void iks_md5_digest(iksmd5 *md5, unsigned char *digest)
{
PUT_UINT32(md5->state[0], digest, 0);
PUT_UINT32(md5->state[1], digest, 4);
PUT_UINT32(md5->state[2], digest, 8);
PUT_UINT32(md5->state[3], digest, 12);
}
static unsigned char *
write_ref(unsigned char *buf, char *node, uint cre, uint id[], uint no_ids)
{
int i;
unsigned char *e = buf;
if (no_ids == 1) {
*(e++) = REFERENCE_EXT;
e = write_atom(e, node);
PUT_UINT32(e, id[0] & ((1 << 15) - 1));
e += 4;
*(e++) = cre & ((1 << 2) - 1);
}
else {
*(e++) = NEW_REFERENCE_EXT;
PUT_UINT16(e, no_ids);
e += 2;
e = write_atom(e, node);
*(e++) = cre & ((1 << 2) - 1);
for (i = 0; i < no_ids; i++) {
PUT_UINT32(e, id[i]);
e += 4;
}
}
return e;
}
static unsigned char *
write_pid(unsigned char *buf, char *node, uint cre, uint num, uint ser)
{
unsigned char *e = buf;
*(e++) = PID_EXT;
e = write_atom(e, node);
PUT_UINT32(e, num & ((1 << 15) - 1));
e += 4;
PUT_UINT32(e, ser & ((1 << 3) - 1));
e += 4;
*(e++) = cre & ((1 << 2) - 1);
return e;
}
void iks_md5_hash(iksmd5 *md5, const unsigned char *data, size_t slen, int finish)
{
int i, j;
int len = slen;
i = (64 - md5->blen);
j = (len < i) ? (len) : (i);
memcpy(md5->buffer + md5->blen, data, j);
md5->blen += j;
len -= j;
data += j;
while(len > 0)
{
iks_md5_compute(md5);
md5->blen = 0;
md5->total[0] += 8 * 64;
md5->total[1] += (md5->total[0] < 8 * 64);
j = (len < 64) ? (len) : (64);
memcpy(md5->buffer, data, j);
md5->blen = j;
len -= j;
data += j;
}
if(finish)
{
md5->total[0] += 8 * md5->blen;
md5->total[1] += (md5->total[0] < 8 * md5->blen);
if(md5->blen == 64)
{
iks_md5_compute(md5);
md5->blen = 0;
}
md5->buffer[(md5->blen)++] = 0x80;
if(md5->blen > 56)
{
while(md5->blen < 64)
md5->buffer[(md5->blen)++] = 0x00;
iks_md5_compute(md5);
md5->blen = 0;
}
while(md5->blen < 56)
md5->buffer[(md5->blen)++] = 0x00;
PUT_UINT32(md5->total[0], md5->buffer, 56);
PUT_UINT32(md5->total[1], md5->buffer, 60);
iks_md5_compute(md5);
}
}
void sha1_finish(ctx_sha1* p_ctx,unsigned char digest[20])
{
static unsigned char PADDING[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
unsigned char ml[8];
unsigned int hi = ( p_ctx->_count[0] >> 29 ) | ( p_ctx->_count[1] << 3 );
unsigned int lo = ( p_ctx->_count[0] << 3 );
unsigned int last,padn;
PUT_UINT32(hi, ml, 0);
PUT_UINT32(lo, ml, 4);
last = p_ctx->_count[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
sha1_update(p_ctx,PADDING, padn);
sha1_update(p_ctx,ml, 8);
PUT_UINT32(p_ctx->_state[0], digest, 0);
PUT_UINT32(p_ctx->_state[1], digest, 4);
PUT_UINT32(p_ctx->_state[2], digest, 8);
PUT_UINT32(p_ctx->_state[3], digest, 12);
PUT_UINT32(p_ctx->_state[4], digest, 16);
/* Zeroize sensitive information. */
sha1_initialize(p_ctx);
}
static unsigned char *
write_port(unsigned char *buf, char *node, uint cre, uint id)
{
unsigned char *e = buf;
*(e++) = PORT_EXT;
e = write_atom(e, node);
PUT_UINT32(e, id & ((1 << 15) - 1));
e += 4;
*(e++) = cre & ((1 << 2) - 1);
return e;
}
static void Sha256_Final(Sha256ContextType *context, uint8_t hash[])
{
uint32_t i;
i = context->DataLen;
// Pad whatever data is left in the buffer.
if (context->DataLen < 56)
{
context->Data[i++] = 0x80;
while (i < 56)
context->Data[i++] = 0x00;
}
else
{
context->Data[i++] = 0x80;
while (i < 64)
context->Data[i++] = 0x00;
Sha256_Transform(context,context->Data);
memset(context->Data, 0, 56);
}
// Append to the padding the total message's length in bits and transform.
DBL_INT_ADD(context->BitLen[0], context->BitLen[1], context->DataLen * 8);
PUT_UINT32(context->BitLen[0], context->Data, 60);
PUT_UINT32(context->BitLen[1], context->Data, 56);
Sha256_Transform(context, context->Data);
// Copy result into output buffer
PUT_UINT32(context->State[0], hash, 0);
PUT_UINT32(context->State[1], hash, 4);
PUT_UINT32(context->State[2], hash, 8);
PUT_UINT32(context->State[3], hash, 12);
PUT_UINT32(context->State[4], hash, 16);
PUT_UINT32(context->State[5], hash, 20);
PUT_UINT32(context->State[6], hash, 24);
PUT_UINT32(context->State[7], hash, 28);
}
static void
router_process_filtered_pkt (uint8_t *user,
const struct pcap_pkthdr *hdr,
const uint8_t *bytes)
{
struct ether_header *ether;
router_pcap_loop_t *rinp = (router_pcap_loop_t *)user;
struct in_addr addr;
static uint8_t first = TRUE;
uint8_t buf[MAX_BUF_LEN] = {0};
char str[INET_ADDRSTRLEN];
struct iphdr *ip;
struct udphdr *udp;
uint8_t *payload, idx;
uint16_t payload_len;
double curr_time;
/*
* FOR SOME REASON, THE ETHERNET HEADER STARTS AT
* SECOND BYTE WHEN CAPTURING PACKETS ON "ANY"
* DEVICE. ACCOUNT FOR THIS
*/
bytes += 2;
ether = (struct ether_header *)(bytes);
ip = (struct iphdr *)(ether + 1);
udp = (struct udphdr *)(ip + 1);
payload = (uint8_t *)(udp + 1);
assert(ether->ether_type == htons(ETHERTYPE_IP));
/* Safety check */
if (ip->saddr == htonl(rinp->router_addr)) {
return;
}
/* Check for END signal from victim */
if (ip->saddr == htonl(rinp->victim_addr)) {
if ((ip->protocol == IPPROTO_UDP) &&
(ip->daddr == htonl(rinp->router_addr)) &&
(udp->dest == htons(input.tcp_port))) {
curr_time = ROUTER_GET_PKT_TIME(hdr);
if (input.epoch_cnt) {
addr.s_addr = htonl(rinp->victim_addr);
fprintf(input.loghdl,
"%.6f %-15s %u\n",
input.epoch_start,
inet_ntop(AF_INET, &addr, str, sizeof(str)),
input.epoch_cnt);
}
close(trback_sockfd);
fflush(input.loghdl);
fclose(input.loghdl);
exit(0);
}
return;
}
assert(ip->daddr == htonl(rinp->victim_addr));
payload_len = hdr->len - (payload - bytes);
/*
* If traceback message, append our IP address
* to the list of IPs in buffer
*/
if ((ip->protocol == IPPROTO_UDP) &&
(udp->dest == htons(rinp->victim_port))) {
router_intercept_traceback_msg(payload,
payload_len,
rinp->router_addr,
rinp->victim_addr,
rinp->victim_port);
return;
}
/* Check if we can send packets */
if (RANDOM() > input.probability) {
return;
}
/*
* Prepare traceback message
*
* +---------------------------+
* | MAGIC - 0xDEADBEEF | 4 bytes
* +---------------------------+
* | MSGTYPE_ATTACK | 1 byte
* +---------------------------+
* | Number of IPs (n) | 1 byte
* +---------------------------+
* | Attacker IP | 4 byte
* +---------------------------+
* / Router IP # 1 /
* / Router IP # 2 / (n-1) * 4 bytes
* .............................
*/
idx = 0;
PUT_UINT32(&buf[idx], TRACEBACK_MAGIC);
idx += TRACEBACK_MAGIC_SZ;
buf[idx++] = TRACEBACK_MSGTYPE_ATTACK;
buf[idx++] = 2; /* Attacker + Victim */
/* Attacker address */
PUT_UINT32(&buf[idx], ntohl(ip->saddr));
idx += sizeof(uint32_t);
/* Router address */
PUT_UINT32(&buf[idx], rinp->router_addr);
idx += sizeof(uint32_t);
assert(idx == TRACEBACK_MSG_LEN(2));
router_send_traceback_message(rinp->victim_addr,
rinp->victim_port,
FALSE, buf,
TRACEBACK_MSG_LEN(2),
2);
input.epoch_cnt++;
/* Log epoch count */
curr_time = ROUTER_GET_PKT_TIME(hdr);
if (first) {
first = FALSE;
input.epoch_start = curr_time;
} else if ((curr_time - input.epoch_start) > input.epoch) {
struct in_addr addr;
uint16_t num_epochs;
char str[INET_ADDRSTRLEN];
addr.s_addr = htonl(rinp->victim_addr);
num_epochs = (curr_time - input.epoch_start) / input.epoch;
for (idx=0; idx < num_epochs; idx++) {
fprintf(input.loghdl,
"%.6f %-15s %u\n",
input.epoch_start,
inet_ntop(AF_INET, &addr, str, sizeof(str)),
input.epoch_cnt);
input.epoch_start += input.epoch;
input.epoch_cnt = 0;
}
}
return;
}
static inline void
router_intercept_traceback_msg (const uint8_t *data,
uint16_t data_len,
uint32_t router_addr,
uint32_t victim_addr,
uint16_t victim_port)
{
uint8_t buf[MAX_BUF_LEN] = {0};
uint8_t num_ips, len;
/*
* +---------------------------+
* | MAGIC - 0xDEADBEEF | 4 bytes
* +---------------------------+
* | MSGTYPE_PATH | 1 byte
* +---------------------------+
* | Number of IPs (n) | 1 byte
* +---------------------------+
* | Attacker IP | 4 byte
* +---------------------------+
* / Router IP # 1 /
* / Router IP # 2 / (n-1) * 4 bytes
* .............................
*/
/* Check for our magic */
if (GET_UINT32(data) != TRACEBACK_MAGIC) {
printf("Ignoring non-traceback msg on traceback port\n");
return;
}
/* Sanity check */
num_ips = data[TRACEBACK_MAGIC_SZ + 1];
assert(num_ips < MAX_ROUTERS);
if (data_len < TRACEBACK_MSG_LEN(num_ips)) {
printf("Rcvd shorter datagram of %u bytes. Expected %u bytes\n",
data_len, TRACEBACK_MSG_LEN(num_ips));
return;
}
/* Create a copy of the message */
len = TRACEBACK_MSG_LEN(num_ips);
memcpy(buf, data, len);
/* Update the message type */
buf[TRACEBACK_MAGIC_SZ] = TRACEBACK_MSGTYPE_PATH;
/* Now append our address */
++num_ips;
buf[TRACEBACK_MAGIC_SZ + 1] = num_ips;
PUT_UINT32(&buf[len], router_addr);
/* Forward traceback message */
router_send_traceback_message(victim_addr,
victim_port,
TRUE, buf,
TRACEBACK_MSG_LEN(num_ips),
num_ips);
return;
}
/* Encodes terminal modes for the terminal referenced by fd in a
portable manner, and appends the modes to a buffer being
constructed. Stores constructed buffers len to buf_len. This call
always succeeds, but if an error happens during encoding, buf will
be empty and buf_len will be 0 */
void ssh_encode_tty_flags(int fd, unsigned char **buf, size_t *buf_len)
/*void tty_make_modes(int fd)*/
{
SshBuffer buffer;
#ifdef USING_TERMIOS
struct termios tio;
#endif
#ifdef USING_SGTTY
struct sgttyb tio;
struct tchars tiotc;
struct ltchars tioltc;
int tiolm;
#ifdef TIOCGSTAT
struct tstatus tiots;
#endif /* TIOCGSTAT */
#endif /* USING_SGTTY */
int baud;
if (!isatty(fd))
{
SSH_TRACE(2, ("Not a tty. (fd = %d)", fd));
*buf = ssh_xstrdup("");
*buf_len = 0;
return;
}
ssh_buffer_init(&buffer);
/* Get the modes. */
#ifdef USING_TERMIOS
if (tcgetattr(fd, &tio) < 0)
{
PUT_CHAR(TTY_OP_END);
ssh_warning("tcgetattr: %.100s", strerror(errno));
goto error;
}
#endif /* USING_TERMIOS */
#ifdef USING_SGTTY
if (ioctl(fd, TIOCGETP, &tio) < 0)
{
PUT_CHAR(TTY_OP_END);
ssh_warning("ioctl(fd, TIOCGETP, ...): %.100s", strerror(errno));
goto error;
}
if (ioctl(fd, TIOCGETC, &tiotc) < 0)
{
PUT_CHAR(TTY_OP_END);
ssh_warning("ioctl(fd, TIOCGETC, ...): %.100s", strerror(errno));
goto error;
}
if (ioctl(fd, TIOCLGET, &tiolm) < 0)
{
PUT_CHAR(TTY_OP_END);
ssh_warning("ioctl(fd, TIOCLGET, ...): %.100s", strerror(errno));
goto error;
}
if (ioctl(fd, TIOCGLTC, &tioltc) < 0)
{
PUT_CHAR(TTY_OP_END);
ssh_warning("ioctl(fd, TIOCGLTC, ...): %.100s", strerror(errno));
goto error;
}
#ifdef TIOCGSTAT
if (ioctl(fd, TIOCGSTAT, &tiots) < 0)
{
PUT_CHAR(TTY_OP_END);
ssh_warning("ioctl(fd, TIOCGSTAT, ...): %.100s", strerror(errno));
goto error;
}
#endif /* TIOCGSTAT */
/* termio's ECHOE is really both LCRTBS and LCRTERA - so wire them
together */
if (tiolm & LCRTBS)
tiolm |= LCRTERA;
#endif /* USING_SGTTY */
/* Store input and output baud rates. */
baud = speed_to_baud(cfgetospeed(&tio));
PUT_CHAR(TTY_OP_OSPEED);
PUT_UINT32(baud);
baud = speed_to_baud(cfgetispeed(&tio));
PUT_CHAR(TTY_OP_ISPEED);
PUT_UINT32(baud);
/* Store values of mode flags. */
#ifdef USING_TERMIOS
#define TTYCHAR(NAME, OP) \
PUT_CHAR(OP); PUT_UINT32(tio.c_cc[NAME]);
#define TTYMODE(NAME, FIELD, OP) \
PUT_CHAR(OP); PUT_UINT32((tio.FIELD & NAME) != 0);
#define SGTTYCHAR(NAME, OP)
#define SGTTYMODE(NAME, FIELD, OP)
#define SGTTYMODEN(NAME, FIELD, OP)
#endif /* USING_TERMIOS */
#ifdef USING_SGTTY
#define TTYCHAR(NAME, OP)
#define TTYMODE(NAME, FIELD, OP)
#define SGTTYCHAR(NAME, OP) \
PUT_CHAR(OP); PUT_UINT32(NAME);
#define SGTTYMODE(NAME, FIELD, OP) \
PUT_CHAR(OP); PUT_UINT32((FIELD & NAME) != 0);
#define SGTTYMODEN(NAME, FIELD, OP) \
PUT_CHAR(OP); PUT_UINT32((FIELD & NAME) == 0);
#endif /* USING_SGTTY */
#include "sshttyflagsi.h"
#undef TTYCHAR
#undef TTYMODE
#undef SGTTYCHAR
#undef SGTTYMODE
#undef SGTTYMODEN
/* Mark end of mode data. */
PUT_CHAR(TTY_OP_END);
*buf_len = ssh_buffer_len(&buffer);
*buf = ssh_xmemdup(ssh_buffer_ptr(&buffer), *buf_len);
ssh_buffer_uninit(&buffer);
SSH_DEBUG_HEXDUMP(5, ("encoded tty-flags buffer"), *buf, *buf_len);
return;
error:
ssh_buffer_uninit(&buffer);
*buf = ssh_xstrdup("");
*buf_len = 0;
}