Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3003 - (hide annotations) (download) (as text)
Mon Aug 20 14:21:57 2007 UTC (16 years, 7 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 39751 byte(s) 
インデントを変更した。
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40 yutakakn 2831 #include <openssl/dsa.h>
41 yutakakn 2728 #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51 maya 3003 * $Id: crypt.c,v 1.12 2007-08-20 14:21:57 maya Exp $ Cryptographic attack
52 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 maya 3003 uint32 len, unsigned char FAR * IV)
88 yutakakn 2728 {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116 maya 3003 unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118 yutakakn 2728 {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 maya 3003 int bytes)
192 yutakakn 2728 {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 maya 3003 buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202 yutakakn 2728 default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 maya 3003 buf, bytes, NULL) == DEATTACK_DETECTED;
205 yutakakn 2728 }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218 maya 3003 int bytes)
219 yutakakn 2728 {
220     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221     unsigned char *newbuf = malloc(bytes);
222     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223    
224     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225     if (bytes == 0)
226     return;
227    
228     if (newbuf == NULL)
229     return;
230    
231     if (bytes % block_size) {
232     char tmp[80];
233 maya 2994 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
234 maya 3003 "AES128 encrypt error(1): bytes %d (%d)");
235 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
236 maya 3003 pvar->ts->UIMsg, bytes, block_size);
237 yutakakn 2728 notify_fatal_error(pvar, tmp);
238     goto error;
239     }
240    
241     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
242     // TODO: failure
243 maya 2994 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 maya 3003 "AES128 encrypt error(1): bytes %d (%d)");
245 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 yutakakn 2728
247     } else {
248     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
249     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
250     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
251    
252     //debug_print(50, key, 24);
253     //debug_print(51, iv, 8);
254     //debug_print(52, buf, bytes);
255     //debug_print(53, newbuf, bytes);
256    
257     memcpy(buf, newbuf, bytes);
258     }
259    
260     error:
261     free(newbuf);
262     }
263    
264     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
265 maya 3003 int bytes)
266 yutakakn 2728 {
267     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
268     unsigned char *newbuf = malloc(bytes);
269     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
270    
271     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
272     if (bytes == 0)
273     return;
274    
275     if (newbuf == NULL)
276     return;
277    
278     if (bytes % block_size) {
279     char tmp[80];
280 maya 2994 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
281 maya 3003 "AES128 decrypt error(1): bytes %d (%d)");
282 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
283 yutakakn 2728 notify_fatal_error(pvar, tmp);
284     goto error;
285     }
286    
287     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
288     // TODO:
289 maya 2994 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 maya 3003 "AES128 decrypt error(2)");
291 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 yutakakn 2728
293     } else {
294     #if 0
295     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
296     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
297     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
298    
299     {
300     static int no = 70;
301     debug_print(no, buf, bytes);
302     //debug_print(no, key, AES128_KEYLEN);
303     //debug_print(10*no, iv, AES128_IVLEN);
304     debug_print(30*no, newbuf, bytes);
305     no++;
306     }
307     #endif
308    
309     memcpy(buf, newbuf, bytes);
310     }
311    
312     error:;
313     free(newbuf);
314     }
315    
316    
317    
318     // for SSH2(yutaka)
319     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
320 maya 3003 int bytes)
321 yutakakn 2728 {
322     unsigned char key[24], iv[8];
323     unsigned char *newbuf = malloc(bytes);
324    
325     if (newbuf == NULL)
326     return;
327    
328     #if 1
329    
330     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
331     // TODO: failure
332     } else {
333     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
334     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
335     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
336    
337     //debug_print(50, key, 24);
338     //debug_print(51, iv, 8);
339     //debug_print(52, buf, bytes);
340     //debug_print(53, newbuf, bytes);
341    
342     memcpy(buf, newbuf, bytes);
343     }
344     free(newbuf);
345     #else
346    
347     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
348     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
349     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
350    
351     //debug_print(50, key, 24);
352     //debug_print(51, iv, 8);
353     //debug_print(52, buf, bytes);
354    
355     #if 0
356     DES_ede3_cbc_encrypt(
357     buf, newbuf, bytes,
358     (DES_key_schedule *)&key[0],
359     (DES_key_schedule *)&key[8],
360     (DES_key_schedule *)&key[16],
361     (DES_cblock *)iv,
362     DES_ENCRYPT);
363     #else
364     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
365     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
366     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
367    
368     #endif
369    
370     //debug_print(53, newbuf, bytes);
371    
372     memcpy(buf, newbuf, bytes);
373     free(newbuf);
374    
375     #endif
376     }
377    
378     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
379 maya 3003 int bytes)
380 yutakakn 2728 {
381     unsigned char key[24], iv[8];
382     unsigned char *newbuf = malloc(bytes);
383    
384     if (newbuf == NULL)
385     return;
386    
387     #if 1
388     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389     // TODO:
390    
391     } else {
392     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395    
396     //debug_print(70, key, 24);
397     //debug_print(71, iv, 8);
398     //debug_print(72, buf, bytes);
399     //debug_print(73, newbuf, bytes);
400    
401     memcpy(buf, newbuf, bytes);
402     }
403     free(newbuf);
404    
405     #else
406     unsigned char *key, iv[8];
407     unsigned char *newbuf = malloc(bytes);
408     if (newbuf == NULL)
409     return;
410    
411     key = pvar->ssh2_keys[MODE_IN].enc.key;
412     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
413     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
414    
415     //debug_print(60, key, 24);
416     //debug_print(61, iv, 8);
417     //debug_print(62, buf, bytes);
418    
419     DES_ede3_cbc_encrypt(
420     buf, newbuf, bytes,
421     (DES_key_schedule *)&key[0],
422     (DES_key_schedule *)&key[8],
423     (DES_key_schedule *)&key[16],
424     (DES_cblock *)iv,
425     DES_DECRYPT);
426    
427     //debug_print(63, newbuf, bytes);
428    
429     memcpy(buf, newbuf, bytes);
430    
431     free(newbuf);
432     #endif
433     }
434    
435    
436     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
437 maya 3003 int bytes)
438 yutakakn 2728 {
439     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
440    
441     DES_ncbc_encrypt(buf, buf, bytes,
442 maya 3003 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
443 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
444 maya 3003 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
445 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
446 maya 3003 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
447 yutakakn 2728 }
448    
449     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
450 maya 3003 int bytes)
451 yutakakn 2728 {
452     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
453    
454     DES_ncbc_encrypt(buf, buf, bytes,
455 maya 3003 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
456 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
457 maya 3003 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
458 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
459 maya 3003 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
460 yutakakn 2728 }
461    
462     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
463     int bytes)
464     {
465     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
466    
467     DES_ncbc_encrypt(buf, buf, bytes,
468 maya 3003 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
469 yutakakn 2728 }
470    
471     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
472     int bytes)
473     {
474     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
475    
476     DES_ncbc_encrypt(buf, buf, bytes,
477 maya 3003 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
478 yutakakn 2728 }
479    
480     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
481 maya 3003 int bytes)
482 yutakakn 2728 {
483     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
484     int num = 0;
485    
486     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
487 maya 3003 encryptstate->ivec, &num, IDEA_ENCRYPT);
488 yutakakn 2728 }
489    
490     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
491 maya 3003 int bytes)
492 yutakakn 2728 {
493     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
494     int num = 0;
495    
496     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
497 maya 3003 decryptstate->ivec, &num, IDEA_DECRYPT);
498 yutakakn 2728 }
499    
500     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
501     {
502     uint32 FAR *buf = (uint32 FAR *) cbuf;
503     int count = bytes / 4;
504    
505     while (count > 0) {
506     uint32 w = *buf;
507    
508     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
509 maya 3003 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
510 yutakakn 2728 count--;
511     buf++;
512     }
513     }
514    
515     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
516 maya 3003 int bytes)
517 yutakakn 2728 {
518     CipherBlowfishState FAR *encryptstate =
519     &pvar->crypt_state.enc.cBlowfish;
520    
521     flip_endianness(buf, bytes);
522     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
523 maya 3003 BF_ENCRYPT);
524 yutakakn 2728 flip_endianness(buf, bytes);
525     }
526    
527     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
528 maya 3003 int bytes)
529 yutakakn 2728 {
530     CipherBlowfishState FAR *decryptstate =
531     &pvar->crypt_state.dec.cBlowfish;
532    
533     flip_endianness(buf, bytes);
534     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
535 maya 3003 BF_DECRYPT);
536 yutakakn 2728 flip_endianness(buf, bytes);
537     }
538    
539     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
540 maya 3003 int bytes)
541 yutakakn 2728 {
542     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
543     int num = 0;
544    
545     RC4(&encryptstate->k, bytes, buf, buf);
546     }
547    
548     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
549 maya 3003 int bytes)
550 yutakakn 2728 {
551     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
552     int num = 0;
553    
554     RC4(&decryptstate->k, bytes, buf, buf);
555     }
556    
557     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
558 maya 3003 int bytes)
559 yutakakn 2728 {
560     RAND_bytes(buf, bytes);
561     }
562    
563     void CRYPT_initialize_random_numbers(PTInstVar pvar)
564     {
565     RAND_screen();
566     }
567    
568     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
569     {
570     int bits = get_ushort16_MSBfirst(bytes);
571    
572     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
573     }
574    
575 yutakakn 2857 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
576     RSA FAR *make_key(PTInstVar pvar,
577 maya 3003 int bits, unsigned char FAR * exp,
578     unsigned char FAR * mod)
579 yutakakn 2728 {
580     RSA FAR *key = RSA_new();
581    
582     if (key != NULL) {
583     key->e = get_bignum(exp);
584     key->n = get_bignum(mod);
585     }
586    
587     if (key == NULL || key->e == NULL || key->n == NULL) {
588 maya 2994 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
589 maya 3003 "Error setting up RSA keys");
590 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
591 yutakakn 2728
592     if (key != NULL) {
593     if (key->e != NULL) {
594     BN_free(key->e);
595     }
596     if (key->n != NULL) {
597     BN_free(key->n);
598     }
599     RSA_free(key);
600     }
601    
602     return NULL;
603     } else {
604     return key;
605     }
606     }
607    
608     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
609     {
610     if (SSHv1(pvar)) {
611     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
612     } else {
613     memcpy(pvar->crypt_state.server_cookie, cookie,
614 maya 3003 SSH2_COOKIE_LENGTH);
615 yutakakn 2728 }
616     }
617    
618     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
619     {
620     if (SSHv2(pvar)) {
621     memcpy(pvar->crypt_state.client_cookie, cookie,
622 maya 3003 SSH2_COOKIE_LENGTH);
623 yutakakn 2728 }
624     }
625    
626     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
627 maya 3003 int bits, unsigned char FAR * exp,
628     unsigned char FAR * mod)
629 yutakakn 2728 {
630     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
631    
632     return pvar->crypt_state.server_key.RSA_key != NULL;
633     }
634    
635     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
636 maya 3003 int bits, unsigned char FAR * exp,
637     unsigned char FAR * mod)
638 yutakakn 2728 {
639     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
640    
641     return pvar->crypt_state.host_key.RSA_key != NULL;
642     }
643    
644     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
645 maya 3003 int receiver_ciphers)
646 yutakakn 2728 {
647     int cipher_mask;
648    
649     if (SSHv1(pvar)) {
650     cipher_mask = (1 << SSH_CIPHER_DES)
651 maya 3003 | (1 << SSH_CIPHER_3DES)
652     | (1 << SSH_CIPHER_BLOWFISH);
653 yutakakn 2728
654     } else { // for SSH2(yutaka)
655     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
656     cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
657    
658     }
659    
660     sender_ciphers &= cipher_mask;
661     receiver_ciphers &= cipher_mask;
662     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
663     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
664    
665     if (sender_ciphers == 0) {
666 maya 2994 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
667 maya 3003 "The server does not support any of the TTSSH encryption algorithms.\n"
668     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
669     "The connection will be closed.");
670 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
671 yutakakn 2728 return FALSE;
672     } else if (receiver_ciphers == 0) {
673 maya 2994 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
674 maya 3003 "The server does not support any of the TTSSH encryption algorithms.\n"
675     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
676     "The connection will be closed.");
677 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
678 yutakakn 2728 return FALSE;
679     } else {
680     return TRUE;
681     }
682     }
683    
684     int CRYPT_get_decryption_block_size(PTInstVar pvar)
685     {
686     if (SSHv1(pvar)) {
687     return 8;
688     } else {
689     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
690     // cf. 3DES=8, AES128=16
691     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
692     }
693     }
694    
695     int CRYPT_get_encryption_block_size(PTInstVar pvar)
696     {
697     if (SSHv1(pvar)) {
698     return 8;
699     } else {
700     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
701     // cf. 3DES=8, AES128=16
702     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
703     }
704     }
705    
706     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
707     {
708     struct Mac *mac;
709    
710     if (SSHv1(pvar)) {
711     return 0;
712    
713     } else { // for SSH2(yutaka)
714     mac = &pvar->ssh2_keys[MODE_IN].mac;
715     if (mac == NULL || mac->enabled == 0)
716     return 0;
717    
718     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
719     }
720    
721     }
722    
723 yutakakn 2757 // HMAC������
724     // ���{������ SSH2 �������g�p�������B
725     // (2004.12.17 yutaka)
726 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
727 maya 3003 char FAR * data, int len, char FAR * MAC)
728 yutakakn 2728 {
729 maya 3003 HMAC_CTX c;
730     unsigned char m[EVP_MAX_MD_SIZE];
731     unsigned char b[4];
732 yutakakn 2757 struct Mac *mac;
733    
734     mac = &pvar->ssh2_keys[MODE_IN].mac;
735    
736     // HMAC�������L���������������A����OK�����������B
737     if (mac == NULL || mac->enabled == 0)
738     return TRUE;
739    
740 maya 3003 if (mac->key == NULL)
741 yutakakn 2757 goto error;
742    
743 maya 3003 if ((u_int)mac->mac_len > sizeof(m))
744 yutakakn 2757 goto error;
745    
746 maya 3003 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
747     set_uint32_MSBfirst(b, sequence_number);
748     HMAC_Update(&c, b, sizeof(b));
749     HMAC_Update(&c, data, len);
750     HMAC_Final(&c, m, NULL);
751     HMAC_cleanup(&c);
752 yutakakn 2757
753     if (memcmp(m, MAC, mac->mac_len)) {
754     goto error;
755     }
756    
757 yutakakn 2728 return TRUE;
758 yutakakn 2757
759     error:
760     return FALSE;
761 yutakakn 2728 }
762    
763     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
764     {
765     struct Mac *mac;
766    
767     if (SSHv2(pvar)) { // for SSH2(yutaka)
768     mac = &pvar->ssh2_keys[MODE_OUT].mac;
769     if (mac == NULL || mac->enabled == 0)
770     return 0;
771    
772     return (mac->mac_len);
773     }
774    
775     return 0;
776     }
777    
778     // for SSH2
779     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
780 maya 3003 char FAR * data, int len, char FAR * MAC)
781 yutakakn 2728 {
782 maya 3003 HMAC_CTX c;
783     static u_char m[EVP_MAX_MD_SIZE];
784 yutakakn 2728 u_char b[4];
785     struct Mac *mac;
786    
787     if (SSHv2(pvar)) { // for SSH2(yutaka)
788     mac = &pvar->ssh2_keys[MODE_OUT].mac;
789     if (mac == NULL || mac->enabled == 0)
790     return FALSE;
791 maya 3003
792     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
793 yutakakn 2728 set_uint32_MSBfirst(b, sequence_number);
794     HMAC_Update(&c, b, sizeof(b));
795     HMAC_Update(&c, data, len);
796     HMAC_Final(&c, m, NULL);
797     HMAC_cleanup(&c);
798    
799     // 20�o�C�g�������R�s�[
800     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
801     // memcpy(MAC, m, sizeof(m));
802    
803     return TRUE;
804     }
805    
806     return TRUE;
807    
808     }
809    
810     static int choose_cipher(PTInstVar pvar, int supported)
811     {
812     int i;
813    
814     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
815     int cipher = pvar->session_settings.CipherOrder[i] - '0';
816    
817     if (cipher == SSH_CIPHER_NONE) {
818     break;
819     } else if ((supported & (1 << cipher)) != 0) {
820     return cipher;
821     }
822     }
823    
824     return SSH_CIPHER_NONE;
825     }
826    
827     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
828     {
829     if (SSHv1(pvar)) {
830     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
831 maya 3003 pvar->crypt_state.
832     supported_sender_ciphers);
833 yutakakn 2728 pvar->crypt_state.receiver_cipher =
834     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
835    
836     } else { // SSH2(yutaka)
837     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
838     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
839    
840     }
841    
842     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
843     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
844 maya 2994 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
845 maya 3003 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
846     "To communicate with this server, you will have to enable some more ciphers\n"
847     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
848     "This connection will now close.");
849 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
850 yutakakn 2728 return FALSE;
851     } else {
852     return TRUE;
853     }
854     }
855    
856     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
857     {
858     int server_key_bits =
859     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
860     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
861     int server_key_bytes = (server_key_bits + 7) / 8;
862     int host_key_bytes = (host_key_bits + 7) / 8;
863    
864     if (server_key_bits < host_key_bits) {
865     return host_key_bytes;
866     } else {
867     return server_key_bytes;
868     }
869     }
870    
871     int CRYPT_choose_session_key(PTInstVar pvar,
872 maya 3003 unsigned char FAR * encrypted_key_buf)
873 yutakakn 2728 {
874     int server_key_bits =
875     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
876     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
877     int server_key_bytes = (server_key_bits + 7) / 8;
878     int host_key_bytes = (host_key_bits + 7) / 8;
879     int encrypted_key_bytes;
880     int bit_delta;
881    
882     if (server_key_bits < host_key_bits) {
883     encrypted_key_bytes = host_key_bytes;
884     bit_delta = host_key_bits - server_key_bits;
885     } else {
886     encrypted_key_bytes = server_key_bytes;
887     bit_delta = server_key_bits - host_key_bits;
888     }
889    
890     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
891 maya 2994 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
892 maya 3003 "Server RSA keys are too weak. A secure connection cannot be established.");
893 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
894 yutakakn 2728 return 0;
895     } else {
896     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
897     for the session ID, rather than the one specified in the RFC */
898     int session_buf_len = server_key_bytes + host_key_bytes + 8;
899     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
900     char session_id[16];
901     int i;
902    
903     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
904     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
905 maya 3003 session_buf + host_key_bytes);
906 yutakakn 2728 memcpy(session_buf + server_key_bytes + host_key_bytes,
907 maya 3003 pvar->crypt_state.server_cookie, 8);
908 yutakakn 2728 MD5(session_buf, session_buf_len, session_id);
909    
910     free(session_buf);
911    
912     RAND_bytes(pvar->crypt_state.sender_cipher_key,
913 maya 3003 SSH_SESSION_KEY_LENGTH);
914 yutakakn 2728 memcpy(pvar->crypt_state.receiver_cipher_key,
915 maya 3003 pvar->crypt_state.sender_cipher_key,
916     SSH_SESSION_KEY_LENGTH);
917 yutakakn 2728
918     memcpy(encrypted_key_buf + encrypted_key_bytes -
919 maya 3003 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
920     SSH_SESSION_KEY_LENGTH);
921 yutakakn 2728 for (i = 0; i < sizeof(session_id); i++) {
922     encrypted_key_buf[encrypted_key_bytes -
923 maya 3003 SSH_SESSION_KEY_LENGTH + i]
924 yutakakn 2728 ^= session_id[i];
925     }
926    
927     if (host_key_bits > server_key_bits) {
928     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
929 maya 3003 encrypted_key_buf +
930     encrypted_key_bytes -
931     SSH_SESSION_KEY_LENGTH,
932     encrypted_key_buf +
933     encrypted_key_bytes - server_key_bytes,
934     pvar->crypt_state.server_key.RSA_key,
935     RSA_PKCS1_PADDING) < 0)
936 yutakakn 2728 return 0;
937    
938     if (RSA_public_encrypt(server_key_bytes,
939 maya 3003 encrypted_key_buf +
940     encrypted_key_bytes - server_key_bytes,
941     encrypted_key_buf,
942     pvar->crypt_state.host_key.RSA_key,
943     RSA_PKCS1_PADDING) < 0)
944 yutakakn 2728 return 0;
945     } else {
946     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
947 maya 3003 encrypted_key_buf +
948     encrypted_key_bytes -
949     SSH_SESSION_KEY_LENGTH,
950     encrypted_key_buf +
951     encrypted_key_bytes - host_key_bytes,
952     pvar->crypt_state.host_key.RSA_key,
953     RSA_PKCS1_PADDING) < 0)
954 yutakakn 2728 return 0;
955    
956     if (RSA_public_encrypt(host_key_bytes,
957 maya 3003 encrypted_key_buf +
958     encrypted_key_bytes - host_key_bytes,
959     encrypted_key_buf,
960     pvar->crypt_state.server_key.RSA_key,
961     RSA_PKCS1_PADDING) < 0)
962 yutakakn 2728 return 0;
963     }
964     }
965    
966     return 1;
967     }
968    
969     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
970 maya 3003 unsigned char FAR * challenge,
971     int challenge_len,
972     unsigned char FAR * response)
973 yutakakn 2728 {
974     int server_key_bits =
975     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
976     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
977     int server_key_bytes = (server_key_bits + 7) / 8;
978     int host_key_bytes = (host_key_bits + 7) / 8;
979     int session_buf_len = server_key_bytes + host_key_bytes + 8;
980     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
981     char decrypted_challenge[48];
982     int decrypted_challenge_len;
983    
984     decrypted_challenge_len =
985     RSA_private_decrypt(challenge_len, challenge, challenge,
986 maya 3003 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
987     RSA_PKCS1_PADDING);
988 yutakakn 2728 if (decrypted_challenge_len < 0) {
989     free(session_buf);
990     return 0;
991     }
992     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
993     memcpy(decrypted_challenge,
994 maya 3003 challenge + decrypted_challenge_len -
995     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
996 yutakakn 2728 } else {
997     memset(decrypted_challenge, 0,
998 maya 3003 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
999 yutakakn 2728 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1000 maya 3003 decrypted_challenge_len, challenge,
1001     decrypted_challenge_len);
1002 yutakakn 2728 }
1003    
1004     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1005     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1006 maya 3003 session_buf + host_key_bytes);
1007 yutakakn 2728 memcpy(session_buf + server_key_bytes + host_key_bytes,
1008 maya 3003 pvar->crypt_state.server_cookie, 8);
1009 yutakakn 2728 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1010    
1011     free(session_buf);
1012    
1013     MD5(decrypted_challenge, 48, response);
1014    
1015     return 1;
1016     }
1017    
1018     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1019     {
1020     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1021     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1022     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1023     memset(state->ivec1, 0, 8);
1024     memset(state->ivec2, 0, 8);
1025     memset(state->ivec3, 0, 8);
1026     }
1027    
1028     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1029     {
1030     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1031     memset(state->ivec, 0, 8);
1032     }
1033    
1034     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1035     {
1036     idea_set_encrypt_key(session_key, &state->k);
1037     memset(state->ivec, 0, 8);
1038     }
1039    
1040     static void cBlowfish_init(char FAR * session_key,
1041 maya 3003 CipherBlowfishState FAR * state)
1042 yutakakn 2728 {
1043     BF_set_key(&state->k, 32, session_key);
1044     memset(state->ivec, 0, 8);
1045     }
1046    
1047    
1048     //
1049     // SSH2�p�A���S���Y����������
1050     //
1051     // for SSH2(yutaka)
1052     //
1053 maya 3003 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1054     const u_char *key, u_int keylen,
1055     const u_char *iv, u_int ivlen,
1056     int encrypt,
1057     const EVP_CIPHER *(*func)(void))
1058 yutakakn 2728 {
1059     EVP_CIPHER *type;
1060     int klen;
1061    
1062     type = (EVP_CIPHER *)func();
1063    
1064     EVP_CIPHER_CTX_init(evp);
1065     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1066     // TODO:
1067     }
1068    
1069     klen = EVP_CIPHER_CTX_key_length(evp);
1070     if (klen > 0 && keylen != klen) {
1071     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1072     // TODO:
1073     }
1074     }
1075     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1076     // TODO:
1077     }
1078     }
1079    
1080    
1081     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1082     {
1083     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1084     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1085     BOOL isOK = TRUE;
1086    
1087     if (sender_flag) {
1088     switch (pvar->crypt_state.sender_cipher) {
1089     // for SSH2(yutaka)
1090     case SSH_CIPHER_3DES_CBC:
1091     {
1092     struct Enc *enc;
1093    
1094     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1095 maya 3003 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1096     enc->key, 24, enc->iv, 8,
1097     CIPHER_ENCRYPT,
1098     EVP_des_ede3_cbc);
1099 yutakakn 2728
1100     //debug_print(10, enc->key, 24);
1101     //debug_print(11, enc->iv, 24);
1102    
1103     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1104     break;
1105     }
1106    
1107     // for SSH2(yutaka)
1108     case SSH_CIPHER_AES128:
1109     {
1110     struct Enc *enc;
1111    
1112     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1113     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1114 maya 3003 enc->key, 16, enc->iv, 16,
1115     CIPHER_ENCRYPT,
1116     EVP_aes_128_cbc);
1117 yutakakn 2728
1118     //debug_print(10, enc->key, 24);
1119     //debug_print(11, enc->iv, 24);
1120    
1121     pvar->crypt_state.encrypt = cAES128_encrypt;
1122     break;
1123     }
1124    
1125     case SSH_CIPHER_3DES:{
1126     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1127     pvar->crypt_state.encrypt = c3DES_encrypt;
1128     break;
1129     }
1130     case SSH_CIPHER_IDEA:{
1131     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1132     pvar->crypt_state.encrypt = cIDEA_encrypt;
1133     break;
1134     }
1135     case SSH_CIPHER_DES:{
1136     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1137     pvar->crypt_state.encrypt = cDES_encrypt;
1138     break;
1139     }
1140     case SSH_CIPHER_RC4:{
1141     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1142     encryption_key + 16);
1143     pvar->crypt_state.encrypt = cRC4_encrypt;
1144     break;
1145     }
1146     case SSH_CIPHER_BLOWFISH:{
1147     cBlowfish_init(encryption_key,
1148 maya 3003 &pvar->crypt_state.enc.cBlowfish);
1149 yutakakn 2728 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1150     break;
1151     }
1152     default:
1153     isOK = FALSE;
1154     }
1155     }
1156    
1157    
1158     if (receiver_flag) {
1159     switch (pvar->crypt_state.receiver_cipher) {
1160     // for SSH2(yutaka)
1161     case SSH_CIPHER_3DES_CBC:
1162     {
1163     struct Enc *enc;
1164    
1165     enc = &pvar->ssh2_keys[MODE_IN].enc;
1166     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1167 maya 3003 enc->key, 24, enc->iv, 8,
1168     CIPHER_DECRYPT,
1169     EVP_des_ede3_cbc);
1170 yutakakn 2728
1171     //debug_print(12, enc->key, 24);
1172     //debug_print(13, enc->iv, 24);
1173    
1174     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1175     break;
1176     }
1177    
1178     // for SSH2(yutaka)
1179     case SSH_CIPHER_AES128:
1180     {
1181     struct Enc *enc;
1182    
1183     enc = &pvar->ssh2_keys[MODE_IN].enc;
1184     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1185 maya 3003 enc->key, 16, enc->iv, 16,
1186     CIPHER_DECRYPT,
1187     EVP_aes_128_cbc);
1188 yutakakn 2728
1189     //debug_print(12, enc->key, 24);
1190     //debug_print(13, enc->iv, 24);
1191    
1192     pvar->crypt_state.decrypt = cAES128_decrypt;
1193     break;
1194     }
1195    
1196     case SSH_CIPHER_3DES:{
1197     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1198     pvar->crypt_state.decrypt = c3DES_decrypt;
1199     break;
1200     }
1201     case SSH_CIPHER_IDEA:{
1202     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1203     pvar->crypt_state.decrypt = cIDEA_decrypt;
1204     break;
1205     }
1206     case SSH_CIPHER_DES:{
1207     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1208     pvar->crypt_state.decrypt = cDES_decrypt;
1209     break;
1210     }
1211     case SSH_CIPHER_RC4:{
1212     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1213     pvar->crypt_state.decrypt = cRC4_decrypt;
1214     break;
1215     }
1216     case SSH_CIPHER_BLOWFISH:{
1217     cBlowfish_init(decryption_key,
1218 maya 3003 &pvar->crypt_state.dec.cBlowfish);
1219 yutakakn 2728 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1220     break;
1221     }
1222     default:
1223     isOK = FALSE;
1224     }
1225     }
1226    
1227    
1228     if (!isOK) {
1229 maya 2994 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1230 maya 3003 "No cipher selected!");
1231 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
1232 yutakakn 2728 return FALSE;
1233     } else {
1234     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1235     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1236     return TRUE;
1237     }
1238     }
1239    
1240     void CRYPT_init(PTInstVar pvar)
1241     {
1242     pvar->crypt_state.encrypt = no_encrypt;
1243     pvar->crypt_state.decrypt = no_encrypt;
1244     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1245     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1246     pvar->crypt_state.server_key.RSA_key = NULL;
1247     pvar->crypt_state.host_key.RSA_key = NULL;
1248    
1249     pvar->crypt_state.detect_attack_statics.h = NULL;
1250     pvar->crypt_state.detect_attack_statics.n =
1251     HASH_MINSIZE / HASH_ENTRYSIZE;
1252     }
1253    
1254     static char FAR *get_cipher_name(int cipher)
1255     {
1256     switch (cipher) {
1257     case SSH_CIPHER_NONE:
1258     return "None";
1259     case SSH_CIPHER_3DES:
1260     return "3DES (168 key bits)";
1261     case SSH_CIPHER_DES:
1262     return "DES (56 key bits)";
1263     case SSH_CIPHER_IDEA:
1264     return "IDEA (128 key bits)";
1265     case SSH_CIPHER_RC4:
1266     return "RC4 (128 key bits)";
1267     case SSH_CIPHER_BLOWFISH:
1268     return "Blowfish (256 key bits)";
1269    
1270     // SSH2
1271     case SSH_CIPHER_3DES_CBC:
1272     return "3DES-CBC";
1273     case SSH_CIPHER_AES128:
1274     return "AES128";
1275    
1276     default:
1277     return "Unknown";
1278     }
1279     }
1280    
1281     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1282     {
1283 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1284 maya 3003 "%s to server, %s from server");
1285 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1286 maya 3003 get_cipher_name(pvar->crypt_state.sender_cipher),
1287     get_cipher_name(pvar->crypt_state.receiver_cipher));
1288 yutakakn 2728 }
1289    
1290     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1291     {
1292     if (SSHv1(pvar)) {
1293     if (pvar->crypt_state.server_key.RSA_key == NULL
1294 maya 3003 || pvar->crypt_state.host_key.RSA_key == NULL) {
1295 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1296 maya 2992 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1297 yutakakn 2728 } else {
1298 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1299 maya 3003 "%d-bit server key, %d-bit host key");
1300 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1301 maya 3003 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1302     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1303 yutakakn 2728 }
1304     } else { // SSH2
1305 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1306 maya 3003 "%d-bit server key, %d-bit host key");
1307 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1308 maya 3003 pvar->server_key_bits,
1309     pvar->client_key_bits);
1310 yutakakn 2728 }
1311     }
1312    
1313     static void destroy_public_key(CRYPTPublicKey FAR * key)
1314     {
1315     if (key->RSA_key != NULL) {
1316     RSA_free(key->RSA_key);
1317     key->RSA_key = NULL;
1318     }
1319     }
1320    
1321     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1322     {
1323     destroy_public_key(key);
1324     free(key);
1325     }
1326    
1327     void CRYPT_end(PTInstVar pvar)
1328     {
1329     destroy_public_key(&pvar->crypt_state.host_key);
1330     destroy_public_key(&pvar->crypt_state.server_key);
1331    
1332     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1333     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1334 maya 3003 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1335 yutakakn 2728 free(pvar->crypt_state.detect_attack_statics.h);
1336     }
1337    
1338     memset(pvar->crypt_state.sender_cipher_key, 0,
1339 maya 3003 sizeof(pvar->crypt_state.sender_cipher_key));
1340 yutakakn 2728 memset(pvar->crypt_state.receiver_cipher_key, 0,
1341 maya 3003 sizeof(pvar->crypt_state.receiver_cipher_key));
1342 yutakakn 2728 memset(pvar->crypt_state.server_cookie, 0,
1343 maya 3003 sizeof(pvar->crypt_state.server_cookie));
1344 yutakakn 2728 memset(pvar->crypt_state.client_cookie, 0,
1345 maya 3003 sizeof(pvar->crypt_state.client_cookie));
1346 yutakakn 2728 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1347     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1348     }
1349    
1350     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1351 maya 3003 char FAR * buf, int bytes)
1352 yutakakn 2728 {
1353     unsigned char passphrase_key[16];
1354    
1355     MD5(passphrase, strlen(passphrase), passphrase_key);
1356    
1357     switch (cipher) {
1358     case SSH_CIPHER_3DES:{
1359     Cipher3DESState state;
1360    
1361     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1362 maya 3003 &state.k1);
1363 yutakakn 2728 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1364 maya 3003 &state.k2);
1365 yutakakn 2728 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1366 maya 3003 &state.k3);
1367 yutakakn 2728 memset(state.ivec1, 0, 8);
1368     memset(state.ivec2, 0, 8);
1369     memset(state.ivec3, 0, 8);
1370     DES_ncbc_encrypt(buf, buf, bytes,
1371 maya 3003 &state.k3, &state.ivec3, DES_DECRYPT);
1372 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
1373 maya 3003 &state.k2, &state.ivec2, DES_ENCRYPT);
1374 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
1375 maya 3003 &state.k1, &state.ivec1, DES_DECRYPT);
1376 yutakakn 2728 break;
1377     }
1378    
1379     case SSH_CIPHER_IDEA:{
1380     CipherIDEAState state;
1381     int num = 0;
1382    
1383     cIDEA_init(passphrase_key, &state);
1384     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1385 maya 3003 &num, IDEA_DECRYPT);
1386 yutakakn 2728 break;
1387     }
1388    
1389     case SSH_CIPHER_DES:{
1390     CipherDESState state;
1391    
1392     cDES_init(passphrase_key, &state);
1393     DES_ncbc_encrypt(buf, buf, bytes,
1394 maya 3003 &state.k, &state.ivec, DES_DECRYPT);
1395 yutakakn 2728 break;
1396     }
1397    
1398     case SSH_CIPHER_RC4:{
1399     CipherRC4State state;
1400     int num = 0;
1401    
1402     RC4_set_key(&state.k, 16, passphrase_key);
1403     RC4(&state.k, bytes, buf, buf);
1404     break;
1405     }
1406    
1407     case SSH_CIPHER_BLOWFISH:{
1408     CipherBlowfishState state;
1409    
1410     BF_set_key(&state.k, 16, passphrase_key);
1411     memset(state.ivec, 0, 8);
1412     flip_endianness(buf, bytes);
1413     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1414     BF_DECRYPT);
1415     flip_endianness(buf, bytes);
1416     break;
1417     }
1418    
1419     case SSH_CIPHER_NONE:
1420     break;
1421    
1422     default:
1423     memset(passphrase_key, 0, sizeof(passphrase_key));
1424     return 0;
1425     }
1426    
1427     memset(passphrase_key, 0, sizeof(passphrase_key));
1428     return 1;
1429     }
1430    
1431     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1432     {
1433 yutakakn 2762 if (key_pair->RSA_key != NULL)
1434     RSA_free(key_pair->RSA_key);
1435    
1436     if (key_pair->DSA_key != NULL)
1437     DSA_free(key_pair->DSA_key);
1438    
1439 yutakakn 2728 free(key_pair);
1440     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help