Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0

new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org>
author: green <green@FreeBSD.org> 2000-12-05 02:55:12 +0000
committer: green <green@FreeBSD.org> 2000-12-05 02:55:12 +0000
commit: ab6b35a1d6b61fa8d2bb7336a0ef6fa9378898ef (patch)
tree: ccefbd34ee9fea2be5de1744eb036cb66156f5bd /crypto/openssh/cipher.h
parent: 6202ac16142a68bfbc9a54bc13190fafeefe1f5c (diff)
download: FreeBSD-src-ab6b35a1d6b61fa8d2bb7336a0ef6fa9378898ef.zip
FreeBSD-src-ab6b35a1d6b61fa8d2bb7336a0ef6fa9378898ef.tar.gz
1 files changed, 66 insertions, 63 deletions
diff --git a/crypto/openssh/cipher.h b/crypto/openssh/cipher.h
index cb2320d..006fef9 100644
--- a/crypto/openssh/cipher.h
+++ b/crypto/openssh/cipher.h
@@ -8,9 +8,31 @@
  * software must be clearly marked as such, and if the derived work is
  * incompatible with the protocol description in the RFC file, it must be
  * called by a name other than "ssh" or "Secure Shell".
+ *
+ * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* RCSID("$OpenBSD: cipher.h,v 1.19 2000/09/07 20:27:50 deraadt Exp $"); */
+/* RCSID("$OpenBSD: cipher.h,v 1.22 2000/10/13 18:59:14 markus Exp $"); */
 /* $FreeBSD$ */
 
 #ifndef CIPHER_H
@@ -20,9 +42,12 @@
 #include <openssl/blowfish.h>
 #include <openssl/rc4.h>
 #include <openssl/cast.h>
-
-/* Cipher types.  New types can be added, but old types should not be removed
-   for compatibility.  The maximum allowed value is 31. */
+#include "rijndael.h"
+/*
+ * Cipher types for SSH-1.  New types can be added, but old types should not
+ * be removed for compatibility.  The maximum allowed value is 31.
+ */
+#define SSH_CIPHER_SSH2		-3
 #define SSH_CIPHER_ILLEGAL	-2	/* No valid cipher selected. */
 #define SSH_CIPHER_NOT_SET	-1	/* None selected (invalid number). */
 #define SSH_CIPHER_NONE		0	/* no encryption */
@@ -33,17 +58,18 @@
 #define SSH_CIPHER_BROKEN_RC4	5	/* Alleged RC4 */
 #define SSH_CIPHER_BLOWFISH	6
 #define SSH_CIPHER_RESERVED	7
+#define SSH_CIPHER_MAX		31
 
-/* these ciphers are used in SSH2: */
-#define SSH_CIPHER_BLOWFISH_CBC	8
-#define SSH_CIPHER_3DES_CBC	9
-#define SSH_CIPHER_ARCFOUR	10	/* Alleged RC4 */
-#define SSH_CIPHER_CAST128_CBC	11
+typedef struct Cipher Cipher;
+typedef struct CipherContext CipherContext;
 
-typedef struct {
-	unsigned int type;
+struct CipherContext {
 	union {
 		struct {
+			des_key_schedule key;
+			des_cblock iv;
+		}	des;
+		struct {
 			des_key_schedule key1;
 			des_key_schedule key2;
 			des_cblock iv2;
@@ -52,64 +78,41 @@ typedef struct {
 		}       des3;
 		struct {
 			struct bf_key_st key;
-			unsigned char iv[8];
+			u_char iv[8];
 		}       bf;
 		struct {
 			CAST_KEY key;
-			unsigned char iv[8];
+			u_char iv[8];
 		} cast;
+		struct {
+			u4byte iv[4];
+			rijndael_ctx enc;
+			rijndael_ctx dec;
+		} rijndael;
 		RC4_KEY rc4;
 	}       u;
-}       CipherContext;
-/*
- * Returns a bit mask indicating which ciphers are supported by this
- * implementation.  The bit mask has the corresponding bit set of each
- * supported cipher.
- */
-unsigned int cipher_mask();
-unsigned int cipher_mask1();
-unsigned int cipher_mask2();
-
-/* Returns the name of the cipher. */
-const char *cipher_name(int cipher);
-
-/*
- * Parses the name of the cipher.  Returns the number of the corresponding
- * cipher, or -1 on error.
- */
-int     cipher_number(const char *name);
-
-/* returns 1 if all ciphers are supported (ssh2 only) */
-int     ciphers_valid(const char *names);
-
-/*
- * Selects the cipher to use and sets the key.  If for_encryption is true,
- * the key is setup for encryption; otherwise it is setup for decryption.
- */
-void
-cipher_set_key(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen);
-void
-cipher_set_key_iv(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen,
-    const unsigned char *iv, int ivlen);
-
-/*
- * Sets key for the cipher by computing the MD5 checksum of the passphrase,
- * and using the resulting 16 bytes as the key.
- */
-void
-cipher_set_key_string(CipherContext * context, int cipher,
-    const char *passphrase);
-
-/* Encrypts data using the cipher. */
-void
-cipher_encrypt(CipherContext * context, unsigned char *dest,
-    const unsigned char *src, unsigned int len);
+	Cipher *cipher;
+};
+struct Cipher {
+	char	*name;
+	int	number;		/* for ssh1 only */
+	u_int	block_size;
+	u_int	key_len;
+	void	(*setkey)(CipherContext *, const u_char *, u_int);
+	void	(*setiv)(CipherContext *, const u_char *, u_int);
+	void	(*encrypt)(CipherContext *, u_char *, const u_char *, u_int);
+	void	(*decrypt)(CipherContext *, u_char *, const u_char *, u_int);
+};
 
-/* Decrypts data using the cipher. */
-void
-cipher_decrypt(CipherContext * context, unsigned char *dest,
-    const unsigned char *src, unsigned int len);
+unsigned int cipher_mask_ssh1(int client);
+Cipher *cipher_by_name(const char *name);
+Cipher *cipher_by_number(int id);
+int cipher_number(const char *name);
+char *cipher_name(int id);
+int ciphers_valid(const char *names);
+void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, const u_char *, u_int);
+void cipher_encrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
+void cipher_decrypt(CipherContext *context, u_char *dest, const u_char *src, u_int len);
+void cipher_set_key_string(CipherContext *context, Cipher *cipher, const char *passphrase);
 
 #endif				/* CIPHER_H */
author	green <green@FreeBSD.org>	2000-12-05 02:55:12 +0000
committer	green <green@FreeBSD.org>	2000-12-05 02:55:12 +0000
commit	ab6b35a1d6b61fa8d2bb7336a0ef6fa9378898ef (patch)
tree	ccefbd34ee9fea2be5de1744eb036cb66156f5bd /crypto/openssh/cipher.h
parent	6202ac16142a68bfbc9a54bc13190fafeefe1f5c (diff)
download	FreeBSD-src-ab6b35a1d6b61fa8d2bb7336a0ef6fa9378898ef.zip FreeBSD-src-ab6b35a1d6b61fa8d2bb7336a0ef6fa9378898ef.tar.gz