Mercurial > dropbear
comparison packet.c @ 502:43bbe17d6ba0
- Add Counter Mode support
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 29 Sep 2008 13:53:31 +0000 |
| parents | d58c478bd399 |
| children | a3748e54273c |
comparison
equal
deleted
inserted
replaced
| 501:d58c478bd399 | 502:43bbe17d6ba0 |
|---|---|
| 192 } | 192 } |
| 193 | 193 |
| 194 /* now we have the first block, need to get packet length, so we decrypt | 194 /* now we have the first block, need to get packet length, so we decrypt |
| 195 * the first block (only need first 4 bytes) */ | 195 * the first block (only need first 4 bytes) */ |
| 196 buf_setpos(ses.readbuf, 0); | 196 buf_setpos(ses.readbuf, 0); |
| 197 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) { | 197 if (ses.keys->recv_crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize), |
| 198 /* copy it */ | 198 buf_getwriteptr(ses.decryptreadbuf,blocksize), |
| 199 memcpy(buf_getwriteptr(ses.decryptreadbuf, blocksize), | 199 blocksize, |
| 200 buf_getptr(ses.readbuf, blocksize), | 200 &ses.keys->recv_cipher_state) != CRYPT_OK) { |
| 201 blocksize); | 201 dropbear_exit("error decrypting"); |
| 202 } else { | |
| 203 /* decrypt it */ | |
| 204 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize), | |
| 205 buf_getwriteptr(ses.decryptreadbuf,blocksize), | |
| 206 blocksize, | |
| 207 &ses.keys->recv_symmetric_struct) != CRYPT_OK) { | |
| 208 dropbear_exit("error decrypting"); | |
| 209 } | |
| 210 } | 202 } |
| 211 buf_setlen(ses.decryptreadbuf, blocksize); | 203 buf_setlen(ses.decryptreadbuf, blocksize); |
| 212 len = buf_getint(ses.decryptreadbuf) + 4 + macsize; | 204 len = buf_getint(ses.decryptreadbuf) + 4 + macsize; |
| 213 | 205 |
| 214 buf_setpos(ses.readbuf, blocksize); | 206 buf_setpos(ses.readbuf, blocksize); |
| 244 | 236 |
| 245 buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize); | 237 buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize); |
| 246 buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size); | 238 buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size); |
| 247 buf_setpos(ses.decryptreadbuf, blocksize); | 239 buf_setpos(ses.decryptreadbuf, blocksize); |
| 248 | 240 |
| 249 /* decrypt if encryption is set, memcpy otherwise */ | 241 /* decrypt it */ |
| 250 if (ses.keys->recv_algo_crypt->cipherdesc == NULL) { | 242 while (ses.readbuf->pos < ses.readbuf->len - macsize) { |
| 251 /* copy it */ | 243 if (ses.keys->recv_crypt_mode->decrypt( |
| 252 len = ses.readbuf->len - macsize - blocksize; | 244 buf_getptr(ses.readbuf, blocksize), |
| 253 memcpy(buf_getwriteptr(ses.decryptreadbuf, len), | 245 buf_getwriteptr(ses.decryptreadbuf, blocksize), |
| 254 buf_getptr(ses.readbuf, len), len); | 246 blocksize, |
| 255 } else { | 247 &ses.keys->recv_cipher_state) != CRYPT_OK) { |
| 256 /* decrypt */ | 248 dropbear_exit("error decrypting"); |
| 257 while (ses.readbuf->pos < ses.readbuf->len - macsize) { | 249 } |
| 258 if (cbc_decrypt(buf_getptr(ses.readbuf, blocksize), | 250 buf_incrpos(ses.readbuf, blocksize); |
| 259 buf_getwriteptr(ses.decryptreadbuf, blocksize), | 251 buf_incrwritepos(ses.decryptreadbuf, blocksize); |
| 260 blocksize, | |
| 261 &ses.keys->recv_symmetric_struct) != CRYPT_OK) { | |
| 262 dropbear_exit("error decrypting"); | |
| 263 } | |
| 264 buf_incrpos(ses.readbuf, blocksize); | |
| 265 buf_incrwritepos(ses.decryptreadbuf, blocksize); | |
| 266 } | |
| 267 } | 252 } |
| 268 | 253 |
| 269 /* check the hmac */ | 254 /* check the hmac */ |
| 270 buf_setpos(ses.readbuf, ses.readbuf->len - macsize); | 255 buf_setpos(ses.readbuf, ses.readbuf->len - macsize); |
| 271 if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) { | 256 if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) { |
| 542 buf_setpos(clearwritebuf, 0); | 527 buf_setpos(clearwritebuf, 0); |
| 543 /* create a new writebuffer, this is freed when it has been put on the | 528 /* create a new writebuffer, this is freed when it has been put on the |
| 544 * wire by writepacket() */ | 529 * wire by writepacket() */ |
| 545 writebuf = buf_new(clearwritebuf->len + macsize); | 530 writebuf = buf_new(clearwritebuf->len + macsize); |
| 546 | 531 |
| 547 if (ses.keys->trans_algo_crypt->cipherdesc == NULL) { | 532 /* encrypt it */ |
| 548 /* copy it */ | 533 while (clearwritebuf->pos < clearwritebuf->len) { |
| 549 memcpy(buf_getwriteptr(writebuf, clearwritebuf->len), | 534 if (ses.keys->trans_crypt_mode->encrypt( |
| 550 buf_getptr(clearwritebuf, clearwritebuf->len), | 535 buf_getptr(clearwritebuf, blocksize), |
| 551 clearwritebuf->len); | 536 buf_getwriteptr(writebuf, blocksize), |
| 552 buf_incrwritepos(writebuf, clearwritebuf->len); | 537 blocksize, |
| 553 } else { | 538 &ses.keys->trans_cipher_state) != CRYPT_OK) { |
| 554 /* encrypt it */ | 539 dropbear_exit("error encrypting"); |
| 555 while (clearwritebuf->pos < clearwritebuf->len) { | 540 } |
| 556 if (cbc_encrypt(buf_getptr(clearwritebuf, blocksize), | 541 buf_incrpos(clearwritebuf, blocksize); |
| 557 buf_getwriteptr(writebuf, blocksize), | 542 buf_incrwritepos(writebuf, blocksize); |
| 558 blocksize, | |
| 559 &ses.keys->trans_symmetric_struct) != CRYPT_OK) { | |
| 560 dropbear_exit("error encrypting"); | |
| 561 } | |
| 562 buf_incrpos(clearwritebuf, blocksize); | |
| 563 buf_incrwritepos(writebuf, blocksize); | |
| 564 } | |
| 565 } | 543 } |
| 566 | 544 |
| 567 /* now add a hmac and we're done */ | 545 /* now add a hmac and we're done */ |
| 568 writemac(writebuf, clearwritebuf); | 546 writemac(writebuf, clearwritebuf); |
| 569 | 547 |