From 874d77bb134a21a5cf625956b60173376a993ba8 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 14 Oct 2000 16:23:11 +1100
Subject:  - (djm) Big OpenBSD sync:    - markus@cvs.openbsd.org  2000/09/30
 10:27:44      [log.c]      allow loglevel debug    - markus@cvs.openbsd.org 
 2000/10/03 11:59:57      [packet.c]      hmac->mac    -
 markus@cvs.openbsd.org  2000/10/03 12:03:03      [auth-krb4.c auth-passwd.c
 auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]      move fake-auth from
 auth1.c to individual auth methods, disables s/key in      debug-msg    -
 markus@cvs.openbsd.org  2000/10/03 12:16:48      ssh.c      do not resolve
 canonname, i have no idea why this was added oin ossh    -
 markus@cvs.openbsd.org  2000/10/09 15:30:44      ssh-keygen.1 ssh-keygen.c   
   -X now reads private ssh.com DSA keys, too.    - markus@cvs.openbsd.org 
 2000/10/09 15:32:34      auth-options.c      clear options on every call.   
 - markus@cvs.openbsd.org  2000/10/09 15:51:00      authfd.c authfd.h     
 interop with ssh-agent2, from <res@shore.net>    - markus@cvs.openbsd.org 
 2000/10/10 14:20:45      compat.c      use rexexp for version string matching
    - provos@cvs.openbsd.org  2000/10/10 22:02:18      [kex.c kex.h
 myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]      First rough
 implementation of the diffie-hellman group exchange.  The      client can ask
 the server for bigger groups to perform the diffie-hellman      in, thus
 increasing the attack complexity when using ciphers with longer      keys. 
 University of Windsor provided network, T the company.    -
 markus@cvs.openbsd.org  2000/10/11 13:59:52      [auth-rsa.c auth2.c]     
 clear auth options unless auth sucessfull    - markus@cvs.openbsd.org 
 2000/10/11 14:00:27      [auth-options.h]      clear auth options unless auth
 sucessfull    - markus@cvs.openbsd.org  2000/10/11 14:03:27      [scp.1
 scp.c]      support 'scp -o' with help from mouring@pconline.com    -
 markus@cvs.openbsd.org  2000/10/11 14:11:35      [dh.c]      Wall    -
 markus@cvs.openbsd.org  2000/10/11 14:14:40      [auth.h auth2.c readconf.c
 readconf.h readpass.c servconf.c servconf.h]      [ssh.h sshconnect2.c
 sshd_config auth2-skey.c cli.c cli.h]      add support for s/key
 (kbd-interactive) to ssh2, based on work by      mkiernan@avantgo.com and me 
   - markus@cvs.openbsd.org  2000/10/11 14:27:24      [auth.c auth1.c auth2.c
 authfile.c cipher.c cipher.h kex.c kex.h]      [myproposal.h packet.c
 readconf.c session.c ssh.c ssh.h sshconnect1.c]      [sshconnect2.c sshd.c]  
    new cipher framework    - markus@cvs.openbsd.org  2000/10/11 14:45:21     
 [cipher.c]      remove DES    - markus@cvs.openbsd.org  2000/10/12 03:59:20  
    [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]      enable DES in
 SSH-1 clients only    - markus@cvs.openbsd.org  2000/10/12 08:21:13     
 [kex.h packet.c]      remove unused    - markus@cvs.openbsd.org  2000/10/13
 12:34:46      [sshd.c]      Kludge for F-Secure Macintosh < 1.0.2;
 appro@fy.chalmers.se    - markus@cvs.openbsd.org  2000/10/13 12:59:15     
 [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]      rijndael/aes
 support    - markus@cvs.openbsd.org  2000/10/13 13:10:54      [sshd.8]     
 more info about -V    - markus@cvs.openbsd.org  2000/10/13 13:12:02     
 [myproposal.h]      prefer no compression

---
 cipher.h | 129 ++++++++++++++++++++++++++++++++-------------------------------
 1 file changed, 66 insertions(+), 63 deletions(-)

(limited to 'cipher.h')

diff --git a/cipher.h b/cipher.h
index bc7a5e22..97bc8891 100644
--- a/cipher.h
+++ b/cipher.h
@@ -8,9 +8,31 @@
  * software must be clearly marked as such, and if the derived work is
  * incompatible with the protocol description in the RFC file, it must be
  * called by a name other than "ssh" or "Secure Shell".
+ *
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* RCSID("$OpenBSD: cipher.h,v 1.19 2000/09/07 20:27:50 deraadt Exp $"); */
+/* RCSID("$OpenBSD: cipher.h,v 1.22 2000/10/13 18:59:14 markus Exp $"); */
 
 #ifndef CIPHER_H
 #define CIPHER_H
@@ -19,9 +41,12 @@
 #include <openssl/blowfish.h>
 #include <openssl/rc4.h>
 #include <openssl/cast.h>
-
-/* Cipher types.  New types can be added, but old types should not be removed
-   for compatibility.  The maximum allowed value is 31. */
+#include "rijndael.h"
+/*
+ * Cipher types for SSH-1.  New types can be added, but old types should not
+ * be removed for compatibility.  The maximum allowed value is 31.
+ */
+#define SSH_CIPHER_SSH2		-3
 #define SSH_CIPHER_ILLEGAL	-2	/* No valid cipher selected. */
 #define SSH_CIPHER_NOT_SET	-1	/* None selected (invalid number). */
 #define SSH_CIPHER_NONE		0	/* no encryption */
@@ -32,16 +57,17 @@
 #define SSH_CIPHER_BROKEN_RC4	5	/* Alleged RC4 */
 #define SSH_CIPHER_BLOWFISH	6
 #define SSH_CIPHER_RESERVED	7
+#define SSH_CIPHER_MAX		31
 
-/* these ciphers are used in SSH2: */
-#define SSH_CIPHER_BLOWFISH_CBC	8
-#define SSH_CIPHER_3DES_CBC	9
-#define SSH_CIPHER_ARCFOUR	10	/* Alleged RC4 */
-#define SSH_CIPHER_CAST128_CBC	11
+typedef struct Cipher Cipher;
+typedef struct CipherContext CipherContext;
 
-typedef struct {
-	unsigned int type;
+struct CipherContext {
 	union {
+		struct {
+			des_key_schedule key;
+			des_cblock iv;
+		}	des;
 		struct {
 			des_key_schedule key1;
 			des_key_schedule key2;
@@ -51,64 +77,41 @@ typedef struct {
 		}       des3;
 		struct {
 			struct bf_key_st key;
-			unsigned char iv[8];
+			u_char iv[8];
 		}       bf;
 		struct {
 			CAST_KEY key;
-			unsigned char iv[8];
+			u_char iv[8];
 		} cast;
+		struct {
+			u4byte iv[4];
+			rijndael_ctx enc;
+			rijndael_ctx dec;
+		} rijndael;
 		RC4_KEY rc4;
 	}       u;
-}       CipherContext;
-/*
- * Returns a bit mask indicating which ciphers are supported by this
- * implementation.  The bit mask has the corresponding bit set of each
- * supported cipher.
- */
-unsigned int cipher_mask();
-unsigned int cipher_mask1();
-unsigned int cipher_mask2();
-
-/* Returns the name of the cipher. */
-const char *cipher_name(int cipher);
-
-/*
- * Parses the name of the cipher.  Returns the number of the corresponding
- * cipher, or -1 on error.
- */
-int     cipher_number(const char *name);
-
-/* returns 1 if all ciphers are supported (ssh2 only) */
-int     ciphers_valid(const char *names);
-
-/*
- * Selects the cipher to use and sets the key.  If for_encryption is true,
- * the key is setup for encryption; otherwise it is setup for decryption.
- */
-void
-cipher_set_key(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen);
-void
-cipher_set_key_iv(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen,
-    const unsigned char *iv, int ivlen);
-
-/*
- * Sets key for the cipher by computing the MD5 checksum of the passphrase,
- * and using the resulting 16 bytes as the key.
- */
-void
-cipher_set_key_string(CipherContext * context, int cipher,
-    const char *passphrase);
-
-/* Encrypts data using the cipher. */
-void
-cipher_encrypt(CipherContext * context, unsigned char *dest,
-    const unsigned char *src, unsigned int len);
+	Cipher *cipher;
+};
+struct Cipher {
+	char	*name;
+	int	number;		/* for ssh1 only */
+	u_int	block_size;
+	u_int	key_len;
+	void	(*setkey)(CipherContext *, const u_char *, u_int);
+	void	(*setiv)(CipherContext *, const u_char *, u_int);
+	void	(*encrypt)(CipherContext *, u_char *, const u_char *, u_int);
+	void	(*decrypt)(CipherContext *, u_char *, const u_char *, u_int);
+};
 
-/* Decrypts data using the cipher. */
-void
-cipher_decrypt(CipherContext * context, unsigned char *dest,
-    const unsigned char *src, unsigned int len);
+unsigned int cipher_mask_ssh1(int client);
+Cipher *cipher_by_name(const char *name);
+Cipher *cipher_by_number(int id);
+int cipher_number(const char *name);
+char *cipher_name(int id);
+int ciphers_valid(const char *names);
+void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, const u_char *, u_int);
+void cipher_encrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
+void cipher_decrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
+void cipher_set_key_string(CipherContext *context, Cipher *cipher, const char *passphrase);
 
 #endif				/* CIPHER_H */
-- 
cgit v1.2.3