/* Notification that our channel open request failed */
void recv_msg_channel_open_failure() {
unsigned int chan;
struct Channel * channel;
chan = buf_getbyte(ses.payload);
channel = getchannel(chan);
if (channel == NULL) {
dropbear_exit("Unknown channel");
}
closechannel(channel);
}
/* fails fatally */
static void check_signkey_bits(enum signkey_type type, int bits)
{
switch (type) {
#ifdef DROPBEAR_RSA
case DROPBEAR_SIGNKEY_RSA:
if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
" multiple of 8\n");
}
break;
#endif
#ifdef DROPEAR_DSS
case DROPBEAR_SIGNKEY_DSS:
if (bits != 1024) {
dropbear_exit("DSS keys have a fixed size of 1024 bits\n");
exit(EXIT_FAILURE);
}
#endif
default:
(void)0; /* quiet, compiler. ecdsa handles checks itself */
}
}
void m_mp_init_multi(mp_int *mp, ...)
{
mp_int* cur_arg = mp;
va_list args;
va_start(args, mp); /* init args to next argument from caller */
while (cur_arg != NULL) {
if (mp_init(cur_arg) != MP_OKAY) {
dropbear_exit("mem alloc error");
}
cur_arg = va_arg(args, mp_int*);
}
va_end(args);
}
/* process a packet, and also check that auth has been done */
static void process_postauth_packet(unsigned int type) {
/* messages following here require userauth before use */
if (!ses.authstate.authdone) {
dropbear_exit("received message %d before userauth", type);
}
switch (type) {
case SSH_MSG_CHANNEL_DATA:
recv_msg_channel_data();
break;
case SSH_MSG_CHANNEL_WINDOW_ADJUST:
recv_msg_channel_window_adjust();
break;
case SSH_MSG_CHANNEL_REQUEST:
recv_msg_channel_request();
break;
case SSH_MSG_CHANNEL_OPEN:
recv_msg_channel_open();
break;
case SSH_MSG_CHANNEL_EOF:
recv_msg_channel_eof();
break;
case SSH_MSG_CHANNEL_CLOSE:
recv_msg_channel_close();
break;
#ifdef USE_LISTENERS /* for x11, tcp fwd etc */
case SSH_MSG_CHANNEL_OPEN_CONFIRMATION:
recv_msg_channel_open_confirmation();
break;
case SSH_MSG_CHANNEL_OPEN_FAILURE:
recv_msg_channel_open_failure();
break;
#endif
default:
TRACE(("unknown packet()"));
recv_unimplemented();
break;
}
}
void svr_session(int sock, int childpipe,
char* remotehost, char *addrstring) {
struct timeval timeout;
reseedrandom();
crypto_init();
common_session_init(sock, remotehost);
/* Initialise server specific parts of the session */
svr_ses.childpipe = childpipe;
svr_ses.addrstring = addrstring;
svr_authinitialise();
chaninitialise(svr_chantypes);
svr_chansessinitialise();
if (gettimeofday(&timeout, 0) < 0) {
dropbear_exit("Error getting time");
}
ses.connecttimeout = timeout.tv_sec + AUTH_TIMEOUT;
/* set up messages etc */
ses.remoteclosed = svr_remoteclosed;
/* packet handlers */
ses.packettypes = svr_packettypes;
ses.buf_match_algo = svr_buf_match_algo;
ses.isserver = 1;
/* We're ready to go now */
sessinitdone = 1;
/* exchange identification, version etc */
session_identification();
/* start off with key exchange */
send_msg_kexinit();
/* Run the main for loop. NULL is for the dispatcher - only the client
* code makes use of it */
session_loop(NULL);
/* Not reached */
}
/* Set up the general chansession environment, in particular child-exit
* handling */
void chansessinitialise() {
struct sigaction sa_chld;
/* single child process intially */
ses.childpids = (struct ChildPid*)m_malloc(sizeof(struct ChildPid));
ses.childpids[0].pid = -1; /* unused */
ses.childpids[0].chansess = NULL;
ses.childpidsize = 1;
sa_chld.sa_handler = sesssigchild_handler;
sa_chld.sa_flags = SA_NOCLDSTOP;
if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) {
dropbear_exit("signal() error");
}
}
/* add a new environment variable, allocating space for the entry */
void addnewvar(const char* param, const char* var) {
char* newvar;
int plen, vlen;
plen = strlen(param);
vlen = strlen(var);
newvar = m_malloc(plen + vlen + 2); /* 2 is for '=' and '\0' */
memcpy(newvar, param, plen);
newvar[plen] = '=';
memcpy(&newvar[plen+1], var, vlen);
newvar[plen+vlen+1] = '\0';
if (putenv(newvar) < 0) {
dropbear_exit("environ error");
}
}
/* when we receive channel data, put it in a buffer for writing to the program/
* shell etc */
void recv_msg_channel_data() {
unsigned int chan;
struct Channel * channel;
unsigned int datalen;
unsigned int pos;
unsigned int maxdata;
TRACE(("enter recv_msg_channel_data"));
chan = buf_getint(ses.payload);
channel = getchannel(chan);
if (channel == NULL) {
/* disconnect ? */
dropbear_exit("Unknown channel");
}
assert(channel->infd != -1);
datalen = buf_getint(ses.payload);
/* if the client is going to send us more data than we've allocated, then
* it has ignored the windowsize, so we "MAY ignore all extra data" */
maxdata = channel->writebuf->size - channel->writebuf->pos;
if (datalen > maxdata) {
TRACE(("Warning: recv_msg_channel_data: extra data past window"));
datalen = maxdata;
}
/* write to the buffer - we always append to the end of the buffer */
pos = channel->writebuf->pos;
buf_setpos(channel->writebuf, channel->writebuf->len);
memcpy(buf_getwriteptr(channel->writebuf, datalen),
buf_getptr(ses.payload, datalen), datalen);
buf_incrwritepos(channel->writebuf, datalen);
buf_setpos(channel->writebuf, pos); /* revert pos */
channel->recvwindow -= datalen;
/* if (channel->recvwindow < RECV_MINWINDOW) {
send_msg_channel_window_adjust(channel,
RECV_MAXWINDOW - channel->recvwindow);
channel->recvwindow = RECV_MAXWINDOW;
}*/
TRACE(("leave recv_msg_channel_data"));
}
/* mostly taken from libtomcrypt's rsa key generation routine */
dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
dropbear_rsa_key * key;
DEF_MP_INT(pminus);
DEF_MP_INT(qminus);
DEF_MP_INT(lcm);
if (size < 512 || size > 4096 || (size % 8 != 0)) {
dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
" multiple of 8");
}
key = m_malloc(sizeof(*key));
m_mp_alloc_init_multi(&key->e, &key->n, &key->d, &key->p, &key->q, NULL);
m_mp_init_multi(&pminus, &lcm, &qminus, NULL);
if (mp_set_int(key->e, RSA_E) != MP_OKAY) {
fprintf(stderr, "RSA generation failed\n");
exit(1);
}
getrsaprime(key->p, &pminus, key->e, size/16);
getrsaprime(key->q, &qminus, key->e, size/16);
if (mp_mul(key->p, key->q, key->n) != MP_OKAY) {
fprintf(stderr, "RSA generation failed\n");
exit(1);
}
/* lcm(p-1, q-1) */
if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) {
fprintf(stderr, "RSA generation failed\n");
exit(1);
}
/* de = 1 mod lcm(p-1,q-1) */
/* therefore d = (e^-1) mod lcm(p-1,q-1) */
if (mp_invmod(key->e, &lcm, key->d) != MP_OKAY) {
fprintf(stderr, "RSA generation failed\n");
exit(1);
}
mp_clear_multi(&pminus, &qminus, &lcm, NULL);
return key;
}
/* hash the current random pool with some unique identifiers
* for this process and point-in-time. this is used to separate
* the random pools for fork()ed processes. */
void reseedrandom() {
pid_t pid;
hash_state hs;
struct timeval tv;
if (!donerandinit) {
dropbear_exit("seedrandom not done");
}
pid = getpid();
gettimeofday(&tv, NULL);
sha1_init(&hs);
sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
sha1_process(&hs, (void*)&pid, sizeof(pid));
sha1_process(&hs, (void*)&tv, sizeof(tv));
sha1_done(&hs, hashpool);
}
/* Return a null-terminated string, it is malloced, so must be free()ed
* Note that the string isn't checked for null bytes, hence the retlen
* may be longer than what is returned by strlen */
char* buf_getstring(buffer* buf, unsigned int *retlen) {
unsigned int len;
char* ret;
len = buf_getint(buf);
if (len > MAX_STRING_LEN) {
dropbear_exit("String too long");
}
if (retlen != NULL) {
*retlen = len;
}
ret = m_malloc(len+1);
memcpy(ret, buf_getptr(buf, len), len);
buf_incrpos(buf, len);
ret[len] = '\0';
return ret;
}
static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
char * ex_cmd = NULL;
size_t ex_cmdlen;
int ret;
fill_passwd(cli_opts.own_user);
ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */
ex_cmd = m_malloc(ex_cmdlen);
snprintf(ex_cmd, ex_cmdlen, "exec %s", cli_opts.proxycmd);
ret = spawn_command(exec_proxy_cmd, ex_cmd,
sock_out, sock_in, NULL, pid_out);
m_free(ex_cmd);
if (ret == DROPBEAR_FAILURE) {
dropbear_exit("Failed running proxy command");
*sock_in = *sock_out = -1;
}
}
/* Confirmation that our channel open request (for forwardings) was
* successful*/
void recv_msg_channel_open_confirmation() {
unsigned int chan;
struct Channel * channel;
TRACE(("enter recv_msg_channel_open_confirmation"));
chan = buf_getint(ses.payload);
channel = getchannel(chan);
if (channel == NULL) {
dropbear_exit("Unknown channel");
}
channel->remotechan = buf_getint(ses.payload);
channel->transwindow = buf_getint(ses.payload);
channel->transmaxpacket = buf_getint(ses.payload);
TRACE(("leave recv_msg_channel_open_confirmation"));
}
int cli_main(int argc, char ** argv) {
#else
int main(int argc, char ** argv) {
#endif
int sock_in, sock_out;
struct dropbear_progress_connection *progress = NULL;
_dropbear_exit = cli_dropbear_exit;
_dropbear_log = cli_dropbear_log;
disallow_core();
seedrandom();
crypto_init();
cli_getopts(argc, argv);
TRACE(("user='******' host='%s' port='%s'", cli_opts.username,
cli_opts.remotehost, cli_opts.remoteport))
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
dropbear_exit("signal() error");
}
#ifdef ENABLE_CLI_PROXYCMD
if (cli_opts.proxycmd) {
cli_proxy_cmd(&sock_in, &sock_out);
m_free(cli_opts.proxycmd);
} else
#endif
{
progress = connect_remote(cli_opts.ipfamily, cli_opts.remotehost,
cli_opts.remoteport, cli_connected, &ses);
sock_in = sock_out = -1;
}
cli_session(sock_in, sock_out, progress);
/* not reached */
return -1;
}
/* Handle a diffie-hellman key exchange initialisation. This involves
* calculating a session key reply value, and corresponding hash. These
* are carried out by send_msg_kexdh_reply(). recv_msg_kexdh_init() calls
* that function, then brings the new keys into use */
void recv_msg_kexdh_init() {
mp_int dh_e;
TRACE(("enter recv_msg_kexdh_init"));
if (!ses.kexstate.recvkexinit) {
dropbear_exit("Premature kexdh_init message received");
}
m_mp_init(&dh_e);
buf_getmpint(ses.payload, &dh_e);
send_msg_kexdh_reply(&dh_e);
mp_clear(&dh_e);
send_msg_newkeys();
ses.expecting = SSH_MSG_NEWKEYS;
TRACE(("leave recv_msg_kexdh_init"));
}
/* compresses len bytes from src, outputting to dest (starting from the
* respective current positions. */
static void buf_compress(buffer * dest, buffer * src, unsigned int len) {
unsigned int endpos = src->pos + len;
int result;
TRACE(("enter buf_compress"));
while (1) {
ses.keys->trans_zstream->avail_in = endpos - src->pos;
ses.keys->trans_zstream->next_in =
buf_getptr(src, ses.keys->trans_zstream->avail_in);
ses.keys->trans_zstream->avail_out = dest->size - dest->pos;
ses.keys->trans_zstream->next_out =
buf_getwriteptr(dest, ses.keys->trans_zstream->avail_out);
result = deflate(ses.keys->trans_zstream, Z_SYNC_FLUSH);
buf_setpos(src, endpos - ses.keys->trans_zstream->avail_in);
buf_setlen(dest, dest->size - ses.keys->trans_zstream->avail_out);
buf_setpos(dest, dest->len);
if (result != Z_OK) {
dropbear_exit("zlib error");
}
if (ses.keys->trans_zstream->avail_in == 0) {
break;
}
assert(ses.keys->trans_zstream->avail_out == 0);
/* the buffer has been filled, we must extend. This only happens in
* unusual circumstances where the data grows in size after deflate(),
* but it is possible */
buf_resize(dest, dest->size + ZLIB_COMPRESS_INCR);
}
TRACE(("leave buf_compress"));
}
dropbear_dss_key * gen_dss_priv_key(unsigned int size) {
dropbear_dss_key *key;
if (size != 1024) {
dropbear_exit("DSS keys have a fixed size of 1024 bits");
}
key = m_malloc(sizeof(*key));
m_mp_alloc_init_multi(&key->p, &key->q, &key->g, &key->y, &key->x, NULL);
getq(key);
getp(key, size/8);
getg(key);
getx(key);
gety(key);
return key;
}
/* Increment the outgoing data window for a channel - the remote end limits
* the amount of data which may be transmitted, this window is decremented
* as data is sent, and incremented upon receiving window-adjust messages */
void recv_msg_channel_window_adjust() {
unsigned int chan;
struct Channel * channel;
unsigned int incr;
chan = buf_getint(ses.payload);
channel = getchannel(chan);
if (channel == NULL) {
dropbear_exit("Unknown channel"); /* TODO - disconnect */
}
incr = buf_getint(ses.payload);
TRACE(("received window increment %d", incr));
incr = MIN(incr, MAX_TRANS_WIN_INCR);
channel->transwindow += incr;
channel->transwindow = MIN(channel->transwindow, MAX_TRANS_WINDOW);
}
/* Create (malloc) a new buffer of size */
buffer* buf_new(unsigned int size) {
buffer* buf;
if (size > BUF_MAX_SIZE) {
dropbear_exit("buf->size too big");
}
buf = (buffer*)m_malloc(sizeof(buffer)+size);
if (size > 0) {
buf->data = (unsigned char*)buf + sizeof(buffer);
} else {
buf->data = NULL;
}
buf->size = size;
return buf;
}
/* non-blocking function writing out a current encrypted packet */
void write_packet() {
int len, written;
buffer * writebuf;
TRACE(("enter write_packet"));
assert(!isempty(&ses.writequeue));
/* Get the next buffer in the queue of encrypted packets to write*/
writebuf = (buffer*)examine(&ses.writequeue);
len = writebuf->len - writebuf->pos;
assert(len > 0);
/* Try to write as much as possible */
written = write(ses.sock, buf_getptr(writebuf, len), len);
if (written < 0) {
if (errno == EINTR) {
TRACE(("leave writepacket: EINTR"));
return;
} else {
dropbear_exit("error writing");
}
}
if (written == 0) {
dropbear_close("remote host closed connection");
}
if (written == len) {
/* We've finished with the packet, free it */
dequeue(&ses.writequeue);
buf_free(writebuf);
} else {
/* More packet left to write, leave it in the queue for later */
buf_incrpos(writebuf, written);
}
TRACE(("leave write_packet"));
}
/* returns a pointer to a newly created buffer */
static buffer* buf_decompress(buffer* buf, unsigned int len) {
int result;
buffer * ret;
z_streamp zstream;
zstream = ses.keys->recv_zstream;
ret = buf_new(len);
zstream->avail_in = len;
zstream->next_in = buf_getptr(buf, len);
/* decompress the payload, incrementally resizing the output buffer */
while (1) {
zstream->avail_out = ret->size - ret->pos;
zstream->next_out = buf_getwriteptr(ret, zstream->avail_out);
result = inflate(zstream, Z_SYNC_FLUSH);
buf_setlen(ret, ret->size - zstream->avail_out);
buf_setpos(ret, ret->len);
if (result != Z_BUF_ERROR && result != Z_OK) {
dropbear_exit("zlib error");
}
if (zstream->avail_in == 0 &&
(zstream->avail_out != 0 || result == Z_BUF_ERROR)) {
/* we can only exit if avail_out hasn't all been used,
* and there's no remaining input */
return ret;
}
if (zstream->avail_out == 0) {
buf_resize(ret, ret->size + ZLIB_DECOMPRESS_INCR);
}
}
}
/* Must be called after syslog/etc is working */
void loadhostkeys() {
int ret;
int type;
TRACE(("enter loadhostkeys"))
svr_opts.hostkey = new_sign_key();
#ifdef DROPBEAR_RSA
type = DROPBEAR_SIGNKEY_RSA;
ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type);
if (ret == DROPBEAR_FAILURE) {
disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile);
}
#endif
#ifdef DROPBEAR_DSS
type = DROPBEAR_SIGNKEY_DSS;
ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type);
if (ret == DROPBEAR_FAILURE) {
disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile);
}
#endif
if ( 1
#ifdef DROPBEAR_DSS
&& svr_opts.hostkey->dsskey == NULL
#endif
#ifdef DROPBEAR_RSA
&& svr_opts.hostkey->rsakey == NULL
#endif
) {
dropbear_exit("No hostkeys available");
}
TRACE(("leave loadhostkeys"))
}
/* Handle channel closure(), respond in kind and close the channels */
void recv_msg_channel_close() {
unsigned int chan;
struct Channel * channel;
TRACE(("enter recv_msg_channel_close"));
chan = buf_getint(ses.payload);
TRACE(("close channel = %d", chan));
channel = getchannel(chan);
if (channel == NULL) {
/* disconnect ? */
dropbear_exit("Close for unknown channel");
}
if (!channel->sentclosed) {
send_msg_channel_close(channel);
}
closechannel(channel);
TRACE(("leave recv_msg_channel_close"));
}
/* Check all timeouts which are required. Currently these are the time for
* user authentication, and the automatic rekeying. */
void checktimeouts() {
struct timeval tv;
long secs;
if (gettimeofday(&tv, 0) < 0) {
dropbear_exit("Error getting time");
}
secs = tv.tv_sec;
if (!ses.authstate.authdone) {
if (secs - ses.connecttime >= AUTH_TIMEOUT) {
dropbear_close("Timeout before userauth");
}
}
if (!ses.kexstate.sentkexinit
&& (secs - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT
|| ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)){
TRACE(("rekeying after timeout or max data reached"));
send_msg_kexinit();
}
}
static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen,
const char* algoname) {
char* fp = NULL;
FILE *tty = NULL;
char response = 'z';
fp = sign_key_fingerprint(keyblob, keybloblen);
if (cli_opts.always_accept_key) {
fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(%s fingerprint %s)\n",
cli_opts.remotehost,
algoname,
fp);
m_free(fp);
return;
}
fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(%s fingerprint %s)\nDo you want to continue connecting? (y/n) ",
cli_opts.remotehost,
algoname,
fp);
m_free(fp);
tty = fopen(_PATH_TTY, "r");
if (tty) {
response = getc(tty);
fclose(tty);
} else {
response = getc(stdin);
}
if (response == 'y') {
return;
}
dropbear_exit("Didn't validate host key");
}
/* encrypt the writepayload, putting into writebuf, ready for write_packet()
* to put on the wire */
void encrypt_packet() {
unsigned char padlen;
unsigned char blocksize, macsize;
buffer * writebuf; /* the packet which will go on the wire */
buffer * clearwritebuf; /* unencrypted, possibly compressed */
TRACE(("enter encrypt_packet()"));
TRACE(("encrypt_packet type is %d", ses.writepayload->data[0]));
blocksize = ses.keys->trans_algo_crypt->blocksize;
macsize = ses.keys->trans_algo_mac->hashsize;
/* Encrypted packet len is payload+5, then worst case is if we are 3 away
* from a blocksize multiple. In which case we need to pad to the
* multiple, then add another blocksize (or MIN_PACKET_LEN) */
clearwritebuf = buf_new((ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3
#ifndef DISABLE_ZLIB
+ ZLIB_COMPRESS_INCR /* bit of a kludge, but we can't know len*/
#endif
);
buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF);
buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF);
buf_setpos(ses.writepayload, 0);
#ifndef DISABLE_ZLIB
/* compression */
if (ses.keys->trans_algo_comp == DROPBEAR_COMP_ZLIB) {
buf_compress(clearwritebuf, ses.writepayload, ses.writepayload->len);
} else
#endif
{
memcpy(buf_getwriteptr(clearwritebuf, ses.writepayload->len),
buf_getptr(ses.writepayload, ses.writepayload->len),
ses.writepayload->len);
buf_incrwritepos(clearwritebuf, ses.writepayload->len);
}
/* finished with payload */
buf_setpos(ses.writepayload, 0);
buf_setlen(ses.writepayload, 0);
/* length of padding - packet length must be a multiple of blocksize,
* with a minimum of 4 bytes of padding */
padlen = blocksize - (clearwritebuf->len) % blocksize;
if (padlen < 4) {
padlen += blocksize;
}
/* check for min packet length */
if (clearwritebuf->len + padlen < MIN_PACKET_LEN) {
padlen += blocksize;
}
buf_setpos(clearwritebuf, 0);
/* packet length excluding the packetlength uint32 */
buf_putint(clearwritebuf, clearwritebuf->len + padlen - 4);
/* padding len */
buf_putbyte(clearwritebuf, padlen);
/* actual padding */
buf_setpos(clearwritebuf, clearwritebuf->len);
buf_incrlen(clearwritebuf, padlen);
genrandom(buf_getptr(clearwritebuf, padlen), padlen);
/* do the actual encryption */
buf_setpos(clearwritebuf, 0);
/* create a new writebuffer, this is freed when it has been put on the
* wire by writepacket() */
writebuf = buf_new(clearwritebuf->len + macsize);
if (ses.keys->trans_algo_crypt->cipherdesc == NULL) {
/* copy it */
memcpy(buf_getwriteptr(writebuf, clearwritebuf->len),
buf_getptr(clearwritebuf, clearwritebuf->len),
clearwritebuf->len);
buf_incrwritepos(writebuf, clearwritebuf->len);
} else {
/* encrypt it */
while (clearwritebuf->pos < clearwritebuf->len) {
if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize),
buf_getwriteptr(writebuf, blocksize),
&ses.keys->trans_symmetric_struct) != CRYPT_OK) {
dropbear_exit("error encrypting");
}
buf_incrpos(clearwritebuf, blocksize);
buf_incrwritepos(writebuf, blocksize);
}
}
/* now add a hmac and we're done */
writemac(writebuf, clearwritebuf);
/* clearwritebuf is finished with */
buf_free(clearwritebuf);
/* enqueue the packet for sending */
buf_setpos(writebuf, 0);
enqueue(&ses.writequeue, (void*)writebuf);
/* Update counts */
ses.kexstate.datatrans += writebuf->len;
ses.transseq++;
TRACE(("leave encrypt_packet()"));
}
/* process a decrypted packet, call the appropriate handler */
void process_packet() {
unsigned char type;
TRACE(("enter process_packet"));
type = buf_getbyte(ses.payload);
TRACE(("process_packet: packet type = %d", type));
/* these packets we can receive at any time, regardless of expecting
* other packets: */
switch(type) {
case SSH_MSG_IGNORE:
case SSH_MSG_DEBUG:
TRACE(("received SSH_MSG_IGNORE or SSH_MSG_DEBUG"));
goto out;
case SSH_MSG_UNIMPLEMENTED:
/* debugging XXX */
TRACE(("SSH_MSG_UNIMPLEMENTED"));
dropbear_exit("received SSH_MSG_UNIMPLEMENTED");
case SSH_MSG_DISCONNECT:
/* TODO cleanup? */
dropbear_close("Disconnect received");
}
/* check that we aren't expecting a particular packet */
if (ses.expecting && ses.expecting != type) {
/* TODO send disconnect? */
dropbear_exit("unexpected packet type %d, expected %d", type,
ses.expecting);
}
/* handle the packet depending on type */
ses.expecting = 0;
switch (type) {
case SSH_MSG_SERVICE_REQUEST:
recv_msg_service_request();
break;
case SSH_MSG_USERAUTH_REQUEST:
recv_msg_userauth_request();
break;
case SSH_MSG_KEXINIT:
recv_msg_kexinit();
break;
case SSH_MSG_KEXDH_INIT:
recv_msg_kexdh_init();
break;
case SSH_MSG_NEWKEYS:
recv_msg_newkeys();
break;
/* this is ugly, need to make a cleaner way to do it */
case SSH_MSG_CHANNEL_DATA:
case SSH_MSG_CHANNEL_WINDOW_ADJUST:
case SSH_MSG_CHANNEL_REQUEST:
case SSH_MSG_CHANNEL_OPEN:
case SSH_MSG_CHANNEL_EOF:
case SSH_MSG_CHANNEL_CLOSE:
case SSH_MSG_CHANNEL_OPEN_CONFIRMATION:
case SSH_MSG_CHANNEL_OPEN_FAILURE:
/* these should be checked for authdone below */
process_postauth_packet(type);
break;
default:
/* TODO this possibly should be handled */
TRACE(("unknown packet"));
recv_unimplemented();
break;
}
out:
buf_free(ses.payload);
ses.payload = NULL;
TRACE(("leave process_packet"));
}
/* handle the received packet */
void decrypt_packet() {
unsigned char blocksize;
unsigned char macsize;
unsigned int padlen;
unsigned int len;
TRACE(("enter decrypt_packet"));
blocksize = ses.keys->recv_algo_crypt->blocksize;
macsize = ses.keys->recv_algo_mac->hashsize;
ses.kexstate.datarecv += ses.readbuf->len;
/* we've already decrypted the first blocksize in read_packet_init */
buf_setpos(ses.readbuf, blocksize);
buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize);
buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size);
buf_setpos(ses.decryptreadbuf, blocksize);
/* decrypt if encryption is set, memcpy otherwise */
if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
/* copy it */
len = ses.readbuf->len - macsize - blocksize;
memcpy(buf_getwriteptr(ses.decryptreadbuf, len),
buf_getptr(ses.readbuf, len), len);
} else {
/* decrypt */
while (ses.readbuf->pos < ses.readbuf->len - macsize) {
if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
buf_getwriteptr(ses.decryptreadbuf, blocksize),
&ses.keys->recv_symmetric_struct) != CRYPT_OK) {
dropbear_exit("error decrypting");
}
buf_incrpos(ses.readbuf, blocksize);
buf_incrwritepos(ses.decryptreadbuf, blocksize);
}
}
/* check the hmac */
buf_setpos(ses.readbuf, ses.readbuf->len - macsize);
if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) {
dropbear_exit("Integrity error");
}
/* readbuf no longer required */
buf_free(ses.readbuf);
ses.readbuf = NULL;
/* get padding length */
buf_setpos(ses.decryptreadbuf, PACKET_PADDING_OFF);
padlen = buf_getbyte(ses.decryptreadbuf);
/* payload length */
/* - 4 - 1 is for LEN and PADLEN values */
len = ses.decryptreadbuf->len - padlen - 4 - 1;
if ((len > MAX_PAYLOAD_LEN) || (len < 1)) {
dropbear_exit("bad packet size");
}
buf_setpos(ses.decryptreadbuf, PACKET_PAYLOAD_OFF);
#ifndef DISABLE_ZLIB
if (ses.keys->recv_algo_comp == DROPBEAR_COMP_ZLIB) {
/* decompress */
ses.payload = buf_decompress(ses.decryptreadbuf, len);
} else
#endif
{
/* copy payload */
ses.payload = buf_new(len);
memcpy(ses.payload->data, buf_getptr(ses.decryptreadbuf, len), len);
buf_incrlen(ses.payload, len);
}
buf_free(ses.decryptreadbuf);
ses.decryptreadbuf = NULL;
buf_setpos(ses.payload, 0);
ses.recvseq++;
TRACE(("leave decrypt_packet"));
}
/* Function used to read the initial portion of a packet, and determine the
* length. Only called during the first BLOCKSIZE of a packet. */
static void read_packet_init() {
unsigned int maxlen;
int len;
unsigned char blocksize;
unsigned char macsize;
blocksize = ses.keys->recv_algo_crypt->blocksize;
macsize = ses.keys->recv_algo_mac->hashsize;
if (ses.readbuf == NULL) {
/* start of a new packet */
ses.readbuf = buf_new(INIT_READBUF);
assert(ses.decryptreadbuf == NULL);
ses.decryptreadbuf = buf_new(blocksize);
}
maxlen = blocksize - ses.readbuf->pos;
/* read the rest of the packet if possible */
len = read(ses.sock, buf_getwriteptr(ses.readbuf, maxlen),
maxlen);
if (len == 0) {
dropbear_close("remote host closed connection");
}
if (len < 0) {
if (errno == EINTR) {
TRACE(("leave read_packet_init: EINTR"));
return;
}
dropbear_exit("error reading");
}
buf_incrwritepos(ses.readbuf, len);
if ((unsigned int)len != maxlen) {
/* don't have enough bytes to determine length, get next time */
return;
}
/* now we have the first block, need to get packet length, so we decrypt
* the first block (only need first 4 bytes) */
buf_setpos(ses.readbuf, 0);
if (ses.keys->recv_algo_crypt->cipherdesc == NULL) {
/* copy it */
memcpy(buf_getwriteptr(ses.decryptreadbuf, blocksize),
buf_getptr(ses.readbuf, blocksize),
blocksize);
} else {
/* decrypt it */
if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize),
buf_getwriteptr(ses.decryptreadbuf,blocksize),
&ses.keys->recv_symmetric_struct) != CRYPT_OK) {
dropbear_exit("error decrypting");
}
}
buf_setlen(ses.decryptreadbuf, blocksize);
len = buf_getint(ses.decryptreadbuf) + 4 + macsize;
buf_setpos(ses.readbuf, blocksize);
/* check packet length */
if ((len > MAX_PACKET_LEN) ||
(len < MIN_PACKET_LEN + macsize) ||
((len - macsize) % blocksize != 0)) {
dropbear_exit("bad packet size");
}
buf_resize(ses.readbuf, len);
buf_setlen(ses.readbuf, len);
}
/* process a decrypted packet, call the appropriate handler */
void process_packet() {
unsigned char type;
unsigned int i;
TRACE2(("enter process_packet"))
type = buf_getbyte(ses.payload);
TRACE(("process_packet: packet type = %d, len %d", type, ses.payload->len))
ses.lastpacket = type;
ses.last_packet_time = time(NULL);
/* These packets we can receive at any time */
switch(type) {
case SSH_MSG_IGNORE:
goto out;
case SSH_MSG_DEBUG:
goto out;
case SSH_MSG_UNIMPLEMENTED:
/* debugging XXX */
TRACE(("SSH_MSG_UNIMPLEMENTED"))
dropbear_exit("Received SSH_MSG_UNIMPLEMENTED");
case SSH_MSG_DISCONNECT:
/* TODO cleanup? */
dropbear_close("Disconnect received");
}
/* This applies for KEX, where the spec says the next packet MUST be
* NEWKEYS */
if (ses.requirenext != 0) {
if (ses.requirenext == type)
{
/* Got what we expected */
TRACE(("got expected packet %d during kexinit", type))
}
else
{
/* RFC4253 7.1 - various messages are allowed at this point.
The only ones we know about have already been handled though,
so just return "unimplemented" */
if (type >= 1 && type <= 49
&& type != SSH_MSG_SERVICE_REQUEST
&& type != SSH_MSG_SERVICE_ACCEPT
&& type != SSH_MSG_KEXINIT)
{
TRACE(("unknown allowed packet during kexinit"))
recv_unimplemented();
goto out;
}
else
{
TRACE(("disallowed packet during kexinit"))
dropbear_exit("Unexpected packet type %d, expected %d", type,
ses.requirenext);
}
}
}
/* Check if we should ignore this packet. Used currently only for
* KEX code, with first_kex_packet_follows */
if (ses.ignorenext) {
TRACE(("Ignoring packet, type = %d", type))
ses.ignorenext = 0;
goto out;
}
/* Only clear the flag after we have checked ignorenext */
if (ses.requirenext != 0 && ses.requirenext == type)
{
ses.requirenext = 0;
}
/* Kindly the protocol authors gave all the preauth packets type values
* less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).
* NOTE: if the protocol changes and new types are added, revisit this
* assumption */
if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
dropbear_exit("Received message %d before userauth", type);
}
for (i = 0; ; i++) {
if (ses.packettypes[i].type == 0) {
/* end of list */
break;
}
if (ses.packettypes[i].type == type) {
ses.packettypes[i].handler();
goto out;
}
}
/* TODO do something more here? */
TRACE(("preauth unknown packet"))
recv_unimplemented();
out:
buf_free(ses.payload);
ses.payload = NULL;
TRACE2(("leave process_packet"))
}
