Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2992 - (show annotations) (download) (as text)
Wed Aug 8 16:04:09 2007 UTC (16 years, 8 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41478 byte(s) 
安全な関数を使用するように変更した。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.9 2007-08-08 16:04:08 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218 int bytes)
219 {
220 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221 unsigned char *newbuf = malloc(bytes);
222 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223
224 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225 if (bytes == 0)
226 return;
227
228 if (newbuf == NULL)
229 return;
230
231 if (bytes % block_size) {
232 char tmp[80];
233 #ifndef NO_I18N
234 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 encrypt error(1): bytes %d (%d)", _TRUNCATE);
235 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar);
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 #else
239 _snprintf(tmp, sizeof(tmp), "AES128 encrypt error(1): bytes %d (%d)", bytes, block_size);
240 #endif
241 notify_fatal_error(pvar, tmp);
242 goto error;
243 }
244
245 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
246 // TODO: failure
247 #ifndef NO_I18N
248 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 encrypt error(1): bytes %d (%d)", _TRUNCATE);
249 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar);
250 notify_fatal_error(pvar, pvar->ts->UIMsg);
251 #else
252 notify_fatal_error(pvar, "AES128 encrypt error(2)");
253 #endif
254
255 } else {
256 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
257 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
258 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
259
260 //debug_print(50, key, 24);
261 //debug_print(51, iv, 8);
262 //debug_print(52, buf, bytes);
263 //debug_print(53, newbuf, bytes);
264
265 memcpy(buf, newbuf, bytes);
266 }
267
268 error:
269 free(newbuf);
270 }
271
272 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
273 int bytes)
274 {
275 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
276 unsigned char *newbuf = malloc(bytes);
277 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
278
279 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
280 if (bytes == 0)
281 return;
282
283 if (newbuf == NULL)
284 return;
285
286 if (bytes % block_size) {
287 char tmp[80];
288 #ifndef NO_I18N
289 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 decrypt error(1): bytes %d (%d)", _TRUNCATE);
290 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar);
291 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
292 #else
293 _snprintf(tmp, sizeof(tmp), "AES128 decrypt error(1): bytes %d (%d)", bytes, block_size);
294 #endif
295 notify_fatal_error(pvar, tmp);
296 goto error;
297 }
298
299 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
300 // TODO:
301 #ifndef NO_I18N
302 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "AES128 decrypt error(2)", _TRUNCATE);
303 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar);
304 notify_fatal_error(pvar, pvar->ts->UIMsg);
305 #else
306 notify_fatal_error(pvar, "AES128 decrypt error(2)");
307 #endif
308
309 } else {
310 #if 0
311 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
312 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
313 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
314
315 {
316 static int no = 70;
317 debug_print(no, buf, bytes);
318 //debug_print(no, key, AES128_KEYLEN);
319 //debug_print(10*no, iv, AES128_IVLEN);
320 debug_print(30*no, newbuf, bytes);
321 no++;
322 }
323 #endif
324
325 memcpy(buf, newbuf, bytes);
326 }
327
328 error:;
329 free(newbuf);
330 }
331
332
333
334 // for SSH2(yutaka)
335 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
336 int bytes)
337 {
338 unsigned char key[24], iv[8];
339 unsigned char *newbuf = malloc(bytes);
340
341 if (newbuf == NULL)
342 return;
343
344 #if 1
345
346 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
347 // TODO: failure
348 } else {
349 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352
353 //debug_print(50, key, 24);
354 //debug_print(51, iv, 8);
355 //debug_print(52, buf, bytes);
356 //debug_print(53, newbuf, bytes);
357
358 memcpy(buf, newbuf, bytes);
359 }
360 free(newbuf);
361 #else
362
363 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
364 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
365 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
366
367 //debug_print(50, key, 24);
368 //debug_print(51, iv, 8);
369 //debug_print(52, buf, bytes);
370
371 #if 0
372 DES_ede3_cbc_encrypt(
373 buf, newbuf, bytes,
374 (DES_key_schedule *)&key[0],
375 (DES_key_schedule *)&key[8],
376 (DES_key_schedule *)&key[16],
377 (DES_cblock *)iv,
378 DES_ENCRYPT);
379 #else
380 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
381 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
382 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
383
384 #endif
385
386 //debug_print(53, newbuf, bytes);
387
388 memcpy(buf, newbuf, bytes);
389 free(newbuf);
390
391 #endif
392 }
393
394 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
395 int bytes)
396 {
397 unsigned char key[24], iv[8];
398 unsigned char *newbuf = malloc(bytes);
399
400 if (newbuf == NULL)
401 return;
402
403 #if 1
404 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
405 // TODO:
406
407 } else {
408 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
409 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
410 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
411
412 //debug_print(70, key, 24);
413 //debug_print(71, iv, 8);
414 //debug_print(72, buf, bytes);
415 //debug_print(73, newbuf, bytes);
416
417 memcpy(buf, newbuf, bytes);
418 }
419 free(newbuf);
420
421 #else
422 unsigned char *key, iv[8];
423 unsigned char *newbuf = malloc(bytes);
424 if (newbuf == NULL)
425 return;
426
427 key = pvar->ssh2_keys[MODE_IN].enc.key;
428 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
429 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
430
431 //debug_print(60, key, 24);
432 //debug_print(61, iv, 8);
433 //debug_print(62, buf, bytes);
434
435 DES_ede3_cbc_encrypt(
436 buf, newbuf, bytes,
437 (DES_key_schedule *)&key[0],
438 (DES_key_schedule *)&key[8],
439 (DES_key_schedule *)&key[16],
440 (DES_cblock *)iv,
441 DES_DECRYPT);
442
443 //debug_print(63, newbuf, bytes);
444
445 memcpy(buf, newbuf, bytes);
446
447 free(newbuf);
448 #endif
449 }
450
451
452 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
453 int bytes)
454 {
455 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
456
457 DES_ncbc_encrypt(buf, buf, bytes,
458 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
459 DES_ncbc_encrypt(buf, buf, bytes,
460 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
461 DES_ncbc_encrypt(buf, buf, bytes,
462 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
463 }
464
465 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
466 int bytes)
467 {
468 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
469
470 DES_ncbc_encrypt(buf, buf, bytes,
471 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
472 DES_ncbc_encrypt(buf, buf, bytes,
473 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
474 DES_ncbc_encrypt(buf, buf, bytes,
475 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
476 }
477
478 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
479 int bytes)
480 {
481 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
482
483 DES_ncbc_encrypt(buf, buf, bytes,
484 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
485 }
486
487 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
488 int bytes)
489 {
490 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
491
492 DES_ncbc_encrypt(buf, buf, bytes,
493 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
494 }
495
496 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
497 int bytes)
498 {
499 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
500 int num = 0;
501
502 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
503 encryptstate->ivec, &num, IDEA_ENCRYPT);
504 }
505
506 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
507 int bytes)
508 {
509 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
510 int num = 0;
511
512 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
513 decryptstate->ivec, &num, IDEA_DECRYPT);
514 }
515
516 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
517 {
518 uint32 FAR *buf = (uint32 FAR *) cbuf;
519 int count = bytes / 4;
520
521 while (count > 0) {
522 uint32 w = *buf;
523
524 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
525 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
526 count--;
527 buf++;
528 }
529 }
530
531 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
532 int bytes)
533 {
534 CipherBlowfishState FAR *encryptstate =
535 &pvar->crypt_state.enc.cBlowfish;
536
537 flip_endianness(buf, bytes);
538 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
539 BF_ENCRYPT);
540 flip_endianness(buf, bytes);
541 }
542
543 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
544 int bytes)
545 {
546 CipherBlowfishState FAR *decryptstate =
547 &pvar->crypt_state.dec.cBlowfish;
548
549 flip_endianness(buf, bytes);
550 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
551 BF_DECRYPT);
552 flip_endianness(buf, bytes);
553 }
554
555 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
556 int bytes)
557 {
558 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
559 int num = 0;
560
561 RC4(&encryptstate->k, bytes, buf, buf);
562 }
563
564 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
565 int bytes)
566 {
567 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
568 int num = 0;
569
570 RC4(&decryptstate->k, bytes, buf, buf);
571 }
572
573 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
574 int bytes)
575 {
576 RAND_bytes(buf, bytes);
577 }
578
579 void CRYPT_initialize_random_numbers(PTInstVar pvar)
580 {
581 RAND_screen();
582 }
583
584 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
585 {
586 int bits = get_ushort16_MSBfirst(bytes);
587
588 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
589 }
590
591 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
592 RSA FAR *make_key(PTInstVar pvar,
593 int bits, unsigned char FAR * exp,
594 unsigned char FAR * mod)
595 {
596 RSA FAR *key = RSA_new();
597
598 if (key != NULL) {
599 key->e = get_bignum(exp);
600 key->n = get_bignum(mod);
601 }
602
603 if (key == NULL || key->e == NULL || key->n == NULL) {
604 #ifndef NO_I18N
605 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "Error setting up RSA keys", _TRUNCATE);
606 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar);
607 notify_fatal_error(pvar, pvar->ts->UIMsg);
608 #else
609 notify_fatal_error(pvar, "Error setting up RSA keys");
610 #endif
611
612 if (key != NULL) {
613 if (key->e != NULL) {
614 BN_free(key->e);
615 }
616 if (key->n != NULL) {
617 BN_free(key->n);
618 }
619 RSA_free(key);
620 }
621
622 return NULL;
623 } else {
624 return key;
625 }
626 }
627
628 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
629 {
630 if (SSHv1(pvar)) {
631 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
632 } else {
633 memcpy(pvar->crypt_state.server_cookie, cookie,
634 SSH2_COOKIE_LENGTH);
635 }
636 }
637
638 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
639 {
640 if (SSHv2(pvar)) {
641 memcpy(pvar->crypt_state.client_cookie, cookie,
642 SSH2_COOKIE_LENGTH);
643 }
644 }
645
646 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
647 int bits, unsigned char FAR * exp,
648 unsigned char FAR * mod)
649 {
650 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
651
652 return pvar->crypt_state.server_key.RSA_key != NULL;
653 }
654
655 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
656 int bits, unsigned char FAR * exp,
657 unsigned char FAR * mod)
658 {
659 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
660
661 return pvar->crypt_state.host_key.RSA_key != NULL;
662 }
663
664 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
665 int receiver_ciphers)
666 {
667 int cipher_mask;
668
669 if (SSHv1(pvar)) {
670 cipher_mask = (1 << SSH_CIPHER_DES)
671 | (1 << SSH_CIPHER_3DES)
672 | (1 << SSH_CIPHER_BLOWFISH);
673
674 } else { // for SSH2(yutaka)
675 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
676 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
677
678 }
679
680 sender_ciphers &= cipher_mask;
681 receiver_ciphers &= cipher_mask;
682 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
683 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
684
685 if (sender_ciphers == 0) {
686 #ifndef NO_I18N
687 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
688 "The server does not support any of the TTSSH encryption algorithms.\n"
689 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
690 "The connection will be closed.",
691 _TRUNCATE);
692 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
693 notify_fatal_error(pvar, pvar->ts->UIMsg);
694
695 #else
696 notify_fatal_error(pvar,
697 "The server does not support any of the TTSSH encryption algorithms.\n"
698 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
699 "The connection will be closed.");
700 #endif
701 return FALSE;
702 } else if (receiver_ciphers == 0) {
703 #ifndef NO_I18N
704 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
705 "The server does not support any of the TTSSH encryption algorithms.\n"
706 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
707 "The connection will be closed.",
708 _TRUNCATE);
709 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar);
710 notify_fatal_error(pvar, pvar->ts->UIMsg);
711
712 #else
713 notify_fatal_error(pvar,
714 "The server does not support any of the TTSSH encryption algorithms.\n"
715 "A secure connection cannot be made in the server-to-TTSSH direction.\n"
716 "The connection will be closed.");
717 #endif
718 return FALSE;
719 } else {
720 return TRUE;
721 }
722 }
723
724 int CRYPT_get_decryption_block_size(PTInstVar pvar)
725 {
726 if (SSHv1(pvar)) {
727 return 8;
728 } else {
729 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
730 // cf. 3DES=8, AES128=16
731 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
732 }
733 }
734
735 int CRYPT_get_encryption_block_size(PTInstVar pvar)
736 {
737 if (SSHv1(pvar)) {
738 return 8;
739 } else {
740 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
741 // cf. 3DES=8, AES128=16
742 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
743 }
744 }
745
746 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
747 {
748 struct Mac *mac;
749
750 if (SSHv1(pvar)) {
751 return 0;
752
753 } else { // for SSH2(yutaka)
754 mac = &pvar->ssh2_keys[MODE_IN].mac;
755 if (mac == NULL || mac->enabled == 0)
756 return 0;
757
758 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
759 }
760
761 }
762
763 // HMAC������
764 // ���{������ SSH2 �������g�p�������B
765 // (2004.12.17 yutaka)
766 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
767 char FAR * data, int len, char FAR * MAC)
768 {
769 HMAC_CTX c;
770 unsigned char m[EVP_MAX_MD_SIZE];
771 unsigned char b[4];
772 struct Mac *mac;
773
774 mac = &pvar->ssh2_keys[MODE_IN].mac;
775
776 // HMAC�������L���������������A����OK�����������B
777 if (mac == NULL || mac->enabled == 0)
778 return TRUE;
779
780 if (mac->key == NULL)
781 goto error;
782
783 if ((u_int)mac->mac_len > sizeof(m))
784 goto error;
785
786 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
787 set_uint32_MSBfirst(b, sequence_number);
788 HMAC_Update(&c, b, sizeof(b));
789 HMAC_Update(&c, data, len);
790 HMAC_Final(&c, m, NULL);
791 HMAC_cleanup(&c);
792
793 if (memcmp(m, MAC, mac->mac_len)) {
794 goto error;
795 }
796
797 return TRUE;
798
799 error:
800 return FALSE;
801 }
802
803 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
804 {
805 struct Mac *mac;
806
807 if (SSHv2(pvar)) { // for SSH2(yutaka)
808 mac = &pvar->ssh2_keys[MODE_OUT].mac;
809 if (mac == NULL || mac->enabled == 0)
810 return 0;
811
812 return (mac->mac_len);
813 }
814
815 return 0;
816 }
817
818 // for SSH2
819 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
820 char FAR * data, int len, char FAR * MAC)
821 {
822 HMAC_CTX c;
823 static u_char m[EVP_MAX_MD_SIZE];
824 u_char b[4];
825 struct Mac *mac;
826
827 if (SSHv2(pvar)) { // for SSH2(yutaka)
828 mac = &pvar->ssh2_keys[MODE_OUT].mac;
829 if (mac == NULL || mac->enabled == 0)
830 return FALSE;
831
832 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
833 set_uint32_MSBfirst(b, sequence_number);
834 HMAC_Update(&c, b, sizeof(b));
835 HMAC_Update(&c, data, len);
836 HMAC_Final(&c, m, NULL);
837 HMAC_cleanup(&c);
838
839 // 20�o�C�g�������R�s�[
840 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
841 // memcpy(MAC, m, sizeof(m));
842
843 return TRUE;
844 }
845
846 return TRUE;
847
848 }
849
850 static int choose_cipher(PTInstVar pvar, int supported)
851 {
852 int i;
853
854 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
855 int cipher = pvar->session_settings.CipherOrder[i] - '0';
856
857 if (cipher == SSH_CIPHER_NONE) {
858 break;
859 } else if ((supported & (1 << cipher)) != 0) {
860 return cipher;
861 }
862 }
863
864 return SSH_CIPHER_NONE;
865 }
866
867 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
868 {
869 if (SSHv1(pvar)) {
870 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
871 pvar->crypt_state.
872 supported_sender_ciphers);
873 pvar->crypt_state.receiver_cipher =
874 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
875
876 } else { // SSH2(yutaka)
877 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
878 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
879
880 }
881
882 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
883 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
884 #ifndef NO_I18N
885 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
886 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
887 "To communicate with this server, you will have to enable some more ciphers\n"
888 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
889 "This connection will now close.",
890 _TRUNCATE);
891 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar);
892 notify_fatal_error(pvar, pvar->ts->UIMsg);
893 #else
894 notify_fatal_error(pvar,
895 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
896 "To communicate with this server, you will have to enable some more ciphers\n"
897 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
898 "This connection will now close.");
899 #endif
900 return FALSE;
901 } else {
902 return TRUE;
903 }
904 }
905
906 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
907 {
908 int server_key_bits =
909 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
910 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
911 int server_key_bytes = (server_key_bits + 7) / 8;
912 int host_key_bytes = (host_key_bits + 7) / 8;
913
914 if (server_key_bits < host_key_bits) {
915 return host_key_bytes;
916 } else {
917 return server_key_bytes;
918 }
919 }
920
921 int CRYPT_choose_session_key(PTInstVar pvar,
922 unsigned char FAR * encrypted_key_buf)
923 {
924 int server_key_bits =
925 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
926 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
927 int server_key_bytes = (server_key_bits + 7) / 8;
928 int host_key_bytes = (host_key_bits + 7) / 8;
929 int encrypted_key_bytes;
930 int bit_delta;
931
932 if (server_key_bits < host_key_bits) {
933 encrypted_key_bytes = host_key_bytes;
934 bit_delta = host_key_bits - server_key_bits;
935 } else {
936 encrypted_key_bytes = server_key_bytes;
937 bit_delta = server_key_bits - host_key_bits;
938 }
939
940 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
941 #ifndef NO_I18N
942 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg),
943 "Server RSA keys are too weak. A secure connection cannot be established.",
944 _TRUNCATE);
945 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar);
946 notify_fatal_error(pvar, pvar->ts->UIMsg);
947 #else
948 notify_fatal_error(pvar,
949 "Server RSA keys are too weak. A secure connection cannot be established.");
950 #endif
951 return 0;
952 } else {
953 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
954 for the session ID, rather than the one specified in the RFC */
955 int session_buf_len = server_key_bytes + host_key_bytes + 8;
956 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
957 char session_id[16];
958 int i;
959
960 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
961 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
962 session_buf + host_key_bytes);
963 memcpy(session_buf + server_key_bytes + host_key_bytes,
964 pvar->crypt_state.server_cookie, 8);
965 MD5(session_buf, session_buf_len, session_id);
966
967 free(session_buf);
968
969 RAND_bytes(pvar->crypt_state.sender_cipher_key,
970 SSH_SESSION_KEY_LENGTH);
971 memcpy(pvar->crypt_state.receiver_cipher_key,
972 pvar->crypt_state.sender_cipher_key,
973 SSH_SESSION_KEY_LENGTH);
974
975 memcpy(encrypted_key_buf + encrypted_key_bytes -
976 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
977 SSH_SESSION_KEY_LENGTH);
978 for (i = 0; i < sizeof(session_id); i++) {
979 encrypted_key_buf[encrypted_key_bytes -
980 SSH_SESSION_KEY_LENGTH + i]
981 ^= session_id[i];
982 }
983
984 if (host_key_bits > server_key_bits) {
985 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
986 encrypted_key_buf +
987 encrypted_key_bytes -
988 SSH_SESSION_KEY_LENGTH,
989 encrypted_key_buf +
990 encrypted_key_bytes - server_key_bytes,
991 pvar->crypt_state.server_key.RSA_key,
992 RSA_PKCS1_PADDING) < 0)
993 return 0;
994
995 if (RSA_public_encrypt(server_key_bytes,
996 encrypted_key_buf +
997 encrypted_key_bytes - server_key_bytes,
998 encrypted_key_buf,
999 pvar->crypt_state.host_key.RSA_key,
1000 RSA_PKCS1_PADDING) < 0)
1001 return 0;
1002 } else {
1003 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1004 encrypted_key_buf +
1005 encrypted_key_bytes -
1006 SSH_SESSION_KEY_LENGTH,
1007 encrypted_key_buf +
1008 encrypted_key_bytes - host_key_bytes,
1009 pvar->crypt_state.host_key.RSA_key,
1010 RSA_PKCS1_PADDING) < 0)
1011 return 0;
1012
1013 if (RSA_public_encrypt(host_key_bytes,
1014 encrypted_key_buf +
1015 encrypted_key_bytes - host_key_bytes,
1016 encrypted_key_buf,
1017 pvar->crypt_state.server_key.RSA_key,
1018 RSA_PKCS1_PADDING) < 0)
1019 return 0;
1020 }
1021 }
1022
1023 return 1;
1024 }
1025
1026 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1027 unsigned char FAR * challenge,
1028 int challenge_len,
1029 unsigned char FAR * response)
1030 {
1031 int server_key_bits =
1032 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1033 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1034 int server_key_bytes = (server_key_bits + 7) / 8;
1035 int host_key_bytes = (host_key_bits + 7) / 8;
1036 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1037 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1038 char decrypted_challenge[48];
1039 int decrypted_challenge_len;
1040
1041 decrypted_challenge_len =
1042 RSA_private_decrypt(challenge_len, challenge, challenge,
1043 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1044 RSA_PKCS1_PADDING);
1045 if (decrypted_challenge_len < 0) {
1046 free(session_buf);
1047 return 0;
1048 }
1049 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1050 memcpy(decrypted_challenge,
1051 challenge + decrypted_challenge_len -
1052 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1053 } else {
1054 memset(decrypted_challenge, 0,
1055 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1056 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1057 decrypted_challenge_len, challenge,
1058 decrypted_challenge_len);
1059 }
1060
1061 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1062 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1063 session_buf + host_key_bytes);
1064 memcpy(session_buf + server_key_bytes + host_key_bytes,
1065 pvar->crypt_state.server_cookie, 8);
1066 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1067
1068 free(session_buf);
1069
1070 MD5(decrypted_challenge, 48, response);
1071
1072 return 1;
1073 }
1074
1075 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1076 {
1077 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1078 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1079 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1080 memset(state->ivec1, 0, 8);
1081 memset(state->ivec2, 0, 8);
1082 memset(state->ivec3, 0, 8);
1083 }
1084
1085 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1086 {
1087 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1088 memset(state->ivec, 0, 8);
1089 }
1090
1091 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1092 {
1093 idea_set_encrypt_key(session_key, &state->k);
1094 memset(state->ivec, 0, 8);
1095 }
1096
1097 static void cBlowfish_init(char FAR * session_key,
1098 CipherBlowfishState FAR * state)
1099 {
1100 BF_set_key(&state->k, 32, session_key);
1101 memset(state->ivec, 0, 8);
1102 }
1103
1104
1105 //
1106 // SSH2�p�A���S���Y����������
1107 //
1108 // for SSH2(yutaka)
1109 //
1110 void cipher_init_SSH2(
1111 EVP_CIPHER_CTX *evp,
1112 const u_char *key, u_int keylen,
1113 const u_char *iv, u_int ivlen,
1114 int encrypt,
1115 const EVP_CIPHER *(*func)(void)
1116 )
1117 {
1118 EVP_CIPHER *type;
1119 int klen;
1120
1121 type = (EVP_CIPHER *)func();
1122
1123 EVP_CIPHER_CTX_init(evp);
1124 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1125 // TODO:
1126 }
1127
1128 klen = EVP_CIPHER_CTX_key_length(evp);
1129 if (klen > 0 && keylen != klen) {
1130 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1131 // TODO:
1132 }
1133 }
1134 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1135 // TODO:
1136 }
1137 }
1138
1139
1140 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1141 {
1142 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1143 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1144 BOOL isOK = TRUE;
1145
1146 if (sender_flag) {
1147 switch (pvar->crypt_state.sender_cipher) {
1148 // for SSH2(yutaka)
1149 case SSH_CIPHER_3DES_CBC:
1150 {
1151 struct Enc *enc;
1152
1153 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1154 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1155 enc->key, 24, enc->iv, 8,
1156 CIPHER_ENCRYPT,
1157 EVP_des_ede3_cbc);
1158
1159 //debug_print(10, enc->key, 24);
1160 //debug_print(11, enc->iv, 24);
1161
1162 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1163 break;
1164 }
1165
1166 // for SSH2(yutaka)
1167 case SSH_CIPHER_AES128:
1168 {
1169 struct Enc *enc;
1170
1171 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1172 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1173 enc->key, 16, enc->iv, 16,
1174 CIPHER_ENCRYPT,
1175 EVP_aes_128_cbc);
1176
1177 //debug_print(10, enc->key, 24);
1178 //debug_print(11, enc->iv, 24);
1179
1180 pvar->crypt_state.encrypt = cAES128_encrypt;
1181 break;
1182 }
1183
1184 case SSH_CIPHER_3DES:{
1185 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1186 pvar->crypt_state.encrypt = c3DES_encrypt;
1187 break;
1188 }
1189 case SSH_CIPHER_IDEA:{
1190 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1191 pvar->crypt_state.encrypt = cIDEA_encrypt;
1192 break;
1193 }
1194 case SSH_CIPHER_DES:{
1195 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1196 pvar->crypt_state.encrypt = cDES_encrypt;
1197 break;
1198 }
1199 case SSH_CIPHER_RC4:{
1200 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1201 encryption_key + 16);
1202 pvar->crypt_state.encrypt = cRC4_encrypt;
1203 break;
1204 }
1205 case SSH_CIPHER_BLOWFISH:{
1206 cBlowfish_init(encryption_key,
1207 &pvar->crypt_state.enc.cBlowfish);
1208 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1209 break;
1210 }
1211 default:
1212 isOK = FALSE;
1213 }
1214 }
1215
1216
1217 if (receiver_flag) {
1218 switch (pvar->crypt_state.receiver_cipher) {
1219 // for SSH2(yutaka)
1220 case SSH_CIPHER_3DES_CBC:
1221 {
1222 struct Enc *enc;
1223
1224 enc = &pvar->ssh2_keys[MODE_IN].enc;
1225 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1226 enc->key, 24, enc->iv, 8,
1227 CIPHER_DECRYPT,
1228 EVP_des_ede3_cbc);
1229
1230 //debug_print(12, enc->key, 24);
1231 //debug_print(13, enc->iv, 24);
1232
1233 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1234 break;
1235 }
1236
1237 // for SSH2(yutaka)
1238 case SSH_CIPHER_AES128:
1239 {
1240 struct Enc *enc;
1241
1242 enc = &pvar->ssh2_keys[MODE_IN].enc;
1243 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1244 enc->key, 16, enc->iv, 16,
1245 CIPHER_DECRYPT,
1246 EVP_aes_128_cbc);
1247
1248 //debug_print(12, enc->key, 24);
1249 //debug_print(13, enc->iv, 24);
1250
1251 pvar->crypt_state.decrypt = cAES128_decrypt;
1252 break;
1253 }
1254
1255 case SSH_CIPHER_3DES:{
1256 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1257 pvar->crypt_state.decrypt = c3DES_decrypt;
1258 break;
1259 }
1260 case SSH_CIPHER_IDEA:{
1261 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1262 pvar->crypt_state.decrypt = cIDEA_decrypt;
1263 break;
1264 }
1265 case SSH_CIPHER_DES:{
1266 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1267 pvar->crypt_state.decrypt = cDES_decrypt;
1268 break;
1269 }
1270 case SSH_CIPHER_RC4:{
1271 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1272 pvar->crypt_state.decrypt = cRC4_decrypt;
1273 break;
1274 }
1275 case SSH_CIPHER_BLOWFISH:{
1276 cBlowfish_init(decryption_key,
1277 &pvar->crypt_state.dec.cBlowfish);
1278 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1279 break;
1280 }
1281 default:
1282 isOK = FALSE;
1283 }
1284 }
1285
1286
1287 if (!isOK) {
1288 #ifndef NO_I18N
1289 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "No cipher selected!", _TRUNCATE);
1290 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar);
1291 notify_fatal_error(pvar, pvar->ts->UIMsg);
1292 #else
1293 notify_fatal_error(pvar, "No cipher selected!"); /* should never get here! */
1294 #endif
1295 return FALSE;
1296 } else {
1297 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1298 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1299 return TRUE;
1300 }
1301 }
1302
1303 void CRYPT_init(PTInstVar pvar)
1304 {
1305 pvar->crypt_state.encrypt = no_encrypt;
1306 pvar->crypt_state.decrypt = no_encrypt;
1307 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1308 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1309 pvar->crypt_state.server_key.RSA_key = NULL;
1310 pvar->crypt_state.host_key.RSA_key = NULL;
1311
1312 pvar->crypt_state.detect_attack_statics.h = NULL;
1313 pvar->crypt_state.detect_attack_statics.n =
1314 HASH_MINSIZE / HASH_ENTRYSIZE;
1315 }
1316
1317 static char FAR *get_cipher_name(int cipher)
1318 {
1319 switch (cipher) {
1320 case SSH_CIPHER_NONE:
1321 return "None";
1322 case SSH_CIPHER_3DES:
1323 return "3DES (168 key bits)";
1324 case SSH_CIPHER_DES:
1325 return "DES (56 key bits)";
1326 case SSH_CIPHER_IDEA:
1327 return "IDEA (128 key bits)";
1328 case SSH_CIPHER_RC4:
1329 return "RC4 (128 key bits)";
1330 case SSH_CIPHER_BLOWFISH:
1331 return "Blowfish (256 key bits)";
1332
1333 // SSH2
1334 case SSH_CIPHER_3DES_CBC:
1335 return "3DES-CBC";
1336 case SSH_CIPHER_AES128:
1337 return "AES128";
1338
1339 default:
1340 return "Unknown";
1341 }
1342 }
1343
1344 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1345 {
1346 #ifndef NO_I18N
1347 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "%s to server, %s from server", _TRUNCATE);
1348 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar);
1349 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1350 get_cipher_name(pvar->crypt_state.sender_cipher),
1351 get_cipher_name(pvar->crypt_state.receiver_cipher));
1352 #else
1353 _snprintf(dest, len, "%s to server, %s from server",
1354 get_cipher_name(pvar->crypt_state.sender_cipher),
1355 get_cipher_name(pvar->crypt_state.receiver_cipher));
1356 #endif
1357 dest[len - 1] = 0;
1358 }
1359
1360 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1361 {
1362 if (SSHv1(pvar)) {
1363 if (pvar->crypt_state.server_key.RSA_key == NULL
1364 || pvar->crypt_state.host_key.RSA_key == NULL) {
1365 #ifndef NO_I18N
1366 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "None", _TRUNCATE);
1367 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar);
1368 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1369 #else
1370 strncpy(dest, "None", len);
1371 #endif
1372 } else {
1373 #ifndef NO_I18N
1374 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "%d-bit server key, %d-bit host key", _TRUNCATE);
1375 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1376 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1377 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1378 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1379 #else
1380 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1381 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1382 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1383 #endif
1384 }
1385
1386 } else { // SSH2
1387 #ifndef NO_I18N
1388 strncpy_s(pvar->ts->UIMsg, sizeof(pvar->ts->UIMsg), "%d-bit server key, %d-bit host key", _TRUNCATE);
1389 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar);
1390 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1391 pvar->server_key_bits,
1392 pvar->client_key_bits);
1393 #else
1394 _snprintf(dest, len, "%d-bit server key, %d-bit host key",
1395 pvar->server_key_bits,
1396 pvar->client_key_bits);
1397 #endif
1398
1399 }
1400
1401 dest[len - 1] = 0;
1402 }
1403
1404 static void destroy_public_key(CRYPTPublicKey FAR * key)
1405 {
1406 if (key->RSA_key != NULL) {
1407 RSA_free(key->RSA_key);
1408 key->RSA_key = NULL;
1409 }
1410 }
1411
1412 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1413 {
1414 destroy_public_key(key);
1415 free(key);
1416 }
1417
1418 void CRYPT_end(PTInstVar pvar)
1419 {
1420 destroy_public_key(&pvar->crypt_state.host_key);
1421 destroy_public_key(&pvar->crypt_state.server_key);
1422
1423 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1424 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1425 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1426 free(pvar->crypt_state.detect_attack_statics.h);
1427 }
1428
1429 memset(pvar->crypt_state.sender_cipher_key, 0,
1430 sizeof(pvar->crypt_state.sender_cipher_key));
1431 memset(pvar->crypt_state.receiver_cipher_key, 0,
1432 sizeof(pvar->crypt_state.receiver_cipher_key));
1433 memset(pvar->crypt_state.server_cookie, 0,
1434 sizeof(pvar->crypt_state.server_cookie));
1435 memset(pvar->crypt_state.client_cookie, 0,
1436 sizeof(pvar->crypt_state.client_cookie));
1437 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1438 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1439 }
1440
1441 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1442 char FAR * buf, int bytes)
1443 {
1444 unsigned char passphrase_key[16];
1445
1446 MD5(passphrase, strlen(passphrase), passphrase_key);
1447
1448 switch (cipher) {
1449 case SSH_CIPHER_3DES:{
1450 Cipher3DESState state;
1451
1452 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1453 &state.k1);
1454 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1455 &state.k2);
1456 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1457 &state.k3);
1458 memset(state.ivec1, 0, 8);
1459 memset(state.ivec2, 0, 8);
1460 memset(state.ivec3, 0, 8);
1461 DES_ncbc_encrypt(buf, buf, bytes,
1462 &state.k3, &state.ivec3, DES_DECRYPT);
1463 DES_ncbc_encrypt(buf, buf, bytes,
1464 &state.k2, &state.ivec2, DES_ENCRYPT);
1465 DES_ncbc_encrypt(buf, buf, bytes,
1466 &state.k1, &state.ivec1, DES_DECRYPT);
1467 break;
1468 }
1469
1470 case SSH_CIPHER_IDEA:{
1471 CipherIDEAState state;
1472 int num = 0;
1473
1474 cIDEA_init(passphrase_key, &state);
1475 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1476 &num, IDEA_DECRYPT);
1477 break;
1478 }
1479
1480 case SSH_CIPHER_DES:{
1481 CipherDESState state;
1482
1483 cDES_init(passphrase_key, &state);
1484 DES_ncbc_encrypt(buf, buf, bytes,
1485 &state.k, &state.ivec, DES_DECRYPT);
1486 break;
1487 }
1488
1489 case SSH_CIPHER_RC4:{
1490 CipherRC4State state;
1491 int num = 0;
1492
1493 RC4_set_key(&state.k, 16, passphrase_key);
1494 RC4(&state.k, bytes, buf, buf);
1495 break;
1496 }
1497
1498 case SSH_CIPHER_BLOWFISH:{
1499 CipherBlowfishState state;
1500
1501 BF_set_key(&state.k, 16, passphrase_key);
1502 memset(state.ivec, 0, 8);
1503 flip_endianness(buf, bytes);
1504 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1505 BF_DECRYPT);
1506 flip_endianness(buf, bytes);
1507 break;
1508 }
1509
1510 case SSH_CIPHER_NONE:
1511 break;
1512
1513 default:
1514 memset(passphrase_key, 0, sizeof(passphrase_key));
1515 return 0;
1516 }
1517
1518 memset(passphrase_key, 0, sizeof(passphrase_key));
1519 return 1;
1520 }
1521
1522 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1523 {
1524 if (key_pair->RSA_key != NULL)
1525 RSA_free(key_pair->RSA_key);
1526
1527 if (key_pair->DSA_key != NULL)
1528 DSA_free(key_pair->DSA_key);
1529
1530 free(key_pair);
1531 }
1532
1533 /*
1534 * $Log: not supported by cvs2svn $
1535 * Revision 1.8 2007/06/06 14:10:12 maya
1536 * �v���v���Z�b�T�������\�������������������������AINET6 �� I18N �� #define ���t�]�������B
1537 *
1538 * Revision 1.7 2007/01/22 13:45:19 maya
1539 * �\�����b�Z�[�W��������������
1540 *
1541 * Revision 1.6 2006/11/23 02:19:30 maya
1542 * �\�����b�Z�[�W�������t�@�C�����������������R�[�h���������J�n�����B
1543 *
1544 * Revision 1.5 2006/03/26 17:07:17 yutakakn
1545 * fingerprint�\��������
1546 *
1547 * Revision 1.4 2005/07/09 05:16:06 yutakakn
1548 * OpenSSL 0.9.8���r���h�����������������B
1549 *
1550 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1551 * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1552 *
1553 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help