shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 09:54:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

Improve packet_hmac_verify().

Browse Source 
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@481 7dcaeef0-15fb-0310-b436-a5af3365683c
This commit is contained in:
Andreas Schneider
2009-04-15 08:11:33 +00:00
parent 367fd0cb35
commit 4ca14e442c
2 changed files with 40 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
libssh/crypt.c
View File

@@ -147,23 +147,45 @@ unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) {
return NULL; return NULL;
} }
/* TODO FIXME think about the return value isn't 0 enough and -1 on error */ /**
int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,unsigned char *mac){ * @internal
HMACCTX ctx; *
unsigned char hmacbuf[EVP_MAX_MD_SIZE]; * @brief Verify the hmac of a packet
unsigned int len; *
u32 seq=htonl(session->recv_seq); * @param session The session to use.
ctx=hmac_init(session->current_crypto->decryptMAC,20,HMAC_SHA1); * @param buffer The buffer to verify the hmac from.
if (ctx == NULL) { * @param mac The mac to compare with the hmac.
return -1; *
} * @return 0 if hmac and mac are equal, < 0 if not or an error
hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); * occured.
hmac_update(ctx,buffer_get(buffer),buffer_get_len(buffer)); */
hmac_final(ctx,hmacbuf,&len); int packet_hmac_verify(SSH_SESSION *session, BUFFER *buffer,
unsigned char *mac) {
unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0};
HMACCTX ctx;
unsigned int len;
u32 seq;
ctx = hmac_init(session->current_crypto->decryptMAC, 20, HMAC_SHA1);
if (ctx == NULL) {
return -1;
}
seq = htonl(session->recv_seq);
hmac_update(ctx, (unsigned char *) &seq, sizeof(u32));
hmac_update(ctx, buffer_get(buffer), buffer_get_len(buffer));
hmac_final(ctx, hmacbuf, &len);
#ifdef DEBUG_CRYPTO #ifdef DEBUG_CRYPTO
ssh_print_hexa("received mac",mac,len); ssh_print_hexa("received mac",mac,len);
ssh_print_hexa("Computed mac",hmacbuf,len); ssh_print_hexa("Computed mac",hmacbuf,len);
ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32)); ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32));
#endif #endif
return memcmp(mac,hmacbuf,len); if (memcmp(mac, hmacbuf, len) == 0) {
return 0;
}
return -1
} }

2
libssh/packet.c
View File

@@ -153,7 +153,7 @@ static int packet_read2(SSH_SESSION *session) {
} }
ssh_socket_read(session->socket, mac, macsize); ssh_socket_read(session->socket, mac, macsize);
if (packet_hmac_verify(session, session->in_buffer, mac)) { if (packet_hmac_verify(session, session->in_buffer, mac) < 0) {
ssh_set_error(session, SSH_FATAL, "HMAC error"); ssh_set_error(session, SSH_FATAL, "HMAC error");
goto error; goto error;
} }