Mercurial > dropbear
annotate process-packet.c @ 1672:3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
* Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add [email protected] algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
function old new delta
chacha_crypt - 1397 +1397
_poly1305_block - 608 +608
poly1305_done - 595 +595
dropbear_chachapoly_crypt - 457 +457
.rodata 26976 27392 +416
poly1305_process - 290 +290
poly1305_init - 221 +221
chacha_setup - 218 +218
encrypt_packet 1068 1270 +202
dropbear_chachapoly_getlength - 147 +147
decrypt_packet 756 897 +141
chacha_ivctr64 - 137 +137
read_packet 543 637 +94
dropbear_chachapoly_start - 94 +94
read_kex_algos 792 880 +88
chacha_keystream - 69 +69
dropbear_mode_chachapoly - 48 +48
sshciphers 280 320 +40
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_chachapoly_mac - 24 +24
dropbear_chachapoly - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes
* Add AES128-GCM and AES256-GCM authenticated encryption
* Add general AES-GCM mode.
* Add [email protected] and [email protected] algo using
LibTomCrypt gcm routines.
AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.
function old new delta
gcm_process - 1060 +1060
.rodata 26976 27808 +832
gcm_gf_mult - 820 +820
gcm_add_aad - 660 +660
gcm_shift_table - 512 +512
gcm_done - 471 +471
gcm_add_iv - 384 +384
gcm_init - 347 +347
dropbear_gcm_crypt - 309 +309
encrypt_packet 1068 1270 +202
decrypt_packet 756 897 +141
gcm_reset - 118 +118
read_packet 543 637 +94
read_kex_algos 792 880 +88
sshciphers 280 360 +80
gcm_mult_h - 80 +80
dropbear_gcm_start - 62 +62
dropbear_mode_gcm - 48 +48
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_ghash - 24 +24
dropbear_gcm_getlength - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Mon, 25 May 2020 20:50:25 +0500 |
parents | aeda68938596 |
children | 41bf8f216644 |
rev | line source |
---|---|
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002-2004 Matt Johnston |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "packet.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "session.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "dbutil.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "ssh.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "algo.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "buffer.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "kex.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
778
diff
changeset
|
33 #include "dbrandom.h" |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "service.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "auth.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 #include "channel.h" |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 #define MAX_UNAUTH_PACKET_TYPE SSH_MSG_USERAUTH_PK_OK |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
939
diff
changeset
|
40 static void recv_unimplemented(void); |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 /* process a decrypted packet, call the appropriate handler */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 void process_packet() { |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 unsigned char type; |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 unsigned int i; |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
47 time_t now; |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
49 TRACE2(("enter process_packet")) |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 type = buf_getbyte(ses.payload); |
751
685d05f1cc5c
Just put the version string on the queue, don't use atomicio
Matt Johnston <matt@ucc.asn.au>
parents:
731
diff
changeset
|
52 TRACE(("process_packet: packet type = %d, len %d", type, ses.payload->len)) |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
27
diff
changeset
|
54 ses.lastpacket = type; |
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
27
diff
changeset
|
55 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
56 now = monotonic_now(); |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
57 ses.last_packet_time_keepalive_recv = now; |
592
afb089e70892
Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
58 |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 /* These packets we can receive at any time */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 switch(type) { |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 case SSH_MSG_IGNORE: |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
426
diff
changeset
|
63 goto out; |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 case SSH_MSG_DEBUG: |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 goto out; |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 case SSH_MSG_UNIMPLEMENTED: |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 /* debugging XXX */ |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
42
diff
changeset
|
69 TRACE(("SSH_MSG_UNIMPLEMENTED")) |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
70 goto out; |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 case SSH_MSG_DISCONNECT: |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 /* TODO cleanup? */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 dropbear_close("Disconnect received"); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
77 /* Ignore these packet types so that keepalives don't interfere with |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
78 idle detection. This is slightly incorrect since a tcp forwarded |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
79 global request with failure won't trigger the idle timeout, |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
80 but that's probably acceptable */ |
1670
aeda68938596
Add files via upload (#90)
jcmathews <jesselcmathews@yahoo.co.in>
parents:
1276
diff
changeset
|
81 if (!(type == SSH_MSG_GLOBAL_REQUEST |
aeda68938596
Add files via upload (#90)
jcmathews <jesselcmathews@yahoo.co.in>
parents:
1276
diff
changeset
|
82 || type == SSH_MSG_REQUEST_FAILURE |
aeda68938596
Add files via upload (#90)
jcmathews <jesselcmathews@yahoo.co.in>
parents:
1276
diff
changeset
|
83 || type == SSH_MSG_CHANNEL_FAILURE)) { |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
84 ses.last_packet_time_idle = now; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
85 } |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
86 |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 /* This applies for KEX, where the spec says the next packet MUST be |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 * NEWKEYS */ |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
89 if (ses.requirenext != 0) { |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
90 if (ses.requirenext == type) |
885
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
91 { |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 /* Got what we expected */ |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
93 TRACE(("got expected packet %d during kexinit", type)) |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 } |
885
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
95 else |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
96 { |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
97 /* RFC4253 7.1 - various messages are allowed at this point. |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
98 The only ones we know about have already been handled though, |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
99 so just return "unimplemented" */ |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
100 if (type >= 1 && type <= 49 |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
101 && type != SSH_MSG_SERVICE_REQUEST |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
102 && type != SSH_MSG_SERVICE_ACCEPT |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
103 && type != SSH_MSG_KEXINIT) |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
104 { |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
105 TRACE(("unknown allowed packet during kexinit")) |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
106 recv_unimplemented(); |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
107 goto out; |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
108 } |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
109 else |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
110 { |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
111 TRACE(("disallowed packet during kexinit")) |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
112 dropbear_exit("Unexpected packet type %d, expected %d", type, |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
113 ses.requirenext); |
885
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
114 } |
19ce21bd198a
Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents:
858
diff
changeset
|
115 } |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 /* Check if we should ignore this packet. Used currently only for |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 * KEX code, with first_kex_packet_follows */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 if (ses.ignorenext) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
42
diff
changeset
|
121 TRACE(("Ignoring packet, type = %d", type)) |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 ses.ignorenext = 0; |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 goto out; |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
126 /* Only clear the flag after we have checked ignorenext */ |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
127 if (ses.requirenext != 0 && ses.requirenext == type) |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
128 { |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
129 ses.requirenext = 0; |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
130 } |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
885
diff
changeset
|
131 |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 /* Kindly the protocol authors gave all the preauth packets type values |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ). |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 * NOTE: if the protocol changes and new types are added, revisit this |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 * assumption */ |
27
08da099e8337
- Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents:
26
diff
changeset
|
137 if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
592
diff
changeset
|
138 dropbear_exit("Received message %d before userauth", type); |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 for (i = 0; ; i++) { |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 if (ses.packettypes[i].type == 0) { |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 /* end of list */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 break; |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 if (ses.packettypes[i].type == type) { |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 ses.packettypes[i].handler(); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 goto out; |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 /* TODO do something more here? */ |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
42
diff
changeset
|
155 TRACE(("preauth unknown packet")) |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 recv_unimplemented(); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 out: |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 buf_free(ses.payload); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 ses.payload = NULL; |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
162 TRACE2(("leave process_packet")) |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 } |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 /* This must be called directly after receiving the unimplemented packet. |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 * Isn't the most clean implementation, it relies on packet processing |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 * occurring directly after decryption (direct use of ses.recvseq). |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 * This is reasonably valid, since there is only a single decryption buffer */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 static void recv_unimplemented() { |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 CHECKCLEARTOWRITE(); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 buf_putbyte(ses.writepayload, SSH_MSG_UNIMPLEMENTED); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 /* the decryption routine increments the sequence number, we must |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
177 * decrement */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 buf_putint(ses.writepayload, ses.recvseq - 1); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 encrypt_packet(); |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 } |