Add flag for tracking EtM HMACs

This adds a flag to the type structures to track if we use a
Encrypt-then-MAC cipher instead of Encrypt-and-MAC. EtM is a more secure
hashing mechanism.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index 4cd76ddb..2d2d4f7f 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -25,6 +25,7 @@
 #ifndef _CRYPTO_H_
 #define _CRYPTO_H_
 
+#include <stdbool.h>
 #include "config.h"
 
 #ifdef HAVE_LIBGCRYPT
@@ -133,6 +134,7 @@ struct ssh_crypto_struct {
     unsigned char hmacbuf[DIGEST_MAX_LEN];
     struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
     enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
+    bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */
 
     ssh_key server_pubkey;
     int do_compress_out; /* idem */
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 14d82903..e4a0bba1 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -21,6 +21,8 @@
 #ifndef WRAPPER_H_
 #define WRAPPER_H_
 
+#include <stdbool.h>
+
 #include "config.h"
 #include "libssh/libssh.h"
 #include "libssh/libcrypto.h"
@@ -58,6 +60,7 @@ enum ssh_des_e {
 struct ssh_hmac_struct {
   const char* name;
   enum ssh_hmac_e hmac_type;
+  bool etm;
 };
 
 enum ssh_crypto_direction_e {
@@ -119,6 +122,6 @@ void ssh_crypto_finalize(void);
 void ssh_cipher_clear(struct ssh_cipher_struct *cipher);
 struct ssh_hmac_struct *ssh_get_hmactab(void);
 struct ssh_cipher_struct *ssh_get_ciphertab(void);
-const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type);
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm);
 
 #endif /* WRAPPER_H_ */