diff options
-rw-r--r-- | src/protocol/internal/all_ciphers.c | 16 | ||||
-rw-r--r-- | src/protocol/internal/fqterm_ssh1_packet.cpp | 4 | ||||
-rw-r--r-- | src/protocol/internal/fqterm_ssh2_packet.cpp | 14 | ||||
-rw-r--r-- | src/protocol/internal/fqterm_ssh_packet.cpp | 44 | ||||
-rw-r--r-- | src/protocol/internal/fqterm_ssh_packet.h | 2 | ||||
-rw-r--r-- | src/protocol/internal/ssh_3des-ssh1.c | 11 | ||||
-rw-r--r-- | src/protocol/internal/ssh_cipher.h | 9 | ||||
-rw-r--r-- | src/protocol/internal/ssh_evp_cipher.c | 14 |
8 files changed, 54 insertions, 60 deletions
diff --git a/src/protocol/internal/all_ciphers.c b/src/protocol/internal/all_ciphers.c index 342f99f..d6f6f35 100644 --- a/src/protocol/internal/all_ciphers.c +++ b/src/protocol/internal/all_ciphers.c @@ -13,6 +13,22 @@ EVP_CIPHER_FUNC(aes256_ctr, EVP_aes_256_ctr, 32, 16, 16) EVP_CIPHER_FUNC(aes192_ctr, EVP_aes_192_ctr, 24, 16, 16) EVP_CIPHER_FUNC(aes128_ctr, EVP_aes_128_ctr, 16, 16, 16) +static int dummy_init(SSH_CIPHER *me, const uint8_t *key, const uint8_t *IV) +{ + return 1; +} + +static void dummy_deinit(SSH_CIPHER *me) +{ +} + +SSH_CIPHER ssh_cipher_dummy = { + .name = "(none)", + .started = false, + .init = dummy_init, + .cleanup = dummy_deinit, +}; + struct { const char *name; diff --git a/src/protocol/internal/fqterm_ssh1_packet.cpp b/src/protocol/internal/fqterm_ssh1_packet.cpp index 5c2ed46..b1f873b 100644 --- a/src/protocol/internal/fqterm_ssh1_packet.cpp +++ b/src/protocol/internal/fqterm_ssh1_packet.cpp @@ -66,7 +66,7 @@ void FQTermSSH1PacketSender::makePacket() buffer_data(&data_to_send) + 4, buffer_len(&data_to_send) - 4)); - if (is_encrypt_) { + if (cipher->started) { cipher->crypt(cipher, buffer_data(&data_to_send) + 4, buffer_data(&data_to_send) + 4, buffer_len(&data_to_send) - 4); @@ -121,7 +121,7 @@ void FQTermSSH1PacketReceiver::parseData(buffer *input) { memset(sourceData, 0, total_len); buffer_get(input, sourceData, total_len); - if (is_decrypt_) { + if (cipher->started) { cipher->crypt(cipher, sourceData, targetData, total_len); } else { memcpy(targetData, sourceData, total_len); diff --git a/src/protocol/internal/fqterm_ssh2_packet.cpp b/src/protocol/internal/fqterm_ssh2_packet.cpp index 983ad3c..9f8fd70 100644 --- a/src/protocol/internal/fqterm_ssh2_packet.cpp +++ b/src/protocol/internal/fqterm_ssh2_packet.cpp @@ -39,7 +39,7 @@ namespace FQTerm { void FQTermSSH2PacketSender::makePacket() { FQ_TRACE("ssh2packet", 9) << "----------------------------Send " - << (is_encrypt_ ? "Encrypted": "plain") + << (cipher->started ? "Encrypted": "plain") << " Packet---->>>>>>>"; // 0. compress @@ -50,7 +50,7 @@ void FQTermSSH2PacketSender::makePacket() int non_padding_len = 4 + 1 + buffer_len(&orig_data); int padding_block_len = 8; - if (is_encrypt_ && cipher->blkSize > padding_block_len) + if (cipher->started && cipher->blkSize > padding_block_len) padding_block_len = cipher->blkSize; int padding_len = padding_block_len - (non_padding_len % padding_block_len); @@ -98,7 +98,7 @@ void FQTermSSH2PacketSender::makePacket() FQ_VERIFY(false); } - if (is_encrypt_) { + if (cipher->started) { // as RFC 4253: // When encryption is in effect, the packet length, padding // length, payload, and padding fields of each packet MUST be encrypted @@ -126,12 +126,12 @@ void FQTermSSH2PacketSender::makePacket() //============================================================================== void FQTermSSH2PacketReceiver::parseData(buffer *input) { FQ_TRACE("ssh2packet", 9) << "----------------------------Receive " - << (is_decrypt_ ? "Encrypted": "plain") + << (cipher->started ? "Encrypted": "plain") << " Packet----<<<<<<<"; while (buffer_len(input) > 0) { // 1. Check the ssh packet if (buffer_len(input) < 16 - || (is_decrypt_ && buffer_len(input) < cipher->blkSize) + || (cipher->started && buffer_len(input) < cipher->blkSize) || buffer_len(input) < last_expected_input_length_ ) { FQ_TRACE("ssh2packet", 3) @@ -140,7 +140,7 @@ void FQTermSSH2PacketReceiver::parseData(buffer *input) { } if (last_expected_input_length_ == 0) { - if (is_decrypt_) { + if (cipher->started) { // decrypte the first block to get the packet_length field. FQ_VERIFY(cipher->crypt(cipher, buffer_data(input), buffer_data(input), cipher->blkSize)==1); } @@ -170,7 +170,7 @@ void FQTermSSH2PacketReceiver::parseData(buffer *input) { } // 2. decrypte data. - if (is_decrypt_) { + if (cipher->started) { // decrypte blocks left. unsigned char *tmp = buffer_data(input) + cipher->blkSize; int left_len = expected_input_len - cipher->blkSize - mac->dgstSize; diff --git a/src/protocol/internal/fqterm_ssh_packet.cpp b/src/protocol/internal/fqterm_ssh_packet.cpp index af6bbc8..ade7641 100644 --- a/src/protocol/internal/fqterm_ssh_packet.cpp +++ b/src/protocol/internal/fqterm_ssh_packet.cpp @@ -37,9 +37,8 @@ FQTermSSHPacketSender::FQTermSSHPacketSender() buffer_init(&orig_data); buffer_init(&data_to_send); - is_encrypt_ = false; cipher_type_ = SSH_CIPHER_NONE; - cipher = NULL; + cipher = &ssh_cipher_dummy; is_mac_ = false; mac = NULL; @@ -51,8 +50,7 @@ FQTermSSHPacketSender::FQTermSSHPacketSender() FQTermSSHPacketSender::~FQTermSSHPacketSender() { - if (cipher) - cipher->cleanup(cipher); + cipher->cleanup(cipher); if (mac) mac->cleanup(mac); buffer_deinit(&data_to_send); @@ -101,18 +99,14 @@ void FQTermSSHPacketSender::write() emit dataToWrite(); } -void FQTermSSHPacketSender::startEncryption(const u_char *key, const u_char *IV) { - is_encrypt_ = true; - - if (cipher!=NULL) { - memcpy(cipher->IV, IV, cipher->IVSize); - memcpy(cipher->key, key, cipher->keySize); - cipher->init(cipher); - } +void FQTermSSHPacketSender::startEncryption(const u_char *key, const u_char *IV) +{ + cipher->init(cipher, key, IV); } -void FQTermSSHPacketSender::resetEncryption() { - is_encrypt_ = false; +void FQTermSSHPacketSender::resetEncryption() +{ + cipher->started = false; } void FQTermSSHPacketSender::startMac(const u_char *key) { @@ -132,9 +126,8 @@ FQTermSSHPacketReceiver::FQTermSSHPacketReceiver() { buffer_init(&recvbuf); - is_decrypt_ = false; cipher_type_ = SSH_CIPHER_NONE; - cipher = NULL; + cipher = &ssh_cipher_dummy; is_mac_ = false; mac = NULL; @@ -147,8 +140,7 @@ FQTermSSHPacketReceiver::FQTermSSHPacketReceiver() FQTermSSHPacketReceiver::~FQTermSSHPacketReceiver() { buffer_deinit(&recvbuf); - if (cipher) - cipher->cleanup(cipher); + cipher->cleanup(cipher); if (mac) mac->cleanup(mac); } @@ -221,18 +213,14 @@ void FQTermSSHPacketReceiver::consume(int len) buffer_consume(&recvbuf, len); } -void FQTermSSHPacketReceiver::startEncryption(const u_char *key, const u_char *IV) { - is_decrypt_ = true; - - if (cipher!=NULL) { - memcpy(cipher->IV, IV, cipher->IVSize); - memcpy(cipher->key, key, cipher->keySize); - cipher->init(cipher); - } +void FQTermSSHPacketReceiver::startEncryption(const u_char *key, const u_char *IV) +{ + cipher->init(cipher, key, IV); } -void FQTermSSHPacketReceiver::resetEncryption() { - is_decrypt_ = false; +void FQTermSSHPacketReceiver::resetEncryption() +{ + cipher->started = false; } void FQTermSSHPacketReceiver::startMac(const u_char *key) { diff --git a/src/protocol/internal/fqterm_ssh_packet.h b/src/protocol/internal/fqterm_ssh_packet.h index bb6adf5..ccc7581 100644 --- a/src/protocol/internal/fqterm_ssh_packet.h +++ b/src/protocol/internal/fqterm_ssh_packet.h @@ -67,7 +67,6 @@ class FQTermSSHPacketSender: public QObject { void dataToWrite(); protected: - bool is_encrypt_; int cipher_type_; bool is_mac_; @@ -117,7 +116,6 @@ class FQTermSSHPacketReceiver: public QObject { void packetError(QString); protected: - bool is_decrypt_; int cipher_type_; bool is_mac_; diff --git a/src/protocol/internal/ssh_3des-ssh1.c b/src/protocol/internal/ssh_3des-ssh1.c index 6e137bb..ceeb746 100644 --- a/src/protocol/internal/ssh_3des-ssh1.c +++ b/src/protocol/internal/ssh_3des-ssh1.c @@ -13,16 +13,17 @@ struct ssh1_3des_priv }; static int -init_3des(SSH_CIPHER* my) +init_3des(SSH_CIPHER* my, const uint8_t *dkey, const uint8_t *IV) { struct ssh1_3des_priv *priv = (struct ssh1_3des_priv*)my->priv; - const_DES_cblock *key = (const_DES_cblock*)my->key; + const_DES_cblock *key = (const_DES_cblock*)dkey; DES_set_key(key, &priv->d_key1); DES_set_key(key+1, &priv->d_key2); DES_set_key(key+2, &priv->d_key3); memset(priv->d_IV1, 0, sizeof(DES_cblock)); memset(priv->d_IV2, 0, sizeof(DES_cblock)); memset(priv->d_IV3, 0, sizeof(DES_cblock)); + my->started = true; return 1; } @@ -30,9 +31,6 @@ init_3des(SSH_CIPHER* my) static void cleanup(SSH_CIPHER* my) { - if (my->key!=NULL) - free(my->key); - if (my->priv!=NULL) free(my->priv); @@ -68,8 +66,6 @@ new_3des_ssh1(int enc) cipher->blkSize = 8; cipher->IVSize = 0; cipher->keySize = 24; - cipher->IV = NULL; - cipher->key = (unsigned char*)malloc(24); if (enc) cipher->crypt = encrypt; else @@ -77,6 +73,7 @@ new_3des_ssh1(int enc) cipher->init = init_3des; cipher->cleanup = cleanup; + cipher->started = false; return cipher; } diff --git a/src/protocol/internal/ssh_cipher.h b/src/protocol/internal/ssh_cipher.h index 8b09057..f39eea2 100644 --- a/src/protocol/internal/ssh_cipher.h +++ b/src/protocol/internal/ssh_cipher.h @@ -3,6 +3,7 @@ #include <stdlib.h> #include <stdint.h> +#include <stdbool.h> #include <openssl/evp.h> #ifdef __cplusplus @@ -11,7 +12,7 @@ extern "C" { typedef struct ssh_cipher_t SSH_CIPHER; typedef int (*crypt_t)(SSH_CIPHER*, const uint8_t*, uint8_t*, size_t); - typedef int (*init_t)(SSH_CIPHER*); + typedef int (*init_t)(SSH_CIPHER*, const uint8_t*, const uint8_t*); typedef void (*cleanup_t)(SSH_CIPHER*); struct ssh_cipher_t @@ -25,15 +26,14 @@ extern "C" { * be set and then init function must be called */ const char *name; - unsigned char *IV; - unsigned char *key; - void *priv; + void *priv; /* IV and key should be placed in priv */ crypt_t crypt; init_t init; cleanup_t cleanup; size_t blkSize; size_t keySize; size_t IVSize; + bool started; }; typedef const EVP_CIPHER*(*SSH_EVP)(void); @@ -43,6 +43,7 @@ extern "C" { SSH_CIPHER* new_3des_ssh1(int); /* all_ciphers.c */ extern const char all_ciphers_list[]; + extern SSH_CIPHER ssh_cipher_dummy; NEW_CIPHER search_cipher(const char *s); #ifdef __cplusplus diff --git a/src/protocol/internal/ssh_evp_cipher.c b/src/protocol/internal/ssh_evp_cipher.c index 29f8434..ebef3e9 100644 --- a/src/protocol/internal/ssh_evp_cipher.c +++ b/src/protocol/internal/ssh_evp_cipher.c @@ -8,12 +8,13 @@ struct evp_priv }; static int -cipher_init(SSH_CIPHER* my) +cipher_init(SSH_CIPHER* my, const uint8_t *key, const uint8_t *IV) { struct evp_priv *priv = (struct evp_priv*)my->priv; + my->started = true; priv->ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_init(priv->ctx); - return EVP_CipherInit(priv->ctx, priv->evp(), my->key, my->IV, priv->enc); + return EVP_CipherInit(priv->ctx, priv->evp(), key, IV, priv->enc); } static int @@ -25,12 +26,6 @@ do_crypt(SSH_CIPHER* my, const uint8_t* in, uint8_t* out, size_t l) static void cleanup(SSH_CIPHER* my) { - if (my->IV!=NULL) - free(my->IV); - - if (my->key!=NULL) - free(my->key); - if (my->priv!=NULL) { struct evp_priv *priv = my->priv; if (priv->ctx!=NULL) @@ -54,10 +49,9 @@ new_ssh_cipher_evp(SSH_EVP evp, size_t ks, size_t is, size_t bs, int enc) cipher->blkSize = bs; cipher->keySize = ks; cipher->IVSize = is; - cipher->key = (unsigned char*)malloc(ks); - cipher->IV = (unsigned char*)malloc(is); cipher->init = cipher_init; cipher->crypt = do_crypt; cipher->cleanup = cleanup; + cipher->started = false; return cipher; } |