Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 7774 - (hide annotations) (download) (as text)
Sun Jun 16 03:40:20 2019 UTC (4 years, 9 months ago) by maya
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 42440 byte(s) 
int を unsigned int に変更

warning C4018 が出るため
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3     * (C) 2004-2017 TeraTerm Project
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75 doda 7133 static unsigned char *encbuff = NULL;
76     static unsigned int encbufflen = 0;
77 maya 3227
78 doda 6801 static char *get_cipher_name(int cipher);
79 maya 3227
80 doda 6801 static void crc_update(uint32 *a, uint32 b)
81 maya 3227 {
82     b ^= *a;
83 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
84 maya 3227 }
85    
86     /* check_crc
87     detects if a block is used in a particular pattern
88     */
89    
90 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
91     uint32 len, unsigned char *IV)
92 maya 3227 {
93     uint32 crc;
94 doda 6801 unsigned char *c;
95 maya 3227
96     crc = 0;
97     if (IV && !CMP(S, IV)) {
98     crc_update(&crc, 1);
99     crc_update(&crc, 0);
100     }
101     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
102     if (!CMP(S, c)) {
103     crc_update(&crc, 1);
104     crc_update(&crc, 0);
105     } else {
106     crc_update(&crc, 0);
107     crc_update(&crc, 0);
108     }
109     }
110    
111     return crc == 0;
112     }
113    
114    
115     /*
116     detect_attack
117     Detects a crc32 compensation attack on a packet
118     */
119 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
120     unsigned char *buf, uint32 len,
121     unsigned char *IV)
122 maya 3227 {
123 doda 6801 uint32 *h = statics->h;
124 maya 3227 uint32 n = statics->n;
125     uint32 i, j;
126     uint32 l;
127 doda 6801 unsigned char *c;
128     unsigned char *d;
129 maya 3227
130     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
131     }
132    
133     if (h == NULL) {
134     n = l;
135 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
136 maya 3227 } else {
137     if (l > n) {
138     n = l;
139 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
140 maya 3227 }
141     }
142    
143     statics->h = h;
144     statics->n = n;
145    
146     if (len <= HASH_MINBLOCKS) {
147     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
148     if (IV && (!CMP(c, IV))) {
149     if ((check_crc(c, buf, len, IV)))
150     return DEATTACK_DETECTED;
151     else
152     break;
153     }
154     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
155     if (!CMP(c, d)) {
156     if ((check_crc(c, buf, len, IV)))
157     return DEATTACK_DETECTED;
158     else
159     break;
160     }
161     }
162     }
163     return (DEATTACK_OK);
164     }
165     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
166    
167     if (IV) {
168     h[HASH(IV) & (n - 1)] = HASH_IV;
169     }
170    
171     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
172     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
173     i = (i + 1) & (n - 1)) {
174     if (h[i] == HASH_IV) {
175     if (!CMP(c, IV)) {
176     if (check_crc(c, buf, len, IV))
177     return DEATTACK_DETECTED;
178     else
179     break;
180     }
181     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
182     if (check_crc(c, buf, len, IV))
183     return DEATTACK_DETECTED;
184     else
185     break;
186     }
187     }
188     h[i] = j;
189     }
190    
191     return DEATTACK_OK;
192     }
193    
194 doda 6980 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
195 maya 3227 {
196 doda 6980 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
197     return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
198 maya 3227 } else {
199     return FALSE;
200     }
201     }
202    
203 doda 6985 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
204     {
205 doda 7133 unsigned char *newbuff = NULL;
206 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
207     unsigned char lastiv[1];
208     char tmp[80];
209     EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_OUT];
210    
211     if (bytes == 0)
212     return TRUE;
213    
214     if (bytes % block_size) {
215     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
216     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
217     get_cipher_name(pvar->crypt_state.sender_cipher),
218     bytes, block_size);
219     notify_fatal_error(pvar, tmp, TRUE);
220     return FALSE;
221     }
222    
223 doda 7133 if (bytes > encbufflen) {
224     if ((newbuff = realloc(encbuff, bytes)) == NULL)
225     goto err;
226     encbuff = newbuff;
227     encbufflen = bytes;
228     }
229 doda 6985
230     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
231     goto err;
232    
233     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
234     goto err;
235    
236 doda 7133 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
237 doda 6985 goto err;
238    
239 doda 7133 memcpy(data+aadlen, encbuff, bytes);
240 doda 6985
241     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
242     goto err;
243    
244     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
245     goto err;
246    
247     return TRUE;
248    
249     err:
250     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
251     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
252     get_cipher_name(pvar->crypt_state.sender_cipher));
253     notify_fatal_error(pvar, tmp, TRUE);
254     return FALSE;
255     }
256    
257     BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
258     {
259 doda 7133 unsigned char *newbuff = NULL;
260 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
261     unsigned char lastiv[1];
262     char tmp[80];
263     EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_IN];
264    
265     if (bytes == 0)
266     return TRUE;
267    
268     if (bytes % block_size) {
269     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
270     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
271     get_cipher_name(pvar->crypt_state.receiver_cipher),
272     bytes, block_size);
273     notify_fatal_error(pvar, tmp, TRUE);
274     return FALSE;
275     }
276    
277 doda 7133 if (bytes > encbufflen) {
278     if ((newbuff = realloc(encbuff, bytes)) == NULL)
279     goto err;
280     encbuff = newbuff;
281     encbufflen = bytes;
282     }
283 doda 6985
284     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
285     goto err;
286    
287     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
288     goto err;
289    
290     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
291     goto err;
292    
293 doda 7133 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
294 doda 6985 goto err;
295    
296 doda 7133 memcpy(data+aadlen, encbuff, bytes);
297 doda 6985
298     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
299     return FALSE;
300     else
301     return TRUE;
302    
303     err:
304     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
305     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
306     get_cipher_name(pvar->crypt_state.receiver_cipher));
307     notify_fatal_error(pvar, tmp, TRUE);
308     return FALSE;
309     }
310    
311 maya 7774 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
312 maya 3227 {
313     }
314    
315 maya 7774 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
316 maya 3227 {
317 doda 7133 unsigned char *newbuff;
318 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
319 doda 4212 char tmp[80];
320 maya 3227
321     if (bytes == 0)
322     return;
323    
324     if (bytes % block_size) {
325 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
326     "%s encrypt error(1): bytes %d (%d)");
327     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
328 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
329     bytes, block_size);
330 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
331 maya 3227 return;
332     }
333    
334 doda 7133 if (bytes > encbufflen) {
335     if ((newbuff = realloc(encbuff, bytes)) == NULL)
336     return;
337     encbuff = newbuff;
338     encbufflen = bytes;
339     }
340 maya 3227
341 doda 7133 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) {
342 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
343     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
344 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
345 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
346 maya 3227 } else {
347 doda 7133 memcpy(buf, encbuff, bytes);
348 maya 3227 }
349     }
350    
351 maya 7774 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
352 maya 3227 {
353 doda 7133 unsigned char *newbuff;
354 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
355 doda 4212 char tmp[80];
356 maya 3227
357     if (bytes == 0)
358     return;
359    
360     if (bytes % block_size) {
361 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
362     "%s decrypt error(1): bytes %d (%d)");
363     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
364 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
365     bytes, block_size);
366 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
367 maya 3227 return;
368     }
369    
370 doda 7133 if (bytes > encbufflen) {
371     if ((newbuff = malloc(bytes)) == NULL)
372     return;
373     encbuff = newbuff;
374     encbufflen = bytes;
375     }
376 maya 3227
377 doda 7133 if (EVP_Cipher(&pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) {
378 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
379     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
380 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
381 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
382 maya 3227 } else {
383 doda 7133 memcpy(buf, encbuff, bytes);
384 maya 3227 }
385     }
386    
387 maya 7774 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
388 maya 3227 {
389 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
390 maya 3227
391     DES_ncbc_encrypt(buf, buf, bytes,
392     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
393     DES_ncbc_encrypt(buf, buf, bytes,
394     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
395     DES_ncbc_encrypt(buf, buf, bytes,
396     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
397     }
398    
399 maya 7774 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
400 maya 3227 {
401 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
402 maya 3227
403     DES_ncbc_encrypt(buf, buf, bytes,
404     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
405     DES_ncbc_encrypt(buf, buf, bytes,
406     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
407     DES_ncbc_encrypt(buf, buf, bytes,
408     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
409     }
410    
411 maya 7774 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
412 maya 3227 {
413 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
414 maya 3227
415     DES_ncbc_encrypt(buf, buf, bytes,
416     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
417     }
418    
419 maya 7774 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
420 maya 3227 {
421 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
422 maya 3227
423     DES_ncbc_encrypt(buf, buf, bytes,
424     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
425     }
426    
427 maya 7774 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
428 maya 3227 {
429 doda 6801 uint32 *buf = (uint32 *) cbuf;
430 maya 3227 int count = bytes / 4;
431    
432     while (count > 0) {
433     uint32 w = *buf;
434    
435     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
436     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
437     count--;
438     buf++;
439     }
440     }
441    
442 maya 7774 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
443 maya 3227 {
444 doda 6801 CipherBlowfishState *encryptstate =
445 maya 3227 &pvar->crypt_state.enc.cBlowfish;
446    
447     flip_endianness(buf, bytes);
448     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
449     BF_ENCRYPT);
450     flip_endianness(buf, bytes);
451     }
452    
453 maya 7774 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
454 maya 3227 {
455 doda 6801 CipherBlowfishState *decryptstate =
456 maya 3227 &pvar->crypt_state.dec.cBlowfish;
457    
458     flip_endianness(buf, bytes);
459     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
460     BF_DECRYPT);
461     flip_endianness(buf, bytes);
462     }
463    
464 maya 7774 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
465 maya 3227 {
466     RAND_bytes(buf, bytes);
467     }
468    
469     void CRYPT_initialize_random_numbers(PTInstVar pvar)
470     {
471 maya 4550 // ����������������������
472     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
473     //RAND_screen();
474 maya 3227 }
475    
476 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
477 maya 3227 {
478     int bits = get_ushort16_MSBfirst(bytes);
479    
480     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
481     }
482    
483     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
484 doda 6801 RSA *make_key(PTInstVar pvar,
485     int bits, unsigned char *exp,
486     unsigned char *mod)
487 maya 3227 {
488 doda 6801 RSA *key = RSA_new();
489 maya 3227
490     if (key != NULL) {
491     key->e = get_bignum(exp);
492     key->n = get_bignum(mod);
493     }
494    
495     if (key == NULL || key->e == NULL || key->n == NULL) {
496     UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
497     "Error setting up RSA keys");
498 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
499 maya 3227
500     if (key != NULL) {
501     if (key->e != NULL) {
502     BN_free(key->e);
503     }
504     if (key->n != NULL) {
505     BN_free(key->n);
506     }
507     RSA_free(key);
508     }
509    
510     return NULL;
511     } else {
512     return key;
513     }
514     }
515    
516 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
517 maya 3227 {
518     if (SSHv1(pvar)) {
519     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
520     } else {
521     memcpy(pvar->crypt_state.server_cookie, cookie,
522     SSH2_COOKIE_LENGTH);
523     }
524     }
525    
526 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
527 maya 3227 {
528     if (SSHv2(pvar)) {
529     memcpy(pvar->crypt_state.client_cookie, cookie,
530     SSH2_COOKIE_LENGTH);
531     }
532     }
533    
534     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
535 doda 6801 int bits, unsigned char *exp,
536     unsigned char *mod)
537 maya 3227 {
538     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
539    
540     return pvar->crypt_state.server_key.RSA_key != NULL;
541     }
542    
543     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
544 doda 6801 int bits, unsigned char *exp,
545     unsigned char *mod)
546 maya 3227 {
547     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
548    
549     return pvar->crypt_state.host_key.RSA_key != NULL;
550     }
551    
552     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
553     int receiver_ciphers)
554     {
555     int cipher_mask;
556    
557     if (SSHv1(pvar)) {
558     cipher_mask = (1 << SSH_CIPHER_DES)
559     | (1 << SSH_CIPHER_3DES)
560     | (1 << SSH_CIPHER_BLOWFISH);
561    
562     } else { // for SSH2(yutaka)
563     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
564 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
565 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
566     | (1 << SSH2_CIPHER_AES192_CBC)
567     | (1 << SSH2_CIPHER_AES256_CBC)
568     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
569     | (1 << SSH2_CIPHER_AES128_CTR)
570     | (1 << SSH2_CIPHER_AES192_CTR)
571     | (1 << SSH2_CIPHER_AES256_CTR)
572     | (1 << SSH2_CIPHER_ARCFOUR)
573     | (1 << SSH2_CIPHER_ARCFOUR128)
574     | (1 << SSH2_CIPHER_ARCFOUR256)
575 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
576     | (1 << SSH2_CIPHER_3DES_CTR)
577     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
578 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
579     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
580     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
581     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
582     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
583     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
584     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
585 doda 6985 | (1 << SSH2_CIPHER_AES128_GCM)
586     | (1 << SSH2_CIPHER_AES256_GCM)
587 doda 4433 );
588 maya 3227 }
589    
590     sender_ciphers &= cipher_mask;
591     receiver_ciphers &= cipher_mask;
592     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
593     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
594    
595     if (sender_ciphers == 0) {
596     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
597     "The server does not support any of the TTSSH encryption algorithms.\n"
598     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
599     "The connection will be closed.");
600 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
601 maya 3227 return FALSE;
602     } else if (receiver_ciphers == 0) {
603     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
604     "The server does not support any of the TTSSH encryption algorithms.\n"
605     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
606     "The connection will be closed.");
607 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
608 maya 3227 return FALSE;
609     } else {
610     return TRUE;
611     }
612     }
613    
614 doda 6982 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
615 maya 3227 {
616     if (SSHv1(pvar)) {
617     return 8;
618     } else {
619     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
620     // cf. 3DES=8, AES128=16
621     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
622     }
623     }
624    
625 doda 6982 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
626 maya 3227 {
627     if (SSHv1(pvar)) {
628     return 8;
629     } else {
630     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
631     // cf. 3DES=8, AES128=16
632     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
633     }
634     }
635    
636 doda 6982 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
637 maya 3227 {
638     struct Mac *mac;
639    
640     if (SSHv1(pvar)) {
641     return 0;
642    
643     } else { // for SSH2(yutaka)
644     mac = &pvar->ssh2_keys[MODE_IN].mac;
645     if (mac == NULL || mac->enabled == 0)
646     return 0;
647    
648     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
649     }
650    
651     }
652    
653     // HMAC������
654     // ���{������ SSH2 �������g�p�������B
655     // (2004.12.17 yutaka)
656     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
657 doda 6801 char *data, int len, char *MAC)
658 maya 3227 {
659     HMAC_CTX c;
660     unsigned char m[EVP_MAX_MD_SIZE];
661     unsigned char b[4];
662     struct Mac *mac;
663    
664     mac = &pvar->ssh2_keys[MODE_IN].mac;
665    
666     // HMAC�������L���������������A����OK�����������B
667 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
668 maya 3227 return TRUE;
669    
670 yutakapon 6302 if (mac->key == NULL) {
671 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
672 maya 3227 goto error;
673 yutakapon 6302 }
674 maya 3227
675 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
676 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
677 yutakapon 6302 mac->mac_len, sizeof(m), sequence_number, len);
678 maya 3227 goto error;
679 yutakapon 6302 }
680 maya 3227
681     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
682     set_uint32_MSBfirst(b, sequence_number);
683     HMAC_Update(&c, b, sizeof(b));
684     HMAC_Update(&c, data, len);
685     HMAC_Final(&c, m, NULL);
686     HMAC_cleanup(&c);
687    
688     if (memcmp(m, MAC, mac->mac_len)) {
689 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
690     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
691     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
692 maya 3227 goto error;
693     }
694    
695     return TRUE;
696    
697     error:
698     return FALSE;
699     }
700    
701 doda 6982 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
702 maya 3227 {
703     struct Mac *mac;
704    
705     if (SSHv2(pvar)) { // for SSH2(yutaka)
706     mac = &pvar->ssh2_keys[MODE_OUT].mac;
707     if (mac == NULL || mac->enabled == 0)
708     return 0;
709    
710     return (mac->mac_len);
711     }
712    
713     return 0;
714     }
715    
716     // for SSH2
717     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
718 doda 6801 char *data, int len, char *MAC)
719 maya 3227 {
720     HMAC_CTX c;
721     static u_char m[EVP_MAX_MD_SIZE];
722     u_char b[4];
723     struct Mac *mac;
724    
725     if (SSHv2(pvar)) { // for SSH2(yutaka)
726     mac = &pvar->ssh2_keys[MODE_OUT].mac;
727     if (mac == NULL || mac->enabled == 0)
728     return FALSE;
729    
730     HMAC_Init(&c, mac->key, mac->key_len, mac->md);
731     set_uint32_MSBfirst(b, sequence_number);
732     HMAC_Update(&c, b, sizeof(b));
733     HMAC_Update(&c, data, len);
734     HMAC_Final(&c, m, NULL);
735     HMAC_cleanup(&c);
736    
737     // 20�o�C�g�������R�s�[
738     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
739     // memcpy(MAC, m, sizeof(m));
740    
741     return TRUE;
742     }
743    
744     return TRUE;
745    
746     }
747    
748     static int choose_cipher(PTInstVar pvar, int supported)
749     {
750     int i;
751    
752     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
753     int cipher = pvar->session_settings.CipherOrder[i] - '0';
754    
755     if (cipher == SSH_CIPHER_NONE) {
756     break;
757     } else if ((supported & (1 << cipher)) != 0) {
758     return cipher;
759     }
760     }
761    
762     return SSH_CIPHER_NONE;
763     }
764    
765     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
766     {
767     if (SSHv1(pvar)) {
768     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
769     pvar->crypt_state.
770     supported_sender_ciphers);
771     pvar->crypt_state.receiver_cipher =
772     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
773    
774     } else { // SSH2(yutaka)
775 doda 7002 if (pvar->ciphers[MODE_OUT] == NULL) {
776     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
777     }
778     else {
779     pvar->crypt_state.sender_cipher = pvar->ciphers[MODE_OUT]->id;
780     }
781     if (pvar->ciphers[MODE_IN] == NULL) {
782     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
783     }
784     else {
785     pvar->crypt_state.receiver_cipher = pvar->ciphers[MODE_IN]->id;
786     }
787 maya 3227 }
788    
789     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
790     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
791 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
792 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
793     "To communicate with this server, you will have to enable some more ciphers\n"
794     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
795     "This connection will now close.");
796 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
797 maya 3227 return FALSE;
798     } else {
799     return TRUE;
800     }
801     }
802    
803 doda 6982 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
804 maya 3227 {
805     int server_key_bits =
806     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
807     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
808     int server_key_bytes = (server_key_bits + 7) / 8;
809     int host_key_bytes = (host_key_bits + 7) / 8;
810    
811     if (server_key_bits < host_key_bits) {
812     return host_key_bytes;
813     } else {
814     return server_key_bytes;
815     }
816     }
817    
818     int CRYPT_choose_session_key(PTInstVar pvar,
819 doda 6801 unsigned char *encrypted_key_buf)
820 maya 3227 {
821     int server_key_bits =
822     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
823     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
824     int server_key_bytes = (server_key_bits + 7) / 8;
825     int host_key_bytes = (host_key_bits + 7) / 8;
826     int encrypted_key_bytes;
827     int bit_delta;
828    
829     if (server_key_bits < host_key_bits) {
830     encrypted_key_bytes = host_key_bytes;
831     bit_delta = host_key_bits - server_key_bits;
832     } else {
833     encrypted_key_bytes = server_key_bytes;
834     bit_delta = server_key_bits - host_key_bits;
835     }
836    
837     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
838 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
839 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
840 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
841 maya 3227 return 0;
842     } else {
843     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
844     for the session ID, rather than the one specified in the RFC */
845     int session_buf_len = server_key_bytes + host_key_bytes + 8;
846 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
847 maya 3227 char session_id[16];
848     int i;
849    
850     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
851     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
852     session_buf + host_key_bytes);
853     memcpy(session_buf + server_key_bytes + host_key_bytes,
854     pvar->crypt_state.server_cookie, 8);
855     MD5(session_buf, session_buf_len, session_id);
856    
857     free(session_buf);
858    
859     RAND_bytes(pvar->crypt_state.sender_cipher_key,
860     SSH_SESSION_KEY_LENGTH);
861     memcpy(pvar->crypt_state.receiver_cipher_key,
862     pvar->crypt_state.sender_cipher_key,
863     SSH_SESSION_KEY_LENGTH);
864    
865     memcpy(encrypted_key_buf + encrypted_key_bytes -
866     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
867     SSH_SESSION_KEY_LENGTH);
868     for (i = 0; i < sizeof(session_id); i++) {
869     encrypted_key_buf[encrypted_key_bytes -
870     SSH_SESSION_KEY_LENGTH + i]
871     ^= session_id[i];
872     }
873    
874     if (host_key_bits > server_key_bits) {
875     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
876     encrypted_key_buf +
877     encrypted_key_bytes -
878     SSH_SESSION_KEY_LENGTH,
879     encrypted_key_buf +
880     encrypted_key_bytes - server_key_bytes,
881     pvar->crypt_state.server_key.RSA_key,
882     RSA_PKCS1_PADDING) < 0)
883     return 0;
884    
885     if (RSA_public_encrypt(server_key_bytes,
886     encrypted_key_buf +
887     encrypted_key_bytes - server_key_bytes,
888     encrypted_key_buf,
889     pvar->crypt_state.host_key.RSA_key,
890     RSA_PKCS1_PADDING) < 0)
891     return 0;
892     } else {
893     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
894     encrypted_key_buf +
895     encrypted_key_bytes -
896     SSH_SESSION_KEY_LENGTH,
897     encrypted_key_buf +
898     encrypted_key_bytes - host_key_bytes,
899     pvar->crypt_state.host_key.RSA_key,
900     RSA_PKCS1_PADDING) < 0)
901     return 0;
902    
903     if (RSA_public_encrypt(host_key_bytes,
904     encrypted_key_buf +
905     encrypted_key_bytes - host_key_bytes,
906     encrypted_key_buf,
907     pvar->crypt_state.server_key.RSA_key,
908     RSA_PKCS1_PADDING) < 0)
909     return 0;
910     }
911     }
912    
913     return 1;
914     }
915    
916     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
917 doda 6801 unsigned char *challenge,
918 maya 3227 int challenge_len,
919 doda 6801 unsigned char *response)
920 maya 3227 {
921     int server_key_bits =
922     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
923     int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
924     int server_key_bytes = (server_key_bits + 7) / 8;
925     int host_key_bytes = (host_key_bits + 7) / 8;
926     int session_buf_len = server_key_bytes + host_key_bytes + 8;
927 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
928 maya 3227 char decrypted_challenge[48];
929     int decrypted_challenge_len;
930    
931     decrypted_challenge_len =
932     RSA_private_decrypt(challenge_len, challenge, challenge,
933 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
934 maya 3227 RSA_PKCS1_PADDING);
935     if (decrypted_challenge_len < 0) {
936     free(session_buf);
937     return 0;
938     }
939     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
940     memcpy(decrypted_challenge,
941     challenge + decrypted_challenge_len -
942     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
943     } else {
944 doda 7003 SecureZeroMemory(decrypted_challenge,
945 maya 3227 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
946     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
947     decrypted_challenge_len, challenge,
948     decrypted_challenge_len);
949     }
950    
951     BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
952     BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
953     session_buf + host_key_bytes);
954     memcpy(session_buf + server_key_bytes + host_key_bytes,
955     pvar->crypt_state.server_cookie, 8);
956     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
957    
958     free(session_buf);
959    
960     MD5(decrypted_challenge, 48, response);
961    
962     return 1;
963     }
964    
965 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
966 maya 3227 {
967 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
968     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
969     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
970 doda 7003 SecureZeroMemory(state->ivec1, 8);
971     SecureZeroMemory(state->ivec2, 8);
972     SecureZeroMemory(state->ivec3, 8);
973 maya 3227 }
974    
975 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
976 maya 3227 {
977 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
978 doda 7003 SecureZeroMemory(state->ivec, 8);
979 maya 3227 }
980    
981 doda 6801 static void cBlowfish_init(char *session_key,
982     CipherBlowfishState *state)
983 maya 3227 {
984     BF_set_key(&state->k, 32, session_key);
985 doda 7003 SecureZeroMemory(state->ivec, 8);
986 maya 3227 }
987    
988    
989     //
990     // SSH2�p�A���S���Y����������
991     //
992     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
993     const u_char *key, u_int keylen,
994     const u_char *iv, u_int ivlen,
995     int encrypt,
996     const EVP_CIPHER *type,
997     int discard_len,
998 doda 6985 unsigned int authlen,
999 maya 3227 PTInstVar pvar)
1000     {
1001     int klen;
1002     char tmp[80];
1003     unsigned char *junk = NULL, *discard = NULL;
1004    
1005     EVP_CIPHER_CTX_init(evp);
1006 doda 6985 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
1007     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1008 maya 3227 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1009 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1010 maya 3227 return;
1011     }
1012    
1013 doda 6985 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
1014     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1015     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1016     notify_fatal_error(pvar, tmp, TRUE);
1017     return;
1018     }
1019     if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1020     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1021     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1022     notify_fatal_error(pvar, tmp, TRUE);
1023     return;
1024     }
1025     if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1026     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1027     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1028     notify_fatal_error(pvar, tmp, TRUE);
1029     return;
1030     }
1031    
1032 maya 3227 klen = EVP_CIPHER_CTX_key_length(evp);
1033     if (klen > 0 && keylen != klen) {
1034     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1035 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1036     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1037 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1038 maya 3227 return;
1039     }
1040     }
1041     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1042 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1043     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1044 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1045 maya 3227 return;
1046     }
1047    
1048     if (discard_len > 0) {
1049     junk = malloc(discard_len);
1050     discard = malloc(discard_len);
1051     if (junk == NULL || discard == NULL ||
1052     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1053 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1054     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1055 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1056 maya 3227 }
1057     else {
1058 yutakapon 6229 SecureZeroMemory(discard, discard_len);
1059 maya 3227 }
1060     free(junk);
1061     free(discard);
1062     }
1063     }
1064    
1065 yutakapon 5545 //
1066     // SSH2�p�A���S���Y�����j��
1067     //
1068     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1069     {
1070     EVP_CIPHER_CTX_cleanup(evp);
1071     }
1072 maya 3227
1073 yutakapon 5545
1074 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1075     {
1076 doda 6716 struct Enc *enc;
1077 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1078     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1079 doda 7004 SSH2Cipher *cipher;
1080 maya 3227 BOOL isOK = TRUE;
1081    
1082     if (sender_flag) {
1083 doda 7002 if (SSHv1(pvar)) {
1084     switch (pvar->crypt_state.sender_cipher) {
1085     case SSH_CIPHER_3DES:
1086     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1087     pvar->crypt_state.encrypt = c3DES_encrypt;
1088     break;
1089 maya 3227
1090 doda 7002 case SSH_CIPHER_DES:
1091     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1092     pvar->crypt_state.encrypt = cDES_encrypt;
1093     break;
1094 maya 3227
1095 doda 7002 case SSH_CIPHER_BLOWFISH:
1096     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1097     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1098     break;
1099 maya 3227
1100 doda 7002 case SSH_CIPHER_NONE:
1101     case SSH_CIPHER_IDEA:
1102     case SSH_CIPHER_TSS:
1103     case SSH_CIPHER_RC4:
1104     isOK = FALSE;
1105     break;
1106     }
1107     }
1108     else {
1109     // SSH2
1110     cipher = pvar->ciphers[MODE_OUT];
1111     if (cipher) {
1112 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1113     cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1114 doda 6716 enc->key, get_cipher_key_len(cipher),
1115 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1116 maya 3227 CIPHER_ENCRYPT,
1117 doda 6716 get_cipher_EVP_CIPHER(cipher),
1118     get_cipher_discard_len(cipher),
1119 doda 6985 get_cipher_auth_len(cipher),
1120 maya 3227 pvar);
1121    
1122 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1123 maya 3227 }
1124 doda 6716 else {
1125     isOK = FALSE;
1126 maya 3227 }
1127     }
1128     }
1129    
1130     if (receiver_flag) {
1131 doda 7002 if (SSHv1(pvar)) {
1132     switch (pvar->crypt_state.receiver_cipher) {
1133     case SSH_CIPHER_3DES:
1134     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1135     pvar->crypt_state.decrypt = c3DES_decrypt;
1136     break;
1137 maya 3227
1138 doda 7002 case SSH_CIPHER_DES:
1139     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1140     pvar->crypt_state.decrypt = cDES_decrypt;
1141     break;
1142 maya 3227
1143 doda 7002 case SSH_CIPHER_BLOWFISH:
1144     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1145     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1146     break;
1147 maya 3227
1148 doda 7002 case SSH_CIPHER_NONE:
1149     case SSH_CIPHER_IDEA:
1150     case SSH_CIPHER_TSS:
1151     case SSH_CIPHER_RC4:
1152     isOK = FALSE;
1153     break;
1154     }
1155     }
1156     else {
1157     // SSH2
1158     cipher = pvar->ciphers[MODE_IN];
1159     if (cipher) {
1160 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1161     cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1162 doda 6716 enc->key, get_cipher_key_len(cipher),
1163 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1164 maya 3227 CIPHER_DECRYPT,
1165 doda 6716 get_cipher_EVP_CIPHER(cipher),
1166     get_cipher_discard_len(cipher),
1167 doda 6985 get_cipher_auth_len(cipher),
1168 maya 3227 pvar);
1169    
1170 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1171 maya 3227 }
1172 doda 6716 else {
1173     isOK = FALSE;
1174 maya 3227 }
1175     }
1176     }
1177    
1178     if (!isOK) {
1179 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1180 maya 3227 "No cipher selected!");
1181 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1182 maya 3227 return FALSE;
1183     } else {
1184 doda 7003 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1185     SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1186 maya 3227 return TRUE;
1187     }
1188     }
1189    
1190     void CRYPT_init(PTInstVar pvar)
1191     {
1192     pvar->crypt_state.encrypt = no_encrypt;
1193     pvar->crypt_state.decrypt = no_encrypt;
1194     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1195     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1196     pvar->crypt_state.server_key.RSA_key = NULL;
1197     pvar->crypt_state.host_key.RSA_key = NULL;
1198    
1199     pvar->crypt_state.detect_attack_statics.h = NULL;
1200     pvar->crypt_state.detect_attack_statics.n =
1201     HASH_MINSIZE / HASH_ENTRYSIZE;
1202     }
1203    
1204 doda 6801 static char *get_cipher_name(int cipher)
1205 maya 3227 {
1206     switch (cipher) {
1207     case SSH_CIPHER_NONE:
1208     return "None";
1209     case SSH_CIPHER_3DES:
1210     return "3DES (168 key bits)";
1211     case SSH_CIPHER_DES:
1212     return "DES (56 key bits)";
1213     case SSH_CIPHER_BLOWFISH:
1214     return "Blowfish (256 key bits)";
1215    
1216     // SSH2
1217     case SSH2_CIPHER_3DES_CBC:
1218 doda 6988 return "3des-cbc";
1219 maya 3227 case SSH2_CIPHER_AES128_CBC:
1220 doda 6988 return "aes128-cbc";
1221 maya 3227 case SSH2_CIPHER_AES192_CBC:
1222 doda 6988 return "aes192-cbc";
1223 maya 3227 case SSH2_CIPHER_AES256_CBC:
1224 doda 6988 return "aes256-cbc";
1225 maya 3227 case SSH2_CIPHER_BLOWFISH_CBC:
1226 doda 6988 return "blowfish-cbc";
1227 maya 3227 case SSH2_CIPHER_AES128_CTR:
1228 doda 6988 return "aes128-ctr";
1229 maya 3227 case SSH2_CIPHER_AES192_CTR:
1230 doda 6988 return "aes192-ctr";
1231 maya 3227 case SSH2_CIPHER_AES256_CTR:
1232 doda 6988 return "aes256-ctr";
1233 maya 3227 case SSH2_CIPHER_ARCFOUR:
1234 doda 6988 return "arcfour";
1235 maya 3227 case SSH2_CIPHER_ARCFOUR128:
1236 doda 6988 return "arcfour128";
1237 maya 3227 case SSH2_CIPHER_ARCFOUR256:
1238 doda 6988 return "arcfour256";
1239 maya 3227 case SSH2_CIPHER_CAST128_CBC:
1240 doda 6988 return "cast-128-cbc";
1241 doda 3850 case SSH2_CIPHER_3DES_CTR:
1242 doda 6988 return "3des-ctr";
1243 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1244 doda 6988 return "blowfish-ctr";
1245 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1246 doda 6988 return "cast-128-ctr";
1247 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1248 doda 6988 return "camellia128-cbc";
1249 doda 4433 case SSH2_CIPHER_CAMELLIA192_CBC:
1250 doda 6988 return "camellia192-cbc";
1251 doda 4433 case SSH2_CIPHER_CAMELLIA256_CBC:
1252 doda 6988 return "camellia256-cbc";
1253 doda 4433 case SSH2_CIPHER_CAMELLIA128_CTR:
1254 doda 6988 return "camellia128-ctr";
1255 doda 4433 case SSH2_CIPHER_CAMELLIA192_CTR:
1256 doda 6988 return "camellia192-ctr";
1257 doda 4433 case SSH2_CIPHER_CAMELLIA256_CTR:
1258 doda 6988 return "camellia256-ctr";
1259 doda 6985 case SSH2_CIPHER_AES128_GCM:
1260 doda 6988 return "aes128-gcm@openssh.com";
1261 doda 6985 case SSH2_CIPHER_AES256_GCM:
1262 doda 6988 return "aes256-gcm@openssh.com";
1263 maya 3227
1264     default:
1265     return "Unknown";
1266     }
1267     }
1268    
1269 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1270 maya 3227 {
1271     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1272     "%s to server, %s from server");
1273     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1274     get_cipher_name(pvar->crypt_state.sender_cipher),
1275     get_cipher_name(pvar->crypt_state.receiver_cipher));
1276     }
1277    
1278 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1279 maya 3227 {
1280     if (SSHv1(pvar)) {
1281     if (pvar->crypt_state.server_key.RSA_key == NULL
1282     || pvar->crypt_state.host_key.RSA_key == NULL) {
1283     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1284     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1285     } else {
1286     UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1287     "%d-bit server key, %d-bit host key");
1288     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1289     BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1290     BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1291     }
1292     } else { // SSH2
1293 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1294     "%d-bit client key, %d-bit server key");
1295 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1296 maya 4313 pvar->client_key_bits,
1297     pvar->server_key_bits);
1298 maya 3227 }
1299     }
1300    
1301 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1302 maya 3227 {
1303     if (key->RSA_key != NULL) {
1304     RSA_free(key->RSA_key);
1305     key->RSA_key = NULL;
1306     }
1307     }
1308    
1309 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1310 maya 3227 {
1311     destroy_public_key(key);
1312     free(key);
1313     }
1314    
1315     void CRYPT_end(PTInstVar pvar)
1316     {
1317 doda 7133 free(encbuff);
1318     encbuff = NULL;
1319     encbufflen = 0;
1320    
1321 maya 3227 destroy_public_key(&pvar->crypt_state.host_key);
1322     destroy_public_key(&pvar->crypt_state.server_key);
1323    
1324     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1325 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1326 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1327     free(pvar->crypt_state.detect_attack_statics.h);
1328     }
1329    
1330 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1331 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1332 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1333 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1334 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1335 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1336 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1337 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1338 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1339     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1340 maya 3227 }
1341    
1342 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1343     char *buf, int bytes)
1344 maya 3227 {
1345     unsigned char passphrase_key[16];
1346    
1347     MD5(passphrase, strlen(passphrase), passphrase_key);
1348    
1349     switch (cipher) {
1350     case SSH_CIPHER_3DES:{
1351     Cipher3DESState state;
1352    
1353 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1354 maya 3227 &state.k1);
1355 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1356 maya 3227 &state.k2);
1357 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1358 maya 3227 &state.k3);
1359 doda 7003 SecureZeroMemory(state.ivec1, 8);
1360     SecureZeroMemory(state.ivec2, 8);
1361     SecureZeroMemory(state.ivec3, 8);
1362 maya 3227 DES_ncbc_encrypt(buf, buf, bytes,
1363     &state.k3, &state.ivec3, DES_DECRYPT);
1364     DES_ncbc_encrypt(buf, buf, bytes,
1365     &state.k2, &state.ivec2, DES_ENCRYPT);
1366     DES_ncbc_encrypt(buf, buf, bytes,
1367     &state.k1, &state.ivec1, DES_DECRYPT);
1368     break;
1369     }
1370    
1371     case SSH_CIPHER_DES:{
1372     CipherDESState state;
1373    
1374     cDES_init(passphrase_key, &state);
1375     DES_ncbc_encrypt(buf, buf, bytes,
1376     &state.k, &state.ivec, DES_DECRYPT);
1377     break;
1378     }
1379    
1380     case SSH_CIPHER_BLOWFISH:{
1381     CipherBlowfishState state;
1382    
1383     BF_set_key(&state.k, 16, passphrase_key);
1384 doda 7003 SecureZeroMemory(state.ivec, 8);
1385 maya 3227 flip_endianness(buf, bytes);
1386     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1387     BF_DECRYPT);
1388     flip_endianness(buf, bytes);
1389     break;
1390     }
1391    
1392     case SSH_CIPHER_NONE:
1393     break;
1394    
1395     default:
1396 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1397 maya 3227 return 0;
1398     }
1399    
1400 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1401 maya 3227 return 1;
1402     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help