Xuyi Wang
ssh
Embed:
(wiki syntax)
Show/hide line numbers
internal.h
00001 /* internal.h 00002 * 00003 * Copyright (C) 2014-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSH. 00006 * 00007 * wolfSSH is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 3 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSH is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with wolfSSH. If not, see <http://www.gnu.org/licenses/>. 00019 */ 00020 00021 00022 /* 00023 * The internal module contains the private data and functions. The public 00024 * API calls into this module to do the work of processing the connections. 00025 */ 00026 00027 00028 #pragma once 00029 00030 #include <wolfssh/ssh.h> 00031 #include <wolfcrypt/hash.h> 00032 #include <wolfcrypt/random.h> 00033 #include <wolfcrypt/aes.h> 00034 #include <wolfcrypt/dh.h> 00035 #include <wolfcrypt/ecc.h> 00036 00037 00038 #if !defined (ALIGN16) 00039 #if defined (__GNUC__) 00040 #define ALIGN16 __attribute__ ( (aligned (16))) 00041 #elif defined(_MSC_VER) 00042 /* disable align warning, we want alignment ! */ 00043 #pragma warning(disable: 4324) 00044 #define ALIGN16 __declspec (align (16)) 00045 #else 00046 #define ALIGN16 00047 #endif 00048 #endif 00049 00050 00051 #ifdef __cplusplus 00052 extern "C" { 00053 #endif 00054 00055 00056 WOLFSSH_LOCAL const char* GetErrorString(int); 00057 00058 00059 enum { 00060 /* Any of the items can be none. */ 00061 ID_NONE, 00062 00063 /* Encryption IDs */ 00064 ID_AES128_CBC, 00065 ID_AES128_GCM, 00066 00067 /* Integrity IDs */ 00068 ID_HMAC_SHA1, 00069 ID_HMAC_SHA1_96, 00070 ID_HMAC_SHA2_256, 00071 00072 /* Key Exchange IDs */ 00073 ID_DH_GROUP1_SHA1, 00074 ID_DH_GROUP14_SHA1, 00075 ID_DH_GEX_SHA256, 00076 ID_ECDH_SHA2_NISTP256, 00077 ID_ECDH_SHA2_NISTP384, 00078 ID_ECDH_SHA2_NISTP521, 00079 00080 /* Public Key IDs */ 00081 ID_SSH_RSA, 00082 ID_ECDSA_SHA2_NISTP256, 00083 ID_ECDSA_SHA2_NISTP384, 00084 ID_ECDSA_SHA2_NISTP521, 00085 00086 /* Service IDs */ 00087 ID_SERVICE_USERAUTH, 00088 ID_SERVICE_CONNECTION, 00089 00090 /* UserAuth IDs */ 00091 ID_USERAUTH_PASSWORD, 00092 ID_USERAUTH_PUBLICKEY, 00093 00094 /* Channel Type IDs */ 00095 ID_CHANTYPE_SESSION, 00096 00097 ID_UNKNOWN 00098 }; 00099 00100 00101 #define MAX_ENCRYPTION 3 00102 #define MAX_INTEGRITY 2 00103 #define MAX_KEY_EXCHANGE 2 00104 #define MAX_PUBLIC_KEY 1 00105 #define MAX_HMAC_SZ SHA256_DIGEST_SIZE 00106 #define MIN_BLOCK_SZ 8 00107 #define COOKIE_SZ 16 00108 #define LENGTH_SZ 4 00109 #define PAD_LENGTH_SZ 1 00110 #define MIN_PAD_LENGTH 4 00111 #define BOOLEAN_SZ 1 00112 #define MSG_ID_SZ 1 00113 #define SHA1_96_SZ 12 00114 #define UINT32_SZ 4 00115 #define SSH_PROTO_SZ 7 /* "SSH-2.0" */ 00116 #define SSH_PROTO_EOL_SZ 2 /* Just the CRLF */ 00117 #define AEAD_IMP_IV_SZ 4 00118 #define AEAD_EXP_IV_SZ 8 00119 #define AEAD_NONCE_SZ (AEAD_IMP_IV_SZ+AEAD_EXP_IV_SZ) 00120 #ifndef DEFAULT_HIGHWATER_MARK 00121 #define DEFAULT_HIGHWATER_MARK ((1024 * 1024 * 1024) - (32 * 1024)) 00122 #endif 00123 #ifndef DEFAULT_WINDOW_SZ 00124 //#define DEFAULT_WINDOW_SZ (1024 * 1024) 00125 #define DEFAULT_WINDOW_SZ (8 * 1024) // ESP32 Doesn't have that much RAM 00126 #endif 00127 #ifndef DEFAULT_MAX_PACKET_SZ 00128 //#define DEFAULT_MAX_PACKET_SZ (16 * 1024) 00129 #define DEFAULT_MAX_PACKET_SZ (2 * 1024) // ESP32 Doesn't have that much RAM 00130 #endif 00131 #ifndef DEFAULT_NEXT_CHANNEL 00132 #define DEFAULT_NEXT_CHANNEL 0 00133 #endif 00134 00135 00136 WOLFSSH_LOCAL byte NameToId(const char*, word32); 00137 WOLFSSH_LOCAL const char* IdToName(byte); 00138 00139 00140 #define STATIC_BUFFER_LEN AES_BLOCK_SIZE 00141 /* This is one AES block size. We always grab one 00142 * block size first to decrypt to find the size of 00143 * the rest of the data. */ 00144 00145 00146 typedef struct Buffer { 00147 void* heap; /* Heap for allocations */ 00148 word32 length; /* total buffer length used */ 00149 word32 idx; /* idx to part of length already consumed */ 00150 byte* buffer; /* place holder for actual buffer */ 00151 word32 bufferSz; /* current buffer size */ 00152 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN]; 00153 byte dynamicFlag; /* dynamic memory currently in use */ 00154 } Buffer; 00155 00156 00157 WOLFSSH_LOCAL int BufferInit(Buffer*, word32, void*); 00158 WOLFSSH_LOCAL int GrowBuffer(Buffer*, word32, word32); 00159 WOLFSSH_LOCAL void ShrinkBuffer(Buffer* buf, int); 00160 00161 00162 /* our wolfSSH Context */ 00163 struct WOLFSSH_CTX { 00164 void* heap; /* heap hint */ 00165 WS_CallbackIORecv ioRecvCb; /* I/O Receive Callback */ 00166 WS_CallbackIOSend ioSendCb; /* I/O Send Callback */ 00167 WS_CallbackUserAuth userAuthCb; /* User Authentication Callback */ 00168 WS_CallbackHighwater highwaterCb; /* Data Highwater Mark Callback */ 00169 00170 byte* privateKey; /* Owned by CTX */ 00171 word32 privateKeySz; 00172 byte useEcc; /* Depends on the private key */ 00173 word32 highwaterMark; 00174 const char* banner; 00175 word32 bannerSz; 00176 byte side; /* client or server */ 00177 byte showBanner; 00178 }; 00179 00180 00181 typedef struct Ciphers { 00182 Aes aes; 00183 } Ciphers; 00184 00185 00186 typedef struct Keys { 00187 byte iv[AES_BLOCK_SIZE]; 00188 byte ivSz; 00189 byte encKey[AES_BLOCK_SIZE]; 00190 byte encKeySz; 00191 byte macKey[MAX_HMAC_SZ]; 00192 byte macKeySz; 00193 } Keys; 00194 00195 00196 typedef struct HandshakeInfo { 00197 byte kexId; 00198 byte pubKeyId; 00199 byte encryptId; 00200 byte macId; 00201 byte hashId; 00202 byte kexPacketFollows; 00203 byte aeadMode; 00204 00205 byte blockSz; 00206 byte macSz; 00207 00208 Keys keys; 00209 Keys peerKeys; 00210 wc_HashAlg hash; 00211 byte e[257]; /* May have a leading zero for unsigned or is a Q_S value. */ 00212 word32 eSz; 00213 byte x[257]; /* May have a leading zero, for unsigned. */ 00214 word32 xSz; 00215 byte* kexInit; 00216 word32 kexInitSz; 00217 00218 word32 dhGexMinSz; 00219 word32 dhGexPreferredSz; 00220 word32 dhGexMaxSz; 00221 byte* primeGroup; 00222 word32 primeGroupSz; 00223 byte* generator; 00224 word32 generatorSz; 00225 00226 byte useEcc; 00227 union { 00228 DhKey dh; 00229 ecc_key ecc; 00230 } privKey; 00231 } HandshakeInfo; 00232 00233 00234 /* our wolfSSH session */ 00235 struct WOLFSSH { 00236 WOLFSSH_CTX* ctx; /* owner context */ 00237 int error; 00238 int rfd; 00239 int wfd; 00240 void* ioReadCtx; /* I/O Read Context handle */ 00241 void* ioWriteCtx; /* I/O Write Context handle */ 00242 int rflags; /* optional read flags */ 00243 int wflags; /* optional write flags */ 00244 word32 txCount; 00245 word32 rxCount; 00246 word32 highwaterMark; 00247 byte highwaterFlag; /* Set when highwater CB called */ 00248 void* highwaterCtx; 00249 word32 curSz; 00250 word32 seq; 00251 word32 peerSeq; 00252 word32 packetStartIdx; /* Current send packet start index */ 00253 byte paddingSz; /* Current send packet padding size */ 00254 byte acceptState; 00255 byte connectState; 00256 byte clientState; 00257 byte serverState; 00258 byte processReplyState; 00259 byte isKeying; 00260 00261 byte connReset; 00262 byte isClosed; 00263 00264 byte blockSz; 00265 byte encryptId; 00266 byte macId; 00267 byte macSz; 00268 byte aeadMode; 00269 byte peerBlockSz; 00270 byte peerEncryptId; 00271 byte peerMacId; 00272 byte peerMacSz; 00273 byte peerAeadMode; 00274 00275 Ciphers encryptCipher; 00276 Ciphers decryptCipher; 00277 00278 word32 nextChannel; 00279 WOLFSSH_CHANNEL* channelList; 00280 word32 channelListSz; 00281 word32 defaultPeerChannelId; 00282 00283 Buffer inputBuffer; 00284 Buffer outputBuffer; 00285 WC_RNG* rng; 00286 00287 byte h[WC_MAX_DIGEST_SIZE]; 00288 word32 hSz; 00289 byte k[257]; /* May have a leading zero, for unsigned. */ 00290 word32 kSz; 00291 byte sessionId[WC_MAX_DIGEST_SIZE]; 00292 word32 sessionIdSz; 00293 00294 Keys keys; 00295 Keys peerKeys; 00296 HandshakeInfo* handshake; 00297 00298 void* userAuthCtx; 00299 char* userName; 00300 word32 userNameSz; 00301 char* password; 00302 word32 passwordSz; 00303 byte* pkBlob; 00304 word32 pkBlobSz; 00305 byte* peerProtoId; /* Save for rekey */ 00306 word32 peerProtoIdSz; 00307 }; 00308 00309 00310 struct WOLFSSH_CHANNEL { 00311 byte channelType; 00312 word32 channel; 00313 word32 windowSz; 00314 word32 maxPacketSz; 00315 word32 peerChannel; 00316 word32 peerWindowSz; 00317 word32 peerMaxPacketSz; 00318 Buffer inputBuffer; 00319 struct WOLFSSH* ssh; 00320 struct WOLFSSH_CHANNEL* next; 00321 }; 00322 00323 00324 WOLFSSH_LOCAL WOLFSSH_CTX* CtxInit(WOLFSSH_CTX*, byte, void*); 00325 WOLFSSH_LOCAL void CtxResourceFree(WOLFSSH_CTX*); 00326 WOLFSSH_LOCAL WOLFSSH* SshInit(WOLFSSH*, WOLFSSH_CTX*); 00327 WOLFSSH_LOCAL void SshResourceFree(WOLFSSH*, void*); 00328 00329 WOLFSSH_LOCAL WOLFSSH_CHANNEL* ChannelNew(WOLFSSH*, byte, word32, word32); 00330 WOLFSSH_LOCAL int ChannelUpdate(WOLFSSH_CHANNEL*, word32, word32, word32); 00331 WOLFSSH_LOCAL void ChannelDelete(WOLFSSH_CHANNEL*, void*); 00332 WOLFSSH_LOCAL WOLFSSH_CHANNEL* ChannelFind(WOLFSSH*, word32, byte); 00333 WOLFSSH_LOCAL int ChannelRemove(WOLFSSH*, word32, byte); 00334 WOLFSSH_LOCAL int ChannelPutData(WOLFSSH_CHANNEL*, byte*, word32); 00335 WOLFSSH_LOCAL int wolfSSH_ProcessBuffer(WOLFSSH_CTX*, 00336 const byte*, word32, 00337 int, int); 00338 00339 00340 #ifndef WOLFSSH_USER_IO 00341 00342 /* default I/O handlers */ 00343 WOLFSSH_LOCAL int wsEmbedRecv(WOLFSSH*, void*, word32, void*); 00344 WOLFSSH_LOCAL int wsEmbedSend(WOLFSSH*, void*, word32, void*); 00345 00346 #endif /* WOLFSSH_USER_IO */ 00347 00348 00349 WOLFSSH_LOCAL int DoReceive(WOLFSSH*); 00350 WOLFSSH_LOCAL int DoProtoId(WOLFSSH*); 00351 WOLFSSH_LOCAL int SendProtoId(WOLFSSH*); 00352 WOLFSSH_LOCAL int SendKexInit(WOLFSSH*); 00353 WOLFSSH_LOCAL int SendKexDhInit(WOLFSSH*); 00354 WOLFSSH_LOCAL int SendKexDhReply(WOLFSSH*); 00355 WOLFSSH_LOCAL int SendKexDhGexRequest(WOLFSSH*); 00356 WOLFSSH_LOCAL int SendKexDhGexGroup(WOLFSSH*); 00357 WOLFSSH_LOCAL int SendNewKeys(WOLFSSH*); 00358 WOLFSSH_LOCAL int SendUnimplemented(WOLFSSH*); 00359 WOLFSSH_LOCAL int SendDisconnect(WOLFSSH*, word32); 00360 WOLFSSH_LOCAL int SendIgnore(WOLFSSH*, const unsigned char*, word32); 00361 WOLFSSH_LOCAL int SendDebug(WOLFSSH*, byte, const char*); 00362 WOLFSSH_LOCAL int SendServiceRequest(WOLFSSH*, byte); 00363 WOLFSSH_LOCAL int SendServiceAccept(WOLFSSH*, byte); 00364 WOLFSSH_LOCAL int SendUserAuthRequest(WOLFSSH*, byte); 00365 WOLFSSH_LOCAL int SendUserAuthSuccess(WOLFSSH*); 00366 WOLFSSH_LOCAL int SendUserAuthFailure(WOLFSSH*, byte); 00367 WOLFSSH_LOCAL int SendUserAuthBanner(WOLFSSH*); 00368 WOLFSSH_LOCAL int SendUserAuthPkOk(WOLFSSH*, const byte*, word32, 00369 const byte*, word32); 00370 WOLFSSH_LOCAL int SendRequestSuccess(WOLFSSH*, int); 00371 WOLFSSH_LOCAL int SendChannelOpenSession(WOLFSSH*, word32, word32); 00372 WOLFSSH_LOCAL int SendChannelOpenConf(WOLFSSH*); 00373 WOLFSSH_LOCAL int SendChannelEof(WOLFSSH*, word32); 00374 WOLFSSH_LOCAL int SendChannelClose(WOLFSSH*, word32); 00375 WOLFSSH_LOCAL int SendChannelData(WOLFSSH*, word32, byte*, word32); 00376 WOLFSSH_LOCAL int SendChannelWindowAdjust(WOLFSSH*, word32, word32); 00377 WOLFSSH_LOCAL int SendChannelRequestShell(WOLFSSH*); 00378 WOLFSSH_LOCAL int SendChannelSuccess(WOLFSSH*, word32, int); 00379 WOLFSSH_LOCAL int GenerateKey(byte, byte, byte*, word32, const byte*, word32, 00380 const byte*, word32, const byte*, word32); 00381 00382 00383 enum AcceptStates { 00384 ACCEPT_BEGIN = 0, 00385 ACCEPT_SERVER_VERSION_SENT, 00386 ACCEPT_CLIENT_VERSION_DONE, 00387 ACCEPT_SERVER_KEXINIT_SENT, 00388 ACCEPT_KEYED, 00389 ACCEPT_CLIENT_USERAUTH_REQUEST_DONE, 00390 ACCEPT_SERVER_USERAUTH_ACCEPT_SENT, 00391 ACCEPT_CLIENT_USERAUTH_DONE, 00392 ACCEPT_SERVER_USERAUTH_SENT, 00393 ACCEPT_CLIENT_CHANNEL_REQUEST_DONE, 00394 ACCEPT_SERVER_CHANNEL_ACCEPT_SENT 00395 }; 00396 00397 00398 enum ConnectStates { 00399 CONNECT_BEGIN = 0, 00400 CONNECT_CLIENT_VERSION_SENT, 00401 CONNECT_SERVER_VERSION_DONE, 00402 CONNECT_CLIENT_KEXINIT_SENT, 00403 CONNECT_SERVER_KEXINIT_DONE, 00404 CONNECT_CLIENT_KEXDH_INIT_SENT, 00405 CONNECT_KEYED, 00406 CONNECT_CLIENT_USERAUTH_REQUEST_SENT, 00407 CONNECT_SERVER_USERAUTH_REQUEST_DONE, 00408 CONNECT_CLIENT_USERAUTH_SENT, 00409 CONNECT_SERVER_USERAUTH_ACCEPT_DONE, 00410 CONNECT_CLIENT_CHANNEL_OPEN_SESSION_SENT, 00411 CONNECT_SERVER_CHANNEL_OPEN_SESSION_DONE, 00412 CONNECT_CLIENT_CHANNEL_REQUEST_SHELL_SENT, 00413 CONNECT_SERVER_CHANNEL_REQUEST_SHELL_DONE 00414 }; 00415 00416 00417 enum ClientStates { 00418 CLIENT_BEGIN = 0, 00419 CLIENT_VERSION_DONE, 00420 CLIENT_KEXINIT_DONE, 00421 CLIENT_KEXDH_INIT_DONE, 00422 CLIENT_USERAUTH_REQUEST_DONE, 00423 CLIENT_USERAUTH_DONE, 00424 CLIENT_DONE 00425 }; 00426 00427 00428 enum ServerStates { 00429 SERVER_BEGIN = 0, 00430 SERVER_VERSION_DONE, 00431 SERVER_KEXINIT_DONE, 00432 SERVER_USERAUTH_REQUEST_DONE, 00433 SERVER_USERAUTH_ACCEPT_DONE, 00434 SERVER_CHANNEL_OPEN_DONE, 00435 SERVER_DONE 00436 }; 00437 00438 00439 enum ProcessReplyStates { 00440 PROCESS_INIT, 00441 PROCESS_PACKET_LENGTH, 00442 PROCESS_PACKET_FINISH, 00443 PROCESS_PACKET 00444 }; 00445 00446 00447 enum WS_MessageIds { 00448 MSGID_DISCONNECT = 1, 00449 MSGID_IGNORE = 2, 00450 MSGID_UNIMPLEMENTED = 3, 00451 MSGID_DEBUG = 4, 00452 MSGID_SERVICE_REQUEST = 5, 00453 MSGID_SERVICE_ACCEPT = 6, 00454 00455 MSGID_KEXINIT = 20, 00456 MSGID_NEWKEYS = 21, 00457 00458 MSGID_KEXDH_INIT = 30, 00459 MSGID_KEXECDH_INIT = 30, 00460 00461 MSGID_KEXDH_REPLY = 31, 00462 MSGID_KEXECDH_REPLY = 31, 00463 MSGID_KEXDH_GEX_GROUP = 31, 00464 MSGID_KEXDH_GEX_INIT = 32, 00465 MSGID_KEXDH_GEX_REPLY = 33, 00466 MSGID_KEXDH_GEX_REQUEST = 34, 00467 00468 MSGID_USERAUTH_REQUEST = 50, 00469 MSGID_USERAUTH_FAILURE = 51, 00470 MSGID_USERAUTH_SUCCESS = 52, 00471 MSGID_USERAUTH_BANNER = 53, 00472 MSGID_USERAUTH_PK_OK = 60, /* Public Key OK */ 00473 MSGID_USERAUTH_PW_CHRQ = 60, /* Password Change Request */ 00474 00475 MSGID_GLOBAL_REQUEST = 80, 00476 MSGID_REQUEST_SUCCESS = 81, 00477 MSGID_REQUEST_FAILURE = 82, 00478 00479 MSGID_CHANNEL_OPEN = 90, 00480 MSGID_CHANNEL_OPEN_CONF = 91, 00481 MSGID_CHANNEL_OPEN_FAIL = 92, 00482 MSGID_CHANNEL_WINDOW_ADJUST = 93, 00483 MSGID_CHANNEL_DATA = 94, 00484 MSGID_CHANNEL_EOF = 96, 00485 MSGID_CHANNEL_CLOSE = 97, 00486 MSGID_CHANNEL_REQUEST = 98, 00487 MSGID_CHANNEL_SUCCESS = 99, 00488 MSGID_CHANNEL_FAILURE = 100 00489 }; 00490 00491 00492 /* dynamic memory types */ 00493 enum WS_DynamicTypes { 00494 DYNTYPE_CTX, 00495 DYNTYPE_SSH, 00496 DYNTYPE_CHANNEL, 00497 DYNTYPE_BUFFER, 00498 DYNTYPE_ID, 00499 DYNTYPE_HS, 00500 DYNTYPE_CA, 00501 DYNTYPE_CERT, 00502 DYNTYPE_PRIVKEY, 00503 DYNTYPE_PUBKEY, 00504 DYNTYPE_DH, 00505 DYNTYPE_RNG, 00506 DYNTYPE_STRING, 00507 DYNTYPE_MPINT 00508 }; 00509 00510 00511 enum WS_BufferTypes { 00512 BUFTYPE_CA, 00513 BUFTYPE_CERT, 00514 BUFTYPE_PRIVKEY, 00515 BUFTYPE_PUBKEY 00516 }; 00517 00518 00519 WOLFSSH_LOCAL void DumpOctetString(const byte*, word32); 00520 00521 00522 #ifdef __cplusplus 00523 } 00524 #endif 00525
Generated on Tue Jul 12 2022 21:46:52 by
1.7.2