mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Make ssh2_mac_setkey take the key as a ptrlen.
This makes the API more flexible, so that it's not restricted to taking a key of precisely the length specified in the ssh2_macalg structure. Instead, ssh2bpp looks up that length to construct the MAC's key. Some MACs (e.g. Poly1305) will only _work_ with a single key length. But this way, I can run standard test vectors against MACs that can take a variable length (e.g. everything in the HMAC family).
This commit is contained in:
parent
d169b04dba
commit
febef916a5
2
ssh.h
2
ssh.h
@ -716,7 +716,7 @@ struct ssh2_macalg {
|
||||
/* Passes in the cipher context */
|
||||
ssh2_mac *(*new)(const struct ssh2_macalg *alg, ssh2_cipher *cipher);
|
||||
void (*free)(ssh2_mac *);
|
||||
void (*setkey)(ssh2_mac *, const void *key);
|
||||
void (*setkey)(ssh2_mac *, ptrlen key);
|
||||
void (*start)(ssh2_mac *);
|
||||
void (*genresult)(ssh2_mac *, unsigned char *);
|
||||
const char *name, *etm_name;
|
||||
|
@ -137,7 +137,7 @@ void ssh2_bpp_new_outgoing_crypto(
|
||||
s->out.etm_mode = etm_mode;
|
||||
if (mac) {
|
||||
s->out.mac = ssh2_mac_new(mac, s->out.cipher);
|
||||
ssh2_mac_setkey(s->out.mac, mac_key);
|
||||
ssh2_mac_setkey(s->out.mac, make_ptrlen(mac_key, mac->keylen));
|
||||
|
||||
bpp_logevent("Initialised %s outbound MAC algorithm%s%s",
|
||||
ssh2_mac_alg(s->out.mac)->text_name,
|
||||
@ -194,7 +194,7 @@ void ssh2_bpp_new_incoming_crypto(
|
||||
s->in.etm_mode = etm_mode;
|
||||
if (mac) {
|
||||
s->in.mac = ssh2_mac_new(mac, s->in.cipher);
|
||||
ssh2_mac_setkey(s->in.mac, mac_key);
|
||||
ssh2_mac_setkey(s->in.mac, make_ptrlen(mac_key, mac->keylen));
|
||||
|
||||
bpp_logevent("Initialised %s inbound MAC algorithm%s%s",
|
||||
ssh2_mac_alg(s->in.mac)->text_name,
|
||||
|
15
sshccp.c
15
sshccp.c
@ -772,11 +772,12 @@ static void poly1305_init(struct poly1305 *ctx)
|
||||
bigval_clear(&ctx->h);
|
||||
}
|
||||
|
||||
/* Takes a 256 bit key */
|
||||
static void poly1305_key(struct poly1305 *ctx, const unsigned char *key)
|
||||
static void poly1305_key(struct poly1305 *ctx, ptrlen key)
|
||||
{
|
||||
assert(key.len == 32); /* Takes a 256 bit key */
|
||||
|
||||
unsigned char key_copy[16];
|
||||
memcpy(key_copy, key, 16);
|
||||
memcpy(key_copy, key.ptr, 16);
|
||||
|
||||
/* Key the MAC itself
|
||||
* bytes 4, 8, 12 and 16 are required to have their top four bits clear */
|
||||
@ -791,8 +792,8 @@ static void poly1305_key(struct poly1305 *ctx, const unsigned char *key)
|
||||
bigval_import_le(&ctx->r, key_copy, 16);
|
||||
smemclr(key_copy, sizeof(key_copy));
|
||||
|
||||
/* Use second 128 bits are the nonce */
|
||||
memcpy(ctx->nonce, key+16, 16);
|
||||
/* Use second 128 bits as the nonce */
|
||||
memcpy(ctx->nonce, (const char *)key.ptr + 16, 16);
|
||||
}
|
||||
|
||||
/* Feed up to 16 bytes (should only be less for the last chunk) */
|
||||
@ -884,7 +885,7 @@ static void poly_ssh2_free(ssh2_mac *mac)
|
||||
/* Not allocated, just forwarded, no need to free */
|
||||
}
|
||||
|
||||
static void poly_setkey(ssh2_mac *mac, const void *key)
|
||||
static void poly_setkey(ssh2_mac *mac, ptrlen key)
|
||||
{
|
||||
/* Uses the same context as ChaCha20, so ignore */
|
||||
}
|
||||
@ -919,7 +920,7 @@ static void poly_BinarySink_write(BinarySink *bs, const void *blkv, size_t len)
|
||||
chacha20_round(&ctx->b_cipher);
|
||||
|
||||
/* Set the poly key */
|
||||
poly1305_key(&ctx->mac, ctx->b_cipher.current);
|
||||
poly1305_key(&ctx->mac, make_ptrlen(ctx->b_cipher.current, 32));
|
||||
|
||||
/* Set the first round as used */
|
||||
ctx->b_cipher.currentIndex = 64;
|
||||
|
4
sshmd5.c
4
sshmd5.c
@ -273,11 +273,11 @@ void hmacmd5_key(struct hmacmd5_context *ctx, void const *keyv, int len)
|
||||
smemclr(foo, 64); /* burn the evidence */
|
||||
}
|
||||
|
||||
static void hmacmd5_ssh2_setkey(ssh2_mac *mac, const void *key)
|
||||
static void hmacmd5_ssh2_setkey(ssh2_mac *mac, ptrlen key)
|
||||
{
|
||||
struct hmacmd5_context *ctx =
|
||||
container_of(mac, struct hmacmd5_context, mac);
|
||||
hmacmd5_key(ctx, key, ctx->mac.vt->keylen);
|
||||
hmacmd5_key(ctx, key.ptr, key.len);
|
||||
}
|
||||
|
||||
static void hmacmd5_start(ssh2_mac *mac)
|
||||
|
@ -293,10 +293,10 @@ static void sha256_key_internal(struct hmacsha256 *ctx,
|
||||
smemclr(foo, 64); /* burn the evidence */
|
||||
}
|
||||
|
||||
static void hmacsha256_key(ssh2_mac *mac, const void *key)
|
||||
static void hmacsha256_key(ssh2_mac *mac, ptrlen key)
|
||||
{
|
||||
struct hmacsha256 *ctx = container_of(mac, struct hmacsha256, mac);
|
||||
sha256_key_internal(ctx, key, ctx->mac.vt->keylen);
|
||||
sha256_key_internal(ctx, key.ptr, key.len);
|
||||
}
|
||||
|
||||
static void hmacsha256_start(ssh2_mac *mac)
|
||||
|
7
sshsha.c
7
sshsha.c
@ -322,13 +322,10 @@ static void sha1_key_internal(SHA_State *keys,
|
||||
smemclr(foo, 64); /* burn the evidence */
|
||||
}
|
||||
|
||||
static void hmacsha1_key(ssh2_mac *mac, const void *key)
|
||||
static void hmacsha1_key(ssh2_mac *mac, ptrlen key)
|
||||
{
|
||||
struct hmacsha1 *ctx = container_of(mac, struct hmacsha1, mac);
|
||||
/* Reading the key length out of the ssh2_macalg structure means
|
||||
* this same method can be used for the _buggy variants which use
|
||||
* a shorter key */
|
||||
sha1_key_internal(ctx->sha, key, ctx->mac.vt->keylen);
|
||||
sha1_key_internal(ctx->sha, key.ptr, key.len);
|
||||
}
|
||||
|
||||
static void hmacsha1_start(ssh2_mac *mac)
|
||||
|
Loading…
Reference in New Issue
Block a user