Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3003 - (show annotations) (download) (as text)
Mon Aug 20 14:21:57 2007 UTC (16 years, 7 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 39751 byte(s) 
インデントを変更した。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.12 2007-08-20 14:21:57 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
218 int bytes)
219 {
220 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
221 unsigned char *newbuf = malloc(bytes);
222 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
223
224 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
225 if (bytes == 0)
226 return;
227
228 if (newbuf == NULL)
229 return;
230
231 if (bytes % block_size) {
232 char tmp[80];
233 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
234 "AES128 encrypt error(1): bytes %d (%d)");
235 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
236 pvar->ts->UIMsg, bytes, block_size);
237 notify_fatal_error(pvar, tmp);
238 goto error;
239 }
240
241 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
242 // TODO: failure
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128 encrypt error(1): bytes %d (%d)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246
247 } else {
248 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
249 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
250 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
251
252 //debug_print(50, key, 24);
253 //debug_print(51, iv, 8);
254 //debug_print(52, buf, bytes);
255 //debug_print(53, newbuf, bytes);
256
257 memcpy(buf, newbuf, bytes);
258 }
259
260 error:
261 free(newbuf);
262 }
263
264 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
265 int bytes)
266 {
267 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
268 unsigned char *newbuf = malloc(bytes);
269 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
270
271 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
272 if (bytes == 0)
273 return;
274
275 if (newbuf == NULL)
276 return;
277
278 if (bytes % block_size) {
279 char tmp[80];
280 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
281 "AES128 decrypt error(1): bytes %d (%d)");
282 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
283 notify_fatal_error(pvar, tmp);
284 goto error;
285 }
286
287 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
288 // TODO:
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292
293 } else {
294 #if 0
295 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
296 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
297 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
298
299 {
300 static int no = 70;
301 debug_print(no, buf, bytes);
302 //debug_print(no, key, AES128_KEYLEN);
303 //debug_print(10*no, iv, AES128_IVLEN);
304 debug_print(30*no, newbuf, bytes);
305 no++;
306 }
307 #endif
308
309 memcpy(buf, newbuf, bytes);
310 }
311
312 error:;
313 free(newbuf);
314 }
315
316
317
318 // for SSH2(yutaka)
319 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
320 int bytes)
321 {
322 unsigned char key[24], iv[8];
323 unsigned char *newbuf = malloc(bytes);
324
325 if (newbuf == NULL)
326 return;
327
328 #if 1
329
330 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
331 // TODO: failure
332 } else {
333 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
334 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
335 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
336
337 //debug_print(50, key, 24);
338 //debug_print(51, iv, 8);
339 //debug_print(52, buf, bytes);
340 //debug_print(53, newbuf, bytes);
341
342 memcpy(buf, newbuf, bytes);
343 }
344 free(newbuf);
345 #else
346
347 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
348 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
349 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
350
351 //debug_print(50, key, 24);
352 //debug_print(51, iv, 8);
353 //debug_print(52, buf, bytes);
354
355 #if 0
356 DES_ede3_cbc_encrypt(
357 buf, newbuf, bytes,
358 (DES_key_schedule *)&key[0],
359 (DES_key_schedule *)&key[8],
360 (DES_key_schedule *)&key[16],
361 (DES_cblock *)iv,
362 DES_ENCRYPT);
363 #else
364 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
365 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
366 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
367
368 #endif
369
370 //debug_print(53, newbuf, bytes);
371
372 memcpy(buf, newbuf, bytes);
373 free(newbuf);
374
375 #endif
376 }
377
378 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
379 int bytes)
380 {
381 unsigned char key[24], iv[8];
382 unsigned char *newbuf = malloc(bytes);
383
384 if (newbuf == NULL)
385 return;
386
387 #if 1
388 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 // TODO:
390
391 } else {
392 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403 free(newbuf);
404
405 #else
406 unsigned char *key, iv[8];
407 unsigned char *newbuf = malloc(bytes);
408 if (newbuf == NULL)
409 return;
410
411 key = pvar->ssh2_keys[MODE_IN].enc.key;
412 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
413 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
414
415 //debug_print(60, key, 24);
416 //debug_print(61, iv, 8);
417 //debug_print(62, buf, bytes);
418
419 DES_ede3_cbc_encrypt(
420 buf, newbuf, bytes,
421 (DES_key_schedule *)&key[0],
422 (DES_key_schedule *)&key[8],
423 (DES_key_schedule *)&key[16],
424 (DES_cblock *)iv,
425 DES_DECRYPT);
426
427 //debug_print(63, newbuf, bytes);
428
429 memcpy(buf, newbuf, bytes);
430
431 free(newbuf);
432 #endif
433 }
434
435
436 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
437 int bytes)
438 {
439 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
440
441 DES_ncbc_encrypt(buf, buf, bytes,
442 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
443 DES_ncbc_encrypt(buf, buf, bytes,
444 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
447 }
448
449 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
450 int bytes)
451 {
452 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
453
454 DES_ncbc_encrypt(buf, buf, bytes,
455 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
456 DES_ncbc_encrypt(buf, buf, bytes,
457 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
458 DES_ncbc_encrypt(buf, buf, bytes,
459 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
460 }
461
462 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
463 int bytes)
464 {
465 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
466
467 DES_ncbc_encrypt(buf, buf, bytes,
468 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
469 }
470
471 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
472 int bytes)
473 {
474 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
475
476 DES_ncbc_encrypt(buf, buf, bytes,
477 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
478 }
479
480 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
481 int bytes)
482 {
483 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
484 int num = 0;
485
486 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
487 encryptstate->ivec, &num, IDEA_ENCRYPT);
488 }
489
490 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
491 int bytes)
492 {
493 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
494 int num = 0;
495
496 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
497 decryptstate->ivec, &num, IDEA_DECRYPT);
498 }
499
500 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
501 {
502 uint32 FAR *buf = (uint32 FAR *) cbuf;
503 int count = bytes / 4;
504
505 while (count > 0) {
506 uint32 w = *buf;
507
508 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
509 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
510 count--;
511 buf++;
512 }
513 }
514
515 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
516 int bytes)
517 {
518 CipherBlowfishState FAR *encryptstate =
519 &pvar->crypt_state.enc.cBlowfish;
520
521 flip_endianness(buf, bytes);
522 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
523 BF_ENCRYPT);
524 flip_endianness(buf, bytes);
525 }
526
527 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
528 int bytes)
529 {
530 CipherBlowfishState FAR *decryptstate =
531 &pvar->crypt_state.dec.cBlowfish;
532
533 flip_endianness(buf, bytes);
534 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
535 BF_DECRYPT);
536 flip_endianness(buf, bytes);
537 }
538
539 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
540 int bytes)
541 {
542 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
543 int num = 0;
544
545 RC4(&encryptstate->k, bytes, buf, buf);
546 }
547
548 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
549 int bytes)
550 {
551 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
552 int num = 0;
553
554 RC4(&decryptstate->k, bytes, buf, buf);
555 }
556
557 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
558 int bytes)
559 {
560 RAND_bytes(buf, bytes);
561 }
562
563 void CRYPT_initialize_random_numbers(PTInstVar pvar)
564 {
565 RAND_screen();
566 }
567
568 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
569 {
570 int bits = get_ushort16_MSBfirst(bytes);
571
572 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
573 }
574
575 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
576 RSA FAR *make_key(PTInstVar pvar,
577 int bits, unsigned char FAR * exp,
578 unsigned char FAR * mod)
579 {
580 RSA FAR *key = RSA_new();
581
582 if (key != NULL) {
583 key->e = get_bignum(exp);
584 key->n = get_bignum(mod);
585 }
586
587 if (key == NULL || key->e == NULL || key->n == NULL) {
588 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
589 "Error setting up RSA keys");
590 notify_fatal_error(pvar, pvar->ts->UIMsg);
591
592 if (key != NULL) {
593 if (key->e != NULL) {
594 BN_free(key->e);
595 }
596 if (key->n != NULL) {
597 BN_free(key->n);
598 }
599 RSA_free(key);
600 }
601
602 return NULL;
603 } else {
604 return key;
605 }
606 }
607
608 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
609 {
610 if (SSHv1(pvar)) {
611 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
612 } else {
613 memcpy(pvar->crypt_state.server_cookie, cookie,
614 SSH2_COOKIE_LENGTH);
615 }
616 }
617
618 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
619 {
620 if (SSHv2(pvar)) {
621 memcpy(pvar->crypt_state.client_cookie, cookie,
622 SSH2_COOKIE_LENGTH);
623 }
624 }
625
626 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
627 int bits, unsigned char FAR * exp,
628 unsigned char FAR * mod)
629 {
630 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
631
632 return pvar->crypt_state.server_key.RSA_key != NULL;
633 }
634
635 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
636 int bits, unsigned char FAR * exp,
637 unsigned char FAR * mod)
638 {
639 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
640
641 return pvar->crypt_state.host_key.RSA_key != NULL;
642 }
643
644 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
645 int receiver_ciphers)
646 {
647 int cipher_mask;
648
649 if (SSHv1(pvar)) {
650 cipher_mask = (1 << SSH_CIPHER_DES)
651 | (1 << SSH_CIPHER_3DES)
652 | (1 << SSH_CIPHER_BLOWFISH);
653
654 } else { // for SSH2(yutaka)
655 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
656 cipher_mask = (1 << SSH_CIPHER_3DES_CBC) | (1 << SSH_CIPHER_AES128);
657
658 }
659
660 sender_ciphers &= cipher_mask;
661 receiver_ciphers &= cipher_mask;
662 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
663 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
664
665 if (sender_ciphers == 0) {
666 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
667 "The server does not support any of the TTSSH encryption algorithms.\n"
668 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
669 "The connection will be closed.");
670 notify_fatal_error(pvar, pvar->ts->UIMsg);
671 return FALSE;
672 } else if (receiver_ciphers == 0) {
673 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
674 "The server does not support any of the TTSSH encryption algorithms.\n"
675 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
676 "The connection will be closed.");
677 notify_fatal_error(pvar, pvar->ts->UIMsg);
678 return FALSE;
679 } else {
680 return TRUE;
681 }
682 }
683
684 int CRYPT_get_decryption_block_size(PTInstVar pvar)
685 {
686 if (SSHv1(pvar)) {
687 return 8;
688 } else {
689 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
690 // cf. 3DES=8, AES128=16
691 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
692 }
693 }
694
695 int CRYPT_get_encryption_block_size(PTInstVar pvar)
696 {
697 if (SSHv1(pvar)) {
698 return 8;
699 } else {
700 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
701 // cf. 3DES=8, AES128=16
702 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
703 }
704 }
705
706 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
707 {
708 struct Mac *mac;
709
710 if (SSHv1(pvar)) {
711 return 0;
712
713 } else { // for SSH2(yutaka)
714 mac = &pvar->ssh2_keys[MODE_IN].mac;
715 if (mac == NULL || mac->enabled == 0)
716 return 0;
717
718 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
719 }
720
721 }
722
723 // HMAC������
724 // ���{������ SSH2 �������g�p�������B
725 // (2004.12.17 yutaka)
726 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
727 char FAR * data, int len, char FAR * MAC)
728 {
729 HMAC_CTX c;
730 unsigned char m[EVP_MAX_MD_SIZE];
731 unsigned char b[4];
732 struct Mac *mac;
733
734 mac = &pvar->ssh2_keys[MODE_IN].mac;
735
736 // HMAC�������L���������������A����OK�����������B
737 if (mac == NULL || mac->enabled == 0)
738 return TRUE;
739
740 if (mac->key == NULL)
741 goto error;
742
743 if ((u_int)mac->mac_len > sizeof(m))
744 goto error;
745
746 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
747 set_uint32_MSBfirst(b, sequence_number);
748 HMAC_Update(&c, b, sizeof(b));
749 HMAC_Update(&c, data, len);
750 HMAC_Final(&c, m, NULL);
751 HMAC_cleanup(&c);
752
753 if (memcmp(m, MAC, mac->mac_len)) {
754 goto error;
755 }
756
757 return TRUE;
758
759 error:
760 return FALSE;
761 }
762
763 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
764 {
765 struct Mac *mac;
766
767 if (SSHv2(pvar)) { // for SSH2(yutaka)
768 mac = &pvar->ssh2_keys[MODE_OUT].mac;
769 if (mac == NULL || mac->enabled == 0)
770 return 0;
771
772 return (mac->mac_len);
773 }
774
775 return 0;
776 }
777
778 // for SSH2
779 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
780 char FAR * data, int len, char FAR * MAC)
781 {
782 HMAC_CTX c;
783 static u_char m[EVP_MAX_MD_SIZE];
784 u_char b[4];
785 struct Mac *mac;
786
787 if (SSHv2(pvar)) { // for SSH2(yutaka)
788 mac = &pvar->ssh2_keys[MODE_OUT].mac;
789 if (mac == NULL || mac->enabled == 0)
790 return FALSE;
791
792 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
793 set_uint32_MSBfirst(b, sequence_number);
794 HMAC_Update(&c, b, sizeof(b));
795 HMAC_Update(&c, data, len);
796 HMAC_Final(&c, m, NULL);
797 HMAC_cleanup(&c);
798
799 // 20�o�C�g�������R�s�[
800 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
801 // memcpy(MAC, m, sizeof(m));
802
803 return TRUE;
804 }
805
806 return TRUE;
807
808 }
809
810 static int choose_cipher(PTInstVar pvar, int supported)
811 {
812 int i;
813
814 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
815 int cipher = pvar->session_settings.CipherOrder[i] - '0';
816
817 if (cipher == SSH_CIPHER_NONE) {
818 break;
819 } else if ((supported & (1 << cipher)) != 0) {
820 return cipher;
821 }
822 }
823
824 return SSH_CIPHER_NONE;
825 }
826
827 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
828 {
829 if (SSHv1(pvar)) {
830 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
831 pvar->crypt_state.
832 supported_sender_ciphers);
833 pvar->crypt_state.receiver_cipher =
834 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
835
836 } else { // SSH2(yutaka)
837 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
838 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
839
840 }
841
842 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
843 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
844 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
845 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
846 "To communicate with this server, you will have to enable some more ciphers\n"
847 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
848 "This connection will now close.");
849 notify_fatal_error(pvar, pvar->ts->UIMsg);
850 return FALSE;
851 } else {
852 return TRUE;
853 }
854 }
855
856 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
857 {
858 int server_key_bits =
859 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
860 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
861 int server_key_bytes = (server_key_bits + 7) / 8;
862 int host_key_bytes = (host_key_bits + 7) / 8;
863
864 if (server_key_bits < host_key_bits) {
865 return host_key_bytes;
866 } else {
867 return server_key_bytes;
868 }
869 }
870
871 int CRYPT_choose_session_key(PTInstVar pvar,
872 unsigned char FAR * encrypted_key_buf)
873 {
874 int server_key_bits =
875 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
876 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
877 int server_key_bytes = (server_key_bits + 7) / 8;
878 int host_key_bytes = (host_key_bits + 7) / 8;
879 int encrypted_key_bytes;
880 int bit_delta;
881
882 if (server_key_bits < host_key_bits) {
883 encrypted_key_bytes = host_key_bytes;
884 bit_delta = host_key_bits - server_key_bits;
885 } else {
886 encrypted_key_bytes = server_key_bytes;
887 bit_delta = server_key_bits - host_key_bits;
888 }
889
890 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
891 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
892 "Server RSA keys are too weak. A secure connection cannot be established.");
893 notify_fatal_error(pvar, pvar->ts->UIMsg);
894 return 0;
895 } else {
896 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
897 for the session ID, rather than the one specified in the RFC */
898 int session_buf_len = server_key_bytes + host_key_bytes + 8;
899 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
900 char session_id[16];
901 int i;
902
903 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
904 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
905 session_buf + host_key_bytes);
906 memcpy(session_buf + server_key_bytes + host_key_bytes,
907 pvar->crypt_state.server_cookie, 8);
908 MD5(session_buf, session_buf_len, session_id);
909
910 free(session_buf);
911
912 RAND_bytes(pvar->crypt_state.sender_cipher_key,
913 SSH_SESSION_KEY_LENGTH);
914 memcpy(pvar->crypt_state.receiver_cipher_key,
915 pvar->crypt_state.sender_cipher_key,
916 SSH_SESSION_KEY_LENGTH);
917
918 memcpy(encrypted_key_buf + encrypted_key_bytes -
919 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
920 SSH_SESSION_KEY_LENGTH);
921 for (i = 0; i < sizeof(session_id); i++) {
922 encrypted_key_buf[encrypted_key_bytes -
923 SSH_SESSION_KEY_LENGTH + i]
924 ^= session_id[i];
925 }
926
927 if (host_key_bits > server_key_bits) {
928 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
929 encrypted_key_buf +
930 encrypted_key_bytes -
931 SSH_SESSION_KEY_LENGTH,
932 encrypted_key_buf +
933 encrypted_key_bytes - server_key_bytes,
934 pvar->crypt_state.server_key.RSA_key,
935 RSA_PKCS1_PADDING) < 0)
936 return 0;
937
938 if (RSA_public_encrypt(server_key_bytes,
939 encrypted_key_buf +
940 encrypted_key_bytes - server_key_bytes,
941 encrypted_key_buf,
942 pvar->crypt_state.host_key.RSA_key,
943 RSA_PKCS1_PADDING) < 0)
944 return 0;
945 } else {
946 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
947 encrypted_key_buf +
948 encrypted_key_bytes -
949 SSH_SESSION_KEY_LENGTH,
950 encrypted_key_buf +
951 encrypted_key_bytes - host_key_bytes,
952 pvar->crypt_state.host_key.RSA_key,
953 RSA_PKCS1_PADDING) < 0)
954 return 0;
955
956 if (RSA_public_encrypt(host_key_bytes,
957 encrypted_key_buf +
958 encrypted_key_bytes - host_key_bytes,
959 encrypted_key_buf,
960 pvar->crypt_state.server_key.RSA_key,
961 RSA_PKCS1_PADDING) < 0)
962 return 0;
963 }
964 }
965
966 return 1;
967 }
968
969 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
970 unsigned char FAR * challenge,
971 int challenge_len,
972 unsigned char FAR * response)
973 {
974 int server_key_bits =
975 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
976 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
977 int server_key_bytes = (server_key_bits + 7) / 8;
978 int host_key_bytes = (host_key_bits + 7) / 8;
979 int session_buf_len = server_key_bytes + host_key_bytes + 8;
980 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
981 char decrypted_challenge[48];
982 int decrypted_challenge_len;
983
984 decrypted_challenge_len =
985 RSA_private_decrypt(challenge_len, challenge, challenge,
986 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
987 RSA_PKCS1_PADDING);
988 if (decrypted_challenge_len < 0) {
989 free(session_buf);
990 return 0;
991 }
992 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
993 memcpy(decrypted_challenge,
994 challenge + decrypted_challenge_len -
995 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
996 } else {
997 memset(decrypted_challenge, 0,
998 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
999 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1000 decrypted_challenge_len, challenge,
1001 decrypted_challenge_len);
1002 }
1003
1004 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1005 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1006 session_buf + host_key_bytes);
1007 memcpy(session_buf + server_key_bytes + host_key_bytes,
1008 pvar->crypt_state.server_cookie, 8);
1009 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1010
1011 free(session_buf);
1012
1013 MD5(decrypted_challenge, 48, response);
1014
1015 return 1;
1016 }
1017
1018 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1019 {
1020 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1021 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1022 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1023 memset(state->ivec1, 0, 8);
1024 memset(state->ivec2, 0, 8);
1025 memset(state->ivec3, 0, 8);
1026 }
1027
1028 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1029 {
1030 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1031 memset(state->ivec, 0, 8);
1032 }
1033
1034 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1035 {
1036 idea_set_encrypt_key(session_key, &state->k);
1037 memset(state->ivec, 0, 8);
1038 }
1039
1040 static void cBlowfish_init(char FAR * session_key,
1041 CipherBlowfishState FAR * state)
1042 {
1043 BF_set_key(&state->k, 32, session_key);
1044 memset(state->ivec, 0, 8);
1045 }
1046
1047
1048 //
1049 // SSH2�p�A���S���Y����������
1050 //
1051 // for SSH2(yutaka)
1052 //
1053 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1054 const u_char *key, u_int keylen,
1055 const u_char *iv, u_int ivlen,
1056 int encrypt,
1057 const EVP_CIPHER *(*func)(void))
1058 {
1059 EVP_CIPHER *type;
1060 int klen;
1061
1062 type = (EVP_CIPHER *)func();
1063
1064 EVP_CIPHER_CTX_init(evp);
1065 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1066 // TODO:
1067 }
1068
1069 klen = EVP_CIPHER_CTX_key_length(evp);
1070 if (klen > 0 && keylen != klen) {
1071 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1072 // TODO:
1073 }
1074 }
1075 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1076 // TODO:
1077 }
1078 }
1079
1080
1081 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1082 {
1083 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1084 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1085 BOOL isOK = TRUE;
1086
1087 if (sender_flag) {
1088 switch (pvar->crypt_state.sender_cipher) {
1089 // for SSH2(yutaka)
1090 case SSH_CIPHER_3DES_CBC:
1091 {
1092 struct Enc *enc;
1093
1094 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1095 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1096 enc->key, 24, enc->iv, 8,
1097 CIPHER_ENCRYPT,
1098 EVP_des_ede3_cbc);
1099
1100 //debug_print(10, enc->key, 24);
1101 //debug_print(11, enc->iv, 24);
1102
1103 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1104 break;
1105 }
1106
1107 // for SSH2(yutaka)
1108 case SSH_CIPHER_AES128:
1109 {
1110 struct Enc *enc;
1111
1112 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1113 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1114 enc->key, 16, enc->iv, 16,
1115 CIPHER_ENCRYPT,
1116 EVP_aes_128_cbc);
1117
1118 //debug_print(10, enc->key, 24);
1119 //debug_print(11, enc->iv, 24);
1120
1121 pvar->crypt_state.encrypt = cAES128_encrypt;
1122 break;
1123 }
1124
1125 case SSH_CIPHER_3DES:{
1126 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1127 pvar->crypt_state.encrypt = c3DES_encrypt;
1128 break;
1129 }
1130 case SSH_CIPHER_IDEA:{
1131 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1132 pvar->crypt_state.encrypt = cIDEA_encrypt;
1133 break;
1134 }
1135 case SSH_CIPHER_DES:{
1136 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1137 pvar->crypt_state.encrypt = cDES_encrypt;
1138 break;
1139 }
1140 case SSH_CIPHER_RC4:{
1141 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1142 encryption_key + 16);
1143 pvar->crypt_state.encrypt = cRC4_encrypt;
1144 break;
1145 }
1146 case SSH_CIPHER_BLOWFISH:{
1147 cBlowfish_init(encryption_key,
1148 &pvar->crypt_state.enc.cBlowfish);
1149 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1150 break;
1151 }
1152 default:
1153 isOK = FALSE;
1154 }
1155 }
1156
1157
1158 if (receiver_flag) {
1159 switch (pvar->crypt_state.receiver_cipher) {
1160 // for SSH2(yutaka)
1161 case SSH_CIPHER_3DES_CBC:
1162 {
1163 struct Enc *enc;
1164
1165 enc = &pvar->ssh2_keys[MODE_IN].enc;
1166 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1167 enc->key, 24, enc->iv, 8,
1168 CIPHER_DECRYPT,
1169 EVP_des_ede3_cbc);
1170
1171 //debug_print(12, enc->key, 24);
1172 //debug_print(13, enc->iv, 24);
1173
1174 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1175 break;
1176 }
1177
1178 // for SSH2(yutaka)
1179 case SSH_CIPHER_AES128:
1180 {
1181 struct Enc *enc;
1182
1183 enc = &pvar->ssh2_keys[MODE_IN].enc;
1184 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1185 enc->key, 16, enc->iv, 16,
1186 CIPHER_DECRYPT,
1187 EVP_aes_128_cbc);
1188
1189 //debug_print(12, enc->key, 24);
1190 //debug_print(13, enc->iv, 24);
1191
1192 pvar->crypt_state.decrypt = cAES128_decrypt;
1193 break;
1194 }
1195
1196 case SSH_CIPHER_3DES:{
1197 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1198 pvar->crypt_state.decrypt = c3DES_decrypt;
1199 break;
1200 }
1201 case SSH_CIPHER_IDEA:{
1202 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1203 pvar->crypt_state.decrypt = cIDEA_decrypt;
1204 break;
1205 }
1206 case SSH_CIPHER_DES:{
1207 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1208 pvar->crypt_state.decrypt = cDES_decrypt;
1209 break;
1210 }
1211 case SSH_CIPHER_RC4:{
1212 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1213 pvar->crypt_state.decrypt = cRC4_decrypt;
1214 break;
1215 }
1216 case SSH_CIPHER_BLOWFISH:{
1217 cBlowfish_init(decryption_key,
1218 &pvar->crypt_state.dec.cBlowfish);
1219 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1220 break;
1221 }
1222 default:
1223 isOK = FALSE;
1224 }
1225 }
1226
1227
1228 if (!isOK) {
1229 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1230 "No cipher selected!");
1231 notify_fatal_error(pvar, pvar->ts->UIMsg);
1232 return FALSE;
1233 } else {
1234 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1235 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1236 return TRUE;
1237 }
1238 }
1239
1240 void CRYPT_init(PTInstVar pvar)
1241 {
1242 pvar->crypt_state.encrypt = no_encrypt;
1243 pvar->crypt_state.decrypt = no_encrypt;
1244 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1245 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1246 pvar->crypt_state.server_key.RSA_key = NULL;
1247 pvar->crypt_state.host_key.RSA_key = NULL;
1248
1249 pvar->crypt_state.detect_attack_statics.h = NULL;
1250 pvar->crypt_state.detect_attack_statics.n =
1251 HASH_MINSIZE / HASH_ENTRYSIZE;
1252 }
1253
1254 static char FAR *get_cipher_name(int cipher)
1255 {
1256 switch (cipher) {
1257 case SSH_CIPHER_NONE:
1258 return "None";
1259 case SSH_CIPHER_3DES:
1260 return "3DES (168 key bits)";
1261 case SSH_CIPHER_DES:
1262 return "DES (56 key bits)";
1263 case SSH_CIPHER_IDEA:
1264 return "IDEA (128 key bits)";
1265 case SSH_CIPHER_RC4:
1266 return "RC4 (128 key bits)";
1267 case SSH_CIPHER_BLOWFISH:
1268 return "Blowfish (256 key bits)";
1269
1270 // SSH2
1271 case SSH_CIPHER_3DES_CBC:
1272 return "3DES-CBC";
1273 case SSH_CIPHER_AES128:
1274 return "AES128";
1275
1276 default:
1277 return "Unknown";
1278 }
1279 }
1280
1281 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1282 {
1283 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1284 "%s to server, %s from server");
1285 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1286 get_cipher_name(pvar->crypt_state.sender_cipher),
1287 get_cipher_name(pvar->crypt_state.receiver_cipher));
1288 }
1289
1290 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1291 {
1292 if (SSHv1(pvar)) {
1293 if (pvar->crypt_state.server_key.RSA_key == NULL
1294 || pvar->crypt_state.host_key.RSA_key == NULL) {
1295 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1296 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1297 } else {
1298 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1299 "%d-bit server key, %d-bit host key");
1300 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1301 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1302 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1303 }
1304 } else { // SSH2
1305 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1306 "%d-bit server key, %d-bit host key");
1307 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1308 pvar->server_key_bits,
1309 pvar->client_key_bits);
1310 }
1311 }
1312
1313 static void destroy_public_key(CRYPTPublicKey FAR * key)
1314 {
1315 if (key->RSA_key != NULL) {
1316 RSA_free(key->RSA_key);
1317 key->RSA_key = NULL;
1318 }
1319 }
1320
1321 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1322 {
1323 destroy_public_key(key);
1324 free(key);
1325 }
1326
1327 void CRYPT_end(PTInstVar pvar)
1328 {
1329 destroy_public_key(&pvar->crypt_state.host_key);
1330 destroy_public_key(&pvar->crypt_state.server_key);
1331
1332 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1333 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1334 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1335 free(pvar->crypt_state.detect_attack_statics.h);
1336 }
1337
1338 memset(pvar->crypt_state.sender_cipher_key, 0,
1339 sizeof(pvar->crypt_state.sender_cipher_key));
1340 memset(pvar->crypt_state.receiver_cipher_key, 0,
1341 sizeof(pvar->crypt_state.receiver_cipher_key));
1342 memset(pvar->crypt_state.server_cookie, 0,
1343 sizeof(pvar->crypt_state.server_cookie));
1344 memset(pvar->crypt_state.client_cookie, 0,
1345 sizeof(pvar->crypt_state.client_cookie));
1346 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1347 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1348 }
1349
1350 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1351 char FAR * buf, int bytes)
1352 {
1353 unsigned char passphrase_key[16];
1354
1355 MD5(passphrase, strlen(passphrase), passphrase_key);
1356
1357 switch (cipher) {
1358 case SSH_CIPHER_3DES:{
1359 Cipher3DESState state;
1360
1361 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1362 &state.k1);
1363 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1364 &state.k2);
1365 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1366 &state.k3);
1367 memset(state.ivec1, 0, 8);
1368 memset(state.ivec2, 0, 8);
1369 memset(state.ivec3, 0, 8);
1370 DES_ncbc_encrypt(buf, buf, bytes,
1371 &state.k3, &state.ivec3, DES_DECRYPT);
1372 DES_ncbc_encrypt(buf, buf, bytes,
1373 &state.k2, &state.ivec2, DES_ENCRYPT);
1374 DES_ncbc_encrypt(buf, buf, bytes,
1375 &state.k1, &state.ivec1, DES_DECRYPT);
1376 break;
1377 }
1378
1379 case SSH_CIPHER_IDEA:{
1380 CipherIDEAState state;
1381 int num = 0;
1382
1383 cIDEA_init(passphrase_key, &state);
1384 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1385 &num, IDEA_DECRYPT);
1386 break;
1387 }
1388
1389 case SSH_CIPHER_DES:{
1390 CipherDESState state;
1391
1392 cDES_init(passphrase_key, &state);
1393 DES_ncbc_encrypt(buf, buf, bytes,
1394 &state.k, &state.ivec, DES_DECRYPT);
1395 break;
1396 }
1397
1398 case SSH_CIPHER_RC4:{
1399 CipherRC4State state;
1400 int num = 0;
1401
1402 RC4_set_key(&state.k, 16, passphrase_key);
1403 RC4(&state.k, bytes, buf, buf);
1404 break;
1405 }
1406
1407 case SSH_CIPHER_BLOWFISH:{
1408 CipherBlowfishState state;
1409
1410 BF_set_key(&state.k, 16, passphrase_key);
1411 memset(state.ivec, 0, 8);
1412 flip_endianness(buf, bytes);
1413 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1414 BF_DECRYPT);
1415 flip_endianness(buf, bytes);
1416 break;
1417 }
1418
1419 case SSH_CIPHER_NONE:
1420 break;
1421
1422 default:
1423 memset(passphrase_key, 0, sizeof(passphrase_key));
1424 return 0;
1425 }
1426
1427 memset(passphrase_key, 0, sizeof(passphrase_key));
1428 return 1;
1429 }
1430
1431 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1432 {
1433 if (key_pair->RSA_key != NULL)
1434 RSA_free(key_pair->RSA_key);
1435
1436 if (key_pair->DSA_key != NULL)
1437 DSA_free(key_pair->DSA_key);
1438
1439 free(key_pair);
1440 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help