From e4c7912b3531d7c7f0d5b354b20f44392be29c28 Mon Sep 17 00:00:00 2001 From: Dirkjan Bussink Date: Fri, 8 Feb 2019 19:44:36 +0000 Subject: [PATCH] Add flag for tracking EtM HMACs This adds a flag to the type structures to track if we use a Encrypt-then-MAC cipher instead of Encrypt-and-MAC. EtM is a more secure hashing mechanism. Signed-off-by: Dirkjan Bussink Reviewed-by: Jon Simons Reviewed-by: Jakub Jelen --- include/libssh/crypto.h | 2 ++ include/libssh/wrapper.h | 5 ++++- src/session.c | 4 ++-- src/wrapper.c | 24 +++++++++++++++--------- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h index 4cd76ddb..2d2d4f7f 100644 --- a/include/libssh/crypto.h +++ b/include/libssh/crypto.h @@ -25,6 +25,7 @@ #ifndef _CRYPTO_H_ #define _CRYPTO_H_ +#include #include "config.h" #ifdef HAVE_LIBGCRYPT @@ -133,6 +134,7 @@ struct ssh_crypto_struct { unsigned char hmacbuf[DIGEST_MAX_LEN]; struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */ enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */ + bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */ ssh_key server_pubkey; int do_compress_out; /* idem */ diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h index 14d82903..e4a0bba1 100644 --- a/include/libssh/wrapper.h +++ b/include/libssh/wrapper.h @@ -21,6 +21,8 @@ #ifndef WRAPPER_H_ #define WRAPPER_H_ +#include + #include "config.h" #include "libssh/libssh.h" #include "libssh/libcrypto.h" @@ -58,6 +60,7 @@ enum ssh_des_e { struct ssh_hmac_struct { const char* name; enum ssh_hmac_e hmac_type; + bool etm; }; enum ssh_crypto_direction_e { @@ -119,6 +122,6 @@ void ssh_crypto_finalize(void); void ssh_cipher_clear(struct ssh_cipher_struct *cipher); struct ssh_hmac_struct *ssh_get_hmactab(void); struct ssh_cipher_struct *ssh_get_ciphertab(void); -const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type); +const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm); #endif /* WRAPPER_H_ */ diff --git a/src/session.c b/src/session.c index 3b151bf7..d4600861 100644 --- a/src/session.c +++ b/src/session.c @@ -419,7 +419,7 @@ const char* ssh_get_cipher_out(ssh_session session) { const char* ssh_get_hmac_in(ssh_session session) { if ((session != NULL) && (session->current_crypto != NULL)) { - return ssh_hmac_type_to_string(session->current_crypto->in_hmac); + return ssh_hmac_type_to_string(session->current_crypto->in_hmac, session->current_crypto->in_hmac_etm); } return NULL; } @@ -434,7 +434,7 @@ const char* ssh_get_hmac_in(ssh_session session) { const char* ssh_get_hmac_out(ssh_session session) { if ((session != NULL) && (session->current_crypto != NULL)) { - return ssh_hmac_type_to_string(session->current_crypto->out_hmac); + return ssh_hmac_type_to_string(session->current_crypto->out_hmac, session->current_crypto->out_hmac_etm); } return NULL; } diff --git a/src/wrapper.c b/src/wrapper.c index 6c4e6767..33f55840 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -56,13 +56,13 @@ #include "libssh/curve25519.h" static struct ssh_hmac_struct ssh_hmac_tab[] = { - { "hmac-sha1", SSH_HMAC_SHA1 }, - { "hmac-sha2-256", SSH_HMAC_SHA256 }, - { "hmac-sha2-512", SSH_HMAC_SHA512 }, - { "hmac-md5", SSH_HMAC_MD5 }, - { "aead-poly1305", SSH_HMAC_AEAD_POLY1305 }, - { "aead-gcm", SSH_HMAC_AEAD_GCM }, - { NULL, 0} + { "hmac-sha1", SSH_HMAC_SHA1, false }, + { "hmac-sha2-256", SSH_HMAC_SHA256, false }, + { "hmac-sha2-512", SSH_HMAC_SHA512, false }, + { "hmac-md5", SSH_HMAC_MD5, false }, + { "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false }, + { "aead-gcm", SSH_HMAC_AEAD_GCM, false }, + { NULL, 0, false } }; struct ssh_hmac_struct *ssh_get_hmactab(void) { @@ -88,11 +88,13 @@ size_t hmac_digest_len(enum ssh_hmac_e type) { } } -const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type) +const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm) { int i = 0; struct ssh_hmac_struct *ssh_hmactab = ssh_get_hmactab(); - while (ssh_hmactab[i].name && (ssh_hmactab[i].hmac_type != hmac_type)) { + while (ssh_hmactab[i].name && + ((ssh_hmactab[i].hmac_type != hmac_type) || + (ssh_hmactab[i].etm != etm))) { i++; } return ssh_hmactab[i].name; @@ -293,6 +295,7 @@ static int crypt_set_algorithms2(ssh_session session) SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", wanted); session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type; + session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm; /* in */ wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C]; @@ -346,6 +349,7 @@ static int crypt_set_algorithms2(ssh_session session) SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", wanted); session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type; + session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm; /* compression */ cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib"); @@ -443,6 +447,7 @@ int crypt_set_algorithms_server(ssh_session session){ SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", method); session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type; + session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm; /* in */ method = session->next_crypto->kex_methods[SSH_CRYPT_C_S]; @@ -495,6 +500,7 @@ int crypt_set_algorithms_server(ssh_session session){ SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", method); session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type; + session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm; /* compression */ method = session->next_crypto->kex_methods[SSH_COMP_C_S];