Mercurial > dropbear

comparison packet.c @ 389:5ff8218bcee9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e) to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 11 Jan 2007 03:14:55 +0000
parents c5d3ef11155f
children 695413c59b6a
comparison
equal deleted inserted replaced
388:fb54020f78e1 389:5ff8218bcee9
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "packet.h"
27 #include "session.h"
28 #include "dbutil.h"
29 #include "ssh.h"
30 #include "algo.h"
31 #include "buffer.h"
32 #include "kex.h"
33 #include "random.h"
34 #include "service.h"
35 #include "auth.h"
36 #include "channel.h"
37
38 static void read_packet_init();
39 static void writemac(buffer * outputbuffer, buffer * clearwritebuf);
40 static int checkmac(buffer* hashbuf, buffer* readbuf);
41
42 #define ZLIB_COMPRESS_INCR 20 /* this is 12 bytes + 0.1% of 8000 bytes */
43 #define ZLIB_DECOMPRESS_INCR 100
44 #ifndef DISABLE_ZLIB
45 static buffer* buf_decompress(buffer* buf, unsigned int len);
46 static void buf_compress(buffer * dest, buffer * src, unsigned int len);
47 #endif
48
49 /* non-blocking function writing out a current encrypted packet */
50 void write_packet() {
51
52 int len, written;
53 buffer * writebuf = NULL;
54
55 TRACE(("enter write_packet"))
56 dropbear_assert(!isempty(&ses.writequeue));
57
58 /* Get the next buffer in the queue of encrypted packets to write*/
59 writebuf = (buffer*)examine(&ses.writequeue);
60
61 len = writebuf->len - writebuf->pos;
62 dropbear_assert(len > 0);
63 /* Try to write as much as possible */
64 written = write(ses.sock, buf_getptr(writebuf, len), len);
65
66 if (written < 0) {
67 if (errno == EINTR) {
68 TRACE(("leave writepacket: EINTR"))
69 return;
70 } else {
71 dropbear_exit("error writing");
72 }
73 }
74
75 if (written == 0) {
76 ses.remoteclosed();
77 }
78
79 if (written == len) {
80 /* We've finished with the packet, free it */
81 dequeue(&ses.writequeue);
82 buf_free(writebuf);
83 writebuf = NULL;
84 } else {
85 /* More packet left to write, leave it in the queue for later */
86 buf_incrpos(writebuf, written);
87 }
88
89 TRACE(("leave write_packet"))
90 }
91
92 /* Non-blocking function reading available portion of a packet into the
93 * ses's buffer, decrypting the length if encrypted, decrypting the
94 * full portion if possible */
95 void read_packet() {
96
97 int len;
98 unsigned int maxlen;
99 unsigned char blocksize;
100
101 TRACE(("enter read_packet"))
102 blocksize = ses.keys->recv_algo_crypt->blocksize;
103
104 if (ses.readbuf == NULL || ses.readbuf->len < blocksize) {
105 /* In the first blocksize of a packet */
106
107 /* Read the first blocksize of the packet, so we can decrypt it and
108 * find the length of the whole packet */
109 read_packet_init();
110
111 /* If we don't have the length of decryptreadbuf, we didn't read
112 * a whole blocksize and should exit */
113 if (ses.decryptreadbuf->len == 0) {
114 TRACE(("leave read_packet: packetinit done"))
115 return;
116 }
117 }
118
119 /* Attempt to read the remainder of the packet, note that there
120 * mightn't be any available (EAGAIN) */
121 dropbear_assert(ses.readbuf != NULL);
122 maxlen = ses.readbuf->len - ses.readbuf->pos;
123 len = read(ses.sock, buf_getptr(ses.readbuf, maxlen), maxlen);
124
125 if (len == 0) {
126 ses.remoteclosed();
127 }
128
129 if (len < 0) {
130 if (errno == EINTR || errno == EAGAIN) {
131 TRACE(("leave read_packet: EINTR or EAGAIN"))
132 return;
133 } else {
134 dropbear_exit("error reading: %s", strerror(errno));
135 }
136 }
137
138 buf_incrpos(ses.readbuf, len);
139
140 if ((unsigned int)len == maxlen) {
141 /* The whole packet has been read */
142 decrypt_packet();
143 /* The main select() loop process_packet() to
144 * handle the packet contents... */
145 }
146 TRACE(("leave read_packet"))
147 }
148
149 /* Function used to read the initial portion of a packet, and determine the
150 * length. Only called during the first BLOCKSIZE of a packet. */
151 static void read_packet_init() {
152
153 unsigned int maxlen;
154 int len;
155 unsigned char blocksize;
156 unsigned char macsize;
157
158
159 blocksize = ses.keys->recv_algo_crypt->blocksize;
160 macsize = ses.keys->recv_algo_mac->hashsize;
161
162 if (ses.readbuf == NULL) {
163 /* start of a new packet */
164 ses.readbuf = buf_new(INIT_READBUF);
165 dropbear_assert(ses.decryptreadbuf == NULL);
166 ses.decryptreadbuf = buf_new(blocksize);
167 }
168
169 maxlen = blocksize - ses.readbuf->pos;
170
171 /* read the rest of the packet if possible */
172 len = read(ses.sock, buf_getwriteptr(ses.readbuf, maxlen),
173 maxlen);
174 if (len == 0) {
175 ses.remoteclosed();
176 }
177 if (len < 0) {
178 if (errno == EINTR) {
179 TRACE(("leave read_packet_init: EINTR"))
180 return;
181 }
182 dropbear_exit("error reading: %s", strerror(errno));
183 }
184
185 buf_incrwritepos(ses.readbuf, len);
186
187 if ((unsigned int)len != maxlen) {
188 /* don't have enough bytes to determine length, get next time */
189 return;
190 }
191
192 /* now we have the first block, need to get packet length, so we decrypt
193 * the first block (only need first 4 bytes) */
194 buf_setpos(ses.readbuf, 0);
195 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
196 /* copy it */
197 memcpy(buf_getwriteptr(ses.decryptreadbuf, blocksize),
198 buf_getptr(ses.readbuf, blocksize),
199 blocksize);
200 } else {
201 /* decrypt it */
202 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
203 buf_getwriteptr(ses.decryptreadbuf,blocksize),
204 blocksize,
205 &ses.keys->recv_symmetric_struct) != CRYPT_OK) {
206 dropbear_exit("error decrypting");
207 }
208 }
209 buf_setlen(ses.decryptreadbuf, blocksize);
210 len = buf_getint(ses.decryptreadbuf) + 4 + macsize;
211
212 buf_setpos(ses.readbuf, blocksize);
213
214 /* check packet length */
215 if ((len > MAX_PACKET_LEN) ||
216 (len < MIN_PACKET_LEN + macsize) ||
217 ((len - macsize) % blocksize != 0)) {
218 dropbear_exit("bad packet size %d", len);
219 }
220
221 buf_resize(ses.readbuf, len);
222 buf_setlen(ses.readbuf, len);
223
224 }
225
226 /* handle the received packet */
227 void decrypt_packet() {
228
229 unsigned char blocksize;
230 unsigned char macsize;
231 unsigned int padlen;
232 unsigned int len;
233
234 TRACE(("enter decrypt_packet"))
235 blocksize = ses.keys->recv_algo_crypt->blocksize;
236 macsize = ses.keys->recv_algo_mac->hashsize;
237
238 ses.kexstate.datarecv += ses.readbuf->len;
239
240 /* we've already decrypted the first blocksize in read_packet_init */
241 buf_setpos(ses.readbuf, blocksize);
242
243 buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize);
244 buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size);
245 buf_setpos(ses.decryptreadbuf, blocksize);
246
247 /* decrypt if encryption is set, memcpy otherwise */
248 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
249 /* copy it */
250 len = ses.readbuf->len - macsize - blocksize;
251 memcpy(buf_getwriteptr(ses.decryptreadbuf, len),
252 buf_getptr(ses.readbuf, len), len);
253 } else {
254 /* decrypt */
255 while (ses.readbuf->pos < ses.readbuf->len - macsize) {
256 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
257 buf_getwriteptr(ses.decryptreadbuf, blocksize),
258 blocksize,
259 &ses.keys->recv_symmetric_struct) != CRYPT_OK) {
260 dropbear_exit("error decrypting");
261 }
262 buf_incrpos(ses.readbuf, blocksize);
263 buf_incrwritepos(ses.decryptreadbuf, blocksize);
264 }
265 }
266
267 /* check the hmac */
268 buf_setpos(ses.readbuf, ses.readbuf->len - macsize);
269 if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) {
270 dropbear_exit("Integrity error");
271 }
272
273 /* readbuf no longer required */
274 buf_free(ses.readbuf);
275 ses.readbuf = NULL;
276
277 /* get padding length */
278 buf_setpos(ses.decryptreadbuf, PACKET_PADDING_OFF);
279 padlen = buf_getbyte(ses.decryptreadbuf);
280
281 /* payload length */
282 /* - 4 - 1 is for LEN and PADLEN values */
283 len = ses.decryptreadbuf->len - padlen - 4 - 1;
284 if ((len > MAX_PAYLOAD_LEN) || (len < 1)) {
285 dropbear_exit("bad packet size");
286 }
287
288 buf_setpos(ses.decryptreadbuf, PACKET_PAYLOAD_OFF);
289
290 #ifndef DISABLE_ZLIB
291 if (ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB) {
292 /* decompress */
293 ses.payload = buf_decompress(ses.decryptreadbuf, len);
294
295 } else
296 #endif
297 {
298 /* copy payload */
299 ses.payload = buf_new(len);
300 memcpy(ses.payload->data, buf_getptr(ses.decryptreadbuf, len), len);
301 buf_incrlen(ses.payload, len);
302 }
303
304 buf_free(ses.decryptreadbuf);
305 ses.decryptreadbuf = NULL;
306 buf_setpos(ses.payload, 0);
307
308 ses.recvseq++;
309
310 TRACE(("leave decrypt_packet"))
311 }
312
313 /* Checks the mac in hashbuf, for the data in readbuf.
314 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
315 static int checkmac(buffer* macbuf, buffer* sourcebuf) {
316
317 unsigned int macsize;
318 hmac_state hmac;
319 unsigned char tempbuf[MAX_MAC_LEN];
320 unsigned long bufsize;
321 unsigned int len;
322
323 macsize = ses.keys->recv_algo_mac->hashsize;
324 if (macsize == 0) {
325 return DROPBEAR_SUCCESS;
326 }
327
328 /* calculate the mac */
329 if (hmac_init(&hmac,
330 find_hash(ses.keys->recv_algo_mac->hashdesc->name),
331 ses.keys->recvmackey,
332 ses.keys->recv_algo_mac->keysize)
333 != CRYPT_OK) {
334 dropbear_exit("HMAC error");
335 }
336
337 /* sequence number */
338 STORE32H(ses.recvseq, tempbuf);
339 if (hmac_process(&hmac, tempbuf, 4) != CRYPT_OK) {
340 dropbear_exit("HMAC error");
341 }
342
343 buf_setpos(sourcebuf, 0);
344 len = sourcebuf->len;
345 if (hmac_process(&hmac, buf_getptr(sourcebuf, len), len) != CRYPT_OK) {
346 dropbear_exit("HMAC error");
347 }
348
349 bufsize = sizeof(tempbuf);
350 if (hmac_done(&hmac, tempbuf, &bufsize) != CRYPT_OK) {
351 dropbear_exit("HMAC error");
352 }
353
354 /* compare the hash */
355 if (memcmp(tempbuf, buf_getptr(macbuf, macsize), macsize) != 0) {
356 return DROPBEAR_FAILURE;
357 } else {
358 return DROPBEAR_SUCCESS;
359 }
360 }
361
362 #ifndef DISABLE_ZLIB
363 /* returns a pointer to a newly created buffer */
364 static buffer* buf_decompress(buffer* buf, unsigned int len) {
365
366 int result;
367 buffer * ret;
368 z_streamp zstream;
369
370 zstream = ses.keys->recv_zstream;
371 ret = buf_new(len);
372
373 zstream->avail_in = len;
374 zstream->next_in = buf_getptr(buf, len);
375
376 /* decompress the payload, incrementally resizing the output buffer */
377 while (1) {
378
379 zstream->avail_out = ret->size - ret->pos;
380 zstream->next_out = buf_getwriteptr(ret, zstream->avail_out);
381
382 result = inflate(zstream, Z_SYNC_FLUSH);
383
384 buf_setlen(ret, ret->size - zstream->avail_out);
385 buf_setpos(ret, ret->len);
386
387 if (result != Z_BUF_ERROR && result != Z_OK) {
388 dropbear_exit("zlib error");
389 }
390
391 if (zstream->avail_in == 0 &&
392 (zstream->avail_out != 0 || result == Z_BUF_ERROR)) {
393 /* we can only exit if avail_out hasn't all been used,
394 * and there's no remaining input */
395 return ret;
396 }
397
398 if (zstream->avail_out == 0) {
399 buf_resize(ret, ret->size + ZLIB_DECOMPRESS_INCR);
400 }
401 }
402 }
403 #endif
404
405
406
407
408 /* encrypt the writepayload, putting into writebuf, ready for write_packet()
409 * to put on the wire */
410 void encrypt_packet() {
411
412 unsigned char padlen;
413 unsigned char blocksize, macsize;
414 buffer * writebuf; /* the packet which will go on the wire */
415 buffer * clearwritebuf; /* unencrypted, possibly compressed */
416
417 TRACE(("enter encrypt_packet()"))
418 TRACE(("encrypt_packet type is %d", ses.writepayload->data[0]))
419 blocksize = ses.keys->trans_algo_crypt->blocksize;
420 macsize = ses.keys->trans_algo_mac->hashsize;
421
422 /* Encrypted packet len is payload+5, then worst case is if we are 3 away
423 * from a blocksize multiple. In which case we need to pad to the
424 * multiple, then add another blocksize (or MIN_PACKET_LEN) */
425 clearwritebuf = buf_new((ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3
426 #ifndef DISABLE_ZLIB
427 + ZLIB_COMPRESS_INCR /* bit of a kludge, but we can't know len*/
428 #endif
429 );
430 buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF);
431 buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF);
432
433 buf_setpos(ses.writepayload, 0);
434
435 #ifndef DISABLE_ZLIB
436 /* compression */
437 if (ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB) {
438 buf_compress(clearwritebuf, ses.writepayload, ses.writepayload->len);
439 } else
440 #endif
441 {
442 memcpy(buf_getwriteptr(clearwritebuf, ses.writepayload->len),
443 buf_getptr(ses.writepayload, ses.writepayload->len),
444 ses.writepayload->len);
445 buf_incrwritepos(clearwritebuf, ses.writepayload->len);
446 }
447
448 /* finished with payload */
449 buf_burn(ses.writepayload); /* XXX This is probably a good idea, and isn't
450 _that_ likely to hurt performance too badly.
451 Buffers can have cleartext passwords etc, or
452 other sensitive data */
453 buf_setpos(ses.writepayload, 0);
454 buf_setlen(ses.writepayload, 0);
455
456 /* length of padding - packet length must be a multiple of blocksize,
457 * with a minimum of 4 bytes of padding */
458 padlen = blocksize - (clearwritebuf->len) % blocksize;
459 if (padlen < 4) {
460 padlen += blocksize;
461 }
462 /* check for min packet length */
463 if (clearwritebuf->len + padlen < MIN_PACKET_LEN) {
464 padlen += blocksize;
465 }
466
467 buf_setpos(clearwritebuf, 0);
468 /* packet length excluding the packetlength uint32 */
469 buf_putint(clearwritebuf, clearwritebuf->len + padlen - 4);
470
471 /* padding len */
472 buf_putbyte(clearwritebuf, padlen);
473 /* actual padding */
474 buf_setpos(clearwritebuf, clearwritebuf->len);
475 buf_incrlen(clearwritebuf, padlen);
476 genrandom(buf_getptr(clearwritebuf, padlen), padlen);
477
478 /* do the actual encryption */
479 buf_setpos(clearwritebuf, 0);
480 /* create a new writebuffer, this is freed when it has been put on the
481 * wire by writepacket() */
482 writebuf = buf_new(clearwritebuf->len + macsize);
483
484 if (ses.keys->trans_algo_crypt->cipherdesc == NULL) {
485 /* copy it */
486 memcpy(buf_getwriteptr(writebuf, clearwritebuf->len),
487 buf_getptr(clearwritebuf, clearwritebuf->len),
488 clearwritebuf->len);
489 buf_incrwritepos(writebuf, clearwritebuf->len);
490 } else {
491 /* encrypt it */
492 while (clearwritebuf->pos < clearwritebuf->len) {
493 if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize),
494 buf_getwriteptr(writebuf, blocksize),
495 blocksize,
496 &ses.keys->trans_symmetric_struct) != CRYPT_OK) {
497 dropbear_exit("error encrypting");
498 }
499 buf_incrpos(clearwritebuf, blocksize);
500 buf_incrwritepos(writebuf, blocksize);
501 }
502 }
503
504 /* now add a hmac and we're done */
505 writemac(writebuf, clearwritebuf);
506
507 /* clearwritebuf is finished with */
508 buf_free(clearwritebuf);
509 clearwritebuf = NULL;
510
511 /* enqueue the packet for sending */
512 buf_setpos(writebuf, 0);
513 enqueue(&ses.writequeue, (void*)writebuf);
514
515 /* Update counts */
516 ses.kexstate.datatrans += writebuf->len;
517 ses.transseq++;
518
519 TRACE(("leave encrypt_packet()"))
520 }
521
522
523 /* Create the packet mac, and append H(seqno|clearbuf) to the output */
524 static void writemac(buffer * outputbuffer, buffer * clearwritebuf) {
525
526 unsigned int macsize;
527 unsigned char seqbuf[4];
528 unsigned char tempbuf[MAX_MAC_LEN];
529 unsigned long bufsize;
530 hmac_state hmac;
531
532 TRACE(("enter writemac"))
533
534 macsize = ses.keys->trans_algo_mac->hashsize;
535 if (macsize > 0) {
536 /* calculate the mac */
537 if (hmac_init(&hmac,
538 find_hash(ses.keys->trans_algo_mac->hashdesc->name),
539 ses.keys->transmackey,
540 ses.keys->trans_algo_mac->keysize) != CRYPT_OK) {
541 dropbear_exit("HMAC error");
542 }
543
544 /* sequence number */
545 STORE32H(ses.transseq, seqbuf);
546 if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) {
547 dropbear_exit("HMAC error");
548 }
549
550 /* the actual contents */
551 buf_setpos(clearwritebuf, 0);
552 if (hmac_process(&hmac,
553 buf_getptr(clearwritebuf,
554 clearwritebuf->len),
555 clearwritebuf->len) != CRYPT_OK) {
556 dropbear_exit("HMAC error");
557 }
558
559 bufsize = sizeof(tempbuf);
560 if (hmac_done(&hmac, tempbuf, &bufsize)
561 != CRYPT_OK) {
562 dropbear_exit("HMAC error");
563 }
564 buf_putbytes(outputbuffer, tempbuf, macsize);
565 }
566 TRACE(("leave writemac"))
567 }
568
569 #ifndef DISABLE_ZLIB
570 /* compresses len bytes from src, outputting to dest (starting from the
571 * respective current positions. */
572 static void buf_compress(buffer * dest, buffer * src, unsigned int len) {
573
574 unsigned int endpos = src->pos + len;
575 int result;
576
577 TRACE(("enter buf_compress"))
578
579 while (1) {
580
581 ses.keys->trans_zstream->avail_in = endpos - src->pos;
582 ses.keys->trans_zstream->next_in =
583 buf_getptr(src, ses.keys->trans_zstream->avail_in);
584
585 ses.keys->trans_zstream->avail_out = dest->size - dest->pos;
586 ses.keys->trans_zstream->next_out =
587 buf_getwriteptr(dest, ses.keys->trans_zstream->avail_out);
588
589 result = deflate(ses.keys->trans_zstream, Z_SYNC_FLUSH);
590
591 buf_setpos(src, endpos - ses.keys->trans_zstream->avail_in);
592 buf_setlen(dest, dest->size - ses.keys->trans_zstream->avail_out);
593 buf_setpos(dest, dest->len);
594
595 if (result != Z_OK) {
596 dropbear_exit("zlib error");
597 }
598
599 if (ses.keys->trans_zstream->avail_in == 0) {
600 break;
601 }
602
603 dropbear_assert(ses.keys->trans_zstream->avail_out == 0);
604
605 /* the buffer has been filled, we must extend. This only happens in
606 * unusual circumstances where the data grows in size after deflate(),
607 * but it is possible */
608 buf_resize(dest, dest->size + ZLIB_COMPRESS_INCR);
609
610 }
611 TRACE(("leave buf_compress"))
612 }
613 #endif