Annotation of src/usr.bin/ssh/cipher.c, Revision 1.37.2.5
1.1 deraadt 1: /*
1.30 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.26 markus 5: *
1.30 deraadt 6: * As far as I am concerned, the code I have written for this software
7: * can be used freely for any purpose. Any derived versions of this
8: * software must be clearly marked as such, and if the derived work is
9: * incompatible with the protocol description in the RFC file, it must be
10: * called by a name other than "ssh" or "Secure Shell".
1.26 markus 11: *
12: *
1.30 deraadt 13: * Copyright (c) 1999 Niels Provos. All rights reserved.
1.37.2.5! miod 14: * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved.
1.26 markus 15: *
1.30 deraadt 16: * Redistribution and use in source and binary forms, with or without
17: * modification, are permitted provided that the following conditions
18: * are met:
19: * 1. Redistributions of source code must retain the above copyright
20: * notice, this list of conditions and the following disclaimer.
21: * 2. Redistributions in binary form must reproduce the above copyright
22: * notice, this list of conditions and the following disclaimer in the
23: * documentation and/or other materials provided with the distribution.
1.26 markus 24: *
1.30 deraadt 25: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.17 deraadt 35: */
1.1 deraadt 36:
37: #include "includes.h"
1.37.2.5! miod 38: RCSID("$OpenBSD: cipher.c,v 1.47 2001/08/23 11:31:59 markus Exp $");
1.1 deraadt 39:
1.24 markus 40: #include "xmalloc.h"
1.37.2.1 jason 41: #include "log.h"
42: #include "cipher.h"
1.8 deraadt 43:
1.25 markus 44: #include <openssl/md5.h>
1.1 deraadt 45:
1.32 markus 46: /* no encryption */
1.37.2.5! miod 47: static void
1.32 markus 48: none_setkey(CipherContext *cc, const u_char *key, u_int keylen)
49: {
50: }
1.37.2.5! miod 51: static void
1.32 markus 52: none_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
53: {
54: }
1.37.2.5! miod 55: static void
1.32 markus 56: none_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
57: {
58: memcpy(dest, src, len);
59: }
60:
61: /* DES */
1.37.2.5! miod 62: static void
1.32 markus 63: des_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
64: {
1.34 markus 65: static int dowarn = 1;
66: if (dowarn) {
67: error("Warning: use of DES is strongly discouraged "
68: "due to cryptographic weaknesses");
69: dowarn = 0;
70: }
1.32 markus 71: des_set_key((void *)key, cc->u.des.key);
72: }
1.37.2.5! miod 73: static void
1.32 markus 74: des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
75: {
76: memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv));
77: }
1.37.2.5! miod 78: static void
1.32 markus 79: des_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
80: {
81: des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
82: DES_ENCRYPT);
83: }
1.37.2.5! miod 84: static void
1.32 markus 85: des_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
86: {
87: des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
88: DES_DECRYPT);
89: }
90:
91: /* 3DES */
1.37.2.5! miod 92: static void
1.32 markus 93: des3_setkey(CipherContext *cc, const u_char *key, u_int keylen)
94: {
95: des_set_key((void *) key, cc->u.des3.key1);
96: des_set_key((void *) (key+8), cc->u.des3.key2);
97: des_set_key((void *) (key+16), cc->u.des3.key3);
98: }
1.37.2.5! miod 99: static void
1.32 markus 100: des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
101: {
1.37.2.5! miod 102: memset(cc->u.des3.iv1, 0, sizeof(cc->u.des3.iv1));
1.32 markus 103: memset(cc->u.des3.iv2, 0, sizeof(cc->u.des3.iv2));
104: memset(cc->u.des3.iv3, 0, sizeof(cc->u.des3.iv3));
105: if (iv == NULL)
106: return;
107: memcpy(cc->u.des3.iv3, (char *)iv, 8);
108: }
1.37.2.5! miod 109: static void
1.32 markus 110: des3_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
111: {
112: des_ede3_cbc_encrypt(src, dest, len,
113: cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
114: &cc->u.des3.iv3, DES_ENCRYPT);
115: }
1.37.2.5! miod 116: static void
1.32 markus 117: des3_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
118: {
119: des_ede3_cbc_encrypt(src, dest, len,
120: cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
121: &cc->u.des3.iv3, DES_DECRYPT);
122: }
123:
1.1 deraadt 124: /*
1.24 markus 125: * This is used by SSH1:
126: *
1.23 deraadt 127: * What kind of triple DES are these 2 routines?
1.1 deraadt 128: *
129: * Why is there a redundant initialization vector?
130: *
131: * If only iv3 was used, then, this would till effect have been
132: * outer-cbc. However, there is also a private iv1 == iv2 which
133: * perhaps makes differential analysis easier. On the other hand, the
134: * private iv1 probably makes the CRC-32 attack ineffective. This is a
135: * result of that there is no longer any known iv1 to use when
136: * choosing the X block.
137: */
1.37.2.5! miod 138: static void
1.32 markus 139: des3_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
140: {
141: des_set_key((void *) key, cc->u.des3.key1);
142: des_set_key((void *) (key+8), cc->u.des3.key2);
143: if (keylen <= 16)
144: des_set_key((void *) key, cc->u.des3.key3);
145: else
146: des_set_key((void *) (key+16), cc->u.des3.key3);
147: }
1.37.2.5! miod 148: static void
1.32 markus 149: des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
150: u_int len)
1.1 deraadt 151: {
1.37.2.5! miod 152: des_ncbc_encrypt(src, dest, len, cc->u.des3.key1, &cc->u.des3.iv1,
! 153: DES_ENCRYPT);
! 154: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, &cc->u.des3.iv2,
! 155: DES_DECRYPT);
! 156: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key3, &cc->u.des3.iv3,
! 157: DES_ENCRYPT);
1.1 deraadt 158: }
1.37.2.5! miod 159: static void
1.32 markus 160: des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
161: u_int len)
1.1 deraadt 162: {
1.37.2.5! miod 163: des_ncbc_encrypt(src, dest, len, cc->u.des3.key3, &cc->u.des3.iv3,
! 164: DES_DECRYPT);
! 165: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, &cc->u.des3.iv2,
! 166: DES_ENCRYPT);
! 167: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key1, &cc->u.des3.iv1,
! 168: DES_DECRYPT);
1.1 deraadt 169: }
170:
1.32 markus 171: /* Blowfish */
1.37.2.5! miod 172: static void
1.32 markus 173: blowfish_setkey(CipherContext *cc, const u_char *key, u_int keylen)
174: {
1.37.2.1 jason 175: BF_set_key(&cc->u.bf.key, keylen, (u_char *)key);
1.32 markus 176: }
1.37.2.5! miod 177: static void
1.32 markus 178: blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
179: {
180: if (iv == NULL)
181: memset(cc->u.bf.iv, 0, 8);
182: else
183: memcpy(cc->u.bf.iv, (char *)iv, 8);
184: }
1.37.2.5! miod 185: static void
1.32 markus 186: blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
187: u_int len)
188: {
189: BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
190: BF_ENCRYPT);
191: }
1.37.2.5! miod 192: static void
1.32 markus 193: blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
194: u_int len)
195: {
196: BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
197: BF_DECRYPT);
198: }
199:
1.1 deraadt 200: /*
1.24 markus 201: * SSH1 uses a variation on Blowfish, all bytes must be swapped before
1.1 deraadt 202: * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
203: */
1.16 markus 204: static void
1.37.2.1 jason 205: swap_bytes(const u_char *src, u_char *dst, int n)
1.1 deraadt 206: {
1.37 markus 207: char c[4];
208:
209: /* Process 4 bytes every lap. */
210: for (n = n / 4; n > 0; n--) {
211: c[3] = *src++;
212: c[2] = *src++;
213: c[1] = *src++;
214: c[0] = *src++;
215:
216: *dst++ = c[0];
217: *dst++ = c[1];
218: *dst++ = c[2];
219: *dst++ = c[3];
1.16 markus 220: }
1.1 deraadt 221: }
222:
1.37.2.5! miod 223: static void
1.32 markus 224: blowfish_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
225: u_int len)
226: {
227: swap_bytes(src, dest, len);
228: BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
229: BF_ENCRYPT);
230: swap_bytes(dest, dest, len);
231: }
1.37.2.5! miod 232: static void
1.32 markus 233: blowfish_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
234: u_int len)
1.4 provos 235: {
1.32 markus 236: swap_bytes(src, dest, len);
237: BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
238: BF_DECRYPT);
239: swap_bytes(dest, dest, len);
240: }
1.1 deraadt 241:
1.32 markus 242: /* alleged rc4 */
1.37.2.5! miod 243: static void
1.32 markus 244: arcfour_setkey(CipherContext *cc, const u_char *key, u_int keylen)
245: {
246: RC4_set_key(&cc->u.rc4, keylen, (u_char *)key);
247: }
1.37.2.5! miod 248: static void
1.32 markus 249: arcfour_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
250: {
251: RC4(&cc->u.rc4, len, (u_char *)src, dest);
252: }
1.1 deraadt 253:
1.32 markus 254: /* CAST */
1.37.2.5! miod 255: static void
1.32 markus 256: cast_setkey(CipherContext *cc, const u_char *key, u_int keylen)
257: {
1.37.2.1 jason 258: CAST_set_key(&cc->u.cast.key, keylen, (u_char *) key);
1.32 markus 259: }
1.37.2.5! miod 260: static void
1.32 markus 261: cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
1.1 deraadt 262: {
1.37.2.1 jason 263: if (iv == NULL)
1.32 markus 264: fatal("no IV for %s.", cc->cipher->name);
265: memcpy(cc->u.cast.iv, (char *)iv, 8);
1.22 markus 266: }
1.37.2.5! miod 267: static void
1.32 markus 268: cast_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.22 markus 269: {
1.32 markus 270: CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
271: CAST_ENCRYPT);
1.1 deraadt 272: }
1.37.2.5! miod 273: static void
1.32 markus 274: cast_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.22 markus 275: {
1.32 markus 276: CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
277: CAST_DECRYPT);
1.22 markus 278: }
1.1 deraadt 279:
1.35 markus 280: /* RIJNDAEL */
281:
282: #define RIJNDAEL_BLOCKSIZE 16
1.37.2.5! miod 283: static void
1.35 markus 284: rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
285: {
1.37.2.5! miod 286: rijndael_set_key(&cc->u.rijndael.enc, (char *)key, 8*keylen, 1);
! 287: rijndael_set_key(&cc->u.rijndael.dec, (char *)key, 8*keylen, 0);
1.35 markus 288: }
1.37.2.5! miod 289: static void
1.35 markus 290: rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
291: {
1.37.2.5! miod 292: if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE)
! 293: fatal("bad/no IV for %s.", cc->cipher->name);
! 294: memcpy(cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
1.35 markus 295: }
1.37.2.5! miod 296: static void
1.35 markus 297: rijndael_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
298: u_int len)
299: {
300: rijndael_ctx *ctx = &cc->u.rijndael.enc;
1.37.2.5! miod 301: u_char *iv = cc->u.rijndael.iv;
! 302: u_char in[RIJNDAEL_BLOCKSIZE];
! 303: u_char *cprev, *cnow, *plain;
! 304: int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
! 305:
1.35 markus 306: if (len == 0)
307: return;
308: if (len % RIJNDAEL_BLOCKSIZE)
309: fatal("rijndael_cbc_encrypt: bad len %d", len);
1.37.2.5! miod 310: cnow = dest;
! 311: plain = (u_char *) src;
1.35 markus 312: cprev = iv;
1.37.2.5! miod 313: for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE,
! 314: cnow+=RIJNDAEL_BLOCKSIZE) {
! 315: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
! 316: in[j] = plain[j] ^ cprev[j];
1.35 markus 317: rijndael_encrypt(ctx, in, cnow);
318: cprev = cnow;
319: }
320: memcpy(iv, cprev, RIJNDAEL_BLOCKSIZE);
321: }
1.37.2.5! miod 322: static void
1.35 markus 323: rijndael_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
324: u_int len)
325: {
326: rijndael_ctx *ctx = &cc->u.rijndael.dec;
1.37.2.5! miod 327: u_char *iv = cc->u.rijndael.iv;
! 328: u_char ivsaved[RIJNDAEL_BLOCKSIZE];
! 329: u_char *cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE);
! 330: u_char *plain = dest+len-RIJNDAEL_BLOCKSIZE;
! 331: u_char *ivp;
! 332: int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
! 333:
1.35 markus 334: if (len == 0)
335: return;
336: if (len % RIJNDAEL_BLOCKSIZE)
337: fatal("rijndael_cbc_decrypt: bad len %d", len);
338: memcpy(ivsaved, cnow, RIJNDAEL_BLOCKSIZE);
1.37.2.5! miod 339: for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE,
! 340: plain-=RIJNDAEL_BLOCKSIZE) {
1.35 markus 341: rijndael_decrypt(ctx, cnow, plain);
1.37.2.5! miod 342: ivp = (i == 1) ? iv : cnow-RIJNDAEL_BLOCKSIZE;
! 343: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
! 344: plain[j] ^= ivp[j];
1.35 markus 345: }
346: memcpy(iv, ivsaved, RIJNDAEL_BLOCKSIZE);
347: }
1.32 markus 348:
349: Cipher ciphers[] = {
350: { "none",
351: SSH_CIPHER_NONE, 8, 0,
352: none_setkey, none_setiv,
353: none_crypt, none_crypt },
1.34 markus 354: { "des",
355: SSH_CIPHER_DES, 8, 8,
356: des_ssh1_setkey, des_ssh1_setiv,
357: des_ssh1_encrypt, des_ssh1_decrypt },
1.32 markus 358: { "3des",
359: SSH_CIPHER_3DES, 8, 16,
360: des3_ssh1_setkey, des3_setiv,
361: des3_ssh1_encrypt, des3_ssh1_decrypt },
362: { "blowfish",
363: SSH_CIPHER_BLOWFISH, 8, 16,
364: blowfish_setkey, blowfish_setiv,
365: blowfish_ssh1_encrypt, blowfish_ssh1_decrypt },
366:
367: { "3des-cbc",
368: SSH_CIPHER_SSH2, 8, 24,
369: des3_setkey, des3_setiv,
370: des3_cbc_encrypt, des3_cbc_decrypt },
371: { "blowfish-cbc",
372: SSH_CIPHER_SSH2, 8, 16,
373: blowfish_setkey, blowfish_setiv,
374: blowfish_cbc_encrypt, blowfish_cbc_decrypt },
375: { "cast128-cbc",
376: SSH_CIPHER_SSH2, 8, 16,
377: cast_setkey, cast_setiv,
378: cast_cbc_encrypt, cast_cbc_decrypt },
379: { "arcfour",
380: SSH_CIPHER_SSH2, 8, 16,
381: arcfour_setkey, none_setiv,
382: arcfour_crypt, arcfour_crypt },
1.35 markus 383: { "aes128-cbc",
384: SSH_CIPHER_SSH2, 16, 16,
385: rijndael_setkey, rijndael_setiv,
386: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
387: { "aes192-cbc",
388: SSH_CIPHER_SSH2, 16, 24,
389: rijndael_setkey, rijndael_setiv,
390: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
391: { "aes256-cbc",
392: SSH_CIPHER_SSH2, 16, 32,
393: rijndael_setkey, rijndael_setiv,
394: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
395: { "rijndael128-cbc",
396: SSH_CIPHER_SSH2, 16, 16,
397: rijndael_setkey, rijndael_setiv,
398: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
399: { "rijndael192-cbc",
400: SSH_CIPHER_SSH2, 16, 24,
401: rijndael_setkey, rijndael_setiv,
402: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
403: { "rijndael256-cbc",
404: SSH_CIPHER_SSH2, 16, 32,
405: rijndael_setkey, rijndael_setiv,
406: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
407: { "rijndael-cbc@lysator.liu.se",
408: SSH_CIPHER_SSH2, 16, 32,
409: rijndael_setkey, rijndael_setiv,
410: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
1.37.2.1 jason 411: { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
1.32 markus 412: };
413:
414: /*--*/
1.1 deraadt 415:
1.37.2.1 jason 416: u_int
1.34 markus 417: cipher_mask_ssh1(int client)
1.1 deraadt 418: {
1.37.2.1 jason 419: u_int mask = 0;
1.34 markus 420: mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
421: mask |= 1 << SSH_CIPHER_BLOWFISH;
422: if (client) {
423: mask |= 1 << SSH_CIPHER_DES;
1.32 markus 424: }
425: return mask;
1.1 deraadt 426: }
427:
1.32 markus 428: Cipher *
429: cipher_by_name(const char *name)
430: {
431: Cipher *c;
432: for (c = ciphers; c->name != NULL; c++)
433: if (strcasecmp(c->name, name) == 0)
434: return c;
435: return NULL;
436: }
437:
438: Cipher *
439: cipher_by_number(int id)
440: {
441: Cipher *c;
442: for (c = ciphers; c->name != NULL; c++)
443: if (c->number == id)
444: return c;
445: return NULL;
446: }
1.24 markus 447:
448: #define CIPHER_SEP ","
449: int
450: ciphers_valid(const char *names)
451: {
1.32 markus 452: Cipher *c;
1.29 ho 453: char *ciphers, *cp;
1.24 markus 454: char *p;
455:
1.27 markus 456: if (names == NULL || strcmp(names, "") == 0)
1.24 markus 457: return 0;
1.29 ho 458: ciphers = cp = xstrdup(names);
1.32 markus 459: for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
1.29 ho 460: (p = strsep(&cp, CIPHER_SEP))) {
1.32 markus 461: c = cipher_by_name(p);
462: if (c == NULL || c->number != SSH_CIPHER_SSH2) {
463: debug("bad cipher %s [%s]", p, names);
1.24 markus 464: xfree(ciphers);
465: return 0;
1.32 markus 466: } else {
1.36 markus 467: debug3("cipher ok: %s [%s]", p, names);
1.24 markus 468: }
469: }
1.36 markus 470: debug3("ciphers ok: [%s]", names);
1.24 markus 471: xfree(ciphers);
472: return 1;
473: }
474:
1.18 markus 475: /*
476: * Parses the name of the cipher. Returns the number of the corresponding
477: * cipher, or -1 on error.
478: */
1.1 deraadt 479:
1.4 provos 480: int
481: cipher_number(const char *name)
1.1 deraadt 482: {
1.32 markus 483: Cipher *c;
1.27 markus 484: if (name == NULL)
485: return -1;
1.32 markus 486: c = cipher_by_name(name);
487: return (c==NULL) ? -1 : c->number;
1.1 deraadt 488: }
489:
1.32 markus 490: char *
491: cipher_name(int id)
1.1 deraadt 492: {
1.32 markus 493: Cipher *c = cipher_by_number(id);
494: return (c==NULL) ? "<unknown>" : c->name;
1.1 deraadt 495: }
496:
1.26 markus 497: void
1.32 markus 498: cipher_init(CipherContext *cc, Cipher *cipher,
499: const u_char *key, u_int keylen, const u_char *iv, u_int ivlen)
1.16 markus 500: {
1.32 markus 501: if (keylen < cipher->key_len)
502: fatal("cipher_init: key length %d is insufficient for %s.",
503: keylen, cipher->name);
504: if (iv != NULL && ivlen < cipher->block_size)
505: fatal("cipher_init: iv length %d is insufficient for %s.",
506: ivlen, cipher->name);
507: cc->cipher = cipher;
508: cipher->setkey(cc, key, keylen);
509: cipher->setiv(cc, iv, ivlen);
1.1 deraadt 510: }
1.21 markus 511:
1.26 markus 512: void
1.32 markus 513: cipher_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
514: {
515: if (len % cc->cipher->block_size)
516: fatal("cipher_encrypt: bad plaintext length %d", len);
517: cc->cipher->encrypt(cc, dest, src, len);
1.21 markus 518: }
519:
1.26 markus 520: void
1.32 markus 521: cipher_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.16 markus 522: {
1.32 markus 523: if (len % cc->cipher->block_size)
524: fatal("cipher_decrypt: bad ciphertext length %d", len);
525: cc->cipher->decrypt(cc, dest, src, len);
1.16 markus 526: }
1.1 deraadt 527:
1.32 markus 528: /*
529: * Selects the cipher, and keys if by computing the MD5 checksum of the
530: * passphrase and using the resulting 16 bytes as the key.
531: */
1.1 deraadt 532:
1.26 markus 533: void
1.32 markus 534: cipher_set_key_string(CipherContext *cc, Cipher *cipher,
535: const char *passphrase)
1.16 markus 536: {
1.32 markus 537: MD5_CTX md;
1.37.2.1 jason 538: u_char digest[16];
1.32 markus 539:
540: MD5_Init(&md);
541: MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
542: MD5_Final(digest, &md);
1.16 markus 543:
1.32 markus 544: cipher_init(cc, cipher, digest, 16, NULL, 0);
1.16 markus 545:
1.32 markus 546: memset(digest, 0, sizeof(digest));
547: memset(&md, 0, sizeof(md));
1.1 deraadt 548: }