aboutsummaryrefslogtreecommitdiff
path: root/src/packet_crypt.c
AgeCommit message (Collapse)AuthorFilesLines
2022-07-14packet: Check hmac return codes in ssh_packet_hmac_verify()Andreas Schneider1-9/+19
CID #1490530 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-14packet: Use consistent return codes in ssh_packet_hmac_verify()Andreas Schneider1-6/+8
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-14packet: Reformat ssh_packet_hmac_verify()Andreas Schneider1-30/+47
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2022-07-07Update HMAC function parameter typeNorbert Pocs1-12/+37
New openssl API, libmbedtls, libgcrypt use size_t for HMAC len pameter. New helper functions were added in libcrypto.c to avoid code duplication. (the header pki.h is needed for this reason) Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2021-01-12packet_crypt: Move secure_memcmp() to a shared sourceAnderson Toshiyuki Sasaki1-11/+0
Move the secure_memcmp() function to a shared source to make it available internally for other crypto implementations. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-05-05packet: Skip HMAC handling if none is selectedJakub Jelen1-21/+25
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2020-02-12packet: Replace PRIdS with ANSI C99 %zuAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2020-01-23packet_crypt: Check return values from AEAD decipheringJakub Jelen1-4/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-12-09SSH-01-006: Add missing NULL check in ssh_packet_hmac_verify()Andreas Schneider1-0/+4
Fixes T193 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-09SSH-01-006: Add missing NULL check for ssh_packet_get_current_crypto()Andreas Schneider1-0/+3
Fixes T193 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-10-25packet_crypt: Avoid out of bounds access in debug functionsJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-07-30Replace ssh_print_hexa() with ssh_log_hexdump()Anderson Toshiyuki Sasaki1-5/+5
Replace all occurrences of the deprecated function ssh_print_hexa() with the introduced ssh_log_hexdump(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22Add tests and implementation for Encrypt-then-MAC modeDirkjan Bussink1-7/+28
This adds the OpenSSH HMACs that do encrypt then mac. This is a more secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and AES-GCM are already encrypt-then-mac, but this also adds it for older legacy clients that don't support those ciphers yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Refactor ssh_packet_hmac_verify to allow for direct bufferDirkjan Bussink1-8/+10
This will make it easier to do Encrypt-then-MAC checks as those will be on the direct encrypted data received before decrypting which means they are not allocated in an ssh buffer at that point yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Use constant time comparison function for HMAC comparisonDirkjan Bussink1-1/+12
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-01-25packet_crypt: Make sure we always operate on initilized memoryAndreas Schneider1-1/+1
Found by MemorySanitizer. Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09packet: Introduce a new function to access cryptoJakub Jelen1-30/+45
And remove most of the direct access to the structure throughout the code Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-19crypto: Disable blowfish support by defaultAndreas Schneider1-1/+0
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-10-09libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSLJakub Jelen1-2/+3
The commit also propares the internals throughout the code base for the inclusion of a new AEAD cipher, because previously, the source code counted only with chacha20-poly1305 cipher, which is very specific in many cases. The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name needed to be defined so we can match in the algorithms selection per OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]). If the provided OpenSSL does not provide EVP_aes_128_gcm() function, the AES-GCM ciphers will not be compiled in. [1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29Rest in Peace SSHv1Andreas Schneider1-8/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-28packet_crypt: remove `set_decrypt_key` upon `ssh_packet_decrypt_len`Jon Simons1-8/+0
In 06b9901e64f1ea2a1141115e5645552034d25850, invocations of `set_decrypt_key` and `set_encrypt_key` were moved into the `ssh_packet_newkeys` callback, away from the packet decrypt and encrypt functions. Remove the extra `set_decrypt_key` for the case that an `aead_decrypt_length` is not NULL. At this time, only the chacha20-poly1305@openssh.com cipher is affected by this change. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28packet_crypt: fix unused variable compiler warningJon Simons1-1/+0
The local `rc` variable here is never set. Fix a warning that is emitted due to `-Wunused-variable`. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28packet_crypt: Avoid setting keys every timeAlberto Aguirre1-13/+0
Avoid setting keys on every packet decrypt or encrypt operation. Signed-off-by: Alberto Aguirre <albaguirre@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28chacha: packet decryptionAris Adamantiadis1-31/+94
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28chacha: packet encryptionAris Adamantiadis1-18/+28
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-02-12src: Use explicit_bzero() if available on the platformAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: do not use ssh_buffer_get_rest_len()Fabiano Fidêncio1-1/+1
As ssh_buffer_get_len() actually calls ssh_buffer_get_rest_len(), let's just use the first one. This is a preparatory step for removing ssh_buffer_get_rest_len(). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19buffer: rename ssh_buffer_get_rest() to ssh_buffer_get()Fabiano Fidêncio1-1/+1
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the packet (non-static) functionsFabiano Fidêncio1-5/+5
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2016-01-19cleanup: use ssh_ prefix in the buffer (non-static) functionsFabiano Fidêncio1-1/+1
Having "ssh_" prefix in the functions' name will avoid possible clashes when compiling libssh statically. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2015-09-24crypto: move key setup in newkeys handlerAris Adamantiadis1-11/+0
2014-08-06crypto: fix secure burning, structure members namingAris Adamantiadis1-5/+4
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-04-22Add logic to support SHA2 HMAC algorithmsDirkjan Bussink1-7/+9
BUG: https://red.libssh.org/issues/91 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2014-02-06packet_crypt: Make packet_{en,de}crypt fail consistently on len == 0Alan Dunn1-0/+6
Right now the behavior of packet_{en,de}crypt on len == 0 depends on the behavior of malloc. Instead, make these consistently fail based on what I assume the desired behavior is due to the first error message in each. Signed-off-by: Alan Dunn <amdunn@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2012-07-17build: Fix missing struct in_addr warning.Andreas Schneider1-0/+1
2011-10-03packet: cleaner logs with less redundant infoAris Adamantiadis1-12/+0
2011-09-18crypt: Rename to packet_crypt.Andreas Schneider1-0/+197
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-20 06:47:14 +0000