Annotation of src/usr.bin/ssh/cipher.c, Revision 1.51
1.1 deraadt 1: /*
1.30 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.26 markus 5: *
1.30 deraadt 6: * As far as I am concerned, the code I have written for this software
7: * can be used freely for any purpose. Any derived versions of this
8: * software must be clearly marked as such, and if the derived work is
9: * incompatible with the protocol description in the RFC file, it must be
10: * called by a name other than "ssh" or "Secure Shell".
1.26 markus 11: *
12: *
1.30 deraadt 13: * Copyright (c) 1999 Niels Provos. All rights reserved.
1.46 markus 14: * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved.
1.26 markus 15: *
1.30 deraadt 16: * Redistribution and use in source and binary forms, with or without
17: * modification, are permitted provided that the following conditions
18: * are met:
19: * 1. Redistributions of source code must retain the above copyright
20: * notice, this list of conditions and the following disclaimer.
21: * 2. Redistributions in binary form must reproduce the above copyright
22: * notice, this list of conditions and the following disclaimer in the
23: * documentation and/or other materials provided with the distribution.
1.26 markus 24: *
1.30 deraadt 25: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.17 deraadt 35: */
1.1 deraadt 36:
37: #include "includes.h"
1.51 ! markus 38: RCSID("$OpenBSD: cipher.c,v 1.50 2002/01/21 22:30:12 markus Exp $");
1.1 deraadt 39:
1.24 markus 40: #include "xmalloc.h"
1.42 markus 41: #include "log.h"
42: #include "cipher.h"
1.8 deraadt 43:
1.25 markus 44: #include <openssl/md5.h>
1.1 deraadt 45:
1.51 ! markus 46: struct Cipher {
! 47: char *name;
! 48: int number; /* for ssh1 only */
! 49: u_int block_size;
! 50: u_int key_len;
! 51: void (*setkey)(CipherContext *, const u_char *, u_int);
! 52: void (*setiv)(CipherContext *, const u_char *, u_int);
! 53: void (*encrypt)(CipherContext *, u_char *, const u_char *, u_int);
! 54: void (*decrypt)(CipherContext *, u_char *, const u_char *, u_int);
! 55: };
! 56:
1.32 markus 57: /* no encryption */
1.45 itojun 58: static void
1.32 markus 59: none_setkey(CipherContext *cc, const u_char *key, u_int keylen)
60: {
61: }
1.45 itojun 62: static void
1.32 markus 63: none_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
64: {
65: }
1.45 itojun 66: static void
1.32 markus 67: none_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
68: {
69: memcpy(dest, src, len);
70: }
71:
72: /* DES */
1.45 itojun 73: static void
1.32 markus 74: des_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
75: {
1.34 markus 76: static int dowarn = 1;
77: if (dowarn) {
78: error("Warning: use of DES is strongly discouraged "
79: "due to cryptographic weaknesses");
80: dowarn = 0;
81: }
1.32 markus 82: des_set_key((void *)key, cc->u.des.key);
83: }
1.45 itojun 84: static void
1.32 markus 85: des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
86: {
87: memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv));
88: }
1.45 itojun 89: static void
1.32 markus 90: des_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
91: {
92: des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
93: DES_ENCRYPT);
94: }
1.45 itojun 95: static void
1.32 markus 96: des_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
97: {
98: des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
99: DES_DECRYPT);
100: }
101:
102: /* 3DES */
1.45 itojun 103: static void
1.32 markus 104: des3_setkey(CipherContext *cc, const u_char *key, u_int keylen)
105: {
106: des_set_key((void *) key, cc->u.des3.key1);
107: des_set_key((void *) (key+8), cc->u.des3.key2);
108: des_set_key((void *) (key+16), cc->u.des3.key3);
109: }
1.45 itojun 110: static void
1.32 markus 111: des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
112: {
1.44 markus 113: memset(cc->u.des3.iv1, 0, sizeof(cc->u.des3.iv1));
1.32 markus 114: memset(cc->u.des3.iv2, 0, sizeof(cc->u.des3.iv2));
115: memset(cc->u.des3.iv3, 0, sizeof(cc->u.des3.iv3));
116: if (iv == NULL)
117: return;
118: memcpy(cc->u.des3.iv3, (char *)iv, 8);
119: }
1.45 itojun 120: static void
1.32 markus 121: des3_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
122: {
123: des_ede3_cbc_encrypt(src, dest, len,
124: cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
125: &cc->u.des3.iv3, DES_ENCRYPT);
126: }
1.45 itojun 127: static void
1.32 markus 128: des3_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
129: {
130: des_ede3_cbc_encrypt(src, dest, len,
131: cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
132: &cc->u.des3.iv3, DES_DECRYPT);
133: }
134:
1.1 deraadt 135: /*
1.24 markus 136: * This is used by SSH1:
137: *
1.23 deraadt 138: * What kind of triple DES are these 2 routines?
1.1 deraadt 139: *
140: * Why is there a redundant initialization vector?
141: *
142: * If only iv3 was used, then, this would till effect have been
143: * outer-cbc. However, there is also a private iv1 == iv2 which
144: * perhaps makes differential analysis easier. On the other hand, the
145: * private iv1 probably makes the CRC-32 attack ineffective. This is a
146: * result of that there is no longer any known iv1 to use when
147: * choosing the X block.
148: */
1.45 itojun 149: static void
1.32 markus 150: des3_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
151: {
152: des_set_key((void *) key, cc->u.des3.key1);
153: des_set_key((void *) (key+8), cc->u.des3.key2);
154: if (keylen <= 16)
155: des_set_key((void *) key, cc->u.des3.key3);
156: else
157: des_set_key((void *) (key+16), cc->u.des3.key3);
158: }
1.45 itojun 159: static void
1.32 markus 160: des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
161: u_int len)
1.1 deraadt 162: {
1.44 markus 163: des_ncbc_encrypt(src, dest, len, cc->u.des3.key1, &cc->u.des3.iv1,
164: DES_ENCRYPT);
165: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, &cc->u.des3.iv2,
166: DES_DECRYPT);
167: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key3, &cc->u.des3.iv3,
168: DES_ENCRYPT);
1.1 deraadt 169: }
1.45 itojun 170: static void
1.32 markus 171: des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
172: u_int len)
1.1 deraadt 173: {
1.44 markus 174: des_ncbc_encrypt(src, dest, len, cc->u.des3.key3, &cc->u.des3.iv3,
175: DES_DECRYPT);
176: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, &cc->u.des3.iv2,
177: DES_ENCRYPT);
178: des_ncbc_encrypt(dest, dest, len, cc->u.des3.key1, &cc->u.des3.iv1,
179: DES_DECRYPT);
1.1 deraadt 180: }
181:
1.32 markus 182: /* Blowfish */
1.45 itojun 183: static void
1.32 markus 184: blowfish_setkey(CipherContext *cc, const u_char *key, u_int keylen)
185: {
1.41 markus 186: BF_set_key(&cc->u.bf.key, keylen, (u_char *)key);
1.32 markus 187: }
1.45 itojun 188: static void
1.32 markus 189: blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
190: {
191: if (iv == NULL)
192: memset(cc->u.bf.iv, 0, 8);
193: else
194: memcpy(cc->u.bf.iv, (char *)iv, 8);
195: }
1.45 itojun 196: static void
1.32 markus 197: blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
1.48 deraadt 198: u_int len)
1.32 markus 199: {
200: BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
201: BF_ENCRYPT);
202: }
1.45 itojun 203: static void
1.32 markus 204: blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
1.48 deraadt 205: u_int len)
1.32 markus 206: {
207: BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
208: BF_DECRYPT);
209: }
210:
1.1 deraadt 211: /*
1.24 markus 212: * SSH1 uses a variation on Blowfish, all bytes must be swapped before
1.1 deraadt 213: * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
214: */
1.16 markus 215: static void
1.41 markus 216: swap_bytes(const u_char *src, u_char *dst, int n)
1.1 deraadt 217: {
1.37 markus 218: char c[4];
219:
220: /* Process 4 bytes every lap. */
221: for (n = n / 4; n > 0; n--) {
222: c[3] = *src++;
223: c[2] = *src++;
224: c[1] = *src++;
225: c[0] = *src++;
226:
227: *dst++ = c[0];
228: *dst++ = c[1];
229: *dst++ = c[2];
230: *dst++ = c[3];
1.16 markus 231: }
1.1 deraadt 232: }
233:
1.45 itojun 234: static void
1.32 markus 235: blowfish_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
236: u_int len)
237: {
238: swap_bytes(src, dest, len);
239: BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
240: BF_ENCRYPT);
241: swap_bytes(dest, dest, len);
242: }
1.45 itojun 243: static void
1.32 markus 244: blowfish_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
245: u_int len)
1.4 provos 246: {
1.32 markus 247: swap_bytes(src, dest, len);
248: BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
249: BF_DECRYPT);
250: swap_bytes(dest, dest, len);
251: }
1.1 deraadt 252:
1.32 markus 253: /* alleged rc4 */
1.45 itojun 254: static void
1.32 markus 255: arcfour_setkey(CipherContext *cc, const u_char *key, u_int keylen)
256: {
257: RC4_set_key(&cc->u.rc4, keylen, (u_char *)key);
258: }
1.45 itojun 259: static void
1.32 markus 260: arcfour_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
261: {
262: RC4(&cc->u.rc4, len, (u_char *)src, dest);
263: }
1.1 deraadt 264:
1.32 markus 265: /* CAST */
1.45 itojun 266: static void
1.32 markus 267: cast_setkey(CipherContext *cc, const u_char *key, u_int keylen)
268: {
1.41 markus 269: CAST_set_key(&cc->u.cast.key, keylen, (u_char *) key);
1.32 markus 270: }
1.45 itojun 271: static void
1.32 markus 272: cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
1.1 deraadt 273: {
1.43 stevesk 274: if (iv == NULL)
1.32 markus 275: fatal("no IV for %s.", cc->cipher->name);
276: memcpy(cc->u.cast.iv, (char *)iv, 8);
1.22 markus 277: }
1.45 itojun 278: static void
1.32 markus 279: cast_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.22 markus 280: {
1.32 markus 281: CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
282: CAST_ENCRYPT);
1.1 deraadt 283: }
1.45 itojun 284: static void
1.32 markus 285: cast_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.22 markus 286: {
1.32 markus 287: CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
288: CAST_DECRYPT);
1.22 markus 289: }
1.1 deraadt 290:
1.35 markus 291: /* RIJNDAEL */
292:
293: #define RIJNDAEL_BLOCKSIZE 16
1.45 itojun 294: static void
1.35 markus 295: rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
296: {
1.47 markus 297: rijndael_set_key(&cc->u.rijndael.enc, (char *)key, 8*keylen, 1);
298: rijndael_set_key(&cc->u.rijndael.dec, (char *)key, 8*keylen, 0);
1.35 markus 299: }
1.45 itojun 300: static void
1.35 markus 301: rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
302: {
1.48 deraadt 303: if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE)
1.47 markus 304: fatal("bad/no IV for %s.", cc->cipher->name);
305: memcpy(cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
1.35 markus 306: }
1.45 itojun 307: static void
1.35 markus 308: rijndael_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
309: u_int len)
310: {
1.40 markus 311: rijndael_ctx *ctx = &cc->u.rijndael.enc;
1.47 markus 312: u_char *iv = cc->u.rijndael.iv;
313: u_char in[RIJNDAEL_BLOCKSIZE];
314: u_char *cprev, *cnow, *plain;
315: int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
316:
1.35 markus 317: if (len == 0)
318: return;
319: if (len % RIJNDAEL_BLOCKSIZE)
320: fatal("rijndael_cbc_encrypt: bad len %d", len);
1.47 markus 321: cnow = dest;
1.49 stevesk 322: plain = (u_char *)src;
1.35 markus 323: cprev = iv;
1.47 markus 324: for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE,
325: cnow+=RIJNDAEL_BLOCKSIZE) {
326: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
327: in[j] = plain[j] ^ cprev[j];
1.35 markus 328: rijndael_encrypt(ctx, in, cnow);
329: cprev = cnow;
330: }
331: memcpy(iv, cprev, RIJNDAEL_BLOCKSIZE);
332: }
1.45 itojun 333: static void
1.35 markus 334: rijndael_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
335: u_int len)
336: {
1.40 markus 337: rijndael_ctx *ctx = &cc->u.rijndael.dec;
1.47 markus 338: u_char *iv = cc->u.rijndael.iv;
339: u_char ivsaved[RIJNDAEL_BLOCKSIZE];
340: u_char *cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE);
341: u_char *plain = dest+len-RIJNDAEL_BLOCKSIZE;
342: u_char *ivp;
343: int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
344:
1.35 markus 345: if (len == 0)
346: return;
347: if (len % RIJNDAEL_BLOCKSIZE)
348: fatal("rijndael_cbc_decrypt: bad len %d", len);
349: memcpy(ivsaved, cnow, RIJNDAEL_BLOCKSIZE);
1.47 markus 350: for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE,
351: plain-=RIJNDAEL_BLOCKSIZE) {
1.35 markus 352: rijndael_decrypt(ctx, cnow, plain);
1.47 markus 353: ivp = (i == 1) ? iv : cnow-RIJNDAEL_BLOCKSIZE;
354: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
355: plain[j] ^= ivp[j];
1.35 markus 356: }
357: memcpy(iv, ivsaved, RIJNDAEL_BLOCKSIZE);
358: }
1.32 markus 359:
360: Cipher ciphers[] = {
361: { "none",
362: SSH_CIPHER_NONE, 8, 0,
363: none_setkey, none_setiv,
364: none_crypt, none_crypt },
1.34 markus 365: { "des",
366: SSH_CIPHER_DES, 8, 8,
367: des_ssh1_setkey, des_ssh1_setiv,
368: des_ssh1_encrypt, des_ssh1_decrypt },
1.32 markus 369: { "3des",
370: SSH_CIPHER_3DES, 8, 16,
371: des3_ssh1_setkey, des3_setiv,
372: des3_ssh1_encrypt, des3_ssh1_decrypt },
373: { "blowfish",
374: SSH_CIPHER_BLOWFISH, 8, 16,
375: blowfish_setkey, blowfish_setiv,
376: blowfish_ssh1_encrypt, blowfish_ssh1_decrypt },
377:
378: { "3des-cbc",
379: SSH_CIPHER_SSH2, 8, 24,
380: des3_setkey, des3_setiv,
381: des3_cbc_encrypt, des3_cbc_decrypt },
382: { "blowfish-cbc",
383: SSH_CIPHER_SSH2, 8, 16,
384: blowfish_setkey, blowfish_setiv,
385: blowfish_cbc_encrypt, blowfish_cbc_decrypt },
386: { "cast128-cbc",
387: SSH_CIPHER_SSH2, 8, 16,
388: cast_setkey, cast_setiv,
389: cast_cbc_encrypt, cast_cbc_decrypt },
390: { "arcfour",
391: SSH_CIPHER_SSH2, 8, 16,
392: arcfour_setkey, none_setiv,
393: arcfour_crypt, arcfour_crypt },
1.35 markus 394: { "aes128-cbc",
395: SSH_CIPHER_SSH2, 16, 16,
396: rijndael_setkey, rijndael_setiv,
397: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
398: { "aes192-cbc",
399: SSH_CIPHER_SSH2, 16, 24,
400: rijndael_setkey, rijndael_setiv,
401: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
402: { "aes256-cbc",
403: SSH_CIPHER_SSH2, 16, 32,
404: rijndael_setkey, rijndael_setiv,
405: rijndael_cbc_encrypt, rijndael_cbc_decrypt },
1.43 stevesk 406: { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
1.32 markus 407: };
408:
409: /*--*/
1.1 deraadt 410:
1.51 ! markus 411: u_int
! 412: cipher_blocksize(Cipher *c)
! 413: {
! 414: return (c->block_size);
! 415: }
! 416:
! 417: u_int
! 418: cipher_keylen(Cipher *c)
! 419: {
! 420: return (c->key_len);
! 421: }
! 422:
1.41 markus 423: u_int
1.34 markus 424: cipher_mask_ssh1(int client)
1.1 deraadt 425: {
1.41 markus 426: u_int mask = 0;
1.48 deraadt 427: mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
1.34 markus 428: mask |= 1 << SSH_CIPHER_BLOWFISH;
429: if (client) {
430: mask |= 1 << SSH_CIPHER_DES;
1.32 markus 431: }
432: return mask;
1.1 deraadt 433: }
434:
1.32 markus 435: Cipher *
436: cipher_by_name(const char *name)
437: {
438: Cipher *c;
439: for (c = ciphers; c->name != NULL; c++)
440: if (strcasecmp(c->name, name) == 0)
441: return c;
442: return NULL;
443: }
444:
445: Cipher *
446: cipher_by_number(int id)
447: {
448: Cipher *c;
449: for (c = ciphers; c->name != NULL; c++)
450: if (c->number == id)
451: return c;
452: return NULL;
453: }
1.24 markus 454:
455: #define CIPHER_SEP ","
456: int
457: ciphers_valid(const char *names)
458: {
1.32 markus 459: Cipher *c;
1.29 ho 460: char *ciphers, *cp;
1.24 markus 461: char *p;
462:
1.27 markus 463: if (names == NULL || strcmp(names, "") == 0)
1.24 markus 464: return 0;
1.29 ho 465: ciphers = cp = xstrdup(names);
1.32 markus 466: for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
1.48 deraadt 467: (p = strsep(&cp, CIPHER_SEP))) {
1.32 markus 468: c = cipher_by_name(p);
469: if (c == NULL || c->number != SSH_CIPHER_SSH2) {
470: debug("bad cipher %s [%s]", p, names);
1.24 markus 471: xfree(ciphers);
472: return 0;
1.32 markus 473: } else {
1.36 markus 474: debug3("cipher ok: %s [%s]", p, names);
1.24 markus 475: }
476: }
1.36 markus 477: debug3("ciphers ok: [%s]", names);
1.24 markus 478: xfree(ciphers);
479: return 1;
480: }
481:
1.18 markus 482: /*
483: * Parses the name of the cipher. Returns the number of the corresponding
484: * cipher, or -1 on error.
485: */
1.1 deraadt 486:
1.4 provos 487: int
488: cipher_number(const char *name)
1.1 deraadt 489: {
1.32 markus 490: Cipher *c;
1.27 markus 491: if (name == NULL)
492: return -1;
1.32 markus 493: c = cipher_by_name(name);
494: return (c==NULL) ? -1 : c->number;
1.1 deraadt 495: }
496:
1.32 markus 497: char *
498: cipher_name(int id)
1.1 deraadt 499: {
1.32 markus 500: Cipher *c = cipher_by_number(id);
501: return (c==NULL) ? "<unknown>" : c->name;
1.1 deraadt 502: }
503:
1.26 markus 504: void
1.51 ! markus 505: cipher_init(CipherContext *cc, Cipher *cipher, const u_char *key,
! 506: u_int keylen, const u_char *iv, u_int ivlen, int encrypt)
1.16 markus 507: {
1.32 markus 508: if (keylen < cipher->key_len)
509: fatal("cipher_init: key length %d is insufficient for %s.",
510: keylen, cipher->name);
511: if (iv != NULL && ivlen < cipher->block_size)
512: fatal("cipher_init: iv length %d is insufficient for %s.",
513: ivlen, cipher->name);
514: cc->cipher = cipher;
1.51 ! markus 515: cc->encrypt = (encrypt == CIPHER_ENCRYPT);
1.32 markus 516: cipher->setkey(cc, key, keylen);
517: cipher->setiv(cc, iv, ivlen);
1.1 deraadt 518: }
1.21 markus 519:
1.26 markus 520: void
1.51 ! markus 521: cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.32 markus 522: {
523: if (len % cc->cipher->block_size)
524: fatal("cipher_encrypt: bad plaintext length %d", len);
1.51 ! markus 525: if (cc->encrypt)
! 526: cc->cipher->encrypt(cc, dest, src, len);
! 527: else
! 528: cc->cipher->decrypt(cc, dest, src, len);
1.21 markus 529: }
530:
1.26 markus 531: void
1.51 ! markus 532: cipher_cleanup(CipherContext *cc)
1.16 markus 533: {
1.51 ! markus 534: memset(cc, 0, sizeof(*cc));
1.16 markus 535: }
1.1 deraadt 536:
1.32 markus 537: /*
538: * Selects the cipher, and keys if by computing the MD5 checksum of the
539: * passphrase and using the resulting 16 bytes as the key.
540: */
1.1 deraadt 541:
1.26 markus 542: void
1.32 markus 543: cipher_set_key_string(CipherContext *cc, Cipher *cipher,
1.51 ! markus 544: const char *passphrase, int encrypt)
1.16 markus 545: {
1.32 markus 546: MD5_CTX md;
1.41 markus 547: u_char digest[16];
1.32 markus 548:
549: MD5_Init(&md);
550: MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
551: MD5_Final(digest, &md);
1.16 markus 552:
1.51 ! markus 553: cipher_init(cc, cipher, digest, 16, NULL, 0, encrypt);
1.16 markus 554:
1.32 markus 555: memset(digest, 0, sizeof(digest));
556: memset(&md, 0, sizeof(md));
1.1 deraadt 557: }