From 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 May 2014 14:24:09 +1000 Subject: - markus@cvs.openbsd.org 2014/04/29 18:01:49 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm --- cipher.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 80 insertions(+), 8 deletions(-) (limited to 'cipher.c') diff --git a/cipher.c b/cipher.c index 53d9b4fb7..0ea073f55 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.97 2014/02/07 06:55:54 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.98 2014/04/29 18:01:49 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -53,9 +53,11 @@ /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" +#ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); +#endif struct Cipher { char *name; @@ -68,15 +70,23 @@ struct Cipher { u_int flags; #define CFLAG_CBC (1<<0) #define CFLAG_CHACHAPOLY (1<<1) +#define CFLAG_AESCTR (1<<2) +#define CFLAG_NONE (1<<3) +#ifdef WITH_OPENSSL const EVP_CIPHER *(*evptype)(void); +#else + void *ignored; +#endif }; static const struct Cipher ciphers[] = { - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, +#ifdef WITH_SSH1 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, - +#endif +#ifdef WITH_OPENSSL + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, @@ -99,6 +109,12 @@ static const struct Cipher ciphers[] = { { "aes256-gcm@openssh.com", SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, #endif +#else /* WITH_OPENSSL */ + { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, +#endif /* WITH_OPENSSL */ { "chacha20-poly1305@openssh.com", SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } @@ -264,6 +280,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { +#ifdef WITH_OPENSSL static int dowarn = 1; #ifdef SSH_OLD_EVP EVP_CIPHER *type; @@ -282,6 +299,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, if (keylen > 8) keylen = 8; } +#endif cc->plaintext = (cipher->number == SSH_CIPHER_NONE); cc->encrypt = do_encrypt; @@ -297,6 +315,16 @@ cipher_init(CipherContext *cc, const Cipher *cipher, chachapoly_init(&cc->cp_ctx, key, keylen); return; } +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); + aesctr_ivsetup(&cc->ac_ctx, iv); + return; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; + fatal("unsupported cipher"); +#else type = (*cipher->evptype)(); EVP_CIPHER_CTX_init(&cc->evp); #ifdef SSH_OLD_EVP @@ -339,6 +367,7 @@ cipher_init(CipherContext *cc, const Cipher *cipher, free(junk); free(discard); } +#endif } /* @@ -360,6 +389,20 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); +#ifndef WITH_OPENSSL + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if (aadlen) + memcpy(dest, src, aadlen); + aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, + dest + aadlen, len); + return 0; + } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } + fatal("unsupported cipher"); +#else if (authlen) { u_char lastiv[1]; @@ -400,6 +443,7 @@ cipher_crypt(CipherContext *cc, u_int seqnr, u_char *dest, const u_char *src, fatal("%s: EVP_CTRL_GCM_GET_TAG", __func__); } return 0; +#endif } /* Extract the packet length, including any decryption necessary beforehand */ @@ -421,8 +465,12 @@ cipher_cleanup(CipherContext *cc) { if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); + else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) + explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx)); +#ifdef WITH_OPENSSL else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); +#endif } /* @@ -455,14 +503,16 @@ int cipher_get_keyiv_len(const CipherContext *cc) { const Cipher *c = cc->cipher; - int ivlen; + int ivlen = 0; if (c->number == SSH_CIPHER_3DES) ivlen = 24; else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) ivlen = 0; +#ifdef WITH_OPENSSL else ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp); +#endif return (ivlen); } @@ -470,15 +520,20 @@ void cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { if (len != 0) fatal("%s: wrong iv length %d != %d", __func__, len, 0); return; } + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -492,17 +547,20 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 0, iv, len); else -#endif +#endif /* USE_BUILTIN_RIJNDAEL */ #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else -#endif +#endif /* OPENSSL_HAVE_EVPCTR */ memcpy(iv, cc->evp.iv, len); break; +#endif /* WITH_OPENSSL */ +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 0, iv, 24); break; +#endif /* WITH_SSH1 */ default: fatal("%s: bad cipher %d", __func__, c->number); } @@ -512,12 +570,17 @@ void cipher_set_keyiv(CipherContext *cc, u_char *iv) { const Cipher *c = cc->cipher; +#ifdef WITH_OPENSSL int evplen = 0; +#endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return; + if ((cc->cipher->flags & CFLAG_NONE) != 0) + return; switch (c->number) { +#ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: @@ -528,17 +591,20 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 1, iv, evplen); else -#endif +#endif /* USE_BUILTIN_RIJNDAEL */ #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); else -#endif +#endif /* OPENSSL_HAVE_EVPCTR */ memcpy(cc->evp.iv, iv, evplen); break; +#endif /* WITH_OPENSSL */ +#ifdef WITH_SSH1 case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 1, iv, 24); break; +#endif /* WITH_SSH1 */ default: fatal("%s: bad cipher %d", __func__, c->number); } @@ -547,6 +613,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) int cipher_get_keycontext(const CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen = 0; @@ -557,11 +624,15 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat) memcpy(dat, EVP_X_STATE(cc->evp), plen); } return (plen); +#else + return (0); +#endif } void cipher_set_keycontext(CipherContext *cc, u_char *dat) { +#ifdef WITH_OPENSSL const Cipher *c = cc->cipher; int plen; @@ -569,4 +640,5 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat) plen = EVP_X_STATE_LEN(cc->evp); memcpy(EVP_X_STATE(cc->evp), dat, plen); } +#endif } -- cgit v1.2.3