Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6229 - (show annotations) (download) (as text)
Fri Jan 1 11:06:37 2016 UTC (8 years, 3 months ago) by yutakapon
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 62176 byte(s) 
チケット #35870 ゼロクリアの削除

memset()やZeroMemory()は、コンパイラの最適化で削除されることがあるため、
セキュリティ上削除されると困る箇所に関しては SecureZeroMemory() に置き換える。
SecureZeroMemory() はインライン関数のため、Windows95 でも動作する。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224 char tmp[80];
225
226 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227 if (bytes == 0)
228 goto error;
229
230 if (newbuf == NULL)
231 return;
232
233 if (bytes % block_size) {
234 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
235 "%s encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237 "AES128/192/256", bytes, block_size);
238 notify_fatal_error(pvar, tmp, TRUE);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
244 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
245 "AES128/192/256");
246 notify_fatal_error(pvar, tmp, TRUE);
247 goto error;
248
249 } else {
250 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
251 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
252 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
253 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
254
255 //debug_print(50, key, 24);
256 //debug_print(51, iv, 8);
257 //debug_print(52, buf, bytes);
258 //debug_print(53, newbuf, bytes);
259
260 memcpy(buf, newbuf, bytes);
261 }
262
263 error:
264 free(newbuf);
265 }
266
267 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
268 int bytes)
269 {
270 unsigned char *newbuf = malloc(bytes);
271 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272 char tmp[80];
273
274 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
275 if (bytes == 0)
276 goto error;
277
278 if (newbuf == NULL)
279 return;
280
281 if (bytes % block_size) {
282 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
283 "%s decrypt error(1): bytes %d (%d)");
284 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
285 "AES128/192/256", bytes, block_size);
286 notify_fatal_error(pvar, tmp, TRUE);
287 goto error;
288 }
289
290 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
291 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
292 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
293 "AES128/192/256");
294 notify_fatal_error(pvar, tmp, TRUE);
295 goto error;
296
297 } else {
298 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
299 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
300 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
301 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
302
303 //debug_print(70, key, AES128_KEYLEN);
304 //debug_print(71, iv, AES128_IVLEN);
305 //debug_print(72, buf, bytes);
306 //debug_print(73, newbuf, bytes);
307
308 memcpy(buf, newbuf, bytes);
309 }
310
311 error:
312 free(newbuf);
313 }
314
315
316 // for SSH2(yutaka)
317 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
318 int bytes)
319 {
320 unsigned char *newbuf = malloc(bytes);
321 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
322 char tmp[80];
323
324 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
325 if (bytes == 0)
326 goto error;
327
328 if (newbuf == NULL)
329 return;
330
331 if (bytes % block_size) {
332 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
333 "%s encrypt error(1): bytes %d (%d)");
334 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
335 "3DES-CBC", bytes, block_size);
336 notify_fatal_error(pvar, tmp, TRUE);
337 goto error;
338 }
339
340 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
341 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
342 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
343 "3DES-CBC");
344 notify_fatal_error(pvar, tmp, TRUE);
345 goto error;
346
347 } else {
348 //unsigned char key[24], iv[8];
349 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352
353 //debug_print(50, key, 24);
354 //debug_print(51, iv, 8);
355 //debug_print(52, buf, bytes);
356 //debug_print(53, newbuf, bytes);
357
358 memcpy(buf, newbuf, bytes);
359 }
360
361 error:
362 free(newbuf);
363 }
364
365 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
366 int bytes)
367 {
368 unsigned char *newbuf = malloc(bytes);
369 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
370 char tmp[80];
371
372 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
373 if (bytes == 0)
374 goto error;
375
376 if (newbuf == NULL)
377 return;
378
379 if (bytes % block_size) {
380 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
381 "%s decrypt error(1): bytes %d (%d)");
382 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
383 "3DES-CBC", bytes, block_size);
384 notify_fatal_error(pvar, tmp, TRUE);
385 goto error;
386 }
387
388 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
390 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
391 "3DES-CBC");
392 notify_fatal_error(pvar, tmp, TRUE);
393 goto error;
394
395 } else {
396 //unsigned char key[24], iv[8];
397 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
398 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
399 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
400
401 //debug_print(70, key, 24);
402 //debug_print(71, iv, 8);
403 //debug_print(72, buf, bytes);
404 //debug_print(73, newbuf, bytes);
405
406 memcpy(buf, newbuf, bytes);
407 }
408
409 error:
410 free(newbuf);
411 }
412
413
414 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
415 int bytes)
416 {
417 unsigned char *newbuf = malloc(bytes);
418 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
419 char tmp[80];
420
421 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
422 if (bytes == 0)
423 goto error;
424
425 if (newbuf == NULL)
426 return;
427
428 if (bytes % block_size) {
429 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
430 "%s encrypt error(1): bytes %d (%d)");
431 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
432 "Blowfish", bytes, block_size);
433 notify_fatal_error(pvar, tmp, TRUE);
434 goto error;
435 }
436
437 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
438 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
439 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
440 "Blowfish");
441 notify_fatal_error(pvar, tmp, TRUE);
442 goto error;
443
444 } else {
445 memcpy(buf, newbuf, bytes);
446
447 }
448
449 error:
450 free(newbuf);
451 }
452
453 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
454 int bytes)
455 {
456 unsigned char *newbuf = malloc(bytes);
457 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
458 char tmp[80];
459
460 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
461 if (bytes == 0)
462 goto error;
463
464 if (newbuf == NULL)
465 return;
466
467 if (bytes % block_size) {
468 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
469 "%s decrypt error(1): bytes %d (%d)");
470 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
471 "Blowfish", bytes, block_size);
472 notify_fatal_error(pvar, tmp, TRUE);
473 goto error;
474 }
475
476 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
477 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
478 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
479 "Blowfish");
480 notify_fatal_error(pvar, tmp, TRUE);
481 goto error;
482
483 } else {
484 memcpy(buf, newbuf, bytes);
485
486 }
487
488 error:
489 free(newbuf);
490 }
491
492
493 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
494 int bytes)
495 {
496 unsigned char *newbuf = malloc(bytes);
497 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
498 char tmp[80];
499
500 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
501 if (bytes == 0)
502 goto error;
503
504 if (newbuf == NULL)
505 return;
506
507 if (bytes % block_size) {
508 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
509 "%s encrypt error(1): bytes %d (%d)");
510 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
511 "Arcfour", bytes, block_size);
512 notify_fatal_error(pvar, tmp, TRUE);
513 goto error;
514 }
515
516 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
517 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
518 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
519 "Arcfour");
520 notify_fatal_error(pvar, tmp, TRUE);
521 goto error;
522
523 } else {
524 memcpy(buf, newbuf, bytes);
525
526 }
527
528 error:
529 free(newbuf);
530 }
531
532 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 int bytes)
534 {
535 unsigned char *newbuf = malloc(bytes);
536 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
537 char tmp[80];
538
539 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
540 if (bytes == 0)
541 goto error;
542
543 if (newbuf == NULL)
544 return;
545
546 if (bytes % block_size) {
547 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
548 "%s decrypt error(1): bytes %d (%d)");
549 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
550 "Arcfour", bytes, block_size);
551 notify_fatal_error(pvar, tmp, TRUE);
552 goto error;
553 }
554
555 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
556 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
557 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
558 "Arcfour");
559 notify_fatal_error(pvar, tmp, TRUE);
560 goto error;
561
562 } else {
563 memcpy(buf, newbuf, bytes);
564
565 }
566
567 error:
568 free(newbuf);
569 }
570
571
572 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
573 int bytes)
574 {
575 unsigned char *newbuf = malloc(bytes);
576 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
577 char tmp[80];
578
579 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
580 if (bytes == 0)
581 goto error;
582
583 if (newbuf == NULL)
584 return;
585
586 if (bytes % block_size) {
587 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
588 "%s encrypt error(1): bytes %d (%d)");
589 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
590 "CAST128", bytes, block_size);
591 notify_fatal_error(pvar, tmp, TRUE);
592 goto error;
593 }
594
595 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
596 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
597 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
598 "CAST128");
599 notify_fatal_error(pvar, tmp, TRUE);
600 goto error;
601
602 } else {
603 memcpy(buf, newbuf, bytes);
604
605 }
606
607 error:
608 free(newbuf);
609 }
610
611 static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
612 int bytes)
613 {
614 unsigned char *newbuf = malloc(bytes);
615 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
616 char tmp[80];
617
618 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
619 if (bytes == 0)
620 goto error;
621
622 if (newbuf == NULL)
623 return;
624
625 if (bytes % block_size) {
626 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
627 "%s decrypt error(1): bytes %d (%d)");
628 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
629 "CAST128", bytes, block_size);
630 notify_fatal_error(pvar, tmp, TRUE);
631 goto error;
632 }
633
634 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
635 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
636 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
637 "CAST128");
638 notify_fatal_error(pvar, tmp, TRUE);
639 goto error;
640
641 } else {
642 memcpy(buf, newbuf, bytes);
643
644 }
645
646 error:
647 free(newbuf);
648 }
649
650 static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
651 int bytes)
652 {
653 unsigned char *newbuf = malloc(bytes);
654 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
655 char tmp[80];
656
657 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
658 if (bytes == 0)
659 goto error;
660
661 if (newbuf == NULL)
662 return;
663
664 if (bytes % block_size) {
665 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
666 "%s encrypt error(1): bytes %d (%d)");
667 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
668 "Camellia128/192/256", bytes, block_size);
669 notify_fatal_error(pvar, tmp, TRUE);
670 goto error;
671 }
672
673 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
674 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
675 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
676 "Camellia128/192/256");
677 notify_fatal_error(pvar, tmp, TRUE);
678 goto error;
679
680 } else {
681 memcpy(buf, newbuf, bytes);
682
683 }
684
685 error:
686 free(newbuf);
687 }
688
689 static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
690 int bytes)
691 {
692 unsigned char *newbuf = malloc(bytes);
693 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
694 char tmp[80];
695
696 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
697 if (bytes == 0)
698 goto error;
699
700 if (newbuf == NULL)
701 return;
702
703 if (bytes % block_size) {
704 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
705 "%s decrypt error(1): bytes %d (%d)");
706 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
707 "Camellia128/192/256", bytes, block_size);
708 notify_fatal_error(pvar, tmp, TRUE);
709 goto error;
710 }
711
712 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
713 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
714 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
715 "Camellia128/192/256");
716 notify_fatal_error(pvar, tmp, TRUE);
717 goto error;
718
719 } else {
720 memcpy(buf, newbuf, bytes);
721
722 }
723
724 error:
725 free(newbuf);
726 }
727
728 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
729 int bytes)
730 {
731 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
732
733 DES_ncbc_encrypt(buf, buf, bytes,
734 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
735 DES_ncbc_encrypt(buf, buf, bytes,
736 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
737 DES_ncbc_encrypt(buf, buf, bytes,
738 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
739 }
740
741 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
742 int bytes)
743 {
744 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
745
746 DES_ncbc_encrypt(buf, buf, bytes,
747 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
748 DES_ncbc_encrypt(buf, buf, bytes,
749 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
750 DES_ncbc_encrypt(buf, buf, bytes,
751 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
752 }
753
754 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
755 int bytes)
756 {
757 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
758
759 DES_ncbc_encrypt(buf, buf, bytes,
760 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
761 }
762
763 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
764 int bytes)
765 {
766 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
767
768 DES_ncbc_encrypt(buf, buf, bytes,
769 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
770 }
771
772 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
773 int bytes)
774 {
775 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
776 int num = 0;
777
778 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
779 encryptstate->ivec, &num, IDEA_ENCRYPT);
780 }
781
782 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
783 int bytes)
784 {
785 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
786 int num = 0;
787
788 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
789 decryptstate->ivec, &num, IDEA_DECRYPT);
790 }
791
792 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
793 {
794 uint32 FAR *buf = (uint32 FAR *) cbuf;
795 int count = bytes / 4;
796
797 while (count > 0) {
798 uint32 w = *buf;
799
800 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
801 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
802 count--;
803 buf++;
804 }
805 }
806
807 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
808 int bytes)
809 {
810 CipherBlowfishState FAR *encryptstate =
811 &pvar->crypt_state.enc.cBlowfish;
812
813 flip_endianness(buf, bytes);
814 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
815 BF_ENCRYPT);
816 flip_endianness(buf, bytes);
817 }
818
819 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
820 int bytes)
821 {
822 CipherBlowfishState FAR *decryptstate =
823 &pvar->crypt_state.dec.cBlowfish;
824
825 flip_endianness(buf, bytes);
826 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
827 BF_DECRYPT);
828 flip_endianness(buf, bytes);
829 }
830
831 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
832 int bytes)
833 {
834 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
835 int num = 0;
836
837 RC4(&encryptstate->k, bytes, buf, buf);
838 }
839
840 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
841 int bytes)
842 {
843 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
844 int num = 0;
845
846 RC4(&decryptstate->k, bytes, buf, buf);
847 }
848
849 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
850 int bytes)
851 {
852 RAND_bytes(buf, bytes);
853 }
854
855 void CRYPT_initialize_random_numbers(PTInstVar pvar)
856 {
857 // ����������������������
858 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
859 //RAND_screen();
860 }
861
862 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
863 {
864 int bits = get_ushort16_MSBfirst(bytes);
865
866 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
867 }
868
869 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
870 RSA FAR *make_key(PTInstVar pvar,
871 int bits, unsigned char FAR * exp,
872 unsigned char FAR * mod)
873 {
874 RSA FAR *key = RSA_new();
875
876 if (key != NULL) {
877 key->e = get_bignum(exp);
878 key->n = get_bignum(mod);
879 }
880
881 if (key == NULL || key->e == NULL || key->n == NULL) {
882 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
883 "Error setting up RSA keys");
884 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
885
886 if (key != NULL) {
887 if (key->e != NULL) {
888 BN_free(key->e);
889 }
890 if (key->n != NULL) {
891 BN_free(key->n);
892 }
893 RSA_free(key);
894 }
895
896 return NULL;
897 } else {
898 return key;
899 }
900 }
901
902 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
903 {
904 if (SSHv1(pvar)) {
905 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
906 } else {
907 memcpy(pvar->crypt_state.server_cookie, cookie,
908 SSH2_COOKIE_LENGTH);
909 }
910 }
911
912 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
913 {
914 if (SSHv2(pvar)) {
915 memcpy(pvar->crypt_state.client_cookie, cookie,
916 SSH2_COOKIE_LENGTH);
917 }
918 }
919
920 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
921 int bits, unsigned char FAR * exp,
922 unsigned char FAR * mod)
923 {
924 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
925
926 return pvar->crypt_state.server_key.RSA_key != NULL;
927 }
928
929 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
930 int bits, unsigned char FAR * exp,
931 unsigned char FAR * mod)
932 {
933 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
934
935 return pvar->crypt_state.host_key.RSA_key != NULL;
936 }
937
938 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
939 int receiver_ciphers)
940 {
941 int cipher_mask;
942
943 if (SSHv1(pvar)) {
944 cipher_mask = (1 << SSH_CIPHER_DES)
945 | (1 << SSH_CIPHER_3DES)
946 | (1 << SSH_CIPHER_BLOWFISH);
947
948 } else { // for SSH2(yutaka)
949 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
950 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
951 | (1 << SSH2_CIPHER_AES128_CBC)
952 | (1 << SSH2_CIPHER_AES192_CBC)
953 | (1 << SSH2_CIPHER_AES256_CBC)
954 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
955 | (1 << SSH2_CIPHER_AES128_CTR)
956 | (1 << SSH2_CIPHER_AES192_CTR)
957 | (1 << SSH2_CIPHER_AES256_CTR)
958 | (1 << SSH2_CIPHER_ARCFOUR)
959 | (1 << SSH2_CIPHER_ARCFOUR128)
960 | (1 << SSH2_CIPHER_ARCFOUR256)
961 | (1 << SSH2_CIPHER_CAST128_CBC)
962 | (1 << SSH2_CIPHER_3DES_CTR)
963 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
964 | (1 << SSH2_CIPHER_CAST128_CTR)
965 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
966 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
967 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
968 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
969 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
970 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
971 );
972 }
973
974 sender_ciphers &= cipher_mask;
975 receiver_ciphers &= cipher_mask;
976 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
977 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
978
979 if (sender_ciphers == 0) {
980 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
981 "The server does not support any of the TTSSH encryption algorithms.\n"
982 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
983 "The connection will be closed.");
984 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
985 return FALSE;
986 } else if (receiver_ciphers == 0) {
987 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
988 "The server does not support any of the TTSSH encryption algorithms.\n"
989 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
990 "The connection will be closed.");
991 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
992 return FALSE;
993 } else {
994 return TRUE;
995 }
996 }
997
998 int CRYPT_get_decryption_block_size(PTInstVar pvar)
999 {
1000 if (SSHv1(pvar)) {
1001 return 8;
1002 } else {
1003 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1004 // cf. 3DES=8, AES128=16
1005 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
1006 }
1007 }
1008
1009 int CRYPT_get_encryption_block_size(PTInstVar pvar)
1010 {
1011 if (SSHv1(pvar)) {
1012 return 8;
1013 } else {
1014 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1015 // cf. 3DES=8, AES128=16
1016 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
1017 }
1018 }
1019
1020 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
1021 {
1022 struct Mac *mac;
1023
1024 if (SSHv1(pvar)) {
1025 return 0;
1026
1027 } else { // for SSH2(yutaka)
1028 mac = &pvar->ssh2_keys[MODE_IN].mac;
1029 if (mac == NULL || mac->enabled == 0)
1030 return 0;
1031
1032 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
1033 }
1034
1035 }
1036
1037 // HMAC������
1038 // ���{������ SSH2 �������g�p�������B
1039 // (2004.12.17 yutaka)
1040 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
1041 char FAR * data, int len, char FAR * MAC)
1042 {
1043 HMAC_CTX c;
1044 unsigned char m[EVP_MAX_MD_SIZE];
1045 unsigned char b[4];
1046 struct Mac *mac;
1047
1048 mac = &pvar->ssh2_keys[MODE_IN].mac;
1049
1050 // HMAC�������L���������������A����OK�����������B
1051 if (mac == NULL || mac->enabled == 0)
1052 return TRUE;
1053
1054 if (mac->key == NULL)
1055 goto error;
1056
1057 if ((u_int)mac->mac_len > sizeof(m))
1058 goto error;
1059
1060 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1061 set_uint32_MSBfirst(b, sequence_number);
1062 HMAC_Update(&c, b, sizeof(b));
1063 HMAC_Update(&c, data, len);
1064 HMAC_Final(&c, m, NULL);
1065 HMAC_cleanup(&c);
1066
1067 if (memcmp(m, MAC, mac->mac_len)) {
1068 goto error;
1069 }
1070
1071 return TRUE;
1072
1073 error:
1074 return FALSE;
1075 }
1076
1077 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1078 {
1079 struct Mac *mac;
1080
1081 if (SSHv2(pvar)) { // for SSH2(yutaka)
1082 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1083 if (mac == NULL || mac->enabled == 0)
1084 return 0;
1085
1086 return (mac->mac_len);
1087 }
1088
1089 return 0;
1090 }
1091
1092 // for SSH2
1093 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1094 char FAR * data, int len, char FAR * MAC)
1095 {
1096 HMAC_CTX c;
1097 static u_char m[EVP_MAX_MD_SIZE];
1098 u_char b[4];
1099 struct Mac *mac;
1100
1101 if (SSHv2(pvar)) { // for SSH2(yutaka)
1102 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1103 if (mac == NULL || mac->enabled == 0)
1104 return FALSE;
1105
1106 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1107 set_uint32_MSBfirst(b, sequence_number);
1108 HMAC_Update(&c, b, sizeof(b));
1109 HMAC_Update(&c, data, len);
1110 HMAC_Final(&c, m, NULL);
1111 HMAC_cleanup(&c);
1112
1113 // 20�o�C�g�������R�s�[
1114 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1115 // memcpy(MAC, m, sizeof(m));
1116
1117 return TRUE;
1118 }
1119
1120 return TRUE;
1121
1122 }
1123
1124 static int choose_cipher(PTInstVar pvar, int supported)
1125 {
1126 int i;
1127
1128 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1129 int cipher = pvar->session_settings.CipherOrder[i] - '0';
1130
1131 if (cipher == SSH_CIPHER_NONE) {
1132 break;
1133 } else if ((supported & (1 << cipher)) != 0) {
1134 return cipher;
1135 }
1136 }
1137
1138 return SSH_CIPHER_NONE;
1139 }
1140
1141 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1142 {
1143 if (SSHv1(pvar)) {
1144 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1145 pvar->crypt_state.
1146 supported_sender_ciphers);
1147 pvar->crypt_state.receiver_cipher =
1148 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1149
1150 } else { // SSH2(yutaka)
1151 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1152 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1153
1154 }
1155
1156 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1157 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1158 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
1159 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1160 "To communicate with this server, you will have to enable some more ciphers\n"
1161 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1162 "This connection will now close.");
1163 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1164 return FALSE;
1165 } else {
1166 return TRUE;
1167 }
1168 }
1169
1170 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1171 {
1172 int server_key_bits =
1173 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1174 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1175 int server_key_bytes = (server_key_bits + 7) / 8;
1176 int host_key_bytes = (host_key_bits + 7) / 8;
1177
1178 if (server_key_bits < host_key_bits) {
1179 return host_key_bytes;
1180 } else {
1181 return server_key_bytes;
1182 }
1183 }
1184
1185 int CRYPT_choose_session_key(PTInstVar pvar,
1186 unsigned char FAR * encrypted_key_buf)
1187 {
1188 int server_key_bits =
1189 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1190 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1191 int server_key_bytes = (server_key_bits + 7) / 8;
1192 int host_key_bytes = (host_key_bits + 7) / 8;
1193 int encrypted_key_bytes;
1194 int bit_delta;
1195
1196 if (server_key_bits < host_key_bits) {
1197 encrypted_key_bytes = host_key_bytes;
1198 bit_delta = host_key_bits - server_key_bits;
1199 } else {
1200 encrypted_key_bytes = server_key_bytes;
1201 bit_delta = server_key_bits - host_key_bits;
1202 }
1203
1204 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1205 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
1206 "Server RSA keys are too weak. A secure connection cannot be established.");
1207 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1208 return 0;
1209 } else {
1210 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1211 for the session ID, rather than the one specified in the RFC */
1212 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1213 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1214 char session_id[16];
1215 int i;
1216
1217 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1218 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1219 session_buf + host_key_bytes);
1220 memcpy(session_buf + server_key_bytes + host_key_bytes,
1221 pvar->crypt_state.server_cookie, 8);
1222 MD5(session_buf, session_buf_len, session_id);
1223
1224 free(session_buf);
1225
1226 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1227 SSH_SESSION_KEY_LENGTH);
1228 memcpy(pvar->crypt_state.receiver_cipher_key,
1229 pvar->crypt_state.sender_cipher_key,
1230 SSH_SESSION_KEY_LENGTH);
1231
1232 memcpy(encrypted_key_buf + encrypted_key_bytes -
1233 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1234 SSH_SESSION_KEY_LENGTH);
1235 for (i = 0; i < sizeof(session_id); i++) {
1236 encrypted_key_buf[encrypted_key_bytes -
1237 SSH_SESSION_KEY_LENGTH + i]
1238 ^= session_id[i];
1239 }
1240
1241 if (host_key_bits > server_key_bits) {
1242 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1243 encrypted_key_buf +
1244 encrypted_key_bytes -
1245 SSH_SESSION_KEY_LENGTH,
1246 encrypted_key_buf +
1247 encrypted_key_bytes - server_key_bytes,
1248 pvar->crypt_state.server_key.RSA_key,
1249 RSA_PKCS1_PADDING) < 0)
1250 return 0;
1251
1252 if (RSA_public_encrypt(server_key_bytes,
1253 encrypted_key_buf +
1254 encrypted_key_bytes - server_key_bytes,
1255 encrypted_key_buf,
1256 pvar->crypt_state.host_key.RSA_key,
1257 RSA_PKCS1_PADDING) < 0)
1258 return 0;
1259 } else {
1260 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1261 encrypted_key_buf +
1262 encrypted_key_bytes -
1263 SSH_SESSION_KEY_LENGTH,
1264 encrypted_key_buf +
1265 encrypted_key_bytes - host_key_bytes,
1266 pvar->crypt_state.host_key.RSA_key,
1267 RSA_PKCS1_PADDING) < 0)
1268 return 0;
1269
1270 if (RSA_public_encrypt(host_key_bytes,
1271 encrypted_key_buf +
1272 encrypted_key_bytes - host_key_bytes,
1273 encrypted_key_buf,
1274 pvar->crypt_state.server_key.RSA_key,
1275 RSA_PKCS1_PADDING) < 0)
1276 return 0;
1277 }
1278 }
1279
1280 return 1;
1281 }
1282
1283 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1284 unsigned char FAR * challenge,
1285 int challenge_len,
1286 unsigned char FAR * response)
1287 {
1288 int server_key_bits =
1289 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1290 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1291 int server_key_bytes = (server_key_bits + 7) / 8;
1292 int host_key_bytes = (host_key_bits + 7) / 8;
1293 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1294 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1295 char decrypted_challenge[48];
1296 int decrypted_challenge_len;
1297
1298 decrypted_challenge_len =
1299 RSA_private_decrypt(challenge_len, challenge, challenge,
1300 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1301 RSA_PKCS1_PADDING);
1302 if (decrypted_challenge_len < 0) {
1303 free(session_buf);
1304 return 0;
1305 }
1306 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1307 memcpy(decrypted_challenge,
1308 challenge + decrypted_challenge_len -
1309 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1310 } else {
1311 memset(decrypted_challenge, 0,
1312 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1313 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1314 decrypted_challenge_len, challenge,
1315 decrypted_challenge_len);
1316 }
1317
1318 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1319 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1320 session_buf + host_key_bytes);
1321 memcpy(session_buf + server_key_bytes + host_key_bytes,
1322 pvar->crypt_state.server_cookie, 8);
1323 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1324
1325 free(session_buf);
1326
1327 MD5(decrypted_challenge, 48, response);
1328
1329 return 1;
1330 }
1331
1332 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1333 {
1334 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1335 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1336 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1337 memset(state->ivec1, 0, 8);
1338 memset(state->ivec2, 0, 8);
1339 memset(state->ivec3, 0, 8);
1340 }
1341
1342 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1343 {
1344 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1345 memset(state->ivec, 0, 8);
1346 }
1347
1348 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1349 {
1350 idea_set_encrypt_key(session_key, &state->k);
1351 memset(state->ivec, 0, 8);
1352 }
1353
1354 static void cBlowfish_init(char FAR * session_key,
1355 CipherBlowfishState FAR * state)
1356 {
1357 BF_set_key(&state->k, 32, session_key);
1358 memset(state->ivec, 0, 8);
1359 }
1360
1361
1362 //
1363 // SSH2�p�A���S���Y����������
1364 //
1365 // for SSH2(yutaka)
1366 //
1367 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1368 const u_char *key, u_int keylen,
1369 const u_char *iv, u_int ivlen,
1370 int encrypt,
1371 const EVP_CIPHER *type,
1372 int discard_len,
1373 PTInstVar pvar)
1374 {
1375 int klen;
1376 char tmp[80];
1377 unsigned char *junk = NULL, *discard = NULL;
1378
1379 EVP_CIPHER_CTX_init(evp);
1380 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1381 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1382 "Cipher initialize error(%d)");
1383 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1384 notify_fatal_error(pvar, tmp, TRUE);
1385 return;
1386 }
1387
1388 klen = EVP_CIPHER_CTX_key_length(evp);
1389 if (klen > 0 && keylen != klen) {
1390 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1391 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1392 "Cipher initialize error(%d)");
1393 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1394 notify_fatal_error(pvar, tmp, TRUE);
1395 return;
1396 }
1397 }
1398 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1399 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1400 "Cipher initialize error(%d)");
1401 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1402 notify_fatal_error(pvar, tmp, TRUE);
1403 return;
1404 }
1405
1406 if (discard_len > 0) {
1407 junk = malloc(discard_len);
1408 discard = malloc(discard_len);
1409 if (junk == NULL || discard == NULL ||
1410 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1411 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1412 "Cipher initialize error(%d)");
1413 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1414 pvar->ts->UIMsg, 3);
1415 notify_fatal_error(pvar, tmp, TRUE);
1416 }
1417 else {
1418 SecureZeroMemory(discard, discard_len);
1419 }
1420 free(junk);
1421 free(discard);
1422 }
1423 }
1424
1425 //
1426 // SSH2�p�A���S���Y�����j��
1427 //
1428 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1429 {
1430 EVP_CIPHER_CTX_cleanup(evp);
1431 }
1432
1433
1434 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1435 {
1436 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1437 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1438 BOOL isOK = TRUE;
1439
1440 if (sender_flag) {
1441 switch (pvar->crypt_state.sender_cipher) {
1442 // for SSH2(yutaka)
1443 case SSH2_CIPHER_3DES_CBC:
1444 case SSH2_CIPHER_3DES_CTR:
1445 {
1446 struct Enc *enc;
1447
1448 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1449 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1450 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1451 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1452 CIPHER_ENCRYPT,
1453 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1454 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1455 pvar);
1456
1457 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1458 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1459
1460 pvar->crypt_state.encrypt = c3DES_encrypt2;
1461 break;
1462 }
1463
1464 // for SSH2(yutaka)
1465 case SSH2_CIPHER_AES128_CBC:
1466 case SSH2_CIPHER_AES192_CBC:
1467 case SSH2_CIPHER_AES256_CBC:
1468 case SSH2_CIPHER_AES128_CTR:
1469 case SSH2_CIPHER_AES192_CTR:
1470 case SSH2_CIPHER_AES256_CTR:
1471 {
1472 struct Enc *enc;
1473
1474 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1475 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1476 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1477 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1478 CIPHER_ENCRYPT,
1479 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1480 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1481 pvar);
1482
1483 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1484 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1485
1486 pvar->crypt_state.encrypt = cAES128_encrypt;
1487 break;
1488 }
1489
1490 case SSH2_CIPHER_BLOWFISH_CBC:
1491 case SSH2_CIPHER_BLOWFISH_CTR:
1492 {
1493 struct Enc *enc;
1494
1495 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1496 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1497 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1498 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1499 CIPHER_ENCRYPT,
1500 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1501 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1502 pvar);
1503
1504 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1505 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1506
1507 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1508 break;
1509 }
1510
1511 case SSH2_CIPHER_ARCFOUR:
1512 case SSH2_CIPHER_ARCFOUR128:
1513 case SSH2_CIPHER_ARCFOUR256:
1514 {
1515 struct Enc *enc;
1516
1517 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1518 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1519 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1520 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1521 CIPHER_ENCRYPT,
1522 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1523 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1524 pvar);
1525 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1526 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1527
1528 pvar->crypt_state.encrypt = cArcfour_encrypt;
1529 break;
1530 }
1531
1532 case SSH2_CIPHER_CAST128_CBC:
1533 case SSH2_CIPHER_CAST128_CTR:
1534 {
1535 struct Enc *enc;
1536
1537 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1538 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1539 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1540 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1541 CIPHER_ENCRYPT,
1542 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1543 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1544 pvar);
1545 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1546 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1547
1548 pvar->crypt_state.encrypt = cCast128_encrypt;
1549 break;
1550 }
1551
1552 case SSH2_CIPHER_CAMELLIA128_CBC:
1553 case SSH2_CIPHER_CAMELLIA192_CBC:
1554 case SSH2_CIPHER_CAMELLIA256_CBC:
1555 case SSH2_CIPHER_CAMELLIA128_CTR:
1556 case SSH2_CIPHER_CAMELLIA192_CTR:
1557 case SSH2_CIPHER_CAMELLIA256_CTR:
1558 {
1559 struct Enc *enc;
1560
1561 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1562 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1563 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1564 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1565 CIPHER_ENCRYPT,
1566 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1567 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1568 pvar);
1569
1570 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1571 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1572
1573 pvar->crypt_state.encrypt = cCamellia_encrypt;
1574 break;
1575 }
1576
1577 case SSH_CIPHER_3DES:{
1578 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1579 pvar->crypt_state.encrypt = c3DES_encrypt;
1580 break;
1581 }
1582 case SSH_CIPHER_IDEA:{
1583 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1584 pvar->crypt_state.encrypt = cIDEA_encrypt;
1585 break;
1586 }
1587 case SSH_CIPHER_DES:{
1588 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1589 pvar->crypt_state.encrypt = cDES_encrypt;
1590 break;
1591 }
1592 case SSH_CIPHER_RC4:{
1593 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1594 encryption_key + 16);
1595 pvar->crypt_state.encrypt = cRC4_encrypt;
1596 break;
1597 }
1598 case SSH_CIPHER_BLOWFISH:{
1599 cBlowfish_init(encryption_key,
1600 &pvar->crypt_state.enc.cBlowfish);
1601 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1602 break;
1603 }
1604 default:
1605 isOK = FALSE;
1606 }
1607 }
1608
1609
1610 if (receiver_flag) {
1611 switch (pvar->crypt_state.receiver_cipher) {
1612 // for SSH2(yutaka)
1613 case SSH2_CIPHER_3DES_CBC:
1614 case SSH2_CIPHER_3DES_CTR:
1615 {
1616 struct Enc *enc;
1617
1618 enc = &pvar->ssh2_keys[MODE_IN].enc;
1619 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1620 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1621 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1622 CIPHER_DECRYPT,
1623 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1624 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1625 pvar);
1626
1627 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1628 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1629
1630 pvar->crypt_state.decrypt = c3DES_decrypt2;
1631 break;
1632 }
1633
1634 // for SSH2(yutaka)
1635 case SSH2_CIPHER_AES128_CBC:
1636 case SSH2_CIPHER_AES192_CBC:
1637 case SSH2_CIPHER_AES256_CBC:
1638 case SSH2_CIPHER_AES128_CTR:
1639 case SSH2_CIPHER_AES192_CTR:
1640 case SSH2_CIPHER_AES256_CTR:
1641 {
1642 struct Enc *enc;
1643
1644 enc = &pvar->ssh2_keys[MODE_IN].enc;
1645 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1646 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1647 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1648 CIPHER_DECRYPT,
1649 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1650 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1651 pvar);
1652
1653 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1654 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1655
1656 pvar->crypt_state.decrypt = cAES128_decrypt;
1657 break;
1658 }
1659
1660 case SSH2_CIPHER_BLOWFISH_CBC:
1661 case SSH2_CIPHER_BLOWFISH_CTR:
1662 {
1663 struct Enc *enc;
1664
1665 enc = &pvar->ssh2_keys[MODE_IN].enc;
1666 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1667 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1668 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1669 CIPHER_DECRYPT,
1670 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1671 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1672 pvar);
1673
1674 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1675 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1676
1677 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1678 break;
1679 }
1680
1681 case SSH2_CIPHER_ARCFOUR:
1682 case SSH2_CIPHER_ARCFOUR128:
1683 case SSH2_CIPHER_ARCFOUR256:
1684 {
1685 struct Enc *enc;
1686
1687 enc = &pvar->ssh2_keys[MODE_IN].enc;
1688 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1689 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1690 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1691 CIPHER_DECRYPT,
1692 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1693 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1694 pvar);
1695
1696 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1697 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1698
1699 pvar->crypt_state.decrypt = cArcfour_decrypt;
1700 break;
1701 }
1702
1703 case SSH2_CIPHER_CAST128_CBC:
1704 case SSH2_CIPHER_CAST128_CTR:
1705 {
1706 struct Enc *enc;
1707
1708 enc = &pvar->ssh2_keys[MODE_IN].enc;
1709 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1710 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1711 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1712 CIPHER_DECRYPT,
1713 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1714 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1715 pvar);
1716
1717 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1718 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1719
1720 pvar->crypt_state.decrypt = cCast128_decrypt;
1721 break;
1722 }
1723
1724 case SSH2_CIPHER_CAMELLIA128_CBC:
1725 case SSH2_CIPHER_CAMELLIA192_CBC:
1726 case SSH2_CIPHER_CAMELLIA256_CBC:
1727 case SSH2_CIPHER_CAMELLIA128_CTR:
1728 case SSH2_CIPHER_CAMELLIA192_CTR:
1729 case SSH2_CIPHER_CAMELLIA256_CTR:
1730 {
1731 struct Enc *enc;
1732
1733 enc = &pvar->ssh2_keys[MODE_IN].enc;
1734 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1735 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1736 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1737 CIPHER_DECRYPT,
1738 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1739 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1740 pvar);
1741
1742 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1743 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1744
1745 pvar->crypt_state.decrypt = cCamellia_decrypt;
1746 break;
1747 }
1748
1749 case SSH_CIPHER_3DES:{
1750 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1751 pvar->crypt_state.decrypt = c3DES_decrypt;
1752 break;
1753 }
1754 case SSH_CIPHER_IDEA:{
1755 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1756 pvar->crypt_state.decrypt = cIDEA_decrypt;
1757 break;
1758 }
1759 case SSH_CIPHER_DES:{
1760 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1761 pvar->crypt_state.decrypt = cDES_decrypt;
1762 break;
1763 }
1764 case SSH_CIPHER_RC4:{
1765 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1766 pvar->crypt_state.decrypt = cRC4_decrypt;
1767 break;
1768 }
1769 case SSH_CIPHER_BLOWFISH:{
1770 cBlowfish_init(decryption_key,
1771 &pvar->crypt_state.dec.cBlowfish);
1772 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1773 break;
1774 }
1775 default:
1776 isOK = FALSE;
1777 }
1778 }
1779
1780
1781 if (!isOK) {
1782 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1783 "No cipher selected!");
1784 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1785 return FALSE;
1786 } else {
1787 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1788 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1789 return TRUE;
1790 }
1791 }
1792
1793 void CRYPT_init(PTInstVar pvar)
1794 {
1795 pvar->crypt_state.encrypt = no_encrypt;
1796 pvar->crypt_state.decrypt = no_encrypt;
1797 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1798 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1799 pvar->crypt_state.server_key.RSA_key = NULL;
1800 pvar->crypt_state.host_key.RSA_key = NULL;
1801
1802 pvar->crypt_state.detect_attack_statics.h = NULL;
1803 pvar->crypt_state.detect_attack_statics.n =
1804 HASH_MINSIZE / HASH_ENTRYSIZE;
1805 }
1806
1807 static char FAR *get_cipher_name(int cipher)
1808 {
1809 switch (cipher) {
1810 case SSH_CIPHER_NONE:
1811 return "None";
1812 case SSH_CIPHER_3DES:
1813 return "3DES (168 key bits)";
1814 case SSH_CIPHER_DES:
1815 return "DES (56 key bits)";
1816 case SSH_CIPHER_IDEA:
1817 return "IDEA (128 key bits)";
1818 case SSH_CIPHER_RC4:
1819 return "RC4 (128 key bits)";
1820 case SSH_CIPHER_BLOWFISH:
1821 return "Blowfish (256 key bits)";
1822
1823 // SSH2
1824 case SSH2_CIPHER_3DES_CBC:
1825 return "3DES-CBC";
1826 case SSH2_CIPHER_AES128_CBC:
1827 return "AES128-CBC";
1828 case SSH2_CIPHER_AES192_CBC:
1829 return "AES192-CBC";
1830 case SSH2_CIPHER_AES256_CBC:
1831 return "AES256-CBC";
1832 case SSH2_CIPHER_BLOWFISH_CBC:
1833 return "Blowfish-CBC";
1834 case SSH2_CIPHER_AES128_CTR:
1835 return "AES128-CTR";
1836 case SSH2_CIPHER_AES192_CTR:
1837 return "AES192-CTR";
1838 case SSH2_CIPHER_AES256_CTR:
1839 return "AES256-CTR";
1840 case SSH2_CIPHER_ARCFOUR:
1841 return "Arcfour";
1842 case SSH2_CIPHER_ARCFOUR128:
1843 return "Arcfour128";
1844 case SSH2_CIPHER_ARCFOUR256:
1845 return "Arcfour256";
1846 case SSH2_CIPHER_CAST128_CBC:
1847 return "CAST-128-CBC";
1848 case SSH2_CIPHER_3DES_CTR:
1849 return "3DES-CTR";
1850 case SSH2_CIPHER_BLOWFISH_CTR:
1851 return "Blowfish-CTR";
1852 case SSH2_CIPHER_CAST128_CTR:
1853 return "CAST-128-CTR";
1854 case SSH2_CIPHER_CAMELLIA128_CBC:
1855 return "Camellia128-CBC";
1856 case SSH2_CIPHER_CAMELLIA192_CBC:
1857 return "Camellia192-CBC";
1858 case SSH2_CIPHER_CAMELLIA256_CBC:
1859 return "Camellia256-CBC";
1860 case SSH2_CIPHER_CAMELLIA128_CTR:
1861 return "Camellia128-CTR";
1862 case SSH2_CIPHER_CAMELLIA192_CTR:
1863 return "Camellia192-CTR";
1864 case SSH2_CIPHER_CAMELLIA256_CTR:
1865 return "Camellia256-CTR";
1866
1867 default:
1868 return "Unknown";
1869 }
1870 }
1871
1872 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1873 {
1874 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1875 "%s to server, %s from server");
1876 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1877 get_cipher_name(pvar->crypt_state.sender_cipher),
1878 get_cipher_name(pvar->crypt_state.receiver_cipher));
1879 }
1880
1881 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1882 {
1883 if (SSHv1(pvar)) {
1884 if (pvar->crypt_state.server_key.RSA_key == NULL
1885 || pvar->crypt_state.host_key.RSA_key == NULL) {
1886 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1887 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1888 } else {
1889 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1890 "%d-bit server key, %d-bit host key");
1891 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1892 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1893 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1894 }
1895 } else { // SSH2
1896 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1897 "%d-bit client key, %d-bit server key");
1898 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1899 pvar->client_key_bits,
1900 pvar->server_key_bits);
1901 }
1902 }
1903
1904 static void destroy_public_key(CRYPTPublicKey * key)
1905 {
1906 if (key->RSA_key != NULL) {
1907 RSA_free(key->RSA_key);
1908 key->RSA_key = NULL;
1909 }
1910 }
1911
1912 void CRYPT_free_public_key(CRYPTPublicKey * key)
1913 {
1914 destroy_public_key(key);
1915 free(key);
1916 }
1917
1918 void CRYPT_end(PTInstVar pvar)
1919 {
1920 destroy_public_key(&pvar->crypt_state.host_key);
1921 destroy_public_key(&pvar->crypt_state.server_key);
1922
1923 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1924 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1925 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1926 free(pvar->crypt_state.detect_attack_statics.h);
1927 }
1928
1929 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1930 sizeof(pvar->crypt_state.sender_cipher_key));
1931 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1932 sizeof(pvar->crypt_state.receiver_cipher_key));
1933 SecureZeroMemory(pvar->crypt_state.server_cookie,
1934 sizeof(pvar->crypt_state.server_cookie));
1935 SecureZeroMemory(pvar->crypt_state.client_cookie,
1936 sizeof(pvar->crypt_state.client_cookie));
1937 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1938 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1939 }
1940
1941 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1942 char FAR * buf, int bytes)
1943 {
1944 unsigned char passphrase_key[16];
1945
1946 MD5(passphrase, strlen(passphrase), passphrase_key);
1947
1948 switch (cipher) {
1949 case SSH_CIPHER_3DES:{
1950 Cipher3DESState state;
1951
1952 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1953 &state.k1);
1954 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1955 &state.k2);
1956 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1957 &state.k3);
1958 memset(state.ivec1, 0, 8);
1959 memset(state.ivec2, 0, 8);
1960 memset(state.ivec3, 0, 8);
1961 DES_ncbc_encrypt(buf, buf, bytes,
1962 &state.k3, &state.ivec3, DES_DECRYPT);
1963 DES_ncbc_encrypt(buf, buf, bytes,
1964 &state.k2, &state.ivec2, DES_ENCRYPT);
1965 DES_ncbc_encrypt(buf, buf, bytes,
1966 &state.k1, &state.ivec1, DES_DECRYPT);
1967 break;
1968 }
1969
1970 case SSH_CIPHER_IDEA:{
1971 CipherIDEAState state;
1972 int num = 0;
1973
1974 cIDEA_init(passphrase_key, &state);
1975 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1976 &num, IDEA_DECRYPT);
1977 break;
1978 }
1979
1980 case SSH_CIPHER_DES:{
1981 CipherDESState state;
1982
1983 cDES_init(passphrase_key, &state);
1984 DES_ncbc_encrypt(buf, buf, bytes,
1985 &state.k, &state.ivec, DES_DECRYPT);
1986 break;
1987 }
1988
1989 case SSH_CIPHER_RC4:{
1990 CipherRC4State state;
1991 int num = 0;
1992
1993 RC4_set_key(&state.k, 16, passphrase_key);
1994 RC4(&state.k, bytes, buf, buf);
1995 break;
1996 }
1997
1998 case SSH_CIPHER_BLOWFISH:{
1999 CipherBlowfishState state;
2000
2001 BF_set_key(&state.k, 16, passphrase_key);
2002 memset(state.ivec, 0, 8);
2003 flip_endianness(buf, bytes);
2004 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
2005 BF_DECRYPT);
2006 flip_endianness(buf, bytes);
2007 break;
2008 }
2009
2010 case SSH_CIPHER_NONE:
2011 break;
2012
2013 default:
2014 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2015 return 0;
2016 }
2017
2018 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2019 return 1;
2020 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help