Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3039 - (show annotations) (download) (as text)
Wed Oct 17 04:03:41 2007 UTC (16 years, 5 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41074 byte(s) 
SSH2 の暗号方式として AES192 をサポートした。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.14 2007-10-17 04:03:41 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
223 unsigned char *newbuf = malloc(bytes);
224 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
225
226 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227 if (bytes == 0)
228 return;
229
230 if (newbuf == NULL)
231 return;
232
233 if (bytes % block_size) {
234 char tmp[80];
235 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
236 "AES128 encrypt error(1): bytes %d (%d)");
237 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
238 pvar->ts->UIMsg, bytes, block_size);
239 notify_fatal_error(pvar, tmp);
240 goto error;
241 }
242
243 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
244 // TODO: failure
245 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
246 "AES128 encrypt error(1): bytes %d (%d)");
247 notify_fatal_error(pvar, pvar->ts->UIMsg);
248
249 } else {
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
270 unsigned char *newbuf = malloc(bytes);
271 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272
273 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
274 if (bytes == 0)
275 return;
276
277 if (newbuf == NULL)
278 return;
279
280 if (bytes % block_size) {
281 char tmp[80];
282 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
283 "AES128 decrypt error(1): bytes %d (%d)");
284 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
285 notify_fatal_error(pvar, tmp);
286 goto error;
287 }
288
289 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
290 // TODO:
291 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
292 "AES128 decrypt error(2)");
293 notify_fatal_error(pvar, pvar->ts->UIMsg);
294
295 } else {
296 #if 0
297 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
298 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
299 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
300
301 {
302 static int no = 70;
303 debug_print(no, buf, bytes);
304 //debug_print(no, key, AES128_KEYLEN);
305 //debug_print(10*no, iv, AES128_IVLEN);
306 debug_print(30*no, newbuf, bytes);
307 no++;
308 }
309 #endif
310
311 memcpy(buf, newbuf, bytes);
312 }
313
314 error:;
315 free(newbuf);
316 }
317
318
319
320 // for SSH2(yutaka)
321 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
322 int bytes)
323 {
324 unsigned char key[24], iv[8];
325 unsigned char *newbuf = malloc(bytes);
326
327 if (newbuf == NULL)
328 return;
329
330 #if 1
331
332 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
333 // TODO: failure
334 } else {
335 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
336 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
337 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
338
339 //debug_print(50, key, 24);
340 //debug_print(51, iv, 8);
341 //debug_print(52, buf, bytes);
342 //debug_print(53, newbuf, bytes);
343
344 memcpy(buf, newbuf, bytes);
345 }
346 free(newbuf);
347 #else
348
349 memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351 memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352
353 //debug_print(50, key, 24);
354 //debug_print(51, iv, 8);
355 //debug_print(52, buf, bytes);
356
357 #if 0
358 DES_ede3_cbc_encrypt(
359 buf, newbuf, bytes,
360 (DES_key_schedule *)&key[0],
361 (DES_key_schedule *)&key[8],
362 (DES_key_schedule *)&key[16],
363 (DES_cblock *)iv,
364 DES_ENCRYPT);
365 #else
366 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[0], (DES_cblock *)iv, DES_ENCRYPT);
367 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[8], (DES_cblock *)iv, DES_DECRYPT);
368 DES_ncbc_encrypt(buf, newbuf, bytes, (DES_key_schedule *)&key[16], (DES_cblock *)iv, DES_ENCRYPT);
369
370 #endif
371
372 //debug_print(53, newbuf, bytes);
373
374 memcpy(buf, newbuf, bytes);
375 free(newbuf);
376
377 #endif
378 }
379
380 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
381 int bytes)
382 {
383 unsigned char key[24], iv[8];
384 unsigned char *newbuf = malloc(bytes);
385
386 if (newbuf == NULL)
387 return;
388
389 #if 1
390 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
391 // TODO:
392
393 } else {
394 memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
395 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
396 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
397
398 //debug_print(70, key, 24);
399 //debug_print(71, iv, 8);
400 //debug_print(72, buf, bytes);
401 //debug_print(73, newbuf, bytes);
402
403 memcpy(buf, newbuf, bytes);
404 }
405 free(newbuf);
406
407 #else
408 unsigned char *key, iv[8];
409 unsigned char *newbuf = malloc(bytes);
410 if (newbuf == NULL)
411 return;
412
413 key = pvar->ssh2_keys[MODE_IN].enc.key;
414 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
415 memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
416
417 //debug_print(60, key, 24);
418 //debug_print(61, iv, 8);
419 //debug_print(62, buf, bytes);
420
421 DES_ede3_cbc_encrypt(
422 buf, newbuf, bytes,
423 (DES_key_schedule *)&key[0],
424 (DES_key_schedule *)&key[8],
425 (DES_key_schedule *)&key[16],
426 (DES_cblock *)iv,
427 DES_DECRYPT);
428
429 //debug_print(63, newbuf, bytes);
430
431 memcpy(buf, newbuf, bytes);
432
433 free(newbuf);
434 #endif
435 }
436
437
438 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
439 int bytes)
440 {
441 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
442
443 DES_ncbc_encrypt(buf, buf, bytes,
444 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
447 DES_ncbc_encrypt(buf, buf, bytes,
448 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
449 }
450
451 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
452 int bytes)
453 {
454 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
455
456 DES_ncbc_encrypt(buf, buf, bytes,
457 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
458 DES_ncbc_encrypt(buf, buf, bytes,
459 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
460 DES_ncbc_encrypt(buf, buf, bytes,
461 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
462 }
463
464 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
465 int bytes)
466 {
467 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
468
469 DES_ncbc_encrypt(buf, buf, bytes,
470 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
471 }
472
473 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
474 int bytes)
475 {
476 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
477
478 DES_ncbc_encrypt(buf, buf, bytes,
479 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
480 }
481
482 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
483 int bytes)
484 {
485 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
486 int num = 0;
487
488 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
489 encryptstate->ivec, &num, IDEA_ENCRYPT);
490 }
491
492 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
493 int bytes)
494 {
495 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
496 int num = 0;
497
498 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
499 decryptstate->ivec, &num, IDEA_DECRYPT);
500 }
501
502 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
503 {
504 uint32 FAR *buf = (uint32 FAR *) cbuf;
505 int count = bytes / 4;
506
507 while (count > 0) {
508 uint32 w = *buf;
509
510 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
511 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
512 count--;
513 buf++;
514 }
515 }
516
517 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
518 int bytes)
519 {
520 CipherBlowfishState FAR *encryptstate =
521 &pvar->crypt_state.enc.cBlowfish;
522
523 flip_endianness(buf, bytes);
524 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
525 BF_ENCRYPT);
526 flip_endianness(buf, bytes);
527 }
528
529 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
530 int bytes)
531 {
532 CipherBlowfishState FAR *decryptstate =
533 &pvar->crypt_state.dec.cBlowfish;
534
535 flip_endianness(buf, bytes);
536 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
537 BF_DECRYPT);
538 flip_endianness(buf, bytes);
539 }
540
541 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
542 int bytes)
543 {
544 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
545 int num = 0;
546
547 RC4(&encryptstate->k, bytes, buf, buf);
548 }
549
550 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
551 int bytes)
552 {
553 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
554 int num = 0;
555
556 RC4(&decryptstate->k, bytes, buf, buf);
557 }
558
559 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
560 int bytes)
561 {
562 RAND_bytes(buf, bytes);
563 }
564
565 void CRYPT_initialize_random_numbers(PTInstVar pvar)
566 {
567 RAND_screen();
568 }
569
570 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
571 {
572 int bits = get_ushort16_MSBfirst(bytes);
573
574 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
575 }
576
577 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
578 RSA FAR *make_key(PTInstVar pvar,
579 int bits, unsigned char FAR * exp,
580 unsigned char FAR * mod)
581 {
582 RSA FAR *key = RSA_new();
583
584 if (key != NULL) {
585 key->e = get_bignum(exp);
586 key->n = get_bignum(mod);
587 }
588
589 if (key == NULL || key->e == NULL || key->n == NULL) {
590 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
591 "Error setting up RSA keys");
592 notify_fatal_error(pvar, pvar->ts->UIMsg);
593
594 if (key != NULL) {
595 if (key->e != NULL) {
596 BN_free(key->e);
597 }
598 if (key->n != NULL) {
599 BN_free(key->n);
600 }
601 RSA_free(key);
602 }
603
604 return NULL;
605 } else {
606 return key;
607 }
608 }
609
610 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
611 {
612 if (SSHv1(pvar)) {
613 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
614 } else {
615 memcpy(pvar->crypt_state.server_cookie, cookie,
616 SSH2_COOKIE_LENGTH);
617 }
618 }
619
620 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
621 {
622 if (SSHv2(pvar)) {
623 memcpy(pvar->crypt_state.client_cookie, cookie,
624 SSH2_COOKIE_LENGTH);
625 }
626 }
627
628 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
629 int bits, unsigned char FAR * exp,
630 unsigned char FAR * mod)
631 {
632 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
633
634 return pvar->crypt_state.server_key.RSA_key != NULL;
635 }
636
637 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
638 int bits, unsigned char FAR * exp,
639 unsigned char FAR * mod)
640 {
641 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
642
643 return pvar->crypt_state.host_key.RSA_key != NULL;
644 }
645
646 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
647 int receiver_ciphers)
648 {
649 int cipher_mask;
650
651 if (SSHv1(pvar)) {
652 cipher_mask = (1 << SSH_CIPHER_DES)
653 | (1 << SSH_CIPHER_3DES)
654 | (1 << SSH_CIPHER_BLOWFISH);
655
656 } else { // for SSH2(yutaka)
657 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
658 cipher_mask = (1 << SSH_CIPHER_3DES_CBC)
659 | (1 << SSH_CIPHER_AES128)
660 #ifdef SSH2_BLOWFISH
661 | (1 << SSH_CIPHER_BLOWFISH)
662 #endif
663 | (1 << SSH_CIPHER_AES192)
664 | (1 << SSH_CIPHER_AES256);
665 }
666
667 sender_ciphers &= cipher_mask;
668 receiver_ciphers &= cipher_mask;
669 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
670 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
671
672 if (sender_ciphers == 0) {
673 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
674 "The server does not support any of the TTSSH encryption algorithms.\n"
675 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
676 "The connection will be closed.");
677 notify_fatal_error(pvar, pvar->ts->UIMsg);
678 return FALSE;
679 } else if (receiver_ciphers == 0) {
680 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
681 "The server does not support any of the TTSSH encryption algorithms.\n"
682 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
683 "The connection will be closed.");
684 notify_fatal_error(pvar, pvar->ts->UIMsg);
685 return FALSE;
686 } else {
687 return TRUE;
688 }
689 }
690
691 int CRYPT_get_decryption_block_size(PTInstVar pvar)
692 {
693 if (SSHv1(pvar)) {
694 return 8;
695 } else {
696 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
697 // cf. 3DES=8, AES128=16
698 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
699 }
700 }
701
702 int CRYPT_get_encryption_block_size(PTInstVar pvar)
703 {
704 if (SSHv1(pvar)) {
705 return 8;
706 } else {
707 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
708 // cf. 3DES=8, AES128=16
709 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
710 }
711 }
712
713 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
714 {
715 struct Mac *mac;
716
717 if (SSHv1(pvar)) {
718 return 0;
719
720 } else { // for SSH2(yutaka)
721 mac = &pvar->ssh2_keys[MODE_IN].mac;
722 if (mac == NULL || mac->enabled == 0)
723 return 0;
724
725 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
726 }
727
728 }
729
730 // HMAC������
731 // ���{������ SSH2 �������g�p�������B
732 // (2004.12.17 yutaka)
733 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
734 char FAR * data, int len, char FAR * MAC)
735 {
736 HMAC_CTX c;
737 unsigned char m[EVP_MAX_MD_SIZE];
738 unsigned char b[4];
739 struct Mac *mac;
740
741 mac = &pvar->ssh2_keys[MODE_IN].mac;
742
743 // HMAC�������L���������������A����OK�����������B
744 if (mac == NULL || mac->enabled == 0)
745 return TRUE;
746
747 if (mac->key == NULL)
748 goto error;
749
750 if ((u_int)mac->mac_len > sizeof(m))
751 goto error;
752
753 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
754 set_uint32_MSBfirst(b, sequence_number);
755 HMAC_Update(&c, b, sizeof(b));
756 HMAC_Update(&c, data, len);
757 HMAC_Final(&c, m, NULL);
758 HMAC_cleanup(&c);
759
760 if (memcmp(m, MAC, mac->mac_len)) {
761 goto error;
762 }
763
764 return TRUE;
765
766 error:
767 return FALSE;
768 }
769
770 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
771 {
772 struct Mac *mac;
773
774 if (SSHv2(pvar)) { // for SSH2(yutaka)
775 mac = &pvar->ssh2_keys[MODE_OUT].mac;
776 if (mac == NULL || mac->enabled == 0)
777 return 0;
778
779 return (mac->mac_len);
780 }
781
782 return 0;
783 }
784
785 // for SSH2
786 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
787 char FAR * data, int len, char FAR * MAC)
788 {
789 HMAC_CTX c;
790 static u_char m[EVP_MAX_MD_SIZE];
791 u_char b[4];
792 struct Mac *mac;
793
794 if (SSHv2(pvar)) { // for SSH2(yutaka)
795 mac = &pvar->ssh2_keys[MODE_OUT].mac;
796 if (mac == NULL || mac->enabled == 0)
797 return FALSE;
798
799 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
800 set_uint32_MSBfirst(b, sequence_number);
801 HMAC_Update(&c, b, sizeof(b));
802 HMAC_Update(&c, data, len);
803 HMAC_Final(&c, m, NULL);
804 HMAC_cleanup(&c);
805
806 // 20�o�C�g�������R�s�[
807 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
808 // memcpy(MAC, m, sizeof(m));
809
810 return TRUE;
811 }
812
813 return TRUE;
814
815 }
816
817 static int choose_cipher(PTInstVar pvar, int supported)
818 {
819 int i;
820
821 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
822 int cipher = pvar->session_settings.CipherOrder[i] - '0';
823
824 if (cipher == SSH_CIPHER_NONE) {
825 break;
826 } else if ((supported & (1 << cipher)) != 0) {
827 return cipher;
828 }
829 }
830
831 return SSH_CIPHER_NONE;
832 }
833
834 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
835 {
836 if (SSHv1(pvar)) {
837 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
838 pvar->crypt_state.
839 supported_sender_ciphers);
840 pvar->crypt_state.receiver_cipher =
841 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
842
843 } else { // SSH2(yutaka)
844 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
845 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
846
847 }
848
849 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
850 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
851 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
852 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
853 "To communicate with this server, you will have to enable some more ciphers\n"
854 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
855 "This connection will now close.");
856 notify_fatal_error(pvar, pvar->ts->UIMsg);
857 return FALSE;
858 } else {
859 return TRUE;
860 }
861 }
862
863 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
864 {
865 int server_key_bits =
866 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
867 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
868 int server_key_bytes = (server_key_bits + 7) / 8;
869 int host_key_bytes = (host_key_bits + 7) / 8;
870
871 if (server_key_bits < host_key_bits) {
872 return host_key_bytes;
873 } else {
874 return server_key_bytes;
875 }
876 }
877
878 int CRYPT_choose_session_key(PTInstVar pvar,
879 unsigned char FAR * encrypted_key_buf)
880 {
881 int server_key_bits =
882 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
883 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
884 int server_key_bytes = (server_key_bits + 7) / 8;
885 int host_key_bytes = (host_key_bits + 7) / 8;
886 int encrypted_key_bytes;
887 int bit_delta;
888
889 if (server_key_bits < host_key_bits) {
890 encrypted_key_bytes = host_key_bytes;
891 bit_delta = host_key_bits - server_key_bits;
892 } else {
893 encrypted_key_bytes = server_key_bytes;
894 bit_delta = server_key_bits - host_key_bits;
895 }
896
897 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
898 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
899 "Server RSA keys are too weak. A secure connection cannot be established.");
900 notify_fatal_error(pvar, pvar->ts->UIMsg);
901 return 0;
902 } else {
903 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
904 for the session ID, rather than the one specified in the RFC */
905 int session_buf_len = server_key_bytes + host_key_bytes + 8;
906 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
907 char session_id[16];
908 int i;
909
910 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
911 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
912 session_buf + host_key_bytes);
913 memcpy(session_buf + server_key_bytes + host_key_bytes,
914 pvar->crypt_state.server_cookie, 8);
915 MD5(session_buf, session_buf_len, session_id);
916
917 free(session_buf);
918
919 RAND_bytes(pvar->crypt_state.sender_cipher_key,
920 SSH_SESSION_KEY_LENGTH);
921 memcpy(pvar->crypt_state.receiver_cipher_key,
922 pvar->crypt_state.sender_cipher_key,
923 SSH_SESSION_KEY_LENGTH);
924
925 memcpy(encrypted_key_buf + encrypted_key_bytes -
926 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
927 SSH_SESSION_KEY_LENGTH);
928 for (i = 0; i < sizeof(session_id); i++) {
929 encrypted_key_buf[encrypted_key_bytes -
930 SSH_SESSION_KEY_LENGTH + i]
931 ^= session_id[i];
932 }
933
934 if (host_key_bits > server_key_bits) {
935 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
936 encrypted_key_buf +
937 encrypted_key_bytes -
938 SSH_SESSION_KEY_LENGTH,
939 encrypted_key_buf +
940 encrypted_key_bytes - server_key_bytes,
941 pvar->crypt_state.server_key.RSA_key,
942 RSA_PKCS1_PADDING) < 0)
943 return 0;
944
945 if (RSA_public_encrypt(server_key_bytes,
946 encrypted_key_buf +
947 encrypted_key_bytes - server_key_bytes,
948 encrypted_key_buf,
949 pvar->crypt_state.host_key.RSA_key,
950 RSA_PKCS1_PADDING) < 0)
951 return 0;
952 } else {
953 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
954 encrypted_key_buf +
955 encrypted_key_bytes -
956 SSH_SESSION_KEY_LENGTH,
957 encrypted_key_buf +
958 encrypted_key_bytes - host_key_bytes,
959 pvar->crypt_state.host_key.RSA_key,
960 RSA_PKCS1_PADDING) < 0)
961 return 0;
962
963 if (RSA_public_encrypt(host_key_bytes,
964 encrypted_key_buf +
965 encrypted_key_bytes - host_key_bytes,
966 encrypted_key_buf,
967 pvar->crypt_state.server_key.RSA_key,
968 RSA_PKCS1_PADDING) < 0)
969 return 0;
970 }
971 }
972
973 return 1;
974 }
975
976 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
977 unsigned char FAR * challenge,
978 int challenge_len,
979 unsigned char FAR * response)
980 {
981 int server_key_bits =
982 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
983 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
984 int server_key_bytes = (server_key_bits + 7) / 8;
985 int host_key_bytes = (host_key_bits + 7) / 8;
986 int session_buf_len = server_key_bytes + host_key_bytes + 8;
987 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
988 char decrypted_challenge[48];
989 int decrypted_challenge_len;
990
991 decrypted_challenge_len =
992 RSA_private_decrypt(challenge_len, challenge, challenge,
993 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
994 RSA_PKCS1_PADDING);
995 if (decrypted_challenge_len < 0) {
996 free(session_buf);
997 return 0;
998 }
999 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1000 memcpy(decrypted_challenge,
1001 challenge + decrypted_challenge_len -
1002 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1003 } else {
1004 memset(decrypted_challenge, 0,
1005 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1006 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1007 decrypted_challenge_len, challenge,
1008 decrypted_challenge_len);
1009 }
1010
1011 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1012 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1013 session_buf + host_key_bytes);
1014 memcpy(session_buf + server_key_bytes + host_key_bytes,
1015 pvar->crypt_state.server_cookie, 8);
1016 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1017
1018 free(session_buf);
1019
1020 MD5(decrypted_challenge, 48, response);
1021
1022 return 1;
1023 }
1024
1025 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1026 {
1027 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1028 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1029 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1030 memset(state->ivec1, 0, 8);
1031 memset(state->ivec2, 0, 8);
1032 memset(state->ivec3, 0, 8);
1033 }
1034
1035 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1036 {
1037 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1038 memset(state->ivec, 0, 8);
1039 }
1040
1041 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1042 {
1043 idea_set_encrypt_key(session_key, &state->k);
1044 memset(state->ivec, 0, 8);
1045 }
1046
1047 static void cBlowfish_init(char FAR * session_key,
1048 CipherBlowfishState FAR * state)
1049 {
1050 BF_set_key(&state->k, 32, session_key);
1051 memset(state->ivec, 0, 8);
1052 }
1053
1054
1055 //
1056 // SSH2�p�A���S���Y����������
1057 //
1058 // for SSH2(yutaka)
1059 //
1060 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1061 const u_char *key, u_int keylen,
1062 const u_char *iv, u_int ivlen,
1063 int encrypt,
1064 const EVP_CIPHER *(*func)(void))
1065 {
1066 EVP_CIPHER *type;
1067 int klen;
1068
1069 type = (EVP_CIPHER *)func();
1070
1071 EVP_CIPHER_CTX_init(evp);
1072 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1073 // TODO:
1074 }
1075
1076 klen = EVP_CIPHER_CTX_key_length(evp);
1077 if (klen > 0 && keylen != klen) {
1078 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1079 // TODO:
1080 }
1081 }
1082 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1083 // TODO:
1084 }
1085 }
1086
1087
1088 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1089 {
1090 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1091 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1092 BOOL isOK = TRUE;
1093
1094 if (sender_flag) {
1095 switch (pvar->crypt_state.sender_cipher) {
1096 // for SSH2(yutaka)
1097 case SSH_CIPHER_3DES_CBC:
1098 {
1099 struct Enc *enc;
1100
1101 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1102 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1103 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1104 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1105 CIPHER_ENCRYPT,
1106 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1107
1108 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1109 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1110
1111 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1112 break;
1113 }
1114
1115 // for SSH2(yutaka)
1116 case SSH_CIPHER_AES128:
1117 case SSH_CIPHER_AES192:
1118 case SSH_CIPHER_AES256:
1119 {
1120 struct Enc *enc;
1121
1122 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1123 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1124 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1125 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1126 CIPHER_ENCRYPT,
1127 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1128
1129 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1130 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1131
1132 pvar->crypt_state.encrypt = cAES128_encrypt;
1133 break;
1134 }
1135
1136 case SSH_CIPHER_3DES:{
1137 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1138 pvar->crypt_state.encrypt = c3DES_encrypt;
1139 break;
1140 }
1141 case SSH_CIPHER_IDEA:{
1142 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1143 pvar->crypt_state.encrypt = cIDEA_encrypt;
1144 break;
1145 }
1146 case SSH_CIPHER_DES:{
1147 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1148 pvar->crypt_state.encrypt = cDES_encrypt;
1149 break;
1150 }
1151 case SSH_CIPHER_RC4:{
1152 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1153 encryption_key + 16);
1154 pvar->crypt_state.encrypt = cRC4_encrypt;
1155 break;
1156 }
1157 case SSH_CIPHER_BLOWFISH:{
1158 cBlowfish_init(encryption_key,
1159 &pvar->crypt_state.enc.cBlowfish);
1160 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1161 break;
1162 }
1163 default:
1164 isOK = FALSE;
1165 }
1166 }
1167
1168
1169 if (receiver_flag) {
1170 switch (pvar->crypt_state.receiver_cipher) {
1171 // for SSH2(yutaka)
1172 case SSH_CIPHER_3DES_CBC:
1173 {
1174 struct Enc *enc;
1175
1176 enc = &pvar->ssh2_keys[MODE_IN].enc;
1177 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1178 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1179 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1180 CIPHER_DECRYPT,
1181 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1182
1183 //debug_print(12, enc->key, 24);
1184 //debug_print(13, enc->iv, 24);
1185
1186 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1187 break;
1188 }
1189
1190 // for SSH2(yutaka)
1191 case SSH_CIPHER_AES128:
1192 case SSH_CIPHER_AES192:
1193 case SSH_CIPHER_AES256:
1194 {
1195 struct Enc *enc;
1196
1197 enc = &pvar->ssh2_keys[MODE_IN].enc;
1198 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1199 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1200 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1201 CIPHER_DECRYPT,
1202 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher));
1203
1204 //debug_print(12, enc->key, 24);
1205 //debug_print(13, enc->iv, 24);
1206
1207 pvar->crypt_state.decrypt = cAES128_decrypt;
1208 break;
1209 }
1210
1211 case SSH_CIPHER_3DES:{
1212 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1213 pvar->crypt_state.decrypt = c3DES_decrypt;
1214 break;
1215 }
1216 case SSH_CIPHER_IDEA:{
1217 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1218 pvar->crypt_state.decrypt = cIDEA_decrypt;
1219 break;
1220 }
1221 case SSH_CIPHER_DES:{
1222 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1223 pvar->crypt_state.decrypt = cDES_decrypt;
1224 break;
1225 }
1226 case SSH_CIPHER_RC4:{
1227 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1228 pvar->crypt_state.decrypt = cRC4_decrypt;
1229 break;
1230 }
1231 case SSH_CIPHER_BLOWFISH:{
1232 cBlowfish_init(decryption_key,
1233 &pvar->crypt_state.dec.cBlowfish);
1234 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1235 break;
1236 }
1237 default:
1238 isOK = FALSE;
1239 }
1240 }
1241
1242
1243 if (!isOK) {
1244 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1245 "No cipher selected!");
1246 notify_fatal_error(pvar, pvar->ts->UIMsg);
1247 return FALSE;
1248 } else {
1249 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1250 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1251 return TRUE;
1252 }
1253 }
1254
1255 void CRYPT_init(PTInstVar pvar)
1256 {
1257 pvar->crypt_state.encrypt = no_encrypt;
1258 pvar->crypt_state.decrypt = no_encrypt;
1259 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1260 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1261 pvar->crypt_state.server_key.RSA_key = NULL;
1262 pvar->crypt_state.host_key.RSA_key = NULL;
1263
1264 pvar->crypt_state.detect_attack_statics.h = NULL;
1265 pvar->crypt_state.detect_attack_statics.n =
1266 HASH_MINSIZE / HASH_ENTRYSIZE;
1267 }
1268
1269 static char FAR *get_cipher_name(int cipher)
1270 {
1271 switch (cipher) {
1272 case SSH_CIPHER_NONE:
1273 return "None";
1274 case SSH_CIPHER_3DES:
1275 return "3DES (168 key bits)";
1276 case SSH_CIPHER_DES:
1277 return "DES (56 key bits)";
1278 case SSH_CIPHER_IDEA:
1279 return "IDEA (128 key bits)";
1280 case SSH_CIPHER_RC4:
1281 return "RC4 (128 key bits)";
1282 case SSH_CIPHER_BLOWFISH:
1283 return "Blowfish (256 key bits)";
1284
1285 // SSH2
1286 case SSH_CIPHER_3DES_CBC:
1287 return "3DES-CBC";
1288 case SSH_CIPHER_AES128:
1289 return "AES128";
1290 case SSH_CIPHER_AES192:
1291 return "AES192";
1292 case SSH_CIPHER_AES256:
1293 return "AES256";
1294
1295 default:
1296 return "Unknown";
1297 }
1298 }
1299
1300 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1301 {
1302 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1303 "%s to server, %s from server");
1304 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1305 get_cipher_name(pvar->crypt_state.sender_cipher),
1306 get_cipher_name(pvar->crypt_state.receiver_cipher));
1307 }
1308
1309 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1310 {
1311 if (SSHv1(pvar)) {
1312 if (pvar->crypt_state.server_key.RSA_key == NULL
1313 || pvar->crypt_state.host_key.RSA_key == NULL) {
1314 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1315 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1316 } else {
1317 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1318 "%d-bit server key, %d-bit host key");
1319 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1320 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1321 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1322 }
1323 } else { // SSH2
1324 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1325 "%d-bit server key, %d-bit host key");
1326 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1327 pvar->server_key_bits,
1328 pvar->client_key_bits);
1329 }
1330 }
1331
1332 static void destroy_public_key(CRYPTPublicKey FAR * key)
1333 {
1334 if (key->RSA_key != NULL) {
1335 RSA_free(key->RSA_key);
1336 key->RSA_key = NULL;
1337 }
1338 }
1339
1340 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1341 {
1342 destroy_public_key(key);
1343 free(key);
1344 }
1345
1346 void CRYPT_end(PTInstVar pvar)
1347 {
1348 destroy_public_key(&pvar->crypt_state.host_key);
1349 destroy_public_key(&pvar->crypt_state.server_key);
1350
1351 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1352 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1353 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1354 free(pvar->crypt_state.detect_attack_statics.h);
1355 }
1356
1357 memset(pvar->crypt_state.sender_cipher_key, 0,
1358 sizeof(pvar->crypt_state.sender_cipher_key));
1359 memset(pvar->crypt_state.receiver_cipher_key, 0,
1360 sizeof(pvar->crypt_state.receiver_cipher_key));
1361 memset(pvar->crypt_state.server_cookie, 0,
1362 sizeof(pvar->crypt_state.server_cookie));
1363 memset(pvar->crypt_state.client_cookie, 0,
1364 sizeof(pvar->crypt_state.client_cookie));
1365 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1366 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1367 }
1368
1369 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1370 char FAR * buf, int bytes)
1371 {
1372 unsigned char passphrase_key[16];
1373
1374 MD5(passphrase, strlen(passphrase), passphrase_key);
1375
1376 switch (cipher) {
1377 case SSH_CIPHER_3DES:{
1378 Cipher3DESState state;
1379
1380 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1381 &state.k1);
1382 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1383 &state.k2);
1384 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1385 &state.k3);
1386 memset(state.ivec1, 0, 8);
1387 memset(state.ivec2, 0, 8);
1388 memset(state.ivec3, 0, 8);
1389 DES_ncbc_encrypt(buf, buf, bytes,
1390 &state.k3, &state.ivec3, DES_DECRYPT);
1391 DES_ncbc_encrypt(buf, buf, bytes,
1392 &state.k2, &state.ivec2, DES_ENCRYPT);
1393 DES_ncbc_encrypt(buf, buf, bytes,
1394 &state.k1, &state.ivec1, DES_DECRYPT);
1395 break;
1396 }
1397
1398 case SSH_CIPHER_IDEA:{
1399 CipherIDEAState state;
1400 int num = 0;
1401
1402 cIDEA_init(passphrase_key, &state);
1403 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1404 &num, IDEA_DECRYPT);
1405 break;
1406 }
1407
1408 case SSH_CIPHER_DES:{
1409 CipherDESState state;
1410
1411 cDES_init(passphrase_key, &state);
1412 DES_ncbc_encrypt(buf, buf, bytes,
1413 &state.k, &state.ivec, DES_DECRYPT);
1414 break;
1415 }
1416
1417 case SSH_CIPHER_RC4:{
1418 CipherRC4State state;
1419 int num = 0;
1420
1421 RC4_set_key(&state.k, 16, passphrase_key);
1422 RC4(&state.k, bytes, buf, buf);
1423 break;
1424 }
1425
1426 case SSH_CIPHER_BLOWFISH:{
1427 CipherBlowfishState state;
1428
1429 BF_set_key(&state.k, 16, passphrase_key);
1430 memset(state.ivec, 0, 8);
1431 flip_endianness(buf, bytes);
1432 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1433 BF_DECRYPT);
1434 flip_endianness(buf, bytes);
1435 break;
1436 }
1437
1438 case SSH_CIPHER_NONE:
1439 break;
1440
1441 default:
1442 memset(passphrase_key, 0, sizeof(passphrase_key));
1443 return 0;
1444 }
1445
1446 memset(passphrase_key, 0, sizeof(passphrase_key));
1447 return 1;
1448 }
1449
1450 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1451 {
1452 if (key_pair->RSA_key != NULL)
1453 RSA_free(key_pair->RSA_key);
1454
1455 if (key_pair->DSA_key != NULL)
1456 DSA_free(key_pair->DSA_key);
1457
1458 free(key_pair);
1459 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help