bpp1.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390
  1. /*
  2. * Binary packet protocol for SSH-1.
  3. */
  4. #include <assert.h>
  5. #include "putty.h"
  6. #include "ssh.h"
  7. #include "bpp.h"
  8. #include "sshcr.h"
  9. struct ssh1_bpp_state {
  10. int crState;
  11. long len, pad, biglen, length, maxlen;
  12. unsigned char *data;
  13. uint32_t realcrc, gotcrc;
  14. int chunk;
  15. PktIn *pktin;
  16. ssh_cipher *cipher_in, *cipher_out;
  17. struct crcda_ctx *crcda_ctx;
  18. uint8_t iv[8]; /* for crcda */
  19. bool pending_compression_request;
  20. ssh_compressor *compctx;
  21. ssh_decompressor *decompctx;
  22. BinaryPacketProtocol bpp;
  23. };
  24. static void ssh1_bpp_free(BinaryPacketProtocol *bpp);
  25. static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp);
  26. static void ssh1_bpp_handle_output(BinaryPacketProtocol *bpp);
  27. static void ssh1_bpp_queue_disconnect(BinaryPacketProtocol *bpp,
  28. const char *msg, int category);
  29. static PktOut *ssh1_bpp_new_pktout(int type);
  30. static const BinaryPacketProtocolVtable ssh1_bpp_vtable = {
  31. .free = ssh1_bpp_free,
  32. .handle_input = ssh1_bpp_handle_input,
  33. .handle_output = ssh1_bpp_handle_output,
  34. .new_pktout = ssh1_bpp_new_pktout,
  35. .queue_disconnect = ssh1_bpp_queue_disconnect,
  36. .packet_size_limit = 0xFFFFFFFF, /* no special limit for this bpp */
  37. };
  38. BinaryPacketProtocol *ssh1_bpp_new(LogContext *logctx)
  39. {
  40. struct ssh1_bpp_state *s = snew(struct ssh1_bpp_state);
  41. memset(s, 0, sizeof(*s));
  42. s->bpp.vt = &ssh1_bpp_vtable;
  43. s->bpp.logctx = logctx;
  44. ssh_bpp_common_setup(&s->bpp);
  45. return &s->bpp;
  46. }
  47. static void ssh1_bpp_free(BinaryPacketProtocol *bpp)
  48. {
  49. struct ssh1_bpp_state *s = container_of(bpp, struct ssh1_bpp_state, bpp);
  50. if (s->cipher_in)
  51. ssh_cipher_free(s->cipher_in);
  52. if (s->cipher_out)
  53. ssh_cipher_free(s->cipher_out);
  54. if (s->compctx)
  55. ssh_compressor_free(s->compctx);
  56. if (s->decompctx)
  57. ssh_decompressor_free(s->decompctx);
  58. if (s->crcda_ctx)
  59. crcda_free_context(s->crcda_ctx);
  60. sfree(s->pktin);
  61. sfree(s);
  62. }
  63. void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
  64. const ssh_cipheralg *cipher,
  65. const void *session_key)
  66. {
  67. struct ssh1_bpp_state *s;
  68. assert(bpp->vt == &ssh1_bpp_vtable);
  69. s = container_of(bpp, struct ssh1_bpp_state, bpp);
  70. assert(!s->cipher_in);
  71. assert(!s->cipher_out);
  72. if (cipher) {
  73. s->cipher_in = ssh_cipher_new(cipher);
  74. s->cipher_out = ssh_cipher_new(cipher);
  75. ssh_cipher_setkey(s->cipher_in, session_key);
  76. ssh_cipher_setkey(s->cipher_out, session_key);
  77. assert(!s->crcda_ctx);
  78. s->crcda_ctx = crcda_make_context();
  79. bpp_logevent("Initialised %s encryption", cipher->text_name);
  80. memset(s->iv, 0, sizeof(s->iv));
  81. assert(cipher->blksize <= sizeof(s->iv));
  82. ssh_cipher_setiv(s->cipher_in, s->iv);
  83. ssh_cipher_setiv(s->cipher_out, s->iv);
  84. }
  85. }
  86. void ssh1_bpp_start_compression(BinaryPacketProtocol *bpp)
  87. {
  88. struct ssh1_bpp_state *s;
  89. assert(bpp->vt == &ssh1_bpp_vtable);
  90. s = container_of(bpp, struct ssh1_bpp_state, bpp);
  91. assert(!s->compctx);
  92. assert(!s->decompctx);
  93. s->compctx = ssh_compressor_new(&ssh_zlib);
  94. s->decompctx = ssh_decompressor_new(&ssh_zlib);
  95. bpp_logevent("Started zlib (RFC1950) compression");
  96. }
  97. #define BPP_READ(ptr, len) do \
  98. { \
  99. bool success; \
  100. crMaybeWaitUntilV((success = bufchain_try_fetch_consume( \
  101. s->bpp.in_raw, ptr, len)) || \
  102. s->bpp.input_eof); \
  103. if (!success) \
  104. goto eof; \
  105. ssh_check_frozen(s->bpp.ssh); \
  106. } while (0)
  107. static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
  108. {
  109. struct ssh1_bpp_state *s = container_of(bpp, struct ssh1_bpp_state, bpp);
  110. crBegin(s->crState);
  111. while (1) {
  112. s->maxlen = 0;
  113. s->length = 0;
  114. {
  115. unsigned char lenbuf[4];
  116. BPP_READ(lenbuf, 4);
  117. s->len = toint(GET_32BIT_MSB_FIRST(lenbuf));
  118. }
  119. if (s->len < 5 || s->len > 262144) { /* SSH1.5-mandated max size */
  120. ssh_sw_abort(s->bpp.ssh,
  121. "Out-of-range packet length from remote suggests"
  122. " data stream corruption");
  123. crStopV;
  124. }
  125. s->pad = 8 - (s->len % 8);
  126. s->biglen = s->len + s->pad;
  127. s->length = s->len - 5;
  128. /*
  129. * Allocate the packet to return, now we know its length.
  130. */
  131. s->pktin = snew_plus(PktIn, s->biglen);
  132. s->pktin->qnode.prev = s->pktin->qnode.next = NULL;
  133. s->pktin->qnode.on_free_queue = false;
  134. s->pktin->type = 0;
  135. s->maxlen = s->biglen;
  136. s->data = snew_plus_get_aux(s->pktin);
  137. BPP_READ(s->data, s->biglen);
  138. if (s->cipher_in && detect_attack(s->crcda_ctx,
  139. s->data, s->biglen, s->iv)) {
  140. ssh_sw_abort(s->bpp.ssh,
  141. "Network attack (CRC compensation) detected!");
  142. crStopV;
  143. }
  144. /* Save the last cipher block, to be passed to the next call
  145. * to detect_attack */
  146. assert(s->biglen >= 8);
  147. memcpy(s->iv, s->data + s->biglen - 8, sizeof(s->iv));
  148. if (s->cipher_in)
  149. ssh_cipher_decrypt(s->cipher_in, s->data, s->biglen);
  150. s->realcrc = crc32_ssh1(make_ptrlen(s->data, s->biglen - 4));
  151. s->gotcrc = GET_32BIT_MSB_FIRST(s->data + s->biglen - 4);
  152. if (s->gotcrc != s->realcrc) {
  153. ssh_sw_abort(s->bpp.ssh, "Incorrect CRC received on packet");
  154. crStopV;
  155. }
  156. if (s->decompctx) {
  157. unsigned char *decompblk;
  158. int decomplen;
  159. if (!ssh_decompressor_decompress(
  160. s->decompctx, s->data + s->pad, s->length + 1,
  161. &decompblk, &decomplen)) {
  162. ssh_sw_abort(s->bpp.ssh,
  163. "Zlib decompression encountered invalid data");
  164. crStopV;
  165. }
  166. if (s->maxlen < s->pad + decomplen) {
  167. PktIn *old_pktin = s->pktin;
  168. s->maxlen = s->pad + decomplen;
  169. s->pktin = snew_plus(PktIn, s->maxlen);
  170. *s->pktin = *old_pktin; /* structure copy */
  171. s->data = snew_plus_get_aux(s->pktin);
  172. smemclr(old_pktin, s->biglen);
  173. sfree(old_pktin);
  174. }
  175. memcpy(s->data + s->pad, decompblk, decomplen);
  176. sfree(decompblk);
  177. s->length = decomplen - 1;
  178. }
  179. /*
  180. * Now we can find the bounds of the semantic content of the
  181. * packet, and the initial type byte.
  182. */
  183. s->data += s->pad;
  184. s->pktin->type = *s->data++;
  185. BinarySource_INIT(s->pktin, s->data, s->length);
  186. if (s->bpp.logctx) {
  187. logblank_t blanks[MAX_BLANKS];
  188. int nblanks = ssh1_censor_packet(
  189. s->bpp.pls, s->pktin->type, false,
  190. make_ptrlen(s->data, s->length), blanks);
  191. log_packet(s->bpp.logctx, PKT_INCOMING, s->pktin->type,
  192. ssh1_pkt_type(s->pktin->type),
  193. get_ptr(s->pktin), get_avail(s->pktin), nblanks, blanks,
  194. NULL, 0, NULL);
  195. }
  196. s->pktin->qnode.formal_size = get_avail(s->pktin);
  197. pq_push(&s->bpp.in_pq, s->pktin);
  198. {
  199. int type = s->pktin->type;
  200. s->pktin = NULL;
  201. switch (type) {
  202. case SSH1_SMSG_SUCCESS:
  203. case SSH1_SMSG_FAILURE:
  204. if (s->pending_compression_request) {
  205. /*
  206. * This is the response to
  207. * SSH1_CMSG_REQUEST_COMPRESSION.
  208. */
  209. if (type == SSH1_SMSG_SUCCESS) {
  210. /*
  211. * If the response was positive, start
  212. * compression.
  213. */
  214. ssh1_bpp_start_compression(&s->bpp);
  215. }
  216. /*
  217. * Either way, cancel the pending flag, and
  218. * schedule a run of our output side in case we
  219. * had any packets queued up in the meantime.
  220. */
  221. s->pending_compression_request = false;
  222. queue_idempotent_callback(&s->bpp.ic_out_pq);
  223. }
  224. break;
  225. }
  226. }
  227. }
  228. eof:
  229. if (!s->bpp.expect_close) {
  230. ssh_remote_error(s->bpp.ssh,
  231. "Remote side unexpectedly closed network connection");
  232. } else {
  233. ssh_remote_eof(s->bpp.ssh, "Remote side closed network connection");
  234. }
  235. return; /* avoid touching s now it's been freed */
  236. crFinishV;
  237. }
  238. static PktOut *ssh1_bpp_new_pktout(int pkt_type)
  239. {
  240. PktOut *pkt = ssh_new_packet();
  241. pkt->length = 4 + 8; /* space for length + max padding */
  242. put_byte(pkt, pkt_type);
  243. pkt->prefix = pkt->length;
  244. pkt->type = pkt_type;
  245. pkt->downstream_id = 0;
  246. pkt->additional_log_text = NULL;
  247. return pkt;
  248. }
  249. static void ssh1_bpp_format_packet(struct ssh1_bpp_state *s, PktOut *pkt)
  250. {
  251. int pad, biglen, pktoffs;
  252. uint32_t crc;
  253. int len;
  254. if (s->bpp.logctx) {
  255. ptrlen pktdata = make_ptrlen(pkt->data + pkt->prefix,
  256. pkt->length - pkt->prefix);
  257. logblank_t blanks[MAX_BLANKS];
  258. int nblanks = ssh1_censor_packet(
  259. s->bpp.pls, pkt->type, true, pktdata, blanks);
  260. log_packet(s->bpp.logctx, PKT_OUTGOING, pkt->type,
  261. ssh1_pkt_type(pkt->type),
  262. pktdata.ptr, pktdata.len, nblanks, blanks,
  263. NULL, 0, NULL);
  264. }
  265. if (s->compctx) {
  266. unsigned char *compblk;
  267. int complen;
  268. ssh_compressor_compress(s->compctx, pkt->data + 12, pkt->length - 12,
  269. &compblk, &complen, 0);
  270. /* Replace the uncompressed packet data with the compressed
  271. * version. */
  272. pkt->length = 12;
  273. put_data(pkt, compblk, complen);
  274. sfree(compblk);
  275. }
  276. put_uint32(pkt, 0); /* space for CRC */
  277. len = pkt->length - 4 - 8; /* len(type+data+CRC) */
  278. pad = 8 - (len % 8);
  279. pktoffs = 8 - pad;
  280. biglen = len + pad; /* len(padding+type+data+CRC) */
  281. random_read(pkt->data + pktoffs, 4+8 - pktoffs);
  282. crc = crc32_ssh1(
  283. make_ptrlen(pkt->data + pktoffs + 4, biglen - 4)); /* all ex len */
  284. PUT_32BIT_MSB_FIRST(pkt->data + pktoffs + 4 + biglen - 4, crc);
  285. PUT_32BIT_MSB_FIRST(pkt->data + pktoffs, len);
  286. if (s->cipher_out)
  287. ssh_cipher_encrypt(s->cipher_out, pkt->data + pktoffs + 4, biglen);
  288. bufchain_add(s->bpp.out_raw, pkt->data + pktoffs,
  289. biglen + 4); /* len(length+padding+type+data+CRC) */
  290. }
  291. static void ssh1_bpp_handle_output(BinaryPacketProtocol *bpp)
  292. {
  293. struct ssh1_bpp_state *s = container_of(bpp, struct ssh1_bpp_state, bpp);
  294. PktOut *pkt;
  295. if (s->pending_compression_request) {
  296. /*
  297. * Don't send any output packets while we're awaiting a
  298. * response to SSH1_CMSG_REQUEST_COMPRESSION, because if they
  299. * cross over in transit with the responding SSH1_CMSG_SUCCESS
  300. * then the other end could decode them with the wrong
  301. * compression settings.
  302. */
  303. return;
  304. }
  305. while ((pkt = pq_pop(&s->bpp.out_pq)) != NULL) {
  306. int type = pkt->type;
  307. ssh1_bpp_format_packet(s, pkt);
  308. ssh_free_pktout(pkt);
  309. if (type == SSH1_CMSG_REQUEST_COMPRESSION) {
  310. /*
  311. * When we see the actual compression request go past, set
  312. * the pending flag, and stop processing packets this
  313. * time.
  314. */
  315. s->pending_compression_request = true;
  316. break;
  317. }
  318. }
  319. ssh_sendbuffer_changed(bpp->ssh);
  320. }
  321. static void ssh1_bpp_queue_disconnect(BinaryPacketProtocol *bpp,
  322. const char *msg, int category)
  323. {
  324. PktOut *pkt = ssh_bpp_new_pktout(bpp, SSH1_MSG_DISCONNECT);
  325. put_stringz(pkt, msg);
  326. pq_push(&bpp->out_pq, pkt);
  327. }