WIP

Author: ejohnstown

src/internal.c

@@ -598,34 +598,43 @@ static void HandshakeInfoFree(HandshakeInfo* hs, void* heap)
 #ifndef NO_WOLFSSH_SERVER
 INLINE static int IsMessageAllowedServer(WOLFSSH *ssh, byte msg)
 {
+    /* Transport Layer Generic messages are always allowed. */
+    if (MSGIDLIMIT_TRANS_GEN(msg)) {
+        return 1;
+    }
+
     /* Has client userauth started? */
+    /* Allows the server to receive up to KEXDH GEX Request during KEX. */
     if (ssh->acceptState < ACCEPT_KEYED) {
-        if (msg > MSGID_KEXDH_LIMIT) {
+        if (msg > MSGID_KEXDH_GEX_REQUEST) {
             return 0;
         }
     }
     /* Is server userauth complete? */
     if (ssh->acceptState < ACCEPT_SERVER_USERAUTH_SENT) {
+        /* The server should only receive the user auth request message,
+         * it should not accept the other user auth messages, it sends
+         * them. (>50) */
         /* Explicitly check for messages not allowed before user
          * authentication has comleted. */
-        if (msg >= MSGID_USERAUTH_LIMIT) {
-            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by server "
-                    "before user authentication is complete", msg);
+        if (MSGIDLIMIT_POST_USERAUTH(msg)) {
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                    msg, "server", "before user authentication is complete");
             return 0;
         }
         /* Explicitly check for the user authentication messages that
          * only the server sends, it shouldn't receive them. */
-        if ((msg > MSGID_USERAUTH_RESTRICT) &&
+        if ((msg > MSGID_USERAUTH_REQUEST) &&
             (msg != MSGID_USERAUTH_INFO_RESPONSE)) {
-            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by server "
-                    "during user authentication", msg);
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                    msg, "server", "during user authentication");
             return 0;
         }
     }
     else {
-        if (msg >= MSGID_USERAUTH_RESTRICT && msg < MSGID_USERAUTH_LIMIT) {
-            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by server "
-                    "after user authentication", msg);
+        if (msg >= MSGID_USERAUTH_REQUEST && msg < MSGID_GLOBAL_REQUEST) {
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                    msg, "server", "after user authentication");
             return 0;
         }
     }
@@ -638,49 +647,94 @@ INLINE static int IsMessageAllowedServer(WOLFSSH *ssh, byte msg)
 #ifndef NO_WOLFSSH_CLIENT
 INLINE static int IsMessageAllowedClient(WOLFSSH *ssh, byte msg)
 {
+    /* Only the client should send these messages, never receive. */
+    if (msg == MSGID_SERVICE_REQUEST || msg == MSGID_USERAUTH_REQUEST) {
+        WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                msg, "client", "ever");
+        return 0;
+    }
+
+    if (msg == MSGID_SERVICE_ACCEPT) {
+        if (ssh->connectState == CONNECT_CLIENT_USERAUTH_REQUEST_SENT) {
+            return 1;
+        }
+        else {
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                    msg, "client", "after starting user auth");
+            return 0;
+        }
+    }
+
+    /* Transport Layer Generic messages are always allowed. */
+    if (MSGIDLIMIT_TRANS_GEN(msg)) {
+        return 1;
+    }
+
     /* Is KEX complete? */
-    if (ssh->connectState < CONNECT_KEYED && ssh->handshake) {
-        /* If expecting a specific message, and didn't receive it, error. */
-        if (ssh->handshake->expectMsgId != MSGID_NONE) {
-            if (msg != ssh->handshake->expectMsgId) {
-                WLOG(WS_LOG_DEBUG, "Message ID %u not the expected message %u",
-                        msg, ssh->handshake->expectMsgId);
+    if (MSGIDLIMIT_TRANS(msg)) {
+        if (ssh->isKeying) {
+            /* MSGID_KEXINIT not allowed when keying. */
+            if (msg == MSGID_KEXINIT) {
+                WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                        msg, "client", "when keying");
                 return 0;
             }
-            ssh->handshake->expectMsgId = MSGID_NONE;
+
+            /* Error if expecting a specific message and didn't receive. */
+            if (ssh->handshake && ssh->handshake->expectMsgId != MSGID_NONE) {
+                if (msg != ssh->handshake->expectMsgId) {
+                    WLOG(WS_LOG_DEBUG,
+                            "Message ID %u not the expected message %u",
+                            msg, ssh->handshake->expectMsgId);
+                    return 0;
+                }
+                else {
+                    /* Got the expected message, clear expectation. */
+                    ssh->handshake->expectMsgId = MSGID_NONE;
+                    return 1;
+                }
+            }
         }
-    }
-    /* Has client userauth started? */
-    if (ssh->connectState < CONNECT_CLIENT_KEXDH_INIT_SENT) {
-        if (msg >= MSGID_KEXDH_LIMIT) {
+        else {
+            /* MSGID_KEXINIT only allowed when not keying. */
+            if (msg == MSGID_KEXINIT) {
+                return 1;
+            }
+
+            /* All other transport KEX and ALGO messages are not allowed
+             * when not keying. */
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                    msg, "client", "when not keying");
             return 0;
         }
     }
+
     /* Is client userauth complete? */
     if (ssh->connectState < CONNECT_SERVER_USERAUTH_ACCEPT_DONE) {
-        /* Explicitly check for messages not allowed before user
-         * authentication has comleted. */
-        if (msg >= MSGID_USERAUTH_LIMIT) {
-            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by client "
-                    "before user authentication is complete", msg);
+        /* The endpoints should not allow message IDs greater than or
+         * equal to msgid 80 before user authentication is complete.
+         * Per RFC 4252 section 6. */
+        if (MSGIDLIMIT_POST_USERAUTH(msg)) {
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                    msg, "client", "before user authentication is complete");
             return 0;
         }
-        /* Explicitly check for the user authentication message that
-         * only the client sends, it shouldn't receive it. */
-        if (msg == MSGID_USERAUTH_RESTRICT) {
-            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by client "
-                    "during user authentication", msg);
-            return 0;
+        else if (MSGIDLIMIT_AUTH(msg)) {
+            return 1;
         }
     }
     else {
-        if (msg >= MSGID_USERAUTH_RESTRICT && msg < MSGID_USERAUTH_LIMIT) {
-            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by client "
-                    "after user authentication", msg);
+        if (MSGIDLIMIT_POST_USERAUTH(msg)) {
+            return 1;
+        }
+        else if (MSGIDLIMIT_AUTH(msg)) {
+            WLOG(WS_LOG_DEBUG, "Message ID %u not allowed by %s %s",
+                    msg, "client", "after user authentication");
             return 0;
         }
     }
-    return 1;
+
+    return 0;
 }
 #endif /* NO_WOLFSSH_CLIENT */
 
@@ -1071,7 +1125,7 @@ WOLFSSH* SshInit(WOLFSSH* ssh, WOLFSSH_CTX* ctx)
     ssh->fs            = NULL;
     ssh->acceptState = ACCEPT_BEGIN;
     ssh->clientState = CLIENT_BEGIN;
-    ssh->isKeying    = 1;
+    ssh->isKeying    = 0;
     ssh->authId      = ID_USERAUTH_PUBLICKEY;
     ssh->supportedAuth[0] = ID_USERAUTH_PUBLICKEY;
     ssh->supportedAuth[1] = ID_USERAUTH_PASSWORD;
@@ -4302,10 +4356,12 @@ static int DoKexInit(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         byte scratchLen[LENGTH_SZ];
         word32 strSz = 0;
 
-        if (!ssh->isKeying) {
+        ssh->kexinitRxd = 1;
+        if (!ssh->kexinitTxd) {
             WLOG(WS_LOG_DEBUG, "Keying initiated");
             ret = SendKexInit(ssh);
         }
+        ssh->isKeying = ssh->kexinitTxd;
 
         /* account for possible want write case from SendKexInit */
         if (ret == WS_SUCCESS || ret == WS_WANT_WRITE)
@@ -5835,8 +5891,10 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         ret = GenerateKeys(ssh, hashId, !ssh->handshake->useEccMlKem);
     }
 
-    if (ret == WS_SUCCESS)
+    if (ret == WS_SUCCESS) {
         ret = SendNewKeys(ssh);
+        ssh->handshake->expectMsgId = MSGID_NEWKEYS;
+    }
 
     if (sigKeyBlock_ptr)
         WFREE(sigKeyBlock_ptr, ssh->ctx->heap, DYNTYPE_PRIVKEY);
@@ -5917,6 +5975,8 @@ static int DoNewKeys(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         ssh->rxCount = 0;
         ssh->highwaterFlag = 0;
         ssh->isKeying = 0;
+        ssh->kexinitTxd = 0;
+        ssh->kexinitRxd = 0;
         HandshakeInfoFree(ssh->handshake, ssh->ctx->heap);
         ssh->handshake = NULL;
         WLOG(WS_LOG_DEBUG, "Keying completed");
@@ -9359,7 +9419,7 @@ static int DoPacket(WOLFSSH* ssh, byte* bufferConsumed)
         case MSGID_KEXINIT:
             WLOG(WS_LOG_DEBUG, "Decoding MSGID_KEXINIT");
             ret = DoKexInit(ssh, buf + idx, payloadSz, &payloadIdx);
-            if (ssh->isKeying == 1 &&
+            if (ssh->kexinitTxd == 1 &&
                     ssh->connectState == CONNECT_SERVER_CHANNEL_REQUEST_DONE) {
                 if (ssh->handshake->kexId == ID_DH_GEX_SHA256) {
 #if !defined(WOLFSSH_NO_DH) && !defined(WOLFSSH_NO_DH_GEX_SHA256)
@@ -10455,7 +10515,6 @@ int SendKexInit(WOLFSSH* ssh)
     }
 
     if (ret == WS_SUCCESS) {
-        ssh->isKeying = 1;
         if (ssh->handshake == NULL) {
             ssh->handshake = HandshakeInfoNew(ssh->ctx->heap);
             if (ssh->handshake == NULL) {
@@ -10578,8 +10637,11 @@ int SendKexInit(WOLFSSH* ssh)
         ret = BundlePacket(ssh);
     }
 
-    if (ret == WS_SUCCESS)
+    if (ret == WS_SUCCESS) {
+        ssh->kexinitTxd = 1;
+        ssh->isKeying = ssh->kexinitRxd;
         ret = wolfSSH_SendPacket(ssh);
+    }
 
     if (ret != WS_WANT_WRITE && ret != WS_SUCCESS)
         PurgePacket(ssh);

wolfssh/internal.h

@@ -739,6 +739,8 @@ struct WOLFSSH {
     byte serverState;
     byte processReplyState;
     byte isKeying;
+    byte kexinitTxd;
+    byte kexinitRxd;
     byte authId;           /* if using public key or password */
     byte supportedAuth[4]; /* supported auth IDs public key , password */
 
@@ -1180,6 +1182,7 @@ enum ProcessReplyStates {
 
 enum WS_MessageIds {
     MSGID_NONE = 0,
+
     MSGID_DISCONNECT = 1,
     MSGID_IGNORE = 2,
     MSGID_UNIMPLEMENTED = 3,
@@ -1235,19 +1238,56 @@ enum WS_MessageIds {
 };
 
 
-/* Allows the server to receive up to KEXDH GEX Request during KEX. */
-#define MSGID_KEXDH_LIMIT MSGID_KEXDH_GEX_REQUEST
-
-/* The endpoints should not allow message IDs greater than or
- * equal to msgid 80 before user authentication is complete.
- * Per RFC 4252 section 6. */
-#define MSGID_USERAUTH_LIMIT 80
+/* The following message ID ranges are described in RFC 5251, section 7. */
+enum WS_MessageIdLimits {
+/* Transport Layer Protocol: */
+    MSGIDLIMIT_TRANS_MIN = 1,
+    MSGIDLIMIT_TRANS_GEN_MIN = 1,
+    MSGIDLIMIT_TRANS_GEN_MAX = 19,
+    MSGIDLIMIT_TRANS_ALGO_MIN = 20,
+    MSGIDLIMIT_TRANS_ALGO_MAX = 29,
+    MSGIDLIMIT_TRANS_KEX_MIN = 30,
+    MSGIDLIMIT_TRANS_KEX_MAX = 49,
+    MSGIDLIMIT_TRANS_MAX = 49,
+/* User Authentication Protocol: */
+    MSGIDLIMIT_AUTH_MIN = 50,
+    MSGIDLIMIT_AUTH_GEN_MIN = 50,
+    MSGIDLIMIT_AUTH_GEN_MAX = 59,
+    MSGIDLIMIT_AUTH_METH_MIN = 60,
+    MSGIDLIMIT_AUTH_METH_MAX = 79,
+    MSGIDLIMIT_AUTH_MAX = 79,
+/* Connection Protocol: */
+    MSGIDLIMIT_CONN_MIN = 80,
+    MSGIDLIMIT_CONN_GEN_MIN = 80,
+    MSGIDLIMIT_CONN_GEN_MAX = 89,
+    MSGIDLIMIT_CONN_CHAN_MIN = 90,
+    MSGIDLIMIT_CONN_CHAN_MAX = 127,
+    MSGIDLIMIT_CONN_MAX = 127,
+/* Reserved For Client Protocols: */
+    MSGIDLIMIT_RESERVED_MIN = 128,
+    MSGIDLIMIT_RESERVED_MAX = 191,
+/* Local Extensions: */
+    MSGIDLIMIT_EXTENDED_MIN = 192,
+    MSGIDLIMIT_EXTENDED_MAX = 255,
+};
 
-/* The client should only send the user auth request message
- * (50), it should not accept it. The server should only receive
- * the user auth request message, it should not accept the other
- * user auth messages, it sends them. (>50) */
-#define MSGID_USERAUTH_RESTRICT 50
+/* Message ID bounds checking. */
+#define MSGIDLIMIT_BOUND(x,y,z) ((x) >= (y) && (x) <= (z))
+#define MSGIDLIMIT_COMP(x,name) \
+    MSGIDLIMIT_BOUND((x),MSGIDLIMIT_##name##_MIN,MSGIDLIMIT_##name##_MAX)
+#define MSGIDLIMIT_TRANS(x) MSGIDLIMIT_COMP((x),TRANS)
+#define MSGIDLIMIT_TRANS_GEN(x) MSGIDLIMIT_COMP((x),TRANS_GEN)
+#define MSGIDLIMIT_TRANS_ALGO(x) MSGIDLIMIT_COMP((x),TRANS_ALGO)
+#define MSGIDLIMIT_TRANS_KEX(x) MSGIDLIMIT_COMP((x),TRANS_KEX)
+#define MSGIDLIMIT_AUTH(x) MSGIDLIMIT_COMP((x),AUTH)
+#define MSGIDLIMIT_AUTH_GEN(x) MSGIDLIMIT_COMP((x),AUTH_GEN)
+#define MSGIDLIMIT_AUTH_METH(x) MSGIDLIMIT_COMP((x),AUTH_METH)
+#define MSGIDLIMIT_CONN(x) MSGIDLIMIT_COMP((x),CONN)
+#define MSGIDLIMIT_CONN_GEN(x) MSGIDLIMIT_COMP((x),CONN_GEN)
+#define MSGIDLIMIT_CONN_CHAN(x) MSGIDLIMIT_COMP((x),CONN_CHAN)
+#define MSGIDLIMIT_RESERVED(x) MSGIDLIMIT_COMP((x),RESERVED)
+#define MSGIDLIMIT_EXTENDED(x) MSGIDLIMIT_COMP((x),EXTENDED)
+#define MSGIDLIMIT_POST_USERAUTH(x) ((x) >= MSGIDLIMIT_CONN_MIN)
 
 
 #define CHANNEL_EXTENDED_DATA_STDERR WOLFSSH_EXT_DATA_STDERR