Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3134 - (show annotations) (download) (as text)
Fri Jun 20 11:58:47 2008 UTC (15 years, 9 months ago) by doda
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 45015 byte(s) 
・TeraTerm -> Tera Term
・その他細かい修正
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.21 2008-06-20 11:58:47 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226 if (bytes == 0)
227 goto error;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 unsigned char *newbuf = malloc(bytes);
270 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271
272 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
273 if (bytes == 0)
274 goto error;
275
276 if (newbuf == NULL)
277 return;
278
279 if (bytes % block_size) {
280 char tmp[80];
281 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 "AES128 decrypt error(1): bytes %d (%d)");
283 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 notify_fatal_error(pvar, tmp);
285 goto error;
286 }
287
288 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 goto error;
293
294 } else {
295 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 unsigned char *newbuf = malloc(bytes);
319 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320
321 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
322 if (bytes == 0)
323 goto error;
324
325 if (newbuf == NULL)
326 return;
327
328 if (bytes % block_size) {
329 char tmp[80];
330 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331 "3DES-CBC encrypt error(1): bytes %d (%d)");
332 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333 pvar->ts->UIMsg, bytes, block_size);
334 notify_fatal_error(pvar, tmp);
335 goto error;
336 }
337
338 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340 "3DES-CBC encrypt error(2)");
341 notify_fatal_error(pvar, pvar->ts->UIMsg);
342 goto error;
343
344 } else {
345 //unsigned char key[24], iv[8];
346 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
348 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349
350 //debug_print(50, key, 24);
351 //debug_print(51, iv, 8);
352 //debug_print(52, buf, bytes);
353 //debug_print(53, newbuf, bytes);
354
355 memcpy(buf, newbuf, bytes);
356 }
357
358 error:
359 free(newbuf);
360 }
361
362 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367
368 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369 if (bytes == 0)
370 goto error;
371
372 if (newbuf == NULL)
373 return;
374
375 if (bytes % block_size) {
376 char tmp[80];
377 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378 "3DES-CBC decrypt error(1): bytes %d (%d)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380 notify_fatal_error(pvar, tmp);
381 goto error;
382 }
383
384 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386 "3DES-CBC decrypt error(2)");
387 notify_fatal_error(pvar, pvar->ts->UIMsg);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414
415 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
416 if (bytes == 0)
417 goto error;
418
419 if (newbuf == NULL)
420 return;
421
422 if (bytes % block_size) {
423 char tmp[80];
424 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425 "Blowfish encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427 pvar->ts->UIMsg, bytes, block_size);
428 notify_fatal_error(pvar, tmp);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434 "Blowfish encrypt error(2)");
435 notify_fatal_error(pvar, pvar->ts->UIMsg);
436 goto error;
437
438 } else {
439 memcpy(buf, newbuf, bytes);
440
441 }
442
443 error:
444 free(newbuf);
445 }
446
447 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448 int bytes)
449 {
450 unsigned char *newbuf = malloc(bytes);
451 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452
453 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
454 if (bytes == 0)
455 goto error;
456
457 if (newbuf == NULL)
458 return;
459
460 if (bytes % block_size) {
461 char tmp[80];
462 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463 "Blowfish decrypt error(1): bytes %d (%d)");
464 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465 notify_fatal_error(pvar, tmp);
466 goto error;
467 }
468
469 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471 "Blowfish decrypt error(2)");
472 notify_fatal_error(pvar, pvar->ts->UIMsg);
473 goto error;
474
475 } else {
476 memcpy(buf, newbuf, bytes);
477
478 }
479
480 error:
481 free(newbuf);
482 }
483
484
485
486 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
487 int bytes)
488 {
489 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
490
491 DES_ncbc_encrypt(buf, buf, bytes,
492 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
493 DES_ncbc_encrypt(buf, buf, bytes,
494 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
495 DES_ncbc_encrypt(buf, buf, bytes,
496 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
497 }
498
499 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
500 int bytes)
501 {
502 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
503
504 DES_ncbc_encrypt(buf, buf, bytes,
505 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
506 DES_ncbc_encrypt(buf, buf, bytes,
507 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
508 DES_ncbc_encrypt(buf, buf, bytes,
509 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
510 }
511
512 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
513 int bytes)
514 {
515 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
516
517 DES_ncbc_encrypt(buf, buf, bytes,
518 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
519 }
520
521 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
522 int bytes)
523 {
524 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
525
526 DES_ncbc_encrypt(buf, buf, bytes,
527 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
528 }
529
530 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531 int bytes)
532 {
533 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
534 int num = 0;
535
536 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
537 encryptstate->ivec, &num, IDEA_ENCRYPT);
538 }
539
540 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
541 int bytes)
542 {
543 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
544 int num = 0;
545
546 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
547 decryptstate->ivec, &num, IDEA_DECRYPT);
548 }
549
550 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
551 {
552 uint32 FAR *buf = (uint32 FAR *) cbuf;
553 int count = bytes / 4;
554
555 while (count > 0) {
556 uint32 w = *buf;
557
558 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
559 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
560 count--;
561 buf++;
562 }
563 }
564
565 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
566 int bytes)
567 {
568 CipherBlowfishState FAR *encryptstate =
569 &pvar->crypt_state.enc.cBlowfish;
570
571 flip_endianness(buf, bytes);
572 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
573 BF_ENCRYPT);
574 flip_endianness(buf, bytes);
575 }
576
577 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
578 int bytes)
579 {
580 CipherBlowfishState FAR *decryptstate =
581 &pvar->crypt_state.dec.cBlowfish;
582
583 flip_endianness(buf, bytes);
584 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
585 BF_DECRYPT);
586 flip_endianness(buf, bytes);
587 }
588
589 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
590 int bytes)
591 {
592 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
593 int num = 0;
594
595 RC4(&encryptstate->k, bytes, buf, buf);
596 }
597
598 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
599 int bytes)
600 {
601 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
602 int num = 0;
603
604 RC4(&decryptstate->k, bytes, buf, buf);
605 }
606
607 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
608 int bytes)
609 {
610 RAND_bytes(buf, bytes);
611 }
612
613 void CRYPT_initialize_random_numbers(PTInstVar pvar)
614 {
615 RAND_screen();
616 }
617
618 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
619 {
620 int bits = get_ushort16_MSBfirst(bytes);
621
622 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
623 }
624
625 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
626 RSA FAR *make_key(PTInstVar pvar,
627 int bits, unsigned char FAR * exp,
628 unsigned char FAR * mod)
629 {
630 RSA FAR *key = RSA_new();
631
632 if (key != NULL) {
633 key->e = get_bignum(exp);
634 key->n = get_bignum(mod);
635 }
636
637 if (key == NULL || key->e == NULL || key->n == NULL) {
638 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
639 "Error setting up RSA keys");
640 notify_fatal_error(pvar, pvar->ts->UIMsg);
641
642 if (key != NULL) {
643 if (key->e != NULL) {
644 BN_free(key->e);
645 }
646 if (key->n != NULL) {
647 BN_free(key->n);
648 }
649 RSA_free(key);
650 }
651
652 return NULL;
653 } else {
654 return key;
655 }
656 }
657
658 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
659 {
660 if (SSHv1(pvar)) {
661 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
662 } else {
663 memcpy(pvar->crypt_state.server_cookie, cookie,
664 SSH2_COOKIE_LENGTH);
665 }
666 }
667
668 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
669 {
670 if (SSHv2(pvar)) {
671 memcpy(pvar->crypt_state.client_cookie, cookie,
672 SSH2_COOKIE_LENGTH);
673 }
674 }
675
676 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
677 int bits, unsigned char FAR * exp,
678 unsigned char FAR * mod)
679 {
680 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
681
682 return pvar->crypt_state.server_key.RSA_key != NULL;
683 }
684
685 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
686 int bits, unsigned char FAR * exp,
687 unsigned char FAR * mod)
688 {
689 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
690
691 return pvar->crypt_state.host_key.RSA_key != NULL;
692 }
693
694 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
695 int receiver_ciphers)
696 {
697 int cipher_mask;
698
699 if (SSHv1(pvar)) {
700 cipher_mask = (1 << SSH_CIPHER_DES)
701 | (1 << SSH_CIPHER_3DES)
702 | (1 << SSH_CIPHER_BLOWFISH);
703
704 } else { // for SSH2(yutaka)
705 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
706 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
707 | (1 << SSH2_CIPHER_AES128)
708 | (1 << SSH2_CIPHER_BLOWFISH)
709 | (1 << SSH2_CIPHER_AES192)
710 | (1 << SSH2_CIPHER_AES256);
711 }
712
713 sender_ciphers &= cipher_mask;
714 receiver_ciphers &= cipher_mask;
715 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
716 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
717
718 if (sender_ciphers == 0) {
719 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
720 "The server does not support any of the TTSSH encryption algorithms.\n"
721 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
722 "The connection will be closed.");
723 notify_fatal_error(pvar, pvar->ts->UIMsg);
724 return FALSE;
725 } else if (receiver_ciphers == 0) {
726 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
727 "The server does not support any of the TTSSH encryption algorithms.\n"
728 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
729 "The connection will be closed.");
730 notify_fatal_error(pvar, pvar->ts->UIMsg);
731 return FALSE;
732 } else {
733 return TRUE;
734 }
735 }
736
737 int CRYPT_get_decryption_block_size(PTInstVar pvar)
738 {
739 if (SSHv1(pvar)) {
740 return 8;
741 } else {
742 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
743 // cf. 3DES=8, AES128=16
744 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
745 }
746 }
747
748 int CRYPT_get_encryption_block_size(PTInstVar pvar)
749 {
750 if (SSHv1(pvar)) {
751 return 8;
752 } else {
753 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
754 // cf. 3DES=8, AES128=16
755 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
756 }
757 }
758
759 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
760 {
761 struct Mac *mac;
762
763 if (SSHv1(pvar)) {
764 return 0;
765
766 } else { // for SSH2(yutaka)
767 mac = &pvar->ssh2_keys[MODE_IN].mac;
768 if (mac == NULL || mac->enabled == 0)
769 return 0;
770
771 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
772 }
773
774 }
775
776 // HMAC������
777 // ���{������ SSH2 �������g�p�������B
778 // (2004.12.17 yutaka)
779 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
780 char FAR * data, int len, char FAR * MAC)
781 {
782 HMAC_CTX c;
783 unsigned char m[EVP_MAX_MD_SIZE];
784 unsigned char b[4];
785 struct Mac *mac;
786
787 mac = &pvar->ssh2_keys[MODE_IN].mac;
788
789 // HMAC�������L���������������A����OK�����������B
790 if (mac == NULL || mac->enabled == 0)
791 return TRUE;
792
793 if (mac->key == NULL)
794 goto error;
795
796 if ((u_int)mac->mac_len > sizeof(m))
797 goto error;
798
799 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
800 set_uint32_MSBfirst(b, sequence_number);
801 HMAC_Update(&c, b, sizeof(b));
802 HMAC_Update(&c, data, len);
803 HMAC_Final(&c, m, NULL);
804 HMAC_cleanup(&c);
805
806 if (memcmp(m, MAC, mac->mac_len)) {
807 goto error;
808 }
809
810 return TRUE;
811
812 error:
813 return FALSE;
814 }
815
816 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
817 {
818 struct Mac *mac;
819
820 if (SSHv2(pvar)) { // for SSH2(yutaka)
821 mac = &pvar->ssh2_keys[MODE_OUT].mac;
822 if (mac == NULL || mac->enabled == 0)
823 return 0;
824
825 return (mac->mac_len);
826 }
827
828 return 0;
829 }
830
831 // for SSH2
832 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
833 char FAR * data, int len, char FAR * MAC)
834 {
835 HMAC_CTX c;
836 static u_char m[EVP_MAX_MD_SIZE];
837 u_char b[4];
838 struct Mac *mac;
839
840 if (SSHv2(pvar)) { // for SSH2(yutaka)
841 mac = &pvar->ssh2_keys[MODE_OUT].mac;
842 if (mac == NULL || mac->enabled == 0)
843 return FALSE;
844
845 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
846 set_uint32_MSBfirst(b, sequence_number);
847 HMAC_Update(&c, b, sizeof(b));
848 HMAC_Update(&c, data, len);
849 HMAC_Final(&c, m, NULL);
850 HMAC_cleanup(&c);
851
852 // 20�o�C�g�������R�s�[
853 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
854 // memcpy(MAC, m, sizeof(m));
855
856 return TRUE;
857 }
858
859 return TRUE;
860
861 }
862
863 static int choose_cipher(PTInstVar pvar, int supported)
864 {
865 int i;
866
867 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
868 int cipher = pvar->session_settings.CipherOrder[i] - '0';
869
870 if (cipher == SSH_CIPHER_NONE) {
871 break;
872 } else if ((supported & (1 << cipher)) != 0) {
873 return cipher;
874 }
875 }
876
877 return SSH_CIPHER_NONE;
878 }
879
880 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
881 {
882 if (SSHv1(pvar)) {
883 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
884 pvar->crypt_state.
885 supported_sender_ciphers);
886 pvar->crypt_state.receiver_cipher =
887 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
888
889 } else { // SSH2(yutaka)
890 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
891 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
892
893 }
894
895 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
896 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
897 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
898 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
899 "To communicate with this server, you will have to enable some more ciphers\n"
900 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
901 "This connection will now close.");
902 notify_fatal_error(pvar, pvar->ts->UIMsg);
903 return FALSE;
904 } else {
905 return TRUE;
906 }
907 }
908
909 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
910 {
911 int server_key_bits =
912 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
913 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
914 int server_key_bytes = (server_key_bits + 7) / 8;
915 int host_key_bytes = (host_key_bits + 7) / 8;
916
917 if (server_key_bits < host_key_bits) {
918 return host_key_bytes;
919 } else {
920 return server_key_bytes;
921 }
922 }
923
924 int CRYPT_choose_session_key(PTInstVar pvar,
925 unsigned char FAR * encrypted_key_buf)
926 {
927 int server_key_bits =
928 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
929 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
930 int server_key_bytes = (server_key_bits + 7) / 8;
931 int host_key_bytes = (host_key_bits + 7) / 8;
932 int encrypted_key_bytes;
933 int bit_delta;
934
935 if (server_key_bits < host_key_bits) {
936 encrypted_key_bytes = host_key_bytes;
937 bit_delta = host_key_bits - server_key_bits;
938 } else {
939 encrypted_key_bytes = server_key_bytes;
940 bit_delta = server_key_bits - host_key_bits;
941 }
942
943 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
944 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
945 "Server RSA keys are too weak. A secure connection cannot be established.");
946 notify_fatal_error(pvar, pvar->ts->UIMsg);
947 return 0;
948 } else {
949 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
950 for the session ID, rather than the one specified in the RFC */
951 int session_buf_len = server_key_bytes + host_key_bytes + 8;
952 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
953 char session_id[16];
954 int i;
955
956 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
957 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
958 session_buf + host_key_bytes);
959 memcpy(session_buf + server_key_bytes + host_key_bytes,
960 pvar->crypt_state.server_cookie, 8);
961 MD5(session_buf, session_buf_len, session_id);
962
963 free(session_buf);
964
965 RAND_bytes(pvar->crypt_state.sender_cipher_key,
966 SSH_SESSION_KEY_LENGTH);
967 memcpy(pvar->crypt_state.receiver_cipher_key,
968 pvar->crypt_state.sender_cipher_key,
969 SSH_SESSION_KEY_LENGTH);
970
971 memcpy(encrypted_key_buf + encrypted_key_bytes -
972 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
973 SSH_SESSION_KEY_LENGTH);
974 for (i = 0; i < sizeof(session_id); i++) {
975 encrypted_key_buf[encrypted_key_bytes -
976 SSH_SESSION_KEY_LENGTH + i]
977 ^= session_id[i];
978 }
979
980 if (host_key_bits > server_key_bits) {
981 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
982 encrypted_key_buf +
983 encrypted_key_bytes -
984 SSH_SESSION_KEY_LENGTH,
985 encrypted_key_buf +
986 encrypted_key_bytes - server_key_bytes,
987 pvar->crypt_state.server_key.RSA_key,
988 RSA_PKCS1_PADDING) < 0)
989 return 0;
990
991 if (RSA_public_encrypt(server_key_bytes,
992 encrypted_key_buf +
993 encrypted_key_bytes - server_key_bytes,
994 encrypted_key_buf,
995 pvar->crypt_state.host_key.RSA_key,
996 RSA_PKCS1_PADDING) < 0)
997 return 0;
998 } else {
999 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1000 encrypted_key_buf +
1001 encrypted_key_bytes -
1002 SSH_SESSION_KEY_LENGTH,
1003 encrypted_key_buf +
1004 encrypted_key_bytes - host_key_bytes,
1005 pvar->crypt_state.host_key.RSA_key,
1006 RSA_PKCS1_PADDING) < 0)
1007 return 0;
1008
1009 if (RSA_public_encrypt(host_key_bytes,
1010 encrypted_key_buf +
1011 encrypted_key_bytes - host_key_bytes,
1012 encrypted_key_buf,
1013 pvar->crypt_state.server_key.RSA_key,
1014 RSA_PKCS1_PADDING) < 0)
1015 return 0;
1016 }
1017 }
1018
1019 return 1;
1020 }
1021
1022 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1023 unsigned char FAR * challenge,
1024 int challenge_len,
1025 unsigned char FAR * response)
1026 {
1027 int server_key_bits =
1028 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1029 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1030 int server_key_bytes = (server_key_bits + 7) / 8;
1031 int host_key_bytes = (host_key_bits + 7) / 8;
1032 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1033 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1034 char decrypted_challenge[48];
1035 int decrypted_challenge_len;
1036
1037 decrypted_challenge_len =
1038 RSA_private_decrypt(challenge_len, challenge, challenge,
1039 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1040 RSA_PKCS1_PADDING);
1041 if (decrypted_challenge_len < 0) {
1042 free(session_buf);
1043 return 0;
1044 }
1045 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1046 memcpy(decrypted_challenge,
1047 challenge + decrypted_challenge_len -
1048 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1049 } else {
1050 memset(decrypted_challenge, 0,
1051 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1052 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1053 decrypted_challenge_len, challenge,
1054 decrypted_challenge_len);
1055 }
1056
1057 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1058 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1059 session_buf + host_key_bytes);
1060 memcpy(session_buf + server_key_bytes + host_key_bytes,
1061 pvar->crypt_state.server_cookie, 8);
1062 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1063
1064 free(session_buf);
1065
1066 MD5(decrypted_challenge, 48, response);
1067
1068 return 1;
1069 }
1070
1071 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1072 {
1073 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1074 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1075 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1076 memset(state->ivec1, 0, 8);
1077 memset(state->ivec2, 0, 8);
1078 memset(state->ivec3, 0, 8);
1079 }
1080
1081 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1082 {
1083 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1084 memset(state->ivec, 0, 8);
1085 }
1086
1087 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1088 {
1089 idea_set_encrypt_key(session_key, &state->k);
1090 memset(state->ivec, 0, 8);
1091 }
1092
1093 static void cBlowfish_init(char FAR * session_key,
1094 CipherBlowfishState FAR * state)
1095 {
1096 BF_set_key(&state->k, 32, session_key);
1097 memset(state->ivec, 0, 8);
1098 }
1099
1100
1101 //
1102 // SSH2�p�A���S���Y����������
1103 //
1104 // for SSH2(yutaka)
1105 //
1106 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1107 const u_char *key, u_int keylen,
1108 const u_char *iv, u_int ivlen,
1109 int encrypt,
1110 const EVP_CIPHER *type,
1111 PTInstVar pvar)
1112 {
1113 int klen;
1114 char tmp[80];
1115
1116 EVP_CIPHER_CTX_init(evp);
1117 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1118 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1119 "Cipher initialize error(%d)");
1120 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1121 notify_fatal_error(pvar, tmp);
1122 return;
1123 }
1124
1125 klen = EVP_CIPHER_CTX_key_length(evp);
1126 if (klen > 0 && keylen != klen) {
1127 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1128 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1129 "Cipher initialize error(%d)");
1130 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1131 notify_fatal_error(pvar, tmp);
1132 return;
1133 }
1134 }
1135 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1136 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1137 "Cipher initialize error(%d)");
1138 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1139 notify_fatal_error(pvar, tmp);
1140 return;
1141 }
1142 }
1143
1144
1145 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1146 {
1147 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1148 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1149 BOOL isOK = TRUE;
1150
1151 if (sender_flag) {
1152 switch (pvar->crypt_state.sender_cipher) {
1153 // for SSH2(yutaka)
1154 case SSH2_CIPHER_3DES_CBC:
1155 {
1156 struct Enc *enc;
1157
1158 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1159 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1160 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1161 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1162 CIPHER_ENCRYPT,
1163 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1164 pvar);
1165
1166 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1167 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1168
1169 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1170 break;
1171 }
1172
1173 // for SSH2(yutaka)
1174 case SSH2_CIPHER_AES128:
1175 case SSH2_CIPHER_AES192:
1176 case SSH2_CIPHER_AES256:
1177 {
1178 struct Enc *enc;
1179
1180 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1181 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1182 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1183 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1184 CIPHER_ENCRYPT,
1185 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1186 pvar);
1187
1188 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1189 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1190
1191 pvar->crypt_state.encrypt = cAES128_encrypt;
1192 break;
1193 }
1194
1195 case SSH2_CIPHER_BLOWFISH:
1196 {
1197 struct Enc *enc;
1198
1199 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1200 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1201 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1202 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1203 CIPHER_ENCRYPT,
1204 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1205 pvar);
1206
1207 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1208 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1209
1210 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1211 break;
1212 }
1213
1214 case SSH_CIPHER_3DES:{
1215 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1216 pvar->crypt_state.encrypt = c3DES_encrypt;
1217 break;
1218 }
1219 case SSH_CIPHER_IDEA:{
1220 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1221 pvar->crypt_state.encrypt = cIDEA_encrypt;
1222 break;
1223 }
1224 case SSH_CIPHER_DES:{
1225 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1226 pvar->crypt_state.encrypt = cDES_encrypt;
1227 break;
1228 }
1229 case SSH_CIPHER_RC4:{
1230 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1231 encryption_key + 16);
1232 pvar->crypt_state.encrypt = cRC4_encrypt;
1233 break;
1234 }
1235 case SSH_CIPHER_BLOWFISH:{
1236 cBlowfish_init(encryption_key,
1237 &pvar->crypt_state.enc.cBlowfish);
1238 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1239 break;
1240 }
1241 default:
1242 isOK = FALSE;
1243 }
1244 }
1245
1246
1247 if (receiver_flag) {
1248 switch (pvar->crypt_state.receiver_cipher) {
1249 // for SSH2(yutaka)
1250 case SSH2_CIPHER_3DES_CBC:
1251 {
1252 struct Enc *enc;
1253
1254 enc = &pvar->ssh2_keys[MODE_IN].enc;
1255 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1256 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1257 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1258 CIPHER_DECRYPT,
1259 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1260 pvar);
1261
1262 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1263 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1264
1265 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1266 break;
1267 }
1268
1269 // for SSH2(yutaka)
1270 case SSH2_CIPHER_AES128:
1271 case SSH2_CIPHER_AES192:
1272 case SSH2_CIPHER_AES256:
1273 {
1274 struct Enc *enc;
1275
1276 enc = &pvar->ssh2_keys[MODE_IN].enc;
1277 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1278 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1279 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1280 CIPHER_DECRYPT,
1281 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1282 pvar);
1283
1284 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1285 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1286
1287 pvar->crypt_state.decrypt = cAES128_decrypt;
1288 break;
1289 }
1290
1291 case SSH2_CIPHER_BLOWFISH:
1292 {
1293 struct Enc *enc;
1294
1295 enc = &pvar->ssh2_keys[MODE_IN].enc;
1296 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1297 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1298 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1299 CIPHER_DECRYPT,
1300 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1301 pvar);
1302
1303 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1304 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1305
1306 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1307 break;
1308 }
1309
1310 case SSH_CIPHER_3DES:{
1311 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1312 pvar->crypt_state.decrypt = c3DES_decrypt;
1313 break;
1314 }
1315 case SSH_CIPHER_IDEA:{
1316 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1317 pvar->crypt_state.decrypt = cIDEA_decrypt;
1318 break;
1319 }
1320 case SSH_CIPHER_DES:{
1321 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1322 pvar->crypt_state.decrypt = cDES_decrypt;
1323 break;
1324 }
1325 case SSH_CIPHER_RC4:{
1326 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1327 pvar->crypt_state.decrypt = cRC4_decrypt;
1328 break;
1329 }
1330 case SSH_CIPHER_BLOWFISH:{
1331 cBlowfish_init(decryption_key,
1332 &pvar->crypt_state.dec.cBlowfish);
1333 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1334 break;
1335 }
1336 default:
1337 isOK = FALSE;
1338 }
1339 }
1340
1341
1342 if (!isOK) {
1343 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1344 "No cipher selected!");
1345 notify_fatal_error(pvar, pvar->ts->UIMsg);
1346 return FALSE;
1347 } else {
1348 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1349 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1350 return TRUE;
1351 }
1352 }
1353
1354 void CRYPT_init(PTInstVar pvar)
1355 {
1356 pvar->crypt_state.encrypt = no_encrypt;
1357 pvar->crypt_state.decrypt = no_encrypt;
1358 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1359 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1360 pvar->crypt_state.server_key.RSA_key = NULL;
1361 pvar->crypt_state.host_key.RSA_key = NULL;
1362
1363 pvar->crypt_state.detect_attack_statics.h = NULL;
1364 pvar->crypt_state.detect_attack_statics.n =
1365 HASH_MINSIZE / HASH_ENTRYSIZE;
1366 }
1367
1368 static char FAR *get_cipher_name(int cipher)
1369 {
1370 switch (cipher) {
1371 case SSH_CIPHER_NONE:
1372 return "None";
1373 case SSH_CIPHER_3DES:
1374 return "3DES (168 key bits)";
1375 case SSH_CIPHER_DES:
1376 return "DES (56 key bits)";
1377 case SSH_CIPHER_IDEA:
1378 return "IDEA (128 key bits)";
1379 case SSH_CIPHER_RC4:
1380 return "RC4 (128 key bits)";
1381 case SSH_CIPHER_BLOWFISH:
1382 return "Blowfish (256 key bits)";
1383
1384 // SSH2
1385 case SSH2_CIPHER_3DES_CBC:
1386 return "3DES-CBC";
1387 case SSH2_CIPHER_AES128:
1388 return "AES128";
1389 case SSH2_CIPHER_AES192:
1390 return "AES192";
1391 case SSH2_CIPHER_AES256:
1392 return "AES256";
1393 case SSH2_CIPHER_BLOWFISH:
1394 return "Blowfish";
1395
1396 default:
1397 return "Unknown";
1398 }
1399 }
1400
1401 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1402 {
1403 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1404 "%s to server, %s from server");
1405 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1406 get_cipher_name(pvar->crypt_state.sender_cipher),
1407 get_cipher_name(pvar->crypt_state.receiver_cipher));
1408 }
1409
1410 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1411 {
1412 if (SSHv1(pvar)) {
1413 if (pvar->crypt_state.server_key.RSA_key == NULL
1414 || pvar->crypt_state.host_key.RSA_key == NULL) {
1415 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1416 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1417 } else {
1418 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1419 "%d-bit server key, %d-bit host key");
1420 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1421 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1422 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1423 }
1424 } else { // SSH2
1425 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1426 "%d-bit server key, %d-bit host key");
1427 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1428 pvar->server_key_bits,
1429 pvar->client_key_bits);
1430 }
1431 }
1432
1433 static void destroy_public_key(CRYPTPublicKey FAR * key)
1434 {
1435 if (key->RSA_key != NULL) {
1436 RSA_free(key->RSA_key);
1437 key->RSA_key = NULL;
1438 }
1439 }
1440
1441 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1442 {
1443 destroy_public_key(key);
1444 free(key);
1445 }
1446
1447 void CRYPT_end(PTInstVar pvar)
1448 {
1449 destroy_public_key(&pvar->crypt_state.host_key);
1450 destroy_public_key(&pvar->crypt_state.server_key);
1451
1452 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1453 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1454 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1455 free(pvar->crypt_state.detect_attack_statics.h);
1456 }
1457
1458 memset(pvar->crypt_state.sender_cipher_key, 0,
1459 sizeof(pvar->crypt_state.sender_cipher_key));
1460 memset(pvar->crypt_state.receiver_cipher_key, 0,
1461 sizeof(pvar->crypt_state.receiver_cipher_key));
1462 memset(pvar->crypt_state.server_cookie, 0,
1463 sizeof(pvar->crypt_state.server_cookie));
1464 memset(pvar->crypt_state.client_cookie, 0,
1465 sizeof(pvar->crypt_state.client_cookie));
1466 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1467 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1468 }
1469
1470 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1471 char FAR * buf, int bytes)
1472 {
1473 unsigned char passphrase_key[16];
1474
1475 MD5(passphrase, strlen(passphrase), passphrase_key);
1476
1477 switch (cipher) {
1478 case SSH_CIPHER_3DES:{
1479 Cipher3DESState state;
1480
1481 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1482 &state.k1);
1483 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1484 &state.k2);
1485 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1486 &state.k3);
1487 memset(state.ivec1, 0, 8);
1488 memset(state.ivec2, 0, 8);
1489 memset(state.ivec3, 0, 8);
1490 DES_ncbc_encrypt(buf, buf, bytes,
1491 &state.k3, &state.ivec3, DES_DECRYPT);
1492 DES_ncbc_encrypt(buf, buf, bytes,
1493 &state.k2, &state.ivec2, DES_ENCRYPT);
1494 DES_ncbc_encrypt(buf, buf, bytes,
1495 &state.k1, &state.ivec1, DES_DECRYPT);
1496 break;
1497 }
1498
1499 case SSH_CIPHER_IDEA:{
1500 CipherIDEAState state;
1501 int num = 0;
1502
1503 cIDEA_init(passphrase_key, &state);
1504 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1505 &num, IDEA_DECRYPT);
1506 break;
1507 }
1508
1509 case SSH_CIPHER_DES:{
1510 CipherDESState state;
1511
1512 cDES_init(passphrase_key, &state);
1513 DES_ncbc_encrypt(buf, buf, bytes,
1514 &state.k, &state.ivec, DES_DECRYPT);
1515 break;
1516 }
1517
1518 case SSH_CIPHER_RC4:{
1519 CipherRC4State state;
1520 int num = 0;
1521
1522 RC4_set_key(&state.k, 16, passphrase_key);
1523 RC4(&state.k, bytes, buf, buf);
1524 break;
1525 }
1526
1527 case SSH_CIPHER_BLOWFISH:{
1528 CipherBlowfishState state;
1529
1530 BF_set_key(&state.k, 16, passphrase_key);
1531 memset(state.ivec, 0, 8);
1532 flip_endianness(buf, bytes);
1533 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1534 BF_DECRYPT);
1535 flip_endianness(buf, bytes);
1536 break;
1537 }
1538
1539 case SSH_CIPHER_NONE:
1540 break;
1541
1542 default:
1543 memset(passphrase_key, 0, sizeof(passphrase_key));
1544 return 0;
1545 }
1546
1547 memset(passphrase_key, 0, sizeof(passphrase_key));
1548 return 1;
1549 }
1550
1551 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1552 {
1553 if (key_pair->RSA_key != NULL)
1554 RSA_free(key_pair->RSA_key);
1555
1556 if (key_pair->DSA_key != NULL)
1557 DSA_free(key_pair->DSA_key);
1558
1559 free(key_pair);
1560 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help