Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3169 - (show annotations) (download) (as text)
Sat Nov 22 06:46:43 2008 UTC (15 years, 4 months ago) by doda
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 50571 byte(s) 
SSH2 の共通鍵暗号方式として Arcfour128, Arcfour256 をサポート
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.26 2008-11-22 06:46:43 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226 if (bytes == 0)
227 goto error;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128/192/256 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128/192/256 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 unsigned char *newbuf = malloc(bytes);
270 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271
272 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
273 if (bytes == 0)
274 goto error;
275
276 if (newbuf == NULL)
277 return;
278
279 if (bytes % block_size) {
280 char tmp[80];
281 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 "AES128/192/256 decrypt error(1): bytes %d (%d)");
283 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 notify_fatal_error(pvar, tmp);
285 goto error;
286 }
287
288 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128/192/256 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 goto error;
293
294 } else {
295 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 unsigned char *newbuf = malloc(bytes);
319 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320
321 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
322 if (bytes == 0)
323 goto error;
324
325 if (newbuf == NULL)
326 return;
327
328 if (bytes % block_size) {
329 char tmp[80];
330 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331 "3DES-CBC encrypt error(1): bytes %d (%d)");
332 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333 pvar->ts->UIMsg, bytes, block_size);
334 notify_fatal_error(pvar, tmp);
335 goto error;
336 }
337
338 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340 "3DES-CBC encrypt error(2)");
341 notify_fatal_error(pvar, pvar->ts->UIMsg);
342 goto error;
343
344 } else {
345 //unsigned char key[24], iv[8];
346 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
348 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349
350 //debug_print(50, key, 24);
351 //debug_print(51, iv, 8);
352 //debug_print(52, buf, bytes);
353 //debug_print(53, newbuf, bytes);
354
355 memcpy(buf, newbuf, bytes);
356 }
357
358 error:
359 free(newbuf);
360 }
361
362 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367
368 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369 if (bytes == 0)
370 goto error;
371
372 if (newbuf == NULL)
373 return;
374
375 if (bytes % block_size) {
376 char tmp[80];
377 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378 "3DES-CBC decrypt error(1): bytes %d (%d)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380 notify_fatal_error(pvar, tmp);
381 goto error;
382 }
383
384 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386 "3DES-CBC decrypt error(2)");
387 notify_fatal_error(pvar, pvar->ts->UIMsg);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414
415 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
416 if (bytes == 0)
417 goto error;
418
419 if (newbuf == NULL)
420 return;
421
422 if (bytes % block_size) {
423 char tmp[80];
424 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425 "Blowfish encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427 pvar->ts->UIMsg, bytes, block_size);
428 notify_fatal_error(pvar, tmp);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434 "Blowfish encrypt error(2)");
435 notify_fatal_error(pvar, pvar->ts->UIMsg);
436 goto error;
437
438 } else {
439 memcpy(buf, newbuf, bytes);
440
441 }
442
443 error:
444 free(newbuf);
445 }
446
447 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448 int bytes)
449 {
450 unsigned char *newbuf = malloc(bytes);
451 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452
453 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
454 if (bytes == 0)
455 goto error;
456
457 if (newbuf == NULL)
458 return;
459
460 if (bytes % block_size) {
461 char tmp[80];
462 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463 "Blowfish decrypt error(1): bytes %d (%d)");
464 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465 notify_fatal_error(pvar, tmp);
466 goto error;
467 }
468
469 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471 "Blowfish decrypt error(2)");
472 notify_fatal_error(pvar, pvar->ts->UIMsg);
473 goto error;
474
475 } else {
476 memcpy(buf, newbuf, bytes);
477
478 }
479
480 error:
481 free(newbuf);
482 }
483
484 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
485 int bytes)
486 {
487 unsigned char *newbuf = malloc(bytes);
488 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
489
490 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
491 if (bytes == 0)
492 goto error;
493
494 if (newbuf == NULL)
495 return;
496
497 if (bytes % block_size) {
498 char tmp[80];
499 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR1", pvar,
500 "Arcfour encrypt error(1): bytes %d (%d)");
501 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
502 pvar->ts->UIMsg, bytes, block_size);
503 notify_fatal_error(pvar, tmp);
504 goto error;
505 }
506
507 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
508 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR2", pvar,
509 "Arcfour encrypt error(2)");
510 notify_fatal_error(pvar, pvar->ts->UIMsg);
511 goto error;
512
513 } else {
514 memcpy(buf, newbuf, bytes);
515
516 }
517
518 error:
519 free(newbuf);
520 }
521
522 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
523 int bytes)
524 {
525 unsigned char *newbuf = malloc(bytes);
526 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
527
528 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
529 if (bytes == 0)
530 goto error;
531
532 if (newbuf == NULL)
533 return;
534
535 if (bytes % block_size) {
536 char tmp[80];
537 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR1", pvar,
538 "Arcfour decrypt error(1): bytes %d (%d)");
539 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
540 notify_fatal_error(pvar, tmp);
541 goto error;
542 }
543
544 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
545 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR2", pvar,
546 "Arcfour decrypt error(2)");
547 notify_fatal_error(pvar, pvar->ts->UIMsg);
548 goto error;
549
550 } else {
551 memcpy(buf, newbuf, bytes);
552
553 }
554
555 error:
556 free(newbuf);
557 }
558
559
560
561 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
562 int bytes)
563 {
564 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
565
566 DES_ncbc_encrypt(buf, buf, bytes,
567 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
568 DES_ncbc_encrypt(buf, buf, bytes,
569 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
570 DES_ncbc_encrypt(buf, buf, bytes,
571 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
572 }
573
574 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
575 int bytes)
576 {
577 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
578
579 DES_ncbc_encrypt(buf, buf, bytes,
580 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
581 DES_ncbc_encrypt(buf, buf, bytes,
582 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
583 DES_ncbc_encrypt(buf, buf, bytes,
584 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
585 }
586
587 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
588 int bytes)
589 {
590 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
591
592 DES_ncbc_encrypt(buf, buf, bytes,
593 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
594 }
595
596 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
597 int bytes)
598 {
599 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
600
601 DES_ncbc_encrypt(buf, buf, bytes,
602 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
603 }
604
605 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
606 int bytes)
607 {
608 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
609 int num = 0;
610
611 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
612 encryptstate->ivec, &num, IDEA_ENCRYPT);
613 }
614
615 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
616 int bytes)
617 {
618 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
619 int num = 0;
620
621 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
622 decryptstate->ivec, &num, IDEA_DECRYPT);
623 }
624
625 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
626 {
627 uint32 FAR *buf = (uint32 FAR *) cbuf;
628 int count = bytes / 4;
629
630 while (count > 0) {
631 uint32 w = *buf;
632
633 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
634 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
635 count--;
636 buf++;
637 }
638 }
639
640 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
641 int bytes)
642 {
643 CipherBlowfishState FAR *encryptstate =
644 &pvar->crypt_state.enc.cBlowfish;
645
646 flip_endianness(buf, bytes);
647 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
648 BF_ENCRYPT);
649 flip_endianness(buf, bytes);
650 }
651
652 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
653 int bytes)
654 {
655 CipherBlowfishState FAR *decryptstate =
656 &pvar->crypt_state.dec.cBlowfish;
657
658 flip_endianness(buf, bytes);
659 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
660 BF_DECRYPT);
661 flip_endianness(buf, bytes);
662 }
663
664 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
665 int bytes)
666 {
667 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
668 int num = 0;
669
670 RC4(&encryptstate->k, bytes, buf, buf);
671 }
672
673 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
674 int bytes)
675 {
676 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
677 int num = 0;
678
679 RC4(&decryptstate->k, bytes, buf, buf);
680 }
681
682 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
683 int bytes)
684 {
685 RAND_bytes(buf, bytes);
686 }
687
688 void CRYPT_initialize_random_numbers(PTInstVar pvar)
689 {
690 RAND_screen();
691 }
692
693 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
694 {
695 int bits = get_ushort16_MSBfirst(bytes);
696
697 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
698 }
699
700 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
701 RSA FAR *make_key(PTInstVar pvar,
702 int bits, unsigned char FAR * exp,
703 unsigned char FAR * mod)
704 {
705 RSA FAR *key = RSA_new();
706
707 if (key != NULL) {
708 key->e = get_bignum(exp);
709 key->n = get_bignum(mod);
710 }
711
712 if (key == NULL || key->e == NULL || key->n == NULL) {
713 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
714 "Error setting up RSA keys");
715 notify_fatal_error(pvar, pvar->ts->UIMsg);
716
717 if (key != NULL) {
718 if (key->e != NULL) {
719 BN_free(key->e);
720 }
721 if (key->n != NULL) {
722 BN_free(key->n);
723 }
724 RSA_free(key);
725 }
726
727 return NULL;
728 } else {
729 return key;
730 }
731 }
732
733 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
734 {
735 if (SSHv1(pvar)) {
736 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
737 } else {
738 memcpy(pvar->crypt_state.server_cookie, cookie,
739 SSH2_COOKIE_LENGTH);
740 }
741 }
742
743 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
744 {
745 if (SSHv2(pvar)) {
746 memcpy(pvar->crypt_state.client_cookie, cookie,
747 SSH2_COOKIE_LENGTH);
748 }
749 }
750
751 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
752 int bits, unsigned char FAR * exp,
753 unsigned char FAR * mod)
754 {
755 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
756
757 return pvar->crypt_state.server_key.RSA_key != NULL;
758 }
759
760 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
761 int bits, unsigned char FAR * exp,
762 unsigned char FAR * mod)
763 {
764 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
765
766 return pvar->crypt_state.host_key.RSA_key != NULL;
767 }
768
769 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
770 int receiver_ciphers)
771 {
772 int cipher_mask;
773
774 if (SSHv1(pvar)) {
775 cipher_mask = (1 << SSH_CIPHER_DES)
776 | (1 << SSH_CIPHER_3DES)
777 | (1 << SSH_CIPHER_BLOWFISH);
778
779 } else { // for SSH2(yutaka)
780 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
781 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
782 | (1 << SSH2_CIPHER_AES128_CBC)
783 | (1 << SSH2_CIPHER_AES192_CBC)
784 | (1 << SSH2_CIPHER_AES256_CBC)
785 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
786 | (1 << SSH2_CIPHER_AES128_CTR)
787 | (1 << SSH2_CIPHER_AES192_CTR)
788 | (1 << SSH2_CIPHER_AES256_CTR)
789 | (1 << SSH2_CIPHER_ARCFOUR)
790 | (1 << SSH2_CIPHER_ARCFOUR128)
791 | (1 << SSH2_CIPHER_ARCFOUR256);
792 }
793
794 sender_ciphers &= cipher_mask;
795 receiver_ciphers &= cipher_mask;
796 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
797 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
798
799 if (sender_ciphers == 0) {
800 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
801 "The server does not support any of the TTSSH encryption algorithms.\n"
802 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
803 "The connection will be closed.");
804 notify_fatal_error(pvar, pvar->ts->UIMsg);
805 return FALSE;
806 } else if (receiver_ciphers == 0) {
807 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
808 "The server does not support any of the TTSSH encryption algorithms.\n"
809 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
810 "The connection will be closed.");
811 notify_fatal_error(pvar, pvar->ts->UIMsg);
812 return FALSE;
813 } else {
814 return TRUE;
815 }
816 }
817
818 int CRYPT_get_decryption_block_size(PTInstVar pvar)
819 {
820 if (SSHv1(pvar)) {
821 return 8;
822 } else {
823 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
824 // cf. 3DES=8, AES128=16
825 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
826 }
827 }
828
829 int CRYPT_get_encryption_block_size(PTInstVar pvar)
830 {
831 if (SSHv1(pvar)) {
832 return 8;
833 } else {
834 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
835 // cf. 3DES=8, AES128=16
836 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
837 }
838 }
839
840 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
841 {
842 struct Mac *mac;
843
844 if (SSHv1(pvar)) {
845 return 0;
846
847 } else { // for SSH2(yutaka)
848 mac = &pvar->ssh2_keys[MODE_IN].mac;
849 if (mac == NULL || mac->enabled == 0)
850 return 0;
851
852 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
853 }
854
855 }
856
857 // HMAC������
858 // ���{������ SSH2 �������g�p�������B
859 // (2004.12.17 yutaka)
860 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
861 char FAR * data, int len, char FAR * MAC)
862 {
863 HMAC_CTX c;
864 unsigned char m[EVP_MAX_MD_SIZE];
865 unsigned char b[4];
866 struct Mac *mac;
867
868 mac = &pvar->ssh2_keys[MODE_IN].mac;
869
870 // HMAC�������L���������������A����OK�����������B
871 if (mac == NULL || mac->enabled == 0)
872 return TRUE;
873
874 if (mac->key == NULL)
875 goto error;
876
877 if ((u_int)mac->mac_len > sizeof(m))
878 goto error;
879
880 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
881 set_uint32_MSBfirst(b, sequence_number);
882 HMAC_Update(&c, b, sizeof(b));
883 HMAC_Update(&c, data, len);
884 HMAC_Final(&c, m, NULL);
885 HMAC_cleanup(&c);
886
887 if (memcmp(m, MAC, mac->mac_len)) {
888 goto error;
889 }
890
891 return TRUE;
892
893 error:
894 return FALSE;
895 }
896
897 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
898 {
899 struct Mac *mac;
900
901 if (SSHv2(pvar)) { // for SSH2(yutaka)
902 mac = &pvar->ssh2_keys[MODE_OUT].mac;
903 if (mac == NULL || mac->enabled == 0)
904 return 0;
905
906 return (mac->mac_len);
907 }
908
909 return 0;
910 }
911
912 // for SSH2
913 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
914 char FAR * data, int len, char FAR * MAC)
915 {
916 HMAC_CTX c;
917 static u_char m[EVP_MAX_MD_SIZE];
918 u_char b[4];
919 struct Mac *mac;
920
921 if (SSHv2(pvar)) { // for SSH2(yutaka)
922 mac = &pvar->ssh2_keys[MODE_OUT].mac;
923 if (mac == NULL || mac->enabled == 0)
924 return FALSE;
925
926 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
927 set_uint32_MSBfirst(b, sequence_number);
928 HMAC_Update(&c, b, sizeof(b));
929 HMAC_Update(&c, data, len);
930 HMAC_Final(&c, m, NULL);
931 HMAC_cleanup(&c);
932
933 // 20�o�C�g�������R�s�[
934 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
935 // memcpy(MAC, m, sizeof(m));
936
937 return TRUE;
938 }
939
940 return TRUE;
941
942 }
943
944 static int choose_cipher(PTInstVar pvar, int supported)
945 {
946 int i;
947
948 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
949 int cipher = pvar->session_settings.CipherOrder[i] - '0';
950
951 if (cipher == SSH_CIPHER_NONE) {
952 break;
953 } else if ((supported & (1 << cipher)) != 0) {
954 return cipher;
955 }
956 }
957
958 return SSH_CIPHER_NONE;
959 }
960
961 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
962 {
963 if (SSHv1(pvar)) {
964 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
965 pvar->crypt_state.
966 supported_sender_ciphers);
967 pvar->crypt_state.receiver_cipher =
968 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
969
970 } else { // SSH2(yutaka)
971 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
972 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
973
974 }
975
976 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
977 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
978 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
979 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
980 "To communicate with this server, you will have to enable some more ciphers\n"
981 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
982 "This connection will now close.");
983 notify_fatal_error(pvar, pvar->ts->UIMsg);
984 return FALSE;
985 } else {
986 return TRUE;
987 }
988 }
989
990 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
991 {
992 int server_key_bits =
993 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
994 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
995 int server_key_bytes = (server_key_bits + 7) / 8;
996 int host_key_bytes = (host_key_bits + 7) / 8;
997
998 if (server_key_bits < host_key_bits) {
999 return host_key_bytes;
1000 } else {
1001 return server_key_bytes;
1002 }
1003 }
1004
1005 int CRYPT_choose_session_key(PTInstVar pvar,
1006 unsigned char FAR * encrypted_key_buf)
1007 {
1008 int server_key_bits =
1009 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1010 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1011 int server_key_bytes = (server_key_bits + 7) / 8;
1012 int host_key_bytes = (host_key_bits + 7) / 8;
1013 int encrypted_key_bytes;
1014 int bit_delta;
1015
1016 if (server_key_bits < host_key_bits) {
1017 encrypted_key_bytes = host_key_bytes;
1018 bit_delta = host_key_bits - server_key_bits;
1019 } else {
1020 encrypted_key_bytes = server_key_bytes;
1021 bit_delta = server_key_bits - host_key_bits;
1022 }
1023
1024 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1025 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1026 "Server RSA keys are too weak. A secure connection cannot be established.");
1027 notify_fatal_error(pvar, pvar->ts->UIMsg);
1028 return 0;
1029 } else {
1030 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1031 for the session ID, rather than the one specified in the RFC */
1032 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1033 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1034 char session_id[16];
1035 int i;
1036
1037 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1038 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1039 session_buf + host_key_bytes);
1040 memcpy(session_buf + server_key_bytes + host_key_bytes,
1041 pvar->crypt_state.server_cookie, 8);
1042 MD5(session_buf, session_buf_len, session_id);
1043
1044 free(session_buf);
1045
1046 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1047 SSH_SESSION_KEY_LENGTH);
1048 memcpy(pvar->crypt_state.receiver_cipher_key,
1049 pvar->crypt_state.sender_cipher_key,
1050 SSH_SESSION_KEY_LENGTH);
1051
1052 memcpy(encrypted_key_buf + encrypted_key_bytes -
1053 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1054 SSH_SESSION_KEY_LENGTH);
1055 for (i = 0; i < sizeof(session_id); i++) {
1056 encrypted_key_buf[encrypted_key_bytes -
1057 SSH_SESSION_KEY_LENGTH + i]
1058 ^= session_id[i];
1059 }
1060
1061 if (host_key_bits > server_key_bits) {
1062 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1063 encrypted_key_buf +
1064 encrypted_key_bytes -
1065 SSH_SESSION_KEY_LENGTH,
1066 encrypted_key_buf +
1067 encrypted_key_bytes - server_key_bytes,
1068 pvar->crypt_state.server_key.RSA_key,
1069 RSA_PKCS1_PADDING) < 0)
1070 return 0;
1071
1072 if (RSA_public_encrypt(server_key_bytes,
1073 encrypted_key_buf +
1074 encrypted_key_bytes - server_key_bytes,
1075 encrypted_key_buf,
1076 pvar->crypt_state.host_key.RSA_key,
1077 RSA_PKCS1_PADDING) < 0)
1078 return 0;
1079 } else {
1080 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1081 encrypted_key_buf +
1082 encrypted_key_bytes -
1083 SSH_SESSION_KEY_LENGTH,
1084 encrypted_key_buf +
1085 encrypted_key_bytes - host_key_bytes,
1086 pvar->crypt_state.host_key.RSA_key,
1087 RSA_PKCS1_PADDING) < 0)
1088 return 0;
1089
1090 if (RSA_public_encrypt(host_key_bytes,
1091 encrypted_key_buf +
1092 encrypted_key_bytes - host_key_bytes,
1093 encrypted_key_buf,
1094 pvar->crypt_state.server_key.RSA_key,
1095 RSA_PKCS1_PADDING) < 0)
1096 return 0;
1097 }
1098 }
1099
1100 return 1;
1101 }
1102
1103 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1104 unsigned char FAR * challenge,
1105 int challenge_len,
1106 unsigned char FAR * response)
1107 {
1108 int server_key_bits =
1109 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1110 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1111 int server_key_bytes = (server_key_bits + 7) / 8;
1112 int host_key_bytes = (host_key_bits + 7) / 8;
1113 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1114 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1115 char decrypted_challenge[48];
1116 int decrypted_challenge_len;
1117
1118 decrypted_challenge_len =
1119 RSA_private_decrypt(challenge_len, challenge, challenge,
1120 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1121 RSA_PKCS1_PADDING);
1122 if (decrypted_challenge_len < 0) {
1123 free(session_buf);
1124 return 0;
1125 }
1126 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1127 memcpy(decrypted_challenge,
1128 challenge + decrypted_challenge_len -
1129 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1130 } else {
1131 memset(decrypted_challenge, 0,
1132 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1133 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1134 decrypted_challenge_len, challenge,
1135 decrypted_challenge_len);
1136 }
1137
1138 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1139 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1140 session_buf + host_key_bytes);
1141 memcpy(session_buf + server_key_bytes + host_key_bytes,
1142 pvar->crypt_state.server_cookie, 8);
1143 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1144
1145 free(session_buf);
1146
1147 MD5(decrypted_challenge, 48, response);
1148
1149 return 1;
1150 }
1151
1152 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1153 {
1154 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1155 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1156 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1157 memset(state->ivec1, 0, 8);
1158 memset(state->ivec2, 0, 8);
1159 memset(state->ivec3, 0, 8);
1160 }
1161
1162 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1163 {
1164 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1165 memset(state->ivec, 0, 8);
1166 }
1167
1168 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1169 {
1170 idea_set_encrypt_key(session_key, &state->k);
1171 memset(state->ivec, 0, 8);
1172 }
1173
1174 static void cBlowfish_init(char FAR * session_key,
1175 CipherBlowfishState FAR * state)
1176 {
1177 BF_set_key(&state->k, 32, session_key);
1178 memset(state->ivec, 0, 8);
1179 }
1180
1181
1182 //
1183 // SSH2�p�A���S���Y����������
1184 //
1185 // for SSH2(yutaka)
1186 //
1187 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1188 const u_char *key, u_int keylen,
1189 const u_char *iv, u_int ivlen,
1190 int encrypt,
1191 const EVP_CIPHER *type,
1192 int discard_len,
1193 PTInstVar pvar)
1194 {
1195 int klen;
1196 char tmp[80];
1197 unsigned char *junk = NULL, *discard = NULL;
1198
1199 EVP_CIPHER_CTX_init(evp);
1200 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1201 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1202 "Cipher initialize error(%d)");
1203 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1204 notify_fatal_error(pvar, tmp);
1205 return;
1206 }
1207
1208 klen = EVP_CIPHER_CTX_key_length(evp);
1209 if (klen > 0 && keylen != klen) {
1210 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1211 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1212 "Cipher initialize error(%d)");
1213 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1214 notify_fatal_error(pvar, tmp);
1215 return;
1216 }
1217 }
1218 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1219 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1220 "Cipher initialize error(%d)");
1221 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1222 notify_fatal_error(pvar, tmp);
1223 return;
1224 }
1225
1226 if (discard_len > 0) {
1227 junk = malloc(discard_len);
1228 discard = malloc(discard_len);
1229 if (junk == NULL || discard == NULL ||
1230 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1231 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1232 "Cipher initialize error(%d)");
1233 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1234 pvar->ts->UIMsg, 3);
1235 notify_fatal_error(pvar, tmp);
1236 }
1237 else {
1238 memset(discard, 0, discard_len);
1239 }
1240 free(junk);
1241 free(discard);
1242 }
1243 }
1244
1245
1246 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1247 {
1248 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1249 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1250 BOOL isOK = TRUE;
1251
1252 if (sender_flag) {
1253 switch (pvar->crypt_state.sender_cipher) {
1254 // for SSH2(yutaka)
1255 case SSH2_CIPHER_3DES_CBC:
1256 {
1257 struct Enc *enc;
1258
1259 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1260 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1261 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1262 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1263 CIPHER_ENCRYPT,
1264 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1265 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1266 pvar);
1267
1268 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1269 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1270
1271 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1272 break;
1273 }
1274
1275 // for SSH2(yutaka)
1276 case SSH2_CIPHER_AES128_CBC:
1277 case SSH2_CIPHER_AES192_CBC:
1278 case SSH2_CIPHER_AES256_CBC:
1279 case SSH2_CIPHER_AES128_CTR:
1280 case SSH2_CIPHER_AES192_CTR:
1281 case SSH2_CIPHER_AES256_CTR:
1282 {
1283 struct Enc *enc;
1284
1285 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1286 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1287 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1288 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1289 CIPHER_ENCRYPT,
1290 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1291 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1292 pvar);
1293
1294 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1295 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1296
1297 pvar->crypt_state.encrypt = cAES128_encrypt;
1298 break;
1299 }
1300
1301 case SSH2_CIPHER_BLOWFISH_CBC:
1302 {
1303 struct Enc *enc;
1304
1305 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1306 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1307 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1308 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1309 CIPHER_ENCRYPT,
1310 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1311 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1312 pvar);
1313
1314 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1315 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1316
1317 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1318 break;
1319 }
1320
1321 case SSH2_CIPHER_ARCFOUR:
1322 case SSH2_CIPHER_ARCFOUR128:
1323 case SSH2_CIPHER_ARCFOUR256:
1324 {
1325 struct Enc *enc;
1326
1327 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1328 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1329 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1330 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1331 CIPHER_ENCRYPT,
1332 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1333 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1334 pvar);
1335 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1336 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1337
1338 pvar->crypt_state.encrypt = cArcfour_encrypt;
1339 break;
1340 }
1341
1342 case SSH_CIPHER_3DES:{
1343 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1344 pvar->crypt_state.encrypt = c3DES_encrypt;
1345 break;
1346 }
1347 case SSH_CIPHER_IDEA:{
1348 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1349 pvar->crypt_state.encrypt = cIDEA_encrypt;
1350 break;
1351 }
1352 case SSH_CIPHER_DES:{
1353 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1354 pvar->crypt_state.encrypt = cDES_encrypt;
1355 break;
1356 }
1357 case SSH_CIPHER_RC4:{
1358 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1359 encryption_key + 16);
1360 pvar->crypt_state.encrypt = cRC4_encrypt;
1361 break;
1362 }
1363 case SSH_CIPHER_BLOWFISH:{
1364 cBlowfish_init(encryption_key,
1365 &pvar->crypt_state.enc.cBlowfish);
1366 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1367 break;
1368 }
1369 default:
1370 isOK = FALSE;
1371 }
1372 }
1373
1374
1375 if (receiver_flag) {
1376 switch (pvar->crypt_state.receiver_cipher) {
1377 // for SSH2(yutaka)
1378 case SSH2_CIPHER_3DES_CBC:
1379 {
1380 struct Enc *enc;
1381
1382 enc = &pvar->ssh2_keys[MODE_IN].enc;
1383 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1384 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1385 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1386 CIPHER_DECRYPT,
1387 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1388 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1389 pvar);
1390
1391 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1392 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1393
1394 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1395 break;
1396 }
1397
1398 // for SSH2(yutaka)
1399 case SSH2_CIPHER_AES128_CBC:
1400 case SSH2_CIPHER_AES192_CBC:
1401 case SSH2_CIPHER_AES256_CBC:
1402 case SSH2_CIPHER_AES128_CTR:
1403 case SSH2_CIPHER_AES192_CTR:
1404 case SSH2_CIPHER_AES256_CTR:
1405 {
1406 struct Enc *enc;
1407
1408 enc = &pvar->ssh2_keys[MODE_IN].enc;
1409 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1410 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1411 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1412 CIPHER_DECRYPT,
1413 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1414 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1415 pvar);
1416
1417 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1418 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1419
1420 pvar->crypt_state.decrypt = cAES128_decrypt;
1421 break;
1422 }
1423
1424 case SSH2_CIPHER_BLOWFISH_CBC:
1425 {
1426 struct Enc *enc;
1427
1428 enc = &pvar->ssh2_keys[MODE_IN].enc;
1429 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1430 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1431 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1432 CIPHER_DECRYPT,
1433 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1434 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1435 pvar);
1436
1437 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1438 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1439
1440 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1441 break;
1442 }
1443
1444 case SSH2_CIPHER_ARCFOUR:
1445 case SSH2_CIPHER_ARCFOUR128:
1446 case SSH2_CIPHER_ARCFOUR256:
1447 {
1448 struct Enc *enc;
1449
1450 enc = &pvar->ssh2_keys[MODE_IN].enc;
1451 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1452 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1453 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1454 CIPHER_DECRYPT,
1455 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1456 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1457 pvar);
1458
1459 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1460 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1461
1462 pvar->crypt_state.decrypt = cArcfour_decrypt;
1463 break;
1464 }
1465
1466 case SSH_CIPHER_3DES:{
1467 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1468 pvar->crypt_state.decrypt = c3DES_decrypt;
1469 break;
1470 }
1471 case SSH_CIPHER_IDEA:{
1472 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1473 pvar->crypt_state.decrypt = cIDEA_decrypt;
1474 break;
1475 }
1476 case SSH_CIPHER_DES:{
1477 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1478 pvar->crypt_state.decrypt = cDES_decrypt;
1479 break;
1480 }
1481 case SSH_CIPHER_RC4:{
1482 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1483 pvar->crypt_state.decrypt = cRC4_decrypt;
1484 break;
1485 }
1486 case SSH_CIPHER_BLOWFISH:{
1487 cBlowfish_init(decryption_key,
1488 &pvar->crypt_state.dec.cBlowfish);
1489 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1490 break;
1491 }
1492 default:
1493 isOK = FALSE;
1494 }
1495 }
1496
1497
1498 if (!isOK) {
1499 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1500 "No cipher selected!");
1501 notify_fatal_error(pvar, pvar->ts->UIMsg);
1502 return FALSE;
1503 } else {
1504 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1505 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1506 return TRUE;
1507 }
1508 }
1509
1510 void CRYPT_init(PTInstVar pvar)
1511 {
1512 pvar->crypt_state.encrypt = no_encrypt;
1513 pvar->crypt_state.decrypt = no_encrypt;
1514 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1515 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1516 pvar->crypt_state.server_key.RSA_key = NULL;
1517 pvar->crypt_state.host_key.RSA_key = NULL;
1518
1519 pvar->crypt_state.detect_attack_statics.h = NULL;
1520 pvar->crypt_state.detect_attack_statics.n =
1521 HASH_MINSIZE / HASH_ENTRYSIZE;
1522 }
1523
1524 static char FAR *get_cipher_name(int cipher)
1525 {
1526 switch (cipher) {
1527 case SSH_CIPHER_NONE:
1528 return "None";
1529 case SSH_CIPHER_3DES:
1530 return "3DES (168 key bits)";
1531 case SSH_CIPHER_DES:
1532 return "DES (56 key bits)";
1533 case SSH_CIPHER_IDEA:
1534 return "IDEA (128 key bits)";
1535 case SSH_CIPHER_RC4:
1536 return "RC4 (128 key bits)";
1537 case SSH_CIPHER_BLOWFISH:
1538 return "Blowfish (256 key bits)";
1539
1540 // SSH2
1541 case SSH2_CIPHER_3DES_CBC:
1542 return "3DES-CBC";
1543 case SSH2_CIPHER_AES128_CBC:
1544 return "AES128-CBC";
1545 case SSH2_CIPHER_AES192_CBC:
1546 return "AES192-CBC";
1547 case SSH2_CIPHER_AES256_CBC:
1548 return "AES256-CBC";
1549 case SSH2_CIPHER_BLOWFISH_CBC:
1550 return "Blowfish-CBC";
1551 case SSH2_CIPHER_AES128_CTR:
1552 return "AES128-CTR";
1553 case SSH2_CIPHER_AES192_CTR:
1554 return "AES192-CTR";
1555 case SSH2_CIPHER_AES256_CTR:
1556 return "AES256-CTR";
1557 case SSH2_CIPHER_ARCFOUR:
1558 return "Arcfour";
1559 case SSH2_CIPHER_ARCFOUR128:
1560 return "Arcfour128";
1561 case SSH2_CIPHER_ARCFOUR256:
1562 return "Arcfour256";
1563
1564 default:
1565 return "Unknown";
1566 }
1567 }
1568
1569 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1570 {
1571 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1572 "%s to server, %s from server");
1573 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1574 get_cipher_name(pvar->crypt_state.sender_cipher),
1575 get_cipher_name(pvar->crypt_state.receiver_cipher));
1576 }
1577
1578 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1579 {
1580 if (SSHv1(pvar)) {
1581 if (pvar->crypt_state.server_key.RSA_key == NULL
1582 || pvar->crypt_state.host_key.RSA_key == NULL) {
1583 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1584 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1585 } else {
1586 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1587 "%d-bit server key, %d-bit host key");
1588 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1589 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1590 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1591 }
1592 } else { // SSH2
1593 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1594 "%d-bit server key, %d-bit host key");
1595 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1596 pvar->server_key_bits,
1597 pvar->client_key_bits);
1598 }
1599 }
1600
1601 static void destroy_public_key(CRYPTPublicKey FAR * key)
1602 {
1603 if (key->RSA_key != NULL) {
1604 RSA_free(key->RSA_key);
1605 key->RSA_key = NULL;
1606 }
1607 }
1608
1609 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1610 {
1611 destroy_public_key(key);
1612 free(key);
1613 }
1614
1615 void CRYPT_end(PTInstVar pvar)
1616 {
1617 destroy_public_key(&pvar->crypt_state.host_key);
1618 destroy_public_key(&pvar->crypt_state.server_key);
1619
1620 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1621 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1622 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1623 free(pvar->crypt_state.detect_attack_statics.h);
1624 }
1625
1626 memset(pvar->crypt_state.sender_cipher_key, 0,
1627 sizeof(pvar->crypt_state.sender_cipher_key));
1628 memset(pvar->crypt_state.receiver_cipher_key, 0,
1629 sizeof(pvar->crypt_state.receiver_cipher_key));
1630 memset(pvar->crypt_state.server_cookie, 0,
1631 sizeof(pvar->crypt_state.server_cookie));
1632 memset(pvar->crypt_state.client_cookie, 0,
1633 sizeof(pvar->crypt_state.client_cookie));
1634 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1635 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1636 }
1637
1638 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1639 char FAR * buf, int bytes)
1640 {
1641 unsigned char passphrase_key[16];
1642
1643 MD5(passphrase, strlen(passphrase), passphrase_key);
1644
1645 switch (cipher) {
1646 case SSH_CIPHER_3DES:{
1647 Cipher3DESState state;
1648
1649 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1650 &state.k1);
1651 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1652 &state.k2);
1653 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1654 &state.k3);
1655 memset(state.ivec1, 0, 8);
1656 memset(state.ivec2, 0, 8);
1657 memset(state.ivec3, 0, 8);
1658 DES_ncbc_encrypt(buf, buf, bytes,
1659 &state.k3, &state.ivec3, DES_DECRYPT);
1660 DES_ncbc_encrypt(buf, buf, bytes,
1661 &state.k2, &state.ivec2, DES_ENCRYPT);
1662 DES_ncbc_encrypt(buf, buf, bytes,
1663 &state.k1, &state.ivec1, DES_DECRYPT);
1664 break;
1665 }
1666
1667 case SSH_CIPHER_IDEA:{
1668 CipherIDEAState state;
1669 int num = 0;
1670
1671 cIDEA_init(passphrase_key, &state);
1672 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1673 &num, IDEA_DECRYPT);
1674 break;
1675 }
1676
1677 case SSH_CIPHER_DES:{
1678 CipherDESState state;
1679
1680 cDES_init(passphrase_key, &state);
1681 DES_ncbc_encrypt(buf, buf, bytes,
1682 &state.k, &state.ivec, DES_DECRYPT);
1683 break;
1684 }
1685
1686 case SSH_CIPHER_RC4:{
1687 CipherRC4State state;
1688 int num = 0;
1689
1690 RC4_set_key(&state.k, 16, passphrase_key);
1691 RC4(&state.k, bytes, buf, buf);
1692 break;
1693 }
1694
1695 case SSH_CIPHER_BLOWFISH:{
1696 CipherBlowfishState state;
1697
1698 BF_set_key(&state.k, 16, passphrase_key);
1699 memset(state.ivec, 0, 8);
1700 flip_endianness(buf, bytes);
1701 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1702 BF_DECRYPT);
1703 flip_endianness(buf, bytes);
1704 break;
1705 }
1706
1707 case SSH_CIPHER_NONE:
1708 break;
1709
1710 default:
1711 memset(passphrase_key, 0, sizeof(passphrase_key));
1712 return 0;
1713 }
1714
1715 memset(passphrase_key, 0, sizeof(passphrase_key));
1716 return 1;
1717 }
1718
1719 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1720 {
1721 if (key_pair->RSA_key != NULL)
1722 RSA_free(key_pair->RSA_key);
1723
1724 if (key_pair->DSA_key != NULL)
1725 DSA_free(key_pair->DSA_key);
1726
1727 free(key_pair);
1728 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help