Mercurial > dropbear
view libtomcrypt/src/encauth/ccm/ccm_init.c @ 1885:5d8dbb6fdab7
Fix SSH_PUBKEYINFO, limit characters, add tests
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.
The current allowed set is a-z A-Z 0-9 .,_-+@
This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 16 Mar 2022 17:17:23 +0800 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ #include "tomcrypt.h" #ifdef LTC_CCM_MODE /** Initialize a CCM state @param ccm The CCM state to initialize @param cipher The index of the cipher to use @param key The secret key @param keylen The length of the secret key @param ptlen The length of the plain/cipher text that will be processed @param taglen The max length of the MAC tag @param aadlen The length of the AAD @return CRYPT_OK on success */ int ccm_init(ccm_state *ccm, int cipher, const unsigned char *key, int keylen, int ptlen, int taglen, int aadlen) { int err; LTC_ARGCHK(ccm != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(taglen != 0); XMEMSET(ccm, 0, sizeof(ccm_state)); /* check cipher input */ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { return err; } if (cipher_descriptor[cipher].block_length != 16) { return CRYPT_INVALID_CIPHER; } /* make sure the taglen is even and <= 16 */ ccm->taglen = taglen; ccm->taglen &= ~1; if (ccm->taglen > 16) { ccm->taglen = 16; } /* can't use < 4 */ if (ccm->taglen < 4) { return CRYPT_INVALID_ARG; } /* schedule key */ if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ccm->K)) != CRYPT_OK) { return err; } ccm->cipher = cipher; /* let's get the L value */ ccm->ptlen = ptlen; ccm->L = 0; while (ptlen) { ++ccm->L; ptlen >>= 8; } if (ccm->L <= 1) { ccm->L = 2; } ccm->aadlen = aadlen; return CRYPT_OK; } #endif /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */