Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2994 - (show annotations) (download) (as text)
Mon Aug 13 22:30:03 2007 UTC (16 years, 8 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 38454 byte(s) 
国際化関数を修正した。
NO_I18N マクロを削除した。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.10 2007-08-13 22:30:03 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218 int bytes)
219 {
220 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221 unsigned char *newbuf = malloc(bytes);
222 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223
224 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225 if (bytes == 0)
226 return;
227
228 if (newbuf == NULL)
229 return;
230
231 if (bytes % block_size) {
232 char tmp[80];
233 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
234 "AES128 encrypt error(1): bytes %d (%d)");
235 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
236 pvar->ts->UIMsg, bytes, block_size);
237 notify_fatal_error(pvar, tmp);
238 goto error;
239 }
240
241 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
242 // TODO: failure
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128 encrypt error(1): bytes %d (%d)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246
247 } else {
248 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
249 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
250 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
251
252 //debug_print(50, key, 24);
253 //debug_print(51, iv, 8);
254 //debug_print(52, buf, bytes);
255 //debug_print(53, newbuf, bytes);
256
257 memcpy(buf, newbuf, bytes);
258 }
259
260 error:
261 free(newbuf);
262 }
263
264 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
265 int bytes)
266 {
267 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
268 unsigned char *newbuf = malloc(bytes);
269 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
270
271 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
272 if (bytes == 0)
273 return;
274
275 if (newbuf == NULL)
276 return;
277
278 if (bytes % block_size) {
279 char tmp[80];
280 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
281 "AES128 decrypt error(1): bytes %d (%d)");
282 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
283 notify_fatal_error(pvar, tmp);
284 goto error;
285 }
286
287 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
288 // TODO:
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292
293 } else {
294 #if 0
295 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
296 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
297 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
298
299 {
300 static int no = 70;
301 debug_print(no, buf, bytes);
302 //debug_print(no, key, AES128_KEYLEN);
303 //debug_print(10*no, iv, AES128_IVLEN);
304 debug_print(30*no, newbuf, bytes);
305 no++;
306 }
307 #endif
308
309 memcpy(buf, newbuf, bytes);
310 }
311
312 error:;
313 free(newbuf);
314 }
315
316
317
318 // for SSH2(yutaka)
319 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
320 int bytes)
321 {
322 unsigned char key[24], iv[8];
323 unsigned char *newbuf = malloc(bytes);
324
325 if (newbuf == NULL)
326 return;
327
328 #if 1
329
330 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
331 // TODO: failure
332 } else {
333 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
334 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
335 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
336
337 //debug_print(50, key, 24);
338 //debug_print(51, iv, 8);
339 //debug_print(52, buf, bytes);
340 //debug_print(53, newbuf, bytes);
341
342 memcpy(buf, newbuf, bytes);
343 }
344 free(newbuf);
345 #else
346
347 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
348 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
349 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
350
351 //debug_print(50, key, 24);
352 //debug_print(51, iv, 8);
353 //debug_print(52, buf, bytes);
354
355 #if 0
356 DES_ede3_cbc_encrypt(
357 buf, newbuf, bytes,
358 (DES_key_schedule *)&key[0],
359 (DES_key_schedule *)&key[8],
360 (DES_key_schedule *)&key[16],
361 (DES_cblock *)iv,
362 DES_ENCRYPT);
363 #else
364 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
365 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
366 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
367
368 #endif
369
370 //debug_print(53, newbuf, bytes);
371
372 memcpy(buf, newbuf, bytes);
373 free(newbuf);
374
375 #endif
376 }
377
378 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
379 int bytes)
380 {
381 unsigned char key[24], iv[8];
382 unsigned char *newbuf = malloc(bytes);
383
384 if (newbuf == NULL)
385 return;
386
387 #if 1
388 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 // TODO:
390
391 } else {
392 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403 free(newbuf);
404
405 #else
406 unsigned char *key, iv[8];
407 unsigned char *newbuf = malloc(bytes);
408 if (newbuf == NULL)
409 return;
410
411 key = pvar->ssh2_keys[MODE_IN].enc.key;
412 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
413 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
414
415 //debug_print(60, key, 24);
416 //debug_print(61, iv, 8);
417 //debug_print(62, buf, bytes);
418
419 DES_ede3_cbc_encrypt(
420 buf, newbuf, bytes,
421 (DES_key_schedule *)&key[0],
422 (DES_key_schedule *)&key[8],
423 (DES_key_schedule *)&key[16],
424 (DES_cblock *)iv,
425 DES_DECRYPT);
426
427 //debug_print(63, newbuf, bytes);
428
429 memcpy(buf, newbuf, bytes);
430
431 free(newbuf);
432 #endif
433 }
434
435
436 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
437 int bytes)
438 {
439 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
440
441 DES_ncbc_encrypt(buf, buf, bytes,
442 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
443 DES_ncbc_encrypt(buf, buf, bytes,
444 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
447 }
448
449 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
450 int bytes)
451 {
452 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
453
454 DES_ncbc_encrypt(buf, buf, bytes,
455 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
456 DES_ncbc_encrypt(buf, buf, bytes,
457 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
458 DES_ncbc_encrypt(buf, buf, bytes,
459 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
460 }
461
462 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
463 int bytes)
464 {
465 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
466
467 DES_ncbc_encrypt(buf, buf, bytes,
468 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
469 }
470
471 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
472 int bytes)
473 {
474 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
475
476 DES_ncbc_encrypt(buf, buf, bytes,
477 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
478 }
479
480 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
481 int bytes)
482 {
483 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
484 int num = 0;
485
486 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
487 encryptstate->ivec, &num, IDEA_ENCRYPT);
488 }
489
490 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
491 int bytes)
492 {
493 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
494 int num = 0;
495
496 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
497 decryptstate->ivec, &num, IDEA_DECRYPT);
498 }
499
500 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
501 {
502 uint32 FAR *buf = (uint32 FAR *) cbuf;
503 int count = bytes / 4;
504
505 while (count > 0) {
506 uint32 w = *buf;
507
508 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
509 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
510 count--;
511 buf++;
512 }
513 }
514
515 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
516 int bytes)
517 {
518 CipherBlowfishState FAR *encryptstate =
519 &pvar->crypt_state.enc.cBlowfish;
520
521 flip_endianness(buf, bytes);
522 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
523 BF_ENCRYPT);
524 flip_endianness(buf, bytes);
525 }
526
527 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
528 int bytes)
529 {
530 CipherBlowfishState FAR *decryptstate =
531 &pvar->crypt_state.dec.cBlowfish;
532
533 flip_endianness(buf, bytes);
534 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
535 BF_DECRYPT);
536 flip_endianness(buf, bytes);
537 }
538
539 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
540 int bytes)
541 {
542 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
543 int num = 0;
544
545 RC4(&encryptstate->k, bytes, buf, buf);
546 }
547
548 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
549 int bytes)
550 {
551 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
552 int num = 0;
553
554 RC4(&decryptstate->k, bytes, buf, buf);
555 }
556
557 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
558 int bytes)
559 {
560 RAND_bytes(buf, bytes);
561 }
562
563 void CRYPT_initialize_random_numbers(PTInstVar pvar)
564 {
565 RAND_screen();
566 }
567
568 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
569 {
570 int bits = get_ushort16_MSBfirst(bytes);
571
572 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
573 }
574
575 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
576 RSA FAR *make_key(PTInstVar pvar,
577 int bits, unsigned char FAR * exp,
578 unsigned char FAR * mod)
579 {
580 RSA FAR *key = RSA_new();
581
582 if (key != NULL) {
583 key->e = get_bignum(exp);
584 key->n = get_bignum(mod);
585 }
586
587 if (key == NULL || key->e == NULL || key->n == NULL) {
588 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
589 "Error setting up RSA keys");
590 notify_fatal_error(pvar, pvar->ts->UIMsg);
591
592 if (key != NULL) {
593 if (key->e != NULL) {
594 BN_free(key->e);
595 }
596 if (key->n != NULL) {
597 BN_free(key->n);
598 }
599 RSA_free(key);
600 }
601
602 return NULL;
603 } else {
604 return key;
605 }
606 }
607
608 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
609 {
610 if (SSHv1(pvar)) {
611 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
612 } else {
613 memcpy(pvar->crypt_state.server_cookie, cookie,
614 SSH2_COOKIE_LENGTH);
615 }
616 }
617
618 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
619 {
620 if (SSHv2(pvar)) {
621 memcpy(pvar->crypt_state.client_cookie, cookie,
622 SSH2_COOKIE_LENGTH);
623 }
624 }
625
626 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
627 int bits, unsigned char FAR * exp,
628 unsigned char FAR * mod)
629 {
630 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
631
632 return pvar->crypt_state.server_key.RSA_key != NULL;
633 }
634
635 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
636 int bits, unsigned char FAR * exp,
637 unsigned char FAR * mod)
638 {
639 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
640
641 return pvar->crypt_state.host_key.RSA_key != NULL;
642 }
643
644 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
645 int receiver_ciphers)
646 {
647 int cipher_mask;
648
649 if (SSHv1(pvar)) {
650 cipher_mask = (1 << SSH_CIPHER_DES)
651 | (1 << SSH_CIPHER_3DES)
652 | (1 << SSH_CIPHER_BLOWFISH);
653
654 } else { // for SSH2(yutaka)
655 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
656 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
657
658 }
659
660 sender_ciphers &= cipher_mask;
661 receiver_ciphers &= cipher_mask;
662 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
663 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
664
665 if (sender_ciphers == 0) {
666 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
667 "The server does not support any of the TTSSH encryption algorithms.\n"
668 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
669 "The connection will be closed.");
670 notify_fatal_error(pvar, pvar->ts->UIMsg);
671 return FALSE;
672 } else if (receiver_ciphers == 0) {
673 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
674 "The server does not support any of the TTSSH encryption algorithms.\n"
675 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
676 "The connection will be closed.");
677 notify_fatal_error(pvar, pvar->ts->UIMsg);
678 return FALSE;
679 } else {
680 return TRUE;
681 }
682 }
683
684 int CRYPT_get_decryption_block_size(PTInstVar pvar)
685 {
686 if (SSHv1(pvar)) {
687 return 8;
688 } else {
689 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
690 // cf. 3DES=8, AES128=16
691 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
692 }
693 }
694
695 int CRYPT_get_encryption_block_size(PTInstVar pvar)
696 {
697 if (SSHv1(pvar)) {
698 return 8;
699 } else {
700 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
701 // cf. 3DES=8, AES128=16
702 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
703 }
704 }
705
706 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
707 {
708 struct Mac *mac;
709
710 if (SSHv1(pvar)) {
711 return 0;
712
713 } else { // for SSH2(yutaka)
714 mac = &pvar->ssh2_keys[MODE_IN].mac;
715 if (mac == NULL || mac->enabled == 0)
716 return 0;
717
718 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
719 }
720
721 }
722
723 // HMAC������
724 // ���{������ SSH2 �������g�p�������B
725 // (2004.12.17 yutaka)
726 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
727 char FAR * data, int len, char FAR * MAC)
728 {
729 HMAC_CTX c;
730 unsigned char m[EVP_MAX_MD_SIZE];
731 unsigned char b[4];
732 struct Mac *mac;
733
734 mac = &pvar->ssh2_keys[MODE_IN].mac;
735
736 // HMAC�������L���������������A����OK�����������B
737 if (mac == NULL || mac->enabled == 0)
738 return TRUE;
739
740 if (mac->key == NULL)
741 goto error;
742
743 if ((u_int)mac->mac_len > sizeof(m))
744 goto error;
745
746 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
747 set_uint32_MSBfirst(b, sequence_number);
748 HMAC_Update(&c, b, sizeof(b));
749 HMAC_Update(&c, data, len);
750 HMAC_Final(&c, m, NULL);
751 HMAC_cleanup(&c);
752
753 if (memcmp(m, MAC, mac->mac_len)) {
754 goto error;
755 }
756
757 return TRUE;
758
759 error:
760 return FALSE;
761 }
762
763 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
764 {
765 struct Mac *mac;
766
767 if (SSHv2(pvar)) { // for SSH2(yutaka)
768 mac = &pvar->ssh2_keys[MODE_OUT].mac;
769 if (mac == NULL || mac->enabled == 0)
770 return 0;
771
772 return (mac->mac_len);
773 }
774
775 return 0;
776 }
777
778 // for SSH2
779 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
780 char FAR * data, int len, char FAR * MAC)
781 {
782 HMAC_CTX c;
783 static u_char m[EVP_MAX_MD_SIZE];
784 u_char b[4];
785 struct Mac *mac;
786
787 if (SSHv2(pvar)) { // for SSH2(yutaka)
788 mac = &pvar->ssh2_keys[MODE_OUT].mac;
789 if (mac == NULL || mac->enabled == 0)
790 return FALSE;
791
792 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
793 set_uint32_MSBfirst(b, sequence_number);
794 HMAC_Update(&c, b, sizeof(b));
795 HMAC_Update(&c, data, len);
796 HMAC_Final(&c, m, NULL);
797 HMAC_cleanup(&c);
798
799 // 20�o�C�g�������R�s�[
800 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
801 // memcpy(MAC, m, sizeof(m));
802
803 return TRUE;
804 }
805
806 return TRUE;
807
808 }
809
810 static int choose_cipher(PTInstVar pvar, int supported)
811 {
812 int i;
813
814 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
815 int cipher = pvar->session_settings.CipherOrder[i] - '0';
816
817 if (cipher == SSH_CIPHER_NONE) {
818 break;
819 } else if ((supported & (1 << cipher)) != 0) {
820 return cipher;
821 }
822 }
823
824 return SSH_CIPHER_NONE;
825 }
826
827 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
828 {
829 if (SSHv1(pvar)) {
830 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
831 pvar->crypt_state.
832 supported_sender_ciphers);
833 pvar->crypt_state.receiver_cipher =
834 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
835
836 } else { // SSH2(yutaka)
837 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
838 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
839
840 }
841
842 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
843 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
844 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
845 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
846 "To communicate with this server, you will have to enable some more ciphers\n"
847 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
848 "This connection will now close.");
849 notify_fatal_error(pvar, pvar->ts->UIMsg);
850 return FALSE;
851 } else {
852 return TRUE;
853 }
854 }
855
856 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
857 {
858 int server_key_bits =
859 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
860 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
861 int server_key_bytes = (server_key_bits + 7) / 8;
862 int host_key_bytes = (host_key_bits + 7) / 8;
863
864 if (server_key_bits < host_key_bits) {
865 return host_key_bytes;
866 } else {
867 return server_key_bytes;
868 }
869 }
870
871 int CRYPT_choose_session_key(PTInstVar pvar,
872 unsigned char FAR * encrypted_key_buf)
873 {
874 int server_key_bits =
875 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
876 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
877 int server_key_bytes = (server_key_bits + 7) / 8;
878 int host_key_bytes = (host_key_bits + 7) / 8;
879 int encrypted_key_bytes;
880 int bit_delta;
881
882 if (server_key_bits < host_key_bits) {
883 encrypted_key_bytes = host_key_bytes;
884 bit_delta = host_key_bits - server_key_bits;
885 } else {
886 encrypted_key_bytes = server_key_bytes;
887 bit_delta = server_key_bits - host_key_bits;
888 }
889
890 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
891 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
892 "Server RSA keys are too weak. A secure connection cannot be established.");
893 notify_fatal_error(pvar, pvar->ts->UIMsg);
894 return 0;
895 } else {
896 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
897 for the session ID, rather than the one specified in the RFC */
898 int session_buf_len = server_key_bytes + host_key_bytes + 8;
899 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
900 char session_id[16];
901 int i;
902
903 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
904 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
905 session_buf + host_key_bytes);
906 memcpy(session_buf + server_key_bytes + host_key_bytes,
907 pvar->crypt_state.server_cookie, 8);
908 MD5(session_buf, session_buf_len, session_id);
909
910 free(session_buf);
911
912 RAND_bytes(pvar->crypt_state.sender_cipher_key,
913 SSH_SESSION_KEY_LENGTH);
914 memcpy(pvar->crypt_state.receiver_cipher_key,
915 pvar->crypt_state.sender_cipher_key,
916 SSH_SESSION_KEY_LENGTH);
917
918 memcpy(encrypted_key_buf + encrypted_key_bytes -
919 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
920 SSH_SESSION_KEY_LENGTH);
921 for (i = 0; i < sizeof(session_id); i++) {
922 encrypted_key_buf[encrypted_key_bytes -
923 SSH_SESSION_KEY_LENGTH + i]
924 ^= session_id[i];
925 }
926
927 if (host_key_bits > server_key_bits) {
928 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
929 encrypted_key_buf +
930 encrypted_key_bytes -
931 SSH_SESSION_KEY_LENGTH,
932 encrypted_key_buf +
933 encrypted_key_bytes - server_key_bytes,
934 pvar->crypt_state.server_key.RSA_key,
935 RSA_PKCS1_PADDING) < 0)
936 return 0;
937
938 if (RSA_public_encrypt(server_key_bytes,
939 encrypted_key_buf +
940 encrypted_key_bytes - server_key_bytes,
941 encrypted_key_buf,
942 pvar->crypt_state.host_key.RSA_key,
943 RSA_PKCS1_PADDING) < 0)
944 return 0;
945 } else {
946 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
947 encrypted_key_buf +
948 encrypted_key_bytes -
949 SSH_SESSION_KEY_LENGTH,
950 encrypted_key_buf +
951 encrypted_key_bytes - host_key_bytes,
952 pvar->crypt_state.host_key.RSA_key,
953 RSA_PKCS1_PADDING) < 0)
954 return 0;
955
956 if (RSA_public_encrypt(host_key_bytes,
957 encrypted_key_buf +
958 encrypted_key_bytes - host_key_bytes,
959 encrypted_key_buf,
960 pvar->crypt_state.server_key.RSA_key,
961 RSA_PKCS1_PADDING) < 0)
962 return 0;
963 }
964 }
965
966 return 1;
967 }
968
969 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
970 unsigned char FAR * challenge,
971 int challenge_len,
972 unsigned char FAR * response)
973 {
974 int server_key_bits =
975 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
976 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
977 int server_key_bytes = (server_key_bits + 7) / 8;
978 int host_key_bytes = (host_key_bits + 7) / 8;
979 int session_buf_len = server_key_bytes + host_key_bytes + 8;
980 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
981 char decrypted_challenge[48];
982 int decrypted_challenge_len;
983
984 decrypted_challenge_len =
985 RSA_private_decrypt(challenge_len, challenge, challenge,
986 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
987 RSA_PKCS1_PADDING);
988 if (decrypted_challenge_len < 0) {
989 free(session_buf);
990 return 0;
991 }
992 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
993 memcpy(decrypted_challenge,
994 challenge + decrypted_challenge_len -
995 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
996 } else {
997 memset(decrypted_challenge, 0,
998 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
999 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1000 decrypted_challenge_len, challenge,
1001 decrypted_challenge_len);
1002 }
1003
1004 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1005 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1006 session_buf + host_key_bytes);
1007 memcpy(session_buf + server_key_bytes + host_key_bytes,
1008 pvar->crypt_state.server_cookie, 8);
1009 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1010
1011 free(session_buf);
1012
1013 MD5(decrypted_challenge, 48, response);
1014
1015 return 1;
1016 }
1017
1018 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1019 {
1020 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1021 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1022 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1023 memset(state->ivec1, 0, 8);
1024 memset(state->ivec2, 0, 8);
1025 memset(state->ivec3, 0, 8);
1026 }
1027
1028 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1029 {
1030 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1031 memset(state->ivec, 0, 8);
1032 }
1033
1034 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1035 {
1036 idea_set_encrypt_key(session_key, &state->k);
1037 memset(state->ivec, 0, 8);
1038 }
1039
1040 static void cBlowfish_init(char FAR * session_key,
1041 CipherBlowfishState FAR * state)
1042 {
1043 BF_set_key(&state->k, 32, session_key);
1044 memset(state->ivec, 0, 8);
1045 }
1046
1047
1048 //
1049 // SSH2�p�A���S���Y����������
1050 //
1051 // for SSH2(yutaka)
1052 //
1053 void cipher_init_SSH2(
1054 EVP_CIPHER_CTX *evp,
1055 const u_char *key, u_int keylen,
1056 const u_char *iv, u_int ivlen,
1057 int encrypt,
1058 const EVP_CIPHER *(*func)(void)
1059 )
1060 {
1061 EVP_CIPHER *type;
1062 int klen;
1063
1064 type = (EVP_CIPHER *)func();
1065
1066 EVP_CIPHER_CTX_init(evp);
1067 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1068 // TODO:
1069 }
1070
1071 klen = EVP_CIPHER_CTX_key_length(evp);
1072 if (klen > 0 && keylen != klen) {
1073 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1074 // TODO:
1075 }
1076 }
1077 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1078 // TODO:
1079 }
1080 }
1081
1082
1083 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1084 {
1085 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1086 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1087 BOOL isOK = TRUE;
1088
1089 if (sender_flag) {
1090 switch (pvar->crypt_state.sender_cipher) {
1091 // for SSH2(yutaka)
1092 case SSH_CIPHER_3DES_CBC:
1093 {
1094 struct Enc *enc;
1095
1096 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1097 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1098 enc->key, 24, enc->iv, 8,
1099 CIPHER_ENCRYPT,
1100 EVP_des_ede3_cbc);
1101
1102 //debug_print(10, enc->key, 24);
1103 //debug_print(11, enc->iv, 24);
1104
1105 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1106 break;
1107 }
1108
1109 // for SSH2(yutaka)
1110 case SSH_CIPHER_AES128:
1111 {
1112 struct Enc *enc;
1113
1114 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1115 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1116 enc->key, 16, enc->iv, 16,
1117 CIPHER_ENCRYPT,
1118 EVP_aes_128_cbc);
1119
1120 //debug_print(10, enc->key, 24);
1121 //debug_print(11, enc->iv, 24);
1122
1123 pvar->crypt_state.encrypt = cAES128_encrypt;
1124 break;
1125 }
1126
1127 case SSH_CIPHER_3DES:{
1128 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1129 pvar->crypt_state.encrypt = c3DES_encrypt;
1130 break;
1131 }
1132 case SSH_CIPHER_IDEA:{
1133 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1134 pvar->crypt_state.encrypt = cIDEA_encrypt;
1135 break;
1136 }
1137 case SSH_CIPHER_DES:{
1138 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1139 pvar->crypt_state.encrypt = cDES_encrypt;
1140 break;
1141 }
1142 case SSH_CIPHER_RC4:{
1143 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1144 encryption_key + 16);
1145 pvar->crypt_state.encrypt = cRC4_encrypt;
1146 break;
1147 }
1148 case SSH_CIPHER_BLOWFISH:{
1149 cBlowfish_init(encryption_key,
1150 &pvar->crypt_state.enc.cBlowfish);
1151 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1152 break;
1153 }
1154 default:
1155 isOK = FALSE;
1156 }
1157 }
1158
1159
1160 if (receiver_flag) {
1161 switch (pvar->crypt_state.receiver_cipher) {
1162 // for SSH2(yutaka)
1163 case SSH_CIPHER_3DES_CBC:
1164 {
1165 struct Enc *enc;
1166
1167 enc = &pvar->ssh2_keys[MODE_IN].enc;
1168 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1169 enc->key, 24, enc->iv, 8,
1170 CIPHER_DECRYPT,
1171 EVP_des_ede3_cbc);
1172
1173 //debug_print(12, enc->key, 24);
1174 //debug_print(13, enc->iv, 24);
1175
1176 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1177 break;
1178 }
1179
1180 // for SSH2(yutaka)
1181 case SSH_CIPHER_AES128:
1182 {
1183 struct Enc *enc;
1184
1185 enc = &pvar->ssh2_keys[MODE_IN].enc;
1186 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1187 enc->key, 16, enc->iv, 16,
1188 CIPHER_DECRYPT,
1189 EVP_aes_128_cbc);
1190
1191 //debug_print(12, enc->key, 24);
1192 //debug_print(13, enc->iv, 24);
1193
1194 pvar->crypt_state.decrypt = cAES128_decrypt;
1195 break;
1196 }
1197
1198 case SSH_CIPHER_3DES:{
1199 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1200 pvar->crypt_state.decrypt = c3DES_decrypt;
1201 break;
1202 }
1203 case SSH_CIPHER_IDEA:{
1204 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1205 pvar->crypt_state.decrypt = cIDEA_decrypt;
1206 break;
1207 }
1208 case SSH_CIPHER_DES:{
1209 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1210 pvar->crypt_state.decrypt = cDES_decrypt;
1211 break;
1212 }
1213 case SSH_CIPHER_RC4:{
1214 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1215 pvar->crypt_state.decrypt = cRC4_decrypt;
1216 break;
1217 }
1218 case SSH_CIPHER_BLOWFISH:{
1219 cBlowfish_init(decryption_key,
1220 &pvar->crypt_state.dec.cBlowfish);
1221 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1222 break;
1223 }
1224 default:
1225 isOK = FALSE;
1226 }
1227 }
1228
1229
1230 if (!isOK) {
1231 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1232 "No cipher selected!");
1233 notify_fatal_error(pvar, pvar->ts->UIMsg);
1234 return FALSE;
1235 } else {
1236 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1237 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1238 return TRUE;
1239 }
1240 }
1241
1242 void CRYPT_init(PTInstVar pvar)
1243 {
1244 pvar->crypt_state.encrypt = no_encrypt;
1245 pvar->crypt_state.decrypt = no_encrypt;
1246 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1247 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1248 pvar->crypt_state.server_key.RSA_key = NULL;
1249 pvar->crypt_state.host_key.RSA_key = NULL;
1250
1251 pvar->crypt_state.detect_attack_statics.h = NULL;
1252 pvar->crypt_state.detect_attack_statics.n =
1253 HASH_MINSIZE / HASH_ENTRYSIZE;
1254 }
1255
1256 static char FAR *get_cipher_name(int cipher)
1257 {
1258 switch (cipher) {
1259 case SSH_CIPHER_NONE:
1260 return "None";
1261 case SSH_CIPHER_3DES:
1262 return "3DES (168 key bits)";
1263 case SSH_CIPHER_DES:
1264 return "DES (56 key bits)";
1265 case SSH_CIPHER_IDEA:
1266 return "IDEA (128 key bits)";
1267 case SSH_CIPHER_RC4:
1268 return "RC4 (128 key bits)";
1269 case SSH_CIPHER_BLOWFISH:
1270 return "Blowfish (256 key bits)";
1271
1272 // SSH2
1273 case SSH_CIPHER_3DES_CBC:
1274 return "3DES-CBC";
1275 case SSH_CIPHER_AES128:
1276 return "AES128";
1277
1278 default:
1279 return "Unknown";
1280 }
1281 }
1282
1283 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1284 {
1285 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1286 "%s to server, %s from server");
1287 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1288 get_cipher_name(pvar->crypt_state.sender_cipher),
1289 get_cipher_name(pvar->crypt_state.receiver_cipher));
1290 }
1291
1292 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1293 {
1294 if (SSHv1(pvar)) {
1295 if (pvar->crypt_state.server_key.RSA_key == NULL
1296 || pvar->crypt_state.host_key.RSA_key == NULL) {
1297 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1298 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1299 } else {
1300 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1301 "%d-bit server key, %d-bit host key");
1302 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1303 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1304 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1305 }
1306 } else { // SSH2
1307 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1308 "%d-bit server key, %d-bit host key");
1309 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1310 pvar->server_key_bits,
1311 pvar->client_key_bits);
1312 }
1313 }
1314
1315 static void destroy_public_key(CRYPTPublicKey FAR * key)
1316 {
1317 if (key->RSA_key != NULL) {
1318 RSA_free(key->RSA_key);
1319 key->RSA_key = NULL;
1320 }
1321 }
1322
1323 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1324 {
1325 destroy_public_key(key);
1326 free(key);
1327 }
1328
1329 void CRYPT_end(PTInstVar pvar)
1330 {
1331 destroy_public_key(&pvar->crypt_state.host_key);
1332 destroy_public_key(&pvar->crypt_state.server_key);
1333
1334 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1335 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1336 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1337 free(pvar->crypt_state.detect_attack_statics.h);
1338 }
1339
1340 memset(pvar->crypt_state.sender_cipher_key, 0,
1341 sizeof(pvar->crypt_state.sender_cipher_key));
1342 memset(pvar->crypt_state.receiver_cipher_key, 0,
1343 sizeof(pvar->crypt_state.receiver_cipher_key));
1344 memset(pvar->crypt_state.server_cookie, 0,
1345 sizeof(pvar->crypt_state.server_cookie));
1346 memset(pvar->crypt_state.client_cookie, 0,
1347 sizeof(pvar->crypt_state.client_cookie));
1348 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1349 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1350 }
1351
1352 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1353 char FAR * buf, int bytes)
1354 {
1355 unsigned char passphrase_key[16];
1356
1357 MD5(passphrase, strlen(passphrase), passphrase_key);
1358
1359 switch (cipher) {
1360 case SSH_CIPHER_3DES:{
1361 Cipher3DESState state;
1362
1363 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1364 &state.k1);
1365 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1366 &state.k2);
1367 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1368 &state.k3);
1369 memset(state.ivec1, 0, 8);
1370 memset(state.ivec2, 0, 8);
1371 memset(state.ivec3, 0, 8);
1372 DES_ncbc_encrypt(buf, buf, bytes,
1373 &state.k3, &state.ivec3, DES_DECRYPT);
1374 DES_ncbc_encrypt(buf, buf, bytes,
1375 &state.k2, &state.ivec2, DES_ENCRYPT);
1376 DES_ncbc_encrypt(buf, buf, bytes,
1377 &state.k1, &state.ivec1, DES_DECRYPT);
1378 break;
1379 }
1380
1381 case SSH_CIPHER_IDEA:{
1382 CipherIDEAState state;
1383 int num = 0;
1384
1385 cIDEA_init(passphrase_key, &state);
1386 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1387 &num, IDEA_DECRYPT);
1388 break;
1389 }
1390
1391 case SSH_CIPHER_DES:{
1392 CipherDESState state;
1393
1394 cDES_init(passphrase_key, &state);
1395 DES_ncbc_encrypt(buf, buf, bytes,
1396 &state.k, &state.ivec, DES_DECRYPT);
1397 break;
1398 }
1399
1400 case SSH_CIPHER_RC4:{
1401 CipherRC4State state;
1402 int num = 0;
1403
1404 RC4_set_key(&state.k, 16, passphrase_key);
1405 RC4(&state.k, bytes, buf, buf);
1406 break;
1407 }
1408
1409 case SSH_CIPHER_BLOWFISH:{
1410 CipherBlowfishState state;
1411
1412 BF_set_key(&state.k, 16, passphrase_key);
1413 memset(state.ivec, 0, 8);
1414 flip_endianness(buf, bytes);
1415 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1416 BF_DECRYPT);
1417 flip_endianness(buf, bytes);
1418 break;
1419 }
1420
1421 case SSH_CIPHER_NONE:
1422 break;
1423
1424 default:
1425 memset(passphrase_key, 0, sizeof(passphrase_key));
1426 return 0;
1427 }
1428
1429 memset(passphrase_key, 0, sizeof(passphrase_key));
1430 return 1;
1431 }
1432
1433 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1434 {
1435 if (key_pair->RSA_key != NULL)
1436 RSA_free(key_pair->RSA_key);
1437
1438 if (key_pair->DSA_key != NULL)
1439 DSA_free(key_pair->DSA_key);
1440
1441 free(key_pair);
1442 }
1443
1444 /*
1445 * $Log: not supported by cvs2svn $
1446 * Revision 1.9 2007/08/08 16:04:08 maya
1447 * ���S���������g�p�������������X�����B
1448 *
1449 * Revision 1.8 2007/06/06 14:10:12 maya
1450 * �v���v���Z�b�T�������\�������������������������AINET6 �� I18N �� #define ���t�]�������B
1451 *
1452 * Revision 1.7 2007/01/22 13:45:19 maya
1453 * �\�����b�Z�[�W��������������
1454 *
1455 * Revision 1.6 2006/11/23 02:19:30 maya
1456 * �\�����b�Z�[�W�������t�@�C�����������������R�[�h���������J�n�����B
1457 *
1458 * Revision 1.5 2006/03/26 17:07:17 yutakakn
1459 * fingerprint�\��������
1460 *
1461 * Revision 1.4 2005/07/09 05:16:06 yutakakn
1462 * OpenSSL 0.9.8���r���h�����������������B
1463 *
1464 * Revision 1.3 2004/12/22 17:28:14 yutakakn
1465 * SSH2���J���F��(RSA/DSA)���T�|�[�g�����B
1466 *
1467 */
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help