mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-03-22 14:39:24 -05:00
Allow a cipher to override the SSH KEX's choice of MAC.
No cipher uses this facility yet, but one shortly will.
This commit is contained in:
parent
3ce4594d14
commit
705f159255
2
cproxy.c
2
cproxy.c
@ -21,7 +21,7 @@ static void hmacmd5_chap(const unsigned char *challenge, int challen,
|
|||||||
void *hmacmd5_ctx;
|
void *hmacmd5_ctx;
|
||||||
int pwlen;
|
int pwlen;
|
||||||
|
|
||||||
hmacmd5_ctx = hmacmd5_make_context();
|
hmacmd5_ctx = hmacmd5_make_context(NULL);
|
||||||
|
|
||||||
pwlen = strlen(passwd);
|
pwlen = strlen(passwd);
|
||||||
if (pwlen>64) {
|
if (pwlen>64) {
|
||||||
|
15
ssh.c
15
ssh.c
@ -6565,6 +6565,17 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
|
|||||||
crStopV;
|
crStopV;
|
||||||
matched:;
|
matched:;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If the cipher over-rides the mac, then pick it */
|
||||||
|
if (s->cscipher_tobe && s->cscipher_tobe->required_mac) {
|
||||||
|
s->csmac_tobe = s->cscipher_tobe->required_mac;
|
||||||
|
s->csmac_etm_tobe = !!(s->csmac_tobe->etm_name);
|
||||||
|
}
|
||||||
|
if (s->sccipher_tobe && s->sccipher_tobe->required_mac) {
|
||||||
|
s->scmac_tobe = s->sccipher_tobe->required_mac;
|
||||||
|
s->scmac_etm_tobe = !!(s->scmac_tobe->etm_name);
|
||||||
|
}
|
||||||
|
|
||||||
if (s->pending_compression) {
|
if (s->pending_compression) {
|
||||||
logevent("Server supports delayed compression; "
|
logevent("Server supports delayed compression; "
|
||||||
"will try this later");
|
"will try this later");
|
||||||
@ -7078,7 +7089,7 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
|
|||||||
ssh->csmac->free_context(ssh->cs_mac_ctx);
|
ssh->csmac->free_context(ssh->cs_mac_ctx);
|
||||||
ssh->csmac = s->csmac_tobe;
|
ssh->csmac = s->csmac_tobe;
|
||||||
ssh->csmac_etm = s->csmac_etm_tobe;
|
ssh->csmac_etm = s->csmac_etm_tobe;
|
||||||
ssh->cs_mac_ctx = ssh->csmac->make_context();
|
ssh->cs_mac_ctx = ssh->csmac->make_context(ssh->cs_cipher_ctx);
|
||||||
|
|
||||||
if (ssh->cs_comp_ctx)
|
if (ssh->cs_comp_ctx)
|
||||||
ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
|
ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
|
||||||
@ -7146,7 +7157,7 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
|
|||||||
ssh->scmac->free_context(ssh->sc_mac_ctx);
|
ssh->scmac->free_context(ssh->sc_mac_ctx);
|
||||||
ssh->scmac = s->scmac_tobe;
|
ssh->scmac = s->scmac_tobe;
|
||||||
ssh->scmac_etm = s->scmac_etm_tobe;
|
ssh->scmac_etm = s->scmac_etm_tobe;
|
||||||
ssh->sc_mac_ctx = ssh->scmac->make_context();
|
ssh->sc_mac_ctx = ssh->scmac->make_context(ssh->sc_cipher_ctx);
|
||||||
|
|
||||||
if (ssh->sc_comp_ctx)
|
if (ssh->sc_comp_ctx)
|
||||||
ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
|
ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
|
||||||
|
8
ssh.h
8
ssh.h
@ -250,7 +250,7 @@ void MD5Update(struct MD5Context *context, unsigned char const *buf,
|
|||||||
void MD5Final(unsigned char digest[16], struct MD5Context *context);
|
void MD5Final(unsigned char digest[16], struct MD5Context *context);
|
||||||
void MD5Simple(void const *p, unsigned len, unsigned char output[16]);
|
void MD5Simple(void const *p, unsigned len, unsigned char output[16]);
|
||||||
|
|
||||||
void *hmacmd5_make_context(void);
|
void *hmacmd5_make_context(void *);
|
||||||
void hmacmd5_free_context(void *handle);
|
void hmacmd5_free_context(void *handle);
|
||||||
void hmacmd5_key(void *handle, void const *key, int len);
|
void hmacmd5_key(void *handle, void const *key, int len);
|
||||||
void hmacmd5_do_hmac(void *handle, unsigned char const *blk, int len,
|
void hmacmd5_do_hmac(void *handle, unsigned char const *blk, int len,
|
||||||
@ -296,6 +296,7 @@ void SHA384_Init(SHA384_State * s);
|
|||||||
void SHA384_Final(SHA384_State * s, unsigned char *output);
|
void SHA384_Final(SHA384_State * s, unsigned char *output);
|
||||||
void SHA384_Simple(const void *p, int len, unsigned char *output);
|
void SHA384_Simple(const void *p, int len, unsigned char *output);
|
||||||
|
|
||||||
|
struct ssh_mac;
|
||||||
struct ssh_cipher {
|
struct ssh_cipher {
|
||||||
void *(*make_context)(void);
|
void *(*make_context)(void);
|
||||||
void (*free_context)(void *);
|
void (*free_context)(void *);
|
||||||
@ -319,6 +320,8 @@ struct ssh2_cipher {
|
|||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
#define SSH_CIPHER_IS_CBC 1
|
#define SSH_CIPHER_IS_CBC 1
|
||||||
const char *text_name;
|
const char *text_name;
|
||||||
|
/* If set, this takes priority over other MAC. */
|
||||||
|
const struct ssh_mac *required_mac;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ssh2_ciphers {
|
struct ssh2_ciphers {
|
||||||
@ -327,7 +330,8 @@ struct ssh2_ciphers {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct ssh_mac {
|
struct ssh_mac {
|
||||||
void *(*make_context)(void);
|
/* Passes in the cipher context */
|
||||||
|
void *(*make_context)(void *);
|
||||||
void (*free_context)(void *);
|
void (*free_context)(void *);
|
||||||
void (*setkey) (void *, unsigned char *key);
|
void (*setkey) (void *, unsigned char *key);
|
||||||
/* whole-packet operations */
|
/* whole-packet operations */
|
||||||
|
21
sshaes.c
21
sshaes.c
@ -1173,49 +1173,56 @@ static const struct ssh2_cipher ssh_aes128_ctr = {
|
|||||||
aes_make_context, aes_free_context, aes_iv, aes128_key,
|
aes_make_context, aes_free_context, aes_iv, aes128_key,
|
||||||
aes_ssh2_sdctr, aes_ssh2_sdctr,
|
aes_ssh2_sdctr, aes_ssh2_sdctr,
|
||||||
"aes128-ctr",
|
"aes128-ctr",
|
||||||
16, 128, 0, "AES-128 SDCTR"
|
16, 128, 0, "AES-128 SDCTR",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_aes192_ctr = {
|
static const struct ssh2_cipher ssh_aes192_ctr = {
|
||||||
aes_make_context, aes_free_context, aes_iv, aes192_key,
|
aes_make_context, aes_free_context, aes_iv, aes192_key,
|
||||||
aes_ssh2_sdctr, aes_ssh2_sdctr,
|
aes_ssh2_sdctr, aes_ssh2_sdctr,
|
||||||
"aes192-ctr",
|
"aes192-ctr",
|
||||||
16, 192, 0, "AES-192 SDCTR"
|
16, 192, 0, "AES-192 SDCTR",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_aes256_ctr = {
|
static const struct ssh2_cipher ssh_aes256_ctr = {
|
||||||
aes_make_context, aes_free_context, aes_iv, aes256_key,
|
aes_make_context, aes_free_context, aes_iv, aes256_key,
|
||||||
aes_ssh2_sdctr, aes_ssh2_sdctr,
|
aes_ssh2_sdctr, aes_ssh2_sdctr,
|
||||||
"aes256-ctr",
|
"aes256-ctr",
|
||||||
16, 256, 0, "AES-256 SDCTR"
|
16, 256, 0, "AES-256 SDCTR",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_aes128 = {
|
static const struct ssh2_cipher ssh_aes128 = {
|
||||||
aes_make_context, aes_free_context, aes_iv, aes128_key,
|
aes_make_context, aes_free_context, aes_iv, aes128_key,
|
||||||
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
||||||
"aes128-cbc",
|
"aes128-cbc",
|
||||||
16, 128, SSH_CIPHER_IS_CBC, "AES-128 CBC"
|
16, 128, SSH_CIPHER_IS_CBC, "AES-128 CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_aes192 = {
|
static const struct ssh2_cipher ssh_aes192 = {
|
||||||
aes_make_context, aes_free_context, aes_iv, aes192_key,
|
aes_make_context, aes_free_context, aes_iv, aes192_key,
|
||||||
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
||||||
"aes192-cbc",
|
"aes192-cbc",
|
||||||
16, 192, SSH_CIPHER_IS_CBC, "AES-192 CBC"
|
16, 192, SSH_CIPHER_IS_CBC, "AES-192 CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_aes256 = {
|
static const struct ssh2_cipher ssh_aes256 = {
|
||||||
aes_make_context, aes_free_context, aes_iv, aes256_key,
|
aes_make_context, aes_free_context, aes_iv, aes256_key,
|
||||||
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
||||||
"aes256-cbc",
|
"aes256-cbc",
|
||||||
16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC"
|
16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_rijndael_lysator = {
|
static const struct ssh2_cipher ssh_rijndael_lysator = {
|
||||||
aes_make_context, aes_free_context, aes_iv, aes256_key,
|
aes_make_context, aes_free_context, aes_iv, aes256_key,
|
||||||
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
aes_ssh2_encrypt_blk, aes_ssh2_decrypt_blk,
|
||||||
"rijndael-cbc@lysator.liu.se",
|
"rijndael-cbc@lysator.liu.se",
|
||||||
16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC"
|
16, 256, SSH_CIPHER_IS_CBC, "AES-256 CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher *const aes_list[] = {
|
static const struct ssh2_cipher *const aes_list[] = {
|
||||||
|
@ -102,14 +102,16 @@ const struct ssh2_cipher ssh_arcfour128_ssh2 = {
|
|||||||
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key,
|
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key,
|
||||||
arcfour_block, arcfour_block,
|
arcfour_block, arcfour_block,
|
||||||
"arcfour128",
|
"arcfour128",
|
||||||
1, 128, 0, "Arcfour-128"
|
1, 128, 0, "Arcfour-128",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct ssh2_cipher ssh_arcfour256_ssh2 = {
|
const struct ssh2_cipher ssh_arcfour256_ssh2 = {
|
||||||
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key,
|
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key,
|
||||||
arcfour_block, arcfour_block,
|
arcfour_block, arcfour_block,
|
||||||
"arcfour256",
|
"arcfour256",
|
||||||
1, 256, 0, "Arcfour-256"
|
1, 256, 0, "Arcfour-256",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher *const arcfour_list[] = {
|
static const struct ssh2_cipher *const arcfour_list[] = {
|
||||||
|
@ -643,14 +643,16 @@ static const struct ssh2_cipher ssh_blowfish_ssh2 = {
|
|||||||
blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish_key,
|
blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish_key,
|
||||||
blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk,
|
blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk,
|
||||||
"blowfish-cbc",
|
"blowfish-cbc",
|
||||||
8, 128, SSH_CIPHER_IS_CBC, "Blowfish-128 CBC"
|
8, 128, SSH_CIPHER_IS_CBC, "Blowfish-128 CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_blowfish_ssh2_ctr = {
|
static const struct ssh2_cipher ssh_blowfish_ssh2_ctr = {
|
||||||
blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish256_key,
|
blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish256_key,
|
||||||
blowfish_ssh2_sdctr, blowfish_ssh2_sdctr,
|
blowfish_ssh2_sdctr, blowfish_ssh2_sdctr,
|
||||||
"blowfish-ctr",
|
"blowfish-ctr",
|
||||||
8, 256, 0, "Blowfish-256 SDCTR"
|
8, 256, 0, "Blowfish-256 SDCTR",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher *const blowfish_list[] = {
|
static const struct ssh2_cipher *const blowfish_list[] = {
|
||||||
|
12
sshdes.c
12
sshdes.c
@ -949,14 +949,16 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
|
|||||||
des3_make_context, des3_free_context, des3_iv, des3_key,
|
des3_make_context, des3_free_context, des3_iv, des3_key,
|
||||||
des3_ssh2_encrypt_blk, des3_ssh2_decrypt_blk,
|
des3_ssh2_encrypt_blk, des3_ssh2_decrypt_blk,
|
||||||
"3des-cbc",
|
"3des-cbc",
|
||||||
8, 168, SSH_CIPHER_IS_CBC, "triple-DES CBC"
|
8, 168, SSH_CIPHER_IS_CBC, "triple-DES CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_3des_ssh2_ctr = {
|
static const struct ssh2_cipher ssh_3des_ssh2_ctr = {
|
||||||
des3_make_context, des3_free_context, des3_iv, des3_key,
|
des3_make_context, des3_free_context, des3_iv, des3_key,
|
||||||
des3_ssh2_sdctr, des3_ssh2_sdctr,
|
des3_ssh2_sdctr, des3_ssh2_sdctr,
|
||||||
"3des-ctr",
|
"3des-ctr",
|
||||||
8, 168, 0, "triple-DES SDCTR"
|
8, 168, 0, "triple-DES SDCTR",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -971,14 +973,16 @@ static const struct ssh2_cipher ssh_des_ssh2 = {
|
|||||||
des_make_context, des3_free_context, des3_iv, des_key,
|
des_make_context, des3_free_context, des3_iv, des_key,
|
||||||
des_ssh2_encrypt_blk, des_ssh2_decrypt_blk,
|
des_ssh2_encrypt_blk, des_ssh2_decrypt_blk,
|
||||||
"des-cbc",
|
"des-cbc",
|
||||||
8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC"
|
8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher ssh_des_sshcom_ssh2 = {
|
static const struct ssh2_cipher ssh_des_sshcom_ssh2 = {
|
||||||
des_make_context, des3_free_context, des3_iv, des_key,
|
des_make_context, des3_free_context, des3_iv, des_key,
|
||||||
des_ssh2_encrypt_blk, des_ssh2_decrypt_blk,
|
des_ssh2_encrypt_blk, des_ssh2_decrypt_blk,
|
||||||
"des-cbc@ssh.com",
|
"des-cbc@ssh.com",
|
||||||
8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC"
|
8, 56, SSH_CIPHER_IS_CBC, "single-DES CBC",
|
||||||
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct ssh2_cipher *const des3_list[] = {
|
static const struct ssh2_cipher *const des3_list[] = {
|
||||||
|
2
sshmd5.c
2
sshmd5.c
@ -221,7 +221,7 @@ void MD5Simple(void const *p, unsigned len, unsigned char output[16])
|
|||||||
* useful elsewhere (SOCKS5 CHAP authentication uses HMAC-MD5).
|
* useful elsewhere (SOCKS5 CHAP authentication uses HMAC-MD5).
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void *hmacmd5_make_context(void)
|
void *hmacmd5_make_context(void *cipher_ctx)
|
||||||
{
|
{
|
||||||
return snewn(3, struct MD5Context);
|
return snewn(3, struct MD5Context);
|
||||||
}
|
}
|
||||||
|
@ -225,7 +225,7 @@ const struct ssh_hash ssh_sha256 = {
|
|||||||
* HMAC wrapper on it.
|
* HMAC wrapper on it.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static void *sha256_make_context(void)
|
static void *sha256_make_context(void *cipher_ctx)
|
||||||
{
|
{
|
||||||
return snewn(3, SHA256_State);
|
return snewn(3, SHA256_State);
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user