get_string(NULL);
|
||||
log("Received disconnect: %d: %.900s", reason, msg);
|
||||
xfree(msg);
|
||||
fatal_cleanup();
|
||||
break;
|
||||
default:
|
||||
return type;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
switch(type) {
|
||||
case SSH_MSG_IGNORE:
|
||||
break;
|
||||
case SSH_MSG_DEBUG:
|
||||
msg = packet_get_string(NULL);
|
||||
debug("Remote: %.900s", msg);
|
||||
xfree(msg);
|
||||
break;
|
||||
case SSH_MSG_DISCONNECT:
|
||||
msg = packet_get_string(NULL);
|
||||
log("Received disconnect: %.900s", msg);
|
||||
fatal_cleanup();
|
||||
xfree(msg);
|
||||
break;
|
||||
default:
|
||||
if (type != 0)
|
||||
DBG(debug("received packet type %d", type));
|
||||
return type;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Buffers the given amount of input characters. This is intended to be used
|
||||
* together with packet_read_poll.
|
||||
|
@ -637,6 +1040,21 @@ packet_get_bignum(BIGNUM * value, int *length_ptr)
|
|||
*length_ptr = buffer_get_bignum(&incoming_packet, value);
|
||||
}
|
||||
|
||||
void
|
||||
packet_get_bignum2(BIGNUM * value, int *length_ptr)
|
||||
{
|
||||
*length_ptr = buffer_get_bignum2(&incoming_packet, value);
|
||||
}
|
||||
|
||||
char *
|
||||
packet_get_raw(int *length_ptr)
|
||||
{
|
||||
int bytes = buffer_len(&incoming_packet);
|
||||
if (length_ptr != NULL)
|
||||
*length_ptr = bytes;
|
||||
return buffer_ptr(&incoming_packet);
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns a string from the packet data. The string is allocated using
|
||||
* xmalloc; it is the responsibility of the calling program to free it when
|
||||
|
@ -701,8 +1119,15 @@ packet_disconnect(const char *fmt,...)
|
|||
va_end(args);
|
||||
|
||||
/* Send the disconnect message to the other side, and wait for it to get sent. */
|
||||
packet_start(SSH_MSG_DISCONNECT);
|
||||
packet_put_string(buf, strlen(buf));
|
||||
if (compat20) {
|
||||
packet_start(SSH2_MSG_DISCONNECT);
|
||||
packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR);
|
||||
packet_put_cstring(buf);
|
||||
packet_put_cstring("");
|
||||
} else {
|
||||
packet_start(SSH_MSG_DISCONNECT);
|
||||
packet_put_string(buf, strlen(buf));
|
||||
}
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
|
@ -833,7 +1258,8 @@ packet_set_maxsize(int s)
|
|||
{
|
||||
static int called = 0;
|
||||
if (called) {
|
||||
log("packet_set_maxsize: called twice: old %d new %d", max_packet_size, s);
|
||||
log("packet_set_maxsize: called twice: old %d new %d",
|
||||
max_packet_size, s);
|
||||
return -1;
|
||||
}
|
||||
if (s < 4 * 1024 || s > 1024 * 1024) {
|
||||
|
|
10
packet.h
10
packet.h
|
@ -13,7 +13,7 @@
|
|||
*
|
||||
*/
|
||||
|
||||
/* RCSID("$Id: packet.h,v 1.10 2000/03/17 12:40:16 damien Exp $"); */
|
||||
/* RCSID("$Id: packet.h,v 1.11 2000/04/04 04:39:03 damien Exp $"); */
|
||||
|
||||
#ifndef PACKET_H
|
||||
#define PACKET_H
|
||||
|
@ -90,9 +90,12 @@ void packet_put_int(unsigned int value);
|
|||
|
||||
/* Appends an arbitrary precision integer to packet data. */
|
||||
void packet_put_bignum(BIGNUM * value);
|
||||
void packet_put_bignum2(BIGNUM * value);
|
||||
|
||||
/* Appends a string to packet data. */
|
||||
void packet_put_string(const char *buf, unsigned int len);
|
||||
void packet_put_cstring(const char *str);
|
||||
void packet_put_raw(const char *buf, unsigned int len);
|
||||
|
||||
/*
|
||||
* Finalizes and sends the packet. If the encryption key has been set,
|
||||
|
@ -136,6 +139,8 @@ unsigned int packet_get_int(void);
|
|||
* must have been initialized before this call.
|
||||
*/
|
||||
void packet_get_bignum(BIGNUM * value, int *length_ptr);
|
||||
void packet_get_bignum2(BIGNUM * value, int *length_ptr);
|
||||
char *packet_get_raw(int *length_ptr);
|
||||
|
||||
/*
|
||||
* Returns a string from the packet data. The string is allocated using
|
||||
|
@ -202,4 +207,7 @@ do { \
|
|||
int packet_connection_is_on_socket(void);
|
||||
int packet_connection_is_ipv4(void);
|
||||
|
||||
/* enable SSH2 packet format */
|
||||
void packet_set_ssh2_format(void);
|
||||
|
||||
#endif /* PACKET_H */
|
||||
|
|
Loading…
Reference in New Issue