Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6841 - (hide annotations) (download) (as text)
Tue Jul 4 15:02:28 2017 UTC (6 years, 9 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 37473 byte(s) 
TeraTerm Project としてのライセンス表記を追加

・Tera Term 本体分を横 80 桁に収まるように改行位置を調整
・ttssh 関連の分を追加
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3     * (C) 2004-2017 TeraTerm Project
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75    
76 doda 6801 static char *get_cipher_name(int cipher);
77 maya 3227
78 doda 6801 static void crc_update(uint32 *a, uint32 b)
79 maya 3227 {
80     b ^= *a;
81 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
82 maya 3227 }
83    
84     /* check_crc
85     detects if a block is used in a particular pattern
86     */
87    
88 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
89     uint32 len, unsigned char *IV)
90 maya 3227 {
91     uint32 crc;
92 doda 6801 unsigned char *c;
93 maya 3227
94     crc = 0;
95     if (IV && !CMP(S, IV)) {
96     crc_update(&crc, 1);
97     crc_update(&crc, 0);
98     }
99     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100     if (!CMP(S, c)) {
101     crc_update(&crc, 1);
102     crc_update(&crc, 0);
103     } else {
104     crc_update(&crc, 0);
105     crc_update(&crc, 0);
106     }
107     }
108    
109     return crc == 0;
110     }
111    
112    
113     /*
114     detect_attack
115     Detects a crc32 compensation attack on a packet
116     */
117 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
118     unsigned char *buf, uint32 len,
119     unsigned char *IV)
120 maya 3227 {
121 doda 6801 uint32 *h = statics->h;
122 maya 3227 uint32 n = statics->n;
123     uint32 i, j;
124     uint32 l;
125 doda 6801 unsigned char *c;
126     unsigned char *d;
127 maya 3227
128     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129     }
130    
131     if (h == NULL) {
132     n = l;
133 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 maya 3227 } else {
135     if (l > n) {
136     n = l;
137 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 maya 3227 }
139     }
140    
141     statics->h = h;
142     statics->n = n;
143    
144     if (len <= HASH_MINBLOCKS) {
145     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146     if (IV && (!CMP(c, IV))) {
147     if ((check_crc(c, buf, len, IV)))
148     return DEATTACK_DETECTED;
149     else
150     break;
151     }
152     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153     if (!CMP(c, d)) {
154     if ((check_crc(c, buf, len, IV)))
155     return DEATTACK_DETECTED;
156     else
157     break;
158     }
159     }
160     }
161     return (DEATTACK_OK);
162     }
163     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164    
165     if (IV) {
166     h[HASH(IV) & (n - 1)] = HASH_IV;
167     }
168    
169     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171     i = (i + 1) & (n - 1)) {
172     if (h[i] == HASH_IV) {
173     if (!CMP(c, IV)) {
174     if (check_crc(c, buf, len, IV))
175     return DEATTACK_DETECTED;
176     else
177     break;
178     }
179     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180     if (check_crc(c, buf, len, IV))
181     return DEATTACK_DETECTED;
182     else
183     break;
184     }
185     }
186     h[i] = j;
187     }
188    
189     return DEATTACK_OK;
190     }
191    
192 doda 6801 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf,
193 maya 3227 int bytes)
194     {
195     if (SSHv1(pvar)) {
196 doda 6714 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE) {
197 maya 3227 return FALSE;
198 doda 6714 }
199     else {
200 maya 3227 return detect_attack(&pvar->crypt_state.detect_attack_statics,
201     buf, bytes, NULL) == DEATTACK_DETECTED;
202     }
203     } else {
204     return FALSE;
205     }
206     }
207    
208 doda 6801 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
209 maya 3227 {
210     }
211    
212 doda 6801 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
213 maya 3227 {
214 doda 6716 unsigned char *newbuf;
215 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
216 doda 4212 char tmp[80];
217 maya 3227
218     if (bytes == 0)
219     return;
220    
221     if (bytes % block_size) {
222 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
223     "%s encrypt error(1): bytes %d (%d)");
224     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
225 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
226     bytes, block_size);
227 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
228 maya 3227 return;
229     }
230    
231 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
232 maya 3227 return;
233    
234     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
235 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
236     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
238 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
239 maya 3227 } else {
240     memcpy(buf, newbuf, bytes);
241     }
242    
243     free(newbuf);
244     }
245    
246 doda 6801 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
247 maya 3227 {
248 doda 6716 unsigned char *newbuf;
249 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
250 doda 4212 char tmp[80];
251 maya 3227
252     if (bytes == 0)
253     return;
254    
255     if (bytes % block_size) {
256 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
257     "%s decrypt error(1): bytes %d (%d)");
258     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
259 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
260     bytes, block_size);
261 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
262 maya 3227 return;
263     }
264    
265 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
266 maya 3227 return;
267    
268     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
269 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
270     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
271 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
272 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
273 maya 3227 } else {
274     memcpy(buf, newbuf, bytes);
275     }
276    
277     free(newbuf);
278     }
279    
280 doda 6801 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
281 maya 3227 {
282 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
283 maya 3227
284     DES_ncbc_encrypt(buf, buf, bytes,
285     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
286     DES_ncbc_encrypt(buf, buf, bytes,
287     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
288     DES_ncbc_encrypt(buf, buf, bytes,
289     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
290     }
291    
292 doda 6801 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
293 maya 3227 {
294 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
295 maya 3227
296     DES_ncbc_encrypt(buf, buf, bytes,
297     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
298     DES_ncbc_encrypt(buf, buf, bytes,
299     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
300     DES_ncbc_encrypt(buf, buf, bytes,
301     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
302     }
303    
304 doda 6801 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
305 maya 3227 {
306 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
307 maya 3227
308     DES_ncbc_encrypt(buf, buf, bytes,
309     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
310     }
311    
312 doda 6801 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
313 maya 3227 {
314 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
315 maya 3227
316     DES_ncbc_encrypt(buf, buf, bytes,
317     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
318     }
319    
320 doda 6801 static void flip_endianness(unsigned char *cbuf, int bytes)
321 maya 3227 {
322 doda 6801 uint32 *buf = (uint32 *) cbuf;
323 maya 3227 int count = bytes / 4;
324    
325     while (count > 0) {
326     uint32 w = *buf;
327    
328     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
329     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
330     count--;
331     buf++;
332     }
333     }
334    
335 doda 6801 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
336 maya 3227 {
337 doda 6801 CipherBlowfishState *encryptstate =
338 maya 3227 &pvar->crypt_state.enc.cBlowfish;
339    
340     flip_endianness(buf, bytes);
341     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
342     BF_ENCRYPT);
343     flip_endianness(buf, bytes);
344     }
345    
346 doda 6801 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
347 maya 3227 {
348 doda 6801 CipherBlowfishState *decryptstate =
349 maya 3227 &pvar->crypt_state.dec.cBlowfish;
350    
351     flip_endianness(buf, bytes);
352     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
353     BF_DECRYPT);
354     flip_endianness(buf, bytes);
355     }
356    
357 doda 6801 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
358 maya 3227 {
359     RAND_bytes(buf, bytes);
360     }
361    
362     void CRYPT_initialize_random_numbers(PTInstVar pvar)
363     {
364 maya 4550 // ����������������������
365     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
366     //RAND_screen();
367 maya 3227 }
368    
369 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
370 maya 3227 {
371     int bits = get_ushort16_MSBfirst(bytes);
372    
373     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
374     }
375    
376     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
377 doda 6801 RSA *make_key(PTInstVar pvar,
378     int bits, unsigned char *exp,
379     unsigned char *mod)
380 maya 3227 {
381 doda 6801 RSA *key = RSA_new();
382 maya 3227
383     if (key != NULL) {
384     key->e = get_bignum(exp);
385     key->n = get_bignum(mod);
386     }
387    
388     if (key == NULL || key->e == NULL || key->n == NULL) {
389     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
390     "Error setting up RSA keys");
391 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
392 maya 3227
393     if (key != NULL) {
394     if (key->e != NULL) {
395     BN_free(key->e);
396     }
397     if (key->n != NULL) {
398     BN_free(key->n);
399     }
400     RSA_free(key);
401     }
402    
403     return NULL;
404     } else {
405     return key;
406     }
407     }
408    
409 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
410 maya 3227 {
411     if (SSHv1(pvar)) {
412     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
413     } else {
414     memcpy(pvar->crypt_state.server_cookie, cookie,
415     SSH2_COOKIE_LENGTH);
416     }
417     }
418    
419 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
420 maya 3227 {
421     if (SSHv2(pvar)) {
422     memcpy(pvar->crypt_state.client_cookie, cookie,
423     SSH2_COOKIE_LENGTH);
424     }
425     }
426    
427     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
428 doda 6801 int bits, unsigned char *exp,
429     unsigned char *mod)
430 maya 3227 {
431     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
432    
433     return pvar->crypt_state.server_key.RSA_key != NULL;
434     }
435    
436     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
437 doda 6801 int bits, unsigned char *exp,
438     unsigned char *mod)
439 maya 3227 {
440     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
441    
442     return pvar->crypt_state.host_key.RSA_key != NULL;
443     }
444    
445     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
446     int receiver_ciphers)
447     {
448     int cipher_mask;
449    
450     if (SSHv1(pvar)) {
451     cipher_mask = (1 << SSH_CIPHER_DES)
452     | (1 << SSH_CIPHER_3DES)
453     | (1 << SSH_CIPHER_BLOWFISH);
454    
455     } else { // for SSH2(yutaka)
456     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
457 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
458 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
459     | (1 << SSH2_CIPHER_AES192_CBC)
460     | (1 << SSH2_CIPHER_AES256_CBC)
461     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
462     | (1 << SSH2_CIPHER_AES128_CTR)
463     | (1 << SSH2_CIPHER_AES192_CTR)
464     | (1 << SSH2_CIPHER_AES256_CTR)
465     | (1 << SSH2_CIPHER_ARCFOUR)
466     | (1 << SSH2_CIPHER_ARCFOUR128)
467     | (1 << SSH2_CIPHER_ARCFOUR256)
468 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
469     | (1 << SSH2_CIPHER_3DES_CTR)
470     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
471 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
472     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
473     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
474     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
475     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
476     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
477     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
478     );
479 maya 3227 }
480    
481     sender_ciphers &= cipher_mask;
482     receiver_ciphers &= cipher_mask;
483     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
484     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
485    
486     if (sender_ciphers == 0) {
487     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
488     "The server does not support any of the TTSSH encryption algorithms.\n"
489     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
490     "The connection will be closed.");
491 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492 maya 3227 return FALSE;
493     } else if (receiver_ciphers == 0) {
494     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
495     "The server does not support any of the TTSSH encryption algorithms.\n"
496     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
497     "The connection will be closed.");
498 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
499 maya 3227 return FALSE;
500     } else {
501     return TRUE;
502     }
503     }
504    
505     int CRYPT_get_decryption_block_size(PTInstVar pvar)
506     {
507     if (SSHv1(pvar)) {
508     return 8;
509     } else {
510     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
511     // cf. 3DES=8, AES128=16
512     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
513     }
514     }
515    
516     int CRYPT_get_encryption_block_size(PTInstVar pvar)
517     {
518     if (SSHv1(pvar)) {
519     return 8;
520     } else {
521     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
522     // cf. 3DES=8, AES128=16
523     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
524     }
525     }
526    
527     int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
528     {
529     struct Mac *mac;
530    
531     if (SSHv1(pvar)) {
532     return 0;
533    
534     } else { // for SSH2(yutaka)
535     mac = &pvar->ssh2_keys[MODE_IN].mac;
536     if (mac == NULL || mac->enabled == 0)
537     return 0;
538    
539     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
540     }
541    
542     }
543    
544     // HMAC������
545     // ���{������ SSH2 �������g�p�������B
546     // (2004.12.17 yutaka)
547     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
548 doda 6801 char *data, int len, char *MAC)
549 maya 3227 {
550     HMAC_CTX c;
551     unsigned char m[EVP_MAX_MD_SIZE];
552     unsigned char b[4];
553     struct Mac *mac;
554    
555     mac = &pvar->ssh2_keys[MODE_IN].mac;
556    
557     // HMAC�������L���������������A����OK�����������B
558 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
559 maya 3227 return TRUE;
560    
561 yutakapon 6302 if (mac->key == NULL) {
562 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
563 maya 3227 goto error;
564 yutakapon 6302 }
565 maya 3227
566 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
567 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
568 yutakapon 6302 mac->mac_len, sizeof(m), sequence_number, len);
569 maya 3227 goto error;
570 yutakapon 6302 }
571 maya 3227
572     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
573     set_uint32_MSBfirst(b, sequence_number);
574     HMAC_Update(&c, b, sizeof(b));
575     HMAC_Update(&c, data, len);
576     HMAC_Final(&c, m, NULL);
577     HMAC_cleanup(&c);
578    
579     if (memcmp(m, MAC, mac->mac_len)) {
580 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
581     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
582     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
583 maya 3227 goto error;
584     }
585    
586     return TRUE;
587    
588     error:
589     return FALSE;
590     }
591    
592     int CRYPT_get_sender_MAC_size(PTInstVar pvar)
593     {
594     struct Mac *mac;
595    
596     if (SSHv2(pvar)) { // for SSH2(yutaka)
597     mac = &pvar->ssh2_keys[MODE_OUT].mac;
598     if (mac == NULL || mac->enabled == 0)
599     return 0;
600    
601     return (mac->mac_len);
602     }
603    
604     return 0;
605     }
606    
607     // for SSH2
608     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
609 doda 6801 char *data, int len, char *MAC)
610 maya 3227 {
611     HMAC_CTX c;
612     static u_char m[EVP_MAX_MD_SIZE];
613     u_char b[4];
614     struct Mac *mac;
615    
616     if (SSHv2(pvar)) { // for SSH2(yutaka)
617     mac = &pvar->ssh2_keys[MODE_OUT].mac;
618     if (mac == NULL || mac->enabled == 0)
619     return FALSE;
620    
621     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
622     set_uint32_MSBfirst(b, sequence_number);
623     HMAC_Update(&c, b, sizeof(b));
624     HMAC_Update(&c, data, len);
625     HMAC_Final(&c, m, NULL);
626     HMAC_cleanup(&c);
627    
628     // 20�o�C�g�������R�s�[
629     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
630     // memcpy(MAC, m, sizeof(m));
631    
632     return TRUE;
633     }
634    
635     return TRUE;
636    
637     }
638    
639     static int choose_cipher(PTInstVar pvar, int supported)
640     {
641     int i;
642    
643     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
644     int cipher = pvar->session_settings.CipherOrder[i] - '0';
645    
646     if (cipher == SSH_CIPHER_NONE) {
647     break;
648     } else if ((supported & (1 << cipher)) != 0) {
649     return cipher;
650     }
651     }
652    
653     return SSH_CIPHER_NONE;
654     }
655    
656     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
657     {
658     if (SSHv1(pvar)) {
659     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
660     pvar->crypt_state.
661     supported_sender_ciphers);
662     pvar->crypt_state.receiver_cipher =
663     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
664    
665     } else { // SSH2(yutaka)
666     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
667     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
668    
669     }
670    
671     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
672     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
673 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
674 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
675     "To communicate with this server, you will have to enable some more ciphers\n"
676     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
677     "This connection will now close.");
678 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
679 maya 3227 return FALSE;
680     } else {
681     return TRUE;
682     }
683     }
684    
685     int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
686     {
687     int server_key_bits =
688     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
689     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
690     int server_key_bytes = (server_key_bits + 7) / 8;
691     int host_key_bytes = (host_key_bits + 7) / 8;
692    
693     if (server_key_bits < host_key_bits) {
694     return host_key_bytes;
695     } else {
696     return server_key_bytes;
697     }
698     }
699    
700     int CRYPT_choose_session_key(PTInstVar pvar,
701 doda 6801 unsigned char *encrypted_key_buf)
702 maya 3227 {
703     int server_key_bits =
704     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
705     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
706     int server_key_bytes = (server_key_bits + 7) / 8;
707     int host_key_bytes = (host_key_bits + 7) / 8;
708     int encrypted_key_bytes;
709     int bit_delta;
710    
711     if (server_key_bits < host_key_bits) {
712     encrypted_key_bytes = host_key_bytes;
713     bit_delta = host_key_bits - server_key_bits;
714     } else {
715     encrypted_key_bytes = server_key_bytes;
716     bit_delta = server_key_bits - host_key_bits;
717     }
718    
719     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
720 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
721 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
722 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
723 maya 3227 return 0;
724     } else {
725     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
726     for the session ID, rather than the one specified in the RFC */
727     int session_buf_len = server_key_bytes + host_key_bytes + 8;
728 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
729 maya 3227 char session_id[16];
730     int i;
731    
732     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
733     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
734     session_buf + host_key_bytes);
735     memcpy(session_buf + server_key_bytes + host_key_bytes,
736     pvar->crypt_state.server_cookie, 8);
737     MD5(session_buf, session_buf_len, session_id);
738    
739     free(session_buf);
740    
741     RAND_bytes(pvar->crypt_state.sender_cipher_key,
742     SSH_SESSION_KEY_LENGTH);
743     memcpy(pvar->crypt_state.receiver_cipher_key,
744     pvar->crypt_state.sender_cipher_key,
745     SSH_SESSION_KEY_LENGTH);
746    
747     memcpy(encrypted_key_buf + encrypted_key_bytes -
748     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
749     SSH_SESSION_KEY_LENGTH);
750     for (i = 0; i < sizeof(session_id); i++) {
751     encrypted_key_buf[encrypted_key_bytes -
752     SSH_SESSION_KEY_LENGTH + i]
753     ^= session_id[i];
754     }
755    
756     if (host_key_bits > server_key_bits) {
757     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
758     encrypted_key_buf +
759     encrypted_key_bytes -
760     SSH_SESSION_KEY_LENGTH,
761     encrypted_key_buf +
762     encrypted_key_bytes - server_key_bytes,
763     pvar->crypt_state.server_key.RSA_key,
764     RSA_PKCS1_PADDING) < 0)
765     return 0;
766    
767     if (RSA_public_encrypt(server_key_bytes,
768     encrypted_key_buf +
769     encrypted_key_bytes - server_key_bytes,
770     encrypted_key_buf,
771     pvar->crypt_state.host_key.RSA_key,
772     RSA_PKCS1_PADDING) < 0)
773     return 0;
774     } else {
775     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
776     encrypted_key_buf +
777     encrypted_key_bytes -
778     SSH_SESSION_KEY_LENGTH,
779     encrypted_key_buf +
780     encrypted_key_bytes - host_key_bytes,
781     pvar->crypt_state.host_key.RSA_key,
782     RSA_PKCS1_PADDING) < 0)
783     return 0;
784    
785     if (RSA_public_encrypt(host_key_bytes,
786     encrypted_key_buf +
787     encrypted_key_bytes - host_key_bytes,
788     encrypted_key_buf,
789     pvar->crypt_state.server_key.RSA_key,
790     RSA_PKCS1_PADDING) < 0)
791     return 0;
792     }
793     }
794    
795     return 1;
796     }
797    
798     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
799 doda 6801 unsigned char *challenge,
800 maya 3227 int challenge_len,
801 doda 6801 unsigned char *response)
802 maya 3227 {
803     int server_key_bits =
804     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
805     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
806     int server_key_bytes = (server_key_bits + 7) / 8;
807     int host_key_bytes = (host_key_bits + 7) / 8;
808     int session_buf_len = server_key_bytes + host_key_bytes + 8;
809 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
810 maya 3227 char decrypted_challenge[48];
811     int decrypted_challenge_len;
812    
813     decrypted_challenge_len =
814     RSA_private_decrypt(challenge_len, challenge, challenge,
815 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
816 maya 3227 RSA_PKCS1_PADDING);
817     if (decrypted_challenge_len < 0) {
818     free(session_buf);
819     return 0;
820     }
821     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
822     memcpy(decrypted_challenge,
823     challenge + decrypted_challenge_len -
824     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
825     } else {
826     memset(decrypted_challenge, 0,
827     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
828     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
829     decrypted_challenge_len, challenge,
830     decrypted_challenge_len);
831     }
832    
833     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
834     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
835     session_buf + host_key_bytes);
836     memcpy(session_buf + server_key_bytes + host_key_bytes,
837     pvar->crypt_state.server_cookie, 8);
838     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
839    
840     free(session_buf);
841    
842     MD5(decrypted_challenge, 48, response);
843    
844     return 1;
845     }
846    
847 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
848 maya 3227 {
849 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
850     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
851     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
852 maya 3227 memset(state->ivec1, 0, 8);
853     memset(state->ivec2, 0, 8);
854     memset(state->ivec3, 0, 8);
855     }
856    
857 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
858 maya 3227 {
859 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
860 maya 3227 memset(state->ivec, 0, 8);
861     }
862    
863 doda 6801 static void cBlowfish_init(char *session_key,
864     CipherBlowfishState *state)
865 maya 3227 {
866     BF_set_key(&state->k, 32, session_key);
867     memset(state->ivec, 0, 8);
868     }
869    
870    
871     //
872     // SSH2�p�A���S���Y����������
873     //
874     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
875     const u_char *key, u_int keylen,
876     const u_char *iv, u_int ivlen,
877     int encrypt,
878     const EVP_CIPHER *type,
879     int discard_len,
880     PTInstVar pvar)
881     {
882     int klen;
883     char tmp[80];
884     unsigned char *junk = NULL, *discard = NULL;
885    
886     EVP_CIPHER_CTX_init(evp);
887     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
888     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
889     "Cipher initialize error(%d)");
890     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
891 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
892 maya 3227 return;
893     }
894    
895     klen = EVP_CIPHER_CTX_key_length(evp);
896     if (klen > 0 && keylen != klen) {
897     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
898     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
899     "Cipher initialize error(%d)");
900     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
901 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
902 maya 3227 return;
903     }
904     }
905     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
906     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
907     "Cipher initialize error(%d)");
908     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
909 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
910 maya 3227 return;
911     }
912    
913     if (discard_len > 0) {
914     junk = malloc(discard_len);
915     discard = malloc(discard_len);
916     if (junk == NULL || discard == NULL ||
917     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
918     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
919     "Cipher initialize error(%d)");
920     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
921     pvar->ts->UIMsg, 3);
922 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
923 maya 3227 }
924     else {
925 yutakapon 6229 SecureZeroMemory(discard, discard_len);
926 maya 3227 }
927     free(junk);
928     free(discard);
929     }
930     }
931    
932 yutakapon 5545 //
933     // SSH2�p�A���S���Y�����j��
934     //
935     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
936     {
937     EVP_CIPHER_CTX_cleanup(evp);
938     }
939 maya 3227
940 yutakapon 5545
941 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
942     {
943 doda 6716 struct Enc *enc;
944 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
945     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
946 doda 6716 int cipher;
947 maya 3227 BOOL isOK = TRUE;
948    
949     if (sender_flag) {
950 doda 6716 cipher = pvar->crypt_state.sender_cipher;
951     switch (cipher) {
952     case SSH_CIPHER_3DES:
953     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
954     pvar->crypt_state.encrypt = c3DES_encrypt;
955     break;
956 maya 3227
957 doda 6716 case SSH_CIPHER_DES:
958     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
959     pvar->crypt_state.encrypt = cDES_encrypt;
960     break;
961 maya 3227
962 doda 6716 case SSH_CIPHER_BLOWFISH:
963     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
964     pvar->crypt_state.encrypt = cBlowfish_encrypt;
965     break;
966 maya 3227
967 doda 6716 case SSH_CIPHER_NONE:
968     case SSH_CIPHER_IDEA:
969     case SSH_CIPHER_TSS:
970     case SSH_CIPHER_RC4:
971     isOK = FALSE;
972     break;
973 maya 3227
974 doda 6716 default: // SSH2
975     if (cipher <= SSH_CIPHER_MAX) {
976 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
977     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
978 doda 6716 enc->key, get_cipher_key_len(cipher),
979     enc->iv, get_cipher_block_size(cipher),
980 maya 3227 CIPHER_ENCRYPT,
981 doda 6716 get_cipher_EVP_CIPHER(cipher),
982     get_cipher_discard_len(cipher),
983 maya 3227 pvar);
984    
985 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
986 maya 3227 }
987 doda 6716 else {
988     isOK = FALSE;
989 maya 3227 }
990 doda 6716 break;
991 maya 3227 }
992     }
993    
994     if (receiver_flag) {
995 doda 6716 cipher = pvar->crypt_state.receiver_cipher;
996     switch (cipher) {
997     case SSH_CIPHER_3DES:
998     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
999     pvar->crypt_state.decrypt = c3DES_decrypt;
1000     break;
1001 maya 3227
1002 doda 6716 case SSH_CIPHER_DES:
1003     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1004     pvar->crypt_state.decrypt = cDES_decrypt;
1005     break;
1006 maya 3227
1007 doda 6716 case SSH_CIPHER_BLOWFISH:
1008     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1009     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1010     break;
1011 maya 3227
1012 doda 6716 case SSH_CIPHER_NONE:
1013     case SSH_CIPHER_IDEA:
1014     case SSH_CIPHER_TSS:
1015     case SSH_CIPHER_RC4:
1016     isOK = FALSE;
1017     break;
1018 maya 3227
1019 doda 6716 default: // SSH2
1020     if (cipher <= SSH_CIPHER_MAX) {
1021 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1022     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1023 doda 6716 enc->key, get_cipher_key_len(cipher),
1024     enc->iv, get_cipher_block_size(cipher),
1025 maya 3227 CIPHER_DECRYPT,
1026 doda 6716 get_cipher_EVP_CIPHER(cipher),
1027     get_cipher_discard_len(cipher),
1028 maya 3227 pvar);
1029    
1030 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1031 maya 3227 }
1032 doda 6716 else {
1033     isOK = FALSE;
1034 maya 3227 }
1035 doda 6716 break;
1036 maya 3227 }
1037     }
1038    
1039     if (!isOK) {
1040 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1041 maya 3227 "No cipher selected!");
1042 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1043 maya 3227 return FALSE;
1044     } else {
1045     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1046     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1047     return TRUE;
1048     }
1049     }
1050    
1051     void CRYPT_init(PTInstVar pvar)
1052     {
1053     pvar->crypt_state.encrypt = no_encrypt;
1054     pvar->crypt_state.decrypt = no_encrypt;
1055     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1056     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1057     pvar->crypt_state.server_key.RSA_key = NULL;
1058     pvar->crypt_state.host_key.RSA_key = NULL;
1059    
1060     pvar->crypt_state.detect_attack_statics.h = NULL;
1061     pvar->crypt_state.detect_attack_statics.n =
1062     HASH_MINSIZE / HASH_ENTRYSIZE;
1063     }
1064    
1065 doda 6801 static char *get_cipher_name(int cipher)
1066 maya 3227 {
1067     switch (cipher) {
1068     case SSH_CIPHER_NONE:
1069     return "None";
1070     case SSH_CIPHER_3DES:
1071     return "3DES (168 key bits)";
1072     case SSH_CIPHER_DES:
1073     return "DES (56 key bits)";
1074     case SSH_CIPHER_BLOWFISH:
1075     return "Blowfish (256 key bits)";
1076    
1077     // SSH2
1078     case SSH2_CIPHER_3DES_CBC:
1079     return "3DES-CBC";
1080     case SSH2_CIPHER_AES128_CBC:
1081     return "AES128-CBC";
1082     case SSH2_CIPHER_AES192_CBC:
1083     return "AES192-CBC";
1084     case SSH2_CIPHER_AES256_CBC:
1085     return "AES256-CBC";
1086     case SSH2_CIPHER_BLOWFISH_CBC:
1087     return "Blowfish-CBC";
1088     case SSH2_CIPHER_AES128_CTR:
1089     return "AES128-CTR";
1090     case SSH2_CIPHER_AES192_CTR:
1091     return "AES192-CTR";
1092     case SSH2_CIPHER_AES256_CTR:
1093     return "AES256-CTR";
1094     case SSH2_CIPHER_ARCFOUR:
1095     return "Arcfour";
1096     case SSH2_CIPHER_ARCFOUR128:
1097     return "Arcfour128";
1098     case SSH2_CIPHER_ARCFOUR256:
1099     return "Arcfour256";
1100     case SSH2_CIPHER_CAST128_CBC:
1101     return "CAST-128-CBC";
1102 doda 3850 case SSH2_CIPHER_3DES_CTR:
1103     return "3DES-CTR";
1104     case SSH2_CIPHER_BLOWFISH_CTR:
1105     return "Blowfish-CTR";
1106     case SSH2_CIPHER_CAST128_CTR:
1107     return "CAST-128-CTR";
1108 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1109     return "Camellia128-CBC";
1110     case SSH2_CIPHER_CAMELLIA192_CBC:
1111     return "Camellia192-CBC";
1112     case SSH2_CIPHER_CAMELLIA256_CBC:
1113     return "Camellia256-CBC";
1114     case SSH2_CIPHER_CAMELLIA128_CTR:
1115     return "Camellia128-CTR";
1116     case SSH2_CIPHER_CAMELLIA192_CTR:
1117     return "Camellia192-CTR";
1118     case SSH2_CIPHER_CAMELLIA256_CTR:
1119     return "Camellia256-CTR";
1120 maya 3227
1121     default:
1122     return "Unknown";
1123     }
1124     }
1125    
1126 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1127 maya 3227 {
1128     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1129     "%s to server, %s from server");
1130     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1131     get_cipher_name(pvar->crypt_state.sender_cipher),
1132     get_cipher_name(pvar->crypt_state.receiver_cipher));
1133     }
1134    
1135 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1136 maya 3227 {
1137     if (SSHv1(pvar)) {
1138     if (pvar->crypt_state.server_key.RSA_key == NULL
1139     || pvar->crypt_state.host_key.RSA_key == NULL) {
1140     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1141     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1142     } else {
1143     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1144     "%d-bit server key, %d-bit host key");
1145     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1146     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1147     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1148     }
1149     } else { // SSH2
1150 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1151     "%d-bit client key, %d-bit server key");
1152 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1153 maya 4313 pvar->client_key_bits,
1154     pvar->server_key_bits);
1155 maya 3227 }
1156     }
1157    
1158 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1159 maya 3227 {
1160     if (key->RSA_key != NULL) {
1161     RSA_free(key->RSA_key);
1162     key->RSA_key = NULL;
1163     }
1164     }
1165    
1166 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1167 maya 3227 {
1168     destroy_public_key(key);
1169     free(key);
1170     }
1171    
1172     void CRYPT_end(PTInstVar pvar)
1173     {
1174     destroy_public_key(&pvar->crypt_state.host_key);
1175     destroy_public_key(&pvar->crypt_state.server_key);
1176    
1177     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1178 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1179 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1180     free(pvar->crypt_state.detect_attack_statics.h);
1181     }
1182    
1183 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1184 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1185 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1186 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1187 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1188 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1189 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1190 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1191 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1192     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1193 maya 3227 }
1194    
1195 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1196     char *buf, int bytes)
1197 maya 3227 {
1198     unsigned char passphrase_key[16];
1199    
1200     MD5(passphrase, strlen(passphrase), passphrase_key);
1201    
1202     switch (cipher) {
1203     case SSH_CIPHER_3DES:{
1204     Cipher3DESState state;
1205    
1206 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1207 maya 3227 &state.k1);
1208 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1209 maya 3227 &state.k2);
1210 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1211 maya 3227 &state.k3);
1212     memset(state.ivec1, 0, 8);
1213     memset(state.ivec2, 0, 8);
1214     memset(state.ivec3, 0, 8);
1215     DES_ncbc_encrypt(buf, buf, bytes,
1216     &state.k3, &state.ivec3, DES_DECRYPT);
1217     DES_ncbc_encrypt(buf, buf, bytes,
1218     &state.k2, &state.ivec2, DES_ENCRYPT);
1219     DES_ncbc_encrypt(buf, buf, bytes,
1220     &state.k1, &state.ivec1, DES_DECRYPT);
1221     break;
1222     }
1223    
1224     case SSH_CIPHER_DES:{
1225     CipherDESState state;
1226    
1227     cDES_init(passphrase_key, &state);
1228     DES_ncbc_encrypt(buf, buf, bytes,
1229     &state.k, &state.ivec, DES_DECRYPT);
1230     break;
1231     }
1232    
1233     case SSH_CIPHER_BLOWFISH:{
1234     CipherBlowfishState state;
1235    
1236     BF_set_key(&state.k, 16, passphrase_key);
1237     memset(state.ivec, 0, 8);
1238     flip_endianness(buf, bytes);
1239     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1240     BF_DECRYPT);
1241     flip_endianness(buf, bytes);
1242     break;
1243     }
1244    
1245     case SSH_CIPHER_NONE:
1246     break;
1247    
1248     default:
1249 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1250 maya 3227 return 0;
1251     }
1252    
1253 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1254 maya 3227 return 1;
1255     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help