X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/514702987c9252fcb0ab98882a6603b3bd0505ce..0183b2423868df18b2297c9052854e5a7db79425:/ssh.c diff --git a/ssh.c b/ssh.c index 115e902f..677ff870 100644 --- a/ssh.c +++ b/ssh.c @@ -371,19 +371,28 @@ const static struct ssh_kex *kex_algs[] = { const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss }; -static void nullmac_key(unsigned char *key) +static void *nullmac_make_context(void) +{ + return NULL; +} +static void nullmac_free_context(void *handle) +{ +} +static void nullmac_key(void *handle, unsigned char *key) { } -static void nullmac_generate(unsigned char *blk, int len, +static void nullmac_generate(void *handle, unsigned char *blk, int len, unsigned long seq) { } -static int nullmac_verify(unsigned char *blk, int len, unsigned long seq) +static int nullmac_verify(void *handle, unsigned char *blk, int len, + unsigned long seq) { return 1; } const static struct ssh_mac ssh_mac_none = { - nullmac_key, nullmac_key, nullmac_generate, nullmac_verify, "none", 0 + nullmac_make_context, nullmac_free_context, nullmac_key, + nullmac_generate, nullmac_verify, "none", 0 }; const static struct ssh_mac *macs[] = { &ssh_sha1, &ssh_md5, &ssh_mac_none @@ -550,8 +559,12 @@ struct ssh_tag { int X11_fwd_enabled; int remote_bugs; const struct ssh_cipher *cipher; + void *v1_cipher_ctx; + void *crcda_ctx; const struct ssh2_cipher *cscipher, *sccipher; + void *cs_cipher_ctx, *sc_cipher_ctx; const struct ssh_mac *csmac, *scmac; + void *cs_mac_ctx, *sc_mac_ctx; const struct ssh_compress *cscomp, *sccomp; const struct ssh_kex *kex; const struct ssh_signkey *hostkey; @@ -797,13 +810,14 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) st->to_read -= st->chunk; } - if (ssh->cipher && detect_attack(ssh->pktin.data, st->biglen, NULL)) { + if (ssh->cipher && detect_attack(ssh->crcda_ctx, ssh->pktin.data, + st->biglen, NULL)) { bombout(("Network attack (CRC compensation) detected!")); crReturn(0); } if (ssh->cipher) - ssh->cipher->decrypt(ssh->pktin.data, st->biglen); + ssh->cipher->decrypt(ssh->v1_cipher_ctx, ssh->pktin.data, st->biglen); st->realcrc = crc32(ssh->pktin.data, st->biglen - 4); st->gotcrc = GET_32BIT(ssh->pktin.data + st->biglen - 4); @@ -917,7 +931,8 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen) } if (ssh->sccipher) - ssh->sccipher->decrypt(ssh->pktin.data, st->cipherblk); + ssh->sccipher->decrypt(ssh->sc_cipher_ctx, + ssh->pktin.data, st->cipherblk); /* * Now get the length and padding figures. @@ -968,14 +983,15 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen) } /* Decrypt everything _except_ the MAC. */ if (ssh->sccipher) - ssh->sccipher->decrypt(ssh->pktin.data + st->cipherblk, + ssh->sccipher->decrypt(ssh->sc_cipher_ctx, + ssh->pktin.data + st->cipherblk, st->packetlen - st->cipherblk); /* * Check the MAC. */ if (ssh->scmac - && !ssh->scmac->verify(ssh->pktin.data, st->len + 4, + && !ssh->scmac->verify(ssh->sc_mac_ctx, ssh->pktin.data, st->len + 4, st->incoming_sequence)) { bombout(("Incorrect MAC received on packet")); crReturn(0); @@ -1172,7 +1188,7 @@ static int s_wrpkt_prepare(Ssh ssh) PUT_32BIT(ssh->pktout.data, len); if (ssh->cipher) - ssh->cipher->encrypt(ssh->pktout.data + 4, biglen); + ssh->cipher->encrypt(ssh->v1_cipher_ctx, ssh->pktout.data + 4, biglen); return biglen + 4; } @@ -1464,12 +1480,14 @@ static int ssh2_pkt_construct(Ssh ssh) ssh->pktout.data[ssh->pktout.length + i] = random_byte(); PUT_32BIT(ssh->pktout.data, ssh->pktout.length + padding - 4); if (ssh->csmac) - ssh->csmac->generate(ssh->pktout.data, ssh->pktout.length + padding, + ssh->csmac->generate(ssh->cs_mac_ctx, ssh->pktout.data, + ssh->pktout.length + padding, ssh->v2_outgoing_sequence); ssh->v2_outgoing_sequence++; /* whether or not we MACed */ if (ssh->cscipher) - ssh->cscipher->encrypt(ssh->pktout.data, ssh->pktout.length + padding); + ssh->cscipher->encrypt(ssh->cs_cipher_ctx, + ssh->pktout.data, ssh->pktout.length + padding); /* Ready-to-send packet starts at ssh->pktout.data. We return length. */ return ssh->pktout.length + padding + maclen; @@ -2353,7 +2371,16 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 : s->cipher_type == SSH_CIPHER_DES ? &ssh_des : &ssh_3des); - ssh->cipher->sesskey(ssh->session_key); + ssh->v1_cipher_ctx = ssh->cipher->make_context(); + ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key); + { + char buf[256]; + sprintf(buf, "Initialised %.200s encryption", ssh->cipher->text_name); + logevent(buf); + } + + ssh->crcda_ctx = crcda_make_context(); + logevent("Installing CRC compensation attack detector"); crWaitUntil(ispkt); @@ -4016,10 +4043,26 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) /* * Create and initialise session keys. */ + if (ssh->cs_cipher_ctx) + ssh->cscipher->free_context(ssh->cs_cipher_ctx); ssh->cscipher = s->cscipher_tobe; + ssh->cs_cipher_ctx = ssh->cscipher->make_context(); + + if (ssh->sc_cipher_ctx) + ssh->sccipher->free_context(ssh->sc_cipher_ctx); ssh->sccipher = s->sccipher_tobe; + ssh->sc_cipher_ctx = ssh->sccipher->make_context(); + + if (ssh->cs_mac_ctx) + ssh->csmac->free_context(ssh->cs_mac_ctx); ssh->csmac = s->csmac_tobe; + ssh->cs_mac_ctx = ssh->csmac->make_context(); + + if (ssh->sc_mac_ctx) + ssh->scmac->free_context(ssh->sc_mac_ctx); ssh->scmac = s->scmac_tobe; + ssh->sc_mac_ctx = ssh->scmac->make_context(); + ssh->cscomp = s->cscomp_tobe; ssh->sccomp = s->sccomp_tobe; ssh->cscomp->compress_init(); @@ -4034,19 +4077,29 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) memcpy(ssh->v2_session_id, s->exchange_hash, sizeof(s->exchange_hash)); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'C',keyspace); - ssh->cscipher->setcskey(keyspace); + ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'D',keyspace); - ssh->sccipher->setsckey(keyspace); + ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'A',keyspace); - ssh->cscipher->setcsiv(keyspace); + ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'B',keyspace); - ssh->sccipher->setsciv(keyspace); + ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'E',keyspace); - ssh->csmac->setcskey(keyspace); + ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'F',keyspace); - ssh->scmac->setsckey(keyspace); + ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace); + } + { + char buf[256]; + sprintf(buf, "Initialised %.200s client->server encryption", + ssh->cscipher->text_name); + logevent(buf); + sprintf(buf, "Initialised %.200s server->client encryption", + ssh->sccipher->text_name); + logevent(buf); } + /* * If this is the first key exchange phase, we must pass the * SSH2_MSG_NEWKEYS packet to the next layer, not because it @@ -5752,10 +5805,16 @@ static char *ssh_init(void *frontend_handle, void **backend_handle, ssh = smalloc(sizeof(*ssh)); ssh->s = NULL; ssh->cipher = NULL; + ssh->v1_cipher_ctx = NULL; + ssh->crcda_ctx = NULL; ssh->cscipher = NULL; + ssh->cs_cipher_ctx = NULL; ssh->sccipher = NULL; + ssh->sc_cipher_ctx = NULL; ssh->csmac = NULL; + ssh->sc_mac_ctx = NULL; ssh->scmac = NULL; + ssh->sc_mac_ctx = NULL; ssh->cscomp = NULL; ssh->sccomp = NULL; ssh->kex = NULL;