Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6688 - (hide annotations) (download) (as text)
Mon Apr 24 11:49:42 2017 UTC (6 years, 11 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 62648 byte(s) 
typo fix.
1 maya 3227 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40     #include <openssl/dsa.h>
41     #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194     switch (pvar->crypt_state.sender_cipher) {
195     case SSH_CIPHER_NONE:
196     return FALSE;
197     case SSH_CIPHER_IDEA:
198     return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes,
200     pvar->crypt_state.dec.cIDEA.ivec) ==
201     DEATTACK_DETECTED;
202     default:
203     return detect_attack(&pvar->crypt_state.detect_attack_statics,
204     buf, bytes, NULL) == DEATTACK_DETECTED;
205     }
206     } else {
207     return FALSE;
208     }
209     }
210    
211     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212     {
213     }
214    
215    
216     // for SSH2(yutaka)
217     // ���O�������������������������������AAES192, AES256 ����
218     // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220     int bytes)
221     {
222     unsigned char *newbuf = malloc(bytes);
223     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224 doda 4212 char tmp[80];
225 maya 3227
226     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227     if (bytes == 0)
228     goto error;
229    
230     if (newbuf == NULL)
231     return;
232    
233     if (bytes % block_size) {
234 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
235     "%s encrypt error(1): bytes %d (%d)");
236     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237     "AES128/192/256", bytes, block_size);
238 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
239 maya 3227 goto error;
240     }
241    
242     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
244     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
245     "AES128/192/256");
246 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
247 maya 3227 goto error;
248    
249     } else {
250     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
251     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
252     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
253     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
254    
255     //debug_print(50, key, 24);
256     //debug_print(51, iv, 8);
257     //debug_print(52, buf, bytes);
258     //debug_print(53, newbuf, bytes);
259    
260     memcpy(buf, newbuf, bytes);
261     }
262    
263     error:
264     free(newbuf);
265     }
266    
267     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
268     int bytes)
269     {
270     unsigned char *newbuf = malloc(bytes);
271     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272 doda 4212 char tmp[80];
273 maya 3227
274     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
275     if (bytes == 0)
276     goto error;
277    
278     if (newbuf == NULL)
279     return;
280    
281     if (bytes % block_size) {
282 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
283     "%s decrypt error(1): bytes %d (%d)");
284     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
285     "AES128/192/256", bytes, block_size);
286 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
287 maya 3227 goto error;
288     }
289    
290     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
291 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
292     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
293     "AES128/192/256");
294 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
295 maya 3227 goto error;
296    
297     } else {
298     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
299     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
300     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
301     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
302    
303     //debug_print(70, key, AES128_KEYLEN);
304     //debug_print(71, iv, AES128_IVLEN);
305     //debug_print(72, buf, bytes);
306     //debug_print(73, newbuf, bytes);
307    
308     memcpy(buf, newbuf, bytes);
309     }
310    
311     error:
312     free(newbuf);
313     }
314    
315    
316     // for SSH2(yutaka)
317 doda 3850 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
318 doda 4212 int bytes)
319 maya 3227 {
320     unsigned char *newbuf = malloc(bytes);
321     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
322 doda 4212 char tmp[80];
323 maya 3227
324     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
325     if (bytes == 0)
326     goto error;
327    
328     if (newbuf == NULL)
329     return;
330    
331     if (bytes % block_size) {
332 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
333     "%s encrypt error(1): bytes %d (%d)");
334     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
335     "3DES-CBC", bytes, block_size);
336 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
337 maya 3227 goto error;
338     }
339    
340     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
341 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
342     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
343     "3DES-CBC");
344 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
345 maya 3227 goto error;
346    
347     } else {
348     //unsigned char key[24], iv[8];
349     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352    
353     //debug_print(50, key, 24);
354     //debug_print(51, iv, 8);
355     //debug_print(52, buf, bytes);
356     //debug_print(53, newbuf, bytes);
357    
358     memcpy(buf, newbuf, bytes);
359     }
360    
361     error:
362     free(newbuf);
363     }
364    
365 doda 3850 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
366 doda 4212 int bytes)
367 maya 3227 {
368     unsigned char *newbuf = malloc(bytes);
369     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
370 doda 4212 char tmp[80];
371 maya 3227
372     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
373     if (bytes == 0)
374     goto error;
375    
376     if (newbuf == NULL)
377     return;
378    
379     if (bytes % block_size) {
380 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
381     "%s decrypt error(1): bytes %d (%d)");
382     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
383     "3DES-CBC", bytes, block_size);
384 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
385 maya 3227 goto error;
386     }
387    
388     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
390     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
391     "3DES-CBC");
392 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
393 maya 3227 goto error;
394    
395     } else {
396     //unsigned char key[24], iv[8];
397     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
398     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
399     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
400    
401     //debug_print(70, key, 24);
402     //debug_print(71, iv, 8);
403     //debug_print(72, buf, bytes);
404     //debug_print(73, newbuf, bytes);
405    
406     memcpy(buf, newbuf, bytes);
407     }
408    
409     error:
410     free(newbuf);
411     }
412    
413    
414     static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
415     int bytes)
416     {
417     unsigned char *newbuf = malloc(bytes);
418     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
419 doda 4212 char tmp[80];
420 maya 3227
421     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
422     if (bytes == 0)
423     goto error;
424    
425     if (newbuf == NULL)
426     return;
427    
428     if (bytes % block_size) {
429 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
430     "%s encrypt error(1): bytes %d (%d)");
431     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
432     "Blowfish", bytes, block_size);
433 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
434 maya 3227 goto error;
435     }
436    
437     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
438 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
439     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
440     "Blowfish");
441 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
442 maya 3227 goto error;
443    
444     } else {
445     memcpy(buf, newbuf, bytes);
446    
447     }
448    
449     error:
450     free(newbuf);
451     }
452    
453     static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
454     int bytes)
455     {
456     unsigned char *newbuf = malloc(bytes);
457     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
458 doda 4212 char tmp[80];
459 maya 3227
460     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
461     if (bytes == 0)
462     goto error;
463    
464     if (newbuf == NULL)
465     return;
466    
467     if (bytes % block_size) {
468 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
469     "%s decrypt error(1): bytes %d (%d)");
470     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
471     "Blowfish", bytes, block_size);
472 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
473 maya 3227 goto error;
474     }
475    
476     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
477 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
478     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
479     "Blowfish");
480 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
481 maya 3227 goto error;
482    
483     } else {
484     memcpy(buf, newbuf, bytes);
485    
486     }
487    
488     error:
489     free(newbuf);
490     }
491    
492 doda 4212
493 maya 3227 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
494 doda 4212 int bytes)
495 maya 3227 {
496     unsigned char *newbuf = malloc(bytes);
497     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
498 doda 4212 char tmp[80];
499 maya 3227
500     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
501     if (bytes == 0)
502     goto error;
503    
504     if (newbuf == NULL)
505     return;
506    
507     if (bytes % block_size) {
508 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
509     "%s encrypt error(1): bytes %d (%d)");
510     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
511     "Arcfour", bytes, block_size);
512 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
513 maya 3227 goto error;
514     }
515    
516     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
517 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
518     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
519     "Arcfour");
520 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
521 maya 3227 goto error;
522    
523     } else {
524     memcpy(buf, newbuf, bytes);
525    
526     }
527    
528     error:
529     free(newbuf);
530     }
531    
532     static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 doda 4212 int bytes)
534 maya 3227 {
535     unsigned char *newbuf = malloc(bytes);
536     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
537 doda 4212 char tmp[80];
538 maya 3227
539     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
540     if (bytes == 0)
541     goto error;
542    
543     if (newbuf == NULL)
544     return;
545    
546     if (bytes % block_size) {
547 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
548     "%s decrypt error(1): bytes %d (%d)");
549     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
550     "Arcfour", bytes, block_size);
551 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
552 maya 3227 goto error;
553     }
554    
555     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
556 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
557     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
558     "Arcfour");
559 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
560 maya 3227 goto error;
561    
562     } else {
563     memcpy(buf, newbuf, bytes);
564    
565     }
566    
567     error:
568     free(newbuf);
569     }
570    
571 doda 4212
572 maya 3227 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
573     int bytes)
574     {
575     unsigned char *newbuf = malloc(bytes);
576     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
577 doda 4212 char tmp[80];
578 maya 3227
579     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
580     if (bytes == 0)
581     goto error;
582    
583     if (newbuf == NULL)
584     return;
585    
586     if (bytes % block_size) {
587 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
588     "%s encrypt error(1): bytes %d (%d)");
589     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
590     "CAST128", bytes, block_size);
591 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
592 maya 3227 goto error;
593     }
594    
595     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
596 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
597     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
598     "CAST128");
599 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
600 maya 3227 goto error;
601    
602     } else {
603     memcpy(buf, newbuf, bytes);
604    
605     }
606    
607     error:
608     free(newbuf);
609     }
610    
611     static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
612     int bytes)
613     {
614     unsigned char *newbuf = malloc(bytes);
615     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
616 doda 4212 char tmp[80];
617 maya 3227
618     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
619     if (bytes == 0)
620     goto error;
621    
622     if (newbuf == NULL)
623     return;
624    
625     if (bytes % block_size) {
626 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
627     "%s decrypt error(1): bytes %d (%d)");
628     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
629     "CAST128", bytes, block_size);
630 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
631 maya 3227 goto error;
632     }
633    
634     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
635 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
636     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
637     "CAST128");
638 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
639 maya 3227 goto error;
640    
641     } else {
642     memcpy(buf, newbuf, bytes);
643    
644     }
645    
646     error:
647     free(newbuf);
648     }
649    
650 doda 4433 static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
651     int bytes)
652     {
653     unsigned char *newbuf = malloc(bytes);
654     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
655     char tmp[80];
656 maya 3227
657 doda 4433 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
658     if (bytes == 0)
659     goto error;
660    
661     if (newbuf == NULL)
662     return;
663    
664     if (bytes % block_size) {
665     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
666     "%s encrypt error(1): bytes %d (%d)");
667     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
668     "Camellia128/192/256", bytes, block_size);
669 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
670 doda 4433 goto error;
671     }
672    
673     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
674     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
675     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
676     "Camellia128/192/256");
677 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
678 doda 4433 goto error;
679    
680     } else {
681     memcpy(buf, newbuf, bytes);
682    
683     }
684    
685     error:
686     free(newbuf);
687     }
688    
689     static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
690     int bytes)
691     {
692     unsigned char *newbuf = malloc(bytes);
693     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
694     char tmp[80];
695    
696     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
697     if (bytes == 0)
698     goto error;
699    
700     if (newbuf == NULL)
701     return;
702    
703     if (bytes % block_size) {
704     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
705     "%s decrypt error(1): bytes %d (%d)");
706     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
707     "Camellia128/192/256", bytes, block_size);
708 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
709 doda 4433 goto error;
710     }
711    
712     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
713     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
714     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
715     "Camellia128/192/256");
716 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
717 doda 4433 goto error;
718    
719     } else {
720     memcpy(buf, newbuf, bytes);
721    
722     }
723    
724     error:
725     free(newbuf);
726     }
727    
728 maya 3227 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
729     int bytes)
730     {
731     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
732    
733     DES_ncbc_encrypt(buf, buf, bytes,
734     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
735     DES_ncbc_encrypt(buf, buf, bytes,
736     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
737     DES_ncbc_encrypt(buf, buf, bytes,
738     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
739     }
740    
741     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
742     int bytes)
743     {
744     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
745    
746     DES_ncbc_encrypt(buf, buf, bytes,
747     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
748     DES_ncbc_encrypt(buf, buf, bytes,
749     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
750     DES_ncbc_encrypt(buf, buf, bytes,
751     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
752     }
753    
754     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
755     int bytes)
756     {
757     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
758    
759     DES_ncbc_encrypt(buf, buf, bytes,
760     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
761     }
762    
763     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
764     int bytes)
765     {
766     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
767    
768     DES_ncbc_encrypt(buf, buf, bytes,
769     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
770     }
771    
772     static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
773     int bytes)
774     {
775     CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
776     int num = 0;
777    
778     idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
779     encryptstate->ivec, &num, IDEA_ENCRYPT);
780     }
781    
782     static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
783     int bytes)
784     {
785     CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
786     int num = 0;
787    
788     idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
789     decryptstate->ivec, &num, IDEA_DECRYPT);
790     }
791    
792     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
793     {
794     uint32 FAR *buf = (uint32 FAR *) cbuf;
795     int count = bytes / 4;
796    
797     while (count > 0) {
798     uint32 w = *buf;
799    
800     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
801     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
802     count--;
803     buf++;
804     }
805     }
806    
807     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
808     int bytes)
809     {
810     CipherBlowfishState FAR *encryptstate =
811     &pvar->crypt_state.enc.cBlowfish;
812    
813     flip_endianness(buf, bytes);
814     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
815     BF_ENCRYPT);
816     flip_endianness(buf, bytes);
817     }
818    
819     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
820     int bytes)
821     {
822     CipherBlowfishState FAR *decryptstate =
823     &pvar->crypt_state.dec.cBlowfish;
824    
825     flip_endianness(buf, bytes);
826     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
827     BF_DECRYPT);
828     flip_endianness(buf, bytes);
829     }
830    
831     static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
832     int bytes)
833     {
834     CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
835     int num = 0;
836    
837     RC4(&encryptstate->k, bytes, buf, buf);
838     }
839    
840     static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
841     int bytes)
842     {
843     CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
844     int num = 0;
845    
846     RC4(&decryptstate->k, bytes, buf, buf);
847     }
848    
849     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
850     int bytes)
851     {
852     RAND_bytes(buf, bytes);
853     }
854    
855     void CRYPT_initialize_random_numbers(PTInstVar pvar)
856     {
857 maya 4550 // ����������������������
858     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
859     //RAND_screen();
860 maya 3227 }
861    
862     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
863     {
864     int bits = get_ushort16_MSBfirst(bytes);
865    
866     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
867     }
868    
869     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
870     RSA FAR *make_key(PTInstVar pvar,
871     int bits, unsigned char FAR * exp,
872     unsigned char FAR * mod)
873     {
874     RSA FAR *key = RSA_new();
875    
876     if (key != NULL) {
877     key->e = get_bignum(exp);
878     key->n = get_bignum(mod);
879     }
880    
881     if (key == NULL || key->e == NULL || key->n == NULL) {
882     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
883     "Error setting up RSA keys");
884 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
885 maya 3227
886     if (key != NULL) {
887     if (key->e != NULL) {
888     BN_free(key->e);
889     }
890     if (key->n != NULL) {
891     BN_free(key->n);
892     }
893     RSA_free(key);
894     }
895    
896     return NULL;
897     } else {
898     return key;
899     }
900     }
901    
902     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
903     {
904     if (SSHv1(pvar)) {
905     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
906     } else {
907     memcpy(pvar->crypt_state.server_cookie, cookie,
908     SSH2_COOKIE_LENGTH);
909     }
910     }
911    
912     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
913     {
914     if (SSHv2(pvar)) {
915     memcpy(pvar->crypt_state.client_cookie, cookie,
916     SSH2_COOKIE_LENGTH);
917     }
918     }
919    
920     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
921     int bits, unsigned char FAR * exp,
922     unsigned char FAR * mod)
923     {
924     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
925    
926     return pvar->crypt_state.server_key.RSA_key != NULL;
927     }
928    
929     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
930     int bits, unsigned char FAR * exp,
931     unsigned char FAR * mod)
932     {
933     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
934    
935     return pvar->crypt_state.host_key.RSA_key != NULL;
936     }
937    
938     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
939     int receiver_ciphers)
940     {
941     int cipher_mask;
942    
943     if (SSHv1(pvar)) {
944     cipher_mask = (1 << SSH_CIPHER_DES)
945     | (1 << SSH_CIPHER_3DES)
946     | (1 << SSH_CIPHER_BLOWFISH);
947    
948     } else { // for SSH2(yutaka)
949     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
950 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
951 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
952     | (1 << SSH2_CIPHER_AES192_CBC)
953     | (1 << SSH2_CIPHER_AES256_CBC)
954     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
955     | (1 << SSH2_CIPHER_AES128_CTR)
956     | (1 << SSH2_CIPHER_AES192_CTR)
957     | (1 << SSH2_CIPHER_AES256_CTR)
958     | (1 << SSH2_CIPHER_ARCFOUR)
959     | (1 << SSH2_CIPHER_ARCFOUR128)
960     | (1 << SSH2_CIPHER_ARCFOUR256)
961 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
962     | (1 << SSH2_CIPHER_3DES_CTR)
963     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
964 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
965     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
966     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
967     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
968     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
969     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
970     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
971     );
972 maya 3227 }
973    
974     sender_ciphers &= cipher_mask;
975     receiver_ciphers &= cipher_mask;
976     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
977     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
978    
979     if (sender_ciphers == 0) {
980     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
981     "The server does not support any of the TTSSH encryption algorithms.\n"
982     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
983     "The connection will be closed.");
984 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
985 maya 3227 return FALSE;
986     } else if (receiver_ciphers == 0) {
987     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
988     "The server does not support any of the TTSSH encryption algorithms.\n"
989     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
990     "The connection will be closed.");
991 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
992 maya 3227 return FALSE;
993     } else {
994     return TRUE;
995     }
996     }
997    
998     int CRYPT_get_decryption_block_size(PTInstVar pvar)
999     {
1000     if (SSHv1(pvar)) {
1001     return 8;
1002     } else {
1003     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1004     // cf. 3DES=8, AES128=16
1005     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
1006     }
1007     }
1008    
1009     int CRYPT_get_encryption_block_size(PTInstVar pvar)
1010     {
1011     if (SSHv1(pvar)) {
1012     return 8;
1013     } else {
1014     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1015     // cf. 3DES=8, AES128=16
1016     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
1017     }
1018     }
1019    
1020     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
1021     {
1022     struct Mac *mac;
1023    
1024     if (SSHv1(pvar)) {
1025     return 0;
1026    
1027     } else { // for SSH2(yutaka)
1028     mac = &pvar->ssh2_keys[MODE_IN].mac;
1029     if (mac == NULL || mac->enabled == 0)
1030     return 0;
1031    
1032     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
1033     }
1034    
1035     }
1036    
1037     // HMAC������
1038     // ���{������ SSH2 �������g�p�������B
1039     // (2004.12.17 yutaka)
1040     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
1041 yutakapon 6302 char FAR * data, int len, char FAR * MAC)
1042 maya 3227 {
1043     HMAC_CTX c;
1044     unsigned char m[EVP_MAX_MD_SIZE];
1045     unsigned char b[4];
1046     struct Mac *mac;
1047    
1048     mac = &pvar->ssh2_keys[MODE_IN].mac;
1049    
1050     // HMAC�������L���������������A����OK�����������B
1051 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
1052 maya 3227 return TRUE;
1053    
1054 yutakapon 6302 if (mac->key == NULL) {
1055     logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
1056 maya 3227 goto error;
1057 yutakapon 6302 }
1058 maya 3227
1059 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
1060     logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
1061     mac->mac_len, sizeof(m), sequence_number, len);
1062 maya 3227 goto error;
1063 yutakapon 6302 }
1064 maya 3227
1065     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1066     set_uint32_MSBfirst(b, sequence_number);
1067     HMAC_Update(&c, b, sizeof(b));
1068     HMAC_Update(&c, data, len);
1069     HMAC_Final(&c, m, NULL);
1070     HMAC_cleanup(&c);
1071    
1072     if (memcmp(m, MAC, mac->mac_len)) {
1073 yutakapon 6302 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
1074     logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
1075     logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
1076 maya 3227 goto error;
1077     }
1078    
1079     return TRUE;
1080    
1081     error:
1082     return FALSE;
1083     }
1084    
1085     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1086     {
1087     struct Mac *mac;
1088    
1089     if (SSHv2(pvar)) { // for SSH2(yutaka)
1090     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1091     if (mac == NULL || mac->enabled == 0)
1092     return 0;
1093    
1094     return (mac->mac_len);
1095     }
1096    
1097     return 0;
1098     }
1099    
1100     // for SSH2
1101     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1102     char FAR * data, int len, char FAR * MAC)
1103     {
1104     HMAC_CTX c;
1105     static u_char m[EVP_MAX_MD_SIZE];
1106     u_char b[4];
1107     struct Mac *mac;
1108    
1109     if (SSHv2(pvar)) { // for SSH2(yutaka)
1110     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1111     if (mac == NULL || mac->enabled == 0)
1112     return FALSE;
1113    
1114     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1115     set_uint32_MSBfirst(b, sequence_number);
1116     HMAC_Update(&c, b, sizeof(b));
1117     HMAC_Update(&c, data, len);
1118     HMAC_Final(&c, m, NULL);
1119     HMAC_cleanup(&c);
1120    
1121     // 20�o�C�g�������R�s�[
1122     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1123     // memcpy(MAC, m, sizeof(m));
1124    
1125     return TRUE;
1126     }
1127    
1128     return TRUE;
1129    
1130     }
1131    
1132     static int choose_cipher(PTInstVar pvar, int supported)
1133     {
1134     int i;
1135    
1136     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1137     int cipher = pvar->session_settings.CipherOrder[i] - '0';
1138    
1139     if (cipher == SSH_CIPHER_NONE) {
1140     break;
1141     } else if ((supported & (1 << cipher)) != 0) {
1142     return cipher;
1143     }
1144     }
1145    
1146     return SSH_CIPHER_NONE;
1147     }
1148    
1149     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1150     {
1151     if (SSHv1(pvar)) {
1152     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1153     pvar->crypt_state.
1154     supported_sender_ciphers);
1155     pvar->crypt_state.receiver_cipher =
1156     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1157    
1158     } else { // SSH2(yutaka)
1159     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1160     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1161    
1162     }
1163    
1164     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1165     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1166 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
1167 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1168     "To communicate with this server, you will have to enable some more ciphers\n"
1169     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1170     "This connection will now close.");
1171 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1172 maya 3227 return FALSE;
1173     } else {
1174     return TRUE;
1175     }
1176     }
1177    
1178     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1179     {
1180     int server_key_bits =
1181     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1182     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1183     int server_key_bytes = (server_key_bits + 7) / 8;
1184     int host_key_bytes = (host_key_bits + 7) / 8;
1185    
1186     if (server_key_bits < host_key_bits) {
1187     return host_key_bytes;
1188     } else {
1189     return server_key_bytes;
1190     }
1191     }
1192    
1193     int CRYPT_choose_session_key(PTInstVar pvar,
1194     unsigned char FAR * encrypted_key_buf)
1195     {
1196     int server_key_bits =
1197     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1198     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1199     int server_key_bytes = (server_key_bits + 7) / 8;
1200     int host_key_bytes = (host_key_bits + 7) / 8;
1201     int encrypted_key_bytes;
1202     int bit_delta;
1203    
1204     if (server_key_bits < host_key_bits) {
1205     encrypted_key_bytes = host_key_bytes;
1206     bit_delta = host_key_bits - server_key_bits;
1207     } else {
1208     encrypted_key_bytes = server_key_bytes;
1209     bit_delta = server_key_bits - host_key_bits;
1210     }
1211    
1212     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1213 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
1214 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
1215 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1216 maya 3227 return 0;
1217     } else {
1218     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1219     for the session ID, rather than the one specified in the RFC */
1220     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1221     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1222     char session_id[16];
1223     int i;
1224    
1225     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1226     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1227     session_buf + host_key_bytes);
1228     memcpy(session_buf + server_key_bytes + host_key_bytes,
1229     pvar->crypt_state.server_cookie, 8);
1230     MD5(session_buf, session_buf_len, session_id);
1231    
1232     free(session_buf);
1233    
1234     RAND_bytes(pvar->crypt_state.sender_cipher_key,
1235     SSH_SESSION_KEY_LENGTH);
1236     memcpy(pvar->crypt_state.receiver_cipher_key,
1237     pvar->crypt_state.sender_cipher_key,
1238     SSH_SESSION_KEY_LENGTH);
1239    
1240     memcpy(encrypted_key_buf + encrypted_key_bytes -
1241     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1242     SSH_SESSION_KEY_LENGTH);
1243     for (i = 0; i < sizeof(session_id); i++) {
1244     encrypted_key_buf[encrypted_key_bytes -
1245     SSH_SESSION_KEY_LENGTH + i]
1246     ^= session_id[i];
1247     }
1248    
1249     if (host_key_bits > server_key_bits) {
1250     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1251     encrypted_key_buf +
1252     encrypted_key_bytes -
1253     SSH_SESSION_KEY_LENGTH,
1254     encrypted_key_buf +
1255     encrypted_key_bytes - server_key_bytes,
1256     pvar->crypt_state.server_key.RSA_key,
1257     RSA_PKCS1_PADDING) < 0)
1258     return 0;
1259    
1260     if (RSA_public_encrypt(server_key_bytes,
1261     encrypted_key_buf +
1262     encrypted_key_bytes - server_key_bytes,
1263     encrypted_key_buf,
1264     pvar->crypt_state.host_key.RSA_key,
1265     RSA_PKCS1_PADDING) < 0)
1266     return 0;
1267     } else {
1268     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1269     encrypted_key_buf +
1270     encrypted_key_bytes -
1271     SSH_SESSION_KEY_LENGTH,
1272     encrypted_key_buf +
1273     encrypted_key_bytes - host_key_bytes,
1274     pvar->crypt_state.host_key.RSA_key,
1275     RSA_PKCS1_PADDING) < 0)
1276     return 0;
1277    
1278     if (RSA_public_encrypt(host_key_bytes,
1279     encrypted_key_buf +
1280     encrypted_key_bytes - host_key_bytes,
1281     encrypted_key_buf,
1282     pvar->crypt_state.server_key.RSA_key,
1283     RSA_PKCS1_PADDING) < 0)
1284     return 0;
1285     }
1286     }
1287    
1288     return 1;
1289     }
1290    
1291     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1292     unsigned char FAR * challenge,
1293     int challenge_len,
1294     unsigned char FAR * response)
1295     {
1296     int server_key_bits =
1297     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1298     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1299     int server_key_bytes = (server_key_bits + 7) / 8;
1300     int host_key_bytes = (host_key_bits + 7) / 8;
1301     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1302     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1303     char decrypted_challenge[48];
1304     int decrypted_challenge_len;
1305    
1306     decrypted_challenge_len =
1307     RSA_private_decrypt(challenge_len, challenge, challenge,
1308 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1309 maya 3227 RSA_PKCS1_PADDING);
1310     if (decrypted_challenge_len < 0) {
1311     free(session_buf);
1312     return 0;
1313     }
1314     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1315     memcpy(decrypted_challenge,
1316     challenge + decrypted_challenge_len -
1317     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1318     } else {
1319     memset(decrypted_challenge, 0,
1320     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1321     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1322     decrypted_challenge_len, challenge,
1323     decrypted_challenge_len);
1324     }
1325    
1326     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1327     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1328     session_buf + host_key_bytes);
1329     memcpy(session_buf + server_key_bytes + host_key_bytes,
1330     pvar->crypt_state.server_cookie, 8);
1331     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1332    
1333     free(session_buf);
1334    
1335     MD5(decrypted_challenge, 48, response);
1336    
1337     return 1;
1338     }
1339    
1340     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1341     {
1342     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1343     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1344     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1345     memset(state->ivec1, 0, 8);
1346     memset(state->ivec2, 0, 8);
1347     memset(state->ivec3, 0, 8);
1348     }
1349    
1350     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1351     {
1352 doda 6585 DES_set_key((const_DES_cblock FAR *) session_key, &state->k);
1353 maya 3227 memset(state->ivec, 0, 8);
1354     }
1355    
1356     static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1357     {
1358     idea_set_encrypt_key(session_key, &state->k);
1359     memset(state->ivec, 0, 8);
1360     }
1361    
1362     static void cBlowfish_init(char FAR * session_key,
1363     CipherBlowfishState FAR * state)
1364     {
1365     BF_set_key(&state->k, 32, session_key);
1366     memset(state->ivec, 0, 8);
1367     }
1368    
1369    
1370     //
1371     // SSH2�p�A���S���Y����������
1372     //
1373     // for SSH2(yutaka)
1374     //
1375     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1376     const u_char *key, u_int keylen,
1377     const u_char *iv, u_int ivlen,
1378     int encrypt,
1379     const EVP_CIPHER *type,
1380     int discard_len,
1381     PTInstVar pvar)
1382     {
1383     int klen;
1384     char tmp[80];
1385     unsigned char *junk = NULL, *discard = NULL;
1386    
1387     EVP_CIPHER_CTX_init(evp);
1388     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1389     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1390     "Cipher initialize error(%d)");
1391     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1392 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1393 maya 3227 return;
1394     }
1395    
1396     klen = EVP_CIPHER_CTX_key_length(evp);
1397     if (klen > 0 && keylen != klen) {
1398     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1399     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1400     "Cipher initialize error(%d)");
1401     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1402 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1403 maya 3227 return;
1404     }
1405     }
1406     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1407     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1408     "Cipher initialize error(%d)");
1409     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1410 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1411 maya 3227 return;
1412     }
1413    
1414     if (discard_len > 0) {
1415     junk = malloc(discard_len);
1416     discard = malloc(discard_len);
1417     if (junk == NULL || discard == NULL ||
1418     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1419     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1420     "Cipher initialize error(%d)");
1421     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1422     pvar->ts->UIMsg, 3);
1423 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1424 maya 3227 }
1425     else {
1426 yutakapon 6229 SecureZeroMemory(discard, discard_len);
1427 maya 3227 }
1428     free(junk);
1429     free(discard);
1430     }
1431     }
1432    
1433 yutakapon 5545 //
1434     // SSH2�p�A���S���Y�����j��
1435     //
1436     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1437     {
1438     EVP_CIPHER_CTX_cleanup(evp);
1439     }
1440 maya 3227
1441 yutakapon 5545
1442 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1443     {
1444     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1445     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1446     BOOL isOK = TRUE;
1447    
1448     if (sender_flag) {
1449     switch (pvar->crypt_state.sender_cipher) {
1450     // for SSH2(yutaka)
1451     case SSH2_CIPHER_3DES_CBC:
1452 doda 3850 case SSH2_CIPHER_3DES_CTR:
1453 maya 3227 {
1454     struct Enc *enc;
1455    
1456     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1457     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1458     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1459     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1460     CIPHER_ENCRYPT,
1461     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1462     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1463     pvar);
1464    
1465     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1466     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1467    
1468 doda 3850 pvar->crypt_state.encrypt = c3DES_encrypt2;
1469 maya 3227 break;
1470     }
1471    
1472     // for SSH2(yutaka)
1473     case SSH2_CIPHER_AES128_CBC:
1474     case SSH2_CIPHER_AES192_CBC:
1475     case SSH2_CIPHER_AES256_CBC:
1476     case SSH2_CIPHER_AES128_CTR:
1477     case SSH2_CIPHER_AES192_CTR:
1478     case SSH2_CIPHER_AES256_CTR:
1479     {
1480     struct Enc *enc;
1481    
1482     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1483     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1484     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1485     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1486     CIPHER_ENCRYPT,
1487     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1488     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1489     pvar);
1490    
1491     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1492     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1493    
1494     pvar->crypt_state.encrypt = cAES128_encrypt;
1495     break;
1496     }
1497    
1498     case SSH2_CIPHER_BLOWFISH_CBC:
1499 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1500 maya 3227 {
1501     struct Enc *enc;
1502    
1503     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1504     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1505     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1506     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1507     CIPHER_ENCRYPT,
1508     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1509     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1510     pvar);
1511    
1512     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1513     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1514    
1515     pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1516     break;
1517     }
1518    
1519     case SSH2_CIPHER_ARCFOUR:
1520     case SSH2_CIPHER_ARCFOUR128:
1521     case SSH2_CIPHER_ARCFOUR256:
1522     {
1523     struct Enc *enc;
1524    
1525     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1526     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1527     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1528     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1529     CIPHER_ENCRYPT,
1530     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1531     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1532     pvar);
1533     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1534     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1535    
1536     pvar->crypt_state.encrypt = cArcfour_encrypt;
1537     break;
1538     }
1539    
1540     case SSH2_CIPHER_CAST128_CBC:
1541 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1542 maya 3227 {
1543     struct Enc *enc;
1544    
1545     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1546     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1547     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1548     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1549     CIPHER_ENCRYPT,
1550     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1551     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1552     pvar);
1553     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1554     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1555    
1556     pvar->crypt_state.encrypt = cCast128_encrypt;
1557     break;
1558     }
1559    
1560 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1561     case SSH2_CIPHER_CAMELLIA192_CBC:
1562     case SSH2_CIPHER_CAMELLIA256_CBC:
1563     case SSH2_CIPHER_CAMELLIA128_CTR:
1564     case SSH2_CIPHER_CAMELLIA192_CTR:
1565     case SSH2_CIPHER_CAMELLIA256_CTR:
1566     {
1567     struct Enc *enc;
1568    
1569     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1570     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1571     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1572     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1573     CIPHER_ENCRYPT,
1574     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1575     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1576     pvar);
1577    
1578     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1579     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1580    
1581     pvar->crypt_state.encrypt = cCamellia_encrypt;
1582     break;
1583     }
1584    
1585 maya 3227 case SSH_CIPHER_3DES:{
1586     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1587     pvar->crypt_state.encrypt = c3DES_encrypt;
1588     break;
1589     }
1590     case SSH_CIPHER_IDEA:{
1591     cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1592     pvar->crypt_state.encrypt = cIDEA_encrypt;
1593     break;
1594     }
1595     case SSH_CIPHER_DES:{
1596     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1597     pvar->crypt_state.encrypt = cDES_encrypt;
1598     break;
1599     }
1600     case SSH_CIPHER_RC4:{
1601     RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1602     encryption_key + 16);
1603     pvar->crypt_state.encrypt = cRC4_encrypt;
1604     break;
1605     }
1606     case SSH_CIPHER_BLOWFISH:{
1607     cBlowfish_init(encryption_key,
1608     &pvar->crypt_state.enc.cBlowfish);
1609     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1610     break;
1611     }
1612     default:
1613     isOK = FALSE;
1614     }
1615     }
1616    
1617    
1618     if (receiver_flag) {
1619     switch (pvar->crypt_state.receiver_cipher) {
1620     // for SSH2(yutaka)
1621     case SSH2_CIPHER_3DES_CBC:
1622 doda 3850 case SSH2_CIPHER_3DES_CTR:
1623 maya 3227 {
1624     struct Enc *enc;
1625    
1626     enc = &pvar->ssh2_keys[MODE_IN].enc;
1627     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1628     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1629     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1630     CIPHER_DECRYPT,
1631     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1632     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1633     pvar);
1634    
1635     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1636     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1637    
1638 doda 3850 pvar->crypt_state.decrypt = c3DES_decrypt2;
1639 maya 3227 break;
1640     }
1641    
1642     // for SSH2(yutaka)
1643     case SSH2_CIPHER_AES128_CBC:
1644     case SSH2_CIPHER_AES192_CBC:
1645     case SSH2_CIPHER_AES256_CBC:
1646     case SSH2_CIPHER_AES128_CTR:
1647     case SSH2_CIPHER_AES192_CTR:
1648     case SSH2_CIPHER_AES256_CTR:
1649     {
1650     struct Enc *enc;
1651    
1652     enc = &pvar->ssh2_keys[MODE_IN].enc;
1653     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1654     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1655     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1656     CIPHER_DECRYPT,
1657     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1658     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1659     pvar);
1660    
1661     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1662     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1663    
1664     pvar->crypt_state.decrypt = cAES128_decrypt;
1665     break;
1666     }
1667    
1668     case SSH2_CIPHER_BLOWFISH_CBC:
1669 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1670 maya 3227 {
1671     struct Enc *enc;
1672    
1673     enc = &pvar->ssh2_keys[MODE_IN].enc;
1674     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1675     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1676     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1677     CIPHER_DECRYPT,
1678     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1679     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1680     pvar);
1681    
1682     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1683     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1684    
1685     pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1686     break;
1687     }
1688    
1689     case SSH2_CIPHER_ARCFOUR:
1690     case SSH2_CIPHER_ARCFOUR128:
1691     case SSH2_CIPHER_ARCFOUR256:
1692     {
1693     struct Enc *enc;
1694    
1695     enc = &pvar->ssh2_keys[MODE_IN].enc;
1696     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1697     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1698     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1699     CIPHER_DECRYPT,
1700     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1701     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1702     pvar);
1703    
1704     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1705     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1706    
1707     pvar->crypt_state.decrypt = cArcfour_decrypt;
1708     break;
1709     }
1710    
1711     case SSH2_CIPHER_CAST128_CBC:
1712 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1713 maya 3227 {
1714     struct Enc *enc;
1715    
1716     enc = &pvar->ssh2_keys[MODE_IN].enc;
1717     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1718     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1719     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1720     CIPHER_DECRYPT,
1721     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1722     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1723     pvar);
1724    
1725     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1726     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1727    
1728     pvar->crypt_state.decrypt = cCast128_decrypt;
1729     break;
1730     }
1731    
1732 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1733     case SSH2_CIPHER_CAMELLIA192_CBC:
1734     case SSH2_CIPHER_CAMELLIA256_CBC:
1735     case SSH2_CIPHER_CAMELLIA128_CTR:
1736     case SSH2_CIPHER_CAMELLIA192_CTR:
1737     case SSH2_CIPHER_CAMELLIA256_CTR:
1738     {
1739     struct Enc *enc;
1740    
1741     enc = &pvar->ssh2_keys[MODE_IN].enc;
1742     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1743     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1744     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1745     CIPHER_DECRYPT,
1746     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1747     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1748     pvar);
1749    
1750     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1751     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1752    
1753     pvar->crypt_state.decrypt = cCamellia_decrypt;
1754     break;
1755     }
1756    
1757 maya 3227 case SSH_CIPHER_3DES:{
1758     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1759     pvar->crypt_state.decrypt = c3DES_decrypt;
1760     break;
1761     }
1762     case SSH_CIPHER_IDEA:{
1763     cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1764     pvar->crypt_state.decrypt = cIDEA_decrypt;
1765     break;
1766     }
1767     case SSH_CIPHER_DES:{
1768     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1769     pvar->crypt_state.decrypt = cDES_decrypt;
1770     break;
1771     }
1772     case SSH_CIPHER_RC4:{
1773     RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1774     pvar->crypt_state.decrypt = cRC4_decrypt;
1775     break;
1776     }
1777     case SSH_CIPHER_BLOWFISH:{
1778     cBlowfish_init(decryption_key,
1779     &pvar->crypt_state.dec.cBlowfish);
1780     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1781     break;
1782     }
1783     default:
1784     isOK = FALSE;
1785     }
1786     }
1787    
1788    
1789     if (!isOK) {
1790 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1791 maya 3227 "No cipher selected!");
1792 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1793 maya 3227 return FALSE;
1794     } else {
1795     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1796     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1797     return TRUE;
1798     }
1799     }
1800    
1801     void CRYPT_init(PTInstVar pvar)
1802     {
1803     pvar->crypt_state.encrypt = no_encrypt;
1804     pvar->crypt_state.decrypt = no_encrypt;
1805     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1806     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1807     pvar->crypt_state.server_key.RSA_key = NULL;
1808     pvar->crypt_state.host_key.RSA_key = NULL;
1809    
1810     pvar->crypt_state.detect_attack_statics.h = NULL;
1811     pvar->crypt_state.detect_attack_statics.n =
1812     HASH_MINSIZE / HASH_ENTRYSIZE;
1813     }
1814    
1815     static char FAR *get_cipher_name(int cipher)
1816     {
1817     switch (cipher) {
1818     case SSH_CIPHER_NONE:
1819     return "None";
1820     case SSH_CIPHER_3DES:
1821     return "3DES (168 key bits)";
1822     case SSH_CIPHER_DES:
1823     return "DES (56 key bits)";
1824     case SSH_CIPHER_IDEA:
1825     return "IDEA (128 key bits)";
1826     case SSH_CIPHER_RC4:
1827     return "RC4 (128 key bits)";
1828     case SSH_CIPHER_BLOWFISH:
1829     return "Blowfish (256 key bits)";
1830    
1831     // SSH2
1832     case SSH2_CIPHER_3DES_CBC:
1833     return "3DES-CBC";
1834     case SSH2_CIPHER_AES128_CBC:
1835     return "AES128-CBC";
1836     case SSH2_CIPHER_AES192_CBC:
1837     return "AES192-CBC";
1838     case SSH2_CIPHER_AES256_CBC:
1839     return "AES256-CBC";
1840     case SSH2_CIPHER_BLOWFISH_CBC:
1841     return "Blowfish-CBC";
1842     case SSH2_CIPHER_AES128_CTR:
1843     return "AES128-CTR";
1844     case SSH2_CIPHER_AES192_CTR:
1845     return "AES192-CTR";
1846     case SSH2_CIPHER_AES256_CTR:
1847     return "AES256-CTR";
1848     case SSH2_CIPHER_ARCFOUR:
1849     return "Arcfour";
1850     case SSH2_CIPHER_ARCFOUR128:
1851     return "Arcfour128";
1852     case SSH2_CIPHER_ARCFOUR256:
1853     return "Arcfour256";
1854     case SSH2_CIPHER_CAST128_CBC:
1855     return "CAST-128-CBC";
1856 doda 3850 case SSH2_CIPHER_3DES_CTR:
1857     return "3DES-CTR";
1858     case SSH2_CIPHER_BLOWFISH_CTR:
1859     return "Blowfish-CTR";
1860     case SSH2_CIPHER_CAST128_CTR:
1861     return "CAST-128-CTR";
1862 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1863     return "Camellia128-CBC";
1864     case SSH2_CIPHER_CAMELLIA192_CBC:
1865     return "Camellia192-CBC";
1866     case SSH2_CIPHER_CAMELLIA256_CBC:
1867     return "Camellia256-CBC";
1868     case SSH2_CIPHER_CAMELLIA128_CTR:
1869     return "Camellia128-CTR";
1870     case SSH2_CIPHER_CAMELLIA192_CTR:
1871     return "Camellia192-CTR";
1872     case SSH2_CIPHER_CAMELLIA256_CTR:
1873     return "Camellia256-CTR";
1874 maya 3227
1875     default:
1876     return "Unknown";
1877     }
1878     }
1879    
1880     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1881     {
1882     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1883     "%s to server, %s from server");
1884     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1885     get_cipher_name(pvar->crypt_state.sender_cipher),
1886     get_cipher_name(pvar->crypt_state.receiver_cipher));
1887     }
1888    
1889     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1890     {
1891     if (SSHv1(pvar)) {
1892     if (pvar->crypt_state.server_key.RSA_key == NULL
1893     || pvar->crypt_state.host_key.RSA_key == NULL) {
1894     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1895     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1896     } else {
1897     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1898     "%d-bit server key, %d-bit host key");
1899     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1900     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1901     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1902     }
1903     } else { // SSH2
1904 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1905     "%d-bit client key, %d-bit server key");
1906 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1907 maya 4313 pvar->client_key_bits,
1908     pvar->server_key_bits);
1909 maya 3227 }
1910     }
1911    
1912 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1913 maya 3227 {
1914     if (key->RSA_key != NULL) {
1915     RSA_free(key->RSA_key);
1916     key->RSA_key = NULL;
1917     }
1918     }
1919    
1920 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1921 maya 3227 {
1922     destroy_public_key(key);
1923     free(key);
1924     }
1925    
1926     void CRYPT_end(PTInstVar pvar)
1927     {
1928     destroy_public_key(&pvar->crypt_state.host_key);
1929     destroy_public_key(&pvar->crypt_state.server_key);
1930    
1931     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1932 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1933 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1934     free(pvar->crypt_state.detect_attack_statics.h);
1935     }
1936    
1937 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1938 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1939 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1940 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1941 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1942 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1943 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1944 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1945 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1946     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1947 maya 3227 }
1948    
1949     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1950     char FAR * buf, int bytes)
1951     {
1952     unsigned char passphrase_key[16];
1953    
1954     MD5(passphrase, strlen(passphrase), passphrase_key);
1955    
1956     switch (cipher) {
1957     case SSH_CIPHER_3DES:{
1958     Cipher3DESState state;
1959    
1960     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1961     &state.k1);
1962     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1963     &state.k2);
1964     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1965     &state.k3);
1966     memset(state.ivec1, 0, 8);
1967     memset(state.ivec2, 0, 8);
1968     memset(state.ivec3, 0, 8);
1969     DES_ncbc_encrypt(buf, buf, bytes,
1970     &state.k3, &state.ivec3, DES_DECRYPT);
1971     DES_ncbc_encrypt(buf, buf, bytes,
1972     &state.k2, &state.ivec2, DES_ENCRYPT);
1973     DES_ncbc_encrypt(buf, buf, bytes,
1974     &state.k1, &state.ivec1, DES_DECRYPT);
1975     break;
1976     }
1977    
1978     case SSH_CIPHER_IDEA:{
1979     CipherIDEAState state;
1980     int num = 0;
1981    
1982     cIDEA_init(passphrase_key, &state);
1983     idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1984     &num, IDEA_DECRYPT);
1985     break;
1986     }
1987    
1988     case SSH_CIPHER_DES:{
1989     CipherDESState state;
1990    
1991     cDES_init(passphrase_key, &state);
1992     DES_ncbc_encrypt(buf, buf, bytes,
1993     &state.k, &state.ivec, DES_DECRYPT);
1994     break;
1995     }
1996    
1997     case SSH_CIPHER_RC4:{
1998     CipherRC4State state;
1999     int num = 0;
2000    
2001     RC4_set_key(&state.k, 16, passphrase_key);
2002     RC4(&state.k, bytes, buf, buf);
2003     break;
2004     }
2005    
2006     case SSH_CIPHER_BLOWFISH:{
2007     CipherBlowfishState state;
2008    
2009     BF_set_key(&state.k, 16, passphrase_key);
2010     memset(state.ivec, 0, 8);
2011     flip_endianness(buf, bytes);
2012     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
2013     BF_DECRYPT);
2014     flip_endianness(buf, bytes);
2015     break;
2016     }
2017    
2018     case SSH_CIPHER_NONE:
2019     break;
2020    
2021     default:
2022 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2023 maya 3227 return 0;
2024     }
2025    
2026 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2027 maya 3227 return 1;
2028     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help