Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6716 - (hide annotations) (download) (as text)
Fri May 12 12:42:01 2017 UTC (6 years, 11 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 37782 byte(s) 
SSH2 暗号化/復号関数を一つにまとめた
1 maya 3227 /*
2     Copyright (c) 1998-2001, Robert O'Callahan
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #define WINDOWS
30    
31     #include "ttxssh.h"
32     #include "util.h"
33    
34     #include <openssl/rand.h>
35     #include <openssl/bn.h>
36     #include <openssl/md5.h>
37     #include <openssl/err.h>
38     #include <openssl/des.h>
39     #include <openssl/hmac.h> // for SSH2(yutaka)
40     #include <openssl/dsa.h>
41     #include "cipher.h"
42     #include "ssh.h"
43    
44     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45     #define get_uint32(buf) get_uint32_MSBfirst((buf))
46    
47     #define DEATTACK_OK 0
48     #define DEATTACK_DETECTED 1
49    
50     /*
51     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54     */
55    
56     /* SSH Constants */
57     #define SSH_BLOCKSIZE 8
58    
59     /* Hashing constants */
60     #define HASH_MINSIZE 8*2048
61     #define HASH_ENTRYSIZE 4
62     #define HASH_FACTOR(x) ((x)*3/2)
63     #define HASH_UNUSEDCHAR 0xff
64     #define HASH_UNUSED 0xffffffff
65     #define HASH_IV 0xfffffffe
66    
67     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68    
69     /* Hash function (Input keys are cipher results) */
70     #define HASH(x) get_uint32(x)
71    
72     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73    
74    
75 doda 6716 static char FAR *get_cipher_name(int cipher);
76 maya 3227
77     static void crc_update(uint32 FAR * a, uint32 b)
78     {
79     b ^= *a;
80     *a = do_crc((unsigned char FAR *) &b, sizeof(b));
81     }
82    
83     /* check_crc
84     detects if a block is used in a particular pattern
85     */
86    
87     static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
88     uint32 len, unsigned char FAR * IV)
89     {
90     uint32 crc;
91     unsigned char FAR *c;
92    
93     crc = 0;
94     if (IV && !CMP(S, IV)) {
95     crc_update(&crc, 1);
96     crc_update(&crc, 0);
97     }
98     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
99     if (!CMP(S, c)) {
100     crc_update(&crc, 1);
101     crc_update(&crc, 0);
102     } else {
103     crc_update(&crc, 0);
104     crc_update(&crc, 0);
105     }
106     }
107    
108     return crc == 0;
109     }
110    
111    
112     /*
113     detect_attack
114     Detects a crc32 compensation attack on a packet
115     */
116     static int detect_attack(CRYPTDetectAttack FAR * statics,
117     unsigned char FAR * buf, uint32 len,
118     unsigned char *FAR IV)
119     {
120     uint32 FAR *h = statics->h;
121     uint32 n = statics->n;
122     uint32 i, j;
123     uint32 l;
124     unsigned char FAR *c;
125     unsigned char FAR *d;
126    
127     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
128     }
129    
130     if (h == NULL) {
131     n = l;
132     h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
133     } else {
134     if (l > n) {
135     n = l;
136     h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
137     }
138     }
139    
140     statics->h = h;
141     statics->n = n;
142    
143     if (len <= HASH_MINBLOCKS) {
144     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
145     if (IV && (!CMP(c, IV))) {
146     if ((check_crc(c, buf, len, IV)))
147     return DEATTACK_DETECTED;
148     else
149     break;
150     }
151     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
152     if (!CMP(c, d)) {
153     if ((check_crc(c, buf, len, IV)))
154     return DEATTACK_DETECTED;
155     else
156     break;
157     }
158     }
159     }
160     return (DEATTACK_OK);
161     }
162     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
163    
164     if (IV) {
165     h[HASH(IV) & (n - 1)] = HASH_IV;
166     }
167    
168     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
169     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
170     i = (i + 1) & (n - 1)) {
171     if (h[i] == HASH_IV) {
172     if (!CMP(c, IV)) {
173     if (check_crc(c, buf, len, IV))
174     return DEATTACK_DETECTED;
175     else
176     break;
177     }
178     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
179     if (check_crc(c, buf, len, IV))
180     return DEATTACK_DETECTED;
181     else
182     break;
183     }
184     }
185     h[i] = j;
186     }
187    
188     return DEATTACK_OK;
189     }
190    
191     BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
192     int bytes)
193     {
194     if (SSHv1(pvar)) {
195 doda 6714 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE) {
196 maya 3227 return FALSE;
197 doda 6714 }
198     else {
199 maya 3227 return detect_attack(&pvar->crypt_state.detect_attack_statics,
200     buf, bytes, NULL) == DEATTACK_DETECTED;
201     }
202     } else {
203     return FALSE;
204     }
205     }
206    
207     static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
208     {
209     }
210    
211 doda 6716 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 maya 3227 {
213 doda 6716 unsigned char *newbuf;
214 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
215 doda 4212 char tmp[80];
216 maya 3227
217     if (bytes == 0)
218     return;
219    
220     if (bytes % block_size) {
221 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
222     "%s encrypt error(1): bytes %d (%d)");
223     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
224 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
225     bytes, block_size);
226 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
227 maya 3227 return;
228     }
229    
230 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
231 maya 3227 return;
232    
233     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
234 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
235     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
236 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
237 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
238 maya 3227 } else {
239     memcpy(buf, newbuf, bytes);
240     }
241    
242     free(newbuf);
243     }
244    
245 doda 6716 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
246 maya 3227 {
247 doda 6716 unsigned char *newbuf;
248 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
249 doda 4212 char tmp[80];
250 maya 3227
251     if (bytes == 0)
252     return;
253    
254     if (bytes % block_size) {
255 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
256     "%s decrypt error(1): bytes %d (%d)");
257     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
258 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
259     bytes, block_size);
260 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
261 maya 3227 return;
262     }
263    
264 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
265 maya 3227 return;
266    
267     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
268 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
269     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
270 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
271 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
272 maya 3227 } else {
273     memcpy(buf, newbuf, bytes);
274     }
275    
276     free(newbuf);
277     }
278    
279 doda 6716 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
280 maya 3227 {
281     Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
282    
283     DES_ncbc_encrypt(buf, buf, bytes,
284     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
285     DES_ncbc_encrypt(buf, buf, bytes,
286     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
287     DES_ncbc_encrypt(buf, buf, bytes,
288     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
289     }
290    
291 doda 6716 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
292 maya 3227 {
293     Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
294    
295     DES_ncbc_encrypt(buf, buf, bytes,
296     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
297     DES_ncbc_encrypt(buf, buf, bytes,
298     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
299     DES_ncbc_encrypt(buf, buf, bytes,
300     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
301     }
302    
303 doda 6716 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
304 maya 3227 {
305     CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
306    
307     DES_ncbc_encrypt(buf, buf, bytes,
308     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
309     }
310    
311 doda 6716 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
312 maya 3227 {
313     CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
314    
315     DES_ncbc_encrypt(buf, buf, bytes,
316     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
317     }
318    
319     static void flip_endianness(unsigned char FAR * cbuf, int bytes)
320     {
321     uint32 FAR *buf = (uint32 FAR *) cbuf;
322     int count = bytes / 4;
323    
324     while (count > 0) {
325     uint32 w = *buf;
326    
327     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
328     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
329     count--;
330     buf++;
331     }
332     }
333    
334 doda 6716 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
335 maya 3227 {
336     CipherBlowfishState FAR *encryptstate =
337     &pvar->crypt_state.enc.cBlowfish;
338    
339     flip_endianness(buf, bytes);
340     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
341     BF_ENCRYPT);
342     flip_endianness(buf, bytes);
343     }
344    
345 doda 6716 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
346 maya 3227 {
347     CipherBlowfishState FAR *decryptstate =
348     &pvar->crypt_state.dec.cBlowfish;
349    
350     flip_endianness(buf, bytes);
351     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
352     BF_DECRYPT);
353     flip_endianness(buf, bytes);
354     }
355    
356 doda 6716 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf, int bytes)
357 maya 3227 {
358     RAND_bytes(buf, bytes);
359     }
360    
361     void CRYPT_initialize_random_numbers(PTInstVar pvar)
362     {
363 maya 4550 // ����������������������
364     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
365     //RAND_screen();
366 maya 3227 }
367    
368     static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
369     {
370     int bits = get_ushort16_MSBfirst(bytes);
371    
372     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
373     }
374    
375     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
376     RSA FAR *make_key(PTInstVar pvar,
377     int bits, unsigned char FAR * exp,
378     unsigned char FAR * mod)
379     {
380     RSA FAR *key = RSA_new();
381    
382     if (key != NULL) {
383     key->e = get_bignum(exp);
384     key->n = get_bignum(mod);
385     }
386    
387     if (key == NULL || key->e == NULL || key->n == NULL) {
388     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
389     "Error setting up RSA keys");
390 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
391 maya 3227
392     if (key != NULL) {
393     if (key->e != NULL) {
394     BN_free(key->e);
395     }
396     if (key->n != NULL) {
397     BN_free(key->n);
398     }
399     RSA_free(key);
400     }
401    
402     return NULL;
403     } else {
404     return key;
405     }
406     }
407    
408     void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
409     {
410     if (SSHv1(pvar)) {
411     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
412     } else {
413     memcpy(pvar->crypt_state.server_cookie, cookie,
414     SSH2_COOKIE_LENGTH);
415     }
416     }
417    
418     void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
419     {
420     if (SSHv2(pvar)) {
421     memcpy(pvar->crypt_state.client_cookie, cookie,
422     SSH2_COOKIE_LENGTH);
423     }
424     }
425    
426     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
427     int bits, unsigned char FAR * exp,
428     unsigned char FAR * mod)
429     {
430     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
431    
432     return pvar->crypt_state.server_key.RSA_key != NULL;
433     }
434    
435     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
436     int bits, unsigned char FAR * exp,
437     unsigned char FAR * mod)
438     {
439     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
440    
441     return pvar->crypt_state.host_key.RSA_key != NULL;
442     }
443    
444     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
445     int receiver_ciphers)
446     {
447     int cipher_mask;
448    
449     if (SSHv1(pvar)) {
450     cipher_mask = (1 << SSH_CIPHER_DES)
451     | (1 << SSH_CIPHER_3DES)
452     | (1 << SSH_CIPHER_BLOWFISH);
453    
454     } else { // for SSH2(yutaka)
455     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
456 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
457 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
458     | (1 << SSH2_CIPHER_AES192_CBC)
459     | (1 << SSH2_CIPHER_AES256_CBC)
460     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
461     | (1 << SSH2_CIPHER_AES128_CTR)
462     | (1 << SSH2_CIPHER_AES192_CTR)
463     | (1 << SSH2_CIPHER_AES256_CTR)
464     | (1 << SSH2_CIPHER_ARCFOUR)
465     | (1 << SSH2_CIPHER_ARCFOUR128)
466     | (1 << SSH2_CIPHER_ARCFOUR256)
467 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
468     | (1 << SSH2_CIPHER_3DES_CTR)
469     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
470 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
471     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
472     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
473     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
474     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
475     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
476     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
477     );
478 maya 3227 }
479    
480     sender_ciphers &= cipher_mask;
481     receiver_ciphers &= cipher_mask;
482     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
483     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
484    
485     if (sender_ciphers == 0) {
486     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
487     "The server does not support any of the TTSSH encryption algorithms.\n"
488     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
489     "The connection will be closed.");
490 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
491 maya 3227 return FALSE;
492     } else if (receiver_ciphers == 0) {
493     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
494     "The server does not support any of the TTSSH encryption algorithms.\n"
495     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
496     "The connection will be closed.");
497 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
498 maya 3227 return FALSE;
499     } else {
500     return TRUE;
501     }
502     }
503    
504     int CRYPT_get_decryption_block_size(PTInstVar pvar)
505     {
506     if (SSHv1(pvar)) {
507     return 8;
508     } else {
509     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
510     // cf. 3DES=8, AES128=16
511     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
512     }
513     }
514    
515     int CRYPT_get_encryption_block_size(PTInstVar pvar)
516     {
517     if (SSHv1(pvar)) {
518     return 8;
519     } else {
520     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
521     // cf. 3DES=8, AES128=16
522     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
523     }
524     }
525    
526     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
527     {
528     struct Mac *mac;
529    
530     if (SSHv1(pvar)) {
531     return 0;
532    
533     } else { // for SSH2(yutaka)
534     mac = &pvar->ssh2_keys[MODE_IN].mac;
535     if (mac == NULL || mac->enabled == 0)
536     return 0;
537    
538     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
539     }
540    
541     }
542    
543     // HMAC������
544     // ���{������ SSH2 �������g�p�������B
545     // (2004.12.17 yutaka)
546     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
547 yutakapon 6302 char FAR * data, int len, char FAR * MAC)
548 maya 3227 {
549     HMAC_CTX c;
550     unsigned char m[EVP_MAX_MD_SIZE];
551     unsigned char b[4];
552     struct Mac *mac;
553    
554     mac = &pvar->ssh2_keys[MODE_IN].mac;
555    
556     // HMAC�������L���������������A����OK�����������B
557 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
558 maya 3227 return TRUE;
559    
560 yutakapon 6302 if (mac->key == NULL) {
561     logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
562 maya 3227 goto error;
563 yutakapon 6302 }
564 maya 3227
565 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
566     logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
567     mac->mac_len, sizeof(m), sequence_number, len);
568 maya 3227 goto error;
569 yutakapon 6302 }
570 maya 3227
571     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
572     set_uint32_MSBfirst(b, sequence_number);
573     HMAC_Update(&c, b, sizeof(b));
574     HMAC_Update(&c, data, len);
575     HMAC_Final(&c, m, NULL);
576     HMAC_cleanup(&c);
577    
578     if (memcmp(m, MAC, mac->mac_len)) {
579 yutakapon 6302 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
580     logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
581     logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
582 maya 3227 goto error;
583     }
584    
585     return TRUE;
586    
587     error:
588     return FALSE;
589     }
590    
591     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
592     {
593     struct Mac *mac;
594    
595     if (SSHv2(pvar)) { // for SSH2(yutaka)
596     mac = &pvar->ssh2_keys[MODE_OUT].mac;
597     if (mac == NULL || mac->enabled == 0)
598     return 0;
599    
600     return (mac->mac_len);
601     }
602    
603     return 0;
604     }
605    
606     // for SSH2
607     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
608     char FAR * data, int len, char FAR * MAC)
609     {
610     HMAC_CTX c;
611     static u_char m[EVP_MAX_MD_SIZE];
612     u_char b[4];
613     struct Mac *mac;
614    
615     if (SSHv2(pvar)) { // for SSH2(yutaka)
616     mac = &pvar->ssh2_keys[MODE_OUT].mac;
617     if (mac == NULL || mac->enabled == 0)
618     return FALSE;
619    
620     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
621     set_uint32_MSBfirst(b, sequence_number);
622     HMAC_Update(&c, b, sizeof(b));
623     HMAC_Update(&c, data, len);
624     HMAC_Final(&c, m, NULL);
625     HMAC_cleanup(&c);
626    
627     // 20�o�C�g�������R�s�[
628     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
629     // memcpy(MAC, m, sizeof(m));
630    
631     return TRUE;
632     }
633    
634     return TRUE;
635    
636     }
637    
638     static int choose_cipher(PTInstVar pvar, int supported)
639     {
640     int i;
641    
642     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
643     int cipher = pvar->session_settings.CipherOrder[i] - '0';
644    
645     if (cipher == SSH_CIPHER_NONE) {
646     break;
647     } else if ((supported & (1 << cipher)) != 0) {
648     return cipher;
649     }
650     }
651    
652     return SSH_CIPHER_NONE;
653     }
654    
655     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
656     {
657     if (SSHv1(pvar)) {
658     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
659     pvar->crypt_state.
660     supported_sender_ciphers);
661     pvar->crypt_state.receiver_cipher =
662     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
663    
664     } else { // SSH2(yutaka)
665     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
666     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
667    
668     }
669    
670     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
671     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
672 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
673 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
674     "To communicate with this server, you will have to enable some more ciphers\n"
675     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
676     "This connection will now close.");
677 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
678 maya 3227 return FALSE;
679     } else {
680     return TRUE;
681     }
682     }
683    
684     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
685     {
686     int server_key_bits =
687     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
688     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
689     int server_key_bytes = (server_key_bits + 7) / 8;
690     int host_key_bytes = (host_key_bits + 7) / 8;
691    
692     if (server_key_bits < host_key_bits) {
693     return host_key_bytes;
694     } else {
695     return server_key_bytes;
696     }
697     }
698    
699     int CRYPT_choose_session_key(PTInstVar pvar,
700     unsigned char FAR * encrypted_key_buf)
701     {
702     int server_key_bits =
703     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
704     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
705     int server_key_bytes = (server_key_bits + 7) / 8;
706     int host_key_bytes = (host_key_bits + 7) / 8;
707     int encrypted_key_bytes;
708     int bit_delta;
709    
710     if (server_key_bits < host_key_bits) {
711     encrypted_key_bytes = host_key_bytes;
712     bit_delta = host_key_bits - server_key_bits;
713     } else {
714     encrypted_key_bytes = server_key_bytes;
715     bit_delta = server_key_bits - host_key_bits;
716     }
717    
718     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
719 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
720 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
721 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
722 maya 3227 return 0;
723     } else {
724     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
725     for the session ID, rather than the one specified in the RFC */
726     int session_buf_len = server_key_bytes + host_key_bytes + 8;
727     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
728     char session_id[16];
729     int i;
730    
731     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
732     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
733     session_buf + host_key_bytes);
734     memcpy(session_buf + server_key_bytes + host_key_bytes,
735     pvar->crypt_state.server_cookie, 8);
736     MD5(session_buf, session_buf_len, session_id);
737    
738     free(session_buf);
739    
740     RAND_bytes(pvar->crypt_state.sender_cipher_key,
741     SSH_SESSION_KEY_LENGTH);
742     memcpy(pvar->crypt_state.receiver_cipher_key,
743     pvar->crypt_state.sender_cipher_key,
744     SSH_SESSION_KEY_LENGTH);
745    
746     memcpy(encrypted_key_buf + encrypted_key_bytes -
747     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
748     SSH_SESSION_KEY_LENGTH);
749     for (i = 0; i < sizeof(session_id); i++) {
750     encrypted_key_buf[encrypted_key_bytes -
751     SSH_SESSION_KEY_LENGTH + i]
752     ^= session_id[i];
753     }
754    
755     if (host_key_bits > server_key_bits) {
756     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
757     encrypted_key_buf +
758     encrypted_key_bytes -
759     SSH_SESSION_KEY_LENGTH,
760     encrypted_key_buf +
761     encrypted_key_bytes - server_key_bytes,
762     pvar->crypt_state.server_key.RSA_key,
763     RSA_PKCS1_PADDING) < 0)
764     return 0;
765    
766     if (RSA_public_encrypt(server_key_bytes,
767     encrypted_key_buf +
768     encrypted_key_bytes - server_key_bytes,
769     encrypted_key_buf,
770     pvar->crypt_state.host_key.RSA_key,
771     RSA_PKCS1_PADDING) < 0)
772     return 0;
773     } else {
774     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
775     encrypted_key_buf +
776     encrypted_key_bytes -
777     SSH_SESSION_KEY_LENGTH,
778     encrypted_key_buf +
779     encrypted_key_bytes - host_key_bytes,
780     pvar->crypt_state.host_key.RSA_key,
781     RSA_PKCS1_PADDING) < 0)
782     return 0;
783    
784     if (RSA_public_encrypt(host_key_bytes,
785     encrypted_key_buf +
786     encrypted_key_bytes - host_key_bytes,
787     encrypted_key_buf,
788     pvar->crypt_state.server_key.RSA_key,
789     RSA_PKCS1_PADDING) < 0)
790     return 0;
791     }
792     }
793    
794     return 1;
795     }
796    
797     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
798     unsigned char FAR * challenge,
799     int challenge_len,
800     unsigned char FAR * response)
801     {
802     int server_key_bits =
803     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
804     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
805     int server_key_bytes = (server_key_bits + 7) / 8;
806     int host_key_bytes = (host_key_bits + 7) / 8;
807     int session_buf_len = server_key_bytes + host_key_bytes + 8;
808     char FAR *session_buf = (char FAR *) malloc(session_buf_len);
809     char decrypted_challenge[48];
810     int decrypted_challenge_len;
811    
812     decrypted_challenge_len =
813     RSA_private_decrypt(challenge_len, challenge, challenge,
814 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
815 maya 3227 RSA_PKCS1_PADDING);
816     if (decrypted_challenge_len < 0) {
817     free(session_buf);
818     return 0;
819     }
820     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
821     memcpy(decrypted_challenge,
822     challenge + decrypted_challenge_len -
823     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
824     } else {
825     memset(decrypted_challenge, 0,
826     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
827     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
828     decrypted_challenge_len, challenge,
829     decrypted_challenge_len);
830     }
831    
832     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
833     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
834     session_buf + host_key_bytes);
835     memcpy(session_buf + server_key_bytes + host_key_bytes,
836     pvar->crypt_state.server_cookie, 8);
837     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
838    
839     free(session_buf);
840    
841     MD5(decrypted_challenge, 48, response);
842    
843     return 1;
844     }
845    
846     static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
847     {
848     DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
849     DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
850     DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
851     memset(state->ivec1, 0, 8);
852     memset(state->ivec2, 0, 8);
853     memset(state->ivec3, 0, 8);
854     }
855    
856     static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
857     {
858 doda 6585 DES_set_key((const_DES_cblock FAR *) session_key, &state->k);
859 maya 3227 memset(state->ivec, 0, 8);
860     }
861    
862     static void cBlowfish_init(char FAR * session_key,
863     CipherBlowfishState FAR * state)
864     {
865     BF_set_key(&state->k, 32, session_key);
866     memset(state->ivec, 0, 8);
867     }
868    
869    
870     //
871     // SSH2�p�A���S���Y����������
872     //
873     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
874     const u_char *key, u_int keylen,
875     const u_char *iv, u_int ivlen,
876     int encrypt,
877     const EVP_CIPHER *type,
878     int discard_len,
879     PTInstVar pvar)
880     {
881     int klen;
882     char tmp[80];
883     unsigned char *junk = NULL, *discard = NULL;
884    
885     EVP_CIPHER_CTX_init(evp);
886     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
887     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
888     "Cipher initialize error(%d)");
889     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
890 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
891 maya 3227 return;
892     }
893    
894     klen = EVP_CIPHER_CTX_key_length(evp);
895     if (klen > 0 && keylen != klen) {
896     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
897     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
898     "Cipher initialize error(%d)");
899     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
900 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
901 maya 3227 return;
902     }
903     }
904     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
905     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
906     "Cipher initialize error(%d)");
907     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
908 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
909 maya 3227 return;
910     }
911    
912     if (discard_len > 0) {
913     junk = malloc(discard_len);
914     discard = malloc(discard_len);
915     if (junk == NULL || discard == NULL ||
916     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
917     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
918     "Cipher initialize error(%d)");
919     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
920     pvar->ts->UIMsg, 3);
921 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
922 maya 3227 }
923     else {
924 yutakapon 6229 SecureZeroMemory(discard, discard_len);
925 maya 3227 }
926     free(junk);
927     free(discard);
928     }
929     }
930    
931 yutakapon 5545 //
932     // SSH2�p�A���S���Y�����j��
933     //
934     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
935     {
936     EVP_CIPHER_CTX_cleanup(evp);
937     }
938 maya 3227
939 yutakapon 5545
940 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
941     {
942 doda 6716 struct Enc *enc;
943 maya 3227 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
944     char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
945 doda 6716 int cipher;
946 maya 3227 BOOL isOK = TRUE;
947    
948     if (sender_flag) {
949 doda 6716 cipher = pvar->crypt_state.sender_cipher;
950     switch (cipher) {
951     case SSH_CIPHER_3DES:
952     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
953     pvar->crypt_state.encrypt = c3DES_encrypt;
954     break;
955 maya 3227
956 doda 6716 case SSH_CIPHER_DES:
957     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
958     pvar->crypt_state.encrypt = cDES_encrypt;
959     break;
960 maya 3227
961 doda 6716 case SSH_CIPHER_BLOWFISH:
962     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
963     pvar->crypt_state.encrypt = cBlowfish_encrypt;
964     break;
965 maya 3227
966 doda 6716 case SSH_CIPHER_NONE:
967     case SSH_CIPHER_IDEA:
968     case SSH_CIPHER_TSS:
969     case SSH_CIPHER_RC4:
970     isOK = FALSE;
971     break;
972 maya 3227
973 doda 6716 default: // SSH2
974     if (cipher <= SSH_CIPHER_MAX) {
975 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
976     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
977 doda 6716 enc->key, get_cipher_key_len(cipher),
978     enc->iv, get_cipher_block_size(cipher),
979 maya 3227 CIPHER_ENCRYPT,
980 doda 6716 get_cipher_EVP_CIPHER(cipher),
981     get_cipher_discard_len(cipher),
982 maya 3227 pvar);
983    
984 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
985 maya 3227 }
986 doda 6716 else {
987     isOK = FALSE;
988 maya 3227 }
989 doda 6716 break;
990 maya 3227 }
991     }
992    
993     if (receiver_flag) {
994 doda 6716 cipher = pvar->crypt_state.receiver_cipher;
995     switch (cipher) {
996     case SSH_CIPHER_3DES:
997     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
998     pvar->crypt_state.decrypt = c3DES_decrypt;
999     break;
1000 maya 3227
1001 doda 6716 case SSH_CIPHER_DES:
1002     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1003     pvar->crypt_state.decrypt = cDES_decrypt;
1004     break;
1005 maya 3227
1006 doda 6716 case SSH_CIPHER_BLOWFISH:
1007     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1008     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1009     break;
1010 maya 3227
1011 doda 6716 case SSH_CIPHER_NONE:
1012     case SSH_CIPHER_IDEA:
1013     case SSH_CIPHER_TSS:
1014     case SSH_CIPHER_RC4:
1015     isOK = FALSE;
1016     break;
1017 maya 3227
1018 doda 6716 default: // SSH2
1019     if (cipher <= SSH_CIPHER_MAX) {
1020 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1021     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1022 doda 6716 enc->key, get_cipher_key_len(cipher),
1023     enc->iv, get_cipher_block_size(cipher),
1024 maya 3227 CIPHER_DECRYPT,
1025 doda 6716 get_cipher_EVP_CIPHER(cipher),
1026     get_cipher_discard_len(cipher),
1027 maya 3227 pvar);
1028    
1029 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1030 maya 3227 }
1031 doda 6716 else {
1032     isOK = FALSE;
1033 maya 3227 }
1034 doda 6716 break;
1035 maya 3227 }
1036     }
1037    
1038     if (!isOK) {
1039 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1040 maya 3227 "No cipher selected!");
1041 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1042 maya 3227 return FALSE;
1043     } else {
1044     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1045     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1046     return TRUE;
1047     }
1048     }
1049    
1050     void CRYPT_init(PTInstVar pvar)
1051     {
1052     pvar->crypt_state.encrypt = no_encrypt;
1053     pvar->crypt_state.decrypt = no_encrypt;
1054     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1055     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1056     pvar->crypt_state.server_key.RSA_key = NULL;
1057     pvar->crypt_state.host_key.RSA_key = NULL;
1058    
1059     pvar->crypt_state.detect_attack_statics.h = NULL;
1060     pvar->crypt_state.detect_attack_statics.n =
1061     HASH_MINSIZE / HASH_ENTRYSIZE;
1062     }
1063    
1064     static char FAR *get_cipher_name(int cipher)
1065     {
1066     switch (cipher) {
1067     case SSH_CIPHER_NONE:
1068     return "None";
1069     case SSH_CIPHER_3DES:
1070     return "3DES (168 key bits)";
1071     case SSH_CIPHER_DES:
1072     return "DES (56 key bits)";
1073     case SSH_CIPHER_BLOWFISH:
1074     return "Blowfish (256 key bits)";
1075    
1076     // SSH2
1077     case SSH2_CIPHER_3DES_CBC:
1078     return "3DES-CBC";
1079     case SSH2_CIPHER_AES128_CBC:
1080     return "AES128-CBC";
1081     case SSH2_CIPHER_AES192_CBC:
1082     return "AES192-CBC";
1083     case SSH2_CIPHER_AES256_CBC:
1084     return "AES256-CBC";
1085     case SSH2_CIPHER_BLOWFISH_CBC:
1086     return "Blowfish-CBC";
1087     case SSH2_CIPHER_AES128_CTR:
1088     return "AES128-CTR";
1089     case SSH2_CIPHER_AES192_CTR:
1090     return "AES192-CTR";
1091     case SSH2_CIPHER_AES256_CTR:
1092     return "AES256-CTR";
1093     case SSH2_CIPHER_ARCFOUR:
1094     return "Arcfour";
1095     case SSH2_CIPHER_ARCFOUR128:
1096     return "Arcfour128";
1097     case SSH2_CIPHER_ARCFOUR256:
1098     return "Arcfour256";
1099     case SSH2_CIPHER_CAST128_CBC:
1100     return "CAST-128-CBC";
1101 doda 3850 case SSH2_CIPHER_3DES_CTR:
1102     return "3DES-CTR";
1103     case SSH2_CIPHER_BLOWFISH_CTR:
1104     return "Blowfish-CTR";
1105     case SSH2_CIPHER_CAST128_CTR:
1106     return "CAST-128-CTR";
1107 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1108     return "Camellia128-CBC";
1109     case SSH2_CIPHER_CAMELLIA192_CBC:
1110     return "Camellia192-CBC";
1111     case SSH2_CIPHER_CAMELLIA256_CBC:
1112     return "Camellia256-CBC";
1113     case SSH2_CIPHER_CAMELLIA128_CTR:
1114     return "Camellia128-CTR";
1115     case SSH2_CIPHER_CAMELLIA192_CTR:
1116     return "Camellia192-CTR";
1117     case SSH2_CIPHER_CAMELLIA256_CTR:
1118     return "Camellia256-CTR";
1119 maya 3227
1120     default:
1121     return "Unknown";
1122     }
1123     }
1124    
1125     void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1126     {
1127     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1128     "%s to server, %s from server");
1129     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1130     get_cipher_name(pvar->crypt_state.sender_cipher),
1131     get_cipher_name(pvar->crypt_state.receiver_cipher));
1132     }
1133    
1134     void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1135     {
1136     if (SSHv1(pvar)) {
1137     if (pvar->crypt_state.server_key.RSA_key == NULL
1138     || pvar->crypt_state.host_key.RSA_key == NULL) {
1139     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1140     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1141     } else {
1142     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1143     "%d-bit server key, %d-bit host key");
1144     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1145     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1146     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1147     }
1148     } else { // SSH2
1149 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1150     "%d-bit client key, %d-bit server key");
1151 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1152 maya 4313 pvar->client_key_bits,
1153     pvar->server_key_bits);
1154 maya 3227 }
1155     }
1156    
1157 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1158 maya 3227 {
1159     if (key->RSA_key != NULL) {
1160     RSA_free(key->RSA_key);
1161     key->RSA_key = NULL;
1162     }
1163     }
1164    
1165 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1166 maya 3227 {
1167     destroy_public_key(key);
1168     free(key);
1169     }
1170    
1171     void CRYPT_end(PTInstVar pvar)
1172     {
1173     destroy_public_key(&pvar->crypt_state.host_key);
1174     destroy_public_key(&pvar->crypt_state.server_key);
1175    
1176     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1177 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1178 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1179     free(pvar->crypt_state.detect_attack_statics.h);
1180     }
1181    
1182 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1183 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1184 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1185 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1186 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1187 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1188 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1189 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1190 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1191     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1192 maya 3227 }
1193    
1194     int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1195     char FAR * buf, int bytes)
1196     {
1197     unsigned char passphrase_key[16];
1198    
1199     MD5(passphrase, strlen(passphrase), passphrase_key);
1200    
1201     switch (cipher) {
1202     case SSH_CIPHER_3DES:{
1203     Cipher3DESState state;
1204    
1205     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1206     &state.k1);
1207     DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1208     &state.k2);
1209     DES_set_key((const_DES_cblock FAR *) passphrase_key,
1210     &state.k3);
1211     memset(state.ivec1, 0, 8);
1212     memset(state.ivec2, 0, 8);
1213     memset(state.ivec3, 0, 8);
1214     DES_ncbc_encrypt(buf, buf, bytes,
1215     &state.k3, &state.ivec3, DES_DECRYPT);
1216     DES_ncbc_encrypt(buf, buf, bytes,
1217     &state.k2, &state.ivec2, DES_ENCRYPT);
1218     DES_ncbc_encrypt(buf, buf, bytes,
1219     &state.k1, &state.ivec1, DES_DECRYPT);
1220     break;
1221     }
1222    
1223     case SSH_CIPHER_DES:{
1224     CipherDESState state;
1225    
1226     cDES_init(passphrase_key, &state);
1227     DES_ncbc_encrypt(buf, buf, bytes,
1228     &state.k, &state.ivec, DES_DECRYPT);
1229     break;
1230     }
1231    
1232     case SSH_CIPHER_BLOWFISH:{
1233     CipherBlowfishState state;
1234    
1235     BF_set_key(&state.k, 16, passphrase_key);
1236     memset(state.ivec, 0, 8);
1237     flip_endianness(buf, bytes);
1238     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1239     BF_DECRYPT);
1240     flip_endianness(buf, bytes);
1241     break;
1242     }
1243    
1244     case SSH_CIPHER_NONE:
1245     break;
1246    
1247     default:
1248 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1249 maya 3227 return 0;
1250     }
1251    
1252 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1253 maya 3227 return 1;
1254     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help