Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2857 - (show annotations) (download) (as text)
Sun Mar 26 17:07:18 2006 UTC (18 years ago) by yutakakn
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 36876 byte(s) 
fingerprint表示を追加
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.5 2006-03-26 17:07:17 yutakakn Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218 int bytes)
219 {
220 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221 unsigned char *newbuf = malloc(bytes);
222 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223
224 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225 if (bytes == 0)
226 return;
227
228 if (newbuf == NULL)
229 return;
230
231 if (bytes % block_size) {
232 char tmp[80];
233 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
234 notify_fatal_error(pvar, tmp);
235 goto error;
236 }
237
238 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
239 // TODO: failure
240 notify_fatal_error(pvar, "AES128 encrypt error(2)");
241
242 } else {
243 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
244 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
245 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
246
247 //debug_print(50, key, 24);
248 //debug_print(51, iv, 8);
249 //debug_print(52, buf, bytes);
250 //debug_print(53, newbuf, bytes);
251
252 memcpy(buf, newbuf, bytes);
253 }
254
255 error:
256 free(newbuf);
257 }
258
259 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
260 int bytes)
261 {
262 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
263 unsigned char *newbuf = malloc(bytes);
264 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
265
266 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
267 if (bytes == 0)
268 return;
269
270 if (newbuf == NULL)
271 return;
272
273 if (bytes % block_size) {
274 char tmp[80];
275 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
276 notify_fatal_error(pvar, tmp);
277 goto error;
278 }
279
280 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
281 // TODO:
282 notify_fatal_error(pvar, "AES128 decrypt error(2)");
283
284 } else {
285 #if 0
286 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
287 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
288 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
289
290 {
291 static int no = 70;
292 debug_print(no, buf, bytes);
293 //debug_print(no, key, AES128_KEYLEN);
294 //debug_print(10*no, iv, AES128_IVLEN);
295 debug_print(30*no, newbuf, bytes);
296 no++;
297 }
298 #endif
299
300 memcpy(buf, newbuf, bytes);
301 }
302
303 error:;
304 free(newbuf);
305 }
306
307
308
309 // for SSH2(yutaka)
310 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
311 int bytes)
312 {
313 unsigned char key[24], iv[8];
314 unsigned char *newbuf = malloc(bytes);
315
316 if (newbuf == NULL)
317 return;
318
319 #if 1
320
321 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
322 // TODO: failure
323 } else {
324 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
325 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
326 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
327
328 //debug_print(50, key, 24);
329 //debug_print(51, iv, 8);
330 //debug_print(52, buf, bytes);
331 //debug_print(53, newbuf, bytes);
332
333 memcpy(buf, newbuf, bytes);
334 }
335 free(newbuf);
336 #else
337
338 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
339 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
340 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
341
342 //debug_print(50, key, 24);
343 //debug_print(51, iv, 8);
344 //debug_print(52, buf, bytes);
345
346 #if 0
347 DES_ede3_cbc_encrypt(
348 buf, newbuf, bytes,
349 (DES_key_schedule *)&key[0],
350 (DES_key_schedule *)&key[8],
351 (DES_key_schedule *)&key[16],
352 (DES_cblock *)iv,
353 DES_ENCRYPT);
354 #else
355 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
356 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
357 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
358
359 #endif
360
361 //debug_print(53, newbuf, bytes);
362
363 memcpy(buf, newbuf, bytes);
364 free(newbuf);
365
366 #endif
367 }
368
369 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
370 int bytes)
371 {
372 unsigned char key[24], iv[8];
373 unsigned char *newbuf = malloc(bytes);
374
375 if (newbuf == NULL)
376 return;
377
378 #if 1
379 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
380 // TODO:
381
382 } else {
383 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
384 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
385 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
386
387 //debug_print(70, key, 24);
388 //debug_print(71, iv, 8);
389 //debug_print(72, buf, bytes);
390 //debug_print(73, newbuf, bytes);
391
392 memcpy(buf, newbuf, bytes);
393 }
394 free(newbuf);
395
396 #else
397 unsigned char *key, iv[8];
398 unsigned char *newbuf = malloc(bytes);
399 if (newbuf == NULL)
400 return;
401
402 key = pvar->ssh2_keys[MODE_IN].enc.key;
403 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
404 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
405
406 //debug_print(60, key, 24);
407 //debug_print(61, iv, 8);
408 //debug_print(62, buf, bytes);
409
410 DES_ede3_cbc_encrypt(
411 buf, newbuf, bytes,
412 (DES_key_schedule *)&key[0],
413 (DES_key_schedule *)&key[8],
414 (DES_key_schedule *)&key[16],
415 (DES_cblock *)iv,
416 DES_DECRYPT);
417
418 //debug_print(63, newbuf, bytes);
419
420 memcpy(buf, newbuf, bytes);
421
422 free(newbuf);
423 #endif
424 }
425
426
427 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
428 int bytes)
429 {
430 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
431
432 DES_ncbc_encrypt(buf, buf, bytes,
433 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
434 DES_ncbc_encrypt(buf, buf, bytes,
435 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
436 DES_ncbc_encrypt(buf, buf, bytes,
437 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
438 }
439
440 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
441 int bytes)
442 {
443 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
444
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
447 DES_ncbc_encrypt(buf, buf, bytes,
448 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
449 DES_ncbc_encrypt(buf, buf, bytes,
450 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
451 }
452
453 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
454 int bytes)
455 {
456 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
457
458 DES_ncbc_encrypt(buf, buf, bytes,
459 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
460 }
461
462 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
463 int bytes)
464 {
465 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
466
467 DES_ncbc_encrypt(buf, buf, bytes,
468 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
469 }
470
471 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
472 int bytes)
473 {
474 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
475 int num = 0;
476
477 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
478 encryptstate->ivec, &num, IDEA_ENCRYPT);
479 }
480
481 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
482 int bytes)
483 {
484 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
485 int num = 0;
486
487 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
488 decryptstate->ivec, &num, IDEA_DECRYPT);
489 }
490
491 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
492 {
493 uint32 FAR *buf = (uint32 FAR *) cbuf;
494 int count = bytes / 4;
495
496 while (count > 0) {
497 uint32 w = *buf;
498
499 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
500 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
501 count--;
502 buf++;
503 }
504 }
505
506 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
507 int bytes)
508 {
509 CipherBlowfishState FAR *encryptstate =
510 &pvar->crypt_state.enc.cBlowfish;
511
512 flip_endianness(buf, bytes);
513 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
514 BF_ENCRYPT);
515 flip_endianness(buf, bytes);
516 }
517
518 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
519 int bytes)
520 {
521 CipherBlowfishState FAR *decryptstate =
522 &pvar->crypt_state.dec.cBlowfish;
523
524 flip_endianness(buf, bytes);
525 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
526 BF_DECRYPT);
527 flip_endianness(buf, bytes);
528 }
529
530 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531 int bytes)
532 {
533 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
534 int num = 0;
535
536 RC4(&encryptstate->k, bytes, buf, buf);
537 }
538
539 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
540 int bytes)
541 {
542 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
543 int num = 0;
544
545 RC4(&decryptstate->k, bytes, buf, buf);
546 }
547
548 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
549 int bytes)
550 {
551 RAND_bytes(buf, bytes);
552 }
553
554 void CRYPT_initialize_random_numbers(PTInstVar pvar)
555 {
556 RAND_screen();
557 }
558
559 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
560 {
561 int bits = get_ushort16_MSBfirst(bytes);
562
563 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
564 }
565
566 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
567 RSA FAR *make_key(PTInstVar pvar,
568 int bits, unsigned char FAR * exp,
569 unsigned char FAR * mod)
570 {
571 RSA FAR *key = RSA_new();
572
573 if (key != NULL) {
574 key->e = get_bignum(exp);
575 key->n = get_bignum(mod);
576 }
577
578 if (key == NULL || key->e == NULL || key->n == NULL) {
579 notify_fatal_error(pvar, "Error setting up RSA keys");
580
581 if (key != NULL) {
582 if (key->e != NULL) {
583 BN_free(key->e);
584 }
585 if (key->n != NULL) {
586 BN_free(key->n);
587 }
588 RSA_free(key);
589 }
590
591 return NULL;
592 } else {
593 return key;
594 }
595 }
596
597 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
598 {
599 if (SSHv1(pvar)) {
600 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
601 } else {
602 memcpy(pvar->crypt_state.server_cookie, cookie,
603 SSH2_COOKIE_LENGTH);
604 }
605 }
606
607 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
608 {
609 if (SSHv2(pvar)) {
610 memcpy(pvar->crypt_state.client_cookie, cookie,
611 SSH2_COOKIE_LENGTH);
612 }
613 }
614
615 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
616 int bits, unsigned char FAR * exp,
617 unsigned char FAR * mod)
618 {
619 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
620
621 return pvar->crypt_state.server_key.RSA_key != NULL;
622 }
623
624 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
625 int bits, unsigned char FAR * exp,
626 unsigned char FAR * mod)
627 {
628 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
629
630 return pvar->crypt_state.host_key.RSA_key != NULL;
631 }
632
633 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
634 int receiver_ciphers)
635 {
636 int cipher_mask;
637
638 if (SSHv1(pvar)) {
639 cipher_mask = (1 << SSH_CIPHER_DES)
640 | (1 << SSH_CIPHER_3DES)
641 | (1 << SSH_CIPHER_BLOWFISH);
642
643 } else { // for SSH2(yutaka)
644 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
645 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
646
647 }
648
649 sender_ciphers &= cipher_mask;
650 receiver_ciphers &= cipher_mask;
651 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
652 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
653
654 if (sender_ciphers == 0) {
655 notify_fatal_error(pvar,
656 "The server does not support any of the TTSSH encryption algorithms.\n"
657 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
658 "The connection will be closed.");
659 return FALSE;
660 } else if (receiver_ciphers == 0) {
661 notify_fatal_error(pvar,
662 "The server does not support any of the TTSSH encryption algorithms.\n"
663 "A secure connection cannot be made in the server-to-TTSSH direction.\n"
664 "The connection will be closed.");
665 return FALSE;
666 } else {
667 return TRUE;
668 }
669 }
670
671 int CRYPT_get_decryption_block_size(PTInstVar pvar)
672 {
673 if (SSHv1(pvar)) {
674 return 8;
675 } else {
676 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
677 // cf. 3DES=8, AES128=16
678 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
679 }
680 }
681
682 int CRYPT_get_encryption_block_size(PTInstVar pvar)
683 {
684 if (SSHv1(pvar)) {
685 return 8;
686 } else {
687 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
688 // cf. 3DES=8, AES128=16
689 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
690 }
691 }
692
693 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
694 {
695 struct Mac *mac;
696
697 if (SSHv1(pvar)) {
698 return 0;
699
700 } else { // for SSH2(yutaka)
701 mac = &pvar->ssh2_keys[MODE_IN].mac;
702 if (mac == NULL || mac->enabled == 0)
703 return 0;
704
705 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
706 }
707
708 }
709
710 // HMAC������
711 // ���{������ SSH2 �������g�p�������B
712 // (2004.12.17 yutaka)
713 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
714 char FAR * data, int len, char FAR * MAC)
715 {
716 HMAC_CTX c;
717 unsigned char m[EVP_MAX_MD_SIZE];
718 unsigned char b[4];
719 struct Mac *mac;
720
721 mac = &pvar->ssh2_keys[MODE_IN].mac;
722
723 // HMAC�������L���������������A����OK�����������B
724 if (mac == NULL || mac->enabled == 0)
725 return TRUE;
726
727 if (mac->key == NULL)
728 goto error;
729
730 if ((u_int)mac->mac_len > sizeof(m))
731 goto error;
732
733 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
734 set_uint32_MSBfirst(b, sequence_number);
735 HMAC_Update(&c, b, sizeof(b));
736 HMAC_Update(&c, data, len);
737 HMAC_Final(&c, m, NULL);
738 HMAC_cleanup(&c);
739
740 if (memcmp(m, MAC, mac->mac_len)) {
741 goto error;
742 }
743
744 return TRUE;
745
746 error:
747 return FALSE;
748 }
749
750 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
751 {
752 struct Mac *mac;
753
754 if (SSHv2(pvar)) { // for SSH2(yutaka)
755 mac = &pvar->ssh2_keys[MODE_OUT].mac;
756 if (mac == NULL || mac->enabled == 0)
757 return 0;
758
759 return (mac->mac_len);
760 }
761
762 return 0;
763 }
764
765 // for SSH2
766 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
767 char FAR * data, int len, char FAR * MAC)
768 {
769 HMAC_CTX c;
770 static u_char m[EVP_MAX_MD_SIZE];
771 u_char b[4];
772 struct Mac *mac;
773
774 if (SSHv2(pvar)) { // for SSH2(yutaka)
775 mac = &pvar->ssh2_keys[MODE_OUT].mac;
776 if (mac == NULL || mac->enabled == 0)
777 return FALSE;
778
779 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
780 set_uint32_MSBfirst(b, sequence_number);
781 HMAC_Update(&c, b, sizeof(b));
782 HMAC_Update(&c, data, len);
783 HMAC_Final(&c, m, NULL);
784 HMAC_cleanup(&c);
785
786 // 20�o�C�g�������R�s�[
787 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
788 // memcpy(MAC, m, sizeof(m));
789
790 return TRUE;
791 }
792
793 return TRUE;
794
795 }
796
797 static int choose_cipher(PTInstVar pvar, int supported)
798 {
799 int i;
800
801 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
802 int cipher = pvar->session_settings.CipherOrder[i] - '0';
803
804 if (cipher == SSH_CIPHER_NONE) {
805 break;
806 } else if ((supported & (1 << cipher)) != 0) {
807 return cipher;
808 }
809 }
810
811 return SSH_CIPHER_NONE;
812 }
813
814 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
815 {
816 if (SSHv1(pvar)) {
817 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
818 pvar->crypt_state.
819 supported_sender_ciphers);
820 pvar->crypt_state.receiver_cipher =
821 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
822
823 } else { // SSH2(yutaka)
824 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
825 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
826
827 }
828
829 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
830 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
831 notify_fatal_error(pvar,
832 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
833 "To communicate with this server, you will have to enable some more ciphers\n"
834 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
835 "This connection will now close.");
836 return FALSE;
837 } else {
838 return TRUE;
839 }
840 }
841
842 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
843 {
844 int server_key_bits =
845 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
846 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
847 int server_key_bytes = (server_key_bits + 7) / 8;
848 int host_key_bytes = (host_key_bits + 7) / 8;
849
850 if (server_key_bits < host_key_bits) {
851 return host_key_bytes;
852 } else {
853 return server_key_bytes;
854 }
855 }
856
857 int CRYPT_choose_session_key(PTInstVar pvar,
858 unsigned char FAR * encrypted_key_buf)
859 {
860 int server_key_bits =
861 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
862 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
863 int server_key_bytes = (server_key_bits + 7) / 8;
864 int host_key_bytes = (host_key_bits + 7) / 8;
865 int encrypted_key_bytes;
866 int bit_delta;
867
868 if (server_key_bits < host_key_bits) {
869 encrypted_key_bytes = host_key_bytes;
870 bit_delta = host_key_bits - server_key_bits;
871 } else {
872 encrypted_key_bytes = server_key_bytes;
873 bit_delta = server_key_bits - host_key_bits;
874 }
875
876 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
877 notify_fatal_error(pvar,
878 "Server RSA keys are too weak. A secure connection cannot be established.");
879 return 0;
880 } else {
881 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
882 for the session ID, rather than the one specified in the RFC */
883 int session_buf_len = server_key_bytes + host_key_bytes + 8;
884 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
885 char session_id[16];
886 int i;
887
888 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
889 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
890 session_buf + host_key_bytes);
891 memcpy(session_buf + server_key_bytes + host_key_bytes,
892 pvar->crypt_state.server_cookie, 8);
893 MD5(session_buf, session_buf_len, session_id);
894
895 free(session_buf);
896
897 RAND_bytes(pvar->crypt_state.sender_cipher_key,
898 SSH_SESSION_KEY_LENGTH);
899 memcpy(pvar->crypt_state.receiver_cipher_key,
900 pvar->crypt_state.sender_cipher_key,
901 SSH_SESSION_KEY_LENGTH);
902
903 memcpy(encrypted_key_buf + encrypted_key_bytes -
904 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
905 SSH_SESSION_KEY_LENGTH);
906 for (i = 0; i < sizeof(session_id); i++) {
907 encrypted_key_buf[encrypted_key_bytes -
908 SSH_SESSION_KEY_LENGTH + i]
909 ^= session_id[i];
910 }
911
912 if (host_key_bits > server_key_bits) {
913 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
914 encrypted_key_buf +
915 encrypted_key_bytes -
916 SSH_SESSION_KEY_LENGTH,
917 encrypted_key_buf +
918 encrypted_key_bytes - server_key_bytes,
919 pvar->crypt_state.server_key.RSA_key,
920 RSA_PKCS1_PADDING) < 0)
921 return 0;
922
923 if (RSA_public_encrypt(server_key_bytes,
924 encrypted_key_buf +
925 encrypted_key_bytes - server_key_bytes,
926 encrypted_key_buf,
927 pvar->crypt_state.host_key.RSA_key,
928 RSA_PKCS1_PADDING) < 0)
929 return 0;
930 } else {
931 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
932 encrypted_key_buf +
933 encrypted_key_bytes -
934 SSH_SESSION_KEY_LENGTH,
935 encrypted_key_buf +
936 encrypted_key_bytes - host_key_bytes,
937 pvar->crypt_state.host_key.RSA_key,
938 RSA_PKCS1_PADDING) < 0)
939 return 0;
940
941 if (RSA_public_encrypt(host_key_bytes,
942 encrypted_key_buf +
943 encrypted_key_bytes - host_key_bytes,
944 encrypted_key_buf,
945 pvar->crypt_state.server_key.RSA_key,
946 RSA_PKCS1_PADDING) < 0)
947 return 0;
948 }
949 }
950
951 return 1;
952 }
953
954 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
955 unsigned char FAR * challenge,
956 int challenge_len,
957 unsigned char FAR * response)
958 {
959 int server_key_bits =
960 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
961 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
962 int server_key_bytes = (server_key_bits + 7) / 8;
963 int host_key_bytes = (host_key_bits + 7) / 8;
964 int session_buf_len = server_key_bytes + host_key_bytes + 8;
965 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
966 char decrypted_challenge[48];
967 int decrypted_challenge_len;
968
969 decrypted_challenge_len =
970 RSA_private_decrypt(challenge_len, challenge, challenge,
971 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
972 RSA_PKCS1_PADDING);
973 if (decrypted_challenge_len < 0) {
974 free(session_buf);
975 return 0;
976 }
977 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
978 memcpy(decrypted_challenge,
979 challenge + decrypted_challenge_len -
980 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
981 } else {
982 memset(decrypted_challenge, 0,
983 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
984 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
985 decrypted_challenge_len, challenge,
986 decrypted_challenge_len);
987 }
988
989 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
990 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
991 session_buf + host_key_bytes);
992 memcpy(session_buf + server_key_bytes + host_key_bytes,
993 pvar->crypt_state.server_cookie, 8);
994 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
995
996 free(session_buf);
997
998 MD5(decrypted_challenge, 48, response);
999
1000 return 1;
1001 }
1002
1003 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1004 {
1005 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1006 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1007 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1008 memset(state->ivec1, 0, 8);
1009 memset(state->ivec2, 0, 8);
1010 memset(state->ivec3, 0, 8);
1011 }
1012
1013 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1014 {
1015 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1016 memset(state->ivec, 0, 8);
1017 }
1018
1019 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1020 {
1021 idea_set_encrypt_key(session_key, &state->k);
1022 memset(state->ivec, 0, 8);
1023 }
1024
1025 static void cBlowfish_init(char FAR * session_key,
1026 CipherBlowfishState FAR * state)
1027 {
1028 BF_set_key(&state->k, 32, session_key);
1029 memset(state->ivec, 0, 8);
1030 }
1031
1032
1033 //
1034 // SSH2�p�A���S���Y����������
1035 //
1036 // for SSH2(yutaka)
1037 //
1038 void cipher_init_SSH2(
1039 EVP_CIPHER_CTX *evp,
1040 const u_char *key, u_int keylen,
1041 const u_char *iv, u_int ivlen,
1042 int encrypt,
1043 const EVP_CIPHER *(*func)(void)
1044 )
1045 {
1046 EVP_CIPHER *type;
1047 int klen;
1048
1049 type = (EVP_CIPHER *)func();
1050
1051 EVP_CIPHER_CTX_init(evp);
1052 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1053 // TODO:
1054 }
1055
1056 klen = EVP_CIPHER_CTX_key_length(evp);
1057 if (klen > 0 && keylen != klen) {
1058 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1059 // TODO:
1060 }
1061 }
1062 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1063 // TODO:
1064 }
1065 }
1066
1067
1068 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1069 {
1070 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1071 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1072 BOOL isOK = TRUE;
1073
1074 if (sender_flag) {
1075 switch (pvar->crypt_state.sender_cipher) {
1076 // for SSH2(yutaka)
1077 case SSH_CIPHER_3DES_CBC:
1078 {
1079 struct Enc *enc;
1080
1081 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1082 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1083 enc->key, 24, enc->iv, 8,
1084 CIPHER_ENCRYPT,
1085 EVP_des_ede3_cbc);
1086
1087 //debug_print(10, enc->key, 24);
1088 //debug_print(11, enc->iv, 24);
1089
1090 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1091 break;
1092 }
1093
1094 // for SSH2(yutaka)
1095 case SSH_CIPHER_AES128:
1096 {
1097 struct Enc *enc;
1098
1099 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1100 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1101 enc->key, 16, enc->iv, 16,
1102 CIPHER_ENCRYPT,
1103 EVP_aes_128_cbc);
1104
1105 //debug_print(10, enc->key, 24);
1106 //debug_print(11, enc->iv, 24);
1107
1108 pvar->crypt_state.encrypt = cAES128_encrypt;
1109 break;
1110 }
1111
1112 case SSH_CIPHER_3DES:{
1113 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1114 pvar->crypt_state.encrypt = c3DES_encrypt;
1115 break;
1116 }
1117 case SSH_CIPHER_IDEA:{
1118 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1119 pvar->crypt_state.encrypt = cIDEA_encrypt;
1120 break;
1121 }
1122 case SSH_CIPHER_DES:{
1123 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1124 pvar->crypt_state.encrypt = cDES_encrypt;
1125 break;
1126 }
1127 case SSH_CIPHER_RC4:{
1128 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1129 encryption_key + 16);
1130 pvar->crypt_state.encrypt = cRC4_encrypt;
1131 break;
1132 }
1133 case SSH_CIPHER_BLOWFISH:{
1134 cBlowfish_init(encryption_key,
1135 &pvar->crypt_state.enc.cBlowfish);
1136 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1137 break;
1138 }
1139 default:
1140 isOK = FALSE;
1141 }
1142 }
1143
1144
1145 if (receiver_flag) {
1146 switch (pvar->crypt_state.receiver_cipher) {
1147 // for SSH2(yutaka)
1148 case SSH_CIPHER_3DES_CBC:
1149 {
1150 struct Enc *enc;
1151
1152 enc = &pvar->ssh2_keys[MODE_IN].enc;
1153 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1154 enc->key, 24, enc->iv, 8,
1155 CIPHER_DECRYPT,
1156 EVP_des_ede3_cbc);
1157
1158 //debug_print(12, enc->key, 24);
1159 //debug_print(13, enc->iv, 24);
1160
1161 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1162 break;
1163 }
1164
1165 // for SSH2(yutaka)
1166 case SSH_CIPHER_AES128:
1167 {
1168 struct Enc *enc;
1169
1170 enc = &pvar->ssh2_keys[MODE_IN].enc;
1171 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1172 enc->key, 16, enc->iv, 16,
1173 CIPHER_DECRYPT,
1174 EVP_aes_128_cbc);
1175
1176 //debug_print(12, enc->key, 24);
1177 //debug_print(13, enc->iv, 24);
1178
1179 pvar->crypt_state.decrypt = cAES128_decrypt;
1180 break;
1181 }
1182
1183 case SSH_CIPHER_3DES:{
1184 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1185 pvar->crypt_state.decrypt = c3DES_decrypt;
1186 break;
1187 }
1188 case SSH_CIPHER_IDEA:{
1189 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1190 pvar->crypt_state.decrypt = cIDEA_decrypt;
1191 break;
1192 }
1193 case SSH_CIPHER_DES:{
1194 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1195 pvar->crypt_state.decrypt = cDES_decrypt;
1196 break;
1197 }
1198 case SSH_CIPHER_RC4:{
1199 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1200 pvar->crypt_state.decrypt = cRC4_decrypt;
1201 break;
1202 }
1203 case SSH_CIPHER_BLOWFISH:{
1204 cBlowfish_init(decryption_key,
1205 &pvar->crypt_state.dec.cBlowfish);
1206 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1207 break;
1208 }
1209 default:
1210 isOK = FALSE;
1211 }
1212 }
1213
1214
1215 if (!isOK) {
1216 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1217 return FALSE;
1218 } else {
1219 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1220 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1221 return TRUE;
1222 }
1223 }
1224
1225 void CRYPT_init(PTInstVar pvar)
1226 {
1227 pvar->crypt_state.encrypt = no_encrypt;
1228 pvar->crypt_state.decrypt = no_encrypt;
1229 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1230 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1231 pvar->crypt_state.server_key.RSA_key = NULL;
1232 pvar->crypt_state.host_key.RSA_key = NULL;
1233
1234 pvar->crypt_state.detect_attack_statics.h = NULL;
1235 pvar->crypt_state.detect_attack_statics.n =
1236 HASH_MINSIZE / HASH_ENTRYSIZE;
1237 }
1238
1239 static char FAR *get_cipher_name(int cipher)
1240 {
1241 switch (cipher) {
1242 case SSH_CIPHER_NONE:
1243 return "None";
1244 case SSH_CIPHER_3DES:
1245 return "3DES (168 key bits)";
1246 case SSH_CIPHER_DES:
1247 return "DES (56 key bits)";
1248 case SSH_CIPHER_IDEA:
1249 return "IDEA (128 key bits)";
1250 case SSH_CIPHER_RC4:
1251 return "RC4 (128 key bits)";
1252 case SSH_CIPHER_BLOWFISH:
1253 return "Blowfish (256 key bits)";
1254
1255 // SSH2
1256 case SSH_CIPHER_3DES_CBC:
1257 return "3DES-CBC";
1258 case SSH_CIPHER_AES128:
1259 return "AES128";
1260
1261 default:
1262 return "Unknown";
1263 }
1264 }
1265
1266 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1267 {
1268 _snprintf(dest, len, "%s to server, %s from server",
1269 get_cipher_name(pvar->crypt_state.sender_cipher),
1270 get_cipher_name(pvar->crypt_state.receiver_cipher));
1271 dest[len - 1] = 0;
1272 }
1273
1274 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1275 {
1276 if (SSHv1(pvar)) {
1277 if (pvar->crypt_state.server_key.RSA_key == NULL
1278 || pvar->crypt_state.host_key.RSA_key == NULL) {
1279 strncpy(dest, "None", len);
1280 } else {
1281 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1282 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1283 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1284 }
1285
1286 } else { // SSH2
1287 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1288 pvar->server_key_bits,
1289 pvar->client_key_bits);
1290
1291 }
1292
1293 dest[len - 1] = 0;
1294 }
1295
1296 static void destroy_public_key(CRYPTPublicKey FAR * key)
1297 {
1298 if (key->RSA_key != NULL) {
1299 RSA_free(key->RSA_key);
1300 key->RSA_key = NULL;
1301 }
1302 }
1303
1304 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1305 {
1306 destroy_public_key(key);
1307 free(key);
1308 }
1309
1310 void CRYPT_end(PTInstVar pvar)
1311 {
1312 destroy_public_key(&pvar->crypt_state.host_key);
1313 destroy_public_key(&pvar->crypt_state.server_key);
1314
1315 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1316 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1317 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1318 free(pvar->crypt_state.detect_attack_statics.h);
1319 }
1320
1321 memset(pvar->crypt_state.sender_cipher_key, 0,
1322 sizeof(pvar->crypt_state.sender_cipher_key));
1323 memset(pvar->crypt_state.receiver_cipher_key, 0,
1324 sizeof(pvar->crypt_state.receiver_cipher_key));
1325 memset(pvar->crypt_state.server_cookie, 0,
1326 sizeof(pvar->crypt_state.server_cookie));
1327 memset(pvar->crypt_state.client_cookie, 0,
1328 sizeof(pvar->crypt_state.client_cookie));
1329 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1330 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1331 }
1332
1333 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1334 char FAR * buf, int bytes)
1335 {
1336 unsigned char passphrase_key[16];
1337
1338 MD5(passphrase, strlen(passphrase), passphrase_key);
1339
1340 switch (cipher) {
1341 case SSH_CIPHER_3DES:{
1342 Cipher3DESState state;
1343
1344 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1345 &state.k1);
1346 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1347 &state.k2);
1348 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1349 &state.k3);
1350 memset(state.ivec1, 0, 8);
1351 memset(state.ivec2, 0, 8);
1352 memset(state.ivec3, 0, 8);
1353 DES_ncbc_encrypt(buf, buf, bytes,
1354 &state.k3, &state.ivec3, DES_DECRYPT);
1355 DES_ncbc_encrypt(buf, buf, bytes,
1356 &state.k2, &state.ivec2, DES_ENCRYPT);
1357 DES_ncbc_encrypt(buf, buf, bytes,
1358 &state.k1, &state.ivec1, DES_DECRYPT);
1359 break;
1360 }
1361
1362 case SSH_CIPHER_IDEA:{
1363 CipherIDEAState state;
1364 int num = 0;
1365
1366 cIDEA_init(passphrase_key, &state);
1367 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1368 &num, IDEA_DECRYPT);
1369 break;
1370 }
1371
1372 case SSH_CIPHER_DES:{
1373 CipherDESState state;
1374
1375 cDES_init(passphrase_key, &state);
1376 DES_ncbc_encrypt(buf, buf, bytes,
1377 &state.k, &state.ivec, DES_DECRYPT);
1378 break;
1379 }
1380
1381 case SSH_CIPHER_RC4:{
1382 CipherRC4State state;
1383 int num = 0;
1384
1385 RC4_set_key(&state.k, 16, passphrase_key);
1386 RC4(&state.k, bytes, buf, buf);
1387 break;
1388 }
1389
1390 case SSH_CIPHER_BLOWFISH:{
1391 CipherBlowfishState state;
1392
1393 BF_set_key(&state.k, 16, passphrase_key);
1394 memset(state.ivec, 0, 8);
1395 flip_endianness(buf, bytes);
1396 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1397 BF_DECRYPT);
1398 flip_endianness(buf, bytes);
1399 break;
1400 }
1401
1402 case SSH_CIPHER_NONE:
1403 break;
1404
1405 default:
1406 memset(passphrase_key, 0, sizeof(passphrase_key));
1407 return 0;
1408 }
1409
1410 memset(passphrase_key, 0, sizeof(passphrase_key));
1411 return 1;
1412 }
1413
1414 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1415 {
1416 if (key_pair->RSA_key != NULL)
1417 RSA_free(key_pair->RSA_key);
1418
1419 if (key_pair->DSA_key != NULL)
1420 DSA_free(key_pair->DSA_key);
1421
1422 free(key_pair);
1423 }
1424
1425 /*
1426 * $Log: not supported by cvs2svn $
1427 * Revision 1.4 2005/07/09 05:16:06 yutakakn
1428 * OpenSSL 0.9.8���r���h�����������������B
1429 *
1430 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1431 * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1432 *
1433 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help