Add flag for tracking EtM HMACs

This adds a flag to the type structures to track if we use a Encrypt-then-MAC cipher instead of Encrypt-and-MAC. EtM is a more secure hashing mechanism. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2025-11-27 13:21:11 +03:00 · 2019-02-08 19:44:36 +00:00
parent c6608c9211
commit e4c7912b35
4 changed files with 23 additions and 12 deletions
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -56,13 +56,13 @@
 #include "libssh/curve25519.h"

 static struct ssh_hmac_struct ssh_hmac_tab[] = {
-  { "hmac-sha1",     SSH_HMAC_SHA1 },
-  { "hmac-sha2-256", SSH_HMAC_SHA256 },
-  { "hmac-sha2-512", SSH_HMAC_SHA512 },
-  { "hmac-md5",      SSH_HMAC_MD5 },
-  { "aead-poly1305", SSH_HMAC_AEAD_POLY1305 },
-  { "aead-gcm",      SSH_HMAC_AEAD_GCM },
-  { NULL,            0}
+  { "hmac-sha1",     SSH_HMAC_SHA1,          false },
+  { "hmac-sha2-256", SSH_HMAC_SHA256,        false },
+  { "hmac-sha2-512", SSH_HMAC_SHA512,        false },
+  { "hmac-md5",      SSH_HMAC_MD5,           false },
+  { "aead-poly1305", SSH_HMAC_AEAD_POLY1305, false },
+  { "aead-gcm",      SSH_HMAC_AEAD_GCM,      false },
+  { NULL,            0,                      false }
 };

 struct ssh_hmac_struct *ssh_get_hmactab(void) {
@@ -88,11 +88,13 @@ size_t hmac_digest_len(enum ssh_hmac_e type) {
  }
 }

-const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type)
+const char *ssh_hmac_type_to_string(enum ssh_hmac_e hmac_type, bool etm)
 {
  int i = 0;
  struct ssh_hmac_struct *ssh_hmactab = ssh_get_hmactab();
-  while (ssh_hmactab[i].name && (ssh_hmactab[i].hmac_type != hmac_type)) {
+  while (ssh_hmactab[i].name &&
+         ((ssh_hmactab[i].hmac_type != hmac_type) ||
+          (ssh_hmactab[i].etm != etm))) {
    i++;
  }
  return ssh_hmactab[i].name;
@@ -293,6 +295,7 @@ static int crypt_set_algorithms2(ssh_session session)
    SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", wanted);

    session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
+    session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm;

    /* in */
    wanted = session->next_crypto->kex_methods[SSH_CRYPT_S_C];
@@ -346,6 +349,7 @@ static int crypt_set_algorithms2(ssh_session session)
    SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", wanted);

    session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
+    session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm;

    /* compression */
    cmp = strcmp(session->next_crypto->kex_methods[SSH_COMP_C_S], "zlib");
@@ -443,6 +447,7 @@ int crypt_set_algorithms_server(ssh_session session){
    SSH_LOG(SSH_LOG_PACKET, "Set HMAC output algorithm to %s", method);

    session->next_crypto->out_hmac = ssh_hmactab[i].hmac_type;
+    session->next_crypto->out_hmac_etm = ssh_hmactab[i].etm;

    /* in */
    method = session->next_crypto->kex_methods[SSH_CRYPT_C_S];
@@ -495,6 +500,7 @@ int crypt_set_algorithms_server(ssh_session session){
    SSH_LOG(SSH_LOG_PACKET, "Set HMAC input algorithm to %s", method);

    session->next_crypto->in_hmac = ssh_hmactab[i].hmac_type;
+    session->next_crypto->in_hmac_etm = ssh_hmactab[i].etm;

    /* compression */
    method = session->next_crypto->kex_methods[SSH_COMP_C_S];