Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 4313 - (show annotations) (download) (as text)
Wed Feb 16 15:48:49 2011 UTC (13 years, 1 month ago) by maya
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 56809 byte(s) 
SSH2 では、SSH1 と同じ server key/host key というの組み合わせではなく、鍵交換の時だけ一時的に使われる client key/server key となるので表記を変更
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224 char tmp[80];
225
226 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227 if (bytes == 0)
228 goto error;
229
230 if (newbuf == NULL)
231 return;
232
233 if (bytes % block_size) {
234 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
235 "%s encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237 "AES128/192/256", bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
244 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
245 "AES128/192/256");
246 notify_fatal_error(pvar, tmp);
247 goto error;
248
249 } else {
250 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
251 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
252 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
253 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
254
255 //debug_print(50, key, 24);
256 //debug_print(51, iv, 8);
257 //debug_print(52, buf, bytes);
258 //debug_print(53, newbuf, bytes);
259
260 memcpy(buf, newbuf, bytes);
261 }
262
263 error:
264 free(newbuf);
265 }
266
267 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
268 int bytes)
269 {
270 unsigned char *newbuf = malloc(bytes);
271 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272 char tmp[80];
273
274 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
275 if (bytes == 0)
276 goto error;
277
278 if (newbuf == NULL)
279 return;
280
281 if (bytes % block_size) {
282 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
283 "%s decrypt error(1): bytes %d (%d)");
284 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
285 "AES128/192/256", bytes, block_size);
286 notify_fatal_error(pvar, tmp);
287 goto error;
288 }
289
290 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
291 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
292 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
293 "AES128/192/256");
294 notify_fatal_error(pvar, tmp);
295 goto error;
296
297 } else {
298 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
299 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
300 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
301 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
302
303 //debug_print(70, key, AES128_KEYLEN);
304 //debug_print(71, iv, AES128_IVLEN);
305 //debug_print(72, buf, bytes);
306 //debug_print(73, newbuf, bytes);
307
308 memcpy(buf, newbuf, bytes);
309 }
310
311 error:
312 free(newbuf);
313 }
314
315
316 // for SSH2(yutaka)
317 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
318 int bytes)
319 {
320 unsigned char *newbuf = malloc(bytes);
321 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
322 char tmp[80];
323
324 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
325 if (bytes == 0)
326 goto error;
327
328 if (newbuf == NULL)
329 return;
330
331 if (bytes % block_size) {
332 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
333 "%s encrypt error(1): bytes %d (%d)");
334 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
335 "3DES-CBC", bytes, block_size);
336 notify_fatal_error(pvar, tmp);
337 goto error;
338 }
339
340 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
341 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
342 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
343 "3DES-CBC");
344 notify_fatal_error(pvar, tmp);
345 goto error;
346
347 } else {
348 //unsigned char key[24], iv[8];
349 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352
353 //debug_print(50, key, 24);
354 //debug_print(51, iv, 8);
355 //debug_print(52, buf, bytes);
356 //debug_print(53, newbuf, bytes);
357
358 memcpy(buf, newbuf, bytes);
359 }
360
361 error:
362 free(newbuf);
363 }
364
365 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
366 int bytes)
367 {
368 unsigned char *newbuf = malloc(bytes);
369 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
370 char tmp[80];
371
372 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
373 if (bytes == 0)
374 goto error;
375
376 if (newbuf == NULL)
377 return;
378
379 if (bytes % block_size) {
380 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
381 "%s decrypt error(1): bytes %d (%d)");
382 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
383 "3DES-CBC", bytes, block_size);
384 notify_fatal_error(pvar, tmp);
385 goto error;
386 }
387
388 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
390 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
391 "3DES-CBC");
392 notify_fatal_error(pvar, tmp);
393 goto error;
394
395 } else {
396 //unsigned char key[24], iv[8];
397 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
398 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
399 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
400
401 //debug_print(70, key, 24);
402 //debug_print(71, iv, 8);
403 //debug_print(72, buf, bytes);
404 //debug_print(73, newbuf, bytes);
405
406 memcpy(buf, newbuf, bytes);
407 }
408
409 error:
410 free(newbuf);
411 }
412
413
414 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
415 int bytes)
416 {
417 unsigned char *newbuf = malloc(bytes);
418 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
419 char tmp[80];
420
421 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
422 if (bytes == 0)
423 goto error;
424
425 if (newbuf == NULL)
426 return;
427
428 if (bytes % block_size) {
429 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
430 "%s encrypt error(1): bytes %d (%d)");
431 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
432 "Blowfish", bytes, block_size);
433 notify_fatal_error(pvar, tmp);
434 goto error;
435 }
436
437 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
438 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
439 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
440 "Blowfish");
441 notify_fatal_error(pvar, tmp);
442 goto error;
443
444 } else {
445 memcpy(buf, newbuf, bytes);
446
447 }
448
449 error:
450 free(newbuf);
451 }
452
453 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
454 int bytes)
455 {
456 unsigned char *newbuf = malloc(bytes);
457 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
458 char tmp[80];
459
460 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
461 if (bytes == 0)
462 goto error;
463
464 if (newbuf == NULL)
465 return;
466
467 if (bytes % block_size) {
468 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
469 "%s decrypt error(1): bytes %d (%d)");
470 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
471 "Blowfish", bytes, block_size);
472 notify_fatal_error(pvar, tmp);
473 goto error;
474 }
475
476 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
477 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
478 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
479 "Blowfish");
480 notify_fatal_error(pvar, tmp);
481 goto error;
482
483 } else {
484 memcpy(buf, newbuf, bytes);
485
486 }
487
488 error:
489 free(newbuf);
490 }
491
492
493 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
494 int bytes)
495 {
496 unsigned char *newbuf = malloc(bytes);
497 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
498 char tmp[80];
499
500 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
501 if (bytes == 0)
502 goto error;
503
504 if (newbuf == NULL)
505 return;
506
507 if (bytes % block_size) {
508 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
509 "%s encrypt error(1): bytes %d (%d)");
510 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
511 "Arcfour", bytes, block_size);
512 notify_fatal_error(pvar, tmp);
513 goto error;
514 }
515
516 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
517 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
518 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
519 "Arcfour");
520 notify_fatal_error(pvar, tmp);
521 goto error;
522
523 } else {
524 memcpy(buf, newbuf, bytes);
525
526 }
527
528 error:
529 free(newbuf);
530 }
531
532 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 int bytes)
534 {
535 unsigned char *newbuf = malloc(bytes);
536 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
537 char tmp[80];
538
539 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
540 if (bytes == 0)
541 goto error;
542
543 if (newbuf == NULL)
544 return;
545
546 if (bytes % block_size) {
547 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
548 "%s decrypt error(1): bytes %d (%d)");
549 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
550 "Arcfour", bytes, block_size);
551 notify_fatal_error(pvar, tmp);
552 goto error;
553 }
554
555 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
556 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
557 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
558 "Arcfour");
559 notify_fatal_error(pvar, tmp);
560 goto error;
561
562 } else {
563 memcpy(buf, newbuf, bytes);
564
565 }
566
567 error:
568 free(newbuf);
569 }
570
571
572 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
573 int bytes)
574 {
575 unsigned char *newbuf = malloc(bytes);
576 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
577 char tmp[80];
578
579 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
580 if (bytes == 0)
581 goto error;
582
583 if (newbuf == NULL)
584 return;
585
586 if (bytes % block_size) {
587 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
588 "%s encrypt error(1): bytes %d (%d)");
589 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
590 "CAST128", bytes, block_size);
591 notify_fatal_error(pvar, tmp);
592 goto error;
593 }
594
595 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
596 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
597 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
598 "CAST128");
599 notify_fatal_error(pvar, tmp);
600 goto error;
601
602 } else {
603 memcpy(buf, newbuf, bytes);
604
605 }
606
607 error:
608 free(newbuf);
609 }
610
611 static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
612 int bytes)
613 {
614 unsigned char *newbuf = malloc(bytes);
615 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
616 char tmp[80];
617
618 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
619 if (bytes == 0)
620 goto error;
621
622 if (newbuf == NULL)
623 return;
624
625 if (bytes % block_size) {
626 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
627 "%s decrypt error(1): bytes %d (%d)");
628 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
629 "CAST128", bytes, block_size);
630 notify_fatal_error(pvar, tmp);
631 goto error;
632 }
633
634 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
635 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
636 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
637 "CAST128");
638 notify_fatal_error(pvar, tmp);
639 goto error;
640
641 } else {
642 memcpy(buf, newbuf, bytes);
643
644 }
645
646 error:
647 free(newbuf);
648 }
649
650
651 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
652 int bytes)
653 {
654 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
655
656 DES_ncbc_encrypt(buf, buf, bytes,
657 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
658 DES_ncbc_encrypt(buf, buf, bytes,
659 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
660 DES_ncbc_encrypt(buf, buf, bytes,
661 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
662 }
663
664 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
665 int bytes)
666 {
667 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
668
669 DES_ncbc_encrypt(buf, buf, bytes,
670 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
671 DES_ncbc_encrypt(buf, buf, bytes,
672 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
673 DES_ncbc_encrypt(buf, buf, bytes,
674 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
675 }
676
677 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
678 int bytes)
679 {
680 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
681
682 DES_ncbc_encrypt(buf, buf, bytes,
683 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
684 }
685
686 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
687 int bytes)
688 {
689 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
690
691 DES_ncbc_encrypt(buf, buf, bytes,
692 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
693 }
694
695 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
696 int bytes)
697 {
698 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
699 int num = 0;
700
701 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
702 encryptstate->ivec, &num, IDEA_ENCRYPT);
703 }
704
705 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
706 int bytes)
707 {
708 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
709 int num = 0;
710
711 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
712 decryptstate->ivec, &num, IDEA_DECRYPT);
713 }
714
715 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
716 {
717 uint32 FAR *buf = (uint32 FAR *) cbuf;
718 int count = bytes / 4;
719
720 while (count > 0) {
721 uint32 w = *buf;
722
723 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
724 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
725 count--;
726 buf++;
727 }
728 }
729
730 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
731 int bytes)
732 {
733 CipherBlowfishState FAR *encryptstate =
734 &pvar->crypt_state.enc.cBlowfish;
735
736 flip_endianness(buf, bytes);
737 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
738 BF_ENCRYPT);
739 flip_endianness(buf, bytes);
740 }
741
742 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
743 int bytes)
744 {
745 CipherBlowfishState FAR *decryptstate =
746 &pvar->crypt_state.dec.cBlowfish;
747
748 flip_endianness(buf, bytes);
749 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
750 BF_DECRYPT);
751 flip_endianness(buf, bytes);
752 }
753
754 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
755 int bytes)
756 {
757 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
758 int num = 0;
759
760 RC4(&encryptstate->k, bytes, buf, buf);
761 }
762
763 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
764 int bytes)
765 {
766 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
767 int num = 0;
768
769 RC4(&decryptstate->k, bytes, buf, buf);
770 }
771
772 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
773 int bytes)
774 {
775 RAND_bytes(buf, bytes);
776 }
777
778 void CRYPT_initialize_random_numbers(PTInstVar pvar)
779 {
780 RAND_screen();
781 }
782
783 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
784 {
785 int bits = get_ushort16_MSBfirst(bytes);
786
787 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
788 }
789
790 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
791 RSA FAR *make_key(PTInstVar pvar,
792 int bits, unsigned char FAR * exp,
793 unsigned char FAR * mod)
794 {
795 RSA FAR *key = RSA_new();
796
797 if (key != NULL) {
798 key->e = get_bignum(exp);
799 key->n = get_bignum(mod);
800 }
801
802 if (key == NULL || key->e == NULL || key->n == NULL) {
803 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
804 "Error setting up RSA keys");
805 notify_fatal_error(pvar, pvar->ts->UIMsg);
806
807 if (key != NULL) {
808 if (key->e != NULL) {
809 BN_free(key->e);
810 }
811 if (key->n != NULL) {
812 BN_free(key->n);
813 }
814 RSA_free(key);
815 }
816
817 return NULL;
818 } else {
819 return key;
820 }
821 }
822
823 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
824 {
825 if (SSHv1(pvar)) {
826 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
827 } else {
828 memcpy(pvar->crypt_state.server_cookie, cookie,
829 SSH2_COOKIE_LENGTH);
830 }
831 }
832
833 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
834 {
835 if (SSHv2(pvar)) {
836 memcpy(pvar->crypt_state.client_cookie, cookie,
837 SSH2_COOKIE_LENGTH);
838 }
839 }
840
841 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
842 int bits, unsigned char FAR * exp,
843 unsigned char FAR * mod)
844 {
845 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
846
847 return pvar->crypt_state.server_key.RSA_key != NULL;
848 }
849
850 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
851 int bits, unsigned char FAR * exp,
852 unsigned char FAR * mod)
853 {
854 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
855
856 return pvar->crypt_state.host_key.RSA_key != NULL;
857 }
858
859 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
860 int receiver_ciphers)
861 {
862 int cipher_mask;
863
864 if (SSHv1(pvar)) {
865 cipher_mask = (1 << SSH_CIPHER_DES)
866 | (1 << SSH_CIPHER_3DES)
867 | (1 << SSH_CIPHER_BLOWFISH);
868
869 } else { // for SSH2(yutaka)
870 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
871 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
872 | (1 << SSH2_CIPHER_AES128_CBC)
873 | (1 << SSH2_CIPHER_AES192_CBC)
874 | (1 << SSH2_CIPHER_AES256_CBC)
875 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
876 | (1 << SSH2_CIPHER_AES128_CTR)
877 | (1 << SSH2_CIPHER_AES192_CTR)
878 | (1 << SSH2_CIPHER_AES256_CTR)
879 | (1 << SSH2_CIPHER_ARCFOUR)
880 | (1 << SSH2_CIPHER_ARCFOUR128)
881 | (1 << SSH2_CIPHER_ARCFOUR256)
882 | (1 << SSH2_CIPHER_CAST128_CBC)
883 | (1 << SSH2_CIPHER_3DES_CTR)
884 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
885 | (1 << SSH2_CIPHER_CAST128_CTR);
886 }
887
888 sender_ciphers &= cipher_mask;
889 receiver_ciphers &= cipher_mask;
890 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
891 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
892
893 if (sender_ciphers == 0) {
894 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
895 "The server does not support any of the TTSSH encryption algorithms.\n"
896 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
897 "The connection will be closed.");
898 notify_fatal_error(pvar, pvar->ts->UIMsg);
899 return FALSE;
900 } else if (receiver_ciphers == 0) {
901 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
902 "The server does not support any of the TTSSH encryption algorithms.\n"
903 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
904 "The connection will be closed.");
905 notify_fatal_error(pvar, pvar->ts->UIMsg);
906 return FALSE;
907 } else {
908 return TRUE;
909 }
910 }
911
912 int CRYPT_get_decryption_block_size(PTInstVar pvar)
913 {
914 if (SSHv1(pvar)) {
915 return 8;
916 } else {
917 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
918 // cf. 3DES=8, AES128=16
919 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
920 }
921 }
922
923 int CRYPT_get_encryption_block_size(PTInstVar pvar)
924 {
925 if (SSHv1(pvar)) {
926 return 8;
927 } else {
928 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
929 // cf. 3DES=8, AES128=16
930 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
931 }
932 }
933
934 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
935 {
936 struct Mac *mac;
937
938 if (SSHv1(pvar)) {
939 return 0;
940
941 } else { // for SSH2(yutaka)
942 mac = &pvar->ssh2_keys[MODE_IN].mac;
943 if (mac == NULL || mac->enabled == 0)
944 return 0;
945
946 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
947 }
948
949 }
950
951 // HMAC������
952 // ���{������ SSH2 �������g�p�������B
953 // (2004.12.17 yutaka)
954 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
955 char FAR * data, int len, char FAR * MAC)
956 {
957 HMAC_CTX c;
958 unsigned char m[EVP_MAX_MD_SIZE];
959 unsigned char b[4];
960 struct Mac *mac;
961
962 mac = &pvar->ssh2_keys[MODE_IN].mac;
963
964 // HMAC�������L���������������A����OK�����������B
965 if (mac == NULL || mac->enabled == 0)
966 return TRUE;
967
968 if (mac->key == NULL)
969 goto error;
970
971 if ((u_int)mac->mac_len > sizeof(m))
972 goto error;
973
974 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
975 set_uint32_MSBfirst(b, sequence_number);
976 HMAC_Update(&c, b, sizeof(b));
977 HMAC_Update(&c, data, len);
978 HMAC_Final(&c, m, NULL);
979 HMAC_cleanup(&c);
980
981 if (memcmp(m, MAC, mac->mac_len)) {
982 goto error;
983 }
984
985 return TRUE;
986
987 error:
988 return FALSE;
989 }
990
991 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
992 {
993 struct Mac *mac;
994
995 if (SSHv2(pvar)) { // for SSH2(yutaka)
996 mac = &pvar->ssh2_keys[MODE_OUT].mac;
997 if (mac == NULL || mac->enabled == 0)
998 return 0;
999
1000 return (mac->mac_len);
1001 }
1002
1003 return 0;
1004 }
1005
1006 // for SSH2
1007 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1008 char FAR * data, int len, char FAR * MAC)
1009 {
1010 HMAC_CTX c;
1011 static u_char m[EVP_MAX_MD_SIZE];
1012 u_char b[4];
1013 struct Mac *mac;
1014
1015 if (SSHv2(pvar)) { // for SSH2(yutaka)
1016 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1017 if (mac == NULL || mac->enabled == 0)
1018 return FALSE;
1019
1020 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1021 set_uint32_MSBfirst(b, sequence_number);
1022 HMAC_Update(&c, b, sizeof(b));
1023 HMAC_Update(&c, data, len);
1024 HMAC_Final(&c, m, NULL);
1025 HMAC_cleanup(&c);
1026
1027 // 20�o�C�g�������R�s�[
1028 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1029 // memcpy(MAC, m, sizeof(m));
1030
1031 return TRUE;
1032 }
1033
1034 return TRUE;
1035
1036 }
1037
1038 static int choose_cipher(PTInstVar pvar, int supported)
1039 {
1040 int i;
1041
1042 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1043 int cipher = pvar->session_settings.CipherOrder[i] - '0';
1044
1045 if (cipher == SSH_CIPHER_NONE) {
1046 break;
1047 } else if ((supported & (1 << cipher)) != 0) {
1048 return cipher;
1049 }
1050 }
1051
1052 return SSH_CIPHER_NONE;
1053 }
1054
1055 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1056 {
1057 if (SSHv1(pvar)) {
1058 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1059 pvar->crypt_state.
1060 supported_sender_ciphers);
1061 pvar->crypt_state.receiver_cipher =
1062 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1063
1064 } else { // SSH2(yutaka)
1065 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1066 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1067
1068 }
1069
1070 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1071 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1072 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
1073 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1074 "To communicate with this server, you will have to enable some more ciphers\n"
1075 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1076 "This connection will now close.");
1077 notify_fatal_error(pvar, pvar->ts->UIMsg);
1078 return FALSE;
1079 } else {
1080 return TRUE;
1081 }
1082 }
1083
1084 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1085 {
1086 int server_key_bits =
1087 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1088 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1089 int server_key_bytes = (server_key_bits + 7) / 8;
1090 int host_key_bytes = (host_key_bits + 7) / 8;
1091
1092 if (server_key_bits < host_key_bits) {
1093 return host_key_bytes;
1094 } else {
1095 return server_key_bytes;
1096 }
1097 }
1098
1099 int CRYPT_choose_session_key(PTInstVar pvar,
1100 unsigned char FAR * encrypted_key_buf)
1101 {
1102 int server_key_bits =
1103 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1104 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1105 int server_key_bytes = (server_key_bits + 7) / 8;
1106 int host_key_bytes = (host_key_bits + 7) / 8;
1107 int encrypted_key_bytes;
1108 int bit_delta;
1109
1110 if (server_key_bits < host_key_bits) {
1111 encrypted_key_bytes = host_key_bytes;
1112 bit_delta = host_key_bits - server_key_bits;
1113 } else {
1114 encrypted_key_bytes = server_key_bytes;
1115 bit_delta = server_key_bits - host_key_bits;
1116 }
1117
1118 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1119 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1120 "Server RSA keys are too weak. A secure connection cannot be established.");
1121 notify_fatal_error(pvar, pvar->ts->UIMsg);
1122 return 0;
1123 } else {
1124 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1125 for the session ID, rather than the one specified in the RFC */
1126 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1127 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1128 char session_id[16];
1129 int i;
1130
1131 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1132 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1133 session_buf + host_key_bytes);
1134 memcpy(session_buf + server_key_bytes + host_key_bytes,
1135 pvar->crypt_state.server_cookie, 8);
1136 MD5(session_buf, session_buf_len, session_id);
1137
1138 free(session_buf);
1139
1140 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1141 SSH_SESSION_KEY_LENGTH);
1142 memcpy(pvar->crypt_state.receiver_cipher_key,
1143 pvar->crypt_state.sender_cipher_key,
1144 SSH_SESSION_KEY_LENGTH);
1145
1146 memcpy(encrypted_key_buf + encrypted_key_bytes -
1147 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1148 SSH_SESSION_KEY_LENGTH);
1149 for (i = 0; i < sizeof(session_id); i++) {
1150 encrypted_key_buf[encrypted_key_bytes -
1151 SSH_SESSION_KEY_LENGTH + i]
1152 ^= session_id[i];
1153 }
1154
1155 if (host_key_bits > server_key_bits) {
1156 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1157 encrypted_key_buf +
1158 encrypted_key_bytes -
1159 SSH_SESSION_KEY_LENGTH,
1160 encrypted_key_buf +
1161 encrypted_key_bytes - server_key_bytes,
1162 pvar->crypt_state.server_key.RSA_key,
1163 RSA_PKCS1_PADDING) < 0)
1164 return 0;
1165
1166 if (RSA_public_encrypt(server_key_bytes,
1167 encrypted_key_buf +
1168 encrypted_key_bytes - server_key_bytes,
1169 encrypted_key_buf,
1170 pvar->crypt_state.host_key.RSA_key,
1171 RSA_PKCS1_PADDING) < 0)
1172 return 0;
1173 } else {
1174 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1175 encrypted_key_buf +
1176 encrypted_key_bytes -
1177 SSH_SESSION_KEY_LENGTH,
1178 encrypted_key_buf +
1179 encrypted_key_bytes - host_key_bytes,
1180 pvar->crypt_state.host_key.RSA_key,
1181 RSA_PKCS1_PADDING) < 0)
1182 return 0;
1183
1184 if (RSA_public_encrypt(host_key_bytes,
1185 encrypted_key_buf +
1186 encrypted_key_bytes - host_key_bytes,
1187 encrypted_key_buf,
1188 pvar->crypt_state.server_key.RSA_key,
1189 RSA_PKCS1_PADDING) < 0)
1190 return 0;
1191 }
1192 }
1193
1194 return 1;
1195 }
1196
1197 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1198 unsigned char FAR * challenge,
1199 int challenge_len,
1200 unsigned char FAR * response)
1201 {
1202 int server_key_bits =
1203 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1204 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1205 int server_key_bytes = (server_key_bits + 7) / 8;
1206 int host_key_bytes = (host_key_bits + 7) / 8;
1207 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1208 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1209 char decrypted_challenge[48];
1210 int decrypted_challenge_len;
1211
1212 decrypted_challenge_len =
1213 RSA_private_decrypt(challenge_len, challenge, challenge,
1214 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1215 RSA_PKCS1_PADDING);
1216 if (decrypted_challenge_len < 0) {
1217 free(session_buf);
1218 return 0;
1219 }
1220 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1221 memcpy(decrypted_challenge,
1222 challenge + decrypted_challenge_len -
1223 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1224 } else {
1225 memset(decrypted_challenge, 0,
1226 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1227 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1228 decrypted_challenge_len, challenge,
1229 decrypted_challenge_len);
1230 }
1231
1232 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1233 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1234 session_buf + host_key_bytes);
1235 memcpy(session_buf + server_key_bytes + host_key_bytes,
1236 pvar->crypt_state.server_cookie, 8);
1237 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1238
1239 free(session_buf);
1240
1241 MD5(decrypted_challenge, 48, response);
1242
1243 return 1;
1244 }
1245
1246 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1247 {
1248 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1249 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1250 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1251 memset(state->ivec1, 0, 8);
1252 memset(state->ivec2, 0, 8);
1253 memset(state->ivec3, 0, 8);
1254 }
1255
1256 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1257 {
1258 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1259 memset(state->ivec, 0, 8);
1260 }
1261
1262 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1263 {
1264 idea_set_encrypt_key(session_key, &state->k);
1265 memset(state->ivec, 0, 8);
1266 }
1267
1268 static void cBlowfish_init(char FAR * session_key,
1269 CipherBlowfishState FAR * state)
1270 {
1271 BF_set_key(&state->k, 32, session_key);
1272 memset(state->ivec, 0, 8);
1273 }
1274
1275
1276 //
1277 // SSH2�p�A���S���Y����������
1278 //
1279 // for SSH2(yutaka)
1280 //
1281 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1282 const u_char *key, u_int keylen,
1283 const u_char *iv, u_int ivlen,
1284 int encrypt,
1285 const EVP_CIPHER *type,
1286 int discard_len,
1287 PTInstVar pvar)
1288 {
1289 int klen;
1290 char tmp[80];
1291 unsigned char *junk = NULL, *discard = NULL;
1292
1293 EVP_CIPHER_CTX_init(evp);
1294 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1295 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1296 "Cipher initialize error(%d)");
1297 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1298 notify_fatal_error(pvar, tmp);
1299 return;
1300 }
1301
1302 klen = EVP_CIPHER_CTX_key_length(evp);
1303 if (klen > 0 && keylen != klen) {
1304 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1305 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1306 "Cipher initialize error(%d)");
1307 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1308 notify_fatal_error(pvar, tmp);
1309 return;
1310 }
1311 }
1312 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1313 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1314 "Cipher initialize error(%d)");
1315 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1316 notify_fatal_error(pvar, tmp);
1317 return;
1318 }
1319
1320 if (discard_len > 0) {
1321 junk = malloc(discard_len);
1322 discard = malloc(discard_len);
1323 if (junk == NULL || discard == NULL ||
1324 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1325 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1326 "Cipher initialize error(%d)");
1327 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1328 pvar->ts->UIMsg, 3);
1329 notify_fatal_error(pvar, tmp);
1330 }
1331 else {
1332 memset(discard, 0, discard_len);
1333 }
1334 free(junk);
1335 free(discard);
1336 }
1337 }
1338
1339
1340 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1341 {
1342 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1343 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1344 BOOL isOK = TRUE;
1345
1346 if (sender_flag) {
1347 switch (pvar->crypt_state.sender_cipher) {
1348 // for SSH2(yutaka)
1349 case SSH2_CIPHER_3DES_CBC:
1350 case SSH2_CIPHER_3DES_CTR:
1351 {
1352 struct Enc *enc;
1353
1354 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1355 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1356 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1357 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1358 CIPHER_ENCRYPT,
1359 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1360 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1361 pvar);
1362
1363 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1364 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1365
1366 pvar->crypt_state.encrypt = c3DES_encrypt2;
1367 break;
1368 }
1369
1370 // for SSH2(yutaka)
1371 case SSH2_CIPHER_AES128_CBC:
1372 case SSH2_CIPHER_AES192_CBC:
1373 case SSH2_CIPHER_AES256_CBC:
1374 case SSH2_CIPHER_AES128_CTR:
1375 case SSH2_CIPHER_AES192_CTR:
1376 case SSH2_CIPHER_AES256_CTR:
1377 {
1378 struct Enc *enc;
1379
1380 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1381 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1382 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1383 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1384 CIPHER_ENCRYPT,
1385 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1386 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1387 pvar);
1388
1389 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1390 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1391
1392 pvar->crypt_state.encrypt = cAES128_encrypt;
1393 break;
1394 }
1395
1396 case SSH2_CIPHER_BLOWFISH_CBC:
1397 case SSH2_CIPHER_BLOWFISH_CTR:
1398 {
1399 struct Enc *enc;
1400
1401 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1402 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1403 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1404 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1405 CIPHER_ENCRYPT,
1406 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1407 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1408 pvar);
1409
1410 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1411 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1412
1413 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1414 break;
1415 }
1416
1417 case SSH2_CIPHER_ARCFOUR:
1418 case SSH2_CIPHER_ARCFOUR128:
1419 case SSH2_CIPHER_ARCFOUR256:
1420 {
1421 struct Enc *enc;
1422
1423 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1424 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1425 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1426 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1427 CIPHER_ENCRYPT,
1428 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1429 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1430 pvar);
1431 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1432 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1433
1434 pvar->crypt_state.encrypt = cArcfour_encrypt;
1435 break;
1436 }
1437
1438 case SSH2_CIPHER_CAST128_CBC:
1439 case SSH2_CIPHER_CAST128_CTR:
1440 {
1441 struct Enc *enc;
1442
1443 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1444 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1445 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1446 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1447 CIPHER_ENCRYPT,
1448 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1449 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1450 pvar);
1451 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1452 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1453
1454 pvar->crypt_state.encrypt = cCast128_encrypt;
1455 break;
1456 }
1457
1458 case SSH_CIPHER_3DES:{
1459 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1460 pvar->crypt_state.encrypt = c3DES_encrypt;
1461 break;
1462 }
1463 case SSH_CIPHER_IDEA:{
1464 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1465 pvar->crypt_state.encrypt = cIDEA_encrypt;
1466 break;
1467 }
1468 case SSH_CIPHER_DES:{
1469 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1470 pvar->crypt_state.encrypt = cDES_encrypt;
1471 break;
1472 }
1473 case SSH_CIPHER_RC4:{
1474 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1475 encryption_key + 16);
1476 pvar->crypt_state.encrypt = cRC4_encrypt;
1477 break;
1478 }
1479 case SSH_CIPHER_BLOWFISH:{
1480 cBlowfish_init(encryption_key,
1481 &pvar->crypt_state.enc.cBlowfish);
1482 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1483 break;
1484 }
1485 default:
1486 isOK = FALSE;
1487 }
1488 }
1489
1490
1491 if (receiver_flag) {
1492 switch (pvar->crypt_state.receiver_cipher) {
1493 // for SSH2(yutaka)
1494 case SSH2_CIPHER_3DES_CBC:
1495 case SSH2_CIPHER_3DES_CTR:
1496 {
1497 struct Enc *enc;
1498
1499 enc = &pvar->ssh2_keys[MODE_IN].enc;
1500 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1501 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1502 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1503 CIPHER_DECRYPT,
1504 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1505 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1506 pvar);
1507
1508 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1509 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1510
1511 pvar->crypt_state.decrypt = c3DES_decrypt2;
1512 break;
1513 }
1514
1515 // for SSH2(yutaka)
1516 case SSH2_CIPHER_AES128_CBC:
1517 case SSH2_CIPHER_AES192_CBC:
1518 case SSH2_CIPHER_AES256_CBC:
1519 case SSH2_CIPHER_AES128_CTR:
1520 case SSH2_CIPHER_AES192_CTR:
1521 case SSH2_CIPHER_AES256_CTR:
1522 {
1523 struct Enc *enc;
1524
1525 enc = &pvar->ssh2_keys[MODE_IN].enc;
1526 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1527 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1528 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1529 CIPHER_DECRYPT,
1530 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1531 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1532 pvar);
1533
1534 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1535 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1536
1537 pvar->crypt_state.decrypt = cAES128_decrypt;
1538 break;
1539 }
1540
1541 case SSH2_CIPHER_BLOWFISH_CBC:
1542 case SSH2_CIPHER_BLOWFISH_CTR:
1543 {
1544 struct Enc *enc;
1545
1546 enc = &pvar->ssh2_keys[MODE_IN].enc;
1547 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1548 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1549 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1550 CIPHER_DECRYPT,
1551 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1552 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1553 pvar);
1554
1555 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1556 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1557
1558 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1559 break;
1560 }
1561
1562 case SSH2_CIPHER_ARCFOUR:
1563 case SSH2_CIPHER_ARCFOUR128:
1564 case SSH2_CIPHER_ARCFOUR256:
1565 {
1566 struct Enc *enc;
1567
1568 enc = &pvar->ssh2_keys[MODE_IN].enc;
1569 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1570 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1571 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1572 CIPHER_DECRYPT,
1573 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1574 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1575 pvar);
1576
1577 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1578 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1579
1580 pvar->crypt_state.decrypt = cArcfour_decrypt;
1581 break;
1582 }
1583
1584 case SSH2_CIPHER_CAST128_CBC:
1585 case SSH2_CIPHER_CAST128_CTR:
1586 {
1587 struct Enc *enc;
1588
1589 enc = &pvar->ssh2_keys[MODE_IN].enc;
1590 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1591 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1592 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1593 CIPHER_DECRYPT,
1594 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1595 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1596 pvar);
1597
1598 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1599 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1600
1601 pvar->crypt_state.decrypt = cCast128_decrypt;
1602 break;
1603 }
1604
1605 case SSH_CIPHER_3DES:{
1606 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1607 pvar->crypt_state.decrypt = c3DES_decrypt;
1608 break;
1609 }
1610 case SSH_CIPHER_IDEA:{
1611 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1612 pvar->crypt_state.decrypt = cIDEA_decrypt;
1613 break;
1614 }
1615 case SSH_CIPHER_DES:{
1616 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1617 pvar->crypt_state.decrypt = cDES_decrypt;
1618 break;
1619 }
1620 case SSH_CIPHER_RC4:{
1621 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1622 pvar->crypt_state.decrypt = cRC4_decrypt;
1623 break;
1624 }
1625 case SSH_CIPHER_BLOWFISH:{
1626 cBlowfish_init(decryption_key,
1627 &pvar->crypt_state.dec.cBlowfish);
1628 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1629 break;
1630 }
1631 default:
1632 isOK = FALSE;
1633 }
1634 }
1635
1636
1637 if (!isOK) {
1638 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1639 "No cipher selected!");
1640 notify_fatal_error(pvar, pvar->ts->UIMsg);
1641 return FALSE;
1642 } else {
1643 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1644 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1645 return TRUE;
1646 }
1647 }
1648
1649 void CRYPT_init(PTInstVar pvar)
1650 {
1651 pvar->crypt_state.encrypt = no_encrypt;
1652 pvar->crypt_state.decrypt = no_encrypt;
1653 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1654 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1655 pvar->crypt_state.server_key.RSA_key = NULL;
1656 pvar->crypt_state.host_key.RSA_key = NULL;
1657
1658 pvar->crypt_state.detect_attack_statics.h = NULL;
1659 pvar->crypt_state.detect_attack_statics.n =
1660 HASH_MINSIZE / HASH_ENTRYSIZE;
1661 }
1662
1663 static char FAR *get_cipher_name(int cipher)
1664 {
1665 switch (cipher) {
1666 case SSH_CIPHER_NONE:
1667 return "None";
1668 case SSH_CIPHER_3DES:
1669 return "3DES (168 key bits)";
1670 case SSH_CIPHER_DES:
1671 return "DES (56 key bits)";
1672 case SSH_CIPHER_IDEA:
1673 return "IDEA (128 key bits)";
1674 case SSH_CIPHER_RC4:
1675 return "RC4 (128 key bits)";
1676 case SSH_CIPHER_BLOWFISH:
1677 return "Blowfish (256 key bits)";
1678
1679 // SSH2
1680 case SSH2_CIPHER_3DES_CBC:
1681 return "3DES-CBC";
1682 case SSH2_CIPHER_AES128_CBC:
1683 return "AES128-CBC";
1684 case SSH2_CIPHER_AES192_CBC:
1685 return "AES192-CBC";
1686 case SSH2_CIPHER_AES256_CBC:
1687 return "AES256-CBC";
1688 case SSH2_CIPHER_BLOWFISH_CBC:
1689 return "Blowfish-CBC";
1690 case SSH2_CIPHER_AES128_CTR:
1691 return "AES128-CTR";
1692 case SSH2_CIPHER_AES192_CTR:
1693 return "AES192-CTR";
1694 case SSH2_CIPHER_AES256_CTR:
1695 return "AES256-CTR";
1696 case SSH2_CIPHER_ARCFOUR:
1697 return "Arcfour";
1698 case SSH2_CIPHER_ARCFOUR128:
1699 return "Arcfour128";
1700 case SSH2_CIPHER_ARCFOUR256:
1701 return "Arcfour256";
1702 case SSH2_CIPHER_CAST128_CBC:
1703 return "CAST-128-CBC";
1704 case SSH2_CIPHER_3DES_CTR:
1705 return "3DES-CTR";
1706 case SSH2_CIPHER_BLOWFISH_CTR:
1707 return "Blowfish-CTR";
1708 case SSH2_CIPHER_CAST128_CTR:
1709 return "CAST-128-CTR";
1710
1711 default:
1712 return "Unknown";
1713 }
1714 }
1715
1716 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1717 {
1718 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1719 "%s to server, %s from server");
1720 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1721 get_cipher_name(pvar->crypt_state.sender_cipher),
1722 get_cipher_name(pvar->crypt_state.receiver_cipher));
1723 }
1724
1725 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1726 {
1727 if (SSHv1(pvar)) {
1728 if (pvar->crypt_state.server_key.RSA_key == NULL
1729 || pvar->crypt_state.host_key.RSA_key == NULL) {
1730 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1731 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1732 } else {
1733 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1734 "%d-bit server key, %d-bit host key");
1735 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1736 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1737 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1738 }
1739 } else { // SSH2
1740 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1741 "%d-bit client key, %d-bit server key");
1742 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1743 pvar->client_key_bits,
1744 pvar->server_key_bits);
1745 }
1746 }
1747
1748 static void destroy_public_key(CRYPTPublicKey * key)
1749 {
1750 if (key->RSA_key != NULL) {
1751 RSA_free(key->RSA_key);
1752 key->RSA_key = NULL;
1753 }
1754 }
1755
1756 void CRYPT_free_public_key(CRYPTPublicKey * key)
1757 {
1758 destroy_public_key(key);
1759 free(key);
1760 }
1761
1762 void CRYPT_end(PTInstVar pvar)
1763 {
1764 destroy_public_key(&pvar->crypt_state.host_key);
1765 destroy_public_key(&pvar->crypt_state.server_key);
1766
1767 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1768 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1769 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1770 free(pvar->crypt_state.detect_attack_statics.h);
1771 }
1772
1773 memset(pvar->crypt_state.sender_cipher_key, 0,
1774 sizeof(pvar->crypt_state.sender_cipher_key));
1775 memset(pvar->crypt_state.receiver_cipher_key, 0,
1776 sizeof(pvar->crypt_state.receiver_cipher_key));
1777 memset(pvar->crypt_state.server_cookie, 0,
1778 sizeof(pvar->crypt_state.server_cookie));
1779 memset(pvar->crypt_state.client_cookie, 0,
1780 sizeof(pvar->crypt_state.client_cookie));
1781 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1782 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1783 }
1784
1785 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1786 char FAR * buf, int bytes)
1787 {
1788 unsigned char passphrase_key[16];
1789
1790 MD5(passphrase, strlen(passphrase), passphrase_key);
1791
1792 switch (cipher) {
1793 case SSH_CIPHER_3DES:{
1794 Cipher3DESState state;
1795
1796 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1797 &state.k1);
1798 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1799 &state.k2);
1800 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1801 &state.k3);
1802 memset(state.ivec1, 0, 8);
1803 memset(state.ivec2, 0, 8);
1804 memset(state.ivec3, 0, 8);
1805 DES_ncbc_encrypt(buf, buf, bytes,
1806 &state.k3, &state.ivec3, DES_DECRYPT);
1807 DES_ncbc_encrypt(buf, buf, bytes,
1808 &state.k2, &state.ivec2, DES_ENCRYPT);
1809 DES_ncbc_encrypt(buf, buf, bytes,
1810 &state.k1, &state.ivec1, DES_DECRYPT);
1811 break;
1812 }
1813
1814 case SSH_CIPHER_IDEA:{
1815 CipherIDEAState state;
1816 int num = 0;
1817
1818 cIDEA_init(passphrase_key, &state);
1819 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1820 &num, IDEA_DECRYPT);
1821 break;
1822 }
1823
1824 case SSH_CIPHER_DES:{
1825 CipherDESState state;
1826
1827 cDES_init(passphrase_key, &state);
1828 DES_ncbc_encrypt(buf, buf, bytes,
1829 &state.k, &state.ivec, DES_DECRYPT);
1830 break;
1831 }
1832
1833 case SSH_CIPHER_RC4:{
1834 CipherRC4State state;
1835 int num = 0;
1836
1837 RC4_set_key(&state.k, 16, passphrase_key);
1838 RC4(&state.k, bytes, buf, buf);
1839 break;
1840 }
1841
1842 case SSH_CIPHER_BLOWFISH:{
1843 CipherBlowfishState state;
1844
1845 BF_set_key(&state.k, 16, passphrase_key);
1846 memset(state.ivec, 0, 8);
1847 flip_endianness(buf, bytes);
1848 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1849 BF_DECRYPT);
1850 flip_endianness(buf, bytes);
1851 break;
1852 }
1853
1854 case SSH_CIPHER_NONE:
1855 break;
1856
1857 default:
1858 memset(passphrase_key, 0, sizeof(passphrase_key));
1859 return 0;
1860 }
1861
1862 memset(passphrase_key, 0, sizeof(passphrase_key));
1863 return 1;
1864 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help