aboutsummaryrefslogtreecommitdiff
path: root/src/wrapper.c
diff options
context:
space:
mode:
authorDirkjan Bussink <d.bussink@gmail.com>2019-02-12 08:56:37 +0000
committerAndreas Schneider <asn@cryptomilk.org>2019-02-22 15:31:08 +0100
commit4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8 (patch)
treecbeb0046ce2f7361f636a6217533ac5636a3caa1 /src/wrapper.c
parente4c7912b3531d7c7f0d5b354b20f44392be29c28 (diff)
downloadlibssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.tar.gz
libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.tar.xz
libssh-4a67c191188601c8d98ec73b9d53ce8a2b6c6cf8.zip
Add tests and implementation for Encrypt-then-MAC mode
This adds the OpenSSH HMACs that do encrypt then mac. This is a more secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and AES-GCM are already encrypt-then-mac, but this also adds it for older legacy clients that don't support those ciphers yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/wrapper.c')
-rw-r--r--src/wrapper.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/src/wrapper.c b/src/wrapper.c
index 33f55840..e13b4c27 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -56,13 +56,17 @@
#include "libssh/curve25519.h"
static struct ssh_hmac_struct ssh_hmac_tab[] = {
- { "hmac-sha1", SSH_HMAC_SHA1, false },
- { "hmac-sha2-256", SSH_HMAC_SHA256, false },
- { "hmac-sha2-512", SSH_HMAC_SHA512, false },
- { "hmac-md5", SSH_HMAC_MD5, false },
- { "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false },
- { "aead-gcm", SSH_HMAC_AEAD_GCM, false },
- { NULL, 0, false }
+ { "hmac-sha1", SSH_HMAC_SHA1, false },
+ { "hmac-sha2-256", SSH_HMAC_SHA256, false },
+ { "hmac-sha2-512", SSH_HMAC_SHA512, false },
+ { "hmac-md5", SSH_HMAC_MD5, false },
+ { "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false },
+ { "aead-gcm", SSH_HMAC_AEAD_GCM, false },
+ { "hmac-sha1-etm@openssh.com", SSH_HMAC_SHA1, true },
+ { "hmac-sha2-256-etm@openssh.com", SSH_HMAC_SHA256, true },
+ { "hmac-sha2-512-etm@openssh.com", SSH_HMAC_SHA512, true },
+ { "hmac-md5-etm@openssh.com", SSH_HMAC_MD5, true },
+ { NULL, 0, false }
};
struct ssh_hmac_struct *ssh_get_hmactab(void) {