Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6714 - (hide annotations) (download) (as text)
Fri May 12 12:41:49 2017 UTC (6 years, 11 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 59992 byte(s) 
IDEA / RC4(SSH1) 関連のコードを削除。
1 maya 3227 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40     #include <openssl/dsa.h>
41     #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75    
76     static void crc_update(uint32 FAR * a, uint32 b)
77     {
78     b ^= *a;
79     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80     }
81    
82     /* check_crc
83     detects if a block is used in a particular pattern
84     */
85    
86     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87     uint32 len, unsigned char FAR * IV)
88     {
89     uint32 crc;
90     unsigned char FAR *c;
91    
92     crc = 0;
93     if (IV && !CMP(S, IV)) {
94     crc_update(&crc, 1);
95     crc_update(&crc, 0);
96     }
97     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98     if (!CMP(S, c)) {
99     crc_update(&crc, 1);
100     crc_update(&crc, 0);
101     } else {
102     crc_update(&crc, 0);
103     crc_update(&crc, 0);
104     }
105     }
106    
107     return crc == 0;
108     }
109    
110    
111     /*
112     detect_attack
113     Detects a crc32 compensation attack on a packet
114     */
115     static int detect_attack(CRYPTDetectAttack FAR * statics,
116     unsigned char FAR * buf, uint32 len,
117     unsigned char *FAR IV)
118     {
119     uint32 FAR *h = statics->h;
120     uint32 n = statics->n;
121     uint32 i, j;
122     uint32 l;
123     unsigned char FAR *c;
124     unsigned char FAR *d;
125    
126     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127     }
128    
129     if (h == NULL) {
130     n = l;
131     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132     } else {
133     if (l > n) {
134     n = l;
135     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136     }
137     }
138    
139     statics->h = h;
140     statics->n = n;
141    
142     if (len <= HASH_MINBLOCKS) {
143     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144     if (IV && (!CMP(c, IV))) {
145     if ((check_crc(c, buf, len, IV)))
146     return DEATTACK_DETECTED;
147     else
148     break;
149     }
150     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151     if (!CMP(c, d)) {
152     if ((check_crc(c, buf, len, IV)))
153     return DEATTACK_DETECTED;
154     else
155     break;
156     }
157     }
158     }
159     return (DEATTACK_OK);
160     }
161     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162    
163     if (IV) {
164     h[HASH(IV) & (n - 1)] = HASH_IV;
165     }
166    
167     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169     i = (i + 1) & (n - 1)) {
170     if (h[i] == HASH_IV) {
171     if (!CMP(c, IV)) {
172     if (check_crc(c, buf, len, IV))
173     return DEATTACK_DETECTED;
174     else
175     break;
176     }
177     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178     if (check_crc(c, buf, len, IV))
179     return DEATTACK_DETECTED;
180     else
181     break;
182     }
183     }
184     h[i] = j;
185     }
186    
187     return DEATTACK_OK;
188     }
189    
190     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191     int bytes)
192     {
193     if (SSHv1(pvar)) {
194 doda 6714 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE) {
195 maya 3227 return FALSE;
196 doda 6714 }
197     else {
198 maya 3227 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199     buf, bytes, NULL) == DEATTACK_DETECTED;
200     }
201     } else {
202     return FALSE;
203     }
204     }
205    
206     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
207     {
208     }
209    
210    
211     // for SSH2(yutaka)
212     // ���O�������������������������������AAES192, AES256 ����
213     // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
214     static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
215     int bytes)
216     {
217     unsigned char *newbuf = malloc(bytes);
218     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
219 doda 4212 char tmp[80];
220 maya 3227
221     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
222     if (bytes == 0)
223     goto error;
224    
225     if (newbuf == NULL)
226     return;
227    
228     if (bytes % block_size) {
229 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
230     "%s encrypt error(1): bytes %d (%d)");
231     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
232     "AES128/192/256", bytes, block_size);
233 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
234 maya 3227 goto error;
235     }
236    
237     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
238 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
239     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
240     "AES128/192/256");
241 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
242 maya 3227 goto error;
243    
244     } else {
245     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
246     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
247     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
248     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
249    
250     //debug_print(50, key, 24);
251     //debug_print(51, iv, 8);
252     //debug_print(52, buf, bytes);
253     //debug_print(53, newbuf, bytes);
254    
255     memcpy(buf, newbuf, bytes);
256     }
257    
258     error:
259     free(newbuf);
260     }
261    
262     static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
263     int bytes)
264     {
265     unsigned char *newbuf = malloc(bytes);
266     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
267 doda 4212 char tmp[80];
268 maya 3227
269     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
270     if (bytes == 0)
271     goto error;
272    
273     if (newbuf == NULL)
274     return;
275    
276     if (bytes % block_size) {
277 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
278     "%s decrypt error(1): bytes %d (%d)");
279     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
280     "AES128/192/256", bytes, block_size);
281 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
282 maya 3227 goto error;
283     }
284    
285     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
286 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
287     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
288     "AES128/192/256");
289 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
290 maya 3227 goto error;
291    
292     } else {
293     //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
294     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
295     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
296     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
297    
298     //debug_print(70, key, AES128_KEYLEN);
299     //debug_print(71, iv, AES128_IVLEN);
300     //debug_print(72, buf, bytes);
301     //debug_print(73, newbuf, bytes);
302    
303     memcpy(buf, newbuf, bytes);
304     }
305    
306     error:
307     free(newbuf);
308     }
309    
310    
311     // for SSH2(yutaka)
312 doda 3850 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
313 doda 4212 int bytes)
314 maya 3227 {
315     unsigned char *newbuf = malloc(bytes);
316     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
317 doda 4212 char tmp[80];
318 maya 3227
319     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
320     if (bytes == 0)
321     goto error;
322    
323     if (newbuf == NULL)
324     return;
325    
326     if (bytes % block_size) {
327 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
328     "%s encrypt error(1): bytes %d (%d)");
329     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
330     "3DES-CBC", bytes, block_size);
331 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
332 maya 3227 goto error;
333     }
334    
335     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
336 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
337     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
338     "3DES-CBC");
339 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
340 maya 3227 goto error;
341    
342     } else {
343     //unsigned char key[24], iv[8];
344     //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
345     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
346     //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
347    
348     //debug_print(50, key, 24);
349     //debug_print(51, iv, 8);
350     //debug_print(52, buf, bytes);
351     //debug_print(53, newbuf, bytes);
352    
353     memcpy(buf, newbuf, bytes);
354     }
355    
356     error:
357     free(newbuf);
358     }
359    
360 doda 3850 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
361 doda 4212 int bytes)
362 maya 3227 {
363     unsigned char *newbuf = malloc(bytes);
364     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
365 doda 4212 char tmp[80];
366 maya 3227
367     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
368     if (bytes == 0)
369     goto error;
370    
371     if (newbuf == NULL)
372     return;
373    
374     if (bytes % block_size) {
375 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
376     "%s decrypt error(1): bytes %d (%d)");
377     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
378     "3DES-CBC", bytes, block_size);
379 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
380 maya 3227 goto error;
381     }
382    
383     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
384 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
385     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
386     "3DES-CBC");
387 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
388 maya 3227 goto error;
389    
390     } else {
391     //unsigned char key[24], iv[8];
392     //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393     // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394     //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395    
396     //debug_print(70, key, 24);
397     //debug_print(71, iv, 8);
398     //debug_print(72, buf, bytes);
399     //debug_print(73, newbuf, bytes);
400    
401     memcpy(buf, newbuf, bytes);
402     }
403    
404     error:
405     free(newbuf);
406     }
407    
408    
409     static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410     int bytes)
411     {
412     unsigned char *newbuf = malloc(bytes);
413     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414 doda 4212 char tmp[80];
415 maya 3227
416     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
417     if (bytes == 0)
418     goto error;
419    
420     if (newbuf == NULL)
421     return;
422    
423     if (bytes % block_size) {
424 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
425     "%s encrypt error(1): bytes %d (%d)");
426     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
427     "Blowfish", bytes, block_size);
428 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
429 maya 3227 goto error;
430     }
431    
432     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
434     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
435     "Blowfish");
436 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
437 maya 3227 goto error;
438    
439     } else {
440     memcpy(buf, newbuf, bytes);
441    
442     }
443    
444     error:
445     free(newbuf);
446     }
447    
448     static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
449     int bytes)
450     {
451     unsigned char *newbuf = malloc(bytes);
452     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
453 doda 4212 char tmp[80];
454 maya 3227
455     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
456     if (bytes == 0)
457     goto error;
458    
459     if (newbuf == NULL)
460     return;
461    
462     if (bytes % block_size) {
463 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
464     "%s decrypt error(1): bytes %d (%d)");
465     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
466     "Blowfish", bytes, block_size);
467 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
468 maya 3227 goto error;
469     }
470    
471     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
472 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
473     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
474     "Blowfish");
475 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
476 maya 3227 goto error;
477    
478     } else {
479     memcpy(buf, newbuf, bytes);
480    
481     }
482    
483     error:
484     free(newbuf);
485     }
486    
487 doda 4212
488 maya 3227 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
489 doda 4212 int bytes)
490 maya 3227 {
491     unsigned char *newbuf = malloc(bytes);
492     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
493 doda 4212 char tmp[80];
494 maya 3227
495     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
496     if (bytes == 0)
497     goto error;
498    
499     if (newbuf == NULL)
500     return;
501    
502     if (bytes % block_size) {
503 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
504     "%s encrypt error(1): bytes %d (%d)");
505     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
506     "Arcfour", bytes, block_size);
507 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
508 maya 3227 goto error;
509     }
510    
511     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
512 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
513     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
514     "Arcfour");
515 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
516 maya 3227 goto error;
517    
518     } else {
519     memcpy(buf, newbuf, bytes);
520    
521     }
522    
523     error:
524     free(newbuf);
525     }
526    
527     static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
528 doda 4212 int bytes)
529 maya 3227 {
530     unsigned char *newbuf = malloc(bytes);
531     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
532 doda 4212 char tmp[80];
533 maya 3227
534     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
535     if (bytes == 0)
536     goto error;
537    
538     if (newbuf == NULL)
539     return;
540    
541     if (bytes % block_size) {
542 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
543     "%s decrypt error(1): bytes %d (%d)");
544     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
545     "Arcfour", bytes, block_size);
546 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
547 maya 3227 goto error;
548     }
549    
550     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
551 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
552     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
553     "Arcfour");
554 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
555 maya 3227 goto error;
556    
557     } else {
558     memcpy(buf, newbuf, bytes);
559    
560     }
561    
562     error:
563     free(newbuf);
564     }
565    
566 doda 4212
567 maya 3227 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
568     int bytes)
569     {
570     unsigned char *newbuf = malloc(bytes);
571     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
572 doda 4212 char tmp[80];
573 maya 3227
574     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
575     if (bytes == 0)
576     goto error;
577    
578     if (newbuf == NULL)
579     return;
580    
581     if (bytes % block_size) {
582 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
583     "%s encrypt error(1): bytes %d (%d)");
584     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
585     "CAST128", bytes, block_size);
586 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
587 maya 3227 goto error;
588     }
589    
590     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
591 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
592     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
593     "CAST128");
594 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
595 maya 3227 goto error;
596    
597     } else {
598     memcpy(buf, newbuf, bytes);
599    
600     }
601    
602     error:
603     free(newbuf);
604     }
605    
606     static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
607     int bytes)
608     {
609     unsigned char *newbuf = malloc(bytes);
610     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
611 doda 4212 char tmp[80];
612 maya 3227
613     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
614     if (bytes == 0)
615     goto error;
616    
617     if (newbuf == NULL)
618     return;
619    
620     if (bytes % block_size) {
621 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
622     "%s decrypt error(1): bytes %d (%d)");
623     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
624     "CAST128", bytes, block_size);
625 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
626 maya 3227 goto error;
627     }
628    
629     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
630 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
631     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
632     "CAST128");
633 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
634 maya 3227 goto error;
635    
636     } else {
637     memcpy(buf, newbuf, bytes);
638    
639     }
640    
641     error:
642     free(newbuf);
643     }
644    
645 doda 4433 static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
646     int bytes)
647     {
648     unsigned char *newbuf = malloc(bytes);
649     int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
650     char tmp[80];
651 maya 3227
652 doda 4433 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
653     if (bytes == 0)
654     goto error;
655    
656     if (newbuf == NULL)
657     return;
658    
659     if (bytes % block_size) {
660     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
661     "%s encrypt error(1): bytes %d (%d)");
662     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
663     "Camellia128/192/256", bytes, block_size);
664 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
665 doda 4433 goto error;
666     }
667    
668     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
669     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
670     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
671     "Camellia128/192/256");
672 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
673 doda 4433 goto error;
674    
675     } else {
676     memcpy(buf, newbuf, bytes);
677    
678     }
679    
680     error:
681     free(newbuf);
682     }
683    
684     static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
685     int bytes)
686     {
687     unsigned char *newbuf = malloc(bytes);
688     int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
689     char tmp[80];
690    
691     // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
692     if (bytes == 0)
693     goto error;
694    
695     if (newbuf == NULL)
696     return;
697    
698     if (bytes % block_size) {
699     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
700     "%s decrypt error(1): bytes %d (%d)");
701     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
702     "Camellia128/192/256", bytes, block_size);
703 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
704 doda 4433 goto error;
705     }
706    
707     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
708     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
709     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
710     "Camellia128/192/256");
711 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
712 doda 4433 goto error;
713    
714     } else {
715     memcpy(buf, newbuf, bytes);
716    
717     }
718    
719     error:
720     free(newbuf);
721     }
722    
723 maya 3227 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
724     int bytes)
725     {
726     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
727    
728     DES_ncbc_encrypt(buf, buf, bytes,
729     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
730     DES_ncbc_encrypt(buf, buf, bytes,
731     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
732     DES_ncbc_encrypt(buf, buf, bytes,
733     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
734     }
735    
736     static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
737     int bytes)
738     {
739     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
740    
741     DES_ncbc_encrypt(buf, buf, bytes,
742     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
743     DES_ncbc_encrypt(buf, buf, bytes,
744     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
745     DES_ncbc_encrypt(buf, buf, bytes,
746     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
747     }
748    
749     static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
750     int bytes)
751     {
752     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
753    
754     DES_ncbc_encrypt(buf, buf, bytes,
755     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
756     }
757    
758     static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
759     int bytes)
760     {
761     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
762    
763     DES_ncbc_encrypt(buf, buf, bytes,
764     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
765     }
766    
767     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
768     {
769     uint32 FAR *buf = (uint32 FAR *) cbuf;
770     int count = bytes / 4;
771    
772     while (count > 0) {
773     uint32 w = *buf;
774    
775     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
776     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
777     count--;
778     buf++;
779     }
780     }
781    
782     static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
783     int bytes)
784     {
785     CipherBlowfishState FAR *encryptstate =
786     &pvar->crypt_state.enc.cBlowfish;
787    
788     flip_endianness(buf, bytes);
789     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
790     BF_ENCRYPT);
791     flip_endianness(buf, bytes);
792     }
793    
794     static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
795     int bytes)
796     {
797     CipherBlowfishState FAR *decryptstate =
798     &pvar->crypt_state.dec.cBlowfish;
799    
800     flip_endianness(buf, bytes);
801     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
802     BF_DECRYPT);
803     flip_endianness(buf, bytes);
804     }
805    
806     void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
807     int bytes)
808     {
809     RAND_bytes(buf, bytes);
810     }
811    
812     void CRYPT_initialize_random_numbers(PTInstVar pvar)
813     {
814 maya 4550 // ����������������������
815     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
816     //RAND_screen();
817 maya 3227 }
818    
819     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
820     {
821     int bits = get_ushort16_MSBfirst(bytes);
822    
823     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
824     }
825    
826     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
827     RSA FAR *make_key(PTInstVar pvar,
828     int bits, unsigned char FAR * exp,
829     unsigned char FAR * mod)
830     {
831     RSA FAR *key = RSA_new();
832    
833     if (key != NULL) {
834     key->e = get_bignum(exp);
835     key->n = get_bignum(mod);
836     }
837    
838     if (key == NULL || key->e == NULL || key->n == NULL) {
839     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
840     "Error setting up RSA keys");
841 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
842 maya 3227
843     if (key != NULL) {
844     if (key->e != NULL) {
845     BN_free(key->e);
846     }
847     if (key->n != NULL) {
848     BN_free(key->n);
849     }
850     RSA_free(key);
851     }
852    
853     return NULL;
854     } else {
855     return key;
856     }
857     }
858    
859     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
860     {
861     if (SSHv1(pvar)) {
862     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
863     } else {
864     memcpy(pvar->crypt_state.server_cookie, cookie,
865     SSH2_COOKIE_LENGTH);
866     }
867     }
868    
869     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
870     {
871     if (SSHv2(pvar)) {
872     memcpy(pvar->crypt_state.client_cookie, cookie,
873     SSH2_COOKIE_LENGTH);
874     }
875     }
876    
877     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
878     int bits, unsigned char FAR * exp,
879     unsigned char FAR * mod)
880     {
881     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
882    
883     return pvar->crypt_state.server_key.RSA_key != NULL;
884     }
885    
886     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
887     int bits, unsigned char FAR * exp,
888     unsigned char FAR * mod)
889     {
890     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
891    
892     return pvar->crypt_state.host_key.RSA_key != NULL;
893     }
894    
895     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
896     int receiver_ciphers)
897     {
898     int cipher_mask;
899    
900     if (SSHv1(pvar)) {
901     cipher_mask = (1 << SSH_CIPHER_DES)
902     | (1 << SSH_CIPHER_3DES)
903     | (1 << SSH_CIPHER_BLOWFISH);
904    
905     } else { // for SSH2(yutaka)
906     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
907 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
908 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
909     | (1 << SSH2_CIPHER_AES192_CBC)
910     | (1 << SSH2_CIPHER_AES256_CBC)
911     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
912     | (1 << SSH2_CIPHER_AES128_CTR)
913     | (1 << SSH2_CIPHER_AES192_CTR)
914     | (1 << SSH2_CIPHER_AES256_CTR)
915     | (1 << SSH2_CIPHER_ARCFOUR)
916     | (1 << SSH2_CIPHER_ARCFOUR128)
917     | (1 << SSH2_CIPHER_ARCFOUR256)
918 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
919     | (1 << SSH2_CIPHER_3DES_CTR)
920     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
921 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
922     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
923     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
924     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
925     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
926     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
927     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
928     );
929 maya 3227 }
930    
931     sender_ciphers &= cipher_mask;
932     receiver_ciphers &= cipher_mask;
933     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
934     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
935    
936     if (sender_ciphers == 0) {
937     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
938     "The server does not support any of the TTSSH encryption algorithms.\n"
939     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
940     "The connection will be closed.");
941 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
942 maya 3227 return FALSE;
943     } else if (receiver_ciphers == 0) {
944     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
945     "The server does not support any of the TTSSH encryption algorithms.\n"
946     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
947     "The connection will be closed.");
948 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
949 maya 3227 return FALSE;
950     } else {
951     return TRUE;
952     }
953     }
954    
955     int CRYPT_get_decryption_block_size(PTInstVar pvar)
956     {
957     if (SSHv1(pvar)) {
958     return 8;
959     } else {
960     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
961     // cf. 3DES=8, AES128=16
962     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
963     }
964     }
965    
966     int CRYPT_get_encryption_block_size(PTInstVar pvar)
967     {
968     if (SSHv1(pvar)) {
969     return 8;
970     } else {
971     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
972     // cf. 3DES=8, AES128=16
973     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
974     }
975     }
976    
977     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
978     {
979     struct Mac *mac;
980    
981     if (SSHv1(pvar)) {
982     return 0;
983    
984     } else { // for SSH2(yutaka)
985     mac = &pvar->ssh2_keys[MODE_IN].mac;
986     if (mac == NULL || mac->enabled == 0)
987     return 0;
988    
989     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
990     }
991    
992     }
993    
994     // HMAC������
995     // ���{������ SSH2 �������g�p�������B
996     // (2004.12.17 yutaka)
997     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
998 yutakapon 6302 char FAR * data, int len, char FAR * MAC)
999 maya 3227 {
1000     HMAC_CTX c;
1001     unsigned char m[EVP_MAX_MD_SIZE];
1002     unsigned char b[4];
1003     struct Mac *mac;
1004    
1005     mac = &pvar->ssh2_keys[MODE_IN].mac;
1006    
1007     // HMAC�������L���������������A����OK�����������B
1008 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
1009 maya 3227 return TRUE;
1010    
1011 yutakapon 6302 if (mac->key == NULL) {
1012     logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
1013 maya 3227 goto error;
1014 yutakapon 6302 }
1015 maya 3227
1016 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
1017     logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
1018     mac->mac_len, sizeof(m), sequence_number, len);
1019 maya 3227 goto error;
1020 yutakapon 6302 }
1021 maya 3227
1022     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1023     set_uint32_MSBfirst(b, sequence_number);
1024     HMAC_Update(&c, b, sizeof(b));
1025     HMAC_Update(&c, data, len);
1026     HMAC_Final(&c, m, NULL);
1027     HMAC_cleanup(&c);
1028    
1029     if (memcmp(m, MAC, mac->mac_len)) {
1030 yutakapon 6302 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
1031     logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
1032     logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
1033 maya 3227 goto error;
1034     }
1035    
1036     return TRUE;
1037    
1038     error:
1039     return FALSE;
1040     }
1041    
1042     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1043     {
1044     struct Mac *mac;
1045    
1046     if (SSHv2(pvar)) { // for SSH2(yutaka)
1047     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1048     if (mac == NULL || mac->enabled == 0)
1049     return 0;
1050    
1051     return (mac->mac_len);
1052     }
1053    
1054     return 0;
1055     }
1056    
1057     // for SSH2
1058     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1059     char FAR * data, int len, char FAR * MAC)
1060     {
1061     HMAC_CTX c;
1062     static u_char m[EVP_MAX_MD_SIZE];
1063     u_char b[4];
1064     struct Mac *mac;
1065    
1066     if (SSHv2(pvar)) { // for SSH2(yutaka)
1067     mac = &pvar->ssh2_keys[MODE_OUT].mac;
1068     if (mac == NULL || mac->enabled == 0)
1069     return FALSE;
1070    
1071     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1072     set_uint32_MSBfirst(b, sequence_number);
1073     HMAC_Update(&c, b, sizeof(b));
1074     HMAC_Update(&c, data, len);
1075     HMAC_Final(&c, m, NULL);
1076     HMAC_cleanup(&c);
1077    
1078     // 20�o�C�g�������R�s�[
1079     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1080     // memcpy(MAC, m, sizeof(m));
1081    
1082     return TRUE;
1083     }
1084    
1085     return TRUE;
1086    
1087     }
1088    
1089     static int choose_cipher(PTInstVar pvar, int supported)
1090     {
1091     int i;
1092    
1093     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1094     int cipher = pvar->session_settings.CipherOrder[i] - '0';
1095    
1096     if (cipher == SSH_CIPHER_NONE) {
1097     break;
1098     } else if ((supported & (1 << cipher)) != 0) {
1099     return cipher;
1100     }
1101     }
1102    
1103     return SSH_CIPHER_NONE;
1104     }
1105    
1106     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1107     {
1108     if (SSHv1(pvar)) {
1109     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1110     pvar->crypt_state.
1111     supported_sender_ciphers);
1112     pvar->crypt_state.receiver_cipher =
1113     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1114    
1115     } else { // SSH2(yutaka)
1116     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1117     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1118    
1119     }
1120    
1121     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1122     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1123 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
1124 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1125     "To communicate with this server, you will have to enable some more ciphers\n"
1126     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1127     "This connection will now close.");
1128 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1129 maya 3227 return FALSE;
1130     } else {
1131     return TRUE;
1132     }
1133     }
1134    
1135     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1136     {
1137     int server_key_bits =
1138     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1139     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1140     int server_key_bytes = (server_key_bits + 7) / 8;
1141     int host_key_bytes = (host_key_bits + 7) / 8;
1142    
1143     if (server_key_bits < host_key_bits) {
1144     return host_key_bytes;
1145     } else {
1146     return server_key_bytes;
1147     }
1148     }
1149    
1150     int CRYPT_choose_session_key(PTInstVar pvar,
1151     unsigned char FAR * encrypted_key_buf)
1152     {
1153     int server_key_bits =
1154     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1155     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1156     int server_key_bytes = (server_key_bits + 7) / 8;
1157     int host_key_bytes = (host_key_bits + 7) / 8;
1158     int encrypted_key_bytes;
1159     int bit_delta;
1160    
1161     if (server_key_bits < host_key_bits) {
1162     encrypted_key_bytes = host_key_bytes;
1163     bit_delta = host_key_bits - server_key_bits;
1164     } else {
1165     encrypted_key_bytes = server_key_bytes;
1166     bit_delta = server_key_bits - host_key_bits;
1167     }
1168    
1169     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1170 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
1171 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
1172 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1173 maya 3227 return 0;
1174     } else {
1175     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1176     for the session ID, rather than the one specified in the RFC */
1177     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1178     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1179     char session_id[16];
1180     int i;
1181    
1182     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1183     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1184     session_buf + host_key_bytes);
1185     memcpy(session_buf + server_key_bytes + host_key_bytes,
1186     pvar->crypt_state.server_cookie, 8);
1187     MD5(session_buf, session_buf_len, session_id);
1188    
1189     free(session_buf);
1190    
1191     RAND_bytes(pvar->crypt_state.sender_cipher_key,
1192     SSH_SESSION_KEY_LENGTH);
1193     memcpy(pvar->crypt_state.receiver_cipher_key,
1194     pvar->crypt_state.sender_cipher_key,
1195     SSH_SESSION_KEY_LENGTH);
1196    
1197     memcpy(encrypted_key_buf + encrypted_key_bytes -
1198     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1199     SSH_SESSION_KEY_LENGTH);
1200     for (i = 0; i < sizeof(session_id); i++) {
1201     encrypted_key_buf[encrypted_key_bytes -
1202     SSH_SESSION_KEY_LENGTH + i]
1203     ^= session_id[i];
1204     }
1205    
1206     if (host_key_bits > server_key_bits) {
1207     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1208     encrypted_key_buf +
1209     encrypted_key_bytes -
1210     SSH_SESSION_KEY_LENGTH,
1211     encrypted_key_buf +
1212     encrypted_key_bytes - server_key_bytes,
1213     pvar->crypt_state.server_key.RSA_key,
1214     RSA_PKCS1_PADDING) < 0)
1215     return 0;
1216    
1217     if (RSA_public_encrypt(server_key_bytes,
1218     encrypted_key_buf +
1219     encrypted_key_bytes - server_key_bytes,
1220     encrypted_key_buf,
1221     pvar->crypt_state.host_key.RSA_key,
1222     RSA_PKCS1_PADDING) < 0)
1223     return 0;
1224     } else {
1225     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1226     encrypted_key_buf +
1227     encrypted_key_bytes -
1228     SSH_SESSION_KEY_LENGTH,
1229     encrypted_key_buf +
1230     encrypted_key_bytes - host_key_bytes,
1231     pvar->crypt_state.host_key.RSA_key,
1232     RSA_PKCS1_PADDING) < 0)
1233     return 0;
1234    
1235     if (RSA_public_encrypt(host_key_bytes,
1236     encrypted_key_buf +
1237     encrypted_key_bytes - host_key_bytes,
1238     encrypted_key_buf,
1239     pvar->crypt_state.server_key.RSA_key,
1240     RSA_PKCS1_PADDING) < 0)
1241     return 0;
1242     }
1243     }
1244    
1245     return 1;
1246     }
1247    
1248     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1249     unsigned char FAR * challenge,
1250     int challenge_len,
1251     unsigned char FAR * response)
1252     {
1253     int server_key_bits =
1254     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1255     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1256     int server_key_bytes = (server_key_bits + 7) / 8;
1257     int host_key_bytes = (host_key_bits + 7) / 8;
1258     int session_buf_len = server_key_bytes + host_key_bytes + 8;
1259     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1260     char decrypted_challenge[48];
1261     int decrypted_challenge_len;
1262    
1263     decrypted_challenge_len =
1264     RSA_private_decrypt(challenge_len, challenge, challenge,
1265 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1266 maya 3227 RSA_PKCS1_PADDING);
1267     if (decrypted_challenge_len < 0) {
1268     free(session_buf);
1269     return 0;
1270     }
1271     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1272     memcpy(decrypted_challenge,
1273     challenge + decrypted_challenge_len -
1274     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1275     } else {
1276     memset(decrypted_challenge, 0,
1277     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1278     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1279     decrypted_challenge_len, challenge,
1280     decrypted_challenge_len);
1281     }
1282    
1283     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1284     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1285     session_buf + host_key_bytes);
1286     memcpy(session_buf + server_key_bytes + host_key_bytes,
1287     pvar->crypt_state.server_cookie, 8);
1288     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1289    
1290     free(session_buf);
1291    
1292     MD5(decrypted_challenge, 48, response);
1293    
1294     return 1;
1295     }
1296    
1297     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1298     {
1299     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1300     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1301     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1302     memset(state->ivec1, 0, 8);
1303     memset(state->ivec2, 0, 8);
1304     memset(state->ivec3, 0, 8);
1305     }
1306    
1307     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1308     {
1309 doda 6585 DES_set_key((const_DES_cblock FAR *) session_key, &state->k);
1310 maya 3227 memset(state->ivec, 0, 8);
1311     }
1312    
1313     static void cBlowfish_init(char FAR * session_key,
1314     CipherBlowfishState FAR * state)
1315     {
1316     BF_set_key(&state->k, 32, session_key);
1317     memset(state->ivec, 0, 8);
1318     }
1319    
1320    
1321     //
1322     // SSH2�p�A���S���Y����������
1323     //
1324     // for SSH2(yutaka)
1325     //
1326     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1327     const u_char *key, u_int keylen,
1328     const u_char *iv, u_int ivlen,
1329     int encrypt,
1330     const EVP_CIPHER *type,
1331     int discard_len,
1332     PTInstVar pvar)
1333     {
1334     int klen;
1335     char tmp[80];
1336     unsigned char *junk = NULL, *discard = NULL;
1337    
1338     EVP_CIPHER_CTX_init(evp);
1339     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1340     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1341     "Cipher initialize error(%d)");
1342     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1343 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1344 maya 3227 return;
1345     }
1346    
1347     klen = EVP_CIPHER_CTX_key_length(evp);
1348     if (klen > 0 && keylen != klen) {
1349     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1350     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1351     "Cipher initialize error(%d)");
1352     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1353 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1354 maya 3227 return;
1355     }
1356     }
1357     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1358     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1359     "Cipher initialize error(%d)");
1360     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1361 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1362 maya 3227 return;
1363     }
1364    
1365     if (discard_len > 0) {
1366     junk = malloc(discard_len);
1367     discard = malloc(discard_len);
1368     if (junk == NULL || discard == NULL ||
1369     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1370     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1371     "Cipher initialize error(%d)");
1372     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1373     pvar->ts->UIMsg, 3);
1374 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1375 maya 3227 }
1376     else {
1377 yutakapon 6229 SecureZeroMemory(discard, discard_len);
1378 maya 3227 }
1379     free(junk);
1380     free(discard);
1381     }
1382     }
1383    
1384 yutakapon 5545 //
1385     // SSH2�p�A���S���Y�����j��
1386     //
1387     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1388     {
1389     EVP_CIPHER_CTX_cleanup(evp);
1390     }
1391 maya 3227
1392 yutakapon 5545
1393 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1394     {
1395     char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1396     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1397     BOOL isOK = TRUE;
1398    
1399     if (sender_flag) {
1400     switch (pvar->crypt_state.sender_cipher) {
1401     // for SSH2(yutaka)
1402     case SSH2_CIPHER_3DES_CBC:
1403 doda 3850 case SSH2_CIPHER_3DES_CTR:
1404 maya 3227 {
1405     struct Enc *enc;
1406    
1407     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1408     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1409     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1410     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1411     CIPHER_ENCRYPT,
1412     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1413     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1414     pvar);
1415    
1416     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1417     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1418    
1419 doda 3850 pvar->crypt_state.encrypt = c3DES_encrypt2;
1420 maya 3227 break;
1421     }
1422    
1423     // for SSH2(yutaka)
1424     case SSH2_CIPHER_AES128_CBC:
1425     case SSH2_CIPHER_AES192_CBC:
1426     case SSH2_CIPHER_AES256_CBC:
1427     case SSH2_CIPHER_AES128_CTR:
1428     case SSH2_CIPHER_AES192_CTR:
1429     case SSH2_CIPHER_AES256_CTR:
1430     {
1431     struct Enc *enc;
1432    
1433     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1434     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1435     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1436     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1437     CIPHER_ENCRYPT,
1438     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1439     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1440     pvar);
1441    
1442     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1443     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1444    
1445     pvar->crypt_state.encrypt = cAES128_encrypt;
1446     break;
1447     }
1448    
1449     case SSH2_CIPHER_BLOWFISH_CBC:
1450 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1451 maya 3227 {
1452     struct Enc *enc;
1453    
1454     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1455     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1456     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1457     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1458     CIPHER_ENCRYPT,
1459     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1460     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1461     pvar);
1462    
1463     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1464     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1465    
1466     pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1467     break;
1468     }
1469    
1470     case SSH2_CIPHER_ARCFOUR:
1471     case SSH2_CIPHER_ARCFOUR128:
1472     case SSH2_CIPHER_ARCFOUR256:
1473     {
1474     struct Enc *enc;
1475    
1476     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1477     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1478     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1479     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1480     CIPHER_ENCRYPT,
1481     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1482     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1483     pvar);
1484     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1485     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1486    
1487     pvar->crypt_state.encrypt = cArcfour_encrypt;
1488     break;
1489     }
1490    
1491     case SSH2_CIPHER_CAST128_CBC:
1492 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1493 maya 3227 {
1494     struct Enc *enc;
1495    
1496     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1497     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1498     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1499     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1500     CIPHER_ENCRYPT,
1501     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1502     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1503     pvar);
1504     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1505     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1506    
1507     pvar->crypt_state.encrypt = cCast128_encrypt;
1508     break;
1509     }
1510    
1511 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1512     case SSH2_CIPHER_CAMELLIA192_CBC:
1513     case SSH2_CIPHER_CAMELLIA256_CBC:
1514     case SSH2_CIPHER_CAMELLIA128_CTR:
1515     case SSH2_CIPHER_CAMELLIA192_CTR:
1516     case SSH2_CIPHER_CAMELLIA256_CTR:
1517     {
1518     struct Enc *enc;
1519    
1520     enc = &pvar->ssh2_keys[MODE_OUT].enc;
1521     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1522     enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1523     enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1524     CIPHER_ENCRYPT,
1525     get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1526     get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1527     pvar);
1528    
1529     //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1530     //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1531    
1532     pvar->crypt_state.encrypt = cCamellia_encrypt;
1533     break;
1534     }
1535    
1536 maya 3227 case SSH_CIPHER_3DES:{
1537     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1538     pvar->crypt_state.encrypt = c3DES_encrypt;
1539     break;
1540     }
1541     case SSH_CIPHER_DES:{
1542     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1543     pvar->crypt_state.encrypt = cDES_encrypt;
1544     break;
1545     }
1546     case SSH_CIPHER_BLOWFISH:{
1547     cBlowfish_init(encryption_key,
1548     &pvar->crypt_state.enc.cBlowfish);
1549     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1550     break;
1551     }
1552     default:
1553     isOK = FALSE;
1554     }
1555     }
1556    
1557    
1558     if (receiver_flag) {
1559     switch (pvar->crypt_state.receiver_cipher) {
1560     // for SSH2(yutaka)
1561     case SSH2_CIPHER_3DES_CBC:
1562 doda 3850 case SSH2_CIPHER_3DES_CTR:
1563 maya 3227 {
1564     struct Enc *enc;
1565    
1566     enc = &pvar->ssh2_keys[MODE_IN].enc;
1567     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1568     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1569     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1570     CIPHER_DECRYPT,
1571     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1572     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1573     pvar);
1574    
1575     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1576     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1577    
1578 doda 3850 pvar->crypt_state.decrypt = c3DES_decrypt2;
1579 maya 3227 break;
1580     }
1581    
1582     // for SSH2(yutaka)
1583     case SSH2_CIPHER_AES128_CBC:
1584     case SSH2_CIPHER_AES192_CBC:
1585     case SSH2_CIPHER_AES256_CBC:
1586     case SSH2_CIPHER_AES128_CTR:
1587     case SSH2_CIPHER_AES192_CTR:
1588     case SSH2_CIPHER_AES256_CTR:
1589     {
1590     struct Enc *enc;
1591    
1592     enc = &pvar->ssh2_keys[MODE_IN].enc;
1593     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1594     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1595     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1596     CIPHER_DECRYPT,
1597     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1598     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1599     pvar);
1600    
1601     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1602     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1603    
1604     pvar->crypt_state.decrypt = cAES128_decrypt;
1605     break;
1606     }
1607    
1608     case SSH2_CIPHER_BLOWFISH_CBC:
1609 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1610 maya 3227 {
1611     struct Enc *enc;
1612    
1613     enc = &pvar->ssh2_keys[MODE_IN].enc;
1614     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1615     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1616     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1617     CIPHER_DECRYPT,
1618     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1619     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1620     pvar);
1621    
1622     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1623     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1624    
1625     pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1626     break;
1627     }
1628    
1629     case SSH2_CIPHER_ARCFOUR:
1630     case SSH2_CIPHER_ARCFOUR128:
1631     case SSH2_CIPHER_ARCFOUR256:
1632     {
1633     struct Enc *enc;
1634    
1635     enc = &pvar->ssh2_keys[MODE_IN].enc;
1636     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1637     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1638     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1639     CIPHER_DECRYPT,
1640     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1641     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1642     pvar);
1643    
1644     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1645     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1646    
1647     pvar->crypt_state.decrypt = cArcfour_decrypt;
1648     break;
1649     }
1650    
1651     case SSH2_CIPHER_CAST128_CBC:
1652 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1653 maya 3227 {
1654     struct Enc *enc;
1655    
1656     enc = &pvar->ssh2_keys[MODE_IN].enc;
1657     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1658     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1659     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1660     CIPHER_DECRYPT,
1661     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1662     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1663     pvar);
1664    
1665     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1666     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1667    
1668     pvar->crypt_state.decrypt = cCast128_decrypt;
1669     break;
1670     }
1671    
1672 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1673     case SSH2_CIPHER_CAMELLIA192_CBC:
1674     case SSH2_CIPHER_CAMELLIA256_CBC:
1675     case SSH2_CIPHER_CAMELLIA128_CTR:
1676     case SSH2_CIPHER_CAMELLIA192_CTR:
1677     case SSH2_CIPHER_CAMELLIA256_CTR:
1678     {
1679     struct Enc *enc;
1680    
1681     enc = &pvar->ssh2_keys[MODE_IN].enc;
1682     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1683     enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1684     enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1685     CIPHER_DECRYPT,
1686     get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1687     get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1688     pvar);
1689    
1690     //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1691     //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1692    
1693     pvar->crypt_state.decrypt = cCamellia_decrypt;
1694     break;
1695     }
1696    
1697 maya 3227 case SSH_CIPHER_3DES:{
1698     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1699     pvar->crypt_state.decrypt = c3DES_decrypt;
1700     break;
1701     }
1702     case SSH_CIPHER_DES:{
1703     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1704     pvar->crypt_state.decrypt = cDES_decrypt;
1705     break;
1706     }
1707     case SSH_CIPHER_BLOWFISH:{
1708     cBlowfish_init(decryption_key,
1709     &pvar->crypt_state.dec.cBlowfish);
1710     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1711     break;
1712     }
1713     default:
1714     isOK = FALSE;
1715     }
1716     }
1717    
1718    
1719     if (!isOK) {
1720 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1721 maya 3227 "No cipher selected!");
1722 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1723 maya 3227 return FALSE;
1724     } else {
1725     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1726     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1727     return TRUE;
1728     }
1729     }
1730    
1731     void CRYPT_init(PTInstVar pvar)
1732     {
1733     pvar->crypt_state.encrypt = no_encrypt;
1734     pvar->crypt_state.decrypt = no_encrypt;
1735     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1736     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1737     pvar->crypt_state.server_key.RSA_key = NULL;
1738     pvar->crypt_state.host_key.RSA_key = NULL;
1739    
1740     pvar->crypt_state.detect_attack_statics.h = NULL;
1741     pvar->crypt_state.detect_attack_statics.n =
1742     HASH_MINSIZE / HASH_ENTRYSIZE;
1743     }
1744    
1745     static char FAR *get_cipher_name(int cipher)
1746     {
1747     switch (cipher) {
1748     case SSH_CIPHER_NONE:
1749     return "None";
1750     case SSH_CIPHER_3DES:
1751     return "3DES (168 key bits)";
1752     case SSH_CIPHER_DES:
1753     return "DES (56 key bits)";
1754     case SSH_CIPHER_BLOWFISH:
1755     return "Blowfish (256 key bits)";
1756    
1757     // SSH2
1758     case SSH2_CIPHER_3DES_CBC:
1759     return "3DES-CBC";
1760     case SSH2_CIPHER_AES128_CBC:
1761     return "AES128-CBC";
1762     case SSH2_CIPHER_AES192_CBC:
1763     return "AES192-CBC";
1764     case SSH2_CIPHER_AES256_CBC:
1765     return "AES256-CBC";
1766     case SSH2_CIPHER_BLOWFISH_CBC:
1767     return "Blowfish-CBC";
1768     case SSH2_CIPHER_AES128_CTR:
1769     return "AES128-CTR";
1770     case SSH2_CIPHER_AES192_CTR:
1771     return "AES192-CTR";
1772     case SSH2_CIPHER_AES256_CTR:
1773     return "AES256-CTR";
1774     case SSH2_CIPHER_ARCFOUR:
1775     return "Arcfour";
1776     case SSH2_CIPHER_ARCFOUR128:
1777     return "Arcfour128";
1778     case SSH2_CIPHER_ARCFOUR256:
1779     return "Arcfour256";
1780     case SSH2_CIPHER_CAST128_CBC:
1781     return "CAST-128-CBC";
1782 doda 3850 case SSH2_CIPHER_3DES_CTR:
1783     return "3DES-CTR";
1784     case SSH2_CIPHER_BLOWFISH_CTR:
1785     return "Blowfish-CTR";
1786     case SSH2_CIPHER_CAST128_CTR:
1787     return "CAST-128-CTR";
1788 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1789     return "Camellia128-CBC";
1790     case SSH2_CIPHER_CAMELLIA192_CBC:
1791     return "Camellia192-CBC";
1792     case SSH2_CIPHER_CAMELLIA256_CBC:
1793     return "Camellia256-CBC";
1794     case SSH2_CIPHER_CAMELLIA128_CTR:
1795     return "Camellia128-CTR";
1796     case SSH2_CIPHER_CAMELLIA192_CTR:
1797     return "Camellia192-CTR";
1798     case SSH2_CIPHER_CAMELLIA256_CTR:
1799     return "Camellia256-CTR";
1800 maya 3227
1801     default:
1802     return "Unknown";
1803     }
1804     }
1805    
1806     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1807     {
1808     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1809     "%s to server, %s from server");
1810     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1811     get_cipher_name(pvar->crypt_state.sender_cipher),
1812     get_cipher_name(pvar->crypt_state.receiver_cipher));
1813     }
1814    
1815     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1816     {
1817     if (SSHv1(pvar)) {
1818     if (pvar->crypt_state.server_key.RSA_key == NULL
1819     || pvar->crypt_state.host_key.RSA_key == NULL) {
1820     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1821     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1822     } else {
1823     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1824     "%d-bit server key, %d-bit host key");
1825     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1826     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1827     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1828     }
1829     } else { // SSH2
1830 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1831     "%d-bit client key, %d-bit server key");
1832 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1833 maya 4313 pvar->client_key_bits,
1834     pvar->server_key_bits);
1835 maya 3227 }
1836     }
1837    
1838 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1839 maya 3227 {
1840     if (key->RSA_key != NULL) {
1841     RSA_free(key->RSA_key);
1842     key->RSA_key = NULL;
1843     }
1844     }
1845    
1846 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1847 maya 3227 {
1848     destroy_public_key(key);
1849     free(key);
1850     }
1851    
1852     void CRYPT_end(PTInstVar pvar)
1853     {
1854     destroy_public_key(&pvar->crypt_state.host_key);
1855     destroy_public_key(&pvar->crypt_state.server_key);
1856    
1857     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1858 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1859 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1860     free(pvar->crypt_state.detect_attack_statics.h);
1861     }
1862    
1863 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1864 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1865 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1866 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1867 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1868 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1869 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1870 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1871 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1872     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1873 maya 3227 }
1874    
1875     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1876     char FAR * buf, int bytes)
1877     {
1878     unsigned char passphrase_key[16];
1879    
1880     MD5(passphrase, strlen(passphrase), passphrase_key);
1881    
1882     switch (cipher) {
1883     case SSH_CIPHER_3DES:{
1884     Cipher3DESState state;
1885    
1886     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1887     &state.k1);
1888     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1889     &state.k2);
1890     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1891     &state.k3);
1892     memset(state.ivec1, 0, 8);
1893     memset(state.ivec2, 0, 8);
1894     memset(state.ivec3, 0, 8);
1895     DES_ncbc_encrypt(buf, buf, bytes,
1896     &state.k3, &state.ivec3, DES_DECRYPT);
1897     DES_ncbc_encrypt(buf, buf, bytes,
1898     &state.k2, &state.ivec2, DES_ENCRYPT);
1899     DES_ncbc_encrypt(buf, buf, bytes,
1900     &state.k1, &state.ivec1, DES_DECRYPT);
1901     break;
1902     }
1903    
1904     case SSH_CIPHER_DES:{
1905     CipherDESState state;
1906    
1907     cDES_init(passphrase_key, &state);
1908     DES_ncbc_encrypt(buf, buf, bytes,
1909     &state.k, &state.ivec, DES_DECRYPT);
1910     break;
1911     }
1912    
1913     case SSH_CIPHER_BLOWFISH:{
1914     CipherBlowfishState state;
1915    
1916     BF_set_key(&state.k, 16, passphrase_key);
1917     memset(state.ivec, 0, 8);
1918     flip_endianness(buf, bytes);
1919     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1920     BF_DECRYPT);
1921     flip_endianness(buf, bytes);
1922     break;
1923     }
1924    
1925     case SSH_CIPHER_NONE:
1926     break;
1927    
1928     default:
1929 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1930 maya 3227 return 0;
1931     }
1932    
1933 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1934 maya 3227 return 1;
1935     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help