changeset 34:e2a1eaa19f22

Client mostly works up to password auth Need to rework algo-choosing etc, since server is now broken.
author Matt Johnston <matt@ucc.asn.au>
date Wed, 28 Jul 2004 16:44:16 +0000
parents f789045062e6
children 0ad5fb979f42
files cli-auth.c cli-kex.c cli-service.c cli-session.c common-kex.c common-session.c dss.c process-packet.c rsa.c service.h session.h signkey.c
diffstat 12 files changed, 57 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/cli-auth.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/cli-auth.c	Wed Jul 28 16:44:16 2004 +0000
@@ -31,7 +31,7 @@
 
 		ses.authstate.username = m_strdup(pw->pw_name);
 	}
-	TRACE(("leave cli_get_user: %s", cli_ses.username));
+	TRACE(("leave cli_get_user: %s", ses.authstate.username));
 }
 
 /* Send a "none" auth request to get available methods */
@@ -90,7 +90,7 @@
 	tok = methods; /* tok stores the next method we'll compare */
 	for (i = 0; i <= methlen; i++) {
 		if (methods[i] == '\0') {
-			TRACE(("auth method '%s'\n", tok));
+			TRACE(("auth method '%s'", tok));
 #ifdef DROPBEAR_PUBKEY_AUTH
 			if (strncmp(AUTH_METHOD_PUBKEY, tok,
 				AUTH_METHOD_PUBKEY_LEN) == 0) {
@@ -103,9 +103,9 @@
 				ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 			}
 #endif
-			tok = &methods[i]; /* Must make sure we don't use it after
-								  the last loop, since it'll point
-								  to something undefined */
+			tok = &methods[i+1]; /* Must make sure we don't use it after the
+									last loop, since it'll point to something
+									undefined */
 		}
 	}
 
--- a/cli-kex.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/cli-kex.c	Wed Jul 28 16:44:16 2004 +0000
@@ -43,7 +43,7 @@
 	cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
 	cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
 
-	m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x);
+	m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
 	gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
 
 	CHECKCLEARTOWRITE();
@@ -58,17 +58,23 @@
 
 	mp_int dh_f;
 	sign_key *hostkey = NULL;
-	int type;
+	int type, keylen;
 
+	TRACE(("enter recv_msg_kexdh_reply"));
 	type = ses.newkeys->algo_hostkey;
+	TRACE(("type is %d", type));
 
 	hostkey = new_sign_key();
+	keylen = buf_getint(ses.payload);
+
 	if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) {
+		TRACE(("failed getting pubkey"));
 		dropbear_exit("Bad KEX packet");
 	}
 
 	m_mp_init(&dh_f);
 	if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
+		TRACE(("failed getting mpint"));
 		dropbear_exit("Bad KEX packet");
 	}
 
--- a/cli-service.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/cli-service.c	Wed Jul 28 16:44:16 2004 +0000
@@ -12,8 +12,8 @@
 
 	CHECKCLEARTOWRITE();
 
-	buf_putbyte(ses.payload, SSH_MSG_SERVICE_REQUEST);
-	buf_putstring(ses.payload, servicename, strlen(servicename));
+	buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_REQUEST);
+	buf_putstring(ses.writepayload, servicename, strlen(servicename));
 
 	encrypt_packet();
 	TRACE(("leave send_msg_service_request"));
--- a/cli-session.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/cli-session.c	Wed Jul 28 16:44:16 2004 +0000
@@ -21,6 +21,7 @@
 	{SSH_MSG_KEXINIT, recv_msg_kexinit},
 	{SSH_MSG_KEXDH_REPLY, recv_msg_kexdh_reply}, // client
 	{SSH_MSG_NEWKEYS, recv_msg_newkeys},
+	{SSH_MSG_SERVICE_ACCEPT, recv_msg_service_accept}, // client
 	{SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
 	{SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
 	{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_remotetcp},
@@ -30,8 +31,8 @@
 	{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
 	{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
 	{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
-	{SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure},
-	{SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success},
+	{SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, // client
+	{SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, // client
 	{0, 0} /* End */
 };
 
@@ -90,11 +91,11 @@
 
 	TRACE(("enter cli_sessionloop"));
 
-	if (cli_ses.kex_state == KEX_NOTHING && ses.kexstate.recvkexinit) {
-		cli_ses.state = KEXINIT_RCVD;
+	if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) {
+		cli_ses.kex_state = KEXINIT_RCVD;
 	}
 
-	if (cli_ses.state == KEXINIT_RCVD) {
+	if (cli_ses.kex_state == KEXINIT_RCVD) {
 
 		/* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT
 		 * negotiation would have failed. */
@@ -120,6 +121,7 @@
 	 * in normal operation */
 	if (ses.kexstate.donefirstkex == 0) {
 		TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex"));
+		return;
 	}
 
 	switch (cli_ses.state) {
@@ -129,6 +131,7 @@
 			 * userauth */
 			send_msg_service_request(SSH_SERVICE_USERAUTH);
 			cli_ses.state = SERVICE_AUTH_REQ_SENT;
+			TRACE(("leave cli_sessionloop: sent userauth service req"));
 			return;
 
 		/* userauth code */
@@ -136,10 +139,12 @@
 			cli_get_user();
 			cli_auth_getmethods();
 			cli_ses.state = USERAUTH_METHODS_SENT;
+			TRACE(("leave cli_sessionloop: sent userauth methods req"));
 			return;
 			
 		case USERAUTH_FAIL_RCVD:
 			cli_auth_try();
+			TRACE(("leave cli_sessionloop: cli_auth_try"));
 			return;
 
 		/* XXX more here needed */
@@ -149,6 +154,7 @@
 		break;
 	}
 
+	TRACE(("leave cli_sessionloop: fell out"));
 
 }
 
--- a/common-kex.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/common-kex.c	Wed Jul 28 16:44:16 2004 +0000
@@ -613,6 +613,7 @@
 		erralgo = "kex";
 		goto error;
 	}
+	TRACE(("kex algo %s", algo->name));
 	ses.newkeys->algo_kex = algo->val;
 
 	/* server_host_key_algorithms */
@@ -622,6 +623,7 @@
 		erralgo = "hostkey";
 		goto error;
 	}
+	TRACE(("hostkey algo %s", algo->name));
 	ses.newkeys->algo_hostkey = algo->val;
 
 	/* encryption_algorithms_client_to_server */
@@ -631,6 +633,7 @@
 		goto error;
 	}
 	ses.newkeys->recv_algo_crypt = (struct dropbear_cipher*)algo->data;
+	TRACE(("enc algo recv %s", algo->name));
 
 	/* encryption_algorithms_server_to_client */
 	algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
@@ -639,6 +642,7 @@
 		goto error;
 	}
 	ses.newkeys->trans_algo_crypt = (struct dropbear_cipher*)algo->data;
+	TRACE(("enc algo trans %s", algo->name));
 
 	/* mac_algorithms_client_to_server */
 	algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
@@ -647,6 +651,7 @@
 		goto error;
 	}
 	ses.newkeys->recv_algo_mac = (struct dropbear_hash*)algo->data;
+	TRACE(("mac algo recv %s", algo->name));
 
 	/* mac_algorithms_server_to_client */
 	algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
@@ -655,6 +660,7 @@
 		goto error;
 	}
 	ses.newkeys->trans_algo_mac = (struct dropbear_hash*)algo->data;
+	TRACE(("mac algo trans %s", algo->name));
 
 	/* compression_algorithms_client_to_server */
 	algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
@@ -663,6 +669,7 @@
 		goto error;
 	}
 	ses.newkeys->recv_algo_comp = algo->val;
+	TRACE(("comp algo recv %s", algo->name));
 
 	/* compression_algorithms_server_to_client */
 	algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
@@ -671,6 +678,7 @@
 		goto error;
 	}
 	ses.newkeys->trans_algo_comp = algo->val;
+	TRACE(("comp algo trans %s", algo->name));
 
 	/* languages_client_to_server */
 	buf_eatstring(ses.payload);
--- a/common-session.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/common-session.c	Wed Jul 28 16:44:16 2004 +0000
@@ -75,6 +75,7 @@
 	ses.requirenext = SSH_MSG_KEXINIT;
 	ses.dataallowed = 0; /* don't send data yet, we'll wait until after kex */
 	ses.ignorenext = 0;
+	ses.lastpacket = 0;
 
 	/* set all the algos to none */
 	ses.keys = (struct key_context*)m_malloc(sizeof(struct key_context));
--- a/dss.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/dss.c	Wed Jul 28 16:44:16 2004 +0000
@@ -45,6 +45,7 @@
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 int buf_get_dss_pub_key(buffer* buf, dss_key *key) {
 
+	TRACE(("enter buf_get_dss_pub_key"));
 	assert(key != NULL);
 	key->p = m_malloc(sizeof(mp_int));
 	key->q = m_malloc(sizeof(mp_int));
@@ -58,14 +59,17 @@
 	 || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE
 	 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE
 	 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) {
+		TRACE(("leave buf_get_dss_pub_key: failed reading mpints"));
 		return DROPBEAR_FAILURE;
 	}
 
 	if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) {
 		dropbear_log(LOG_WARNING, "DSS key too short");
+		TRACE(("leave buf_get_dss_pub_key: short key"));
 		return DROPBEAR_FAILURE;
 	}
 
+	TRACE(("leave buf_get_dss_pub_key: success"));
 	return DROPBEAR_SUCCESS;
 }
 
--- a/process-packet.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/process-packet.c	Wed Jul 28 16:44:16 2004 +0000
@@ -50,6 +50,8 @@
 	type = buf_getbyte(ses.payload);
 	TRACE(("process_packet: packet type = %d", type));
 
+	ses.lastpacket = type;
+
 	/* These packets we can receive at any time */
 	switch(type) {
 
--- a/rsa.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/rsa.c	Wed Jul 28 16:44:16 2004 +0000
@@ -205,6 +205,8 @@
 	mp_int *rsa_em = NULL;
 	int ret = DROPBEAR_FAILURE;
 
+	TRACE(("enter buf_rsa_verify"));
+
 	assert(key != NULL);
 
 	m_mp_init_multi(&rsa_mdash, &rsa_s, NULL);
@@ -217,6 +219,7 @@
 
 	if (mp_read_unsigned_bin(&rsa_s, buf_getptr(buf, buf->len - buf->pos),
 				buf->len - buf->pos) != MP_OKAY) {
+		TRACE(("failed reading rsa_s"));
 		goto out;
 	}
 
@@ -230,17 +233,20 @@
 	rsa_em = rsa_pad_em(key, data, len);
 
 	if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) {
+		TRACE(("failed exptmod rsa_s"));
 		goto out;
 	}
 
 	if (mp_cmp(rsa_em, &rsa_mdash) == MP_EQ) {
 		/* signature is valid */
+		TRACE(("success!"));
 		ret = DROPBEAR_SUCCESS;
 	}
 
 out:
 	mp_clear_multi(rsa_em, &rsa_mdash, &rsa_s, NULL);
 	m_free(rsa_em);
+	TRACE(("leave buf_rsa_verify: ret %d", ret));
 	return ret;
 
 }
--- a/service.h	Tue Jul 27 16:30:46 2004 +0000
+++ b/service.h	Wed Jul 28 16:44:16 2004 +0000
@@ -27,5 +27,6 @@
 
 void recv_msg_service_request(); /* Server */
 void send_msg_service_request(); /* Client */
+void recv_msg_service_accept(); /* Client */
 
 #endif /* _SERVICE_H_ */
--- a/session.h	Tue Jul 27 16:30:46 2004 +0000
+++ b/session.h	Wed Jul 28 16:44:16 2004 +0000
@@ -119,6 +119,8 @@
 
 	unsigned char ignorenext; /* whether to ignore the next packet,
 								 used for kex_follows stuff */
+
+	unsigned char lastpacket; /* What the last received packet type was */
 	
 
 
--- a/signkey.c	Tue Jul 27 16:30:46 2004 +0000
+++ b/signkey.c	Wed Jul 28 16:44:16 2004 +0000
@@ -52,8 +52,12 @@
 	unsigned char* ident;
 	unsigned int len;
 
+	TRACE(("enter buf_get_pub_key"));
+	printhex(buf_getptr(buf, 0x99), 0x99);
+
 	ident = buf_getstring(buf, &len);
 
+
 #ifdef DROPBEAR_DSS
 	if (memcmp(ident, SSH_SIGNKEY_DSS, len) == 0
 			&& (*type == DROPBEAR_SIGNKEY_ANY 
@@ -78,6 +82,7 @@
 		return buf_get_rsa_pub_key(buf, key->rsakey);
 	}
 #endif
+	TRACE(("leave buf_get_pub_key: didn't match the type we want (%d versus '%s'len %d)", *type, ident, len));
 
 	m_free(ident);
 
@@ -352,6 +357,8 @@
 	unsigned char * ident = NULL;
 	unsigned int identlen = 0;
 
+	TRACE(("enter buf_verify"));
+
 	bloblen = buf_getint(buf);
 	ident = buf_getstring(buf, &identlen);