version 1.43.2.2, 2002/03/09 00:20:44 |
version 1.43.2.3, 2002/06/02 22:56:10 |
|
|
{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, |
{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, |
{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, |
{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, |
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, |
{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, |
|
{ "rijndael-cbc@lysator.liu.se", |
|
SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, |
|
|
{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } |
{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } |
}; |
}; |
|
|
/*--*/ |
/*--*/ |
|
|
u_int |
u_int |
cipher_blocksize(Cipher *c) |
cipher_blocksize(Cipher *c) |
{ |
{ |
return (c->block_size); |
return (c->block_size); |
} |
} |
u_int |
u_int |
cipher_keylen(Cipher *c) |
cipher_keylen(Cipher *c) |
{ |
{ |
return (c->key_len); |
return (c->key_len); |
} |
} |
|
u_int |
|
cipher_get_number(Cipher *c) |
|
{ |
|
return (c->number); |
|
} |
|
|
u_int |
u_int |
cipher_mask_ssh1(int client) |
cipher_mask_ssh1(int client) |
|
|
rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | |
rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | |
EVP_CIPH_ALWAYS_CALL_INIT; |
EVP_CIPH_ALWAYS_CALL_INIT; |
return (&rijndal_cbc); |
return (&rijndal_cbc); |
|
} |
|
|
|
/* |
|
* Exports an IV from the CipherContext required to export the key |
|
* state back from the unprivileged child to the privileged parent |
|
* process. |
|
*/ |
|
|
|
int |
|
cipher_get_keyiv_len(CipherContext *cc) |
|
{ |
|
Cipher *c = cc->cipher; |
|
int ivlen; |
|
|
|
if (c->number == SSH_CIPHER_3DES) |
|
ivlen = 24; |
|
else |
|
ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); |
|
return (ivlen); |
|
} |
|
|
|
void |
|
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) |
|
{ |
|
Cipher *c = cc->cipher; |
|
u_char *civ = NULL; |
|
int evplen; |
|
|
|
switch (c->number) { |
|
case SSH_CIPHER_SSH2: |
|
case SSH_CIPHER_DES: |
|
case SSH_CIPHER_BLOWFISH: |
|
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); |
|
if (evplen == 0) |
|
return; |
|
if (evplen != len) |
|
fatal("%s: wrong iv length %d != %d", __FUNCTION__, |
|
evplen, len); |
|
|
|
if (c->evptype == evp_rijndael) { |
|
struct ssh_rijndael_ctx *aesc; |
|
|
|
aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); |
|
if (aesc == NULL) |
|
fatal("%s: no rijndael context", __FUNCTION__); |
|
civ = aesc->r_iv; |
|
} else { |
|
civ = cc->evp.iv; |
|
} |
|
break; |
|
case SSH_CIPHER_3DES: { |
|
struct ssh1_3des_ctx *desc; |
|
if (len != 24) |
|
fatal("%s: bad 3des iv length: %d", __FUNCTION__, len); |
|
desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); |
|
if (desc == NULL) |
|
fatal("%s: no 3des context", __FUNCTION__); |
|
debug3("%s: Copying 3DES IV", __FUNCTION__); |
|
memcpy(iv, desc->k1.iv, 8); |
|
memcpy(iv + 8, desc->k2.iv, 8); |
|
memcpy(iv + 16, desc->k3.iv, 8); |
|
return; |
|
} |
|
default: |
|
fatal("%s: bad cipher %d", __FUNCTION__, c->number); |
|
} |
|
memcpy(iv, civ, len); |
|
} |
|
|
|
void |
|
cipher_set_keyiv(CipherContext *cc, u_char *iv) |
|
{ |
|
Cipher *c = cc->cipher; |
|
u_char *div = NULL; |
|
int evplen = 0; |
|
|
|
switch (c->number) { |
|
case SSH_CIPHER_SSH2: |
|
case SSH_CIPHER_DES: |
|
case SSH_CIPHER_BLOWFISH: |
|
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); |
|
if (evplen == 0) |
|
return; |
|
|
|
if (c->evptype == evp_rijndael) { |
|
struct ssh_rijndael_ctx *aesc; |
|
|
|
aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); |
|
if (aesc == NULL) |
|
fatal("%s: no rijndael context", __FUNCTION__); |
|
div = aesc->r_iv; |
|
}else { |
|
div = cc->evp.iv; |
|
} |
|
break; |
|
case SSH_CIPHER_3DES: { |
|
struct ssh1_3des_ctx *desc; |
|
desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); |
|
if (desc == NULL) |
|
fatal("%s: no 3des context", __FUNCTION__); |
|
debug3("%s: Installed 3DES IV", __FUNCTION__); |
|
memcpy(desc->k1.iv, iv, 8); |
|
memcpy(desc->k2.iv, iv + 8, 8); |
|
memcpy(desc->k3.iv, iv + 16, 8); |
|
return; |
|
} |
|
default: |
|
fatal("%s: bad cipher %d", __FUNCTION__, c->number); |
|
} |
|
memcpy(div, iv, evplen); |
|
} |
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x00907000L |
|
#define EVP_X_STATE(evp) &(evp).c |
|
#define EVP_X_STATE_LEN(evp) sizeof((evp).c) |
|
#else |
|
#define EVP_X_STATE(evp) (evp).cipher_data |
|
#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size |
|
#endif |
|
|
|
int |
|
cipher_get_keycontext(CipherContext *cc, u_char *dat) |
|
{ |
|
Cipher *c = cc->cipher; |
|
int plen; |
|
|
|
if (c->number == SSH_CIPHER_3DES) { |
|
struct ssh1_3des_ctx *desc; |
|
desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); |
|
if (desc == NULL) |
|
fatal("%s: no 3des context", __FUNCTION__); |
|
plen = EVP_X_STATE_LEN(desc->k1); |
|
if (dat == NULL) |
|
return (3*plen); |
|
memcpy(dat, EVP_X_STATE(desc->k1), plen); |
|
memcpy(dat + plen, EVP_X_STATE(desc->k2), plen); |
|
memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen); |
|
return (3*plen); |
|
} |
|
|
|
/* Generic EVP */ |
|
plen = EVP_X_STATE_LEN(cc->evp); |
|
if (dat == NULL) |
|
return (plen); |
|
|
|
memcpy(dat, EVP_X_STATE(cc->evp), plen); |
|
return (plen); |
|
} |
|
|
|
void |
|
cipher_set_keycontext(CipherContext *cc, u_char *dat) |
|
{ |
|
Cipher *c = cc->cipher; |
|
int plen; |
|
|
|
if (c->number == SSH_CIPHER_3DES) { |
|
struct ssh1_3des_ctx *desc; |
|
desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); |
|
if (desc == NULL) |
|
fatal("%s: no 3des context", __FUNCTION__); |
|
plen = EVP_X_STATE_LEN(desc->k1); |
|
memcpy(EVP_X_STATE(desc->k1), dat, plen); |
|
memcpy(EVP_X_STATE(desc->k2), dat + plen, plen); |
|
memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen); |
|
} else { |
|
plen = EVP_X_STATE_LEN(cc->evp); |
|
memcpy(EVP_X_STATE(cc->evp), dat, plen); |
|
} |
} |
} |