ssh.h 82 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982
  1. #include <stdio.h>
  2. #include <string.h>
  3. #include "puttymem.h"
  4. #include "tree234.h"
  5. #include "network.h"
  6. #include "misc.h"
  7. struct ssh_channel;
  8. /*
  9. * Buffer management constants. There are several of these for
  10. * various different purposes:
  11. *
  12. * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
  13. * on a local data stream before we throttle the whole SSH
  14. * connection (in SSH-1 only). Throttling the whole connection is
  15. * pretty drastic so we set this high in the hope it won't
  16. * happen very often.
  17. *
  18. * - SSH_MAX_BACKLOG is the amount of backlog that must build up
  19. * on the SSH connection itself before we defensively throttle
  20. * _all_ local data streams. This is pretty drastic too (though
  21. * thankfully unlikely in SSH-2 since the window mechanism should
  22. * ensure that the server never has any need to throttle its end
  23. * of the connection), so we set this high as well.
  24. *
  25. * - OUR_V2_WINSIZE is the default window size we present on SSH-2
  26. * channels.
  27. *
  28. * - OUR_V2_BIGWIN is the window size we advertise for the only
  29. * channel in a simple connection. It must be <= INT_MAX.
  30. *
  31. * - OUR_V2_MAXPKT is the official "maximum packet size" we send
  32. * to the remote side. This actually has nothing to do with the
  33. * size of the _packet_, but is instead a limit on the amount
  34. * of data we're willing to receive in a single SSH2 channel
  35. * data message.
  36. *
  37. * - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
  38. * _packet_ we're prepared to cope with. It must be a multiple
  39. * of the cipher block size, and must be at least 35000.
  40. */
  41. #define SSH1_BUFFER_LIMIT 32768
  42. #define SSH_MAX_BACKLOG 32768
  43. #define OUR_V2_WINSIZE 16384
  44. #define OUR_V2_BIGWIN 0x7fffffff
  45. #define OUR_V2_MAXPKT 0x4000UL
  46. #define OUR_V2_PACKETLIMIT 0x9000UL
  47. typedef struct PacketQueueNode PacketQueueNode;
  48. struct PacketQueueNode {
  49. PacketQueueNode *next, *prev;
  50. size_t formal_size; /* contribution to PacketQueueBase's total_size */
  51. bool on_free_queue; /* is this packet scheduled for freeing? */
  52. };
  53. typedef struct PktIn {
  54. int type;
  55. unsigned long sequence; /* SSH-2 incoming sequence number */
  56. PacketQueueNode qnode; /* for linking this packet on to a queue */
  57. BinarySource_IMPLEMENTATION;
  58. } PktIn;
  59. typedef struct PktOut {
  60. size_t prefix; /* bytes up to and including type field */
  61. size_t length; /* total bytes, including prefix */
  62. int type;
  63. size_t minlen; /* SSH-2: ensure wire length is at least this */
  64. unsigned char *data; /* allocated storage */
  65. size_t maxlen; /* amount of storage allocated for `data' */
  66. /* Extra metadata used in SSH packet logging mode, allowing us to
  67. * log in the packet header line that the packet came from a
  68. * connection-sharing downstream and what if anything unusual was
  69. * done to it. The additional_log_text field is expected to be a
  70. * static string - it will not be freed. */
  71. unsigned downstream_id;
  72. const char *additional_log_text;
  73. PacketQueueNode qnode; /* for linking this packet on to a queue */
  74. BinarySink_IMPLEMENTATION;
  75. } PktOut;
  76. typedef struct PacketQueueBase {
  77. PacketQueueNode end;
  78. size_t total_size; /* sum of all formal_size fields on the queue */
  79. struct IdempotentCallback *ic;
  80. } PacketQueueBase;
  81. typedef struct PktInQueue {
  82. PacketQueueBase pqb;
  83. PktIn *(*after)(PacketQueueBase *, PacketQueueNode *prev, bool pop);
  84. } PktInQueue;
  85. typedef struct PktOutQueue {
  86. PacketQueueBase pqb;
  87. PktOut *(*after)(PacketQueueBase *, PacketQueueNode *prev, bool pop);
  88. } PktOutQueue;
  89. void pq_base_push(PacketQueueBase *pqb, PacketQueueNode *node);
  90. void pq_base_push_front(PacketQueueBase *pqb, PacketQueueNode *node);
  91. void pq_base_concatenate(PacketQueueBase *dest,
  92. PacketQueueBase *q1, PacketQueueBase *q2);
  93. void pq_in_init(PktInQueue *pq);
  94. void pq_out_init(PktOutQueue *pq);
  95. void pq_in_clear(PktInQueue *pq);
  96. void pq_out_clear(PktOutQueue *pq);
  97. #define pq_push(pq, pkt) \
  98. TYPECHECK((pq)->after(&(pq)->pqb, NULL, false) == pkt, \
  99. pq_base_push(&(pq)->pqb, &(pkt)->qnode))
  100. #define pq_push_front(pq, pkt) \
  101. TYPECHECK((pq)->after(&(pq)->pqb, NULL, false) == pkt, \
  102. pq_base_push_front(&(pq)->pqb, &(pkt)->qnode))
  103. #define pq_peek(pq) ((pq)->after(&(pq)->pqb, &(pq)->pqb.end, false))
  104. #define pq_pop(pq) ((pq)->after(&(pq)->pqb, &(pq)->pqb.end, true))
  105. #define pq_concatenate(dst, q1, q2) \
  106. TYPECHECK((q1)->after(&(q1)->pqb, NULL, false) == \
  107. (dst)->after(&(dst)->pqb, NULL, false) && \
  108. (q2)->after(&(q2)->pqb, NULL, false) == \
  109. (dst)->after(&(dst)->pqb, NULL, false), \
  110. pq_base_concatenate(&(dst)->pqb, &(q1)->pqb, &(q2)->pqb))
  111. #define pq_first(pq) pq_peek(pq)
  112. #define pq_next(pq, pkt) ((pq)->after(&(pq)->pqb, &(pkt)->qnode, false))
  113. /*
  114. * Packet type contexts, so that ssh2_pkt_type can correctly decode
  115. * the ambiguous type numbers back into the correct type strings.
  116. */
  117. typedef enum {
  118. SSH2_PKTCTX_NOKEX,
  119. SSH2_PKTCTX_DHGROUP,
  120. SSH2_PKTCTX_DHGEX,
  121. SSH2_PKTCTX_ECDHKEX,
  122. SSH2_PKTCTX_GSSKEX,
  123. SSH2_PKTCTX_RSAKEX
  124. } Pkt_KCtx;
  125. typedef enum {
  126. SSH2_PKTCTX_NOAUTH,
  127. SSH2_PKTCTX_PUBLICKEY,
  128. SSH2_PKTCTX_PASSWORD,
  129. SSH2_PKTCTX_GSSAPI,
  130. SSH2_PKTCTX_KBDINTER
  131. } Pkt_ACtx;
  132. typedef struct PacketLogSettings {
  133. bool omit_passwords, omit_data;
  134. Pkt_KCtx kctx;
  135. Pkt_ACtx actx;
  136. } PacketLogSettings;
  137. #define MAX_BLANKS 4 /* no packet needs more censored sections than this */
  138. int ssh1_censor_packet(
  139. const PacketLogSettings *pls, int type, bool sender_is_client,
  140. ptrlen pkt, logblank_t *blanks);
  141. int ssh2_censor_packet(
  142. const PacketLogSettings *pls, int type, bool sender_is_client,
  143. ptrlen pkt, logblank_t *blanks);
  144. PktOut *ssh_new_packet(void);
  145. void ssh_free_pktout(PktOut *pkt);
  146. Socket *ssh_connection_sharing_init(
  147. const char *host, int port, Conf *conf, LogContext *logctx,
  148. Plug *sshplug, ssh_sharing_state **state);
  149. void ssh_connshare_provide_connlayer(ssh_sharing_state *sharestate,
  150. ConnectionLayer *cl);
  151. bool ssh_share_test_for_upstream(const char *host, int port, Conf *conf);
  152. void share_got_pkt_from_server(ssh_sharing_connstate *ctx, int type,
  153. const void *pkt, int pktlen);
  154. void share_activate(ssh_sharing_state *sharestate,
  155. const char *server_verstring);
  156. void sharestate_free(ssh_sharing_state *state);
  157. int share_ndownstreams(ssh_sharing_state *state);
  158. void ssh_connshare_log(Ssh *ssh, int event, const char *logtext,
  159. const char *ds_err, const char *us_err);
  160. void share_setup_x11_channel(ssh_sharing_connstate *cs, share_channel *chan,
  161. unsigned upstream_id, unsigned server_id,
  162. unsigned server_currwin, unsigned server_maxpkt,
  163. unsigned client_adjusted_window,
  164. const char *peer_addr, int peer_port, int endian,
  165. int protomajor, int protominor,
  166. const void *initial_data, int initial_len);
  167. /* Per-application overrides for what roles we can take in connection
  168. * sharing, regardless of user configuration (e.g. pscp will never be
  169. * an upstream) */
  170. extern const bool share_can_be_downstream;
  171. extern const bool share_can_be_upstream;
  172. struct X11Display;
  173. struct X11FakeAuth;
  174. /* Structure definition centralised here because the SSH-1 and SSH-2
  175. * connection layers both use it. But the client module (portfwd.c)
  176. * should not try to look inside here. */
  177. struct ssh_rportfwd {
  178. unsigned sport, dport;
  179. char *shost, *dhost;
  180. int addressfamily;
  181. char *log_description; /* name of remote listening port, for logging */
  182. ssh_sharing_connstate *share_ctx;
  183. PortFwdRecord *pfr;
  184. };
  185. void free_rportfwd(struct ssh_rportfwd *rpf);
  186. typedef struct ConnectionLayerVtable ConnectionLayerVtable;
  187. struct ConnectionLayerVtable {
  188. /* Allocate and free remote-to-local port forwardings, called by
  189. * PortFwdManager or by connection sharing */
  190. struct ssh_rportfwd *(*rportfwd_alloc)(
  191. ConnectionLayer *cl,
  192. const char *shost, int sport, const char *dhost, int dport,
  193. int addressfamily, const char *log_description, PortFwdRecord *pfr,
  194. ssh_sharing_connstate *share_ctx);
  195. void (*rportfwd_remove)(ConnectionLayer *cl, struct ssh_rportfwd *rpf);
  196. /* Open a local-to-remote port forwarding channel, called by
  197. * PortFwdManager */
  198. SshChannel *(*lportfwd_open)(
  199. ConnectionLayer *cl, const char *hostname, int port,
  200. const char *description, const SocketEndpointInfo *peerinfo,
  201. Channel *chan);
  202. /* Initiate opening of a 'session'-type channel */
  203. SshChannel *(*session_open)(ConnectionLayer *cl, Channel *chan);
  204. /* Open outgoing channels for X and agent forwarding. (Used in the
  205. * SSH server.) */
  206. SshChannel *(*serverside_x11_open)(ConnectionLayer *cl, Channel *chan,
  207. const SocketEndpointInfo *pi);
  208. SshChannel *(*serverside_agent_open)(ConnectionLayer *cl, Channel *chan);
  209. /* Add an X11 display for ordinary X forwarding */
  210. struct X11FakeAuth *(*add_x11_display)(
  211. ConnectionLayer *cl, int authtype, struct X11Display *x11disp);
  212. /* Add and remove X11 displays for connection sharing downstreams */
  213. struct X11FakeAuth *(*add_sharing_x11_display)(
  214. ConnectionLayer *cl, int authtype, ssh_sharing_connstate *share_cs,
  215. share_channel *share_chan);
  216. void (*remove_sharing_x11_display)(
  217. ConnectionLayer *cl, struct X11FakeAuth *auth);
  218. /* Pass through an outgoing SSH packet from a downstream */
  219. void (*send_packet_from_downstream)(
  220. ConnectionLayer *cl, unsigned id, int type,
  221. const void *pkt, int pktlen, const char *additional_log_text);
  222. /* Allocate/free an upstream channel number associated with a
  223. * sharing downstream */
  224. unsigned (*alloc_sharing_channel)(ConnectionLayer *cl,
  225. ssh_sharing_connstate *connstate);
  226. void (*delete_sharing_channel)(ConnectionLayer *cl, unsigned localid);
  227. /* Indicate that a downstream has sent a global request with the
  228. * want-reply flag, so that when a reply arrives it will be passed
  229. * back to that downstrean */
  230. void (*sharing_queue_global_request)(
  231. ConnectionLayer *cl, ssh_sharing_connstate *connstate);
  232. /* Indicate that the last downstream has disconnected */
  233. void (*sharing_no_more_downstreams)(ConnectionLayer *cl);
  234. /* Query whether the connection layer is doing agent forwarding */
  235. bool (*agent_forwarding_permitted)(ConnectionLayer *cl);
  236. /* Set the size of the main terminal window (if any) */
  237. void (*terminal_size)(ConnectionLayer *cl, int width, int height);
  238. /* Indicate that the backlog on standard output has cleared */
  239. void (*stdout_unthrottle)(ConnectionLayer *cl, size_t bufsize);
  240. /* Query the size of the backlog on standard _input_ */
  241. size_t (*stdin_backlog)(ConnectionLayer *cl);
  242. /* Tell the connection layer that the SSH connection itself has
  243. * backed up, so it should tell all currently open channels to
  244. * cease reading from their local input sources if they can. (Or
  245. * tell it that that state of affairs has gone away again.) */
  246. void (*throttle_all_channels)(ConnectionLayer *cl, bool throttled);
  247. /* Ask the connection layer about its current preference for
  248. * line-discipline options. */
  249. bool (*ldisc_option)(ConnectionLayer *cl, int option);
  250. /* Communicate _to_ the connection layer (from the main session
  251. * channel) what its preference for line-discipline options is. */
  252. void (*set_ldisc_option)(ConnectionLayer *cl, int option, bool value);
  253. /* Communicate to the connection layer whether X forwarding was
  254. * successfully enabled (for purposes of knowing whether to accept
  255. * subsequent channel-opens). */
  256. void (*enable_x_fwd)(ConnectionLayer *cl);
  257. /* Communicate / query whether the main session channel currently
  258. * wants user input. The set function is called by mainchan; the
  259. * query function is called by the top-level ssh.c. */
  260. void (*set_wants_user_input)(ConnectionLayer *cl, bool wanted);
  261. bool (*get_wants_user_input)(ConnectionLayer *cl);
  262. /* Notify the connection layer that more data has been added to
  263. * the user input queue. */
  264. void (*got_user_input)(ConnectionLayer *cl);
  265. };
  266. struct ConnectionLayer {
  267. LogContext *logctx;
  268. const struct ConnectionLayerVtable *vt;
  269. };
  270. static inline struct ssh_rportfwd *ssh_rportfwd_alloc(
  271. ConnectionLayer *cl, const char *sh, int sp, const char *dh, int dp,
  272. int af, const char *log, PortFwdRecord *pfr, ssh_sharing_connstate *cs)
  273. { return cl->vt->rportfwd_alloc(cl, sh, sp, dh, dp, af, log, pfr, cs); }
  274. static inline void ssh_rportfwd_remove(
  275. ConnectionLayer *cl, struct ssh_rportfwd *rpf)
  276. { cl->vt->rportfwd_remove(cl, rpf); }
  277. static inline SshChannel *ssh_lportfwd_open(
  278. ConnectionLayer *cl, const char *host, int port,
  279. const char *desc, const SocketEndpointInfo *pi, Channel *chan)
  280. { return cl->vt->lportfwd_open(cl, host, port, desc, pi, chan); }
  281. static inline SshChannel *ssh_session_open(ConnectionLayer *cl, Channel *chan)
  282. { return cl->vt->session_open(cl, chan); }
  283. static inline SshChannel *ssh_serverside_x11_open(
  284. ConnectionLayer *cl, Channel *chan, const SocketEndpointInfo *pi)
  285. { return cl->vt->serverside_x11_open(cl, chan, pi); }
  286. static inline SshChannel *ssh_serverside_agent_open(
  287. ConnectionLayer *cl, Channel *chan)
  288. { return cl->vt->serverside_agent_open(cl, chan); }
  289. static inline struct X11FakeAuth *ssh_add_x11_display(
  290. ConnectionLayer *cl, int authtype, struct X11Display *x11disp)
  291. { return cl->vt->add_x11_display(cl, authtype, x11disp); }
  292. static inline struct X11FakeAuth *ssh_add_sharing_x11_display(
  293. ConnectionLayer *cl, int authtype, ssh_sharing_connstate *share_cs,
  294. share_channel *share_chan)
  295. { return cl->vt->add_sharing_x11_display(cl, authtype, share_cs, share_chan); }
  296. static inline void ssh_remove_sharing_x11_display(
  297. ConnectionLayer *cl, struct X11FakeAuth *auth)
  298. { cl->vt->remove_sharing_x11_display(cl, auth); }
  299. static inline void ssh_send_packet_from_downstream(
  300. ConnectionLayer *cl, unsigned id, int type,
  301. const void *pkt, int len, const char *log)
  302. { cl->vt->send_packet_from_downstream(cl, id, type, pkt, len, log); }
  303. static inline unsigned ssh_alloc_sharing_channel(
  304. ConnectionLayer *cl, ssh_sharing_connstate *connstate)
  305. { return cl->vt->alloc_sharing_channel(cl, connstate); }
  306. static inline void ssh_delete_sharing_channel(
  307. ConnectionLayer *cl, unsigned localid)
  308. { cl->vt->delete_sharing_channel(cl, localid); }
  309. static inline void ssh_sharing_queue_global_request(
  310. ConnectionLayer *cl, ssh_sharing_connstate *connstate)
  311. { cl->vt->sharing_queue_global_request(cl, connstate); }
  312. static inline void ssh_sharing_no_more_downstreams(ConnectionLayer *cl)
  313. { cl->vt->sharing_no_more_downstreams(cl); }
  314. static inline bool ssh_agent_forwarding_permitted(ConnectionLayer *cl)
  315. { return cl->vt->agent_forwarding_permitted(cl); }
  316. static inline void ssh_terminal_size(ConnectionLayer *cl, int w, int h)
  317. { cl->vt->terminal_size(cl, w, h); }
  318. static inline void ssh_stdout_unthrottle(ConnectionLayer *cl, size_t bufsize)
  319. { cl->vt->stdout_unthrottle(cl, bufsize); }
  320. static inline size_t ssh_stdin_backlog(ConnectionLayer *cl)
  321. { return cl->vt->stdin_backlog(cl); }
  322. static inline void ssh_throttle_all_channels(ConnectionLayer *cl, bool thr)
  323. { cl->vt->throttle_all_channels(cl, thr); }
  324. static inline bool ssh_ldisc_option(ConnectionLayer *cl, int option)
  325. { return cl->vt->ldisc_option(cl, option); }
  326. static inline void ssh_set_ldisc_option(ConnectionLayer *cl, int opt, bool val)
  327. { cl->vt->set_ldisc_option(cl, opt, val); }
  328. static inline void ssh_enable_x_fwd(ConnectionLayer *cl)
  329. { cl->vt->enable_x_fwd(cl); }
  330. static inline void ssh_set_wants_user_input(ConnectionLayer *cl, bool wanted)
  331. { cl->vt->set_wants_user_input(cl, wanted); }
  332. static inline bool ssh_get_wants_user_input(ConnectionLayer *cl)
  333. { return cl->vt->get_wants_user_input(cl); }
  334. static inline void ssh_got_user_input(ConnectionLayer *cl)
  335. { cl->vt->got_user_input(cl); }
  336. /* Exports from portfwd.c */
  337. PortFwdManager *portfwdmgr_new(ConnectionLayer *cl);
  338. void portfwdmgr_free(PortFwdManager *mgr);
  339. void portfwdmgr_config(PortFwdManager *mgr, Conf *conf);
  340. void portfwdmgr_close(PortFwdManager *mgr, PortFwdRecord *pfr);
  341. void portfwdmgr_close_all(PortFwdManager *mgr);
  342. char *portfwdmgr_connect(PortFwdManager *mgr, Channel **chan_ret,
  343. char *hostname, int port, SshChannel *c,
  344. int addressfamily);
  345. bool portfwdmgr_listen(PortFwdManager *mgr, const char *host, int port,
  346. const char *keyhost, int keyport, Conf *conf);
  347. bool portfwdmgr_unlisten(PortFwdManager *mgr, const char *host, int port);
  348. Channel *portfwd_raw_new(ConnectionLayer *cl, Plug **plug, bool start_ready);
  349. void portfwd_raw_free(Channel *pfchan);
  350. void portfwd_raw_setup(Channel *pfchan, Socket *s, SshChannel *sc);
  351. Socket *platform_make_agent_socket(Plug *plug, const char *dirprefix,
  352. char **error, char **name);
  353. LogContext *ssh_get_logctx(Ssh *ssh);
  354. /* Communications back to ssh.c from connection layers */
  355. void ssh_throttle_conn(Ssh *ssh, int adjust);
  356. void ssh_got_exitcode(Ssh *ssh, int status);
  357. void ssh_ldisc_update(Ssh *ssh);
  358. void ssh_check_sendok(Ssh *ssh);
  359. void ssh_got_fallback_cmd(Ssh *ssh);
  360. bool ssh_is_bare(Ssh *ssh);
  361. /* Communications back to ssh.c from the BPP */
  362. void ssh_conn_processed_data(Ssh *ssh);
  363. void ssh_sendbuffer_changed(Ssh *ssh);
  364. void ssh_check_frozen(Ssh *ssh);
  365. /* Functions to abort the connection, for various reasons. */
  366. void ssh_remote_error(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
  367. void ssh_remote_eof(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
  368. void ssh_proto_error(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
  369. void ssh_sw_abort(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
  370. void ssh_sw_abort_deferred(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
  371. void ssh_user_close(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
  372. void ssh_spr_close(Ssh *ssh, SeatPromptResult spr, const char *context);
  373. /* Bit positions in the SSH-1 cipher protocol word */
  374. #define SSH1_CIPHER_IDEA 1
  375. #define SSH1_CIPHER_DES 2
  376. #define SSH1_CIPHER_3DES 3
  377. #define SSH1_CIPHER_BLOWFISH 6
  378. /* The subset of those that we support, with names for selecting them
  379. * on Uppity's command line */
  380. #define SSH1_SUPPORTED_CIPHER_LIST(X) \
  381. X(SSH1_CIPHER_3DES, "3des") \
  382. X(SSH1_CIPHER_BLOWFISH, "blowfish") \
  383. X(SSH1_CIPHER_DES, "des") \
  384. /* end of list */
  385. #define SSH1_CIPHER_LIST_MAKE_MASK(bitpos, name) | (1U << bitpos)
  386. #define SSH1_SUPPORTED_CIPHER_MASK \
  387. (0 SSH1_SUPPORTED_CIPHER_LIST(SSH1_CIPHER_LIST_MAKE_MASK))
  388. struct ssh_key {
  389. const ssh_keyalg *vt;
  390. };
  391. struct RSAKey {
  392. int bits;
  393. int bytes;
  394. mp_int *modulus;
  395. mp_int *exponent;
  396. mp_int *private_exponent;
  397. mp_int *p;
  398. mp_int *q;
  399. mp_int *iqmp;
  400. char *comment;
  401. ssh_key sshk;
  402. };
  403. struct dsa_key {
  404. mp_int *p, *q, *g, *y, *x;
  405. ssh_key sshk;
  406. };
  407. struct ec_curve;
  408. /* Weierstrass form curve */
  409. struct ec_wcurve
  410. {
  411. WeierstrassCurve *wc;
  412. WeierstrassPoint *G;
  413. mp_int *G_order;
  414. };
  415. /* Montgomery form curve */
  416. struct ec_mcurve
  417. {
  418. MontgomeryCurve *mc;
  419. MontgomeryPoint *G;
  420. unsigned log2_cofactor;
  421. };
  422. /* Edwards form curve */
  423. struct ec_ecurve
  424. {
  425. EdwardsCurve *ec;
  426. EdwardsPoint *G;
  427. mp_int *G_order;
  428. unsigned log2_cofactor;
  429. };
  430. typedef enum EllipticCurveType {
  431. EC_WEIERSTRASS, EC_MONTGOMERY, EC_EDWARDS
  432. } EllipticCurveType;
  433. struct ec_curve {
  434. EllipticCurveType type;
  435. /* 'name' is the identifier of the curve when it has to appear in
  436. * wire protocol encodings, as it does in e.g. the public key and
  437. * signature formats for NIST curves. Curves which do not format
  438. * their keys or signatures in this way just have name==NULL.
  439. *
  440. * 'textname' is non-NULL for all curves, and is a human-readable
  441. * identification suitable for putting in log messages. */
  442. const char *name, *textname;
  443. size_t fieldBits, fieldBytes;
  444. mp_int *p;
  445. union {
  446. struct ec_wcurve w;
  447. struct ec_mcurve m;
  448. struct ec_ecurve e;
  449. };
  450. };
  451. const ssh_keyalg *ec_alg_by_oid(int len, const void *oid,
  452. const struct ec_curve **curve);
  453. const unsigned char *ec_alg_oid(const ssh_keyalg *alg, int *oidlen);
  454. extern const int ec_nist_curve_lengths[], n_ec_nist_curve_lengths;
  455. extern const int ec_ed_curve_lengths[], n_ec_ed_curve_lengths;
  456. bool ec_nist_alg_and_curve_by_bits(int bits,
  457. const struct ec_curve **curve,
  458. const ssh_keyalg **alg);
  459. bool ec_ed_alg_and_curve_by_bits(int bits,
  460. const struct ec_curve **curve,
  461. const ssh_keyalg **alg);
  462. struct ecdsa_key {
  463. const struct ec_curve *curve;
  464. WeierstrassPoint *publicKey;
  465. mp_int *privateKey;
  466. ssh_key sshk;
  467. };
  468. struct eddsa_key {
  469. const struct ec_curve *curve;
  470. EdwardsPoint *publicKey;
  471. mp_int *privateKey;
  472. ssh_key sshk;
  473. };
  474. WeierstrassPoint *ecdsa_public(mp_int *private_key, const ssh_keyalg *alg);
  475. EdwardsPoint *eddsa_public(mp_int *private_key, const ssh_keyalg *alg);
  476. typedef enum KeyComponentType {
  477. KCT_TEXT, KCT_BINARY, KCT_MPINT
  478. } KeyComponentType;
  479. typedef struct key_component {
  480. char *name;
  481. KeyComponentType type;
  482. union {
  483. strbuf *str; /* used for KCT_TEXT and KCT_BINARY */
  484. mp_int *mp; /* used for KCT_MPINT */
  485. };
  486. } key_component;
  487. typedef struct key_components {
  488. size_t ncomponents, componentsize;
  489. key_component *components;
  490. } key_components;
  491. key_components *key_components_new(void);
  492. void key_components_add_text(key_components *kc,
  493. const char *name, const char *value);
  494. void key_components_add_text_pl(key_components *kc,
  495. const char *name, ptrlen value);
  496. void key_components_add_binary(key_components *kc,
  497. const char *name, ptrlen value);
  498. void key_components_add_mp(key_components *kc,
  499. const char *name, mp_int *value);
  500. void key_components_add_uint(key_components *kc,
  501. const char *name, uintmax_t value);
  502. void key_components_add_copy(key_components *kc,
  503. const char *name, const key_component *value);
  504. void key_components_free(key_components *kc);
  505. /*
  506. * SSH-1 never quite decided which order to store the two components
  507. * of an RSA key. During connection setup, the server sends its host
  508. * and server keys with the exponent first; private key files store
  509. * the modulus first. The agent protocol is even more confusing,
  510. * because the client specifies a key to the server in one order and
  511. * the server lists the keys it knows about in the other order!
  512. */
  513. typedef enum { RSA_SSH1_EXPONENT_FIRST, RSA_SSH1_MODULUS_FIRST } RsaSsh1Order;
  514. void BinarySource_get_rsa_ssh1_pub(
  515. BinarySource *src, RSAKey *result, RsaSsh1Order order);
  516. void BinarySource_get_rsa_ssh1_priv(
  517. BinarySource *src, RSAKey *rsa);
  518. RSAKey *BinarySource_get_rsa_ssh1_priv_agent(BinarySource *src);
  519. bool rsa_ssh1_encrypt(unsigned char *data, int length, RSAKey *key);
  520. mp_int *rsa_ssh1_decrypt(mp_int *input, RSAKey *key);
  521. bool rsa_ssh1_decrypt_pkcs1(mp_int *input, RSAKey *key, strbuf *outbuf);
  522. char *rsastr_fmt(RSAKey *key);
  523. char *rsa_ssh1_fingerprint(RSAKey *key);
  524. char **rsa_ssh1_fake_all_fingerprints(RSAKey *key);
  525. bool rsa_verify(RSAKey *key);
  526. void rsa_ssh1_public_blob(BinarySink *bs, RSAKey *key, RsaSsh1Order order);
  527. int rsa_ssh1_public_blob_len(ptrlen data);
  528. void rsa_ssh1_private_blob_agent(BinarySink *bs, RSAKey *key);
  529. void duprsakey(RSAKey *dst, const RSAKey *src);
  530. void freersapriv(RSAKey *key);
  531. void freersakey(RSAKey *key);
  532. key_components *rsa_components(RSAKey *key);
  533. uint32_t crc32_rfc1662(ptrlen data);
  534. uint32_t crc32_ssh1(ptrlen data);
  535. uint32_t crc32_update(uint32_t crc_input, ptrlen data);
  536. /* SSH CRC compensation attack detector */
  537. struct crcda_ctx;
  538. struct crcda_ctx *crcda_make_context(void);
  539. void crcda_free_context(struct crcda_ctx *ctx);
  540. bool detect_attack(struct crcda_ctx *ctx,
  541. const unsigned char *buf, uint32_t len,
  542. const unsigned char *IV);
  543. /*
  544. * SSH2 RSA key exchange functions
  545. */
  546. struct ssh_rsa_kex_extra {
  547. int minklen;
  548. };
  549. RSAKey *ssh_rsakex_newkey(ptrlen data);
  550. void ssh_rsakex_freekey(RSAKey *key);
  551. int ssh_rsakex_klen(RSAKey *key);
  552. strbuf *ssh_rsakex_encrypt(
  553. RSAKey *key, const ssh_hashalg *h, ptrlen plaintext);
  554. mp_int *ssh_rsakex_decrypt(
  555. RSAKey *key, const ssh_hashalg *h, ptrlen ciphertext);
  556. /*
  557. * System for generating k in DSA and ECDSA.
  558. */
  559. struct RFC6979Result {
  560. mp_int *k;
  561. unsigned ok;
  562. };
  563. RFC6979 *rfc6979_new(const ssh_hashalg *hashalg, mp_int *q, mp_int *x);
  564. void rfc6979_setup(RFC6979 *s, ptrlen message);
  565. RFC6979Result rfc6979_attempt(RFC6979 *s);
  566. void rfc6979_free(RFC6979 *s);
  567. mp_int *rfc6979(const ssh_hashalg *hashalg, mp_int *modulus,
  568. mp_int *private_key, ptrlen message);
  569. struct ssh_cipher {
  570. const ssh_cipheralg *vt;
  571. };
  572. struct ssh_cipheralg {
  573. ssh_cipher *(*new)(const ssh_cipheralg *alg);
  574. void (*free)(ssh_cipher *);
  575. void (*setiv)(ssh_cipher *, const void *iv);
  576. void (*setkey)(ssh_cipher *, const void *key);
  577. void (*encrypt)(ssh_cipher *, void *blk, int len);
  578. void (*decrypt)(ssh_cipher *, void *blk, int len);
  579. /* Ignored unless SSH_CIPHER_SEPARATE_LENGTH flag set */
  580. void (*encrypt_length)(ssh_cipher *, void *blk, int len,
  581. unsigned long seq);
  582. void (*decrypt_length)(ssh_cipher *, void *blk, int len,
  583. unsigned long seq);
  584. /* For ciphers that update their state per logical message
  585. * (typically, per unit independently MACed) */
  586. void (*next_message)(ssh_cipher *);
  587. const char *ssh2_id;
  588. int blksize;
  589. /* real_keybits is the number of bits of entropy genuinely used by
  590. * the cipher scheme; it's used for deciding how big a
  591. * Diffie-Hellman group is needed to exchange a key for the
  592. * cipher. */
  593. int real_keybits;
  594. /* padded_keybytes is the number of bytes of key data expected as
  595. * input to the setkey function; it's used for deciding how much
  596. * data needs to be generated from the post-kex generation of key
  597. * material. In a sensible cipher which uses all its key bytes for
  598. * real work, this will just be real_keybits/8, but in DES-type
  599. * ciphers which ignore one bit in each byte, it'll be slightly
  600. * different. */
  601. int padded_keybytes;
  602. unsigned int flags;
  603. #define SSH_CIPHER_IS_CBC 1
  604. #define SSH_CIPHER_SEPARATE_LENGTH 2
  605. const char *text_name;
  606. /* If set, this takes priority over other MAC. */
  607. const ssh2_macalg *required_mac;
  608. /* Pointer to any extra data used by a particular implementation. */
  609. const void *extra;
  610. };
  611. static inline ssh_cipher *ssh_cipher_new(const ssh_cipheralg *alg)
  612. { return alg->new(alg); }
  613. static inline void ssh_cipher_free(ssh_cipher *c)
  614. { c->vt->free(c); }
  615. static inline void ssh_cipher_setiv(ssh_cipher *c, const void *iv)
  616. { c->vt->setiv(c, iv); }
  617. static inline void ssh_cipher_setkey(ssh_cipher *c, const void *key)
  618. { c->vt->setkey(c, key); }
  619. static inline void ssh_cipher_encrypt(ssh_cipher *c, void *blk, int len)
  620. { c->vt->encrypt(c, blk, len); }
  621. static inline void ssh_cipher_decrypt(ssh_cipher *c, void *blk, int len)
  622. { c->vt->decrypt(c, blk, len); }
  623. static inline void ssh_cipher_encrypt_length(
  624. ssh_cipher *c, void *blk, int len, unsigned long seq)
  625. { c->vt->encrypt_length(c, blk, len, seq); }
  626. static inline void ssh_cipher_decrypt_length(
  627. ssh_cipher *c, void *blk, int len, unsigned long seq)
  628. { c->vt->decrypt_length(c, blk, len, seq); }
  629. static inline void ssh_cipher_next_message(ssh_cipher *c)
  630. { c->vt->next_message(c); }
  631. static inline const struct ssh_cipheralg *ssh_cipher_alg(ssh_cipher *c)
  632. { return c->vt; }
  633. void nullcipher_next_message(ssh_cipher *);
  634. struct ssh2_ciphers {
  635. int nciphers;
  636. const ssh_cipheralg *const *list;
  637. };
  638. struct ssh2_mac {
  639. const ssh2_macalg *vt;
  640. BinarySink_DELEGATE_IMPLEMENTATION;
  641. };
  642. struct ssh2_macalg {
  643. /* Passes in the cipher context */
  644. ssh2_mac *(*new)(const ssh2_macalg *alg, ssh_cipher *cipher);
  645. void (*free)(ssh2_mac *);
  646. void (*setkey)(ssh2_mac *, ptrlen key);
  647. void (*start)(ssh2_mac *);
  648. void (*genresult)(ssh2_mac *, unsigned char *);
  649. void (*next_message)(ssh2_mac *);
  650. const char *(*text_name)(ssh2_mac *);
  651. const char *name, *etm_name;
  652. int len, keylen;
  653. /* Pointer to any extra data used by a particular implementation. */
  654. const void *extra;
  655. };
  656. static inline ssh2_mac *ssh2_mac_new(
  657. const ssh2_macalg *alg, ssh_cipher *cipher)
  658. { return alg->new(alg, cipher); }
  659. static inline void ssh2_mac_free(ssh2_mac *m)
  660. { m->vt->free(m); }
  661. static inline void ssh2_mac_setkey(ssh2_mac *m, ptrlen key)
  662. { m->vt->setkey(m, key); }
  663. static inline void ssh2_mac_start(ssh2_mac *m)
  664. { m->vt->start(m); }
  665. static inline void ssh2_mac_genresult(ssh2_mac *m, unsigned char *out)
  666. { m->vt->genresult(m, out); }
  667. static inline void ssh2_mac_next_message(ssh2_mac *m)
  668. { m->vt->next_message(m); }
  669. static inline const char *ssh2_mac_text_name(ssh2_mac *m)
  670. { return m->vt->text_name(m); }
  671. static inline const ssh2_macalg *ssh2_mac_alg(ssh2_mac *m)
  672. { return m->vt; }
  673. /* Centralised 'methods' for ssh2_mac, defined in mac.c. These run
  674. * the MAC in a specifically SSH-2 style, i.e. taking account of a
  675. * packet sequence number as well as the data to be authenticated. */
  676. bool ssh2_mac_verresult(ssh2_mac *, const void *);
  677. void ssh2_mac_generate(ssh2_mac *, void *, int, unsigned long seq);
  678. bool ssh2_mac_verify(ssh2_mac *, const void *, int, unsigned long seq);
  679. void nullmac_next_message(ssh2_mac *m);
  680. /* Use a MAC in its raw form, outside SSH-2 context, to MAC a given
  681. * string with a given key in the most obvious way. */
  682. void mac_simple(const ssh2_macalg *alg, ptrlen key, ptrlen data, void *output);
  683. /* Constructor that makes an HMAC object given just a MAC. This object
  684. * will have empty 'name' and 'etm_name' fields, so it's not suitable
  685. * for use in SSH. It's used as a subroutine in RFC 6979. */
  686. ssh2_mac *hmac_new_from_hash(const ssh_hashalg *hash);
  687. struct ssh_hash {
  688. const ssh_hashalg *vt;
  689. BinarySink_DELEGATE_IMPLEMENTATION;
  690. };
  691. struct ssh_hashalg {
  692. ssh_hash *(*new)(const ssh_hashalg *alg);
  693. void (*reset)(ssh_hash *);
  694. void (*copyfrom)(ssh_hash *dest, ssh_hash *src);
  695. void (*digest)(ssh_hash *, unsigned char *);
  696. void (*free)(ssh_hash *);
  697. size_t hlen; /* output length in bytes */
  698. size_t blocklen; /* length of the hash's input block, or 0 for N/A */
  699. const char *text_basename; /* the semantic name of the hash */
  700. const char *annotation; /* extra info, e.g. which of multiple impls */
  701. const char *text_name; /* both combined, e.g. "SHA-n (unaccelerated)" */
  702. const void *extra; /* private to the hash implementation */
  703. };
  704. static inline ssh_hash *ssh_hash_new(const ssh_hashalg *alg)
  705. { ssh_hash *h = alg->new(alg); if (h) h->vt->reset(h); return h; }
  706. static inline ssh_hash *ssh_hash_copy(ssh_hash *orig)
  707. { ssh_hash *h = orig->vt->new(orig->vt); h->vt->copyfrom(h, orig); return h; }
  708. static inline void ssh_hash_digest(ssh_hash *h, unsigned char *out)
  709. { h->vt->digest(h, out); }
  710. static inline void ssh_hash_free(ssh_hash *h)
  711. { h->vt->free(h); }
  712. static inline const ssh_hashalg *ssh_hash_alg(ssh_hash *h)
  713. { return h->vt; }
  714. /* The reset and copyfrom vtable methods return void. But for call-site
  715. * convenience, these wrappers return their input pointer. */
  716. static inline ssh_hash *ssh_hash_reset(ssh_hash *h)
  717. { h->vt->reset(h); return h; }
  718. static inline ssh_hash *ssh_hash_copyfrom(ssh_hash *dest, ssh_hash *src)
  719. { dest->vt->copyfrom(dest, src); return dest; }
  720. /* ssh_hash_final emits the digest _and_ frees the ssh_hash */
  721. static inline void ssh_hash_final(ssh_hash *h, unsigned char *out)
  722. { h->vt->digest(h, out); h->vt->free(h); }
  723. /* ssh_hash_digest_nondestructive generates a finalised hash from the
  724. * given object without changing its state, so you can continue
  725. * appending data to get a hash of an extended string. */
  726. static inline void ssh_hash_digest_nondestructive(ssh_hash *h,
  727. unsigned char *out)
  728. { ssh_hash_final(ssh_hash_copy(h), out); }
  729. /* Handy macros for defining all those text-name fields at once */
  730. #define HASHALG_NAMES_BARE(base) \
  731. .text_basename = base, .annotation = NULL, .text_name = base
  732. #define HASHALG_NAMES_ANNOTATED(base, ann) \
  733. .text_basename = base, .annotation = ann, .text_name = base " (" ann ")"
  734. void hash_simple(const ssh_hashalg *alg, ptrlen data, void *output);
  735. struct ssh_kex {
  736. const char *name, *groupname;
  737. enum { KEXTYPE_DH, KEXTYPE_RSA, KEXTYPE_ECDH,
  738. KEXTYPE_GSS, KEXTYPE_GSS_ECDH } main_type;
  739. const ssh_hashalg *hash;
  740. union { /* publicly visible data for each type */
  741. const ecdh_keyalg *ecdh_vt; /* for KEXTYPE_ECDH, KEXTYPE_GSS_ECDH */
  742. };
  743. const void *extra; /* private to the kex methods */
  744. };
  745. static inline bool kex_is_gss(const struct ssh_kex *kex)
  746. {
  747. return kex->main_type == KEXTYPE_GSS || kex->main_type == KEXTYPE_GSS_ECDH;
  748. }
  749. struct ssh_kexes {
  750. int nkexes;
  751. const ssh_kex *const *list;
  752. };
  753. /* Indices of the negotiation strings in the KEXINIT packet */
  754. enum kexlist {
  755. KEXLIST_KEX, KEXLIST_HOSTKEY, KEXLIST_CSCIPHER, KEXLIST_SCCIPHER,
  756. KEXLIST_CSMAC, KEXLIST_SCMAC, KEXLIST_CSCOMP, KEXLIST_SCCOMP,
  757. NKEXLIST
  758. };
  759. struct ssh_keyalg {
  760. /* Constructors that create an ssh_key */
  761. ssh_key *(*new_pub) (const ssh_keyalg *self, ptrlen pub);
  762. ssh_key *(*new_priv) (const ssh_keyalg *self, ptrlen pub, ptrlen priv);
  763. ssh_key *(*new_priv_openssh) (const ssh_keyalg *self, BinarySource *);
  764. /* Methods that operate on an existing ssh_key */
  765. void (*freekey) (ssh_key *key);
  766. char *(*invalid) (ssh_key *key, unsigned flags);
  767. void (*sign) (ssh_key *key, ptrlen data, unsigned flags, BinarySink *);
  768. bool (*verify) (ssh_key *key, ptrlen sig, ptrlen data);
  769. void (*public_blob)(ssh_key *key, BinarySink *);
  770. void (*private_blob)(ssh_key *key, BinarySink *);
  771. void (*openssh_blob) (ssh_key *key, BinarySink *);
  772. bool (*has_private) (ssh_key *key);
  773. char *(*cache_str) (ssh_key *key);
  774. key_components *(*components) (ssh_key *key);
  775. ssh_key *(*base_key) (ssh_key *key); /* does not confer ownership */
  776. /* The following methods can be NULL if !is_certificate */
  777. void (*ca_public_blob)(ssh_key *key, BinarySink *);
  778. bool (*check_cert)(ssh_key *key, bool host, ptrlen principal,
  779. uint64_t time, const ca_options *opts,
  780. BinarySink *error);
  781. void (*cert_id_string)(ssh_key *key, BinarySink *);
  782. SeatDialogText *(*cert_info)(ssh_key *key);
  783. /* 'Class methods' that don't deal with an ssh_key at all */
  784. int (*pubkey_bits) (const ssh_keyalg *self, ptrlen blob);
  785. unsigned (*supported_flags) (const ssh_keyalg *self);
  786. const char *(*alternate_ssh_id) (const ssh_keyalg *self, unsigned flags);
  787. char *(*alg_desc)(const ssh_keyalg *self);
  788. bool (*variable_size)(const ssh_keyalg *self);
  789. /* The following methods can be NULL if !is_certificate */
  790. const ssh_keyalg *(*related_alg)(const ssh_keyalg *self,
  791. const ssh_keyalg *base);
  792. /* Constant data fields giving information about the key type */
  793. const char *ssh_id; /* string identifier in the SSH protocol */
  794. const char *cache_id; /* identifier used in PuTTY's host key cache */
  795. const void *extra; /* private to the public key methods */
  796. bool is_certificate; /* is this a certified key type? */
  797. const ssh_keyalg *base_alg; /* if so, for what underlying key alg? */
  798. };
  799. static inline ssh_key *ssh_key_new_pub(const ssh_keyalg *self, ptrlen pub)
  800. { return self->new_pub(self, pub); }
  801. static inline ssh_key *ssh_key_new_priv(
  802. const ssh_keyalg *self, ptrlen pub, ptrlen priv)
  803. { return self->new_priv(self, pub, priv); }
  804. static inline ssh_key *ssh_key_new_priv_openssh(
  805. const ssh_keyalg *self, BinarySource *src)
  806. { return self->new_priv_openssh(self, src); }
  807. static inline void ssh_key_free(ssh_key *key)
  808. { key->vt->freekey(key); }
  809. static inline char *ssh_key_invalid(ssh_key *key, unsigned flags)
  810. { return key->vt->invalid(key, flags); }
  811. static inline void ssh_key_sign(
  812. ssh_key *key, ptrlen data, unsigned flags, BinarySink *bs)
  813. { key->vt->sign(key, data, flags, bs); }
  814. static inline bool ssh_key_verify(ssh_key *key, ptrlen sig, ptrlen data)
  815. { return key->vt->verify(key, sig, data); }
  816. static inline void ssh_key_public_blob(ssh_key *key, BinarySink *bs)
  817. { key->vt->public_blob(key, bs); }
  818. static inline void ssh_key_private_blob(ssh_key *key, BinarySink *bs)
  819. { key->vt->private_blob(key, bs); }
  820. static inline void ssh_key_openssh_blob(ssh_key *key, BinarySink *bs)
  821. { key->vt->openssh_blob(key, bs); }
  822. static inline bool ssh_key_has_private(ssh_key *key)
  823. { return key->vt->has_private(key); }
  824. static inline char *ssh_key_cache_str(ssh_key *key)
  825. { return key->vt->cache_str(key); }
  826. static inline key_components *ssh_key_components(ssh_key *key)
  827. { return key->vt->components(key); }
  828. static inline ssh_key *ssh_key_base_key(ssh_key *key)
  829. { return key->vt->base_key(key); }
  830. static inline void ssh_key_ca_public_blob(ssh_key *key, BinarySink *bs)
  831. { key->vt->ca_public_blob(key, bs); }
  832. static inline void ssh_key_cert_id_string(ssh_key *key, BinarySink *bs)
  833. { key->vt->cert_id_string(key, bs); }
  834. static inline SeatDialogText *ssh_key_cert_info(ssh_key *key)
  835. { return key->vt->cert_info(key); }
  836. static inline bool ssh_key_check_cert(
  837. ssh_key *key, bool host, ptrlen principal, uint64_t time,
  838. const ca_options *opts, BinarySink *error)
  839. { return key->vt->check_cert(key, host, principal, time, opts, error); }
  840. static inline int ssh_key_public_bits(const ssh_keyalg *self, ptrlen blob)
  841. { return self->pubkey_bits(self, blob); }
  842. static inline const ssh_keyalg *ssh_key_alg(ssh_key *key)
  843. { return key->vt; }
  844. static inline const char *ssh_key_ssh_id(ssh_key *key)
  845. { return key->vt->ssh_id; }
  846. static inline const char *ssh_key_cache_id(ssh_key *key)
  847. { return key->vt->cache_id; }
  848. static inline unsigned ssh_key_supported_flags(ssh_key *key)
  849. { return key->vt->supported_flags(key->vt); }
  850. static inline unsigned ssh_keyalg_supported_flags(const ssh_keyalg *self)
  851. { return self->supported_flags(self); }
  852. static inline const char *ssh_keyalg_alternate_ssh_id(
  853. const ssh_keyalg *self, unsigned flags)
  854. { return self->alternate_ssh_id(self, flags); }
  855. static inline char *ssh_keyalg_desc(const ssh_keyalg *self)
  856. { return self->alg_desc(self); }
  857. static inline bool ssh_keyalg_variable_size(const ssh_keyalg *self)
  858. { return self->variable_size(self); }
  859. static inline const ssh_keyalg *ssh_keyalg_related_alg(
  860. const ssh_keyalg *self, const ssh_keyalg *base)
  861. { return self->related_alg(self, base); }
  862. /* Stub functions shared between multiple key types */
  863. unsigned nullkey_supported_flags(const ssh_keyalg *self);
  864. const char *nullkey_alternate_ssh_id(const ssh_keyalg *self, unsigned flags);
  865. ssh_key *nullkey_base_key(ssh_key *key);
  866. bool nullkey_variable_size_no(const ssh_keyalg *self);
  867. bool nullkey_variable_size_yes(const ssh_keyalg *self);
  868. /* Utility functions implemented centrally */
  869. ssh_key *ssh_key_clone(ssh_key *key);
  870. /*
  871. * SSH2 ECDH key exchange vtable
  872. */
  873. struct ecdh_key {
  874. const ecdh_keyalg *vt;
  875. };
  876. struct ecdh_keyalg {
  877. /* Unusually, the 'new' method here doesn't directly take a vt
  878. * pointer, because it will also need the containing ssh_kex
  879. * structure for top-level parameters, and since that contains a
  880. * vt pointer anyway, we might as well _only_ pass that. */
  881. ecdh_key *(*new)(const ssh_kex *kex, bool is_server);
  882. void (*free)(ecdh_key *key);
  883. void (*getpublic)(ecdh_key *key, BinarySink *bs);
  884. bool (*getkey)(ecdh_key *key, ptrlen remoteKey, BinarySink *bs);
  885. char *(*description)(const ssh_kex *kex);
  886. };
  887. static inline ecdh_key *ecdh_key_new(const ssh_kex *kex, bool is_server)
  888. { return kex->ecdh_vt->new(kex, is_server); }
  889. static inline void ecdh_key_free(ecdh_key *key)
  890. { key->vt->free(key); }
  891. static inline void ecdh_key_getpublic(ecdh_key *key, BinarySink *bs)
  892. { key->vt->getpublic(key, bs); }
  893. static inline bool ecdh_key_getkey(ecdh_key *key, ptrlen remoteKey,
  894. BinarySink *bs)
  895. { return key->vt->getkey(key, remoteKey, bs); }
  896. static inline char *ecdh_keyalg_description(const ssh_kex *kex)
  897. { return kex->ecdh_vt->description(kex); }
  898. /*
  899. * Suffix on GSSAPI SSH protocol identifiers that indicates Kerberos 5
  900. * as the mechanism.
  901. *
  902. * This suffix is the base64-encoded MD5 hash of the byte sequence
  903. * 06 09 2A 86 48 86 F7 12 01 02 02, which in turn is the ASN.1 DER
  904. * encoding of the object ID 1.2.840.113554.1.2.2 which designates
  905. * Kerberos v5.
  906. *
  907. * (The same encoded OID, minus the two-byte DER header, is defined in
  908. * ssh/pgssapi.c as GSS_MECH_KRB5.)
  909. */
  910. #define GSS_KRB5_OID_HASH "toWM5Slw5Ew8Mqkay+al2g=="
  911. /*
  912. * Enumeration of signature flags from draft-miller-ssh-agent-02
  913. */
  914. #define SSH_AGENT_RSA_SHA2_256 2
  915. #define SSH_AGENT_RSA_SHA2_512 4
  916. struct ssh_compressor {
  917. const ssh_compression_alg *vt;
  918. };
  919. struct ssh_decompressor {
  920. const ssh_compression_alg *vt;
  921. };
  922. struct ssh_compression_alg {
  923. const char *name;
  924. /* For zlib@openssh.com: if non-NULL, this name will be considered once
  925. * userauth has completed successfully. */
  926. const char *delayed_name;
  927. ssh_compressor *(*compress_new)(void);
  928. void (*compress_free)(ssh_compressor *);
  929. void (*compress)(ssh_compressor *, const unsigned char *block, int len,
  930. unsigned char **outblock, int *outlen,
  931. int minlen);
  932. ssh_decompressor *(*decompress_new)(void);
  933. void (*decompress_free)(ssh_decompressor *);
  934. bool (*decompress)(ssh_decompressor *, const unsigned char *block, int len,
  935. unsigned char **outblock, int *outlen);
  936. const char *text_name;
  937. };
  938. static inline ssh_compressor *ssh_compressor_new(
  939. const ssh_compression_alg *alg)
  940. { return alg->compress_new(); }
  941. static inline ssh_decompressor *ssh_decompressor_new(
  942. const ssh_compression_alg *alg)
  943. { return alg->decompress_new(); }
  944. static inline void ssh_compressor_free(ssh_compressor *c)
  945. { c->vt->compress_free(c); }
  946. static inline void ssh_decompressor_free(ssh_decompressor *d)
  947. { d->vt->decompress_free(d); }
  948. static inline void ssh_compressor_compress(
  949. ssh_compressor *c, const unsigned char *block, int len,
  950. unsigned char **outblock, int *outlen, int minlen)
  951. { c->vt->compress(c, block, len, outblock, outlen, minlen); }
  952. static inline bool ssh_decompressor_decompress(
  953. ssh_decompressor *d, const unsigned char *block, int len,
  954. unsigned char **outblock, int *outlen)
  955. { return d->vt->decompress(d, block, len, outblock, outlen); }
  956. static inline const ssh_compression_alg *ssh_compressor_alg(
  957. ssh_compressor *c)
  958. { return c->vt; }
  959. static inline const ssh_compression_alg *ssh_decompressor_alg(
  960. ssh_decompressor *d)
  961. { return d->vt; }
  962. struct ssh2_userkey {
  963. ssh_key *key; /* the key itself */
  964. char *comment; /* the key comment */
  965. };
  966. /* Argon2 password hashing function */
  967. typedef enum { Argon2d = 0, Argon2i = 1, Argon2id = 2 } Argon2Flavour;
  968. void argon2(Argon2Flavour, uint32_t mem, uint32_t passes,
  969. uint32_t parallel, uint32_t taglen,
  970. ptrlen P, ptrlen S, ptrlen K, ptrlen X, strbuf *out);
  971. void argon2_choose_passes(
  972. Argon2Flavour, uint32_t mem, uint32_t milliseconds, uint32_t *passes,
  973. uint32_t parallel, uint32_t taglen, ptrlen P, ptrlen S, ptrlen K, ptrlen X,
  974. strbuf *out);
  975. /* The H' hash defined in Argon2, exposed just for testcrypt */
  976. strbuf *argon2_long_hash(unsigned length, ptrlen data);
  977. /* The maximum length of any hash algorithm. (bytes) */
  978. #define MAX_HASH_LEN (114) /* longest is SHAKE256 with 114-byte output */
  979. extern const ssh_cipheralg ssh_3des_ssh1;
  980. extern const ssh_cipheralg ssh_blowfish_ssh1;
  981. extern const ssh_cipheralg ssh_3des_ssh2_ctr;
  982. extern const ssh_cipheralg ssh_3des_ssh2;
  983. extern const ssh_cipheralg ssh_des;
  984. extern const ssh_cipheralg ssh_des_sshcom_ssh2;
  985. extern const ssh_cipheralg ssh_aes256_sdctr;
  986. extern const ssh_cipheralg ssh_aes256_sdctr_ni;
  987. extern const ssh_cipheralg ssh_aes256_sdctr_neon;
  988. extern const ssh_cipheralg ssh_aes256_sdctr_sw;
  989. extern const ssh_cipheralg ssh_aes256_gcm;
  990. extern const ssh_cipheralg ssh_aes256_gcm_ni;
  991. extern const ssh_cipheralg ssh_aes256_gcm_neon;
  992. extern const ssh_cipheralg ssh_aes256_gcm_sw;
  993. extern const ssh_cipheralg ssh_aes256_cbc;
  994. extern const ssh_cipheralg ssh_aes256_cbc_ni;
  995. extern const ssh_cipheralg ssh_aes256_cbc_neon;
  996. extern const ssh_cipheralg ssh_aes256_cbc_sw;
  997. extern const ssh_cipheralg ssh_aes192_sdctr;
  998. extern const ssh_cipheralg ssh_aes192_sdctr_ni;
  999. extern const ssh_cipheralg ssh_aes192_sdctr_neon;
  1000. extern const ssh_cipheralg ssh_aes192_sdctr_sw;
  1001. extern const ssh_cipheralg ssh_aes192_gcm;
  1002. extern const ssh_cipheralg ssh_aes192_gcm_ni;
  1003. extern const ssh_cipheralg ssh_aes192_gcm_neon;
  1004. extern const ssh_cipheralg ssh_aes192_gcm_sw;
  1005. extern const ssh_cipheralg ssh_aes192_cbc;
  1006. extern const ssh_cipheralg ssh_aes192_cbc_ni;
  1007. extern const ssh_cipheralg ssh_aes192_cbc_neon;
  1008. extern const ssh_cipheralg ssh_aes192_cbc_sw;
  1009. extern const ssh_cipheralg ssh_aes128_sdctr;
  1010. extern const ssh_cipheralg ssh_aes128_sdctr_ni;
  1011. extern const ssh_cipheralg ssh_aes128_sdctr_neon;
  1012. extern const ssh_cipheralg ssh_aes128_sdctr_sw;
  1013. extern const ssh_cipheralg ssh_aes128_gcm;
  1014. extern const ssh_cipheralg ssh_aes128_gcm_ni;
  1015. extern const ssh_cipheralg ssh_aes128_gcm_neon;
  1016. extern const ssh_cipheralg ssh_aes128_gcm_sw;
  1017. extern const ssh_cipheralg ssh_aes128_cbc;
  1018. extern const ssh_cipheralg ssh_aes128_cbc_ni;
  1019. extern const ssh_cipheralg ssh_aes128_cbc_neon;
  1020. extern const ssh_cipheralg ssh_aes128_cbc_sw;
  1021. extern const ssh_cipheralg ssh_blowfish_ssh2_ctr;
  1022. extern const ssh_cipheralg ssh_blowfish_ssh2;
  1023. extern const ssh_cipheralg ssh_arcfour256_ssh2;
  1024. extern const ssh_cipheralg ssh_arcfour128_ssh2;
  1025. extern const ssh_cipheralg ssh2_chacha20_poly1305;
  1026. extern const ssh2_ciphers ssh2_3des;
  1027. extern const ssh2_ciphers ssh2_des;
  1028. extern const ssh2_ciphers ssh2_aes;
  1029. extern const ssh2_ciphers ssh2_blowfish;
  1030. extern const ssh2_ciphers ssh2_arcfour;
  1031. extern const ssh2_ciphers ssh2_ccp;
  1032. extern const ssh2_ciphers ssh2_aesgcm;
  1033. extern const ssh_hashalg ssh_md5;
  1034. extern const ssh_hashalg ssh_sha1;
  1035. extern const ssh_hashalg ssh_sha1_ni;
  1036. extern const ssh_hashalg ssh_sha1_neon;
  1037. extern const ssh_hashalg ssh_sha1_sw;
  1038. extern const ssh_hashalg ssh_sha256;
  1039. extern const ssh_hashalg ssh_sha256_ni;
  1040. extern const ssh_hashalg ssh_sha256_neon;
  1041. extern const ssh_hashalg ssh_sha256_sw;
  1042. extern const ssh_hashalg ssh_sha384;
  1043. extern const ssh_hashalg ssh_sha384_neon;
  1044. extern const ssh_hashalg ssh_sha384_sw;
  1045. extern const ssh_hashalg ssh_sha512;
  1046. extern const ssh_hashalg ssh_sha512_neon;
  1047. extern const ssh_hashalg ssh_sha512_sw;
  1048. extern const ssh_hashalg ssh_sha3_224;
  1049. extern const ssh_hashalg ssh_sha3_256;
  1050. extern const ssh_hashalg ssh_sha3_384;
  1051. extern const ssh_hashalg ssh_sha3_512;
  1052. extern const ssh_hashalg ssh_shake256_114bytes;
  1053. extern const ssh_hashalg ssh_blake2b;
  1054. extern const ssh_kexes ssh_diffiehellman_group1;
  1055. extern const ssh_kexes ssh_diffiehellman_group14;
  1056. extern const ssh_kexes ssh_diffiehellman_group15;
  1057. extern const ssh_kexes ssh_diffiehellman_group16;
  1058. extern const ssh_kexes ssh_diffiehellman_group17;
  1059. extern const ssh_kexes ssh_diffiehellman_group18;
  1060. extern const ssh_kexes ssh_diffiehellman_gex;
  1061. extern const ssh_kex ssh_diffiehellman_group1_sha1;
  1062. extern const ssh_kex ssh_diffiehellman_group14_sha256;
  1063. extern const ssh_kex ssh_diffiehellman_group14_sha1;
  1064. extern const ssh_kex ssh_diffiehellman_group15_sha512;
  1065. extern const ssh_kex ssh_diffiehellman_group16_sha512;
  1066. extern const ssh_kex ssh_diffiehellman_group17_sha512;
  1067. extern const ssh_kex ssh_diffiehellman_group18_sha512;
  1068. extern const ssh_kexes ssh_gssk5_sha1_kex;
  1069. extern const ssh_kexes ssh_gssk5_sha2_kex;
  1070. extern const ssh_kexes ssh_gssk5_ecdh_kex;
  1071. extern const ssh_kexes ssh_rsa_kex;
  1072. extern const ssh_kex ssh_ec_kex_curve25519;
  1073. extern const ssh_kex ssh_ec_kex_curve448;
  1074. extern const ssh_kex ssh_ec_kex_nistp256;
  1075. extern const ssh_kex ssh_ec_kex_nistp384;
  1076. extern const ssh_kex ssh_ec_kex_nistp521;
  1077. extern const ssh_kexes ssh_ecdh_kex;
  1078. extern const ssh_kexes ssh_ntru_hybrid_kex;
  1079. extern const ssh_keyalg ssh_dsa;
  1080. extern const ssh_keyalg ssh_rsa;
  1081. extern const ssh_keyalg ssh_rsa_sha256;
  1082. extern const ssh_keyalg ssh_rsa_sha512;
  1083. extern const ssh_keyalg ssh_ecdsa_ed25519;
  1084. extern const ssh_keyalg ssh_ecdsa_ed448;
  1085. extern const ssh_keyalg ssh_ecdsa_nistp256;
  1086. extern const ssh_keyalg ssh_ecdsa_nistp384;
  1087. extern const ssh_keyalg ssh_ecdsa_nistp521;
  1088. extern const ssh_keyalg opensshcert_ssh_dsa;
  1089. extern const ssh_keyalg opensshcert_ssh_rsa;
  1090. extern const ssh_keyalg opensshcert_ssh_rsa_sha256;
  1091. extern const ssh_keyalg opensshcert_ssh_rsa_sha512;
  1092. extern const ssh_keyalg opensshcert_ssh_ecdsa_ed25519;
  1093. extern const ssh_keyalg opensshcert_ssh_ecdsa_nistp256;
  1094. extern const ssh_keyalg opensshcert_ssh_ecdsa_nistp384;
  1095. extern const ssh_keyalg opensshcert_ssh_ecdsa_nistp521;
  1096. extern const ssh2_macalg ssh_hmac_md5;
  1097. extern const ssh2_macalg ssh_hmac_sha1;
  1098. extern const ssh2_macalg ssh_hmac_sha1_buggy;
  1099. extern const ssh2_macalg ssh_hmac_sha1_96;
  1100. extern const ssh2_macalg ssh_hmac_sha1_96_buggy;
  1101. extern const ssh2_macalg ssh_hmac_sha256;
  1102. extern const ssh2_macalg ssh_hmac_sha384;
  1103. extern const ssh2_macalg ssh_hmac_sha512;
  1104. extern const ssh2_macalg ssh2_poly1305;
  1105. extern const ssh2_macalg ssh2_aesgcm_mac;
  1106. extern const ssh2_macalg ssh2_aesgcm_mac_sw;
  1107. extern const ssh2_macalg ssh2_aesgcm_mac_ref_poly;
  1108. extern const ssh2_macalg ssh2_aesgcm_mac_clmul;
  1109. extern const ssh2_macalg ssh2_aesgcm_mac_neon;
  1110. extern const ssh_compression_alg ssh_zlib;
  1111. /* Special constructor: BLAKE2b can be instantiated with any hash
  1112. * length up to 128 bytes */
  1113. ssh_hash *blake2b_new_general(unsigned hashlen);
  1114. /* Special test function for AES-GCM */
  1115. void aesgcm_set_prefix_lengths(ssh2_mac *mac, size_t skip, size_t aad);
  1116. /*
  1117. * On some systems, you have to detect hardware crypto acceleration by
  1118. * asking the local OS API rather than OS-agnostically asking the CPU
  1119. * itself. If so, then this function should be implemented in each
  1120. * platform subdirectory.
  1121. */
  1122. bool platform_aes_neon_available(void);
  1123. bool platform_pmull_neon_available(void);
  1124. bool platform_sha256_neon_available(void);
  1125. bool platform_sha1_neon_available(void);
  1126. bool platform_sha512_neon_available(void);
  1127. /*
  1128. * PuTTY version number formatted as an SSH version string.
  1129. */
  1130. extern const char sshver[];
  1131. /*
  1132. * Gross hack: pscp will try to start SFTP but fall back to scp1 if
  1133. * that fails. This variable is the means by which pscp.c can reach
  1134. * into the SSH code and find out which one it got.
  1135. */
  1136. extern bool ssh_fallback_cmd(Backend *backend);
  1137. /*
  1138. * The PRNG type, defined in prng.c. Visible data fields are
  1139. * 'savesize', which suggests how many random bytes you should request
  1140. * from a particular PRNG instance to write to putty.rnd, and a
  1141. * BinarySink implementation which you can use to write seed data in
  1142. * between calling prng_seed_{begin,finish}.
  1143. */
  1144. struct prng {
  1145. size_t savesize;
  1146. BinarySink_IMPLEMENTATION;
  1147. /* (also there's a surrounding implementation struct in prng.c) */
  1148. };
  1149. prng *prng_new(const ssh_hashalg *hashalg);
  1150. void prng_free(prng *p);
  1151. void prng_seed_begin(prng *p);
  1152. void prng_seed_finish(prng *p);
  1153. void prng_read(prng *p, void *vout, size_t size);
  1154. void prng_add_entropy(prng *p, unsigned source_id, ptrlen data);
  1155. size_t prng_seed_bits(prng *p);
  1156. /* This function must be implemented by the platform, and returns a
  1157. * timer in milliseconds that the PRNG can use to know whether it's
  1158. * been reseeded too recently to do it again.
  1159. *
  1160. * The PRNG system has its own special timing function not because its
  1161. * timing needs are unusual in the real applications, but simply so
  1162. * that testcrypt can mock it to keep the tests deterministic. */
  1163. uint64_t prng_reseed_time_ms(void);
  1164. void random_read(void *out, size_t size);
  1165. /* Exports from x11fwd.c */
  1166. enum {
  1167. X11_TRANS_IPV4 = 0, X11_TRANS_IPV6 = 6, X11_TRANS_UNIX = 256
  1168. };
  1169. struct X11Display {
  1170. /* Broken-down components of the display name itself */
  1171. bool unixdomain;
  1172. char *hostname;
  1173. int displaynum;
  1174. int screennum;
  1175. /* OSX sometimes replaces all the above with a full Unix-socket pathname */
  1176. char *unixsocketpath;
  1177. /* PuTTY networking SockAddr to connect to the display, and associated
  1178. * gubbins */
  1179. SockAddr *addr;
  1180. int port;
  1181. char *realhost;
  1182. /* Our local auth details for talking to the real X display. */
  1183. int localauthproto;
  1184. unsigned char *localauthdata;
  1185. int localauthdatalen;
  1186. };
  1187. struct X11FakeAuth {
  1188. /* Auth details we invented for a virtual display on the SSH server. */
  1189. int proto;
  1190. unsigned char *data;
  1191. int datalen;
  1192. char *protoname;
  1193. char *datastring;
  1194. /* The encrypted form of the first block, in XDM-AUTHORIZATION-1.
  1195. * Used as part of the key when these structures are organised
  1196. * into a tree. See x11_invent_fake_auth for explanation. */
  1197. unsigned char *xa1_firstblock;
  1198. /*
  1199. * Used inside x11fwd.c to remember recently seen
  1200. * XDM-AUTHORIZATION-1 strings, to avoid replay attacks.
  1201. */
  1202. tree234 *xdmseen;
  1203. /*
  1204. * What to do with an X connection matching this auth data.
  1205. */
  1206. struct X11Display *disp;
  1207. ssh_sharing_connstate *share_cs;
  1208. share_channel *share_chan;
  1209. };
  1210. int x11_authcmp(void *av, void *bv); /* for putting X11FakeAuth in a tree234 */
  1211. /*
  1212. * x11_setup_display() parses the display variable and fills in an
  1213. * X11Display structure. Some remote auth details are invented;
  1214. * the supplied authtype parameter configures the preferred
  1215. * authorisation protocol to use at the remote end. The local auth
  1216. * details are looked up by calling platform_get_x11_auth.
  1217. *
  1218. * If the returned pointer is NULL, then *error_msg will contain a
  1219. * dynamically allocated error message string.
  1220. */
  1221. extern struct X11Display *x11_setup_display(const char *display, Conf *,
  1222. char **error_msg);
  1223. void x11_free_display(struct X11Display *disp);
  1224. struct X11FakeAuth *x11_invent_fake_auth(tree234 *t, int authtype);
  1225. void x11_free_fake_auth(struct X11FakeAuth *auth);
  1226. Channel *x11_new_channel(tree234 *authtree, SshChannel *c,
  1227. const char *peeraddr, int peerport,
  1228. bool connection_sharing_possible);
  1229. char *x11_display(const char *display);
  1230. /* Platform-dependent X11 functions */
  1231. extern void platform_get_x11_auth(struct X11Display *display, Conf *);
  1232. /* examine a mostly-filled-in X11Display and fill in localauth* */
  1233. extern const bool platform_uses_x11_unix_by_default;
  1234. /* choose default X transport in the absence of a specified one */
  1235. SockAddr *platform_get_x11_unix_address(const char *path, int displaynum);
  1236. /* make up a SockAddr naming the address for displaynum */
  1237. char *platform_get_x_display(void);
  1238. /* allocated local X display string, if any */
  1239. /* X11-related helper functions in utils */
  1240. /*
  1241. * This function does the job of platform_get_x11_auth, provided
  1242. * it is told where to find a normally formatted .Xauthority file:
  1243. * it opens that file, parses it to find an auth record which
  1244. * matches the display details in "display", and fills in the
  1245. * localauth fields.
  1246. *
  1247. * It is expected that most implementations of
  1248. * platform_get_x11_auth() will work by finding their system's
  1249. * .Xauthority file, adjusting the display details if necessary
  1250. * for local oddities like Unix-domain socket transport, and
  1251. * calling this function to do the rest of the work.
  1252. */
  1253. void x11_get_auth_from_authfile(struct X11Display *display,
  1254. Filename *authfilename);
  1255. void x11_format_auth_for_authfile(
  1256. BinarySink *bs, SockAddr *addr, int display_no,
  1257. ptrlen authproto, ptrlen authdata);
  1258. void *x11_make_greeting(int endian, int protomajor, int protominor,
  1259. int auth_proto, const void *auth_data, int auth_len,
  1260. const char *peer_ip, int peer_port,
  1261. int *outlen);
  1262. int x11_identify_auth_proto(ptrlen protoname);
  1263. void *x11_dehexify(ptrlen hex, int *outlen);
  1264. bool x11_parse_ip(const char *addr_string, unsigned long *ip);
  1265. Channel *agentf_new(SshChannel *c);
  1266. bool dh_is_gex(const ssh_kex *kex);
  1267. dh_ctx *dh_setup_group(const ssh_kex *kex);
  1268. dh_ctx *dh_setup_gex(mp_int *pval, mp_int *gval);
  1269. int dh_modulus_bit_size(const dh_ctx *ctx);
  1270. void dh_cleanup(dh_ctx *);
  1271. mp_int *dh_create_e(dh_ctx *);
  1272. const char *dh_validate_f(dh_ctx *, mp_int *f);
  1273. mp_int *dh_find_K(dh_ctx *, mp_int *f);
  1274. static inline bool is_base64_char(char c)
  1275. {
  1276. return ((c >= '0' && c <= '9') ||
  1277. (c >= 'a' && c <= 'z') ||
  1278. (c >= 'A' && c <= 'Z') ||
  1279. c == '+' || c == '/' || c == '=');
  1280. }
  1281. extern int base64_lines(int datalen);
  1282. /* ppk_load_* can return this as an error */
  1283. extern ssh2_userkey ssh2_wrong_passphrase;
  1284. #define SSH2_WRONG_PASSPHRASE (&ssh2_wrong_passphrase)
  1285. bool ppk_encrypted_s(BinarySource *src, char **comment);
  1286. bool ppk_encrypted_f(const Filename *filename, char **comment);
  1287. bool rsa1_encrypted_s(BinarySource *src, char **comment);
  1288. bool rsa1_encrypted_f(const Filename *filename, char **comment);
  1289. ssh2_userkey *ppk_load_s(BinarySource *src, const char *passphrase,
  1290. const char **errorstr);
  1291. ssh2_userkey *ppk_load_f(const Filename *filename, const char *passphrase,
  1292. const char **errorstr);
  1293. int rsa1_load_s(BinarySource *src, RSAKey *key,
  1294. const char *passphrase, const char **errorstr);
  1295. int rsa1_load_f(const Filename *filename, RSAKey *key,
  1296. const char *passphrase, const char **errorstr);
  1297. typedef struct ppk_save_parameters {
  1298. unsigned fmt_version; /* currently 2 or 3 */
  1299. /*
  1300. * Parameters for fmt_version == 3
  1301. */
  1302. Argon2Flavour argon2_flavour;
  1303. uint32_t argon2_mem; /* in Kbyte */
  1304. bool argon2_passes_auto;
  1305. union {
  1306. uint32_t argon2_passes; /* if auto == false */
  1307. uint32_t argon2_milliseconds; /* if auto == true */
  1308. };
  1309. uint32_t argon2_parallelism;
  1310. /* The ability to choose a specific salt is only intended for the
  1311. * use of the automated test of PuTTYgen. It's a (mild) security
  1312. * risk to do it with any passphrase you actually care about,
  1313. * because it invalidates the entire point of having a salt in the
  1314. * first place. */
  1315. const uint8_t *salt;
  1316. size_t saltlen;
  1317. } ppk_save_parameters;
  1318. extern const ppk_save_parameters ppk_save_default_parameters;
  1319. strbuf *ppk_save_sb(ssh2_userkey *key, const char *passphrase,
  1320. const ppk_save_parameters *params);
  1321. bool ppk_save_f(const Filename *filename, ssh2_userkey *key,
  1322. const char *passphrase, const ppk_save_parameters *params);
  1323. strbuf *rsa1_save_sb(RSAKey *key, const char *passphrase);
  1324. bool rsa1_save_f(const Filename *filename, RSAKey *key,
  1325. const char *passphrase);
  1326. bool ppk_loadpub_s(BinarySource *src, char **algorithm, BinarySink *bs,
  1327. char **commentptr, const char **errorstr);
  1328. bool ppk_loadpub_f(const Filename *filename, char **algorithm, BinarySink *bs,
  1329. char **commentptr, const char **errorstr);
  1330. int rsa1_loadpub_s(BinarySource *src, BinarySink *bs,
  1331. char **commentptr, const char **errorstr);
  1332. int rsa1_loadpub_f(const Filename *filename, BinarySink *bs,
  1333. char **commentptr, const char **errorstr);
  1334. extern const ssh_keyalg *const all_keyalgs[];
  1335. extern const size_t n_keyalgs;
  1336. const ssh_keyalg *find_pubkey_alg(const char *name);
  1337. const ssh_keyalg *find_pubkey_alg_len(ptrlen name);
  1338. ptrlen pubkey_blob_to_alg_name(ptrlen blob);
  1339. const ssh_keyalg *pubkey_blob_to_alg(ptrlen blob);
  1340. /* Convenient wrappers on the LoadedFile mechanism suitable for key files */
  1341. LoadedFile *lf_load_keyfile(const Filename *filename, const char **errptr);
  1342. LoadedFile *lf_load_keyfile_fp(FILE *fp, const char **errptr);
  1343. enum {
  1344. SSH_KEYTYPE_UNOPENABLE,
  1345. SSH_KEYTYPE_UNKNOWN,
  1346. SSH_KEYTYPE_SSH1, SSH_KEYTYPE_SSH2,
  1347. /*
  1348. * The OpenSSH key types deserve a little explanation. OpenSSH has
  1349. * two physical formats for private key storage: an old PEM-based
  1350. * one largely dictated by their use of OpenSSL and full of ASN.1,
  1351. * and a new one using the same private key formats used over the
  1352. * wire for talking to ssh-agent. The old format can only support
  1353. * a subset of the key types, because it needs redesign for each
  1354. * key type, and after a while they decided to move to the new
  1355. * format so as not to have to do that.
  1356. *
  1357. * On input, key files are identified as either
  1358. * SSH_KEYTYPE_OPENSSH_PEM or SSH_KEYTYPE_OPENSSH_NEW, describing
  1359. * accurately which actual format the keys are stored in.
  1360. *
  1361. * On output, however, we default to following OpenSSH's own
  1362. * policy of writing out PEM-style keys for maximum backwards
  1363. * compatibility if the key type supports it, and otherwise
  1364. * switching to the new format. So the formats you can select for
  1365. * output are SSH_KEYTYPE_OPENSSH_NEW (forcing the new format for
  1366. * any key type), and SSH_KEYTYPE_OPENSSH_AUTO to use the oldest
  1367. * format supported by whatever key type you're writing out.
  1368. *
  1369. * So we have three type codes, but only two of them usable in any
  1370. * given circumstance. An input key file will never be identified
  1371. * as AUTO, only PEM or NEW; key export UIs should not be able to
  1372. * select PEM, only AUTO or NEW.
  1373. */
  1374. SSH_KEYTYPE_OPENSSH_AUTO,
  1375. SSH_KEYTYPE_OPENSSH_PEM,
  1376. SSH_KEYTYPE_OPENSSH_NEW,
  1377. SSH_KEYTYPE_SSHCOM,
  1378. /*
  1379. * Public-key-only formats, which we still want to be able to read
  1380. * for various purposes.
  1381. */
  1382. SSH_KEYTYPE_SSH1_PUBLIC,
  1383. SSH_KEYTYPE_SSH2_PUBLIC_RFC4716,
  1384. SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH
  1385. };
  1386. typedef enum {
  1387. /* Default fingerprint types strip off a certificate to show you
  1388. * the fingerprint of the underlying public key */
  1389. SSH_FPTYPE_MD5,
  1390. SSH_FPTYPE_SHA256,
  1391. /* Non-default version of each fingerprint type which is 'raw',
  1392. * giving you the true hash of the public key blob even if it
  1393. * includes a certificate */
  1394. SSH_FPTYPE_MD5_CERT,
  1395. SSH_FPTYPE_SHA256_CERT,
  1396. } FingerprintType;
  1397. static inline bool ssh_fptype_is_cert(FingerprintType fptype)
  1398. {
  1399. return fptype >= SSH_FPTYPE_MD5_CERT;
  1400. }
  1401. static inline FingerprintType ssh_fptype_from_cert(FingerprintType fptype)
  1402. {
  1403. if (ssh_fptype_is_cert(fptype))
  1404. fptype -= (SSH_FPTYPE_MD5_CERT - SSH_FPTYPE_MD5);
  1405. return fptype;
  1406. }
  1407. static inline FingerprintType ssh_fptype_to_cert(FingerprintType fptype)
  1408. {
  1409. if (!ssh_fptype_is_cert(fptype))
  1410. fptype += (SSH_FPTYPE_MD5_CERT - SSH_FPTYPE_MD5);
  1411. return fptype;
  1412. }
  1413. #define SSH_N_FPTYPES (SSH_FPTYPE_SHA256_CERT + 1)
  1414. #define SSH_FPTYPE_DEFAULT SSH_FPTYPE_SHA256
  1415. FingerprintType ssh2_pick_fingerprint(char **fingerprints,
  1416. FingerprintType preferred_type);
  1417. FingerprintType ssh2_pick_default_fingerprint(char **fingerprints);
  1418. char *ssh1_pubkey_str(RSAKey *ssh1key);
  1419. void ssh1_write_pubkey(FILE *fp, RSAKey *ssh1key);
  1420. char *ssh2_pubkey_openssh_str(ssh2_userkey *key);
  1421. void ssh2_write_pubkey(FILE *fp, const char *comment,
  1422. const void *v_pub_blob, int pub_len,
  1423. int keytype);
  1424. char *ssh2_fingerprint_blob(ptrlen, FingerprintType);
  1425. char *ssh2_fingerprint(ssh_key *key, FingerprintType);
  1426. char *ssh2_double_fingerprint_blob(ptrlen, FingerprintType);
  1427. char *ssh2_double_fingerprint(ssh_key *key, FingerprintType);
  1428. char **ssh2_all_fingerprints_for_blob(ptrlen);
  1429. char **ssh2_all_fingerprints(ssh_key *key);
  1430. void ssh2_free_all_fingerprints(char **);
  1431. int key_type(const Filename *filename);
  1432. int key_type_s(BinarySource *src);
  1433. const char *key_type_to_str(int type);
  1434. bool import_possible(int type);
  1435. int import_target_type(int type);
  1436. bool import_encrypted(const Filename *filename, int type, char **comment);
  1437. bool import_encrypted_s(const Filename *filename, BinarySource *src,
  1438. int type, char **comment);
  1439. int import_ssh1(const Filename *filename, int type,
  1440. RSAKey *key, char *passphrase, const char **errmsg_p);
  1441. int import_ssh1_s(BinarySource *src, int type,
  1442. RSAKey *key, char *passphrase, const char **errmsg_p);
  1443. ssh2_userkey *import_ssh2(const Filename *filename, int type,
  1444. char *passphrase, const char **errmsg_p);
  1445. ssh2_userkey *import_ssh2_s(BinarySource *src, int type,
  1446. char *passphrase, const char **errmsg_p);
  1447. bool export_ssh1(const Filename *filename, int type,
  1448. RSAKey *key, char *passphrase);
  1449. bool export_ssh2(const Filename *filename, int type,
  1450. ssh2_userkey *key, char *passphrase);
  1451. void des3_decrypt_pubkey(const void *key, void *blk, int len);
  1452. void des3_encrypt_pubkey(const void *key, void *blk, int len);
  1453. void des3_decrypt_pubkey_ossh(const void *key, const void *iv,
  1454. void *blk, int len);
  1455. void des3_encrypt_pubkey_ossh(const void *key, const void *iv,
  1456. void *blk, int len);
  1457. void aes256_encrypt_pubkey(const void *key, const void *iv,
  1458. void *blk, int len);
  1459. void aes256_decrypt_pubkey(const void *key, const void *iv,
  1460. void *blk, int len);
  1461. void des_encrypt_xdmauth(const void *key, void *blk, int len);
  1462. void des_decrypt_xdmauth(const void *key, void *blk, int len);
  1463. void openssh_bcrypt(ptrlen passphrase, ptrlen salt,
  1464. int rounds, unsigned char *out, int outbytes);
  1465. /*
  1466. * Connection-sharing API provided by platforms. This function must
  1467. * either:
  1468. * - return SHARE_NONE and do nothing
  1469. * - return SHARE_DOWNSTREAM and set *sock to a Socket connected to
  1470. * downplug
  1471. * - return SHARE_UPSTREAM and set *sock to a Socket connected to
  1472. * upplug.
  1473. */
  1474. enum { SHARE_NONE, SHARE_DOWNSTREAM, SHARE_UPSTREAM };
  1475. int platform_ssh_share(const char *name, Conf *conf,
  1476. Plug *downplug, Plug *upplug, Socket **sock,
  1477. char **logtext, char **ds_err, char **us_err,
  1478. bool can_upstream, bool can_downstream);
  1479. void platform_ssh_share_cleanup(const char *name);
  1480. /*
  1481. * List macro defining the SSH-1 message type codes.
  1482. */
  1483. #define SSH1_MESSAGE_TYPES(X, y) \
  1484. X(y, SSH1_MSG_DISCONNECT, 1) \
  1485. X(y, SSH1_SMSG_PUBLIC_KEY, 2) \
  1486. X(y, SSH1_CMSG_SESSION_KEY, 3) \
  1487. X(y, SSH1_CMSG_USER, 4) \
  1488. X(y, SSH1_CMSG_AUTH_RSA, 6) \
  1489. X(y, SSH1_SMSG_AUTH_RSA_CHALLENGE, 7) \
  1490. X(y, SSH1_CMSG_AUTH_RSA_RESPONSE, 8) \
  1491. X(y, SSH1_CMSG_AUTH_PASSWORD, 9) \
  1492. X(y, SSH1_CMSG_REQUEST_PTY, 10) \
  1493. X(y, SSH1_CMSG_WINDOW_SIZE, 11) \
  1494. X(y, SSH1_CMSG_EXEC_SHELL, 12) \
  1495. X(y, SSH1_CMSG_EXEC_CMD, 13) \
  1496. X(y, SSH1_SMSG_SUCCESS, 14) \
  1497. X(y, SSH1_SMSG_FAILURE, 15) \
  1498. X(y, SSH1_CMSG_STDIN_DATA, 16) \
  1499. X(y, SSH1_SMSG_STDOUT_DATA, 17) \
  1500. X(y, SSH1_SMSG_STDERR_DATA, 18) \
  1501. X(y, SSH1_CMSG_EOF, 19) \
  1502. X(y, SSH1_SMSG_EXIT_STATUS, 20) \
  1503. X(y, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, 21) \
  1504. X(y, SSH1_MSG_CHANNEL_OPEN_FAILURE, 22) \
  1505. X(y, SSH1_MSG_CHANNEL_DATA, 23) \
  1506. X(y, SSH1_MSG_CHANNEL_CLOSE, 24) \
  1507. X(y, SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION, 25) \
  1508. X(y, SSH1_SMSG_X11_OPEN, 27) \
  1509. X(y, SSH1_CMSG_PORT_FORWARD_REQUEST, 28) \
  1510. X(y, SSH1_MSG_PORT_OPEN, 29) \
  1511. X(y, SSH1_CMSG_AGENT_REQUEST_FORWARDING, 30) \
  1512. X(y, SSH1_SMSG_AGENT_OPEN, 31) \
  1513. X(y, SSH1_MSG_IGNORE, 32) \
  1514. X(y, SSH1_CMSG_EXIT_CONFIRMATION, 33) \
  1515. X(y, SSH1_CMSG_X11_REQUEST_FORWARDING, 34) \
  1516. X(y, SSH1_CMSG_AUTH_RHOSTS_RSA, 35) \
  1517. X(y, SSH1_MSG_DEBUG, 36) \
  1518. X(y, SSH1_CMSG_REQUEST_COMPRESSION, 37) \
  1519. X(y, SSH1_CMSG_AUTH_TIS, 39) \
  1520. X(y, SSH1_SMSG_AUTH_TIS_CHALLENGE, 40) \
  1521. X(y, SSH1_CMSG_AUTH_TIS_RESPONSE, 41) \
  1522. X(y, SSH1_CMSG_AUTH_CCARD, 70) \
  1523. X(y, SSH1_SMSG_AUTH_CCARD_CHALLENGE, 71) \
  1524. X(y, SSH1_CMSG_AUTH_CCARD_RESPONSE, 72) \
  1525. /* end of list */
  1526. #define SSH1_AUTH_RHOSTS 1 /* 0x1 */
  1527. #define SSH1_AUTH_RSA 2 /* 0x2 */
  1528. #define SSH1_AUTH_PASSWORD 3 /* 0x3 */
  1529. #define SSH1_AUTH_RHOSTS_RSA 4 /* 0x4 */
  1530. #define SSH1_AUTH_TIS 5 /* 0x5 */
  1531. #define SSH1_AUTH_CCARD 16 /* 0x10 */
  1532. #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
  1533. /* Mask for protoflags we will echo back to server if seen */
  1534. #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
  1535. /*
  1536. * List macro defining SSH-2 message type codes. Some of these depend
  1537. * on particular contexts (i.e. a previously negotiated kex or auth
  1538. * method)
  1539. */
  1540. #define SSH2_MESSAGE_TYPES(X, K, A, y) \
  1541. X(y, SSH2_MSG_DISCONNECT, 1) \
  1542. X(y, SSH2_MSG_IGNORE, 2) \
  1543. X(y, SSH2_MSG_UNIMPLEMENTED, 3) \
  1544. X(y, SSH2_MSG_DEBUG, 4) \
  1545. X(y, SSH2_MSG_SERVICE_REQUEST, 5) \
  1546. X(y, SSH2_MSG_SERVICE_ACCEPT, 6) \
  1547. X(y, SSH2_MSG_EXT_INFO, 7) \
  1548. X(y, SSH2_MSG_KEXINIT, 20) \
  1549. X(y, SSH2_MSG_NEWKEYS, 21) \
  1550. K(y, SSH2_MSG_KEXDH_INIT, 30, SSH2_PKTCTX_DHGROUP) \
  1551. K(y, SSH2_MSG_KEXDH_REPLY, 31, SSH2_PKTCTX_DHGROUP) \
  1552. K(y, SSH2_MSG_KEX_DH_GEX_REQUEST_OLD, 30, SSH2_PKTCTX_DHGEX) \
  1553. K(y, SSH2_MSG_KEX_DH_GEX_REQUEST, 34, SSH2_PKTCTX_DHGEX) \
  1554. K(y, SSH2_MSG_KEX_DH_GEX_GROUP, 31, SSH2_PKTCTX_DHGEX) \
  1555. K(y, SSH2_MSG_KEX_DH_GEX_INIT, 32, SSH2_PKTCTX_DHGEX) \
  1556. K(y, SSH2_MSG_KEX_DH_GEX_REPLY, 33, SSH2_PKTCTX_DHGEX) \
  1557. K(y, SSH2_MSG_KEXGSS_INIT, 30, SSH2_PKTCTX_GSSKEX) \
  1558. K(y, SSH2_MSG_KEXGSS_CONTINUE, 31, SSH2_PKTCTX_GSSKEX) \
  1559. K(y, SSH2_MSG_KEXGSS_COMPLETE, 32, SSH2_PKTCTX_GSSKEX) \
  1560. K(y, SSH2_MSG_KEXGSS_HOSTKEY, 33, SSH2_PKTCTX_GSSKEX) \
  1561. K(y, SSH2_MSG_KEXGSS_ERROR, 34, SSH2_PKTCTX_GSSKEX) \
  1562. K(y, SSH2_MSG_KEXGSS_GROUPREQ, 40, SSH2_PKTCTX_GSSKEX) \
  1563. K(y, SSH2_MSG_KEXGSS_GROUP, 41, SSH2_PKTCTX_GSSKEX) \
  1564. K(y, SSH2_MSG_KEXRSA_PUBKEY, 30, SSH2_PKTCTX_RSAKEX) \
  1565. K(y, SSH2_MSG_KEXRSA_SECRET, 31, SSH2_PKTCTX_RSAKEX) \
  1566. K(y, SSH2_MSG_KEXRSA_DONE, 32, SSH2_PKTCTX_RSAKEX) \
  1567. K(y, SSH2_MSG_KEX_ECDH_INIT, 30, SSH2_PKTCTX_ECDHKEX) \
  1568. K(y, SSH2_MSG_KEX_ECDH_REPLY, 31, SSH2_PKTCTX_ECDHKEX) \
  1569. X(y, SSH2_MSG_USERAUTH_REQUEST, 50) \
  1570. X(y, SSH2_MSG_USERAUTH_FAILURE, 51) \
  1571. X(y, SSH2_MSG_USERAUTH_SUCCESS, 52) \
  1572. X(y, SSH2_MSG_USERAUTH_BANNER, 53) \
  1573. A(y, SSH2_MSG_USERAUTH_PK_OK, 60, SSH2_PKTCTX_PUBLICKEY) \
  1574. A(y, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, 60, SSH2_PKTCTX_PASSWORD) \
  1575. A(y, SSH2_MSG_USERAUTH_INFO_REQUEST, 60, SSH2_PKTCTX_KBDINTER) \
  1576. A(y, SSH2_MSG_USERAUTH_INFO_RESPONSE, 61, SSH2_PKTCTX_KBDINTER) \
  1577. A(y, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, 60, SSH2_PKTCTX_GSSAPI) \
  1578. A(y, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, 61, SSH2_PKTCTX_GSSAPI) \
  1579. A(y, SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, 63, SSH2_PKTCTX_GSSAPI) \
  1580. A(y, SSH2_MSG_USERAUTH_GSSAPI_ERROR, 64, SSH2_PKTCTX_GSSAPI) \
  1581. A(y, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, 65, SSH2_PKTCTX_GSSAPI) \
  1582. A(y, SSH2_MSG_USERAUTH_GSSAPI_MIC, 66, SSH2_PKTCTX_GSSAPI) \
  1583. X(y, SSH2_MSG_GLOBAL_REQUEST, 80) \
  1584. X(y, SSH2_MSG_REQUEST_SUCCESS, 81) \
  1585. X(y, SSH2_MSG_REQUEST_FAILURE, 82) \
  1586. X(y, SSH2_MSG_CHANNEL_OPEN, 90) \
  1587. X(y, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, 91) \
  1588. X(y, SSH2_MSG_CHANNEL_OPEN_FAILURE, 92) \
  1589. X(y, SSH2_MSG_CHANNEL_WINDOW_ADJUST, 93) \
  1590. X(y, SSH2_MSG_CHANNEL_DATA, 94) \
  1591. X(y, SSH2_MSG_CHANNEL_EXTENDED_DATA, 95) \
  1592. X(y, SSH2_MSG_CHANNEL_EOF, 96) \
  1593. X(y, SSH2_MSG_CHANNEL_CLOSE, 97) \
  1594. X(y, SSH2_MSG_CHANNEL_REQUEST, 98) \
  1595. X(y, SSH2_MSG_CHANNEL_SUCCESS, 99) \
  1596. X(y, SSH2_MSG_CHANNEL_FAILURE, 100) \
  1597. /* end of list */
  1598. #define DEF_ENUM_UNIVERSAL(y, name, value) name = value,
  1599. #define DEF_ENUM_CONTEXTUAL(y, name, value, context) name = value,
  1600. enum {
  1601. SSH1_MESSAGE_TYPES(DEF_ENUM_UNIVERSAL, y)
  1602. SSH2_MESSAGE_TYPES(DEF_ENUM_UNIVERSAL,
  1603. DEF_ENUM_CONTEXTUAL, DEF_ENUM_CONTEXTUAL, y)
  1604. /* Virtual packet type, for packets too short to even have a type */
  1605. SSH_MSG_NO_TYPE_CODE = 256
  1606. };
  1607. #undef DEF_ENUM_UNIVERSAL
  1608. #undef DEF_ENUM_CONTEXTUAL
  1609. /*
  1610. * SSH-1 agent messages.
  1611. */
  1612. #define SSH1_AGENTC_REQUEST_RSA_IDENTITIES 1
  1613. #define SSH1_AGENT_RSA_IDENTITIES_ANSWER 2
  1614. #define SSH1_AGENTC_RSA_CHALLENGE 3
  1615. #define SSH1_AGENT_RSA_RESPONSE 4
  1616. #define SSH1_AGENTC_ADD_RSA_IDENTITY 7
  1617. #define SSH1_AGENTC_REMOVE_RSA_IDENTITY 8
  1618. #define SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 /* openssh private? */
  1619. /*
  1620. * Messages common to SSH-1 and OpenSSH's SSH-2.
  1621. */
  1622. #define SSH_AGENT_FAILURE 5
  1623. #define SSH_AGENT_SUCCESS 6
  1624. /*
  1625. * OpenSSH's SSH-2 agent messages.
  1626. */
  1627. #define SSH2_AGENTC_REQUEST_IDENTITIES 11
  1628. #define SSH2_AGENT_IDENTITIES_ANSWER 12
  1629. #define SSH2_AGENTC_SIGN_REQUEST 13
  1630. #define SSH2_AGENT_SIGN_RESPONSE 14
  1631. #define SSH2_AGENTC_ADD_IDENTITY 17
  1632. #define SSH2_AGENTC_REMOVE_IDENTITY 18
  1633. #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
  1634. #define SSH2_AGENTC_EXTENSION 27
  1635. #define SSH_AGENT_EXTENSION_FAILURE 28
  1636. /*
  1637. * Assorted other SSH-related enumerations.
  1638. */
  1639. #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
  1640. #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
  1641. #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
  1642. #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
  1643. #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
  1644. #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
  1645. #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
  1646. #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
  1647. #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
  1648. #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
  1649. #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
  1650. #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
  1651. #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
  1652. #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
  1653. #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
  1654. #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
  1655. #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
  1656. #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
  1657. #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
  1658. #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
  1659. enum {
  1660. /* TTY modes with opcodes defined consistently in the SSH specs. */
  1661. #define TTYMODE_CHAR(name, val, index) SSH_TTYMODE_##name = val,
  1662. #define TTYMODE_FLAG(name, val, field, mask) SSH_TTYMODE_##name = val,
  1663. #include "ssh/ttymode-list.h"
  1664. #undef TTYMODE_CHAR
  1665. #undef TTYMODE_FLAG
  1666. /* Modes encoded differently between SSH-1 and SSH-2, for which we
  1667. * make up our own dummy opcodes to avoid confusion. */
  1668. TTYMODE_dummy = 255,
  1669. TTYMODE_ISPEED, TTYMODE_OSPEED,
  1670. /* Limiting value that we can use as an array bound below */
  1671. TTYMODE_LIMIT,
  1672. /* The real opcodes for terminal speeds. */
  1673. TTYMODE_ISPEED_SSH1 = 192,
  1674. TTYMODE_OSPEED_SSH1 = 193,
  1675. TTYMODE_ISPEED_SSH2 = 128,
  1676. TTYMODE_OSPEED_SSH2 = 129,
  1677. /* And the opcode that ends a list. */
  1678. TTYMODE_END_OF_LIST = 0
  1679. };
  1680. struct ssh_ttymodes {
  1681. /* A boolean per mode, indicating whether it's set. */
  1682. bool have_mode[TTYMODE_LIMIT];
  1683. /* The actual value for each mode. */
  1684. unsigned mode_val[TTYMODE_LIMIT];
  1685. };
  1686. struct ssh_ttymodes get_ttymodes_from_conf(Seat *seat, Conf *conf);
  1687. struct ssh_ttymodes read_ttymodes_from_packet(
  1688. BinarySource *bs, int ssh_version);
  1689. void write_ttymodes_to_packet(BinarySink *bs, int ssh_version,
  1690. struct ssh_ttymodes modes);
  1691. const char *ssh1_pkt_type(int type);
  1692. const char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type);
  1693. bool ssh2_pkt_type_code_valid(unsigned type);
  1694. /*
  1695. * Need this to warn about support for the original SSH-2 keyfile
  1696. * format.
  1697. */
  1698. void old_keyfile_warning(void);
  1699. /*
  1700. * Flags indicating implementation bugs that we know how to mitigate
  1701. * if we think the other end has them.
  1702. */
  1703. #define SSH_IMPL_BUG_LIST(X) \
  1704. X(BUG_CHOKES_ON_SSH1_IGNORE) \
  1705. X(BUG_SSH2_HMAC) \
  1706. X(BUG_NEEDS_SSH1_PLAIN_PASSWORD) \
  1707. X(BUG_CHOKES_ON_RSA) \
  1708. X(BUG_SSH2_RSA_PADDING) \
  1709. X(BUG_SSH2_DERIVEKEY) \
  1710. X(BUG_SSH2_REKEY) \
  1711. X(BUG_SSH2_PK_SESSIONID) \
  1712. X(BUG_SSH2_MAXPKT) \
  1713. X(BUG_CHOKES_ON_SSH2_IGNORE) \
  1714. X(BUG_CHOKES_ON_WINADJ) \
  1715. X(BUG_SENDS_LATE_REQUEST_REPLY) \
  1716. X(BUG_SSH2_OLDGEX) \
  1717. X(BUG_REQUIRES_FILTERED_KEXINIT) \
  1718. X(BUG_RSA_SHA2_CERT_USERAUTH) \
  1719. /* end of list */
  1720. #define TMP_DECLARE_LOG2_ENUM(thing) log2_##thing,
  1721. enum { SSH_IMPL_BUG_LIST(TMP_DECLARE_LOG2_ENUM) };
  1722. #undef TMP_DECLARE_LOG2_ENUM
  1723. #define TMP_DECLARE_REAL_ENUM(thing) thing = 1 << log2_##thing,
  1724. enum { SSH_IMPL_BUG_LIST(TMP_DECLARE_REAL_ENUM) };
  1725. #undef TMP_DECLARE_REAL_ENUM
  1726. /* Shared system for allocating local SSH channel ids. Expects to be
  1727. * passed a tree full of structs that have a field called 'localid' of
  1728. * type unsigned, and will check that! */
  1729. unsigned alloc_channel_id_general(tree234 *channels, size_t localid_offset);
  1730. #define alloc_channel_id(tree, type) \
  1731. TYPECHECK(&((type *)0)->localid == (unsigned *)0, \
  1732. alloc_channel_id_general(tree, offsetof(type, localid)))
  1733. void add_to_commasep(strbuf *buf, const char *data);
  1734. void add_to_commasep_pl(strbuf *buf, ptrlen data);
  1735. bool get_commasep_word(ptrlen *list, ptrlen *word);
  1736. /* Reasons why something warned by confirm_weak_crypto_primitive might
  1737. * be considered weak */
  1738. typedef enum WeakCryptoReason {
  1739. WCR_BELOW_THRESHOLD, /* user has told us to consider it weak */
  1740. WCR_TERRAPIN, /* known vulnerability CVE-2023-48795 */
  1741. WCR_TERRAPIN_AVOIDABLE, /* same, but demoting ChaCha20 can avoid it */
  1742. } WeakCryptoReason;
  1743. SeatPromptResult verify_ssh_host_key(
  1744. InteractionReadySeat iseat, Conf *conf, const char *host, int port,
  1745. ssh_key *key, const char *keytype, char *keystr, const char *keydisp,
  1746. char **fingerprints, int ca_count,
  1747. void (*callback)(void *ctx, SeatPromptResult result), void *ctx);
  1748. SeatPromptResult confirm_weak_crypto_primitive(
  1749. InteractionReadySeat iseat, const char *algtype, const char *algname,
  1750. void (*callback)(void *ctx, SeatPromptResult result), void *ctx,
  1751. WeakCryptoReason wcr);
  1752. SeatPromptResult confirm_weak_cached_hostkey(
  1753. InteractionReadySeat iseat, const char *algname, const char **betteralgs,
  1754. void (*callback)(void *ctx, SeatPromptResult result), void *ctx);
  1755. typedef struct ssh_transient_hostkey_cache ssh_transient_hostkey_cache;
  1756. ssh_transient_hostkey_cache *ssh_transient_hostkey_cache_new(void);
  1757. void ssh_transient_hostkey_cache_free(ssh_transient_hostkey_cache *thc);
  1758. void ssh_transient_hostkey_cache_add(
  1759. ssh_transient_hostkey_cache *thc, ssh_key *key);
  1760. bool ssh_transient_hostkey_cache_verify(
  1761. ssh_transient_hostkey_cache *thc, ssh_key *key);
  1762. bool ssh_transient_hostkey_cache_has(
  1763. ssh_transient_hostkey_cache *thc, const ssh_keyalg *alg);
  1764. bool ssh_transient_hostkey_cache_non_empty(ssh_transient_hostkey_cache *thc);
  1765. /*
  1766. * Protocol definitions for authentication helper plugins
  1767. */
  1768. #define AUTHPLUGIN_MSG_NAMES(X) \
  1769. X(PLUGIN_INIT, 1) \
  1770. X(PLUGIN_INIT_RESPONSE, 2) \
  1771. X(PLUGIN_PROTOCOL, 3) \
  1772. X(PLUGIN_PROTOCOL_ACCEPT, 4) \
  1773. X(PLUGIN_PROTOCOL_REJECT, 5) \
  1774. X(PLUGIN_AUTH_SUCCESS, 6) \
  1775. X(PLUGIN_AUTH_FAILURE, 7) \
  1776. X(PLUGIN_INIT_FAILURE, 8) \
  1777. X(PLUGIN_KI_SERVER_REQUEST, 20) \
  1778. X(PLUGIN_KI_SERVER_RESPONSE, 21) \
  1779. X(PLUGIN_KI_USER_REQUEST, 22) \
  1780. X(PLUGIN_KI_USER_RESPONSE, 23) \
  1781. /* end of list */
  1782. #define PLUGIN_PROTOCOL_MAX_VERSION 2 /* the highest version we speak */
  1783. enum {
  1784. #define ENUMDECL(name, value) name = value,
  1785. AUTHPLUGIN_MSG_NAMES(ENUMDECL)
  1786. #undef ENUMDECL
  1787. /* Error codes internal to this implementation, indicating failure
  1788. * to receive a meaningful packet at all */
  1789. PLUGIN_NOTYPE = 256, /* packet too short to have a type */
  1790. PLUGIN_EOF = 257 /* EOF from auth plugin */
  1791. };