Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3227 - (show annotations) (download) (as text)
Tue Mar 24 15:10:33 2009 UTC (15 years ago) by maya
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 56086 byte(s) 
CVS から SVN へ移行: 改行コードを LF から CR+LF へ変換
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226 if (bytes == 0)
227 goto error;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128/192/256 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128/192/256 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 unsigned char *newbuf = malloc(bytes);
270 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271
272 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
273 if (bytes == 0)
274 goto error;
275
276 if (newbuf == NULL)
277 return;
278
279 if (bytes % block_size) {
280 char tmp[80];
281 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 "AES128/192/256 decrypt error(1): bytes %d (%d)");
283 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 notify_fatal_error(pvar, tmp);
285 goto error;
286 }
287
288 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128/192/256 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 goto error;
293
294 } else {
295 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 unsigned char *newbuf = malloc(bytes);
319 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320
321 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
322 if (bytes == 0)
323 goto error;
324
325 if (newbuf == NULL)
326 return;
327
328 if (bytes % block_size) {
329 char tmp[80];
330 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331 "3DES-CBC encrypt error(1): bytes %d (%d)");
332 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333 pvar->ts->UIMsg, bytes, block_size);
334 notify_fatal_error(pvar, tmp);
335 goto error;
336 }
337
338 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340 "3DES-CBC encrypt error(2)");
341 notify_fatal_error(pvar, pvar->ts->UIMsg);
342 goto error;
343
344 } else {
345 //unsigned char key[24], iv[8];
346 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
348 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349
350 //debug_print(50, key, 24);
351 //debug_print(51, iv, 8);
352 //debug_print(52, buf, bytes);
353 //debug_print(53, newbuf, bytes);
354
355 memcpy(buf, newbuf, bytes);
356 }
357
358 error:
359 free(newbuf);
360 }
361
362 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367
368 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369 if (bytes == 0)
370 goto error;
371
372 if (newbuf == NULL)
373 return;
374
375 if (bytes % block_size) {
376 char tmp[80];
377 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378 "3DES-CBC decrypt error(1): bytes %d (%d)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380 notify_fatal_error(pvar, tmp);
381 goto error;
382 }
383
384 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386 "3DES-CBC decrypt error(2)");
387 notify_fatal_error(pvar, pvar->ts->UIMsg);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414
415 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
416 if (bytes == 0)
417 goto error;
418
419 if (newbuf == NULL)
420 return;
421
422 if (bytes % block_size) {
423 char tmp[80];
424 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425 "Blowfish encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427 pvar->ts->UIMsg, bytes, block_size);
428 notify_fatal_error(pvar, tmp);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434 "Blowfish encrypt error(2)");
435 notify_fatal_error(pvar, pvar->ts->UIMsg);
436 goto error;
437
438 } else {
439 memcpy(buf, newbuf, bytes);
440
441 }
442
443 error:
444 free(newbuf);
445 }
446
447 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448 int bytes)
449 {
450 unsigned char *newbuf = malloc(bytes);
451 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452
453 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
454 if (bytes == 0)
455 goto error;
456
457 if (newbuf == NULL)
458 return;
459
460 if (bytes % block_size) {
461 char tmp[80];
462 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463 "Blowfish decrypt error(1): bytes %d (%d)");
464 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465 notify_fatal_error(pvar, tmp);
466 goto error;
467 }
468
469 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471 "Blowfish decrypt error(2)");
472 notify_fatal_error(pvar, pvar->ts->UIMsg);
473 goto error;
474
475 } else {
476 memcpy(buf, newbuf, bytes);
477
478 }
479
480 error:
481 free(newbuf);
482 }
483
484 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
485 int bytes)
486 {
487 unsigned char *newbuf = malloc(bytes);
488 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
489
490 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
491 if (bytes == 0)
492 goto error;
493
494 if (newbuf == NULL)
495 return;
496
497 if (bytes % block_size) {
498 char tmp[80];
499 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR1", pvar,
500 "Arcfour encrypt error(1): bytes %d (%d)");
501 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
502 pvar->ts->UIMsg, bytes, block_size);
503 notify_fatal_error(pvar, tmp);
504 goto error;
505 }
506
507 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
508 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR2", pvar,
509 "Arcfour encrypt error(2)");
510 notify_fatal_error(pvar, pvar->ts->UIMsg);
511 goto error;
512
513 } else {
514 memcpy(buf, newbuf, bytes);
515
516 }
517
518 error:
519 free(newbuf);
520 }
521
522 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
523 int bytes)
524 {
525 unsigned char *newbuf = malloc(bytes);
526 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
527
528 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
529 if (bytes == 0)
530 goto error;
531
532 if (newbuf == NULL)
533 return;
534
535 if (bytes % block_size) {
536 char tmp[80];
537 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR1", pvar,
538 "Arcfour decrypt error(1): bytes %d (%d)");
539 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
540 notify_fatal_error(pvar, tmp);
541 goto error;
542 }
543
544 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
545 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR2", pvar,
546 "Arcfour decrypt error(2)");
547 notify_fatal_error(pvar, pvar->ts->UIMsg);
548 goto error;
549
550 } else {
551 memcpy(buf, newbuf, bytes);
552
553 }
554
555 error:
556 free(newbuf);
557 }
558
559 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
560 int bytes)
561 {
562 unsigned char *newbuf = malloc(bytes);
563 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
564
565 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
566 if (bytes == 0)
567 goto error;
568
569 if (newbuf == NULL)
570 return;
571
572 if (bytes % block_size) {
573 char tmp[80];
574 UTIL_get_lang_msg("MSG_CAST128_ENCRYPT_ERROR1", pvar,
575 "CAST128 encrypt error(1): bytes %d (%d)");
576 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
577 pvar->ts->UIMsg, bytes, block_size);
578 notify_fatal_error(pvar, tmp);
579 goto error;
580 }
581
582 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
583 UTIL_get_lang_msg("MSG_CAST128_ENCRYPT_ERROR2", pvar,
584 "CAST128 encrypt error(2)");
585 notify_fatal_error(pvar, pvar->ts->UIMsg);
586 goto error;
587
588 } else {
589 memcpy(buf, newbuf, bytes);
590
591 }
592
593 error:
594 free(newbuf);
595 }
596
597 static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
598 int bytes)
599 {
600 unsigned char *newbuf = malloc(bytes);
601 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
602
603 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
604 if (bytes == 0)
605 goto error;
606
607 if (newbuf == NULL)
608 return;
609
610 if (bytes % block_size) {
611 char tmp[80];
612 UTIL_get_lang_msg("MSG_CAST128_DECRYPT_ERROR1", pvar,
613 "CAST128 decrypt error(1): bytes %d (%d)");
614 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
615 notify_fatal_error(pvar, tmp);
616 goto error;
617 }
618
619 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
620 UTIL_get_lang_msg("MSG_CAST128_DECRYPT_ERROR2", pvar,
621 "CAST128 decrypt error(2)");
622 notify_fatal_error(pvar, pvar->ts->UIMsg);
623 goto error;
624
625 } else {
626 memcpy(buf, newbuf, bytes);
627
628 }
629
630 error:
631 free(newbuf);
632 }
633
634
635
636 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
637 int bytes)
638 {
639 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
640
641 DES_ncbc_encrypt(buf, buf, bytes,
642 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
643 DES_ncbc_encrypt(buf, buf, bytes,
644 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
645 DES_ncbc_encrypt(buf, buf, bytes,
646 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
647 }
648
649 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
650 int bytes)
651 {
652 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
653
654 DES_ncbc_encrypt(buf, buf, bytes,
655 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
656 DES_ncbc_encrypt(buf, buf, bytes,
657 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
658 DES_ncbc_encrypt(buf, buf, bytes,
659 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
660 }
661
662 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
663 int bytes)
664 {
665 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
666
667 DES_ncbc_encrypt(buf, buf, bytes,
668 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
669 }
670
671 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
672 int bytes)
673 {
674 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
675
676 DES_ncbc_encrypt(buf, buf, bytes,
677 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
678 }
679
680 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
681 int bytes)
682 {
683 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
684 int num = 0;
685
686 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
687 encryptstate->ivec, &num, IDEA_ENCRYPT);
688 }
689
690 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
691 int bytes)
692 {
693 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
694 int num = 0;
695
696 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
697 decryptstate->ivec, &num, IDEA_DECRYPT);
698 }
699
700 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
701 {
702 uint32 FAR *buf = (uint32 FAR *) cbuf;
703 int count = bytes / 4;
704
705 while (count > 0) {
706 uint32 w = *buf;
707
708 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
709 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
710 count--;
711 buf++;
712 }
713 }
714
715 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
716 int bytes)
717 {
718 CipherBlowfishState FAR *encryptstate =
719 &pvar->crypt_state.enc.cBlowfish;
720
721 flip_endianness(buf, bytes);
722 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
723 BF_ENCRYPT);
724 flip_endianness(buf, bytes);
725 }
726
727 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
728 int bytes)
729 {
730 CipherBlowfishState FAR *decryptstate =
731 &pvar->crypt_state.dec.cBlowfish;
732
733 flip_endianness(buf, bytes);
734 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
735 BF_DECRYPT);
736 flip_endianness(buf, bytes);
737 }
738
739 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
740 int bytes)
741 {
742 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
743 int num = 0;
744
745 RC4(&encryptstate->k, bytes, buf, buf);
746 }
747
748 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
749 int bytes)
750 {
751 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
752 int num = 0;
753
754 RC4(&decryptstate->k, bytes, buf, buf);
755 }
756
757 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
758 int bytes)
759 {
760 RAND_bytes(buf, bytes);
761 }
762
763 void CRYPT_initialize_random_numbers(PTInstVar pvar)
764 {
765 RAND_screen();
766 }
767
768 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
769 {
770 int bits = get_ushort16_MSBfirst(bytes);
771
772 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
773 }
774
775 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
776 RSA FAR *make_key(PTInstVar pvar,
777 int bits, unsigned char FAR * exp,
778 unsigned char FAR * mod)
779 {
780 RSA FAR *key = RSA_new();
781
782 if (key != NULL) {
783 key->e = get_bignum(exp);
784 key->n = get_bignum(mod);
785 }
786
787 if (key == NULL || key->e == NULL || key->n == NULL) {
788 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
789 "Error setting up RSA keys");
790 notify_fatal_error(pvar, pvar->ts->UIMsg);
791
792 if (key != NULL) {
793 if (key->e != NULL) {
794 BN_free(key->e);
795 }
796 if (key->n != NULL) {
797 BN_free(key->n);
798 }
799 RSA_free(key);
800 }
801
802 return NULL;
803 } else {
804 return key;
805 }
806 }
807
808 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
809 {
810 if (SSHv1(pvar)) {
811 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
812 } else {
813 memcpy(pvar->crypt_state.server_cookie, cookie,
814 SSH2_COOKIE_LENGTH);
815 }
816 }
817
818 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
819 {
820 if (SSHv2(pvar)) {
821 memcpy(pvar->crypt_state.client_cookie, cookie,
822 SSH2_COOKIE_LENGTH);
823 }
824 }
825
826 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
827 int bits, unsigned char FAR * exp,
828 unsigned char FAR * mod)
829 {
830 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
831
832 return pvar->crypt_state.server_key.RSA_key != NULL;
833 }
834
835 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
836 int bits, unsigned char FAR * exp,
837 unsigned char FAR * mod)
838 {
839 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
840
841 return pvar->crypt_state.host_key.RSA_key != NULL;
842 }
843
844 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
845 int receiver_ciphers)
846 {
847 int cipher_mask;
848
849 if (SSHv1(pvar)) {
850 cipher_mask = (1 << SSH_CIPHER_DES)
851 | (1 << SSH_CIPHER_3DES)
852 | (1 << SSH_CIPHER_BLOWFISH);
853
854 } else { // for SSH2(yutaka)
855 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
856 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
857 | (1 << SSH2_CIPHER_AES128_CBC)
858 | (1 << SSH2_CIPHER_AES192_CBC)
859 | (1 << SSH2_CIPHER_AES256_CBC)
860 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
861 | (1 << SSH2_CIPHER_AES128_CTR)
862 | (1 << SSH2_CIPHER_AES192_CTR)
863 | (1 << SSH2_CIPHER_AES256_CTR)
864 | (1 << SSH2_CIPHER_ARCFOUR)
865 | (1 << SSH2_CIPHER_ARCFOUR128)
866 | (1 << SSH2_CIPHER_ARCFOUR256)
867 | (1 << SSH2_CIPHER_CAST128_CBC);
868 }
869
870 sender_ciphers &= cipher_mask;
871 receiver_ciphers &= cipher_mask;
872 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
873 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
874
875 if (sender_ciphers == 0) {
876 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
877 "The server does not support any of the TTSSH encryption algorithms.\n"
878 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
879 "The connection will be closed.");
880 notify_fatal_error(pvar, pvar->ts->UIMsg);
881 return FALSE;
882 } else if (receiver_ciphers == 0) {
883 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
884 "The server does not support any of the TTSSH encryption algorithms.\n"
885 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
886 "The connection will be closed.");
887 notify_fatal_error(pvar, pvar->ts->UIMsg);
888 return FALSE;
889 } else {
890 return TRUE;
891 }
892 }
893
894 int CRYPT_get_decryption_block_size(PTInstVar pvar)
895 {
896 if (SSHv1(pvar)) {
897 return 8;
898 } else {
899 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
900 // cf. 3DES=8, AES128=16
901 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
902 }
903 }
904
905 int CRYPT_get_encryption_block_size(PTInstVar pvar)
906 {
907 if (SSHv1(pvar)) {
908 return 8;
909 } else {
910 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
911 // cf. 3DES=8, AES128=16
912 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
913 }
914 }
915
916 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
917 {
918 struct Mac *mac;
919
920 if (SSHv1(pvar)) {
921 return 0;
922
923 } else { // for SSH2(yutaka)
924 mac = &pvar->ssh2_keys[MODE_IN].mac;
925 if (mac == NULL || mac->enabled == 0)
926 return 0;
927
928 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
929 }
930
931 }
932
933 // HMAC������
934 // ���{������ SSH2 �������g�p�������B
935 // (2004.12.17 yutaka)
936 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
937 char FAR * data, int len, char FAR * MAC)
938 {
939 HMAC_CTX c;
940 unsigned char m[EVP_MAX_MD_SIZE];
941 unsigned char b[4];
942 struct Mac *mac;
943
944 mac = &pvar->ssh2_keys[MODE_IN].mac;
945
946 // HMAC�������L���������������A����OK�����������B
947 if (mac == NULL || mac->enabled == 0)
948 return TRUE;
949
950 if (mac->key == NULL)
951 goto error;
952
953 if ((u_int)mac->mac_len > sizeof(m))
954 goto error;
955
956 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
957 set_uint32_MSBfirst(b, sequence_number);
958 HMAC_Update(&c, b, sizeof(b));
959 HMAC_Update(&c, data, len);
960 HMAC_Final(&c, m, NULL);
961 HMAC_cleanup(&c);
962
963 if (memcmp(m, MAC, mac->mac_len)) {
964 goto error;
965 }
966
967 return TRUE;
968
969 error:
970 return FALSE;
971 }
972
973 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
974 {
975 struct Mac *mac;
976
977 if (SSHv2(pvar)) { // for SSH2(yutaka)
978 mac = &pvar->ssh2_keys[MODE_OUT].mac;
979 if (mac == NULL || mac->enabled == 0)
980 return 0;
981
982 return (mac->mac_len);
983 }
984
985 return 0;
986 }
987
988 // for SSH2
989 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
990 char FAR * data, int len, char FAR * MAC)
991 {
992 HMAC_CTX c;
993 static u_char m[EVP_MAX_MD_SIZE];
994 u_char b[4];
995 struct Mac *mac;
996
997 if (SSHv2(pvar)) { // for SSH2(yutaka)
998 mac = &pvar->ssh2_keys[MODE_OUT].mac;
999 if (mac == NULL || mac->enabled == 0)
1000 return FALSE;
1001
1002 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1003 set_uint32_MSBfirst(b, sequence_number);
1004 HMAC_Update(&c, b, sizeof(b));
1005 HMAC_Update(&c, data, len);
1006 HMAC_Final(&c, m, NULL);
1007 HMAC_cleanup(&c);
1008
1009 // 20�o�C�g�������R�s�[
1010 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1011 // memcpy(MAC, m, sizeof(m));
1012
1013 return TRUE;
1014 }
1015
1016 return TRUE;
1017
1018 }
1019
1020 static int choose_cipher(PTInstVar pvar, int supported)
1021 {
1022 int i;
1023
1024 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1025 int cipher = pvar->session_settings.CipherOrder[i] - '0';
1026
1027 if (cipher == SSH_CIPHER_NONE) {
1028 break;
1029 } else if ((supported & (1 << cipher)) != 0) {
1030 return cipher;
1031 }
1032 }
1033
1034 return SSH_CIPHER_NONE;
1035 }
1036
1037 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1038 {
1039 if (SSHv1(pvar)) {
1040 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1041 pvar->crypt_state.
1042 supported_sender_ciphers);
1043 pvar->crypt_state.receiver_cipher =
1044 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1045
1046 } else { // SSH2(yutaka)
1047 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1048 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1049
1050 }
1051
1052 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1053 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1054 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
1055 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1056 "To communicate with this server, you will have to enable some more ciphers\n"
1057 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1058 "This connection will now close.");
1059 notify_fatal_error(pvar, pvar->ts->UIMsg);
1060 return FALSE;
1061 } else {
1062 return TRUE;
1063 }
1064 }
1065
1066 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1067 {
1068 int server_key_bits =
1069 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1070 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1071 int server_key_bytes = (server_key_bits + 7) / 8;
1072 int host_key_bytes = (host_key_bits + 7) / 8;
1073
1074 if (server_key_bits < host_key_bits) {
1075 return host_key_bytes;
1076 } else {
1077 return server_key_bytes;
1078 }
1079 }
1080
1081 int CRYPT_choose_session_key(PTInstVar pvar,
1082 unsigned char FAR * encrypted_key_buf)
1083 {
1084 int server_key_bits =
1085 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1086 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1087 int server_key_bytes = (server_key_bits + 7) / 8;
1088 int host_key_bytes = (host_key_bits + 7) / 8;
1089 int encrypted_key_bytes;
1090 int bit_delta;
1091
1092 if (server_key_bits < host_key_bits) {
1093 encrypted_key_bytes = host_key_bytes;
1094 bit_delta = host_key_bits - server_key_bits;
1095 } else {
1096 encrypted_key_bytes = server_key_bytes;
1097 bit_delta = server_key_bits - host_key_bits;
1098 }
1099
1100 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1101 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1102 "Server RSA keys are too weak. A secure connection cannot be established.");
1103 notify_fatal_error(pvar, pvar->ts->UIMsg);
1104 return 0;
1105 } else {
1106 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1107 for the session ID, rather than the one specified in the RFC */
1108 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1109 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1110 char session_id[16];
1111 int i;
1112
1113 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1114 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1115 session_buf + host_key_bytes);
1116 memcpy(session_buf + server_key_bytes + host_key_bytes,
1117 pvar->crypt_state.server_cookie, 8);
1118 MD5(session_buf, session_buf_len, session_id);
1119
1120 free(session_buf);
1121
1122 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1123 SSH_SESSION_KEY_LENGTH);
1124 memcpy(pvar->crypt_state.receiver_cipher_key,
1125 pvar->crypt_state.sender_cipher_key,
1126 SSH_SESSION_KEY_LENGTH);
1127
1128 memcpy(encrypted_key_buf + encrypted_key_bytes -
1129 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1130 SSH_SESSION_KEY_LENGTH);
1131 for (i = 0; i < sizeof(session_id); i++) {
1132 encrypted_key_buf[encrypted_key_bytes -
1133 SSH_SESSION_KEY_LENGTH + i]
1134 ^= session_id[i];
1135 }
1136
1137 if (host_key_bits > server_key_bits) {
1138 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1139 encrypted_key_buf +
1140 encrypted_key_bytes -
1141 SSH_SESSION_KEY_LENGTH,
1142 encrypted_key_buf +
1143 encrypted_key_bytes - server_key_bytes,
1144 pvar->crypt_state.server_key.RSA_key,
1145 RSA_PKCS1_PADDING) < 0)
1146 return 0;
1147
1148 if (RSA_public_encrypt(server_key_bytes,
1149 encrypted_key_buf +
1150 encrypted_key_bytes - server_key_bytes,
1151 encrypted_key_buf,
1152 pvar->crypt_state.host_key.RSA_key,
1153 RSA_PKCS1_PADDING) < 0)
1154 return 0;
1155 } else {
1156 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1157 encrypted_key_buf +
1158 encrypted_key_bytes -
1159 SSH_SESSION_KEY_LENGTH,
1160 encrypted_key_buf +
1161 encrypted_key_bytes - host_key_bytes,
1162 pvar->crypt_state.host_key.RSA_key,
1163 RSA_PKCS1_PADDING) < 0)
1164 return 0;
1165
1166 if (RSA_public_encrypt(host_key_bytes,
1167 encrypted_key_buf +
1168 encrypted_key_bytes - host_key_bytes,
1169 encrypted_key_buf,
1170 pvar->crypt_state.server_key.RSA_key,
1171 RSA_PKCS1_PADDING) < 0)
1172 return 0;
1173 }
1174 }
1175
1176 return 1;
1177 }
1178
1179 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1180 unsigned char FAR * challenge,
1181 int challenge_len,
1182 unsigned char FAR * response)
1183 {
1184 int server_key_bits =
1185 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1186 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1187 int server_key_bytes = (server_key_bits + 7) / 8;
1188 int host_key_bytes = (host_key_bits + 7) / 8;
1189 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1190 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1191 char decrypted_challenge[48];
1192 int decrypted_challenge_len;
1193
1194 decrypted_challenge_len =
1195 RSA_private_decrypt(challenge_len, challenge, challenge,
1196 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1197 RSA_PKCS1_PADDING);
1198 if (decrypted_challenge_len < 0) {
1199 free(session_buf);
1200 return 0;
1201 }
1202 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1203 memcpy(decrypted_challenge,
1204 challenge + decrypted_challenge_len -
1205 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1206 } else {
1207 memset(decrypted_challenge, 0,
1208 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1209 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1210 decrypted_challenge_len, challenge,
1211 decrypted_challenge_len);
1212 }
1213
1214 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1215 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1216 session_buf + host_key_bytes);
1217 memcpy(session_buf + server_key_bytes + host_key_bytes,
1218 pvar->crypt_state.server_cookie, 8);
1219 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1220
1221 free(session_buf);
1222
1223 MD5(decrypted_challenge, 48, response);
1224
1225 return 1;
1226 }
1227
1228 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1229 {
1230 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1231 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1232 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1233 memset(state->ivec1, 0, 8);
1234 memset(state->ivec2, 0, 8);
1235 memset(state->ivec3, 0, 8);
1236 }
1237
1238 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1239 {
1240 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1241 memset(state->ivec, 0, 8);
1242 }
1243
1244 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1245 {
1246 idea_set_encrypt_key(session_key, &state->k);
1247 memset(state->ivec, 0, 8);
1248 }
1249
1250 static void cBlowfish_init(char FAR * session_key,
1251 CipherBlowfishState FAR * state)
1252 {
1253 BF_set_key(&state->k, 32, session_key);
1254 memset(state->ivec, 0, 8);
1255 }
1256
1257
1258 //
1259 // SSH2�p�A���S���Y����������
1260 //
1261 // for SSH2(yutaka)
1262 //
1263 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1264 const u_char *key, u_int keylen,
1265 const u_char *iv, u_int ivlen,
1266 int encrypt,
1267 const EVP_CIPHER *type,
1268 int discard_len,
1269 PTInstVar pvar)
1270 {
1271 int klen;
1272 char tmp[80];
1273 unsigned char *junk = NULL, *discard = NULL;
1274
1275 EVP_CIPHER_CTX_init(evp);
1276 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1277 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1278 "Cipher initialize error(%d)");
1279 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1280 notify_fatal_error(pvar, tmp);
1281 return;
1282 }
1283
1284 klen = EVP_CIPHER_CTX_key_length(evp);
1285 if (klen > 0 && keylen != klen) {
1286 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1287 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1288 "Cipher initialize error(%d)");
1289 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1290 notify_fatal_error(pvar, tmp);
1291 return;
1292 }
1293 }
1294 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1295 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1296 "Cipher initialize error(%d)");
1297 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1298 notify_fatal_error(pvar, tmp);
1299 return;
1300 }
1301
1302 if (discard_len > 0) {
1303 junk = malloc(discard_len);
1304 discard = malloc(discard_len);
1305 if (junk == NULL || discard == NULL ||
1306 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1307 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1308 "Cipher initialize error(%d)");
1309 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1310 pvar->ts->UIMsg, 3);
1311 notify_fatal_error(pvar, tmp);
1312 }
1313 else {
1314 memset(discard, 0, discard_len);
1315 }
1316 free(junk);
1317 free(discard);
1318 }
1319 }
1320
1321
1322 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1323 {
1324 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1325 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1326 BOOL isOK = TRUE;
1327
1328 if (sender_flag) {
1329 switch (pvar->crypt_state.sender_cipher) {
1330 // for SSH2(yutaka)
1331 case SSH2_CIPHER_3DES_CBC:
1332 {
1333 struct Enc *enc;
1334
1335 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1336 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1337 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1338 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1339 CIPHER_ENCRYPT,
1340 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1341 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1342 pvar);
1343
1344 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1345 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1346
1347 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1348 break;
1349 }
1350
1351 // for SSH2(yutaka)
1352 case SSH2_CIPHER_AES128_CBC:
1353 case SSH2_CIPHER_AES192_CBC:
1354 case SSH2_CIPHER_AES256_CBC:
1355 case SSH2_CIPHER_AES128_CTR:
1356 case SSH2_CIPHER_AES192_CTR:
1357 case SSH2_CIPHER_AES256_CTR:
1358 {
1359 struct Enc *enc;
1360
1361 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1362 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1363 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1364 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1365 CIPHER_ENCRYPT,
1366 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1367 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1368 pvar);
1369
1370 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1371 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1372
1373 pvar->crypt_state.encrypt = cAES128_encrypt;
1374 break;
1375 }
1376
1377 case SSH2_CIPHER_BLOWFISH_CBC:
1378 {
1379 struct Enc *enc;
1380
1381 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1382 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1383 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1384 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1385 CIPHER_ENCRYPT,
1386 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1387 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1388 pvar);
1389
1390 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1391 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1392
1393 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1394 break;
1395 }
1396
1397 case SSH2_CIPHER_ARCFOUR:
1398 case SSH2_CIPHER_ARCFOUR128:
1399 case SSH2_CIPHER_ARCFOUR256:
1400 {
1401 struct Enc *enc;
1402
1403 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1404 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1405 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1406 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1407 CIPHER_ENCRYPT,
1408 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1409 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1410 pvar);
1411 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1412 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1413
1414 pvar->crypt_state.encrypt = cArcfour_encrypt;
1415 break;
1416 }
1417
1418 case SSH2_CIPHER_CAST128_CBC:
1419 {
1420 struct Enc *enc;
1421
1422 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1423 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1424 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1425 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1426 CIPHER_ENCRYPT,
1427 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1428 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1429 pvar);
1430 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1431 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1432
1433 pvar->crypt_state.encrypt = cCast128_encrypt;
1434 break;
1435 }
1436
1437 case SSH_CIPHER_3DES:{
1438 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1439 pvar->crypt_state.encrypt = c3DES_encrypt;
1440 break;
1441 }
1442 case SSH_CIPHER_IDEA:{
1443 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1444 pvar->crypt_state.encrypt = cIDEA_encrypt;
1445 break;
1446 }
1447 case SSH_CIPHER_DES:{
1448 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1449 pvar->crypt_state.encrypt = cDES_encrypt;
1450 break;
1451 }
1452 case SSH_CIPHER_RC4:{
1453 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1454 encryption_key + 16);
1455 pvar->crypt_state.encrypt = cRC4_encrypt;
1456 break;
1457 }
1458 case SSH_CIPHER_BLOWFISH:{
1459 cBlowfish_init(encryption_key,
1460 &pvar->crypt_state.enc.cBlowfish);
1461 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1462 break;
1463 }
1464 default:
1465 isOK = FALSE;
1466 }
1467 }
1468
1469
1470 if (receiver_flag) {
1471 switch (pvar->crypt_state.receiver_cipher) {
1472 // for SSH2(yutaka)
1473 case SSH2_CIPHER_3DES_CBC:
1474 {
1475 struct Enc *enc;
1476
1477 enc = &pvar->ssh2_keys[MODE_IN].enc;
1478 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1479 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1480 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1481 CIPHER_DECRYPT,
1482 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1483 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1484 pvar);
1485
1486 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1487 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1488
1489 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1490 break;
1491 }
1492
1493 // for SSH2(yutaka)
1494 case SSH2_CIPHER_AES128_CBC:
1495 case SSH2_CIPHER_AES192_CBC:
1496 case SSH2_CIPHER_AES256_CBC:
1497 case SSH2_CIPHER_AES128_CTR:
1498 case SSH2_CIPHER_AES192_CTR:
1499 case SSH2_CIPHER_AES256_CTR:
1500 {
1501 struct Enc *enc;
1502
1503 enc = &pvar->ssh2_keys[MODE_IN].enc;
1504 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1505 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1506 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1507 CIPHER_DECRYPT,
1508 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1509 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1510 pvar);
1511
1512 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1513 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1514
1515 pvar->crypt_state.decrypt = cAES128_decrypt;
1516 break;
1517 }
1518
1519 case SSH2_CIPHER_BLOWFISH_CBC:
1520 {
1521 struct Enc *enc;
1522
1523 enc = &pvar->ssh2_keys[MODE_IN].enc;
1524 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1525 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1526 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1527 CIPHER_DECRYPT,
1528 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1529 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1530 pvar);
1531
1532 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1533 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1534
1535 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1536 break;
1537 }
1538
1539 case SSH2_CIPHER_ARCFOUR:
1540 case SSH2_CIPHER_ARCFOUR128:
1541 case SSH2_CIPHER_ARCFOUR256:
1542 {
1543 struct Enc *enc;
1544
1545 enc = &pvar->ssh2_keys[MODE_IN].enc;
1546 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1547 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1548 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1549 CIPHER_DECRYPT,
1550 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1551 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1552 pvar);
1553
1554 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1555 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1556
1557 pvar->crypt_state.decrypt = cArcfour_decrypt;
1558 break;
1559 }
1560
1561 case SSH2_CIPHER_CAST128_CBC:
1562 {
1563 struct Enc *enc;
1564
1565 enc = &pvar->ssh2_keys[MODE_IN].enc;
1566 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1567 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1568 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1569 CIPHER_DECRYPT,
1570 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1571 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1572 pvar);
1573
1574 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1575 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1576
1577 pvar->crypt_state.decrypt = cCast128_decrypt;
1578 break;
1579 }
1580
1581 case SSH_CIPHER_3DES:{
1582 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1583 pvar->crypt_state.decrypt = c3DES_decrypt;
1584 break;
1585 }
1586 case SSH_CIPHER_IDEA:{
1587 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1588 pvar->crypt_state.decrypt = cIDEA_decrypt;
1589 break;
1590 }
1591 case SSH_CIPHER_DES:{
1592 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1593 pvar->crypt_state.decrypt = cDES_decrypt;
1594 break;
1595 }
1596 case SSH_CIPHER_RC4:{
1597 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1598 pvar->crypt_state.decrypt = cRC4_decrypt;
1599 break;
1600 }
1601 case SSH_CIPHER_BLOWFISH:{
1602 cBlowfish_init(decryption_key,
1603 &pvar->crypt_state.dec.cBlowfish);
1604 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1605 break;
1606 }
1607 default:
1608 isOK = FALSE;
1609 }
1610 }
1611
1612
1613 if (!isOK) {
1614 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1615 "No cipher selected!");
1616 notify_fatal_error(pvar, pvar->ts->UIMsg);
1617 return FALSE;
1618 } else {
1619 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1620 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1621 return TRUE;
1622 }
1623 }
1624
1625 void CRYPT_init(PTInstVar pvar)
1626 {
1627 pvar->crypt_state.encrypt = no_encrypt;
1628 pvar->crypt_state.decrypt = no_encrypt;
1629 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1630 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1631 pvar->crypt_state.server_key.RSA_key = NULL;
1632 pvar->crypt_state.host_key.RSA_key = NULL;
1633
1634 pvar->crypt_state.detect_attack_statics.h = NULL;
1635 pvar->crypt_state.detect_attack_statics.n =
1636 HASH_MINSIZE / HASH_ENTRYSIZE;
1637 }
1638
1639 static char FAR *get_cipher_name(int cipher)
1640 {
1641 switch (cipher) {
1642 case SSH_CIPHER_NONE:
1643 return "None";
1644 case SSH_CIPHER_3DES:
1645 return "3DES (168 key bits)";
1646 case SSH_CIPHER_DES:
1647 return "DES (56 key bits)";
1648 case SSH_CIPHER_IDEA:
1649 return "IDEA (128 key bits)";
1650 case SSH_CIPHER_RC4:
1651 return "RC4 (128 key bits)";
1652 case SSH_CIPHER_BLOWFISH:
1653 return "Blowfish (256 key bits)";
1654
1655 // SSH2
1656 case SSH2_CIPHER_3DES_CBC:
1657 return "3DES-CBC";
1658 case SSH2_CIPHER_AES128_CBC:
1659 return "AES128-CBC";
1660 case SSH2_CIPHER_AES192_CBC:
1661 return "AES192-CBC";
1662 case SSH2_CIPHER_AES256_CBC:
1663 return "AES256-CBC";
1664 case SSH2_CIPHER_BLOWFISH_CBC:
1665 return "Blowfish-CBC";
1666 case SSH2_CIPHER_AES128_CTR:
1667 return "AES128-CTR";
1668 case SSH2_CIPHER_AES192_CTR:
1669 return "AES192-CTR";
1670 case SSH2_CIPHER_AES256_CTR:
1671 return "AES256-CTR";
1672 case SSH2_CIPHER_ARCFOUR:
1673 return "Arcfour";
1674 case SSH2_CIPHER_ARCFOUR128:
1675 return "Arcfour128";
1676 case SSH2_CIPHER_ARCFOUR256:
1677 return "Arcfour256";
1678 case SSH2_CIPHER_CAST128_CBC:
1679 return "CAST-128-CBC";
1680
1681 default:
1682 return "Unknown";
1683 }
1684 }
1685
1686 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1687 {
1688 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1689 "%s to server, %s from server");
1690 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1691 get_cipher_name(pvar->crypt_state.sender_cipher),
1692 get_cipher_name(pvar->crypt_state.receiver_cipher));
1693 }
1694
1695 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1696 {
1697 if (SSHv1(pvar)) {
1698 if (pvar->crypt_state.server_key.RSA_key == NULL
1699 || pvar->crypt_state.host_key.RSA_key == NULL) {
1700 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1701 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1702 } else {
1703 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1704 "%d-bit server key, %d-bit host key");
1705 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1706 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1707 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1708 }
1709 } else { // SSH2
1710 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1711 "%d-bit server key, %d-bit host key");
1712 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1713 pvar->server_key_bits,
1714 pvar->client_key_bits);
1715 }
1716 }
1717
1718 static void destroy_public_key(CRYPTPublicKey FAR * key)
1719 {
1720 if (key->RSA_key != NULL) {
1721 RSA_free(key->RSA_key);
1722 key->RSA_key = NULL;
1723 }
1724 }
1725
1726 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1727 {
1728 destroy_public_key(key);
1729 free(key);
1730 }
1731
1732 void CRYPT_end(PTInstVar pvar)
1733 {
1734 destroy_public_key(&pvar->crypt_state.host_key);
1735 destroy_public_key(&pvar->crypt_state.server_key);
1736
1737 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1738 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1739 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1740 free(pvar->crypt_state.detect_attack_statics.h);
1741 }
1742
1743 memset(pvar->crypt_state.sender_cipher_key, 0,
1744 sizeof(pvar->crypt_state.sender_cipher_key));
1745 memset(pvar->crypt_state.receiver_cipher_key, 0,
1746 sizeof(pvar->crypt_state.receiver_cipher_key));
1747 memset(pvar->crypt_state.server_cookie, 0,
1748 sizeof(pvar->crypt_state.server_cookie));
1749 memset(pvar->crypt_state.client_cookie, 0,
1750 sizeof(pvar->crypt_state.client_cookie));
1751 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1752 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1753 }
1754
1755 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1756 char FAR * buf, int bytes)
1757 {
1758 unsigned char passphrase_key[16];
1759
1760 MD5(passphrase, strlen(passphrase), passphrase_key);
1761
1762 switch (cipher) {
1763 case SSH_CIPHER_3DES:{
1764 Cipher3DESState state;
1765
1766 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1767 &state.k1);
1768 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1769 &state.k2);
1770 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1771 &state.k3);
1772 memset(state.ivec1, 0, 8);
1773 memset(state.ivec2, 0, 8);
1774 memset(state.ivec3, 0, 8);
1775 DES_ncbc_encrypt(buf, buf, bytes,
1776 &state.k3, &state.ivec3, DES_DECRYPT);
1777 DES_ncbc_encrypt(buf, buf, bytes,
1778 &state.k2, &state.ivec2, DES_ENCRYPT);
1779 DES_ncbc_encrypt(buf, buf, bytes,
1780 &state.k1, &state.ivec1, DES_DECRYPT);
1781 break;
1782 }
1783
1784 case SSH_CIPHER_IDEA:{
1785 CipherIDEAState state;
1786 int num = 0;
1787
1788 cIDEA_init(passphrase_key, &state);
1789 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1790 &num, IDEA_DECRYPT);
1791 break;
1792 }
1793
1794 case SSH_CIPHER_DES:{
1795 CipherDESState state;
1796
1797 cDES_init(passphrase_key, &state);
1798 DES_ncbc_encrypt(buf, buf, bytes,
1799 &state.k, &state.ivec, DES_DECRYPT);
1800 break;
1801 }
1802
1803 case SSH_CIPHER_RC4:{
1804 CipherRC4State state;
1805 int num = 0;
1806
1807 RC4_set_key(&state.k, 16, passphrase_key);
1808 RC4(&state.k, bytes, buf, buf);
1809 break;
1810 }
1811
1812 case SSH_CIPHER_BLOWFISH:{
1813 CipherBlowfishState state;
1814
1815 BF_set_key(&state.k, 16, passphrase_key);
1816 memset(state.ivec, 0, 8);
1817 flip_endianness(buf, bytes);
1818 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1819 BF_DECRYPT);
1820 flip_endianness(buf, bytes);
1821 break;
1822 }
1823
1824 case SSH_CIPHER_NONE:
1825 break;
1826
1827 default:
1828 memset(passphrase_key, 0, sizeof(passphrase_key));
1829 return 0;
1830 }
1831
1832 memset(passphrase_key, 0, sizeof(passphrase_key));
1833 return 1;
1834 }
1835
1836 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1837 {
1838 if (key_pair->RSA_key != NULL)
1839 RSA_free(key_pair->RSA_key);
1840
1841 if (key_pair->DSA_key != NULL)
1842 DSA_free(key_pair->DSA_key);
1843
1844 free(key_pair);
1845 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help