Почетна Преглед Помоћ
Регистрација Пријавите се
publics
/
crypto
0
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Преглед изворни кода

ssh: use io.ReadFull() for reading chacha20-poly1305 packets.

Incomplete reads leave (part of) the verification tag zeroed, leading
to a failing MAC, and this is more likely to happen with larger
packets. The test added in the previous commit should stop this from
regressing.

Reinstate chacha20-poly1305 as a default cipher and prefer it over AES
CTR flavors.

Fixes golang/go#23510

Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6
Reviewed-on: https://go-review.googlesource.com/89075
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Han-Wen Nienhuys пре 7 година
родитељ
31469a2049
комит
d94f6bc902
2 измењених фајлова са 6 додато и 5 уклоњено
Један поглед Покажи статистику Diff
  1. 4 4
      ssh/cipher.go
  2. 2 1
      ssh/common.go

+ 4 - 4
ssh/cipher.go
Прегледај датотеку 

@@ -671,7 +671,7 @@ func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte,
 
 	chacha20.XORKeyStream(polyKey[:], chacha20PolyKeyInput[:], &counter, &c.contentKey)
 
 	chacha20.XORKeyStream(polyKey[:], chacha20PolyKeyInput[:], &counter, &c.contentKey)
 
 
 
 	encryptedLength := c.buf[:4]
 
 	encryptedLength := c.buf[:4]
 
-	if _, err := r.Read(encryptedLength); err != nil {
 
+	if _, err := io.ReadFull(r, encryptedLength); err != nil {
 
 		return nil, err
 
 		return nil, err
 
 	}
 
 	}
 
 
 
@@ -692,13 +692,12 @@ func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte,
 
 		c.buf = c.buf[:packetEnd]
 
 		c.buf = c.buf[:packetEnd]
 
 	}
 
 	}
 
 
 
-	if _, err := r.Read(c.buf[4:packetEnd]); err != nil {
 
-		return nil, err
 
+	if _, err := io.ReadFull(r, c.buf[4:packetEnd]); err != nil {
 
+		return nil, errors.New("ssh: MAC failure")
 
 	}
 
 	}
 
 
 
 	var mac [poly1305.TagSize]byte
 
 	var mac [poly1305.TagSize]byte
 
 	copy(mac[:], c.buf[contentEnd:packetEnd])
 
 	copy(mac[:], c.buf[contentEnd:packetEnd])
 
-
 
 	if !poly1305.Verify(&mac, c.buf[:contentEnd], &polyKey) {
 
 	if !poly1305.Verify(&mac, c.buf[:contentEnd], &polyKey) {
 
 		return nil, errors.New("ssh: MAC failure")
 
 		return nil, errors.New("ssh: MAC failure")
 
 	}
 
 	}
 
@@ -720,6 +719,7 @@ func (c *chacha20Poly1305Cipher) readPacket(seqNum uint32, r io.Reader) ([]byte,
 
 	}
 
 	}
 
 
 
 	plain = plain[1 : len(plain)-int(padding)]
 
 	plain = plain[1 : len(plain)-int(padding)]
 
+
 
 	return plain, nil
 
 	return plain, nil
 
 }
 
 }

+ 2 - 1
ssh/common.go
Прегледај датотеку 

@@ -36,8 +36,9 @@ var supportedCiphers = []string{
 
 
 
 // preferredCiphers specifies the default preference for ciphers.
 
 // preferredCiphers specifies the default preference for ciphers.
 
 var preferredCiphers = []string{
 
 var preferredCiphers = []string{
 
-	"aes128-ctr", "aes192-ctr", "aes256-ctr",
 
 	"aes128-gcm@openssh.com",
 
 	"aes128-gcm@openssh.com",
 
+	chacha20Poly1305ID,
 
+	"aes128-ctr", "aes192-ctr", "aes256-ctr",
 
 }
 
 }
 
 
 
 // supportedKexAlgos specifies the supported key-exchange algorithms in
 
 // supportedKexAlgos specifies the supported key-exchange algorithms in