src/usr.bin/ssh/cipher.c - diff

Return to cipher.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/cipher.c between version 1.55 and 1.55.2.2

version 1.55, 2002/04/03 09:26:11

version 1.55.2.2, 2002/10/11 14:51:52

Line 42

#include "cipher.h"

#include <openssl/md5.h>

#if OPENSSL_VERSION_NUMBER < 0x00907000L

#include "rijndael.h"

static const EVP_CIPHER *evp_rijndael(void);

#endif

static const EVP_CIPHER *evp_ssh1_3des(void);

static const EVP_CIPHER *evp_ssh1_bf(void);

static EVP_CIPHER *evp_ssh1_3des(void);

static EVP_CIPHER *evp_ssh1_bf(void);

static EVP_CIPHER *evp_rijndael(void);

struct Cipher {

char *name;

int number; /* for ssh1 only */

u_int block_size;

u_int key_len;

EVP_CIPHER *(*evptype)(void);

const EVP_CIPHER *(*evptype)(void);

} ciphers[] = {

{ "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },

{ "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },

Line 64

Line 66

{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },

{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },

{ "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },

#if OPENSSL_VERSION_NUMBER < 0x00907000L

{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },

{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },

{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

{ "rijndael-cbc@lysator.liu.se",

SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

#else

{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc },

{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc },

{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

{ "rijndael-cbc@lysator.liu.se",

SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

#endif

{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }

};

Line 80

Line 90

{

return (c->block_size);

}

u_int

cipher_keylen(Cipher *c)

{

return (c->key_len);

}

u_int

cipher_get_number(Cipher *c)

{

Line 277

Line 289

{

EVP_CIPHER_CTX k1, k2, k3;

};

static int

ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,

int enc)

Line 313

Line 326

}

return (1);

}

static int

ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)

{

Line 328

Line 342

return (0);

return (1);

}

static int

ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)

{

Line 340

Line 355

}

return (1);

}

static EVP_CIPHER *

static const EVP_CIPHER *

evp_ssh1_3des(void)

{

static EVP_CIPHER ssh1_3des;

Line 379

Line 395

*dst++ = c[3];

}

static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;

static int

bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)

{

Line 390

Line 408

swap_bytes(out, out, len);

return (ret);

}

static EVP_CIPHER *

static const EVP_CIPHER *

evp_ssh1_bf(void)

{

static EVP_CIPHER ssh1_bf;

Line 403

Line 422

return (&ssh1_bf);

}

#if OPENSSL_VERSION_NUMBER < 0x00907000L

/* RIJNDAEL */

#define RIJNDAEL_BLOCKSIZE 16

struct ssh_rijndael_ctx

Line 431

Line 451

memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);

return (1);

}

static int

ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,

u_int len)

Line 476

Line 497

}

return (1);

}

static int

ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)

{

Line 488

Line 510

}

return (1);

}

static EVP_CIPHER *

static const EVP_CIPHER *

evp_rijndael(void)

{

static EVP_CIPHER rijndal_cbc;

Line 502

Line 525

rijndal_cbc.cleanup = ssh_rijndael_cleanup;

rijndal_cbc.do_cipher = ssh_rijndael_cbc;

rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |

EVP_CIPH_ALWAYS_CALL_INIT;

EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;

return (&rijndal_cbc);

}

#endif

* Exports an IV from the CipherContext required to export the key

Line 540

Line 564

if (evplen == 0)

return;

if (evplen != len)

fatal("%s: wrong iv length %d != %d", __FUNCTION__,

fatal("%s: wrong iv length %d != %d", __func__,

evplen, len);

#if OPENSSL_VERSION_NUMBER < 0x00907000L

if (c->evptype == evp_rijndael) {

struct ssh_rijndael_ctx *aesc;

aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (aesc == NULL)

fatal("%s: no rijndael context", __FUNCTION__);

fatal("%s: no rijndael context", __func__);

civ = aesc->r_iv;

} else {

} else

#endif

{

civ = cc->evp.iv;

}

break;

case SSH_CIPHER_3DES: {

struct ssh1_3des_ctx *desc;

if (len != 24)

fatal("%s: bad 3des iv length: %d", __FUNCTION__, len);

fatal("%s: bad 3des iv length: %d", __func__, len);

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __FUNCTION__);

fatal("%s: no 3des context", __func__);

debug3("%s: Copying 3DES IV", __FUNCTION__);

debug3("%s: Copying 3DES IV", __func__);

memcpy(iv, desc->k1.iv, 8);

memcpy(iv + 8, desc->k2.iv, 8);

memcpy(iv + 16, desc->k3.iv, 8);

return;

}

default:

fatal("%s: bad cipher %d", __FUNCTION__, c->number);

fatal("%s: bad cipher %d", __func__, c->number);

}

memcpy(iv, civ, len);

}

Line 588

Line 615

if (evplen == 0)

return;

#if OPENSSL_VERSION_NUMBER < 0x00907000L

if (c->evptype == evp_rijndael) {

struct ssh_rijndael_ctx *aesc;

aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (aesc == NULL)

fatal("%s: no rijndael context", __FUNCTION__);

fatal("%s: no rijndael context", __func__);

div = aesc->r_iv;

}else {

} else

#endif

{

div = cc->evp.iv;

}

break;

Line 603

Line 633

struct ssh1_3des_ctx *desc;

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __FUNCTION__);

fatal("%s: no 3des context", __func__);

debug3("%s: Installed 3DES IV", __FUNCTION__);

debug3("%s: Installed 3DES IV", __func__);

memcpy(desc->k1.iv, iv, 8);

memcpy(desc->k2.iv, iv + 8, 8);

memcpy(desc->k3.iv, iv + 16, 8);

return;

}

default:

fatal("%s: bad cipher %d", __FUNCTION__, c->number);

fatal("%s: bad cipher %d", __func__, c->number);

}

memcpy(div, iv, evplen);

}

Line 628

Line 658

cipher_get_keycontext(CipherContext *cc, u_char *dat)

{

Cipher *c = cc->cipher;

int plen;

int plen = 0;

if (c->number == SSH_CIPHER_3DES) {

if (c->evptype == EVP_rc4) {

struct ssh1_3des_ctx *desc;

plen = EVP_X_STATE_LEN(cc->evp);

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __FUNCTION__);

plen = EVP_X_STATE_LEN(desc->k1);

if (dat == NULL)

return (3*plen);

return (plen);

memcpy(dat, EVP_X_STATE(desc->k1), plen);

memcpy(dat, EVP_X_STATE(cc->evp), plen);

memcpy(dat + plen, EVP_X_STATE(desc->k2), plen);

memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen);

return (3*plen);

}

/* Generic EVP */

plen = EVP_X_STATE_LEN(cc->evp);

if (dat == NULL)

return (plen);

memcpy(dat, EVP_X_STATE(cc->evp), plen);

return (plen);

}

Line 659

Line 675

Cipher *c = cc->cipher;

int plen;

if (c->number == SSH_CIPHER_3DES) {

if (c->evptype == EVP_rc4) {

struct ssh1_3des_ctx *desc;

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __FUNCTION__);

plen = EVP_X_STATE_LEN(desc->k1);

memcpy(EVP_X_STATE(desc->k1), dat, plen);

memcpy(EVP_X_STATE(desc->k2), dat + plen, plen);

memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen);

} else {

plen = EVP_X_STATE_LEN(cc->evp);

memcpy(EVP_X_STATE(cc->evp), dat, plen);

}