1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * This file contains code implementing the packet protocol and communication 6 * with the other side. This same code is used both on client and server side. 7 * 8 * As far as I am concerned, the code I have written for this software 9 * can be used freely for any purpose. Any derived versions of this 10 * software must be clearly marked as such, and if the derived work is 11 * incompatible with the protocol description in the RFC file, it must be 12 * called by a name other than "ssh" or "Secure Shell". 13 * 14 * 15 * SSH2 packet format added by Markus Friedl. 16 * Copyright (c) 2000 Markus Friedl. All rights reserved. 17 * 18 * Redistribution and use in source and binary forms, with or without 19 * modification, are permitted provided that the following conditions 20 * are met: 21 * 1. Redistributions of source code must retain the above copyright 22 * notice, this list of conditions and the following disclaimer. 23 * 2. Redistributions in binary form must reproduce the above copyright 24 * notice, this list of conditions and the following disclaimer in the 25 * documentation and/or other materials provided with the distribution. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 28 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 30 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 31 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39 #include "includes.h" 40 RCSID("$OpenBSD: packet.c,v 1.38 2000/10/12 14:21:12 markus Exp $"); 41 42 #include "xmalloc.h" 43 #include "buffer.h" 44 #include "packet.h" 45 #include "bufaux.h" 46 #include "ssh.h" 47 #include "crc32.h" 48 #include "getput.h" 49 50 #include "compress.h" 51 #include "deattack.h" 52 #include "channels.h" 53 54 #include "compat.h" 55 #include "ssh2.h" 56 57 #include <openssl/bn.h> 58 #include <openssl/dh.h> 59 #include <openssl/hmac.h> 60 #include "buffer.h" 61 #include "cipher.h" 62 #include "kex.h" 63 #include "hmac.h" 64 65 #ifdef PACKET_DEBUG 66 #define DBG(x) x 67 #else 68 #define DBG(x) 69 #endif 70 71 /* 72 * This variable contains the file descriptors used for communicating with 73 * the other side. connection_in is used for reading; connection_out for 74 * writing. These can be the same descriptor, in which case it is assumed to 75 * be a socket. 76 */ 77 static int connection_in = -1; 78 static int connection_out = -1; 79 80 /* 81 * Cipher type. This value is only used to determine whether to pad the 82 * packets with zeroes or random data. 83 */ 84 static int cipher_type = SSH_CIPHER_NONE; 85 86 /* Protocol flags for the remote side. */ 87 static unsigned int remote_protocol_flags = 0; 88 89 /* Encryption context for receiving data. This is only used for decryption. */ 90 static CipherContext receive_context; 91 92 /* Encryption context for sending data. This is only used for encryption. */ 93 static CipherContext send_context; 94 95 /* Buffer for raw input data from the socket. */ 96 static Buffer input; 97 98 /* Buffer for raw output data going to the socket. */ 99 static Buffer output; 100 101 /* Buffer for the partial outgoing packet being constructed. */ 102 static Buffer outgoing_packet; 103 104 /* Buffer for the incoming packet currently being processed. */ 105 static Buffer incoming_packet; 106 107 /* Scratch buffer for packet compression/decompression. */ 108 static Buffer compression_buffer; 109 110 /* Flag indicating whether packet compression/decompression is enabled. */ 111 static int packet_compression = 0; 112 113 /* default maximum packet size */ 114 int max_packet_size = 32768; 115 116 /* Flag indicating whether this module has been initialized. */ 117 static int initialized = 0; 118 119 /* Set to true if the connection is interactive. */ 120 static int interactive_mode = 0; 121 122 /* True if SSH2 packet format is used */ 123 int use_ssh2_packet_format = 0; 124 125 /* Session key information for Encryption and MAC */ 126 Kex *kex = NULL; 127 128 void 129 packet_set_kex(Kex *k) 130 { 131 if( k->mac[MODE_IN ].key == NULL || 132 k->enc[MODE_IN ].key == NULL || 133 k->enc[MODE_IN ].iv == NULL || 134 k->mac[MODE_OUT].key == NULL || 135 k->enc[MODE_OUT].key == NULL || 136 k->enc[MODE_OUT].iv == NULL) 137 fatal("bad KEX"); 138 kex = k; 139 } 140 void 141 clear_enc_keys(Enc *enc, int len) 142 { 143 memset(enc->iv, 0, len); 144 memset(enc->key, 0, len); 145 xfree(enc->iv); 146 xfree(enc->key); 147 enc->iv = NULL; 148 enc->key = NULL; 149 } 150 void 151 packet_set_ssh2_format(void) 152 { 153 DBG(debug("use_ssh2_packet_format")); 154 use_ssh2_packet_format = 1; 155 } 156 157 /* 158 * Sets the descriptors used for communication. Disables encryption until 159 * packet_set_encryption_key is called. 160 */ 161 void 162 packet_set_connection(int fd_in, int fd_out) 163 { 164 Cipher *none = cipher_by_name("none"); 165 if (none == NULL) 166 fatal("packet_set_connection: cannot load cipher 'none'"); 167 connection_in = fd_in; 168 connection_out = fd_out; 169 cipher_type = SSH_CIPHER_NONE; 170 cipher_init(&send_context, none, (unsigned char *) "", 0, NULL, 0); 171 cipher_init(&receive_context, none, (unsigned char *) "", 0, NULL, 0); 172 if (!initialized) { 173 initialized = 1; 174 buffer_init(&input); 175 buffer_init(&output); 176 buffer_init(&outgoing_packet); 177 buffer_init(&incoming_packet); 178 } 179 /* Kludge: arrange the close function to be called from fatal(). */ 180 fatal_add_cleanup((void (*) (void *)) packet_close, NULL); 181 } 182 183 /* Returns 1 if remote host is connected via socket, 0 if not. */ 184 185 int 186 packet_connection_is_on_socket() 187 { 188 struct sockaddr_storage from, to; 189 socklen_t fromlen, tolen; 190 191 /* filedescriptors in and out are the same, so it's a socket */ 192 if (connection_in == connection_out) 193 return 1; 194 fromlen = sizeof(from); 195 memset(&from, 0, sizeof(from)); 196 if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0) 197 return 0; 198 tolen = sizeof(to); 199 memset(&to, 0, sizeof(to)); 200 if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0) 201 return 0; 202 if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) 203 return 0; 204 if (from.ss_family != AF_INET && from.ss_family != AF_INET6) 205 return 0; 206 return 1; 207 } 208 209 /* returns 1 if connection is via ipv4 */ 210 211 int 212 packet_connection_is_ipv4() 213 { 214 struct sockaddr_storage to; 215 socklen_t tolen = sizeof(to); 216 217 memset(&to, 0, sizeof(to)); 218 if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) 219 return 0; 220 if (to.ss_family != AF_INET) 221 return 0; 222 return 1; 223 } 224 225 /* Sets the connection into non-blocking mode. */ 226 227 void 228 packet_set_nonblocking() 229 { 230 /* Set the socket into non-blocking mode. */ 231 if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0) 232 error("fcntl O_NONBLOCK: %.100s", strerror(errno)); 233 234 if (connection_out != connection_in) { 235 if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0) 236 error("fcntl O_NONBLOCK: %.100s", strerror(errno)); 237 } 238 } 239 240 /* Returns the socket used for reading. */ 241 242 int 243 packet_get_connection_in() 244 { 245 return connection_in; 246 } 247 248 /* Returns the descriptor used for writing. */ 249 250 int 251 packet_get_connection_out() 252 { 253 return connection_out; 254 } 255 256 /* Closes the connection and clears and frees internal data structures. */ 257 258 void 259 packet_close() 260 { 261 if (!initialized) 262 return; 263 initialized = 0; 264 if (connection_in == connection_out) { 265 shutdown(connection_out, SHUT_RDWR); 266 close(connection_out); 267 } else { 268 close(connection_in); 269 close(connection_out); 270 } 271 buffer_free(&input); 272 buffer_free(&output); 273 buffer_free(&outgoing_packet); 274 buffer_free(&incoming_packet); 275 if (packet_compression) { 276 buffer_free(&compression_buffer); 277 buffer_compress_uninit(); 278 } 279 } 280 281 /* Sets remote side protocol flags. */ 282 283 void 284 packet_set_protocol_flags(unsigned int protocol_flags) 285 { 286 remote_protocol_flags = protocol_flags; 287 channel_set_options((protocol_flags & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) != 0); 288 } 289 290 /* Returns the remote protocol flags set earlier by the above function. */ 291 292 unsigned int 293 packet_get_protocol_flags() 294 { 295 return remote_protocol_flags; 296 } 297 298 /* 299 * Starts packet compression from the next packet on in both directions. 300 * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip. 301 */ 302 303 /*** XXXXX todo: kex means re-init */ 304 void 305 packet_start_compression(int level) 306 { 307 if (packet_compression) 308 fatal("Compression already enabled."); 309 packet_compression = 1; 310 buffer_init(&compression_buffer); 311 buffer_compress_init(level); 312 } 313 314 /* 315 * Encrypts the given number of bytes, copying from src to dest. bytes is 316 * known to be a multiple of 8. 317 */ 318 319 void 320 packet_encrypt(CipherContext * cc, void *dest, void *src, 321 unsigned int bytes) 322 { 323 cipher_encrypt(cc, dest, src, bytes); 324 } 325 326 /* 327 * Decrypts the given number of bytes, copying from src to dest. bytes is 328 * known to be a multiple of 8. 329 */ 330 331 void 332 packet_decrypt(CipherContext *context, void *dest, void *src, unsigned int bytes) 333 { 334 /* 335 * Cryptographic attack detector for ssh - Modifications for packet.c 336 * (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com) 337 */ 338 if (!compat20 && 339 context->cipher->number != SSH_CIPHER_NONE && 340 detect_attack(src, bytes, NULL) == DEATTACK_DETECTED) 341 packet_disconnect("crc32 compensation attack: network attack detected"); 342 343 cipher_decrypt(context, dest, src, bytes); 344 } 345 346 /* 347 * Causes any further packets to be encrypted using the given key. The same 348 * key is used for both sending and reception. However, both directions are 349 * encrypted independently of each other. 350 */ 351 352 void 353 packet_set_encryption_key(const unsigned char *key, unsigned int keylen, 354 int number) 355 { 356 Cipher *cipher = cipher_by_number(number); 357 if (cipher == NULL) 358 fatal("packet_set_encryption_key: unknown cipher number %d", number); 359 if (keylen < 20) 360 fatal("packet_set_encryption_key: keylen too small: %d", keylen); 361 cipher_init(&receive_context, cipher, key, keylen, NULL, 0); 362 cipher_init(&send_context, cipher, key, keylen, NULL, 0); 363 } 364 365 /* Starts constructing a packet to send. */ 366 367 void 368 packet_start1(int type) 369 { 370 char buf[9]; 371 372 buffer_clear(&outgoing_packet); 373 memset(buf, 0, 8); 374 buf[8] = type; 375 buffer_append(&outgoing_packet, buf, 9); 376 } 377 378 void 379 packet_start2(int type) 380 { 381 char buf[4+1+1]; 382 383 buffer_clear(&outgoing_packet); 384 memset(buf, 0, sizeof buf); 385 /* buf[0..3] = payload_len; */ 386 /* buf[4] = pad_len; */ 387 buf[5] = type & 0xff; 388 buffer_append(&outgoing_packet, buf, sizeof buf); 389 } 390 391 void 392 packet_start(int type) 393 { 394 DBG(debug("packet_start[%d]",type)); 395 if (use_ssh2_packet_format) 396 packet_start2(type); 397 else 398 packet_start1(type); 399 } 400 401 /* Appends a character to the packet data. */ 402 403 void 404 packet_put_char(int value) 405 { 406 char ch = value; 407 buffer_append(&outgoing_packet, &ch, 1); 408 } 409 410 /* Appends an integer to the packet data. */ 411 412 void 413 packet_put_int(unsigned int value) 414 { 415 buffer_put_int(&outgoing_packet, value); 416 } 417 418 /* Appends a string to packet data. */ 419 420 void 421 packet_put_string(const char *buf, unsigned int len) 422 { 423 buffer_put_string(&outgoing_packet, buf, len); 424 } 425 void 426 packet_put_cstring(const char *str) 427 { 428 buffer_put_string(&outgoing_packet, str, strlen(str)); 429 } 430 431 void 432 packet_put_raw(const char *buf, unsigned int len) 433 { 434 buffer_append(&outgoing_packet, buf, len); 435 } 436 437 438 /* Appends an arbitrary precision integer to packet data. */ 439 440 void 441 packet_put_bignum(BIGNUM * value) 442 { 443 buffer_put_bignum(&outgoing_packet, value); 444 } 445 void 446 packet_put_bignum2(BIGNUM * value) 447 { 448 buffer_put_bignum2(&outgoing_packet, value); 449 } 450 451 /* 452 * Finalizes and sends the packet. If the encryption key has been set, 453 * encrypts the packet before sending. 454 */ 455 456 void 457 packet_send1() 458 { 459 char buf[8], *cp; 460 int i, padding, len; 461 unsigned int checksum; 462 u_int32_t rand = 0; 463 464 /* 465 * If using packet compression, compress the payload of the outgoing 466 * packet. 467 */ 468 if (packet_compression) { 469 buffer_clear(&compression_buffer); 470 /* Skip padding. */ 471 buffer_consume(&outgoing_packet, 8); 472 /* padding */ 473 buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8); 474 buffer_compress(&outgoing_packet, &compression_buffer); 475 buffer_clear(&outgoing_packet); 476 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 477 buffer_len(&compression_buffer)); 478 } 479 /* Compute packet length without padding (add checksum, remove padding). */ 480 len = buffer_len(&outgoing_packet) + 4 - 8; 481 482 /* Insert padding. Initialized to zero in packet_start1() */ 483 padding = 8 - len % 8; 484 if (cipher_type != SSH_CIPHER_NONE) { 485 cp = buffer_ptr(&outgoing_packet); 486 for (i = 0; i < padding; i++) { 487 if (i % 4 == 0) 488 rand = arc4random(); 489 cp[7 - i] = rand & 0xff; 490 rand >>= 8; 491 } 492 } 493 buffer_consume(&outgoing_packet, 8 - padding); 494 495 /* Add check bytes. */ 496 checksum = ssh_crc32((unsigned char *) buffer_ptr(&outgoing_packet), 497 buffer_len(&outgoing_packet)); 498 PUT_32BIT(buf, checksum); 499 buffer_append(&outgoing_packet, buf, 4); 500 501 #ifdef PACKET_DEBUG 502 fprintf(stderr, "packet_send plain: "); 503 buffer_dump(&outgoing_packet); 504 #endif 505 506 /* Append to output. */ 507 PUT_32BIT(buf, len); 508 buffer_append(&output, buf, 4); 509 buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); 510 packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), 511 buffer_len(&outgoing_packet)); 512 513 #ifdef PACKET_DEBUG 514 fprintf(stderr, "encrypted: "); 515 buffer_dump(&output); 516 #endif 517 518 buffer_clear(&outgoing_packet); 519 520 /* 521 * Note that the packet is now only buffered in output. It won\'t be 522 * actually sent until packet_write_wait or packet_write_poll is 523 * called. 524 */ 525 } 526 527 /* 528 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) 529 */ 530 void 531 packet_send2() 532 { 533 unsigned char *macbuf = NULL; 534 char *cp; 535 unsigned int packet_length = 0; 536 unsigned int i, padlen, len; 537 u_int32_t rand = 0; 538 static unsigned int seqnr = 0; 539 int type; 540 Enc *enc = NULL; 541 Mac *mac = NULL; 542 Comp *comp = NULL; 543 int block_size; 544 545 if (kex != NULL) { 546 enc = &kex->enc[MODE_OUT]; 547 mac = &kex->mac[MODE_OUT]; 548 comp = &kex->comp[MODE_OUT]; 549 } 550 block_size = enc ? enc->cipher->block_size : 8; 551 552 cp = buffer_ptr(&outgoing_packet); 553 type = cp[5] & 0xff; 554 555 #ifdef PACKET_DEBUG 556 fprintf(stderr, "plain: "); 557 buffer_dump(&outgoing_packet); 558 #endif 559 560 if (comp && comp->enabled) { 561 len = buffer_len(&outgoing_packet); 562 /* skip header, compress only payload */ 563 buffer_consume(&outgoing_packet, 5); 564 buffer_clear(&compression_buffer); 565 buffer_compress(&outgoing_packet, &compression_buffer); 566 buffer_clear(&outgoing_packet); 567 buffer_append(&outgoing_packet, "\0\0\0\0\0", 5); 568 buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 569 buffer_len(&compression_buffer)); 570 DBG(debug("compression: raw %d compressed %d", len, 571 buffer_len(&outgoing_packet))); 572 } 573 574 /* sizeof (packet_len + pad_len + payload) */ 575 len = buffer_len(&outgoing_packet); 576 577 /* 578 * calc size of padding, alloc space, get random data, 579 * minimum padding is 4 bytes 580 */ 581 padlen = block_size - (len % block_size); 582 if (padlen < 4) 583 padlen += block_size; 584 buffer_append_space(&outgoing_packet, &cp, padlen); 585 if (enc && enc->cipher->number != SSH_CIPHER_NONE) { 586 /* random padding */ 587 for (i = 0; i < padlen; i++) { 588 if (i % 4 == 0) 589 rand = arc4random(); 590 cp[i] = rand & 0xff; 591 rand <<= 8; 592 } 593 } else { 594 /* clear padding */ 595 memset(cp, 0, padlen); 596 } 597 /* packet_length includes payload, padding and padding length field */ 598 packet_length = buffer_len(&outgoing_packet) - 4; 599 cp = buffer_ptr(&outgoing_packet); 600 PUT_32BIT(cp, packet_length); 601 cp[4] = padlen & 0xff; 602 DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); 603 604 /* compute MAC over seqnr and packet(length fields, payload, padding) */ 605 if (mac && mac->enabled) { 606 macbuf = hmac( mac->md, seqnr, 607 (unsigned char *) buffer_ptr(&outgoing_packet), 608 buffer_len(&outgoing_packet), 609 mac->key, mac->key_len 610 ); 611 DBG(debug("done calc MAC out #%d", seqnr)); 612 } 613 /* encrypt packet and append to output buffer. */ 614 buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); 615 packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), 616 buffer_len(&outgoing_packet)); 617 /* append unencrypted MAC */ 618 if (mac && mac->enabled) 619 buffer_append(&output, (char *)macbuf, mac->mac_len); 620 #ifdef PACKET_DEBUG 621 fprintf(stderr, "encrypted: "); 622 buffer_dump(&output); 623 #endif 624 /* increment sequence number for outgoing packets */ 625 if (++seqnr == 0) 626 log("outgoing seqnr wraps around"); 627 buffer_clear(&outgoing_packet); 628 629 if (type == SSH2_MSG_NEWKEYS) { 630 if (kex==NULL || mac==NULL || enc==NULL || comp==NULL) 631 fatal("packet_send2: no KEX"); 632 if (mac->md != NULL) 633 mac->enabled = 1; 634 DBG(debug("cipher_init send_context")); 635 cipher_init(&send_context, enc->cipher, 636 enc->key, enc->cipher->key_len, 637 enc->iv, enc->cipher->block_size); 638 clear_enc_keys(enc, kex->we_need); 639 if (comp->type != 0 && comp->enabled == 0) { 640 comp->enabled = 1; 641 if (! packet_compression) 642 packet_start_compression(6); 643 } 644 } 645 } 646 647 void 648 packet_send() 649 { 650 if (use_ssh2_packet_format) 651 packet_send2(); 652 else 653 packet_send1(); 654 DBG(debug("packet_send done")); 655 } 656 657 /* 658 * Waits until a packet has been received, and returns its type. Note that 659 * no other data is processed until this returns, so this function should not 660 * be used during the interactive session. 661 */ 662 663 int 664 packet_read(int *payload_len_ptr) 665 { 666 int type, len; 667 fd_set set; 668 char buf[8192]; 669 DBG(debug("packet_read()")); 670 671 /* Since we are blocking, ensure that all written packets have been sent. */ 672 packet_write_wait(); 673 674 /* Stay in the loop until we have received a complete packet. */ 675 for (;;) { 676 /* Try to read a packet from the buffer. */ 677 type = packet_read_poll(payload_len_ptr); 678 if (!use_ssh2_packet_format && ( 679 type == SSH_SMSG_SUCCESS 680 || type == SSH_SMSG_FAILURE 681 || type == SSH_CMSG_EOF 682 || type == SSH_CMSG_EXIT_CONFIRMATION)) 683 packet_integrity_check(*payload_len_ptr, 0, type); 684 /* If we got a packet, return it. */ 685 if (type != SSH_MSG_NONE) 686 return type; 687 /* 688 * Otherwise, wait for some data to arrive, add it to the 689 * buffer, and try again. 690 */ 691 FD_ZERO(&set); 692 FD_SET(connection_in, &set); 693 694 /* Wait for some data to arrive. */ 695 select(connection_in + 1, &set, NULL, NULL, NULL); 696 697 /* Read data from the socket. */ 698 len = read(connection_in, buf, sizeof(buf)); 699 if (len == 0) { 700 log("Connection closed by %.200s", get_remote_ipaddr()); 701 fatal_cleanup(); 702 } 703 if (len < 0) 704 fatal("Read from socket failed: %.100s", strerror(errno)); 705 /* Append it to the buffer. */ 706 packet_process_incoming(buf, len); 707 } 708 /* NOTREACHED */ 709 } 710 711 /* 712 * Waits until a packet has been received, verifies that its type matches 713 * that given, and gives a fatal error and exits if there is a mismatch. 714 */ 715 716 void 717 packet_read_expect(int *payload_len_ptr, int expected_type) 718 { 719 int type; 720 721 type = packet_read(payload_len_ptr); 722 if (type != expected_type) 723 packet_disconnect("Protocol error: expected packet type %d, got %d", 724 expected_type, type); 725 } 726 727 /* Checks if a full packet is available in the data received so far via 728 * packet_process_incoming. If so, reads the packet; otherwise returns 729 * SSH_MSG_NONE. This does not wait for data from the connection. 730 * 731 * SSH_MSG_DISCONNECT is handled specially here. Also, 732 * SSH_MSG_IGNORE messages are skipped by this function and are never returned 733 * to higher levels. 734 * 735 * The returned payload_len does include space consumed by: 736 * Packet length 737 * Padding 738 * Packet type 739 * Check bytes 740 */ 741 742 int 743 packet_read_poll1(int *payload_len_ptr) 744 { 745 unsigned int len, padded_len; 746 unsigned char *ucp; 747 char buf[8], *cp; 748 unsigned int checksum, stored_checksum; 749 750 /* Check if input size is less than minimum packet size. */ 751 if (buffer_len(&input) < 4 + 8) 752 return SSH_MSG_NONE; 753 /* Get length of incoming packet. */ 754 ucp = (unsigned char *) buffer_ptr(&input); 755 len = GET_32BIT(ucp); 756 if (len < 1 + 2 + 2 || len > 256 * 1024) 757 packet_disconnect("Bad packet length %d.", len); 758 padded_len = (len + 8) & ~7; 759 760 /* Check if the packet has been entirely received. */ 761 if (buffer_len(&input) < 4 + padded_len) 762 return SSH_MSG_NONE; 763 764 /* The entire packet is in buffer. */ 765 766 /* Consume packet length. */ 767 buffer_consume(&input, 4); 768 769 /* Copy data to incoming_packet. */ 770 buffer_clear(&incoming_packet); 771 buffer_append_space(&incoming_packet, &cp, padded_len); 772 packet_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len); 773 buffer_consume(&input, padded_len); 774 775 #ifdef PACKET_DEBUG 776 fprintf(stderr, "read_poll plain: "); 777 buffer_dump(&incoming_packet); 778 #endif 779 780 /* Compute packet checksum. */ 781 checksum = ssh_crc32((unsigned char *) buffer_ptr(&incoming_packet), 782 buffer_len(&incoming_packet) - 4); 783 784 /* Skip padding. */ 785 buffer_consume(&incoming_packet, 8 - len % 8); 786 787 /* Test check bytes. */ 788 789 if (len != buffer_len(&incoming_packet)) 790 packet_disconnect("packet_read_poll: len %d != buffer_len %d.", 791 len, buffer_len(&incoming_packet)); 792 793 ucp = (unsigned char *) buffer_ptr(&incoming_packet) + len - 4; 794 stored_checksum = GET_32BIT(ucp); 795 if (checksum != stored_checksum) 796 packet_disconnect("Corrupted check bytes on input."); 797 buffer_consume_end(&incoming_packet, 4); 798 799 /* If using packet compression, decompress the packet. */ 800 if (packet_compression) { 801 buffer_clear(&compression_buffer); 802 buffer_uncompress(&incoming_packet, &compression_buffer); 803 buffer_clear(&incoming_packet); 804 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 805 buffer_len(&compression_buffer)); 806 } 807 /* Get packet type. */ 808 buffer_get(&incoming_packet, &buf[0], 1); 809 810 /* Return length of payload (without type field). */ 811 *payload_len_ptr = buffer_len(&incoming_packet); 812 813 /* Return type. */ 814 return (unsigned char) buf[0]; 815 } 816 817 int 818 packet_read_poll2(int *payload_len_ptr) 819 { 820 unsigned int padlen, need; 821 unsigned char buf[8], *macbuf; 822 unsigned char *ucp; 823 char *cp; 824 static unsigned int packet_length = 0; 825 static unsigned int seqnr = 0; 826 int type; 827 int maclen, block_size; 828 Enc *enc = NULL; 829 Mac *mac = NULL; 830 Comp *comp = NULL; 831 832 if (kex != NULL) { 833 enc = &kex->enc[MODE_IN]; 834 mac = &kex->mac[MODE_IN]; 835 comp = &kex->comp[MODE_IN]; 836 } 837 maclen = mac && mac->enabled ? mac->mac_len : 0; 838 block_size = enc ? enc->cipher->block_size : 8; 839 840 if (packet_length == 0) { 841 /* 842 * check if input size is less than the cipher block size, 843 * decrypt first block and extract length of incoming packet 844 */ 845 if (buffer_len(&input) < block_size) 846 return SSH_MSG_NONE; 847 buffer_clear(&incoming_packet); 848 buffer_append_space(&incoming_packet, &cp, block_size); 849 packet_decrypt(&receive_context, cp, buffer_ptr(&input), 850 block_size); 851 ucp = (unsigned char *) buffer_ptr(&incoming_packet); 852 packet_length = GET_32BIT(ucp); 853 if (packet_length < 1 + 4 || packet_length > 256 * 1024) { 854 buffer_dump(&incoming_packet); 855 packet_disconnect("Bad packet length %d.", packet_length); 856 } 857 DBG(debug("input: packet len %d", packet_length+4)); 858 buffer_consume(&input, block_size); 859 } 860 /* we have a partial packet of block_size bytes */ 861 need = 4 + packet_length - block_size; 862 DBG(debug("partial packet %d, need %d, maclen %d", block_size, 863 need, maclen)); 864 if (need % block_size != 0) 865 fatal("padding error: need %d block %d mod %d", 866 need, block_size, need % block_size); 867 /* 868 * check if the entire packet has been received and 869 * decrypt into incoming_packet 870 */ 871 if (buffer_len(&input) < need + maclen) 872 return SSH_MSG_NONE; 873 #ifdef PACKET_DEBUG 874 fprintf(stderr, "read_poll enc/full: "); 875 buffer_dump(&input); 876 #endif 877 buffer_append_space(&incoming_packet, &cp, need); 878 packet_decrypt(&receive_context, cp, buffer_ptr(&input), need); 879 buffer_consume(&input, need); 880 /* 881 * compute MAC over seqnr and packet, 882 * increment sequence number for incoming packet 883 */ 884 if (mac && mac->enabled) { 885 macbuf = hmac( mac->md, seqnr, 886 (unsigned char *) buffer_ptr(&incoming_packet), 887 buffer_len(&incoming_packet), 888 mac->key, mac->key_len 889 ); 890 if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) 891 packet_disconnect("Corrupted MAC on input."); 892 DBG(debug("MAC #%d ok", seqnr)); 893 buffer_consume(&input, mac->mac_len); 894 } 895 if (++seqnr == 0) 896 log("incoming seqnr wraps around"); 897 898 /* get padlen */ 899 cp = buffer_ptr(&incoming_packet) + 4; 900 padlen = *cp & 0xff; 901 DBG(debug("input: padlen %d", padlen)); 902 if (padlen < 4) 903 packet_disconnect("Corrupted padlen %d on input.", padlen); 904 905 /* skip packet size + padlen, discard padding */ 906 buffer_consume(&incoming_packet, 4 + 1); 907 buffer_consume_end(&incoming_packet, padlen); 908 909 DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet))); 910 if (comp && comp->enabled) { 911 buffer_clear(&compression_buffer); 912 buffer_uncompress(&incoming_packet, &compression_buffer); 913 buffer_clear(&incoming_packet); 914 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 915 buffer_len(&compression_buffer)); 916 DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet))); 917 } 918 /* 919 * get packet type, implies consume. 920 * return length of payload (without type field) 921 */ 922 buffer_get(&incoming_packet, (char *)&buf[0], 1); 923 *payload_len_ptr = buffer_len(&incoming_packet); 924 925 /* reset for next packet */ 926 packet_length = 0; 927 928 /* extract packet type */ 929 type = (unsigned char)buf[0]; 930 931 if (type == SSH2_MSG_NEWKEYS) { 932 if (kex==NULL || mac==NULL || enc==NULL || comp==NULL) 933 fatal("packet_read_poll2: no KEX"); 934 if (mac->md != NULL) 935 mac->enabled = 1; 936 DBG(debug("cipher_init receive_context")); 937 cipher_init(&receive_context, enc->cipher, 938 enc->key, enc->cipher->key_len, 939 enc->iv, enc->cipher->block_size); 940 clear_enc_keys(enc, kex->we_need); 941 if (comp->type != 0 && comp->enabled == 0) { 942 comp->enabled = 1; 943 if (! packet_compression) 944 packet_start_compression(6); 945 } 946 } 947 948 #ifdef PACKET_DEBUG 949 fprintf(stderr, "read/plain[%d]:\r\n",type); 950 buffer_dump(&incoming_packet); 951 #endif 952 return (unsigned char)type; 953 } 954 955 int 956 packet_read_poll(int *payload_len_ptr) 957 { 958 char *msg; 959 for (;;) { 960 int type = use_ssh2_packet_format ? 961 packet_read_poll2(payload_len_ptr): 962 packet_read_poll1(payload_len_ptr); 963 964 if(compat20) { 965 int reason; 966 if (type != 0) 967 DBG(debug("received packet type %d", type)); 968 switch(type) { 969 case SSH2_MSG_IGNORE: 970 break; 971 case SSH2_MSG_DEBUG: 972 packet_get_char(); 973 msg = packet_get_string(NULL); 974 debug("Remote: %.900s", msg); 975 xfree(msg); 976 msg = packet_get_string(NULL); 977 xfree(msg); 978 break; 979 case SSH2_MSG_DISCONNECT: 980 reason = packet_get_int(); 981 msg = packet_get_string(NULL); 982 log("Received disconnect: %d: %.900s", reason, msg); 983 xfree(msg); 984 fatal_cleanup(); 985 break; 986 default: 987 return type; 988 break; 989 } 990 } else { 991 switch(type) { 992 case SSH_MSG_IGNORE: 993 break; 994 case SSH_MSG_DEBUG: 995 msg = packet_get_string(NULL); 996 debug("Remote: %.900s", msg); 997 xfree(msg); 998 break; 999 case SSH_MSG_DISCONNECT: 1000 msg = packet_get_string(NULL); 1001 log("Received disconnect: %.900s", msg); 1002 fatal_cleanup(); 1003 xfree(msg); 1004 break; 1005 default: 1006 if (type != 0) 1007 DBG(debug("received packet type %d", type)); 1008 return type; 1009 break; 1010 } 1011 } 1012 } 1013 } 1014 1015 /* 1016 * Buffers the given amount of input characters. This is intended to be used 1017 * together with packet_read_poll. 1018 */ 1019 1020 void 1021 packet_process_incoming(const char *buf, unsigned int len) 1022 { 1023 buffer_append(&input, buf, len); 1024 } 1025 1026 /* Returns a character from the packet. */ 1027 1028 unsigned int 1029 packet_get_char() 1030 { 1031 char ch; 1032 buffer_get(&incoming_packet, &ch, 1); 1033 return (unsigned char) ch; 1034 } 1035 1036 /* Returns an integer from the packet data. */ 1037 1038 unsigned int 1039 packet_get_int() 1040 { 1041 return buffer_get_int(&incoming_packet); 1042 } 1043 1044 /* 1045 * Returns an arbitrary precision integer from the packet data. The integer 1046 * must have been initialized before this call. 1047 */ 1048 1049 void 1050 packet_get_bignum(BIGNUM * value, int *length_ptr) 1051 { 1052 *length_ptr = buffer_get_bignum(&incoming_packet, value); 1053 } 1054 1055 void 1056 packet_get_bignum2(BIGNUM * value, int *length_ptr) 1057 { 1058 *length_ptr = buffer_get_bignum2(&incoming_packet, value); 1059 } 1060 1061 char * 1062 packet_get_raw(int *length_ptr) 1063 { 1064 int bytes = buffer_len(&incoming_packet); 1065 if (length_ptr != NULL) 1066 *length_ptr = bytes; 1067 return buffer_ptr(&incoming_packet); 1068 } 1069 1070 int 1071 packet_remaining(void) 1072 { 1073 return buffer_len(&incoming_packet); 1074 } 1075 1076 /* 1077 * Returns a string from the packet data. The string is allocated using 1078 * xmalloc; it is the responsibility of the calling program to free it when 1079 * no longer needed. The length_ptr argument may be NULL, or point to an 1080 * integer into which the length of the string is stored. 1081 */ 1082 1083 char * 1084 packet_get_string(unsigned int *length_ptr) 1085 { 1086 return buffer_get_string(&incoming_packet, length_ptr); 1087 } 1088 1089 /* 1090 * Sends a diagnostic message from the server to the client. This message 1091 * can be sent at any time (but not while constructing another message). The 1092 * message is printed immediately, but only if the client is being executed 1093 * in verbose mode. These messages are primarily intended to ease debugging 1094 * authentication problems. The length of the formatted message must not 1095 * exceed 1024 bytes. This will automatically call packet_write_wait. 1096 */ 1097 1098 void 1099 packet_send_debug(const char *fmt,...) 1100 { 1101 char buf[1024]; 1102 va_list args; 1103 1104 va_start(args, fmt); 1105 vsnprintf(buf, sizeof(buf), fmt, args); 1106 va_end(args); 1107 1108 if (compat20) { 1109 packet_start(SSH2_MSG_DEBUG); 1110 packet_put_char(0); /* bool: always display */ 1111 packet_put_cstring(buf); 1112 packet_put_cstring(""); 1113 } else { 1114 packet_start(SSH_MSG_DEBUG); 1115 packet_put_cstring(buf); 1116 } 1117 packet_send(); 1118 packet_write_wait(); 1119 } 1120 1121 /* 1122 * Logs the error plus constructs and sends a disconnect packet, closes the 1123 * connection, and exits. This function never returns. The error message 1124 * should not contain a newline. The length of the formatted message must 1125 * not exceed 1024 bytes. 1126 */ 1127 1128 void 1129 packet_disconnect(const char *fmt,...) 1130 { 1131 char buf[1024]; 1132 va_list args; 1133 static int disconnecting = 0; 1134 if (disconnecting) /* Guard against recursive invocations. */ 1135 fatal("packet_disconnect called recursively."); 1136 disconnecting = 1; 1137 1138 /* 1139 * Format the message. Note that the caller must make sure the 1140 * message is of limited size. 1141 */ 1142 va_start(args, fmt); 1143 vsnprintf(buf, sizeof(buf), fmt, args); 1144 va_end(args); 1145 1146 /* Send the disconnect message to the other side, and wait for it to get sent. */ 1147 if (compat20) { 1148 packet_start(SSH2_MSG_DISCONNECT); 1149 packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR); 1150 packet_put_cstring(buf); 1151 packet_put_cstring(""); 1152 } else { 1153 packet_start(SSH_MSG_DISCONNECT); 1154 packet_put_string(buf, strlen(buf)); 1155 } 1156 packet_send(); 1157 packet_write_wait(); 1158 1159 /* Stop listening for connections. */ 1160 channel_stop_listening(); 1161 1162 /* Close the connection. */ 1163 packet_close(); 1164 1165 /* Display the error locally and exit. */ 1166 log("Disconnecting: %.100s", buf); 1167 fatal_cleanup(); 1168 } 1169 1170 /* Checks if there is any buffered output, and tries to write some of the output. */ 1171 1172 void 1173 packet_write_poll() 1174 { 1175 int len = buffer_len(&output); 1176 if (len > 0) { 1177 len = write(connection_out, buffer_ptr(&output), len); 1178 if (len <= 0) { 1179 if (errno == EAGAIN) 1180 return; 1181 else 1182 fatal("Write failed: %.100s", strerror(errno)); 1183 } 1184 buffer_consume(&output, len); 1185 } 1186 } 1187 1188 /* 1189 * Calls packet_write_poll repeatedly until all pending output data has been 1190 * written. 1191 */ 1192 1193 void 1194 packet_write_wait() 1195 { 1196 packet_write_poll(); 1197 while (packet_have_data_to_write()) { 1198 fd_set set; 1199 FD_ZERO(&set); 1200 FD_SET(connection_out, &set); 1201 select(connection_out + 1, NULL, &set, NULL, NULL); 1202 packet_write_poll(); 1203 } 1204 } 1205 1206 /* Returns true if there is buffered data to write to the connection. */ 1207 1208 int 1209 packet_have_data_to_write() 1210 { 1211 return buffer_len(&output) != 0; 1212 } 1213 1214 /* Returns true if there is not too much data to write to the connection. */ 1215 1216 int 1217 packet_not_very_much_data_to_write() 1218 { 1219 if (interactive_mode) 1220 return buffer_len(&output) < 16384; 1221 else 1222 return buffer_len(&output) < 128 * 1024; 1223 } 1224 1225 /* Informs that the current session is interactive. Sets IP flags for that. */ 1226 1227 void 1228 packet_set_interactive(int interactive, int keepalives) 1229 { 1230 int on = 1; 1231 1232 /* Record that we are in interactive mode. */ 1233 interactive_mode = interactive; 1234 1235 /* Only set socket options if using a socket. */ 1236 if (!packet_connection_is_on_socket()) 1237 return; 1238 if (keepalives) { 1239 /* Set keepalives if requested. */ 1240 if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on, 1241 sizeof(on)) < 0) 1242 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 1243 } 1244 /* 1245 * IPTOS_LOWDELAY, TCP_NODELAY and IPTOS_THROUGHPUT are IPv4 only 1246 */ 1247 if (!packet_connection_is_ipv4()) 1248 return; 1249 if (interactive) { 1250 /* 1251 * Set IP options for an interactive connection. Use 1252 * IPTOS_LOWDELAY and TCP_NODELAY. 1253 */ 1254 int lowdelay = IPTOS_LOWDELAY; 1255 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &lowdelay, 1256 sizeof(lowdelay)) < 0) 1257 error("setsockopt IPTOS_LOWDELAY: %.100s", strerror(errno)); 1258 if (setsockopt(connection_in, IPPROTO_TCP, TCP_NODELAY, (void *) &on, 1259 sizeof(on)) < 0) 1260 error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); 1261 } else { 1262 /* 1263 * Set IP options for a non-interactive connection. Use 1264 * IPTOS_THROUGHPUT. 1265 */ 1266 int throughput = IPTOS_THROUGHPUT; 1267 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput, 1268 sizeof(throughput)) < 0) 1269 error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno)); 1270 } 1271 } 1272 1273 /* Returns true if the current connection is interactive. */ 1274 1275 int 1276 packet_is_interactive() 1277 { 1278 return interactive_mode; 1279 } 1280 1281 int 1282 packet_set_maxsize(int s) 1283 { 1284 static int called = 0; 1285 if (called) { 1286 log("packet_set_maxsize: called twice: old %d new %d", 1287 max_packet_size, s); 1288 return -1; 1289 } 1290 if (s < 4 * 1024 || s > 1024 * 1024) { 1291 log("packet_set_maxsize: bad size %d", s); 1292 return -1; 1293 } 1294 log("packet_set_maxsize: setting to %d", s); 1295 max_packet_size = s; 1296 return s; 1297 } 1298