implementation [email protected] (#82)

janmojzis · Dec 20, 2023 · ebaa1bd · ebaa1bd
1 parent 97083ca
commit ebaa1bd
Show file tree

Hide file tree

Showing 6 changed files with 120 additions and 50 deletions.
diff --git a/tinyssh/packet_get.c b/tinyssh/packet_get.c
@@ -63,6 +63,12 @@ static int packet_get_(struct buf *b) {
     else {
         return packet_get_plain_(b);
     }
+
+    /* overflow check */
+    if (!packet.receivepacketid) {
+        log_f1("receivepacketid overflow");
+        global_die(111);
+    }
 }
 
 
@@ -83,8 +89,17 @@ int packet_get(struct buf *b, crypto_uint8 x) {
             return 0;
         case SSH_MSG_IGNORE:
         case SSH_MSG_DEBUG:
+            if (!packet.flagkeys) {
+                log_f1("SSH_MSG_IGNORE/SSH_MSG_DEBUG packet rejected in plain-text mode");
+                global_die(111);
+            }
             buf_purge(b);
             break;
+        case SSH_MSG_NEWKEYS:
+            /* strict kex - reset receivepacketid */
+            if (sshcrypto_kex_flags & sshcrypto_FLAGSTRICTKEX) {
+                packet.receivepacketid = 0;
+            }
         default:
             if (x && x != b->buf[0]) {
                 char buf1[NUMTOSTR_LEN];

diff --git a/tinyssh/packet_kexdh.c b/tinyssh/packet_kexdh.c
@@ -91,6 +91,7 @@ int packet_kexdh(const char *keydir, struct buf *b1, struct buf *b2) {
         if (!packet_getall(b2, 0)) return 0;
     } while (b2->buf[0] != SSH_MSG_NEWKEYS);
 
+
     /* key derivation */
     for(i = 0; i < 6; ++i) {
         buf_purge(b1);

diff --git a/tinyssh/packet_put.c b/tinyssh/packet_put.c
@@ -6,6 +6,9 @@ Public domain.
 
 #include "uint32_pack_big.h"
 #include "buf.h"
+#include "sshcrypto.h"
+#include "ssh.h"
+#include "log.h"
 #include "packet.h"
 
 static void packet_put_plain_(struct buf *b) {
@@ -43,4 +46,15 @@ void packet_put(struct buf *b) {
     else {
         packet_put_plain_(b);
     }
+
+    /* overflow check */
+    if (!packet.sendpacketid) {
+        log_f1("sendpacketid overflow");
+        global_die(111);
+    }
+
+    /* strict kex - reset sendpacketid */
+    if (b->buf[0] == SSH_MSG_NEWKEYS && sshcrypto_kex_flags & sshcrypto_FLAGSTRICTKEX) {
+        packet.sendpacketid = 0;
+    }
 }
diff --git a/tinyssh/sshcrypto.h b/tinyssh/sshcrypto.h
@@ -15,6 +15,8 @@
 #define sshcrypto_kem_MAX           crypto_kem_sntrup761x25519_BYTES
 #define sshcrypto_hash_MAX          crypto_hash_sha512_BYTES
 
+#define sshcrypto_FLAGSTRICTKEX 0x1
+
 struct sshcrypto_kex {
     const char *name;
     int (*enc)(unsigned char *, unsigned char *, const unsigned char *);
@@ -29,6 +31,14 @@ struct sshcrypto_kex {
 };
 extern struct sshcrypto_kex sshcrypto_kexs[];
 
+struct sshcrypto_pseudokex {
+    const char *name;
+    const char *cname;
+    int flag;
+};
+extern struct sshcrypto_pseudokex sshcrypto_pseudokexs[];
+
+extern int sshcrypto_kex_flags;
 extern const char *sshcrypto_kex_name;
 extern int (*sshcrypto_enc)(unsigned char *, unsigned char *, const unsigned char *);
 extern long long sshcrypto_kem_publickeybytes;

diff --git a/tinyssh/sshcrypto_kex.c b/tinyssh/sshcrypto_kex.c
@@ -54,6 +54,15 @@ struct sshcrypto_kex sshcrypto_kexs[] = {
     { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
 };
 
+struct sshcrypto_pseudokex sshcrypto_pseudokexs[] = {
+    {   "[email protected]",
+        "[email protected]",
+        sshcrypto_FLAGSTRICTKEX,
+    },
+    { 0, 0 }
+};
+
+int sshcrypto_kex_flags = 0;
 const char *sshcrypto_kex_name = 0;
 int (*sshcrypto_enc)(unsigned char *, unsigned char *, const unsigned char *) = 0;
 long long sshcrypto_kem_publickeybytes = 0;
@@ -66,7 +75,7 @@ void (*sshcrypto_buf_putkemkey)(struct buf *, const unsigned char *) = 0;
 
 int sshcrypto_kex_select(const unsigned char *buf, long long len, crypto_uint8 *kex_guess) {
 
-    long long i, pos = 0;
+    long long i, pos;
     unsigned char *x;
     long long xlen;
 
@@ -77,6 +86,19 @@ int sshcrypto_kex_select(const unsigned char *buf, long long len, crypto_uint8 *
 
     *kex_guess = 1;
 
+    pos = 0;
+    for (;;) {
+        pos = stringparser(buf, len, pos, &x, &xlen);
+        if (!pos) break;
+        for (i = 0; sshcrypto_pseudokexs[i].name; ++i) {
+            if (str_equaln((char *)x, xlen, sshcrypto_pseudokexs[i].cname)) {
+                log_d2("kex: pseudokex selected: ", sshcrypto_pseudokexs[i].name);
+                sshcrypto_kex_flags |= sshcrypto_pseudokexs[i].flag;
+            }
+        }
+    }
+
+    pos = 0;
     for (;;) {
         pos = stringparser(buf, len, pos, &x, &xlen);
         if (!pos) break;
@@ -114,6 +136,10 @@ void sshcrypto_kex_put(struct buf *b) {
         if (j++) ++len;
         len += str_len(sshcrypto_kexs[i].name);
     }
+    for (i = 0; sshcrypto_pseudokexs[i].name; ++i) {
+        if (j++) ++len;
+        len += str_len(sshcrypto_pseudokexs[i].name);
+    }
 
     buf_putnum32(b, len);
     start = b->len;
@@ -124,6 +150,10 @@ void sshcrypto_kex_put(struct buf *b) {
         if (j++) buf_puts(b, ",");
         buf_puts(b, sshcrypto_kexs[i].name);
     }
+    for (i = 0; sshcrypto_pseudokexs[i].name; ++i) {
+        if (j++) buf_puts(b, ",");
+        buf_puts(b, sshcrypto_pseudokexs[i].name);
+    }
     b->buf[b->len] = 0;
     log_d2("kex: server: kex algorithms: ", (char *)b->buf + start);
 }