summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/protocol/internal/all_ciphers.c16
-rw-r--r--src/protocol/internal/fqterm_ssh1_packet.cpp4
-rw-r--r--src/protocol/internal/fqterm_ssh2_packet.cpp14
-rw-r--r--src/protocol/internal/fqterm_ssh_packet.cpp44
-rw-r--r--src/protocol/internal/fqterm_ssh_packet.h2
-rw-r--r--src/protocol/internal/ssh_3des-ssh1.c11
-rw-r--r--src/protocol/internal/ssh_cipher.h9
-rw-r--r--src/protocol/internal/ssh_evp_cipher.c14
8 files changed, 54 insertions, 60 deletions
diff --git a/src/protocol/internal/all_ciphers.c b/src/protocol/internal/all_ciphers.c
index 342f99f..d6f6f35 100644
--- a/src/protocol/internal/all_ciphers.c
+++ b/src/protocol/internal/all_ciphers.c
@@ -13,6 +13,22 @@ EVP_CIPHER_FUNC(aes256_ctr, EVP_aes_256_ctr, 32, 16, 16)
EVP_CIPHER_FUNC(aes192_ctr, EVP_aes_192_ctr, 24, 16, 16)
EVP_CIPHER_FUNC(aes128_ctr, EVP_aes_128_ctr, 16, 16, 16)
+static int dummy_init(SSH_CIPHER *me, const uint8_t *key, const uint8_t *IV)
+{
+ return 1;
+}
+
+static void dummy_deinit(SSH_CIPHER *me)
+{
+}
+
+SSH_CIPHER ssh_cipher_dummy = {
+ .name = "(none)",
+ .started = false,
+ .init = dummy_init,
+ .cleanup = dummy_deinit,
+};
+
struct
{
const char *name;
diff --git a/src/protocol/internal/fqterm_ssh1_packet.cpp b/src/protocol/internal/fqterm_ssh1_packet.cpp
index 5c2ed46..b1f873b 100644
--- a/src/protocol/internal/fqterm_ssh1_packet.cpp
+++ b/src/protocol/internal/fqterm_ssh1_packet.cpp
@@ -66,7 +66,7 @@ void FQTermSSH1PacketSender::makePacket()
buffer_data(&data_to_send) + 4,
buffer_len(&data_to_send) - 4));
- if (is_encrypt_) {
+ if (cipher->started) {
cipher->crypt(cipher, buffer_data(&data_to_send) + 4,
buffer_data(&data_to_send) + 4,
buffer_len(&data_to_send) - 4);
@@ -121,7 +121,7 @@ void FQTermSSH1PacketReceiver::parseData(buffer *input) {
memset(sourceData, 0, total_len);
buffer_get(input, sourceData, total_len);
- if (is_decrypt_) {
+ if (cipher->started) {
cipher->crypt(cipher, sourceData, targetData, total_len);
} else {
memcpy(targetData, sourceData, total_len);
diff --git a/src/protocol/internal/fqterm_ssh2_packet.cpp b/src/protocol/internal/fqterm_ssh2_packet.cpp
index 983ad3c..9f8fd70 100644
--- a/src/protocol/internal/fqterm_ssh2_packet.cpp
+++ b/src/protocol/internal/fqterm_ssh2_packet.cpp
@@ -39,7 +39,7 @@ namespace FQTerm {
void FQTermSSH2PacketSender::makePacket()
{
FQ_TRACE("ssh2packet", 9) << "----------------------------Send "
- << (is_encrypt_ ? "Encrypted": "plain")
+ << (cipher->started ? "Encrypted": "plain")
<< " Packet---->>>>>>>";
// 0. compress
@@ -50,7 +50,7 @@ void FQTermSSH2PacketSender::makePacket()
int non_padding_len = 4 + 1 + buffer_len(&orig_data);
int padding_block_len = 8;
- if (is_encrypt_ && cipher->blkSize > padding_block_len)
+ if (cipher->started && cipher->blkSize > padding_block_len)
padding_block_len = cipher->blkSize;
int padding_len = padding_block_len - (non_padding_len % padding_block_len);
@@ -98,7 +98,7 @@ void FQTermSSH2PacketSender::makePacket()
FQ_VERIFY(false);
}
- if (is_encrypt_) {
+ if (cipher->started) {
// as RFC 4253:
// When encryption is in effect, the packet length, padding
// length, payload, and padding fields of each packet MUST be encrypted
@@ -126,12 +126,12 @@ void FQTermSSH2PacketSender::makePacket()
//==============================================================================
void FQTermSSH2PacketReceiver::parseData(buffer *input) {
FQ_TRACE("ssh2packet", 9) << "----------------------------Receive "
- << (is_decrypt_ ? "Encrypted": "plain")
+ << (cipher->started ? "Encrypted": "plain")
<< " Packet----<<<<<<<";
while (buffer_len(input) > 0) {
// 1. Check the ssh packet
if (buffer_len(input) < 16
- || (is_decrypt_ && buffer_len(input) < cipher->blkSize)
+ || (cipher->started && buffer_len(input) < cipher->blkSize)
|| buffer_len(input) < last_expected_input_length_
) {
FQ_TRACE("ssh2packet", 3)
@@ -140,7 +140,7 @@ void FQTermSSH2PacketReceiver::parseData(buffer *input) {
}
if (last_expected_input_length_ == 0) {
- if (is_decrypt_) {
+ if (cipher->started) {
// decrypte the first block to get the packet_length field.
FQ_VERIFY(cipher->crypt(cipher, buffer_data(input), buffer_data(input), cipher->blkSize)==1);
}
@@ -170,7 +170,7 @@ void FQTermSSH2PacketReceiver::parseData(buffer *input) {
}
// 2. decrypte data.
- if (is_decrypt_) {
+ if (cipher->started) {
// decrypte blocks left.
unsigned char *tmp = buffer_data(input) + cipher->blkSize;
int left_len = expected_input_len - cipher->blkSize - mac->dgstSize;
diff --git a/src/protocol/internal/fqterm_ssh_packet.cpp b/src/protocol/internal/fqterm_ssh_packet.cpp
index af6bbc8..ade7641 100644
--- a/src/protocol/internal/fqterm_ssh_packet.cpp
+++ b/src/protocol/internal/fqterm_ssh_packet.cpp
@@ -37,9 +37,8 @@ FQTermSSHPacketSender::FQTermSSHPacketSender()
buffer_init(&orig_data);
buffer_init(&data_to_send);
- is_encrypt_ = false;
cipher_type_ = SSH_CIPHER_NONE;
- cipher = NULL;
+ cipher = &ssh_cipher_dummy;
is_mac_ = false;
mac = NULL;
@@ -51,8 +50,7 @@ FQTermSSHPacketSender::FQTermSSHPacketSender()
FQTermSSHPacketSender::~FQTermSSHPacketSender()
{
- if (cipher)
- cipher->cleanup(cipher);
+ cipher->cleanup(cipher);
if (mac)
mac->cleanup(mac);
buffer_deinit(&data_to_send);
@@ -101,18 +99,14 @@ void FQTermSSHPacketSender::write()
emit dataToWrite();
}
-void FQTermSSHPacketSender::startEncryption(const u_char *key, const u_char *IV) {
- is_encrypt_ = true;
-
- if (cipher!=NULL) {
- memcpy(cipher->IV, IV, cipher->IVSize);
- memcpy(cipher->key, key, cipher->keySize);
- cipher->init(cipher);
- }
+void FQTermSSHPacketSender::startEncryption(const u_char *key, const u_char *IV)
+{
+ cipher->init(cipher, key, IV);
}
-void FQTermSSHPacketSender::resetEncryption() {
- is_encrypt_ = false;
+void FQTermSSHPacketSender::resetEncryption()
+{
+ cipher->started = false;
}
void FQTermSSHPacketSender::startMac(const u_char *key) {
@@ -132,9 +126,8 @@ FQTermSSHPacketReceiver::FQTermSSHPacketReceiver()
{
buffer_init(&recvbuf);
- is_decrypt_ = false;
cipher_type_ = SSH_CIPHER_NONE;
- cipher = NULL;
+ cipher = &ssh_cipher_dummy;
is_mac_ = false;
mac = NULL;
@@ -147,8 +140,7 @@ FQTermSSHPacketReceiver::FQTermSSHPacketReceiver()
FQTermSSHPacketReceiver::~FQTermSSHPacketReceiver()
{
buffer_deinit(&recvbuf);
- if (cipher)
- cipher->cleanup(cipher);
+ cipher->cleanup(cipher);
if (mac)
mac->cleanup(mac);
}
@@ -221,18 +213,14 @@ void FQTermSSHPacketReceiver::consume(int len)
buffer_consume(&recvbuf, len);
}
-void FQTermSSHPacketReceiver::startEncryption(const u_char *key, const u_char *IV) {
- is_decrypt_ = true;
-
- if (cipher!=NULL) {
- memcpy(cipher->IV, IV, cipher->IVSize);
- memcpy(cipher->key, key, cipher->keySize);
- cipher->init(cipher);
- }
+void FQTermSSHPacketReceiver::startEncryption(const u_char *key, const u_char *IV)
+{
+ cipher->init(cipher, key, IV);
}
-void FQTermSSHPacketReceiver::resetEncryption() {
- is_decrypt_ = false;
+void FQTermSSHPacketReceiver::resetEncryption()
+{
+ cipher->started = false;
}
void FQTermSSHPacketReceiver::startMac(const u_char *key) {
diff --git a/src/protocol/internal/fqterm_ssh_packet.h b/src/protocol/internal/fqterm_ssh_packet.h
index bb6adf5..ccc7581 100644
--- a/src/protocol/internal/fqterm_ssh_packet.h
+++ b/src/protocol/internal/fqterm_ssh_packet.h
@@ -67,7 +67,6 @@ class FQTermSSHPacketSender: public QObject {
void dataToWrite();
protected:
- bool is_encrypt_;
int cipher_type_;
bool is_mac_;
@@ -117,7 +116,6 @@ class FQTermSSHPacketReceiver: public QObject {
void packetError(QString);
protected:
- bool is_decrypt_;
int cipher_type_;
bool is_mac_;
diff --git a/src/protocol/internal/ssh_3des-ssh1.c b/src/protocol/internal/ssh_3des-ssh1.c
index 6e137bb..ceeb746 100644
--- a/src/protocol/internal/ssh_3des-ssh1.c
+++ b/src/protocol/internal/ssh_3des-ssh1.c
@@ -13,16 +13,17 @@ struct ssh1_3des_priv
};
static int
-init_3des(SSH_CIPHER* my)
+init_3des(SSH_CIPHER* my, const uint8_t *dkey, const uint8_t *IV)
{
struct ssh1_3des_priv *priv = (struct ssh1_3des_priv*)my->priv;
- const_DES_cblock *key = (const_DES_cblock*)my->key;
+ const_DES_cblock *key = (const_DES_cblock*)dkey;
DES_set_key(key, &priv->d_key1);
DES_set_key(key+1, &priv->d_key2);
DES_set_key(key+2, &priv->d_key3);
memset(priv->d_IV1, 0, sizeof(DES_cblock));
memset(priv->d_IV2, 0, sizeof(DES_cblock));
memset(priv->d_IV3, 0, sizeof(DES_cblock));
+ my->started = true;
return 1;
}
@@ -30,9 +31,6 @@ init_3des(SSH_CIPHER* my)
static void
cleanup(SSH_CIPHER* my)
{
- if (my->key!=NULL)
- free(my->key);
-
if (my->priv!=NULL)
free(my->priv);
@@ -68,8 +66,6 @@ new_3des_ssh1(int enc)
cipher->blkSize = 8;
cipher->IVSize = 0;
cipher->keySize = 24;
- cipher->IV = NULL;
- cipher->key = (unsigned char*)malloc(24);
if (enc)
cipher->crypt = encrypt;
else
@@ -77,6 +73,7 @@ new_3des_ssh1(int enc)
cipher->init = init_3des;
cipher->cleanup = cleanup;
+ cipher->started = false;
return cipher;
}
diff --git a/src/protocol/internal/ssh_cipher.h b/src/protocol/internal/ssh_cipher.h
index 8b09057..f39eea2 100644
--- a/src/protocol/internal/ssh_cipher.h
+++ b/src/protocol/internal/ssh_cipher.h
@@ -3,6 +3,7 @@
#include <stdlib.h>
#include <stdint.h>
+#include <stdbool.h>
#include <openssl/evp.h>
#ifdef __cplusplus
@@ -11,7 +12,7 @@ extern "C" {
typedef struct ssh_cipher_t SSH_CIPHER;
typedef int (*crypt_t)(SSH_CIPHER*, const uint8_t*, uint8_t*, size_t);
- typedef int (*init_t)(SSH_CIPHER*);
+ typedef int (*init_t)(SSH_CIPHER*, const uint8_t*, const uint8_t*);
typedef void (*cleanup_t)(SSH_CIPHER*);
struct ssh_cipher_t
@@ -25,15 +26,14 @@ extern "C" {
* be set and then init function must be called
*/
const char *name;
- unsigned char *IV;
- unsigned char *key;
- void *priv;
+ void *priv; /* IV and key should be placed in priv */
crypt_t crypt;
init_t init;
cleanup_t cleanup;
size_t blkSize;
size_t keySize;
size_t IVSize;
+ bool started;
};
typedef const EVP_CIPHER*(*SSH_EVP)(void);
@@ -43,6 +43,7 @@ extern "C" {
SSH_CIPHER* new_3des_ssh1(int);
/* all_ciphers.c */
extern const char all_ciphers_list[];
+ extern SSH_CIPHER ssh_cipher_dummy;
NEW_CIPHER search_cipher(const char *s);
#ifdef __cplusplus
diff --git a/src/protocol/internal/ssh_evp_cipher.c b/src/protocol/internal/ssh_evp_cipher.c
index 29f8434..ebef3e9 100644
--- a/src/protocol/internal/ssh_evp_cipher.c
+++ b/src/protocol/internal/ssh_evp_cipher.c
@@ -8,12 +8,13 @@ struct evp_priv
};
static int
-cipher_init(SSH_CIPHER* my)
+cipher_init(SSH_CIPHER* my, const uint8_t *key, const uint8_t *IV)
{
struct evp_priv *priv = (struct evp_priv*)my->priv;
+ my->started = true;
priv->ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(priv->ctx);
- return EVP_CipherInit(priv->ctx, priv->evp(), my->key, my->IV, priv->enc);
+ return EVP_CipherInit(priv->ctx, priv->evp(), key, IV, priv->enc);
}
static int
@@ -25,12 +26,6 @@ do_crypt(SSH_CIPHER* my, const uint8_t* in, uint8_t* out, size_t l)
static void
cleanup(SSH_CIPHER* my)
{
- if (my->IV!=NULL)
- free(my->IV);
-
- if (my->key!=NULL)
- free(my->key);
-
if (my->priv!=NULL) {
struct evp_priv *priv = my->priv;
if (priv->ctx!=NULL)
@@ -54,10 +49,9 @@ new_ssh_cipher_evp(SSH_EVP evp, size_t ks, size_t is, size_t bs, int enc)
cipher->blkSize = bs;
cipher->keySize = ks;
cipher->IVSize = is;
- cipher->key = (unsigned char*)malloc(ks);
- cipher->IV = (unsigned char*)malloc(is);
cipher->init = cipher_init;
cipher->crypt = do_crypt;
cipher->cleanup = cleanup;
+ cipher->started = false;
return cipher;
}