add SSH-style padding

sjaeckel · sjaeckel · commit 11590de2414c · 2022-02-10T16:15:14.000+01:00
Signed-off-by: Steffen Jaeckel &lt;s@jaeckel.eu&gt;
diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h
@@ -146,6 +146,7 @@ enum padding_type {
    LTC_PAD_ISO_10126    = 0x1000U,
 #endif
    LTC_PAD_ANSI_X923    = 0x2000U,
+   LTC_PAD_SSH          = 0x3000U,
    /* The following padding modes don't contain the padding
     * length as last byte of the padding.
     */
diff --git a/src/misc/padding/padding_depad.c b/src/misc/padding/padding_depad.c
@@ -53,6 +53,12 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon
          /* nop */
          break;
 #endif
+      case LTC_PAD_SSH:
+         pad = 0x1;
+         for (n = unpadded_length; n < padded_length; ++n) {
+            if (data[n] != pad++) return CRYPT_INVALID_PACKET;
+         }
+         break;
       case LTC_PAD_ONE_AND_ZERO:
          while (unpadded_length > 0 && data[unpadded_length - 1] != 0x80) {
             if (data[unpadded_length - 1] != 0x0) return CRYPT_INVALID_PACKET;
diff --git a/src/misc/padding/padding_pad.c b/src/misc/padding/padding_pad.c
@@ -32,6 +32,7 @@ static int s_padding_padded_length(unsigned long *length, unsigned long mode)
       case LTC_PAD_PKCS7:
       case LTC_PAD_ONE_AND_ZERO:
       case LTC_PAD_ZERO_ALWAYS:
+      case LTC_PAD_SSH:
          t = 1;
          break;
 #ifdef LTC_RNG_GET_BYTES
@@ -78,10 +79,10 @@ static int s_padding_padded_length(unsigned long *length, unsigned long mode)
 */
 int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded_length, unsigned long mode)
 {
-   unsigned long l;
+   unsigned long l, n;
    enum padding_type type;
    int err;
-   unsigned char diff;
+   unsigned char diff, pad;
 
    LTC_ARGCHK(data          != NULL);
    LTC_ARGCHK(padded_length != NULL);
@@ -125,6 +126,12 @@ int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded
          XMEMSET(&data[length], 0, diff-1);
          data[l-1] =  diff;
          break;
+      case LTC_PAD_SSH:
+         pad = 0x1;
+         for (n = length; n < l; ++n) {
+            data[n] = pad++;
+         }
+         break;
       case LTC_PAD_ONE_AND_ZERO:
          XMEMSET(&data[length + 1], 0, diff);
          data[length] =  0x80;
diff --git a/tests/padding_test.c b/tests/padding_test.c
@@ -88,6 +88,18 @@ static int s_cmp_zero(const padding_testcase* t, const unsigned char* p, unsigne
    return CRYPT_OK;
 }
 
+static int s_cmp_ssh(const padding_testcase* t, const unsigned char* p, unsigned long len)
+{
+   unsigned long n, diff = len - t->is;
+   unsigned char pad = 0x1;
+   DOX(EQ(len, t->should), t->name);
+   for (n = len - diff; n < len; ++n) {
+      DOX(EQ(p[n], pad), t->name);
+      pad++;
+   }
+   return CRYPT_OK;
+}
+
 static int s_padding_testrun(const padding_testcase* t)
 {
    unsigned long len;
@@ -126,6 +138,13 @@ int padding_test(void)
                              { 255, 256,   0, LTC_PAD_ANSI_X923 | 16, "255-x923", s_cmp_x923 },
                              { 256, 272,   0, LTC_PAD_ANSI_X923 | 16, "256-x923", s_cmp_x923 },
 
+                             {   0,  16,   0, LTC_PAD_SSH | 16, "0-ssh",   s_cmp_ssh },
+                             {   1,  16,   0, LTC_PAD_SSH | 16, "1-ssh",   s_cmp_ssh },
+                             {  15,  16,   0, LTC_PAD_SSH | 16, "15-ssh",  s_cmp_ssh },
+                             {  16,  32,   0, LTC_PAD_SSH | 16, "16-ssh",  s_cmp_ssh },
+                             { 255, 256,   0, LTC_PAD_SSH | 16, "255-ssh", s_cmp_ssh },
+                             { 256, 272,   0, LTC_PAD_SSH | 16, "256-ssh", s_cmp_ssh },
+
                              {   0,  16,   0, LTC_PAD_ONE_AND_ZERO | 16, "0-one-and-zero",   s_cmp_oaz },
                              {   1,  16,   0, LTC_PAD_ONE_AND_ZERO | 16, "1-one-and-zero",   s_cmp_oaz },
                              {  15,  16,   0, LTC_PAD_ONE_AND_ZERO | 16, "15-one-and-zero",  s_cmp_oaz },
