Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2980 - (hide annotations) (download) (as text)
Wed Jun 6 14:10:12 2007 UTC (16 years, 10 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 40737 byte(s) 
プリプロセッサにより構造体が変わってしまうので、INET6 と I18N の #define を逆転させた。
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40 yutakakn 2831 #include <openssl/dsa.h>
41 yutakakn 2728 #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51 maya 2980 * $Id: crypt.c,v 1.8 2007-06-06 14:10:12 maya Exp $ Cryptographic attack
52 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202     default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204     buf, bytes, NULL) == DEATTACK_DETECTED;
205     }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218     int bytes)
219     {
220     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221     unsigned char *newbuf = malloc(bytes);
222     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223    
224     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225     if (bytes == 0)
226     return;
227    
228     if (newbuf == NULL)
229     return;
230    
231     if (bytes % block_size) {
232     char tmp[80];
233 maya 2980 #ifndef NO_I18N
234 maya 2937 strcpy(pvar->ts->UIMsg, "AES128 encrypt error(1): bytes %d (%d)");
235     UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar);
236     _snprintf(tmp, sizeof(tmp), pvar->ts->UIMsg, bytes, block_size);
237     #else
238 yutakakn 2728 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
239 maya 2937 #endif
240 yutakakn 2728 notify_fatal_error(pvar, tmp);
241     goto error;
242     }
243    
244     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
245     // TODO: failure
246 maya 2980 #ifndef NO_I18N
247 maya 2937 strcpy(pvar->ts->UIMsg, "AES128 encrypt error(1): bytes %d (%d)");
248     UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar);
249     notify_fatal_error(pvar, pvar->ts->UIMsg);
250     #else
251 yutakakn 2728 notify_fatal_error(pvar, "AES128 encrypt error(2)");
252 maya 2937 #endif
253 yutakakn 2728
254     } else {
255     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
256     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
257     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
258    
259     //debug_print(50, key, 24);
260     //debug_print(51, iv, 8);
261     //debug_print(52, buf, bytes);
262     //debug_print(53, newbuf, bytes);
263    
264     memcpy(buf, newbuf, bytes);
265     }
266    
267     error:
268     free(newbuf);
269     }
270    
271     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
272     int bytes)
273     {
274     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
275     unsigned char *newbuf = malloc(bytes);
276     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
277    
278     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
279     if (bytes == 0)
280     return;
281    
282     if (newbuf == NULL)
283     return;
284    
285     if (bytes % block_size) {
286     char tmp[80];
287 maya 2980 #ifndef NO_I18N
288 maya 2937 strcpy(pvar->ts->UIMsg, "AES128 decrypt error(1): bytes %d (%d)");
289     UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar);
290     _snprintf(tmp, sizeof(tmp), pvar->ts->UIMsg, bytes, block_size);
291     #else
292 yutakakn 2728 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
293 maya 2937 #endif
294 yutakakn 2728 notify_fatal_error(pvar, tmp);
295     goto error;
296     }
297    
298     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
299     // TODO:
300 maya 2980 #ifndef NO_I18N
301 maya 2937 strcpy(pvar->ts->UIMsg, "AES128 decrypt error(2)");
302     UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar);
303     notify_fatal_error(pvar, pvar->ts->UIMsg);
304     #else
305 yutakakn 2728 notify_fatal_error(pvar, "AES128 decrypt error(2)");
306 maya 2937 #endif
307 yutakakn 2728
308     } else {
309     #if 0
310     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
311     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
312     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
313    
314     {
315     static int no = 70;
316     debug_print(no, buf, bytes);
317     //debug_print(no, key, AES128_KEYLEN);
318     //debug_print(10*no, iv, AES128_IVLEN);
319     debug_print(30*no, newbuf, bytes);
320     no++;
321     }
322     #endif
323    
324     memcpy(buf, newbuf, bytes);
325     }
326    
327     error:;
328     free(newbuf);
329     }
330    
331    
332    
333     // for SSH2(yutaka)
334     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
335     int bytes)
336     {
337     unsigned char key[24], iv[8];
338     unsigned char *newbuf = malloc(bytes);
339    
340     if (newbuf == NULL)
341     return;
342    
343     #if 1
344    
345     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
346     // TODO: failure
347     } else {
348     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
349     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
350     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
351    
352     //debug_print(50, key, 24);
353     //debug_print(51, iv, 8);
354     //debug_print(52, buf, bytes);
355     //debug_print(53, newbuf, bytes);
356    
357     memcpy(buf, newbuf, bytes);
358     }
359     free(newbuf);
360     #else
361    
362     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
363     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
364     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
365    
366     //debug_print(50, key, 24);
367     //debug_print(51, iv, 8);
368     //debug_print(52, buf, bytes);
369    
370     #if 0
371     DES_ede3_cbc_encrypt(
372     buf, newbuf, bytes,
373     (DES_key_schedule *)&key[0],
374     (DES_key_schedule *)&key[8],
375     (DES_key_schedule *)&key[16],
376     (DES_cblock *)iv,
377     DES_ENCRYPT);
378     #else
379     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
380     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
381     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
382    
383     #endif
384    
385     //debug_print(53, newbuf, bytes);
386    
387     memcpy(buf, newbuf, bytes);
388     free(newbuf);
389    
390     #endif
391     }
392    
393     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
394     int bytes)
395     {
396     unsigned char key[24], iv[8];
397     unsigned char *newbuf = malloc(bytes);
398    
399     if (newbuf == NULL)
400     return;
401    
402     #if 1
403     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
404     // TODO:
405    
406     } else {
407     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
408     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
409     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
410    
411     //debug_print(70, key, 24);
412     //debug_print(71, iv, 8);
413     //debug_print(72, buf, bytes);
414     //debug_print(73, newbuf, bytes);
415    
416     memcpy(buf, newbuf, bytes);
417     }
418     free(newbuf);
419    
420     #else
421     unsigned char *key, iv[8];
422     unsigned char *newbuf = malloc(bytes);
423     if (newbuf == NULL)
424     return;
425    
426     key = pvar->ssh2_keys[MODE_IN].enc.key;
427     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
428     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
429    
430     //debug_print(60, key, 24);
431     //debug_print(61, iv, 8);
432     //debug_print(62, buf, bytes);
433    
434     DES_ede3_cbc_encrypt(
435     buf, newbuf, bytes,
436     (DES_key_schedule *)&key[0],
437     (DES_key_schedule *)&key[8],
438     (DES_key_schedule *)&key[16],
439     (DES_cblock *)iv,
440     DES_DECRYPT);
441    
442     //debug_print(63, newbuf, bytes);
443    
444     memcpy(buf, newbuf, bytes);
445    
446     free(newbuf);
447     #endif
448     }
449    
450    
451     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
452     int bytes)
453     {
454     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
455    
456     DES_ncbc_encrypt(buf, buf, bytes,
457     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
458     DES_ncbc_encrypt(buf, buf, bytes,
459     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
460     DES_ncbc_encrypt(buf, buf, bytes,
461     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
462     }
463    
464     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
465     int bytes)
466     {
467     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
468    
469     DES_ncbc_encrypt(buf, buf, bytes,
470     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
471     DES_ncbc_encrypt(buf, buf, bytes,
472     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
473     DES_ncbc_encrypt(buf, buf, bytes,
474     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
475     }
476    
477     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
478     int bytes)
479     {
480     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
481    
482     DES_ncbc_encrypt(buf, buf, bytes,
483     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
484     }
485    
486     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
487     int bytes)
488     {
489     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
490    
491     DES_ncbc_encrypt(buf, buf, bytes,
492     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
493     }
494    
495     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
496     int bytes)
497     {
498     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
499     int num = 0;
500    
501     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
502     encryptstate->ivec, &num, IDEA_ENCRYPT);
503     }
504    
505     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
506     int bytes)
507     {
508     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
509     int num = 0;
510    
511     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
512     decryptstate->ivec, &num, IDEA_DECRYPT);
513     }
514    
515     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
516     {
517     uint32 FAR *buf = (uint32 FAR *) cbuf;
518     int count = bytes / 4;
519    
520     while (count > 0) {
521     uint32 w = *buf;
522    
523     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
524     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
525     count--;
526     buf++;
527     }
528     }
529    
530     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531     int bytes)
532     {
533     CipherBlowfishState FAR *encryptstate =
534     &pvar->crypt_state.enc.cBlowfish;
535    
536     flip_endianness(buf, bytes);
537     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
538     BF_ENCRYPT);
539     flip_endianness(buf, bytes);
540     }
541    
542     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
543     int bytes)
544     {
545     CipherBlowfishState FAR *decryptstate =
546     &pvar->crypt_state.dec.cBlowfish;
547    
548     flip_endianness(buf, bytes);
549     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
550     BF_DECRYPT);
551     flip_endianness(buf, bytes);
552     }
553    
554     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
555     int bytes)
556     {
557     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
558     int num = 0;
559    
560     RC4(&encryptstate->k, bytes, buf, buf);
561     }
562    
563     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
564     int bytes)
565     {
566     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
567     int num = 0;
568    
569     RC4(&decryptstate->k, bytes, buf, buf);
570     }
571    
572     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
573     int bytes)
574     {
575     RAND_bytes(buf, bytes);
576     }
577    
578     void CRYPT_initialize_random_numbers(PTInstVar pvar)
579     {
580     RAND_screen();
581     }
582    
583     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
584     {
585     int bits = get_ushort16_MSBfirst(bytes);
586    
587     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
588     }
589    
590 yutakakn 2857 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
591     RSA FAR *make_key(PTInstVar pvar,
592 yutakakn 2728 int bits, unsigned char FAR * exp,
593     unsigned char FAR * mod)
594     {
595     RSA FAR *key = RSA_new();
596    
597     if (key != NULL) {
598     key->e = get_bignum(exp);
599     key->n = get_bignum(mod);
600     }
601    
602     if (key == NULL || key->e == NULL || key->n == NULL) {
603 maya 2980 #ifndef NO_I18N
604 maya 2937 strcpy(pvar->ts->UIMsg, "Error setting up RSA keys");
605     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar);
606     notify_fatal_error(pvar, pvar->ts->UIMsg);
607     #else
608 yutakakn 2728 notify_fatal_error(pvar, "Error setting up RSA keys");
609 maya 2937 #endif
610 yutakakn 2728
611     if (key != NULL) {
612     if (key->e != NULL) {
613     BN_free(key->e);
614     }
615     if (key->n != NULL) {
616     BN_free(key->n);
617     }
618     RSA_free(key);
619     }
620    
621     return NULL;
622     } else {
623     return key;
624     }
625     }
626    
627     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
628     {
629     if (SSHv1(pvar)) {
630     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
631     } else {
632     memcpy(pvar->crypt_state.server_cookie, cookie,
633     SSH2_COOKIE_LENGTH);
634     }
635     }
636    
637     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
638     {
639     if (SSHv2(pvar)) {
640     memcpy(pvar->crypt_state.client_cookie, cookie,
641     SSH2_COOKIE_LENGTH);
642     }
643     }
644    
645     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
646     int bits, unsigned char FAR * exp,
647     unsigned char FAR * mod)
648     {
649     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
650    
651     return pvar->crypt_state.server_key.RSA_key != NULL;
652     }
653    
654     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
655     int bits, unsigned char FAR * exp,
656     unsigned char FAR * mod)
657     {
658     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
659    
660     return pvar->crypt_state.host_key.RSA_key != NULL;
661     }
662    
663     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
664     int receiver_ciphers)
665     {
666     int cipher_mask;
667    
668     if (SSHv1(pvar)) {
669     cipher_mask = (1 << SSH_CIPHER_DES)
670     | (1 << SSH_CIPHER_3DES)
671     | (1 << SSH_CIPHER_BLOWFISH);
672    
673     } else { // for SSH2(yutaka)
674     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
675     cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
676    
677     }
678    
679     sender_ciphers &= cipher_mask;
680     receiver_ciphers &= cipher_mask;
681     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
682     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
683    
684     if (sender_ciphers == 0) {
685 maya 2980 #ifndef NO_I18N
686 maya 2937 strcpy(pvar->ts->UIMsg,
687     "The server does not support any of the TTSSH encryption algorithms.\n"
688     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
689     "The connection will be closed.");
690     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
691     notify_fatal_error(pvar, pvar->ts->UIMsg);
692    
693     #else
694 yutakakn 2728 notify_fatal_error(pvar,
695     "The server does not support any of the TTSSH encryption algorithms.\n"
696     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
697     "The connection will be closed.");
698 maya 2937 #endif
699 yutakakn 2728 return FALSE;
700     } else if (receiver_ciphers == 0) {
701 maya 2980 #ifndef NO_I18N
702 maya 2937 strcpy(pvar->ts->UIMsg,
703     "The server does not support any of the TTSSH encryption algorithms.\n"
704     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
705     "The connection will be closed.");
706     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
707     notify_fatal_error(pvar, pvar->ts->UIMsg);
708    
709     #else
710 yutakakn 2728 notify_fatal_error(pvar,
711     "The server does not support any of the TTSSH encryption algorithms.\n"
712     "A secure connection cannot be made in the server-to-TTSSH direction.\n"
713     "The connection will be closed.");
714 maya 2937 #endif
715 yutakakn 2728 return FALSE;
716     } else {
717     return TRUE;
718     }
719     }
720    
721     int CRYPT_get_decryption_block_size(PTInstVar pvar)
722     {
723     if (SSHv1(pvar)) {
724     return 8;
725     } else {
726     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
727     // cf. 3DES=8, AES128=16
728     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
729     }
730     }
731    
732     int CRYPT_get_encryption_block_size(PTInstVar pvar)
733     {
734     if (SSHv1(pvar)) {
735     return 8;
736     } else {
737     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
738     // cf. 3DES=8, AES128=16
739     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
740     }
741     }
742    
743     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
744     {
745     struct Mac *mac;
746    
747     if (SSHv1(pvar)) {
748     return 0;
749    
750     } else { // for SSH2(yutaka)
751     mac = &pvar->ssh2_keys[MODE_IN].mac;
752     if (mac == NULL || mac->enabled == 0)
753     return 0;
754    
755     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
756     }
757    
758     }
759    
760 yutakakn 2757 // HMAC������
761     // ���{������ SSH2 �������g�p�������B
762     // (2004.12.17 yutaka)
763 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
764     char FAR * data, int len, char FAR * MAC)
765     {
766 yutakakn 2757 HMAC_CTX c;
767     unsigned char m[EVP_MAX_MD_SIZE];
768     unsigned char b[4];
769     struct Mac *mac;
770    
771     mac = &pvar->ssh2_keys[MODE_IN].mac;
772    
773     // HMAC�������L���������������A����OK�����������B
774     if (mac == NULL || mac->enabled == 0)
775     return TRUE;
776    
777     if (mac->key == NULL)
778     goto error;
779    
780     if ((u_int)mac->mac_len > sizeof(m))
781     goto error;
782    
783     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
784     set_uint32_MSBfirst(b, sequence_number);
785     HMAC_Update(&c, b, sizeof(b));
786     HMAC_Update(&c, data, len);
787     HMAC_Final(&c, m, NULL);
788     HMAC_cleanup(&c);
789    
790     if (memcmp(m, MAC, mac->mac_len)) {
791     goto error;
792     }
793    
794 yutakakn 2728 return TRUE;
795 yutakakn 2757
796     error:
797     return FALSE;
798 yutakakn 2728 }
799    
800     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
801     {
802     struct Mac *mac;
803    
804     if (SSHv2(pvar)) { // for SSH2(yutaka)
805     mac = &pvar->ssh2_keys[MODE_OUT].mac;
806     if (mac == NULL || mac->enabled == 0)
807     return 0;
808    
809     return (mac->mac_len);
810     }
811    
812     return 0;
813     }
814    
815     // for SSH2
816     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
817     char FAR * data, int len, char FAR * MAC)
818     {
819     HMAC_CTX c;
820     static u_char m[EVP_MAX_MD_SIZE];
821     u_char b[4];
822     struct Mac *mac;
823    
824     if (SSHv2(pvar)) { // for SSH2(yutaka)
825     mac = &pvar->ssh2_keys[MODE_OUT].mac;
826     if (mac == NULL || mac->enabled == 0)
827     return FALSE;
828    
829     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
830     set_uint32_MSBfirst(b, sequence_number);
831     HMAC_Update(&c, b, sizeof(b));
832     HMAC_Update(&c, data, len);
833     HMAC_Final(&c, m, NULL);
834     HMAC_cleanup(&c);
835    
836     // 20�o�C�g�������R�s�[
837     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
838     // memcpy(MAC, m, sizeof(m));
839    
840     return TRUE;
841     }
842    
843     return TRUE;
844    
845     }
846    
847     static int choose_cipher(PTInstVar pvar, int supported)
848     {
849     int i;
850    
851     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
852     int cipher = pvar->session_settings.CipherOrder[i] - '0';
853    
854     if (cipher == SSH_CIPHER_NONE) {
855     break;
856     } else if ((supported & (1 << cipher)) != 0) {
857     return cipher;
858     }
859     }
860    
861     return SSH_CIPHER_NONE;
862     }
863    
864     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
865     {
866     if (SSHv1(pvar)) {
867     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
868     pvar->crypt_state.
869     supported_sender_ciphers);
870     pvar->crypt_state.receiver_cipher =
871     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
872    
873     } else { // SSH2(yutaka)
874     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
875     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
876    
877     }
878    
879     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
880     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
881 maya 2980 #ifndef NO_I18N
882 maya 2937 strcpy(pvar->ts->UIMsg,
883     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
884     "To communicate with this server, you will have to enable some more ciphers\n"
885     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
886     "This connection will now close.");
887     UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar);
888     notify_fatal_error(pvar, pvar->ts->UIMsg);
889     #else
890 yutakakn 2728 notify_fatal_error(pvar,
891     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
892     "To communicate with this server, you will have to enable some more ciphers\n"
893     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
894     "This connection will now close.");
895 maya 2937 #endif
896 yutakakn 2728 return FALSE;
897     } else {
898     return TRUE;
899     }
900     }
901    
902     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
903     {
904     int server_key_bits =
905     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
906     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
907     int server_key_bytes = (server_key_bits + 7) / 8;
908     int host_key_bytes = (host_key_bits + 7) / 8;
909    
910     if (server_key_bits < host_key_bits) {
911     return host_key_bytes;
912     } else {
913     return server_key_bytes;
914     }
915     }
916    
917     int CRYPT_choose_session_key(PTInstVar pvar,
918     unsigned char FAR * encrypted_key_buf)
919     {
920     int server_key_bits =
921     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
922     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
923     int server_key_bytes = (server_key_bits + 7) / 8;
924     int host_key_bytes = (host_key_bits + 7) / 8;
925     int encrypted_key_bytes;
926     int bit_delta;
927    
928     if (server_key_bits < host_key_bits) {
929     encrypted_key_bytes = host_key_bytes;
930     bit_delta = host_key_bits - server_key_bits;
931     } else {
932     encrypted_key_bytes = server_key_bytes;
933     bit_delta = server_key_bits - host_key_bits;
934     }
935    
936     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
937 maya 2980 #ifndef NO_I18N
938 maya 2937 strcpy(pvar->ts->UIMsg,
939     "Server RSA keys are too weak. A secure connection cannot be established.");
940     UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar);
941     notify_fatal_error(pvar, pvar->ts->UIMsg);
942     #else
943 yutakakn 2728 notify_fatal_error(pvar,
944     "Server RSA keys are too weak. A secure connection cannot be established.");
945 maya 2937 #endif
946 yutakakn 2728 return 0;
947     } else {
948     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
949     for the session ID, rather than the one specified in the RFC */
950     int session_buf_len = server_key_bytes + host_key_bytes + 8;
951     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
952     char session_id[16];
953     int i;
954    
955     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
956     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
957     session_buf + host_key_bytes);
958     memcpy(session_buf + server_key_bytes + host_key_bytes,
959     pvar->crypt_state.server_cookie, 8);
960     MD5(session_buf, session_buf_len, session_id);
961    
962     free(session_buf);
963    
964     RAND_bytes(pvar->crypt_state.sender_cipher_key,
965     SSH_SESSION_KEY_LENGTH);
966     memcpy(pvar->crypt_state.receiver_cipher_key,
967     pvar->crypt_state.sender_cipher_key,
968     SSH_SESSION_KEY_LENGTH);
969    
970     memcpy(encrypted_key_buf + encrypted_key_bytes -
971     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
972     SSH_SESSION_KEY_LENGTH);
973     for (i = 0; i < sizeof(session_id); i++) {
974     encrypted_key_buf[encrypted_key_bytes -
975     SSH_SESSION_KEY_LENGTH + i]
976     ^= session_id[i];
977     }
978    
979     if (host_key_bits > server_key_bits) {
980     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
981     encrypted_key_buf +
982     encrypted_key_bytes -
983     SSH_SESSION_KEY_LENGTH,
984     encrypted_key_buf +
985     encrypted_key_bytes - server_key_bytes,
986     pvar->crypt_state.server_key.RSA_key,
987     RSA_PKCS1_PADDING) < 0)
988     return 0;
989    
990     if (RSA_public_encrypt(server_key_bytes,
991     encrypted_key_buf +
992     encrypted_key_bytes - server_key_bytes,
993     encrypted_key_buf,
994     pvar->crypt_state.host_key.RSA_key,
995     RSA_PKCS1_PADDING) < 0)
996     return 0;
997     } else {
998     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
999     encrypted_key_buf +
1000     encrypted_key_bytes -
1001     SSH_SESSION_KEY_LENGTH,
1002     encrypted_key_buf +
1003     encrypted_key_bytes - host_key_bytes,
1004     pvar->crypt_state.host_key.RSA_key,
1005     RSA_PKCS1_PADDING) < 0)
1006     return 0;
1007    
1008     if (RSA_public_encrypt(host_key_bytes,
1009     encrypted_key_buf +
1010     encrypted_key_bytes - host_key_bytes,
1011     encrypted_key_buf,
1012     pvar->crypt_state.server_key.RSA_key,
1013     RSA_PKCS1_PADDING) < 0)
1014     return 0;
1015     }
1016     }
1017    
1018     return 1;
1019     }
1020    
1021     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1022     unsigned char FAR * challenge,
1023     int challenge_len,
1024     unsigned char FAR * response)
1025     {
1026     int server_key_bits =
1027     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1028     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1029     int server_key_bytes = (server_key_bits + 7) / 8;
1030     int host_key_bytes = (host_key_bits + 7) / 8;
1031     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1032     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1033     char decrypted_challenge[48];
1034     int decrypted_challenge_len;
1035    
1036     decrypted_challenge_len =
1037     RSA_private_decrypt(challenge_len, challenge, challenge,
1038     AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1039     RSA_PKCS1_PADDING);
1040     if (decrypted_challenge_len < 0) {
1041     free(session_buf);
1042     return 0;
1043     }
1044     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1045     memcpy(decrypted_challenge,
1046     challenge + decrypted_challenge_len -
1047     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1048     } else {
1049     memset(decrypted_challenge, 0,
1050     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1051     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1052     decrypted_challenge_len, challenge,
1053     decrypted_challenge_len);
1054     }
1055    
1056     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1057     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1058     session_buf + host_key_bytes);
1059     memcpy(session_buf + server_key_bytes + host_key_bytes,
1060     pvar->crypt_state.server_cookie, 8);
1061     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1062    
1063     free(session_buf);
1064    
1065     MD5(decrypted_challenge, 48, response);
1066    
1067     return 1;
1068     }
1069    
1070     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1071     {
1072     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1073     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1074     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1075     memset(state->ivec1, 0, 8);
1076     memset(state->ivec2, 0, 8);
1077     memset(state->ivec3, 0, 8);
1078     }
1079    
1080     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1081     {
1082     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1083     memset(state->ivec, 0, 8);
1084     }
1085    
1086     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1087     {
1088     idea_set_encrypt_key(session_key, &state->k);
1089     memset(state->ivec, 0, 8);
1090     }
1091    
1092     static void cBlowfish_init(char FAR * session_key,
1093     CipherBlowfishState FAR * state)
1094     {
1095     BF_set_key(&state->k, 32, session_key);
1096     memset(state->ivec, 0, 8);
1097     }
1098    
1099    
1100     //
1101     // SSH2�p�A���S���Y����������
1102     //
1103     // for SSH2(yutaka)
1104     //
1105     void cipher_init_SSH2(
1106     EVP_CIPHER_CTX *evp,
1107     const u_char *key, u_int keylen,
1108     const u_char *iv, u_int ivlen,
1109     int encrypt,
1110     const EVP_CIPHER *(*func)(void)
1111     )
1112     {
1113     EVP_CIPHER *type;
1114     int klen;
1115    
1116     type = (EVP_CIPHER *)func();
1117    
1118     EVP_CIPHER_CTX_init(evp);
1119     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1120     // TODO:
1121     }
1122    
1123     klen = EVP_CIPHER_CTX_key_length(evp);
1124     if (klen > 0 && keylen != klen) {
1125     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1126     // TODO:
1127     }
1128     }
1129     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1130     // TODO:
1131     }
1132     }
1133    
1134    
1135     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1136     {
1137     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1138     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1139     BOOL isOK = TRUE;
1140    
1141     if (sender_flag) {
1142     switch (pvar->crypt_state.sender_cipher) {
1143     // for SSH2(yutaka)
1144     case SSH_CIPHER_3DES_CBC:
1145     {
1146     struct Enc *enc;
1147    
1148     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1149     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1150     enc->key, 24, enc->iv, 8,
1151     CIPHER_ENCRYPT,
1152     EVP_des_ede3_cbc);
1153    
1154     //debug_print(10, enc->key, 24);
1155     //debug_print(11, enc->iv, 24);
1156    
1157     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1158     break;
1159     }
1160    
1161     // for SSH2(yutaka)
1162     case SSH_CIPHER_AES128:
1163     {
1164     struct Enc *enc;
1165    
1166     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1167     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1168     enc->key, 16, enc->iv, 16,
1169     CIPHER_ENCRYPT,
1170     EVP_aes_128_cbc);
1171    
1172     //debug_print(10, enc->key, 24);
1173     //debug_print(11, enc->iv, 24);
1174    
1175     pvar->crypt_state.encrypt = cAES128_encrypt;
1176     break;
1177     }
1178    
1179     case SSH_CIPHER_3DES:{
1180     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1181     pvar->crypt_state.encrypt = c3DES_encrypt;
1182     break;
1183     }
1184     case SSH_CIPHER_IDEA:{
1185     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1186     pvar->crypt_state.encrypt = cIDEA_encrypt;
1187     break;
1188     }
1189     case SSH_CIPHER_DES:{
1190     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1191     pvar->crypt_state.encrypt = cDES_encrypt;
1192     break;
1193     }
1194     case SSH_CIPHER_RC4:{
1195     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1196     encryption_key + 16);
1197     pvar->crypt_state.encrypt = cRC4_encrypt;
1198     break;
1199     }
1200     case SSH_CIPHER_BLOWFISH:{
1201     cBlowfish_init(encryption_key,
1202     &pvar->crypt_state.enc.cBlowfish);
1203     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1204     break;
1205     }
1206     default:
1207     isOK = FALSE;
1208     }
1209     }
1210    
1211    
1212     if (receiver_flag) {
1213     switch (pvar->crypt_state.receiver_cipher) {
1214     // for SSH2(yutaka)
1215     case SSH_CIPHER_3DES_CBC:
1216     {
1217     struct Enc *enc;
1218    
1219     enc = &pvar->ssh2_keys[MODE_IN].enc;
1220     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1221     enc->key, 24, enc->iv, 8,
1222     CIPHER_DECRYPT,
1223     EVP_des_ede3_cbc);
1224    
1225     //debug_print(12, enc->key, 24);
1226     //debug_print(13, enc->iv, 24);
1227    
1228     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1229     break;
1230     }
1231    
1232     // for SSH2(yutaka)
1233     case SSH_CIPHER_AES128:
1234     {
1235     struct Enc *enc;
1236    
1237     enc = &pvar->ssh2_keys[MODE_IN].enc;
1238     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1239     enc->key, 16, enc->iv, 16,
1240     CIPHER_DECRYPT,
1241     EVP_aes_128_cbc);
1242    
1243     //debug_print(12, enc->key, 24);
1244     //debug_print(13, enc->iv, 24);
1245    
1246     pvar->crypt_state.decrypt = cAES128_decrypt;
1247     break;
1248     }
1249    
1250     case SSH_CIPHER_3DES:{
1251     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1252     pvar->crypt_state.decrypt = c3DES_decrypt;
1253     break;
1254     }
1255     case SSH_CIPHER_IDEA:{
1256     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1257     pvar->crypt_state.decrypt = cIDEA_decrypt;
1258     break;
1259     }
1260     case SSH_CIPHER_DES:{
1261     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1262     pvar->crypt_state.decrypt = cDES_decrypt;
1263     break;
1264     }
1265     case SSH_CIPHER_RC4:{
1266     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1267     pvar->crypt_state.decrypt = cRC4_decrypt;
1268     break;
1269     }
1270     case SSH_CIPHER_BLOWFISH:{
1271     cBlowfish_init(decryption_key,
1272     &pvar->crypt_state.dec.cBlowfish);
1273     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1274     break;
1275     }
1276     default:
1277     isOK = FALSE;
1278     }
1279     }
1280    
1281    
1282     if (!isOK) {
1283 maya 2980 #ifndef NO_I18N
1284 maya 2937 strcpy(pvar->ts->UIMsg, "No cipher selected!");
1285     UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar);
1286     notify_fatal_error(pvar, pvar->ts->UIMsg);
1287     #else
1288 yutakakn 2728 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1289 maya 2937 #endif
1290 yutakakn 2728 return FALSE;
1291     } else {
1292     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1293     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1294     return TRUE;
1295     }
1296     }
1297    
1298     void CRYPT_init(PTInstVar pvar)
1299     {
1300     pvar->crypt_state.encrypt = no_encrypt;
1301     pvar->crypt_state.decrypt = no_encrypt;
1302     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1303     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1304     pvar->crypt_state.server_key.RSA_key = NULL;
1305     pvar->crypt_state.host_key.RSA_key = NULL;
1306    
1307     pvar->crypt_state.detect_attack_statics.h = NULL;
1308     pvar->crypt_state.detect_attack_statics.n =
1309     HASH_MINSIZE / HASH_ENTRYSIZE;
1310     }
1311    
1312     static char FAR *get_cipher_name(int cipher)
1313     {
1314     switch (cipher) {
1315     case SSH_CIPHER_NONE:
1316     return "None";
1317     case SSH_CIPHER_3DES:
1318     return "3DES (168 key bits)";
1319     case SSH_CIPHER_DES:
1320     return "DES (56 key bits)";
1321     case SSH_CIPHER_IDEA:
1322     return "IDEA (128 key bits)";
1323     case SSH_CIPHER_RC4:
1324     return "RC4 (128 key bits)";
1325     case SSH_CIPHER_BLOWFISH:
1326     return "Blowfish (256 key bits)";
1327    
1328     // SSH2
1329     case SSH_CIPHER_3DES_CBC:
1330     return "3DES-CBC";
1331     case SSH_CIPHER_AES128:
1332     return "AES128";
1333    
1334     default:
1335     return "Unknown";
1336     }
1337     }
1338    
1339     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1340     {
1341 maya 2980 #ifndef NO_I18N
1342 maya 2949 strcpy(pvar->ts->UIMsg, "%s to server, %s from server");
1343     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar);
1344     _snprintf(dest, len, pvar->ts->UIMsg,
1345     get_cipher_name(pvar->crypt_state.sender_cipher),
1346     get_cipher_name(pvar->crypt_state.receiver_cipher));
1347     #else
1348 yutakakn 2728 _snprintf(dest, len, "%s to server, %s from server",
1349     get_cipher_name(pvar->crypt_state.sender_cipher),
1350     get_cipher_name(pvar->crypt_state.receiver_cipher));
1351 maya 2949 #endif
1352 yutakakn 2728 dest[len - 1] = 0;
1353     }
1354    
1355     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1356     {
1357     if (SSHv1(pvar)) {
1358     if (pvar->crypt_state.server_key.RSA_key == NULL
1359     || pvar->crypt_state.host_key.RSA_key == NULL) {
1360 maya 2980 #ifndef NO_I18N
1361 maya 2949 strcpy(pvar->ts->UIMsg, "None");
1362     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar);
1363     strncpy(dest, pvar->ts->UIMsg, len);
1364     #else
1365 yutakakn 2728 strncpy(dest, "None", len);
1366 maya 2949 #endif
1367 yutakakn 2728 } else {
1368 maya 2980 #ifndef NO_I18N
1369 maya 2949 strcpy(pvar->ts->UIMsg, "%d-bit server key, %d-bit host key");
1370     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1371     _snprintf(dest, len, pvar->ts->UIMsg,
1372     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1373     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1374     #else
1375 yutakakn 2728 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1376     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1377     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1378 maya 2949 #endif
1379 yutakakn 2728 }
1380    
1381     } else { // SSH2
1382 maya 2980 #ifndef NO_I18N
1383 maya 2949 strcpy(pvar->ts->UIMsg, "%d-bit server key, %d-bit host key");
1384     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1385     _snprintf(dest, len, pvar->ts->UIMsg,
1386     pvar->server_key_bits,
1387     pvar->client_key_bits);
1388     #else
1389 yutakakn 2728 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1390     pvar->server_key_bits,
1391     pvar->client_key_bits);
1392 maya 2949 #endif
1393 yutakakn 2728
1394     }
1395    
1396     dest[len - 1] = 0;
1397     }
1398    
1399     static void destroy_public_key(CRYPTPublicKey FAR * key)
1400     {
1401     if (key->RSA_key != NULL) {
1402     RSA_free(key->RSA_key);
1403     key->RSA_key = NULL;
1404     }
1405     }
1406    
1407     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1408     {
1409     destroy_public_key(key);
1410     free(key);
1411     }
1412    
1413     void CRYPT_end(PTInstVar pvar)
1414     {
1415     destroy_public_key(&pvar->crypt_state.host_key);
1416     destroy_public_key(&pvar->crypt_state.server_key);
1417    
1418     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1419     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1420     pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1421     free(pvar->crypt_state.detect_attack_statics.h);
1422     }
1423    
1424     memset(pvar->crypt_state.sender_cipher_key, 0,
1425     sizeof(pvar->crypt_state.sender_cipher_key));
1426     memset(pvar->crypt_state.receiver_cipher_key, 0,
1427     sizeof(pvar->crypt_state.receiver_cipher_key));
1428     memset(pvar->crypt_state.server_cookie, 0,
1429     sizeof(pvar->crypt_state.server_cookie));
1430     memset(pvar->crypt_state.client_cookie, 0,
1431     sizeof(pvar->crypt_state.client_cookie));
1432     memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1433     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1434     }
1435    
1436     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1437     char FAR * buf, int bytes)
1438     {
1439     unsigned char passphrase_key[16];
1440    
1441     MD5(passphrase, strlen(passphrase), passphrase_key);
1442    
1443     switch (cipher) {
1444     case SSH_CIPHER_3DES:{
1445     Cipher3DESState state;
1446    
1447     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1448     &state.k1);
1449     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1450     &state.k2);
1451     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1452     &state.k3);
1453     memset(state.ivec1, 0, 8);
1454     memset(state.ivec2, 0, 8);
1455     memset(state.ivec3, 0, 8);
1456     DES_ncbc_encrypt(buf, buf, bytes,
1457     &state.k3, &state.ivec3, DES_DECRYPT);
1458     DES_ncbc_encrypt(buf, buf, bytes,
1459     &state.k2, &state.ivec2, DES_ENCRYPT);
1460     DES_ncbc_encrypt(buf, buf, bytes,
1461     &state.k1, &state.ivec1, DES_DECRYPT);
1462     break;
1463     }
1464    
1465     case SSH_CIPHER_IDEA:{
1466     CipherIDEAState state;
1467     int num = 0;
1468    
1469     cIDEA_init(passphrase_key, &state);
1470     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1471     &num, IDEA_DECRYPT);
1472     break;
1473     }
1474    
1475     case SSH_CIPHER_DES:{
1476     CipherDESState state;
1477    
1478     cDES_init(passphrase_key, &state);
1479     DES_ncbc_encrypt(buf, buf, bytes,
1480     &state.k, &state.ivec, DES_DECRYPT);
1481     break;
1482     }
1483    
1484     case SSH_CIPHER_RC4:{
1485     CipherRC4State state;
1486     int num = 0;
1487    
1488     RC4_set_key(&state.k, 16, passphrase_key);
1489     RC4(&state.k, bytes, buf, buf);
1490     break;
1491     }
1492    
1493     case SSH_CIPHER_BLOWFISH:{
1494     CipherBlowfishState state;
1495    
1496     BF_set_key(&state.k, 16, passphrase_key);
1497     memset(state.ivec, 0, 8);
1498     flip_endianness(buf, bytes);
1499     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1500     BF_DECRYPT);
1501     flip_endianness(buf, bytes);
1502     break;
1503     }
1504    
1505     case SSH_CIPHER_NONE:
1506     break;
1507    
1508     default:
1509     memset(passphrase_key, 0, sizeof(passphrase_key));
1510     return 0;
1511     }
1512    
1513     memset(passphrase_key, 0, sizeof(passphrase_key));
1514     return 1;
1515     }
1516    
1517     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1518     {
1519 yutakakn 2762 if (key_pair->RSA_key != NULL)
1520     RSA_free(key_pair->RSA_key);
1521    
1522     if (key_pair->DSA_key != NULL)
1523     DSA_free(key_pair->DSA_key);
1524    
1525 yutakakn 2728 free(key_pair);
1526     }
1527 yutakakn 2762
1528     /*
1529     * $Log: not supported by cvs2svn $
1530 maya 2980 * Revision 1.7 2007/01/22 13:45:19 maya
1531     * �\�����b�Z�[�W��������������
1532     *
1533 maya 2949 * Revision 1.6 2006/11/23 02:19:30 maya
1534     * �\�����b�Z�[�W�������t�@�C�����������������R�[�h���������J�n�����B
1535     *
1536 maya 2937 * Revision 1.5 2006/03/26 17:07:17 yutakakn
1537     * fingerprint�\��������
1538     *
1539 yutakakn 2857 * Revision 1.4 2005/07/09 05:16:06 yutakakn
1540     * OpenSSL 0.9.8���r���h�����������������B
1541     *
1542 yutakakn 2831 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1543     * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1544     *
1545 yutakakn 2762 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help