[7008] AEAD 暗号使用時は MAC Negotiation の結果を無視するようにした #37750 (Ttssh2-commit) - Tera Term

Revision: 7008
          http://sourceforge.jp/projects/ttssh2/scm/svn/commits/7008
Author:   doda
Date:     2017-12-18 20:06:16 +0900 (Mon, 18 Dec 2017)
Log Message:
-----------
AEAD 暗号使用時は MAC Negotiation の結果を無視するようにした #37750

併せて、AEAD 暗号使用時に About TTSSH ダイアログで MAC 方式を <implicit>
と表示するようにした。 #37741

Ticket Links:
------------
    http://sourceforge.jp/projects/ttssh2/tracker/detail/37750
    http://sourceforge.jp/projects/ttssh2/tracker/detail/37741

Modified Paths:
--------------
    trunk/doc/en/html/about/history.html
    trunk/doc/ja/html/about/history.html
    trunk/ttssh2/ttxssh/ssh.c

-------------- next part --------------
Modified: trunk/doc/en/html/about/history.html
===================================================================

--- trunk/doc/en/html/about/history.html	2017-12-18 11:06:13 UTC (rev 7007)
+++ trunk/doc/en/html/about/history.html	2017-12-18 11:06:16 UTC (rev 7008)
@@ -33,6 +33,11 @@
 
 <h3><a name="teraterm_4.98">2018.02.28 (Ver 4.98) not released</a></h3>
 <ul class="history">
+  <li>Misc
+    <ul>
+      <li>upgraded TTSSH to <a href="#ttssh_2.84">2.84</a>.</li>
+    </ul>
+  </li>
 </ul>
 
 
@@ -2968,7 +2973,9 @@
   <li>Bug fixes
     <ul>
       <!--li>\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x83_\x83C\x83A\x83\x8D\x83O\x82̃T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̎w\x96\xE4\x82ɁA\x93\xAF\x88\xEA\x83T\x81[\x83o\x82Őڑ\xB1\x82Ɏg\x97p\x82\xB3\x82\xEA\x82Ă\xA2\x82Ȃ\xA2\x95\xFB\x8E\xAE\x82̌\xAE\x82\xAA\x95\\x8E\xA6\x82\xB3\x82\xEA\x82邱\x82Ƃ\xAA\x82\xA0\x82\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li-->
-      <!--li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <li><a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li-->
+      <!--li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li-->
+      <li>When using aes12****@opens***** or aes25****@opens***** as symmetric cipher algorithm, connection is terminated if MAC algorithm cannot negotiate.</li>
+      <li>When using aes12****@opens***** or aes25****@opens***** as symmetric cipher algorithm, un-used MAC algorithm is displayed on "About TTSSH" dialog.</li>
     </ul>
   </li>
 </ul>

Modified: trunk/doc/ja/html/about/history.html
===================================================================
--- trunk/doc/ja/html/about/history.html	2017-12-18 11:06:13 UTC (rev 7007)
+++ trunk/doc/ja/html/about/history.html	2017-12-18 11:06:16 UTC (rev 7008)
@@ -33,6 +33,11 @@
 
 <h3><a name="teraterm_4.98">2018.02.28 (Ver 4.98) not released</a></h3>
 <ul class="history">
+  <li>\x82\xBB\x82̑\xBC
+    <ul>
+      <li><a href="#ttssh_2.84">TTSSH(2.84)</a>\x82֍\xB7\x82\xB5\x91ւ\xA6\x82\xBD\x81B</li>
+    </ul>
+  </li>
 </ul>
 
 
@@ -2974,7 +2979,9 @@
   <li>\x83o\x83O\x8FC\x90\xB3
     <ul>
       <li>\x83o\x81[\x83W\x83\x87\x83\x93\x8F\xEE\x95\xF1\x83_\x83C\x83A\x83\x8D\x83O\x82̃T\x81[\x83o\x83z\x83X\x83g\x8C\xAE\x82̎w\x96\xE4\x82ɁA\x93\xAF\x88\xEA\x83T\x81[\x83o\x82Őڑ\xB1\x82Ɏg\x97p\x82\xB3\x82\xEA\x82Ă\xA2\x82Ȃ\xA2\x95\xFB\x8E\xAE\x82̌\xAE\x82\xAA\x95\\x8E\xA6\x82\xB3\x82\xEA\x82邱\x82Ƃ\xAA\x82\xA0\x82\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li>
-      <li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <li><a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li>
+      <li>\x83V\x83\x8A\x83A\x83\x8B\x83|\x81[\x83g\x90ڑ\xB1\x8E\x9E\x82\xC9 <a href="../menu/file.html">[File]</a> \x83\x81\x83j\x83\x85\x81[\x82\xCC [SSH SCP] \x82\xAA\x96\xB3\x8C\xF8\x82ɂȂ\xE7\x82Ȃ\xA2\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li>
+      <li>\x88Í\x86\x95\xFB\x8E\xAE\x82\xC5 aes12****@opens***** \x82܂\xBD\x82\xCD aes25****@opens***** \x82\xF0\x8Eg\x97p\x8E\x9E\x81AMAC \x95\xFB\x8E\xAE\x82̃l\x83S\x83V\x83G\x81[\x83V\x83\x87\x83\x93\x82\xAA\x8Ds\x82\xA6\x82Ȃ\xA9\x82\xC1\x82\xBD\x8E\x9E\x82ɐڑ\xB1\x82\xF0\x90؂\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li>
+      <li>\x88Í\x86\x95\xFB\x8E\xAE\x82\xC5 aes12****@opens***** \x82܂\xBD\x82\xCD aes25****@opens***** \x82\xF0\x8Eg\x97p\x8E\x9E\x81A"About TTSSH" \x83_\x83C\x83A\x83\x8D\x83O\x82Ŏg\x97p\x82\xB5\x82Ă\xA2\x82Ȃ\xA2 MAC \x95\xFB\x8E\xAE\x82\xF0\x95\\x8E\xA6\x82\xB7\x82\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li>
     </ul>
   </li>
 </ul>

Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c	2017-12-18 11:06:13 UTC (rev 7007)
+++ trunk/ttssh2/ttxssh/ssh.c	2017-12-18 11:06:16 UTC (rev 7008)
@@ -4980,15 +4980,20 @@
 
 	logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm client to server: %s", buf);
 
-	pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]);
-	if (pvar->macs[MODE_OUT] == NULL) { // not match
-		strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE);
-		strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
-		msg = tmp;
-		goto error;
+	if (pvar->ciphers[MODE_OUT]->auth_len > 0) {
+		logputs(LOG_LEVEL_VERBOSE, "AEAD cipher is selected, ignoring MAC algorithms. (c2s)");
+		pvar->macs[MODE_OUT] = get_ssh2_mac(HMAC_IMPLICIT);
 	}
+	else {
+		pvar->macs[MODE_OUT] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_CTOS]);
+		if (pvar->macs[MODE_OUT] == NULL) { // not match
+			strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE);
+			strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
+			msg = tmp;
+			goto error;
+		}
+	}
 
-
 	size = get_payload_uint32(pvar, offset);
 	offset += 4;
 	for (i = 0; i < size; i++) {
@@ -4999,15 +5004,20 @@
 
 	logprintf(LOG_LEVEL_VERBOSE, "server proposal: MAC algorithm server to client: %s", buf);
 
-	pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]);
-	if (pvar->macs[MODE_IN] == NULL) { // not match
-		strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE);
-		strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
-		msg = tmp;
-		goto error;
+	if (pvar->ciphers[MODE_IN]->auth_len > 0) {
+		logputs(LOG_LEVEL_VERBOSE, "AEAD cipher is selected, ignoring MAC algorithms. (s2c)");
+		pvar->macs[MODE_IN] = get_ssh2_mac(HMAC_IMPLICIT);
 	}
+	else {
+		pvar->macs[MODE_IN] = choose_SSH2_mac_algorithm(buf, myproposal[PROPOSAL_MAC_ALGS_STOC]);
+		if (pvar->macs[MODE_IN] == NULL) { // not match
+			strncpy_s(tmp, sizeof(tmp), "unknown MAC algorithm: ", _TRUNCATE);
+			strncat_s(tmp, sizeof(tmp), buf, _TRUNCATE);
+			msg = tmp;
+			goto error;
+		}
+	}
 
-
 	// \x88\xB3\x8Fk\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82̌\x88\x92\xE8
 	// pvar->ssh_state.compressing = FALSE; \x82Ƃ\xB5\x82ĉ\xBA\x8BL\x83\x81\x83\x93\x83o\x82\xF0\x8Eg\x97p\x82\xB7\x82\xE9\x81B
 	// (2005.7.9 yutaka)


Tera Term

[Ttssh2-commit] [7008] AEAD 暗号使用時は MAC Negotiation の結果を無視するようにした #37750