Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3159 - (show annotations) (download) (as text)
Tue Nov 18 06:24:09 2008 UTC (15 years, 4 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 45610 byte(s) 
SSH2 の AES CTR をサポート(yasuhide)
http://jvn.jp/niscc/CPNI-957037/
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.24 2008-11-18 06:24:09 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226 if (bytes == 0)
227 goto error;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128/192/256 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128/192/256 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 unsigned char *newbuf = malloc(bytes);
270 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271
272 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
273 if (bytes == 0)
274 goto error;
275
276 if (newbuf == NULL)
277 return;
278
279 if (bytes % block_size) {
280 char tmp[80];
281 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 "AES128/192/256 decrypt error(1): bytes %d (%d)");
283 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 notify_fatal_error(pvar, tmp);
285 goto error;
286 }
287
288 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128/192/256 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 goto error;
293
294 } else {
295 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 unsigned char *newbuf = malloc(bytes);
319 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320
321 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
322 if (bytes == 0)
323 goto error;
324
325 if (newbuf == NULL)
326 return;
327
328 if (bytes % block_size) {
329 char tmp[80];
330 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331 "3DES-CBC encrypt error(1): bytes %d (%d)");
332 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333 pvar->ts->UIMsg, bytes, block_size);
334 notify_fatal_error(pvar, tmp);
335 goto error;
336 }
337
338 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340 "3DES-CBC encrypt error(2)");
341 notify_fatal_error(pvar, pvar->ts->UIMsg);
342 goto error;
343
344 } else {
345 //unsigned char key[24], iv[8];
346 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
348 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349
350 //debug_print(50, key, 24);
351 //debug_print(51, iv, 8);
352 //debug_print(52, buf, bytes);
353 //debug_print(53, newbuf, bytes);
354
355 memcpy(buf, newbuf, bytes);
356 }
357
358 error:
359 free(newbuf);
360 }
361
362 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367
368 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369 if (bytes == 0)
370 goto error;
371
372 if (newbuf == NULL)
373 return;
374
375 if (bytes % block_size) {
376 char tmp[80];
377 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378 "3DES-CBC decrypt error(1): bytes %d (%d)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380 notify_fatal_error(pvar, tmp);
381 goto error;
382 }
383
384 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386 "3DES-CBC decrypt error(2)");
387 notify_fatal_error(pvar, pvar->ts->UIMsg);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414
415 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
416 if (bytes == 0)
417 goto error;
418
419 if (newbuf == NULL)
420 return;
421
422 if (bytes % block_size) {
423 char tmp[80];
424 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425 "Blowfish encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427 pvar->ts->UIMsg, bytes, block_size);
428 notify_fatal_error(pvar, tmp);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434 "Blowfish encrypt error(2)");
435 notify_fatal_error(pvar, pvar->ts->UIMsg);
436 goto error;
437
438 } else {
439 memcpy(buf, newbuf, bytes);
440
441 }
442
443 error:
444 free(newbuf);
445 }
446
447 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448 int bytes)
449 {
450 unsigned char *newbuf = malloc(bytes);
451 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452
453 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
454 if (bytes == 0)
455 goto error;
456
457 if (newbuf == NULL)
458 return;
459
460 if (bytes % block_size) {
461 char tmp[80];
462 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463 "Blowfish decrypt error(1): bytes %d (%d)");
464 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465 notify_fatal_error(pvar, tmp);
466 goto error;
467 }
468
469 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471 "Blowfish decrypt error(2)");
472 notify_fatal_error(pvar, pvar->ts->UIMsg);
473 goto error;
474
475 } else {
476 memcpy(buf, newbuf, bytes);
477
478 }
479
480 error:
481 free(newbuf);
482 }
483
484
485
486 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
487 int bytes)
488 {
489 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
490
491 DES_ncbc_encrypt(buf, buf, bytes,
492 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
493 DES_ncbc_encrypt(buf, buf, bytes,
494 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
495 DES_ncbc_encrypt(buf, buf, bytes,
496 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
497 }
498
499 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
500 int bytes)
501 {
502 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
503
504 DES_ncbc_encrypt(buf, buf, bytes,
505 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
506 DES_ncbc_encrypt(buf, buf, bytes,
507 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
508 DES_ncbc_encrypt(buf, buf, bytes,
509 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
510 }
511
512 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
513 int bytes)
514 {
515 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
516
517 DES_ncbc_encrypt(buf, buf, bytes,
518 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
519 }
520
521 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
522 int bytes)
523 {
524 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
525
526 DES_ncbc_encrypt(buf, buf, bytes,
527 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
528 }
529
530 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531 int bytes)
532 {
533 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
534 int num = 0;
535
536 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
537 encryptstate->ivec, &num, IDEA_ENCRYPT);
538 }
539
540 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
541 int bytes)
542 {
543 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
544 int num = 0;
545
546 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
547 decryptstate->ivec, &num, IDEA_DECRYPT);
548 }
549
550 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
551 {
552 uint32 FAR *buf = (uint32 FAR *) cbuf;
553 int count = bytes / 4;
554
555 while (count > 0) {
556 uint32 w = *buf;
557
558 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
559 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
560 count--;
561 buf++;
562 }
563 }
564
565 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
566 int bytes)
567 {
568 CipherBlowfishState FAR *encryptstate =
569 &pvar->crypt_state.enc.cBlowfish;
570
571 flip_endianness(buf, bytes);
572 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
573 BF_ENCRYPT);
574 flip_endianness(buf, bytes);
575 }
576
577 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
578 int bytes)
579 {
580 CipherBlowfishState FAR *decryptstate =
581 &pvar->crypt_state.dec.cBlowfish;
582
583 flip_endianness(buf, bytes);
584 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
585 BF_DECRYPT);
586 flip_endianness(buf, bytes);
587 }
588
589 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
590 int bytes)
591 {
592 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
593 int num = 0;
594
595 RC4(&encryptstate->k, bytes, buf, buf);
596 }
597
598 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
599 int bytes)
600 {
601 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
602 int num = 0;
603
604 RC4(&decryptstate->k, bytes, buf, buf);
605 }
606
607 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
608 int bytes)
609 {
610 RAND_bytes(buf, bytes);
611 }
612
613 void CRYPT_initialize_random_numbers(PTInstVar pvar)
614 {
615 RAND_screen();
616 }
617
618 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
619 {
620 int bits = get_ushort16_MSBfirst(bytes);
621
622 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
623 }
624
625 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
626 RSA FAR *make_key(PTInstVar pvar,
627 int bits, unsigned char FAR * exp,
628 unsigned char FAR * mod)
629 {
630 RSA FAR *key = RSA_new();
631
632 if (key != NULL) {
633 key->e = get_bignum(exp);
634 key->n = get_bignum(mod);
635 }
636
637 if (key == NULL || key->e == NULL || key->n == NULL) {
638 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
639 "Error setting up RSA keys");
640 notify_fatal_error(pvar, pvar->ts->UIMsg);
641
642 if (key != NULL) {
643 if (key->e != NULL) {
644 BN_free(key->e);
645 }
646 if (key->n != NULL) {
647 BN_free(key->n);
648 }
649 RSA_free(key);
650 }
651
652 return NULL;
653 } else {
654 return key;
655 }
656 }
657
658 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
659 {
660 if (SSHv1(pvar)) {
661 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
662 } else {
663 memcpy(pvar->crypt_state.server_cookie, cookie,
664 SSH2_COOKIE_LENGTH);
665 }
666 }
667
668 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
669 {
670 if (SSHv2(pvar)) {
671 memcpy(pvar->crypt_state.client_cookie, cookie,
672 SSH2_COOKIE_LENGTH);
673 }
674 }
675
676 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
677 int bits, unsigned char FAR * exp,
678 unsigned char FAR * mod)
679 {
680 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
681
682 return pvar->crypt_state.server_key.RSA_key != NULL;
683 }
684
685 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
686 int bits, unsigned char FAR * exp,
687 unsigned char FAR * mod)
688 {
689 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
690
691 return pvar->crypt_state.host_key.RSA_key != NULL;
692 }
693
694 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
695 int receiver_ciphers)
696 {
697 int cipher_mask;
698
699 if (SSHv1(pvar)) {
700 cipher_mask = (1 << SSH_CIPHER_DES)
701 | (1 << SSH_CIPHER_3DES)
702 | (1 << SSH_CIPHER_BLOWFISH);
703
704 } else { // for SSH2(yutaka)
705 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
706 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
707 | (1 << SSH2_CIPHER_AES128_CBC)
708 | (1 << SSH2_CIPHER_AES192_CBC)
709 | (1 << SSH2_CIPHER_AES256_CBC)
710 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
711 | (1 << SSH2_CIPHER_AES128_CTR)
712 | (1 << SSH2_CIPHER_AES192_CTR)
713 | (1 << SSH2_CIPHER_AES256_CTR);
714 }
715
716 sender_ciphers &= cipher_mask;
717 receiver_ciphers &= cipher_mask;
718 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
719 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
720
721 if (sender_ciphers == 0) {
722 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
723 "The server does not support any of the TTSSH encryption algorithms.\n"
724 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
725 "The connection will be closed.");
726 notify_fatal_error(pvar, pvar->ts->UIMsg);
727 return FALSE;
728 } else if (receiver_ciphers == 0) {
729 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
730 "The server does not support any of the TTSSH encryption algorithms.\n"
731 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
732 "The connection will be closed.");
733 notify_fatal_error(pvar, pvar->ts->UIMsg);
734 return FALSE;
735 } else {
736 return TRUE;
737 }
738 }
739
740 int CRYPT_get_decryption_block_size(PTInstVar pvar)
741 {
742 if (SSHv1(pvar)) {
743 return 8;
744 } else {
745 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
746 // cf. 3DES=8, AES128=16
747 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
748 }
749 }
750
751 int CRYPT_get_encryption_block_size(PTInstVar pvar)
752 {
753 if (SSHv1(pvar)) {
754 return 8;
755 } else {
756 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
757 // cf. 3DES=8, AES128=16
758 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
759 }
760 }
761
762 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
763 {
764 struct Mac *mac;
765
766 if (SSHv1(pvar)) {
767 return 0;
768
769 } else { // for SSH2(yutaka)
770 mac = &pvar->ssh2_keys[MODE_IN].mac;
771 if (mac == NULL || mac->enabled == 0)
772 return 0;
773
774 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
775 }
776
777 }
778
779 // HMAC������
780 // ���{������ SSH2 �������g�p�������B
781 // (2004.12.17 yutaka)
782 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
783 char FAR * data, int len, char FAR * MAC)
784 {
785 HMAC_CTX c;
786 unsigned char m[EVP_MAX_MD_SIZE];
787 unsigned char b[4];
788 struct Mac *mac;
789
790 mac = &pvar->ssh2_keys[MODE_IN].mac;
791
792 // HMAC�������L���������������A����OK�����������B
793 if (mac == NULL || mac->enabled == 0)
794 return TRUE;
795
796 if (mac->key == NULL)
797 goto error;
798
799 if ((u_int)mac->mac_len > sizeof(m))
800 goto error;
801
802 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
803 set_uint32_MSBfirst(b, sequence_number);
804 HMAC_Update(&c, b, sizeof(b));
805 HMAC_Update(&c, data, len);
806 HMAC_Final(&c, m, NULL);
807 HMAC_cleanup(&c);
808
809 if (memcmp(m, MAC, mac->mac_len)) {
810 goto error;
811 }
812
813 return TRUE;
814
815 error:
816 return FALSE;
817 }
818
819 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
820 {
821 struct Mac *mac;
822
823 if (SSHv2(pvar)) { // for SSH2(yutaka)
824 mac = &pvar->ssh2_keys[MODE_OUT].mac;
825 if (mac == NULL || mac->enabled == 0)
826 return 0;
827
828 return (mac->mac_len);
829 }
830
831 return 0;
832 }
833
834 // for SSH2
835 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
836 char FAR * data, int len, char FAR * MAC)
837 {
838 HMAC_CTX c;
839 static u_char m[EVP_MAX_MD_SIZE];
840 u_char b[4];
841 struct Mac *mac;
842
843 if (SSHv2(pvar)) { // for SSH2(yutaka)
844 mac = &pvar->ssh2_keys[MODE_OUT].mac;
845 if (mac == NULL || mac->enabled == 0)
846 return FALSE;
847
848 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
849 set_uint32_MSBfirst(b, sequence_number);
850 HMAC_Update(&c, b, sizeof(b));
851 HMAC_Update(&c, data, len);
852 HMAC_Final(&c, m, NULL);
853 HMAC_cleanup(&c);
854
855 // 20�o�C�g�������R�s�[
856 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
857 // memcpy(MAC, m, sizeof(m));
858
859 return TRUE;
860 }
861
862 return TRUE;
863
864 }
865
866 static int choose_cipher(PTInstVar pvar, int supported)
867 {
868 int i;
869
870 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
871 int cipher = pvar->session_settings.CipherOrder[i] - '0';
872
873 if (cipher == SSH_CIPHER_NONE) {
874 break;
875 } else if ((supported & (1 << cipher)) != 0) {
876 return cipher;
877 }
878 }
879
880 return SSH_CIPHER_NONE;
881 }
882
883 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
884 {
885 if (SSHv1(pvar)) {
886 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
887 pvar->crypt_state.
888 supported_sender_ciphers);
889 pvar->crypt_state.receiver_cipher =
890 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
891
892 } else { // SSH2(yutaka)
893 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
894 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
895
896 }
897
898 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
899 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
900 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
901 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
902 "To communicate with this server, you will have to enable some more ciphers\n"
903 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
904 "This connection will now close.");
905 notify_fatal_error(pvar, pvar->ts->UIMsg);
906 return FALSE;
907 } else {
908 return TRUE;
909 }
910 }
911
912 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
913 {
914 int server_key_bits =
915 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
916 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
917 int server_key_bytes = (server_key_bits + 7) / 8;
918 int host_key_bytes = (host_key_bits + 7) / 8;
919
920 if (server_key_bits < host_key_bits) {
921 return host_key_bytes;
922 } else {
923 return server_key_bytes;
924 }
925 }
926
927 int CRYPT_choose_session_key(PTInstVar pvar,
928 unsigned char FAR * encrypted_key_buf)
929 {
930 int server_key_bits =
931 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
932 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
933 int server_key_bytes = (server_key_bits + 7) / 8;
934 int host_key_bytes = (host_key_bits + 7) / 8;
935 int encrypted_key_bytes;
936 int bit_delta;
937
938 if (server_key_bits < host_key_bits) {
939 encrypted_key_bytes = host_key_bytes;
940 bit_delta = host_key_bits - server_key_bits;
941 } else {
942 encrypted_key_bytes = server_key_bytes;
943 bit_delta = server_key_bits - host_key_bits;
944 }
945
946 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
947 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
948 "Server RSA keys are too weak. A secure connection cannot be established.");
949 notify_fatal_error(pvar, pvar->ts->UIMsg);
950 return 0;
951 } else {
952 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
953 for the session ID, rather than the one specified in the RFC */
954 int session_buf_len = server_key_bytes + host_key_bytes + 8;
955 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
956 char session_id[16];
957 int i;
958
959 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
960 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
961 session_buf + host_key_bytes);
962 memcpy(session_buf + server_key_bytes + host_key_bytes,
963 pvar->crypt_state.server_cookie, 8);
964 MD5(session_buf, session_buf_len, session_id);
965
966 free(session_buf);
967
968 RAND_bytes(pvar->crypt_state.sender_cipher_key,
969 SSH_SESSION_KEY_LENGTH);
970 memcpy(pvar->crypt_state.receiver_cipher_key,
971 pvar->crypt_state.sender_cipher_key,
972 SSH_SESSION_KEY_LENGTH);
973
974 memcpy(encrypted_key_buf + encrypted_key_bytes -
975 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
976 SSH_SESSION_KEY_LENGTH);
977 for (i = 0; i < sizeof(session_id); i++) {
978 encrypted_key_buf[encrypted_key_bytes -
979 SSH_SESSION_KEY_LENGTH + i]
980 ^= session_id[i];
981 }
982
983 if (host_key_bits > server_key_bits) {
984 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
985 encrypted_key_buf +
986 encrypted_key_bytes -
987 SSH_SESSION_KEY_LENGTH,
988 encrypted_key_buf +
989 encrypted_key_bytes - server_key_bytes,
990 pvar->crypt_state.server_key.RSA_key,
991 RSA_PKCS1_PADDING) < 0)
992 return 0;
993
994 if (RSA_public_encrypt(server_key_bytes,
995 encrypted_key_buf +
996 encrypted_key_bytes - server_key_bytes,
997 encrypted_key_buf,
998 pvar->crypt_state.host_key.RSA_key,
999 RSA_PKCS1_PADDING) < 0)
1000 return 0;
1001 } else {
1002 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1003 encrypted_key_buf +
1004 encrypted_key_bytes -
1005 SSH_SESSION_KEY_LENGTH,
1006 encrypted_key_buf +
1007 encrypted_key_bytes - host_key_bytes,
1008 pvar->crypt_state.host_key.RSA_key,
1009 RSA_PKCS1_PADDING) < 0)
1010 return 0;
1011
1012 if (RSA_public_encrypt(host_key_bytes,
1013 encrypted_key_buf +
1014 encrypted_key_bytes - host_key_bytes,
1015 encrypted_key_buf,
1016 pvar->crypt_state.server_key.RSA_key,
1017 RSA_PKCS1_PADDING) < 0)
1018 return 0;
1019 }
1020 }
1021
1022 return 1;
1023 }
1024
1025 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1026 unsigned char FAR * challenge,
1027 int challenge_len,
1028 unsigned char FAR * response)
1029 {
1030 int server_key_bits =
1031 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1032 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1033 int server_key_bytes = (server_key_bits + 7) / 8;
1034 int host_key_bytes = (host_key_bits + 7) / 8;
1035 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1036 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1037 char decrypted_challenge[48];
1038 int decrypted_challenge_len;
1039
1040 decrypted_challenge_len =
1041 RSA_private_decrypt(challenge_len, challenge, challenge,
1042 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1043 RSA_PKCS1_PADDING);
1044 if (decrypted_challenge_len < 0) {
1045 free(session_buf);
1046 return 0;
1047 }
1048 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1049 memcpy(decrypted_challenge,
1050 challenge + decrypted_challenge_len -
1051 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1052 } else {
1053 memset(decrypted_challenge, 0,
1054 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1055 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1056 decrypted_challenge_len, challenge,
1057 decrypted_challenge_len);
1058 }
1059
1060 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1061 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1062 session_buf + host_key_bytes);
1063 memcpy(session_buf + server_key_bytes + host_key_bytes,
1064 pvar->crypt_state.server_cookie, 8);
1065 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1066
1067 free(session_buf);
1068
1069 MD5(decrypted_challenge, 48, response);
1070
1071 return 1;
1072 }
1073
1074 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1075 {
1076 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1077 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1078 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1079 memset(state->ivec1, 0, 8);
1080 memset(state->ivec2, 0, 8);
1081 memset(state->ivec3, 0, 8);
1082 }
1083
1084 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1085 {
1086 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1087 memset(state->ivec, 0, 8);
1088 }
1089
1090 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1091 {
1092 idea_set_encrypt_key(session_key, &state->k);
1093 memset(state->ivec, 0, 8);
1094 }
1095
1096 static void cBlowfish_init(char FAR * session_key,
1097 CipherBlowfishState FAR * state)
1098 {
1099 BF_set_key(&state->k, 32, session_key);
1100 memset(state->ivec, 0, 8);
1101 }
1102
1103
1104 //
1105 // SSH2�p�A���S���Y����������
1106 //
1107 // for SSH2(yutaka)
1108 //
1109 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1110 const u_char *key, u_int keylen,
1111 const u_char *iv, u_int ivlen,
1112 int encrypt,
1113 const EVP_CIPHER *type,
1114 PTInstVar pvar)
1115 {
1116 int klen;
1117 char tmp[80];
1118
1119 EVP_CIPHER_CTX_init(evp);
1120 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1121 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1122 "Cipher initialize error(%d)");
1123 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1124 notify_fatal_error(pvar, tmp);
1125 return;
1126 }
1127
1128 klen = EVP_CIPHER_CTX_key_length(evp);
1129 if (klen > 0 && keylen != klen) {
1130 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1131 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1132 "Cipher initialize error(%d)");
1133 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1134 notify_fatal_error(pvar, tmp);
1135 return;
1136 }
1137 }
1138 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1139 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1140 "Cipher initialize error(%d)");
1141 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1142 notify_fatal_error(pvar, tmp);
1143 return;
1144 }
1145 }
1146
1147
1148 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1149 {
1150 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1151 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1152 BOOL isOK = TRUE;
1153
1154 if (sender_flag) {
1155 switch (pvar->crypt_state.sender_cipher) {
1156 // for SSH2(yutaka)
1157 case SSH2_CIPHER_3DES_CBC:
1158 {
1159 struct Enc *enc;
1160
1161 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1162 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1163 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1164 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1165 CIPHER_ENCRYPT,
1166 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1167 pvar);
1168
1169 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1170 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1171
1172 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1173 break;
1174 }
1175
1176 // for SSH2(yutaka)
1177 case SSH2_CIPHER_AES128_CBC:
1178 case SSH2_CIPHER_AES192_CBC:
1179 case SSH2_CIPHER_AES256_CBC:
1180 case SSH2_CIPHER_AES128_CTR:
1181 case SSH2_CIPHER_AES192_CTR:
1182 case SSH2_CIPHER_AES256_CTR:
1183 {
1184 struct Enc *enc;
1185
1186 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1187 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1188 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1189 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1190 CIPHER_ENCRYPT,
1191 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1192 pvar);
1193
1194 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1195 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1196
1197 pvar->crypt_state.encrypt = cAES128_encrypt;
1198 break;
1199 }
1200
1201 case SSH2_CIPHER_BLOWFISH_CBC:
1202 {
1203 struct Enc *enc;
1204
1205 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1206 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1207 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1208 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1209 CIPHER_ENCRYPT,
1210 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1211 pvar);
1212
1213 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1214 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1215
1216 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1217 break;
1218 }
1219
1220 case SSH_CIPHER_3DES:{
1221 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1222 pvar->crypt_state.encrypt = c3DES_encrypt;
1223 break;
1224 }
1225 case SSH_CIPHER_IDEA:{
1226 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1227 pvar->crypt_state.encrypt = cIDEA_encrypt;
1228 break;
1229 }
1230 case SSH_CIPHER_DES:{
1231 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1232 pvar->crypt_state.encrypt = cDES_encrypt;
1233 break;
1234 }
1235 case SSH_CIPHER_RC4:{
1236 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1237 encryption_key + 16);
1238 pvar->crypt_state.encrypt = cRC4_encrypt;
1239 break;
1240 }
1241 case SSH_CIPHER_BLOWFISH:{
1242 cBlowfish_init(encryption_key,
1243 &pvar->crypt_state.enc.cBlowfish);
1244 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1245 break;
1246 }
1247 default:
1248 isOK = FALSE;
1249 }
1250 }
1251
1252
1253 if (receiver_flag) {
1254 switch (pvar->crypt_state.receiver_cipher) {
1255 // for SSH2(yutaka)
1256 case SSH2_CIPHER_3DES_CBC:
1257 {
1258 struct Enc *enc;
1259
1260 enc = &pvar->ssh2_keys[MODE_IN].enc;
1261 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1262 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1263 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1264 CIPHER_DECRYPT,
1265 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1266 pvar);
1267
1268 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1269 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1270
1271 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1272 break;
1273 }
1274
1275 // for SSH2(yutaka)
1276 case SSH2_CIPHER_AES128_CBC:
1277 case SSH2_CIPHER_AES192_CBC:
1278 case SSH2_CIPHER_AES256_CBC:
1279 case SSH2_CIPHER_AES128_CTR:
1280 case SSH2_CIPHER_AES192_CTR:
1281 case SSH2_CIPHER_AES256_CTR:
1282 {
1283 struct Enc *enc;
1284
1285 enc = &pvar->ssh2_keys[MODE_IN].enc;
1286 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1287 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1288 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1289 CIPHER_DECRYPT,
1290 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1291 pvar);
1292
1293 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1294 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1295
1296 pvar->crypt_state.decrypt = cAES128_decrypt;
1297 break;
1298 }
1299
1300 case SSH2_CIPHER_BLOWFISH_CBC:
1301 {
1302 struct Enc *enc;
1303
1304 enc = &pvar->ssh2_keys[MODE_IN].enc;
1305 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1306 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1307 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1308 CIPHER_DECRYPT,
1309 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1310 pvar);
1311
1312 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1313 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1314
1315 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1316 break;
1317 }
1318
1319 case SSH_CIPHER_3DES:{
1320 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1321 pvar->crypt_state.decrypt = c3DES_decrypt;
1322 break;
1323 }
1324 case SSH_CIPHER_IDEA:{
1325 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1326 pvar->crypt_state.decrypt = cIDEA_decrypt;
1327 break;
1328 }
1329 case SSH_CIPHER_DES:{
1330 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1331 pvar->crypt_state.decrypt = cDES_decrypt;
1332 break;
1333 }
1334 case SSH_CIPHER_RC4:{
1335 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1336 pvar->crypt_state.decrypt = cRC4_decrypt;
1337 break;
1338 }
1339 case SSH_CIPHER_BLOWFISH:{
1340 cBlowfish_init(decryption_key,
1341 &pvar->crypt_state.dec.cBlowfish);
1342 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1343 break;
1344 }
1345 default:
1346 isOK = FALSE;
1347 }
1348 }
1349
1350
1351 if (!isOK) {
1352 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1353 "No cipher selected!");
1354 notify_fatal_error(pvar, pvar->ts->UIMsg);
1355 return FALSE;
1356 } else {
1357 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1358 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1359 return TRUE;
1360 }
1361 }
1362
1363 void CRYPT_init(PTInstVar pvar)
1364 {
1365 pvar->crypt_state.encrypt = no_encrypt;
1366 pvar->crypt_state.decrypt = no_encrypt;
1367 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1368 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1369 pvar->crypt_state.server_key.RSA_key = NULL;
1370 pvar->crypt_state.host_key.RSA_key = NULL;
1371
1372 pvar->crypt_state.detect_attack_statics.h = NULL;
1373 pvar->crypt_state.detect_attack_statics.n =
1374 HASH_MINSIZE / HASH_ENTRYSIZE;
1375 }
1376
1377 static char FAR *get_cipher_name(int cipher)
1378 {
1379 switch (cipher) {
1380 case SSH_CIPHER_NONE:
1381 return "None";
1382 case SSH_CIPHER_3DES:
1383 return "3DES (168 key bits)";
1384 case SSH_CIPHER_DES:
1385 return "DES (56 key bits)";
1386 case SSH_CIPHER_IDEA:
1387 return "IDEA (128 key bits)";
1388 case SSH_CIPHER_RC4:
1389 return "RC4 (128 key bits)";
1390 case SSH_CIPHER_BLOWFISH:
1391 return "Blowfish (256 key bits)";
1392
1393 // SSH2
1394 case SSH2_CIPHER_3DES_CBC:
1395 return "3DES-CBC";
1396 case SSH2_CIPHER_AES128_CBC:
1397 return "AES128-CBC";
1398 case SSH2_CIPHER_AES192_CBC:
1399 return "AES192-CBC";
1400 case SSH2_CIPHER_AES256_CBC:
1401 return "AES256-CBC";
1402 case SSH2_CIPHER_BLOWFISH_CBC:
1403 return "Blowfish-CBC";
1404 case SSH2_CIPHER_AES128_CTR:
1405 return "AES128-CTR";
1406 case SSH2_CIPHER_AES192_CTR:
1407 return "AES192-CTR";
1408 case SSH2_CIPHER_AES256_CTR:
1409 return "AES256-CTR";
1410
1411 default:
1412 return "Unknown";
1413 }
1414 }
1415
1416 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1417 {
1418 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1419 "%s to server, %s from server");
1420 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1421 get_cipher_name(pvar->crypt_state.sender_cipher),
1422 get_cipher_name(pvar->crypt_state.receiver_cipher));
1423 }
1424
1425 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1426 {
1427 if (SSHv1(pvar)) {
1428 if (pvar->crypt_state.server_key.RSA_key == NULL
1429 || pvar->crypt_state.host_key.RSA_key == NULL) {
1430 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1431 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1432 } else {
1433 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1434 "%d-bit server key, %d-bit host key");
1435 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1436 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1437 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1438 }
1439 } else { // SSH2
1440 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1441 "%d-bit server key, %d-bit host key");
1442 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1443 pvar->server_key_bits,
1444 pvar->client_key_bits);
1445 }
1446 }
1447
1448 static void destroy_public_key(CRYPTPublicKey FAR * key)
1449 {
1450 if (key->RSA_key != NULL) {
1451 RSA_free(key->RSA_key);
1452 key->RSA_key = NULL;
1453 }
1454 }
1455
1456 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1457 {
1458 destroy_public_key(key);
1459 free(key);
1460 }
1461
1462 void CRYPT_end(PTInstVar pvar)
1463 {
1464 destroy_public_key(&pvar->crypt_state.host_key);
1465 destroy_public_key(&pvar->crypt_state.server_key);
1466
1467 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1468 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1469 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1470 free(pvar->crypt_state.detect_attack_statics.h);
1471 }
1472
1473 memset(pvar->crypt_state.sender_cipher_key, 0,
1474 sizeof(pvar->crypt_state.sender_cipher_key));
1475 memset(pvar->crypt_state.receiver_cipher_key, 0,
1476 sizeof(pvar->crypt_state.receiver_cipher_key));
1477 memset(pvar->crypt_state.server_cookie, 0,
1478 sizeof(pvar->crypt_state.server_cookie));
1479 memset(pvar->crypt_state.client_cookie, 0,
1480 sizeof(pvar->crypt_state.client_cookie));
1481 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1482 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1483 }
1484
1485 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1486 char FAR * buf, int bytes)
1487 {
1488 unsigned char passphrase_key[16];
1489
1490 MD5(passphrase, strlen(passphrase), passphrase_key);
1491
1492 switch (cipher) {
1493 case SSH_CIPHER_3DES:{
1494 Cipher3DESState state;
1495
1496 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1497 &state.k1);
1498 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1499 &state.k2);
1500 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1501 &state.k3);
1502 memset(state.ivec1, 0, 8);
1503 memset(state.ivec2, 0, 8);
1504 memset(state.ivec3, 0, 8);
1505 DES_ncbc_encrypt(buf, buf, bytes,
1506 &state.k3, &state.ivec3, DES_DECRYPT);
1507 DES_ncbc_encrypt(buf, buf, bytes,
1508 &state.k2, &state.ivec2, DES_ENCRYPT);
1509 DES_ncbc_encrypt(buf, buf, bytes,
1510 &state.k1, &state.ivec1, DES_DECRYPT);
1511 break;
1512 }
1513
1514 case SSH_CIPHER_IDEA:{
1515 CipherIDEAState state;
1516 int num = 0;
1517
1518 cIDEA_init(passphrase_key, &state);
1519 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1520 &num, IDEA_DECRYPT);
1521 break;
1522 }
1523
1524 case SSH_CIPHER_DES:{
1525 CipherDESState state;
1526
1527 cDES_init(passphrase_key, &state);
1528 DES_ncbc_encrypt(buf, buf, bytes,
1529 &state.k, &state.ivec, DES_DECRYPT);
1530 break;
1531 }
1532
1533 case SSH_CIPHER_RC4:{
1534 CipherRC4State state;
1535 int num = 0;
1536
1537 RC4_set_key(&state.k, 16, passphrase_key);
1538 RC4(&state.k, bytes, buf, buf);
1539 break;
1540 }
1541
1542 case SSH_CIPHER_BLOWFISH:{
1543 CipherBlowfishState state;
1544
1545 BF_set_key(&state.k, 16, passphrase_key);
1546 memset(state.ivec, 0, 8);
1547 flip_endianness(buf, bytes);
1548 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1549 BF_DECRYPT);
1550 flip_endianness(buf, bytes);
1551 break;
1552 }
1553
1554 case SSH_CIPHER_NONE:
1555 break;
1556
1557 default:
1558 memset(passphrase_key, 0, sizeof(passphrase_key));
1559 return 0;
1560 }
1561
1562 memset(passphrase_key, 0, sizeof(passphrase_key));
1563 return 1;
1564 }
1565
1566 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1567 {
1568 if (key_pair->RSA_key != NULL)
1569 RSA_free(key_pair->RSA_key);
1570
1571 if (key_pair->DSA_key != NULL)
1572 DSA_free(key_pair->DSA_key);
1573
1574 free(key_pair);
1575 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help