Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6982 - (hide annotations) (download) (as text)
Sat Nov 25 15:26:31 2017 UTC (6 years, 4 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 37421 byte(s) 
負にならない(なるべきでない)変数、関数を unsigned int に変更
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3     * (C) 2004-2017 TeraTerm Project
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75    
76 doda 6801 static char *get_cipher_name(int cipher);
77 maya 3227
78 doda 6801 static void crc_update(uint32 *a, uint32 b)
79 maya 3227 {
80     b ^= *a;
81 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
82 maya 3227 }
83    
84     /* check_crc
85     detects if a block is used in a particular pattern
86     */
87    
88 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
89     uint32 len, unsigned char *IV)
90 maya 3227 {
91     uint32 crc;
92 doda 6801 unsigned char *c;
93 maya 3227
94     crc = 0;
95     if (IV && !CMP(S, IV)) {
96     crc_update(&crc, 1);
97     crc_update(&crc, 0);
98     }
99     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100     if (!CMP(S, c)) {
101     crc_update(&crc, 1);
102     crc_update(&crc, 0);
103     } else {
104     crc_update(&crc, 0);
105     crc_update(&crc, 0);
106     }
107     }
108    
109     return crc == 0;
110     }
111    
112    
113     /*
114     detect_attack
115     Detects a crc32 compensation attack on a packet
116     */
117 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
118     unsigned char *buf, uint32 len,
119     unsigned char *IV)
120 maya 3227 {
121 doda 6801 uint32 *h = statics->h;
122 maya 3227 uint32 n = statics->n;
123     uint32 i, j;
124     uint32 l;
125 doda 6801 unsigned char *c;
126     unsigned char *d;
127 maya 3227
128     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129     }
130    
131     if (h == NULL) {
132     n = l;
133 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 maya 3227 } else {
135     if (l > n) {
136     n = l;
137 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 maya 3227 }
139     }
140    
141     statics->h = h;
142     statics->n = n;
143    
144     if (len <= HASH_MINBLOCKS) {
145     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146     if (IV && (!CMP(c, IV))) {
147     if ((check_crc(c, buf, len, IV)))
148     return DEATTACK_DETECTED;
149     else
150     break;
151     }
152     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153     if (!CMP(c, d)) {
154     if ((check_crc(c, buf, len, IV)))
155     return DEATTACK_DETECTED;
156     else
157     break;
158     }
159     }
160     }
161     return (DEATTACK_OK);
162     }
163     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164    
165     if (IV) {
166     h[HASH(IV) & (n - 1)] = HASH_IV;
167     }
168    
169     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171     i = (i + 1) & (n - 1)) {
172     if (h[i] == HASH_IV) {
173     if (!CMP(c, IV)) {
174     if (check_crc(c, buf, len, IV))
175     return DEATTACK_DETECTED;
176     else
177     break;
178     }
179     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180     if (check_crc(c, buf, len, IV))
181     return DEATTACK_DETECTED;
182     else
183     break;
184     }
185     }
186     h[i] = j;
187     }
188    
189     return DEATTACK_OK;
190     }
191    
192 doda 6980 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 maya 3227 {
194 doda 6980 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195     return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 maya 3227 } else {
197     return FALSE;
198     }
199     }
200    
201 doda 6801 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
202 maya 3227 {
203     }
204    
205 doda 6801 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
206 maya 3227 {
207 doda 6716 unsigned char *newbuf;
208 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
209 doda 4212 char tmp[80];
210 maya 3227
211     if (bytes == 0)
212     return;
213    
214     if (bytes % block_size) {
215 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
216     "%s encrypt error(1): bytes %d (%d)");
217     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
218 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
219     bytes, block_size);
220 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
221 maya 3227 return;
222     }
223    
224 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
225 maya 3227 return;
226    
227     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
228 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
229     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
230 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
231 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
232 maya 3227 } else {
233     memcpy(buf, newbuf, bytes);
234     }
235    
236     free(newbuf);
237     }
238    
239 doda 6801 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
240 maya 3227 {
241 doda 6716 unsigned char *newbuf;
242 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
243 doda 4212 char tmp[80];
244 maya 3227
245     if (bytes == 0)
246     return;
247    
248     if (bytes % block_size) {
249 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
250     "%s decrypt error(1): bytes %d (%d)");
251     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
252 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
253     bytes, block_size);
254 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
255 maya 3227 return;
256     }
257    
258 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
259 maya 3227 return;
260    
261     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
262 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
263     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
264 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
265 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
266 maya 3227 } else {
267     memcpy(buf, newbuf, bytes);
268     }
269    
270     free(newbuf);
271     }
272    
273 doda 6801 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
274 maya 3227 {
275 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
276 maya 3227
277     DES_ncbc_encrypt(buf, buf, bytes,
278     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
279     DES_ncbc_encrypt(buf, buf, bytes,
280     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
281     DES_ncbc_encrypt(buf, buf, bytes,
282     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
283     }
284    
285 doda 6801 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
286 maya 3227 {
287 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
288 maya 3227
289     DES_ncbc_encrypt(buf, buf, bytes,
290     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
291     DES_ncbc_encrypt(buf, buf, bytes,
292     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
293     DES_ncbc_encrypt(buf, buf, bytes,
294     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
295     }
296    
297 doda 6801 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
298 maya 3227 {
299 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
300 maya 3227
301     DES_ncbc_encrypt(buf, buf, bytes,
302     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
303     }
304    
305 doda 6801 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
306 maya 3227 {
307 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
308 maya 3227
309     DES_ncbc_encrypt(buf, buf, bytes,
310     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
311     }
312    
313 doda 6801 static void flip_endianness(unsigned char *cbuf, int bytes)
314 maya 3227 {
315 doda 6801 uint32 *buf = (uint32 *) cbuf;
316 maya 3227 int count = bytes / 4;
317    
318     while (count > 0) {
319     uint32 w = *buf;
320    
321     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
322     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
323     count--;
324     buf++;
325     }
326     }
327    
328 doda 6801 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
329 maya 3227 {
330 doda 6801 CipherBlowfishState *encryptstate =
331 maya 3227 &pvar->crypt_state.enc.cBlowfish;
332    
333     flip_endianness(buf, bytes);
334     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
335     BF_ENCRYPT);
336     flip_endianness(buf, bytes);
337     }
338    
339 doda 6801 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
340 maya 3227 {
341 doda 6801 CipherBlowfishState *decryptstate =
342 maya 3227 &pvar->crypt_state.dec.cBlowfish;
343    
344     flip_endianness(buf, bytes);
345     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
346     BF_DECRYPT);
347     flip_endianness(buf, bytes);
348     }
349    
350 doda 6801 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
351 maya 3227 {
352     RAND_bytes(buf, bytes);
353     }
354    
355     void CRYPT_initialize_random_numbers(PTInstVar pvar)
356     {
357 maya 4550 // ����������������������
358     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
359     //RAND_screen();
360 maya 3227 }
361    
362 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
363 maya 3227 {
364     int bits = get_ushort16_MSBfirst(bytes);
365    
366     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
367     }
368    
369     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
370 doda 6801 RSA *make_key(PTInstVar pvar,
371     int bits, unsigned char *exp,
372     unsigned char *mod)
373 maya 3227 {
374 doda 6801 RSA *key = RSA_new();
375 maya 3227
376     if (key != NULL) {
377     key->e = get_bignum(exp);
378     key->n = get_bignum(mod);
379     }
380    
381     if (key == NULL || key->e == NULL || key->n == NULL) {
382     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
383     "Error setting up RSA keys");
384 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
385 maya 3227
386     if (key != NULL) {
387     if (key->e != NULL) {
388     BN_free(key->e);
389     }
390     if (key->n != NULL) {
391     BN_free(key->n);
392     }
393     RSA_free(key);
394     }
395    
396     return NULL;
397     } else {
398     return key;
399     }
400     }
401    
402 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
403 maya 3227 {
404     if (SSHv1(pvar)) {
405     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
406     } else {
407     memcpy(pvar->crypt_state.server_cookie, cookie,
408     SSH2_COOKIE_LENGTH);
409     }
410     }
411    
412 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
413 maya 3227 {
414     if (SSHv2(pvar)) {
415     memcpy(pvar->crypt_state.client_cookie, cookie,
416     SSH2_COOKIE_LENGTH);
417     }
418     }
419    
420     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
421 doda 6801 int bits, unsigned char *exp,
422     unsigned char *mod)
423 maya 3227 {
424     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
425    
426     return pvar->crypt_state.server_key.RSA_key != NULL;
427     }
428    
429     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
430 doda 6801 int bits, unsigned char *exp,
431     unsigned char *mod)
432 maya 3227 {
433     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
434    
435     return pvar->crypt_state.host_key.RSA_key != NULL;
436     }
437    
438     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
439     int receiver_ciphers)
440     {
441     int cipher_mask;
442    
443     if (SSHv1(pvar)) {
444     cipher_mask = (1 << SSH_CIPHER_DES)
445     | (1 << SSH_CIPHER_3DES)
446     | (1 << SSH_CIPHER_BLOWFISH);
447    
448     } else { // for SSH2(yutaka)
449     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
450 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
451 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
452     | (1 << SSH2_CIPHER_AES192_CBC)
453     | (1 << SSH2_CIPHER_AES256_CBC)
454     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
455     | (1 << SSH2_CIPHER_AES128_CTR)
456     | (1 << SSH2_CIPHER_AES192_CTR)
457     | (1 << SSH2_CIPHER_AES256_CTR)
458     | (1 << SSH2_CIPHER_ARCFOUR)
459     | (1 << SSH2_CIPHER_ARCFOUR128)
460     | (1 << SSH2_CIPHER_ARCFOUR256)
461 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
462     | (1 << SSH2_CIPHER_3DES_CTR)
463     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
464 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
465     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
466     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
467     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
468     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
469     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
470     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
471     );
472 maya 3227 }
473    
474     sender_ciphers &= cipher_mask;
475     receiver_ciphers &= cipher_mask;
476     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
477     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
478    
479     if (sender_ciphers == 0) {
480     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
481     "The server does not support any of the TTSSH encryption algorithms.\n"
482     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
483     "The connection will be closed.");
484 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
485 maya 3227 return FALSE;
486     } else if (receiver_ciphers == 0) {
487     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
488     "The server does not support any of the TTSSH encryption algorithms.\n"
489     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
490     "The connection will be closed.");
491 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492 maya 3227 return FALSE;
493     } else {
494     return TRUE;
495     }
496     }
497    
498 doda 6982 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
499 maya 3227 {
500     if (SSHv1(pvar)) {
501     return 8;
502     } else {
503     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
504     // cf. 3DES=8, AES128=16
505     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
506     }
507     }
508    
509 doda 6982 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
510 maya 3227 {
511     if (SSHv1(pvar)) {
512     return 8;
513     } else {
514     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
515     // cf. 3DES=8, AES128=16
516     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
517     }
518     }
519    
520 doda 6982 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
521 maya 3227 {
522     struct Mac *mac;
523    
524     if (SSHv1(pvar)) {
525     return 0;
526    
527     } else { // for SSH2(yutaka)
528     mac = &pvar->ssh2_keys[MODE_IN].mac;
529     if (mac == NULL || mac->enabled == 0)
530     return 0;
531    
532     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
533     }
534    
535     }
536    
537     // HMAC������
538     // ���{������ SSH2 �������g�p�������B
539     // (2004.12.17 yutaka)
540     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
541 doda 6801 char *data, int len, char *MAC)
542 maya 3227 {
543     HMAC_CTX c;
544     unsigned char m[EVP_MAX_MD_SIZE];
545     unsigned char b[4];
546     struct Mac *mac;
547    
548     mac = &pvar->ssh2_keys[MODE_IN].mac;
549    
550     // HMAC�������L���������������A����OK�����������B
551 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
552 maya 3227 return TRUE;
553    
554 yutakapon 6302 if (mac->key == NULL) {
555 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
556 maya 3227 goto error;
557 yutakapon 6302 }
558 maya 3227
559 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
560 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
561 yutakapon 6302 mac->mac_len, sizeof(m), sequence_number, len);
562 maya 3227 goto error;
563 yutakapon 6302 }
564 maya 3227
565     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
566     set_uint32_MSBfirst(b, sequence_number);
567     HMAC_Update(&c, b, sizeof(b));
568     HMAC_Update(&c, data, len);
569     HMAC_Final(&c, m, NULL);
570     HMAC_cleanup(&c);
571    
572     if (memcmp(m, MAC, mac->mac_len)) {
573 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
574     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
575     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
576 maya 3227 goto error;
577     }
578    
579     return TRUE;
580    
581     error:
582     return FALSE;
583     }
584    
585 doda 6982 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
586 maya 3227 {
587     struct Mac *mac;
588    
589     if (SSHv2(pvar)) { // for SSH2(yutaka)
590     mac = &pvar->ssh2_keys[MODE_OUT].mac;
591     if (mac == NULL || mac->enabled == 0)
592     return 0;
593    
594     return (mac->mac_len);
595     }
596    
597     return 0;
598     }
599    
600     // for SSH2
601     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
602 doda 6801 char *data, int len, char *MAC)
603 maya 3227 {
604     HMAC_CTX c;
605     static u_char m[EVP_MAX_MD_SIZE];
606     u_char b[4];
607     struct Mac *mac;
608    
609     if (SSHv2(pvar)) { // for SSH2(yutaka)
610     mac = &pvar->ssh2_keys[MODE_OUT].mac;
611     if (mac == NULL || mac->enabled == 0)
612     return FALSE;
613    
614     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
615     set_uint32_MSBfirst(b, sequence_number);
616     HMAC_Update(&c, b, sizeof(b));
617     HMAC_Update(&c, data, len);
618     HMAC_Final(&c, m, NULL);
619     HMAC_cleanup(&c);
620    
621     // 20�o�C�g�������R�s�[
622     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
623     // memcpy(MAC, m, sizeof(m));
624    
625     return TRUE;
626     }
627    
628     return TRUE;
629    
630     }
631    
632     static int choose_cipher(PTInstVar pvar, int supported)
633     {
634     int i;
635    
636     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
637     int cipher = pvar->session_settings.CipherOrder[i] - '0';
638    
639     if (cipher == SSH_CIPHER_NONE) {
640     break;
641     } else if ((supported & (1 << cipher)) != 0) {
642     return cipher;
643     }
644     }
645    
646     return SSH_CIPHER_NONE;
647     }
648    
649     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
650     {
651     if (SSHv1(pvar)) {
652     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
653     pvar->crypt_state.
654     supported_sender_ciphers);
655     pvar->crypt_state.receiver_cipher =
656     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
657    
658     } else { // SSH2(yutaka)
659     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
660     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
661    
662     }
663    
664     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
665     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
666 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
667 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
668     "To communicate with this server, you will have to enable some more ciphers\n"
669     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
670     "This connection will now close.");
671 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
672 maya 3227 return FALSE;
673     } else {
674     return TRUE;
675     }
676     }
677    
678 doda 6982 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
679 maya 3227 {
680     int server_key_bits =
681     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
682     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
683     int server_key_bytes = (server_key_bits + 7) / 8;
684     int host_key_bytes = (host_key_bits + 7) / 8;
685    
686     if (server_key_bits < host_key_bits) {
687     return host_key_bytes;
688     } else {
689     return server_key_bytes;
690     }
691     }
692    
693     int CRYPT_choose_session_key(PTInstVar pvar,
694 doda 6801 unsigned char *encrypted_key_buf)
695 maya 3227 {
696     int server_key_bits =
697     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
698     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
699     int server_key_bytes = (server_key_bits + 7) / 8;
700     int host_key_bytes = (host_key_bits + 7) / 8;
701     int encrypted_key_bytes;
702     int bit_delta;
703    
704     if (server_key_bits < host_key_bits) {
705     encrypted_key_bytes = host_key_bytes;
706     bit_delta = host_key_bits - server_key_bits;
707     } else {
708     encrypted_key_bytes = server_key_bytes;
709     bit_delta = server_key_bits - host_key_bits;
710     }
711    
712     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
713 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
714 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
715 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
716 maya 3227 return 0;
717     } else {
718     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
719     for the session ID, rather than the one specified in the RFC */
720     int session_buf_len = server_key_bytes + host_key_bytes + 8;
721 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
722 maya 3227 char session_id[16];
723     int i;
724    
725     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
726     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
727     session_buf + host_key_bytes);
728     memcpy(session_buf + server_key_bytes + host_key_bytes,
729     pvar->crypt_state.server_cookie, 8);
730     MD5(session_buf, session_buf_len, session_id);
731    
732     free(session_buf);
733    
734     RAND_bytes(pvar->crypt_state.sender_cipher_key,
735     SSH_SESSION_KEY_LENGTH);
736     memcpy(pvar->crypt_state.receiver_cipher_key,
737     pvar->crypt_state.sender_cipher_key,
738     SSH_SESSION_KEY_LENGTH);
739    
740     memcpy(encrypted_key_buf + encrypted_key_bytes -
741     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
742     SSH_SESSION_KEY_LENGTH);
743     for (i = 0; i < sizeof(session_id); i++) {
744     encrypted_key_buf[encrypted_key_bytes -
745     SSH_SESSION_KEY_LENGTH + i]
746     ^= session_id[i];
747     }
748    
749     if (host_key_bits > server_key_bits) {
750     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
751     encrypted_key_buf +
752     encrypted_key_bytes -
753     SSH_SESSION_KEY_LENGTH,
754     encrypted_key_buf +
755     encrypted_key_bytes - server_key_bytes,
756     pvar->crypt_state.server_key.RSA_key,
757     RSA_PKCS1_PADDING) < 0)
758     return 0;
759    
760     if (RSA_public_encrypt(server_key_bytes,
761     encrypted_key_buf +
762     encrypted_key_bytes - server_key_bytes,
763     encrypted_key_buf,
764     pvar->crypt_state.host_key.RSA_key,
765     RSA_PKCS1_PADDING) < 0)
766     return 0;
767     } else {
768     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
769     encrypted_key_buf +
770     encrypted_key_bytes -
771     SSH_SESSION_KEY_LENGTH,
772     encrypted_key_buf +
773     encrypted_key_bytes - host_key_bytes,
774     pvar->crypt_state.host_key.RSA_key,
775     RSA_PKCS1_PADDING) < 0)
776     return 0;
777    
778     if (RSA_public_encrypt(host_key_bytes,
779     encrypted_key_buf +
780     encrypted_key_bytes - host_key_bytes,
781     encrypted_key_buf,
782     pvar->crypt_state.server_key.RSA_key,
783     RSA_PKCS1_PADDING) < 0)
784     return 0;
785     }
786     }
787    
788     return 1;
789     }
790    
791     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
792 doda 6801 unsigned char *challenge,
793 maya 3227 int challenge_len,
794 doda 6801 unsigned char *response)
795 maya 3227 {
796     int server_key_bits =
797     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
798     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
799     int server_key_bytes = (server_key_bits + 7) / 8;
800     int host_key_bytes = (host_key_bits + 7) / 8;
801     int session_buf_len = server_key_bytes + host_key_bytes + 8;
802 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
803 maya 3227 char decrypted_challenge[48];
804     int decrypted_challenge_len;
805    
806     decrypted_challenge_len =
807     RSA_private_decrypt(challenge_len, challenge, challenge,
808 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
809 maya 3227 RSA_PKCS1_PADDING);
810     if (decrypted_challenge_len < 0) {
811     free(session_buf);
812     return 0;
813     }
814     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
815     memcpy(decrypted_challenge,
816     challenge + decrypted_challenge_len -
817     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
818     } else {
819     memset(decrypted_challenge, 0,
820     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
821     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
822     decrypted_challenge_len, challenge,
823     decrypted_challenge_len);
824     }
825    
826     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
827     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
828     session_buf + host_key_bytes);
829     memcpy(session_buf + server_key_bytes + host_key_bytes,
830     pvar->crypt_state.server_cookie, 8);
831     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
832    
833     free(session_buf);
834    
835     MD5(decrypted_challenge, 48, response);
836    
837     return 1;
838     }
839    
840 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
841 maya 3227 {
842 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
843     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
844     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
845 maya 3227 memset(state->ivec1, 0, 8);
846     memset(state->ivec2, 0, 8);
847     memset(state->ivec3, 0, 8);
848     }
849    
850 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
851 maya 3227 {
852 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
853 maya 3227 memset(state->ivec, 0, 8);
854     }
855    
856 doda 6801 static void cBlowfish_init(char *session_key,
857     CipherBlowfishState *state)
858 maya 3227 {
859     BF_set_key(&state->k, 32, session_key);
860     memset(state->ivec, 0, 8);
861     }
862    
863    
864     //
865     // SSH2�p�A���S���Y����������
866     //
867     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
868     const u_char *key, u_int keylen,
869     const u_char *iv, u_int ivlen,
870     int encrypt,
871     const EVP_CIPHER *type,
872     int discard_len,
873     PTInstVar pvar)
874     {
875     int klen;
876     char tmp[80];
877     unsigned char *junk = NULL, *discard = NULL;
878    
879     EVP_CIPHER_CTX_init(evp);
880     if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
881     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
882     "Cipher initialize error(%d)");
883     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
884 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
885 maya 3227 return;
886     }
887    
888     klen = EVP_CIPHER_CTX_key_length(evp);
889     if (klen > 0 && keylen != klen) {
890     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
891     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
892     "Cipher initialize error(%d)");
893     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
894 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
895 maya 3227 return;
896     }
897     }
898     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
899     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
900     "Cipher initialize error(%d)");
901     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
902 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
903 maya 3227 return;
904     }
905    
906     if (discard_len > 0) {
907     junk = malloc(discard_len);
908     discard = malloc(discard_len);
909     if (junk == NULL || discard == NULL ||
910     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
911     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
912     "Cipher initialize error(%d)");
913     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
914     pvar->ts->UIMsg, 3);
915 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
916 maya 3227 }
917     else {
918 yutakapon 6229 SecureZeroMemory(discard, discard_len);
919 maya 3227 }
920     free(junk);
921     free(discard);
922     }
923     }
924    
925 yutakapon 5545 //
926     // SSH2�p�A���S���Y�����j��
927     //
928     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
929     {
930     EVP_CIPHER_CTX_cleanup(evp);
931     }
932 maya 3227
933 yutakapon 5545
934 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
935     {
936 doda 6716 struct Enc *enc;
937 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
938     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
939 doda 6716 int cipher;
940 maya 3227 BOOL isOK = TRUE;
941    
942     if (sender_flag) {
943 doda 6716 cipher = pvar->crypt_state.sender_cipher;
944     switch (cipher) {
945     case SSH_CIPHER_3DES:
946     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
947     pvar->crypt_state.encrypt = c3DES_encrypt;
948     break;
949 maya 3227
950 doda 6716 case SSH_CIPHER_DES:
951     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
952     pvar->crypt_state.encrypt = cDES_encrypt;
953     break;
954 maya 3227
955 doda 6716 case SSH_CIPHER_BLOWFISH:
956     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
957     pvar->crypt_state.encrypt = cBlowfish_encrypt;
958     break;
959 maya 3227
960 doda 6716 case SSH_CIPHER_NONE:
961     case SSH_CIPHER_IDEA:
962     case SSH_CIPHER_TSS:
963     case SSH_CIPHER_RC4:
964     isOK = FALSE;
965     break;
966 maya 3227
967 doda 6716 default: // SSH2
968     if (cipher <= SSH_CIPHER_MAX) {
969 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
970     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
971 doda 6716 enc->key, get_cipher_key_len(cipher),
972     enc->iv, get_cipher_block_size(cipher),
973 maya 3227 CIPHER_ENCRYPT,
974 doda 6716 get_cipher_EVP_CIPHER(cipher),
975     get_cipher_discard_len(cipher),
976 maya 3227 pvar);
977    
978 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
979 maya 3227 }
980 doda 6716 else {
981     isOK = FALSE;
982 maya 3227 }
983 doda 6716 break;
984 maya 3227 }
985     }
986    
987     if (receiver_flag) {
988 doda 6716 cipher = pvar->crypt_state.receiver_cipher;
989     switch (cipher) {
990     case SSH_CIPHER_3DES:
991     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
992     pvar->crypt_state.decrypt = c3DES_decrypt;
993     break;
994 maya 3227
995 doda 6716 case SSH_CIPHER_DES:
996     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
997     pvar->crypt_state.decrypt = cDES_decrypt;
998     break;
999 maya 3227
1000 doda 6716 case SSH_CIPHER_BLOWFISH:
1001     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1002     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1003     break;
1004 maya 3227
1005 doda 6716 case SSH_CIPHER_NONE:
1006     case SSH_CIPHER_IDEA:
1007     case SSH_CIPHER_TSS:
1008     case SSH_CIPHER_RC4:
1009     isOK = FALSE;
1010     break;
1011 maya 3227
1012 doda 6716 default: // SSH2
1013     if (cipher <= SSH_CIPHER_MAX) {
1014 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1015     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1016 doda 6716 enc->key, get_cipher_key_len(cipher),
1017     enc->iv, get_cipher_block_size(cipher),
1018 maya 3227 CIPHER_DECRYPT,
1019 doda 6716 get_cipher_EVP_CIPHER(cipher),
1020     get_cipher_discard_len(cipher),
1021 maya 3227 pvar);
1022    
1023 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1024 maya 3227 }
1025 doda 6716 else {
1026     isOK = FALSE;
1027 maya 3227 }
1028 doda 6716 break;
1029 maya 3227 }
1030     }
1031    
1032     if (!isOK) {
1033 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1034 maya 3227 "No cipher selected!");
1035 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1036 maya 3227 return FALSE;
1037     } else {
1038     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1039     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1040     return TRUE;
1041     }
1042     }
1043    
1044     void CRYPT_init(PTInstVar pvar)
1045     {
1046     pvar->crypt_state.encrypt = no_encrypt;
1047     pvar->crypt_state.decrypt = no_encrypt;
1048     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1049     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1050     pvar->crypt_state.server_key.RSA_key = NULL;
1051     pvar->crypt_state.host_key.RSA_key = NULL;
1052    
1053     pvar->crypt_state.detect_attack_statics.h = NULL;
1054     pvar->crypt_state.detect_attack_statics.n =
1055     HASH_MINSIZE / HASH_ENTRYSIZE;
1056     }
1057    
1058 doda 6801 static char *get_cipher_name(int cipher)
1059 maya 3227 {
1060     switch (cipher) {
1061     case SSH_CIPHER_NONE:
1062     return "None";
1063     case SSH_CIPHER_3DES:
1064     return "3DES (168 key bits)";
1065     case SSH_CIPHER_DES:
1066     return "DES (56 key bits)";
1067     case SSH_CIPHER_BLOWFISH:
1068     return "Blowfish (256 key bits)";
1069    
1070     // SSH2
1071     case SSH2_CIPHER_3DES_CBC:
1072     return "3DES-CBC";
1073     case SSH2_CIPHER_AES128_CBC:
1074     return "AES128-CBC";
1075     case SSH2_CIPHER_AES192_CBC:
1076     return "AES192-CBC";
1077     case SSH2_CIPHER_AES256_CBC:
1078     return "AES256-CBC";
1079     case SSH2_CIPHER_BLOWFISH_CBC:
1080     return "Blowfish-CBC";
1081     case SSH2_CIPHER_AES128_CTR:
1082     return "AES128-CTR";
1083     case SSH2_CIPHER_AES192_CTR:
1084     return "AES192-CTR";
1085     case SSH2_CIPHER_AES256_CTR:
1086     return "AES256-CTR";
1087     case SSH2_CIPHER_ARCFOUR:
1088     return "Arcfour";
1089     case SSH2_CIPHER_ARCFOUR128:
1090     return "Arcfour128";
1091     case SSH2_CIPHER_ARCFOUR256:
1092     return "Arcfour256";
1093     case SSH2_CIPHER_CAST128_CBC:
1094     return "CAST-128-CBC";
1095 doda 3850 case SSH2_CIPHER_3DES_CTR:
1096     return "3DES-CTR";
1097     case SSH2_CIPHER_BLOWFISH_CTR:
1098     return "Blowfish-CTR";
1099     case SSH2_CIPHER_CAST128_CTR:
1100     return "CAST-128-CTR";
1101 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1102     return "Camellia128-CBC";
1103     case SSH2_CIPHER_CAMELLIA192_CBC:
1104     return "Camellia192-CBC";
1105     case SSH2_CIPHER_CAMELLIA256_CBC:
1106     return "Camellia256-CBC";
1107     case SSH2_CIPHER_CAMELLIA128_CTR:
1108     return "Camellia128-CTR";
1109     case SSH2_CIPHER_CAMELLIA192_CTR:
1110     return "Camellia192-CTR";
1111     case SSH2_CIPHER_CAMELLIA256_CTR:
1112     return "Camellia256-CTR";
1113 maya 3227
1114     default:
1115     return "Unknown";
1116     }
1117     }
1118    
1119 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1120 maya 3227 {
1121     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1122     "%s to server, %s from server");
1123     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1124     get_cipher_name(pvar->crypt_state.sender_cipher),
1125     get_cipher_name(pvar->crypt_state.receiver_cipher));
1126     }
1127    
1128 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1129 maya 3227 {
1130     if (SSHv1(pvar)) {
1131     if (pvar->crypt_state.server_key.RSA_key == NULL
1132     || pvar->crypt_state.host_key.RSA_key == NULL) {
1133     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1134     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1135     } else {
1136     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1137     "%d-bit server key, %d-bit host key");
1138     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1139     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1140     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1141     }
1142     } else { // SSH2
1143 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1144     "%d-bit client key, %d-bit server key");
1145 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1146 maya 4313 pvar->client_key_bits,
1147     pvar->server_key_bits);
1148 maya 3227 }
1149     }
1150    
1151 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1152 maya 3227 {
1153     if (key->RSA_key != NULL) {
1154     RSA_free(key->RSA_key);
1155     key->RSA_key = NULL;
1156     }
1157     }
1158    
1159 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1160 maya 3227 {
1161     destroy_public_key(key);
1162     free(key);
1163     }
1164    
1165     void CRYPT_end(PTInstVar pvar)
1166     {
1167     destroy_public_key(&pvar->crypt_state.host_key);
1168     destroy_public_key(&pvar->crypt_state.server_key);
1169    
1170     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1171 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1172 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1173     free(pvar->crypt_state.detect_attack_statics.h);
1174     }
1175    
1176 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1177 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1178 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1179 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1180 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1181 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1182 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1183 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1184 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1185     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1186 maya 3227 }
1187    
1188 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1189     char *buf, int bytes)
1190 maya 3227 {
1191     unsigned char passphrase_key[16];
1192    
1193     MD5(passphrase, strlen(passphrase), passphrase_key);
1194    
1195     switch (cipher) {
1196     case SSH_CIPHER_3DES:{
1197     Cipher3DESState state;
1198    
1199 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1200 maya 3227 &state.k1);
1201 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1202 maya 3227 &state.k2);
1203 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1204 maya 3227 &state.k3);
1205     memset(state.ivec1, 0, 8);
1206     memset(state.ivec2, 0, 8);
1207     memset(state.ivec3, 0, 8);
1208     DES_ncbc_encrypt(buf, buf, bytes,
1209     &state.k3, &state.ivec3, DES_DECRYPT);
1210     DES_ncbc_encrypt(buf, buf, bytes,
1211     &state.k2, &state.ivec2, DES_ENCRYPT);
1212     DES_ncbc_encrypt(buf, buf, bytes,
1213     &state.k1, &state.ivec1, DES_DECRYPT);
1214     break;
1215     }
1216    
1217     case SSH_CIPHER_DES:{
1218     CipherDESState state;
1219    
1220     cDES_init(passphrase_key, &state);
1221     DES_ncbc_encrypt(buf, buf, bytes,
1222     &state.k, &state.ivec, DES_DECRYPT);
1223     break;
1224     }
1225    
1226     case SSH_CIPHER_BLOWFISH:{
1227     CipherBlowfishState state;
1228    
1229     BF_set_key(&state.k, 16, passphrase_key);
1230     memset(state.ivec, 0, 8);
1231     flip_endianness(buf, bytes);
1232     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1233     BF_DECRYPT);
1234     flip_endianness(buf, bytes);
1235     break;
1236     }
1237    
1238     case SSH_CIPHER_NONE:
1239     break;
1240    
1241     default:
1242 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1243 maya 3227 return 0;
1244     }
1245    
1246 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1247 maya 3227 return 1;
1248     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help