dropbear: packet.c annotate

annotate packet.c @ 1715:3974f087d9c0

Disallow leading lines before the ident for server (#102) Per RFC4253 4.2 clients must be able to process other lines of data before the version string, server behavior is not defined neither with MUST/SHOULD nor with MAY. If server process up to 50 lines too - it may cause too long hanging session with invalid/evil client that consume host resources and potentially may lead to DDoS on poor embedded boxes. Let's require first line from client to be version string and fail early if it's not - matches both RFC and real OpenSSH behavior.

author	Vladislav Grishenko <themiron@users.noreply.github.com>
date	Mon, 15 Jun 2020 18:22:18 +0500
parents	3a97f14c0235
children	3b9b427925a0

rev	line source
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Dropbear - a SSH2 server
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * All rights reserved.
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 *
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * all copies or substantial portions of the Software.
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 *
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * SOFTWARE. */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 #include "includes.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #include "packet.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #include "session.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #include "dbutil.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 #include "ssh.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 #include "algo.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 #include "buffer.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 #include "kex.h"
858 220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	33 #include "dbrandom.h"
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 #include "service.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 #include "auth.h"
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 #include "channel.h"
1032 0da8ba489c23 Move generic network routines to netio.c Matt Johnston <matt@ucc.asn.au> parents: 1027 diff changeset	37 #include "netio.h"
1347 b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	38 #include "runopts.h"
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39
1276 9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1250 diff changeset	40 static int read_packet_init(void);
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	41 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	42 buffer * clear_buf, unsigned int clear_len,
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	43 unsigned char *output_mac);
1276 9169e4e7cbee fix empty C prototypes Francois Perrad <francois.perrad@gadz.org> parents: 1250 diff changeset	44 static int checkmac(void);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45
906 4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	46 /* For exact details see http://www.zlib.net/zlib_tech.html
4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	47 * 5 bytes per 16kB block, plus 6 bytes for the stream.
4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	48 * We might allocate 5 unnecessary bytes here if it's an
4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	49 * exact multiple. */
4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	50 #define ZLIB_COMPRESS_EXPANSION (((RECV_MAX_PAYLOAD_LEN/16384)+1)*5 + 6)
791 0bf76f54de6f Limit decompressed size Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	51 #define ZLIB_DECOMPRESS_INCR 1024
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 #ifndef DISABLE_ZLIB
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1276 diff changeset	53 static buffer* buf_decompress(const buffer* buf, unsigned int len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 static void buf_compress(buffer * dest, buffer * src, unsigned int len);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 #endif
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56
531 164b7c2cd5df disapproval of revision 'a101cbd046507cf723e6362a49196dbd4b924042' Matt Johnston <matt@ucc.asn.au> parents: 529 diff changeset	57 /* non-blocking function writing out a current encrypted packet */
164b7c2cd5df disapproval of revision 'a101cbd046507cf723e6362a49196dbd4b924042' Matt Johnston <matt@ucc.asn.au> parents: 529 diff changeset	58 void write_packet() {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
1024 aac0095dc3b4 work in progress for async connect Matt Johnston <matt@ucc.asn.au> parents: 990 diff changeset	60 ssize_t written;
1618 7bd7e95ad1f8 make writev #include consistent for variable declarations too Matt Johnston <matt@ucc.asn.au> parents: 1489 diff changeset	61 #if defined(HAVE_WRITEV) && (defined(IOV_MAX) \|\| defined(UIO_MAXIOV))
1072 686cd3e8e13e avoid malloc for iovec Matt Johnston <matt@ucc.asn.au> parents: 1057 diff changeset	62 /* 50 is somewhat arbitrary */
1074 10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	63 unsigned int iov_count = 50;
1072 686cd3e8e13e avoid malloc for iovec Matt Johnston <matt@ucc.asn.au> parents: 1057 diff changeset	64 struct iovec iov[50];
1079 acf444bcb115 Fix no-writev fallback Matt Johnston <matt@ucc.asn.au> parents: 1074 diff changeset	65 #else
acf444bcb115 Fix no-writev fallback Matt Johnston <matt@ucc.asn.au> parents: 1074 diff changeset	66 int len;
acf444bcb115 Fix no-writev fallback Matt Johnston <matt@ucc.asn.au> parents: 1074 diff changeset	67 buffer* writebuf;
728 f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	68 #endif
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	70 TRACE2(("enter write_packet"))
531 164b7c2cd5df disapproval of revision 'a101cbd046507cf723e6362a49196dbd4b924042' Matt Johnston <matt@ucc.asn.au> parents: 529 diff changeset	71 dropbear_assert(!isempty(&ses.writequeue));
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72
934 68723d66dec6 Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAX Matt Johnston <matt@ucc.asn.au> parents: 933 diff changeset	73 #if defined(HAVE_WRITEV) && (defined(IOV_MAX) \|\| defined(UIO_MAXIOV))
933 c919dbb39395 Limit size of the iovect passed to writev in packet.c Ronny Meeus <ronny.meeus@gmail.com> parents: 932 diff changeset	74
1072 686cd3e8e13e avoid malloc for iovec Matt Johnston <matt@ucc.asn.au> parents: 1057 diff changeset	75 packet_queue_to_iovec(&ses.writequeue, iov, &iov_count);
957 c4f138dae2fd Test for EAGAIN too Matt Johnston <matt@ucc.asn.au> parents: 939 diff changeset	76 /* This may return EAGAIN. The main loop sometimes
c4f138dae2fd Test for EAGAIN too Matt Johnston <matt@ucc.asn.au> parents: 939 diff changeset	77 calls write_packet() without bothering to test with select() since
c4f138dae2fd Test for EAGAIN too Matt Johnston <matt@ucc.asn.au> parents: 939 diff changeset	78 it's likely to be necessary */
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	79 #if DROPBEAR_FUZZ
1348 5c2899e35b63 fuzz harness Matt Johnston <matt@ucc.asn.au> parents: 1347 diff changeset	80 if (fuzz.fuzzing) {
1559 92c93b4a3646 Fix to be able to compile normal(ish) binaries with --enable-fuzz Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	81 /* pretend to write one packet at a time */
92c93b4a3646 Fix to be able to compile normal(ish) binaries with --enable-fuzz Matt Johnston <matt@ucc.asn.au> parents: 1558 diff changeset	82 /* TODO(fuzz): randomise amount written based on the fuzz input */
1347 b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	83 written = iov[0].iov_len;
b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	84 }
b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	85 else
b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	86 #endif
b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	87 {
1026 59a1146e8b9d generalise write iovec handling Matt Johnston <matt@ucc.asn.au> parents: 1025 diff changeset	88 written = writev(ses.sock_out, iov, iov_count);
728 f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	89 if (written < 0) {
957 c4f138dae2fd Test for EAGAIN too Matt Johnston <matt@ucc.asn.au> parents: 939 diff changeset	90 if (errno == EINTR \|\| errno == EAGAIN) {
1026 59a1146e8b9d generalise write iovec handling Matt Johnston <matt@ucc.asn.au> parents: 1025 diff changeset	91 TRACE2(("leave write_packet: EINTR"))
728 f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	92 return;
f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	93 } else {
932 3873b39c4de6 Print errno information in write_packet Ronny Meeus <ronny.meeus@gmail.com> parents: 928 diff changeset	94 dropbear_exit("Error writing: %s", strerror(errno));
728 f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	95 }
926 b8208506322e Use AUTH_TIMEOUT only before authdone != 1. Yousong Zhou <yszhou4tech@gmail.com> parents: 906 diff changeset	96 }
1347 b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	97 }
1026 59a1146e8b9d generalise write iovec handling Matt Johnston <matt@ucc.asn.au> parents: 1025 diff changeset	98
59a1146e8b9d generalise write iovec handling Matt Johnston <matt@ucc.asn.au> parents: 1025 diff changeset	99 packet_queue_consume(&ses.writequeue, written);
1074 10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	100 ses.writequeue_len -= written;
728 f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	101
f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	102 if (written == 0) {
f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	103 ses.remoteclosed();
f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	104 }
f27058078d61 Try using writev() for writing packets out to tcp Matt Johnston <matt@ucc.asn.au> parents: 711 diff changeset	105
934 68723d66dec6 Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAX Matt Johnston <matt@ucc.asn.au> parents: 933 diff changeset	106 #else /* No writev () */
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	107 #if DROPBEAR_FUZZ
1347 b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	108 _Static_assert(0, "No fuzzing code for no-writev writes");
b28624698130 copy over some fuzzing code from AFL branch Matt Johnston <matt@ucc.asn.au> parents: 1276 diff changeset	109 #endif
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	110 /* Get the next buffer in the queue of encrypted packets to write*/
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	111 writebuf = (buffer*)examine(&ses.writequeue);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	112
1577 399d8eb961b5 get rid of unused packet_type in encrypted write queue Matt Johnston <matt@ucc.asn.au> parents: 1559 diff changeset	113 len = writebuf->len - writebuf->pos;
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 232 diff changeset	114 dropbear_assert(len > 0);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	115 /* Try to write as much as possible */
479 e3db1f7a2e43 - Split main socket var into ses.sock_in/ses.sock_out in preparation Matt Johnston <matt@ucc.asn.au> parents: 456 diff changeset	116 written = write(ses.sock_out, buf_getptr(writebuf, len), len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	117
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	118 if (written < 0) {
957 c4f138dae2fd Test for EAGAIN too Matt Johnston <matt@ucc.asn.au> parents: 939 diff changeset	119 if (errno == EINTR \|\| errno == EAGAIN) {
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	120 TRACE2(("leave writepacket: EINTR"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	121 return;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 } else {
932 3873b39c4de6 Print errno information in write_packet Ronny Meeus <ronny.meeus@gmail.com> parents: 928 diff changeset	123 dropbear_exit("Error writing: %s", strerror(errno));
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	124 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	125 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	126
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	127 if (written == 0) {
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 27 diff changeset	128 ses.remoteclosed();
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	129 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	130
1074 10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	131 ses.writequeue_len -= written;
10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	132
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133 if (written == len) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	134 /* We've finished with the packet, free it */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135 dequeue(&ses.writequeue);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 buf_free(writebuf);
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 33 diff changeset	137 writebuf = NULL;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138 } else {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	139 /* More packet left to write, leave it in the queue for later */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	140 buf_incrpos(writebuf, written);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141 }
934 68723d66dec6 Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAX Matt Johnston <matt@ucc.asn.au> parents: 933 diff changeset	142 #endif /* writev */
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	144 TRACE2(("leave write_packet"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	145 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	146
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	147 /* Non-blocking function reading available portion of a packet into the
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	148 * ses's buffer, decrypting the length if encrypted, decrypting the
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	149 * full portion if possible */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 void read_packet() {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	152 int len;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	153 unsigned int maxlen;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	154 unsigned char blocksize;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	156 TRACE2(("enter read_packet"))
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	157 blocksize = ses.keys->recv.algo_crypt->blocksize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 if (ses.readbuf == NULL \|\| ses.readbuf->len < blocksize) {
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	160 int ret;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161 /* In the first blocksize of a packet */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 /* Read the first blocksize of the packet, so we can decrypt it and
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164 * find the length of the whole packet */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	165 ret = read_packet_init();
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	167 if (ret == DROPBEAR_FAILURE) {
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	168 /* didn't read enough to determine the length */
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	169 TRACE2(("leave read_packet: packetinit done"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	170 return;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 /* Attempt to read the remainder of the packet, note that there
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 * mightn't be any available (EAGAIN) */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 maxlen = ses.readbuf->len - ses.readbuf->pos;
711 f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	177 if (maxlen == 0) {
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	178 /* Occurs when the packet is only a single block long and has all
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	179 * been read in read_packet_init(). Usually means that MAC is disabled
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	180 */
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	181 len = 0;
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	182 } else {
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	183 len = read(ses.sock_in, buf_getptr(ses.readbuf, maxlen), maxlen);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184
711 f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	185 if (len == 0) {
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	186 ses.remoteclosed();
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	187 }
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188
711 f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	189 if (len < 0) {
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	190 if (errno == EINTR \|\| errno == EAGAIN) {
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	191 TRACE2(("leave read_packet: EINTR or EAGAIN"))
711 f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	192 return;
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	193 } else {
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	194 dropbear_exit("Error reading: %s", strerror(errno));
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	195 }
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196 }
711 f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	197
f4232b65b316 Fix "-m none" case where an entire packet fits in a block and can be Matt Johnston <matt@ucc.asn.au> parents: 623 diff changeset	198 buf_incrpos(ses.readbuf, len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	201 if ((unsigned int)len == maxlen) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202 /* The whole packet has been read */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	203 decrypt_packet();
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	204 /* The main select() loop process_packet() to
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	205 * handle the packet contents... */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	206 }
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	207 TRACE2(("leave read_packet"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	209
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210 /* Function used to read the initial portion of a packet, and determine the
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	211 * length. Only called during the first BLOCKSIZE of a packet. */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	212 /* Returns DROPBEAR_SUCCESS if the length is determined,
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	213 * DROPBEAR_FAILURE otherwise */
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	214 static int read_packet_init() {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 unsigned int maxlen;
568 005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	217 int slen;
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	218 unsigned int len, plen;
568 005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	219 unsigned int blocksize;
005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	220 unsigned int macsize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	223 blocksize = ses.keys->recv.algo_crypt->blocksize;
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	224 macsize = ses.keys->recv.algo_mac->hashsize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 if (ses.readbuf == NULL) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227 /* start of a new packet */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228 ses.readbuf = buf_new(INIT_READBUF);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 maxlen = blocksize - ses.readbuf->pos;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 /* read the rest of the packet if possible */
568 005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	234 slen = read(ses.sock_in, buf_getwriteptr(ses.readbuf, maxlen),
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235 maxlen);
568 005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	236 if (slen == 0) {
33 f789045062e6 Progressing client support Matt Johnston <matt@ucc.asn.au> parents: 27 diff changeset	237 ses.remoteclosed();
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238 }
568 005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	239 if (slen < 0) {
957 c4f138dae2fd Test for EAGAIN too Matt Johnston <matt@ucc.asn.au> parents: 939 diff changeset	240 if (errno == EINTR \|\| errno == EAGAIN) {
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	241 TRACE2(("leave read_packet_init: EINTR"))
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	242 return DROPBEAR_FAILURE;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	243 }
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 592 diff changeset	244 dropbear_exit("Error reading: %s", strerror(errno));
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	245 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246
568 005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	247 buf_incrwritepos(ses.readbuf, slen);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248
568 005530560594 Rearrange getaddrstring() etc Matt Johnston <matt@ucc.asn.au> parents: 556 diff changeset	249 if ((unsigned int)slen != maxlen) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 /* don't have enough bytes to determine length, get next time */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	251 return DROPBEAR_FAILURE;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	253
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	254 /* now we have the first block, need to get packet length, so we decrypt
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255 * the first block (only need first 4 bytes) */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 buf_setpos(ses.readbuf, 0);
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	257 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	258 if (ses.keys->recv.crypt_mode->aead_crypt) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	259 if (ses.keys->recv.crypt_mode->aead_getlength(ses.recvseq,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	260 buf_getptr(ses.readbuf, blocksize), &plen,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	261 blocksize,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	262 &ses.keys->recv.cipher_state) != CRYPT_OK) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	263 dropbear_exit("Error decrypting");
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	264 }
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	265 len = plen + 4 + macsize;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	266 } else
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	267 #endif
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	268 {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	269 if (ses.keys->recv.crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	270 buf_getwriteptr(ses.readbuf, blocksize),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	271 blocksize,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	272 &ses.keys->recv.cipher_state) != CRYPT_OK) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	273 dropbear_exit("Error decrypting");
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	274 }
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	275 plen = buf_getint(ses.readbuf) + 4;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	276 len = plen + macsize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	277 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	278
990 e3614649b1f5 Integrity error (bad packet size %u) negative length Fedor Brunner <fedor.brunner@azet.sk> parents: 957 diff changeset	279 TRACE2(("packet size is %u, block %u mac %u", len, blocksize, macsize))
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	280
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	281
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	282 /* check packet length */
448 9c61e7af0156 Rearrange the channel buffer sizes into three neat use-editable values in Matt Johnston <matt@ucc.asn.au> parents: 426 diff changeset	283 if ((len > RECV_MAX_PACKET_LEN) \|\|
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	284 (plen < blocksize) \|\|
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	285 (plen % blocksize != 0)) {
990 e3614649b1f5 Integrity error (bad packet size %u) negative length Fedor Brunner <fedor.brunner@azet.sk> parents: 957 diff changeset	286 dropbear_exit("Integrity error (bad packet size %u)", len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	287 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	288
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	289 if (len > ses.readbuf->size) {
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	290 ses.readbuf = buf_resize(ses.readbuf, len);
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	291 }
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	292 buf_setlen(ses.readbuf, len);
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	293 buf_setpos(ses.readbuf, blocksize);
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	294 return DROPBEAR_SUCCESS;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	295 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	296
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	297 /* handle the received packet */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	298 void decrypt_packet() {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	299
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	300 unsigned char blocksize;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	301 unsigned char macsize;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	302 unsigned int padlen;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	303 unsigned int len;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	304
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	305 TRACE2(("enter decrypt_packet"))
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	306 blocksize = ses.keys->recv.algo_crypt->blocksize;
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	307 macsize = ses.keys->recv.algo_mac->hashsize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	308
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	309 ses.kexstate.datarecv += ses.readbuf->len;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	310
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	311 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	312 if (ses.keys->recv.crypt_mode->aead_crypt) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	313 /* first blocksize is not decrypted yet */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	314 buf_setpos(ses.readbuf, 0);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	315
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	316 /* decrypt it in-place */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	317 len = ses.readbuf->len - macsize - ses.readbuf->pos;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	318 if (ses.keys->recv.crypt_mode->aead_crypt(ses.recvseq,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	319 buf_getptr(ses.readbuf, len + macsize),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	320 buf_getwriteptr(ses.readbuf, len),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	321 len, macsize,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	322 &ses.keys->recv.cipher_state, LTC_DECRYPT) != CRYPT_OK) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	323 dropbear_exit("Error decrypting");
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	324 }
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	325 buf_incrpos(ses.readbuf, len);
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	326 } else
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	327 #endif
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	328 {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	329 /* we've already decrypted the first blocksize in read_packet_init */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	330 buf_setpos(ses.readbuf, blocksize);
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	331
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	332 /* decrypt it in-place */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	333 len = ses.readbuf->len - macsize - ses.readbuf->pos;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	334 if (ses.keys->recv.crypt_mode->decrypt(
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	335 buf_getptr(ses.readbuf, len),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	336 buf_getwriteptr(ses.readbuf, len),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	337 len,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	338 &ses.keys->recv.cipher_state) != CRYPT_OK) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	339 dropbear_exit("Error decrypting");
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	340 }
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	341 buf_incrpos(ses.readbuf, len);
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	342
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	343 /* check the hmac */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	344 if (checkmac() != DROPBEAR_SUCCESS) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	345 dropbear_exit("Integrity error");
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	346 }
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	347 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	348
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	349 /* get padding length */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	350 buf_setpos(ses.readbuf, PACKET_PADDING_OFF);
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	351 padlen = buf_getbyte(ses.readbuf);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	352
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	353 /* payload length */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	354 /* - 4 - 1 is for LEN and PADLEN values */
556 ccdc4c6183c0 - Payload length doesn't include macsize. Matt Johnston <matt@ucc.asn.au> parents: 535 diff changeset	355 len = ses.readbuf->len - padlen - 4 - 1 - macsize;
906 4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	356 if ((len > RECV_MAX_PAYLOAD_LEN+ZLIB_COMPRESS_EXPANSION) \|\| (len < 1)) {
990 e3614649b1f5 Integrity error (bad packet size %u) negative length Fedor Brunner <fedor.brunner@azet.sk> parents: 957 diff changeset	357 dropbear_exit("Bad packet size %u", len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	359
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	360 buf_setpos(ses.readbuf, PACKET_PAYLOAD_OFF);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	362 #ifndef DISABLE_ZLIB
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 479 diff changeset	363 if (is_compress_recv()) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 /* decompress */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	365 ses.payload = buf_decompress(ses.readbuf, len);
1055 4d7b4c5526c5 A bit of a bodge to avoid memcpy if zlib is disabled Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	366 buf_setpos(ses.payload, 0);
4d7b4c5526c5 A bit of a bodge to avoid memcpy if zlib is disabled Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	367 ses.payload_beginning = 0;
4d7b4c5526c5 A bit of a bodge to avoid memcpy if zlib is disabled Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	368 buf_free(ses.readbuf);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	369 } else
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	370 #endif
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	371 {
1055 4d7b4c5526c5 A bit of a bodge to avoid memcpy if zlib is disabled Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	372 ses.payload = ses.readbuf;
4d7b4c5526c5 A bit of a bodge to avoid memcpy if zlib is disabled Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	373 ses.payload_beginning = ses.payload->pos;
4d7b4c5526c5 A bit of a bodge to avoid memcpy if zlib is disabled Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	374 buf_setlen(ses.payload, ses.payload->pos + len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 }
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	376 ses.readbuf = NULL;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	378 ses.recvseq++;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	379
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	380 TRACE2(("leave decrypt_packet"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	381 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	382
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	383 /* Checks the mac at the end of a decrypted readbuf.
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	384 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	385 static int checkmac() {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	386
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	387 unsigned char mac_bytes[MAX_MAC_LEN];
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	388 unsigned int mac_size, contents_len;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	389
752 24172f555f9c Fix MAC bug which would prevent asymmetric hashes Matt Johnston <matt@ucc.asn.au> parents: 731 diff changeset	390 mac_size = ses.keys->recv.algo_mac->hashsize;
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	391 contents_len = ses.readbuf->len - mac_size;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	392
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	393 buf_setpos(ses.readbuf, 0);
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	394 make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	396 #if DROPBEAR_FUZZ
1357 08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1348 diff changeset	397 if (fuzz.fuzzing) {
1597 8f7b6f75aa58 fix uninitialised memory in fuzzer codepath Matt Johnston <matt@ucc.asn.au> parents: 1577 diff changeset	398 /* fail 1 in 2000 times to test error path. */
8f7b6f75aa58 fix uninitialised memory in fuzzer codepath Matt Johnston <matt@ucc.asn.au> parents: 1577 diff changeset	399 unsigned int value = 0;
8f7b6f75aa58 fix uninitialised memory in fuzzer codepath Matt Johnston <matt@ucc.asn.au> parents: 1577 diff changeset	400 if (mac_size > sizeof(value)) {
8f7b6f75aa58 fix uninitialised memory in fuzzer codepath Matt Johnston <matt@ucc.asn.au> parents: 1577 diff changeset	401 memcpy(&value, mac_bytes, sizeof(value));
8f7b6f75aa58 fix uninitialised memory in fuzzer codepath Matt Johnston <matt@ucc.asn.au> parents: 1577 diff changeset	402 }
1408 27e65d3aed5f fix checkmac always failing pre-kex Matt Johnston <matt@ucc.asn.au> parents: 1357 diff changeset	403 if (value % 2000 == 99) {
1357 08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1348 diff changeset	404 return DROPBEAR_FAILURE;
08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1348 diff changeset	405 }
08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1348 diff changeset	406 return DROPBEAR_SUCCESS;
08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1348 diff changeset	407 }
08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1348 diff changeset	408 #endif
08f4fa4dc6a0 closer to working Matt Johnston <matt@ucc.asn.au> parents: 1348 diff changeset	409
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	410 /* compare the hash */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	411 buf_setpos(ses.readbuf, contents_len);
817 a625f9e135a4 Constant time memcmp for the hmac and password crypt Matt Johnston <matt@ucc.asn.au> parents: 791 diff changeset	412 if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	413 return DROPBEAR_FAILURE;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	414 } else {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	415 return DROPBEAR_SUCCESS;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	416 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	417 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	418
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419 #ifndef DISABLE_ZLIB
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	420 /* returns a pointer to a newly created buffer */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1276 diff changeset	421 static buffer* buf_decompress(const buffer* buf, unsigned int len) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	422
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	423 int result;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	424 buffer * ret;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	425 z_streamp zstream;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	426
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	427 zstream = ses.keys->recv.zstream;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	428 ret = buf_new(len);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	429
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	430 zstream->avail_in = len;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	431 zstream->next_in = buf_getptr(buf, len);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	432
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	433 /* decompress the payload, incrementally resizing the output buffer */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	434 while (1) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	435
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	436 zstream->avail_out = ret->size - ret->pos;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	437 zstream->next_out = buf_getwriteptr(ret, zstream->avail_out);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	438
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	439 result = inflate(zstream, Z_SYNC_FLUSH);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	440
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	441 buf_setlen(ret, ret->size - zstream->avail_out);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	442 buf_setpos(ret, ret->len);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	443
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	444 if (result != Z_BUF_ERROR && result != Z_OK) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	445 dropbear_exit("zlib error");
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	446 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	447
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	448 if (zstream->avail_in == 0 &&
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	449 (zstream->avail_out != 0 \|\| result == Z_BUF_ERROR)) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	450 /* we can only exit if avail_out hasn't all been used,
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	451 * and there's no remaining input */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 return ret;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	453 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	454
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	455 if (zstream->avail_out == 0) {
791 0bf76f54de6f Limit decompressed size Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	456 int new_size = 0;
0bf76f54de6f Limit decompressed size Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	457 if (ret->size >= RECV_MAX_PAYLOAD_LEN) {
906 4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	458 /* Already been increased as large as it can go,
4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	459 * yet didn't finish up the decompression */
791 0bf76f54de6f Limit decompressed size Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	460 dropbear_exit("bad packet, oversized decompressed");
0bf76f54de6f Limit decompressed size Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	461 }
0bf76f54de6f Limit decompressed size Matt Johnston <matt@ucc.asn.au> parents: 753 diff changeset	462 new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR);
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	463 ret = buf_resize(ret, new_size);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	465 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	466 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	467 #endif
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	469
452 4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	470 /* returns 1 if the packet is a valid type during kex (see 7.1 of rfc4253) */
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	471 static int packet_is_okay_kex(unsigned char type) {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	472 if (type >= SSH_MSG_USERAUTH_REQUEST) {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	473 return 0;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	474 }
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	475 if (type == SSH_MSG_SERVICE_REQUEST \|\| type == SSH_MSG_SERVICE_ACCEPT) {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	476 return 0;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	477 }
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	478 if (type == SSH_MSG_KEXINIT) {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	479 /* XXX should this die horribly if !dataallowed ?? */
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	480 return 0;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	481 }
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	482 return 1;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	483 }
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	484
452 4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	485 static void enqueue_reply_packet() {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	486 struct packetlist * new_item = NULL;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	487 new_item = m_malloc(sizeof(struct packetlist));
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	488 new_item->next = NULL;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	489
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	490 new_item->payload = buf_newcopy(ses.writepayload);
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	491 buf_setpos(ses.writepayload, 0);
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	492 buf_setlen(ses.writepayload, 0);
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	493
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	494 if (ses.reply_queue_tail) {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	495 ses.reply_queue_tail->next = new_item;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	496 } else {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	497 ses.reply_queue_head = new_item;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	498 }
456 f6c999ba31da Fix delayed packet queue handling Matt Johnston <matt@ucc.asn.au> parents: 454 diff changeset	499 ses.reply_queue_tail = new_item;
452 4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	500 }
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	501
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	502 void maybe_flush_reply_queue() {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	503 struct packetlist tmp_item = NULL, curr_item = NULL;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	504 if (!ses.dataallowed)
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	505 {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	506 TRACE(("maybe_empty_reply_queue - no data allowed"))
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	507 return;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	508 }
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	509
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	510 for (curr_item = ses.reply_queue_head; curr_item; ) {
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	511 CHECKCLEARTOWRITE();
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	512 buf_putbytes(ses.writepayload,
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	513 curr_item->payload->data, curr_item->payload->len);
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	514
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	515 buf_free(curr_item->payload);
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	516 tmp_item = curr_item;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	517 curr_item = curr_item->next;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	518 m_free(tmp_item);
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	519 encrypt_packet();
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	520 }
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	521 ses.reply_queue_head = ses.reply_queue_tail = NULL;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	522 }
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	523
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	524 /* encrypt the writepayload, putting into writebuf, ready for write_packet()
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	525 * to put on the wire */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	526 void encrypt_packet() {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	527
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	528 unsigned char padlen;
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	529 unsigned char blocksize, mac_size;
805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	530 buffer * writebuf; /* the packet which will go on the wire. This is
805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	531 encrypted in-place. */
592 afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	532 unsigned char packet_type;
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	533 unsigned int len, encrypt_buf_size;
805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	534 unsigned char mac_bytes[MAX_MAC_LEN];
939 a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	535
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	536 time_t now;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	537
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	538 TRACE2(("enter encrypt_packet()"))
592 afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	539
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	540 buf_setpos(ses.writepayload, 0);
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	541 packet_type = buf_getbyte(ses.writepayload);
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	542 buf_setpos(ses.writepayload, 0);
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	543
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	544 TRACE2(("encrypt_packet type is %d", packet_type))
452 4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	545
752 24172f555f9c Fix MAC bug which would prevent asymmetric hashes Matt Johnston <matt@ucc.asn.au> parents: 731 diff changeset	546 if ((!ses.dataallowed && !packet_is_okay_kex(packet_type))) {
452 4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	547 /* During key exchange only particular packets are allowed.
592 afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	548 Since this packet_type isn't OK we just enqueue it to send
452 4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	549 after the KEX, see maybe_flush_reply_queue */
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	550 enqueue_reply_packet();
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	551 return;
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	552 }
4cab61369879 Prevent invalid packets being sent during key-exchange, instead queue Matt Johnston <matt@ucc.asn.au> parents: 448 diff changeset	553
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	554 blocksize = ses.keys->trans.algo_crypt->blocksize;
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	555 mac_size = ses.keys->trans.algo_mac->hashsize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	556
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	557 /* Encrypted packet len is payload+5. We need to then make sure
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	558 * there is enough space for padding or MIN_PACKET_LEN.
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	559 * Add extra 3 since we need at least 4 bytes of padding */
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	560 encrypt_buf_size = (ses.writepayload->len+4+1)
53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	561 + MAX(MIN_PACKET_LEN, blocksize) + 3
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	562 /* add space for the MAC at the end */
592 afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	563 + mac_size
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	564 #ifndef DISABLE_ZLIB
605 53c21d4ec98a - Don't allow setting memLevel since that doesn't work properly Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	565 /* some extra in case 'compression' makes it larger */
906 4696755c4cac A few fixes for cases where compression increases payload sizes, and Matt Johnston <matt@ucc.asn.au> parents: 858 diff changeset	566 + ZLIB_COMPRESS_EXPANSION
592 afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	567 #endif
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	568 /* and an extra cleartext (stripped before transmission) byte for the
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	569 * packet type */
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets Matt Johnston <matt@ucc.asn.au> parents: 568 diff changeset	570 + 1;
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 479 diff changeset	571
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	572 writebuf = buf_new(encrypt_buf_size);
805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	573 buf_setlen(writebuf, PACKET_PAYLOAD_OFF);
805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	574 buf_setpos(writebuf, PACKET_PAYLOAD_OFF);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	575
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	576 #ifndef DISABLE_ZLIB
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	577 /* compression */
501 d58c478bd399 Add support for [email protected] delayed compression. Matt Johnston <matt@ucc.asn.au> parents: 479 diff changeset	578 if (is_compress_trans()) {
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	579 buf_compress(writebuf, ses.writepayload, ses.writepayload->len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	580 } else
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	581 #endif
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	582 {
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	583 memcpy(buf_getwriteptr(writebuf, ses.writepayload->len),
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	584 buf_getptr(ses.writepayload, ses.writepayload->len),
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	585 ses.writepayload->len);
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	586 buf_incrwritepos(writebuf, ses.writepayload->len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	587 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	588
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	589 /* finished with payload */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	590 buf_setpos(ses.writepayload, 0);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	591 buf_setlen(ses.writepayload, 0);
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	592
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	593 /* length of padding - packet length excluding the packetlength uint32
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	594 * field in aead mode must be a multiple of blocksize, with a minimum of
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	595 * 4 bytes of padding */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	596 len = writebuf->len;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	597 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	598 if (ses.keys->trans.crypt_mode->aead_crypt) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	599 len -= 4;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	600 }
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	601 #endif
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	602 padlen = blocksize - len % blocksize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	603 if (padlen < 4) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	604 padlen += blocksize;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	605 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	606 /* check for min packet length */
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	607 if (writebuf->len + padlen < MIN_PACKET_LEN) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	608 padlen += blocksize;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	609 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	610
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	611 buf_setpos(writebuf, 0);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	612 /* packet length excluding the packetlength uint32 */
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	613 buf_putint(writebuf, writebuf->len + padlen - 4);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	614
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	615 /* padding len */
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	616 buf_putbyte(writebuf, padlen);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	617 /* actual padding */
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	618 buf_setpos(writebuf, writebuf->len);
805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	619 buf_incrlen(writebuf, padlen);
805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	620 genrandom(buf_getptr(writebuf, padlen), padlen);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	621
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	622 #if DROPBEAR_AEAD_MODE
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	623 if (ses.keys->trans.crypt_mode->aead_crypt) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	624 /* do the actual encryption, in-place */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	625 buf_setpos(writebuf, 0);
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	626 /* encrypt it in-place*/
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	627 len = writebuf->len;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	628 buf_incrlen(writebuf, mac_size);
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	629 if (ses.keys->trans.crypt_mode->aead_crypt(ses.transseq,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	630 buf_getptr(writebuf, len),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	631 buf_getwriteptr(writebuf, len + mac_size),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	632 len, mac_size,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	633 &ses.keys->trans.cipher_state, LTC_ENCRYPT) != CRYPT_OK) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	634 dropbear_exit("Error encrypting");
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	635 }
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	636 buf_incrpos(writebuf, len + mac_size);
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	637 } else
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	638 #endif
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	639 {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	640 make_mac(ses.transseq, &ses.keys->trans, writebuf, writebuf->len, mac_bytes);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	641
1672 3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	642 /* do the actual encryption, in-place */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	643 buf_setpos(writebuf, 0);
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	644 /* encrypt it in-place*/
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	645 len = writebuf->len;
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	646 if (ses.keys->trans.crypt_mode->encrypt(
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	647 buf_getptr(writebuf, len),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	648 buf_getwriteptr(writebuf, len),
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	649 len,
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	650 &ses.keys->trans.cipher_state) != CRYPT_OK) {
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	651 dropbear_exit("Error encrypting");
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	652 }
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	653 buf_incrpos(writebuf, len);
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	654
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	655 /* stick the MAC on it */
3a97f14c0235 Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1632 diff changeset	656 buf_putbytes(writebuf, mac_bytes, mac_size);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	657 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	658
1074 10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	659 /* Update counts */
10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	660 ses.kexstate.datatrans += writebuf->len;
10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	661
1577 399d8eb961b5 get rid of unused packet_type in encrypted write queue Matt Johnston <matt@ucc.asn.au> parents: 1559 diff changeset	662 writebuf_enqueue(writebuf);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	663
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	664 /* Update counts */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	665 ses.transseq++;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	666
939 a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	667 now = monotonic_now();
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	668 ses.last_packet_time_any_sent = now;
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	669 /* idle timeout shouldn't be affected by responses to keepalives.
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	670 send_msg_keepalive() itself also does tricks with
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	671 ses.last_packet_idle_time - read that if modifying this code */
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	672 if (packet_type != SSH_MSG_REQUEST_FAILURE
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	673 && packet_type != SSH_MSG_UNIMPLEMENTED
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	674 && packet_type != SSH_MSG_IGNORE) {
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	675 ses.last_packet_time_idle = now;
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	676
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	677 }
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval Matt Johnston <matt@ucc.asn.au> parents: 934 diff changeset	678
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	679 TRACE2(("leave encrypt_packet()"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	680 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	681
1577 399d8eb961b5 get rid of unused packet_type in encrypted write queue Matt Johnston <matt@ucc.asn.au> parents: 1559 diff changeset	682 void writebuf_enqueue(buffer * writebuf) {
1074 10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	683 /* enqueue the packet for sending. It will get freed after transmission. */
10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	684 buf_setpos(writebuf, 0);
10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	685 enqueue(&ses.writequeue, (void*)writebuf);
1577 399d8eb961b5 get rid of unused packet_type in encrypted write queue Matt Johnston <matt@ucc.asn.au> parents: 1559 diff changeset	686 ses.writequeue_len += writebuf->len;
1074 10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	687 }
10f198d4a308 Make main socket nonblocking. Limit writequeue size. Matt Johnston <matt@ucc.asn.au> parents: 1072 diff changeset	688
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	689
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	690 /* Create the packet mac, and append H(seqno\|clearbuf) to the output */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	691 /* output_mac must have ses.keys->trans.algo_mac->hashsize bytes. */
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	692 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	693 buffer * clear_buf, unsigned int clear_len,
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	694 unsigned char *output_mac) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	695 unsigned char seqbuf[4];
228 5e4110bb753a - Fixed twofish algorithm naming so it actually works. Matt Johnston <matt@ucc.asn.au> parents: 194 diff changeset	696 unsigned long bufsize;
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	697 hmac_state hmac;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	698
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	699 if (key_state->algo_mac->hashsize > 0) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	700 /* calculate the mac */
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	701 if (hmac_init(&hmac,
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	702 key_state->hash_index,
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	703 key_state->mackey,
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	704 key_state->algo_mac->keysize) != CRYPT_OK) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	705 dropbear_exit("HMAC error");
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	706 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	707
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	708 /* sequence number */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	709 STORE32H(seqno, seqbuf);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	710 if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	711 dropbear_exit("HMAC error");
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	712 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	713
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	714 /* the actual contents */
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	715 buf_setpos(clear_buf, 0);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	716 if (hmac_process(&hmac,
534 0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	717 buf_getptr(clear_buf, clear_len),
0431915df79f - Get rid of decryptreadbuf, just decrypt in-place with readbuf Matt Johnston <matt@ucc.asn.au> parents: 533 diff changeset	718 clear_len) != CRYPT_OK) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	719 dropbear_exit("HMAC error");
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	720 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	721
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1079 diff changeset	722 bufsize = MAX_MAC_LEN;
533 805ae74ec024 Encrypt in-place, avoid an extra malloc Matt Johnston <matt@ucc.asn.au> parents: 532 diff changeset	723 if (hmac_done(&hmac, output_mac, &bufsize) != CRYPT_OK) {
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	724 dropbear_exit("HMAC error");
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	725 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	726 }
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	727 TRACE2(("leave writemac"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	728 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	729
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	730 #ifndef DISABLE_ZLIB
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	731 /* compresses len bytes from src, outputting to dest (starting from the
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	732 * respective current positions. dest must have sufficient space,
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	733 * len+ZLIB_COMPRESS_EXPANSION */
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	734 static void buf_compress(buffer * dest, buffer * src, unsigned int len) {
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	735
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	736 unsigned int endpos = src->pos + len;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	737 int result;
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	738
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	739 TRACE2(("enter buf_compress"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	740
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	741 dropbear_assert(dest->size - dest->pos >= len+ZLIB_COMPRESS_EXPANSION);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	742
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	743 ses.keys->trans.zstream->avail_in = endpos - src->pos;
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	744 ses.keys->trans.zstream->next_in =
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	745 buf_getptr(src, ses.keys->trans.zstream->avail_in);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	746
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	747 ses.keys->trans.zstream->avail_out = dest->size - dest->pos;
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	748 ses.keys->trans.zstream->next_out =
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	749 buf_getwriteptr(dest, ses.keys->trans.zstream->avail_out);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	750
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	751 result = deflate(ses.keys->trans.zstream, Z_SYNC_FLUSH);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	752
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	753 buf_setpos(src, endpos - ses.keys->trans.zstream->avail_in);
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	754 buf_setlen(dest, dest->size - ses.keys->trans.zstream->avail_out);
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	755 buf_setpos(dest, dest->len);
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	756
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	757 if (result != Z_OK) {
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	758 dropbear_exit("zlib error");
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	759 }
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	760
1057 16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	761 /* fails if destination buffer wasn't large enough */
16584026a1f0 allocate buffer and data in a single allocation Matt Johnston <matt@ucc.asn.au> parents: 1055 diff changeset	762 dropbear_assert(ses.keys->trans.zstream->avail_in == 0);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 728 diff changeset	763 TRACE2(("leave buf_compress"))
27 08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	764 }
08da099e8337 - Rename common-packet.c to packet.c Matt Johnston <matt@ucc.asn.au> parents: diff changeset	765 #endif

Mercurial > dropbear

annotate packet.c @ 1715:3974f087d9c0