Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3159 - (hide annotations) (download) (as text)
Tue Nov 18 06:24:09 2008 UTC (15 years, 4 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 45610 byte(s) 
SSH2 の AES CTR をサポート(yasuhide)
http://jvn.jp/niscc/CPNI-957037/
1 yutakakn 2728 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40 yutakakn 2831 #include <openssl/dsa.h>
41 yutakakn 2728 #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51 maya 3159 * $Id: crypt.c,v 1.24 2008-11-18 06:24:09 maya Exp $ Cryptographic attack
52 yutakakn 2728 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 maya 3003 uint32 len, unsigned char FAR * IV)
88 yutakakn 2728 {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116 maya 3003 unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118 yutakakn 2728 {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 maya 3003 int bytes)
192 yutakakn 2728 {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 maya 3003 buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202 yutakakn 2728 default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 maya 3003 buf, bytes, NULL) == DEATTACK_DETECTED;
205 yutakakn 2728 }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217 maya 3039 // ���O�������������������������������AAES192, AES256 ����
218 maya 3036 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 yutakakn 2728 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 maya 3003 int bytes)
221 yutakakn 2728 {
222     unsigned char *newbuf = malloc(bytes);
223     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224    
225     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226     if (bytes == 0)
227 yutakapon 3118 goto error;
228 yutakakn 2728
229     if (newbuf == NULL)
230     return;
231    
232     if (bytes % block_size) {
233     char tmp[80];
234 maya 2994 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 maya 3158 "AES128/192/256 encrypt error(1): bytes %d (%d)");
236 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 maya 3003 pvar->ts->UIMsg, bytes, block_size);
238 yutakakn 2728 notify_fatal_error(pvar, tmp);
239     goto error;
240     }
241    
242     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 maya 2994 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 maya 3158 "AES128/192/256 encrypt error(2)");
245 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 maya 3043 goto error;
247 yutakakn 2728
248     } else {
249 maya 3046 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253    
254     //debug_print(50, key, 24);
255     //debug_print(51, iv, 8);
256     //debug_print(52, buf, bytes);
257     //debug_print(53, newbuf, bytes);
258    
259 maya 3045 memcpy(buf, newbuf, bytes);
260 yutakakn 2728 }
261    
262     error:
263     free(newbuf);
264     }
265    
266     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 maya 3003 int bytes)
268 yutakakn 2728 {
269     unsigned char *newbuf = malloc(bytes);
270     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271    
272     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
273     if (bytes == 0)
274 yutakapon 3118 goto error;
275 yutakakn 2728
276     if (newbuf == NULL)
277     return;
278    
279     if (bytes % block_size) {
280     char tmp[80];
281 maya 2994 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 maya 3158 "AES128/192/256 decrypt error(1): bytes %d (%d)");
283 maya 2992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 yutakakn 2728 notify_fatal_error(pvar, tmp);
285     goto error;
286     }
287    
288     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 maya 2994 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 maya 3158 "AES128/192/256 decrypt error(2)");
291 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 maya 3043 goto error;
293 yutakakn 2728
294     } else {
295 maya 3046 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299    
300     //debug_print(70, key, AES128_KEYLEN);
301     //debug_print(71, iv, AES128_IVLEN);
302     //debug_print(72, buf, bytes);
303     //debug_print(73, newbuf, bytes);
304    
305 maya 3045 memcpy(buf, newbuf, bytes);
306 yutakakn 2728 }
307    
308 maya 3043 error:
309 yutakakn 2728 free(newbuf);
310     }
311    
312    
313    
314     // for SSH2(yutaka)
315     static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 maya 3003 int bytes)
317 yutakakn 2728 {
318     unsigned char *newbuf = malloc(bytes);
319 maya 3046 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320 yutakakn 2728
321 maya 3046 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
322     if (bytes == 0)
323 yutakapon 3118 goto error;
324 maya 3046
325 yutakakn 2728 if (newbuf == NULL)
326     return;
327    
328 maya 3046 if (bytes % block_size) {
329     char tmp[80];
330     UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331     "3DES-CBC encrypt error(1): bytes %d (%d)");
332     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333     pvar->ts->UIMsg, bytes, block_size);
334     notify_fatal_error(pvar, tmp);
335     goto error;
336     }
337    
338 maya 3043 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 maya 3046 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340     "3DES-CBC encrypt error(2)");
341 maya 3043 notify_fatal_error(pvar, pvar->ts->UIMsg);
342     goto error;
343 yutakakn 2728
344     } else {
345 maya 3045 //unsigned char key[24], iv[8];
346 maya 3043 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 yutakakn 2728 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
348 maya 3043 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349 yutakakn 2728
350     //debug_print(50, key, 24);
351     //debug_print(51, iv, 8);
352     //debug_print(52, buf, bytes);
353     //debug_print(53, newbuf, bytes);
354    
355     memcpy(buf, newbuf, bytes);
356     }
357    
358 maya 3043 error:
359 yutakakn 2728 free(newbuf);
360     }
361    
362     static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
363 maya 3003 int bytes)
364 yutakakn 2728 {
365     unsigned char *newbuf = malloc(bytes);
366 maya 3046 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367 yutakakn 2728
368 maya 3046 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369     if (bytes == 0)
370 yutakapon 3118 goto error;
371 maya 3046
372 yutakakn 2728 if (newbuf == NULL)
373     return;
374    
375 maya 3046 if (bytes % block_size) {
376     char tmp[80];
377     UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378     "3DES-CBC decrypt error(1): bytes %d (%d)");
379     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380     notify_fatal_error(pvar, tmp);
381     goto error;
382     }
383    
384 yutakakn 2728 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 maya 3046 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386     "3DES-CBC decrypt error(2)");
387 maya 3043 notify_fatal_error(pvar, pvar->ts->UIMsg);
388     goto error;
389 yutakakn 2728
390     } else {
391 maya 3045 //unsigned char key[24], iv[8];
392 maya 3043 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 yutakakn 2728 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 maya 3043 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395 yutakakn 2728
396     //debug_print(70, key, 24);
397     //debug_print(71, iv, 8);
398     //debug_print(72, buf, bytes);
399     //debug_print(73, newbuf, bytes);
400    
401     memcpy(buf, newbuf, bytes);
402     }
403    
404 maya 3043 error:
405 yutakakn 2728 free(newbuf);
406     }
407    
408    
409 maya 3045 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410     int bytes)
411     {
412     unsigned char *newbuf = malloc(bytes);
413     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414    
415     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
416     if (bytes == 0)
417 yutakapon 3118 goto error;
418 maya 3045
419     if (newbuf == NULL)
420     return;
421    
422 maya 3046 if (bytes % block_size) {
423     char tmp[80];
424     UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425     "Blowfish encrypt error(1): bytes %d (%d)");
426     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427     pvar->ts->UIMsg, bytes, block_size);
428     notify_fatal_error(pvar, tmp);
429     goto error;
430     }
431    
432 maya 3045 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 maya 3046 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434     "Blowfish encrypt error(2)");
435 maya 3045 notify_fatal_error(pvar, pvar->ts->UIMsg);
436     goto error;
437    
438     } else {
439     memcpy(buf, newbuf, bytes);
440    
441     }
442    
443     error:
444     free(newbuf);
445     }
446    
447     static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448     int bytes)
449     {
450     unsigned char *newbuf = malloc(bytes);
451     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452    
453     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
454     if (bytes == 0)
455 yutakapon 3118 goto error;
456 maya 3045
457     if (newbuf == NULL)
458     return;
459    
460 maya 3046 if (bytes % block_size) {
461     char tmp[80];
462     UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463     "Blowfish decrypt error(1): bytes %d (%d)");
464     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465     notify_fatal_error(pvar, tmp);
466     goto error;
467     }
468    
469 maya 3045 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 maya 3046 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471     "Blowfish decrypt error(2)");
472 maya 3045 notify_fatal_error(pvar, pvar->ts->UIMsg);
473     goto error;
474    
475     } else {
476     memcpy(buf, newbuf, bytes);
477    
478     }
479    
480     error:
481     free(newbuf);
482     }
483    
484    
485    
486 yutakakn 2728 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
487 maya 3003 int bytes)
488 yutakakn 2728 {
489     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
490    
491     DES_ncbc_encrypt(buf, buf, bytes,
492 maya 3003 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
493 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
494 maya 3003 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
495 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
496 maya 3003 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
497 yutakakn 2728 }
498    
499     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
500 maya 3003 int bytes)
501 yutakakn 2728 {
502     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
503    
504     DES_ncbc_encrypt(buf, buf, bytes,
505 maya 3003 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
506 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
507 maya 3003 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
508 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
509 maya 3003 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
510 yutakakn 2728 }
511    
512     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
513     int bytes)
514     {
515     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
516    
517     DES_ncbc_encrypt(buf, buf, bytes,
518 maya 3003 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
519 yutakakn 2728 }
520    
521     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
522     int bytes)
523     {
524     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
525    
526     DES_ncbc_encrypt(buf, buf, bytes,
527 maya 3003 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
528 yutakakn 2728 }
529    
530     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531 maya 3003 int bytes)
532 yutakakn 2728 {
533     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
534     int num = 0;
535    
536     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
537 maya 3003 encryptstate->ivec, &num, IDEA_ENCRYPT);
538 yutakakn 2728 }
539    
540     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
541 maya 3003 int bytes)
542 yutakakn 2728 {
543     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
544     int num = 0;
545    
546     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
547 maya 3003 decryptstate->ivec, &num, IDEA_DECRYPT);
548 yutakakn 2728 }
549    
550     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
551     {
552     uint32 FAR *buf = (uint32 FAR *) cbuf;
553     int count = bytes / 4;
554    
555     while (count > 0) {
556     uint32 w = *buf;
557    
558     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
559 maya 3003 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
560 yutakakn 2728 count--;
561     buf++;
562     }
563     }
564    
565     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
566 maya 3003 int bytes)
567 yutakakn 2728 {
568     CipherBlowfishState FAR *encryptstate =
569     &pvar->crypt_state.enc.cBlowfish;
570    
571     flip_endianness(buf, bytes);
572     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
573 maya 3003 BF_ENCRYPT);
574 yutakakn 2728 flip_endianness(buf, bytes);
575     }
576    
577     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
578 maya 3003 int bytes)
579 yutakakn 2728 {
580     CipherBlowfishState FAR *decryptstate =
581     &pvar->crypt_state.dec.cBlowfish;
582    
583     flip_endianness(buf, bytes);
584     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
585 maya 3003 BF_DECRYPT);
586 yutakakn 2728 flip_endianness(buf, bytes);
587     }
588    
589     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
590 maya 3003 int bytes)
591 yutakakn 2728 {
592     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
593     int num = 0;
594    
595     RC4(&encryptstate->k, bytes, buf, buf);
596     }
597    
598     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
599 maya 3003 int bytes)
600 yutakakn 2728 {
601     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
602     int num = 0;
603    
604     RC4(&decryptstate->k, bytes, buf, buf);
605     }
606    
607     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
608 maya 3003 int bytes)
609 yutakakn 2728 {
610     RAND_bytes(buf, bytes);
611     }
612    
613     void CRYPT_initialize_random_numbers(PTInstVar pvar)
614     {
615     RAND_screen();
616     }
617    
618     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
619     {
620     int bits = get_ushort16_MSBfirst(bytes);
621    
622     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
623     }
624    
625 yutakakn 2857 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
626     RSA FAR *make_key(PTInstVar pvar,
627 maya 3003 int bits, unsigned char FAR * exp,
628     unsigned char FAR * mod)
629 yutakakn 2728 {
630     RSA FAR *key = RSA_new();
631    
632     if (key != NULL) {
633     key->e = get_bignum(exp);
634     key->n = get_bignum(mod);
635     }
636    
637     if (key == NULL || key->e == NULL || key->n == NULL) {
638 maya 2994 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
639 maya 3003 "Error setting up RSA keys");
640 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
641 yutakakn 2728
642     if (key != NULL) {
643     if (key->e != NULL) {
644     BN_free(key->e);
645     }
646     if (key->n != NULL) {
647     BN_free(key->n);
648     }
649     RSA_free(key);
650     }
651    
652     return NULL;
653     } else {
654     return key;
655     }
656     }
657    
658     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
659     {
660     if (SSHv1(pvar)) {
661     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
662     } else {
663     memcpy(pvar->crypt_state.server_cookie, cookie,
664 maya 3003 SSH2_COOKIE_LENGTH);
665 yutakakn 2728 }
666     }
667    
668     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
669     {
670     if (SSHv2(pvar)) {
671     memcpy(pvar->crypt_state.client_cookie, cookie,
672 maya 3003 SSH2_COOKIE_LENGTH);
673 yutakakn 2728 }
674     }
675    
676     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
677 maya 3003 int bits, unsigned char FAR * exp,
678     unsigned char FAR * mod)
679 yutakakn 2728 {
680     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
681    
682     return pvar->crypt_state.server_key.RSA_key != NULL;
683     }
684    
685     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
686 maya 3003 int bits, unsigned char FAR * exp,
687     unsigned char FAR * mod)
688 yutakakn 2728 {
689     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
690    
691     return pvar->crypt_state.host_key.RSA_key != NULL;
692     }
693    
694     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
695 maya 3003 int receiver_ciphers)
696 yutakakn 2728 {
697     int cipher_mask;
698    
699     if (SSHv1(pvar)) {
700     cipher_mask = (1 << SSH_CIPHER_DES)
701 maya 3003 | (1 << SSH_CIPHER_3DES)
702     | (1 << SSH_CIPHER_BLOWFISH);
703 yutakakn 2728
704     } else { // for SSH2(yutaka)
705     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
706 maya 3045 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
707 maya 3157 | (1 << SSH2_CIPHER_AES128_CBC)
708 maya 3159 | (1 << SSH2_CIPHER_AES192_CBC)
709     | (1 << SSH2_CIPHER_AES256_CBC)
710 maya 3157 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
711 maya 3159 | (1 << SSH2_CIPHER_AES128_CTR)
712     | (1 << SSH2_CIPHER_AES192_CTR)
713     | (1 << SSH2_CIPHER_AES256_CTR);
714 yutakakn 2728 }
715    
716     sender_ciphers &= cipher_mask;
717     receiver_ciphers &= cipher_mask;
718     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
719     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
720    
721     if (sender_ciphers == 0) {
722 maya 2994 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
723 maya 3003 "The server does not support any of the TTSSH encryption algorithms.\n"
724     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
725     "The connection will be closed.");
726 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
727 yutakakn 2728 return FALSE;
728     } else if (receiver_ciphers == 0) {
729 maya 2994 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
730 maya 3003 "The server does not support any of the TTSSH encryption algorithms.\n"
731     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
732     "The connection will be closed.");
733 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
734 yutakakn 2728 return FALSE;
735     } else {
736     return TRUE;
737     }
738     }
739    
740     int CRYPT_get_decryption_block_size(PTInstVar pvar)
741     {
742     if (SSHv1(pvar)) {
743     return 8;
744     } else {
745     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
746     // cf. 3DES=8, AES128=16
747     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
748     }
749     }
750    
751     int CRYPT_get_encryption_block_size(PTInstVar pvar)
752     {
753     if (SSHv1(pvar)) {
754     return 8;
755     } else {
756     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
757     // cf. 3DES=8, AES128=16
758     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
759     }
760     }
761    
762     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
763     {
764     struct Mac *mac;
765    
766     if (SSHv1(pvar)) {
767     return 0;
768    
769     } else { // for SSH2(yutaka)
770     mac = &pvar->ssh2_keys[MODE_IN].mac;
771     if (mac == NULL || mac->enabled == 0)
772     return 0;
773    
774     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
775     }
776    
777     }
778    
779 yutakakn 2757 // HMAC������
780     // ���{������ SSH2 �������g�p�������B
781     // (2004.12.17 yutaka)
782 yutakakn 2728 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
783 maya 3003 char FAR * data, int len, char FAR * MAC)
784 yutakakn 2728 {
785 maya 3003 HMAC_CTX c;
786     unsigned char m[EVP_MAX_MD_SIZE];
787     unsigned char b[4];
788 yutakakn 2757 struct Mac *mac;
789    
790     mac = &pvar->ssh2_keys[MODE_IN].mac;
791    
792     // HMAC�������L���������������A����OK�����������B
793     if (mac == NULL || mac->enabled == 0)
794     return TRUE;
795    
796 maya 3003 if (mac->key == NULL)
797 yutakakn 2757 goto error;
798    
799 maya 3003 if ((u_int)mac->mac_len > sizeof(m))
800 yutakakn 2757 goto error;
801    
802 maya 3003 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
803     set_uint32_MSBfirst(b, sequence_number);
804     HMAC_Update(&c, b, sizeof(b));
805     HMAC_Update(&c, data, len);
806     HMAC_Final(&c, m, NULL);
807     HMAC_cleanup(&c);
808 yutakakn 2757
809     if (memcmp(m, MAC, mac->mac_len)) {
810     goto error;
811     }
812    
813 yutakakn 2728 return TRUE;
814 yutakakn 2757
815     error:
816     return FALSE;
817 yutakakn 2728 }
818    
819     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
820     {
821     struct Mac *mac;
822    
823     if (SSHv2(pvar)) { // for SSH2(yutaka)
824     mac = &pvar->ssh2_keys[MODE_OUT].mac;
825     if (mac == NULL || mac->enabled == 0)
826     return 0;
827    
828     return (mac->mac_len);
829     }
830    
831     return 0;
832     }
833    
834     // for SSH2
835     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
836 maya 3003 char FAR * data, int len, char FAR * MAC)
837 yutakakn 2728 {
838 maya 3003 HMAC_CTX c;
839     static u_char m[EVP_MAX_MD_SIZE];
840 yutakakn 2728 u_char b[4];
841     struct Mac *mac;
842    
843     if (SSHv2(pvar)) { // for SSH2(yutaka)
844     mac = &pvar->ssh2_keys[MODE_OUT].mac;
845     if (mac == NULL || mac->enabled == 0)
846     return FALSE;
847 maya 3003
848     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
849 yutakakn 2728 set_uint32_MSBfirst(b, sequence_number);
850     HMAC_Update(&c, b, sizeof(b));
851     HMAC_Update(&c, data, len);
852     HMAC_Final(&c, m, NULL);
853     HMAC_cleanup(&c);
854    
855     // 20�o�C�g�������R�s�[
856     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
857     // memcpy(MAC, m, sizeof(m));
858    
859     return TRUE;
860     }
861    
862     return TRUE;
863    
864     }
865    
866     static int choose_cipher(PTInstVar pvar, int supported)
867     {
868     int i;
869    
870     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
871     int cipher = pvar->session_settings.CipherOrder[i] - '0';
872    
873     if (cipher == SSH_CIPHER_NONE) {
874     break;
875     } else if ((supported & (1 << cipher)) != 0) {
876     return cipher;
877     }
878     }
879    
880     return SSH_CIPHER_NONE;
881     }
882    
883     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
884     {
885     if (SSHv1(pvar)) {
886     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
887 maya 3003 pvar->crypt_state.
888     supported_sender_ciphers);
889 yutakakn 2728 pvar->crypt_state.receiver_cipher =
890     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
891    
892     } else { // SSH2(yutaka)
893     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
894     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
895    
896     }
897    
898     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
899     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
900 maya 2994 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
901 maya 3003 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
902     "To communicate with this server, you will have to enable some more ciphers\n"
903 doda 3134 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
904 maya 3003 "This connection will now close.");
905 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
906 yutakakn 2728 return FALSE;
907     } else {
908     return TRUE;
909     }
910     }
911    
912     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
913     {
914     int server_key_bits =
915     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
916     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
917     int server_key_bytes = (server_key_bits + 7) / 8;
918     int host_key_bytes = (host_key_bits + 7) / 8;
919    
920     if (server_key_bits < host_key_bits) {
921     return host_key_bytes;
922     } else {
923     return server_key_bytes;
924     }
925     }
926    
927     int CRYPT_choose_session_key(PTInstVar pvar,
928 maya 3003 unsigned char FAR * encrypted_key_buf)
929 yutakakn 2728 {
930     int server_key_bits =
931     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
932     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
933     int server_key_bytes = (server_key_bits + 7) / 8;
934     int host_key_bytes = (host_key_bits + 7) / 8;
935     int encrypted_key_bytes;
936     int bit_delta;
937    
938     if (server_key_bits < host_key_bits) {
939     encrypted_key_bytes = host_key_bytes;
940     bit_delta = host_key_bits - server_key_bits;
941     } else {
942     encrypted_key_bytes = server_key_bytes;
943     bit_delta = server_key_bits - host_key_bits;
944     }
945    
946     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
947 maya 2994 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
948 maya 3003 "Server RSA keys are too weak. A secure connection cannot be established.");
949 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
950 yutakakn 2728 return 0;
951     } else {
952     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
953     for the session ID, rather than the one specified in the RFC */
954     int session_buf_len = server_key_bytes + host_key_bytes + 8;
955     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
956     char session_id[16];
957     int i;
958    
959     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
960     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
961 maya 3003 session_buf + host_key_bytes);
962 yutakakn 2728 memcpy(session_buf + server_key_bytes + host_key_bytes,
963 maya 3003 pvar->crypt_state.server_cookie, 8);
964 yutakakn 2728 MD5(session_buf, session_buf_len, session_id);
965    
966     free(session_buf);
967    
968     RAND_bytes(pvar->crypt_state.sender_cipher_key,
969 maya 3003 SSH_SESSION_KEY_LENGTH);
970 yutakakn 2728 memcpy(pvar->crypt_state.receiver_cipher_key,
971 maya 3003 pvar->crypt_state.sender_cipher_key,
972     SSH_SESSION_KEY_LENGTH);
973 yutakakn 2728
974     memcpy(encrypted_key_buf + encrypted_key_bytes -
975 maya 3003 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
976     SSH_SESSION_KEY_LENGTH);
977 yutakakn 2728 for (i = 0; i < sizeof(session_id); i++) {
978     encrypted_key_buf[encrypted_key_bytes -
979 maya 3003 SSH_SESSION_KEY_LENGTH + i]
980 yutakakn 2728 ^= session_id[i];
981     }
982    
983     if (host_key_bits > server_key_bits) {
984     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
985 maya 3003 encrypted_key_buf +
986     encrypted_key_bytes -
987     SSH_SESSION_KEY_LENGTH,
988     encrypted_key_buf +
989     encrypted_key_bytes - server_key_bytes,
990     pvar->crypt_state.server_key.RSA_key,
991     RSA_PKCS1_PADDING) < 0)
992 yutakakn 2728 return 0;
993    
994     if (RSA_public_encrypt(server_key_bytes,
995 maya 3003 encrypted_key_buf +
996     encrypted_key_bytes - server_key_bytes,
997     encrypted_key_buf,
998     pvar->crypt_state.host_key.RSA_key,
999     RSA_PKCS1_PADDING) < 0)
1000 yutakakn 2728 return 0;
1001     } else {
1002     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1003 maya 3003 encrypted_key_buf +
1004     encrypted_key_bytes -
1005     SSH_SESSION_KEY_LENGTH,
1006     encrypted_key_buf +
1007     encrypted_key_bytes - host_key_bytes,
1008     pvar->crypt_state.host_key.RSA_key,
1009     RSA_PKCS1_PADDING) < 0)
1010 yutakakn 2728 return 0;
1011    
1012     if (RSA_public_encrypt(host_key_bytes,
1013 maya 3003 encrypted_key_buf +
1014     encrypted_key_bytes - host_key_bytes,
1015     encrypted_key_buf,
1016     pvar->crypt_state.server_key.RSA_key,
1017     RSA_PKCS1_PADDING) < 0)
1018 yutakakn 2728 return 0;
1019     }
1020     }
1021    
1022     return 1;
1023     }
1024    
1025     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1026 maya 3003 unsigned char FAR * challenge,
1027     int challenge_len,
1028     unsigned char FAR * response)
1029 yutakakn 2728 {
1030     int server_key_bits =
1031     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1032     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1033     int server_key_bytes = (server_key_bits + 7) / 8;
1034     int host_key_bytes = (host_key_bits + 7) / 8;
1035     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1036     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1037     char decrypted_challenge[48];
1038     int decrypted_challenge_len;
1039    
1040     decrypted_challenge_len =
1041     RSA_private_decrypt(challenge_len, challenge, challenge,
1042 maya 3003 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1043     RSA_PKCS1_PADDING);
1044 yutakakn 2728 if (decrypted_challenge_len < 0) {
1045     free(session_buf);
1046     return 0;
1047     }
1048     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1049     memcpy(decrypted_challenge,
1050 maya 3003 challenge + decrypted_challenge_len -
1051     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1052 yutakakn 2728 } else {
1053     memset(decrypted_challenge, 0,
1054 maya 3003 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1055 yutakakn 2728 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1056 maya 3003 decrypted_challenge_len, challenge,
1057     decrypted_challenge_len);
1058 yutakakn 2728 }
1059    
1060     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1061     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1062 maya 3003 session_buf + host_key_bytes);
1063 yutakakn 2728 memcpy(session_buf + server_key_bytes + host_key_bytes,
1064 maya 3003 pvar->crypt_state.server_cookie, 8);
1065 yutakakn 2728 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1066    
1067     free(session_buf);
1068    
1069     MD5(decrypted_challenge, 48, response);
1070    
1071     return 1;
1072     }
1073    
1074     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1075     {
1076     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1077     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1078     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1079     memset(state->ivec1, 0, 8);
1080     memset(state->ivec2, 0, 8);
1081     memset(state->ivec3, 0, 8);
1082     }
1083    
1084     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1085     {
1086     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1087     memset(state->ivec, 0, 8);
1088     }
1089    
1090     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1091     {
1092     idea_set_encrypt_key(session_key, &state->k);
1093     memset(state->ivec, 0, 8);
1094     }
1095    
1096     static void cBlowfish_init(char FAR * session_key,
1097 maya 3003 CipherBlowfishState FAR * state)
1098 yutakakn 2728 {
1099     BF_set_key(&state->k, 32, session_key);
1100     memset(state->ivec, 0, 8);
1101     }
1102    
1103    
1104     //
1105     // SSH2�p�A���S���Y����������
1106     //
1107     // for SSH2(yutaka)
1108     //
1109 maya 3003 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1110     const u_char *key, u_int keylen,
1111     const u_char *iv, u_int ivlen,
1112     int encrypt,
1113 maya 3093 const EVP_CIPHER *type,
1114 maya 3043 PTInstVar pvar)
1115 yutakakn 2728 {
1116     int klen;
1117 maya 3043 char tmp[80];
1118 yutakakn 2728
1119     EVP_CIPHER_CTX_init(evp);
1120     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1121 maya 3043 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1122     "Cipher initialize error(%d)");
1123     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1124     notify_fatal_error(pvar, tmp);
1125     return;
1126 yutakakn 2728 }
1127    
1128     klen = EVP_CIPHER_CTX_key_length(evp);
1129     if (klen > 0 && keylen != klen) {
1130     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1131 maya 3043 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1132     "Cipher initialize error(%d)");
1133     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1134     notify_fatal_error(pvar, tmp);
1135     return;
1136 yutakakn 2728 }
1137     }
1138     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1139 maya 3043 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1140     "Cipher initialize error(%d)");
1141     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1142     notify_fatal_error(pvar, tmp);
1143     return;
1144 yutakakn 2728 }
1145     }
1146    
1147    
1148     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1149     {
1150     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1151     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1152     BOOL isOK = TRUE;
1153    
1154     if (sender_flag) {
1155     switch (pvar->crypt_state.sender_cipher) {
1156     // for SSH2(yutaka)
1157 maya 3045 case SSH2_CIPHER_3DES_CBC:
1158 yutakakn 2728 {
1159     struct Enc *enc;
1160    
1161     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1162 maya 3003 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1163 maya 3036 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1164     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1165 maya 3003 CIPHER_ENCRYPT,
1166 maya 3043 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1167     pvar);
1168 yutakakn 2728
1169 maya 3036 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1170     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1171 yutakakn 2728
1172     pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1173     break;
1174     }
1175    
1176     // for SSH2(yutaka)
1177 maya 3157 case SSH2_CIPHER_AES128_CBC:
1178     case SSH2_CIPHER_AES192_CBC:
1179     case SSH2_CIPHER_AES256_CBC:
1180 maya 3159 case SSH2_CIPHER_AES128_CTR:
1181     case SSH2_CIPHER_AES192_CTR:
1182     case SSH2_CIPHER_AES256_CTR:
1183 yutakakn 2728 {
1184     struct Enc *enc;
1185    
1186     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1187 maya 3036 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1188     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1189     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1190 maya 3003 CIPHER_ENCRYPT,
1191 maya 3043 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1192     pvar);
1193 yutakakn 2728
1194 maya 3036 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1195     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1196 yutakakn 2728
1197     pvar->crypt_state.encrypt = cAES128_encrypt;
1198     break;
1199     }
1200    
1201 maya 3157 case SSH2_CIPHER_BLOWFISH_CBC:
1202 maya 3045 {
1203     struct Enc *enc;
1204    
1205     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1206     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1207     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1208     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1209     CIPHER_ENCRYPT,
1210     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1211     pvar);
1212    
1213     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1214     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1215    
1216     pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1217     break;
1218     }
1219    
1220 yutakakn 2728 case SSH_CIPHER_3DES:{
1221     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1222     pvar->crypt_state.encrypt = c3DES_encrypt;
1223     break;
1224     }
1225     case SSH_CIPHER_IDEA:{
1226     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1227     pvar->crypt_state.encrypt = cIDEA_encrypt;
1228     break;
1229     }
1230     case SSH_CIPHER_DES:{
1231     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1232     pvar->crypt_state.encrypt = cDES_encrypt;
1233     break;
1234     }
1235     case SSH_CIPHER_RC4:{
1236     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1237     encryption_key + 16);
1238     pvar->crypt_state.encrypt = cRC4_encrypt;
1239     break;
1240     }
1241     case SSH_CIPHER_BLOWFISH:{
1242     cBlowfish_init(encryption_key,
1243 maya 3003 &pvar->crypt_state.enc.cBlowfish);
1244 yutakakn 2728 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1245     break;
1246     }
1247     default:
1248     isOK = FALSE;
1249     }
1250     }
1251    
1252    
1253     if (receiver_flag) {
1254     switch (pvar->crypt_state.receiver_cipher) {
1255     // for SSH2(yutaka)
1256 maya 3045 case SSH2_CIPHER_3DES_CBC:
1257 yutakakn 2728 {
1258     struct Enc *enc;
1259    
1260     enc = &pvar->ssh2_keys[MODE_IN].enc;
1261 maya 3036 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1262     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1263     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1264 maya 3003 CIPHER_DECRYPT,
1265 maya 3043 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1266     pvar);
1267 yutakakn 2728
1268 maya 3045 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1269     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1270 yutakakn 2728
1271     pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1272     break;
1273     }
1274    
1275     // for SSH2(yutaka)
1276 maya 3157 case SSH2_CIPHER_AES128_CBC:
1277     case SSH2_CIPHER_AES192_CBC:
1278     case SSH2_CIPHER_AES256_CBC:
1279 maya 3159 case SSH2_CIPHER_AES128_CTR:
1280     case SSH2_CIPHER_AES192_CTR:
1281     case SSH2_CIPHER_AES256_CTR:
1282 yutakakn 2728 {
1283     struct Enc *enc;
1284    
1285     enc = &pvar->ssh2_keys[MODE_IN].enc;
1286 maya 3036 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1287     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1288     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1289 maya 3003 CIPHER_DECRYPT,
1290 maya 3043 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1291     pvar);
1292 yutakakn 2728
1293 maya 3045 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1294     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1295 yutakakn 2728
1296     pvar->crypt_state.decrypt = cAES128_decrypt;
1297     break;
1298     }
1299    
1300 maya 3157 case SSH2_CIPHER_BLOWFISH_CBC:
1301 maya 3045 {
1302     struct Enc *enc;
1303    
1304     enc = &pvar->ssh2_keys[MODE_IN].enc;
1305     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1306     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1307     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1308     CIPHER_DECRYPT,
1309     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1310     pvar);
1311    
1312     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1313     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1314    
1315     pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1316     break;
1317     }
1318    
1319 yutakakn 2728 case SSH_CIPHER_3DES:{
1320     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1321     pvar->crypt_state.decrypt = c3DES_decrypt;
1322     break;
1323     }
1324     case SSH_CIPHER_IDEA:{
1325     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1326     pvar->crypt_state.decrypt = cIDEA_decrypt;
1327     break;
1328     }
1329     case SSH_CIPHER_DES:{
1330     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1331     pvar->crypt_state.decrypt = cDES_decrypt;
1332     break;
1333     }
1334     case SSH_CIPHER_RC4:{
1335     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1336     pvar->crypt_state.decrypt = cRC4_decrypt;
1337     break;
1338     }
1339     case SSH_CIPHER_BLOWFISH:{
1340     cBlowfish_init(decryption_key,
1341 maya 3003 &pvar->crypt_state.dec.cBlowfish);
1342 yutakakn 2728 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1343     break;
1344     }
1345     default:
1346     isOK = FALSE;
1347     }
1348     }
1349    
1350    
1351     if (!isOK) {
1352 maya 2994 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1353 maya 3003 "No cipher selected!");
1354 maya 2937 notify_fatal_error(pvar, pvar->ts->UIMsg);
1355 yutakakn 2728 return FALSE;
1356     } else {
1357     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1358     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1359     return TRUE;
1360     }
1361     }
1362    
1363     void CRYPT_init(PTInstVar pvar)
1364     {
1365     pvar->crypt_state.encrypt = no_encrypt;
1366     pvar->crypt_state.decrypt = no_encrypt;
1367     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1368     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1369     pvar->crypt_state.server_key.RSA_key = NULL;
1370     pvar->crypt_state.host_key.RSA_key = NULL;
1371    
1372     pvar->crypt_state.detect_attack_statics.h = NULL;
1373     pvar->crypt_state.detect_attack_statics.n =
1374     HASH_MINSIZE / HASH_ENTRYSIZE;
1375     }
1376    
1377     static char FAR *get_cipher_name(int cipher)
1378     {
1379     switch (cipher) {
1380     case SSH_CIPHER_NONE:
1381     return "None";
1382     case SSH_CIPHER_3DES:
1383     return "3DES (168 key bits)";
1384     case SSH_CIPHER_DES:
1385     return "DES (56 key bits)";
1386     case SSH_CIPHER_IDEA:
1387     return "IDEA (128 key bits)";
1388     case SSH_CIPHER_RC4:
1389     return "RC4 (128 key bits)";
1390     case SSH_CIPHER_BLOWFISH:
1391     return "Blowfish (256 key bits)";
1392    
1393     // SSH2
1394 maya 3045 case SSH2_CIPHER_3DES_CBC:
1395 yutakakn 2728 return "3DES-CBC";
1396 maya 3157 case SSH2_CIPHER_AES128_CBC:
1397     return "AES128-CBC";
1398     case SSH2_CIPHER_AES192_CBC:
1399     return "AES192-CBC";
1400     case SSH2_CIPHER_AES256_CBC:
1401     return "AES256-CBC";
1402     case SSH2_CIPHER_BLOWFISH_CBC:
1403     return "Blowfish-CBC";
1404 maya 3159 case SSH2_CIPHER_AES128_CTR:
1405     return "AES128-CTR";
1406     case SSH2_CIPHER_AES192_CTR:
1407     return "AES192-CTR";
1408     case SSH2_CIPHER_AES256_CTR:
1409     return "AES256-CTR";
1410 yutakakn 2728
1411     default:
1412     return "Unknown";
1413     }
1414     }
1415    
1416     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1417     {
1418 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1419 maya 3003 "%s to server, %s from server");
1420 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1421 maya 3003 get_cipher_name(pvar->crypt_state.sender_cipher),
1422     get_cipher_name(pvar->crypt_state.receiver_cipher));
1423 yutakakn 2728 }
1424    
1425     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1426     {
1427     if (SSHv1(pvar)) {
1428     if (pvar->crypt_state.server_key.RSA_key == NULL
1429 maya 3003 || pvar->crypt_state.host_key.RSA_key == NULL) {
1430 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1431 maya 2992 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1432 yutakakn 2728 } else {
1433 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1434 maya 3003 "%d-bit server key, %d-bit host key");
1435 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1436 maya 3003 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1437     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1438 yutakakn 2728 }
1439     } else { // SSH2
1440 maya 2994 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1441 maya 3003 "%d-bit server key, %d-bit host key");
1442 maya 2992 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1443 maya 3003 pvar->server_key_bits,
1444     pvar->client_key_bits);
1445 yutakakn 2728 }
1446     }
1447    
1448     static void destroy_public_key(CRYPTPublicKey FAR * key)
1449     {
1450     if (key->RSA_key != NULL) {
1451     RSA_free(key->RSA_key);
1452     key->RSA_key = NULL;
1453     }
1454     }
1455    
1456     void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1457     {
1458     destroy_public_key(key);
1459     free(key);
1460     }
1461    
1462     void CRYPT_end(PTInstVar pvar)
1463     {
1464     destroy_public_key(&pvar->crypt_state.host_key);
1465     destroy_public_key(&pvar->crypt_state.server_key);
1466    
1467     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1468     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1469 maya 3003 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1470 yutakakn 2728 free(pvar->crypt_state.detect_attack_statics.h);
1471     }
1472    
1473     memset(pvar->crypt_state.sender_cipher_key, 0,
1474 maya 3003 sizeof(pvar->crypt_state.sender_cipher_key));
1475 yutakakn 2728 memset(pvar->crypt_state.receiver_cipher_key, 0,
1476 maya 3003 sizeof(pvar->crypt_state.receiver_cipher_key));
1477 yutakakn 2728 memset(pvar->crypt_state.server_cookie, 0,
1478 maya 3003 sizeof(pvar->crypt_state.server_cookie));
1479 yutakakn 2728 memset(pvar->crypt_state.client_cookie, 0,
1480 maya 3003 sizeof(pvar->crypt_state.client_cookie));
1481 yutakakn 2728 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1482     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1483     }
1484    
1485     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1486 maya 3003 char FAR * buf, int bytes)
1487 yutakakn 2728 {
1488     unsigned char passphrase_key[16];
1489    
1490     MD5(passphrase, strlen(passphrase), passphrase_key);
1491    
1492     switch (cipher) {
1493     case SSH_CIPHER_3DES:{
1494     Cipher3DESState state;
1495    
1496     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1497 maya 3003 &state.k1);
1498 yutakakn 2728 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1499 maya 3003 &state.k2);
1500 yutakakn 2728 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1501 maya 3003 &state.k3);
1502 yutakakn 2728 memset(state.ivec1, 0, 8);
1503     memset(state.ivec2, 0, 8);
1504     memset(state.ivec3, 0, 8);
1505     DES_ncbc_encrypt(buf, buf, bytes,
1506 maya 3003 &state.k3, &state.ivec3, DES_DECRYPT);
1507 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
1508 maya 3003 &state.k2, &state.ivec2, DES_ENCRYPT);
1509 yutakakn 2728 DES_ncbc_encrypt(buf, buf, bytes,
1510 maya 3003 &state.k1, &state.ivec1, DES_DECRYPT);
1511 yutakakn 2728 break;
1512     }
1513    
1514     case SSH_CIPHER_IDEA:{
1515     CipherIDEAState state;
1516     int num = 0;
1517    
1518     cIDEA_init(passphrase_key, &state);
1519     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1520 maya 3003 &num, IDEA_DECRYPT);
1521 yutakakn 2728 break;
1522     }
1523    
1524     case SSH_CIPHER_DES:{
1525     CipherDESState state;
1526    
1527     cDES_init(passphrase_key, &state);
1528     DES_ncbc_encrypt(buf, buf, bytes,
1529 maya 3003 &state.k, &state.ivec, DES_DECRYPT);
1530 yutakakn 2728 break;
1531     }
1532    
1533     case SSH_CIPHER_RC4:{
1534     CipherRC4State state;
1535     int num = 0;
1536    
1537     RC4_set_key(&state.k, 16, passphrase_key);
1538     RC4(&state.k, bytes, buf, buf);
1539     break;
1540     }
1541    
1542     case SSH_CIPHER_BLOWFISH:{
1543     CipherBlowfishState state;
1544    
1545     BF_set_key(&state.k, 16, passphrase_key);
1546     memset(state.ivec, 0, 8);
1547     flip_endianness(buf, bytes);
1548     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1549     BF_DECRYPT);
1550     flip_endianness(buf, bytes);
1551     break;
1552     }
1553    
1554     case SSH_CIPHER_NONE:
1555     break;
1556    
1557     default:
1558     memset(passphrase_key, 0, sizeof(passphrase_key));
1559     return 0;
1560     }
1561    
1562     memset(passphrase_key, 0, sizeof(passphrase_key));
1563     return 1;
1564     }
1565    
1566     void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1567     {
1568 yutakakn 2762 if (key_pair->RSA_key != NULL)
1569     RSA_free(key_pair->RSA_key);
1570    
1571     if (key_pair->DSA_key != NULL)
1572     DSA_free(key_pair->DSA_key);
1573    
1574 yutakakn 2728 free(key_pair);
1575     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help