annotate process-packet.c @ 1672:3a97f14c0235

Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) * Add Chacha20-Poly1305 authenticated encryption * Add general AEAD approach. * Add [email protected] algo using LibTomCrypt chacha and poly1305 routines. Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated AES instructions, having the same key size. Compiling in will add ~5,5kB to binary size on x86-64. function old new delta chacha_crypt - 1397 +1397 _poly1305_block - 608 +608 poly1305_done - 595 +595 dropbear_chachapoly_crypt - 457 +457 .rodata 26976 27392 +416 poly1305_process - 290 +290 poly1305_init - 221 +221 chacha_setup - 218 +218 encrypt_packet 1068 1270 +202 dropbear_chachapoly_getlength - 147 +147 decrypt_packet 756 897 +141 chacha_ivctr64 - 137 +137 read_packet 543 637 +94 dropbear_chachapoly_start - 94 +94 read_kex_algos 792 880 +88 chacha_keystream - 69 +69 dropbear_mode_chachapoly - 48 +48 sshciphers 280 320 +40 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_chachapoly_mac - 24 +24 dropbear_chachapoly - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes * Add AES128-GCM and AES256-GCM authenticated encryption * Add general AES-GCM mode. * Add [email protected] and [email protected] algo using LibTomCrypt gcm routines. AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions therefore disabled by default. Compiling in will add ~6kB to binary size on x86-64. function old new delta gcm_process - 1060 +1060 .rodata 26976 27808 +832 gcm_gf_mult - 820 +820 gcm_add_aad - 660 +660 gcm_shift_table - 512 +512 gcm_done - 471 +471 gcm_add_iv - 384 +384 gcm_init - 347 +347 dropbear_gcm_crypt - 309 +309 encrypt_packet 1068 1270 +202 decrypt_packet 756 897 +141 gcm_reset - 118 +118 read_packet 543 637 +94 read_kex_algos 792 880 +88 sshciphers 280 360 +80 gcm_mult_h - 80 +80 dropbear_gcm_start - 62 +62 dropbear_mode_gcm - 48 +48 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_ghash - 24 +24 dropbear_gcm_getlength - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Mon, 25 May 2020 20:50:25 +0500
parents aeda68938596
children 41bf8f216644
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2002-2004 Matt Johnston
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 #include "includes.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "packet.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "session.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "dbutil.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "ssh.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "algo.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "buffer.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "kex.h"
858
220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents: 778
diff changeset
33 #include "dbrandom.h"
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 #include "service.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 #include "auth.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 #include "channel.h"
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 #define MAX_UNAUTH_PACKET_TYPE SSH_MSG_USERAUTH_PK_OK
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39
1276
9169e4e7cbee fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents: 939
diff changeset
40 static void recv_unimplemented(void);
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 /* process a decrypted packet, call the appropriate handler */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 void process_packet() {
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 unsigned char type;
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 unsigned int i;
939
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
47 time_t now;
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
49 TRACE2(("enter process_packet"))
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 type = buf_getbyte(ses.payload);
751
685d05f1cc5c Just put the version string on the queue, don't use atomicio
Matt Johnston <matt@ucc.asn.au>
parents: 731
diff changeset
52 TRACE(("process_packet: packet type = %d, len %d", type, ses.payload->len))
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 27
diff changeset
54 ses.lastpacket = type;
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 27
diff changeset
55
939
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
56 now = monotonic_now();
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
57 ses.last_packet_time_keepalive_recv = now;
592
afb089e70892 Don't reset last_packet_time when we're transmitting SSH_MSG_IGNORE packets
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
58
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 /* These packets we can receive at any time */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 switch(type) {
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 case SSH_MSG_IGNORE:
454
7e43f5e473b9 - Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 426
diff changeset
63 goto out;
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 case SSH_MSG_DEBUG:
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 goto out;
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 case SSH_MSG_UNIMPLEMENTED:
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 /* debugging XXX */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 42
diff changeset
69 TRACE(("SSH_MSG_UNIMPLEMENTED"))
939
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
70 goto out;
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 case SSH_MSG_DISCONNECT:
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 /* TODO cleanup? */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 dropbear_close("Disconnect received");
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76
939
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
77 /* Ignore these packet types so that keepalives don't interfere with
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
78 idle detection. This is slightly incorrect since a tcp forwarded
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
79 global request with failure won't trigger the idle timeout,
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
80 but that's probably acceptable */
1670
aeda68938596 Add files via upload (#90)
jcmathews <jesselcmathews@yahoo.co.in>
parents: 1276
diff changeset
81 if (!(type == SSH_MSG_GLOBAL_REQUEST
aeda68938596 Add files via upload (#90)
jcmathews <jesselcmathews@yahoo.co.in>
parents: 1276
diff changeset
82 || type == SSH_MSG_REQUEST_FAILURE
aeda68938596 Add files via upload (#90)
jcmathews <jesselcmathews@yahoo.co.in>
parents: 1276
diff changeset
83 || type == SSH_MSG_CHANNEL_FAILURE)) {
939
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
84 ses.last_packet_time_idle = now;
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
85 }
a0819ecfee0b Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents: 928
diff changeset
86
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 /* This applies for KEX, where the spec says the next packet MUST be
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 * NEWKEYS */
886
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
89 if (ses.requirenext != 0) {
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
90 if (ses.requirenext == type)
885
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
91 {
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
92 /* Got what we expected */
886
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
93 TRACE(("got expected packet %d during kexinit", type))
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
94 }
885
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
95 else
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
96 {
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
97 /* RFC4253 7.1 - various messages are allowed at this point.
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
98 The only ones we know about have already been handled though,
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
99 so just return "unimplemented" */
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
100 if (type >= 1 && type <= 49
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
101 && type != SSH_MSG_SERVICE_REQUEST
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
102 && type != SSH_MSG_SERVICE_ACCEPT
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
103 && type != SSH_MSG_KEXINIT)
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
104 {
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
105 TRACE(("unknown allowed packet during kexinit"))
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
106 recv_unimplemented();
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
107 goto out;
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
108 }
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
109 else
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
110 {
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
111 TRACE(("disallowed packet during kexinit"))
886
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
112 dropbear_exit("Unexpected packet type %d, expected %d", type,
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
113 ses.requirenext);
885
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
114 }
19ce21bd198a Fix failing rekeying when we receive a still-in-flight packet
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
115 }
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
117
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 /* Check if we should ignore this packet. Used currently only for
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 * KEX code, with first_kex_packet_follows */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 if (ses.ignorenext) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 42
diff changeset
121 TRACE(("Ignoring packet, type = %d", type))
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122 ses.ignorenext = 0;
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 goto out;
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125
886
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
126 /* Only clear the flag after we have checked ignorenext */
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
127 if (ses.requirenext != 0 && ses.requirenext == type)
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
128 {
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
129 ses.requirenext = 0;
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
130 }
cbc73a5aefb0 requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents: 885
diff changeset
131
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 /* Kindly the protocol authors gave all the preauth packets type values
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
134 * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135 * NOTE: if the protocol changes and new types are added, revisit this
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
136 * assumption */
27
08da099e8337 - Rename common-packet.c to packet.c
Matt Johnston <matt@ucc.asn.au>
parents: 26
diff changeset
137 if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 592
diff changeset
138 dropbear_exit("Received message %d before userauth", type);
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 for (i = 0; ; i++) {
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142 if (ses.packettypes[i].type == 0) {
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 /* end of list */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144 break;
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147 if (ses.packettypes[i].type == type) {
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 ses.packettypes[i].handler();
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 goto out;
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
154 /* TODO do something more here? */
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 42
diff changeset
155 TRACE(("preauth unknown packet"))
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156 recv_unimplemented();
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
158 out:
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159 buf_free(ses.payload);
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
160 ses.payload = NULL;
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
162 TRACE2(("leave process_packet"))
22
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 }
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
166
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
167 /* This must be called directly after receiving the unimplemented packet.
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
168 * Isn't the most clean implementation, it relies on packet processing
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
169 * occurring directly after decryption (direct use of ses.recvseq).
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170 * This is reasonably valid, since there is only a single decryption buffer */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171 static void recv_unimplemented() {
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
173 CHECKCLEARTOWRITE();
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175 buf_putbyte(ses.writepayload, SSH_MSG_UNIMPLEMENTED);
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 /* the decryption routine increments the sequence number, we must
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 * decrement */
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 buf_putint(ses.writepayload, ses.recvseq - 1);
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 encrypt_packet();
c1e5d9195402 merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181 }