Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3045 - (show annotations) (download) (as text)
Thu Oct 18 03:49:39 2007 UTC (16 years, 5 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 42676 byte(s) 
SSH2 の暗号化方式として Blowfish をサポートしたい。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.16 2007-10-18 03:49:39 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226 if (bytes == 0)
227 return;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 memcpy(buf, newbuf, bytes);
250
251 }
252
253 error:
254 free(newbuf);
255 }
256
257 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
258 int bytes)
259 {
260 unsigned char *newbuf = malloc(bytes);
261 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
262
263 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
264 if (bytes == 0)
265 return;
266
267 if (newbuf == NULL)
268 return;
269
270 if (bytes % block_size) {
271 char tmp[80];
272 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
273 "AES128 decrypt error(1): bytes %d (%d)");
274 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
275 notify_fatal_error(pvar, tmp);
276 goto error;
277 }
278
279 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
280 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
281 "AES128 decrypt error(2)");
282 notify_fatal_error(pvar, pvar->ts->UIMsg);
283 goto error;
284
285 } else {
286 memcpy(buf, newbuf, bytes);
287
288 }
289
290 error:
291 free(newbuf);
292 }
293
294
295
296 // for SSH2(yutaka)
297 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
298 int bytes)
299 {
300 unsigned char *newbuf = malloc(bytes);
301
302 if (newbuf == NULL)
303 return;
304
305 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
306 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR", pvar,
307 "3DES-CBC encrypt error");
308 notify_fatal_error(pvar, pvar->ts->UIMsg);
309 goto error;
310
311 } else {
312 //unsigned char key[24], iv[8];
313 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
314 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
315 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
316
317 //debug_print(50, key, 24);
318 //debug_print(51, iv, 8);
319 //debug_print(52, buf, bytes);
320 //debug_print(53, newbuf, bytes);
321
322 memcpy(buf, newbuf, bytes);
323 }
324
325 error:
326 free(newbuf);
327 }
328
329 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
330 int bytes)
331 {
332 unsigned char *newbuf = malloc(bytes);
333
334 if (newbuf == NULL)
335 return;
336
337 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
338 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR", pvar,
339 "3DES-CBC decrypt error");
340 notify_fatal_error(pvar, pvar->ts->UIMsg);
341 goto error;
342
343 } else {
344 //unsigned char key[24], iv[8];
345 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
346 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
347 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
348
349 //debug_print(70, key, 24);
350 //debug_print(71, iv, 8);
351 //debug_print(72, buf, bytes);
352 //debug_print(73, newbuf, bytes);
353
354 memcpy(buf, newbuf, bytes);
355 }
356
357 error:
358 free(newbuf);
359 }
360
361
362 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
367
368 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369 if (bytes == 0)
370 return;
371
372 if (newbuf == NULL)
373 return;
374
375 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
376 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR", pvar,
377 "Blowfish encrypt error");
378 notify_fatal_error(pvar, pvar->ts->UIMsg);
379 goto error;
380
381 } else {
382 memcpy(buf, newbuf, bytes);
383
384 }
385
386 error:
387 free(newbuf);
388 }
389
390 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
391 int bytes)
392 {
393 unsigned char *newbuf = malloc(bytes);
394 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
395
396 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
397 if (bytes == 0)
398 return;
399
400 if (newbuf == NULL)
401 return;
402
403 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
404 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR", pvar,
405 "Blowfish decrypt error");
406 notify_fatal_error(pvar, pvar->ts->UIMsg);
407 goto error;
408
409 } else {
410 memcpy(buf, newbuf, bytes);
411
412 }
413
414 error:
415 free(newbuf);
416 }
417
418
419
420 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
421 int bytes)
422 {
423 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
424
425 DES_ncbc_encrypt(buf, buf, bytes,
426 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
427 DES_ncbc_encrypt(buf, buf, bytes,
428 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
429 DES_ncbc_encrypt(buf, buf, bytes,
430 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
431 }
432
433 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
434 int bytes)
435 {
436 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
437
438 DES_ncbc_encrypt(buf, buf, bytes,
439 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
440 DES_ncbc_encrypt(buf, buf, bytes,
441 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
442 DES_ncbc_encrypt(buf, buf, bytes,
443 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
444 }
445
446 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
447 int bytes)
448 {
449 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
450
451 DES_ncbc_encrypt(buf, buf, bytes,
452 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
453 }
454
455 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
456 int bytes)
457 {
458 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
459
460 DES_ncbc_encrypt(buf, buf, bytes,
461 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
462 }
463
464 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
465 int bytes)
466 {
467 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
468 int num = 0;
469
470 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
471 encryptstate->ivec, &num, IDEA_ENCRYPT);
472 }
473
474 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
475 int bytes)
476 {
477 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
478 int num = 0;
479
480 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
481 decryptstate->ivec, &num, IDEA_DECRYPT);
482 }
483
484 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
485 {
486 uint32 FAR *buf = (uint32 FAR *) cbuf;
487 int count = bytes / 4;
488
489 while (count > 0) {
490 uint32 w = *buf;
491
492 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
493 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
494 count--;
495 buf++;
496 }
497 }
498
499 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
500 int bytes)
501 {
502 CipherBlowfishState FAR *encryptstate =
503 &pvar->crypt_state.enc.cBlowfish;
504
505 flip_endianness(buf, bytes);
506 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
507 BF_ENCRYPT);
508 flip_endianness(buf, bytes);
509 }
510
511 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
512 int bytes)
513 {
514 CipherBlowfishState FAR *decryptstate =
515 &pvar->crypt_state.dec.cBlowfish;
516
517 flip_endianness(buf, bytes);
518 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
519 BF_DECRYPT);
520 flip_endianness(buf, bytes);
521 }
522
523 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
524 int bytes)
525 {
526 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
527 int num = 0;
528
529 RC4(&encryptstate->k, bytes, buf, buf);
530 }
531
532 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 int bytes)
534 {
535 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
536 int num = 0;
537
538 RC4(&decryptstate->k, bytes, buf, buf);
539 }
540
541 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
542 int bytes)
543 {
544 RAND_bytes(buf, bytes);
545 }
546
547 void CRYPT_initialize_random_numbers(PTInstVar pvar)
548 {
549 RAND_screen();
550 }
551
552 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
553 {
554 int bits = get_ushort16_MSBfirst(bytes);
555
556 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
557 }
558
559 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
560 RSA FAR *make_key(PTInstVar pvar,
561 int bits, unsigned char FAR * exp,
562 unsigned char FAR * mod)
563 {
564 RSA FAR *key = RSA_new();
565
566 if (key != NULL) {
567 key->e = get_bignum(exp);
568 key->n = get_bignum(mod);
569 }
570
571 if (key == NULL || key->e == NULL || key->n == NULL) {
572 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
573 "Error setting up RSA keys");
574 notify_fatal_error(pvar, pvar->ts->UIMsg);
575
576 if (key != NULL) {
577 if (key->e != NULL) {
578 BN_free(key->e);
579 }
580 if (key->n != NULL) {
581 BN_free(key->n);
582 }
583 RSA_free(key);
584 }
585
586 return NULL;
587 } else {
588 return key;
589 }
590 }
591
592 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
593 {
594 if (SSHv1(pvar)) {
595 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
596 } else {
597 memcpy(pvar->crypt_state.server_cookie, cookie,
598 SSH2_COOKIE_LENGTH);
599 }
600 }
601
602 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
603 {
604 if (SSHv2(pvar)) {
605 memcpy(pvar->crypt_state.client_cookie, cookie,
606 SSH2_COOKIE_LENGTH);
607 }
608 }
609
610 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
611 int bits, unsigned char FAR * exp,
612 unsigned char FAR * mod)
613 {
614 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
615
616 return pvar->crypt_state.server_key.RSA_key != NULL;
617 }
618
619 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
620 int bits, unsigned char FAR * exp,
621 unsigned char FAR * mod)
622 {
623 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
624
625 return pvar->crypt_state.host_key.RSA_key != NULL;
626 }
627
628 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
629 int receiver_ciphers)
630 {
631 int cipher_mask;
632
633 if (SSHv1(pvar)) {
634 cipher_mask = (1 << SSH_CIPHER_DES)
635 | (1 << SSH_CIPHER_3DES)
636 | (1 << SSH_CIPHER_BLOWFISH);
637
638 } else { // for SSH2(yutaka)
639 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
640 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
641 | (1 << SSH2_CIPHER_AES128)
642 | (1 << SSH2_CIPHER_BLOWFISH)
643 | (1 << SSH2_CIPHER_AES192)
644 | (1 << SSH2_CIPHER_AES256);
645 }
646
647 sender_ciphers &= cipher_mask;
648 receiver_ciphers &= cipher_mask;
649 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
650 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
651
652 if (sender_ciphers == 0) {
653 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
654 "The server does not support any of the TTSSH encryption algorithms.\n"
655 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
656 "The connection will be closed.");
657 notify_fatal_error(pvar, pvar->ts->UIMsg);
658 return FALSE;
659 } else if (receiver_ciphers == 0) {
660 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
661 "The server does not support any of the TTSSH encryption algorithms.\n"
662 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
663 "The connection will be closed.");
664 notify_fatal_error(pvar, pvar->ts->UIMsg);
665 return FALSE;
666 } else {
667 return TRUE;
668 }
669 }
670
671 int CRYPT_get_decryption_block_size(PTInstVar pvar)
672 {
673 if (SSHv1(pvar)) {
674 return 8;
675 } else {
676 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
677 // cf. 3DES=8, AES128=16
678 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
679 }
680 }
681
682 int CRYPT_get_encryption_block_size(PTInstVar pvar)
683 {
684 if (SSHv1(pvar)) {
685 return 8;
686 } else {
687 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
688 // cf. 3DES=8, AES128=16
689 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
690 }
691 }
692
693 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
694 {
695 struct Mac *mac;
696
697 if (SSHv1(pvar)) {
698 return 0;
699
700 } else { // for SSH2(yutaka)
701 mac = &pvar->ssh2_keys[MODE_IN].mac;
702 if (mac == NULL || mac->enabled == 0)
703 return 0;
704
705 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
706 }
707
708 }
709
710 // HMAC������
711 // ���{������ SSH2 �������g�p�������B
712 // (2004.12.17 yutaka)
713 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
714 char FAR * data, int len, char FAR * MAC)
715 {
716 HMAC_CTX c;
717 unsigned char m[EVP_MAX_MD_SIZE];
718 unsigned char b[4];
719 struct Mac *mac;
720
721 mac = &pvar->ssh2_keys[MODE_IN].mac;
722
723 // HMAC�������L���������������A����OK�����������B
724 if (mac == NULL || mac->enabled == 0)
725 return TRUE;
726
727 if (mac->key == NULL)
728 goto error;
729
730 if ((u_int)mac->mac_len > sizeof(m))
731 goto error;
732
733 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
734 set_uint32_MSBfirst(b, sequence_number);
735 HMAC_Update(&c, b, sizeof(b));
736 HMAC_Update(&c, data, len);
737 HMAC_Final(&c, m, NULL);
738 HMAC_cleanup(&c);
739
740 if (memcmp(m, MAC, mac->mac_len)) {
741 goto error;
742 }
743
744 return TRUE;
745
746 error:
747 return FALSE;
748 }
749
750 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
751 {
752 struct Mac *mac;
753
754 if (SSHv2(pvar)) { // for SSH2(yutaka)
755 mac = &pvar->ssh2_keys[MODE_OUT].mac;
756 if (mac == NULL || mac->enabled == 0)
757 return 0;
758
759 return (mac->mac_len);
760 }
761
762 return 0;
763 }
764
765 // for SSH2
766 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
767 char FAR * data, int len, char FAR * MAC)
768 {
769 HMAC_CTX c;
770 static u_char m[EVP_MAX_MD_SIZE];
771 u_char b[4];
772 struct Mac *mac;
773
774 if (SSHv2(pvar)) { // for SSH2(yutaka)
775 mac = &pvar->ssh2_keys[MODE_OUT].mac;
776 if (mac == NULL || mac->enabled == 0)
777 return FALSE;
778
779 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
780 set_uint32_MSBfirst(b, sequence_number);
781 HMAC_Update(&c, b, sizeof(b));
782 HMAC_Update(&c, data, len);
783 HMAC_Final(&c, m, NULL);
784 HMAC_cleanup(&c);
785
786 // 20�o�C�g�������R�s�[
787 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
788 // memcpy(MAC, m, sizeof(m));
789
790 return TRUE;
791 }
792
793 return TRUE;
794
795 }
796
797 static int choose_cipher(PTInstVar pvar, int supported)
798 {
799 int i;
800
801 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
802 int cipher = pvar->session_settings.CipherOrder[i] - '0';
803
804 if (cipher == SSH_CIPHER_NONE) {
805 break;
806 } else if ((supported & (1 << cipher)) != 0) {
807 return cipher;
808 }
809 }
810
811 return SSH_CIPHER_NONE;
812 }
813
814 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
815 {
816 if (SSHv1(pvar)) {
817 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
818 pvar->crypt_state.
819 supported_sender_ciphers);
820 pvar->crypt_state.receiver_cipher =
821 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
822
823 } else { // SSH2(yutaka)
824 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
825 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
826
827 }
828
829 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
830 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
831 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
832 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
833 "To communicate with this server, you will have to enable some more ciphers\n"
834 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
835 "This connection will now close.");
836 notify_fatal_error(pvar, pvar->ts->UIMsg);
837 return FALSE;
838 } else {
839 return TRUE;
840 }
841 }
842
843 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
844 {
845 int server_key_bits =
846 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
847 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
848 int server_key_bytes = (server_key_bits + 7) / 8;
849 int host_key_bytes = (host_key_bits + 7) / 8;
850
851 if (server_key_bits < host_key_bits) {
852 return host_key_bytes;
853 } else {
854 return server_key_bytes;
855 }
856 }
857
858 int CRYPT_choose_session_key(PTInstVar pvar,
859 unsigned char FAR * encrypted_key_buf)
860 {
861 int server_key_bits =
862 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
863 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
864 int server_key_bytes = (server_key_bits + 7) / 8;
865 int host_key_bytes = (host_key_bits + 7) / 8;
866 int encrypted_key_bytes;
867 int bit_delta;
868
869 if (server_key_bits < host_key_bits) {
870 encrypted_key_bytes = host_key_bytes;
871 bit_delta = host_key_bits - server_key_bits;
872 } else {
873 encrypted_key_bytes = server_key_bytes;
874 bit_delta = server_key_bits - host_key_bits;
875 }
876
877 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
878 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
879 "Server RSA keys are too weak. A secure connection cannot be established.");
880 notify_fatal_error(pvar, pvar->ts->UIMsg);
881 return 0;
882 } else {
883 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
884 for the session ID, rather than the one specified in the RFC */
885 int session_buf_len = server_key_bytes + host_key_bytes + 8;
886 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
887 char session_id[16];
888 int i;
889
890 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
891 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
892 session_buf + host_key_bytes);
893 memcpy(session_buf + server_key_bytes + host_key_bytes,
894 pvar->crypt_state.server_cookie, 8);
895 MD5(session_buf, session_buf_len, session_id);
896
897 free(session_buf);
898
899 RAND_bytes(pvar->crypt_state.sender_cipher_key,
900 SSH_SESSION_KEY_LENGTH);
901 memcpy(pvar->crypt_state.receiver_cipher_key,
902 pvar->crypt_state.sender_cipher_key,
903 SSH_SESSION_KEY_LENGTH);
904
905 memcpy(encrypted_key_buf + encrypted_key_bytes -
906 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
907 SSH_SESSION_KEY_LENGTH);
908 for (i = 0; i < sizeof(session_id); i++) {
909 encrypted_key_buf[encrypted_key_bytes -
910 SSH_SESSION_KEY_LENGTH + i]
911 ^= session_id[i];
912 }
913
914 if (host_key_bits > server_key_bits) {
915 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
916 encrypted_key_buf +
917 encrypted_key_bytes -
918 SSH_SESSION_KEY_LENGTH,
919 encrypted_key_buf +
920 encrypted_key_bytes - server_key_bytes,
921 pvar->crypt_state.server_key.RSA_key,
922 RSA_PKCS1_PADDING) < 0)
923 return 0;
924
925 if (RSA_public_encrypt(server_key_bytes,
926 encrypted_key_buf +
927 encrypted_key_bytes - server_key_bytes,
928 encrypted_key_buf,
929 pvar->crypt_state.host_key.RSA_key,
930 RSA_PKCS1_PADDING) < 0)
931 return 0;
932 } else {
933 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
934 encrypted_key_buf +
935 encrypted_key_bytes -
936 SSH_SESSION_KEY_LENGTH,
937 encrypted_key_buf +
938 encrypted_key_bytes - host_key_bytes,
939 pvar->crypt_state.host_key.RSA_key,
940 RSA_PKCS1_PADDING) < 0)
941 return 0;
942
943 if (RSA_public_encrypt(host_key_bytes,
944 encrypted_key_buf +
945 encrypted_key_bytes - host_key_bytes,
946 encrypted_key_buf,
947 pvar->crypt_state.server_key.RSA_key,
948 RSA_PKCS1_PADDING) < 0)
949 return 0;
950 }
951 }
952
953 return 1;
954 }
955
956 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
957 unsigned char FAR * challenge,
958 int challenge_len,
959 unsigned char FAR * response)
960 {
961 int server_key_bits =
962 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
963 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
964 int server_key_bytes = (server_key_bits + 7) / 8;
965 int host_key_bytes = (host_key_bits + 7) / 8;
966 int session_buf_len = server_key_bytes + host_key_bytes + 8;
967 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
968 char decrypted_challenge[48];
969 int decrypted_challenge_len;
970
971 decrypted_challenge_len =
972 RSA_private_decrypt(challenge_len, challenge, challenge,
973 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
974 RSA_PKCS1_PADDING);
975 if (decrypted_challenge_len < 0) {
976 free(session_buf);
977 return 0;
978 }
979 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
980 memcpy(decrypted_challenge,
981 challenge + decrypted_challenge_len -
982 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
983 } else {
984 memset(decrypted_challenge, 0,
985 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
986 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
987 decrypted_challenge_len, challenge,
988 decrypted_challenge_len);
989 }
990
991 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
992 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
993 session_buf + host_key_bytes);
994 memcpy(session_buf + server_key_bytes + host_key_bytes,
995 pvar->crypt_state.server_cookie, 8);
996 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
997
998 free(session_buf);
999
1000 MD5(decrypted_challenge, 48, response);
1001
1002 return 1;
1003 }
1004
1005 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1006 {
1007 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1008 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1009 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1010 memset(state->ivec1, 0, 8);
1011 memset(state->ivec2, 0, 8);
1012 memset(state->ivec3, 0, 8);
1013 }
1014
1015 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1016 {
1017 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1018 memset(state->ivec, 0, 8);
1019 }
1020
1021 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1022 {
1023 idea_set_encrypt_key(session_key, &state->k);
1024 memset(state->ivec, 0, 8);
1025 }
1026
1027 static void cBlowfish_init(char FAR * session_key,
1028 CipherBlowfishState FAR * state)
1029 {
1030 BF_set_key(&state->k, 32, session_key);
1031 memset(state->ivec, 0, 8);
1032 }
1033
1034
1035 //
1036 // SSH2�p�A���S���Y����������
1037 //
1038 // for SSH2(yutaka)
1039 //
1040 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1041 const u_char *key, u_int keylen,
1042 const u_char *iv, u_int ivlen,
1043 int encrypt,
1044 const EVP_CIPHER *(*func)(void),
1045 PTInstVar pvar)
1046 {
1047 EVP_CIPHER *type;
1048 int klen;
1049 char tmp[80];
1050
1051 type = (EVP_CIPHER *)func();
1052
1053 EVP_CIPHER_CTX_init(evp);
1054 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1055 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1056 "Cipher initialize error(%d)");
1057 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1058 notify_fatal_error(pvar, tmp);
1059 return;
1060 }
1061
1062 klen = EVP_CIPHER_CTX_key_length(evp);
1063 if (klen > 0 && keylen != klen) {
1064 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1065 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1066 "Cipher initialize error(%d)");
1067 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1068 notify_fatal_error(pvar, tmp);
1069 return;
1070 }
1071 }
1072 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1073 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1074 "Cipher initialize error(%d)");
1075 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1076 notify_fatal_error(pvar, tmp);
1077 return;
1078 }
1079 }
1080
1081
1082 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1083 {
1084 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1085 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1086 BOOL isOK = TRUE;
1087
1088 if (sender_flag) {
1089 switch (pvar->crypt_state.sender_cipher) {
1090 // for SSH2(yutaka)
1091 case SSH2_CIPHER_3DES_CBC:
1092 {
1093 struct Enc *enc;
1094
1095 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1096 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1097 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1098 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1099 CIPHER_ENCRYPT,
1100 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1101 pvar);
1102
1103 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1104 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1105
1106 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1107 break;
1108 }
1109
1110 // for SSH2(yutaka)
1111 case SSH2_CIPHER_AES128:
1112 case SSH2_CIPHER_AES192:
1113 case SSH2_CIPHER_AES256:
1114 {
1115 struct Enc *enc;
1116
1117 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1118 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1119 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1120 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1121 CIPHER_ENCRYPT,
1122 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1123 pvar);
1124
1125 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1126 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1127
1128 pvar->crypt_state.encrypt = cAES128_encrypt;
1129 break;
1130 }
1131
1132 case SSH2_CIPHER_BLOWFISH:
1133 {
1134 struct Enc *enc;
1135
1136 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1137 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1138 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1139 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1140 CIPHER_ENCRYPT,
1141 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1142 pvar);
1143
1144 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1145 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1146
1147 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1148 break;
1149 }
1150
1151 case SSH_CIPHER_3DES:{
1152 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1153 pvar->crypt_state.encrypt = c3DES_encrypt;
1154 break;
1155 }
1156 case SSH_CIPHER_IDEA:{
1157 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1158 pvar->crypt_state.encrypt = cIDEA_encrypt;
1159 break;
1160 }
1161 case SSH_CIPHER_DES:{
1162 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1163 pvar->crypt_state.encrypt = cDES_encrypt;
1164 break;
1165 }
1166 case SSH_CIPHER_RC4:{
1167 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1168 encryption_key + 16);
1169 pvar->crypt_state.encrypt = cRC4_encrypt;
1170 break;
1171 }
1172 case SSH_CIPHER_BLOWFISH:{
1173 cBlowfish_init(encryption_key,
1174 &pvar->crypt_state.enc.cBlowfish);
1175 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1176 break;
1177 }
1178 default:
1179 isOK = FALSE;
1180 }
1181 }
1182
1183
1184 if (receiver_flag) {
1185 switch (pvar->crypt_state.receiver_cipher) {
1186 // for SSH2(yutaka)
1187 case SSH2_CIPHER_3DES_CBC:
1188 {
1189 struct Enc *enc;
1190
1191 enc = &pvar->ssh2_keys[MODE_IN].enc;
1192 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1193 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1194 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1195 CIPHER_DECRYPT,
1196 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1197 pvar);
1198
1199 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1200 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1201
1202 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1203 break;
1204 }
1205
1206 // for SSH2(yutaka)
1207 case SSH2_CIPHER_AES128:
1208 case SSH2_CIPHER_AES192:
1209 case SSH2_CIPHER_AES256:
1210 {
1211 struct Enc *enc;
1212
1213 enc = &pvar->ssh2_keys[MODE_IN].enc;
1214 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1215 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1216 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1217 CIPHER_DECRYPT,
1218 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1219 pvar);
1220
1221 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1222 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1223
1224 pvar->crypt_state.decrypt = cAES128_decrypt;
1225 break;
1226 }
1227
1228 case SSH2_CIPHER_BLOWFISH:
1229 {
1230 struct Enc *enc;
1231
1232 enc = &pvar->ssh2_keys[MODE_IN].enc;
1233 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1234 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1235 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1236 CIPHER_DECRYPT,
1237 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1238 pvar);
1239
1240 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1241 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1242
1243 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1244 break;
1245 }
1246
1247 case SSH_CIPHER_3DES:{
1248 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1249 pvar->crypt_state.decrypt = c3DES_decrypt;
1250 break;
1251 }
1252 case SSH_CIPHER_IDEA:{
1253 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1254 pvar->crypt_state.decrypt = cIDEA_decrypt;
1255 break;
1256 }
1257 case SSH_CIPHER_DES:{
1258 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1259 pvar->crypt_state.decrypt = cDES_decrypt;
1260 break;
1261 }
1262 case SSH_CIPHER_RC4:{
1263 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1264 pvar->crypt_state.decrypt = cRC4_decrypt;
1265 break;
1266 }
1267 case SSH_CIPHER_BLOWFISH:{
1268 cBlowfish_init(decryption_key,
1269 &pvar->crypt_state.dec.cBlowfish);
1270 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1271 break;
1272 }
1273 default:
1274 isOK = FALSE;
1275 }
1276 }
1277
1278
1279 if (!isOK) {
1280 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1281 "No cipher selected!");
1282 notify_fatal_error(pvar, pvar->ts->UIMsg);
1283 return FALSE;
1284 } else {
1285 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1286 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1287 return TRUE;
1288 }
1289 }
1290
1291 void CRYPT_init(PTInstVar pvar)
1292 {
1293 pvar->crypt_state.encrypt = no_encrypt;
1294 pvar->crypt_state.decrypt = no_encrypt;
1295 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1296 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1297 pvar->crypt_state.server_key.RSA_key = NULL;
1298 pvar->crypt_state.host_key.RSA_key = NULL;
1299
1300 pvar->crypt_state.detect_attack_statics.h = NULL;
1301 pvar->crypt_state.detect_attack_statics.n =
1302 HASH_MINSIZE / HASH_ENTRYSIZE;
1303 }
1304
1305 static char FAR *get_cipher_name(int cipher)
1306 {
1307 switch (cipher) {
1308 case SSH_CIPHER_NONE:
1309 return "None";
1310 case SSH_CIPHER_3DES:
1311 return "3DES (168 key bits)";
1312 case SSH_CIPHER_DES:
1313 return "DES (56 key bits)";
1314 case SSH_CIPHER_IDEA:
1315 return "IDEA (128 key bits)";
1316 case SSH_CIPHER_RC4:
1317 return "RC4 (128 key bits)";
1318 case SSH_CIPHER_BLOWFISH:
1319 return "Blowfish (256 key bits)";
1320
1321 // SSH2
1322 case SSH2_CIPHER_3DES_CBC:
1323 return "3DES-CBC";
1324 case SSH2_CIPHER_AES128:
1325 return "AES128";
1326 case SSH2_CIPHER_AES192:
1327 return "AES192";
1328 case SSH2_CIPHER_AES256:
1329 return "AES256";
1330 case SSH2_CIPHER_BLOWFISH:
1331 return "Blowfish";
1332
1333 default:
1334 return "Unknown";
1335 }
1336 }
1337
1338 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1339 {
1340 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1341 "%s to server, %s from server");
1342 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1343 get_cipher_name(pvar->crypt_state.sender_cipher),
1344 get_cipher_name(pvar->crypt_state.receiver_cipher));
1345 }
1346
1347 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1348 {
1349 if (SSHv1(pvar)) {
1350 if (pvar->crypt_state.server_key.RSA_key == NULL
1351 || pvar->crypt_state.host_key.RSA_key == NULL) {
1352 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1353 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1354 } else {
1355 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1356 "%d-bit server key, %d-bit host key");
1357 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1358 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1359 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1360 }
1361 } else { // SSH2
1362 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1363 "%d-bit server key, %d-bit host key");
1364 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1365 pvar->server_key_bits,
1366 pvar->client_key_bits);
1367 }
1368 }
1369
1370 static void destroy_public_key(CRYPTPublicKey FAR * key)
1371 {
1372 if (key->RSA_key != NULL) {
1373 RSA_free(key->RSA_key);
1374 key->RSA_key = NULL;
1375 }
1376 }
1377
1378 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1379 {
1380 destroy_public_key(key);
1381 free(key);
1382 }
1383
1384 void CRYPT_end(PTInstVar pvar)
1385 {
1386 destroy_public_key(&pvar->crypt_state.host_key);
1387 destroy_public_key(&pvar->crypt_state.server_key);
1388
1389 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1390 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1391 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1392 free(pvar->crypt_state.detect_attack_statics.h);
1393 }
1394
1395 memset(pvar->crypt_state.sender_cipher_key, 0,
1396 sizeof(pvar->crypt_state.sender_cipher_key));
1397 memset(pvar->crypt_state.receiver_cipher_key, 0,
1398 sizeof(pvar->crypt_state.receiver_cipher_key));
1399 memset(pvar->crypt_state.server_cookie, 0,
1400 sizeof(pvar->crypt_state.server_cookie));
1401 memset(pvar->crypt_state.client_cookie, 0,
1402 sizeof(pvar->crypt_state.client_cookie));
1403 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1404 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1405 }
1406
1407 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1408 char FAR * buf, int bytes)
1409 {
1410 unsigned char passphrase_key[16];
1411
1412 MD5(passphrase, strlen(passphrase), passphrase_key);
1413
1414 switch (cipher) {
1415 case SSH_CIPHER_3DES:{
1416 Cipher3DESState state;
1417
1418 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1419 &state.k1);
1420 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1421 &state.k2);
1422 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1423 &state.k3);
1424 memset(state.ivec1, 0, 8);
1425 memset(state.ivec2, 0, 8);
1426 memset(state.ivec3, 0, 8);
1427 DES_ncbc_encrypt(buf, buf, bytes,
1428 &state.k3, &state.ivec3, DES_DECRYPT);
1429 DES_ncbc_encrypt(buf, buf, bytes,
1430 &state.k2, &state.ivec2, DES_ENCRYPT);
1431 DES_ncbc_encrypt(buf, buf, bytes,
1432 &state.k1, &state.ivec1, DES_DECRYPT);
1433 break;
1434 }
1435
1436 case SSH_CIPHER_IDEA:{
1437 CipherIDEAState state;
1438 int num = 0;
1439
1440 cIDEA_init(passphrase_key, &state);
1441 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1442 &num, IDEA_DECRYPT);
1443 break;
1444 }
1445
1446 case SSH_CIPHER_DES:{
1447 CipherDESState state;
1448
1449 cDES_init(passphrase_key, &state);
1450 DES_ncbc_encrypt(buf, buf, bytes,
1451 &state.k, &state.ivec, DES_DECRYPT);
1452 break;
1453 }
1454
1455 case SSH_CIPHER_RC4:{
1456 CipherRC4State state;
1457 int num = 0;
1458
1459 RC4_set_key(&state.k, 16, passphrase_key);
1460 RC4(&state.k, bytes, buf, buf);
1461 break;
1462 }
1463
1464 case SSH_CIPHER_BLOWFISH:{
1465 CipherBlowfishState state;
1466
1467 BF_set_key(&state.k, 16, passphrase_key);
1468 memset(state.ivec, 0, 8);
1469 flip_endianness(buf, bytes);
1470 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1471 BF_DECRYPT);
1472 flip_endianness(buf, bytes);
1473 break;
1474 }
1475
1476 case SSH_CIPHER_NONE:
1477 break;
1478
1479 default:
1480 memset(passphrase_key, 0, sizeof(passphrase_key));
1481 return 0;
1482 }
1483
1484 memset(passphrase_key, 0, sizeof(passphrase_key));
1485 return 1;
1486 }
1487
1488 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1489 {
1490 if (key_pair->RSA_key != NULL)
1491 RSA_free(key_pair->RSA_key);
1492
1493 if (key_pair->DSA_key != NULL)
1494 DSA_free(key_pair->DSA_key);
1495
1496 free(key_pair);
1497 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help