src/usr.bin/ssh/packet.c - diff

Return to packet.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/packet.c between version 1.32.2.4 and 1.33

version 1.32.2.4, 2001/03/21 18:52:55

version 1.33, 2000/06/20 01:39:43

Line 1

* packet.c

* Author: Tatu Ylonen <ylo@cs.hut.fi>

* Created: Sat Mar 18 02:40:40 1995 ylo

* This file contains code implementing the packet protocol and communication

* with the other side. This same code is used both on client and server side.

* As far as I am concerned, the code I have written for this software

* can be used freely for any purpose. Any derived versions of this

* software must be clearly marked as such, and if the derived work is

* incompatible with the protocol description in the RFC file, it must be

* called by a name other than "ssh" or "Secure Shell".

* SSH2 packet format added by Markus Friedl.

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

* 1. Redistributions of source code must retain the above copyright

* notice, this list of conditions and the following disclaimer.

* 2. Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in the

* documentation and/or other materials provided with the distribution.

* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR

* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,

* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#include "includes.h"

Line 43

Line 23

#include "buffer.h"

#include "packet.h"

#include "bufaux.h"

#include "ssh.h"

#include "crc32.h"

#include "cipher.h"

#include "getput.h"

#include "compress.h"

Line 51

Line 33

#include "channels.h"

#include "compat.h"

#include "ssh1.h"

#include "ssh2.h"

#include "cipher.h"

#include <openssl/bn.h>

#include <openssl/dh.h>

#include <openssl/hmac.h>

#include "buffer.h"

#include "kex.h"

#include "mac.h"

#include "hmac.h"

#include "log.h"

#include "canohost.h"

#ifdef PACKET_DEBUG

#define DBG(x) x

Line 82

Line 64

static int cipher_type = SSH_CIPHER_NONE;

/* Protocol flags for the remote side. */

static u_int remote_protocol_flags = 0;

static unsigned int remote_protocol_flags = 0;

/* Encryption context for receiving data. This is only used for decryption. */

static CipherContext receive_context;

Line 159

Line 141

void

packet_set_connection(int fd_in, int fd_out)

{

Cipher *none = cipher_by_name("none");

if (none == NULL)

fatal("packet_set_connection: cannot load cipher 'none'");

connection_in = fd_in;

connection_out = fd_out;

cipher_type = SSH_CIPHER_NONE;

cipher_init(&send_context, none, (u_char *) "", 0, NULL, 0);

cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0);

cipher_init(&receive_context, none, (u_char *) "", 0, NULL, 0);

cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0);

if (!initialized) {

initialized = 1;

buffer_init(&input);

Line 279

Line 258

/* Sets remote side protocol flags. */

void

packet_set_protocol_flags(u_int protocol_flags)

packet_set_protocol_flags(unsigned int protocol_flags)

{

remote_protocol_flags = protocol_flags;

channel_set_options((protocol_flags & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) != 0);

Line 287

Line 266

/* Returns the remote protocol flags set earlier by the above function. */

u_int

unsigned int

packet_get_protocol_flags()

{

return remote_protocol_flags;

Line 316

Line 295

void

packet_encrypt(CipherContext * cc, void *dest, void *src,

u_int bytes)

unsigned int bytes)

{

cipher_encrypt(cc, dest, src, bytes);

}

Line 327

Line 306

void

packet_decrypt(CipherContext *context, void *dest, void *src, u_int bytes)

packet_decrypt(CipherContext * cc, void *dest, void *src,

unsigned int bytes)

{

int i;

if ((bytes % 8) != 0)

fatal("packet_decrypt: bad ciphertext length %d", bytes);

* Cryptographic attack detector for ssh - Modifications for packet.c

if (!compat20 &&

context->cipher->number != SSH_CIPHER_NONE &&

if (cc->type == SSH_CIPHER_NONE || compat20) {

detect_attack(src, bytes, NULL) == DEATTACK_DETECTED)

i = DEATTACK_OK;

} else {

i = detect_attack(src, bytes, NULL);

}

if (i == DEATTACK_DETECTED)

packet_disconnect("crc32 compensation attack: network attack detected");

cipher_decrypt(context, dest, src, bytes);

cipher_decrypt(cc, dest, src, bytes);

}

Line 348

Line 337

void

packet_set_encryption_key(const u_char *key, u_int keylen,

packet_set_encryption_key(const unsigned char *key, unsigned int keylen,

int number)

int cipher)

{

Cipher *cipher = cipher_by_number(number);

if (cipher == NULL)

fatal("packet_set_encryption_key: unknown cipher number %d", number);

if (keylen < 20)

fatal("packet_set_encryption_key: keylen too small: %d", keylen);

fatal("keylen too small: %d", keylen);

cipher_init(&receive_context, cipher, key, keylen, NULL, 0);

cipher_init(&send_context, cipher, key, keylen, NULL, 0);

/* All other ciphers use the same key in both directions for now. */

cipher_set_key(&receive_context, cipher, key, keylen);

cipher_set_key(&send_context, cipher, key, keylen);

}

/* Starts constructing a packet to send. */

Line 389

Line 377

void

packet_start(int type)

{

DBG(debug("packet_start[%d]", type));

DBG(debug("packet_start[%d]",type));

if (use_ssh2_packet_format)

packet_start2(type);

else

Line 408

Line 396

/* Appends an integer to the packet data. */

void

packet_put_int(u_int value)

packet_put_int(unsigned int value)

{

buffer_put_int(&outgoing_packet, value);

}

Line 416

Line 404

/* Appends a string to packet data. */

void

packet_put_string(const char *buf, u_int len)

packet_put_string(const char *buf, unsigned int len)

{

buffer_put_string(&outgoing_packet, buf, len);

}

Line 427

Line 415

}

void

packet_put_raw(const char *buf, u_int len)

packet_put_raw(const char *buf, unsigned int len)

{

buffer_append(&outgoing_packet, buf, len);

}

Line 452

Line 440

void

packet_send1(void)

packet_send1()

{

char buf[8], *cp;

int i, padding, len;

u_int checksum;

unsigned int checksum;

u_int32_t rand = 0;

Line 491

Line 479

buffer_consume(&outgoing_packet, 8 - padding);

/* Add check bytes. */

checksum = ssh_crc32((u_char *) buffer_ptr(&outgoing_packet),

checksum = crc32((unsigned char *) buffer_ptr(&outgoing_packet),

buffer_len(&outgoing_packet));

PUT_32BIT(buf, checksum);

buffer_append(&outgoing_packet, buf, 4);

Line 526

Line 514

* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)

void

packet_send2(void)

packet_send2()

{

static u_int32_t seqnr = 0;

unsigned char *macbuf = NULL;

u_char *macbuf = NULL;

char *cp;

u_int packet_length = 0;

unsigned int packet_length = 0;

u_int i, padlen, len;

unsigned int i, padlen, len;

u_int32_t rand = 0;

static unsigned int seqnr = 0;

int type;

Enc *enc = NULL;

Mac *mac = NULL;

Line 545

Line 533

mac = &kex->mac[MODE_OUT];

comp = &kex->comp[MODE_OUT];

}

block_size = enc ? enc->cipher->block_size : 8;

block_size = enc ? enc->block_size : 8;

cp = buffer_ptr(&outgoing_packet);

type = cp[5] & 0xff;

Line 580

Line 568

if (padlen < 4)

padlen += block_size;

buffer_append_space(&outgoing_packet, &cp, padlen);

if (enc && enc->cipher->number != SSH_CIPHER_NONE) {

if (enc && enc->type != SSH_CIPHER_NONE) {

/* random padding */

for (i = 0; i < padlen; i++) {

if (i % 4 == 0)

rand = arc4random();

cp[i] = rand & 0xff;

rand >>= 8;

rand <<= 8;

}

} else {

/* clear padding */

Line 601

Line 589

/* compute MAC over seqnr and packet(length fields, payload, padding) */

if (mac && mac->enabled) {

macbuf = mac_compute(mac, seqnr,

macbuf = hmac( mac->md, seqnr,

(u_char *) buffer_ptr(&outgoing_packet),

(unsigned char *) buffer_ptr(&outgoing_packet),

buffer_len(&outgoing_packet));

buffer_len(&outgoing_packet),

DBG(debug("done calc MAC out #%d", seqnr));

mac->key, mac->key_len

);

DBG(debug("done calc HMAC out #%d", seqnr));

}

/* encrypt packet and append to output buffer. */

buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));

Line 627

Line 617

fatal("packet_send2: no KEX");

if (mac->md != NULL)

mac->enabled = 1;

DBG(debug("cipher_init send_context"));

DBG(debug("cipher_set_key_iv send_context"));

cipher_init(&send_context, enc->cipher,

cipher_set_key_iv(&send_context, enc->type,

enc->key, enc->cipher->key_len,

enc->key, enc->key_len,

enc->iv, enc->cipher->block_size);

enc->iv, enc->iv_len);

clear_enc_keys(enc, kex->we_need);

if (comp->type != 0 && comp->enabled == 0) {

comp->enabled = 1;

Line 660

Line 650

packet_read(int *payload_len_ptr)

{

int type, len;

fd_set *setp;

fd_set set;

char buf[8192];

DBG(debug("packet_read()"));

setp = (fd_set *)xmalloc(howmany(connection_in+1, NFDBITS) *

sizeof(fd_mask));

/* Since we are blocking, ensure that all written packets have been sent. */

packet_write_wait();

Line 681

Line 668

|| type == SSH_CMSG_EXIT_CONFIRMATION))

packet_integrity_check(*payload_len_ptr, 0, type);

/* If we got a packet, return it. */

if (type != SSH_MSG_NONE) {

if (type != SSH_MSG_NONE)

xfree(setp);

return type;

}

* Otherwise, wait for some data to arrive, add it to the

* buffer, and try again.

memset(setp, 0, howmany(connection_in + 1, NFDBITS) *

FD_ZERO(&set);

sizeof(fd_mask));

FD_SET(connection_in, &set);

FD_SET(connection_in, setp);

/* Wait for some data to arrive. */

while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 &&

select(connection_in + 1, &set, NULL, NULL, NULL);

(errno == EAGAIN || errno == EINTR))

;

/* Read data from the socket. */

len = read(connection_in, buf, sizeof(buf));

Line 746

Line 728

int

packet_read_poll1(int *payload_len_ptr)

{

u_int len, padded_len;

unsigned int len, padded_len;

u_char *ucp;

unsigned char *ucp;

char buf[8], *cp;

u_int checksum, stored_checksum;

unsigned int checksum, stored_checksum;

/* Check if input size is less than minimum packet size. */

if (buffer_len(&input) < 4 + 8)

return SSH_MSG_NONE;

/* Get length of incoming packet. */

ucp = (u_char *) buffer_ptr(&input);

ucp = (unsigned char *) buffer_ptr(&input);

len = GET_32BIT(ucp);

if (len < 1 + 2 + 2 || len > 256 * 1024)

packet_disconnect("Bad packet length %d.", len);

Line 782

Line 764

#endif

/* Compute packet checksum. */

checksum = ssh_crc32((u_char *) buffer_ptr(&incoming_packet),

checksum = crc32((unsigned char *) buffer_ptr(&incoming_packet),

buffer_len(&incoming_packet) - 4);

/* Skip padding. */

Line 794

Line 776

packet_disconnect("packet_read_poll: len %d != buffer_len %d.",

len, buffer_len(&incoming_packet));

ucp = (u_char *) buffer_ptr(&incoming_packet) + len - 4;

ucp = (unsigned char *) buffer_ptr(&incoming_packet) + len - 4;

stored_checksum = GET_32BIT(ucp);

if (checksum != stored_checksum)

packet_disconnect("Corrupted check bytes on input.");

Line 815

Line 797

*payload_len_ptr = buffer_len(&incoming_packet);

/* Return type. */

return (u_char) buf[0];

return (unsigned char) buf[0];

}

int

packet_read_poll2(int *payload_len_ptr)

{

static u_int32_t seqnr = 0;

unsigned int padlen, need;

static u_int packet_length = 0;

unsigned char buf[8], *macbuf;

u_int padlen, need;

unsigned char *ucp;

u_char buf[8], *macbuf;

u_char *ucp;

char *cp;

static unsigned int packet_length = 0;

static unsigned int seqnr = 0;

int type;

int maclen, block_size;

Enc *enc = NULL;

Line 839

Line 821

comp = &kex->comp[MODE_IN];

}

maclen = mac && mac->enabled ? mac->mac_len : 0;

block_size = enc ? enc->cipher->block_size : 8;

block_size = enc ? enc->block_size : 8;

if (packet_length == 0) {

Line 852

Line 834

buffer_append_space(&incoming_packet, &cp, block_size);

packet_decrypt(&receive_context, cp, buffer_ptr(&input),

block_size);

ucp = (u_char *) buffer_ptr(&incoming_packet);

ucp = (unsigned char *) buffer_ptr(&incoming_packet);

packet_length = GET_32BIT(ucp);

if (packet_length < 1 + 4 || packet_length > 256 * 1024) {

buffer_dump(&incoming_packet);

Line 886

Line 868

* increment sequence number for incoming packet

if (mac && mac->enabled) {

macbuf = mac_compute(mac, seqnr,

macbuf = hmac( mac->md, seqnr,

(u_char *) buffer_ptr(&incoming_packet),

(unsigned char *) buffer_ptr(&incoming_packet),

buffer_len(&incoming_packet));

buffer_len(&incoming_packet),

mac->key, mac->key_len

);

if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)

packet_disconnect("Corrupted MAC on input.");

packet_disconnect("Corrupted HMAC on input.");

DBG(debug("MAC #%d ok", seqnr));

DBG(debug("HMAC #%d ok", seqnr));

buffer_consume(&input, mac->mac_len);

}

if (++seqnr == 0)

Line 928

Line 912

packet_length = 0;

/* extract packet type */

type = (u_char)buf[0];

type = (unsigned char)buf[0];

if (type == SSH2_MSG_NEWKEYS) {

if (kex==NULL || mac==NULL || enc==NULL || comp==NULL)

fatal("packet_read_poll2: no KEX");

if (mac->md != NULL)

mac->enabled = 1;

DBG(debug("cipher_init receive_context"));

DBG(debug("cipher_set_key_iv receive_context"));

cipher_init(&receive_context, enc->cipher,

cipher_set_key_iv(&receive_context, enc->type,

enc->key, enc->cipher->key_len,

enc->key, enc->key_len,

enc->iv, enc->cipher->block_size);

enc->iv, enc->iv_len);

clear_enc_keys(enc, kex->we_need);

if (comp->type != 0 && comp->enabled == 0) {

comp->enabled = 1;

Line 948

Line 932

}

#ifdef PACKET_DEBUG

fprintf(stderr, "read/plain[%d]:\r\n", type);

fprintf(stderr, "read/plain[%d]:\r\n",type);

buffer_dump(&incoming_packet);

#endif

return (u_char)type;

return (unsigned char)type;

}

int

Line 981

Line 965

case SSH2_MSG_DISCONNECT:

reason = packet_get_int();

msg = packet_get_string(NULL);

log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),

log("Received disconnect: %d: %.900s", reason, msg);

reason, msg);

xfree(msg);

fatal_cleanup();

break;

default:

return type;

break;

}

} else {

switch(type) {

case SSH_MSG_IGNORE:

Line 1001

Line 984

break;

case SSH_MSG_DISCONNECT:

msg = packet_get_string(NULL);

log("Received disconnect from %s: %.400s", get_remote_ipaddr(),

log("Received disconnect: %.900s", msg);

msg);

fatal_cleanup();

xfree(msg);

break;

Line 1011

Line 993

DBG(debug("received packet type %d", type));

return type;

break;

}

Line 1022

Line 1004

void

packet_process_incoming(const char *buf, u_int len)

packet_process_incoming(const char *buf, unsigned int len)

{

buffer_append(&input, buf, len);

}

/* Returns a character from the packet. */

u_int

unsigned int

packet_get_char()

{

char ch;

buffer_get(&incoming_packet, &ch, 1);

return (u_char) ch;

return (unsigned char) ch;

}

/* Returns an integer from the packet data. */

u_int

unsigned int

packet_get_int()

{

return buffer_get_int(&incoming_packet);

Line 1085

Line 1067

char *

packet_get_string(u_int *length_ptr)

packet_get_string(unsigned int *length_ptr)

{

return buffer_get_string(&incoming_packet, length_ptr);

}

Line 1105

Line 1087

char buf[1024];

va_list args;

if (compat20 && (datafellows & SSH_BUG_DEBUG))

return;

va_start(args, fmt);

vsnprintf(buf, sizeof(buf), fmt, args);

va_end(args);

Line 1200

Line 1179

void

packet_write_wait()

{

fd_set *setp;

setp = (fd_set *)xmalloc(howmany(connection_out + 1, NFDBITS) *

sizeof(fd_mask));

packet_write_poll();

while (packet_have_data_to_write()) {

memset(setp, 0, howmany(connection_out + 1, NFDBITS) *

fd_set set;

sizeof(fd_mask));

FD_ZERO(&set);

FD_SET(connection_out, setp);

FD_SET(connection_out, &set);

while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&

select(connection_out + 1, NULL, &set, NULL, NULL);

(errno == EAGAIN || errno == EINTR))

;

packet_write_poll();

}

xfree(setp);

}

/* Returns true if there is buffered data to write to the connection. */

Line 1239

Line 1211

/* Informs that the current session is interactive. Sets IP flags for that. */

void

packet_set_interactive(int interactive)

packet_set_interactive(int interactive, int keepalives)

{

static int called = 0;

int lowdelay = IPTOS_LOWDELAY;

int throughput = IPTOS_THROUGHPUT;

int on = 1;

if (called)

return;

called = 1;

/* Record that we are in interactive mode. */

interactive_mode = interactive;

/* Only set socket options if using a socket. */

if (!packet_connection_is_on_socket())

return;

if (keepalives) {

/* Set keepalives if requested. */

if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on,

sizeof(on)) < 0)

error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));

}

* IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only

* IPTOS_LOWDELAY, TCP_NODELAY and IPTOS_THROUGHPUT are IPv4 only

if (!packet_connection_is_ipv4())

return;

if (interactive) {

* Set IP options for an interactive connection. Use

* IPTOS_LOWDELAY and TCP_NODELAY.

if (packet_connection_is_ipv4()) {

int lowdelay = IPTOS_LOWDELAY;

if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,

if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &lowdelay,

(void *) &lowdelay, sizeof(lowdelay)) < 0)

sizeof(lowdelay)) < 0)

error("setsockopt IPTOS_LOWDELAY: %.100s",

error("setsockopt IPTOS_LOWDELAY: %.100s", strerror(errno));

strerror(errno));

}

if (setsockopt(connection_in, IPPROTO_TCP, TCP_NODELAY, (void *) &on,

sizeof(on)) < 0)

error("setsockopt TCP_NODELAY: %.100s", strerror(errno));

} else if (packet_connection_is_ipv4()) {

} else {

* Set IP options for a non-interactive connection. Use

* IPTOS_THROUGHPUT.

int throughput = IPTOS_THROUGHPUT;

if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput,

sizeof(throughput)) < 0)

error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));

Line 1308

Line 1280

log("packet_set_maxsize: setting to %d", s);

max_packet_size = s;

return s;

}

* 9.2. Ignored Data Message

* byte SSH_MSG_IGNORE

* string data

* All implementations MUST understand (and ignore) this message at any

* time (after receiving the protocol version). No implementation is

* required to send them. This message can be used as an additional

* protection measure against advanced traffic analysis techniques.

/* size of current + ignore message should be n*sumlen bytes (w/o mac) */

void

packet_inject_ignore(int sumlen)

{

int blocksize, padlen, have, need, nb, mini, nbytes;

Enc *enc = NULL;

if (use_ssh2_packet_format == 0)

return;

have = buffer_len(&outgoing_packet);

debug2("packet_inject_ignore: current %d", have);

if (kex != NULL)

enc = &kex->enc[MODE_OUT];

blocksize = enc ? enc->cipher->block_size : 8;

padlen = blocksize - (have % blocksize);

if (padlen < 4)

padlen += blocksize;

have += padlen;

have /= blocksize; /* # of blocks for current message */

nb = roundup(sumlen, blocksize) / blocksize; /* blocks for both */

mini = roundup(5+1+4+4, blocksize) / blocksize; /* minsize ignore msg */

need = nb - (have % nb); /* blocks for ignore */

if (need <= mini)

need += nb;

nbytes = (need - mini) * blocksize; /* size of ignore payload */

debug2("packet_inject_ignore: block %d have %d nb %d mini %d need %d",

blocksize, have, nb, mini, need);

/* enqueue current message and append a ignore message */

packet_send();

packet_send_ignore(nbytes);

}

void

packet_send_ignore(int nbytes)

{

u_int32_t rand = 0;

int i;

packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);

packet_put_int(nbytes);

for(i = 0; i < nbytes; i++) {

if (i % 4 == 0)

rand = arc4random();

packet_put_char(rand & 0xff);

rand >>= 8;

}