Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 8934 - (hide annotations) (download) (as text)
Sat Sep 5 11:20:46 2020 UTC (3 years, 7 months ago) by youlab
Original Path: branches/4-stable/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 44196 byte(s) 
Copyrightの2019を2020に変更した。
変更対象は下記の通り。

Tera Term
TTSSH
TTXKanjiMenu
Help
License
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3 youlab 8934 * (C) 2004-2020 TeraTerm Project
4 doda 6841 * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75 doda 7133 static unsigned char *encbuff = NULL;
76     static unsigned int encbufflen = 0;
77 maya 3227
78 doda 6801 static char *get_cipher_name(int cipher);
79 maya 3227
80 doda 6801 static void crc_update(uint32 *a, uint32 b)
81 maya 3227 {
82     b ^= *a;
83 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
84 maya 3227 }
85    
86     /* check_crc
87     detects if a block is used in a particular pattern
88     */
89    
90 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
91     uint32 len, unsigned char *IV)
92 maya 3227 {
93     uint32 crc;
94 doda 6801 unsigned char *c;
95 maya 3227
96     crc = 0;
97     if (IV && !CMP(S, IV)) {
98     crc_update(&crc, 1);
99     crc_update(&crc, 0);
100     }
101     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
102     if (!CMP(S, c)) {
103     crc_update(&crc, 1);
104     crc_update(&crc, 0);
105     } else {
106     crc_update(&crc, 0);
107     crc_update(&crc, 0);
108     }
109     }
110    
111     return crc == 0;
112     }
113    
114    
115     /*
116     detect_attack
117     Detects a crc32 compensation attack on a packet
118     */
119 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
120     unsigned char *buf, uint32 len,
121     unsigned char *IV)
122 maya 3227 {
123 doda 6801 uint32 *h = statics->h;
124 maya 3227 uint32 n = statics->n;
125     uint32 i, j;
126     uint32 l;
127 doda 6801 unsigned char *c;
128     unsigned char *d;
129 maya 3227
130     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
131     }
132    
133     if (h == NULL) {
134     n = l;
135 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
136 maya 3227 } else {
137     if (l > n) {
138     n = l;
139 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
140 maya 3227 }
141     }
142    
143     statics->h = h;
144     statics->n = n;
145    
146     if (len <= HASH_MINBLOCKS) {
147     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
148     if (IV && (!CMP(c, IV))) {
149     if ((check_crc(c, buf, len, IV)))
150     return DEATTACK_DETECTED;
151     else
152     break;
153     }
154     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
155     if (!CMP(c, d)) {
156     if ((check_crc(c, buf, len, IV)))
157     return DEATTACK_DETECTED;
158     else
159     break;
160     }
161     }
162     }
163     return (DEATTACK_OK);
164     }
165     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
166    
167     if (IV) {
168     h[HASH(IV) & (n - 1)] = HASH_IV;
169     }
170    
171     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
172     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
173     i = (i + 1) & (n - 1)) {
174     if (h[i] == HASH_IV) {
175     if (!CMP(c, IV)) {
176     if (check_crc(c, buf, len, IV))
177     return DEATTACK_DETECTED;
178     else
179     break;
180     }
181     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
182     if (check_crc(c, buf, len, IV))
183     return DEATTACK_DETECTED;
184     else
185     break;
186     }
187     }
188     h[i] = j;
189     }
190    
191     return DEATTACK_OK;
192     }
193    
194 doda 6980 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
195 maya 3227 {
196 doda 6980 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
197     return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
198 maya 3227 } else {
199     return FALSE;
200     }
201     }
202    
203 doda 6985 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
204     {
205 doda 7133 unsigned char *newbuff = NULL;
206 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
207     unsigned char lastiv[1];
208     char tmp[80];
209 yutakapon 8316 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_OUT];
210 doda 6985
211     if (bytes == 0)
212     return TRUE;
213    
214     if (bytes % block_size) {
215     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
216     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
217     get_cipher_name(pvar->crypt_state.sender_cipher),
218     bytes, block_size);
219     notify_fatal_error(pvar, tmp, TRUE);
220     return FALSE;
221     }
222    
223 doda 7133 if (bytes > encbufflen) {
224     if ((newbuff = realloc(encbuff, bytes)) == NULL)
225     goto err;
226     encbuff = newbuff;
227     encbufflen = bytes;
228     }
229 doda 6985
230     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
231     goto err;
232    
233     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
234     goto err;
235    
236 doda 7133 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
237 doda 6985 goto err;
238    
239 doda 7133 memcpy(data+aadlen, encbuff, bytes);
240 doda 6985
241     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
242     goto err;
243    
244     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
245     goto err;
246    
247     return TRUE;
248    
249     err:
250     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
251     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
252     get_cipher_name(pvar->crypt_state.sender_cipher));
253     notify_fatal_error(pvar, tmp, TRUE);
254     return FALSE;
255     }
256    
257     BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
258     {
259 doda 7133 unsigned char *newbuff = NULL;
260 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
261     unsigned char lastiv[1];
262     char tmp[80];
263 yutakapon 8316 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_IN];
264 doda 6985
265     if (bytes == 0)
266     return TRUE;
267    
268     if (bytes % block_size) {
269     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
270     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
271     get_cipher_name(pvar->crypt_state.receiver_cipher),
272     bytes, block_size);
273     notify_fatal_error(pvar, tmp, TRUE);
274     return FALSE;
275     }
276    
277 doda 7133 if (bytes > encbufflen) {
278     if ((newbuff = realloc(encbuff, bytes)) == NULL)
279     goto err;
280     encbuff = newbuff;
281     encbufflen = bytes;
282     }
283 doda 6985
284     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
285     goto err;
286    
287     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
288     goto err;
289    
290     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
291     goto err;
292    
293 doda 7133 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
294 doda 6985 goto err;
295    
296 doda 7133 memcpy(data+aadlen, encbuff, bytes);
297 doda 6985
298     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
299     return FALSE;
300     else
301     return TRUE;
302    
303     err:
304     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
305     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
306     get_cipher_name(pvar->crypt_state.receiver_cipher));
307     notify_fatal_error(pvar, tmp, TRUE);
308     return FALSE;
309     }
310    
311 maya 7774 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
312 maya 3227 {
313     }
314    
315 maya 7774 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
316 maya 3227 {
317 doda 7133 unsigned char *newbuff;
318 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
319 doda 4212 char tmp[80];
320 maya 3227
321     if (bytes == 0)
322     return;
323    
324     if (bytes % block_size) {
325 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
326     "%s encrypt error(1): bytes %d (%d)");
327     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
328 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
329     bytes, block_size);
330 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
331 maya 3227 return;
332     }
333    
334 doda 7133 if (bytes > encbufflen) {
335     if ((newbuff = realloc(encbuff, bytes)) == NULL)
336     return;
337     encbuff = newbuff;
338     encbufflen = bytes;
339     }
340 maya 3227
341 yutakapon 8316 if (EVP_Cipher(pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) {
342 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
343     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
344 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
345 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
346 maya 3227 } else {
347 doda 7133 memcpy(buf, encbuff, bytes);
348 maya 3227 }
349     }
350    
351 maya 7774 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
352 maya 3227 {
353 doda 7133 unsigned char *newbuff;
354 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
355 doda 4212 char tmp[80];
356 maya 3227
357     if (bytes == 0)
358     return;
359    
360     if (bytes % block_size) {
361 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
362     "%s decrypt error(1): bytes %d (%d)");
363     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
364 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
365     bytes, block_size);
366 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
367 maya 3227 return;
368     }
369    
370 doda 7133 if (bytes > encbufflen) {
371     if ((newbuff = malloc(bytes)) == NULL)
372     return;
373     encbuff = newbuff;
374     encbufflen = bytes;
375     }
376 maya 3227
377 yutakapon 8316 if (EVP_Cipher(pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) {
378 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
379     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
380 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
381 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
382 maya 3227 } else {
383 doda 7133 memcpy(buf, encbuff, bytes);
384 maya 3227 }
385     }
386    
387 maya 7774 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
388 maya 3227 {
389 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
390 maya 3227
391     DES_ncbc_encrypt(buf, buf, bytes,
392     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
393     DES_ncbc_encrypt(buf, buf, bytes,
394     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
395     DES_ncbc_encrypt(buf, buf, bytes,
396     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
397     }
398    
399 maya 7774 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
400 maya 3227 {
401 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
402 maya 3227
403     DES_ncbc_encrypt(buf, buf, bytes,
404     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
405     DES_ncbc_encrypt(buf, buf, bytes,
406     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
407     DES_ncbc_encrypt(buf, buf, bytes,
408     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
409     }
410    
411 maya 7774 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
412 maya 3227 {
413 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
414 maya 3227
415     DES_ncbc_encrypt(buf, buf, bytes,
416     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
417     }
418    
419 maya 7774 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
420 maya 3227 {
421 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
422 maya 3227
423     DES_ncbc_encrypt(buf, buf, bytes,
424     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
425     }
426    
427 maya 7774 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
428 maya 3227 {
429 doda 6801 uint32 *buf = (uint32 *) cbuf;
430 maya 3227 int count = bytes / 4;
431    
432     while (count > 0) {
433     uint32 w = *buf;
434    
435     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
436     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
437     count--;
438     buf++;
439     }
440     }
441    
442 maya 7774 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
443 maya 3227 {
444 doda 6801 CipherBlowfishState *encryptstate =
445 maya 3227 &pvar->crypt_state.enc.cBlowfish;
446    
447     flip_endianness(buf, bytes);
448     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
449     BF_ENCRYPT);
450     flip_endianness(buf, bytes);
451     }
452    
453 maya 7774 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
454 maya 3227 {
455 doda 6801 CipherBlowfishState *decryptstate =
456 maya 3227 &pvar->crypt_state.dec.cBlowfish;
457    
458     flip_endianness(buf, bytes);
459     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
460     BF_DECRYPT);
461     flip_endianness(buf, bytes);
462     }
463    
464 maya 7774 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
465 maya 3227 {
466 yutakapon 8316 int ret;
467    
468     // OpenSSL 1.1.1���g���������AWindowsMe���� RAND_bytes() �������o�����������B
469     logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__);
470     ret = RAND_bytes(buf, bytes);
471     if (ret < 0) {
472     logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret);
473     }
474 maya 3227 }
475    
476     void CRYPT_initialize_random_numbers(PTInstVar pvar)
477     {
478 maya 4550 // ����������������������
479     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
480     //RAND_screen();
481 maya 3227 }
482    
483 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
484 maya 3227 {
485     int bits = get_ushort16_MSBfirst(bytes);
486    
487     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
488     }
489    
490     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
491 doda 6801 RSA *make_key(PTInstVar pvar,
492     int bits, unsigned char *exp,
493     unsigned char *mod)
494 maya 3227 {
495 doda 6801 RSA *key = RSA_new();
496 yutakapon 8316 BIGNUM *e = NULL, *n = NULL;
497 maya 3227
498     if (key != NULL) {
499 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
500     // RSA_set0_key���������������K�v�������B
501     e = get_bignum(exp);
502     n = get_bignum(mod);
503     RSA_set0_key(key, n, e, NULL);
504 maya 3227 }
505    
506 yutakapon 8316 if (key == NULL || e == NULL || n == NULL) {
507 maya 3227 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
508     "Error setting up RSA keys");
509 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
510 maya 3227
511     if (key != NULL) {
512 yutakapon 8316 if (e != NULL) {
513     BN_free(e);
514 maya 3227 }
515 yutakapon 8316 if (n != NULL) {
516     BN_free(n);
517 maya 3227 }
518     RSA_free(key);
519     }
520    
521     return NULL;
522     } else {
523     return key;
524     }
525     }
526    
527 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
528 maya 3227 {
529     if (SSHv1(pvar)) {
530     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
531     } else {
532     memcpy(pvar->crypt_state.server_cookie, cookie,
533     SSH2_COOKIE_LENGTH);
534     }
535     }
536    
537 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
538 maya 3227 {
539     if (SSHv2(pvar)) {
540     memcpy(pvar->crypt_state.client_cookie, cookie,
541     SSH2_COOKIE_LENGTH);
542     }
543     }
544    
545     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
546 doda 6801 int bits, unsigned char *exp,
547     unsigned char *mod)
548 maya 3227 {
549     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
550    
551     return pvar->crypt_state.server_key.RSA_key != NULL;
552     }
553    
554     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
555 doda 6801 int bits, unsigned char *exp,
556     unsigned char *mod)
557 maya 3227 {
558     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
559    
560     return pvar->crypt_state.host_key.RSA_key != NULL;
561     }
562    
563     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
564     int receiver_ciphers)
565     {
566     int cipher_mask;
567    
568     if (SSHv1(pvar)) {
569     cipher_mask = (1 << SSH_CIPHER_DES)
570     | (1 << SSH_CIPHER_3DES)
571     | (1 << SSH_CIPHER_BLOWFISH);
572    
573     } else { // for SSH2(yutaka)
574     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
575 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
576 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
577     | (1 << SSH2_CIPHER_AES192_CBC)
578     | (1 << SSH2_CIPHER_AES256_CBC)
579     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
580     | (1 << SSH2_CIPHER_AES128_CTR)
581     | (1 << SSH2_CIPHER_AES192_CTR)
582     | (1 << SSH2_CIPHER_AES256_CTR)
583     | (1 << SSH2_CIPHER_ARCFOUR)
584     | (1 << SSH2_CIPHER_ARCFOUR128)
585     | (1 << SSH2_CIPHER_ARCFOUR256)
586 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
587     | (1 << SSH2_CIPHER_3DES_CTR)
588     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
589 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
590     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
591     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
592     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
593     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
594     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
595     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
596 doda 6985 | (1 << SSH2_CIPHER_AES128_GCM)
597     | (1 << SSH2_CIPHER_AES256_GCM)
598 doda 4433 );
599 maya 3227 }
600    
601     sender_ciphers &= cipher_mask;
602     receiver_ciphers &= cipher_mask;
603     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
604     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
605    
606     if (sender_ciphers == 0) {
607     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
608     "The server does not support any of the TTSSH encryption algorithms.\n"
609     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
610     "The connection will be closed.");
611 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
612 maya 3227 return FALSE;
613     } else if (receiver_ciphers == 0) {
614     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
615     "The server does not support any of the TTSSH encryption algorithms.\n"
616     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
617     "The connection will be closed.");
618 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
619 maya 3227 return FALSE;
620     } else {
621     return TRUE;
622     }
623     }
624    
625 doda 6982 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
626 maya 3227 {
627     if (SSHv1(pvar)) {
628     return 8;
629     } else {
630     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
631     // cf. 3DES=8, AES128=16
632     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
633     }
634     }
635    
636 doda 6982 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
637 maya 3227 {
638     if (SSHv1(pvar)) {
639     return 8;
640     } else {
641     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
642     // cf. 3DES=8, AES128=16
643     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
644     }
645     }
646    
647 doda 6982 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
648 maya 3227 {
649     struct Mac *mac;
650    
651     if (SSHv1(pvar)) {
652     return 0;
653    
654     } else { // for SSH2(yutaka)
655     mac = &pvar->ssh2_keys[MODE_IN].mac;
656     if (mac == NULL || mac->enabled == 0)
657     return 0;
658    
659     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
660     }
661    
662     }
663    
664     // HMAC������
665     // ���{������ SSH2 �������g�p�������B
666     // (2004.12.17 yutaka)
667     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
668 doda 6801 char *data, int len, char *MAC)
669 maya 3227 {
670 yutakapon 8316 HMAC_CTX *c = NULL;
671 maya 3227 unsigned char m[EVP_MAX_MD_SIZE];
672     unsigned char b[4];
673     struct Mac *mac;
674    
675     mac = &pvar->ssh2_keys[MODE_IN].mac;
676    
677     // HMAC�������L���������������A����OK�����������B
678 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
679 maya 3227 return TRUE;
680    
681 yutakapon 6302 if (mac->key == NULL) {
682 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
683 maya 3227 goto error;
684 yutakapon 6302 }
685 maya 3227
686 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
687 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
688 yutakapon 6302 mac->mac_len, sizeof(m), sequence_number, len);
689 maya 3227 goto error;
690 yutakapon 6302 }
691 maya 3227
692 yutakapon 8316 c = HMAC_CTX_new();
693     if (c == NULL)
694     goto error;
695    
696     HMAC_Init(c, mac->key, mac->key_len, mac->md);
697 maya 3227 set_uint32_MSBfirst(b, sequence_number);
698 yutakapon 8316 HMAC_Update(c, b, sizeof(b));
699     HMAC_Update(c, data, len);
700     HMAC_Final(c, m, NULL);
701     // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
702 maya 3227
703     if (memcmp(m, MAC, mac->mac_len)) {
704 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
705     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
706     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
707 maya 3227 goto error;
708     }
709    
710 yutakapon 8316 HMAC_CTX_free(c);
711    
712 maya 3227 return TRUE;
713    
714     error:
715 yutakapon 8316 if (c)
716     HMAC_CTX_free(c);
717    
718 maya 3227 return FALSE;
719     }
720    
721 doda 6982 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
722 maya 3227 {
723     struct Mac *mac;
724    
725     if (SSHv2(pvar)) { // for SSH2(yutaka)
726     mac = &pvar->ssh2_keys[MODE_OUT].mac;
727     if (mac == NULL || mac->enabled == 0)
728     return 0;
729    
730     return (mac->mac_len);
731     }
732    
733     return 0;
734     }
735    
736     // for SSH2
737     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
738 doda 6801 char *data, int len, char *MAC)
739 maya 3227 {
740 yutakapon 8316 HMAC_CTX *c = NULL;
741 maya 3227 static u_char m[EVP_MAX_MD_SIZE];
742     u_char b[4];
743     struct Mac *mac;
744    
745     if (SSHv2(pvar)) { // for SSH2(yutaka)
746     mac = &pvar->ssh2_keys[MODE_OUT].mac;
747     if (mac == NULL || mac->enabled == 0)
748     return FALSE;
749    
750 yutakapon 8316 c = HMAC_CTX_new();
751     if (c == NULL)
752     return FALSE;
753    
754     HMAC_Init(c, mac->key, mac->key_len, mac->md);
755 maya 3227 set_uint32_MSBfirst(b, sequence_number);
756 yutakapon 8316 HMAC_Update(c, b, sizeof(b));
757     HMAC_Update(c, data, len);
758     HMAC_Final(c, m, NULL);
759     // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
760 maya 3227
761     // 20�o�C�g�������R�s�[
762     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
763     // memcpy(MAC, m, sizeof(m));
764    
765 yutakapon 8316 HMAC_CTX_free(c);
766    
767 maya 3227 return TRUE;
768     }
769    
770     return TRUE;
771    
772     }
773    
774     static int choose_cipher(PTInstVar pvar, int supported)
775     {
776     int i;
777    
778     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
779     int cipher = pvar->session_settings.CipherOrder[i] - '0';
780    
781     if (cipher == SSH_CIPHER_NONE) {
782     break;
783     } else if ((supported & (1 << cipher)) != 0) {
784     return cipher;
785     }
786     }
787    
788     return SSH_CIPHER_NONE;
789     }
790    
791     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
792     {
793     if (SSHv1(pvar)) {
794     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
795     pvar->crypt_state.
796     supported_sender_ciphers);
797     pvar->crypt_state.receiver_cipher =
798     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
799    
800     } else { // SSH2(yutaka)
801 doda 7002 if (pvar->ciphers[MODE_OUT] == NULL) {
802     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
803     }
804     else {
805     pvar->crypt_state.sender_cipher = pvar->ciphers[MODE_OUT]->id;
806     }
807     if (pvar->ciphers[MODE_IN] == NULL) {
808     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
809     }
810     else {
811     pvar->crypt_state.receiver_cipher = pvar->ciphers[MODE_IN]->id;
812     }
813 maya 3227 }
814    
815     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
816     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
817 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
818 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
819     "To communicate with this server, you will have to enable some more ciphers\n"
820     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
821     "This connection will now close.");
822 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
823 maya 3227 return FALSE;
824     } else {
825     return TRUE;
826     }
827     }
828    
829 doda 6982 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
830 maya 3227 {
831 yutakapon 8316 int server_key_bits;
832     int host_key_bits;
833     int server_key_bytes;
834     int host_key_bytes;
835     BIGNUM *n;
836 maya 3227
837 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
838     // RSA_get0_key���������������K�v�������B
839     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
840     server_key_bits = BN_num_bits(n);
841    
842     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
843     host_key_bits = BN_num_bits(n);
844    
845     server_key_bytes = (server_key_bits + 7) / 8;
846     host_key_bytes = (host_key_bits + 7) / 8;
847    
848 maya 3227 if (server_key_bits < host_key_bits) {
849     return host_key_bytes;
850     } else {
851     return server_key_bytes;
852     }
853     }
854    
855     int CRYPT_choose_session_key(PTInstVar pvar,
856 doda 6801 unsigned char *encrypted_key_buf)
857 maya 3227 {
858 yutakapon 8316 int server_key_bits;
859     int host_key_bits;
860     int server_key_bytes;
861     int host_key_bytes;
862 maya 3227 int encrypted_key_bytes;
863     int bit_delta;
864 yutakapon 8316 BIGNUM *server_n, *host_n;
865 maya 3227
866 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
867     // RSA_get0_key���������������K�v�������B
868     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
869     server_key_bits = BN_num_bits(server_n);
870    
871     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
872     host_key_bits = BN_num_bits(host_n);
873    
874     server_key_bytes = (server_key_bits + 7) / 8;
875     host_key_bytes = (host_key_bits + 7) / 8;
876    
877 maya 3227 if (server_key_bits < host_key_bits) {
878     encrypted_key_bytes = host_key_bytes;
879     bit_delta = host_key_bits - server_key_bits;
880     } else {
881     encrypted_key_bytes = server_key_bytes;
882     bit_delta = server_key_bits - host_key_bits;
883     }
884    
885     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
886 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
887 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
888 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
889 maya 3227 return 0;
890     } else {
891     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
892     for the session ID, rather than the one specified in the RFC */
893     int session_buf_len = server_key_bytes + host_key_bytes + 8;
894 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
895 maya 3227 char session_id[16];
896     int i;
897    
898 yutakapon 8316 BN_bn2bin(host_n, session_buf);
899     BN_bn2bin(server_n,
900 maya 3227 session_buf + host_key_bytes);
901     memcpy(session_buf + server_key_bytes + host_key_bytes,
902     pvar->crypt_state.server_cookie, 8);
903     MD5(session_buf, session_buf_len, session_id);
904    
905     free(session_buf);
906    
907     RAND_bytes(pvar->crypt_state.sender_cipher_key,
908     SSH_SESSION_KEY_LENGTH);
909     memcpy(pvar->crypt_state.receiver_cipher_key,
910     pvar->crypt_state.sender_cipher_key,
911     SSH_SESSION_KEY_LENGTH);
912    
913     memcpy(encrypted_key_buf + encrypted_key_bytes -
914     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
915     SSH_SESSION_KEY_LENGTH);
916     for (i = 0; i < sizeof(session_id); i++) {
917     encrypted_key_buf[encrypted_key_bytes -
918     SSH_SESSION_KEY_LENGTH + i]
919     ^= session_id[i];
920     }
921    
922     if (host_key_bits > server_key_bits) {
923     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
924     encrypted_key_buf +
925     encrypted_key_bytes -
926     SSH_SESSION_KEY_LENGTH,
927     encrypted_key_buf +
928     encrypted_key_bytes - server_key_bytes,
929     pvar->crypt_state.server_key.RSA_key,
930     RSA_PKCS1_PADDING) < 0)
931     return 0;
932    
933     if (RSA_public_encrypt(server_key_bytes,
934     encrypted_key_buf +
935     encrypted_key_bytes - server_key_bytes,
936     encrypted_key_buf,
937     pvar->crypt_state.host_key.RSA_key,
938     RSA_PKCS1_PADDING) < 0)
939     return 0;
940     } else {
941     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
942     encrypted_key_buf +
943     encrypted_key_bytes -
944     SSH_SESSION_KEY_LENGTH,
945     encrypted_key_buf +
946     encrypted_key_bytes - host_key_bytes,
947     pvar->crypt_state.host_key.RSA_key,
948     RSA_PKCS1_PADDING) < 0)
949     return 0;
950    
951     if (RSA_public_encrypt(host_key_bytes,
952     encrypted_key_buf +
953     encrypted_key_bytes - host_key_bytes,
954     encrypted_key_buf,
955     pvar->crypt_state.server_key.RSA_key,
956     RSA_PKCS1_PADDING) < 0)
957     return 0;
958     }
959     }
960    
961     return 1;
962     }
963    
964     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
965 doda 6801 unsigned char *challenge,
966 maya 3227 int challenge_len,
967 doda 6801 unsigned char *response)
968 maya 3227 {
969 yutakapon 8316 int server_key_bits;
970     int host_key_bits;
971     int server_key_bytes;
972     int host_key_bytes;
973     int session_buf_len;
974     char *session_buf;
975 maya 3227 char decrypted_challenge[48];
976     int decrypted_challenge_len;
977 yutakapon 8316 BIGNUM *server_n, *host_n;
978 maya 3227
979 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
980     // RSA_get0_key���������������K�v�������B
981     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
982     server_key_bits = BN_num_bits(server_n);
983    
984     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
985     host_key_bits = BN_num_bits(host_n);
986    
987     server_key_bytes = (server_key_bits + 7) / 8;
988     host_key_bytes = (host_key_bits + 7) / 8;
989     session_buf_len = server_key_bytes + host_key_bytes + 8;
990     session_buf = (char FAR *) malloc(session_buf_len);
991    
992 maya 3227 decrypted_challenge_len =
993     RSA_private_decrypt(challenge_len, challenge, challenge,
994 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
995 maya 3227 RSA_PKCS1_PADDING);
996     if (decrypted_challenge_len < 0) {
997     free(session_buf);
998     return 0;
999     }
1000     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1001     memcpy(decrypted_challenge,
1002     challenge + decrypted_challenge_len -
1003     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1004     } else {
1005 doda 7003 SecureZeroMemory(decrypted_challenge,
1006 maya 3227 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1007     memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1008     decrypted_challenge_len, challenge,
1009     decrypted_challenge_len);
1010     }
1011    
1012 yutakapon 8316 BN_bn2bin(host_n, session_buf);
1013     BN_bn2bin(server_n,
1014 maya 3227 session_buf + host_key_bytes);
1015     memcpy(session_buf + server_key_bytes + host_key_bytes,
1016     pvar->crypt_state.server_cookie, 8);
1017     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1018    
1019     free(session_buf);
1020    
1021     MD5(decrypted_challenge, 48, response);
1022    
1023     return 1;
1024     }
1025    
1026 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
1027 maya 3227 {
1028 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
1029     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
1030     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
1031 doda 7003 SecureZeroMemory(state->ivec1, 8);
1032     SecureZeroMemory(state->ivec2, 8);
1033     SecureZeroMemory(state->ivec3, 8);
1034 maya 3227 }
1035    
1036 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
1037 maya 3227 {
1038 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
1039 doda 7003 SecureZeroMemory(state->ivec, 8);
1040 maya 3227 }
1041    
1042 doda 6801 static void cBlowfish_init(char *session_key,
1043     CipherBlowfishState *state)
1044 maya 3227 {
1045     BF_set_key(&state->k, 32, session_key);
1046 doda 7003 SecureZeroMemory(state->ivec, 8);
1047 maya 3227 }
1048    
1049    
1050     //
1051     // SSH2�p�A���S���Y����������
1052     //
1053     void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1054     const u_char *key, u_int keylen,
1055     const u_char *iv, u_int ivlen,
1056     int encrypt,
1057     const EVP_CIPHER *type,
1058     int discard_len,
1059 doda 6985 unsigned int authlen,
1060 maya 3227 PTInstVar pvar)
1061     {
1062     int klen;
1063     char tmp[80];
1064     unsigned char *junk = NULL, *discard = NULL;
1065    
1066     EVP_CIPHER_CTX_init(evp);
1067 doda 6985 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
1068     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1069 maya 3227 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1070 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1071 maya 3227 return;
1072     }
1073    
1074 doda 6985 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
1075     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1076     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1077     notify_fatal_error(pvar, tmp, TRUE);
1078     return;
1079     }
1080     if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1081     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1082     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1083     notify_fatal_error(pvar, tmp, TRUE);
1084     return;
1085     }
1086     if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1087     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1088     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1089     notify_fatal_error(pvar, tmp, TRUE);
1090     return;
1091     }
1092    
1093 maya 3227 klen = EVP_CIPHER_CTX_key_length(evp);
1094     if (klen > 0 && keylen != klen) {
1095     if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1096 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1097     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1098 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1099 maya 3227 return;
1100     }
1101     }
1102     if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1103 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1104     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1105 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1106 maya 3227 return;
1107     }
1108    
1109     if (discard_len > 0) {
1110     junk = malloc(discard_len);
1111     discard = malloc(discard_len);
1112     if (junk == NULL || discard == NULL ||
1113     EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1114 doda 6985 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1115     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1116 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
1117 maya 3227 }
1118     else {
1119 yutakapon 6229 SecureZeroMemory(discard, discard_len);
1120 maya 3227 }
1121     free(junk);
1122     free(discard);
1123     }
1124     }
1125    
1126 yutakapon 5545 //
1127     // SSH2�p�A���S���Y�����j��
1128     //
1129     void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1130     {
1131     EVP_CIPHER_CTX_cleanup(evp);
1132     }
1133 maya 3227
1134 yutakapon 5545
1135 maya 3227 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1136     {
1137 doda 6716 struct Enc *enc;
1138 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1139     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1140 doda 7004 SSH2Cipher *cipher;
1141 maya 3227 BOOL isOK = TRUE;
1142    
1143     if (sender_flag) {
1144 doda 7002 if (SSHv1(pvar)) {
1145     switch (pvar->crypt_state.sender_cipher) {
1146     case SSH_CIPHER_3DES:
1147     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1148     pvar->crypt_state.encrypt = c3DES_encrypt;
1149     break;
1150 maya 3227
1151 doda 7002 case SSH_CIPHER_DES:
1152     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1153     pvar->crypt_state.encrypt = cDES_encrypt;
1154     break;
1155 maya 3227
1156 doda 7002 case SSH_CIPHER_BLOWFISH:
1157     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1158     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1159     break;
1160 maya 3227
1161 doda 7002 case SSH_CIPHER_NONE:
1162     case SSH_CIPHER_IDEA:
1163     case SSH_CIPHER_TSS:
1164     case SSH_CIPHER_RC4:
1165     isOK = FALSE;
1166     break;
1167     }
1168     }
1169     else {
1170     // SSH2
1171     cipher = pvar->ciphers[MODE_OUT];
1172     if (cipher) {
1173 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1174 yutakapon 8316 cipher_init_SSH2(pvar->evpcip[MODE_OUT],
1175 doda 6716 enc->key, get_cipher_key_len(cipher),
1176 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1177 maya 3227 CIPHER_ENCRYPT,
1178 doda 6716 get_cipher_EVP_CIPHER(cipher),
1179     get_cipher_discard_len(cipher),
1180 doda 6985 get_cipher_auth_len(cipher),
1181 maya 3227 pvar);
1182    
1183 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1184 maya 3227 }
1185 doda 6716 else {
1186     isOK = FALSE;
1187 maya 3227 }
1188     }
1189     }
1190    
1191     if (receiver_flag) {
1192 doda 7002 if (SSHv1(pvar)) {
1193     switch (pvar->crypt_state.receiver_cipher) {
1194     case SSH_CIPHER_3DES:
1195     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1196     pvar->crypt_state.decrypt = c3DES_decrypt;
1197     break;
1198 maya 3227
1199 doda 7002 case SSH_CIPHER_DES:
1200     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1201     pvar->crypt_state.decrypt = cDES_decrypt;
1202     break;
1203 maya 3227
1204 doda 7002 case SSH_CIPHER_BLOWFISH:
1205     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1206     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1207     break;
1208 maya 3227
1209 doda 7002 case SSH_CIPHER_NONE:
1210     case SSH_CIPHER_IDEA:
1211     case SSH_CIPHER_TSS:
1212     case SSH_CIPHER_RC4:
1213     isOK = FALSE;
1214     break;
1215     }
1216     }
1217     else {
1218     // SSH2
1219     cipher = pvar->ciphers[MODE_IN];
1220     if (cipher) {
1221 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1222 yutakapon 8316 cipher_init_SSH2(pvar->evpcip[MODE_IN],
1223 doda 6716 enc->key, get_cipher_key_len(cipher),
1224 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1225 maya 3227 CIPHER_DECRYPT,
1226 doda 6716 get_cipher_EVP_CIPHER(cipher),
1227     get_cipher_discard_len(cipher),
1228 doda 6985 get_cipher_auth_len(cipher),
1229 maya 3227 pvar);
1230    
1231 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1232 maya 3227 }
1233 doda 6716 else {
1234     isOK = FALSE;
1235 maya 3227 }
1236     }
1237     }
1238    
1239     if (!isOK) {
1240 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1241 maya 3227 "No cipher selected!");
1242 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1243 maya 3227 return FALSE;
1244     } else {
1245 doda 7003 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1246     SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1247 maya 3227 return TRUE;
1248     }
1249     }
1250    
1251     void CRYPT_init(PTInstVar pvar)
1252     {
1253     pvar->crypt_state.encrypt = no_encrypt;
1254     pvar->crypt_state.decrypt = no_encrypt;
1255     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1256     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1257     pvar->crypt_state.server_key.RSA_key = NULL;
1258     pvar->crypt_state.host_key.RSA_key = NULL;
1259    
1260     pvar->crypt_state.detect_attack_statics.h = NULL;
1261     pvar->crypt_state.detect_attack_statics.n =
1262     HASH_MINSIZE / HASH_ENTRYSIZE;
1263     }
1264    
1265 doda 6801 static char *get_cipher_name(int cipher)
1266 maya 3227 {
1267     switch (cipher) {
1268     case SSH_CIPHER_NONE:
1269     return "None";
1270     case SSH_CIPHER_3DES:
1271     return "3DES (168 key bits)";
1272     case SSH_CIPHER_DES:
1273     return "DES (56 key bits)";
1274     case SSH_CIPHER_BLOWFISH:
1275     return "Blowfish (256 key bits)";
1276    
1277     // SSH2
1278     case SSH2_CIPHER_3DES_CBC:
1279 doda 6988 return "3des-cbc";
1280 maya 3227 case SSH2_CIPHER_AES128_CBC:
1281 doda 6988 return "aes128-cbc";
1282 maya 3227 case SSH2_CIPHER_AES192_CBC:
1283 doda 6988 return "aes192-cbc";
1284 maya 3227 case SSH2_CIPHER_AES256_CBC:
1285 doda 6988 return "aes256-cbc";
1286 maya 3227 case SSH2_CIPHER_BLOWFISH_CBC:
1287 doda 6988 return "blowfish-cbc";
1288 maya 3227 case SSH2_CIPHER_AES128_CTR:
1289 doda 6988 return "aes128-ctr";
1290 maya 3227 case SSH2_CIPHER_AES192_CTR:
1291 doda 6988 return "aes192-ctr";
1292 maya 3227 case SSH2_CIPHER_AES256_CTR:
1293 doda 6988 return "aes256-ctr";
1294 maya 3227 case SSH2_CIPHER_ARCFOUR:
1295 doda 6988 return "arcfour";
1296 maya 3227 case SSH2_CIPHER_ARCFOUR128:
1297 doda 6988 return "arcfour128";
1298 maya 3227 case SSH2_CIPHER_ARCFOUR256:
1299 doda 6988 return "arcfour256";
1300 maya 3227 case SSH2_CIPHER_CAST128_CBC:
1301 doda 6988 return "cast-128-cbc";
1302 doda 3850 case SSH2_CIPHER_3DES_CTR:
1303 doda 6988 return "3des-ctr";
1304 doda 3850 case SSH2_CIPHER_BLOWFISH_CTR:
1305 doda 6988 return "blowfish-ctr";
1306 doda 3850 case SSH2_CIPHER_CAST128_CTR:
1307 doda 6988 return "cast-128-ctr";
1308 doda 4433 case SSH2_CIPHER_CAMELLIA128_CBC:
1309 doda 6988 return "camellia128-cbc";
1310 doda 4433 case SSH2_CIPHER_CAMELLIA192_CBC:
1311 doda 6988 return "camellia192-cbc";
1312 doda 4433 case SSH2_CIPHER_CAMELLIA256_CBC:
1313 doda 6988 return "camellia256-cbc";
1314 doda 4433 case SSH2_CIPHER_CAMELLIA128_CTR:
1315 doda 6988 return "camellia128-ctr";
1316 doda 4433 case SSH2_CIPHER_CAMELLIA192_CTR:
1317 doda 6988 return "camellia192-ctr";
1318 doda 4433 case SSH2_CIPHER_CAMELLIA256_CTR:
1319 doda 6988 return "camellia256-ctr";
1320 doda 6985 case SSH2_CIPHER_AES128_GCM:
1321 doda 6988 return "aes128-gcm@openssh.com";
1322 doda 6985 case SSH2_CIPHER_AES256_GCM:
1323 doda 6988 return "aes256-gcm@openssh.com";
1324 maya 3227
1325     default:
1326     return "Unknown";
1327     }
1328     }
1329    
1330 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1331 maya 3227 {
1332     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1333     "%s to server, %s from server");
1334     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1335     get_cipher_name(pvar->crypt_state.sender_cipher),
1336     get_cipher_name(pvar->crypt_state.receiver_cipher));
1337     }
1338    
1339 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1340 maya 3227 {
1341 yutakapon 8316 BIGNUM *server_n, *host_n;
1342    
1343     // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1344     // RSA_get0_key���������������K�v�������B
1345    
1346 maya 3227 if (SSHv1(pvar)) {
1347     if (pvar->crypt_state.server_key.RSA_key == NULL
1348     || pvar->crypt_state.host_key.RSA_key == NULL) {
1349     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1350     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1351     } else {
1352 yutakapon 8316 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1353     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1354    
1355 maya 3227 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1356     "%d-bit server key, %d-bit host key");
1357     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1358 yutakapon 8316 BN_num_bits(server_n),
1359     BN_num_bits(host_n));
1360 maya 3227 }
1361     } else { // SSH2
1362 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1363     "%d-bit client key, %d-bit server key");
1364 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1365 maya 4313 pvar->client_key_bits,
1366     pvar->server_key_bits);
1367 maya 3227 }
1368     }
1369    
1370 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1371 maya 3227 {
1372     if (key->RSA_key != NULL) {
1373     RSA_free(key->RSA_key);
1374     key->RSA_key = NULL;
1375     }
1376     }
1377    
1378 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1379 maya 3227 {
1380     destroy_public_key(key);
1381     free(key);
1382     }
1383    
1384     void CRYPT_end(PTInstVar pvar)
1385     {
1386 doda 7133 free(encbuff);
1387     encbuff = NULL;
1388     encbufflen = 0;
1389    
1390 maya 3227 destroy_public_key(&pvar->crypt_state.host_key);
1391     destroy_public_key(&pvar->crypt_state.server_key);
1392    
1393     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1394 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1395 maya 3227 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1396     free(pvar->crypt_state.detect_attack_statics.h);
1397     }
1398    
1399 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1400 maya 3227 sizeof(pvar->crypt_state.sender_cipher_key));
1401 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1402 maya 3227 sizeof(pvar->crypt_state.receiver_cipher_key));
1403 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1404 maya 3227 sizeof(pvar->crypt_state.server_cookie));
1405 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1406 maya 3227 sizeof(pvar->crypt_state.client_cookie));
1407 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1408     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1409 maya 3227 }
1410    
1411 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1412     char *buf, int bytes)
1413 maya 3227 {
1414     unsigned char passphrase_key[16];
1415    
1416     MD5(passphrase, strlen(passphrase), passphrase_key);
1417    
1418     switch (cipher) {
1419     case SSH_CIPHER_3DES:{
1420     Cipher3DESState state;
1421    
1422 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1423 maya 3227 &state.k1);
1424 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1425 maya 3227 &state.k2);
1426 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1427 maya 3227 &state.k3);
1428 doda 7003 SecureZeroMemory(state.ivec1, 8);
1429     SecureZeroMemory(state.ivec2, 8);
1430     SecureZeroMemory(state.ivec3, 8);
1431 maya 3227 DES_ncbc_encrypt(buf, buf, bytes,
1432     &state.k3, &state.ivec3, DES_DECRYPT);
1433     DES_ncbc_encrypt(buf, buf, bytes,
1434     &state.k2, &state.ivec2, DES_ENCRYPT);
1435     DES_ncbc_encrypt(buf, buf, bytes,
1436     &state.k1, &state.ivec1, DES_DECRYPT);
1437     break;
1438     }
1439    
1440     case SSH_CIPHER_DES:{
1441     CipherDESState state;
1442    
1443     cDES_init(passphrase_key, &state);
1444     DES_ncbc_encrypt(buf, buf, bytes,
1445     &state.k, &state.ivec, DES_DECRYPT);
1446     break;
1447     }
1448    
1449     case SSH_CIPHER_BLOWFISH:{
1450     CipherBlowfishState state;
1451    
1452     BF_set_key(&state.k, 16, passphrase_key);
1453 doda 7003 SecureZeroMemory(state.ivec, 8);
1454 maya 3227 flip_endianness(buf, bytes);
1455     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1456     BF_DECRYPT);
1457     flip_endianness(buf, bytes);
1458     break;
1459     }
1460    
1461     case SSH_CIPHER_NONE:
1462     break;
1463    
1464     default:
1465 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1466 maya 3227 return 0;
1467     }
1468    
1469 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1470 maya 3227 return 1;
1471     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help