openssh-portable/cipher.h

/*
 * 
 * cipher.h
 * 
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * 
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 * 
 * Created: Wed Apr 19 16:50:42 1995 ylo
 * 
 */

/* RCSID("$Id: cipher.h,v 1.4 1999/11/24 13:26:22 damien Exp $"); */

#ifndef CIPHER_H
#define CIPHER_H

#include "config.h"

#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#include <openssl/blowfish.h>
#endif
#ifdef HAVE_SSL
#include <ssl/des.h>
#include <ssl/blowfish.h>
#endif

/* Cipher types.  New types can be added, but old types should not be removed
   for compatibility.  The maximum allowed value is 31. */
#define SSH_CIPHER_NOT_SET	-1	/* None selected (invalid number). */
#define SSH_CIPHER_NONE		0	/* no encryption */
#define SSH_CIPHER_IDEA		1	/* IDEA CFB */
#define SSH_CIPHER_DES		2	/* DES CBC */
#define SSH_CIPHER_3DES		3	/* 3DES CBC */
#define SSH_CIPHER_BROKEN_TSS	4	/* TRI's Simple Stream encryption CBC */
#define SSH_CIPHER_BROKEN_RC4	5	/* Alleged RC4 */
#define SSH_CIPHER_BLOWFISH	6

typedef struct {
	unsigned int type;
	union {
		struct {
			des_key_schedule key1;
			des_key_schedule key2;
			des_cblock iv2;
			des_key_schedule key3;
			des_cblock iv3;
		}       des3;
		struct {
			struct bf_key_st key;
			unsigned char iv[8];
		}       bf;
	}       u;
}       CipherContext;
/* Returns a bit mask indicating which ciphers are supported by this
   implementation.  The bit mask has the corresponding bit set of each
   supported cipher. */
unsigned int cipher_mask();

/* Returns the name of the cipher. */
const char *cipher_name(int cipher);

/* Parses the name of the cipher.  Returns the number of the corresponding
   cipher, or -1 on error. */
int     cipher_number(const char *name);

/* Selects the cipher to use and sets the key.  If for_encryption is true,
   the key is setup for encryption; otherwise it is setup for decryption. */
void 
cipher_set_key(CipherContext * context, int cipher,
    const unsigned char *key, int keylen, int for_encryption);

/* Sets key for the cipher by computing the MD5 checksum of the passphrase,
   and using the resulting 16 bytes as the key. */
void 
cipher_set_key_string(CipherContext * context, int cipher,
    const char *passphrase, int for_encryption);

/* Encrypts data using the cipher. */
void 
cipher_encrypt(CipherContext * context, unsigned char *dest,
    const unsigned char *src, unsigned int len);

/* Decrypts data using the cipher. */
void 
cipher_decrypt(CipherContext * context, unsigned char *dest,
    const unsigned char *src, unsigned int len);

/* If and CRC-32 attack is detected this function is called. Defaults
 * to fatal, changed to packet_disconnect in sshd and ssh. */
extern void (*cipher_attack_detected) (const char *fmt,...);

#endif				/* CIPHER_H */
Initial revision 1999-10-27 05:42:43 +02:00			`/*`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`*`
			`* cipher.h`
			`*`
			`* Author: Tatu Ylonen <ylo@cs.hut.fi>`
			`*`
			`* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland`
			`* All rights reserved`
			`*`
			`* Created: Wed Apr 19 16:50:42 1995 ylo`
			`*`
			`*/`

			`/* RCSID("$Id: cipher.h,v 1.4 1999/11/24 13:26:22 damien Exp $"); */`
Initial revision 1999-10-27 05:42:43 +02:00
			`#ifndef CIPHER_H`
			`#define CIPHER_H`

- Merged OpenBSD CVS changes: - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c] [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c] the keysize of rsa-parameter 'n' is passed implizit, a few more checks and warnings about 'pretended' keysizes. - [cipher.c cipher.h packet.c packet.h sshd.c] remove support for cipher RC4 - [ssh.c] a note for legay systems about secuity issues with permanently_set_uid(), the private hostkey and ptrace() - [sshconnect.c] more detailed messages about adding and checking hostkeys 1999-11-16 03:37:16 +01:00			`#include "config.h"`

- Integrated patch from Dan Brosemer <odin@linuxfreak.com> - Build fixes - Autoconf - Change binary names to open* - Fixed autoconf script to detect PAM on RH6.1 - Added tests for libpwdb, and OpenBSD functions to autoconf (not used yet) 1999-10-28 05:25:17 +02:00			`#ifdef HAVE_OPENSSL`
Initial revision 1999-10-27 05:42:43 +02:00			`#include <openssl/des.h>`
			`#include <openssl/blowfish.h>`
- Integrated patch from Dan Brosemer <odin@linuxfreak.com> - Build fixes - Autoconf - Change binary names to open* - Fixed autoconf script to detect PAM on RH6.1 - Added tests for libpwdb, and OpenBSD functions to autoconf (not used yet) 1999-10-28 05:25:17 +02:00			`#endif`
			`#ifdef HAVE_SSL`
			`#include <ssl/des.h>`
			`#include <ssl/blowfish.h>`
			`#endif`
Initial revision 1999-10-27 05:42:43 +02:00
			`/* Cipher types. New types can be added, but old types should not be removed`
			`for compatibility. The maximum allowed value is 31. */`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */`
			`#define SSH_CIPHER_NONE 0 /* no encryption */`
			`#define SSH_CIPHER_IDEA 1 /* IDEA CFB */`
			`#define SSH_CIPHER_DES 2 /* DES CBC */`
			`#define SSH_CIPHER_3DES 3 /* 3DES CBC */`
			`#define SSH_CIPHER_BROKEN_TSS 4 /* TRI's Simple Stream encryption CBC */`
			`#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */`
Initial revision 1999-10-27 05:42:43 +02:00			`#define SSH_CIPHER_BLOWFISH 6`

			`typedef struct {`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`unsigned int type;`
			`union {`
			`struct {`
			`des_key_schedule key1;`
			`des_key_schedule key2;`
			`des_cblock iv2;`
			`des_key_schedule key3;`
			`des_cblock iv3;`
			`} des3;`
			`struct {`
			`struct bf_key_st key;`
			`unsigned char iv[8];`
			`} bf;`
			`} u;`
			`} CipherContext;`
Initial revision 1999-10-27 05:42:43 +02:00			`/* Returns a bit mask indicating which ciphers are supported by this`
			`implementation. The bit mask has the corresponding bit set of each`
			`supported cipher. */`
			`unsigned int cipher_mask();`

			`/* Returns the name of the cipher. */`
			`const char *cipher_name(int cipher);`

			`/* Parses the name of the cipher. Returns the number of the corresponding`
			`cipher, or -1 on error. */`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`int cipher_number(const char *name);`
Initial revision 1999-10-27 05:42:43 +02:00
			`/* Selects the cipher to use and sets the key. If for_encryption is true,`
			`the key is setup for encryption; otherwise it is setup for decryption. */`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`void`
			`cipher_set_key(CipherContext * context, int cipher,`
			`const unsigned char *key, int keylen, int for_encryption);`
Initial revision 1999-10-27 05:42:43 +02:00
			`/* Sets key for the cipher by computing the MD5 checksum of the passphrase,`
			`and using the resulting 16 bytes as the key. */`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`void`
			`cipher_set_key_string(CipherContext * context, int cipher,`
			`const char *passphrase, int for_encryption);`
Initial revision 1999-10-27 05:42:43 +02:00
			`/* Encrypts data using the cipher. */`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`void`
			`cipher_encrypt(CipherContext * context, unsigned char *dest,`
			`const unsigned char *src, unsigned int len);`
Initial revision 1999-10-27 05:42:43 +02:00
			`/* Decrypts data using the cipher. */`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`void`
			`cipher_decrypt(CipherContext * context, unsigned char *dest,`
			`const unsigned char *src, unsigned int len);`
Initial revision 1999-10-27 05:42:43 +02:00
			`/* If and CRC-32 attack is detected this function is called. Defaults`
			`* to fatal, changed to packet_disconnect in sshd and ssh. */`
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`extern void (cipher_attack_detected) (const char fmt,...);`
Initial revision 1999-10-27 05:42:43 +02:00
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu 1999-11-24 14:26:21 +01:00			`#endif /* CIPHER_H */`