Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6229 - (hide annotations) (download) (as text)
Fri Jan 1 11:06:37 2016 UTC (8 years, 3 months ago) by yutakapon
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 62176 byte(s) 
チケット #35870 ゼロクリアの削除

memset()やZeroMemory()は、コンパイラの最適化で削除されることがあるため、
セキュリティ上削除されると困る箇所に関しては SecureZeroMemory() に置き換える。
SecureZeroMemory() はインライン関数のため、Windows95 でも動作する。
1 maya 3227 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40     #include <openssl/dsa.h>
41     #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202     default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204     buf, bytes, NULL) == DEATTACK_DETECTED;
205     }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     // ���O�������������������������������AAES192, AES256 ����
218     // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220     int bytes)
221     {
222     unsigned char *newbuf = malloc(bytes);
223     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224 doda 4212 char tmp[80];
225 maya 3227
226     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227     if (bytes == 0)
228     goto error;
229    
230     if (newbuf == NULL)
231     return;
232    
233     if (bytes % block_size) {
234 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
235     "%s encrypt error(1): bytes %d (%d)");
236     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237     "AES128/192/256", bytes, block_size);
238 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
239 maya 3227 goto error;
240     }
241    
242     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
244     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
245     "AES128/192/256");
246 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
247 maya 3227 goto error;
248    
249     } else {
250     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
251     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
252     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
253     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
254    
255     //debug_print(50, key, 24);
256     //debug_print(51, iv, 8);
257     //debug_print(52, buf, bytes);
258     //debug_print(53, newbuf, bytes);
259    
260     memcpy(buf, newbuf, bytes);
261     }
262    
263     error:
264     free(newbuf);
265     }
266    
267     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
268     int bytes)
269     {
270     unsigned char *newbuf = malloc(bytes);
271     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272 doda 4212 char tmp[80];
273 maya 3227
274     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
275     if (bytes == 0)
276     goto error;
277    
278     if (newbuf == NULL)
279     return;
280    
281     if (bytes % block_size) {
282 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
283     "%s decrypt error(1): bytes %d (%d)");
284     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
285     "AES128/192/256", bytes, block_size);
286 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
287 maya 3227 goto error;
288     }
289    
290     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
291 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
292     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
293     "AES128/192/256");
294 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
295 maya 3227 goto error;
296    
297     } else {
298     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
299     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
300     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
301     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
302    
303     //debug_print(70, key, AES128_KEYLEN);
304     //debug_print(71, iv, AES128_IVLEN);
305     //debug_print(72, buf, bytes);
306     //debug_print(73, newbuf, bytes);
307    
308     memcpy(buf, newbuf, bytes);
309     }
310    
311     error:
312     free(newbuf);
313     }
314    
315    
316     // for SSH2(yutaka)
317 doda 3850 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
318 doda 4212 int bytes)
319 maya 3227 {
320     unsigned char *newbuf = malloc(bytes);
321     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
322 doda 4212 char tmp[80];
323 maya 3227
324     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
325     if (bytes == 0)
326     goto error;
327    
328     if (newbuf == NULL)
329     return;
330    
331     if (bytes % block_size) {
332 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
333     "%s encrypt error(1): bytes %d (%d)");
334     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
335     "3DES-CBC", bytes, block_size);
336 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
337 maya 3227 goto error;
338     }
339    
340     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
341 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
342     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
343     "3DES-CBC");
344 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
345 maya 3227 goto error;
346    
347     } else {
348     //unsigned char key[24], iv[8];
349     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352    
353     //debug_print(50, key, 24);
354     //debug_print(51, iv, 8);
355     //debug_print(52, buf, bytes);
356     //debug_print(53, newbuf, bytes);
357    
358     memcpy(buf, newbuf, bytes);
359     }
360    
361     error:
362     free(newbuf);
363     }
364    
365 doda 3850 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
366 doda 4212 int bytes)
367 maya 3227 {
368     unsigned char *newbuf = malloc(bytes);
369     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
370 doda 4212 char tmp[80];
371 maya 3227
372     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
373     if (bytes == 0)
374     goto error;
375    
376     if (newbuf == NULL)
377     return;
378    
379     if (bytes % block_size) {
380 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
381     "%s decrypt error(1): bytes %d (%d)");
382     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
383     "3DES-CBC", bytes, block_size);
384 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
385 maya 3227 goto error;
386     }
387    
388     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
390     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
391     "3DES-CBC");
392 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
393 maya 3227 goto error;
394    
395     } else {
396     //unsigned char key[24], iv[8];
397     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
398     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
399     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
400    
401     //debug_print(70, key, 24);
402     //debug_print(71, iv, 8);
403     //debug_print(72, buf, bytes);
404     //debug_print(73, newbuf, bytes);
405    
406     memcpy(buf, newbuf, bytes);
407     }
408    
409     error:
410     free(newbuf);
411     }
412    
413    
414     static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
415     int bytes)
416     {
417     unsigned char *newbuf = malloc(bytes);
418     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
419 doda 4212 char tmp[80];
420 maya 3227
421     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
422     if (bytes == 0)
423     goto error;
424    
425     if (newbuf == NULL)
426     return;
427    
428     if (bytes % block_size) {
429 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
430     "%s encrypt error(1): bytes %d (%d)");
431     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
432     "Blowfish", bytes, block_size);
433 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
434 maya 3227 goto error;
435     }
436    
437     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
438 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
439     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
440     "Blowfish");
441 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
442 maya 3227 goto error;
443    
444     } else {
445     memcpy(buf, newbuf, bytes);
446    
447     }
448    
449     error:
450     free(newbuf);
451     }
452    
453     static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
454     int bytes)
455     {
456     unsigned char *newbuf = malloc(bytes);
457     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
458 doda 4212 char tmp[80];
459 maya 3227
460     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
461     if (bytes == 0)
462     goto error;
463    
464     if (newbuf == NULL)
465     return;
466    
467     if (bytes % block_size) {
468 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
469     "%s decrypt error(1): bytes %d (%d)");
470     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
471     "Blowfish", bytes, block_size);
472 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
473 maya 3227 goto error;
474     }
475    
476     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
477 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
478     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
479     "Blowfish");
480 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
481 maya 3227 goto error;
482    
483     } else {
484     memcpy(buf, newbuf, bytes);
485    
486     }
487    
488     error:
489     free(newbuf);
490     }
491    
492 doda 4212
493 maya 3227 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
494 doda 4212 int bytes)
495 maya 3227 {
496     unsigned char *newbuf = malloc(bytes);
497     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
498 doda 4212 char tmp[80];
499 maya 3227
500     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
501     if (bytes == 0)
502     goto error;
503    
504     if (newbuf == NULL)
505     return;
506    
507     if (bytes % block_size) {
508 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
509     "%s encrypt error(1): bytes %d (%d)");
510     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
511     "Arcfour", bytes, block_size);
512 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
513 maya 3227 goto error;
514     }
515    
516     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
517 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
518     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
519     "Arcfour");
520 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
521 maya 3227 goto error;
522    
523     } else {
524     memcpy(buf, newbuf, bytes);
525    
526     }
527    
528     error:
529     free(newbuf);
530     }
531    
532     static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 doda 4212 int bytes)
534 maya 3227 {
535     unsigned char *newbuf = malloc(bytes);
536     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
537 doda 4212 char tmp[80];
538 maya 3227
539     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
540     if (bytes == 0)
541     goto error;
542    
543     if (newbuf == NULL)
544     return;
545    
546     if (bytes % block_size) {
547 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
548     "%s decrypt error(1): bytes %d (%d)");
549     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
550     "Arcfour", bytes, block_size);
551 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
552 maya 3227 goto error;
553     }
554    
555     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
556 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
557     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
558     "Arcfour");
559 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
560 maya 3227 goto error;
561    
562     } else {
563     memcpy(buf, newbuf, bytes);
564    
565     }
566    
567     error:
568     free(newbuf);
569     }
570    
571 doda 4212
572 maya 3227 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
573     int bytes)
574     {
575     unsigned char *newbuf = malloc(bytes);
576     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
577 doda 4212 char tmp[80];
578 maya 3227
579     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
580     if (bytes == 0)
581     goto error;
582    
583     if (newbuf == NULL)
584     return;
585    
586     if (bytes % block_size) {
587 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
588     "%s encrypt error(1): bytes %d (%d)");
589     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
590     "CAST128", bytes, block_size);
591 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
592 maya 3227 goto error;
593     }
594    
595     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
596 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
597     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
598     "CAST128");
599 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
600 maya 3227 goto error;
601    
602     } else {
603     memcpy(buf, newbuf, bytes);
604    
605     }
606    
607     error:
608     free(newbuf);
609     }
610    
611     static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
612     int bytes)
613     {
614     unsigned char *newbuf = malloc(bytes);
615     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
616 doda 4212 char tmp[80];
617 maya 3227
618     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
619     if (bytes == 0)
620     goto error;
621    
622     if (newbuf == NULL)
623     return;
624    
625     if (bytes % block_size) {
626 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
627     "%s decrypt error(1): bytes %d (%d)");
628     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
629     "CAST128", bytes, block_size);
630 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
631 maya 3227 goto error;
632     }
633    
634     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
635 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
636     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
637     "CAST128");
638 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
639 maya 3227 goto error;
640    
641     } else {
642     memcpy(buf, newbuf, bytes);
643    
644     }
645    
646     error:
647     free(newbuf);
648     }
649    
650 doda 4433 static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
651     int bytes)
652     {
653     unsigned char *newbuf = malloc(bytes);
654     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
655     char tmp[80];
656 maya 3227
657 doda 4433 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
658     if (bytes == 0)
659     goto error;
660    
661     if (newbuf == NULL)
662     return;
663    
664     if (bytes % block_size) {
665     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
666     "%s encrypt error(1): bytes %d (%d)");
667     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
668     "Camellia128/192/256", bytes, block_size);
669 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
670 doda 4433 goto error;
671     }
672    
673     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
674     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
675     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
676     "Camellia128/192/256");
677 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
678 doda 4433 goto error;
679    
680     } else {
681     memcpy(buf, newbuf, bytes);
682    
683     }
684    
685     error:
686     free(newbuf);
687     }
688    
689     static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
690     int bytes)
691     {
692     unsigned char *newbuf = malloc(bytes);
693     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
694     char tmp[80];
695    
696     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
697     if (bytes == 0)
698     goto error;
699    
700     if (newbuf == NULL)
701     return;
702    
703     if (bytes % block_size) {
704     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
705     "%s decrypt error(1): bytes %d (%d)");
706     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
707     "Camellia128/192/256", bytes, block_size);
708 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
709 doda 4433 goto error;
710     }
711    
712     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
713     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
714     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
715     "Camellia128/192/256");
716 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
717 doda 4433 goto error;
718    
719     } else {
720     memcpy(buf, newbuf, bytes);
721    
722     }
723    
724     error:
725     free(newbuf);
726     }
727    
728 maya 3227 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
729     int bytes)
730     {
731     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
732    
733     DES_ncbc_encrypt(buf, buf, bytes,
734     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
735     DES_ncbc_encrypt(buf, buf, bytes,
736     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
737     DES_ncbc_encrypt(buf, buf, bytes,
738     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
739     }
740    
741     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
742     int bytes)
743     {
744     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
745    
746     DES_ncbc_encrypt(buf, buf, bytes,
747     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
748     DES_ncbc_encrypt(buf, buf, bytes,
749     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
750     DES_ncbc_encrypt(buf, buf, bytes,
751     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
752     }
753    
754     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
755     int bytes)
756     {
757     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
758    
759     DES_ncbc_encrypt(buf, buf, bytes,
760     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
761     }
762    
763     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
764     int bytes)
765     {
766     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
767    
768     DES_ncbc_encrypt(buf, buf, bytes,
769     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
770     }
771    
772     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
773     int bytes)
774     {
775     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
776     int num = 0;
777    
778     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
779     encryptstate->ivec, &num, IDEA_ENCRYPT);
780     }
781    
782     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
783     int bytes)
784     {
785     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
786     int num = 0;
787    
788     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
789     decryptstate->ivec, &num, IDEA_DECRYPT);
790     }
791    
792     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
793     {
794     uint32 FAR *buf = (uint32 FAR *) cbuf;
795     int count = bytes / 4;
796    
797     while (count > 0) {
798     uint32 w = *buf;
799    
800     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
801     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
802     count--;
803     buf++;
804     }
805     }
806    
807     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
808     int bytes)
809     {
810     CipherBlowfishState FAR *encryptstate =
811     &pvar->crypt_state.enc.cBlowfish;
812    
813     flip_endianness(buf, bytes);
814     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
815     BF_ENCRYPT);
816     flip_endianness(buf, bytes);
817     }
818    
819     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
820     int bytes)
821     {
822     CipherBlowfishState FAR *decryptstate =
823     &pvar->crypt_state.dec.cBlowfish;
824    
825     flip_endianness(buf, bytes);
826     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
827     BF_DECRYPT);
828     flip_endianness(buf, bytes);
829     }
830    
831     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
832     int bytes)
833     {
834     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
835     int num = 0;
836    
837     RC4(&encryptstate->k, bytes, buf, buf);
838     }
839    
840     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
841     int bytes)
842     {
843     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
844     int num = 0;
845    
846     RC4(&decryptstate->k, bytes, buf, buf);
847     }
848    
849     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
850     int bytes)
851     {
852     RAND_bytes(buf, bytes);
853     }
854    
855     void CRYPT_initialize_random_numbers(PTInstVar pvar)
856     {
857 maya 4550 // ����������������������
858     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
859     //RAND_screen();
860 maya 3227 }
861    
862     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
863     {
864     int bits = get_ushort16_MSBfirst(bytes);
865    
866     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
867     }
868    
869     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
870     RSA FAR *make_key(PTInstVar pvar,
871     int bits, unsigned char FAR * exp,
872     unsigned char FAR * mod)
873     {
874     RSA FAR *key = RSA_new();
875    
876     if (key != NULL) {
877     key->e = get_bignum(exp);
878     key->n = get_bignum(mod);
879     }
880    
881     if (key == NULL || key->e == NULL || key->n == NULL) {
882     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
883     "Error setting up RSA keys");
884 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
885 maya 3227
886     if (key != NULL) {
887     if (key->e != NULL) {
888     BN_free(key->e);
889     }
890     if (key->n != NULL) {
891     BN_free(key->n);
892     }
893     RSA_free(key);
894     }
895    
896     return NULL;
897     } else {
898     return key;
899     }
900     }
901    
902     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
903     {
904     if (SSHv1(pvar)) {
905     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
906     } else {
907     memcpy(pvar->crypt_state.server_cookie, cookie,
908     SSH2_COOKIE_LENGTH);
909     }
910     }
911    
912     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
913     {
914     if (SSHv2(pvar)) {
915     memcpy(pvar->crypt_state.client_cookie, cookie,
916     SSH2_COOKIE_LENGTH);
917     }
918     }
919    
920     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
921     int bits, unsigned char FAR * exp,
922     unsigned char FAR * mod)
923     {
924     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
925    
926     return pvar->crypt_state.server_key.RSA_key != NULL;
927     }
928    
929     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
930     int bits, unsigned char FAR * exp,
931     unsigned char FAR * mod)
932     {
933     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
934    
935     return pvar->crypt_state.host_key.RSA_key != NULL;
936     }
937    
938     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
939     int receiver_ciphers)
940     {
941     int cipher_mask;
942    
943     if (SSHv1(pvar)) {
944     cipher_mask = (1 << SSH_CIPHER_DES)
945     | (1 << SSH_CIPHER_3DES)
946     | (1 << SSH_CIPHER_BLOWFISH);
947    
948     } else { // for SSH2(yutaka)
949     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
950 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
951 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
952     | (1 << SSH2_CIPHER_AES192_CBC)
953     | (1 << SSH2_CIPHER_AES256_CBC)
954     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
955     | (1 << SSH2_CIPHER_AES128_CTR)
956     | (1 << SSH2_CIPHER_AES192_CTR)
957     | (1 << SSH2_CIPHER_AES256_CTR)
958     | (1 << SSH2_CIPHER_ARCFOUR)
959     | (1 << SSH2_CIPHER_ARCFOUR128)
960     | (1 << SSH2_CIPHER_ARCFOUR256)
961 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
962     | (1 << SSH2_CIPHER_3DES_CTR)
963     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
964 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
965     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
966     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
967     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
968     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
969     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
970     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
971     );
972 maya 3227 }
973    
974     sender_ciphers &= cipher_mask;
975     receiver_ciphers &= cipher_mask;
976     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
977     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
978    
979     if (sender_ciphers == 0) {
980     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
981     "The server does not support any of the TTSSH encryption algorithms.\n"
982     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
983     "The connection will be closed.");
984 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
985 maya 3227 return FALSE;
986     } else if (receiver_ciphers == 0) {
987     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
988     "The server does not support any of the TTSSH encryption algorithms.\n"
989     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
990     "The connection will be closed.");
991 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
992 maya 3227 return FALSE;
993     } else {
994     return TRUE;
995     }
996     }
997    
998     int CRYPT_get_decryption_block_size(PTInstVar pvar)
999     {
1000     if (SSHv1(pvar)) {
1001     return 8;
1002     } else {
1003     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1004     // cf. 3DES=8, AES128=16
1005     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
1006     }
1007     }
1008    
1009     int CRYPT_get_encryption_block_size(PTInstVar pvar)
1010     {
1011     if (SSHv1(pvar)) {
1012     return 8;
1013     } else {
1014     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1015     // cf. 3DES=8, AES128=16
1016     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
1017     }
1018     }
1019    
1020     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
1021     {
1022     struct Mac *mac;
1023    
1024     if (SSHv1(pvar)) {
1025     return 0;
1026    
1027     } else { // for SSH2(yutaka)
1028     mac = &pvar->ssh2_keys[MODE_IN].mac;
1029     if (mac == NULL || mac->enabled == 0)
1030     return 0;
1031    
1032     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
1033     }
1034    
1035     }
1036    
1037     // HMAC������
1038     // ���{������ SSH2 �������g�p�������B
1039     // (2004.12.17 yutaka)
1040     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
1041     char FAR * data, int len, char FAR * MAC)
1042     {
1043     HMAC_CTX c;
1044     unsigned char m[EVP_MAX_MD_SIZE];
1045     unsigned char b[4];
1046     struct Mac *mac;
1047    
1048     mac = &pvar->ssh2_keys[MODE_IN].mac;
1049    
1050     // HMAC�������L���������������A����OK�����������B
1051     if (mac == NULL || mac->enabled == 0)
1052     return TRUE;
1053    
1054     if (mac->key == NULL)
1055     goto error;
1056    
1057     if ((u_int)mac->mac_len > sizeof(m))
1058     goto error;
1059    
1060     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1061     set_uint32_MSBfirst(b, sequence_number);
1062     HMAC_Update(&c, b, sizeof(b));
1063     HMAC_Update(&c, data, len);
1064     HMAC_Final(&c, m, NULL);
1065     HMAC_cleanup(&c);
1066    
1067     if (memcmp(m, MAC, mac->mac_len)) {
1068     goto error;
1069     }
1070    
1071     return TRUE;
1072    
1073     error:
1074     return FALSE;
1075     }
1076    
1077     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1078     {
1079     struct Mac *mac;
1080    
1081     if (SSHv2(pvar)) { // for SSH2(yutaka)
1082     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1083     if (mac == NULL || mac->enabled == 0)
1084     return 0;
1085    
1086     return (mac->mac_len);
1087     }
1088    
1089     return 0;
1090     }
1091    
1092     // for SSH2
1093     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1094     char FAR * data, int len, char FAR * MAC)
1095     {
1096     HMAC_CTX c;
1097     static u_char m[EVP_MAX_MD_SIZE];
1098     u_char b[4];
1099     struct Mac *mac;
1100    
1101     if (SSHv2(pvar)) { // for SSH2(yutaka)
1102     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1103     if (mac == NULL || mac->enabled == 0)
1104     return FALSE;
1105    
1106     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1107     set_uint32_MSBfirst(b, sequence_number);
1108     HMAC_Update(&c, b, sizeof(b));
1109     HMAC_Update(&c, data, len);
1110     HMAC_Final(&c, m, NULL);
1111     HMAC_cleanup(&c);
1112    
1113     // 20�o�C�g�������R�s�[
1114     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1115     // memcpy(MAC, m, sizeof(m));
1116    
1117     return TRUE;
1118     }
1119    
1120     return TRUE;
1121    
1122     }
1123    
1124     static int choose_cipher(PTInstVar pvar, int supported)
1125     {
1126     int i;
1127    
1128     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1129     int cipher = pvar->session_settings.CipherOrder[i] - '0';
1130    
1131     if (cipher == SSH_CIPHER_NONE) {
1132     break;
1133     } else if ((supported & (1 << cipher)) != 0) {
1134     return cipher;
1135     }
1136     }
1137    
1138     return SSH_CIPHER_NONE;
1139     }
1140    
1141     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1142     {
1143     if (SSHv1(pvar)) {
1144     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1145     pvar->crypt_state.
1146     supported_sender_ciphers);
1147     pvar->crypt_state.receiver_cipher =
1148     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1149    
1150     } else { // SSH2(yutaka)
1151     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1152     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1153    
1154     }
1155    
1156     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1157     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1158     UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
1159     "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1160     "To communicate with this server, you will have to enable some more ciphers\n"
1161     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1162     "This connection will now close.");
1163 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1164 maya 3227 return FALSE;
1165     } else {
1166     return TRUE;
1167     }
1168     }
1169    
1170     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1171     {
1172     int server_key_bits =
1173     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1174     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1175     int server_key_bytes = (server_key_bits + 7) / 8;
1176     int host_key_bytes = (host_key_bits + 7) / 8;
1177    
1178     if (server_key_bits < host_key_bits) {
1179     return host_key_bytes;
1180     } else {
1181     return server_key_bytes;
1182     }
1183     }
1184    
1185     int CRYPT_choose_session_key(PTInstVar pvar,
1186     unsigned char FAR * encrypted_key_buf)
1187     {
1188     int server_key_bits =
1189     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1190     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1191     int server_key_bytes = (server_key_bits + 7) / 8;
1192     int host_key_bytes = (host_key_bits + 7) / 8;
1193     int encrypted_key_bytes;
1194     int bit_delta;
1195    
1196     if (server_key_bits < host_key_bits) {
1197     encrypted_key_bytes = host_key_bytes;
1198     bit_delta = host_key_bits - server_key_bits;
1199     } else {
1200     encrypted_key_bytes = server_key_bytes;
1201     bit_delta = server_key_bits - host_key_bits;
1202     }
1203    
1204     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1205     UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1206     "Server RSA keys are too weak. A secure connection cannot be established.");
1207 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1208 maya 3227 return 0;
1209     } else {
1210     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1211     for the session ID, rather than the one specified in the RFC */
1212     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1213     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1214     char session_id[16];
1215     int i;
1216    
1217     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1218     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1219     session_buf + host_key_bytes);
1220     memcpy(session_buf + server_key_bytes + host_key_bytes,
1221     pvar->crypt_state.server_cookie, 8);
1222     MD5(session_buf, session_buf_len, session_id);
1223    
1224     free(session_buf);
1225    
1226     RAND_bytes(pvar->crypt_state.sender_cipher_key,
1227     SSH_SESSION_KEY_LENGTH);
1228     memcpy(pvar->crypt_state.receiver_cipher_key,
1229     pvar->crypt_state.sender_cipher_key,
1230     SSH_SESSION_KEY_LENGTH);
1231    
1232     memcpy(encrypted_key_buf + encrypted_key_bytes -
1233     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1234     SSH_SESSION_KEY_LENGTH);
1235     for (i = 0; i < sizeof(session_id); i++) {
1236     encrypted_key_buf[encrypted_key_bytes -
1237     SSH_SESSION_KEY_LENGTH + i]
1238     ^= session_id[i];
1239     }
1240    
1241     if (host_key_bits > server_key_bits) {
1242     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1243     encrypted_key_buf +
1244     encrypted_key_bytes -
1245     SSH_SESSION_KEY_LENGTH,
1246     encrypted_key_buf +
1247     encrypted_key_bytes - server_key_bytes,
1248     pvar->crypt_state.server_key.RSA_key,
1249     RSA_PKCS1_PADDING) < 0)
1250     return 0;
1251    
1252     if (RSA_public_encrypt(server_key_bytes,
1253     encrypted_key_buf +
1254     encrypted_key_bytes - server_key_bytes,
1255     encrypted_key_buf,
1256     pvar->crypt_state.host_key.RSA_key,
1257     RSA_PKCS1_PADDING) < 0)
1258     return 0;
1259     } else {
1260     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1261     encrypted_key_buf +
1262     encrypted_key_bytes -
1263     SSH_SESSION_KEY_LENGTH,
1264     encrypted_key_buf +
1265     encrypted_key_bytes - host_key_bytes,
1266     pvar->crypt_state.host_key.RSA_key,
1267     RSA_PKCS1_PADDING) < 0)
1268     return 0;
1269    
1270     if (RSA_public_encrypt(host_key_bytes,
1271     encrypted_key_buf +
1272     encrypted_key_bytes - host_key_bytes,
1273     encrypted_key_buf,
1274     pvar->crypt_state.server_key.RSA_key,
1275     RSA_PKCS1_PADDING) < 0)
1276     return 0;
1277     }
1278     }
1279    
1280     return 1;
1281     }
1282    
1283     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1284     unsigned char FAR * challenge,
1285     int challenge_len,
1286     unsigned char FAR * response)
1287     {
1288     int server_key_bits =
1289     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1290     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1291     int server_key_bytes = (server_key_bits + 7) / 8;
1292     int host_key_bytes = (host_key_bits + 7) / 8;
1293     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1294     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1295     char decrypted_challenge[48];
1296     int decrypted_challenge_len;
1297    
1298     decrypted_challenge_len =
1299     RSA_private_decrypt(challenge_len, challenge, challenge,
1300 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1301 maya 3227 RSA_PKCS1_PADDING);
1302     if (decrypted_challenge_len < 0) {
1303     free(session_buf);
1304     return 0;
1305     }
1306     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1307     memcpy(decrypted_challenge,
1308     challenge + decrypted_challenge_len -
1309     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1310     } else {
1311     memset(decrypted_challenge, 0,
1312     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1313     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1314     decrypted_challenge_len, challenge,
1315     decrypted_challenge_len);
1316     }
1317    
1318     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1319     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1320     session_buf + host_key_bytes);
1321     memcpy(session_buf + server_key_bytes + host_key_bytes,
1322     pvar->crypt_state.server_cookie, 8);
1323     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1324    
1325     free(session_buf);
1326    
1327     MD5(decrypted_challenge, 48, response);
1328    
1329     return 1;
1330     }
1331    
1332     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1333     {
1334     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1335     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1336     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1337     memset(state->ivec1, 0, 8);
1338     memset(state->ivec2, 0, 8);
1339     memset(state->ivec3, 0, 8);
1340     }
1341    
1342     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1343     {
1344     DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1345     memset(state->ivec, 0, 8);
1346     }
1347    
1348     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1349     {
1350     idea_set_encrypt_key(session_key, &state->k);
1351     memset(state->ivec, 0, 8);
1352     }
1353    
1354     static void cBlowfish_init(char FAR * session_key,
1355     CipherBlowfishState FAR * state)
1356     {
1357     BF_set_key(&state->k, 32, session_key);
1358     memset(state->ivec, 0, 8);
1359     }
1360    
1361    
1362     //
1363     // SSH2�p�A���S���Y����������
1364     //
1365     // for SSH2(yutaka)
1366     //
1367     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1368     const u_char *key, u_int keylen,
1369     const u_char *iv, u_int ivlen,
1370     int encrypt,
1371     const EVP_CIPHER *type,
1372     int discard_len,
1373     PTInstVar pvar)
1374     {
1375     int klen;
1376     char tmp[80];
1377     unsigned char *junk = NULL, *discard = NULL;
1378    
1379     EVP_CIPHER_CTX_init(evp);
1380     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1381     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1382     "Cipher initialize error(%d)");
1383     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1384 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1385 maya 3227 return;
1386     }
1387    
1388     klen = EVP_CIPHER_CTX_key_length(evp);
1389     if (klen > 0 && keylen != klen) {
1390     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1391     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1392     "Cipher initialize error(%d)");
1393     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1394 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1395 maya 3227 return;
1396     }
1397     }
1398     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1399     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1400     "Cipher initialize error(%d)");
1401     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1402 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1403 maya 3227 return;
1404     }
1405    
1406     if (discard_len > 0) {
1407     junk = malloc(discard_len);
1408     discard = malloc(discard_len);
1409     if (junk == NULL || discard == NULL ||
1410     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1411     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1412     "Cipher initialize error(%d)");
1413     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1414     pvar->ts->UIMsg, 3);
1415 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1416 maya 3227 }
1417     else {
1418 yutakapon 6229 SecureZeroMemory(discard, discard_len);
1419 maya 3227 }
1420     free(junk);
1421     free(discard);
1422     }
1423     }
1424    
1425 yutakapon 5545 //
1426     // SSH2�p�A���S���Y�����j��
1427     //
1428     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1429     {
1430     EVP_CIPHER_CTX_cleanup(evp);
1431     }
1432 maya 3227
1433 yutakapon 5545
1434 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1435     {
1436     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1437     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1438     BOOL isOK = TRUE;
1439    
1440     if (sender_flag) {
1441     switch (pvar->crypt_state.sender_cipher) {
1442     // for SSH2(yutaka)
1443     case SSH2_CIPHER_3DES_CBC:
1444 doda 3850 case SSH2_CIPHER_3DES_CTR:
1445 maya 3227 {
1446     struct Enc *enc;
1447    
1448     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1449     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1450     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1451     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1452     CIPHER_ENCRYPT,
1453     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1454     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1455     pvar);
1456    
1457     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1458     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1459    
1460 doda 3850 pvar->crypt_state.encrypt = c3DES_encrypt2;
1461 maya 3227 break;
1462     }
1463    
1464     // for SSH2(yutaka)
1465     case SSH2_CIPHER_AES128_CBC:
1466     case SSH2_CIPHER_AES192_CBC:
1467     case SSH2_CIPHER_AES256_CBC:
1468     case SSH2_CIPHER_AES128_CTR:
1469     case SSH2_CIPHER_AES192_CTR:
1470     case SSH2_CIPHER_AES256_CTR:
1471     {
1472     struct Enc *enc;
1473    
1474     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1475     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1476     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1477     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1478     CIPHER_ENCRYPT,
1479     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1480     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1481     pvar);
1482    
1483     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1484     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1485    
1486     pvar->crypt_state.encrypt = cAES128_encrypt;
1487     break;
1488     }
1489    
1490     case SSH2_CIPHER_BLOWFISH_CBC:
1491 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1492 maya 3227 {
1493     struct Enc *enc;
1494    
1495     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1496     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1497     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1498     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1499     CIPHER_ENCRYPT,
1500     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1501     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1502     pvar);
1503    
1504     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1505     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1506    
1507     pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1508     break;
1509     }
1510    
1511     case SSH2_CIPHER_ARCFOUR:
1512     case SSH2_CIPHER_ARCFOUR128:
1513     case SSH2_CIPHER_ARCFOUR256:
1514     {
1515     struct Enc *enc;
1516    
1517     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1518     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1519     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1520     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1521     CIPHER_ENCRYPT,
1522     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1523     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1524     pvar);
1525     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1526     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1527    
1528     pvar->crypt_state.encrypt = cArcfour_encrypt;
1529     break;
1530     }
1531    
1532     case SSH2_CIPHER_CAST128_CBC:
1533 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1534 maya 3227 {
1535     struct Enc *enc;
1536    
1537     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1538     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1539     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1540     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1541     CIPHER_ENCRYPT,
1542     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1543     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1544     pvar);
1545     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1546     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1547    
1548     pvar->crypt_state.encrypt = cCast128_encrypt;
1549     break;
1550     }
1551    
1552 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1553     case SSH2_CIPHER_CAMELLIA192_CBC:
1554     case SSH2_CIPHER_CAMELLIA256_CBC:
1555     case SSH2_CIPHER_CAMELLIA128_CTR:
1556     case SSH2_CIPHER_CAMELLIA192_CTR:
1557     case SSH2_CIPHER_CAMELLIA256_CTR:
1558     {
1559     struct Enc *enc;
1560    
1561     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1562     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1563     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1564     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1565     CIPHER_ENCRYPT,
1566     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1567     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1568     pvar);
1569    
1570     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1571     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1572    
1573     pvar->crypt_state.encrypt = cCamellia_encrypt;
1574     break;
1575     }
1576    
1577 maya 3227 case SSH_CIPHER_3DES:{
1578     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1579     pvar->crypt_state.encrypt = c3DES_encrypt;
1580     break;
1581     }
1582     case SSH_CIPHER_IDEA:{
1583     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1584     pvar->crypt_state.encrypt = cIDEA_encrypt;
1585     break;
1586     }
1587     case SSH_CIPHER_DES:{
1588     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1589     pvar->crypt_state.encrypt = cDES_encrypt;
1590     break;
1591     }
1592     case SSH_CIPHER_RC4:{
1593     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1594     encryption_key + 16);
1595     pvar->crypt_state.encrypt = cRC4_encrypt;
1596     break;
1597     }
1598     case SSH_CIPHER_BLOWFISH:{
1599     cBlowfish_init(encryption_key,
1600     &pvar->crypt_state.enc.cBlowfish);
1601     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1602     break;
1603     }
1604     default:
1605     isOK = FALSE;
1606     }
1607     }
1608    
1609    
1610     if (receiver_flag) {
1611     switch (pvar->crypt_state.receiver_cipher) {
1612     // for SSH2(yutaka)
1613     case SSH2_CIPHER_3DES_CBC:
1614 doda 3850 case SSH2_CIPHER_3DES_CTR:
1615 maya 3227 {
1616     struct Enc *enc;
1617    
1618     enc = &pvar->ssh2_keys[MODE_IN].enc;
1619     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1620     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1621     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1622     CIPHER_DECRYPT,
1623     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1624     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1625     pvar);
1626    
1627     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1628     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1629    
1630 doda 3850 pvar->crypt_state.decrypt = c3DES_decrypt2;
1631 maya 3227 break;
1632     }
1633    
1634     // for SSH2(yutaka)
1635     case SSH2_CIPHER_AES128_CBC:
1636     case SSH2_CIPHER_AES192_CBC:
1637     case SSH2_CIPHER_AES256_CBC:
1638     case SSH2_CIPHER_AES128_CTR:
1639     case SSH2_CIPHER_AES192_CTR:
1640     case SSH2_CIPHER_AES256_CTR:
1641     {
1642     struct Enc *enc;
1643    
1644     enc = &pvar->ssh2_keys[MODE_IN].enc;
1645     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1646     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1647     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1648     CIPHER_DECRYPT,
1649     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1650     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1651     pvar);
1652    
1653     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1654     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1655    
1656     pvar->crypt_state.decrypt = cAES128_decrypt;
1657     break;
1658     }
1659    
1660     case SSH2_CIPHER_BLOWFISH_CBC:
1661 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1662 maya 3227 {
1663     struct Enc *enc;
1664    
1665     enc = &pvar->ssh2_keys[MODE_IN].enc;
1666     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1667     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1668     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1669     CIPHER_DECRYPT,
1670     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1671     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1672     pvar);
1673    
1674     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1675     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1676    
1677     pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1678     break;
1679     }
1680    
1681     case SSH2_CIPHER_ARCFOUR:
1682     case SSH2_CIPHER_ARCFOUR128:
1683     case SSH2_CIPHER_ARCFOUR256:
1684     {
1685     struct Enc *enc;
1686    
1687     enc = &pvar->ssh2_keys[MODE_IN].enc;
1688     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1689     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1690     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1691     CIPHER_DECRYPT,
1692     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1693     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1694     pvar);
1695    
1696     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1697     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1698    
1699     pvar->crypt_state.decrypt = cArcfour_decrypt;
1700     break;
1701     }
1702    
1703     case SSH2_CIPHER_CAST128_CBC:
1704 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1705 maya 3227 {
1706     struct Enc *enc;
1707    
1708     enc = &pvar->ssh2_keys[MODE_IN].enc;
1709     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1710     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1711     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1712     CIPHER_DECRYPT,
1713     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1714     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1715     pvar);
1716    
1717     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1718     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1719    
1720     pvar->crypt_state.decrypt = cCast128_decrypt;
1721     break;
1722     }
1723    
1724 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1725     case SSH2_CIPHER_CAMELLIA192_CBC:
1726     case SSH2_CIPHER_CAMELLIA256_CBC:
1727     case SSH2_CIPHER_CAMELLIA128_CTR:
1728     case SSH2_CIPHER_CAMELLIA192_CTR:
1729     case SSH2_CIPHER_CAMELLIA256_CTR:
1730     {
1731     struct Enc *enc;
1732    
1733     enc = &pvar->ssh2_keys[MODE_IN].enc;
1734     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1735     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1736     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1737     CIPHER_DECRYPT,
1738     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1739     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1740     pvar);
1741    
1742     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1743     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1744    
1745     pvar->crypt_state.decrypt = cCamellia_decrypt;
1746     break;
1747     }
1748    
1749 maya 3227 case SSH_CIPHER_3DES:{
1750     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1751     pvar->crypt_state.decrypt = c3DES_decrypt;
1752     break;
1753     }
1754     case SSH_CIPHER_IDEA:{
1755     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1756     pvar->crypt_state.decrypt = cIDEA_decrypt;
1757     break;
1758     }
1759     case SSH_CIPHER_DES:{
1760     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1761     pvar->crypt_state.decrypt = cDES_decrypt;
1762     break;
1763     }
1764     case SSH_CIPHER_RC4:{
1765     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1766     pvar->crypt_state.decrypt = cRC4_decrypt;
1767     break;
1768     }
1769     case SSH_CIPHER_BLOWFISH:{
1770     cBlowfish_init(decryption_key,
1771     &pvar->crypt_state.dec.cBlowfish);
1772     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1773     break;
1774     }
1775     default:
1776     isOK = FALSE;
1777     }
1778     }
1779    
1780    
1781     if (!isOK) {
1782     UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1783     "No cipher selected!");
1784 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1785 maya 3227 return FALSE;
1786     } else {
1787     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1788     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1789     return TRUE;
1790     }
1791     }
1792    
1793     void CRYPT_init(PTInstVar pvar)
1794     {
1795     pvar->crypt_state.encrypt = no_encrypt;
1796     pvar->crypt_state.decrypt = no_encrypt;
1797     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1798     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1799     pvar->crypt_state.server_key.RSA_key = NULL;
1800     pvar->crypt_state.host_key.RSA_key = NULL;
1801    
1802     pvar->crypt_state.detect_attack_statics.h = NULL;
1803     pvar->crypt_state.detect_attack_statics.n =
1804     HASH_MINSIZE / HASH_ENTRYSIZE;
1805     }
1806    
1807     static char FAR *get_cipher_name(int cipher)
1808     {
1809     switch (cipher) {
1810     case SSH_CIPHER_NONE:
1811     return "None";
1812     case SSH_CIPHER_3DES:
1813     return "3DES (168 key bits)";
1814     case SSH_CIPHER_DES:
1815     return "DES (56 key bits)";
1816     case SSH_CIPHER_IDEA:
1817     return "IDEA (128 key bits)";
1818     case SSH_CIPHER_RC4:
1819     return "RC4 (128 key bits)";
1820     case SSH_CIPHER_BLOWFISH:
1821     return "Blowfish (256 key bits)";
1822    
1823     // SSH2
1824     case SSH2_CIPHER_3DES_CBC:
1825     return "3DES-CBC";
1826     case SSH2_CIPHER_AES128_CBC:
1827     return "AES128-CBC";
1828     case SSH2_CIPHER_AES192_CBC:
1829     return "AES192-CBC";
1830     case SSH2_CIPHER_AES256_CBC:
1831     return "AES256-CBC";
1832     case SSH2_CIPHER_BLOWFISH_CBC:
1833     return "Blowfish-CBC";
1834     case SSH2_CIPHER_AES128_CTR:
1835     return "AES128-CTR";
1836     case SSH2_CIPHER_AES192_CTR:
1837     return "AES192-CTR";
1838     case SSH2_CIPHER_AES256_CTR:
1839     return "AES256-CTR";
1840     case SSH2_CIPHER_ARCFOUR:
1841     return "Arcfour";
1842     case SSH2_CIPHER_ARCFOUR128:
1843     return "Arcfour128";
1844     case SSH2_CIPHER_ARCFOUR256:
1845     return "Arcfour256";
1846     case SSH2_CIPHER_CAST128_CBC:
1847     return "CAST-128-CBC";
1848 doda 3850 case SSH2_CIPHER_3DES_CTR:
1849     return "3DES-CTR";
1850     case SSH2_CIPHER_BLOWFISH_CTR:
1851     return "Blowfish-CTR";
1852     case SSH2_CIPHER_CAST128_CTR:
1853     return "CAST-128-CTR";
1854 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1855     return "Camellia128-CBC";
1856     case SSH2_CIPHER_CAMELLIA192_CBC:
1857     return "Camellia192-CBC";
1858     case SSH2_CIPHER_CAMELLIA256_CBC:
1859     return "Camellia256-CBC";
1860     case SSH2_CIPHER_CAMELLIA128_CTR:
1861     return "Camellia128-CTR";
1862     case SSH2_CIPHER_CAMELLIA192_CTR:
1863     return "Camellia192-CTR";
1864     case SSH2_CIPHER_CAMELLIA256_CTR:
1865     return "Camellia256-CTR";
1866 maya 3227
1867     default:
1868     return "Unknown";
1869     }
1870     }
1871    
1872     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1873     {
1874     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1875     "%s to server, %s from server");
1876     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1877     get_cipher_name(pvar->crypt_state.sender_cipher),
1878     get_cipher_name(pvar->crypt_state.receiver_cipher));
1879     }
1880    
1881     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1882     {
1883     if (SSHv1(pvar)) {
1884     if (pvar->crypt_state.server_key.RSA_key == NULL
1885     || pvar->crypt_state.host_key.RSA_key == NULL) {
1886     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1887     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1888     } else {
1889     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1890     "%d-bit server key, %d-bit host key");
1891     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1892     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1893     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1894     }
1895     } else { // SSH2
1896 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1897     "%d-bit client key, %d-bit server key");
1898 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1899 maya 4313 pvar->client_key_bits,
1900     pvar->server_key_bits);
1901 maya 3227 }
1902     }
1903    
1904 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1905 maya 3227 {
1906     if (key->RSA_key != NULL) {
1907     RSA_free(key->RSA_key);
1908     key->RSA_key = NULL;
1909     }
1910     }
1911    
1912 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1913 maya 3227 {
1914     destroy_public_key(key);
1915     free(key);
1916     }
1917    
1918     void CRYPT_end(PTInstVar pvar)
1919     {
1920     destroy_public_key(&pvar->crypt_state.host_key);
1921     destroy_public_key(&pvar->crypt_state.server_key);
1922    
1923     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1924 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1925 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1926     free(pvar->crypt_state.detect_attack_statics.h);
1927     }
1928    
1929 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1930 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1931 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1932 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1933 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1934 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1935 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1936 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1937 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1938     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1939 maya 3227 }
1940    
1941     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1942     char FAR * buf, int bytes)
1943     {
1944     unsigned char passphrase_key[16];
1945    
1946     MD5(passphrase, strlen(passphrase), passphrase_key);
1947    
1948     switch (cipher) {
1949     case SSH_CIPHER_3DES:{
1950     Cipher3DESState state;
1951    
1952     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1953     &state.k1);
1954     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1955     &state.k2);
1956     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1957     &state.k3);
1958     memset(state.ivec1, 0, 8);
1959     memset(state.ivec2, 0, 8);
1960     memset(state.ivec3, 0, 8);
1961     DES_ncbc_encrypt(buf, buf, bytes,
1962     &state.k3, &state.ivec3, DES_DECRYPT);
1963     DES_ncbc_encrypt(buf, buf, bytes,
1964     &state.k2, &state.ivec2, DES_ENCRYPT);
1965     DES_ncbc_encrypt(buf, buf, bytes,
1966     &state.k1, &state.ivec1, DES_DECRYPT);
1967     break;
1968     }
1969    
1970     case SSH_CIPHER_IDEA:{
1971     CipherIDEAState state;
1972     int num = 0;
1973    
1974     cIDEA_init(passphrase_key, &state);
1975     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1976     &num, IDEA_DECRYPT);
1977     break;
1978     }
1979    
1980     case SSH_CIPHER_DES:{
1981     CipherDESState state;
1982    
1983     cDES_init(passphrase_key, &state);
1984     DES_ncbc_encrypt(buf, buf, bytes,
1985     &state.k, &state.ivec, DES_DECRYPT);
1986     break;
1987     }
1988    
1989     case SSH_CIPHER_RC4:{
1990     CipherRC4State state;
1991     int num = 0;
1992    
1993     RC4_set_key(&state.k, 16, passphrase_key);
1994     RC4(&state.k, bytes, buf, buf);
1995     break;
1996     }
1997    
1998     case SSH_CIPHER_BLOWFISH:{
1999     CipherBlowfishState state;
2000    
2001     BF_set_key(&state.k, 16, passphrase_key);
2002     memset(state.ivec, 0, 8);
2003     flip_endianness(buf, bytes);
2004     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
2005     BF_DECRYPT);
2006     flip_endianness(buf, bytes);
2007     break;
2008     }
2009    
2010     case SSH_CIPHER_NONE:
2011     break;
2012    
2013     default:
2014 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2015 maya 3227 return 0;
2016     }
2017    
2018 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2019 maya 3227 return 1;
2020     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help