Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 7002 - (hide annotations) (download) (as text)
Mon Dec 18 10:41:06 2017 UTC (6 years, 3 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41873 byte(s) 
暗号方式の管理を、暗号方式を表す値(SSHCipher)から ssh2_ciphers 内のエントリへのポインタを使うように変更。

これにより、暗号方式のパラメータ(ブロックサイズ等)が容易に参照できるようになる。
SSHCipher の値が欲しい時は cipher->id を使う。
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3     * (C) 2004-2017 TeraTerm Project
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75    
76 doda 6801 static char *get_cipher_name(int cipher);
77 maya 3227
78 doda 6801 static void crc_update(uint32 *a, uint32 b)
79 maya 3227 {
80     b ^= *a;
81 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
82 maya 3227 }
83    
84     /* check_crc
85     detects if a block is used in a particular pattern
86     */
87    
88 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
89     uint32 len, unsigned char *IV)
90 maya 3227 {
91     uint32 crc;
92 doda 6801 unsigned char *c;
93 maya 3227
94     crc = 0;
95     if (IV && !CMP(S, IV)) {
96     crc_update(&crc, 1);
97     crc_update(&crc, 0);
98     }
99     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100     if (!CMP(S, c)) {
101     crc_update(&crc, 1);
102     crc_update(&crc, 0);
103     } else {
104     crc_update(&crc, 0);
105     crc_update(&crc, 0);
106     }
107     }
108    
109     return crc == 0;
110     }
111    
112    
113     /*
114     detect_attack
115     Detects a crc32 compensation attack on a packet
116     */
117 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
118     unsigned char *buf, uint32 len,
119     unsigned char *IV)
120 maya 3227 {
121 doda 6801 uint32 *h = statics->h;
122 maya 3227 uint32 n = statics->n;
123     uint32 i, j;
124     uint32 l;
125 doda 6801 unsigned char *c;
126     unsigned char *d;
127 maya 3227
128     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129     }
130    
131     if (h == NULL) {
132     n = l;
133 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 maya 3227 } else {
135     if (l > n) {
136     n = l;
137 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 maya 3227 }
139     }
140    
141     statics->h = h;
142     statics->n = n;
143    
144     if (len <= HASH_MINBLOCKS) {
145     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146     if (IV && (!CMP(c, IV))) {
147     if ((check_crc(c, buf, len, IV)))
148     return DEATTACK_DETECTED;
149     else
150     break;
151     }
152     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153     if (!CMP(c, d)) {
154     if ((check_crc(c, buf, len, IV)))
155     return DEATTACK_DETECTED;
156     else
157     break;
158     }
159     }
160     }
161     return (DEATTACK_OK);
162     }
163     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164    
165     if (IV) {
166     h[HASH(IV) & (n - 1)] = HASH_IV;
167     }
168    
169     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171     i = (i + 1) & (n - 1)) {
172     if (h[i] == HASH_IV) {
173     if (!CMP(c, IV)) {
174     if (check_crc(c, buf, len, IV))
175     return DEATTACK_DETECTED;
176     else
177     break;
178     }
179     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180     if (check_crc(c, buf, len, IV))
181     return DEATTACK_DETECTED;
182     else
183     break;
184     }
185     }
186     h[i] = j;
187     }
188    
189     return DEATTACK_OK;
190     }
191    
192 doda 6980 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 maya 3227 {
194 doda 6980 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195     return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 maya 3227 } else {
197     return FALSE;
198     }
199     }
200    
201 doda 6985 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202     {
203     unsigned char *newbuf = NULL;
204     unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205     unsigned char lastiv[1];
206     char tmp[80];
207     EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_OUT];
208    
209     if (bytes == 0)
210     return TRUE;
211    
212     if (bytes % block_size) {
213     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
214     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
215     get_cipher_name(pvar->crypt_state.sender_cipher),
216     bytes, block_size);
217     notify_fatal_error(pvar, tmp, TRUE);
218     return FALSE;
219     }
220    
221     if ((newbuf = malloc(bytes)) == NULL)
222     goto err;
223    
224     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
225     goto err;
226    
227     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
228     goto err;
229    
230     if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
231     goto err;
232    
233     memcpy(data+aadlen, newbuf, bytes);
234    
235     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
236     goto err;
237    
238     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
239     goto err;
240    
241     free(newbuf);
242    
243     return TRUE;
244    
245     err:
246     free(newbuf);
247    
248     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
249     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
250     get_cipher_name(pvar->crypt_state.sender_cipher));
251     notify_fatal_error(pvar, tmp, TRUE);
252     return FALSE;
253     }
254    
255     BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
256     {
257     unsigned char *newbuf = NULL;
258     unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
259     unsigned char lastiv[1];
260     char tmp[80];
261     EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_IN];
262    
263     if (bytes == 0)
264     return TRUE;
265    
266     if (bytes % block_size) {
267     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
268     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
269     get_cipher_name(pvar->crypt_state.receiver_cipher),
270     bytes, block_size);
271     notify_fatal_error(pvar, tmp, TRUE);
272     return FALSE;
273     }
274    
275     if ((newbuf = malloc(bytes)) == NULL)
276     goto err;
277    
278     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
279     goto err;
280    
281     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
282     goto err;
283    
284     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
285     goto err;
286    
287     if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
288     goto err;
289    
290     memcpy(data+aadlen, newbuf, bytes);
291     free(newbuf);
292    
293     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
294     return FALSE;
295     else
296     return TRUE;
297    
298     err:
299     free(newbuf);
300    
301     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
302     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
303     get_cipher_name(pvar->crypt_state.receiver_cipher));
304     notify_fatal_error(pvar, tmp, TRUE);
305     return FALSE;
306     }
307    
308 doda 6801 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
309 maya 3227 {
310     }
311    
312 doda 6801 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
313 maya 3227 {
314 doda 6716 unsigned char *newbuf;
315 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
316 doda 4212 char tmp[80];
317 maya 3227
318     if (bytes == 0)
319     return;
320    
321     if (bytes % block_size) {
322 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
323     "%s encrypt error(1): bytes %d (%d)");
324     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
325 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
326     bytes, block_size);
327 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
328 maya 3227 return;
329     }
330    
331 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
332 maya 3227 return;
333    
334     if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
335 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
336     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
337 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
338 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
339 maya 3227 } else {
340     memcpy(buf, newbuf, bytes);
341     }
342    
343     free(newbuf);
344     }
345    
346 doda 6801 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
347 maya 3227 {
348 doda 6716 unsigned char *newbuf;
349 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
350 doda 4212 char tmp[80];
351 maya 3227
352     if (bytes == 0)
353     return;
354    
355     if (bytes % block_size) {
356 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
357     "%s decrypt error(1): bytes %d (%d)");
358     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
359 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
360     bytes, block_size);
361 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
362 maya 3227 return;
363     }
364    
365 doda 6716 if ((newbuf = malloc(bytes)) == NULL)
366 maya 3227 return;
367    
368     if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
369 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
370     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
371 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
372 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
373 maya 3227 } else {
374     memcpy(buf, newbuf, bytes);
375     }
376    
377     free(newbuf);
378     }
379    
380 doda 6801 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
381 maya 3227 {
382 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
383 maya 3227
384     DES_ncbc_encrypt(buf, buf, bytes,
385     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
386     DES_ncbc_encrypt(buf, buf, bytes,
387     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
388     DES_ncbc_encrypt(buf, buf, bytes,
389     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
390     }
391    
392 doda 6801 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
393 maya 3227 {
394 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
395 maya 3227
396     DES_ncbc_encrypt(buf, buf, bytes,
397     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
398     DES_ncbc_encrypt(buf, buf, bytes,
399     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
400     DES_ncbc_encrypt(buf, buf, bytes,
401     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
402     }
403    
404 doda 6801 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
405 maya 3227 {
406 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
407 maya 3227
408     DES_ncbc_encrypt(buf, buf, bytes,
409     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
410     }
411    
412 doda 6801 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
413 maya 3227 {
414 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
415 maya 3227
416     DES_ncbc_encrypt(buf, buf, bytes,
417     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
418     }
419    
420 doda 6801 static void flip_endianness(unsigned char *cbuf, int bytes)
421 maya 3227 {
422 doda 6801 uint32 *buf = (uint32 *) cbuf;
423 maya 3227 int count = bytes / 4;
424    
425     while (count > 0) {
426     uint32 w = *buf;
427    
428     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
429     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
430     count--;
431     buf++;
432     }
433     }
434    
435 doda 6801 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
436 maya 3227 {
437 doda 6801 CipherBlowfishState *encryptstate =
438 maya 3227 &pvar->crypt_state.enc.cBlowfish;
439    
440     flip_endianness(buf, bytes);
441     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
442     BF_ENCRYPT);
443     flip_endianness(buf, bytes);
444     }
445    
446 doda 6801 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
447 maya 3227 {
448 doda 6801 CipherBlowfishState *decryptstate =
449 maya 3227 &pvar->crypt_state.dec.cBlowfish;
450    
451     flip_endianness(buf, bytes);
452     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
453     BF_DECRYPT);
454     flip_endianness(buf, bytes);
455     }
456    
457 doda 6801 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
458 maya 3227 {
459     RAND_bytes(buf, bytes);
460     }
461    
462     void CRYPT_initialize_random_numbers(PTInstVar pvar)
463     {
464 maya 4550 // ����������������������
465     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
466     //RAND_screen();
467 maya 3227 }
468    
469 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
470 maya 3227 {
471     int bits = get_ushort16_MSBfirst(bytes);
472    
473     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
474     }
475    
476     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
477 doda 6801 RSA *make_key(PTInstVar pvar,
478     int bits, unsigned char *exp,
479     unsigned char *mod)
480 maya 3227 {
481 doda 6801 RSA *key = RSA_new();
482 maya 3227
483     if (key != NULL) {
484     key->e = get_bignum(exp);
485     key->n = get_bignum(mod);
486     }
487    
488     if (key == NULL || key->e == NULL || key->n == NULL) {
489     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
490     "Error setting up RSA keys");
491 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492 maya 3227
493     if (key != NULL) {
494     if (key->e != NULL) {
495     BN_free(key->e);
496     }
497     if (key->n != NULL) {
498     BN_free(key->n);
499     }
500     RSA_free(key);
501     }
502    
503     return NULL;
504     } else {
505     return key;
506     }
507     }
508    
509 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
510 maya 3227 {
511     if (SSHv1(pvar)) {
512     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
513     } else {
514     memcpy(pvar->crypt_state.server_cookie, cookie,
515     SSH2_COOKIE_LENGTH);
516     }
517     }
518    
519 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
520 maya 3227 {
521     if (SSHv2(pvar)) {
522     memcpy(pvar->crypt_state.client_cookie, cookie,
523     SSH2_COOKIE_LENGTH);
524     }
525     }
526    
527     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
528 doda 6801 int bits, unsigned char *exp,
529     unsigned char *mod)
530 maya 3227 {
531     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
532    
533     return pvar->crypt_state.server_key.RSA_key != NULL;
534     }
535    
536     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
537 doda 6801 int bits, unsigned char *exp,
538     unsigned char *mod)
539 maya 3227 {
540     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
541    
542     return pvar->crypt_state.host_key.RSA_key != NULL;
543     }
544    
545     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
546     int receiver_ciphers)
547     {
548     int cipher_mask;
549    
550     if (SSHv1(pvar)) {
551     cipher_mask = (1 << SSH_CIPHER_DES)
552     | (1 << SSH_CIPHER_3DES)
553     | (1 << SSH_CIPHER_BLOWFISH);
554    
555     } else { // for SSH2(yutaka)
556     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
557 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
558 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
559     | (1 << SSH2_CIPHER_AES192_CBC)
560     | (1 << SSH2_CIPHER_AES256_CBC)
561     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
562     | (1 << SSH2_CIPHER_AES128_CTR)
563     | (1 << SSH2_CIPHER_AES192_CTR)
564     | (1 << SSH2_CIPHER_AES256_CTR)
565     | (1 << SSH2_CIPHER_ARCFOUR)
566     | (1 << SSH2_CIPHER_ARCFOUR128)
567     | (1 << SSH2_CIPHER_ARCFOUR256)
568 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
569     | (1 << SSH2_CIPHER_3DES_CTR)
570     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
571 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
572     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
573     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
574     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
575     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
576     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
577     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
578 doda 6985 | (1 << SSH2_CIPHER_AES128_GCM)
579     | (1 << SSH2_CIPHER_AES256_GCM)
580 doda 4433 );
581 maya 3227 }
582    
583     sender_ciphers &= cipher_mask;
584     receiver_ciphers &= cipher_mask;
585     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
586     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
587    
588     if (sender_ciphers == 0) {
589     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
590     "The server does not support any of the TTSSH encryption algorithms.\n"
591     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
592     "The connection will be closed.");
593 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
594 maya 3227 return FALSE;
595     } else if (receiver_ciphers == 0) {
596     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
597     "The server does not support any of the TTSSH encryption algorithms.\n"
598     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
599     "The connection will be closed.");
600 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
601 maya 3227 return FALSE;
602     } else {
603     return TRUE;
604     }
605     }
606    
607 doda 6982 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
608 maya 3227 {
609     if (SSHv1(pvar)) {
610     return 8;
611     } else {
612     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
613     // cf. 3DES=8, AES128=16
614     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
615     }
616     }
617    
618 doda 6982 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
619 maya 3227 {
620     if (SSHv1(pvar)) {
621     return 8;
622     } else {
623     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
624     // cf. 3DES=8, AES128=16
625     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
626     }
627     }
628    
629 doda 6982 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
630 maya 3227 {
631     struct Mac *mac;
632    
633     if (SSHv1(pvar)) {
634     return 0;
635    
636     } else { // for SSH2(yutaka)
637     mac = &pvar->ssh2_keys[MODE_IN].mac;
638     if (mac == NULL || mac->enabled == 0)
639     return 0;
640    
641     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
642     }
643    
644     }
645    
646     // HMAC������
647     // ���{������ SSH2 �������g�p�������B
648     // (2004.12.17 yutaka)
649     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
650 doda 6801 char *data, int len, char *MAC)
651 maya 3227 {
652     HMAC_CTX c;
653     unsigned char m[EVP_MAX_MD_SIZE];
654     unsigned char b[4];
655     struct Mac *mac;
656    
657     mac = &pvar->ssh2_keys[MODE_IN].mac;
658    
659     // HMAC�������L���������������A����OK�����������B
660 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
661 maya 3227 return TRUE;
662    
663 yutakapon 6302 if (mac->key == NULL) {
664 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
665 maya 3227 goto error;
666 yutakapon 6302 }
667 maya 3227
668 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
669 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
670 yutakapon 6302 mac->mac_len, sizeof(m), sequence_number, len);
671 maya 3227 goto error;
672 yutakapon 6302 }
673 maya 3227
674     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
675     set_uint32_MSBfirst(b, sequence_number);
676     HMAC_Update(&c, b, sizeof(b));
677     HMAC_Update(&c, data, len);
678     HMAC_Final(&c, m, NULL);
679     HMAC_cleanup(&c);
680    
681     if (memcmp(m, MAC, mac->mac_len)) {
682 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
683     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
684     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
685 maya 3227 goto error;
686     }
687    
688     return TRUE;
689    
690     error:
691     return FALSE;
692     }
693    
694 doda 6982 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
695 maya 3227 {
696     struct Mac *mac;
697    
698     if (SSHv2(pvar)) { // for SSH2(yutaka)
699     mac = &pvar->ssh2_keys[MODE_OUT].mac;
700     if (mac == NULL || mac->enabled == 0)
701     return 0;
702    
703     return (mac->mac_len);
704     }
705    
706     return 0;
707     }
708    
709     // for SSH2
710     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
711 doda 6801 char *data, int len, char *MAC)
712 maya 3227 {
713     HMAC_CTX c;
714     static u_char m[EVP_MAX_MD_SIZE];
715     u_char b[4];
716     struct Mac *mac;
717    
718     if (SSHv2(pvar)) { // for SSH2(yutaka)
719     mac = &pvar->ssh2_keys[MODE_OUT].mac;
720     if (mac == NULL || mac->enabled == 0)
721     return FALSE;
722    
723     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
724     set_uint32_MSBfirst(b, sequence_number);
725     HMAC_Update(&c, b, sizeof(b));
726     HMAC_Update(&c, data, len);
727     HMAC_Final(&c, m, NULL);
728     HMAC_cleanup(&c);
729    
730     // 20�o�C�g�������R�s�[
731     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
732     // memcpy(MAC, m, sizeof(m));
733    
734     return TRUE;
735     }
736    
737     return TRUE;
738    
739     }
740    
741     static int choose_cipher(PTInstVar pvar, int supported)
742     {
743     int i;
744    
745     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
746     int cipher = pvar->session_settings.CipherOrder[i] - '0';
747    
748     if (cipher == SSH_CIPHER_NONE) {
749     break;
750     } else if ((supported & (1 << cipher)) != 0) {
751     return cipher;
752     }
753     }
754    
755     return SSH_CIPHER_NONE;
756     }
757    
758     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
759     {
760     if (SSHv1(pvar)) {
761     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
762     pvar->crypt_state.
763     supported_sender_ciphers);
764     pvar->crypt_state.receiver_cipher =
765     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
766    
767     } else { // SSH2(yutaka)
768 doda 7002 if (pvar->ciphers[MODE_OUT] == NULL) {
769     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
770     }
771     else {
772     pvar->crypt_state.sender_cipher = pvar->ciphers[MODE_OUT]->id;
773     }
774     if (pvar->ciphers[MODE_IN] == NULL) {
775     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
776     }
777     else {
778     pvar->crypt_state.receiver_cipher = pvar->ciphers[MODE_IN]->id;
779     }
780 maya 3227 }
781    
782     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
783     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
784 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
785 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
786     "To communicate with this server, you will have to enable some more ciphers\n"
787     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
788     "This connection will now close.");
789 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
790 maya 3227 return FALSE;
791     } else {
792     return TRUE;
793     }
794     }
795    
796 doda 6982 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
797 maya 3227 {
798     int server_key_bits =
799     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
800     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
801     int server_key_bytes = (server_key_bits + 7) / 8;
802     int host_key_bytes = (host_key_bits + 7) / 8;
803    
804     if (server_key_bits < host_key_bits) {
805     return host_key_bytes;
806     } else {
807     return server_key_bytes;
808     }
809     }
810    
811     int CRYPT_choose_session_key(PTInstVar pvar,
812 doda 6801 unsigned char *encrypted_key_buf)
813 maya 3227 {
814     int server_key_bits =
815     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
816     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
817     int server_key_bytes = (server_key_bits + 7) / 8;
818     int host_key_bytes = (host_key_bits + 7) / 8;
819     int encrypted_key_bytes;
820     int bit_delta;
821    
822     if (server_key_bits < host_key_bits) {
823     encrypted_key_bytes = host_key_bytes;
824     bit_delta = host_key_bits - server_key_bits;
825     } else {
826     encrypted_key_bytes = server_key_bytes;
827     bit_delta = server_key_bits - host_key_bits;
828     }
829    
830     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
831 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
832 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
833 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
834 maya 3227 return 0;
835     } else {
836     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
837     for the session ID, rather than the one specified in the RFC */
838     int session_buf_len = server_key_bytes + host_key_bytes + 8;
839 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
840 maya 3227 char session_id[16];
841     int i;
842    
843     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
844     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
845     session_buf + host_key_bytes);
846     memcpy(session_buf + server_key_bytes + host_key_bytes,
847     pvar->crypt_state.server_cookie, 8);
848     MD5(session_buf, session_buf_len, session_id);
849    
850     free(session_buf);
851    
852     RAND_bytes(pvar->crypt_state.sender_cipher_key,
853     SSH_SESSION_KEY_LENGTH);
854     memcpy(pvar->crypt_state.receiver_cipher_key,
855     pvar->crypt_state.sender_cipher_key,
856     SSH_SESSION_KEY_LENGTH);
857    
858     memcpy(encrypted_key_buf + encrypted_key_bytes -
859     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
860     SSH_SESSION_KEY_LENGTH);
861     for (i = 0; i < sizeof(session_id); i++) {
862     encrypted_key_buf[encrypted_key_bytes -
863     SSH_SESSION_KEY_LENGTH + i]
864     ^= session_id[i];
865     }
866    
867     if (host_key_bits > server_key_bits) {
868     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
869     encrypted_key_buf +
870     encrypted_key_bytes -
871     SSH_SESSION_KEY_LENGTH,
872     encrypted_key_buf +
873     encrypted_key_bytes - server_key_bytes,
874     pvar->crypt_state.server_key.RSA_key,
875     RSA_PKCS1_PADDING) < 0)
876     return 0;
877    
878     if (RSA_public_encrypt(server_key_bytes,
879     encrypted_key_buf +
880     encrypted_key_bytes - server_key_bytes,
881     encrypted_key_buf,
882     pvar->crypt_state.host_key.RSA_key,
883     RSA_PKCS1_PADDING) < 0)
884     return 0;
885     } else {
886     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
887     encrypted_key_buf +
888     encrypted_key_bytes -
889     SSH_SESSION_KEY_LENGTH,
890     encrypted_key_buf +
891     encrypted_key_bytes - host_key_bytes,
892     pvar->crypt_state.host_key.RSA_key,
893     RSA_PKCS1_PADDING) < 0)
894     return 0;
895    
896     if (RSA_public_encrypt(host_key_bytes,
897     encrypted_key_buf +
898     encrypted_key_bytes - host_key_bytes,
899     encrypted_key_buf,
900     pvar->crypt_state.server_key.RSA_key,
901     RSA_PKCS1_PADDING) < 0)
902     return 0;
903     }
904     }
905    
906     return 1;
907     }
908    
909     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
910 doda 6801 unsigned char *challenge,
911 maya 3227 int challenge_len,
912 doda 6801 unsigned char *response)
913 maya 3227 {
914     int server_key_bits =
915     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
916     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
917     int server_key_bytes = (server_key_bits + 7) / 8;
918     int host_key_bytes = (host_key_bits + 7) / 8;
919     int session_buf_len = server_key_bytes + host_key_bytes + 8;
920 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
921 maya 3227 char decrypted_challenge[48];
922     int decrypted_challenge_len;
923    
924     decrypted_challenge_len =
925     RSA_private_decrypt(challenge_len, challenge, challenge,
926 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
927 maya 3227 RSA_PKCS1_PADDING);
928     if (decrypted_challenge_len < 0) {
929     free(session_buf);
930     return 0;
931     }
932     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
933     memcpy(decrypted_challenge,
934     challenge + decrypted_challenge_len -
935     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
936     } else {
937     memset(decrypted_challenge, 0,
938     SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
939     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
940     decrypted_challenge_len, challenge,
941     decrypted_challenge_len);
942     }
943    
944     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
945     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
946     session_buf + host_key_bytes);
947     memcpy(session_buf + server_key_bytes + host_key_bytes,
948     pvar->crypt_state.server_cookie, 8);
949     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
950    
951     free(session_buf);
952    
953     MD5(decrypted_challenge, 48, response);
954    
955     return 1;
956     }
957    
958 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
959 maya 3227 {
960 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
961     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
962     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
963 maya 3227 memset(state->ivec1, 0, 8);
964     memset(state->ivec2, 0, 8);
965     memset(state->ivec3, 0, 8);
966     }
967    
968 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
969 maya 3227 {
970 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
971 maya 3227 memset(state->ivec, 0, 8);
972     }
973    
974 doda 6801 static void cBlowfish_init(char *session_key,
975     CipherBlowfishState *state)
976 maya 3227 {
977     BF_set_key(&state->k, 32, session_key);
978     memset(state->ivec, 0, 8);
979     }
980    
981    
982     //
983     // SSH2�p�A���S���Y����������
984     //
985     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
986     const u_char *key, u_int keylen,
987     const u_char *iv, u_int ivlen,
988     int encrypt,
989     const EVP_CIPHER *type,
990     int discard_len,
991 doda 6985 unsigned int authlen,
992 maya 3227 PTInstVar pvar)
993     {
994     int klen;
995     char tmp[80];
996     unsigned char *junk = NULL, *discard = NULL;
997    
998     EVP_CIPHER_CTX_init(evp);
999 doda 6985 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
1000     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1001 maya 3227 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1002 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1003 maya 3227 return;
1004     }
1005    
1006 doda 6985 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
1007     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1008     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1009     notify_fatal_error(pvar, tmp, TRUE);
1010     return;
1011     }
1012     if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1013     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1014     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1015     notify_fatal_error(pvar, tmp, TRUE);
1016     return;
1017     }
1018     if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1019     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1020     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1021     notify_fatal_error(pvar, tmp, TRUE);
1022     return;
1023     }
1024    
1025 maya 3227 klen = EVP_CIPHER_CTX_key_length(evp);
1026     if (klen > 0 && keylen != klen) {
1027     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1028 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1029     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1030 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1031 maya 3227 return;
1032     }
1033     }
1034     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1035 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1036     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1037 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1038 maya 3227 return;
1039     }
1040    
1041     if (discard_len > 0) {
1042     junk = malloc(discard_len);
1043     discard = malloc(discard_len);
1044     if (junk == NULL || discard == NULL ||
1045     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1046 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1047     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1048 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1049 maya 3227 }
1050     else {
1051 yutakapon 6229 SecureZeroMemory(discard, discard_len);
1052 maya 3227 }
1053     free(junk);
1054     free(discard);
1055     }
1056     }
1057    
1058 yutakapon 5545 //
1059     // SSH2�p�A���S���Y�����j��
1060     //
1061     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1062     {
1063     EVP_CIPHER_CTX_cleanup(evp);
1064     }
1065 maya 3227
1066 yutakapon 5545
1067 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1068     {
1069 doda 6716 struct Enc *enc;
1070 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1071     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1072 doda 7002 ssh2_cipher_t *cipher;
1073 maya 3227 BOOL isOK = TRUE;
1074    
1075     if (sender_flag) {
1076 doda 7002 if (SSHv1(pvar)) {
1077     switch (pvar->crypt_state.sender_cipher) {
1078     case SSH_CIPHER_3DES:
1079     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1080     pvar->crypt_state.encrypt = c3DES_encrypt;
1081     break;
1082 maya 3227
1083 doda 7002 case SSH_CIPHER_DES:
1084     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1085     pvar->crypt_state.encrypt = cDES_encrypt;
1086     break;
1087 maya 3227
1088 doda 7002 case SSH_CIPHER_BLOWFISH:
1089     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1090     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1091     break;
1092 maya 3227
1093 doda 7002 case SSH_CIPHER_NONE:
1094     case SSH_CIPHER_IDEA:
1095     case SSH_CIPHER_TSS:
1096     case SSH_CIPHER_RC4:
1097     isOK = FALSE;
1098     break;
1099     }
1100     }
1101     else {
1102     // SSH2
1103     cipher = pvar->ciphers[MODE_OUT];
1104     if (cipher) {
1105 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1106     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1107 doda 6716 enc->key, get_cipher_key_len(cipher),
1108 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1109 maya 3227 CIPHER_ENCRYPT,
1110 doda 6716 get_cipher_EVP_CIPHER(cipher),
1111     get_cipher_discard_len(cipher),
1112 doda 6985 get_cipher_auth_len(cipher),
1113 maya 3227 pvar);
1114    
1115 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1116 maya 3227 }
1117 doda 6716 else {
1118     isOK = FALSE;
1119 maya 3227 }
1120     }
1121     }
1122    
1123     if (receiver_flag) {
1124 doda 7002 if (SSHv1(pvar)) {
1125     switch (pvar->crypt_state.receiver_cipher) {
1126     case SSH_CIPHER_3DES:
1127     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1128     pvar->crypt_state.decrypt = c3DES_decrypt;
1129     break;
1130 maya 3227
1131 doda 7002 case SSH_CIPHER_DES:
1132     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1133     pvar->crypt_state.decrypt = cDES_decrypt;
1134     break;
1135 maya 3227
1136 doda 7002 case SSH_CIPHER_BLOWFISH:
1137     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1138     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1139     break;
1140 maya 3227
1141 doda 7002 case SSH_CIPHER_NONE:
1142     case SSH_CIPHER_IDEA:
1143     case SSH_CIPHER_TSS:
1144     case SSH_CIPHER_RC4:
1145     isOK = FALSE;
1146     break;
1147     }
1148     }
1149     else {
1150     // SSH2
1151     cipher = pvar->ciphers[MODE_IN];
1152     if (cipher) {
1153 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1154     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1155 doda 6716 enc->key, get_cipher_key_len(cipher),
1156 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1157 maya 3227 CIPHER_DECRYPT,
1158 doda 6716 get_cipher_EVP_CIPHER(cipher),
1159     get_cipher_discard_len(cipher),
1160 doda 6985 get_cipher_auth_len(cipher),
1161 maya 3227 pvar);
1162    
1163 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1164 maya 3227 }
1165 doda 6716 else {
1166     isOK = FALSE;
1167 maya 3227 }
1168     }
1169     }
1170    
1171     if (!isOK) {
1172 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1173 maya 3227 "No cipher selected!");
1174 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1175 maya 3227 return FALSE;
1176     } else {
1177     memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1178     memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1179     return TRUE;
1180     }
1181     }
1182    
1183     void CRYPT_init(PTInstVar pvar)
1184     {
1185     pvar->crypt_state.encrypt = no_encrypt;
1186     pvar->crypt_state.decrypt = no_encrypt;
1187     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1188     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1189     pvar->crypt_state.server_key.RSA_key = NULL;
1190     pvar->crypt_state.host_key.RSA_key = NULL;
1191    
1192     pvar->crypt_state.detect_attack_statics.h = NULL;
1193     pvar->crypt_state.detect_attack_statics.n =
1194     HASH_MINSIZE / HASH_ENTRYSIZE;
1195     }
1196    
1197 doda 6801 static char *get_cipher_name(int cipher)
1198 maya 3227 {
1199     switch (cipher) {
1200     case SSH_CIPHER_NONE:
1201     return "None";
1202     case SSH_CIPHER_3DES:
1203     return "3DES (168 key bits)";
1204     case SSH_CIPHER_DES:
1205     return "DES (56 key bits)";
1206     case SSH_CIPHER_BLOWFISH:
1207     return "Blowfish (256 key bits)";
1208    
1209     // SSH2
1210     case SSH2_CIPHER_3DES_CBC:
1211 doda 6988 return "3des-cbc";
1212 maya 3227 case SSH2_CIPHER_AES128_CBC:
1213 doda 6988 return "aes128-cbc";
1214 maya 3227 case SSH2_CIPHER_AES192_CBC:
1215 doda 6988 return "aes192-cbc";
1216 maya 3227 case SSH2_CIPHER_AES256_CBC:
1217 doda 6988 return "aes256-cbc";
1218 maya 3227 case SSH2_CIPHER_BLOWFISH_CBC:
1219 doda 6988 return "blowfish-cbc";
1220 maya 3227 case SSH2_CIPHER_AES128_CTR:
1221 doda 6988 return "aes128-ctr";
1222 maya 3227 case SSH2_CIPHER_AES192_CTR:
1223 doda 6988 return "aes192-ctr";
1224 maya 3227 case SSH2_CIPHER_AES256_CTR:
1225 doda 6988 return "aes256-ctr";
1226 maya 3227 case SSH2_CIPHER_ARCFOUR:
1227 doda 6988 return "arcfour";
1228 maya 3227 case SSH2_CIPHER_ARCFOUR128:
1229 doda 6988 return "arcfour128";
1230 maya 3227 case SSH2_CIPHER_ARCFOUR256:
1231 doda 6988 return "arcfour256";
1232 maya 3227 case SSH2_CIPHER_CAST128_CBC:
1233 doda 6988 return "cast-128-cbc";
1234 doda 3850 case SSH2_CIPHER_3DES_CTR:
1235 doda 6988 return "3des-ctr";
1236 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1237 doda 6988 return "blowfish-ctr";
1238 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1239 doda 6988 return "cast-128-ctr";
1240 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1241 doda 6988 return "camellia128-cbc";
1242 doda 4433 case SSH2_CIPHER_CAMELLIA192_CBC:
1243 doda 6988 return "camellia192-cbc";
1244 doda 4433 case SSH2_CIPHER_CAMELLIA256_CBC:
1245 doda 6988 return "camellia256-cbc";
1246 doda 4433 case SSH2_CIPHER_CAMELLIA128_CTR:
1247 doda 6988 return "camellia128-ctr";
1248 doda 4433 case SSH2_CIPHER_CAMELLIA192_CTR:
1249 doda 6988 return "camellia192-ctr";
1250 doda 4433 case SSH2_CIPHER_CAMELLIA256_CTR:
1251 doda 6988 return "camellia256-ctr";
1252 doda 6985 case SSH2_CIPHER_AES128_GCM:
1253 doda 6988 return "aes128-gcm@openssh.com";
1254 doda 6985 case SSH2_CIPHER_AES256_GCM:
1255 doda 6988 return "aes256-gcm@openssh.com";
1256 maya 3227
1257     default:
1258     return "Unknown";
1259     }
1260     }
1261    
1262 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1263 maya 3227 {
1264     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1265     "%s to server, %s from server");
1266     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1267     get_cipher_name(pvar->crypt_state.sender_cipher),
1268     get_cipher_name(pvar->crypt_state.receiver_cipher));
1269     }
1270    
1271 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1272 maya 3227 {
1273     if (SSHv1(pvar)) {
1274     if (pvar->crypt_state.server_key.RSA_key == NULL
1275     || pvar->crypt_state.host_key.RSA_key == NULL) {
1276     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1277     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1278     } else {
1279     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1280     "%d-bit server key, %d-bit host key");
1281     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1282     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1283     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1284     }
1285     } else { // SSH2
1286 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1287     "%d-bit client key, %d-bit server key");
1288 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1289 maya 4313 pvar->client_key_bits,
1290     pvar->server_key_bits);
1291 maya 3227 }
1292     }
1293    
1294 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1295 maya 3227 {
1296     if (key->RSA_key != NULL) {
1297     RSA_free(key->RSA_key);
1298     key->RSA_key = NULL;
1299     }
1300     }
1301    
1302 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1303 maya 3227 {
1304     destroy_public_key(key);
1305     free(key);
1306     }
1307    
1308     void CRYPT_end(PTInstVar pvar)
1309     {
1310     destroy_public_key(&pvar->crypt_state.host_key);
1311     destroy_public_key(&pvar->crypt_state.server_key);
1312    
1313     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1314 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1315 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1316     free(pvar->crypt_state.detect_attack_statics.h);
1317     }
1318    
1319 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1320 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1321 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1322 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1323 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1324 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1325 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1326 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1327 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1328     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1329 maya 3227 }
1330    
1331 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1332     char *buf, int bytes)
1333 maya 3227 {
1334     unsigned char passphrase_key[16];
1335    
1336     MD5(passphrase, strlen(passphrase), passphrase_key);
1337    
1338     switch (cipher) {
1339     case SSH_CIPHER_3DES:{
1340     Cipher3DESState state;
1341    
1342 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1343 maya 3227 &state.k1);
1344 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1345 maya 3227 &state.k2);
1346 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1347 maya 3227 &state.k3);
1348     memset(state.ivec1, 0, 8);
1349     memset(state.ivec2, 0, 8);
1350     memset(state.ivec3, 0, 8);
1351     DES_ncbc_encrypt(buf, buf, bytes,
1352     &state.k3, &state.ivec3, DES_DECRYPT);
1353     DES_ncbc_encrypt(buf, buf, bytes,
1354     &state.k2, &state.ivec2, DES_ENCRYPT);
1355     DES_ncbc_encrypt(buf, buf, bytes,
1356     &state.k1, &state.ivec1, DES_DECRYPT);
1357     break;
1358     }
1359    
1360     case SSH_CIPHER_DES:{
1361     CipherDESState state;
1362    
1363     cDES_init(passphrase_key, &state);
1364     DES_ncbc_encrypt(buf, buf, bytes,
1365     &state.k, &state.ivec, DES_DECRYPT);
1366     break;
1367     }
1368    
1369     case SSH_CIPHER_BLOWFISH:{
1370     CipherBlowfishState state;
1371    
1372     BF_set_key(&state.k, 16, passphrase_key);
1373     memset(state.ivec, 0, 8);
1374     flip_endianness(buf, bytes);
1375     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1376     BF_DECRYPT);
1377     flip_endianness(buf, bytes);
1378     break;
1379     }
1380    
1381     case SSH_CIPHER_NONE:
1382     break;
1383    
1384     default:
1385 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1386 maya 3227 return 0;
1387     }
1388    
1389 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1390 maya 3227 return 1;
1391     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help