[openssh.git] / roaming_client.c

/* $OpenBSD: roaming_client.c,v 1.3 2010/01/18 01:50:27 dtucker Exp $ */
/*
 * Copyright (c) 2004-2009 AppGate Network Security AB
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"

#include "openbsd-compat/sys-queue.h"
#include <sys/types.h>
#include <sys/socket.h>

#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#endif
#include <signal.h>
#include <string.h>
#include <unistd.h>

#include <openssl/crypto.h>
#include <openssl/sha.h>

#include "xmalloc.h"
#include "buffer.h"
#include "channels.h"
#include "cipher.h"
#include "dispatch.h"
#include "clientloop.h"
#include "log.h"
#include "match.h"
#include "misc.h"
#include "packet.h"
#include "ssh.h"
#include "key.h"
#include "kex.h"
#include "readconf.h"
#include "roaming.h"
#include "ssh2.h"
#include "sshconnect.h"

/* import */
extern Options options;
extern char *host;
extern struct sockaddr_storage hostaddr;
extern int session_resumed;

static u_int32_t roaming_id;
static u_int64_t cookie;
static u_int64_t lastseenchall;
static u_int64_t key1, key2, oldkey1, oldkey2;

void
roaming_reply(int type, u_int32_t seq, void *ctxt)
{
	if (type == SSH2_MSG_REQUEST_FAILURE) {
		logit("Server denied roaming");
		return;
	}
	verbose("Roaming enabled");
	roaming_id = packet_get_int();
	cookie = packet_get_int64();
	key1 = oldkey1 = packet_get_int64();
	key2 = oldkey2 = packet_get_int64();
	set_out_buffer_size(packet_get_int() +  get_snd_buf_size());
	roaming_enabled = 1;
}

void
request_roaming(void)
{
	packet_start(SSH2_MSG_GLOBAL_REQUEST);
	packet_put_cstring(ROAMING_REQUEST);
	packet_put_char(1);
	packet_put_int(get_recv_buf_size());
	packet_send();
	client_register_global_confirm(roaming_reply, NULL);
}

static void
roaming_auth_required(void)
{
	u_char digest[SHA_DIGEST_LENGTH];
	EVP_MD_CTX md;
	Buffer b;
	const EVP_MD *evp_md = EVP_sha1();
	u_int64_t chall, oldchall;

	chall = packet_get_int64();
	oldchall = packet_get_int64();
	if (oldchall != lastseenchall) {
		key1 = oldkey1;
		key2 = oldkey2;
	}
	lastseenchall = chall;

	buffer_init(&b);
	buffer_put_int64(&b, cookie);
	buffer_put_int64(&b, chall);
	EVP_DigestInit(&md, evp_md);
	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
	EVP_DigestFinal(&md, digest, NULL);
	buffer_free(&b);

	packet_start(SSH2_MSG_KEX_ROAMING_AUTH);
	packet_put_int64(key1 ^ get_recv_bytes());
	packet_put_raw(digest, sizeof(digest));
	packet_send();

	oldkey1 = key1;
	oldkey2 = key2;
	calculate_new_key(&key1, cookie, chall);
	calculate_new_key(&key2, cookie, chall);

	debug("Received %llu bytes", (unsigned long long)get_recv_bytes());
	debug("Sent roaming_auth packet");
}

int
resume_kex(void)
{
	/*
	 * This should not happen - if the client sends the kex method
	 * resume@appgate.com then the kex is done in roaming_resume().
	 */
	return 1;
}

static int
roaming_resume(void)
{
	u_int64_t recv_bytes;
	char *str = NULL, *kexlist = NULL, *c;
	int i, type;
	int timeout_ms = options.connection_timeout * 1000;
	u_int len;
	u_int32_t rnd = 0;

	resume_in_progress = 1;

	/* Exchange banners */
	ssh_exchange_identification(timeout_ms);
	packet_set_nonblocking();

	/* Send a kexinit message with resume@appgate.com as only kex algo */
	packet_start(SSH2_MSG_KEXINIT);
	for (i = 0; i < KEX_COOKIE_LEN; i++) {
		if (i % 4 == 0)
			rnd = arc4random();
		packet_put_char(rnd & 0xff);
		rnd >>= 8;
	}
	packet_put_cstring(KEX_RESUME);
	for (i = 1; i < PROPOSAL_MAX; i++) {
		/* kex algorithm added so start with i=1 and not 0 */
		packet_put_cstring(""); /* Not used when we resume */
	}
	packet_put_char(1); /* first kex_packet follows */
	packet_put_int(0); /* reserved */
	packet_send();

	/* Assume that resume@appgate.com will be accepted */
	packet_start(SSH2_MSG_KEX_ROAMING_RESUME);
	packet_put_int(roaming_id);
	packet_send();

	/* Read the server's kexinit and check for resume@appgate.com */
	if ((type = packet_read()) != SSH2_MSG_KEXINIT) {
		debug("expected kexinit on resume, got %d", type);
		goto fail;
	}
	for (i = 0; i < KEX_COOKIE_LEN; i++)
		(void)packet_get_char();
	kexlist = packet_get_string(&len);
	if (!kexlist
	    || (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) {
		debug("server doesn't allow resume");
		goto fail;
	}
	xfree(str);
	for (i = 1; i < PROPOSAL_MAX; i++) {
		/* kex algorithm taken care of so start with i=1 and not 0 */
		xfree(packet_get_string(&len));
	}
	i = packet_get_char(); /* first_kex_packet_follows */
	if (i && (c = strchr(kexlist, ',')))
		*c = 0;
	if (i && strcmp(kexlist, KEX_RESUME)) {
		debug("server's kex guess (%s) was wrong, skipping", kexlist);
		(void)packet_read(); /* Wrong guess - discard packet */
	}

	/*
	 * Read the ROAMING_AUTH_REQUIRED challenge from the server and
	 * send ROAMING_AUTH
	 */
	if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) {
		debug("expected roaming_auth_required, got %d", type);
		goto fail;
	}
	roaming_auth_required();

	/* Read ROAMING_AUTH_OK from the server */
	if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) {
		debug("expected roaming_auth_ok, got %d", type);
		goto fail;
	}
	recv_bytes = packet_get_int64() ^ oldkey2;
	debug("Peer received %llu bytes", (unsigned long long)recv_bytes);
	resend_bytes(packet_get_connection_out(), &recv_bytes);

	resume_in_progress = 0;

	session_resumed = 1; /* Tell clientloop */

	return 0;

fail:
	if (kexlist)
		xfree(kexlist);
	if (packet_get_connection_in() == packet_get_connection_out())
		close(packet_get_connection_in());
	else {
		close(packet_get_connection_in());
		close(packet_get_connection_out());
	}
	return 1;
}

int
wait_for_roaming_reconnect(void)
{
	static int reenter_guard = 0;
	int timeout_ms = options.connection_timeout * 1000;
	int c;

	if (reenter_guard != 0)
		fatal("Server refused resume, roaming timeout may be exceeded");
	reenter_guard = 1;

	fprintf(stderr, "[connection suspended, press return to resume]");
	fflush(stderr);
	packet_backup_state();
	/* TODO Perhaps we should read from tty here */
	while ((c = fgetc(stdin)) != EOF) {
		if (c == 'Z' - 64) {
			kill(getpid(), SIGTSTP);
			continue;
		}
		if (c != '\n' && c != '\r')
			continue;

		if (ssh_connect(host, &hostaddr, options.port,
		    options.address_family, 1, &timeout_ms,
		    options.tcp_keep_alive, options.use_privileged_port,
		    options.proxy_command) == 0 && roaming_resume() == 0) {
			packet_restore_state();
			reenter_guard = 0;
			fprintf(stderr, "[connection resumed]\n");
			fflush(stderr);
			return 0;
		}

		fprintf(stderr, "[reconnect failed, press return to retry]");
		fflush(stderr);
	}
	fprintf(stderr, "[exiting]\n");
	fflush(stderr);
	exit(0);
}
Commit	Line	Data
6d6695ca	1	/* $OpenBSD: roaming_client.c,v 1.3 2010/01/18 01:50:27 dtucker Exp $ */
6f8969f5	2	/*
	3	* Copyright (c) 2004-2009 AppGate Network Security AB
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
3b6c53d3	18	#include "includes.h"
3b6c53d3	19
c12cf250	20	#include "openbsd-compat/sys-queue.h"
6f8969f5	21	#include <sys/types.h>
	22	#include <sys/socket.h>
	23
2d7536f6	24	#ifdef HAVE_INTTYPES_H
6f8969f5	25	#include <inttypes.h>
2d7536f6	26	#endif
6f8969f5	27	#include <signal.h>
	28	#include <string.h>
	29	#include <unistd.h>
	30
	31	#include <openssl/crypto.h>
	32	#include <openssl/sha.h>
	33
	34	#include "xmalloc.h"
	35	#include "buffer.h"
	36	#include "channels.h"
	37	#include "cipher.h"
	38	#include "dispatch.h"
	39	#include "clientloop.h"
	40	#include "log.h"
	41	#include "match.h"
	42	#include "misc.h"
	43	#include "packet.h"
	44	#include "ssh.h"
	45	#include "key.h"
	46	#include "kex.h"
	47	#include "readconf.h"
	48	#include "roaming.h"
	49	#include "ssh2.h"
	50	#include "sshconnect.h"
	51
	52	/* import */
	53	extern Options options;
	54	extern char *host;
	55	extern struct sockaddr_storage hostaddr;
	56	extern int session_resumed;
	57
	58	static u_int32_t roaming_id;
	59	static u_int64_t cookie;
	60	static u_int64_t lastseenchall;
	61	static u_int64_t key1, key2, oldkey1, oldkey2;
	62
	63	void
	64	roaming_reply(int type, u_int32_t seq, void *ctxt)
	65	{
	66	if (type == SSH2_MSG_REQUEST_FAILURE) {
	67	logit("Server denied roaming");
	68	return;
	69	}
	70	verbose("Roaming enabled");
	71	roaming_id = packet_get_int();
	72	cookie = packet_get_int64();
	73	key1 = oldkey1 = packet_get_int64();
	74	key2 = oldkey2 = packet_get_int64();
	75	set_out_buffer_size(packet_get_int() + get_snd_buf_size());
	76	roaming_enabled = 1;
	77	}
	78
	79	void
	80	request_roaming(void)
	81	{
	82	packet_start(SSH2_MSG_GLOBAL_REQUEST);
	83	packet_put_cstring(ROAMING_REQUEST);
	84	packet_put_char(1);
	85	packet_put_int(get_recv_buf_size());
	86	packet_send();
	87	client_register_global_confirm(roaming_reply, NULL);
	88	}
	89
	90	static void
91	roaming_auth_required(void)
92	{
93	u_char digest[SHA_DIGEST_LENGTH];
94	EVP_MD_CTX md;
95	Buffer b;
96	const EVP_MD *evp_md = EVP_sha1();
97	u_int64_t chall, oldchall;
98
99	chall = packet_get_int64();
100	oldchall = packet_get_int64();
101	if (oldchall != lastseenchall) {
102	key1 = oldkey1;
103	key2 = oldkey2;
104	}
105	lastseenchall = chall;
106
107	buffer_init(&b);
108	buffer_put_int64(&b, cookie);
109	buffer_put_int64(&b, chall);
110	EVP_DigestInit(&md, evp_md);
111	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
112	EVP_DigestFinal(&md, digest, NULL);
113	buffer_free(&b);
114
115	packet_start(SSH2_MSG_KEX_ROAMING_AUTH);
116	packet_put_int64(key1 ^ get_recv_bytes());
117	packet_put_raw(digest, sizeof(digest));
118	packet_send();
119
120	oldkey1 = key1;
121	oldkey2 = key2;
122	calculate_new_key(&key1, cookie, chall);
123	calculate_new_key(&key2, cookie, chall);
124
c12cf250	125	debug("Received %llu bytes", (unsigned long long)get_recv_bytes());
6f8969f5	126	debug("Sent roaming_auth packet");
	127	}
	128
	129	int
	130	resume_kex(void)
	131	{
	132	/*
	133	* This should not happen - if the client sends the kex method
	134	* resume@appgate.com then the kex is done in roaming_resume().
	135	*/
	136	return 1;
	137	}
	138
	139	static int
	140	roaming_resume(void)
	141	{
	142	u_int64_t recv_bytes;
	143	char str = NULL, kexlist = NULL, *c;
	144	int i, type;
	145	int timeout_ms = options.connection_timeout * 1000;
	146	u_int len;
	147	u_int32_t rnd = 0;
	148
	149	resume_in_progress = 1;
	150
	151	/* Exchange banners */
	152	ssh_exchange_identification(timeout_ms);
	153	packet_set_nonblocking();
	154
	155	/* Send a kexinit message with resume@appgate.com as only kex algo */
	156	packet_start(SSH2_MSG_KEXINIT);
	157	for (i = 0; i < KEX_COOKIE_LEN; i++) {
	158	if (i % 4 == 0)
	159	rnd = arc4random();
	160	packet_put_char(rnd & 0xff);
	161	rnd >>= 8;
	162	}
	163	packet_put_cstring(KEX_RESUME);
	164	for (i = 1; i < PROPOSAL_MAX; i++) {
	165	/* kex algorithm added so start with i=1 and not 0 */
	166	packet_put_cstring(""); /* Not used when we resume */
	167	}
	168	packet_put_char(1); /* first kex_packet follows */
	169	packet_put_int(0); /* reserved */
	170	packet_send();
	171
	172	/* Assume that resume@appgate.com will be accepted */
	173	packet_start(SSH2_MSG_KEX_ROAMING_RESUME);
	174	packet_put_int(roaming_id);
	175	packet_send();
	176
	177	/* Read the server's kexinit and check for resume@appgate.com */
	178	if ((type = packet_read()) != SSH2_MSG_KEXINIT) {
	179	debug("expected kexinit on resume, got %d", type);
	180	goto fail;
	181	}
	182	for (i = 0; i < KEX_COOKIE_LEN; i++)
	183	(void)packet_get_char();
	184	kexlist = packet_get_string(&len);
	185	if (!kexlist
	186	\|\| (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) {
	187	debug("server doesn't allow resume");
	188	goto fail;
	189	}
190	xfree(str);
191	for (i = 1; i < PROPOSAL_MAX; i++) {
192	/* kex algorithm taken care of so start with i=1 and not 0 */
193	xfree(packet_get_string(&len));
194	}
195	i = packet_get_char(); /* first_kex_packet_follows */
196	if (i && (c = strchr(kexlist, ',')))
197	*c = 0;
198	if (i && strcmp(kexlist, KEX_RESUME)) {
199	debug("server's kex guess (%s) was wrong, skipping", kexlist);
200	(void)packet_read(); /* Wrong guess - discard packet */
201	}
202
203	/*
204	* Read the ROAMING_AUTH_REQUIRED challenge from the server and
205	* send ROAMING_AUTH
206	*/
207	if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) {
208	debug("expected roaming_auth_required, got %d", type);
209	goto fail;
210	}
211	roaming_auth_required();
212
213	/* Read ROAMING_AUTH_OK from the server */
214	if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) {
215	debug("expected roaming_auth_ok, got %d", type);
216	goto fail;
217	}
218	recv_bytes = packet_get_int64() ^ oldkey2;
c12cf250	219	debug("Peer received %llu bytes", (unsigned long long)recv_bytes);
6f8969f5	220	resend_bytes(packet_get_connection_out(), &recv_bytes);
	221
	222	resume_in_progress = 0;
	223
	224	session_resumed = 1; /* Tell clientloop */
	225
	226	return 0;
	227
	228	fail:
	229	if (kexlist)
	230	xfree(kexlist);
	231	if (packet_get_connection_in() == packet_get_connection_out())
	232	close(packet_get_connection_in());
	233	else {
	234	close(packet_get_connection_in());
	235	close(packet_get_connection_out());
	236	}
	237	return 1;
	238	}
	239
	240	int
	241	wait_for_roaming_reconnect(void)
	242	{
	243	static int reenter_guard = 0;
	244	int timeout_ms = options.connection_timeout * 1000;
	245	int c;
	246
	247	if (reenter_guard != 0)
	248	fatal("Server refused resume, roaming timeout may be exceeded");
	249	reenter_guard = 1;
	250
	251	fprintf(stderr, "[connection suspended, press return to resume]");
	252	fflush(stderr);
	253	packet_backup_state();
	254	/* TODO Perhaps we should read from tty here */
	255	while ((c = fgetc(stdin)) != EOF) {
	256	if (c == 'Z' - 64) {
	257	kill(getpid(), SIGTSTP);
	258	continue;
	259	}
	260	if (c != '\n' && c != '\r')
	261	continue;
	262
	263	if (ssh_connect(host, &hostaddr, options.port,
	264	options.address_family, 1, &timeout_ms,
	265	options.tcp_keep_alive, options.use_privileged_port,
	266	options.proxy_command) == 0 && roaming_resume() == 0) {
	267	packet_restore_state();
	268	reenter_guard = 0;
	269	fprintf(stderr, "[connection resumed]\n");
	270	fflush(stderr);
	271	return 0;
	272	}
	273
	274	fprintf(stderr, "[reconnect failed, press return to retry]");
	275	fflush(stderr);
	276	}
	277	fprintf(stderr, "[exiting]\n");
	278	fflush(stderr);
	279	exit(0);
	280	}