Annotation of src/usr.bin/ssh/cipher.c, Revision 1.56
1.1 deraadt 1: /*
1.30 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
1.26 markus 5: *
1.30 deraadt 6: * As far as I am concerned, the code I have written for this software
7: * can be used freely for any purpose. Any derived versions of this
8: * software must be clearly marked as such, and if the derived work is
9: * incompatible with the protocol description in the RFC file, it must be
10: * called by a name other than "ssh" or "Secure Shell".
1.26 markus 11: *
12: *
1.30 deraadt 13: * Copyright (c) 1999 Niels Provos. All rights reserved.
1.46 markus 14: * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved.
1.26 markus 15: *
1.30 deraadt 16: * Redistribution and use in source and binary forms, with or without
17: * modification, are permitted provided that the following conditions
18: * are met:
19: * 1. Redistributions of source code must retain the above copyright
20: * notice, this list of conditions and the following disclaimer.
21: * 2. Redistributions in binary form must reproduce the above copyright
22: * notice, this list of conditions and the following disclaimer in the
23: * documentation and/or other materials provided with the distribution.
1.26 markus 24: *
1.30 deraadt 25: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.17 deraadt 35: */
1.1 deraadt 36:
37: #include "includes.h"
1.56 ! markus 38: RCSID("$OpenBSD: cipher.c,v 1.55 2002/04/03 09:26:11 markus Exp $");
1.1 deraadt 39:
1.24 markus 40: #include "xmalloc.h"
1.42 markus 41: #include "log.h"
42: #include "cipher.h"
1.8 deraadt 43:
1.25 markus 44: #include <openssl/md5.h>
1.52 markus 45: #include "rijndael.h"
46:
1.56 ! markus 47: static const EVP_CIPHER *evp_ssh1_3des(void);
! 48: static const EVP_CIPHER *evp_ssh1_bf(void);
! 49: static const EVP_CIPHER *evp_rijndael(void);
1.1 deraadt 50:
1.51 markus 51: struct Cipher {
52: char *name;
53: int number; /* for ssh1 only */
54: u_int block_size;
55: u_int key_len;
1.56 ! markus 56: const EVP_CIPHER *(*evptype)(void);
1.52 markus 57: } ciphers[] = {
58: { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
59: { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },
60: { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des },
61: { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf },
62:
63: { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },
64: { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },
65: { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },
66: { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 },
67: { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael },
68: { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael },
69: { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
1.55 markus 70: { "rijndael-cbc@lysator.liu.se",
71: SSH_CIPHER_SSH2, 16, 32, evp_rijndael },
1.47 markus 72:
1.52 markus 73: { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }
1.32 markus 74: };
75:
76: /*--*/
1.1 deraadt 77:
1.54 markus 78: u_int
1.51 markus 79: cipher_blocksize(Cipher *c)
80: {
81: return (c->block_size);
82: }
1.54 markus 83: u_int
1.51 markus 84: cipher_keylen(Cipher *c)
85: {
86: return (c->key_len);
87: }
1.54 markus 88: u_int
1.53 markus 89: cipher_get_number(Cipher *c)
90: {
91: return (c->number);
92: }
1.51 markus 93:
1.41 markus 94: u_int
1.34 markus 95: cipher_mask_ssh1(int client)
1.1 deraadt 96: {
1.41 markus 97: u_int mask = 0;
1.48 deraadt 98: mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
1.34 markus 99: mask |= 1 << SSH_CIPHER_BLOWFISH;
100: if (client) {
101: mask |= 1 << SSH_CIPHER_DES;
1.32 markus 102: }
103: return mask;
1.1 deraadt 104: }
105:
1.32 markus 106: Cipher *
107: cipher_by_name(const char *name)
108: {
109: Cipher *c;
110: for (c = ciphers; c->name != NULL; c++)
111: if (strcasecmp(c->name, name) == 0)
112: return c;
113: return NULL;
114: }
115:
116: Cipher *
117: cipher_by_number(int id)
118: {
119: Cipher *c;
120: for (c = ciphers; c->name != NULL; c++)
121: if (c->number == id)
122: return c;
123: return NULL;
124: }
1.24 markus 125:
126: #define CIPHER_SEP ","
127: int
128: ciphers_valid(const char *names)
129: {
1.32 markus 130: Cipher *c;
1.29 ho 131: char *ciphers, *cp;
1.24 markus 132: char *p;
133:
1.27 markus 134: if (names == NULL || strcmp(names, "") == 0)
1.24 markus 135: return 0;
1.29 ho 136: ciphers = cp = xstrdup(names);
1.32 markus 137: for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
1.48 deraadt 138: (p = strsep(&cp, CIPHER_SEP))) {
1.32 markus 139: c = cipher_by_name(p);
140: if (c == NULL || c->number != SSH_CIPHER_SSH2) {
141: debug("bad cipher %s [%s]", p, names);
1.24 markus 142: xfree(ciphers);
143: return 0;
1.32 markus 144: } else {
1.36 markus 145: debug3("cipher ok: %s [%s]", p, names);
1.24 markus 146: }
147: }
1.36 markus 148: debug3("ciphers ok: [%s]", names);
1.24 markus 149: xfree(ciphers);
150: return 1;
151: }
152:
1.18 markus 153: /*
154: * Parses the name of the cipher. Returns the number of the corresponding
155: * cipher, or -1 on error.
156: */
1.1 deraadt 157:
1.4 provos 158: int
159: cipher_number(const char *name)
1.1 deraadt 160: {
1.32 markus 161: Cipher *c;
1.27 markus 162: if (name == NULL)
163: return -1;
1.32 markus 164: c = cipher_by_name(name);
165: return (c==NULL) ? -1 : c->number;
1.1 deraadt 166: }
167:
1.32 markus 168: char *
169: cipher_name(int id)
1.1 deraadt 170: {
1.32 markus 171: Cipher *c = cipher_by_number(id);
172: return (c==NULL) ? "<unknown>" : c->name;
1.1 deraadt 173: }
174:
1.26 markus 175: void
1.52 markus 176: cipher_init(CipherContext *cc, Cipher *cipher,
177: const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
178: int encrypt)
1.16 markus 179: {
1.52 markus 180: static int dowarn = 1;
181: const EVP_CIPHER *type;
182: int klen;
183:
184: if (cipher->number == SSH_CIPHER_DES) {
185: if (dowarn) {
186: error("Warning: use of DES is strongly discouraged "
187: "due to cryptographic weaknesses");
188: dowarn = 0;
189: }
190: if (keylen > 8)
191: keylen = 8;
192: }
193: cc->plaintext = (cipher->number == SSH_CIPHER_NONE);
194:
1.32 markus 195: if (keylen < cipher->key_len)
196: fatal("cipher_init: key length %d is insufficient for %s.",
197: keylen, cipher->name);
198: if (iv != NULL && ivlen < cipher->block_size)
199: fatal("cipher_init: iv length %d is insufficient for %s.",
200: ivlen, cipher->name);
201: cc->cipher = cipher;
1.52 markus 202:
203: type = (*cipher->evptype)();
204:
205: EVP_CIPHER_CTX_init(&cc->evp);
206: if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,
207: (encrypt == CIPHER_ENCRYPT)) == 0)
208: fatal("cipher_init: EVP_CipherInit failed for %s",
209: cipher->name);
210: klen = EVP_CIPHER_CTX_key_length(&cc->evp);
211: if (klen > 0 && keylen != klen) {
212: debug("cipher_init: set keylen (%d -> %d)", klen, keylen);
213: if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
214: fatal("cipher_init: set keylen failed (%d -> %d)",
215: klen, keylen);
216: }
217: if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0)
218: fatal("cipher_init: EVP_CipherInit: set key failed for %s",
219: cipher->name);
1.1 deraadt 220: }
1.21 markus 221:
1.26 markus 222: void
1.51 markus 223: cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
1.32 markus 224: {
225: if (len % cc->cipher->block_size)
226: fatal("cipher_encrypt: bad plaintext length %d", len);
1.52 markus 227: if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
228: fatal("evp_crypt: EVP_Cipher failed");
1.21 markus 229: }
230:
1.26 markus 231: void
1.51 markus 232: cipher_cleanup(CipherContext *cc)
1.16 markus 233: {
1.52 markus 234: if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
235: error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
1.16 markus 236: }
1.1 deraadt 237:
1.32 markus 238: /*
239: * Selects the cipher, and keys if by computing the MD5 checksum of the
240: * passphrase and using the resulting 16 bytes as the key.
241: */
1.1 deraadt 242:
1.26 markus 243: void
1.32 markus 244: cipher_set_key_string(CipherContext *cc, Cipher *cipher,
1.51 markus 245: const char *passphrase, int encrypt)
1.16 markus 246: {
1.32 markus 247: MD5_CTX md;
1.41 markus 248: u_char digest[16];
1.32 markus 249:
250: MD5_Init(&md);
251: MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase));
252: MD5_Final(digest, &md);
1.16 markus 253:
1.51 markus 254: cipher_init(cc, cipher, digest, 16, NULL, 0, encrypt);
1.16 markus 255:
1.32 markus 256: memset(digest, 0, sizeof(digest));
257: memset(&md, 0, sizeof(md));
1.52 markus 258: }
259:
260: /* Implementations for other non-EVP ciphers */
261:
262: /*
263: * This is used by SSH1:
264: *
265: * What kind of triple DES are these 2 routines?
266: *
267: * Why is there a redundant initialization vector?
268: *
269: * If only iv3 was used, then, this would till effect have been
270: * outer-cbc. However, there is also a private iv1 == iv2 which
271: * perhaps makes differential analysis easier. On the other hand, the
272: * private iv1 probably makes the CRC-32 attack ineffective. This is a
273: * result of that there is no longer any known iv1 to use when
274: * choosing the X block.
275: */
276: struct ssh1_3des_ctx
277: {
278: EVP_CIPHER_CTX k1, k2, k3;
279: };
280: static int
281: ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
282: int enc)
283: {
284: struct ssh1_3des_ctx *c;
285: u_char *k1, *k2, *k3;
286:
287: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
288: c = xmalloc(sizeof(*c));
289: EVP_CIPHER_CTX_set_app_data(ctx, c);
290: }
291: if (key == NULL)
292: return (1);
293: if (enc == -1)
294: enc = ctx->encrypt;
295: k1 = k2 = k3 = (u_char *) key;
296: k2 += 8;
297: if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
298: if (enc)
299: k3 += 16;
300: else
301: k1 += 16;
302: }
303: EVP_CIPHER_CTX_init(&c->k1);
304: EVP_CIPHER_CTX_init(&c->k2);
305: EVP_CIPHER_CTX_init(&c->k3);
306: if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
307: EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
308: EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
309: memset(c, 0, sizeof(*c));
310: xfree(c);
311: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
312: return (0);
313: }
314: return (1);
315: }
316: static int
317: ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
318: {
319: struct ssh1_3des_ctx *c;
320:
321: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
322: error("ssh1_3des_cbc: no context");
323: return (0);
324: }
325: if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
326: EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
327: EVP_Cipher(&c->k3, dest, dest, len) == 0)
328: return (0);
329: return (1);
330: }
331: static int
332: ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
333: {
334: struct ssh1_3des_ctx *c;
335:
336: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
337: memset(c, 0, sizeof(*c));
338: xfree(c);
339: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
340: }
341: return (1);
342: }
1.56 ! markus 343: static const EVP_CIPHER *
1.52 markus 344: evp_ssh1_3des(void)
345: {
346: static EVP_CIPHER ssh1_3des;
347:
348: memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
349: ssh1_3des.nid = NID_undef;
350: ssh1_3des.block_size = 8;
351: ssh1_3des.iv_len = 0;
352: ssh1_3des.key_len = 16;
353: ssh1_3des.init = ssh1_3des_init;
354: ssh1_3des.cleanup = ssh1_3des_cleanup;
355: ssh1_3des.do_cipher = ssh1_3des_cbc;
356: ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
357: return (&ssh1_3des);
358: }
359:
360: /*
361: * SSH1 uses a variation on Blowfish, all bytes must be swapped before
362: * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
363: */
364: static void
365: swap_bytes(const u_char *src, u_char *dst, int n)
366: {
367: u_char c[4];
368:
369: /* Process 4 bytes every lap. */
370: for (n = n / 4; n > 0; n--) {
371: c[3] = *src++;
372: c[2] = *src++;
373: c[1] = *src++;
374: c[0] = *src++;
375:
376: *dst++ = c[0];
377: *dst++ = c[1];
378: *dst++ = c[2];
379: *dst++ = c[3];
380: }
381: }
382: static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
383: static int
384: bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
385: {
386: int ret;
387:
388: swap_bytes(in, out, len);
389: ret = (*orig_bf)(ctx, out, out, len);
390: swap_bytes(out, out, len);
391: return (ret);
392: }
1.56 ! markus 393: static const EVP_CIPHER *
1.52 markus 394: evp_ssh1_bf(void)
395: {
396: static EVP_CIPHER ssh1_bf;
397:
398: memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
399: orig_bf = ssh1_bf.do_cipher;
400: ssh1_bf.nid = NID_undef;
401: ssh1_bf.do_cipher = bf_ssh1_cipher;
402: ssh1_bf.key_len = 32;
403: return (&ssh1_bf);
404: }
405:
406: /* RIJNDAEL */
407: #define RIJNDAEL_BLOCKSIZE 16
408: struct ssh_rijndael_ctx
409: {
410: rijndael_ctx r_ctx;
411: u_char r_iv[RIJNDAEL_BLOCKSIZE];
412: };
413:
414: static int
415: ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
416: int enc)
417: {
418: struct ssh_rijndael_ctx *c;
419:
420: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
421: c = xmalloc(sizeof(*c));
422: EVP_CIPHER_CTX_set_app_data(ctx, c);
423: }
424: if (key != NULL) {
425: if (enc == -1)
426: enc = ctx->encrypt;
427: rijndael_set_key(&c->r_ctx, (u_char *)key,
428: 8*EVP_CIPHER_CTX_key_length(ctx), enc);
429: }
430: if (iv != NULL)
431: memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
432: return (1);
433: }
434: static int
435: ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
436: u_int len)
437: {
438: struct ssh_rijndael_ctx *c;
439: u_char buf[RIJNDAEL_BLOCKSIZE];
440: u_char *cprev, *cnow, *plain, *ivp;
441: int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
442:
443: if (len == 0)
444: return (1);
445: if (len % RIJNDAEL_BLOCKSIZE)
446: fatal("ssh_rijndael_cbc: bad len %d", len);
447: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
448: error("ssh_rijndael_cbc: no context");
449: return (0);
450: }
451: if (ctx->encrypt) {
452: cnow = dest;
453: plain = (u_char *)src;
454: cprev = c->r_iv;
455: for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE,
456: cnow+=RIJNDAEL_BLOCKSIZE) {
457: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
458: buf[j] = plain[j] ^ cprev[j];
459: rijndael_encrypt(&c->r_ctx, buf, cnow);
460: cprev = cnow;
461: }
462: memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE);
463: } else {
464: cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE);
465: plain = dest+len-RIJNDAEL_BLOCKSIZE;
466:
467: memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE);
468: for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE,
469: plain-=RIJNDAEL_BLOCKSIZE) {
470: rijndael_decrypt(&c->r_ctx, cnow, plain);
471: ivp = (i == 1) ? c->r_iv : cnow-RIJNDAEL_BLOCKSIZE;
472: for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
473: plain[j] ^= ivp[j];
474: }
475: memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE);
476: }
477: return (1);
478: }
479: static int
480: ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
481: {
482: struct ssh_rijndael_ctx *c;
483:
484: if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
485: memset(c, 0, sizeof(*c));
486: xfree(c);
487: EVP_CIPHER_CTX_set_app_data(ctx, NULL);
488: }
489: return (1);
490: }
1.56 ! markus 491: static const EVP_CIPHER *
1.52 markus 492: evp_rijndael(void)
493: {
494: static EVP_CIPHER rijndal_cbc;
495:
496: memset(&rijndal_cbc, 0, sizeof(EVP_CIPHER));
497: rijndal_cbc.nid = NID_undef;
498: rijndal_cbc.block_size = RIJNDAEL_BLOCKSIZE;
499: rijndal_cbc.iv_len = RIJNDAEL_BLOCKSIZE;
500: rijndal_cbc.key_len = 16;
501: rijndal_cbc.init = ssh_rijndael_init;
502: rijndal_cbc.cleanup = ssh_rijndael_cleanup;
503: rijndal_cbc.do_cipher = ssh_rijndael_cbc;
504: rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
505: EVP_CIPH_ALWAYS_CALL_INIT;
506: return (&rijndal_cbc);
1.53 markus 507: }
508:
1.54 markus 509: /*
1.53 markus 510: * Exports an IV from the CipherContext required to export the key
511: * state back from the unprivileged child to the privileged parent
512: * process.
513: */
514:
515: int
516: cipher_get_keyiv_len(CipherContext *cc)
517: {
518: Cipher *c = cc->cipher;
519: int ivlen;
520:
521: if (c->number == SSH_CIPHER_3DES)
522: ivlen = 24;
523: else
524: ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
525: return (ivlen);
526: }
527:
528: void
529: cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
530: {
531: Cipher *c = cc->cipher;
532: u_char *civ = NULL;
533: int evplen;
534:
535: switch (c->number) {
536: case SSH_CIPHER_SSH2:
537: case SSH_CIPHER_DES:
538: case SSH_CIPHER_BLOWFISH:
539: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
540: if (evplen == 0)
541: return;
542: if (evplen != len)
543: fatal("%s: wrong iv length %d != %d", __FUNCTION__,
544: evplen, len);
545:
1.55 markus 546: if (c->evptype == evp_rijndael) {
1.53 markus 547: struct ssh_rijndael_ctx *aesc;
548:
549: aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
550: if (aesc == NULL)
551: fatal("%s: no rijndael context", __FUNCTION__);
552: civ = aesc->r_iv;
553: } else {
554: civ = cc->evp.iv;
555: }
556: break;
557: case SSH_CIPHER_3DES: {
558: struct ssh1_3des_ctx *desc;
559: if (len != 24)
560: fatal("%s: bad 3des iv length: %d", __FUNCTION__, len);
561: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
562: if (desc == NULL)
563: fatal("%s: no 3des context", __FUNCTION__);
564: debug3("%s: Copying 3DES IV", __FUNCTION__);
565: memcpy(iv, desc->k1.iv, 8);
566: memcpy(iv + 8, desc->k2.iv, 8);
567: memcpy(iv + 16, desc->k3.iv, 8);
568: return;
569: }
570: default:
571: fatal("%s: bad cipher %d", __FUNCTION__, c->number);
572: }
573: memcpy(iv, civ, len);
574: }
575:
576: void
577: cipher_set_keyiv(CipherContext *cc, u_char *iv)
578: {
579: Cipher *c = cc->cipher;
580: u_char *div = NULL;
581: int evplen = 0;
582:
583: switch (c->number) {
584: case SSH_CIPHER_SSH2:
585: case SSH_CIPHER_DES:
586: case SSH_CIPHER_BLOWFISH:
587: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
588: if (evplen == 0)
589: return;
590:
1.55 markus 591: if (c->evptype == evp_rijndael) {
1.53 markus 592: struct ssh_rijndael_ctx *aesc;
593:
594: aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
595: if (aesc == NULL)
596: fatal("%s: no rijndael context", __FUNCTION__);
597: div = aesc->r_iv;
598: }else {
599: div = cc->evp.iv;
600: }
601: break;
602: case SSH_CIPHER_3DES: {
603: struct ssh1_3des_ctx *desc;
604: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
605: if (desc == NULL)
606: fatal("%s: no 3des context", __FUNCTION__);
607: debug3("%s: Installed 3DES IV", __FUNCTION__);
608: memcpy(desc->k1.iv, iv, 8);
609: memcpy(desc->k2.iv, iv + 8, 8);
610: memcpy(desc->k3.iv, iv + 16, 8);
611: return;
1.54 markus 612: }
1.53 markus 613: default:
614: fatal("%s: bad cipher %d", __FUNCTION__, c->number);
615: }
616: memcpy(div, iv, evplen);
617: }
618:
619: #if OPENSSL_VERSION_NUMBER < 0x00907000L
620: #define EVP_X_STATE(evp) &(evp).c
621: #define EVP_X_STATE_LEN(evp) sizeof((evp).c)
622: #else
623: #define EVP_X_STATE(evp) (evp).cipher_data
624: #define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
625: #endif
626:
627: int
628: cipher_get_keycontext(CipherContext *cc, u_char *dat)
629: {
630: Cipher *c = cc->cipher;
631: int plen;
632:
633: if (c->number == SSH_CIPHER_3DES) {
634: struct ssh1_3des_ctx *desc;
635: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
636: if (desc == NULL)
637: fatal("%s: no 3des context", __FUNCTION__);
638: plen = EVP_X_STATE_LEN(desc->k1);
639: if (dat == NULL)
640: return (3*plen);
641: memcpy(dat, EVP_X_STATE(desc->k1), plen);
642: memcpy(dat + plen, EVP_X_STATE(desc->k2), plen);
643: memcpy(dat + 2*plen, EVP_X_STATE(desc->k3), plen);
644: return (3*plen);
645: }
646:
647: /* Generic EVP */
648: plen = EVP_X_STATE_LEN(cc->evp);
649: if (dat == NULL)
650: return (plen);
651:
652: memcpy(dat, EVP_X_STATE(cc->evp), plen);
653: return (plen);
654: }
655:
656: void
657: cipher_set_keycontext(CipherContext *cc, u_char *dat)
658: {
659: Cipher *c = cc->cipher;
660: int plen;
661:
662: if (c->number == SSH_CIPHER_3DES) {
663: struct ssh1_3des_ctx *desc;
664: desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
665: if (desc == NULL)
666: fatal("%s: no 3des context", __FUNCTION__);
667: plen = EVP_X_STATE_LEN(desc->k1);
668: memcpy(EVP_X_STATE(desc->k1), dat, plen);
669: memcpy(EVP_X_STATE(desc->k2), dat + plen, plen);
670: memcpy(EVP_X_STATE(desc->k3), dat + 2*plen, plen);
671: } else {
672: plen = EVP_X_STATE_LEN(cc->evp);
673: memcpy(EVP_X_STATE(cc->evp), dat, plen);
674: }
1.1 deraadt 675: }