char*
only_fips_valid_macs(const char* names)
{
Buffer b;
char *fips_names, *cp, *p;
if (names == NULL || *names == '\0')
return NULL;
buffer_init(&b);
/* default set in myproposals.h */
cp = xstrdup(names);
for (p = strsep(&cp, MAC_SEP);
p && *p != '\0';
p = strsep(&cp, MAC_SEP)
) {
if (mac_setup(NULL, p) < 0) continue;
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
buffer_append(&b, p, strlen(p));
}
buffer_append(&b, "\0", 1);
fips_names = xstrdup(buffer_ptr(&b));
buffer_free(&b);
debug3("%s: fips_macs: [%s]", __func__, fips_names);
return fips_names;
}
/* Export key state after authentication */
Newkeys *
mm_newkeys_from_blob(u_char *blob, int blen)
{
Buffer b;
u_int len;
Newkeys *newkey = NULL;
Enc *enc;
Mac *mac;
Comp *comp;
debug3("%s: %p(%d)", __func__, blob, blen);
#ifdef DEBUG_PK
dump_base64(stderr, blob, blen);
#endif
buffer_init(&b);
buffer_append(&b, blob, blen);
newkey = xmalloc(sizeof(*newkey));
enc = &newkey->enc;
mac = &newkey->mac;
comp = &newkey->comp;
/* Enc structure */
enc->name = buffer_get_string(&b, NULL);
buffer_get(&b, &enc->cipher, sizeof(enc->cipher));
enc->enabled = buffer_get_int(&b);
enc->block_size = buffer_get_int(&b);
enc->key = buffer_get_string(&b, &enc->key_len);
enc->iv = buffer_get_string(&b, &len);
if (len != enc->block_size)
fatal("%s: bad ivlen: expected %u != %u", __func__,
enc->block_size, len);
if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
fatal("%s: bad cipher name %s or pointer %p", __func__,
enc->name, enc->cipher);
/* Mac structure */
mac->name = buffer_get_string(&b, NULL);
if (mac->name == NULL || mac_setup(mac, mac->name) == -1)
fatal("%s: can not setup mac %s", __func__, mac->name);
mac->enabled = buffer_get_int(&b);
mac->key = buffer_get_string(&b, &len);
if (len > mac->key_len)
fatal("%s: bad mac key length: %u > %d", __func__, len,
mac->key_len);
mac->key_len = len;
/* Comp structure */
comp->type = buffer_get_int(&b);
comp->enabled = buffer_get_int(&b);
comp->name = buffer_get_string(&b, NULL);
len = buffer_len(&b);
if (len != 0)
error("newkeys_from_blob: remaining bytes in blob %u", len);
buffer_free(&b);
return (newkey);
}
static void
choose_mac(Mac *mac, char *client, char *server)
{
char *name = match_list(client, server, NULL);
if (name == NULL)
fatal("no matching mac found: client %s server %s",
client, server);
if (mac_setup(mac, name) < 0)
fatal("unsupported mac %s", name);
/* truncate the key */
if (datafellows & SSH_BUG_HMAC)
mac->key_len = 16;
mac->name = name;
mac->key = NULL;
mac->enabled = 0;
}
static int
choose_mac(struct ssh *ssh, struct sshmac *mac, char *client, char *server)
{
char *name = match_list(client, server, NULL);
if (name == NULL)
return SSH_ERR_NO_MAC_ALG_MATCH;
if (mac_setup(mac, name) < 0)
return SSH_ERR_INTERNAL_ERROR;
/* truncate the key */
if (ssh->compat & SSH_BUG_HMAC)
mac->key_len = 16;
mac->name = name;
mac->key = NULL;
mac->enabled = 0;
return 0;
}
int
mac_valid(const char *names)
{
char *maclist, *cp, *p;
if (names == NULL || strcmp(names, "") == 0)
return 0;
if ((maclist = cp = strdup(names)) == NULL)
return 0;
for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
(p = strsep(&cp, MAC_SEP))) {
if (mac_setup(NULL, p) < 0) {
free(maclist);
return 0;
}
}
free(maclist);
return 1;
}
int
mac_valid(const char *names)
{
char *maclist, *cp, *p;
if (names == NULL || strcmp(names, "") == 0)
return (0);
maclist = cp = xstrdup(names);
for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
(p = strsep(&cp, MAC_SEP))) {
if (mac_setup(NULL, p) < 0) {
debug("bad mac %s [%s]", p, names);
free(maclist);
return (0);
}
}
debug3("macs ok: [%s]", names);
free(maclist);
return (1);
}
