src/usr.bin/ssh/cipher.c - diff

Return to cipher.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/cipher.c between version 1.55.2.3 and 1.56

version 1.55.2.3, 2003/04/03 22:35:17

version 1.56, 2002/05/16 22:02:50

Line 42

#include "cipher.h"

#include <openssl/md5.h>

#if OPENSSL_VERSION_NUMBER < 0x00907000L

#include "rijndael.h"

static const EVP_CIPHER *evp_rijndael(void);

#endif

static const EVP_CIPHER *evp_ssh1_3des(void);

static const EVP_CIPHER *evp_ssh1_bf(void);

static const EVP_CIPHER *evp_rijndael(void);

struct Cipher {

char *name;

Line 66

Line 64

{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },

{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },

{ "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },

#if OPENSSL_VERSION_NUMBER < 0x00907000L

{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },

{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },

{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

{ "rijndael-cbc@lysator.liu.se",

SSH_CIPHER_SSH2, 16, 32, evp_rijndael },

#else

{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc },

{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc },

{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

{ "rijndael-cbc@lysator.liu.se",

SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },

#endif

{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }

};

Line 90

Line 80

{

return (c->block_size);

}

u_int

cipher_keylen(Cipher *c)

{

return (c->key_len);

}

u_int

cipher_get_number(Cipher *c)

{

Line 221

Line 209

cipher->name);

klen = EVP_CIPHER_CTX_key_length(&cc->evp);

if (klen > 0 && keylen != klen) {

debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);

debug("cipher_init: set keylen (%d -> %d)", klen, keylen);

if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)

fatal("cipher_init: set keylen failed (%d -> %d)",

klen, keylen);

Line 289

Line 277

{

EVP_CIPHER_CTX k1, k2, k3;

};

static int

ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,

int enc)

Line 326

Line 313

}

return (1);

}

static int

ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)

{

Line 342

Line 328

return (0);

return (1);

}

static int

ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)

{

Line 355

Line 340

}

return (1);

}

static const EVP_CIPHER *

evp_ssh1_3des(void)

{

Line 395

Line 379

*dst++ = c[3];

}

static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;

static int

bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)

{

Line 408

Line 390

swap_bytes(out, out, len);

return (ret);

}

static const EVP_CIPHER *

evp_ssh1_bf(void)

{

Line 422

Line 403

return (&ssh1_bf);

}

#if OPENSSL_VERSION_NUMBER < 0x00907000L

/* RIJNDAEL */

#define RIJNDAEL_BLOCKSIZE 16

struct ssh_rijndael_ctx

Line 451

Line 431

memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);

return (1);

}

static int

ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,

u_int len)

Line 497

Line 476

}

return (1);

}

static int

ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)

{

Line 510

Line 488

}

return (1);

}

static const EVP_CIPHER *

evp_rijndael(void)

{

Line 525

Line 502

rijndal_cbc.cleanup = ssh_rijndael_cleanup;

rijndal_cbc.do_cipher = ssh_rijndael_cbc;

rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |

EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;

EVP_CIPH_ALWAYS_CALL_INIT;

return (&rijndal_cbc);

}

#endif

* Exports an IV from the CipherContext required to export the key

Line 564

Line 540

if (evplen == 0)

return;

if (evplen != len)

fatal("%s: wrong iv length %d != %d", __func__,

fatal("%s: wrong iv length %d != %d", __FUNCTION__,

evplen, len);

#if OPENSSL_VERSION_NUMBER < 0x00907000L

if (c->evptype == evp_rijndael) {

struct ssh_rijndael_ctx *aesc;

aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (aesc == NULL)

fatal("%s: no rijndael context", __func__);

fatal("%s: no rijndael context", __FUNCTION__);

civ = aesc->r_iv;

} else

} else {

#endif

{

civ = cc->evp.iv;

}

break;

case SSH_CIPHER_3DES: {

struct ssh1_3des_ctx *desc;

if (len != 24)

fatal("%s: bad 3des iv length: %d", __func__, len);

fatal("%s: bad 3des iv length: %d", __FUNCTION__, len);

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __func__);

fatal("%s: no 3des context", __FUNCTION__);

debug3("%s: Copying 3DES IV", __func__);

debug3("%s: Copying 3DES IV", __FUNCTION__);

memcpy(iv, desc->k1.iv, 8);

memcpy(iv + 8, desc->k2.iv, 8);

memcpy(iv + 16, desc->k3.iv, 8);

return;

}

default:

fatal("%s: bad cipher %d", __func__, c->number);

fatal("%s: bad cipher %d", __FUNCTION__, c->number);

}

memcpy(iv, civ, len);

}

Line 615

Line 588

if (evplen == 0)

return;

#if OPENSSL_VERSION_NUMBER < 0x00907000L

if (c->evptype == evp_rijndael) {

struct ssh_rijndael_ctx *aesc;

aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (aesc == NULL)

fatal("%s: no rijndael context", __func__);

fatal("%s: no rijndael context", __FUNCTION__);

div = aesc->r_iv;

} else

}else {

#endif

{

div = cc->evp.iv;

}

break;

Line 633

Line 603

struct ssh1_3des_ctx *desc;

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __func__);

fatal("%s: no 3des context", __FUNCTION__);

debug3("%s: Installed 3DES IV", __func__);

debug3("%s: Installed 3DES IV", __FUNCTION__);

memcpy(desc->k1.iv, iv, 8);

memcpy(desc->k2.iv, iv + 8, 8);

memcpy(desc->k3.iv, iv + 16, 8);

return;

}

default:

fatal("%s: bad cipher %d", __func__, c->number);

fatal("%s: bad cipher %d", __FUNCTION__, c->number);

}

memcpy(div, iv, evplen);

}

Line 658

Line 628

cipher_get_keycontext(CipherContext *cc, u_char *dat)

{

Cipher *c = cc->cipher;

int plen = 0;

int plen;

if (c->evptype == EVP_rc4) {

if (c->number == SSH_CIPHER_3DES) {

plen = EVP_X_STATE_LEN(cc->evp);

struct ssh1_3des_ctx *desc;

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __FUNCTION__);

plen = EVP_X_STATE_LEN(desc->k1);

if (dat == NULL)

return (plen);

return (3*plen);

memcpy(dat, EVP_X_STATE(cc->evp), plen);

memcpy(dat, EVP_X_STATE(desc->k1), plen);

memcpy(dat + plen, EVP_X_STATE(desc->k2), plen);

memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen);

return (3*plen);

}

/* Generic EVP */

plen = EVP_X_STATE_LEN(cc->evp);

if (dat == NULL)

return (plen);

memcpy(dat, EVP_X_STATE(cc->evp), plen);

return (plen);

}

Line 675

Line 659

Cipher *c = cc->cipher;

int plen;

if (c->evptype == EVP_rc4) {

if (c->number == SSH_CIPHER_3DES) {

struct ssh1_3des_ctx *desc;

desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);

if (desc == NULL)

fatal("%s: no 3des context", __FUNCTION__);

plen = EVP_X_STATE_LEN(desc->k1);

memcpy(EVP_X_STATE(desc->k1), dat, plen);

memcpy(EVP_X_STATE(desc->k2), dat + plen, plen);

memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen);

} else {

plen = EVP_X_STATE_LEN(cc->evp);

memcpy(EVP_X_STATE(cc->evp), dat, plen);

}