X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshsha.c;h=2b2eead1405059fd23601385a133378e20688efc;hb=c058fc4ea2ef5ef6d6732b9e8fd65cd723088ab7;hp=d8fc56947016181b871b31e03169644fdef2882c;hpb=2d86617f31717540c640c6d60990d23b40798bdf;p=PuTTY.git diff --git a/sshsha.c b/sshsha.c index d8fc5694..2b2eead1 100644 --- a/sshsha.c +++ b/sshsha.c @@ -1,5 +1,5 @@ /* - * SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is + * SHA1 hash algorithm. Used in SSH-2 as a MAC, and the transform is * also used as a `stirring' function for the PuTTY random number * pool. Implemented directly from the specification by Simon * Tatham. @@ -28,6 +28,21 @@ void SHATransform(word32 * digest, word32 * block) word32 a, b, c, d, e; int t; +#ifdef RANDOM_DIAGNOSTICS + { + extern int random_diagnostics; + if (random_diagnostics) { + int i; + printf("SHATransform:"); + for (i = 0; i < 5; i++) + printf(" %08x", digest[i]); + printf(" +"); + for (i = 0; i < 16; i++) + printf(" %08x", block[i]); + } + } +#endif + for (t = 0; t < 16; t++) w[t] = block[t]; @@ -83,6 +98,19 @@ void SHATransform(word32 * digest, word32 * block) digest[2] += c; digest[3] += d; digest[4] += e; + +#ifdef RANDOM_DIAGNOSTICS + { + extern int random_diagnostics; + if (random_diagnostics) { + int i; + printf(" ="); + for (i = 0; i < 5; i++) + printf(" %08x", digest[i]); + printf("\n"); + } + } +#endif } /* ---------------------------------------------------------------------- @@ -98,9 +126,9 @@ void SHA_Init(SHA_State * s) s->lenhi = s->lenlo = 0; } -void SHA_Bytes(SHA_State * s, void *p, int len) +void SHA_Bytes(SHA_State * s, const void *p, int len) { - unsigned char *q = (unsigned char *) p; + const unsigned char *q = (const unsigned char *) p; uint32 wordblock[16]; uint32 lenw = len; int i; @@ -179,27 +207,62 @@ void SHA_Final(SHA_State * s, unsigned char *output) } } -void SHA_Simple(void *p, int len, unsigned char *output) +void SHA_Simple(const void *p, int len, unsigned char *output) { SHA_State s; SHA_Init(&s); SHA_Bytes(&s, p, len); SHA_Final(&s, output); + smemclr(&s, sizeof(s)); } +/* + * Thin abstraction for things where hashes are pluggable. + */ + +static void *sha1_init(void) +{ + SHA_State *s; + + s = snew(SHA_State); + SHA_Init(s); + return s; +} + +static void sha1_bytes(void *handle, const void *p, int len) +{ + SHA_State *s = handle; + + SHA_Bytes(s, p, len); +} + +static void sha1_final(void *handle, unsigned char *output) +{ + SHA_State *s = handle; + + SHA_Final(s, output); + smemclr(s, sizeof(*s)); + sfree(s); +} + +const struct ssh_hash ssh_sha1 = { + sha1_init, sha1_bytes, sha1_final, 20, "SHA-1" +}; + /* ---------------------------------------------------------------------- * The above is the SHA-1 algorithm itself. Now we implement the * HMAC wrapper on it. */ -static void *sha1_make_context(void) +static void *sha1_make_context(void *cipher_ctx) { - return smalloc(2*sizeof(SHA_State)); + return snewn(3, SHA_State); } static void sha1_free_context(void *handle) { + smemclr(handle, 3 * sizeof(SHA_State)); sfree(handle); } @@ -221,7 +284,7 @@ static void sha1_key_internal(void *handle, unsigned char *key, int len) SHA_Init(&keys[1]); SHA_Bytes(&keys[1], foo, 64); - memset(foo, 0, 64); /* burn the evidence */ + smemclr(foo, 64); /* burn the evidence */ } static void sha1_key(void *handle, unsigned char *key) @@ -234,39 +297,93 @@ static void sha1_key_buggy(void *handle, unsigned char *key) sha1_key_internal(handle, key, 16); } -static void sha1_do_hmac(void *handle, unsigned char *blk, int len, - unsigned long seq, unsigned char *hmac) +static void hmacsha1_start(void *handle) +{ + SHA_State *keys = (SHA_State *)handle; + + keys[2] = keys[0]; /* structure copy */ +} + +static void hmacsha1_bytes(void *handle, unsigned char const *blk, int len) +{ + SHA_State *keys = (SHA_State *)handle; + SHA_Bytes(&keys[2], (void *)blk, len); +} + +static void hmacsha1_genresult(void *handle, unsigned char *hmac) { SHA_State *keys = (SHA_State *)handle; SHA_State s; unsigned char intermediate[20]; - intermediate[0] = (unsigned char) ((seq >> 24) & 0xFF); - intermediate[1] = (unsigned char) ((seq >> 16) & 0xFF); - intermediate[2] = (unsigned char) ((seq >> 8) & 0xFF); - intermediate[3] = (unsigned char) ((seq) & 0xFF); - - s = keys[0]; /* structure copy */ - SHA_Bytes(&s, intermediate, 4); - SHA_Bytes(&s, blk, len); + s = keys[2]; /* structure copy */ SHA_Final(&s, intermediate); s = keys[1]; /* structure copy */ SHA_Bytes(&s, intermediate, 20); SHA_Final(&s, hmac); } +static void sha1_do_hmac(void *handle, unsigned char *blk, int len, + unsigned long seq, unsigned char *hmac) +{ + unsigned char seqbuf[4]; + + PUT_32BIT_MSB_FIRST(seqbuf, seq); + hmacsha1_start(handle); + hmacsha1_bytes(handle, seqbuf, 4); + hmacsha1_bytes(handle, blk, len); + hmacsha1_genresult(handle, hmac); +} + static void sha1_generate(void *handle, unsigned char *blk, int len, unsigned long seq) { sha1_do_hmac(handle, blk, len, seq, blk + len); } +static int hmacsha1_verresult(void *handle, unsigned char const *hmac) +{ + unsigned char correct[20]; + hmacsha1_genresult(handle, correct); + return smemeq(correct, hmac, 20); +} + static int sha1_verify(void *handle, unsigned char *blk, int len, unsigned long seq) { unsigned char correct[20]; sha1_do_hmac(handle, blk, len, seq, correct); - return !memcmp(correct, blk + len, 20); + return smemeq(correct, blk + len, 20); +} + +static void hmacsha1_96_genresult(void *handle, unsigned char *hmac) +{ + unsigned char full[20]; + hmacsha1_genresult(handle, full); + memcpy(hmac, full, 12); +} + +static void sha1_96_generate(void *handle, unsigned char *blk, int len, + unsigned long seq) +{ + unsigned char full[20]; + sha1_do_hmac(handle, blk, len, seq, full); + memcpy(blk + len, full, 12); +} + +static int hmacsha1_96_verresult(void *handle, unsigned char const *hmac) +{ + unsigned char correct[20]; + hmacsha1_genresult(handle, correct); + return smemeq(correct, hmac, 12); +} + +static int sha1_96_verify(void *handle, unsigned char *blk, int len, + unsigned long seq) +{ + unsigned char correct[20]; + sha1_do_hmac(handle, blk, len, seq, correct); + return smemeq(correct, blk + len, 12); } void hmac_sha1_simple(void *key, int keylen, void *data, int datalen, @@ -282,16 +399,40 @@ void hmac_sha1_simple(void *key, int keylen, void *data, int datalen, SHA_Final(&states[1], output); } -const struct ssh_mac ssh_sha1 = { +const struct ssh_mac ssh_hmac_sha1 = { sha1_make_context, sha1_free_context, sha1_key, sha1_generate, sha1_verify, - "hmac-sha1", - 20 + hmacsha1_start, hmacsha1_bytes, hmacsha1_genresult, hmacsha1_verresult, + "hmac-sha1", "hmac-sha1-etm@openssh.com", + 20, + "HMAC-SHA1" +}; + +const struct ssh_mac ssh_hmac_sha1_96 = { + sha1_make_context, sha1_free_context, sha1_key, + sha1_96_generate, sha1_96_verify, + hmacsha1_start, hmacsha1_bytes, + hmacsha1_96_genresult, hmacsha1_96_verresult, + "hmac-sha1-96", "hmac-sha1-96-etm@openssh.com", + 12, + "HMAC-SHA1-96" }; -const struct ssh_mac ssh_sha1_buggy = { +const struct ssh_mac ssh_hmac_sha1_buggy = { sha1_make_context, sha1_free_context, sha1_key_buggy, sha1_generate, sha1_verify, - "hmac-sha1", - 20 + hmacsha1_start, hmacsha1_bytes, hmacsha1_genresult, hmacsha1_verresult, + "hmac-sha1", NULL, + 20, + "bug-compatible HMAC-SHA1" +}; + +const struct ssh_mac ssh_hmac_sha1_96_buggy = { + sha1_make_context, sha1_free_context, sha1_key_buggy, + sha1_96_generate, sha1_96_verify, + hmacsha1_start, hmacsha1_bytes, + hmacsha1_96_genresult, hmacsha1_96_verresult, + "hmac-sha1-96", NULL, + 12, + "bug-compatible HMAC-SHA1-96" };