Add logic to support SHA2 HMAC algorithms
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
родитель
4a08902664
Коммит
164b8e99cc
@ -46,6 +46,8 @@
|
|||||||
#include "libssh/kex.h"
|
#include "libssh/kex.h"
|
||||||
#include "libssh/curve25519.h"
|
#include "libssh/curve25519.h"
|
||||||
|
|
||||||
|
#define DIGEST_MAX_LEN 64
|
||||||
|
|
||||||
enum ssh_key_exchange_e {
|
enum ssh_key_exchange_e {
|
||||||
/* diffie-hellman-group1-sha1 */
|
/* diffie-hellman-group1-sha1 */
|
||||||
SSH_KEX_DH_GROUP1_SHA1=1,
|
SSH_KEX_DH_GROUP1_SHA1=1,
|
||||||
@ -79,8 +81,10 @@ struct ssh_crypto_struct {
|
|||||||
unsigned char *encryptkey;
|
unsigned char *encryptkey;
|
||||||
unsigned char *encryptMAC;
|
unsigned char *encryptMAC;
|
||||||
unsigned char *decryptMAC;
|
unsigned char *decryptMAC;
|
||||||
unsigned char hmacbuf[EVP_MAX_MD_SIZE];
|
unsigned char hmacbuf[DIGEST_MAX_LEN];
|
||||||
struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
|
struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
|
||||||
|
enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
|
||||||
|
|
||||||
ssh_string server_pubkey;
|
ssh_string server_pubkey;
|
||||||
const char *server_pubkey_type;
|
const char *server_pubkey_type;
|
||||||
int do_compress_out; /* idem */
|
int do_compress_out; /* idem */
|
||||||
|
@ -21,6 +21,8 @@
|
|||||||
#ifndef PACKET_H_
|
#ifndef PACKET_H_
|
||||||
#define PACKET_H_
|
#define PACKET_H_
|
||||||
|
|
||||||
|
#include "libssh/wrapper.h"
|
||||||
|
|
||||||
struct ssh_socket_struct;
|
struct ssh_socket_struct;
|
||||||
|
|
||||||
/* this structure should go someday */
|
/* this structure should go someday */
|
||||||
@ -82,6 +84,6 @@ unsigned char *packet_encrypt(ssh_session session,
|
|||||||
void *packet,
|
void *packet,
|
||||||
unsigned int len);
|
unsigned int len);
|
||||||
int packet_hmac_verify(ssh_session session,ssh_buffer buffer,
|
int packet_hmac_verify(ssh_session session,ssh_buffer buffer,
|
||||||
unsigned char *mac);
|
unsigned char *mac, enum ssh_hmac_e type);
|
||||||
|
|
||||||
#endif /* PACKET_H_ */
|
#endif /* PACKET_H_ */
|
||||||
|
@ -82,6 +82,7 @@ void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx);
|
|||||||
HMACCTX hmac_init(const void *key,int len, enum ssh_hmac_e type);
|
HMACCTX hmac_init(const void *key,int len, enum ssh_hmac_e type);
|
||||||
void hmac_update(HMACCTX c, const void *data, unsigned long len);
|
void hmac_update(HMACCTX c, const void *data, unsigned long len);
|
||||||
void hmac_final(HMACCTX ctx,unsigned char *hashmacbuf,unsigned int *len);
|
void hmac_final(HMACCTX ctx,unsigned char *hashmacbuf,unsigned int *len);
|
||||||
|
size_t hmac_digest_len(enum ssh_hmac_e type);
|
||||||
|
|
||||||
int crypt_set_algorithms(ssh_session session, enum ssh_des_e des_type);
|
int crypt_set_algorithms(ssh_session session, enum ssh_des_e des_type);
|
||||||
int crypt_set_algorithms_server(ssh_session session);
|
int crypt_set_algorithms_server(ssh_session session);
|
||||||
|
112
src/dh.c
112
src/dh.c
@ -864,8 +864,10 @@ int hashbufin_add_cookie(ssh_session session, unsigned char *cookie) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int generate_one_key(ssh_string k,
|
static int generate_one_key(ssh_string k,
|
||||||
struct ssh_crypto_struct *crypto, unsigned char *output, char letter) {
|
struct ssh_crypto_struct *crypto, unsigned char **output, char letter, size_t requested_size) {
|
||||||
ssh_mac_ctx ctx;
|
ssh_mac_ctx ctx;
|
||||||
|
unsigned char *tmp;
|
||||||
|
size_t size = crypto->digest_len;
|
||||||
ctx=ssh_mac_ctx_init(crypto->mac_type);
|
ctx=ssh_mac_ctx_init(crypto->mac_type);
|
||||||
|
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
@ -876,16 +878,33 @@ static int generate_one_key(ssh_string k,
|
|||||||
ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
|
ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
|
||||||
ssh_mac_update(ctx, &letter, 1);
|
ssh_mac_update(ctx, &letter, 1);
|
||||||
ssh_mac_update(ctx, crypto->session_id, crypto->digest_len);
|
ssh_mac_update(ctx, crypto->session_id, crypto->digest_len);
|
||||||
ssh_mac_final(output, ctx);
|
ssh_mac_final(*output, ctx);
|
||||||
|
|
||||||
|
while(requested_size > size) {
|
||||||
|
tmp = realloc(*output, size + crypto->digest_len);
|
||||||
|
if (tmp == NULL) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
*output = tmp;
|
||||||
|
|
||||||
|
ctx = ssh_mac_ctx_init(crypto->mac_type);
|
||||||
|
if (ctx == NULL) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
ssh_mac_update(ctx, k, ssh_string_len(k) + 4);
|
||||||
|
ssh_mac_update(ctx, crypto->secret_hash,
|
||||||
|
crypto->digest_len);
|
||||||
|
ssh_mac_update(ctx, tmp, size);
|
||||||
|
ssh_mac_final(tmp + size, ctx);
|
||||||
|
size += crypto->digest_len;
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int generate_session_keys(ssh_session session) {
|
int generate_session_keys(ssh_session session) {
|
||||||
ssh_string k_string = NULL;
|
ssh_string k_string = NULL;
|
||||||
ssh_mac_ctx ctx = NULL;
|
|
||||||
struct ssh_crypto_struct *crypto = session->next_crypto;
|
struct ssh_crypto_struct *crypto = session->next_crypto;
|
||||||
unsigned char *tmp;
|
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
|
|
||||||
k_string = make_bignum_string(crypto->k);
|
k_string = make_bignum_string(crypto->k);
|
||||||
@ -909,96 +928,71 @@ int generate_session_keys(ssh_session session) {
|
|||||||
|
|
||||||
/* IV */
|
/* IV */
|
||||||
if (session->client) {
|
if (session->client) {
|
||||||
if (generate_one_key(k_string, crypto, crypto->encryptIV, 'A') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->encryptIV, 'A', crypto->digest_len);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (generate_one_key(k_string, crypto, crypto->decryptIV, 'B') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->decryptIV, 'B', crypto->digest_len);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (generate_one_key(k_string, crypto, crypto->decryptIV, 'A') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->decryptIV, 'A', crypto->digest_len);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (generate_one_key(k_string, crypto, crypto->encryptIV, 'B') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->encryptIV, 'B', crypto->digest_len);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (session->client) {
|
if (session->client) {
|
||||||
if (generate_one_key(k_string, crypto, crypto->encryptkey, 'C') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->encryptkey, 'C', crypto->out_cipher->keysize / 8);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (generate_one_key(k_string, crypto, crypto->decryptkey, 'D') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->decryptkey, 'D', crypto->in_cipher->keysize / 8);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (generate_one_key(k_string, crypto, crypto->decryptkey, 'C') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->decryptkey, 'C', crypto->in_cipher->keysize / 8);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (generate_one_key(k_string, crypto, crypto->encryptkey, 'D') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->encryptkey, 'D', crypto->out_cipher->keysize / 8);
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* some ciphers need more than DIGEST_LEN bytes of input key */
|
|
||||||
if (crypto->out_cipher->keysize > crypto->digest_len * 8) {
|
|
||||||
tmp = realloc(crypto->encryptkey, crypto->digest_len * 2);
|
|
||||||
if (tmp == NULL) {
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
crypto->encryptkey = tmp;
|
|
||||||
|
|
||||||
ctx = ssh_mac_ctx_init(crypto->mac_type);
|
|
||||||
if (ctx == NULL) {
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
ssh_mac_update(ctx, k_string, ssh_string_len(k_string) + 4);
|
|
||||||
ssh_mac_update(ctx, crypto->secret_hash,
|
|
||||||
crypto->digest_len);
|
|
||||||
ssh_mac_update(ctx, crypto->encryptkey, crypto->digest_len);
|
|
||||||
ssh_mac_final(crypto->encryptkey + crypto->digest_len, ctx);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (crypto->in_cipher->keysize > crypto->digest_len * 8) {
|
|
||||||
tmp = realloc(crypto->decryptkey, crypto->digest_len *2);
|
|
||||||
if (tmp == NULL) {
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
crypto->decryptkey = tmp;
|
|
||||||
|
|
||||||
if(crypto->decryptkey == NULL)
|
|
||||||
goto error;
|
|
||||||
ctx = ssh_mac_ctx_init(crypto->mac_type);
|
|
||||||
ssh_mac_update(ctx, k_string, ssh_string_len(k_string) + 4);
|
|
||||||
ssh_mac_update(ctx, crypto->secret_hash,
|
|
||||||
crypto->digest_len);
|
|
||||||
ssh_mac_update(ctx, crypto->decryptkey, crypto->digest_len);
|
|
||||||
ssh_mac_final(crypto->decryptkey + crypto->digest_len, ctx);
|
|
||||||
}
|
|
||||||
if(session->client) {
|
if(session->client) {
|
||||||
if (generate_one_key(k_string, crypto, crypto->encryptMAC, 'E') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->encryptMAC, 'E', hmac_digest_len(crypto->out_hmac));
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (generate_one_key(k_string, crypto, crypto->decryptMAC, 'F') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->decryptMAC, 'F', hmac_digest_len(crypto->in_hmac));
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (generate_one_key(k_string, crypto, crypto->decryptMAC, 'E') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->decryptMAC, 'E', hmac_digest_len(crypto->in_hmac));
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (generate_one_key(k_string, crypto, crypto->encryptMAC, 'F') < 0) {
|
rc = generate_one_key(k_string, crypto, &crypto->encryptMAC, 'F', hmac_digest_len(crypto->out_hmac));
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef DEBUG_CRYPTO
|
#ifdef DEBUG_CRYPTO
|
||||||
ssh_print_hexa("Encrypt IV", crypto->encryptIV, SHA_DIGEST_LEN);
|
ssh_print_hexa("Encrypt IV", crypto->encryptIV, crypto->digest_len);
|
||||||
ssh_print_hexa("Decrypt IV", crypto->decryptIV, SHA_DIGEST_LEN);
|
ssh_print_hexa("Decrypt IV", crypto->decryptIV, crypto->digest_len);
|
||||||
ssh_print_hexa("Encryption key", crypto->encryptkey,
|
ssh_print_hexa("Encryption key", crypto->encryptkey, crypto->out_cipher->keysize / 8);
|
||||||
crypto->out_cipher->keysize);
|
ssh_print_hexa("Decryption key", crypto->decryptkey, crypto->in_cipher->keysize / 8);
|
||||||
ssh_print_hexa("Decryption key", crypto->decryptkey,
|
ssh_print_hexa("Encryption MAC", crypto->encryptMAC, hmac_digest_len(crypto->out_hmac));
|
||||||
crypto->in_cipher->keysize);
|
ssh_print_hexa("Decryption MAC", crypto->decryptMAC, hmac_digest_len(crypto->in_hmac));
|
||||||
ssh_print_hexa("Encryption MAC", crypto->encryptMAC, SHA_DIGEST_LEN);
|
|
||||||
ssh_print_hexa("Decryption MAC", crypto->decryptMAC, 20);
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
rc = 0;
|
rc = 0;
|
||||||
|
19
src/packet.c
19
src/packet.c
@ -48,8 +48,6 @@
|
|||||||
#include "libssh/auth.h"
|
#include "libssh/auth.h"
|
||||||
#include "libssh/gssapi.h"
|
#include "libssh/gssapi.h"
|
||||||
|
|
||||||
#define MACSIZE SHA_DIGEST_LEN
|
|
||||||
|
|
||||||
static ssh_packet_callback default_packet_handlers[]= {
|
static ssh_packet_callback default_packet_handlers[]= {
|
||||||
ssh_packet_disconnect_callback, // SSH2_MSG_DISCONNECT 1
|
ssh_packet_disconnect_callback, // SSH2_MSG_DISCONNECT 1
|
||||||
ssh_packet_ignore_callback, // SSH2_MSG_IGNORE 2
|
ssh_packet_ignore_callback, // SSH2_MSG_IGNORE 2
|
||||||
@ -146,9 +144,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
|
|||||||
ssh_session session= (ssh_session) user;
|
ssh_session session= (ssh_session) user;
|
||||||
unsigned int blocksize = (session->current_crypto ?
|
unsigned int blocksize = (session->current_crypto ?
|
||||||
session->current_crypto->in_cipher->blocksize : 8);
|
session->current_crypto->in_cipher->blocksize : 8);
|
||||||
int current_macsize = session->current_crypto ? MACSIZE : 0;
|
unsigned char mac[DIGEST_MAX_LEN] = {0};
|
||||||
unsigned char mac[30] = {0};
|
|
||||||
char buffer[16] = {0};
|
char buffer[16] = {0};
|
||||||
|
size_t current_macsize = 0;
|
||||||
const uint8_t *packet;
|
const uint8_t *packet;
|
||||||
int to_be_read;
|
int to_be_read;
|
||||||
int rc;
|
int rc;
|
||||||
@ -156,6 +154,10 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
|
|||||||
uint8_t padding;
|
uint8_t padding;
|
||||||
size_t processed = 0; /* number of byte processed from the callback */
|
size_t processed = 0; /* number of byte processed from the callback */
|
||||||
|
|
||||||
|
if(session->current_crypto != NULL) {
|
||||||
|
current_macsize = hmac_digest_len(session->current_crypto->in_hmac);
|
||||||
|
}
|
||||||
|
|
||||||
if (data == NULL) {
|
if (data == NULL) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
@ -267,9 +269,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
|
|||||||
|
|
||||||
/* copy the last part from the incoming buffer */
|
/* copy the last part from the incoming buffer */
|
||||||
packet = ((uint8_t *)data) + processed;
|
packet = ((uint8_t *)data) + processed;
|
||||||
memcpy(mac, packet, MACSIZE);
|
memcpy(mac, packet, current_macsize);
|
||||||
|
|
||||||
rc = packet_hmac_verify(session, session->in_buffer, mac);
|
rc = packet_hmac_verify(session, session->in_buffer, mac, session->current_crypto->in_hmac);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
ssh_set_error(session, SSH_FATAL, "HMAC error");
|
ssh_set_error(session, SSH_FATAL, "HMAC error");
|
||||||
goto error;
|
goto error;
|
||||||
@ -506,6 +508,8 @@ static int ssh_packet_write(ssh_session session) {
|
|||||||
static int packet_send2(ssh_session session) {
|
static int packet_send2(ssh_session session) {
|
||||||
unsigned int blocksize = (session->current_crypto ?
|
unsigned int blocksize = (session->current_crypto ?
|
||||||
session->current_crypto->out_cipher->blocksize : 8);
|
session->current_crypto->out_cipher->blocksize : 8);
|
||||||
|
enum ssh_hmac_e hmac_type = (session->current_crypto ?
|
||||||
|
session->current_crypto->out_hmac : session->next_crypto->out_hmac);
|
||||||
uint32_t currentlen = buffer_get_rest_len(session->out_buffer);
|
uint32_t currentlen = buffer_get_rest_len(session->out_buffer);
|
||||||
unsigned char *hmac = NULL;
|
unsigned char *hmac = NULL;
|
||||||
char padstring[32] = { 0 };
|
char padstring[32] = { 0 };
|
||||||
@ -558,7 +562,8 @@ static int packet_send2(ssh_session session) {
|
|||||||
hmac = packet_encrypt(session, buffer_get_rest(session->out_buffer),
|
hmac = packet_encrypt(session, buffer_get_rest(session->out_buffer),
|
||||||
buffer_get_rest_len(session->out_buffer));
|
buffer_get_rest_len(session->out_buffer));
|
||||||
if (hmac) {
|
if (hmac) {
|
||||||
if (ssh_buffer_add_data(session->out_buffer, hmac, 20) < 0) {
|
rc = ssh_buffer_add_data(session->out_buffer, hmac, hmac_digest_len(hmac_type));
|
||||||
|
if (rc < 0) {
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -92,6 +92,7 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) {
|
|||||||
char *out = NULL;
|
char *out = NULL;
|
||||||
unsigned int finallen;
|
unsigned int finallen;
|
||||||
uint32_t seq;
|
uint32_t seq;
|
||||||
|
enum ssh_hmac_e type;
|
||||||
|
|
||||||
assert(len);
|
assert(len);
|
||||||
|
|
||||||
@ -107,6 +108,7 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) {
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type = session->current_crypto->out_hmac;
|
||||||
seq = ntohl(session->send_seq);
|
seq = ntohl(session->send_seq);
|
||||||
crypto = session->current_crypto->out_cipher;
|
crypto = session->current_crypto->out_cipher;
|
||||||
|
|
||||||
@ -117,7 +119,7 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (session->version == 2) {
|
if (session->version == 2) {
|
||||||
ctx = hmac_init(session->current_crypto->encryptMAC,20,SSH_HMAC_SHA1);
|
ctx = hmac_init(session->current_crypto->encryptMAC, hmac_digest_len(type), type);
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
SAFE_FREE(out);
|
SAFE_FREE(out);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -126,11 +128,11 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) {
|
|||||||
hmac_update(ctx,data,len);
|
hmac_update(ctx,data,len);
|
||||||
hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
|
hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
|
||||||
#ifdef DEBUG_CRYPTO
|
#ifdef DEBUG_CRYPTO
|
||||||
ssh_print_hexa("mac: ",data,len);
|
ssh_print_hexa("mac: ",data,hmac_digest_len(type));
|
||||||
if (finallen != 20) {
|
if (finallen != hmac_digest_len(type)) {
|
||||||
printf("Final len is %d\n",finallen);
|
printf("Final len is %d\n",finallen);
|
||||||
}
|
}
|
||||||
ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20);
|
ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, hmac_digest_len(type));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -160,13 +162,13 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) {
|
|||||||
* occurred.
|
* occurred.
|
||||||
*/
|
*/
|
||||||
int packet_hmac_verify(ssh_session session, ssh_buffer buffer,
|
int packet_hmac_verify(ssh_session session, ssh_buffer buffer,
|
||||||
unsigned char *mac) {
|
unsigned char *mac, enum ssh_hmac_e type) {
|
||||||
unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0};
|
unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
|
||||||
HMACCTX ctx;
|
HMACCTX ctx;
|
||||||
unsigned int len;
|
unsigned int len;
|
||||||
uint32_t seq;
|
uint32_t seq;
|
||||||
|
|
||||||
ctx = hmac_init(session->current_crypto->decryptMAC, 20, SSH_HMAC_SHA1);
|
ctx = hmac_init(session->current_crypto->decryptMAC, hmac_digest_len(type), type);
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -48,6 +48,23 @@
|
|||||||
#include "libssh/wrapper.h"
|
#include "libssh/wrapper.h"
|
||||||
#include "libssh/pki.h"
|
#include "libssh/pki.h"
|
||||||
|
|
||||||
|
size_t hmac_digest_len(enum ssh_hmac_e type) {
|
||||||
|
switch(type) {
|
||||||
|
case SSH_HMAC_SHA1:
|
||||||
|
return SHA_DIGEST_LEN;
|
||||||
|
case SSH_HMAC_SHA256:
|
||||||
|
return SHA256_DIGEST_LEN;
|
||||||
|
case SSH_HMAC_SHA384:
|
||||||
|
return SHA384_DIGEST_LEN;
|
||||||
|
case SSH_HMAC_SHA512:
|
||||||
|
return SHA512_DIGEST_LEN;
|
||||||
|
case SSH_HMAC_MD5:
|
||||||
|
return MD5_DIGEST_LEN;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* it allocates a new cipher structure based on its offset into the global table */
|
/* it allocates a new cipher structure based on its offset into the global table */
|
||||||
static struct ssh_cipher_struct *cipher_new(int offset) {
|
static struct ssh_cipher_struct *cipher_new(int offset) {
|
||||||
struct ssh_cipher_struct *cipher = NULL;
|
struct ssh_cipher_struct *cipher = NULL;
|
||||||
|
Загрузка…
Ссылка в новой задаче
Block a user