comparison common-packet.c @ 4:fe6bca95afa7

Makefile.in contains updated files required
author Matt Johnston <matt@ucc.asn.au>
date Tue, 01 Jun 2004 02:46:09 +0000
parents
children c1e5d9195402
comparison
equal deleted inserted replaced
-1:000000000000 4:fe6bca95afa7
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26 #include "packet.h"
27 #include "session.h"
28 #include "dbutil.h"
29 #include "ssh.h"
30 #include "algo.h"
31 #include "buffer.h"
32 #include "kex.h"
33 #include "random.h"
34 #include "service.h"
35 #include "auth.h"
36 #include "channel.h"
37
38 static void read_packet_init();
39 static void writemac(buffer * outputbuffer, buffer * clearwritebuf);
40 static int checkmac(buffer* hashbuf, buffer* readbuf);
41
42 #define ZLIB_COMPRESS_INCR 20 /* this is 12 bytes + 0.1% of 8000 bytes */
43 #define ZLIB_DECOMPRESS_INCR 100
44 #ifndef DISABLE_ZLIB
45 static buffer* buf_decompress(buffer* buf, unsigned int len);
46 static void buf_compress(buffer * dest, buffer * src, unsigned int len);
47 #endif
48
49 /* non-blocking function writing out a current encrypted packet */
50 void write_packet() {
51
52 int len, written;
53 buffer * writebuf;
54
55 TRACE(("enter write_packet"));
56 assert(!isempty(&ses.writequeue));
57
58 /* Get the next buffer in the queue of encrypted packets to write*/
59 writebuf = (buffer*)examine(&ses.writequeue);
60
61 len = writebuf->len - writebuf->pos;
62 assert(len > 0);
63 /* Try to write as much as possible */
64 written = write(ses.sock, buf_getptr(writebuf, len), len);
65
66 if (written < 0) {
67 if (errno == EINTR) {
68 TRACE(("leave writepacket: EINTR"));
69 return;
70 } else {
71 dropbear_exit("error writing");
72 }
73 }
74
75 if (written == 0) {
76 session_remoteclosed();
77 }
78
79 if (written == len) {
80 /* We've finished with the packet, free it */
81 dequeue(&ses.writequeue);
82 buf_free(writebuf);
83 } else {
84 /* More packet left to write, leave it in the queue for later */
85 buf_incrpos(writebuf, written);
86 }
87
88 TRACE(("leave write_packet"));
89 }
90
91 /* Non-blocking function reading available portion of a packet into the
92 * ses's buffer, decrypting the length if encrypted, decrypting the
93 * full portion if possible */
94 void read_packet() {
95
96 int len;
97 unsigned int maxlen;
98 unsigned char blocksize;
99
100 TRACE(("enter read_packet"));
101 blocksize = ses.keys->recv_algo_crypt->blocksize;
102
103 if (ses.readbuf == NULL || ses.readbuf->len < blocksize) {
104 /* In the first blocksize of a packet */
105
106 /* Read the first blocksize of the packet, so we can decrypt it and
107 * find the length of the whole packet */
108 read_packet_init();
109
110 /* If we don't have the length of decryptreadbuf, we didn't read
111 * a whole blocksize and should exit */
112 if (ses.decryptreadbuf->len == 0) {
113 TRACE(("leave read_packet: packetinit done"));
114 return;
115 }
116 }
117
118 /* Attempt to read the remainder of the packet, note that there
119 * mightn't be any available (EAGAIN) */
120 assert(ses.readbuf != NULL);
121 maxlen = ses.readbuf->len - ses.readbuf->pos;
122 len = read(ses.sock, buf_getptr(ses.readbuf, maxlen), maxlen);
123
124 if (len == 0) {
125 session_remoteclosed();
126 }
127
128 if (len < 0) {
129 if (errno == EINTR || errno == EAGAIN) {
130 TRACE(("leave read_packet: EINTR or EAGAIN"));
131 return;
132 } else {
133 dropbear_exit("error reading: %s", strerror(errno));
134 }
135 }
136
137 buf_incrpos(ses.readbuf, len);
138
139 if ((unsigned int)len == maxlen) {
140 /* The whole packet has been read */
141 decrypt_packet();
142 /* The main select() loop process_packet() to
143 * handle the packet contents... */
144 }
145 TRACE(("leave read_packet"));
146 }
147
148 /* Function used to read the initial portion of a packet, and determine the
149 * length. Only called during the first BLOCKSIZE of a packet. */
150 static void read_packet_init() {
151
152 unsigned int maxlen;
153 int len;
154 unsigned char blocksize;
155 unsigned char macsize;
156
157
158 blocksize = ses.keys->recv_algo_crypt->blocksize;
159 macsize = ses.keys->recv_algo_mac->hashsize;
160
161 if (ses.readbuf == NULL) {
162 /* start of a new packet */
163 ses.readbuf = buf_new(INIT_READBUF);
164 assert(ses.decryptreadbuf == NULL);
165 ses.decryptreadbuf = buf_new(blocksize);
166 }
167
168 maxlen = blocksize - ses.readbuf->pos;
169
170 /* read the rest of the packet if possible */
171 len = read(ses.sock, buf_getwriteptr(ses.readbuf, maxlen),
172 maxlen);
173 if (len == 0) {
174 session_remoteclosed();
175 }
176 if (len < 0) {
177 if (errno == EINTR) {
178 TRACE(("leave read_packet_init: EINTR"));
179 return;
180 }
181 dropbear_exit("error reading: %s", strerror(errno));
182 }
183
184 buf_incrwritepos(ses.readbuf, len);
185
186 if ((unsigned int)len != maxlen) {
187 /* don't have enough bytes to determine length, get next time */
188 return;
189 }
190
191 /* now we have the first block, need to get packet length, so we decrypt
192 * the first block (only need first 4 bytes) */
193 buf_setpos(ses.readbuf, 0);
194 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
195 /* copy it */
196 memcpy(buf_getwriteptr(ses.decryptreadbuf, blocksize),
197 buf_getptr(ses.readbuf, blocksize),
198 blocksize);
199 } else {
200 /* decrypt it */
201 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
202 buf_getwriteptr(ses.decryptreadbuf,blocksize),
203 &ses.keys->recv_symmetric_struct) != CRYPT_OK) {
204 dropbear_exit("error decrypting");
205 }
206 }
207 buf_setlen(ses.decryptreadbuf, blocksize);
208 len = buf_getint(ses.decryptreadbuf) + 4 + macsize;
209
210 buf_setpos(ses.readbuf, blocksize);
211
212 /* check packet length */
213 if ((len > MAX_PACKET_LEN) ||
214 (len < MIN_PACKET_LEN + macsize) ||
215 ((len - macsize) % blocksize != 0)) {
216 dropbear_exit("bad packet size");
217 }
218
219 buf_resize(ses.readbuf, len);
220 buf_setlen(ses.readbuf, len);
221
222 }
223
224 /* handle the received packet */
225 void decrypt_packet() {
226
227 unsigned char blocksize;
228 unsigned char macsize;
229 unsigned int padlen;
230 unsigned int len;
231
232 TRACE(("enter decrypt_packet"));
233 blocksize = ses.keys->recv_algo_crypt->blocksize;
234 macsize = ses.keys->recv_algo_mac->hashsize;
235
236 ses.kexstate.datarecv += ses.readbuf->len;
237
238 /* we've already decrypted the first blocksize in read_packet_init */
239 buf_setpos(ses.readbuf, blocksize);
240
241 buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize);
242 buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size);
243 buf_setpos(ses.decryptreadbuf, blocksize);
244
245 /* decrypt if encryption is set, memcpy otherwise */
246 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
247 /* copy it */
248 len = ses.readbuf->len - macsize - blocksize;
249 memcpy(buf_getwriteptr(ses.decryptreadbuf, len),
250 buf_getptr(ses.readbuf, len), len);
251 } else {
252 /* decrypt */
253 while (ses.readbuf->pos < ses.readbuf->len - macsize) {
254 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
255 buf_getwriteptr(ses.decryptreadbuf, blocksize),
256 &ses.keys->recv_symmetric_struct) != CRYPT_OK) {
257 dropbear_exit("error decrypting");
258 }
259 buf_incrpos(ses.readbuf, blocksize);
260 buf_incrwritepos(ses.decryptreadbuf, blocksize);
261 }
262 }
263
264 /* check the hmac */
265 buf_setpos(ses.readbuf, ses.readbuf->len - macsize);
266 if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) {
267 dropbear_exit("Integrity error");
268 }
269
270 /* readbuf no longer required */
271 buf_free(ses.readbuf);
272 ses.readbuf = NULL;
273
274 /* get padding length */
275 buf_setpos(ses.decryptreadbuf, PACKET_PADDING_OFF);
276 padlen = buf_getbyte(ses.decryptreadbuf);
277
278 /* payload length */
279 /* - 4 - 1 is for LEN and PADLEN values */
280 len = ses.decryptreadbuf->len - padlen - 4 - 1;
281 if ((len > MAX_PAYLOAD_LEN) || (len < 1)) {
282 dropbear_exit("bad packet size");
283 }
284
285 buf_setpos(ses.decryptreadbuf, PACKET_PAYLOAD_OFF);
286
287 #ifndef DISABLE_ZLIB
288 if (ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB) {
289 /* decompress */
290 ses.payload = buf_decompress(ses.decryptreadbuf, len);
291
292 } else
293 #endif
294 {
295 /* copy payload */
296 ses.payload = buf_new(len);
297 memcpy(ses.payload->data, buf_getptr(ses.decryptreadbuf, len), len);
298 buf_incrlen(ses.payload, len);
299 }
300
301 buf_free(ses.decryptreadbuf);
302 ses.decryptreadbuf = NULL;
303 buf_setpos(ses.payload, 0);
304
305 ses.recvseq++;
306
307 TRACE(("leave decrypt_packet"));
308 }
309
310 /* Checks the mac in hashbuf, for the data in readbuf.
311 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
312 static int checkmac(buffer* macbuf, buffer* sourcebuf) {
313
314 unsigned char macsize;
315 hmac_state hmac;
316 unsigned char tempbuf[MAX_MAC_LEN];
317 unsigned long hashsize;
318 int len;
319
320 macsize = ses.keys->recv_algo_mac->hashsize;
321
322 if (macsize == 0) {
323 return DROPBEAR_SUCCESS;
324 }
325
326 /* calculate the mac */
327 if (hmac_init(&hmac,
328 find_hash(ses.keys->recv_algo_mac->hashdesc->name),
329 ses.keys->recvmackey,
330 ses.keys->recv_algo_mac->keysize)
331 != CRYPT_OK) {
332 dropbear_exit("HMAC error");
333 }
334
335 /* sequence number */
336 STORE32H(ses.recvseq, tempbuf);
337 if (hmac_process(&hmac, tempbuf, 4) != CRYPT_OK) {
338 dropbear_exit("HMAC error");
339 }
340
341 buf_setpos(sourcebuf, 0);
342 len = sourcebuf->len;
343 if (hmac_process(&hmac, buf_getptr(sourcebuf, len), len) != CRYPT_OK) {
344 dropbear_exit("HMAC error");
345 }
346
347 hashsize = sizeof(tempbuf);
348 if (hmac_done(&hmac, tempbuf, &hashsize) != CRYPT_OK) {
349 dropbear_exit("HMAC error");
350 }
351
352 /* compare the hash */
353 if (memcmp(tempbuf, buf_getptr(macbuf, macsize), macsize) != 0) {
354 return DROPBEAR_FAILURE;
355 } else {
356 return DROPBEAR_SUCCESS;
357 }
358 }
359
360 #ifndef DISABLE_ZLIB
361 /* returns a pointer to a newly created buffer */
362 static buffer* buf_decompress(buffer* buf, unsigned int len) {
363
364 int result;
365 buffer * ret;
366 z_streamp zstream;
367
368 zstream = ses.keys->recv_zstream;
369 ret = buf_new(len);
370
371 zstream->avail_in = len;
372 zstream->next_in = buf_getptr(buf, len);
373
374 /* decompress the payload, incrementally resizing the output buffer */
375 while (1) {
376
377 zstream->avail_out = ret->size - ret->pos;
378 zstream->next_out = buf_getwriteptr(ret, zstream->avail_out);
379
380 result = inflate(zstream, Z_SYNC_FLUSH);
381
382 buf_setlen(ret, ret->size - zstream->avail_out);
383 buf_setpos(ret, ret->len);
384
385 if (result != Z_BUF_ERROR && result != Z_OK) {
386 dropbear_exit("zlib error");
387 }
388
389 if (zstream->avail_in == 0 &&
390 (zstream->avail_out != 0 || result == Z_BUF_ERROR)) {
391 /* we can only exit if avail_out hasn't all been used,
392 * and there's no remaining input */
393 return ret;
394 }
395
396 if (zstream->avail_out == 0) {
397 buf_resize(ret, ret->size + ZLIB_DECOMPRESS_INCR);
398 }
399 }
400 }
401 #endif
402
403
404
405 /* This must be called directly after receiving the unimplemented packet.
406 * Isn't the most clean implementation, it relies on packet processing
407 * occurring directly after decryption. This is reasonably valid, since
408 * there is only a single decryption buffer */
409 void recv_unimplemented() {
410
411 CHECKCLEARTOWRITE();
412
413 buf_putbyte(ses.writepayload, SSH_MSG_UNIMPLEMENTED);
414 /* the decryption routine increments the sequence number, we must
415 * decrement */
416 buf_putint(ses.writepayload, ses.recvseq - 1);
417
418 encrypt_packet();
419 }
420
421 /* encrypt the writepayload, putting into writebuf, ready for write_packet()
422 * to put on the wire */
423 void encrypt_packet() {
424
425 unsigned char padlen;
426 unsigned char blocksize, macsize;
427 buffer * writebuf; /* the packet which will go on the wire */
428 buffer * clearwritebuf; /* unencrypted, possibly compressed */
429
430 TRACE(("enter encrypt_packet()"));
431 TRACE(("encrypt_packet type is %d", ses.writepayload->data[0]));
432 blocksize = ses.keys->trans_algo_crypt->blocksize;
433 macsize = ses.keys->trans_algo_mac->hashsize;
434
435 /* Encrypted packet len is payload+5, then worst case is if we are 3 away
436 * from a blocksize multiple. In which case we need to pad to the
437 * multiple, then add another blocksize (or MIN_PACKET_LEN) */
438 clearwritebuf = buf_new((ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3
439 #ifndef DISABLE_ZLIB
440 + ZLIB_COMPRESS_INCR /* bit of a kludge, but we can't know len*/
441 #endif
442 );
443 buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF);
444 buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF);
445
446 buf_setpos(ses.writepayload, 0);
447
448 #ifndef DISABLE_ZLIB
449 /* compression */
450 if (ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB) {
451 buf_compress(clearwritebuf, ses.writepayload, ses.writepayload->len);
452 } else
453 #endif
454 {
455 memcpy(buf_getwriteptr(clearwritebuf, ses.writepayload->len),
456 buf_getptr(ses.writepayload, ses.writepayload->len),
457 ses.writepayload->len);
458 buf_incrwritepos(clearwritebuf, ses.writepayload->len);
459 }
460
461 /* finished with payload */
462 buf_setpos(ses.writepayload, 0);
463 buf_setlen(ses.writepayload, 0);
464
465 /* length of padding - packet length must be a multiple of blocksize,
466 * with a minimum of 4 bytes of padding */
467 padlen = blocksize - (clearwritebuf->len) % blocksize;
468 if (padlen < 4) {
469 padlen += blocksize;
470 }
471 /* check for min packet length */
472 if (clearwritebuf->len + padlen < MIN_PACKET_LEN) {
473 padlen += blocksize;
474 }
475
476 buf_setpos(clearwritebuf, 0);
477 /* packet length excluding the packetlength uint32 */
478 buf_putint(clearwritebuf, clearwritebuf->len + padlen - 4);
479
480 /* padding len */
481 buf_putbyte(clearwritebuf, padlen);
482 /* actual padding */
483 buf_setpos(clearwritebuf, clearwritebuf->len);
484 buf_incrlen(clearwritebuf, padlen);
485 genrandom(buf_getptr(clearwritebuf, padlen), padlen);
486
487 /* do the actual encryption */
488 buf_setpos(clearwritebuf, 0);
489 /* create a new writebuffer, this is freed when it has been put on the
490 * wire by writepacket() */
491 writebuf = buf_new(clearwritebuf->len + macsize);
492
493 if (ses.keys->trans_algo_crypt->cipherdesc == NULL) {
494 /* copy it */
495 memcpy(buf_getwriteptr(writebuf, clearwritebuf->len),
496 buf_getptr(clearwritebuf, clearwritebuf->len),
497 clearwritebuf->len);
498 buf_incrwritepos(writebuf, clearwritebuf->len);
499 } else {
500 /* encrypt it */
501 while (clearwritebuf->pos < clearwritebuf->len) {
502 if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize),
503 buf_getwriteptr(writebuf, blocksize),
504 &ses.keys->trans_symmetric_struct) != CRYPT_OK) {
505 dropbear_exit("error encrypting");
506 }
507 buf_incrpos(clearwritebuf, blocksize);
508 buf_incrwritepos(writebuf, blocksize);
509 }
510 }
511
512 /* now add a hmac and we're done */
513 writemac(writebuf, clearwritebuf);
514
515 /* clearwritebuf is finished with */
516 buf_free(clearwritebuf);
517
518 /* enqueue the packet for sending */
519 buf_setpos(writebuf, 0);
520 enqueue(&ses.writequeue, (void*)writebuf);
521
522 /* Update counts */
523 ses.kexstate.datatrans += writebuf->len;
524 ses.transseq++;
525
526 TRACE(("leave encrypt_packet()"));
527 }
528
529
530 /* Create the packet mac, and append H(seqno|clearbuf) to the output */
531 static void writemac(buffer * outputbuffer, buffer * clearwritebuf) {
532
533 int macsize;
534 unsigned char seqbuf[4];
535 unsigned long hashsize;
536 hmac_state hmac;
537
538 TRACE(("enter writemac"));
539
540 macsize = ses.keys->trans_algo_mac->hashsize;
541
542 if (macsize > 0) {
543 /* calculate the mac */
544 if (hmac_init(&hmac,
545 find_hash(ses.keys->trans_algo_mac->hashdesc->name),
546 ses.keys->transmackey,
547 ses.keys->trans_algo_mac->keysize) != CRYPT_OK) {
548 dropbear_exit("HMAC error");
549 }
550
551 /* sequence number */
552 STORE32H(ses.transseq, seqbuf);
553 if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) {
554 dropbear_exit("HMAC error");
555 }
556
557 /* the actual contents */
558 buf_setpos(clearwritebuf, 0);
559 if (hmac_process(&hmac,
560 buf_getptr(clearwritebuf,
561 clearwritebuf->len),
562 clearwritebuf->len) != CRYPT_OK) {
563 dropbear_exit("HMAC error");
564 }
565
566 hashsize = macsize;
567 if (hmac_done(&hmac, buf_getwriteptr(outputbuffer, macsize), &hashsize)
568 != CRYPT_OK) {
569 dropbear_exit("HMAC error");
570 }
571 buf_incrwritepos(outputbuffer, macsize);
572 }
573 TRACE(("leave writemac"));
574 }
575
576 #ifndef DISABLE_ZLIB
577 /* compresses len bytes from src, outputting to dest (starting from the
578 * respective current positions. */
579 static void buf_compress(buffer * dest, buffer * src, unsigned int len) {
580
581 unsigned int endpos = src->pos + len;
582 int result;
583
584 TRACE(("enter buf_compress"));
585
586 while (1) {
587
588 ses.keys->trans_zstream->avail_in = endpos - src->pos;
589 ses.keys->trans_zstream->next_in =
590 buf_getptr(src, ses.keys->trans_zstream->avail_in);
591
592 ses.keys->trans_zstream->avail_out = dest->size - dest->pos;
593 ses.keys->trans_zstream->next_out =
594 buf_getwriteptr(dest, ses.keys->trans_zstream->avail_out);
595
596 result = deflate(ses.keys->trans_zstream, Z_SYNC_FLUSH);
597
598 buf_setpos(src, endpos - ses.keys->trans_zstream->avail_in);
599 buf_setlen(dest, dest->size - ses.keys->trans_zstream->avail_out);
600 buf_setpos(dest, dest->len);
601
602 if (result != Z_OK) {
603 dropbear_exit("zlib error");
604 }
605
606 if (ses.keys->trans_zstream->avail_in == 0) {
607 break;
608 }
609
610 assert(ses.keys->trans_zstream->avail_out == 0);
611
612 /* the buffer has been filled, we must extend. This only happens in
613 * unusual circumstances where the data grows in size after deflate(),
614 * but it is possible */
615 buf_resize(dest, dest->size + ZLIB_COMPRESS_INCR);
616
617 }
618 TRACE(("leave buf_compress"));
619 }
620 #endif