crypt.c   crypt.c 
skipping to change at line 24 skipping to change at line 24
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILI TY * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILI TY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details. * License for more details.
* *
* You should have received a copy of the GNU Lesser General Public License * You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to * along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA. * MA 02111-1307, USA.
*/ */
#include <unistd.h> #include "config.h"
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#ifndef _WIN32 #ifndef _WIN32
#include <arpa/inet.h> #include <arpa/inet.h>
#endif #endif
#ifdef OPENSSL_CRYPTO #ifdef OPENSSL_CRYPTO
#include <openssl/blowfish.h> #include <openssl/blowfish.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#endif #endif
#include "libssh/priv.h" #include "libssh/priv.h"
#include "libssh/session.h"
#include "libssh/wrapper.h"
#include "libssh/crypto.h" #include "libssh/crypto.h"
uint32_t packet_decrypt_len(ssh_session session, char *crypted){
u32 packet_decrypt_len(SSH_SESSION *session, char *crypted){ uint32_t decrypted;
u32 decrypted;
if (session->current_crypto) { if (session->current_crypto) {
if (packet_decrypt(session, crypted, if (packet_decrypt(session, crypted,
session->current_crypto->in_cipher->blocksize) < 0) { session->current_crypto->in_cipher->blocksize) < 0) {
return 0; return 0;
} }
} }
memcpy(&decrypted,crypted,sizeof(decrypted)); memcpy(&decrypted,crypted,sizeof(decrypted));
ssh_log(session, SSH_LOG_PACKET, ssh_log(session, SSH_LOG_PACKET,
"Packet size decrypted: %lu (0x%lx)", "Packet size decrypted: %lu (0x%lx)",
(long unsigned int) ntohl(decrypted), (long unsigned int) ntohl(decrypted),
(long unsigned int) ntohl(decrypted)); (long unsigned int) ntohl(decrypted));
return ntohl(decrypted); return ntohl(decrypted);
} }
int packet_decrypt(SSH_SESSION *session, void *data,u32 len) { int packet_decrypt(ssh_session session, void *data,uint32_t len) {
struct crypto_struct *crypto = session->current_crypto->in_cipher; struct crypto_struct *crypto = session->current_crypto->in_cipher;
char *out = NULL; char *out = NULL;
if(len % session->current_crypto->in_cipher->blocksize != 0){ if(len % session->current_crypto->in_cipher->blocksize != 0){
ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set on at least one blocksize (received %d)",len); ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set on at least one blocksize (received %d)",len);
return SSH_ERROR; return SSH_ERROR;
} }
out = malloc(len); out = malloc(len);
if (out == NULL) { if (out == NULL) {
return -1; return -1;
} }
skipping to change at line 96 skipping to change at line 97
crypto->cbc_decrypt(crypto,data,out,len,session->current_crypto->decryptI V); crypto->cbc_decrypt(crypto,data,out,len,session->current_crypto->decryptI V);
#endif #endif
memcpy(data,out,len); memcpy(data,out,len);
memset(out,0,len); memset(out,0,len);
SAFE_FREE(out); SAFE_FREE(out);
return 0; return 0;
} }
unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) { unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len ) {
struct crypto_struct *crypto = NULL; struct crypto_struct *crypto = NULL;
HMACCTX ctx = NULL; HMACCTX ctx = NULL;
char *out = NULL; char *out = NULL;
unsigned int finallen; unsigned int finallen;
u32 seq; uint32_t seq;
if (!session->current_crypto) { if (!session->current_crypto) {
return NULL; /* nothing to do here */ return NULL; /* nothing to do here */
} }
if(len % session->current_crypto->in_cipher->blocksize != 0){ if(len % session->current_crypto->in_cipher->blocksize != 0){
ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be se t on at least one blocksize (received %d)",len); ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be se t on at least one blocksize (received %d)",len);
return NULL; return NULL;
} }
out = malloc(len); out = malloc(len);
if (out == NULL) { if (out == NULL) {
skipping to change at line 141 skipping to change at line 142
return NULL; return NULL;
} }
#endif #endif
if (session->version == 2) { if (session->version == 2) {
ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1);
if (ctx == NULL) { if (ctx == NULL) {
SAFE_FREE(out); SAFE_FREE(out);
return NULL; return NULL;
} }
hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); hmac_update(ctx,(unsigned char *)&seq,sizeof(uint32_t));
hmac_update(ctx,data,len); hmac_update(ctx,data,len);
hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("mac: ",data,len); ssh_print_hexa("mac: ",data,len);
if (finallen != 20) { if (finallen != 20) {
printf("Final len is %d\n",finallen); printf("Final len is %d\n",finallen);
} }
ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20); ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20);
#endif #endif
} }
skipping to change at line 183 skipping to change at line 184
* *
* @brief Verify the hmac of a packet * @brief Verify the hmac of a packet
* *
* @param session The session to use. * @param session The session to use.
* @param buffer The buffer to verify the hmac from. * @param buffer The buffer to verify the hmac from.
* @param mac The mac to compare with the hmac. * @param mac The mac to compare with the hmac.
* *
* @return 0 if hmac and mac are equal, < 0 if not or an error * @return 0 if hmac and mac are equal, < 0 if not or an error
* occured. * occured.
*/ */
int packet_hmac_verify(SSH_SESSION *session, BUFFER *buffer, int packet_hmac_verify(ssh_session session, ssh_buffer buffer,
unsigned char *mac) { unsigned char *mac) {
unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0}; unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0};
HMACCTX ctx; HMACCTX ctx;
unsigned int len; unsigned int len;
u32 seq; uint32_t seq;
ctx = hmac_init(session->current_crypto->decryptMAC, 20, HMAC_SHA1); ctx = hmac_init(session->current_crypto->decryptMAC, 20, HMAC_SHA1);
if (ctx == NULL) { if (ctx == NULL) {
return -1; return -1;
} }
seq = htonl(session->recv_seq); seq = htonl(session->recv_seq);
hmac_update(ctx, (unsigned char *) &seq, sizeof(u32)); hmac_update(ctx, (unsigned char *) &seq, sizeof(uint32_t));
hmac_update(ctx, buffer_get(buffer), buffer_get_len(buffer)); hmac_update(ctx, buffer_get(buffer), buffer_get_len(buffer));
hmac_final(ctx, hmacbuf, &len); hmac_final(ctx, hmacbuf, &len);
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("received mac",mac,len); ssh_print_hexa("received mac",mac,len);
ssh_print_hexa("Computed mac",hmacbuf,len); ssh_print_hexa("Computed mac",hmacbuf,len);
ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32)); ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t));
#endif #endif
if (memcmp(mac, hmacbuf, len) == 0) { if (memcmp(mac, hmacbuf, len) == 0) {
return 0; return 0;
} }
return -1; return -1;
} }
/* vim: set ts=2 sw=2 et cindent: */ /* vim: set ts=2 sw=2 et cindent: */
 End of changes. 11 change blocks. 
12 lines changed or deleted 13 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/