Пример #1
0
void iks_md5_digest(iksmd5 *md5, unsigned char *digest)
{
	PUT_UINT32(md5->state[0], digest,  0);
	PUT_UINT32(md5->state[1], digest,  4);
	PUT_UINT32(md5->state[2], digest,  8);
	PUT_UINT32(md5->state[3], digest, 12);
}
Пример #2
0
static unsigned char *
write_ref(unsigned char *buf, char *node, uint cre, uint id[], uint no_ids)
{
    int i;
    unsigned char *e = buf;

    if (no_ids == 1) {
	*(e++) = REFERENCE_EXT;
	e = write_atom(e, node);
	PUT_UINT32(e, id[0] & ((1 << 15) - 1));
	e += 4;
	*(e++) = cre & ((1 << 2) - 1);
    }
    else {
	*(e++) = NEW_REFERENCE_EXT;
	PUT_UINT16(e, no_ids);
	e += 2;
	e = write_atom(e, node);
	*(e++) = cre & ((1 << 2) - 1);
	for (i = 0; i < no_ids; i++) {
	    PUT_UINT32(e, id[i]);
	    e += 4;
	}
    }

    return e;
}
Пример #3
0
static unsigned char *
write_pid(unsigned char *buf, char *node, uint cre, uint num, uint ser)
{
    unsigned char *e = buf;

    *(e++) = PID_EXT;
    e = write_atom(e, node);
    PUT_UINT32(e, num & ((1 << 15) - 1));
    e += 4;
    PUT_UINT32(e, ser & ((1 << 3) - 1));
    e += 4;
    *(e++) = cre & ((1 << 2) - 1);

    return e;
}
Пример #4
0
void iks_md5_hash(iksmd5 *md5, const unsigned char *data, size_t slen, int finish)
{
	int i, j;
	int len = slen;

	i = (64 - md5->blen);
	j = (len < i) ? (len) : (i);
	memcpy(md5->buffer + md5->blen, data, j);
	md5->blen += j;
	len -= j;
	data += j;
	while(len > 0)
	{
		iks_md5_compute(md5);
		md5->blen = 0;
		md5->total[0] += 8 * 64;
		md5->total[1] += (md5->total[0] < 8 * 64);
		j = (len < 64) ? (len) : (64);
		memcpy(md5->buffer, data, j);
		md5->blen = j;
		len -= j;
		data += j;
	}
	if(finish)
	{
		md5->total[0] += 8 * md5->blen;
		md5->total[1] += (md5->total[0] < 8 * md5->blen);
		if(md5->blen == 64)
		{
			iks_md5_compute(md5);
			md5->blen = 0;
		}
		md5->buffer[(md5->blen)++] = 0x80;
		if(md5->blen > 56)
		{
			while(md5->blen < 64)
				md5->buffer[(md5->blen)++] = 0x00;
			iks_md5_compute(md5);
			md5->blen = 0;
		}
		while(md5->blen < 56)
			md5->buffer[(md5->blen)++] = 0x00;
		PUT_UINT32(md5->total[0], md5->buffer, 56);
		PUT_UINT32(md5->total[1], md5->buffer, 60);
		iks_md5_compute(md5);
	}
}
Пример #5
0
void sha1_finish(ctx_sha1* p_ctx,unsigned char digest[20])
{
	
	static unsigned char PADDING[64] =
	{
		0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
		   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
		   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
		   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
	};
    unsigned char ml[8];	
    unsigned int hi = ( p_ctx->_count[0] >> 29 ) | ( p_ctx->_count[1] <<  3 );
    unsigned int lo = ( p_ctx->_count[0] <<  3 );
    unsigned int last,padn; 	

    PUT_UINT32(hi, ml, 0);
    PUT_UINT32(lo, ml, 4);

    last = p_ctx->_count[0] & 0x3F;
    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );

    sha1_update(p_ctx,PADDING, padn);
    sha1_update(p_ctx,ml, 8);

    PUT_UINT32(p_ctx->_state[0], digest,  0);
    PUT_UINT32(p_ctx->_state[1], digest,  4);
    PUT_UINT32(p_ctx->_state[2], digest,  8);
    PUT_UINT32(p_ctx->_state[3], digest, 12);
    PUT_UINT32(p_ctx->_state[4], digest, 16);

	/* Zeroize sensitive information.	*/
	sha1_initialize(p_ctx);
}
Пример #6
0
static unsigned char *
write_port(unsigned char *buf, char *node, uint cre, uint id)
{
    unsigned char *e = buf;

    *(e++) = PORT_EXT;
    e = write_atom(e, node);
    PUT_UINT32(e, id & ((1 << 15) - 1));
    e += 4;
    *(e++) = cre & ((1 << 2) - 1);

    return e;
}
Пример #7
0
static void Sha256_Final(Sha256ContextType *context, uint8_t hash[])
{
    uint32_t i;

    i = context->DataLen;

    // Pad whatever data is left in the buffer.
    if (context->DataLen < 56)
    {
        context->Data[i++] = 0x80;
        while (i < 56)
            context->Data[i++] = 0x00;
    }
    else
    {
        context->Data[i++] = 0x80;
        while (i < 64)
            context->Data[i++] = 0x00;

        Sha256_Transform(context,context->Data);
        memset(context->Data, 0, 56);
    }

    // Append to the padding the total message's length in bits and transform.
    DBL_INT_ADD(context->BitLen[0], context->BitLen[1], context->DataLen * 8);
    PUT_UINT32(context->BitLen[0], context->Data, 60);
    PUT_UINT32(context->BitLen[1], context->Data, 56);
    Sha256_Transform(context, context->Data);

    // Copy result into output buffer
    PUT_UINT32(context->State[0], hash,  0);
    PUT_UINT32(context->State[1], hash,  4);
    PUT_UINT32(context->State[2], hash,  8);
    PUT_UINT32(context->State[3], hash, 12);
    PUT_UINT32(context->State[4], hash, 16);
    PUT_UINT32(context->State[5], hash, 20);
    PUT_UINT32(context->State[6], hash, 24);
    PUT_UINT32(context->State[7], hash, 28);
}
Пример #8
0
static void
router_process_filtered_pkt (uint8_t                   *user,
                             const struct pcap_pkthdr  *hdr,
                             const uint8_t             *bytes)
{
    struct ether_header  *ether;
    router_pcap_loop_t   *rinp  = (router_pcap_loop_t *)user;
    struct in_addr        addr;
    static uint8_t        first = TRUE;
    uint8_t               buf[MAX_BUF_LEN] = {0};
    char                  str[INET_ADDRSTRLEN];
    struct iphdr         *ip;
    struct udphdr        *udp;
    uint8_t              *payload, idx;
    uint16_t              payload_len;
    double                curr_time;

    /*
     * FOR SOME REASON, THE ETHERNET HEADER STARTS AT
     * SECOND BYTE WHEN CAPTURING PACKETS ON "ANY"
     * DEVICE. ACCOUNT FOR THIS
     */
    bytes += 2;

    ether   = (struct ether_header *)(bytes);
    ip      = (struct iphdr *)(ether + 1);
    udp     = (struct udphdr *)(ip + 1);
    payload = (uint8_t *)(udp + 1);

    assert(ether->ether_type == htons(ETHERTYPE_IP));

    /* Safety check */
    if (ip->saddr == htonl(rinp->router_addr)) {
        return;
    }

    /* Check for END signal from victim */
    if (ip->saddr == htonl(rinp->victim_addr)) {
        if ((ip->protocol == IPPROTO_UDP)           &&
            (ip->daddr == htonl(rinp->router_addr)) &&
            (udp->dest == htons(input.tcp_port))) {

            curr_time = ROUTER_GET_PKT_TIME(hdr);
            if (input.epoch_cnt) {
                addr.s_addr = htonl(rinp->victim_addr);
                fprintf(input.loghdl,
                        "%.6f  %-15s  %u\n",
                        input.epoch_start,
                        inet_ntop(AF_INET, &addr, str, sizeof(str)),
                        input.epoch_cnt);
            }
            close(trback_sockfd);
            fflush(input.loghdl);
            fclose(input.loghdl);
            exit(0);
        }
        return;
    }

    assert(ip->daddr == htonl(rinp->victim_addr));
    payload_len = hdr->len - (payload - bytes);

    /*
     * If traceback message, append our IP address
     * to the list of IPs in buffer
     */
    if ((ip->protocol == IPPROTO_UDP) &&
        (udp->dest == htons(rinp->victim_port))) {
        router_intercept_traceback_msg(payload,
                                       payload_len,
                                       rinp->router_addr,
                                       rinp->victim_addr,
                                       rinp->victim_port);
        return;
    }

    /* Check if we can send packets */
    if (RANDOM() > input.probability) {
        return;
    }

    /*
     * Prepare traceback message
     *
     * +---------------------------+
     * |    MAGIC - 0xDEADBEEF     |  4 bytes
     * +---------------------------+
     * |       MSGTYPE_ATTACK      |  1 byte
     * +---------------------------+
     * |    Number of IPs (n)      |  1 byte
     * +---------------------------+
     * |       Attacker IP         |  4 byte
     * +---------------------------+
     * /       Router IP # 1       /
     * /       Router IP # 2       /  (n-1) * 4 bytes
     * .............................
     */
    idx = 0;
    PUT_UINT32(&buf[idx], TRACEBACK_MAGIC);
    idx += TRACEBACK_MAGIC_SZ;

    buf[idx++] = TRACEBACK_MSGTYPE_ATTACK;
    buf[idx++] = 2;   /* Attacker + Victim */

    /* Attacker address */
    PUT_UINT32(&buf[idx], ntohl(ip->saddr));
    idx += sizeof(uint32_t);

    /* Router address */
    PUT_UINT32(&buf[idx], rinp->router_addr);
    idx += sizeof(uint32_t);

    assert(idx == TRACEBACK_MSG_LEN(2));
    router_send_traceback_message(rinp->victim_addr,
                                  rinp->victim_port,
                                  FALSE, buf,
                                  TRACEBACK_MSG_LEN(2),
                                  2);
    input.epoch_cnt++;

    /* Log epoch count */
    curr_time = ROUTER_GET_PKT_TIME(hdr);
    if (first) {
        first = FALSE;
        input.epoch_start = curr_time;

    } else if ((curr_time - input.epoch_start) > input.epoch) {
        struct in_addr  addr;
        uint16_t        num_epochs;
        char            str[INET_ADDRSTRLEN];

        addr.s_addr = htonl(rinp->victim_addr);
        num_epochs = (curr_time - input.epoch_start) / input.epoch;

        for (idx=0; idx < num_epochs; idx++) {
            fprintf(input.loghdl,
                    "%.6f  %-15s  %u\n",
                    input.epoch_start,
                    inet_ntop(AF_INET, &addr, str, sizeof(str)),
                    input.epoch_cnt);

            input.epoch_start += input.epoch;
            input.epoch_cnt = 0;
        }
    }
    return;
}
Пример #9
0
static inline void
router_intercept_traceback_msg (const uint8_t  *data,
                                uint16_t        data_len,
                                uint32_t        router_addr,
                                uint32_t        victim_addr,
                                uint16_t        victim_port)
{
    uint8_t    buf[MAX_BUF_LEN] = {0};
    uint8_t    num_ips, len;

    /*
     * +---------------------------+
     * |    MAGIC - 0xDEADBEEF     |  4 bytes
     * +---------------------------+
     * |       MSGTYPE_PATH        |  1 byte
     * +---------------------------+
     * |    Number of IPs (n)      |  1 byte
     * +---------------------------+
     * |       Attacker IP         |  4 byte
     * +---------------------------+
     * /       Router IP # 1       /
     * /       Router IP # 2       /  (n-1) * 4 bytes
     * .............................
     */

    /* Check for our magic */
    if (GET_UINT32(data) != TRACEBACK_MAGIC) {
        printf("Ignoring non-traceback msg on traceback port\n");
        return;
    }

    /* Sanity check */
    num_ips = data[TRACEBACK_MAGIC_SZ + 1];
    assert(num_ips < MAX_ROUTERS);

    if (data_len < TRACEBACK_MSG_LEN(num_ips)) {
        printf("Rcvd shorter datagram of %u bytes. Expected %u bytes\n",
               data_len, TRACEBACK_MSG_LEN(num_ips));
        return;
    }

    /* Create a copy of the message */
    len = TRACEBACK_MSG_LEN(num_ips);
    memcpy(buf, data, len);

    /* Update the message type */
    buf[TRACEBACK_MAGIC_SZ] = TRACEBACK_MSGTYPE_PATH;

    /* Now append our address */
    ++num_ips;
    buf[TRACEBACK_MAGIC_SZ + 1] = num_ips;
    PUT_UINT32(&buf[len], router_addr);

    /* Forward traceback message */
    router_send_traceback_message(victim_addr,
                                  victim_port,
                                  TRUE, buf,
                                  TRACEBACK_MSG_LEN(num_ips),
                                  num_ips);
    return;
}
Пример #10
0
/* Encodes terminal modes for the terminal referenced by fd in a
   portable manner, and appends the modes to a buffer being
   constructed. Stores constructed buffers len to buf_len. This call
   always succeeds, but if an error happens during encoding, buf will
   be empty and buf_len will be 0 */
void ssh_encode_tty_flags(int fd, unsigned char **buf, size_t *buf_len)
     /*void tty_make_modes(int fd)*/
{
  SshBuffer buffer;  
#ifdef USING_TERMIOS
  struct termios tio;
#endif
#ifdef USING_SGTTY
  struct sgttyb tio;
  struct tchars tiotc;
  struct ltchars tioltc;
  int tiolm;
#ifdef TIOCGSTAT
  struct tstatus tiots;
#endif /* TIOCGSTAT */
#endif /* USING_SGTTY */
  int baud;

  if (!isatty(fd))
    {
      SSH_TRACE(2, ("Not a tty. (fd = %d)", fd));
      *buf = ssh_xstrdup("");
      *buf_len = 0;
      return;
    }
  
  ssh_buffer_init(&buffer);

  /* Get the modes. */
#ifdef USING_TERMIOS
  if (tcgetattr(fd, &tio) < 0)
    {
      PUT_CHAR(TTY_OP_END);
      ssh_warning("tcgetattr: %.100s", strerror(errno));
      goto error;
    }
#endif /* USING_TERMIOS */
#ifdef USING_SGTTY
  if (ioctl(fd, TIOCGETP, &tio) < 0)
    {
      PUT_CHAR(TTY_OP_END);
      ssh_warning("ioctl(fd, TIOCGETP, ...): %.100s", strerror(errno));
      goto error;
    }
  if (ioctl(fd, TIOCGETC, &tiotc) < 0)
    {
      PUT_CHAR(TTY_OP_END);
      ssh_warning("ioctl(fd, TIOCGETC, ...): %.100s", strerror(errno));
      goto error;
    }
  if (ioctl(fd, TIOCLGET, &tiolm) < 0)
    {
      PUT_CHAR(TTY_OP_END);
      ssh_warning("ioctl(fd, TIOCLGET, ...): %.100s", strerror(errno));
      goto error;
    }
  if (ioctl(fd, TIOCGLTC, &tioltc) < 0)
    {
      PUT_CHAR(TTY_OP_END);
      ssh_warning("ioctl(fd, TIOCGLTC, ...): %.100s", strerror(errno));
      goto error;
    }
#ifdef TIOCGSTAT
  if (ioctl(fd, TIOCGSTAT, &tiots) < 0) 
    {
      PUT_CHAR(TTY_OP_END);
      ssh_warning("ioctl(fd, TIOCGSTAT, ...): %.100s", strerror(errno));
      goto error;
    }
#endif /* TIOCGSTAT */
  /* termio's ECHOE is really both LCRTBS and LCRTERA - so wire them
     together */
  if (tiolm & LCRTBS)
    tiolm |= LCRTERA;
#endif /* USING_SGTTY */

  /* Store input and output baud rates. */
  baud = speed_to_baud(cfgetospeed(&tio));
  PUT_CHAR(TTY_OP_OSPEED);
  PUT_UINT32(baud);
  baud = speed_to_baud(cfgetispeed(&tio));
  PUT_CHAR(TTY_OP_ISPEED);
  PUT_UINT32(baud);

  /* Store values of mode flags. */
#ifdef USING_TERMIOS
#define TTYCHAR(NAME, OP) \
  PUT_CHAR(OP); PUT_UINT32(tio.c_cc[NAME]);
#define TTYMODE(NAME, FIELD, OP) \
  PUT_CHAR(OP); PUT_UINT32((tio.FIELD & NAME) != 0);
#define SGTTYCHAR(NAME, OP)
#define SGTTYMODE(NAME, FIELD, OP)
#define SGTTYMODEN(NAME, FIELD, OP)
#endif /* USING_TERMIOS */

#ifdef USING_SGTTY
#define TTYCHAR(NAME, OP)
#define TTYMODE(NAME, FIELD, OP)
#define SGTTYCHAR(NAME, OP) \
  PUT_CHAR(OP); PUT_UINT32(NAME);
#define SGTTYMODE(NAME, FIELD, OP) \
  PUT_CHAR(OP); PUT_UINT32((FIELD & NAME) != 0);
#define SGTTYMODEN(NAME, FIELD, OP) \
  PUT_CHAR(OP); PUT_UINT32((FIELD & NAME) == 0);
#endif /* USING_SGTTY */

#include "sshttyflagsi.h"

#undef TTYCHAR
#undef TTYMODE
#undef SGTTYCHAR
#undef SGTTYMODE
#undef SGTTYMODEN

  /* Mark end of mode data. */
  PUT_CHAR(TTY_OP_END);

  *buf_len = ssh_buffer_len(&buffer);
  *buf = ssh_xmemdup(ssh_buffer_ptr(&buffer), *buf_len);
  ssh_buffer_uninit(&buffer);

  SSH_DEBUG_HEXDUMP(5, ("encoded tty-flags buffer"), *buf, *buf_len);
  
  return;

 error:
  ssh_buffer_uninit(&buffer);
  *buf = ssh_xstrdup("");
  *buf_len = 0;
}