Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3036 - (show annotations) (download) (as text)
Tue Oct 16 15:28:14 2007 UTC (16 years, 5 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 40929 byte(s) 
SSH2 の暗号方式として AES256 をサポートした。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.13 2007-10-16 15:28:14 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
223 unsigned char *newbuf = malloc(bytes);
224 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
225
226 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227 if (bytes == 0)
228 return;
229
230 if (newbuf == NULL)
231 return;
232
233 if (bytes % block_size) {
234 char tmp[80];
235 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
236 "AES128 encrypt error(1): bytes %d (%d)");
237 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
238 pvar->ts->UIMsg, bytes, block_size);
239 notify_fatal_error(pvar, tmp);
240 goto error;
241 }
242
243 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
244 // TODO: failure
245 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
246 "AES128 encrypt error(1): bytes %d (%d)");
247 notify_fatal_error(pvar, pvar->ts->UIMsg);
248
249 } else {
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
270 unsigned char *newbuf = malloc(bytes);
271 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272
273 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
274 if (bytes == 0)
275 return;
276
277 if (newbuf == NULL)
278 return;
279
280 if (bytes % block_size) {
281 char tmp[80];
282 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
283 "AES128 decrypt error(1): bytes %d (%d)");
284 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
285 notify_fatal_error(pvar, tmp);
286 goto error;
287 }
288
289 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
290 // TODO:
291 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
292 "AES128 decrypt error(2)");
293 notify_fatal_error(pvar, pvar->ts->UIMsg);
294
295 } else {
296 #if 0
297 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
298 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
299 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
300
301 {
302 static int no = 70;
303 debug_print(no, buf, bytes);
304 //debug_print(no, key, AES128_KEYLEN);
305 //debug_print(10*no, iv, AES128_IVLEN);
306 debug_print(30*no, newbuf, bytes);
307 no++;
308 }
309 #endif
310
311 memcpy(buf, newbuf, bytes);
312 }
313
314 error:;
315 free(newbuf);
316 }
317
318
319
320 // for SSH2(yutaka)
321 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
322 int bytes)
323 {
324 unsigned char key[24], iv[8];
325 unsigned char *newbuf = malloc(bytes);
326
327 if (newbuf == NULL)
328 return;
329
330 #if 1
331
332 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
333 // TODO: failure
334 } else {
335 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
336 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
337 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
338
339 //debug_print(50, key, 24);
340 //debug_print(51, iv, 8);
341 //debug_print(52, buf, bytes);
342 //debug_print(53, newbuf, bytes);
343
344 memcpy(buf, newbuf, bytes);
345 }
346 free(newbuf);
347 #else
348
349 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352
353 //debug_print(50, key, 24);
354 //debug_print(51, iv, 8);
355 //debug_print(52, buf, bytes);
356
357 #if 0
358 DES_ede3_cbc_encrypt(
359 buf, newbuf, bytes,
360 (DES_key_schedule *)&key[0],
361 (DES_key_schedule *)&key[8],
362 (DES_key_schedule *)&key[16],
363 (DES_cblock *)iv,
364 DES_ENCRYPT);
365 #else
366 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
367 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
368 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
369
370 #endif
371
372 //debug_print(53, newbuf, bytes);
373
374 memcpy(buf, newbuf, bytes);
375 free(newbuf);
376
377 #endif
378 }
379
380 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
381 int bytes)
382 {
383 unsigned char key[24], iv[8];
384 unsigned char *newbuf = malloc(bytes);
385
386 if (newbuf == NULL)
387 return;
388
389 #if 1
390 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
391 // TODO:
392
393 } else {
394 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
395 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
396 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
397
398 //debug_print(70, key, 24);
399 //debug_print(71, iv, 8);
400 //debug_print(72, buf, bytes);
401 //debug_print(73, newbuf, bytes);
402
403 memcpy(buf, newbuf, bytes);
404 }
405 free(newbuf);
406
407 #else
408 unsigned char *key, iv[8];
409 unsigned char *newbuf = malloc(bytes);
410 if (newbuf == NULL)
411 return;
412
413 key = pvar->ssh2_keys[MODE_IN].enc.key;
414 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
415 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
416
417 //debug_print(60, key, 24);
418 //debug_print(61, iv, 8);
419 //debug_print(62, buf, bytes);
420
421 DES_ede3_cbc_encrypt(
422 buf, newbuf, bytes,
423 (DES_key_schedule *)&key[0],
424 (DES_key_schedule *)&key[8],
425 (DES_key_schedule *)&key[16],
426 (DES_cblock *)iv,
427 DES_DECRYPT);
428
429 //debug_print(63, newbuf, bytes);
430
431 memcpy(buf, newbuf, bytes);
432
433 free(newbuf);
434 #endif
435 }
436
437
438 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
439 int bytes)
440 {
441 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
442
443 DES_ncbc_encrypt(buf, buf, bytes,
444 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
447 DES_ncbc_encrypt(buf, buf, bytes,
448 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
449 }
450
451 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
452 int bytes)
453 {
454 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
455
456 DES_ncbc_encrypt(buf, buf, bytes,
457 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
458 DES_ncbc_encrypt(buf, buf, bytes,
459 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
460 DES_ncbc_encrypt(buf, buf, bytes,
461 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
462 }
463
464 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
465 int bytes)
466 {
467 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
468
469 DES_ncbc_encrypt(buf, buf, bytes,
470 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
471 }
472
473 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
474 int bytes)
475 {
476 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
477
478 DES_ncbc_encrypt(buf, buf, bytes,
479 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
480 }
481
482 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
483 int bytes)
484 {
485 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
486 int num = 0;
487
488 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
489 encryptstate->ivec, &num, IDEA_ENCRYPT);
490 }
491
492 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
493 int bytes)
494 {
495 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
496 int num = 0;
497
498 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
499 decryptstate->ivec, &num, IDEA_DECRYPT);
500 }
501
502 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
503 {
504 uint32 FAR *buf = (uint32 FAR *) cbuf;
505 int count = bytes / 4;
506
507 while (count > 0) {
508 uint32 w = *buf;
509
510 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
511 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
512 count--;
513 buf++;
514 }
515 }
516
517 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
518 int bytes)
519 {
520 CipherBlowfishState FAR *encryptstate =
521 &pvar->crypt_state.enc.cBlowfish;
522
523 flip_endianness(buf, bytes);
524 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
525 BF_ENCRYPT);
526 flip_endianness(buf, bytes);
527 }
528
529 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
530 int bytes)
531 {
532 CipherBlowfishState FAR *decryptstate =
533 &pvar->crypt_state.dec.cBlowfish;
534
535 flip_endianness(buf, bytes);
536 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
537 BF_DECRYPT);
538 flip_endianness(buf, bytes);
539 }
540
541 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
542 int bytes)
543 {
544 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
545 int num = 0;
546
547 RC4(&encryptstate->k, bytes, buf, buf);
548 }
549
550 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
551 int bytes)
552 {
553 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
554 int num = 0;
555
556 RC4(&decryptstate->k, bytes, buf, buf);
557 }
558
559 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
560 int bytes)
561 {
562 RAND_bytes(buf, bytes);
563 }
564
565 void CRYPT_initialize_random_numbers(PTInstVar pvar)
566 {
567 RAND_screen();
568 }
569
570 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
571 {
572 int bits = get_ushort16_MSBfirst(bytes);
573
574 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
575 }
576
577 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
578 RSA FAR *make_key(PTInstVar pvar,
579 int bits, unsigned char FAR * exp,
580 unsigned char FAR * mod)
581 {
582 RSA FAR *key = RSA_new();
583
584 if (key != NULL) {
585 key->e = get_bignum(exp);
586 key->n = get_bignum(mod);
587 }
588
589 if (key == NULL || key->e == NULL || key->n == NULL) {
590 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
591 "Error setting up RSA keys");
592 notify_fatal_error(pvar, pvar->ts->UIMsg);
593
594 if (key != NULL) {
595 if (key->e != NULL) {
596 BN_free(key->e);
597 }
598 if (key->n != NULL) {
599 BN_free(key->n);
600 }
601 RSA_free(key);
602 }
603
604 return NULL;
605 } else {
606 return key;
607 }
608 }
609
610 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
611 {
612 if (SSHv1(pvar)) {
613 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
614 } else {
615 memcpy(pvar->crypt_state.server_cookie, cookie,
616 SSH2_COOKIE_LENGTH);
617 }
618 }
619
620 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
621 {
622 if (SSHv2(pvar)) {
623 memcpy(pvar->crypt_state.client_cookie, cookie,
624 SSH2_COOKIE_LENGTH);
625 }
626 }
627
628 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
629 int bits, unsigned char FAR * exp,
630 unsigned char FAR * mod)
631 {
632 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
633
634 return pvar->crypt_state.server_key.RSA_key != NULL;
635 }
636
637 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
638 int bits, unsigned char FAR * exp,
639 unsigned char FAR * mod)
640 {
641 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
642
643 return pvar->crypt_state.host_key.RSA_key != NULL;
644 }
645
646 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
647 int receiver_ciphers)
648 {
649 int cipher_mask;
650
651 if (SSHv1(pvar)) {
652 cipher_mask = (1 << SSH_CIPHER_DES)
653 | (1 << SSH_CIPHER_3DES)
654 | (1 << SSH_CIPHER_BLOWFISH);
655
656 } else { // for SSH2(yutaka)
657 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
658 cipher_mask = (1 << SSH_CIPHER_3DES_CBC)
659 | (1 << SSH_CIPHER_AES128)
660 #ifdef SSH2_BLOWFISH
661 | (1 << SSH_CIPHER_BLOWFISH)
662 #endif
663 | (1 << SSH_CIPHER_AES256);
664 }
665
666 sender_ciphers &= cipher_mask;
667 receiver_ciphers &= cipher_mask;
668 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
669 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
670
671 if (sender_ciphers == 0) {
672 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
673 "The server does not support any of the TTSSH encryption algorithms.\n"
674 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
675 "The connection will be closed.");
676 notify_fatal_error(pvar, pvar->ts->UIMsg);
677 return FALSE;
678 } else if (receiver_ciphers == 0) {
679 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
680 "The server does not support any of the TTSSH encryption algorithms.\n"
681 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
682 "The connection will be closed.");
683 notify_fatal_error(pvar, pvar->ts->UIMsg);
684 return FALSE;
685 } else {
686 return TRUE;
687 }
688 }
689
690 int CRYPT_get_decryption_block_size(PTInstVar pvar)
691 {
692 if (SSHv1(pvar)) {
693 return 8;
694 } else {
695 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
696 // cf. 3DES=8, AES128=16
697 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
698 }
699 }
700
701 int CRYPT_get_encryption_block_size(PTInstVar pvar)
702 {
703 if (SSHv1(pvar)) {
704 return 8;
705 } else {
706 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
707 // cf. 3DES=8, AES128=16
708 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
709 }
710 }
711
712 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
713 {
714 struct Mac *mac;
715
716 if (SSHv1(pvar)) {
717 return 0;
718
719 } else { // for SSH2(yutaka)
720 mac = &pvar->ssh2_keys[MODE_IN].mac;
721 if (mac == NULL || mac->enabled == 0)
722 return 0;
723
724 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
725 }
726
727 }
728
729 // HMAC������
730 // ���{������ SSH2 �������g�p�������B
731 // (2004.12.17 yutaka)
732 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
733 char FAR * data, int len, char FAR * MAC)
734 {
735 HMAC_CTX c;
736 unsigned char m[EVP_MAX_MD_SIZE];
737 unsigned char b[4];
738 struct Mac *mac;
739
740 mac = &pvar->ssh2_keys[MODE_IN].mac;
741
742 // HMAC�������L���������������A����OK�����������B
743 if (mac == NULL || mac->enabled == 0)
744 return TRUE;
745
746 if (mac->key == NULL)
747 goto error;
748
749 if ((u_int)mac->mac_len > sizeof(m))
750 goto error;
751
752 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
753 set_uint32_MSBfirst(b, sequence_number);
754 HMAC_Update(&c, b, sizeof(b));
755 HMAC_Update(&c, data, len);
756 HMAC_Final(&c, m, NULL);
757 HMAC_cleanup(&c);
758
759 if (memcmp(m, MAC, mac->mac_len)) {
760 goto error;
761 }
762
763 return TRUE;
764
765 error:
766 return FALSE;
767 }
768
769 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
770 {
771 struct Mac *mac;
772
773 if (SSHv2(pvar)) { // for SSH2(yutaka)
774 mac = &pvar->ssh2_keys[MODE_OUT].mac;
775 if (mac == NULL || mac->enabled == 0)
776 return 0;
777
778 return (mac->mac_len);
779 }
780
781 return 0;
782 }
783
784 // for SSH2
785 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
786 char FAR * data, int len, char FAR * MAC)
787 {
788 HMAC_CTX c;
789 static u_char m[EVP_MAX_MD_SIZE];
790 u_char b[4];
791 struct Mac *mac;
792
793 if (SSHv2(pvar)) { // for SSH2(yutaka)
794 mac = &pvar->ssh2_keys[MODE_OUT].mac;
795 if (mac == NULL || mac->enabled == 0)
796 return FALSE;
797
798 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
799 set_uint32_MSBfirst(b, sequence_number);
800 HMAC_Update(&c, b, sizeof(b));
801 HMAC_Update(&c, data, len);
802 HMAC_Final(&c, m, NULL);
803 HMAC_cleanup(&c);
804
805 // 20�o�C�g�������R�s�[
806 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
807 // memcpy(MAC, m, sizeof(m));
808
809 return TRUE;
810 }
811
812 return TRUE;
813
814 }
815
816 static int choose_cipher(PTInstVar pvar, int supported)
817 {
818 int i;
819
820 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
821 int cipher = pvar->session_settings.CipherOrder[i] - '0';
822
823 if (cipher == SSH_CIPHER_NONE) {
824 break;
825 } else if ((supported & (1 << cipher)) != 0) {
826 return cipher;
827 }
828 }
829
830 return SSH_CIPHER_NONE;
831 }
832
833 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
834 {
835 if (SSHv1(pvar)) {
836 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
837 pvar->crypt_state.
838 supported_sender_ciphers);
839 pvar->crypt_state.receiver_cipher =
840 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
841
842 } else { // SSH2(yutaka)
843 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
844 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
845
846 }
847
848 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
849 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
850 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
851 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
852 "To communicate with this server, you will have to enable some more ciphers\n"
853 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
854 "This connection will now close.");
855 notify_fatal_error(pvar, pvar->ts->UIMsg);
856 return FALSE;
857 } else {
858 return TRUE;
859 }
860 }
861
862 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
863 {
864 int server_key_bits =
865 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
866 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
867 int server_key_bytes = (server_key_bits + 7) / 8;
868 int host_key_bytes = (host_key_bits + 7) / 8;
869
870 if (server_key_bits < host_key_bits) {
871 return host_key_bytes;
872 } else {
873 return server_key_bytes;
874 }
875 }
876
877 int CRYPT_choose_session_key(PTInstVar pvar,
878 unsigned char FAR * encrypted_key_buf)
879 {
880 int server_key_bits =
881 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
882 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
883 int server_key_bytes = (server_key_bits + 7) / 8;
884 int host_key_bytes = (host_key_bits + 7) / 8;
885 int encrypted_key_bytes;
886 int bit_delta;
887
888 if (server_key_bits < host_key_bits) {
889 encrypted_key_bytes = host_key_bytes;
890 bit_delta = host_key_bits - server_key_bits;
891 } else {
892 encrypted_key_bytes = server_key_bytes;
893 bit_delta = server_key_bits - host_key_bits;
894 }
895
896 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
897 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
898 "Server RSA keys are too weak. A secure connection cannot be established.");
899 notify_fatal_error(pvar, pvar->ts->UIMsg);
900 return 0;
901 } else {
902 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
903 for the session ID, rather than the one specified in the RFC */
904 int session_buf_len = server_key_bytes + host_key_bytes + 8;
905 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
906 char session_id[16];
907 int i;
908
909 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
910 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
911 session_buf + host_key_bytes);
912 memcpy(session_buf + server_key_bytes + host_key_bytes,
913 pvar->crypt_state.server_cookie, 8);
914 MD5(session_buf, session_buf_len, session_id);
915
916 free(session_buf);
917
918 RAND_bytes(pvar->crypt_state.sender_cipher_key,
919 SSH_SESSION_KEY_LENGTH);
920 memcpy(pvar->crypt_state.receiver_cipher_key,
921 pvar->crypt_state.sender_cipher_key,
922 SSH_SESSION_KEY_LENGTH);
923
924 memcpy(encrypted_key_buf + encrypted_key_bytes -
925 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
926 SSH_SESSION_KEY_LENGTH);
927 for (i = 0; i < sizeof(session_id); i++) {
928 encrypted_key_buf[encrypted_key_bytes -
929 SSH_SESSION_KEY_LENGTH + i]
930 ^= session_id[i];
931 }
932
933 if (host_key_bits > server_key_bits) {
934 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
935 encrypted_key_buf +
936 encrypted_key_bytes -
937 SSH_SESSION_KEY_LENGTH,
938 encrypted_key_buf +
939 encrypted_key_bytes - server_key_bytes,
940 pvar->crypt_state.server_key.RSA_key,
941 RSA_PKCS1_PADDING) < 0)
942 return 0;
943
944 if (RSA_public_encrypt(server_key_bytes,
945 encrypted_key_buf +
946 encrypted_key_bytes - server_key_bytes,
947 encrypted_key_buf,
948 pvar->crypt_state.host_key.RSA_key,
949 RSA_PKCS1_PADDING) < 0)
950 return 0;
951 } else {
952 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
953 encrypted_key_buf +
954 encrypted_key_bytes -
955 SSH_SESSION_KEY_LENGTH,
956 encrypted_key_buf +
957 encrypted_key_bytes - host_key_bytes,
958 pvar->crypt_state.host_key.RSA_key,
959 RSA_PKCS1_PADDING) < 0)
960 return 0;
961
962 if (RSA_public_encrypt(host_key_bytes,
963 encrypted_key_buf +
964 encrypted_key_bytes - host_key_bytes,
965 encrypted_key_buf,
966 pvar->crypt_state.server_key.RSA_key,
967 RSA_PKCS1_PADDING) < 0)
968 return 0;
969 }
970 }
971
972 return 1;
973 }
974
975 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
976 unsigned char FAR * challenge,
977 int challenge_len,
978 unsigned char FAR * response)
979 {
980 int server_key_bits =
981 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
982 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
983 int server_key_bytes = (server_key_bits + 7) / 8;
984 int host_key_bytes = (host_key_bits + 7) / 8;
985 int session_buf_len = server_key_bytes + host_key_bytes + 8;
986 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
987 char decrypted_challenge[48];
988 int decrypted_challenge_len;
989
990 decrypted_challenge_len =
991 RSA_private_decrypt(challenge_len, challenge, challenge,
992 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
993 RSA_PKCS1_PADDING);
994 if (decrypted_challenge_len < 0) {
995 free(session_buf);
996 return 0;
997 }
998 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
999 memcpy(decrypted_challenge,
1000 challenge + decrypted_challenge_len -
1001 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1002 } else {
1003 memset(decrypted_challenge, 0,
1004 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1005 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1006 decrypted_challenge_len, challenge,
1007 decrypted_challenge_len);
1008 }
1009
1010 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1011 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1012 session_buf + host_key_bytes);
1013 memcpy(session_buf + server_key_bytes + host_key_bytes,
1014 pvar->crypt_state.server_cookie, 8);
1015 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1016
1017 free(session_buf);
1018
1019 MD5(decrypted_challenge, 48, response);
1020
1021 return 1;
1022 }
1023
1024 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1025 {
1026 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1027 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1028 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1029 memset(state->ivec1, 0, 8);
1030 memset(state->ivec2, 0, 8);
1031 memset(state->ivec3, 0, 8);
1032 }
1033
1034 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1035 {
1036 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1037 memset(state->ivec, 0, 8);
1038 }
1039
1040 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1041 {
1042 idea_set_encrypt_key(session_key, &state->k);
1043 memset(state->ivec, 0, 8);
1044 }
1045
1046 static void cBlowfish_init(char FAR * session_key,
1047 CipherBlowfishState FAR * state)
1048 {
1049 BF_set_key(&state->k, 32, session_key);
1050 memset(state->ivec, 0, 8);
1051 }
1052
1053
1054 //
1055 // SSH2�p�A���S���Y����������
1056 //
1057 // for SSH2(yutaka)
1058 //
1059 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1060 const u_char *key, u_int keylen,
1061 const u_char *iv, u_int ivlen,
1062 int encrypt,
1063 const EVP_CIPHER *(*func)(void))
1064 {
1065 EVP_CIPHER *type;
1066 int klen;
1067
1068 type = (EVP_CIPHER *)func();
1069
1070 EVP_CIPHER_CTX_init(evp);
1071 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1072 // TODO:
1073 }
1074
1075 klen = EVP_CIPHER_CTX_key_length(evp);
1076 if (klen > 0 && keylen != klen) {
1077 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1078 // TODO:
1079 }
1080 }
1081 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1082 // TODO:
1083 }
1084 }
1085
1086
1087 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1088 {
1089 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1090 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1091 BOOL isOK = TRUE;
1092
1093 if (sender_flag) {
1094 switch (pvar->crypt_state.sender_cipher) {
1095 // for SSH2(yutaka)
1096 case SSH_CIPHER_3DES_CBC:
1097 {
1098 struct Enc *enc;
1099
1100 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1101 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1102 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1103 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1104 CIPHER_ENCRYPT,
1105 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1106
1107 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1108 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1109
1110 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1111 break;
1112 }
1113
1114 // for SSH2(yutaka)
1115 case SSH_CIPHER_AES128:
1116 case SSH_CIPHER_AES256:
1117 {
1118 struct Enc *enc;
1119
1120 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1121 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1122 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1123 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1124 CIPHER_ENCRYPT,
1125 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1126
1127 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1128 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1129
1130 pvar->crypt_state.encrypt = cAES128_encrypt;
1131 break;
1132 }
1133
1134 case SSH_CIPHER_3DES:{
1135 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1136 pvar->crypt_state.encrypt = c3DES_encrypt;
1137 break;
1138 }
1139 case SSH_CIPHER_IDEA:{
1140 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1141 pvar->crypt_state.encrypt = cIDEA_encrypt;
1142 break;
1143 }
1144 case SSH_CIPHER_DES:{
1145 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1146 pvar->crypt_state.encrypt = cDES_encrypt;
1147 break;
1148 }
1149 case SSH_CIPHER_RC4:{
1150 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1151 encryption_key + 16);
1152 pvar->crypt_state.encrypt = cRC4_encrypt;
1153 break;
1154 }
1155 case SSH_CIPHER_BLOWFISH:{
1156 cBlowfish_init(encryption_key,
1157 &pvar->crypt_state.enc.cBlowfish);
1158 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1159 break;
1160 }
1161 default:
1162 isOK = FALSE;
1163 }
1164 }
1165
1166
1167 if (receiver_flag) {
1168 switch (pvar->crypt_state.receiver_cipher) {
1169 // for SSH2(yutaka)
1170 case SSH_CIPHER_3DES_CBC:
1171 {
1172 struct Enc *enc;
1173
1174 enc = &pvar->ssh2_keys[MODE_IN].enc;
1175 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1176 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1177 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1178 CIPHER_DECRYPT,
1179 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1180
1181 //debug_print(12, enc->key, 24);
1182 //debug_print(13, enc->iv, 24);
1183
1184 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1185 break;
1186 }
1187
1188 // for SSH2(yutaka)
1189 case SSH_CIPHER_AES128:
1190 case SSH_CIPHER_AES256:
1191 {
1192 struct Enc *enc;
1193
1194 enc = &pvar->ssh2_keys[MODE_IN].enc;
1195 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1196 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1197 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1198 CIPHER_DECRYPT,
1199 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1200
1201 //debug_print(12, enc->key, 24);
1202 //debug_print(13, enc->iv, 24);
1203
1204 pvar->crypt_state.decrypt = cAES128_decrypt;
1205 break;
1206 }
1207
1208 case SSH_CIPHER_3DES:{
1209 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1210 pvar->crypt_state.decrypt = c3DES_decrypt;
1211 break;
1212 }
1213 case SSH_CIPHER_IDEA:{
1214 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1215 pvar->crypt_state.decrypt = cIDEA_decrypt;
1216 break;
1217 }
1218 case SSH_CIPHER_DES:{
1219 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1220 pvar->crypt_state.decrypt = cDES_decrypt;
1221 break;
1222 }
1223 case SSH_CIPHER_RC4:{
1224 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1225 pvar->crypt_state.decrypt = cRC4_decrypt;
1226 break;
1227 }
1228 case SSH_CIPHER_BLOWFISH:{
1229 cBlowfish_init(decryption_key,
1230 &pvar->crypt_state.dec.cBlowfish);
1231 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1232 break;
1233 }
1234 default:
1235 isOK = FALSE;
1236 }
1237 }
1238
1239
1240 if (!isOK) {
1241 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1242 "No cipher selected!");
1243 notify_fatal_error(pvar, pvar->ts->UIMsg);
1244 return FALSE;
1245 } else {
1246 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1247 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1248 return TRUE;
1249 }
1250 }
1251
1252 void CRYPT_init(PTInstVar pvar)
1253 {
1254 pvar->crypt_state.encrypt = no_encrypt;
1255 pvar->crypt_state.decrypt = no_encrypt;
1256 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1257 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1258 pvar->crypt_state.server_key.RSA_key = NULL;
1259 pvar->crypt_state.host_key.RSA_key = NULL;
1260
1261 pvar->crypt_state.detect_attack_statics.h = NULL;
1262 pvar->crypt_state.detect_attack_statics.n =
1263 HASH_MINSIZE / HASH_ENTRYSIZE;
1264 }
1265
1266 static char FAR *get_cipher_name(int cipher)
1267 {
1268 switch (cipher) {
1269 case SSH_CIPHER_NONE:
1270 return "None";
1271 case SSH_CIPHER_3DES:
1272 return "3DES (168 key bits)";
1273 case SSH_CIPHER_DES:
1274 return "DES (56 key bits)";
1275 case SSH_CIPHER_IDEA:
1276 return "IDEA (128 key bits)";
1277 case SSH_CIPHER_RC4:
1278 return "RC4 (128 key bits)";
1279 case SSH_CIPHER_BLOWFISH:
1280 return "Blowfish (256 key bits)";
1281
1282 // SSH2
1283 case SSH_CIPHER_3DES_CBC:
1284 return "3DES-CBC";
1285 case SSH_CIPHER_AES128:
1286 return "AES128";
1287 case SSH_CIPHER_AES256:
1288 return "AES256";
1289
1290 default:
1291 return "Unknown";
1292 }
1293 }
1294
1295 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1296 {
1297 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1298 "%s to server, %s from server");
1299 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1300 get_cipher_name(pvar->crypt_state.sender_cipher),
1301 get_cipher_name(pvar->crypt_state.receiver_cipher));
1302 }
1303
1304 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1305 {
1306 if (SSHv1(pvar)) {
1307 if (pvar->crypt_state.server_key.RSA_key == NULL
1308 || pvar->crypt_state.host_key.RSA_key == NULL) {
1309 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1310 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1311 } else {
1312 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1313 "%d-bit server key, %d-bit host key");
1314 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1315 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1316 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1317 }
1318 } else { // SSH2
1319 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1320 "%d-bit server key, %d-bit host key");
1321 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1322 pvar->server_key_bits,
1323 pvar->client_key_bits);
1324 }
1325 }
1326
1327 static void destroy_public_key(CRYPTPublicKey FAR * key)
1328 {
1329 if (key->RSA_key != NULL) {
1330 RSA_free(key->RSA_key);
1331 key->RSA_key = NULL;
1332 }
1333 }
1334
1335 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1336 {
1337 destroy_public_key(key);
1338 free(key);
1339 }
1340
1341 void CRYPT_end(PTInstVar pvar)
1342 {
1343 destroy_public_key(&pvar->crypt_state.host_key);
1344 destroy_public_key(&pvar->crypt_state.server_key);
1345
1346 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1347 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1348 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1349 free(pvar->crypt_state.detect_attack_statics.h);
1350 }
1351
1352 memset(pvar->crypt_state.sender_cipher_key, 0,
1353 sizeof(pvar->crypt_state.sender_cipher_key));
1354 memset(pvar->crypt_state.receiver_cipher_key, 0,
1355 sizeof(pvar->crypt_state.receiver_cipher_key));
1356 memset(pvar->crypt_state.server_cookie, 0,
1357 sizeof(pvar->crypt_state.server_cookie));
1358 memset(pvar->crypt_state.client_cookie, 0,
1359 sizeof(pvar->crypt_state.client_cookie));
1360 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1361 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1362 }
1363
1364 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1365 char FAR * buf, int bytes)
1366 {
1367 unsigned char passphrase_key[16];
1368
1369 MD5(passphrase, strlen(passphrase), passphrase_key);
1370
1371 switch (cipher) {
1372 case SSH_CIPHER_3DES:{
1373 Cipher3DESState state;
1374
1375 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1376 &state.k1);
1377 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1378 &state.k2);
1379 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1380 &state.k3);
1381 memset(state.ivec1, 0, 8);
1382 memset(state.ivec2, 0, 8);
1383 memset(state.ivec3, 0, 8);
1384 DES_ncbc_encrypt(buf, buf, bytes,
1385 &state.k3, &state.ivec3, DES_DECRYPT);
1386 DES_ncbc_encrypt(buf, buf, bytes,
1387 &state.k2, &state.ivec2, DES_ENCRYPT);
1388 DES_ncbc_encrypt(buf, buf, bytes,
1389 &state.k1, &state.ivec1, DES_DECRYPT);
1390 break;
1391 }
1392
1393 case SSH_CIPHER_IDEA:{
1394 CipherIDEAState state;
1395 int num = 0;
1396
1397 cIDEA_init(passphrase_key, &state);
1398 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1399 &num, IDEA_DECRYPT);
1400 break;
1401 }
1402
1403 case SSH_CIPHER_DES:{
1404 CipherDESState state;
1405
1406 cDES_init(passphrase_key, &state);
1407 DES_ncbc_encrypt(buf, buf, bytes,
1408 &state.k, &state.ivec, DES_DECRYPT);
1409 break;
1410 }
1411
1412 case SSH_CIPHER_RC4:{
1413 CipherRC4State state;
1414 int num = 0;
1415
1416 RC4_set_key(&state.k, 16, passphrase_key);
1417 RC4(&state.k, bytes, buf, buf);
1418 break;
1419 }
1420
1421 case SSH_CIPHER_BLOWFISH:{
1422 CipherBlowfishState state;
1423
1424 BF_set_key(&state.k, 16, passphrase_key);
1425 memset(state.ivec, 0, 8);
1426 flip_endianness(buf, bytes);
1427 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1428 BF_DECRYPT);
1429 flip_endianness(buf, bytes);
1430 break;
1431 }
1432
1433 case SSH_CIPHER_NONE:
1434 break;
1435
1436 default:
1437 memset(passphrase_key, 0, sizeof(passphrase_key));
1438 return 0;
1439 }
1440
1441 memset(passphrase_key, 0, sizeof(passphrase_key));
1442 return 1;
1443 }
1444
1445 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1446 {
1447 if (key_pair->RSA_key != NULL)
1448 RSA_free(key_pair->RSA_key);
1449
1450 if (key_pair->DSA_key != NULL)
1451 DSA_free(key_pair->DSA_key);
1452
1453 free(key_pair);
1454 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help