nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity
acdcf2bfaa
putty-source/sshmd5.c

374 lines
10 KiB
C
Raw Normal View History

Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
#include <assert.h>
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
#include "ssh.h"
/*
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
* MD5 implementation for PuTTY. Written directly from the spec by
* Simon Tatham.
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
*/
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
/* ----------------------------------------------------------------------
* Core MD5 algorithm: processes 16-word blocks into a message digest.
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
*/
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
#define F(x,y,z) ( ((x) & (y)) | ((~(x)) & (z)) )
#define G(x,y,z) ( ((x) & (z)) | ((~(z)) & (y)) )
#define H(x,y,z) ( (x) ^ (y) ^ (z) )
#define I(x,y,z) ( (y) ^ ( (x) | ~(z) ) )
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
#define rol(x,y) ( ((x) << (y)) | (((uint32_t)x) >> (32-y)) )
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
#define subround(f,w,x,y,z,k,s,ti) \
w = x + rol(w + f(x,y,z) + block[k] + ti, s)
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
Make MD5_Core_Init and MD5_Block (both only referenced in this file) static. [originally from svn r2469]
2003-01-05 15:29:22 +00:00
static void MD5_Core_Init(MD5_Core_State * s)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
{
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
s->h[0] = 0x67452301;
s->h[1] = 0xefcdab89;
s->h[2] = 0x98badcfe;
s->h[3] = 0x10325476;
}
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
static void MD5_Block(MD5_Core_State *s, uint32_t *block)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
{
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
uint32_t a, b, c, d;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
a = s->h[0];
b = s->h[1];
c = s->h[2];
d = s->h[3];
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
subround(F, a, b, c, d, 0, 7, 0xd76aa478);
subround(F, d, a, b, c, 1, 12, 0xe8c7b756);
subround(F, c, d, a, b, 2, 17, 0x242070db);
subround(F, b, c, d, a, 3, 22, 0xc1bdceee);
subround(F, a, b, c, d, 4, 7, 0xf57c0faf);
subround(F, d, a, b, c, 5, 12, 0x4787c62a);
subround(F, c, d, a, b, 6, 17, 0xa8304613);
subround(F, b, c, d, a, 7, 22, 0xfd469501);
subround(F, a, b, c, d, 8, 7, 0x698098d8);
subround(F, d, a, b, c, 9, 12, 0x8b44f7af);
subround(F, c, d, a, b, 10, 17, 0xffff5bb1);
subround(F, b, c, d, a, 11, 22, 0x895cd7be);
subround(F, a, b, c, d, 12, 7, 0x6b901122);
subround(F, d, a, b, c, 13, 12, 0xfd987193);
subround(F, c, d, a, b, 14, 17, 0xa679438e);
subround(F, b, c, d, a, 15, 22, 0x49b40821);
subround(G, a, b, c, d, 1, 5, 0xf61e2562);
subround(G, d, a, b, c, 6, 9, 0xc040b340);
subround(G, c, d, a, b, 11, 14, 0x265e5a51);
subround(G, b, c, d, a, 0, 20, 0xe9b6c7aa);
subround(G, a, b, c, d, 5, 5, 0xd62f105d);
subround(G, d, a, b, c, 10, 9, 0x02441453);
subround(G, c, d, a, b, 15, 14, 0xd8a1e681);
subround(G, b, c, d, a, 4, 20, 0xe7d3fbc8);
subround(G, a, b, c, d, 9, 5, 0x21e1cde6);
subround(G, d, a, b, c, 14, 9, 0xc33707d6);
subround(G, c, d, a, b, 3, 14, 0xf4d50d87);
subround(G, b, c, d, a, 8, 20, 0x455a14ed);
subround(G, a, b, c, d, 13, 5, 0xa9e3e905);
subround(G, d, a, b, c, 2, 9, 0xfcefa3f8);
subround(G, c, d, a, b, 7, 14, 0x676f02d9);
subround(G, b, c, d, a, 12, 20, 0x8d2a4c8a);
subround(H, a, b, c, d, 5, 4, 0xfffa3942);
subround(H, d, a, b, c, 8, 11, 0x8771f681);
subround(H, c, d, a, b, 11, 16, 0x6d9d6122);
subround(H, b, c, d, a, 14, 23, 0xfde5380c);
subround(H, a, b, c, d, 1, 4, 0xa4beea44);
subround(H, d, a, b, c, 4, 11, 0x4bdecfa9);
subround(H, c, d, a, b, 7, 16, 0xf6bb4b60);
subround(H, b, c, d, a, 10, 23, 0xbebfbc70);
subround(H, a, b, c, d, 13, 4, 0x289b7ec6);
subround(H, d, a, b, c, 0, 11, 0xeaa127fa);
subround(H, c, d, a, b, 3, 16, 0xd4ef3085);
subround(H, b, c, d, a, 6, 23, 0x04881d05);
subround(H, a, b, c, d, 9, 4, 0xd9d4d039);
subround(H, d, a, b, c, 12, 11, 0xe6db99e5);
subround(H, c, d, a, b, 15, 16, 0x1fa27cf8);
subround(H, b, c, d, a, 2, 23, 0xc4ac5665);
subround(I, a, b, c, d, 0, 6, 0xf4292244);
subround(I, d, a, b, c, 7, 10, 0x432aff97);
subround(I, c, d, a, b, 14, 15, 0xab9423a7);
subround(I, b, c, d, a, 5, 21, 0xfc93a039);
subround(I, a, b, c, d, 12, 6, 0x655b59c3);
subround(I, d, a, b, c, 3, 10, 0x8f0ccc92);
subround(I, c, d, a, b, 10, 15, 0xffeff47d);
subround(I, b, c, d, a, 1, 21, 0x85845dd1);
subround(I, a, b, c, d, 8, 6, 0x6fa87e4f);
subround(I, d, a, b, c, 15, 10, 0xfe2ce6e0);
subround(I, c, d, a, b, 6, 15, 0xa3014314);
subround(I, b, c, d, a, 13, 21, 0x4e0811a1);
subround(I, a, b, c, d, 4, 6, 0xf7537e82);
subround(I, d, a, b, c, 11, 10, 0xbd3af235);
subround(I, c, d, a, b, 2, 15, 0x2ad7d2bb);
subround(I, b, c, d, a, 9, 21, 0xeb86d391);
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
s->h[0] += a;
s->h[1] += b;
s->h[2] += c;
s->h[3] += d;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
}
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
/* ----------------------------------------------------------------------
* Outer MD5 algorithm: take an arbitrary length byte string,
* convert it into 16-word blocks with the prescribed padding at
* the end, and pass those blocks to the core MD5 algorithm.
*/
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
#define BLKSIZE 64
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
static void MD5_BinarySink_write(BinarySink *bs, const void *data, size_t len);
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
void MD5Init(struct MD5Context *s)
{
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
MD5_Core_Init(&s->core);
s->blkused = 0;
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
s->len = 0;
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
BinarySink_INIT(s, MD5_BinarySink_write);
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
}
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
static void MD5_BinarySink_write(BinarySink *bs, const void *data, size_t len)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
{
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
struct MD5Context *s = BinarySink_DOWNCAST(bs, struct MD5Context);
const unsigned char *q = (const unsigned char *)data;
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
uint32_t wordblock[16];
uint32_t lenw = len;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
int i;
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
assert(lenw == len);
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
/*
* Update the length field.
*/
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
s->len += lenw;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
if (s->blkused + len < BLKSIZE) {
/*
* Trivial case: just add to the block.
*/
memcpy(s->block + s->blkused, q, len);
s->blkused += len;
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
} else {
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
/*
* We must complete and process at least one block.
*/
while (s->blkused + len >= BLKSIZE) {
memcpy(s->block + s->blkused, q, BLKSIZE - s->blkused);
q += BLKSIZE - s->blkused;
len -= BLKSIZE - s->blkused;
/* Now process the block. Gather bytes little-endian into words */
for (i = 0; i < 16; i++) {
wordblock[i] =
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
(((uint32_t) s->block[i * 4 + 3]) << 24) |
(((uint32_t) s->block[i * 4 + 2]) << 16) |
(((uint32_t) s->block[i * 4 + 1]) << 8) |
(((uint32_t) s->block[i * 4 + 0]) << 0);
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
}
MD5_Block(&s->core, wordblock);
s->blkused = 0;
}
memcpy(s->block, q, len);
s->blkused = len;
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
}
}
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
void MD5Final(unsigned char output[16], struct MD5Context *s)
{
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
int i;
Oops - now let's get that MD5 change _right_ :-) [originally from svn r438]
2000-04-04 14:51:17 +00:00
unsigned pad;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
unsigned char c[64];
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
uint64_t len;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
if (s->blkused >= 56)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
pad = 56 + 64 - s->blkused;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
else
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
pad = 56 - s->blkused;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
len = (s->len << 3);
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
memset(c, 0, pad);
c[0] = 0x80;
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
put_data(s, c, pad);
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
Adopt C99 <stdint.h> integer types. The annoying int64.h is completely retired, since C99 guarantees a 64-bit integer type that you can actually treat like an ordinary integer. Also, I've replaced the local typedefs uint32 and word32 (scattered through different parts of the crypto code) with the standard uint32_t.
2018-10-26 22:08:58 +00:00
PUT_64BIT_LSB_FIRST(c, len);
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
put_data(s, c, 8);
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
for (i = 0; i < 4; i++) {
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
output[4 * i + 3] = (s->core.h[i] >> 24) & 0xFF;
output[4 * i + 2] = (s->core.h[i] >> 16) & 0xFF;
output[4 * i + 1] = (s->core.h[i] >> 8) & 0xFF;
output[4 * i + 0] = (s->core.h[i] >> 0) & 0xFF;
Replace MD5 implementation with my own code [originally from svn r437]
2000-04-04 14:47:22 +00:00
}
Initial checkin: beta 0.43 [originally from svn r11]
1999-01-08 13:02:13 +00:00
}
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
Malcolm Smith's patch to support CHAP (digest-based) authentication when talking to SOCKS 5 proxies. Configures itself transparently (if the proxy offers CHAP it will use it, otherwise it falls back to ordinary cleartext passwords). [originally from svn r4517]
2004-08-30 13:11:17 +00:00
void MD5Simple(void const *p, unsigned len, unsigned char output[16])
{
struct MD5Context s;
MD5Init(&s);
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
put_data(&s, (unsigned char const *)p, len);
Malcolm Smith's patch to support CHAP (digest-based) authentication when talking to SOCKS 5 proxies. Configures itself transparently (if the proxy offers CHAP it will use it, otherwise it falls back to ordinary cleartext passwords). [originally from svn r4517]
2004-08-30 13:11:17 +00:00
MD5Final(output, &s);
Add smemclrs of all hash states we destroy.
2015-04-26 22:55:33 +00:00
smemclr(&s, sizeof(s));
Malcolm Smith's patch to support CHAP (digest-based) authentication when talking to SOCKS 5 proxies. Configures itself transparently (if the proxy offers CHAP it will use it, otherwise it falls back to ordinary cleartext passwords). [originally from svn r4517]
2004-08-30 13:11:17 +00:00
}
Make lots more algorithm structures globally visible. Previously, lots of individual ssh2_cipheralg structures were declared static, and only available to the rest of the code via a smaller number of 'ssh2_ciphers' objects that wrapped them into lists. But I'm going to want to access individual ciphers directly in the testing system I'm currently working on, so I'm giving all those objects external linkage and declaring them in ssh.h. Also, I've made up an entirely new one, namely exposing MD5 as an instance of the general ssh_hashalg abstraction, which it has no need to be for the purposes of actually using it in SSH. But, again, this will let me treat it the same as all the other hashes in the test system. No functional change, for the moment.
2018-12-31 13:55:46 +00:00
/* ----------------------------------------------------------------------
* Thin abstraction for things where hashes are pluggable.
*/
struct md5_hash {
struct MD5Context state;
ssh_hash hash;
};
Remove a lot of pointless 'struct' keywords. This is the commit that f3295e0fb _should_ have been. Yesterday I just added some typedefs so that I didn't have to wear out my fingers typing 'struct' in new code, but what I ought to have done is to move all the typedefs into defs.h with the rest, and then go through cleaning up the legacy 'struct's all through the existing code. But I was mostly trying to concentrate on getting the test suite finished, so I just did the minimum. Now it's time to come back and do it better.
2019-01-04 06:51:44 +00:00
static ssh_hash *md5_new(const ssh_hashalg *alg)
Make lots more algorithm structures globally visible. Previously, lots of individual ssh2_cipheralg structures were declared static, and only available to the rest of the code via a smaller number of 'ssh2_ciphers' objects that wrapped them into lists. But I'm going to want to access individual ciphers directly in the testing system I'm currently working on, so I'm giving all those objects external linkage and declaring them in ssh.h. Also, I've made up an entirely new one, namely exposing MD5 as an instance of the general ssh_hashalg abstraction, which it has no need to be for the purposes of actually using it in SSH. But, again, this will let me treat it the same as all the other hashes in the test system. No functional change, for the moment.
2018-12-31 13:55:46 +00:00
{
struct md5_hash *h = snew(struct md5_hash);
MD5Init(&h->state);
h->hash.vt = alg;
BinarySink_DELEGATE_INIT(&h->hash, &h->state);
return &h->hash;
}
static ssh_hash *md5_copy(ssh_hash *hashold)
{
struct md5_hash *hold, *hnew;
ssh_hash *hashnew = md5_new(hashold->vt);
hold = container_of(hashold, struct md5_hash, hash);
hnew = container_of(hashnew, struct md5_hash, hash);
hnew->state = hold->state;
BinarySink_COPIED(&hnew->state);
return hashnew;
}
static void md5_free(ssh_hash *hash)
{
struct md5_hash *h = container_of(hash, struct md5_hash, hash);
smemclr(h, sizeof(*h));
sfree(h);
}
static void md5_final(ssh_hash *hash, unsigned char *output)
{
struct md5_hash *h = container_of(hash, struct md5_hash, hash);
MD5Final(output, &h->state);
md5_free(hash);
}
Remove a lot of pointless 'struct' keywords. This is the commit that f3295e0fb _should_ have been. Yesterday I just added some typedefs so that I didn't have to wear out my fingers typing 'struct' in new code, but what I ought to have done is to move all the typedefs into defs.h with the rest, and then go through cleaning up the legacy 'struct's all through the existing code. But I was mostly trying to concentrate on getting the test suite finished, so I just did the minimum. Now it's time to come back and do it better.
2019-01-04 06:51:44 +00:00
const ssh_hashalg ssh_md5 = {
Make lots more algorithm structures globally visible. Previously, lots of individual ssh2_cipheralg structures were declared static, and only available to the rest of the code via a smaller number of 'ssh2_ciphers' objects that wrapped them into lists. But I'm going to want to access individual ciphers directly in the testing system I'm currently working on, so I'm giving all those objects external linkage and declaring them in ssh.h. Also, I've made up an entirely new one, namely exposing MD5 as an instance of the general ssh_hashalg abstraction, which it has no need to be for the purposes of actually using it in SSH. But, again, this will let me treat it the same as all the other hashes in the test system. No functional change, for the moment.
2018-12-31 13:55:46 +00:00
md5_new, md5_copy, md5_final, md5_free, 16, "MD5"
};
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
/* ----------------------------------------------------------------------
* The above is the MD5 algorithm itself. Now we implement the
* HMAC wrapper on it.
Malcolm Smith's patch to support CHAP (digest-based) authentication when talking to SOCKS 5 proxies. Configures itself transparently (if the proxy offers CHAP it will use it, otherwise it falls back to ordinary cleartext passwords). [originally from svn r4517]
2004-08-30 13:11:17 +00:00
*
* Some of these functions are exported directly, because they are
* useful elsewhere (SOCKS5 CHAP authentication uses HMAC-MD5).
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
*/
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
struct hmacmd5_context {
struct MD5Context md5[3];
ssh2_mac mac;
};
struct hmacmd5_context *hmacmd5_make_context(void)
{
struct hmacmd5_context *ctx = snew(struct hmacmd5_context);
BinarySink_DELEGATE_INIT(&ctx->mac, &ctx->md5[2]);
return ctx;
}
Merge the ssh1_cipher type into ssh2_cipher. The aim of this reorganisation is to make it easier to test all the ciphers in PuTTY in a uniform way. It was inconvenient that there were two separate vtable systems for the ciphers used in SSH-1 and SSH-2 with different functionality. Now there's only one type, called ssh_cipher. But really it's the old ssh2_cipher, just renamed: I haven't made any changes to the API on the SSH-2 side. Instead, I've removed ssh1_cipher completely, and adapted the SSH-1 BPP to use the SSH-2 style API. (The relevant differences are that ssh1_cipher encapsulated both the sending and receiving directions in one object - so now ssh1bpp has to make a separate cipher instance per direction - and that ssh1_cipher automatically initialised the IV to all zeroes, which ssh1bpp now has to do by hand.) The previous ssh1_cipher vtable for single-DES has been removed completely, because when converted into the new API it became identical to the SSH-2 single-DES vtable; so now there's just one vtable for DES-CBC which works in both protocols. The other two SSH-1 ciphers each had to stay separate, because 3DES is completely different between SSH-1 and SSH-2 (three layers of CBC structure versus one), and Blowfish varies in endianness and key length between the two. (Actually, while I'm here, I've only just noticed that the SSH-1 Blowfish cipher mis-describes itself in log messages as Blowfish-128. In fact it passes the whole of the input key buffer, which has length SSH1_SESSION_KEY_LENGTH == 32 bytes == 256 bits. So it's actually Blowfish-256, and has been all along!)
2019-01-17 18:06:08 +00:00
static ssh2_mac *hmacmd5_ssh2_new(const ssh2_macalg *alg, ssh_cipher *cipher)
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
{
struct hmacmd5_context *ctx = hmacmd5_make_context();
ctx->mac.vt = alg;
return &ctx->mac;
}
void hmacmd5_free_context(struct hmacmd5_context *ctx)
SSH2 MACs now use dynamically allocated contexts. [originally from svn r2131]
2002-10-25 12:51:28 +00:00
{
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
smemclr(ctx, sizeof(*ctx));
sfree(ctx);
SSH2 MACs now use dynamically allocated contexts. [originally from svn r2131]
2002-10-25 12:51:28 +00:00
}
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
static void hmacmd5_ssh2_free(ssh2_mac *mac)
SSH2 MACs now use dynamically allocated contexts. [originally from svn r2131]
2002-10-25 12:51:28 +00:00
{
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
struct hmacmd5_context *ctx =
container_of(mac, struct hmacmd5_context, mac);
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
hmacmd5_free_context(ctx);
SSH2 MACs now use dynamically allocated contexts. [originally from svn r2131]
2002-10-25 12:51:28 +00:00
}
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
void hmacmd5_key(struct hmacmd5_context *ctx, void const *keyv, int len)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
{
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
unsigned char foo[64];
Owen tells me the Mac compiler complains at a char / unsigned char mismatch in the invocation of hmacmd5_key(). Do it properly with a void * argument. [originally from svn r5117]
2005-01-16 14:02:56 +00:00
unsigned char const *key = (unsigned char const *)keyv;
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
int i;
memset(foo, 0x36, 64);
for (i = 0; i < len && i < 64; i++)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
foo[i] ^= key[i];
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
MD5Init(&ctx->md5[0]);
put_data(&ctx->md5[0], foo, 64);
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
memset(foo, 0x5C, 64);
for (i = 0; i < len && i < 64; i++)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
foo[i] ^= key[i];
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
MD5Init(&ctx->md5[1]);
put_data(&ctx->md5[1], foo, 64);
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
Introduce a new utility function smemclr(), which memsets things to zero but does it in such a way that over-clever compilers hopefully won't helpfully optimise the call away if you do it just before freeing something or letting it go out of scope. Use this for (hopefully) every memset whose job is to destroy sensitive data that might otherwise be left lying around in the process's memory. [originally from svn r9586]
2012-07-22 19:51:50 +00:00
smemclr(foo, 64); /* burn the evidence */
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
}
Make ssh2_mac_setkey take the key as a ptrlen. This makes the API more flexible, so that it's not restricted to taking a key of precisely the length specified in the ssh2_macalg structure. Instead, ssh2bpp looks up that length to construct the MAC's key. Some MACs (e.g. Poly1305) will only _work_ with a single key length. But this way, I can run standard test vectors against MACs that can take a variable length (e.g. everything in the HMAC family).
2019-01-03 13:49:02 +00:00
static void hmacmd5_ssh2_setkey(ssh2_mac *mac, ptrlen key)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
{
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
struct hmacmd5_context *ctx =
container_of(mac, struct hmacmd5_context, mac);
Make ssh2_mac_setkey take the key as a ptrlen. This makes the API more flexible, so that it's not restricted to taking a key of precisely the length specified in the ssh2_macalg structure. Instead, ssh2bpp looks up that length to construct the MAC's key. Some MACs (e.g. Poly1305) will only _work_ with a single key length. But this way, I can run standard test vectors against MACs that can take a variable length (e.g. everything in the HMAC family).
2019-01-03 13:49:02 +00:00
hmacmd5_key(ctx, key.ptr, key.len);
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
}
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
static void hmacmd5_start(ssh2_mac *mac)
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher under SSH-2, don't risk looking at the length field of an incoming packet until we've successfully MAC'ed the packet. This requires a change to the MAC mechanics so that we can calculate MACs incrementally, and output a MAC for the packet so far while still being able to add more data to the packet later. [originally from svn r8334]
2008-11-26 12:49:25 +00:00
{
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
struct hmacmd5_context *ctx =
container_of(mac, struct hmacmd5_context, mac);
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher under SSH-2, don't risk looking at the length field of an incoming packet until we've successfully MAC'ed the packet. This requires a change to the MAC mechanics so that we can calculate MACs incrementally, and output a MAC for the packet so far while still being able to add more data to the packet later. [originally from svn r8334]
2008-11-26 12:49:25 +00:00
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
ctx->md5[2] = ctx->md5[0]; /* structure copy */
BinarySink_COPIED(&ctx->md5[2]);
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher under SSH-2, don't risk looking at the length field of an incoming packet until we've successfully MAC'ed the packet. This requires a change to the MAC mechanics so that we can calculate MACs incrementally, and output a MAC for the packet so far while still being able to add more data to the packet later. [originally from svn r8334]
2008-11-26 12:49:25 +00:00
}
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
static void hmacmd5_genresult(ssh2_mac *mac, unsigned char *hmac)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
{
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
struct hmacmd5_context *ctx =
container_of(mac, struct hmacmd5_context, mac);
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
struct MD5Context s;
unsigned char intermediate[16];
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
s = ctx->md5[2]; /* structure copy */
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
BinarySink_COPIED(&s);
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
MD5Final(intermediate, &s);
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
s = ctx->md5[1]; /* structure copy */
New centralised binary-data marshalling system. I've finally got tired of all the code throughout PuTTY that repeats the same logic about how to format the SSH binary primitives like uint32, string, mpint. We've got reasonably organised code in ssh.c that appends things like that to 'struct Packet'; something similar in sftp.c which repeats a lot of the work; utility functions in various places to format an mpint to feed to one or another hash function; and no end of totally ad-hoc stuff in functions like public key blob formatters which actually have to _count up_ the size of data painstakingly, then malloc exactly that much and mess about with PUT_32BIT. It's time to bring all of that into one place, and stop repeating myself in error-prone ways everywhere. The new marshal.h defines a system in which I centralise all the actual marshalling functions, and then layer a touch of C macro trickery on top to allow me to (look as if I) pass a wide range of different types to those functions, as long as the target type has been set up in the right way to have a write() function. This commit adds the new header and source file, and sets up some general centralised types (strbuf and the various hash-function contexts like SHA_State), but doesn't use the new calls for anything yet. (I've also renamed some internal functions in import.c which were using the same names that I've just defined macros over. That won't last long - those functions are going to go away soon, so the changed names are strictly temporary.)
2018-05-24 08:17:13 +00:00
BinarySink_COPIED(&s);
Replace all uses of SHA*_Bytes / MD5Update. In fact, those functions don't even exist any more. The only way to get data into a primitive hash state is via the new put_* system. Of course, that means put_data() is a viable replacement for every previous call to one of the per-hash update functions - but just mechanically doing that would have missed the opportunity to simplify a lot of the call sites.
2018-05-24 09:03:36 +00:00
put_data(&s, intermediate, 16);
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
MD5Final(hmac, &s);
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
smemclr(intermediate, sizeof(intermediate));
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
}
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
void hmacmd5_do_hmac(struct hmacmd5_context *ctx,
Clean up a couple of consts and char pointers. hmacmd5_do_hmac and hmac_sha1_simple should be consistently referring to input memory blocks as 'const void *', but one had pointlessly typed the pointer as 'const unsigned char *' and the other had missed out the consts.
2018-09-13 15:43:30 +00:00
const void *blk, int len, unsigned char *hmac)
Run entire source base through GNU indent to tidy up the varying coding styles of the various contributors! Woohoo! [originally from svn r1098]
2001-05-06 14:35:20 +00:00
{
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
ssh2_mac_start(&ctx->mac);
put_data(&ctx->mac, blk, len);
sshmd5.c: remove excessive return statement
2019-01-02 16:55:54 +00:00
ssh2_mac_genresult(&ctx->mac, hmac);
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
}
Remove a lot of pointless 'struct' keywords. This is the commit that f3295e0fb _should_ have been. Yesterday I just added some typedefs so that I didn't have to wear out my fingers typing 'struct' in new code, but what I ought to have done is to move all the typedefs into defs.h with the rest, and then go through cleaning up the legacy 'struct's all through the existing code. But I was mostly trying to concentrate on getting the test suite finished, so I just did the minimum. Now it's time to come back and do it better.
2019-01-04 06:51:44 +00:00
const ssh2_macalg ssh_hmac_md5 = {
Turn SSH-2 MACs into a classoid. This piece of tidying-up has come out particularly well in terms of saving tedious repetition and boilerplate. I've managed to remove three pointless methods from every MAC implementation by means of writing them once centrally in terms of the implementation-specific methods; another method (hmacmd5_sink) vanished because I was able to make the interface type 'ssh2_mac' be directly usable as a BinarySink by way of a new delegation system; and because all the method implementations can now find their own vtable, I was even able to merge a lot of keying and output functions that had previously differed only in length parameters by having them look up the lengths in whatever vtable they were passed.
2018-09-13 15:15:17 +00:00
hmacmd5_ssh2_new, hmacmd5_ssh2_free, hmacmd5_ssh2_setkey,
hmacmd5_start, hmacmd5_genresult,
Support OpenSSH encrypt-then-MAC protocol extension. This causes the initial length field of the SSH-2 binary packet to be unencrypted (with the knock-on effect that now the packet length not including MAC must be congruent to 4 rather than 0 mod the cipher block size), and then the MAC is applied over the unencrypted length field and encrypted ciphertext (prefixed by the sequence number as usual). At the cost of exposing some information about the packet lengths to an attacker (but rarely anything they couldn't have inferred from the TCP headers anyway), this closes down any possibility of a MITM using the client as a decryption oracle, unless they can _first_ fake a correct MAC. ETM mode is enabled by means of selecting a different MAC identifier, all the current ones of which are constructed by appending "-etm@openssh.com" to the name of a MAC that already existed. We currently prefer the original SSH-2 binary packet protocol (i.e. we list all the ETM-mode MACs last in our KEXINIT), on the grounds that it's better tested and more analysed, so at the moment the new mode is only activated if a server refuses to speak anything else.
2015-04-26 22:30:32 +00:00
"hmac-md5", "hmac-md5-etm@openssh.com",
Add a key-length field to 'struct ssh_mac'. The key derivation code has been assuming (though non-critically, as it happens) that the size of the MAC output is the same as the size of the MAC key. That isn't even a good assumption for the HMAC family, due to HMAC-SHA1-96 and also the bug-compatible versions of HMAC-SHA1 that only use 16 bytes of key material; so now we have an explicit key-length field separate from the MAC-length field.
2015-08-21 22:20:12 +00:00
16, 16,
Mention the negotiated SSH-2 MAC algorithm(s) in the Event Log. (It should be possible to at least see what MAC is in use without going to a SSH packet log.) [originally from svn r4591]
2004-09-29 23:57:03 +00:00
"HMAC-MD5"
Implement MD5 MAC for the benefit of old SSH2 servers [originally from svn r709]
2000-10-12 14:24:58 +00:00
};
Reference in New Issue Copy Permalink