- (djm) Stop shadow expiry checking from preventing logins with NIS. Based

[openssh.git] / cipher.h

diff --git a/cipher.h b/cipher.h
index 7f550a542d178c02694f07173cbd78b7c6d85883..a13799077f105963b573523b92ed01db1b4e7001 100644 (file)
--- a/cipher.h
+++ b/cipher.h
@@ -1,34 +1,29 @@
 /*
- * 
+ *
  * cipher.h
- * 
+ *
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * 
+ *
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
- * 
+ *
  * Created: Wed Apr 19 16:50:42 1995 ylo
- * 
+ *
  */
 
-/* RCSID("$Id$"); */
+/* RCSID("$OpenBSD: cipher.h,v 1.18 2000/06/20 01:39:40 markus Exp $"); */
 
 #ifndef CIPHER_H
 #define CIPHER_H
 
-#include "config.h"
-
-#ifdef HAVE_OPENSSL
 #include <openssl/des.h>
 #include <openssl/blowfish.h>
-#endif
-#ifdef HAVE_SSL
-#include <ssl/des.h>
-#include <ssl/blowfish.h>
-#endif
+#include <openssl/rc4.h>
+#include <openssl/cast.h>
 
 /* Cipher types.  New types can be added, but old types should not be removed
    for compatibility.  The maximum allowed value is 31. */
+#define SSH_CIPHER_ILLEGAL     -2      /* No valid cipher selected. */
 #define SSH_CIPHER_NOT_SET     -1      /* None selected (invalid number). */
 #define SSH_CIPHER_NONE                0       /* no encryption */
 #define SSH_CIPHER_IDEA                1       /* IDEA CFB */
@@ -37,6 +32,13 @@
 #define SSH_CIPHER_BROKEN_TSS  4       /* TRI's Simple Stream encryption CBC */
 #define SSH_CIPHER_BROKEN_RC4  5       /* Alleged RC4 */
 #define SSH_CIPHER_BLOWFISH    6
+#define SSH_CIPHER_RESERVED    7
+
+/* these ciphers are used in SSH2: */
+#define SSH_CIPHER_BLOWFISH_CBC        8
+#define SSH_CIPHER_3DES_CBC    9
+#define SSH_CIPHER_ARCFOUR     10      /* Alleged RC4 */
+#define SSH_CIPHER_CAST128_CBC 11
 
 typedef struct {
        unsigned int type;
@@ -52,6 +54,11 @@ typedef struct {
                        struct bf_key_st key;
                        unsigned char iv[8];
                }       bf;
+               struct {
+                       CAST_KEY key;
+                       unsigned char iv[8];
+               } cast;
+               RC4_KEY rc4;
        }       u;
 }       CipherContext;
 /*
@@ -60,6 +67,8 @@ typedef struct {
  * supported cipher.
  */
 unsigned int cipher_mask();
+unsigned int cipher_mask1();
+unsigned int cipher_mask2();
 
 /* Returns the name of the cipher. */
 const char *cipher_name(int cipher);
@@ -70,29 +79,36 @@ const char *cipher_name(int cipher);
  */
 int     cipher_number(const char *name);
 
+/* returns 1 if all ciphers are supported (ssh2 only) */
+int     ciphers_valid(const char *names);
+
 /*
  * Selects the cipher to use and sets the key.  If for_encryption is true,
  * the key is setup for encryption; otherwise it is setup for decryption.
  */
-void 
+void
 cipher_set_key(CipherContext * context, int cipher,
-    const unsigned char *key, int keylen, int for_encryption);
+    const unsigned char *key, int keylen);
+void
+cipher_set_key_iv(CipherContext * context, int cipher,
+    const unsigned char *key, int keylen,
+    const unsigned char *iv, int ivlen);
 
 /*
  * Sets key for the cipher by computing the MD5 checksum of the passphrase,
  * and using the resulting 16 bytes as the key.
  */
-void 
+void
 cipher_set_key_string(CipherContext * context, int cipher,
-    const char *passphrase, int for_encryption);
+    const char *passphrase);
 
 /* Encrypts data using the cipher. */
-void 
+void
 cipher_encrypt(CipherContext * context, unsigned char *dest,
     const unsigned char *src, unsigned int len);
 
 /* Decrypts data using the cipher. */
-void 
+void
 cipher_decrypt(CipherContext * context, unsigned char *dest,
     const unsigned char *src, unsigned int len);