Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6988 - (hide annotations) (download) (as text)
Tue Nov 28 01:18:22 2017 UTC (6 years, 4 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41526 byte(s) 
SSH2 暗号方式を小文字に統一
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3     * (C) 2004-2017 TeraTerm Project
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75    
76 doda 6801 static char *get_cipher_name(int cipher);
77 maya 3227
78 doda 6801 static void crc_update(uint32 *a, uint32 b)
79 maya 3227 {
80     b ^= *a;
81 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
82 maya 3227 }
83    
84     /* check_crc
85     detects if a block is used in a particular pattern
86     */
87    
88 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
89     uint32 len, unsigned char *IV)
90 maya 3227 {
91     uint32 crc;
92 doda 6801 unsigned char *c;
93 maya 3227
94     crc = 0;
95     if (IV && !CMP(S, IV)) {
96     crc_update(&crc, 1);
97     crc_update(&crc, 0);
98     }
99     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100     if (!CMP(S, c)) {
101     crc_update(&crc, 1);
102     crc_update(&crc, 0);
103     } else {
104     crc_update(&crc, 0);
105     crc_update(&crc, 0);
106     }
107     }
108    
109     return crc == 0;
110     }
111    
112    
113     /*
114     detect_attack
115     Detects a crc32 compensation attack on a packet
116     */
117 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
118     unsigned char *buf, uint32 len,
119     unsigned char *IV)
120 maya 3227 {
121 doda 6801 uint32 *h = statics->h;
122 maya 3227 uint32 n = statics->n;
123     uint32 i, j;
124     uint32 l;
125 doda 6801 unsigned char *c;
126     unsigned char *d;
127 maya 3227
128     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129     }
130    
131     if (h == NULL) {
132     n = l;
133 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 maya 3227 } else {
135     if (l > n) {
136     n = l;
137 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 maya 3227 }
139     }
140    
141     statics->h = h;
142     statics->n = n;
143    
144     if (len <= HASH_MINBLOCKS) {
145     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146     if (IV && (!CMP(c, IV))) {
147     if ((check_crc(c, buf, len, IV)))
148     return DEATTACK_DETECTED;
149     else
150     break;
151     }
152     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153     if (!CMP(c, d)) {
154     if ((check_crc(c, buf, len, IV)))
155     return DEATTACK_DETECTED;
156     else
157     break;
158     }
159     }
160     }
161     return (DEATTACK_OK);
162     }
163     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164    
165     if (IV) {
166     h[HASH(IV) & (n - 1)] = HASH_IV;
167     }
168    
169     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171     i = (i + 1) & (n - 1)) {
172     if (h[i] == HASH_IV) {
173     if (!CMP(c, IV)) {
174     if (check_crc(c, buf, len, IV))
175     return DEATTACK_DETECTED;
176     else
177     break;
178     }
179     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180     if (check_crc(c, buf, len, IV))
181     return DEATTACK_DETECTED;
182     else
183     break;
184     }
185     }
186     h[i] = j;
187     }
188    
189     return DEATTACK_OK;
190     }
191    
192 doda 6980 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 maya 3227 {
194 doda 6980 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195     return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 maya 3227 } else {
197     return FALSE;
198     }
199     }
200    
201 doda 6985 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202     {
203     unsigned char *newbuf = NULL;
204     unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205     unsigned char lastiv[1];
206     char tmp[80];
207     EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_OUT];
208    
209     if (bytes == 0)
210     return TRUE;
211    
212     if (bytes % block_size) {
213     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
214     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
215     get_cipher_name(pvar->crypt_state.sender_cipher),
216     bytes, block_size);
217     notify_fatal_error(pvar, tmp, TRUE);
218     return FALSE;
219     }
220    
221     if ((newbuf = malloc(bytes)) == NULL)
222     goto err;
223    
224     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
225     goto err;
226    
227     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
228     goto err;
229    
230     if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
231     goto err;
232    
233     memcpy(data+aadlen, newbuf, bytes);
234    
235     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
236     goto err;
237    
238     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
239     goto err;
240    
241     free(newbuf);
242    
243     return TRUE;
244    
245     err:
246     free(newbuf);
247    
248     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
249     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
250     get_cipher_name(pvar->crypt_state.sender_cipher));
251     notify_fatal_error(pvar, tmp, TRUE);
252     return FALSE;
253     }
254    
255     BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
256     {
257     unsigned char *newbuf = NULL;
258     unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
259     unsigned char lastiv[1];
260     char tmp[80];
261     EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_IN];
262    
263     if (bytes == 0)
264     return TRUE;
265    
266     if (bytes % block_size) {
267     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
268     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
269     get_cipher_name(pvar->crypt_state.receiver_cipher),
270     bytes, block_size);
271     notify_fatal_error(pvar, tmp, TRUE);
272     return FALSE;
273     }
274    
275     if ((newbuf = malloc(bytes)) == NULL)
276     goto err;
277    
278     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
279     goto err;
280    
281     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
282     goto err;
283    
284     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
285     goto err;
286    
287     if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
288     goto err;
289    
290     memcpy(data+aadlen, newbuf, bytes);
291     free(newbuf);
292    
293     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
294     return FALSE;
295     else
296     return TRUE;
297    
298     err:
299     free(newbuf);
300    
301     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
302     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
303     get_cipher_name(pvar->crypt_state.receiver_cipher));
304     notify_fatal_error(pvar, tmp, TRUE);
305     return FALSE;
306     }
307    
308 doda 6801 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
309 maya 3227 {
310     }
311    
312 doda 6801 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
313 maya 3227 {
314 doda 6716 unsigned char *newbuf;
315 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
316 doda 4212 char tmp[80];
317 maya 3227
318     if (bytes == 0)
319     return;
320    
321     if (bytes % block_size) {
322 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
323     "%s encrypt error(1): bytes %d (%d)");
324     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
325 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
326     bytes, block_size);
327 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
328 maya 3227 return;
329     }
330    
331 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
332 maya 3227 return;
333    
334     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
335 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
336     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
337 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
338 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
339 maya 3227 } else {
340     memcpy(buf, newbuf, bytes);
341     }
342    
343     free(newbuf);
344     }
345    
346 doda 6801 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
347 maya 3227 {
348 doda 6716 unsigned char *newbuf;
349 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
350 doda 4212 char tmp[80];
351 maya 3227
352     if (bytes == 0)
353     return;
354    
355     if (bytes % block_size) {
356 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
357     "%s decrypt error(1): bytes %d (%d)");
358     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
359 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
360     bytes, block_size);
361 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
362 maya 3227 return;
363     }
364    
365 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
366 maya 3227 return;
367    
368     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
369 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
370     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
371 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
372 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
373 maya 3227 } else {
374     memcpy(buf, newbuf, bytes);
375     }
376    
377     free(newbuf);
378     }
379    
380 doda 6801 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
381 maya 3227 {
382 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
383 maya 3227
384     DES_ncbc_encrypt(buf, buf, bytes,
385     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
386     DES_ncbc_encrypt(buf, buf, bytes,
387     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
388     DES_ncbc_encrypt(buf, buf, bytes,
389     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
390     }
391    
392 doda 6801 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
393 maya 3227 {
394 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
395 maya 3227
396     DES_ncbc_encrypt(buf, buf, bytes,
397     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
398     DES_ncbc_encrypt(buf, buf, bytes,
399     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
400     DES_ncbc_encrypt(buf, buf, bytes,
401     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
402     }
403    
404 doda 6801 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
405 maya 3227 {
406 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
407 maya 3227
408     DES_ncbc_encrypt(buf, buf, bytes,
409     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
410     }
411    
412 doda 6801 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
413 maya 3227 {
414 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
415 maya 3227
416     DES_ncbc_encrypt(buf, buf, bytes,
417     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
418     }
419    
420 doda 6801 static void flip_endianness(unsigned char *cbuf, int bytes)
421 maya 3227 {
422 doda 6801 uint32 *buf = (uint32 *) cbuf;
423 maya 3227 int count = bytes / 4;
424    
425     while (count > 0) {
426     uint32 w = *buf;
427    
428     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
429     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
430     count--;
431     buf++;
432     }
433     }
434    
435 doda 6801 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
436 maya 3227 {
437 doda 6801 CipherBlowfishState *encryptstate =
438 maya 3227 &pvar->crypt_state.enc.cBlowfish;
439    
440     flip_endianness(buf, bytes);
441     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
442     BF_ENCRYPT);
443     flip_endianness(buf, bytes);
444     }
445    
446 doda 6801 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
447 maya 3227 {
448 doda 6801 CipherBlowfishState *decryptstate =
449 maya 3227 &pvar->crypt_state.dec.cBlowfish;
450    
451     flip_endianness(buf, bytes);
452     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
453     BF_DECRYPT);
454     flip_endianness(buf, bytes);
455     }
456    
457 doda 6801 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
458 maya 3227 {
459     RAND_bytes(buf, bytes);
460     }
461    
462     void CRYPT_initialize_random_numbers(PTInstVar pvar)
463     {
464 maya 4550 // ����������������������
465     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
466     //RAND_screen();
467 maya 3227 }
468    
469 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
470 maya 3227 {
471     int bits = get_ushort16_MSBfirst(bytes);
472    
473     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
474     }
475    
476     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
477 doda 6801 RSA *make_key(PTInstVar pvar,
478     int bits, unsigned char *exp,
479     unsigned char *mod)
480 maya 3227 {
481 doda 6801 RSA *key = RSA_new();
482 maya 3227
483     if (key != NULL) {
484     key->e = get_bignum(exp);
485     key->n = get_bignum(mod);
486     }
487    
488     if (key == NULL || key->e == NULL || key->n == NULL) {
489     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
490     "Error setting up RSA keys");
491 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492 maya 3227
493     if (key != NULL) {
494     if (key->e != NULL) {
495     BN_free(key->e);
496     }
497     if (key->n != NULL) {
498     BN_free(key->n);
499     }
500     RSA_free(key);
501     }
502    
503     return NULL;
504     } else {
505     return key;
506     }
507     }
508    
509 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
510 maya 3227 {
511     if (SSHv1(pvar)) {
512     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
513     } else {
514     memcpy(pvar->crypt_state.server_cookie, cookie,
515     SSH2_COOKIE_LENGTH);
516     }
517     }
518    
519 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
520 maya 3227 {
521     if (SSHv2(pvar)) {
522     memcpy(pvar->crypt_state.client_cookie, cookie,
523     SSH2_COOKIE_LENGTH);
524     }
525     }
526    
527     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
528 doda 6801 int bits, unsigned char *exp,
529     unsigned char *mod)
530 maya 3227 {
531     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
532    
533     return pvar->crypt_state.server_key.RSA_key != NULL;
534     }
535    
536     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
537 doda 6801 int bits, unsigned char *exp,
538     unsigned char *mod)
539 maya 3227 {
540     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
541    
542     return pvar->crypt_state.host_key.RSA_key != NULL;
543     }
544    
545     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
546     int receiver_ciphers)
547     {
548     int cipher_mask;
549    
550     if (SSHv1(pvar)) {
551     cipher_mask = (1 << SSH_CIPHER_DES)
552     | (1 << SSH_CIPHER_3DES)
553     | (1 << SSH_CIPHER_BLOWFISH);
554    
555     } else { // for SSH2(yutaka)
556     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
557 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
558 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
559     | (1 << SSH2_CIPHER_AES192_CBC)
560     | (1 << SSH2_CIPHER_AES256_CBC)
561     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
562     | (1 << SSH2_CIPHER_AES128_CTR)
563     | (1 << SSH2_CIPHER_AES192_CTR)
564     | (1 << SSH2_CIPHER_AES256_CTR)
565     | (1 << SSH2_CIPHER_ARCFOUR)
566     | (1 << SSH2_CIPHER_ARCFOUR128)
567     | (1 << SSH2_CIPHER_ARCFOUR256)
568 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
569     | (1 << SSH2_CIPHER_3DES_CTR)
570     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
571 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
572     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
573     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
574     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
575     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
576     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
577     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
578 doda 6985 | (1 << SSH2_CIPHER_AES128_GCM)
579     | (1 << SSH2_CIPHER_AES256_GCM)
580 doda 4433 );
581 maya 3227 }
582    
583     sender_ciphers &= cipher_mask;
584     receiver_ciphers &= cipher_mask;
585     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
586     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
587    
588     if (sender_ciphers == 0) {
589     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
590     "The server does not support any of the TTSSH encryption algorithms.\n"
591     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
592     "The connection will be closed.");
593 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
594 maya 3227 return FALSE;
595     } else if (receiver_ciphers == 0) {
596     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
597     "The server does not support any of the TTSSH encryption algorithms.\n"
598     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
599     "The connection will be closed.");
600 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
601 maya 3227 return FALSE;
602     } else {
603     return TRUE;
604     }
605     }
606    
607 doda 6982 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
608 maya 3227 {
609     if (SSHv1(pvar)) {
610     return 8;
611     } else {
612     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
613     // cf. 3DES=8, AES128=16
614     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
615     }
616     }
617    
618 doda 6982 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
619 maya 3227 {
620     if (SSHv1(pvar)) {
621     return 8;
622     } else {
623     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
624     // cf. 3DES=8, AES128=16
625     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
626     }
627     }
628    
629 doda 6982 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
630 maya 3227 {
631     struct Mac *mac;
632    
633     if (SSHv1(pvar)) {
634     return 0;
635    
636     } else { // for SSH2(yutaka)
637     mac = &pvar->ssh2_keys[MODE_IN].mac;
638     if (mac == NULL || mac->enabled == 0)
639     return 0;
640    
641     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
642     }
643    
644     }
645    
646     // HMAC������
647     // ���{������ SSH2 �������g�p�������B
648     // (2004.12.17 yutaka)
649     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
650 doda 6801 char *data, int len, char *MAC)
651 maya 3227 {
652     HMAC_CTX c;
653     unsigned char m[EVP_MAX_MD_SIZE];
654     unsigned char b[4];
655     struct Mac *mac;
656    
657     mac = &pvar->ssh2_keys[MODE_IN].mac;
658    
659     // HMAC�������L���������������A����OK�����������B
660 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
661 maya 3227 return TRUE;
662    
663 yutakapon 6302 if (mac->key == NULL) {
664 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
665 maya 3227 goto error;
666 yutakapon 6302 }
667 maya 3227
668 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
669 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
670 yutakapon 6302 mac->mac_len, sizeof(m), sequence_number, len);
671 maya 3227 goto error;
672 yutakapon 6302 }
673 maya 3227
674     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
675     set_uint32_MSBfirst(b, sequence_number);
676     HMAC_Update(&c, b, sizeof(b));
677     HMAC_Update(&c, data, len);
678     HMAC_Final(&c, m, NULL);
679     HMAC_cleanup(&c);
680    
681     if (memcmp(m, MAC, mac->mac_len)) {
682 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
683     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
684     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
685 maya 3227 goto error;
686     }
687    
688     return TRUE;
689    
690     error:
691     return FALSE;
692     }
693    
694 doda 6982 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
695 maya 3227 {
696     struct Mac *mac;
697    
698     if (SSHv2(pvar)) { // for SSH2(yutaka)
699     mac = &pvar->ssh2_keys[MODE_OUT].mac;
700     if (mac == NULL || mac->enabled == 0)
701     return 0;
702    
703     return (mac->mac_len);
704     }
705    
706     return 0;
707     }
708    
709     // for SSH2
710     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
711 doda 6801 char *data, int len, char *MAC)
712 maya 3227 {
713     HMAC_CTX c;
714     static u_char m[EVP_MAX_MD_SIZE];
715     u_char b[4];
716     struct Mac *mac;
717    
718     if (SSHv2(pvar)) { // for SSH2(yutaka)
719     mac = &pvar->ssh2_keys[MODE_OUT].mac;
720     if (mac == NULL || mac->enabled == 0)
721     return FALSE;
722    
723     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
724     set_uint32_MSBfirst(b, sequence_number);
725     HMAC_Update(&c, b, sizeof(b));
726     HMAC_Update(&c, data, len);
727     HMAC_Final(&c, m, NULL);
728     HMAC_cleanup(&c);
729    
730     // 20�o�C�g�������R�s�[
731     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
732     // memcpy(MAC, m, sizeof(m));
733    
734     return TRUE;
735     }
736    
737     return TRUE;
738    
739     }
740    
741     static int choose_cipher(PTInstVar pvar, int supported)
742     {
743     int i;
744    
745     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
746     int cipher = pvar->session_settings.CipherOrder[i] - '0';
747    
748     if (cipher == SSH_CIPHER_NONE) {
749     break;
750     } else if ((supported & (1 << cipher)) != 0) {
751     return cipher;
752     }
753     }
754    
755     return SSH_CIPHER_NONE;
756     }
757    
758     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
759     {
760     if (SSHv1(pvar)) {
761     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
762     pvar->crypt_state.
763     supported_sender_ciphers);
764     pvar->crypt_state.receiver_cipher =
765     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
766    
767     } else { // SSH2(yutaka)
768     pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
769     pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
770    
771     }
772    
773     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
774     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
775 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
776 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
777     "To communicate with this server, you will have to enable some more ciphers\n"
778     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
779     "This connection will now close.");
780 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
781 maya 3227 return FALSE;
782     } else {
783     return TRUE;
784     }
785     }
786    
787 doda 6982 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
788 maya 3227 {
789     int server_key_bits =
790     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
791     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
792     int server_key_bytes = (server_key_bits + 7) / 8;
793     int host_key_bytes = (host_key_bits + 7) / 8;
794    
795     if (server_key_bits < host_key_bits) {
796     return host_key_bytes;
797     } else {
798     return server_key_bytes;
799     }
800     }
801    
802     int CRYPT_choose_session_key(PTInstVar pvar,
803 doda 6801 unsigned char *encrypted_key_buf)
804 maya 3227 {
805     int server_key_bits =
806     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
807     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
808     int server_key_bytes = (server_key_bits + 7) / 8;
809     int host_key_bytes = (host_key_bits + 7) / 8;
810     int encrypted_key_bytes;
811     int bit_delta;
812    
813     if (server_key_bits < host_key_bits) {
814     encrypted_key_bytes = host_key_bytes;
815     bit_delta = host_key_bits - server_key_bits;
816     } else {
817     encrypted_key_bytes = server_key_bytes;
818     bit_delta = server_key_bits - host_key_bits;
819     }
820    
821     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
822 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
823 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
824 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
825 maya 3227 return 0;
826     } else {
827     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
828     for the session ID, rather than the one specified in the RFC */
829     int session_buf_len = server_key_bytes + host_key_bytes + 8;
830 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
831 maya 3227 char session_id[16];
832     int i;
833    
834     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
835     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
836     session_buf + host_key_bytes);
837     memcpy(session_buf + server_key_bytes + host_key_bytes,
838     pvar->crypt_state.server_cookie, 8);
839     MD5(session_buf, session_buf_len, session_id);
840    
841     free(session_buf);
842    
843     RAND_bytes(pvar->crypt_state.sender_cipher_key,
844     SSH_SESSION_KEY_LENGTH);
845     memcpy(pvar->crypt_state.receiver_cipher_key,
846     pvar->crypt_state.sender_cipher_key,
847     SSH_SESSION_KEY_LENGTH);
848    
849     memcpy(encrypted_key_buf + encrypted_key_bytes -
850     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
851     SSH_SESSION_KEY_LENGTH);
852     for (i = 0; i < sizeof(session_id); i++) {
853     encrypted_key_buf[encrypted_key_bytes -
854     SSH_SESSION_KEY_LENGTH + i]
855     ^= session_id[i];
856     }
857    
858     if (host_key_bits > server_key_bits) {
859     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
860     encrypted_key_buf +
861     encrypted_key_bytes -
862     SSH_SESSION_KEY_LENGTH,
863     encrypted_key_buf +
864     encrypted_key_bytes - server_key_bytes,
865     pvar->crypt_state.server_key.RSA_key,
866     RSA_PKCS1_PADDING) < 0)
867     return 0;
868    
869     if (RSA_public_encrypt(server_key_bytes,
870     encrypted_key_buf +
871     encrypted_key_bytes - server_key_bytes,
872     encrypted_key_buf,
873     pvar->crypt_state.host_key.RSA_key,
874     RSA_PKCS1_PADDING) < 0)
875     return 0;
876     } else {
877     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
878     encrypted_key_buf +
879     encrypted_key_bytes -
880     SSH_SESSION_KEY_LENGTH,
881     encrypted_key_buf +
882     encrypted_key_bytes - host_key_bytes,
883     pvar->crypt_state.host_key.RSA_key,
884     RSA_PKCS1_PADDING) < 0)
885     return 0;
886    
887     if (RSA_public_encrypt(host_key_bytes,
888     encrypted_key_buf +
889     encrypted_key_bytes - host_key_bytes,
890     encrypted_key_buf,
891     pvar->crypt_state.server_key.RSA_key,
892     RSA_PKCS1_PADDING) < 0)
893     return 0;
894     }
895     }
896    
897     return 1;
898     }
899    
900     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
901 doda 6801 unsigned char *challenge,
902 maya 3227 int challenge_len,
903 doda 6801 unsigned char *response)
904 maya 3227 {
905     int server_key_bits =
906     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
907     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
908     int server_key_bytes = (server_key_bits + 7) / 8;
909     int host_key_bytes = (host_key_bits + 7) / 8;
910     int session_buf_len = server_key_bytes + host_key_bytes + 8;
911 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
912 maya 3227 char decrypted_challenge[48];
913     int decrypted_challenge_len;
914    
915     decrypted_challenge_len =
916     RSA_private_decrypt(challenge_len, challenge, challenge,
917 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
918 maya 3227 RSA_PKCS1_PADDING);
919     if (decrypted_challenge_len < 0) {
920     free(session_buf);
921     return 0;
922     }
923     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
924     memcpy(decrypted_challenge,
925     challenge + decrypted_challenge_len -
926     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
927     } else {
928     memset(decrypted_challenge, 0,
929     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
930     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
931     decrypted_challenge_len, challenge,
932     decrypted_challenge_len);
933     }
934    
935     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
936     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
937     session_buf + host_key_bytes);
938     memcpy(session_buf + server_key_bytes + host_key_bytes,
939     pvar->crypt_state.server_cookie, 8);
940     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
941    
942     free(session_buf);
943    
944     MD5(decrypted_challenge, 48, response);
945    
946     return 1;
947     }
948    
949 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
950 maya 3227 {
951 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
952     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
953     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
954 maya 3227 memset(state->ivec1, 0, 8);
955     memset(state->ivec2, 0, 8);
956     memset(state->ivec3, 0, 8);
957     }
958    
959 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
960 maya 3227 {
961 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
962 maya 3227 memset(state->ivec, 0, 8);
963     }
964    
965 doda 6801 static void cBlowfish_init(char *session_key,
966     CipherBlowfishState *state)
967 maya 3227 {
968     BF_set_key(&state->k, 32, session_key);
969     memset(state->ivec, 0, 8);
970     }
971    
972    
973     //
974     // SSH2�p�A���S���Y����������
975     //
976     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
977     const u_char *key, u_int keylen,
978     const u_char *iv, u_int ivlen,
979     int encrypt,
980     const EVP_CIPHER *type,
981     int discard_len,
982 doda 6985 unsigned int authlen,
983 maya 3227 PTInstVar pvar)
984     {
985     int klen;
986     char tmp[80];
987     unsigned char *junk = NULL, *discard = NULL;
988    
989     EVP_CIPHER_CTX_init(evp);
990 doda 6985 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
991     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
992 maya 3227 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
993 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
994 maya 3227 return;
995     }
996    
997 doda 6985 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
998     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
999     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1000     notify_fatal_error(pvar, tmp, TRUE);
1001     return;
1002     }
1003     if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1004     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1005     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1006     notify_fatal_error(pvar, tmp, TRUE);
1007     return;
1008     }
1009     if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1010     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1011     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1012     notify_fatal_error(pvar, tmp, TRUE);
1013     return;
1014     }
1015    
1016 maya 3227 klen = EVP_CIPHER_CTX_key_length(evp);
1017     if (klen > 0 && keylen != klen) {
1018     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1019 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1020     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1021 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1022 maya 3227 return;
1023     }
1024     }
1025     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1026 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1027     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1028 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1029 maya 3227 return;
1030     }
1031    
1032     if (discard_len > 0) {
1033     junk = malloc(discard_len);
1034     discard = malloc(discard_len);
1035     if (junk == NULL || discard == NULL ||
1036     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1037 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1038     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1039 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1040 maya 3227 }
1041     else {
1042 yutakapon 6229 SecureZeroMemory(discard, discard_len);
1043 maya 3227 }
1044     free(junk);
1045     free(discard);
1046     }
1047     }
1048    
1049 yutakapon 5545 //
1050     // SSH2�p�A���S���Y�����j��
1051     //
1052     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1053     {
1054     EVP_CIPHER_CTX_cleanup(evp);
1055     }
1056 maya 3227
1057 yutakapon 5545
1058 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1059     {
1060 doda 6716 struct Enc *enc;
1061 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1062     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1063 doda 6716 int cipher;
1064 maya 3227 BOOL isOK = TRUE;
1065    
1066     if (sender_flag) {
1067 doda 6716 cipher = pvar->crypt_state.sender_cipher;
1068     switch (cipher) {
1069     case SSH_CIPHER_3DES:
1070     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1071     pvar->crypt_state.encrypt = c3DES_encrypt;
1072     break;
1073 maya 3227
1074 doda 6716 case SSH_CIPHER_DES:
1075     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1076     pvar->crypt_state.encrypt = cDES_encrypt;
1077     break;
1078 maya 3227
1079 doda 6716 case SSH_CIPHER_BLOWFISH:
1080     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1081     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1082     break;
1083 maya 3227
1084 doda 6716 case SSH_CIPHER_NONE:
1085     case SSH_CIPHER_IDEA:
1086     case SSH_CIPHER_TSS:
1087     case SSH_CIPHER_RC4:
1088     isOK = FALSE;
1089     break;
1090 maya 3227
1091 doda 6716 default: // SSH2
1092     if (cipher <= SSH_CIPHER_MAX) {
1093 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1094     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1095 doda 6716 enc->key, get_cipher_key_len(cipher),
1096 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1097 maya 3227 CIPHER_ENCRYPT,
1098 doda 6716 get_cipher_EVP_CIPHER(cipher),
1099     get_cipher_discard_len(cipher),
1100 doda 6985 get_cipher_auth_len(cipher),
1101 maya 3227 pvar);
1102    
1103 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1104 maya 3227 }
1105 doda 6716 else {
1106     isOK = FALSE;
1107 maya 3227 }
1108 doda 6716 break;
1109 maya 3227 }
1110     }
1111    
1112     if (receiver_flag) {
1113 doda 6716 cipher = pvar->crypt_state.receiver_cipher;
1114     switch (cipher) {
1115     case SSH_CIPHER_3DES:
1116     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1117     pvar->crypt_state.decrypt = c3DES_decrypt;
1118     break;
1119 maya 3227
1120 doda 6716 case SSH_CIPHER_DES:
1121     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1122     pvar->crypt_state.decrypt = cDES_decrypt;
1123     break;
1124 maya 3227
1125 doda 6716 case SSH_CIPHER_BLOWFISH:
1126     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1127     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1128     break;
1129 maya 3227
1130 doda 6716 case SSH_CIPHER_NONE:
1131     case SSH_CIPHER_IDEA:
1132     case SSH_CIPHER_TSS:
1133     case SSH_CIPHER_RC4:
1134     isOK = FALSE;
1135     break;
1136 maya 3227
1137 doda 6716 default: // SSH2
1138     if (cipher <= SSH_CIPHER_MAX) {
1139 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1140     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1141 doda 6716 enc->key, get_cipher_key_len(cipher),
1142 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1143 maya 3227 CIPHER_DECRYPT,
1144 doda 6716 get_cipher_EVP_CIPHER(cipher),
1145     get_cipher_discard_len(cipher),
1146 doda 6985 get_cipher_auth_len(cipher),
1147 maya 3227 pvar);
1148    
1149 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1150 maya 3227 }
1151 doda 6716 else {
1152     isOK = FALSE;
1153 maya 3227 }
1154 doda 6716 break;
1155 maya 3227 }
1156     }
1157    
1158     if (!isOK) {
1159 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1160 maya 3227 "No cipher selected!");
1161 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1162 maya 3227 return FALSE;
1163     } else {
1164     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1165     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1166     return TRUE;
1167     }
1168     }
1169    
1170     void CRYPT_init(PTInstVar pvar)
1171     {
1172     pvar->crypt_state.encrypt = no_encrypt;
1173     pvar->crypt_state.decrypt = no_encrypt;
1174     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1175     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1176     pvar->crypt_state.server_key.RSA_key = NULL;
1177     pvar->crypt_state.host_key.RSA_key = NULL;
1178    
1179     pvar->crypt_state.detect_attack_statics.h = NULL;
1180     pvar->crypt_state.detect_attack_statics.n =
1181     HASH_MINSIZE / HASH_ENTRYSIZE;
1182     }
1183    
1184 doda 6801 static char *get_cipher_name(int cipher)
1185 maya 3227 {
1186     switch (cipher) {
1187     case SSH_CIPHER_NONE:
1188     return "None";
1189     case SSH_CIPHER_3DES:
1190     return "3DES (168 key bits)";
1191     case SSH_CIPHER_DES:
1192     return "DES (56 key bits)";
1193     case SSH_CIPHER_BLOWFISH:
1194     return "Blowfish (256 key bits)";
1195    
1196     // SSH2
1197     case SSH2_CIPHER_3DES_CBC:
1198 doda 6988 return "3des-cbc";
1199 maya 3227 case SSH2_CIPHER_AES128_CBC:
1200 doda 6988 return "aes128-cbc";
1201 maya 3227 case SSH2_CIPHER_AES192_CBC:
1202 doda 6988 return "aes192-cbc";
1203 maya 3227 case SSH2_CIPHER_AES256_CBC:
1204 doda 6988 return "aes256-cbc";
1205 maya 3227 case SSH2_CIPHER_BLOWFISH_CBC:
1206 doda 6988 return "blowfish-cbc";
1207 maya 3227 case SSH2_CIPHER_AES128_CTR:
1208 doda 6988 return "aes128-ctr";
1209 maya 3227 case SSH2_CIPHER_AES192_CTR:
1210 doda 6988 return "aes192-ctr";
1211 maya 3227 case SSH2_CIPHER_AES256_CTR:
1212 doda 6988 return "aes256-ctr";
1213 maya 3227 case SSH2_CIPHER_ARCFOUR:
1214 doda 6988 return "arcfour";
1215 maya 3227 case SSH2_CIPHER_ARCFOUR128:
1216 doda 6988 return "arcfour128";
1217 maya 3227 case SSH2_CIPHER_ARCFOUR256:
1218 doda 6988 return "arcfour256";
1219 maya 3227 case SSH2_CIPHER_CAST128_CBC:
1220 doda 6988 return "cast-128-cbc";
1221 doda 3850 case SSH2_CIPHER_3DES_CTR:
1222 doda 6988 return "3des-ctr";
1223 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1224 doda 6988 return "blowfish-ctr";
1225 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1226 doda 6988 return "cast-128-ctr";
1227 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1228 doda 6988 return "camellia128-cbc";
1229 doda 4433 case SSH2_CIPHER_CAMELLIA192_CBC:
1230 doda 6988 return "camellia192-cbc";
1231 doda 4433 case SSH2_CIPHER_CAMELLIA256_CBC:
1232 doda 6988 return "camellia256-cbc";
1233 doda 4433 case SSH2_CIPHER_CAMELLIA128_CTR:
1234 doda 6988 return "camellia128-ctr";
1235 doda 4433 case SSH2_CIPHER_CAMELLIA192_CTR:
1236 doda 6988 return "camellia192-ctr";
1237 doda 4433 case SSH2_CIPHER_CAMELLIA256_CTR:
1238 doda 6988 return "camellia256-ctr";
1239 doda 6985 case SSH2_CIPHER_AES128_GCM:
1240 doda 6988 return "aes128-gcm@openssh.com";
1241 doda 6985 case SSH2_CIPHER_AES256_GCM:
1242 doda 6988 return "aes256-gcm@openssh.com";
1243 maya 3227
1244     default:
1245     return "Unknown";
1246     }
1247     }
1248    
1249 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1250 maya 3227 {
1251     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1252     "%s to server, %s from server");
1253     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1254     get_cipher_name(pvar->crypt_state.sender_cipher),
1255     get_cipher_name(pvar->crypt_state.receiver_cipher));
1256     }
1257    
1258 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1259 maya 3227 {
1260     if (SSHv1(pvar)) {
1261     if (pvar->crypt_state.server_key.RSA_key == NULL
1262     || pvar->crypt_state.host_key.RSA_key == NULL) {
1263     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1264     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1265     } else {
1266     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1267     "%d-bit server key, %d-bit host key");
1268     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1269     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1270     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1271     }
1272     } else { // SSH2
1273 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1274     "%d-bit client key, %d-bit server key");
1275 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1276 maya 4313 pvar->client_key_bits,
1277     pvar->server_key_bits);
1278 maya 3227 }
1279     }
1280    
1281 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1282 maya 3227 {
1283     if (key->RSA_key != NULL) {
1284     RSA_free(key->RSA_key);
1285     key->RSA_key = NULL;
1286     }
1287     }
1288    
1289 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1290 maya 3227 {
1291     destroy_public_key(key);
1292     free(key);
1293     }
1294    
1295     void CRYPT_end(PTInstVar pvar)
1296     {
1297     destroy_public_key(&pvar->crypt_state.host_key);
1298     destroy_public_key(&pvar->crypt_state.server_key);
1299    
1300     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1301 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1302 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1303     free(pvar->crypt_state.detect_attack_statics.h);
1304     }
1305    
1306 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1307 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1308 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1309 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1310 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1311 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1312 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1313 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1314 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1315     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1316 maya 3227 }
1317    
1318 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1319     char *buf, int bytes)
1320 maya 3227 {
1321     unsigned char passphrase_key[16];
1322    
1323     MD5(passphrase, strlen(passphrase), passphrase_key);
1324    
1325     switch (cipher) {
1326     case SSH_CIPHER_3DES:{
1327     Cipher3DESState state;
1328    
1329 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1330 maya 3227 &state.k1);
1331 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1332 maya 3227 &state.k2);
1333 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1334 maya 3227 &state.k3);
1335     memset(state.ivec1, 0, 8);
1336     memset(state.ivec2, 0, 8);
1337     memset(state.ivec3, 0, 8);
1338     DES_ncbc_encrypt(buf, buf, bytes,
1339     &state.k3, &state.ivec3, DES_DECRYPT);
1340     DES_ncbc_encrypt(buf, buf, bytes,
1341     &state.k2, &state.ivec2, DES_ENCRYPT);
1342     DES_ncbc_encrypt(buf, buf, bytes,
1343     &state.k1, &state.ivec1, DES_DECRYPT);
1344     break;
1345     }
1346    
1347     case SSH_CIPHER_DES:{
1348     CipherDESState state;
1349    
1350     cDES_init(passphrase_key, &state);
1351     DES_ncbc_encrypt(buf, buf, bytes,
1352     &state.k, &state.ivec, DES_DECRYPT);
1353     break;
1354     }
1355    
1356     case SSH_CIPHER_BLOWFISH:{
1357     CipherBlowfishState state;
1358    
1359     BF_set_key(&state.k, 16, passphrase_key);
1360     memset(state.ivec, 0, 8);
1361     flip_endianness(buf, bytes);
1362     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1363     BF_DECRYPT);
1364     flip_endianness(buf, bytes);
1365     break;
1366     }
1367    
1368     case SSH_CIPHER_NONE:
1369     break;
1370    
1371     default:
1372 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1373 maya 3227 return 0;
1374     }
1375    
1376 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1377 maya 3227 return 1;
1378     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help