Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2831 - (show annotations) (download) (as text)
Sat Jul 9 05:16:06 2005 UTC (18 years, 9 months ago) by yutakakn
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 36707 byte(s) 
OpenSSL 0.9.8でビルドできるようにした。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.4 2005-07-09 05:16:06 yutakakn Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218 int bytes)
219 {
220 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221 unsigned char *newbuf = malloc(bytes);
222 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223
224 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225 if (bytes == 0)
226 return;
227
228 if (newbuf == NULL)
229 return;
230
231 if (bytes % block_size) {
232 char tmp[80];
233 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
234 notify_fatal_error(pvar, tmp);
235 goto error;
236 }
237
238 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
239 // TODO: failure
240 notify_fatal_error(pvar, "AES128 encrypt error(2)");
241
242 } else {
243 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
244 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
245 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
246
247 //debug_print(50, key, 24);
248 //debug_print(51, iv, 8);
249 //debug_print(52, buf, bytes);
250 //debug_print(53, newbuf, bytes);
251
252 memcpy(buf, newbuf, bytes);
253 }
254
255 error:
256 free(newbuf);
257 }
258
259 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
260 int bytes)
261 {
262 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
263 unsigned char *newbuf = malloc(bytes);
264 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
265
266 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
267 if (bytes == 0)
268 return;
269
270 if (newbuf == NULL)
271 return;
272
273 if (bytes % block_size) {
274 char tmp[80];
275 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
276 notify_fatal_error(pvar, tmp);
277 goto error;
278 }
279
280 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
281 // TODO:
282 notify_fatal_error(pvar, "AES128 decrypt error(2)");
283
284 } else {
285 #if 0
286 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
287 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
288 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
289
290 {
291 static int no = 70;
292 debug_print(no, buf, bytes);
293 //debug_print(no, key, AES128_KEYLEN);
294 //debug_print(10*no, iv, AES128_IVLEN);
295 debug_print(30*no, newbuf, bytes);
296 no++;
297 }
298 #endif
299
300 memcpy(buf, newbuf, bytes);
301 }
302
303 error:;
304 free(newbuf);
305 }
306
307
308
309 // for SSH2(yutaka)
310 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
311 int bytes)
312 {
313 unsigned char key[24], iv[8];
314 unsigned char *newbuf = malloc(bytes);
315
316 if (newbuf == NULL)
317 return;
318
319 #if 1
320
321 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
322 // TODO: failure
323 } else {
324 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
325 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
326 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
327
328 //debug_print(50, key, 24);
329 //debug_print(51, iv, 8);
330 //debug_print(52, buf, bytes);
331 //debug_print(53, newbuf, bytes);
332
333 memcpy(buf, newbuf, bytes);
334 }
335 free(newbuf);
336 #else
337
338 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
339 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
340 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
341
342 //debug_print(50, key, 24);
343 //debug_print(51, iv, 8);
344 //debug_print(52, buf, bytes);
345
346 #if 0
347 DES_ede3_cbc_encrypt(
348 buf, newbuf, bytes,
349 (DES_key_schedule *)&key[0],
350 (DES_key_schedule *)&key[8],
351 (DES_key_schedule *)&key[16],
352 (DES_cblock *)iv,
353 DES_ENCRYPT);
354 #else
355 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
356 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
357 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
358
359 #endif
360
361 //debug_print(53, newbuf, bytes);
362
363 memcpy(buf, newbuf, bytes);
364 free(newbuf);
365
366 #endif
367 }
368
369 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
370 int bytes)
371 {
372 unsigned char key[24], iv[8];
373 unsigned char *newbuf = malloc(bytes);
374
375 if (newbuf == NULL)
376 return;
377
378 #if 1
379 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
380 // TODO:
381
382 } else {
383 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
384 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
385 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
386
387 //debug_print(70, key, 24);
388 //debug_print(71, iv, 8);
389 //debug_print(72, buf, bytes);
390 //debug_print(73, newbuf, bytes);
391
392 memcpy(buf, newbuf, bytes);
393 }
394 free(newbuf);
395
396 #else
397 unsigned char *key, iv[8];
398 unsigned char *newbuf = malloc(bytes);
399 if (newbuf == NULL)
400 return;
401
402 key = pvar->ssh2_keys[MODE_IN].enc.key;
403 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
404 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
405
406 //debug_print(60, key, 24);
407 //debug_print(61, iv, 8);
408 //debug_print(62, buf, bytes);
409
410 DES_ede3_cbc_encrypt(
411 buf, newbuf, bytes,
412 (DES_key_schedule *)&key[0],
413 (DES_key_schedule *)&key[8],
414 (DES_key_schedule *)&key[16],
415 (DES_cblock *)iv,
416 DES_DECRYPT);
417
418 //debug_print(63, newbuf, bytes);
419
420 memcpy(buf, newbuf, bytes);
421
422 free(newbuf);
423 #endif
424 }
425
426
427 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
428 int bytes)
429 {
430 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
431
432 DES_ncbc_encrypt(buf, buf, bytes,
433 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
434 DES_ncbc_encrypt(buf, buf, bytes,
435 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
436 DES_ncbc_encrypt(buf, buf, bytes,
437 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
438 }
439
440 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
441 int bytes)
442 {
443 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
444
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
447 DES_ncbc_encrypt(buf, buf, bytes,
448 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
449 DES_ncbc_encrypt(buf, buf, bytes,
450 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
451 }
452
453 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
454 int bytes)
455 {
456 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
457
458 DES_ncbc_encrypt(buf, buf, bytes,
459 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
460 }
461
462 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
463 int bytes)
464 {
465 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
466
467 DES_ncbc_encrypt(buf, buf, bytes,
468 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
469 }
470
471 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
472 int bytes)
473 {
474 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
475 int num = 0;
476
477 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
478 encryptstate->ivec, &num, IDEA_ENCRYPT);
479 }
480
481 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
482 int bytes)
483 {
484 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
485 int num = 0;
486
487 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
488 decryptstate->ivec, &num, IDEA_DECRYPT);
489 }
490
491 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
492 {
493 uint32 FAR *buf = (uint32 FAR *) cbuf;
494 int count = bytes / 4;
495
496 while (count > 0) {
497 uint32 w = *buf;
498
499 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
500 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
501 count--;
502 buf++;
503 }
504 }
505
506 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
507 int bytes)
508 {
509 CipherBlowfishState FAR *encryptstate =
510 &pvar->crypt_state.enc.cBlowfish;
511
512 flip_endianness(buf, bytes);
513 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
514 BF_ENCRYPT);
515 flip_endianness(buf, bytes);
516 }
517
518 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
519 int bytes)
520 {
521 CipherBlowfishState FAR *decryptstate =
522 &pvar->crypt_state.dec.cBlowfish;
523
524 flip_endianness(buf, bytes);
525 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
526 BF_DECRYPT);
527 flip_endianness(buf, bytes);
528 }
529
530 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531 int bytes)
532 {
533 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
534 int num = 0;
535
536 RC4(&encryptstate->k, bytes, buf, buf);
537 }
538
539 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
540 int bytes)
541 {
542 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
543 int num = 0;
544
545 RC4(&decryptstate->k, bytes, buf, buf);
546 }
547
548 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
549 int bytes)
550 {
551 RAND_bytes(buf, bytes);
552 }
553
554 void CRYPT_initialize_random_numbers(PTInstVar pvar)
555 {
556 RAND_screen();
557 }
558
559 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
560 {
561 int bits = get_ushort16_MSBfirst(bytes);
562
563 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
564 }
565
566 static RSA FAR *make_key(PTInstVar pvar,
567 int bits, unsigned char FAR * exp,
568 unsigned char FAR * mod)
569 {
570 RSA FAR *key = RSA_new();
571
572 if (key != NULL) {
573 key->e = get_bignum(exp);
574 key->n = get_bignum(mod);
575 }
576
577 if (key == NULL || key->e == NULL || key->n == NULL) {
578 notify_fatal_error(pvar, "Error setting up RSA keys");
579
580 if (key != NULL) {
581 if (key->e != NULL) {
582 BN_free(key->e);
583 }
584 if (key->n != NULL) {
585 BN_free(key->n);
586 }
587 RSA_free(key);
588 }
589
590 return NULL;
591 } else {
592 return key;
593 }
594 }
595
596 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
597 {
598 if (SSHv1(pvar)) {
599 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
600 } else {
601 memcpy(pvar->crypt_state.server_cookie, cookie,
602 SSH2_COOKIE_LENGTH);
603 }
604 }
605
606 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
607 {
608 if (SSHv2(pvar)) {
609 memcpy(pvar->crypt_state.client_cookie, cookie,
610 SSH2_COOKIE_LENGTH);
611 }
612 }
613
614 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
615 int bits, unsigned char FAR * exp,
616 unsigned char FAR * mod)
617 {
618 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
619
620 return pvar->crypt_state.server_key.RSA_key != NULL;
621 }
622
623 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
624 int bits, unsigned char FAR * exp,
625 unsigned char FAR * mod)
626 {
627 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
628
629 return pvar->crypt_state.host_key.RSA_key != NULL;
630 }
631
632 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
633 int receiver_ciphers)
634 {
635 int cipher_mask;
636
637 if (SSHv1(pvar)) {
638 cipher_mask = (1 << SSH_CIPHER_DES)
639 | (1 << SSH_CIPHER_3DES)
640 | (1 << SSH_CIPHER_BLOWFISH);
641
642 } else { // for SSH2(yutaka)
643 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
644 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
645
646 }
647
648 sender_ciphers &= cipher_mask;
649 receiver_ciphers &= cipher_mask;
650 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
651 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
652
653 if (sender_ciphers == 0) {
654 notify_fatal_error(pvar,
655 "The server does not support any of the TTSSH encryption algorithms.\n"
656 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
657 "The connection will be closed.");
658 return FALSE;
659 } else if (receiver_ciphers == 0) {
660 notify_fatal_error(pvar,
661 "The server does not support any of the TTSSH encryption algorithms.\n"
662 "A secure connection cannot be made in the server-to-TTSSH direction.\n"
663 "The connection will be closed.");
664 return FALSE;
665 } else {
666 return TRUE;
667 }
668 }
669
670 int CRYPT_get_decryption_block_size(PTInstVar pvar)
671 {
672 if (SSHv1(pvar)) {
673 return 8;
674 } else {
675 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
676 // cf. 3DES=8, AES128=16
677 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
678 }
679 }
680
681 int CRYPT_get_encryption_block_size(PTInstVar pvar)
682 {
683 if (SSHv1(pvar)) {
684 return 8;
685 } else {
686 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
687 // cf. 3DES=8, AES128=16
688 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
689 }
690 }
691
692 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
693 {
694 struct Mac *mac;
695
696 if (SSHv1(pvar)) {
697 return 0;
698
699 } else { // for SSH2(yutaka)
700 mac = &pvar->ssh2_keys[MODE_IN].mac;
701 if (mac == NULL || mac->enabled == 0)
702 return 0;
703
704 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
705 }
706
707 }
708
709 // HMAC������
710 // ���{������ SSH2 �������g�p�������B
711 // (2004.12.17 yutaka)
712 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
713 char FAR * data, int len, char FAR * MAC)
714 {
715 HMAC_CTX c;
716 unsigned char m[EVP_MAX_MD_SIZE];
717 unsigned char b[4];
718 struct Mac *mac;
719
720 mac = &pvar->ssh2_keys[MODE_IN].mac;
721
722 // HMAC�������L���������������A����OK�����������B
723 if (mac == NULL || mac->enabled == 0)
724 return TRUE;
725
726 if (mac->key == NULL)
727 goto error;
728
729 if ((u_int)mac->mac_len > sizeof(m))
730 goto error;
731
732 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
733 set_uint32_MSBfirst(b, sequence_number);
734 HMAC_Update(&c, b, sizeof(b));
735 HMAC_Update(&c, data, len);
736 HMAC_Final(&c, m, NULL);
737 HMAC_cleanup(&c);
738
739 if (memcmp(m, MAC, mac->mac_len)) {
740 goto error;
741 }
742
743 return TRUE;
744
745 error:
746 return FALSE;
747 }
748
749 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
750 {
751 struct Mac *mac;
752
753 if (SSHv2(pvar)) { // for SSH2(yutaka)
754 mac = &pvar->ssh2_keys[MODE_OUT].mac;
755 if (mac == NULL || mac->enabled == 0)
756 return 0;
757
758 return (mac->mac_len);
759 }
760
761 return 0;
762 }
763
764 // for SSH2
765 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
766 char FAR * data, int len, char FAR * MAC)
767 {
768 HMAC_CTX c;
769 static u_char m[EVP_MAX_MD_SIZE];
770 u_char b[4];
771 struct Mac *mac;
772
773 if (SSHv2(pvar)) { // for SSH2(yutaka)
774 mac = &pvar->ssh2_keys[MODE_OUT].mac;
775 if (mac == NULL || mac->enabled == 0)
776 return FALSE;
777
778 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
779 set_uint32_MSBfirst(b, sequence_number);
780 HMAC_Update(&c, b, sizeof(b));
781 HMAC_Update(&c, data, len);
782 HMAC_Final(&c, m, NULL);
783 HMAC_cleanup(&c);
784
785 // 20�o�C�g�������R�s�[
786 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
787 // memcpy(MAC, m, sizeof(m));
788
789 return TRUE;
790 }
791
792 return TRUE;
793
794 }
795
796 static int choose_cipher(PTInstVar pvar, int supported)
797 {
798 int i;
799
800 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
801 int cipher = pvar->session_settings.CipherOrder[i] - '0';
802
803 if (cipher == SSH_CIPHER_NONE) {
804 break;
805 } else if ((supported & (1 << cipher)) != 0) {
806 return cipher;
807 }
808 }
809
810 return SSH_CIPHER_NONE;
811 }
812
813 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
814 {
815 if (SSHv1(pvar)) {
816 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
817 pvar->crypt_state.
818 supported_sender_ciphers);
819 pvar->crypt_state.receiver_cipher =
820 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
821
822 } else { // SSH2(yutaka)
823 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
824 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
825
826 }
827
828 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
829 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
830 notify_fatal_error(pvar,
831 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
832 "To communicate with this server, you will have to enable some more ciphers\n"
833 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
834 "This connection will now close.");
835 return FALSE;
836 } else {
837 return TRUE;
838 }
839 }
840
841 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
842 {
843 int server_key_bits =
844 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
845 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
846 int server_key_bytes = (server_key_bits + 7) / 8;
847 int host_key_bytes = (host_key_bits + 7) / 8;
848
849 if (server_key_bits < host_key_bits) {
850 return host_key_bytes;
851 } else {
852 return server_key_bytes;
853 }
854 }
855
856 int CRYPT_choose_session_key(PTInstVar pvar,
857 unsigned char FAR * encrypted_key_buf)
858 {
859 int server_key_bits =
860 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
861 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
862 int server_key_bytes = (server_key_bits + 7) / 8;
863 int host_key_bytes = (host_key_bits + 7) / 8;
864 int encrypted_key_bytes;
865 int bit_delta;
866
867 if (server_key_bits < host_key_bits) {
868 encrypted_key_bytes = host_key_bytes;
869 bit_delta = host_key_bits - server_key_bits;
870 } else {
871 encrypted_key_bytes = server_key_bytes;
872 bit_delta = server_key_bits - host_key_bits;
873 }
874
875 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
876 notify_fatal_error(pvar,
877 "Server RSA keys are too weak. A secure connection cannot be established.");
878 return 0;
879 } else {
880 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
881 for the session ID, rather than the one specified in the RFC */
882 int session_buf_len = server_key_bytes + host_key_bytes + 8;
883 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
884 char session_id[16];
885 int i;
886
887 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
888 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
889 session_buf + host_key_bytes);
890 memcpy(session_buf + server_key_bytes + host_key_bytes,
891 pvar->crypt_state.server_cookie, 8);
892 MD5(session_buf, session_buf_len, session_id);
893
894 free(session_buf);
895
896 RAND_bytes(pvar->crypt_state.sender_cipher_key,
897 SSH_SESSION_KEY_LENGTH);
898 memcpy(pvar->crypt_state.receiver_cipher_key,
899 pvar->crypt_state.sender_cipher_key,
900 SSH_SESSION_KEY_LENGTH);
901
902 memcpy(encrypted_key_buf + encrypted_key_bytes -
903 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
904 SSH_SESSION_KEY_LENGTH);
905 for (i = 0; i < sizeof(session_id); i++) {
906 encrypted_key_buf[encrypted_key_bytes -
907 SSH_SESSION_KEY_LENGTH + i]
908 ^= session_id[i];
909 }
910
911 if (host_key_bits > server_key_bits) {
912 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
913 encrypted_key_buf +
914 encrypted_key_bytes -
915 SSH_SESSION_KEY_LENGTH,
916 encrypted_key_buf +
917 encrypted_key_bytes - server_key_bytes,
918 pvar->crypt_state.server_key.RSA_key,
919 RSA_PKCS1_PADDING) < 0)
920 return 0;
921
922 if (RSA_public_encrypt(server_key_bytes,
923 encrypted_key_buf +
924 encrypted_key_bytes - server_key_bytes,
925 encrypted_key_buf,
926 pvar->crypt_state.host_key.RSA_key,
927 RSA_PKCS1_PADDING) < 0)
928 return 0;
929 } else {
930 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
931 encrypted_key_buf +
932 encrypted_key_bytes -
933 SSH_SESSION_KEY_LENGTH,
934 encrypted_key_buf +
935 encrypted_key_bytes - host_key_bytes,
936 pvar->crypt_state.host_key.RSA_key,
937 RSA_PKCS1_PADDING) < 0)
938 return 0;
939
940 if (RSA_public_encrypt(host_key_bytes,
941 encrypted_key_buf +
942 encrypted_key_bytes - host_key_bytes,
943 encrypted_key_buf,
944 pvar->crypt_state.server_key.RSA_key,
945 RSA_PKCS1_PADDING) < 0)
946 return 0;
947 }
948 }
949
950 return 1;
951 }
952
953 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
954 unsigned char FAR * challenge,
955 int challenge_len,
956 unsigned char FAR * response)
957 {
958 int server_key_bits =
959 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
960 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
961 int server_key_bytes = (server_key_bits + 7) / 8;
962 int host_key_bytes = (host_key_bits + 7) / 8;
963 int session_buf_len = server_key_bytes + host_key_bytes + 8;
964 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
965 char decrypted_challenge[48];
966 int decrypted_challenge_len;
967
968 decrypted_challenge_len =
969 RSA_private_decrypt(challenge_len, challenge, challenge,
970 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
971 RSA_PKCS1_PADDING);
972 if (decrypted_challenge_len < 0) {
973 free(session_buf);
974 return 0;
975 }
976 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
977 memcpy(decrypted_challenge,
978 challenge + decrypted_challenge_len -
979 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
980 } else {
981 memset(decrypted_challenge, 0,
982 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
983 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
984 decrypted_challenge_len, challenge,
985 decrypted_challenge_len);
986 }
987
988 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
989 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
990 session_buf + host_key_bytes);
991 memcpy(session_buf + server_key_bytes + host_key_bytes,
992 pvar->crypt_state.server_cookie, 8);
993 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
994
995 free(session_buf);
996
997 MD5(decrypted_challenge, 48, response);
998
999 return 1;
1000 }
1001
1002 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1003 {
1004 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1005 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1006 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1007 memset(state->ivec1, 0, 8);
1008 memset(state->ivec2, 0, 8);
1009 memset(state->ivec3, 0, 8);
1010 }
1011
1012 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1013 {
1014 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1015 memset(state->ivec, 0, 8);
1016 }
1017
1018 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1019 {
1020 idea_set_encrypt_key(session_key, &state->k);
1021 memset(state->ivec, 0, 8);
1022 }
1023
1024 static void cBlowfish_init(char FAR * session_key,
1025 CipherBlowfishState FAR * state)
1026 {
1027 BF_set_key(&state->k, 32, session_key);
1028 memset(state->ivec, 0, 8);
1029 }
1030
1031
1032 //
1033 // SSH2�p�A���S���Y����������
1034 //
1035 // for SSH2(yutaka)
1036 //
1037 void cipher_init_SSH2(
1038 EVP_CIPHER_CTX *evp,
1039 const u_char *key, u_int keylen,
1040 const u_char *iv, u_int ivlen,
1041 int encrypt,
1042 const EVP_CIPHER *(*func)(void)
1043 )
1044 {
1045 EVP_CIPHER *type;
1046 int klen;
1047
1048 type = (EVP_CIPHER *)func();
1049
1050 EVP_CIPHER_CTX_init(evp);
1051 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1052 // TODO:
1053 }
1054
1055 klen = EVP_CIPHER_CTX_key_length(evp);
1056 if (klen > 0 && keylen != klen) {
1057 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1058 // TODO:
1059 }
1060 }
1061 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1062 // TODO:
1063 }
1064 }
1065
1066
1067 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1068 {
1069 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1070 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1071 BOOL isOK = TRUE;
1072
1073 if (sender_flag) {
1074 switch (pvar->crypt_state.sender_cipher) {
1075 // for SSH2(yutaka)
1076 case SSH_CIPHER_3DES_CBC:
1077 {
1078 struct Enc *enc;
1079
1080 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1081 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1082 enc->key, 24, enc->iv, 8,
1083 CIPHER_ENCRYPT,
1084 EVP_des_ede3_cbc);
1085
1086 //debug_print(10, enc->key, 24);
1087 //debug_print(11, enc->iv, 24);
1088
1089 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1090 break;
1091 }
1092
1093 // for SSH2(yutaka)
1094 case SSH_CIPHER_AES128:
1095 {
1096 struct Enc *enc;
1097
1098 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1099 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1100 enc->key, 16, enc->iv, 16,
1101 CIPHER_ENCRYPT,
1102 EVP_aes_128_cbc);
1103
1104 //debug_print(10, enc->key, 24);
1105 //debug_print(11, enc->iv, 24);
1106
1107 pvar->crypt_state.encrypt = cAES128_encrypt;
1108 break;
1109 }
1110
1111 case SSH_CIPHER_3DES:{
1112 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1113 pvar->crypt_state.encrypt = c3DES_encrypt;
1114 break;
1115 }
1116 case SSH_CIPHER_IDEA:{
1117 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1118 pvar->crypt_state.encrypt = cIDEA_encrypt;
1119 break;
1120 }
1121 case SSH_CIPHER_DES:{
1122 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1123 pvar->crypt_state.encrypt = cDES_encrypt;
1124 break;
1125 }
1126 case SSH_CIPHER_RC4:{
1127 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1128 encryption_key + 16);
1129 pvar->crypt_state.encrypt = cRC4_encrypt;
1130 break;
1131 }
1132 case SSH_CIPHER_BLOWFISH:{
1133 cBlowfish_init(encryption_key,
1134 &pvar->crypt_state.enc.cBlowfish);
1135 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1136 break;
1137 }
1138 default:
1139 isOK = FALSE;
1140 }
1141 }
1142
1143
1144 if (receiver_flag) {
1145 switch (pvar->crypt_state.receiver_cipher) {
1146 // for SSH2(yutaka)
1147 case SSH_CIPHER_3DES_CBC:
1148 {
1149 struct Enc *enc;
1150
1151 enc = &pvar->ssh2_keys[MODE_IN].enc;
1152 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1153 enc->key, 24, enc->iv, 8,
1154 CIPHER_DECRYPT,
1155 EVP_des_ede3_cbc);
1156
1157 //debug_print(12, enc->key, 24);
1158 //debug_print(13, enc->iv, 24);
1159
1160 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1161 break;
1162 }
1163
1164 // for SSH2(yutaka)
1165 case SSH_CIPHER_AES128:
1166 {
1167 struct Enc *enc;
1168
1169 enc = &pvar->ssh2_keys[MODE_IN].enc;
1170 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1171 enc->key, 16, enc->iv, 16,
1172 CIPHER_DECRYPT,
1173 EVP_aes_128_cbc);
1174
1175 //debug_print(12, enc->key, 24);
1176 //debug_print(13, enc->iv, 24);
1177
1178 pvar->crypt_state.decrypt = cAES128_decrypt;
1179 break;
1180 }
1181
1182 case SSH_CIPHER_3DES:{
1183 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1184 pvar->crypt_state.decrypt = c3DES_decrypt;
1185 break;
1186 }
1187 case SSH_CIPHER_IDEA:{
1188 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1189 pvar->crypt_state.decrypt = cIDEA_decrypt;
1190 break;
1191 }
1192 case SSH_CIPHER_DES:{
1193 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1194 pvar->crypt_state.decrypt = cDES_decrypt;
1195 break;
1196 }
1197 case SSH_CIPHER_RC4:{
1198 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1199 pvar->crypt_state.decrypt = cRC4_decrypt;
1200 break;
1201 }
1202 case SSH_CIPHER_BLOWFISH:{
1203 cBlowfish_init(decryption_key,
1204 &pvar->crypt_state.dec.cBlowfish);
1205 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1206 break;
1207 }
1208 default:
1209 isOK = FALSE;
1210 }
1211 }
1212
1213
1214 if (!isOK) {
1215 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1216 return FALSE;
1217 } else {
1218 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1219 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1220 return TRUE;
1221 }
1222 }
1223
1224 void CRYPT_init(PTInstVar pvar)
1225 {
1226 pvar->crypt_state.encrypt = no_encrypt;
1227 pvar->crypt_state.decrypt = no_encrypt;
1228 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1229 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1230 pvar->crypt_state.server_key.RSA_key = NULL;
1231 pvar->crypt_state.host_key.RSA_key = NULL;
1232
1233 pvar->crypt_state.detect_attack_statics.h = NULL;
1234 pvar->crypt_state.detect_attack_statics.n =
1235 HASH_MINSIZE / HASH_ENTRYSIZE;
1236 }
1237
1238 static char FAR *get_cipher_name(int cipher)
1239 {
1240 switch (cipher) {
1241 case SSH_CIPHER_NONE:
1242 return "None";
1243 case SSH_CIPHER_3DES:
1244 return "3DES (168 key bits)";
1245 case SSH_CIPHER_DES:
1246 return "DES (56 key bits)";
1247 case SSH_CIPHER_IDEA:
1248 return "IDEA (128 key bits)";
1249 case SSH_CIPHER_RC4:
1250 return "RC4 (128 key bits)";
1251 case SSH_CIPHER_BLOWFISH:
1252 return "Blowfish (256 key bits)";
1253
1254 // SSH2
1255 case SSH_CIPHER_3DES_CBC:
1256 return "3DES-CBC";
1257 case SSH_CIPHER_AES128:
1258 return "AES128";
1259
1260 default:
1261 return "Unknown";
1262 }
1263 }
1264
1265 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1266 {
1267 _snprintf(dest, len, "%s to server, %s from server",
1268 get_cipher_name(pvar->crypt_state.sender_cipher),
1269 get_cipher_name(pvar->crypt_state.receiver_cipher));
1270 dest[len - 1] = 0;
1271 }
1272
1273 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1274 {
1275 if (SSHv1(pvar)) {
1276 if (pvar->crypt_state.server_key.RSA_key == NULL
1277 || pvar->crypt_state.host_key.RSA_key == NULL) {
1278 strncpy(dest, "None", len);
1279 } else {
1280 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1281 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1282 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1283 }
1284
1285 } else { // SSH2
1286 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1287 pvar->server_key_bits,
1288 pvar->client_key_bits);
1289
1290 }
1291
1292 dest[len - 1] = 0;
1293 }
1294
1295 static void destroy_public_key(CRYPTPublicKey FAR * key)
1296 {
1297 if (key->RSA_key != NULL) {
1298 RSA_free(key->RSA_key);
1299 key->RSA_key = NULL;
1300 }
1301 }
1302
1303 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1304 {
1305 destroy_public_key(key);
1306 free(key);
1307 }
1308
1309 void CRYPT_end(PTInstVar pvar)
1310 {
1311 destroy_public_key(&pvar->crypt_state.host_key);
1312 destroy_public_key(&pvar->crypt_state.server_key);
1313
1314 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1315 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1316 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1317 free(pvar->crypt_state.detect_attack_statics.h);
1318 }
1319
1320 memset(pvar->crypt_state.sender_cipher_key, 0,
1321 sizeof(pvar->crypt_state.sender_cipher_key));
1322 memset(pvar->crypt_state.receiver_cipher_key, 0,
1323 sizeof(pvar->crypt_state.receiver_cipher_key));
1324 memset(pvar->crypt_state.server_cookie, 0,
1325 sizeof(pvar->crypt_state.server_cookie));
1326 memset(pvar->crypt_state.client_cookie, 0,
1327 sizeof(pvar->crypt_state.client_cookie));
1328 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1329 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1330 }
1331
1332 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1333 char FAR * buf, int bytes)
1334 {
1335 unsigned char passphrase_key[16];
1336
1337 MD5(passphrase, strlen(passphrase), passphrase_key);
1338
1339 switch (cipher) {
1340 case SSH_CIPHER_3DES:{
1341 Cipher3DESState state;
1342
1343 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1344 &state.k1);
1345 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1346 &state.k2);
1347 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1348 &state.k3);
1349 memset(state.ivec1, 0, 8);
1350 memset(state.ivec2, 0, 8);
1351 memset(state.ivec3, 0, 8);
1352 DES_ncbc_encrypt(buf, buf, bytes,
1353 &state.k3, &state.ivec3, DES_DECRYPT);
1354 DES_ncbc_encrypt(buf, buf, bytes,
1355 &state.k2, &state.ivec2, DES_ENCRYPT);
1356 DES_ncbc_encrypt(buf, buf, bytes,
1357 &state.k1, &state.ivec1, DES_DECRYPT);
1358 break;
1359 }
1360
1361 case SSH_CIPHER_IDEA:{
1362 CipherIDEAState state;
1363 int num = 0;
1364
1365 cIDEA_init(passphrase_key, &state);
1366 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1367 &num, IDEA_DECRYPT);
1368 break;
1369 }
1370
1371 case SSH_CIPHER_DES:{
1372 CipherDESState state;
1373
1374 cDES_init(passphrase_key, &state);
1375 DES_ncbc_encrypt(buf, buf, bytes,
1376 &state.k, &state.ivec, DES_DECRYPT);
1377 break;
1378 }
1379
1380 case SSH_CIPHER_RC4:{
1381 CipherRC4State state;
1382 int num = 0;
1383
1384 RC4_set_key(&state.k, 16, passphrase_key);
1385 RC4(&state.k, bytes, buf, buf);
1386 break;
1387 }
1388
1389 case SSH_CIPHER_BLOWFISH:{
1390 CipherBlowfishState state;
1391
1392 BF_set_key(&state.k, 16, passphrase_key);
1393 memset(state.ivec, 0, 8);
1394 flip_endianness(buf, bytes);
1395 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1396 BF_DECRYPT);
1397 flip_endianness(buf, bytes);
1398 break;
1399 }
1400
1401 case SSH_CIPHER_NONE:
1402 break;
1403
1404 default:
1405 memset(passphrase_key, 0, sizeof(passphrase_key));
1406 return 0;
1407 }
1408
1409 memset(passphrase_key, 0, sizeof(passphrase_key));
1410 return 1;
1411 }
1412
1413 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1414 {
1415 if (key_pair->RSA_key != NULL)
1416 RSA_free(key_pair->RSA_key);
1417
1418 if (key_pair->DSA_key != NULL)
1419 DSA_free(key_pair->DSA_key);
1420
1421 free(key_pair);
1422 }
1423
1424 /*
1425 * $Log: not supported by cvs2svn $
1426 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1427 * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1428 *
1429 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help