diff options
author | Jakub Jelen <jjelen@redhat.com> | 2018-11-22 15:57:37 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-01-09 10:14:56 +0100 |
commit | 8e0c047031d69bdf882f550886e3dd43afd8db05 (patch) | |
tree | 0ffd94b05abc4693c92efe60492fca690bd9dd32 /src/packet_crypt.c | |
parent | 8d9026666190eecc55548899461b83a4f6cf45ce (diff) | |
download | libssh-8e0c047031d69bdf882f550886e3dd43afd8db05.tar.gz libssh-8e0c047031d69bdf882f550886e3dd43afd8db05.tar.xz libssh-8e0c047031d69bdf882f550886e3dd43afd8db05.zip |
packet: Introduce a new function to access crypto
And remove most of the direct access to the structure throughout the code
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/packet_crypt.c')
-rw-r--r-- | src/packet_crypt.c | 75 |
1 files changed, 45 insertions, 30 deletions
diff --git a/src/packet_crypt.c b/src/packet_crypt.c index 508763ae..0f02b7f7 100644 --- a/src/packet_crypt.c +++ b/src/packet_crypt.c @@ -52,14 +52,16 @@ uint32_t ssh_packet_decrypt_len(ssh_session session, uint8_t *destination, uint8_t *source) { + struct ssh_crypto_struct *crypto = NULL; uint32_t decrypted; int rc; - if (session->current_crypto != NULL) { - if (session->current_crypto->in_cipher->aead_decrypt_length != NULL) { - session->current_crypto->in_cipher->aead_decrypt_length( - session->current_crypto->in_cipher, source, destination, - session->current_crypto->in_cipher->lenfield_blocksize, + crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN); + if (crypto != NULL) { + if (crypto->in_cipher->aead_decrypt_length != NULL) { + crypto->in_cipher->aead_decrypt_length( + crypto->in_cipher, source, destination, + crypto->in_cipher->lenfield_blocksize, session->recv_seq); } else { rc = ssh_packet_decrypt( @@ -67,7 +69,7 @@ uint32_t ssh_packet_decrypt_len(ssh_session session, destination, source, 0, - session->current_crypto->in_cipher->blocksize); + crypto->in_cipher->blocksize); if (rc < 0) { return 0; } @@ -92,13 +94,17 @@ int ssh_packet_decrypt(ssh_session session, size_t start, size_t encrypted_size) { - struct ssh_cipher_struct *crypto = session->current_crypto->in_cipher; + struct ssh_crypto_struct *crypto = NULL; + struct ssh_cipher_struct *cipher = NULL; if (encrypted_size <= 0) { return SSH_ERROR; } - if (encrypted_size % session->current_crypto->in_cipher->blocksize != 0) { + crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN); + cipher = crypto->in_cipher; + + if (encrypted_size % cipher->blocksize != 0) { ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be used on multiple of " @@ -107,34 +113,41 @@ int ssh_packet_decrypt(ssh_session session, return SSH_ERROR; } - if (crypto->aead_decrypt != NULL) { - return crypto->aead_decrypt(crypto, + if (cipher->aead_decrypt != NULL) { + return cipher->aead_decrypt(cipher, source, destination, encrypted_size, session->recv_seq); } else { - crypto->decrypt(crypto, source + start, destination, encrypted_size); + cipher->decrypt(cipher, source + start, destination, encrypted_size); } return 0; } -unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len) { - struct ssh_cipher_struct *crypto = NULL; +unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len) +{ + struct ssh_crypto_struct *crypto = NULL; + struct ssh_cipher_struct *cipher = NULL; HMACCTX ctx = NULL; char *out = NULL; - unsigned int finallen; - uint32_t seq; + unsigned int finallen, blocksize; + uint32_t seq, lenfield_blocksize; enum ssh_hmac_e type; assert(len); - if (!session->current_crypto) { - return NULL; /* nothing to do here */ + crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT); + if (crypto == NULL) { + return NULL; /* nothing to do here */ } - if((len - session->current_crypto->out_cipher->lenfield_blocksize) % session->current_crypto->out_cipher->blocksize != 0){ - ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set on at least one blocksize (received %d)",len); + + blocksize = crypto->out_cipher->blocksize; + lenfield_blocksize = crypto->out_cipher->lenfield_blocksize; + if ((len - lenfield_blocksize) % blocksize != 0) { + ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set" + " on at least one blocksize (received %d)", len); return NULL; } out = malloc(len); @@ -142,37 +155,37 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len) return NULL; } - type = session->current_crypto->out_hmac; + type = crypto->out_hmac; seq = ntohl(session->send_seq); - crypto = session->current_crypto->out_cipher; + cipher = crypto->out_cipher; - if (crypto->aead_encrypt != NULL) { - crypto->aead_encrypt(crypto, data, out, len, - session->current_crypto->hmacbuf, session->send_seq); + if (cipher->aead_encrypt != NULL) { + cipher->aead_encrypt(cipher, data, out, len, + crypto->hmacbuf, session->send_seq); } else { - ctx = hmac_init(session->current_crypto->encryptMAC, hmac_digest_len(type), type); + ctx = hmac_init(crypto->encryptMAC, hmac_digest_len(type), type); if (ctx == NULL) { SAFE_FREE(out); return NULL; } hmac_update(ctx,(unsigned char *)&seq,sizeof(uint32_t)); hmac_update(ctx,data,len); - hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); + hmac_final(ctx, crypto->hmacbuf, &finallen); #ifdef DEBUG_CRYPTO ssh_print_hexa("mac: ",data,hmac_digest_len(type)); if (finallen != hmac_digest_len(type)) { printf("Final len is %d\n",finallen); } - ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, hmac_digest_len(type)); + ssh_print_hexa("Packet hmac", crypto->hmacbuf, hmac_digest_len(type)); #endif - crypto->encrypt(crypto, data, out, len); + cipher->encrypt(cipher, data, out, len); } memcpy(data, out, len); explicit_bzero(out, len); SAFE_FREE(out); - return session->current_crypto->hmacbuf; + return crypto->hmacbuf; } /** @@ -192,6 +205,7 @@ int ssh_packet_hmac_verify(ssh_session session, uint8_t *mac, enum ssh_hmac_e type) { + struct ssh_crypto_struct *crypto = NULL; unsigned char hmacbuf[DIGEST_MAX_LEN] = {0}; HMACCTX ctx; unsigned int len; @@ -203,7 +217,8 @@ int ssh_packet_hmac_verify(ssh_session session, return SSH_OK; } - ctx = hmac_init(session->current_crypto->decryptMAC, hmac_digest_len(type), type); + crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN); + ctx = hmac_init(crypto->decryptMAC, hmac_digest_len(type), type); if (ctx == NULL) { return -1; } |