diff --git a/ChangeLog b/ChangeLog index a6fc3d82634560ba901a6fc37bb467e80cf56d35..81f103778fa937c0b03b221a87993b8bcbd1155e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,27 @@ +2000-09-11 Niels Möller + + * src/symmetric/rijndael.c: Use static const for all lookup + tables. + + * src/parse.c (parse_bignum): Fixed off-by-one error when sanity + checking string length. + + * src/symmetric/serpent.c: Replaced the AES "All rights reserved" + copyright blurb with the vanilla GPL blurb, after confirming with + the authors that the code really is GPL:ed. + * src/symmetric/serpentsboxes.h: Likewise. + + * src/symmetric/serpentsboxes.h: Replaced unsigned long with + UINT32. + + * src/symmetric/serpent.c (serpent_setup): Don't use array syntax + for function argument types. + +2000-09-10 Niels Möller + + * doc/lsh.texinfo (Algorithm options): Updated the default + algorithm list. + 2000-09-05 Rafael R. Sevilla * src/symmetric/rijndael.c, src/symmetric/include/rijndael.h: New. diff --git a/doc/TODO b/doc/TODO index ca2917f2fb8aeabd6e24ec54d59163db2236ba3d..f5d910361bb826a4168670dd28490bbaaa0709ae 100644 --- a/doc/TODO +++ b/doc/TODO @@ -234,3 +234,11 @@ and sexp_get_un(). There are dsa-specific details in many places, lsh.c server_publickey.c, server_authorization.c, server_keyexchange.c. Try to write more generic functions that can deal with both dsa and rsa. + +Review the default algorithm preference list in +algorithms.c:default_crypto_algorithms(). Perhaps make the list more +conservative, and add a "pseudo-algorithm" all to include all +supported algorithms in the list? + +Use static objects for crypto algorithms with fixed key sizes and +other parameters. diff --git a/src/algorithms.c b/src/algorithms.c index b73fec39d3a375e68093618186c6b70f475a117d..a1acecc43d01a3d048b08ed6cb68b25ad7898229 100644 --- a/src/algorithms.c +++ b/src/algorithms.c @@ -248,7 +248,9 @@ lookup_hash(struct alist *algorithms, const char *name, } } -struct int_list *default_crypto_algorithms(void) +/* FIXME: Review the default list. */ +struct int_list * +default_crypto_algorithms(void) { return make_int_list(7 #if WITH_IDEA @@ -265,12 +267,14 @@ struct int_list *default_crypto_algorithms(void) ATOM_TWOFISH_CBC, ATOM_ARCFOUR, -1); } -struct int_list *default_mac_algorithms(void) +struct int_list * +default_mac_algorithms(void) { return make_int_list(2, ATOM_HMAC_SHA1, ATOM_HMAC_MD5, -1); } -struct int_list *default_compression_algorithms(void) +struct int_list * +default_compression_algorithms(void) { #if WITH_ZLIB return make_int_list(2, ATOM_NONE, ATOM_ZLIB, -1); diff --git a/src/atoms.in b/src/atoms.in index fa4b9ebca2139381a538bd1958959d43d62665cf..35151f9b813e1c4cbba5d6c7604cc86bfd04d513 100644 --- a/src/atoms.in +++ b/src/atoms.in @@ -11,12 +11,12 @@ zlib 3des-cbc REQUIRED three-key 3DES in CBC mode blowfish-cbc RECOMMENDED Blowfish in CBC mode twofish-cbc RECOMMENDED TwoFish cipher in CBC mode -rijndael-cbc RECOMMENDED Rijndael cipher in CBC mode -serpent-cbc RECOMMENDED Serpent cipher in CBC mode +rijndael-cbc EXPERIMENTAL Rijndael cipher in CBC mode +serpent-cbc EXPERIMENTAL Serpent cipher in CBC mode arcfour OPTIONAL the ARCFOUR stream cipher idea-cbc OPTIONAL IDEA in CBC mode cast128-cbc OPTIONAL CAST-128 in CBC mode -# none OPTIONAL no encryption; NOT RECOMMENDED +# none OPTIONAL no encryption; NOT RECOMMENDED ## The following are not in the current secsh draft, but are in SSH 2.0.11; ## some of them will probably be included in an updated secsh draft. diff --git a/src/blowfish.c b/src/blowfish.c index 0816b9351432229e01d385125d3d58eeecab18c7..c2c6db98e18cc5211a9e3522f1c6455de0eb76a6 100644 --- a/src/blowfish.c +++ b/src/blowfish.c @@ -41,8 +41,9 @@ (ctx . "BLOWFISH_context"))) */ -static void do_blowfish_encrypt(struct crypto_instance *s, - UINT32 length, const UINT8 *src, UINT8 *dst) +static void +do_blowfish_encrypt(struct crypto_instance *s, + UINT32 length, const UINT8 *src, UINT8 *dst) { CAST(blowfish_instance, self, s); @@ -50,8 +51,9 @@ static void do_blowfish_encrypt(struct crypto_instance *s, bf_encrypt_block(&self->ctx, dst, src); } -static void do_blowfish_decrypt(struct crypto_instance *s, - UINT32 length, const UINT8 *src, UINT8 *dst) +static void +do_blowfish_decrypt(struct crypto_instance *s, + UINT32 length, const UINT8 *src, UINT8 *dst) { CAST(blowfish_instance, self, s); @@ -81,7 +83,8 @@ make_blowfish_instance(struct crypto_algorithm *algorithm, int mode, } } -struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size) +struct crypto_algorithm * +make_blowfish_algorithm(UINT32 key_size) { NEW(crypto_algorithm, algorithm); @@ -96,7 +99,8 @@ struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size) return algorithm; } -struct crypto_algorithm *make_blowfish(void) +struct crypto_algorithm * +make_blowfish(void) { return make_blowfish_algorithm(BLOWFISH_KEYSIZE); } diff --git a/src/crypto.h b/src/crypto.h index 48eee5d7b74a5b17582fc13f2a10b48ed515b5db..1a49bf11ac54c86827a763a5d1f6dcaaad1b5c11 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -69,4 +69,4 @@ pkcs5_derive_key(struct mac_algorithm *prf, UINT32 iterations, UINT32 key_length, UINT8 *key); -#endif +#endif /* LSH_CRYPTO_H_INCLUDED */ diff --git a/src/rijndael.c b/src/rijndael.c index c567d9ecdb82ffbf62dc00c3abc8c66e3e02b6d9..9848bd83e229b9f53450f813101733b9ef84dd50 100644 --- a/src/rijndael.c +++ b/src/rijndael.c @@ -22,10 +22,12 @@ */ #include "crypto.h" +#include "rijndael.h" #include "werror.h" #include "xalloc.h" -#include "rijndael.h" + #include + #include "rijndael.c.x" /* Rijndael */ @@ -38,8 +40,9 @@ (ctx . "RIJNDAEL_context"))) */ -static void do_rijndael_encrypt(struct crypto_instance *s, - UINT32 length, const UINT8 *src, UINT8 *dst) +static void +do_rijndael_encrypt(struct crypto_instance *s, + UINT32 length, const UINT8 *src, UINT8 *dst) { CAST(rijndael_instance, self, s); @@ -47,8 +50,9 @@ static void do_rijndael_encrypt(struct crypto_instance *s, rijndael_encrypt(&self->ctx, src, dst); } -static void do_rijndael_decrypt(struct crypto_instance *s, - UINT32 length, const UINT8 *src, UINT8 *dst) +static void +do_rijndael_decrypt(struct crypto_instance *s, + UINT32 length, const UINT8 *src, UINT8 *dst) { CAST(rijndael_instance, self, s); @@ -67,8 +71,8 @@ make_rijndael_instance(struct crypto_algorithm *algorithm, int mode, ? do_rijndael_encrypt : do_rijndael_decrypt); - /* We don't have to deal with weak keys - as a second round AES candidate, - Rijndael doesn't have any. */ + /* We don't have to deal with weak keys - as a second round AES + * candidate, Rijndael doesn't have any. */ rijndael_setup(&self->ctx, algorithm->key_size, key); return(&self->super); @@ -90,7 +94,8 @@ make_rijndael_algorithm(UINT32 key_size) return algorithm; } -struct crypto_algorithm *make_rijndael(void) +struct crypto_algorithm * +make_rijndael(void) { return(make_rijndael_algorithm(RIJNDAEL_KEYSIZE)); } diff --git a/src/serpent.c b/src/serpent.c index 9000a1bca83deffa49737a7c6b50dcadc4d47ec3..96368f16db6e0b975a9eda2ee3f1ce8bab9b2eca 100644 --- a/src/serpent.c +++ b/src/serpent.c @@ -1,6 +1,7 @@ /* serpent.c * * $Id$ */ + /* lsh, an implementation of the ssh protocol * * Copyright (C) 1999, 2000 Niels Möller, Rafael R. Sevilla @@ -19,12 +20,15 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ + #include "crypto.h" +#include "serpent.h" #include "werror.h" #include "xalloc.h" -#include "serpent.h" + #include + #include "serpent.c.x" /* Serpent */ @@ -36,8 +40,9 @@ (ctx . "SERPENT_context"))) */ -static void do_serpent_encrypt(struct crypto_instance *s, - UINT32 length, const UINT8 *src, UINT8 *dst) +static void +do_serpent_encrypt(struct crypto_instance *s, + UINT32 length, const UINT8 *src, UINT8 *dst) { CAST(serpent_instance, self, s); @@ -45,8 +50,9 @@ static void do_serpent_encrypt(struct crypto_instance *s, serpent_encrypt(&self->ctx, src, dst); } -static void do_serpent_decrypt(struct crypto_instance *s, - UINT32 length, const UINT8 *src, UINT8 *dst) +static void +do_serpent_decrypt(struct crypto_instance *s, + UINT32 length, const UINT8 *src, UINT8 *dst) { CAST(serpent_instance, self, s); @@ -65,15 +71,17 @@ make_serpent_instance(struct crypto_algorithm *algorithm, int mode, ? do_serpent_encrypt : do_serpent_decrypt); - /* We don't have to deal with weak keys - as a second round AES candidate, - Serpent doesn't have any, but it can only use 256 bit keys so we do - an assertion check. */ + /* We don't have to deal with weak keys - as a second round AES + * candidate, Serpent doesn't have any, but it can only use 256 bit + * keys so we do an assertion check. */ assert(algorithm->key_size == SERPENT_KEYSIZE); serpent_setup(&self->ctx, key); return(&self->super); } +/* FIXME: This function seems a little redundant, when we don't + * support variable key size for serpent. */ struct crypto_algorithm * make_serpent_algorithm(UINT32 key_size) { @@ -89,7 +97,8 @@ make_serpent_algorithm(UINT32 key_size) return algorithm; } -struct crypto_algorithm *make_serpent(void) +struct crypto_algorithm * +make_serpent(void) { return(make_serpent_algorithm(SERPENT_KEYSIZE)); } diff --git a/src/symmetric/arcfour.c b/src/symmetric/arcfour.c index f5d7054003113225ea2d6b14d9f7df222a8dbfa0..100f9cc01447f88638e91cd61d6adee172da8783 100644 --- a/src/symmetric/arcfour.c +++ b/src/symmetric/arcfour.c @@ -7,6 +7,25 @@ * */ +/* lsh, an implementation of the ssh protocol + * + * Copyright (C) 1998 Niels Möller + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + #include "arcfour.h" #ifdef RCSID