Annotation of src/usr.bin/ssh/packet.c, Revision 1.158
1.158 ! markus 1: /* $OpenBSD: packet.c,v 1.157 2008/07/10 18:08:11 markus Exp $ */
1.1 deraadt 2: /*
1.15 deraadt 3: * Author: Tatu Ylonen <ylo@cs.hut.fi>
4: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5: * All rights reserved
1.35 deraadt 6: * This file contains code implementing the packet protocol and communication
7: * with the other side. This same code is used both on client and server side.
1.29 markus 8: *
1.35 deraadt 9: * As far as I am concerned, the code I have written for this software
10: * can be used freely for any purpose. Any derived versions of this
11: * software must be clearly marked as such, and if the derived work is
12: * incompatible with the protocol description in the RFC file, it must be
13: * called by a name other than "ssh" or "Secure Shell".
1.29 markus 14: *
1.25 markus 15: *
16: * SSH2 packet format added by Markus Friedl.
1.69 markus 17: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.25 markus 18: *
1.35 deraadt 19: * Redistribution and use in source and binary forms, with or without
20: * modification, are permitted provided that the following conditions
21: * are met:
22: * 1. Redistributions of source code must retain the above copyright
23: * notice, this list of conditions and the following disclaimer.
24: * 2. Redistributions in binary form must reproduce the above copyright
25: * notice, this list of conditions and the following disclaimer in the
26: * documentation and/or other materials provided with the distribution.
27: *
28: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
29: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
30: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
31: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
32: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
33: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
37: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.15 deraadt 38: */
1.1 deraadt 39:
1.142 deraadt 40: #include <sys/types.h>
1.105 markus 41: #include <sys/queue.h>
1.132 stevesk 42: #include <sys/socket.h>
1.138 stevesk 43: #include <sys/time.h>
1.139 stevesk 44: #include <sys/param.h>
1.121 stevesk 45:
46: #include <netinet/in_systm.h>
1.132 stevesk 47: #include <netinet/in.h>
1.121 stevesk 48: #include <netinet/ip.h>
1.134 stevesk 49:
1.135 stevesk 50: #include <errno.h>
1.134 stevesk 51: #include <stdarg.h>
1.141 stevesk 52: #include <stdio.h>
1.140 stevesk 53: #include <stdlib.h>
1.137 stevesk 54: #include <string.h>
1.136 stevesk 55: #include <unistd.h>
1.142 deraadt 56: #include <signal.h>
1.1 deraadt 57:
58: #include "xmalloc.h"
59: #include "buffer.h"
60: #include "packet.h"
61: #include "crc32.h"
62: #include "compress.h"
1.9 dugsong 63: #include "deattack.h"
1.64 markus 64: #include "channels.h"
1.25 markus 65: #include "compat.h"
1.45 markus 66: #include "ssh1.h"
1.25 markus 67: #include "ssh2.h"
1.37 markus 68: #include "cipher.h"
1.142 deraadt 69: #include "key.h"
1.25 markus 70: #include "kex.h"
1.50 markus 71: #include "mac.h"
1.46 markus 72: #include "log.h"
73: #include "canohost.h"
1.87 stevesk 74: #include "misc.h"
1.95 markus 75: #include "ssh.h"
1.25 markus 76:
77: #ifdef PACKET_DEBUG
78: #define DBG(x) x
79: #else
80: #define DBG(x)
81: #endif
82:
1.16 markus 83: /*
84: * This variable contains the file descriptors used for communicating with
85: * the other side. connection_in is used for reading; connection_out for
86: * writing. These can be the same descriptor, in which case it is assumed to
87: * be a socket.
88: */
1.1 deraadt 89: static int connection_in = -1;
90: static int connection_out = -1;
91:
92: /* Protocol flags for the remote side. */
1.40 markus 93: static u_int remote_protocol_flags = 0;
1.1 deraadt 94:
95: /* Encryption context for receiving data. This is only used for decryption. */
96: static CipherContext receive_context;
1.14 markus 97:
98: /* Encryption context for sending data. This is only used for encryption. */
1.1 deraadt 99: static CipherContext send_context;
100:
101: /* Buffer for raw input data from the socket. */
1.91 markus 102: Buffer input;
1.1 deraadt 103:
104: /* Buffer for raw output data going to the socket. */
1.91 markus 105: Buffer output;
1.1 deraadt 106:
107: /* Buffer for the partial outgoing packet being constructed. */
108: static Buffer outgoing_packet;
109:
110: /* Buffer for the incoming packet currently being processed. */
111: static Buffer incoming_packet;
112:
113: /* Scratch buffer for packet compression/decompression. */
114: static Buffer compression_buffer;
1.60 markus 115: static int compression_buffer_ready = 0;
1.1 deraadt 116:
117: /* Flag indicating whether packet compression/decompression is enabled. */
118: static int packet_compression = 0;
119:
1.12 markus 120: /* default maximum packet size */
1.108 markus 121: u_int max_packet_size = 32768;
1.12 markus 122:
1.1 deraadt 123: /* Flag indicating whether this module has been initialized. */
124: static int initialized = 0;
125:
126: /* Set to true if the connection is interactive. */
127: static int interactive_mode = 0;
128:
1.118 markus 129: /* Set to true if we are the server side. */
130: static int server_side = 0;
131:
132: /* Set to true if we are authenticated. */
133: static int after_authentication = 0;
134:
1.151 dtucker 135: int keep_alive_timeouts = 0;
136:
1.154 dtucker 137: /* Set to the maximum time that we will wait to send or receive a packet */
138: static int packet_timeout_ms = -1;
139:
1.25 markus 140: /* Session key information for Encryption and MAC */
1.57 markus 141: Newkeys *newkeys[MODE_MAX];
1.105 markus 142: static struct packet_state {
143: u_int32_t seqnr;
144: u_int32_t packets;
145: u_int64_t blocks;
1.157 markus 146: u_int64_t bytes;
1.105 markus 147: } p_read, p_send;
148:
149: static u_int64_t max_blocks_in, max_blocks_out;
150: static u_int32_t rekey_limit;
1.25 markus 151:
1.95 markus 152: /* Session key for protocol v1 */
153: static u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
154: static u_int ssh1_keylen;
155:
1.71 markus 156: /* roundup current message to extra_pad bytes */
157: static u_char extra_pad = 0;
158:
1.105 markus 159: struct packet {
160: TAILQ_ENTRY(packet) next;
161: u_char type;
162: Buffer payload;
163: };
164: TAILQ_HEAD(, packet) outgoing;
165:
1.16 markus 166: /*
167: * Sets the descriptors used for communication. Disables encryption until
168: * packet_set_encryption_key is called.
169: */
1.2 provos 170: void
171: packet_set_connection(int fd_in, int fd_out)
1.1 deraadt 172: {
1.37 markus 173: Cipher *none = cipher_by_name("none");
1.97 deraadt 174:
1.37 markus 175: if (none == NULL)
176: fatal("packet_set_connection: cannot load cipher 'none'");
1.14 markus 177: connection_in = fd_in;
178: connection_out = fd_out;
1.113 deraadt 179: cipher_init(&send_context, none, (const u_char *)"",
180: 0, NULL, 0, CIPHER_ENCRYPT);
181: cipher_init(&receive_context, none, (const u_char *)"",
182: 0, NULL, 0, CIPHER_DECRYPT);
1.62 markus 183: newkeys[MODE_IN] = newkeys[MODE_OUT] = NULL;
1.14 markus 184: if (!initialized) {
185: initialized = 1;
186: buffer_init(&input);
187: buffer_init(&output);
188: buffer_init(&outgoing_packet);
189: buffer_init(&incoming_packet);
1.105 markus 190: TAILQ_INIT(&outgoing);
1.157 markus 191: p_send.packets = p_read.packets = 0;
1.14 markus 192: }
1.1 deraadt 193: }
194:
1.154 dtucker 195: void
196: packet_set_timeout(int timeout, int count)
197: {
198: if (timeout == 0 || count == 0) {
199: packet_timeout_ms = -1;
200: return;
201: }
202: if ((INT_MAX / 1000) / count < timeout)
203: packet_timeout_ms = INT_MAX;
204: else
205: packet_timeout_ms = timeout * count * 1000;
206: }
207:
1.19 markus 208: /* Returns 1 if remote host is connected via socket, 0 if not. */
209:
210: int
1.73 itojun 211: packet_connection_is_on_socket(void)
1.19 markus 212: {
213: struct sockaddr_storage from, to;
214: socklen_t fromlen, tolen;
215:
216: /* filedescriptors in and out are the same, so it's a socket */
217: if (connection_in == connection_out)
218: return 1;
219: fromlen = sizeof(from);
220: memset(&from, 0, sizeof(from));
1.20 markus 221: if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0)
1.19 markus 222: return 0;
223: tolen = sizeof(to);
224: memset(&to, 0, sizeof(to));
1.20 markus 225: if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0)
1.19 markus 226: return 0;
227: if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
228: return 0;
229: if (from.ss_family != AF_INET && from.ss_family != AF_INET6)
230: return 0;
231: return 1;
232: }
233:
1.92 markus 234: /*
1.91 markus 235: * Exports an IV from the CipherContext required to export the key
236: * state back from the unprivileged child to the privileged parent
237: * process.
238: */
239:
240: void
241: packet_get_keyiv(int mode, u_char *iv, u_int len)
242: {
243: CipherContext *cc;
244:
245: if (mode == MODE_OUT)
246: cc = &send_context;
247: else
248: cc = &receive_context;
249:
250: cipher_get_keyiv(cc, iv, len);
251: }
252:
253: int
254: packet_get_keycontext(int mode, u_char *dat)
255: {
256: CipherContext *cc;
1.92 markus 257:
1.91 markus 258: if (mode == MODE_OUT)
259: cc = &send_context;
260: else
261: cc = &receive_context;
262:
263: return (cipher_get_keycontext(cc, dat));
264: }
265:
266: void
267: packet_set_keycontext(int mode, u_char *dat)
268: {
269: CipherContext *cc;
1.92 markus 270:
1.91 markus 271: if (mode == MODE_OUT)
272: cc = &send_context;
273: else
274: cc = &receive_context;
275:
276: cipher_set_keycontext(cc, dat);
277: }
278:
279: int
280: packet_get_keyiv_len(int mode)
281: {
282: CipherContext *cc;
283:
284: if (mode == MODE_OUT)
285: cc = &send_context;
286: else
287: cc = &receive_context;
288:
289: return (cipher_get_keyiv_len(cc));
290: }
1.125 deraadt 291:
1.91 markus 292: void
293: packet_set_iv(int mode, u_char *dat)
294: {
295: CipherContext *cc;
296:
297: if (mode == MODE_OUT)
298: cc = &send_context;
299: else
300: cc = &receive_context;
301:
302: cipher_set_keyiv(cc, dat);
303: }
1.125 deraadt 304:
1.91 markus 305: int
1.107 deraadt 306: packet_get_ssh1_cipher(void)
1.91 markus 307: {
308: return (cipher_get_number(receive_context.cipher));
309: }
310:
1.105 markus 311: void
1.157 markus 312: packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets,
313: u_int64_t *bytes)
1.105 markus 314: {
315: struct packet_state *state;
1.104 markus 316:
1.105 markus 317: state = (mode == MODE_IN) ? &p_read : &p_send;
1.157 markus 318: if (seqnr)
319: *seqnr = state->seqnr;
320: if (blocks)
321: *blocks = state->blocks;
322: if (packets)
323: *packets = state->packets;
324: if (bytes)
325: *bytes = state->bytes;
1.91 markus 326: }
327:
328: void
1.157 markus 329: packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets,
330: u_int64_t bytes)
1.91 markus 331: {
1.105 markus 332: struct packet_state *state;
333:
334: state = (mode == MODE_IN) ? &p_read : &p_send;
335: state->seqnr = seqnr;
336: state->blocks = blocks;
337: state->packets = packets;
1.157 markus 338: state->bytes = bytes;
1.91 markus 339: }
340:
1.19 markus 341: /* returns 1 if connection is via ipv4 */
342:
343: int
1.73 itojun 344: packet_connection_is_ipv4(void)
1.19 markus 345: {
346: struct sockaddr_storage to;
1.21 deraadt 347: socklen_t tolen = sizeof(to);
1.19 markus 348:
349: memset(&to, 0, sizeof(to));
350: if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0)
351: return 0;
352: if (to.ss_family != AF_INET)
353: return 0;
354: return 1;
355: }
356:
1.1 deraadt 357: /* Sets the connection into non-blocking mode. */
358:
1.2 provos 359: void
1.73 itojun 360: packet_set_nonblocking(void)
1.1 deraadt 361: {
1.14 markus 362: /* Set the socket into non-blocking mode. */
1.114 djm 363: set_nonblock(connection_in);
1.14 markus 364:
1.114 djm 365: if (connection_out != connection_in)
366: set_nonblock(connection_out);
1.1 deraadt 367: }
368:
369: /* Returns the socket used for reading. */
370:
1.2 provos 371: int
1.73 itojun 372: packet_get_connection_in(void)
1.1 deraadt 373: {
1.14 markus 374: return connection_in;
1.1 deraadt 375: }
376:
377: /* Returns the descriptor used for writing. */
378:
1.2 provos 379: int
1.73 itojun 380: packet_get_connection_out(void)
1.1 deraadt 381: {
1.14 markus 382: return connection_out;
1.1 deraadt 383: }
384:
385: /* Closes the connection and clears and frees internal data structures. */
386:
1.2 provos 387: void
1.73 itojun 388: packet_close(void)
1.1 deraadt 389: {
1.14 markus 390: if (!initialized)
391: return;
392: initialized = 0;
393: if (connection_in == connection_out) {
394: shutdown(connection_out, SHUT_RDWR);
395: close(connection_out);
396: } else {
397: close(connection_in);
398: close(connection_out);
399: }
400: buffer_free(&input);
401: buffer_free(&output);
402: buffer_free(&outgoing_packet);
403: buffer_free(&incoming_packet);
1.60 markus 404: if (compression_buffer_ready) {
1.14 markus 405: buffer_free(&compression_buffer);
406: buffer_compress_uninit();
407: }
1.88 markus 408: cipher_cleanup(&send_context);
409: cipher_cleanup(&receive_context);
1.1 deraadt 410: }
411:
412: /* Sets remote side protocol flags. */
413:
1.2 provos 414: void
1.40 markus 415: packet_set_protocol_flags(u_int protocol_flags)
1.1 deraadt 416: {
1.14 markus 417: remote_protocol_flags = protocol_flags;
1.1 deraadt 418: }
419:
420: /* Returns the remote protocol flags set earlier by the above function. */
421:
1.40 markus 422: u_int
1.73 itojun 423: packet_get_protocol_flags(void)
1.1 deraadt 424: {
1.14 markus 425: return remote_protocol_flags;
1.1 deraadt 426: }
427:
1.16 markus 428: /*
429: * Starts packet compression from the next packet on in both directions.
430: * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip.
431: */
1.1 deraadt 432:
1.68 itojun 433: static void
434: packet_init_compression(void)
1.60 markus 435: {
436: if (compression_buffer_ready == 1)
437: return;
438: compression_buffer_ready = 1;
439: buffer_init(&compression_buffer);
440: }
441:
1.2 provos 442: void
443: packet_start_compression(int level)
1.1 deraadt 444: {
1.62 markus 445: if (packet_compression && !compat20)
1.14 markus 446: fatal("Compression already enabled.");
447: packet_compression = 1;
1.60 markus 448: packet_init_compression();
449: buffer_compress_init_send(level);
450: buffer_compress_init_recv();
1.1 deraadt 451: }
452:
1.16 markus 453: /*
454: * Causes any further packets to be encrypted using the given key. The same
455: * key is used for both sending and reception. However, both directions are
456: * encrypted independently of each other.
457: */
1.95 markus 458:
1.2 provos 459: void
1.40 markus 460: packet_set_encryption_key(const u_char *key, u_int keylen,
1.37 markus 461: int number)
1.1 deraadt 462: {
1.37 markus 463: Cipher *cipher = cipher_by_number(number);
1.97 deraadt 464:
1.37 markus 465: if (cipher == NULL)
466: fatal("packet_set_encryption_key: unknown cipher number %d", number);
1.25 markus 467: if (keylen < 20)
1.37 markus 468: fatal("packet_set_encryption_key: keylen too small: %d", keylen);
1.95 markus 469: if (keylen > SSH_SESSION_KEY_LENGTH)
470: fatal("packet_set_encryption_key: keylen too big: %d", keylen);
471: memcpy(ssh1_key, key, keylen);
472: ssh1_keylen = keylen;
1.88 markus 473: cipher_init(&send_context, cipher, key, keylen, NULL, 0, CIPHER_ENCRYPT);
474: cipher_init(&receive_context, cipher, key, keylen, NULL, 0, CIPHER_DECRYPT);
1.95 markus 475: }
476:
477: u_int
478: packet_get_encryption_key(u_char *key)
479: {
480: if (key == NULL)
481: return (ssh1_keylen);
482: memcpy(key, ssh1_key, ssh1_keylen);
483: return (ssh1_keylen);
1.1 deraadt 484: }
485:
1.62 markus 486: /* Start constructing a packet to send. */
1.2 provos 487: void
1.62 markus 488: packet_start(u_char type)
1.1 deraadt 489: {
1.62 markus 490: u_char buf[9];
491: int len;
1.1 deraadt 492:
1.62 markus 493: DBG(debug("packet_start[%d]", type));
494: len = compat20 ? 6 : 9;
495: memset(buf, 0, len - 1);
496: buf[len - 1] = type;
1.14 markus 497: buffer_clear(&outgoing_packet);
1.62 markus 498: buffer_append(&outgoing_packet, buf, len);
1.25 markus 499: }
500:
1.62 markus 501: /* Append payload. */
1.2 provos 502: void
503: packet_put_char(int value)
1.1 deraadt 504: {
1.14 markus 505: char ch = value;
1.97 deraadt 506:
1.14 markus 507: buffer_append(&outgoing_packet, &ch, 1);
1.1 deraadt 508: }
1.125 deraadt 509:
1.2 provos 510: void
1.40 markus 511: packet_put_int(u_int value)
1.1 deraadt 512: {
1.14 markus 513: buffer_put_int(&outgoing_packet, value);
1.1 deraadt 514: }
1.125 deraadt 515:
1.2 provos 516: void
1.76 stevesk 517: packet_put_string(const void *buf, u_int len)
1.1 deraadt 518: {
1.14 markus 519: buffer_put_string(&outgoing_packet, buf, len);
1.1 deraadt 520: }
1.125 deraadt 521:
1.24 markus 522: void
523: packet_put_cstring(const char *str)
524: {
1.65 markus 525: buffer_put_cstring(&outgoing_packet, str);
1.24 markus 526: }
1.125 deraadt 527:
1.24 markus 528: void
1.76 stevesk 529: packet_put_raw(const void *buf, u_int len)
1.24 markus 530: {
531: buffer_append(&outgoing_packet, buf, len);
532: }
1.125 deraadt 533:
1.2 provos 534: void
1.14 markus 535: packet_put_bignum(BIGNUM * value)
1.1 deraadt 536: {
1.14 markus 537: buffer_put_bignum(&outgoing_packet, value);
1.1 deraadt 538: }
1.125 deraadt 539:
1.24 markus 540: void
541: packet_put_bignum2(BIGNUM * value)
542: {
543: buffer_put_bignum2(&outgoing_packet, value);
544: }
1.1 deraadt 545:
1.16 markus 546: /*
547: * Finalizes and sends the packet. If the encryption key has been set,
548: * encrypts the packet before sending.
549: */
1.14 markus 550:
1.68 itojun 551: static void
1.49 itojun 552: packet_send1(void)
1.1 deraadt 553: {
1.89 markus 554: u_char buf[8], *cp;
1.14 markus 555: int i, padding, len;
1.40 markus 556: u_int checksum;
1.115 avsm 557: u_int32_t rnd = 0;
1.14 markus 558:
1.16 markus 559: /*
560: * If using packet compression, compress the payload of the outgoing
561: * packet.
562: */
1.14 markus 563: if (packet_compression) {
564: buffer_clear(&compression_buffer);
565: /* Skip padding. */
566: buffer_consume(&outgoing_packet, 8);
567: /* padding */
568: buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8);
569: buffer_compress(&outgoing_packet, &compression_buffer);
570: buffer_clear(&outgoing_packet);
571: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
1.75 deraadt 572: buffer_len(&compression_buffer));
1.14 markus 573: }
574: /* Compute packet length without padding (add checksum, remove padding). */
575: len = buffer_len(&outgoing_packet) + 4 - 8;
576:
1.32 markus 577: /* Insert padding. Initialized to zero in packet_start1() */
1.14 markus 578: padding = 8 - len % 8;
1.88 markus 579: if (!send_context.plaintext) {
1.14 markus 580: cp = buffer_ptr(&outgoing_packet);
581: for (i = 0; i < padding; i++) {
582: if (i % 4 == 0)
1.115 avsm 583: rnd = arc4random();
584: cp[7 - i] = rnd & 0xff;
585: rnd >>= 8;
1.14 markus 586: }
587: }
588: buffer_consume(&outgoing_packet, 8 - padding);
589:
590: /* Add check bytes. */
1.83 stevesk 591: checksum = ssh_crc32(buffer_ptr(&outgoing_packet),
1.34 deraadt 592: buffer_len(&outgoing_packet));
1.131 djm 593: put_u32(buf, checksum);
1.14 markus 594: buffer_append(&outgoing_packet, buf, 4);
1.1 deraadt 595:
596: #ifdef PACKET_DEBUG
1.14 markus 597: fprintf(stderr, "packet_send plain: ");
598: buffer_dump(&outgoing_packet);
1.1 deraadt 599: #endif
600:
1.14 markus 601: /* Append to output. */
1.131 djm 602: put_u32(buf, len);
1.14 markus 603: buffer_append(&output, buf, 4);
1.76 stevesk 604: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 markus 605: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.75 deraadt 606: buffer_len(&outgoing_packet));
1.14 markus 607:
1.1 deraadt 608: #ifdef PACKET_DEBUG
1.14 markus 609: fprintf(stderr, "encrypted: ");
610: buffer_dump(&output);
1.1 deraadt 611: #endif
1.157 markus 612: p_send.packets++;
613: p_send.bytes += len + buffer_len(&outgoing_packet);
1.14 markus 614: buffer_clear(&outgoing_packet);
1.1 deraadt 615:
1.16 markus 616: /*
1.120 djm 617: * Note that the packet is now only buffered in output. It won't be
1.16 markus 618: * actually sent until packet_write_wait or packet_write_poll is
619: * called.
620: */
1.1 deraadt 621: }
622:
1.91 markus 623: void
1.57 markus 624: set_newkeys(int mode)
625: {
626: Enc *enc;
627: Mac *mac;
628: Comp *comp;
629: CipherContext *cc;
1.105 markus 630: u_int64_t *max_blocks;
1.115 avsm 631: int crypt_type;
1.57 markus 632:
1.100 markus 633: debug2("set_newkeys: mode %d", mode);
1.57 markus 634:
1.88 markus 635: if (mode == MODE_OUT) {
636: cc = &send_context;
1.115 avsm 637: crypt_type = CIPHER_ENCRYPT;
1.105 markus 638: p_send.packets = p_send.blocks = 0;
639: max_blocks = &max_blocks_out;
1.88 markus 640: } else {
641: cc = &receive_context;
1.115 avsm 642: crypt_type = CIPHER_DECRYPT;
1.105 markus 643: p_read.packets = p_read.blocks = 0;
644: max_blocks = &max_blocks_in;
1.88 markus 645: }
1.57 markus 646: if (newkeys[mode] != NULL) {
1.100 markus 647: debug("set_newkeys: rekeying");
1.88 markus 648: cipher_cleanup(cc);
1.59 markus 649: enc = &newkeys[mode]->enc;
650: mac = &newkeys[mode]->mac;
651: comp = &newkeys[mode]->comp;
1.148 pvalchev 652: mac_clear(mac);
1.59 markus 653: xfree(enc->name);
654: xfree(enc->iv);
655: xfree(enc->key);
656: xfree(mac->name);
657: xfree(mac->key);
658: xfree(comp->name);
1.58 markus 659: xfree(newkeys[mode]);
1.57 markus 660: }
661: newkeys[mode] = kex_get_newkeys(mode);
662: if (newkeys[mode] == NULL)
663: fatal("newkeys: no keys for mode %d", mode);
664: enc = &newkeys[mode]->enc;
665: mac = &newkeys[mode]->mac;
666: comp = &newkeys[mode]->comp;
1.148 pvalchev 667: if (mac_init(mac) == 0)
1.57 markus 668: mac->enabled = 1;
669: DBG(debug("cipher_init_context: %d", mode));
1.88 markus 670: cipher_init(cc, enc->cipher, enc->key, enc->key_len,
1.115 avsm 671: enc->iv, enc->block_size, crypt_type);
1.91 markus 672: /* Deleting the keys does not gain extra security */
673: /* memset(enc->iv, 0, enc->block_size);
1.147 djm 674: memset(enc->key, 0, enc->key_len);
675: memset(mac->key, 0, mac->key_len); */
1.118 markus 676: if ((comp->type == COMP_ZLIB ||
677: (comp->type == COMP_DELAYED && after_authentication)) &&
678: comp->enabled == 0) {
1.60 markus 679: packet_init_compression();
680: if (mode == MODE_OUT)
681: buffer_compress_init_send(6);
682: else
683: buffer_compress_init_recv();
1.57 markus 684: comp->enabled = 1;
685: }
1.109 markus 686: /*
687: * The 2^(blocksize*2) limit is too expensive for 3DES,
688: * blowfish, etc, so enforce a 1GB limit for small blocksizes.
689: */
690: if (enc->block_size >= 16)
691: *max_blocks = (u_int64_t)1 << (enc->block_size*2);
692: else
693: *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
1.105 markus 694: if (rekey_limit)
695: *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
1.57 markus 696: }
697:
1.16 markus 698: /*
1.118 markus 699: * Delayed compression for SSH2 is enabled after authentication:
1.143 dtucker 700: * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
1.118 markus 701: * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
702: */
703: static void
704: packet_enable_delayed_compress(void)
705: {
706: Comp *comp = NULL;
707: int mode;
708:
709: /*
710: * Remember that we are past the authentication step, so rekeying
711: * with COMP_DELAYED will turn on compression immediately.
712: */
713: after_authentication = 1;
714: for (mode = 0; mode < MODE_MAX; mode++) {
1.145 markus 715: /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
716: if (newkeys[mode] == NULL)
717: continue;
1.118 markus 718: comp = &newkeys[mode]->comp;
719: if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
1.119 markus 720: packet_init_compression();
1.118 markus 721: if (mode == MODE_OUT)
722: buffer_compress_init_send(6);
723: else
724: buffer_compress_init_recv();
725: comp->enabled = 1;
726: }
727: }
728: }
729:
730: /*
1.25 markus 731: * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
732: */
1.68 itojun 733: static void
1.105 markus 734: packet_send2_wrapped(void)
1.25 markus 735: {
1.89 markus 736: u_char type, *cp, *macbuf = NULL;
1.71 markus 737: u_char padlen, pad;
1.40 markus 738: u_int packet_length = 0;
1.71 markus 739: u_int i, len;
1.115 avsm 740: u_int32_t rnd = 0;
1.25 markus 741: Enc *enc = NULL;
742: Mac *mac = NULL;
743: Comp *comp = NULL;
744: int block_size;
745:
1.57 markus 746: if (newkeys[MODE_OUT] != NULL) {
747: enc = &newkeys[MODE_OUT]->enc;
748: mac = &newkeys[MODE_OUT]->mac;
749: comp = &newkeys[MODE_OUT]->comp;
1.25 markus 750: }
1.88 markus 751: block_size = enc ? enc->block_size : 8;
1.25 markus 752:
1.89 markus 753: cp = buffer_ptr(&outgoing_packet);
754: type = cp[5];
1.25 markus 755:
756: #ifdef PACKET_DEBUG
757: fprintf(stderr, "plain: ");
758: buffer_dump(&outgoing_packet);
759: #endif
760:
761: if (comp && comp->enabled) {
762: len = buffer_len(&outgoing_packet);
763: /* skip header, compress only payload */
764: buffer_consume(&outgoing_packet, 5);
765: buffer_clear(&compression_buffer);
766: buffer_compress(&outgoing_packet, &compression_buffer);
767: buffer_clear(&outgoing_packet);
768: buffer_append(&outgoing_packet, "\0\0\0\0\0", 5);
769: buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
770: buffer_len(&compression_buffer));
771: DBG(debug("compression: raw %d compressed %d", len,
772: buffer_len(&outgoing_packet)));
773: }
774:
775: /* sizeof (packet_len + pad_len + payload) */
776: len = buffer_len(&outgoing_packet);
777:
778: /*
779: * calc size of padding, alloc space, get random data,
780: * minimum padding is 4 bytes
781: */
782: padlen = block_size - (len % block_size);
783: if (padlen < 4)
784: padlen += block_size;
1.71 markus 785: if (extra_pad) {
786: /* will wrap if extra_pad+padlen > 255 */
787: extra_pad = roundup(extra_pad, block_size);
788: pad = extra_pad - ((len + padlen) % extra_pad);
1.93 markus 789: debug3("packet_send2: adding %d (len %d padlen %d extra_pad %d)",
1.71 markus 790: pad, len, padlen, extra_pad);
791: padlen += pad;
792: extra_pad = 0;
793: }
1.76 stevesk 794: cp = buffer_append_space(&outgoing_packet, padlen);
1.88 markus 795: if (enc && !send_context.plaintext) {
1.32 markus 796: /* random padding */
1.25 markus 797: for (i = 0; i < padlen; i++) {
798: if (i % 4 == 0)
1.115 avsm 799: rnd = arc4random();
800: cp[i] = rnd & 0xff;
801: rnd >>= 8;
1.25 markus 802: }
1.32 markus 803: } else {
804: /* clear padding */
805: memset(cp, 0, padlen);
1.25 markus 806: }
807: /* packet_length includes payload, padding and padding length field */
808: packet_length = buffer_len(&outgoing_packet) - 4;
1.89 markus 809: cp = buffer_ptr(&outgoing_packet);
1.131 djm 810: put_u32(cp, packet_length);
1.89 markus 811: cp[4] = padlen;
1.25 markus 812: DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen));
813:
814: /* compute MAC over seqnr and packet(length fields, payload, padding) */
815: if (mac && mac->enabled) {
1.105 markus 816: macbuf = mac_compute(mac, p_send.seqnr,
1.83 stevesk 817: buffer_ptr(&outgoing_packet),
1.50 markus 818: buffer_len(&outgoing_packet));
1.105 markus 819: DBG(debug("done calc MAC out #%d", p_send.seqnr));
1.25 markus 820: }
821: /* encrypt packet and append to output buffer. */
1.76 stevesk 822: cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
1.88 markus 823: cipher_crypt(&send_context, cp, buffer_ptr(&outgoing_packet),
1.25 markus 824: buffer_len(&outgoing_packet));
825: /* append unencrypted MAC */
826: if (mac && mac->enabled)
1.130 deraadt 827: buffer_append(&output, macbuf, mac->mac_len);
1.25 markus 828: #ifdef PACKET_DEBUG
829: fprintf(stderr, "encrypted: ");
830: buffer_dump(&output);
831: #endif
1.29 markus 832: /* increment sequence number for outgoing packets */
1.105 markus 833: if (++p_send.seqnr == 0)
1.106 itojun 834: logit("outgoing seqnr wraps around");
1.105 markus 835: if (++p_send.packets == 0)
836: if (!(datafellows & SSH_BUG_NOREKEY))
837: fatal("XXX too many packets with same key");
838: p_send.blocks += (packet_length + 4) / block_size;
1.157 markus 839: p_send.bytes += packet_length + 4;
1.25 markus 840: buffer_clear(&outgoing_packet);
841:
1.57 markus 842: if (type == SSH2_MSG_NEWKEYS)
843: set_newkeys(MODE_OUT);
1.118 markus 844: else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
845: packet_enable_delayed_compress();
1.25 markus 846: }
847:
1.105 markus 848: static void
849: packet_send2(void)
850: {
851: static int rekeying = 0;
852: struct packet *p;
853: u_char type, *cp;
854:
855: cp = buffer_ptr(&outgoing_packet);
856: type = cp[5];
857:
858: /* during rekeying we can only send key exchange messages */
859: if (rekeying) {
860: if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
861: (type <= SSH2_MSG_TRANSPORT_MAX))) {
862: debug("enqueue packet: %u", type);
863: p = xmalloc(sizeof(*p));
864: p->type = type;
865: memcpy(&p->payload, &outgoing_packet, sizeof(Buffer));
866: buffer_init(&outgoing_packet);
867: TAILQ_INSERT_TAIL(&outgoing, p, next);
868: return;
869: }
870: }
871:
872: /* rekeying starts with sending KEXINIT */
873: if (type == SSH2_MSG_KEXINIT)
874: rekeying = 1;
875:
876: packet_send2_wrapped();
877:
878: /* after a NEWKEYS message we can send the complete queue */
879: if (type == SSH2_MSG_NEWKEYS) {
880: rekeying = 0;
881: while ((p = TAILQ_FIRST(&outgoing))) {
882: type = p->type;
883: debug("dequeue packet: %u", type);
884: buffer_free(&outgoing_packet);
885: memcpy(&outgoing_packet, &p->payload,
886: sizeof(Buffer));
887: TAILQ_REMOVE(&outgoing, p, next);
888: xfree(p);
889: packet_send2_wrapped();
890: }
891: }
892: }
893:
1.25 markus 894: void
1.73 itojun 895: packet_send(void)
1.25 markus 896: {
1.62 markus 897: if (compat20)
1.25 markus 898: packet_send2();
899: else
900: packet_send1();
901: DBG(debug("packet_send done"));
902: }
903:
904: /*
1.16 markus 905: * Waits until a packet has been received, and returns its type. Note that
906: * no other data is processed until this returns, so this function should not
907: * be used during the interactive session.
908: */
1.1 deraadt 909:
1.2 provos 910: int
1.82 markus 911: packet_read_seqnr(u_int32_t *seqnr_p)
1.1 deraadt 912: {
1.154 dtucker 913: int type, len, ret, ms_remain;
1.56 millert 914: fd_set *setp;
1.14 markus 915: char buf[8192];
1.155 deraadt 916: struct timeval timeout, start, *timeoutp = NULL;
917:
1.25 markus 918: DBG(debug("packet_read()"));
1.14 markus 919:
1.127 djm 920: setp = (fd_set *)xcalloc(howmany(connection_in+1, NFDBITS),
1.56 millert 921: sizeof(fd_mask));
922:
1.14 markus 923: /* Since we are blocking, ensure that all written packets have been sent. */
924: packet_write_wait();
925:
926: /* Stay in the loop until we have received a complete packet. */
927: for (;;) {
928: /* Try to read a packet from the buffer. */
1.82 markus 929: type = packet_read_poll_seqnr(seqnr_p);
1.62 markus 930: if (!compat20 && (
1.32 markus 931: type == SSH_SMSG_SUCCESS
1.14 markus 932: || type == SSH_SMSG_FAILURE
933: || type == SSH_CMSG_EOF
1.32 markus 934: || type == SSH_CMSG_EXIT_CONFIRMATION))
1.79 markus 935: packet_check_eom();
1.14 markus 936: /* If we got a packet, return it. */
1.56 millert 937: if (type != SSH_MSG_NONE) {
938: xfree(setp);
1.14 markus 939: return type;
1.56 millert 940: }
1.16 markus 941: /*
942: * Otherwise, wait for some data to arrive, add it to the
943: * buffer, and try again.
944: */
1.56 millert 945: memset(setp, 0, howmany(connection_in + 1, NFDBITS) *
946: sizeof(fd_mask));
947: FD_SET(connection_in, setp);
1.16 markus 948:
1.154 dtucker 949: if (packet_timeout_ms > 0) {
950: ms_remain = packet_timeout_ms;
951: timeoutp = &timeout;
952: }
1.14 markus 953: /* Wait for some data to arrive. */
1.154 dtucker 954: for (;;) {
955: if (packet_timeout_ms != -1) {
956: ms_to_timeval(&timeout, ms_remain);
957: gettimeofday(&start, NULL);
958: }
959: if ((ret = select(connection_in + 1, setp, NULL,
960: NULL, timeoutp)) >= 0)
961: break;
962: if (errno != EAGAIN && errno != EINTR)
963: break;
964: if (packet_timeout_ms == -1)
965: continue;
966: ms_subtract_diff(&start, &ms_remain);
967: if (ms_remain <= 0) {
968: ret = 0;
969: break;
970: }
971: }
972: if (ret == 0) {
973: logit("Connection to %.200s timed out while "
974: "waiting to read", get_remote_ipaddr());
975: cleanup_exit(255);
976: }
1.14 markus 977: /* Read data from the socket. */
978: len = read(connection_in, buf, sizeof(buf));
1.18 markus 979: if (len == 0) {
1.106 itojun 980: logit("Connection closed by %.200s", get_remote_ipaddr());
1.112 markus 981: cleanup_exit(255);
1.18 markus 982: }
1.14 markus 983: if (len < 0)
984: fatal("Read from socket failed: %.100s", strerror(errno));
985: /* Append it to the buffer. */
986: packet_process_incoming(buf, len);
987: }
988: /* NOTREACHED */
1.1 deraadt 989: }
990:
1.77 djm 991: int
1.82 markus 992: packet_read(void)
1.77 djm 993: {
1.82 markus 994: return packet_read_seqnr(NULL);
1.77 djm 995: }
996:
1.16 markus 997: /*
998: * Waits until a packet has been received, verifies that its type matches
999: * that given, and gives a fatal error and exits if there is a mismatch.
1000: */
1.1 deraadt 1001:
1.2 provos 1002: void
1.82 markus 1003: packet_read_expect(int expected_type)
1.1 deraadt 1004: {
1.14 markus 1005: int type;
1.1 deraadt 1006:
1.82 markus 1007: type = packet_read();
1.14 markus 1008: if (type != expected_type)
1009: packet_disconnect("Protocol error: expected packet type %d, got %d",
1.25 markus 1010: expected_type, type);
1.1 deraadt 1011: }
1012:
1013: /* Checks if a full packet is available in the data received so far via
1.14 markus 1014: * packet_process_incoming. If so, reads the packet; otherwise returns
1015: * SSH_MSG_NONE. This does not wait for data from the connection.
1016: *
1.150 dtucker 1017: * SSH_MSG_DISCONNECT is handled specially here. Also,
1018: * SSH_MSG_IGNORE messages are skipped by this function and are never returned
1019: * to higher levels.
1.14 markus 1020: */
1.1 deraadt 1021:
1.68 itojun 1022: static int
1.82 markus 1023: packet_read_poll1(void)
1.1 deraadt 1024: {
1.40 markus 1025: u_int len, padded_len;
1.89 markus 1026: u_char *cp, type;
1.40 markus 1027: u_int checksum, stored_checksum;
1.14 markus 1028:
1029: /* Check if input size is less than minimum packet size. */
1030: if (buffer_len(&input) < 4 + 8)
1031: return SSH_MSG_NONE;
1032: /* Get length of incoming packet. */
1.89 markus 1033: cp = buffer_ptr(&input);
1.131 djm 1034: len = get_u32(cp);
1.14 markus 1035: if (len < 1 + 2 + 2 || len > 256 * 1024)
1.98 markus 1036: packet_disconnect("Bad packet length %u.", len);
1.14 markus 1037: padded_len = (len + 8) & ~7;
1038:
1039: /* Check if the packet has been entirely received. */
1040: if (buffer_len(&input) < 4 + padded_len)
1041: return SSH_MSG_NONE;
1042:
1043: /* The entire packet is in buffer. */
1044:
1045: /* Consume packet length. */
1046: buffer_consume(&input, 4);
1047:
1.62 markus 1048: /*
1049: * Cryptographic attack detector for ssh
1050: * (C)1998 CORE-SDI, Buenos Aires Argentina
1051: * Ariel Futoransky(futo@core-sdi.com)
1052: */
1.144 djm 1053: if (!receive_context.plaintext) {
1054: switch (detect_attack(buffer_ptr(&input), padded_len)) {
1055: case DEATTACK_DETECTED:
1056: packet_disconnect("crc32 compensation attack: "
1057: "network attack detected");
1058: case DEATTACK_DOS_DETECTED:
1059: packet_disconnect("deattack denial of "
1060: "service detected");
1061: }
1062: }
1.62 markus 1063:
1064: /* Decrypt data to incoming_packet. */
1.14 markus 1065: buffer_clear(&incoming_packet);
1.76 stevesk 1066: cp = buffer_append_space(&incoming_packet, padded_len);
1.88 markus 1067: cipher_crypt(&receive_context, cp, buffer_ptr(&input), padded_len);
1.62 markus 1068:
1.14 markus 1069: buffer_consume(&input, padded_len);
1.1 deraadt 1070:
1071: #ifdef PACKET_DEBUG
1.14 markus 1072: fprintf(stderr, "read_poll plain: ");
1073: buffer_dump(&incoming_packet);
1.1 deraadt 1074: #endif
1075:
1.14 markus 1076: /* Compute packet checksum. */
1.83 stevesk 1077: checksum = ssh_crc32(buffer_ptr(&incoming_packet),
1.25 markus 1078: buffer_len(&incoming_packet) - 4);
1.14 markus 1079:
1080: /* Skip padding. */
1081: buffer_consume(&incoming_packet, 8 - len % 8);
1082:
1083: /* Test check bytes. */
1084: if (len != buffer_len(&incoming_packet))
1.77 djm 1085: packet_disconnect("packet_read_poll1: len %d != buffer_len %d.",
1.25 markus 1086: len, buffer_len(&incoming_packet));
1.14 markus 1087:
1.89 markus 1088: cp = (u_char *)buffer_ptr(&incoming_packet) + len - 4;
1.131 djm 1089: stored_checksum = get_u32(cp);
1.14 markus 1090: if (checksum != stored_checksum)
1091: packet_disconnect("Corrupted check bytes on input.");
1092: buffer_consume_end(&incoming_packet, 4);
1093:
1094: if (packet_compression) {
1095: buffer_clear(&compression_buffer);
1096: buffer_uncompress(&incoming_packet, &compression_buffer);
1097: buffer_clear(&incoming_packet);
1098: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
1.25 markus 1099: buffer_len(&compression_buffer));
1.14 markus 1100: }
1.157 markus 1101: p_read.packets++;
1102: p_read.bytes += padded_len + 4;
1.62 markus 1103: type = buffer_get_char(&incoming_packet);
1.116 markus 1104: if (type < SSH_MSG_MIN || type > SSH_MSG_MAX)
1105: packet_disconnect("Invalid ssh1 packet type: %d", type);
1.62 markus 1106: return type;
1.1 deraadt 1107: }
1.14 markus 1108:
1.68 itojun 1109: static int
1.82 markus 1110: packet_read_poll2(u_int32_t *seqnr_p)
1.25 markus 1111: {
1.50 markus 1112: static u_int packet_length = 0;
1.40 markus 1113: u_int padlen, need;
1.89 markus 1114: u_char *macbuf, *cp, type;
1.117 djm 1115: u_int maclen, block_size;
1.25 markus 1116: Enc *enc = NULL;
1117: Mac *mac = NULL;
1118: Comp *comp = NULL;
1119:
1.57 markus 1120: if (newkeys[MODE_IN] != NULL) {
1121: enc = &newkeys[MODE_IN]->enc;
1122: mac = &newkeys[MODE_IN]->mac;
1123: comp = &newkeys[MODE_IN]->comp;
1.25 markus 1124: }
1125: maclen = mac && mac->enabled ? mac->mac_len : 0;
1.88 markus 1126: block_size = enc ? enc->block_size : 8;
1.25 markus 1127:
1128: if (packet_length == 0) {
1129: /*
1130: * check if input size is less than the cipher block size,
1131: * decrypt first block and extract length of incoming packet
1132: */
1133: if (buffer_len(&input) < block_size)
1134: return SSH_MSG_NONE;
1135: buffer_clear(&incoming_packet);
1.76 stevesk 1136: cp = buffer_append_space(&incoming_packet, block_size);
1.88 markus 1137: cipher_crypt(&receive_context, cp, buffer_ptr(&input),
1.25 markus 1138: block_size);
1.89 markus 1139: cp = buffer_ptr(&incoming_packet);
1.131 djm 1140: packet_length = get_u32(cp);
1.25 markus 1141: if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
1.110 markus 1142: #ifdef PACKET_DEBUG
1.25 markus 1143: buffer_dump(&incoming_packet);
1.110 markus 1144: #endif
1.158 ! markus 1145: packet_disconnect("Bad packet length %-10u",
! 1146: packet_length);
1.25 markus 1147: }
1.98 markus 1148: DBG(debug("input: packet len %u", packet_length+4));
1.25 markus 1149: buffer_consume(&input, block_size);
1150: }
1151: /* we have a partial packet of block_size bytes */
1152: need = 4 + packet_length - block_size;
1153: DBG(debug("partial packet %d, need %d, maclen %d", block_size,
1154: need, maclen));
1.158 ! markus 1155: if (need % block_size != 0) {
! 1156: logit("padding error: need %d block %d mod %d",
1.25 markus 1157: need, block_size, need % block_size);
1.158 ! markus 1158: packet_disconnect("Bad packet length %-10u", packet_length);
! 1159: }
1.25 markus 1160: /*
1161: * check if the entire packet has been received and
1162: * decrypt into incoming_packet
1163: */
1164: if (buffer_len(&input) < need + maclen)
1165: return SSH_MSG_NONE;
1166: #ifdef PACKET_DEBUG
1167: fprintf(stderr, "read_poll enc/full: ");
1168: buffer_dump(&input);
1169: #endif
1.76 stevesk 1170: cp = buffer_append_space(&incoming_packet, need);
1.88 markus 1171: cipher_crypt(&receive_context, cp, buffer_ptr(&input), need);
1.25 markus 1172: buffer_consume(&input, need);
1173: /*
1174: * compute MAC over seqnr and packet,
1175: * increment sequence number for incoming packet
1176: */
1.29 markus 1177: if (mac && mac->enabled) {
1.105 markus 1178: macbuf = mac_compute(mac, p_read.seqnr,
1.83 stevesk 1179: buffer_ptr(&incoming_packet),
1.50 markus 1180: buffer_len(&incoming_packet));
1.25 markus 1181: if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
1.36 markus 1182: packet_disconnect("Corrupted MAC on input.");
1.105 markus 1183: DBG(debug("MAC #%d ok", p_read.seqnr));
1.25 markus 1184: buffer_consume(&input, mac->mac_len);
1185: }
1.77 djm 1186: if (seqnr_p != NULL)
1.105 markus 1187: *seqnr_p = p_read.seqnr;
1188: if (++p_read.seqnr == 0)
1.106 itojun 1189: logit("incoming seqnr wraps around");
1.105 markus 1190: if (++p_read.packets == 0)
1191: if (!(datafellows & SSH_BUG_NOREKEY))
1192: fatal("XXX too many packets with same key");
1193: p_read.blocks += (packet_length + 4) / block_size;
1.157 markus 1194: p_read.bytes += packet_length + 4;
1.25 markus 1195:
1196: /* get padlen */
1.76 stevesk 1197: cp = buffer_ptr(&incoming_packet);
1.89 markus 1198: padlen = cp[4];
1.25 markus 1199: DBG(debug("input: padlen %d", padlen));
1200: if (padlen < 4)
1201: packet_disconnect("Corrupted padlen %d on input.", padlen);
1202:
1203: /* skip packet size + padlen, discard padding */
1204: buffer_consume(&incoming_packet, 4 + 1);
1205: buffer_consume_end(&incoming_packet, padlen);
1206:
1207: DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet)));
1208: if (comp && comp->enabled) {
1209: buffer_clear(&compression_buffer);
1210: buffer_uncompress(&incoming_packet, &compression_buffer);
1211: buffer_clear(&incoming_packet);
1212: buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
1213: buffer_len(&compression_buffer));
1.97 deraadt 1214: DBG(debug("input: len after de-compress %d",
1215: buffer_len(&incoming_packet)));
1.25 markus 1216: }
1217: /*
1218: * get packet type, implies consume.
1219: * return length of payload (without type field)
1220: */
1.62 markus 1221: type = buffer_get_char(&incoming_packet);
1.116 markus 1222: if (type < SSH2_MSG_MIN || type >= SSH2_MSG_LOCAL_MIN)
1223: packet_disconnect("Invalid ssh2 packet type: %d", type);
1.57 markus 1224: if (type == SSH2_MSG_NEWKEYS)
1225: set_newkeys(MODE_IN);
1.118 markus 1226: else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
1227: packet_enable_delayed_compress();
1.25 markus 1228: #ifdef PACKET_DEBUG
1.55 deraadt 1229: fprintf(stderr, "read/plain[%d]:\r\n", type);
1.25 markus 1230: buffer_dump(&incoming_packet);
1231: #endif
1.62 markus 1232: /* reset for next packet */
1233: packet_length = 0;
1234: return type;
1.25 markus 1235: }
1236:
1237: int
1.82 markus 1238: packet_read_poll_seqnr(u_int32_t *seqnr_p)
1.25 markus 1239: {
1.96 deraadt 1240: u_int reason, seqnr;
1.62 markus 1241: u_char type;
1.25 markus 1242: char *msg;
1.62 markus 1243:
1.25 markus 1244: for (;;) {
1.62 markus 1245: if (compat20) {
1.82 markus 1246: type = packet_read_poll2(seqnr_p);
1.153 djm 1247: if (type) {
1248: keep_alive_timeouts = 0;
1.25 markus 1249: DBG(debug("received packet type %d", type));
1.153 djm 1250: }
1.74 deraadt 1251: switch (type) {
1.150 dtucker 1252: case SSH2_MSG_IGNORE:
1.151 dtucker 1253: debug3("Received SSH2_MSG_IGNORE");
1.150 dtucker 1254: break;
1.25 markus 1255: case SSH2_MSG_DEBUG:
1256: packet_get_char();
1257: msg = packet_get_string(NULL);
1258: debug("Remote: %.900s", msg);
1259: xfree(msg);
1260: msg = packet_get_string(NULL);
1261: xfree(msg);
1262: break;
1263: case SSH2_MSG_DISCONNECT:
1264: reason = packet_get_int();
1265: msg = packet_get_string(NULL);
1.106 itojun 1266: logit("Received disconnect from %s: %u: %.400s",
1.96 deraadt 1267: get_remote_ipaddr(), reason, msg);
1.25 markus 1268: xfree(msg);
1.112 markus 1269: cleanup_exit(255);
1.84 markus 1270: break;
1271: case SSH2_MSG_UNIMPLEMENTED:
1272: seqnr = packet_get_int();
1.96 deraadt 1273: debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
1274: seqnr);
1.150 dtucker 1275: break;
1.25 markus 1276: default:
1277: return type;
1.48 stevesk 1278: }
1.25 markus 1279: } else {
1.82 markus 1280: type = packet_read_poll1();
1.74 deraadt 1281: switch (type) {
1.25 markus 1282: case SSH_MSG_IGNORE:
1283: break;
1284: case SSH_MSG_DEBUG:
1285: msg = packet_get_string(NULL);
1286: debug("Remote: %.900s", msg);
1287: xfree(msg);
1288: break;
1289: case SSH_MSG_DISCONNECT:
1290: msg = packet_get_string(NULL);
1.106 itojun 1291: logit("Received disconnect from %s: %.400s",
1.96 deraadt 1292: get_remote_ipaddr(), msg);
1.112 markus 1293: cleanup_exit(255);
1.25 markus 1294: break;
1295: default:
1.62 markus 1296: if (type)
1.25 markus 1297: DBG(debug("received packet type %d", type));
1298: return type;
1.48 stevesk 1299: }
1.25 markus 1300: }
1301: }
1.77 djm 1302: }
1303:
1304: int
1.82 markus 1305: packet_read_poll(void)
1.77 djm 1306: {
1.82 markus 1307: return packet_read_poll_seqnr(NULL);
1.25 markus 1308: }
1309:
1.16 markus 1310: /*
1311: * Buffers the given amount of input characters. This is intended to be used
1312: * together with packet_read_poll.
1313: */
1.1 deraadt 1314:
1.2 provos 1315: void
1.40 markus 1316: packet_process_incoming(const char *buf, u_int len)
1.1 deraadt 1317: {
1.14 markus 1318: buffer_append(&input, buf, len);
1.1 deraadt 1319: }
1320:
1321: /* Returns a character from the packet. */
1322:
1.40 markus 1323: u_int
1.73 itojun 1324: packet_get_char(void)
1.1 deraadt 1325: {
1.14 markus 1326: char ch;
1.97 deraadt 1327:
1.14 markus 1328: buffer_get(&incoming_packet, &ch, 1);
1.40 markus 1329: return (u_char) ch;
1.1 deraadt 1330: }
1331:
1332: /* Returns an integer from the packet data. */
1333:
1.40 markus 1334: u_int
1.73 itojun 1335: packet_get_int(void)
1.1 deraadt 1336: {
1.14 markus 1337: return buffer_get_int(&incoming_packet);
1.1 deraadt 1338: }
1339:
1.16 markus 1340: /*
1341: * Returns an arbitrary precision integer from the packet data. The integer
1342: * must have been initialized before this call.
1343: */
1.1 deraadt 1344:
1.2 provos 1345: void
1.80 markus 1346: packet_get_bignum(BIGNUM * value)
1.1 deraadt 1347: {
1.81 markus 1348: buffer_get_bignum(&incoming_packet, value);
1.24 markus 1349: }
1350:
1351: void
1.80 markus 1352: packet_get_bignum2(BIGNUM * value)
1.24 markus 1353: {
1.81 markus 1354: buffer_get_bignum2(&incoming_packet, value);
1.24 markus 1355: }
1356:
1.76 stevesk 1357: void *
1.117 djm 1358: packet_get_raw(u_int *length_ptr)
1.24 markus 1359: {
1.117 djm 1360: u_int bytes = buffer_len(&incoming_packet);
1.97 deraadt 1361:
1.24 markus 1362: if (length_ptr != NULL)
1363: *length_ptr = bytes;
1364: return buffer_ptr(&incoming_packet);
1.28 markus 1365: }
1366:
1367: int
1368: packet_remaining(void)
1369: {
1370: return buffer_len(&incoming_packet);
1.1 deraadt 1371: }
1372:
1.16 markus 1373: /*
1374: * Returns a string from the packet data. The string is allocated using
1375: * xmalloc; it is the responsibility of the calling program to free it when
1376: * no longer needed. The length_ptr argument may be NULL, or point to an
1377: * integer into which the length of the string is stored.
1378: */
1.1 deraadt 1379:
1.76 stevesk 1380: void *
1.40 markus 1381: packet_get_string(u_int *length_ptr)
1.1 deraadt 1382: {
1.14 markus 1383: return buffer_get_string(&incoming_packet, length_ptr);
1.152 markus 1384: }
1385:
1386: void *
1387: packet_get_string_ptr(u_int *length_ptr)
1388: {
1389: return buffer_get_string_ptr(&incoming_packet, length_ptr);
1.1 deraadt 1390: }
1391:
1.16 markus 1392: /*
1393: * Sends a diagnostic message from the server to the client. This message
1394: * can be sent at any time (but not while constructing another message). The
1395: * message is printed immediately, but only if the client is being executed
1396: * in verbose mode. These messages are primarily intended to ease debugging
1397: * authentication problems. The length of the formatted message must not
1398: * exceed 1024 bytes. This will automatically call packet_write_wait.
1399: */
1.1 deraadt 1400:
1.2 provos 1401: void
1.14 markus 1402: packet_send_debug(const char *fmt,...)
1.1 deraadt 1403: {
1.14 markus 1404: char buf[1024];
1405: va_list args;
1.39 markus 1406:
1407: if (compat20 && (datafellows & SSH_BUG_DEBUG))
1408: return;
1.14 markus 1409:
1410: va_start(args, fmt);
1411: vsnprintf(buf, sizeof(buf), fmt, args);
1412: va_end(args);
1413:
1.30 markus 1414: if (compat20) {
1415: packet_start(SSH2_MSG_DEBUG);
1416: packet_put_char(0); /* bool: always display */
1417: packet_put_cstring(buf);
1418: packet_put_cstring("");
1419: } else {
1420: packet_start(SSH_MSG_DEBUG);
1421: packet_put_cstring(buf);
1422: }
1.14 markus 1423: packet_send();
1424: packet_write_wait();
1.1 deraadt 1425: }
1426:
1.16 markus 1427: /*
1428: * Logs the error plus constructs and sends a disconnect packet, closes the
1429: * connection, and exits. This function never returns. The error message
1430: * should not contain a newline. The length of the formatted message must
1431: * not exceed 1024 bytes.
1432: */
1.1 deraadt 1433:
1.2 provos 1434: void
1.14 markus 1435: packet_disconnect(const char *fmt,...)
1.1 deraadt 1436: {
1.14 markus 1437: char buf[1024];
1438: va_list args;
1439: static int disconnecting = 0;
1.97 deraadt 1440:
1.14 markus 1441: if (disconnecting) /* Guard against recursive invocations. */
1442: fatal("packet_disconnect called recursively.");
1443: disconnecting = 1;
1444:
1.16 markus 1445: /*
1446: * Format the message. Note that the caller must make sure the
1447: * message is of limited size.
1448: */
1.14 markus 1449: va_start(args, fmt);
1450: vsnprintf(buf, sizeof(buf), fmt, args);
1451: va_end(args);
1452:
1.99 markus 1453: /* Display the error locally */
1.106 itojun 1454: logit("Disconnecting: %.100s", buf);
1.99 markus 1455:
1.14 markus 1456: /* Send the disconnect message to the other side, and wait for it to get sent. */
1.25 markus 1457: if (compat20) {
1458: packet_start(SSH2_MSG_DISCONNECT);
1459: packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR);
1460: packet_put_cstring(buf);
1461: packet_put_cstring("");
1462: } else {
1463: packet_start(SSH_MSG_DISCONNECT);
1.65 markus 1464: packet_put_cstring(buf);
1.25 markus 1465: }
1.14 markus 1466: packet_send();
1467: packet_write_wait();
1468:
1469: /* Stop listening for connections. */
1.67 markus 1470: channel_close_all();
1.14 markus 1471:
1472: /* Close the connection. */
1473: packet_close();
1.112 markus 1474: cleanup_exit(255);
1.1 deraadt 1475: }
1476:
1.16 markus 1477: /* Checks if there is any buffered output, and tries to write some of the output. */
1.1 deraadt 1478:
1.2 provos 1479: void
1.73 itojun 1480: packet_write_poll(void)
1.1 deraadt 1481: {
1.14 markus 1482: int len = buffer_len(&output);
1.97 deraadt 1483:
1.14 markus 1484: if (len > 0) {
1485: len = write(connection_out, buffer_ptr(&output), len);
1.156 djm 1486: if (len == -1) {
1487: if (errno == EINTR || errno == EAGAIN)
1.14 markus 1488: return;
1.156 djm 1489: fatal("Write failed: %.100s", strerror(errno));
1.14 markus 1490: }
1.156 djm 1491: if (len == 0)
1492: fatal("Write connection closed");
1.14 markus 1493: buffer_consume(&output, len);
1494: }
1.1 deraadt 1495: }
1496:
1.16 markus 1497: /*
1498: * Calls packet_write_poll repeatedly until all pending output data has been
1499: * written.
1500: */
1.1 deraadt 1501:
1.2 provos 1502: void
1.73 itojun 1503: packet_write_wait(void)
1.1 deraadt 1504: {
1.56 millert 1505: fd_set *setp;
1.154 dtucker 1506: int ret, ms_remain;
1507: struct timeval start, timeout, *timeoutp = NULL;
1.56 millert 1508:
1.127 djm 1509: setp = (fd_set *)xcalloc(howmany(connection_out + 1, NFDBITS),
1.56 millert 1510: sizeof(fd_mask));
1.14 markus 1511: packet_write_poll();
1512: while (packet_have_data_to_write()) {
1.56 millert 1513: memset(setp, 0, howmany(connection_out + 1, NFDBITS) *
1514: sizeof(fd_mask));
1515: FD_SET(connection_out, setp);
1.154 dtucker 1516:
1517: if (packet_timeout_ms > 0) {
1518: ms_remain = packet_timeout_ms;
1519: timeoutp = &timeout;
1520: }
1521: for (;;) {
1522: if (packet_timeout_ms != -1) {
1523: ms_to_timeval(&timeout, ms_remain);
1524: gettimeofday(&start, NULL);
1525: }
1526: if ((ret = select(connection_out + 1, NULL, setp,
1527: NULL, timeoutp)) >= 0)
1528: break;
1529: if (errno != EAGAIN && errno != EINTR)
1530: break;
1531: if (packet_timeout_ms == -1)
1532: continue;
1533: ms_subtract_diff(&start, &ms_remain);
1534: if (ms_remain <= 0) {
1535: ret = 0;
1536: break;
1537: }
1538: }
1539: if (ret == 0) {
1540: logit("Connection to %.200s timed out while "
1541: "waiting to write", get_remote_ipaddr());
1542: cleanup_exit(255);
1543: }
1.14 markus 1544: packet_write_poll();
1545: }
1.56 millert 1546: xfree(setp);
1.1 deraadt 1547: }
1548:
1549: /* Returns true if there is buffered data to write to the connection. */
1550:
1.2 provos 1551: int
1.73 itojun 1552: packet_have_data_to_write(void)
1.1 deraadt 1553: {
1.14 markus 1554: return buffer_len(&output) != 0;
1.1 deraadt 1555: }
1556:
1557: /* Returns true if there is not too much data to write to the connection. */
1558:
1.2 provos 1559: int
1.73 itojun 1560: packet_not_very_much_data_to_write(void)
1.1 deraadt 1561: {
1.14 markus 1562: if (interactive_mode)
1563: return buffer_len(&output) < 16384;
1564: else
1565: return buffer_len(&output) < 128 * 1024;
1.1 deraadt 1566: }
1567:
1.102 markus 1568: static void
1.101 markus 1569: packet_set_tos(int interactive)
1570: {
1571: int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
1572:
1573: if (!packet_connection_is_on_socket() ||
1574: !packet_connection_is_ipv4())
1575: return;
1576: if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos,
1577: sizeof(tos)) < 0)
1578: error("setsockopt IP_TOS %d: %.100s:",
1579: tos, strerror(errno));
1580: }
1581:
1.1 deraadt 1582: /* Informs that the current session is interactive. Sets IP flags for that. */
1583:
1.2 provos 1584: void
1.43 markus 1585: packet_set_interactive(int interactive)
1.1 deraadt 1586: {
1.43 markus 1587: static int called = 0;
1.44 markus 1588:
1.43 markus 1589: if (called)
1590: return;
1591: called = 1;
1.1 deraadt 1592:
1.14 markus 1593: /* Record that we are in interactive mode. */
1594: interactive_mode = interactive;
1.1 deraadt 1595:
1.19 markus 1596: /* Only set socket options if using a socket. */
1597: if (!packet_connection_is_on_socket())
1.14 markus 1598: return;
1.122 dtucker 1599: set_nodelay(connection_in);
1.101 markus 1600: packet_set_tos(interactive);
1.1 deraadt 1601: }
1602:
1603: /* Returns true if the current connection is interactive. */
1604:
1.2 provos 1605: int
1.73 itojun 1606: packet_is_interactive(void)
1.1 deraadt 1607: {
1.14 markus 1608: return interactive_mode;
1.12 markus 1609: }
1610:
1.113 deraadt 1611: int
1.108 markus 1612: packet_set_maxsize(u_int s)
1.12 markus 1613: {
1.14 markus 1614: static int called = 0;
1.97 deraadt 1615:
1.14 markus 1616: if (called) {
1.106 itojun 1617: logit("packet_set_maxsize: called twice: old %d new %d",
1.25 markus 1618: max_packet_size, s);
1.14 markus 1619: return -1;
1620: }
1621: if (s < 4 * 1024 || s > 1024 * 1024) {
1.106 itojun 1622: logit("packet_set_maxsize: bad size %d", s);
1.14 markus 1623: return -1;
1624: }
1.70 markus 1625: called = 1;
1.66 markus 1626: debug("packet_set_maxsize: setting to %d", s);
1.14 markus 1627: max_packet_size = s;
1628: return s;
1.53 markus 1629: }
1630:
1.71 markus 1631: /* roundup current message to pad bytes */
1632: void
1633: packet_add_padding(u_char pad)
1634: {
1635: extra_pad = pad;
1636: }
1637:
1.53 markus 1638: /*
1639: * 9.2. Ignored Data Message
1.61 markus 1640: *
1.53 markus 1641: * byte SSH_MSG_IGNORE
1642: * string data
1.61 markus 1643: *
1.53 markus 1644: * All implementations MUST understand (and ignore) this message at any
1645: * time (after receiving the protocol version). No implementation is
1646: * required to send them. This message can be used as an additional
1647: * protection measure against advanced traffic analysis techniques.
1648: */
1.54 markus 1649: void
1650: packet_send_ignore(int nbytes)
1651: {
1.115 avsm 1652: u_int32_t rnd = 0;
1.54 markus 1653: int i;
1654:
1655: packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
1.53 markus 1656: packet_put_int(nbytes);
1.75 deraadt 1657: for (i = 0; i < nbytes; i++) {
1.53 markus 1658: if (i % 4 == 0)
1.115 avsm 1659: rnd = arc4random();
1.129 deraadt 1660: packet_put_char((u_char)rnd & 0xff);
1.115 avsm 1661: rnd >>= 8;
1.53 markus 1662: }
1.105 markus 1663: }
1664:
1.113 deraadt 1665: #define MAX_PACKETS (1U<<31)
1.105 markus 1666: int
1667: packet_need_rekeying(void)
1668: {
1669: if (datafellows & SSH_BUG_NOREKEY)
1670: return 0;
1671: return
1672: (p_send.packets > MAX_PACKETS) ||
1673: (p_read.packets > MAX_PACKETS) ||
1674: (max_blocks_out && (p_send.blocks > max_blocks_out)) ||
1675: (max_blocks_in && (p_read.blocks > max_blocks_in));
1676: }
1677:
1678: void
1679: packet_set_rekey_limit(u_int32_t bytes)
1680: {
1681: rekey_limit = bytes;
1.118 markus 1682: }
1683:
1684: void
1685: packet_set_server(void)
1686: {
1687: server_side = 1;
1688: }
1689:
1690: void
1691: packet_set_authenticated(void)
1692: {
1693: after_authentication = 1;
1.1 deraadt 1694: }