| 1 |
/* |
| 2 |
* (C) 2021- TeraTerm Project |
| 3 |
* All rights reserved. |
| 4 |
* |
| 5 |
* Redistribution and use in source and binary forms, with or without |
| 6 |
* modification, are permitted provided that the following conditions |
| 7 |
* are met: |
| 8 |
* |
| 9 |
* 1. Redistributions of source code must retain the above copyright |
| 10 |
* notice, this list of conditions and the following disclaimer. |
| 11 |
* 2. Redistributions in binary form must reproduce the above copyright |
| 12 |
* notice, this list of conditions and the following disclaimer in the |
| 13 |
* documentation and/or other materials provided with the distribution. |
| 14 |
* 3. The name of the author may not be used to endorse or promote products |
| 15 |
* derived from this software without specific prior written permission. |
| 16 |
* |
| 17 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR |
| 18 |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 19 |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 20 |
* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 21 |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 22 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 23 |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 24 |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 25 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 26 |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 |
*/ |
| 28 |
|
| 29 |
#include "ttxssh.h" |
| 30 |
#include "mac.h" |
| 31 |
#include "kex.h" |
| 32 |
|
| 33 |
|
| 34 |
struct SSH2Mac { |
| 35 |
SSH2MacId id; |
| 36 |
char *name; |
| 37 |
const EVP_MD *(*evp_md)(void); |
| 38 |
int truncatebits; |
| 39 |
int etm; |
| 40 |
}; |
| 41 |
|
| 42 |
static const struct SSH2Mac ssh2_macs[] = { |
| 43 |
{HMAC_SHA1, "hmac-sha1", EVP_sha1, 0, 0}, // RFC4253 |
| 44 |
{HMAC_MD5, "hmac-md5", EVP_md5, 0, 0}, // RFC4253 |
| 45 |
{HMAC_SHA1_96, "hmac-sha1-96", EVP_sha1, 96, 0}, // RFC4253 |
| 46 |
{HMAC_MD5_96, "hmac-md5-96", EVP_md5, 96, 0}, // RFC4253 |
| 47 |
{HMAC_RIPEMD160, "hmac-ripemd160@openssh.com", EVP_ripemd160, 0, 0}, |
| 48 |
{HMAC_SHA2_256, "hmac-sha2-256", EVP_sha256, 0, 0}, // RFC6668 |
| 49 |
// {HMAC_SHA2_256_96, "hmac-sha2-256-96", EVP_sha256, 96, 0}, // draft-dbider-sha2-mac-for-ssh-05, deleted at 06 |
| 50 |
{HMAC_SHA2_512, "hmac-sha2-512", EVP_sha512, 0, 0}, // RFC6668 |
| 51 |
// {HMAC_SHA2_512_96, "hmac-sha2-512-96", EVP_sha512, 96, 0}, // draft-dbider-sha2-mac-for-ssh-05, deleted at 06 |
| 52 |
{HMAC_SHA1_EtM, "hmac-sha1-etm@openssh.com", EVP_sha1, 0, 1}, |
| 53 |
{HMAC_MD5_EtM, "hmac-md5-etm@openssh.com", EVP_md5, 0, 1}, |
| 54 |
{HMAC_SHA1_96_EtM, "hmac-sha1-96-etm@openssh.com", EVP_sha1, 96, 1}, |
| 55 |
{HMAC_MD5_96_EtM, "hmac-md5-96-etm@openssh.com", EVP_md5, 96, 1}, |
| 56 |
{HMAC_RIPEMD160_EtM,"hmac-ripemd160-etm@openssh.com",EVP_ripemd160, 0, 1}, |
| 57 |
{HMAC_SHA2_256_EtM, "hmac-sha2-256-etm@openssh.com", EVP_sha256, 0, 1}, |
| 58 |
{HMAC_SHA2_512_EtM, "hmac-sha2-512-etm@openssh.com", EVP_sha512, 0, 1}, |
| 59 |
{HMAC_IMPLICIT, "<implicit>", EVP_md_null, 0, 0}, // for AEAD cipher |
| 60 |
{HMAC_NONE, NULL, NULL, 0, 0}, |
| 61 |
}; |
| 62 |
|
| 63 |
|
| 64 |
char* get_ssh2_mac_name(const struct SSH2Mac *mac) |
| 65 |
{ |
| 66 |
if (mac) { |
| 67 |
return mac->name; |
| 68 |
} |
| 69 |
else { |
| 70 |
return "unknown"; |
| 71 |
} |
| 72 |
} |
| 73 |
|
| 74 |
char* get_ssh2_mac_name_by_id(const SSH2MacId id) |
| 75 |
{ |
| 76 |
return get_ssh2_mac_name(get_ssh2_mac(id)); |
| 77 |
} |
| 78 |
|
| 79 |
const EVP_MD* get_ssh2_mac_EVP_MD(const struct SSH2Mac *mac) |
| 80 |
{ |
| 81 |
if (mac) { |
| 82 |
return mac->evp_md(); |
| 83 |
} |
| 84 |
else { |
| 85 |
return EVP_md_null(); |
| 86 |
} |
| 87 |
} |
| 88 |
|
| 89 |
const struct SSH2Mac *get_ssh2_mac(SSH2MacId id) |
| 90 |
{ |
| 91 |
const struct SSH2Mac *ptr = ssh2_macs; |
| 92 |
|
| 93 |
while (ptr->name != NULL) { |
| 94 |
if (ptr->id == id) { |
| 95 |
return ptr; |
| 96 |
} |
| 97 |
ptr++; |
| 98 |
} |
| 99 |
|
| 100 |
return NULL; |
| 101 |
} |
| 102 |
|
| 103 |
int get_ssh2_mac_truncatebits(const struct SSH2Mac *mac) |
| 104 |
{ |
| 105 |
if (mac) { |
| 106 |
return mac->truncatebits; |
| 107 |
} |
| 108 |
else { |
| 109 |
return 0; |
| 110 |
} |
| 111 |
} |
| 112 |
|
| 113 |
int get_ssh2_mac_etm(const struct SSH2Mac *mac) |
| 114 |
{ |
| 115 |
if (mac) { |
| 116 |
return mac->etm; |
| 117 |
} |
| 118 |
else { |
| 119 |
return 0; |
| 120 |
} |
| 121 |
} |
| 122 |
|
| 123 |
void normalize_mac_order(char *buf) |
| 124 |
{ |
| 125 |
static char default_strings[] = { |
| 126 |
HMAC_SHA2_512_EtM, |
| 127 |
HMAC_SHA2_256_EtM, |
| 128 |
HMAC_SHA1_EtM, |
| 129 |
HMAC_SHA2_512, |
| 130 |
HMAC_SHA2_256, |
| 131 |
HMAC_SHA1, |
| 132 |
HMAC_RIPEMD160_EtM, |
| 133 |
HMAC_RIPEMD160, |
| 134 |
HMAC_MD5_EtM, |
| 135 |
HMAC_MD5, |
| 136 |
HMAC_NONE, |
| 137 |
HMAC_SHA1_96_EtM, |
| 138 |
HMAC_MD5_96_EtM, |
| 139 |
HMAC_SHA1_96, |
| 140 |
HMAC_MD5_96, |
| 141 |
0, // Dummy for HMAC_SHA2_512_96, |
| 142 |
0, // Dummy for HMAC_SHA2_256_96, |
| 143 |
}; |
| 144 |
|
| 145 |
normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings)); |
| 146 |
} |
| 147 |
|
| 148 |
const struct SSH2Mac *choose_SSH2_mac_algorithm(char *server_proposal, char *my_proposal) |
| 149 |
{ |
| 150 |
char str_hmac[64]; |
| 151 |
const struct SSH2Mac *ptr = ssh2_macs; |
| 152 |
|
| 153 |
choose_SSH2_proposal(server_proposal, my_proposal, str_hmac, sizeof(str_hmac)); |
| 154 |
|
| 155 |
while (ptr->name != NULL) { |
| 156 |
if (strcmp(ptr->name, str_hmac) == 0) { |
| 157 |
return ptr; |
| 158 |
} |
| 159 |
ptr++; |
| 160 |
} |
| 161 |
|
| 162 |
return (NULL); |
| 163 |
} |
| 164 |
|
| 165 |
// HMAC�A���S���Y���D���������������Amyproposal[]�������������B |
| 166 |
// (2011.2.28 yutaka) |
| 167 |
void SSH2_update_hmac_myproposal(PTInstVar pvar) |
| 168 |
{ |
| 169 |
static char buf[256]; // TODO: malloc()�������� |
| 170 |
int index; |
| 171 |
int len, i; |
| 172 |
|
| 173 |
// ���M�������������������������L�[������ |
| 174 |
// �L�[������������������������ |
| 175 |
if (pvar->socket != INVALID_SOCKET) { |
| 176 |
return; |
| 177 |
} |
| 178 |
|
| 179 |
buf[0] = '\0'; |
| 180 |
for (i = 0 ; pvar->settings.MacOrder[i] != 0 ; i++) { |
| 181 |
index = pvar->settings.MacOrder[i] - '0'; |
| 182 |
if (index == HMAC_NONE) // disabled line |
| 183 |
break; |
| 184 |
strncat_s(buf, sizeof(buf), get_ssh2_mac_name_by_id(index), _TRUNCATE); |
| 185 |
strncat_s(buf, sizeof(buf), ",", _TRUNCATE); |
| 186 |
} |
| 187 |
len = strlen(buf); |
| 188 |
if (len > 0) |
| 189 |
buf[len - 1] = '\0'; // get rid of comma |
| 190 |
myproposal[PROPOSAL_MAC_ALGS_CTOS] = buf; |
| 191 |
myproposal[PROPOSAL_MAC_ALGS_STOC] = buf; |
| 192 |
} |
Tera Term
Parent Directory
Revision Log