i64 packet_encrypt_sign(u8 *signed_data, u8 *key, u8 *data, i64 size) { u8 *aux_data; if (signed_data && key && data && size >= IPV4_AND_UDP_HEADER_SIZE) { aux_data = malloc(size + NONCE_BYTES); if (aux_data) { i64 auxSize = packet_encrypt(aux_data, key, data, size); i64 rtnSize = packet_sign(signed_data, key, aux_data, auxSize); free(aux_data); return rtnSize; } } return -1; }
static int packet_send2(ssh_session session) { unsigned int blocksize = (session->current_crypto ? session->current_crypto->out_cipher->blocksize : 8); uint32_t currentlen = buffer_get_rest_len(session->out_buffer); unsigned char *hmac = NULL; char padstring[32] = {0}; int rc = SSH_ERROR; uint32_t finallen,payloadsize,compsize; uint8_t padding; payloadsize = currentlen; #ifdef WITH_ZLIB if (session->current_crypto && session->current_crypto->do_compress_out && buffer_get_rest_len(session->out_buffer)) { if (compress_buffer(session,session->out_buffer) < 0) { goto error; } currentlen = buffer_get_rest_len(session->out_buffer); } #endif /* WITH_ZLIB */ compsize = currentlen; padding = (blocksize - ((currentlen +5) % blocksize)); if(padding < 4) { padding += blocksize; } if (session->current_crypto) { ssh_get_random(padstring, padding, 0); } else { memset(padstring,0,padding); } finallen = htonl(currentlen + padding + 1); if (buffer_prepend_data(session->out_buffer, &padding, sizeof(uint8_t)) < 0) { goto error; } if (buffer_prepend_data(session->out_buffer, &finallen, sizeof(uint32_t)) < 0) { goto error; } if (buffer_add_data(session->out_buffer, padstring, padding) < 0) { goto error; } #ifdef WITH_PCAP if(session->pcap_ctx){ ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_OUT, buffer_get_rest(session->out_buffer),buffer_get_rest_len(session->out_buffer) ,buffer_get_rest_len(session->out_buffer)); } #endif hmac = packet_encrypt(session, buffer_get_rest(session->out_buffer), buffer_get_rest_len(session->out_buffer)); if (hmac) { if (buffer_add_data(session->out_buffer, hmac, 20) < 0) { goto error; } } rc = ssh_packet_write(session); session->send_seq++; SSH_LOG(SSH_LOG_PACKET, "packet: wrote [len=%d,padding=%hhd,comp=%d,payload=%d]", ntohl(finallen), padding, compsize, payloadsize); if (buffer_reinit(session->out_buffer) < 0) { rc = SSH_ERROR; } error: return rc; /* SSH_OK, AGAIN or ERROR */ }
static int packet_send2(ssh_session session) { unsigned int blocksize = (session->current_crypto ? session->current_crypto->out_cipher->blocksize : 8); uint32_t currentlen = buffer_get_rest_len(session->out_buffer); unsigned char *hmac = NULL; char padstring[32] = {0}; int rc = SSH_ERROR; uint32_t finallen; uint8_t padding; enter_function(); ssh_log(session, SSH_LOG_PACKET, "Writing on the wire a packet having %u bytes before", currentlen); #if defined(HAVE_LIBZ) && defined(WITH_LIBZ) if (session->current_crypto && session->current_crypto->do_compress_out && buffer_get_rest_len(session->out_buffer)) { ssh_log(session, SSH_LOG_PACKET, "Compressing out_buffer ..."); if (compress_buffer(session,session->out_buffer) < 0) { goto error; } currentlen = buffer_get_rest_len(session->out_buffer); } #endif padding = (blocksize - ((currentlen +5) % blocksize)); if(padding < 4) { padding += blocksize; } if (session->current_crypto) { ssh_get_random(padstring, padding, 0); } else { memset(padstring,0,padding); } finallen = htonl(currentlen + padding + 1); ssh_log(session, SSH_LOG_PACKET, "%d bytes after comp + %d padding bytes = %lu bytes packet", currentlen, padding, (long unsigned int) ntohl(finallen)); if (buffer_prepend_data(session->out_buffer, &padding, sizeof(uint8_t)) < 0) { goto error; } if (buffer_prepend_data(session->out_buffer, &finallen, sizeof(uint32_t)) < 0) { goto error; } if (buffer_add_data(session->out_buffer, padstring, padding) < 0) { goto error; } #ifdef WITH_PCAP if(session->pcap_ctx){ ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_OUT, buffer_get_rest(session->out_buffer),buffer_get_rest_len(session->out_buffer) ,buffer_get_rest_len(session->out_buffer)); } #endif hmac = packet_encrypt(session, buffer_get_rest(session->out_buffer), buffer_get_rest_len(session->out_buffer)); if (hmac) { if (buffer_add_data(session->out_buffer, hmac, 20) < 0) { goto error; } } rc = ssh_packet_write(session); session->send_seq++; if (buffer_reinit(session->out_buffer) < 0) { rc = SSH_ERROR; } error: leave_function(); return rc; /* SSH_OK, AGAIN or ERROR */ }
/* * Create message and header keys, encrypt header and message * and print them. */ int create_and_print_message( buffer_t * const packet, //needs to be 3 + crypto_aead_chacha20poly1305_NPUBBYTES + crypto_aead_chacha20poly1305_ABYTES + crypto_secretbox_NONCEBYTES + message_length + header_length + crypto_secretbox_MACBYTES + 255 const unsigned char packet_type, const unsigned char current_protocol_version, const unsigned char highest_supported_protocol_version, const buffer_t * const message, buffer_t * const message_key, //output, crypto_secretbox_KEYBYTES const buffer_t * const header, buffer_t * const header_key) { //output, crypto_aead_chacha20poly1305_KEYBYTES int status; //create header key status = buffer_fill_random(header_key, crypto_aead_chacha20poly1305_KEYBYTES); if (status != 0) { buffer_clear(header_key); return status; } printf("Header key (%zi Bytes):\n", header_key->content_length); print_hex(header_key); putchar('\n'); //create message key status = buffer_fill_random(message_key, crypto_secretbox_KEYBYTES); if (status != 0) { buffer_clear(header_key); buffer_clear(message_key); return status; } printf("Message key (%zi Bytes):\n", message_key->content_length); print_hex(message_key); putchar('\n'); //print the header (as hex): printf("Header (%zi Bytes):\n", header->content_length); print_hex(header); putchar('\n'); //print the message (as string): printf("Message (%zi Bytes):\n%.*s\n\n", message->content_length, (int)message->content_length, message->content); //now encrypt the message status = packet_encrypt( packet, packet_type, current_protocol_version, highest_supported_protocol_version, header, header_key, message, message_key); if (status != 0) { fprintf(stderr, "ERROR: Failed to encrypt message and header. (%i)\n", status); return status; } //print header nonce buffer_t *header_nonce = buffer_create_with_existing_array(packet->content + 3, crypto_aead_chacha20poly1305_NPUBBYTES); printf("Header Nonce (%zi Bytes):\n", header_nonce->content_length); print_hex(header_nonce); putchar('\n'); //print encrypted packet printf("Encrypted Packet (%zi Bytes):\n", packet->content_length); print_hex(packet); putchar('\n'); return 0; }
static int packet_send1(SSH_SESSION *session) { unsigned int blocksize = (session->current_crypto ? session->current_crypto->out_cipher->blocksize : 8); u32 currentlen = buffer_get_len(session->out_buffer) + sizeof(u32); char padstring[32] = {0}; int rc = SSH_ERROR; u32 finallen; u32 crc; u8 padding; enter_function(); ssh_log(session,SSH_LOG_PACKET,"Sending a %d bytes long packet",currentlen); /* TODO FIXME #if defined(HAVE_LIBZ) && defined(WITH_LIBZ) if (session->current_crypto && session->current_crypto->do_compress_out) { if (compress_buffer(session, session->out_buffer) < 0) { goto error; } currentlen = buffer_get_len(session->out_buffer); } #endif */ padding = blocksize - (currentlen % blocksize); if (session->current_crypto) { ssh_get_random(padstring, padding, 0); } else { memset(padstring, 0, padding); } finallen = htonl(currentlen); ssh_log(session, SSH_LOG_PACKET, "%d bytes after comp + %d padding bytes = %d bytes packet", currentlen, padding, ntohl(finallen)); if (buffer_prepend_data(session->out_buffer, &padstring, padding) < 0) { goto error; } if (buffer_prepend_data(session->out_buffer, &finallen, sizeof(u32)) < 0) { goto error; } crc = ssh_crc32(buffer_get(session->out_buffer) + sizeof(u32), buffer_get_len(session->out_buffer) - sizeof(u32)); if (buffer_add_u32(session->out_buffer, ntohl(crc)) < 0) { goto error; } #ifdef DEBUG_CRYPTO ssh_print_hexa("Clear packet", buffer_get(session->out_buffer), buffer_get_len(session->out_buffer)); #endif packet_encrypt(session, buffer_get(session->out_buffer) + sizeof(u32), buffer_get_len(session->out_buffer) - sizeof(u32)); #ifdef DEBUG_CRYPTO ssh_print_hexa("encrypted packet",buffer_get(session->out_buffer), buffer_get_len(session->out_buffer)); #endif if (ssh_socket_write(session->socket, buffer_get(session->out_buffer), buffer_get_len(session->out_buffer)) == SSH_ERROR) { goto error; } rc = packet_flush(session, 0); session->send_seq++; if (buffer_reinit(session->out_buffer) < 0) { rc = SSH_ERROR; } error: leave_function(); return rc; /* SSH_OK, AGAIN or ERROR */ }