Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2857 - (hide annotations) (download) (as text)
Sun Mar 26 17:07:18 2006 UTC (18 years ago) by yutakakn
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 36876 byte(s) 
fingerprint表示を追加
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40 yutakakn 2831 #include <openssl/dsa.h>
41 yutakakn 2728 #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51 yutakakn 2857 * $Id: crypt.c,v 1.5 2006-03-26 17:07:17 yutakakn Exp $ Cryptographic attack
52 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202     default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204     buf, bytes, NULL) == DEATTACK_DETECTED;
205     }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218     int bytes)
219     {
220     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221     unsigned char *newbuf = malloc(bytes);
222     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223    
224     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225     if (bytes == 0)
226     return;
227    
228     if (newbuf == NULL)
229     return;
230    
231     if (bytes % block_size) {
232     char tmp[80];
233     _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
234     notify_fatal_error(pvar, tmp);
235     goto error;
236     }
237    
238     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
239     // TODO: failure
240     notify_fatal_error(pvar, "AES128 encrypt error(2)");
241    
242     } else {
243     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
244     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
245     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
246    
247     //debug_print(50, key, 24);
248     //debug_print(51, iv, 8);
249     //debug_print(52, buf, bytes);
250     //debug_print(53, newbuf, bytes);
251    
252     memcpy(buf, newbuf, bytes);
253     }
254    
255     error:
256     free(newbuf);
257     }
258    
259     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
260     int bytes)
261     {
262     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
263     unsigned char *newbuf = malloc(bytes);
264     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
265    
266     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
267     if (bytes == 0)
268     return;
269    
270     if (newbuf == NULL)
271     return;
272    
273     if (bytes % block_size) {
274     char tmp[80];
275     _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
276     notify_fatal_error(pvar, tmp);
277     goto error;
278     }
279    
280     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
281     // TODO:
282     notify_fatal_error(pvar, "AES128 decrypt error(2)");
283    
284     } else {
285     #if 0
286     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
287     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
288     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
289    
290     {
291     static int no = 70;
292     debug_print(no, buf, bytes);
293     //debug_print(no, key, AES128_KEYLEN);
294     //debug_print(10*no, iv, AES128_IVLEN);
295     debug_print(30*no, newbuf, bytes);
296     no++;
297     }
298     #endif
299    
300     memcpy(buf, newbuf, bytes);
301     }
302    
303     error:;
304     free(newbuf);
305     }
306    
307    
308    
309     // for SSH2(yutaka)
310     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
311     int bytes)
312     {
313     unsigned char key[24], iv[8];
314     unsigned char *newbuf = malloc(bytes);
315    
316     if (newbuf == NULL)
317     return;
318    
319     #if 1
320    
321     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
322     // TODO: failure
323     } else {
324     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
325     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
326     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
327    
328     //debug_print(50, key, 24);
329     //debug_print(51, iv, 8);
330     //debug_print(52, buf, bytes);
331     //debug_print(53, newbuf, bytes);
332    
333     memcpy(buf, newbuf, bytes);
334     }
335     free(newbuf);
336     #else
337    
338     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
339     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
340     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
341    
342     //debug_print(50, key, 24);
343     //debug_print(51, iv, 8);
344     //debug_print(52, buf, bytes);
345    
346     #if 0
347     DES_ede3_cbc_encrypt(
348     buf, newbuf, bytes,
349     (DES_key_schedule *)&key[0],
350     (DES_key_schedule *)&key[8],
351     (DES_key_schedule *)&key[16],
352     (DES_cblock *)iv,
353     DES_ENCRYPT);
354     #else
355     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
356     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
357     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
358    
359     #endif
360    
361     //debug_print(53, newbuf, bytes);
362    
363     memcpy(buf, newbuf, bytes);
364     free(newbuf);
365    
366     #endif
367     }
368    
369     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
370     int bytes)
371     {
372     unsigned char key[24], iv[8];
373     unsigned char *newbuf = malloc(bytes);
374    
375     if (newbuf == NULL)
376     return;
377    
378     #if 1
379     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
380     // TODO:
381    
382     } else {
383     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
384     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
385     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
386    
387     //debug_print(70, key, 24);
388     //debug_print(71, iv, 8);
389     //debug_print(72, buf, bytes);
390     //debug_print(73, newbuf, bytes);
391    
392     memcpy(buf, newbuf, bytes);
393     }
394     free(newbuf);
395    
396     #else
397     unsigned char *key, iv[8];
398     unsigned char *newbuf = malloc(bytes);
399     if (newbuf == NULL)
400     return;
401    
402     key = pvar->ssh2_keys[MODE_IN].enc.key;
403     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
404     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
405    
406     //debug_print(60, key, 24);
407     //debug_print(61, iv, 8);
408     //debug_print(62, buf, bytes);
409    
410     DES_ede3_cbc_encrypt(
411     buf, newbuf, bytes,
412     (DES_key_schedule *)&key[0],
413     (DES_key_schedule *)&key[8],
414     (DES_key_schedule *)&key[16],
415     (DES_cblock *)iv,
416     DES_DECRYPT);
417    
418     //debug_print(63, newbuf, bytes);
419    
420     memcpy(buf, newbuf, bytes);
421    
422     free(newbuf);
423     #endif
424     }
425    
426    
427     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
428     int bytes)
429     {
430     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
431    
432     DES_ncbc_encrypt(buf, buf, bytes,
433     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
434     DES_ncbc_encrypt(buf, buf, bytes,
435     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
436     DES_ncbc_encrypt(buf, buf, bytes,
437     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
438     }
439    
440     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
441     int bytes)
442     {
443     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
444    
445     DES_ncbc_encrypt(buf, buf, bytes,
446     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
447     DES_ncbc_encrypt(buf, buf, bytes,
448     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
449     DES_ncbc_encrypt(buf, buf, bytes,
450     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
451     }
452    
453     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
454     int bytes)
455     {
456     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
457    
458     DES_ncbc_encrypt(buf, buf, bytes,
459     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
460     }
461    
462     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
463     int bytes)
464     {
465     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
466    
467     DES_ncbc_encrypt(buf, buf, bytes,
468     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
469     }
470    
471     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
472     int bytes)
473     {
474     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
475     int num = 0;
476    
477     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
478     encryptstate->ivec, &num, IDEA_ENCRYPT);
479     }
480    
481     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
482     int bytes)
483     {
484     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
485     int num = 0;
486    
487     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
488     decryptstate->ivec, &num, IDEA_DECRYPT);
489     }
490    
491     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
492     {
493     uint32 FAR *buf = (uint32 FAR *) cbuf;
494     int count = bytes / 4;
495    
496     while (count > 0) {
497     uint32 w = *buf;
498    
499     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
500     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
501     count--;
502     buf++;
503     }
504     }
505    
506     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
507     int bytes)
508     {
509     CipherBlowfishState FAR *encryptstate =
510     &pvar->crypt_state.enc.cBlowfish;
511    
512     flip_endianness(buf, bytes);
513     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
514     BF_ENCRYPT);
515     flip_endianness(buf, bytes);
516     }
517    
518     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
519     int bytes)
520     {
521     CipherBlowfishState FAR *decryptstate =
522     &pvar->crypt_state.dec.cBlowfish;
523    
524     flip_endianness(buf, bytes);
525     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
526     BF_DECRYPT);
527     flip_endianness(buf, bytes);
528     }
529    
530     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531     int bytes)
532     {
533     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
534     int num = 0;
535    
536     RC4(&encryptstate->k, bytes, buf, buf);
537     }
538    
539     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
540     int bytes)
541     {
542     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
543     int num = 0;
544    
545     RC4(&decryptstate->k, bytes, buf, buf);
546     }
547    
548     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
549     int bytes)
550     {
551     RAND_bytes(buf, bytes);
552     }
553    
554     void CRYPT_initialize_random_numbers(PTInstVar pvar)
555     {
556     RAND_screen();
557     }
558    
559     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
560     {
561     int bits = get_ushort16_MSBfirst(bytes);
562    
563     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
564     }
565    
566 yutakakn 2857 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
567     RSA FAR *make_key(PTInstVar pvar,
568 yutakakn 2728 int bits, unsigned char FAR * exp,
569     unsigned char FAR * mod)
570     {
571     RSA FAR *key = RSA_new();
572    
573     if (key != NULL) {
574     key->e = get_bignum(exp);
575     key->n = get_bignum(mod);
576     }
577    
578     if (key == NULL || key->e == NULL || key->n == NULL) {
579     notify_fatal_error(pvar, "Error setting up RSA keys");
580    
581     if (key != NULL) {
582     if (key->e != NULL) {
583     BN_free(key->e);
584     }
585     if (key->n != NULL) {
586     BN_free(key->n);
587     }
588     RSA_free(key);
589     }
590    
591     return NULL;
592     } else {
593     return key;
594     }
595     }
596    
597     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
598     {
599     if (SSHv1(pvar)) {
600     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
601     } else {
602     memcpy(pvar->crypt_state.server_cookie, cookie,
603     SSH2_COOKIE_LENGTH);
604     }
605     }
606    
607     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
608     {
609     if (SSHv2(pvar)) {
610     memcpy(pvar->crypt_state.client_cookie, cookie,
611     SSH2_COOKIE_LENGTH);
612     }
613     }
614    
615     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
616     int bits, unsigned char FAR * exp,
617     unsigned char FAR * mod)
618     {
619     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
620    
621     return pvar->crypt_state.server_key.RSA_key != NULL;
622     }
623    
624     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
625     int bits, unsigned char FAR * exp,
626     unsigned char FAR * mod)
627     {
628     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
629    
630     return pvar->crypt_state.host_key.RSA_key != NULL;
631     }
632    
633     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
634     int receiver_ciphers)
635     {
636     int cipher_mask;
637    
638     if (SSHv1(pvar)) {
639     cipher_mask = (1 << SSH_CIPHER_DES)
640     | (1 << SSH_CIPHER_3DES)
641     | (1 << SSH_CIPHER_BLOWFISH);
642    
643     } else { // for SSH2(yutaka)
644     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
645     cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
646    
647     }
648    
649     sender_ciphers &= cipher_mask;
650     receiver_ciphers &= cipher_mask;
651     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
652     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
653    
654     if (sender_ciphers == 0) {
655     notify_fatal_error(pvar,
656     "The server does not support any of the TTSSH encryption algorithms.\n"
657     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
658     "The connection will be closed.");
659     return FALSE;
660     } else if (receiver_ciphers == 0) {
661     notify_fatal_error(pvar,
662     "The server does not support any of the TTSSH encryption algorithms.\n"
663     "A secure connection cannot be made in the server-to-TTSSH direction.\n"
664     "The connection will be closed.");
665     return FALSE;
666     } else {
667     return TRUE;
668     }
669     }
670    
671     int CRYPT_get_decryption_block_size(PTInstVar pvar)
672     {
673     if (SSHv1(pvar)) {
674     return 8;
675     } else {
676     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
677     // cf. 3DES=8, AES128=16
678     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
679     }
680     }
681    
682     int CRYPT_get_encryption_block_size(PTInstVar pvar)
683     {
684     if (SSHv1(pvar)) {
685     return 8;
686     } else {
687     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
688     // cf. 3DES=8, AES128=16
689     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
690     }
691     }
692    
693     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
694     {
695     struct Mac *mac;
696    
697     if (SSHv1(pvar)) {
698     return 0;
699    
700     } else { // for SSH2(yutaka)
701     mac = &pvar->ssh2_keys[MODE_IN].mac;
702     if (mac == NULL || mac->enabled == 0)
703     return 0;
704    
705     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
706     }
707    
708     }
709    
710 yutakakn 2757 // HMAC������
711     // ���{������ SSH2 �������g�p�������B
712     // (2004.12.17 yutaka)
713 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
714     char FAR * data, int len, char FAR * MAC)
715     {
716 yutakakn 2757 HMAC_CTX c;
717     unsigned char m[EVP_MAX_MD_SIZE];
718     unsigned char b[4];
719     struct Mac *mac;
720    
721     mac = &pvar->ssh2_keys[MODE_IN].mac;
722    
723     // HMAC�������L���������������A����OK�����������B
724     if (mac == NULL || mac->enabled == 0)
725     return TRUE;
726    
727     if (mac->key == NULL)
728     goto error;
729    
730     if ((u_int)mac->mac_len > sizeof(m))
731     goto error;
732    
733     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
734     set_uint32_MSBfirst(b, sequence_number);
735     HMAC_Update(&c, b, sizeof(b));
736     HMAC_Update(&c, data, len);
737     HMAC_Final(&c, m, NULL);
738     HMAC_cleanup(&c);
739    
740     if (memcmp(m, MAC, mac->mac_len)) {
741     goto error;
742     }
743    
744 yutakakn 2728 return TRUE;
745 yutakakn 2757
746     error:
747     return FALSE;
748 yutakakn 2728 }
749    
750     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
751     {
752     struct Mac *mac;
753    
754     if (SSHv2(pvar)) { // for SSH2(yutaka)
755     mac = &pvar->ssh2_keys[MODE_OUT].mac;
756     if (mac == NULL || mac->enabled == 0)
757     return 0;
758    
759     return (mac->mac_len);
760     }
761    
762     return 0;
763     }
764    
765     // for SSH2
766     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
767     char FAR * data, int len, char FAR * MAC)
768     {
769     HMAC_CTX c;
770     static u_char m[EVP_MAX_MD_SIZE];
771     u_char b[4];
772     struct Mac *mac;
773    
774     if (SSHv2(pvar)) { // for SSH2(yutaka)
775     mac = &pvar->ssh2_keys[MODE_OUT].mac;
776     if (mac == NULL || mac->enabled == 0)
777     return FALSE;
778    
779     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
780     set_uint32_MSBfirst(b, sequence_number);
781     HMAC_Update(&c, b, sizeof(b));
782     HMAC_Update(&c, data, len);
783     HMAC_Final(&c, m, NULL);
784     HMAC_cleanup(&c);
785    
786     // 20�o�C�g�������R�s�[
787     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
788     // memcpy(MAC, m, sizeof(m));
789    
790     return TRUE;
791     }
792    
793     return TRUE;
794    
795     }
796    
797     static int choose_cipher(PTInstVar pvar, int supported)
798     {
799     int i;
800    
801     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
802     int cipher = pvar->session_settings.CipherOrder[i] - '0';
803    
804     if (cipher == SSH_CIPHER_NONE) {
805     break;
806     } else if ((supported & (1 << cipher)) != 0) {
807     return cipher;
808     }
809     }
810    
811     return SSH_CIPHER_NONE;
812     }
813    
814     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
815     {
816     if (SSHv1(pvar)) {
817     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
818     pvar->crypt_state.
819     supported_sender_ciphers);
820     pvar->crypt_state.receiver_cipher =
821     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
822    
823     } else { // SSH2(yutaka)
824     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
825     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
826    
827     }
828    
829     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
830     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
831     notify_fatal_error(pvar,
832     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
833     "To communicate with this server, you will have to enable some more ciphers\n"
834     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
835     "This connection will now close.");
836     return FALSE;
837     } else {
838     return TRUE;
839     }
840     }
841    
842     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
843     {
844     int server_key_bits =
845     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
846     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
847     int server_key_bytes = (server_key_bits + 7) / 8;
848     int host_key_bytes = (host_key_bits + 7) / 8;
849    
850     if (server_key_bits < host_key_bits) {
851     return host_key_bytes;
852     } else {
853     return server_key_bytes;
854     }
855     }
856    
857     int CRYPT_choose_session_key(PTInstVar pvar,
858     unsigned char FAR * encrypted_key_buf)
859     {
860     int server_key_bits =
861     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
862     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
863     int server_key_bytes = (server_key_bits + 7) / 8;
864     int host_key_bytes = (host_key_bits + 7) / 8;
865     int encrypted_key_bytes;
866     int bit_delta;
867    
868     if (server_key_bits < host_key_bits) {
869     encrypted_key_bytes = host_key_bytes;
870     bit_delta = host_key_bits - server_key_bits;
871     } else {
872     encrypted_key_bytes = server_key_bytes;
873     bit_delta = server_key_bits - host_key_bits;
874     }
875    
876     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
877     notify_fatal_error(pvar,
878     "Server RSA keys are too weak. A secure connection cannot be established.");
879     return 0;
880     } else {
881     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
882     for the session ID, rather than the one specified in the RFC */
883     int session_buf_len = server_key_bytes + host_key_bytes + 8;
884     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
885     char session_id[16];
886     int i;
887    
888     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
889     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
890     session_buf + host_key_bytes);
891     memcpy(session_buf + server_key_bytes + host_key_bytes,
892     pvar->crypt_state.server_cookie, 8);
893     MD5(session_buf, session_buf_len, session_id);
894    
895     free(session_buf);
896    
897     RAND_bytes(pvar->crypt_state.sender_cipher_key,
898     SSH_SESSION_KEY_LENGTH);
899     memcpy(pvar->crypt_state.receiver_cipher_key,
900     pvar->crypt_state.sender_cipher_key,
901     SSH_SESSION_KEY_LENGTH);
902    
903     memcpy(encrypted_key_buf + encrypted_key_bytes -
904     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
905     SSH_SESSION_KEY_LENGTH);
906     for (i = 0; i < sizeof(session_id); i++) {
907     encrypted_key_buf[encrypted_key_bytes -
908     SSH_SESSION_KEY_LENGTH + i]
909     ^= session_id[i];
910     }
911    
912     if (host_key_bits > server_key_bits) {
913     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
914     encrypted_key_buf +
915     encrypted_key_bytes -
916     SSH_SESSION_KEY_LENGTH,
917     encrypted_key_buf +
918     encrypted_key_bytes - server_key_bytes,
919     pvar->crypt_state.server_key.RSA_key,
920     RSA_PKCS1_PADDING) < 0)
921     return 0;
922    
923     if (RSA_public_encrypt(server_key_bytes,
924     encrypted_key_buf +
925     encrypted_key_bytes - server_key_bytes,
926     encrypted_key_buf,
927     pvar->crypt_state.host_key.RSA_key,
928     RSA_PKCS1_PADDING) < 0)
929     return 0;
930     } else {
931     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
932     encrypted_key_buf +
933     encrypted_key_bytes -
934     SSH_SESSION_KEY_LENGTH,
935     encrypted_key_buf +
936     encrypted_key_bytes - host_key_bytes,
937     pvar->crypt_state.host_key.RSA_key,
938     RSA_PKCS1_PADDING) < 0)
939     return 0;
940    
941     if (RSA_public_encrypt(host_key_bytes,
942     encrypted_key_buf +
943     encrypted_key_bytes - host_key_bytes,
944     encrypted_key_buf,
945     pvar->crypt_state.server_key.RSA_key,
946     RSA_PKCS1_PADDING) < 0)
947     return 0;
948     }
949     }
950    
951     return 1;
952     }
953    
954     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
955     unsigned char FAR * challenge,
956     int challenge_len,
957     unsigned char FAR * response)
958     {
959     int server_key_bits =
960     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
961     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
962     int server_key_bytes = (server_key_bits + 7) / 8;
963     int host_key_bytes = (host_key_bits + 7) / 8;
964     int session_buf_len = server_key_bytes + host_key_bytes + 8;
965     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
966     char decrypted_challenge[48];
967     int decrypted_challenge_len;
968    
969     decrypted_challenge_len =
970     RSA_private_decrypt(challenge_len, challenge, challenge,
971     AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
972     RSA_PKCS1_PADDING);
973     if (decrypted_challenge_len < 0) {
974     free(session_buf);
975     return 0;
976     }
977     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
978     memcpy(decrypted_challenge,
979     challenge + decrypted_challenge_len -
980     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
981     } else {
982     memset(decrypted_challenge, 0,
983     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
984     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
985     decrypted_challenge_len, challenge,
986     decrypted_challenge_len);
987     }
988    
989     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
990     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
991     session_buf + host_key_bytes);
992     memcpy(session_buf + server_key_bytes + host_key_bytes,
993     pvar->crypt_state.server_cookie, 8);
994     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
995    
996     free(session_buf);
997    
998     MD5(decrypted_challenge, 48, response);
999    
1000     return 1;
1001     }
1002    
1003     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1004     {
1005     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1006     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1007     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1008     memset(state->ivec1, 0, 8);
1009     memset(state->ivec2, 0, 8);
1010     memset(state->ivec3, 0, 8);
1011     }
1012    
1013     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1014     {
1015     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1016     memset(state->ivec, 0, 8);
1017     }
1018    
1019     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1020     {
1021     idea_set_encrypt_key(session_key, &state->k);
1022     memset(state->ivec, 0, 8);
1023     }
1024    
1025     static void cBlowfish_init(char FAR * session_key,
1026     CipherBlowfishState FAR * state)
1027     {
1028     BF_set_key(&state->k, 32, session_key);
1029     memset(state->ivec, 0, 8);
1030     }
1031    
1032    
1033     //
1034     // SSH2�p�A���S���Y����������
1035     //
1036     // for SSH2(yutaka)
1037     //
1038     void cipher_init_SSH2(
1039     EVP_CIPHER_CTX *evp,
1040     const u_char *key, u_int keylen,
1041     const u_char *iv, u_int ivlen,
1042     int encrypt,
1043     const EVP_CIPHER *(*func)(void)
1044     )
1045     {
1046     EVP_CIPHER *type;
1047     int klen;
1048    
1049     type = (EVP_CIPHER *)func();
1050    
1051     EVP_CIPHER_CTX_init(evp);
1052     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1053     // TODO:
1054     }
1055    
1056     klen = EVP_CIPHER_CTX_key_length(evp);
1057     if (klen > 0 && keylen != klen) {
1058     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1059     // TODO:
1060     }
1061     }
1062     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1063     // TODO:
1064     }
1065     }
1066    
1067    
1068     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1069     {
1070     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1071     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1072     BOOL isOK = TRUE;
1073    
1074     if (sender_flag) {
1075     switch (pvar->crypt_state.sender_cipher) {
1076     // for SSH2(yutaka)
1077     case SSH_CIPHER_3DES_CBC:
1078     {
1079     struct Enc *enc;
1080    
1081     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1082     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1083     enc->key, 24, enc->iv, 8,
1084     CIPHER_ENCRYPT,
1085     EVP_des_ede3_cbc);
1086    
1087     //debug_print(10, enc->key, 24);
1088     //debug_print(11, enc->iv, 24);
1089    
1090     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1091     break;
1092     }
1093    
1094     // for SSH2(yutaka)
1095     case SSH_CIPHER_AES128:
1096     {
1097     struct Enc *enc;
1098    
1099     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1100     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1101     enc->key, 16, enc->iv, 16,
1102     CIPHER_ENCRYPT,
1103     EVP_aes_128_cbc);
1104    
1105     //debug_print(10, enc->key, 24);
1106     //debug_print(11, enc->iv, 24);
1107    
1108     pvar->crypt_state.encrypt = cAES128_encrypt;
1109     break;
1110     }
1111    
1112     case SSH_CIPHER_3DES:{
1113     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1114     pvar->crypt_state.encrypt = c3DES_encrypt;
1115     break;
1116     }
1117     case SSH_CIPHER_IDEA:{
1118     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1119     pvar->crypt_state.encrypt = cIDEA_encrypt;
1120     break;
1121     }
1122     case SSH_CIPHER_DES:{
1123     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1124     pvar->crypt_state.encrypt = cDES_encrypt;
1125     break;
1126     }
1127     case SSH_CIPHER_RC4:{
1128     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1129     encryption_key + 16);
1130     pvar->crypt_state.encrypt = cRC4_encrypt;
1131     break;
1132     }
1133     case SSH_CIPHER_BLOWFISH:{
1134     cBlowfish_init(encryption_key,
1135     &pvar->crypt_state.enc.cBlowfish);
1136     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1137     break;
1138     }
1139     default:
1140     isOK = FALSE;
1141     }
1142     }
1143    
1144    
1145     if (receiver_flag) {
1146     switch (pvar->crypt_state.receiver_cipher) {
1147     // for SSH2(yutaka)
1148     case SSH_CIPHER_3DES_CBC:
1149     {
1150     struct Enc *enc;
1151    
1152     enc = &pvar->ssh2_keys[MODE_IN].enc;
1153     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1154     enc->key, 24, enc->iv, 8,
1155     CIPHER_DECRYPT,
1156     EVP_des_ede3_cbc);
1157    
1158     //debug_print(12, enc->key, 24);
1159     //debug_print(13, enc->iv, 24);
1160    
1161     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1162     break;
1163     }
1164    
1165     // for SSH2(yutaka)
1166     case SSH_CIPHER_AES128:
1167     {
1168     struct Enc *enc;
1169    
1170     enc = &pvar->ssh2_keys[MODE_IN].enc;
1171     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1172     enc->key, 16, enc->iv, 16,
1173     CIPHER_DECRYPT,
1174     EVP_aes_128_cbc);
1175    
1176     //debug_print(12, enc->key, 24);
1177     //debug_print(13, enc->iv, 24);
1178    
1179     pvar->crypt_state.decrypt = cAES128_decrypt;
1180     break;
1181     }
1182    
1183     case SSH_CIPHER_3DES:{
1184     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1185     pvar->crypt_state.decrypt = c3DES_decrypt;
1186     break;
1187     }
1188     case SSH_CIPHER_IDEA:{
1189     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1190     pvar->crypt_state.decrypt = cIDEA_decrypt;
1191     break;
1192     }
1193     case SSH_CIPHER_DES:{
1194     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1195     pvar->crypt_state.decrypt = cDES_decrypt;
1196     break;
1197     }
1198     case SSH_CIPHER_RC4:{
1199     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1200     pvar->crypt_state.decrypt = cRC4_decrypt;
1201     break;
1202     }
1203     case SSH_CIPHER_BLOWFISH:{
1204     cBlowfish_init(decryption_key,
1205     &pvar->crypt_state.dec.cBlowfish);
1206     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1207     break;
1208     }
1209     default:
1210     isOK = FALSE;
1211     }
1212     }
1213    
1214    
1215     if (!isOK) {
1216     notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1217     return FALSE;
1218     } else {
1219     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1220     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1221     return TRUE;
1222     }
1223     }
1224    
1225     void CRYPT_init(PTInstVar pvar)
1226     {
1227     pvar->crypt_state.encrypt = no_encrypt;
1228     pvar->crypt_state.decrypt = no_encrypt;
1229     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1230     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1231     pvar->crypt_state.server_key.RSA_key = NULL;
1232     pvar->crypt_state.host_key.RSA_key = NULL;
1233    
1234     pvar->crypt_state.detect_attack_statics.h = NULL;
1235     pvar->crypt_state.detect_attack_statics.n =
1236     HASH_MINSIZE / HASH_ENTRYSIZE;
1237     }
1238    
1239     static char FAR *get_cipher_name(int cipher)
1240     {
1241     switch (cipher) {
1242     case SSH_CIPHER_NONE:
1243     return "None";
1244     case SSH_CIPHER_3DES:
1245     return "3DES (168 key bits)";
1246     case SSH_CIPHER_DES:
1247     return "DES (56 key bits)";
1248     case SSH_CIPHER_IDEA:
1249     return "IDEA (128 key bits)";
1250     case SSH_CIPHER_RC4:
1251     return "RC4 (128 key bits)";
1252     case SSH_CIPHER_BLOWFISH:
1253     return "Blowfish (256 key bits)";
1254    
1255     // SSH2
1256     case SSH_CIPHER_3DES_CBC:
1257     return "3DES-CBC";
1258     case SSH_CIPHER_AES128:
1259     return "AES128";
1260    
1261     default:
1262     return "Unknown";
1263     }
1264     }
1265    
1266     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1267     {
1268     _snprintf(dest, len, "%s to server, %s from server",
1269     get_cipher_name(pvar->crypt_state.sender_cipher),
1270     get_cipher_name(pvar->crypt_state.receiver_cipher));
1271     dest[len - 1] = 0;
1272     }
1273    
1274     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1275     {
1276     if (SSHv1(pvar)) {
1277     if (pvar->crypt_state.server_key.RSA_key == NULL
1278     || pvar->crypt_state.host_key.RSA_key == NULL) {
1279     strncpy(dest, "None", len);
1280     } else {
1281     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1282     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1283     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1284     }
1285    
1286     } else { // SSH2
1287     _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1288     pvar->server_key_bits,
1289     pvar->client_key_bits);
1290    
1291     }
1292    
1293     dest[len - 1] = 0;
1294     }
1295    
1296     static void destroy_public_key(CRYPTPublicKey FAR * key)
1297     {
1298     if (key->RSA_key != NULL) {
1299     RSA_free(key->RSA_key);
1300     key->RSA_key = NULL;
1301     }
1302     }
1303    
1304     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1305     {
1306     destroy_public_key(key);
1307     free(key);
1308     }
1309    
1310     void CRYPT_end(PTInstVar pvar)
1311     {
1312     destroy_public_key(&pvar->crypt_state.host_key);
1313     destroy_public_key(&pvar->crypt_state.server_key);
1314    
1315     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1316     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1317     pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1318     free(pvar->crypt_state.detect_attack_statics.h);
1319     }
1320    
1321     memset(pvar->crypt_state.sender_cipher_key, 0,
1322     sizeof(pvar->crypt_state.sender_cipher_key));
1323     memset(pvar->crypt_state.receiver_cipher_key, 0,
1324     sizeof(pvar->crypt_state.receiver_cipher_key));
1325     memset(pvar->crypt_state.server_cookie, 0,
1326     sizeof(pvar->crypt_state.server_cookie));
1327     memset(pvar->crypt_state.client_cookie, 0,
1328     sizeof(pvar->crypt_state.client_cookie));
1329     memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1330     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1331     }
1332    
1333     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1334     char FAR * buf, int bytes)
1335     {
1336     unsigned char passphrase_key[16];
1337    
1338     MD5(passphrase, strlen(passphrase), passphrase_key);
1339    
1340     switch (cipher) {
1341     case SSH_CIPHER_3DES:{
1342     Cipher3DESState state;
1343    
1344     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1345     &state.k1);
1346     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1347     &state.k2);
1348     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1349     &state.k3);
1350     memset(state.ivec1, 0, 8);
1351     memset(state.ivec2, 0, 8);
1352     memset(state.ivec3, 0, 8);
1353     DES_ncbc_encrypt(buf, buf, bytes,
1354     &state.k3, &state.ivec3, DES_DECRYPT);
1355     DES_ncbc_encrypt(buf, buf, bytes,
1356     &state.k2, &state.ivec2, DES_ENCRYPT);
1357     DES_ncbc_encrypt(buf, buf, bytes,
1358     &state.k1, &state.ivec1, DES_DECRYPT);
1359     break;
1360     }
1361    
1362     case SSH_CIPHER_IDEA:{
1363     CipherIDEAState state;
1364     int num = 0;
1365    
1366     cIDEA_init(passphrase_key, &state);
1367     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1368     &num, IDEA_DECRYPT);
1369     break;
1370     }
1371    
1372     case SSH_CIPHER_DES:{
1373     CipherDESState state;
1374    
1375     cDES_init(passphrase_key, &state);
1376     DES_ncbc_encrypt(buf, buf, bytes,
1377     &state.k, &state.ivec, DES_DECRYPT);
1378     break;
1379     }
1380    
1381     case SSH_CIPHER_RC4:{
1382     CipherRC4State state;
1383     int num = 0;
1384    
1385     RC4_set_key(&state.k, 16, passphrase_key);
1386     RC4(&state.k, bytes, buf, buf);
1387     break;
1388     }
1389    
1390     case SSH_CIPHER_BLOWFISH:{
1391     CipherBlowfishState state;
1392    
1393     BF_set_key(&state.k, 16, passphrase_key);
1394     memset(state.ivec, 0, 8);
1395     flip_endianness(buf, bytes);
1396     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1397     BF_DECRYPT);
1398     flip_endianness(buf, bytes);
1399     break;
1400     }
1401    
1402     case SSH_CIPHER_NONE:
1403     break;
1404    
1405     default:
1406     memset(passphrase_key, 0, sizeof(passphrase_key));
1407     return 0;
1408     }
1409    
1410     memset(passphrase_key, 0, sizeof(passphrase_key));
1411     return 1;
1412     }
1413    
1414     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1415     {
1416 yutakakn 2762 if (key_pair->RSA_key != NULL)
1417     RSA_free(key_pair->RSA_key);
1418    
1419     if (key_pair->DSA_key != NULL)
1420     DSA_free(key_pair->DSA_key);
1421    
1422 yutakakn 2728 free(key_pair);
1423     }
1424 yutakakn 2762
1425     /*
1426     * $Log: not supported by cvs2svn $
1427 yutakakn 2857 * Revision 1.4 2005/07/09 05:16:06 yutakakn
1428     * OpenSSL 0.9.8���r���h�����������������B
1429     *
1430 yutakakn 2831 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1431     * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1432     *
1433 yutakakn 2762 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help