void cipher_set_keyiv(CipherContext *cc, u_char *iv) { Cipher *c = cc->cipher; int evplen = 0; switch (c->number) { case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen == 0) return; #ifdef USE_BUILTIN_RIJNDAEL if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 1, iv, evplen); else #endif if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); else memcpy(cc->evp.iv, iv, evplen); break; case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 1, iv, 24); break; default: fatal("%s: bad cipher %d", __func__, c->number); } }
void cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) { Cipher *c = cc->cipher; int evplen; switch (c->number) { case SSH_CIPHER_NONE: case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen <= 0) return; if ((u_int)evplen != len) fatal("%s: wrong iv length %d != %d", __func__, evplen, len); if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else memcpy(iv, cc->evp.iv, len); break; case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 0, iv, 24); break; default: fatal("%s: bad cipher %d", __func__, c->number); } }
int cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len) { #ifdef WITH_OPENSSL const struct sshcipher *c = cc->cipher; int evplen = 0; #endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) return 0; if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; #ifdef WITH_OPENSSL evplen = EVP_CIPHER_CTX_iv_length(cc->evp); if (evplen <= 0) return SSH_ERR_LIBCRYPTO_ERROR; if ((size_t)evplen != len) return SSH_ERR_INVALID_ARGUMENT; #ifndef OPENSSL_HAVE_EVPCTR /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */ if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(cc->evp, 1, (u_char *)iv, evplen); else #endif if (cipher_authlen(c)) { /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen)) return SSH_ERR_LIBCRYPTO_ERROR; #endif return 0; }
int cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) { struct sshcipher *c = cc->cipher; int evplen; switch (c->number) { case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen == 0) return 0; else if (evplen < 0) return SSH_ERR_LIBCRYPTO_ERROR; if ((u_int)evplen != len) return SSH_ERR_INVALID_ARGUMENT; if (c->evptype == evp_aes_128_ctr) return ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else memcpy(iv, cc->evp.iv, len); return 0; case SSH_CIPHER_3DES: return ssh1_3des_iv(&cc->evp, 0, iv, 24); default: return SSH_ERR_INVALID_ARGUMENT; } }
int cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) { const struct sshcipher *c = cc->cipher; #ifdef WITH_OPENSSL int evplen; #endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { if (len != 0) return SSH_ERR_INVALID_ARGUMENT; return 0; } if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { if (len != sizeof(cc->ac_ctx.ctr)) return SSH_ERR_INVALID_ARGUMENT; memcpy(iv, cc->ac_ctx.ctr, len); return 0; } if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; switch (c->number) { #ifdef WITH_OPENSSL case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen == 0) return 0; else if (evplen < 0) return SSH_ERR_LIBCRYPTO_ERROR; if ((u_int)evplen != len) return SSH_ERR_INVALID_ARGUMENT; #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else #endif if (cipher_authlen(c)) { if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else memcpy(iv, cc->evp.iv, len); break; #endif #ifdef WITH_SSH1 case SSH_CIPHER_3DES: return ssh1_3des_iv(&cc->evp, 0, iv, 24); #endif default: return SSH_ERR_INVALID_ARGUMENT; } return 0; }
void cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) { Cipher *c = cc->cipher; u_char *civ = NULL; int evplen; switch (c->number) { case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen == 0) return; if (evplen != len) fatal("%s: wrong iv length %d != %d", __func__, evplen, len); #if (OPENSSL_VERSION_NUMBER < 0x00907000L) if (c->evptype == evp_rijndael) { struct ssh_rijndael_ctx *aesc; aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (aesc == NULL) fatal("%s: no rijndael context", __func__); civ = aesc->r_iv; } else #endif if (c->evptype == evp_aes_128_ctr) { ssh_aes_ctr_iv(&cc->evp, 0, iv, len); return; } else { civ = cc->evp.iv; } break; case SSH_CIPHER_3DES: { struct ssh1_3des_ctx *desc; if (len != 24) fatal("%s: bad 3des iv length: %d", __func__, len); desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (desc == NULL) fatal("%s: no 3des context", __func__); debug3("%s: Copying 3DES IV", __func__); memcpy(iv, desc->k1.iv, 8); memcpy(iv + 8, desc->k2.iv, 8); memcpy(iv + 16, desc->k3.iv, 8); return; } default: fatal("%s: bad cipher %d", __func__, c->number); } memcpy(iv, civ, len); }
void cipher_set_keyiv(CipherContext *cc, u_char *iv) { Cipher *c = cc->cipher; u_char *div = NULL; int evplen = 0; switch (c->number) { case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen == 0) return; #if (OPENSSL_VERSION_NUMBER < 0x00907000L) if (c->evptype == evp_rijndael) { struct ssh_rijndael_ctx *aesc; aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (aesc == NULL) fatal("%s: no rijndael context", __func__); div = aesc->r_iv; } else #endif if (c->evptype == evp_aes_128_ctr) { ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen); return; } else { div = cc->evp.iv; } break; case SSH_CIPHER_3DES: { struct ssh1_3des_ctx *desc; desc = EVP_CIPHER_CTX_get_app_data(&cc->evp); if (desc == NULL) fatal("%s: no 3des context", __func__); debug3("%s: Installed 3DES IV", __func__); memcpy(desc->k1.iv, iv, 8); memcpy(desc->k2.iv, iv + 8, 8); memcpy(desc->k3.iv, iv + 16, 8); return; } default: fatal("%s: bad cipher %d", __func__, c->number); } memcpy(div, iv, evplen); }
void cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) { const Cipher *c = cc->cipher; int evplen; if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { if (len != 0) fatal("%s: wrong iv length %d != %d", __func__, len, 0); return; } switch (c->number) { #ifdef NONE_CIPHER_ENABLED case SSH_CIPHER_NONE: #endif case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen <= 0) return; if ((u_int)evplen != len) fatal("%s: wrong iv length %d != %d", __func__, evplen, len); #ifdef USE_BUILTIN_RIJNDAEL if (c->evptype == evp_rijndael) ssh_rijndael_iv(&cc->evp, 0, iv, len); else #endif #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(&cc->evp, 0, iv, len); else #endif memcpy(iv, cc->evp.iv, len); break; case SSH_CIPHER_3DES: ssh1_3des_iv(&cc->evp, 0, iv, 24); break; default: fatal("%s: bad cipher %d", __func__, c->number); } }
int cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len) { #ifdef WITH_OPENSSL const struct sshcipher *c = cc->cipher; int evplen; #endif if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { if (len != 0) return SSH_ERR_INVALID_ARGUMENT; return 0; } if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { if (len != sizeof(cc->ac_ctx.ctr)) return SSH_ERR_INVALID_ARGUMENT; memcpy(iv, cc->ac_ctx.ctr, len); return 0; } if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; #ifdef WITH_OPENSSL evplen = EVP_CIPHER_CTX_iv_length(cc->evp); if (evplen == 0) return 0; else if (evplen < 0) return SSH_ERR_LIBCRYPTO_ERROR; if ((size_t)evplen != len) return SSH_ERR_INVALID_ARGUMENT; #ifndef OPENSSL_HAVE_EVPCTR if (c->evptype == evp_aes_128_ctr) ssh_aes_ctr_iv(cc->evp, 0, iv, len); else #endif if (cipher_authlen(c)) { if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len)) return SSH_ERR_LIBCRYPTO_ERROR; #endif return 0; }
int cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) { struct sshcipher *c = cc->cipher; int evplen = 0; switch (c->number) { case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); if (evplen <= 0) return SSH_ERR_LIBCRYPTO_ERROR; if (c->evptype == evp_aes_128_ctr) return ssh_aes_ctr_iv(&cc->evp, 1, (u_char *)iv, evplen); else memcpy(cc->evp.iv, iv, evplen); return 0; case SSH_CIPHER_3DES: return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24); default: return SSH_ERR_INVALID_ARGUMENT; } }