Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2757 - (hide annotations) (download) (as text)
Fri Dec 17 14:05:55 2004 UTC (19 years, 3 months ago) by yutakakn
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 36447 byte(s) 
パケット受信時のHMACチェックを追加。
KEXにおけるHMACアルゴリズムチェックを追加。
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40     #include "cipher.h"
41     #include "ssh.h"
42    
43     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
44     #define get_uint32(buf) get_uint32_MSBfirst((buf))
45    
46     #define DEATTACK_OK 0
47     #define DEATTACK_DETECTED 1
48    
49     /*
50 yutakakn 2757 * $Id: crypt.c,v 1.2 2004-12-17 14:05:55 yutakakn Exp $ Cryptographic attack
51 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
52     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
53     */
54    
55     /* SSH Constants */
56     #define SSH_BLOCKSIZE 8
57    
58     /* Hashing constants */
59     #define HASH_MINSIZE 8*2048
60     #define HASH_ENTRYSIZE 4
61     #define HASH_FACTOR(x) ((x)*3/2)
62     #define HASH_UNUSEDCHAR 0xff
63     #define HASH_UNUSED 0xffffffff
64     #define HASH_IV 0xfffffffe
65    
66     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
67    
68     /* Hash function (Input keys are cipher results) */
69     #define HASH(x) get_uint32(x)
70    
71     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
72    
73    
74    
75     static void crc_update(uint32 FAR * a, uint32 b)
76     {
77     b ^= *a;
78     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
79     }
80    
81     /* check_crc
82     detects if a block is used in a particular pattern
83     */
84    
85     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
86     uint32 len, unsigned char FAR * IV)
87     {
88     uint32 crc;
89     unsigned char FAR *c;
90    
91     crc = 0;
92     if (IV && !CMP(S, IV)) {
93     crc_update(&crc, 1);
94     crc_update(&crc, 0);
95     }
96     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
97     if (!CMP(S, c)) {
98     crc_update(&crc, 1);
99     crc_update(&crc, 0);
100     } else {
101     crc_update(&crc, 0);
102     crc_update(&crc, 0);
103     }
104     }
105    
106     return crc == 0;
107     }
108    
109    
110     /*
111     detect_attack
112     Detects a crc32 compensation attack on a packet
113     */
114     static int detect_attack(CRYPTDetectAttack FAR * statics,
115     unsigned char FAR * buf, uint32 len,
116     unsigned char *FAR IV)
117     {
118     uint32 FAR *h = statics->h;
119     uint32 n = statics->n;
120     uint32 i, j;
121     uint32 l;
122     unsigned char FAR *c;
123     unsigned char FAR *d;
124    
125     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
126     }
127    
128     if (h == NULL) {
129     n = l;
130     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
131     } else {
132     if (l > n) {
133     n = l;
134     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
135     }
136     }
137    
138     statics->h = h;
139     statics->n = n;
140    
141     if (len <= HASH_MINBLOCKS) {
142     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
143     if (IV && (!CMP(c, IV))) {
144     if ((check_crc(c, buf, len, IV)))
145     return DEATTACK_DETECTED;
146     else
147     break;
148     }
149     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
150     if (!CMP(c, d)) {
151     if ((check_crc(c, buf, len, IV)))
152     return DEATTACK_DETECTED;
153     else
154     break;
155     }
156     }
157     }
158     return (DEATTACK_OK);
159     }
160     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
161    
162     if (IV) {
163     h[HASH(IV) & (n - 1)] = HASH_IV;
164     }
165    
166     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
167     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
168     i = (i + 1) & (n - 1)) {
169     if (h[i] == HASH_IV) {
170     if (!CMP(c, IV)) {
171     if (check_crc(c, buf, len, IV))
172     return DEATTACK_DETECTED;
173     else
174     break;
175     }
176     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
177     if (check_crc(c, buf, len, IV))
178     return DEATTACK_DETECTED;
179     else
180     break;
181     }
182     }
183     h[i] = j;
184     }
185    
186     return DEATTACK_OK;
187     }
188    
189     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
190     int bytes)
191     {
192     if (SSHv1(pvar)) {
193     switch (pvar->crypt_state.sender_cipher) {
194     case SSH_CIPHER_NONE:
195     return FALSE;
196     case SSH_CIPHER_IDEA:
197     return detect_attack(&pvar->crypt_state.detect_attack_statics,
198     buf, bytes,
199     pvar->crypt_state.dec.cIDEA.ivec) ==
200     DEATTACK_DETECTED;
201     default:
202     return detect_attack(&pvar->crypt_state.detect_attack_statics,
203     buf, bytes, NULL) == DEATTACK_DETECTED;
204     }
205     } else {
206     return FALSE;
207     }
208     }
209    
210     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
211     {
212     }
213    
214    
215     // for SSH2(yutaka)
216     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
217     int bytes)
218     {
219     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
220     unsigned char *newbuf = malloc(bytes);
221     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
222    
223     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
224     if (bytes == 0)
225     return;
226    
227     if (newbuf == NULL)
228     return;
229    
230     if (bytes % block_size) {
231     char tmp[80];
232     _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
233     notify_fatal_error(pvar, tmp);
234     goto error;
235     }
236    
237     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
238     // TODO: failure
239     notify_fatal_error(pvar, "AES128 encrypt error(2)");
240    
241     } else {
242     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
243     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
244     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
245    
246     //debug_print(50, key, 24);
247     //debug_print(51, iv, 8);
248     //debug_print(52, buf, bytes);
249     //debug_print(53, newbuf, bytes);
250    
251     memcpy(buf, newbuf, bytes);
252     }
253    
254     error:
255     free(newbuf);
256     }
257    
258     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
259     int bytes)
260     {
261     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
262     unsigned char *newbuf = malloc(bytes);
263     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
264    
265     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
266     if (bytes == 0)
267     return;
268    
269     if (newbuf == NULL)
270     return;
271    
272     if (bytes % block_size) {
273     char tmp[80];
274     _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
275     notify_fatal_error(pvar, tmp);
276     goto error;
277     }
278    
279     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
280     // TODO:
281     notify_fatal_error(pvar, "AES128 decrypt error(2)");
282    
283     } else {
284     #if 0
285     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
286     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
287     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
288    
289     {
290     static int no = 70;
291     debug_print(no, buf, bytes);
292     //debug_print(no, key, AES128_KEYLEN);
293     //debug_print(10*no, iv, AES128_IVLEN);
294     debug_print(30*no, newbuf, bytes);
295     no++;
296     }
297     #endif
298    
299     memcpy(buf, newbuf, bytes);
300     }
301    
302     error:;
303     free(newbuf);
304     }
305    
306    
307    
308     // for SSH2(yutaka)
309     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
310     int bytes)
311     {
312     unsigned char key[24], iv[8];
313     unsigned char *newbuf = malloc(bytes);
314    
315     if (newbuf == NULL)
316     return;
317    
318     #if 1
319    
320     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
321     // TODO: failure
322     } else {
323     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
324     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
325     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
326    
327     //debug_print(50, key, 24);
328     //debug_print(51, iv, 8);
329     //debug_print(52, buf, bytes);
330     //debug_print(53, newbuf, bytes);
331    
332     memcpy(buf, newbuf, bytes);
333     }
334     free(newbuf);
335     #else
336    
337     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
338     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
339     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
340    
341     //debug_print(50, key, 24);
342     //debug_print(51, iv, 8);
343     //debug_print(52, buf, bytes);
344    
345     #if 0
346     DES_ede3_cbc_encrypt(
347     buf, newbuf, bytes,
348     (DES_key_schedule *)&key[0],
349     (DES_key_schedule *)&key[8],
350     (DES_key_schedule *)&key[16],
351     (DES_cblock *)iv,
352     DES_ENCRYPT);
353     #else
354     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
355     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
356     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
357    
358     #endif
359    
360     //debug_print(53, newbuf, bytes);
361    
362     memcpy(buf, newbuf, bytes);
363     free(newbuf);
364    
365     #endif
366     }
367    
368     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
369     int bytes)
370     {
371     unsigned char key[24], iv[8];
372     unsigned char *newbuf = malloc(bytes);
373    
374     if (newbuf == NULL)
375     return;
376    
377     #if 1
378     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
379     // TODO:
380    
381     } else {
382     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
383     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
384     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
385    
386     //debug_print(70, key, 24);
387     //debug_print(71, iv, 8);
388     //debug_print(72, buf, bytes);
389     //debug_print(73, newbuf, bytes);
390    
391     memcpy(buf, newbuf, bytes);
392     }
393     free(newbuf);
394    
395     #else
396     unsigned char *key, iv[8];
397     unsigned char *newbuf = malloc(bytes);
398     if (newbuf == NULL)
399     return;
400    
401     key = pvar->ssh2_keys[MODE_IN].enc.key;
402     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
403     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
404    
405     //debug_print(60, key, 24);
406     //debug_print(61, iv, 8);
407     //debug_print(62, buf, bytes);
408    
409     DES_ede3_cbc_encrypt(
410     buf, newbuf, bytes,
411     (DES_key_schedule *)&key[0],
412     (DES_key_schedule *)&key[8],
413     (DES_key_schedule *)&key[16],
414     (DES_cblock *)iv,
415     DES_DECRYPT);
416    
417     //debug_print(63, newbuf, bytes);
418    
419     memcpy(buf, newbuf, bytes);
420    
421     free(newbuf);
422     #endif
423     }
424    
425    
426     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
427     int bytes)
428     {
429     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
430    
431     DES_ncbc_encrypt(buf, buf, bytes,
432     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
433     DES_ncbc_encrypt(buf, buf, bytes,
434     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
435     DES_ncbc_encrypt(buf, buf, bytes,
436     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
437     }
438    
439     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
440     int bytes)
441     {
442     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
443    
444     DES_ncbc_encrypt(buf, buf, bytes,
445     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
446     DES_ncbc_encrypt(buf, buf, bytes,
447     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
448     DES_ncbc_encrypt(buf, buf, bytes,
449     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
450     }
451    
452     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
453     int bytes)
454     {
455     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
456    
457     DES_ncbc_encrypt(buf, buf, bytes,
458     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
459     }
460    
461     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
462     int bytes)
463     {
464     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
465    
466     DES_ncbc_encrypt(buf, buf, bytes,
467     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
468     }
469    
470     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
471     int bytes)
472     {
473     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
474     int num = 0;
475    
476     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
477     encryptstate->ivec, &num, IDEA_ENCRYPT);
478     }
479    
480     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
481     int bytes)
482     {
483     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
484     int num = 0;
485    
486     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
487     decryptstate->ivec, &num, IDEA_DECRYPT);
488     }
489    
490     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
491     {
492     uint32 FAR *buf = (uint32 FAR *) cbuf;
493     int count = bytes / 4;
494    
495     while (count > 0) {
496     uint32 w = *buf;
497    
498     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
499     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
500     count--;
501     buf++;
502     }
503     }
504    
505     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
506     int bytes)
507     {
508     CipherBlowfishState FAR *encryptstate =
509     &pvar->crypt_state.enc.cBlowfish;
510    
511     flip_endianness(buf, bytes);
512     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
513     BF_ENCRYPT);
514     flip_endianness(buf, bytes);
515     }
516    
517     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
518     int bytes)
519     {
520     CipherBlowfishState FAR *decryptstate =
521     &pvar->crypt_state.dec.cBlowfish;
522    
523     flip_endianness(buf, bytes);
524     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
525     BF_DECRYPT);
526     flip_endianness(buf, bytes);
527     }
528    
529     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
530     int bytes)
531     {
532     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
533     int num = 0;
534    
535     RC4(&encryptstate->k, bytes, buf, buf);
536     }
537    
538     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
539     int bytes)
540     {
541     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
542     int num = 0;
543    
544     RC4(&decryptstate->k, bytes, buf, buf);
545     }
546    
547     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
548     int bytes)
549     {
550     RAND_bytes(buf, bytes);
551     }
552    
553     void CRYPT_initialize_random_numbers(PTInstVar pvar)
554     {
555     RAND_screen();
556     }
557    
558     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
559     {
560     int bits = get_ushort16_MSBfirst(bytes);
561    
562     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
563     }
564    
565     static RSA FAR *make_key(PTInstVar pvar,
566     int bits, unsigned char FAR * exp,
567     unsigned char FAR * mod)
568     {
569     RSA FAR *key = RSA_new();
570    
571     if (key != NULL) {
572     key->e = get_bignum(exp);
573     key->n = get_bignum(mod);
574     }
575    
576     if (key == NULL || key->e == NULL || key->n == NULL) {
577     notify_fatal_error(pvar, "Error setting up RSA keys");
578    
579     if (key != NULL) {
580     if (key->e != NULL) {
581     BN_free(key->e);
582     }
583     if (key->n != NULL) {
584     BN_free(key->n);
585     }
586     RSA_free(key);
587     }
588    
589     return NULL;
590     } else {
591     return key;
592     }
593     }
594    
595     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
596     {
597     if (SSHv1(pvar)) {
598     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
599     } else {
600     memcpy(pvar->crypt_state.server_cookie, cookie,
601     SSH2_COOKIE_LENGTH);
602     }
603     }
604    
605     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
606     {
607     if (SSHv2(pvar)) {
608     memcpy(pvar->crypt_state.client_cookie, cookie,
609     SSH2_COOKIE_LENGTH);
610     }
611     }
612    
613     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
614     int bits, unsigned char FAR * exp,
615     unsigned char FAR * mod)
616     {
617     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
618    
619     return pvar->crypt_state.server_key.RSA_key != NULL;
620     }
621    
622     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
623     int bits, unsigned char FAR * exp,
624     unsigned char FAR * mod)
625     {
626     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
627    
628     return pvar->crypt_state.host_key.RSA_key != NULL;
629     }
630    
631     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
632     int receiver_ciphers)
633     {
634     int cipher_mask;
635    
636     if (SSHv1(pvar)) {
637     cipher_mask = (1 << SSH_CIPHER_DES)
638     | (1 << SSH_CIPHER_3DES)
639     | (1 << SSH_CIPHER_BLOWFISH);
640    
641     } else { // for SSH2(yutaka)
642     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
643     cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
644    
645     }
646    
647     sender_ciphers &= cipher_mask;
648     receiver_ciphers &= cipher_mask;
649     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
650     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
651    
652     if (sender_ciphers == 0) {
653     notify_fatal_error(pvar,
654     "The server does not support any of the TTSSH encryption algorithms.\n"
655     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
656     "The connection will be closed.");
657     return FALSE;
658     } else if (receiver_ciphers == 0) {
659     notify_fatal_error(pvar,
660     "The server does not support any of the TTSSH encryption algorithms.\n"
661     "A secure connection cannot be made in the server-to-TTSSH direction.\n"
662     "The connection will be closed.");
663     return FALSE;
664     } else {
665     return TRUE;
666     }
667     }
668    
669     int CRYPT_get_decryption_block_size(PTInstVar pvar)
670     {
671     if (SSHv1(pvar)) {
672     return 8;
673     } else {
674     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
675     // cf. 3DES=8, AES128=16
676     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
677     }
678     }
679    
680     int CRYPT_get_encryption_block_size(PTInstVar pvar)
681     {
682     if (SSHv1(pvar)) {
683     return 8;
684     } else {
685     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
686     // cf. 3DES=8, AES128=16
687     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
688     }
689     }
690    
691     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
692     {
693     struct Mac *mac;
694    
695     if (SSHv1(pvar)) {
696     return 0;
697    
698     } else { // for SSH2(yutaka)
699     mac = &pvar->ssh2_keys[MODE_IN].mac;
700     if (mac == NULL || mac->enabled == 0)
701     return 0;
702    
703     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
704     }
705    
706     }
707    
708 yutakakn 2757 // HMAC������
709     // ���{������ SSH2 �������g�p�������B
710     // (2004.12.17 yutaka)
711 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
712     char FAR * data, int len, char FAR * MAC)
713     {
714 yutakakn 2757 HMAC_CTX c;
715     unsigned char m[EVP_MAX_MD_SIZE];
716     unsigned char b[4];
717     struct Mac *mac;
718    
719     mac = &pvar->ssh2_keys[MODE_IN].mac;
720    
721     // HMAC�������L���������������A����OK�����������B
722     if (mac == NULL || mac->enabled == 0)
723     return TRUE;
724    
725     if (mac->key == NULL)
726     goto error;
727    
728     if ((u_int)mac->mac_len > sizeof(m))
729     goto error;
730    
731     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
732     set_uint32_MSBfirst(b, sequence_number);
733     HMAC_Update(&c, b, sizeof(b));
734     HMAC_Update(&c, data, len);
735     HMAC_Final(&c, m, NULL);
736     HMAC_cleanup(&c);
737    
738     if (memcmp(m, MAC, mac->mac_len)) {
739     goto error;
740     }
741    
742 yutakakn 2728 return TRUE;
743 yutakakn 2757
744     error:
745     return FALSE;
746 yutakakn 2728 }
747    
748     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
749     {
750     struct Mac *mac;
751    
752     if (SSHv2(pvar)) { // for SSH2(yutaka)
753     mac = &pvar->ssh2_keys[MODE_OUT].mac;
754     if (mac == NULL || mac->enabled == 0)
755     return 0;
756    
757     return (mac->mac_len);
758     }
759    
760     return 0;
761     }
762    
763     // for SSH2
764     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
765     char FAR * data, int len, char FAR * MAC)
766     {
767     HMAC_CTX c;
768     static u_char m[EVP_MAX_MD_SIZE];
769     u_char b[4];
770     struct Mac *mac;
771    
772     if (SSHv2(pvar)) { // for SSH2(yutaka)
773     mac = &pvar->ssh2_keys[MODE_OUT].mac;
774     if (mac == NULL || mac->enabled == 0)
775     return FALSE;
776    
777     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
778     set_uint32_MSBfirst(b, sequence_number);
779     HMAC_Update(&c, b, sizeof(b));
780     HMAC_Update(&c, data, len);
781     HMAC_Final(&c, m, NULL);
782     HMAC_cleanup(&c);
783    
784     // 20�o�C�g�������R�s�[
785     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
786     // memcpy(MAC, m, sizeof(m));
787    
788     return TRUE;
789     }
790    
791     return TRUE;
792    
793     }
794    
795     static int choose_cipher(PTInstVar pvar, int supported)
796     {
797     int i;
798    
799     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
800     int cipher = pvar->session_settings.CipherOrder[i] - '0';
801    
802     if (cipher == SSH_CIPHER_NONE) {
803     break;
804     } else if ((supported & (1 << cipher)) != 0) {
805     return cipher;
806     }
807     }
808    
809     return SSH_CIPHER_NONE;
810     }
811    
812     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
813     {
814     if (SSHv1(pvar)) {
815     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
816     pvar->crypt_state.
817     supported_sender_ciphers);
818     pvar->crypt_state.receiver_cipher =
819     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
820    
821     } else { // SSH2(yutaka)
822     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
823     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
824    
825     }
826    
827     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
828     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
829     notify_fatal_error(pvar,
830     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
831     "To communicate with this server, you will have to enable some more ciphers\n"
832     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
833     "This connection will now close.");
834     return FALSE;
835     } else {
836     return TRUE;
837     }
838     }
839    
840     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
841     {
842     int server_key_bits =
843     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
844     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
845     int server_key_bytes = (server_key_bits + 7) / 8;
846     int host_key_bytes = (host_key_bits + 7) / 8;
847    
848     if (server_key_bits < host_key_bits) {
849     return host_key_bytes;
850     } else {
851     return server_key_bytes;
852     }
853     }
854    
855     int CRYPT_choose_session_key(PTInstVar pvar,
856     unsigned char FAR * encrypted_key_buf)
857     {
858     int server_key_bits =
859     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
860     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
861     int server_key_bytes = (server_key_bits + 7) / 8;
862     int host_key_bytes = (host_key_bits + 7) / 8;
863     int encrypted_key_bytes;
864     int bit_delta;
865    
866     if (server_key_bits < host_key_bits) {
867     encrypted_key_bytes = host_key_bytes;
868     bit_delta = host_key_bits - server_key_bits;
869     } else {
870     encrypted_key_bytes = server_key_bytes;
871     bit_delta = server_key_bits - host_key_bits;
872     }
873    
874     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
875     notify_fatal_error(pvar,
876     "Server RSA keys are too weak. A secure connection cannot be established.");
877     return 0;
878     } else {
879     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
880     for the session ID, rather than the one specified in the RFC */
881     int session_buf_len = server_key_bytes + host_key_bytes + 8;
882     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
883     char session_id[16];
884     int i;
885    
886     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
887     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
888     session_buf + host_key_bytes);
889     memcpy(session_buf + server_key_bytes + host_key_bytes,
890     pvar->crypt_state.server_cookie, 8);
891     MD5(session_buf, session_buf_len, session_id);
892    
893     free(session_buf);
894    
895     RAND_bytes(pvar->crypt_state.sender_cipher_key,
896     SSH_SESSION_KEY_LENGTH);
897     memcpy(pvar->crypt_state.receiver_cipher_key,
898     pvar->crypt_state.sender_cipher_key,
899     SSH_SESSION_KEY_LENGTH);
900    
901     memcpy(encrypted_key_buf + encrypted_key_bytes -
902     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
903     SSH_SESSION_KEY_LENGTH);
904     for (i = 0; i < sizeof(session_id); i++) {
905     encrypted_key_buf[encrypted_key_bytes -
906     SSH_SESSION_KEY_LENGTH + i]
907     ^= session_id[i];
908     }
909    
910     if (host_key_bits > server_key_bits) {
911     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
912     encrypted_key_buf +
913     encrypted_key_bytes -
914     SSH_SESSION_KEY_LENGTH,
915     encrypted_key_buf +
916     encrypted_key_bytes - server_key_bytes,
917     pvar->crypt_state.server_key.RSA_key,
918     RSA_PKCS1_PADDING) < 0)
919     return 0;
920    
921     if (RSA_public_encrypt(server_key_bytes,
922     encrypted_key_buf +
923     encrypted_key_bytes - server_key_bytes,
924     encrypted_key_buf,
925     pvar->crypt_state.host_key.RSA_key,
926     RSA_PKCS1_PADDING) < 0)
927     return 0;
928     } else {
929     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
930     encrypted_key_buf +
931     encrypted_key_bytes -
932     SSH_SESSION_KEY_LENGTH,
933     encrypted_key_buf +
934     encrypted_key_bytes - host_key_bytes,
935     pvar->crypt_state.host_key.RSA_key,
936     RSA_PKCS1_PADDING) < 0)
937     return 0;
938    
939     if (RSA_public_encrypt(host_key_bytes,
940     encrypted_key_buf +
941     encrypted_key_bytes - host_key_bytes,
942     encrypted_key_buf,
943     pvar->crypt_state.server_key.RSA_key,
944     RSA_PKCS1_PADDING) < 0)
945     return 0;
946     }
947     }
948    
949     return 1;
950     }
951    
952     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
953     unsigned char FAR * challenge,
954     int challenge_len,
955     unsigned char FAR * response)
956     {
957     int server_key_bits =
958     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
959     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
960     int server_key_bytes = (server_key_bits + 7) / 8;
961     int host_key_bytes = (host_key_bits + 7) / 8;
962     int session_buf_len = server_key_bytes + host_key_bytes + 8;
963     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
964     char decrypted_challenge[48];
965     int decrypted_challenge_len;
966    
967     decrypted_challenge_len =
968     RSA_private_decrypt(challenge_len, challenge, challenge,
969     AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
970     RSA_PKCS1_PADDING);
971     if (decrypted_challenge_len < 0) {
972     free(session_buf);
973     return 0;
974     }
975     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
976     memcpy(decrypted_challenge,
977     challenge + decrypted_challenge_len -
978     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
979     } else {
980     memset(decrypted_challenge, 0,
981     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
982     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
983     decrypted_challenge_len, challenge,
984     decrypted_challenge_len);
985     }
986    
987     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
988     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
989     session_buf + host_key_bytes);
990     memcpy(session_buf + server_key_bytes + host_key_bytes,
991     pvar->crypt_state.server_cookie, 8);
992     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
993    
994     free(session_buf);
995    
996     MD5(decrypted_challenge, 48, response);
997    
998     return 1;
999     }
1000    
1001     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1002     {
1003     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1004     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1005     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1006     memset(state->ivec1, 0, 8);
1007     memset(state->ivec2, 0, 8);
1008     memset(state->ivec3, 0, 8);
1009     }
1010    
1011     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1012     {
1013     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1014     memset(state->ivec, 0, 8);
1015     }
1016    
1017     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1018     {
1019     idea_set_encrypt_key(session_key, &state->k);
1020     memset(state->ivec, 0, 8);
1021     }
1022    
1023     static void cBlowfish_init(char FAR * session_key,
1024     CipherBlowfishState FAR * state)
1025     {
1026     BF_set_key(&state->k, 32, session_key);
1027     memset(state->ivec, 0, 8);
1028     }
1029    
1030    
1031     //
1032     // SSH2�p�A���S���Y����������
1033     //
1034     // for SSH2(yutaka)
1035     //
1036     void cipher_init_SSH2(
1037     EVP_CIPHER_CTX *evp,
1038     const u_char *key, u_int keylen,
1039     const u_char *iv, u_int ivlen,
1040     int encrypt,
1041     const EVP_CIPHER *(*func)(void)
1042     )
1043     {
1044     EVP_CIPHER *type;
1045     int klen;
1046    
1047     type = (EVP_CIPHER *)func();
1048    
1049     EVP_CIPHER_CTX_init(evp);
1050     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1051     // TODO:
1052     }
1053    
1054     klen = EVP_CIPHER_CTX_key_length(evp);
1055     if (klen > 0 && keylen != klen) {
1056     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1057     // TODO:
1058     }
1059     }
1060     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1061     // TODO:
1062     }
1063     }
1064    
1065    
1066     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1067     {
1068     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1069     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1070     BOOL isOK = TRUE;
1071    
1072     if (sender_flag) {
1073     switch (pvar->crypt_state.sender_cipher) {
1074     // for SSH2(yutaka)
1075     case SSH_CIPHER_3DES_CBC:
1076     {
1077     struct Enc *enc;
1078    
1079     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1080     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1081     enc->key, 24, enc->iv, 8,
1082     CIPHER_ENCRYPT,
1083     EVP_des_ede3_cbc);
1084    
1085     //debug_print(10, enc->key, 24);
1086     //debug_print(11, enc->iv, 24);
1087    
1088     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1089     break;
1090     }
1091    
1092     // for SSH2(yutaka)
1093     case SSH_CIPHER_AES128:
1094     {
1095     struct Enc *enc;
1096    
1097     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1098     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1099     enc->key, 16, enc->iv, 16,
1100     CIPHER_ENCRYPT,
1101     EVP_aes_128_cbc);
1102    
1103     //debug_print(10, enc->key, 24);
1104     //debug_print(11, enc->iv, 24);
1105    
1106     pvar->crypt_state.encrypt = cAES128_encrypt;
1107     break;
1108     }
1109    
1110     case SSH_CIPHER_3DES:{
1111     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1112     pvar->crypt_state.encrypt = c3DES_encrypt;
1113     break;
1114     }
1115     case SSH_CIPHER_IDEA:{
1116     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1117     pvar->crypt_state.encrypt = cIDEA_encrypt;
1118     break;
1119     }
1120     case SSH_CIPHER_DES:{
1121     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1122     pvar->crypt_state.encrypt = cDES_encrypt;
1123     break;
1124     }
1125     case SSH_CIPHER_RC4:{
1126     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1127     encryption_key + 16);
1128     pvar->crypt_state.encrypt = cRC4_encrypt;
1129     break;
1130     }
1131     case SSH_CIPHER_BLOWFISH:{
1132     cBlowfish_init(encryption_key,
1133     &pvar->crypt_state.enc.cBlowfish);
1134     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1135     break;
1136     }
1137     default:
1138     isOK = FALSE;
1139     }
1140     }
1141    
1142    
1143     if (receiver_flag) {
1144     switch (pvar->crypt_state.receiver_cipher) {
1145     // for SSH2(yutaka)
1146     case SSH_CIPHER_3DES_CBC:
1147     {
1148     struct Enc *enc;
1149    
1150     enc = &pvar->ssh2_keys[MODE_IN].enc;
1151     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1152     enc->key, 24, enc->iv, 8,
1153     CIPHER_DECRYPT,
1154     EVP_des_ede3_cbc);
1155    
1156     //debug_print(12, enc->key, 24);
1157     //debug_print(13, enc->iv, 24);
1158    
1159     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1160     break;
1161     }
1162    
1163     // for SSH2(yutaka)
1164     case SSH_CIPHER_AES128:
1165     {
1166     struct Enc *enc;
1167    
1168     enc = &pvar->ssh2_keys[MODE_IN].enc;
1169     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1170     enc->key, 16, enc->iv, 16,
1171     CIPHER_DECRYPT,
1172     EVP_aes_128_cbc);
1173    
1174     //debug_print(12, enc->key, 24);
1175     //debug_print(13, enc->iv, 24);
1176    
1177     pvar->crypt_state.decrypt = cAES128_decrypt;
1178     break;
1179     }
1180    
1181     case SSH_CIPHER_3DES:{
1182     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1183     pvar->crypt_state.decrypt = c3DES_decrypt;
1184     break;
1185     }
1186     case SSH_CIPHER_IDEA:{
1187     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1188     pvar->crypt_state.decrypt = cIDEA_decrypt;
1189     break;
1190     }
1191     case SSH_CIPHER_DES:{
1192     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1193     pvar->crypt_state.decrypt = cDES_decrypt;
1194     break;
1195     }
1196     case SSH_CIPHER_RC4:{
1197     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1198     pvar->crypt_state.decrypt = cRC4_decrypt;
1199     break;
1200     }
1201     case SSH_CIPHER_BLOWFISH:{
1202     cBlowfish_init(decryption_key,
1203     &pvar->crypt_state.dec.cBlowfish);
1204     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1205     break;
1206     }
1207     default:
1208     isOK = FALSE;
1209     }
1210     }
1211    
1212    
1213     if (!isOK) {
1214     notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1215     return FALSE;
1216     } else {
1217     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1218     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1219     return TRUE;
1220     }
1221     }
1222    
1223     void CRYPT_init(PTInstVar pvar)
1224     {
1225     pvar->crypt_state.encrypt = no_encrypt;
1226     pvar->crypt_state.decrypt = no_encrypt;
1227     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1228     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1229     pvar->crypt_state.server_key.RSA_key = NULL;
1230     pvar->crypt_state.host_key.RSA_key = NULL;
1231    
1232     pvar->crypt_state.detect_attack_statics.h = NULL;
1233     pvar->crypt_state.detect_attack_statics.n =
1234     HASH_MINSIZE / HASH_ENTRYSIZE;
1235     }
1236    
1237     static char FAR *get_cipher_name(int cipher)
1238     {
1239     switch (cipher) {
1240     case SSH_CIPHER_NONE:
1241     return "None";
1242     case SSH_CIPHER_3DES:
1243     return "3DES (168 key bits)";
1244     case SSH_CIPHER_DES:
1245     return "DES (56 key bits)";
1246     case SSH_CIPHER_IDEA:
1247     return "IDEA (128 key bits)";
1248     case SSH_CIPHER_RC4:
1249     return "RC4 (128 key bits)";
1250     case SSH_CIPHER_BLOWFISH:
1251     return "Blowfish (256 key bits)";
1252    
1253     // SSH2
1254     case SSH_CIPHER_3DES_CBC:
1255     return "3DES-CBC";
1256     case SSH_CIPHER_AES128:
1257     return "AES128";
1258    
1259     default:
1260     return "Unknown";
1261     }
1262     }
1263    
1264     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1265     {
1266     _snprintf(dest, len, "%s to server, %s from server",
1267     get_cipher_name(pvar->crypt_state.sender_cipher),
1268     get_cipher_name(pvar->crypt_state.receiver_cipher));
1269     dest[len - 1] = 0;
1270     }
1271    
1272     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1273     {
1274     if (SSHv1(pvar)) {
1275     if (pvar->crypt_state.server_key.RSA_key == NULL
1276     || pvar->crypt_state.host_key.RSA_key == NULL) {
1277     strncpy(dest, "None", len);
1278     } else {
1279     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1280     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1281     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1282     }
1283    
1284     } else { // SSH2
1285     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1286     pvar->server_key_bits,
1287     pvar->client_key_bits);
1288    
1289     }
1290    
1291     dest[len - 1] = 0;
1292     }
1293    
1294     static void destroy_public_key(CRYPTPublicKey FAR * key)
1295     {
1296     if (key->RSA_key != NULL) {
1297     RSA_free(key->RSA_key);
1298     key->RSA_key = NULL;
1299     }
1300     }
1301    
1302     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1303     {
1304     destroy_public_key(key);
1305     free(key);
1306     }
1307    
1308     void CRYPT_end(PTInstVar pvar)
1309     {
1310     destroy_public_key(&pvar->crypt_state.host_key);
1311     destroy_public_key(&pvar->crypt_state.server_key);
1312    
1313     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1314     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1315     pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1316     free(pvar->crypt_state.detect_attack_statics.h);
1317     }
1318    
1319     memset(pvar->crypt_state.sender_cipher_key, 0,
1320     sizeof(pvar->crypt_state.sender_cipher_key));
1321     memset(pvar->crypt_state.receiver_cipher_key, 0,
1322     sizeof(pvar->crypt_state.receiver_cipher_key));
1323     memset(pvar->crypt_state.server_cookie, 0,
1324     sizeof(pvar->crypt_state.server_cookie));
1325     memset(pvar->crypt_state.client_cookie, 0,
1326     sizeof(pvar->crypt_state.client_cookie));
1327     memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1328     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1329     }
1330    
1331     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1332     char FAR * buf, int bytes)
1333     {
1334     unsigned char passphrase_key[16];
1335    
1336     MD5(passphrase, strlen(passphrase), passphrase_key);
1337    
1338     switch (cipher) {
1339     case SSH_CIPHER_3DES:{
1340     Cipher3DESState state;
1341    
1342     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1343     &state.k1);
1344     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1345     &state.k2);
1346     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1347     &state.k3);
1348     memset(state.ivec1, 0, 8);
1349     memset(state.ivec2, 0, 8);
1350     memset(state.ivec3, 0, 8);
1351     DES_ncbc_encrypt(buf, buf, bytes,
1352     &state.k3, &state.ivec3, DES_DECRYPT);
1353     DES_ncbc_encrypt(buf, buf, bytes,
1354     &state.k2, &state.ivec2, DES_ENCRYPT);
1355     DES_ncbc_encrypt(buf, buf, bytes,
1356     &state.k1, &state.ivec1, DES_DECRYPT);
1357     break;
1358     }
1359    
1360     case SSH_CIPHER_IDEA:{
1361     CipherIDEAState state;
1362     int num = 0;
1363    
1364     cIDEA_init(passphrase_key, &state);
1365     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1366     &num, IDEA_DECRYPT);
1367     break;
1368     }
1369    
1370     case SSH_CIPHER_DES:{
1371     CipherDESState state;
1372    
1373     cDES_init(passphrase_key, &state);
1374     DES_ncbc_encrypt(buf, buf, bytes,
1375     &state.k, &state.ivec, DES_DECRYPT);
1376     break;
1377     }
1378    
1379     case SSH_CIPHER_RC4:{
1380     CipherRC4State state;
1381     int num = 0;
1382    
1383     RC4_set_key(&state.k, 16, passphrase_key);
1384     RC4(&state.k, bytes, buf, buf);
1385     break;
1386     }
1387    
1388     case SSH_CIPHER_BLOWFISH:{
1389     CipherBlowfishState state;
1390    
1391     BF_set_key(&state.k, 16, passphrase_key);
1392     memset(state.ivec, 0, 8);
1393     flip_endianness(buf, bytes);
1394     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1395     BF_DECRYPT);
1396     flip_endianness(buf, bytes);
1397     break;
1398     }
1399    
1400     case SSH_CIPHER_NONE:
1401     break;
1402    
1403     default:
1404     memset(passphrase_key, 0, sizeof(passphrase_key));
1405     return 0;
1406     }
1407    
1408     memset(passphrase_key, 0, sizeof(passphrase_key));
1409     return 1;
1410     }
1411    
1412     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1413     {
1414     RSA_free(key_pair->RSA_key);
1415     free(key_pair);
1416     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help