diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2004-07-28 16:44:16 +0000 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2004-07-28 16:44:16 +0000 |
| commit | 33d80f3294df8b5229463589a6a9723bb6191ee8 (patch) | |
| tree | ba72557d5adc76bb9bf156c5e54e29bcd66df9d2 | |
| parent | 4f3a2de383a3c7ece24e9ae01507ed9fc93b4e20 (diff) | |
| download | dropbear-33d80f3294df8b5229463589a6a9723bb6191ee8.tar.gz | |
Client mostly works up to password auth
Need to rework algo-choosing etc, since server is now broken.
| -rw-r--r-- | cli-auth.c | 10 | ||||
| -rw-r--r-- | cli-kex.c | 10 | ||||
| -rw-r--r-- | cli-service.c | 4 | ||||
| -rw-r--r-- | cli-session.c | 16 | ||||
| -rw-r--r-- | common-kex.c | 8 | ||||
| -rw-r--r-- | common-session.c | 1 | ||||
| -rw-r--r-- | dss.c | 4 | ||||
| -rw-r--r-- | process-packet.c | 2 | ||||
| -rw-r--r-- | rsa.c | 6 | ||||
| -rw-r--r-- | service.h | 1 | ||||
| -rw-r--r-- | session.h | 2 | ||||
| -rw-r--r-- | signkey.c | 7 |
12 files changed, 57 insertions, 14 deletions
@@ -31,7 +31,7 @@ void cli_get_user() { ses.authstate.username = m_strdup(pw->pw_name); } - TRACE(("leave cli_get_user: %s", cli_ses.username)); + TRACE(("leave cli_get_user: %s", ses.authstate.username)); } /* Send a "none" auth request to get available methods */ @@ -90,7 +90,7 @@ void recv_msg_userauth_failure() { tok = methods; /* tok stores the next method we'll compare */ for (i = 0; i <= methlen; i++) { if (methods[i] == '\0') { - TRACE(("auth method '%s'\n", tok)); + TRACE(("auth method '%s'", tok)); #ifdef DROPBEAR_PUBKEY_AUTH if (strncmp(AUTH_METHOD_PUBKEY, tok, AUTH_METHOD_PUBKEY_LEN) == 0) { @@ -103,9 +103,9 @@ void recv_msg_userauth_failure() { ses.authstate.authtypes |= AUTH_TYPE_PASSWORD; } #endif - tok = &methods[i]; /* Must make sure we don't use it after - the last loop, since it'll point - to something undefined */ + tok = &methods[i+1]; /* Must make sure we don't use it after the + last loop, since it'll point to something + undefined */ } } @@ -43,7 +43,7 @@ void send_msg_kexdh_init() { cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int)); cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int)); - m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x); + m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL); gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x); CHECKCLEARTOWRITE(); @@ -58,17 +58,23 @@ void recv_msg_kexdh_reply() { mp_int dh_f; sign_key *hostkey = NULL; - int type; + int type, keylen; + TRACE(("enter recv_msg_kexdh_reply")); type = ses.newkeys->algo_hostkey; + TRACE(("type is %d", type)); hostkey = new_sign_key(); + keylen = buf_getint(ses.payload); + if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) { + TRACE(("failed getting pubkey")); dropbear_exit("Bad KEX packet"); } m_mp_init(&dh_f); if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) { + TRACE(("failed getting mpint")); dropbear_exit("Bad KEX packet"); } diff --git a/cli-service.c b/cli-service.c index c873919..8ba06c6 100644 --- a/cli-service.c +++ b/cli-service.c @@ -12,8 +12,8 @@ void send_msg_service_request(char* servicename) { CHECKCLEARTOWRITE(); - buf_putbyte(ses.payload, SSH_MSG_SERVICE_REQUEST); - buf_putstring(ses.payload, servicename, strlen(servicename)); + buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_REQUEST); + buf_putstring(ses.writepayload, servicename, strlen(servicename)); encrypt_packet(); TRACE(("leave send_msg_service_request")); diff --git a/cli-session.c b/cli-session.c index 9f80bd1..2ae2719 100644 --- a/cli-session.c +++ b/cli-session.c @@ -21,6 +21,7 @@ static const packettype cli_packettypes[] = { {SSH_MSG_KEXINIT, recv_msg_kexinit}, {SSH_MSG_KEXDH_REPLY, recv_msg_kexdh_reply}, // client {SSH_MSG_NEWKEYS, recv_msg_newkeys}, + {SSH_MSG_SERVICE_ACCEPT, recv_msg_service_accept}, // client {SSH_MSG_CHANNEL_DATA, recv_msg_channel_data}, {SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust}, {SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_remotetcp}, @@ -30,8 +31,8 @@ static const packettype cli_packettypes[] = { {SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close}, {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation}, {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure}, - {SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, - {SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, + {SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, // client + {SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, // client {0, 0} /* End */ }; @@ -90,11 +91,11 @@ static void cli_sessionloop() { TRACE(("enter cli_sessionloop")); - if (cli_ses.kex_state == KEX_NOTHING && ses.kexstate.recvkexinit) { - cli_ses.state = KEXINIT_RCVD; + if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) { + cli_ses.kex_state = KEXINIT_RCVD; } - if (cli_ses.state == KEXINIT_RCVD) { + if (cli_ses.kex_state == KEXINIT_RCVD) { /* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT * negotiation would have failed. */ @@ -120,6 +121,7 @@ static void cli_sessionloop() { * in normal operation */ if (ses.kexstate.donefirstkex == 0) { TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex")); + return; } switch (cli_ses.state) { @@ -129,6 +131,7 @@ static void cli_sessionloop() { * userauth */ send_msg_service_request(SSH_SERVICE_USERAUTH); cli_ses.state = SERVICE_AUTH_REQ_SENT; + TRACE(("leave cli_sessionloop: sent userauth service req")); return; /* userauth code */ @@ -136,10 +139,12 @@ static void cli_sessionloop() { cli_get_user(); cli_auth_getmethods(); cli_ses.state = USERAUTH_METHODS_SENT; + TRACE(("leave cli_sessionloop: sent userauth methods req")); return; case USERAUTH_FAIL_RCVD: cli_auth_try(); + TRACE(("leave cli_sessionloop: cli_auth_try")); return; /* XXX more here needed */ @@ -149,6 +154,7 @@ static void cli_sessionloop() { break; } + TRACE(("leave cli_sessionloop: fell out")); } diff --git a/common-kex.c b/common-kex.c index 9847a48..07b221b 100644 --- a/common-kex.c +++ b/common-kex.c @@ -613,6 +613,7 @@ static void read_kex_algos() { erralgo = "kex"; goto error; } + TRACE(("kex algo %s", algo->name)); ses.newkeys->algo_kex = algo->val; /* server_host_key_algorithms */ @@ -622,6 +623,7 @@ static void read_kex_algos() { erralgo = "hostkey"; goto error; } + TRACE(("hostkey algo %s", algo->name)); ses.newkeys->algo_hostkey = algo->val; /* encryption_algorithms_client_to_server */ @@ -631,6 +633,7 @@ static void read_kex_algos() { goto error; } ses.newkeys->recv_algo_crypt = (struct dropbear_cipher*)algo->data; + TRACE(("enc algo recv %s", algo->name)); /* encryption_algorithms_server_to_client */ algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess); @@ -639,6 +642,7 @@ static void read_kex_algos() { goto error; } ses.newkeys->trans_algo_crypt = (struct dropbear_cipher*)algo->data; + TRACE(("enc algo trans %s", algo->name)); /* mac_algorithms_client_to_server */ algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess); @@ -647,6 +651,7 @@ static void read_kex_algos() { goto error; } ses.newkeys->recv_algo_mac = (struct dropbear_hash*)algo->data; + TRACE(("mac algo recv %s", algo->name)); /* mac_algorithms_server_to_client */ algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess); @@ -655,6 +660,7 @@ static void read_kex_algos() { goto error; } ses.newkeys->trans_algo_mac = (struct dropbear_hash*)algo->data; + TRACE(("mac algo trans %s", algo->name)); /* compression_algorithms_client_to_server */ algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); @@ -663,6 +669,7 @@ static void read_kex_algos() { goto error; } ses.newkeys->recv_algo_comp = algo->val; + TRACE(("comp algo recv %s", algo->name)); /* compression_algorithms_server_to_client */ algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); @@ -671,6 +678,7 @@ static void read_kex_algos() { goto error; } ses.newkeys->trans_algo_comp = algo->val; + TRACE(("comp algo trans %s", algo->name)); /* languages_client_to_server */ buf_eatstring(ses.payload); diff --git a/common-session.c b/common-session.c index 93e7c74..79166f4 100644 --- a/common-session.c +++ b/common-session.c @@ -75,6 +75,7 @@ void common_session_init(int sock, char* remotehost) { ses.requirenext = SSH_MSG_KEXINIT; ses.dataallowed = 0; /* don't send data yet, we'll wait until after kex */ ses.ignorenext = 0; + ses.lastpacket = 0; /* set all the algos to none */ ses.keys = (struct key_context*)m_malloc(sizeof(struct key_context)); @@ -45,6 +45,7 @@ * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ int buf_get_dss_pub_key(buffer* buf, dss_key *key) { + TRACE(("enter buf_get_dss_pub_key")); assert(key != NULL); key->p = m_malloc(sizeof(mp_int)); key->q = m_malloc(sizeof(mp_int)); @@ -58,14 +59,17 @@ int buf_get_dss_pub_key(buffer* buf, dss_key *key) { || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) { + TRACE(("leave buf_get_dss_pub_key: failed reading mpints")); return DROPBEAR_FAILURE; } if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) { dropbear_log(LOG_WARNING, "DSS key too short"); + TRACE(("leave buf_get_dss_pub_key: short key")); return DROPBEAR_FAILURE; } + TRACE(("leave buf_get_dss_pub_key: success")); return DROPBEAR_SUCCESS; } diff --git a/process-packet.c b/process-packet.c index f9f6dee..3e6b79c 100644 --- a/process-packet.c +++ b/process-packet.c @@ -50,6 +50,8 @@ void process_packet() { type = buf_getbyte(ses.payload); TRACE(("process_packet: packet type = %d", type)); + ses.lastpacket = type; + /* These packets we can receive at any time */ switch(type) { @@ -205,6 +205,8 @@ int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data, mp_int *rsa_em = NULL; int ret = DROPBEAR_FAILURE; + TRACE(("enter buf_rsa_verify")); + assert(key != NULL); m_mp_init_multi(&rsa_mdash, &rsa_s, NULL); @@ -217,6 +219,7 @@ int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data, if (mp_read_unsigned_bin(&rsa_s, buf_getptr(buf, buf->len - buf->pos), buf->len - buf->pos) != MP_OKAY) { + TRACE(("failed reading rsa_s")); goto out; } @@ -230,17 +233,20 @@ int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data, rsa_em = rsa_pad_em(key, data, len); if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) { + TRACE(("failed exptmod rsa_s")); goto out; } if (mp_cmp(rsa_em, &rsa_mdash) == MP_EQ) { /* signature is valid */ + TRACE(("success!")); ret = DROPBEAR_SUCCESS; } out: mp_clear_multi(rsa_em, &rsa_mdash, &rsa_s, NULL); m_free(rsa_em); + TRACE(("leave buf_rsa_verify: ret %d", ret)); return ret; } @@ -27,5 +27,6 @@ void recv_msg_service_request(); /* Server */ void send_msg_service_request(); /* Client */ +void recv_msg_service_accept(); /* Client */ #endif /* _SERVICE_H_ */ @@ -119,6 +119,8 @@ struct sshsession { unsigned char ignorenext; /* whether to ignore the next packet, used for kex_follows stuff */ + + unsigned char lastpacket; /* What the last received packet type was */ @@ -52,8 +52,12 @@ int buf_get_pub_key(buffer *buf, sign_key *key, int *type) { unsigned char* ident; unsigned int len; + TRACE(("enter buf_get_pub_key")); + printhex(buf_getptr(buf, 0x99), 0x99); + ident = buf_getstring(buf, &len); + #ifdef DROPBEAR_DSS if (memcmp(ident, SSH_SIGNKEY_DSS, len) == 0 && (*type == DROPBEAR_SIGNKEY_ANY @@ -78,6 +82,7 @@ int buf_get_pub_key(buffer *buf, sign_key *key, int *type) { return buf_get_rsa_pub_key(buf, key->rsakey); } #endif + TRACE(("leave buf_get_pub_key: didn't match the type we want (%d versus '%s'len %d)", *type, ident, len)); m_free(ident); @@ -352,6 +357,8 @@ int buf_verify(buffer * buf, sign_key *key, const unsigned char *data, unsigned char * ident = NULL; unsigned int identlen = 0; + TRACE(("enter buf_verify")); + bloblen = buf_getint(buf); ident = buf_getstring(buf, &identlen); |