Annotation of src/usr.bin/ssh/cipher.c, Revision 1.43.2.3
1.1 deraadt 1: /*
1.30 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.26 markus 5: *
1.30 deraadt 6: * As far as I am concerned, the code I have written for this software
7: * can be used freely for any purpose. Any derived versions of this
8: * software must be clearly marked as such, and if the derived work is
9: * incompatible with the protocol description in the RFC file, it must be
10: * called by a name other than "ssh" or "Secure Shell".
1.26 markus 11: *
12: *
1.30 deraadt 13: * Copyright (c) 1999 Niels Provos. All rights reserved.
1.43.2.1 jason 14: * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved.
1.26 markus 15: *
1.30 deraadt 16: * Redistribution and use in source and binary forms, with or without
17: * modification, are permitted provided that the following conditions
18: * are met:
19: * 1. Redistributions of source code must retain the above copyright
20: * notice, this list of conditions and the following disclaimer.
21: * 2. Redistributions in binary form must reproduce the above copyright
22: * notice, this list of conditions and the following disclaimer in the
23: * documentation and/or other materials provided with the distribution.
1.26 markus 24: *
1.30 deraadt 25: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.17 deraadt 35: */
1.1 deraadt 36:
37: #include "includes.h"
1.43.2.3! miod 38: RCSID("$OpenBSD: cipher.c,v 1.55 2002/04/03 09:26:11 markus Exp $");
1.1 deraadt 39:
1.24 markus 40: #include "xmalloc.h"
1.42 markus 41: #include "log.h"
42: #include "cipher.h"
1.8 deraadt 43:
1.25 markus 44: #include <openssl/md5.h>
1.43.2.2 miod 45: #include "rijndael.h"
1.1 deraadt 46:
1.43.2.2 miod 47: static EVP_CIPHER *evp_ssh1_3des(void);
48: static EVP_CIPHER *evp_ssh1_bf(void);
49: static EVP_CIPHER *evp_rijndael(void);
50:
51: struct Cipher {
52: char *name;
53: int number; /* for ssh1 only */
54: u_int block_size;
55: u_int key_len;
56: EVP_CIPHER *(*evptype)(void);
57: } ciphers[] = {
58: { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
59: { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },
60: { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des },
61: { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf },
62:
63: { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },
64: { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },
65: { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },
66: { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },
67: { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },
68: { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },
69: { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
1.43.2.3! miod 70: { "rijndael-cbc@lysator.liu.se",
! 71: SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
1.1 deraadt 72:
1.43.2.2 miod 73: { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }
74: };
1.1 deraadt 75:
1.43.2.2 miod 76: /*--*/
1.35 markus 77:
1.43.2.3! miod 78: u_int
1.43.2.2 miod 79: cipher_blocksize(Cipher *c)
1.35 markus 80: {
1.43.2.2 miod 81: return (c->block_size);
1.35 markus 82: }
1.43.2.3! miod 83: u_int
1.43.2.2 miod 84: cipher_keylen(Cipher *c)
1.35 markus 85: {
1.43.2.2 miod 86: return (c->key_len);
1.35 markus 87: }
1.43.2.3! miod 88: u_int
! 89: cipher_get_number(Cipher *c)
! 90: {
! 91: return (c->number);
! 92: }
1.1 deraadt 93:
1.41 markus 94: u_int
1.34 markus 95: cipher_mask_ssh1(int client)
1.1 deraadt 96: {
1.41 markus 97: u_int mask = 0;
1.43.2.2 miod 98: mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
1.34 markus 99: mask |= 1 << SSH_CIPHER_BLOWFISH;
100: if (client) {
101: mask |= 1 << SSH_CIPHER_DES;
1.32 markus 102: }
103: return mask;
1.1 deraadt 104: }
105:
1.32 markus 106: Cipher *
107: cipher_by_name(const char *name)
108: {
109: Cipher *c;
110: for (c = ciphers; c->name != NULL; c++)
111: if (strcasecmp(c->name, name) == 0)
112: return c;
113: return NULL;
114: }
115:
116: Cipher *
117: cipher_by_number(int id)
118: {
119: Cipher *c;
120: for (c = ciphers; c->name != NULL; c++)
121: if (c->number == id)
122: return c;
123: return NULL;
124: }
1.24 markus 125:
126: #define CIPHER_SEP ","
127: int
128: ciphers_valid(const char *names)
129: {
1.32 markus 130: Cipher *c;
1.29 ho 131: char *ciphers, *cp;
1.24 markus 132: char *p;
133:
1.27 markus 134: if (names == NULL || strcmp(names, "") == 0)
1.24 markus 135: return 0;
1.29 ho 136: ciphers = cp = xstrdup(names);
1.32 markus 137: for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
1.43.2.2 miod 138: (p = strsep(&cp, CIPHER_SEP))) {
1.32 markus 139: c = cipher_by_name(p);
140: if (c == NULL || c->number != SSH_CIPHER_SSH2) {
141: debug("bad cipher %s [%s]", p, names);
1.24 markus 142: xfree(ciphers);
143: return 0;
1.32 markus 144: } else {
1.36 markus 145: debug3("cipher ok: %s [%s]", p, names);
1.24 markus 146: }
147: }
1.36 markus 148: debug3("ciphers ok: [%s]", names);
1.24 markus 149: xfree(ciphers);
150: return 1;
151: }
152:
1.18 markus 153: /*
154: * Parses the name of the cipher. Returns the number of the corresponding
155: * cipher, or -1 on error.
156: */
1.1 deraadt 157:
1.4 provos 158: int
159: cipher_number(const char *name)
1.1 deraadt 160: {
1.32 markus 161: Cipher *c;
1.27 markus 162: if (name == NULL)
163: return -1;
1.32 markus 164: c = cipher_by_name(name);
165: return (c==NULL) ? -1 : c->number;
1.1 deraadt 166: }
167:
1.32 markus 168: char *
169: cipher_name(int id)
1.1 deraadt 170: {
1.32 markus 171: Cipher *c = cipher_by_number(id);
172: return (c==NULL) ? "<unknown>" : c->name;
1.1 deraadt 173: }
174:
1.26 markus 175: void
1.32 markus 176: cipher_init(CipherContext *cc, Cipher *cipher,
1.43.2.2 miod 177: const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
178: int encrypt)
1.16 markus 179: {
1.43.2.2 miod 180: static int dowarn = 1;
181: const EVP_CIPHER *type;
182: int klen;
183:
184: if (cipher->number == SSH_CIPHER_DES) {
185: if (dowarn) {
186: error("Warning: use of DES is strongly discouraged "
187: "due to cryptographic weaknesses");
188: dowarn = 0;
189: }
190: if (keylen > 8)
191: keylen = 8;
192: }
193: cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
194:
1.32 markus 195: if (keylen < cipher->key_len)
196: fatal("cipher_init: key length %d is insufficient for %s.",
197: keylen, cipher->name);
198: if (iv != NULL && ivlen < cipher->block_size)
199: fatal("cipher_init: iv length %d is insufficient for %s.",
200: ivlen, cipher->name);
201: cc->cipher = cipher;
1.43.2.2 miod 202:
203: type = (*cipher->evptype)();
204:
205: EVP_CIPHER_CTX_init(&cc->evp);
206: if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,
207: (encrypt == CIPHER_ENCRYPT)) == 0)
208: fatal("cipher_init: EVP_CipherInit failed for %s",
209: cipher->name);
210: klen = EVP_CIPHER_CTX_key_length(&cc->evp);
211: if (klen > 0 && keylen != klen) {
212: debug("cipher_init: set keylen (%d -> %d)", klen, keylen);
213: if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
214: fatal("cipher_init: set keylen failed (%d -> %d)",
215: klen, keylen);
216: }
217: if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0)
218: fatal("cipher_init: EVP_CipherInit: set key failed for %s",
219: cipher->name);
1.1 deraadt 220: }
1.21 markus 221:
1.26 markus 222: void
1.43.2.2 miod 223: cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.32 markus 224: {
225: if (len % cc->cipher->block_size)
226: fatal("cipher_encrypt: bad plaintext length %d", len);
1.43.2.2 miod 227: if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
228: fatal("evp_crypt: EVP_Cipher failed");
1.21 markus 229: }
230:
1.26 markus 231: void
1.43.2.2 miod 232: cipher_cleanup(CipherContext *cc)
1.16 markus 233: {
1.43.2.2 miod 234: if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
235: error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
1.16 markus 236: }
1.1 deraadt 237:
1.32 markus 238: /*
239: * Selects the cipher, and keys if by computing the MD5 checksum of the
240: * passphrase and using the resulting 16 bytes as the key.
241: */
1.1 deraadt 242:
1.26 markus 243: void
1.32 markus 244: cipher_set_key_string(CipherContext *cc, Cipher *cipher,
1.43.2.2 miod 245: const char *passphrase, int encrypt)
1.16 markus 246: {
1.32 markus 247: MD5_CTX md;
1.41 markus 248: u_char digest[16];
1.32 markus 249:
250: MD5_Init(&md);
251: MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
252: MD5_Final(digest, &md);
1.16 markus 253:
1.43.2.2 miod 254: cipher_init(cc, cipher, digest, 16, NULL, 0, encrypt);
1.16 markus 255:
1.32 markus 256: memset(digest, 0, sizeof(digest));
257: memset(&md, 0, sizeof(md));
1.43.2.2 miod 258: }
259:
260: /* Implementations for other non-EVP ciphers */
261:
262: /*
263: * This is used by SSH1:
264: *
265: * What kind of triple DES are these 2 routines?
266: *
267: * Why is there a redundant initialization vector?
268: *
269: * If only iv3 was used, then, this would till effect have been
270: * outer-cbc. However, there is also a private iv1 == iv2 which
271: * perhaps makes differential analysis easier. On the other hand, the
272: * private iv1 probably makes the CRC-32 attack ineffective. This is a
273: * result of that there is no longer any known iv1 to use when
274: * choosing the X block.
275: */
276: struct ssh1_3des_ctx
277: {
278: EVP_CIPHER_CTX k1, k2, k3;
279: };
280: static int
281: ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
282: int enc)
283: {
284: struct ssh1_3des_ctx *c;
285: u_char *k1, *k2, *k3;
286:
287: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
288: c = xmalloc(sizeof(*c));
289: EVP_CIPHER_CTX_set_app_data(ctx, c);
290: }
291: if (key == NULL)
292: return (1);
293: if (enc == -1)
294: enc = ctx->encrypt;
295: k1 = k2 = k3 = (u_char *) key;
296: k2 += 8;
297: if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
298: if (enc)
299: k3 += 16;
300: else
301: k1 += 16;
302: }
303: EVP_CIPHER_CTX_init(&c->k1);
304: EVP_CIPHER_CTX_init(&c->k2);
305: EVP_CIPHER_CTX_init(&c->k3);
306: if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
307: EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
308: EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
309: memset(c, 0, sizeof(*c));
310: xfree(c);
311: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
312: return (0);
313: }
314: return (1);
315: }
316: static int
317: ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
318: {
319: struct ssh1_3des_ctx *c;
320:
321: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
322: error("ssh1_3des_cbc: no context");
323: return (0);
324: }
325: if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
326: EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
327: EVP_Cipher(&c->k3, dest, dest, len) == 0)
328: return (0);
329: return (1);
330: }
331: static int
332: ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
333: {
334: struct ssh1_3des_ctx *c;
335:
336: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
337: memset(c, 0, sizeof(*c));
338: xfree(c);
339: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
340: }
341: return (1);
342: }
343: static EVP_CIPHER *
344: evp_ssh1_3des(void)
345: {
346: static EVP_CIPHER ssh1_3des;
347:
348: memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
349: ssh1_3des.nid = NID_undef;
350: ssh1_3des.block_size = 8;
351: ssh1_3des.iv_len = 0;
352: ssh1_3des.key_len = 16;
353: ssh1_3des.init = ssh1_3des_init;
354: ssh1_3des.cleanup = ssh1_3des_cleanup;
355: ssh1_3des.do_cipher = ssh1_3des_cbc;
356: ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
357: return (&ssh1_3des);
358: }
359:
360: /*
361: * SSH1 uses a variation on Blowfish, all bytes must be swapped before
362: * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
363: */
364: static void
365: swap_bytes(const u_char *src, u_char *dst, int n)
366: {
367: u_char c[4];
368:
369: /* Process 4 bytes every lap. */
370: for (n = n / 4; n > 0; n--) {
371: c[3] = *src++;
372: c[2] = *src++;
373: c[1] = *src++;
374: c[0] = *src++;
375:
376: *dst++ = c[0];
377: *dst++ = c[1];
378: *dst++ = c[2];
379: *dst++ = c[3];
380: }
381: }
382: static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
383: static int
384: bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
385: {
386: int ret;
387:
388: swap_bytes(in, out, len);
389: ret = (*orig_bf)(ctx, out, out, len);
390: swap_bytes(out, out, len);
391: return (ret);
392: }
393: static EVP_CIPHER *
394: evp_ssh1_bf(void)
395: {
396: static EVP_CIPHER ssh1_bf;
397:
398: memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
399: orig_bf = ssh1_bf.do_cipher;
400: ssh1_bf.nid = NID_undef;
401: ssh1_bf.do_cipher = bf_ssh1_cipher;
402: ssh1_bf.key_len = 32;
403: return (&ssh1_bf);
404: }
405:
406: /* RIJNDAEL */
407: #define RIJNDAEL_BLOCKSIZE 16
408: struct ssh_rijndael_ctx
409: {
410: rijndael_ctx r_ctx;
411: u_char r_iv[RIJNDAEL_BLOCKSIZE];
412: };
413:
414: static int
415: ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
416: int enc)
417: {
418: struct ssh_rijndael_ctx *c;
419:
420: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
421: c = xmalloc(sizeof(*c));
422: EVP_CIPHER_CTX_set_app_data(ctx, c);
423: }
424: if (key != NULL) {
425: if (enc == -1)
426: enc = ctx->encrypt;
427: rijndael_set_key(&c->r_ctx, (u_char *)key,
428: 8*EVP_CIPHER_CTX_key_length(ctx), enc);
429: }
430: if (iv != NULL)
431: memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
432: return (1);
433: }
434: static int
435: ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
436: u_int len)
437: {
438: struct ssh_rijndael_ctx *c;
439: u_char buf[RIJNDAEL_BLOCKSIZE];
440: u_char *cprev, *cnow, *plain, *ivp;
441: int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
442:
443: if (len == 0)
444: return (1);
445: if (len % RIJNDAEL_BLOCKSIZE)
446: fatal("ssh_rijndael_cbc: bad len %d", len);
447: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
448: error("ssh_rijndael_cbc: no context");
449: return (0);
450: }
451: if (ctx->encrypt) {
452: cnow = dest;
453: plain = (u_char *)src;
454: cprev = c->r_iv;
455: for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE,
456: cnow+=RIJNDAEL_BLOCKSIZE) {
457: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
458: buf[j] = plain[j] ^ cprev[j];
459: rijndael_encrypt(&c->r_ctx, buf, cnow);
460: cprev = cnow;
461: }
462: memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE);
463: } else {
464: cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE);
465: plain = dest+len-RIJNDAEL_BLOCKSIZE;
466:
467: memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE);
468: for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE,
469: plain-=RIJNDAEL_BLOCKSIZE) {
470: rijndael_decrypt(&c->r_ctx, cnow, plain);
471: ivp = (i == 1) ? c->r_iv : cnow-RIJNDAEL_BLOCKSIZE;
472: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
473: plain[j] ^= ivp[j];
474: }
475: memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE);
476: }
477: return (1);
478: }
479: static int
480: ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
481: {
482: struct ssh_rijndael_ctx *c;
483:
484: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
485: memset(c, 0, sizeof(*c));
486: xfree(c);
487: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
488: }
489: return (1);
490: }
491: static EVP_CIPHER *
492: evp_rijndael(void)
493: {
494: static EVP_CIPHER rijndal_cbc;
495:
496: memset(&rijndal_cbc, 0, sizeof(EVP_CIPHER));
497: rijndal_cbc.nid = NID_undef;
498: rijndal_cbc.block_size = RIJNDAEL_BLOCKSIZE;
499: rijndal_cbc.iv_len = RIJNDAEL_BLOCKSIZE;
500: rijndal_cbc.key_len = 16;
501: rijndal_cbc.init = ssh_rijndael_init;
502: rijndal_cbc.cleanup = ssh_rijndael_cleanup;
503: rijndal_cbc.do_cipher = ssh_rijndael_cbc;
504: rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
505: EVP_CIPH_ALWAYS_CALL_INIT;
506: return (&rijndal_cbc);
1.43.2.3! miod 507: }
! 508:
! 509: /*
! 510: * Exports an IV from the CipherContext required to export the key
! 511: * state back from the unprivileged child to the privileged parent
! 512: * process.
! 513: */
! 514:
! 515: int
! 516: cipher_get_keyiv_len(CipherContext *cc)
! 517: {
! 518: Cipher *c = cc->cipher;
! 519: int ivlen;
! 520:
! 521: if (c->number == SSH_CIPHER_3DES)
! 522: ivlen = 24;
! 523: else
! 524: ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
! 525: return (ivlen);
! 526: }
! 527:
! 528: void
! 529: cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
! 530: {
! 531: Cipher *c = cc->cipher;
! 532: u_char *civ = NULL;
! 533: int evplen;
! 534:
! 535: switch (c->number) {
! 536: case SSH_CIPHER_SSH2:
! 537: case SSH_CIPHER_DES:
! 538: case SSH_CIPHER_BLOWFISH:
! 539: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
! 540: if (evplen == 0)
! 541: return;
! 542: if (evplen != len)
! 543: fatal("%s: wrong iv length %d != %d", __FUNCTION__,
! 544: evplen, len);
! 545:
! 546: if (c->evptype == evp_rijndael) {
! 547: struct ssh_rijndael_ctx *aesc;
! 548:
! 549: aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
! 550: if (aesc == NULL)
! 551: fatal("%s: no rijndael context", __FUNCTION__);
! 552: civ = aesc->r_iv;
! 553: } else {
! 554: civ = cc->evp.iv;
! 555: }
! 556: break;
! 557: case SSH_CIPHER_3DES: {
! 558: struct ssh1_3des_ctx *desc;
! 559: if (len != 24)
! 560: fatal("%s: bad 3des iv length: %d", __FUNCTION__, len);
! 561: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
! 562: if (desc == NULL)
! 563: fatal("%s: no 3des context", __FUNCTION__);
! 564: debug3("%s: Copying 3DES IV", __FUNCTION__);
! 565: memcpy(iv, desc->k1.iv, 8);
! 566: memcpy(iv + 8, desc->k2.iv, 8);
! 567: memcpy(iv + 16, desc->k3.iv, 8);
! 568: return;
! 569: }
! 570: default:
! 571: fatal("%s: bad cipher %d", __FUNCTION__, c->number);
! 572: }
! 573: memcpy(iv, civ, len);
! 574: }
! 575:
! 576: void
! 577: cipher_set_keyiv(CipherContext *cc, u_char *iv)
! 578: {
! 579: Cipher *c = cc->cipher;
! 580: u_char *div = NULL;
! 581: int evplen = 0;
! 582:
! 583: switch (c->number) {
! 584: case SSH_CIPHER_SSH2:
! 585: case SSH_CIPHER_DES:
! 586: case SSH_CIPHER_BLOWFISH:
! 587: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
! 588: if (evplen == 0)
! 589: return;
! 590:
! 591: if (c->evptype == evp_rijndael) {
! 592: struct ssh_rijndael_ctx *aesc;
! 593:
! 594: aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
! 595: if (aesc == NULL)
! 596: fatal("%s: no rijndael context", __FUNCTION__);
! 597: div = aesc->r_iv;
! 598: }else {
! 599: div = cc->evp.iv;
! 600: }
! 601: break;
! 602: case SSH_CIPHER_3DES: {
! 603: struct ssh1_3des_ctx *desc;
! 604: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
! 605: if (desc == NULL)
! 606: fatal("%s: no 3des context", __FUNCTION__);
! 607: debug3("%s: Installed 3DES IV", __FUNCTION__);
! 608: memcpy(desc->k1.iv, iv, 8);
! 609: memcpy(desc->k2.iv, iv + 8, 8);
! 610: memcpy(desc->k3.iv, iv + 16, 8);
! 611: return;
! 612: }
! 613: default:
! 614: fatal("%s: bad cipher %d", __FUNCTION__, c->number);
! 615: }
! 616: memcpy(div, iv, evplen);
! 617: }
! 618:
! 619: #if OPENSSL_VERSION_NUMBER < 0x00907000L
! 620: #define EVP_X_STATE(evp) &(evp).c
! 621: #define EVP_X_STATE_LEN(evp) sizeof((evp).c)
! 622: #else
! 623: #define EVP_X_STATE(evp) (evp).cipher_data
! 624: #define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
! 625: #endif
! 626:
! 627: int
! 628: cipher_get_keycontext(CipherContext *cc, u_char *dat)
! 629: {
! 630: Cipher *c = cc->cipher;
! 631: int plen;
! 632:
! 633: if (c->number == SSH_CIPHER_3DES) {
! 634: struct ssh1_3des_ctx *desc;
! 635: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
! 636: if (desc == NULL)
! 637: fatal("%s: no 3des context", __FUNCTION__);
! 638: plen = EVP_X_STATE_LEN(desc->k1);
! 639: if (dat == NULL)
! 640: return (3*plen);
! 641: memcpy(dat, EVP_X_STATE(desc->k1), plen);
! 642: memcpy(dat + plen, EVP_X_STATE(desc->k2), plen);
! 643: memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen);
! 644: return (3*plen);
! 645: }
! 646:
! 647: /* Generic EVP */
! 648: plen = EVP_X_STATE_LEN(cc->evp);
! 649: if (dat == NULL)
! 650: return (plen);
! 651:
! 652: memcpy(dat, EVP_X_STATE(cc->evp), plen);
! 653: return (plen);
! 654: }
! 655:
! 656: void
! 657: cipher_set_keycontext(CipherContext *cc, u_char *dat)
! 658: {
! 659: Cipher *c = cc->cipher;
! 660: int plen;
! 661:
! 662: if (c->number == SSH_CIPHER_3DES) {
! 663: struct ssh1_3des_ctx *desc;
! 664: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
! 665: if (desc == NULL)
! 666: fatal("%s: no 3des context", __FUNCTION__);
! 667: plen = EVP_X_STATE_LEN(desc->k1);
! 668: memcpy(EVP_X_STATE(desc->k1), dat, plen);
! 669: memcpy(EVP_X_STATE(desc->k2), dat + plen, plen);
! 670: memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen);
! 671: } else {
! 672: plen = EVP_X_STATE_LEN(cc->evp);
! 673: memcpy(EVP_X_STATE(cc->evp), dat, plen);
! 674: }
1.1 deraadt 675: }