diff --git a/ssh.h b/ssh.h index f16ff204..b7bf8711 100644 --- a/ssh.h +++ b/ssh.h @@ -409,10 +409,11 @@ void ssh_proto_error(Ssh *ssh, const char *fmt, ...); void ssh_sw_abort(Ssh *ssh, const char *fmt, ...); void ssh_user_close(Ssh *ssh, const char *fmt, ...); -#define SSH_CIPHER_IDEA 1 -#define SSH_CIPHER_DES 2 -#define SSH_CIPHER_3DES 3 -#define SSH_CIPHER_BLOWFISH 6 +/* Bit positions in the SSH-1 cipher protocol word */ +#define SSH1_CIPHER_IDEA 1 +#define SSH1_CIPHER_DES 2 +#define SSH1_CIPHER_3DES 3 +#define SSH1_CIPHER_BLOWFISH 6 struct ssh_key { const ssh_keyalg *vt; diff --git a/ssh1login-server.c b/ssh1login-server.c index 9d9685a9..1551c5a2 100644 --- a/ssh1login-server.c +++ b/ssh1login-server.c @@ -147,9 +147,9 @@ static void ssh1_login_server_process_queue(PacketProtocolLayer *ppl) s->local_protoflags = SSH1_PROTOFLAGS_SUPPORTED; /* FIXME: ability to configure this to a subset */ - s->supported_ciphers_mask = ((1U << SSH_CIPHER_3DES) | - (1U << SSH_CIPHER_BLOWFISH) | - (1U << SSH_CIPHER_DES)); + s->supported_ciphers_mask = ((1U << SSH1_CIPHER_3DES) | + (1U << SSH1_CIPHER_BLOWFISH) | + (1U << SSH1_CIPHER_DES)); s->supported_auths_mask = 0; s->ap_methods = auth_methods(s->authpolicy); if (s->ap_methods & AUTHMETHOD_PASSWORD) @@ -244,8 +244,8 @@ static void ssh1_login_server_process_queue(PacketProtocolLayer *ppl) { const ssh_cipheralg *cipher = - (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 : - s->cipher_type == SSH_CIPHER_DES ? &ssh_des : &ssh_3des_ssh1); + (s->cipher_type == SSH1_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 : + s->cipher_type == SSH1_CIPHER_DES ? &ssh_des : &ssh_3des_ssh1); ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key); } diff --git a/ssh1login.c b/ssh1login.c index 7ed3363f..d49ef669 100644 --- a/ssh1login.c +++ b/ssh1login.c @@ -300,11 +300,11 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) ppl_logevent("AES not supported in SSH-1, skipping"); } else { switch (next_cipher) { - case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES; + case CIPHER_3DES: s->cipher_type = SSH1_CIPHER_3DES; cipher_string = "3DES"; break; - case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH; + case CIPHER_BLOWFISH: s->cipher_type = SSH1_CIPHER_BLOWFISH; cipher_string = "Blowfish"; break; - case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES; + case CIPHER_DES: s->cipher_type = SSH1_CIPHER_DES; cipher_string = "single-DES"; break; } if (s->supported_ciphers_mask & (1 << s->cipher_type)) @@ -312,7 +312,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) } } if (!cipher_chosen) { - if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0) { + if ((s->supported_ciphers_mask & (1 << SSH1_CIPHER_3DES)) == 0) { ssh_proto_error(s->ppl.ssh, "Server violates SSH-1 protocol " "by not supporting 3DES encryption"); } else { @@ -336,13 +336,13 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) } switch (s->cipher_type) { - case SSH_CIPHER_3DES: + case SSH1_CIPHER_3DES: ppl_logevent("Using 3DES encryption"); break; - case SSH_CIPHER_DES: + case SSH1_CIPHER_DES: ppl_logevent("Using single-DES encryption"); break; - case SSH_CIPHER_BLOWFISH: + case SSH1_CIPHER_BLOWFISH: ppl_logevent("Using Blowfish encryption"); break; } @@ -369,8 +369,8 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) { const ssh_cipheralg *cipher = - (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 : - s->cipher_type == SSH_CIPHER_DES ? &ssh_des : &ssh_3des_ssh1); + (s->cipher_type == SSH1_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 : + s->cipher_type == SSH1_CIPHER_DES ? &ssh_des : &ssh_3des_ssh1); ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key); } diff --git a/sshpubk.c b/sshpubk.c index b9f67eb5..e4b2281a 100644 --- a/sshpubk.c +++ b/sshpubk.c @@ -71,7 +71,7 @@ static int rsa_ssh1_load_main(FILE * fp, RSAKey *key, bool pub_only, /* One byte giving encryption type, and one reserved uint32. */ ciphertype = get_byte(src); - if (ciphertype != 0 && ciphertype != SSH_CIPHER_3DES) + if (ciphertype != 0 && ciphertype != SSH1_CIPHER_3DES) goto end; if (get_uint32(src) != 0) goto end; /* reserved field nonzero, panic! */ @@ -330,7 +330,7 @@ bool rsa_ssh1_savekey(const Filename *filename, RSAKey *key, * The public part of the key. */ put_data(buf, rsa_signature, sizeof(rsa_signature)); - put_byte(buf, passphrase ? SSH_CIPHER_3DES : 0); /* encryption type */ + put_byte(buf, passphrase ? SSH1_CIPHER_3DES : 0); /* encryption type */ put_uint32(buf, 0); /* reserved */ rsa_ssh1_public_blob(BinarySink_UPCAST(buf), key, RSA_SSH1_MODULUS_FIRST);