lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-27 13:21:11 +03:00
Code Activity

libcrypto: Implement OpenSSH-compatible AES-GCM ciphers using OpenSSL

Browse Source 
The commit also propares the internals throughout the code base
for the inclusion of a new AEAD cipher, because previously, the
source code counted only with chacha20-poly1305 cipher, which
is very specific in many cases.

The SSH_HMAC_AEAD_GCM mac algorithm is not actually used, but the name
needed to be defined so we can match in the algorithms selection per
OpenSSH specification (MACs are ignored in case GCM is select as a cipher [1]).

If the provided OpenSSL does not provide  EVP_aes_128_gcm()  function,
the AES-GCM ciphers will not be compiled in.

[1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?annotate=HEAD

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2018-10-08 13:24:49 +02:00
committed by Andreas Schneider
parent 777786d76c
commit 46090facba
9 changed files with 297 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/wrapper.c
View File

@@ -56,6 +56,7 @@ static struct ssh_hmac_struct ssh_hmac_tab[] = {
{ "hmac-sha2-512", SSH_HMAC_SHA512 },
{ "hmac-md5", SSH_HMAC_MD5 },
{ "aead-poly1305", SSH_HMAC_AEAD_POLY1305 },
{ "aead-gcm", SSH_HMAC_AEAD_GCM },
{ NULL, 0}
};
@@ -77,6 +78,8 @@ size_t hmac_digest_len(enum ssh_hmac_e type) {
return MD5_DIGEST_LEN;
case SSH_HMAC_AEAD_POLY1305:
return POLY1305_TAGLEN;
case SSH_HMAC_AEAD_GCM:
return AES_GCM_TAGLEN;
default:
return 0;
}
@@ -256,7 +259,11 @@ static int crypt_set_algorithms2(ssh_session session){
if (session->next_crypto->out_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
wanted = "aead-poly1305";
if (session->next_crypto->out_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
wanted = "aead-poly1305";
} else {
wanted = "aead-gcm";
}
} else {
/*
* We must scan the kex entries to find hmac algorithms and set their
@@ -310,7 +317,11 @@ static int crypt_set_algorithms2(ssh_session session){
if (session->next_crypto->in_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
wanted = "aead-poly1305";
if (session->next_crypto->in_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
wanted = "aead-poly1305";
} else {
wanted = "aead-gcm";
}
} else {
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
wanted = session->next_crypto->kex_methods[SSH_MAC_S_C];
@@ -398,7 +409,11 @@ int crypt_set_algorithms_server(ssh_session session){
i=0;
if (session->next_crypto->out_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
method = "aead-poly1305";
if (session->next_crypto->out_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
method = "aead-poly1305";
} else {
method = "aead-gcm";
}
} else {
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
/* out */
@@ -449,7 +464,11 @@ int crypt_set_algorithms_server(ssh_session session){
if (session->next_crypto->in_cipher->aead_encrypt != NULL){
/* this cipher has integrated MAC */
method = "aead-poly1305";
if (session->next_crypto->in_cipher->ciphertype == SSH_AEAD_CHACHA20_POLY1305) {
method = "aead-poly1305";
} else {
method = "aead-gcm";
}
} else {
/* we must scan the kex entries to find hmac algorithms and set their appropriate structure */
method = session->next_crypto->kex_methods[SSH_MAC_C_S];