forked from rdebath/PuTTY
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssh.h
1968 lines (1779 loc) · 81.4 KB
/
ssh.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#include <stdio.h>
#include <string.h>
#include "puttymem.h"
#include "tree234.h"
#include "network.h"
#include "misc.h"
struct ssh_channel;
/*
* Buffer management constants. There are several of these for
* various different purposes:
*
* - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
* on a local data stream before we throttle the whole SSH
* connection (in SSH-1 only). Throttling the whole connection is
* pretty drastic so we set this high in the hope it won't
* happen very often.
*
* - SSH_MAX_BACKLOG is the amount of backlog that must build up
* on the SSH connection itself before we defensively throttle
* _all_ local data streams. This is pretty drastic too (though
* thankfully unlikely in SSH-2 since the window mechanism should
* ensure that the server never has any need to throttle its end
* of the connection), so we set this high as well.
*
* - OUR_V2_WINSIZE is the default window size we present on SSH-2
* channels.
*
* - OUR_V2_BIGWIN is the window size we advertise for the only
* channel in a simple connection. It must be <= INT_MAX.
*
* - OUR_V2_MAXPKT is the official "maximum packet size" we send
* to the remote side. This actually has nothing to do with the
* size of the _packet_, but is instead a limit on the amount
* of data we're willing to receive in a single SSH2 channel
* data message.
*
* - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
* _packet_ we're prepared to cope with. It must be a multiple
* of the cipher block size, and must be at least 35000.
*/
#define SSH1_BUFFER_LIMIT 32768
#define SSH_MAX_BACKLOG 32768
#define OUR_V2_WINSIZE 16384
#define OUR_V2_BIGWIN 0x7fffffff
#define OUR_V2_MAXPKT 0x4000UL
#define OUR_V2_PACKETLIMIT 0x9000UL
typedef struct PacketQueueNode PacketQueueNode;
struct PacketQueueNode {
PacketQueueNode *next, *prev;
size_t formal_size; /* contribution to PacketQueueBase's total_size */
bool on_free_queue; /* is this packet scheduled for freeing? */
};
typedef struct PktIn {
int type;
unsigned long sequence; /* SSH-2 incoming sequence number */
PacketQueueNode qnode; /* for linking this packet on to a queue */
BinarySource_IMPLEMENTATION;
} PktIn;
typedef struct PktOut {
size_t prefix; /* bytes up to and including type field */
size_t length; /* total bytes, including prefix */
int type;
size_t minlen; /* SSH-2: ensure wire length is at least this */
unsigned char *data; /* allocated storage */
size_t maxlen; /* amount of storage allocated for `data' */
/* Extra metadata used in SSH packet logging mode, allowing us to
* log in the packet header line that the packet came from a
* connection-sharing downstream and what if anything unusual was
* done to it. The additional_log_text field is expected to be a
* static string - it will not be freed. */
unsigned downstream_id;
const char *additional_log_text;
PacketQueueNode qnode; /* for linking this packet on to a queue */
BinarySink_IMPLEMENTATION;
} PktOut;
typedef struct PacketQueueBase {
PacketQueueNode end;
size_t total_size; /* sum of all formal_size fields on the queue */
struct IdempotentCallback *ic;
} PacketQueueBase;
typedef struct PktInQueue {
PacketQueueBase pqb;
PktIn *(*after)(PacketQueueBase *, PacketQueueNode *prev, bool pop);
} PktInQueue;
typedef struct PktOutQueue {
PacketQueueBase pqb;
PktOut *(*after)(PacketQueueBase *, PacketQueueNode *prev, bool pop);
} PktOutQueue;
void pq_base_push(PacketQueueBase *pqb, PacketQueueNode *node);
void pq_base_push_front(PacketQueueBase *pqb, PacketQueueNode *node);
void pq_base_concatenate(PacketQueueBase *dest,
PacketQueueBase *q1, PacketQueueBase *q2);
void pq_in_init(PktInQueue *pq);
void pq_out_init(PktOutQueue *pq);
void pq_in_clear(PktInQueue *pq);
void pq_out_clear(PktOutQueue *pq);
#define pq_push(pq, pkt) \
TYPECHECK((pq)->after(&(pq)->pqb, NULL, false) == pkt, \
pq_base_push(&(pq)->pqb, &(pkt)->qnode))
#define pq_push_front(pq, pkt) \
TYPECHECK((pq)->after(&(pq)->pqb, NULL, false) == pkt, \
pq_base_push_front(&(pq)->pqb, &(pkt)->qnode))
#define pq_peek(pq) ((pq)->after(&(pq)->pqb, &(pq)->pqb.end, false))
#define pq_pop(pq) ((pq)->after(&(pq)->pqb, &(pq)->pqb.end, true))
#define pq_concatenate(dst, q1, q2) \
TYPECHECK((q1)->after(&(q1)->pqb, NULL, false) == \
(dst)->after(&(dst)->pqb, NULL, false) && \
(q2)->after(&(q2)->pqb, NULL, false) == \
(dst)->after(&(dst)->pqb, NULL, false), \
pq_base_concatenate(&(dst)->pqb, &(q1)->pqb, &(q2)->pqb))
#define pq_first(pq) pq_peek(pq)
#define pq_next(pq, pkt) ((pq)->after(&(pq)->pqb, &(pkt)->qnode, false))
/*
* Packet type contexts, so that ssh2_pkt_type can correctly decode
* the ambiguous type numbers back into the correct type strings.
*/
typedef enum {
SSH2_PKTCTX_NOKEX,
SSH2_PKTCTX_DHGROUP,
SSH2_PKTCTX_DHGEX,
SSH2_PKTCTX_ECDHKEX,
SSH2_PKTCTX_GSSKEX,
SSH2_PKTCTX_RSAKEX
} Pkt_KCtx;
typedef enum {
SSH2_PKTCTX_NOAUTH,
SSH2_PKTCTX_PUBLICKEY,
SSH2_PKTCTX_PASSWORD,
SSH2_PKTCTX_GSSAPI,
SSH2_PKTCTX_KBDINTER
} Pkt_ACtx;
typedef struct PacketLogSettings {
bool omit_passwords, omit_data;
Pkt_KCtx kctx;
Pkt_ACtx actx;
} PacketLogSettings;
#define MAX_BLANKS 4 /* no packet needs more censored sections than this */
int ssh1_censor_packet(
const PacketLogSettings *pls, int type, bool sender_is_client,
ptrlen pkt, logblank_t *blanks);
int ssh2_censor_packet(
const PacketLogSettings *pls, int type, bool sender_is_client,
ptrlen pkt, logblank_t *blanks);
PktOut *ssh_new_packet(void);
void ssh_free_pktout(PktOut *pkt);
Socket *ssh_connection_sharing_init(
const char *host, int port, Conf *conf, LogContext *logctx,
Plug *sshplug, ssh_sharing_state **state);
void ssh_connshare_provide_connlayer(ssh_sharing_state *sharestate,
ConnectionLayer *cl);
bool ssh_share_test_for_upstream(const char *host, int port, Conf *conf);
void share_got_pkt_from_server(ssh_sharing_connstate *ctx, int type,
const void *pkt, int pktlen);
void share_activate(ssh_sharing_state *sharestate,
const char *server_verstring);
void sharestate_free(ssh_sharing_state *state);
int share_ndownstreams(ssh_sharing_state *state);
void ssh_connshare_log(Ssh *ssh, int event, const char *logtext,
const char *ds_err, const char *us_err);
void share_setup_x11_channel(ssh_sharing_connstate *cs, share_channel *chan,
unsigned upstream_id, unsigned server_id,
unsigned server_currwin, unsigned server_maxpkt,
unsigned client_adjusted_window,
const char *peer_addr, int peer_port, int endian,
int protomajor, int protominor,
const void *initial_data, int initial_len);
/* Per-application overrides for what roles we can take in connection
* sharing, regardless of user configuration (e.g. pscp will never be
* an upstream) */
extern const bool share_can_be_downstream;
extern const bool share_can_be_upstream;
struct X11Display;
struct X11FakeAuth;
/* Structure definition centralised here because the SSH-1 and SSH-2
* connection layers both use it. But the client module (portfwd.c)
* should not try to look inside here. */
struct ssh_rportfwd {
unsigned sport, dport;
char *shost, *dhost;
int addressfamily;
char *log_description; /* name of remote listening port, for logging */
ssh_sharing_connstate *share_ctx;
PortFwdRecord *pfr;
};
void free_rportfwd(struct ssh_rportfwd *rpf);
typedef struct ConnectionLayerVtable ConnectionLayerVtable;
struct ConnectionLayerVtable {
/* Allocate and free remote-to-local port forwardings, called by
* PortFwdManager or by connection sharing */
struct ssh_rportfwd *(*rportfwd_alloc)(
ConnectionLayer *cl,
const char *shost, int sport, const char *dhost, int dport,
int addressfamily, const char *log_description, PortFwdRecord *pfr,
ssh_sharing_connstate *share_ctx);
void (*rportfwd_remove)(ConnectionLayer *cl, struct ssh_rportfwd *rpf);
/* Open a local-to-remote port forwarding channel, called by
* PortFwdManager */
SshChannel *(*lportfwd_open)(
ConnectionLayer *cl, const char *hostname, int port,
const char *description, const SocketPeerInfo *peerinfo,
Channel *chan);
/* Initiate opening of a 'session'-type channel */
SshChannel *(*session_open)(ConnectionLayer *cl, Channel *chan);
/* Open outgoing channels for X and agent forwarding. (Used in the
* SSH server.) */
SshChannel *(*serverside_x11_open)(ConnectionLayer *cl, Channel *chan,
const SocketPeerInfo *pi);
SshChannel *(*serverside_agent_open)(ConnectionLayer *cl, Channel *chan);
/* Add an X11 display for ordinary X forwarding */
struct X11FakeAuth *(*add_x11_display)(
ConnectionLayer *cl, int authtype, struct X11Display *x11disp);
/* Add and remove X11 displays for connection sharing downstreams */
struct X11FakeAuth *(*add_sharing_x11_display)(
ConnectionLayer *cl, int authtype, ssh_sharing_connstate *share_cs,
share_channel *share_chan);
void (*remove_sharing_x11_display)(
ConnectionLayer *cl, struct X11FakeAuth *auth);
/* Pass through an outgoing SSH packet from a downstream */
void (*send_packet_from_downstream)(
ConnectionLayer *cl, unsigned id, int type,
const void *pkt, int pktlen, const char *additional_log_text);
/* Allocate/free an upstream channel number associated with a
* sharing downstream */
unsigned (*alloc_sharing_channel)(ConnectionLayer *cl,
ssh_sharing_connstate *connstate);
void (*delete_sharing_channel)(ConnectionLayer *cl, unsigned localid);
/* Indicate that a downstream has sent a global request with the
* want-reply flag, so that when a reply arrives it will be passed
* back to that downstrean */
void (*sharing_queue_global_request)(
ConnectionLayer *cl, ssh_sharing_connstate *connstate);
/* Indicate that the last downstream has disconnected */
void (*sharing_no_more_downstreams)(ConnectionLayer *cl);
/* Query whether the connection layer is doing agent forwarding */
bool (*agent_forwarding_permitted)(ConnectionLayer *cl);
/* Set the size of the main terminal window (if any) */
void (*terminal_size)(ConnectionLayer *cl, int width, int height);
/* Indicate that the backlog on standard output has cleared */
void (*stdout_unthrottle)(ConnectionLayer *cl, size_t bufsize);
/* Query the size of the backlog on standard _input_ */
size_t (*stdin_backlog)(ConnectionLayer *cl);
/* Tell the connection layer that the SSH connection itself has
* backed up, so it should tell all currently open channels to
* cease reading from their local input sources if they can. (Or
* tell it that that state of affairs has gone away again.) */
void (*throttle_all_channels)(ConnectionLayer *cl, bool throttled);
/* Ask the connection layer about its current preference for
* line-discipline options. */
bool (*ldisc_option)(ConnectionLayer *cl, int option);
/* Communicate _to_ the connection layer (from the main session
* channel) what its preference for line-discipline options is. */
void (*set_ldisc_option)(ConnectionLayer *cl, int option, bool value);
/* Communicate to the connection layer whether X forwarding was
* successfully enabled (for purposes of knowing whether to accept
* subsequent channel-opens). */
void (*enable_x_fwd)(ConnectionLayer *cl);
/* Communicate / query whether the main session channel currently
* wants user input. The set function is called by mainchan; the
* query function is called by the top-level ssh.c. */
void (*set_wants_user_input)(ConnectionLayer *cl, bool wanted);
bool (*get_wants_user_input)(ConnectionLayer *cl);
/* Notify the connection layer that more data has been added to
* the user input queue. */
void (*got_user_input)(ConnectionLayer *cl);
};
struct ConnectionLayer {
LogContext *logctx;
const struct ConnectionLayerVtable *vt;
};
static inline struct ssh_rportfwd *ssh_rportfwd_alloc(
ConnectionLayer *cl, const char *sh, int sp, const char *dh, int dp,
int af, const char *log, PortFwdRecord *pfr, ssh_sharing_connstate *cs)
{ return cl->vt->rportfwd_alloc(cl, sh, sp, dh, dp, af, log, pfr, cs); }
static inline void ssh_rportfwd_remove(
ConnectionLayer *cl, struct ssh_rportfwd *rpf)
{ cl->vt->rportfwd_remove(cl, rpf); }
static inline SshChannel *ssh_lportfwd_open(
ConnectionLayer *cl, const char *host, int port,
const char *desc, const SocketPeerInfo *pi, Channel *chan)
{ return cl->vt->lportfwd_open(cl, host, port, desc, pi, chan); }
static inline SshChannel *ssh_session_open(ConnectionLayer *cl, Channel *chan)
{ return cl->vt->session_open(cl, chan); }
static inline SshChannel *ssh_serverside_x11_open(
ConnectionLayer *cl, Channel *chan, const SocketPeerInfo *pi)
{ return cl->vt->serverside_x11_open(cl, chan, pi); }
static inline SshChannel *ssh_serverside_agent_open(
ConnectionLayer *cl, Channel *chan)
{ return cl->vt->serverside_agent_open(cl, chan); }
static inline struct X11FakeAuth *ssh_add_x11_display(
ConnectionLayer *cl, int authtype, struct X11Display *x11disp)
{ return cl->vt->add_x11_display(cl, authtype, x11disp); }
static inline struct X11FakeAuth *ssh_add_sharing_x11_display(
ConnectionLayer *cl, int authtype, ssh_sharing_connstate *share_cs,
share_channel *share_chan)
{ return cl->vt->add_sharing_x11_display(cl, authtype, share_cs, share_chan); }
static inline void ssh_remove_sharing_x11_display(
ConnectionLayer *cl, struct X11FakeAuth *auth)
{ cl->vt->remove_sharing_x11_display(cl, auth); }
static inline void ssh_send_packet_from_downstream(
ConnectionLayer *cl, unsigned id, int type,
const void *pkt, int len, const char *log)
{ cl->vt->send_packet_from_downstream(cl, id, type, pkt, len, log); }
static inline unsigned ssh_alloc_sharing_channel(
ConnectionLayer *cl, ssh_sharing_connstate *connstate)
{ return cl->vt->alloc_sharing_channel(cl, connstate); }
static inline void ssh_delete_sharing_channel(
ConnectionLayer *cl, unsigned localid)
{ cl->vt->delete_sharing_channel(cl, localid); }
static inline void ssh_sharing_queue_global_request(
ConnectionLayer *cl, ssh_sharing_connstate *connstate)
{ cl->vt->sharing_queue_global_request(cl, connstate); }
static inline void ssh_sharing_no_more_downstreams(ConnectionLayer *cl)
{ cl->vt->sharing_no_more_downstreams(cl); }
static inline bool ssh_agent_forwarding_permitted(ConnectionLayer *cl)
{ return cl->vt->agent_forwarding_permitted(cl); }
static inline void ssh_terminal_size(ConnectionLayer *cl, int w, int h)
{ cl->vt->terminal_size(cl, w, h); }
static inline void ssh_stdout_unthrottle(ConnectionLayer *cl, size_t bufsize)
{ cl->vt->stdout_unthrottle(cl, bufsize); }
static inline size_t ssh_stdin_backlog(ConnectionLayer *cl)
{ return cl->vt->stdin_backlog(cl); }
static inline void ssh_throttle_all_channels(ConnectionLayer *cl, bool thr)
{ cl->vt->throttle_all_channels(cl, thr); }
static inline bool ssh_ldisc_option(ConnectionLayer *cl, int option)
{ return cl->vt->ldisc_option(cl, option); }
static inline void ssh_set_ldisc_option(ConnectionLayer *cl, int opt, bool val)
{ cl->vt->set_ldisc_option(cl, opt, val); }
static inline void ssh_enable_x_fwd(ConnectionLayer *cl)
{ cl->vt->enable_x_fwd(cl); }
static inline void ssh_set_wants_user_input(ConnectionLayer *cl, bool wanted)
{ cl->vt->set_wants_user_input(cl, wanted); }
static inline bool ssh_get_wants_user_input(ConnectionLayer *cl)
{ return cl->vt->get_wants_user_input(cl); }
static inline void ssh_got_user_input(ConnectionLayer *cl)
{ cl->vt->got_user_input(cl); }
/* Exports from portfwd.c */
PortFwdManager *portfwdmgr_new(ConnectionLayer *cl);
void portfwdmgr_free(PortFwdManager *mgr);
void portfwdmgr_config(PortFwdManager *mgr, Conf *conf);
void portfwdmgr_close(PortFwdManager *mgr, PortFwdRecord *pfr);
void portfwdmgr_close_all(PortFwdManager *mgr);
char *portfwdmgr_connect(PortFwdManager *mgr, Channel **chan_ret,
char *hostname, int port, SshChannel *c,
int addressfamily);
bool portfwdmgr_listen(PortFwdManager *mgr, const char *host, int port,
const char *keyhost, int keyport, Conf *conf);
bool portfwdmgr_unlisten(PortFwdManager *mgr, const char *host, int port);
Channel *portfwd_raw_new(ConnectionLayer *cl, Plug **plug, bool start_ready);
void portfwd_raw_free(Channel *pfchan);
void portfwd_raw_setup(Channel *pfchan, Socket *s, SshChannel *sc);
Socket *platform_make_agent_socket(Plug *plug, const char *dirprefix,
char **error, char **name);
LogContext *ssh_get_logctx(Ssh *ssh);
/* Communications back to ssh.c from connection layers */
void ssh_throttle_conn(Ssh *ssh, int adjust);
void ssh_got_exitcode(Ssh *ssh, int status);
void ssh_ldisc_update(Ssh *ssh);
void ssh_check_sendok(Ssh *ssh);
void ssh_got_fallback_cmd(Ssh *ssh);
bool ssh_is_bare(Ssh *ssh);
/* Communications back to ssh.c from the BPP */
void ssh_conn_processed_data(Ssh *ssh);
void ssh_sendbuffer_changed(Ssh *ssh);
void ssh_check_frozen(Ssh *ssh);
/* Functions to abort the connection, for various reasons. */
void ssh_remote_error(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
void ssh_remote_eof(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
void ssh_proto_error(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
void ssh_sw_abort(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
void ssh_sw_abort_deferred(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
void ssh_user_close(Ssh *ssh, const char *fmt, ...) PRINTF_LIKE(2, 3);
void ssh_spr_close(Ssh *ssh, SeatPromptResult spr, const char *context);
/* Bit positions in the SSH-1 cipher protocol word */
#define SSH1_CIPHER_IDEA 1
#define SSH1_CIPHER_DES 2
#define SSH1_CIPHER_3DES 3
#define SSH1_CIPHER_BLOWFISH 6
/* The subset of those that we support, with names for selecting them
* on Uppity's command line */
#define SSH1_SUPPORTED_CIPHER_LIST(X) \
X(SSH1_CIPHER_3DES, "3des") \
X(SSH1_CIPHER_BLOWFISH, "blowfish") \
X(SSH1_CIPHER_DES, "des") \
/* end of list */
#define SSH1_CIPHER_LIST_MAKE_MASK(bitpos, name) | (1U << bitpos)
#define SSH1_SUPPORTED_CIPHER_MASK \
(0 SSH1_SUPPORTED_CIPHER_LIST(SSH1_CIPHER_LIST_MAKE_MASK))
struct ssh_key {
const ssh_keyalg *vt;
};
struct RSAKey {
int bits;
int bytes;
mp_int *modulus;
mp_int *exponent;
mp_int *private_exponent;
mp_int *p;
mp_int *q;
mp_int *iqmp;
char *comment;
ssh_key sshk;
};
struct dsa_key {
mp_int *p, *q, *g, *y, *x;
ssh_key sshk;
};
struct ec_curve;
/* Weierstrass form curve */
struct ec_wcurve
{
WeierstrassCurve *wc;
WeierstrassPoint *G;
mp_int *G_order;
};
/* Montgomery form curve */
struct ec_mcurve
{
MontgomeryCurve *mc;
MontgomeryPoint *G;
unsigned log2_cofactor;
};
/* Edwards form curve */
struct ec_ecurve
{
EdwardsCurve *ec;
EdwardsPoint *G;
mp_int *G_order;
unsigned log2_cofactor;
};
typedef enum EllipticCurveType {
EC_WEIERSTRASS, EC_MONTGOMERY, EC_EDWARDS
} EllipticCurveType;
struct ec_curve {
EllipticCurveType type;
/* 'name' is the identifier of the curve when it has to appear in
* wire protocol encodings, as it does in e.g. the public key and
* signature formats for NIST curves. Curves which do not format
* their keys or signatures in this way just have name==NULL.
*
* 'textname' is non-NULL for all curves, and is a human-readable
* identification suitable for putting in log messages. */
const char *name, *textname;
size_t fieldBits, fieldBytes;
mp_int *p;
union {
struct ec_wcurve w;
struct ec_mcurve m;
struct ec_ecurve e;
};
};
const ssh_keyalg *ec_alg_by_oid(int len, const void *oid,
const struct ec_curve **curve);
const unsigned char *ec_alg_oid(const ssh_keyalg *alg, int *oidlen);
extern const int ec_nist_curve_lengths[], n_ec_nist_curve_lengths;
extern const int ec_ed_curve_lengths[], n_ec_ed_curve_lengths;
bool ec_nist_alg_and_curve_by_bits(int bits,
const struct ec_curve **curve,
const ssh_keyalg **alg);
bool ec_ed_alg_and_curve_by_bits(int bits,
const struct ec_curve **curve,
const ssh_keyalg **alg);
struct ecdsa_key {
const struct ec_curve *curve;
WeierstrassPoint *publicKey;
mp_int *privateKey;
ssh_key sshk;
};
struct eddsa_key {
const struct ec_curve *curve;
EdwardsPoint *publicKey;
mp_int *privateKey;
ssh_key sshk;
};
WeierstrassPoint *ecdsa_public(mp_int *private_key, const ssh_keyalg *alg);
EdwardsPoint *eddsa_public(mp_int *private_key, const ssh_keyalg *alg);
typedef enum KeyComponentType {
KCT_TEXT, KCT_BINARY, KCT_MPINT
} KeyComponentType;
typedef struct key_component {
char *name;
KeyComponentType type;
union {
strbuf *str; /* used for KCT_TEXT and KCT_BINARY */
mp_int *mp; /* used for KCT_MPINT */
};
} key_component;
typedef struct key_components {
size_t ncomponents, componentsize;
key_component *components;
} key_components;
key_components *key_components_new(void);
void key_components_add_text(key_components *kc,
const char *name, const char *value);
void key_components_add_text_pl(key_components *kc,
const char *name, ptrlen value);
void key_components_add_binary(key_components *kc,
const char *name, ptrlen value);
void key_components_add_mp(key_components *kc,
const char *name, mp_int *value);
void key_components_add_uint(key_components *kc,
const char *name, uintmax_t value);
void key_components_add_copy(key_components *kc,
const char *name, const key_component *value);
void key_components_free(key_components *kc);
/*
* SSH-1 never quite decided which order to store the two components
* of an RSA key. During connection setup, the server sends its host
* and server keys with the exponent first; private key files store
* the modulus first. The agent protocol is even more confusing,
* because the client specifies a key to the server in one order and
* the server lists the keys it knows about in the other order!
*/
typedef enum { RSA_SSH1_EXPONENT_FIRST, RSA_SSH1_MODULUS_FIRST } RsaSsh1Order;
void BinarySource_get_rsa_ssh1_pub(
BinarySource *src, RSAKey *result, RsaSsh1Order order);
void BinarySource_get_rsa_ssh1_priv(
BinarySource *src, RSAKey *rsa);
RSAKey *BinarySource_get_rsa_ssh1_priv_agent(BinarySource *src);
bool rsa_ssh1_encrypt(unsigned char *data, int length, RSAKey *key);
mp_int *rsa_ssh1_decrypt(mp_int *input, RSAKey *key);
bool rsa_ssh1_decrypt_pkcs1(mp_int *input, RSAKey *key, strbuf *outbuf);
char *rsastr_fmt(RSAKey *key);
char *rsa_ssh1_fingerprint(RSAKey *key);
char **rsa_ssh1_fake_all_fingerprints(RSAKey *key);
bool rsa_verify(RSAKey *key);
void rsa_ssh1_public_blob(BinarySink *bs, RSAKey *key, RsaSsh1Order order);
int rsa_ssh1_public_blob_len(ptrlen data);
void rsa_ssh1_private_blob_agent(BinarySink *bs, RSAKey *key);
void duprsakey(RSAKey *dst, const RSAKey *src);
void freersapriv(RSAKey *key);
void freersakey(RSAKey *key);
key_components *rsa_components(RSAKey *key);
uint32_t crc32_rfc1662(ptrlen data);
uint32_t crc32_ssh1(ptrlen data);
uint32_t crc32_update(uint32_t crc_input, ptrlen data);
/* SSH CRC compensation attack detector */
struct crcda_ctx;
struct crcda_ctx *crcda_make_context(void);
void crcda_free_context(struct crcda_ctx *ctx);
bool detect_attack(struct crcda_ctx *ctx,
const unsigned char *buf, uint32_t len,
const unsigned char *IV);
/*
* SSH2 RSA key exchange functions
*/
struct ssh_rsa_kex_extra {
int minklen;
};
RSAKey *ssh_rsakex_newkey(ptrlen data);
void ssh_rsakex_freekey(RSAKey *key);
int ssh_rsakex_klen(RSAKey *key);
strbuf *ssh_rsakex_encrypt(
RSAKey *key, const ssh_hashalg *h, ptrlen plaintext);
mp_int *ssh_rsakex_decrypt(
RSAKey *key, const ssh_hashalg *h, ptrlen ciphertext);
/*
* Helper function for k generation in DSA, reused in ECDSA
*/
mp_int *dsa_gen_k(const char *id_string,
mp_int *modulus, mp_int *private_key,
unsigned char *digest, int digest_len);
struct ssh_cipher {
const ssh_cipheralg *vt;
};
struct ssh_cipheralg {
ssh_cipher *(*new)(const ssh_cipheralg *alg);
void (*free)(ssh_cipher *);
void (*setiv)(ssh_cipher *, const void *iv);
void (*setkey)(ssh_cipher *, const void *key);
void (*encrypt)(ssh_cipher *, void *blk, int len);
void (*decrypt)(ssh_cipher *, void *blk, int len);
/* Ignored unless SSH_CIPHER_SEPARATE_LENGTH flag set */
void (*encrypt_length)(ssh_cipher *, void *blk, int len,
unsigned long seq);
void (*decrypt_length)(ssh_cipher *, void *blk, int len,
unsigned long seq);
/* For ciphers that update their state per logical message
* (typically, per unit independently MACed) */
void (*next_message)(ssh_cipher *);
const char *ssh2_id;
int blksize;
/* real_keybits is the number of bits of entropy genuinely used by
* the cipher scheme; it's used for deciding how big a
* Diffie-Hellman group is needed to exchange a key for the
* cipher. */
int real_keybits;
/* padded_keybytes is the number of bytes of key data expected as
* input to the setkey function; it's used for deciding how much
* data needs to be generated from the post-kex generation of key
* material. In a sensible cipher which uses all its key bytes for
* real work, this will just be real_keybits/8, but in DES-type
* ciphers which ignore one bit in each byte, it'll be slightly
* different. */
int padded_keybytes;
unsigned int flags;
#define SSH_CIPHER_IS_CBC 1
#define SSH_CIPHER_SEPARATE_LENGTH 2
const char *text_name;
/* If set, this takes priority over other MAC. */
const ssh2_macalg *required_mac;
/* Pointer to any extra data used by a particular implementation. */
const void *extra;
};
static inline ssh_cipher *ssh_cipher_new(const ssh_cipheralg *alg)
{ return alg->new(alg); }
static inline void ssh_cipher_free(ssh_cipher *c)
{ c->vt->free(c); }
static inline void ssh_cipher_setiv(ssh_cipher *c, const void *iv)
{ c->vt->setiv(c, iv); }
static inline void ssh_cipher_setkey(ssh_cipher *c, const void *key)
{ c->vt->setkey(c, key); }
static inline void ssh_cipher_encrypt(ssh_cipher *c, void *blk, int len)
{ c->vt->encrypt(c, blk, len); }
static inline void ssh_cipher_decrypt(ssh_cipher *c, void *blk, int len)
{ c->vt->decrypt(c, blk, len); }
static inline void ssh_cipher_encrypt_length(
ssh_cipher *c, void *blk, int len, unsigned long seq)
{ c->vt->encrypt_length(c, blk, len, seq); }
static inline void ssh_cipher_decrypt_length(
ssh_cipher *c, void *blk, int len, unsigned long seq)
{ c->vt->decrypt_length(c, blk, len, seq); }
static inline void ssh_cipher_next_message(ssh_cipher *c)
{ c->vt->next_message(c); }
static inline const struct ssh_cipheralg *ssh_cipher_alg(ssh_cipher *c)
{ return c->vt; }
void nullcipher_next_message(ssh_cipher *);
struct ssh2_ciphers {
int nciphers;
const ssh_cipheralg *const *list;
};
struct ssh2_mac {
const ssh2_macalg *vt;
BinarySink_DELEGATE_IMPLEMENTATION;
};
struct ssh2_macalg {
/* Passes in the cipher context */
ssh2_mac *(*new)(const ssh2_macalg *alg, ssh_cipher *cipher);
void (*free)(ssh2_mac *);
void (*setkey)(ssh2_mac *, ptrlen key);
void (*start)(ssh2_mac *);
void (*genresult)(ssh2_mac *, unsigned char *);
void (*next_message)(ssh2_mac *);
const char *(*text_name)(ssh2_mac *);
const char *name, *etm_name;
int len, keylen;
/* Pointer to any extra data used by a particular implementation. */
const void *extra;
};
static inline ssh2_mac *ssh2_mac_new(
const ssh2_macalg *alg, ssh_cipher *cipher)
{ return alg->new(alg, cipher); }
static inline void ssh2_mac_free(ssh2_mac *m)
{ m->vt->free(m); }
static inline void ssh2_mac_setkey(ssh2_mac *m, ptrlen key)
{ m->vt->setkey(m, key); }
static inline void ssh2_mac_start(ssh2_mac *m)
{ m->vt->start(m); }
static inline void ssh2_mac_genresult(ssh2_mac *m, unsigned char *out)
{ m->vt->genresult(m, out); }
static inline void ssh2_mac_next_message(ssh2_mac *m)
{ m->vt->next_message(m); }
static inline const char *ssh2_mac_text_name(ssh2_mac *m)
{ return m->vt->text_name(m); }
static inline const ssh2_macalg *ssh2_mac_alg(ssh2_mac *m)
{ return m->vt; }
/* Centralised 'methods' for ssh2_mac, defined in mac.c. These run
* the MAC in a specifically SSH-2 style, i.e. taking account of a
* packet sequence number as well as the data to be authenticated. */
bool ssh2_mac_verresult(ssh2_mac *, const void *);
void ssh2_mac_generate(ssh2_mac *, void *, int, unsigned long seq);
bool ssh2_mac_verify(ssh2_mac *, const void *, int, unsigned long seq);
void nullmac_next_message(ssh2_mac *m);
/* Use a MAC in its raw form, outside SSH-2 context, to MAC a given
* string with a given key in the most obvious way. */
void mac_simple(const ssh2_macalg *alg, ptrlen key, ptrlen data, void *output);
struct ssh_hash {
const ssh_hashalg *vt;
BinarySink_DELEGATE_IMPLEMENTATION;
};
struct ssh_hashalg {
ssh_hash *(*new)(const ssh_hashalg *alg);
void (*reset)(ssh_hash *);
void (*copyfrom)(ssh_hash *dest, ssh_hash *src);
void (*digest)(ssh_hash *, unsigned char *);
void (*free)(ssh_hash *);
size_t hlen; /* output length in bytes */
size_t blocklen; /* length of the hash's input block, or 0 for N/A */
const char *text_basename; /* the semantic name of the hash */
const char *annotation; /* extra info, e.g. which of multiple impls */
const char *text_name; /* both combined, e.g. "SHA-n (unaccelerated)" */
const void *extra; /* private to the hash implementation */
};
static inline ssh_hash *ssh_hash_new(const ssh_hashalg *alg)
{ ssh_hash *h = alg->new(alg); if (h) h->vt->reset(h); return h; }
static inline ssh_hash *ssh_hash_copy(ssh_hash *orig)
{ ssh_hash *h = orig->vt->new(orig->vt); h->vt->copyfrom(h, orig); return h; }
static inline void ssh_hash_digest(ssh_hash *h, unsigned char *out)
{ h->vt->digest(h, out); }
static inline void ssh_hash_free(ssh_hash *h)
{ h->vt->free(h); }
static inline const ssh_hashalg *ssh_hash_alg(ssh_hash *h)
{ return h->vt; }
/* The reset and copyfrom vtable methods return void. But for call-site
* convenience, these wrappers return their input pointer. */
static inline ssh_hash *ssh_hash_reset(ssh_hash *h)
{ h->vt->reset(h); return h; }
static inline ssh_hash *ssh_hash_copyfrom(ssh_hash *dest, ssh_hash *src)
{ dest->vt->copyfrom(dest, src); return dest; }
/* ssh_hash_final emits the digest _and_ frees the ssh_hash */
static inline void ssh_hash_final(ssh_hash *h, unsigned char *out)
{ h->vt->digest(h, out); h->vt->free(h); }
/* ssh_hash_digest_nondestructive generates a finalised hash from the
* given object without changing its state, so you can continue
* appending data to get a hash of an extended string. */
static inline void ssh_hash_digest_nondestructive(ssh_hash *h,
unsigned char *out)
{ ssh_hash_final(ssh_hash_copy(h), out); }
/* Handy macros for defining all those text-name fields at once */
#define HASHALG_NAMES_BARE(base) \
.text_basename = base, .annotation = NULL, .text_name = base
#define HASHALG_NAMES_ANNOTATED(base, ann) \
.text_basename = base, .annotation = ann, .text_name = base " (" ann ")"
void hash_simple(const ssh_hashalg *alg, ptrlen data, void *output);
struct ssh_kex {
const char *name, *groupname;
enum { KEXTYPE_DH, KEXTYPE_RSA, KEXTYPE_ECDH,
KEXTYPE_GSS, KEXTYPE_GSS_ECDH } main_type;
const ssh_hashalg *hash;
union { /* publicly visible data for each type */
const ecdh_keyalg *ecdh_vt; /* for KEXTYPE_ECDH, KEXTYPE_GSS_ECDH */
};
const void *extra; /* private to the kex methods */
};
static inline bool kex_is_gss(const struct ssh_kex *kex)
{
return kex->main_type == KEXTYPE_GSS || kex->main_type == KEXTYPE_GSS_ECDH;
}
struct ssh_kexes {
int nkexes;
const ssh_kex *const *list;
};
/* Indices of the negotiation strings in the KEXINIT packet */
enum kexlist {
KEXLIST_KEX, KEXLIST_HOSTKEY, KEXLIST_CSCIPHER, KEXLIST_SCCIPHER,
KEXLIST_CSMAC, KEXLIST_SCMAC, KEXLIST_CSCOMP, KEXLIST_SCCOMP,
NKEXLIST
};
struct ssh_keyalg {
/* Constructors that create an ssh_key */
ssh_key *(*new_pub) (const ssh_keyalg *self, ptrlen pub);
ssh_key *(*new_priv) (const ssh_keyalg *self, ptrlen pub, ptrlen priv);
ssh_key *(*new_priv_openssh) (const ssh_keyalg *self, BinarySource *);
/* Methods that operate on an existing ssh_key */
void (*freekey) (ssh_key *key);
char *(*invalid) (ssh_key *key, unsigned flags);
void (*sign) (ssh_key *key, ptrlen data, unsigned flags, BinarySink *);
bool (*verify) (ssh_key *key, ptrlen sig, ptrlen data);
void (*public_blob)(ssh_key *key, BinarySink *);
void (*private_blob)(ssh_key *key, BinarySink *);
void (*openssh_blob) (ssh_key *key, BinarySink *);
bool (*has_private) (ssh_key *key);
char *(*cache_str) (ssh_key *key);
key_components *(*components) (ssh_key *key);
ssh_key *(*base_key) (ssh_key *key); /* does not confer ownership */
/* The following methods can be NULL if !is_certificate */
void (*ca_public_blob)(ssh_key *key, BinarySink *);
bool (*check_cert)(ssh_key *key, bool host, ptrlen principal,
uint64_t time, const ca_options *opts,
BinarySink *error);
void (*cert_id_string)(ssh_key *key, BinarySink *);
SeatDialogText *(*cert_info)(ssh_key *key);
/* 'Class methods' that don't deal with an ssh_key at all */
int (*pubkey_bits) (const ssh_keyalg *self, ptrlen blob);
unsigned (*supported_flags) (const ssh_keyalg *self);
const char *(*alternate_ssh_id) (const ssh_keyalg *self, unsigned flags);
char *(*alg_desc)(const ssh_keyalg *self);
bool (*variable_size)(const ssh_keyalg *self);
/* The following methods can be NULL if !is_certificate */
const ssh_keyalg *(*related_alg)(const ssh_keyalg *self,
const ssh_keyalg *base);
/* Constant data fields giving information about the key type */
const char *ssh_id; /* string identifier in the SSH protocol */
const char *cache_id; /* identifier used in PuTTY's host key cache */
const void *extra; /* private to the public key methods */
bool is_certificate; /* is this a certified key type? */
const ssh_keyalg *base_alg; /* if so, for what underlying key alg? */
};
static inline ssh_key *ssh_key_new_pub(const ssh_keyalg *self, ptrlen pub)
{ return self->new_pub(self, pub); }
static inline ssh_key *ssh_key_new_priv(
const ssh_keyalg *self, ptrlen pub, ptrlen priv)
{ return self->new_priv(self, pub, priv); }
static inline ssh_key *ssh_key_new_priv_openssh(
const ssh_keyalg *self, BinarySource *src)
{ return self->new_priv_openssh(self, src); }
static inline void ssh_key_free(ssh_key *key)
{ key->vt->freekey(key); }
static inline char *ssh_key_invalid(ssh_key *key, unsigned flags)
{ return key->vt->invalid(key, flags); }
static inline void ssh_key_sign(
ssh_key *key, ptrlen data, unsigned flags, BinarySink *bs)
{ key->vt->sign(key, data, flags, bs); }
static inline bool ssh_key_verify(ssh_key *key, ptrlen sig, ptrlen data)
{ return key->vt->verify(key, sig, data); }
static inline void ssh_key_public_blob(ssh_key *key, BinarySink *bs)
{ key->vt->public_blob(key, bs); }
static inline void ssh_key_private_blob(ssh_key *key, BinarySink *bs)
{ key->vt->private_blob(key, bs); }
static inline void ssh_key_openssh_blob(ssh_key *key, BinarySink *bs)
{ key->vt->openssh_blob(key, bs); }
static inline bool ssh_key_has_private(ssh_key *key)
{ return key->vt->has_private(key); }
static inline char *ssh_key_cache_str(ssh_key *key)
{ return key->vt->cache_str(key); }
static inline key_components *ssh_key_components(ssh_key *key)
{ return key->vt->components(key); }
static inline ssh_key *ssh_key_base_key(ssh_key *key)
{ return key->vt->base_key(key); }
static inline void ssh_key_ca_public_blob(ssh_key *key, BinarySink *bs)
{ key->vt->ca_public_blob(key, bs); }
static inline void ssh_key_cert_id_string(ssh_key *key, BinarySink *bs)
{ key->vt->cert_id_string(key, bs); }
static inline SeatDialogText *ssh_key_cert_info(ssh_key *key)
{ return key->vt->cert_info(key); }
static inline bool ssh_key_check_cert(
ssh_key *key, bool host, ptrlen principal, uint64_t time,
const ca_options *opts, BinarySink *error)
{ return key->vt->check_cert(key, host, principal, time, opts, error); }
static inline int ssh_key_public_bits(const ssh_keyalg *self, ptrlen blob)
{ return self->pubkey_bits(self, blob); }
static inline const ssh_keyalg *ssh_key_alg(ssh_key *key)
{ return key->vt; }
static inline const char *ssh_key_ssh_id(ssh_key *key)
{ return key->vt->ssh_id; }
static inline const char *ssh_key_cache_id(ssh_key *key)
{ return key->vt->cache_id; }
static inline unsigned ssh_key_supported_flags(ssh_key *key)
{ return key->vt->supported_flags(key->vt); }
static inline unsigned ssh_keyalg_supported_flags(const ssh_keyalg *self)
{ return self->supported_flags(self); }
static inline const char *ssh_keyalg_alternate_ssh_id(
const ssh_keyalg *self, unsigned flags)
{ return self->alternate_ssh_id(self, flags); }
static inline char *ssh_keyalg_desc(const ssh_keyalg *self)
{ return self->alg_desc(self); }
static inline bool ssh_keyalg_variable_size(const ssh_keyalg *self)
{ return self->variable_size(self); }
static inline const ssh_keyalg *ssh_keyalg_related_alg(
const ssh_keyalg *self, const ssh_keyalg *base)
{ return self->related_alg(self, base); }
/* Stub functions shared between multiple key types */
unsigned nullkey_supported_flags(const ssh_keyalg *self);
const char *nullkey_alternate_ssh_id(const ssh_keyalg *self, unsigned flags);
ssh_key *nullkey_base_key(ssh_key *key);
bool nullkey_variable_size_no(const ssh_keyalg *self);
bool nullkey_variable_size_yes(const ssh_keyalg *self);
/* Utility functions implemented centrally */
ssh_key *ssh_key_clone(ssh_key *key);
/*
* SSH2 ECDH key exchange vtable
*/
struct ecdh_key {
const ecdh_keyalg *vt;
};
struct ecdh_keyalg {
/* Unusually, the 'new' method here doesn't directly take a vt
* pointer, because it will also need the containing ssh_kex
* structure for top-level parameters, and since that contains a
* vt pointer anyway, we might as well _only_ pass that. */
ecdh_key *(*new)(const ssh_kex *kex, bool is_server);
void (*free)(ecdh_key *key);
void (*getpublic)(ecdh_key *key, BinarySink *bs);
bool (*getkey)(ecdh_key *key, ptrlen remoteKey, BinarySink *bs);
char *(*description)(const ssh_kex *kex);
};
static inline ecdh_key *ecdh_key_new(const ssh_kex *kex, bool is_server)
{ return kex->ecdh_vt->new(kex, is_server); }
static inline void ecdh_key_free(ecdh_key *key)
{ key->vt->free(key); }
static inline void ecdh_key_getpublic(ecdh_key *key, BinarySink *bs)
{ key->vt->getpublic(key, bs); }
static inline bool ecdh_key_getkey(ecdh_key *key, ptrlen remoteKey,
BinarySink *bs)
{ return key->vt->getkey(key, remoteKey, bs); }
static inline char *ecdh_keyalg_description(const ssh_kex *kex)
{ return kex->ecdh_vt->description(kex); }
/*
* Suffix on GSSAPI SSH protocol identifiers that indicates Kerberos 5
* as the mechanism.
*
* This suffix is the base64-encoded MD5 hash of the byte sequence