Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3850 - (show annotations) (download) (as text)
Mon Apr 12 08:29:53 2010 UTC (14 years ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 56578 byte(s) 
3DES-CTR, BLOWFISH-CTR, CAST128-CTR 共通鍵暗号方式をサポート。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
226 if (bytes == 0)
227 goto error;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128/192/256 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128/192/256 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 unsigned char *newbuf = malloc(bytes);
270 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271
272 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
273 if (bytes == 0)
274 goto error;
275
276 if (newbuf == NULL)
277 return;
278
279 if (bytes % block_size) {
280 char tmp[80];
281 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 "AES128/192/256 decrypt error(1): bytes %d (%d)");
283 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 notify_fatal_error(pvar, tmp);
285 goto error;
286 }
287
288 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128/192/256 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 goto error;
293
294 } else {
295 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 unsigned char *newbuf = malloc(bytes);
319 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320
321 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
322 if (bytes == 0)
323 goto error;
324
325 if (newbuf == NULL)
326 return;
327
328 if (bytes % block_size) {
329 char tmp[80];
330 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331 "3DES-CBC encrypt error(1): bytes %d (%d)");
332 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333 pvar->ts->UIMsg, bytes, block_size);
334 notify_fatal_error(pvar, tmp);
335 goto error;
336 }
337
338 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340 "3DES-CBC encrypt error(2)");
341 notify_fatal_error(pvar, pvar->ts->UIMsg);
342 goto error;
343
344 } else {
345 //unsigned char key[24], iv[8];
346 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
348 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349
350 //debug_print(50, key, 24);
351 //debug_print(51, iv, 8);
352 //debug_print(52, buf, bytes);
353 //debug_print(53, newbuf, bytes);
354
355 memcpy(buf, newbuf, bytes);
356 }
357
358 error:
359 free(newbuf);
360 }
361
362 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367
368 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
369 if (bytes == 0)
370 goto error;
371
372 if (newbuf == NULL)
373 return;
374
375 if (bytes % block_size) {
376 char tmp[80];
377 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378 "3DES-CBC decrypt error(1): bytes %d (%d)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380 notify_fatal_error(pvar, tmp);
381 goto error;
382 }
383
384 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386 "3DES-CBC decrypt error(2)");
387 notify_fatal_error(pvar, pvar->ts->UIMsg);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414
415 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
416 if (bytes == 0)
417 goto error;
418
419 if (newbuf == NULL)
420 return;
421
422 if (bytes % block_size) {
423 char tmp[80];
424 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425 "Blowfish encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427 pvar->ts->UIMsg, bytes, block_size);
428 notify_fatal_error(pvar, tmp);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434 "Blowfish encrypt error(2)");
435 notify_fatal_error(pvar, pvar->ts->UIMsg);
436 goto error;
437
438 } else {
439 memcpy(buf, newbuf, bytes);
440
441 }
442
443 error:
444 free(newbuf);
445 }
446
447 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448 int bytes)
449 {
450 unsigned char *newbuf = malloc(bytes);
451 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452
453 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
454 if (bytes == 0)
455 goto error;
456
457 if (newbuf == NULL)
458 return;
459
460 if (bytes % block_size) {
461 char tmp[80];
462 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463 "Blowfish decrypt error(1): bytes %d (%d)");
464 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465 notify_fatal_error(pvar, tmp);
466 goto error;
467 }
468
469 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471 "Blowfish decrypt error(2)");
472 notify_fatal_error(pvar, pvar->ts->UIMsg);
473 goto error;
474
475 } else {
476 memcpy(buf, newbuf, bytes);
477
478 }
479
480 error:
481 free(newbuf);
482 }
483
484 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
485 int bytes)
486 {
487 unsigned char *newbuf = malloc(bytes);
488 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
489
490 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
491 if (bytes == 0)
492 goto error;
493
494 if (newbuf == NULL)
495 return;
496
497 if (bytes % block_size) {
498 char tmp[80];
499 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR1", pvar,
500 "Arcfour encrypt error(1): bytes %d (%d)");
501 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
502 pvar->ts->UIMsg, bytes, block_size);
503 notify_fatal_error(pvar, tmp);
504 goto error;
505 }
506
507 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
508 UTIL_get_lang_msg("MSG_ARCFOUR_ENCRYPT_ERROR2", pvar,
509 "Arcfour encrypt error(2)");
510 notify_fatal_error(pvar, pvar->ts->UIMsg);
511 goto error;
512
513 } else {
514 memcpy(buf, newbuf, bytes);
515
516 }
517
518 error:
519 free(newbuf);
520 }
521
522 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
523 int bytes)
524 {
525 unsigned char *newbuf = malloc(bytes);
526 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
527
528 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
529 if (bytes == 0)
530 goto error;
531
532 if (newbuf == NULL)
533 return;
534
535 if (bytes % block_size) {
536 char tmp[80];
537 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR1", pvar,
538 "Arcfour decrypt error(1): bytes %d (%d)");
539 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
540 notify_fatal_error(pvar, tmp);
541 goto error;
542 }
543
544 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
545 UTIL_get_lang_msg("MSG_ARCFOUR_DECRYPT_ERROR2", pvar,
546 "Arcfour decrypt error(2)");
547 notify_fatal_error(pvar, pvar->ts->UIMsg);
548 goto error;
549
550 } else {
551 memcpy(buf, newbuf, bytes);
552
553 }
554
555 error:
556 free(newbuf);
557 }
558
559 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
560 int bytes)
561 {
562 unsigned char *newbuf = malloc(bytes);
563 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
564
565 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
566 if (bytes == 0)
567 goto error;
568
569 if (newbuf == NULL)
570 return;
571
572 if (bytes % block_size) {
573 char tmp[80];
574 UTIL_get_lang_msg("MSG_CAST128_ENCRYPT_ERROR1", pvar,
575 "CAST128 encrypt error(1): bytes %d (%d)");
576 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
577 pvar->ts->UIMsg, bytes, block_size);
578 notify_fatal_error(pvar, tmp);
579 goto error;
580 }
581
582 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
583 UTIL_get_lang_msg("MSG_CAST128_ENCRYPT_ERROR2", pvar,
584 "CAST128 encrypt error(2)");
585 notify_fatal_error(pvar, pvar->ts->UIMsg);
586 goto error;
587
588 } else {
589 memcpy(buf, newbuf, bytes);
590
591 }
592
593 error:
594 free(newbuf);
595 }
596
597 static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
598 int bytes)
599 {
600 unsigned char *newbuf = malloc(bytes);
601 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
602
603 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
604 if (bytes == 0)
605 goto error;
606
607 if (newbuf == NULL)
608 return;
609
610 if (bytes % block_size) {
611 char tmp[80];
612 UTIL_get_lang_msg("MSG_CAST128_DECRYPT_ERROR1", pvar,
613 "CAST128 decrypt error(1): bytes %d (%d)");
614 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
615 notify_fatal_error(pvar, tmp);
616 goto error;
617 }
618
619 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
620 UTIL_get_lang_msg("MSG_CAST128_DECRYPT_ERROR2", pvar,
621 "CAST128 decrypt error(2)");
622 notify_fatal_error(pvar, pvar->ts->UIMsg);
623 goto error;
624
625 } else {
626 memcpy(buf, newbuf, bytes);
627
628 }
629
630 error:
631 free(newbuf);
632 }
633
634
635
636 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
637 int bytes)
638 {
639 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
640
641 DES_ncbc_encrypt(buf, buf, bytes,
642 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
643 DES_ncbc_encrypt(buf, buf, bytes,
644 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
645 DES_ncbc_encrypt(buf, buf, bytes,
646 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
647 }
648
649 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
650 int bytes)
651 {
652 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
653
654 DES_ncbc_encrypt(buf, buf, bytes,
655 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
656 DES_ncbc_encrypt(buf, buf, bytes,
657 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
658 DES_ncbc_encrypt(buf, buf, bytes,
659 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
660 }
661
662 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
663 int bytes)
664 {
665 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
666
667 DES_ncbc_encrypt(buf, buf, bytes,
668 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
669 }
670
671 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
672 int bytes)
673 {
674 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
675
676 DES_ncbc_encrypt(buf, buf, bytes,
677 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
678 }
679
680 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
681 int bytes)
682 {
683 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
684 int num = 0;
685
686 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
687 encryptstate->ivec, &num, IDEA_ENCRYPT);
688 }
689
690 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
691 int bytes)
692 {
693 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
694 int num = 0;
695
696 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
697 decryptstate->ivec, &num, IDEA_DECRYPT);
698 }
699
700 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
701 {
702 uint32 FAR *buf = (uint32 FAR *) cbuf;
703 int count = bytes / 4;
704
705 while (count > 0) {
706 uint32 w = *buf;
707
708 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
709 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
710 count--;
711 buf++;
712 }
713 }
714
715 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
716 int bytes)
717 {
718 CipherBlowfishState FAR *encryptstate =
719 &pvar->crypt_state.enc.cBlowfish;
720
721 flip_endianness(buf, bytes);
722 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
723 BF_ENCRYPT);
724 flip_endianness(buf, bytes);
725 }
726
727 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
728 int bytes)
729 {
730 CipherBlowfishState FAR *decryptstate =
731 &pvar->crypt_state.dec.cBlowfish;
732
733 flip_endianness(buf, bytes);
734 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
735 BF_DECRYPT);
736 flip_endianness(buf, bytes);
737 }
738
739 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
740 int bytes)
741 {
742 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
743 int num = 0;
744
745 RC4(&encryptstate->k, bytes, buf, buf);
746 }
747
748 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
749 int bytes)
750 {
751 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
752 int num = 0;
753
754 RC4(&decryptstate->k, bytes, buf, buf);
755 }
756
757 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
758 int bytes)
759 {
760 RAND_bytes(buf, bytes);
761 }
762
763 void CRYPT_initialize_random_numbers(PTInstVar pvar)
764 {
765 RAND_screen();
766 }
767
768 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
769 {
770 int bits = get_ushort16_MSBfirst(bytes);
771
772 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
773 }
774
775 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
776 RSA FAR *make_key(PTInstVar pvar,
777 int bits, unsigned char FAR * exp,
778 unsigned char FAR * mod)
779 {
780 RSA FAR *key = RSA_new();
781
782 if (key != NULL) {
783 key->e = get_bignum(exp);
784 key->n = get_bignum(mod);
785 }
786
787 if (key == NULL || key->e == NULL || key->n == NULL) {
788 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
789 "Error setting up RSA keys");
790 notify_fatal_error(pvar, pvar->ts->UIMsg);
791
792 if (key != NULL) {
793 if (key->e != NULL) {
794 BN_free(key->e);
795 }
796 if (key->n != NULL) {
797 BN_free(key->n);
798 }
799 RSA_free(key);
800 }
801
802 return NULL;
803 } else {
804 return key;
805 }
806 }
807
808 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
809 {
810 if (SSHv1(pvar)) {
811 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
812 } else {
813 memcpy(pvar->crypt_state.server_cookie, cookie,
814 SSH2_COOKIE_LENGTH);
815 }
816 }
817
818 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
819 {
820 if (SSHv2(pvar)) {
821 memcpy(pvar->crypt_state.client_cookie, cookie,
822 SSH2_COOKIE_LENGTH);
823 }
824 }
825
826 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
827 int bits, unsigned char FAR * exp,
828 unsigned char FAR * mod)
829 {
830 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
831
832 return pvar->crypt_state.server_key.RSA_key != NULL;
833 }
834
835 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
836 int bits, unsigned char FAR * exp,
837 unsigned char FAR * mod)
838 {
839 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
840
841 return pvar->crypt_state.host_key.RSA_key != NULL;
842 }
843
844 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
845 int receiver_ciphers)
846 {
847 int cipher_mask;
848
849 if (SSHv1(pvar)) {
850 cipher_mask = (1 << SSH_CIPHER_DES)
851 | (1 << SSH_CIPHER_3DES)
852 | (1 << SSH_CIPHER_BLOWFISH);
853
854 } else { // for SSH2(yutaka)
855 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
856 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
857 | (1 << SSH2_CIPHER_AES128_CBC)
858 | (1 << SSH2_CIPHER_AES192_CBC)
859 | (1 << SSH2_CIPHER_AES256_CBC)
860 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
861 | (1 << SSH2_CIPHER_AES128_CTR)
862 | (1 << SSH2_CIPHER_AES192_CTR)
863 | (1 << SSH2_CIPHER_AES256_CTR)
864 | (1 << SSH2_CIPHER_ARCFOUR)
865 | (1 << SSH2_CIPHER_ARCFOUR128)
866 | (1 << SSH2_CIPHER_ARCFOUR256)
867 | (1 << SSH2_CIPHER_CAST128_CBC)
868 | (1 << SSH2_CIPHER_3DES_CTR)
869 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
870 | (1 << SSH2_CIPHER_CAST128_CTR);
871 }
872
873 sender_ciphers &= cipher_mask;
874 receiver_ciphers &= cipher_mask;
875 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
876 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
877
878 if (sender_ciphers == 0) {
879 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
880 "The server does not support any of the TTSSH encryption algorithms.\n"
881 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
882 "The connection will be closed.");
883 notify_fatal_error(pvar, pvar->ts->UIMsg);
884 return FALSE;
885 } else if (receiver_ciphers == 0) {
886 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
887 "The server does not support any of the TTSSH encryption algorithms.\n"
888 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
889 "The connection will be closed.");
890 notify_fatal_error(pvar, pvar->ts->UIMsg);
891 return FALSE;
892 } else {
893 return TRUE;
894 }
895 }
896
897 int CRYPT_get_decryption_block_size(PTInstVar pvar)
898 {
899 if (SSHv1(pvar)) {
900 return 8;
901 } else {
902 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
903 // cf. 3DES=8, AES128=16
904 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
905 }
906 }
907
908 int CRYPT_get_encryption_block_size(PTInstVar pvar)
909 {
910 if (SSHv1(pvar)) {
911 return 8;
912 } else {
913 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
914 // cf. 3DES=8, AES128=16
915 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
916 }
917 }
918
919 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
920 {
921 struct Mac *mac;
922
923 if (SSHv1(pvar)) {
924 return 0;
925
926 } else { // for SSH2(yutaka)
927 mac = &pvar->ssh2_keys[MODE_IN].mac;
928 if (mac == NULL || mac->enabled == 0)
929 return 0;
930
931 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
932 }
933
934 }
935
936 // HMAC������
937 // ���{������ SSH2 �������g�p�������B
938 // (2004.12.17 yutaka)
939 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
940 char FAR * data, int len, char FAR * MAC)
941 {
942 HMAC_CTX c;
943 unsigned char m[EVP_MAX_MD_SIZE];
944 unsigned char b[4];
945 struct Mac *mac;
946
947 mac = &pvar->ssh2_keys[MODE_IN].mac;
948
949 // HMAC�������L���������������A����OK�����������B
950 if (mac == NULL || mac->enabled == 0)
951 return TRUE;
952
953 if (mac->key == NULL)
954 goto error;
955
956 if ((u_int)mac->mac_len > sizeof(m))
957 goto error;
958
959 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
960 set_uint32_MSBfirst(b, sequence_number);
961 HMAC_Update(&c, b, sizeof(b));
962 HMAC_Update(&c, data, len);
963 HMAC_Final(&c, m, NULL);
964 HMAC_cleanup(&c);
965
966 if (memcmp(m, MAC, mac->mac_len)) {
967 goto error;
968 }
969
970 return TRUE;
971
972 error:
973 return FALSE;
974 }
975
976 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
977 {
978 struct Mac *mac;
979
980 if (SSHv2(pvar)) { // for SSH2(yutaka)
981 mac = &pvar->ssh2_keys[MODE_OUT].mac;
982 if (mac == NULL || mac->enabled == 0)
983 return 0;
984
985 return (mac->mac_len);
986 }
987
988 return 0;
989 }
990
991 // for SSH2
992 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
993 char FAR * data, int len, char FAR * MAC)
994 {
995 HMAC_CTX c;
996 static u_char m[EVP_MAX_MD_SIZE];
997 u_char b[4];
998 struct Mac *mac;
999
1000 if (SSHv2(pvar)) { // for SSH2(yutaka)
1001 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1002 if (mac == NULL || mac->enabled == 0)
1003 return FALSE;
1004
1005 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1006 set_uint32_MSBfirst(b, sequence_number);
1007 HMAC_Update(&c, b, sizeof(b));
1008 HMAC_Update(&c, data, len);
1009 HMAC_Final(&c, m, NULL);
1010 HMAC_cleanup(&c);
1011
1012 // 20�o�C�g�������R�s�[
1013 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1014 // memcpy(MAC, m, sizeof(m));
1015
1016 return TRUE;
1017 }
1018
1019 return TRUE;
1020
1021 }
1022
1023 static int choose_cipher(PTInstVar pvar, int supported)
1024 {
1025 int i;
1026
1027 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1028 int cipher = pvar->session_settings.CipherOrder[i] - '0';
1029
1030 if (cipher == SSH_CIPHER_NONE) {
1031 break;
1032 } else if ((supported & (1 << cipher)) != 0) {
1033 return cipher;
1034 }
1035 }
1036
1037 return SSH_CIPHER_NONE;
1038 }
1039
1040 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1041 {
1042 if (SSHv1(pvar)) {
1043 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1044 pvar->crypt_state.
1045 supported_sender_ciphers);
1046 pvar->crypt_state.receiver_cipher =
1047 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1048
1049 } else { // SSH2(yutaka)
1050 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1051 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1052
1053 }
1054
1055 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1056 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1057 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
1058 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1059 "To communicate with this server, you will have to enable some more ciphers\n"
1060 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1061 "This connection will now close.");
1062 notify_fatal_error(pvar, pvar->ts->UIMsg);
1063 return FALSE;
1064 } else {
1065 return TRUE;
1066 }
1067 }
1068
1069 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1070 {
1071 int server_key_bits =
1072 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1073 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1074 int server_key_bytes = (server_key_bits + 7) / 8;
1075 int host_key_bytes = (host_key_bits + 7) / 8;
1076
1077 if (server_key_bits < host_key_bits) {
1078 return host_key_bytes;
1079 } else {
1080 return server_key_bytes;
1081 }
1082 }
1083
1084 int CRYPT_choose_session_key(PTInstVar pvar,
1085 unsigned char FAR * encrypted_key_buf)
1086 {
1087 int server_key_bits =
1088 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1089 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1090 int server_key_bytes = (server_key_bits + 7) / 8;
1091 int host_key_bytes = (host_key_bits + 7) / 8;
1092 int encrypted_key_bytes;
1093 int bit_delta;
1094
1095 if (server_key_bits < host_key_bits) {
1096 encrypted_key_bytes = host_key_bytes;
1097 bit_delta = host_key_bits - server_key_bits;
1098 } else {
1099 encrypted_key_bytes = server_key_bytes;
1100 bit_delta = server_key_bits - host_key_bits;
1101 }
1102
1103 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1104 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1105 "Server RSA keys are too weak. A secure connection cannot be established.");
1106 notify_fatal_error(pvar, pvar->ts->UIMsg);
1107 return 0;
1108 } else {
1109 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1110 for the session ID, rather than the one specified in the RFC */
1111 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1112 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1113 char session_id[16];
1114 int i;
1115
1116 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1117 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1118 session_buf + host_key_bytes);
1119 memcpy(session_buf + server_key_bytes + host_key_bytes,
1120 pvar->crypt_state.server_cookie, 8);
1121 MD5(session_buf, session_buf_len, session_id);
1122
1123 free(session_buf);
1124
1125 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1126 SSH_SESSION_KEY_LENGTH);
1127 memcpy(pvar->crypt_state.receiver_cipher_key,
1128 pvar->crypt_state.sender_cipher_key,
1129 SSH_SESSION_KEY_LENGTH);
1130
1131 memcpy(encrypted_key_buf + encrypted_key_bytes -
1132 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1133 SSH_SESSION_KEY_LENGTH);
1134 for (i = 0; i < sizeof(session_id); i++) {
1135 encrypted_key_buf[encrypted_key_bytes -
1136 SSH_SESSION_KEY_LENGTH + i]
1137 ^= session_id[i];
1138 }
1139
1140 if (host_key_bits > server_key_bits) {
1141 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1142 encrypted_key_buf +
1143 encrypted_key_bytes -
1144 SSH_SESSION_KEY_LENGTH,
1145 encrypted_key_buf +
1146 encrypted_key_bytes - server_key_bytes,
1147 pvar->crypt_state.server_key.RSA_key,
1148 RSA_PKCS1_PADDING) < 0)
1149 return 0;
1150
1151 if (RSA_public_encrypt(server_key_bytes,
1152 encrypted_key_buf +
1153 encrypted_key_bytes - server_key_bytes,
1154 encrypted_key_buf,
1155 pvar->crypt_state.host_key.RSA_key,
1156 RSA_PKCS1_PADDING) < 0)
1157 return 0;
1158 } else {
1159 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1160 encrypted_key_buf +
1161 encrypted_key_bytes -
1162 SSH_SESSION_KEY_LENGTH,
1163 encrypted_key_buf +
1164 encrypted_key_bytes - host_key_bytes,
1165 pvar->crypt_state.host_key.RSA_key,
1166 RSA_PKCS1_PADDING) < 0)
1167 return 0;
1168
1169 if (RSA_public_encrypt(host_key_bytes,
1170 encrypted_key_buf +
1171 encrypted_key_bytes - host_key_bytes,
1172 encrypted_key_buf,
1173 pvar->crypt_state.server_key.RSA_key,
1174 RSA_PKCS1_PADDING) < 0)
1175 return 0;
1176 }
1177 }
1178
1179 return 1;
1180 }
1181
1182 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1183 unsigned char FAR * challenge,
1184 int challenge_len,
1185 unsigned char FAR * response)
1186 {
1187 int server_key_bits =
1188 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1189 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1190 int server_key_bytes = (server_key_bits + 7) / 8;
1191 int host_key_bytes = (host_key_bits + 7) / 8;
1192 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1193 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1194 char decrypted_challenge[48];
1195 int decrypted_challenge_len;
1196
1197 decrypted_challenge_len =
1198 RSA_private_decrypt(challenge_len, challenge, challenge,
1199 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1200 RSA_PKCS1_PADDING);
1201 if (decrypted_challenge_len < 0) {
1202 free(session_buf);
1203 return 0;
1204 }
1205 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1206 memcpy(decrypted_challenge,
1207 challenge + decrypted_challenge_len -
1208 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1209 } else {
1210 memset(decrypted_challenge, 0,
1211 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1212 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1213 decrypted_challenge_len, challenge,
1214 decrypted_challenge_len);
1215 }
1216
1217 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1218 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1219 session_buf + host_key_bytes);
1220 memcpy(session_buf + server_key_bytes + host_key_bytes,
1221 pvar->crypt_state.server_cookie, 8);
1222 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1223
1224 free(session_buf);
1225
1226 MD5(decrypted_challenge, 48, response);
1227
1228 return 1;
1229 }
1230
1231 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1232 {
1233 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1234 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1235 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1236 memset(state->ivec1, 0, 8);
1237 memset(state->ivec2, 0, 8);
1238 memset(state->ivec3, 0, 8);
1239 }
1240
1241 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1242 {
1243 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1244 memset(state->ivec, 0, 8);
1245 }
1246
1247 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1248 {
1249 idea_set_encrypt_key(session_key, &state->k);
1250 memset(state->ivec, 0, 8);
1251 }
1252
1253 static void cBlowfish_init(char FAR * session_key,
1254 CipherBlowfishState FAR * state)
1255 {
1256 BF_set_key(&state->k, 32, session_key);
1257 memset(state->ivec, 0, 8);
1258 }
1259
1260
1261 //
1262 // SSH2�p�A���S���Y����������
1263 //
1264 // for SSH2(yutaka)
1265 //
1266 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1267 const u_char *key, u_int keylen,
1268 const u_char *iv, u_int ivlen,
1269 int encrypt,
1270 const EVP_CIPHER *type,
1271 int discard_len,
1272 PTInstVar pvar)
1273 {
1274 int klen;
1275 char tmp[80];
1276 unsigned char *junk = NULL, *discard = NULL;
1277
1278 EVP_CIPHER_CTX_init(evp);
1279 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1280 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1281 "Cipher initialize error(%d)");
1282 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1283 notify_fatal_error(pvar, tmp);
1284 return;
1285 }
1286
1287 klen = EVP_CIPHER_CTX_key_length(evp);
1288 if (klen > 0 && keylen != klen) {
1289 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1290 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1291 "Cipher initialize error(%d)");
1292 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1293 notify_fatal_error(pvar, tmp);
1294 return;
1295 }
1296 }
1297 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1298 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1299 "Cipher initialize error(%d)");
1300 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1301 notify_fatal_error(pvar, tmp);
1302 return;
1303 }
1304
1305 if (discard_len > 0) {
1306 junk = malloc(discard_len);
1307 discard = malloc(discard_len);
1308 if (junk == NULL || discard == NULL ||
1309 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1310 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1311 "Cipher initialize error(%d)");
1312 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1313 pvar->ts->UIMsg, 3);
1314 notify_fatal_error(pvar, tmp);
1315 }
1316 else {
1317 memset(discard, 0, discard_len);
1318 }
1319 free(junk);
1320 free(discard);
1321 }
1322 }
1323
1324
1325 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1326 {
1327 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1328 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1329 BOOL isOK = TRUE;
1330
1331 if (sender_flag) {
1332 switch (pvar->crypt_state.sender_cipher) {
1333 // for SSH2(yutaka)
1334 case SSH2_CIPHER_3DES_CBC:
1335 case SSH2_CIPHER_3DES_CTR:
1336 {
1337 struct Enc *enc;
1338
1339 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1340 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1341 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1342 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1343 CIPHER_ENCRYPT,
1344 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1345 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1346 pvar);
1347
1348 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1349 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1350
1351 pvar->crypt_state.encrypt = c3DES_encrypt2;
1352 break;
1353 }
1354
1355 // for SSH2(yutaka)
1356 case SSH2_CIPHER_AES128_CBC:
1357 case SSH2_CIPHER_AES192_CBC:
1358 case SSH2_CIPHER_AES256_CBC:
1359 case SSH2_CIPHER_AES128_CTR:
1360 case SSH2_CIPHER_AES192_CTR:
1361 case SSH2_CIPHER_AES256_CTR:
1362 {
1363 struct Enc *enc;
1364
1365 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1366 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1367 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1368 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1369 CIPHER_ENCRYPT,
1370 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1371 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1372 pvar);
1373
1374 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1375 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1376
1377 pvar->crypt_state.encrypt = cAES128_encrypt;
1378 break;
1379 }
1380
1381 case SSH2_CIPHER_BLOWFISH_CBC:
1382 case SSH2_CIPHER_BLOWFISH_CTR:
1383 {
1384 struct Enc *enc;
1385
1386 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1387 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1388 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1389 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1390 CIPHER_ENCRYPT,
1391 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1392 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1393 pvar);
1394
1395 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1396 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1397
1398 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1399 break;
1400 }
1401
1402 case SSH2_CIPHER_ARCFOUR:
1403 case SSH2_CIPHER_ARCFOUR128:
1404 case SSH2_CIPHER_ARCFOUR256:
1405 {
1406 struct Enc *enc;
1407
1408 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1409 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1410 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1411 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1412 CIPHER_ENCRYPT,
1413 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1414 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1415 pvar);
1416 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1417 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1418
1419 pvar->crypt_state.encrypt = cArcfour_encrypt;
1420 break;
1421 }
1422
1423 case SSH2_CIPHER_CAST128_CBC:
1424 case SSH2_CIPHER_CAST128_CTR:
1425 {
1426 struct Enc *enc;
1427
1428 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1429 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1430 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1431 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1432 CIPHER_ENCRYPT,
1433 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1434 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1435 pvar);
1436 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1437 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1438
1439 pvar->crypt_state.encrypt = cCast128_encrypt;
1440 break;
1441 }
1442
1443 case SSH_CIPHER_3DES:{
1444 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1445 pvar->crypt_state.encrypt = c3DES_encrypt;
1446 break;
1447 }
1448 case SSH_CIPHER_IDEA:{
1449 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1450 pvar->crypt_state.encrypt = cIDEA_encrypt;
1451 break;
1452 }
1453 case SSH_CIPHER_DES:{
1454 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1455 pvar->crypt_state.encrypt = cDES_encrypt;
1456 break;
1457 }
1458 case SSH_CIPHER_RC4:{
1459 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1460 encryption_key + 16);
1461 pvar->crypt_state.encrypt = cRC4_encrypt;
1462 break;
1463 }
1464 case SSH_CIPHER_BLOWFISH:{
1465 cBlowfish_init(encryption_key,
1466 &pvar->crypt_state.enc.cBlowfish);
1467 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1468 break;
1469 }
1470 default:
1471 isOK = FALSE;
1472 }
1473 }
1474
1475
1476 if (receiver_flag) {
1477 switch (pvar->crypt_state.receiver_cipher) {
1478 // for SSH2(yutaka)
1479 case SSH2_CIPHER_3DES_CBC:
1480 case SSH2_CIPHER_3DES_CTR:
1481 {
1482 struct Enc *enc;
1483
1484 enc = &pvar->ssh2_keys[MODE_IN].enc;
1485 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1486 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1487 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1488 CIPHER_DECRYPT,
1489 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1490 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1491 pvar);
1492
1493 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1494 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1495
1496 pvar->crypt_state.decrypt = c3DES_decrypt2;
1497 break;
1498 }
1499
1500 // for SSH2(yutaka)
1501 case SSH2_CIPHER_AES128_CBC:
1502 case SSH2_CIPHER_AES192_CBC:
1503 case SSH2_CIPHER_AES256_CBC:
1504 case SSH2_CIPHER_AES128_CTR:
1505 case SSH2_CIPHER_AES192_CTR:
1506 case SSH2_CIPHER_AES256_CTR:
1507 {
1508 struct Enc *enc;
1509
1510 enc = &pvar->ssh2_keys[MODE_IN].enc;
1511 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1512 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1513 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1514 CIPHER_DECRYPT,
1515 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1516 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1517 pvar);
1518
1519 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1520 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1521
1522 pvar->crypt_state.decrypt = cAES128_decrypt;
1523 break;
1524 }
1525
1526 case SSH2_CIPHER_BLOWFISH_CBC:
1527 case SSH2_CIPHER_BLOWFISH_CTR:
1528 {
1529 struct Enc *enc;
1530
1531 enc = &pvar->ssh2_keys[MODE_IN].enc;
1532 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1533 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1534 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1535 CIPHER_DECRYPT,
1536 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1537 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1538 pvar);
1539
1540 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1541 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1542
1543 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1544 break;
1545 }
1546
1547 case SSH2_CIPHER_ARCFOUR:
1548 case SSH2_CIPHER_ARCFOUR128:
1549 case SSH2_CIPHER_ARCFOUR256:
1550 {
1551 struct Enc *enc;
1552
1553 enc = &pvar->ssh2_keys[MODE_IN].enc;
1554 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1555 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1556 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1557 CIPHER_DECRYPT,
1558 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1559 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1560 pvar);
1561
1562 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1563 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1564
1565 pvar->crypt_state.decrypt = cArcfour_decrypt;
1566 break;
1567 }
1568
1569 case SSH2_CIPHER_CAST128_CBC:
1570 case SSH2_CIPHER_CAST128_CTR:
1571 {
1572 struct Enc *enc;
1573
1574 enc = &pvar->ssh2_keys[MODE_IN].enc;
1575 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1576 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1577 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1578 CIPHER_DECRYPT,
1579 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1580 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1581 pvar);
1582
1583 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1584 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1585
1586 pvar->crypt_state.decrypt = cCast128_decrypt;
1587 break;
1588 }
1589
1590 case SSH_CIPHER_3DES:{
1591 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1592 pvar->crypt_state.decrypt = c3DES_decrypt;
1593 break;
1594 }
1595 case SSH_CIPHER_IDEA:{
1596 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1597 pvar->crypt_state.decrypt = cIDEA_decrypt;
1598 break;
1599 }
1600 case SSH_CIPHER_DES:{
1601 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1602 pvar->crypt_state.decrypt = cDES_decrypt;
1603 break;
1604 }
1605 case SSH_CIPHER_RC4:{
1606 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1607 pvar->crypt_state.decrypt = cRC4_decrypt;
1608 break;
1609 }
1610 case SSH_CIPHER_BLOWFISH:{
1611 cBlowfish_init(decryption_key,
1612 &pvar->crypt_state.dec.cBlowfish);
1613 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1614 break;
1615 }
1616 default:
1617 isOK = FALSE;
1618 }
1619 }
1620
1621
1622 if (!isOK) {
1623 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1624 "No cipher selected!");
1625 notify_fatal_error(pvar, pvar->ts->UIMsg);
1626 return FALSE;
1627 } else {
1628 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1629 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1630 return TRUE;
1631 }
1632 }
1633
1634 void CRYPT_init(PTInstVar pvar)
1635 {
1636 pvar->crypt_state.encrypt = no_encrypt;
1637 pvar->crypt_state.decrypt = no_encrypt;
1638 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1639 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1640 pvar->crypt_state.server_key.RSA_key = NULL;
1641 pvar->crypt_state.host_key.RSA_key = NULL;
1642
1643 pvar->crypt_state.detect_attack_statics.h = NULL;
1644 pvar->crypt_state.detect_attack_statics.n =
1645 HASH_MINSIZE / HASH_ENTRYSIZE;
1646 }
1647
1648 static char FAR *get_cipher_name(int cipher)
1649 {
1650 switch (cipher) {
1651 case SSH_CIPHER_NONE:
1652 return "None";
1653 case SSH_CIPHER_3DES:
1654 return "3DES (168 key bits)";
1655 case SSH_CIPHER_DES:
1656 return "DES (56 key bits)";
1657 case SSH_CIPHER_IDEA:
1658 return "IDEA (128 key bits)";
1659 case SSH_CIPHER_RC4:
1660 return "RC4 (128 key bits)";
1661 case SSH_CIPHER_BLOWFISH:
1662 return "Blowfish (256 key bits)";
1663
1664 // SSH2
1665 case SSH2_CIPHER_3DES_CBC:
1666 return "3DES-CBC";
1667 case SSH2_CIPHER_AES128_CBC:
1668 return "AES128-CBC";
1669 case SSH2_CIPHER_AES192_CBC:
1670 return "AES192-CBC";
1671 case SSH2_CIPHER_AES256_CBC:
1672 return "AES256-CBC";
1673 case SSH2_CIPHER_BLOWFISH_CBC:
1674 return "Blowfish-CBC";
1675 case SSH2_CIPHER_AES128_CTR:
1676 return "AES128-CTR";
1677 case SSH2_CIPHER_AES192_CTR:
1678 return "AES192-CTR";
1679 case SSH2_CIPHER_AES256_CTR:
1680 return "AES256-CTR";
1681 case SSH2_CIPHER_ARCFOUR:
1682 return "Arcfour";
1683 case SSH2_CIPHER_ARCFOUR128:
1684 return "Arcfour128";
1685 case SSH2_CIPHER_ARCFOUR256:
1686 return "Arcfour256";
1687 case SSH2_CIPHER_CAST128_CBC:
1688 return "CAST-128-CBC";
1689 case SSH2_CIPHER_3DES_CTR:
1690 return "3DES-CTR";
1691 case SSH2_CIPHER_BLOWFISH_CTR:
1692 return "Blowfish-CTR";
1693 case SSH2_CIPHER_CAST128_CTR:
1694 return "CAST-128-CTR";
1695
1696 default:
1697 return "Unknown";
1698 }
1699 }
1700
1701 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1702 {
1703 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1704 "%s to server, %s from server");
1705 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1706 get_cipher_name(pvar->crypt_state.sender_cipher),
1707 get_cipher_name(pvar->crypt_state.receiver_cipher));
1708 }
1709
1710 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1711 {
1712 if (SSHv1(pvar)) {
1713 if (pvar->crypt_state.server_key.RSA_key == NULL
1714 || pvar->crypt_state.host_key.RSA_key == NULL) {
1715 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1716 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1717 } else {
1718 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1719 "%d-bit server key, %d-bit host key");
1720 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1721 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1722 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1723 }
1724 } else { // SSH2
1725 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1726 "%d-bit server key, %d-bit host key");
1727 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1728 pvar->server_key_bits,
1729 pvar->client_key_bits);
1730 }
1731 }
1732
1733 static void destroy_public_key(CRYPTPublicKey FAR * key)
1734 {
1735 if (key->RSA_key != NULL) {
1736 RSA_free(key->RSA_key);
1737 key->RSA_key = NULL;
1738 }
1739 }
1740
1741 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1742 {
1743 destroy_public_key(key);
1744 free(key);
1745 }
1746
1747 void CRYPT_end(PTInstVar pvar)
1748 {
1749 destroy_public_key(&pvar->crypt_state.host_key);
1750 destroy_public_key(&pvar->crypt_state.server_key);
1751
1752 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1753 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1754 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1755 free(pvar->crypt_state.detect_attack_statics.h);
1756 }
1757
1758 memset(pvar->crypt_state.sender_cipher_key, 0,
1759 sizeof(pvar->crypt_state.sender_cipher_key));
1760 memset(pvar->crypt_state.receiver_cipher_key, 0,
1761 sizeof(pvar->crypt_state.receiver_cipher_key));
1762 memset(pvar->crypt_state.server_cookie, 0,
1763 sizeof(pvar->crypt_state.server_cookie));
1764 memset(pvar->crypt_state.client_cookie, 0,
1765 sizeof(pvar->crypt_state.client_cookie));
1766 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1767 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1768 }
1769
1770 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1771 char FAR * buf, int bytes)
1772 {
1773 unsigned char passphrase_key[16];
1774
1775 MD5(passphrase, strlen(passphrase), passphrase_key);
1776
1777 switch (cipher) {
1778 case SSH_CIPHER_3DES:{
1779 Cipher3DESState state;
1780
1781 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1782 &state.k1);
1783 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1784 &state.k2);
1785 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1786 &state.k3);
1787 memset(state.ivec1, 0, 8);
1788 memset(state.ivec2, 0, 8);
1789 memset(state.ivec3, 0, 8);
1790 DES_ncbc_encrypt(buf, buf, bytes,
1791 &state.k3, &state.ivec3, DES_DECRYPT);
1792 DES_ncbc_encrypt(buf, buf, bytes,
1793 &state.k2, &state.ivec2, DES_ENCRYPT);
1794 DES_ncbc_encrypt(buf, buf, bytes,
1795 &state.k1, &state.ivec1, DES_DECRYPT);
1796 break;
1797 }
1798
1799 case SSH_CIPHER_IDEA:{
1800 CipherIDEAState state;
1801 int num = 0;
1802
1803 cIDEA_init(passphrase_key, &state);
1804 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1805 &num, IDEA_DECRYPT);
1806 break;
1807 }
1808
1809 case SSH_CIPHER_DES:{
1810 CipherDESState state;
1811
1812 cDES_init(passphrase_key, &state);
1813 DES_ncbc_encrypt(buf, buf, bytes,
1814 &state.k, &state.ivec, DES_DECRYPT);
1815 break;
1816 }
1817
1818 case SSH_CIPHER_RC4:{
1819 CipherRC4State state;
1820 int num = 0;
1821
1822 RC4_set_key(&state.k, 16, passphrase_key);
1823 RC4(&state.k, bytes, buf, buf);
1824 break;
1825 }
1826
1827 case SSH_CIPHER_BLOWFISH:{
1828 CipherBlowfishState state;
1829
1830 BF_set_key(&state.k, 16, passphrase_key);
1831 memset(state.ivec, 0, 8);
1832 flip_endianness(buf, bytes);
1833 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1834 BF_DECRYPT);
1835 flip_endianness(buf, bytes);
1836 break;
1837 }
1838
1839 case SSH_CIPHER_NONE:
1840 break;
1841
1842 default:
1843 memset(passphrase_key, 0, sizeof(passphrase_key));
1844 return 0;
1845 }
1846
1847 memset(passphrase_key, 0, sizeof(passphrase_key));
1848 return 1;
1849 }
1850
1851 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1852 {
1853 if (key_pair->RSA_key != NULL)
1854 RSA_free(key_pair->RSA_key);
1855
1856 if (key_pair->DSA_key != NULL)
1857 DSA_free(key_pair->DSA_key);
1858
1859 free(key_pair);
1860 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help