1 /* crypt.c */ 2 /* it just contains the shit necessary to make blowfish-cbc work ... */ 3 /* 4 Copyright 2003 Aris Adamantiadis 5 6 This file is part of the SSH Library 7 8 The SSH Library is free software; you can redistribute it and/or modify 9 it under the terms of the GNU Lesser General Public License as published by 10 the Free Software Foundation; either version 2.1 of the License, or (at your 11 option) any later version. 12 13 The SSH Library is distributed in the hope that it will be useful, but 14 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 15 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 16 License for more details. 17 18 You should have received a copy of the GNU Lesser General Public License 19 along with the SSH Library; see the file COPYING. If not, write to 20 the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, 21 MA 02111-1307, USA. */ 22 23 #include <unistd.h> 24 #include <stdlib.h> 25 #include <string.h> 26 27 #include <openssl/blowfish.h> 28 #include <openssl/evp.h> 29 #include <openssl/hmac.h> 30 31 #include <netdb.h> 32 #include "libssh/priv.h" 33 #include "libssh/crypto.h" 34 35 u32 packet_decrypt_len(SSH_SESSION *session, char *crypted){ 36 u32 *decrypted; 37 if(session->current_crypto) 38 packet_decrypt(session,crypted,session->current_crypto->in_cipher->blocksize); 39 decrypted=(u32 *)crypted; 40 ssh_say(3,"size decrypted : %lx\n",ntohl(*decrypted)); 41 return ntohl(*decrypted); 42 } 43 44 int packet_decrypt(SSH_SESSION *session, void *data,u32 len){ 45 struct crypto_struct *crypto=session->current_crypto->in_cipher; 46 char *out=malloc(len); 47 ssh_say(3,"Decrypting %d bytes data\n",len); 48 crypto->set_decrypt_key(crypto,session->current_crypto->decryptkey); 49 crypto->cbc_decrypt(crypto,data,out,len,session->current_crypto->decryptIV); 50 memcpy(data,out,len); 51 memset(out,0,len); 52 free(out); 53 return 0; 54 } 55 56 char * packet_encrypt(SSH_SESSION *session,void *data,u32 len){ 57 struct crypto_struct *crypto; 58 HMAC_CTX *ctx; 59 char *out; 60 int finallen; 61 u32 seq=ntohl(session->send_seq); 62 if(!session->current_crypto) 63 return NULL; /* nothing to do here */ 64 crypto= session->current_crypto->out_cipher; 65 ssh_say(3,"seq num = %d, len = %d\n",session->send_seq,len); 66 crypto->set_encrypt_key(crypto,session->current_crypto->encryptkey); 67 out=malloc(len); 68 ctx=hmac_init(session->current_crypto->encryptMAC,20,HMAC_SHA1); 69 hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); 70 hmac_update(ctx,data,len); 71 hmac_final(ctx,session->current_crypto->hmacbuf,&finallen); 72 #ifdef DEBUG_CRYPTO 73 ssh_print_hexa("mac :",data,len); 74 if(finallen!=20) 75 printf("Final len is %d\n",finallen); 76 ssh_print_hexa("packet hmac",session->current_crypto->hmacbuf,20); 77 #endif 78 crypto->cbc_encrypt(crypto,data,out,len,session->current_crypto->encryptIV); 79 memcpy(data,out,len); 80 memset(out,0,len); 81 free(out); 82 return session->current_crypto->hmacbuf; 83 } 84 85 int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,char *mac){ 86 HMAC_CTX *ctx; 87 unsigned char hmacbuf[EVP_MAX_MD_SIZE]; 88 int len; 89 u32 seq=htonl(session->recv_seq); 90 ctx=hmac_init(session->current_crypto->decryptMAC,20,HMAC_SHA1); 91 hmac_update(ctx,(unsigned char *)&seq,sizeof(u32)); 92 hmac_update(ctx,buffer_get(buffer),buffer_get_len(buffer)); 93 hmac_final(ctx,hmacbuf,&len); 94 #ifdef DEBUG_CRYPTO 95 ssh_print_hexa("received mac",mac,len); 96 ssh_print_hexa("Computed mac",hmacbuf,len); 97 ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32)); 98 #endif 99 return memcmp(mac,hmacbuf,len); 100 } |