version 1.199, 2014/10/24 02:01:20 |
version 1.200, 2015/01/13 19:31:40 |
|
|
#include "cipher.h" |
#include "cipher.h" |
#include "key.h" |
#include "key.h" |
#include "kex.h" |
#include "kex.h" |
|
#include "digest.h" |
#include "mac.h" |
#include "mac.h" |
#include "log.h" |
#include "log.h" |
#include "canohost.h" |
#include "canohost.h" |
|
|
(void) mac_compute(active_state->packet_discard_mac, |
(void) mac_compute(active_state->packet_discard_mac, |
active_state->p_read.seqnr, |
active_state->p_read.seqnr, |
buffer_ptr(&active_state->incoming_packet), |
buffer_ptr(&active_state->incoming_packet), |
PACKET_MAX_SIZE); |
PACKET_MAX_SIZE, NULL, 0); |
} |
} |
logit("Finished discarding for %.200s", get_remote_ipaddr()); |
logit("Finished discarding for %.200s", get_remote_ipaddr()); |
cleanup_exit(255); |
cleanup_exit(255); |
|
|
static void |
static void |
packet_send2_wrapped(void) |
packet_send2_wrapped(void) |
{ |
{ |
u_char type, *cp, *macbuf = NULL; |
u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
u_char padlen, pad = 0; |
u_char padlen, pad = 0; |
u_int i, len, authlen = 0, aadlen = 0; |
u_int i, len, authlen = 0, aadlen = 0; |
u_int32_t rnd = 0; |
u_int32_t rnd = 0; |
|
|
Mac *mac = NULL; |
Mac *mac = NULL; |
Comp *comp = NULL; |
Comp *comp = NULL; |
int block_size; |
int block_size; |
|
int r; |
|
|
if (active_state->newkeys[MODE_OUT] != NULL) { |
if (active_state->newkeys[MODE_OUT] != NULL) { |
enc = &active_state->newkeys[MODE_OUT]->enc; |
enc = &active_state->newkeys[MODE_OUT]->enc; |
|
|
|
|
/* compute MAC over seqnr and packet(length fields, payload, padding) */ |
/* compute MAC over seqnr and packet(length fields, payload, padding) */ |
if (mac && mac->enabled && !mac->etm) { |
if (mac && mac->enabled && !mac->etm) { |
macbuf = mac_compute(mac, active_state->p_send.seqnr, |
if ((r = mac_compute(mac, active_state->p_send.seqnr, |
buffer_ptr(&active_state->outgoing_packet), len); |
buffer_ptr(&active_state->outgoing_packet), len, |
|
macbuf, sizeof(macbuf))) != 0) |
|
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); |
DBG(debug("done calc MAC out #%d", active_state->p_send.seqnr)); |
} |
} |
/* encrypt packet and append to output buffer. */ |
/* encrypt packet and append to output buffer. */ |
|
|
if (mac && mac->enabled) { |
if (mac && mac->enabled) { |
if (mac->etm) { |
if (mac->etm) { |
/* EtM: compute mac over aadlen + cipher text */ |
/* EtM: compute mac over aadlen + cipher text */ |
macbuf = mac_compute(mac, |
if ((r = mac_compute(mac, |
active_state->p_send.seqnr, cp, len); |
active_state->p_send.seqnr, cp, len, |
|
macbuf, sizeof(macbuf))) != 0) |
|
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
DBG(debug("done calc MAC(EtM) out #%d", |
DBG(debug("done calc MAC(EtM) out #%d", |
active_state->p_send.seqnr)); |
active_state->p_send.seqnr)); |
} |
} |
|
|
packet_read_poll2(u_int32_t *seqnr_p) |
packet_read_poll2(u_int32_t *seqnr_p) |
{ |
{ |
u_int padlen, need; |
u_int padlen, need; |
u_char *macbuf = NULL, *cp, type; |
u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; |
u_int maclen, authlen = 0, aadlen = 0, block_size; |
u_int maclen, authlen = 0, aadlen = 0, block_size; |
|
int r; |
Enc *enc = NULL; |
Enc *enc = NULL; |
Mac *mac = NULL; |
Mac *mac = NULL; |
Comp *comp = NULL; |
Comp *comp = NULL; |
|
|
#endif |
#endif |
/* EtM: compute mac over encrypted input */ |
/* EtM: compute mac over encrypted input */ |
if (mac && mac->enabled && mac->etm) |
if (mac && mac->enabled && mac->etm) |
macbuf = mac_compute(mac, active_state->p_read.seqnr, |
if ((r = mac_compute(mac, active_state->p_read.seqnr, |
buffer_ptr(&active_state->input), aadlen + need); |
buffer_ptr(&active_state->input), aadlen + need, |
|
macbuf, sizeof(macbuf))) != 0) |
|
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
if (cipher_crypt(&active_state->receive_context, |
if (cipher_crypt(&active_state->receive_context, |
active_state->p_read.seqnr, cp, |
active_state->p_read.seqnr, cp, |
|
|
*/ |
*/ |
if (mac && mac->enabled) { |
if (mac && mac->enabled) { |
if (!mac->etm) |
if (!mac->etm) |
macbuf = mac_compute(mac, active_state->p_read.seqnr, |
if ((r = mac_compute(mac, active_state->p_read.seqnr, |
buffer_ptr(&active_state->incoming_packet), |
buffer_ptr(&active_state->incoming_packet), |
buffer_len(&active_state->incoming_packet)); |
buffer_len(&active_state->incoming_packet), |
|
macbuf, sizeof(macbuf))) != 0) |
|
fatal("%s: mac_compute: %s", __func__, ssh_err(r)); |
if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), |
if (timingsafe_bcmp(macbuf, buffer_ptr(&active_state->input), |
mac->mac_len) != 0) { |
mac->mac_len) != 0) { |
logit("Corrupted MAC on input."); |
logit("Corrupted MAC on input."); |