1 files changed, 66 insertions, 63 deletions
diff --git a/cipher.h b/cipher.h
index bc7a5e224..97bc8891f 100644
--- a/cipher.h
+++ b/cipher.h
@@ -8,9 +8,31 @@
 * software must be clearly marked as such, and if the derived work is
 * incompatible with the protocol description in the RFC file, it must be
 * called by a name other than "ssh" or "Secure Shell".
+ *
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$OpenBSD: cipher.h,v 1.19 2000/09/07 20:27:50 deraadt Exp $"); */
+/* RCSID("$OpenBSD: cipher.h,v 1.22 2000/10/13 18:59:14 markus Exp $"); */
 #ifndef CIPHER_H
 #define CIPHER_H
@@ -19,9 +41,12 @@
 #include <openssl/blowfish.h>
 #include <openssl/rc4.h>
 #include <openssl/cast.h>
+#include "rijndael.h"
-/* Cipher types.  New types can be added, but old types should not be removed
+/*
-   for compatibility.  The maximum allowed value is 31. */
+ * Cipher types for SSH-1.  New types can be added, but old types should not
+ * be removed for compatibility.  The maximum allowed value is 31.
+ */
+#define SSH_CIPHER_SSH2         -3
 #define SSH_CIPHER_ILLEGAL      -2      /* No valid cipher selected. */
 #define SSH_CIPHER_NOT_SET      -1      /* None selected (invalid number). */
 #define SSH_CIPHER_NONE         0       /* no encryption */
@@ -32,17 +57,18 @@
 #define SSH_CIPHER_BROKEN_RC4   5       /* Alleged RC4 */
 #define SSH_CIPHER_BLOWFISH     6
 #define SSH_CIPHER_RESERVED     7
+#define SSH_CIPHER_MAX          31
-/* these ciphers are used in SSH2: */
+typedef struct Cipher Cipher;
-#define SSH_CIPHER_BLOWFISH_CBC 8
+typedef struct CipherContext CipherContext;
-#define SSH_CIPHER_3DES_CBC     9
-#define SSH_CIPHER_ARCFOUR      10      /* Alleged RC4 */
-#define SSH_CIPHER_CAST128_CBC  11
-typedef struct {
+struct CipherContext {
-        unsigned int type;
        union {
                struct {
+                        des_key_schedule key;
+                        des_cblock iv;
+                }       des;
+                struct {
                        des_key_schedule key1;
                        des_key_schedule key2;
                        des_cblock iv2;
@@ -51,64 +77,41 @@ typedef struct {
                }       des3;
                struct {
                        struct bf_key_st key;
-                        unsigned char iv[8];
+                        u_char iv[8];
                }       bf;
                struct {
                        CAST_KEY key;
-                        unsigned char iv[8];
+                        u_char iv[8];
                } cast;
+                struct {
+                        u4byte iv[4];
+                        rijndael_ctx enc;
+                        rijndael_ctx dec;
+                } rijndael;
                RC4_KEY rc4;
        }       u;
-}       CipherContext;
+        Cipher *cipher;
-/*
+};
- * Returns a bit mask indicating which ciphers are supported by this
+struct Cipher {
- * implementation.  The bit mask has the corresponding bit set of each
+        char    *name;
- * supported cipher.
+        int     number;         /* for ssh1 only */
- */
+        u_int   block_size;
-unsigned int cipher_mask();
+        u_int   key_len;
-unsigned int cipher_mask1();
+        void    (*setkey)(CipherContext *, const u_char *, u_int);
-unsigned int cipher_mask2();
+        void    (*setiv)(CipherContext *, const u_char *, u_int);
+        void    (*encrypt)(CipherContext *, u_char *, const u_char *, u_int);
-/* Returns the name of the cipher. */
+        void    (*decrypt)(CipherContext *, u_char *, const u_char *, u_int);
-const char *cipher_name(int cipher);
+};
-/*
- * Parses the name of the cipher.  Returns the number of the corresponding
- * cipher, or -1 on error.
- */
-int     cipher_number(const char *name);
-/* returns 1 if all ciphers are supported (ssh2 only) */
-int     ciphers_valid(const char *names);
-/*
- * Selects the cipher to use and sets the key.  If for_encryption is true,
- * the key is setup for encryption; otherwise it is setup for decryption.
- */
-void
-cipher_set_key(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen);
-void
-cipher_set_key_iv(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen,
-    const unsigned char *iv, int ivlen);
-/*
- * Sets key for the cipher by computing the MD5 checksum of the passphrase,
- * and using the resulting 16 bytes as the key.
- */
-void
-cipher_set_key_string(CipherContext * context, int cipher,
-    const char *passphrase);
-/* Encrypts data using the cipher. */
-void
-cipher_encrypt(CipherContext * context, unsigned char *dest,
-    const unsigned char *src, unsigned int len);
-/* Decrypts data using the cipher. */
+unsigned int cipher_mask_ssh1(int client);
-void
+Cipher *cipher_by_name(const char *name);
-cipher_decrypt(CipherContext * context, unsigned char *dest,
+Cipher *cipher_by_number(int id);
-    const unsigned char *src, unsigned int len);
+int cipher_number(const char *name);
+char *cipher_name(int id);
+int ciphers_valid(const char *names);
+void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, const u_char *, u_int);
+void cipher_encrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
+void cipher_decrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
+void cipher_set_key_string(CipherContext *context, Cipher *cipher, const char *passphrase);
 #endif                          /* CIPHER_H */

diff --git a/cipher.h b/cipher.h index bc7a5e224..97bc8891f 100644 --- a/cipher.h +++ b/cipher.h
@@ -8,9 +8,31 @@
8	* software must be clearly marked as such, and if the derived work is	8	* software must be clearly marked as such, and if the derived work is
9	* incompatible with the protocol description in the RFC file, it must be	9	* incompatible with the protocol description in the RFC file, it must be
10	* called by a name other than "ssh" or "Secure Shell".	10	* called by a name other than "ssh" or "Secure Shell".
		11	*
		12	* Copyright (c) 2000 Markus Friedl. All rights reserved.
		13	*
		14	* Redistribution and use in source and binary forms, with or without
		15	* modification, are permitted provided that the following conditions
		16	* are met:
		17	* 1. Redistributions of source code must retain the above copyright
		18	* notice, this list of conditions and the following disclaimer.
		19	* 2. Redistributions in binary form must reproduce the above copyright
		20	* notice, this list of conditions and the following disclaimer in the
		21	* documentation and/or other materials provided with the distribution.
		22	*
		23	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
		24	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
		25	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
		26	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
		27	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		28	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
		29	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
		30	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
		31	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
		32	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
11	*/	33	*/
12		34
13	/* RCSID("$OpenBSD: cipher.h,v 1.19 2000/09/07 20:27:50 deraadt Exp $"); */	35	/* RCSID("$OpenBSD: cipher.h,v 1.22 2000/10/13 18:59:14 markus Exp $"); */
14		36
15	#ifndef CIPHER_H	37	#ifndef CIPHER_H
16	#define CIPHER_H	38	#define CIPHER_H
@@ -19,9 +41,12 @@
19	#include <openssl/blowfish.h>	41	#include <openssl/blowfish.h>
20	#include <openssl/rc4.h>	42	#include <openssl/rc4.h>
21	#include <openssl/cast.h>	43	#include <openssl/cast.h>
22		44	#include "rijndael.h"
23	/* Cipher types. New types can be added, but old types should not be removed	45	/*
24	for compatibility. The maximum allowed value is 31. */	46	* Cipher types for SSH-1. New types can be added, but old types should not
		47	* be removed for compatibility. The maximum allowed value is 31.
		48	*/
		49	#define SSH_CIPHER_SSH2 -3
25	#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */	50	#define SSH_CIPHER_ILLEGAL -2 /* No valid cipher selected. */
26	#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */	51	#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */
27	#define SSH_CIPHER_NONE 0 /* no encryption */	52	#define SSH_CIPHER_NONE 0 /* no encryption */
@@ -32,17 +57,18 @@
32	#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */	57	#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */
33	#define SSH_CIPHER_BLOWFISH 6	58	#define SSH_CIPHER_BLOWFISH 6
34	#define SSH_CIPHER_RESERVED 7	59	#define SSH_CIPHER_RESERVED 7
		60	#define SSH_CIPHER_MAX 31
35		61
36	/* these ciphers are used in SSH2: */	62	typedef struct Cipher Cipher;
37	#define SSH_CIPHER_BLOWFISH_CBC 8	63	typedef struct CipherContext CipherContext;
38	#define SSH_CIPHER_3DES_CBC 9
39	#define SSH_CIPHER_ARCFOUR 10 /* Alleged RC4 */
40	#define SSH_CIPHER_CAST128_CBC 11
41		64
42	typedef struct {	65	struct CipherContext {
43	unsigned int type;
44	union {	66	union {
45	struct {	67	struct {
		68	des_key_schedule key;
		69	des_cblock iv;
		70	} des;
		71	struct {
46	des_key_schedule key1;	72	des_key_schedule key1;
47	des_key_schedule key2;	73	des_key_schedule key2;
48	des_cblock iv2;	74	des_cblock iv2;
@@ -51,64 +77,41 @@ typedef struct {
51	} des3;	77	} des3;
52	struct {	78	struct {
53	struct bf_key_st key;	79	struct bf_key_st key;
54	unsigned char iv[8];	80	u_char iv[8];
55	} bf;	81	} bf;
56	struct {	82	struct {
57	CAST_KEY key;	83	CAST_KEY key;
58	unsigned char iv[8];	84	u_char iv[8];
59	} cast;	85	} cast;
		86	struct {
		87	u4byte iv[4];
		88	rijndael_ctx enc;
		89	rijndael_ctx dec;
		90	} rijndael;
60	RC4_KEY rc4;	91	RC4_KEY rc4;
61	} u;	92	} u;
62	} CipherContext;	93	Cipher *cipher;
63	/*	94	};
64	* Returns a bit mask indicating which ciphers are supported by this	95	struct Cipher {
65	* implementation. The bit mask has the corresponding bit set of each	96	char *name;
66	* supported cipher.	97	int number; /* for ssh1 only */
67	*/	98	u_int block_size;
68	unsigned int cipher_mask();	99	u_int key_len;
69	unsigned int cipher_mask1();	100	void (setkey)(CipherContext , const u_char *, u_int);
70	unsigned int cipher_mask2();	101	void (setiv)(CipherContext , const u_char *, u_int);
71		102	void (encrypt)(CipherContext , u_char , const u_char , u_int);
72	/* Returns the name of the cipher. */	103	void (decrypt)(CipherContext , u_char , const u_char , u_int);
73	const char *cipher_name(int cipher);	104	};
74
75	/*
76	* Parses the name of the cipher. Returns the number of the corresponding
77	* cipher, or -1 on error.
78	*/
79	int cipher_number(const char *name);
80
81	/* returns 1 if all ciphers are supported (ssh2 only) */
82	int ciphers_valid(const char *names);
83
84	/*
85	* Selects the cipher to use and sets the key. If for_encryption is true,
86	* the key is setup for encryption; otherwise it is setup for decryption.
87	*/
88	void
89	cipher_set_key(CipherContext * context, int cipher,
90	const unsigned char *key, int keylen);
91	void
92	cipher_set_key_iv(CipherContext * context, int cipher,
93	const unsigned char *key, int keylen,
94	const unsigned char *iv, int ivlen);
95
96	/*
97	* Sets key for the cipher by computing the MD5 checksum of the passphrase,
98	* and using the resulting 16 bytes as the key.
99	*/
100	void
101	cipher_set_key_string(CipherContext * context, int cipher,
102	const char *passphrase);
103
104	/* Encrypts data using the cipher. */
105	void
106	cipher_encrypt(CipherContext * context, unsigned char *dest,
107	const unsigned char *src, unsigned int len);
108		105
109	/* Decrypts data using the cipher. */	106	unsigned int cipher_mask_ssh1(int client);
110	void	107	Cipher cipher_by_name(const char name);
111	cipher_decrypt(CipherContext * context, unsigned char *dest,	108	Cipher *cipher_by_number(int id);
112	const unsigned char *src, unsigned int len);	109	int cipher_number(const char *name);
		110	char *cipher_name(int id);
		111	int ciphers_valid(const char *names);
		112	void cipher_init(CipherContext , Cipher , const u_char , u_int, const u_char , u_int);
		113	void cipher_encrypt(CipherContext context, u_char dest, const u_char *src, u_int len);
		114	void cipher_decrypt(CipherContext context, u_char dest, const u_char *src, u_int len);
		115	void cipher_set_key_string(CipherContext context, Cipher cipher, const char *passphrase);
113		116
114	#endif /* CIPHER_H */	117	#endif /* CIPHER_H */