shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

Improve packet_encrypt().

Browse Source 
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@480 7dcaeef0-15fb-0310-b436-a5af3365683c
This commit is contained in:
Andreas Schneider
2009-04-15 08:04:33 +00:00
parent c50da458d1
commit 367fd0cb35
1 changed files with 56 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
libssh/crypt.c
View File

@@ -81,53 +81,70 @@ int packet_decrypt(SSH_SESSION *session, void *data,u32 len) {
return 0; return 0;
} }
unsigned char * packet_encrypt(SSH_SESSION *session,void *data,u32 len){ unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) {
struct crypto_struct *crypto; struct crypto_struct *crypto = NULL;
HMACCTX ctx; HMACCTX ctx = NULL;
char *out; char *out = NULL;
unsigned int finallen; unsigned int finallen;
u32 seq=ntohl(session->send_seq); u32 seq;
if(!session->current_crypto)
return NULL; /* nothing to do here */ if (!session->current_crypto) {
crypto= session->current_crypto->out_cipher; return NULL; /* nothing to do here */
ssh_log(session,SSH_LOG_PACKET,"encrypting packet with seq num: %d, len: %d",session->send_seq,len); }
out = malloc(len);
if (out == NULL) {
return NULL;
}
seq = ntohl(session->send_seq);
crypto = session->current_crypto->out_cipher;
ssh_log(session, SSH_LOG_PACKET,
"Encrypting packet with seq num: %d, len: %d",
session->send_seq,len);
#ifdef HAVE_LIBGCRYPT #ifdef HAVE_LIBGCRYPT
crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey,session->current_crypto->encryptIV); crypto->set_encrypt_key(crypto, session->current_crypto->encryptkey,
session->current_crypto->encryptIV);
#elif defined HAVE_LIBCRYPTO #elif defined HAVE_LIBCRYPTO
crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey); crypto->set_encrypt_key(crypto, session->current_crypto->encryptkey);
#endif #endif
out = malloc(len);
if (out == NULL) { if (session->version == 2) {
ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1);
if (ctx == NULL) {
SAFE_FREE(out);
return NULL; return NULL;
} }
if(session->version==2){ hmac_update(ctx,(unsigned char *)&seq,sizeof(u32));
ctx = hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); hmac_update(ctx,data,len);
if (ctx == NULL) { hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
SAFE_FREE(out);
return NULL;
}
hmac_update(ctx,(unsigned char *)&seq,sizeof(u32));
hmac_update(ctx,data,len);
hmac_final(ctx,session->current_crypto->hmacbuf,&finallen);
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("mac :",data,len); ssh_print_hexa("mac: ",data,len);
if(finallen!=20) if (finallen != 20) {
printf("Final len is %d\n",finallen); printf("Final len is %d\n",finallen);
ssh_print_hexa("packet hmac",session->current_crypto->hmacbuf,20);
#endif
} }
#ifdef HAVE_LIBGCRYPT ssh_print_hexa("Packet hmac", session->current_crypto->hmacbuf, 20);
crypto->cbc_encrypt(crypto,data,out,len);
#elif defined HAVE_LIBCRYPTO
crypto->cbc_encrypt(crypto,data,out,len,session->current_crypto->encryptIV);
#endif #endif
memcpy(data,out,len); }
memset(out,0,len);
free(out); #ifdef HAVE_LIBGCRYPT
if(session->version==2) crypto->cbc_encrypt(crypto, data, out, len);
return session->current_crypto->hmacbuf; #elif defined HAVE_LIBCRYPTO
else crypto->cbc_encrypt(crypto, data, out, len,
return NULL; session->current_crypto->encryptIV);
#endif
memcpy(data, out, len);
memset(out, 0, len);
SAFE_FREE(out);
if (session->version == 2) {
return session->current_crypto->hmacbuf;
}
return NULL;
} }
/* TODO FIXME think about the return value isn't 0 enough and -1 on error */ /* TODO FIXME think about the return value isn't 0 enough and -1 on error */