diff options
author | Damien Miller <djm@mindrot.org> | 2013-11-21 14:12:23 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-11-21 14:12:23 +1100 |
commit | 0fde8acdad78a4d20cadae974376cc0165f645ee (patch) | |
tree | 6e6aa82b73163bcb412920050d98f82ca9f4e86e /packet.c | |
parent | fdb2306acdc3eb2bc46b6dfdaaf6005c650af22a (diff) |
- djm@cvs.openbsd.org 2013/11/21 00:45:44
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
Diffstat (limited to 'packet.c')
-rw-r--r-- | packet.c | 24 |
1 files changed, 14 insertions, 10 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.189 2013/11/08 00:39:15 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.190 2013/11/21 00:45:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -713,7 +713,7 @@ packet_send1(void) | |||
713 | buffer_append(&active_state->output, buf, 4); | 713 | buffer_append(&active_state->output, buf, 4); |
714 | cp = buffer_append_space(&active_state->output, | 714 | cp = buffer_append_space(&active_state->output, |
715 | buffer_len(&active_state->outgoing_packet)); | 715 | buffer_len(&active_state->outgoing_packet)); |
716 | cipher_crypt(&active_state->send_context, cp, | 716 | cipher_crypt(&active_state->send_context, 0, cp, |
717 | buffer_ptr(&active_state->outgoing_packet), | 717 | buffer_ptr(&active_state->outgoing_packet), |
718 | buffer_len(&active_state->outgoing_packet), 0, 0); | 718 | buffer_len(&active_state->outgoing_packet), 0, 0); |
719 | 719 | ||
@@ -946,8 +946,8 @@ packet_send2_wrapped(void) | |||
946 | } | 946 | } |
947 | /* encrypt packet and append to output buffer. */ | 947 | /* encrypt packet and append to output buffer. */ |
948 | cp = buffer_append_space(&active_state->output, len + authlen); | 948 | cp = buffer_append_space(&active_state->output, len + authlen); |
949 | cipher_crypt(&active_state->send_context, cp, | 949 | cipher_crypt(&active_state->send_context, active_state->p_send.seqnr, |
950 | buffer_ptr(&active_state->outgoing_packet), | 950 | cp, buffer_ptr(&active_state->outgoing_packet), |
951 | len - aadlen, aadlen, authlen); | 951 | len - aadlen, aadlen, authlen); |
952 | /* append unencrypted MAC */ | 952 | /* append unencrypted MAC */ |
953 | if (mac && mac->enabled) { | 953 | if (mac && mac->enabled) { |
@@ -1208,7 +1208,7 @@ packet_read_poll1(void) | |||
1208 | /* Decrypt data to incoming_packet. */ | 1208 | /* Decrypt data to incoming_packet. */ |
1209 | buffer_clear(&active_state->incoming_packet); | 1209 | buffer_clear(&active_state->incoming_packet); |
1210 | cp = buffer_append_space(&active_state->incoming_packet, padded_len); | 1210 | cp = buffer_append_space(&active_state->incoming_packet, padded_len); |
1211 | cipher_crypt(&active_state->receive_context, cp, | 1211 | cipher_crypt(&active_state->receive_context, 0, cp, |
1212 | buffer_ptr(&active_state->input), padded_len, 0, 0); | 1212 | buffer_ptr(&active_state->input), padded_len, 0, 0); |
1213 | 1213 | ||
1214 | buffer_consume(&active_state->input, padded_len); | 1214 | buffer_consume(&active_state->input, padded_len); |
@@ -1279,10 +1279,12 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1279 | aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; | 1279 | aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; |
1280 | 1280 | ||
1281 | if (aadlen && active_state->packlen == 0) { | 1281 | if (aadlen && active_state->packlen == 0) { |
1282 | if (buffer_len(&active_state->input) < 4) | 1282 | if (cipher_get_length(&active_state->receive_context, |
1283 | &active_state->packlen, | ||
1284 | active_state->p_read.seqnr, | ||
1285 | buffer_ptr(&active_state->input), | ||
1286 | buffer_len(&active_state->input)) != 0) | ||
1283 | return SSH_MSG_NONE; | 1287 | return SSH_MSG_NONE; |
1284 | cp = buffer_ptr(&active_state->input); | ||
1285 | active_state->packlen = get_u32(cp); | ||
1286 | if (active_state->packlen < 1 + 4 || | 1288 | if (active_state->packlen < 1 + 4 || |
1287 | active_state->packlen > PACKET_MAX_SIZE) { | 1289 | active_state->packlen > PACKET_MAX_SIZE) { |
1288 | #ifdef PACKET_DEBUG | 1290 | #ifdef PACKET_DEBUG |
@@ -1302,7 +1304,8 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1302 | buffer_clear(&active_state->incoming_packet); | 1304 | buffer_clear(&active_state->incoming_packet); |
1303 | cp = buffer_append_space(&active_state->incoming_packet, | 1305 | cp = buffer_append_space(&active_state->incoming_packet, |
1304 | block_size); | 1306 | block_size); |
1305 | cipher_crypt(&active_state->receive_context, cp, | 1307 | cipher_crypt(&active_state->receive_context, |
1308 | active_state->p_read.seqnr, cp, | ||
1306 | buffer_ptr(&active_state->input), block_size, 0, 0); | 1309 | buffer_ptr(&active_state->input), block_size, 0, 0); |
1307 | cp = buffer_ptr(&active_state->incoming_packet); | 1310 | cp = buffer_ptr(&active_state->incoming_packet); |
1308 | active_state->packlen = get_u32(cp); | 1311 | active_state->packlen = get_u32(cp); |
@@ -1357,7 +1360,8 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1357 | macbuf = mac_compute(mac, active_state->p_read.seqnr, | 1360 | macbuf = mac_compute(mac, active_state->p_read.seqnr, |
1358 | buffer_ptr(&active_state->input), aadlen + need); | 1361 | buffer_ptr(&active_state->input), aadlen + need); |
1359 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); | 1362 | cp = buffer_append_space(&active_state->incoming_packet, aadlen + need); |
1360 | cipher_crypt(&active_state->receive_context, cp, | 1363 | cipher_crypt(&active_state->receive_context, |
1364 | active_state->p_read.seqnr, cp, | ||
1361 | buffer_ptr(&active_state->input), need, aadlen, authlen); | 1365 | buffer_ptr(&active_state->input), need, aadlen, authlen); |
1362 | buffer_consume(&active_state->input, aadlen + need + authlen); | 1366 | buffer_consume(&active_state->input, aadlen + need + authlen); |
1363 | /* | 1367 | /* |