Commit c21827da authored by Niels Möller's avatar Niels Möller

*** empty log message ***

Rev: ChangeLog:1.241
Rev: doc/TODO:1.89
Rev: src/algorithms.c:1.15
Rev: src/atoms.in:1.20
Rev: src/blowfish.c:1.7
Rev: src/crypto.h:1.20
Rev: src/rijndael.c:1.2
Rev: src/serpent.c:1.2
Rev: src/symmetric/arcfour.c:1.4
parent bee28816
2000-09-11 Niels Mller <nisse@cuckoo.localdomain>
* src/symmetric/rijndael.c: Use static const for all lookup
tables.
* src/parse.c (parse_bignum): Fixed off-by-one error when sanity
checking string length.
* src/symmetric/serpent.c: Replaced the AES "All rights reserved"
copyright blurb with the vanilla GPL blurb, after confirming with
the authors that the code really is GPL:ed.
* src/symmetric/serpentsboxes.h: Likewise.
* src/symmetric/serpentsboxes.h: Replaced unsigned long with
UINT32.
* src/symmetric/serpent.c (serpent_setup): Don't use array syntax
for function argument types.
2000-09-10 Niels Mller <nisse@cuckoo.localdomain>
* doc/lsh.texinfo (Algorithm options): Updated the default
algorithm list.
2000-09-05 Rafael R. Sevilla <dido@pacific.net.ph> 2000-09-05 Rafael R. Sevilla <dido@pacific.net.ph>
* src/symmetric/rijndael.c, src/symmetric/include/rijndael.h: New. * src/symmetric/rijndael.c, src/symmetric/include/rijndael.h: New.
......
...@@ -234,3 +234,11 @@ and sexp_get_un(). ...@@ -234,3 +234,11 @@ and sexp_get_un().
There are dsa-specific details in many places, lsh.c There are dsa-specific details in many places, lsh.c
server_publickey.c, server_authorization.c, server_keyexchange.c. Try server_publickey.c, server_authorization.c, server_keyexchange.c. Try
to write more generic functions that can deal with both dsa and rsa. to write more generic functions that can deal with both dsa and rsa.
Review the default algorithm preference list in
algorithms.c:default_crypto_algorithms(). Perhaps make the list more
conservative, and add a "pseudo-algorithm" all to include all
supported algorithms in the list?
Use static objects for crypto algorithms with fixed key sizes and
other parameters.
...@@ -248,7 +248,9 @@ lookup_hash(struct alist *algorithms, const char *name, ...@@ -248,7 +248,9 @@ lookup_hash(struct alist *algorithms, const char *name,
} }
} }
struct int_list *default_crypto_algorithms(void) /* FIXME: Review the default list. */
struct int_list *
default_crypto_algorithms(void)
{ {
return make_int_list(7 return make_int_list(7
#if WITH_IDEA #if WITH_IDEA
...@@ -265,12 +267,14 @@ struct int_list *default_crypto_algorithms(void) ...@@ -265,12 +267,14 @@ struct int_list *default_crypto_algorithms(void)
ATOM_TWOFISH_CBC, ATOM_ARCFOUR, -1); ATOM_TWOFISH_CBC, ATOM_ARCFOUR, -1);
} }
struct int_list *default_mac_algorithms(void) struct int_list *
default_mac_algorithms(void)
{ {
return make_int_list(2, ATOM_HMAC_SHA1, ATOM_HMAC_MD5, -1); return make_int_list(2, ATOM_HMAC_SHA1, ATOM_HMAC_MD5, -1);
} }
struct int_list *default_compression_algorithms(void) struct int_list *
default_compression_algorithms(void)
{ {
#if WITH_ZLIB #if WITH_ZLIB
return make_int_list(2, ATOM_NONE, ATOM_ZLIB, -1); return make_int_list(2, ATOM_NONE, ATOM_ZLIB, -1);
......
...@@ -11,12 +11,12 @@ zlib ...@@ -11,12 +11,12 @@ zlib
3des-cbc REQUIRED three-key 3DES in CBC mode 3des-cbc REQUIRED three-key 3DES in CBC mode
blowfish-cbc RECOMMENDED Blowfish in CBC mode blowfish-cbc RECOMMENDED Blowfish in CBC mode
twofish-cbc RECOMMENDED TwoFish cipher in CBC mode twofish-cbc RECOMMENDED TwoFish cipher in CBC mode
rijndael-cbc RECOMMENDED Rijndael cipher in CBC mode rijndael-cbc EXPERIMENTAL Rijndael cipher in CBC mode
serpent-cbc RECOMMENDED Serpent cipher in CBC mode serpent-cbc EXPERIMENTAL Serpent cipher in CBC mode
arcfour OPTIONAL the ARCFOUR stream cipher arcfour OPTIONAL the ARCFOUR stream cipher
idea-cbc OPTIONAL IDEA in CBC mode idea-cbc OPTIONAL IDEA in CBC mode
cast128-cbc OPTIONAL CAST-128 in CBC mode cast128-cbc OPTIONAL CAST-128 in CBC mode
# none OPTIONAL no encryption; NOT RECOMMENDED # none OPTIONAL no encryption; NOT RECOMMENDED
## The following are not in the current secsh draft, but are in SSH 2.0.11; ## The following are not in the current secsh draft, but are in SSH 2.0.11;
## some of them will probably be included in an updated secsh draft. ## some of them will probably be included in an updated secsh draft.
......
...@@ -41,8 +41,9 @@ ...@@ -41,8 +41,9 @@
(ctx . "BLOWFISH_context"))) (ctx . "BLOWFISH_context")))
*/ */
static void do_blowfish_encrypt(struct crypto_instance *s, static void
UINT32 length, const UINT8 *src, UINT8 *dst) do_blowfish_encrypt(struct crypto_instance *s,
UINT32 length, const UINT8 *src, UINT8 *dst)
{ {
CAST(blowfish_instance, self, s); CAST(blowfish_instance, self, s);
...@@ -50,8 +51,9 @@ static void do_blowfish_encrypt(struct crypto_instance *s, ...@@ -50,8 +51,9 @@ static void do_blowfish_encrypt(struct crypto_instance *s,
bf_encrypt_block(&self->ctx, dst, src); bf_encrypt_block(&self->ctx, dst, src);
} }
static void do_blowfish_decrypt(struct crypto_instance *s, static void
UINT32 length, const UINT8 *src, UINT8 *dst) do_blowfish_decrypt(struct crypto_instance *s,
UINT32 length, const UINT8 *src, UINT8 *dst)
{ {
CAST(blowfish_instance, self, s); CAST(blowfish_instance, self, s);
...@@ -81,7 +83,8 @@ make_blowfish_instance(struct crypto_algorithm *algorithm, int mode, ...@@ -81,7 +83,8 @@ make_blowfish_instance(struct crypto_algorithm *algorithm, int mode,
} }
} }
struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size) struct crypto_algorithm *
make_blowfish_algorithm(UINT32 key_size)
{ {
NEW(crypto_algorithm, algorithm); NEW(crypto_algorithm, algorithm);
...@@ -96,7 +99,8 @@ struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size) ...@@ -96,7 +99,8 @@ struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size)
return algorithm; return algorithm;
} }
struct crypto_algorithm *make_blowfish(void) struct crypto_algorithm *
make_blowfish(void)
{ {
return make_blowfish_algorithm(BLOWFISH_KEYSIZE); return make_blowfish_algorithm(BLOWFISH_KEYSIZE);
} }
...@@ -69,4 +69,4 @@ pkcs5_derive_key(struct mac_algorithm *prf, ...@@ -69,4 +69,4 @@ pkcs5_derive_key(struct mac_algorithm *prf,
UINT32 iterations, UINT32 iterations,
UINT32 key_length, UINT8 *key); UINT32 key_length, UINT8 *key);
#endif #endif /* LSH_CRYPTO_H_INCLUDED */
...@@ -22,10 +22,12 @@ ...@@ -22,10 +22,12 @@
*/ */
#include "crypto.h" #include "crypto.h"
#include "rijndael.h"
#include "werror.h" #include "werror.h"
#include "xalloc.h" #include "xalloc.h"
#include "rijndael.h"
#include <assert.h> #include <assert.h>
#include "rijndael.c.x" #include "rijndael.c.x"
/* Rijndael */ /* Rijndael */
...@@ -38,8 +40,9 @@ ...@@ -38,8 +40,9 @@
(ctx . "RIJNDAEL_context"))) (ctx . "RIJNDAEL_context")))
*/ */
static void do_rijndael_encrypt(struct crypto_instance *s, static void
UINT32 length, const UINT8 *src, UINT8 *dst) do_rijndael_encrypt(struct crypto_instance *s,
UINT32 length, const UINT8 *src, UINT8 *dst)
{ {
CAST(rijndael_instance, self, s); CAST(rijndael_instance, self, s);
...@@ -47,8 +50,9 @@ static void do_rijndael_encrypt(struct crypto_instance *s, ...@@ -47,8 +50,9 @@ static void do_rijndael_encrypt(struct crypto_instance *s,
rijndael_encrypt(&self->ctx, src, dst); rijndael_encrypt(&self->ctx, src, dst);
} }
static void do_rijndael_decrypt(struct crypto_instance *s, static void
UINT32 length, const UINT8 *src, UINT8 *dst) do_rijndael_decrypt(struct crypto_instance *s,
UINT32 length, const UINT8 *src, UINT8 *dst)
{ {
CAST(rijndael_instance, self, s); CAST(rijndael_instance, self, s);
...@@ -67,8 +71,8 @@ make_rijndael_instance(struct crypto_algorithm *algorithm, int mode, ...@@ -67,8 +71,8 @@ make_rijndael_instance(struct crypto_algorithm *algorithm, int mode,
? do_rijndael_encrypt ? do_rijndael_encrypt
: do_rijndael_decrypt); : do_rijndael_decrypt);
/* We don't have to deal with weak keys - as a second round AES candidate, /* We don't have to deal with weak keys - as a second round AES
Rijndael doesn't have any. */ * candidate, Rijndael doesn't have any. */
rijndael_setup(&self->ctx, algorithm->key_size, key); rijndael_setup(&self->ctx, algorithm->key_size, key);
return(&self->super); return(&self->super);
...@@ -90,7 +94,8 @@ make_rijndael_algorithm(UINT32 key_size) ...@@ -90,7 +94,8 @@ make_rijndael_algorithm(UINT32 key_size)
return algorithm; return algorithm;
} }
struct crypto_algorithm *make_rijndael(void) struct crypto_algorithm *
make_rijndael(void)
{ {
return(make_rijndael_algorithm(RIJNDAEL_KEYSIZE)); return(make_rijndael_algorithm(RIJNDAEL_KEYSIZE));
} }
/* serpent.c /* serpent.c
* *
* $Id$ */ * $Id$ */
/* lsh, an implementation of the ssh protocol /* lsh, an implementation of the ssh protocol
* *
* Copyright (C) 1999, 2000 Niels Mller, Rafael R. Sevilla * Copyright (C) 1999, 2000 Niels Mller, Rafael R. Sevilla
...@@ -19,12 +20,15 @@ ...@@ -19,12 +20,15 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
#include "crypto.h" #include "crypto.h"
#include "serpent.h"
#include "werror.h" #include "werror.h"
#include "xalloc.h" #include "xalloc.h"
#include "serpent.h"
#include <assert.h> #include <assert.h>
#include "serpent.c.x" #include "serpent.c.x"
/* Serpent */ /* Serpent */
...@@ -36,8 +40,9 @@ ...@@ -36,8 +40,9 @@
(ctx . "SERPENT_context"))) (ctx . "SERPENT_context")))
*/ */
static void do_serpent_encrypt(struct crypto_instance *s, static void
UINT32 length, const UINT8 *src, UINT8 *dst) do_serpent_encrypt(struct crypto_instance *s,
UINT32 length, const UINT8 *src, UINT8 *dst)
{ {
CAST(serpent_instance, self, s); CAST(serpent_instance, self, s);
...@@ -45,8 +50,9 @@ static void do_serpent_encrypt(struct crypto_instance *s, ...@@ -45,8 +50,9 @@ static void do_serpent_encrypt(struct crypto_instance *s,
serpent_encrypt(&self->ctx, src, dst); serpent_encrypt(&self->ctx, src, dst);
} }
static void do_serpent_decrypt(struct crypto_instance *s, static void
UINT32 length, const UINT8 *src, UINT8 *dst) do_serpent_decrypt(struct crypto_instance *s,
UINT32 length, const UINT8 *src, UINT8 *dst)
{ {
CAST(serpent_instance, self, s); CAST(serpent_instance, self, s);
...@@ -65,15 +71,17 @@ make_serpent_instance(struct crypto_algorithm *algorithm, int mode, ...@@ -65,15 +71,17 @@ make_serpent_instance(struct crypto_algorithm *algorithm, int mode,
? do_serpent_encrypt ? do_serpent_encrypt
: do_serpent_decrypt); : do_serpent_decrypt);
/* We don't have to deal with weak keys - as a second round AES candidate, /* We don't have to deal with weak keys - as a second round AES
Serpent doesn't have any, but it can only use 256 bit keys so we do * candidate, Serpent doesn't have any, but it can only use 256 bit
an assertion check. */ * keys so we do an assertion check. */
assert(algorithm->key_size == SERPENT_KEYSIZE); assert(algorithm->key_size == SERPENT_KEYSIZE);
serpent_setup(&self->ctx, key); serpent_setup(&self->ctx, key);
return(&self->super); return(&self->super);
} }
/* FIXME: This function seems a little redundant, when we don't
* support variable key size for serpent. */
struct crypto_algorithm * struct crypto_algorithm *
make_serpent_algorithm(UINT32 key_size) make_serpent_algorithm(UINT32 key_size)
{ {
...@@ -89,7 +97,8 @@ make_serpent_algorithm(UINT32 key_size) ...@@ -89,7 +97,8 @@ make_serpent_algorithm(UINT32 key_size)
return algorithm; return algorithm;
} }
struct crypto_algorithm *make_serpent(void) struct crypto_algorithm *
make_serpent(void)
{ {
return(make_serpent_algorithm(SERPENT_KEYSIZE)); return(make_serpent_algorithm(SERPENT_KEYSIZE));
} }
...@@ -7,6 +7,25 @@ ...@@ -7,6 +7,25 @@
* *
*/ */
/* lsh, an implementation of the ssh protocol
*
* Copyright (C) 1998 Niels Mller
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "arcfour.h" #include "arcfour.h"
#ifdef RCSID #ifdef RCSID
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment