aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorDirkjan Bussink <d.bussink@gmail.com>2019-02-08 19:44:36 +0000
committerAndreas Schneider <asn@cryptomilk.org>2019-02-22 15:31:02 +0100
commite4c7912b3531d7c7f0d5b354b20f44392be29c28 (patch)
tree4d9cda04c118b346a107ab78dc98e505d9d733a5 /include
parentc6608c921118268e233da03435d1d64f0e7449d7 (diff)
downloadlibssh-e4c7912b3531d7c7f0d5b354b20f44392be29c28.tar.gz
libssh-e4c7912b3531d7c7f0d5b354b20f44392be29c28.tar.xz
libssh-e4c7912b3531d7c7f0d5b354b20f44392be29c28.zip
Add flag for tracking EtM HMACs
This adds a flag to the type structures to track if we use a Encrypt-then-MAC cipher instead of Encrypt-and-MAC. EtM is a more secure hashing mechanism. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'include')
-rw-r--r--include/libssh/crypto.h2
-rw-r--r--include/libssh/wrapper.h5
2 files changed, 6 insertions, 1 deletions
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index 4cd76ddb..2d2d4f7f 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -25,6 +25,7 @@
#ifndef _CRYPTO_H_
#define _CRYPTO_H_
+#include <stdbool.h>
#include "config.h"
#ifdef HAVE_LIBGCRYPT
@@ -133,6 +134,7 @@ struct ssh_crypto_struct {
unsigned char hmacbuf[DIGEST_MAX_LEN];
struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
+ bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */
ssh_key server_pubkey;
int do_compress_out; /* idem */
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 14d82903..e4a0bba1 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -21,6 +21,8 @@
#ifndef WRAPPER_H_
#define WRAPPER_H_
+#include <stdbool.h>
+
#include "config.h"
#include "libssh/libssh.h"
#include "libssh/libcrypto.h"
@@ -58,6 +60,7 @@ enum ssh_des_e {
struct ssh_hmac_struct {
const char* name;
enum ssh_hmac_e hmac_type;
+ bool etm;
};
enum ssh_crypto_direction_e {
@@ -119,6 +122,6 @@ void ssh_crypto_finalize(void);
void ssh_cipher_clear(struct ssh_cipher_struct *cipher);
struct ssh_hmac_struct *ssh_get_hmactab(void);
struct ssh_cipher_struct *ssh_get_ciphertab(void);
-const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type);
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm);
#endif /* WRAPPER_H_ */