Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3039 - (hide annotations) (download) (as text)
Wed Oct 17 04:03:41 2007 UTC (16 years, 5 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41074 byte(s) 
SSH2 の暗号方式として AES192 をサポートした。
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40 yutakakn 2831 #include <openssl/dsa.h>
41 yutakakn 2728 #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51 maya 3039 * $Id: crypt.c,v 1.14 2007-10-17 04:03:41 maya Exp $ Cryptographic attack
52 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 maya 3003 uint32 len, unsigned char FAR * IV)
88 yutakakn 2728 {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116 maya 3003 unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118 yutakakn 2728 {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 maya 3003 int bytes)
192 yutakakn 2728 {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 maya 3003 buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202 yutakakn 2728 default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 maya 3003 buf, bytes, NULL) == DEATTACK_DETECTED;
205 yutakakn 2728 }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217 maya 3039 // ���O�������������������������������AAES192, AES256 ����
218 maya 3036 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 yutakakn 2728 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 maya 3003 int bytes)
221 yutakakn 2728 {
222     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
223     unsigned char *newbuf = malloc(bytes);
224     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
225    
226     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227     if (bytes == 0)
228     return;
229    
230     if (newbuf == NULL)
231     return;
232    
233     if (bytes % block_size) {
234     char tmp[80];
235 maya 2994 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
236 maya 3003 "AES128 encrypt error(1): bytes %d (%d)");
237 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
238 maya 3003 pvar->ts->UIMsg, bytes, block_size);
239 yutakakn 2728 notify_fatal_error(pvar, tmp);
240     goto error;
241     }
242    
243     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
244     // TODO: failure
245 maya 2994 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
246 maya 3003 "AES128 encrypt error(1): bytes %d (%d)");
247 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
248 yutakakn 2728
249     } else {
250     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253    
254     //debug_print(50, key, 24);
255     //debug_print(51, iv, 8);
256     //debug_print(52, buf, bytes);
257     //debug_print(53, newbuf, bytes);
258    
259     memcpy(buf, newbuf, bytes);
260     }
261    
262     error:
263     free(newbuf);
264     }
265    
266     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 maya 3003 int bytes)
268 yutakakn 2728 {
269     // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
270     unsigned char *newbuf = malloc(bytes);
271     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272    
273     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
274     if (bytes == 0)
275     return;
276    
277     if (newbuf == NULL)
278     return;
279    
280     if (bytes % block_size) {
281     char tmp[80];
282 maya 2994 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
283 maya 3003 "AES128 decrypt error(1): bytes %d (%d)");
284 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
285 yutakakn 2728 notify_fatal_error(pvar, tmp);
286     goto error;
287     }
288    
289     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
290     // TODO:
291 maya 2994 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
292 maya 3003 "AES128 decrypt error(2)");
293 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
294 yutakakn 2728
295     } else {
296     #if 0
297     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
298     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
299     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
300    
301     {
302     static int no = 70;
303     debug_print(no, buf, bytes);
304     //debug_print(no, key, AES128_KEYLEN);
305     //debug_print(10*no, iv, AES128_IVLEN);
306     debug_print(30*no, newbuf, bytes);
307     no++;
308     }
309     #endif
310    
311     memcpy(buf, newbuf, bytes);
312     }
313    
314     error:;
315     free(newbuf);
316     }
317    
318    
319    
320     // for SSH2(yutaka)
321     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
322 maya 3003 int bytes)
323 yutakakn 2728 {
324     unsigned char key[24], iv[8];
325     unsigned char *newbuf = malloc(bytes);
326    
327     if (newbuf == NULL)
328     return;
329    
330     #if 1
331    
332     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
333     // TODO: failure
334     } else {
335     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
336     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
337     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
338    
339     //debug_print(50, key, 24);
340     //debug_print(51, iv, 8);
341     //debug_print(52, buf, bytes);
342     //debug_print(53, newbuf, bytes);
343    
344     memcpy(buf, newbuf, bytes);
345     }
346     free(newbuf);
347     #else
348    
349     memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351     memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352    
353     //debug_print(50, key, 24);
354     //debug_print(51, iv, 8);
355     //debug_print(52, buf, bytes);
356    
357     #if 0
358     DES_ede3_cbc_encrypt(
359     buf, newbuf, bytes,
360     (DES_key_schedule *)&key[0],
361     (DES_key_schedule *)&key[8],
362     (DES_key_schedule *)&key[16],
363     (DES_cblock *)iv,
364     DES_ENCRYPT);
365     #else
366     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
367     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
368     DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
369    
370     #endif
371    
372     //debug_print(53, newbuf, bytes);
373    
374     memcpy(buf, newbuf, bytes);
375     free(newbuf);
376    
377     #endif
378     }
379    
380     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
381 maya 3003 int bytes)
382 yutakakn 2728 {
383     unsigned char key[24], iv[8];
384     unsigned char *newbuf = malloc(bytes);
385    
386     if (newbuf == NULL)
387     return;
388    
389     #if 1
390     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
391     // TODO:
392    
393     } else {
394     memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
395     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
396     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
397    
398     //debug_print(70, key, 24);
399     //debug_print(71, iv, 8);
400     //debug_print(72, buf, bytes);
401     //debug_print(73, newbuf, bytes);
402    
403     memcpy(buf, newbuf, bytes);
404     }
405     free(newbuf);
406    
407     #else
408     unsigned char *key, iv[8];
409     unsigned char *newbuf = malloc(bytes);
410     if (newbuf == NULL)
411     return;
412    
413     key = pvar->ssh2_keys[MODE_IN].enc.key;
414     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
415     memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
416    
417     //debug_print(60, key, 24);
418     //debug_print(61, iv, 8);
419     //debug_print(62, buf, bytes);
420    
421     DES_ede3_cbc_encrypt(
422     buf, newbuf, bytes,
423     (DES_key_schedule *)&key[0],
424     (DES_key_schedule *)&key[8],
425     (DES_key_schedule *)&key[16],
426     (DES_cblock *)iv,
427     DES_DECRYPT);
428    
429     //debug_print(63, newbuf, bytes);
430    
431     memcpy(buf, newbuf, bytes);
432    
433     free(newbuf);
434     #endif
435     }
436    
437    
438     static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
439 maya 3003 int bytes)
440 yutakakn 2728 {
441     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
442    
443     DES_ncbc_encrypt(buf, buf, bytes,
444 maya 3003 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
445 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
446 maya 3003 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
447 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
448 maya 3003 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
449 yutakakn 2728 }
450    
451     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
452 maya 3003 int bytes)
453 yutakakn 2728 {
454     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
455    
456     DES_ncbc_encrypt(buf, buf, bytes,
457 maya 3003 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
458 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
459 maya 3003 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
460 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
461 maya 3003 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
462 yutakakn 2728 }
463    
464     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
465     int bytes)
466     {
467     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
468    
469     DES_ncbc_encrypt(buf, buf, bytes,
470 maya 3003 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
471 yutakakn 2728 }
472    
473     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
474     int bytes)
475     {
476     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
477    
478     DES_ncbc_encrypt(buf, buf, bytes,
479 maya 3003 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
480 yutakakn 2728 }
481    
482     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
483 maya 3003 int bytes)
484 yutakakn 2728 {
485     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
486     int num = 0;
487    
488     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
489 maya 3003 encryptstate->ivec, &num, IDEA_ENCRYPT);
490 yutakakn 2728 }
491    
492     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
493 maya 3003 int bytes)
494 yutakakn 2728 {
495     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
496     int num = 0;
497    
498     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
499 maya 3003 decryptstate->ivec, &num, IDEA_DECRYPT);
500 yutakakn 2728 }
501    
502     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
503     {
504     uint32 FAR *buf = (uint32 FAR *) cbuf;
505     int count = bytes / 4;
506    
507     while (count > 0) {
508     uint32 w = *buf;
509    
510     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
511 maya 3003 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
512 yutakakn 2728 count--;
513     buf++;
514     }
515     }
516    
517     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
518 maya 3003 int bytes)
519 yutakakn 2728 {
520     CipherBlowfishState FAR *encryptstate =
521     &pvar->crypt_state.enc.cBlowfish;
522    
523     flip_endianness(buf, bytes);
524     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
525 maya 3003 BF_ENCRYPT);
526 yutakakn 2728 flip_endianness(buf, bytes);
527     }
528    
529     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
530 maya 3003 int bytes)
531 yutakakn 2728 {
532     CipherBlowfishState FAR *decryptstate =
533     &pvar->crypt_state.dec.cBlowfish;
534    
535     flip_endianness(buf, bytes);
536     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
537 maya 3003 BF_DECRYPT);
538 yutakakn 2728 flip_endianness(buf, bytes);
539     }
540    
541     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
542 maya 3003 int bytes)
543 yutakakn 2728 {
544     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
545     int num = 0;
546    
547     RC4(&encryptstate->k, bytes, buf, buf);
548     }
549    
550     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
551 maya 3003 int bytes)
552 yutakakn 2728 {
553     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
554     int num = 0;
555    
556     RC4(&decryptstate->k, bytes, buf, buf);
557     }
558    
559     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
560 maya 3003 int bytes)
561 yutakakn 2728 {
562     RAND_bytes(buf, bytes);
563     }
564    
565     void CRYPT_initialize_random_numbers(PTInstVar pvar)
566     {
567     RAND_screen();
568     }
569    
570     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
571     {
572     int bits = get_ushort16_MSBfirst(bytes);
573    
574     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
575     }
576    
577 yutakakn 2857 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
578     RSA FAR *make_key(PTInstVar pvar,
579 maya 3003 int bits, unsigned char FAR * exp,
580     unsigned char FAR * mod)
581 yutakakn 2728 {
582     RSA FAR *key = RSA_new();
583    
584     if (key != NULL) {
585     key->e = get_bignum(exp);
586     key->n = get_bignum(mod);
587     }
588    
589     if (key == NULL || key->e == NULL || key->n == NULL) {
590 maya 2994 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
591 maya 3003 "Error setting up RSA keys");
592 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
593 yutakakn 2728
594     if (key != NULL) {
595     if (key->e != NULL) {
596     BN_free(key->e);
597     }
598     if (key->n != NULL) {
599     BN_free(key->n);
600     }
601     RSA_free(key);
602     }
603    
604     return NULL;
605     } else {
606     return key;
607     }
608     }
609    
610     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
611     {
612     if (SSHv1(pvar)) {
613     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
614     } else {
615     memcpy(pvar->crypt_state.server_cookie, cookie,
616 maya 3003 SSH2_COOKIE_LENGTH);
617 yutakakn 2728 }
618     }
619    
620     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
621     {
622     if (SSHv2(pvar)) {
623     memcpy(pvar->crypt_state.client_cookie, cookie,
624 maya 3003 SSH2_COOKIE_LENGTH);
625 yutakakn 2728 }
626     }
627    
628     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
629 maya 3003 int bits, unsigned char FAR * exp,
630     unsigned char FAR * mod)
631 yutakakn 2728 {
632     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
633    
634     return pvar->crypt_state.server_key.RSA_key != NULL;
635     }
636    
637     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
638 maya 3003 int bits, unsigned char FAR * exp,
639     unsigned char FAR * mod)
640 yutakakn 2728 {
641     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
642    
643     return pvar->crypt_state.host_key.RSA_key != NULL;
644     }
645    
646     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
647 maya 3003 int receiver_ciphers)
648 yutakakn 2728 {
649     int cipher_mask;
650    
651     if (SSHv1(pvar)) {
652     cipher_mask = (1 << SSH_CIPHER_DES)
653 maya 3003 | (1 << SSH_CIPHER_3DES)
654     | (1 << SSH_CIPHER_BLOWFISH);
655 yutakakn 2728
656     } else { // for SSH2(yutaka)
657     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
658 maya 3036 cipher_mask = (1 << SSH_CIPHER_3DES_CBC)
659     | (1 << SSH_CIPHER_AES128)
660     #ifdef SSH2_BLOWFISH
661     | (1 << SSH_CIPHER_BLOWFISH)
662     #endif
663 maya 3039 | (1 << SSH_CIPHER_AES192)
664 maya 3036 | (1 << SSH_CIPHER_AES256);
665 yutakakn 2728 }
666    
667     sender_ciphers &= cipher_mask;
668     receiver_ciphers &= cipher_mask;
669     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
670     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
671    
672     if (sender_ciphers == 0) {
673 maya 2994 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
674 maya 3003 "The server does not support any of the TTSSH encryption algorithms.\n"
675     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
676     "The connection will be closed.");
677 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
678 yutakakn 2728 return FALSE;
679     } else if (receiver_ciphers == 0) {
680 maya 2994 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
681 maya 3003 "The server does not support any of the TTSSH encryption algorithms.\n"
682     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
683     "The connection will be closed.");
684 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
685 yutakakn 2728 return FALSE;
686     } else {
687     return TRUE;
688     }
689     }
690    
691     int CRYPT_get_decryption_block_size(PTInstVar pvar)
692     {
693     if (SSHv1(pvar)) {
694     return 8;
695     } else {
696     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
697     // cf. 3DES=8, AES128=16
698     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
699     }
700     }
701    
702     int CRYPT_get_encryption_block_size(PTInstVar pvar)
703     {
704     if (SSHv1(pvar)) {
705     return 8;
706     } else {
707     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
708     // cf. 3DES=8, AES128=16
709     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
710     }
711     }
712    
713     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
714     {
715     struct Mac *mac;
716    
717     if (SSHv1(pvar)) {
718     return 0;
719    
720     } else { // for SSH2(yutaka)
721     mac = &pvar->ssh2_keys[MODE_IN].mac;
722     if (mac == NULL || mac->enabled == 0)
723     return 0;
724    
725     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
726     }
727    
728     }
729    
730 yutakakn 2757 // HMAC������
731     // ���{������ SSH2 �������g�p�������B
732     // (2004.12.17 yutaka)
733 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
734 maya 3003 char FAR * data, int len, char FAR * MAC)
735 yutakakn 2728 {
736 maya 3003 HMAC_CTX c;
737     unsigned char m[EVP_MAX_MD_SIZE];
738     unsigned char b[4];
739 yutakakn 2757 struct Mac *mac;
740    
741     mac = &pvar->ssh2_keys[MODE_IN].mac;
742    
743     // HMAC�������L���������������A����OK�����������B
744     if (mac == NULL || mac->enabled == 0)
745     return TRUE;
746    
747 maya 3003 if (mac->key == NULL)
748 yutakakn 2757 goto error;
749    
750 maya 3003 if ((u_int)mac->mac_len > sizeof(m))
751 yutakakn 2757 goto error;
752    
753 maya 3003 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
754     set_uint32_MSBfirst(b, sequence_number);
755     HMAC_Update(&c, b, sizeof(b));
756     HMAC_Update(&c, data, len);
757     HMAC_Final(&c, m, NULL);
758     HMAC_cleanup(&c);
759 yutakakn 2757
760     if (memcmp(m, MAC, mac->mac_len)) {
761     goto error;
762     }
763    
764 yutakakn 2728 return TRUE;
765 yutakakn 2757
766     error:
767     return FALSE;
768 yutakakn 2728 }
769    
770     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
771     {
772     struct Mac *mac;
773    
774     if (SSHv2(pvar)) { // for SSH2(yutaka)
775     mac = &pvar->ssh2_keys[MODE_OUT].mac;
776     if (mac == NULL || mac->enabled == 0)
777     return 0;
778    
779     return (mac->mac_len);
780     }
781    
782     return 0;
783     }
784    
785     // for SSH2
786     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
787 maya 3003 char FAR * data, int len, char FAR * MAC)
788 yutakakn 2728 {
789 maya 3003 HMAC_CTX c;
790     static u_char m[EVP_MAX_MD_SIZE];
791 yutakakn 2728 u_char b[4];
792     struct Mac *mac;
793    
794     if (SSHv2(pvar)) { // for SSH2(yutaka)
795     mac = &pvar->ssh2_keys[MODE_OUT].mac;
796     if (mac == NULL || mac->enabled == 0)
797     return FALSE;
798 maya 3003
799     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
800 yutakakn 2728 set_uint32_MSBfirst(b, sequence_number);
801     HMAC_Update(&c, b, sizeof(b));
802     HMAC_Update(&c, data, len);
803     HMAC_Final(&c, m, NULL);
804     HMAC_cleanup(&c);
805    
806     // 20�o�C�g�������R�s�[
807     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
808     // memcpy(MAC, m, sizeof(m));
809    
810     return TRUE;
811     }
812    
813     return TRUE;
814    
815     }
816    
817     static int choose_cipher(PTInstVar pvar, int supported)
818     {
819     int i;
820    
821     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
822     int cipher = pvar->session_settings.CipherOrder[i] - '0';
823    
824     if (cipher == SSH_CIPHER_NONE) {
825     break;
826     } else if ((supported & (1 << cipher)) != 0) {
827     return cipher;
828     }
829     }
830    
831     return SSH_CIPHER_NONE;
832     }
833    
834     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
835     {
836     if (SSHv1(pvar)) {
837     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
838 maya 3003 pvar->crypt_state.
839     supported_sender_ciphers);
840 yutakakn 2728 pvar->crypt_state.receiver_cipher =
841     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
842    
843     } else { // SSH2(yutaka)
844     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
845     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
846    
847     }
848    
849     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
850     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
851 maya 2994 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
852 maya 3003 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
853     "To communicate with this server, you will have to enable some more ciphers\n"
854     "in the TTSSH Setup dialog box when you run Teraterm again.\n"
855     "This connection will now close.");
856 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
857 yutakakn 2728 return FALSE;
858     } else {
859     return TRUE;
860     }
861     }
862    
863     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
864     {
865     int server_key_bits =
866     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
867     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
868     int server_key_bytes = (server_key_bits + 7) / 8;
869     int host_key_bytes = (host_key_bits + 7) / 8;
870    
871     if (server_key_bits < host_key_bits) {
872     return host_key_bytes;
873     } else {
874     return server_key_bytes;
875     }
876     }
877    
878     int CRYPT_choose_session_key(PTInstVar pvar,
879 maya 3003 unsigned char FAR * encrypted_key_buf)
880 yutakakn 2728 {
881     int server_key_bits =
882     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
883     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
884     int server_key_bytes = (server_key_bits + 7) / 8;
885     int host_key_bytes = (host_key_bits + 7) / 8;
886     int encrypted_key_bytes;
887     int bit_delta;
888    
889     if (server_key_bits < host_key_bits) {
890     encrypted_key_bytes = host_key_bytes;
891     bit_delta = host_key_bits - server_key_bits;
892     } else {
893     encrypted_key_bytes = server_key_bytes;
894     bit_delta = server_key_bits - host_key_bits;
895     }
896    
897     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
898 maya 2994 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
899 maya 3003 "Server RSA keys are too weak. A secure connection cannot be established.");
900 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
901 yutakakn 2728 return 0;
902     } else {
903     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
904     for the session ID, rather than the one specified in the RFC */
905     int session_buf_len = server_key_bytes + host_key_bytes + 8;
906     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
907     char session_id[16];
908     int i;
909    
910     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
911     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
912 maya 3003 session_buf + host_key_bytes);
913 yutakakn 2728 memcpy(session_buf + server_key_bytes + host_key_bytes,
914 maya 3003 pvar->crypt_state.server_cookie, 8);
915 yutakakn 2728 MD5(session_buf, session_buf_len, session_id);
916    
917     free(session_buf);
918    
919     RAND_bytes(pvar->crypt_state.sender_cipher_key,
920 maya 3003 SSH_SESSION_KEY_LENGTH);
921 yutakakn 2728 memcpy(pvar->crypt_state.receiver_cipher_key,
922 maya 3003 pvar->crypt_state.sender_cipher_key,
923     SSH_SESSION_KEY_LENGTH);
924 yutakakn 2728
925     memcpy(encrypted_key_buf + encrypted_key_bytes -
926 maya 3003 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
927     SSH_SESSION_KEY_LENGTH);
928 yutakakn 2728 for (i = 0; i < sizeof(session_id); i++) {
929     encrypted_key_buf[encrypted_key_bytes -
930 maya 3003 SSH_SESSION_KEY_LENGTH + i]
931 yutakakn 2728 ^= session_id[i];
932     }
933    
934     if (host_key_bits > server_key_bits) {
935     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
936 maya 3003 encrypted_key_buf +
937     encrypted_key_bytes -
938     SSH_SESSION_KEY_LENGTH,
939     encrypted_key_buf +
940     encrypted_key_bytes - server_key_bytes,
941     pvar->crypt_state.server_key.RSA_key,
942     RSA_PKCS1_PADDING) < 0)
943 yutakakn 2728 return 0;
944    
945     if (RSA_public_encrypt(server_key_bytes,
946 maya 3003 encrypted_key_buf +
947     encrypted_key_bytes - server_key_bytes,
948     encrypted_key_buf,
949     pvar->crypt_state.host_key.RSA_key,
950     RSA_PKCS1_PADDING) < 0)
951 yutakakn 2728 return 0;
952     } else {
953     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
954 maya 3003 encrypted_key_buf +
955     encrypted_key_bytes -
956     SSH_SESSION_KEY_LENGTH,
957     encrypted_key_buf +
958     encrypted_key_bytes - host_key_bytes,
959     pvar->crypt_state.host_key.RSA_key,
960     RSA_PKCS1_PADDING) < 0)
961 yutakakn 2728 return 0;
962    
963     if (RSA_public_encrypt(host_key_bytes,
964 maya 3003 encrypted_key_buf +
965     encrypted_key_bytes - host_key_bytes,
966     encrypted_key_buf,
967     pvar->crypt_state.server_key.RSA_key,
968     RSA_PKCS1_PADDING) < 0)
969 yutakakn 2728 return 0;
970     }
971     }
972    
973     return 1;
974     }
975    
976     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
977 maya 3003 unsigned char FAR * challenge,
978     int challenge_len,
979     unsigned char FAR * response)
980 yutakakn 2728 {
981     int server_key_bits =
982     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
983     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
984     int server_key_bytes = (server_key_bits + 7) / 8;
985     int host_key_bytes = (host_key_bits + 7) / 8;
986     int session_buf_len = server_key_bytes + host_key_bytes + 8;
987     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
988     char decrypted_challenge[48];
989     int decrypted_challenge_len;
990    
991     decrypted_challenge_len =
992     RSA_private_decrypt(challenge_len, challenge, challenge,
993 maya 3003 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
994     RSA_PKCS1_PADDING);
995 yutakakn 2728 if (decrypted_challenge_len < 0) {
996     free(session_buf);
997     return 0;
998     }
999     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1000     memcpy(decrypted_challenge,
1001 maya 3003 challenge + decrypted_challenge_len -
1002     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1003 yutakakn 2728 } else {
1004     memset(decrypted_challenge, 0,
1005 maya 3003 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1006 yutakakn 2728 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1007 maya 3003 decrypted_challenge_len, challenge,
1008     decrypted_challenge_len);
1009 yutakakn 2728 }
1010    
1011     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1012     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1013 maya 3003 session_buf + host_key_bytes);
1014 yutakakn 2728 memcpy(session_buf + server_key_bytes + host_key_bytes,
1015 maya 3003 pvar->crypt_state.server_cookie, 8);
1016 yutakakn 2728 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1017    
1018     free(session_buf);
1019    
1020     MD5(decrypted_challenge, 48, response);
1021    
1022     return 1;
1023     }
1024    
1025     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1026     {
1027     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1028     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1029     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1030     memset(state->ivec1, 0, 8);
1031     memset(state->ivec2, 0, 8);
1032     memset(state->ivec3, 0, 8);
1033     }
1034    
1035     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1036     {
1037     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1038     memset(state->ivec, 0, 8);
1039     }
1040    
1041     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1042     {
1043     idea_set_encrypt_key(session_key, &state->k);
1044     memset(state->ivec, 0, 8);
1045     }
1046    
1047     static void cBlowfish_init(char FAR * session_key,
1048 maya 3003 CipherBlowfishState FAR * state)
1049 yutakakn 2728 {
1050     BF_set_key(&state->k, 32, session_key);
1051     memset(state->ivec, 0, 8);
1052     }
1053    
1054    
1055     //
1056     // SSH2�p�A���S���Y����������
1057     //
1058     // for SSH2(yutaka)
1059     //
1060 maya 3003 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1061     const u_char *key, u_int keylen,
1062     const u_char *iv, u_int ivlen,
1063     int encrypt,
1064     const EVP_CIPHER *(*func)(void))
1065 yutakakn 2728 {
1066     EVP_CIPHER *type;
1067     int klen;
1068    
1069     type = (EVP_CIPHER *)func();
1070    
1071     EVP_CIPHER_CTX_init(evp);
1072     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1073     // TODO:
1074     }
1075    
1076     klen = EVP_CIPHER_CTX_key_length(evp);
1077     if (klen > 0 && keylen != klen) {
1078     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1079     // TODO:
1080     }
1081     }
1082     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1083     // TODO:
1084     }
1085     }
1086    
1087    
1088     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1089     {
1090     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1091     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1092     BOOL isOK = TRUE;
1093    
1094     if (sender_flag) {
1095     switch (pvar->crypt_state.sender_cipher) {
1096     // for SSH2(yutaka)
1097     case SSH_CIPHER_3DES_CBC:
1098     {
1099     struct Enc *enc;
1100    
1101     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1102 maya 3003 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1103 maya 3036 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1104     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1105 maya 3003 CIPHER_ENCRYPT,
1106 maya 3036 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1107 yutakakn 2728
1108 maya 3036 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1109     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1110 yutakakn 2728
1111     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1112     break;
1113     }
1114    
1115     // for SSH2(yutaka)
1116     case SSH_CIPHER_AES128:
1117 maya 3039 case SSH_CIPHER_AES192:
1118 maya 3036 case SSH_CIPHER_AES256:
1119 yutakakn 2728 {
1120     struct Enc *enc;
1121    
1122     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1123 maya 3036 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1124     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1125     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1126 maya 3003 CIPHER_ENCRYPT,
1127 maya 3036 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1128 yutakakn 2728
1129 maya 3036 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1130     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1131 yutakakn 2728
1132     pvar->crypt_state.encrypt = cAES128_encrypt;
1133     break;
1134     }
1135    
1136     case SSH_CIPHER_3DES:{
1137     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1138     pvar->crypt_state.encrypt = c3DES_encrypt;
1139     break;
1140     }
1141     case SSH_CIPHER_IDEA:{
1142     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1143     pvar->crypt_state.encrypt = cIDEA_encrypt;
1144     break;
1145     }
1146     case SSH_CIPHER_DES:{
1147     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1148     pvar->crypt_state.encrypt = cDES_encrypt;
1149     break;
1150     }
1151     case SSH_CIPHER_RC4:{
1152     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1153     encryption_key + 16);
1154     pvar->crypt_state.encrypt = cRC4_encrypt;
1155     break;
1156     }
1157     case SSH_CIPHER_BLOWFISH:{
1158     cBlowfish_init(encryption_key,
1159 maya 3003 &pvar->crypt_state.enc.cBlowfish);
1160 yutakakn 2728 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1161     break;
1162     }
1163     default:
1164     isOK = FALSE;
1165     }
1166     }
1167    
1168    
1169     if (receiver_flag) {
1170     switch (pvar->crypt_state.receiver_cipher) {
1171     // for SSH2(yutaka)
1172     case SSH_CIPHER_3DES_CBC:
1173     {
1174     struct Enc *enc;
1175    
1176     enc = &pvar->ssh2_keys[MODE_IN].enc;
1177 maya 3036 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1178     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1179     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1180 maya 3003 CIPHER_DECRYPT,
1181 maya 3036 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1182 yutakakn 2728
1183     //debug_print(12, enc->key, 24);
1184     //debug_print(13, enc->iv, 24);
1185    
1186     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1187     break;
1188     }
1189    
1190     // for SSH2(yutaka)
1191     case SSH_CIPHER_AES128:
1192 maya 3039 case SSH_CIPHER_AES192:
1193 maya 3036 case SSH_CIPHER_AES256:
1194 yutakakn 2728 {
1195     struct Enc *enc;
1196    
1197     enc = &pvar->ssh2_keys[MODE_IN].enc;
1198 maya 3036 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1199     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1200     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1201 maya 3003 CIPHER_DECRYPT,
1202 maya 3036 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1203 yutakakn 2728
1204     //debug_print(12, enc->key, 24);
1205     //debug_print(13, enc->iv, 24);
1206    
1207     pvar->crypt_state.decrypt = cAES128_decrypt;
1208     break;
1209     }
1210    
1211     case SSH_CIPHER_3DES:{
1212     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1213     pvar->crypt_state.decrypt = c3DES_decrypt;
1214     break;
1215     }
1216     case SSH_CIPHER_IDEA:{
1217     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1218     pvar->crypt_state.decrypt = cIDEA_decrypt;
1219     break;
1220     }
1221     case SSH_CIPHER_DES:{
1222     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1223     pvar->crypt_state.decrypt = cDES_decrypt;
1224     break;
1225     }
1226     case SSH_CIPHER_RC4:{
1227     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1228     pvar->crypt_state.decrypt = cRC4_decrypt;
1229     break;
1230     }
1231     case SSH_CIPHER_BLOWFISH:{
1232     cBlowfish_init(decryption_key,
1233 maya 3003 &pvar->crypt_state.dec.cBlowfish);
1234 yutakakn 2728 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1235     break;
1236     }
1237     default:
1238     isOK = FALSE;
1239     }
1240     }
1241    
1242    
1243     if (!isOK) {
1244 maya 2994 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1245 maya 3003 "No cipher selected!");
1246 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
1247 yutakakn 2728 return FALSE;
1248     } else {
1249     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1250     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1251     return TRUE;
1252     }
1253     }
1254    
1255     void CRYPT_init(PTInstVar pvar)
1256     {
1257     pvar->crypt_state.encrypt = no_encrypt;
1258     pvar->crypt_state.decrypt = no_encrypt;
1259     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1260     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1261     pvar->crypt_state.server_key.RSA_key = NULL;
1262     pvar->crypt_state.host_key.RSA_key = NULL;
1263    
1264     pvar->crypt_state.detect_attack_statics.h = NULL;
1265     pvar->crypt_state.detect_attack_statics.n =
1266     HASH_MINSIZE / HASH_ENTRYSIZE;
1267     }
1268    
1269     static char FAR *get_cipher_name(int cipher)
1270     {
1271     switch (cipher) {
1272     case SSH_CIPHER_NONE:
1273     return "None";
1274     case SSH_CIPHER_3DES:
1275     return "3DES (168 key bits)";
1276     case SSH_CIPHER_DES:
1277     return "DES (56 key bits)";
1278     case SSH_CIPHER_IDEA:
1279     return "IDEA (128 key bits)";
1280     case SSH_CIPHER_RC4:
1281     return "RC4 (128 key bits)";
1282     case SSH_CIPHER_BLOWFISH:
1283     return "Blowfish (256 key bits)";
1284    
1285     // SSH2
1286     case SSH_CIPHER_3DES_CBC:
1287     return "3DES-CBC";
1288     case SSH_CIPHER_AES128:
1289     return "AES128";
1290 maya 3039 case SSH_CIPHER_AES192:
1291     return "AES192";
1292 maya 3036 case SSH_CIPHER_AES256:
1293     return "AES256";
1294 yutakakn 2728
1295     default:
1296     return "Unknown";
1297     }
1298     }
1299    
1300     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1301     {
1302 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1303 maya 3003 "%s to server, %s from server");
1304 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1305 maya 3003 get_cipher_name(pvar->crypt_state.sender_cipher),
1306     get_cipher_name(pvar->crypt_state.receiver_cipher));
1307 yutakakn 2728 }
1308    
1309     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1310     {
1311     if (SSHv1(pvar)) {
1312     if (pvar->crypt_state.server_key.RSA_key == NULL
1313 maya 3003 || pvar->crypt_state.host_key.RSA_key == NULL) {
1314 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1315 maya 2992 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1316 yutakakn 2728 } else {
1317 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1318 maya 3003 "%d-bit server key, %d-bit host key");
1319 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1320 maya 3003 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1321     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1322 yutakakn 2728 }
1323     } else { // SSH2
1324 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1325 maya 3003 "%d-bit server key, %d-bit host key");
1326 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1327 maya 3003 pvar->server_key_bits,
1328     pvar->client_key_bits);
1329 yutakakn 2728 }
1330     }
1331    
1332     static void destroy_public_key(CRYPTPublicKey FAR * key)
1333     {
1334     if (key->RSA_key != NULL) {
1335     RSA_free(key->RSA_key);
1336     key->RSA_key = NULL;
1337     }
1338     }
1339    
1340     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1341     {
1342     destroy_public_key(key);
1343     free(key);
1344     }
1345    
1346     void CRYPT_end(PTInstVar pvar)
1347     {
1348     destroy_public_key(&pvar->crypt_state.host_key);
1349     destroy_public_key(&pvar->crypt_state.server_key);
1350    
1351     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1352     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1353 maya 3003 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1354 yutakakn 2728 free(pvar->crypt_state.detect_attack_statics.h);
1355     }
1356    
1357     memset(pvar->crypt_state.sender_cipher_key, 0,
1358 maya 3003 sizeof(pvar->crypt_state.sender_cipher_key));
1359 yutakakn 2728 memset(pvar->crypt_state.receiver_cipher_key, 0,
1360 maya 3003 sizeof(pvar->crypt_state.receiver_cipher_key));
1361 yutakakn 2728 memset(pvar->crypt_state.server_cookie, 0,
1362 maya 3003 sizeof(pvar->crypt_state.server_cookie));
1363 yutakakn 2728 memset(pvar->crypt_state.client_cookie, 0,
1364 maya 3003 sizeof(pvar->crypt_state.client_cookie));
1365 yutakakn 2728 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1366     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1367     }
1368    
1369     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1370 maya 3003 char FAR * buf, int bytes)
1371 yutakakn 2728 {
1372     unsigned char passphrase_key[16];
1373    
1374     MD5(passphrase, strlen(passphrase), passphrase_key);
1375    
1376     switch (cipher) {
1377     case SSH_CIPHER_3DES:{
1378     Cipher3DESState state;
1379    
1380     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1381 maya 3003 &state.k1);
1382 yutakakn 2728 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1383 maya 3003 &state.k2);
1384 yutakakn 2728 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1385 maya 3003 &state.k3);
1386 yutakakn 2728 memset(state.ivec1, 0, 8);
1387     memset(state.ivec2, 0, 8);
1388     memset(state.ivec3, 0, 8);
1389     DES_ncbc_encrypt(buf, buf, bytes,
1390 maya 3003 &state.k3, &state.ivec3, DES_DECRYPT);
1391 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
1392 maya 3003 &state.k2, &state.ivec2, DES_ENCRYPT);
1393 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
1394 maya 3003 &state.k1, &state.ivec1, DES_DECRYPT);
1395 yutakakn 2728 break;
1396     }
1397    
1398     case SSH_CIPHER_IDEA:{
1399     CipherIDEAState state;
1400     int num = 0;
1401    
1402     cIDEA_init(passphrase_key, &state);
1403     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1404 maya 3003 &num, IDEA_DECRYPT);
1405 yutakakn 2728 break;
1406     }
1407    
1408     case SSH_CIPHER_DES:{
1409     CipherDESState state;
1410    
1411     cDES_init(passphrase_key, &state);
1412     DES_ncbc_encrypt(buf, buf, bytes,
1413 maya 3003 &state.k, &state.ivec, DES_DECRYPT);
1414 yutakakn 2728 break;
1415     }
1416    
1417     case SSH_CIPHER_RC4:{
1418     CipherRC4State state;
1419     int num = 0;
1420    
1421     RC4_set_key(&state.k, 16, passphrase_key);
1422     RC4(&state.k, bytes, buf, buf);
1423     break;
1424     }
1425    
1426     case SSH_CIPHER_BLOWFISH:{
1427     CipherBlowfishState state;
1428    
1429     BF_set_key(&state.k, 16, passphrase_key);
1430     memset(state.ivec, 0, 8);
1431     flip_endianness(buf, bytes);
1432     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1433     BF_DECRYPT);
1434     flip_endianness(buf, bytes);
1435     break;
1436     }
1437    
1438     case SSH_CIPHER_NONE:
1439     break;
1440    
1441     default:
1442     memset(passphrase_key, 0, sizeof(passphrase_key));
1443     return 0;
1444     }
1445    
1446     memset(passphrase_key, 0, sizeof(passphrase_key));
1447     return 1;
1448     }
1449    
1450     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1451     {
1452 yutakakn 2762 if (key_pair->RSA_key != NULL)
1453     RSA_free(key_pair->RSA_key);
1454    
1455     if (key_pair->DSA_key != NULL)
1456     DSA_free(key_pair->DSA_key);
1457    
1458 yutakakn 2728 free(key_pair);
1459     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help