diff options
Diffstat (limited to 'libs/libssh2/src/crypt.c')
| -rw-r--r-- | libs/libssh2/src/crypt.c | 84 |
1 files changed, 65 insertions, 19 deletions
diff --git a/libs/libssh2/src/crypt.c b/libs/libssh2/src/crypt.c index 8d493b4847..2fb661fd60 100644 --- a/libs/libssh2/src/crypt.c +++ b/libs/libssh2/src/crypt.c @@ -1,5 +1,5 @@ -/* Copyright (c) 2009, 2010 Simon Josefsson <simon@josefsson.org> - * Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org> +/* Copyright (C) Simon Josefsson <simon@josefsson.org> + * Copyright (C) Sara Golemon <sarag@libssh2.org> * All rights reserved. * * Redistribution and use in source and binary forms, @@ -34,18 +34,29 @@ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY * OF SUCH DAMAGE. + * + * SPDX-License-Identifier: BSD-3-Clause */ #include "libssh2_priv.h" -#ifdef LIBSSH2_CRYPT_NONE - +#if defined(LIBSSH2DEBUG) && defined(LIBSSH2_CRYPT_NONE_INSECURE) /* crypt_none_crypt - * Minimalist cipher: VERY secure *wink* + * Minimalist cipher: no encryption. DO NOT USE. + * + * The SSH2 Transport allows for unencrypted data transmission using + * the "none" cipher. Because this is such a huge security hole, it is + * typically disabled on SSH2 implementations and is disabled in libssh2 + * by default as well. + * + * Enabling this option will allow for "none" as a negotiable method, + * however it still requires that the method be advertised by the remote + * end and that no more-preferable methods are available. + * */ static int crypt_none_crypt(LIBSSH2_SESSION * session, unsigned char *buf, - void **abstract) + void **abstract, int firstlast) { /* Do nothing to the data! */ return 0; @@ -62,7 +73,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_none = { crypt_none_crypt, NULL }; -#endif /* LIBSSH2_CRYPT_NONE */ +#endif /* defined(LIBSSH2DEBUG) && defined(LIBSSH2_CRYPT_NONE_INSECURE) */ struct crypt_ctx { @@ -97,12 +108,12 @@ crypt_init(LIBSSH2_SESSION * session, static int crypt_encrypt(LIBSSH2_SESSION * session, unsigned char *block, - size_t blocksize, void **abstract) + size_t blocksize, void **abstract, int firstlast) { struct crypt_ctx *cctx = *(struct crypt_ctx **) abstract; (void) session; return _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block, - blocksize); + blocksize, firstlast); } static int @@ -117,6 +128,34 @@ crypt_dtor(LIBSSH2_SESSION * session, void **abstract) return 0; } +#if LIBSSH2_AES_GCM +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_gcm = { + "aes256-gcm@openssh.com", + "", + 16, /* blocksize */ + 12, /* initial value length */ + 32, /* secret length -- 32*8 == 256bit */ + LIBSSH2_CRYPT_FLAG_INTEGRATED_MAC | LIBSSH2_CRYPT_FLAG_PKTLEN_AAD, + &crypt_init, + &crypt_encrypt, + &crypt_dtor, + _libssh2_cipher_aes256gcm +}; + +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_gcm = { + "aes128-gcm@openssh.com", + "", + 16, /* blocksize */ + 12, /* initial value length */ + 16, /* secret length -- 16*8 == 128bit */ + LIBSSH2_CRYPT_FLAG_INTEGRATED_MAC | LIBSSH2_CRYPT_FLAG_PKTLEN_AAD, + &crypt_init, + &crypt_encrypt, + &crypt_dtor, + _libssh2_cipher_aes128gcm +}; +#endif + #if LIBSSH2_AES_CTR static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = { "aes128-ctr", @@ -158,7 +197,7 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = { }; #endif -#if LIBSSH2_AES +#if LIBSSH2_AES_CBC static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = { "aes128-cbc", "DEK-Info: AES-128-CBC", @@ -212,7 +251,7 @@ static const LIBSSH2_CRYPT_METHOD &crypt_dtor, _libssh2_cipher_aes256 }; -#endif /* LIBSSH2_AES */ +#endif /* LIBSSH2_AES_CBC */ #if LIBSSH2_BLOWFISH static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_blowfish_cbc = { @@ -260,7 +299,8 @@ crypt_init_arcfour128(LIBSSH2_SESSION * session, size_t discard = 1536; for(; discard; discard -= 8) _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block, - method->blocksize); + method->blocksize, MIDDLE_BLOCK); + /* Not all middle, but here it doesn't matter */ } return rc; @@ -310,18 +350,24 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = { }; #endif +/* These are the crypt methods that are available to be negotiated. Methods + towards the start are chosen in preference to ones further down the list. */ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { +#if LIBSSH2_AES_GCM + &libssh2_crypt_method_aes256_gcm, + &libssh2_crypt_method_aes128_gcm, +#endif /* LIBSSH2_AES_GCM */ #if LIBSSH2_AES_CTR - &libssh2_crypt_method_aes128_ctr, - &libssh2_crypt_method_aes192_ctr, - &libssh2_crypt_method_aes256_ctr, -#endif /* LIBSSH2_AES */ -#if LIBSSH2_AES + &libssh2_crypt_method_aes256_ctr, + &libssh2_crypt_method_aes192_ctr, + &libssh2_crypt_method_aes128_ctr, +#endif /* LIBSSH2_AES_CTR */ +#if LIBSSH2_AES_CBC &libssh2_crypt_method_aes256_cbc, &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* == aes256-cbc */ &libssh2_crypt_method_aes192_cbc, &libssh2_crypt_method_aes128_cbc, -#endif /* LIBSSH2_AES */ +#endif /* LIBSSH2_AES_CBC */ #if LIBSSH2_BLOWFISH &libssh2_crypt_method_blowfish_cbc, #endif /* LIBSSH2_BLOWFISH */ @@ -335,7 +381,7 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { #if LIBSSH2_3DES &libssh2_crypt_method_3des_cbc, #endif /* LIBSSH2_DES */ -#ifdef LIBSSH2_CRYPT_NONE +#if defined(LIBSSH2DEBUG) && defined(LIBSSH2_CRYPT_NONE_INSECURE) &libssh2_crypt_method_none, #endif NULL |