diff options
author | Damien Miller <djm@mindrot.org> | 2012-12-12 10:46:31 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-12-12 10:46:31 +1100 |
commit | af43a7ac2d77c57112b48f34c7a72be2adb761bc (patch) | |
tree | 4381616492fbbca62d39c042f16221f681c1d37f /cipher.c | |
parent | 6a1937eac5da5bdcf33aaa922ce5de0c764e37ed (diff) |
- markus@cvs.openbsd.org 2012/12/11 22:31:18
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
[packet.c ssh_config.5 sshd_config.5]
add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
that change the packet format and compute the MAC over the encrypted
message (including the packet size) instead of the plaintext data;
these EtM modes are considered more secure and used by default.
feedback and ok djm@
Diffstat (limited to 'cipher.c')
-rw-r--r-- | cipher.c | 22 |
1 files changed, 17 insertions, 5 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.82 2009/01/26 09:58:15 markus Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.83 2012/12/11 22:31:18 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -273,13 +273,25 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
273 | } | 273 | } |
274 | } | 274 | } |
275 | 275 | ||
276 | /* | ||
277 | * cipher_crypt() operates as following: | ||
278 | * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. | ||
279 | * Theses bytes are treated as additional authenticated data for | ||
280 | * authenticated encryption modes. | ||
281 | * En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. | ||
282 | * Both 'aadlen' and 'authlen' can be set to 0. | ||
283 | */ | ||
276 | void | 284 | void |
277 | cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) | 285 | cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, |
286 | u_int len, u_int aadlen) | ||
278 | { | 287 | { |
288 | if (aadlen) | ||
289 | memcpy(dest, src, aadlen); | ||
279 | if (len % cc->cipher->block_size) | 290 | if (len % cc->cipher->block_size) |
280 | fatal("cipher_encrypt: bad plaintext length %d", len); | 291 | fatal("%s: bad plaintext length %d", __func__, len); |
281 | if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) | 292 | if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen, |
282 | fatal("evp_crypt: EVP_Cipher failed"); | 293 | len) < 0) |
294 | fatal("%s: EVP_Cipher failed", __func__); | ||
283 | } | 295 | } |
284 | 296 | ||
285 | void | 297 | void |