Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3043 - (show annotations) (download) (as text)
Wed Oct 17 15:58:15 2007 UTC (16 years, 5 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 40474 byte(s) 
エラーメッセージを追加した。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.15 2007-10-17 15:58:15 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
223 unsigned char *newbuf = malloc(bytes);
224 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
225
226 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227 if (bytes == 0)
228 return;
229
230 if (newbuf == NULL)
231 return;
232
233 if (bytes % block_size) {
234 char tmp[80];
235 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
236 "AES128 encrypt error(1): bytes %d (%d)");
237 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
238 pvar->ts->UIMsg, bytes, block_size);
239 notify_fatal_error(pvar, tmp);
240 goto error;
241 }
242
243 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
244 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
245 "AES128 encrypt error(2)");
246 notify_fatal_error(pvar, pvar->ts->UIMsg);
247 goto error;
248
249 } else {
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 // unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
270 unsigned char *newbuf = malloc(bytes);
271 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272
273 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
274 if (bytes == 0)
275 return;
276
277 if (newbuf == NULL)
278 return;
279
280 if (bytes % block_size) {
281 char tmp[80];
282 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
283 "AES128 decrypt error(1): bytes %d (%d)");
284 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
285 notify_fatal_error(pvar, tmp);
286 goto error;
287 }
288
289 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
290 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
291 "AES128 decrypt error(2)");
292 notify_fatal_error(pvar, pvar->ts->UIMsg);
293 goto error;
294
295 } else {
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 // unsigned char key[24], iv[8];
319 unsigned char *newbuf = malloc(bytes);
320
321 if (newbuf == NULL)
322 return;
323
324 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
325 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR", pvar,
326 "3DES-CBC encrypt error");
327 notify_fatal_error(pvar, pvar->ts->UIMsg);
328 goto error;
329
330 } else {
331 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
332 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
333 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
334
335 //debug_print(50, key, 24);
336 //debug_print(51, iv, 8);
337 //debug_print(52, buf, bytes);
338 //debug_print(53, newbuf, bytes);
339
340 memcpy(buf, newbuf, bytes);
341 }
342
343 error:
344 free(newbuf);
345 }
346
347 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
348 int bytes)
349 {
350 // unsigned char key[24], iv[8];
351 unsigned char *newbuf = malloc(bytes);
352
353 if (newbuf == NULL)
354 return;
355
356 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
357 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR", pvar,
358 "3DES-CBC decrypt error");
359 notify_fatal_error(pvar, pvar->ts->UIMsg);
360 goto error;
361
362 } else {
363 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
364 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
365 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
366
367 //debug_print(70, key, 24);
368 //debug_print(71, iv, 8);
369 //debug_print(72, buf, bytes);
370 //debug_print(73, newbuf, bytes);
371
372 memcpy(buf, newbuf, bytes);
373 }
374
375 error:
376 free(newbuf);
377 }
378
379
380 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
381 int bytes)
382 {
383 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
384
385 DES_ncbc_encrypt(buf, buf, bytes,
386 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
387 DES_ncbc_encrypt(buf, buf, bytes,
388 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
389 DES_ncbc_encrypt(buf, buf, bytes,
390 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
391 }
392
393 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
394 int bytes)
395 {
396 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
397
398 DES_ncbc_encrypt(buf, buf, bytes,
399 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
400 DES_ncbc_encrypt(buf, buf, bytes,
401 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
402 DES_ncbc_encrypt(buf, buf, bytes,
403 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
404 }
405
406 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
407 int bytes)
408 {
409 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
410
411 DES_ncbc_encrypt(buf, buf, bytes,
412 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
413 }
414
415 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
416 int bytes)
417 {
418 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
419
420 DES_ncbc_encrypt(buf, buf, bytes,
421 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
422 }
423
424 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
425 int bytes)
426 {
427 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
428 int num = 0;
429
430 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
431 encryptstate->ivec, &num, IDEA_ENCRYPT);
432 }
433
434 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
435 int bytes)
436 {
437 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
438 int num = 0;
439
440 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
441 decryptstate->ivec, &num, IDEA_DECRYPT);
442 }
443
444 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
445 {
446 uint32 FAR *buf = (uint32 FAR *) cbuf;
447 int count = bytes / 4;
448
449 while (count > 0) {
450 uint32 w = *buf;
451
452 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
453 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
454 count--;
455 buf++;
456 }
457 }
458
459 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
460 int bytes)
461 {
462 CipherBlowfishState FAR *encryptstate =
463 &pvar->crypt_state.enc.cBlowfish;
464
465 flip_endianness(buf, bytes);
466 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
467 BF_ENCRYPT);
468 flip_endianness(buf, bytes);
469 }
470
471 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
472 int bytes)
473 {
474 CipherBlowfishState FAR *decryptstate =
475 &pvar->crypt_state.dec.cBlowfish;
476
477 flip_endianness(buf, bytes);
478 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
479 BF_DECRYPT);
480 flip_endianness(buf, bytes);
481 }
482
483 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
484 int bytes)
485 {
486 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
487 int num = 0;
488
489 RC4(&encryptstate->k, bytes, buf, buf);
490 }
491
492 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
493 int bytes)
494 {
495 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
496 int num = 0;
497
498 RC4(&decryptstate->k, bytes, buf, buf);
499 }
500
501 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
502 int bytes)
503 {
504 RAND_bytes(buf, bytes);
505 }
506
507 void CRYPT_initialize_random_numbers(PTInstVar pvar)
508 {
509 RAND_screen();
510 }
511
512 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
513 {
514 int bits = get_ushort16_MSBfirst(bytes);
515
516 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
517 }
518
519 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
520 RSA FAR *make_key(PTInstVar pvar,
521 int bits, unsigned char FAR * exp,
522 unsigned char FAR * mod)
523 {
524 RSA FAR *key = RSA_new();
525
526 if (key != NULL) {
527 key->e = get_bignum(exp);
528 key->n = get_bignum(mod);
529 }
530
531 if (key == NULL || key->e == NULL || key->n == NULL) {
532 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
533 "Error setting up RSA keys");
534 notify_fatal_error(pvar, pvar->ts->UIMsg);
535
536 if (key != NULL) {
537 if (key->e != NULL) {
538 BN_free(key->e);
539 }
540 if (key->n != NULL) {
541 BN_free(key->n);
542 }
543 RSA_free(key);
544 }
545
546 return NULL;
547 } else {
548 return key;
549 }
550 }
551
552 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
553 {
554 if (SSHv1(pvar)) {
555 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
556 } else {
557 memcpy(pvar->crypt_state.server_cookie, cookie,
558 SSH2_COOKIE_LENGTH);
559 }
560 }
561
562 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
563 {
564 if (SSHv2(pvar)) {
565 memcpy(pvar->crypt_state.client_cookie, cookie,
566 SSH2_COOKIE_LENGTH);
567 }
568 }
569
570 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
571 int bits, unsigned char FAR * exp,
572 unsigned char FAR * mod)
573 {
574 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
575
576 return pvar->crypt_state.server_key.RSA_key != NULL;
577 }
578
579 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
580 int bits, unsigned char FAR * exp,
581 unsigned char FAR * mod)
582 {
583 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
584
585 return pvar->crypt_state.host_key.RSA_key != NULL;
586 }
587
588 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
589 int receiver_ciphers)
590 {
591 int cipher_mask;
592
593 if (SSHv1(pvar)) {
594 cipher_mask = (1 << SSH_CIPHER_DES)
595 | (1 << SSH_CIPHER_3DES)
596 | (1 << SSH_CIPHER_BLOWFISH);
597
598 } else { // for SSH2(yutaka)
599 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
600 cipher_mask = (1 << SSH_CIPHER_3DES_CBC)
601 | (1 << SSH_CIPHER_AES128)
602 #ifdef SSH2_BLOWFISH
603 | (1 << SSH_CIPHER_BLOWFISH)
604 #endif
605 | (1 << SSH_CIPHER_AES192)
606 | (1 << SSH_CIPHER_AES256);
607 }
608
609 sender_ciphers &= cipher_mask;
610 receiver_ciphers &= cipher_mask;
611 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
612 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
613
614 if (sender_ciphers == 0) {
615 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
616 "The server does not support any of the TTSSH encryption algorithms.\n"
617 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
618 "The connection will be closed.");
619 notify_fatal_error(pvar, pvar->ts->UIMsg);
620 return FALSE;
621 } else if (receiver_ciphers == 0) {
622 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
623 "The server does not support any of the TTSSH encryption algorithms.\n"
624 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
625 "The connection will be closed.");
626 notify_fatal_error(pvar, pvar->ts->UIMsg);
627 return FALSE;
628 } else {
629 return TRUE;
630 }
631 }
632
633 int CRYPT_get_decryption_block_size(PTInstVar pvar)
634 {
635 if (SSHv1(pvar)) {
636 return 8;
637 } else {
638 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
639 // cf. 3DES=8, AES128=16
640 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
641 }
642 }
643
644 int CRYPT_get_encryption_block_size(PTInstVar pvar)
645 {
646 if (SSHv1(pvar)) {
647 return 8;
648 } else {
649 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
650 // cf. 3DES=8, AES128=16
651 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
652 }
653 }
654
655 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
656 {
657 struct Mac *mac;
658
659 if (SSHv1(pvar)) {
660 return 0;
661
662 } else { // for SSH2(yutaka)
663 mac = &pvar->ssh2_keys[MODE_IN].mac;
664 if (mac == NULL || mac->enabled == 0)
665 return 0;
666
667 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
668 }
669
670 }
671
672 // HMAC������
673 // ���{������ SSH2 �������g�p�������B
674 // (2004.12.17 yutaka)
675 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
676 char FAR * data, int len, char FAR * MAC)
677 {
678 HMAC_CTX c;
679 unsigned char m[EVP_MAX_MD_SIZE];
680 unsigned char b[4];
681 struct Mac *mac;
682
683 mac = &pvar->ssh2_keys[MODE_IN].mac;
684
685 // HMAC�������L���������������A����OK�����������B
686 if (mac == NULL || mac->enabled == 0)
687 return TRUE;
688
689 if (mac->key == NULL)
690 goto error;
691
692 if ((u_int)mac->mac_len > sizeof(m))
693 goto error;
694
695 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
696 set_uint32_MSBfirst(b, sequence_number);
697 HMAC_Update(&c, b, sizeof(b));
698 HMAC_Update(&c, data, len);
699 HMAC_Final(&c, m, NULL);
700 HMAC_cleanup(&c);
701
702 if (memcmp(m, MAC, mac->mac_len)) {
703 goto error;
704 }
705
706 return TRUE;
707
708 error:
709 return FALSE;
710 }
711
712 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
713 {
714 struct Mac *mac;
715
716 if (SSHv2(pvar)) { // for SSH2(yutaka)
717 mac = &pvar->ssh2_keys[MODE_OUT].mac;
718 if (mac == NULL || mac->enabled == 0)
719 return 0;
720
721 return (mac->mac_len);
722 }
723
724 return 0;
725 }
726
727 // for SSH2
728 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
729 char FAR * data, int len, char FAR * MAC)
730 {
731 HMAC_CTX c;
732 static u_char m[EVP_MAX_MD_SIZE];
733 u_char b[4];
734 struct Mac *mac;
735
736 if (SSHv2(pvar)) { // for SSH2(yutaka)
737 mac = &pvar->ssh2_keys[MODE_OUT].mac;
738 if (mac == NULL || mac->enabled == 0)
739 return FALSE;
740
741 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
742 set_uint32_MSBfirst(b, sequence_number);
743 HMAC_Update(&c, b, sizeof(b));
744 HMAC_Update(&c, data, len);
745 HMAC_Final(&c, m, NULL);
746 HMAC_cleanup(&c);
747
748 // 20�o�C�g�������R�s�[
749 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
750 // memcpy(MAC, m, sizeof(m));
751
752 return TRUE;
753 }
754
755 return TRUE;
756
757 }
758
759 static int choose_cipher(PTInstVar pvar, int supported)
760 {
761 int i;
762
763 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
764 int cipher = pvar->session_settings.CipherOrder[i] - '0';
765
766 if (cipher == SSH_CIPHER_NONE) {
767 break;
768 } else if ((supported & (1 << cipher)) != 0) {
769 return cipher;
770 }
771 }
772
773 return SSH_CIPHER_NONE;
774 }
775
776 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
777 {
778 if (SSHv1(pvar)) {
779 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
780 pvar->crypt_state.
781 supported_sender_ciphers);
782 pvar->crypt_state.receiver_cipher =
783 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
784
785 } else { // SSH2(yutaka)
786 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
787 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
788
789 }
790
791 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
792 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
793 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
794 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
795 "To communicate with this server, you will have to enable some more ciphers\n"
796 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
797 "This connection will now close.");
798 notify_fatal_error(pvar, pvar->ts->UIMsg);
799 return FALSE;
800 } else {
801 return TRUE;
802 }
803 }
804
805 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
806 {
807 int server_key_bits =
808 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
809 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
810 int server_key_bytes = (server_key_bits + 7) / 8;
811 int host_key_bytes = (host_key_bits + 7) / 8;
812
813 if (server_key_bits < host_key_bits) {
814 return host_key_bytes;
815 } else {
816 return server_key_bytes;
817 }
818 }
819
820 int CRYPT_choose_session_key(PTInstVar pvar,
821 unsigned char FAR * encrypted_key_buf)
822 {
823 int server_key_bits =
824 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
825 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
826 int server_key_bytes = (server_key_bits + 7) / 8;
827 int host_key_bytes = (host_key_bits + 7) / 8;
828 int encrypted_key_bytes;
829 int bit_delta;
830
831 if (server_key_bits < host_key_bits) {
832 encrypted_key_bytes = host_key_bytes;
833 bit_delta = host_key_bits - server_key_bits;
834 } else {
835 encrypted_key_bytes = server_key_bytes;
836 bit_delta = server_key_bits - host_key_bits;
837 }
838
839 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
840 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
841 "Server RSA keys are too weak. A secure connection cannot be established.");
842 notify_fatal_error(pvar, pvar->ts->UIMsg);
843 return 0;
844 } else {
845 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
846 for the session ID, rather than the one specified in the RFC */
847 int session_buf_len = server_key_bytes + host_key_bytes + 8;
848 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
849 char session_id[16];
850 int i;
851
852 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
853 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
854 session_buf + host_key_bytes);
855 memcpy(session_buf + server_key_bytes + host_key_bytes,
856 pvar->crypt_state.server_cookie, 8);
857 MD5(session_buf, session_buf_len, session_id);
858
859 free(session_buf);
860
861 RAND_bytes(pvar->crypt_state.sender_cipher_key,
862 SSH_SESSION_KEY_LENGTH);
863 memcpy(pvar->crypt_state.receiver_cipher_key,
864 pvar->crypt_state.sender_cipher_key,
865 SSH_SESSION_KEY_LENGTH);
866
867 memcpy(encrypted_key_buf + encrypted_key_bytes -
868 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
869 SSH_SESSION_KEY_LENGTH);
870 for (i = 0; i < sizeof(session_id); i++) {
871 encrypted_key_buf[encrypted_key_bytes -
872 SSH_SESSION_KEY_LENGTH + i]
873 ^= session_id[i];
874 }
875
876 if (host_key_bits > server_key_bits) {
877 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
878 encrypted_key_buf +
879 encrypted_key_bytes -
880 SSH_SESSION_KEY_LENGTH,
881 encrypted_key_buf +
882 encrypted_key_bytes - server_key_bytes,
883 pvar->crypt_state.server_key.RSA_key,
884 RSA_PKCS1_PADDING) < 0)
885 return 0;
886
887 if (RSA_public_encrypt(server_key_bytes,
888 encrypted_key_buf +
889 encrypted_key_bytes - server_key_bytes,
890 encrypted_key_buf,
891 pvar->crypt_state.host_key.RSA_key,
892 RSA_PKCS1_PADDING) < 0)
893 return 0;
894 } else {
895 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
896 encrypted_key_buf +
897 encrypted_key_bytes -
898 SSH_SESSION_KEY_LENGTH,
899 encrypted_key_buf +
900 encrypted_key_bytes - host_key_bytes,
901 pvar->crypt_state.host_key.RSA_key,
902 RSA_PKCS1_PADDING) < 0)
903 return 0;
904
905 if (RSA_public_encrypt(host_key_bytes,
906 encrypted_key_buf +
907 encrypted_key_bytes - host_key_bytes,
908 encrypted_key_buf,
909 pvar->crypt_state.server_key.RSA_key,
910 RSA_PKCS1_PADDING) < 0)
911 return 0;
912 }
913 }
914
915 return 1;
916 }
917
918 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
919 unsigned char FAR * challenge,
920 int challenge_len,
921 unsigned char FAR * response)
922 {
923 int server_key_bits =
924 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
925 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
926 int server_key_bytes = (server_key_bits + 7) / 8;
927 int host_key_bytes = (host_key_bits + 7) / 8;
928 int session_buf_len = server_key_bytes + host_key_bytes + 8;
929 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
930 char decrypted_challenge[48];
931 int decrypted_challenge_len;
932
933 decrypted_challenge_len =
934 RSA_private_decrypt(challenge_len, challenge, challenge,
935 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
936 RSA_PKCS1_PADDING);
937 if (decrypted_challenge_len < 0) {
938 free(session_buf);
939 return 0;
940 }
941 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
942 memcpy(decrypted_challenge,
943 challenge + decrypted_challenge_len -
944 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
945 } else {
946 memset(decrypted_challenge, 0,
947 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
948 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
949 decrypted_challenge_len, challenge,
950 decrypted_challenge_len);
951 }
952
953 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
954 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
955 session_buf + host_key_bytes);
956 memcpy(session_buf + server_key_bytes + host_key_bytes,
957 pvar->crypt_state.server_cookie, 8);
958 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
959
960 free(session_buf);
961
962 MD5(decrypted_challenge, 48, response);
963
964 return 1;
965 }
966
967 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
968 {
969 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
970 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
971 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
972 memset(state->ivec1, 0, 8);
973 memset(state->ivec2, 0, 8);
974 memset(state->ivec3, 0, 8);
975 }
976
977 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
978 {
979 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
980 memset(state->ivec, 0, 8);
981 }
982
983 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
984 {
985 idea_set_encrypt_key(session_key, &state->k);
986 memset(state->ivec, 0, 8);
987 }
988
989 static void cBlowfish_init(char FAR * session_key,
990 CipherBlowfishState FAR * state)
991 {
992 BF_set_key(&state->k, 32, session_key);
993 memset(state->ivec, 0, 8);
994 }
995
996
997 //
998 // SSH2�p�A���S���Y����������
999 //
1000 // for SSH2(yutaka)
1001 //
1002 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1003 const u_char *key, u_int keylen,
1004 const u_char *iv, u_int ivlen,
1005 int encrypt,
1006 const EVP_CIPHER *(*func)(void),
1007 PTInstVar pvar)
1008 {
1009 EVP_CIPHER *type;
1010 int klen;
1011 char tmp[80];
1012
1013 type = (EVP_CIPHER *)func();
1014
1015 EVP_CIPHER_CTX_init(evp);
1016 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1017 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1018 "Cipher initialize error(%d)");
1019 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1020 notify_fatal_error(pvar, tmp);
1021 return;
1022 }
1023
1024 klen = EVP_CIPHER_CTX_key_length(evp);
1025 if (klen > 0 && keylen != klen) {
1026 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1027 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1028 "Cipher initialize error(%d)");
1029 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1030 notify_fatal_error(pvar, tmp);
1031 return;
1032 }
1033 }
1034 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1035 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1036 "Cipher initialize error(%d)");
1037 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1038 notify_fatal_error(pvar, tmp);
1039 return;
1040 }
1041 }
1042
1043
1044 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1045 {
1046 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1047 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1048 BOOL isOK = TRUE;
1049
1050 if (sender_flag) {
1051 switch (pvar->crypt_state.sender_cipher) {
1052 // for SSH2(yutaka)
1053 case SSH_CIPHER_3DES_CBC:
1054 {
1055 struct Enc *enc;
1056
1057 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1058 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1059 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1060 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1061 CIPHER_ENCRYPT,
1062 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1063 pvar);
1064
1065 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1066 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1067
1068 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1069 break;
1070 }
1071
1072 // for SSH2(yutaka)
1073 case SSH_CIPHER_AES128:
1074 case SSH_CIPHER_AES192:
1075 case SSH_CIPHER_AES256:
1076 {
1077 struct Enc *enc;
1078
1079 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1080 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1081 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1082 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1083 CIPHER_ENCRYPT,
1084 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1085 pvar);
1086
1087 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1088 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1089
1090 pvar->crypt_state.encrypt = cAES128_encrypt;
1091 break;
1092 }
1093
1094 case SSH_CIPHER_3DES:{
1095 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1096 pvar->crypt_state.encrypt = c3DES_encrypt;
1097 break;
1098 }
1099 case SSH_CIPHER_IDEA:{
1100 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1101 pvar->crypt_state.encrypt = cIDEA_encrypt;
1102 break;
1103 }
1104 case SSH_CIPHER_DES:{
1105 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1106 pvar->crypt_state.encrypt = cDES_encrypt;
1107 break;
1108 }
1109 case SSH_CIPHER_RC4:{
1110 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1111 encryption_key + 16);
1112 pvar->crypt_state.encrypt = cRC4_encrypt;
1113 break;
1114 }
1115 case SSH_CIPHER_BLOWFISH:{
1116 cBlowfish_init(encryption_key,
1117 &pvar->crypt_state.enc.cBlowfish);
1118 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1119 break;
1120 }
1121 default:
1122 isOK = FALSE;
1123 }
1124 }
1125
1126
1127 if (receiver_flag) {
1128 switch (pvar->crypt_state.receiver_cipher) {
1129 // for SSH2(yutaka)
1130 case SSH_CIPHER_3DES_CBC:
1131 {
1132 struct Enc *enc;
1133
1134 enc = &pvar->ssh2_keys[MODE_IN].enc;
1135 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1136 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1137 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1138 CIPHER_DECRYPT,
1139 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1140 pvar);
1141
1142 //debug_print(12, enc->key, 24);
1143 //debug_print(13, enc->iv, 24);
1144
1145 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1146 break;
1147 }
1148
1149 // for SSH2(yutaka)
1150 case SSH_CIPHER_AES128:
1151 case SSH_CIPHER_AES192:
1152 case SSH_CIPHER_AES256:
1153 {
1154 struct Enc *enc;
1155
1156 enc = &pvar->ssh2_keys[MODE_IN].enc;
1157 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1158 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1159 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1160 CIPHER_DECRYPT,
1161 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1162 pvar);
1163
1164 //debug_print(12, enc->key, 24);
1165 //debug_print(13, enc->iv, 24);
1166
1167 pvar->crypt_state.decrypt = cAES128_decrypt;
1168 break;
1169 }
1170
1171 case SSH_CIPHER_3DES:{
1172 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1173 pvar->crypt_state.decrypt = c3DES_decrypt;
1174 break;
1175 }
1176 case SSH_CIPHER_IDEA:{
1177 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1178 pvar->crypt_state.decrypt = cIDEA_decrypt;
1179 break;
1180 }
1181 case SSH_CIPHER_DES:{
1182 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1183 pvar->crypt_state.decrypt = cDES_decrypt;
1184 break;
1185 }
1186 case SSH_CIPHER_RC4:{
1187 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1188 pvar->crypt_state.decrypt = cRC4_decrypt;
1189 break;
1190 }
1191 case SSH_CIPHER_BLOWFISH:{
1192 cBlowfish_init(decryption_key,
1193 &pvar->crypt_state.dec.cBlowfish);
1194 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1195 break;
1196 }
1197 default:
1198 isOK = FALSE;
1199 }
1200 }
1201
1202
1203 if (!isOK) {
1204 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1205 "No cipher selected!");
1206 notify_fatal_error(pvar, pvar->ts->UIMsg);
1207 return FALSE;
1208 } else {
1209 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1210 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1211 return TRUE;
1212 }
1213 }
1214
1215 void CRYPT_init(PTInstVar pvar)
1216 {
1217 pvar->crypt_state.encrypt = no_encrypt;
1218 pvar->crypt_state.decrypt = no_encrypt;
1219 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1220 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1221 pvar->crypt_state.server_key.RSA_key = NULL;
1222 pvar->crypt_state.host_key.RSA_key = NULL;
1223
1224 pvar->crypt_state.detect_attack_statics.h = NULL;
1225 pvar->crypt_state.detect_attack_statics.n =
1226 HASH_MINSIZE / HASH_ENTRYSIZE;
1227 }
1228
1229 static char FAR *get_cipher_name(int cipher)
1230 {
1231 switch (cipher) {
1232 case SSH_CIPHER_NONE:
1233 return "None";
1234 case SSH_CIPHER_3DES:
1235 return "3DES (168 key bits)";
1236 case SSH_CIPHER_DES:
1237 return "DES (56 key bits)";
1238 case SSH_CIPHER_IDEA:
1239 return "IDEA (128 key bits)";
1240 case SSH_CIPHER_RC4:
1241 return "RC4 (128 key bits)";
1242 case SSH_CIPHER_BLOWFISH:
1243 return "Blowfish (256 key bits)";
1244
1245 // SSH2
1246 case SSH_CIPHER_3DES_CBC:
1247 return "3DES-CBC";
1248 case SSH_CIPHER_AES128:
1249 return "AES128";
1250 case SSH_CIPHER_AES192:
1251 return "AES192";
1252 case SSH_CIPHER_AES256:
1253 return "AES256";
1254
1255 default:
1256 return "Unknown";
1257 }
1258 }
1259
1260 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1261 {
1262 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1263 "%s to server, %s from server");
1264 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1265 get_cipher_name(pvar->crypt_state.sender_cipher),
1266 get_cipher_name(pvar->crypt_state.receiver_cipher));
1267 }
1268
1269 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1270 {
1271 if (SSHv1(pvar)) {
1272 if (pvar->crypt_state.server_key.RSA_key == NULL
1273 || pvar->crypt_state.host_key.RSA_key == NULL) {
1274 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1275 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1276 } else {
1277 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1278 "%d-bit server key, %d-bit host key");
1279 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1280 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1281 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1282 }
1283 } else { // SSH2
1284 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1285 "%d-bit server key, %d-bit host key");
1286 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1287 pvar->server_key_bits,
1288 pvar->client_key_bits);
1289 }
1290 }
1291
1292 static void destroy_public_key(CRYPTPublicKey FAR * key)
1293 {
1294 if (key->RSA_key != NULL) {
1295 RSA_free(key->RSA_key);
1296 key->RSA_key = NULL;
1297 }
1298 }
1299
1300 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1301 {
1302 destroy_public_key(key);
1303 free(key);
1304 }
1305
1306 void CRYPT_end(PTInstVar pvar)
1307 {
1308 destroy_public_key(&pvar->crypt_state.host_key);
1309 destroy_public_key(&pvar->crypt_state.server_key);
1310
1311 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1312 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1313 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1314 free(pvar->crypt_state.detect_attack_statics.h);
1315 }
1316
1317 memset(pvar->crypt_state.sender_cipher_key, 0,
1318 sizeof(pvar->crypt_state.sender_cipher_key));
1319 memset(pvar->crypt_state.receiver_cipher_key, 0,
1320 sizeof(pvar->crypt_state.receiver_cipher_key));
1321 memset(pvar->crypt_state.server_cookie, 0,
1322 sizeof(pvar->crypt_state.server_cookie));
1323 memset(pvar->crypt_state.client_cookie, 0,
1324 sizeof(pvar->crypt_state.client_cookie));
1325 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1326 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1327 }
1328
1329 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1330 char FAR * buf, int bytes)
1331 {
1332 unsigned char passphrase_key[16];
1333
1334 MD5(passphrase, strlen(passphrase), passphrase_key);
1335
1336 switch (cipher) {
1337 case SSH_CIPHER_3DES:{
1338 Cipher3DESState state;
1339
1340 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1341 &state.k1);
1342 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1343 &state.k2);
1344 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1345 &state.k3);
1346 memset(state.ivec1, 0, 8);
1347 memset(state.ivec2, 0, 8);
1348 memset(state.ivec3, 0, 8);
1349 DES_ncbc_encrypt(buf, buf, bytes,
1350 &state.k3, &state.ivec3, DES_DECRYPT);
1351 DES_ncbc_encrypt(buf, buf, bytes,
1352 &state.k2, &state.ivec2, DES_ENCRYPT);
1353 DES_ncbc_encrypt(buf, buf, bytes,
1354 &state.k1, &state.ivec1, DES_DECRYPT);
1355 break;
1356 }
1357
1358 case SSH_CIPHER_IDEA:{
1359 CipherIDEAState state;
1360 int num = 0;
1361
1362 cIDEA_init(passphrase_key, &state);
1363 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1364 &num, IDEA_DECRYPT);
1365 break;
1366 }
1367
1368 case SSH_CIPHER_DES:{
1369 CipherDESState state;
1370
1371 cDES_init(passphrase_key, &state);
1372 DES_ncbc_encrypt(buf, buf, bytes,
1373 &state.k, &state.ivec, DES_DECRYPT);
1374 break;
1375 }
1376
1377 case SSH_CIPHER_RC4:{
1378 CipherRC4State state;
1379 int num = 0;
1380
1381 RC4_set_key(&state.k, 16, passphrase_key);
1382 RC4(&state.k, bytes, buf, buf);
1383 break;
1384 }
1385
1386 case SSH_CIPHER_BLOWFISH:{
1387 CipherBlowfishState state;
1388
1389 BF_set_key(&state.k, 16, passphrase_key);
1390 memset(state.ivec, 0, 8);
1391 flip_endianness(buf, bytes);
1392 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1393 BF_DECRYPT);
1394 flip_endianness(buf, bytes);
1395 break;
1396 }
1397
1398 case SSH_CIPHER_NONE:
1399 break;
1400
1401 default:
1402 memset(passphrase_key, 0, sizeof(passphrase_key));
1403 return 0;
1404 }
1405
1406 memset(passphrase_key, 0, sizeof(passphrase_key));
1407 return 1;
1408 }
1409
1410 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1411 {
1412 if (key_pair->RSA_key != NULL)
1413 RSA_free(key_pair->RSA_key);
1414
1415 if (key_pair->DSA_key != NULL)
1416 DSA_free(key_pair->DSA_key);
1417
1418 free(key_pair);
1419 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help