Skip to content

GitLab

Commit 6df73f3a authored by Niels Möller's avatar Niels Möller
Browse files

(kex_make_encrypt, kex_make_decrypt): Changed 

interface so that we can both support the "none" cipher, and
return failure for weak keys.
(install_keys): Updated to the new kex_make_encrypt and
kex_make_decrypt interface.

Rev: src/keyexchange.c:1.86
Rev: src/keyexchange.h:1.56
parent f34e3b69
Hide whitespace changes
Inline Side-by-side
src/keyexchange.c
View file @ 6df73f3a
......@@ -461,41 +461,44 @@ kex_make_key(struct hash_instance *secret,
return key;
}
struct crypto_instance *
kex_make_encrypt(struct hash_instance *secret,
int
kex_make_encrypt(struct crypto_instance **c,
struct hash_instance *secret,
struct object_list *algorithms,
int type,
struct lsh_string *session_id)
{
CAST_SUBTYPE(crypto_algorithm, algorithm, LIST(algorithms)[type]);
struct lsh_string *key;
struct lsh_string *iv = NULL;
struct crypto_instance *crypto;
assert(LIST_LENGTH(algorithms) == KEX_PARAMETERS);
*c = NULL;
if (!algorithm)
return NULL;
return 1;
key = kex_make_key(secret, algorithm->key_size,
type, session_id);
if (algorithm->iv_size)
iv = kex_make_key(secret, algorithm->iv_size,
IV_TYPE(type), session_id);
crypto = MAKE_ENCRYPT(algorithm, key->data,
iv ? iv->data : NULL);
*c = MAKE_ENCRYPT(algorithm, key->data,
iv ? iv->data : NULL);
lsh_string_free(key);
lsh_string_free(iv);
return crypto;
return *c != NULL;
}
struct crypto_instance *
kex_make_decrypt(struct hash_instance *secret,
int
kex_make_decrypt(struct crypto_instance **c,
struct hash_instance *secret,
struct object_list *algorithms,
int type,
struct lsh_string *session_id)
......@@ -504,26 +507,27 @@ kex_make_decrypt(struct hash_instance *secret,
struct lsh_string *key;
struct lsh_string *iv = NULL;
struct crypto_instance *crypto;
assert(LIST_LENGTH(algorithms) == KEX_PARAMETERS);
*c = NULL;
if (!algorithm)
return NULL;
return 1;
key = kex_make_key(secret, algorithm->key_size,
type, session_id);
if (algorithm->iv_size)
iv = kex_make_key(secret, algorithm->iv_size,
IV_TYPE(type), session_id);
crypto = MAKE_DECRYPT(algorithm, key->data, iv ? iv->data : NULL);
*c = MAKE_DECRYPT(algorithm, key->data, iv ? iv->data : NULL);
lsh_string_free(key);
lsh_string_free(iv);
return crypto;
return *c != NULL;
}
struct mac_instance *
......@@ -806,18 +810,16 @@ install_keys(struct object_list *algorithms,
int is_server = connection->flags & CONNECTION_SERVER;
assert(LIST_LENGTH(algorithms) == KEX_PARAMETERS);
rec = kex_make_decrypt(secret, algorithms,
if (!kex_make_decrypt(&rec, secret, algorithms,
KEX_ENCRYPTION_SERVER_TO_CLIENT ^ is_server,
connection->session_id);
if (!rec)
connection->session_id))
/* Weak or invalid key */
return 0;
send = kex_make_encrypt(secret, algorithms,
KEX_ENCRYPTION_CLIENT_TO_SERVER ^ is_server,
connection->session_id);
if (!send)
if (!kex_make_encrypt(&send, secret, algorithms,
KEX_ENCRYPTION_CLIENT_TO_SERVER ^ is_server,
connection->session_id))
{
KILL(rec);
return 0;
......
src/keyexchange.h
View file @ 6df73f3a
......@@ -102,14 +102,16 @@
struct lsh_string *format_kex(struct kexinit *kex);
void disconnect_kex_failed(struct ssh_connection *connection, const char *msg);
struct crypto_instance *
kex_make_encrypt(struct hash_instance *secret,
int
kex_make_encrypt(struct crypto_instance **c,
struct hash_instance *secret,
struct object_list *algorithms,
int type,
struct lsh_string *session_id);
struct crypto_instance *
kex_make_decrypt(struct hash_instance *secret,
int
kex_make_decrypt(struct crypto_instance **c,
struct hash_instance *secret,
struct object_list *algorithms,
int type,
struct lsh_string *session_id);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment