+ MD5Final(session_id, &md5c);
+
+ for (i=0; i<32; i++)
+ session_key[i] = random_byte();
+
+ len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
+
+ rsabuf = malloc(len);
+ if (!rsabuf)
+ fatalbox("Out of memory");
+
+ /*
+ * Verify the host key.
+ */
+ {
+ /*
+ * First format the key into a string.
+ */
+ int len = rsastr_len(&hostkey);
+ char *keystr = malloc(len);
+ if (!keystr)
+ fatalbox("Out of memory");
+ rsastr_fmt(keystr, &hostkey);
+ verify_ssh_host_key(savedhost, keystr);
+ free(keystr);
+ }
+
+ for (i=0; i<32; i++) {
+ rsabuf[i] = session_key[i];
+ if (i < 16)
+ rsabuf[i] ^= session_id[i];
+ }
+
+ if (hostkey.bytes > servkey.bytes) {
+ rsaencrypt(rsabuf, 32, &servkey);
+ rsaencrypt(rsabuf, servkey.bytes, &hostkey);
+ } else {
+ rsaencrypt(rsabuf, 32, &hostkey);
+ rsaencrypt(rsabuf, hostkey.bytes, &servkey);
+ }
+
+ logevent("Encrypted session key");
+
+ cipher_type = cfg.cipher == CIPHER_BLOWFISH ? SSH_CIPHER_BLOWFISH :
+ cfg.cipher == CIPHER_DES ? SSH_CIPHER_DES :
+ SSH_CIPHER_3DES;
+ if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
+ c_write("Selected cipher not supported, falling back to 3DES\r\n", 53);
+ cipher_type = SSH_CIPHER_3DES;
+ }
+ switch (cipher_type) {
+ case SSH_CIPHER_3DES: logevent("Using 3DES encryption"); break;
+ case SSH_CIPHER_DES: logevent("Using single-DES encryption"); break;
+ case SSH_CIPHER_BLOWFISH: logevent("Using Blowfish encryption"); break;
+ }
+
+ send_packet(SSH1_CMSG_SESSION_KEY,
+ PKT_CHAR, cipher_type,
+ PKT_DATA, cookie, 8,
+ PKT_CHAR, (len*8) >> 8, PKT_CHAR, (len*8) & 0xFF,
+ PKT_DATA, rsabuf, len,
+ PKT_INT, 0,
+ PKT_END);
+
+ logevent("Trying to enable encryption...");
+
+ free(rsabuf);
+
+ cipher = cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish :
+ cipher_type == SSH_CIPHER_DES ? &ssh_des :
+ &ssh_3des;
+ cipher->sesskey(session_key);
+
+ crWaitUntil(ispkt);
+
+ if (pktin.type != SSH1_SMSG_SUCCESS)
+ fatalbox("Encryption not successfully enabled");
+
+ logevent("Successfully started encryption");
+
+ fflush(stdout);
+ {
+ static char username[100];
+ static int pos = 0;
+ static char c;
+ if (!(flags & FLAG_CONNECTION) && !*cfg.username) {
+ c_write("login as: ", 10);
+ while (pos >= 0) {
+ crWaitUntil(!ispkt);
+ while (inlen--) switch (c = *in++) {
+ case 10: case 13:
+ username[pos] = 0;
+ pos = -1;
+ break;
+ case 8: case 127:
+ if (pos > 0) {
+ c_write("\b \b", 3);
+ pos--;
+ }
+ break;
+ case 21: case 27:
+ while (pos > 0) {
+ c_write("\b \b", 3);
+ pos--;
+ }
+ break;
+ case 3: case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (((c >= ' ' && c <= '~') ||
+ ((unsigned char)c >= 160)) && pos < 40) {
+ username[pos++] = c;
+ c_write(&c, 1);
+ }
+ break;
+ }
+ }
+ c_write("\r\n", 2);
+ username[strcspn(username, "\n\r")] = '\0';
+ } else {
+ char stuff[200];
+ strncpy(username, cfg.username, 99);
+ username[99] = '\0';
+ if (flags & FLAG_VERBOSE) {
+ sprintf(stuff, "Sent username \"%s\".\r\n", username);
+ c_write(stuff, strlen(stuff));
+ }
+ }
+
+ send_packet(SSH1_CMSG_USER, PKT_STR, username, PKT_END);
+ {
+ char userlog[20+sizeof(username)];
+ sprintf(userlog, "Sent username \"%s\"", username);
+ logevent(userlog);
+ }
+ }
+
+ crWaitUntil(ispkt);
+
+ tried_publickey = 0;
+
+ while (pktin.type == SSH1_SMSG_FAILURE) {
+ static char password[100];
+ static int pos;
+ static char c;
+ static int pwpkt_type;
+ /*
+ * Show password prompt, having first obtained it via a TIS
+ * exchange if we're doing TIS authentication.
+ */
+ pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
+ if (*cfg.keyfile && !tried_publickey)
+ pwpkt_type = SSH1_CMSG_AUTH_RSA;
+
+ if (pwpkt_type == SSH1_CMSG_AUTH_PASSWORD && !FLAG_WINDOWED) {
+ char prompt[200];
+ sprintf(prompt, "%s@%s's password: ", cfg.username, savedhost);
+ if (!ssh_get_password(prompt, password, sizeof(password))) {
+ /*
+ * get_password failed to get a password (for
+ * example because one was supplied on the command
+ * line which has already failed to work).
+ * Terminate.
+ */
+ logevent("No more passwords to try");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturn(1);
+ }
+ } else {
+
+ if (pktin.type == SSH1_SMSG_FAILURE &&
+ cfg.try_tis_auth &&
+ (supported_auths_mask & (1<<SSH1_AUTH_TIS))) {
+ pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
+ logevent("Requested TIS authentication");
+ send_packet(SSH1_CMSG_AUTH_TIS, PKT_END);
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
+ logevent("TIS authentication declined");
+ c_write("TIS authentication refused.\r\n", 29);
+ } else {
+ int challengelen = ((pktin.body[0] << 24) |
+ (pktin.body[1] << 16) |
+ (pktin.body[2] << 8) |
+ (pktin.body[3]));
+ logevent("Received TIS challenge");
+ c_write(pktin.body+4, challengelen);
+ }
+ }
+ if (pwpkt_type == SSH1_CMSG_AUTH_PASSWORD)
+ c_write("password: ", 10);
+ if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
+ if (flags & FLAG_VERBOSE)
+ c_write("Trying public key authentication.\r\n", 35);
+ if (!rsakey_encrypted(cfg.keyfile)) {
+ if (flags & FLAG_VERBOSE)
+ c_write("No passphrase required.\r\n", 25);
+ goto tryauth;
+ }
+ c_write("passphrase: ", 12);
+ }
+
+ pos = 0;
+ while (pos >= 0) {
+ crWaitUntil(!ispkt);
+ while (inlen--) switch (c = *in++) {
+ case 10: case 13:
+ password[pos] = 0;
+ pos = -1;
+ break;
+ case 8: case 127:
+ if (pos > 0)
+ pos--;
+ break;
+ case 21: case 27:
+ pos = 0;
+ break;
+ case 3: case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (((c >= ' ' && c <= '~') ||
+ ((unsigned char)c >= 160)) && pos < sizeof(password))
+ password[pos++] = c;
+ break;
+ }
+ }
+ c_write("\r\n", 2);
+
+ }
+
+ tryauth:
+ if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
+ /*
+ * Try public key authentication with the specified
+ * key file.
+ */
+ static struct RSAKey pubkey;
+ static Bignum challenge, response;
+ static int i;
+ static unsigned char buffer[32];
+
+ tried_publickey = 1;
+ i = loadrsakey(cfg.keyfile, &pubkey, password);
+ if (i == 0) {
+ c_write("Couldn't load public key from ", 30);
+ c_write(cfg.keyfile, strlen(cfg.keyfile));
+ c_write(".\r\n", 3);
+ continue; /* go and try password */
+ }
+ if (i == -1) {
+ c_write("Wrong passphrase.\r\n", 19);
+ tried_publickey = 0;
+ continue; /* try again */
+ }
+
+ /*
+ * Send a public key attempt.
+ */
+ send_packet(SSH1_CMSG_AUTH_RSA,
+ PKT_BIGNUM, pubkey.modulus, PKT_END);
+
+ crWaitUntil(ispkt);
+ if (pktin.type == SSH1_SMSG_FAILURE) {
+ if (flags & FLAG_VERBOSE)
+ c_write("Server refused our public key.\r\n", 32);
+ continue; /* go and try password */
+ }
+ if (pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE)
+ fatalbox("Bizarre response to offer of public key");
+ ssh1_read_bignum(pktin.body, &challenge);
+ response = rsadecrypt(challenge, &pubkey);
+ freebn(pubkey.private_exponent); /* burn the evidence */
+
+ for (i = 0; i < 32; i += 2) {
+ buffer[i] = response[16-i/2] >> 8;
+ buffer[i+1] = response[16-i/2] & 0xFF;
+ }
+
+ MD5Init(&md5c);
+ MD5Update(&md5c, buffer, 32);
+ MD5Update(&md5c, session_id, 16);
+ MD5Final(buffer, &md5c);
+
+ send_packet(SSH1_CMSG_AUTH_RSA_RESPONSE,
+ PKT_DATA, buffer, 16, PKT_END);
+
+ crWaitUntil(ispkt);
+ if (pktin.type == SSH1_SMSG_FAILURE) {
+ if (flags & FLAG_VERBOSE)
+ c_write("Failed to authenticate with our public key.\r\n",
+ 45);
+ continue; /* go and try password */
+ } else if (pktin.type != SSH1_SMSG_SUCCESS) {
+ fatalbox("Bizarre response to RSA authentication response");
+ }
+
+ break; /* we're through! */
+ } else {
+ send_packet(pwpkt_type, PKT_STR, password, PKT_END);
+ }
+ logevent("Sent password");
+ memset(password, 0, strlen(password));
+ crWaitUntil(ispkt);
+ if (pktin.type == SSH1_SMSG_FAILURE) {
+ if (flags & FLAG_VERBOSE)
+ c_write("Access denied\r\n", 15);
+ logevent("Authentication refused");
+ } else if (pktin.type == SSH1_MSG_DISCONNECT) {
+ logevent("Received disconnect request");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturn(1);
+ } else if (pktin.type != SSH1_SMSG_SUCCESS) {
+ fatalbox("Strange packet received, type %d", pktin.type);
+ }
+ }
+
+ logevent("Authentication successful");
+
+ crFinish(1);
+}
+
+static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
+ crBegin;
+
+ random_init();
+
+ while (!do_ssh1_login(in, inlen, ispkt)) {
+ crReturnV;
+ }
+ if (ssh_state == SSH_STATE_CLOSED)
+ crReturnV;
+
+ if (!cfg.nopty) {
+ send_packet(SSH1_CMSG_REQUEST_PTY,
+ PKT_STR, cfg.termtype,
+ PKT_INT, rows, PKT_INT, cols,
+ PKT_INT, 0, PKT_INT, 0,
+ PKT_CHAR, 0,
+ PKT_END);
+ ssh_state = SSH_STATE_INTERMED;
+ do { crReturnV; } while (!ispkt);
+ if (pktin.type != SSH1_SMSG_SUCCESS && pktin.type != SSH1_SMSG_FAILURE) {
+ fatalbox("Protocol confusion");
+ } else if (pktin.type == SSH1_SMSG_FAILURE) {
+ c_write("Server refused to allocate pty\r\n", 32);
+ }
+ logevent("Allocated pty");
+ }
+
+ send_packet(SSH1_CMSG_EXEC_SHELL, PKT_END);
+ logevent("Started session");
+
+ ssh_state = SSH_STATE_SESSION;
+ if (size_needed)
+ ssh_size();
+
+ while (1) {
+ crReturnV;
+ if (ispkt) {
+ if (pktin.type == SSH1_SMSG_STDOUT_DATA ||
+ pktin.type == SSH1_SMSG_STDERR_DATA) {
+ long len = GET_32BIT(pktin.body);
+ c_write(pktin.body+4, len);
+ } else if (pktin.type == SSH1_MSG_DISCONNECT) {
+ ssh_state = SSH_STATE_CLOSED;
+ logevent("Received disconnect request");
+ } else if (pktin.type == SSH1_SMSG_SUCCESS) {
+ /* may be from EXEC_SHELL on some servers */
+ } else if (pktin.type == SSH1_SMSG_FAILURE) {
+ /* may be from EXEC_SHELL on some servers
+ * if no pty is available or in other odd cases. Ignore */
+ } else if (pktin.type == SSH1_SMSG_EXIT_STATUS) {
+ send_packet(SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
+ } else {
+ fatalbox("Strange packet received: type %d", pktin.type);
+ }
+ } else {
+ send_packet(SSH1_CMSG_STDIN_DATA,
+ PKT_INT, inlen, PKT_DATA, in, inlen, PKT_END);
+ }
+ }
+
+ crFinishV;
+}
+
+/*
+ * Utility routine for decoding comma-separated strings in KEXINIT.
+ */
+int in_commasep_string(char *needle, char *haystack, int haylen) {
+ int needlen = strlen(needle);
+ while (1) {
+ /*
+ * Is it at the start of the string?
+ */
+ if (haylen >= needlen && /* haystack is long enough */
+ !memcmp(needle, haystack, needlen) && /* initial match */
+ (haylen == needlen || haystack[needlen] == ',')
+ /* either , or EOS follows */
+ )
+ return 1;
+ /*
+ * If not, search for the next comma and resume after that.
+ * If no comma found, terminate.
+ */
+ while (haylen > 0 && *haystack != ',')
+ haylen--, haystack++;
+ if (haylen == 0)
+ return 0;
+ haylen--, haystack++; /* skip over comma itself */
+ }
+}
+
+/*
+ * SSH2 key creation method.
+ */
+void ssh2_mkkey(Bignum K, char *H, char chr, char *keyspace) {
+ SHA_State s;
+ /* First 20 bytes. */
+ SHA_Init(&s);
+ sha_mpint(&s, K);
+ SHA_Bytes(&s, H, 20);
+ SHA_Bytes(&s, &chr, 1);
+ SHA_Bytes(&s, H, 20);
+ SHA_Final(&s, keyspace);
+ /* Next 20 bytes. */
+ SHA_Init(&s);
+ sha_mpint(&s, K);
+ SHA_Bytes(&s, H, 20);
+ SHA_Bytes(&s, keyspace, 20);
+ SHA_Final(&s, keyspace+20);
+}
+
+/*
+ * Handle the SSH2 transport layer.
+ */
+static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
+{
+ static int i, len;
+ static char *str;
+ static Bignum e, f, K;
+ static struct ssh_cipher *cscipher_tobe = NULL;
+ static struct ssh_cipher *sccipher_tobe = NULL;
+ static struct ssh_mac *csmac_tobe = NULL;
+ static struct ssh_mac *scmac_tobe = NULL;
+ static struct ssh_compress *cscomp_tobe = NULL;
+ static struct ssh_compress *sccomp_tobe = NULL;
+ static char *hostkeydata, *sigdata, *keystr;
+ static int hostkeylen, siglen;
+ static unsigned char exchange_hash[20];
+ static unsigned char keyspace[40];
+
+ crBegin;
+ random_init();
+
+ begin_key_exchange:
+ /*
+ * Construct and send our key exchange packet.
+ */
+ ssh2_pkt_init(SSH2_MSG_KEXINIT);
+ for (i = 0; i < 16; i++)
+ ssh2_pkt_addbyte((unsigned char)random_byte());
+ /* List key exchange algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(kex_algs); i++) {
+ ssh2_pkt_addstring_str(kex_algs[i]->name);
+ if (i < lenof(kex_algs)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List server host key algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(hostkey_algs); i++) {
+ ssh2_pkt_addstring_str(hostkey_algs[i]->name);
+ if (i < lenof(hostkey_algs)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List client->server encryption algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(ciphers); i++) {
+ ssh2_pkt_addstring_str(ciphers[i]->name);
+ if (i < lenof(ciphers)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List server->client encryption algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(ciphers); i++) {
+ ssh2_pkt_addstring_str(ciphers[i]->name);
+ if (i < lenof(ciphers)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List client->server MAC algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(macs); i++) {
+ ssh2_pkt_addstring_str(macs[i]->name);
+ if (i < lenof(macs)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List server->client MAC algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(macs); i++) {
+ ssh2_pkt_addstring_str(macs[i]->name);
+ if (i < lenof(macs)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List client->server compression algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(compressions); i++) {
+ ssh2_pkt_addstring_str(compressions[i]->name);
+ if (i < lenof(compressions)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List server->client compression algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(compressions); i++) {
+ ssh2_pkt_addstring_str(compressions[i]->name);
+ if (i < lenof(compressions)-1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List client->server languages. Empty list. */
+ ssh2_pkt_addstring_start();
+ /* List server->client languages. Empty list. */
+ ssh2_pkt_addstring_start();
+ /* First KEX packet does _not_ follow, because we're not that brave. */
+ ssh2_pkt_addbool(FALSE);
+ /* Reserved. */
+ ssh2_pkt_adduint32(0);
+ sha_string(&exhash, pktout.data+5, pktout.length-5);
+ ssh2_pkt_send();
+
+ if (!ispkt) crWaitUntil(ispkt);
+ sha_string(&exhash, pktin.data+5, pktin.length-5);
+
+ /*
+ * Now examine the other side's KEXINIT to see what we're up
+ * to.
+ */
+ if (pktin.type != SSH2_MSG_KEXINIT) {
+ fatalbox("expected key exchange packet from server");
+ }
+ kex = NULL; hostkey = NULL; cscipher_tobe = NULL; sccipher_tobe = NULL;
+ csmac_tobe = NULL; scmac_tobe = NULL; cscomp_tobe = NULL; sccomp_tobe = NULL;
+ pktin.savedpos += 16; /* skip garbage cookie */
+ ssh2_pkt_getstring(&str, &len); /* key exchange algorithms */
+ for (i = 0; i < lenof(kex_algs); i++) {
+ if (in_commasep_string(kex_algs[i]->name, str, len)) {
+ kex = kex_algs[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* host key algorithms */
+ for (i = 0; i < lenof(hostkey_algs); i++) {
+ if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
+ hostkey = hostkey_algs[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* client->server cipher */
+ for (i = 0; i < lenof(ciphers); i++) {
+ if (in_commasep_string(ciphers[i]->name, str, len)) {
+ cscipher_tobe = ciphers[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* server->client cipher */
+ for (i = 0; i < lenof(ciphers); i++) {
+ if (in_commasep_string(ciphers[i]->name, str, len)) {
+ sccipher_tobe = ciphers[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* client->server mac */
+ for (i = 0; i < lenof(macs); i++) {
+ if (in_commasep_string(macs[i]->name, str, len)) {
+ csmac_tobe = macs[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* server->client mac */
+ for (i = 0; i < lenof(macs); i++) {
+ if (in_commasep_string(macs[i]->name, str, len)) {
+ scmac_tobe = macs[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* client->server compression */
+ for (i = 0; i < lenof(compressions); i++) {
+ if (in_commasep_string(compressions[i]->name, str, len)) {
+ cscomp_tobe = compressions[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* server->client compression */
+ for (i = 0; i < lenof(compressions); i++) {
+ if (in_commasep_string(compressions[i]->name, str, len)) {
+ sccomp_tobe = compressions[i];
+ break;
+ }
+ }