Annotation of src/usr.bin/ssh/cipher-3des1.c, Revision 1.12
1.12 ! markus 1: /* $OpenBSD: cipher-3des1.c,v 1.11 2014/07/02 04:59:06 djm Exp $ */
1.1 markus 2: /*
3: * Copyright (c) 2003 Markus Friedl. All rights reserved.
4: *
1.12 ! markus 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
1.1 markus 8: *
9: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
10: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
11: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
12: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
13: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
15: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
16: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
17: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
18: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
19: */
20:
1.6 deraadt 21: #include <sys/types.h>
1.12 ! markus 22: #include <string.h>
1.1 markus 23: #include <openssl/evp.h>
1.5 stevesk 24:
1.11 djm 25: #include "ssherr.h"
1.1 markus 26:
27: /*
28: * This is used by SSH1:
29: *
30: * What kind of triple DES are these 2 routines?
31: *
32: * Why is there a redundant initialization vector?
33: *
34: * If only iv3 was used, then, this would till effect have been
35: * outer-cbc. However, there is also a private iv1 == iv2 which
36: * perhaps makes differential analysis easier. On the other hand, the
37: * private iv1 probably makes the CRC-32 attack ineffective. This is a
38: * result of that there is no longer any known iv1 to use when
39: * choosing the X block.
40: */
41: struct ssh1_3des_ctx
42: {
43: EVP_CIPHER_CTX k1, k2, k3;
44: };
45:
46: const EVP_CIPHER * evp_ssh1_3des(void);
1.11 djm 47: int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
1.1 markus 48:
49: static int
50: ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
51: int enc)
52: {
53: struct ssh1_3des_ctx *c;
54: u_char *k1, *k2, *k3;
55:
56: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
1.11 djm 57: if ((c = calloc(1, sizeof(*c))) == NULL)
58: return 0;
1.1 markus 59: EVP_CIPHER_CTX_set_app_data(ctx, c);
60: }
61: if (key == NULL)
1.11 djm 62: return 1;
1.1 markus 63: if (enc == -1)
64: enc = ctx->encrypt;
65: k1 = k2 = k3 = (u_char *) key;
66: k2 += 8;
67: if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
68: if (enc)
69: k3 += 16;
70: else
71: k1 += 16;
72: }
73: EVP_CIPHER_CTX_init(&c->k1);
74: EVP_CIPHER_CTX_init(&c->k2);
75: EVP_CIPHER_CTX_init(&c->k3);
76: if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
77: EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
78: EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
1.10 djm 79: explicit_bzero(c, sizeof(*c));
1.8 djm 80: free(c);
1.1 markus 81: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
1.11 djm 82: return 0;
1.1 markus 83: }
1.11 djm 84: return 1;
1.1 markus 85: }
86:
87: static int
1.7 djm 88: ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len)
1.1 markus 89: {
90: struct ssh1_3des_ctx *c;
91:
1.11 djm 92: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
93: return 0;
1.1 markus 94: if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
95: EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
96: EVP_Cipher(&c->k3, dest, dest, len) == 0)
1.11 djm 97: return 0;
98: return 1;
1.1 markus 99: }
100:
101: static int
102: ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
103: {
104: struct ssh1_3des_ctx *c;
105:
106: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
1.2 markus 107: EVP_CIPHER_CTX_cleanup(&c->k1);
108: EVP_CIPHER_CTX_cleanup(&c->k2);
109: EVP_CIPHER_CTX_cleanup(&c->k3);
1.10 djm 110: explicit_bzero(c, sizeof(*c));
1.8 djm 111: free(c);
1.1 markus 112: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
113: }
1.11 djm 114: return 1;
1.1 markus 115: }
116:
1.11 djm 117: int
1.1 markus 118: ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len)
119: {
120: struct ssh1_3des_ctx *c;
121:
122: if (len != 24)
1.11 djm 123: return SSH_ERR_INVALID_ARGUMENT;
1.1 markus 124: if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
1.11 djm 125: return SSH_ERR_INTERNAL_ERROR;
1.1 markus 126: if (doset) {
127: memcpy(c->k1.iv, iv, 8);
128: memcpy(c->k2.iv, iv + 8, 8);
129: memcpy(c->k3.iv, iv + 16, 8);
130: } else {
131: memcpy(iv, c->k1.iv, 8);
132: memcpy(iv + 8, c->k2.iv, 8);
133: memcpy(iv + 16, c->k3.iv, 8);
134: }
1.11 djm 135: return 0;
1.1 markus 136: }
137:
138: const EVP_CIPHER *
139: evp_ssh1_3des(void)
140: {
141: static EVP_CIPHER ssh1_3des;
142:
1.12 ! markus 143: memset(&ssh1_3des, 0, sizeof(ssh1_3des));
1.1 markus 144: ssh1_3des.nid = NID_undef;
145: ssh1_3des.block_size = 8;
146: ssh1_3des.iv_len = 0;
147: ssh1_3des.key_len = 16;
148: ssh1_3des.init = ssh1_3des_init;
149: ssh1_3des.cleanup = ssh1_3des_cleanup;
150: ssh1_3des.do_cipher = ssh1_3des_cbc;
151: ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
1.11 djm 152: return &ssh1_3des;
1.1 markus 153: }