summaryrefslogtreecommitdiff
path: root/cipher.h
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-10-14 16:23:11 +1100
committerDamien Miller <djm@mindrot.org>2000-10-14 16:23:11 +1100
commit874d77bb134a21a5cf625956b60173376a993ba8 (patch)
tree93dd73b2ff1fbf0ad5f3978a2c4e0d8438a0bf7c /cipher.h
parent89d9796fbedef4eed6956a2c095c7cc25330c28d (diff)
- (djm) Big OpenBSD sync:
- markus@cvs.openbsd.org 2000/09/30 10:27:44 [log.c] allow loglevel debug - markus@cvs.openbsd.org 2000/10/03 11:59:57 [packet.c] hmac->mac - markus@cvs.openbsd.org 2000/10/03 12:03:03 [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c] move fake-auth from auth1.c to individual auth methods, disables s/key in debug-msg - markus@cvs.openbsd.org 2000/10/03 12:16:48 ssh.c do not resolve canonname, i have no idea why this was added oin ossh - markus@cvs.openbsd.org 2000/10/09 15:30:44 ssh-keygen.1 ssh-keygen.c -X now reads private ssh.com DSA keys, too. - markus@cvs.openbsd.org 2000/10/09 15:32:34 auth-options.c clear options on every call. - markus@cvs.openbsd.org 2000/10/09 15:51:00 authfd.c authfd.h interop with ssh-agent2, from <res@shore.net> - markus@cvs.openbsd.org 2000/10/10 14:20:45 compat.c use rexexp for version string matching - provos@cvs.openbsd.org 2000/10/10 22:02:18 [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h] First rough implementation of the diffie-hellman group exchange. The client can ask the server for bigger groups to perform the diffie-hellman in, thus increasing the attack complexity when using ciphers with longer keys. University of Windsor provided network, T the company. - markus@cvs.openbsd.org 2000/10/11 13:59:52 [auth-rsa.c auth2.c] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:00:27 [auth-options.h] clear auth options unless auth sucessfull - markus@cvs.openbsd.org 2000/10/11 14:03:27 [scp.1 scp.c] support 'scp -o' with help from mouring@pconline.com - markus@cvs.openbsd.org 2000/10/11 14:11:35 [dh.c] Wall - markus@cvs.openbsd.org 2000/10/11 14:14:40 [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h] [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h] add support for s/key (kbd-interactive) to ssh2, based on work by mkiernan@avantgo.com and me - markus@cvs.openbsd.org 2000/10/11 14:27:24 [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h] [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c] [sshconnect2.c sshd.c] new cipher framework - markus@cvs.openbsd.org 2000/10/11 14:45:21 [cipher.c] remove DES - markus@cvs.openbsd.org 2000/10/12 03:59:20 [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c] enable DES in SSH-1 clients only - markus@cvs.openbsd.org 2000/10/12 08:21:13 [kex.h packet.c] remove unused - markus@cvs.openbsd.org 2000/10/13 12:34:46 [sshd.c] Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se - markus@cvs.openbsd.org 2000/10/13 12:59:15 [cipher.c cipher.h myproposal.h rijndael.c rijndael.h] rijndael/aes support - markus@cvs.openbsd.org 2000/10/13 13:10:54 [sshd.8] more info about -V - markus@cvs.openbsd.org 2000/10/13 13:12:02 [myproposal.h] prefer no compression
Diffstat (limited to 'cipher.h')
-rw-r--r--cipher.h129
1 files changed, 66 insertions, 63 deletions
diff --git a/cipher.h b/cipher.h
index bc7a5e224..97bc8891f 100644
--- a/cipher.h
+++ b/cipher.h
@@ -8,9 +8,31 @@
8 * software must be clearly marked as such, and if the derived work is 8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be 9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell". 10 * called by a name other than "ssh" or "Secure Shell".
11 *
12 * Copyright (c) 2000 Markus Friedl. All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
11 */ 33 */
12 34
13/* RCSID("$OpenBSD: cipher.h,v 1.19 2000/09/07 20:27:50 deraadt Exp $"); */ 35/* RCSID("$OpenBSD: cipher.h,v 1.22 2000/10/13 18:59:14 markus Exp $"); */
14 36
15#ifndef CIPHER_H 37#ifndef CIPHER_H
16#define CIPHER_H 38#define CIPHER_H
@@ -19,9 +41,12 @@
19#include <openssl/blowfish.h> 41#include <openssl/blowfish.h>
20#include <openssl/rc4.h> 42#include <openssl/rc4.h>
21#include <openssl/cast.h> 43#include <openssl/cast.h>
22 44#include "rijndael.h"
23/* Cipher types. New types can be added, but old types should not be removed 45/*
24 for compatibility. The maximum allowed value is 31. */ 46 * Cipher types for SSH-1. New types can be added, but old types should not
47 * be removed for compatibility. The maximum allowed value is 31.
48 */
49#define SSH_CIPHER_SSH2 -3
25#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */ 50#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */
26#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ 51#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */
27#define SSH_CIPHER_NONE 0 /* no encryption */ 52#define SSH_CIPHER_NONE 0 /* no encryption */
@@ -32,17 +57,18 @@
32#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */ 57#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */
33#define SSH_CIPHER_BLOWFISH 6 58#define SSH_CIPHER_BLOWFISH 6
34#define SSH_CIPHER_RESERVED 7 59#define SSH_CIPHER_RESERVED 7
60#define SSH_CIPHER_MAX 31
35 61
36/* these ciphers are used in SSH2: */ 62typedef struct Cipher Cipher;
37#define SSH_CIPHER_BLOWFISH_CBC 8 63typedef struct CipherContext CipherContext;
38#define SSH_CIPHER_3DES_CBC 9
39#define SSH_CIPHER_ARCFOUR 10 /* Alleged RC4 */
40#define SSH_CIPHER_CAST128_CBC 11
41 64
42typedef struct { 65struct CipherContext {
43 unsigned int type;
44 union { 66 union {
45 struct { 67 struct {
68 des_key_schedule key;
69 des_cblock iv;
70 } des;
71 struct {
46 des_key_schedule key1; 72 des_key_schedule key1;
47 des_key_schedule key2; 73 des_key_schedule key2;
48 des_cblock iv2; 74 des_cblock iv2;
@@ -51,64 +77,41 @@ typedef struct {
51 } des3; 77 } des3;
52 struct { 78 struct {
53 struct bf_key_st key; 79 struct bf_key_st key;
54 unsigned char iv[8]; 80 u_char iv[8];
55 } bf; 81 } bf;
56 struct { 82 struct {
57 CAST_KEY key; 83 CAST_KEY key;
58 unsigned char iv[8]; 84 u_char iv[8];
59 } cast; 85 } cast;
86 struct {
87 u4byte iv[4];
88 rijndael_ctx enc;
89 rijndael_ctx dec;
90 } rijndael;
60 RC4_KEY rc4; 91 RC4_KEY rc4;
61 } u; 92 } u;
62} CipherContext; 93 Cipher *cipher;
63/* 94};
64 * Returns a bit mask indicating which ciphers are supported by this 95struct Cipher {
65 * implementation. The bit mask has the corresponding bit set of each 96 char *name;
66 * supported cipher. 97 int number; /* for ssh1 only */
67 */ 98 u_int block_size;
68unsigned int cipher_mask(); 99 u_int key_len;
69unsigned int cipher_mask1(); 100 void (*setkey)(CipherContext *, const u_char *, u_int);
70unsigned int cipher_mask2(); 101 void (*setiv)(CipherContext *, const u_char *, u_int);
71 102 void (*encrypt)(CipherContext *, u_char *, const u_char *, u_int);
72/* Returns the name of the cipher. */ 103 void (*decrypt)(CipherContext *, u_char *, const u_char *, u_int);
73const char *cipher_name(int cipher); 104};
74
75/*
76 * Parses the name of the cipher. Returns the number of the corresponding
77 * cipher, or -1 on error.
78 */
79int cipher_number(const char *name);
80
81/* returns 1 if all ciphers are supported (ssh2 only) */
82int ciphers_valid(const char *names);
83
84/*
85 * Selects the cipher to use and sets the key. If for_encryption is true,
86 * the key is setup for encryption; otherwise it is setup for decryption.
87 */
88void
89cipher_set_key(CipherContext * context, int cipher,
90 const unsigned char *key, int keylen);
91void
92cipher_set_key_iv(CipherContext * context, int cipher,
93 const unsigned char *key, int keylen,
94 const unsigned char *iv, int ivlen);
95
96/*
97 * Sets key for the cipher by computing the MD5 checksum of the passphrase,
98 * and using the resulting 16 bytes as the key.
99 */
100void
101cipher_set_key_string(CipherContext * context, int cipher,
102 const char *passphrase);
103
104/* Encrypts data using the cipher. */
105void
106cipher_encrypt(CipherContext * context, unsigned char *dest,
107 const unsigned char *src, unsigned int len);
108 105
109/* Decrypts data using the cipher. */ 106unsigned int cipher_mask_ssh1(int client);
110void 107Cipher *cipher_by_name(const char *name);
111cipher_decrypt(CipherContext * context, unsigned char *dest, 108Cipher *cipher_by_number(int id);
112 const unsigned char *src, unsigned int len); 109int cipher_number(const char *name);
110char *cipher_name(int id);
111int ciphers_valid(const char *names);
112void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, const u_char *, u_int);
113void cipher_encrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
114void cipher_decrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
115void cipher_set_key_string(CipherContext *context, Cipher *cipher, const char *passphrase);
113 116
114#endif /* CIPHER_H */ 117#endif /* CIPHER_H */