diff --git a/README b/README index eed54878..6c1bc764 100644 --- a/README +++ b/README @@ -15,6 +15,8 @@ Version 0.5 Added ./configure option '--disable-gex-new' to allow using the older group-exchange format + Added MAC methods hmac-md5 and hmac-md5-96. + Version 0.4 ----------- diff --git a/include/libssh2_priv.h b/include/libssh2_priv.h index 5138ba34..9f590384 100644 --- a/include/libssh2_priv.h +++ b/include/libssh2_priv.h @@ -234,9 +234,6 @@ struct _LIBSSH2_SESSION { struct _LIBSSH2_KEX_METHOD { char *name; - /* integrity key length */ - unsigned long key_len; - /* Key exchange, populates session->* and returns 0 on success, non-0 on error */ int (*exchange_keys)(LIBSSH2_SESSION *session); @@ -293,6 +290,9 @@ struct _LIBSSH2_MAC_METHOD { /* The length of a given MAC packet */ int mac_len; + /* integrity key length */ + int key_len; + /* Message Authentication Code Hashing algo */ int (*init)(LIBSSH2_SESSION *session, unsigned char *key, int *free_key, void **abstract); int (*hash)(LIBSSH2_SESSION *session, unsigned char *buf, unsigned long seqno, const unsigned char *packet, unsigned long packet_len, const unsigned char *addtl, unsigned long addtl_len, void **abstract); diff --git a/src/kex.c b/src/kex.c index af68d3a5..ca0bb05c 100644 --- a/src/kex.c +++ b/src/kex.c @@ -385,11 +385,11 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S unsigned char *key = NULL; int free_key = 0; - LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, session->kex->key_len, "E"); + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, session->local.mac->key_len, "E"); session->local.mac->init(session, key, &free_key, &session->local.mac_abstract); if (free_key) { - memset(key, 0, session->kex->key_len); + memset(key, 0, session->local.mac->key_len); LIBSSH2_FREE(session, key); } } @@ -402,11 +402,11 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S unsigned char *key = NULL; int free_key = 0; - LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, session->kex->key_len, "F"); + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, session->remote.mac->key_len, "F"); session->remote.mac->init(session, key, &free_key, &session->remote.mac_abstract); if (free_key) { - memset(key, 0, session->kex->key_len); + memset(key, 0, session->remote.mac->key_len); LIBSSH2_FREE(session, key); } } @@ -596,21 +596,18 @@ static int libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange(LI LIBSSH2_KEX_METHOD libssh2_kex_method_diffie_helman_group1_sha1 = { "diffie-hellman-group1-sha1", - SHA_DIGEST_LENGTH, libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange, LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY, }; LIBSSH2_KEX_METHOD libssh2_kex_method_diffie_helman_group14_sha1 = { "diffie-hellman-group14-sha1", - SHA_DIGEST_LENGTH, libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange, LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY, }; LIBSSH2_KEX_METHOD libssh2_kex_method_diffie_helman_group_exchange_sha1 = { "diffie-hellman-group-exchange-sha1", - SHA_DIGEST_LENGTH, libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange, LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY, }; diff --git a/src/mac.c b/src/mac.c index 6981c821..4917b904 100644 --- a/src/mac.c +++ b/src/mac.c @@ -54,6 +54,7 @@ static int libssh2_mac_none_MAC(LIBSSH2_SESSION *session, unsigned char *buf, un static LIBSSH2_MAC_METHOD libssh2_mac_method_none = { "none", 0, + 0, NULL, libssh2_mac_none_MAC, NULL @@ -98,7 +99,7 @@ static int libssh2_mac_method_hmac_sha1_hash(LIBSSH2_SESSION *session, unsigned libssh2_htonu32(seqno_buf, seqno); - HMAC_Init(&ctx, *abstract, session->kex->key_len, EVP_sha1()); + HMAC_Init(&ctx, *abstract, 20, EVP_sha1()); HMAC_Update(&ctx, seqno_buf, 4); HMAC_Update(&ctx, packet, packet_len); if (addtl && addtl_len) { @@ -113,7 +114,8 @@ static int libssh2_mac_method_hmac_sha1_hash(LIBSSH2_SESSION *session, unsigned static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_sha1 = { "hmac-sha1", - SHA_DIGEST_LENGTH, + 20, + 20, libssh2_mac_method_common_init, libssh2_mac_method_hmac_sha1_hash, libssh2_mac_method_common_dtor, @@ -137,13 +139,13 @@ static int libssh2_mac_method_hmac_sha1_96_hash(LIBSSH2_SESSION *session, unsign static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_sha1_96 = { "hmac-sha1-96", - 96 / 8, + 12, + 20, libssh2_mac_method_common_init, libssh2_mac_method_hmac_sha1_96_hash, libssh2_mac_method_common_dtor, }; -#ifdef WHY_DOESNT_MD5_WORK /* {{{ libssh2_mac_method_hmac_md5_hash * Calculate hash using full md5 value */ @@ -156,7 +158,7 @@ static int libssh2_mac_method_hmac_md5_hash(LIBSSH2_SESSION *session, unsigned c libssh2_htonu32(seqno_buf, seqno); - HMAC_Init(&ctx, *abstract, session->kex->key_len, EVP_md5()); + HMAC_Init(&ctx, *abstract, 16, EVP_md5()); HMAC_Update(&ctx, seqno_buf, 4); HMAC_Update(&ctx, packet, packet_len); if (addtl && addtl_len) { @@ -171,7 +173,8 @@ static int libssh2_mac_method_hmac_md5_hash(LIBSSH2_SESSION *session, unsigned c static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_md5 = { "hmac-md5", - MD5_DIGEST_LENGTH, + 16, + 16, libssh2_mac_method_common_init, libssh2_mac_method_hmac_md5_hash, libssh2_mac_method_common_dtor, @@ -180,8 +183,8 @@ static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_md5 = { /* {{{ libssh2_mac_method_hmac_md5_96_hash * Calculate hash using first 96 bits of md5 value */ -static int libssh2_mac_method_hmac_md5_96_hash(LIBSSH2_SESSION *session, unsigned char *buf, unsigned seqno, - const unsigned char *packet, unsigned packet_len, +static int libssh2_mac_method_hmac_md5_96_hash(LIBSSH2_SESSION *session, unsigned char *buf, unsigned long seqno, + const unsigned char *packet, unsigned long packet_len, const unsigned char *addtl, unsigned long addtl_len, void **abstract) { char temp[MD5_DIGEST_LENGTH]; @@ -195,12 +198,12 @@ static int libssh2_mac_method_hmac_md5_96_hash(LIBSSH2_SESSION *session, unsigne static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_md5_96 = { "hmac-md5-96", - 96 / 8, + 12, + 16, libssh2_mac_method_common_init, libssh2_mac_method_hmac_md5_96_hash, libssh2_mac_method_common_dtor, }; -#endif /* WHY_DOESNT_MD5_WORK */ #ifndef OPENSSL_NO_RIPEMD /* {{{ libssh2_mac_method_hmac_ripemd160_hash @@ -215,7 +218,7 @@ static int libssh2_mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION *session, unsi libssh2_htonu32(seqno_buf, seqno); - HMAC_Init(&ctx, *abstract, session->kex->key_len, EVP_ripemd160()); + HMAC_Init(&ctx, *abstract, 20, EVP_ripemd160()); HMAC_Update(&ctx, seqno_buf, 4); HMAC_Update(&ctx, packet, packet_len); if (addtl && addtl_len) { @@ -230,7 +233,8 @@ static int libssh2_mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION *session, unsi static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_ripemd160 = { "hmac-ripemd160", - 160 / 8, + 20, + 20, libssh2_mac_method_common_init, libssh2_mac_method_hmac_ripemd160_hash, libssh2_mac_method_common_dtor, @@ -238,7 +242,8 @@ static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_ripemd160 = { static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_ripemd160_openssh_com = { "hmac-ripemd160@openssh.com", - 160 / 8, + 20, + 20, libssh2_mac_method_common_init, libssh2_mac_method_hmac_ripemd160_hash, libssh2_mac_method_common_dtor, @@ -248,10 +253,8 @@ static LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_ripemd160_openssh_com = { static LIBSSH2_MAC_METHOD *_libssh2_mac_methods[] = { &libssh2_mac_method_hmac_sha1, &libssh2_mac_method_hmac_sha1_96, -#ifdef WHY_DOESNT_MD5_WORK &libssh2_mac_method_hmac_md5, &libssh2_mac_method_hmac_md5_96, -#endif /* WHY_DOESNT_MD5_WORK */ #ifndef OPENSSL_NO_RIPEMD &libssh2_mac_method_hmac_ripemd160, &libssh2_mac_method_hmac_ripemd160_openssh_com,