Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 9217 - (hide annotations) (download) (as text)
Sun Apr 25 02:18:41 2021 UTC (2 years, 11 months ago) by nmaya
File MIME type: text/x-csrc
File size: 40618 byte(s) 
SSH2 暗号化方式 chacha20-poly1305@openssh.com をサポート
1 maya 3227 /*
2 doda 6841 * Copyright (c) 1998-2001, Robert O'Callahan
3 nmaya 9049 * (C) 2004- TeraTerm Project
4 doda 6841 * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29 maya 3227
30     #define WINDOWS
31    
32     #include "ttxssh.h"
33     #include "util.h"
34    
35     #include <openssl/rand.h>
36     #include <openssl/bn.h>
37     #include <openssl/md5.h>
38     #include <openssl/err.h>
39     #include <openssl/des.h>
40     #include <openssl/hmac.h> // for SSH2(yutaka)
41     #include <openssl/dsa.h>
42     #include "cipher.h"
43     #include "ssh.h"
44    
45     #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46     #define get_uint32(buf) get_uint32_MSBfirst((buf))
47    
48     #define DEATTACK_OK 0
49     #define DEATTACK_DETECTED 1
50    
51     /*
52     * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53     * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54     * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55     */
56    
57     /* SSH Constants */
58     #define SSH_BLOCKSIZE 8
59    
60     /* Hashing constants */
61     #define HASH_MINSIZE 8*2048
62     #define HASH_ENTRYSIZE 4
63     #define HASH_FACTOR(x) ((x)*3/2)
64     #define HASH_UNUSEDCHAR 0xff
65     #define HASH_UNUSED 0xffffffff
66     #define HASH_IV 0xfffffffe
67    
68     #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69    
70     /* Hash function (Input keys are cipher results) */
71     #define HASH(x) get_uint32(x)
72    
73     #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74    
75 doda 7133 static unsigned char *encbuff = NULL;
76     static unsigned int encbufflen = 0;
77 maya 3227
78 doda 6801 static void crc_update(uint32 *a, uint32 b)
79 maya 3227 {
80     b ^= *a;
81 doda 6801 *a = do_crc((unsigned char *) &b, sizeof(b));
82 maya 3227 }
83    
84     /* check_crc
85     detects if a block is used in a particular pattern
86     */
87    
88 doda 6801 static int check_crc(unsigned char *S, unsigned char *buf,
89     uint32 len, unsigned char *IV)
90 maya 3227 {
91     uint32 crc;
92 doda 6801 unsigned char *c;
93 maya 3227
94     crc = 0;
95     if (IV && !CMP(S, IV)) {
96     crc_update(&crc, 1);
97     crc_update(&crc, 0);
98     }
99     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100     if (!CMP(S, c)) {
101     crc_update(&crc, 1);
102     crc_update(&crc, 0);
103     } else {
104     crc_update(&crc, 0);
105     crc_update(&crc, 0);
106     }
107     }
108    
109     return crc == 0;
110     }
111    
112    
113     /*
114     detect_attack
115     Detects a crc32 compensation attack on a packet
116     */
117 doda 6801 static int detect_attack(CRYPTDetectAttack *statics,
118     unsigned char *buf, uint32 len,
119     unsigned char *IV)
120 maya 3227 {
121 doda 6801 uint32 *h = statics->h;
122 maya 3227 uint32 n = statics->n;
123     uint32 i, j;
124     uint32 l;
125 doda 6801 unsigned char *c;
126     unsigned char *d;
127 maya 3227
128     for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129     }
130    
131     if (h == NULL) {
132     n = l;
133 doda 6801 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 maya 3227 } else {
135     if (l > n) {
136     n = l;
137 doda 6801 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 maya 3227 }
139     }
140    
141     statics->h = h;
142     statics->n = n;
143    
144     if (len <= HASH_MINBLOCKS) {
145     for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146     if (IV && (!CMP(c, IV))) {
147     if ((check_crc(c, buf, len, IV)))
148     return DEATTACK_DETECTED;
149     else
150     break;
151     }
152     for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153     if (!CMP(c, d)) {
154     if ((check_crc(c, buf, len, IV)))
155     return DEATTACK_DETECTED;
156     else
157     break;
158     }
159     }
160     }
161     return (DEATTACK_OK);
162     }
163     memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164    
165     if (IV) {
166     h[HASH(IV) & (n - 1)] = HASH_IV;
167     }
168    
169     for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170     for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171     i = (i + 1) & (n - 1)) {
172     if (h[i] == HASH_IV) {
173     if (!CMP(c, IV)) {
174     if (check_crc(c, buf, len, IV))
175     return DEATTACK_DETECTED;
176     else
177     break;
178     }
179     } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180     if (check_crc(c, buf, len, IV))
181     return DEATTACK_DETECTED;
182     else
183     break;
184     }
185     }
186     h[i] = j;
187     }
188    
189     return DEATTACK_OK;
190     }
191    
192 doda 6980 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 maya 3227 {
194 doda 6980 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195     return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 maya 3227 } else {
197     return FALSE;
198     }
199     }
200    
201 doda 6985 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202     {
203 doda 7133 unsigned char *newbuff = NULL;
204 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205     unsigned char lastiv[1];
206     char tmp[80];
207 nmaya 9211 struct sshcipher_ctx *cc = pvar->cc[MODE_OUT];
208 nmaya 9217 unsigned int newbuff_len = bytes;
209 doda 6985
210     if (bytes == 0)
211     return TRUE;
212    
213     if (bytes % block_size) {
214     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
215     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
216     get_cipher_name(pvar->crypt_state.sender_cipher),
217     bytes, block_size);
218     notify_fatal_error(pvar, tmp, TRUE);
219     return FALSE;
220     }
221    
222 nmaya 9217 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
223     // chacha20-poly1305 ���� aadlen ��������������
224     // aadlen �� bytes �����X��������������
225     // chachapoly_crypt �������F���f�[�^(AEAD tag)������������
226     newbuff_len += aadlen + authlen;
227     }
228     if (newbuff_len > encbufflen) {
229     if ((newbuff = realloc(encbuff, newbuff_len)) == NULL)
230 doda 7133 goto err;
231     encbuff = newbuff;
232 nmaya 9217 encbufflen = newbuff_len;
233 doda 7133 }
234 doda 6985
235 nmaya 9217 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
236     if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.sender_sequence_number,
237     encbuff, data, bytes, aadlen, authlen, 1) != 0) {
238     goto err;
239     }
240     memcpy(data, encbuff, aadlen + bytes + authlen);
241     return TRUE;
242     }
243    
244 nmaya 9211 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
245 doda 6985 goto err;
246    
247 nmaya 9211 if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
248 doda 6985 goto err;
249    
250 nmaya 9217 // AES-GCM ���� aadlen �������������������A��������������������
251 nmaya 9211 if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
252 doda 6985 goto err;
253    
254 doda 7133 memcpy(data+aadlen, encbuff, bytes);
255 doda 6985
256 nmaya 9211 if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
257 doda 6985 goto err;
258    
259 nmaya 9211 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
260 doda 6985 goto err;
261    
262     return TRUE;
263    
264     err:
265     UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
266     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
267     get_cipher_name(pvar->crypt_state.sender_cipher));
268     notify_fatal_error(pvar, tmp, TRUE);
269     return FALSE;
270     }
271    
272     BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
273     {
274 doda 7133 unsigned char *newbuff = NULL;
275 doda 6985 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
276     unsigned char lastiv[1];
277     char tmp[80];
278 nmaya 9217 struct sshcipher_ctx *cc = pvar->cc[MODE_IN];
279     unsigned int newbuff_len = bytes;
280 doda 6985
281     if (bytes == 0)
282     return TRUE;
283    
284     if (bytes % block_size) {
285     UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
286     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
287     get_cipher_name(pvar->crypt_state.receiver_cipher),
288     bytes, block_size);
289     notify_fatal_error(pvar, tmp, TRUE);
290     return FALSE;
291     }
292    
293 nmaya 9217 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
294     // chacha20-poly1305 ���� aadlen ������������������
295     newbuff_len += aadlen;
296     }
297     if (newbuff_len > encbufflen) {
298     if ((newbuff = realloc(encbuff, newbuff_len)) == NULL)
299 doda 7133 goto err;
300     encbuff = newbuff;
301 nmaya 9217 encbufflen = newbuff_len;
302 doda 7133 }
303 doda 6985
304 nmaya 9217 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
305     if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.receiver_sequence_number,
306     encbuff, data, bytes, aadlen, authlen, 0) != 0) {
307     goto err;
308     }
309     memcpy(data, encbuff, aadlen + bytes);
310     return TRUE;
311     }
312    
313 nmaya 9211 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
314 doda 6985 goto err;
315    
316 nmaya 9211 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
317 doda 6985 goto err;
318    
319 nmaya 9211 if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
320 doda 6985 goto err;
321    
322 nmaya 9217 // AES-GCM ���� aadlen �������������������A������������������
323 nmaya 9211 if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
324 doda 6985 goto err;
325    
326 doda 7133 memcpy(data+aadlen, encbuff, bytes);
327 doda 6985
328 nmaya 9211 if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
329 nmaya 9210 goto err;
330 doda 6985
331 nmaya 9210 return TRUE;
332    
333 doda 6985 err:
334     UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
335     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
336     get_cipher_name(pvar->crypt_state.receiver_cipher));
337     notify_fatal_error(pvar, tmp, TRUE);
338     return FALSE;
339     }
340    
341 maya 7774 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
342 maya 3227 {
343     }
344    
345 maya 7774 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
346 maya 3227 {
347 doda 7133 unsigned char *newbuff;
348 maya 3227 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
349 doda 4212 char tmp[80];
350 maya 3227
351     if (bytes == 0)
352     return;
353    
354     if (bytes % block_size) {
355 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
356     "%s encrypt error(1): bytes %d (%d)");
357     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
358 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher),
359     bytes, block_size);
360 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
361 maya 3227 return;
362     }
363    
364 doda 7133 if (bytes > encbufflen) {
365     if ((newbuff = realloc(encbuff, bytes)) == NULL)
366     return;
367     encbuff = newbuff;
368     encbufflen = bytes;
369     }
370 maya 3227
371 nmaya 9211 if (EVP_Cipher(pvar->cc[MODE_OUT]->evp, encbuff, buf, bytes) == 0) {
372 doda 4212 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
373     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
374 doda 6716 get_cipher_name(pvar->crypt_state.sender_cipher));
375 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
376 maya 3227 } else {
377 doda 7133 memcpy(buf, encbuff, bytes);
378 maya 3227 }
379     }
380    
381 maya 7774 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
382 maya 3227 {
383 doda 7133 unsigned char *newbuff;
384 maya 3227 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
385 doda 4212 char tmp[80];
386 maya 3227
387     if (bytes == 0)
388     return;
389    
390     if (bytes % block_size) {
391 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
392     "%s decrypt error(1): bytes %d (%d)");
393     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
394 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher),
395     bytes, block_size);
396 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
397 maya 3227 return;
398     }
399    
400 doda 7133 if (bytes > encbufflen) {
401     if ((newbuff = malloc(bytes)) == NULL)
402     return;
403     encbuff = newbuff;
404     encbufflen = bytes;
405     }
406 maya 3227
407 nmaya 9211 if (EVP_Cipher(pvar->cc[MODE_IN]->evp, encbuff, buf, bytes) == 0) {
408 doda 4212 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
409     _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
410 doda 6716 get_cipher_name(pvar->crypt_state.receiver_cipher));
411 maya 5678 notify_fatal_error(pvar, tmp, TRUE);
412 maya 3227 } else {
413 doda 7133 memcpy(buf, encbuff, bytes);
414 maya 3227 }
415     }
416    
417 maya 7774 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
418 maya 3227 {
419 doda 6801 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
420 maya 3227
421     DES_ncbc_encrypt(buf, buf, bytes,
422     &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
423     DES_ncbc_encrypt(buf, buf, bytes,
424     &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
425     DES_ncbc_encrypt(buf, buf, bytes,
426     &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
427     }
428    
429 maya 7774 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
430 maya 3227 {
431 doda 6801 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
432 maya 3227
433     DES_ncbc_encrypt(buf, buf, bytes,
434     &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
435     DES_ncbc_encrypt(buf, buf, bytes,
436     &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
437     DES_ncbc_encrypt(buf, buf, bytes,
438     &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
439     }
440    
441 maya 7774 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
442 maya 3227 {
443 doda 6801 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
444 maya 3227
445     DES_ncbc_encrypt(buf, buf, bytes,
446     &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
447     }
448    
449 maya 7774 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
450 maya 3227 {
451 doda 6801 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
452 maya 3227
453     DES_ncbc_encrypt(buf, buf, bytes,
454     &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
455     }
456    
457 maya 7774 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
458 maya 3227 {
459 doda 6801 uint32 *buf = (uint32 *) cbuf;
460 maya 3227 int count = bytes / 4;
461    
462     while (count > 0) {
463     uint32 w = *buf;
464    
465     *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
466     | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
467     count--;
468     buf++;
469     }
470     }
471    
472 maya 7774 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
473 maya 3227 {
474 doda 6801 CipherBlowfishState *encryptstate =
475 maya 3227 &pvar->crypt_state.enc.cBlowfish;
476    
477     flip_endianness(buf, bytes);
478     BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
479     BF_ENCRYPT);
480     flip_endianness(buf, bytes);
481     }
482    
483 maya 7774 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
484 maya 3227 {
485 doda 6801 CipherBlowfishState *decryptstate =
486 maya 3227 &pvar->crypt_state.dec.cBlowfish;
487    
488     flip_endianness(buf, bytes);
489     BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
490     BF_DECRYPT);
491     flip_endianness(buf, bytes);
492     }
493    
494 maya 7774 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
495 maya 3227 {
496 yutakapon 8316 int ret;
497    
498     // OpenSSL 1.1.1���g���������AWindowsMe���� RAND_bytes() �������o�����������B
499     logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__);
500     ret = RAND_bytes(buf, bytes);
501     if (ret < 0) {
502     logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret);
503     }
504 maya 3227 }
505    
506     void CRYPT_initialize_random_numbers(PTInstVar pvar)
507     {
508 maya 4550 // ����������������������
509     // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
510     //RAND_screen();
511 maya 3227 }
512    
513 doda 6801 static BIGNUM *get_bignum(unsigned char *bytes)
514 maya 3227 {
515     int bits = get_ushort16_MSBfirst(bytes);
516    
517     return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
518     }
519    
520     // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
521 doda 6801 RSA *make_key(PTInstVar pvar,
522 nmaya 9209 int bits, unsigned char *exp,
523     unsigned char *mod)
524 maya 3227 {
525 doda 6801 RSA *key = RSA_new();
526 yutakapon 8316 BIGNUM *e = NULL, *n = NULL;
527 maya 3227
528     if (key != NULL) {
529 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
530     // RSA_set0_key���������������K�v�������B
531     e = get_bignum(exp);
532     n = get_bignum(mod);
533     RSA_set0_key(key, n, e, NULL);
534 maya 3227 }
535    
536 yutakapon 8316 if (key == NULL || e == NULL || n == NULL) {
537 maya 3227 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
538     "Error setting up RSA keys");
539 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
540 maya 3227
541     if (key != NULL) {
542 yutakapon 8316 if (e != NULL) {
543     BN_free(e);
544 maya 3227 }
545 yutakapon 8316 if (n != NULL) {
546     BN_free(n);
547 maya 3227 }
548     RSA_free(key);
549     }
550    
551     return NULL;
552     } else {
553     return key;
554     }
555     }
556    
557 doda 6801 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
558 maya 3227 {
559     if (SSHv1(pvar)) {
560     memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
561     } else {
562     memcpy(pvar->crypt_state.server_cookie, cookie,
563     SSH2_COOKIE_LENGTH);
564     }
565     }
566    
567 doda 6801 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
568 maya 3227 {
569     if (SSHv2(pvar)) {
570     memcpy(pvar->crypt_state.client_cookie, cookie,
571     SSH2_COOKIE_LENGTH);
572     }
573     }
574    
575     BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
576 doda 6801 int bits, unsigned char *exp,
577     unsigned char *mod)
578 maya 3227 {
579     pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
580    
581     return pvar->crypt_state.server_key.RSA_key != NULL;
582     }
583    
584     BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
585 doda 6801 int bits, unsigned char *exp,
586     unsigned char *mod)
587 maya 3227 {
588     pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
589    
590     return pvar->crypt_state.host_key.RSA_key != NULL;
591     }
592    
593     BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
594     int receiver_ciphers)
595     {
596     int cipher_mask;
597    
598     if (SSHv1(pvar)) {
599     cipher_mask = (1 << SSH_CIPHER_DES)
600     | (1 << SSH_CIPHER_3DES)
601     | (1 << SSH_CIPHER_BLOWFISH);
602    
603     } else { // for SSH2(yutaka)
604     // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
605 doda 4433 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
606 maya 3227 | (1 << SSH2_CIPHER_AES128_CBC)
607     | (1 << SSH2_CIPHER_AES192_CBC)
608     | (1 << SSH2_CIPHER_AES256_CBC)
609     | (1 << SSH2_CIPHER_BLOWFISH_CBC)
610     | (1 << SSH2_CIPHER_AES128_CTR)
611     | (1 << SSH2_CIPHER_AES192_CTR)
612     | (1 << SSH2_CIPHER_AES256_CTR)
613     | (1 << SSH2_CIPHER_ARCFOUR)
614     | (1 << SSH2_CIPHER_ARCFOUR128)
615     | (1 << SSH2_CIPHER_ARCFOUR256)
616 doda 3850 | (1 << SSH2_CIPHER_CAST128_CBC)
617     | (1 << SSH2_CIPHER_3DES_CTR)
618     | (1 << SSH2_CIPHER_BLOWFISH_CTR)
619 doda 4433 | (1 << SSH2_CIPHER_CAST128_CTR)
620     | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
621     | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
622     | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
623     | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
624     | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
625     | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
626 doda 6985 | (1 << SSH2_CIPHER_AES128_GCM)
627     | (1 << SSH2_CIPHER_AES256_GCM)
628 nmaya 9217 | (1 << SSH2_CIPHER_CHACHAPOLY)
629 doda 4433 );
630 maya 3227 }
631    
632     sender_ciphers &= cipher_mask;
633     receiver_ciphers &= cipher_mask;
634     pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
635     pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
636    
637     if (sender_ciphers == 0) {
638     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
639     "The server does not support any of the TTSSH encryption algorithms.\n"
640     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
641     "The connection will be closed.");
642 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
643 maya 3227 return FALSE;
644     } else if (receiver_ciphers == 0) {
645     UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
646     "The server does not support any of the TTSSH encryption algorithms.\n"
647     "A secure connection cannot be made in the TTSSH-to-server direction.\n"
648     "The connection will be closed.");
649 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
650 maya 3227 return FALSE;
651     } else {
652     return TRUE;
653     }
654     }
655    
656 doda 6982 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
657 maya 3227 {
658     if (SSHv1(pvar)) {
659     return 8;
660     } else {
661     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
662     // cf. 3DES=8, AES128=16
663     return (pvar->ssh2_keys[MODE_IN].enc.block_size);
664     }
665     }
666    
667 doda 6982 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
668 maya 3227 {
669     if (SSHv1(pvar)) {
670     return 8;
671     } else {
672     // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
673     // cf. 3DES=8, AES128=16
674     return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
675     }
676     }
677    
678 doda 6982 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
679 maya 3227 {
680     struct Mac *mac;
681    
682     if (SSHv1(pvar)) {
683     return 0;
684    
685     } else { // for SSH2(yutaka)
686     mac = &pvar->ssh2_keys[MODE_IN].mac;
687     if (mac == NULL || mac->enabled == 0)
688     return 0;
689    
690     return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
691     }
692    
693     }
694    
695     // HMAC������
696     // ���{������ SSH2 �������g�p�������B
697     // (2004.12.17 yutaka)
698     BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
699 nmaya 9209 char *data, int len, char *MAC)
700 maya 3227 {
701 yutakapon 8316 HMAC_CTX *c = NULL;
702 maya 3227 unsigned char m[EVP_MAX_MD_SIZE];
703     unsigned char b[4];
704     struct Mac *mac;
705    
706     mac = &pvar->ssh2_keys[MODE_IN].mac;
707    
708     // HMAC�������L���������������A����OK�����������B
709 yutakapon 6302 if (mac == NULL || mac->enabled == 0)
710 maya 3227 return TRUE;
711    
712 yutakapon 6302 if (mac->key == NULL) {
713 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
714 maya 3227 goto error;
715 yutakapon 6302 }
716 maya 3227
717 yutakapon 6302 if ((u_int)mac->mac_len > sizeof(m)) {
718 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
719 nmaya 9209 mac->mac_len, sizeof(m), sequence_number, len);
720 maya 3227 goto error;
721 yutakapon 6302 }
722 maya 3227
723 yutakapon 8316 c = HMAC_CTX_new();
724     if (c == NULL)
725     goto error;
726    
727     HMAC_Init(c, mac->key, mac->key_len, mac->md);
728 maya 3227 set_uint32_MSBfirst(b, sequence_number);
729 yutakapon 8316 HMAC_Update(c, b, sizeof(b));
730     HMAC_Update(c, data, len);
731     HMAC_Final(c, m, NULL);
732     // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
733 maya 3227
734     if (memcmp(m, MAC, mac->mac_len)) {
735 doda 6808 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
736     logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
737     logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
738 maya 3227 goto error;
739     }
740    
741 yutakapon 8316 HMAC_CTX_free(c);
742    
743 maya 3227 return TRUE;
744    
745     error:
746 yutakapon 8316 if (c)
747     HMAC_CTX_free(c);
748    
749 maya 3227 return FALSE;
750     }
751    
752 doda 6982 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
753 maya 3227 {
754     struct Mac *mac;
755    
756     if (SSHv2(pvar)) { // for SSH2(yutaka)
757     mac = &pvar->ssh2_keys[MODE_OUT].mac;
758     if (mac == NULL || mac->enabled == 0)
759     return 0;
760    
761     return (mac->mac_len);
762     }
763    
764     return 0;
765     }
766    
767     // for SSH2
768     BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
769 doda 6801 char *data, int len, char *MAC)
770 maya 3227 {
771 yutakapon 8316 HMAC_CTX *c = NULL;
772 maya 3227 static u_char m[EVP_MAX_MD_SIZE];
773     u_char b[4];
774     struct Mac *mac;
775    
776     if (SSHv2(pvar)) { // for SSH2(yutaka)
777     mac = &pvar->ssh2_keys[MODE_OUT].mac;
778     if (mac == NULL || mac->enabled == 0)
779     return FALSE;
780    
781 yutakapon 8316 c = HMAC_CTX_new();
782     if (c == NULL)
783     return FALSE;
784    
785     HMAC_Init(c, mac->key, mac->key_len, mac->md);
786 maya 3227 set_uint32_MSBfirst(b, sequence_number);
787 yutakapon 8316 HMAC_Update(c, b, sizeof(b));
788     HMAC_Update(c, data, len);
789     HMAC_Final(c, m, NULL);
790     // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
791 maya 3227
792     // 20�o�C�g�������R�s�[
793     memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
794     // memcpy(MAC, m, sizeof(m));
795    
796 yutakapon 8316 HMAC_CTX_free(c);
797    
798 maya 3227 return TRUE;
799     }
800    
801     return TRUE;
802    
803     }
804    
805     static int choose_cipher(PTInstVar pvar, int supported)
806     {
807     int i;
808    
809     for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
810     int cipher = pvar->session_settings.CipherOrder[i] - '0';
811    
812     if (cipher == SSH_CIPHER_NONE) {
813     break;
814     } else if ((supported & (1 << cipher)) != 0) {
815     return cipher;
816     }
817     }
818    
819     return SSH_CIPHER_NONE;
820     }
821    
822     BOOL CRYPT_choose_ciphers(PTInstVar pvar)
823     {
824     if (SSHv1(pvar)) {
825     pvar->crypt_state.sender_cipher = choose_cipher(pvar,
826     pvar->crypt_state.
827     supported_sender_ciphers);
828     pvar->crypt_state.receiver_cipher =
829     choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
830    
831     } else { // SSH2(yutaka)
832 doda 7002 if (pvar->ciphers[MODE_OUT] == NULL) {
833     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
834     }
835     else {
836 nmaya 9210 pvar->crypt_state.sender_cipher = get_cipher_id(pvar->ciphers[MODE_OUT]);
837 doda 7002 }
838     if (pvar->ciphers[MODE_IN] == NULL) {
839     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
840     }
841     else {
842 nmaya 9210 pvar->crypt_state.receiver_cipher = get_cipher_id(pvar->ciphers[MODE_IN]);
843 doda 7002 }
844 maya 3227 }
845    
846     if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
847     || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
848 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
849 maya 3227 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
850     "To communicate with this server, you will have to enable some more ciphers\n"
851     "in the TTSSH Setup dialog box when you run Tera Term again.\n"
852     "This connection will now close.");
853 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
854 maya 3227 return FALSE;
855     } else {
856     return TRUE;
857     }
858     }
859    
860 doda 6982 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
861 maya 3227 {
862 yutakapon 8316 int server_key_bits;
863     int host_key_bits;
864     int server_key_bytes;
865     int host_key_bytes;
866     BIGNUM *n;
867 maya 3227
868 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
869     // RSA_get0_key���������������K�v�������B
870     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
871     server_key_bits = BN_num_bits(n);
872    
873     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
874     host_key_bits = BN_num_bits(n);
875    
876     server_key_bytes = (server_key_bits + 7) / 8;
877     host_key_bytes = (host_key_bits + 7) / 8;
878    
879 maya 3227 if (server_key_bits < host_key_bits) {
880     return host_key_bytes;
881     } else {
882     return server_key_bytes;
883     }
884     }
885    
886     int CRYPT_choose_session_key(PTInstVar pvar,
887 doda 6801 unsigned char *encrypted_key_buf)
888 maya 3227 {
889 yutakapon 8316 int server_key_bits;
890     int host_key_bits;
891     int server_key_bytes;
892     int host_key_bytes;
893 maya 3227 int encrypted_key_bytes;
894     int bit_delta;
895 yutakapon 8316 BIGNUM *server_n, *host_n;
896 maya 3227
897 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
898     // RSA_get0_key���������������K�v�������B
899     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
900     server_key_bits = BN_num_bits(server_n);
901    
902     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
903     host_key_bits = BN_num_bits(host_n);
904    
905     server_key_bytes = (server_key_bits + 7) / 8;
906     host_key_bytes = (host_key_bits + 7) / 8;
907    
908 maya 3227 if (server_key_bits < host_key_bits) {
909     encrypted_key_bytes = host_key_bytes;
910     bit_delta = host_key_bits - server_key_bits;
911     } else {
912     encrypted_key_bytes = server_key_bytes;
913     bit_delta = server_key_bits - host_key_bits;
914     }
915    
916     if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
917 doda 6688 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
918 maya 3227 "Server RSA keys are too weak. A secure connection cannot be established.");
919 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
920 maya 3227 return 0;
921     } else {
922     /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
923     for the session ID, rather than the one specified in the RFC */
924     int session_buf_len = server_key_bytes + host_key_bytes + 8;
925 doda 6801 char *session_buf = (char *) malloc(session_buf_len);
926 maya 3227 char session_id[16];
927     int i;
928    
929 yutakapon 8316 BN_bn2bin(host_n, session_buf);
930     BN_bn2bin(server_n,
931 maya 3227 session_buf + host_key_bytes);
932     memcpy(session_buf + server_key_bytes + host_key_bytes,
933     pvar->crypt_state.server_cookie, 8);
934     MD5(session_buf, session_buf_len, session_id);
935    
936     free(session_buf);
937    
938     RAND_bytes(pvar->crypt_state.sender_cipher_key,
939     SSH_SESSION_KEY_LENGTH);
940     memcpy(pvar->crypt_state.receiver_cipher_key,
941     pvar->crypt_state.sender_cipher_key,
942     SSH_SESSION_KEY_LENGTH);
943    
944     memcpy(encrypted_key_buf + encrypted_key_bytes -
945     SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
946     SSH_SESSION_KEY_LENGTH);
947     for (i = 0; i < sizeof(session_id); i++) {
948     encrypted_key_buf[encrypted_key_bytes -
949     SSH_SESSION_KEY_LENGTH + i]
950     ^= session_id[i];
951     }
952    
953     if (host_key_bits > server_key_bits) {
954     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
955     encrypted_key_buf +
956     encrypted_key_bytes -
957     SSH_SESSION_KEY_LENGTH,
958     encrypted_key_buf +
959     encrypted_key_bytes - server_key_bytes,
960     pvar->crypt_state.server_key.RSA_key,
961     RSA_PKCS1_PADDING) < 0)
962     return 0;
963    
964     if (RSA_public_encrypt(server_key_bytes,
965     encrypted_key_buf +
966     encrypted_key_bytes - server_key_bytes,
967     encrypted_key_buf,
968     pvar->crypt_state.host_key.RSA_key,
969     RSA_PKCS1_PADDING) < 0)
970     return 0;
971     } else {
972     if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
973     encrypted_key_buf +
974     encrypted_key_bytes -
975     SSH_SESSION_KEY_LENGTH,
976     encrypted_key_buf +
977     encrypted_key_bytes - host_key_bytes,
978     pvar->crypt_state.host_key.RSA_key,
979     RSA_PKCS1_PADDING) < 0)
980     return 0;
981    
982     if (RSA_public_encrypt(host_key_bytes,
983     encrypted_key_buf +
984     encrypted_key_bytes - host_key_bytes,
985     encrypted_key_buf,
986     pvar->crypt_state.server_key.RSA_key,
987     RSA_PKCS1_PADDING) < 0)
988     return 0;
989     }
990     }
991    
992     return 1;
993     }
994    
995     int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
996 doda 6801 unsigned char *challenge,
997 maya 3227 int challenge_len,
998 doda 6801 unsigned char *response)
999 maya 3227 {
1000 yutakapon 8316 int server_key_bits;
1001     int host_key_bits;
1002     int server_key_bytes;
1003     int host_key_bytes;
1004     int session_buf_len;
1005     char *session_buf;
1006 maya 3227 char decrypted_challenge[48];
1007     int decrypted_challenge_len;
1008 yutakapon 8316 BIGNUM *server_n, *host_n;
1009 maya 3227
1010 yutakapon 8316 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1011     // RSA_get0_key���������������K�v�������B
1012     RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1013     server_key_bits = BN_num_bits(server_n);
1014    
1015     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1016     host_key_bits = BN_num_bits(host_n);
1017    
1018     server_key_bytes = (server_key_bits + 7) / 8;
1019     host_key_bytes = (host_key_bits + 7) / 8;
1020     session_buf_len = server_key_bytes + host_key_bytes + 8;
1021     session_buf = (char FAR *) malloc(session_buf_len);
1022    
1023 maya 3227 decrypted_challenge_len =
1024     RSA_private_decrypt(challenge_len, challenge, challenge,
1025 maya 4307 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1026 maya 3227 RSA_PKCS1_PADDING);
1027     if (decrypted_challenge_len < 0) {
1028     free(session_buf);
1029     return 0;
1030     }
1031     if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1032     memcpy(decrypted_challenge,
1033     challenge + decrypted_challenge_len -
1034     SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1035     } else {
1036 doda 7003 SecureZeroMemory(decrypted_challenge,
1037 nmaya 9209 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1038 maya 3227 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1039     decrypted_challenge_len, challenge,
1040     decrypted_challenge_len);
1041     }
1042    
1043 yutakapon 8316 BN_bn2bin(host_n, session_buf);
1044     BN_bn2bin(server_n,
1045 maya 3227 session_buf + host_key_bytes);
1046     memcpy(session_buf + server_key_bytes + host_key_bytes,
1047     pvar->crypt_state.server_cookie, 8);
1048     MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1049    
1050     free(session_buf);
1051    
1052     MD5(decrypted_challenge, 48, response);
1053    
1054     return 1;
1055     }
1056    
1057 doda 6801 static void c3DES_init(char *session_key, Cipher3DESState *state)
1058 maya 3227 {
1059 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k1);
1060     DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
1061     DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
1062 doda 7003 SecureZeroMemory(state->ivec1, 8);
1063     SecureZeroMemory(state->ivec2, 8);
1064     SecureZeroMemory(state->ivec3, 8);
1065 maya 3227 }
1066    
1067 doda 6801 static void cDES_init(char *session_key, CipherDESState *state)
1068 maya 3227 {
1069 doda 6801 DES_set_key((const_DES_cblock *) session_key, &state->k);
1070 doda 7003 SecureZeroMemory(state->ivec, 8);
1071 maya 3227 }
1072    
1073 doda 6801 static void cBlowfish_init(char *session_key,
1074     CipherBlowfishState *state)
1075 maya 3227 {
1076     BF_set_key(&state->k, 32, session_key);
1077 doda 7003 SecureZeroMemory(state->ivec, 8);
1078 maya 3227 }
1079    
1080     BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1081     {
1082 doda 6716 struct Enc *enc;
1083 doda 6801 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1084     char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1085 nmaya 9210 const struct ssh2cipher *cipher;
1086 maya 3227 BOOL isOK = TRUE;
1087    
1088     if (sender_flag) {
1089 doda 7002 if (SSHv1(pvar)) {
1090     switch (pvar->crypt_state.sender_cipher) {
1091     case SSH_CIPHER_3DES:
1092     c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1093     pvar->crypt_state.encrypt = c3DES_encrypt;
1094     break;
1095 maya 3227
1096 doda 7002 case SSH_CIPHER_DES:
1097     cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1098     pvar->crypt_state.encrypt = cDES_encrypt;
1099     break;
1100 maya 3227
1101 doda 7002 case SSH_CIPHER_BLOWFISH:
1102     cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1103     pvar->crypt_state.encrypt = cBlowfish_encrypt;
1104     break;
1105 maya 3227
1106 doda 7002 case SSH_CIPHER_NONE:
1107     case SSH_CIPHER_IDEA:
1108     case SSH_CIPHER_TSS:
1109     case SSH_CIPHER_RC4:
1110     isOK = FALSE;
1111     break;
1112     }
1113     }
1114     else {
1115     // SSH2
1116     cipher = pvar->ciphers[MODE_OUT];
1117     if (cipher) {
1118 maya 3227 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1119 nmaya 9211 cipher_init_SSH2(&pvar->cc[MODE_OUT], cipher,
1120     enc->key, enc->key_len,
1121     enc->iv, enc->iv_len,
1122 maya 3227 CIPHER_ENCRYPT,
1123     pvar);
1124 doda 6716 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1125 maya 3227 }
1126 doda 6716 else {
1127     isOK = FALSE;
1128 maya 3227 }
1129     }
1130     }
1131    
1132     if (receiver_flag) {
1133 doda 7002 if (SSHv1(pvar)) {
1134     switch (pvar->crypt_state.receiver_cipher) {
1135     case SSH_CIPHER_3DES:
1136     c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1137     pvar->crypt_state.decrypt = c3DES_decrypt;
1138     break;
1139 maya 3227
1140 doda 7002 case SSH_CIPHER_DES:
1141     cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1142     pvar->crypt_state.decrypt = cDES_decrypt;
1143     break;
1144 maya 3227
1145 doda 7002 case SSH_CIPHER_BLOWFISH:
1146     cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1147     pvar->crypt_state.decrypt = cBlowfish_decrypt;
1148     break;
1149 maya 3227
1150 doda 7002 case SSH_CIPHER_NONE:
1151     case SSH_CIPHER_IDEA:
1152     case SSH_CIPHER_TSS:
1153     case SSH_CIPHER_RC4:
1154     isOK = FALSE;
1155     break;
1156     }
1157     }
1158     else {
1159     // SSH2
1160     cipher = pvar->ciphers[MODE_IN];
1161     if (cipher) {
1162 maya 3227 enc = &pvar->ssh2_keys[MODE_IN].enc;
1163 nmaya 9211 cipher_init_SSH2(&pvar->cc[MODE_IN], cipher,
1164     enc->key, enc->key_len,
1165     enc->iv, enc->iv_len,
1166 maya 3227 CIPHER_DECRYPT,
1167     pvar);
1168 doda 6716 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1169 maya 3227 }
1170 doda 6716 else {
1171     isOK = FALSE;
1172 maya 3227 }
1173     }
1174     }
1175    
1176     if (!isOK) {
1177 doda 6681 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1178 maya 3227 "No cipher selected!");
1179 maya 5678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1180 maya 3227 return FALSE;
1181     } else {
1182 doda 7003 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1183     SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1184 maya 3227 return TRUE;
1185     }
1186     }
1187    
1188     void CRYPT_init(PTInstVar pvar)
1189     {
1190     pvar->crypt_state.encrypt = no_encrypt;
1191     pvar->crypt_state.decrypt = no_encrypt;
1192     pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1193     pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1194     pvar->crypt_state.server_key.RSA_key = NULL;
1195     pvar->crypt_state.host_key.RSA_key = NULL;
1196    
1197     pvar->crypt_state.detect_attack_statics.h = NULL;
1198     pvar->crypt_state.detect_attack_statics.n =
1199     HASH_MINSIZE / HASH_ENTRYSIZE;
1200     }
1201    
1202 doda 6801 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1203 maya 3227 {
1204     UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1205     "%s to server, %s from server");
1206     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1207     get_cipher_name(pvar->crypt_state.sender_cipher),
1208     get_cipher_name(pvar->crypt_state.receiver_cipher));
1209     }
1210    
1211 doda 6801 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1212 maya 3227 {
1213 yutakapon 8316 BIGNUM *server_n, *host_n;
1214    
1215     // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1216     // RSA_get0_key���������������K�v�������B
1217    
1218 maya 3227 if (SSHv1(pvar)) {
1219     if (pvar->crypt_state.server_key.RSA_key == NULL
1220     || pvar->crypt_state.host_key.RSA_key == NULL) {
1221     UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1222     strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1223     } else {
1224 yutakapon 8316 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1225     RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1226    
1227 maya 3227 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1228     "%d-bit server key, %d-bit host key");
1229     _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1230 yutakapon 8316 BN_num_bits(server_n),
1231     BN_num_bits(host_n));
1232 maya 3227 }
1233     } else { // SSH2
1234 maya 4313 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1235     "%d-bit client key, %d-bit server key");
1236 maya 3227 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1237 maya 4313 pvar->client_key_bits,
1238     pvar->server_key_bits);
1239 maya 3227 }
1240     }
1241    
1242 maya 4307 static void destroy_public_key(CRYPTPublicKey * key)
1243 maya 3227 {
1244     if (key->RSA_key != NULL) {
1245     RSA_free(key->RSA_key);
1246     key->RSA_key = NULL;
1247     }
1248     }
1249    
1250 maya 4307 void CRYPT_free_public_key(CRYPTPublicKey * key)
1251 maya 3227 {
1252     destroy_public_key(key);
1253     free(key);
1254     }
1255    
1256     void CRYPT_end(PTInstVar pvar)
1257     {
1258 doda 7133 free(encbuff);
1259     encbuff = NULL;
1260     encbufflen = 0;
1261    
1262 maya 3227 destroy_public_key(&pvar->crypt_state.host_key);
1263     destroy_public_key(&pvar->crypt_state.server_key);
1264    
1265     if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1266 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1267 nmaya 9209 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1268 maya 3227 free(pvar->crypt_state.detect_attack_statics.h);
1269     }
1270    
1271 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1272 nmaya 9209 sizeof(pvar->crypt_state.sender_cipher_key));
1273 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1274 nmaya 9209 sizeof(pvar->crypt_state.receiver_cipher_key));
1275 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.server_cookie,
1276 nmaya 9209 sizeof(pvar->crypt_state.server_cookie));
1277 yutakapon 6229 SecureZeroMemory(pvar->crypt_state.client_cookie,
1278 nmaya 9209 sizeof(pvar->crypt_state.client_cookie));
1279 yutakapon 6229 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1280     SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1281 maya 3227 }
1282    
1283 doda 6801 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1284     char *buf, int bytes)
1285 maya 3227 {
1286     unsigned char passphrase_key[16];
1287    
1288     MD5(passphrase, strlen(passphrase), passphrase_key);
1289    
1290     switch (cipher) {
1291     case SSH_CIPHER_3DES:{
1292     Cipher3DESState state;
1293    
1294 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1295 maya 3227 &state.k1);
1296 doda 6801 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1297 maya 3227 &state.k2);
1298 doda 6801 DES_set_key((const_DES_cblock *) passphrase_key,
1299 maya 3227 &state.k3);
1300 doda 7003 SecureZeroMemory(state.ivec1, 8);
1301     SecureZeroMemory(state.ivec2, 8);
1302     SecureZeroMemory(state.ivec3, 8);
1303 maya 3227 DES_ncbc_encrypt(buf, buf, bytes,
1304     &state.k3, &state.ivec3, DES_DECRYPT);
1305     DES_ncbc_encrypt(buf, buf, bytes,
1306     &state.k2, &state.ivec2, DES_ENCRYPT);
1307     DES_ncbc_encrypt(buf, buf, bytes,
1308     &state.k1, &state.ivec1, DES_DECRYPT);
1309     break;
1310     }
1311    
1312     case SSH_CIPHER_DES:{
1313     CipherDESState state;
1314    
1315     cDES_init(passphrase_key, &state);
1316     DES_ncbc_encrypt(buf, buf, bytes,
1317     &state.k, &state.ivec, DES_DECRYPT);
1318     break;
1319     }
1320    
1321     case SSH_CIPHER_BLOWFISH:{
1322     CipherBlowfishState state;
1323    
1324     BF_set_key(&state.k, 16, passphrase_key);
1325 doda 7003 SecureZeroMemory(state.ivec, 8);
1326 maya 3227 flip_endianness(buf, bytes);
1327     BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1328 nmaya 9209 BF_DECRYPT);
1329 maya 3227 flip_endianness(buf, bytes);
1330     break;
1331     }
1332    
1333     case SSH_CIPHER_NONE:
1334     break;
1335    
1336     default:
1337 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1338 maya 3227 return 0;
1339     }
1340    
1341 yutakapon 6229 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1342 maya 3227 return 1;
1343     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help