Mercurial > dropbear
comparison common-kex.c @ 679:03073a27abb3 sha2
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
getting keyed incorrectly
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 10 May 2012 08:38:37 +0800 |
| parents | 4222a1039b06 |
| children | a4b7627b3157 |
comparison
equal
deleted
inserted
replaced
| 678:6e0899b56ac4 | 679:03073a27abb3 |
|---|---|
| 246 | 246 |
| 247 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the | 247 /* Helper function for gen_new_keys, creates a hash. It makes a copy of the |
| 248 * already initialised hash_state hs, which should already have processed | 248 * already initialised hash_state hs, which should already have processed |
| 249 * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc. | 249 * the dh_K and hash, since these are common. X is the letter 'A', 'B' etc. |
| 250 * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated. | 250 * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated. |
| 251 * The output will only be expanded once, as we are assured that | |
| 252 * outlen <= 2*SHA1_HASH_SIZE for all known hashes. | |
| 253 * | 251 * |
| 254 * See Section 7.2 of rfc4253 (ssh transport) for details */ | 252 * See Section 7.2 of rfc4253 (ssh transport) for details */ |
| 255 static void hashkeys(unsigned char *out, int outlen, | 253 static void hashkeys(unsigned char *out, int outlen, |
| 256 const hash_state * hs, const unsigned char X) { | 254 const hash_state * hs, const unsigned char X) { |
| 257 | 255 |
| 258 hash_state hs2; | 256 hash_state hs2; |
| 259 unsigned char k2[SHA1_HASH_SIZE]; /* used to extending */ | 257 int offset; |
| 260 | 258 |
| 261 memcpy(&hs2, hs, sizeof(hash_state)); | 259 memcpy(&hs2, hs, sizeof(hash_state)); |
| 262 sha1_process(&hs2, &X, 1); | 260 sha1_process(&hs2, &X, 1); |
| 263 sha1_process(&hs2, ses.session_id, SHA1_HASH_SIZE); | 261 sha1_process(&hs2, ses.session_id, SHA1_HASH_SIZE); |
| 264 sha1_done(&hs2, out); | 262 sha1_done(&hs2, out); |
| 265 if (SHA1_HASH_SIZE < outlen) { | 263 for (offset = SHA1_HASH_SIZE; |
| 264 offset < outlen; | |
| 265 offset += SHA1_HASH_SIZE) | |
| 266 { | |
| 266 /* need to extend */ | 267 /* need to extend */ |
| 268 unsigned char k2[SHA1_HASH_SIZE]; | |
| 267 memcpy(&hs2, hs, sizeof(hash_state)); | 269 memcpy(&hs2, hs, sizeof(hash_state)); |
| 268 sha1_process(&hs2, out, SHA1_HASH_SIZE); | 270 sha1_process(&hs2, out, offset); |
| 269 sha1_done(&hs2, k2); | 271 sha1_done(&hs2, k2); |
| 270 memcpy(&out[SHA1_HASH_SIZE], k2, outlen - SHA1_HASH_SIZE); | 272 memcpy(&out[offset], k2, MIN(outlen - offset, SHA1_HASH_SIZE)); |
| 271 } | 273 } |
| 272 } | 274 } |
| 273 | 275 |
| 274 /* Generate the actual encryption/integrity keys, using the results of the | 276 /* Generate the actual encryption/integrity keys, using the results of the |
| 275 * key exchange, as specified in section 7.2 of the transport rfc 4253. | 277 * key exchange, as specified in section 7.2 of the transport rfc 4253. |