static unsigned char *
gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
size_t *key_len)
{
int e_bytes, n_bytes;
unsigned long len;
unsigned char* key;
unsigned char* p;
e_bytes = BN_num_bytes(rsa->e) + 1;
n_bytes = BN_num_bytes(rsa->n) + 1;
/* Key form is "ssh-rsa" + e + n. */
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
key = LIBSSH2_ALLOC(session, len);
if (key == NULL) {
return NULL;
}
/* Process key encoding. */
p = key;
_libssh2_htonu32(p, 7); /* Key type. */
p += 4;
memcpy(p, "ssh-rsa", 7);
p += 7;
p = write_bn(p, rsa->e, e_bytes);
p = write_bn(p, rsa->n, n_bytes);
*key_len = (size_t)(p - key);
return key;
}
/* mac_method_hmac_ripemd160_hash
* Calculate hash using ripemd160 value
*/
static int
mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION * session,
unsigned char *buf, uint32_t seqno,
const unsigned char *packet,
uint32_t packet_len,
const unsigned char *addtl,
uint32_t addtl_len,
void **abstract)
{
libssh2_hmac_ctx ctx;
unsigned char seqno_buf[4];
(void) session;
_libssh2_htonu32(seqno_buf, seqno);
libssh2_hmac_ctx_init(ctx);
libssh2_hmac_ripemd160_init(&ctx, *abstract, 20);
libssh2_hmac_update(ctx, seqno_buf, 4);
libssh2_hmac_update(ctx, packet, packet_len);
if(addtl && addtl_len) {
libssh2_hmac_update(ctx, addtl, addtl_len);
}
libssh2_hmac_final(ctx, buf);
libssh2_hmac_cleanup(&ctx);
return 0;
}
static int
agent_transact_unix(LIBSSH2_AGENT *agent, agent_transaction_ctx_t transctx)
{
unsigned char buf[4];
int rc;
/* Send the length of the request */
if (transctx->state == agent_NB_state_request_created) {
_libssh2_htonu32(buf, transctx->request_len);
rc = send(agent->fd, buf, sizeof buf, 0);
if (rc < 0) {
if (errno == EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
return -1;
}
transctx->state = agent_NB_state_request_length_sent;
}
/* Send the request body */
if (transctx->state == agent_NB_state_request_length_sent) {
rc = send(agent->fd, transctx->request,
transctx->request_len, 0);
if (rc < 0) {
if (errno == EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
return -1;
}
transctx->state = agent_NB_state_request_sent;
}
/* Receive the length of a response */
if (transctx->state == agent_NB_state_request_sent) {
rc = recv(agent->fd, buf, sizeof buf, 0);
if (rc < 0) {
if (errno == EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
return -1;
}
transctx->response_len = _libssh2_ntohu32(buf);
transctx->response = LIBSSH2_ALLOC(agent->session,
transctx->response_len);
if (!transctx->response) {
return LIBSSH2_ERROR_ALLOC;
}
transctx->state = agent_NB_state_response_length_received;
}
/* Receive the response body */
if (transctx->state == agent_NB_state_response_length_received) {
rc = recv(agent->fd, transctx->response, transctx->response_len, 0);
if (rc < 0) {
if (errno == EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
return -1;
}
transctx->state = agent_NB_state_response_received;
}
return 0;
}
static unsigned char *
gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
size_t *key_len)
{
int p_bytes, q_bytes, g_bytes, k_bytes;
unsigned long len;
unsigned char *key;
unsigned char *p;
const BIGNUM * p_bn;
const BIGNUM * q;
const BIGNUM * g;
const BIGNUM * pub_key;
#ifdef HAVE_OPAQUE_STRUCTS
DSA_get0_pqg(dsa, &p_bn, &q, &g);
#else
p_bn = dsa->p;
q = dsa->q;
g = dsa->g;
#endif
#ifdef HAVE_OPAQUE_STRUCTS
DSA_get0_key(dsa, &pub_key, NULL);
#else
pub_key = dsa->pub_key;
#endif
p_bytes = BN_num_bytes(p_bn) + 1;
q_bytes = BN_num_bytes(q) + 1;
g_bytes = BN_num_bytes(g) + 1;
k_bytes = BN_num_bytes(pub_key) + 1;
/* Key form is "ssh-dss" + p + q + g + pub_key. */
len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
key = LIBSSH2_ALLOC(session, len);
if(key == NULL) {
return NULL;
}
/* Process key encoding. */
p = key;
_libssh2_htonu32(p, 7); /* Key type. */
p += 4;
memcpy(p, "ssh-dss", 7);
p += 7;
p = write_bn(p, p_bn, p_bytes);
p = write_bn(p, q, q_bytes);
p = write_bn(p, g, g_bytes);
p = write_bn(p, pub_key, k_bytes);
*key_len = (size_t)(p - key);
return key;
}
static unsigned long
_libssh2_wincng_pub_priv_write(unsigned char *key,
unsigned long offset,
const unsigned char *bignum,
const unsigned long length)
{
_libssh2_htonu32(key + offset, length);
offset += 4;
memcpy(key + offset, bignum, length);
offset += length;
return offset;
}
static unsigned char *
write_bn(unsigned char *buf, const BIGNUM *bn, int bn_bytes)
{
unsigned char *p = buf;
/* Left space for bn size which will be written below. */
p += 4;
*p = 0;
BN_bn2bin(bn, p + 1);
if (!(*(p + 1) & 0x80)) {
memmove(p, p + 1, --bn_bytes);
}
_libssh2_htonu32(p - 4, bn_bytes); /* Post write bn size. */
return p + bn_bytes;
}
static unsigned char *
gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
size_t *key_len)
{
int e_bytes, n_bytes;
unsigned long len;
unsigned char *key;
unsigned char *p;
const BIGNUM * e;
const BIGNUM * n;
#ifdef HAVE_OPAQUE_STRUCTS
RSA_get0_key(rsa, &n, &e, NULL);
#else
e = rsa->e;
n = rsa->n;
#endif
e_bytes = BN_num_bytes(e) + 1;
n_bytes = BN_num_bytes(n) + 1;
/* Key form is "ssh-rsa" + e + n. */
len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
key = LIBSSH2_ALLOC(session, len);
if(key == NULL) {
return NULL;
}
/* Process key encoding. */
p = key;
_libssh2_htonu32(p, 7); /* Key type. */
p += 4;
memcpy(p, "ssh-rsa", 7);
p += 7;
p = write_bn(p, e, e_bytes);
p = write_bn(p, n, n_bytes);
*key_len = (size_t)(p - key);
return key;
}
static unsigned char *
gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
size_t *key_len)
{
int p_bytes, q_bytes, g_bytes, k_bytes;
unsigned long len;
unsigned char* key;
unsigned char* p;
p_bytes = BN_num_bytes(dsa->p) + 1;
q_bytes = BN_num_bytes(dsa->q) + 1;
g_bytes = BN_num_bytes(dsa->g) + 1;
k_bytes = BN_num_bytes(dsa->pub_key) + 1;
/* Key form is "ssh-dss" + p + q + g + pub_key. */
len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
key = LIBSSH2_ALLOC(session, len);
if (key == NULL) {
return NULL;
}
/* Process key encoding. */
p = key;
_libssh2_htonu32(p, 7); /* Key type. */
p += 4;
memcpy(p, "ssh-dss", 7);
p += 7;
p = write_bn(p, dsa->p, p_bytes);
p = write_bn(p, dsa->q, q_bytes);
p = write_bn(p, dsa->g, g_bytes);
p = write_bn(p, dsa->pub_key, k_bytes);
*key_len = (size_t)(p - key);
return key;
}
/*
* libssh2_packet_queue_listener
*
* Queue a connection request for a listener
*/
static inline int
packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
unsigned long datalen,
packet_queue_listener_state_t * listen_state)
{
/*
* Look for a matching listener
*/
unsigned char *s = data + (sizeof("forwarded-tcpip") - 1) + 5;
/* 17 = packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */
unsigned long packet_len = 17 + (sizeof(FwdNotReq) - 1);
unsigned char *p;
LIBSSH2_LISTENER *listen = session->listeners;
char failure_code = 1; /* SSH_OPEN_ADMINISTRATIVELY_PROHIBITED */
int rc;
(void) datalen;
if (listen_state->state == libssh2_NB_state_idle) {
listen_state->sender_channel = _libssh2_ntohu32(s);
s += 4;
listen_state->initial_window_size = _libssh2_ntohu32(s);
s += 4;
listen_state->packet_size = _libssh2_ntohu32(s);
s += 4;
listen_state->host_len = _libssh2_ntohu32(s);
s += 4;
listen_state->host = s;
s += listen_state->host_len;
listen_state->port = _libssh2_ntohu32(s);
s += 4;
listen_state->shost_len = _libssh2_ntohu32(s);
s += 4;
listen_state->shost = s;
s += listen_state->shost_len;
listen_state->sport = _libssh2_ntohu32(s);
s += 4;
_libssh2_debug(session, LIBSSH2_DBG_CONN,
"Remote received connection from %s:%ld to %s:%ld",
listen_state->shost, listen_state->sport,
listen_state->host, listen_state->port);
listen_state->state = libssh2_NB_state_allocated;
}
if (listen_state->state != libssh2_NB_state_sent) {
while (listen) {
if ((listen->port == (int) listen_state->port) &&
(strlen(listen->host) == listen_state->host_len) &&
(memcmp
(listen->host, listen_state->host,
listen_state->host_len) == 0)) {
/* This is our listener */
LIBSSH2_CHANNEL *channel, *last_queued = listen->queue;
last_queued = listen->queue;
if (listen_state->state == libssh2_NB_state_allocated) {
if (listen->queue_maxsize &&
(listen->queue_maxsize <= listen->queue_size)) {
/* Queue is full */
failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */
_libssh2_debug(session, LIBSSH2_DBG_CONN,
"Listener queue full, ignoring");
listen_state->state = libssh2_NB_state_sent;
break;
}
channel = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_CHANNEL));
if (!channel) {
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate a channel for new connection",
0);
failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */
listen_state->state = libssh2_NB_state_sent;
break;
}
memset(channel, 0, sizeof(LIBSSH2_CHANNEL));
channel->session = session;
channel->channel_type_len = sizeof("forwarded-tcpip") - 1;
channel->channel_type = LIBSSH2_ALLOC(session,
channel->
channel_type_len +
1);
if (!channel->channel_type) {
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate a channel for new connection",
0);
LIBSSH2_FREE(session, channel);
failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */
listen_state->state = libssh2_NB_state_sent;
break;
}
memcpy(channel->channel_type, "forwarded-tcpip",
channel->channel_type_len + 1);
channel->remote.id = listen_state->sender_channel;
channel->remote.window_size_initial =
LIBSSH2_CHANNEL_WINDOW_DEFAULT;
channel->remote.window_size =
LIBSSH2_CHANNEL_WINDOW_DEFAULT;
channel->remote.packet_size =
LIBSSH2_CHANNEL_PACKET_DEFAULT;
channel->local.id = _libssh2_channel_nextid(session);
channel->local.window_size_initial =
listen_state->initial_window_size;
channel->local.window_size =
listen_state->initial_window_size;
channel->local.packet_size = listen_state->packet_size;
_libssh2_debug(session, LIBSSH2_DBG_CONN,
"Connection queued: channel %lu/%lu win %lu/%lu packet %lu/%lu",
channel->local.id, channel->remote.id,
channel->local.window_size,
channel->remote.window_size,
channel->local.packet_size,
channel->remote.packet_size);
p = listen_state->packet;
*(p++) = SSH_MSG_CHANNEL_OPEN_CONFIRMATION;
_libssh2_htonu32(p, channel->remote.id);
p += 4;
_libssh2_htonu32(p, channel->local.id);
p += 4;
_libssh2_htonu32(p, channel->remote.window_size_initial);
p += 4;
_libssh2_htonu32(p, channel->remote.packet_size);
p += 4;
listen_state->state = libssh2_NB_state_created;
}
if (listen_state->state == libssh2_NB_state_created) {
rc = _libssh2_transport_write(session, listen_state->packet,
17);
if (rc == PACKET_EAGAIN) {
return PACKET_EAGAIN;
} else if (rc) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
"Unable to send channel open confirmation",
0);
listen_state->state = libssh2_NB_state_idle;
return -1;
}
/* Link the channel into the end of the queue list */
if (!last_queued) {
listen->queue = channel;
listen_state->state = libssh2_NB_state_idle;
return 0;
}
while (last_queued->next) {
last_queued = last_queued->next;
}
last_queued->next = channel;
channel->prev = last_queued;
listen->queue_size++;
listen_state->state = libssh2_NB_state_idle;
return 0;
}
}
listen = listen->next;
}
listen_state->state = libssh2_NB_state_sent;
}
/* We're not listening to you */
{
p = listen_state->packet;
*(p++) = SSH_MSG_CHANNEL_OPEN_FAILURE;
_libssh2_htonu32(p, listen_state->sender_channel);
p += 4;
_libssh2_htonu32(p, failure_code);
p += 4;
_libssh2_htonu32(p, sizeof(FwdNotReq) - 1);
p += 4;
memcpy(s, FwdNotReq, sizeof(FwdNotReq) - 1);
p += sizeof(FwdNotReq) - 1;
_libssh2_htonu32(p, 0);
rc = _libssh2_transport_write(session, listen_state->packet,
packet_len);
if (rc == PACKET_EAGAIN) {
return PACKET_EAGAIN;
} else if (rc) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
"Unable to send open failure", 0);
listen_state->state = libssh2_NB_state_idle;
return -1;
}
listen_state->state = libssh2_NB_state_idle;
return 0;
}
}
/*
* packet_x11_open
*
* Accept a forwarded X11 connection
*/
static inline int
packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
unsigned long datalen,
packet_x11_open_state_t * x11open_state)
{
int failure_code = 2; /* SSH_OPEN_CONNECT_FAILED */
unsigned char *s = data + (sizeof("x11") - 1) + 5;
/* 17 = packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */
unsigned long packet_len = 17 + (sizeof(X11FwdUnAvil) - 1);
unsigned char *p;
LIBSSH2_CHANNEL *channel;
int rc;
(void) datalen;
if (x11open_state->state == libssh2_NB_state_idle) {
x11open_state->sender_channel = _libssh2_ntohu32(s);
s += 4;
x11open_state->initial_window_size = _libssh2_ntohu32(s);
s += 4;
x11open_state->packet_size = _libssh2_ntohu32(s);
s += 4;
x11open_state->shost_len = _libssh2_ntohu32(s);
s += 4;
x11open_state->shost = s;
s += x11open_state->shost_len;
x11open_state->sport = _libssh2_ntohu32(s);
s += 4;
_libssh2_debug(session, LIBSSH2_DBG_CONN,
"X11 Connection Received from %s:%ld on channel %lu",
x11open_state->shost, x11open_state->sport,
x11open_state->sender_channel);
x11open_state->state = libssh2_NB_state_allocated;
}
if (session->x11) {
if (x11open_state->state == libssh2_NB_state_allocated) {
channel = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_CHANNEL));
if (!channel) {
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate a channel for new connection",
0);
failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */
goto x11_exit;
}
memset(channel, 0, sizeof(LIBSSH2_CHANNEL));
channel->session = session;
channel->channel_type_len = sizeof("x11") - 1;
channel->channel_type = LIBSSH2_ALLOC(session,
channel->channel_type_len +
1);
if (!channel->channel_type) {
libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate a channel for new connection",
0);
LIBSSH2_FREE(session, channel);
failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */
goto x11_exit;
}
memcpy(channel->channel_type, "x11",
channel->channel_type_len + 1);
channel->remote.id = x11open_state->sender_channel;
channel->remote.window_size_initial =
LIBSSH2_CHANNEL_WINDOW_DEFAULT;
channel->remote.window_size = LIBSSH2_CHANNEL_WINDOW_DEFAULT;
channel->remote.packet_size = LIBSSH2_CHANNEL_PACKET_DEFAULT;
channel->local.id = _libssh2_channel_nextid(session);
channel->local.window_size_initial =
x11open_state->initial_window_size;
channel->local.window_size = x11open_state->initial_window_size;
channel->local.packet_size = x11open_state->packet_size;
_libssh2_debug(session, LIBSSH2_DBG_CONN,
"X11 Connection established: channel %lu/%lu win %lu/%lu packet %lu/%lu",
channel->local.id, channel->remote.id,
channel->local.window_size,
channel->remote.window_size,
channel->local.packet_size,
channel->remote.packet_size);
p = x11open_state->packet;
*(p++) = SSH_MSG_CHANNEL_OPEN_CONFIRMATION;
_libssh2_htonu32(p, channel->remote.id);
p += 4;
_libssh2_htonu32(p, channel->local.id);
p += 4;
_libssh2_htonu32(p, channel->remote.window_size_initial);
p += 4;
_libssh2_htonu32(p, channel->remote.packet_size);
p += 4;
x11open_state->state = libssh2_NB_state_created;
}
if (x11open_state->state == libssh2_NB_state_created) {
rc = _libssh2_transport_write(session, x11open_state->packet, 17);
if (rc == PACKET_EAGAIN) {
return PACKET_EAGAIN;
} else if (rc) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
"Unable to send channel open confirmation", 0);
x11open_state->state = libssh2_NB_state_idle;
return -1;
}
/* Link the channel into the session */
if (session->channels.tail) {
session->channels.tail->next = channel;
channel->prev = session->channels.tail;
} else {
session->channels.head = channel;
channel->prev = NULL;
}
channel->next = NULL;
session->channels.tail = channel;
/*
* Pass control to the callback, they may turn right around and
* free the channel, or actually use it
*/
LIBSSH2_X11_OPEN(channel, (char *) x11open_state->shost,
x11open_state->sport);
x11open_state->state = libssh2_NB_state_idle;
return 0;
}
} else {
failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */
}
x11_exit:
p = x11open_state->packet;
*(p++) = SSH_MSG_CHANNEL_OPEN_FAILURE;
_libssh2_htonu32(p, x11open_state->sender_channel);
p += 4;
_libssh2_htonu32(p, failure_code);
p += 4;
_libssh2_htonu32(p, sizeof(X11FwdUnAvil) - 1);
p += 4;
memcpy(s, X11FwdUnAvil, sizeof(X11FwdUnAvil) - 1);
p += sizeof(X11FwdUnAvil) - 1;
_libssh2_htonu32(p, 0);
rc = _libssh2_transport_write(session, x11open_state->packet, packet_len);
if (rc == PACKET_EAGAIN) {
return PACKET_EAGAIN;
} else if (rc) {
libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
"Unable to send open failure", 0);
x11open_state->state = libssh2_NB_state_idle;
return -1;
}
x11open_state->state = libssh2_NB_state_idle;
return 0;
}
static int
agent_transact_unix(LIBSSH2_AGENT *agent, agent_transaction_ctx_t transctx)
{
unsigned char buf[4];
int rc;
/* Send the length of the request */
if (transctx->state == agent_NB_state_request_created) {
_libssh2_htonu32(buf, transctx->request_len);
rc = LIBSSH2_SEND_FD(agent->session, agent->fd, buf, sizeof buf, 0);
if (rc == -EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
else if (rc < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_SEND,
"agent send failed");
transctx->state = agent_NB_state_request_length_sent;
}
/* Send the request body */
if (transctx->state == agent_NB_state_request_length_sent) {
rc = LIBSSH2_SEND_FD(agent->session, agent->fd, transctx->request,
transctx->request_len, 0);
if (rc == -EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
else if (rc < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_SEND,
"agent send failed");
transctx->state = agent_NB_state_request_sent;
}
/* Receive the length of a response */
if (transctx->state == agent_NB_state_request_sent) {
rc = LIBSSH2_RECV_FD(agent->session, agent->fd, buf, sizeof buf, 0);
if (rc < 0) {
if (rc == -EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_RECV,
"agent recv failed");
}
transctx->response_len = _libssh2_ntohu32(buf);
transctx->response = LIBSSH2_ALLOC(agent->session,
transctx->response_len);
if (!transctx->response)
return LIBSSH2_ERROR_ALLOC;
transctx->state = agent_NB_state_response_length_received;
}
/* Receive the response body */
if (transctx->state == agent_NB_state_response_length_received) {
rc = LIBSSH2_RECV_FD(agent->session, agent->fd, transctx->response,
transctx->response_len, 0);
if (rc < 0) {
if (rc == -EAGAIN)
return LIBSSH2_ERROR_EAGAIN;
return _libssh2_error(agent->session, LIBSSH2_ERROR_SOCKET_SEND,
"agent recv failed");
}
transctx->state = agent_NB_state_response_received;
}
return 0;
}
