Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 4550 - (show annotations) (download) (as text)
Thu Jul 28 16:15:05 2011 UTC (12 years, 8 months ago) by maya
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 62070 byte(s) 
RAND_screen() を呼ばないようにしてみた
  http://sourceforge.jp/ticket/browse.php?group_id=1412&tid=25835
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224 char tmp[80];
225
226 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227 if (bytes == 0)
228 goto error;
229
230 if (newbuf == NULL)
231 return;
232
233 if (bytes % block_size) {
234 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
235 "%s encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237 "AES128/192/256", bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
244 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
245 "AES128/192/256");
246 notify_fatal_error(pvar, tmp);
247 goto error;
248
249 } else {
250 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
251 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
252 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
253 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
254
255 //debug_print(50, key, 24);
256 //debug_print(51, iv, 8);
257 //debug_print(52, buf, bytes);
258 //debug_print(53, newbuf, bytes);
259
260 memcpy(buf, newbuf, bytes);
261 }
262
263 error:
264 free(newbuf);
265 }
266
267 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
268 int bytes)
269 {
270 unsigned char *newbuf = malloc(bytes);
271 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272 char tmp[80];
273
274 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
275 if (bytes == 0)
276 goto error;
277
278 if (newbuf == NULL)
279 return;
280
281 if (bytes % block_size) {
282 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
283 "%s decrypt error(1): bytes %d (%d)");
284 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
285 "AES128/192/256", bytes, block_size);
286 notify_fatal_error(pvar, tmp);
287 goto error;
288 }
289
290 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
291 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
292 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
293 "AES128/192/256");
294 notify_fatal_error(pvar, tmp);
295 goto error;
296
297 } else {
298 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
299 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
300 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
301 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
302
303 //debug_print(70, key, AES128_KEYLEN);
304 //debug_print(71, iv, AES128_IVLEN);
305 //debug_print(72, buf, bytes);
306 //debug_print(73, newbuf, bytes);
307
308 memcpy(buf, newbuf, bytes);
309 }
310
311 error:
312 free(newbuf);
313 }
314
315
316 // for SSH2(yutaka)
317 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
318 int bytes)
319 {
320 unsigned char *newbuf = malloc(bytes);
321 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
322 char tmp[80];
323
324 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
325 if (bytes == 0)
326 goto error;
327
328 if (newbuf == NULL)
329 return;
330
331 if (bytes % block_size) {
332 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
333 "%s encrypt error(1): bytes %d (%d)");
334 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
335 "3DES-CBC", bytes, block_size);
336 notify_fatal_error(pvar, tmp);
337 goto error;
338 }
339
340 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
341 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
342 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
343 "3DES-CBC");
344 notify_fatal_error(pvar, tmp);
345 goto error;
346
347 } else {
348 //unsigned char key[24], iv[8];
349 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352
353 //debug_print(50, key, 24);
354 //debug_print(51, iv, 8);
355 //debug_print(52, buf, bytes);
356 //debug_print(53, newbuf, bytes);
357
358 memcpy(buf, newbuf, bytes);
359 }
360
361 error:
362 free(newbuf);
363 }
364
365 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
366 int bytes)
367 {
368 unsigned char *newbuf = malloc(bytes);
369 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
370 char tmp[80];
371
372 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
373 if (bytes == 0)
374 goto error;
375
376 if (newbuf == NULL)
377 return;
378
379 if (bytes % block_size) {
380 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
381 "%s decrypt error(1): bytes %d (%d)");
382 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
383 "3DES-CBC", bytes, block_size);
384 notify_fatal_error(pvar, tmp);
385 goto error;
386 }
387
388 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
390 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
391 "3DES-CBC");
392 notify_fatal_error(pvar, tmp);
393 goto error;
394
395 } else {
396 //unsigned char key[24], iv[8];
397 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
398 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
399 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
400
401 //debug_print(70, key, 24);
402 //debug_print(71, iv, 8);
403 //debug_print(72, buf, bytes);
404 //debug_print(73, newbuf, bytes);
405
406 memcpy(buf, newbuf, bytes);
407 }
408
409 error:
410 free(newbuf);
411 }
412
413
414 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
415 int bytes)
416 {
417 unsigned char *newbuf = malloc(bytes);
418 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
419 char tmp[80];
420
421 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
422 if (bytes == 0)
423 goto error;
424
425 if (newbuf == NULL)
426 return;
427
428 if (bytes % block_size) {
429 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
430 "%s encrypt error(1): bytes %d (%d)");
431 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
432 "Blowfish", bytes, block_size);
433 notify_fatal_error(pvar, tmp);
434 goto error;
435 }
436
437 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
438 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
439 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
440 "Blowfish");
441 notify_fatal_error(pvar, tmp);
442 goto error;
443
444 } else {
445 memcpy(buf, newbuf, bytes);
446
447 }
448
449 error:
450 free(newbuf);
451 }
452
453 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
454 int bytes)
455 {
456 unsigned char *newbuf = malloc(bytes);
457 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
458 char tmp[80];
459
460 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
461 if (bytes == 0)
462 goto error;
463
464 if (newbuf == NULL)
465 return;
466
467 if (bytes % block_size) {
468 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
469 "%s decrypt error(1): bytes %d (%d)");
470 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
471 "Blowfish", bytes, block_size);
472 notify_fatal_error(pvar, tmp);
473 goto error;
474 }
475
476 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
477 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
478 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
479 "Blowfish");
480 notify_fatal_error(pvar, tmp);
481 goto error;
482
483 } else {
484 memcpy(buf, newbuf, bytes);
485
486 }
487
488 error:
489 free(newbuf);
490 }
491
492
493 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
494 int bytes)
495 {
496 unsigned char *newbuf = malloc(bytes);
497 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
498 char tmp[80];
499
500 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
501 if (bytes == 0)
502 goto error;
503
504 if (newbuf == NULL)
505 return;
506
507 if (bytes % block_size) {
508 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
509 "%s encrypt error(1): bytes %d (%d)");
510 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
511 "Arcfour", bytes, block_size);
512 notify_fatal_error(pvar, tmp);
513 goto error;
514 }
515
516 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
517 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
518 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
519 "Arcfour");
520 notify_fatal_error(pvar, tmp);
521 goto error;
522
523 } else {
524 memcpy(buf, newbuf, bytes);
525
526 }
527
528 error:
529 free(newbuf);
530 }
531
532 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 int bytes)
534 {
535 unsigned char *newbuf = malloc(bytes);
536 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
537 char tmp[80];
538
539 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
540 if (bytes == 0)
541 goto error;
542
543 if (newbuf == NULL)
544 return;
545
546 if (bytes % block_size) {
547 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
548 "%s decrypt error(1): bytes %d (%d)");
549 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
550 "Arcfour", bytes, block_size);
551 notify_fatal_error(pvar, tmp);
552 goto error;
553 }
554
555 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
556 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
557 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
558 "Arcfour");
559 notify_fatal_error(pvar, tmp);
560 goto error;
561
562 } else {
563 memcpy(buf, newbuf, bytes);
564
565 }
566
567 error:
568 free(newbuf);
569 }
570
571
572 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
573 int bytes)
574 {
575 unsigned char *newbuf = malloc(bytes);
576 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
577 char tmp[80];
578
579 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
580 if (bytes == 0)
581 goto error;
582
583 if (newbuf == NULL)
584 return;
585
586 if (bytes % block_size) {
587 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
588 "%s encrypt error(1): bytes %d (%d)");
589 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
590 "CAST128", bytes, block_size);
591 notify_fatal_error(pvar, tmp);
592 goto error;
593 }
594
595 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
596 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
597 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
598 "CAST128");
599 notify_fatal_error(pvar, tmp);
600 goto error;
601
602 } else {
603 memcpy(buf, newbuf, bytes);
604
605 }
606
607 error:
608 free(newbuf);
609 }
610
611 static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
612 int bytes)
613 {
614 unsigned char *newbuf = malloc(bytes);
615 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
616 char tmp[80];
617
618 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
619 if (bytes == 0)
620 goto error;
621
622 if (newbuf == NULL)
623 return;
624
625 if (bytes % block_size) {
626 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
627 "%s decrypt error(1): bytes %d (%d)");
628 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
629 "CAST128", bytes, block_size);
630 notify_fatal_error(pvar, tmp);
631 goto error;
632 }
633
634 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
635 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
636 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
637 "CAST128");
638 notify_fatal_error(pvar, tmp);
639 goto error;
640
641 } else {
642 memcpy(buf, newbuf, bytes);
643
644 }
645
646 error:
647 free(newbuf);
648 }
649
650 #ifdef WITH_CAMELLIA_DRAFT
651 static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
652 int bytes)
653 {
654 unsigned char *newbuf = malloc(bytes);
655 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
656 char tmp[80];
657
658 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
659 if (bytes == 0)
660 goto error;
661
662 if (newbuf == NULL)
663 return;
664
665 if (bytes % block_size) {
666 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
667 "%s encrypt error(1): bytes %d (%d)");
668 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
669 "Camellia128/192/256", bytes, block_size);
670 notify_fatal_error(pvar, tmp);
671 goto error;
672 }
673
674 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
675 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
676 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
677 "Camellia128/192/256");
678 notify_fatal_error(pvar, tmp);
679 goto error;
680
681 } else {
682 memcpy(buf, newbuf, bytes);
683
684 }
685
686 error:
687 free(newbuf);
688 }
689
690 static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
691 int bytes)
692 {
693 unsigned char *newbuf = malloc(bytes);
694 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
695 char tmp[80];
696
697 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
698 if (bytes == 0)
699 goto error;
700
701 if (newbuf == NULL)
702 return;
703
704 if (bytes % block_size) {
705 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
706 "%s decrypt error(1): bytes %d (%d)");
707 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
708 "Camellia128/192/256", bytes, block_size);
709 notify_fatal_error(pvar, tmp);
710 goto error;
711 }
712
713 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
714 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
715 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
716 "Camellia128/192/256");
717 notify_fatal_error(pvar, tmp);
718 goto error;
719
720 } else {
721 memcpy(buf, newbuf, bytes);
722
723 }
724
725 error:
726 free(newbuf);
727 }
728 #endif // WITH_CAMELLIA_DRAFT
729
730 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
731 int bytes)
732 {
733 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
734
735 DES_ncbc_encrypt(buf, buf, bytes,
736 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
737 DES_ncbc_encrypt(buf, buf, bytes,
738 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
739 DES_ncbc_encrypt(buf, buf, bytes,
740 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
741 }
742
743 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
744 int bytes)
745 {
746 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
747
748 DES_ncbc_encrypt(buf, buf, bytes,
749 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
750 DES_ncbc_encrypt(buf, buf, bytes,
751 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
752 DES_ncbc_encrypt(buf, buf, bytes,
753 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
754 }
755
756 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
757 int bytes)
758 {
759 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
760
761 DES_ncbc_encrypt(buf, buf, bytes,
762 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
763 }
764
765 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
766 int bytes)
767 {
768 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
769
770 DES_ncbc_encrypt(buf, buf, bytes,
771 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
772 }
773
774 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
775 int bytes)
776 {
777 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
778 int num = 0;
779
780 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
781 encryptstate->ivec, &num, IDEA_ENCRYPT);
782 }
783
784 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
785 int bytes)
786 {
787 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
788 int num = 0;
789
790 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
791 decryptstate->ivec, &num, IDEA_DECRYPT);
792 }
793
794 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
795 {
796 uint32 FAR *buf = (uint32 FAR *) cbuf;
797 int count = bytes / 4;
798
799 while (count > 0) {
800 uint32 w = *buf;
801
802 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
803 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
804 count--;
805 buf++;
806 }
807 }
808
809 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
810 int bytes)
811 {
812 CipherBlowfishState FAR *encryptstate =
813 &pvar->crypt_state.enc.cBlowfish;
814
815 flip_endianness(buf, bytes);
816 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
817 BF_ENCRYPT);
818 flip_endianness(buf, bytes);
819 }
820
821 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
822 int bytes)
823 {
824 CipherBlowfishState FAR *decryptstate =
825 &pvar->crypt_state.dec.cBlowfish;
826
827 flip_endianness(buf, bytes);
828 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
829 BF_DECRYPT);
830 flip_endianness(buf, bytes);
831 }
832
833 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
834 int bytes)
835 {
836 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
837 int num = 0;
838
839 RC4(&encryptstate->k, bytes, buf, buf);
840 }
841
842 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
843 int bytes)
844 {
845 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
846 int num = 0;
847
848 RC4(&decryptstate->k, bytes, buf, buf);
849 }
850
851 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
852 int bytes)
853 {
854 RAND_bytes(buf, bytes);
855 }
856
857 void CRYPT_initialize_random_numbers(PTInstVar pvar)
858 {
859 // ����������������������
860 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
861 //RAND_screen();
862 }
863
864 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
865 {
866 int bits = get_ushort16_MSBfirst(bytes);
867
868 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
869 }
870
871 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
872 RSA FAR *make_key(PTInstVar pvar,
873 int bits, unsigned char FAR * exp,
874 unsigned char FAR * mod)
875 {
876 RSA FAR *key = RSA_new();
877
878 if (key != NULL) {
879 key->e = get_bignum(exp);
880 key->n = get_bignum(mod);
881 }
882
883 if (key == NULL || key->e == NULL || key->n == NULL) {
884 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
885 "Error setting up RSA keys");
886 notify_fatal_error(pvar, pvar->ts->UIMsg);
887
888 if (key != NULL) {
889 if (key->e != NULL) {
890 BN_free(key->e);
891 }
892 if (key->n != NULL) {
893 BN_free(key->n);
894 }
895 RSA_free(key);
896 }
897
898 return NULL;
899 } else {
900 return key;
901 }
902 }
903
904 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
905 {
906 if (SSHv1(pvar)) {
907 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
908 } else {
909 memcpy(pvar->crypt_state.server_cookie, cookie,
910 SSH2_COOKIE_LENGTH);
911 }
912 }
913
914 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
915 {
916 if (SSHv2(pvar)) {
917 memcpy(pvar->crypt_state.client_cookie, cookie,
918 SSH2_COOKIE_LENGTH);
919 }
920 }
921
922 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
923 int bits, unsigned char FAR * exp,
924 unsigned char FAR * mod)
925 {
926 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
927
928 return pvar->crypt_state.server_key.RSA_key != NULL;
929 }
930
931 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
932 int bits, unsigned char FAR * exp,
933 unsigned char FAR * mod)
934 {
935 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
936
937 return pvar->crypt_state.host_key.RSA_key != NULL;
938 }
939
940 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
941 int receiver_ciphers)
942 {
943 int cipher_mask;
944
945 if (SSHv1(pvar)) {
946 cipher_mask = (1 << SSH_CIPHER_DES)
947 | (1 << SSH_CIPHER_3DES)
948 | (1 << SSH_CIPHER_BLOWFISH);
949
950 } else { // for SSH2(yutaka)
951 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
952 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
953 | (1 << SSH2_CIPHER_AES128_CBC)
954 | (1 << SSH2_CIPHER_AES192_CBC)
955 | (1 << SSH2_CIPHER_AES256_CBC)
956 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
957 | (1 << SSH2_CIPHER_AES128_CTR)
958 | (1 << SSH2_CIPHER_AES192_CTR)
959 | (1 << SSH2_CIPHER_AES256_CTR)
960 | (1 << SSH2_CIPHER_ARCFOUR)
961 | (1 << SSH2_CIPHER_ARCFOUR128)
962 | (1 << SSH2_CIPHER_ARCFOUR256)
963 | (1 << SSH2_CIPHER_CAST128_CBC)
964 | (1 << SSH2_CIPHER_3DES_CTR)
965 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
966 | (1 << SSH2_CIPHER_CAST128_CTR)
967 #ifdef WITH_CAMELLIA_DRAFT
968 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
969 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
970 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
971 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
972 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
973 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
974 #endif // WITH_CAMELLIA_DRAFT
975 );
976 }
977
978 sender_ciphers &= cipher_mask;
979 receiver_ciphers &= cipher_mask;
980 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
981 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
982
983 if (sender_ciphers == 0) {
984 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
985 "The server does not support any of the TTSSH encryption algorithms.\n"
986 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
987 "The connection will be closed.");
988 notify_fatal_error(pvar, pvar->ts->UIMsg);
989 return FALSE;
990 } else if (receiver_ciphers == 0) {
991 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
992 "The server does not support any of the TTSSH encryption algorithms.\n"
993 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
994 "The connection will be closed.");
995 notify_fatal_error(pvar, pvar->ts->UIMsg);
996 return FALSE;
997 } else {
998 return TRUE;
999 }
1000 }
1001
1002 int CRYPT_get_decryption_block_size(PTInstVar pvar)
1003 {
1004 if (SSHv1(pvar)) {
1005 return 8;
1006 } else {
1007 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1008 // cf. 3DES=8, AES128=16
1009 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
1010 }
1011 }
1012
1013 int CRYPT_get_encryption_block_size(PTInstVar pvar)
1014 {
1015 if (SSHv1(pvar)) {
1016 return 8;
1017 } else {
1018 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1019 // cf. 3DES=8, AES128=16
1020 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
1021 }
1022 }
1023
1024 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
1025 {
1026 struct Mac *mac;
1027
1028 if (SSHv1(pvar)) {
1029 return 0;
1030
1031 } else { // for SSH2(yutaka)
1032 mac = &pvar->ssh2_keys[MODE_IN].mac;
1033 if (mac == NULL || mac->enabled == 0)
1034 return 0;
1035
1036 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
1037 }
1038
1039 }
1040
1041 // HMAC������
1042 // ���{������ SSH2 �������g�p�������B
1043 // (2004.12.17 yutaka)
1044 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
1045 char FAR * data, int len, char FAR * MAC)
1046 {
1047 HMAC_CTX c;
1048 unsigned char m[EVP_MAX_MD_SIZE];
1049 unsigned char b[4];
1050 struct Mac *mac;
1051
1052 mac = &pvar->ssh2_keys[MODE_IN].mac;
1053
1054 // HMAC�������L���������������A����OK�����������B
1055 if (mac == NULL || mac->enabled == 0)
1056 return TRUE;
1057
1058 if (mac->key == NULL)
1059 goto error;
1060
1061 if ((u_int)mac->mac_len > sizeof(m))
1062 goto error;
1063
1064 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1065 set_uint32_MSBfirst(b, sequence_number);
1066 HMAC_Update(&c, b, sizeof(b));
1067 HMAC_Update(&c, data, len);
1068 HMAC_Final(&c, m, NULL);
1069 HMAC_cleanup(&c);
1070
1071 if (memcmp(m, MAC, mac->mac_len)) {
1072 goto error;
1073 }
1074
1075 return TRUE;
1076
1077 error:
1078 return FALSE;
1079 }
1080
1081 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1082 {
1083 struct Mac *mac;
1084
1085 if (SSHv2(pvar)) { // for SSH2(yutaka)
1086 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1087 if (mac == NULL || mac->enabled == 0)
1088 return 0;
1089
1090 return (mac->mac_len);
1091 }
1092
1093 return 0;
1094 }
1095
1096 // for SSH2
1097 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1098 char FAR * data, int len, char FAR * MAC)
1099 {
1100 HMAC_CTX c;
1101 static u_char m[EVP_MAX_MD_SIZE];
1102 u_char b[4];
1103 struct Mac *mac;
1104
1105 if (SSHv2(pvar)) { // for SSH2(yutaka)
1106 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1107 if (mac == NULL || mac->enabled == 0)
1108 return FALSE;
1109
1110 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1111 set_uint32_MSBfirst(b, sequence_number);
1112 HMAC_Update(&c, b, sizeof(b));
1113 HMAC_Update(&c, data, len);
1114 HMAC_Final(&c, m, NULL);
1115 HMAC_cleanup(&c);
1116
1117 // 20�o�C�g�������R�s�[
1118 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1119 // memcpy(MAC, m, sizeof(m));
1120
1121 return TRUE;
1122 }
1123
1124 return TRUE;
1125
1126 }
1127
1128 static int choose_cipher(PTInstVar pvar, int supported)
1129 {
1130 int i;
1131
1132 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1133 int cipher = pvar->session_settings.CipherOrder[i] - '0';
1134
1135 if (cipher == SSH_CIPHER_NONE) {
1136 break;
1137 } else if ((supported & (1 << cipher)) != 0) {
1138 return cipher;
1139 }
1140 }
1141
1142 return SSH_CIPHER_NONE;
1143 }
1144
1145 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1146 {
1147 if (SSHv1(pvar)) {
1148 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1149 pvar->crypt_state.
1150 supported_sender_ciphers);
1151 pvar->crypt_state.receiver_cipher =
1152 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1153
1154 } else { // SSH2(yutaka)
1155 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1156 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1157
1158 }
1159
1160 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1161 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1162 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
1163 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1164 "To communicate with this server, you will have to enable some more ciphers\n"
1165 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1166 "This connection will now close.");
1167 notify_fatal_error(pvar, pvar->ts->UIMsg);
1168 return FALSE;
1169 } else {
1170 return TRUE;
1171 }
1172 }
1173
1174 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1175 {
1176 int server_key_bits =
1177 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1178 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1179 int server_key_bytes = (server_key_bits + 7) / 8;
1180 int host_key_bytes = (host_key_bits + 7) / 8;
1181
1182 if (server_key_bits < host_key_bits) {
1183 return host_key_bytes;
1184 } else {
1185 return server_key_bytes;
1186 }
1187 }
1188
1189 int CRYPT_choose_session_key(PTInstVar pvar,
1190 unsigned char FAR * encrypted_key_buf)
1191 {
1192 int server_key_bits =
1193 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1194 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1195 int server_key_bytes = (server_key_bits + 7) / 8;
1196 int host_key_bytes = (host_key_bits + 7) / 8;
1197 int encrypted_key_bytes;
1198 int bit_delta;
1199
1200 if (server_key_bits < host_key_bits) {
1201 encrypted_key_bytes = host_key_bytes;
1202 bit_delta = host_key_bits - server_key_bits;
1203 } else {
1204 encrypted_key_bytes = server_key_bytes;
1205 bit_delta = server_key_bits - host_key_bits;
1206 }
1207
1208 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1209 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1210 "Server RSA keys are too weak. A secure connection cannot be established.");
1211 notify_fatal_error(pvar, pvar->ts->UIMsg);
1212 return 0;
1213 } else {
1214 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1215 for the session ID, rather than the one specified in the RFC */
1216 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1217 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1218 char session_id[16];
1219 int i;
1220
1221 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1222 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1223 session_buf + host_key_bytes);
1224 memcpy(session_buf + server_key_bytes + host_key_bytes,
1225 pvar->crypt_state.server_cookie, 8);
1226 MD5(session_buf, session_buf_len, session_id);
1227
1228 free(session_buf);
1229
1230 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1231 SSH_SESSION_KEY_LENGTH);
1232 memcpy(pvar->crypt_state.receiver_cipher_key,
1233 pvar->crypt_state.sender_cipher_key,
1234 SSH_SESSION_KEY_LENGTH);
1235
1236 memcpy(encrypted_key_buf + encrypted_key_bytes -
1237 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1238 SSH_SESSION_KEY_LENGTH);
1239 for (i = 0; i < sizeof(session_id); i++) {
1240 encrypted_key_buf[encrypted_key_bytes -
1241 SSH_SESSION_KEY_LENGTH + i]
1242 ^= session_id[i];
1243 }
1244
1245 if (host_key_bits > server_key_bits) {
1246 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1247 encrypted_key_buf +
1248 encrypted_key_bytes -
1249 SSH_SESSION_KEY_LENGTH,
1250 encrypted_key_buf +
1251 encrypted_key_bytes - server_key_bytes,
1252 pvar->crypt_state.server_key.RSA_key,
1253 RSA_PKCS1_PADDING) < 0)
1254 return 0;
1255
1256 if (RSA_public_encrypt(server_key_bytes,
1257 encrypted_key_buf +
1258 encrypted_key_bytes - server_key_bytes,
1259 encrypted_key_buf,
1260 pvar->crypt_state.host_key.RSA_key,
1261 RSA_PKCS1_PADDING) < 0)
1262 return 0;
1263 } else {
1264 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1265 encrypted_key_buf +
1266 encrypted_key_bytes -
1267 SSH_SESSION_KEY_LENGTH,
1268 encrypted_key_buf +
1269 encrypted_key_bytes - host_key_bytes,
1270 pvar->crypt_state.host_key.RSA_key,
1271 RSA_PKCS1_PADDING) < 0)
1272 return 0;
1273
1274 if (RSA_public_encrypt(host_key_bytes,
1275 encrypted_key_buf +
1276 encrypted_key_bytes - host_key_bytes,
1277 encrypted_key_buf,
1278 pvar->crypt_state.server_key.RSA_key,
1279 RSA_PKCS1_PADDING) < 0)
1280 return 0;
1281 }
1282 }
1283
1284 return 1;
1285 }
1286
1287 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1288 unsigned char FAR * challenge,
1289 int challenge_len,
1290 unsigned char FAR * response)
1291 {
1292 int server_key_bits =
1293 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1294 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1295 int server_key_bytes = (server_key_bits + 7) / 8;
1296 int host_key_bytes = (host_key_bits + 7) / 8;
1297 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1298 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1299 char decrypted_challenge[48];
1300 int decrypted_challenge_len;
1301
1302 decrypted_challenge_len =
1303 RSA_private_decrypt(challenge_len, challenge, challenge,
1304 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1305 RSA_PKCS1_PADDING);
1306 if (decrypted_challenge_len < 0) {
1307 free(session_buf);
1308 return 0;
1309 }
1310 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1311 memcpy(decrypted_challenge,
1312 challenge + decrypted_challenge_len -
1313 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1314 } else {
1315 memset(decrypted_challenge, 0,
1316 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1317 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1318 decrypted_challenge_len, challenge,
1319 decrypted_challenge_len);
1320 }
1321
1322 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1323 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1324 session_buf + host_key_bytes);
1325 memcpy(session_buf + server_key_bytes + host_key_bytes,
1326 pvar->crypt_state.server_cookie, 8);
1327 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1328
1329 free(session_buf);
1330
1331 MD5(decrypted_challenge, 48, response);
1332
1333 return 1;
1334 }
1335
1336 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1337 {
1338 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1339 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1340 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1341 memset(state->ivec1, 0, 8);
1342 memset(state->ivec2, 0, 8);
1343 memset(state->ivec3, 0, 8);
1344 }
1345
1346 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1347 {
1348 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1349 memset(state->ivec, 0, 8);
1350 }
1351
1352 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1353 {
1354 idea_set_encrypt_key(session_key, &state->k);
1355 memset(state->ivec, 0, 8);
1356 }
1357
1358 static void cBlowfish_init(char FAR * session_key,
1359 CipherBlowfishState FAR * state)
1360 {
1361 BF_set_key(&state->k, 32, session_key);
1362 memset(state->ivec, 0, 8);
1363 }
1364
1365
1366 //
1367 // SSH2�p�A���S���Y����������
1368 //
1369 // for SSH2(yutaka)
1370 //
1371 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1372 const u_char *key, u_int keylen,
1373 const u_char *iv, u_int ivlen,
1374 int encrypt,
1375 const EVP_CIPHER *type,
1376 int discard_len,
1377 PTInstVar pvar)
1378 {
1379 int klen;
1380 char tmp[80];
1381 unsigned char *junk = NULL, *discard = NULL;
1382
1383 EVP_CIPHER_CTX_init(evp);
1384 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1385 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1386 "Cipher initialize error(%d)");
1387 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1388 notify_fatal_error(pvar, tmp);
1389 return;
1390 }
1391
1392 klen = EVP_CIPHER_CTX_key_length(evp);
1393 if (klen > 0 && keylen != klen) {
1394 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1395 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1396 "Cipher initialize error(%d)");
1397 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1398 notify_fatal_error(pvar, tmp);
1399 return;
1400 }
1401 }
1402 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1403 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1404 "Cipher initialize error(%d)");
1405 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1406 notify_fatal_error(pvar, tmp);
1407 return;
1408 }
1409
1410 if (discard_len > 0) {
1411 junk = malloc(discard_len);
1412 discard = malloc(discard_len);
1413 if (junk == NULL || discard == NULL ||
1414 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1415 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1416 "Cipher initialize error(%d)");
1417 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1418 pvar->ts->UIMsg, 3);
1419 notify_fatal_error(pvar, tmp);
1420 }
1421 else {
1422 memset(discard, 0, discard_len);
1423 }
1424 free(junk);
1425 free(discard);
1426 }
1427 }
1428
1429
1430 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1431 {
1432 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1433 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1434 BOOL isOK = TRUE;
1435
1436 if (sender_flag) {
1437 switch (pvar->crypt_state.sender_cipher) {
1438 // for SSH2(yutaka)
1439 case SSH2_CIPHER_3DES_CBC:
1440 case SSH2_CIPHER_3DES_CTR:
1441 {
1442 struct Enc *enc;
1443
1444 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1445 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1446 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1447 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1448 CIPHER_ENCRYPT,
1449 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1450 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1451 pvar);
1452
1453 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1454 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1455
1456 pvar->crypt_state.encrypt = c3DES_encrypt2;
1457 break;
1458 }
1459
1460 // for SSH2(yutaka)
1461 case SSH2_CIPHER_AES128_CBC:
1462 case SSH2_CIPHER_AES192_CBC:
1463 case SSH2_CIPHER_AES256_CBC:
1464 case SSH2_CIPHER_AES128_CTR:
1465 case SSH2_CIPHER_AES192_CTR:
1466 case SSH2_CIPHER_AES256_CTR:
1467 {
1468 struct Enc *enc;
1469
1470 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1471 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1472 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1473 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1474 CIPHER_ENCRYPT,
1475 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1476 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1477 pvar);
1478
1479 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1480 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1481
1482 pvar->crypt_state.encrypt = cAES128_encrypt;
1483 break;
1484 }
1485
1486 case SSH2_CIPHER_BLOWFISH_CBC:
1487 case SSH2_CIPHER_BLOWFISH_CTR:
1488 {
1489 struct Enc *enc;
1490
1491 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1492 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1493 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1494 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1495 CIPHER_ENCRYPT,
1496 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1497 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1498 pvar);
1499
1500 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1501 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1502
1503 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1504 break;
1505 }
1506
1507 case SSH2_CIPHER_ARCFOUR:
1508 case SSH2_CIPHER_ARCFOUR128:
1509 case SSH2_CIPHER_ARCFOUR256:
1510 {
1511 struct Enc *enc;
1512
1513 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1514 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1515 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1516 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1517 CIPHER_ENCRYPT,
1518 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1519 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1520 pvar);
1521 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1522 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1523
1524 pvar->crypt_state.encrypt = cArcfour_encrypt;
1525 break;
1526 }
1527
1528 case SSH2_CIPHER_CAST128_CBC:
1529 case SSH2_CIPHER_CAST128_CTR:
1530 {
1531 struct Enc *enc;
1532
1533 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1534 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1535 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1536 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1537 CIPHER_ENCRYPT,
1538 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1539 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1540 pvar);
1541 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1542 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1543
1544 pvar->crypt_state.encrypt = cCast128_encrypt;
1545 break;
1546 }
1547
1548 #ifdef WITH_CAMELLIA_DRAFT
1549 case SSH2_CIPHER_CAMELLIA128_CBC:
1550 case SSH2_CIPHER_CAMELLIA192_CBC:
1551 case SSH2_CIPHER_CAMELLIA256_CBC:
1552 case SSH2_CIPHER_CAMELLIA128_CTR:
1553 case SSH2_CIPHER_CAMELLIA192_CTR:
1554 case SSH2_CIPHER_CAMELLIA256_CTR:
1555 {
1556 struct Enc *enc;
1557
1558 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1559 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1560 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1561 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1562 CIPHER_ENCRYPT,
1563 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1564 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1565 pvar);
1566
1567 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1568 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1569
1570 pvar->crypt_state.encrypt = cCamellia_encrypt;
1571 break;
1572 }
1573 #endif // WITH_CAMELLIA_DRAFT
1574
1575 case SSH_CIPHER_3DES:{
1576 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1577 pvar->crypt_state.encrypt = c3DES_encrypt;
1578 break;
1579 }
1580 case SSH_CIPHER_IDEA:{
1581 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1582 pvar->crypt_state.encrypt = cIDEA_encrypt;
1583 break;
1584 }
1585 case SSH_CIPHER_DES:{
1586 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1587 pvar->crypt_state.encrypt = cDES_encrypt;
1588 break;
1589 }
1590 case SSH_CIPHER_RC4:{
1591 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1592 encryption_key + 16);
1593 pvar->crypt_state.encrypt = cRC4_encrypt;
1594 break;
1595 }
1596 case SSH_CIPHER_BLOWFISH:{
1597 cBlowfish_init(encryption_key,
1598 &pvar->crypt_state.enc.cBlowfish);
1599 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1600 break;
1601 }
1602 default:
1603 isOK = FALSE;
1604 }
1605 }
1606
1607
1608 if (receiver_flag) {
1609 switch (pvar->crypt_state.receiver_cipher) {
1610 // for SSH2(yutaka)
1611 case SSH2_CIPHER_3DES_CBC:
1612 case SSH2_CIPHER_3DES_CTR:
1613 {
1614 struct Enc *enc;
1615
1616 enc = &pvar->ssh2_keys[MODE_IN].enc;
1617 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1618 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1619 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1620 CIPHER_DECRYPT,
1621 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1622 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1623 pvar);
1624
1625 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1626 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1627
1628 pvar->crypt_state.decrypt = c3DES_decrypt2;
1629 break;
1630 }
1631
1632 // for SSH2(yutaka)
1633 case SSH2_CIPHER_AES128_CBC:
1634 case SSH2_CIPHER_AES192_CBC:
1635 case SSH2_CIPHER_AES256_CBC:
1636 case SSH2_CIPHER_AES128_CTR:
1637 case SSH2_CIPHER_AES192_CTR:
1638 case SSH2_CIPHER_AES256_CTR:
1639 {
1640 struct Enc *enc;
1641
1642 enc = &pvar->ssh2_keys[MODE_IN].enc;
1643 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1644 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1645 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1646 CIPHER_DECRYPT,
1647 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1648 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1649 pvar);
1650
1651 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1652 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1653
1654 pvar->crypt_state.decrypt = cAES128_decrypt;
1655 break;
1656 }
1657
1658 case SSH2_CIPHER_BLOWFISH_CBC:
1659 case SSH2_CIPHER_BLOWFISH_CTR:
1660 {
1661 struct Enc *enc;
1662
1663 enc = &pvar->ssh2_keys[MODE_IN].enc;
1664 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1665 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1666 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1667 CIPHER_DECRYPT,
1668 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1669 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1670 pvar);
1671
1672 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1673 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1674
1675 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1676 break;
1677 }
1678
1679 case SSH2_CIPHER_ARCFOUR:
1680 case SSH2_CIPHER_ARCFOUR128:
1681 case SSH2_CIPHER_ARCFOUR256:
1682 {
1683 struct Enc *enc;
1684
1685 enc = &pvar->ssh2_keys[MODE_IN].enc;
1686 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1687 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1688 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1689 CIPHER_DECRYPT,
1690 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1691 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1692 pvar);
1693
1694 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1695 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1696
1697 pvar->crypt_state.decrypt = cArcfour_decrypt;
1698 break;
1699 }
1700
1701 case SSH2_CIPHER_CAST128_CBC:
1702 case SSH2_CIPHER_CAST128_CTR:
1703 {
1704 struct Enc *enc;
1705
1706 enc = &pvar->ssh2_keys[MODE_IN].enc;
1707 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1708 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1709 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1710 CIPHER_DECRYPT,
1711 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1712 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1713 pvar);
1714
1715 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1716 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1717
1718 pvar->crypt_state.decrypt = cCast128_decrypt;
1719 break;
1720 }
1721
1722 #ifdef WITH_CAMELLIA_DRAFT
1723 case SSH2_CIPHER_CAMELLIA128_CBC:
1724 case SSH2_CIPHER_CAMELLIA192_CBC:
1725 case SSH2_CIPHER_CAMELLIA256_CBC:
1726 case SSH2_CIPHER_CAMELLIA128_CTR:
1727 case SSH2_CIPHER_CAMELLIA192_CTR:
1728 case SSH2_CIPHER_CAMELLIA256_CTR:
1729 {
1730 struct Enc *enc;
1731
1732 enc = &pvar->ssh2_keys[MODE_IN].enc;
1733 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1734 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1735 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1736 CIPHER_DECRYPT,
1737 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1738 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1739 pvar);
1740
1741 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1742 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1743
1744 pvar->crypt_state.decrypt = cCamellia_decrypt;
1745 break;
1746 }
1747 #endif // WITH_CAMELLIA_DRAFT
1748
1749 case SSH_CIPHER_3DES:{
1750 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1751 pvar->crypt_state.decrypt = c3DES_decrypt;
1752 break;
1753 }
1754 case SSH_CIPHER_IDEA:{
1755 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1756 pvar->crypt_state.decrypt = cIDEA_decrypt;
1757 break;
1758 }
1759 case SSH_CIPHER_DES:{
1760 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1761 pvar->crypt_state.decrypt = cDES_decrypt;
1762 break;
1763 }
1764 case SSH_CIPHER_RC4:{
1765 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1766 pvar->crypt_state.decrypt = cRC4_decrypt;
1767 break;
1768 }
1769 case SSH_CIPHER_BLOWFISH:{
1770 cBlowfish_init(decryption_key,
1771 &pvar->crypt_state.dec.cBlowfish);
1772 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1773 break;
1774 }
1775 default:
1776 isOK = FALSE;
1777 }
1778 }
1779
1780
1781 if (!isOK) {
1782 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1783 "No cipher selected!");
1784 notify_fatal_error(pvar, pvar->ts->UIMsg);
1785 return FALSE;
1786 } else {
1787 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1788 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1789 return TRUE;
1790 }
1791 }
1792
1793 void CRYPT_init(PTInstVar pvar)
1794 {
1795 pvar->crypt_state.encrypt = no_encrypt;
1796 pvar->crypt_state.decrypt = no_encrypt;
1797 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1798 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1799 pvar->crypt_state.server_key.RSA_key = NULL;
1800 pvar->crypt_state.host_key.RSA_key = NULL;
1801
1802 pvar->crypt_state.detect_attack_statics.h = NULL;
1803 pvar->crypt_state.detect_attack_statics.n =
1804 HASH_MINSIZE / HASH_ENTRYSIZE;
1805 }
1806
1807 static char FAR *get_cipher_name(int cipher)
1808 {
1809 switch (cipher) {
1810 case SSH_CIPHER_NONE:
1811 return "None";
1812 case SSH_CIPHER_3DES:
1813 return "3DES (168 key bits)";
1814 case SSH_CIPHER_DES:
1815 return "DES (56 key bits)";
1816 case SSH_CIPHER_IDEA:
1817 return "IDEA (128 key bits)";
1818 case SSH_CIPHER_RC4:
1819 return "RC4 (128 key bits)";
1820 case SSH_CIPHER_BLOWFISH:
1821 return "Blowfish (256 key bits)";
1822
1823 // SSH2
1824 case SSH2_CIPHER_3DES_CBC:
1825 return "3DES-CBC";
1826 case SSH2_CIPHER_AES128_CBC:
1827 return "AES128-CBC";
1828 case SSH2_CIPHER_AES192_CBC:
1829 return "AES192-CBC";
1830 case SSH2_CIPHER_AES256_CBC:
1831 return "AES256-CBC";
1832 case SSH2_CIPHER_BLOWFISH_CBC:
1833 return "Blowfish-CBC";
1834 case SSH2_CIPHER_AES128_CTR:
1835 return "AES128-CTR";
1836 case SSH2_CIPHER_AES192_CTR:
1837 return "AES192-CTR";
1838 case SSH2_CIPHER_AES256_CTR:
1839 return "AES256-CTR";
1840 case SSH2_CIPHER_ARCFOUR:
1841 return "Arcfour";
1842 case SSH2_CIPHER_ARCFOUR128:
1843 return "Arcfour128";
1844 case SSH2_CIPHER_ARCFOUR256:
1845 return "Arcfour256";
1846 case SSH2_CIPHER_CAST128_CBC:
1847 return "CAST-128-CBC";
1848 case SSH2_CIPHER_3DES_CTR:
1849 return "3DES-CTR";
1850 case SSH2_CIPHER_BLOWFISH_CTR:
1851 return "Blowfish-CTR";
1852 case SSH2_CIPHER_CAST128_CTR:
1853 return "CAST-128-CTR";
1854 #ifdef WITH_CAMELLIA_DRAFT
1855 case SSH2_CIPHER_CAMELLIA128_CBC:
1856 return "Camellia128-CBC";
1857 case SSH2_CIPHER_CAMELLIA192_CBC:
1858 return "Camellia192-CBC";
1859 case SSH2_CIPHER_CAMELLIA256_CBC:
1860 return "Camellia256-CBC";
1861 case SSH2_CIPHER_CAMELLIA128_CTR:
1862 return "Camellia128-CTR";
1863 case SSH2_CIPHER_CAMELLIA192_CTR:
1864 return "Camellia192-CTR";
1865 case SSH2_CIPHER_CAMELLIA256_CTR:
1866 return "Camellia256-CTR";
1867 #endif // WITH_CAMELLIA_DRAFT
1868
1869 default:
1870 return "Unknown";
1871 }
1872 }
1873
1874 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1875 {
1876 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1877 "%s to server, %s from server");
1878 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1879 get_cipher_name(pvar->crypt_state.sender_cipher),
1880 get_cipher_name(pvar->crypt_state.receiver_cipher));
1881 }
1882
1883 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1884 {
1885 if (SSHv1(pvar)) {
1886 if (pvar->crypt_state.server_key.RSA_key == NULL
1887 || pvar->crypt_state.host_key.RSA_key == NULL) {
1888 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1889 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1890 } else {
1891 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1892 "%d-bit server key, %d-bit host key");
1893 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1894 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1895 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1896 }
1897 } else { // SSH2
1898 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1899 "%d-bit client key, %d-bit server key");
1900 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1901 pvar->client_key_bits,
1902 pvar->server_key_bits);
1903 }
1904 }
1905
1906 static void destroy_public_key(CRYPTPublicKey * key)
1907 {
1908 if (key->RSA_key != NULL) {
1909 RSA_free(key->RSA_key);
1910 key->RSA_key = NULL;
1911 }
1912 }
1913
1914 void CRYPT_free_public_key(CRYPTPublicKey * key)
1915 {
1916 destroy_public_key(key);
1917 free(key);
1918 }
1919
1920 void CRYPT_end(PTInstVar pvar)
1921 {
1922 destroy_public_key(&pvar->crypt_state.host_key);
1923 destroy_public_key(&pvar->crypt_state.server_key);
1924
1925 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1926 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1927 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1928 free(pvar->crypt_state.detect_attack_statics.h);
1929 }
1930
1931 memset(pvar->crypt_state.sender_cipher_key, 0,
1932 sizeof(pvar->crypt_state.sender_cipher_key));
1933 memset(pvar->crypt_state.receiver_cipher_key, 0,
1934 sizeof(pvar->crypt_state.receiver_cipher_key));
1935 memset(pvar->crypt_state.server_cookie, 0,
1936 sizeof(pvar->crypt_state.server_cookie));
1937 memset(pvar->crypt_state.client_cookie, 0,
1938 sizeof(pvar->crypt_state.client_cookie));
1939 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1940 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1941 }
1942
1943 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1944 char FAR * buf, int bytes)
1945 {
1946 unsigned char passphrase_key[16];
1947
1948 MD5(passphrase, strlen(passphrase), passphrase_key);
1949
1950 switch (cipher) {
1951 case SSH_CIPHER_3DES:{
1952 Cipher3DESState state;
1953
1954 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1955 &state.k1);
1956 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1957 &state.k2);
1958 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1959 &state.k3);
1960 memset(state.ivec1, 0, 8);
1961 memset(state.ivec2, 0, 8);
1962 memset(state.ivec3, 0, 8);
1963 DES_ncbc_encrypt(buf, buf, bytes,
1964 &state.k3, &state.ivec3, DES_DECRYPT);
1965 DES_ncbc_encrypt(buf, buf, bytes,
1966 &state.k2, &state.ivec2, DES_ENCRYPT);
1967 DES_ncbc_encrypt(buf, buf, bytes,
1968 &state.k1, &state.ivec1, DES_DECRYPT);
1969 break;
1970 }
1971
1972 case SSH_CIPHER_IDEA:{
1973 CipherIDEAState state;
1974 int num = 0;
1975
1976 cIDEA_init(passphrase_key, &state);
1977 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1978 &num, IDEA_DECRYPT);
1979 break;
1980 }
1981
1982 case SSH_CIPHER_DES:{
1983 CipherDESState state;
1984
1985 cDES_init(passphrase_key, &state);
1986 DES_ncbc_encrypt(buf, buf, bytes,
1987 &state.k, &state.ivec, DES_DECRYPT);
1988 break;
1989 }
1990
1991 case SSH_CIPHER_RC4:{
1992 CipherRC4State state;
1993 int num = 0;
1994
1995 RC4_set_key(&state.k, 16, passphrase_key);
1996 RC4(&state.k, bytes, buf, buf);
1997 break;
1998 }
1999
2000 case SSH_CIPHER_BLOWFISH:{
2001 CipherBlowfishState state;
2002
2003 BF_set_key(&state.k, 16, passphrase_key);
2004 memset(state.ivec, 0, 8);
2005 flip_endianness(buf, bytes);
2006 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
2007 BF_DECRYPT);
2008 flip_endianness(buf, bytes);
2009 break;
2010 }
2011
2012 case SSH_CIPHER_NONE:
2013 break;
2014
2015 default:
2016 memset(passphrase_key, 0, sizeof(passphrase_key));
2017 return 0;
2018 }
2019
2020 memset(passphrase_key, 0, sizeof(passphrase_key));
2021 return 1;
2022 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help