nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-04-18 03:28:07 -05:00
Code Issues Projects Releases Wiki Activity

Allow a cipher to specify encryption of the packet length.

Browse Source 
No cipher uses this facility yet, but one shortly will.
This commit is contained in:
Chris Staite 2015-06-07 12:51:24 +01:00 committed by Simon Tatham
parent 705f159255
commit 5d9a9a7bdf
6 changed files with 37 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ssh.c
View File

@ -1649,7 +1649,7 @@ static struct Packet *ssh2_rdpkt(Ssh ssh, const unsigned char **data,
/* /*
* OpenSSH encrypt-then-MAC mode: the packet length is * OpenSSH encrypt-then-MAC mode: the packet length is
* unencrypted. * unencrypted, unless the cipher supports length encryption.
*/ */
for (st->i = st->len = 0; st->i < 4; st->i++) { for (st->i = st->len = 0; st->i < 4; st->i++) {
while ((*datalen) == 0) while ((*datalen) == 0)
@ -1657,7 +1657,16 @@ static struct Packet *ssh2_rdpkt(Ssh ssh, const unsigned char **data,
st->pktin->data[st->i] = *(*data)++; st->pktin->data[st->i] = *(*data)++;
(*datalen)--; (*datalen)--;
} }
st->len = toint(GET_32BIT(st->pktin->data)); /* Cipher supports length decryption, so do it */
if (ssh->sccipher && (ssh->sccipher->flags & SSH_CIPHER_SEPARATE_LENGTH)) {
/* Keep the packet the same though, so the MAC passes */
unsigned char len[4];
memcpy(len, st->pktin->data, 4);
ssh->sccipher->decrypt_length(ssh->sc_cipher_ctx, len, 4, st->incoming_sequence);
st->len = toint(GET_32BIT(len));
} else {
st->len = toint(GET_32BIT(st->pktin->data));
}
/* /*
* _Completely_ silly lengths should be stomped on before they * _Completely_ silly lengths should be stomped on before they
@ -2277,6 +2286,13 @@ static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
for (i = 0; i < padding; i++) for (i = 0; i < padding; i++)
pkt->data[pkt->length + i] = random_byte(); pkt->data[pkt->length + i] = random_byte();
PUT_32BIT(pkt->data, pkt->length + padding - 4); PUT_32BIT(pkt->data, pkt->length + padding - 4);
/* Encrypt length if the scheme requires it */
if (ssh->cscipher && (ssh->cscipher->flags & SSH_CIPHER_SEPARATE_LENGTH)) {
ssh->cscipher->encrypt_length(ssh->cs_cipher_ctx, pkt->data, 4,
ssh->v2_outgoing_sequence);
}
if (ssh->csmac && ssh->csmac_etm) { if (ssh->csmac && ssh->csmac_etm) {
/* /*
* OpenSSH-defined encrypt-then-MAC protocol. * OpenSSH-defined encrypt-then-MAC protocol.

4
ssh.h
View File

@ -314,11 +314,15 @@ struct ssh2_cipher {
void (*setkey) (void *, unsigned char *key);/* for SSH-2 */ void (*setkey) (void *, unsigned char *key);/* for SSH-2 */
void (*encrypt) (void *, unsigned char *blk, int len); void (*encrypt) (void *, unsigned char *blk, int len);
void (*decrypt) (void *, unsigned char *blk, int len); void (*decrypt) (void *, unsigned char *blk, int len);
/* Ignored unless SSH_CIPHER_SEPARATE_LENGTH flag set */
void (*encrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
void (*decrypt_length) (void *, unsigned char *blk, int len, unsigned long seq);
const char *name; const char *name;
int blksize; int blksize;
int keylen; int keylen;
unsigned int flags; unsigned int flags;
#define SSH_CIPHER_IS_CBC 1 #define SSH_CIPHER_IS_CBC 1
#define SSH_CIPHER_SEPARATE_LENGTH 2
const char *text_name; const char *text_name;
/* If set, this takes priority over other MAC. */ /* If set, this takes priority over other MAC. */
const struct ssh_mac *required_mac; const struct ssh_mac *required_mac;

14
sshaes.c
View File

@ -1171,7 +1171,7 @@ void aes256_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
static const struct ssh2_cipher ssh_aes128_ctr = { static const struct ssh2_cipher ssh_aes128_ctr = {
aes_make_context, aes_free_context, aes_iv, aes128_key, aes_make_context, aes_free_context, aes_iv, aes128_key,
aes_ssh2_sdctr, aes_ssh2_sdctr, aes_ssh2_sdctr, aes_ssh2_sdctr, NULL, NULL,
"aes128-ctr", "aes128-ctr",
16, 128, 0, "AES-128 SDCTR", 16, 128, 0, "AES-128 SDCTR",
NULL NULL
@ -1179,7 +1179,7 @@ static const struct ssh2_cipher ssh_aes128_ctr = {
static const struct ssh2_cipher ssh_aes192_ctr = { static const struct ssh2_cipher ssh_aes192_ctr = {
aes_make_context, aes_free_context, aes_iv, aes192_key, aes_make_context, aes_free_context, aes_iv, aes192_key,
aes_ssh2_sdctr, aes_ssh2_sdctr, aes_ssh2_sdctr, aes_ssh2_sdctr, NULL, NULL,
"aes192-ctr", "aes192-ctr",
16, 192, 0, "AES-192 SDCTR", 16, 192, 0, "AES-192 SDCTR",
NULL NULL
@ -1187,7 +1187,7 @@ static const struct ssh2_cipher ssh_aes192_ctr = {
static const struct ssh2_cipher ssh_aes256_ctr = { static const struct ssh2_cipher ssh_aes256_ctr = {
aes_make_context, aes_free_context, aes_iv, aes256_key, aes_make_context, aes_free_context, aes_iv, aes256_key,
aes_ssh2_sdctr, aes_ssh2_sdctr, aes_ssh2_sdctr, aes_ssh2_sdctr, NULL, NULL,
"aes256-ctr", "aes256-ctr",
16, 256, 0, "AES-256 SDCTR", 16, 256, 0, "AES-256 SDCTR",
NULL NULL
@ -1195,7 +1195,7 @@ static const struct ssh2_cipher ssh_aes256_ctr = {
static const struct ssh2_cipher ssh_aes128 = { static const struct ssh2_cipher ssh_aes128 = {
aes_make_context, aes_free_context, aes_iv, aes128_key, aes_make_context, aes_free_context, aes_iv, aes128_key,
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
"aes128-cbc", "aes128-cbc",
16, 128, SSH_CIPHER_IS_CBC, "AES-128 CBC", 16, 128, SSH_CIPHER_IS_CBC, "AES-128 CBC",
NULL NULL
@ -1203,7 +1203,7 @@ static const struct ssh2_cipher ssh_aes128 = {
static const struct ssh2_cipher ssh_aes192 = { static const struct ssh2_cipher ssh_aes192 = {
aes_make_context, aes_free_context, aes_iv, aes192_key, aes_make_context, aes_free_context, aes_iv, aes192_key,
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
"aes192-cbc", "aes192-cbc",
16, 192, SSH_CIPHER_IS_CBC, "AES-192 CBC", 16, 192, SSH_CIPHER_IS_CBC, "AES-192 CBC",
NULL NULL
@ -1211,7 +1211,7 @@ static const struct ssh2_cipher ssh_aes192 = {
static const struct ssh2_cipher ssh_aes256 = { static const struct ssh2_cipher ssh_aes256 = {
aes_make_context, aes_free_context, aes_iv, aes256_key, aes_make_context, aes_free_context, aes_iv, aes256_key,
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
"aes256-cbc", "aes256-cbc",
16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC", 16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC",
NULL NULL
@ -1219,7 +1219,7 @@ static const struct ssh2_cipher ssh_aes256 = {
static const struct ssh2_cipher ssh_rijndael_lysator = { static const struct ssh2_cipher ssh_rijndael_lysator = {
aes_make_context, aes_free_context, aes_iv, aes256_key, aes_make_context, aes_free_context, aes_iv, aes256_key,
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk, NULL, NULL,
"rijndael-cbc@lysator.liu.se", "rijndael-cbc@lysator.liu.se",
16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC", 16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC",
NULL NULL

4
ssharcf.c
View File

@ -100,7 +100,7 @@ static void arcfour_iv(void *handle, unsigned char *key)
const struct ssh2_cipher ssh_arcfour128_ssh2 = { const struct ssh2_cipher ssh_arcfour128_ssh2 = {
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key, arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key,
arcfour_block, arcfour_block, arcfour_block, arcfour_block, NULL, NULL,
"arcfour128", "arcfour128",
1, 128, 0, "Arcfour-128", 1, 128, 0, "Arcfour-128",
NULL NULL
@ -108,7 +108,7 @@ const struct ssh2_cipher ssh_arcfour128_ssh2 = {
const struct ssh2_cipher ssh_arcfour256_ssh2 = { const struct ssh2_cipher ssh_arcfour256_ssh2 = {
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key, arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key,
arcfour_block, arcfour_block, arcfour_block, arcfour_block, NULL, NULL,
"arcfour256", "arcfour256",
1, 256, 0, "Arcfour-256", 1, 256, 0, "Arcfour-256",
NULL NULL

4
sshblowf.c
View File

@ -641,7 +641,7 @@ const struct ssh_cipher ssh_blowfish_ssh1 = {
static const struct ssh2_cipher ssh_blowfish_ssh2 = { static const struct ssh2_cipher ssh_blowfish_ssh2 = {
blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish_key, blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish_key,
blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk, blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk, NULL, NULL,
"blowfish-cbc", "blowfish-cbc",
8, 128, SSH_CIPHER_IS_CBC, "Blowfish-128 CBC", 8, 128, SSH_CIPHER_IS_CBC, "Blowfish-128 CBC",
NULL NULL
@ -649,7 +649,7 @@ static const struct ssh2_cipher ssh_blowfish_ssh2 = {
static const struct ssh2_cipher ssh_blowfish_ssh2_ctr = { static const struct ssh2_cipher ssh_blowfish_ssh2_ctr = {
blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish256_key, blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish256_key,
blowfish_ssh2_sdctr, blowfish_ssh2_sdctr, blowfish_ssh2_sdctr, blowfish_ssh2_sdctr, NULL, NULL,
"blowfish-ctr", "blowfish-ctr",
8, 256, 0, "Blowfish-256 SDCTR", 8, 256, 0, "Blowfish-256 SDCTR",
NULL NULL

8
sshdes.c
View File

@ -947,7 +947,7 @@ void des_decrypt_xdmauth(const unsigned char *keydata,
static const struct ssh2_cipher ssh_3des_ssh2 = { static const struct ssh2_cipher ssh_3des_ssh2 = {
des3_make_context, des3_free_context, des3_iv, des3_key, des3_make_context, des3_free_context, des3_iv, des3_key,
des3_ssh2_encrypt_blk, des3_ssh2_decrypt_blk, des3_ssh2_encrypt_blk, des3_ssh2_decrypt_blk, NULL, NULL,
"3des-cbc", "3des-cbc",
8, 168, SSH_CIPHER_IS_CBC, "triple-DES CBC", 8, 168, SSH_CIPHER_IS_CBC, "triple-DES CBC",
NULL NULL
@ -955,7 +955,7 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
static const struct ssh2_cipher ssh_3des_ssh2_ctr = { static const struct ssh2_cipher ssh_3des_ssh2_ctr = {
des3_make_context, des3_free_context, des3_iv, des3_key, des3_make_context, des3_free_context, des3_iv, des3_key,
des3_ssh2_sdctr, des3_ssh2_sdctr, des3_ssh2_sdctr, des3_ssh2_sdctr, NULL, NULL,
"3des-ctr", "3des-ctr",
8, 168, 0, "triple-DES SDCTR", 8, 168, 0, "triple-DES SDCTR",
NULL NULL
@ -971,7 +971,7 @@ static const struct ssh2_cipher ssh_3des_ssh2_ctr = {
*/ */
static const struct ssh2_cipher ssh_des_ssh2 = { static const struct ssh2_cipher ssh_des_ssh2 = {
des_make_context, des3_free_context, des3_iv, des_key, des_make_context, des3_free_context, des3_iv, des_key,
des_ssh2_encrypt_blk, des_ssh2_decrypt_blk, des_ssh2_encrypt_blk, des_ssh2_decrypt_blk, NULL, NULL,
"des-cbc", "des-cbc",
8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC", 8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC",
NULL NULL
@ -979,7 +979,7 @@ static const struct ssh2_cipher ssh_des_ssh2 = {
static const struct ssh2_cipher ssh_des_sshcom_ssh2 = { static const struct ssh2_cipher ssh_des_sshcom_ssh2 = {
des_make_context, des3_free_context, des3_iv, des_key, des_make_context, des3_free_context, des3_iv, des_key,
des_ssh2_encrypt_blk, des_ssh2_decrypt_blk, des_ssh2_encrypt_blk, des_ssh2_decrypt_blk, NULL, NULL,
"des-cbc@ssh.com", "des-cbc@ssh.com",
8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC", 8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC",
NULL NULL