| 206 |
unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size; |
unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size; |
| 207 |
unsigned char lastiv[1]; |
unsigned char lastiv[1]; |
| 208 |
char tmp[80]; |
char tmp[80]; |
| 209 |
EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_OUT]; |
EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_OUT]; |
| 210 |
|
|
| 211 |
if (bytes == 0) |
if (bytes == 0) |
| 212 |
return TRUE; |
return TRUE; |
| 260 |
unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size; |
unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size; |
| 261 |
unsigned char lastiv[1]; |
unsigned char lastiv[1]; |
| 262 |
char tmp[80]; |
char tmp[80]; |
| 263 |
EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_IN]; |
EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_IN]; |
| 264 |
|
|
| 265 |
if (bytes == 0) |
if (bytes == 0) |
| 266 |
return TRUE; |
return TRUE; |
| 338 |
encbufflen = bytes; |
encbufflen = bytes; |
| 339 |
} |
} |
| 340 |
|
|
| 341 |
if (EVP_Cipher(&pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) { |
if (EVP_Cipher(pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) { |
| 342 |
UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)"); |
UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)"); |
| 343 |
_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, |
_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, |
| 344 |
get_cipher_name(pvar->crypt_state.sender_cipher)); |
get_cipher_name(pvar->crypt_state.sender_cipher)); |
| 374 |
encbufflen = bytes; |
encbufflen = bytes; |
| 375 |
} |
} |
| 376 |
|
|
| 377 |
if (EVP_Cipher(&pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) { |
if (EVP_Cipher(pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) { |
| 378 |
UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)"); |
UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)"); |
| 379 |
_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, |
_snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, |
| 380 |
get_cipher_name(pvar->crypt_state.receiver_cipher)); |
get_cipher_name(pvar->crypt_state.receiver_cipher)); |
| 463 |
|
|
| 464 |
void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes) |
void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes) |
| 465 |
{ |
{ |
| 466 |
RAND_bytes(buf, bytes); |
int ret; |
| 467 |
|
|
| 468 |
|
// OpenSSL 1.1.1を使った場合、WindowsMeでは RAND_bytes() の呼び出しで落ちる。 |
| 469 |
|
logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__); |
| 470 |
|
ret = RAND_bytes(buf, bytes); |
| 471 |
|
if (ret < 0) { |
| 472 |
|
logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret); |
| 473 |
|
} |
| 474 |
} |
} |
| 475 |
|
|
| 476 |
void CRYPT_initialize_random_numbers(PTInstVar pvar) |
void CRYPT_initialize_random_numbers(PTInstVar pvar) |
| 493 |
unsigned char *mod) |
unsigned char *mod) |
| 494 |
{ |
{ |
| 495 |
RSA *key = RSA_new(); |
RSA *key = RSA_new(); |
| 496 |
|
BIGNUM *e = NULL, *n = NULL; |
| 497 |
|
|
| 498 |
if (key != NULL) { |
if (key != NULL) { |
| 499 |
key->e = get_bignum(exp); |
// OpenSSL 1.1.0ではRSA構造体のメンバーに直接アクセスできないため、 |
| 500 |
key->n = get_bignum(mod); |
// RSA_set0_key関数で設定する必要がある。 |
| 501 |
|
e = get_bignum(exp); |
| 502 |
|
n = get_bignum(mod); |
| 503 |
|
RSA_set0_key(key, n, e, NULL); |
| 504 |
} |
} |
| 505 |
|
|
| 506 |
if (key == NULL || key->e == NULL || key->n == NULL) { |
if (key == NULL || e == NULL || n == NULL) { |
| 507 |
UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar, |
UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar, |
| 508 |
"Error setting up RSA keys"); |
"Error setting up RSA keys"); |
| 509 |
notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE); |
notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE); |
| 510 |
|
|
| 511 |
if (key != NULL) { |
if (key != NULL) { |
| 512 |
if (key->e != NULL) { |
if (e != NULL) { |
| 513 |
BN_free(key->e); |
BN_free(e); |
| 514 |
} |
} |
| 515 |
if (key->n != NULL) { |
if (n != NULL) { |
| 516 |
BN_free(key->n); |
BN_free(n); |
| 517 |
} |
} |
| 518 |
RSA_free(key); |
RSA_free(key); |
| 519 |
} |
} |
| 667 |
BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number, |
BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number, |
| 668 |
char *data, int len, char *MAC) |
char *data, int len, char *MAC) |
| 669 |
{ |
{ |
| 670 |
HMAC_CTX c; |
HMAC_CTX *c = NULL; |
| 671 |
unsigned char m[EVP_MAX_MD_SIZE]; |
unsigned char m[EVP_MAX_MD_SIZE]; |
| 672 |
unsigned char b[4]; |
unsigned char b[4]; |
| 673 |
struct Mac *mac; |
struct Mac *mac; |
| 689 |
goto error; |
goto error; |
| 690 |
} |
} |
| 691 |
|
|
| 692 |
HMAC_Init(&c, mac->key, mac->key_len, mac->md); |
c = HMAC_CTX_new(); |
| 693 |
|
if (c == NULL) |
| 694 |
|
goto error; |
| 695 |
|
|
| 696 |
|
HMAC_Init(c, mac->key, mac->key_len, mac->md); |
| 697 |
set_uint32_MSBfirst(b, sequence_number); |
set_uint32_MSBfirst(b, sequence_number); |
| 698 |
HMAC_Update(&c, b, sizeof(b)); |
HMAC_Update(c, b, sizeof(b)); |
| 699 |
HMAC_Update(&c, data, len); |
HMAC_Update(c, data, len); |
| 700 |
HMAC_Final(&c, m, NULL); |
HMAC_Final(c, m, NULL); |
| 701 |
HMAC_cleanup(&c); |
// HMAC_cleanup()はOpenSSL 1.1.0で削除され、HMAC_CTX_free()に集約された。 |
| 702 |
|
|
| 703 |
if (memcmp(m, MAC, mac->mac_len)) { |
if (memcmp(m, MAC, mac->mac_len)) { |
| 704 |
logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len); |
logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len); |
| 707 |
goto error; |
goto error; |
| 708 |
} |
} |
| 709 |
|
|
| 710 |
|
HMAC_CTX_free(c); |
| 711 |
|
|
| 712 |
return TRUE; |
return TRUE; |
| 713 |
|
|
| 714 |
error: |
error: |
| 715 |
|
if (c) |
| 716 |
|
HMAC_CTX_free(c); |
| 717 |
|
|
| 718 |
return FALSE; |
return FALSE; |
| 719 |
} |
} |
| 720 |
|
|
| 737 |
BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number, |
BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number, |
| 738 |
char *data, int len, char *MAC) |
char *data, int len, char *MAC) |
| 739 |
{ |
{ |
| 740 |
HMAC_CTX c; |
HMAC_CTX *c = NULL; |
| 741 |
static u_char m[EVP_MAX_MD_SIZE]; |
static u_char m[EVP_MAX_MD_SIZE]; |
| 742 |
u_char b[4]; |
u_char b[4]; |
| 743 |
struct Mac *mac; |
struct Mac *mac; |
| 747 |
if (mac == NULL || mac->enabled == 0) |
if (mac == NULL || mac->enabled == 0) |
| 748 |
return FALSE; |
return FALSE; |
| 749 |
|
|
| 750 |
HMAC_Init(&c, mac->key, mac->key_len, mac->md); |
c = HMAC_CTX_new(); |
| 751 |
|
if (c == NULL) |
| 752 |
|
return FALSE; |
| 753 |
|
|
| 754 |
|
HMAC_Init(c, mac->key, mac->key_len, mac->md); |
| 755 |
set_uint32_MSBfirst(b, sequence_number); |
set_uint32_MSBfirst(b, sequence_number); |
| 756 |
HMAC_Update(&c, b, sizeof(b)); |
HMAC_Update(c, b, sizeof(b)); |
| 757 |
HMAC_Update(&c, data, len); |
HMAC_Update(c, data, len); |
| 758 |
HMAC_Final(&c, m, NULL); |
HMAC_Final(c, m, NULL); |
| 759 |
HMAC_cleanup(&c); |
// HMAC_cleanup()はOpenSSL 1.1.0で削除され、HMAC_CTX_free()に集約された。 |
| 760 |
|
|
| 761 |
// 20バイト分だけコピー |
// 20バイト分だけコピー |
| 762 |
memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len); |
memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len); |
| 763 |
// memcpy(MAC, m, sizeof(m)); |
// memcpy(MAC, m, sizeof(m)); |
| 764 |
|
|
| 765 |
|
HMAC_CTX_free(c); |
| 766 |
|
|
| 767 |
return TRUE; |
return TRUE; |
| 768 |
} |
} |
| 769 |
|
|
| 828 |
|
|
| 829 |
unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar) |
unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar) |
| 830 |
{ |
{ |
| 831 |
int server_key_bits = |
int server_key_bits; |
| 832 |
BN_num_bits(pvar->crypt_state.server_key.RSA_key->n); |
int host_key_bits; |
| 833 |
int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n); |
int server_key_bytes; |
| 834 |
int server_key_bytes = (server_key_bits + 7) / 8; |
int host_key_bytes; |
| 835 |
int host_key_bytes = (host_key_bits + 7) / 8; |
BIGNUM *n; |
| 836 |
|
|
| 837 |
|
// OpenSSL 1.1.0ではRSA構造体のメンバーに直接アクセスできないため、 |
| 838 |
|
// RSA_get0_key関数で取得する必要がある。 |
| 839 |
|
RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL); |
| 840 |
|
server_key_bits = BN_num_bits(n); |
| 841 |
|
|
| 842 |
|
RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL); |
| 843 |
|
host_key_bits = BN_num_bits(n); |
| 844 |
|
|
| 845 |
|
server_key_bytes = (server_key_bits + 7) / 8; |
| 846 |
|
host_key_bytes = (host_key_bits + 7) / 8; |
| 847 |
|
|
| 848 |
if (server_key_bits < host_key_bits) { |
if (server_key_bits < host_key_bits) { |
| 849 |
return host_key_bytes; |
return host_key_bytes; |
| 855 |
int CRYPT_choose_session_key(PTInstVar pvar, |
int CRYPT_choose_session_key(PTInstVar pvar, |
| 856 |
unsigned char *encrypted_key_buf) |
unsigned char *encrypted_key_buf) |
| 857 |
{ |
{ |
| 858 |
int server_key_bits = |
int server_key_bits; |
| 859 |
BN_num_bits(pvar->crypt_state.server_key.RSA_key->n); |
int host_key_bits; |
| 860 |
int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n); |
int server_key_bytes; |
| 861 |
int server_key_bytes = (server_key_bits + 7) / 8; |
int host_key_bytes; |
|
int host_key_bytes = (host_key_bits + 7) / 8; |
|
| 862 |
int encrypted_key_bytes; |
int encrypted_key_bytes; |
| 863 |
int bit_delta; |
int bit_delta; |
| 864 |
|
BIGNUM *server_n, *host_n; |
| 865 |
|
|
| 866 |
|
// OpenSSL 1.1.0ではRSA構造体のメンバーに直接アクセスできないため、 |
| 867 |
|
// RSA_get0_key関数で取得する必要がある。 |
| 868 |
|
RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL); |
| 869 |
|
server_key_bits = BN_num_bits(server_n); |
| 870 |
|
|
| 871 |
|
RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL); |
| 872 |
|
host_key_bits = BN_num_bits(host_n); |
| 873 |
|
|
| 874 |
|
server_key_bytes = (server_key_bits + 7) / 8; |
| 875 |
|
host_key_bytes = (host_key_bits + 7) / 8; |
| 876 |
|
|
| 877 |
if (server_key_bits < host_key_bits) { |
if (server_key_bits < host_key_bits) { |
| 878 |
encrypted_key_bytes = host_key_bytes; |
encrypted_key_bytes = host_key_bytes; |
| 895 |
char session_id[16]; |
char session_id[16]; |
| 896 |
int i; |
int i; |
| 897 |
|
|
| 898 |
BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf); |
BN_bn2bin(host_n, session_buf); |
| 899 |
BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n, |
BN_bn2bin(server_n, |
| 900 |
session_buf + host_key_bytes); |
session_buf + host_key_bytes); |
| 901 |
memcpy(session_buf + server_key_bytes + host_key_bytes, |
memcpy(session_buf + server_key_bytes + host_key_bytes, |
| 902 |
pvar->crypt_state.server_cookie, 8); |
pvar->crypt_state.server_cookie, 8); |
| 966 |
int challenge_len, |
int challenge_len, |
| 967 |
unsigned char *response) |
unsigned char *response) |
| 968 |
{ |
{ |
| 969 |
int server_key_bits = |
int server_key_bits; |
| 970 |
BN_num_bits(pvar->crypt_state.server_key.RSA_key->n); |
int host_key_bits; |
| 971 |
int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n); |
int server_key_bytes; |
| 972 |
int server_key_bytes = (server_key_bits + 7) / 8; |
int host_key_bytes; |
| 973 |
int host_key_bytes = (host_key_bits + 7) / 8; |
int session_buf_len; |
| 974 |
int session_buf_len = server_key_bytes + host_key_bytes + 8; |
char *session_buf; |
|
char *session_buf = (char *) malloc(session_buf_len); |
|
| 975 |
char decrypted_challenge[48]; |
char decrypted_challenge[48]; |
| 976 |
int decrypted_challenge_len; |
int decrypted_challenge_len; |
| 977 |
|
BIGNUM *server_n, *host_n; |
| 978 |
|
|
| 979 |
|
// OpenSSL 1.1.0ではRSA構造体のメンバーに直接アクセスできないため、 |
| 980 |
|
// RSA_get0_key関数で取得する必要がある。 |
| 981 |
|
RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL); |
| 982 |
|
server_key_bits = BN_num_bits(server_n); |
| 983 |
|
|
| 984 |
|
RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL); |
| 985 |
|
host_key_bits = BN_num_bits(host_n); |
| 986 |
|
|
| 987 |
|
server_key_bytes = (server_key_bits + 7) / 8; |
| 988 |
|
host_key_bytes = (host_key_bits + 7) / 8; |
| 989 |
|
session_buf_len = server_key_bytes + host_key_bytes + 8; |
| 990 |
|
session_buf = (char FAR *) malloc(session_buf_len); |
| 991 |
|
|
| 992 |
decrypted_challenge_len = |
decrypted_challenge_len = |
| 993 |
RSA_private_decrypt(challenge_len, challenge, challenge, |
RSA_private_decrypt(challenge_len, challenge, challenge, |
| 1009 |
decrypted_challenge_len); |
decrypted_challenge_len); |
| 1010 |
} |
} |
| 1011 |
|
|
| 1012 |
BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf); |
BN_bn2bin(host_n, session_buf); |
| 1013 |
BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n, |
BN_bn2bin(server_n, |
| 1014 |
session_buf + host_key_bytes); |
session_buf + host_key_bytes); |
| 1015 |
memcpy(session_buf + server_key_bytes + host_key_bytes, |
memcpy(session_buf + server_key_bytes + host_key_bytes, |
| 1016 |
pvar->crypt_state.server_cookie, 8); |
pvar->crypt_state.server_cookie, 8); |
| 1171 |
cipher = pvar->ciphers[MODE_OUT]; |
cipher = pvar->ciphers[MODE_OUT]; |
| 1172 |
if (cipher) { |
if (cipher) { |
| 1173 |
enc = &pvar->ssh2_keys[MODE_OUT].enc; |
enc = &pvar->ssh2_keys[MODE_OUT].enc; |
| 1174 |
cipher_init_SSH2(&pvar->evpcip[MODE_OUT], |
cipher_init_SSH2(pvar->evpcip[MODE_OUT], |
| 1175 |
enc->key, get_cipher_key_len(cipher), |
enc->key, get_cipher_key_len(cipher), |
| 1176 |
enc->iv, get_cipher_iv_len(cipher), |
enc->iv, get_cipher_iv_len(cipher), |
| 1177 |
CIPHER_ENCRYPT, |
CIPHER_ENCRYPT, |
| 1219 |
cipher = pvar->ciphers[MODE_IN]; |
cipher = pvar->ciphers[MODE_IN]; |
| 1220 |
if (cipher) { |
if (cipher) { |
| 1221 |
enc = &pvar->ssh2_keys[MODE_IN].enc; |
enc = &pvar->ssh2_keys[MODE_IN].enc; |
| 1222 |
cipher_init_SSH2(&pvar->evpcip[MODE_IN], |
cipher_init_SSH2(pvar->evpcip[MODE_IN], |
| 1223 |
enc->key, get_cipher_key_len(cipher), |
enc->key, get_cipher_key_len(cipher), |
| 1224 |
enc->iv, get_cipher_iv_len(cipher), |
enc->iv, get_cipher_iv_len(cipher), |
| 1225 |
CIPHER_DECRYPT, |
CIPHER_DECRYPT, |
| 1338 |
|
|
| 1339 |
void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len) |
void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len) |
| 1340 |
{ |
{ |
| 1341 |
|
BIGNUM *server_n, *host_n; |
| 1342 |
|
|
| 1343 |
|
// OpenSSL 1.1.0ではRSA構造体のメンバーに直接アクセスできないため、 |
| 1344 |
|
// RSA_get0_key関数で取得する必要がある。 |
| 1345 |
|
|
| 1346 |
if (SSHv1(pvar)) { |
if (SSHv1(pvar)) { |
| 1347 |
if (pvar->crypt_state.server_key.RSA_key == NULL |
if (pvar->crypt_state.server_key.RSA_key == NULL |
| 1348 |
|| pvar->crypt_state.host_key.RSA_key == NULL) { |
|| pvar->crypt_state.host_key.RSA_key == NULL) { |
| 1349 |
UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None"); |
UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None"); |
| 1350 |
strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE); |
strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE); |
| 1351 |
} else { |
} else { |
| 1352 |
|
RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL); |
| 1353 |
|
RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL); |
| 1354 |
|
|
| 1355 |
UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar, |
UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar, |
| 1356 |
"%d-bit server key, %d-bit host key"); |
"%d-bit server key, %d-bit host key"); |
| 1357 |
_snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg, |
_snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg, |
| 1358 |
BN_num_bits(pvar->crypt_state.server_key.RSA_key->n), |
BN_num_bits(server_n), |
| 1359 |
BN_num_bits(pvar->crypt_state.host_key.RSA_key->n)); |
BN_num_bits(host_n)); |
| 1360 |
} |
} |
| 1361 |
} else { // SSH2 |
} else { // SSH2 |
| 1362 |
UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar, |
UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar, |
Tera Term
Parent Directory
Revision Log
Patch