Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2757 - (show annotations) (download) (as text)
Fri Dec 17 14:05:55 2004 UTC (19 years, 3 months ago) by yutakakn
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 36447 byte(s) 
パケット受信時のHMACチェックを追加。
KEXにおけるHMACアルゴリズムチェックを追加。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include "cipher.h"
41 #include "ssh.h"
42
43 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
44 #define get_uint32(buf) get_uint32_MSBfirst((buf))
45
46 #define DEATTACK_OK 0
47 #define DEATTACK_DETECTED 1
48
49 /*
50 * $Id: crypt.c,v 1.2 2004-12-17 14:05:55 yutakakn Exp $ Cryptographic attack
51 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
52 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
53 */
54
55 /* SSH Constants */
56 #define SSH_BLOCKSIZE 8
57
58 /* Hashing constants */
59 #define HASH_MINSIZE 8*2048
60 #define HASH_ENTRYSIZE 4
61 #define HASH_FACTOR(x) ((x)*3/2)
62 #define HASH_UNUSEDCHAR 0xff
63 #define HASH_UNUSED 0xffffffff
64 #define HASH_IV 0xfffffffe
65
66 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
67
68 /* Hash function (Input keys are cipher results) */
69 #define HASH(x) get_uint32(x)
70
71 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
72
73
74
75 static void crc_update(uint32 FAR * a, uint32 b)
76 {
77 b ^= *a;
78 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
79 }
80
81 /* check_crc
82 detects if a block is used in a particular pattern
83 */
84
85 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
86 uint32 len, unsigned char FAR * IV)
87 {
88 uint32 crc;
89 unsigned char FAR *c;
90
91 crc = 0;
92 if (IV && !CMP(S, IV)) {
93 crc_update(&crc, 1);
94 crc_update(&crc, 0);
95 }
96 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
97 if (!CMP(S, c)) {
98 crc_update(&crc, 1);
99 crc_update(&crc, 0);
100 } else {
101 crc_update(&crc, 0);
102 crc_update(&crc, 0);
103 }
104 }
105
106 return crc == 0;
107 }
108
109
110 /*
111 detect_attack
112 Detects a crc32 compensation attack on a packet
113 */
114 static int detect_attack(CRYPTDetectAttack FAR * statics,
115 unsigned char FAR * buf, uint32 len,
116 unsigned char *FAR IV)
117 {
118 uint32 FAR *h = statics->h;
119 uint32 n = statics->n;
120 uint32 i, j;
121 uint32 l;
122 unsigned char FAR *c;
123 unsigned char FAR *d;
124
125 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
126 }
127
128 if (h == NULL) {
129 n = l;
130 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
131 } else {
132 if (l > n) {
133 n = l;
134 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
135 }
136 }
137
138 statics->h = h;
139 statics->n = n;
140
141 if (len <= HASH_MINBLOCKS) {
142 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
143 if (IV && (!CMP(c, IV))) {
144 if ((check_crc(c, buf, len, IV)))
145 return DEATTACK_DETECTED;
146 else
147 break;
148 }
149 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
150 if (!CMP(c, d)) {
151 if ((check_crc(c, buf, len, IV)))
152 return DEATTACK_DETECTED;
153 else
154 break;
155 }
156 }
157 }
158 return (DEATTACK_OK);
159 }
160 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
161
162 if (IV) {
163 h[HASH(IV) & (n - 1)] = HASH_IV;
164 }
165
166 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
167 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
168 i = (i + 1) & (n - 1)) {
169 if (h[i] == HASH_IV) {
170 if (!CMP(c, IV)) {
171 if (check_crc(c, buf, len, IV))
172 return DEATTACK_DETECTED;
173 else
174 break;
175 }
176 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
177 if (check_crc(c, buf, len, IV))
178 return DEATTACK_DETECTED;
179 else
180 break;
181 }
182 }
183 h[i] = j;
184 }
185
186 return DEATTACK_OK;
187 }
188
189 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
190 int bytes)
191 {
192 if (SSHv1(pvar)) {
193 switch (pvar->crypt_state.sender_cipher) {
194 case SSH_CIPHER_NONE:
195 return FALSE;
196 case SSH_CIPHER_IDEA:
197 return detect_attack(&pvar->crypt_state.detect_attack_statics,
198 buf, bytes,
199 pvar->crypt_state.dec.cIDEA.ivec) ==
200 DEATTACK_DETECTED;
201 default:
202 return detect_attack(&pvar->crypt_state.detect_attack_statics,
203 buf, bytes, NULL) == DEATTACK_DETECTED;
204 }
205 } else {
206 return FALSE;
207 }
208 }
209
210 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
211 {
212 }
213
214
215 // for SSH2(yutaka)
216 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
217 int bytes)
218 {
219 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
220 unsigned char *newbuf = malloc(bytes);
221 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
222
223 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
224 if (bytes == 0)
225 return;
226
227 if (newbuf == NULL)
228 return;
229
230 if (bytes % block_size) {
231 char tmp[80];
232 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
233 notify_fatal_error(pvar, tmp);
234 goto error;
235 }
236
237 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
238 // TODO: failure
239 notify_fatal_error(pvar, "AES128 encrypt error(2)");
240
241 } else {
242 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
243 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
244 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
245
246 //debug_print(50, key, 24);
247 //debug_print(51, iv, 8);
248 //debug_print(52, buf, bytes);
249 //debug_print(53, newbuf, bytes);
250
251 memcpy(buf, newbuf, bytes);
252 }
253
254 error:
255 free(newbuf);
256 }
257
258 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
259 int bytes)
260 {
261 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
262 unsigned char *newbuf = malloc(bytes);
263 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
264
265 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
266 if (bytes == 0)
267 return;
268
269 if (newbuf == NULL)
270 return;
271
272 if (bytes % block_size) {
273 char tmp[80];
274 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
275 notify_fatal_error(pvar, tmp);
276 goto error;
277 }
278
279 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
280 // TODO:
281 notify_fatal_error(pvar, "AES128 decrypt error(2)");
282
283 } else {
284 #if 0
285 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
286 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
287 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
288
289 {
290 static int no = 70;
291 debug_print(no, buf, bytes);
292 //debug_print(no, key, AES128_KEYLEN);
293 //debug_print(10*no, iv, AES128_IVLEN);
294 debug_print(30*no, newbuf, bytes);
295 no++;
296 }
297 #endif
298
299 memcpy(buf, newbuf, bytes);
300 }
301
302 error:;
303 free(newbuf);
304 }
305
306
307
308 // for SSH2(yutaka)
309 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
310 int bytes)
311 {
312 unsigned char key[24], iv[8];
313 unsigned char *newbuf = malloc(bytes);
314
315 if (newbuf == NULL)
316 return;
317
318 #if 1
319
320 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
321 // TODO: failure
322 } else {
323 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
324 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
325 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
326
327 //debug_print(50, key, 24);
328 //debug_print(51, iv, 8);
329 //debug_print(52, buf, bytes);
330 //debug_print(53, newbuf, bytes);
331
332 memcpy(buf, newbuf, bytes);
333 }
334 free(newbuf);
335 #else
336
337 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
338 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
339 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
340
341 //debug_print(50, key, 24);
342 //debug_print(51, iv, 8);
343 //debug_print(52, buf, bytes);
344
345 #if 0
346 DES_ede3_cbc_encrypt(
347 buf, newbuf, bytes,
348 (DES_key_schedule *)&key[0],
349 (DES_key_schedule *)&key[8],
350 (DES_key_schedule *)&key[16],
351 (DES_cblock *)iv,
352 DES_ENCRYPT);
353 #else
354 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
355 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
356 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
357
358 #endif
359
360 //debug_print(53, newbuf, bytes);
361
362 memcpy(buf, newbuf, bytes);
363 free(newbuf);
364
365 #endif
366 }
367
368 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
369 int bytes)
370 {
371 unsigned char key[24], iv[8];
372 unsigned char *newbuf = malloc(bytes);
373
374 if (newbuf == NULL)
375 return;
376
377 #if 1
378 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
379 // TODO:
380
381 } else {
382 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
383 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
384 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
385
386 //debug_print(70, key, 24);
387 //debug_print(71, iv, 8);
388 //debug_print(72, buf, bytes);
389 //debug_print(73, newbuf, bytes);
390
391 memcpy(buf, newbuf, bytes);
392 }
393 free(newbuf);
394
395 #else
396 unsigned char *key, iv[8];
397 unsigned char *newbuf = malloc(bytes);
398 if (newbuf == NULL)
399 return;
400
401 key = pvar->ssh2_keys[MODE_IN].enc.key;
402 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
403 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
404
405 //debug_print(60, key, 24);
406 //debug_print(61, iv, 8);
407 //debug_print(62, buf, bytes);
408
409 DES_ede3_cbc_encrypt(
410 buf, newbuf, bytes,
411 (DES_key_schedule *)&key[0],
412 (DES_key_schedule *)&key[8],
413 (DES_key_schedule *)&key[16],
414 (DES_cblock *)iv,
415 DES_DECRYPT);
416
417 //debug_print(63, newbuf, bytes);
418
419 memcpy(buf, newbuf, bytes);
420
421 free(newbuf);
422 #endif
423 }
424
425
426 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
427 int bytes)
428 {
429 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
430
431 DES_ncbc_encrypt(buf, buf, bytes,
432 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
433 DES_ncbc_encrypt(buf, buf, bytes,
434 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
435 DES_ncbc_encrypt(buf, buf, bytes,
436 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
437 }
438
439 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
440 int bytes)
441 {
442 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
443
444 DES_ncbc_encrypt(buf, buf, bytes,
445 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
446 DES_ncbc_encrypt(buf, buf, bytes,
447 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
448 DES_ncbc_encrypt(buf, buf, bytes,
449 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
450 }
451
452 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
453 int bytes)
454 {
455 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
456
457 DES_ncbc_encrypt(buf, buf, bytes,
458 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
459 }
460
461 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
462 int bytes)
463 {
464 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
465
466 DES_ncbc_encrypt(buf, buf, bytes,
467 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
468 }
469
470 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
471 int bytes)
472 {
473 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
474 int num = 0;
475
476 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
477 encryptstate->ivec, &num, IDEA_ENCRYPT);
478 }
479
480 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
481 int bytes)
482 {
483 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
484 int num = 0;
485
486 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
487 decryptstate->ivec, &num, IDEA_DECRYPT);
488 }
489
490 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
491 {
492 uint32 FAR *buf = (uint32 FAR *) cbuf;
493 int count = bytes / 4;
494
495 while (count > 0) {
496 uint32 w = *buf;
497
498 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
499 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
500 count--;
501 buf++;
502 }
503 }
504
505 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
506 int bytes)
507 {
508 CipherBlowfishState FAR *encryptstate =
509 &pvar->crypt_state.enc.cBlowfish;
510
511 flip_endianness(buf, bytes);
512 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
513 BF_ENCRYPT);
514 flip_endianness(buf, bytes);
515 }
516
517 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
518 int bytes)
519 {
520 CipherBlowfishState FAR *decryptstate =
521 &pvar->crypt_state.dec.cBlowfish;
522
523 flip_endianness(buf, bytes);
524 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
525 BF_DECRYPT);
526 flip_endianness(buf, bytes);
527 }
528
529 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
530 int bytes)
531 {
532 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
533 int num = 0;
534
535 RC4(&encryptstate->k, bytes, buf, buf);
536 }
537
538 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
539 int bytes)
540 {
541 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
542 int num = 0;
543
544 RC4(&decryptstate->k, bytes, buf, buf);
545 }
546
547 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
548 int bytes)
549 {
550 RAND_bytes(buf, bytes);
551 }
552
553 void CRYPT_initialize_random_numbers(PTInstVar pvar)
554 {
555 RAND_screen();
556 }
557
558 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
559 {
560 int bits = get_ushort16_MSBfirst(bytes);
561
562 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
563 }
564
565 static RSA FAR *make_key(PTInstVar pvar,
566 int bits, unsigned char FAR * exp,
567 unsigned char FAR * mod)
568 {
569 RSA FAR *key = RSA_new();
570
571 if (key != NULL) {
572 key->e = get_bignum(exp);
573 key->n = get_bignum(mod);
574 }
575
576 if (key == NULL || key->e == NULL || key->n == NULL) {
577 notify_fatal_error(pvar, "Error setting up RSA keys");
578
579 if (key != NULL) {
580 if (key->e != NULL) {
581 BN_free(key->e);
582 }
583 if (key->n != NULL) {
584 BN_free(key->n);
585 }
586 RSA_free(key);
587 }
588
589 return NULL;
590 } else {
591 return key;
592 }
593 }
594
595 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
596 {
597 if (SSHv1(pvar)) {
598 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
599 } else {
600 memcpy(pvar->crypt_state.server_cookie, cookie,
601 SSH2_COOKIE_LENGTH);
602 }
603 }
604
605 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
606 {
607 if (SSHv2(pvar)) {
608 memcpy(pvar->crypt_state.client_cookie, cookie,
609 SSH2_COOKIE_LENGTH);
610 }
611 }
612
613 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
614 int bits, unsigned char FAR * exp,
615 unsigned char FAR * mod)
616 {
617 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
618
619 return pvar->crypt_state.server_key.RSA_key != NULL;
620 }
621
622 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
623 int bits, unsigned char FAR * exp,
624 unsigned char FAR * mod)
625 {
626 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
627
628 return pvar->crypt_state.host_key.RSA_key != NULL;
629 }
630
631 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
632 int receiver_ciphers)
633 {
634 int cipher_mask;
635
636 if (SSHv1(pvar)) {
637 cipher_mask = (1 << SSH_CIPHER_DES)
638 | (1 << SSH_CIPHER_3DES)
639 | (1 << SSH_CIPHER_BLOWFISH);
640
641 } else { // for SSH2(yutaka)
642 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
643 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
644
645 }
646
647 sender_ciphers &= cipher_mask;
648 receiver_ciphers &= cipher_mask;
649 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
650 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
651
652 if (sender_ciphers == 0) {
653 notify_fatal_error(pvar,
654 "The server does not support any of the TTSSH encryption algorithms.\n"
655 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
656 "The connection will be closed.");
657 return FALSE;
658 } else if (receiver_ciphers == 0) {
659 notify_fatal_error(pvar,
660 "The server does not support any of the TTSSH encryption algorithms.\n"
661 "A secure connection cannot be made in the server-to-TTSSH direction.\n"
662 "The connection will be closed.");
663 return FALSE;
664 } else {
665 return TRUE;
666 }
667 }
668
669 int CRYPT_get_decryption_block_size(PTInstVar pvar)
670 {
671 if (SSHv1(pvar)) {
672 return 8;
673 } else {
674 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
675 // cf. 3DES=8, AES128=16
676 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
677 }
678 }
679
680 int CRYPT_get_encryption_block_size(PTInstVar pvar)
681 {
682 if (SSHv1(pvar)) {
683 return 8;
684 } else {
685 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
686 // cf. 3DES=8, AES128=16
687 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
688 }
689 }
690
691 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
692 {
693 struct Mac *mac;
694
695 if (SSHv1(pvar)) {
696 return 0;
697
698 } else { // for SSH2(yutaka)
699 mac = &pvar->ssh2_keys[MODE_IN].mac;
700 if (mac == NULL || mac->enabled == 0)
701 return 0;
702
703 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
704 }
705
706 }
707
708 // HMAC������
709 // ���{������ SSH2 �������g�p�������B
710 // (2004.12.17 yutaka)
711 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
712 char FAR * data, int len, char FAR * MAC)
713 {
714 HMAC_CTX c;
715 unsigned char m[EVP_MAX_MD_SIZE];
716 unsigned char b[4];
717 struct Mac *mac;
718
719 mac = &pvar->ssh2_keys[MODE_IN].mac;
720
721 // HMAC�������L���������������A����OK�����������B
722 if (mac == NULL || mac->enabled == 0)
723 return TRUE;
724
725 if (mac->key == NULL)
726 goto error;
727
728 if ((u_int)mac->mac_len > sizeof(m))
729 goto error;
730
731 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
732 set_uint32_MSBfirst(b, sequence_number);
733 HMAC_Update(&c, b, sizeof(b));
734 HMAC_Update(&c, data, len);
735 HMAC_Final(&c, m, NULL);
736 HMAC_cleanup(&c);
737
738 if (memcmp(m, MAC, mac->mac_len)) {
739 goto error;
740 }
741
742 return TRUE;
743
744 error:
745 return FALSE;
746 }
747
748 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
749 {
750 struct Mac *mac;
751
752 if (SSHv2(pvar)) { // for SSH2(yutaka)
753 mac = &pvar->ssh2_keys[MODE_OUT].mac;
754 if (mac == NULL || mac->enabled == 0)
755 return 0;
756
757 return (mac->mac_len);
758 }
759
760 return 0;
761 }
762
763 // for SSH2
764 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
765 char FAR * data, int len, char FAR * MAC)
766 {
767 HMAC_CTX c;
768 static u_char m[EVP_MAX_MD_SIZE];
769 u_char b[4];
770 struct Mac *mac;
771
772 if (SSHv2(pvar)) { // for SSH2(yutaka)
773 mac = &pvar->ssh2_keys[MODE_OUT].mac;
774 if (mac == NULL || mac->enabled == 0)
775 return FALSE;
776
777 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
778 set_uint32_MSBfirst(b, sequence_number);
779 HMAC_Update(&c, b, sizeof(b));
780 HMAC_Update(&c, data, len);
781 HMAC_Final(&c, m, NULL);
782 HMAC_cleanup(&c);
783
784 // 20�o�C�g�������R�s�[
785 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
786 // memcpy(MAC, m, sizeof(m));
787
788 return TRUE;
789 }
790
791 return TRUE;
792
793 }
794
795 static int choose_cipher(PTInstVar pvar, int supported)
796 {
797 int i;
798
799 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
800 int cipher = pvar->session_settings.CipherOrder[i] - '0';
801
802 if (cipher == SSH_CIPHER_NONE) {
803 break;
804 } else if ((supported & (1 << cipher)) != 0) {
805 return cipher;
806 }
807 }
808
809 return SSH_CIPHER_NONE;
810 }
811
812 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
813 {
814 if (SSHv1(pvar)) {
815 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
816 pvar->crypt_state.
817 supported_sender_ciphers);
818 pvar->crypt_state.receiver_cipher =
819 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
820
821 } else { // SSH2(yutaka)
822 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
823 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
824
825 }
826
827 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
828 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
829 notify_fatal_error(pvar,
830 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
831 "To communicate with this server, you will have to enable some more ciphers\n"
832 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
833 "This connection will now close.");
834 return FALSE;
835 } else {
836 return TRUE;
837 }
838 }
839
840 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
841 {
842 int server_key_bits =
843 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
844 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
845 int server_key_bytes = (server_key_bits + 7) / 8;
846 int host_key_bytes = (host_key_bits + 7) / 8;
847
848 if (server_key_bits < host_key_bits) {
849 return host_key_bytes;
850 } else {
851 return server_key_bytes;
852 }
853 }
854
855 int CRYPT_choose_session_key(PTInstVar pvar,
856 unsigned char FAR * encrypted_key_buf)
857 {
858 int server_key_bits =
859 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
860 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
861 int server_key_bytes = (server_key_bits + 7) / 8;
862 int host_key_bytes = (host_key_bits + 7) / 8;
863 int encrypted_key_bytes;
864 int bit_delta;
865
866 if (server_key_bits < host_key_bits) {
867 encrypted_key_bytes = host_key_bytes;
868 bit_delta = host_key_bits - server_key_bits;
869 } else {
870 encrypted_key_bytes = server_key_bytes;
871 bit_delta = server_key_bits - host_key_bits;
872 }
873
874 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
875 notify_fatal_error(pvar,
876 "Server RSA keys are too weak. A secure connection cannot be established.");
877 return 0;
878 } else {
879 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
880 for the session ID, rather than the one specified in the RFC */
881 int session_buf_len = server_key_bytes + host_key_bytes + 8;
882 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
883 char session_id[16];
884 int i;
885
886 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
887 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
888 session_buf + host_key_bytes);
889 memcpy(session_buf + server_key_bytes + host_key_bytes,
890 pvar->crypt_state.server_cookie, 8);
891 MD5(session_buf, session_buf_len, session_id);
892
893 free(session_buf);
894
895 RAND_bytes(pvar->crypt_state.sender_cipher_key,
896 SSH_SESSION_KEY_LENGTH);
897 memcpy(pvar->crypt_state.receiver_cipher_key,
898 pvar->crypt_state.sender_cipher_key,
899 SSH_SESSION_KEY_LENGTH);
900
901 memcpy(encrypted_key_buf + encrypted_key_bytes -
902 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
903 SSH_SESSION_KEY_LENGTH);
904 for (i = 0; i < sizeof(session_id); i++) {
905 encrypted_key_buf[encrypted_key_bytes -
906 SSH_SESSION_KEY_LENGTH + i]
907 ^= session_id[i];
908 }
909
910 if (host_key_bits > server_key_bits) {
911 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
912 encrypted_key_buf +
913 encrypted_key_bytes -
914 SSH_SESSION_KEY_LENGTH,
915 encrypted_key_buf +
916 encrypted_key_bytes - server_key_bytes,
917 pvar->crypt_state.server_key.RSA_key,
918 RSA_PKCS1_PADDING) < 0)
919 return 0;
920
921 if (RSA_public_encrypt(server_key_bytes,
922 encrypted_key_buf +
923 encrypted_key_bytes - server_key_bytes,
924 encrypted_key_buf,
925 pvar->crypt_state.host_key.RSA_key,
926 RSA_PKCS1_PADDING) < 0)
927 return 0;
928 } else {
929 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
930 encrypted_key_buf +
931 encrypted_key_bytes -
932 SSH_SESSION_KEY_LENGTH,
933 encrypted_key_buf +
934 encrypted_key_bytes - host_key_bytes,
935 pvar->crypt_state.host_key.RSA_key,
936 RSA_PKCS1_PADDING) < 0)
937 return 0;
938
939 if (RSA_public_encrypt(host_key_bytes,
940 encrypted_key_buf +
941 encrypted_key_bytes - host_key_bytes,
942 encrypted_key_buf,
943 pvar->crypt_state.server_key.RSA_key,
944 RSA_PKCS1_PADDING) < 0)
945 return 0;
946 }
947 }
948
949 return 1;
950 }
951
952 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
953 unsigned char FAR * challenge,
954 int challenge_len,
955 unsigned char FAR * response)
956 {
957 int server_key_bits =
958 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
959 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
960 int server_key_bytes = (server_key_bits + 7) / 8;
961 int host_key_bytes = (host_key_bits + 7) / 8;
962 int session_buf_len = server_key_bytes + host_key_bytes + 8;
963 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
964 char decrypted_challenge[48];
965 int decrypted_challenge_len;
966
967 decrypted_challenge_len =
968 RSA_private_decrypt(challenge_len, challenge, challenge,
969 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
970 RSA_PKCS1_PADDING);
971 if (decrypted_challenge_len < 0) {
972 free(session_buf);
973 return 0;
974 }
975 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
976 memcpy(decrypted_challenge,
977 challenge + decrypted_challenge_len -
978 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
979 } else {
980 memset(decrypted_challenge, 0,
981 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
982 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
983 decrypted_challenge_len, challenge,
984 decrypted_challenge_len);
985 }
986
987 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
988 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
989 session_buf + host_key_bytes);
990 memcpy(session_buf + server_key_bytes + host_key_bytes,
991 pvar->crypt_state.server_cookie, 8);
992 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
993
994 free(session_buf);
995
996 MD5(decrypted_challenge, 48, response);
997
998 return 1;
999 }
1000
1001 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1002 {
1003 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1004 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1005 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1006 memset(state->ivec1, 0, 8);
1007 memset(state->ivec2, 0, 8);
1008 memset(state->ivec3, 0, 8);
1009 }
1010
1011 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1012 {
1013 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1014 memset(state->ivec, 0, 8);
1015 }
1016
1017 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1018 {
1019 idea_set_encrypt_key(session_key, &state->k);
1020 memset(state->ivec, 0, 8);
1021 }
1022
1023 static void cBlowfish_init(char FAR * session_key,
1024 CipherBlowfishState FAR * state)
1025 {
1026 BF_set_key(&state->k, 32, session_key);
1027 memset(state->ivec, 0, 8);
1028 }
1029
1030
1031 //
1032 // SSH2�p�A���S���Y����������
1033 //
1034 // for SSH2(yutaka)
1035 //
1036 void cipher_init_SSH2(
1037 EVP_CIPHER_CTX *evp,
1038 const u_char *key, u_int keylen,
1039 const u_char *iv, u_int ivlen,
1040 int encrypt,
1041 const EVP_CIPHER *(*func)(void)
1042 )
1043 {
1044 EVP_CIPHER *type;
1045 int klen;
1046
1047 type = (EVP_CIPHER *)func();
1048
1049 EVP_CIPHER_CTX_init(evp);
1050 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1051 // TODO:
1052 }
1053
1054 klen = EVP_CIPHER_CTX_key_length(evp);
1055 if (klen > 0 && keylen != klen) {
1056 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1057 // TODO:
1058 }
1059 }
1060 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1061 // TODO:
1062 }
1063 }
1064
1065
1066 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1067 {
1068 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1069 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1070 BOOL isOK = TRUE;
1071
1072 if (sender_flag) {
1073 switch (pvar->crypt_state.sender_cipher) {
1074 // for SSH2(yutaka)
1075 case SSH_CIPHER_3DES_CBC:
1076 {
1077 struct Enc *enc;
1078
1079 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1080 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1081 enc->key, 24, enc->iv, 8,
1082 CIPHER_ENCRYPT,
1083 EVP_des_ede3_cbc);
1084
1085 //debug_print(10, enc->key, 24);
1086 //debug_print(11, enc->iv, 24);
1087
1088 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1089 break;
1090 }
1091
1092 // for SSH2(yutaka)
1093 case SSH_CIPHER_AES128:
1094 {
1095 struct Enc *enc;
1096
1097 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1098 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1099 enc->key, 16, enc->iv, 16,
1100 CIPHER_ENCRYPT,
1101 EVP_aes_128_cbc);
1102
1103 //debug_print(10, enc->key, 24);
1104 //debug_print(11, enc->iv, 24);
1105
1106 pvar->crypt_state.encrypt = cAES128_encrypt;
1107 break;
1108 }
1109
1110 case SSH_CIPHER_3DES:{
1111 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1112 pvar->crypt_state.encrypt = c3DES_encrypt;
1113 break;
1114 }
1115 case SSH_CIPHER_IDEA:{
1116 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1117 pvar->crypt_state.encrypt = cIDEA_encrypt;
1118 break;
1119 }
1120 case SSH_CIPHER_DES:{
1121 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1122 pvar->crypt_state.encrypt = cDES_encrypt;
1123 break;
1124 }
1125 case SSH_CIPHER_RC4:{
1126 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1127 encryption_key + 16);
1128 pvar->crypt_state.encrypt = cRC4_encrypt;
1129 break;
1130 }
1131 case SSH_CIPHER_BLOWFISH:{
1132 cBlowfish_init(encryption_key,
1133 &pvar->crypt_state.enc.cBlowfish);
1134 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1135 break;
1136 }
1137 default:
1138 isOK = FALSE;
1139 }
1140 }
1141
1142
1143 if (receiver_flag) {
1144 switch (pvar->crypt_state.receiver_cipher) {
1145 // for SSH2(yutaka)
1146 case SSH_CIPHER_3DES_CBC:
1147 {
1148 struct Enc *enc;
1149
1150 enc = &pvar->ssh2_keys[MODE_IN].enc;
1151 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1152 enc->key, 24, enc->iv, 8,
1153 CIPHER_DECRYPT,
1154 EVP_des_ede3_cbc);
1155
1156 //debug_print(12, enc->key, 24);
1157 //debug_print(13, enc->iv, 24);
1158
1159 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1160 break;
1161 }
1162
1163 // for SSH2(yutaka)
1164 case SSH_CIPHER_AES128:
1165 {
1166 struct Enc *enc;
1167
1168 enc = &pvar->ssh2_keys[MODE_IN].enc;
1169 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1170 enc->key, 16, enc->iv, 16,
1171 CIPHER_DECRYPT,
1172 EVP_aes_128_cbc);
1173
1174 //debug_print(12, enc->key, 24);
1175 //debug_print(13, enc->iv, 24);
1176
1177 pvar->crypt_state.decrypt = cAES128_decrypt;
1178 break;
1179 }
1180
1181 case SSH_CIPHER_3DES:{
1182 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1183 pvar->crypt_state.decrypt = c3DES_decrypt;
1184 break;
1185 }
1186 case SSH_CIPHER_IDEA:{
1187 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1188 pvar->crypt_state.decrypt = cIDEA_decrypt;
1189 break;
1190 }
1191 case SSH_CIPHER_DES:{
1192 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1193 pvar->crypt_state.decrypt = cDES_decrypt;
1194 break;
1195 }
1196 case SSH_CIPHER_RC4:{
1197 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1198 pvar->crypt_state.decrypt = cRC4_decrypt;
1199 break;
1200 }
1201 case SSH_CIPHER_BLOWFISH:{
1202 cBlowfish_init(decryption_key,
1203 &pvar->crypt_state.dec.cBlowfish);
1204 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1205 break;
1206 }
1207 default:
1208 isOK = FALSE;
1209 }
1210 }
1211
1212
1213 if (!isOK) {
1214 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1215 return FALSE;
1216 } else {
1217 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1218 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1219 return TRUE;
1220 }
1221 }
1222
1223 void CRYPT_init(PTInstVar pvar)
1224 {
1225 pvar->crypt_state.encrypt = no_encrypt;
1226 pvar->crypt_state.decrypt = no_encrypt;
1227 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1228 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1229 pvar->crypt_state.server_key.RSA_key = NULL;
1230 pvar->crypt_state.host_key.RSA_key = NULL;
1231
1232 pvar->crypt_state.detect_attack_statics.h = NULL;
1233 pvar->crypt_state.detect_attack_statics.n =
1234 HASH_MINSIZE / HASH_ENTRYSIZE;
1235 }
1236
1237 static char FAR *get_cipher_name(int cipher)
1238 {
1239 switch (cipher) {
1240 case SSH_CIPHER_NONE:
1241 return "None";
1242 case SSH_CIPHER_3DES:
1243 return "3DES (168 key bits)";
1244 case SSH_CIPHER_DES:
1245 return "DES (56 key bits)";
1246 case SSH_CIPHER_IDEA:
1247 return "IDEA (128 key bits)";
1248 case SSH_CIPHER_RC4:
1249 return "RC4 (128 key bits)";
1250 case SSH_CIPHER_BLOWFISH:
1251 return "Blowfish (256 key bits)";
1252
1253 // SSH2
1254 case SSH_CIPHER_3DES_CBC:
1255 return "3DES-CBC";
1256 case SSH_CIPHER_AES128:
1257 return "AES128";
1258
1259 default:
1260 return "Unknown";
1261 }
1262 }
1263
1264 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1265 {
1266 _snprintf(dest, len, "%s to server, %s from server",
1267 get_cipher_name(pvar->crypt_state.sender_cipher),
1268 get_cipher_name(pvar->crypt_state.receiver_cipher));
1269 dest[len - 1] = 0;
1270 }
1271
1272 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1273 {
1274 if (SSHv1(pvar)) {
1275 if (pvar->crypt_state.server_key.RSA_key == NULL
1276 || pvar->crypt_state.host_key.RSA_key == NULL) {
1277 strncpy(dest, "None", len);
1278 } else {
1279 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1280 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1281 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1282 }
1283
1284 } else { // SSH2
1285 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1286 pvar->server_key_bits,
1287 pvar->client_key_bits);
1288
1289 }
1290
1291 dest[len - 1] = 0;
1292 }
1293
1294 static void destroy_public_key(CRYPTPublicKey FAR * key)
1295 {
1296 if (key->RSA_key != NULL) {
1297 RSA_free(key->RSA_key);
1298 key->RSA_key = NULL;
1299 }
1300 }
1301
1302 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1303 {
1304 destroy_public_key(key);
1305 free(key);
1306 }
1307
1308 void CRYPT_end(PTInstVar pvar)
1309 {
1310 destroy_public_key(&pvar->crypt_state.host_key);
1311 destroy_public_key(&pvar->crypt_state.server_key);
1312
1313 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1314 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1315 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1316 free(pvar->crypt_state.detect_attack_statics.h);
1317 }
1318
1319 memset(pvar->crypt_state.sender_cipher_key, 0,
1320 sizeof(pvar->crypt_state.sender_cipher_key));
1321 memset(pvar->crypt_state.receiver_cipher_key, 0,
1322 sizeof(pvar->crypt_state.receiver_cipher_key));
1323 memset(pvar->crypt_state.server_cookie, 0,
1324 sizeof(pvar->crypt_state.server_cookie));
1325 memset(pvar->crypt_state.client_cookie, 0,
1326 sizeof(pvar->crypt_state.client_cookie));
1327 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1328 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1329 }
1330
1331 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1332 char FAR * buf, int bytes)
1333 {
1334 unsigned char passphrase_key[16];
1335
1336 MD5(passphrase, strlen(passphrase), passphrase_key);
1337
1338 switch (cipher) {
1339 case SSH_CIPHER_3DES:{
1340 Cipher3DESState state;
1341
1342 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1343 &state.k1);
1344 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1345 &state.k2);
1346 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1347 &state.k3);
1348 memset(state.ivec1, 0, 8);
1349 memset(state.ivec2, 0, 8);
1350 memset(state.ivec3, 0, 8);
1351 DES_ncbc_encrypt(buf, buf, bytes,
1352 &state.k3, &state.ivec3, DES_DECRYPT);
1353 DES_ncbc_encrypt(buf, buf, bytes,
1354 &state.k2, &state.ivec2, DES_ENCRYPT);
1355 DES_ncbc_encrypt(buf, buf, bytes,
1356 &state.k1, &state.ivec1, DES_DECRYPT);
1357 break;
1358 }
1359
1360 case SSH_CIPHER_IDEA:{
1361 CipherIDEAState state;
1362 int num = 0;
1363
1364 cIDEA_init(passphrase_key, &state);
1365 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1366 &num, IDEA_DECRYPT);
1367 break;
1368 }
1369
1370 case SSH_CIPHER_DES:{
1371 CipherDESState state;
1372
1373 cDES_init(passphrase_key, &state);
1374 DES_ncbc_encrypt(buf, buf, bytes,
1375 &state.k, &state.ivec, DES_DECRYPT);
1376 break;
1377 }
1378
1379 case SSH_CIPHER_RC4:{
1380 CipherRC4State state;
1381 int num = 0;
1382
1383 RC4_set_key(&state.k, 16, passphrase_key);
1384 RC4(&state.k, bytes, buf, buf);
1385 break;
1386 }
1387
1388 case SSH_CIPHER_BLOWFISH:{
1389 CipherBlowfishState state;
1390
1391 BF_set_key(&state.k, 16, passphrase_key);
1392 memset(state.ivec, 0, 8);
1393 flip_endianness(buf, bytes);
1394 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1395 BF_DECRYPT);
1396 flip_endianness(buf, bytes);
1397 break;
1398 }
1399
1400 case SSH_CIPHER_NONE:
1401 break;
1402
1403 default:
1404 memset(passphrase_key, 0, sizeof(passphrase_key));
1405 return 0;
1406 }
1407
1408 memset(passphrase_key, 0, sizeof(passphrase_key));
1409 return 1;
1410 }
1411
1412 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1413 {
1414 RSA_free(key_pair->RSA_key);
1415 free(key_pair);
1416 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help