Merged serpent and rijndael patches by Rafael R. Sevilla

<dido@pacific.net.ph>.

Rev: AUTHORS:1.9
Rev: ChangeLog:1.240
Rev: src/Makefile.am.in:1.86
Rev: src/algorithms.c:1.14
Rev: src/atoms.in:1.19
Rev: src/crypto.h:1.19
Rev: src/rijndael.c:1.1
Rev: src/serpent.c:1.1

AUTHORS

@@ -26,9 +26,14 @@ released under the LPGL.
 MD5 implementation by Colin Plumb, somewhat hacked by Andrew Kuchling.
 Released into the public domain.
 
+RIJNDAEL implementation by Rafael Sevilla.  Released under the LGPL.
+
 SHA implementation by Peter Gutmann, somewhat hacked by Andrew
 Kuchling. Released into the public domain.
 
+SERPENT implementation by Ross Anderson, Eli Biham, and Lars Knudsen,
+somewhat hacked by Rafael Sevilla.  Released under the GPL.
+
 TCPUTILS networking code by Thomas Bellman. Released into the public
 domain.
 

ChangeLog

+2000-09-05  Rafael R. Sevilla  <dido@pacific.net.ph>
+
+	* src/symmetric/rijndael.c, src/symmetric/include/rijndael.h: New. 
+	LGPLed Rijndael implementation by me.
+	* src/rijndael.c: New.  Adds support for Rijndael.
+	* src/symmetric/serpent.c, src/symmetric/serpentsboxes.h,
+	src/symmetric/include/serpent.h: New.  LGPLed Serpent implementation
+	by Ross Anderson, Eli Biham, and Lars Knudsen.
+	* src/serpent.c: New.  Adds support for Serpent.
+	* src/symmetric/Makefile.am.in, src/atoms_in, src/Makefile.am.in,
+	src/algorithms.c, src/crypto.h: updated for Rijndael and Serpent.
+
+000-09-10  Niels Mller  <nisse@cuckoo.localdomain>
+
+	* FAQ: Added a question on anonymous cvs access.
+
 2000-09-04  Niels Mller  <nisse@cuckoo.localdomain>
 
 	* doc/lsh.texinfo: Updated references to lsh-keygen and

src/Makefile.am.in

@@ -60,7 +60,7 @@ liblsh_a_SOURCES = abstract_io.c abstract_crypto.c abstract_compress.c \
 	randomness.c \
 	read_base64.c read_data.c read_file.c read_line.c read_packet.c \
 	reaper.c resource.c \
-	rsa.c rsa_keygen.c \
+	rijndael.c rsa.c rsa_keygen.c serpent.c \
 	server.c server_authorization.c server_keyexchange.c \
 	server_password.c server_publickey.c \
 	server_pty.c server_session.c server_userauth.c \

src/algorithms.c

@@ -46,7 +46,7 @@ many_algorithms(unsigned n, ...)
   va_list args;
   
   struct alist *a
-    = make_alist(7
+    = make_alist(9
 #if WITH_IDEA
 		 +1
 #endif
@@ -57,6 +57,8 @@ many_algorithms(unsigned n, ...)
 		 ATOM_ARCFOUR, &crypto_arcfour_algorithm,
 		 ATOM_BLOWFISH_CBC, crypto_cbc(make_blowfish()),
 		 ATOM_TWOFISH_CBC, crypto_cbc(make_twofish()),
+		 ATOM_RIJNDAEL_CBC, crypto_cbc(make_rijndael()),
+		 ATOM_SERPENT_CBC, crypto_cbc(make_serpent()),
 		 ATOM_3DES_CBC, crypto_cbc(make_des3()),
 		 ATOM_CAST128_CBC, crypto_cbc(make_cast()),
 #if WITH_IDEA
@@ -118,6 +120,10 @@ lookup_crypto(struct alist *algorithms, const char *name,
     atom = ATOM_BLOWFISH_CBC;
   else if (strcmp_list(name, "3des-cbc", "3des", NULL))
     atom = ATOM_3DES_CBC;
+  else if (strcmp_list(name, "rijndael-cbc", "rijndael", NULL))
+    atom = ATOM_RIJNDAEL_CBC;
+  else if (strcmp_list(name, "serpent-cbc", "serpent", NULL))
+    atom = ATOM_SERPENT_CBC;
   else if (strcmp_list(name, "idea-cbc", "idea", NULL))
     atom = ATOM_IDEA_CBC;
   else if (strcmp_list(name, "cast128-cbc", "cast",
@@ -244,7 +250,7 @@ lookup_hash(struct alist *algorithms, const char *name,
 
 struct int_list *default_crypto_algorithms(void)
 {
-  return make_int_list(5
+  return make_int_list(7
 #if WITH_IDEA
 		       + 1
 #endif
@@ -254,6 +260,8 @@ struct int_list *default_crypto_algorithms(void)
 #endif
 		       ATOM_BLOWFISH_CBC,
 		       ATOM_CAST128_CBC,
+		       ATOM_RIJNDAEL_CBC,
+		       ATOM_SERPENT_CBC,
 		       ATOM_TWOFISH_CBC, ATOM_ARCFOUR, -1);
 }
 
@@ -330,9 +338,10 @@ list_crypto_algorithms(const struct argp_state *state,
 		       struct alist *algorithms)
 {
   list_algorithms(state, algorithms,
-		  "Supported crypto algorithms: ", 7,
+		  "Supported crypto algorithms: ", 9,
 		  ATOM_3DES_CBC, ATOM_BLOWFISH_CBC,
-		  ATOM_TWOFISH_CBC, ATOM_ARCFOUR,
+		  ATOM_TWOFISH_CBC, ATOM_RIJNDAEL_CBC, ATOM_SERPENT_CBC,
+		  ATOM_ARCFOUR,
 		  ATOM_IDEA_CBC, ATOM_CAST128_CBC,
 		  ATOM_NONE, -1);
 }

src/atoms.in

@@ -11,6 +11,8 @@ zlib
 3des-cbc         REQUIRED          three-key 3DES in CBC mode
 blowfish-cbc     RECOMMENDED       Blowfish in CBC mode
 twofish-cbc      RECOMMENDED       TwoFish cipher in CBC mode
+rijndael-cbc     RECOMMENDED       Rijndael cipher in CBC mode
+serpent-cbc      RECOMMENDED       Serpent cipher in CBC mode
 arcfour          OPTIONAL          the ARCFOUR stream cipher
 idea-cbc         OPTIONAL          IDEA in CBC mode
 cast128-cbc      OPTIONAL          CAST-128 in CBC mode
@@ -36,6 +38,12 @@ cast128-cbc      OPTIONAL          CAST-128 in CBC mode
 #twofish-ecb      OPTIONAL          TwoFish cipher in ECB mode
 #twofish-cfb      OPTIONAL          TwoFish cipher in CFB mode
 #twofish-ofb      OPTIONAL          TwoFish cipher in OFB mode
+#rijndael-ecb     OPTIONAL          Rijndael cipher in ECB mode
+#rijndael-cfb     OPTIONAL          Rijndael cipher in CFB mode
+#rijndael-ofb     OPTIONAL          Rijndael cipher in OFB mode
+#serpent-ecb      OPTIONAL          Serpent cipher in ECB mode
+#serpent-cfb      OPTIONAL          Serpent cipher in CFB mode
+#serpent-ofb      OPTIONAL          Serpent cipher in OFB mode
 ## Others (I don't know why SSH supports them)
 #des-ecb          OPTIONAL          DES cipher in ECB mode
 #des-cfb          OPTIONAL          DES cipher in CFB mode

src/crypto.h

@@ -42,6 +42,10 @@ struct crypto_algorithm *make_twofish_algorithm(UINT32 key_size);
 struct crypto_algorithm *make_twofish(void);
 struct crypto_algorithm *make_blowfish_algorithm(UINT32 key_size);
 struct crypto_algorithm *make_blowfish(void);
+struct crypto_algorithm *make_rijndael_algorithm(UINT32 key_size);
+struct crypto_algorithm *make_rijndael(void);
+struct crypto_algorithm *make_serpent_algorithm(UINT32 key_size);
+struct crypto_algorithm *make_serpent(void);
 struct crypto_algorithm *make_des3(void);
 struct crypto_algorithm *make_cast_algorithm(UINT32 key_size);
 struct crypto_algorithm *make_cast(void);

src/rijndael.c

+/* rijndael.c
+ *
+ * $Id$ */
+
+/* lsh, an implementation of the ssh protocol
+ *
+ * Copyright (C) 1999, 2000 Niels Mller, Rafael R. Sevilla
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#include "crypto.h"
+
+#include "werror.h"
+#include "xalloc.h"
+#include "rijndael.h"
+#include <assert.h>
+#include "rijndael.c.x"
+
+/* Rijndael */
+
+/* GABA:
+   (class
+     (name rijndael_instance)
+     (super crypto_instance)
+     (vars
+       (ctx . "RIJNDAEL_context")))
+*/
+
+static void do_rijndael_encrypt(struct crypto_instance *s,
+				UINT32 length, const UINT8 *src, UINT8 *dst)
+{
+  CAST(rijndael_instance, self, s);
+
+  FOR_BLOCKS(length, src, dst, RIJNDAEL_BLOCKSIZE)
+    rijndael_encrypt(&self->ctx, src, dst);
+}
+
+static void do_rijndael_decrypt(struct crypto_instance *s,
+				UINT32 length, const UINT8 *src, UINT8 *dst)
+{
+  CAST(rijndael_instance, self, s);
+
+  FOR_BLOCKS(length, src, dst, RIJNDAEL_BLOCKSIZE)
+    rijndael_decrypt(&self->ctx, src, dst);
+}
+
+static struct crypto_instance *
+make_rijndael_instance(struct crypto_algorithm *algorithm, int mode,
+		       const UINT8 *key, const UINT8 *iv UNUSED)
+{
+  NEW(rijndael_instance, self);
+
+  self->super.block_size = RIJNDAEL_BLOCKSIZE;
+  self->super.crypt = ( (mode == CRYPTO_ENCRYPT)
+			? do_rijndael_encrypt
+			: do_rijndael_decrypt);
+
+  /* We don't have to deal with weak keys - as a second round AES candidate,
+     Rijndael doesn't have any. */
+  rijndael_setup(&self->ctx, algorithm->key_size, key);
+
+  return(&self->super);
+}
+
+struct crypto_algorithm *
+make_rijndael_algorithm(UINT32 key_size)
+{
+  NEW(crypto_algorithm, algorithm);
+
+  assert(key_size <= RIJNDAEL_MAX_KEYSIZE);
+  assert(key_size >= RIJNDAEL_MIN_KEYSIZE);
+
+  algorithm->block_size = RIJNDAEL_BLOCKSIZE;
+  algorithm->key_size = key_size;
+  algorithm->iv_size = 0;
+  algorithm->make_crypt = make_rijndael_instance;
+
+  return algorithm;
+}
+
+struct crypto_algorithm *make_rijndael(void)
+{
+  return(make_rijndael_algorithm(RIJNDAEL_KEYSIZE));
+}

src/serpent.c

+/* serpent.c
+ *
+ * $Id$ */
+/* lsh, an implementation of the ssh protocol
+ *
+ * Copyright (C) 1999, 2000 Niels Mller, Rafael R. Sevilla
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+#include "crypto.h"
+
+#include "werror.h"
+#include "xalloc.h"
+#include "serpent.h"
+#include <assert.h>
+#include "serpent.c.x"
+
+/* Serpent */
+/* GABA:
+   (class
+     (name serpent_instance)
+     (super crypto_instance)
+     (vars
+       (ctx . "SERPENT_context")))
+*/
+
+static void do_serpent_encrypt(struct crypto_instance *s,
+			       UINT32 length, const UINT8 *src, UINT8 *dst)
+{
+  CAST(serpent_instance, self, s);
+
+  FOR_BLOCKS(length, src, dst, SERPENT_BLOCKSIZE)
+    serpent_encrypt(&self->ctx, src, dst);
+}
+
+static void do_serpent_decrypt(struct crypto_instance *s,
+			       UINT32 length, const UINT8 *src, UINT8 *dst)
+{
+  CAST(serpent_instance, self, s);
+
+  FOR_BLOCKS(length, src, dst, SERPENT_BLOCKSIZE)
+    serpent_decrypt(&self->ctx, src, dst);
+}
+
+static struct crypto_instance *
+make_serpent_instance(struct crypto_algorithm *algorithm, int mode,
+		      const UINT8 *key, const UINT8 *iv UNUSED)
+{
+  NEW(serpent_instance, self);
+
+  self->super.block_size = SERPENT_BLOCKSIZE;
+  self->super.crypt = ( (mode == CRYPTO_ENCRYPT)
+			? do_serpent_encrypt
+			: do_serpent_decrypt);
+
+  /* We don't have to deal with weak keys - as a second round AES candidate,
+     Serpent doesn't have any, but it can only use 256 bit keys so we do
+     an assertion check. */
+  assert(algorithm->key_size == SERPENT_KEYSIZE);
+  serpent_setup(&self->ctx, key);
+
+  return(&self->super);
+}
+
+struct crypto_algorithm *
+make_serpent_algorithm(UINT32 key_size)
+{
+  NEW(crypto_algorithm, algorithm);
+
+  assert(key_size == SERPENT_KEYSIZE);
+
+  algorithm->block_size = SERPENT_BLOCKSIZE;
+  algorithm->key_size = key_size;
+  algorithm->iv_size = 0;
+  algorithm->make_crypt = make_serpent_instance;
+
+  return algorithm;
+}
+
+struct crypto_algorithm *make_serpent(void)
+{
+  return(make_serpent_algorithm(SERPENT_KEYSIZE));
+}