Mercurial > dropbear

comparison packet.c @ 731:9a5438271556

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Move the more verbose TRACE() statements into TRACE2()
author Matt Johnston <matt@ucc.asn.au>
date Mon, 01 Apr 2013 00:07:26 +0800
parents f27058078d61
children 24172f555f9c
comparison
equal deleted inserted replaced
730:714b9106e335 731:9a5438271556
60 struct iovec *iov = NULL; 60 struct iovec *iov = NULL;
61 int i; 61 int i;
62 struct Link *l; 62 struct Link *l;
63 #endif 63 #endif
64 64
65 TRACE(("enter write_packet")) 65 TRACE2(("enter write_packet"))
66 dropbear_assert(!isempty(&ses.writequeue)); 66 dropbear_assert(!isempty(&ses.writequeue));
67 67
68 #ifdef HAVE_WRITEV 68 #ifdef HAVE_WRITEV
69 iov = m_malloc(sizeof(*iov) * ses.writequeue.count); 69 iov = m_malloc(sizeof(*iov) * ses.writequeue.count);
70 for (l = ses.writequeue.head, i = 0; l; l = l->link, i++) 70 for (l = ses.writequeue.head, i = 0; l; l = l->link, i++)
79 } 79 }
80 written = writev(ses.sock_out, iov, ses.writequeue.count); 80 written = writev(ses.sock_out, iov, ses.writequeue.count);
81 if (written < 0) { 81 if (written < 0) {
82 if (errno == EINTR) { 82 if (errno == EINTR) {
83 m_free(iov); 83 m_free(iov);
84 TRACE(("leave writepacket: EINTR")) 84 TRACE2(("leave writepacket: EINTR"))
85 return; 85 return;
86 } else { 86 } else {
87 dropbear_exit("Error writing"); 87 dropbear_exit("Error writing");
88 } 88 }
89 } 89 }
120 /* Try to write as much as possible */ 120 /* Try to write as much as possible */
121 written = write(ses.sock_out, buf_getptr(writebuf, len), len); 121 written = write(ses.sock_out, buf_getptr(writebuf, len), len);
122 122
123 if (written < 0) { 123 if (written < 0) {
124 if (errno == EINTR) { 124 if (errno == EINTR) {
125 TRACE(("leave writepacket: EINTR")) 125 TRACE2(("leave writepacket: EINTR"))
126 return; 126 return;
127 } else { 127 } else {
128 dropbear_exit("Error writing"); 128 dropbear_exit("Error writing");
129 } 129 }
130 } 130 }
150 150
151 if (!all_ignore) { 151 if (!all_ignore) {
152 ses.last_packet_time = now; 152 ses.last_packet_time = now;
153 } 153 }
154 154
155 TRACE(("leave write_packet")) 155 TRACE2(("leave write_packet"))
156 } 156 }
157 157
158 /* Non-blocking function reading available portion of a packet into the 158 /* Non-blocking function reading available portion of a packet into the
159 * ses's buffer, decrypting the length if encrypted, decrypting the 159 * ses's buffer, decrypting the length if encrypted, decrypting the
160 * full portion if possible */ 160 * full portion if possible */
162 162
163 int len; 163 int len;
164 unsigned int maxlen; 164 unsigned int maxlen;
165 unsigned char blocksize; 165 unsigned char blocksize;
166 166
167 TRACE(("enter read_packet")) 167 TRACE2(("enter read_packet"))
168 blocksize = ses.keys->recv.algo_crypt->blocksize; 168 blocksize = ses.keys->recv.algo_crypt->blocksize;
169 169
170 if (ses.readbuf == NULL || ses.readbuf->len < blocksize) { 170 if (ses.readbuf == NULL || ses.readbuf->len < blocksize) {
171 int ret; 171 int ret;
172 /* In the first blocksize of a packet */ 172 /* In the first blocksize of a packet */
175 * find the length of the whole packet */ 175 * find the length of the whole packet */
176 ret = read_packet_init(); 176 ret = read_packet_init();
177 177
178 if (ret == DROPBEAR_FAILURE) { 178 if (ret == DROPBEAR_FAILURE) {
179 /* didn't read enough to determine the length */ 179 /* didn't read enough to determine the length */
180 TRACE(("leave read_packet: packetinit done")) 180 TRACE2(("leave read_packet: packetinit done"))
181 return; 181 return;
182 } 182 }
183 } 183 }
184 184
185 /* Attempt to read the remainder of the packet, note that there 185 /* Attempt to read the remainder of the packet, note that there
197 ses.remoteclosed(); 197 ses.remoteclosed();
198 } 198 }
199 199
200 if (len < 0) { 200 if (len < 0) {
201 if (errno == EINTR || errno == EAGAIN) { 201 if (errno == EINTR || errno == EAGAIN) {
202 TRACE(("leave read_packet: EINTR or EAGAIN")) 202 TRACE2(("leave read_packet: EINTR or EAGAIN"))
203 return; 203 return;
204 } else { 204 } else {
205 dropbear_exit("Error reading: %s", strerror(errno)); 205 dropbear_exit("Error reading: %s", strerror(errno));
206 } 206 }
207 } 207 }
213 /* The whole packet has been read */ 213 /* The whole packet has been read */
214 decrypt_packet(); 214 decrypt_packet();
215 /* The main select() loop process_packet() to 215 /* The main select() loop process_packet() to
216 * handle the packet contents... */ 216 * handle the packet contents... */
217 } 217 }
218 TRACE(("leave read_packet")) 218 TRACE2(("leave read_packet"))
219 } 219 }
220 220
221 /* Function used to read the initial portion of a packet, and determine the 221 /* Function used to read the initial portion of a packet, and determine the
222 * length. Only called during the first BLOCKSIZE of a packet. */ 222 * length. Only called during the first BLOCKSIZE of a packet. */
223 /* Returns DROPBEAR_SUCCESS if the length is determined, 223 /* Returns DROPBEAR_SUCCESS if the length is determined,
247 if (slen == 0) { 247 if (slen == 0) {
248 ses.remoteclosed(); 248 ses.remoteclosed();
249 } 249 }
250 if (slen < 0) { 250 if (slen < 0) {
251 if (errno == EINTR) { 251 if (errno == EINTR) {
252 TRACE(("leave read_packet_init: EINTR")) 252 TRACE2(("leave read_packet_init: EINTR"))
253 return DROPBEAR_FAILURE; 253 return DROPBEAR_FAILURE;
254 } 254 }
255 dropbear_exit("Error reading: %s", strerror(errno)); 255 dropbear_exit("Error reading: %s", strerror(errno));
256 } 256 }
257 257
271 &ses.keys->recv.cipher_state) != CRYPT_OK) { 271 &ses.keys->recv.cipher_state) != CRYPT_OK) {
272 dropbear_exit("Error decrypting"); 272 dropbear_exit("Error decrypting");
273 } 273 }
274 len = buf_getint(ses.readbuf) + 4 + macsize; 274 len = buf_getint(ses.readbuf) + 4 + macsize;
275 275
276 TRACE(("packet size is %d, block %d mac %d", len, blocksize, macsize)) 276 TRACE2(("packet size is %d, block %d mac %d", len, blocksize, macsize))
277 277
278 278
279 /* check packet length */ 279 /* check packet length */
280 if ((len > RECV_MAX_PACKET_LEN) || 280 if ((len > RECV_MAX_PACKET_LEN) ||
281 (len < MIN_PACKET_LEN + macsize) || 281 (len < MIN_PACKET_LEN + macsize) ||
297 unsigned char blocksize; 297 unsigned char blocksize;
298 unsigned char macsize; 298 unsigned char macsize;
299 unsigned int padlen; 299 unsigned int padlen;
300 unsigned int len; 300 unsigned int len;
301 301
302 TRACE(("enter decrypt_packet")) 302 TRACE2(("enter decrypt_packet"))
303 blocksize = ses.keys->recv.algo_crypt->blocksize; 303 blocksize = ses.keys->recv.algo_crypt->blocksize;
304 macsize = ses.keys->recv.algo_mac->hashsize; 304 macsize = ses.keys->recv.algo_mac->hashsize;
305 305
306 ses.kexstate.datarecv += ses.readbuf->len; 306 ses.kexstate.datarecv += ses.readbuf->len;
307 307
354 ses.readbuf = NULL; 354 ses.readbuf = NULL;
355 buf_setpos(ses.payload, 0); 355 buf_setpos(ses.payload, 0);
356 356
357 ses.recvseq++; 357 ses.recvseq++;
358 358
359 TRACE(("leave decrypt_packet")) 359 TRACE2(("leave decrypt_packet"))
360 } 360 }
361 361
362 /* Checks the mac at the end of a decrypted readbuf. 362 /* Checks the mac at the end of a decrypted readbuf.
363 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ 363 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
364 static int checkmac() { 364 static int checkmac() {
453 ses.reply_queue_tail->next = new_item; 453 ses.reply_queue_tail->next = new_item;
454 } else { 454 } else {
455 ses.reply_queue_head = new_item; 455 ses.reply_queue_head = new_item;
456 } 456 }
457 ses.reply_queue_tail = new_item; 457 ses.reply_queue_tail = new_item;
458 TRACE(("leave enqueue_reply_packet")) 458 TRACE2(("leave enqueue_reply_packet"))
459 } 459 }
460 460
461 void maybe_flush_reply_queue() { 461 void maybe_flush_reply_queue() {
462 struct packetlist *tmp_item = NULL, *curr_item = NULL; 462 struct packetlist *tmp_item = NULL, *curr_item = NULL;
463 if (!ses.dataallowed) 463 if (!ses.dataallowed)
490 encrypted in-place. */ 490 encrypted in-place. */
491 unsigned char packet_type; 491 unsigned char packet_type;
492 unsigned int len, encrypt_buf_size; 492 unsigned int len, encrypt_buf_size;
493 unsigned char mac_bytes[MAX_MAC_LEN]; 493 unsigned char mac_bytes[MAX_MAC_LEN];
494 494
495 TRACE(("enter encrypt_packet()")) 495 TRACE2(("enter encrypt_packet()"))
496 496
497 buf_setpos(ses.writepayload, 0); 497 buf_setpos(ses.writepayload, 0);
498 packet_type = buf_getbyte(ses.writepayload); 498 packet_type = buf_getbyte(ses.writepayload);
499 buf_setpos(ses.writepayload, 0); 499 buf_setpos(ses.writepayload, 0);
500 500
501 TRACE(("encrypt_packet type is %d", packet_type)) 501 TRACE2(("encrypt_packet type is %d", packet_type))
502 502
503 if ((!ses.dataallowed && !packet_is_okay_kex(packet_type)) 503 if ((!ses.dataallowed && !packet_is_okay_kex(packet_type))
504 || ses.kexstate.sentnewkeys) { 504 || ses.kexstate.sentnewkeys) {
505 /* During key exchange only particular packets are allowed. 505 /* During key exchange only particular packets are allowed.
506 Since this packet_type isn't OK we just enqueue it to send 506 Since this packet_type isn't OK we just enqueue it to send
609 609
610 /* Update counts */ 610 /* Update counts */
611 ses.kexstate.datatrans += writebuf->len; 611 ses.kexstate.datatrans += writebuf->len;
612 ses.transseq++; 612 ses.transseq++;
613 613
614 TRACE(("leave encrypt_packet()")) 614 TRACE2(("leave encrypt_packet()"))
615 } 615 }
616 616
617 617
618 /* Create the packet mac, and append H(seqno|clearbuf) to the output */ 618 /* Create the packet mac, and append H(seqno|clearbuf) to the output */
619 /* output_mac must have ses.keys->trans.algo_mac->hashsize bytes. */ 619 /* output_mac must have ses.keys->trans.algo_mac->hashsize bytes. */
622 unsigned char *output_mac) { 622 unsigned char *output_mac) {
623 unsigned char seqbuf[4]; 623 unsigned char seqbuf[4];
624 unsigned long bufsize; 624 unsigned long bufsize;
625 hmac_state hmac; 625 hmac_state hmac;
626 626
627 TRACE(("enter writemac"))
628
629 if (key_state->algo_mac->hashsize > 0) { 627 if (key_state->algo_mac->hashsize > 0) {
630 /* calculate the mac */ 628 /* calculate the mac */
631 if (hmac_init(&hmac, 629 if (hmac_init(&hmac,
632 key_state->hash_index, 630 key_state->hash_index,
633 key_state->mackey, 631 key_state->mackey,
652 bufsize = MAX_MAC_LEN; 650 bufsize = MAX_MAC_LEN;
653 if (hmac_done(&hmac, output_mac, &bufsize) != CRYPT_OK) { 651 if (hmac_done(&hmac, output_mac, &bufsize) != CRYPT_OK) {
654 dropbear_exit("HMAC error"); 652 dropbear_exit("HMAC error");
655 } 653 }
656 } 654 }
657 TRACE(("leave writemac")) 655 TRACE2(("leave writemac"))
658 } 656 }
659 657
660 #ifndef DISABLE_ZLIB 658 #ifndef DISABLE_ZLIB
661 /* compresses len bytes from src, outputting to dest (starting from the 659 /* compresses len bytes from src, outputting to dest (starting from the
662 * respective current positions. */ 660 * respective current positions. */
663 static void buf_compress(buffer * dest, buffer * src, unsigned int len) { 661 static void buf_compress(buffer * dest, buffer * src, unsigned int len) {
664 662
665 unsigned int endpos = src->pos + len; 663 unsigned int endpos = src->pos + len;
666 int result; 664 int result;
667 665
668 TRACE(("enter buf_compress")) 666 TRACE2(("enter buf_compress"))
669 667
670 while (1) { 668 while (1) {
671 669
672 ses.keys->trans.zstream->avail_in = endpos - src->pos; 670 ses.keys->trans.zstream->avail_in = endpos - src->pos;
673 ses.keys->trans.zstream->next_in = 671 ses.keys->trans.zstream->next_in =
697 * unusual circumstances where the data grows in size after deflate(), 695 * unusual circumstances where the data grows in size after deflate(),
698 * but it is possible */ 696 * but it is possible */
699 buf_resize(dest, dest->size + ZLIB_COMPRESS_INCR); 697 buf_resize(dest, dest->size + ZLIB_COMPRESS_INCR);
700 698
701 } 699 }
702 TRACE(("leave buf_compress")) 700 TRACE2(("leave buf_compress"))
703 } 701 }
704 #endif 702 #endif