diff options
| author | Dirkjan Bussink <d.bussink@gmail.com> | 2014-04-20 10:04:21 +0000 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2014-04-22 10:56:46 +0200 |
| commit | 164b8e99cce70c83d2ef3e2c2b832a514a0ac908 (patch) | |
| tree | d748e7afc7447354c9493bb7957f264d1140affa /src/packet_crypt.c | |
| parent | 4a089026647073be32ddb0885c12f47496bc709b (diff) | |
| download | libssh-164b8e99cce70c83d2ef3e2c2b832a514a0ac908.tar.gz libssh-164b8e99cce70c83d2ef3e2c2b832a514a0ac908.tar.xz libssh-164b8e99cce70c83d2ef3e2c2b832a514a0ac908.zip | |
Add logic to support SHA2 HMAC algorithms
BUG: https://red.libssh.org/issues/91
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/packet_crypt.c')
| -rw-r--r-- | src/packet_crypt.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/packet_crypt.c b/src/packet_crypt.c index cb73e414..4f6ba176 100644 --- a/src/packet_crypt.c +++ b/src/packet_crypt.c @@ -92,6 +92,7 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) { char *out = NULL; unsigned int finallen; uint32_t seq; + enum ssh_hmac_e type; assert(len); @@ -107,6 +108,7 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) { return NULL; } + type = session->current_crypto->out_hmac; seq = ntohl(session->send_seq); crypto = session->current_crypto->out_cipher; @@ -117,7 +119,7 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) { } if (session->version == 2) { - ctx = hmac_init(session->current_crypto->encryptMAC,20,SSH_HMAC_SHA1); + ctx = hmac_init(session->current_crypto->encryptMAC, hmac_digest_len(type), type); if (ctx == NULL) { SAFE_FREE(out); return NULL; @@ -126,11 +128,11 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) { hmac_update(ctx,data,len); hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); #ifdef DEBUG_CRYPTO - ssh_print_hexa("mac: ",data,len); - if (finallen != 20) { + ssh_print_hexa("mac: ",data,hmac_digest_len(type)); + if (finallen != hmac_digest_len(type)) { printf("Final len is %d\n",finallen); } - ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20); + ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, hmac_digest_len(type)); #endif } @@ -160,13 +162,13 @@ unsigned char *packet_encrypt(ssh_session session, void *data, uint32_t len) { * occurred. */ int packet_hmac_verify(ssh_session session, ssh_buffer buffer, - unsigned char *mac) { - unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0}; + unsigned char *mac, enum ssh_hmac_e type) { + unsigned char hmacbuf[DIGEST_MAX_LEN] = {0}; HMACCTX ctx; unsigned int len; uint32_t seq; - ctx = hmac_init(session->current_crypto->decryptMAC, 20, SSH_HMAC_SHA1); + ctx = hmac_init(session->current_crypto->decryptMAC, hmac_digest_len(type), type); if (ctx == NULL) { return -1; } |