diff options
author | Dirkjan Bussink <d.bussink@gmail.com> | 2019-02-12 08:56:37 +0000 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-02-22 15:31:08 +0100 |
commit | 4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8 (patch) | |
tree | cbeb0046ce2f7361f636a6217533ac5636a3caa1 /src/wrapper.c | |
parent | e4c7912b3531d7c7f0d5b354b20f44392be29c28 (diff) | |
download | libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.tar.gz libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.tar.xz libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.zip |
Add tests and implementation for Encrypt-then-MAC mode
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/wrapper.c')
-rw-r--r-- | src/wrapper.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/wrapper.c b/src/wrapper.c index 33f55840..e13b4c27 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -56,13 +56,17 @@ #include "libssh/curve25519.h" static struct ssh_hmac_struct ssh_hmac_tab[] = { - { "hmac-sha1", SSH_HMAC_SHA1, false }, - { "hmac-sha2-256", SSH_HMAC_SHA256, false }, - { "hmac-sha2-512", SSH_HMAC_SHA512, false }, - { "hmac-md5", SSH_HMAC_MD5, false }, - { "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false }, - { "aead-gcm", SSH_HMAC_AEAD_GCM, false }, - { NULL, 0, false } + { "hmac-sha1", SSH_HMAC_SHA1, false }, + { "hmac-sha2-256", SSH_HMAC_SHA256, false }, + { "hmac-sha2-512", SSH_HMAC_SHA512, false }, + { "hmac-md5", SSH_HMAC_MD5, false }, + { "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false }, + { "aead-gcm", SSH_HMAC_AEAD_GCM, false }, + { "hmac-sha1-etm@openssh.com", SSH_HMAC_SHA1, true }, + { "hmac-sha2-256-etm@openssh.com", SSH_HMAC_SHA256, true }, + { "hmac-sha2-512-etm@openssh.com", SSH_HMAC_SHA512, true }, + { "hmac-md5-etm@openssh.com", SSH_HMAC_MD5, true }, + { NULL, 0, false } }; struct ssh_hmac_struct *ssh_get_hmactab(void) { |