Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2949 - (show annotations) (download) (as text)
Mon Jan 22 13:45:19 2007 UTC (17 years, 2 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 40603 byte(s) 
表示メッセージの読み込み対応
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.7 2007-01-22 13:45:19 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218 int bytes)
219 {
220 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221 unsigned char *newbuf = malloc(bytes);
222 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223
224 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225 if (bytes == 0)
226 return;
227
228 if (newbuf == NULL)
229 return;
230
231 if (bytes % block_size) {
232 char tmp[80];
233 #ifdef I18N
234 strcpy(pvar->ts->UIMsg, "AES128 encrypt error(1): bytes %d (%d)");
235 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar);
236 _snprintf(tmp, sizeof(tmp), pvar->ts->UIMsg, bytes, block_size);
237 #else
238 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
239 #endif
240 notify_fatal_error(pvar, tmp);
241 goto error;
242 }
243
244 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
245 // TODO: failure
246 #ifdef I18N
247 strcpy(pvar->ts->UIMsg, "AES128 encrypt error(1): bytes %d (%d)");
248 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar);
249 notify_fatal_error(pvar, pvar->ts->UIMsg);
250 #else
251 notify_fatal_error(pvar, "AES128 encrypt error(2)");
252 #endif
253
254 } else {
255 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
256 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
257 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
258
259 //debug_print(50, key, 24);
260 //debug_print(51, iv, 8);
261 //debug_print(52, buf, bytes);
262 //debug_print(53, newbuf, bytes);
263
264 memcpy(buf, newbuf, bytes);
265 }
266
267 error:
268 free(newbuf);
269 }
270
271 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
272 int bytes)
273 {
274 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
275 unsigned char *newbuf = malloc(bytes);
276 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
277
278 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
279 if (bytes == 0)
280 return;
281
282 if (newbuf == NULL)
283 return;
284
285 if (bytes % block_size) {
286 char tmp[80];
287 #ifdef I18N
288 strcpy(pvar->ts->UIMsg, "AES128 decrypt error(1): bytes %d (%d)");
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar);
290 _snprintf(tmp, sizeof(tmp), pvar->ts->UIMsg, bytes, block_size);
291 #else
292 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
293 #endif
294 notify_fatal_error(pvar, tmp);
295 goto error;
296 }
297
298 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
299 // TODO:
300 #ifdef I18N
301 strcpy(pvar->ts->UIMsg, "AES128 decrypt error(2)");
302 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar);
303 notify_fatal_error(pvar, pvar->ts->UIMsg);
304 #else
305 notify_fatal_error(pvar, "AES128 decrypt error(2)");
306 #endif
307
308 } else {
309 #if 0
310 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
311 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
312 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
313
314 {
315 static int no = 70;
316 debug_print(no, buf, bytes);
317 //debug_print(no, key, AES128_KEYLEN);
318 //debug_print(10*no, iv, AES128_IVLEN);
319 debug_print(30*no, newbuf, bytes);
320 no++;
321 }
322 #endif
323
324 memcpy(buf, newbuf, bytes);
325 }
326
327 error:;
328 free(newbuf);
329 }
330
331
332
333 // for SSH2(yutaka)
334 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
335 int bytes)
336 {
337 unsigned char key[24], iv[8];
338 unsigned char *newbuf = malloc(bytes);
339
340 if (newbuf == NULL)
341 return;
342
343 #if 1
344
345 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
346 // TODO: failure
347 } else {
348 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
349 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
350 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
351
352 //debug_print(50, key, 24);
353 //debug_print(51, iv, 8);
354 //debug_print(52, buf, bytes);
355 //debug_print(53, newbuf, bytes);
356
357 memcpy(buf, newbuf, bytes);
358 }
359 free(newbuf);
360 #else
361
362 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
363 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
364 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
365
366 //debug_print(50, key, 24);
367 //debug_print(51, iv, 8);
368 //debug_print(52, buf, bytes);
369
370 #if 0
371 DES_ede3_cbc_encrypt(
372 buf, newbuf, bytes,
373 (DES_key_schedule *)&key[0],
374 (DES_key_schedule *)&key[8],
375 (DES_key_schedule *)&key[16],
376 (DES_cblock *)iv,
377 DES_ENCRYPT);
378 #else
379 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
380 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
381 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
382
383 #endif
384
385 //debug_print(53, newbuf, bytes);
386
387 memcpy(buf, newbuf, bytes);
388 free(newbuf);
389
390 #endif
391 }
392
393 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
394 int bytes)
395 {
396 unsigned char key[24], iv[8];
397 unsigned char *newbuf = malloc(bytes);
398
399 if (newbuf == NULL)
400 return;
401
402 #if 1
403 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
404 // TODO:
405
406 } else {
407 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
408 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
409 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
410
411 //debug_print(70, key, 24);
412 //debug_print(71, iv, 8);
413 //debug_print(72, buf, bytes);
414 //debug_print(73, newbuf, bytes);
415
416 memcpy(buf, newbuf, bytes);
417 }
418 free(newbuf);
419
420 #else
421 unsigned char *key, iv[8];
422 unsigned char *newbuf = malloc(bytes);
423 if (newbuf == NULL)
424 return;
425
426 key = pvar->ssh2_keys[MODE_IN].enc.key;
427 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
428 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
429
430 //debug_print(60, key, 24);
431 //debug_print(61, iv, 8);
432 //debug_print(62, buf, bytes);
433
434 DES_ede3_cbc_encrypt(
435 buf, newbuf, bytes,
436 (DES_key_schedule *)&key[0],
437 (DES_key_schedule *)&key[8],
438 (DES_key_schedule *)&key[16],
439 (DES_cblock *)iv,
440 DES_DECRYPT);
441
442 //debug_print(63, newbuf, bytes);
443
444 memcpy(buf, newbuf, bytes);
445
446 free(newbuf);
447 #endif
448 }
449
450
451 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
452 int bytes)
453 {
454 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
455
456 DES_ncbc_encrypt(buf, buf, bytes,
457 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
458 DES_ncbc_encrypt(buf, buf, bytes,
459 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
460 DES_ncbc_encrypt(buf, buf, bytes,
461 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
462 }
463
464 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
465 int bytes)
466 {
467 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
468
469 DES_ncbc_encrypt(buf, buf, bytes,
470 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
471 DES_ncbc_encrypt(buf, buf, bytes,
472 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
473 DES_ncbc_encrypt(buf, buf, bytes,
474 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
475 }
476
477 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
478 int bytes)
479 {
480 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
481
482 DES_ncbc_encrypt(buf, buf, bytes,
483 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
484 }
485
486 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
487 int bytes)
488 {
489 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
490
491 DES_ncbc_encrypt(buf, buf, bytes,
492 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
493 }
494
495 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
496 int bytes)
497 {
498 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
499 int num = 0;
500
501 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
502 encryptstate->ivec, &num, IDEA_ENCRYPT);
503 }
504
505 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
506 int bytes)
507 {
508 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
509 int num = 0;
510
511 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
512 decryptstate->ivec, &num, IDEA_DECRYPT);
513 }
514
515 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
516 {
517 uint32 FAR *buf = (uint32 FAR *) cbuf;
518 int count = bytes / 4;
519
520 while (count > 0) {
521 uint32 w = *buf;
522
523 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
524 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
525 count--;
526 buf++;
527 }
528 }
529
530 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531 int bytes)
532 {
533 CipherBlowfishState FAR *encryptstate =
534 &pvar->crypt_state.enc.cBlowfish;
535
536 flip_endianness(buf, bytes);
537 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
538 BF_ENCRYPT);
539 flip_endianness(buf, bytes);
540 }
541
542 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
543 int bytes)
544 {
545 CipherBlowfishState FAR *decryptstate =
546 &pvar->crypt_state.dec.cBlowfish;
547
548 flip_endianness(buf, bytes);
549 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
550 BF_DECRYPT);
551 flip_endianness(buf, bytes);
552 }
553
554 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
555 int bytes)
556 {
557 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
558 int num = 0;
559
560 RC4(&encryptstate->k, bytes, buf, buf);
561 }
562
563 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
564 int bytes)
565 {
566 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
567 int num = 0;
568
569 RC4(&decryptstate->k, bytes, buf, buf);
570 }
571
572 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
573 int bytes)
574 {
575 RAND_bytes(buf, bytes);
576 }
577
578 void CRYPT_initialize_random_numbers(PTInstVar pvar)
579 {
580 RAND_screen();
581 }
582
583 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
584 {
585 int bits = get_ushort16_MSBfirst(bytes);
586
587 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
588 }
589
590 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
591 RSA FAR *make_key(PTInstVar pvar,
592 int bits, unsigned char FAR * exp,
593 unsigned char FAR * mod)
594 {
595 RSA FAR *key = RSA_new();
596
597 if (key != NULL) {
598 key->e = get_bignum(exp);
599 key->n = get_bignum(mod);
600 }
601
602 if (key == NULL || key->e == NULL || key->n == NULL) {
603 #ifdef I18N
604 strcpy(pvar->ts->UIMsg, "Error setting up RSA keys");
605 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar);
606 notify_fatal_error(pvar, pvar->ts->UIMsg);
607 #else
608 notify_fatal_error(pvar, "Error setting up RSA keys");
609 #endif
610
611 if (key != NULL) {
612 if (key->e != NULL) {
613 BN_free(key->e);
614 }
615 if (key->n != NULL) {
616 BN_free(key->n);
617 }
618 RSA_free(key);
619 }
620
621 return NULL;
622 } else {
623 return key;
624 }
625 }
626
627 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
628 {
629 if (SSHv1(pvar)) {
630 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
631 } else {
632 memcpy(pvar->crypt_state.server_cookie, cookie,
633 SSH2_COOKIE_LENGTH);
634 }
635 }
636
637 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
638 {
639 if (SSHv2(pvar)) {
640 memcpy(pvar->crypt_state.client_cookie, cookie,
641 SSH2_COOKIE_LENGTH);
642 }
643 }
644
645 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
646 int bits, unsigned char FAR * exp,
647 unsigned char FAR * mod)
648 {
649 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
650
651 return pvar->crypt_state.server_key.RSA_key != NULL;
652 }
653
654 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
655 int bits, unsigned char FAR * exp,
656 unsigned char FAR * mod)
657 {
658 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
659
660 return pvar->crypt_state.host_key.RSA_key != NULL;
661 }
662
663 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
664 int receiver_ciphers)
665 {
666 int cipher_mask;
667
668 if (SSHv1(pvar)) {
669 cipher_mask = (1 << SSH_CIPHER_DES)
670 | (1 << SSH_CIPHER_3DES)
671 | (1 << SSH_CIPHER_BLOWFISH);
672
673 } else { // for SSH2(yutaka)
674 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
675 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
676
677 }
678
679 sender_ciphers &= cipher_mask;
680 receiver_ciphers &= cipher_mask;
681 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
682 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
683
684 if (sender_ciphers == 0) {
685 #ifdef I18N
686 strcpy(pvar->ts->UIMsg,
687 "The server does not support any of the TTSSH encryption algorithms.\n"
688 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
689 "The connection will be closed.");
690 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
691 notify_fatal_error(pvar, pvar->ts->UIMsg);
692
693 #else
694 notify_fatal_error(pvar,
695 "The server does not support any of the TTSSH encryption algorithms.\n"
696 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
697 "The connection will be closed.");
698 #endif
699 return FALSE;
700 } else if (receiver_ciphers == 0) {
701 #ifdef I18N
702 strcpy(pvar->ts->UIMsg,
703 "The server does not support any of the TTSSH encryption algorithms.\n"
704 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
705 "The connection will be closed.");
706 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
707 notify_fatal_error(pvar, pvar->ts->UIMsg);
708
709 #else
710 notify_fatal_error(pvar,
711 "The server does not support any of the TTSSH encryption algorithms.\n"
712 "A secure connection cannot be made in the server-to-TTSSH direction.\n"
713 "The connection will be closed.");
714 #endif
715 return FALSE;
716 } else {
717 return TRUE;
718 }
719 }
720
721 int CRYPT_get_decryption_block_size(PTInstVar pvar)
722 {
723 if (SSHv1(pvar)) {
724 return 8;
725 } else {
726 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
727 // cf. 3DES=8, AES128=16
728 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
729 }
730 }
731
732 int CRYPT_get_encryption_block_size(PTInstVar pvar)
733 {
734 if (SSHv1(pvar)) {
735 return 8;
736 } else {
737 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
738 // cf. 3DES=8, AES128=16
739 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
740 }
741 }
742
743 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
744 {
745 struct Mac *mac;
746
747 if (SSHv1(pvar)) {
748 return 0;
749
750 } else { // for SSH2(yutaka)
751 mac = &pvar->ssh2_keys[MODE_IN].mac;
752 if (mac == NULL || mac->enabled == 0)
753 return 0;
754
755 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
756 }
757
758 }
759
760 // HMAC������
761 // ���{������ SSH2 �������g�p�������B
762 // (2004.12.17 yutaka)
763 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
764 char FAR * data, int len, char FAR * MAC)
765 {
766 HMAC_CTX c;
767 unsigned char m[EVP_MAX_MD_SIZE];
768 unsigned char b[4];
769 struct Mac *mac;
770
771 mac = &pvar->ssh2_keys[MODE_IN].mac;
772
773 // HMAC�������L���������������A����OK�����������B
774 if (mac == NULL || mac->enabled == 0)
775 return TRUE;
776
777 if (mac->key == NULL)
778 goto error;
779
780 if ((u_int)mac->mac_len > sizeof(m))
781 goto error;
782
783 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
784 set_uint32_MSBfirst(b, sequence_number);
785 HMAC_Update(&c, b, sizeof(b));
786 HMAC_Update(&c, data, len);
787 HMAC_Final(&c, m, NULL);
788 HMAC_cleanup(&c);
789
790 if (memcmp(m, MAC, mac->mac_len)) {
791 goto error;
792 }
793
794 return TRUE;
795
796 error:
797 return FALSE;
798 }
799
800 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
801 {
802 struct Mac *mac;
803
804 if (SSHv2(pvar)) { // for SSH2(yutaka)
805 mac = &pvar->ssh2_keys[MODE_OUT].mac;
806 if (mac == NULL || mac->enabled == 0)
807 return 0;
808
809 return (mac->mac_len);
810 }
811
812 return 0;
813 }
814
815 // for SSH2
816 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
817 char FAR * data, int len, char FAR * MAC)
818 {
819 HMAC_CTX c;
820 static u_char m[EVP_MAX_MD_SIZE];
821 u_char b[4];
822 struct Mac *mac;
823
824 if (SSHv2(pvar)) { // for SSH2(yutaka)
825 mac = &pvar->ssh2_keys[MODE_OUT].mac;
826 if (mac == NULL || mac->enabled == 0)
827 return FALSE;
828
829 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
830 set_uint32_MSBfirst(b, sequence_number);
831 HMAC_Update(&c, b, sizeof(b));
832 HMAC_Update(&c, data, len);
833 HMAC_Final(&c, m, NULL);
834 HMAC_cleanup(&c);
835
836 // 20�o�C�g�������R�s�[
837 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
838 // memcpy(MAC, m, sizeof(m));
839
840 return TRUE;
841 }
842
843 return TRUE;
844
845 }
846
847 static int choose_cipher(PTInstVar pvar, int supported)
848 {
849 int i;
850
851 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
852 int cipher = pvar->session_settings.CipherOrder[i] - '0';
853
854 if (cipher == SSH_CIPHER_NONE) {
855 break;
856 } else if ((supported & (1 << cipher)) != 0) {
857 return cipher;
858 }
859 }
860
861 return SSH_CIPHER_NONE;
862 }
863
864 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
865 {
866 if (SSHv1(pvar)) {
867 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
868 pvar->crypt_state.
869 supported_sender_ciphers);
870 pvar->crypt_state.receiver_cipher =
871 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
872
873 } else { // SSH2(yutaka)
874 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
875 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
876
877 }
878
879 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
880 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
881 #ifdef I18N
882 strcpy(pvar->ts->UIMsg,
883 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
884 "To communicate with this server, you will have to enable some more ciphers\n"
885 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
886 "This connection will now close.");
887 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar);
888 notify_fatal_error(pvar, pvar->ts->UIMsg);
889 #else
890 notify_fatal_error(pvar,
891 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
892 "To communicate with this server, you will have to enable some more ciphers\n"
893 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
894 "This connection will now close.");
895 #endif
896 return FALSE;
897 } else {
898 return TRUE;
899 }
900 }
901
902 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
903 {
904 int server_key_bits =
905 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
906 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
907 int server_key_bytes = (server_key_bits + 7) / 8;
908 int host_key_bytes = (host_key_bits + 7) / 8;
909
910 if (server_key_bits < host_key_bits) {
911 return host_key_bytes;
912 } else {
913 return server_key_bytes;
914 }
915 }
916
917 int CRYPT_choose_session_key(PTInstVar pvar,
918 unsigned char FAR * encrypted_key_buf)
919 {
920 int server_key_bits =
921 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
922 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
923 int server_key_bytes = (server_key_bits + 7) / 8;
924 int host_key_bytes = (host_key_bits + 7) / 8;
925 int encrypted_key_bytes;
926 int bit_delta;
927
928 if (server_key_bits < host_key_bits) {
929 encrypted_key_bytes = host_key_bytes;
930 bit_delta = host_key_bits - server_key_bits;
931 } else {
932 encrypted_key_bytes = server_key_bytes;
933 bit_delta = server_key_bits - host_key_bits;
934 }
935
936 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
937 #ifdef I18N
938 strcpy(pvar->ts->UIMsg,
939 "Server RSA keys are too weak. A secure connection cannot be established.");
940 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar);
941 notify_fatal_error(pvar, pvar->ts->UIMsg);
942 #else
943 notify_fatal_error(pvar,
944 "Server RSA keys are too weak. A secure connection cannot be established.");
945 #endif
946 return 0;
947 } else {
948 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
949 for the session ID, rather than the one specified in the RFC */
950 int session_buf_len = server_key_bytes + host_key_bytes + 8;
951 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
952 char session_id[16];
953 int i;
954
955 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
956 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
957 session_buf + host_key_bytes);
958 memcpy(session_buf + server_key_bytes + host_key_bytes,
959 pvar->crypt_state.server_cookie, 8);
960 MD5(session_buf, session_buf_len, session_id);
961
962 free(session_buf);
963
964 RAND_bytes(pvar->crypt_state.sender_cipher_key,
965 SSH_SESSION_KEY_LENGTH);
966 memcpy(pvar->crypt_state.receiver_cipher_key,
967 pvar->crypt_state.sender_cipher_key,
968 SSH_SESSION_KEY_LENGTH);
969
970 memcpy(encrypted_key_buf + encrypted_key_bytes -
971 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
972 SSH_SESSION_KEY_LENGTH);
973 for (i = 0; i < sizeof(session_id); i++) {
974 encrypted_key_buf[encrypted_key_bytes -
975 SSH_SESSION_KEY_LENGTH + i]
976 ^= session_id[i];
977 }
978
979 if (host_key_bits > server_key_bits) {
980 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
981 encrypted_key_buf +
982 encrypted_key_bytes -
983 SSH_SESSION_KEY_LENGTH,
984 encrypted_key_buf +
985 encrypted_key_bytes - server_key_bytes,
986 pvar->crypt_state.server_key.RSA_key,
987 RSA_PKCS1_PADDING) < 0)
988 return 0;
989
990 if (RSA_public_encrypt(server_key_bytes,
991 encrypted_key_buf +
992 encrypted_key_bytes - server_key_bytes,
993 encrypted_key_buf,
994 pvar->crypt_state.host_key.RSA_key,
995 RSA_PKCS1_PADDING) < 0)
996 return 0;
997 } else {
998 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
999 encrypted_key_buf +
1000 encrypted_key_bytes -
1001 SSH_SESSION_KEY_LENGTH,
1002 encrypted_key_buf +
1003 encrypted_key_bytes - host_key_bytes,
1004 pvar->crypt_state.host_key.RSA_key,
1005 RSA_PKCS1_PADDING) < 0)
1006 return 0;
1007
1008 if (RSA_public_encrypt(host_key_bytes,
1009 encrypted_key_buf +
1010 encrypted_key_bytes - host_key_bytes,
1011 encrypted_key_buf,
1012 pvar->crypt_state.server_key.RSA_key,
1013 RSA_PKCS1_PADDING) < 0)
1014 return 0;
1015 }
1016 }
1017
1018 return 1;
1019 }
1020
1021 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1022 unsigned char FAR * challenge,
1023 int challenge_len,
1024 unsigned char FAR * response)
1025 {
1026 int server_key_bits =
1027 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1028 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1029 int server_key_bytes = (server_key_bits + 7) / 8;
1030 int host_key_bytes = (host_key_bits + 7) / 8;
1031 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1032 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1033 char decrypted_challenge[48];
1034 int decrypted_challenge_len;
1035
1036 decrypted_challenge_len =
1037 RSA_private_decrypt(challenge_len, challenge, challenge,
1038 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1039 RSA_PKCS1_PADDING);
1040 if (decrypted_challenge_len < 0) {
1041 free(session_buf);
1042 return 0;
1043 }
1044 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1045 memcpy(decrypted_challenge,
1046 challenge + decrypted_challenge_len -
1047 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1048 } else {
1049 memset(decrypted_challenge, 0,
1050 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1051 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1052 decrypted_challenge_len, challenge,
1053 decrypted_challenge_len);
1054 }
1055
1056 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1057 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1058 session_buf + host_key_bytes);
1059 memcpy(session_buf + server_key_bytes + host_key_bytes,
1060 pvar->crypt_state.server_cookie, 8);
1061 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1062
1063 free(session_buf);
1064
1065 MD5(decrypted_challenge, 48, response);
1066
1067 return 1;
1068 }
1069
1070 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1071 {
1072 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1073 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1074 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1075 memset(state->ivec1, 0, 8);
1076 memset(state->ivec2, 0, 8);
1077 memset(state->ivec3, 0, 8);
1078 }
1079
1080 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1081 {
1082 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1083 memset(state->ivec, 0, 8);
1084 }
1085
1086 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1087 {
1088 idea_set_encrypt_key(session_key, &state->k);
1089 memset(state->ivec, 0, 8);
1090 }
1091
1092 static void cBlowfish_init(char FAR * session_key,
1093 CipherBlowfishState FAR * state)
1094 {
1095 BF_set_key(&state->k, 32, session_key);
1096 memset(state->ivec, 0, 8);
1097 }
1098
1099
1100 //
1101 // SSH2�p�A���S���Y����������
1102 //
1103 // for SSH2(yutaka)
1104 //
1105 void cipher_init_SSH2(
1106 EVP_CIPHER_CTX *evp,
1107 const u_char *key, u_int keylen,
1108 const u_char *iv, u_int ivlen,
1109 int encrypt,
1110 const EVP_CIPHER *(*func)(void)
1111 )
1112 {
1113 EVP_CIPHER *type;
1114 int klen;
1115
1116 type = (EVP_CIPHER *)func();
1117
1118 EVP_CIPHER_CTX_init(evp);
1119 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1120 // TODO:
1121 }
1122
1123 klen = EVP_CIPHER_CTX_key_length(evp);
1124 if (klen > 0 && keylen != klen) {
1125 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1126 // TODO:
1127 }
1128 }
1129 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1130 // TODO:
1131 }
1132 }
1133
1134
1135 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1136 {
1137 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1138 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1139 BOOL isOK = TRUE;
1140
1141 if (sender_flag) {
1142 switch (pvar->crypt_state.sender_cipher) {
1143 // for SSH2(yutaka)
1144 case SSH_CIPHER_3DES_CBC:
1145 {
1146 struct Enc *enc;
1147
1148 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1149 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1150 enc->key, 24, enc->iv, 8,
1151 CIPHER_ENCRYPT,
1152 EVP_des_ede3_cbc);
1153
1154 //debug_print(10, enc->key, 24);
1155 //debug_print(11, enc->iv, 24);
1156
1157 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1158 break;
1159 }
1160
1161 // for SSH2(yutaka)
1162 case SSH_CIPHER_AES128:
1163 {
1164 struct Enc *enc;
1165
1166 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1167 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1168 enc->key, 16, enc->iv, 16,
1169 CIPHER_ENCRYPT,
1170 EVP_aes_128_cbc);
1171
1172 //debug_print(10, enc->key, 24);
1173 //debug_print(11, enc->iv, 24);
1174
1175 pvar->crypt_state.encrypt = cAES128_encrypt;
1176 break;
1177 }
1178
1179 case SSH_CIPHER_3DES:{
1180 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1181 pvar->crypt_state.encrypt = c3DES_encrypt;
1182 break;
1183 }
1184 case SSH_CIPHER_IDEA:{
1185 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1186 pvar->crypt_state.encrypt = cIDEA_encrypt;
1187 break;
1188 }
1189 case SSH_CIPHER_DES:{
1190 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1191 pvar->crypt_state.encrypt = cDES_encrypt;
1192 break;
1193 }
1194 case SSH_CIPHER_RC4:{
1195 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1196 encryption_key + 16);
1197 pvar->crypt_state.encrypt = cRC4_encrypt;
1198 break;
1199 }
1200 case SSH_CIPHER_BLOWFISH:{
1201 cBlowfish_init(encryption_key,
1202 &pvar->crypt_state.enc.cBlowfish);
1203 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1204 break;
1205 }
1206 default:
1207 isOK = FALSE;
1208 }
1209 }
1210
1211
1212 if (receiver_flag) {
1213 switch (pvar->crypt_state.receiver_cipher) {
1214 // for SSH2(yutaka)
1215 case SSH_CIPHER_3DES_CBC:
1216 {
1217 struct Enc *enc;
1218
1219 enc = &pvar->ssh2_keys[MODE_IN].enc;
1220 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1221 enc->key, 24, enc->iv, 8,
1222 CIPHER_DECRYPT,
1223 EVP_des_ede3_cbc);
1224
1225 //debug_print(12, enc->key, 24);
1226 //debug_print(13, enc->iv, 24);
1227
1228 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1229 break;
1230 }
1231
1232 // for SSH2(yutaka)
1233 case SSH_CIPHER_AES128:
1234 {
1235 struct Enc *enc;
1236
1237 enc = &pvar->ssh2_keys[MODE_IN].enc;
1238 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1239 enc->key, 16, enc->iv, 16,
1240 CIPHER_DECRYPT,
1241 EVP_aes_128_cbc);
1242
1243 //debug_print(12, enc->key, 24);
1244 //debug_print(13, enc->iv, 24);
1245
1246 pvar->crypt_state.decrypt = cAES128_decrypt;
1247 break;
1248 }
1249
1250 case SSH_CIPHER_3DES:{
1251 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1252 pvar->crypt_state.decrypt = c3DES_decrypt;
1253 break;
1254 }
1255 case SSH_CIPHER_IDEA:{
1256 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1257 pvar->crypt_state.decrypt = cIDEA_decrypt;
1258 break;
1259 }
1260 case SSH_CIPHER_DES:{
1261 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1262 pvar->crypt_state.decrypt = cDES_decrypt;
1263 break;
1264 }
1265 case SSH_CIPHER_RC4:{
1266 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1267 pvar->crypt_state.decrypt = cRC4_decrypt;
1268 break;
1269 }
1270 case SSH_CIPHER_BLOWFISH:{
1271 cBlowfish_init(decryption_key,
1272 &pvar->crypt_state.dec.cBlowfish);
1273 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1274 break;
1275 }
1276 default:
1277 isOK = FALSE;
1278 }
1279 }
1280
1281
1282 if (!isOK) {
1283 #ifdef I18N
1284 strcpy(pvar->ts->UIMsg, "No cipher selected!");
1285 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar);
1286 notify_fatal_error(pvar, pvar->ts->UIMsg);
1287 #else
1288 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1289 #endif
1290 return FALSE;
1291 } else {
1292 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1293 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1294 return TRUE;
1295 }
1296 }
1297
1298 void CRYPT_init(PTInstVar pvar)
1299 {
1300 pvar->crypt_state.encrypt = no_encrypt;
1301 pvar->crypt_state.decrypt = no_encrypt;
1302 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1303 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1304 pvar->crypt_state.server_key.RSA_key = NULL;
1305 pvar->crypt_state.host_key.RSA_key = NULL;
1306
1307 pvar->crypt_state.detect_attack_statics.h = NULL;
1308 pvar->crypt_state.detect_attack_statics.n =
1309 HASH_MINSIZE / HASH_ENTRYSIZE;
1310 }
1311
1312 static char FAR *get_cipher_name(int cipher)
1313 {
1314 switch (cipher) {
1315 case SSH_CIPHER_NONE:
1316 return "None";
1317 case SSH_CIPHER_3DES:
1318 return "3DES (168 key bits)";
1319 case SSH_CIPHER_DES:
1320 return "DES (56 key bits)";
1321 case SSH_CIPHER_IDEA:
1322 return "IDEA (128 key bits)";
1323 case SSH_CIPHER_RC4:
1324 return "RC4 (128 key bits)";
1325 case SSH_CIPHER_BLOWFISH:
1326 return "Blowfish (256 key bits)";
1327
1328 // SSH2
1329 case SSH_CIPHER_3DES_CBC:
1330 return "3DES-CBC";
1331 case SSH_CIPHER_AES128:
1332 return "AES128";
1333
1334 default:
1335 return "Unknown";
1336 }
1337 }
1338
1339 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1340 {
1341 #ifdef I18N
1342 strcpy(pvar->ts->UIMsg, "%s to server, %s from server");
1343 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar);
1344 _snprintf(dest, len, pvar->ts->UIMsg,
1345 get_cipher_name(pvar->crypt_state.sender_cipher),
1346 get_cipher_name(pvar->crypt_state.receiver_cipher));
1347 #else
1348 _snprintf(dest, len, "%s to server, %s from server",
1349 get_cipher_name(pvar->crypt_state.sender_cipher),
1350 get_cipher_name(pvar->crypt_state.receiver_cipher));
1351 #endif
1352 dest[len - 1] = 0;
1353 }
1354
1355 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1356 {
1357 if (SSHv1(pvar)) {
1358 if (pvar->crypt_state.server_key.RSA_key == NULL
1359 || pvar->crypt_state.host_key.RSA_key == NULL) {
1360 #ifdef I18N
1361 strcpy(pvar->ts->UIMsg, "None");
1362 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar);
1363 strncpy(dest, pvar->ts->UIMsg, len);
1364 #else
1365 strncpy(dest, "None", len);
1366 #endif
1367 } else {
1368 #ifdef I18N
1369 strcpy(pvar->ts->UIMsg, "%d-bit server key, %d-bit host key");
1370 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1371 _snprintf(dest, len, pvar->ts->UIMsg,
1372 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1373 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1374 #else
1375 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1376 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1377 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1378 #endif
1379 }
1380
1381 } else { // SSH2
1382 #ifdef I18N
1383 strcpy(pvar->ts->UIMsg, "%d-bit server key, %d-bit host key");
1384 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1385 _snprintf(dest, len, pvar->ts->UIMsg,
1386 pvar->server_key_bits,
1387 pvar->client_key_bits);
1388 #else
1389 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1390 pvar->server_key_bits,
1391 pvar->client_key_bits);
1392 #endif
1393
1394 }
1395
1396 dest[len - 1] = 0;
1397 }
1398
1399 static void destroy_public_key(CRYPTPublicKey FAR * key)
1400 {
1401 if (key->RSA_key != NULL) {
1402 RSA_free(key->RSA_key);
1403 key->RSA_key = NULL;
1404 }
1405 }
1406
1407 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1408 {
1409 destroy_public_key(key);
1410 free(key);
1411 }
1412
1413 void CRYPT_end(PTInstVar pvar)
1414 {
1415 destroy_public_key(&pvar->crypt_state.host_key);
1416 destroy_public_key(&pvar->crypt_state.server_key);
1417
1418 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1419 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1420 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1421 free(pvar->crypt_state.detect_attack_statics.h);
1422 }
1423
1424 memset(pvar->crypt_state.sender_cipher_key, 0,
1425 sizeof(pvar->crypt_state.sender_cipher_key));
1426 memset(pvar->crypt_state.receiver_cipher_key, 0,
1427 sizeof(pvar->crypt_state.receiver_cipher_key));
1428 memset(pvar->crypt_state.server_cookie, 0,
1429 sizeof(pvar->crypt_state.server_cookie));
1430 memset(pvar->crypt_state.client_cookie, 0,
1431 sizeof(pvar->crypt_state.client_cookie));
1432 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1433 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1434 }
1435
1436 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1437 char FAR * buf, int bytes)
1438 {
1439 unsigned char passphrase_key[16];
1440
1441 MD5(passphrase, strlen(passphrase), passphrase_key);
1442
1443 switch (cipher) {
1444 case SSH_CIPHER_3DES:{
1445 Cipher3DESState state;
1446
1447 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1448 &state.k1);
1449 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1450 &state.k2);
1451 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1452 &state.k3);
1453 memset(state.ivec1, 0, 8);
1454 memset(state.ivec2, 0, 8);
1455 memset(state.ivec3, 0, 8);
1456 DES_ncbc_encrypt(buf, buf, bytes,
1457 &state.k3, &state.ivec3, DES_DECRYPT);
1458 DES_ncbc_encrypt(buf, buf, bytes,
1459 &state.k2, &state.ivec2, DES_ENCRYPT);
1460 DES_ncbc_encrypt(buf, buf, bytes,
1461 &state.k1, &state.ivec1, DES_DECRYPT);
1462 break;
1463 }
1464
1465 case SSH_CIPHER_IDEA:{
1466 CipherIDEAState state;
1467 int num = 0;
1468
1469 cIDEA_init(passphrase_key, &state);
1470 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1471 &num, IDEA_DECRYPT);
1472 break;
1473 }
1474
1475 case SSH_CIPHER_DES:{
1476 CipherDESState state;
1477
1478 cDES_init(passphrase_key, &state);
1479 DES_ncbc_encrypt(buf, buf, bytes,
1480 &state.k, &state.ivec, DES_DECRYPT);
1481 break;
1482 }
1483
1484 case SSH_CIPHER_RC4:{
1485 CipherRC4State state;
1486 int num = 0;
1487
1488 RC4_set_key(&state.k, 16, passphrase_key);
1489 RC4(&state.k, bytes, buf, buf);
1490 break;
1491 }
1492
1493 case SSH_CIPHER_BLOWFISH:{
1494 CipherBlowfishState state;
1495
1496 BF_set_key(&state.k, 16, passphrase_key);
1497 memset(state.ivec, 0, 8);
1498 flip_endianness(buf, bytes);
1499 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1500 BF_DECRYPT);
1501 flip_endianness(buf, bytes);
1502 break;
1503 }
1504
1505 case SSH_CIPHER_NONE:
1506 break;
1507
1508 default:
1509 memset(passphrase_key, 0, sizeof(passphrase_key));
1510 return 0;
1511 }
1512
1513 memset(passphrase_key, 0, sizeof(passphrase_key));
1514 return 1;
1515 }
1516
1517 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1518 {
1519 if (key_pair->RSA_key != NULL)
1520 RSA_free(key_pair->RSA_key);
1521
1522 if (key_pair->DSA_key != NULL)
1523 DSA_free(key_pair->DSA_key);
1524
1525 free(key_pair);
1526 }
1527
1528 /*
1529 * $Log: not supported by cvs2svn $
1530 * Revision 1.6 2006/11/23 02:19:30 maya
1531 * �\�����b�Z�[�W�������t�@�C�����������������R�[�h���������J�n�����B
1532 *
1533 * Revision 1.5 2006/03/26 17:07:17 yutakakn
1534 * fingerprint�\��������
1535 *
1536 * Revision 1.4 2005/07/09 05:16:06 yutakakn
1537 * OpenSSL 0.9.8���r���h�����������������B
1538 *
1539 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1540 * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1541 *
1542 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help