| version 1.196, 2014/05/03 17:20:34 |
version 1.197, 2014/06/24 01:13:21 |
|
|
| #include "canohost.h" |
#include "canohost.h" |
| #include "misc.h" |
#include "misc.h" |
| #include "ssh.h" |
#include "ssh.h" |
| |
#include "ssherr.h" |
| #include "roaming.h" |
#include "roaming.h" |
| |
|
| #ifdef PACKET_DEBUG |
#ifdef PACKET_DEBUG |
|
|
| packet_set_connection(int fd_in, int fd_out) |
packet_set_connection(int fd_in, int fd_out) |
| { |
{ |
| const Cipher *none = cipher_by_name("none"); |
const Cipher *none = cipher_by_name("none"); |
| |
int r; |
| |
|
| if (none == NULL) |
if (none == NULL) |
| fatal("packet_set_connection: cannot load cipher 'none'"); |
fatal("packet_set_connection: cannot load cipher 'none'"); |
|
|
| active_state = alloc_session_state(); |
active_state = alloc_session_state(); |
| active_state->connection_in = fd_in; |
active_state->connection_in = fd_in; |
| active_state->connection_out = fd_out; |
active_state->connection_out = fd_out; |
| cipher_init(&active_state->send_context, none, (const u_char *)"", |
if ((r = cipher_init(&active_state->send_context, none, |
| 0, NULL, 0, CIPHER_ENCRYPT); |
(const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 || |
| cipher_init(&active_state->receive_context, none, (const u_char *)"", |
(r = cipher_init(&active_state->receive_context, none, |
| 0, NULL, 0, CIPHER_DECRYPT); |
(const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) |
| |
fatal("%s: cipher_init: %s", __func__, ssh_err(r)); |
| active_state->newkeys[MODE_IN] = active_state->newkeys[MODE_OUT] = NULL; |
active_state->newkeys[MODE_IN] = active_state->newkeys[MODE_OUT] = NULL; |
| if (!active_state->initialized) { |
if (!active_state->initialized) { |
| active_state->initialized = 1; |
active_state->initialized = 1; |
|
|
| packet_get_keyiv(int mode, u_char *iv, u_int len) |
packet_get_keyiv(int mode, u_char *iv, u_int len) |
| { |
{ |
| CipherContext *cc; |
CipherContext *cc; |
| |
int r; |
| |
|
| if (mode == MODE_OUT) |
if (mode == MODE_OUT) |
| cc = &active_state->send_context; |
cc = &active_state->send_context; |
| else |
else |
| cc = &active_state->receive_context; |
cc = &active_state->receive_context; |
| |
|
| cipher_get_keyiv(cc, iv, len); |
if ((r = cipher_get_keyiv(cc, iv, len)) != 0) |
| |
fatal("%s: cipher_get_keyiv: %s", __func__, ssh_err(r)); |
| } |
} |
| |
|
| int |
int |
|
|
| packet_set_iv(int mode, u_char *dat) |
packet_set_iv(int mode, u_char *dat) |
| { |
{ |
| CipherContext *cc; |
CipherContext *cc; |
| |
int r; |
| |
|
| if (mode == MODE_OUT) |
if (mode == MODE_OUT) |
| cc = &active_state->send_context; |
cc = &active_state->send_context; |
| else |
else |
| cc = &active_state->receive_context; |
cc = &active_state->receive_context; |
| |
|
| cipher_set_keyiv(cc, dat); |
if ((r = cipher_set_keyiv(cc, dat)) != 0) |
| |
fatal("%s: cipher_set_keyiv: %s", __func__, ssh_err(r)); |
| } |
} |
| |
|
| int |
int |
|
|
| packet_set_encryption_key(const u_char *key, u_int keylen, int number) |
packet_set_encryption_key(const u_char *key, u_int keylen, int number) |
| { |
{ |
| const Cipher *cipher = cipher_by_number(number); |
const Cipher *cipher = cipher_by_number(number); |
| |
int r; |
| |
|
| if (cipher == NULL) |
if (cipher == NULL) |
| fatal("packet_set_encryption_key: unknown cipher number %d", number); |
fatal("packet_set_encryption_key: unknown cipher number %d", number); |
|
|
| fatal("packet_set_encryption_key: keylen too big: %d", keylen); |
fatal("packet_set_encryption_key: keylen too big: %d", keylen); |
| memcpy(active_state->ssh1_key, key, keylen); |
memcpy(active_state->ssh1_key, key, keylen); |
| active_state->ssh1_keylen = keylen; |
active_state->ssh1_keylen = keylen; |
| cipher_init(&active_state->send_context, cipher, key, keylen, NULL, |
if ((r = cipher_init(&active_state->send_context, cipher, |
| 0, CIPHER_ENCRYPT); |
key, keylen, NULL, 0, CIPHER_ENCRYPT)) != 0 || |
| cipher_init(&active_state->receive_context, cipher, key, keylen, NULL, |
(r = cipher_init(&active_state->receive_context, cipher, |
| 0, CIPHER_DECRYPT); |
key, keylen, NULL, 0, CIPHER_DECRYPT)) != 0) |
| |
fatal("%s: cipher_init: %s", __func__, ssh_err(r)); |
| } |
} |
| |
|
| u_int |
u_int |
|
|
| Comp *comp; |
Comp *comp; |
| CipherContext *cc; |
CipherContext *cc; |
| u_int64_t *max_blocks; |
u_int64_t *max_blocks; |
| int crypt_type; |
int r, crypt_type; |
| |
|
| debug2("set_newkeys: mode %d", mode); |
debug2("set_newkeys: mode %d", mode); |
| |
|
|
|
| if (cipher_authlen(enc->cipher) == 0 && mac_init(mac) == 0) |
if (cipher_authlen(enc->cipher) == 0 && mac_init(mac) == 0) |
| mac->enabled = 1; |
mac->enabled = 1; |
| DBG(debug("cipher_init_context: %d", mode)); |
DBG(debug("cipher_init_context: %d", mode)); |
| cipher_init(cc, enc->cipher, enc->key, enc->key_len, |
if ((r = cipher_init(cc, enc->cipher, enc->key, enc->key_len, |
| enc->iv, enc->iv_len, crypt_type); |
enc->iv, enc->iv_len, crypt_type)) != 0) |
| |
fatal("%s: cipher_init: %s", __func__, ssh_err(r)); |
| /* Deleting the keys does not gain extra security */ |
/* Deleting the keys does not gain extra security */ |
| /* explicit_bzero(enc->iv, enc->block_size); |
/* explicit_bzero(enc->iv, enc->block_size); |
| explicit_bzero(enc->key, enc->key_len); |
explicit_bzero(enc->key, enc->key_len); |
![[BACK]](/icons/back.gif){kind=icon}
Return to packet.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh