Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3168 - (show annotations) (download) (as text)
Fri Nov 21 18:54:22 2008 UTC (15 years, 4 months ago) by doda
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 49047 byte(s) 
SSH2 の共通鍵暗号として Arcfour をサポート (yasuhide) [Ttssh2-devel 1250]
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.25 2008-11-21 18:54:22 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226 if (bytes == 0)
227 goto error;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128/192/256 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128/192/256 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 unsigned char *newbuf = malloc(bytes);
270 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271
272 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
273 if (bytes == 0)
274 goto error;
275
276 if (newbuf == NULL)
277 return;
278
279 if (bytes % block_size) {
280 char tmp[80];
281 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 "AES128/192/256 decrypt error(1): bytes %d (%d)");
283 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 notify_fatal_error(pvar, tmp);
285 goto error;
286 }
287
288 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128/192/256 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 goto error;
293
294 } else {
295 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 unsigned char *newbuf = malloc(bytes);
319 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320
321 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
322 if (bytes == 0)
323 goto error;
324
325 if (newbuf == NULL)
326 return;
327
328 if (bytes % block_size) {
329 char tmp[80];
330 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331 "3DES-CBC encrypt error(1): bytes %d (%d)");
332 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333 pvar->ts->UIMsg, bytes, block_size);
334 notify_fatal_error(pvar, tmp);
335 goto error;
336 }
337
338 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340 "3DES-CBC encrypt error(2)");
341 notify_fatal_error(pvar, pvar->ts->UIMsg);
342 goto error;
343
344 } else {
345 //unsigned char key[24], iv[8];
346 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
348 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349
350 //debug_print(50, key, 24);
351 //debug_print(51, iv, 8);
352 //debug_print(52, buf, bytes);
353 //debug_print(53, newbuf, bytes);
354
355 memcpy(buf, newbuf, bytes);
356 }
357
358 error:
359 free(newbuf);
360 }
361
362 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367
368 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369 if (bytes == 0)
370 goto error;
371
372 if (newbuf == NULL)
373 return;
374
375 if (bytes % block_size) {
376 char tmp[80];
377 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378 "3DES-CBC decrypt error(1): bytes %d (%d)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380 notify_fatal_error(pvar, tmp);
381 goto error;
382 }
383
384 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386 "3DES-CBC decrypt error(2)");
387 notify_fatal_error(pvar, pvar->ts->UIMsg);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414
415 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
416 if (bytes == 0)
417 goto error;
418
419 if (newbuf == NULL)
420 return;
421
422 if (bytes % block_size) {
423 char tmp[80];
424 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425 "Blowfish encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427 pvar->ts->UIMsg, bytes, block_size);
428 notify_fatal_error(pvar, tmp);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434 "Blowfish encrypt error(2)");
435 notify_fatal_error(pvar, pvar->ts->UIMsg);
436 goto error;
437
438 } else {
439 memcpy(buf, newbuf, bytes);
440
441 }
442
443 error:
444 free(newbuf);
445 }
446
447 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448 int bytes)
449 {
450 unsigned char *newbuf = malloc(bytes);
451 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452
453 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
454 if (bytes == 0)
455 goto error;
456
457 if (newbuf == NULL)
458 return;
459
460 if (bytes % block_size) {
461 char tmp[80];
462 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463 "Blowfish decrypt error(1): bytes %d (%d)");
464 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465 notify_fatal_error(pvar, tmp);
466 goto error;
467 }
468
469 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471 "Blowfish decrypt error(2)");
472 notify_fatal_error(pvar, pvar->ts->UIMsg);
473 goto error;
474
475 } else {
476 memcpy(buf, newbuf, bytes);
477
478 }
479
480 error:
481 free(newbuf);
482 }
483
484 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
485 int bytes)
486 {
487 unsigned char *newbuf = malloc(bytes);
488 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
489
490 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
491 if (bytes == 0)
492 goto error;
493
494 if (newbuf == NULL)
495 return;
496
497 if (bytes % block_size) {
498 char tmp[80];
499 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR1", pvar,
500 "Arcfour encrypt error(1): bytes %d (%d)");
501 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
502 pvar->ts->UIMsg, bytes, block_size);
503 notify_fatal_error(pvar, tmp);
504 goto error;
505 }
506
507 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
508 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR2", pvar,
509 "Arcfour encrypt error(2)");
510 notify_fatal_error(pvar, pvar->ts->UIMsg);
511 goto error;
512
513 } else {
514 memcpy(buf, newbuf, bytes);
515
516 }
517
518 error:
519 free(newbuf);
520 }
521
522 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
523 int bytes)
524 {
525 unsigned char *newbuf = malloc(bytes);
526 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
527
528 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
529 if (bytes == 0)
530 goto error;
531
532 if (newbuf == NULL)
533 return;
534
535 if (bytes % block_size) {
536 char tmp[80];
537 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR1", pvar,
538 "Arcfour decrypt error(1): bytes %d (%d)");
539 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
540 notify_fatal_error(pvar, tmp);
541 goto error;
542 }
543
544 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
545 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR2", pvar,
546 "Arcfour decrypt error(2)");
547 notify_fatal_error(pvar, pvar->ts->UIMsg);
548 goto error;
549
550 } else {
551 memcpy(buf, newbuf, bytes);
552
553 }
554
555 error:
556 free(newbuf);
557 }
558
559
560
561 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
562 int bytes)
563 {
564 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
565
566 DES_ncbc_encrypt(buf, buf, bytes,
567 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
568 DES_ncbc_encrypt(buf, buf, bytes,
569 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
570 DES_ncbc_encrypt(buf, buf, bytes,
571 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
572 }
573
574 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
575 int bytes)
576 {
577 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
578
579 DES_ncbc_encrypt(buf, buf, bytes,
580 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
581 DES_ncbc_encrypt(buf, buf, bytes,
582 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
583 DES_ncbc_encrypt(buf, buf, bytes,
584 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
585 }
586
587 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
588 int bytes)
589 {
590 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
591
592 DES_ncbc_encrypt(buf, buf, bytes,
593 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
594 }
595
596 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
597 int bytes)
598 {
599 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
600
601 DES_ncbc_encrypt(buf, buf, bytes,
602 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
603 }
604
605 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
606 int bytes)
607 {
608 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
609 int num = 0;
610
611 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
612 encryptstate->ivec, &num, IDEA_ENCRYPT);
613 }
614
615 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
616 int bytes)
617 {
618 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
619 int num = 0;
620
621 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
622 decryptstate->ivec, &num, IDEA_DECRYPT);
623 }
624
625 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
626 {
627 uint32 FAR *buf = (uint32 FAR *) cbuf;
628 int count = bytes / 4;
629
630 while (count > 0) {
631 uint32 w = *buf;
632
633 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
634 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
635 count--;
636 buf++;
637 }
638 }
639
640 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
641 int bytes)
642 {
643 CipherBlowfishState FAR *encryptstate =
644 &pvar->crypt_state.enc.cBlowfish;
645
646 flip_endianness(buf, bytes);
647 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
648 BF_ENCRYPT);
649 flip_endianness(buf, bytes);
650 }
651
652 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
653 int bytes)
654 {
655 CipherBlowfishState FAR *decryptstate =
656 &pvar->crypt_state.dec.cBlowfish;
657
658 flip_endianness(buf, bytes);
659 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
660 BF_DECRYPT);
661 flip_endianness(buf, bytes);
662 }
663
664 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
665 int bytes)
666 {
667 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
668 int num = 0;
669
670 RC4(&encryptstate->k, bytes, buf, buf);
671 }
672
673 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
674 int bytes)
675 {
676 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
677 int num = 0;
678
679 RC4(&decryptstate->k, bytes, buf, buf);
680 }
681
682 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
683 int bytes)
684 {
685 RAND_bytes(buf, bytes);
686 }
687
688 void CRYPT_initialize_random_numbers(PTInstVar pvar)
689 {
690 RAND_screen();
691 }
692
693 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
694 {
695 int bits = get_ushort16_MSBfirst(bytes);
696
697 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
698 }
699
700 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
701 RSA FAR *make_key(PTInstVar pvar,
702 int bits, unsigned char FAR * exp,
703 unsigned char FAR * mod)
704 {
705 RSA FAR *key = RSA_new();
706
707 if (key != NULL) {
708 key->e = get_bignum(exp);
709 key->n = get_bignum(mod);
710 }
711
712 if (key == NULL || key->e == NULL || key->n == NULL) {
713 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
714 "Error setting up RSA keys");
715 notify_fatal_error(pvar, pvar->ts->UIMsg);
716
717 if (key != NULL) {
718 if (key->e != NULL) {
719 BN_free(key->e);
720 }
721 if (key->n != NULL) {
722 BN_free(key->n);
723 }
724 RSA_free(key);
725 }
726
727 return NULL;
728 } else {
729 return key;
730 }
731 }
732
733 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
734 {
735 if (SSHv1(pvar)) {
736 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
737 } else {
738 memcpy(pvar->crypt_state.server_cookie, cookie,
739 SSH2_COOKIE_LENGTH);
740 }
741 }
742
743 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
744 {
745 if (SSHv2(pvar)) {
746 memcpy(pvar->crypt_state.client_cookie, cookie,
747 SSH2_COOKIE_LENGTH);
748 }
749 }
750
751 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
752 int bits, unsigned char FAR * exp,
753 unsigned char FAR * mod)
754 {
755 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
756
757 return pvar->crypt_state.server_key.RSA_key != NULL;
758 }
759
760 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
761 int bits, unsigned char FAR * exp,
762 unsigned char FAR * mod)
763 {
764 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
765
766 return pvar->crypt_state.host_key.RSA_key != NULL;
767 }
768
769 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
770 int receiver_ciphers)
771 {
772 int cipher_mask;
773
774 if (SSHv1(pvar)) {
775 cipher_mask = (1 << SSH_CIPHER_DES)
776 | (1 << SSH_CIPHER_3DES)
777 | (1 << SSH_CIPHER_BLOWFISH);
778
779 } else { // for SSH2(yutaka)
780 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
781 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
782 | (1 << SSH2_CIPHER_AES128_CBC)
783 | (1 << SSH2_CIPHER_AES192_CBC)
784 | (1 << SSH2_CIPHER_AES256_CBC)
785 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
786 | (1 << SSH2_CIPHER_AES128_CTR)
787 | (1 << SSH2_CIPHER_AES192_CTR)
788 | (1 << SSH2_CIPHER_AES256_CTR)
789 | (1 << SSH2_CIPHER_ARCFOUR);
790 }
791
792 sender_ciphers &= cipher_mask;
793 receiver_ciphers &= cipher_mask;
794 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
795 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
796
797 if (sender_ciphers == 0) {
798 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
799 "The server does not support any of the TTSSH encryption algorithms.\n"
800 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
801 "The connection will be closed.");
802 notify_fatal_error(pvar, pvar->ts->UIMsg);
803 return FALSE;
804 } else if (receiver_ciphers == 0) {
805 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
806 "The server does not support any of the TTSSH encryption algorithms.\n"
807 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
808 "The connection will be closed.");
809 notify_fatal_error(pvar, pvar->ts->UIMsg);
810 return FALSE;
811 } else {
812 return TRUE;
813 }
814 }
815
816 int CRYPT_get_decryption_block_size(PTInstVar pvar)
817 {
818 if (SSHv1(pvar)) {
819 return 8;
820 } else {
821 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
822 // cf. 3DES=8, AES128=16
823 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
824 }
825 }
826
827 int CRYPT_get_encryption_block_size(PTInstVar pvar)
828 {
829 if (SSHv1(pvar)) {
830 return 8;
831 } else {
832 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
833 // cf. 3DES=8, AES128=16
834 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
835 }
836 }
837
838 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
839 {
840 struct Mac *mac;
841
842 if (SSHv1(pvar)) {
843 return 0;
844
845 } else { // for SSH2(yutaka)
846 mac = &pvar->ssh2_keys[MODE_IN].mac;
847 if (mac == NULL || mac->enabled == 0)
848 return 0;
849
850 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
851 }
852
853 }
854
855 // HMAC������
856 // ���{������ SSH2 �������g�p�������B
857 // (2004.12.17 yutaka)
858 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
859 char FAR * data, int len, char FAR * MAC)
860 {
861 HMAC_CTX c;
862 unsigned char m[EVP_MAX_MD_SIZE];
863 unsigned char b[4];
864 struct Mac *mac;
865
866 mac = &pvar->ssh2_keys[MODE_IN].mac;
867
868 // HMAC�������L���������������A����OK�����������B
869 if (mac == NULL || mac->enabled == 0)
870 return TRUE;
871
872 if (mac->key == NULL)
873 goto error;
874
875 if ((u_int)mac->mac_len > sizeof(m))
876 goto error;
877
878 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
879 set_uint32_MSBfirst(b, sequence_number);
880 HMAC_Update(&c, b, sizeof(b));
881 HMAC_Update(&c, data, len);
882 HMAC_Final(&c, m, NULL);
883 HMAC_cleanup(&c);
884
885 if (memcmp(m, MAC, mac->mac_len)) {
886 goto error;
887 }
888
889 return TRUE;
890
891 error:
892 return FALSE;
893 }
894
895 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
896 {
897 struct Mac *mac;
898
899 if (SSHv2(pvar)) { // for SSH2(yutaka)
900 mac = &pvar->ssh2_keys[MODE_OUT].mac;
901 if (mac == NULL || mac->enabled == 0)
902 return 0;
903
904 return (mac->mac_len);
905 }
906
907 return 0;
908 }
909
910 // for SSH2
911 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
912 char FAR * data, int len, char FAR * MAC)
913 {
914 HMAC_CTX c;
915 static u_char m[EVP_MAX_MD_SIZE];
916 u_char b[4];
917 struct Mac *mac;
918
919 if (SSHv2(pvar)) { // for SSH2(yutaka)
920 mac = &pvar->ssh2_keys[MODE_OUT].mac;
921 if (mac == NULL || mac->enabled == 0)
922 return FALSE;
923
924 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
925 set_uint32_MSBfirst(b, sequence_number);
926 HMAC_Update(&c, b, sizeof(b));
927 HMAC_Update(&c, data, len);
928 HMAC_Final(&c, m, NULL);
929 HMAC_cleanup(&c);
930
931 // 20�o�C�g�������R�s�[
932 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
933 // memcpy(MAC, m, sizeof(m));
934
935 return TRUE;
936 }
937
938 return TRUE;
939
940 }
941
942 static int choose_cipher(PTInstVar pvar, int supported)
943 {
944 int i;
945
946 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
947 int cipher = pvar->session_settings.CipherOrder[i] - '0';
948
949 if (cipher == SSH_CIPHER_NONE) {
950 break;
951 } else if ((supported & (1 << cipher)) != 0) {
952 return cipher;
953 }
954 }
955
956 return SSH_CIPHER_NONE;
957 }
958
959 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
960 {
961 if (SSHv1(pvar)) {
962 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
963 pvar->crypt_state.
964 supported_sender_ciphers);
965 pvar->crypt_state.receiver_cipher =
966 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
967
968 } else { // SSH2(yutaka)
969 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
970 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
971
972 }
973
974 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
975 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
976 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
977 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
978 "To communicate with this server, you will have to enable some more ciphers\n"
979 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
980 "This connection will now close.");
981 notify_fatal_error(pvar, pvar->ts->UIMsg);
982 return FALSE;
983 } else {
984 return TRUE;
985 }
986 }
987
988 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
989 {
990 int server_key_bits =
991 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
992 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
993 int server_key_bytes = (server_key_bits + 7) / 8;
994 int host_key_bytes = (host_key_bits + 7) / 8;
995
996 if (server_key_bits < host_key_bits) {
997 return host_key_bytes;
998 } else {
999 return server_key_bytes;
1000 }
1001 }
1002
1003 int CRYPT_choose_session_key(PTInstVar pvar,
1004 unsigned char FAR * encrypted_key_buf)
1005 {
1006 int server_key_bits =
1007 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1008 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1009 int server_key_bytes = (server_key_bits + 7) / 8;
1010 int host_key_bytes = (host_key_bits + 7) / 8;
1011 int encrypted_key_bytes;
1012 int bit_delta;
1013
1014 if (server_key_bits < host_key_bits) {
1015 encrypted_key_bytes = host_key_bytes;
1016 bit_delta = host_key_bits - server_key_bits;
1017 } else {
1018 encrypted_key_bytes = server_key_bytes;
1019 bit_delta = server_key_bits - host_key_bits;
1020 }
1021
1022 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1023 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1024 "Server RSA keys are too weak. A secure connection cannot be established.");
1025 notify_fatal_error(pvar, pvar->ts->UIMsg);
1026 return 0;
1027 } else {
1028 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1029 for the session ID, rather than the one specified in the RFC */
1030 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1031 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1032 char session_id[16];
1033 int i;
1034
1035 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1036 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1037 session_buf + host_key_bytes);
1038 memcpy(session_buf + server_key_bytes + host_key_bytes,
1039 pvar->crypt_state.server_cookie, 8);
1040 MD5(session_buf, session_buf_len, session_id);
1041
1042 free(session_buf);
1043
1044 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1045 SSH_SESSION_KEY_LENGTH);
1046 memcpy(pvar->crypt_state.receiver_cipher_key,
1047 pvar->crypt_state.sender_cipher_key,
1048 SSH_SESSION_KEY_LENGTH);
1049
1050 memcpy(encrypted_key_buf + encrypted_key_bytes -
1051 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1052 SSH_SESSION_KEY_LENGTH);
1053 for (i = 0; i < sizeof(session_id); i++) {
1054 encrypted_key_buf[encrypted_key_bytes -
1055 SSH_SESSION_KEY_LENGTH + i]
1056 ^= session_id[i];
1057 }
1058
1059 if (host_key_bits > server_key_bits) {
1060 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1061 encrypted_key_buf +
1062 encrypted_key_bytes -
1063 SSH_SESSION_KEY_LENGTH,
1064 encrypted_key_buf +
1065 encrypted_key_bytes - server_key_bytes,
1066 pvar->crypt_state.server_key.RSA_key,
1067 RSA_PKCS1_PADDING) < 0)
1068 return 0;
1069
1070 if (RSA_public_encrypt(server_key_bytes,
1071 encrypted_key_buf +
1072 encrypted_key_bytes - server_key_bytes,
1073 encrypted_key_buf,
1074 pvar->crypt_state.host_key.RSA_key,
1075 RSA_PKCS1_PADDING) < 0)
1076 return 0;
1077 } else {
1078 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1079 encrypted_key_buf +
1080 encrypted_key_bytes -
1081 SSH_SESSION_KEY_LENGTH,
1082 encrypted_key_buf +
1083 encrypted_key_bytes - host_key_bytes,
1084 pvar->crypt_state.host_key.RSA_key,
1085 RSA_PKCS1_PADDING) < 0)
1086 return 0;
1087
1088 if (RSA_public_encrypt(host_key_bytes,
1089 encrypted_key_buf +
1090 encrypted_key_bytes - host_key_bytes,
1091 encrypted_key_buf,
1092 pvar->crypt_state.server_key.RSA_key,
1093 RSA_PKCS1_PADDING) < 0)
1094 return 0;
1095 }
1096 }
1097
1098 return 1;
1099 }
1100
1101 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1102 unsigned char FAR * challenge,
1103 int challenge_len,
1104 unsigned char FAR * response)
1105 {
1106 int server_key_bits =
1107 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1108 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1109 int server_key_bytes = (server_key_bits + 7) / 8;
1110 int host_key_bytes = (host_key_bits + 7) / 8;
1111 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1112 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1113 char decrypted_challenge[48];
1114 int decrypted_challenge_len;
1115
1116 decrypted_challenge_len =
1117 RSA_private_decrypt(challenge_len, challenge, challenge,
1118 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1119 RSA_PKCS1_PADDING);
1120 if (decrypted_challenge_len < 0) {
1121 free(session_buf);
1122 return 0;
1123 }
1124 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1125 memcpy(decrypted_challenge,
1126 challenge + decrypted_challenge_len -
1127 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1128 } else {
1129 memset(decrypted_challenge, 0,
1130 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1131 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1132 decrypted_challenge_len, challenge,
1133 decrypted_challenge_len);
1134 }
1135
1136 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1137 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1138 session_buf + host_key_bytes);
1139 memcpy(session_buf + server_key_bytes + host_key_bytes,
1140 pvar->crypt_state.server_cookie, 8);
1141 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1142
1143 free(session_buf);
1144
1145 MD5(decrypted_challenge, 48, response);
1146
1147 return 1;
1148 }
1149
1150 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1151 {
1152 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1153 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1154 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1155 memset(state->ivec1, 0, 8);
1156 memset(state->ivec2, 0, 8);
1157 memset(state->ivec3, 0, 8);
1158 }
1159
1160 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1161 {
1162 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1163 memset(state->ivec, 0, 8);
1164 }
1165
1166 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1167 {
1168 idea_set_encrypt_key(session_key, &state->k);
1169 memset(state->ivec, 0, 8);
1170 }
1171
1172 static void cBlowfish_init(char FAR * session_key,
1173 CipherBlowfishState FAR * state)
1174 {
1175 BF_set_key(&state->k, 32, session_key);
1176 memset(state->ivec, 0, 8);
1177 }
1178
1179
1180 //
1181 // SSH2�p�A���S���Y����������
1182 //
1183 // for SSH2(yutaka)
1184 //
1185 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1186 const u_char *key, u_int keylen,
1187 const u_char *iv, u_int ivlen,
1188 int encrypt,
1189 const EVP_CIPHER *type,
1190 PTInstVar pvar)
1191 {
1192 int klen;
1193 char tmp[80];
1194
1195 EVP_CIPHER_CTX_init(evp);
1196 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1197 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1198 "Cipher initialize error(%d)");
1199 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1200 notify_fatal_error(pvar, tmp);
1201 return;
1202 }
1203
1204 klen = EVP_CIPHER_CTX_key_length(evp);
1205 if (klen > 0 && keylen != klen) {
1206 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1207 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1208 "Cipher initialize error(%d)");
1209 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1210 notify_fatal_error(pvar, tmp);
1211 return;
1212 }
1213 }
1214 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1215 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1216 "Cipher initialize error(%d)");
1217 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1218 notify_fatal_error(pvar, tmp);
1219 return;
1220 }
1221 }
1222
1223
1224 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1225 {
1226 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1227 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1228 BOOL isOK = TRUE;
1229
1230 if (sender_flag) {
1231 switch (pvar->crypt_state.sender_cipher) {
1232 // for SSH2(yutaka)
1233 case SSH2_CIPHER_3DES_CBC:
1234 {
1235 struct Enc *enc;
1236
1237 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1238 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1239 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1240 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1241 CIPHER_ENCRYPT,
1242 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1243 pvar);
1244
1245 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1246 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1247
1248 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1249 break;
1250 }
1251
1252 // for SSH2(yutaka)
1253 case SSH2_CIPHER_AES128_CBC:
1254 case SSH2_CIPHER_AES192_CBC:
1255 case SSH2_CIPHER_AES256_CBC:
1256 case SSH2_CIPHER_AES128_CTR:
1257 case SSH2_CIPHER_AES192_CTR:
1258 case SSH2_CIPHER_AES256_CTR:
1259 {
1260 struct Enc *enc;
1261
1262 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1263 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1264 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1265 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1266 CIPHER_ENCRYPT,
1267 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1268 pvar);
1269
1270 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1271 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1272
1273 pvar->crypt_state.encrypt = cAES128_encrypt;
1274 break;
1275 }
1276
1277 case SSH2_CIPHER_BLOWFISH_CBC:
1278 {
1279 struct Enc *enc;
1280
1281 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1282 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1283 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1284 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1285 CIPHER_ENCRYPT,
1286 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1287 pvar);
1288
1289 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1290 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1291
1292 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1293 break;
1294 }
1295
1296 case SSH2_CIPHER_ARCFOUR:
1297 {
1298 struct Enc *enc;
1299
1300 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1301 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1302 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1303 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1304 CIPHER_ENCRYPT,
1305 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1306 pvar);
1307 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1308 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1309
1310 pvar->crypt_state.encrypt = cArcfour_encrypt;
1311 break;
1312 }
1313
1314 case SSH_CIPHER_3DES:{
1315 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1316 pvar->crypt_state.encrypt = c3DES_encrypt;
1317 break;
1318 }
1319 case SSH_CIPHER_IDEA:{
1320 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1321 pvar->crypt_state.encrypt = cIDEA_encrypt;
1322 break;
1323 }
1324 case SSH_CIPHER_DES:{
1325 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1326 pvar->crypt_state.encrypt = cDES_encrypt;
1327 break;
1328 }
1329 case SSH_CIPHER_RC4:{
1330 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1331 encryption_key + 16);
1332 pvar->crypt_state.encrypt = cRC4_encrypt;
1333 break;
1334 }
1335 case SSH_CIPHER_BLOWFISH:{
1336 cBlowfish_init(encryption_key,
1337 &pvar->crypt_state.enc.cBlowfish);
1338 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1339 break;
1340 }
1341 default:
1342 isOK = FALSE;
1343 }
1344 }
1345
1346
1347 if (receiver_flag) {
1348 switch (pvar->crypt_state.receiver_cipher) {
1349 // for SSH2(yutaka)
1350 case SSH2_CIPHER_3DES_CBC:
1351 {
1352 struct Enc *enc;
1353
1354 enc = &pvar->ssh2_keys[MODE_IN].enc;
1355 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1356 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1357 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1358 CIPHER_DECRYPT,
1359 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1360 pvar);
1361
1362 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1363 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1364
1365 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1366 break;
1367 }
1368
1369 // for SSH2(yutaka)
1370 case SSH2_CIPHER_AES128_CBC:
1371 case SSH2_CIPHER_AES192_CBC:
1372 case SSH2_CIPHER_AES256_CBC:
1373 case SSH2_CIPHER_AES128_CTR:
1374 case SSH2_CIPHER_AES192_CTR:
1375 case SSH2_CIPHER_AES256_CTR:
1376 {
1377 struct Enc *enc;
1378
1379 enc = &pvar->ssh2_keys[MODE_IN].enc;
1380 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1381 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1382 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1383 CIPHER_DECRYPT,
1384 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1385 pvar);
1386
1387 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1388 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1389
1390 pvar->crypt_state.decrypt = cAES128_decrypt;
1391 break;
1392 }
1393
1394 case SSH2_CIPHER_BLOWFISH_CBC:
1395 {
1396 struct Enc *enc;
1397
1398 enc = &pvar->ssh2_keys[MODE_IN].enc;
1399 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1400 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1401 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1402 CIPHER_DECRYPT,
1403 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1404 pvar);
1405
1406 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1407 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1408
1409 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1410 break;
1411 }
1412
1413 case SSH2_CIPHER_ARCFOUR:
1414 {
1415 struct Enc *enc;
1416
1417 enc = &pvar->ssh2_keys[MODE_IN].enc;
1418 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1419 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1420 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1421 CIPHER_DECRYPT,
1422 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1423 pvar);
1424
1425 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1426 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1427
1428 pvar->crypt_state.decrypt = cArcfour_decrypt;
1429 break;
1430 }
1431
1432 case SSH_CIPHER_3DES:{
1433 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1434 pvar->crypt_state.decrypt = c3DES_decrypt;
1435 break;
1436 }
1437 case SSH_CIPHER_IDEA:{
1438 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1439 pvar->crypt_state.decrypt = cIDEA_decrypt;
1440 break;
1441 }
1442 case SSH_CIPHER_DES:{
1443 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1444 pvar->crypt_state.decrypt = cDES_decrypt;
1445 break;
1446 }
1447 case SSH_CIPHER_RC4:{
1448 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1449 pvar->crypt_state.decrypt = cRC4_decrypt;
1450 break;
1451 }
1452 case SSH_CIPHER_BLOWFISH:{
1453 cBlowfish_init(decryption_key,
1454 &pvar->crypt_state.dec.cBlowfish);
1455 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1456 break;
1457 }
1458 default:
1459 isOK = FALSE;
1460 }
1461 }
1462
1463
1464 if (!isOK) {
1465 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1466 "No cipher selected!");
1467 notify_fatal_error(pvar, pvar->ts->UIMsg);
1468 return FALSE;
1469 } else {
1470 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1471 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1472 return TRUE;
1473 }
1474 }
1475
1476 void CRYPT_init(PTInstVar pvar)
1477 {
1478 pvar->crypt_state.encrypt = no_encrypt;
1479 pvar->crypt_state.decrypt = no_encrypt;
1480 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1481 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1482 pvar->crypt_state.server_key.RSA_key = NULL;
1483 pvar->crypt_state.host_key.RSA_key = NULL;
1484
1485 pvar->crypt_state.detect_attack_statics.h = NULL;
1486 pvar->crypt_state.detect_attack_statics.n =
1487 HASH_MINSIZE / HASH_ENTRYSIZE;
1488 }
1489
1490 static char FAR *get_cipher_name(int cipher)
1491 {
1492 switch (cipher) {
1493 case SSH_CIPHER_NONE:
1494 return "None";
1495 case SSH_CIPHER_3DES:
1496 return "3DES (168 key bits)";
1497 case SSH_CIPHER_DES:
1498 return "DES (56 key bits)";
1499 case SSH_CIPHER_IDEA:
1500 return "IDEA (128 key bits)";
1501 case SSH_CIPHER_RC4:
1502 return "RC4 (128 key bits)";
1503 case SSH_CIPHER_BLOWFISH:
1504 return "Blowfish (256 key bits)";
1505
1506 // SSH2
1507 case SSH2_CIPHER_3DES_CBC:
1508 return "3DES-CBC";
1509 case SSH2_CIPHER_AES128_CBC:
1510 return "AES128-CBC";
1511 case SSH2_CIPHER_AES192_CBC:
1512 return "AES192-CBC";
1513 case SSH2_CIPHER_AES256_CBC:
1514 return "AES256-CBC";
1515 case SSH2_CIPHER_BLOWFISH_CBC:
1516 return "Blowfish-CBC";
1517 case SSH2_CIPHER_AES128_CTR:
1518 return "AES128-CTR";
1519 case SSH2_CIPHER_AES192_CTR:
1520 return "AES192-CTR";
1521 case SSH2_CIPHER_AES256_CTR:
1522 return "AES256-CTR";
1523 case SSH2_CIPHER_ARCFOUR:
1524 return "ARCFOUR";
1525
1526 default:
1527 return "Unknown";
1528 }
1529 }
1530
1531 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1532 {
1533 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1534 "%s to server, %s from server");
1535 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1536 get_cipher_name(pvar->crypt_state.sender_cipher),
1537 get_cipher_name(pvar->crypt_state.receiver_cipher));
1538 }
1539
1540 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1541 {
1542 if (SSHv1(pvar)) {
1543 if (pvar->crypt_state.server_key.RSA_key == NULL
1544 || pvar->crypt_state.host_key.RSA_key == NULL) {
1545 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1546 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1547 } else {
1548 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1549 "%d-bit server key, %d-bit host key");
1550 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1551 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1552 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1553 }
1554 } else { // SSH2
1555 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1556 "%d-bit server key, %d-bit host key");
1557 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1558 pvar->server_key_bits,
1559 pvar->client_key_bits);
1560 }
1561 }
1562
1563 static void destroy_public_key(CRYPTPublicKey FAR * key)
1564 {
1565 if (key->RSA_key != NULL) {
1566 RSA_free(key->RSA_key);
1567 key->RSA_key = NULL;
1568 }
1569 }
1570
1571 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1572 {
1573 destroy_public_key(key);
1574 free(key);
1575 }
1576
1577 void CRYPT_end(PTInstVar pvar)
1578 {
1579 destroy_public_key(&pvar->crypt_state.host_key);
1580 destroy_public_key(&pvar->crypt_state.server_key);
1581
1582 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1583 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1584 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1585 free(pvar->crypt_state.detect_attack_statics.h);
1586 }
1587
1588 memset(pvar->crypt_state.sender_cipher_key, 0,
1589 sizeof(pvar->crypt_state.sender_cipher_key));
1590 memset(pvar->crypt_state.receiver_cipher_key, 0,
1591 sizeof(pvar->crypt_state.receiver_cipher_key));
1592 memset(pvar->crypt_state.server_cookie, 0,
1593 sizeof(pvar->crypt_state.server_cookie));
1594 memset(pvar->crypt_state.client_cookie, 0,
1595 sizeof(pvar->crypt_state.client_cookie));
1596 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1597 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1598 }
1599
1600 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1601 char FAR * buf, int bytes)
1602 {
1603 unsigned char passphrase_key[16];
1604
1605 MD5(passphrase, strlen(passphrase), passphrase_key);
1606
1607 switch (cipher) {
1608 case SSH_CIPHER_3DES:{
1609 Cipher3DESState state;
1610
1611 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1612 &state.k1);
1613 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1614 &state.k2);
1615 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1616 &state.k3);
1617 memset(state.ivec1, 0, 8);
1618 memset(state.ivec2, 0, 8);
1619 memset(state.ivec3, 0, 8);
1620 DES_ncbc_encrypt(buf, buf, bytes,
1621 &state.k3, &state.ivec3, DES_DECRYPT);
1622 DES_ncbc_encrypt(buf, buf, bytes,
1623 &state.k2, &state.ivec2, DES_ENCRYPT);
1624 DES_ncbc_encrypt(buf, buf, bytes,
1625 &state.k1, &state.ivec1, DES_DECRYPT);
1626 break;
1627 }
1628
1629 case SSH_CIPHER_IDEA:{
1630 CipherIDEAState state;
1631 int num = 0;
1632
1633 cIDEA_init(passphrase_key, &state);
1634 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1635 &num, IDEA_DECRYPT);
1636 break;
1637 }
1638
1639 case SSH_CIPHER_DES:{
1640 CipherDESState state;
1641
1642 cDES_init(passphrase_key, &state);
1643 DES_ncbc_encrypt(buf, buf, bytes,
1644 &state.k, &state.ivec, DES_DECRYPT);
1645 break;
1646 }
1647
1648 case SSH_CIPHER_RC4:{
1649 CipherRC4State state;
1650 int num = 0;
1651
1652 RC4_set_key(&state.k, 16, passphrase_key);
1653 RC4(&state.k, bytes, buf, buf);
1654 break;
1655 }
1656
1657 case SSH_CIPHER_BLOWFISH:{
1658 CipherBlowfishState state;
1659
1660 BF_set_key(&state.k, 16, passphrase_key);
1661 memset(state.ivec, 0, 8);
1662 flip_endianness(buf, bytes);
1663 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1664 BF_DECRYPT);
1665 flip_endianness(buf, bytes);
1666 break;
1667 }
1668
1669 case SSH_CIPHER_NONE:
1670 break;
1671
1672 default:
1673 memset(passphrase_key, 0, sizeof(passphrase_key));
1674 return 0;
1675 }
1676
1677 memset(passphrase_key, 0, sizeof(passphrase_key));
1678 return 1;
1679 }
1680
1681 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1682 {
1683 if (key_pair->RSA_key != NULL)
1684 RSA_free(key_pair->RSA_key);
1685
1686 if (key_pair->DSA_key != NULL)
1687 DSA_free(key_pair->DSA_key);
1688
1689 free(key_pair);
1690 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help