Tera Term

[Ttssh2-commit] [7006] MAC 方式の管理を、暗号方式を表す値 (hmac_type) から ssh2_macs 内のエントリへのポインタを使うように変更。

scmno****@osdn***** scmno****@osdn*****
2017年 12月 18日 (月) 20:06:10 JST

• 前の記事 [Ttssh2-commit] [7005] パスワード無しで bcrypt_KDF 形式で秘密鍵を保存した時に落ちるのを修正。
• 次の記事 [Ttssh2-commit] [7007] MAC 種別として Implicit を追加 Ticket : #37741
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Revision: 7006
          http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7006
Author:   doda
Date:     2017-12-18 20:06:09 +0900 (Mon, 18 Dec 2017)
Log Message:
-----------
MAC 方式の管理を、暗号方式を表す値(hmac_type)から ssh2_macs 内のエントリへのポインタを使うように変更。

これにより、MAC 式のパラメータ(truncatebits等)が容易に参照できるようになる。
また、TInstVar 内でも ctos_hmac/stoc_hmac のように方向を名前で分けるのではなく、
macs[MODE] のように配列にする事で扱い易くする。

Modified Paths:
--------------
    trunk/ttssh2/ttxssh/ssh.c
    trunk/ttssh2/ttxssh/ssh.h
    trunk/ttssh2/ttxssh/ttxssh.c
    trunk/ttssh2/ttxssh/ttxssh.h

-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c	2017-12-18 11:06:06 UTC (rev 7005)
+++ trunk/ttssh2/ttxssh/ssh.c	2017-12-18 11:06:09 UTC (rev 7006)
@@ -3165,8 +3165,8 @@
 	UTIL_get_lang_msg("DLG_ABOUT_MAC_INFO", pvar,
 	                  "%s to server, %s from server");
 	_snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
-	            get_ssh2_mac_name(pvar->ctos_hmac),
-	            get_ssh2_mac_name(pvar->stoc_hmac));
+	            get_ssh2_mac_name(pvar->macs[MODE_OUT]),
+	            get_ssh2_mac_name(pvar->macs[MODE_IN]));
 }
 
 void SSH_end(PTInstVar pvar)
@@ -4216,64 +4216,63 @@
 	return EVP_md_null();
 }
 
-char* get_ssh2_mac_name(hmac_type type)
+SSH2Mac *get_ssh2_mac(SSH2MacId id)
 {
-	ssh2_mac_t *ptr = ssh2_macs;
+	SSH2Mac *ptr = ssh2_macs;
 
 	while (ptr->name != NULL) {
-		if (type == ptr->type) {
-			return ptr->name;
+		if (ptr->id == id) {
+			return ptr;
 		}
 		ptr++;
 	}
 
-	// not found.
-	return "unknown";
+	return NULL;
 }
 
-const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type)
+char* get_ssh2_mac_name(SSH2Mac *mac)
 {
-	ssh2_mac_t *ptr = ssh2_macs;
-
-	while (ptr->name != NULL) {
-		if (type == ptr->type) {
-			return ptr->evp_md();
-		}
-		ptr++;
+	if (mac) {
+		return mac->name;
 	}
+	else {
+		return "unknown";
+	}
+}
 
-	// not found.
-	return EVP_md_null();
+char* get_ssh2_mac_name_by_id(SSH2MacId id)
+{
+	return get_ssh2_mac_name(get_ssh2_mac(id));
 }
 
-int get_ssh2_mac_truncatebits(hmac_type type)
+const EVP_MD* get_ssh2_mac_EVP_MD(SSH2Mac *mac)
 {
-	ssh2_mac_t *ptr = ssh2_macs;
+	if (mac) {
+		return mac->evp_md();
+	}
+	else {
+		return EVP_md_null();
+	}
+}
 
-	while (ptr->name != NULL) {
-		if (type == ptr->type) {
-			return ptr->truncatebits;
-		}
-		ptr++;
+int get_ssh2_mac_truncatebits(SSH2Mac *mac)
+{
+	if (mac) {
+		return mac->truncatebits;
 	}
-
-	// not found.
-	return 0;
+	else {
+		return 0;
+	}
 }
 
-int get_ssh2_mac_etm(hmac_type type)
+int get_ssh2_mac_etm(SSH2Mac *mac)
 {
-	ssh2_mac_t *ptr = ssh2_macs;
-
-	while (ptr->name != NULL) {
-		if (type == ptr->type) {
-			return ptr->etm;
-		}
-		ptr++;
+	if (mac) {
+		return mac->etm;
 	}
-
-	// not found
-	return 0;
+	else {
+		return 0;
+	}
 }
 
 char* get_ssh2_comp_name(compression_type type)
@@ -4580,7 +4579,7 @@
 		index = pvar->settings.MacOrder[i] - '0';
 		if (index == HMAC_NONE) // disabled line
 			break;
-		strncat_s(buf, sizeof(buf), get_ssh2_mac_name(index), _TRUNCATE);
+		strncat_s(buf, sizeof(buf), get_ssh2_mac_name_by_id(index), _TRUNCATE);
 		strncat_s(buf, sizeof(buf), ",", _TRUNCATE);
 	}
 	len = strlen(buf);
@@ -4730,23 +4729,21 @@
 }
 
 
-static hmac_type choose_SSH2_hmac_algorithm(char *server_proposal, char *my_proposal)
+static SSH2Mac *choose_SSH2_mac_algorithm(char *server_proposal, char *my_proposal)
 {
-	hmac_type type = HMAC_UNKNOWN;
 	char str_hmac[64];
-	ssh2_mac_t *ptr = ssh2_macs;
+	SSH2Mac *ptr = ssh2_macs;
 
 	choose_SSH2_proposal(server_proposal, my_proposal, str_hmac, sizeof(str_hmac));
 
 	while (ptr->name != NULL) {
 		if (strcmp(ptr->name, str_hmac) == 0) {
-			type = ptr->type;
-			break;
+			return ptr;
 		}
 		ptr++;
 	}
 
-	return (type);
+	return (NULL);
 }
 
 
@@ -4783,17 +4780,11 @@
 	unsigned int need = 0;
 	const EVP_MD *md;
 	SSH2Cipher *cipher;
-	hmac_type mac;
+	SSH2Mac *mac;
 
 	for (mode = 0; mode < MODE_MAX; mode++) {
-		if (mode == MODE_OUT) {
-			mac = pvar->ctos_hmac;
-		}
-		else {
-			mac = pvar->stoc_hmac;
-		}
-
 		cipher = pvar->ciphers[mode];
+		mac = pvar->macs[mode];
 
 		// current_keys[]\x82ɐݒ肵\x82Ă\xA8\x82\xA2\x82āA\x82\xA0\x82Ƃ\xC5 pvar->ssh2_keys[] \x82փR\x83s\x81[\x82\xB7\x82\xE9\x81B
 		md = get_ssh2_mac_EVP_MD(mac);
@@ -4817,9 +4808,7 @@
 		// \x8C\xBB\x8E\x9E\x93_\x82ł\xCDMAC\x82\xCDdisable
 		pvar->ssh2_keys[mode].mac.enabled = 0;
 		pvar->ssh2_keys[mode].comp.enabled = 0; // (2005.7.9 yutaka)
-	}
 
-	for (mode = 0; mode < MODE_MAX; mode++) {
 		need = max(need, current_keys[mode].enc.key_len);
 		need = max(need, current_keys[mode].enc.block_size);
 		need = max(need, current_keys[mode].enc.iv_len);
@@ -4991,8 +4980,8 @@
 
 	logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm client to server: %s", buf);
 
-	pvar->ctos_hmac = choose_SSH2_hmac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]);
-	if (pvar->ctos_hmac == HMAC_UNKNOWN) { // not match
+	pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]);
+	if (pvar->macs[MODE_OUT] == NULL) { // not match
 		strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE);
 		strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
 		msg = tmp;
@@ -5010,8 +4999,8 @@
 
 	logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm server to client: %s", buf);
 
-	pvar->stoc_hmac = choose_SSH2_hmac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]);
-	if (pvar->stoc_hmac == HMAC_UNKNOWN) { // not match
+	pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]);
+	if (pvar->macs[MODE_IN] == NULL) { // not match
 		strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE);
 		strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
 		msg = tmp;
@@ -5078,11 +5067,11 @@
 
 	logprintf(LOG_LEVEL_VERBOSE,
 		"MAC algorithm client to server: %s",
-		get_ssh2_mac_name(pvar->ctos_hmac));
+		get_ssh2_mac_name(pvar->macs[MODE_OUT]));
 
 	logprintf(LOG_LEVEL_VERBOSE,
 		"MAC algorithm server to client: %s",
-		get_ssh2_mac_name(pvar->stoc_hmac));
+		get_ssh2_mac_name(pvar->macs[MODE_IN]));
 
 	logprintf(LOG_LEVEL_VERBOSE,
 		"compression algorithm client to server: %s",

Modified: trunk/ttssh2/ttxssh/ssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ssh.h	2017-12-18 11:06:06 UTC (rev 7005)
+++ trunk/ttssh2/ttxssh/ssh.h	2017-12-18 11:06:09 UTC (rev 7006)
@@ -479,17 +479,17 @@
 	HMAC_SHA2_512_EtM,
 	HMAC_UNKNOWN,
 	HMAC_MAX = HMAC_UNKNOWN,
-} hmac_type;
+} SSH2MacId;
 
 typedef struct ssh2_mac {
-	hmac_type type;
+	SSH2MacId id;
 	char *name;
 	const EVP_MD *(*evp_md)(void);
 	int truncatebits;
 	int etm;
-} ssh2_mac_t;
+} SSH2Mac;
 
-static ssh2_mac_t ssh2_macs[] = {
+static SSH2Mac ssh2_macs[] = {
 	{HMAC_SHA1,         "hmac-sha1",                     EVP_sha1,      0,  0}, // RFC4253
 	{HMAC_MD5,          "hmac-md5",                      EVP_md5,       0,  0}, // RFC4253
 	{HMAC_SHA1_96,      "hmac-sha1-96",                  EVP_sha1,      96, 0}, // RFC4253
@@ -781,9 +781,11 @@
 char* get_kex_algorithm_name(kex_algorithm kextype);
 const EVP_CIPHER* get_cipher_EVP_CIPHER(SSH2Cipher *cipher);
 const EVP_MD* get_kex_algorithm_EVP_MD(kex_algorithm kextype);
-char* get_ssh2_mac_name(hmac_type type);
-const EVP_MD* get_ssh2_mac_EVP_MD(hmac_type type);
-int get_ssh2_mac_truncatebits(hmac_type type);
+SSH2Mac *get_ssh2_mac(SSH2MacId id);
+char* get_ssh2_mac_name(SSH2Mac *mac);
+char* get_ssh2_mac_name_by_id(SSH2MacId id);
+const EVP_MD* get_ssh2_mac_EVP_MD(SSH2Mac *mac);
+int get_ssh2_mac_truncatebits(SSH2Mac *mac);
 char* get_ssh2_comp_name(compression_type type);
 char* get_ssh_keytype_name(ssh_keytype type);
 char* get_digest_algorithm_name(digest_algorithm id);

Modified: trunk/ttssh2/ttxssh/ttxssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.c	2017-12-18 11:06:06 UTC (rev 7005)
+++ trunk/ttssh2/ttxssh/ttxssh.c	2017-12-18 11:06:09 UTC (rev 7006)
@@ -2833,7 +2833,7 @@
 							  "<MACs below this line are disabled>");
 			name = pvar->ts->UIMsg;
 		} else {
-			name = get_ssh2_mac_name(index);
+			name = get_ssh2_mac_name_by_id(index);
 		}
 
 		if (name != NULL) {
@@ -3093,7 +3093,7 @@
 			SendMessage(cipherControl, LB_GETTEXT, i, (LPARAM) buf);
 			for (j = 0;
 				j <= HMAC_MAX
-				&& strcmp(buf, get_ssh2_mac_name(j)) != 0; j++) {
+				&& strcmp(buf, get_ssh2_mac_name_by_id(j)) != 0; j++) {
 			}
 			if (j <= HMAC_MAX) {
 				buf2[buf2index] = '0' + j;

Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h	2017-12-18 11:06:06 UTC (rev 7005)
+++ trunk/ttssh2/ttxssh/ttxssh.h	2017-12-18 11:06:09 UTC (rev 7006)
@@ -258,8 +258,7 @@
 	kex_algorithm kex_type; // KEX algorithm
 	ssh_keytype hostkey_type;
 	SSH2Cipher *ciphers[MODE_MAX];
-	hmac_type ctos_hmac;
-	hmac_type stoc_hmac;
+	SSH2Mac *macs[MODE_MAX];
 	compression_type ctos_compression;
 	compression_type stoc_compression;
 	int we_need;

• 前の記事 [Ttssh2-commit] [7005] パスワード無しで bcrypt_KDF 形式で秘密鍵を保存した時に落ちるのを修正。
• 次の記事 [Ttssh2-commit] [7007] MAC 種別として Implicit を追加 Ticket : #37741
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]