Blame - cipher.c - platform/external/openssh

blob: f7b7b4726f55e465a84cb3ad7555ebd64feab5e8 [file] [log] [blame]

Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2	*
				3	* cipher.c
				4	*
				5	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				6	*
				7	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				8	* All rights reserved
				9	*
				10	* Created: Wed Apr 19 17:41:39 1995 ylo
				11	*
				12	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	13
				14	#include "includes.h"
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	15	RCSID("$Id: cipher.c,v 1.15 2000/04/01 01:09:23 damien Exp $");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	16
				17	#include "ssh.h"
				18	#include "cipher.h"
Damien Miller	1fa154b	2000-01-23 10:32:03 +1100	[diff] [blame]	19	#include "config.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	20
Damien Miller	7f6ea02	1999-10-28 13:25:17 +1000	[diff] [blame]	21	#ifdef HAVE_OPENSSL
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	22	#include <openssl/md5.h>
Damien Miller	7f6ea02	1999-10-28 13:25:17 +1000	[diff] [blame]	23	#endif
				24	#ifdef HAVE_SSL
				25	#include <ssl/md5.h>
				26	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	27
				28	/*
				29	* What kind of tripple DES are these 2 routines?
				30	*
				31	* Why is there a redundant initialization vector?
				32	*
				33	* If only iv3 was used, then, this would till effect have been
				34	* outer-cbc. However, there is also a private iv1 == iv2 which
				35	* perhaps makes differential analysis easier. On the other hand, the
				36	* private iv1 probably makes the CRC-32 attack ineffective. This is a
				37	* result of that there is no longer any known iv1 to use when
				38	* choosing the X block.
				39	*/
				40	void
				41	SSH_3CBC_ENCRYPT(des_key_schedule ks1,
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	42	des_key_schedule ks2, des_cblock * iv2,
				43	des_key_schedule ks3, des_cblock * iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	44	unsigned char dest, unsigned char src,
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	45	unsigned int len)
				46	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	47	des_cblock iv1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	48
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	49	memcpy(&iv1, iv2, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	50
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	51	des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	52	memcpy(&iv1, dest + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	53
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	54	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);
				55	memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	56
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	57	des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	58	memcpy(iv3, dest + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	59	}
				60
				61	void
				62	SSH_3CBC_DECRYPT(des_key_schedule ks1,
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	63	des_key_schedule ks2, des_cblock * iv2,
				64	des_key_schedule ks3, des_cblock * iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	65	unsigned char dest, unsigned char src,
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	66	unsigned int len)
				67	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	68	des_cblock iv1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	69
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	70	memcpy(&iv1, iv2, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	71
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	72	des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	73	memcpy(iv3, src + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	74
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	75	des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	76	memcpy(iv2, dest + len - 8, 8);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	77
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	78	des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);
				79	/* memcpy(&iv1, iv2, 8); */
				80	/* Note how iv1 == iv2 on entry and exit. */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	81	}
				82
				83	/*
				84	* SSH uses a variation on Blowfish, all bytes must be swapped before
				85	* and after encryption/decryption. Thus the swap_bytes stuff (yuk).
				86	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	87	static void
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	88	swap_bytes(const unsigned char src, unsigned char dst_, int n)
				89	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	90	/* dst must be properly aligned. */
				91	u_int32_t dst = (u_int32_t ) dst_;
				92	union {
				93	u_int32_t i;
				94	char c[4];
				95	} t;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	96
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	97	/* Process 8 bytes every lap. */
				98	for (n = n / 8; n > 0; n--) {
				99	t.c[3] = *src++;
				100	t.c[2] = *src++;
				101	t.c[1] = *src++;
				102	t.c[0] = *src++;
				103	*dst++ = t.i;
				104
				105	t.c[3] = *src++;
				106	t.c[2] = *src++;
				107	t.c[1] = *src++;
				108	t.c[0] = *src++;
				109	*dst++ = t.i;
				110	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	111	}
				112
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	113	/*
				114	* Names of all encryption algorithms.
				115	* These must match the numbers defined in cipher.h.
				116	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	117	static char *cipher_names[] =
				118	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	119	"none",
				120	"idea",
				121	"des",
				122	"3des",
				123	"tss",
				124	"rc4",
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	125	"blowfish",
				126	"reserved",
				127	"blowfish-cbc",
				128	"3des-cbc",
				129	"arcfour",
				130	"cast128-cbc"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	131	};
				132
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	133	/*
				134	* Returns a bit mask indicating which ciphers are supported by this
				135	* implementation. The bit mask has the corresponding bit set of each
				136	* supported cipher.
				137	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	138
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	139	unsigned int
				140	cipher_mask()
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	141	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	142	unsigned int mask = 0;
				143	mask \|= 1 << SSH_CIPHER_3DES; /* Mandatory */
				144	mask \|= 1 << SSH_CIPHER_BLOWFISH;
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	145	mask \|= 1 << SSH_CIPHER_BLOWFISH_CBC;
				146	mask \|= 1 << SSH_CIPHER_3DES_CBC;
				147	mask \|= 1 << SSH_CIPHER_ARCFOUR;
				148	mask \|= 1 << SSH_CIPHER_CAST128_CBC;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	149	return mask;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	150	}
				151
				152	/* Returns the name of the cipher. */
				153
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	154	const char *
				155	cipher_name(int cipher)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	156	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	157	if (cipher < 0 \|\| cipher >= sizeof(cipher_names) / sizeof(cipher_names[0]) \|\|
				158	cipher_names[cipher] == NULL)
				159	fatal("cipher_name: bad cipher number: %d", cipher);
				160	return cipher_names[cipher];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	161	}
				162
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	163	/*
				164	* Parses the name of the cipher. Returns the number of the corresponding
				165	* cipher, or -1 on error.
				166	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	167
				168	int
				169	cipher_number(const char *name)
				170	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	171	int i;
				172	for (i = 0; i < sizeof(cipher_names) / sizeof(cipher_names[0]); i++)
				173	if (strcmp(cipher_names[i], name) == 0 &&
				174	(cipher_mask() & (1 << i)))
				175	return i;
				176	return -1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	177	}
				178
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	179	/*
				180	* Selects the cipher, and keys if by computing the MD5 checksum of the
				181	* passphrase and using the resulting 16 bytes as the key.
				182	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	183
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	184	void
				185	cipher_set_key_string(CipherContext *context, int cipher,
				186	const char *passphrase, int for_encryption)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	187	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	188	MD5_CTX md;
				189	unsigned char digest[16];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	190
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	191	MD5_Init(&md);
				192	MD5_Update(&md, (const unsigned char *) passphrase, strlen(passphrase));
				193	MD5_Final(digest, &md);
				194
				195	cipher_set_key(context, cipher, digest, 16, for_encryption);
				196
				197	memset(digest, 0, sizeof(digest));
				198	memset(&md, 0, sizeof(md));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	199	}
				200
				201	/* Selects the cipher to use and sets the key. */
				202
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	203	void
				204	cipher_set_key(CipherContext *context, int cipher,
				205	const unsigned char *key, int keylen, int for_encryption)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	206	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	207	unsigned char padded[32];
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	208
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	209	/* Set cipher type. */
				210	context->type = cipher;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	211
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	212	/* Get 32 bytes of key data. Pad if necessary. (So that code
				213	below does not need to worry about key size). */
				214	memset(padded, 0, sizeof(padded));
				215	memcpy(padded, key, keylen < sizeof(padded) ? keylen : sizeof(padded));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	216
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	217	/* Initialize the initialization vector. */
				218	switch (cipher) {
				219	case SSH_CIPHER_NONE:
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	220	/*
				221	* Has to stay for authfile saving of private key with no
				222	* passphrase
				223	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	224	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	225
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	226	case SSH_CIPHER_3DES:
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	227	/*
				228	* Note: the least significant bit of each byte of key is
				229	* parity, and must be ignored by the implementation. 16
				230	* bytes of key are used (first and last keys are the same).
				231	*/
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	232	if (keylen < 16)
				233	error("Key length %d is insufficient for 3DES.", keylen);
				234	des_set_key((void *) padded, context->u.des3.key1);
				235	des_set_key((void *) (padded + 8), context->u.des3.key2);
				236	if (keylen <= 16)
				237	des_set_key((void *) padded, context->u.des3.key3);
				238	else
				239	des_set_key((void *) (padded + 16), context->u.des3.key3);
				240	memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2));
				241	memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3));
				242	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	243
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	244	case SSH_CIPHER_BLOWFISH:
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	245	if (keylen < 16)
				246	error("Key length %d is insufficient for blowfish.", keylen);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	247	BF_set_key(&context->u.bf.key, keylen, padded);
				248	memset(context->u.bf.iv, 0, 8);
				249	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	250
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	251	case SSH_CIPHER_3DES_CBC:
				252	case SSH_CIPHER_BLOWFISH_CBC:
				253	case SSH_CIPHER_ARCFOUR:
				254	case SSH_CIPHER_CAST128_CBC:
				255	fatal("cipher_set_key: illegal cipher: %s", cipher_name(cipher));
				256	break;
				257
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	258	default:
				259	fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));
				260	}
				261	memset(padded, 0, sizeof(padded));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	262	}
				263
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	264
				265	void
				266	cipher_set_key_iv(CipherContext * context, int cipher,
				267	const unsigned char *key, int keylen,
				268	const unsigned char *iv, int ivlen)
				269	{
				270	/* Set cipher type. */
				271	context->type = cipher;
				272
				273	/* Initialize the initialization vector. */
				274	switch (cipher) {
				275	case SSH_CIPHER_NONE:
				276	break;
				277
				278	case SSH_CIPHER_3DES:
				279	case SSH_CIPHER_BLOWFISH:
				280	fatal("cipher_set_key_iv: illegal cipher: %s", cipher_name(cipher));
				281	break;
				282
				283	case SSH_CIPHER_3DES_CBC:
				284	if (keylen < 24)
				285	error("Key length %d is insufficient for 3des-cbc.", keylen);
				286	des_set_key((void *) key, context->u.des3.key1);
				287	des_set_key((void *) (key+8), context->u.des3.key2);
				288	des_set_key((void *) (key+16), context->u.des3.key3);
				289	if (ivlen < 8)
				290	error("IV length %d is insufficient for 3des-cbc.", ivlen);
				291	memcpy(context->u.des3.iv3, (char *)iv, 8);
				292	break;
				293
				294	case SSH_CIPHER_BLOWFISH_CBC:
				295	if (keylen < 16)
				296	error("Key length %d is insufficient for blowfish.", keylen);
				297	if (ivlen < 8)
				298	error("IV length %d is insufficient for blowfish.", ivlen);
				299	BF_set_key(&context->u.bf.key, keylen, (unsigned char *)key);
				300	memcpy(context->u.bf.iv, (char *)iv, 8);
				301	break;
				302
				303	case SSH_CIPHER_ARCFOUR:
				304	if (keylen < 16)
				305	error("Key length %d is insufficient for arcfour.", keylen);
				306	RC4_set_key(&context->u.rc4, keylen, (unsigned char *)key);
				307	break;
				308
				309	case SSH_CIPHER_CAST128_CBC:
				310	if (keylen < 16)
				311	error("Key length %d is insufficient for cast128.", keylen);
				312	if (ivlen < 8)
				313	error("IV length %d is insufficient for cast128.", ivlen);
				314	CAST_set_key(&context->u.cast.key, keylen, (unsigned char *) key);
				315	memcpy(context->u.cast.iv, (char *)iv, 8);
				316	break;
				317
				318	default:
				319	fatal("cipher_set_key: unknown cipher: %s", cipher_name(cipher));
				320	}
				321	}
				322
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	323	/* Encrypts data using the cipher. */
				324
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	325	void
				326	cipher_encrypt(CipherContext context, unsigned char dest,
				327	const unsigned char *src, unsigned int len)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	328	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	329	if ((len & 7) != 0)
				330	fatal("cipher_encrypt: bad plaintext length %d", len);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	331
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	332	switch (context->type) {
				333	case SSH_CIPHER_NONE:
				334	memcpy(dest, src, len);
				335	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	336
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	337	case SSH_CIPHER_3DES:
				338	SSH_3CBC_ENCRYPT(context->u.des3.key1,
				339	context->u.des3.key2, &context->u.des3.iv2,
				340	context->u.des3.key3, &context->u.des3.iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	341	dest, (unsigned char *) src, len);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	342	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	343
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	344	case SSH_CIPHER_BLOWFISH:
				345	swap_bytes(src, dest, len);
				346	BF_cbc_encrypt(dest, dest, len,
				347	&context->u.bf.key, context->u.bf.iv,
				348	BF_ENCRYPT);
				349	swap_bytes(dest, dest, len);
				350	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	351
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	352	case SSH_CIPHER_BLOWFISH_CBC:
				353	BF_cbc_encrypt((void *)src, dest, len,
				354	&context->u.bf.key, context->u.bf.iv,
				355	BF_ENCRYPT);
				356	break;
				357
				358	case SSH_CIPHER_3DES_CBC:
				359	des_ede3_cbc_encrypt(src, dest, len,
				360	context->u.des3.key1, context->u.des3.key2,
				361	context->u.des3.key3, &context->u.des3.iv3, DES_ENCRYPT);
				362	break;
				363
				364	case SSH_CIPHER_ARCFOUR:
				365	RC4(&context->u.rc4, len, (unsigned char *)src, dest);
				366	break;
				367
				368	case SSH_CIPHER_CAST128_CBC:
				369	CAST_cbc_encrypt(src, dest, len,
				370	&context->u.cast.key, context->u.cast.iv, CAST_ENCRYPT);
				371	break;
				372
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	373	default:
				374	fatal("cipher_encrypt: unknown cipher: %s", cipher_name(context->type));
				375	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	376	}
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	377
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	378	/* Decrypts data using the cipher. */
				379
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	380	void
				381	cipher_decrypt(CipherContext context, unsigned char dest,
				382	const unsigned char *src, unsigned int len)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	383	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	384	if ((len & 7) != 0)
				385	fatal("cipher_decrypt: bad ciphertext length %d", len);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	386
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	387	switch (context->type) {
				388	case SSH_CIPHER_NONE:
				389	memcpy(dest, src, len);
				390	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	391
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	392	case SSH_CIPHER_3DES:
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	393	SSH_3CBC_DECRYPT(context->u.des3.key1,
				394	context->u.des3.key2, &context->u.des3.iv2,
				395	context->u.des3.key3, &context->u.des3.iv3,
Damien Miller	98c7ad6	2000-03-09 21:27:49 +1100	[diff] [blame]	396	dest, (unsigned char *) src, len);
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	397	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	398
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	399	case SSH_CIPHER_BLOWFISH:
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	400	swap_bytes(src, dest, len);
				401	BF_cbc_encrypt((void *) dest, dest, len,
				402	&context->u.bf.key, context->u.bf.iv,
				403	BF_DECRYPT);
				404	swap_bytes(dest, dest, len);
				405	break;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	406
Damien Miller	b38eff8	2000-04-01 11:09:21 +1000	[diff] [blame^]	407	case SSH_CIPHER_BLOWFISH_CBC:
				408	BF_cbc_encrypt((void *) src, dest, len,
				409	&context->u.bf.key, context->u.bf.iv,
				410	BF_DECRYPT);
				411	break;
				412
				413	case SSH_CIPHER_3DES_CBC:
				414	des_ede3_cbc_encrypt(src, dest, len,
				415	context->u.des3.key1, context->u.des3.key2,
				416	context->u.des3.key3, &context->u.des3.iv3, DES_DECRYPT);
				417	break;
				418
				419	case SSH_CIPHER_ARCFOUR:
				420	RC4(&context->u.rc4, len, (unsigned char *)src, dest);
				421	break;
				422
				423	case SSH_CIPHER_CAST128_CBC:
				424	CAST_cbc_encrypt(src, dest, len,
				425	&context->u.cast.key, context->u.cast.iv, CAST_DECRYPT);
				426	break;
				427
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	428	default:
				429	fatal("cipher_decrypt: unknown cipher: %s", cipher_name(context->type));
				430	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	431	}