Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2831 - (hide annotations) (download) (as text)
Sat Jul 9 05:16:06 2005 UTC (18 years, 9 months ago) by yutakakn
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 36707 byte(s) 
OpenSSL 0.9.8でビルドできるようにした。
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40 yutakakn 2831 #include <openssl/dsa.h>
41 yutakakn 2728 #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51 yutakakn 2831 * $Id: crypt.c,v 1.4 2005-07-09 05:16:06 yutakakn Exp $ Cryptographic attack
52 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202     default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204     buf, bytes, NULL) == DEATTACK_DETECTED;
205     }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218     int bytes)
219     {
220     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221     unsigned char *newbuf = malloc(bytes);
222     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223    
224     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225     if (bytes == 0)
226     return;
227    
228     if (newbuf == NULL)
229     return;
230    
231     if (bytes % block_size) {
232     char tmp[80];
233     _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
234     notify_fatal_error(pvar, tmp);
235     goto error;
236     }
237    
238     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
239     // TODO: failure
240     notify_fatal_error(pvar, "AES128 encrypt error(2)");
241    
242     } else {
243     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
244     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
245     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
246    
247     //debug_print(50, key, 24);
248     //debug_print(51, iv, 8);
249     //debug_print(52, buf, bytes);
250     //debug_print(53, newbuf, bytes);
251    
252     memcpy(buf, newbuf, bytes);
253     }
254    
255     error:
256     free(newbuf);
257     }
258    
259     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
260     int bytes)
261     {
262     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
263     unsigned char *newbuf = malloc(bytes);
264     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
265    
266     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
267     if (bytes == 0)
268     return;
269    
270     if (newbuf == NULL)
271     return;
272    
273     if (bytes % block_size) {
274     char tmp[80];
275     _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
276     notify_fatal_error(pvar, tmp);
277     goto error;
278     }
279    
280     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
281     // TODO:
282     notify_fatal_error(pvar, "AES128 decrypt error(2)");
283    
284     } else {
285     #if 0
286     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
287     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
288     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
289    
290     {
291     static int no = 70;
292     debug_print(no, buf, bytes);
293     //debug_print(no, key, AES128_KEYLEN);
294     //debug_print(10*no, iv, AES128_IVLEN);
295     debug_print(30*no, newbuf, bytes);
296     no++;
297     }
298     #endif
299    
300     memcpy(buf, newbuf, bytes);
301     }
302    
303     error:;
304     free(newbuf);
305     }
306    
307    
308    
309     // for SSH2(yutaka)
310     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
311     int bytes)
312     {
313     unsigned char key[24], iv[8];
314     unsigned char *newbuf = malloc(bytes);
315    
316     if (newbuf == NULL)
317     return;
318    
319     #if 1
320    
321     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
322     // TODO: failure
323     } else {
324     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
325     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
326     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
327    
328     //debug_print(50, key, 24);
329     //debug_print(51, iv, 8);
330     //debug_print(52, buf, bytes);
331     //debug_print(53, newbuf, bytes);
332    
333     memcpy(buf, newbuf, bytes);
334     }
335     free(newbuf);
336     #else
337    
338     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
339     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
340     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
341    
342     //debug_print(50, key, 24);
343     //debug_print(51, iv, 8);
344     //debug_print(52, buf, bytes);
345    
346     #if 0
347     DES_ede3_cbc_encrypt(
348     buf, newbuf, bytes,
349     (DES_key_schedule *)&key[0],
350     (DES_key_schedule *)&key[8],
351     (DES_key_schedule *)&key[16],
352     (DES_cblock *)iv,
353     DES_ENCRYPT);
354     #else
355     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
356     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
357     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
358    
359     #endif
360    
361     //debug_print(53, newbuf, bytes);
362    
363     memcpy(buf, newbuf, bytes);
364     free(newbuf);
365    
366     #endif
367     }
368    
369     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
370     int bytes)
371     {
372     unsigned char key[24], iv[8];
373     unsigned char *newbuf = malloc(bytes);
374    
375     if (newbuf == NULL)
376     return;
377    
378     #if 1
379     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
380     // TODO:
381    
382     } else {
383     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
384     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
385     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
386    
387     //debug_print(70, key, 24);
388     //debug_print(71, iv, 8);
389     //debug_print(72, buf, bytes);
390     //debug_print(73, newbuf, bytes);
391    
392     memcpy(buf, newbuf, bytes);
393     }
394     free(newbuf);
395    
396     #else
397     unsigned char *key, iv[8];
398     unsigned char *newbuf = malloc(bytes);
399     if (newbuf == NULL)
400     return;
401    
402     key = pvar->ssh2_keys[MODE_IN].enc.key;
403     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
404     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
405    
406     //debug_print(60, key, 24);
407     //debug_print(61, iv, 8);
408     //debug_print(62, buf, bytes);
409    
410     DES_ede3_cbc_encrypt(
411     buf, newbuf, bytes,
412     (DES_key_schedule *)&key[0],
413     (DES_key_schedule *)&key[8],
414     (DES_key_schedule *)&key[16],
415     (DES_cblock *)iv,
416     DES_DECRYPT);
417    
418     //debug_print(63, newbuf, bytes);
419    
420     memcpy(buf, newbuf, bytes);
421    
422     free(newbuf);
423     #endif
424     }
425    
426    
427     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
428     int bytes)
429     {
430     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
431    
432     DES_ncbc_encrypt(buf, buf, bytes,
433     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
434     DES_ncbc_encrypt(buf, buf, bytes,
435     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
436     DES_ncbc_encrypt(buf, buf, bytes,
437     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
438     }
439    
440     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
441     int bytes)
442     {
443     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
444    
445     DES_ncbc_encrypt(buf, buf, bytes,
446     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
447     DES_ncbc_encrypt(buf, buf, bytes,
448     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
449     DES_ncbc_encrypt(buf, buf, bytes,
450     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
451     }
452    
453     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
454     int bytes)
455     {
456     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
457    
458     DES_ncbc_encrypt(buf, buf, bytes,
459     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
460     }
461    
462     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
463     int bytes)
464     {
465     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
466    
467     DES_ncbc_encrypt(buf, buf, bytes,
468     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
469     }
470    
471     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
472     int bytes)
473     {
474     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
475     int num = 0;
476    
477     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
478     encryptstate->ivec, &num, IDEA_ENCRYPT);
479     }
480    
481     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
482     int bytes)
483     {
484     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
485     int num = 0;
486    
487     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
488     decryptstate->ivec, &num, IDEA_DECRYPT);
489     }
490    
491     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
492     {
493     uint32 FAR *buf = (uint32 FAR *) cbuf;
494     int count = bytes / 4;
495    
496     while (count > 0) {
497     uint32 w = *buf;
498    
499     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
500     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
501     count--;
502     buf++;
503     }
504     }
505    
506     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
507     int bytes)
508     {
509     CipherBlowfishState FAR *encryptstate =
510     &pvar->crypt_state.enc.cBlowfish;
511    
512     flip_endianness(buf, bytes);
513     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
514     BF_ENCRYPT);
515     flip_endianness(buf, bytes);
516     }
517    
518     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
519     int bytes)
520     {
521     CipherBlowfishState FAR *decryptstate =
522     &pvar->crypt_state.dec.cBlowfish;
523    
524     flip_endianness(buf, bytes);
525     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
526     BF_DECRYPT);
527     flip_endianness(buf, bytes);
528     }
529    
530     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531     int bytes)
532     {
533     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
534     int num = 0;
535    
536     RC4(&encryptstate->k, bytes, buf, buf);
537     }
538    
539     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
540     int bytes)
541     {
542     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
543     int num = 0;
544    
545     RC4(&decryptstate->k, bytes, buf, buf);
546     }
547    
548     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
549     int bytes)
550     {
551     RAND_bytes(buf, bytes);
552     }
553    
554     void CRYPT_initialize_random_numbers(PTInstVar pvar)
555     {
556     RAND_screen();
557     }
558    
559     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
560     {
561     int bits = get_ushort16_MSBfirst(bytes);
562    
563     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
564     }
565    
566     static RSA FAR *make_key(PTInstVar pvar,
567     int bits, unsigned char FAR * exp,
568     unsigned char FAR * mod)
569     {
570     RSA FAR *key = RSA_new();
571    
572     if (key != NULL) {
573     key->e = get_bignum(exp);
574     key->n = get_bignum(mod);
575     }
576    
577     if (key == NULL || key->e == NULL || key->n == NULL) {
578     notify_fatal_error(pvar, "Error setting up RSA keys");
579    
580     if (key != NULL) {
581     if (key->e != NULL) {
582     BN_free(key->e);
583     }
584     if (key->n != NULL) {
585     BN_free(key->n);
586     }
587     RSA_free(key);
588     }
589    
590     return NULL;
591     } else {
592     return key;
593     }
594     }
595    
596     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
597     {
598     if (SSHv1(pvar)) {
599     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
600     } else {
601     memcpy(pvar->crypt_state.server_cookie, cookie,
602     SSH2_COOKIE_LENGTH);
603     }
604     }
605    
606     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
607     {
608     if (SSHv2(pvar)) {
609     memcpy(pvar->crypt_state.client_cookie, cookie,
610     SSH2_COOKIE_LENGTH);
611     }
612     }
613    
614     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
615     int bits, unsigned char FAR * exp,
616     unsigned char FAR * mod)
617     {
618     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
619    
620     return pvar->crypt_state.server_key.RSA_key != NULL;
621     }
622    
623     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
624     int bits, unsigned char FAR * exp,
625     unsigned char FAR * mod)
626     {
627     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
628    
629     return pvar->crypt_state.host_key.RSA_key != NULL;
630     }
631    
632     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
633     int receiver_ciphers)
634     {
635     int cipher_mask;
636    
637     if (SSHv1(pvar)) {
638     cipher_mask = (1 << SSH_CIPHER_DES)
639     | (1 << SSH_CIPHER_3DES)
640     | (1 << SSH_CIPHER_BLOWFISH);
641    
642     } else { // for SSH2(yutaka)
643     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
644     cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
645    
646     }
647    
648     sender_ciphers &= cipher_mask;
649     receiver_ciphers &= cipher_mask;
650     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
651     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
652    
653     if (sender_ciphers == 0) {
654     notify_fatal_error(pvar,
655     "The server does not support any of the TTSSH encryption algorithms.\n"
656     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
657     "The connection will be closed.");
658     return FALSE;
659     } else if (receiver_ciphers == 0) {
660     notify_fatal_error(pvar,
661     "The server does not support any of the TTSSH encryption algorithms.\n"
662     "A secure connection cannot be made in the server-to-TTSSH direction.\n"
663     "The connection will be closed.");
664     return FALSE;
665     } else {
666     return TRUE;
667     }
668     }
669    
670     int CRYPT_get_decryption_block_size(PTInstVar pvar)
671     {
672     if (SSHv1(pvar)) {
673     return 8;
674     } else {
675     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
676     // cf. 3DES=8, AES128=16
677     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
678     }
679     }
680    
681     int CRYPT_get_encryption_block_size(PTInstVar pvar)
682     {
683     if (SSHv1(pvar)) {
684     return 8;
685     } else {
686     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
687     // cf. 3DES=8, AES128=16
688     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
689     }
690     }
691    
692     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
693     {
694     struct Mac *mac;
695    
696     if (SSHv1(pvar)) {
697     return 0;
698    
699     } else { // for SSH2(yutaka)
700     mac = &pvar->ssh2_keys[MODE_IN].mac;
701     if (mac == NULL || mac->enabled == 0)
702     return 0;
703    
704     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
705     }
706    
707     }
708    
709 yutakakn 2757 // HMAC������
710     // ���{������ SSH2 �������g�p�������B
711     // (2004.12.17 yutaka)
712 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
713     char FAR * data, int len, char FAR * MAC)
714     {
715 yutakakn 2757 HMAC_CTX c;
716     unsigned char m[EVP_MAX_MD_SIZE];
717     unsigned char b[4];
718     struct Mac *mac;
719    
720     mac = &pvar->ssh2_keys[MODE_IN].mac;
721    
722     // HMAC�������L���������������A����OK�����������B
723     if (mac == NULL || mac->enabled == 0)
724     return TRUE;
725    
726     if (mac->key == NULL)
727     goto error;
728    
729     if ((u_int)mac->mac_len > sizeof(m))
730     goto error;
731    
732     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
733     set_uint32_MSBfirst(b, sequence_number);
734     HMAC_Update(&c, b, sizeof(b));
735     HMAC_Update(&c, data, len);
736     HMAC_Final(&c, m, NULL);
737     HMAC_cleanup(&c);
738    
739     if (memcmp(m, MAC, mac->mac_len)) {
740     goto error;
741     }
742    
743 yutakakn 2728 return TRUE;
744 yutakakn 2757
745     error:
746     return FALSE;
747 yutakakn 2728 }
748    
749     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
750     {
751     struct Mac *mac;
752    
753     if (SSHv2(pvar)) { // for SSH2(yutaka)
754     mac = &pvar->ssh2_keys[MODE_OUT].mac;
755     if (mac == NULL || mac->enabled == 0)
756     return 0;
757    
758     return (mac->mac_len);
759     }
760    
761     return 0;
762     }
763    
764     // for SSH2
765     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
766     char FAR * data, int len, char FAR * MAC)
767     {
768     HMAC_CTX c;
769     static u_char m[EVP_MAX_MD_SIZE];
770     u_char b[4];
771     struct Mac *mac;
772    
773     if (SSHv2(pvar)) { // for SSH2(yutaka)
774     mac = &pvar->ssh2_keys[MODE_OUT].mac;
775     if (mac == NULL || mac->enabled == 0)
776     return FALSE;
777    
778     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
779     set_uint32_MSBfirst(b, sequence_number);
780     HMAC_Update(&c, b, sizeof(b));
781     HMAC_Update(&c, data, len);
782     HMAC_Final(&c, m, NULL);
783     HMAC_cleanup(&c);
784    
785     // 20�o�C�g�������R�s�[
786     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
787     // memcpy(MAC, m, sizeof(m));
788    
789     return TRUE;
790     }
791    
792     return TRUE;
793    
794     }
795    
796     static int choose_cipher(PTInstVar pvar, int supported)
797     {
798     int i;
799    
800     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
801     int cipher = pvar->session_settings.CipherOrder[i] - '0';
802    
803     if (cipher == SSH_CIPHER_NONE) {
804     break;
805     } else if ((supported & (1 << cipher)) != 0) {
806     return cipher;
807     }
808     }
809    
810     return SSH_CIPHER_NONE;
811     }
812    
813     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
814     {
815     if (SSHv1(pvar)) {
816     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
817     pvar->crypt_state.
818     supported_sender_ciphers);
819     pvar->crypt_state.receiver_cipher =
820     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
821    
822     } else { // SSH2(yutaka)
823     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
824     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
825    
826     }
827    
828     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
829     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
830     notify_fatal_error(pvar,
831     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
832     "To communicate with this server, you will have to enable some more ciphers\n"
833     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
834     "This connection will now close.");
835     return FALSE;
836     } else {
837     return TRUE;
838     }
839     }
840    
841     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
842     {
843     int server_key_bits =
844     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
845     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
846     int server_key_bytes = (server_key_bits + 7) / 8;
847     int host_key_bytes = (host_key_bits + 7) / 8;
848    
849     if (server_key_bits < host_key_bits) {
850     return host_key_bytes;
851     } else {
852     return server_key_bytes;
853     }
854     }
855    
856     int CRYPT_choose_session_key(PTInstVar pvar,
857     unsigned char FAR * encrypted_key_buf)
858     {
859     int server_key_bits =
860     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
861     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
862     int server_key_bytes = (server_key_bits + 7) / 8;
863     int host_key_bytes = (host_key_bits + 7) / 8;
864     int encrypted_key_bytes;
865     int bit_delta;
866    
867     if (server_key_bits < host_key_bits) {
868     encrypted_key_bytes = host_key_bytes;
869     bit_delta = host_key_bits - server_key_bits;
870     } else {
871     encrypted_key_bytes = server_key_bytes;
872     bit_delta = server_key_bits - host_key_bits;
873     }
874    
875     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
876     notify_fatal_error(pvar,
877     "Server RSA keys are too weak. A secure connection cannot be established.");
878     return 0;
879     } else {
880     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
881     for the session ID, rather than the one specified in the RFC */
882     int session_buf_len = server_key_bytes + host_key_bytes + 8;
883     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
884     char session_id[16];
885     int i;
886    
887     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
888     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
889     session_buf + host_key_bytes);
890     memcpy(session_buf + server_key_bytes + host_key_bytes,
891     pvar->crypt_state.server_cookie, 8);
892     MD5(session_buf, session_buf_len, session_id);
893    
894     free(session_buf);
895    
896     RAND_bytes(pvar->crypt_state.sender_cipher_key,
897     SSH_SESSION_KEY_LENGTH);
898     memcpy(pvar->crypt_state.receiver_cipher_key,
899     pvar->crypt_state.sender_cipher_key,
900     SSH_SESSION_KEY_LENGTH);
901    
902     memcpy(encrypted_key_buf + encrypted_key_bytes -
903     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
904     SSH_SESSION_KEY_LENGTH);
905     for (i = 0; i < sizeof(session_id); i++) {
906     encrypted_key_buf[encrypted_key_bytes -
907     SSH_SESSION_KEY_LENGTH + i]
908     ^= session_id[i];
909     }
910    
911     if (host_key_bits > server_key_bits) {
912     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
913     encrypted_key_buf +
914     encrypted_key_bytes -
915     SSH_SESSION_KEY_LENGTH,
916     encrypted_key_buf +
917     encrypted_key_bytes - server_key_bytes,
918     pvar->crypt_state.server_key.RSA_key,
919     RSA_PKCS1_PADDING) < 0)
920     return 0;
921    
922     if (RSA_public_encrypt(server_key_bytes,
923     encrypted_key_buf +
924     encrypted_key_bytes - server_key_bytes,
925     encrypted_key_buf,
926     pvar->crypt_state.host_key.RSA_key,
927     RSA_PKCS1_PADDING) < 0)
928     return 0;
929     } else {
930     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
931     encrypted_key_buf +
932     encrypted_key_bytes -
933     SSH_SESSION_KEY_LENGTH,
934     encrypted_key_buf +
935     encrypted_key_bytes - host_key_bytes,
936     pvar->crypt_state.host_key.RSA_key,
937     RSA_PKCS1_PADDING) < 0)
938     return 0;
939    
940     if (RSA_public_encrypt(host_key_bytes,
941     encrypted_key_buf +
942     encrypted_key_bytes - host_key_bytes,
943     encrypted_key_buf,
944     pvar->crypt_state.server_key.RSA_key,
945     RSA_PKCS1_PADDING) < 0)
946     return 0;
947     }
948     }
949    
950     return 1;
951     }
952    
953     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
954     unsigned char FAR * challenge,
955     int challenge_len,
956     unsigned char FAR * response)
957     {
958     int server_key_bits =
959     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
960     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
961     int server_key_bytes = (server_key_bits + 7) / 8;
962     int host_key_bytes = (host_key_bits + 7) / 8;
963     int session_buf_len = server_key_bytes + host_key_bytes + 8;
964     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
965     char decrypted_challenge[48];
966     int decrypted_challenge_len;
967    
968     decrypted_challenge_len =
969     RSA_private_decrypt(challenge_len, challenge, challenge,
970     AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
971     RSA_PKCS1_PADDING);
972     if (decrypted_challenge_len < 0) {
973     free(session_buf);
974     return 0;
975     }
976     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
977     memcpy(decrypted_challenge,
978     challenge + decrypted_challenge_len -
979     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
980     } else {
981     memset(decrypted_challenge, 0,
982     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
983     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
984     decrypted_challenge_len, challenge,
985     decrypted_challenge_len);
986     }
987    
988     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
989     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
990     session_buf + host_key_bytes);
991     memcpy(session_buf + server_key_bytes + host_key_bytes,
992     pvar->crypt_state.server_cookie, 8);
993     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
994    
995     free(session_buf);
996    
997     MD5(decrypted_challenge, 48, response);
998    
999     return 1;
1000     }
1001    
1002     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1003     {
1004     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1005     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1006     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1007     memset(state->ivec1, 0, 8);
1008     memset(state->ivec2, 0, 8);
1009     memset(state->ivec3, 0, 8);
1010     }
1011    
1012     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1013     {
1014     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1015     memset(state->ivec, 0, 8);
1016     }
1017    
1018     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1019     {
1020     idea_set_encrypt_key(session_key, &state->k);
1021     memset(state->ivec, 0, 8);
1022     }
1023    
1024     static void cBlowfish_init(char FAR * session_key,
1025     CipherBlowfishState FAR * state)
1026     {
1027     BF_set_key(&state->k, 32, session_key);
1028     memset(state->ivec, 0, 8);
1029     }
1030    
1031    
1032     //
1033     // SSH2�p�A���S���Y����������
1034     //
1035     // for SSH2(yutaka)
1036     //
1037     void cipher_init_SSH2(
1038     EVP_CIPHER_CTX *evp,
1039     const u_char *key, u_int keylen,
1040     const u_char *iv, u_int ivlen,
1041     int encrypt,
1042     const EVP_CIPHER *(*func)(void)
1043     )
1044     {
1045     EVP_CIPHER *type;
1046     int klen;
1047    
1048     type = (EVP_CIPHER *)func();
1049    
1050     EVP_CIPHER_CTX_init(evp);
1051     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1052     // TODO:
1053     }
1054    
1055     klen = EVP_CIPHER_CTX_key_length(evp);
1056     if (klen > 0 && keylen != klen) {
1057     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1058     // TODO:
1059     }
1060     }
1061     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1062     // TODO:
1063     }
1064     }
1065    
1066    
1067     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1068     {
1069     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1070     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1071     BOOL isOK = TRUE;
1072    
1073     if (sender_flag) {
1074     switch (pvar->crypt_state.sender_cipher) {
1075     // for SSH2(yutaka)
1076     case SSH_CIPHER_3DES_CBC:
1077     {
1078     struct Enc *enc;
1079    
1080     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1081     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1082     enc->key, 24, enc->iv, 8,
1083     CIPHER_ENCRYPT,
1084     EVP_des_ede3_cbc);
1085    
1086     //debug_print(10, enc->key, 24);
1087     //debug_print(11, enc->iv, 24);
1088    
1089     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1090     break;
1091     }
1092    
1093     // for SSH2(yutaka)
1094     case SSH_CIPHER_AES128:
1095     {
1096     struct Enc *enc;
1097    
1098     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1099     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1100     enc->key, 16, enc->iv, 16,
1101     CIPHER_ENCRYPT,
1102     EVP_aes_128_cbc);
1103    
1104     //debug_print(10, enc->key, 24);
1105     //debug_print(11, enc->iv, 24);
1106    
1107     pvar->crypt_state.encrypt = cAES128_encrypt;
1108     break;
1109     }
1110    
1111     case SSH_CIPHER_3DES:{
1112     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1113     pvar->crypt_state.encrypt = c3DES_encrypt;
1114     break;
1115     }
1116     case SSH_CIPHER_IDEA:{
1117     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1118     pvar->crypt_state.encrypt = cIDEA_encrypt;
1119     break;
1120     }
1121     case SSH_CIPHER_DES:{
1122     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1123     pvar->crypt_state.encrypt = cDES_encrypt;
1124     break;
1125     }
1126     case SSH_CIPHER_RC4:{
1127     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1128     encryption_key + 16);
1129     pvar->crypt_state.encrypt = cRC4_encrypt;
1130     break;
1131     }
1132     case SSH_CIPHER_BLOWFISH:{
1133     cBlowfish_init(encryption_key,
1134     &pvar->crypt_state.enc.cBlowfish);
1135     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1136     break;
1137     }
1138     default:
1139     isOK = FALSE;
1140     }
1141     }
1142    
1143    
1144     if (receiver_flag) {
1145     switch (pvar->crypt_state.receiver_cipher) {
1146     // for SSH2(yutaka)
1147     case SSH_CIPHER_3DES_CBC:
1148     {
1149     struct Enc *enc;
1150    
1151     enc = &pvar->ssh2_keys[MODE_IN].enc;
1152     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1153     enc->key, 24, enc->iv, 8,
1154     CIPHER_DECRYPT,
1155     EVP_des_ede3_cbc);
1156    
1157     //debug_print(12, enc->key, 24);
1158     //debug_print(13, enc->iv, 24);
1159    
1160     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1161     break;
1162     }
1163    
1164     // for SSH2(yutaka)
1165     case SSH_CIPHER_AES128:
1166     {
1167     struct Enc *enc;
1168    
1169     enc = &pvar->ssh2_keys[MODE_IN].enc;
1170     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1171     enc->key, 16, enc->iv, 16,
1172     CIPHER_DECRYPT,
1173     EVP_aes_128_cbc);
1174    
1175     //debug_print(12, enc->key, 24);
1176     //debug_print(13, enc->iv, 24);
1177    
1178     pvar->crypt_state.decrypt = cAES128_decrypt;
1179     break;
1180     }
1181    
1182     case SSH_CIPHER_3DES:{
1183     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1184     pvar->crypt_state.decrypt = c3DES_decrypt;
1185     break;
1186     }
1187     case SSH_CIPHER_IDEA:{
1188     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1189     pvar->crypt_state.decrypt = cIDEA_decrypt;
1190     break;
1191     }
1192     case SSH_CIPHER_DES:{
1193     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1194     pvar->crypt_state.decrypt = cDES_decrypt;
1195     break;
1196     }
1197     case SSH_CIPHER_RC4:{
1198     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1199     pvar->crypt_state.decrypt = cRC4_decrypt;
1200     break;
1201     }
1202     case SSH_CIPHER_BLOWFISH:{
1203     cBlowfish_init(decryption_key,
1204     &pvar->crypt_state.dec.cBlowfish);
1205     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1206     break;
1207     }
1208     default:
1209     isOK = FALSE;
1210     }
1211     }
1212    
1213    
1214     if (!isOK) {
1215     notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1216     return FALSE;
1217     } else {
1218     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1219     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1220     return TRUE;
1221     }
1222     }
1223    
1224     void CRYPT_init(PTInstVar pvar)
1225     {
1226     pvar->crypt_state.encrypt = no_encrypt;
1227     pvar->crypt_state.decrypt = no_encrypt;
1228     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1229     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1230     pvar->crypt_state.server_key.RSA_key = NULL;
1231     pvar->crypt_state.host_key.RSA_key = NULL;
1232    
1233     pvar->crypt_state.detect_attack_statics.h = NULL;
1234     pvar->crypt_state.detect_attack_statics.n =
1235     HASH_MINSIZE / HASH_ENTRYSIZE;
1236     }
1237    
1238     static char FAR *get_cipher_name(int cipher)
1239     {
1240     switch (cipher) {
1241     case SSH_CIPHER_NONE:
1242     return "None";
1243     case SSH_CIPHER_3DES:
1244     return "3DES (168 key bits)";
1245     case SSH_CIPHER_DES:
1246     return "DES (56 key bits)";
1247     case SSH_CIPHER_IDEA:
1248     return "IDEA (128 key bits)";
1249     case SSH_CIPHER_RC4:
1250     return "RC4 (128 key bits)";
1251     case SSH_CIPHER_BLOWFISH:
1252     return "Blowfish (256 key bits)";
1253    
1254     // SSH2
1255     case SSH_CIPHER_3DES_CBC:
1256     return "3DES-CBC";
1257     case SSH_CIPHER_AES128:
1258     return "AES128";
1259    
1260     default:
1261     return "Unknown";
1262     }
1263     }
1264    
1265     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1266     {
1267     _snprintf(dest, len, "%s to server, %s from server",
1268     get_cipher_name(pvar->crypt_state.sender_cipher),
1269     get_cipher_name(pvar->crypt_state.receiver_cipher));
1270     dest[len - 1] = 0;
1271     }
1272    
1273     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1274     {
1275     if (SSHv1(pvar)) {
1276     if (pvar->crypt_state.server_key.RSA_key == NULL
1277     || pvar->crypt_state.host_key.RSA_key == NULL) {
1278     strncpy(dest, "None", len);
1279     } else {
1280     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1281     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1282     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1283     }
1284    
1285     } else { // SSH2
1286     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1287     pvar->server_key_bits,
1288     pvar->client_key_bits);
1289    
1290     }
1291    
1292     dest[len - 1] = 0;
1293     }
1294    
1295     static void destroy_public_key(CRYPTPublicKey FAR * key)
1296     {
1297     if (key->RSA_key != NULL) {
1298     RSA_free(key->RSA_key);
1299     key->RSA_key = NULL;
1300     }
1301     }
1302    
1303     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1304     {
1305     destroy_public_key(key);
1306     free(key);
1307     }
1308    
1309     void CRYPT_end(PTInstVar pvar)
1310     {
1311     destroy_public_key(&pvar->crypt_state.host_key);
1312     destroy_public_key(&pvar->crypt_state.server_key);
1313    
1314     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1315     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1316     pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1317     free(pvar->crypt_state.detect_attack_statics.h);
1318     }
1319    
1320     memset(pvar->crypt_state.sender_cipher_key, 0,
1321     sizeof(pvar->crypt_state.sender_cipher_key));
1322     memset(pvar->crypt_state.receiver_cipher_key, 0,
1323     sizeof(pvar->crypt_state.receiver_cipher_key));
1324     memset(pvar->crypt_state.server_cookie, 0,
1325     sizeof(pvar->crypt_state.server_cookie));
1326     memset(pvar->crypt_state.client_cookie, 0,
1327     sizeof(pvar->crypt_state.client_cookie));
1328     memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1329     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1330     }
1331    
1332     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1333     char FAR * buf, int bytes)
1334     {
1335     unsigned char passphrase_key[16];
1336    
1337     MD5(passphrase, strlen(passphrase), passphrase_key);
1338    
1339     switch (cipher) {
1340     case SSH_CIPHER_3DES:{
1341     Cipher3DESState state;
1342    
1343     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1344     &state.k1);
1345     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1346     &state.k2);
1347     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1348     &state.k3);
1349     memset(state.ivec1, 0, 8);
1350     memset(state.ivec2, 0, 8);
1351     memset(state.ivec3, 0, 8);
1352     DES_ncbc_encrypt(buf, buf, bytes,
1353     &state.k3, &state.ivec3, DES_DECRYPT);
1354     DES_ncbc_encrypt(buf, buf, bytes,
1355     &state.k2, &state.ivec2, DES_ENCRYPT);
1356     DES_ncbc_encrypt(buf, buf, bytes,
1357     &state.k1, &state.ivec1, DES_DECRYPT);
1358     break;
1359     }
1360    
1361     case SSH_CIPHER_IDEA:{
1362     CipherIDEAState state;
1363     int num = 0;
1364    
1365     cIDEA_init(passphrase_key, &state);
1366     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1367     &num, IDEA_DECRYPT);
1368     break;
1369     }
1370    
1371     case SSH_CIPHER_DES:{
1372     CipherDESState state;
1373    
1374     cDES_init(passphrase_key, &state);
1375     DES_ncbc_encrypt(buf, buf, bytes,
1376     &state.k, &state.ivec, DES_DECRYPT);
1377     break;
1378     }
1379    
1380     case SSH_CIPHER_RC4:{
1381     CipherRC4State state;
1382     int num = 0;
1383    
1384     RC4_set_key(&state.k, 16, passphrase_key);
1385     RC4(&state.k, bytes, buf, buf);
1386     break;
1387     }
1388    
1389     case SSH_CIPHER_BLOWFISH:{
1390     CipherBlowfishState state;
1391    
1392     BF_set_key(&state.k, 16, passphrase_key);
1393     memset(state.ivec, 0, 8);
1394     flip_endianness(buf, bytes);
1395     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1396     BF_DECRYPT);
1397     flip_endianness(buf, bytes);
1398     break;
1399     }
1400    
1401     case SSH_CIPHER_NONE:
1402     break;
1403    
1404     default:
1405     memset(passphrase_key, 0, sizeof(passphrase_key));
1406     return 0;
1407     }
1408    
1409     memset(passphrase_key, 0, sizeof(passphrase_key));
1410     return 1;
1411     }
1412    
1413     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1414     {
1415 yutakakn 2762 if (key_pair->RSA_key != NULL)
1416     RSA_free(key_pair->RSA_key);
1417    
1418     if (key_pair->DSA_key != NULL)
1419     DSA_free(key_pair->DSA_key);
1420    
1421 yutakakn 2728 free(key_pair);
1422     }
1423 yutakakn 2762
1424     /*
1425     * $Log: not supported by cvs2svn $
1426 yutakakn 2831 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1427     * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1428     *
1429 yutakakn 2762 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help