comparison packet.c @ 532:c67c8c0c6c35

merge of 'e1c100e6366c5d607af08f4abdbb0f4281df4fa9' and 'fe8161b0698c9816b98f79e3cab2b9d59f2be71b'
author Matt Johnston <matt@ucc.asn.au>
date Thu, 26 Feb 2009 13:21:14 +0000
parents 164b7c2cd5df 22a0d8355c2c
children 805ae74ec024
comparison
equal deleted inserted replaced
531:164b7c2cd5df 532:c67c8c0c6c35
238 buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize); 238 buf_resize(ses.decryptreadbuf, ses.readbuf->len - macsize);
239 buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size); 239 buf_setlen(ses.decryptreadbuf, ses.decryptreadbuf->size);
240 buf_setpos(ses.decryptreadbuf, blocksize); 240 buf_setpos(ses.decryptreadbuf, blocksize);
241 241
242 /* decrypt it */ 242 /* decrypt it */
243 while (ses.readbuf->pos < ses.readbuf->len - macsize) { 243 len = ses.readbuf->len - macsize - ses.readbuf->pos;
244 if (ses.keys->recv_crypt_mode->decrypt( 244 if (ses.keys->recv_crypt_mode->decrypt(
245 buf_getptr(ses.readbuf, blocksize), 245 buf_getptr(ses.readbuf, len),
246 buf_getwriteptr(ses.decryptreadbuf, blocksize), 246 buf_getwriteptr(ses.decryptreadbuf, len),
247 blocksize, 247 len,
248 &ses.keys->recv_cipher_state) != CRYPT_OK) { 248 &ses.keys->recv_cipher_state) != CRYPT_OK) {
249 dropbear_exit("error decrypting"); 249 dropbear_exit("error decrypting");
250 } 250 }
251 buf_incrpos(ses.readbuf, blocksize); 251 buf_incrpos(ses.readbuf, len);
252 buf_incrwritepos(ses.decryptreadbuf, blocksize); 252 buf_incrwritepos(ses.decryptreadbuf, len);
253 }
254 253
255 /* check the hmac */ 254 /* check the hmac */
256 buf_setpos(ses.readbuf, ses.readbuf->len - macsize); 255 buf_setpos(ses.readbuf, ses.readbuf->len - macsize);
257 if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) { 256 if (checkmac(ses.readbuf, ses.decryptreadbuf) != DROPBEAR_SUCCESS) {
258 dropbear_exit("Integrity error"); 257 dropbear_exit("Integrity error");
452 unsigned char padlen; 451 unsigned char padlen;
453 unsigned char blocksize, macsize; 452 unsigned char blocksize, macsize;
454 buffer * writebuf; /* the packet which will go on the wire */ 453 buffer * writebuf; /* the packet which will go on the wire */
455 buffer * clearwritebuf; /* unencrypted, possibly compressed */ 454 buffer * clearwritebuf; /* unencrypted, possibly compressed */
456 unsigned char type; 455 unsigned char type;
457 unsigned int clear_len; 456 unsigned int len;
458 457
459 type = ses.writepayload->data[0]; 458 type = ses.writepayload->data[0];
460 TRACE(("enter encrypt_packet()")) 459 TRACE(("enter encrypt_packet()"))
461 TRACE(("encrypt_packet type is %d", type)) 460 TRACE(("encrypt_packet type is %d", type))
462 461
472 macsize = ses.keys->trans_algo_mac->hashsize; 471 macsize = ses.keys->trans_algo_mac->hashsize;
473 472
474 /* Encrypted packet len is payload+5, then worst case is if we are 3 away 473 /* Encrypted packet len is payload+5, then worst case is if we are 3 away
475 * from a blocksize multiple. In which case we need to pad to the 474 * from a blocksize multiple. In which case we need to pad to the
476 * multiple, then add another blocksize (or MIN_PACKET_LEN) */ 475 * multiple, then add another blocksize (or MIN_PACKET_LEN) */
477 clear_len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3; 476 len = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3;
478 477
479 #ifndef DISABLE_ZLIB 478 #ifndef DISABLE_ZLIB
480 clear_len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/ 479 len += ZLIB_COMPRESS_INCR; /* bit of a kludge, but we can't know len*/
481 #endif 480 #endif
482 clearwritebuf = buf_new(clear_len); 481 clearwritebuf = buf_new(len);
483 buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF); 482 buf_setlen(clearwritebuf, PACKET_PAYLOAD_OFF);
484 buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF); 483 buf_setpos(clearwritebuf, PACKET_PAYLOAD_OFF);
485 484
486 buf_setpos(ses.writepayload, 0); 485 buf_setpos(ses.writepayload, 0);
487 486
529 /* create a new writebuffer, this is freed when it has been put on the 528 /* create a new writebuffer, this is freed when it has been put on the
530 * wire by writepacket() */ 529 * wire by writepacket() */
531 writebuf = buf_new(clearwritebuf->len + macsize); 530 writebuf = buf_new(clearwritebuf->len + macsize);
532 531
533 /* encrypt it */ 532 /* encrypt it */
534 while (clearwritebuf->pos < clearwritebuf->len) { 533 len = clearwritebuf->len;
535 if (ses.keys->trans_crypt_mode->encrypt( 534 if (ses.keys->trans_crypt_mode->encrypt(
536 buf_getptr(clearwritebuf, blocksize), 535 buf_getptr(clearwritebuf, len),
537 buf_getwriteptr(writebuf, blocksize), 536 buf_getwriteptr(writebuf, len),
538 blocksize, 537 len,
539 &ses.keys->trans_cipher_state) != CRYPT_OK) { 538 &ses.keys->trans_cipher_state) != CRYPT_OK) {
540 dropbear_exit("error encrypting"); 539 dropbear_exit("error encrypting");
541 } 540 }
542 buf_incrpos(clearwritebuf, blocksize); 541 buf_incrpos(clearwritebuf, len);
543 buf_incrwritepos(writebuf, blocksize); 542 buf_incrwritepos(writebuf, len);
544 }
545 543
546 /* now add a hmac and we're done */ 544 /* now add a hmac and we're done */
547 writemac(writebuf, clearwritebuf); 545 writemac(writebuf, clearwritebuf);
548 546
549 /* clearwritebuf is finished with */ 547 /* clearwritebuf is finished with */