src/usr.bin/ssh/packet.c - diff

Return to packet.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/packet.c between version 1.38.2.4 and 1.38.2.5

version 1.38.2.4, 2001/05/07 21:09:31

version 1.38.2.5, 2001/09/27 00:15:42

Line 13

* SSH2 packet format added by Markus Friedl.

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

Line 75

static int connection_in = -1;

static int connection_out = -1;

* Cipher type. This value is only used to determine whether to pad the

* packets with zeroes or random data.

static int cipher_type = SSH_CIPHER_NONE;

/* Protocol flags for the remote side. */

static u_int remote_protocol_flags = 0;

Line 118

Line 112

/* Set to true if the connection is interactive. */

static int interactive_mode = 0;

/* True if SSH2 packet format is used */

int use_ssh2_packet_format = 0;

/* Session key information for Encryption and MAC */

Newkeys *newkeys[MODE_MAX];

void

packet_set_ssh2_format(void)

{

DBG(debug("use_ssh2_packet_format"));

use_ssh2_packet_format = 1;

newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;

}

* Sets the descriptors used for communication. Disables encryption until

* packet_set_encryption_key is called.

Line 144

Line 127

fatal("packet_set_connection: cannot load cipher 'none'");

connection_in = fd_in;

connection_out = fd_out;

cipher_type = SSH_CIPHER_NONE;

cipher_init(&send_context, none, (u_char *) "", 0, NULL, 0);

cipher_init(&receive_context, none, (u_char *) "", 0, NULL, 0);

newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;

if (!initialized) {

initialized = 1;

buffer_init(&input);

Line 262

Line 245

packet_set_protocol_flags(u_int protocol_flags)

{

remote_protocol_flags = protocol_flags;

channel_set_options((protocol_flags & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) != 0);

}

/* Returns the remote protocol flags set earlier by the above function. */

Line 278

Line 260

* Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.

void

static void

packet_init_compression()

packet_init_compression(void)

{

if (compression_buffer_ready == 1)

return;

Line 290

Line 272

void

packet_start_compression(int level)

{

if (packet_compression && !use_ssh2_packet_format)

if (packet_compression && !compat20)

fatal("Compression already enabled.");

packet_compression = 1;

packet_init_compression();

Line 299

Line 281

}

* Encrypts the given number of bytes, copying from src to dest. bytes is

* known to be a multiple of 8.

void

packet_encrypt(CipherContext * cc, void *dest, void *src,

u_int bytes)

{

cipher_encrypt(cc, dest, src, bytes);

}

* Decrypts the given number of bytes, copying from src to dest. bytes is

* known to be a multiple of 8.

void

packet_decrypt(CipherContext *context, void *dest, void *src, u_int bytes)

{

* Cryptographic attack detector for ssh - Modifications for packet.c

if (!compat20 &&

context->cipher->number != SSH_CIPHER_NONE &&

detect_attack(src, bytes, NULL) == DEATTACK_DETECTED)

packet_disconnect("crc32 compensation attack: network attack detected");

cipher_decrypt(context, dest, src, bytes);

}

* Causes any further packets to be encrypted using the given key. The same

* key is used for both sending and reception. However, both directions are

* encrypted independently of each other.

void

packet_set_encryption_key(const u_char *key, u_int keylen,

int number)

Line 349

Line 298

cipher_init(&send_context, cipher, key, keylen, NULL, 0);

}

/* Starts constructing a packet to send. */

/* Start constructing a packet to send. */

void

packet_start1(int type)

packet_start(u_char type)

{

char buf[9];

u_char buf[9];

int len;

DBG(debug("packet_start[%d]", type));

len = compat20 ? 6 : 9;

memset(buf, 0, len - 1);

buf[len - 1] = type;

buffer_clear(&outgoing_packet);

memset(buf, 0, 8);

buffer_append(&outgoing_packet, buf, len);

buf[8] = type;

buffer_append(&outgoing_packet, buf, 9);

}

/* Append payload. */

void

packet_start2(int type)

{

char buf[4+1+1];

buffer_clear(&outgoing_packet);

memset(buf, 0, sizeof buf);

/* buf[0..3] = payload_len; */

/* buf[4] = pad_len; */

buf[5] = type & 0xff;

buffer_append(&outgoing_packet, buf, sizeof buf);

}

void

packet_start(int type)

{

DBG(debug("packet_start[%d]", type));

if (use_ssh2_packet_format)

packet_start2(type);

else

packet_start1(type);

}

/* Appends a character to the packet data. */

void

packet_put_char(int value)

{

char ch = value;

buffer_append(&outgoing_packet, &ch, 1);

}

/* Appends an integer to the packet data. */

void

packet_put_int(u_int value)

{

buffer_put_int(&outgoing_packet, value);

}

/* Appends a string to packet data. */

void

packet_put_string(const char *buf, u_int len)

{

Line 412

Line 333

void

packet_put_cstring(const char *str)

{

buffer_put_string(&outgoing_packet, str, strlen(str));

buffer_put_cstring(&outgoing_packet, str);

}

void

packet_put_raw(const char *buf, u_int len)

{

buffer_append(&outgoing_packet, buf, len);

}

/* Appends an arbitrary precision integer to packet data. */

void

packet_put_bignum(BIGNUM * value)

{

Line 440

Line 356

* encrypts the packet before sending.

void

static void

packet_send1(void)

{

char buf[8], *cp;

Line 468

Line 384

/* Insert padding. Initialized to zero in packet_start1() */

padding = 8 - len % 8;

if (cipher_type != SSH_CIPHER_NONE) {

if (send_context.cipher->number != SSH_CIPHER_NONE) {

cp = buffer_ptr(&outgoing_packet);

for (i = 0; i < padding; i++) {

if (i % 4 == 0)

Line 494

Line 410

PUT_32BIT(buf, len);

buffer_append(&output, buf, 4);

buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));

packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),

cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),

buffer_len(&outgoing_packet));

#ifdef PACKET_DEBUG

Line 511

Line 427

}

void

static void

set_newkeys(int mode)

{

Enc *enc;

Line 564

Line 480

* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)

void

static void

packet_send2(void)

{

static u_int32_t seqnr = 0;

u_char *macbuf = NULL;

u_char type, *ucp, *macbuf = NULL;

char *cp;

u_int packet_length = 0;

u_int i, padlen, len;

u_int32_t rand = 0;

int type;

Enc *enc = NULL;

Mac *mac = NULL;

Comp *comp = NULL;

Line 586

Line 501

}

block_size = enc ? enc->cipher->block_size : 8;

cp = buffer_ptr(&outgoing_packet);

ucp = (u_char *) buffer_ptr(&outgoing_packet);

type = cp[5] & 0xff;

type = ucp[5];

#ifdef PACKET_DEBUG

fprintf(stderr, "plain: ");

Line 633

Line 548

}

/* packet_length includes payload, padding and padding length field */

packet_length = buffer_len(&outgoing_packet) - 4;

cp = buffer_ptr(&outgoing_packet);

ucp = (u_char *)buffer_ptr(&outgoing_packet);

PUT_32BIT(cp, packet_length);

PUT_32BIT(ucp, packet_length);

cp[4] = padlen & 0xff;

ucp[4] = padlen;

DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));

/* compute MAC over seqnr and packet(length fields, payload, padding) */

Line 647

Line 562

}

/* encrypt packet and append to output buffer. */

buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));

packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),

cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),

buffer_len(&outgoing_packet));

/* append unencrypted MAC */

if (mac && mac->enabled)

Line 668

Line 583

void

packet_send()

{

if (use_ssh2_packet_format)

if (compat20)

packet_send2();

else

packet_send1();

Line 699

Line 614

for (;;) {

/* Try to read a packet from the buffer. */

type = packet_read_poll(payload_len_ptr);

if (!use_ssh2_packet_format && (

if (!compat20 && (

type == SSH_SMSG_SUCCESS

|| type == SSH_SMSG_FAILURE

|| type == SSH_CMSG_EOF

Line 768

Line 683

* Check bytes

int

static int

packet_read_poll1(int *payload_len_ptr)

{

u_int len, padded_len;

u_char *ucp;

u_char *ucp, type;

char buf[8], *cp;

char *cp;

u_int checksum, stored_checksum;

/* Check if input size is less than minimum packet size. */

Line 795

Line 710

/* Consume packet length. */

buffer_consume(&input, 4);

/* Copy data to incoming_packet. */

* Cryptographic attack detector for ssh

* Ariel Futoransky(futo@core-sdi.com)

if (receive_context.cipher->number != SSH_CIPHER_NONE &&

detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)

packet_disconnect("crc32 compensation attack: network attack detected");

/* Decrypt data to incoming_packet. */

buffer_clear(&incoming_packet);

buffer_append_space(&incoming_packet, &cp, padded_len);

packet_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len);

cipher_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len);

buffer_consume(&input, padded_len);

#ifdef PACKET_DEBUG

Line 814

Line 739

buffer_consume(&incoming_packet, 8 - len % 8);

/* Test check bytes. */

if (len != buffer_len(&incoming_packet))

packet_disconnect("packet_read_poll: len %d != buffer_len %d.",

len, buffer_len(&incoming_packet));

Line 825

Line 749

packet_disconnect("Corrupted check bytes on input.");

buffer_consume_end(&incoming_packet, 4);

/* If using packet compression, decompress the packet. */

if (packet_compression) {

buffer_clear(&compression_buffer);

buffer_uncompress(&incoming_packet, &compression_buffer);

Line 833

Line 756

buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),

buffer_len(&compression_buffer));

}

/* Get packet type. */

type = buffer_get_char(&incoming_packet);

buffer_get(&incoming_packet, &buf[0], 1);

/* Return length of payload (without type field). */

*payload_len_ptr = buffer_len(&incoming_packet);

return type;

/* Return type. */

return (u_char) buf[0];

}

int

static int

packet_read_poll2(int *payload_len_ptr)

{

static u_int32_t seqnr = 0;

static u_int packet_length = 0;

u_int padlen, need;

u_char buf[8], *macbuf;

u_char *macbuf, *ucp, type;

u_char *ucp;

char *cp;

int type;

int maclen, block_size;

Enc *enc = NULL;

Mac *mac = NULL;

Line 875

Line 791

return SSH_MSG_NONE;

buffer_clear(&incoming_packet);

buffer_append_space(&incoming_packet, &cp, block_size);

packet_decrypt(&receive_context, cp, buffer_ptr(&input),

cipher_decrypt(&receive_context, cp, buffer_ptr(&input),

block_size);

ucp = (u_char *) buffer_ptr(&incoming_packet);

packet_length = GET_32BIT(ucp);

Line 904

Line 820

buffer_dump(&input);

#endif

buffer_append_space(&incoming_packet, &cp, need);

packet_decrypt(&receive_context, cp, buffer_ptr(&input), need);

cipher_decrypt(&receive_context, cp, buffer_ptr(&input), need);

buffer_consume(&input, need);

* compute MAC over seqnr and packet,

Line 924

Line 840

/* get padlen */

cp = buffer_ptr(&incoming_packet) + 4;

padlen = *cp & 0xff;

padlen = (u_char) *cp;

DBG(debug("input: padlen %d", padlen));

if (padlen < 4)

packet_disconnect("Corrupted padlen %d on input.", padlen);

Line 946

Line 862

* get packet type, implies consume.

* return length of payload (without type field)

buffer_get(&incoming_packet, (char *)&buf[0], 1);

type = buffer_get_char(&incoming_packet);

*payload_len_ptr = buffer_len(&incoming_packet);

/* reset for next packet */

packet_length = 0;

/* extract packet type */

type = (u_char)buf[0];

if (type == SSH2_MSG_NEWKEYS)

set_newkeys(MODE_IN);

*payload_len_ptr = buffer_len(&incoming_packet);

#ifdef PACKET_DEBUG

fprintf(stderr, "read/plain[%d]:\r\n", type);

buffer_dump(&incoming_packet);

#endif

return (u_char)type;

/* reset for next packet */

packet_length = 0;

return type;

}

int

packet_read_poll(int *payload_len_ptr)

{

int reason;

u_char type;

char *msg;

for (;;) {

int type = use_ssh2_packet_format ?

packet_read_poll2(payload_len_ptr):

packet_read_poll1(payload_len_ptr);

if(compat20) {

for (;;) {

int reason;

if (compat20) {

if (type != 0)

type = packet_read_poll2(payload_len_ptr);

if (type)

DBG(debug("received packet type %d", type));

switch(type) {

case SSH2_MSG_IGNORE:

Line 1002

Line 911

break;

}

} else {

type = packet_read_poll1(payload_len_ptr);

switch(type) {

case SSH_MSG_IGNORE:

break;

Line 1018

Line 928

xfree(msg);

break;

default:

if (type != 0)

if (type)

DBG(debug("received packet type %d", type));

return type;

break;

Line 1169

Line 1079

packet_put_cstring("");

} else {

packet_start(SSH_MSG_DISCONNECT);

packet_put_string(buf, strlen(buf));

packet_put_cstring(buf);

}

packet_send();

packet_write_wait();

/* Stop listening for connections. */

channel_stop_listening();

channel_close_all();

/* Close the connection. */

packet_close();

Line 1316

Line 1226

log("packet_set_maxsize: bad size %d", s);

return -1;

}

log("packet_set_maxsize: setting to %d", s);

debug("packet_set_maxsize: setting to %d", s);

max_packet_size = s;

return s;

}

Line 1339

Line 1249

int blocksize, padlen, have, need, nb, mini, nbytes;

Enc *enc = NULL;

if (use_ssh2_packet_format == 0)

if (compat20 == 0)

return;

have = buffer_len(&outgoing_packet);