6 files changed, 430 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 0ba506f59..61b714348 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+20040127
+ - (djm) OpenBSD CVS Sync
+   - hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
+     [cipher.c]
+     enable acss for ssh
+     ok deraadt@ markus@
+ - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS 
+   if libcrypto lacks it
 20040126
 - (tim) Typo in regress/README.regress
 - (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated.
@@ -1737,4 +1746,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.3192 2004/01/27 05:40:35 tim Exp $
+$Id: ChangeLog,v 1.3193 2004/01/27 10:19:21 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index f1098fcb0..1f6a4d43f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.253 2003/11/21 12:48:55 djm Exp $
+# $Id: Makefile.in,v 1.254 2004/01/27 10:19:22 djm Exp $
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -61,12 +61,13 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
-LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \
+LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
-        cipher.o cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \
+        canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
-        cleanup.o compat.o compress.o crc32.o deattack.o fatal.o \
+        cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
-        hostfile.o log.o match.o moduli.o mpaux.o nchan.o packet.o \
+        compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
-        readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
+        log.o match.o moduli.o mpaux.o nchan.o packet.o \
-        key.o dispatch.o kex.o mac.o uuencode.o misc.o \
+        readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
+        atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \
        rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
        kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
        entropy.o scard-opensc.o gss-genr.o
diff --git a/acss.c b/acss.c
new file mode 100644
index 000000000..65f5fa164
--- /dev/null
+++ b/acss.c
@@ -0,0 +1,264 @@
+/*      $Id: */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+#include <openssl/evp.h>
+#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
+#include "acss.h"
+/* decryption sbox */
+static unsigned char sboxdec[] = {
+        0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, 
+        0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, 
+        0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, 
+        0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, 
+        0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, 
+        0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, 
+        0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, 
+        0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, 
+        0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, 
+        0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, 
+        0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, 
+        0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, 
+        0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, 
+        0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, 
+        0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, 
+        0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, 
+        0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, 
+        0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, 
+        0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, 
+        0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, 
+        0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, 
+        0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, 
+        0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, 
+        0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, 
+        0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, 
+        0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, 
+        0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, 
+        0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, 
+        0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, 
+        0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, 
+        0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 
+        0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
+};
+/* encryption sbox */
+static unsigned char sboxenc[] = {
+        0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75,
+        0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b,
+        0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21,
+        0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f,
+        0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5,
+        0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab,
+        0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0,
+        0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2,
+        0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74,
+        0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76,
+        0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20,
+        0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22,
+        0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4,
+        0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6,
+        0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1,
+        0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf,
+        0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25,
+        0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b,
+        0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71,
+        0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f,
+        0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5,
+        0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb,
+        0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0,
+        0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2,
+        0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24,
+        0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26,
+        0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70,
+        0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72,
+        0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4,
+        0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6,
+        0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1,
+        0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff
+};
+static unsigned char reverse[] = {
+        0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, 
+        0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, 
+        0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, 
+        0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, 
+        0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, 
+        0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, 
+        0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, 
+        0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, 
+        0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, 
+        0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, 
+        0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, 
+        0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, 
+        0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, 
+        0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, 
+        0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, 
+        0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, 
+        0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, 
+        0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, 
+        0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, 
+        0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, 
+        0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, 
+        0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, 
+        0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, 
+        0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, 
+        0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, 
+        0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, 
+        0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, 
+        0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, 
+        0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, 
+        0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, 
+        0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, 
+        0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff 
+};
+/*
+ * Two linear feedback shift registers are used:
+ *
+ * lfsr17:  polynomial of degree 17, primitive modulo 2 (listed in Schneier)
+ *          x^15 + x + 1
+ * lfsr25:  polynomial of degree 25, not know if primitive modulo 2
+ *          x^13 + x^5 + x^4 + x^1 + 1
+ *
+ * Output bits are discarded, instead the feedback bits are added to produce
+ * the cipher stream.  Depending on the mode, feedback bytes may be inverted
+ * bit-wise before addition.
+ *
+ * The lfsrs are seeded with bytes from the raw key:
+ *
+ * lfsr17:  byte 0[0:7] at bit 9
+ *          byte 1[0:7] at bit 0
+ *
+ * lfsr25:  byte 2[0:4] at bit 16
+ *          byte 2[5:7] at bit 22
+ *          byte 3[0:7] at bit 8
+ *          byte 4[0:7] at bit 0
+ *
+ * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in
+ * lfsr25.
+ *
+ */
+int
+acss(ACSS_KEY *key, unsigned long len, const unsigned char *in,
+    unsigned char *out)
+{
+        unsigned long i;
+        unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp;
+        lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0;
+        /* keystream is sum of lfsrs */
+        for (i = 0; i < len; i++) {
+                lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14);
+                key->lfsr17 = (key->lfsr17 >> 8)
+                        ^ (lfsr17tmp << 9)
+                        ^ (lfsr17tmp << 12)
+                        ^ (lfsr17tmp << 15);
+                key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */
+                lfsr25tmp = key->lfsr25
+                        ^ (key->lfsr25 >> 3)
+                        ^ (key->lfsr25 >> 4)
+                        ^ (key->lfsr25 >> 12);
+                key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17);
+                key->lfsr25 &= 0x1ffffff;       /* 25 bit LFSR */
+                lfsrsumtmp = key->lfsrsum;
+                /* addition */
+                switch (key->mode) {
+                case ACSS_AUTHENTICATE:
+                case ACSS_DATA:
+                        key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                case ACSS_SESSIONKEY:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                case ACSS_TITLEKEY:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
+                        break;
+                default:
+                        return 1;
+                }
+                key->lfsrsum += (lfsrsumtmp >> 8);
+                if (key->encrypt) {
+                        out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff];
+                } else {
+                        out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff;
+                }
+        }
+        return 0;
+}
+static void
+acss_seed(ACSS_KEY *key)
+{
+        int i;
+        /* if available, mangle with subkey */
+        if (key->subkey_avilable) {
+                for (i = 0; i < ACSS_KEYSIZE; i++)
+                        key->seed[i] = reverse[key->data[i] ^ key->subkey[i]];
+        } else {
+                for (i = 0; i < ACSS_KEYSIZE; i++)
+                        key->seed[i] = reverse[key->data[i]];
+        }
+        /* seed lfsrs */
+        key->lfsr17 = key->seed[1]
+                | (key->seed[0] << 9)
+                | (1 << 8);     /* inject 1 at bit 9 */
+        key->lfsr25 = key->seed[4]
+                | (key->seed[3] << 8)
+                | ((key->seed[2] & 0x1f) << 16)
+                | ((key->seed[2] & 0xe0) << 17)
+                        | (1 << 21);    /* inject 1 at bit 22 */
+        key->lfsrsum = 0;
+}
+void
+acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode)
+{
+        memcpy(key->data, data, sizeof(key->data));
+        memset(key->subkey, 0, sizeof(key->subkey));
+        if (enc != -1)
+                key->encrypt = enc;
+        key->mode = mode;
+        key->subkey_avilable = 0;
+        acss_seed(key);
+}
+void
+acss_setsubkey(ACSS_KEY *key, const unsigned char *subkey)
+{
+        memcpy(key->subkey, subkey, sizeof(key->subkey));
+        key->subkey_avilable = 1;
+        acss_seed(key);
+}
+#endif
diff --git a/acss.h b/acss.h
new file mode 100644
index 000000000..fc6344dc8
--- /dev/null
+++ b/acss.h
@@ -0,0 +1,47 @@
+/*      $Id: */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _ACSS_H_
+#define _ACSS_H_
+/* 40bit key */
+#define ACSS_KEYSIZE            5
+/* modes of acss */
+#define ACSS_AUTHENTICATE       0
+#define ACSS_SESSIONKEY         1
+#define ACSS_TITLEKEY           2
+#define ACSS_DATA               3
+typedef struct acss_key_st {
+        unsigned int    lfsr17;         /* current state of lfsrs */
+        unsigned int    lfsr25;
+        unsigned int    lfsrsum;
+        unsigned char   seed[ACSS_KEYSIZE];
+        unsigned char   data[ACSS_KEYSIZE];
+        unsigned char   subkey[ACSS_KEYSIZE];
+        int             encrypt;        /* XXX make these bit flags? */
+        int             mode;
+        int             seeded;
+        int             subkey_avilable;
+} ACSS_KEY;
+void acss_setkey(ACSS_KEY *, const unsigned char *, int, int);
+void acss_setsubkey(ACSS_KEY *, const unsigned char *);
+int acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *);
+#endif /* ifndef _ACSS_H_ */
diff --git a/cipher-acss.c b/cipher-acss.c
new file mode 100644
index 000000000..e2e3a4060
--- /dev/null
+++ b/cipher-acss.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+#include <openssl/evp.h>
+RCSID("$Id: cipher-acss.c,v 1.1 2004/01/27 10:19:22 djm Exp $");
+#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
+#include "acss.h"
+#define data(ctx) ((EVP_ACSS_KEY *)(ctx)->cipher_data)
+typedef struct {
+        ACSS_KEY ks;
+} EVP_ACSS_KEY;
+#define EVP_CTRL_SET_ACSS_MODE          0xff06
+#define EVP_CTRL_SET_ACSS_SUBKEY        0xff07
+static int
+acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 
+    const unsigned char *iv, int enc)
+{
+        acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
+        return 1;
+}
+static int
+acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, 
+    unsigned int inl)
+{
+        acss(&data(ctx)->ks,inl,in,out);
+        return 1;
+}
+static int
+acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        switch(type) {
+        case EVP_CTRL_SET_ACSS_MODE:
+                data(ctx)->ks.mode = arg;
+                return 1;
+        case EVP_CTRL_SET_ACSS_SUBKEY:
+                acss_setsubkey(&data(ctx)->ks,(unsigned char *)ptr);
+                return 1;
+        default:
+                return -1;
+        }
+}
+const EVP_CIPHER *
+evp_acss(void)
+{
+        static EVP_CIPHER acss_cipher;
+        memset(&acss_cipher, 0, sizeof(EVP_CIPHER));
+        acss_cipher.nid = NID_undef;
+        acss_cipher.block_size = 1;
+        acss_cipher.key_len = 5;
+        acss_cipher.init = acss_init_key;
+        acss_cipher.do_cipher = acss_ciph;
+        acss_cipher.ctx_size = sizeof(EVP_ACSS_KEY);
+        acss_cipher.ctrl = acss_ctrl;
+        return (&acss_cipher);
+}
+#endif
diff --git a/cipher.c b/cipher.c
index a1c40cc4a..190b8688b 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.67 2004/01/23 17:06:03 hshoexer Exp $");
 #include "xmalloc.h"
 #include "log.h"
@@ -52,6 +52,17 @@ RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
 extern const EVP_CIPHER *evp_rijndael(void);
 extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
 #endif
+#if !defined(EVP_CTRL_SET_ACSS_MODE)
+# if (OPENSSL_VERSION_NUMBER >= 0x00906000L)
+extern const EVP_CIPHER *evp_acss(void);
+#  define EVP_acss evp_acss
+#  define EVP_CTRL_SET_ACSS_MODE xxx    /* used below */
+# else
+#  define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
+# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
+#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
@@ -92,7 +103,9 @@ struct Cipher {
        { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
        { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
 #endif
+#if defined(EVP_CTRL_SET_ACSS_MODE)
+        { "acss@openbsd.org",   SSH_CIPHER_SSH2, 16, 5, EVP_acss },
+#endif
        { NULL,                 SSH_CIPHER_ILLEGAL, 0, 0, NULL }
 };
@@ -402,7 +415,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
        Cipher *c = cc->cipher;
        int plen = 0;
-        if (c->evptype == EVP_rc4) {
+        if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
                plen = EVP_X_STATE_LEN(cc->evp);
                if (dat == NULL)
                        return (plen);
@@ -417,7 +430,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
        Cipher *c = cc->cipher;
        int plen;
-        if (c->evptype == EVP_rc4) {
+        if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
                plen = EVP_X_STATE_LEN(cc->evp);
                memcpy(EVP_X_STATE(cc->evp), dat, plen);
        }

diff --git a/ChangeLog b/ChangeLog index 0ba506f59..61b714348 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,12 @@
		1	20040127
		2	- (djm) OpenBSD CVS Sync
		3	- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
		4	[cipher.c]
		5	enable acss for ssh
		6	ok deraadt@ markus@
		7	- (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
		8	if libcrypto lacks it
		9
1	20040126	10	20040126
2	- (tim) Typo in regress/README.regress	11	- (tim) Typo in regress/README.regress
3	- (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated.	12	- (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated.
@@ -1737,4 +1746,4 @@
1737	- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.	1746	- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1738	Report from murple@murple.net, diagnosis from dtucker@zip.com.au	1747	Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1739		1748
1740	$Id: ChangeLog,v 1.3192 2004/01/27 05:40:35 tim Exp $	1749	$Id: ChangeLog,v 1.3193 2004/01/27 10:19:21 djm Exp $


diff --git a/Makefile.in b/Makefile.in index f1098fcb0..1f6a4d43f 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -1,4 +1,4 @@
1	# $Id: Makefile.in,v 1.253 2003/11/21 12:48:55 djm Exp $	1	# $Id: Makefile.in,v 1.254 2004/01/27 10:19:22 djm Exp $
2		2
3	# uncomment if you run a non bourne compatable shell. Ie. csh	3	# uncomment if you run a non bourne compatable shell. Ie. csh
4	#SHELL = @SH@	4	#SHELL = @SH@
@@ -61,12 +61,13 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
61		61
62	TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)	62	TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
63		63
64	LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \	64	LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
65	cipher.o cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \	65	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
66	cleanup.o compat.o compress.o crc32.o deattack.o fatal.o \	66	cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
67	hostfile.o log.o match.o moduli.o mpaux.o nchan.o packet.o \	67	compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
68	readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \	68	log.o match.o moduli.o mpaux.o nchan.o packet.o \
69	key.o dispatch.o kex.o mac.o uuencode.o misc.o \	69	readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
		70	atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \
70	rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \	71	rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
71	kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \	72	kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
72	entropy.o scard-opensc.o gss-genr.o	73	entropy.o scard-opensc.o gss-genr.o


diff --git a/acss.c b/acss.c new file mode 100644 index 000000000..65f5fa164 --- /dev/null +++ b/acss.c
@@ -0,0 +1,264 @@
		1	/* $Id: */
		2	/*
		3	* Copyright (c) 2004 The OpenBSD project
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include "includes.h"
		19	#include <openssl/evp.h>
		20
		21	#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
		22
		23	#include "acss.h"
		24
		25	/* decryption sbox */
		26	static unsigned char sboxdec[] = {
		27	0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
		28	0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
		29	0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
		30	0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
		31	0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
		32	0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
		33	0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
		34	0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
		35	0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
		36	0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
		37	0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
		38	0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
		39	0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
		40	0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
		41	0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
		42	0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
		43	0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
		44	0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
		45	0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
		46	0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
		47	0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
		48	0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
		49	0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
		50	0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
		51	0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
		52	0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
		53	0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
		54	0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
		55	0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
		56	0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
		57	0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
		58	0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
		59	};
		60
		61	/* encryption sbox */
		62	static unsigned char sboxenc[] = {
		63	0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75,
		64	0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b,
		65	0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21,
		66	0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f,
		67	0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5,
		68	0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab,
		69	0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0,
		70	0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2,
		71	0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74,
		72	0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76,
		73	0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20,
		74	0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22,
		75	0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4,
		76	0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6,
		77	0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1,
		78	0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf,
		79	0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25,
		80	0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b,
		81	0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71,
		82	0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f,
		83	0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5,
		84	0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb,
		85	0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0,
		86	0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2,
		87	0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24,
		88	0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26,
		89	0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70,
		90	0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72,
		91	0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4,
		92	0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6,
		93	0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1,
		94	0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff
		95	};
		96
		97	static unsigned char reverse[] = {
		98	0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
		99	0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
		100	0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
		101	0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
		102	0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
		103	0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
		104	0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
		105	0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
		106	0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
		107	0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
		108	0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
		109	0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
		110	0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
		111	0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
		112	0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
		113	0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
		114	0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
		115	0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
		116	0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
		117	0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
		118	0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
		119	0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
		120	0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
		121	0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
		122	0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
		123	0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
		124	0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
		125	0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
		126	0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
		127	0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
		128	0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
		129	0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
		130	};
		131
		132	/*
		133	* Two linear feedback shift registers are used:
		134	*
		135	* lfsr17: polynomial of degree 17, primitive modulo 2 (listed in Schneier)
		136	* x^15 + x + 1
		137	* lfsr25: polynomial of degree 25, not know if primitive modulo 2
		138	* x^13 + x^5 + x^4 + x^1 + 1
		139	*
		140	* Output bits are discarded, instead the feedback bits are added to produce
		141	* the cipher stream. Depending on the mode, feedback bytes may be inverted
		142	* bit-wise before addition.
		143	*
		144	* The lfsrs are seeded with bytes from the raw key:
		145	*
		146	* lfsr17: byte 0[0:7] at bit 9
		147	* byte 1[0:7] at bit 0
		148	*
		149	* lfsr25: byte 2[0:4] at bit 16
		150	* byte 2[5:7] at bit 22
		151	* byte 3[0:7] at bit 8
		152	* byte 4[0:7] at bit 0
		153	*
		154	* To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in
		155	* lfsr25.
		156	*
		157	*/
		158
		159	int
		160	acss(ACSS_KEY key, unsigned long len, const unsigned char in,
		161	unsigned char *out)
		162	{
		163	unsigned long i;
		164	unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp;
		165
		166	lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0;
		167
		168	/* keystream is sum of lfsrs */
		169	for (i = 0; i < len; i++) {
		170	lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14);
		171	key->lfsr17 = (key->lfsr17 >> 8)
		172	^ (lfsr17tmp << 9)
		173	^ (lfsr17tmp << 12)
		174	^ (lfsr17tmp << 15);
		175	key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */
		176
		177	lfsr25tmp = key->lfsr25
		178	^ (key->lfsr25 >> 3)
		179	^ (key->lfsr25 >> 4)
		180	^ (key->lfsr25 >> 12);
		181	key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17);
		182	key->lfsr25 &= 0x1ffffff; /* 25 bit LFSR */
		183
		184	lfsrsumtmp = key->lfsrsum;
		185
		186	/* addition */
		187	switch (key->mode) {
		188	case ACSS_AUTHENTICATE:
		189	case ACSS_DATA:
		190	key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
		191	key->lfsrsum += key->lfsr25 >> 17;
		192	break;
		193	case ACSS_SESSIONKEY:
		194	key->lfsrsum = key->lfsr17 >> 9;
		195	key->lfsrsum += key->lfsr25 >> 17;
		196	break;
		197	case ACSS_TITLEKEY:
		198	key->lfsrsum = key->lfsr17 >> 9;
		199	key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
		200	break;
		201	default:
		202	return 1;
		203	}
		204	key->lfsrsum += (lfsrsumtmp >> 8);
		205
		206	if (key->encrypt) {
		207	out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff];
		208	} else {
		209	out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff;
		210	}
		211	}
		212
		213	return 0;
		214	}
		215
		216	static void
		217	acss_seed(ACSS_KEY *key)
		218	{
		219	int i;
		220
		221	/* if available, mangle with subkey */
		222	if (key->subkey_avilable) {
		223	for (i = 0; i < ACSS_KEYSIZE; i++)
		224	key->seed[i] = reverse[key->data[i] ^ key->subkey[i]];
		225	} else {
		226	for (i = 0; i < ACSS_KEYSIZE; i++)
		227	key->seed[i] = reverse[key->data[i]];
		228	}
		229
		230	/* seed lfsrs */
		231	key->lfsr17 = key->seed[1]
		232	\| (key->seed[0] << 9)
		233	\| (1 << 8); /* inject 1 at bit 9 */
		234	key->lfsr25 = key->seed[4]
		235	\| (key->seed[3] << 8)
		236	\| ((key->seed[2] & 0x1f) << 16)
		237	\| ((key->seed[2] & 0xe0) << 17)
		238	\| (1 << 21); /* inject 1 at bit 22 */
		239
		240	key->lfsrsum = 0;
		241	}
		242
		243	void
		244	acss_setkey(ACSS_KEY key, const unsigned char data, int enc, int mode)
		245	{
		246	memcpy(key->data, data, sizeof(key->data));
		247	memset(key->subkey, 0, sizeof(key->subkey));
		248
		249	if (enc != -1)
		250	key->encrypt = enc;
		251	key->mode = mode;
		252	key->subkey_avilable = 0;
		253
		254	acss_seed(key);
		255	}
		256
		257	void
		258	acss_setsubkey(ACSS_KEY key, const unsigned char subkey)
		259	{
		260	memcpy(key->subkey, subkey, sizeof(key->subkey));
		261	key->subkey_avilable = 1;
		262	acss_seed(key);
		263	}
		264	#endif


diff --git a/acss.h b/acss.h new file mode 100644 index 000000000..fc6344dc8 --- /dev/null +++ b/acss.h
@@ -0,0 +1,47 @@
		1	/* $Id: */
		2	/*
		3	* Copyright (c) 2004 The OpenBSD project
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#ifndef _ACSS_H_
		19	#define _ACSS_H_
		20
		21	/* 40bit key */
		22	#define ACSS_KEYSIZE 5
		23
		24	/* modes of acss */
		25	#define ACSS_AUTHENTICATE 0
		26	#define ACSS_SESSIONKEY 1
		27	#define ACSS_TITLEKEY 2
		28	#define ACSS_DATA 3
		29
		30	typedef struct acss_key_st {
		31	unsigned int lfsr17; /* current state of lfsrs */
		32	unsigned int lfsr25;
		33	unsigned int lfsrsum;
		34	unsigned char seed[ACSS_KEYSIZE];
		35	unsigned char data[ACSS_KEYSIZE];
		36	unsigned char subkey[ACSS_KEYSIZE];
		37	int encrypt; /* XXX make these bit flags? */
		38	int mode;
		39	int seeded;
		40	int subkey_avilable;
		41	} ACSS_KEY;
		42
		43	void acss_setkey(ACSS_KEY , const unsigned char , int, int);
		44	void acss_setsubkey(ACSS_KEY , const unsigned char );
		45	int acss(ACSS_KEY , unsigned long, const unsigned char , unsigned char *);
		46
		47	#endif /* ifndef _ACSS_H_ */


diff --git a/cipher-acss.c b/cipher-acss.c new file mode 100644 index 000000000..e2e3a4060 --- /dev/null +++ b/cipher-acss.c
@@ -0,0 +1,84 @@
		1	/*
		2	* Copyright (c) 2004 The OpenBSD project
		3	*
		4	* Permission to use, copy, modify, and distribute this software for any
		5	* purpose with or without fee is hereby granted, provided that the above
		6	* copyright notice and this permission notice appear in all copies.
		7	*
		8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		15	*/
		16
		17	#include "includes.h"
		18	#include <openssl/evp.h>
		19
		20	RCSID("$Id: cipher-acss.c,v 1.1 2004/01/27 10:19:22 djm Exp $");
		21
		22	#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
		23
		24	#include "acss.h"
		25
		26	#define data(ctx) ((EVP_ACSS_KEY *)(ctx)->cipher_data)
		27
		28	typedef struct {
		29	ACSS_KEY ks;
		30	} EVP_ACSS_KEY;
		31
		32	#define EVP_CTRL_SET_ACSS_MODE 0xff06
		33	#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07
		34
		35	static int
		36	acss_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
		37	const unsigned char *iv, int enc)
		38	{
		39	acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
		40	return 1;
		41	}
		42
		43	static int
		44	acss_ciph(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in,
		45	unsigned int inl)
		46	{
		47	acss(&data(ctx)->ks,inl,in,out);
		48	return 1;
		49	}
		50
		51	static int
		52	acss_ctrl(EVP_CIPHER_CTX ctx, int type, int arg, void ptr)
		53	{
		54	switch(type) {
		55	case EVP_CTRL_SET_ACSS_MODE:
		56	data(ctx)->ks.mode = arg;
		57	return 1;
		58	case EVP_CTRL_SET_ACSS_SUBKEY:
		59	acss_setsubkey(&data(ctx)->ks,(unsigned char *)ptr);
		60	return 1;
		61	default:
		62	return -1;
		63	}
		64	}
		65
		66	const EVP_CIPHER *
		67	evp_acss(void)
		68	{
		69	static EVP_CIPHER acss_cipher;
		70
		71	memset(&acss_cipher, 0, sizeof(EVP_CIPHER));
		72
		73	acss_cipher.nid = NID_undef;
		74	acss_cipher.block_size = 1;
		75	acss_cipher.key_len = 5;
		76	acss_cipher.init = acss_init_key;
		77	acss_cipher.do_cipher = acss_ciph;
		78	acss_cipher.ctx_size = sizeof(EVP_ACSS_KEY);
		79	acss_cipher.ctrl = acss_ctrl;
		80
		81	return (&acss_cipher);
		82	}
		83	#endif
		84


diff --git a/cipher.c b/cipher.c index a1c40cc4a..190b8688b 100644 --- a/cipher.c +++ b/cipher.c
@@ -35,7 +35,7 @@
35	*/	35	*/
36		36
37	#include "includes.h"	37	#include "includes.h"
38	RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");	38	RCSID("$OpenBSD: cipher.c,v 1.67 2004/01/23 17:06:03 hshoexer Exp $");
39		39
40	#include "xmalloc.h"	40	#include "xmalloc.h"
41	#include "log.h"	41	#include "log.h"
@@ -52,6 +52,17 @@ RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $");
52	extern const EVP_CIPHER *evp_rijndael(void);	52	extern const EVP_CIPHER *evp_rijndael(void);
53	extern void ssh_rijndael_iv(EVP_CIPHER_CTX , int, u_char , u_int);	53	extern void ssh_rijndael_iv(EVP_CIPHER_CTX , int, u_char , u_int);
54	#endif	54	#endif
		55
		56	#if !defined(EVP_CTRL_SET_ACSS_MODE)
		57	# if (OPENSSL_VERSION_NUMBER >= 0x00906000L)
		58	extern const EVP_CIPHER *evp_acss(void);
		59	# define EVP_acss evp_acss
		60	# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */
		61	# else
		62	# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
		63	# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
		64	#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
		65
55	extern const EVP_CIPHER *evp_ssh1_bf(void);	66	extern const EVP_CIPHER *evp_ssh1_bf(void);
56	extern const EVP_CIPHER *evp_ssh1_3des(void);	67	extern const EVP_CIPHER *evp_ssh1_3des(void);
57	extern void ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);	68	extern void ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);
@@ -92,7 +103,9 @@ struct Cipher {
92	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },	103	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
93	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },	104	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
94	#endif	105	#endif
95		106	#if defined(EVP_CTRL_SET_ACSS_MODE)
		107	{ "acss@openbsd.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss },
		108	#endif
96	{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }	109	{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }
97	};	110	};
98		111
@@ -402,7 +415,7 @@ cipher_get_keycontext(const CipherContext cc, u_char dat)
402	Cipher *c = cc->cipher;	415	Cipher *c = cc->cipher;
403	int plen = 0;	416	int plen = 0;
404		417
405	if (c->evptype == EVP_rc4) {	418	if (c->evptype == EVP_rc4 \|\| c->evptype == EVP_acss) {
406	plen = EVP_X_STATE_LEN(cc->evp);	419	plen = EVP_X_STATE_LEN(cc->evp);
407	if (dat == NULL)	420	if (dat == NULL)
408	return (plen);	421	return (plen);
@@ -417,7 +430,7 @@ cipher_set_keycontext(CipherContext cc, u_char dat)
417	Cipher *c = cc->cipher;	430	Cipher *c = cc->cipher;
418	int plen;	431	int plen;
419		432
420	if (c->evptype == EVP_rc4) {	433	if (c->evptype == EVP_rc4 \|\| c->evptype == EVP_acss) {
421	plen = EVP_X_STATE_LEN(cc->evp);	434	plen = EVP_X_STATE_LEN(cc->evp);
422	memcpy(EVP_X_STATE(cc->evp), dat, plen);	435	memcpy(EVP_X_STATE(cc->evp), dat, plen);
423	}	436	}