diff options
| author | Damien Miller <djm@mindrot.org> | 2002-02-19 15:21:23 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-02-19 15:21:23 +1100 |
| commit | 963f6b25e28ff55290ae45f540b7f7148a3622a9 (patch) | |
| tree | 48d1a96683326594903955672277fe008bf622e4 /cipher.c | |
| parent | 19a59451050446bb8656d1b72a8787e97cd1c99b (diff) | |
- markus@cvs.openbsd.org 2002/02/14 23:41:01
[authfile.c cipher.c cipher.h kex.c kex.h packet.c]
hide some more implementation details of cipher.[ch] and prepares for move
to EVP, ok deraadt@
Diffstat (limited to 'cipher.c')
| -rw-r--r-- | cipher.c | 47 |
1 files changed, 36 insertions, 11 deletions
| @@ -35,7 +35,7 @@ | |||
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | #include "includes.h" | 37 | #include "includes.h" |
| 38 | RCSID("$OpenBSD: cipher.c,v 1.50 2002/01/21 22:30:12 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.51 2002/02/14 23:41:01 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
| 41 | #include "log.h" | 41 | #include "log.h" |
| @@ -43,6 +43,17 @@ RCSID("$OpenBSD: cipher.c,v 1.50 2002/01/21 22:30:12 markus Exp $"); | |||
| 43 | 43 | ||
| 44 | #include <openssl/md5.h> | 44 | #include <openssl/md5.h> |
| 45 | 45 | ||
| 46 | struct Cipher { | ||
| 47 | char *name; | ||
| 48 | int number; /* for ssh1 only */ | ||
| 49 | u_int block_size; | ||
| 50 | u_int key_len; | ||
| 51 | void (*setkey)(CipherContext *, const u_char *, u_int); | ||
| 52 | void (*setiv)(CipherContext *, const u_char *, u_int); | ||
| 53 | void (*encrypt)(CipherContext *, u_char *, const u_char *, u_int); | ||
| 54 | void (*decrypt)(CipherContext *, u_char *, const u_char *, u_int); | ||
| 55 | }; | ||
| 56 | |||
| 46 | /* no encryption */ | 57 | /* no encryption */ |
| 47 | static void | 58 | static void |
| 48 | none_setkey(CipherContext *cc, const u_char *key, u_int keylen) | 59 | none_setkey(CipherContext *cc, const u_char *key, u_int keylen) |
| @@ -397,6 +408,18 @@ Cipher ciphers[] = { | |||
| 397 | 408 | ||
| 398 | /*--*/ | 409 | /*--*/ |
| 399 | 410 | ||
| 411 | u_int | ||
| 412 | cipher_blocksize(Cipher *c) | ||
| 413 | { | ||
| 414 | return (c->block_size); | ||
| 415 | } | ||
| 416 | |||
| 417 | u_int | ||
| 418 | cipher_keylen(Cipher *c) | ||
| 419 | { | ||
| 420 | return (c->key_len); | ||
| 421 | } | ||
| 422 | |||
| 400 | u_int | 423 | u_int |
| 401 | cipher_mask_ssh1(int client) | 424 | cipher_mask_ssh1(int client) |
| 402 | { | 425 | { |
| @@ -479,8 +502,8 @@ cipher_name(int id) | |||
| 479 | } | 502 | } |
| 480 | 503 | ||
| 481 | void | 504 | void |
| 482 | cipher_init(CipherContext *cc, Cipher *cipher, | 505 | cipher_init(CipherContext *cc, Cipher *cipher, const u_char *key, |
| 483 | const u_char *key, u_int keylen, const u_char *iv, u_int ivlen) | 506 | u_int keylen, const u_char *iv, u_int ivlen, int encrypt) |
| 484 | { | 507 | { |
| 485 | if (keylen < cipher->key_len) | 508 | if (keylen < cipher->key_len) |
| 486 | fatal("cipher_init: key length %d is insufficient for %s.", | 509 | fatal("cipher_init: key length %d is insufficient for %s.", |
| @@ -489,24 +512,26 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
| 489 | fatal("cipher_init: iv length %d is insufficient for %s.", | 512 | fatal("cipher_init: iv length %d is insufficient for %s.", |
| 490 | ivlen, cipher->name); | 513 | ivlen, cipher->name); |
| 491 | cc->cipher = cipher; | 514 | cc->cipher = cipher; |
| 515 | cc->encrypt = (encrypt == CIPHER_ENCRYPT); | ||
| 492 | cipher->setkey(cc, key, keylen); | 516 | cipher->setkey(cc, key, keylen); |
| 493 | cipher->setiv(cc, iv, ivlen); | 517 | cipher->setiv(cc, iv, ivlen); |
| 494 | } | 518 | } |
| 495 | 519 | ||
| 496 | void | 520 | void |
| 497 | cipher_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) | 521 | cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) |
| 498 | { | 522 | { |
| 499 | if (len % cc->cipher->block_size) | 523 | if (len % cc->cipher->block_size) |
| 500 | fatal("cipher_encrypt: bad plaintext length %d", len); | 524 | fatal("cipher_encrypt: bad plaintext length %d", len); |
| 501 | cc->cipher->encrypt(cc, dest, src, len); | 525 | if (cc->encrypt) |
| 526 | cc->cipher->encrypt(cc, dest, src, len); | ||
| 527 | else | ||
| 528 | cc->cipher->decrypt(cc, dest, src, len); | ||
| 502 | } | 529 | } |
| 503 | 530 | ||
| 504 | void | 531 | void |
| 505 | cipher_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) | 532 | cipher_cleanup(CipherContext *cc) |
| 506 | { | 533 | { |
| 507 | if (len % cc->cipher->block_size) | 534 | memset(cc, 0, sizeof(*cc)); |
| 508 | fatal("cipher_decrypt: bad ciphertext length %d", len); | ||
| 509 | cc->cipher->decrypt(cc, dest, src, len); | ||
| 510 | } | 535 | } |
| 511 | 536 | ||
| 512 | /* | 537 | /* |
| @@ -516,7 +541,7 @@ cipher_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len) | |||
| 516 | 541 | ||
| 517 | void | 542 | void |
| 518 | cipher_set_key_string(CipherContext *cc, Cipher *cipher, | 543 | cipher_set_key_string(CipherContext *cc, Cipher *cipher, |
| 519 | const char *passphrase) | 544 | const char *passphrase, int encrypt) |
| 520 | { | 545 | { |
| 521 | MD5_CTX md; | 546 | MD5_CTX md; |
| 522 | u_char digest[16]; | 547 | u_char digest[16]; |
| @@ -525,7 +550,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, | |||
| 525 | MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); | 550 | MD5_Update(&md, (const u_char *)passphrase, strlen(passphrase)); |
| 526 | MD5_Final(digest, &md); | 551 | MD5_Final(digest, &md); |
| 527 | 552 | ||
| 528 | cipher_init(cc, cipher, digest, 16, NULL, 0); | 553 | cipher_init(cc, cipher, digest, 16, NULL, 0, encrypt); |
| 529 | 554 | ||
| 530 | memset(digest, 0, sizeof(digest)); | 555 | memset(digest, 0, sizeof(digest)); |
| 531 | memset(&md, 0, sizeof(md)); | 556 | memset(&md, 0, sizeof(md)); |