Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

191 lines (169 sloc) 5.377 kB
/*
* Routines to do cryptographic interaction with proxies in PuTTY.
* This is in a separate module from proxy.c, so that it can be
* conveniently removed in PuTTYtel by replacing this module with
* the stub version nocproxy.c.
*/
#include <assert.h>
#include <ctype.h>
#include <string.h>
#define DEFINE_PLUG_METHOD_MACROS
#include "putty.h"
#include "ssh.h" /* For MD5 support */
#include "network.h"
#include "proxy.h"
static void hmacmd5_chap(const unsigned char *challenge, int challen,
const char *passwd, unsigned char *response)
{
void *hmacmd5_ctx;
int pwlen;
hmacmd5_ctx = hmacmd5_make_context();
pwlen = strlen(passwd);
if (pwlen>64) {
unsigned char md5buf[16];
MD5Simple(passwd, pwlen, md5buf);
hmacmd5_key(hmacmd5_ctx, md5buf, 16);
} else {
hmacmd5_key(hmacmd5_ctx, passwd, pwlen);
}
hmacmd5_do_hmac(hmacmd5_ctx, challenge, challen, response);
hmacmd5_free_context(hmacmd5_ctx);
}
void proxy_socks5_offerencryptedauth(char *command, int *len)
{
command[*len] = 0x03; /* CHAP */
(*len)++;
}
int proxy_socks5_handlechap (Proxy_Socket p)
{
/* CHAP authentication reply format:
* version number (1 bytes) = 1
* number of commands (1 byte)
*
* For each command:
* command identifier (1 byte)
* data length (1 byte)
*/
unsigned char data[260];
unsigned char outbuf[20];
while(p->chap_num_attributes == 0 ||
p->chap_num_attributes_processed < p->chap_num_attributes) {
if (p->chap_num_attributes == 0 ||
p->chap_current_attribute == -1) {
/* CHAP normally reads in two bytes, either at the
* beginning or for each attribute/value pair. But if
* we're waiting for the value's data, we might not want
* to read 2 bytes.
*/
if (bufchain_size(&p->pending_input_data) < 2)
return 1; /* not got anything yet */
/* get the response */
bufchain_fetch(&p->pending_input_data, data, 2);
bufchain_consume(&p->pending_input_data, 2);
}
if (p->chap_num_attributes == 0) {
/* If there are no attributes, this is our first msg
* with the server, where we negotiate version and
* number of attributes
*/
if (data[0] != 0x01) {
plug_closing(p->plug, "Proxy error: SOCKS proxy wants"
" a different CHAP version",
PROXY_ERROR_GENERAL, 0);
return 1;
}
if (data[1] == 0x00) {
plug_closing(p->plug, "Proxy error: SOCKS proxy won't"
" negotiate CHAP with us",
PROXY_ERROR_GENERAL, 0);
return 1;
}
p->chap_num_attributes = data[1];
} else {
if (p->chap_current_attribute == -1) {
/* We have to read in each attribute/value pair -
* those we don't understand can be ignored, but
* there are a few we'll need to handle.
*/
p->chap_current_attribute = data[0];
p->chap_current_datalen = data[1];
}
if (bufchain_size(&p->pending_input_data) <
p->chap_current_datalen)
return 1; /* not got everything yet */
/* get the response */
bufchain_fetch(&p->pending_input_data, data,
p->chap_current_datalen);
bufchain_consume(&p->pending_input_data,
p->chap_current_datalen);
switch (p->chap_current_attribute) {
case 0x00:
/* Successful authentication */
if (data[0] == 0x00)
p->state = 2;
else {
plug_closing(p->plug, "Proxy error: SOCKS proxy"
" refused CHAP authentication",
PROXY_ERROR_GENERAL, 0);
return 1;
}
break;
case 0x03:
outbuf[0] = 0x01; /* Version */
outbuf[1] = 0x01; /* One attribute */
outbuf[2] = 0x04; /* Response */
outbuf[3] = 0x10; /* Length */
hmacmd5_chap(data, p->chap_current_datalen,
p->cfg.proxy_password, &outbuf[4]);
sk_write(p->sub_socket, (char *)outbuf, 20);
break;
case 0x11:
/* Chose a protocol */
if (data[0] != 0x85) {
plug_closing(p->plug, "Proxy error: Server chose "
"CHAP of other than HMAC-MD5 but we "
"didn't offer it!",
PROXY_ERROR_GENERAL, 0);
return 1;
}
break;
}
p->chap_current_attribute = -1;
p->chap_num_attributes_processed++;
}
if (p->state == 8 &&
p->chap_num_attributes_processed >= p->chap_num_attributes) {
p->chap_num_attributes = 0;
p->chap_num_attributes_processed = 0;
p->chap_current_datalen = 0;
}
}
return 0;
}
int proxy_socks5_selectchap(Proxy_Socket p)
{
if (p->cfg.proxy_username[0] || p->cfg.proxy_password[0]) {
char chapbuf[514];
int ulen;
chapbuf[0] = '\x01'; /* Version */
chapbuf[1] = '\x02'; /* Number of attributes sent */
chapbuf[2] = '\x11'; /* First attribute - algorithms list */
chapbuf[3] = '\x01'; /* Only one CHAP algorithm */
chapbuf[4] = '\x85'; /* ...and it's HMAC-MD5, the core one */
chapbuf[5] = '\x02'; /* Second attribute - username */
ulen = strlen(p->cfg.proxy_username);
if (ulen > 255) ulen = 255; if (ulen < 1) ulen = 1;
chapbuf[6] = ulen;
memcpy(chapbuf+7, p->cfg.proxy_username, ulen);
sk_write(p->sub_socket, chapbuf, ulen + 7);
p->chap_num_attributes = 0;
p->chap_num_attributes_processed = 0;
p->chap_current_attribute = -1;
p->chap_current_datalen = 0;
p->state = 8;
} else
plug_closing(p->plug, "Proxy error: Server chose "
"CHAP authentication but we didn't offer it!",
PROXY_ERROR_GENERAL, 0);
return 1;
}
Jump to Line
Something went wrong with that request. Please try again.