aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirkjan Bussink <d.bussink@gmail.com>2019-02-08 19:44:36 +0000
committerAndreas Schneider <asn@cryptomilk.org>2019-02-22 15:31:02 +0100
commite4c7912b3531d7c7f0d5b354b20f44392be29c28 (patch)
tree4d9cda04c118b346a107ab78dc98e505d9d733a5
parentc6608c921118268e233da03435d1d64f0e7449d7 (diff)
downloadlibssh-e4c7912b3531d7c7f0d5b354b20f44392be29c28.tar.gz
libssh-e4c7912b3531d7c7f0d5b354b20f44392be29c28.tar.xz
libssh-e4c7912b3531d7c7f0d5b354b20f44392be29c28.zip
Add flag for tracking EtM HMACs
This adds a flag to the type structures to track if we use a Encrypt-then-MAC cipher instead of Encrypt-and-MAC. EtM is a more secure hashing mechanism. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r--include/libssh/crypto.h2
-rw-r--r--include/libssh/wrapper.h5
-rw-r--r--src/session.c4
-rw-r--r--src/wrapper.c24
4 files changed, 23 insertions, 12 deletions
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index 4cd76ddb..2d2d4f7f 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -25,6 +25,7 @@
#ifndef _CRYPTO_H_
#define _CRYPTO_H_
+#include <stdbool.h>
#include "config.h"
#ifdef HAVE_LIBGCRYPT
@@ -133,6 +134,7 @@ struct ssh_crypto_struct {
unsigned char hmacbuf[DIGEST_MAX_LEN];
struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
+ bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */
ssh_key server_pubkey;
int do_compress_out; /* idem */
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 14d82903..e4a0bba1 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -21,6 +21,8 @@
#ifndef WRAPPER_H_
#define WRAPPER_H_
+#include <stdbool.h>
+
#include "config.h"
#include "libssh/libssh.h"
#include "libssh/libcrypto.h"
@@ -58,6 +60,7 @@ enum ssh_des_e {
struct ssh_hmac_struct {
const char* name;
enum ssh_hmac_e hmac_type;
+ bool etm;
};
enum ssh_crypto_direction_e {
@@ -119,6 +122,6 @@ void ssh_crypto_finalize(void);
void ssh_cipher_clear(struct ssh_cipher_struct *cipher);
struct ssh_hmac_struct *ssh_get_hmactab(void);
struct ssh_cipher_struct *ssh_get_ciphertab(void);
-const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type);
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm);
#endif /* WRAPPER_H_ */
diff --git a/src/session.c b/src/session.c
index 3b151bf7..d4600861 100644
--- a/src/session.c
+++ b/src/session.c
@@ -419,7 +419,7 @@ const char* ssh_get_cipher_out(ssh_session session) {
const char* ssh_get_hmac_in(ssh_session session) {
if ((session != NULL) &&
(session->current_crypto != NULL)) {
- return ssh_hmac_type_to_string(session->current_crypto->in_hmac);
+ return ssh_hmac_type_to_string(session->current_crypto->in_hmac, session->current_crypto->in_hmac_etm);
}
return NULL;
}
@@ -434,7 +434,7 @@ const char* ssh_get_hmac_in(ssh_session session) {
const char* ssh_get_hmac_out(ssh_session session) {
if ((session != NULL) &&
(session->current_crypto != NULL)) {
- return ssh_hmac_type_to_string(session->current_crypto->out_hmac);
+ return ssh_hmac_type_to_string(session->current_crypto->out_hmac, session->current_crypto->out_hmac_etm);
}
return NULL;
}
diff --git a/src/wrapper.c b/src/wrapper.c
index 6c4e6767..33f55840 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -56,13 +56,13 @@
#include "libssh/curve25519.h"
static struct ssh_hmac_struct ssh_hmac_tab[] = {
- { "hmac-sha1", SSH_HMAC_SHA1 },
- { "hmac-sha2-256", SSH_HMAC_SHA256 },
- { "hmac-sha2-512", SSH_HMAC_SHA512 },
- { "hmac-md5", SSH_HMAC_MD5 },
- { "aead-poly1305", SSH_HMAC_AEAD_POLY1305 },
- { "aead-gcm", SSH_HMAC_AEAD_GCM },
- { NULL, 0}
+ { "hmac-sha1", SSH_HMAC_SHA1, false },
+ { "hmac-sha2-256", SSH_HMAC_SHA256, false },
+ { "hmac-sha2-512", SSH_HMAC_SHA512, false },
+ { "hmac-md5", SSH_HMAC_MD5, false },
+ { "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false },
+ { "aead-gcm", SSH_HMAC_AEAD_GCM, false },
+ { NULL, 0, false }
};
struct ssh_hmac_struct *ssh_get_hmactab(void) {
@@ -88,11 +88,13 @@ size_t hmac_digest_len(enum ssh_hmac_e type) {
}
}
-const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type)
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm)
{
int i = 0;
struct ssh_hmac_struct *ssh_hmactab = ssh_get_hmactab();
- while (ssh_hmactab[i].name && (ssh_hmactab[i].hmac_type != hmac_type)) {
+ while (ssh_hmactab[i].name &&
+ ((ssh_hmactab[i].hmac_type != hmac_type) ||
+ (ssh_hmactab[i].etm != etm))) {
i++;
}
return ssh_hmactab[i].name;
@@ -293,6 +295,7 @@ static int crypt_set_algorithms2(ssh_session session)
SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", wanted);
session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
+ session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm;
/* in */
wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
@@ -346,6 +349,7 @@ static int crypt_set_algorithms2(ssh_session session)
SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", wanted);
session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
+ session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm;
/* compression */
cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib");
@@ -443,6 +447,7 @@ int crypt_set_algorithms_server(ssh_session session){
SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", method);
session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
+ session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm;
/* in */
method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
@@ -495,6 +500,7 @@ int crypt_set_algorithms_server(ssh_session session){
SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", method);
session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
+ session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm;
/* compression */
method = session->next_crypto->kex_methods[SSH_COMP_C_S];