| version 1.199, 2014/10/24 02:01:20 |
version 1.200, 2015/01/13 19:31:40 |
|
|
| #include "cipher.h" |
#include "cipher.h" |
| #include "key.h" |
#include "key.h" |
| #include "kex.h" |
#include "kex.h" |
| |
#include "digest.h" |
| #include "mac.h" |
#include "mac.h" |
| #include "log.h" |
#include "log.h" |
| #include "canohost.h" |
#include "canohost.h" |
|
|
| (void) mac_compute(active_state->packet_discard_mac, |
(void) mac_compute(active_state->packet_discard_mac, |
| active_state->p_read.seqnr, |
active_state->p_read.seqnr, |
| buffer_ptr(&active_state->incoming_packet), |
buffer_ptr(&active_state->incoming_packet), |
| PACKET_MAX_SIZE); |
PACKET_MAX_SIZE, NULL, 0); |
| } |
} |
| logit("Finished discarding for %.200s", get_remote_ipaddr()); |
logit("Finished discarding for %.200s", get_remote_ipaddr()); |
| cleanup_exit(255); |
cleanup_exit(255); |
|
|
| static void |
static void |
| packet_send2_wrapped(void) |
packet_send2_wrapped(void) |
| { |
{ |
| u_char type, *cp, *macbuf = NULL; |
u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
| u_char padlen, pad = 0; |
u_char padlen, pad = 0; |
| u_int i, len, authlen = 0, aadlen = 0; |
u_int i, len, authlen = 0, aadlen = 0; |
| u_int32_t rnd = 0; |
u_int32_t rnd = 0; |
|
|
| Mac *mac = NULL; |
Mac *mac = NULL; |
| Comp *comp = NULL; |
Comp *comp = NULL; |
| int block_size; |
int block_size; |
| |
int r; |
| |
|
| if (active_state->newkeys[MODE_OUT] != NULL) { |
if (active_state->newkeys[MODE_OUT] != NULL) { |
| enc = &active_state->newkeys[MODE_OUT]->enc; |
enc = &active_state->newkeys[MODE_OUT]->enc; |
|
|
| |
|
| /* compute MAC over seqnr and packet(length fields, payload, padding) */ |
/* compute MAC over seqnr and packet(length fields, payload, padding) */ |
| if (mac && mac->enabled && !mac->etm) { |
if (mac && mac->enabled && !mac->etm) { |
| macbuf = mac_compute(mac, active_state->p_send.seqnr, |
if ((r = mac_compute(mac, active_state->p_send.seqnr, |
| buffer_ptr(&active_state->outgoing_packet), len); |
buffer_ptr(&active_state->outgoing_packet), len, |
| |
macbuf, sizeof(macbuf))) != 0) |
| |
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
| DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); |
DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); |
| } |
} |
| /* encrypt packet and append to output buffer. */ |
/* encrypt packet and append to output buffer. */ |
|
|
| if (mac && mac->enabled) { |
if (mac && mac->enabled) { |
| if (mac->etm) { |
if (mac->etm) { |
| /* EtM: compute mac over aadlen + cipher text */ |
/* EtM: compute mac over aadlen + cipher text */ |
| macbuf = mac_compute(mac, |
if ((r = mac_compute(mac, |
| active_state->p_send.seqnr, cp, len); |
active_state->p_send.seqnr, cp, len, |
| |
macbuf, sizeof(macbuf))) != 0) |
| |
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
| DBG(debug("done calc MAC(EtM) out #%d", |
DBG(debug("done calc MAC(EtM) out #%d", |
| active_state->p_send.seqnr)); |
active_state->p_send.seqnr)); |
| } |
} |
|
|
| packet_read_poll2(u_int32_t *seqnr_p) |
packet_read_poll2(u_int32_t *seqnr_p) |
| { |
{ |
| u_int padlen, need; |
u_int padlen, need; |
| u_char *macbuf = NULL, *cp, type; |
u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
| u_int maclen, authlen = 0, aadlen = 0, block_size; |
u_int maclen, authlen = 0, aadlen = 0, block_size; |
| |
int r; |
| Enc *enc = NULL; |
Enc *enc = NULL; |
| Mac *mac = NULL; |
Mac *mac = NULL; |
| Comp *comp = NULL; |
Comp *comp = NULL; |
|
|
| #endif |
#endif |
| /* EtM: compute mac over encrypted input */ |
/* EtM: compute mac over encrypted input */ |
| if (mac && mac->enabled && mac->etm) |
if (mac && mac->enabled && mac->etm) |
| macbuf = mac_compute(mac, active_state->p_read.seqnr, |
if ((r = mac_compute(mac, active_state->p_read.seqnr, |
| buffer_ptr(&active_state->input), aadlen + need); |
buffer_ptr(&active_state->input), aadlen + need, |
| |
macbuf, sizeof(macbuf))) != 0) |
| |
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
| cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
| if (cipher_crypt(&active_state->receive_context, |
if (cipher_crypt(&active_state->receive_context, |
| active_state->p_read.seqnr, cp, |
active_state->p_read.seqnr, cp, |
|
|
| */ |
*/ |
| if (mac && mac->enabled) { |
if (mac && mac->enabled) { |
| if (!mac->etm) |
if (!mac->etm) |
| macbuf = mac_compute(mac, active_state->p_read.seqnr, |
if ((r = mac_compute(mac, active_state->p_read.seqnr, |
| buffer_ptr(&active_state->incoming_packet), |
buffer_ptr(&active_state->incoming_packet), |
| buffer_len(&active_state->incoming_packet)); |
buffer_len(&active_state->incoming_packet), |
| |
macbuf, sizeof(macbuf))) != 0) |
| |
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
| if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), |
if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), |
| mac->mac_len) != 0) { |
mac->mac_len) != 0) { |
| logit("Corrupted MAC on input."); |
logit("Corrupted MAC on input."); |
![[BACK]](/icons/back.gif){kind=icon}
Return to packet.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh