Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2728 - (show annotations) (download) (as text)
Sun Nov 14 15:53:21 2004 UTC (19 years, 5 months ago) by yutakakn
Original Path: ttssh2/branches/avendor/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 35741 byte(s) 
no message
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include "cipher.h"
41 #include "ssh.h"
42
43 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
44 #define get_uint32(buf) get_uint32_MSBfirst((buf))
45
46 #define DEATTACK_OK 0
47 #define DEATTACK_DETECTED 1
48
49 /*
50 * $Id: crypt.c,v 1.1.1.1 2004-11-14 15:53:14 yutakakn Exp $ Cryptographic attack
51 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
52 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
53 */
54
55 /* SSH Constants */
56 #define SSH_BLOCKSIZE 8
57
58 /* Hashing constants */
59 #define HASH_MINSIZE 8*2048
60 #define HASH_ENTRYSIZE 4
61 #define HASH_FACTOR(x) ((x)*3/2)
62 #define HASH_UNUSEDCHAR 0xff
63 #define HASH_UNUSED 0xffffffff
64 #define HASH_IV 0xfffffffe
65
66 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
67
68 /* Hash function (Input keys are cipher results) */
69 #define HASH(x) get_uint32(x)
70
71 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
72
73
74
75 static void crc_update(uint32 FAR * a, uint32 b)
76 {
77 b ^= *a;
78 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
79 }
80
81 /* check_crc
82 detects if a block is used in a particular pattern
83 */
84
85 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
86 uint32 len, unsigned char FAR * IV)
87 {
88 uint32 crc;
89 unsigned char FAR *c;
90
91 crc = 0;
92 if (IV && !CMP(S, IV)) {
93 crc_update(&crc, 1);
94 crc_update(&crc, 0);
95 }
96 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
97 if (!CMP(S, c)) {
98 crc_update(&crc, 1);
99 crc_update(&crc, 0);
100 } else {
101 crc_update(&crc, 0);
102 crc_update(&crc, 0);
103 }
104 }
105
106 return crc == 0;
107 }
108
109
110 /*
111 detect_attack
112 Detects a crc32 compensation attack on a packet
113 */
114 static int detect_attack(CRYPTDetectAttack FAR * statics,
115 unsigned char FAR * buf, uint32 len,
116 unsigned char *FAR IV)
117 {
118 uint32 FAR *h = statics->h;
119 uint32 n = statics->n;
120 uint32 i, j;
121 uint32 l;
122 unsigned char FAR *c;
123 unsigned char FAR *d;
124
125 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
126 }
127
128 if (h == NULL) {
129 n = l;
130 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
131 } else {
132 if (l > n) {
133 n = l;
134 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
135 }
136 }
137
138 statics->h = h;
139 statics->n = n;
140
141 if (len <= HASH_MINBLOCKS) {
142 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
143 if (IV && (!CMP(c, IV))) {
144 if ((check_crc(c, buf, len, IV)))
145 return DEATTACK_DETECTED;
146 else
147 break;
148 }
149 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
150 if (!CMP(c, d)) {
151 if ((check_crc(c, buf, len, IV)))
152 return DEATTACK_DETECTED;
153 else
154 break;
155 }
156 }
157 }
158 return (DEATTACK_OK);
159 }
160 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
161
162 if (IV) {
163 h[HASH(IV) & (n - 1)] = HASH_IV;
164 }
165
166 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
167 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
168 i = (i + 1) & (n - 1)) {
169 if (h[i] == HASH_IV) {
170 if (!CMP(c, IV)) {
171 if (check_crc(c, buf, len, IV))
172 return DEATTACK_DETECTED;
173 else
174 break;
175 }
176 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
177 if (check_crc(c, buf, len, IV))
178 return DEATTACK_DETECTED;
179 else
180 break;
181 }
182 }
183 h[i] = j;
184 }
185
186 return DEATTACK_OK;
187 }
188
189 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
190 int bytes)
191 {
192 if (SSHv1(pvar)) {
193 switch (pvar->crypt_state.sender_cipher) {
194 case SSH_CIPHER_NONE:
195 return FALSE;
196 case SSH_CIPHER_IDEA:
197 return detect_attack(&pvar->crypt_state.detect_attack_statics,
198 buf, bytes,
199 pvar->crypt_state.dec.cIDEA.ivec) ==
200 DEATTACK_DETECTED;
201 default:
202 return detect_attack(&pvar->crypt_state.detect_attack_statics,
203 buf, bytes, NULL) == DEATTACK_DETECTED;
204 }
205 } else {
206 return FALSE;
207 }
208 }
209
210 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
211 {
212 }
213
214
215 // for SSH2(yutaka)
216 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
217 int bytes)
218 {
219 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
220 unsigned char *newbuf = malloc(bytes);
221 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
222
223 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
224 if (bytes == 0)
225 return;
226
227 if (newbuf == NULL)
228 return;
229
230 if (bytes % block_size) {
231 char tmp[80];
232 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
233 notify_fatal_error(pvar, tmp);
234 goto error;
235 }
236
237 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
238 // TODO: failure
239 notify_fatal_error(pvar, "AES128 encrypt error(2)");
240
241 } else {
242 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
243 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
244 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
245
246 //debug_print(50, key, 24);
247 //debug_print(51, iv, 8);
248 //debug_print(52, buf, bytes);
249 //debug_print(53, newbuf, bytes);
250
251 memcpy(buf, newbuf, bytes);
252 }
253
254 error:
255 free(newbuf);
256 }
257
258 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
259 int bytes)
260 {
261 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
262 unsigned char *newbuf = malloc(bytes);
263 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
264
265 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
266 if (bytes == 0)
267 return;
268
269 if (newbuf == NULL)
270 return;
271
272 if (bytes % block_size) {
273 char tmp[80];
274 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
275 notify_fatal_error(pvar, tmp);
276 goto error;
277 }
278
279 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
280 // TODO:
281 notify_fatal_error(pvar, "AES128 decrypt error(2)");
282
283 } else {
284 #if 0
285 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
286 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
287 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
288
289 {
290 static int no = 70;
291 debug_print(no, buf, bytes);
292 //debug_print(no, key, AES128_KEYLEN);
293 //debug_print(10*no, iv, AES128_IVLEN);
294 debug_print(30*no, newbuf, bytes);
295 no++;
296 }
297 #endif
298
299 memcpy(buf, newbuf, bytes);
300 }
301
302 error:;
303 free(newbuf);
304 }
305
306
307
308 // for SSH2(yutaka)
309 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
310 int bytes)
311 {
312 unsigned char key[24], iv[8];
313 unsigned char *newbuf = malloc(bytes);
314
315 if (newbuf == NULL)
316 return;
317
318 #if 1
319
320 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
321 // TODO: failure
322 } else {
323 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
324 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
325 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
326
327 //debug_print(50, key, 24);
328 //debug_print(51, iv, 8);
329 //debug_print(52, buf, bytes);
330 //debug_print(53, newbuf, bytes);
331
332 memcpy(buf, newbuf, bytes);
333 }
334 free(newbuf);
335 #else
336
337 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
338 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
339 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
340
341 //debug_print(50, key, 24);
342 //debug_print(51, iv, 8);
343 //debug_print(52, buf, bytes);
344
345 #if 0
346 DES_ede3_cbc_encrypt(
347 buf, newbuf, bytes,
348 (DES_key_schedule *)&key[0],
349 (DES_key_schedule *)&key[8],
350 (DES_key_schedule *)&key[16],
351 (DES_cblock *)iv,
352 DES_ENCRYPT);
353 #else
354 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
355 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
356 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
357
358 #endif
359
360 //debug_print(53, newbuf, bytes);
361
362 memcpy(buf, newbuf, bytes);
363 free(newbuf);
364
365 #endif
366 }
367
368 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
369 int bytes)
370 {
371 unsigned char key[24], iv[8];
372 unsigned char *newbuf = malloc(bytes);
373
374 if (newbuf == NULL)
375 return;
376
377 #if 1
378 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
379 // TODO:
380
381 } else {
382 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
383 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
384 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
385
386 //debug_print(70, key, 24);
387 //debug_print(71, iv, 8);
388 //debug_print(72, buf, bytes);
389 //debug_print(73, newbuf, bytes);
390
391 memcpy(buf, newbuf, bytes);
392 }
393 free(newbuf);
394
395 #else
396 unsigned char *key, iv[8];
397 unsigned char *newbuf = malloc(bytes);
398 if (newbuf == NULL)
399 return;
400
401 key = pvar->ssh2_keys[MODE_IN].enc.key;
402 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
403 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
404
405 //debug_print(60, key, 24);
406 //debug_print(61, iv, 8);
407 //debug_print(62, buf, bytes);
408
409 DES_ede3_cbc_encrypt(
410 buf, newbuf, bytes,
411 (DES_key_schedule *)&key[0],
412 (DES_key_schedule *)&key[8],
413 (DES_key_schedule *)&key[16],
414 (DES_cblock *)iv,
415 DES_DECRYPT);
416
417 //debug_print(63, newbuf, bytes);
418
419 memcpy(buf, newbuf, bytes);
420
421 free(newbuf);
422 #endif
423 }
424
425
426 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
427 int bytes)
428 {
429 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
430
431 DES_ncbc_encrypt(buf, buf, bytes,
432 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
433 DES_ncbc_encrypt(buf, buf, bytes,
434 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
435 DES_ncbc_encrypt(buf, buf, bytes,
436 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
437 }
438
439 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
440 int bytes)
441 {
442 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
443
444 DES_ncbc_encrypt(buf, buf, bytes,
445 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
446 DES_ncbc_encrypt(buf, buf, bytes,
447 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
448 DES_ncbc_encrypt(buf, buf, bytes,
449 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
450 }
451
452 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
453 int bytes)
454 {
455 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
456
457 DES_ncbc_encrypt(buf, buf, bytes,
458 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
459 }
460
461 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
462 int bytes)
463 {
464 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
465
466 DES_ncbc_encrypt(buf, buf, bytes,
467 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
468 }
469
470 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
471 int bytes)
472 {
473 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
474 int num = 0;
475
476 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
477 encryptstate->ivec, &num, IDEA_ENCRYPT);
478 }
479
480 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
481 int bytes)
482 {
483 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
484 int num = 0;
485
486 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
487 decryptstate->ivec, &num, IDEA_DECRYPT);
488 }
489
490 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
491 {
492 uint32 FAR *buf = (uint32 FAR *) cbuf;
493 int count = bytes / 4;
494
495 while (count > 0) {
496 uint32 w = *buf;
497
498 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
499 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
500 count--;
501 buf++;
502 }
503 }
504
505 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
506 int bytes)
507 {
508 CipherBlowfishState FAR *encryptstate =
509 &pvar->crypt_state.enc.cBlowfish;
510
511 flip_endianness(buf, bytes);
512 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
513 BF_ENCRYPT);
514 flip_endianness(buf, bytes);
515 }
516
517 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
518 int bytes)
519 {
520 CipherBlowfishState FAR *decryptstate =
521 &pvar->crypt_state.dec.cBlowfish;
522
523 flip_endianness(buf, bytes);
524 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
525 BF_DECRYPT);
526 flip_endianness(buf, bytes);
527 }
528
529 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
530 int bytes)
531 {
532 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
533 int num = 0;
534
535 RC4(&encryptstate->k, bytes, buf, buf);
536 }
537
538 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
539 int bytes)
540 {
541 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
542 int num = 0;
543
544 RC4(&decryptstate->k, bytes, buf, buf);
545 }
546
547 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
548 int bytes)
549 {
550 RAND_bytes(buf, bytes);
551 }
552
553 void CRYPT_initialize_random_numbers(PTInstVar pvar)
554 {
555 RAND_screen();
556 }
557
558 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
559 {
560 int bits = get_ushort16_MSBfirst(bytes);
561
562 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
563 }
564
565 static RSA FAR *make_key(PTInstVar pvar,
566 int bits, unsigned char FAR * exp,
567 unsigned char FAR * mod)
568 {
569 RSA FAR *key = RSA_new();
570
571 if (key != NULL) {
572 key->e = get_bignum(exp);
573 key->n = get_bignum(mod);
574 }
575
576 if (key == NULL || key->e == NULL || key->n == NULL) {
577 notify_fatal_error(pvar, "Error setting up RSA keys");
578
579 if (key != NULL) {
580 if (key->e != NULL) {
581 BN_free(key->e);
582 }
583 if (key->n != NULL) {
584 BN_free(key->n);
585 }
586 RSA_free(key);
587 }
588
589 return NULL;
590 } else {
591 return key;
592 }
593 }
594
595 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
596 {
597 if (SSHv1(pvar)) {
598 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
599 } else {
600 memcpy(pvar->crypt_state.server_cookie, cookie,
601 SSH2_COOKIE_LENGTH);
602 }
603 }
604
605 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
606 {
607 if (SSHv2(pvar)) {
608 memcpy(pvar->crypt_state.client_cookie, cookie,
609 SSH2_COOKIE_LENGTH);
610 }
611 }
612
613 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
614 int bits, unsigned char FAR * exp,
615 unsigned char FAR * mod)
616 {
617 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
618
619 return pvar->crypt_state.server_key.RSA_key != NULL;
620 }
621
622 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
623 int bits, unsigned char FAR * exp,
624 unsigned char FAR * mod)
625 {
626 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
627
628 return pvar->crypt_state.host_key.RSA_key != NULL;
629 }
630
631 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
632 int receiver_ciphers)
633 {
634 int cipher_mask;
635
636 if (SSHv1(pvar)) {
637 cipher_mask = (1 << SSH_CIPHER_DES)
638 | (1 << SSH_CIPHER_3DES)
639 | (1 << SSH_CIPHER_BLOWFISH);
640
641 } else { // for SSH2(yutaka)
642 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
643 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
644
645 }
646
647 sender_ciphers &= cipher_mask;
648 receiver_ciphers &= cipher_mask;
649 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
650 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
651
652 if (sender_ciphers == 0) {
653 notify_fatal_error(pvar,
654 "The server does not support any of the TTSSH encryption algorithms.\n"
655 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
656 "The connection will be closed.");
657 return FALSE;
658 } else if (receiver_ciphers == 0) {
659 notify_fatal_error(pvar,
660 "The server does not support any of the TTSSH encryption algorithms.\n"
661 "A secure connection cannot be made in the server-to-TTSSH direction.\n"
662 "The connection will be closed.");
663 return FALSE;
664 } else {
665 return TRUE;
666 }
667 }
668
669 int CRYPT_get_decryption_block_size(PTInstVar pvar)
670 {
671 if (SSHv1(pvar)) {
672 return 8;
673 } else {
674 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
675 // cf. 3DES=8, AES128=16
676 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
677 }
678 }
679
680 int CRYPT_get_encryption_block_size(PTInstVar pvar)
681 {
682 if (SSHv1(pvar)) {
683 return 8;
684 } else {
685 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
686 // cf. 3DES=8, AES128=16
687 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
688 }
689 }
690
691 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
692 {
693 struct Mac *mac;
694
695 if (SSHv1(pvar)) {
696 return 0;
697
698 } else { // for SSH2(yutaka)
699 mac = &pvar->ssh2_keys[MODE_IN].mac;
700 if (mac == NULL || mac->enabled == 0)
701 return 0;
702
703 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
704 }
705
706 }
707
708 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
709 char FAR * data, int len, char FAR * MAC)
710 {
711 return TRUE;
712 }
713
714 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
715 {
716 struct Mac *mac;
717
718 if (SSHv2(pvar)) { // for SSH2(yutaka)
719 mac = &pvar->ssh2_keys[MODE_OUT].mac;
720 if (mac == NULL || mac->enabled == 0)
721 return 0;
722
723 return (mac->mac_len);
724 }
725
726 return 0;
727 }
728
729 // for SSH2
730 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
731 char FAR * data, int len, char FAR * MAC)
732 {
733 HMAC_CTX c;
734 static u_char m[EVP_MAX_MD_SIZE];
735 u_char b[4];
736 struct Mac *mac;
737
738 if (SSHv2(pvar)) { // for SSH2(yutaka)
739 mac = &pvar->ssh2_keys[MODE_OUT].mac;
740 if (mac == NULL || mac->enabled == 0)
741 return FALSE;
742
743 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
744 set_uint32_MSBfirst(b, sequence_number);
745 HMAC_Update(&c, b, sizeof(b));
746 HMAC_Update(&c, data, len);
747 HMAC_Final(&c, m, NULL);
748 HMAC_cleanup(&c);
749
750 // 20�o�C�g�������R�s�[
751 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
752 // memcpy(MAC, m, sizeof(m));
753
754 return TRUE;
755 }
756
757 return TRUE;
758
759 }
760
761 static int choose_cipher(PTInstVar pvar, int supported)
762 {
763 int i;
764
765 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
766 int cipher = pvar->session_settings.CipherOrder[i] - '0';
767
768 if (cipher == SSH_CIPHER_NONE) {
769 break;
770 } else if ((supported & (1 << cipher)) != 0) {
771 return cipher;
772 }
773 }
774
775 return SSH_CIPHER_NONE;
776 }
777
778 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
779 {
780 if (SSHv1(pvar)) {
781 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
782 pvar->crypt_state.
783 supported_sender_ciphers);
784 pvar->crypt_state.receiver_cipher =
785 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
786
787 } else { // SSH2(yutaka)
788 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
789 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
790
791 }
792
793 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
794 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
795 notify_fatal_error(pvar,
796 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
797 "To communicate with this server, you will have to enable some more ciphers\n"
798 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
799 "This connection will now close.");
800 return FALSE;
801 } else {
802 return TRUE;
803 }
804 }
805
806 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
807 {
808 int server_key_bits =
809 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
810 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
811 int server_key_bytes = (server_key_bits + 7) / 8;
812 int host_key_bytes = (host_key_bits + 7) / 8;
813
814 if (server_key_bits < host_key_bits) {
815 return host_key_bytes;
816 } else {
817 return server_key_bytes;
818 }
819 }
820
821 int CRYPT_choose_session_key(PTInstVar pvar,
822 unsigned char FAR * encrypted_key_buf)
823 {
824 int server_key_bits =
825 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
826 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
827 int server_key_bytes = (server_key_bits + 7) / 8;
828 int host_key_bytes = (host_key_bits + 7) / 8;
829 int encrypted_key_bytes;
830 int bit_delta;
831
832 if (server_key_bits < host_key_bits) {
833 encrypted_key_bytes = host_key_bytes;
834 bit_delta = host_key_bits - server_key_bits;
835 } else {
836 encrypted_key_bytes = server_key_bytes;
837 bit_delta = server_key_bits - host_key_bits;
838 }
839
840 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
841 notify_fatal_error(pvar,
842 "Server RSA keys are too weak. A secure connection cannot be established.");
843 return 0;
844 } else {
845 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
846 for the session ID, rather than the one specified in the RFC */
847 int session_buf_len = server_key_bytes + host_key_bytes + 8;
848 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
849 char session_id[16];
850 int i;
851
852 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
853 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
854 session_buf + host_key_bytes);
855 memcpy(session_buf + server_key_bytes + host_key_bytes,
856 pvar->crypt_state.server_cookie, 8);
857 MD5(session_buf, session_buf_len, session_id);
858
859 free(session_buf);
860
861 RAND_bytes(pvar->crypt_state.sender_cipher_key,
862 SSH_SESSION_KEY_LENGTH);
863 memcpy(pvar->crypt_state.receiver_cipher_key,
864 pvar->crypt_state.sender_cipher_key,
865 SSH_SESSION_KEY_LENGTH);
866
867 memcpy(encrypted_key_buf + encrypted_key_bytes -
868 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
869 SSH_SESSION_KEY_LENGTH);
870 for (i = 0; i < sizeof(session_id); i++) {
871 encrypted_key_buf[encrypted_key_bytes -
872 SSH_SESSION_KEY_LENGTH + i]
873 ^= session_id[i];
874 }
875
876 if (host_key_bits > server_key_bits) {
877 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
878 encrypted_key_buf +
879 encrypted_key_bytes -
880 SSH_SESSION_KEY_LENGTH,
881 encrypted_key_buf +
882 encrypted_key_bytes - server_key_bytes,
883 pvar->crypt_state.server_key.RSA_key,
884 RSA_PKCS1_PADDING) < 0)
885 return 0;
886
887 if (RSA_public_encrypt(server_key_bytes,
888 encrypted_key_buf +
889 encrypted_key_bytes - server_key_bytes,
890 encrypted_key_buf,
891 pvar->crypt_state.host_key.RSA_key,
892 RSA_PKCS1_PADDING) < 0)
893 return 0;
894 } else {
895 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
896 encrypted_key_buf +
897 encrypted_key_bytes -
898 SSH_SESSION_KEY_LENGTH,
899 encrypted_key_buf +
900 encrypted_key_bytes - host_key_bytes,
901 pvar->crypt_state.host_key.RSA_key,
902 RSA_PKCS1_PADDING) < 0)
903 return 0;
904
905 if (RSA_public_encrypt(host_key_bytes,
906 encrypted_key_buf +
907 encrypted_key_bytes - host_key_bytes,
908 encrypted_key_buf,
909 pvar->crypt_state.server_key.RSA_key,
910 RSA_PKCS1_PADDING) < 0)
911 return 0;
912 }
913 }
914
915 return 1;
916 }
917
918 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
919 unsigned char FAR * challenge,
920 int challenge_len,
921 unsigned char FAR * response)
922 {
923 int server_key_bits =
924 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
925 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
926 int server_key_bytes = (server_key_bits + 7) / 8;
927 int host_key_bytes = (host_key_bits + 7) / 8;
928 int session_buf_len = server_key_bytes + host_key_bytes + 8;
929 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
930 char decrypted_challenge[48];
931 int decrypted_challenge_len;
932
933 decrypted_challenge_len =
934 RSA_private_decrypt(challenge_len, challenge, challenge,
935 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
936 RSA_PKCS1_PADDING);
937 if (decrypted_challenge_len < 0) {
938 free(session_buf);
939 return 0;
940 }
941 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
942 memcpy(decrypted_challenge,
943 challenge + decrypted_challenge_len -
944 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
945 } else {
946 memset(decrypted_challenge, 0,
947 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
948 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
949 decrypted_challenge_len, challenge,
950 decrypted_challenge_len);
951 }
952
953 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
954 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
955 session_buf + host_key_bytes);
956 memcpy(session_buf + server_key_bytes + host_key_bytes,
957 pvar->crypt_state.server_cookie, 8);
958 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
959
960 free(session_buf);
961
962 MD5(decrypted_challenge, 48, response);
963
964 return 1;
965 }
966
967 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
968 {
969 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
970 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
971 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
972 memset(state->ivec1, 0, 8);
973 memset(state->ivec2, 0, 8);
974 memset(state->ivec3, 0, 8);
975 }
976
977 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
978 {
979 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
980 memset(state->ivec, 0, 8);
981 }
982
983 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
984 {
985 idea_set_encrypt_key(session_key, &state->k);
986 memset(state->ivec, 0, 8);
987 }
988
989 static void cBlowfish_init(char FAR * session_key,
990 CipherBlowfishState FAR * state)
991 {
992 BF_set_key(&state->k, 32, session_key);
993 memset(state->ivec, 0, 8);
994 }
995
996
997 //
998 // SSH2�p�A���S���Y����������
999 //
1000 // for SSH2(yutaka)
1001 //
1002 void cipher_init_SSH2(
1003 EVP_CIPHER_CTX *evp,
1004 const u_char *key, u_int keylen,
1005 const u_char *iv, u_int ivlen,
1006 int encrypt,
1007 const EVP_CIPHER *(*func)(void)
1008 )
1009 {
1010 EVP_CIPHER *type;
1011 int klen;
1012
1013 type = (EVP_CIPHER *)func();
1014
1015 EVP_CIPHER_CTX_init(evp);
1016 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1017 // TODO:
1018 }
1019
1020 klen = EVP_CIPHER_CTX_key_length(evp);
1021 if (klen > 0 && keylen != klen) {
1022 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1023 // TODO:
1024 }
1025 }
1026 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1027 // TODO:
1028 }
1029 }
1030
1031
1032 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1033 {
1034 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1035 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1036 BOOL isOK = TRUE;
1037
1038 if (sender_flag) {
1039 switch (pvar->crypt_state.sender_cipher) {
1040 // for SSH2(yutaka)
1041 case SSH_CIPHER_3DES_CBC:
1042 {
1043 struct Enc *enc;
1044
1045 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1046 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1047 enc->key, 24, enc->iv, 8,
1048 CIPHER_ENCRYPT,
1049 EVP_des_ede3_cbc);
1050
1051 //debug_print(10, enc->key, 24);
1052 //debug_print(11, enc->iv, 24);
1053
1054 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1055 break;
1056 }
1057
1058 // for SSH2(yutaka)
1059 case SSH_CIPHER_AES128:
1060 {
1061 struct Enc *enc;
1062
1063 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1064 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1065 enc->key, 16, enc->iv, 16,
1066 CIPHER_ENCRYPT,
1067 EVP_aes_128_cbc);
1068
1069 //debug_print(10, enc->key, 24);
1070 //debug_print(11, enc->iv, 24);
1071
1072 pvar->crypt_state.encrypt = cAES128_encrypt;
1073 break;
1074 }
1075
1076 case SSH_CIPHER_3DES:{
1077 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1078 pvar->crypt_state.encrypt = c3DES_encrypt;
1079 break;
1080 }
1081 case SSH_CIPHER_IDEA:{
1082 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1083 pvar->crypt_state.encrypt = cIDEA_encrypt;
1084 break;
1085 }
1086 case SSH_CIPHER_DES:{
1087 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1088 pvar->crypt_state.encrypt = cDES_encrypt;
1089 break;
1090 }
1091 case SSH_CIPHER_RC4:{
1092 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1093 encryption_key + 16);
1094 pvar->crypt_state.encrypt = cRC4_encrypt;
1095 break;
1096 }
1097 case SSH_CIPHER_BLOWFISH:{
1098 cBlowfish_init(encryption_key,
1099 &pvar->crypt_state.enc.cBlowfish);
1100 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1101 break;
1102 }
1103 default:
1104 isOK = FALSE;
1105 }
1106 }
1107
1108
1109 if (receiver_flag) {
1110 switch (pvar->crypt_state.receiver_cipher) {
1111 // for SSH2(yutaka)
1112 case SSH_CIPHER_3DES_CBC:
1113 {
1114 struct Enc *enc;
1115
1116 enc = &pvar->ssh2_keys[MODE_IN].enc;
1117 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1118 enc->key, 24, enc->iv, 8,
1119 CIPHER_DECRYPT,
1120 EVP_des_ede3_cbc);
1121
1122 //debug_print(12, enc->key, 24);
1123 //debug_print(13, enc->iv, 24);
1124
1125 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1126 break;
1127 }
1128
1129 // for SSH2(yutaka)
1130 case SSH_CIPHER_AES128:
1131 {
1132 struct Enc *enc;
1133
1134 enc = &pvar->ssh2_keys[MODE_IN].enc;
1135 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1136 enc->key, 16, enc->iv, 16,
1137 CIPHER_DECRYPT,
1138 EVP_aes_128_cbc);
1139
1140 //debug_print(12, enc->key, 24);
1141 //debug_print(13, enc->iv, 24);
1142
1143 pvar->crypt_state.decrypt = cAES128_decrypt;
1144 break;
1145 }
1146
1147 case SSH_CIPHER_3DES:{
1148 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1149 pvar->crypt_state.decrypt = c3DES_decrypt;
1150 break;
1151 }
1152 case SSH_CIPHER_IDEA:{
1153 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1154 pvar->crypt_state.decrypt = cIDEA_decrypt;
1155 break;
1156 }
1157 case SSH_CIPHER_DES:{
1158 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1159 pvar->crypt_state.decrypt = cDES_decrypt;
1160 break;
1161 }
1162 case SSH_CIPHER_RC4:{
1163 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1164 pvar->crypt_state.decrypt = cRC4_decrypt;
1165 break;
1166 }
1167 case SSH_CIPHER_BLOWFISH:{
1168 cBlowfish_init(decryption_key,
1169 &pvar->crypt_state.dec.cBlowfish);
1170 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1171 break;
1172 }
1173 default:
1174 isOK = FALSE;
1175 }
1176 }
1177
1178
1179 if (!isOK) {
1180 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1181 return FALSE;
1182 } else {
1183 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1184 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1185 return TRUE;
1186 }
1187 }
1188
1189 void CRYPT_init(PTInstVar pvar)
1190 {
1191 pvar->crypt_state.encrypt = no_encrypt;
1192 pvar->crypt_state.decrypt = no_encrypt;
1193 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1194 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1195 pvar->crypt_state.server_key.RSA_key = NULL;
1196 pvar->crypt_state.host_key.RSA_key = NULL;
1197
1198 pvar->crypt_state.detect_attack_statics.h = NULL;
1199 pvar->crypt_state.detect_attack_statics.n =
1200 HASH_MINSIZE / HASH_ENTRYSIZE;
1201 }
1202
1203 static char FAR *get_cipher_name(int cipher)
1204 {
1205 switch (cipher) {
1206 case SSH_CIPHER_NONE:
1207 return "None";
1208 case SSH_CIPHER_3DES:
1209 return "3DES (168 key bits)";
1210 case SSH_CIPHER_DES:
1211 return "DES (56 key bits)";
1212 case SSH_CIPHER_IDEA:
1213 return "IDEA (128 key bits)";
1214 case SSH_CIPHER_RC4:
1215 return "RC4 (128 key bits)";
1216 case SSH_CIPHER_BLOWFISH:
1217 return "Blowfish (256 key bits)";
1218
1219 // SSH2
1220 case SSH_CIPHER_3DES_CBC:
1221 return "3DES-CBC";
1222 case SSH_CIPHER_AES128:
1223 return "AES128";
1224
1225 default:
1226 return "Unknown";
1227 }
1228 }
1229
1230 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1231 {
1232 _snprintf(dest, len, "%s to server, %s from server",
1233 get_cipher_name(pvar->crypt_state.sender_cipher),
1234 get_cipher_name(pvar->crypt_state.receiver_cipher));
1235 dest[len - 1] = 0;
1236 }
1237
1238 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1239 {
1240 if (SSHv1(pvar)) {
1241 if (pvar->crypt_state.server_key.RSA_key == NULL
1242 || pvar->crypt_state.host_key.RSA_key == NULL) {
1243 strncpy(dest, "None", len);
1244 } else {
1245 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1246 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1247 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1248 }
1249
1250 } else { // SSH2
1251 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1252 pvar->server_key_bits,
1253 pvar->client_key_bits);
1254
1255 }
1256
1257 dest[len - 1] = 0;
1258 }
1259
1260 static void destroy_public_key(CRYPTPublicKey FAR * key)
1261 {
1262 if (key->RSA_key != NULL) {
1263 RSA_free(key->RSA_key);
1264 key->RSA_key = NULL;
1265 }
1266 }
1267
1268 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1269 {
1270 destroy_public_key(key);
1271 free(key);
1272 }
1273
1274 void CRYPT_end(PTInstVar pvar)
1275 {
1276 destroy_public_key(&pvar->crypt_state.host_key);
1277 destroy_public_key(&pvar->crypt_state.server_key);
1278
1279 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1280 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1281 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1282 free(pvar->crypt_state.detect_attack_statics.h);
1283 }
1284
1285 memset(pvar->crypt_state.sender_cipher_key, 0,
1286 sizeof(pvar->crypt_state.sender_cipher_key));
1287 memset(pvar->crypt_state.receiver_cipher_key, 0,
1288 sizeof(pvar->crypt_state.receiver_cipher_key));
1289 memset(pvar->crypt_state.server_cookie, 0,
1290 sizeof(pvar->crypt_state.server_cookie));
1291 memset(pvar->crypt_state.client_cookie, 0,
1292 sizeof(pvar->crypt_state.client_cookie));
1293 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1294 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1295 }
1296
1297 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1298 char FAR * buf, int bytes)
1299 {
1300 unsigned char passphrase_key[16];
1301
1302 MD5(passphrase, strlen(passphrase), passphrase_key);
1303
1304 switch (cipher) {
1305 case SSH_CIPHER_3DES:{
1306 Cipher3DESState state;
1307
1308 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1309 &state.k1);
1310 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1311 &state.k2);
1312 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1313 &state.k3);
1314 memset(state.ivec1, 0, 8);
1315 memset(state.ivec2, 0, 8);
1316 memset(state.ivec3, 0, 8);
1317 DES_ncbc_encrypt(buf, buf, bytes,
1318 &state.k3, &state.ivec3, DES_DECRYPT);
1319 DES_ncbc_encrypt(buf, buf, bytes,
1320 &state.k2, &state.ivec2, DES_ENCRYPT);
1321 DES_ncbc_encrypt(buf, buf, bytes,
1322 &state.k1, &state.ivec1, DES_DECRYPT);
1323 break;
1324 }
1325
1326 case SSH_CIPHER_IDEA:{
1327 CipherIDEAState state;
1328 int num = 0;
1329
1330 cIDEA_init(passphrase_key, &state);
1331 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1332 &num, IDEA_DECRYPT);
1333 break;
1334 }
1335
1336 case SSH_CIPHER_DES:{
1337 CipherDESState state;
1338
1339 cDES_init(passphrase_key, &state);
1340 DES_ncbc_encrypt(buf, buf, bytes,
1341 &state.k, &state.ivec, DES_DECRYPT);
1342 break;
1343 }
1344
1345 case SSH_CIPHER_RC4:{
1346 CipherRC4State state;
1347 int num = 0;
1348
1349 RC4_set_key(&state.k, 16, passphrase_key);
1350 RC4(&state.k, bytes, buf, buf);
1351 break;
1352 }
1353
1354 case SSH_CIPHER_BLOWFISH:{
1355 CipherBlowfishState state;
1356
1357 BF_set_key(&state.k, 16, passphrase_key);
1358 memset(state.ivec, 0, 8);
1359 flip_endianness(buf, bytes);
1360 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1361 BF_DECRYPT);
1362 flip_endianness(buf, bytes);
1363 break;
1364 }
1365
1366 case SSH_CIPHER_NONE:
1367 break;
1368
1369 default:
1370 memset(passphrase_key, 0, sizeof(passphrase_key));
1371 return 0;
1372 }
1373
1374 memset(passphrase_key, 0, sizeof(passphrase_key));
1375 return 1;
1376 }
1377
1378 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1379 {
1380 RSA_free(key_pair->RSA_key);
1381 free(key_pair);
1382 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help