| 205 |
unsigned char lastiv[1]; |
unsigned char lastiv[1]; |
| 206 |
char tmp[80]; |
char tmp[80]; |
| 207 |
struct sshcipher_ctx *cc = pvar->cc[MODE_OUT]; |
struct sshcipher_ctx *cc = pvar->cc[MODE_OUT]; |
| 208 |
|
unsigned int newbuff_len = bytes; |
| 209 |
|
|
| 210 |
if (bytes == 0) |
if (bytes == 0) |
| 211 |
return TRUE; |
return TRUE; |
| 219 |
return FALSE; |
return FALSE; |
| 220 |
} |
} |
| 221 |
|
|
| 222 |
if (bytes > encbufflen) { |
if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) { |
| 223 |
if ((newbuff = realloc(encbuff, bytes)) == NULL) |
// chacha20-poly1305 では aadlen も暗号化の対象 |
| 224 |
|
// aadlen と bytes は別々に暗号化される |
| 225 |
|
// chachapoly_crypt の中で認証データ(AEAD tag)も生成される |
| 226 |
|
newbuff_len += aadlen + authlen; |
| 227 |
|
} |
| 228 |
|
if (newbuff_len > encbufflen) { |
| 229 |
|
if ((newbuff = realloc(encbuff, newbuff_len)) == NULL) |
| 230 |
goto err; |
goto err; |
| 231 |
encbuff = newbuff; |
encbuff = newbuff; |
| 232 |
encbufflen = bytes; |
encbufflen = newbuff_len; |
| 233 |
|
} |
| 234 |
|
|
| 235 |
|
if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) { |
| 236 |
|
if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.sender_sequence_number, |
| 237 |
|
encbuff, data, bytes, aadlen, authlen, 1) != 0) { |
| 238 |
|
goto err; |
| 239 |
|
} |
| 240 |
|
memcpy(data, encbuff, aadlen + bytes + authlen); |
| 241 |
|
return TRUE; |
| 242 |
} |
} |
| 243 |
|
|
| 244 |
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) |
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) |
| 247 |
if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0) |
if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0) |
| 248 |
goto err; |
goto err; |
| 249 |
|
|
| 250 |
|
// AES-GCM では aadlen を暗号化しないので、その先だけ暗号化する |
| 251 |
if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0) |
if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0) |
| 252 |
goto err; |
goto err; |
| 253 |
|
|
| 275 |
unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size; |
unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size; |
| 276 |
unsigned char lastiv[1]; |
unsigned char lastiv[1]; |
| 277 |
char tmp[80]; |
char tmp[80]; |
| 278 |
struct sshcipher_ctx *cc = pvar->cc[MODE_OUT]; |
struct sshcipher_ctx *cc = pvar->cc[MODE_IN]; |
| 279 |
|
unsigned int newbuff_len = bytes; |
| 280 |
|
|
| 281 |
if (bytes == 0) |
if (bytes == 0) |
| 282 |
return TRUE; |
return TRUE; |
| 290 |
return FALSE; |
return FALSE; |
| 291 |
} |
} |
| 292 |
|
|
| 293 |
if (bytes > encbufflen) { |
if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) { |
| 294 |
if ((newbuff = realloc(encbuff, bytes)) == NULL) |
// chacha20-poly1305 では aadlen も暗号化されている |
| 295 |
|
newbuff_len += aadlen; |
| 296 |
|
} |
| 297 |
|
if (newbuff_len > encbufflen) { |
| 298 |
|
if ((newbuff = realloc(encbuff, newbuff_len)) == NULL) |
| 299 |
goto err; |
goto err; |
| 300 |
encbuff = newbuff; |
encbuff = newbuff; |
| 301 |
encbufflen = bytes; |
encbufflen = newbuff_len; |
| 302 |
|
} |
| 303 |
|
|
| 304 |
|
if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) { |
| 305 |
|
if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.receiver_sequence_number, |
| 306 |
|
encbuff, data, bytes, aadlen, authlen, 0) != 0) { |
| 307 |
|
goto err; |
| 308 |
|
} |
| 309 |
|
memcpy(data, encbuff, aadlen + bytes); |
| 310 |
|
return TRUE; |
| 311 |
} |
} |
| 312 |
|
|
| 313 |
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) |
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv)) |
| 319 |
if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0) |
if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0) |
| 320 |
goto err; |
goto err; |
| 321 |
|
|
| 322 |
|
// AES-GCM では aadlen を暗号化しないので、その先だけ復号する |
| 323 |
if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0) |
if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0) |
| 324 |
goto err; |
goto err; |
| 325 |
|
|
| 625 |
| (1 << SSH2_CIPHER_CAMELLIA256_CTR) |
| (1 << SSH2_CIPHER_CAMELLIA256_CTR) |
| 626 |
| (1 << SSH2_CIPHER_AES128_GCM) |
| (1 << SSH2_CIPHER_AES128_GCM) |
| 627 |
| (1 << SSH2_CIPHER_AES256_GCM) |
| (1 << SSH2_CIPHER_AES256_GCM) |
| 628 |
|
| (1 << SSH2_CIPHER_CHACHAPOLY) |
| 629 |
); |
); |
| 630 |
} |
} |
| 631 |
|
|
Tera Term
Parent Directory
Revision Log
Patch