Annotation of src/usr.bin/ssh/cipher.c, Revision 1.45
1.1 deraadt 1: /*
1.30 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.26 markus 5: *
1.30 deraadt 6: * As far as I am concerned, the code I have written for this software
7: * can be used freely for any purpose. Any derived versions of this
8: * software must be clearly marked as such, and if the derived work is
9: * incompatible with the protocol description in the RFC file, it must be
10: * called by a name other than "ssh" or "Secure Shell".
1.26 markus 11: *
12: *
1.30 deraadt 13: * Copyright (c) 1999 Niels Provos. All rights reserved.
14: * Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
1.26 markus 15: *
1.30 deraadt 16: * Redistribution and use in source and binary forms, with or without
17: * modification, are permitted provided that the following conditions
18: * are met:
19: * 1. Redistributions of source code must retain the above copyright
20: * notice, this list of conditions and the following disclaimer.
21: * 2. Redistributions in binary form must reproduce the above copyright
22: * notice, this list of conditions and the following disclaimer in the
23: * documentation and/or other materials provided with the distribution.
1.26 markus 24: *
1.30 deraadt 25: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.17 deraadt 35: */
1.1 deraadt 36:
37: #include "includes.h"
1.45 ! itojun 38: RCSID("$OpenBSD: cipher.c,v 1.44 2001/05/28 22:51:10 markus Exp $");
1.1 deraadt 39:
1.24 markus 40: #include "xmalloc.h"
1.42 markus 41: #include "log.h"
42: #include "cipher.h"
1.8 deraadt 43:
1.25 markus 44: #include <openssl/md5.h>
1.1 deraadt 45:
1.32 markus 46: /* no encryption */
1.45 ! itojun 47: static void
1.32 markus 48: none_setkey(CipherContext *cc, const u_char *key, u_int keylen)
49: {
50: }
1.45 ! itojun 51: static void
1.32 markus 52: none_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
53: {
54: }
1.45 ! itojun 55: static void
1.32 markus 56: none_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
57: {
58: memcpy(dest, src, len);
59: }
60:
61: /* DES */
1.45 ! itojun 62: static void
1.32 markus 63: des_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
64: {
1.34 markus 65: static int dowarn = 1;
66: if (dowarn) {
67: error("Warning: use of DES is strongly discouraged "
68: "due to cryptographic weaknesses");
69: dowarn = 0;
70: }
1.32 markus 71: des_set_key((void *)key, cc->u.des.key);
72: }
1.45 ! itojun 73: static void
1.32 markus 74: des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
75: {
76: memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv));
77: }
1.45 ! itojun 78: static void
1.32 markus 79: des_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
80: {
81: des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
82: DES_ENCRYPT);
83: }
1.45 ! itojun 84: static void
1.32 markus 85: des_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
86: {
87: des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
88: DES_DECRYPT);
89: }
90:
91: /* 3DES */
1.45 ! itojun 92: static void
1.32 markus 93: des3_setkey(CipherContext *cc, const u_char *key, u_int keylen)
94: {
95: des_set_key((void *) key, cc->u.des3.key1);
96: des_set_key((void *) (key+8), cc->u.des3.key2);
97: des_set_key((void *) (key+16), cc->u.des3.key3);
98: }
1.45 ! itojun 99: static void
1.32 markus 100: des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
101: {
1.44 markus 102: memset(cc->u.des3.iv1, 0, sizeof(cc->u.des3.iv1));
1.32 markus 103: memset(cc->u.des3.iv2, 0, sizeof(cc->u.des3.iv2));
104: memset(cc->u.des3.iv3, 0, sizeof(cc->u.des3.iv3));
105: if (iv == NULL)
106: return;
107: memcpy(cc->u.des3.iv3, (char *)iv, 8);
108: }
1.45 ! itojun 109: static void
1.32 markus 110: des3_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
111: {
112: des_ede3_cbc_encrypt(src, dest, len,
113: cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
114: &cc->u.des3.iv3, DES_ENCRYPT);
115: }
1.45 ! itojun 116: static void
1.32 markus 117: des3_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
118: {
119: des_ede3_cbc_encrypt(src, dest, len,
120: cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
121: &cc->u.des3.iv3, DES_DECRYPT);
122: }
123:
1.1 deraadt 124: /*
1.24 markus 125: * This is used by SSH1:
126: *
1.23 deraadt 127: * What kind of triple DES are these 2 routines?
1.1 deraadt 128: *
129: * Why is there a redundant initialization vector?
130: *
131: * If only iv3 was used, then, this would till effect have been
132: * outer-cbc. However, there is also a private iv1 == iv2 which
133: * perhaps makes differential analysis easier. On the other hand, the
134: * private iv1 probably makes the CRC-32 attack ineffective. This is a
135: * result of that there is no longer any known iv1 to use when
136: * choosing the X block.
137: */
1.45 ! itojun 138: static void
1.32 markus 139: des3_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
140: {
141: des_set_key((void *) key, cc->u.des3.key1);
142: des_set_key((void *) (key+8), cc->u.des3.key2);
143: if (keylen <= 16)
144: des_set_key((void *) key, cc->u.des3.key3);
145: else
146: des_set_key((void *) (key+16), cc->u.des3.key3);
147: }
1.45 ! itojun 148: static void
1.32 markus 149: des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
150: u_int len)
1.1 deraadt 151: {
1.44 markus 152: des_ncbc_encrypt(src, dest, len, cc->u.des3.key1, &cc->u.des3.iv1,
153: DES_ENCRYPT);
154: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, &cc->u.des3.iv2,
155: DES_DECRYPT);
156: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key3, &cc->u.des3.iv3,
157: DES_ENCRYPT);
1.1 deraadt 158: }
1.45 ! itojun 159: static void
1.32 markus 160: des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
161: u_int len)
1.1 deraadt 162: {
1.44 markus 163: des_ncbc_encrypt(src, dest, len, cc->u.des3.key3, &cc->u.des3.iv3,
164: DES_DECRYPT);
165: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, &cc->u.des3.iv2,
166: DES_ENCRYPT);
167: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key1, &cc->u.des3.iv1,
168: DES_DECRYPT);
1.1 deraadt 169: }
170:
1.32 markus 171: /* Blowfish */
1.45 ! itojun 172: static void
1.32 markus 173: blowfish_setkey(CipherContext *cc, const u_char *key, u_int keylen)
174: {
1.41 markus 175: BF_set_key(&cc->u.bf.key, keylen, (u_char *)key);
1.32 markus 176: }
1.45 ! itojun 177: static void
1.32 markus 178: blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
179: {
180: if (iv == NULL)
181: memset(cc->u.bf.iv, 0, 8);
182: else
183: memcpy(cc->u.bf.iv, (char *)iv, 8);
184: }
1.45 ! itojun 185: static void
1.32 markus 186: blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
187: u_int len)
188: {
189: BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
190: BF_ENCRYPT);
191: }
1.45 ! itojun 192: static void
1.32 markus 193: blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
194: u_int len)
195: {
196: BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
197: BF_DECRYPT);
198: }
199:
1.1 deraadt 200: /*
1.24 markus 201: * SSH1 uses a variation on Blowfish, all bytes must be swapped before
1.1 deraadt 202: * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
203: */
1.16 markus 204: static void
1.41 markus 205: swap_bytes(const u_char *src, u_char *dst, int n)
1.1 deraadt 206: {
1.37 markus 207: char c[4];
208:
209: /* Process 4 bytes every lap. */
210: for (n = n / 4; n > 0; n--) {
211: c[3] = *src++;
212: c[2] = *src++;
213: c[1] = *src++;
214: c[0] = *src++;
215:
216: *dst++ = c[0];
217: *dst++ = c[1];
218: *dst++ = c[2];
219: *dst++ = c[3];
1.16 markus 220: }
1.1 deraadt 221: }
222:
1.45 ! itojun 223: static void
1.32 markus 224: blowfish_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
225: u_int len)
226: {
227: swap_bytes(src, dest, len);
228: BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
229: BF_ENCRYPT);
230: swap_bytes(dest, dest, len);
231: }
1.45 ! itojun 232: static void
1.32 markus 233: blowfish_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
234: u_int len)
1.4 provos 235: {
1.32 markus 236: swap_bytes(src, dest, len);
237: BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
238: BF_DECRYPT);
239: swap_bytes(dest, dest, len);
240: }
1.1 deraadt 241:
1.32 markus 242: /* alleged rc4 */
1.45 ! itojun 243: static void
1.32 markus 244: arcfour_setkey(CipherContext *cc, const u_char *key, u_int keylen)
245: {
246: RC4_set_key(&cc->u.rc4, keylen, (u_char *)key);
247: }
1.45 ! itojun 248: static void
1.32 markus 249: arcfour_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
250: {
251: RC4(&cc->u.rc4, len, (u_char *)src, dest);
252: }
1.1 deraadt 253:
1.32 markus 254: /* CAST */
1.45 ! itojun 255: static void
1.32 markus 256: cast_setkey(CipherContext *cc, const u_char *key, u_int keylen)
257: {
1.41 markus 258: CAST_set_key(&cc->u.cast.key, keylen, (u_char *) key);
1.32 markus 259: }
1.45 ! itojun 260: static void
1.32 markus 261: cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
1.1 deraadt 262: {
1.43 stevesk 263: if (iv == NULL)
1.32 markus 264: fatal("no IV for %s.", cc->cipher->name);
265: memcpy(cc->u.cast.iv, (char *)iv, 8);
1.22 markus 266: }
1.45 ! itojun 267: static void
1.32 markus 268: cast_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.22 markus 269: {
1.32 markus 270: CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
271: CAST_ENCRYPT);
1.1 deraadt 272: }
1.45 ! itojun 273: static void
1.32 markus 274: cast_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.22 markus 275: {
1.32 markus 276: CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
277: CAST_DECRYPT);
1.22 markus 278: }
1.1 deraadt 279:
1.35 markus 280: /* RIJNDAEL */
281:
282: #define RIJNDAEL_BLOCKSIZE 16
1.45 ! itojun 283: static void
1.35 markus 284: rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
285: {
1.40 markus 286: rijndael_set_key(&cc->u.rijndael.enc, (u4byte *)key, 8*keylen, 1);
287: rijndael_set_key(&cc->u.rijndael.dec, (u4byte *)key, 8*keylen, 0);
1.35 markus 288: }
1.45 ! itojun 289: static void
1.35 markus 290: rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
291: {
1.43 stevesk 292: if (iv == NULL)
1.40 markus 293: fatal("no IV for %s.", cc->cipher->name);
294: memcpy((u_char *)cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
1.35 markus 295: }
1.45 ! itojun 296: static void
1.35 markus 297: rijndael_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
298: u_int len)
299: {
1.40 markus 300: rijndael_ctx *ctx = &cc->u.rijndael.enc;
301: u4byte *iv = cc->u.rijndael.iv;
302: u4byte in[4];
303: u4byte *cprev, *cnow, *plain;
304: int i, blocks = len / RIJNDAEL_BLOCKSIZE;
1.35 markus 305: if (len == 0)
306: return;
307: if (len % RIJNDAEL_BLOCKSIZE)
308: fatal("rijndael_cbc_encrypt: bad len %d", len);
1.40 markus 309: cnow = (u4byte*) dest;
310: plain = (u4byte*) src;
1.35 markus 311: cprev = iv;
1.40 markus 312: for(i = 0; i < blocks; i++, plain+=4, cnow+=4) {
313: in[0] = plain[0] ^ cprev[0];
314: in[1] = plain[1] ^ cprev[1];
315: in[2] = plain[2] ^ cprev[2];
316: in[3] = plain[3] ^ cprev[3];
1.35 markus 317: rijndael_encrypt(ctx, in, cnow);
318: cprev = cnow;
319: }
320: memcpy(iv, cprev, RIJNDAEL_BLOCKSIZE);
321: }
322:
1.45 ! itojun 323: static void
1.35 markus 324: rijndael_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
325: u_int len)
326: {
1.40 markus 327: rijndael_ctx *ctx = &cc->u.rijndael.dec;
328: u4byte *iv = cc->u.rijndael.iv;
329: u4byte ivsaved[4];
330: u4byte *cnow = (u4byte*) (src+len-RIJNDAEL_BLOCKSIZE);
331: u4byte *plain = (u4byte*) (dest+len-RIJNDAEL_BLOCKSIZE);
332: u4byte *ivp;
333: int i, blocks = len / RIJNDAEL_BLOCKSIZE;
1.35 markus 334: if (len == 0)
335: return;
336: if (len % RIJNDAEL_BLOCKSIZE)
337: fatal("rijndael_cbc_decrypt: bad len %d", len);
338: memcpy(ivsaved, cnow, RIJNDAEL_BLOCKSIZE);
1.40 markus 339: for(i = blocks; i > 0; i--, cnow-=4, plain-=4) {
1.35 markus 340: rijndael_decrypt(ctx, cnow, plain);
1.40 markus 341: ivp = (i == 1) ? iv : cnow-4;
342: plain[0] ^= ivp[0];
343: plain[1] ^= ivp[1];
344: plain[2] ^= ivp[2];
345: plain[3] ^= ivp[3];
1.35 markus 346: }
347: memcpy(iv, ivsaved, RIJNDAEL_BLOCKSIZE);
348: }
1.32 markus 349:
350: Cipher ciphers[] = {
351: { "none",
352: SSH_CIPHER_NONE, 8, 0,
353: none_setkey, none_setiv,
354: none_crypt, none_crypt },
1.34 markus 355: { "des",
356: SSH_CIPHER_DES, 8, 8,
357: des_ssh1_setkey, des_ssh1_setiv,
358: des_ssh1_encrypt, des_ssh1_decrypt },
1.32 markus 359: { "3des",
360: SSH_CIPHER_3DES, 8, 16,
361: des3_ssh1_setkey, des3_setiv,
362: des3_ssh1_encrypt, des3_ssh1_decrypt },
363: { "blowfish",
364: SSH_CIPHER_BLOWFISH, 8, 16,
365: blowfish_setkey, blowfish_setiv,
366: blowfish_ssh1_encrypt, blowfish_ssh1_decrypt },
367:
368: { "3des-cbc",
369: SSH_CIPHER_SSH2, 8, 24,
370: des3_setkey, des3_setiv,
371: des3_cbc_encrypt, des3_cbc_decrypt },
372: { "blowfish-cbc",
373: SSH_CIPHER_SSH2, 8, 16,
374: blowfish_setkey, blowfish_setiv,
375: blowfish_cbc_encrypt, blowfish_cbc_decrypt },
376: { "cast128-cbc",
377: SSH_CIPHER_SSH2, 8, 16,
378: cast_setkey, cast_setiv,
379: cast_cbc_encrypt, cast_cbc_decrypt },
380: { "arcfour",
381: SSH_CIPHER_SSH2, 8, 16,
382: arcfour_setkey, none_setiv,
383: arcfour_crypt, arcfour_crypt },
1.35 markus 384: { "aes128-cbc",
385: SSH_CIPHER_SSH2, 16, 16,
386: rijndael_setkey, rijndael_setiv,
387: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
388: { "aes192-cbc",
389: SSH_CIPHER_SSH2, 16, 24,
390: rijndael_setkey, rijndael_setiv,
391: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
392: { "aes256-cbc",
393: SSH_CIPHER_SSH2, 16, 32,
394: rijndael_setkey, rijndael_setiv,
395: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
396: { "rijndael128-cbc",
397: SSH_CIPHER_SSH2, 16, 16,
398: rijndael_setkey, rijndael_setiv,
399: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
400: { "rijndael192-cbc",
401: SSH_CIPHER_SSH2, 16, 24,
402: rijndael_setkey, rijndael_setiv,
403: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
404: { "rijndael256-cbc",
405: SSH_CIPHER_SSH2, 16, 32,
406: rijndael_setkey, rijndael_setiv,
407: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
408: { "rijndael-cbc@lysator.liu.se",
409: SSH_CIPHER_SSH2, 16, 32,
410: rijndael_setkey, rijndael_setiv,
411: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
1.43 stevesk 412: { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
1.32 markus 413: };
414:
415: /*--*/
1.1 deraadt 416:
1.41 markus 417: u_int
1.34 markus 418: cipher_mask_ssh1(int client)
1.1 deraadt 419: {
1.41 markus 420: u_int mask = 0;
1.34 markus 421: mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
422: mask |= 1 << SSH_CIPHER_BLOWFISH;
423: if (client) {
424: mask |= 1 << SSH_CIPHER_DES;
1.32 markus 425: }
426: return mask;
1.1 deraadt 427: }
428:
1.32 markus 429: Cipher *
430: cipher_by_name(const char *name)
431: {
432: Cipher *c;
433: for (c = ciphers; c->name != NULL; c++)
434: if (strcasecmp(c->name, name) == 0)
435: return c;
436: return NULL;
437: }
438:
439: Cipher *
440: cipher_by_number(int id)
441: {
442: Cipher *c;
443: for (c = ciphers; c->name != NULL; c++)
444: if (c->number == id)
445: return c;
446: return NULL;
447: }
1.24 markus 448:
449: #define CIPHER_SEP ","
450: int
451: ciphers_valid(const char *names)
452: {
1.32 markus 453: Cipher *c;
1.29 ho 454: char *ciphers, *cp;
1.24 markus 455: char *p;
456:
1.27 markus 457: if (names == NULL || strcmp(names, "") == 0)
1.24 markus 458: return 0;
1.29 ho 459: ciphers = cp = xstrdup(names);
1.32 markus 460: for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
1.29 ho 461: (p = strsep(&cp, CIPHER_SEP))) {
1.32 markus 462: c = cipher_by_name(p);
463: if (c == NULL || c->number != SSH_CIPHER_SSH2) {
464: debug("bad cipher %s [%s]", p, names);
1.24 markus 465: xfree(ciphers);
466: return 0;
1.32 markus 467: } else {
1.36 markus 468: debug3("cipher ok: %s [%s]", p, names);
1.24 markus 469: }
470: }
1.36 markus 471: debug3("ciphers ok: [%s]", names);
1.24 markus 472: xfree(ciphers);
473: return 1;
474: }
475:
1.18 markus 476: /*
477: * Parses the name of the cipher. Returns the number of the corresponding
478: * cipher, or -1 on error.
479: */
1.1 deraadt 480:
1.4 provos 481: int
482: cipher_number(const char *name)
1.1 deraadt 483: {
1.32 markus 484: Cipher *c;
1.27 markus 485: if (name == NULL)
486: return -1;
1.32 markus 487: c = cipher_by_name(name);
488: return (c==NULL) ? -1 : c->number;
1.1 deraadt 489: }
490:
1.32 markus 491: char *
492: cipher_name(int id)
1.1 deraadt 493: {
1.32 markus 494: Cipher *c = cipher_by_number(id);
495: return (c==NULL) ? "<unknown>" : c->name;
1.1 deraadt 496: }
497:
1.26 markus 498: void
1.32 markus 499: cipher_init(CipherContext *cc, Cipher *cipher,
500: const u_char *key, u_int keylen, const u_char *iv, u_int ivlen)
1.16 markus 501: {
1.32 markus 502: if (keylen < cipher->key_len)
503: fatal("cipher_init: key length %d is insufficient for %s.",
504: keylen, cipher->name);
505: if (iv != NULL && ivlen < cipher->block_size)
506: fatal("cipher_init: iv length %d is insufficient for %s.",
507: ivlen, cipher->name);
508: cc->cipher = cipher;
509: cipher->setkey(cc, key, keylen);
510: cipher->setiv(cc, iv, ivlen);
1.1 deraadt 511: }
1.21 markus 512:
1.26 markus 513: void
1.32 markus 514: cipher_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
515: {
516: if (len % cc->cipher->block_size)
517: fatal("cipher_encrypt: bad plaintext length %d", len);
518: cc->cipher->encrypt(cc, dest, src, len);
1.21 markus 519: }
520:
1.26 markus 521: void
1.32 markus 522: cipher_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.16 markus 523: {
1.32 markus 524: if (len % cc->cipher->block_size)
525: fatal("cipher_decrypt: bad ciphertext length %d", len);
526: cc->cipher->decrypt(cc, dest, src, len);
1.16 markus 527: }
1.1 deraadt 528:
1.32 markus 529: /*
530: * Selects the cipher, and keys if by computing the MD5 checksum of the
531: * passphrase and using the resulting 16 bytes as the key.
532: */
1.1 deraadt 533:
1.26 markus 534: void
1.32 markus 535: cipher_set_key_string(CipherContext *cc, Cipher *cipher,
536: const char *passphrase)
1.16 markus 537: {
1.32 markus 538: MD5_CTX md;
1.41 markus 539: u_char digest[16];
1.32 markus 540:
541: MD5_Init(&md);
542: MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
543: MD5_Final(digest, &md);
1.16 markus 544:
1.32 markus 545: cipher_init(cc, cipher, digest, 16, NULL, 0);
1.16 markus 546:
1.32 markus 547: memset(digest, 0, sizeof(digest));
548: memset(&md, 0, sizeof(md));
1.1 deraadt 549: }