Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 9210 - (hide annotations) (download) (as text)
Sat Apr 17 08:36:59 2021 UTC (2 years, 11 months ago) by nmaya
File MIME type: text/x-csrc
File size: 39694 byte(s) 
ファイルを分割・コードを移動・関数名を整理・新しい OpenSSH からインポート

- OpenSSH からインポート
  cipher-3des1.c from OpenSSH-7.5p1
  ssherr.c from OpenSSH-8.5p1
  ssherr.h from OpenSSH-8.5p1
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3 nmaya 9049 * (C) 2004- TeraTerm Project
4 doda 6841 * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75 doda 7133 static unsigned char *encbuff = NULL;
76     static unsigned int encbufflen = 0;
77 maya 3227
78 doda 6801 static void crc_update(uint32 *a, uint32 b)
79 maya 3227 {
80     b ^= *a;
81 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
82 maya 3227 }
83    
84     /* check_crc
85     detects if a block is used in a particular pattern
86     */
87    
88 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
89     uint32 len, unsigned char *IV)
90 maya 3227 {
91     uint32 crc;
92 doda 6801 unsigned char *c;
93 maya 3227
94     crc = 0;
95     if (IV && !CMP(S, IV)) {
96     crc_update(&crc, 1);
97     crc_update(&crc, 0);
98     }
99     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100     if (!CMP(S, c)) {
101     crc_update(&crc, 1);
102     crc_update(&crc, 0);
103     } else {
104     crc_update(&crc, 0);
105     crc_update(&crc, 0);
106     }
107     }
108    
109     return crc == 0;
110     }
111    
112    
113     /*
114     detect_attack
115     Detects a crc32 compensation attack on a packet
116     */
117 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
118     unsigned char *buf, uint32 len,
119     unsigned char *IV)
120 maya 3227 {
121 doda 6801 uint32 *h = statics->h;
122 maya 3227 uint32 n = statics->n;
123     uint32 i, j;
124     uint32 l;
125 doda 6801 unsigned char *c;
126     unsigned char *d;
127 maya 3227
128     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129     }
130    
131     if (h == NULL) {
132     n = l;
133 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 maya 3227 } else {
135     if (l > n) {
136     n = l;
137 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 maya 3227 }
139     }
140    
141     statics->h = h;
142     statics->n = n;
143    
144     if (len <= HASH_MINBLOCKS) {
145     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146     if (IV && (!CMP(c, IV))) {
147     if ((check_crc(c, buf, len, IV)))
148     return DEATTACK_DETECTED;
149     else
150     break;
151     }
152     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153     if (!CMP(c, d)) {
154     if ((check_crc(c, buf, len, IV)))
155     return DEATTACK_DETECTED;
156     else
157     break;
158     }
159     }
160     }
161     return (DEATTACK_OK);
162     }
163     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164    
165     if (IV) {
166     h[HASH(IV) & (n - 1)] = HASH_IV;
167     }
168    
169     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171     i = (i + 1) & (n - 1)) {
172     if (h[i] == HASH_IV) {
173     if (!CMP(c, IV)) {
174     if (check_crc(c, buf, len, IV))
175     return DEATTACK_DETECTED;
176     else
177     break;
178     }
179     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180     if (check_crc(c, buf, len, IV))
181     return DEATTACK_DETECTED;
182     else
183     break;
184     }
185     }
186     h[i] = j;
187     }
188    
189     return DEATTACK_OK;
190     }
191    
192 doda 6980 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 maya 3227 {
194 doda 6980 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195     return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 maya 3227 } else {
197     return FALSE;
198     }
199     }
200    
201 doda 6985 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202     {
203 doda 7133 unsigned char *newbuff = NULL;
204 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205     unsigned char lastiv[1];
206     char tmp[80];
207 yutakapon 8316 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_OUT];
208 doda 6985
209     if (bytes == 0)
210     return TRUE;
211    
212     if (bytes % block_size) {
213     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
214     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
215     get_cipher_name(pvar->crypt_state.sender_cipher),
216     bytes, block_size);
217     notify_fatal_error(pvar, tmp, TRUE);
218     return FALSE;
219     }
220    
221 doda 7133 if (bytes > encbufflen) {
222     if ((newbuff = realloc(encbuff, bytes)) == NULL)
223     goto err;
224     encbuff = newbuff;
225     encbufflen = bytes;
226     }
227 doda 6985
228     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
229     goto err;
230    
231     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
232     goto err;
233    
234 doda 7133 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
235 doda 6985 goto err;
236    
237 doda 7133 memcpy(data+aadlen, encbuff, bytes);
238 doda 6985
239     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
240     goto err;
241    
242     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
243     goto err;
244    
245     return TRUE;
246    
247     err:
248     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
249     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
250     get_cipher_name(pvar->crypt_state.sender_cipher));
251     notify_fatal_error(pvar, tmp, TRUE);
252     return FALSE;
253     }
254    
255     BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
256     {
257 doda 7133 unsigned char *newbuff = NULL;
258 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
259     unsigned char lastiv[1];
260     char tmp[80];
261 yutakapon 8316 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_IN];
262 doda 6985
263     if (bytes == 0)
264     return TRUE;
265    
266     if (bytes % block_size) {
267     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
268     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
269     get_cipher_name(pvar->crypt_state.receiver_cipher),
270     bytes, block_size);
271     notify_fatal_error(pvar, tmp, TRUE);
272     return FALSE;
273     }
274    
275 doda 7133 if (bytes > encbufflen) {
276     if ((newbuff = realloc(encbuff, bytes)) == NULL)
277     goto err;
278     encbuff = newbuff;
279     encbufflen = bytes;
280     }
281 doda 6985
282     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
283     goto err;
284    
285     if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
286     goto err;
287    
288     if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
289     goto err;
290    
291 doda 7133 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
292 doda 6985 goto err;
293    
294 doda 7133 memcpy(data+aadlen, encbuff, bytes);
295 doda 6985
296     if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
297 nmaya 9210 goto err;
298 doda 6985
299 nmaya 9210 return TRUE;
300    
301 doda 6985 err:
302     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
303     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
304     get_cipher_name(pvar->crypt_state.receiver_cipher));
305     notify_fatal_error(pvar, tmp, TRUE);
306     return FALSE;
307     }
308    
309 maya 7774 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
310 maya 3227 {
311     }
312    
313 maya 7774 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
314 maya 3227 {
315 doda 7133 unsigned char *newbuff;
316 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
317 doda 4212 char tmp[80];
318 maya 3227
319     if (bytes == 0)
320     return;
321    
322     if (bytes % block_size) {
323 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
324     "%s encrypt error(1): bytes %d (%d)");
325     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
326 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
327     bytes, block_size);
328 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
329 maya 3227 return;
330     }
331    
332 doda 7133 if (bytes > encbufflen) {
333     if ((newbuff = realloc(encbuff, bytes)) == NULL)
334     return;
335     encbuff = newbuff;
336     encbufflen = bytes;
337     }
338 maya 3227
339 yutakapon 8316 if (EVP_Cipher(pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) {
340 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
341     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
342 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
343 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
344 maya 3227 } else {
345 doda 7133 memcpy(buf, encbuff, bytes);
346 maya 3227 }
347     }
348    
349 maya 7774 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
350 maya 3227 {
351 doda 7133 unsigned char *newbuff;
352 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
353 doda 4212 char tmp[80];
354 maya 3227
355     if (bytes == 0)
356     return;
357    
358     if (bytes % block_size) {
359 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
360     "%s decrypt error(1): bytes %d (%d)");
361     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
362 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
363     bytes, block_size);
364 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
365 maya 3227 return;
366     }
367    
368 doda 7133 if (bytes > encbufflen) {
369     if ((newbuff = malloc(bytes)) == NULL)
370     return;
371     encbuff = newbuff;
372     encbufflen = bytes;
373     }
374 maya 3227
375 yutakapon 8316 if (EVP_Cipher(pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) {
376 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
377     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
378 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
379 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
380 maya 3227 } else {
381 doda 7133 memcpy(buf, encbuff, bytes);
382 maya 3227 }
383     }
384    
385 maya 7774 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
386 maya 3227 {
387 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
388 maya 3227
389     DES_ncbc_encrypt(buf, buf, bytes,
390     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
391     DES_ncbc_encrypt(buf, buf, bytes,
392     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
393     DES_ncbc_encrypt(buf, buf, bytes,
394     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
395     }
396    
397 maya 7774 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
398 maya 3227 {
399 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
400 maya 3227
401     DES_ncbc_encrypt(buf, buf, bytes,
402     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
403     DES_ncbc_encrypt(buf, buf, bytes,
404     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
405     DES_ncbc_encrypt(buf, buf, bytes,
406     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
407     }
408    
409 maya 7774 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
410 maya 3227 {
411 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
412 maya 3227
413     DES_ncbc_encrypt(buf, buf, bytes,
414     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
415     }
416    
417 maya 7774 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
418 maya 3227 {
419 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
420 maya 3227
421     DES_ncbc_encrypt(buf, buf, bytes,
422     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
423     }
424    
425 maya 7774 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
426 maya 3227 {
427 doda 6801 uint32 *buf = (uint32 *) cbuf;
428 maya 3227 int count = bytes / 4;
429    
430     while (count > 0) {
431     uint32 w = *buf;
432    
433     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
434     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
435     count--;
436     buf++;
437     }
438     }
439    
440 maya 7774 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
441 maya 3227 {
442 doda 6801 CipherBlowfishState *encryptstate =
443 maya 3227 &pvar->crypt_state.enc.cBlowfish;
444    
445     flip_endianness(buf, bytes);
446     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
447     BF_ENCRYPT);
448     flip_endianness(buf, bytes);
449     }
450    
451 maya 7774 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
452 maya 3227 {
453 doda 6801 CipherBlowfishState *decryptstate =
454 maya 3227 &pvar->crypt_state.dec.cBlowfish;
455    
456     flip_endianness(buf, bytes);
457     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
458     BF_DECRYPT);
459     flip_endianness(buf, bytes);
460     }
461    
462 maya 7774 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
463 maya 3227 {
464 yutakapon 8316 int ret;
465    
466     // OpenSSL 1.1.1���g���������AWindowsMe���� RAND_bytes() �������o�����������B
467     logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__);
468     ret = RAND_bytes(buf, bytes);
469     if (ret < 0) {
470     logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret);
471     }
472 maya 3227 }
473    
474     void CRYPT_initialize_random_numbers(PTInstVar pvar)
475     {
476 maya 4550 // ����������������������
477     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
478     //RAND_screen();
479 maya 3227 }
480    
481 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
482 maya 3227 {
483     int bits = get_ushort16_MSBfirst(bytes);
484    
485     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
486     }
487    
488     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
489 doda 6801 RSA *make_key(PTInstVar pvar,
490 nmaya 9209 int bits, unsigned char *exp,
491     unsigned char *mod)
492 maya 3227 {
493 doda 6801 RSA *key = RSA_new();
494 yutakapon 8316 BIGNUM *e = NULL, *n = NULL;
495 maya 3227
496     if (key != NULL) {
497 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
498     // RSA_set0_key���������������K�v�������B
499     e = get_bignum(exp);
500     n = get_bignum(mod);
501     RSA_set0_key(key, n, e, NULL);
502 maya 3227 }
503    
504 yutakapon 8316 if (key == NULL || e == NULL || n == NULL) {
505 maya 3227 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
506     "Error setting up RSA keys");
507 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
508 maya 3227
509     if (key != NULL) {
510 yutakapon 8316 if (e != NULL) {
511     BN_free(e);
512 maya 3227 }
513 yutakapon 8316 if (n != NULL) {
514     BN_free(n);
515 maya 3227 }
516     RSA_free(key);
517     }
518    
519     return NULL;
520     } else {
521     return key;
522     }
523     }
524    
525 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
526 maya 3227 {
527     if (SSHv1(pvar)) {
528     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
529     } else {
530     memcpy(pvar->crypt_state.server_cookie, cookie,
531     SSH2_COOKIE_LENGTH);
532     }
533     }
534    
535 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
536 maya 3227 {
537     if (SSHv2(pvar)) {
538     memcpy(pvar->crypt_state.client_cookie, cookie,
539     SSH2_COOKIE_LENGTH);
540     }
541     }
542    
543     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
544 doda 6801 int bits, unsigned char *exp,
545     unsigned char *mod)
546 maya 3227 {
547     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
548    
549     return pvar->crypt_state.server_key.RSA_key != NULL;
550     }
551    
552     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
553 doda 6801 int bits, unsigned char *exp,
554     unsigned char *mod)
555 maya 3227 {
556     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
557    
558     return pvar->crypt_state.host_key.RSA_key != NULL;
559     }
560    
561     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
562     int receiver_ciphers)
563     {
564     int cipher_mask;
565    
566     if (SSHv1(pvar)) {
567     cipher_mask = (1 << SSH_CIPHER_DES)
568     | (1 << SSH_CIPHER_3DES)
569     | (1 << SSH_CIPHER_BLOWFISH);
570    
571     } else { // for SSH2(yutaka)
572     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
573 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
574 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
575     | (1 << SSH2_CIPHER_AES192_CBC)
576     | (1 << SSH2_CIPHER_AES256_CBC)
577     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
578     | (1 << SSH2_CIPHER_AES128_CTR)
579     | (1 << SSH2_CIPHER_AES192_CTR)
580     | (1 << SSH2_CIPHER_AES256_CTR)
581     | (1 << SSH2_CIPHER_ARCFOUR)
582     | (1 << SSH2_CIPHER_ARCFOUR128)
583     | (1 << SSH2_CIPHER_ARCFOUR256)
584 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
585     | (1 << SSH2_CIPHER_3DES_CTR)
586     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
587 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
588     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
589     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
590     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
591     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
592     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
593     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
594 doda 6985 | (1 << SSH2_CIPHER_AES128_GCM)
595     | (1 << SSH2_CIPHER_AES256_GCM)
596 doda 4433 );
597 maya 3227 }
598    
599     sender_ciphers &= cipher_mask;
600     receiver_ciphers &= cipher_mask;
601     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
602     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
603    
604     if (sender_ciphers == 0) {
605     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
606     "The server does not support any of the TTSSH encryption algorithms.\n"
607     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
608     "The connection will be closed.");
609 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
610 maya 3227 return FALSE;
611     } else if (receiver_ciphers == 0) {
612     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
613     "The server does not support any of the TTSSH encryption algorithms.\n"
614     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
615     "The connection will be closed.");
616 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
617 maya 3227 return FALSE;
618     } else {
619     return TRUE;
620     }
621     }
622    
623 doda 6982 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
624 maya 3227 {
625     if (SSHv1(pvar)) {
626     return 8;
627     } else {
628     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
629     // cf. 3DES=8, AES128=16
630     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
631     }
632     }
633    
634 doda 6982 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
635 maya 3227 {
636     if (SSHv1(pvar)) {
637     return 8;
638     } else {
639     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
640     // cf. 3DES=8, AES128=16
641     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
642     }
643     }
644    
645 doda 6982 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
646 maya 3227 {
647     struct Mac *mac;
648    
649     if (SSHv1(pvar)) {
650     return 0;
651    
652     } else { // for SSH2(yutaka)
653     mac = &pvar->ssh2_keys[MODE_IN].mac;
654     if (mac == NULL || mac->enabled == 0)
655     return 0;
656    
657     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
658     }
659    
660     }
661    
662     // HMAC������
663     // ���{������ SSH2 �������g�p�������B
664     // (2004.12.17 yutaka)
665     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
666 nmaya 9209 char *data, int len, char *MAC)
667 maya 3227 {
668 yutakapon 8316 HMAC_CTX *c = NULL;
669 maya 3227 unsigned char m[EVP_MAX_MD_SIZE];
670     unsigned char b[4];
671     struct Mac *mac;
672    
673     mac = &pvar->ssh2_keys[MODE_IN].mac;
674    
675     // HMAC�������L���������������A����OK�����������B
676 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
677 maya 3227 return TRUE;
678    
679 yutakapon 6302 if (mac->key == NULL) {
680 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
681 maya 3227 goto error;
682 yutakapon 6302 }
683 maya 3227
684 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
685 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
686 nmaya 9209 mac->mac_len, sizeof(m), sequence_number, len);
687 maya 3227 goto error;
688 yutakapon 6302 }
689 maya 3227
690 yutakapon 8316 c = HMAC_CTX_new();
691     if (c == NULL)
692     goto error;
693    
694     HMAC_Init(c, mac->key, mac->key_len, mac->md);
695 maya 3227 set_uint32_MSBfirst(b, sequence_number);
696 yutakapon 8316 HMAC_Update(c, b, sizeof(b));
697     HMAC_Update(c, data, len);
698     HMAC_Final(c, m, NULL);
699     // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
700 maya 3227
701     if (memcmp(m, MAC, mac->mac_len)) {
702 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
703     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
704     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
705 maya 3227 goto error;
706     }
707    
708 yutakapon 8316 HMAC_CTX_free(c);
709    
710 maya 3227 return TRUE;
711    
712     error:
713 yutakapon 8316 if (c)
714     HMAC_CTX_free(c);
715    
716 maya 3227 return FALSE;
717     }
718    
719 doda 6982 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
720 maya 3227 {
721     struct Mac *mac;
722    
723     if (SSHv2(pvar)) { // for SSH2(yutaka)
724     mac = &pvar->ssh2_keys[MODE_OUT].mac;
725     if (mac == NULL || mac->enabled == 0)
726     return 0;
727    
728     return (mac->mac_len);
729     }
730    
731     return 0;
732     }
733    
734     // for SSH2
735     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
736 doda 6801 char *data, int len, char *MAC)
737 maya 3227 {
738 yutakapon 8316 HMAC_CTX *c = NULL;
739 maya 3227 static u_char m[EVP_MAX_MD_SIZE];
740     u_char b[4];
741     struct Mac *mac;
742    
743     if (SSHv2(pvar)) { // for SSH2(yutaka)
744     mac = &pvar->ssh2_keys[MODE_OUT].mac;
745     if (mac == NULL || mac->enabled == 0)
746     return FALSE;
747    
748 yutakapon 8316 c = HMAC_CTX_new();
749     if (c == NULL)
750     return FALSE;
751    
752     HMAC_Init(c, mac->key, mac->key_len, mac->md);
753 maya 3227 set_uint32_MSBfirst(b, sequence_number);
754 yutakapon 8316 HMAC_Update(c, b, sizeof(b));
755     HMAC_Update(c, data, len);
756     HMAC_Final(c, m, NULL);
757     // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
758 maya 3227
759     // 20�o�C�g�������R�s�[
760     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
761     // memcpy(MAC, m, sizeof(m));
762    
763 yutakapon 8316 HMAC_CTX_free(c);
764    
765 maya 3227 return TRUE;
766     }
767    
768     return TRUE;
769    
770     }
771    
772     static int choose_cipher(PTInstVar pvar, int supported)
773     {
774     int i;
775    
776     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
777     int cipher = pvar->session_settings.CipherOrder[i] - '0';
778    
779     if (cipher == SSH_CIPHER_NONE) {
780     break;
781     } else if ((supported & (1 << cipher)) != 0) {
782     return cipher;
783     }
784     }
785    
786     return SSH_CIPHER_NONE;
787     }
788    
789     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
790     {
791     if (SSHv1(pvar)) {
792     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
793     pvar->crypt_state.
794     supported_sender_ciphers);
795     pvar->crypt_state.receiver_cipher =
796     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
797    
798     } else { // SSH2(yutaka)
799 doda 7002 if (pvar->ciphers[MODE_OUT] == NULL) {
800     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
801     }
802     else {
803 nmaya 9210 pvar->crypt_state.sender_cipher = get_cipher_id(pvar->ciphers[MODE_OUT]);
804 doda 7002 }
805     if (pvar->ciphers[MODE_IN] == NULL) {
806     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
807     }
808     else {
809 nmaya 9210 pvar->crypt_state.receiver_cipher = get_cipher_id(pvar->ciphers[MODE_IN]);
810 doda 7002 }
811 maya 3227 }
812    
813     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
814     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
815 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
816 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
817     "To communicate with this server, you will have to enable some more ciphers\n"
818     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
819     "This connection will now close.");
820 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
821 maya 3227 return FALSE;
822     } else {
823     return TRUE;
824     }
825     }
826    
827 doda 6982 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
828 maya 3227 {
829 yutakapon 8316 int server_key_bits;
830     int host_key_bits;
831     int server_key_bytes;
832     int host_key_bytes;
833     BIGNUM *n;
834 maya 3227
835 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
836     // RSA_get0_key���������������K�v�������B
837     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
838     server_key_bits = BN_num_bits(n);
839    
840     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
841     host_key_bits = BN_num_bits(n);
842    
843     server_key_bytes = (server_key_bits + 7) / 8;
844     host_key_bytes = (host_key_bits + 7) / 8;
845    
846 maya 3227 if (server_key_bits < host_key_bits) {
847     return host_key_bytes;
848     } else {
849     return server_key_bytes;
850     }
851     }
852    
853     int CRYPT_choose_session_key(PTInstVar pvar,
854 doda 6801 unsigned char *encrypted_key_buf)
855 maya 3227 {
856 yutakapon 8316 int server_key_bits;
857     int host_key_bits;
858     int server_key_bytes;
859     int host_key_bytes;
860 maya 3227 int encrypted_key_bytes;
861     int bit_delta;
862 yutakapon 8316 BIGNUM *server_n, *host_n;
863 maya 3227
864 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
865     // RSA_get0_key���������������K�v�������B
866     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
867     server_key_bits = BN_num_bits(server_n);
868    
869     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
870     host_key_bits = BN_num_bits(host_n);
871    
872     server_key_bytes = (server_key_bits + 7) / 8;
873     host_key_bytes = (host_key_bits + 7) / 8;
874    
875 maya 3227 if (server_key_bits < host_key_bits) {
876     encrypted_key_bytes = host_key_bytes;
877     bit_delta = host_key_bits - server_key_bits;
878     } else {
879     encrypted_key_bytes = server_key_bytes;
880     bit_delta = server_key_bits - host_key_bits;
881     }
882    
883     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
884 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
885 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
886 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
887 maya 3227 return 0;
888     } else {
889     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
890     for the session ID, rather than the one specified in the RFC */
891     int session_buf_len = server_key_bytes + host_key_bytes + 8;
892 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
893 maya 3227 char session_id[16];
894     int i;
895    
896 yutakapon 8316 BN_bn2bin(host_n, session_buf);
897     BN_bn2bin(server_n,
898 maya 3227 session_buf + host_key_bytes);
899     memcpy(session_buf + server_key_bytes + host_key_bytes,
900     pvar->crypt_state.server_cookie, 8);
901     MD5(session_buf, session_buf_len, session_id);
902    
903     free(session_buf);
904    
905     RAND_bytes(pvar->crypt_state.sender_cipher_key,
906     SSH_SESSION_KEY_LENGTH);
907     memcpy(pvar->crypt_state.receiver_cipher_key,
908     pvar->crypt_state.sender_cipher_key,
909     SSH_SESSION_KEY_LENGTH);
910    
911     memcpy(encrypted_key_buf + encrypted_key_bytes -
912     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
913     SSH_SESSION_KEY_LENGTH);
914     for (i = 0; i < sizeof(session_id); i++) {
915     encrypted_key_buf[encrypted_key_bytes -
916     SSH_SESSION_KEY_LENGTH + i]
917     ^= session_id[i];
918     }
919    
920     if (host_key_bits > server_key_bits) {
921     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
922     encrypted_key_buf +
923     encrypted_key_bytes -
924     SSH_SESSION_KEY_LENGTH,
925     encrypted_key_buf +
926     encrypted_key_bytes - server_key_bytes,
927     pvar->crypt_state.server_key.RSA_key,
928     RSA_PKCS1_PADDING) < 0)
929     return 0;
930    
931     if (RSA_public_encrypt(server_key_bytes,
932     encrypted_key_buf +
933     encrypted_key_bytes - server_key_bytes,
934     encrypted_key_buf,
935     pvar->crypt_state.host_key.RSA_key,
936     RSA_PKCS1_PADDING) < 0)
937     return 0;
938     } else {
939     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
940     encrypted_key_buf +
941     encrypted_key_bytes -
942     SSH_SESSION_KEY_LENGTH,
943     encrypted_key_buf +
944     encrypted_key_bytes - host_key_bytes,
945     pvar->crypt_state.host_key.RSA_key,
946     RSA_PKCS1_PADDING) < 0)
947     return 0;
948    
949     if (RSA_public_encrypt(host_key_bytes,
950     encrypted_key_buf +
951     encrypted_key_bytes - host_key_bytes,
952     encrypted_key_buf,
953     pvar->crypt_state.server_key.RSA_key,
954     RSA_PKCS1_PADDING) < 0)
955     return 0;
956     }
957     }
958    
959     return 1;
960     }
961    
962     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
963 doda 6801 unsigned char *challenge,
964 maya 3227 int challenge_len,
965 doda 6801 unsigned char *response)
966 maya 3227 {
967 yutakapon 8316 int server_key_bits;
968     int host_key_bits;
969     int server_key_bytes;
970     int host_key_bytes;
971     int session_buf_len;
972     char *session_buf;
973 maya 3227 char decrypted_challenge[48];
974     int decrypted_challenge_len;
975 yutakapon 8316 BIGNUM *server_n, *host_n;
976 maya 3227
977 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
978     // RSA_get0_key���������������K�v�������B
979     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
980     server_key_bits = BN_num_bits(server_n);
981    
982     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
983     host_key_bits = BN_num_bits(host_n);
984    
985     server_key_bytes = (server_key_bits + 7) / 8;
986     host_key_bytes = (host_key_bits + 7) / 8;
987     session_buf_len = server_key_bytes + host_key_bytes + 8;
988     session_buf = (char FAR *) malloc(session_buf_len);
989    
990 maya 3227 decrypted_challenge_len =
991     RSA_private_decrypt(challenge_len, challenge, challenge,
992 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
993 maya 3227 RSA_PKCS1_PADDING);
994     if (decrypted_challenge_len < 0) {
995     free(session_buf);
996     return 0;
997     }
998     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
999     memcpy(decrypted_challenge,
1000     challenge + decrypted_challenge_len -
1001     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1002     } else {
1003 doda 7003 SecureZeroMemory(decrypted_challenge,
1004 nmaya 9209 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1005 maya 3227 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1006     decrypted_challenge_len, challenge,
1007     decrypted_challenge_len);
1008     }
1009    
1010 yutakapon 8316 BN_bn2bin(host_n, session_buf);
1011     BN_bn2bin(server_n,
1012 maya 3227 session_buf + host_key_bytes);
1013     memcpy(session_buf + server_key_bytes + host_key_bytes,
1014     pvar->crypt_state.server_cookie, 8);
1015     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1016    
1017     free(session_buf);
1018    
1019     MD5(decrypted_challenge, 48, response);
1020    
1021     return 1;
1022     }
1023    
1024 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
1025 maya 3227 {
1026 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
1027     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
1028     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
1029 doda 7003 SecureZeroMemory(state->ivec1, 8);
1030     SecureZeroMemory(state->ivec2, 8);
1031     SecureZeroMemory(state->ivec3, 8);
1032 maya 3227 }
1033    
1034 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
1035 maya 3227 {
1036 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
1037 doda 7003 SecureZeroMemory(state->ivec, 8);
1038 maya 3227 }
1039    
1040 doda 6801 static void cBlowfish_init(char *session_key,
1041     CipherBlowfishState *state)
1042 maya 3227 {
1043     BF_set_key(&state->k, 32, session_key);
1044 doda 7003 SecureZeroMemory(state->ivec, 8);
1045 maya 3227 }
1046    
1047     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1048     {
1049 doda 6716 struct Enc *enc;
1050 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1051     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1052 nmaya 9210 const struct ssh2cipher *cipher;
1053 maya 3227 BOOL isOK = TRUE;
1054    
1055     if (sender_flag) {
1056 doda 7002 if (SSHv1(pvar)) {
1057     switch (pvar->crypt_state.sender_cipher) {
1058     case SSH_CIPHER_3DES:
1059     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1060     pvar->crypt_state.encrypt = c3DES_encrypt;
1061     break;
1062 maya 3227
1063 doda 7002 case SSH_CIPHER_DES:
1064     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1065     pvar->crypt_state.encrypt = cDES_encrypt;
1066     break;
1067 maya 3227
1068 doda 7002 case SSH_CIPHER_BLOWFISH:
1069     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1070     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1071     break;
1072 maya 3227
1073 doda 7002 case SSH_CIPHER_NONE:
1074     case SSH_CIPHER_IDEA:
1075     case SSH_CIPHER_TSS:
1076     case SSH_CIPHER_RC4:
1077     isOK = FALSE;
1078     break;
1079     }
1080     }
1081     else {
1082     // SSH2
1083     cipher = pvar->ciphers[MODE_OUT];
1084     if (cipher) {
1085 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1086 yutakapon 8316 cipher_init_SSH2(pvar->evpcip[MODE_OUT],
1087 doda 6716 enc->key, get_cipher_key_len(cipher),
1088 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1089 maya 3227 CIPHER_ENCRYPT,
1090 doda 6716 get_cipher_EVP_CIPHER(cipher),
1091     get_cipher_discard_len(cipher),
1092 doda 6985 get_cipher_auth_len(cipher),
1093 maya 3227 pvar);
1094    
1095 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1096 maya 3227 }
1097 doda 6716 else {
1098     isOK = FALSE;
1099 maya 3227 }
1100     }
1101     }
1102    
1103     if (receiver_flag) {
1104 doda 7002 if (SSHv1(pvar)) {
1105     switch (pvar->crypt_state.receiver_cipher) {
1106     case SSH_CIPHER_3DES:
1107     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1108     pvar->crypt_state.decrypt = c3DES_decrypt;
1109     break;
1110 maya 3227
1111 doda 7002 case SSH_CIPHER_DES:
1112     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1113     pvar->crypt_state.decrypt = cDES_decrypt;
1114     break;
1115 maya 3227
1116 doda 7002 case SSH_CIPHER_BLOWFISH:
1117     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1118     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1119     break;
1120 maya 3227
1121 doda 7002 case SSH_CIPHER_NONE:
1122     case SSH_CIPHER_IDEA:
1123     case SSH_CIPHER_TSS:
1124     case SSH_CIPHER_RC4:
1125     isOK = FALSE;
1126     break;
1127     }
1128     }
1129     else {
1130     // SSH2
1131     cipher = pvar->ciphers[MODE_IN];
1132     if (cipher) {
1133 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1134 yutakapon 8316 cipher_init_SSH2(pvar->evpcip[MODE_IN],
1135 doda 6716 enc->key, get_cipher_key_len(cipher),
1136 doda 6985 enc->iv, get_cipher_iv_len(cipher),
1137 maya 3227 CIPHER_DECRYPT,
1138 doda 6716 get_cipher_EVP_CIPHER(cipher),
1139     get_cipher_discard_len(cipher),
1140 doda 6985 get_cipher_auth_len(cipher),
1141 maya 3227 pvar);
1142    
1143 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1144 maya 3227 }
1145 doda 6716 else {
1146     isOK = FALSE;
1147 maya 3227 }
1148     }
1149     }
1150    
1151     if (!isOK) {
1152 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1153 maya 3227 "No cipher selected!");
1154 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1155 maya 3227 return FALSE;
1156     } else {
1157 doda 7003 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1158     SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1159 maya 3227 return TRUE;
1160     }
1161     }
1162    
1163     void CRYPT_init(PTInstVar pvar)
1164     {
1165     pvar->crypt_state.encrypt = no_encrypt;
1166     pvar->crypt_state.decrypt = no_encrypt;
1167     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1168     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1169     pvar->crypt_state.server_key.RSA_key = NULL;
1170     pvar->crypt_state.host_key.RSA_key = NULL;
1171    
1172     pvar->crypt_state.detect_attack_statics.h = NULL;
1173     pvar->crypt_state.detect_attack_statics.n =
1174     HASH_MINSIZE / HASH_ENTRYSIZE;
1175     }
1176    
1177 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1178 maya 3227 {
1179     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1180     "%s to server, %s from server");
1181     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1182     get_cipher_name(pvar->crypt_state.sender_cipher),
1183     get_cipher_name(pvar->crypt_state.receiver_cipher));
1184     }
1185    
1186 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1187 maya 3227 {
1188 yutakapon 8316 BIGNUM *server_n, *host_n;
1189    
1190     // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1191     // RSA_get0_key���������������K�v�������B
1192    
1193 maya 3227 if (SSHv1(pvar)) {
1194     if (pvar->crypt_state.server_key.RSA_key == NULL
1195     || pvar->crypt_state.host_key.RSA_key == NULL) {
1196     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1197     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1198     } else {
1199 yutakapon 8316 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1200     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1201    
1202 maya 3227 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1203     "%d-bit server key, %d-bit host key");
1204     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1205 yutakapon 8316 BN_num_bits(server_n),
1206     BN_num_bits(host_n));
1207 maya 3227 }
1208     } else { // SSH2
1209 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1210     "%d-bit client key, %d-bit server key");
1211 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1212 maya 4313 pvar->client_key_bits,
1213     pvar->server_key_bits);
1214 maya 3227 }
1215     }
1216    
1217 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1218 maya 3227 {
1219     if (key->RSA_key != NULL) {
1220     RSA_free(key->RSA_key);
1221     key->RSA_key = NULL;
1222     }
1223     }
1224    
1225 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1226 maya 3227 {
1227     destroy_public_key(key);
1228     free(key);
1229     }
1230    
1231     void CRYPT_end(PTInstVar pvar)
1232     {
1233 doda 7133 free(encbuff);
1234     encbuff = NULL;
1235     encbufflen = 0;
1236    
1237 maya 3227 destroy_public_key(&pvar->crypt_state.host_key);
1238     destroy_public_key(&pvar->crypt_state.server_key);
1239    
1240     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1241 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1242 nmaya 9209 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1243 maya 3227 free(pvar->crypt_state.detect_attack_statics.h);
1244     }
1245    
1246 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1247 nmaya 9209 sizeof(pvar->crypt_state.sender_cipher_key));
1248 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1249 nmaya 9209 sizeof(pvar->crypt_state.receiver_cipher_key));
1250 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1251 nmaya 9209 sizeof(pvar->crypt_state.server_cookie));
1252 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1253 nmaya 9209 sizeof(pvar->crypt_state.client_cookie));
1254 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1255     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1256 maya 3227 }
1257    
1258 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1259     char *buf, int bytes)
1260 maya 3227 {
1261     unsigned char passphrase_key[16];
1262    
1263     MD5(passphrase, strlen(passphrase), passphrase_key);
1264    
1265     switch (cipher) {
1266     case SSH_CIPHER_3DES:{
1267     Cipher3DESState state;
1268    
1269 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1270 maya 3227 &state.k1);
1271 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1272 maya 3227 &state.k2);
1273 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1274 maya 3227 &state.k3);
1275 doda 7003 SecureZeroMemory(state.ivec1, 8);
1276     SecureZeroMemory(state.ivec2, 8);
1277     SecureZeroMemory(state.ivec3, 8);
1278 maya 3227 DES_ncbc_encrypt(buf, buf, bytes,
1279     &state.k3, &state.ivec3, DES_DECRYPT);
1280     DES_ncbc_encrypt(buf, buf, bytes,
1281     &state.k2, &state.ivec2, DES_ENCRYPT);
1282     DES_ncbc_encrypt(buf, buf, bytes,
1283     &state.k1, &state.ivec1, DES_DECRYPT);
1284     break;
1285     }
1286    
1287     case SSH_CIPHER_DES:{
1288     CipherDESState state;
1289    
1290     cDES_init(passphrase_key, &state);
1291     DES_ncbc_encrypt(buf, buf, bytes,
1292     &state.k, &state.ivec, DES_DECRYPT);
1293     break;
1294     }
1295    
1296     case SSH_CIPHER_BLOWFISH:{
1297     CipherBlowfishState state;
1298    
1299     BF_set_key(&state.k, 16, passphrase_key);
1300 doda 7003 SecureZeroMemory(state.ivec, 8);
1301 maya 3227 flip_endianness(buf, bytes);
1302     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1303 nmaya 9209 BF_DECRYPT);
1304 maya 3227 flip_endianness(buf, bytes);
1305     break;
1306     }
1307    
1308     case SSH_CIPHER_NONE:
1309     break;
1310    
1311     default:
1312 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1313 maya 3227 return 0;
1314     }
1315    
1316 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1317 maya 3227 return 1;
1318     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help