Commit 37dd36d6 authored by Niels Möller's avatar Niels Möller
Browse files

*** empty log message ***

Rev: src/Makefile.in:1.1
Rev: src/atoms.in:1.1
Rev: src/debug.c:1.2
Rev: src/decrypt.c:1.1
Rev: src/decrypt.h:1.1
Rev: src/encrypt.c:1.2
Rev: src/pad.c:1.2
Rev: src/process_atoms:1.1
Rev: src/transport.h:1.2
Rev: src/unpad.c:1.1
Rev: src/unpad.h:1.1
Rev: src/zlib.c:1.2
parent 33e3cd24
atoms.h: atoms.in process_atoms
bash process_atoms header <atoms.in >atoms.h
atoms_gperf.c: atoms.in process_atoms
bash process_atoms gperf <atoms.in |gperf -t -k1,7,$$ >atoms_gperf.c
atoms_table.c: atoms.in process_atoms
bash process_atoms table <atoms.in >atoms_table.c
# Atoms known by this ssh-implementation
# Lines beginning with # are comments. Empty lines are ignored. The
# first word on each line is the name of an atom.
# Compression
none
zlib
# Bulk encryption
3des-cbc REQUIRED three-key 3DES in CBC mode
blowfish-cbc RECOMMENDED Blowfish in CBC mode
arcfour OPTIONAL the ARCFOUR stream cipher
idea-cbc OPTIONAL IDEA in CBC mode
cast128-cbc OPTIONAL CAST-128 in CBC mode
# none OPTIONAL no encryption; NOT RECOMMENDED
# MAC algorithms
hmac-sha1 REQUIRED HMAC-SHA1 (length = 20)
hmac-sha-96 RECOMMENDED first 96 bits of HMAC-SHA1 (length = 12)
hmac-md5 OPTIONAL HMAC-MD5 (length = 16)
hmac-md5-96 OPTIONAL first 96 bits of HMAC-MD5 (length = 12)
# none OPTIONAL no MAC; NOT RECOMMENDED
# Key exchange methods
diffie-hellman-group1-sha1 REQUIRED
# Key and certificate types
ssh-dss REQUIRED sign Simple DSS
x509v3 RECOMMENDED sign X.509 certificates
spki OPTIONAL sign SPKI certificates
pgp OPTIONAL sign OpenPGP certificates
# Services
ssh-userauth
ssh-connection
...@@ -32,7 +32,7 @@ struct packet_processor *make_debug_processor(FILE *output, ...@@ -32,7 +32,7 @@ struct packet_processor *make_debug_processor(FILE *output,
closure->c->next = continuation; closure->c->next = continuation;
closure->output = output; closure->output = output;
return (packet_processor) closure; return (struct packet_processor *) closure;
} }
/* decrypt.c
*
*/
#include "decrypt.c"
#define WAIT_HEADER 0
#define WAIT_CONTENTS 1
#define WAIT_MAC 2
static int do_decrypt(struct encrypt_processor *closure,
struct simple_packet *packet)
{
/* Number of octets n the input packet that have been processed */
UINT32 pos = 0;
while(pos < packet->length)
switch(closure->state)
{
case WAIT_HEADER:
{
UINT32 left = closure->block_size - closure->pos;
UINT32 copy = MIN(left, (packet->length - pos));
memcpy(closure->block_buffer + closure->pos,
packet->data + pos,
copy);
pos += copy;
closure->pos += copy;
if (left == copy)
{
/* Read a full header */
UINT32 length;
/* Decrypt the first block */
closure->decrypt_function(closure->decrypt_state,
block_size, closure->block_buffer,
closure->block_buffer);
length = ntohl( * (UINT32 *) header);
if (length > closure->max_packet)
return 0;
if ( (length < 12)
|| (length < (closure->block_size - 4))
|| ( (length + 4) % closure->block_size))
return 0;
/* The length of remaining data. Note that the first,
* already decrypted, block contains some of the
* decypted payload. */
closure->recieved
= simple_packet_alloc(length
- (closure->block_size - 4));
closure->pos = 0;
closure->state = WAIT_CONTENTS;
/* Fall through to WAIT_CONTNTS */
}
else
/* Processed all octets of this packet. Still no complete
* header. */
break;
}
case WAIT_CONTENTS:
{
UINT32 left = closure->recieved->length - closure->pos;
UINT32 copy = MIN(left, packet->length - pos);
memcpy(closure->recieved->data + closure->pos,
packet->data + pos,
copy);
pos += copy;
closure->pos += copy;
if (left == copy)
{
/* Read a complete packet (but no MAC yet) */
UINT32 left_overs = closure->block_size - 4;
/* Full packet (including left-overs from the first block) */
struct simple_packet *new
= simple_packet_alloc(closure->recieved->length
+ left_overs);
memcpy(new->data, closure->block_buffer + 4,
left_overs);
closure->decrypt_function(closure->decrypt_state,
closure->recieved->length,
new->data + left_overs);
simple_packet_free(closure->recieved);
closure->recieved = new;
if (closure->mac_size)
closure->mac_function(closure->mac_state,
new->length,
new->data,
closure->block_buffer);
closure->pos = 0;
closure->state = WAIT_MAC;
/* Fall through */
}
else
/* Processe all octets, but still haven't got a complete packet */
break;
}
case WAIT_MAC:
if (closure->mac_size)
{
UINT32 left = closure->mac_size - closure->pos;
UINT32 cmp = MIN(left, packet->length - pos);
if (!memcpy(closure->block_buffer + closure->pos,
packet->data + pos,
cmp))
return 0;
pos += cmp;
closure->pos += cmp;
if (left > cmp)
{
/* Processed all octets, but still haven't received a
complete MAC */
break;
}
}
/* MAC was ok, pass packet on */
if (!apply_continuation(closure->next, closure->recieved))
return 0;
closure->recieved = NULL;
closure->pos = 0;
closure->state = WAIT_HEADER;
break;
default:
fatal("Internal error");
}
/* Processed all octets of this packet. */
return 1;
}
struct packet_processor *
make_encrypt_processor(struct packet_processor *continuation,
UINT32 max_packet,
unsigned mac_size,
transform_function mac_function,
void *mac_state,
unsigned block_size,
transform_function encrypt_function,
void *encrypt_state)
{
struct pad_processor *closure = xalloc(sizeof(struct pad_processor)
+ MAX(block_size, mac_size) - 1);
closure->c->p->f = (raw_processor_function) do_encrypt;
closure->c->next = continuation;
/* state */
closure->state = WAIT_HEADER;
closure->pos = 0;
closure->recieved = NULL;
closure->max_packet = max_packet;
closure->mac_size = mac_size;
closure->mac_function = mac_function;
closure->mac_state = mac_state;
closure->block_size = block_size;
closure->encrypt_function = encrypt_function;
closure->encrypt_state = encrypt_state;
return (struct packet_processor *) closure;
}
/* decrypt.h
*
*/
#ifndef LSH_DECRYPT_H_INCLUDED
#define LSH_DECRYPT_H_INCLUDED
/* The input packets to this processor are arbitrary octet strings,
* for instance as returned by read(). The data is collected,
* decrypted, and the (padded) payload is passed on to the next packet
* processor, as soon as a complete packet has been read. */
struct decrypt_processor
{
struct chained_processor c;
int state;
UINT32 pos;
UINT32 max_packet;
struct simple_packet *recieved;
unsigned mac_size;
transform_function mac_function;
void *mac_state;
unsigned block_size;
transform_function decrypt_function;
void *decrypt_state;
UINT8 block_buffer[1];
};
struct packet_processor *
make_decrypt_processor(struct packet_processor *containing,
UINT32 max_packet,
unsigned mac_size,
transform_function mac_function,
void *mac_state,
unsigned block_size,
transform_function encrypt_function,
void *encrypt_state);
#endif /* LSH_DECRYPT_H_INCLUDED */
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
#include "encrypt.h" #include "encrypt.h"
static int do_crypt(struct encrypt_processor *closure, static int do_encrypt(struct encrypt_processor *closure,
struct simple_packet *packet) struct simple_packet *packet)
{ {
struct simple_packet *new struct simple_packet *new
...@@ -13,6 +13,7 @@ static int do_crypt(struct encrypt_processor *closure, ...@@ -13,6 +13,7 @@ static int do_crypt(struct encrypt_processor *closure,
closure->encrypt_function(closure->encrypt_state, closure->encrypt_function(closure->encrypt_state,
packet->data, new->data, packet->length); packet->data, new->data, packet->length);
if (closure->mac_size)
closure->mac_function(closure->mac_state, closure->mac_function(closure->mac_state,
packet->data, new->data + packet->length); packet->data, new->data + packet->length);
...@@ -31,7 +32,7 @@ make_encrypt_processor(struct packet_processor *containing, ...@@ -31,7 +32,7 @@ make_encrypt_processor(struct packet_processor *containing,
{ {
struct pad_processor *closure = xalloc(sizeof(struct pad_processor)); struct pad_processor *closure = xalloc(sizeof(struct pad_processor));
closure->c->p->f = (raw_processor_function) do_pad; closure->c->p->f = (raw_processor_function) do_encrypt;
closure->c->next = continuation; closure->c->next = continuation;
closure->mac_size = mac_size; closure->mac_size = mac_size;
closure->mac_function = mac_function; closure->mac_function = mac_function;
...@@ -39,7 +40,7 @@ make_encrypt_processor(struct packet_processor *containing, ...@@ -39,7 +40,7 @@ make_encrypt_processor(struct packet_processor *containing,
closure->encrypt_function = encrypt_function; closure->encrypt_function = encrypt_function;
closure->encrypt_state = encrypt_state; closure->encrypt_state = encrypt_state;
return (packet_processor) closure; return (struct packet_processor *) closure;
} }
...@@ -47,5 +47,5 @@ struct packet_processor *make_pad_processor(packet_processor *continuation, ...@@ -47,5 +47,5 @@ struct packet_processor *make_pad_processor(packet_processor *continuation,
closure->random = random; closure->random = random;
closure->state = state; closure->state = state;
return (packet_processor) closure; return (struct packet_processor *) closure;
} }
#! /usr/local/bin/bash
function help() {
echo commands: help header gperf filter table
}
function header() {
echo '/* Automatically generated by process_atoms.sh,'
echo ' * ' `date`
echo ' * Do not edit! */'
echo
}
atom_id=0
function getatom() {
atom=''
while [ x$atom = x ]; do
read atom ignored
if [ x$? != x0 ] ; then
return 1
fi
case $atom in
\#*)
atom=''
;;
esac ;
done
atom_id=$[ atom_id + 1 ]
}
function atom2define () {
echo -n ATOM_$1 | tr -- -a-z _A-Z
}
if [ x$# != x1 ]; then
help
exit 1
fi
case $1 in
filter)
while getatom; do
echo $atom $atom_id
done
;;
header)
header
while getatom; do
echo -n '#define '
atom2define $atom
echo ' ' $atom_id
done
;;
gperf)
echo '%{'
header
echo '%}'
echo 'struct atom { char *name; int id; };'
echo '%%'
while getatom; do
echo -n "$atom, "
atom2define $atom
echo
done
;;
table)
header
echo -n '{ "UNKNOWN"'
while getatom; do
echo ','
echo -n ' "'$atom'"'
done
echo ' }'
;;
help)
help
exit 0
;;
*)
help
exit 1
;;
esac
...@@ -69,11 +69,13 @@ UINT32 simple_buffer_avail(struct simple_buffer *buffer); ...@@ -69,11 +69,13 @@ UINT32 simple_buffer_avail(struct simple_buffer *buffer);
* such as the process parameters, next processor, output socket, etc. * such as the process parameters, next processor, output socket, etc.
* */ * */
/* This function returns 0 if there's some fatal protocol error
* (implying immediate shutdown of (this direction of) a connection.
* Otherwise returns 1. */
typedef int (*raw_processor_function)(struct packet_processor *context, typedef int (*raw_processor_function)(struct packet_processor *context,
struct simple_packet *packet); struct simple_packet *packet);
struct packet_processor struct packet_processor
{ {
/* Returns some (so far unspecified) return code */
raw_processor_function f; raw_processor_function f;
}; };
...@@ -87,4 +89,13 @@ struct chained_processor ...@@ -87,4 +89,13 @@ struct chained_processor
struct *packet_processor *next; struct *packet_processor *next;
}; };
/* error codes, returned from packet processors. zero means ok,
* negative means a fatal protocol failure, and positive values are
* errors that should be reported to the otrher end. */
#define LSH_ERR_TOO_LARGE_PACKET -1
#define LSH_ERR_BAD_LENGTH -2
#define LSH_ERR_BAD_MAC -3
#endif /* LSH_TRANSPORT_H_INCLUDED */ #endif /* LSH_TRANSPORT_H_INCLUDED */
/* unpad.c
*
*/
static int do_unpad(struct pad_processor *closure,
struct simple_packet *packet)
{
UINT8 padding_length;
UINT32 payload_length;
struct simple_packet *new;
if (packet->length < 1)
return 0;
padding_length = packet->data[0];
if ( (padding_length < 4)
|| (padding_length >= packet->length) )
return 0;
payload_length = packet->length - 1 - padding_length;
new = simple_packet_alloc(payload_length);
memcpy(new->data, packet->data + 1, payload_length);
simple_packet_free(packet);
return apply_continuation(closure->next, new);
}
struct packet_processor *make_pad_processor(packet_processor *continuation)
{
struct pad_processor *closure = xalloc(sizeof(struct pad_processor));
closure->c->p->f = (raw_processor_function) do_unpad;
closure->c->next = continuation;
return (struct packet_processor *) closure;
}
/* unpad.h
*
* Processor for unpadding and formatting ssh-packets
*/
#ifndef LSH_UNPAD_H_INCLUDED
#define LSH_UNPAD_H_INCLUDED
/* Input to the processor is a padded payload. */
struct unpad_processor
{
struct chained_processor c;
};
struct packet_processor *make_unpad_processor(packet_processor *continuation);
#endif /* LSH_UNPAD_H_INCLUDED */
...@@ -27,5 +27,5 @@ struct packet_processor *make_zlib_processor(packet_processor *continuation, ...@@ -27,5 +27,5 @@ struct packet_processor *make_zlib_processor(packet_processor *continuation,
closure->c->next = continuation; closure->c->next = continuation;
/* inititialize closure->zstream */ /* inititialize closure->zstream */
return (packet_processor) closure; return (struct packet_processor *) closure;
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment