/*
* libwebsockets - small server side websockets and web server implementation
*
* Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
* deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
*/
#if !defined(__LWS_SSH_H__)
#define __LWS_SSH_H__
#if defined(LWS_WITH_MBEDTLS)
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
#include "mbedtls/rsa.h"
#endif
#include "lws-plugin-ssh.h"
#define LWS_SIZE_EC25519 32
#define LWS_SIZE_EC25519_PUBKEY 32
#define LWS_SIZE_EC25519_PRIKEY 64
#define LWS_SIZE_SHA256 32
#define LWS_SIZE_SHA512 64
#define LWS_SIZE_AES256_KEY 32
#define LWS_SIZE_AES256_IV 12
#define LWS_SIZE_AES256_MAC 16
#define LWS_SIZE_AES256_BLOCK 16
#define LWS_SIZE_CHACHA256_KEY (2 * 32)
#define POLY1305_TAGLEN 16
#define POLY1305_KEYLEN 32
#define crypto_hash_sha512_BYTES 64U
#define PEEK_U64(p) \
(((uint64_t)(((const uint8_t *)(p))[0]) << 56) | \
((uint64_t)(((const uint8_t *)(p))[1]) << 48) | \
((uint64_t)(((const uint8_t *)(p))[2]) << 40) | \
((uint64_t)(((const uint8_t *)(p))[3]) << 32) | \
((uint64_t)(((const uint8_t *)(p))[4]) << 24) | \
((uint64_t)(((const uint8_t *)(p))[5]) << 16) | \
((uint64_t)(((const uint8_t *)(p))[6]) << 8) | \
(uint64_t)(((const uint8_t *)(p))[7]))
#define PEEK_U32(p) \
(((uint32_t)(((const uint8_t *)(p))[0]) << 24) | \
((uint32_t)(((const uint8_t *)(p))[1]) << 16) | \
((uint32_t)(((const uint8_t *)(p))[2]) << 8) | \
(uint32_t)(((const uint8_t *)(p))[3]))
#define PEEK_U16(p) \
(((uint16_t)(((const uint8_t *)(p))[0]) << 8) | \
(uint16_t)(((const uint8_t *)(p))[1]))
#define POKE_U64(p, v) \
do { \
const uint64_t __v = (v); \
((uint8_t *)(p))[0] = (uint8_t)((__v >> 56) & 0xff); \
((uint8_t *)(p))[1] = (uint8_t)((__v >> 48) & 0xff); \
((uint8_t *)(p))[2] = (uint8_t)((__v >> 40) & 0xff); \
((uint8_t *)(p))[3] = (uint8_t)((__v >> 32) & 0xff); \
((uint8_t *)(p))[4] = (uint8_t)((__v >> 24) & 0xff); \
((uint8_t *)(p))[5] = (uint8_t)((__v >> 16) & 0xff); \
((uint8_t *)(p))[6] = (uint8_t)((__v >> 8) & 0xff); \
((uint8_t *)(p))[7] = (uint8_t)(__v & 0xff); \
} while (0)
#define POKE_U32(p, v) \
do { \
const uint32_t __v = (v); \
((uint8_t *)(p))[0] = (uint8_t)((__v >> 24) & 0xff); \
((uint8_t *)(p))[1] = (uint8_t)((__v >> 16) & 0xff); \
((uint8_t *)(p))[2] = (uint8_t)((__v >> 8) & 0xff); \
((uint8_t *)(p))[3] = (uint8_t)(__v & 0xff); \
} while (0)
#define POKE_U16(p, v) \
do { \
const uint16_t __v = (v); \
((uint8_t *)(p))[0] = (__v >> 8) & 0xff; \
((uint8_t *)(p))[1] = __v & 0xff; \
} while (0)
enum {
SSH_MSG_DISCONNECT = 1,
SSH_MSG_IGNORE = 2,
SSH_MSG_UNIMPLEMENTED = 3,
SSH_MSG_DEBUG = 4,
SSH_MSG_SERVICE_REQUEST = 5,
SSH_MSG_SERVICE_ACCEPT = 6,
SSH_MSG_KEXINIT = 20,
SSH_MSG_NEWKEYS = 21,
/* 30 .. 49: KEX messages specific to KEX protocol */
SSH_MSG_KEX_ECDH_INIT = 30,
SSH_MSG_KEX_ECDH_REPLY = 31,
/* 50... userauth */
SSH_MSG_USERAUTH_REQUEST = 50,
SSH_MSG_USERAUTH_FAILURE = 51,
SSH_MSG_USERAUTH_SUCCESS = 52,
SSH_MSG_USERAUTH_BANNER = 53,
/* 60... publickey */
SSH_MSG_USERAUTH_PK_OK = 60,
/* 80... connection */
SSH_MSG_GLOBAL_REQUEST = 80,
SSH_MSG_REQUEST_SUCCESS = 81,
SSH_MSG_REQUEST_FAILURE = 82,
SSH_MSG_CHANNEL_OPEN = 90,
SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91,
SSH_MSG_CHANNEL_OPEN_FAILURE = 92,
SSH_MSG_CHANNEL_WINDOW_ADJUST = 93,
SSH_MSG_CHANNEL_DATA = 94,
SSH_MSG_CHANNEL_EXTENDED_DATA = 95,
SSH_MSG_CHANNEL_EOF = 96,
SSH_MSG_CHANNEL_CLOSE = 97,
SSH_MSG_CHANNEL_REQUEST = 98,
SSH_MSG_CHANNEL_SUCCESS = 99,
SSH_MSG_CHANNEL_FAILURE = 100,
SSH_EXTENDED_DATA_STDERR = 1,
SSH_CH_TYPE_SESSION = 1,
SSH_CH_TYPE_SCP = 2,
SSH_CH_TYPE_SFTP = 3,
SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT = 1,
SSH_DISCONNECT_PROTOCOL_ERROR = 2,
SSH_DISCONNECT_KEY_EXCHANGE_FAILED = 3,
SSH_DISCONNECT_RESERVED = 4,
SSH_DISCONNECT_MAC_ERROR = 5,
SSH_DISCONNECT_COMPRESSION_ERROR = 6,
SSH_DISCONNECT_SERVICE_NOT_AVAILABLE = 7,
SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED = 8,
SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE = 9,
SSH_DISCONNECT_CONNECTION_LOST = 10,
SSH_DISCONNECT_BY_APPLICATION = 11,
SSH_DISCONNECT_TOO_MANY_CONNECTIONS = 12,
SSH_DISCONNECT_AUTH_CANCELLED_BY_USER = 13,
SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14,
SSH_DISCONNECT_ILLEGAL_USER_NAME = 15,
SSH_OPEN_ADMINISTRATIVELY_PROHIBITED = 1,
SSH_OPEN_CONNECT_FAILED = 2,
SSH_OPEN_UNKNOWN_CHANNEL_TYPE = 3,
SSH_OPEN_RESOURCE_SHORTAGE = 4,
KEX_STATE_EXPECTING_CLIENT_OFFER = 0,
KEX_STATE_REPLIED_TO_OFFER,
KEX_STATE_CRYPTO_INITIALIZED,
SSH_KEYIDX_IV = 0,
SSH_KEYIDX_ENC,
SSH_KEYIDX_INTEG,
/* things we may write on the connection */
SSH_WT_NONE = 0,
SSH_WT_VERSION,
SSH_WT_OFFER,
SSH_WT_OFFER_REPLY,
SSH_WT_SEND_NEWKEYS,
SSH_WT_UA_ACCEPT,
SSH_WT_UA_FAILURE,
SSH_WT_UA_BANNER,
SSH_WT_UA_PK_OK,
SSH_WT_UA_SUCCESS,
SSH_WT_CH_OPEN_CONF,
SSH_WT_CH_FAILURE,
SSH_WT_CHRQ_SUCC,
SSH_WT_CHRQ_FAILURE,
SSH_WT_SCP_ACK_OKAY,
SSH_WT_SCP_ACK_ERROR,
SSH_WT_CH_CLOSE,
SSH_WT_CH_EOF,
SSH_WT_WINDOW_ADJUST,
SSH_WT_EXIT_STATUS,
/* RX parser states */
SSH_INITIALIZE_TRANSIENT = 0,
SSHS_IDSTRING,
SSHS_IDSTRING_CR,
SSHS_MSG_LEN,
SSHS_MSG_PADDING,
SSHS_MSG_ID,
SSH_KEX_STATE_COOKIE,
SSH_KEX_NL_KEX_ALGS_LEN,
SSH_KEX_NL_KEX_ALGS,
SSH_KEX_NL_SHK_ALGS_LEN,
SSH_KEX_NL_SHK_ALGS,
SSH_KEX_NL_EACTS_ALGS_LEN,
SSH_KEX_NL_EACTS_ALGS,
SSH_KEX_NL_EASTC_ALGS_LEN,
SSH_KEX_NL_EASTC_ALGS,
SSH_KEX_NL_MACTS_ALGS_LEN,
SSH_KEX_NL_MACTS_ALGS,
SSH_KEX_NL_MASTC_ALGS_LEN,
SSH_KEX_NL_MASTC_ALGS,
SSH_KEX_NL_CACTS_ALGS_LEN,
SSH_KEX_NL_CACTS_ALGS,
SSH_KEX_NL_CASTC_ALGS_LEN,
SSH_KEX_NL_CASTC_ALGS,
SSH_KEX_NL_LCTS_ALGS_LEN,
SSH_KEX_NL_LCTS_ALGS,
SSH_KEX_NL_LSTC_ALGS_LEN,
SSH_KEX_NL_LSTC_ALGS,
SSH_KEX_FIRST_PKT,
SSH_KEX_RESERVED,
SSH_KEX_STATE_ECDH_KEYLEN,
SSH_KEX_STATE_ECDH_Q_C,
SSHS_MSG_EAT_PADDING,
SSH_KEX_STATE_SKIP,
SSHS_GET_STRING_LEN,
SSHS_GET_STRING,
SSHS_GET_STRING_LEN_ALLOC,
SSHS_GET_STRING_ALLOC,
SSHS_DO_SERVICE_REQUEST,
SSHS_DO_UAR_SVC,
SSHS_DO_UAR_PUBLICKEY,
SSHS_NVC_DO_UAR_CHECK_PUBLICKEY,
SSHS_DO_UAR_SIG_PRESENT,
SSHS_NVC_DO_UAR_ALG,
SSHS_NVC_DO_UAR_PUBKEY_BLOB,
SSHS_NVC_DO_UAR_SIG,
SSHS_GET_U32,
SSHS_NVC_CHOPEN_TYPE,
SSHS_NVC_CHOPEN_SENDER_CH,
SSHS_NVC_CHOPEN_WINSIZE,
SSHS_NVC_CHOPEN_PKTSIZE,
SSHS_NVC_CHRQ_RECIP,
SSHS_NVC_CHRQ_TYPE,
SSHS_CHRQ_WANT_REPLY,
SSHS_NVC_CHRQ_TERM,
SSHS_NVC_CHRQ_TW,
SSHS_NVC_CHRQ_TH,
SSHS_NVC_CHRQ_TWP,
SSHS_NVC_CHRQ_THP,
SSHS_NVC_CHRQ_MODES,
SSHS_NVC_CHRQ_ENV_NAME,
SSHS_NVC_CHRQ_ENV_VALUE,
SSHS_NVC_CHRQ_EXEC_CMD,
SSHS_NVC_CHRQ_SUBSYSTEM,
SSHS_NVC_CH_EOF,
SSHS_NVC_CH_CLOSE,
SSHS_NVC_CD_RECIP,
SSHS_NVC_CD_DATA,
SSHS_NVC_CD_DATA_ALLOC,
SSHS_NVC_WA_RECIP,
SSHS_NVC_WA_ADD,
SSHS_NVC_DISCONNECT_REASON,
SSHS_NVC_DISCONNECT_DESC,
SSHS_NVC_DISCONNECT_LANG,
SSHS_SCP_COLLECTSTR = 0,
SSHS_SCP_PAYLOADIN = 1,
/* from https://tools.ietf.org/html/draft-ietf-secsh-filexfer-13 */
SECSH_FILEXFER_VERSION = 6,
/* sftp packet types */
SSH_FXP_INIT = 1,
SSH_FXP_VERSION = 2,
SSH_FXP_OPEN = 3,
SSH_FXP_CLOSE = 4,
SSH_FXP_READ = 5,
SSH_FXP_WRITE = 6,
SSH_FXP_LSTAT = 7,
SSH_FXP_FSTAT = 8,
SSH_FXP_SETSTAT = 9,
SSH_FXP_FSETSTAT = 10,
SSH_FXP_OPENDIR = 11,
SSH_FXP_READDIR = 12,
SSH_FXP_REMOVE = 13,
SSH_FXP_MKDIR = 14,
SSH_FXP_RMDIR = 15,
SSH_FXP_REALPATH = 16,
SSH_FXP_STAT = 17,
SSH_FXP_RENAME = 18,
SSH_FXP_READLINK = 19,
SSH_FXP_LINK = 21,
SSH_FXP_BLOCK = 22,
SSH_FXP_UNBLOCK = 23,
SSH_FXP_STATUS = 101,
SSH_FXP_HANDLE = 102,
SSH_FXP_DATA = 103,
SSH_FXP_NAME = 104,
SSH_FXP_ATTRS = 105,
SSH_FXP_EXTENDED = 200,
SSH_FXP_EXTENDED_REPLY = 201,
/* sftp return codes */
SSH_FX_OK = 0,
SSH_FX_EOF = 1,
SSH_FX_NO_SUCH_FILE = 2,
SSH_FX_PERMISSION_DENIED = 3,
SSH_FX_FAILURE = 4,
SSH_FX_BAD_MESSAGE = 5,
SSH_FX_NO_CONNECTION = 6,
SSH_FX_CONNECTION_LOST = 7,
SSH_FX_OP_UNSUPPORTED = 8,
SSH_FX_INVALID_HANDLE = 9,
SSH_FX_NO_SUCH_PATH = 10,
SSH_FX_FILE_ALREADY_EXISTS = 11,
SSH_FX_WRITE_PROTECT = 12,
SSH_FX_NO_MEDIA = 13,
SSH_FX_NO_SPACE_ON_FILESYSTEM = 14,
SSH_FX_QUOTA_EXCEEDED = 15,
SSH_FX_UNKNOWN_PRINCIPAL = 16,
SSH_FX_LOCK_CONFLICT = 17,
SSH_FX_DIR_NOT_EMPTY = 18,
SSH_FX_NOT_A_DIRECTORY = 19,
SSH_FX_INVALID_FILENAME = 20,
SSH_FX_LINK_LOOP = 21,
SSH_FX_CANNOT_DELETE = 22,
SSH_FX_INVALID_PARAMETER = 23,
SSH_FX_FILE_IS_A_DIRECTORY = 24,
SSH_FX_BYTE_RANGE_LOCK_CONFLICT = 25,
SSH_FX_BYTE_RANGE_LOCK_REFUSED = 26,
SSH_FX_DELETE_PENDING = 27,
SSH_FX_FILE_CORRUPT = 28,
SSH_FX_OWNER_INVALID = 29,
SSH_FX_GROUP_INVALID = 30,
SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK = 31,
SSH_PENDING_TIMEOUT_CONNECT_TO_SUCCESSFUL_AUTH =
PENDING_TIMEOUT_USER_REASON_BASE + 0,
SSH_AUTH_STATE_NO_AUTH = 0,
SSH_AUTH_STATE_GAVE_AUTH_IGNORE_REQS = 1,
};
#define LWS_SSH_INITIAL_WINDOW 16384
struct lws_ssh_userauth {
struct lws_genhash_ctx hash_ctx;
char *username;
char *service;
char *alg;
uint8_t *pubkey;
uint32_t pubkey_len;
uint8_t *sig;
uint32_t sig_len;
char sig_present;
};
struct lws_ssh_keys {
/* 3 == SSH_KEYIDX_IV (len=4), SSH_KEYIDX_ENC, SSH_KEYIDX_INTEG */
uint8_t key[3][LWS_SIZE_CHACHA256_KEY];
/* opaque allocation made when cipher activated */
void *cipher;
uint8_t MAC_length;
uint8_t padding_alignment; /* block size */
uint8_t valid:1;
uint8_t full_length:1;
};
struct lws_kex {
uint8_t kex_r[256];
uint8_t Q_C[LWS_SIZE_EC25519]; /* client eph public key aka 'e' */
uint8_t eph_pri_key[LWS_SIZE_EC25519]; /* server eph private key */
uint8_t Q_S[LWS_SIZE_EC25519]; /* server ephemeral public key */
uint8_t kex_cookie[16];
uint8_t *I_C; /* malloc'd copy of client KEXINIT payload */
uint8_t *I_S; /* malloc'd copy of server KEXINIT payload */
uint32_t I_C_payload_len;
uint32_t I_C_alloc_len;
uint32_t I_S_payload_len;
uint32_t kex_r_len;
uint8_t match_bitfield;
uint8_t newkeys; /* which sides newkeys have been applied */
struct lws_ssh_keys keys_next_cts;
struct lws_ssh_keys keys_next_stc;
};
struct lws_subprotocol_scp {
char fp[128];
uint64_t len;
uint32_t attr;
char cmd;
char ips;
};
typedef union {
struct lws_subprotocol_scp scp;
} lws_subprotocol;
struct per_session_data__sshd;
struct lws_ssh_channel {
struct lws_ssh_channel *next;
struct per_session_data__sshd *pss;
lws_subprotocol *sub; /* NULL, or allocated subprotocol state */
void *priv; /* owned by user code */
int type;
uint32_t server_ch;
uint32_t sender_ch;
int32_t window;
int32_t peer_window_est;
uint32_t max_pkt;
uint32_t spawn_pid;
int retcode;
uint8_t scheduled_close:1;
uint8_t sent_close:1;
uint8_t received_close:1;
};
struct per_vhost_data__sshd;
struct per_session_data__sshd {
struct per_session_data__sshd *next;
struct per_vhost_data__sshd *vhd;
struct lws *wsi;
struct lws_kex *kex;
char *disconnect_desc;
uint8_t K[LWS_SIZE_EC25519]; /* shared secret */
uint8_t session_id[LWS_SIZE_SHA256]; /* H from first working KEX */
char name[64];
char last_auth_req_username[32];
char last_auth_req_service[32];
struct lws_ssh_keys active_keys_cts;
struct lws_ssh_keys active_keys_stc;
struct lws_ssh_userauth *ua;
struct lws_ssh_channel *ch_list;
struct lws_ssh_channel *ch_temp;
uint8_t *last_alloc;
union {
struct lws_ssh_pty pty;
char aux[64];
} args;
uint32_t ssh_sequence_ctr_cts;
uint32_t ssh_sequence_ctr_stc;
uint64_t payload_bytes_cts;
uint64_t payload_bytes_stc;
uint32_t disconnect_reason;
char V_C[64]; /* Client version String */
uint8_t packet_assembly[2048];
uint32_t pa_pos;
uint32_t msg_len;
uint32_t pos;
uint32_t len;
uint32_t ctr;
uint32_t npos;
uint32_t reason;
uint32_t channel_doing_spawn;
int next_ch_num;
uint8_t K_S[LWS_SIZE_EC25519]; /* server public key */
uint32_t copy_to_I_C:1;
uint32_t okayed_userauth:1;
uint32_t sent_banner:1;
uint32_t seen_auth_req_before:1;
uint32_t serviced_stderr_last:1;
uint32_t kex_state;
uint32_t chrq_server_port;
uint32_t ch_recip;
uint32_t count_auth_attempts;
char parser_state;
char state_after_string;
char first_coming;
uint8_t rq_want_reply;
uint8_t ssh_auth_state;
uint8_t msg_id;
uint8_t msg_padding;
uint8_t write_task[8];
struct lws_ssh_channel *write_channel[8];
uint8_t wt_head, wt_tail;
};
struct per_vhost_data__sshd {
struct lws_context *context;
struct lws_vhost *vhost;
const struct lws_protocols *protocol;
struct per_session_data__sshd *live_pss_list;
const struct lws_ssh_ops *ops;
};
struct host_keys {
uint8_t *data;
uint32_t len;
};
extern struct host_keys host_keys[];
extern int
crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
const unsigned char *p);
extern int
ed25519_key_parse(uint8_t *p, size_t len, char *type, size_t type_len,
uint8_t *pub, uint8_t *pri);
extern int
kex_ecdh(struct per_session_data__sshd *pss, uint8_t *result, uint32_t *plen);
extern uint32_t
lws_g32(uint8_t **p);
extern uint32_t
lws_p32(uint8_t *p, uint32_t v);
extern int
lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len);
extern const char *lws_V_S;
extern int
lws_chacha_activate(struct lws_ssh_keys *keys);
extern void
lws_chacha_destroy(struct lws_ssh_keys *keys);
extern uint32_t
lws_chachapoly_get_length(struct lws_ssh_keys *keys, uint32_t seq,
const uint8_t *in4);
extern void
poly1305_auth(u_char out[POLY1305_TAGLEN], const u_char *m, size_t inlen,
const u_char key[POLY1305_KEYLEN]);
extern int
lws_chacha_decrypt(struct lws_ssh_keys *keys, uint32_t seq,
const uint8_t *ct, uint32_t len, uint8_t *pt);
extern int
lws_chacha_encrypt(struct lws_ssh_keys *keys, uint32_t seq,
const uint8_t *ct, uint32_t len, uint8_t *pt);
extern void
lws_pad_set_length(struct per_session_data__sshd *pss, void *start, uint8_t **p,
struct lws_ssh_keys *keys);
extern size_t
get_gen_server_key_25519(struct per_session_data__sshd *pss, uint8_t *b, size_t len);
extern int
crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen,
const unsigned char *m, size_t mlen,
const unsigned char *sk);
extern int
crypto_sign_ed25519_keypair(struct lws_context *context, uint8_t *pk,
uint8_t *sk);
#endif