extern const struct ssh_hostkey ssh_dss;
const static struct ssh_hostkey *hostkey_algs[] = { &ssh_dss };
-extern const struct ssh_mac ssh_sha1, ssh_sha1_buggy;
+extern const struct ssh_mac ssh_md5, ssh_sha1, ssh_sha1_buggy;
static void nullmac_key(unsigned char *key) { }
static void nullmac_generate(unsigned char *blk, int len, unsigned long seq) { }
const static struct ssh_mac ssh_mac_none = {
nullmac_key, nullmac_key, nullmac_generate, nullmac_verify, "none", 0
};
-const static struct ssh_mac *macs[] = { &ssh_sha1, &ssh_mac_none };
-const static struct ssh_mac *buggymacs[] = { &ssh_sha1_buggy, &ssh_mac_none };
+const static struct ssh_mac *macs[] = {
+ &ssh_sha1, &ssh_md5, &ssh_mac_none };
+const static struct ssh_mac *buggymacs[] = {
+ &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none };
const static struct ssh_compress ssh_comp_none = {
"none"
static char *str;
static Bignum e, f, K;
static const struct ssh_mac **maclist;
+ static int nmacs;
static const struct ssh_cipher *cscipher_tobe = NULL;
static const struct ssh_cipher *sccipher_tobe = NULL;
static const struct ssh_mac *csmac_tobe = NULL;
* Be prepared to work around the buggy MAC problem.
*/
if (cfg.buggymac)
- maclist = buggymacs;
+ maclist = buggymacs, nmacs = lenof(buggymacs);
else
- maclist = macs;
+ maclist = macs, nmacs = lenof(macs);
begin_key_exchange:
/*
}
/* List client->server MAC algorithms. */
ssh2_pkt_addstring_start();
- for (i = 0; i < lenof(maclist); i++) {
+ for (i = 0; i < nmacs; i++) {
ssh2_pkt_addstring_str(maclist[i]->name);
- if (i < lenof(maclist)-1)
+ if (i < nmacs-1)
ssh2_pkt_addstring_str(",");
}
/* List server->client MAC algorithms. */
ssh2_pkt_addstring_start();
- for (i = 0; i < lenof(maclist); i++) {
+ for (i = 0; i < nmacs; i++) {
ssh2_pkt_addstring_str(maclist[i]->name);
- if (i < lenof(maclist)-1)
+ if (i < nmacs-1)
ssh2_pkt_addstring_str(",");
}
/* List client->server compression algorithms. */
}
}
ssh2_pkt_getstring(&str, &len); /* client->server mac */
- for (i = 0; i < lenof(maclist); i++) {
+ for (i = 0; i < nmacs; i++) {
if (in_commasep_string(maclist[i]->name, str, len)) {
csmac_tobe = maclist[i];
break;
}
}
ssh2_pkt_getstring(&str, &len); /* server->client mac */
- for (i = 0; i < lenof(maclist); i++) {
+ for (i = 0; i < nmacs; i++) {
if (in_commasep_string(maclist[i]->name, str, len)) {
scmac_tobe = maclist[i];
break;
output[4*i+0] = (s->core.h[i] >> 0) & 0xFF;
}
}
+
+/* ----------------------------------------------------------------------
+ * The above is the MD5 algorithm itself. Now we implement the
+ * HMAC wrapper on it.
+ */
+
+static struct MD5Context md5_cs_mac_s1, md5_cs_mac_s2;
+static struct MD5Context md5_sc_mac_s1, md5_sc_mac_s2;
+
+static void md5_key(struct MD5Context *s1, struct MD5Context *s2,
+ unsigned char *key, int len) {
+ unsigned char foo[64];
+ int i;
+
+ memset(foo, 0x36, 64);
+ for (i = 0; i < len && i < 64; i++)
+ foo[i] ^= key[i];
+ MD5Init(s1);
+ MD5Update(s1, foo, 64);
+
+ memset(foo, 0x5C, 64);
+ for (i = 0; i < len && i < 64; i++)
+ foo[i] ^= key[i];
+ MD5Init(s2);
+ MD5Update(s2, foo, 64);
+
+ memset(foo, 0, 64); /* burn the evidence */
+}
+
+static void md5_cskey(unsigned char *key) {
+ md5_key(&md5_cs_mac_s1, &md5_cs_mac_s2, key, 16);
+}
+
+static void md5_sckey(unsigned char *key) {
+ md5_key(&md5_sc_mac_s1, &md5_sc_mac_s2, key, 16);
+}
+
+static void md5_do_hmac(struct MD5Context *s1, struct MD5Context *s2,
+ unsigned char *blk, int len, unsigned long seq,
+ unsigned char *hmac) {
+ struct MD5Context s;
+ unsigned char intermediate[16];
+
+ intermediate[0] = (unsigned char)((seq >> 24) & 0xFF);
+ intermediate[1] = (unsigned char)((seq >> 16) & 0xFF);
+ intermediate[2] = (unsigned char)((seq >> 8) & 0xFF);
+ intermediate[3] = (unsigned char)((seq ) & 0xFF);
+
+ s = *s1; /* structure copy */
+ MD5Update(&s, intermediate, 4);
+ MD5Update(&s, blk, len);
+ MD5Final(intermediate, &s);
+ s = *s2; /* structure copy */
+ MD5Update(&s, intermediate, 16);
+ MD5Final(hmac, &s);
+}
+
+static void md5_generate(unsigned char *blk, int len, unsigned long seq) {
+ md5_do_hmac(&md5_cs_mac_s1, &md5_cs_mac_s2, blk, len, seq, blk+len);
+}
+
+static int md5_verify(unsigned char *blk, int len, unsigned long seq) {
+ unsigned char correct[16];
+ md5_do_hmac(&md5_sc_mac_s1, &md5_sc_mac_s2, blk, len, seq, correct);
+ return !memcmp(correct, blk+len, 16);
+}
+
+struct ssh_mac ssh_md5 = {
+ md5_cskey, md5_sckey,
+ md5_generate,
+ md5_verify,
+ "hmac-md5",
+ 16
+};