diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2013-03-21 22:55:12 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2013-03-21 22:55:12 +0800 |
| commit | 024d268d8c3323cc16484ff2b72db702cba2464c (patch) | |
| tree | dd8211380f32e4901fc17c4afe2a8153e01099e4 | |
| parent | eaa737fecd57fff0950f616a63a421d1f82d4c61 (diff) | |
Make hmac-sha2-256 and hmac-sha2-512 work
| -rw-r--r-- | common-algo.c | 14 | ||||
| -rw-r--r-- | session.h | 2 | ||||
| -rw-r--r-- | sysoptions.h | 15 |
3 files changed, 15 insertions, 16 deletions
diff --git a/common-algo.c b/common-algo.c index 8c1ee04..4a14651 100644 --- a/common-algo.c +++ b/common-algo.c @@ -45,8 +45,8 @@ static int void_start(int cipher, const unsigned char *IV, /* Mappings for ciphers, parameters are {&cipher_desc, keysize, blocksize} */ -/* NOTE: if keysize > 2*SHA1_HASH_SIZE, code such as hashkeys() - needs revisiting */ + +/* Remember to add new ciphers/hashes to regciphers/reghashes too */ #ifdef DROPBEAR_AES256 static const struct dropbear_cipher dropbear_aes256 = @@ -168,10 +168,10 @@ algo_type sshciphers[] = { algo_type sshhashes[] = { #ifdef DROPBEAR_SHA2_256_HMAC -// {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, + {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, #endif #ifdef DROPBEAR_SHA2_512_HMAC -// {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, + {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, #endif #ifdef DROPBEAR_SHA1_96_HMAC {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, @@ -245,6 +245,12 @@ void crypto_init() { #ifdef DROPBEAR_MD5_HMAC &md5_desc, #endif +#ifdef DROPBEAR_SHA2_256_HMAC + &sha256_desc, +#endif +#ifdef DROPBEAR_SHA2_512_HMAC + &sha512_desc, +#endif NULL }; int i; @@ -78,7 +78,7 @@ struct key_context_directional { symmetric_CTR ctr; #endif } cipher_state; - unsigned char mackey[MAX_MAC_KEY]; + unsigned char mackey[MAX_MAC_LEN]; }; struct key_context { diff --git a/sysoptions.h b/sysoptions.h index ec9fc8a..3d54235 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -76,26 +76,19 @@ #define DROPBEAR_SIGNKEY_VERIFY #endif -/* SHA1 is 20 bytes == 160 bits */ #define SHA1_HASH_SIZE 20 -/* SHA512 is 64 bytes == 512 bits */ -#define SHA512_HASH_SIZE 64 -/* MD5 is 16 bytes = 128 bits */ #define MD5_HASH_SIZE 16 -/* largest of MD5 and SHA1 */ -#define MAX_MAC_LEN SHA1_HASH_SIZE - - #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ #define MAX_IV_LEN 20 /* must be same as max blocksize, and >= SHA1_HASH_SIZE */ + #if defined(DROPBEAR_SHA2_512_HMAC) -#define MAX_MAC_KEY 64 +#define MAX_MAC_LEN 64 #elif defined(DROPBEAR_SHA2_256_HMAC) -#define MAX_MAC_KEY 32 +#define MAX_MAC_LEN 32 #else -#define MAX_MAC_KEY 20 +#define MAX_MAC_LEN 20 #endif #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't |