1 /* 2 * 3 * packet.c 4 * 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8 * All rights reserved 9 * 10 * Created: Sat Mar 18 02:40:40 1995 ylo 11 * 12 * This file contains code implementing the packet protocol and communication 13 * with the other side. This same code is used both on client and server side. 14 * 15 * SSH2 packet format added by Markus Friedl. 16 * 17 */ 18 19 #include "includes.h" 20 RCSID("$Id: packet.c,v 1.32 2000/05/04 22:22:43 markus Exp $"); 21 22 #include "xmalloc.h" 23 #include "buffer.h" 24 #include "packet.h" 25 #include "bufaux.h" 26 #include "ssh.h" 27 #include "crc32.h" 28 #include "cipher.h" 29 #include "getput.h" 30 31 #include "compress.h" 32 #include "deattack.h" 33 #include "channels.h" 34 35 #include "compat.h" 36 #include "ssh2.h" 37 38 #include <openssl/bn.h> 39 #include <openssl/dh.h> 40 #include <openssl/hmac.h> 41 #include "buffer.h" 42 #include "kex.h" 43 #include "hmac.h" 44 45 #ifdef PACKET_DEBUG 46 #define DBG(x) x 47 #else 48 #define DBG(x) 49 #endif 50 51 /* 52 * This variable contains the file descriptors used for communicating with 53 * the other side. connection_in is used for reading; connection_out for 54 * writing. These can be the same descriptor, in which case it is assumed to 55 * be a socket. 56 */ 57 static int connection_in = -1; 58 static int connection_out = -1; 59 60 /* 61 * Cipher type. This value is only used to determine whether to pad the 62 * packets with zeroes or random data. 63 */ 64 static int cipher_type = SSH_CIPHER_NONE; 65 66 /* Protocol flags for the remote side. */ 67 static unsigned int remote_protocol_flags = 0; 68 69 /* Encryption context for receiving data. This is only used for decryption. */ 70 static CipherContext receive_context; 71 72 /* Encryption context for sending data. This is only used for encryption. */ 73 static CipherContext send_context; 74 75 /* Buffer for raw input data from the socket. */ 76 static Buffer input; 77 78 /* Buffer for raw output data going to the socket. */ 79 static Buffer output; 80 81 /* Buffer for the partial outgoing packet being constructed. */ 82 static Buffer outgoing_packet; 83 84 /* Buffer for the incoming packet currently being processed. */ 85 static Buffer incoming_packet; 86 87 /* Scratch buffer for packet compression/decompression. */ 88 static Buffer compression_buffer; 89 90 /* Flag indicating whether packet compression/decompression is enabled. */ 91 static int packet_compression = 0; 92 93 /* default maximum packet size */ 94 int max_packet_size = 32768; 95 96 /* Flag indicating whether this module has been initialized. */ 97 static int initialized = 0; 98 99 /* Set to true if the connection is interactive. */ 100 static int interactive_mode = 0; 101 102 /* True if SSH2 packet format is used */ 103 int use_ssh2_packet_format = 0; 104 105 /* Session key information for Encryption and MAC */ 106 Kex *kex = NULL; 107 108 void 109 packet_set_kex(Kex *k) 110 { 111 if( k->mac[MODE_IN ].key == NULL || 112 k->enc[MODE_IN ].key == NULL || 113 k->enc[MODE_IN ].iv == NULL || 114 k->mac[MODE_OUT].key == NULL || 115 k->enc[MODE_OUT].key == NULL || 116 k->enc[MODE_OUT].iv == NULL) 117 fatal("bad KEX"); 118 kex = k; 119 } 120 void 121 clear_enc_keys(Enc *enc, int len) 122 { 123 memset(enc->iv, 0, len); 124 memset(enc->key, 0, len); 125 xfree(enc->iv); 126 xfree(enc->key); 127 enc->iv = NULL; 128 enc->key = NULL; 129 } 130 void 131 packet_set_ssh2_format(void) 132 { 133 DBG(debug("use_ssh2_packet_format")); 134 use_ssh2_packet_format = 1; 135 } 136 137 /* 138 * Sets the descriptors used for communication. Disables encryption until 139 * packet_set_encryption_key is called. 140 */ 141 void 142 packet_set_connection(int fd_in, int fd_out) 143 { 144 connection_in = fd_in; 145 connection_out = fd_out; 146 cipher_type = SSH_CIPHER_NONE; 147 cipher_set_key(&send_context, SSH_CIPHER_NONE, (unsigned char *) "", 0); 148 cipher_set_key(&receive_context, SSH_CIPHER_NONE, (unsigned char *) "", 0); 149 if (!initialized) { 150 initialized = 1; 151 buffer_init(&input); 152 buffer_init(&output); 153 buffer_init(&outgoing_packet); 154 buffer_init(&incoming_packet); 155 } 156 /* Kludge: arrange the close function to be called from fatal(). */ 157 fatal_add_cleanup((void (*) (void *)) packet_close, NULL); 158 } 159 160 /* Returns 1 if remote host is connected via socket, 0 if not. */ 161 162 int 163 packet_connection_is_on_socket() 164 { 165 struct sockaddr_storage from, to; 166 socklen_t fromlen, tolen; 167 168 /* filedescriptors in and out are the same, so it's a socket */ 169 if (connection_in == connection_out) 170 return 1; 171 fromlen = sizeof(from); 172 memset(&from, 0, sizeof(from)); 173 if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0) 174 return 0; 175 tolen = sizeof(to); 176 memset(&to, 0, sizeof(to)); 177 if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0) 178 return 0; 179 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) 180 return 0; 181 if (from.ss_family != AF_INET && from.ss_family != AF_INET6) 182 return 0; 183 return 1; 184 } 185 186 /* returns 1 if connection is via ipv4 */ 187 188 int 189 packet_connection_is_ipv4() 190 { 191 struct sockaddr_storage to; 192 socklen_t tolen = sizeof(to); 193 194 memset(&to, 0, sizeof(to)); 195 if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) 196 return 0; 197 if (to.ss_family != AF_INET) 198 return 0; 199 return 1; 200 } 201 202 /* Sets the connection into non-blocking mode. */ 203 204 void 205 packet_set_nonblocking() 206 { 207 /* Set the socket into non-blocking mode. */ 208 if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0) 209 error("fcntl O_NONBLOCK: %.100s", strerror(errno)); 210 211 if (connection_out != connection_in) { 212 if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0) 213 error("fcntl O_NONBLOCK: %.100s", strerror(errno)); 214 } 215 } 216 217 /* Returns the socket used for reading. */ 218 219 int 220 packet_get_connection_in() 221 { 222 return connection_in; 223 } 224 225 /* Returns the descriptor used for writing. */ 226 227 int 228 packet_get_connection_out() 229 { 230 return connection_out; 231 } 232 233 /* Closes the connection and clears and frees internal data structures. */ 234 235 void 236 packet_close() 237 { 238 if (!initialized) 239 return; 240 initialized = 0; 241 if (connection_in == connection_out) { 242 shutdown(connection_out, SHUT_RDWR); 243 close(connection_out); 244 } else { 245 close(connection_in); 246 close(connection_out); 247 } 248 buffer_free(&input); 249 buffer_free(&output); 250 buffer_free(&outgoing_packet); 251 buffer_free(&incoming_packet); 252 if (packet_compression) { 253 buffer_free(&compression_buffer); 254 buffer_compress_uninit(); 255 } 256 } 257 258 /* Sets remote side protocol flags. */ 259 260 void 261 packet_set_protocol_flags(unsigned int protocol_flags) 262 { 263 remote_protocol_flags = protocol_flags; 264 channel_set_options((protocol_flags & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) != 0); 265 } 266 267 /* Returns the remote protocol flags set earlier by the above function. */ 268 269 unsigned int 270 packet_get_protocol_flags() 271 { 272 return remote_protocol_flags; 273 } 274 275 /* 276 * Starts packet compression from the next packet on in both directions. 277 * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip. 278 */ 279 280 /*** XXXXX todo: kex means re-init */ 281 void 282 packet_start_compression(int level) 283 { 284 if (packet_compression) 285 fatal("Compression already enabled."); 286 packet_compression = 1; 287 buffer_init(&compression_buffer); 288 buffer_compress_init(level); 289 } 290 291 /* 292 * Encrypts the given number of bytes, copying from src to dest. bytes is 293 * known to be a multiple of 8. 294 */ 295 296 void 297 packet_encrypt(CipherContext * cc, void *dest, void *src, 298 unsigned int bytes) 299 { 300 cipher_encrypt(cc, dest, src, bytes); 301 } 302 303 /* 304 * Decrypts the given number of bytes, copying from src to dest. bytes is 305 * known to be a multiple of 8. 306 */ 307 308 void 309 packet_decrypt(CipherContext * cc, void *dest, void *src, 310 unsigned int bytes) 311 { 312 int i; 313 314 if ((bytes % 8) != 0) 315 fatal("packet_decrypt: bad ciphertext length %d", bytes); 316 317 /* 318 * Cryptographic attack detector for ssh - Modifications for packet.c 319 * (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com) 320 */ 321 322 if (cc->type == SSH_CIPHER_NONE || compat20) { 323 i = DEATTACK_OK; 324 } else { 325 i = detect_attack(src, bytes, NULL); 326 } 327 if (i == DEATTACK_DETECTED) 328 packet_disconnect("crc32 compensation attack: network attack detected"); 329 330 cipher_decrypt(cc, dest, src, bytes); 331 } 332 333 /* 334 * Causes any further packets to be encrypted using the given key. The same 335 * key is used for both sending and reception. However, both directions are 336 * encrypted independently of each other. 337 */ 338 339 void 340 packet_set_encryption_key(const unsigned char *key, unsigned int keylen, 341 int cipher) 342 { 343 if (keylen < 20) 344 fatal("keylen too small: %d", keylen); 345 346 /* All other ciphers use the same key in both directions for now. */ 347 cipher_set_key(&receive_context, cipher, key, keylen); 348 cipher_set_key(&send_context, cipher, key, keylen); 349 } 350 351 /* Starts constructing a packet to send. */ 352 353 void 354 packet_start1(int type) 355 { 356 char buf[9]; 357 358 buffer_clear(&outgoing_packet); 359 memset(buf, 0, 8); 360 buf[8] = type; 361 buffer_append(&outgoing_packet, buf, 9); 362 } 363 364 void 365 packet_start2(int type) 366 { 367 char buf[4+1+1]; 368 369 buffer_clear(&outgoing_packet); 370 memset(buf, 0, sizeof buf); 371 /* buf[0..3] = payload_len; */ 372 /* buf[4] = pad_len; */ 373 buf[5] = type & 0xff; 374 buffer_append(&outgoing_packet, buf, sizeof buf); 375 } 376 377 void 378 packet_start(int type) 379 { 380 DBG(debug("packet_start[%d]",type)); 381 if (use_ssh2_packet_format) 382 packet_start2(type); 383 else 384 packet_start1(type); 385 } 386 387 /* Appends a character to the packet data. */ 388 389 void 390 packet_put_char(int value) 391 { 392 char ch = value; 393 buffer_append(&outgoing_packet, &ch, 1); 394 } 395 396 /* Appends an integer to the packet data. */ 397 398 void 399 packet_put_int(unsigned int value) 400 { 401 buffer_put_int(&outgoing_packet, value); 402 } 403 404 /* Appends a string to packet data. */ 405 406 void 407 packet_put_string(const char *buf, unsigned int len) 408 { 409 buffer_put_string(&outgoing_packet, buf, len); 410 } 411 void 412 packet_put_cstring(const char *str) 413 { 414 buffer_put_string(&outgoing_packet, str, strlen(str)); 415 } 416 417 void 418 packet_put_raw(const char *buf, unsigned int len) 419 { 420 buffer_append(&outgoing_packet, buf, len); 421 } 422 423 424 /* Appends an arbitrary precision integer to packet data. */ 425 426 void 427 packet_put_bignum(BIGNUM * value) 428 { 429 buffer_put_bignum(&outgoing_packet, value); 430 } 431 void 432 packet_put_bignum2(BIGNUM * value) 433 { 434 buffer_put_bignum2(&outgoing_packet, value); 435 } 436 437 /* 438 * Finalizes and sends the packet. If the encryption key has been set, 439 * encrypts the packet before sending. 440 */ 441 442 void 443 packet_send1() 444 { 445 char buf[8], *cp; 446 int i, padding, len; 447 unsigned int checksum; 448 u_int32_t rand = 0; 449 450 /* 451 * If using packet compression, compress the payload of the outgoing 452 * packet. 453 */ 454 if (packet_compression) { 455 buffer_clear(&compression_buffer); 456 /* Skip padding. */ 457 buffer_consume(&outgoing_packet, 8); 458 /* padding */ 459 buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8); 460 buffer_compress(&outgoing_packet, &compression_buffer); 461 buffer_clear(&outgoing_packet); 462 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 463 buffer_len(&compression_buffer)); 464 } 465 /* Compute packet length without padding (add checksum, remove padding). */ 466 len = buffer_len(&outgoing_packet) + 4 - 8; 467 468 /* Insert padding. Initialized to zero in packet_start1() */ 469 padding = 8 - len % 8; 470 if (cipher_type != SSH_CIPHER_NONE) { 471 cp = buffer_ptr(&outgoing_packet); 472 for (i = 0; i < padding; i++) { 473 if (i % 4 == 0) 474 rand = arc4random(); 475 cp[7 - i] = rand & 0xff; 476 rand >>= 8; 477 } 478 } 479 buffer_consume(&outgoing_packet, 8 - padding); 480 481 /* Add check bytes. */ 482 checksum = crc32((unsigned char *) buffer_ptr(&outgoing_packet), 483 buffer_len(&outgoing_packet)); 484 PUT_32BIT(buf, checksum); 485 buffer_append(&outgoing_packet, buf, 4); 486 487 #ifdef PACKET_DEBUG 488 fprintf(stderr, "packet_send plain: "); 489 buffer_dump(&outgoing_packet); 490 #endif 491 492 /* Append to output. */ 493 PUT_32BIT(buf, len); 494 buffer_append(&output, buf, 4); 495 buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); 496 packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), 497 buffer_len(&outgoing_packet)); 498 499 #ifdef PACKET_DEBUG 500 fprintf(stderr, "encrypted: "); 501 buffer_dump(&output); 502 #endif 503 504 buffer_clear(&outgoing_packet); 505 506 /* 507 * Note that the packet is now only buffered in output. It won\'t be 508 * actually sent until packet_write_wait or packet_write_poll is 509 * called. 510 */ 511 } 512 513 /* 514 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) 515 */ 516 void 517 packet_send2() 518 { 519 unsigned char *macbuf = NULL; 520 char *cp; 521 unsigned int packet_length = 0; 522 unsigned int i, padlen, len; 523 u_int32_t rand = 0; 524 static unsigned int seqnr = 0; 525 int type; 526 Enc *enc = NULL; 527 Mac *mac = NULL; 528 Comp *comp = NULL; 529 int block_size; 530 531 if (kex != NULL) { 532 enc = &kex->enc[MODE_OUT]; 533 mac = &kex->mac[MODE_OUT]; 534 comp = &kex->comp[MODE_OUT]; 535 } 536 block_size = enc ? enc->block_size : 8; 537 538 cp = buffer_ptr(&outgoing_packet); 539 type = cp[5] & 0xff; 540 541 #ifdef PACKET_DEBUG 542 fprintf(stderr, "plain: "); 543 buffer_dump(&outgoing_packet); 544 #endif 545 546 if (comp && comp->enabled) { 547 len = buffer_len(&outgoing_packet); 548 /* skip header, compress only payload */ 549 buffer_consume(&outgoing_packet, 5); 550 buffer_clear(&compression_buffer); 551 buffer_compress(&outgoing_packet, &compression_buffer); 552 buffer_clear(&outgoing_packet); 553 buffer_append(&outgoing_packet, "\0\0\0\0\0", 5); 554 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 555 buffer_len(&compression_buffer)); 556 DBG(debug("compression: raw %d compressed %d", len, 557 buffer_len(&outgoing_packet))); 558 } 559 560 /* sizeof (packet_len + pad_len + payload) */ 561 len = buffer_len(&outgoing_packet); 562 563 /* 564 * calc size of padding, alloc space, get random data, 565 * minimum padding is 4 bytes 566 */ 567 padlen = block_size - (len % block_size); 568 if (padlen < 4) 569 padlen += block_size; 570 buffer_append_space(&outgoing_packet, &cp, padlen); 571 if (enc && enc->type != SSH_CIPHER_NONE) { 572 /* random padding */ 573 for (i = 0; i < padlen; i++) { 574 if (i % 4 == 0) 575 rand = arc4random(); 576 cp[i] = rand & 0xff; 577 rand <<= 8; 578 } 579 } else { 580 /* clear padding */ 581 memset(cp, 0, padlen); 582 } 583 /* packet_length includes payload, padding and padding length field */ 584 packet_length = buffer_len(&outgoing_packet) - 4; 585 cp = buffer_ptr(&outgoing_packet); 586 PUT_32BIT(cp, packet_length); 587 cp[4] = padlen & 0xff; 588 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); 589 590 /* compute MAC over seqnr and packet(length fields, payload, padding) */ 591 if (mac && mac->enabled) { 592 macbuf = hmac( mac->md, seqnr, 593 (unsigned char *) buffer_ptr(&outgoing_packet), 594 buffer_len(&outgoing_packet), 595 mac->key, mac->key_len 596 ); 597 DBG(debug("done calc HMAC out #%d", seqnr)); 598 } 599 /* encrypt packet and append to output buffer. */ 600 buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); 601 packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), 602 buffer_len(&outgoing_packet)); 603 /* append unencrypted MAC */ 604 if (mac && mac->enabled) 605 buffer_append(&output, (char *)macbuf, mac->mac_len); 606 #ifdef PACKET_DEBUG 607 fprintf(stderr, "encrypted: "); 608 buffer_dump(&output); 609 #endif 610 /* increment sequence number for outgoing packets */ 611 if (++seqnr == 0) 612 log("outgoing seqnr wraps around"); 613 buffer_clear(&outgoing_packet); 614 615 if (type == SSH2_MSG_NEWKEYS) { 616 if (kex==NULL || mac==NULL || enc==NULL || comp==NULL) 617 fatal("packet_send2: no KEX"); 618 if (mac->md != NULL) 619 mac->enabled = 1; 620 DBG(debug("cipher_set_key_iv send_context")); 621 cipher_set_key_iv(&send_context, enc->type, 622 enc->key, enc->key_len, 623 enc->iv, enc->iv_len); 624 clear_enc_keys(enc, kex->we_need); 625 if (comp->type != 0 && comp->enabled == 0) { 626 comp->enabled = 1; 627 if (! packet_compression) 628 packet_start_compression(6); 629 } 630 } 631 } 632 633 void 634 packet_send() 635 { 636 if (use_ssh2_packet_format) 637 packet_send2(); 638 else 639 packet_send1(); 640 DBG(debug("packet_send done")); 641 } 642 643 /* 644 * Waits until a packet has been received, and returns its type. Note that 645 * no other data is processed until this returns, so this function should not 646 * be used during the interactive session. 647 */ 648 649 int 650 packet_read(int *payload_len_ptr) 651 { 652 int type, len; 653 fd_set set; 654 char buf[8192]; 655 DBG(debug("packet_read()")); 656 657 /* Since we are blocking, ensure that all written packets have been sent. */ 658 packet_write_wait(); 659 660 /* Stay in the loop until we have received a complete packet. */ 661 for (;;) { 662 /* Try to read a packet from the buffer. */ 663 type = packet_read_poll(payload_len_ptr); 664 if (!use_ssh2_packet_format && ( 665 type == SSH_SMSG_SUCCESS 666 || type == SSH_SMSG_FAILURE 667 || type == SSH_CMSG_EOF 668 || type == SSH_CMSG_EXIT_CONFIRMATION)) 669 packet_integrity_check(*payload_len_ptr, 0, type); 670 /* If we got a packet, return it. */ 671 if (type != SSH_MSG_NONE) 672 return type; 673 /* 674 * Otherwise, wait for some data to arrive, add it to the 675 * buffer, and try again. 676 */ 677 FD_ZERO(&set); 678 FD_SET(connection_in, &set); 679 680 /* Wait for some data to arrive. */ 681 select(connection_in + 1, &set, NULL, NULL, NULL); 682 683 /* Read data from the socket. */ 684 len = read(connection_in, buf, sizeof(buf)); 685 if (len == 0) { 686 log("Connection closed by %.200s", get_remote_ipaddr()); 687 fatal_cleanup(); 688 } 689 if (len < 0) 690 fatal("Read from socket failed: %.100s", strerror(errno)); 691 /* Append it to the buffer. */ 692 packet_process_incoming(buf, len); 693 } 694 /* NOTREACHED */ 695 } 696 697 /* 698 * Waits until a packet has been received, verifies that its type matches 699 * that given, and gives a fatal error and exits if there is a mismatch. 700 */ 701 702 void 703 packet_read_expect(int *payload_len_ptr, int expected_type) 704 { 705 int type; 706 707 type = packet_read(payload_len_ptr); 708 if (type != expected_type) 709 packet_disconnect("Protocol error: expected packet type %d, got %d", 710 expected_type, type); 711 } 712 713 /* Checks if a full packet is available in the data received so far via 714 * packet_process_incoming. If so, reads the packet; otherwise returns 715 * SSH_MSG_NONE. This does not wait for data from the connection. 716 * 717 * SSH_MSG_DISCONNECT is handled specially here. Also, 718 * SSH_MSG_IGNORE messages are skipped by this function and are never returned 719 * to higher levels. 720 * 721 * The returned payload_len does include space consumed by: 722 * Packet length 723 * Padding 724 * Packet type 725 * Check bytes 726 */ 727 728 int 729 packet_read_poll1(int *payload_len_ptr) 730 { 731 unsigned int len, padded_len; 732 unsigned char *ucp; 733 char buf[8], *cp; 734 unsigned int checksum, stored_checksum; 735 736 /* Check if input size is less than minimum packet size. */ 737 if (buffer_len(&input) < 4 + 8) 738 return SSH_MSG_NONE; 739 /* Get length of incoming packet. */ 740 ucp = (unsigned char *) buffer_ptr(&input); 741 len = GET_32BIT(ucp); 742 if (len < 1 + 2 + 2 || len > 256 * 1024) 743 packet_disconnect("Bad packet length %d.", len); 744 padded_len = (len + 8) & ~7; 745 746 /* Check if the packet has been entirely received. */ 747 if (buffer_len(&input) < 4 + padded_len) 748 return SSH_MSG_NONE; 749 750 /* The entire packet is in buffer. */ 751 752 /* Consume packet length. */ 753 buffer_consume(&input, 4); 754 755 /* Copy data to incoming_packet. */ 756 buffer_clear(&incoming_packet); 757 buffer_append_space(&incoming_packet, &cp, padded_len); 758 packet_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len); 759 buffer_consume(&input, padded_len); 760 761 #ifdef PACKET_DEBUG 762 fprintf(stderr, "read_poll plain: "); 763 buffer_dump(&incoming_packet); 764 #endif 765 766 /* Compute packet checksum. */ 767 checksum = crc32((unsigned char *) buffer_ptr(&incoming_packet), 768 buffer_len(&incoming_packet) - 4); 769 770 /* Skip padding. */ 771 buffer_consume(&incoming_packet, 8 - len % 8); 772 773 /* Test check bytes. */ 774 775 if (len != buffer_len(&incoming_packet)) 776 packet_disconnect("packet_read_poll: len %d != buffer_len %d.", 777 len, buffer_len(&incoming_packet)); 778 779 ucp = (unsigned char *) buffer_ptr(&incoming_packet) + len - 4; 780 stored_checksum = GET_32BIT(ucp); 781 if (checksum != stored_checksum) 782 packet_disconnect("Corrupted check bytes on input."); 783 buffer_consume_end(&incoming_packet, 4); 784 785 /* If using packet compression, decompress the packet. */ 786 if (packet_compression) { 787 buffer_clear(&compression_buffer); 788 buffer_uncompress(&incoming_packet, &compression_buffer); 789 buffer_clear(&incoming_packet); 790 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 791 buffer_len(&compression_buffer)); 792 } 793 /* Get packet type. */ 794 buffer_get(&incoming_packet, &buf[0], 1); 795 796 /* Return length of payload (without type field). */ 797 *payload_len_ptr = buffer_len(&incoming_packet); 798 799 /* Return type. */ 800 return (unsigned char) buf[0]; 801 } 802 803 int 804 packet_read_poll2(int *payload_len_ptr) 805 { 806 unsigned int padlen, need; 807 unsigned char buf[8], *macbuf; 808 unsigned char *ucp; 809 char *cp; 810 static unsigned int packet_length = 0; 811 static unsigned int seqnr = 0; 812 int type; 813 int maclen, block_size; 814 Enc *enc = NULL; 815 Mac *mac = NULL; 816 Comp *comp = NULL; 817 818 if (kex != NULL) { 819 enc = &kex->enc[MODE_IN]; 820 mac = &kex->mac[MODE_IN]; 821 comp = &kex->comp[MODE_IN]; 822 } 823 maclen = mac && mac->enabled ? mac->mac_len : 0; 824 block_size = enc ? enc->block_size : 8; 825 826 if (packet_length == 0) { 827 /* 828 * check if input size is less than the cipher block size, 829 * decrypt first block and extract length of incoming packet 830 */ 831 if (buffer_len(&input) < block_size) 832 return SSH_MSG_NONE; 833 buffer_clear(&incoming_packet); 834 buffer_append_space(&incoming_packet, &cp, block_size); 835 packet_decrypt(&receive_context, cp, buffer_ptr(&input), 836 block_size); 837 ucp = (unsigned char *) buffer_ptr(&incoming_packet); 838 packet_length = GET_32BIT(ucp); 839 if (packet_length < 1 + 4 || packet_length > 256 * 1024) { 840 buffer_dump(&incoming_packet); 841 packet_disconnect("Bad packet length %d.", packet_length); 842 } 843 DBG(debug("input: packet len %d", packet_length+4)); 844 buffer_consume(&input, block_size); 845 } 846 /* we have a partial packet of block_size bytes */ 847 need = 4 + packet_length - block_size; 848 DBG(debug("partial packet %d, need %d, maclen %d", block_size, 849 need, maclen)); 850 if (need % block_size != 0) 851 fatal("padding error: need %d block %d mod %d", 852 need, block_size, need % block_size); 853 /* 854 * check if the entire packet has been received and 855 * decrypt into incoming_packet 856 */ 857 if (buffer_len(&input) < need + maclen) 858 return SSH_MSG_NONE; 859 #ifdef PACKET_DEBUG 860 fprintf(stderr, "read_poll enc/full: "); 861 buffer_dump(&input); 862 #endif 863 buffer_append_space(&incoming_packet, &cp, need); 864 packet_decrypt(&receive_context, cp, buffer_ptr(&input), need); 865 buffer_consume(&input, need); 866 /* 867 * compute MAC over seqnr and packet, 868 * increment sequence number for incoming packet 869 */ 870 if (mac && mac->enabled) { 871 macbuf = hmac( mac->md, seqnr, 872 (unsigned char *) buffer_ptr(&incoming_packet), 873 buffer_len(&incoming_packet), 874 mac->key, mac->key_len 875 ); 876 if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) 877 packet_disconnect("Corrupted HMAC on input."); 878 DBG(debug("HMAC #%d ok", seqnr)); 879 buffer_consume(&input, mac->mac_len); 880 } 881 if (++seqnr == 0) 882 log("incoming seqnr wraps around"); 883 884 /* get padlen */ 885 cp = buffer_ptr(&incoming_packet) + 4; 886 padlen = *cp & 0xff; 887 DBG(debug("input: padlen %d", padlen)); 888 if (padlen < 4) 889 packet_disconnect("Corrupted padlen %d on input.", padlen); 890 891 /* skip packet size + padlen, discard padding */ 892 buffer_consume(&incoming_packet, 4 + 1); 893 buffer_consume_end(&incoming_packet, padlen); 894 895 DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet))); 896 if (comp && comp->enabled) { 897 buffer_clear(&compression_buffer); 898 buffer_uncompress(&incoming_packet, &compression_buffer); 899 buffer_clear(&incoming_packet); 900 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 901 buffer_len(&compression_buffer)); 902 DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet))); 903 } 904 /* 905 * get packet type, implies consume. 906 * return length of payload (without type field) 907 */ 908 buffer_get(&incoming_packet, (char *)&buf[0], 1); 909 *payload_len_ptr = buffer_len(&incoming_packet); 910 911 /* reset for next packet */ 912 packet_length = 0; 913 914 /* extract packet type */ 915 type = (unsigned char)buf[0]; 916 917 if (type == SSH2_MSG_NEWKEYS) { 918 if (kex==NULL || mac==NULL || enc==NULL || comp==NULL) 919 fatal("packet_read_poll2: no KEX"); 920 if (mac->md != NULL) 921 mac->enabled = 1; 922 DBG(debug("cipher_set_key_iv receive_context")); 923 cipher_set_key_iv(&receive_context, enc->type, 924 enc->key, enc->key_len, 925 enc->iv, enc->iv_len); 926 clear_enc_keys(enc, kex->we_need); 927 if (comp->type != 0 && comp->enabled == 0) { 928 comp->enabled = 1; 929 if (! packet_compression) 930 packet_start_compression(6); 931 } 932 } 933 934 #ifdef PACKET_DEBUG 935 fprintf(stderr, "read/plain[%d]:\r\n",type); 936 buffer_dump(&incoming_packet); 937 #endif 938 return (unsigned char)type; 939 } 940 941 int 942 packet_read_poll(int *payload_len_ptr) 943 { 944 char *msg; 945 for (;;) { 946 int type = use_ssh2_packet_format ? 947 packet_read_poll2(payload_len_ptr): 948 packet_read_poll1(payload_len_ptr); 949 950 if(compat20) { 951 int reason; 952 if (type != 0) 953 DBG(debug("received packet type %d", type)); 954 switch(type) { 955 case SSH2_MSG_IGNORE: 956 break; 957 case SSH2_MSG_DEBUG: 958 packet_get_char(); 959 msg = packet_get_string(NULL); 960 debug("Remote: %.900s", msg); 961 xfree(msg); 962 msg = packet_get_string(NULL); 963 xfree(msg); 964 break; 965 case SSH2_MSG_DISCONNECT: 966 reason = packet_get_int(); 967 msg = packet_get_string(NULL); 968 log("Received disconnect: %d: %.900s", reason, msg); 969 xfree(msg); 970 fatal_cleanup(); 971 break; 972 default: 973 return type; 974 break; 975 } 976 } else { 977 switch(type) { 978 case SSH_MSG_IGNORE: 979 break; 980 case SSH_MSG_DEBUG: 981 msg = packet_get_string(NULL); 982 debug("Remote: %.900s", msg); 983 xfree(msg); 984 break; 985 case SSH_MSG_DISCONNECT: 986 msg = packet_get_string(NULL); 987 log("Received disconnect: %.900s", msg); 988 fatal_cleanup(); 989 xfree(msg); 990 break; 991 default: 992 if (type != 0) 993 DBG(debug("received packet type %d", type)); 994 return type; 995 break; 996 } 997 } 998 } 999 } 1000 1001 /* 1002 * Buffers the given amount of input characters. This is intended to be used 1003 * together with packet_read_poll. 1004 */ 1005 1006 void 1007 packet_process_incoming(const char *buf, unsigned int len) 1008 { 1009 buffer_append(&input, buf, len); 1010 } 1011 1012 /* Returns a character from the packet. */ 1013 1014 unsigned int 1015 packet_get_char() 1016 { 1017 char ch; 1018 buffer_get(&incoming_packet, &ch, 1); 1019 return (unsigned char) ch; 1020 } 1021 1022 /* Returns an integer from the packet data. */ 1023 1024 unsigned int 1025 packet_get_int() 1026 { 1027 return buffer_get_int(&incoming_packet); 1028 } 1029 1030 /* 1031 * Returns an arbitrary precision integer from the packet data. The integer 1032 * must have been initialized before this call. 1033 */ 1034 1035 void 1036 packet_get_bignum(BIGNUM * value, int *length_ptr) 1037 { 1038 *length_ptr = buffer_get_bignum(&incoming_packet, value); 1039 } 1040 1041 void 1042 packet_get_bignum2(BIGNUM * value, int *length_ptr) 1043 { 1044 *length_ptr = buffer_get_bignum2(&incoming_packet, value); 1045 } 1046 1047 char * 1048 packet_get_raw(int *length_ptr) 1049 { 1050 int bytes = buffer_len(&incoming_packet); 1051 if (length_ptr != NULL) 1052 *length_ptr = bytes; 1053 return buffer_ptr(&incoming_packet); 1054 } 1055 1056 int 1057 packet_remaining(void) 1058 { 1059 return buffer_len(&incoming_packet); 1060 } 1061 1062 /* 1063 * Returns a string from the packet data. The string is allocated using 1064 * xmalloc; it is the responsibility of the calling program to free it when 1065 * no longer needed. The length_ptr argument may be NULL, or point to an 1066 * integer into which the length of the string is stored. 1067 */ 1068 1069 char * 1070 packet_get_string(unsigned int *length_ptr) 1071 { 1072 return buffer_get_string(&incoming_packet, length_ptr); 1073 } 1074 1075 /* 1076 * Sends a diagnostic message from the server to the client. This message 1077 * can be sent at any time (but not while constructing another message). The 1078 * message is printed immediately, but only if the client is being executed 1079 * in verbose mode. These messages are primarily intended to ease debugging 1080 * authentication problems. The length of the formatted message must not 1081 * exceed 1024 bytes. This will automatically call packet_write_wait. 1082 */ 1083 1084 void 1085 packet_send_debug(const char *fmt,...) 1086 { 1087 char buf[1024]; 1088 va_list args; 1089 1090 va_start(args, fmt); 1091 vsnprintf(buf, sizeof(buf), fmt, args); 1092 va_end(args); 1093 1094 if (compat20) { 1095 packet_start(SSH2_MSG_DEBUG); 1096 packet_put_char(0); /* bool: always display */ 1097 packet_put_cstring(buf); 1098 packet_put_cstring(""); 1099 } else { 1100 packet_start(SSH_MSG_DEBUG); 1101 packet_put_cstring(buf); 1102 } 1103 packet_send(); 1104 packet_write_wait(); 1105 } 1106 1107 /* 1108 * Logs the error plus constructs and sends a disconnect packet, closes the 1109 * connection, and exits. This function never returns. The error message 1110 * should not contain a newline. The length of the formatted message must 1111 * not exceed 1024 bytes. 1112 */ 1113 1114 void 1115 packet_disconnect(const char *fmt,...) 1116 { 1117 char buf[1024]; 1118 va_list args; 1119 static int disconnecting = 0; 1120 if (disconnecting) /* Guard against recursive invocations. */ 1121 fatal("packet_disconnect called recursively."); 1122 disconnecting = 1; 1123 1124 /* 1125 * Format the message. Note that the caller must make sure the 1126 * message is of limited size. 1127 */ 1128 va_start(args, fmt); 1129 vsnprintf(buf, sizeof(buf), fmt, args); 1130 va_end(args); 1131 1132 /* Send the disconnect message to the other side, and wait for it to get sent. */ 1133 if (compat20) { 1134 packet_start(SSH2_MSG_DISCONNECT); 1135 packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR); 1136 packet_put_cstring(buf); 1137 packet_put_cstring(""); 1138 } else { 1139 packet_start(SSH_MSG_DISCONNECT); 1140 packet_put_string(buf, strlen(buf)); 1141 } 1142 packet_send(); 1143 packet_write_wait(); 1144 1145 /* Stop listening for connections. */ 1146 channel_stop_listening(); 1147 1148 /* Close the connection. */ 1149 packet_close(); 1150 1151 /* Display the error locally and exit. */ 1152 log("Disconnecting: %.100s", buf); 1153 fatal_cleanup(); 1154 } 1155 1156 /* Checks if there is any buffered output, and tries to write some of the output. */ 1157 1158 void 1159 packet_write_poll() 1160 { 1161 int len = buffer_len(&output); 1162 if (len > 0) { 1163 len = write(connection_out, buffer_ptr(&output), len); 1164 if (len <= 0) { 1165 if (errno == EAGAIN) 1166 return; 1167 else 1168 fatal("Write failed: %.100s", strerror(errno)); 1169 } 1170 buffer_consume(&output, len); 1171 } 1172 } 1173 1174 /* 1175 * Calls packet_write_poll repeatedly until all pending output data has been 1176 * written. 1177 */ 1178 1179 void 1180 packet_write_wait() 1181 { 1182 packet_write_poll(); 1183 while (packet_have_data_to_write()) { 1184 fd_set set; 1185 FD_ZERO(&set); 1186 FD_SET(connection_out, &set); 1187 select(connection_out + 1, NULL, &set, NULL, NULL); 1188 packet_write_poll(); 1189 } 1190 } 1191 1192 /* Returns true if there is buffered data to write to the connection. */ 1193 1194 int 1195 packet_have_data_to_write() 1196 { 1197 return buffer_len(&output) != 0; 1198 } 1199 1200 /* Returns true if there is not too much data to write to the connection. */ 1201 1202 int 1203 packet_not_very_much_data_to_write() 1204 { 1205 if (interactive_mode) 1206 return buffer_len(&output) < 16384; 1207 else 1208 return buffer_len(&output) < 128 * 1024; 1209 } 1210 1211 /* Informs that the current session is interactive. Sets IP flags for that. */ 1212 1213 void 1214 packet_set_interactive(int interactive, int keepalives) 1215 { 1216 int on = 1; 1217 1218 /* Record that we are in interactive mode. */ 1219 interactive_mode = interactive; 1220 1221 /* Only set socket options if using a socket. */ 1222 if (!packet_connection_is_on_socket()) 1223 return; 1224 if (keepalives) { 1225 /* Set keepalives if requested. */ 1226 if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on, 1227 sizeof(on)) < 0) 1228 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 1229 } 1230 /* 1231 * IPTOS_LOWDELAY, TCP_NODELAY and IPTOS_THROUGHPUT are IPv4 only 1232 */ 1233 if (!packet_connection_is_ipv4()) 1234 return; 1235 if (interactive) { 1236 /* 1237 * Set IP options for an interactive connection. Use 1238 * IPTOS_LOWDELAY and TCP_NODELAY. 1239 */ 1240 int lowdelay = IPTOS_LOWDELAY; 1241 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &lowdelay, 1242 sizeof(lowdelay)) < 0) 1243 error("setsockopt IPTOS_LOWDELAY: %.100s", strerror(errno)); 1244 if (setsockopt(connection_in, IPPROTO_TCP, TCP_NODELAY, (void *) &on, 1245 sizeof(on)) < 0) 1246 error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); 1247 } else { 1248 /* 1249 * Set IP options for a non-interactive connection. Use 1250 * IPTOS_THROUGHPUT. 1251 */ 1252 int throughput = IPTOS_THROUGHPUT; 1253 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput, 1254 sizeof(throughput)) < 0) 1255 error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno)); 1256 } 1257 } 1258 1259 /* Returns true if the current connection is interactive. */ 1260 1261 int 1262 packet_is_interactive() 1263 { 1264 return interactive_mode; 1265 } 1266 1267 int 1268 packet_set_maxsize(int s) 1269 { 1270 static int called = 0; 1271 if (called) { 1272 log("packet_set_maxsize: called twice: old %d new %d", 1273 max_packet_size, s); 1274 return -1; 1275 } 1276 if (s < 4 * 1024 || s > 1024 * 1024) { 1277 log("packet_set_maxsize: bad size %d", s); 1278 return -1; 1279 } 1280 log("packet_set_maxsize: setting to %d", s); 1281 max_packet_size = s; 1282 return s; 1283 } 1284