Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2728 - (hide annotations) (download) (as text)
Sun Nov 14 15:53:21 2004 UTC (19 years, 5 months ago) by yutakakn
Original Path: ttssh2/branches/avendor/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 35741 byte(s) 
no message
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40     #include "cipher.h"
41     #include "ssh.h"
42    
43     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
44     #define get_uint32(buf) get_uint32_MSBfirst((buf))
45    
46     #define DEATTACK_OK 0
47     #define DEATTACK_DETECTED 1
48    
49     /*
50     * $Id: crypt.c,v 1.1.1.1 2004-11-14 15:53:14 yutakakn Exp $ Cryptographic attack
51     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
52     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
53     */
54    
55     /* SSH Constants */
56     #define SSH_BLOCKSIZE 8
57    
58     /* Hashing constants */
59     #define HASH_MINSIZE 8*2048
60     #define HASH_ENTRYSIZE 4
61     #define HASH_FACTOR(x) ((x)*3/2)
62     #define HASH_UNUSEDCHAR 0xff
63     #define HASH_UNUSED 0xffffffff
64     #define HASH_IV 0xfffffffe
65    
66     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
67    
68     /* Hash function (Input keys are cipher results) */
69     #define HASH(x) get_uint32(x)
70    
71     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
72    
73    
74    
75     static void crc_update(uint32 FAR * a, uint32 b)
76     {
77     b ^= *a;
78     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
79     }
80    
81     /* check_crc
82     detects if a block is used in a particular pattern
83     */
84    
85     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
86     uint32 len, unsigned char FAR * IV)
87     {
88     uint32 crc;
89     unsigned char FAR *c;
90    
91     crc = 0;
92     if (IV && !CMP(S, IV)) {
93     crc_update(&crc, 1);
94     crc_update(&crc, 0);
95     }
96     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
97     if (!CMP(S, c)) {
98     crc_update(&crc, 1);
99     crc_update(&crc, 0);
100     } else {
101     crc_update(&crc, 0);
102     crc_update(&crc, 0);
103     }
104     }
105    
106     return crc == 0;
107     }
108    
109    
110     /*
111     detect_attack
112     Detects a crc32 compensation attack on a packet
113     */
114     static int detect_attack(CRYPTDetectAttack FAR * statics,
115     unsigned char FAR * buf, uint32 len,
116     unsigned char *FAR IV)
117     {
118     uint32 FAR *h = statics->h;
119     uint32 n = statics->n;
120     uint32 i, j;
121     uint32 l;
122     unsigned char FAR *c;
123     unsigned char FAR *d;
124    
125     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
126     }
127    
128     if (h == NULL) {
129     n = l;
130     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
131     } else {
132     if (l > n) {
133     n = l;
134     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
135     }
136     }
137    
138     statics->h = h;
139     statics->n = n;
140    
141     if (len <= HASH_MINBLOCKS) {
142     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
143     if (IV && (!CMP(c, IV))) {
144     if ((check_crc(c, buf, len, IV)))
145     return DEATTACK_DETECTED;
146     else
147     break;
148     }
149     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
150     if (!CMP(c, d)) {
151     if ((check_crc(c, buf, len, IV)))
152     return DEATTACK_DETECTED;
153     else
154     break;
155     }
156     }
157     }
158     return (DEATTACK_OK);
159     }
160     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
161    
162     if (IV) {
163     h[HASH(IV) & (n - 1)] = HASH_IV;
164     }
165    
166     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
167     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
168     i = (i + 1) & (n - 1)) {
169     if (h[i] == HASH_IV) {
170     if (!CMP(c, IV)) {
171     if (check_crc(c, buf, len, IV))
172     return DEATTACK_DETECTED;
173     else
174     break;
175     }
176     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
177     if (check_crc(c, buf, len, IV))
178     return DEATTACK_DETECTED;
179     else
180     break;
181     }
182     }
183     h[i] = j;
184     }
185    
186     return DEATTACK_OK;
187     }
188    
189     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
190     int bytes)
191     {
192     if (SSHv1(pvar)) {
193     switch (pvar->crypt_state.sender_cipher) {
194     case SSH_CIPHER_NONE:
195     return FALSE;
196     case SSH_CIPHER_IDEA:
197     return detect_attack(&pvar->crypt_state.detect_attack_statics,
198     buf, bytes,
199     pvar->crypt_state.dec.cIDEA.ivec) ==
200     DEATTACK_DETECTED;
201     default:
202     return detect_attack(&pvar->crypt_state.detect_attack_statics,
203     buf, bytes, NULL) == DEATTACK_DETECTED;
204     }
205     } else {
206     return FALSE;
207     }
208     }
209    
210     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
211     {
212     }
213    
214    
215     // for SSH2(yutaka)
216     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
217     int bytes)
218     {
219     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
220     unsigned char *newbuf = malloc(bytes);
221     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
222    
223     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
224     if (bytes == 0)
225     return;
226    
227     if (newbuf == NULL)
228     return;
229    
230     if (bytes % block_size) {
231     char tmp[80];
232     _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
233     notify_fatal_error(pvar, tmp);
234     goto error;
235     }
236    
237     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
238     // TODO: failure
239     notify_fatal_error(pvar, "AES128 encrypt error(2)");
240    
241     } else {
242     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
243     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
244     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
245    
246     //debug_print(50, key, 24);
247     //debug_print(51, iv, 8);
248     //debug_print(52, buf, bytes);
249     //debug_print(53, newbuf, bytes);
250    
251     memcpy(buf, newbuf, bytes);
252     }
253    
254     error:
255     free(newbuf);
256     }
257    
258     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
259     int bytes)
260     {
261     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
262     unsigned char *newbuf = malloc(bytes);
263     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
264    
265     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
266     if (bytes == 0)
267     return;
268    
269     if (newbuf == NULL)
270     return;
271    
272     if (bytes % block_size) {
273     char tmp[80];
274     _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
275     notify_fatal_error(pvar, tmp);
276     goto error;
277     }
278    
279     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
280     // TODO:
281     notify_fatal_error(pvar, "AES128 decrypt error(2)");
282    
283     } else {
284     #if 0
285     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
286     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
287     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
288    
289     {
290     static int no = 70;
291     debug_print(no, buf, bytes);
292     //debug_print(no, key, AES128_KEYLEN);
293     //debug_print(10*no, iv, AES128_IVLEN);
294     debug_print(30*no, newbuf, bytes);
295     no++;
296     }
297     #endif
298    
299     memcpy(buf, newbuf, bytes);
300     }
301    
302     error:;
303     free(newbuf);
304     }
305    
306    
307    
308     // for SSH2(yutaka)
309     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
310     int bytes)
311     {
312     unsigned char key[24], iv[8];
313     unsigned char *newbuf = malloc(bytes);
314    
315     if (newbuf == NULL)
316     return;
317    
318     #if 1
319    
320     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
321     // TODO: failure
322     } else {
323     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
324     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
325     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
326    
327     //debug_print(50, key, 24);
328     //debug_print(51, iv, 8);
329     //debug_print(52, buf, bytes);
330     //debug_print(53, newbuf, bytes);
331    
332     memcpy(buf, newbuf, bytes);
333     }
334     free(newbuf);
335     #else
336    
337     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
338     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
339     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
340    
341     //debug_print(50, key, 24);
342     //debug_print(51, iv, 8);
343     //debug_print(52, buf, bytes);
344    
345     #if 0
346     DES_ede3_cbc_encrypt(
347     buf, newbuf, bytes,
348     (DES_key_schedule *)&key[0],
349     (DES_key_schedule *)&key[8],
350     (DES_key_schedule *)&key[16],
351     (DES_cblock *)iv,
352     DES_ENCRYPT);
353     #else
354     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
355     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
356     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
357    
358     #endif
359    
360     //debug_print(53, newbuf, bytes);
361    
362     memcpy(buf, newbuf, bytes);
363     free(newbuf);
364    
365     #endif
366     }
367    
368     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
369     int bytes)
370     {
371     unsigned char key[24], iv[8];
372     unsigned char *newbuf = malloc(bytes);
373    
374     if (newbuf == NULL)
375     return;
376    
377     #if 1
378     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
379     // TODO:
380    
381     } else {
382     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
383     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
384     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
385    
386     //debug_print(70, key, 24);
387     //debug_print(71, iv, 8);
388     //debug_print(72, buf, bytes);
389     //debug_print(73, newbuf, bytes);
390    
391     memcpy(buf, newbuf, bytes);
392     }
393     free(newbuf);
394    
395     #else
396     unsigned char *key, iv[8];
397     unsigned char *newbuf = malloc(bytes);
398     if (newbuf == NULL)
399     return;
400    
401     key = pvar->ssh2_keys[MODE_IN].enc.key;
402     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
403     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
404    
405     //debug_print(60, key, 24);
406     //debug_print(61, iv, 8);
407     //debug_print(62, buf, bytes);
408    
409     DES_ede3_cbc_encrypt(
410     buf, newbuf, bytes,
411     (DES_key_schedule *)&key[0],
412     (DES_key_schedule *)&key[8],
413     (DES_key_schedule *)&key[16],
414     (DES_cblock *)iv,
415     DES_DECRYPT);
416    
417     //debug_print(63, newbuf, bytes);
418    
419     memcpy(buf, newbuf, bytes);
420    
421     free(newbuf);
422     #endif
423     }
424    
425    
426     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
427     int bytes)
428     {
429     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
430    
431     DES_ncbc_encrypt(buf, buf, bytes,
432     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
433     DES_ncbc_encrypt(buf, buf, bytes,
434     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
435     DES_ncbc_encrypt(buf, buf, bytes,
436     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
437     }
438    
439     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
440     int bytes)
441     {
442     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
443    
444     DES_ncbc_encrypt(buf, buf, bytes,
445     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
446     DES_ncbc_encrypt(buf, buf, bytes,
447     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
448     DES_ncbc_encrypt(buf, buf, bytes,
449     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
450     }
451    
452     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
453     int bytes)
454     {
455     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
456    
457     DES_ncbc_encrypt(buf, buf, bytes,
458     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
459     }
460    
461     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
462     int bytes)
463     {
464     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
465    
466     DES_ncbc_encrypt(buf, buf, bytes,
467     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
468     }
469    
470     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
471     int bytes)
472     {
473     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
474     int num = 0;
475    
476     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
477     encryptstate->ivec, &num, IDEA_ENCRYPT);
478     }
479    
480     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
481     int bytes)
482     {
483     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
484     int num = 0;
485    
486     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
487     decryptstate->ivec, &num, IDEA_DECRYPT);
488     }
489    
490     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
491     {
492     uint32 FAR *buf = (uint32 FAR *) cbuf;
493     int count = bytes / 4;
494    
495     while (count > 0) {
496     uint32 w = *buf;
497    
498     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
499     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
500     count--;
501     buf++;
502     }
503     }
504    
505     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
506     int bytes)
507     {
508     CipherBlowfishState FAR *encryptstate =
509     &pvar->crypt_state.enc.cBlowfish;
510    
511     flip_endianness(buf, bytes);
512     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
513     BF_ENCRYPT);
514     flip_endianness(buf, bytes);
515     }
516    
517     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
518     int bytes)
519     {
520     CipherBlowfishState FAR *decryptstate =
521     &pvar->crypt_state.dec.cBlowfish;
522    
523     flip_endianness(buf, bytes);
524     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
525     BF_DECRYPT);
526     flip_endianness(buf, bytes);
527     }
528    
529     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
530     int bytes)
531     {
532     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
533     int num = 0;
534    
535     RC4(&encryptstate->k, bytes, buf, buf);
536     }
537    
538     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
539     int bytes)
540     {
541     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
542     int num = 0;
543    
544     RC4(&decryptstate->k, bytes, buf, buf);
545     }
546    
547     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
548     int bytes)
549     {
550     RAND_bytes(buf, bytes);
551     }
552    
553     void CRYPT_initialize_random_numbers(PTInstVar pvar)
554     {
555     RAND_screen();
556     }
557    
558     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
559     {
560     int bits = get_ushort16_MSBfirst(bytes);
561    
562     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
563     }
564    
565     static RSA FAR *make_key(PTInstVar pvar,
566     int bits, unsigned char FAR * exp,
567     unsigned char FAR * mod)
568     {
569     RSA FAR *key = RSA_new();
570    
571     if (key != NULL) {
572     key->e = get_bignum(exp);
573     key->n = get_bignum(mod);
574     }
575    
576     if (key == NULL || key->e == NULL || key->n == NULL) {
577     notify_fatal_error(pvar, "Error setting up RSA keys");
578    
579     if (key != NULL) {
580     if (key->e != NULL) {
581     BN_free(key->e);
582     }
583     if (key->n != NULL) {
584     BN_free(key->n);
585     }
586     RSA_free(key);
587     }
588    
589     return NULL;
590     } else {
591     return key;
592     }
593     }
594    
595     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
596     {
597     if (SSHv1(pvar)) {
598     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
599     } else {
600     memcpy(pvar->crypt_state.server_cookie, cookie,
601     SSH2_COOKIE_LENGTH);
602     }
603     }
604    
605     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
606     {
607     if (SSHv2(pvar)) {
608     memcpy(pvar->crypt_state.client_cookie, cookie,
609     SSH2_COOKIE_LENGTH);
610     }
611     }
612    
613     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
614     int bits, unsigned char FAR * exp,
615     unsigned char FAR * mod)
616     {
617     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
618    
619     return pvar->crypt_state.server_key.RSA_key != NULL;
620     }
621    
622     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
623     int bits, unsigned char FAR * exp,
624     unsigned char FAR * mod)
625     {
626     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
627    
628     return pvar->crypt_state.host_key.RSA_key != NULL;
629     }
630    
631     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
632     int receiver_ciphers)
633     {
634     int cipher_mask;
635    
636     if (SSHv1(pvar)) {
637     cipher_mask = (1 << SSH_CIPHER_DES)
638     | (1 << SSH_CIPHER_3DES)
639     | (1 << SSH_CIPHER_BLOWFISH);
640    
641     } else { // for SSH2(yutaka)
642     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
643     cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
644    
645     }
646    
647     sender_ciphers &= cipher_mask;
648     receiver_ciphers &= cipher_mask;
649     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
650     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
651    
652     if (sender_ciphers == 0) {
653     notify_fatal_error(pvar,
654     "The server does not support any of the TTSSH encryption algorithms.\n"
655     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
656     "The connection will be closed.");
657     return FALSE;
658     } else if (receiver_ciphers == 0) {
659     notify_fatal_error(pvar,
660     "The server does not support any of the TTSSH encryption algorithms.\n"
661     "A secure connection cannot be made in the server-to-TTSSH direction.\n"
662     "The connection will be closed.");
663     return FALSE;
664     } else {
665     return TRUE;
666     }
667     }
668    
669     int CRYPT_get_decryption_block_size(PTInstVar pvar)
670     {
671     if (SSHv1(pvar)) {
672     return 8;
673     } else {
674     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
675     // cf. 3DES=8, AES128=16
676     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
677     }
678     }
679    
680     int CRYPT_get_encryption_block_size(PTInstVar pvar)
681     {
682     if (SSHv1(pvar)) {
683     return 8;
684     } else {
685     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
686     // cf. 3DES=8, AES128=16
687     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
688     }
689     }
690    
691     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
692     {
693     struct Mac *mac;
694    
695     if (SSHv1(pvar)) {
696     return 0;
697    
698     } else { // for SSH2(yutaka)
699     mac = &pvar->ssh2_keys[MODE_IN].mac;
700     if (mac == NULL || mac->enabled == 0)
701     return 0;
702    
703     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
704     }
705    
706     }
707    
708     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
709     char FAR * data, int len, char FAR * MAC)
710     {
711     return TRUE;
712     }
713    
714     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
715     {
716     struct Mac *mac;
717    
718     if (SSHv2(pvar)) { // for SSH2(yutaka)
719     mac = &pvar->ssh2_keys[MODE_OUT].mac;
720     if (mac == NULL || mac->enabled == 0)
721     return 0;
722    
723     return (mac->mac_len);
724     }
725    
726     return 0;
727     }
728    
729     // for SSH2
730     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
731     char FAR * data, int len, char FAR * MAC)
732     {
733     HMAC_CTX c;
734     static u_char m[EVP_MAX_MD_SIZE];
735     u_char b[4];
736     struct Mac *mac;
737    
738     if (SSHv2(pvar)) { // for SSH2(yutaka)
739     mac = &pvar->ssh2_keys[MODE_OUT].mac;
740     if (mac == NULL || mac->enabled == 0)
741     return FALSE;
742    
743     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
744     set_uint32_MSBfirst(b, sequence_number);
745     HMAC_Update(&c, b, sizeof(b));
746     HMAC_Update(&c, data, len);
747     HMAC_Final(&c, m, NULL);
748     HMAC_cleanup(&c);
749    
750     // 20�o�C�g�������R�s�[
751     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
752     // memcpy(MAC, m, sizeof(m));
753    
754     return TRUE;
755     }
756    
757     return TRUE;
758    
759     }
760    
761     static int choose_cipher(PTInstVar pvar, int supported)
762     {
763     int i;
764    
765     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
766     int cipher = pvar->session_settings.CipherOrder[i] - '0';
767    
768     if (cipher == SSH_CIPHER_NONE) {
769     break;
770     } else if ((supported & (1 << cipher)) != 0) {
771     return cipher;
772     }
773     }
774    
775     return SSH_CIPHER_NONE;
776     }
777    
778     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
779     {
780     if (SSHv1(pvar)) {
781     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
782     pvar->crypt_state.
783     supported_sender_ciphers);
784     pvar->crypt_state.receiver_cipher =
785     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
786    
787     } else { // SSH2(yutaka)
788     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
789     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
790    
791     }
792    
793     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
794     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
795     notify_fatal_error(pvar,
796     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
797     "To communicate with this server, you will have to enable some more ciphers\n"
798     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
799     "This connection will now close.");
800     return FALSE;
801     } else {
802     return TRUE;
803     }
804     }
805    
806     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
807     {
808     int server_key_bits =
809     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
810     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
811     int server_key_bytes = (server_key_bits + 7) / 8;
812     int host_key_bytes = (host_key_bits + 7) / 8;
813    
814     if (server_key_bits < host_key_bits) {
815     return host_key_bytes;
816     } else {
817     return server_key_bytes;
818     }
819     }
820    
821     int CRYPT_choose_session_key(PTInstVar pvar,
822     unsigned char FAR * encrypted_key_buf)
823     {
824     int server_key_bits =
825     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
826     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
827     int server_key_bytes = (server_key_bits + 7) / 8;
828     int host_key_bytes = (host_key_bits + 7) / 8;
829     int encrypted_key_bytes;
830     int bit_delta;
831    
832     if (server_key_bits < host_key_bits) {
833     encrypted_key_bytes = host_key_bytes;
834     bit_delta = host_key_bits - server_key_bits;
835     } else {
836     encrypted_key_bytes = server_key_bytes;
837     bit_delta = server_key_bits - host_key_bits;
838     }
839    
840     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
841     notify_fatal_error(pvar,
842     "Server RSA keys are too weak. A secure connection cannot be established.");
843     return 0;
844     } else {
845     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
846     for the session ID, rather than the one specified in the RFC */
847     int session_buf_len = server_key_bytes + host_key_bytes + 8;
848     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
849     char session_id[16];
850     int i;
851    
852     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
853     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
854     session_buf + host_key_bytes);
855     memcpy(session_buf + server_key_bytes + host_key_bytes,
856     pvar->crypt_state.server_cookie, 8);
857     MD5(session_buf, session_buf_len, session_id);
858    
859     free(session_buf);
860    
861     RAND_bytes(pvar->crypt_state.sender_cipher_key,
862     SSH_SESSION_KEY_LENGTH);
863     memcpy(pvar->crypt_state.receiver_cipher_key,
864     pvar->crypt_state.sender_cipher_key,
865     SSH_SESSION_KEY_LENGTH);
866    
867     memcpy(encrypted_key_buf + encrypted_key_bytes -
868     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
869     SSH_SESSION_KEY_LENGTH);
870     for (i = 0; i < sizeof(session_id); i++) {
871     encrypted_key_buf[encrypted_key_bytes -
872     SSH_SESSION_KEY_LENGTH + i]
873     ^= session_id[i];
874     }
875    
876     if (host_key_bits > server_key_bits) {
877     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
878     encrypted_key_buf +
879     encrypted_key_bytes -
880     SSH_SESSION_KEY_LENGTH,
881     encrypted_key_buf +
882     encrypted_key_bytes - server_key_bytes,
883     pvar->crypt_state.server_key.RSA_key,
884     RSA_PKCS1_PADDING) < 0)
885     return 0;
886    
887     if (RSA_public_encrypt(server_key_bytes,
888     encrypted_key_buf +
889     encrypted_key_bytes - server_key_bytes,
890     encrypted_key_buf,
891     pvar->crypt_state.host_key.RSA_key,
892     RSA_PKCS1_PADDING) < 0)
893     return 0;
894     } else {
895     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
896     encrypted_key_buf +
897     encrypted_key_bytes -
898     SSH_SESSION_KEY_LENGTH,
899     encrypted_key_buf +
900     encrypted_key_bytes - host_key_bytes,
901     pvar->crypt_state.host_key.RSA_key,
902     RSA_PKCS1_PADDING) < 0)
903     return 0;
904    
905     if (RSA_public_encrypt(host_key_bytes,
906     encrypted_key_buf +
907     encrypted_key_bytes - host_key_bytes,
908     encrypted_key_buf,
909     pvar->crypt_state.server_key.RSA_key,
910     RSA_PKCS1_PADDING) < 0)
911     return 0;
912     }
913     }
914    
915     return 1;
916     }
917    
918     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
919     unsigned char FAR * challenge,
920     int challenge_len,
921     unsigned char FAR * response)
922     {
923     int server_key_bits =
924     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
925     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
926     int server_key_bytes = (server_key_bits + 7) / 8;
927     int host_key_bytes = (host_key_bits + 7) / 8;
928     int session_buf_len = server_key_bytes + host_key_bytes + 8;
929     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
930     char decrypted_challenge[48];
931     int decrypted_challenge_len;
932    
933     decrypted_challenge_len =
934     RSA_private_decrypt(challenge_len, challenge, challenge,
935     AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
936     RSA_PKCS1_PADDING);
937     if (decrypted_challenge_len < 0) {
938     free(session_buf);
939     return 0;
940     }
941     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
942     memcpy(decrypted_challenge,
943     challenge + decrypted_challenge_len -
944     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
945     } else {
946     memset(decrypted_challenge, 0,
947     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
948     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
949     decrypted_challenge_len, challenge,
950     decrypted_challenge_len);
951     }
952    
953     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
954     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
955     session_buf + host_key_bytes);
956     memcpy(session_buf + server_key_bytes + host_key_bytes,
957     pvar->crypt_state.server_cookie, 8);
958     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
959    
960     free(session_buf);
961    
962     MD5(decrypted_challenge, 48, response);
963    
964     return 1;
965     }
966    
967     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
968     {
969     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
970     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
971     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
972     memset(state->ivec1, 0, 8);
973     memset(state->ivec2, 0, 8);
974     memset(state->ivec3, 0, 8);
975     }
976    
977     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
978     {
979     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
980     memset(state->ivec, 0, 8);
981     }
982    
983     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
984     {
985     idea_set_encrypt_key(session_key, &state->k);
986     memset(state->ivec, 0, 8);
987     }
988    
989     static void cBlowfish_init(char FAR * session_key,
990     CipherBlowfishState FAR * state)
991     {
992     BF_set_key(&state->k, 32, session_key);
993     memset(state->ivec, 0, 8);
994     }
995    
996    
997     //
998     // SSH2�p�A���S���Y����������
999     //
1000     // for SSH2(yutaka)
1001     //
1002     void cipher_init_SSH2(
1003     EVP_CIPHER_CTX *evp,
1004     const u_char *key, u_int keylen,
1005     const u_char *iv, u_int ivlen,
1006     int encrypt,
1007     const EVP_CIPHER *(*func)(void)
1008     )
1009     {
1010     EVP_CIPHER *type;
1011     int klen;
1012    
1013     type = (EVP_CIPHER *)func();
1014    
1015     EVP_CIPHER_CTX_init(evp);
1016     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1017     // TODO:
1018     }
1019    
1020     klen = EVP_CIPHER_CTX_key_length(evp);
1021     if (klen > 0 && keylen != klen) {
1022     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1023     // TODO:
1024     }
1025     }
1026     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1027     // TODO:
1028     }
1029     }
1030    
1031    
1032     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1033     {
1034     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1035     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1036     BOOL isOK = TRUE;
1037    
1038     if (sender_flag) {
1039     switch (pvar->crypt_state.sender_cipher) {
1040     // for SSH2(yutaka)
1041     case SSH_CIPHER_3DES_CBC:
1042     {
1043     struct Enc *enc;
1044    
1045     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1046     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1047     enc->key, 24, enc->iv, 8,
1048     CIPHER_ENCRYPT,
1049     EVP_des_ede3_cbc);
1050    
1051     //debug_print(10, enc->key, 24);
1052     //debug_print(11, enc->iv, 24);
1053    
1054     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1055     break;
1056     }
1057    
1058     // for SSH2(yutaka)
1059     case SSH_CIPHER_AES128:
1060     {
1061     struct Enc *enc;
1062    
1063     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1064     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1065     enc->key, 16, enc->iv, 16,
1066     CIPHER_ENCRYPT,
1067     EVP_aes_128_cbc);
1068    
1069     //debug_print(10, enc->key, 24);
1070     //debug_print(11, enc->iv, 24);
1071    
1072     pvar->crypt_state.encrypt = cAES128_encrypt;
1073     break;
1074     }
1075    
1076     case SSH_CIPHER_3DES:{
1077     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1078     pvar->crypt_state.encrypt = c3DES_encrypt;
1079     break;
1080     }
1081     case SSH_CIPHER_IDEA:{
1082     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1083     pvar->crypt_state.encrypt = cIDEA_encrypt;
1084     break;
1085     }
1086     case SSH_CIPHER_DES:{
1087     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1088     pvar->crypt_state.encrypt = cDES_encrypt;
1089     break;
1090     }
1091     case SSH_CIPHER_RC4:{
1092     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1093     encryption_key + 16);
1094     pvar->crypt_state.encrypt = cRC4_encrypt;
1095     break;
1096     }
1097     case SSH_CIPHER_BLOWFISH:{
1098     cBlowfish_init(encryption_key,
1099     &pvar->crypt_state.enc.cBlowfish);
1100     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1101     break;
1102     }
1103     default:
1104     isOK = FALSE;
1105     }
1106     }
1107    
1108    
1109     if (receiver_flag) {
1110     switch (pvar->crypt_state.receiver_cipher) {
1111     // for SSH2(yutaka)
1112     case SSH_CIPHER_3DES_CBC:
1113     {
1114     struct Enc *enc;
1115    
1116     enc = &pvar->ssh2_keys[MODE_IN].enc;
1117     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1118     enc->key, 24, enc->iv, 8,
1119     CIPHER_DECRYPT,
1120     EVP_des_ede3_cbc);
1121    
1122     //debug_print(12, enc->key, 24);
1123     //debug_print(13, enc->iv, 24);
1124    
1125     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1126     break;
1127     }
1128    
1129     // for SSH2(yutaka)
1130     case SSH_CIPHER_AES128:
1131     {
1132     struct Enc *enc;
1133    
1134     enc = &pvar->ssh2_keys[MODE_IN].enc;
1135     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1136     enc->key, 16, enc->iv, 16,
1137     CIPHER_DECRYPT,
1138     EVP_aes_128_cbc);
1139    
1140     //debug_print(12, enc->key, 24);
1141     //debug_print(13, enc->iv, 24);
1142    
1143     pvar->crypt_state.decrypt = cAES128_decrypt;
1144     break;
1145     }
1146    
1147     case SSH_CIPHER_3DES:{
1148     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1149     pvar->crypt_state.decrypt = c3DES_decrypt;
1150     break;
1151     }
1152     case SSH_CIPHER_IDEA:{
1153     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1154     pvar->crypt_state.decrypt = cIDEA_decrypt;
1155     break;
1156     }
1157     case SSH_CIPHER_DES:{
1158     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1159     pvar->crypt_state.decrypt = cDES_decrypt;
1160     break;
1161     }
1162     case SSH_CIPHER_RC4:{
1163     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1164     pvar->crypt_state.decrypt = cRC4_decrypt;
1165     break;
1166     }
1167     case SSH_CIPHER_BLOWFISH:{
1168     cBlowfish_init(decryption_key,
1169     &pvar->crypt_state.dec.cBlowfish);
1170     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1171     break;
1172     }
1173     default:
1174     isOK = FALSE;
1175     }
1176     }
1177    
1178    
1179     if (!isOK) {
1180     notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1181     return FALSE;
1182     } else {
1183     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1184     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1185     return TRUE;
1186     }
1187     }
1188    
1189     void CRYPT_init(PTInstVar pvar)
1190     {
1191     pvar->crypt_state.encrypt = no_encrypt;
1192     pvar->crypt_state.decrypt = no_encrypt;
1193     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1194     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1195     pvar->crypt_state.server_key.RSA_key = NULL;
1196     pvar->crypt_state.host_key.RSA_key = NULL;
1197    
1198     pvar->crypt_state.detect_attack_statics.h = NULL;
1199     pvar->crypt_state.detect_attack_statics.n =
1200     HASH_MINSIZE / HASH_ENTRYSIZE;
1201     }
1202    
1203     static char FAR *get_cipher_name(int cipher)
1204     {
1205     switch (cipher) {
1206     case SSH_CIPHER_NONE:
1207     return "None";
1208     case SSH_CIPHER_3DES:
1209     return "3DES (168 key bits)";
1210     case SSH_CIPHER_DES:
1211     return "DES (56 key bits)";
1212     case SSH_CIPHER_IDEA:
1213     return "IDEA (128 key bits)";
1214     case SSH_CIPHER_RC4:
1215     return "RC4 (128 key bits)";
1216     case SSH_CIPHER_BLOWFISH:
1217     return "Blowfish (256 key bits)";
1218    
1219     // SSH2
1220     case SSH_CIPHER_3DES_CBC:
1221     return "3DES-CBC";
1222     case SSH_CIPHER_AES128:
1223     return "AES128";
1224    
1225     default:
1226     return "Unknown";
1227     }
1228     }
1229    
1230     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1231     {
1232     _snprintf(dest, len, "%s to server, %s from server",
1233     get_cipher_name(pvar->crypt_state.sender_cipher),
1234     get_cipher_name(pvar->crypt_state.receiver_cipher));
1235     dest[len - 1] = 0;
1236     }
1237    
1238     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1239     {
1240     if (SSHv1(pvar)) {
1241     if (pvar->crypt_state.server_key.RSA_key == NULL
1242     || pvar->crypt_state.host_key.RSA_key == NULL) {
1243     strncpy(dest, "None", len);
1244     } else {
1245     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1246     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1247     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1248     }
1249    
1250     } else { // SSH2
1251     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1252     pvar->server_key_bits,
1253     pvar->client_key_bits);
1254    
1255     }
1256    
1257     dest[len - 1] = 0;
1258     }
1259    
1260     static void destroy_public_key(CRYPTPublicKey FAR * key)
1261     {
1262     if (key->RSA_key != NULL) {
1263     RSA_free(key->RSA_key);
1264     key->RSA_key = NULL;
1265     }
1266     }
1267    
1268     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1269     {
1270     destroy_public_key(key);
1271     free(key);
1272     }
1273    
1274     void CRYPT_end(PTInstVar pvar)
1275     {
1276     destroy_public_key(&pvar->crypt_state.host_key);
1277     destroy_public_key(&pvar->crypt_state.server_key);
1278    
1279     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1280     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1281     pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1282     free(pvar->crypt_state.detect_attack_statics.h);
1283     }
1284    
1285     memset(pvar->crypt_state.sender_cipher_key, 0,
1286     sizeof(pvar->crypt_state.sender_cipher_key));
1287     memset(pvar->crypt_state.receiver_cipher_key, 0,
1288     sizeof(pvar->crypt_state.receiver_cipher_key));
1289     memset(pvar->crypt_state.server_cookie, 0,
1290     sizeof(pvar->crypt_state.server_cookie));
1291     memset(pvar->crypt_state.client_cookie, 0,
1292     sizeof(pvar->crypt_state.client_cookie));
1293     memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1294     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1295     }
1296    
1297     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1298     char FAR * buf, int bytes)
1299     {
1300     unsigned char passphrase_key[16];
1301    
1302     MD5(passphrase, strlen(passphrase), passphrase_key);
1303    
1304     switch (cipher) {
1305     case SSH_CIPHER_3DES:{
1306     Cipher3DESState state;
1307    
1308     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1309     &state.k1);
1310     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1311     &state.k2);
1312     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1313     &state.k3);
1314     memset(state.ivec1, 0, 8);
1315     memset(state.ivec2, 0, 8);
1316     memset(state.ivec3, 0, 8);
1317     DES_ncbc_encrypt(buf, buf, bytes,
1318     &state.k3, &state.ivec3, DES_DECRYPT);
1319     DES_ncbc_encrypt(buf, buf, bytes,
1320     &state.k2, &state.ivec2, DES_ENCRYPT);
1321     DES_ncbc_encrypt(buf, buf, bytes,
1322     &state.k1, &state.ivec1, DES_DECRYPT);
1323     break;
1324     }
1325    
1326     case SSH_CIPHER_IDEA:{
1327     CipherIDEAState state;
1328     int num = 0;
1329    
1330     cIDEA_init(passphrase_key, &state);
1331     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1332     &num, IDEA_DECRYPT);
1333     break;
1334     }
1335    
1336     case SSH_CIPHER_DES:{
1337     CipherDESState state;
1338    
1339     cDES_init(passphrase_key, &state);
1340     DES_ncbc_encrypt(buf, buf, bytes,
1341     &state.k, &state.ivec, DES_DECRYPT);
1342     break;
1343     }
1344    
1345     case SSH_CIPHER_RC4:{
1346     CipherRC4State state;
1347     int num = 0;
1348    
1349     RC4_set_key(&state.k, 16, passphrase_key);
1350     RC4(&state.k, bytes, buf, buf);
1351     break;
1352     }
1353    
1354     case SSH_CIPHER_BLOWFISH:{
1355     CipherBlowfishState state;
1356    
1357     BF_set_key(&state.k, 16, passphrase_key);
1358     memset(state.ivec, 0, 8);
1359     flip_endianness(buf, bytes);
1360     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1361     BF_DECRYPT);
1362     flip_endianness(buf, bytes);
1363     break;
1364     }
1365    
1366     case SSH_CIPHER_NONE:
1367     break;
1368    
1369     default:
1370     memset(passphrase_key, 0, sizeof(passphrase_key));
1371     return 0;
1372     }
1373    
1374     memset(passphrase_key, 0, sizeof(passphrase_key));
1375     return 1;
1376     }
1377    
1378     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1379     {
1380     RSA_free(key_pair->RSA_key);
1381     free(key_pair);
1382     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help