Blame - cipher.c - platform/external/openssh

blob: 8911ffef628c1b13ab0f56b600c6977f12072c3f [file] [log] [blame]

Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2	*
				3	* cipher.c
				4	*
				5	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				6	*
				7	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				8	* All rights reserved
				9	*
				10	* Created: Wed Apr 19 17:41:39 1995 ylo
				11	*
				12	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	13
				14	#include "includes.h"
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame^]	15	RCSID("$Id: cipher.c,v 1.16 2000/04/06 02:32:39 damien Exp $");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	16
				17	#include "ssh.h"
				18	#include "cipher.h"
Damien Miller	1fa154b	2000-01-23 10:32:03 +1100	[diff] [blame]	19	#include "config.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	20
Damien Miller	7f6ea02	1999-10-28 13:25:17 +1000	[diff] [blame]	21	#ifdef HAVE_OPENSSL
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	22	#include <openssl/md5.h>
Damien Miller	7f6ea02	1999-10-28 13:25:17 +1000	[diff] [blame]	23	#endif
				24	#ifdef HAVE_SSL
				25	#include <ssl/md5.h>
				26	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	27
				28	/*
				29	* What kind of tripple DES are these 2 routines?
				30	*
				31	* Why is there a redundant initialization vector?
				32	*
				33	* If only iv3 was used, then, this would till effect have been
				34	* outer-cbc. However, there is also a private iv1 == iv2 which
				35	* perhaps makes differential analysis easier. On the other hand, the
				36	* private iv1 probably makes the CRC-32 attack ineffective. This is a
				37	* result of that there is no longer any known iv1 to use when
				38	* choosing the X block.
				39	*/
				40	void
				41	SSH_3CBC_ENCRYPT(des_key_schedule ks1,
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	42	des_key_schedule ks2, des_cblock * iv2,
				43	des_key_schedule ks3, des_cblock * iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	44	unsigned char dest, unsigned char src,
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	45	unsigned int len)
				46	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	47	des_cblock iv1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	48
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	49	memcpy(&iv1, iv2, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	50
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	51	des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	52	memcpy(&iv1, dest + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	53
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	54	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);
				55	memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	56
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	57	des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	58	memcpy(iv3, dest + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	59	}
				60
				61	void
				62	SSH_3CBC_DECRYPT(des_key_schedule ks1,
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	63	des_key_schedule ks2, des_cblock * iv2,
				64	des_key_schedule ks3, des_cblock * iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	65	unsigned char dest, unsigned char src,
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	66	unsigned int len)
				67	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	68	des_cblock iv1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	69
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	70	memcpy(&iv1, iv2, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	71
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	72	des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	73	memcpy(iv3, src + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	74
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	75	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	76	memcpy(iv2, dest + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	77
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	78	des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);
				79	/* memcpy(&iv1, iv2, 8); */
				80	/* Note how iv1 == iv2 on entry and exit. */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	81	}
				82
				83	/*
				84	* SSH uses a variation on Blowfish, all bytes must be swapped before
				85	* and after encryption/decryption. Thus the swap_bytes stuff (yuk).
				86	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	87	static void
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	88	swap_bytes(const unsigned char src, unsigned char dst_, int n)
				89	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	90	/* dst must be properly aligned. */
				91	u_int32_t dst = (u_int32_t ) dst_;
				92	union {
				93	u_int32_t i;
				94	char c[4];
				95	} t;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	96
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	97	/* Process 8 bytes every lap. */
				98	for (n = n / 8; n > 0; n--) {
				99	t.c[3] = *src++;
				100	t.c[2] = *src++;
				101	t.c[1] = *src++;
				102	t.c[0] = *src++;
				103	*dst++ = t.i;
				104
				105	t.c[3] = *src++;
				106	t.c[2] = *src++;
				107	t.c[1] = *src++;
				108	t.c[0] = *src++;
				109	*dst++ = t.i;
				110	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	111	}
				112
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	113	/*
				114	* Names of all encryption algorithms.
				115	* These must match the numbers defined in cipher.h.
				116	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	117	static char *cipher_names[] =
				118	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	119	"none",
				120	"idea",
				121	"des",
				122	"3des",
				123	"tss",
				124	"rc4",
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	125	"blowfish",
				126	"reserved",
				127	"blowfish-cbc",
				128	"3des-cbc",
				129	"arcfour",
				130	"cast128-cbc"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	131	};
				132
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	133	/*
				134	* Returns a bit mask indicating which ciphers are supported by this
				135	* implementation. The bit mask has the corresponding bit set of each
				136	* supported cipher.
				137	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	138
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	139	unsigned int
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame^]	140	cipher_mask1()
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	141	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	142	unsigned int mask = 0;
				143	mask \|= 1 << SSH_CIPHER_3DES; /* Mandatory */
				144	mask \|= 1 << SSH_CIPHER_BLOWFISH;
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame^]	145	return mask;
				146	}
				147	unsigned int
				148	cipher_mask2()
				149	{
				150	unsigned int mask = 0;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	151	mask \|= 1 << SSH_CIPHER_BLOWFISH_CBC;
				152	mask \|= 1 << SSH_CIPHER_3DES_CBC;
				153	mask \|= 1 << SSH_CIPHER_ARCFOUR;
				154	mask \|= 1 << SSH_CIPHER_CAST128_CBC;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	155	return mask;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	156	}
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame^]	157	unsigned int
				158	cipher_mask()
				159	{
				160	return cipher_mask1() \| cipher_mask2();
				161	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	162
				163	/* Returns the name of the cipher. */
				164
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	165	const char *
				166	cipher_name(int cipher)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	167	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	168	if (cipher < 0 \|\| cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) \|\|
				169	cipher_names[cipher] == NULL)
				170	fatal("cipher_name: bad cipher number: %d", cipher);
				171	return cipher_names[cipher];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	172	}
				173
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	174	/*
				175	* Parses the name of the cipher. Returns the number of the corresponding
				176	* cipher, or -1 on error.
				177	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	178
				179	int
				180	cipher_number(const char *name)
				181	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	182	int i;
				183	for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++)
				184	if (strcmp(cipher_names[i], name) == 0 &&
				185	(cipher_mask() & (1 << i)))
				186	return i;
				187	return -1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	188	}
				189
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	190	/*
				191	* Selects the cipher, and keys if by computing the MD5 checksum of the
				192	* passphrase and using the resulting 16 bytes as the key.
				193	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	194
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	195	void
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame^]	196	cipher_set_key_string(CipherContext context, int cipher, const char passphrase)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	197	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	198	MD5_CTX md;
				199	unsigned char digest[16];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	200
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	201	MD5_Init(&md);
				202	MD5_Update(&md, (const unsigned char *) passphrase, strlen(passphrase));
				203	MD5_Final(digest, &md);
				204
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame^]	205	cipher_set_key(context, cipher, digest, 16);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	206
				207	memset(digest, 0, sizeof(digest));
				208	memset(&md, 0, sizeof(md));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	209	}
				210
				211	/* Selects the cipher to use and sets the key. */
				212
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	213	void
Damien Miller	1383bd8	2000-04-06 12:32:37 +1000	[diff] [blame^]	214	cipher_set_key(CipherContext context, int cipher, const unsigned char key,
				215	int keylen)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	216	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	217	unsigned char padded[32];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	218
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	219	/* Set cipher type. */
				220	context->type = cipher;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	221
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	222	/* Get 32 bytes of key data. Pad if necessary. (So that code
				223	below does not need to worry about key size). */
				224	memset(padded, 0, sizeof(padded));
				225	memcpy(padded, key, keylen < sizeof(padded) ? keylen : sizeof(padded));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	226
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	227	/* Initialize the initialization vector. */
				228	switch (cipher) {
				229	case SSH_CIPHER_NONE:
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	230	/*
				231	* Has to stay for authfile saving of private key with no
				232	* passphrase
				233	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	234	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	235
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	236	case SSH_CIPHER_3DES:
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	237	/*
				238	* Note: the least significant bit of each byte of key is
				239	* parity, and must be ignored by the implementation. 16
				240	* bytes of key are used (first and last keys are the same).
				241	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	242	if (keylen < 16)
				243	error("Key length %d is insufficient for 3DES.", keylen);
				244	des_set_key((void *) padded, context->u.des3.key1);
				245	des_set_key((void *) (padded + 8), context->u.des3.key2);
				246	if (keylen <= 16)
				247	des_set_key((void *) padded, context->u.des3.key3);
				248	else
				249	des_set_key((void *) (padded + 16), context->u.des3.key3);
				250	memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));
				251	memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));
				252	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	253
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	254	case SSH_CIPHER_BLOWFISH:
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	255	if (keylen < 16)
				256	error("Key length %d is insufficient for blowfish.", keylen);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	257	BF_set_key(&context->u.bf.key, keylen, padded);
				258	memset(context->u.bf.iv, 0, 8);
				259	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	260
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	261	case SSH_CIPHER_3DES_CBC:
				262	case SSH_CIPHER_BLOWFISH_CBC:
				263	case SSH_CIPHER_ARCFOUR:
				264	case SSH_CIPHER_CAST128_CBC:
				265	fatal("cipher_set_key: illegal cipher: %s", cipher_name(cipher));
				266	break;
				267
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	268	default:
				269	fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));
				270	}
				271	memset(padded, 0, sizeof(padded));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	272	}
				273
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	274
				275	void
				276	cipher_set_key_iv(CipherContext * context, int cipher,
				277	const unsigned char *key, int keylen,
				278	const unsigned char *iv, int ivlen)
				279	{
				280	/* Set cipher type. */
				281	context->type = cipher;
				282
				283	/* Initialize the initialization vector. */
				284	switch (cipher) {
				285	case SSH_CIPHER_NONE:
				286	break;
				287
				288	case SSH_CIPHER_3DES:
				289	case SSH_CIPHER_BLOWFISH:
				290	fatal("cipher_set_key_iv: illegal cipher: %s", cipher_name(cipher));
				291	break;
				292
				293	case SSH_CIPHER_3DES_CBC:
				294	if (keylen < 24)
				295	error("Key length %d is insufficient for 3des-cbc.", keylen);
				296	des_set_key((void *) key, context->u.des3.key1);
				297	des_set_key((void *) (key+8), context->u.des3.key2);
				298	des_set_key((void *) (key+16), context->u.des3.key3);
				299	if (ivlen < 8)
				300	error("IV length %d is insufficient for 3des-cbc.", ivlen);
				301	memcpy(context->u.des3.iv3, (char *)iv, 8);
				302	break;
				303
				304	case SSH_CIPHER_BLOWFISH_CBC:
				305	if (keylen < 16)
				306	error("Key length %d is insufficient for blowfish.", keylen);
				307	if (ivlen < 8)
				308	error("IV length %d is insufficient for blowfish.", ivlen);
				309	BF_set_key(&context->u.bf.key, keylen, (unsigned char *)key);
				310	memcpy(context->u.bf.iv, (char *)iv, 8);
				311	break;
				312
				313	case SSH_CIPHER_ARCFOUR:
				314	if (keylen < 16)
				315	error("Key length %d is insufficient for arcfour.", keylen);
				316	RC4_set_key(&context->u.rc4, keylen, (unsigned char *)key);
				317	break;
				318
				319	case SSH_CIPHER_CAST128_CBC:
				320	if (keylen < 16)
				321	error("Key length %d is insufficient for cast128.", keylen);
				322	if (ivlen < 8)
				323	error("IV length %d is insufficient for cast128.", ivlen);
				324	CAST_set_key(&context->u.cast.key, keylen, (unsigned char *) key);
				325	memcpy(context->u.cast.iv, (char *)iv, 8);
				326	break;
				327
				328	default:
				329	fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));
				330	}
				331	}
				332
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	333	/* Encrypts data using the cipher. */
				334
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	335	void
				336	cipher_encrypt(CipherContext context, unsigned char dest,
				337	const unsigned char *src, unsigned int len)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	338	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	339	if ((len & 7) != 0)
				340	fatal("cipher_encrypt: bad plaintext length %d", len);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	341
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	342	switch (context->type) {
				343	case SSH_CIPHER_NONE:
				344	memcpy(dest, src, len);
				345	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	346
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	347	case SSH_CIPHER_3DES:
				348	SSH_3CBC_ENCRYPT(context->u.des3.key1,
				349	context->u.des3.key2, &context->u.des3.iv2,
				350	context->u.des3.key3, &context->u.des3.iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	351	dest, (unsigned char *) src, len);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	352	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	353
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	354	case SSH_CIPHER_BLOWFISH:
				355	swap_bytes(src, dest, len);
				356	BF_cbc_encrypt(dest, dest, len,
				357	&context->u.bf.key, context->u.bf.iv,
				358	BF_ENCRYPT);
				359	swap_bytes(dest, dest, len);
				360	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	361
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	362	case SSH_CIPHER_BLOWFISH_CBC:
				363	BF_cbc_encrypt((void *)src, dest, len,
				364	&context->u.bf.key, context->u.bf.iv,
				365	BF_ENCRYPT);
				366	break;
				367
				368	case SSH_CIPHER_3DES_CBC:
				369	des_ede3_cbc_encrypt(src, dest, len,
				370	context->u.des3.key1, context->u.des3.key2,
				371	context->u.des3.key3, &context->u.des3.iv3, DES_ENCRYPT);
				372	break;
				373
				374	case SSH_CIPHER_ARCFOUR:
				375	RC4(&context->u.rc4, len, (unsigned char *)src, dest);
				376	break;
				377
				378	case SSH_CIPHER_CAST128_CBC:
				379	CAST_cbc_encrypt(src, dest, len,
				380	&context->u.cast.key, context->u.cast.iv, CAST_ENCRYPT);
				381	break;
				382
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	383	default:
				384	fatal("cipher_encrypt: unknown cipher: %s", cipher_name(context->type));
				385	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	386	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	387
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	388	/* Decrypts data using the cipher. */
				389
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	390	void
				391	cipher_decrypt(CipherContext context, unsigned char dest,
				392	const unsigned char *src, unsigned int len)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	393	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	394	if ((len & 7) != 0)
				395	fatal("cipher_decrypt: bad ciphertext length %d", len);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	396
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	397	switch (context->type) {
				398	case SSH_CIPHER_NONE:
				399	memcpy(dest, src, len);
				400	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	401
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	402	case SSH_CIPHER_3DES:
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	403	SSH_3CBC_DECRYPT(context->u.des3.key1,
				404	context->u.des3.key2, &context->u.des3.iv2,
				405	context->u.des3.key3, &context->u.des3.iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	406	dest, (unsigned char *) src, len);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	407	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	408
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	409	case SSH_CIPHER_BLOWFISH:
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	410	swap_bytes(src, dest, len);
				411	BF_cbc_encrypt((void *) dest, dest, len,
				412	&context->u.bf.key, context->u.bf.iv,
				413	BF_DECRYPT);
				414	swap_bytes(dest, dest, len);
				415	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	416
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame]	417	case SSH_CIPHER_BLOWFISH_CBC:
				418	BF_cbc_encrypt((void *) src, dest, len,
				419	&context->u.bf.key, context->u.bf.iv,
				420	BF_DECRYPT);
				421	break;
				422
				423	case SSH_CIPHER_3DES_CBC:
				424	des_ede3_cbc_encrypt(src, dest, len,
				425	context->u.des3.key1, context->u.des3.key2,
				426	context->u.des3.key3, &context->u.des3.iv3, DES_DECRYPT);
				427	break;
				428
				429	case SSH_CIPHER_ARCFOUR:
				430	RC4(&context->u.rc4, len, (unsigned char *)src, dest);
				431	break;
				432
				433	case SSH_CIPHER_CAST128_CBC:
				434	CAST_cbc_encrypt(src, dest, len,
				435	&context->u.cast.key, context->u.cast.iv, CAST_DECRYPT);
				436	break;
				437
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	438	default:
				439	fatal("cipher_decrypt: unknown cipher: %s", cipher_name(context->type));
				440	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	441	}