- Merged very large OpenBSD source code reformat

- OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
author: Damien Miller <djm@mindrot.org> 1999-11-25 00:26:21 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-25 00:26:21 +1100
commit: 95def09838fc61b37b6ea7cd5c234a465b4b129b (patch)
tree: 042744f76f40a326b873cb1c3690a6d7d966bc3e /cipher.c
parent: 4d2f15f895f4c795afc008aeff3fd2ceffbc44f4 (diff)
1 files changed, 207 insertions, 202 deletions
diff --git a/cipher.c b/cipher.c
index a33188e46..92fcd4740 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,18 +1,18 @@
 /*
+ * 
-cipher.c
+ * cipher.c
+ * 
-Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * 
-Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-                   All rights reserved
+ *                    All rights reserved
+ * 
-Created: Wed Apr 19 17:41:39 1995 ylo
+ * Created: Wed Apr 19 17:41:39 1995 ylo
+ * 
-*/
+ */
 #include "includes.h"
-RCSID("$Id: cipher.c,v 1.6 1999/11/16 02:37:16 damien Exp $");
+RCSID("$Id: cipher.c,v 1.7 1999/11/24 13:26:22 damien Exp $");
 #include "ssh.h"
 #include "cipher.h"
@@ -38,124 +38,124 @@ RCSID("$Id: cipher.c,v 1.6 1999/11/16 02:37:16 damien Exp $");
 */
 void
 SSH_3CBC_ENCRYPT(des_key_schedule ks1,
-                 des_key_schedule ks2, des_cblock *iv2,
+                 des_key_schedule ks2, des_cblock * iv2,
-                 des_key_schedule ks3, des_cblock *iv3, 
+                 des_key_schedule ks3, des_cblock * iv3,
                 void *dest, void *src,
                 unsigned int len)
 {
-  des_cblock iv1;
+        des_cblock iv1;
-  memcpy(&iv1, iv2, 8);
+        memcpy(&iv1, iv2, 8);
-  des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);
+        des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);
-  memcpy(&iv1, dest + len - 8, 8);
+        memcpy(&iv1, dest + len - 8, 8);
-  des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);
+        des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);
-  memcpy(iv2, &iv1, 8);         /* Note how iv1 == iv2 on entry and exit. */
+        memcpy(iv2, &iv1, 8);   /* Note how iv1 == iv2 on entry and exit. */
-  des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);
+        des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);
-  memcpy(iv3, dest + len - 8, 8);
+        memcpy(iv3, dest + len - 8, 8);
 }
 void
 SSH_3CBC_DECRYPT(des_key_schedule ks1,
-                 des_key_schedule ks2, des_cblock *iv2,
+                 des_key_schedule ks2, des_cblock * iv2,
-                 des_key_schedule ks3, des_cblock *iv3,
+                 des_key_schedule ks3, des_cblock * iv3,
                 void *dest, void *src,
                 unsigned int len)
 {
-  des_cblock iv1;
+        des_cblock iv1;
-  memcpy(&iv1, iv2, 8);
+        memcpy(&iv1, iv2, 8);
-  des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
+        des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
-  memcpy(iv3, src + len - 8, 8);
+        memcpy(iv3, src + len - 8, 8);
-  des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);
+        des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);
-  memcpy(iv2, dest + len - 8, 8);
+        memcpy(iv2, dest + len - 8, 8);
-  des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);
+        des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);
-  /* memcpy(&iv1, iv2, 8); */   /* Note how iv1 == iv2 on entry and exit. */
+        /* memcpy(&iv1, iv2, 8); */
+        /* Note how iv1 == iv2 on entry and exit. */
 }
 /*
 * SSH uses a variation on Blowfish, all bytes must be swapped before
 * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
 */
-static
+static void
-void
 swap_bytes(const unsigned char *src, unsigned char *dst_, int n)
 {
-  u_int32_t *dst = (u_int32_t *)dst_;   /* dst must be properly aligned. */
+        /* dst must be properly aligned. */
-  union {
+        u_int32_t *dst = (u_int32_t *) dst_;
-    u_int32_t i;
+        union {
-    char c[4];
+                u_int32_t i;
-  } t;
+                char c[4];
+        } t;
-  /* Process 8 bytes every lap. */
-  for (n = n / 8; n > 0; n--)
+        /* Process 8 bytes every lap. */
-    {
+        for (n = n / 8; n > 0; n--) {
-      t.c[3] = *src++;
+                t.c[3] = *src++;
-      t.c[2] = *src++;
+                t.c[2] = *src++;
-      t.c[1] = *src++;
+                t.c[1] = *src++;
-      t.c[0] = *src++;
+                t.c[0] = *src++;
-      *dst++ = t.i;
+                *dst++ = t.i;
-      
-      t.c[3] = *src++;
+                t.c[3] = *src++;
-      t.c[2] = *src++;
+                t.c[2] = *src++;
-      t.c[1] = *src++;
+                t.c[1] = *src++;
-      t.c[0] = *src++;
+                t.c[0] = *src++;
-      *dst++ = t.i;
+                *dst++ = t.i;
-    }
+        }
 }
-void (*cipher_attack_detected)(const char *fmt, ...) = fatal;
+void (*cipher_attack_detected) (const char *fmt,...) = fatal;
-static inline
+static inline void
-void
 detect_cbc_attack(const unsigned char *src,
                  unsigned int len)
 {
-  return;
+        return;
-  
-  log("CRC-32 CBC insertion attack detected");
+        log("CRC-32 CBC insertion attack detected");
-  cipher_attack_detected("CRC-32 CBC insertion attack detected");
+        cipher_attack_detected("CRC-32 CBC insertion attack detected");
 }
 /* Names of all encryption algorithms.  These must match the numbers defined
   int cipher.h. */
 static char *cipher_names[] =
 {
-  "none",
+        "none",
-  "idea",
+        "idea",
-  "des",
+        "des",
-  "3des",
+        "3des",
-  "tss",
+        "tss",
-  "rc4",
+        "rc4",
-  "blowfish"
+        "blowfish"
 };
 /* Returns a bit mask indicating which ciphers are supported by this
   implementation.  The bit mask has the corresponding bit set of each
   supported cipher. */
-unsigned int cipher_mask()
+unsigned int 
+cipher_mask()
 {
-  unsigned int mask = 0;
+        unsigned int mask = 0;
-  mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
+        mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
-  mask |= 1 << SSH_CIPHER_BLOWFISH;
+        mask |= 1 << SSH_CIPHER_BLOWFISH;
-  return mask;
+        return mask;
 }
 /* Returns the name of the cipher. */
-const
+const char *
-char *cipher_name(int cipher)
+cipher_name(int cipher)
 {
-  if (cipher < 0 || cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) ||
+        if (cipher < 0 || cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) ||
-        cipher_names[cipher] == NULL)
+            cipher_names[cipher] == NULL)
-    fatal("cipher_name: bad cipher number: %d", cipher);
+                fatal("cipher_name: bad cipher number: %d", cipher);
-  return cipher_names[cipher];
+        return cipher_names[cipher];
 }
 /* Parses the name of the cipher.  Returns the number of the corresponding
@@ -164,146 +164,151 @@ char *cipher_name(int cipher)
 int
 cipher_number(const char *name)
 {
-  int i;
+        int i;
-  for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++)
+        for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++)
-    if (strcmp(cipher_names[i], name) == 0 &&
+                if (strcmp(cipher_names[i], name) == 0 &&
-        (cipher_mask() & (1 << i)))
+                    (cipher_mask() & (1 << i)))
-      return i;
+                        return i;
-  return -1;
+        return -1;
 }
 /* Selects the cipher, and keys if by computing the MD5 checksum of the
   passphrase and using the resulting 16 bytes as the key. */
-void cipher_set_key_string(CipherContext *context, int cipher,
+void 
-                           const char *passphrase, int for_encryption)
+cipher_set_key_string(CipherContext *context, int cipher,
+                      const char *passphrase, int for_encryption)
 {
-  MD5_CTX md;
+        MD5_CTX md;
-  unsigned char digest[16];
+        unsigned char digest[16];
-  
-  MD5_Init(&md);
+        MD5_Init(&md);
-  MD5_Update(&md, (const unsigned char *)passphrase, strlen(passphrase));
+        MD5_Update(&md, (const unsigned char *) passphrase, strlen(passphrase));
-  MD5_Final(digest, &md);
+        MD5_Final(digest, &md);
-  cipher_set_key(context, cipher, digest, 16, for_encryption);
+        cipher_set_key(context, cipher, digest, 16, for_encryption);
-  
-  memset(digest, 0, sizeof(digest));
+        memset(digest, 0, sizeof(digest));
-  memset(&md, 0, sizeof(md));
+        memset(&md, 0, sizeof(md));
 }
 /* Selects the cipher to use and sets the key. */
-void cipher_set_key(CipherContext *context, int cipher,
+void 
-                    const unsigned char *key, int keylen, int for_encryption)
+cipher_set_key(CipherContext *context, int cipher,
+               const unsigned char *key, int keylen, int for_encryption)
 {
-  unsigned char padded[32];
+        unsigned char padded[32];
-  /* Set cipher type. */
+        /* Set cipher type. */
-  context->type = cipher;
+        context->type = cipher;
-  /* Get 32 bytes of key data.  Pad if necessary.  (So that code below does
+        /* Get 32 bytes of key data.  Pad if necessary.  (So that code
-     not need to worry about key size). */
+           below does not need to worry about key size). */
-  memset(padded, 0, sizeof(padded));
+        memset(padded, 0, sizeof(padded));
-  memcpy(padded, key, keylen < sizeof(padded) ? keylen : sizeof(padded));
+        memcpy(padded, key, keylen < sizeof(padded) ? keylen : sizeof(padded));
-  /* Initialize the initialization vector. */
+        /* Initialize the initialization vector. */
-  switch (cipher)
+        switch (cipher) {
-    {
+        case SSH_CIPHER_NONE:
-    case SSH_CIPHER_NONE:
+                /* Has to stay for authfile saving of private key with
-      /* Has to stay for authfile saving of private key with no passphrase */
+                   no passphrase */
-      break;
+                break;
-    case SSH_CIPHER_3DES:
+        case SSH_CIPHER_3DES:
-      /* Note: the least significant bit of each byte of key is parity, 
+                /* Note: the least significant bit of each byte of key is
-         and must be ignored by the implementation.  16 bytes of key are
+                   parity, and must be ignored by the implementation.  16
-         used (first and last keys are the same). */
+                   bytes of key are used (first and last keys are the
-      if (keylen < 16)
+                   same). */
-        error("Key length %d is insufficient for 3DES.", keylen);
+                if (keylen < 16)
-      des_set_key((void*)padded, context->u.des3.key1);
+                        error("Key length %d is insufficient for 3DES.", keylen);
-      des_set_key((void*)(padded + 8), context->u.des3.key2);
+                des_set_key((void *) padded, context->u.des3.key1);
-      if (keylen <= 16)
+                des_set_key((void *) (padded + 8), context->u.des3.key2);
-        des_set_key((void*)padded, context->u.des3.key3);
+                if (keylen <= 16)
-      else
+                        des_set_key((void *) padded, context->u.des3.key3);
-        des_set_key((void*)(padded + 16), context->u.des3.key3);
+                else
-      memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));
+                        des_set_key((void *) (padded + 16), context->u.des3.key3);
-      memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));
+                memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));
-      break;
+                memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));
+                break;
-    case SSH_CIPHER_BLOWFISH:
-      BF_set_key(&context->u.bf.key, keylen, padded);
+        case SSH_CIPHER_BLOWFISH:
-      memset(context->u.bf.iv, 0, 8);
+                BF_set_key(&context->u.bf.key, keylen, padded);
-      break;
+                memset(context->u.bf.iv, 0, 8);
+                break;
-    default:
-      fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));
+        default:
-    }
+                fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));
-  memset(padded, 0, sizeof(padded));
+        }
+        memset(padded, 0, sizeof(padded));
 }
 /* Encrypts data using the cipher. */
-void cipher_encrypt(CipherContext *context, unsigned char *dest,
+void 
-                    const unsigned char *src, unsigned int len)
+cipher_encrypt(CipherContext *context, unsigned char *dest,
+               const unsigned char *src, unsigned int len)
 {
-  if ((len & 7) != 0)
+        if ((len & 7) != 0)
-    fatal("cipher_encrypt: bad plaintext length %d", len);
+                fatal("cipher_encrypt: bad plaintext length %d", len);
-  switch (context->type)
+        switch (context->type) {
-    {
+        case SSH_CIPHER_NONE:
-    case SSH_CIPHER_NONE:
+                memcpy(dest, src, len);
-      memcpy(dest, src, len);
+                break;
-      break;
+        case SSH_CIPHER_3DES:
-    case SSH_CIPHER_3DES:
+                SSH_3CBC_ENCRYPT(context->u.des3.key1,
-      SSH_3CBC_ENCRYPT(context->u.des3.key1,
+                                 context->u.des3.key2, &context->u.des3.iv2,
-                       context->u.des3.key2, &context->u.des3.iv2,
+                                 context->u.des3.key3, &context->u.des3.iv3,
-                       context->u.des3.key3, &context->u.des3.iv3,
+                                 dest, (void *) src, len);
-                       dest, (void*)src, len);
+                break;
-      break;
+        case SSH_CIPHER_BLOWFISH:
-    case SSH_CIPHER_BLOWFISH:
+                swap_bytes(src, dest, len);
-      swap_bytes(src, dest, len);
+                BF_cbc_encrypt(dest, dest, len,
-      BF_cbc_encrypt(dest, dest, len,
+                               &context->u.bf.key, context->u.bf.iv,
-                     &context->u.bf.key, context->u.bf.iv, BF_ENCRYPT);
+                               BF_ENCRYPT);
-      swap_bytes(dest, dest, len);
+                swap_bytes(dest, dest, len);
-      break;
+                break;
-    default:
+        default:
-      fatal("cipher_encrypt: unknown cipher: %d", context->type);
+                fatal("cipher_encrypt: unknown cipher: %s", cipher_name(context->type));
-    }
+        }
 }
-  
 /* Decrypts data using the cipher. */
-void cipher_decrypt(CipherContext *context, unsigned char *dest,
+void 
-                    const unsigned char *src, unsigned int len)
+cipher_decrypt(CipherContext *context, unsigned char *dest,
+               const unsigned char *src, unsigned int len)
 {
-  if ((len & 7) != 0)
+        if ((len & 7) != 0)
-    fatal("cipher_decrypt: bad ciphertext length %d", len);
+                fatal("cipher_decrypt: bad ciphertext length %d", len);
-  switch (context->type)
+        switch (context->type) {
-    {
+        case SSH_CIPHER_NONE:
-    case SSH_CIPHER_NONE:
+                memcpy(dest, src, len);
-      memcpy(dest, src, len);
+                break;
-      break;
+        case SSH_CIPHER_3DES:
-    case SSH_CIPHER_3DES:
+                /* CRC-32 attack? */
-      /* CRC-32 attack? */
+                SSH_3CBC_DECRYPT(context->u.des3.key1,
-      SSH_3CBC_DECRYPT(context->u.des3.key1,
+                                 context->u.des3.key2, &context->u.des3.iv2,
-                       context->u.des3.key2, &context->u.des3.iv2,
+                                 context->u.des3.key3, &context->u.des3.iv3,
-                       context->u.des3.key3, &context->u.des3.iv3,
+                                 dest, (void *) src, len);
-                       dest, (void*)src, len);
+                break;
-      break;
+        case SSH_CIPHER_BLOWFISH:
-    case SSH_CIPHER_BLOWFISH:
+                detect_cbc_attack(src, len);
-      detect_cbc_attack(src, len);
+                swap_bytes(src, dest, len);
-      swap_bytes(src, dest, len);
+                BF_cbc_encrypt((void *) dest, dest, len,
-      BF_cbc_encrypt((void*)dest, dest, len,
+                               &context->u.bf.key, context->u.bf.iv,
-                     &context->u.bf.key, context->u.bf.iv, BF_DECRYPT);
+                               BF_DECRYPT);
-      swap_bytes(dest, dest, len);
+                swap_bytes(dest, dest, len);
-      break;
+                break;
-    default:
+        default:
-      fatal("cipher_decrypt: unknown cipher: %d", context->type);
+                fatal("cipher_decrypt: unknown cipher: %s", cipher_name(context->type));
-    }
+        }
 }
author	Damien Miller <djm@mindrot.org>	1999-11-25 00:26:21 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-25 00:26:21 +1100
commit	95def09838fc61b37b6ea7cd5c234a465b4b129b (patch)
tree	042744f76f40a326b873cb1c3690a6d7d966bc3e /cipher.c
parent	4d2f15f895f4c795afc008aeff3fd2ceffbc44f4 (diff)

diff --git a/cipher.c b/cipher.c index a33188e46..92fcd4740 100644 --- a/cipher.c +++ b/cipher.c
@@ -1,18 +1,18 @@
1	/*	1	/*
2		2	*
3	cipher.c	3	* cipher.c
4		4	*
5	Author: Tatu Ylonen <ylo@cs.hut.fi>	5	* Author: Tatu Ylonen <ylo@cs.hut.fi>
6		6	*
7	Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	7	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8	All rights reserved	8	* All rights reserved
9		9	*
10	Created: Wed Apr 19 17:41:39 1995 ylo	10	* Created: Wed Apr 19 17:41:39 1995 ylo
11		11	*
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$Id: cipher.c,v 1.6 1999/11/16 02:37:16 damien Exp $");	15	RCSID("$Id: cipher.c,v 1.7 1999/11/24 13:26:22 damien Exp $");
16		16
17	#include "ssh.h"	17	#include "ssh.h"
18	#include "cipher.h"	18	#include "cipher.h"
@@ -38,124 +38,124 @@ RCSID("$Id: cipher.c,v 1.6 1999/11/16 02:37:16 damien Exp $");
38	*/	38	*/
39	void	39	void
40	SSH_3CBC_ENCRYPT(des_key_schedule ks1,	40	SSH_3CBC_ENCRYPT(des_key_schedule ks1,
41	des_key_schedule ks2, des_cblock *iv2,	41	des_key_schedule ks2, des_cblock * iv2,
42	des_key_schedule ks3, des_cblock *iv3,	42	des_key_schedule ks3, des_cblock * iv3,
43	void dest, void src,	43	void dest, void src,
44	unsigned int len)	44	unsigned int len)
45	{	45	{
46	des_cblock iv1;	46	des_cblock iv1;
47		47
48	memcpy(&iv1, iv2, 8);	48	memcpy(&iv1, iv2, 8);
49		49
50	des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);	50	des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);
51	memcpy(&iv1, dest + len - 8, 8);	51	memcpy(&iv1, dest + len - 8, 8);
52		52
53	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);	53	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);
54	memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */	54	memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */
55		55
56	des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);	56	des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);
57	memcpy(iv3, dest + len - 8, 8);	57	memcpy(iv3, dest + len - 8, 8);
58	}	58	}
59		59
60	void	60	void
61	SSH_3CBC_DECRYPT(des_key_schedule ks1,	61	SSH_3CBC_DECRYPT(des_key_schedule ks1,
62	des_key_schedule ks2, des_cblock *iv2,	62	des_key_schedule ks2, des_cblock * iv2,
63	des_key_schedule ks3, des_cblock *iv3,	63	des_key_schedule ks3, des_cblock * iv3,
64	void dest, void src,	64	void dest, void src,
65	unsigned int len)	65	unsigned int len)
66	{	66	{
67	des_cblock iv1;	67	des_cblock iv1;
68		68
69	memcpy(&iv1, iv2, 8);	69	memcpy(&iv1, iv2, 8);
70		70
71	des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);	71	des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
72	memcpy(iv3, src + len - 8, 8);	72	memcpy(iv3, src + len - 8, 8);
73		73
74	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);	74	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);
75	memcpy(iv2, dest + len - 8, 8);	75	memcpy(iv2, dest + len - 8, 8);
76		76
77	des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);	77	des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);
78	/* memcpy(&iv1, iv2, 8); / / Note how iv1 == iv2 on entry and exit. */	78	/* memcpy(&iv1, iv2, 8); */
		79	/* Note how iv1 == iv2 on entry and exit. */
79	}	80	}
80		81
81	/*	82	/*
82	* SSH uses a variation on Blowfish, all bytes must be swapped before	83	* SSH uses a variation on Blowfish, all bytes must be swapped before
83	* and after encryption/decryption. Thus the swap_bytes stuff (yuk).	84	* and after encryption/decryption. Thus the swap_bytes stuff (yuk).
84	*/	85	*/
85	static	86	static void
86	void
87	swap_bytes(const unsigned char src, unsigned char dst_, int n)	87	swap_bytes(const unsigned char src, unsigned char dst_, int n)
88	{	88	{
89	u_int32_t dst = (u_int32_t )dst_; /* dst must be properly aligned. */	89	/* dst must be properly aligned. */
90	union {	90	u_int32_t dst = (u_int32_t ) dst_;
91	u_int32_t i;	91	union {
92	char c[4];	92	u_int32_t i;
93	} t;	93	char c[4];
94		94	} t;
95	/* Process 8 bytes every lap. */	95
96	for (n = n / 8; n > 0; n--)	96	/* Process 8 bytes every lap. */
97	{	97	for (n = n / 8; n > 0; n--) {
98	t.c[3] = *src++;	98	t.c[3] = *src++;
99	t.c[2] = *src++;	99	t.c[2] = *src++;
100	t.c[1] = *src++;	100	t.c[1] = *src++;
101	t.c[0] = *src++;	101	t.c[0] = *src++;
102	*dst++ = t.i;	102	*dst++ = t.i;
103		103
104	t.c[3] = *src++;	104	t.c[3] = *src++;
105	t.c[2] = *src++;	105	t.c[2] = *src++;
106	t.c[1] = *src++;	106	t.c[1] = *src++;
107	t.c[0] = *src++;	107	t.c[0] = *src++;
108	*dst++ = t.i;	108	*dst++ = t.i;
109	}	109	}
110	}	110	}
111		111
112	void (cipher_attack_detected)(const char fmt, ...) = fatal;	112	void (cipher_attack_detected) (const char fmt,...) = fatal;
113		113
114	static inline	114	static inline void
115	void
116	detect_cbc_attack(const unsigned char *src,	115	detect_cbc_attack(const unsigned char *src,
117	unsigned int len)	116	unsigned int len)
118	{	117	{
119	return;	118	return;
120		119
121	log("CRC-32 CBC insertion attack detected");	120	log("CRC-32 CBC insertion attack detected");
122	cipher_attack_detected("CRC-32 CBC insertion attack detected");	121	cipher_attack_detected("CRC-32 CBC insertion attack detected");
123	}	122	}
124		123
125	/* Names of all encryption algorithms. These must match the numbers defined	124	/* Names of all encryption algorithms. These must match the numbers defined
126	int cipher.h. */	125	int cipher.h. */
127	static char *cipher_names[] =	126	static char *cipher_names[] =
128	{	127	{
129	"none",	128	"none",
130	"idea",	129	"idea",
131	"des",	130	"des",
132	"3des",	131	"3des",
133	"tss",	132	"tss",
134	"rc4",	133	"rc4",
135	"blowfish"	134	"blowfish"
136	};	135	};
137		136
138	/* Returns a bit mask indicating which ciphers are supported by this	137	/* Returns a bit mask indicating which ciphers are supported by this
139	implementation. The bit mask has the corresponding bit set of each	138	implementation. The bit mask has the corresponding bit set of each
140	supported cipher. */	139	supported cipher. */
141		140
142	unsigned int cipher_mask()	141	unsigned int
		142	cipher_mask()
143	{	143	{
144	unsigned int mask = 0;	144	unsigned int mask = 0;
145	mask \|= 1 << SSH_CIPHER_3DES; /* Mandatory */	145	mask \|= 1 << SSH_CIPHER_3DES; /* Mandatory */
146	mask \|= 1 << SSH_CIPHER_BLOWFISH;	146	mask \|= 1 << SSH_CIPHER_BLOWFISH;
147	return mask;	147	return mask;
148	}	148	}
149		149
150	/* Returns the name of the cipher. */	150	/* Returns the name of the cipher. */
151		151
152	const	152	const char *
153	char *cipher_name(int cipher)	153	cipher_name(int cipher)
154	{	154	{
155	if (cipher < 0 \|\| cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) \|\|	155	if (cipher < 0 \|\| cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) \|\|
156	cipher_names[cipher] == NULL)	156	cipher_names[cipher] == NULL)
157	fatal("cipher_name: bad cipher number: %d", cipher);	157	fatal("cipher_name: bad cipher number: %d", cipher);
158	return cipher_names[cipher];	158	return cipher_names[cipher];
159	}	159	}
160		160
161	/* Parses the name of the cipher. Returns the number of the corresponding	161	/* Parses the name of the cipher. Returns the number of the corresponding
@@ -164,146 +164,151 @@ char *cipher_name(int cipher)
164	int	164	int
165	cipher_number(const char *name)	165	cipher_number(const char *name)
166	{	166	{
167	int i;	167	int i;
168	for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++)	168	for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++)
169	if (strcmp(cipher_names[i], name) == 0 &&	169	if (strcmp(cipher_names[i], name) == 0 &&
170	(cipher_mask() & (1 << i)))	170	(cipher_mask() & (1 << i)))
171	return i;	171	return i;
172	return -1;	172	return -1;
173	}	173	}
174		174
175	/* Selects the cipher, and keys if by computing the MD5 checksum of the	175	/* Selects the cipher, and keys if by computing the MD5 checksum of the
176	passphrase and using the resulting 16 bytes as the key. */	176	passphrase and using the resulting 16 bytes as the key. */
177		177
178	void cipher_set_key_string(CipherContext *context, int cipher,	178	void
179	const char *passphrase, int for_encryption)	179	cipher_set_key_string(CipherContext *context, int cipher,
		180	const char *passphrase, int for_encryption)
180	{	181	{
181	MD5_CTX md;	182	MD5_CTX md;
182	unsigned char digest[16];	183	unsigned char digest[16];
183		184
184	MD5_Init(&md);	185	MD5_Init(&md);
185	MD5_Update(&md, (const unsigned char *)passphrase, strlen(passphrase));	186	MD5_Update(&md, (const unsigned char *) passphrase, strlen(passphrase));
186	MD5_Final(digest, &md);	187	MD5_Final(digest, &md);
187		188
188	cipher_set_key(context, cipher, digest, 16, for_encryption);	189	cipher_set_key(context, cipher, digest, 16, for_encryption);
189		190
190	memset(digest, 0, sizeof(digest));	191	memset(digest, 0, sizeof(digest));
191	memset(&md, 0, sizeof(md));	192	memset(&md, 0, sizeof(md));
192	}	193	}
193		194
194	/* Selects the cipher to use and sets the key. */	195	/* Selects the cipher to use and sets the key. */
195		196
196	void cipher_set_key(CipherContext *context, int cipher,	197	void
197	const unsigned char *key, int keylen, int for_encryption)	198	cipher_set_key(CipherContext *context, int cipher,
		199	const unsigned char *key, int keylen, int for_encryption)
198	{	200	{
199	unsigned char padded[32];	201	unsigned char padded[32];
200		202
201	/* Set cipher type. */	203	/* Set cipher type. */
202	context->type = cipher;	204	context->type = cipher;
203		205
204	/* Get 32 bytes of key data. Pad if necessary. (So that code below does	206	/* Get 32 bytes of key data. Pad if necessary. (So that code
205	not need to worry about key size). */	207	below does not need to worry about key size). */
206	memset(padded, 0, sizeof(padded));	208	memset(padded, 0, sizeof(padded));
207	memcpy(padded, key, keylen < sizeof(padded) ? keylen : sizeof(padded));	209	memcpy(padded, key, keylen < sizeof(padded) ? keylen : sizeof(padded));
208		210
209	/* Initialize the initialization vector. */	211	/* Initialize the initialization vector. */
210	switch (cipher)	212	switch (cipher) {
211	{	213	case SSH_CIPHER_NONE:
212	case SSH_CIPHER_NONE:	214	/* Has to stay for authfile saving of private key with
213	/* Has to stay for authfile saving of private key with no passphrase */	215	no passphrase */
214	break;	216	break;
215		217
216	case SSH_CIPHER_3DES:	218	case SSH_CIPHER_3DES:
217	/* Note: the least significant bit of each byte of key is parity,	219	/* Note: the least significant bit of each byte of key is
218	and must be ignored by the implementation. 16 bytes of key are	220	parity, and must be ignored by the implementation. 16
219	used (first and last keys are the same). */	221	bytes of key are used (first and last keys are the
220	if (keylen < 16)	222	same). */
221	error("Key length %d is insufficient for 3DES.", keylen);	223	if (keylen < 16)
222	des_set_key((void*)padded, context->u.des3.key1);	224	error("Key length %d is insufficient for 3DES.", keylen);
223	des_set_key((void*)(padded + 8), context->u.des3.key2);	225	des_set_key((void *) padded, context->u.des3.key1);
224	if (keylen <= 16)	226	des_set_key((void *) (padded + 8), context->u.des3.key2);
225	des_set_key((void*)padded, context->u.des3.key3);	227	if (keylen <= 16)
226	else	228	des_set_key((void *) padded, context->u.des3.key3);
227	des_set_key((void*)(padded + 16), context->u.des3.key3);	229	else
228	memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));	230	des_set_key((void *) (padded + 16), context->u.des3.key3);
229	memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));	231	memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));
230	break;	232	memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));
231		233	break;
232	case SSH_CIPHER_BLOWFISH:	234
233	BF_set_key(&context->u.bf.key, keylen, padded);	235	case SSH_CIPHER_BLOWFISH:
234	memset(context->u.bf.iv, 0, 8);	236	BF_set_key(&context->u.bf.key, keylen, padded);
235	break;	237	memset(context->u.bf.iv, 0, 8);
236		238	break;
237	default:	239
238	fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));	240	default:
239	}	241	fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));
240	memset(padded, 0, sizeof(padded));	242	}
		243	memset(padded, 0, sizeof(padded));
241	}	244	}
242		245
243	/* Encrypts data using the cipher. */	246	/* Encrypts data using the cipher. */
244		247
245	void cipher_encrypt(CipherContext context, unsigned char dest,	248	void
246	const unsigned char *src, unsigned int len)	249	cipher_encrypt(CipherContext context, unsigned char dest,
		250	const unsigned char *src, unsigned int len)
247	{	251	{
248	if ((len & 7) != 0)	252	if ((len & 7) != 0)
249	fatal("cipher_encrypt: bad plaintext length %d", len);	253	fatal("cipher_encrypt: bad plaintext length %d", len);
250		254
251	switch (context->type)	255	switch (context->type) {
252	{	256	case SSH_CIPHER_NONE:
253	case SSH_CIPHER_NONE:	257	memcpy(dest, src, len);
254	memcpy(dest, src, len);	258	break;
255	break;	259
256		260	case SSH_CIPHER_3DES:
257	case SSH_CIPHER_3DES:	261	SSH_3CBC_ENCRYPT(context->u.des3.key1,
258	SSH_3CBC_ENCRYPT(context->u.des3.key1,	262	context->u.des3.key2, &context->u.des3.iv2,
259	context->u.des3.key2, &context->u.des3.iv2,	263	context->u.des3.key3, &context->u.des3.iv3,
260	context->u.des3.key3, &context->u.des3.iv3,	264	dest, (void *) src, len);
261	dest, (void*)src, len);	265	break;
262	break;	266
263		267	case SSH_CIPHER_BLOWFISH:
264	case SSH_CIPHER_BLOWFISH:	268	swap_bytes(src, dest, len);
265	swap_bytes(src, dest, len);	269	BF_cbc_encrypt(dest, dest, len,
266	BF_cbc_encrypt(dest, dest, len,	270	&context->u.bf.key, context->u.bf.iv,
267	&context->u.bf.key, context->u.bf.iv, BF_ENCRYPT);	271	BF_ENCRYPT);
268	swap_bytes(dest, dest, len);	272	swap_bytes(dest, dest, len);
269	break;	273	break;
270		274
271	default:	275	default:
272	fatal("cipher_encrypt: unknown cipher: %d", context->type);	276	fatal("cipher_encrypt: unknown cipher: %s", cipher_name(context->type));
273	}	277	}
274	}	278	}
275		279
276	/* Decrypts data using the cipher. */	280	/* Decrypts data using the cipher. */
277		281
278	void cipher_decrypt(CipherContext context, unsigned char dest,	282	void
279	const unsigned char *src, unsigned int len)	283	cipher_decrypt(CipherContext context, unsigned char dest,
		284	const unsigned char *src, unsigned int len)
280	{	285	{
281	if ((len & 7) != 0)	286	if ((len & 7) != 0)
282	fatal("cipher_decrypt: bad ciphertext length %d", len);	287	fatal("cipher_decrypt: bad ciphertext length %d", len);
283		288
284	switch (context->type)	289	switch (context->type) {
285	{	290	case SSH_CIPHER_NONE:
286	case SSH_CIPHER_NONE:	291	memcpy(dest, src, len);
287	memcpy(dest, src, len);	292	break;
288	break;	293
289		294	case SSH_CIPHER_3DES:
290	case SSH_CIPHER_3DES:	295	/* CRC-32 attack? */
291	/* CRC-32 attack? */	296	SSH_3CBC_DECRYPT(context->u.des3.key1,
292	SSH_3CBC_DECRYPT(context->u.des3.key1,	297	context->u.des3.key2, &context->u.des3.iv2,
293	context->u.des3.key2, &context->u.des3.iv2,	298	context->u.des3.key3, &context->u.des3.iv3,
294	context->u.des3.key3, &context->u.des3.iv3,	299	dest, (void *) src, len);
295	dest, (void*)src, len);	300	break;
296	break;	301
297		302	case SSH_CIPHER_BLOWFISH:
298	case SSH_CIPHER_BLOWFISH:	303	detect_cbc_attack(src, len);
299	detect_cbc_attack(src, len);	304	swap_bytes(src, dest, len);
300	swap_bytes(src, dest, len);	305	BF_cbc_encrypt((void *) dest, dest, len,
301	BF_cbc_encrypt((void*)dest, dest, len,	306	&context->u.bf.key, context->u.bf.iv,
302	&context->u.bf.key, context->u.bf.iv, BF_DECRYPT);	307	BF_DECRYPT);
303	swap_bytes(dest, dest, len);	308	swap_bytes(dest, dest, len);
304	break;	309	break;
305		310
306	default:	311	default:
307	fatal("cipher_decrypt: unknown cipher: %d", context->type);	312	fatal("cipher_decrypt: unknown cipher: %s", cipher_name(context->type));
308	}	313	}
309	}	314	}