aboutsummaryrefslogtreecommitdiff
path: root/src/packet_crypt.c
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-11-22 15:57:37 +0100
committerAndreas Schneider <asn@cryptomilk.org>2019-01-09 10:14:56 +0100
commit8e0c047031d69bdf882f550886e3dd43afd8db05 (patch)
tree0ffd94b05abc4693c92efe60492fca690bd9dd32 /src/packet_crypt.c
parent8d9026666190eecc55548899461b83a4f6cf45ce (diff)
downloadlibssh-8e0c047031d69bdf882f550886e3dd43afd8db05.tar.gz
libssh-8e0c047031d69bdf882f550886e3dd43afd8db05.tar.xz
libssh-8e0c047031d69bdf882f550886e3dd43afd8db05.zip
packet: Introduce a new function to access crypto
And remove most of the direct access to the structure throughout the code Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/packet_crypt.c')
-rw-r--r--src/packet_crypt.c75
1 files changed, 45 insertions, 30 deletions
diff --git a/src/packet_crypt.c b/src/packet_crypt.c
index 508763ae..0f02b7f7 100644
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -52,14 +52,16 @@ uint32_t ssh_packet_decrypt_len(ssh_session session,
uint8_t *destination,
uint8_t *source)
{
+ struct ssh_crypto_struct *crypto = NULL;
uint32_t decrypted;
int rc;
- if (session->current_crypto != NULL) {
- if (session->current_crypto->in_cipher->aead_decrypt_length != NULL) {
- session->current_crypto->in_cipher->aead_decrypt_length(
- session->current_crypto->in_cipher, source, destination,
- session->current_crypto->in_cipher->lenfield_blocksize,
+ crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
+ if (crypto != NULL) {
+ if (crypto->in_cipher->aead_decrypt_length != NULL) {
+ crypto->in_cipher->aead_decrypt_length(
+ crypto->in_cipher, source, destination,
+ crypto->in_cipher->lenfield_blocksize,
session->recv_seq);
} else {
rc = ssh_packet_decrypt(
@@ -67,7 +69,7 @@ uint32_t ssh_packet_decrypt_len(ssh_session session,
destination,
source,
0,
- session->current_crypto->in_cipher->blocksize);
+ crypto->in_cipher->blocksize);
if (rc < 0) {
return 0;
}
@@ -92,13 +94,17 @@ int ssh_packet_decrypt(ssh_session session,
size_t start,
size_t encrypted_size)
{
- struct ssh_cipher_struct *crypto = session->current_crypto->in_cipher;
+ struct ssh_crypto_struct *crypto = NULL;
+ struct ssh_cipher_struct *cipher = NULL;
if (encrypted_size <= 0) {
return SSH_ERROR;
}
- if (encrypted_size % session->current_crypto->in_cipher->blocksize != 0) {
+ crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
+ cipher = crypto->in_cipher;
+
+ if (encrypted_size % cipher->blocksize != 0) {
ssh_set_error(session,
SSH_FATAL,
"Cryptographic functions must be used on multiple of "
@@ -107,34 +113,41 @@ int ssh_packet_decrypt(ssh_session session,
return SSH_ERROR;
}
- if (crypto->aead_decrypt != NULL) {
- return crypto->aead_decrypt(crypto,
+ if (cipher->aead_decrypt != NULL) {
+ return cipher->aead_decrypt(cipher,
source,
destination,
encrypted_size,
session->recv_seq);
} else {
- crypto->decrypt(crypto, source + start, destination, encrypted_size);
+ cipher->decrypt(cipher, source + start, destination, encrypted_size);
}
return 0;
}
-unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len) {
- struct ssh_cipher_struct *crypto = NULL;
+unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
+{
+ struct ssh_crypto_struct *crypto = NULL;
+ struct ssh_cipher_struct *cipher = NULL;
HMACCTX ctx = NULL;
char *out = NULL;
- unsigned int finallen;
- uint32_t seq;
+ unsigned int finallen, blocksize;
+ uint32_t seq, lenfield_blocksize;
enum ssh_hmac_e type;
assert(len);
- if (!session->current_crypto) {
- return NULL; /* nothing to do here */
+ crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT);
+ if (crypto == NULL) {
+ return NULL; /* nothing to do here */
}
- if((len - session->current_crypto->out_cipher->lenfield_blocksize) % session->current_crypto->out_cipher->blocksize != 0){
- ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set on at least one blocksize (received %d)",len);
+
+ blocksize = crypto->out_cipher->blocksize;
+ lenfield_blocksize = crypto->out_cipher->lenfield_blocksize;
+ if ((len - lenfield_blocksize) % blocksize != 0) {
+ ssh_set_error(session, SSH_FATAL, "Cryptographic functions must be set"
+ " on at least one blocksize (received %d)", len);
return NULL;
}
out = malloc(len);
@@ -142,37 +155,37 @@ unsigned char *ssh_packet_encrypt(ssh_session session, void *data, uint32_t len)
return NULL;
}
- type = session->current_crypto->out_hmac;
+ type = crypto->out_hmac;
seq = ntohl(session->send_seq);
- crypto = session->current_crypto->out_cipher;
+ cipher = crypto->out_cipher;
- if (crypto->aead_encrypt != NULL) {
- crypto->aead_encrypt(crypto, data, out, len,
- session->current_crypto->hmacbuf, session->send_seq);
+ if (cipher->aead_encrypt != NULL) {
+ cipher->aead_encrypt(cipher, data, out, len,
+ crypto->hmacbuf, session->send_seq);
} else {
- ctx = hmac_init(session->current_crypto->encryptMAC, hmac_digest_len(type), type);
+ ctx = hmac_init(crypto->encryptMAC, hmac_digest_len(type), type);
if (ctx == NULL) {
SAFE_FREE(out);
return NULL;
}
hmac_update(ctx,(unsigned char *)&seq,sizeof(uint32_t));
hmac_update(ctx,data,len);
- hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
+ hmac_final(ctx, crypto->hmacbuf, &finallen);
#ifdef DEBUG_CRYPTO
ssh_print_hexa("mac: ",data,hmac_digest_len(type));
if (finallen != hmac_digest_len(type)) {
printf("Final len is %d\n",finallen);
}
- ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, hmac_digest_len(type));
+ ssh_print_hexa("Packet hmac", crypto->hmacbuf, hmac_digest_len(type));
#endif
- crypto->encrypt(crypto, data, out, len);
+ cipher->encrypt(cipher, data, out, len);
}
memcpy(data, out, len);
explicit_bzero(out, len);
SAFE_FREE(out);
- return session->current_crypto->hmacbuf;
+ return crypto->hmacbuf;
}
/**
@@ -192,6 +205,7 @@ int ssh_packet_hmac_verify(ssh_session session,
uint8_t *mac,
enum ssh_hmac_e type)
{
+ struct ssh_crypto_struct *crypto = NULL;
unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
HMACCTX ctx;
unsigned int len;
@@ -203,7 +217,8 @@ int ssh_packet_hmac_verify(ssh_session session,
return SSH_OK;
}
- ctx = hmac_init(session->current_crypto->decryptMAC, hmac_digest_len(type), type);
+ crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
+ ctx = hmac_init(crypto->decryptMAC, hmac_digest_len(type), type);
if (ctx == NULL) {
return -1;
}