version 1.19, 2000/02/22 15:19:29 |
version 1.20, 2000/03/22 09:55:10 |
|
|
} |
} |
} |
} |
|
|
void (*cipher_attack_detected) (const char *fmt,...) = fatal; |
|
|
|
static inline void |
|
detect_cbc_attack(const unsigned char *src, |
|
unsigned int len) |
|
{ |
|
return; |
|
|
|
log("CRC-32 CBC insertion attack detected"); |
|
cipher_attack_detected("CRC-32 CBC insertion attack detected"); |
|
} |
|
|
|
/* |
/* |
* Names of all encryption algorithms. |
* Names of all encryption algorithms. |
* These must match the numbers defined in cipher.h. |
* These must match the numbers defined in cipher.h. |
|
|
break; |
break; |
|
|
case SSH_CIPHER_3DES: |
case SSH_CIPHER_3DES: |
/* CRC-32 attack? */ |
|
SSH_3CBC_DECRYPT(context->u.des3.key1, |
SSH_3CBC_DECRYPT(context->u.des3.key1, |
context->u.des3.key2, &context->u.des3.iv2, |
context->u.des3.key2, &context->u.des3.iv2, |
context->u.des3.key3, &context->u.des3.iv3, |
context->u.des3.key3, &context->u.des3.iv3, |
|
|
break; |
break; |
|
|
case SSH_CIPHER_BLOWFISH: |
case SSH_CIPHER_BLOWFISH: |
detect_cbc_attack(src, len); |
|
swap_bytes(src, dest, len); |
swap_bytes(src, dest, len); |
BF_cbc_encrypt((void *) dest, dest, len, |
BF_cbc_encrypt((void *) dest, dest, len, |
&context->u.bf.key, context->u.bf.iv, |
&context->u.bf.key, context->u.bf.iv, |