Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 4550 - (hide annotations) (download) (as text)
Thu Jul 28 16:15:05 2011 UTC (12 years, 8 months ago) by maya
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 62070 byte(s) 
RAND_screen() を呼ばないようにしてみた
  http://sourceforge.jp/ticket/browse.php?group_id=1412&tid=25835
1 maya 3227 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40     #include <openssl/dsa.h>
41     #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202     default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204     buf, bytes, NULL) == DEATTACK_DETECTED;
205     }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     // ���O�������������������������������AAES192, AES256 ����
218     // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220     int bytes)
221     {
222     unsigned char *newbuf = malloc(bytes);
223     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224 doda 4212 char tmp[80];
225 maya 3227
226     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227     if (bytes == 0)
228     goto error;
229    
230     if (newbuf == NULL)
231     return;
232    
233     if (bytes % block_size) {
234 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
235     "%s encrypt error(1): bytes %d (%d)");
236     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237     "AES128/192/256", bytes, block_size);
238 maya 3227 notify_fatal_error(pvar, tmp);
239     goto error;
240     }
241    
242     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
244     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
245     "AES128/192/256");
246     notify_fatal_error(pvar, tmp);
247 maya 3227 goto error;
248    
249     } else {
250     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
251     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
252     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
253     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
254    
255     //debug_print(50, key, 24);
256     //debug_print(51, iv, 8);
257     //debug_print(52, buf, bytes);
258     //debug_print(53, newbuf, bytes);
259    
260     memcpy(buf, newbuf, bytes);
261     }
262    
263     error:
264     free(newbuf);
265     }
266    
267     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
268     int bytes)
269     {
270     unsigned char *newbuf = malloc(bytes);
271     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272 doda 4212 char tmp[80];
273 maya 3227
274     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
275     if (bytes == 0)
276     goto error;
277    
278     if (newbuf == NULL)
279     return;
280    
281     if (bytes % block_size) {
282 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
283     "%s decrypt error(1): bytes %d (%d)");
284     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
285     "AES128/192/256", bytes, block_size);
286 maya 3227 notify_fatal_error(pvar, tmp);
287     goto error;
288     }
289    
290     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
291 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
292     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
293     "AES128/192/256");
294     notify_fatal_error(pvar, tmp);
295 maya 3227 goto error;
296    
297     } else {
298     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
299     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
300     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
301     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
302    
303     //debug_print(70, key, AES128_KEYLEN);
304     //debug_print(71, iv, AES128_IVLEN);
305     //debug_print(72, buf, bytes);
306     //debug_print(73, newbuf, bytes);
307    
308     memcpy(buf, newbuf, bytes);
309     }
310    
311     error:
312     free(newbuf);
313     }
314    
315    
316     // for SSH2(yutaka)
317 doda 3850 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
318 doda 4212 int bytes)
319 maya 3227 {
320     unsigned char *newbuf = malloc(bytes);
321     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
322 doda 4212 char tmp[80];
323 maya 3227
324     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
325     if (bytes == 0)
326     goto error;
327    
328     if (newbuf == NULL)
329     return;
330    
331     if (bytes % block_size) {
332 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
333     "%s encrypt error(1): bytes %d (%d)");
334     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
335     "3DES-CBC", bytes, block_size);
336 maya 3227 notify_fatal_error(pvar, tmp);
337     goto error;
338     }
339    
340     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
341 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
342     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
343     "3DES-CBC");
344     notify_fatal_error(pvar, tmp);
345 maya 3227 goto error;
346    
347     } else {
348     //unsigned char key[24], iv[8];
349     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352    
353     //debug_print(50, key, 24);
354     //debug_print(51, iv, 8);
355     //debug_print(52, buf, bytes);
356     //debug_print(53, newbuf, bytes);
357    
358     memcpy(buf, newbuf, bytes);
359     }
360    
361     error:
362     free(newbuf);
363     }
364    
365 doda 3850 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
366 doda 4212 int bytes)
367 maya 3227 {
368     unsigned char *newbuf = malloc(bytes);
369     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
370 doda 4212 char tmp[80];
371 maya 3227
372     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
373     if (bytes == 0)
374     goto error;
375    
376     if (newbuf == NULL)
377     return;
378    
379     if (bytes % block_size) {
380 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
381     "%s decrypt error(1): bytes %d (%d)");
382     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
383     "3DES-CBC", bytes, block_size);
384 maya 3227 notify_fatal_error(pvar, tmp);
385     goto error;
386     }
387    
388     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
390     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
391     "3DES-CBC");
392     notify_fatal_error(pvar, tmp);
393 maya 3227 goto error;
394    
395     } else {
396     //unsigned char key[24], iv[8];
397     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
398     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
399     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
400    
401     //debug_print(70, key, 24);
402     //debug_print(71, iv, 8);
403     //debug_print(72, buf, bytes);
404     //debug_print(73, newbuf, bytes);
405    
406     memcpy(buf, newbuf, bytes);
407     }
408    
409     error:
410     free(newbuf);
411     }
412    
413    
414     static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
415     int bytes)
416     {
417     unsigned char *newbuf = malloc(bytes);
418     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
419 doda 4212 char tmp[80];
420 maya 3227
421     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
422     if (bytes == 0)
423     goto error;
424    
425     if (newbuf == NULL)
426     return;
427    
428     if (bytes % block_size) {
429 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
430     "%s encrypt error(1): bytes %d (%d)");
431     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
432     "Blowfish", bytes, block_size);
433 maya 3227 notify_fatal_error(pvar, tmp);
434     goto error;
435     }
436    
437     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
438 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
439     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
440     "Blowfish");
441     notify_fatal_error(pvar, tmp);
442 maya 3227 goto error;
443    
444     } else {
445     memcpy(buf, newbuf, bytes);
446    
447     }
448    
449     error:
450     free(newbuf);
451     }
452    
453     static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
454     int bytes)
455     {
456     unsigned char *newbuf = malloc(bytes);
457     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
458 doda 4212 char tmp[80];
459 maya 3227
460     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
461     if (bytes == 0)
462     goto error;
463    
464     if (newbuf == NULL)
465     return;
466    
467     if (bytes % block_size) {
468 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
469     "%s decrypt error(1): bytes %d (%d)");
470     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
471     "Blowfish", bytes, block_size);
472 maya 3227 notify_fatal_error(pvar, tmp);
473     goto error;
474     }
475    
476     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
477 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
478     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
479     "Blowfish");
480     notify_fatal_error(pvar, tmp);
481 maya 3227 goto error;
482    
483     } else {
484     memcpy(buf, newbuf, bytes);
485    
486     }
487    
488     error:
489     free(newbuf);
490     }
491    
492 doda 4212
493 maya 3227 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
494 doda 4212 int bytes)
495 maya 3227 {
496     unsigned char *newbuf = malloc(bytes);
497     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
498 doda 4212 char tmp[80];
499 maya 3227
500     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
501     if (bytes == 0)
502     goto error;
503    
504     if (newbuf == NULL)
505     return;
506    
507     if (bytes % block_size) {
508 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
509     "%s encrypt error(1): bytes %d (%d)");
510     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
511     "Arcfour", bytes, block_size);
512 maya 3227 notify_fatal_error(pvar, tmp);
513     goto error;
514     }
515    
516     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
517 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
518     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
519     "Arcfour");
520     notify_fatal_error(pvar, tmp);
521 maya 3227 goto error;
522    
523     } else {
524     memcpy(buf, newbuf, bytes);
525    
526     }
527    
528     error:
529     free(newbuf);
530     }
531    
532     static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 doda 4212 int bytes)
534 maya 3227 {
535     unsigned char *newbuf = malloc(bytes);
536     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
537 doda 4212 char tmp[80];
538 maya 3227
539     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
540     if (bytes == 0)
541     goto error;
542    
543     if (newbuf == NULL)
544     return;
545    
546     if (bytes % block_size) {
547 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
548     "%s decrypt error(1): bytes %d (%d)");
549     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
550     "Arcfour", bytes, block_size);
551 maya 3227 notify_fatal_error(pvar, tmp);
552     goto error;
553     }
554    
555     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
556 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
557     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
558     "Arcfour");
559     notify_fatal_error(pvar, tmp);
560 maya 3227 goto error;
561    
562     } else {
563     memcpy(buf, newbuf, bytes);
564    
565     }
566    
567     error:
568     free(newbuf);
569     }
570    
571 doda 4212
572 maya 3227 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
573     int bytes)
574     {
575     unsigned char *newbuf = malloc(bytes);
576     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
577 doda 4212 char tmp[80];
578 maya 3227
579     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
580     if (bytes == 0)
581     goto error;
582    
583     if (newbuf == NULL)
584     return;
585    
586     if (bytes % block_size) {
587 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
588     "%s encrypt error(1): bytes %d (%d)");
589     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
590     "CAST128", bytes, block_size);
591 maya 3227 notify_fatal_error(pvar, tmp);
592     goto error;
593     }
594    
595     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
596 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
597     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
598     "CAST128");
599     notify_fatal_error(pvar, tmp);
600 maya 3227 goto error;
601    
602     } else {
603     memcpy(buf, newbuf, bytes);
604    
605     }
606    
607     error:
608     free(newbuf);
609     }
610    
611     static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
612     int bytes)
613     {
614     unsigned char *newbuf = malloc(bytes);
615     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
616 doda 4212 char tmp[80];
617 maya 3227
618     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
619     if (bytes == 0)
620     goto error;
621    
622     if (newbuf == NULL)
623     return;
624    
625     if (bytes % block_size) {
626 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
627     "%s decrypt error(1): bytes %d (%d)");
628     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
629     "CAST128", bytes, block_size);
630 maya 3227 notify_fatal_error(pvar, tmp);
631     goto error;
632     }
633    
634     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
635 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
636     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
637     "CAST128");
638     notify_fatal_error(pvar, tmp);
639 maya 3227 goto error;
640    
641     } else {
642     memcpy(buf, newbuf, bytes);
643    
644     }
645    
646     error:
647     free(newbuf);
648     }
649    
650 doda 4433 #ifdef WITH_CAMELLIA_DRAFT
651     static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
652     int bytes)
653     {
654     unsigned char *newbuf = malloc(bytes);
655     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
656     char tmp[80];
657 maya 3227
658 doda 4433 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
659     if (bytes == 0)
660     goto error;
661    
662     if (newbuf == NULL)
663     return;
664    
665     if (bytes % block_size) {
666     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
667     "%s encrypt error(1): bytes %d (%d)");
668     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
669     "Camellia128/192/256", bytes, block_size);
670     notify_fatal_error(pvar, tmp);
671     goto error;
672     }
673    
674     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
675     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
676     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
677     "Camellia128/192/256");
678     notify_fatal_error(pvar, tmp);
679     goto error;
680    
681     } else {
682     memcpy(buf, newbuf, bytes);
683    
684     }
685    
686     error:
687     free(newbuf);
688     }
689    
690     static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
691     int bytes)
692     {
693     unsigned char *newbuf = malloc(bytes);
694     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
695     char tmp[80];
696    
697     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
698     if (bytes == 0)
699     goto error;
700    
701     if (newbuf == NULL)
702     return;
703    
704     if (bytes % block_size) {
705     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
706     "%s decrypt error(1): bytes %d (%d)");
707     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
708     "Camellia128/192/256", bytes, block_size);
709     notify_fatal_error(pvar, tmp);
710     goto error;
711     }
712    
713     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
714     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
715     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
716     "Camellia128/192/256");
717     notify_fatal_error(pvar, tmp);
718     goto error;
719    
720     } else {
721     memcpy(buf, newbuf, bytes);
722    
723     }
724    
725     error:
726     free(newbuf);
727     }
728     #endif // WITH_CAMELLIA_DRAFT
729    
730 maya 3227 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
731     int bytes)
732     {
733     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
734    
735     DES_ncbc_encrypt(buf, buf, bytes,
736     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
737     DES_ncbc_encrypt(buf, buf, bytes,
738     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
739     DES_ncbc_encrypt(buf, buf, bytes,
740     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
741     }
742    
743     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
744     int bytes)
745     {
746     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
747    
748     DES_ncbc_encrypt(buf, buf, bytes,
749     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
750     DES_ncbc_encrypt(buf, buf, bytes,
751     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
752     DES_ncbc_encrypt(buf, buf, bytes,
753     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
754     }
755    
756     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
757     int bytes)
758     {
759     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
760    
761     DES_ncbc_encrypt(buf, buf, bytes,
762     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
763     }
764    
765     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
766     int bytes)
767     {
768     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
769    
770     DES_ncbc_encrypt(buf, buf, bytes,
771     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
772     }
773    
774     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
775     int bytes)
776     {
777     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
778     int num = 0;
779    
780     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
781     encryptstate->ivec, &num, IDEA_ENCRYPT);
782     }
783    
784     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
785     int bytes)
786     {
787     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
788     int num = 0;
789    
790     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
791     decryptstate->ivec, &num, IDEA_DECRYPT);
792     }
793    
794     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
795     {
796     uint32 FAR *buf = (uint32 FAR *) cbuf;
797     int count = bytes / 4;
798    
799     while (count > 0) {
800     uint32 w = *buf;
801    
802     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
803     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
804     count--;
805     buf++;
806     }
807     }
808    
809     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
810     int bytes)
811     {
812     CipherBlowfishState FAR *encryptstate =
813     &pvar->crypt_state.enc.cBlowfish;
814    
815     flip_endianness(buf, bytes);
816     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
817     BF_ENCRYPT);
818     flip_endianness(buf, bytes);
819     }
820    
821     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
822     int bytes)
823     {
824     CipherBlowfishState FAR *decryptstate =
825     &pvar->crypt_state.dec.cBlowfish;
826    
827     flip_endianness(buf, bytes);
828     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
829     BF_DECRYPT);
830     flip_endianness(buf, bytes);
831     }
832    
833     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
834     int bytes)
835     {
836     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
837     int num = 0;
838    
839     RC4(&encryptstate->k, bytes, buf, buf);
840     }
841    
842     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
843     int bytes)
844     {
845     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
846     int num = 0;
847    
848     RC4(&decryptstate->k, bytes, buf, buf);
849     }
850    
851     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
852     int bytes)
853     {
854     RAND_bytes(buf, bytes);
855     }
856    
857     void CRYPT_initialize_random_numbers(PTInstVar pvar)
858     {
859 maya 4550 // ����������������������
860     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
861     //RAND_screen();
862 maya 3227 }
863    
864     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
865     {
866     int bits = get_ushort16_MSBfirst(bytes);
867    
868     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
869     }
870    
871     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
872     RSA FAR *make_key(PTInstVar pvar,
873     int bits, unsigned char FAR * exp,
874     unsigned char FAR * mod)
875     {
876     RSA FAR *key = RSA_new();
877    
878     if (key != NULL) {
879     key->e = get_bignum(exp);
880     key->n = get_bignum(mod);
881     }
882    
883     if (key == NULL || key->e == NULL || key->n == NULL) {
884     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
885     "Error setting up RSA keys");
886     notify_fatal_error(pvar, pvar->ts->UIMsg);
887    
888     if (key != NULL) {
889     if (key->e != NULL) {
890     BN_free(key->e);
891     }
892     if (key->n != NULL) {
893     BN_free(key->n);
894     }
895     RSA_free(key);
896     }
897    
898     return NULL;
899     } else {
900     return key;
901     }
902     }
903    
904     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
905     {
906     if (SSHv1(pvar)) {
907     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
908     } else {
909     memcpy(pvar->crypt_state.server_cookie, cookie,
910     SSH2_COOKIE_LENGTH);
911     }
912     }
913    
914     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
915     {
916     if (SSHv2(pvar)) {
917     memcpy(pvar->crypt_state.client_cookie, cookie,
918     SSH2_COOKIE_LENGTH);
919     }
920     }
921    
922     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
923     int bits, unsigned char FAR * exp,
924     unsigned char FAR * mod)
925     {
926     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
927    
928     return pvar->crypt_state.server_key.RSA_key != NULL;
929     }
930    
931     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
932     int bits, unsigned char FAR * exp,
933     unsigned char FAR * mod)
934     {
935     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
936    
937     return pvar->crypt_state.host_key.RSA_key != NULL;
938     }
939    
940     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
941     int receiver_ciphers)
942     {
943     int cipher_mask;
944    
945     if (SSHv1(pvar)) {
946     cipher_mask = (1 << SSH_CIPHER_DES)
947     | (1 << SSH_CIPHER_3DES)
948     | (1 << SSH_CIPHER_BLOWFISH);
949    
950     } else { // for SSH2(yutaka)
951     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
952 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
953 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
954     | (1 << SSH2_CIPHER_AES192_CBC)
955     | (1 << SSH2_CIPHER_AES256_CBC)
956     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
957     | (1 << SSH2_CIPHER_AES128_CTR)
958     | (1 << SSH2_CIPHER_AES192_CTR)
959     | (1 << SSH2_CIPHER_AES256_CTR)
960     | (1 << SSH2_CIPHER_ARCFOUR)
961     | (1 << SSH2_CIPHER_ARCFOUR128)
962     | (1 << SSH2_CIPHER_ARCFOUR256)
963 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
964     | (1 << SSH2_CIPHER_3DES_CTR)
965     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
966 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
967     #ifdef WITH_CAMELLIA_DRAFT
968     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
969     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
970     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
971     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
972     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
973     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
974     #endif // WITH_CAMELLIA_DRAFT
975     );
976 maya 3227 }
977    
978     sender_ciphers &= cipher_mask;
979     receiver_ciphers &= cipher_mask;
980     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
981     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
982    
983     if (sender_ciphers == 0) {
984     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
985     "The server does not support any of the TTSSH encryption algorithms.\n"
986     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
987     "The connection will be closed.");
988     notify_fatal_error(pvar, pvar->ts->UIMsg);
989     return FALSE;
990     } else if (receiver_ciphers == 0) {
991     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
992     "The server does not support any of the TTSSH encryption algorithms.\n"
993     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
994     "The connection will be closed.");
995     notify_fatal_error(pvar, pvar->ts->UIMsg);
996     return FALSE;
997     } else {
998     return TRUE;
999     }
1000     }
1001    
1002     int CRYPT_get_decryption_block_size(PTInstVar pvar)
1003     {
1004     if (SSHv1(pvar)) {
1005     return 8;
1006     } else {
1007     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1008     // cf. 3DES=8, AES128=16
1009     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
1010     }
1011     }
1012    
1013     int CRYPT_get_encryption_block_size(PTInstVar pvar)
1014     {
1015     if (SSHv1(pvar)) {
1016     return 8;
1017     } else {
1018     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1019     // cf. 3DES=8, AES128=16
1020     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
1021     }
1022     }
1023    
1024     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
1025     {
1026     struct Mac *mac;
1027    
1028     if (SSHv1(pvar)) {
1029     return 0;
1030    
1031     } else { // for SSH2(yutaka)
1032     mac = &pvar->ssh2_keys[MODE_IN].mac;
1033     if (mac == NULL || mac->enabled == 0)
1034     return 0;
1035    
1036     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
1037     }
1038    
1039     }
1040    
1041     // HMAC������
1042     // ���{������ SSH2 �������g�p�������B
1043     // (2004.12.17 yutaka)
1044     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
1045     char FAR * data, int len, char FAR * MAC)
1046     {
1047     HMAC_CTX c;
1048     unsigned char m[EVP_MAX_MD_SIZE];
1049     unsigned char b[4];
1050     struct Mac *mac;
1051    
1052     mac = &pvar->ssh2_keys[MODE_IN].mac;
1053    
1054     // HMAC�������L���������������A����OK�����������B
1055     if (mac == NULL || mac->enabled == 0)
1056     return TRUE;
1057    
1058     if (mac->key == NULL)
1059     goto error;
1060    
1061     if ((u_int)mac->mac_len > sizeof(m))
1062     goto error;
1063    
1064     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1065     set_uint32_MSBfirst(b, sequence_number);
1066     HMAC_Update(&c, b, sizeof(b));
1067     HMAC_Update(&c, data, len);
1068     HMAC_Final(&c, m, NULL);
1069     HMAC_cleanup(&c);
1070    
1071     if (memcmp(m, MAC, mac->mac_len)) {
1072     goto error;
1073     }
1074    
1075     return TRUE;
1076    
1077     error:
1078     return FALSE;
1079     }
1080    
1081     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1082     {
1083     struct Mac *mac;
1084    
1085     if (SSHv2(pvar)) { // for SSH2(yutaka)
1086     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1087     if (mac == NULL || mac->enabled == 0)
1088     return 0;
1089    
1090     return (mac->mac_len);
1091     }
1092    
1093     return 0;
1094     }
1095    
1096     // for SSH2
1097     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1098     char FAR * data, int len, char FAR * MAC)
1099     {
1100     HMAC_CTX c;
1101     static u_char m[EVP_MAX_MD_SIZE];
1102     u_char b[4];
1103     struct Mac *mac;
1104    
1105     if (SSHv2(pvar)) { // for SSH2(yutaka)
1106     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1107     if (mac == NULL || mac->enabled == 0)
1108     return FALSE;
1109    
1110     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1111     set_uint32_MSBfirst(b, sequence_number);
1112     HMAC_Update(&c, b, sizeof(b));
1113     HMAC_Update(&c, data, len);
1114     HMAC_Final(&c, m, NULL);
1115     HMAC_cleanup(&c);
1116    
1117     // 20�o�C�g�������R�s�[
1118     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1119     // memcpy(MAC, m, sizeof(m));
1120    
1121     return TRUE;
1122     }
1123    
1124     return TRUE;
1125    
1126     }
1127    
1128     static int choose_cipher(PTInstVar pvar, int supported)
1129     {
1130     int i;
1131    
1132     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1133     int cipher = pvar->session_settings.CipherOrder[i] - '0';
1134    
1135     if (cipher == SSH_CIPHER_NONE) {
1136     break;
1137     } else if ((supported & (1 << cipher)) != 0) {
1138     return cipher;
1139     }
1140     }
1141    
1142     return SSH_CIPHER_NONE;
1143     }
1144    
1145     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1146     {
1147     if (SSHv1(pvar)) {
1148     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1149     pvar->crypt_state.
1150     supported_sender_ciphers);
1151     pvar->crypt_state.receiver_cipher =
1152     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1153    
1154     } else { // SSH2(yutaka)
1155     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1156     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1157    
1158     }
1159    
1160     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1161     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1162     UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
1163     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1164     "To communicate with this server, you will have to enable some more ciphers\n"
1165     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1166     "This connection will now close.");
1167     notify_fatal_error(pvar, pvar->ts->UIMsg);
1168     return FALSE;
1169     } else {
1170     return TRUE;
1171     }
1172     }
1173    
1174     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1175     {
1176     int server_key_bits =
1177     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1178     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1179     int server_key_bytes = (server_key_bits + 7) / 8;
1180     int host_key_bytes = (host_key_bits + 7) / 8;
1181    
1182     if (server_key_bits < host_key_bits) {
1183     return host_key_bytes;
1184     } else {
1185     return server_key_bytes;
1186     }
1187     }
1188    
1189     int CRYPT_choose_session_key(PTInstVar pvar,
1190     unsigned char FAR * encrypted_key_buf)
1191     {
1192     int server_key_bits =
1193     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1194     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1195     int server_key_bytes = (server_key_bits + 7) / 8;
1196     int host_key_bytes = (host_key_bits + 7) / 8;
1197     int encrypted_key_bytes;
1198     int bit_delta;
1199    
1200     if (server_key_bits < host_key_bits) {
1201     encrypted_key_bytes = host_key_bytes;
1202     bit_delta = host_key_bits - server_key_bits;
1203     } else {
1204     encrypted_key_bytes = server_key_bytes;
1205     bit_delta = server_key_bits - host_key_bits;
1206     }
1207    
1208     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1209     UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1210     "Server RSA keys are too weak. A secure connection cannot be established.");
1211     notify_fatal_error(pvar, pvar->ts->UIMsg);
1212     return 0;
1213     } else {
1214     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1215     for the session ID, rather than the one specified in the RFC */
1216     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1217     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1218     char session_id[16];
1219     int i;
1220    
1221     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1222     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1223     session_buf + host_key_bytes);
1224     memcpy(session_buf + server_key_bytes + host_key_bytes,
1225     pvar->crypt_state.server_cookie, 8);
1226     MD5(session_buf, session_buf_len, session_id);
1227    
1228     free(session_buf);
1229    
1230     RAND_bytes(pvar->crypt_state.sender_cipher_key,
1231     SSH_SESSION_KEY_LENGTH);
1232     memcpy(pvar->crypt_state.receiver_cipher_key,
1233     pvar->crypt_state.sender_cipher_key,
1234     SSH_SESSION_KEY_LENGTH);
1235    
1236     memcpy(encrypted_key_buf + encrypted_key_bytes -
1237     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1238     SSH_SESSION_KEY_LENGTH);
1239     for (i = 0; i < sizeof(session_id); i++) {
1240     encrypted_key_buf[encrypted_key_bytes -
1241     SSH_SESSION_KEY_LENGTH + i]
1242     ^= session_id[i];
1243     }
1244    
1245     if (host_key_bits > server_key_bits) {
1246     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1247     encrypted_key_buf +
1248     encrypted_key_bytes -
1249     SSH_SESSION_KEY_LENGTH,
1250     encrypted_key_buf +
1251     encrypted_key_bytes - server_key_bytes,
1252     pvar->crypt_state.server_key.RSA_key,
1253     RSA_PKCS1_PADDING) < 0)
1254     return 0;
1255    
1256     if (RSA_public_encrypt(server_key_bytes,
1257     encrypted_key_buf +
1258     encrypted_key_bytes - server_key_bytes,
1259     encrypted_key_buf,
1260     pvar->crypt_state.host_key.RSA_key,
1261     RSA_PKCS1_PADDING) < 0)
1262     return 0;
1263     } else {
1264     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1265     encrypted_key_buf +
1266     encrypted_key_bytes -
1267     SSH_SESSION_KEY_LENGTH,
1268     encrypted_key_buf +
1269     encrypted_key_bytes - host_key_bytes,
1270     pvar->crypt_state.host_key.RSA_key,
1271     RSA_PKCS1_PADDING) < 0)
1272     return 0;
1273    
1274     if (RSA_public_encrypt(host_key_bytes,
1275     encrypted_key_buf +
1276     encrypted_key_bytes - host_key_bytes,
1277     encrypted_key_buf,
1278     pvar->crypt_state.server_key.RSA_key,
1279     RSA_PKCS1_PADDING) < 0)
1280     return 0;
1281     }
1282     }
1283    
1284     return 1;
1285     }
1286    
1287     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1288     unsigned char FAR * challenge,
1289     int challenge_len,
1290     unsigned char FAR * response)
1291     {
1292     int server_key_bits =
1293     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1294     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1295     int server_key_bytes = (server_key_bits + 7) / 8;
1296     int host_key_bytes = (host_key_bits + 7) / 8;
1297     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1298     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1299     char decrypted_challenge[48];
1300     int decrypted_challenge_len;
1301    
1302     decrypted_challenge_len =
1303     RSA_private_decrypt(challenge_len, challenge, challenge,
1304 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1305 maya 3227 RSA_PKCS1_PADDING);
1306     if (decrypted_challenge_len < 0) {
1307     free(session_buf);
1308     return 0;
1309     }
1310     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1311     memcpy(decrypted_challenge,
1312     challenge + decrypted_challenge_len -
1313     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1314     } else {
1315     memset(decrypted_challenge, 0,
1316     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1317     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1318     decrypted_challenge_len, challenge,
1319     decrypted_challenge_len);
1320     }
1321    
1322     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1323     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1324     session_buf + host_key_bytes);
1325     memcpy(session_buf + server_key_bytes + host_key_bytes,
1326     pvar->crypt_state.server_cookie, 8);
1327     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1328    
1329     free(session_buf);
1330    
1331     MD5(decrypted_challenge, 48, response);
1332    
1333     return 1;
1334     }
1335    
1336     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1337     {
1338     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1339     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1340     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1341     memset(state->ivec1, 0, 8);
1342     memset(state->ivec2, 0, 8);
1343     memset(state->ivec3, 0, 8);
1344     }
1345    
1346     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1347     {
1348     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1349     memset(state->ivec, 0, 8);
1350     }
1351    
1352     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1353     {
1354     idea_set_encrypt_key(session_key, &state->k);
1355     memset(state->ivec, 0, 8);
1356     }
1357    
1358     static void cBlowfish_init(char FAR * session_key,
1359     CipherBlowfishState FAR * state)
1360     {
1361     BF_set_key(&state->k, 32, session_key);
1362     memset(state->ivec, 0, 8);
1363     }
1364    
1365    
1366     //
1367     // SSH2�p�A���S���Y����������
1368     //
1369     // for SSH2(yutaka)
1370     //
1371     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1372     const u_char *key, u_int keylen,
1373     const u_char *iv, u_int ivlen,
1374     int encrypt,
1375     const EVP_CIPHER *type,
1376     int discard_len,
1377     PTInstVar pvar)
1378     {
1379     int klen;
1380     char tmp[80];
1381     unsigned char *junk = NULL, *discard = NULL;
1382    
1383     EVP_CIPHER_CTX_init(evp);
1384     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1385     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1386     "Cipher initialize error(%d)");
1387     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1388     notify_fatal_error(pvar, tmp);
1389     return;
1390     }
1391    
1392     klen = EVP_CIPHER_CTX_key_length(evp);
1393     if (klen > 0 && keylen != klen) {
1394     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1395     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1396     "Cipher initialize error(%d)");
1397     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1398     notify_fatal_error(pvar, tmp);
1399     return;
1400     }
1401     }
1402     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1403     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1404     "Cipher initialize error(%d)");
1405     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1406     notify_fatal_error(pvar, tmp);
1407     return;
1408     }
1409    
1410     if (discard_len > 0) {
1411     junk = malloc(discard_len);
1412     discard = malloc(discard_len);
1413     if (junk == NULL || discard == NULL ||
1414     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1415     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1416     "Cipher initialize error(%d)");
1417     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1418     pvar->ts->UIMsg, 3);
1419     notify_fatal_error(pvar, tmp);
1420     }
1421     else {
1422     memset(discard, 0, discard_len);
1423     }
1424     free(junk);
1425     free(discard);
1426     }
1427     }
1428    
1429    
1430     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1431     {
1432     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1433     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1434     BOOL isOK = TRUE;
1435    
1436     if (sender_flag) {
1437     switch (pvar->crypt_state.sender_cipher) {
1438     // for SSH2(yutaka)
1439     case SSH2_CIPHER_3DES_CBC:
1440 doda 3850 case SSH2_CIPHER_3DES_CTR:
1441 maya 3227 {
1442     struct Enc *enc;
1443    
1444     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1445     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1446     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1447     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1448     CIPHER_ENCRYPT,
1449     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1450     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1451     pvar);
1452    
1453     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1454     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1455    
1456 doda 3850 pvar->crypt_state.encrypt = c3DES_encrypt2;
1457 maya 3227 break;
1458     }
1459    
1460     // for SSH2(yutaka)
1461     case SSH2_CIPHER_AES128_CBC:
1462     case SSH2_CIPHER_AES192_CBC:
1463     case SSH2_CIPHER_AES256_CBC:
1464     case SSH2_CIPHER_AES128_CTR:
1465     case SSH2_CIPHER_AES192_CTR:
1466     case SSH2_CIPHER_AES256_CTR:
1467     {
1468     struct Enc *enc;
1469    
1470     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1471     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1472     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1473     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1474     CIPHER_ENCRYPT,
1475     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1476     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1477     pvar);
1478    
1479     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1480     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1481    
1482     pvar->crypt_state.encrypt = cAES128_encrypt;
1483     break;
1484     }
1485    
1486     case SSH2_CIPHER_BLOWFISH_CBC:
1487 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1488 maya 3227 {
1489     struct Enc *enc;
1490    
1491     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1492     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1493     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1494     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1495     CIPHER_ENCRYPT,
1496     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1497     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1498     pvar);
1499    
1500     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1501     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1502    
1503     pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1504     break;
1505     }
1506    
1507     case SSH2_CIPHER_ARCFOUR:
1508     case SSH2_CIPHER_ARCFOUR128:
1509     case SSH2_CIPHER_ARCFOUR256:
1510     {
1511     struct Enc *enc;
1512    
1513     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1514     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1515     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1516     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1517     CIPHER_ENCRYPT,
1518     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1519     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1520     pvar);
1521     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1522     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1523    
1524     pvar->crypt_state.encrypt = cArcfour_encrypt;
1525     break;
1526     }
1527    
1528     case SSH2_CIPHER_CAST128_CBC:
1529 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1530 maya 3227 {
1531     struct Enc *enc;
1532    
1533     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1534     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1535     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1536     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1537     CIPHER_ENCRYPT,
1538     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1539     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1540     pvar);
1541     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1542     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1543    
1544     pvar->crypt_state.encrypt = cCast128_encrypt;
1545     break;
1546     }
1547    
1548 doda 4433 #ifdef WITH_CAMELLIA_DRAFT
1549     case SSH2_CIPHER_CAMELLIA128_CBC:
1550     case SSH2_CIPHER_CAMELLIA192_CBC:
1551     case SSH2_CIPHER_CAMELLIA256_CBC:
1552     case SSH2_CIPHER_CAMELLIA128_CTR:
1553     case SSH2_CIPHER_CAMELLIA192_CTR:
1554     case SSH2_CIPHER_CAMELLIA256_CTR:
1555     {
1556     struct Enc *enc;
1557    
1558     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1559     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1560     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1561     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1562     CIPHER_ENCRYPT,
1563     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1564     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1565     pvar);
1566    
1567     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1568     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1569    
1570     pvar->crypt_state.encrypt = cCamellia_encrypt;
1571     break;
1572     }
1573     #endif // WITH_CAMELLIA_DRAFT
1574    
1575 maya 3227 case SSH_CIPHER_3DES:{
1576     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1577     pvar->crypt_state.encrypt = c3DES_encrypt;
1578     break;
1579     }
1580     case SSH_CIPHER_IDEA:{
1581     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1582     pvar->crypt_state.encrypt = cIDEA_encrypt;
1583     break;
1584     }
1585     case SSH_CIPHER_DES:{
1586     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1587     pvar->crypt_state.encrypt = cDES_encrypt;
1588     break;
1589     }
1590     case SSH_CIPHER_RC4:{
1591     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1592     encryption_key + 16);
1593     pvar->crypt_state.encrypt = cRC4_encrypt;
1594     break;
1595     }
1596     case SSH_CIPHER_BLOWFISH:{
1597     cBlowfish_init(encryption_key,
1598     &pvar->crypt_state.enc.cBlowfish);
1599     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1600     break;
1601     }
1602     default:
1603     isOK = FALSE;
1604     }
1605     }
1606    
1607    
1608     if (receiver_flag) {
1609     switch (pvar->crypt_state.receiver_cipher) {
1610     // for SSH2(yutaka)
1611     case SSH2_CIPHER_3DES_CBC:
1612 doda 3850 case SSH2_CIPHER_3DES_CTR:
1613 maya 3227 {
1614     struct Enc *enc;
1615    
1616     enc = &pvar->ssh2_keys[MODE_IN].enc;
1617     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1618     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1619     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1620     CIPHER_DECRYPT,
1621     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1622     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1623     pvar);
1624    
1625     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1626     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1627    
1628 doda 3850 pvar->crypt_state.decrypt = c3DES_decrypt2;
1629 maya 3227 break;
1630     }
1631    
1632     // for SSH2(yutaka)
1633     case SSH2_CIPHER_AES128_CBC:
1634     case SSH2_CIPHER_AES192_CBC:
1635     case SSH2_CIPHER_AES256_CBC:
1636     case SSH2_CIPHER_AES128_CTR:
1637     case SSH2_CIPHER_AES192_CTR:
1638     case SSH2_CIPHER_AES256_CTR:
1639     {
1640     struct Enc *enc;
1641    
1642     enc = &pvar->ssh2_keys[MODE_IN].enc;
1643     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1644     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1645     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1646     CIPHER_DECRYPT,
1647     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1648     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1649     pvar);
1650    
1651     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1652     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1653    
1654     pvar->crypt_state.decrypt = cAES128_decrypt;
1655     break;
1656     }
1657    
1658     case SSH2_CIPHER_BLOWFISH_CBC:
1659 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1660 maya 3227 {
1661     struct Enc *enc;
1662    
1663     enc = &pvar->ssh2_keys[MODE_IN].enc;
1664     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1665     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1666     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1667     CIPHER_DECRYPT,
1668     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1669     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1670     pvar);
1671    
1672     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1673     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1674    
1675     pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1676     break;
1677     }
1678    
1679     case SSH2_CIPHER_ARCFOUR:
1680     case SSH2_CIPHER_ARCFOUR128:
1681     case SSH2_CIPHER_ARCFOUR256:
1682     {
1683     struct Enc *enc;
1684    
1685     enc = &pvar->ssh2_keys[MODE_IN].enc;
1686     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1687     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1688     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1689     CIPHER_DECRYPT,
1690     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1691     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1692     pvar);
1693    
1694     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1695     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1696    
1697     pvar->crypt_state.decrypt = cArcfour_decrypt;
1698     break;
1699     }
1700    
1701     case SSH2_CIPHER_CAST128_CBC:
1702 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1703 maya 3227 {
1704     struct Enc *enc;
1705    
1706     enc = &pvar->ssh2_keys[MODE_IN].enc;
1707     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1708     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1709     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1710     CIPHER_DECRYPT,
1711     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1712     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1713     pvar);
1714    
1715     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1716     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1717    
1718     pvar->crypt_state.decrypt = cCast128_decrypt;
1719     break;
1720     }
1721    
1722 doda 4433 #ifdef WITH_CAMELLIA_DRAFT
1723     case SSH2_CIPHER_CAMELLIA128_CBC:
1724     case SSH2_CIPHER_CAMELLIA192_CBC:
1725     case SSH2_CIPHER_CAMELLIA256_CBC:
1726     case SSH2_CIPHER_CAMELLIA128_CTR:
1727     case SSH2_CIPHER_CAMELLIA192_CTR:
1728     case SSH2_CIPHER_CAMELLIA256_CTR:
1729     {
1730     struct Enc *enc;
1731    
1732     enc = &pvar->ssh2_keys[MODE_IN].enc;
1733     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1734     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1735     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1736     CIPHER_DECRYPT,
1737     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1738     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1739     pvar);
1740    
1741     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1742     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1743    
1744     pvar->crypt_state.decrypt = cCamellia_decrypt;
1745     break;
1746     }
1747     #endif // WITH_CAMELLIA_DRAFT
1748    
1749 maya 3227 case SSH_CIPHER_3DES:{
1750     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1751     pvar->crypt_state.decrypt = c3DES_decrypt;
1752     break;
1753     }
1754     case SSH_CIPHER_IDEA:{
1755     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1756     pvar->crypt_state.decrypt = cIDEA_decrypt;
1757     break;
1758     }
1759     case SSH_CIPHER_DES:{
1760     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1761     pvar->crypt_state.decrypt = cDES_decrypt;
1762     break;
1763     }
1764     case SSH_CIPHER_RC4:{
1765     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1766     pvar->crypt_state.decrypt = cRC4_decrypt;
1767     break;
1768     }
1769     case SSH_CIPHER_BLOWFISH:{
1770     cBlowfish_init(decryption_key,
1771     &pvar->crypt_state.dec.cBlowfish);
1772     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1773     break;
1774     }
1775     default:
1776     isOK = FALSE;
1777     }
1778     }
1779    
1780    
1781     if (!isOK) {
1782     UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1783     "No cipher selected!");
1784     notify_fatal_error(pvar, pvar->ts->UIMsg);
1785     return FALSE;
1786     } else {
1787     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1788     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1789     return TRUE;
1790     }
1791     }
1792    
1793     void CRYPT_init(PTInstVar pvar)
1794     {
1795     pvar->crypt_state.encrypt = no_encrypt;
1796     pvar->crypt_state.decrypt = no_encrypt;
1797     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1798     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1799     pvar->crypt_state.server_key.RSA_key = NULL;
1800     pvar->crypt_state.host_key.RSA_key = NULL;
1801    
1802     pvar->crypt_state.detect_attack_statics.h = NULL;
1803     pvar->crypt_state.detect_attack_statics.n =
1804     HASH_MINSIZE / HASH_ENTRYSIZE;
1805     }
1806    
1807     static char FAR *get_cipher_name(int cipher)
1808     {
1809     switch (cipher) {
1810     case SSH_CIPHER_NONE:
1811     return "None";
1812     case SSH_CIPHER_3DES:
1813     return "3DES (168 key bits)";
1814     case SSH_CIPHER_DES:
1815     return "DES (56 key bits)";
1816     case SSH_CIPHER_IDEA:
1817     return "IDEA (128 key bits)";
1818     case SSH_CIPHER_RC4:
1819     return "RC4 (128 key bits)";
1820     case SSH_CIPHER_BLOWFISH:
1821     return "Blowfish (256 key bits)";
1822    
1823     // SSH2
1824     case SSH2_CIPHER_3DES_CBC:
1825     return "3DES-CBC";
1826     case SSH2_CIPHER_AES128_CBC:
1827     return "AES128-CBC";
1828     case SSH2_CIPHER_AES192_CBC:
1829     return "AES192-CBC";
1830     case SSH2_CIPHER_AES256_CBC:
1831     return "AES256-CBC";
1832     case SSH2_CIPHER_BLOWFISH_CBC:
1833     return "Blowfish-CBC";
1834     case SSH2_CIPHER_AES128_CTR:
1835     return "AES128-CTR";
1836     case SSH2_CIPHER_AES192_CTR:
1837     return "AES192-CTR";
1838     case SSH2_CIPHER_AES256_CTR:
1839     return "AES256-CTR";
1840     case SSH2_CIPHER_ARCFOUR:
1841     return "Arcfour";
1842     case SSH2_CIPHER_ARCFOUR128:
1843     return "Arcfour128";
1844     case SSH2_CIPHER_ARCFOUR256:
1845     return "Arcfour256";
1846     case SSH2_CIPHER_CAST128_CBC:
1847     return "CAST-128-CBC";
1848 doda 3850 case SSH2_CIPHER_3DES_CTR:
1849     return "3DES-CTR";
1850     case SSH2_CIPHER_BLOWFISH_CTR:
1851     return "Blowfish-CTR";
1852     case SSH2_CIPHER_CAST128_CTR:
1853     return "CAST-128-CTR";
1854 doda 4433 #ifdef WITH_CAMELLIA_DRAFT
1855     case SSH2_CIPHER_CAMELLIA128_CBC:
1856     return "Camellia128-CBC";
1857     case SSH2_CIPHER_CAMELLIA192_CBC:
1858     return "Camellia192-CBC";
1859     case SSH2_CIPHER_CAMELLIA256_CBC:
1860     return "Camellia256-CBC";
1861     case SSH2_CIPHER_CAMELLIA128_CTR:
1862     return "Camellia128-CTR";
1863     case SSH2_CIPHER_CAMELLIA192_CTR:
1864     return "Camellia192-CTR";
1865     case SSH2_CIPHER_CAMELLIA256_CTR:
1866     return "Camellia256-CTR";
1867     #endif // WITH_CAMELLIA_DRAFT
1868 maya 3227
1869     default:
1870     return "Unknown";
1871     }
1872     }
1873    
1874     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1875     {
1876     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1877     "%s to server, %s from server");
1878     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1879     get_cipher_name(pvar->crypt_state.sender_cipher),
1880     get_cipher_name(pvar->crypt_state.receiver_cipher));
1881     }
1882    
1883     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1884     {
1885     if (SSHv1(pvar)) {
1886     if (pvar->crypt_state.server_key.RSA_key == NULL
1887     || pvar->crypt_state.host_key.RSA_key == NULL) {
1888     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1889     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1890     } else {
1891     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1892     "%d-bit server key, %d-bit host key");
1893     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1894     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1895     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1896     }
1897     } else { // SSH2
1898 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1899     "%d-bit client key, %d-bit server key");
1900 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1901 maya 4313 pvar->client_key_bits,
1902     pvar->server_key_bits);
1903 maya 3227 }
1904     }
1905    
1906 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1907 maya 3227 {
1908     if (key->RSA_key != NULL) {
1909     RSA_free(key->RSA_key);
1910     key->RSA_key = NULL;
1911     }
1912     }
1913    
1914 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1915 maya 3227 {
1916     destroy_public_key(key);
1917     free(key);
1918     }
1919    
1920     void CRYPT_end(PTInstVar pvar)
1921     {
1922     destroy_public_key(&pvar->crypt_state.host_key);
1923     destroy_public_key(&pvar->crypt_state.server_key);
1924    
1925     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1926     memset(pvar->crypt_state.detect_attack_statics.h, 0,
1927     pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1928     free(pvar->crypt_state.detect_attack_statics.h);
1929     }
1930    
1931     memset(pvar->crypt_state.sender_cipher_key, 0,
1932     sizeof(pvar->crypt_state.sender_cipher_key));
1933     memset(pvar->crypt_state.receiver_cipher_key, 0,
1934     sizeof(pvar->crypt_state.receiver_cipher_key));
1935     memset(pvar->crypt_state.server_cookie, 0,
1936     sizeof(pvar->crypt_state.server_cookie));
1937     memset(pvar->crypt_state.client_cookie, 0,
1938     sizeof(pvar->crypt_state.client_cookie));
1939     memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1940     memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1941     }
1942    
1943     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1944     char FAR * buf, int bytes)
1945     {
1946     unsigned char passphrase_key[16];
1947    
1948     MD5(passphrase, strlen(passphrase), passphrase_key);
1949    
1950     switch (cipher) {
1951     case SSH_CIPHER_3DES:{
1952     Cipher3DESState state;
1953    
1954     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1955     &state.k1);
1956     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1957     &state.k2);
1958     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1959     &state.k3);
1960     memset(state.ivec1, 0, 8);
1961     memset(state.ivec2, 0, 8);
1962     memset(state.ivec3, 0, 8);
1963     DES_ncbc_encrypt(buf, buf, bytes,
1964     &state.k3, &state.ivec3, DES_DECRYPT);
1965     DES_ncbc_encrypt(buf, buf, bytes,
1966     &state.k2, &state.ivec2, DES_ENCRYPT);
1967     DES_ncbc_encrypt(buf, buf, bytes,
1968     &state.k1, &state.ivec1, DES_DECRYPT);
1969     break;
1970     }
1971    
1972     case SSH_CIPHER_IDEA:{
1973     CipherIDEAState state;
1974     int num = 0;
1975    
1976     cIDEA_init(passphrase_key, &state);
1977     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1978     &num, IDEA_DECRYPT);
1979     break;
1980     }
1981    
1982     case SSH_CIPHER_DES:{
1983     CipherDESState state;
1984    
1985     cDES_init(passphrase_key, &state);
1986     DES_ncbc_encrypt(buf, buf, bytes,
1987     &state.k, &state.ivec, DES_DECRYPT);
1988     break;
1989     }
1990    
1991     case SSH_CIPHER_RC4:{
1992     CipherRC4State state;
1993     int num = 0;
1994    
1995     RC4_set_key(&state.k, 16, passphrase_key);
1996     RC4(&state.k, bytes, buf, buf);
1997     break;
1998     }
1999    
2000     case SSH_CIPHER_BLOWFISH:{
2001     CipherBlowfishState state;
2002    
2003     BF_set_key(&state.k, 16, passphrase_key);
2004     memset(state.ivec, 0, 8);
2005     flip_endianness(buf, bytes);
2006     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
2007     BF_DECRYPT);
2008     flip_endianness(buf, bytes);
2009     break;
2010     }
2011    
2012     case SSH_CIPHER_NONE:
2013     break;
2014    
2015     default:
2016     memset(passphrase_key, 0, sizeof(passphrase_key));
2017     return 0;
2018     }
2019    
2020     memset(passphrase_key, 0, sizeof(passphrase_key));
2021     return 1;
2022     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help