Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2992 - (hide annotations) (download) (as text)
Wed Aug 8 16:04:09 2007 UTC (16 years, 8 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41478 byte(s) 
安全な関数を使用するように変更した。
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40 yutakakn 2831 #include <openssl/dsa.h>
41 yutakakn 2728 #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51 maya 2992 * $Id: crypt.c,v 1.9 2007-08-08 16:04:08 maya Exp $ Cryptographic attack
52 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202     default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204     buf, bytes, NULL) == DEATTACK_DETECTED;
205     }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218     int bytes)
219     {
220     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221     unsigned char *newbuf = malloc(bytes);
222     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223    
224     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225     if (bytes == 0)
226     return;
227    
228     if (newbuf == NULL)
229     return;
230    
231     if (bytes % block_size) {
232     char tmp[80];
233 maya 2980 #ifndef NO_I18N
234 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 encrypt error(1): bytes %d (%d)", _TRUNCATE);
235 maya 2937 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar);
236 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237     pvar->ts->UIMsg, bytes, block_size);
238 maya 2937 #else
239 yutakakn 2728 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
240 maya 2937 #endif
241 yutakakn 2728 notify_fatal_error(pvar, tmp);
242     goto error;
243     }
244    
245     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
246     // TODO: failure
247 maya 2980 #ifndef NO_I18N
248 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 encrypt error(1): bytes %d (%d)", _TRUNCATE);
249 maya 2937 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar);
250     notify_fatal_error(pvar, pvar->ts->UIMsg);
251     #else
252 yutakakn 2728 notify_fatal_error(pvar, "AES128 encrypt error(2)");
253 maya 2937 #endif
254 yutakakn 2728
255     } else {
256     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
257     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
258     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
259    
260     //debug_print(50, key, 24);
261     //debug_print(51, iv, 8);
262     //debug_print(52, buf, bytes);
263     //debug_print(53, newbuf, bytes);
264    
265     memcpy(buf, newbuf, bytes);
266     }
267    
268     error:
269     free(newbuf);
270     }
271    
272     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
273     int bytes)
274     {
275     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
276     unsigned char *newbuf = malloc(bytes);
277     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
278    
279     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
280     if (bytes == 0)
281     return;
282    
283     if (newbuf == NULL)
284     return;
285    
286     if (bytes % block_size) {
287     char tmp[80];
288 maya 2980 #ifndef NO_I18N
289 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 decrypt error(1): bytes %d (%d)", _TRUNCATE);
290 maya 2937 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar);
291 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
292 maya 2937 #else
293 yutakakn 2728 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
294 maya 2937 #endif
295 yutakakn 2728 notify_fatal_error(pvar, tmp);
296     goto error;
297     }
298    
299     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
300     // TODO:
301 maya 2980 #ifndef NO_I18N
302 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 decrypt error(2)", _TRUNCATE);
303 maya 2937 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar);
304     notify_fatal_error(pvar, pvar->ts->UIMsg);
305     #else
306 yutakakn 2728 notify_fatal_error(pvar, "AES128 decrypt error(2)");
307 maya 2937 #endif
308 yutakakn 2728
309     } else {
310     #if 0
311     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
312     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
313     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
314    
315     {
316     static int no = 70;
317     debug_print(no, buf, bytes);
318     //debug_print(no, key, AES128_KEYLEN);
319     //debug_print(10*no, iv, AES128_IVLEN);
320     debug_print(30*no, newbuf, bytes);
321     no++;
322     }
323     #endif
324    
325     memcpy(buf, newbuf, bytes);
326     }
327    
328     error:;
329     free(newbuf);
330     }
331    
332    
333    
334     // for SSH2(yutaka)
335     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
336     int bytes)
337     {
338     unsigned char key[24], iv[8];
339     unsigned char *newbuf = malloc(bytes);
340    
341     if (newbuf == NULL)
342     return;
343    
344     #if 1
345    
346     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
347     // TODO: failure
348     } else {
349     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352    
353     //debug_print(50, key, 24);
354     //debug_print(51, iv, 8);
355     //debug_print(52, buf, bytes);
356     //debug_print(53, newbuf, bytes);
357    
358     memcpy(buf, newbuf, bytes);
359     }
360     free(newbuf);
361     #else
362    
363     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
364     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
365     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
366    
367     //debug_print(50, key, 24);
368     //debug_print(51, iv, 8);
369     //debug_print(52, buf, bytes);
370    
371     #if 0
372     DES_ede3_cbc_encrypt(
373     buf, newbuf, bytes,
374     (DES_key_schedule *)&key[0],
375     (DES_key_schedule *)&key[8],
376     (DES_key_schedule *)&key[16],
377     (DES_cblock *)iv,
378     DES_ENCRYPT);
379     #else
380     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
381     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
382     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
383    
384     #endif
385    
386     //debug_print(53, newbuf, bytes);
387    
388     memcpy(buf, newbuf, bytes);
389     free(newbuf);
390    
391     #endif
392     }
393    
394     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
395     int bytes)
396     {
397     unsigned char key[24], iv[8];
398     unsigned char *newbuf = malloc(bytes);
399    
400     if (newbuf == NULL)
401     return;
402    
403     #if 1
404     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
405     // TODO:
406    
407     } else {
408     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
409     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
410     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
411    
412     //debug_print(70, key, 24);
413     //debug_print(71, iv, 8);
414     //debug_print(72, buf, bytes);
415     //debug_print(73, newbuf, bytes);
416    
417     memcpy(buf, newbuf, bytes);
418     }
419     free(newbuf);
420    
421     #else
422     unsigned char *key, iv[8];
423     unsigned char *newbuf = malloc(bytes);
424     if (newbuf == NULL)
425     return;
426    
427     key = pvar->ssh2_keys[MODE_IN].enc.key;
428     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
429     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
430    
431     //debug_print(60, key, 24);
432     //debug_print(61, iv, 8);
433     //debug_print(62, buf, bytes);
434    
435     DES_ede3_cbc_encrypt(
436     buf, newbuf, bytes,
437     (DES_key_schedule *)&key[0],
438     (DES_key_schedule *)&key[8],
439     (DES_key_schedule *)&key[16],
440     (DES_cblock *)iv,
441     DES_DECRYPT);
442    
443     //debug_print(63, newbuf, bytes);
444    
445     memcpy(buf, newbuf, bytes);
446    
447     free(newbuf);
448     #endif
449     }
450    
451    
452     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
453     int bytes)
454     {
455     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
456    
457     DES_ncbc_encrypt(buf, buf, bytes,
458     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
459     DES_ncbc_encrypt(buf, buf, bytes,
460     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
461     DES_ncbc_encrypt(buf, buf, bytes,
462     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
463     }
464    
465     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
466     int bytes)
467     {
468     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
469    
470     DES_ncbc_encrypt(buf, buf, bytes,
471     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
472     DES_ncbc_encrypt(buf, buf, bytes,
473     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
474     DES_ncbc_encrypt(buf, buf, bytes,
475     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
476     }
477    
478     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
479     int bytes)
480     {
481     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
482    
483     DES_ncbc_encrypt(buf, buf, bytes,
484     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
485     }
486    
487     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
488     int bytes)
489     {
490     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
491    
492     DES_ncbc_encrypt(buf, buf, bytes,
493     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
494     }
495    
496     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
497     int bytes)
498     {
499     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
500     int num = 0;
501    
502     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
503     encryptstate->ivec, &num, IDEA_ENCRYPT);
504     }
505    
506     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
507     int bytes)
508     {
509     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
510     int num = 0;
511    
512     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
513     decryptstate->ivec, &num, IDEA_DECRYPT);
514     }
515    
516     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
517     {
518     uint32 FAR *buf = (uint32 FAR *) cbuf;
519     int count = bytes / 4;
520    
521     while (count > 0) {
522     uint32 w = *buf;
523    
524     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
525     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
526     count--;
527     buf++;
528     }
529     }
530    
531     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
532     int bytes)
533     {
534     CipherBlowfishState FAR *encryptstate =
535     &pvar->crypt_state.enc.cBlowfish;
536    
537     flip_endianness(buf, bytes);
538     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
539     BF_ENCRYPT);
540     flip_endianness(buf, bytes);
541     }
542    
543     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
544     int bytes)
545     {
546     CipherBlowfishState FAR *decryptstate =
547     &pvar->crypt_state.dec.cBlowfish;
548    
549     flip_endianness(buf, bytes);
550     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
551     BF_DECRYPT);
552     flip_endianness(buf, bytes);
553     }
554    
555     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
556     int bytes)
557     {
558     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
559     int num = 0;
560    
561     RC4(&encryptstate->k, bytes, buf, buf);
562     }
563    
564     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
565     int bytes)
566     {
567     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
568     int num = 0;
569    
570     RC4(&decryptstate->k, bytes, buf, buf);
571     }
572    
573     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
574     int bytes)
575     {
576     RAND_bytes(buf, bytes);
577     }
578    
579     void CRYPT_initialize_random_numbers(PTInstVar pvar)
580     {
581     RAND_screen();
582     }
583    
584     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
585     {
586     int bits = get_ushort16_MSBfirst(bytes);
587    
588     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
589     }
590    
591 yutakakn 2857 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
592     RSA FAR *make_key(PTInstVar pvar,
593 yutakakn 2728 int bits, unsigned char FAR * exp,
594     unsigned char FAR * mod)
595     {
596     RSA FAR *key = RSA_new();
597    
598     if (key != NULL) {
599     key->e = get_bignum(exp);
600     key->n = get_bignum(mod);
601     }
602    
603     if (key == NULL || key->e == NULL || key->n == NULL) {
604 maya 2980 #ifndef NO_I18N
605 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "Error setting up RSA keys", _TRUNCATE);
606 maya 2937 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar);
607     notify_fatal_error(pvar, pvar->ts->UIMsg);
608     #else
609 yutakakn 2728 notify_fatal_error(pvar, "Error setting up RSA keys");
610 maya 2937 #endif
611 yutakakn 2728
612     if (key != NULL) {
613     if (key->e != NULL) {
614     BN_free(key->e);
615     }
616     if (key->n != NULL) {
617     BN_free(key->n);
618     }
619     RSA_free(key);
620     }
621    
622     return NULL;
623     } else {
624     return key;
625     }
626     }
627    
628     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
629     {
630     if (SSHv1(pvar)) {
631     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
632     } else {
633     memcpy(pvar->crypt_state.server_cookie, cookie,
634     SSH2_COOKIE_LENGTH);
635     }
636     }
637    
638     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
639     {
640     if (SSHv2(pvar)) {
641     memcpy(pvar->crypt_state.client_cookie, cookie,
642     SSH2_COOKIE_LENGTH);
643     }
644     }
645    
646     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
647     int bits, unsigned char FAR * exp,
648     unsigned char FAR * mod)
649     {
650     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
651    
652     return pvar->crypt_state.server_key.RSA_key != NULL;
653     }
654    
655     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
656     int bits, unsigned char FAR * exp,
657     unsigned char FAR * mod)
658     {
659     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
660    
661     return pvar->crypt_state.host_key.RSA_key != NULL;
662     }
663    
664     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
665     int receiver_ciphers)
666     {
667     int cipher_mask;
668    
669     if (SSHv1(pvar)) {
670     cipher_mask = (1 << SSH_CIPHER_DES)
671     | (1 << SSH_CIPHER_3DES)
672     | (1 << SSH_CIPHER_BLOWFISH);
673    
674     } else { // for SSH2(yutaka)
675     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
676     cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
677    
678     }
679    
680     sender_ciphers &= cipher_mask;
681     receiver_ciphers &= cipher_mask;
682     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
683     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
684    
685     if (sender_ciphers == 0) {
686 maya 2980 #ifndef NO_I18N
687 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
688     "The server does not support any of the TTSSH encryption algorithms.\n"
689     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
690     "The connection will be closed.",
691     _TRUNCATE);
692 maya 2937 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
693     notify_fatal_error(pvar, pvar->ts->UIMsg);
694    
695     #else
696 yutakakn 2728 notify_fatal_error(pvar,
697     "The server does not support any of the TTSSH encryption algorithms.\n"
698     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
699     "The connection will be closed.");
700 maya 2937 #endif
701 yutakakn 2728 return FALSE;
702     } else if (receiver_ciphers == 0) {
703 maya 2980 #ifndef NO_I18N
704 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
705     "The server does not support any of the TTSSH encryption algorithms.\n"
706     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
707     "The connection will be closed.",
708     _TRUNCATE);
709 maya 2937 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
710     notify_fatal_error(pvar, pvar->ts->UIMsg);
711    
712     #else
713 yutakakn 2728 notify_fatal_error(pvar,
714     "The server does not support any of the TTSSH encryption algorithms.\n"
715     "A secure connection cannot be made in the server-to-TTSSH direction.\n"
716     "The connection will be closed.");
717 maya 2937 #endif
718 yutakakn 2728 return FALSE;
719     } else {
720     return TRUE;
721     }
722     }
723    
724     int CRYPT_get_decryption_block_size(PTInstVar pvar)
725     {
726     if (SSHv1(pvar)) {
727     return 8;
728     } else {
729     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
730     // cf. 3DES=8, AES128=16
731     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
732     }
733     }
734    
735     int CRYPT_get_encryption_block_size(PTInstVar pvar)
736     {
737     if (SSHv1(pvar)) {
738     return 8;
739     } else {
740     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
741     // cf. 3DES=8, AES128=16
742     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
743     }
744     }
745    
746     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
747     {
748     struct Mac *mac;
749    
750     if (SSHv1(pvar)) {
751     return 0;
752    
753     } else { // for SSH2(yutaka)
754     mac = &pvar->ssh2_keys[MODE_IN].mac;
755     if (mac == NULL || mac->enabled == 0)
756     return 0;
757    
758     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
759     }
760    
761     }
762    
763 yutakakn 2757 // HMAC������
764     // ���{������ SSH2 �������g�p�������B
765     // (2004.12.17 yutaka)
766 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
767     char FAR * data, int len, char FAR * MAC)
768     {
769 yutakakn 2757 HMAC_CTX c;
770     unsigned char m[EVP_MAX_MD_SIZE];
771     unsigned char b[4];
772     struct Mac *mac;
773    
774     mac = &pvar->ssh2_keys[MODE_IN].mac;
775    
776     // HMAC�������L���������������A����OK�����������B
777     if (mac == NULL || mac->enabled == 0)
778     return TRUE;
779    
780     if (mac->key == NULL)
781     goto error;
782    
783     if ((u_int)mac->mac_len > sizeof(m))
784     goto error;
785    
786     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
787     set_uint32_MSBfirst(b, sequence_number);
788     HMAC_Update(&c, b, sizeof(b));
789     HMAC_Update(&c, data, len);
790     HMAC_Final(&c, m, NULL);
791     HMAC_cleanup(&c);
792    
793     if (memcmp(m, MAC, mac->mac_len)) {
794     goto error;
795     }
796    
797 yutakakn 2728 return TRUE;
798 yutakakn 2757
799     error:
800     return FALSE;
801 yutakakn 2728 }
802    
803     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
804     {
805     struct Mac *mac;
806    
807     if (SSHv2(pvar)) { // for SSH2(yutaka)
808     mac = &pvar->ssh2_keys[MODE_OUT].mac;
809     if (mac == NULL || mac->enabled == 0)
810     return 0;
811    
812     return (mac->mac_len);
813     }
814    
815     return 0;
816     }
817    
818     // for SSH2
819     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
820     char FAR * data, int len, char FAR * MAC)
821     {
822     HMAC_CTX c;
823     static u_char m[EVP_MAX_MD_SIZE];
824     u_char b[4];
825     struct Mac *mac;
826    
827     if (SSHv2(pvar)) { // for SSH2(yutaka)
828     mac = &pvar->ssh2_keys[MODE_OUT].mac;
829     if (mac == NULL || mac->enabled == 0)
830     return FALSE;
831    
832     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
833     set_uint32_MSBfirst(b, sequence_number);
834     HMAC_Update(&c, b, sizeof(b));
835     HMAC_Update(&c, data, len);
836     HMAC_Final(&c, m, NULL);
837     HMAC_cleanup(&c);
838    
839     // 20�o�C�g�������R�s�[
840     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
841     // memcpy(MAC, m, sizeof(m));
842    
843     return TRUE;
844     }
845    
846     return TRUE;
847    
848     }
849    
850     static int choose_cipher(PTInstVar pvar, int supported)
851     {
852     int i;
853    
854     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
855     int cipher = pvar->session_settings.CipherOrder[i] - '0';
856    
857     if (cipher == SSH_CIPHER_NONE) {
858     break;
859     } else if ((supported & (1 << cipher)) != 0) {
860     return cipher;
861     }
862     }
863    
864     return SSH_CIPHER_NONE;
865     }
866    
867     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
868     {
869     if (SSHv1(pvar)) {
870     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
871     pvar->crypt_state.
872     supported_sender_ciphers);
873     pvar->crypt_state.receiver_cipher =
874     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
875    
876     } else { // SSH2(yutaka)
877     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
878     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
879    
880     }
881    
882     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
883     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
884 maya 2980 #ifndef NO_I18N
885 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
886     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
887     "To communicate with this server, you will have to enable some more ciphers\n"
888     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
889     "This connection will now close.",
890     _TRUNCATE);
891 maya 2937 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar);
892     notify_fatal_error(pvar, pvar->ts->UIMsg);
893     #else
894 yutakakn 2728 notify_fatal_error(pvar,
895     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
896     "To communicate with this server, you will have to enable some more ciphers\n"
897     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
898     "This connection will now close.");
899 maya 2937 #endif
900 yutakakn 2728 return FALSE;
901     } else {
902     return TRUE;
903     }
904     }
905    
906     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
907     {
908     int server_key_bits =
909     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
910     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
911     int server_key_bytes = (server_key_bits + 7) / 8;
912     int host_key_bytes = (host_key_bits + 7) / 8;
913    
914     if (server_key_bits < host_key_bits) {
915     return host_key_bytes;
916     } else {
917     return server_key_bytes;
918     }
919     }
920    
921     int CRYPT_choose_session_key(PTInstVar pvar,
922     unsigned char FAR * encrypted_key_buf)
923     {
924     int server_key_bits =
925     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
926     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
927     int server_key_bytes = (server_key_bits + 7) / 8;
928     int host_key_bytes = (host_key_bits + 7) / 8;
929     int encrypted_key_bytes;
930     int bit_delta;
931    
932     if (server_key_bits < host_key_bits) {
933     encrypted_key_bytes = host_key_bytes;
934     bit_delta = host_key_bits - server_key_bits;
935     } else {
936     encrypted_key_bytes = server_key_bytes;
937     bit_delta = server_key_bits - host_key_bits;
938     }
939    
940     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
941 maya 2980 #ifndef NO_I18N
942 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
943     "Server RSA keys are too weak. A secure connection cannot be established.",
944     _TRUNCATE);
945 maya 2937 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar);
946     notify_fatal_error(pvar, pvar->ts->UIMsg);
947     #else
948 yutakakn 2728 notify_fatal_error(pvar,
949     "Server RSA keys are too weak. A secure connection cannot be established.");
950 maya 2937 #endif
951 yutakakn 2728 return 0;
952     } else {
953     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
954     for the session ID, rather than the one specified in the RFC */
955     int session_buf_len = server_key_bytes + host_key_bytes + 8;
956     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
957     char session_id[16];
958     int i;
959    
960     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
961     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
962     session_buf + host_key_bytes);
963     memcpy(session_buf + server_key_bytes + host_key_bytes,
964     pvar->crypt_state.server_cookie, 8);
965     MD5(session_buf, session_buf_len, session_id);
966    
967     free(session_buf);
968    
969     RAND_bytes(pvar->crypt_state.sender_cipher_key,
970     SSH_SESSION_KEY_LENGTH);
971     memcpy(pvar->crypt_state.receiver_cipher_key,
972     pvar->crypt_state.sender_cipher_key,
973     SSH_SESSION_KEY_LENGTH);
974    
975     memcpy(encrypted_key_buf + encrypted_key_bytes -
976     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
977     SSH_SESSION_KEY_LENGTH);
978     for (i = 0; i < sizeof(session_id); i++) {
979     encrypted_key_buf[encrypted_key_bytes -
980     SSH_SESSION_KEY_LENGTH + i]
981     ^= session_id[i];
982     }
983    
984     if (host_key_bits > server_key_bits) {
985     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
986     encrypted_key_buf +
987     encrypted_key_bytes -
988     SSH_SESSION_KEY_LENGTH,
989     encrypted_key_buf +
990     encrypted_key_bytes - server_key_bytes,
991     pvar->crypt_state.server_key.RSA_key,
992     RSA_PKCS1_PADDING) < 0)
993     return 0;
994    
995     if (RSA_public_encrypt(server_key_bytes,
996     encrypted_key_buf +
997     encrypted_key_bytes - server_key_bytes,
998     encrypted_key_buf,
999     pvar->crypt_state.host_key.RSA_key,
1000     RSA_PKCS1_PADDING) < 0)
1001     return 0;
1002     } else {
1003     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1004     encrypted_key_buf +
1005     encrypted_key_bytes -
1006     SSH_SESSION_KEY_LENGTH,
1007     encrypted_key_buf +
1008     encrypted_key_bytes - host_key_bytes,
1009     pvar->crypt_state.host_key.RSA_key,
1010     RSA_PKCS1_PADDING) < 0)
1011     return 0;
1012    
1013     if (RSA_public_encrypt(host_key_bytes,
1014     encrypted_key_buf +
1015     encrypted_key_bytes - host_key_bytes,
1016     encrypted_key_buf,
1017     pvar->crypt_state.server_key.RSA_key,
1018     RSA_PKCS1_PADDING) < 0)
1019     return 0;
1020     }
1021     }
1022    
1023     return 1;
1024     }
1025    
1026     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1027     unsigned char FAR * challenge,
1028     int challenge_len,
1029     unsigned char FAR * response)
1030     {
1031     int server_key_bits =
1032     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1033     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1034     int server_key_bytes = (server_key_bits + 7) / 8;
1035     int host_key_bytes = (host_key_bits + 7) / 8;
1036     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1037     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1038     char decrypted_challenge[48];
1039     int decrypted_challenge_len;
1040    
1041     decrypted_challenge_len =
1042     RSA_private_decrypt(challenge_len, challenge, challenge,
1043     AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1044     RSA_PKCS1_PADDING);
1045     if (decrypted_challenge_len < 0) {
1046     free(session_buf);
1047     return 0;
1048     }
1049     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1050     memcpy(decrypted_challenge,
1051     challenge + decrypted_challenge_len -
1052     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1053     } else {
1054     memset(decrypted_challenge, 0,
1055     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1056     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1057     decrypted_challenge_len, challenge,
1058     decrypted_challenge_len);
1059     }
1060    
1061     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1062     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1063     session_buf + host_key_bytes);
1064     memcpy(session_buf + server_key_bytes + host_key_bytes,
1065     pvar->crypt_state.server_cookie, 8);
1066     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1067    
1068     free(session_buf);
1069    
1070     MD5(decrypted_challenge, 48, response);
1071    
1072     return 1;
1073     }
1074    
1075     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1076     {
1077     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1078     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1079     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1080     memset(state->ivec1, 0, 8);
1081     memset(state->ivec2, 0, 8);
1082     memset(state->ivec3, 0, 8);
1083     }
1084    
1085     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1086     {
1087     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1088     memset(state->ivec, 0, 8);
1089     }
1090    
1091     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1092     {
1093     idea_set_encrypt_key(session_key, &state->k);
1094     memset(state->ivec, 0, 8);
1095     }
1096    
1097     static void cBlowfish_init(char FAR * session_key,
1098     CipherBlowfishState FAR * state)
1099     {
1100     BF_set_key(&state->k, 32, session_key);
1101     memset(state->ivec, 0, 8);
1102     }
1103    
1104    
1105     //
1106     // SSH2�p�A���S���Y����������
1107     //
1108     // for SSH2(yutaka)
1109     //
1110     void cipher_init_SSH2(
1111     EVP_CIPHER_CTX *evp,
1112     const u_char *key, u_int keylen,
1113     const u_char *iv, u_int ivlen,
1114     int encrypt,
1115     const EVP_CIPHER *(*func)(void)
1116     )
1117     {
1118     EVP_CIPHER *type;
1119     int klen;
1120    
1121     type = (EVP_CIPHER *)func();
1122    
1123     EVP_CIPHER_CTX_init(evp);
1124     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1125     // TODO:
1126     }
1127    
1128     klen = EVP_CIPHER_CTX_key_length(evp);
1129     if (klen > 0 && keylen != klen) {
1130     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1131     // TODO:
1132     }
1133     }
1134     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1135     // TODO:
1136     }
1137     }
1138    
1139    
1140     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1141     {
1142     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1143     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1144     BOOL isOK = TRUE;
1145    
1146     if (sender_flag) {
1147     switch (pvar->crypt_state.sender_cipher) {
1148     // for SSH2(yutaka)
1149     case SSH_CIPHER_3DES_CBC:
1150     {
1151     struct Enc *enc;
1152    
1153     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1154     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1155     enc->key, 24, enc->iv, 8,
1156     CIPHER_ENCRYPT,
1157     EVP_des_ede3_cbc);
1158    
1159     //debug_print(10, enc->key, 24);
1160     //debug_print(11, enc->iv, 24);
1161    
1162     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1163     break;
1164     }
1165    
1166     // for SSH2(yutaka)
1167     case SSH_CIPHER_AES128:
1168     {
1169     struct Enc *enc;
1170    
1171     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1172     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1173     enc->key, 16, enc->iv, 16,
1174     CIPHER_ENCRYPT,
1175     EVP_aes_128_cbc);
1176    
1177     //debug_print(10, enc->key, 24);
1178     //debug_print(11, enc->iv, 24);
1179    
1180     pvar->crypt_state.encrypt = cAES128_encrypt;
1181     break;
1182     }
1183    
1184     case SSH_CIPHER_3DES:{
1185     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1186     pvar->crypt_state.encrypt = c3DES_encrypt;
1187     break;
1188     }
1189     case SSH_CIPHER_IDEA:{
1190     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1191     pvar->crypt_state.encrypt = cIDEA_encrypt;
1192     break;
1193     }
1194     case SSH_CIPHER_DES:{
1195     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1196     pvar->crypt_state.encrypt = cDES_encrypt;
1197     break;
1198     }
1199     case SSH_CIPHER_RC4:{
1200     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1201     encryption_key + 16);
1202     pvar->crypt_state.encrypt = cRC4_encrypt;
1203     break;
1204     }
1205     case SSH_CIPHER_BLOWFISH:{
1206     cBlowfish_init(encryption_key,
1207     &pvar->crypt_state.enc.cBlowfish);
1208     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1209     break;
1210     }
1211     default:
1212     isOK = FALSE;
1213     }
1214     }
1215    
1216    
1217     if (receiver_flag) {
1218     switch (pvar->crypt_state.receiver_cipher) {
1219     // for SSH2(yutaka)
1220     case SSH_CIPHER_3DES_CBC:
1221     {
1222     struct Enc *enc;
1223    
1224     enc = &pvar->ssh2_keys[MODE_IN].enc;
1225     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1226     enc->key, 24, enc->iv, 8,
1227     CIPHER_DECRYPT,
1228     EVP_des_ede3_cbc);
1229    
1230     //debug_print(12, enc->key, 24);
1231     //debug_print(13, enc->iv, 24);
1232    
1233     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1234     break;
1235     }
1236    
1237     // for SSH2(yutaka)
1238     case SSH_CIPHER_AES128:
1239     {
1240     struct Enc *enc;
1241    
1242     enc = &pvar->ssh2_keys[MODE_IN].enc;
1243     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1244     enc->key, 16, enc->iv, 16,
1245     CIPHER_DECRYPT,
1246     EVP_aes_128_cbc);
1247    
1248     //debug_print(12, enc->key, 24);
1249     //debug_print(13, enc->iv, 24);
1250    
1251     pvar->crypt_state.decrypt = cAES128_decrypt;
1252     break;
1253     }
1254    
1255     case SSH_CIPHER_3DES:{
1256     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1257     pvar->crypt_state.decrypt = c3DES_decrypt;
1258     break;
1259     }
1260     case SSH_CIPHER_IDEA:{
1261     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1262     pvar->crypt_state.decrypt = cIDEA_decrypt;
1263     break;
1264     }
1265     case SSH_CIPHER_DES:{
1266     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1267     pvar->crypt_state.decrypt = cDES_decrypt;
1268     break;
1269     }
1270     case SSH_CIPHER_RC4:{
1271     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1272     pvar->crypt_state.decrypt = cRC4_decrypt;
1273     break;
1274     }
1275     case SSH_CIPHER_BLOWFISH:{
1276     cBlowfish_init(decryption_key,
1277     &pvar->crypt_state.dec.cBlowfish);
1278     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1279     break;
1280     }
1281     default:
1282     isOK = FALSE;
1283     }
1284     }
1285    
1286    
1287     if (!isOK) {
1288 maya 2980 #ifndef NO_I18N
1289 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "No cipher selected!", _TRUNCATE);
1290 maya 2937 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar);
1291     notify_fatal_error(pvar, pvar->ts->UIMsg);
1292     #else
1293 yutakakn 2728 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1294 maya 2937 #endif
1295 yutakakn 2728 return FALSE;
1296     } else {
1297     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1298     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1299     return TRUE;
1300     }
1301     }
1302    
1303     void CRYPT_init(PTInstVar pvar)
1304     {
1305     pvar->crypt_state.encrypt = no_encrypt;
1306     pvar->crypt_state.decrypt = no_encrypt;
1307     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1308     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1309     pvar->crypt_state.server_key.RSA_key = NULL;
1310     pvar->crypt_state.host_key.RSA_key = NULL;
1311    
1312     pvar->crypt_state.detect_attack_statics.h = NULL;
1313     pvar->crypt_state.detect_attack_statics.n =
1314     HASH_MINSIZE / HASH_ENTRYSIZE;
1315     }
1316    
1317     static char FAR *get_cipher_name(int cipher)
1318     {
1319     switch (cipher) {
1320     case SSH_CIPHER_NONE:
1321     return "None";
1322     case SSH_CIPHER_3DES:
1323     return "3DES (168 key bits)";
1324     case SSH_CIPHER_DES:
1325     return "DES (56 key bits)";
1326     case SSH_CIPHER_IDEA:
1327     return "IDEA (128 key bits)";
1328     case SSH_CIPHER_RC4:
1329     return "RC4 (128 key bits)";
1330     case SSH_CIPHER_BLOWFISH:
1331     return "Blowfish (256 key bits)";
1332    
1333     // SSH2
1334     case SSH_CIPHER_3DES_CBC:
1335     return "3DES-CBC";
1336     case SSH_CIPHER_AES128:
1337     return "AES128";
1338    
1339     default:
1340     return "Unknown";
1341     }
1342     }
1343    
1344     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1345     {
1346 maya 2980 #ifndef NO_I18N
1347 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "%s to server, %s from server", _TRUNCATE);
1348 maya 2949 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar);
1349 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1350 maya 2949 get_cipher_name(pvar->crypt_state.sender_cipher),
1351     get_cipher_name(pvar->crypt_state.receiver_cipher));
1352     #else
1353 yutakakn 2728 _snprintf(dest, len, "%s to server, %s from server",
1354     get_cipher_name(pvar->crypt_state.sender_cipher),
1355     get_cipher_name(pvar->crypt_state.receiver_cipher));
1356 maya 2949 #endif
1357 yutakakn 2728 dest[len - 1] = 0;
1358     }
1359    
1360     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1361     {
1362     if (SSHv1(pvar)) {
1363     if (pvar->crypt_state.server_key.RSA_key == NULL
1364     || pvar->crypt_state.host_key.RSA_key == NULL) {
1365 maya 2980 #ifndef NO_I18N
1366 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "None", _TRUNCATE);
1367 maya 2949 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar);
1368 maya 2992 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1369 maya 2949 #else
1370 yutakakn 2728 strncpy(dest, "None", len);
1371 maya 2949 #endif
1372 yutakakn 2728 } else {
1373 maya 2980 #ifndef NO_I18N
1374 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "%d-bit server key, %d-bit host key", _TRUNCATE);
1375 maya 2949 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1376 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1377 maya 2949 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1378     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1379     #else
1380 yutakakn 2728 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1381     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1382     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1383 maya 2949 #endif
1384 yutakakn 2728 }
1385    
1386     } else { // SSH2
1387 maya 2980 #ifndef NO_I18N
1388 maya 2992 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "%d-bit server key, %d-bit host key", _TRUNCATE);
1389 maya 2949 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1390 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1391 maya 2949 pvar->server_key_bits,
1392     pvar->client_key_bits);
1393     #else
1394 yutakakn 2728 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1395     pvar->server_key_bits,
1396     pvar->client_key_bits);
1397 maya 2949 #endif
1398 yutakakn 2728
1399     }
1400    
1401     dest[len - 1] = 0;
1402     }
1403    
1404     static void destroy_public_key(CRYPTPublicKey FAR * key)
1405     {
1406     if (key->RSA_key != NULL) {
1407     RSA_free(key->RSA_key);
1408     key->RSA_key = NULL;
1409     }
1410     }
1411    
1412     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1413     {
1414     destroy_public_key(key);
1415     free(key);
1416     }
1417    
1418     void CRYPT_end(PTInstVar pvar)
1419     {
1420     destroy_public_key(&pvar->crypt_state.host_key);
1421     destroy_public_key(&pvar->crypt_state.server_key);
1422    
1423     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1424     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1425     pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1426     free(pvar->crypt_state.detect_attack_statics.h);
1427     }
1428    
1429     memset(pvar->crypt_state.sender_cipher_key, 0,
1430     sizeof(pvar->crypt_state.sender_cipher_key));
1431     memset(pvar->crypt_state.receiver_cipher_key, 0,
1432     sizeof(pvar->crypt_state.receiver_cipher_key));
1433     memset(pvar->crypt_state.server_cookie, 0,
1434     sizeof(pvar->crypt_state.server_cookie));
1435     memset(pvar->crypt_state.client_cookie, 0,
1436     sizeof(pvar->crypt_state.client_cookie));
1437     memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1438     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1439     }
1440    
1441     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1442     char FAR * buf, int bytes)
1443     {
1444     unsigned char passphrase_key[16];
1445    
1446     MD5(passphrase, strlen(passphrase), passphrase_key);
1447    
1448     switch (cipher) {
1449     case SSH_CIPHER_3DES:{
1450     Cipher3DESState state;
1451    
1452     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1453     &state.k1);
1454     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1455     &state.k2);
1456     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1457     &state.k3);
1458     memset(state.ivec1, 0, 8);
1459     memset(state.ivec2, 0, 8);
1460     memset(state.ivec3, 0, 8);
1461     DES_ncbc_encrypt(buf, buf, bytes,
1462     &state.k3, &state.ivec3, DES_DECRYPT);
1463     DES_ncbc_encrypt(buf, buf, bytes,
1464     &state.k2, &state.ivec2, DES_ENCRYPT);
1465     DES_ncbc_encrypt(buf, buf, bytes,
1466     &state.k1, &state.ivec1, DES_DECRYPT);
1467     break;
1468     }
1469    
1470     case SSH_CIPHER_IDEA:{
1471     CipherIDEAState state;
1472     int num = 0;
1473    
1474     cIDEA_init(passphrase_key, &state);
1475     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1476     &num, IDEA_DECRYPT);
1477     break;
1478     }
1479    
1480     case SSH_CIPHER_DES:{
1481     CipherDESState state;
1482    
1483     cDES_init(passphrase_key, &state);
1484     DES_ncbc_encrypt(buf, buf, bytes,
1485     &state.k, &state.ivec, DES_DECRYPT);
1486     break;
1487     }
1488    
1489     case SSH_CIPHER_RC4:{
1490     CipherRC4State state;
1491     int num = 0;
1492    
1493     RC4_set_key(&state.k, 16, passphrase_key);
1494     RC4(&state.k, bytes, buf, buf);
1495     break;
1496     }
1497    
1498     case SSH_CIPHER_BLOWFISH:{
1499     CipherBlowfishState state;
1500    
1501     BF_set_key(&state.k, 16, passphrase_key);
1502     memset(state.ivec, 0, 8);
1503     flip_endianness(buf, bytes);
1504     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1505     BF_DECRYPT);
1506     flip_endianness(buf, bytes);
1507     break;
1508     }
1509    
1510     case SSH_CIPHER_NONE:
1511     break;
1512    
1513     default:
1514     memset(passphrase_key, 0, sizeof(passphrase_key));
1515     return 0;
1516     }
1517    
1518     memset(passphrase_key, 0, sizeof(passphrase_key));
1519     return 1;
1520     }
1521    
1522     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1523     {
1524 yutakakn 2762 if (key_pair->RSA_key != NULL)
1525     RSA_free(key_pair->RSA_key);
1526    
1527     if (key_pair->DSA_key != NULL)
1528     DSA_free(key_pair->DSA_key);
1529    
1530 yutakakn 2728 free(key_pair);
1531     }
1532 yutakakn 2762
1533     /*
1534     * $Log: not supported by cvs2svn $
1535 maya 2992 * Revision 1.8 2007/06/06 14:10:12 maya
1536     * �v���v���Z�b�T�������\�������������������������AINET6 �� I18N �� #define ���t�]�������B
1537     *
1538 maya 2980 * Revision 1.7 2007/01/22 13:45:19 maya
1539     * �\�����b�Z�[�W��������������
1540     *
1541 maya 2949 * Revision 1.6 2006/11/23 02:19:30 maya
1542     * �\�����b�Z�[�W�������t�@�C�����������������R�[�h���������J�n�����B
1543     *
1544 maya 2937 * Revision 1.5 2006/03/26 17:07:17 yutakakn
1545     * fingerprint�\��������
1546     *
1547 yutakakn 2857 * Revision 1.4 2005/07/09 05:16:06 yutakakn
1548     * OpenSSL 0.9.8���r���h�����������������B
1549     *
1550 yutakakn 2831 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1551     * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1552     *
1553 yutakakn 2762 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help