/*
- *
- * packet.c
- *
* Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
- *
- * Created: Sat Mar 18 02:40:40 1995 ylo
- *
* This file contains code implementing the packet protocol and communication
* with the other side. This same code is used both on client and server side.
*
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ *
+ *
* SSH2 packet format added by Markus Friedl.
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$Id$");
+RCSID("$OpenBSD: packet.c,v 1.38 2000/10/12 14:21:12 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "ssh.h"
#include "crc32.h"
-#include "cipher.h"
#include "getput.h"
#include "compress.h"
#include "compat.h"
#include "ssh2.h"
-#ifdef HAVE_OPENSSL
-# include <openssl/bn.h>
-# include <openssl/dh.h>
-# include <openssl/hmac.h>
-#endif /* HAVE_OPENSSL */
-#ifdef HAVE_SSL
-# include <ssl/bn.h>
-# include <ssl/dh.h>
-# include <ssl/hmac.h>
-#endif /* HAVE_SSL */
-
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/hmac.h>
#include "buffer.h"
+#include "cipher.h"
#include "kex.h"
#include "hmac.h"
void
packet_set_ssh2_format(void)
{
- debug("use_ssh2_packet_format");
+ DBG(debug("use_ssh2_packet_format"));
use_ssh2_packet_format = 1;
}
void
packet_set_connection(int fd_in, int fd_out)
{
+ Cipher *none = cipher_by_name("none");
+ if (none == NULL)
+ fatal("packet_set_connection: cannot load cipher 'none'");
connection_in = fd_in;
connection_out = fd_out;
cipher_type = SSH_CIPHER_NONE;
- cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0, 1);
- cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0, 0);
+ cipher_init(&send_context, none, (unsigned char *) "", 0, NULL, 0);
+ cipher_init(&receive_context, none, (unsigned char *) "", 0, NULL, 0);
if (!initialized) {
initialized = 1;
buffer_init(&input);
*/
void
-packet_decrypt(CipherContext * cc, void *dest, void *src,
- unsigned int bytes)
+packet_decrypt(CipherContext *context, void *dest, void *src, unsigned int bytes)
{
- int i;
-
- if ((bytes % 8) != 0)
- fatal("packet_decrypt: bad ciphertext length %d", bytes);
-
/*
* Cryptographic attack detector for ssh - Modifications for packet.c
* (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com)
*/
-
- if (cc->type == SSH_CIPHER_NONE || compat20) {
- i = DEATTACK_OK;
- } else {
- i = detect_attack(src, bytes, NULL);
- }
- if (i == DEATTACK_DETECTED)
+ if (!compat20 &&
+ context->cipher->number != SSH_CIPHER_NONE &&
+ detect_attack(src, bytes, NULL) == DEATTACK_DETECTED)
packet_disconnect("crc32 compensation attack: network attack detected");
- cipher_decrypt(cc, dest, src, bytes);
+ cipher_decrypt(context, dest, src, bytes);
}
/*
void
packet_set_encryption_key(const unsigned char *key, unsigned int keylen,
- int cipher)
+ int number)
{
+ Cipher *cipher = cipher_by_number(number);
+ if (cipher == NULL)
+ fatal("packet_set_encryption_key: unknown cipher number %d", number);
if (keylen < 20)
- fatal("keylen too small: %d", keylen);
-
- /* All other ciphers use the same key in both directions for now. */
- cipher_set_key(&receive_context, cipher, key, keylen, 0);
- cipher_set_key(&send_context, cipher, key, keylen, 1);
+ fatal("packet_set_encryption_key: keylen too small: %d", keylen);
+ cipher_init(&receive_context, cipher, key, keylen, NULL, 0);
+ cipher_init(&send_context, cipher, key, keylen, NULL, 0);
}
/* Starts constructing a packet to send. */
/* Compute packet length without padding (add checksum, remove padding). */
len = buffer_len(&outgoing_packet) + 4 - 8;
- /* Insert padding. */
+ /* Insert padding. Initialized to zero in packet_start1() */
padding = 8 - len % 8;
if (cipher_type != SSH_CIPHER_NONE) {
cp = buffer_ptr(&outgoing_packet);
buffer_consume(&outgoing_packet, 8 - padding);
/* Add check bytes. */
- checksum = crc32((unsigned char *) buffer_ptr(&outgoing_packet),
- buffer_len(&outgoing_packet));
+ checksum = ssh_crc32((unsigned char *) buffer_ptr(&outgoing_packet),
+ buffer_len(&outgoing_packet));
PUT_32BIT(buf, checksum);
buffer_append(&outgoing_packet, buf, 4);
unsigned int packet_length = 0;
unsigned int i, padlen, len;
u_int32_t rand = 0;
- static unsigned int seqnr = 0;
+ static unsigned int seqnr = 0;
int type;
Enc *enc = NULL;
Mac *mac = NULL;
mac = &kex->mac[MODE_OUT];
comp = &kex->comp[MODE_OUT];
}
- block_size = enc ? enc->block_size : 8;
+ block_size = enc ? enc->cipher->block_size : 8;
cp = buffer_ptr(&outgoing_packet);
type = cp[5] & 0xff;
if (padlen < 4)
padlen += block_size;
buffer_append_space(&outgoing_packet, &cp, padlen);
- if (enc && enc->type != SSH_CIPHER_NONE) {
+ if (enc && enc->cipher->number != SSH_CIPHER_NONE) {
+ /* random padding */
for (i = 0; i < padlen; i++) {
if (i % 4 == 0)
rand = arc4random();
cp[i] = rand & 0xff;
rand <<= 8;
}
+ } else {
+ /* clear padding */
+ memset(cp, 0, padlen);
}
/* packet_length includes payload, padding and padding length field */
packet_length = buffer_len(&outgoing_packet) - 4;
buffer_len(&outgoing_packet),
mac->key, mac->key_len
);
- DBG(debug("done calc HMAC out #%d", seqnr));
+ DBG(debug("done calc MAC out #%d", seqnr));
}
/* encrypt packet and append to output buffer. */
buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));
fprintf(stderr, "encrypted: ");
buffer_dump(&output);
#endif
- /* increment sequence number for outgoing packets */
- if (++seqnr == 0)
- log("outgoing seqnr wraps around");
+ /* increment sequence number for outgoing packets */
+ if (++seqnr == 0)
+ log("outgoing seqnr wraps around");
buffer_clear(&outgoing_packet);
if (type == SSH2_MSG_NEWKEYS) {
fatal("packet_send2: no KEX");
if (mac->md != NULL)
mac->enabled = 1;
- debug("cipher_set_key_iv send_context");
- cipher_set_key_iv(&send_context, enc->type,
- enc->key, enc->key_len,
- enc->iv, enc->iv_len);
+ DBG(debug("cipher_init send_context"));
+ cipher_init(&send_context, enc->cipher,
+ enc->key, enc->cipher->key_len,
+ enc->iv, enc->cipher->block_size);
clear_enc_keys(enc, kex->we_need);
if (comp->type != 0 && comp->enabled == 0) {
comp->enabled = 1;
DBG(debug("packet_send done"));
}
-void
-packet_send_and_wait()
-{
- packet_send();
- packet_write_wait();
-}
-
/*
* Waits until a packet has been received, and returns its type. Note that
* no other data is processed until this returns, so this function should not
for (;;) {
/* Try to read a packet from the buffer. */
type = packet_read_poll(payload_len_ptr);
- if (type == SSH_SMSG_SUCCESS
+ if (!use_ssh2_packet_format && (
+ type == SSH_SMSG_SUCCESS
|| type == SSH_SMSG_FAILURE
|| type == SSH_CMSG_EOF
- || type == SSH_CMSG_EXIT_CONFIRMATION)
+ || type == SSH_CMSG_EXIT_CONFIRMATION))
packet_integrity_check(*payload_len_ptr, 0, type);
/* If we got a packet, return it. */
if (type != SSH_MSG_NONE)
#endif
/* Compute packet checksum. */
- checksum = crc32((unsigned char *) buffer_ptr(&incoming_packet),
+ checksum = ssh_crc32((unsigned char *) buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet) - 4);
/* Skip padding. */
comp = &kex->comp[MODE_IN];
}
maclen = mac && mac->enabled ? mac->mac_len : 0;
- block_size = enc ? enc->block_size : 8;
+ block_size = enc ? enc->cipher->block_size : 8;
if (packet_length == 0) {
/*
* compute MAC over seqnr and packet,
* increment sequence number for incoming packet
*/
- if (mac && mac->enabled) {
+ if (mac && mac->enabled) {
macbuf = hmac( mac->md, seqnr,
(unsigned char *) buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet),
mac->key, mac->key_len
);
if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
- packet_disconnect("Corrupted HMAC on input.");
- DBG(debug("HMAC #%d ok", seqnr));
+ packet_disconnect("Corrupted MAC on input.");
+ DBG(debug("MAC #%d ok", seqnr));
buffer_consume(&input, mac->mac_len);
}
- if (++seqnr == 0)
- log("incoming seqnr wraps around");
+ if (++seqnr == 0)
+ log("incoming seqnr wraps around");
/* get padlen */
cp = buffer_ptr(&incoming_packet) + 4;
fatal("packet_read_poll2: no KEX");
if (mac->md != NULL)
mac->enabled = 1;
- debug("cipher_set_key_iv receive_context");
- cipher_set_key_iv(&receive_context, enc->type,
- enc->key, enc->key_len,
- enc->iv, enc->iv_len);
+ DBG(debug("cipher_init receive_context"));
+ cipher_init(&receive_context, enc->cipher,
+ enc->key, enc->cipher->key_len,
+ enc->iv, enc->cipher->block_size);
clear_enc_keys(enc, kex->we_need);
if (comp->type != 0 && comp->enabled == 0) {
comp->enabled = 1;
return buffer_ptr(&incoming_packet);
}
+int
+packet_remaining(void)
+{
+ return buffer_len(&incoming_packet);
+}
+
/*
* Returns a string from the packet data. The string is allocated using
* xmalloc; it is the responsibility of the calling program to free it when
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
- packet_start(SSH_MSG_DEBUG);
- packet_put_string(buf, strlen(buf));
+ if (compat20) {
+ packet_start(SSH2_MSG_DEBUG);
+ packet_put_char(0); /* bool: always display */
+ packet_put_cstring(buf);
+ packet_put_cstring("");
+ } else {
+ packet_start(SSH_MSG_DEBUG);
+ packet_put_cstring(buf);
+ }
packet_send();
packet_write_wait();
}
* Set IP options for an interactive connection. Use
* IPTOS_LOWDELAY and TCP_NODELAY.
*/
+#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
int lowdelay = IPTOS_LOWDELAY;
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &lowdelay,
sizeof(lowdelay)) < 0)
error("setsockopt IPTOS_LOWDELAY: %.100s", strerror(errno));
+#endif
if (setsockopt(connection_in, IPPROTO_TCP, TCP_NODELAY, (void *) &on,
sizeof(on)) < 0)
error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
* Set IP options for a non-interactive connection. Use
* IPTOS_THROUGHPUT.
*/
+#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
int throughput = IPTOS_THROUGHPUT;
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput,
sizeof(throughput)) < 0)
error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
+#endif
}
}
andersk / openssh.git / blobdiff