1 /* crypt.c */ 2 /* it just contains the shit necessary to make blowfish-cbc work ... */ 3 /* 4 Copyright 2003 Aris Adamantiadis 5 6 This file is part of the SSH Library 7 8 The SSH Library is free software; you can redistribute it and/or modify 9 it under the terms of the GNU Lesser General Public License as published by 10 the Free Software Foundation; either version 2.1 of the License, or (at your 11 option) any later version. 12 13 The SSH Library is distributed in the hope that it will be useful, but 14 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 15 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 16 License for more details. 17 18 You should have received a copy of the GNU Lesser General Public License 19 along with the SSH Library; see the file COPYING. If not, write to 20 the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, 21 MA 02111-1307, USA. */ 22 23 #include <unistd.h> 24 #include <stdlib.h> 25 #include <string.h> 26 27 #include <openssl/blowfish.h> 28 #include <openssl/evp.h> 29 #include <openssl/hmac.h> 30 31 #include "libssh/priv.h" 32 33 #ifdef HAVE_NETDB_H 34 #include <netdb.h> 35 #endif 36 #include "libssh/crypto.h" 37 38 u32 packet_decrypt_len(SSH_SESSION *session, char *crypted){ 39 u32 *decrypted; 40 if(session->current_crypto) 41 packet_decrypt(session,crypted,session->current_crypto->in_cipher->blocksize); 42 decrypted=(u32 *)crypted; 43 ssh_say(3,"size decrypted : %lx\n",ntohl(*decrypted)); 44 return ntohl(*decrypted); 45 } 46 47 int packet_decrypt(SSH_SESSION *session, void *data,u32 len){ 48 struct crypto_struct *crypto=session->current_crypto->in_cipher; 49 char *out=malloc(len); 50 ssh_say(3,"Decrypting %d bytes data\n",len); 51 crypto->set_decrypt_key(crypto,session->current_crypto->decryptkey); 52 crypto->cbc_decrypt(crypto,data,out,len,session->current_crypto->decryptIV); 53 memcpy(data,out,len); 54 memset(out,0,len); 55 free(out); 56 return 0; 57 } 58 59 char * packet_encrypt(SSH_SESSION *session,void *data,u32 len){ 60 struct crypto_struct *crypto; 61 HMAC_CTX *ctx; 62 char *out; 63 int finallen; 64 u32 seq=ntohl(session->send_seq); 65 if(!session->current_crypto) 66 return NULL; /* nothing to do here */ 67 crypto= session->current_crypto->out_cipher; 68 ssh_say(3,"seq num = %d, len = %d\n",session->send_seq,len); 69 crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey); 70 out=malloc(len); 71 ctx=hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); 72 hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); 73 hmac_update(ctx,data,len); 74 hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); 75 #ifdef DEBUG_CRYPTO 76 ssh_print_hexa("mac :",data,len); 77 if(finallen!=20) 78 printf("Final len is %d\n",finallen); 79 ssh_print_hexa("packet hmac",session->current_crypto->hmacbuf,20); 80 #endif 81 crypto->cbc_encrypt(crypto,data,out,len,session->current_crypto->encryptIV); 82 memcpy(data,out,len); 83 memset(out,0,len); 84 free(out); 85 return session->current_crypto->hmacbuf; 86 } 87 88 int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,char *mac){ 89 HMAC_CTX *ctx; 90 unsigned char hmacbuf[EVP_MAX_MD_SIZE]; 91 int len; 92 u32 seq=htonl(session->recv_seq); 93 ctx=hmac_init(session->current_crypto->decryptMAC,20,HMAC_SHA1); 94 hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); 95 hmac_update(ctx,buffer_get(buffer),buffer_get_len(buffer)); 96 hmac_final(ctx,hmacbuf,&len); 97 #ifdef DEBUG_CRYPTO 98 ssh_print_hexa("received mac",mac,len); 99 ssh_print_hexa("Computed mac",hmacbuf,len); 100 ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32)); 101 #endif 102 return memcmp(mac,hmacbuf,len); 103 } |