crypt.c | crypt.c | |||
---|---|---|---|---|
skipping to change at line 24 | skipping to change at line 24 | |||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILI TY | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILI TY | |||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public | |||
* License for more details. | * License for more details. | |||
* | * | |||
* You should have received a copy of the GNU Lesser General Public License | * You should have received a copy of the GNU Lesser General Public License | |||
* along with the SSH Library; see the file COPYING. If not, write to | * along with the SSH Library; see the file COPYING. If not, write to | |||
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, | * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, | |||
* MA 02111-1307, USA. | * MA 02111-1307, USA. | |||
*/ | */ | |||
#include <unistd.h> | #include "config.h" | |||
#include <stdlib.h> | #include <stdlib.h> | |||
#include <stdio.h> | #include <stdio.h> | |||
#include <string.h> | #include <string.h> | |||
#ifndef _WIN32 | #ifndef _WIN32 | |||
#include <arpa/inet.h> | #include <arpa/inet.h> | |||
#endif | #endif | |||
#ifdef OPENSSL_CRYPTO | #ifdef OPENSSL_CRYPTO | |||
#include <openssl/blowfish.h> | #include <openssl/blowfish.h> | |||
#include <openssl/evp.h> | #include <openssl/evp.h> | |||
#include <openssl/hmac.h> | #include <openssl/hmac.h> | |||
#endif | #endif | |||
#include "libssh/priv.h" | #include "libssh/priv.h" | |||
#include "libssh/session.h" | ||||
#include "libssh/wrapper.h" | ||||
#include "libssh/crypto.h" | #include "libssh/crypto.h" | |||
uint32_t packet_decrypt_len(ssh_session session, char *crypted){ | ||||
u32 packet_decrypt_len(SSH_SESSION *session, char *crypted){ | uint32_t decrypted; | |||
u32 decrypted; | ||||
if (session->current_crypto) { | if (session->current_crypto) { | |||
if (packet_decrypt(session, crypted, | if (packet_decrypt(session, crypted, | |||
session->current_crypto->in_cipher->blocksize) < 0) { | session->current_crypto->in_cipher->blocksize) < 0) { | |||
return 0; | return 0; | |||
} | } | |||
} | } | |||
memcpy(&decrypted,crypted,sizeof(decrypted)); | memcpy(&decrypted,crypted,sizeof(decrypted)); | |||
ssh_log(session, SSH_LOG_PACKET, | ssh_log(session, SSH_LOG_PACKET, | |||
"Packet size decrypted: %lu (0x%lx)", | "Packet size decrypted: %lu (0x%lx)", | |||
(long unsigned int) ntohl(decrypted), | (long unsigned int) ntohl(decrypted), | |||
(long unsigned int) ntohl(decrypted)); | (long unsigned int) ntohl(decrypted)); | |||
return ntohl(decrypted); | return ntohl(decrypted); | |||
} | } | |||
int packet_decrypt(SSH_SESSION *session, void *data,u32 len) { | int packet_decrypt(ssh_session session, void *data,uint32_t len) { | |||
struct crypto_struct *crypto = session->current_crypto->in_cipher; | struct crypto_struct *crypto = session->current_crypto->in_cipher; | |||
char *out = NULL; | char *out = NULL; | |||
if(len % session->current_crypto->in_cipher->blocksize != 0){ | if(len % session->current_crypto->in_cipher->blocksize != 0){ | |||
ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set on at least one blocksize (received %d)",len); | ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set on at least one blocksize (received %d)",len); | |||
return SSH_ERROR; | return SSH_ERROR; | |||
} | } | |||
out = malloc(len); | out = malloc(len); | |||
if (out == NULL) { | if (out == NULL) { | |||
return -1; | return -1; | |||
} | } | |||
skipping to change at line 96 | skipping to change at line 97 | |||
crypto->cbc_decrypt(crypto,data,out,len,session->current_crypto->decryptI V); | crypto->cbc_decrypt(crypto,data,out,len,session->current_crypto->decryptI V); | |||
#endif | #endif | |||
memcpy(data,out,len); | memcpy(data,out,len); | |||
memset(out,0,len); | memset(out,0,len); | |||
SAFE_FREE(out); | SAFE_FREE(out); | |||
return 0; | return 0; | |||
} | } | |||
unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) { | unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len ) { | |||
struct crypto_struct *crypto = NULL; | struct crypto_struct *crypto = NULL; | |||
HMACCTX ctx = NULL; | HMACCTX ctx = NULL; | |||
char *out = NULL; | char *out = NULL; | |||
unsigned int finallen; | unsigned int finallen; | |||
u32 seq; | uint32_t seq; | |||
if (!session->current_crypto) { | if (!session->current_crypto) { | |||
return NULL; /* nothing to do here */ | return NULL; /* nothing to do here */ | |||
} | } | |||
if(len % session->current_crypto->in_cipher->blocksize != 0){ | if(len % session->current_crypto->in_cipher->blocksize != 0){ | |||
ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be se t on at least one blocksize (received %d)",len); | ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be se t on at least one blocksize (received %d)",len); | |||
return NULL; | return NULL; | |||
} | } | |||
out = malloc(len); | out = malloc(len); | |||
if (out == NULL) { | if (out == NULL) { | |||
skipping to change at line 141 | skipping to change at line 142 | |||
return NULL; | return NULL; | |||
} | } | |||
#endif | #endif | |||
if (session->version == 2) { | if (session->version == 2) { | |||
ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); | ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); | |||
if (ctx == NULL) { | if (ctx == NULL) { | |||
SAFE_FREE(out); | SAFE_FREE(out); | |||
return NULL; | return NULL; | |||
} | } | |||
hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); | hmac_update(ctx,(unsigned char *)&seq,sizeof(uint32_t)); | |||
hmac_update(ctx,data,len); | hmac_update(ctx,data,len); | |||
hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); | hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); | |||
#ifdef DEBUG_CRYPTO | #ifdef DEBUG_CRYPTO | |||
ssh_print_hexa("mac: ",data,len); | ssh_print_hexa("mac: ",data,len); | |||
if (finallen != 20) { | if (finallen != 20) { | |||
printf("Final len is %d\n",finallen); | printf("Final len is %d\n",finallen); | |||
} | } | |||
ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20); | ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20); | |||
#endif | #endif | |||
} | } | |||
skipping to change at line 183 | skipping to change at line 184 | |||
* | * | |||
* @brief Verify the hmac of a packet | * @brief Verify the hmac of a packet | |||
* | * | |||
* @param session The session to use. | * @param session The session to use. | |||
* @param buffer The buffer to verify the hmac from. | * @param buffer The buffer to verify the hmac from. | |||
* @param mac The mac to compare with the hmac. | * @param mac The mac to compare with the hmac. | |||
* | * | |||
* @return 0 if hmac and mac are equal, < 0 if not or an error | * @return 0 if hmac and mac are equal, < 0 if not or an error | |||
* occured. | * occured. | |||
*/ | */ | |||
int packet_hmac_verify(SSH_SESSION *session, BUFFER *buffer, | int packet_hmac_verify(ssh_session session, ssh_buffer buffer, | |||
unsigned char *mac) { | unsigned char *mac) { | |||
unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0}; | unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0}; | |||
HMACCTX ctx; | HMACCTX ctx; | |||
unsigned int len; | unsigned int len; | |||
u32 seq; | uint32_t seq; | |||
ctx = hmac_init(session->current_crypto->decryptMAC, 20, HMAC_SHA1); | ctx = hmac_init(session->current_crypto->decryptMAC, 20, HMAC_SHA1); | |||
if (ctx == NULL) { | if (ctx == NULL) { | |||
return -1; | return -1; | |||
} | } | |||
seq = htonl(session->recv_seq); | seq = htonl(session->recv_seq); | |||
hmac_update(ctx, (unsigned char *) &seq, sizeof(u32)); | hmac_update(ctx, (unsigned char *) &seq, sizeof(uint32_t)); | |||
hmac_update(ctx, buffer_get(buffer), buffer_get_len(buffer)); | hmac_update(ctx, buffer_get(buffer), buffer_get_len(buffer)); | |||
hmac_final(ctx, hmacbuf, &len); | hmac_final(ctx, hmacbuf, &len); | |||
#ifdef DEBUG_CRYPTO | #ifdef DEBUG_CRYPTO | |||
ssh_print_hexa("received mac",mac,len); | ssh_print_hexa("received mac",mac,len); | |||
ssh_print_hexa("Computed mac",hmacbuf,len); | ssh_print_hexa("Computed mac",hmacbuf,len); | |||
ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32)); | ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(uint32_t)); | |||
#endif | #endif | |||
if (memcmp(mac, hmacbuf, len) == 0) { | if (memcmp(mac, hmacbuf, len) == 0) { | |||
return 0; | return 0; | |||
} | } | |||
return -1; | return -1; | |||
} | } | |||
/* vim: set ts=2 sw=2 et cindent: */ | /* vim: set ts=2 sw=2 et cindent: */ | |||
End of changes. 11 change blocks. | ||||
12 lines changed or deleted | 13 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |