diff options
author | Andreas Schneider <mail@cynapses.org> | 2009-04-15 08:11:33 +0000 |
---|---|---|
committer | Andreas Schneider <mail@cynapses.org> | 2009-04-15 08:11:33 +0000 |
commit | 4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02 (patch) | |
tree | add37d0923aa750fdc931ab880f46d96a2c8bbb9 | |
parent | 367fd0cb3555fbc2d8f1dd32da1831bbeb888a08 (diff) | |
download | libssh-4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02.tar.gz libssh-4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02.tar.xz libssh-4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02.zip |
Improve packet_hmac_verify().
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@481 7dcaeef0-15fb-0310-b436-a5af3365683c
-rw-r--r-- | libssh/crypt.c | 56 | ||||
-rw-r--r-- | libssh/packet.c | 2 |
2 files changed, 40 insertions, 18 deletions
diff --git a/libssh/crypt.c b/libssh/crypt.c index 39361c1..5afb878 100644 --- a/libssh/crypt.c +++ b/libssh/crypt.c @@ -147,23 +147,45 @@ unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) { return NULL; } -/* TODO FIXME think about the return value isn't 0 enough and -1 on error */ -int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,unsigned char *mac){ - HMACCTX ctx; - unsigned char hmacbuf[EVP_MAX_MD_SIZE]; - unsigned int len; - u32 seq=htonl(session->recv_seq); - ctx=hmac_init(session->current_crypto->decryptMAC,20,HMAC_SHA1); - if (ctx == NULL) { - return -1; - } - hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); - hmac_update(ctx,buffer_get(buffer),buffer_get_len(buffer)); - hmac_final(ctx,hmacbuf,&len); +/** + * @internal + * + * @brief Verify the hmac of a packet + * + * @param session The session to use. + * @param buffer The buffer to verify the hmac from. + * @param mac The mac to compare with the hmac. + * + * @return 0 if hmac and mac are equal, < 0 if not or an error + * occured. + */ +int packet_hmac_verify(SSH_SESSION *session, BUFFER *buffer, + unsigned char *mac) { + unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0}; + HMACCTX ctx; + unsigned int len; + u32 seq; + + ctx = hmac_init(session->current_crypto->decryptMAC, 20, HMAC_SHA1); + if (ctx == NULL) { + return -1; + } + + seq = htonl(session->recv_seq); + + hmac_update(ctx, (unsigned char *) &seq, sizeof(u32)); + hmac_update(ctx, buffer_get(buffer), buffer_get_len(buffer)); + hmac_final(ctx, hmacbuf, &len); + #ifdef DEBUG_CRYPTO - ssh_print_hexa("received mac",mac,len); - ssh_print_hexa("Computed mac",hmacbuf,len); - ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32)); + ssh_print_hexa("received mac",mac,len); + ssh_print_hexa("Computed mac",hmacbuf,len); + ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32)); #endif - return memcmp(mac,hmacbuf,len); + if (memcmp(mac, hmacbuf, len) == 0) { + return 0; + } + + return -1 } + diff --git a/libssh/packet.c b/libssh/packet.c index 4ee3aaa..c2435ed 100644 --- a/libssh/packet.c +++ b/libssh/packet.c @@ -153,7 +153,7 @@ static int packet_read2(SSH_SESSION *session) { } ssh_socket_read(session->socket, mac, macsize); - if (packet_hmac_verify(session, session->in_buffer, mac)) { + if (packet_hmac_verify(session, session->in_buffer, mac) < 0) { ssh_set_error(session, SSH_FATAL, "HMAC error"); goto error; } |