Annotation of src/usr.bin/ssh/packet.c, Revision 1.133
1.133 ! stevesk 1: /* $OpenBSD: packet.c,v 1.132 2006/07/05 02:42:09 stevesk Exp $ */
1.1 deraadt 2: /*
1.15 deraadt 3: * Author: Tatu Ylonen <ylo@cs.hut.fi>
4: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: * All rights reserved
1.35 deraadt 6: * This file contains code implementing the packet protocol and communication
7: * with the other side. This same code is used both on client and server side.
1.29 markus 8: *
1.35 deraadt 9: * As far as I am concerned, the code I have written for this software
10: * can be used freely for any purpose. Any derived versions of this
11: * software must be clearly marked as such, and if the derived work is
12: * incompatible with the protocol description in the RFC file, it must be
13: * called by a name other than "ssh" or "Secure Shell".
1.29 markus 14: *
1.25 markus 15: *
16: * SSH2 packet format added by Markus Friedl.
1.69 markus 17: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.25 markus 18: *
1.35 deraadt 19: * Redistribution and use in source and binary forms, with or without
20: * modification, are permitted provided that the following conditions
21: * are met:
22: * 1. Redistributions of source code must retain the above copyright
23: * notice, this list of conditions and the following disclaimer.
24: * 2. Redistributions in binary form must reproduce the above copyright
25: * notice, this list of conditions and the following disclaimer in the
26: * documentation and/or other materials provided with the distribution.
27: *
28: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
29: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
30: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
31: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
32: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
33: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
37: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.15 deraadt 38: */
1.1 deraadt 39:
40: #include "includes.h"
1.105 markus 41:
42: #include <sys/queue.h>
1.133 ! stevesk 43: #include <sys/types.h>
1.132 stevesk 44: #include <sys/socket.h>
1.121 stevesk 45:
46: #include <netinet/in_systm.h>
1.132 stevesk 47: #include <netinet/in.h>
1.121 stevesk 48: #include <netinet/ip.h>
1.1 deraadt 49:
50: #include "xmalloc.h"
51: #include "buffer.h"
52: #include "packet.h"
53: #include "bufaux.h"
54: #include "crc32.h"
55:
56: #include "compress.h"
1.9 dugsong 57: #include "deattack.h"
1.64 markus 58: #include "channels.h"
1.1 deraadt 59:
1.25 markus 60: #include "compat.h"
1.45 markus 61: #include "ssh1.h"
1.25 markus 62: #include "ssh2.h"
63:
1.37 markus 64: #include "cipher.h"
1.25 markus 65: #include "kex.h"
1.50 markus 66: #include "mac.h"
1.46 markus 67: #include "log.h"
68: #include "canohost.h"
1.87 stevesk 69: #include "misc.h"
1.95 markus 70: #include "ssh.h"
1.25 markus 71:
72: #ifdef PACKET_DEBUG
73: #define DBG(x) x
74: #else
75: #define DBG(x)
76: #endif
77:
1.16 markus 78: /*
79: * This variable contains the file descriptors used for communicating with
80: * the other side. connection_in is used for reading; connection_out for
81: * writing. These can be the same descriptor, in which case it is assumed to
82: * be a socket.
83: */
1.1 deraadt 84: static int connection_in = -1;
85: static int connection_out = -1;
86:
87: /* Protocol flags for the remote side. */
1.40 markus 88: static u_int remote_protocol_flags = 0;
1.1 deraadt 89:
90: /* Encryption context for receiving data. This is only used for decryption. */
91: static CipherContext receive_context;
1.14 markus 92:
93: /* Encryption context for sending data. This is only used for encryption. */
1.1 deraadt 94: static CipherContext send_context;
95:
96: /* Buffer for raw input data from the socket. */
1.91 markus 97: Buffer input;
1.1 deraadt 98:
99: /* Buffer for raw output data going to the socket. */
1.91 markus 100: Buffer output;
1.1 deraadt 101:
102: /* Buffer for the partial outgoing packet being constructed. */
103: static Buffer outgoing_packet;
104:
105: /* Buffer for the incoming packet currently being processed. */
106: static Buffer incoming_packet;
107:
108: /* Scratch buffer for packet compression/decompression. */
109: static Buffer compression_buffer;
1.60 markus 110: static int compression_buffer_ready = 0;
1.1 deraadt 111:
112: /* Flag indicating whether packet compression/decompression is enabled. */
113: static int packet_compression = 0;
114:
1.12 markus 115: /* default maximum packet size */
1.108 markus 116: u_int max_packet_size = 32768;
1.12 markus 117:
1.1 deraadt 118: /* Flag indicating whether this module has been initialized. */
119: static int initialized = 0;
120:
121: /* Set to true if the connection is interactive. */
122: static int interactive_mode = 0;
123:
1.118 markus 124: /* Set to true if we are the server side. */
125: static int server_side = 0;
126:
127: /* Set to true if we are authenticated. */
128: static int after_authentication = 0;
129:
1.25 markus 130: /* Session key information for Encryption and MAC */
1.57 markus 131: Newkeys *newkeys[MODE_MAX];
1.105 markus 132: static struct packet_state {
133: u_int32_t seqnr;
134: u_int32_t packets;
135: u_int64_t blocks;
136: } p_read, p_send;
137:
138: static u_int64_t max_blocks_in, max_blocks_out;
139: static u_int32_t rekey_limit;
1.25 markus 140:
1.95 markus 141: /* Session key for protocol v1 */
142: static u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
143: static u_int ssh1_keylen;
144:
1.71 markus 145: /* roundup current message to extra_pad bytes */
146: static u_char extra_pad = 0;
147:
1.105 markus 148: struct packet {
149: TAILQ_ENTRY(packet) next;
150: u_char type;
151: Buffer payload;
152: };
153: TAILQ_HEAD(, packet) outgoing;
154:
1.16 markus 155: /*
156: * Sets the descriptors used for communication. Disables encryption until
157: * packet_set_encryption_key is called.
158: */
1.2 provos 159: void
160: packet_set_connection(int fd_in, int fd_out)
1.1 deraadt 161: {
1.37 markus 162: Cipher *none = cipher_by_name("none");
1.97 deraadt 163:
1.37 markus 164: if (none == NULL)
165: fatal("packet_set_connection: cannot load cipher 'none'");
1.14 markus 166: connection_in = fd_in;
167: connection_out = fd_out;
1.113 deraadt 168: cipher_init(&send_context, none, (const u_char *)"",
169: 0, NULL, 0, CIPHER_ENCRYPT);
170: cipher_init(&receive_context, none, (const u_char *)"",
171: 0, NULL, 0, CIPHER_DECRYPT);
1.62 markus 172: newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
1.14 markus 173: if (!initialized) {
174: initialized = 1;
175: buffer_init(&input);
176: buffer_init(&output);
177: buffer_init(&outgoing_packet);
178: buffer_init(&incoming_packet);
1.105 markus 179: TAILQ_INIT(&outgoing);
1.14 markus 180: }
1.1 deraadt 181: }
182:
1.19 markus 183: /* Returns 1 if remote host is connected via socket, 0 if not. */
184:
185: int
1.73 itojun 186: packet_connection_is_on_socket(void)
1.19 markus 187: {
188: struct sockaddr_storage from, to;
189: socklen_t fromlen, tolen;
190:
191: /* filedescriptors in and out are the same, so it's a socket */
192: if (connection_in == connection_out)
193: return 1;
194: fromlen = sizeof(from);
195: memset(&from, 0, sizeof(from));
1.20 markus 196: if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0)
1.19 markus 197: return 0;
198: tolen = sizeof(to);
199: memset(&to, 0, sizeof(to));
1.20 markus 200: if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0)
1.19 markus 201: return 0;
202: if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
203: return 0;
204: if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
205: return 0;
206: return 1;
207: }
208:
1.92 markus 209: /*
1.91 markus 210: * Exports an IV from the CipherContext required to export the key
211: * state back from the unprivileged child to the privileged parent
212: * process.
213: */
214:
215: void
216: packet_get_keyiv(int mode, u_char *iv, u_int len)
217: {
218: CipherContext *cc;
219:
220: if (mode == MODE_OUT)
221: cc = &send_context;
222: else
223: cc = &receive_context;
224:
225: cipher_get_keyiv(cc, iv, len);
226: }
227:
228: int
229: packet_get_keycontext(int mode, u_char *dat)
230: {
231: CipherContext *cc;
1.92 markus 232:
1.91 markus 233: if (mode == MODE_OUT)
234: cc = &send_context;
235: else
236: cc = &receive_context;
237:
238: return (cipher_get_keycontext(cc, dat));
239: }
240:
241: void
242: packet_set_keycontext(int mode, u_char *dat)
243: {
244: CipherContext *cc;
1.92 markus 245:
1.91 markus 246: if (mode == MODE_OUT)
247: cc = &send_context;
248: else
249: cc = &receive_context;
250:
251: cipher_set_keycontext(cc, dat);
252: }
253:
254: int
255: packet_get_keyiv_len(int mode)
256: {
257: CipherContext *cc;
258:
259: if (mode == MODE_OUT)
260: cc = &send_context;
261: else
262: cc = &receive_context;
263:
264: return (cipher_get_keyiv_len(cc));
265: }
1.125 deraadt 266:
1.91 markus 267: void
268: packet_set_iv(int mode, u_char *dat)
269: {
270: CipherContext *cc;
271:
272: if (mode == MODE_OUT)
273: cc = &send_context;
274: else
275: cc = &receive_context;
276:
277: cipher_set_keyiv(cc, dat);
278: }
1.125 deraadt 279:
1.91 markus 280: int
1.107 deraadt 281: packet_get_ssh1_cipher(void)
1.91 markus 282: {
283: return (cipher_get_number(receive_context.cipher));
284: }
285:
1.105 markus 286: void
287: packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets)
288: {
289: struct packet_state *state;
1.104 markus 290:
1.105 markus 291: state = (mode == MODE_IN) ? &p_read : &p_send;
292: *seqnr = state->seqnr;
293: *blocks = state->blocks;
294: *packets = state->packets;
1.91 markus 295: }
296:
297: void
1.105 markus 298: packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets)
1.91 markus 299: {
1.105 markus 300: struct packet_state *state;
301:
302: state = (mode == MODE_IN) ? &p_read : &p_send;
303: state->seqnr = seqnr;
304: state->blocks = blocks;
305: state->packets = packets;
1.91 markus 306: }
307:
1.19 markus 308: /* returns 1 if connection is via ipv4 */
309:
310: int
1.73 itojun 311: packet_connection_is_ipv4(void)
1.19 markus 312: {
313: struct sockaddr_storage to;
1.21 deraadt 314: socklen_t tolen = sizeof(to);
1.19 markus 315:
316: memset(&to, 0, sizeof(to));
317: if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0)
318: return 0;
319: if (to.ss_family != AF_INET)
320: return 0;
321: return 1;
322: }
323:
1.1 deraadt 324: /* Sets the connection into non-blocking mode. */
325:
1.2 provos 326: void
1.73 itojun 327: packet_set_nonblocking(void)
1.1 deraadt 328: {
1.14 markus 329: /* Set the socket into non-blocking mode. */
1.114 djm 330: set_nonblock(connection_in);
1.14 markus 331:
1.114 djm 332: if (connection_out != connection_in)
333: set_nonblock(connection_out);
1.1 deraadt 334: }
335:
336: /* Returns the socket used for reading. */
337:
1.2 provos 338: int
1.73 itojun 339: packet_get_connection_in(void)
1.1 deraadt 340: {
1.14 markus 341: return connection_in;
1.1 deraadt 342: }
343:
344: /* Returns the descriptor used for writing. */
345:
1.2 provos 346: int
1.73 itojun 347: packet_get_connection_out(void)
1.1 deraadt 348: {
1.14 markus 349: return connection_out;
1.1 deraadt 350: }
351:
352: /* Closes the connection and clears and frees internal data structures. */
353:
1.2 provos 354: void
1.73 itojun 355: packet_close(void)
1.1 deraadt 356: {
1.14 markus 357: if (!initialized)
358: return;
359: initialized = 0;
360: if (connection_in == connection_out) {
361: shutdown(connection_out, SHUT_RDWR);
362: close(connection_out);
363: } else {
364: close(connection_in);
365: close(connection_out);
366: }
367: buffer_free(&input);
368: buffer_free(&output);
369: buffer_free(&outgoing_packet);
370: buffer_free(&incoming_packet);
1.60 markus 371: if (compression_buffer_ready) {
1.14 markus 372: buffer_free(&compression_buffer);
373: buffer_compress_uninit();
374: }
1.88 markus 375: cipher_cleanup(&send_context);
376: cipher_cleanup(&receive_context);
1.1 deraadt 377: }
378:
379: /* Sets remote side protocol flags. */
380:
1.2 provos 381: void
1.40 markus 382: packet_set_protocol_flags(u_int protocol_flags)
1.1 deraadt 383: {
1.14 markus 384: remote_protocol_flags = protocol_flags;
1.1 deraadt 385: }
386:
387: /* Returns the remote protocol flags set earlier by the above function. */
388:
1.40 markus 389: u_int
1.73 itojun 390: packet_get_protocol_flags(void)
1.1 deraadt 391: {
1.14 markus 392: return remote_protocol_flags;
1.1 deraadt 393: }
394:
1.16 markus 395: /*
396: * Starts packet compression from the next packet on in both directions.
397: * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
398: */
1.1 deraadt 399:
1.68 itojun 400: static void
401: packet_init_compression(void)
1.60 markus 402: {
403: if (compression_buffer_ready == 1)
404: return;
405: compression_buffer_ready = 1;
406: buffer_init(&compression_buffer);
407: }
408:
1.2 provos 409: void
410: packet_start_compression(int level)
1.1 deraadt 411: {
1.62 markus 412: if (packet_compression && !compat20)
1.14 markus 413: fatal("Compression already enabled.");
414: packet_compression = 1;
1.60 markus 415: packet_init_compression();
416: buffer_compress_init_send(level);
417: buffer_compress_init_recv();
1.1 deraadt 418: }
419:
1.16 markus 420: /*
421: * Causes any further packets to be encrypted using the given key. The same
422: * key is used for both sending and reception. However, both directions are
423: * encrypted independently of each other.
424: */
1.95 markus 425:
1.2 provos 426: void
1.40 markus 427: packet_set_encryption_key(const u_char *key, u_int keylen,
1.37 markus 428: int number)
1.1 deraadt 429: {
1.37 markus 430: Cipher *cipher = cipher_by_number(number);
1.97 deraadt 431:
1.37 markus 432: if (cipher == NULL)
433: fatal("packet_set_encryption_key: unknown cipher number %d", number);
1.25 markus 434: if (keylen < 20)
1.37 markus 435: fatal("packet_set_encryption_key: keylen too small: %d", keylen);
1.95 markus 436: if (keylen > SSH_SESSION_KEY_LENGTH)
437: fatal("packet_set_encryption_key: keylen too big: %d", keylen);
438: memcpy(ssh1_key, key, keylen);
439: ssh1_keylen = keylen;
1.88 markus 440: cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT);
441: cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT);
1.95 markus 442: }
443:
444: u_int
445: packet_get_encryption_key(u_char *key)
446: {
447: if (key == NULL)
448: return (ssh1_keylen);
449: memcpy(key, ssh1_key, ssh1_keylen);
450: return (ssh1_keylen);
1.1 deraadt 451: }
452:
1.62 markus 453: /* Start constructing a packet to send. */
1.2 provos 454: void
1.62 markus 455: packet_start(u_char type)
1.1 deraadt 456: {
1.62 markus 457: u_char buf[9];
458: int len;
1.1 deraadt 459:
1.62 markus 460: DBG(debug("packet_start[%d]", type));
461: len = compat20 ? 6 : 9;
462: memset(buf, 0, len - 1);
463: buf[len - 1] = type;
1.14 markus 464: buffer_clear(&outgoing_packet);
1.62 markus 465: buffer_append(&outgoing_packet, buf, len);
1.25 markus 466: }
467:
1.62 markus 468: /* Append payload. */
1.2 provos 469: void
470: packet_put_char(int value)
1.1 deraadt 471: {
1.14 markus 472: char ch = value;
1.97 deraadt 473:
1.14 markus 474: buffer_append(&outgoing_packet, &ch, 1);
1.1 deraadt 475: }
1.125 deraadt 476:
1.2 provos 477: void
1.40 markus 478: packet_put_int(u_int value)
1.1 deraadt 479: {
1.14 markus 480: buffer_put_int(&outgoing_packet, value);
1.1 deraadt 481: }
1.125 deraadt 482:
1.2 provos 483: void
1.76 stevesk 484: packet_put_string(const void *buf, u_int len)
1.1 deraadt 485: {
1.14 markus 486: buffer_put_string(&outgoing_packet, buf, len);
1.1 deraadt 487: }
1.125 deraadt 488:
1.24 markus 489: void
490: packet_put_cstring(const char *str)
491: {
1.65 markus 492: buffer_put_cstring(&outgoing_packet, str);
1.24 markus 493: }
1.125 deraadt 494:
1.24 markus 495: void
1.76 stevesk 496: packet_put_raw(const void *buf, u_int len)
1.24 markus 497: {
498: buffer_append(&outgoing_packet, buf, len);
499: }
1.125 deraadt 500:
1.2 provos 501: void
1.14 markus 502: packet_put_bignum(BIGNUM * value)
1.1 deraadt 503: {
1.14 markus 504: buffer_put_bignum(&outgoing_packet, value);
1.1 deraadt 505: }
1.125 deraadt 506:
1.24 markus 507: void
508: packet_put_bignum2(BIGNUM * value)
509: {
510: buffer_put_bignum2(&outgoing_packet, value);
511: }
1.1 deraadt 512:
1.16 markus 513: /*
514: * Finalizes and sends the packet. If the encryption key has been set,
515: * encrypts the packet before sending.
516: */
1.14 markus 517:
1.68 itojun 518: static void
1.49 itojun 519: packet_send1(void)
1.1 deraadt 520: {
1.89 markus 521: u_char buf[8], *cp;
1.14 markus 522: int i, padding, len;
1.40 markus 523: u_int checksum;
1.115 avsm 524: u_int32_t rnd = 0;
1.14 markus 525:
1.16 markus 526: /*
527: * If using packet compression, compress the payload of the outgoing
528: * packet.
529: */
1.14 markus 530: if (packet_compression) {
531: buffer_clear(&compression_buffer);
532: /* Skip padding. */
533: buffer_consume(&outgoing_packet, 8);
534: /* padding */
535: buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8);
536: buffer_compress(&outgoing_packet, &compression_buffer);
537: buffer_clear(&outgoing_packet);
538: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
1.75 deraadt 539: buffer_len(&compression_buffer));
1.14 markus 540: }
541: /* Compute packet length without padding (add checksum, remove padding). */
542: len = buffer_len(&outgoing_packet) + 4 - 8;
543:
1.32 markus 544: /* Insert padding. Initialized to zero in packet_start1() */
1.14 markus 545: padding = 8 - len % 8;
1.88 markus 546: if (!send_context.plaintext) {
1.14 markus 547: cp = buffer_ptr(&outgoing_packet);
548: for (i = 0; i < padding; i++) {
549: if (i % 4 == 0)
1.115 avsm 550: rnd = arc4random();
551: cp[7 - i] = rnd & 0xff;
552: rnd >>= 8;
1.14 markus 553: }
554: }
555: buffer_consume(&outgoing_packet, 8 - padding);
556:
557: /* Add check bytes. */
1.83 stevesk 558: checksum = ssh_crc32(buffer_ptr(&outgoing_packet),
1.34 deraadt 559: buffer_len(&outgoing_packet));
1.131 djm 560: put_u32(buf, checksum);
1.14 markus 561: buffer_append(&outgoing_packet, buf, 4);
1.1 deraadt 562:
563: #ifdef PACKET_DEBUG
1.14 markus 564: fprintf(stderr, "packet_send plain: ");
565: buffer_dump(&outgoing_packet);
1.1 deraadt 566: #endif
567:
1.14 markus 568: /* Append to output. */
1.131 djm 569: put_u32(buf, len);
1.14 markus 570: buffer_append(&output, buf, 4);
1.76 stevesk 571: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 markus 572: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.75 deraadt 573: buffer_len(&outgoing_packet));
1.14 markus 574:
1.1 deraadt 575: #ifdef PACKET_DEBUG
1.14 markus 576: fprintf(stderr, "encrypted: ");
577: buffer_dump(&output);
1.1 deraadt 578: #endif
579:
1.14 markus 580: buffer_clear(&outgoing_packet);
1.1 deraadt 581:
1.16 markus 582: /*
1.120 djm 583: * Note that the packet is now only buffered in output. It won't be
1.16 markus 584: * actually sent until packet_write_wait or packet_write_poll is
585: * called.
586: */
1.1 deraadt 587: }
588:
1.91 markus 589: void
1.57 markus 590: set_newkeys(int mode)
591: {
592: Enc *enc;
593: Mac *mac;
594: Comp *comp;
595: CipherContext *cc;
1.105 markus 596: u_int64_t *max_blocks;
1.115 avsm 597: int crypt_type;
1.57 markus 598:
1.100 markus 599: debug2("set_newkeys: mode %d", mode);
1.57 markus 600:
1.88 markus 601: if (mode == MODE_OUT) {
602: cc = &send_context;
1.115 avsm 603: crypt_type = CIPHER_ENCRYPT;
1.105 markus 604: p_send.packets = p_send.blocks = 0;
605: max_blocks = &max_blocks_out;
1.88 markus 606: } else {
607: cc = &receive_context;
1.115 avsm 608: crypt_type = CIPHER_DECRYPT;
1.105 markus 609: p_read.packets = p_read.blocks = 0;
610: max_blocks = &max_blocks_in;
1.88 markus 611: }
1.57 markus 612: if (newkeys[mode] != NULL) {
1.100 markus 613: debug("set_newkeys: rekeying");
1.88 markus 614: cipher_cleanup(cc);
1.59 markus 615: enc = &newkeys[mode]->enc;
616: mac = &newkeys[mode]->mac;
617: comp = &newkeys[mode]->comp;
1.61 markus 618: memset(mac->key, 0, mac->key_len);
1.59 markus 619: xfree(enc->name);
620: xfree(enc->iv);
621: xfree(enc->key);
622: xfree(mac->name);
623: xfree(mac->key);
624: xfree(comp->name);
1.58 markus 625: xfree(newkeys[mode]);
1.57 markus 626: }
627: newkeys[mode] = kex_get_newkeys(mode);
628: if (newkeys[mode] == NULL)
629: fatal("newkeys: no keys for mode %d", mode);
630: enc = &newkeys[mode]->enc;
631: mac = &newkeys[mode]->mac;
632: comp = &newkeys[mode]->comp;
633: if (mac->md != NULL)
634: mac->enabled = 1;
635: DBG(debug("cipher_init_context: %d", mode));
1.88 markus 636: cipher_init(cc, enc->cipher, enc->key, enc->key_len,
1.115 avsm 637: enc->iv, enc->block_size, crypt_type);
1.91 markus 638: /* Deleting the keys does not gain extra security */
639: /* memset(enc->iv, 0, enc->block_size);
640: memset(enc->key, 0, enc->key_len); */
1.118 markus 641: if ((comp->type == COMP_ZLIB ||
642: (comp->type == COMP_DELAYED && after_authentication)) &&
643: comp->enabled == 0) {
1.60 markus 644: packet_init_compression();
645: if (mode == MODE_OUT)
646: buffer_compress_init_send(6);
647: else
648: buffer_compress_init_recv();
1.57 markus 649: comp->enabled = 1;
650: }
1.109 markus 651: /*
652: * The 2^(blocksize*2) limit is too expensive for 3DES,
653: * blowfish, etc, so enforce a 1GB limit for small blocksizes.
654: */
655: if (enc->block_size >= 16)
656: *max_blocks = (u_int64_t)1 << (enc->block_size*2);
657: else
658: *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
1.105 markus 659: if (rekey_limit)
660: *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
1.57 markus 661: }
662:
1.16 markus 663: /*
1.118 markus 664: * Delayed compression for SSH2 is enabled after authentication:
665: * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
666: * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
667: */
668: static void
669: packet_enable_delayed_compress(void)
670: {
671: Comp *comp = NULL;
672: int mode;
673:
674: /*
675: * Remember that we are past the authentication step, so rekeying
676: * with COMP_DELAYED will turn on compression immediately.
677: */
678: after_authentication = 1;
679: for (mode = 0; mode < MODE_MAX; mode++) {
680: comp = &newkeys[mode]->comp;
681: if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
1.119 markus 682: packet_init_compression();
1.118 markus 683: if (mode == MODE_OUT)
684: buffer_compress_init_send(6);
685: else
686: buffer_compress_init_recv();
687: comp->enabled = 1;
688: }
689: }
690: }
691:
692: /*
1.25 markus 693: * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
694: */
1.68 itojun 695: static void
1.105 markus 696: packet_send2_wrapped(void)
1.25 markus 697: {
1.89 markus 698: u_char type, *cp, *macbuf = NULL;
1.71 markus 699: u_char padlen, pad;
1.40 markus 700: u_int packet_length = 0;
1.71 markus 701: u_int i, len;
1.115 avsm 702: u_int32_t rnd = 0;
1.25 markus 703: Enc *enc = NULL;
704: Mac *mac = NULL;
705: Comp *comp = NULL;
706: int block_size;
707:
1.57 markus 708: if (newkeys[MODE_OUT] != NULL) {
709: enc = &newkeys[MODE_OUT]->enc;
710: mac = &newkeys[MODE_OUT]->mac;
711: comp = &newkeys[MODE_OUT]->comp;
1.25 markus 712: }
1.88 markus 713: block_size = enc ? enc->block_size : 8;
1.25 markus 714:
1.89 markus 715: cp = buffer_ptr(&outgoing_packet);
716: type = cp[5];
1.25 markus 717:
718: #ifdef PACKET_DEBUG
719: fprintf(stderr, "plain: ");
720: buffer_dump(&outgoing_packet);
721: #endif
722:
723: if (comp && comp->enabled) {
724: len = buffer_len(&outgoing_packet);
725: /* skip header, compress only payload */
726: buffer_consume(&outgoing_packet, 5);
727: buffer_clear(&compression_buffer);
728: buffer_compress(&outgoing_packet, &compression_buffer);
729: buffer_clear(&outgoing_packet);
730: buffer_append(&outgoing_packet, "\0\0\0\0\0", 5);
731: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
732: buffer_len(&compression_buffer));
733: DBG(debug("compression: raw %d compressed %d", len,
734: buffer_len(&outgoing_packet)));
735: }
736:
737: /* sizeof (packet_len + pad_len + payload) */
738: len = buffer_len(&outgoing_packet);
739:
740: /*
741: * calc size of padding, alloc space, get random data,
742: * minimum padding is 4 bytes
743: */
744: padlen = block_size - (len % block_size);
745: if (padlen < 4)
746: padlen += block_size;
1.71 markus 747: if (extra_pad) {
748: /* will wrap if extra_pad+padlen > 255 */
749: extra_pad = roundup(extra_pad, block_size);
750: pad = extra_pad - ((len + padlen) % extra_pad);
1.93 markus 751: debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)",
1.71 markus 752: pad, len, padlen, extra_pad);
753: padlen += pad;
754: extra_pad = 0;
755: }
1.76 stevesk 756: cp = buffer_append_space(&outgoing_packet, padlen);
1.88 markus 757: if (enc && !send_context.plaintext) {
1.32 markus 758: /* random padding */
1.25 markus 759: for (i = 0; i < padlen; i++) {
760: if (i % 4 == 0)
1.115 avsm 761: rnd = arc4random();
762: cp[i] = rnd & 0xff;
763: rnd >>= 8;
1.25 markus 764: }
1.32 markus 765: } else {
766: /* clear padding */
767: memset(cp, 0, padlen);
1.25 markus 768: }
769: /* packet_length includes payload, padding and padding length field */
770: packet_length = buffer_len(&outgoing_packet) - 4;
1.89 markus 771: cp = buffer_ptr(&outgoing_packet);
1.131 djm 772: put_u32(cp, packet_length);
1.89 markus 773: cp[4] = padlen;
1.25 markus 774: DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
775:
776: /* compute MAC over seqnr and packet(length fields, payload, padding) */
777: if (mac && mac->enabled) {
1.105 markus 778: macbuf = mac_compute(mac, p_send.seqnr,
1.83 stevesk 779: buffer_ptr(&outgoing_packet),
1.50 markus 780: buffer_len(&outgoing_packet));
1.105 markus 781: DBG(debug("done calc MAC out #%d", p_send.seqnr));
1.25 markus 782: }
783: /* encrypt packet and append to output buffer. */
1.76 stevesk 784: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 markus 785: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.25 markus 786: buffer_len(&outgoing_packet));
787: /* append unencrypted MAC */
788: if (mac && mac->enabled)
1.130 deraadt 789: buffer_append(&output, macbuf, mac->mac_len);
1.25 markus 790: #ifdef PACKET_DEBUG
791: fprintf(stderr, "encrypted: ");
792: buffer_dump(&output);
793: #endif
1.29 markus 794: /* increment sequence number for outgoing packets */
1.105 markus 795: if (++p_send.seqnr == 0)
1.106 itojun 796: logit("outgoing seqnr wraps around");
1.105 markus 797: if (++p_send.packets == 0)
798: if (!(datafellows & SSH_BUG_NOREKEY))
799: fatal("XXX too many packets with same key");
800: p_send.blocks += (packet_length + 4) / block_size;
1.25 markus 801: buffer_clear(&outgoing_packet);
802:
1.57 markus 803: if (type == SSH2_MSG_NEWKEYS)
804: set_newkeys(MODE_OUT);
1.118 markus 805: else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
806: packet_enable_delayed_compress();
1.25 markus 807: }
808:
1.105 markus 809: static void
810: packet_send2(void)
811: {
812: static int rekeying = 0;
813: struct packet *p;
814: u_char type, *cp;
815:
816: cp = buffer_ptr(&outgoing_packet);
817: type = cp[5];
818:
819: /* during rekeying we can only send key exchange messages */
820: if (rekeying) {
821: if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
822: (type <= SSH2_MSG_TRANSPORT_MAX))) {
823: debug("enqueue packet: %u", type);
824: p = xmalloc(sizeof(*p));
825: p->type = type;
826: memcpy(&p->payload, &outgoing_packet, sizeof(Buffer));
827: buffer_init(&outgoing_packet);
828: TAILQ_INSERT_TAIL(&outgoing, p, next);
829: return;
830: }
831: }
832:
833: /* rekeying starts with sending KEXINIT */
834: if (type == SSH2_MSG_KEXINIT)
835: rekeying = 1;
836:
837: packet_send2_wrapped();
838:
839: /* after a NEWKEYS message we can send the complete queue */
840: if (type == SSH2_MSG_NEWKEYS) {
841: rekeying = 0;
842: while ((p = TAILQ_FIRST(&outgoing))) {
843: type = p->type;
844: debug("dequeue packet: %u", type);
845: buffer_free(&outgoing_packet);
846: memcpy(&outgoing_packet, &p->payload,
847: sizeof(Buffer));
848: TAILQ_REMOVE(&outgoing, p, next);
849: xfree(p);
850: packet_send2_wrapped();
851: }
852: }
853: }
854:
1.25 markus 855: void
1.73 itojun 856: packet_send(void)
1.25 markus 857: {
1.62 markus 858: if (compat20)
1.25 markus 859: packet_send2();
860: else
861: packet_send1();
862: DBG(debug("packet_send done"));
863: }
864:
865: /*
1.16 markus 866: * Waits until a packet has been received, and returns its type. Note that
867: * no other data is processed until this returns, so this function should not
868: * be used during the interactive session.
869: */
1.1 deraadt 870:
1.2 provos 871: int
1.82 markus 872: packet_read_seqnr(u_int32_t *seqnr_p)
1.1 deraadt 873: {
1.14 markus 874: int type, len;
1.56 millert 875: fd_set *setp;
1.14 markus 876: char buf[8192];
1.25 markus 877: DBG(debug("packet_read()"));
1.14 markus 878:
1.127 djm 879: setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
1.56 millert 880: sizeof(fd_mask));
881:
1.14 markus 882: /* Since we are blocking, ensure that all written packets have been sent. */
883: packet_write_wait();
884:
885: /* Stay in the loop until we have received a complete packet. */
886: for (;;) {
887: /* Try to read a packet from the buffer. */
1.82 markus 888: type = packet_read_poll_seqnr(seqnr_p);
1.62 markus 889: if (!compat20 && (
1.32 markus 890: type == SSH_SMSG_SUCCESS
1.14 markus 891: || type == SSH_SMSG_FAILURE
892: || type == SSH_CMSG_EOF
1.32 markus 893: || type == SSH_CMSG_EXIT_CONFIRMATION))
1.79 markus 894: packet_check_eom();
1.14 markus 895: /* If we got a packet, return it. */
1.56 millert 896: if (type != SSH_MSG_NONE) {
897: xfree(setp);
1.14 markus 898: return type;
1.56 millert 899: }
1.16 markus 900: /*
901: * Otherwise, wait for some data to arrive, add it to the
902: * buffer, and try again.
903: */
1.56 millert 904: memset(setp, 0, howmany(connection_in + 1, NFDBITS) *
905: sizeof(fd_mask));
906: FD_SET(connection_in, setp);
1.16 markus 907:
1.14 markus 908: /* Wait for some data to arrive. */
1.56 millert 909: while (select(connection_in + 1, setp, NULL, NULL, NULL) == -1 &&
1.51 deraadt 910: (errno == EAGAIN || errno == EINTR))
911: ;
1.16 markus 912:
1.14 markus 913: /* Read data from the socket. */
914: len = read(connection_in, buf, sizeof(buf));
1.18 markus 915: if (len == 0) {
1.106 itojun 916: logit("Connection closed by %.200s", get_remote_ipaddr());
1.112 markus 917: cleanup_exit(255);
1.18 markus 918: }
1.14 markus 919: if (len < 0)
920: fatal("Read from socket failed: %.100s", strerror(errno));
921: /* Append it to the buffer. */
922: packet_process_incoming(buf, len);
923: }
924: /* NOTREACHED */
1.1 deraadt 925: }
926:
1.77 djm 927: int
1.82 markus 928: packet_read(void)
1.77 djm 929: {
1.82 markus 930: return packet_read_seqnr(NULL);
1.77 djm 931: }
932:
1.16 markus 933: /*
934: * Waits until a packet has been received, verifies that its type matches
935: * that given, and gives a fatal error and exits if there is a mismatch.
936: */
1.1 deraadt 937:
1.2 provos 938: void
1.82 markus 939: packet_read_expect(int expected_type)
1.1 deraadt 940: {
1.14 markus 941: int type;
1.1 deraadt 942:
1.82 markus 943: type = packet_read();
1.14 markus 944: if (type != expected_type)
945: packet_disconnect("Protocol error: expected packet type %d, got %d",
1.25 markus 946: expected_type, type);
1.1 deraadt 947: }
948:
949: /* Checks if a full packet is available in the data received so far via
1.14 markus 950: * packet_process_incoming. If so, reads the packet; otherwise returns
951: * SSH_MSG_NONE. This does not wait for data from the connection.
952: *
953: * SSH_MSG_DISCONNECT is handled specially here. Also,
954: * SSH_MSG_IGNORE messages are skipped by this function and are never returned
955: * to higher levels.
956: */
1.1 deraadt 957:
1.68 itojun 958: static int
1.82 markus 959: packet_read_poll1(void)
1.1 deraadt 960: {
1.40 markus 961: u_int len, padded_len;
1.89 markus 962: u_char *cp, type;
1.40 markus 963: u_int checksum, stored_checksum;
1.14 markus 964:
965: /* Check if input size is less than minimum packet size. */
966: if (buffer_len(&input) < 4 + 8)
967: return SSH_MSG_NONE;
968: /* Get length of incoming packet. */
1.89 markus 969: cp = buffer_ptr(&input);
1.131 djm 970: len = get_u32(cp);
1.14 markus 971: if (len < 1 + 2 + 2 || len > 256 * 1024)
1.98 markus 972: packet_disconnect("Bad packet length %u.", len);
1.14 markus 973: padded_len = (len + 8) & ~7;
974:
975: /* Check if the packet has been entirely received. */
976: if (buffer_len(&input) < 4 + padded_len)
977: return SSH_MSG_NONE;
978:
979: /* The entire packet is in buffer. */
980:
981: /* Consume packet length. */
982: buffer_consume(&input, 4);
983:
1.62 markus 984: /*
985: * Cryptographic attack detector for ssh
986: * (C)1998 CORE-SDI, Buenos Aires Argentina
987: * Ariel Futoransky(futo@core-sdi.com)
988: */
1.88 markus 989: if (!receive_context.plaintext &&
1.126 djm 990: detect_attack(buffer_ptr(&input), padded_len) == DEATTACK_DETECTED)
1.62 markus 991: packet_disconnect("crc32 compensation attack: network attack detected");
992:
993: /* Decrypt data to incoming_packet. */
1.14 markus 994: buffer_clear(&incoming_packet);
1.76 stevesk 995: cp = buffer_append_space(&incoming_packet, padded_len);
1.88 markus 996: cipher_crypt(&receive_context, cp, buffer_ptr(&input), padded_len);
1.62 markus 997:
1.14 markus 998: buffer_consume(&input, padded_len);
1.1 deraadt 999:
1000: #ifdef PACKET_DEBUG
1.14 markus 1001: fprintf(stderr, "read_poll plain: ");
1002: buffer_dump(&incoming_packet);
1.1 deraadt 1003: #endif
1004:
1.14 markus 1005: /* Compute packet checksum. */
1.83 stevesk 1006: checksum = ssh_crc32(buffer_ptr(&incoming_packet),
1.25 markus 1007: buffer_len(&incoming_packet) - 4);
1.14 markus 1008:
1009: /* Skip padding. */
1010: buffer_consume(&incoming_packet, 8 - len % 8);
1011:
1012: /* Test check bytes. */
1013: if (len != buffer_len(&incoming_packet))
1.77 djm 1014: packet_disconnect("packet_read_poll1: len %d != buffer_len %d.",
1.25 markus 1015: len, buffer_len(&incoming_packet));
1.14 markus 1016:
1.89 markus 1017: cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;
1.131 djm 1018: stored_checksum = get_u32(cp);
1.14 markus 1019: if (checksum != stored_checksum)
1020: packet_disconnect("Corrupted check bytes on input.");
1021: buffer_consume_end(&incoming_packet, 4);
1022:
1023: if (packet_compression) {
1024: buffer_clear(&compression_buffer);
1025: buffer_uncompress(&incoming_packet, &compression_buffer);
1026: buffer_clear(&incoming_packet);
1027: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
1.25 markus 1028: buffer_len(&compression_buffer));
1.14 markus 1029: }
1.62 markus 1030: type = buffer_get_char(&incoming_packet);
1.116 markus 1031: if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
1032: packet_disconnect("Invalid ssh1 packet type: %d", type);
1.62 markus 1033: return type;
1.1 deraadt 1034: }
1.14 markus 1035:
1.68 itojun 1036: static int
1.82 markus 1037: packet_read_poll2(u_int32_t *seqnr_p)
1.25 markus 1038: {
1.50 markus 1039: static u_int packet_length = 0;
1.40 markus 1040: u_int padlen, need;
1.89 markus 1041: u_char *macbuf, *cp, type;
1.117 djm 1042: u_int maclen, block_size;
1.25 markus 1043: Enc *enc = NULL;
1044: Mac *mac = NULL;
1045: Comp *comp = NULL;
1046:
1.57 markus 1047: if (newkeys[MODE_IN] != NULL) {
1048: enc = &newkeys[MODE_IN]->enc;
1049: mac = &newkeys[MODE_IN]->mac;
1050: comp = &newkeys[MODE_IN]->comp;
1.25 markus 1051: }
1052: maclen = mac && mac->enabled ? mac->mac_len : 0;
1.88 markus 1053: block_size = enc ? enc->block_size : 8;
1.25 markus 1054:
1055: if (packet_length == 0) {
1056: /*
1057: * check if input size is less than the cipher block size,
1058: * decrypt first block and extract length of incoming packet
1059: */
1060: if (buffer_len(&input) < block_size)
1061: return SSH_MSG_NONE;
1062: buffer_clear(&incoming_packet);
1.76 stevesk 1063: cp = buffer_append_space(&incoming_packet, block_size);
1.88 markus 1064: cipher_crypt(&receive_context, cp, buffer_ptr(&input),
1.25 markus 1065: block_size);
1.89 markus 1066: cp = buffer_ptr(&incoming_packet);
1.131 djm 1067: packet_length = get_u32(cp);
1.25 markus 1068: if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
1.110 markus 1069: #ifdef PACKET_DEBUG
1.25 markus 1070: buffer_dump(&incoming_packet);
1.110 markus 1071: #endif
1.98 markus 1072: packet_disconnect("Bad packet length %u.", packet_length);
1.25 markus 1073: }
1.98 markus 1074: DBG(debug("input: packet len %u", packet_length+4));
1.25 markus 1075: buffer_consume(&input, block_size);
1076: }
1077: /* we have a partial packet of block_size bytes */
1078: need = 4 + packet_length - block_size;
1079: DBG(debug("partial packet %d, need %d, maclen %d", block_size,
1080: need, maclen));
1081: if (need % block_size != 0)
1082: fatal("padding error: need %d block %d mod %d",
1083: need, block_size, need % block_size);
1084: /*
1085: * check if the entire packet has been received and
1086: * decrypt into incoming_packet
1087: */
1088: if (buffer_len(&input) < need + maclen)
1089: return SSH_MSG_NONE;
1090: #ifdef PACKET_DEBUG
1091: fprintf(stderr, "read_poll enc/full: ");
1092: buffer_dump(&input);
1093: #endif
1.76 stevesk 1094: cp = buffer_append_space(&incoming_packet, need);
1.88 markus 1095: cipher_crypt(&receive_context, cp, buffer_ptr(&input), need);
1.25 markus 1096: buffer_consume(&input, need);
1097: /*
1098: * compute MAC over seqnr and packet,
1099: * increment sequence number for incoming packet
1100: */
1.29 markus 1101: if (mac && mac->enabled) {
1.105 markus 1102: macbuf = mac_compute(mac, p_read.seqnr,
1.83 stevesk 1103: buffer_ptr(&incoming_packet),
1.50 markus 1104: buffer_len(&incoming_packet));
1.25 markus 1105: if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
1.36 markus 1106: packet_disconnect("Corrupted MAC on input.");
1.105 markus 1107: DBG(debug("MAC #%d ok", p_read.seqnr));
1.25 markus 1108: buffer_consume(&input, mac->mac_len);
1109: }
1.77 djm 1110: if (seqnr_p != NULL)
1.105 markus 1111: *seqnr_p = p_read.seqnr;
1112: if (++p_read.seqnr == 0)
1.106 itojun 1113: logit("incoming seqnr wraps around");
1.105 markus 1114: if (++p_read.packets == 0)
1115: if (!(datafellows & SSH_BUG_NOREKEY))
1116: fatal("XXX too many packets with same key");
1117: p_read.blocks += (packet_length + 4) / block_size;
1.25 markus 1118:
1119: /* get padlen */
1.76 stevesk 1120: cp = buffer_ptr(&incoming_packet);
1.89 markus 1121: padlen = cp[4];
1.25 markus 1122: DBG(debug("input: padlen %d", padlen));
1123: if (padlen < 4)
1124: packet_disconnect("Corrupted padlen %d on input.", padlen);
1125:
1126: /* skip packet size + padlen, discard padding */
1127: buffer_consume(&incoming_packet, 4 + 1);
1128: buffer_consume_end(&incoming_packet, padlen);
1129:
1130: DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet)));
1131: if (comp && comp->enabled) {
1132: buffer_clear(&compression_buffer);
1133: buffer_uncompress(&incoming_packet, &compression_buffer);
1134: buffer_clear(&incoming_packet);
1135: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
1136: buffer_len(&compression_buffer));
1.97 deraadt 1137: DBG(debug("input: len after de-compress %d",
1138: buffer_len(&incoming_packet)));
1.25 markus 1139: }
1140: /*
1141: * get packet type, implies consume.
1142: * return length of payload (without type field)
1143: */
1.62 markus 1144: type = buffer_get_char(&incoming_packet);
1.116 markus 1145: if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN)
1146: packet_disconnect("Invalid ssh2 packet type: %d", type);
1.57 markus 1147: if (type == SSH2_MSG_NEWKEYS)
1148: set_newkeys(MODE_IN);
1.118 markus 1149: else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
1150: packet_enable_delayed_compress();
1.25 markus 1151: #ifdef PACKET_DEBUG
1.55 deraadt 1152: fprintf(stderr, "read/plain[%d]:\r\n", type);
1.25 markus 1153: buffer_dump(&incoming_packet);
1154: #endif
1.62 markus 1155: /* reset for next packet */
1156: packet_length = 0;
1157: return type;
1.25 markus 1158: }
1159:
1160: int
1.82 markus 1161: packet_read_poll_seqnr(u_int32_t *seqnr_p)
1.25 markus 1162: {
1.96 deraadt 1163: u_int reason, seqnr;
1.62 markus 1164: u_char type;
1.25 markus 1165: char *msg;
1.62 markus 1166:
1.25 markus 1167: for (;;) {
1.62 markus 1168: if (compat20) {
1.82 markus 1169: type = packet_read_poll2(seqnr_p);
1.62 markus 1170: if (type)
1.25 markus 1171: DBG(debug("received packet type %d", type));
1.74 deraadt 1172: switch (type) {
1.25 markus 1173: case SSH2_MSG_IGNORE:
1174: break;
1175: case SSH2_MSG_DEBUG:
1176: packet_get_char();
1177: msg = packet_get_string(NULL);
1178: debug("Remote: %.900s", msg);
1179: xfree(msg);
1180: msg = packet_get_string(NULL);
1181: xfree(msg);
1182: break;
1183: case SSH2_MSG_DISCONNECT:
1184: reason = packet_get_int();
1185: msg = packet_get_string(NULL);
1.106 itojun 1186: logit("Received disconnect from %s: %u: %.400s",
1.96 deraadt 1187: get_remote_ipaddr(), reason, msg);
1.25 markus 1188: xfree(msg);
1.112 markus 1189: cleanup_exit(255);
1.84 markus 1190: break;
1191: case SSH2_MSG_UNIMPLEMENTED:
1192: seqnr = packet_get_int();
1.96 deraadt 1193: debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
1194: seqnr);
1.25 markus 1195: break;
1196: default:
1197: return type;
1.48 stevesk 1198: }
1.25 markus 1199: } else {
1.82 markus 1200: type = packet_read_poll1();
1.74 deraadt 1201: switch (type) {
1.25 markus 1202: case SSH_MSG_IGNORE:
1203: break;
1204: case SSH_MSG_DEBUG:
1205: msg = packet_get_string(NULL);
1206: debug("Remote: %.900s", msg);
1207: xfree(msg);
1208: break;
1209: case SSH_MSG_DISCONNECT:
1210: msg = packet_get_string(NULL);
1.106 itojun 1211: logit("Received disconnect from %s: %.400s",
1.96 deraadt 1212: get_remote_ipaddr(), msg);
1.112 markus 1213: cleanup_exit(255);
1.25 markus 1214: xfree(msg);
1215: break;
1216: default:
1.62 markus 1217: if (type)
1.25 markus 1218: DBG(debug("received packet type %d", type));
1219: return type;
1.48 stevesk 1220: }
1.25 markus 1221: }
1222: }
1.77 djm 1223: }
1224:
1225: int
1.82 markus 1226: packet_read_poll(void)
1.77 djm 1227: {
1.82 markus 1228: return packet_read_poll_seqnr(NULL);
1.25 markus 1229: }
1230:
1.16 markus 1231: /*
1232: * Buffers the given amount of input characters. This is intended to be used
1233: * together with packet_read_poll.
1234: */
1.1 deraadt 1235:
1.2 provos 1236: void
1.40 markus 1237: packet_process_incoming(const char *buf, u_int len)
1.1 deraadt 1238: {
1.14 markus 1239: buffer_append(&input, buf, len);
1.1 deraadt 1240: }
1241:
1242: /* Returns a character from the packet. */
1243:
1.40 markus 1244: u_int
1.73 itojun 1245: packet_get_char(void)
1.1 deraadt 1246: {
1.14 markus 1247: char ch;
1.97 deraadt 1248:
1.14 markus 1249: buffer_get(&incoming_packet, &ch, 1);
1.40 markus 1250: return (u_char) ch;
1.1 deraadt 1251: }
1252:
1253: /* Returns an integer from the packet data. */
1254:
1.40 markus 1255: u_int
1.73 itojun 1256: packet_get_int(void)
1.1 deraadt 1257: {
1.14 markus 1258: return buffer_get_int(&incoming_packet);
1.1 deraadt 1259: }
1260:
1.16 markus 1261: /*
1262: * Returns an arbitrary precision integer from the packet data. The integer
1263: * must have been initialized before this call.
1264: */
1.1 deraadt 1265:
1.2 provos 1266: void
1.80 markus 1267: packet_get_bignum(BIGNUM * value)
1.1 deraadt 1268: {
1.81 markus 1269: buffer_get_bignum(&incoming_packet, value);
1.24 markus 1270: }
1271:
1272: void
1.80 markus 1273: packet_get_bignum2(BIGNUM * value)
1.24 markus 1274: {
1.81 markus 1275: buffer_get_bignum2(&incoming_packet, value);
1.24 markus 1276: }
1277:
1.76 stevesk 1278: void *
1.117 djm 1279: packet_get_raw(u_int *length_ptr)
1.24 markus 1280: {
1.117 djm 1281: u_int bytes = buffer_len(&incoming_packet);
1.97 deraadt 1282:
1.24 markus 1283: if (length_ptr != NULL)
1284: *length_ptr = bytes;
1285: return buffer_ptr(&incoming_packet);
1.28 markus 1286: }
1287:
1288: int
1289: packet_remaining(void)
1290: {
1291: return buffer_len(&incoming_packet);
1.1 deraadt 1292: }
1293:
1.16 markus 1294: /*
1295: * Returns a string from the packet data. The string is allocated using
1296: * xmalloc; it is the responsibility of the calling program to free it when
1297: * no longer needed. The length_ptr argument may be NULL, or point to an
1298: * integer into which the length of the string is stored.
1299: */
1.1 deraadt 1300:
1.76 stevesk 1301: void *
1.40 markus 1302: packet_get_string(u_int *length_ptr)
1.1 deraadt 1303: {
1.14 markus 1304: return buffer_get_string(&incoming_packet, length_ptr);
1.1 deraadt 1305: }
1306:
1.16 markus 1307: /*
1308: * Sends a diagnostic message from the server to the client. This message
1309: * can be sent at any time (but not while constructing another message). The
1310: * message is printed immediately, but only if the client is being executed
1311: * in verbose mode. These messages are primarily intended to ease debugging
1312: * authentication problems. The length of the formatted message must not
1313: * exceed 1024 bytes. This will automatically call packet_write_wait.
1314: */
1.1 deraadt 1315:
1.2 provos 1316: void
1.14 markus 1317: packet_send_debug(const char *fmt,...)
1.1 deraadt 1318: {
1.14 markus 1319: char buf[1024];
1320: va_list args;
1.39 markus 1321:
1322: if (compat20 && (datafellows & SSH_BUG_DEBUG))
1323: return;
1.14 markus 1324:
1325: va_start(args, fmt);
1326: vsnprintf(buf, sizeof(buf), fmt, args);
1327: va_end(args);
1328:
1.30 markus 1329: if (compat20) {
1330: packet_start(SSH2_MSG_DEBUG);
1331: packet_put_char(0); /* bool: always display */
1332: packet_put_cstring(buf);
1333: packet_put_cstring("");
1334: } else {
1335: packet_start(SSH_MSG_DEBUG);
1336: packet_put_cstring(buf);
1337: }
1.14 markus 1338: packet_send();
1339: packet_write_wait();
1.1 deraadt 1340: }
1341:
1.16 markus 1342: /*
1343: * Logs the error plus constructs and sends a disconnect packet, closes the
1344: * connection, and exits. This function never returns. The error message
1345: * should not contain a newline. The length of the formatted message must
1346: * not exceed 1024 bytes.
1347: */
1.1 deraadt 1348:
1.2 provos 1349: void
1.14 markus 1350: packet_disconnect(const char *fmt,...)
1.1 deraadt 1351: {
1.14 markus 1352: char buf[1024];
1353: va_list args;
1354: static int disconnecting = 0;
1.97 deraadt 1355:
1.14 markus 1356: if (disconnecting) /* Guard against recursive invocations. */
1357: fatal("packet_disconnect called recursively.");
1358: disconnecting = 1;
1359:
1.16 markus 1360: /*
1361: * Format the message. Note that the caller must make sure the
1362: * message is of limited size.
1363: */
1.14 markus 1364: va_start(args, fmt);
1365: vsnprintf(buf, sizeof(buf), fmt, args);
1366: va_end(args);
1367:
1.99 markus 1368: /* Display the error locally */
1.106 itojun 1369: logit("Disconnecting: %.100s", buf);
1.99 markus 1370:
1.14 markus 1371: /* Send the disconnect message to the other side, and wait for it to get sent. */
1.25 markus 1372: if (compat20) {
1373: packet_start(SSH2_MSG_DISCONNECT);
1374: packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR);
1375: packet_put_cstring(buf);
1376: packet_put_cstring("");
1377: } else {
1378: packet_start(SSH_MSG_DISCONNECT);
1.65 markus 1379: packet_put_cstring(buf);
1.25 markus 1380: }
1.14 markus 1381: packet_send();
1382: packet_write_wait();
1383:
1384: /* Stop listening for connections. */
1.67 markus 1385: channel_close_all();
1.14 markus 1386:
1387: /* Close the connection. */
1388: packet_close();
1.112 markus 1389: cleanup_exit(255);
1.1 deraadt 1390: }
1391:
1.16 markus 1392: /* Checks if there is any buffered output, and tries to write some of the output. */
1.1 deraadt 1393:
1.2 provos 1394: void
1.73 itojun 1395: packet_write_poll(void)
1.1 deraadt 1396: {
1.14 markus 1397: int len = buffer_len(&output);
1.97 deraadt 1398:
1.14 markus 1399: if (len > 0) {
1400: len = write(connection_out, buffer_ptr(&output), len);
1401: if (len <= 0) {
1402: if (errno == EAGAIN)
1403: return;
1404: else
1405: fatal("Write failed: %.100s", strerror(errno));
1406: }
1407: buffer_consume(&output, len);
1408: }
1.1 deraadt 1409: }
1410:
1.16 markus 1411: /*
1412: * Calls packet_write_poll repeatedly until all pending output data has been
1413: * written.
1414: */
1.1 deraadt 1415:
1.2 provos 1416: void
1.73 itojun 1417: packet_write_wait(void)
1.1 deraadt 1418: {
1.56 millert 1419: fd_set *setp;
1420:
1.127 djm 1421: setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
1.56 millert 1422: sizeof(fd_mask));
1.14 markus 1423: packet_write_poll();
1424: while (packet_have_data_to_write()) {
1.56 millert 1425: memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
1426: sizeof(fd_mask));
1427: FD_SET(connection_out, setp);
1428: while (select(connection_out + 1, NULL, setp, NULL, NULL) == -1 &&
1.51 deraadt 1429: (errno == EAGAIN || errno == EINTR))
1430: ;
1.14 markus 1431: packet_write_poll();
1432: }
1.56 millert 1433: xfree(setp);
1.1 deraadt 1434: }
1435:
1436: /* Returns true if there is buffered data to write to the connection. */
1437:
1.2 provos 1438: int
1.73 itojun 1439: packet_have_data_to_write(void)
1.1 deraadt 1440: {
1.14 markus 1441: return buffer_len(&output) != 0;
1.1 deraadt 1442: }
1443:
1444: /* Returns true if there is not too much data to write to the connection. */
1445:
1.2 provos 1446: int
1.73 itojun 1447: packet_not_very_much_data_to_write(void)
1.1 deraadt 1448: {
1.14 markus 1449: if (interactive_mode)
1450: return buffer_len(&output) < 16384;
1451: else
1452: return buffer_len(&output) < 128 * 1024;
1.1 deraadt 1453: }
1454:
1.102 markus 1455: static void
1.101 markus 1456: packet_set_tos(int interactive)
1457: {
1458: int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
1459:
1460: if (!packet_connection_is_on_socket() ||
1461: !packet_connection_is_ipv4())
1462: return;
1463: if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos,
1464: sizeof(tos)) < 0)
1465: error("setsockopt IP_TOS %d: %.100s:",
1466: tos, strerror(errno));
1467: }
1468:
1.1 deraadt 1469: /* Informs that the current session is interactive. Sets IP flags for that. */
1470:
1.2 provos 1471: void
1.43 markus 1472: packet_set_interactive(int interactive)
1.1 deraadt 1473: {
1.43 markus 1474: static int called = 0;
1.44 markus 1475:
1.43 markus 1476: if (called)
1477: return;
1478: called = 1;
1.1 deraadt 1479:
1.14 markus 1480: /* Record that we are in interactive mode. */
1481: interactive_mode = interactive;
1.1 deraadt 1482:
1.19 markus 1483: /* Only set socket options if using a socket. */
1484: if (!packet_connection_is_on_socket())
1.14 markus 1485: return;
1.122 dtucker 1486: set_nodelay(connection_in);
1.101 markus 1487: packet_set_tos(interactive);
1.1 deraadt 1488: }
1489:
1490: /* Returns true if the current connection is interactive. */
1491:
1.2 provos 1492: int
1.73 itojun 1493: packet_is_interactive(void)
1.1 deraadt 1494: {
1.14 markus 1495: return interactive_mode;
1.12 markus 1496: }
1497:
1.113 deraadt 1498: int
1.108 markus 1499: packet_set_maxsize(u_int s)
1.12 markus 1500: {
1.14 markus 1501: static int called = 0;
1.97 deraadt 1502:
1.14 markus 1503: if (called) {
1.106 itojun 1504: logit("packet_set_maxsize: called twice: old %d new %d",
1.25 markus 1505: max_packet_size, s);
1.14 markus 1506: return -1;
1507: }
1508: if (s < 4 * 1024 || s > 1024 * 1024) {
1.106 itojun 1509: logit("packet_set_maxsize: bad size %d", s);
1.14 markus 1510: return -1;
1511: }
1.70 markus 1512: called = 1;
1.66 markus 1513: debug("packet_set_maxsize: setting to %d", s);
1.14 markus 1514: max_packet_size = s;
1515: return s;
1.53 markus 1516: }
1517:
1.71 markus 1518: /* roundup current message to pad bytes */
1519: void
1520: packet_add_padding(u_char pad)
1521: {
1522: extra_pad = pad;
1523: }
1524:
1.53 markus 1525: /*
1526: * 9.2. Ignored Data Message
1.61 markus 1527: *
1.53 markus 1528: * byte SSH_MSG_IGNORE
1529: * string data
1.61 markus 1530: *
1.53 markus 1531: * All implementations MUST understand (and ignore) this message at any
1532: * time (after receiving the protocol version). No implementation is
1533: * required to send them. This message can be used as an additional
1534: * protection measure against advanced traffic analysis techniques.
1535: */
1.54 markus 1536: void
1537: packet_send_ignore(int nbytes)
1538: {
1.115 avsm 1539: u_int32_t rnd = 0;
1.54 markus 1540: int i;
1541:
1542: packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
1.53 markus 1543: packet_put_int(nbytes);
1.75 deraadt 1544: for (i = 0; i < nbytes; i++) {
1.53 markus 1545: if (i % 4 == 0)
1.115 avsm 1546: rnd = arc4random();
1.129 deraadt 1547: packet_put_char((u_char)rnd & 0xff);
1.115 avsm 1548: rnd >>= 8;
1.53 markus 1549: }
1.105 markus 1550: }
1551:
1.113 deraadt 1552: #define MAX_PACKETS (1U<<31)
1.105 markus 1553: int
1554: packet_need_rekeying(void)
1555: {
1556: if (datafellows & SSH_BUG_NOREKEY)
1557: return 0;
1558: return
1559: (p_send.packets > MAX_PACKETS) ||
1560: (p_read.packets > MAX_PACKETS) ||
1561: (max_blocks_out && (p_send.blocks > max_blocks_out)) ||
1562: (max_blocks_in && (p_read.blocks > max_blocks_in));
1563: }
1564:
1565: void
1566: packet_set_rekey_limit(u_int32_t bytes)
1567: {
1568: rekey_limit = bytes;
1.118 markus 1569: }
1570:
1571: void
1572: packet_set_server(void)
1573: {
1574: server_side = 1;
1575: }
1576:
1577: void
1578: packet_set_authenticated(void)
1579: {
1580: after_authentication = 1;
1.1 deraadt 1581: }