X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshsha.c;h=1db5c26dd5d9373b2fdf93f854ba938b40e47348;hb=631b4948073922c2618441fb374c7e6fc22bd1d8;hp=4bac4fdc528914026fd8e17cec5b5233eab9b9d3;hpb=8f91f075991a82cd3ba6415b5fddf2fe7ed4d8ea;p=PuTTY.git diff --git a/sshsha.c b/sshsha.c index 4bac4fdc..1db5c26d 100644 --- a/sshsha.c +++ b/sshsha.c @@ -1,5 +1,5 @@ /* - * SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is + * SHA1 hash algorithm. Used in SSH-2 as a MAC, and the transform is * also used as a `stirring' function for the PuTTY random number * pool. Implemented directly from the specification by Simon * Tatham. @@ -13,7 +13,7 @@ #define rol(x,y) ( ((x) << (y)) | (((uint32)x) >> (32-y)) ) -void SHA_Core_Init(uint32 h[5]) +static void SHA_Core_Init(uint32 h[5]) { h[0] = 0x67452301; h[1] = 0xefcdab89; @@ -188,6 +188,38 @@ void SHA_Simple(void *p, int len, unsigned char *output) SHA_Final(&s, output); } +/* + * Thin abstraction for things where hashes are pluggable. + */ + +static void *sha1_init(void) +{ + SHA_State *s; + + s = snew(SHA_State); + SHA_Init(s); + return s; +} + +static void sha1_bytes(void *handle, void *p, int len) +{ + SHA_State *s = handle; + + SHA_Bytes(s, p, len); +} + +static void sha1_final(void *handle, unsigned char *output) +{ + SHA_State *s = handle; + + SHA_Final(s, output); + sfree(s); +} + +const struct ssh_hash ssh_sha1 = { + sha1_init, sha1_bytes, sha1_final, 20, "SHA-1" +}; + /* ---------------------------------------------------------------------- * The above is the SHA-1 algorithm itself. Now we implement the * HMAC wrapper on it. @@ -195,7 +227,7 @@ void SHA_Simple(void *p, int len, unsigned char *output) static void *sha1_make_context(void) { - return smalloc(2*sizeof(SHA_State)); + return snewn(2, SHA_State); } static void sha1_free_context(void *handle) @@ -269,6 +301,22 @@ static int sha1_verify(void *handle, unsigned char *blk, int len, return !memcmp(correct, blk + len, 20); } +static void sha1_96_generate(void *handle, unsigned char *blk, int len, + unsigned long seq) +{ + unsigned char full[20]; + sha1_do_hmac(handle, blk, len, seq, full); + memcpy(blk + len, full, 12); +} + +static int sha1_96_verify(void *handle, unsigned char *blk, int len, + unsigned long seq) +{ + unsigned char correct[20]; + sha1_do_hmac(handle, blk, len, seq, correct); + return !memcmp(correct, blk + len, 12); +} + void hmac_sha1_simple(void *key, int keylen, void *data, int datalen, unsigned char *output) { SHA_State states[2]; @@ -282,16 +330,34 @@ void hmac_sha1_simple(void *key, int keylen, void *data, int datalen, SHA_Final(&states[1], output); } -const struct ssh_mac ssh_sha1 = { +const struct ssh_mac ssh_hmac_sha1 = { sha1_make_context, sha1_free_context, sha1_key, sha1_generate, sha1_verify, "hmac-sha1", - 20 + 20, + "HMAC-SHA1" +}; + +const struct ssh_mac ssh_hmac_sha1_96 = { + sha1_make_context, sha1_free_context, sha1_key, + sha1_96_generate, sha1_96_verify, + "hmac-sha1-96", + 12, + "HMAC-SHA1-96" }; -const struct ssh_mac ssh_sha1_buggy = { +const struct ssh_mac ssh_hmac_sha1_buggy = { sha1_make_context, sha1_free_context, sha1_key_buggy, sha1_generate, sha1_verify, "hmac-sha1", - 20 + 20, + "bug-compatible HMAC-SHA1" +}; + +const struct ssh_mac ssh_hmac_sha1_96_buggy = { + sha1_make_context, sha1_free_context, sha1_key_buggy, + sha1_96_generate, sha1_96_verify, + "hmac-sha1-96", + 12, + "bug-compatible HMAC-SHA1-96" };