Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6688 - (show annotations) (download) (as text)
Mon Apr 24 11:49:42 2017 UTC (6 years, 11 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 62648 byte(s) 
typo fix.
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // ���O�������������������������������AAES192, AES256 ����
218 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224 char tmp[80];
225
226 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
227 if (bytes == 0)
228 goto error;
229
230 if (newbuf == NULL)
231 return;
232
233 if (bytes % block_size) {
234 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
235 "%s encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237 "AES128/192/256", bytes, block_size);
238 notify_fatal_error(pvar, tmp, TRUE);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
244 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
245 "AES128/192/256");
246 notify_fatal_error(pvar, tmp, TRUE);
247 goto error;
248
249 } else {
250 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
251 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
252 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
253 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
254
255 //debug_print(50, key, 24);
256 //debug_print(51, iv, 8);
257 //debug_print(52, buf, bytes);
258 //debug_print(53, newbuf, bytes);
259
260 memcpy(buf, newbuf, bytes);
261 }
262
263 error:
264 free(newbuf);
265 }
266
267 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
268 int bytes)
269 {
270 unsigned char *newbuf = malloc(bytes);
271 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
272 char tmp[80];
273
274 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
275 if (bytes == 0)
276 goto error;
277
278 if (newbuf == NULL)
279 return;
280
281 if (bytes % block_size) {
282 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
283 "%s decrypt error(1): bytes %d (%d)");
284 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
285 "AES128/192/256", bytes, block_size);
286 notify_fatal_error(pvar, tmp, TRUE);
287 goto error;
288 }
289
290 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
291 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
292 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
293 "AES128/192/256");
294 notify_fatal_error(pvar, tmp, TRUE);
295 goto error;
296
297 } else {
298 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
299 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
300 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
301 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
302
303 //debug_print(70, key, AES128_KEYLEN);
304 //debug_print(71, iv, AES128_IVLEN);
305 //debug_print(72, buf, bytes);
306 //debug_print(73, newbuf, bytes);
307
308 memcpy(buf, newbuf, bytes);
309 }
310
311 error:
312 free(newbuf);
313 }
314
315
316 // for SSH2(yutaka)
317 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
318 int bytes)
319 {
320 unsigned char *newbuf = malloc(bytes);
321 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
322 char tmp[80];
323
324 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
325 if (bytes == 0)
326 goto error;
327
328 if (newbuf == NULL)
329 return;
330
331 if (bytes % block_size) {
332 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
333 "%s encrypt error(1): bytes %d (%d)");
334 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
335 "3DES-CBC", bytes, block_size);
336 notify_fatal_error(pvar, tmp, TRUE);
337 goto error;
338 }
339
340 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
341 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
342 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
343 "3DES-CBC");
344 notify_fatal_error(pvar, tmp, TRUE);
345 goto error;
346
347 } else {
348 //unsigned char key[24], iv[8];
349 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
350 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
351 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
352
353 //debug_print(50, key, 24);
354 //debug_print(51, iv, 8);
355 //debug_print(52, buf, bytes);
356 //debug_print(53, newbuf, bytes);
357
358 memcpy(buf, newbuf, bytes);
359 }
360
361 error:
362 free(newbuf);
363 }
364
365 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
366 int bytes)
367 {
368 unsigned char *newbuf = malloc(bytes);
369 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
370 char tmp[80];
371
372 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
373 if (bytes == 0)
374 goto error;
375
376 if (newbuf == NULL)
377 return;
378
379 if (bytes % block_size) {
380 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
381 "%s decrypt error(1): bytes %d (%d)");
382 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
383 "3DES-CBC", bytes, block_size);
384 notify_fatal_error(pvar, tmp, TRUE);
385 goto error;
386 }
387
388 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
389 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
390 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
391 "3DES-CBC");
392 notify_fatal_error(pvar, tmp, TRUE);
393 goto error;
394
395 } else {
396 //unsigned char key[24], iv[8];
397 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
398 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
399 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
400
401 //debug_print(70, key, 24);
402 //debug_print(71, iv, 8);
403 //debug_print(72, buf, bytes);
404 //debug_print(73, newbuf, bytes);
405
406 memcpy(buf, newbuf, bytes);
407 }
408
409 error:
410 free(newbuf);
411 }
412
413
414 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
415 int bytes)
416 {
417 unsigned char *newbuf = malloc(bytes);
418 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
419 char tmp[80];
420
421 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
422 if (bytes == 0)
423 goto error;
424
425 if (newbuf == NULL)
426 return;
427
428 if (bytes % block_size) {
429 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
430 "%s encrypt error(1): bytes %d (%d)");
431 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
432 "Blowfish", bytes, block_size);
433 notify_fatal_error(pvar, tmp, TRUE);
434 goto error;
435 }
436
437 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
438 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
439 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
440 "Blowfish");
441 notify_fatal_error(pvar, tmp, TRUE);
442 goto error;
443
444 } else {
445 memcpy(buf, newbuf, bytes);
446
447 }
448
449 error:
450 free(newbuf);
451 }
452
453 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
454 int bytes)
455 {
456 unsigned char *newbuf = malloc(bytes);
457 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
458 char tmp[80];
459
460 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
461 if (bytes == 0)
462 goto error;
463
464 if (newbuf == NULL)
465 return;
466
467 if (bytes % block_size) {
468 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
469 "%s decrypt error(1): bytes %d (%d)");
470 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
471 "Blowfish", bytes, block_size);
472 notify_fatal_error(pvar, tmp, TRUE);
473 goto error;
474 }
475
476 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
477 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
478 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
479 "Blowfish");
480 notify_fatal_error(pvar, tmp, TRUE);
481 goto error;
482
483 } else {
484 memcpy(buf, newbuf, bytes);
485
486 }
487
488 error:
489 free(newbuf);
490 }
491
492
493 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
494 int bytes)
495 {
496 unsigned char *newbuf = malloc(bytes);
497 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
498 char tmp[80];
499
500 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
501 if (bytes == 0)
502 goto error;
503
504 if (newbuf == NULL)
505 return;
506
507 if (bytes % block_size) {
508 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
509 "%s encrypt error(1): bytes %d (%d)");
510 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
511 "Arcfour", bytes, block_size);
512 notify_fatal_error(pvar, tmp, TRUE);
513 goto error;
514 }
515
516 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
517 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
518 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
519 "Arcfour");
520 notify_fatal_error(pvar, tmp, TRUE);
521 goto error;
522
523 } else {
524 memcpy(buf, newbuf, bytes);
525
526 }
527
528 error:
529 free(newbuf);
530 }
531
532 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
533 int bytes)
534 {
535 unsigned char *newbuf = malloc(bytes);
536 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
537 char tmp[80];
538
539 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
540 if (bytes == 0)
541 goto error;
542
543 if (newbuf == NULL)
544 return;
545
546 if (bytes % block_size) {
547 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
548 "%s decrypt error(1): bytes %d (%d)");
549 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
550 "Arcfour", bytes, block_size);
551 notify_fatal_error(pvar, tmp, TRUE);
552 goto error;
553 }
554
555 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
556 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
557 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
558 "Arcfour");
559 notify_fatal_error(pvar, tmp, TRUE);
560 goto error;
561
562 } else {
563 memcpy(buf, newbuf, bytes);
564
565 }
566
567 error:
568 free(newbuf);
569 }
570
571
572 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
573 int bytes)
574 {
575 unsigned char *newbuf = malloc(bytes);
576 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
577 char tmp[80];
578
579 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
580 if (bytes == 0)
581 goto error;
582
583 if (newbuf == NULL)
584 return;
585
586 if (bytes % block_size) {
587 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
588 "%s encrypt error(1): bytes %d (%d)");
589 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
590 "CAST128", bytes, block_size);
591 notify_fatal_error(pvar, tmp, TRUE);
592 goto error;
593 }
594
595 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
596 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
597 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
598 "CAST128");
599 notify_fatal_error(pvar, tmp, TRUE);
600 goto error;
601
602 } else {
603 memcpy(buf, newbuf, bytes);
604
605 }
606
607 error:
608 free(newbuf);
609 }
610
611 static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
612 int bytes)
613 {
614 unsigned char *newbuf = malloc(bytes);
615 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
616 char tmp[80];
617
618 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
619 if (bytes == 0)
620 goto error;
621
622 if (newbuf == NULL)
623 return;
624
625 if (bytes % block_size) {
626 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
627 "%s decrypt error(1): bytes %d (%d)");
628 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
629 "CAST128", bytes, block_size);
630 notify_fatal_error(pvar, tmp, TRUE);
631 goto error;
632 }
633
634 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
635 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
636 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
637 "CAST128");
638 notify_fatal_error(pvar, tmp, TRUE);
639 goto error;
640
641 } else {
642 memcpy(buf, newbuf, bytes);
643
644 }
645
646 error:
647 free(newbuf);
648 }
649
650 static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
651 int bytes)
652 {
653 unsigned char *newbuf = malloc(bytes);
654 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
655 char tmp[80];
656
657 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
658 if (bytes == 0)
659 goto error;
660
661 if (newbuf == NULL)
662 return;
663
664 if (bytes % block_size) {
665 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
666 "%s encrypt error(1): bytes %d (%d)");
667 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
668 "Camellia128/192/256", bytes, block_size);
669 notify_fatal_error(pvar, tmp, TRUE);
670 goto error;
671 }
672
673 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
674 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
675 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
676 "Camellia128/192/256");
677 notify_fatal_error(pvar, tmp, TRUE);
678 goto error;
679
680 } else {
681 memcpy(buf, newbuf, bytes);
682
683 }
684
685 error:
686 free(newbuf);
687 }
688
689 static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
690 int bytes)
691 {
692 unsigned char *newbuf = malloc(bytes);
693 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
694 char tmp[80];
695
696 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
697 if (bytes == 0)
698 goto error;
699
700 if (newbuf == NULL)
701 return;
702
703 if (bytes % block_size) {
704 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
705 "%s decrypt error(1): bytes %d (%d)");
706 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
707 "Camellia128/192/256", bytes, block_size);
708 notify_fatal_error(pvar, tmp, TRUE);
709 goto error;
710 }
711
712 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
713 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
714 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
715 "Camellia128/192/256");
716 notify_fatal_error(pvar, tmp, TRUE);
717 goto error;
718
719 } else {
720 memcpy(buf, newbuf, bytes);
721
722 }
723
724 error:
725 free(newbuf);
726 }
727
728 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
729 int bytes)
730 {
731 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
732
733 DES_ncbc_encrypt(buf, buf, bytes,
734 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
735 DES_ncbc_encrypt(buf, buf, bytes,
736 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
737 DES_ncbc_encrypt(buf, buf, bytes,
738 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
739 }
740
741 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
742 int bytes)
743 {
744 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
745
746 DES_ncbc_encrypt(buf, buf, bytes,
747 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
748 DES_ncbc_encrypt(buf, buf, bytes,
749 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
750 DES_ncbc_encrypt(buf, buf, bytes,
751 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
752 }
753
754 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
755 int bytes)
756 {
757 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
758
759 DES_ncbc_encrypt(buf, buf, bytes,
760 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
761 }
762
763 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
764 int bytes)
765 {
766 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
767
768 DES_ncbc_encrypt(buf, buf, bytes,
769 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
770 }
771
772 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
773 int bytes)
774 {
775 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
776 int num = 0;
777
778 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
779 encryptstate->ivec, &num, IDEA_ENCRYPT);
780 }
781
782 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
783 int bytes)
784 {
785 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
786 int num = 0;
787
788 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
789 decryptstate->ivec, &num, IDEA_DECRYPT);
790 }
791
792 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
793 {
794 uint32 FAR *buf = (uint32 FAR *) cbuf;
795 int count = bytes / 4;
796
797 while (count > 0) {
798 uint32 w = *buf;
799
800 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
801 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
802 count--;
803 buf++;
804 }
805 }
806
807 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
808 int bytes)
809 {
810 CipherBlowfishState FAR *encryptstate =
811 &pvar->crypt_state.enc.cBlowfish;
812
813 flip_endianness(buf, bytes);
814 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
815 BF_ENCRYPT);
816 flip_endianness(buf, bytes);
817 }
818
819 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
820 int bytes)
821 {
822 CipherBlowfishState FAR *decryptstate =
823 &pvar->crypt_state.dec.cBlowfish;
824
825 flip_endianness(buf, bytes);
826 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
827 BF_DECRYPT);
828 flip_endianness(buf, bytes);
829 }
830
831 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
832 int bytes)
833 {
834 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
835 int num = 0;
836
837 RC4(&encryptstate->k, bytes, buf, buf);
838 }
839
840 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
841 int bytes)
842 {
843 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
844 int num = 0;
845
846 RC4(&decryptstate->k, bytes, buf, buf);
847 }
848
849 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
850 int bytes)
851 {
852 RAND_bytes(buf, bytes);
853 }
854
855 void CRYPT_initialize_random_numbers(PTInstVar pvar)
856 {
857 // ����������������������
858 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
859 //RAND_screen();
860 }
861
862 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
863 {
864 int bits = get_ushort16_MSBfirst(bytes);
865
866 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
867 }
868
869 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
870 RSA FAR *make_key(PTInstVar pvar,
871 int bits, unsigned char FAR * exp,
872 unsigned char FAR * mod)
873 {
874 RSA FAR *key = RSA_new();
875
876 if (key != NULL) {
877 key->e = get_bignum(exp);
878 key->n = get_bignum(mod);
879 }
880
881 if (key == NULL || key->e == NULL || key->n == NULL) {
882 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
883 "Error setting up RSA keys");
884 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
885
886 if (key != NULL) {
887 if (key->e != NULL) {
888 BN_free(key->e);
889 }
890 if (key->n != NULL) {
891 BN_free(key->n);
892 }
893 RSA_free(key);
894 }
895
896 return NULL;
897 } else {
898 return key;
899 }
900 }
901
902 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
903 {
904 if (SSHv1(pvar)) {
905 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
906 } else {
907 memcpy(pvar->crypt_state.server_cookie, cookie,
908 SSH2_COOKIE_LENGTH);
909 }
910 }
911
912 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
913 {
914 if (SSHv2(pvar)) {
915 memcpy(pvar->crypt_state.client_cookie, cookie,
916 SSH2_COOKIE_LENGTH);
917 }
918 }
919
920 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
921 int bits, unsigned char FAR * exp,
922 unsigned char FAR * mod)
923 {
924 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
925
926 return pvar->crypt_state.server_key.RSA_key != NULL;
927 }
928
929 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
930 int bits, unsigned char FAR * exp,
931 unsigned char FAR * mod)
932 {
933 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
934
935 return pvar->crypt_state.host_key.RSA_key != NULL;
936 }
937
938 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
939 int receiver_ciphers)
940 {
941 int cipher_mask;
942
943 if (SSHv1(pvar)) {
944 cipher_mask = (1 << SSH_CIPHER_DES)
945 | (1 << SSH_CIPHER_3DES)
946 | (1 << SSH_CIPHER_BLOWFISH);
947
948 } else { // for SSH2(yutaka)
949 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
950 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
951 | (1 << SSH2_CIPHER_AES128_CBC)
952 | (1 << SSH2_CIPHER_AES192_CBC)
953 | (1 << SSH2_CIPHER_AES256_CBC)
954 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
955 | (1 << SSH2_CIPHER_AES128_CTR)
956 | (1 << SSH2_CIPHER_AES192_CTR)
957 | (1 << SSH2_CIPHER_AES256_CTR)
958 | (1 << SSH2_CIPHER_ARCFOUR)
959 | (1 << SSH2_CIPHER_ARCFOUR128)
960 | (1 << SSH2_CIPHER_ARCFOUR256)
961 | (1 << SSH2_CIPHER_CAST128_CBC)
962 | (1 << SSH2_CIPHER_3DES_CTR)
963 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
964 | (1 << SSH2_CIPHER_CAST128_CTR)
965 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
966 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
967 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
968 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
969 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
970 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
971 );
972 }
973
974 sender_ciphers &= cipher_mask;
975 receiver_ciphers &= cipher_mask;
976 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
977 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
978
979 if (sender_ciphers == 0) {
980 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
981 "The server does not support any of the TTSSH encryption algorithms.\n"
982 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
983 "The connection will be closed.");
984 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
985 return FALSE;
986 } else if (receiver_ciphers == 0) {
987 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
988 "The server does not support any of the TTSSH encryption algorithms.\n"
989 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
990 "The connection will be closed.");
991 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
992 return FALSE;
993 } else {
994 return TRUE;
995 }
996 }
997
998 int CRYPT_get_decryption_block_size(PTInstVar pvar)
999 {
1000 if (SSHv1(pvar)) {
1001 return 8;
1002 } else {
1003 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1004 // cf. 3DES=8, AES128=16
1005 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
1006 }
1007 }
1008
1009 int CRYPT_get_encryption_block_size(PTInstVar pvar)
1010 {
1011 if (SSHv1(pvar)) {
1012 return 8;
1013 } else {
1014 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
1015 // cf. 3DES=8, AES128=16
1016 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
1017 }
1018 }
1019
1020 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
1021 {
1022 struct Mac *mac;
1023
1024 if (SSHv1(pvar)) {
1025 return 0;
1026
1027 } else { // for SSH2(yutaka)
1028 mac = &pvar->ssh2_keys[MODE_IN].mac;
1029 if (mac == NULL || mac->enabled == 0)
1030 return 0;
1031
1032 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
1033 }
1034
1035 }
1036
1037 // HMAC������
1038 // ���{������ SSH2 �������g�p�������B
1039 // (2004.12.17 yutaka)
1040 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
1041 char FAR * data, int len, char FAR * MAC)
1042 {
1043 HMAC_CTX c;
1044 unsigned char m[EVP_MAX_MD_SIZE];
1045 unsigned char b[4];
1046 struct Mac *mac;
1047
1048 mac = &pvar->ssh2_keys[MODE_IN].mac;
1049
1050 // HMAC�������L���������������A����OK�����������B
1051 if (mac == NULL || mac->enabled == 0)
1052 return TRUE;
1053
1054 if (mac->key == NULL) {
1055 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
1056 goto error;
1057 }
1058
1059 if ((u_int)mac->mac_len > sizeof(m)) {
1060 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
1061 mac->mac_len, sizeof(m), sequence_number, len);
1062 goto error;
1063 }
1064
1065 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1066 set_uint32_MSBfirst(b, sequence_number);
1067 HMAC_Update(&c, b, sizeof(b));
1068 HMAC_Update(&c, data, len);
1069 HMAC_Final(&c, m, NULL);
1070 HMAC_cleanup(&c);
1071
1072 if (memcmp(m, MAC, mac->mac_len)) {
1073 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
1074 logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
1075 logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
1076 goto error;
1077 }
1078
1079 return TRUE;
1080
1081 error:
1082 return FALSE;
1083 }
1084
1085 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1086 {
1087 struct Mac *mac;
1088
1089 if (SSHv2(pvar)) { // for SSH2(yutaka)
1090 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1091 if (mac == NULL || mac->enabled == 0)
1092 return 0;
1093
1094 return (mac->mac_len);
1095 }
1096
1097 return 0;
1098 }
1099
1100 // for SSH2
1101 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1102 char FAR * data, int len, char FAR * MAC)
1103 {
1104 HMAC_CTX c;
1105 static u_char m[EVP_MAX_MD_SIZE];
1106 u_char b[4];
1107 struct Mac *mac;
1108
1109 if (SSHv2(pvar)) { // for SSH2(yutaka)
1110 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1111 if (mac == NULL || mac->enabled == 0)
1112 return FALSE;
1113
1114 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1115 set_uint32_MSBfirst(b, sequence_number);
1116 HMAC_Update(&c, b, sizeof(b));
1117 HMAC_Update(&c, data, len);
1118 HMAC_Final(&c, m, NULL);
1119 HMAC_cleanup(&c);
1120
1121 // 20�o�C�g�������R�s�[
1122 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1123 // memcpy(MAC, m, sizeof(m));
1124
1125 return TRUE;
1126 }
1127
1128 return TRUE;
1129
1130 }
1131
1132 static int choose_cipher(PTInstVar pvar, int supported)
1133 {
1134 int i;
1135
1136 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1137 int cipher = pvar->session_settings.CipherOrder[i] - '0';
1138
1139 if (cipher == SSH_CIPHER_NONE) {
1140 break;
1141 } else if ((supported & (1 << cipher)) != 0) {
1142 return cipher;
1143 }
1144 }
1145
1146 return SSH_CIPHER_NONE;
1147 }
1148
1149 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1150 {
1151 if (SSHv1(pvar)) {
1152 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1153 pvar->crypt_state.
1154 supported_sender_ciphers);
1155 pvar->crypt_state.receiver_cipher =
1156 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1157
1158 } else { // SSH2(yutaka)
1159 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1160 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1161
1162 }
1163
1164 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1165 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1166 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
1167 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1168 "To communicate with this server, you will have to enable some more ciphers\n"
1169 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1170 "This connection will now close.");
1171 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1172 return FALSE;
1173 } else {
1174 return TRUE;
1175 }
1176 }
1177
1178 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1179 {
1180 int server_key_bits =
1181 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1182 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1183 int server_key_bytes = (server_key_bits + 7) / 8;
1184 int host_key_bytes = (host_key_bits + 7) / 8;
1185
1186 if (server_key_bits < host_key_bits) {
1187 return host_key_bytes;
1188 } else {
1189 return server_key_bytes;
1190 }
1191 }
1192
1193 int CRYPT_choose_session_key(PTInstVar pvar,
1194 unsigned char FAR * encrypted_key_buf)
1195 {
1196 int server_key_bits =
1197 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1198 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1199 int server_key_bytes = (server_key_bits + 7) / 8;
1200 int host_key_bytes = (host_key_bits + 7) / 8;
1201 int encrypted_key_bytes;
1202 int bit_delta;
1203
1204 if (server_key_bits < host_key_bits) {
1205 encrypted_key_bytes = host_key_bytes;
1206 bit_delta = host_key_bits - server_key_bits;
1207 } else {
1208 encrypted_key_bytes = server_key_bytes;
1209 bit_delta = server_key_bits - host_key_bits;
1210 }
1211
1212 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1213 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
1214 "Server RSA keys are too weak. A secure connection cannot be established.");
1215 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1216 return 0;
1217 } else {
1218 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1219 for the session ID, rather than the one specified in the RFC */
1220 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1221 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1222 char session_id[16];
1223 int i;
1224
1225 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1226 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1227 session_buf + host_key_bytes);
1228 memcpy(session_buf + server_key_bytes + host_key_bytes,
1229 pvar->crypt_state.server_cookie, 8);
1230 MD5(session_buf, session_buf_len, session_id);
1231
1232 free(session_buf);
1233
1234 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1235 SSH_SESSION_KEY_LENGTH);
1236 memcpy(pvar->crypt_state.receiver_cipher_key,
1237 pvar->crypt_state.sender_cipher_key,
1238 SSH_SESSION_KEY_LENGTH);
1239
1240 memcpy(encrypted_key_buf + encrypted_key_bytes -
1241 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1242 SSH_SESSION_KEY_LENGTH);
1243 for (i = 0; i < sizeof(session_id); i++) {
1244 encrypted_key_buf[encrypted_key_bytes -
1245 SSH_SESSION_KEY_LENGTH + i]
1246 ^= session_id[i];
1247 }
1248
1249 if (host_key_bits > server_key_bits) {
1250 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1251 encrypted_key_buf +
1252 encrypted_key_bytes -
1253 SSH_SESSION_KEY_LENGTH,
1254 encrypted_key_buf +
1255 encrypted_key_bytes - server_key_bytes,
1256 pvar->crypt_state.server_key.RSA_key,
1257 RSA_PKCS1_PADDING) < 0)
1258 return 0;
1259
1260 if (RSA_public_encrypt(server_key_bytes,
1261 encrypted_key_buf +
1262 encrypted_key_bytes - server_key_bytes,
1263 encrypted_key_buf,
1264 pvar->crypt_state.host_key.RSA_key,
1265 RSA_PKCS1_PADDING) < 0)
1266 return 0;
1267 } else {
1268 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1269 encrypted_key_buf +
1270 encrypted_key_bytes -
1271 SSH_SESSION_KEY_LENGTH,
1272 encrypted_key_buf +
1273 encrypted_key_bytes - host_key_bytes,
1274 pvar->crypt_state.host_key.RSA_key,
1275 RSA_PKCS1_PADDING) < 0)
1276 return 0;
1277
1278 if (RSA_public_encrypt(host_key_bytes,
1279 encrypted_key_buf +
1280 encrypted_key_bytes - host_key_bytes,
1281 encrypted_key_buf,
1282 pvar->crypt_state.server_key.RSA_key,
1283 RSA_PKCS1_PADDING) < 0)
1284 return 0;
1285 }
1286 }
1287
1288 return 1;
1289 }
1290
1291 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1292 unsigned char FAR * challenge,
1293 int challenge_len,
1294 unsigned char FAR * response)
1295 {
1296 int server_key_bits =
1297 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1298 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1299 int server_key_bytes = (server_key_bits + 7) / 8;
1300 int host_key_bytes = (host_key_bits + 7) / 8;
1301 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1302 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1303 char decrypted_challenge[48];
1304 int decrypted_challenge_len;
1305
1306 decrypted_challenge_len =
1307 RSA_private_decrypt(challenge_len, challenge, challenge,
1308 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1309 RSA_PKCS1_PADDING);
1310 if (decrypted_challenge_len < 0) {
1311 free(session_buf);
1312 return 0;
1313 }
1314 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1315 memcpy(decrypted_challenge,
1316 challenge + decrypted_challenge_len -
1317 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1318 } else {
1319 memset(decrypted_challenge, 0,
1320 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1321 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1322 decrypted_challenge_len, challenge,
1323 decrypted_challenge_len);
1324 }
1325
1326 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1327 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1328 session_buf + host_key_bytes);
1329 memcpy(session_buf + server_key_bytes + host_key_bytes,
1330 pvar->crypt_state.server_cookie, 8);
1331 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1332
1333 free(session_buf);
1334
1335 MD5(decrypted_challenge, 48, response);
1336
1337 return 1;
1338 }
1339
1340 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1341 {
1342 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1343 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1344 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1345 memset(state->ivec1, 0, 8);
1346 memset(state->ivec2, 0, 8);
1347 memset(state->ivec3, 0, 8);
1348 }
1349
1350 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1351 {
1352 DES_set_key((const_DES_cblock FAR *) session_key, &state->k);
1353 memset(state->ivec, 0, 8);
1354 }
1355
1356 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1357 {
1358 idea_set_encrypt_key(session_key, &state->k);
1359 memset(state->ivec, 0, 8);
1360 }
1361
1362 static void cBlowfish_init(char FAR * session_key,
1363 CipherBlowfishState FAR * state)
1364 {
1365 BF_set_key(&state->k, 32, session_key);
1366 memset(state->ivec, 0, 8);
1367 }
1368
1369
1370 //
1371 // SSH2�p�A���S���Y����������
1372 //
1373 // for SSH2(yutaka)
1374 //
1375 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1376 const u_char *key, u_int keylen,
1377 const u_char *iv, u_int ivlen,
1378 int encrypt,
1379 const EVP_CIPHER *type,
1380 int discard_len,
1381 PTInstVar pvar)
1382 {
1383 int klen;
1384 char tmp[80];
1385 unsigned char *junk = NULL, *discard = NULL;
1386
1387 EVP_CIPHER_CTX_init(evp);
1388 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1389 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1390 "Cipher initialize error(%d)");
1391 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1392 notify_fatal_error(pvar, tmp, TRUE);
1393 return;
1394 }
1395
1396 klen = EVP_CIPHER_CTX_key_length(evp);
1397 if (klen > 0 && keylen != klen) {
1398 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1399 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1400 "Cipher initialize error(%d)");
1401 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1402 notify_fatal_error(pvar, tmp, TRUE);
1403 return;
1404 }
1405 }
1406 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1407 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1408 "Cipher initialize error(%d)");
1409 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1410 notify_fatal_error(pvar, tmp, TRUE);
1411 return;
1412 }
1413
1414 if (discard_len > 0) {
1415 junk = malloc(discard_len);
1416 discard = malloc(discard_len);
1417 if (junk == NULL || discard == NULL ||
1418 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1419 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1420 "Cipher initialize error(%d)");
1421 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1422 pvar->ts->UIMsg, 3);
1423 notify_fatal_error(pvar, tmp, TRUE);
1424 }
1425 else {
1426 SecureZeroMemory(discard, discard_len);
1427 }
1428 free(junk);
1429 free(discard);
1430 }
1431 }
1432
1433 //
1434 // SSH2�p�A���S���Y�����j��
1435 //
1436 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1437 {
1438 EVP_CIPHER_CTX_cleanup(evp);
1439 }
1440
1441
1442 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1443 {
1444 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1445 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1446 BOOL isOK = TRUE;
1447
1448 if (sender_flag) {
1449 switch (pvar->crypt_state.sender_cipher) {
1450 // for SSH2(yutaka)
1451 case SSH2_CIPHER_3DES_CBC:
1452 case SSH2_CIPHER_3DES_CTR:
1453 {
1454 struct Enc *enc;
1455
1456 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1457 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1458 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1459 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1460 CIPHER_ENCRYPT,
1461 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1462 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1463 pvar);
1464
1465 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1466 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1467
1468 pvar->crypt_state.encrypt = c3DES_encrypt2;
1469 break;
1470 }
1471
1472 // for SSH2(yutaka)
1473 case SSH2_CIPHER_AES128_CBC:
1474 case SSH2_CIPHER_AES192_CBC:
1475 case SSH2_CIPHER_AES256_CBC:
1476 case SSH2_CIPHER_AES128_CTR:
1477 case SSH2_CIPHER_AES192_CTR:
1478 case SSH2_CIPHER_AES256_CTR:
1479 {
1480 struct Enc *enc;
1481
1482 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1483 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1484 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1485 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1486 CIPHER_ENCRYPT,
1487 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1488 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1489 pvar);
1490
1491 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1492 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1493
1494 pvar->crypt_state.encrypt = cAES128_encrypt;
1495 break;
1496 }
1497
1498 case SSH2_CIPHER_BLOWFISH_CBC:
1499 case SSH2_CIPHER_BLOWFISH_CTR:
1500 {
1501 struct Enc *enc;
1502
1503 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1504 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1505 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1506 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1507 CIPHER_ENCRYPT,
1508 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1509 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1510 pvar);
1511
1512 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1513 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1514
1515 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1516 break;
1517 }
1518
1519 case SSH2_CIPHER_ARCFOUR:
1520 case SSH2_CIPHER_ARCFOUR128:
1521 case SSH2_CIPHER_ARCFOUR256:
1522 {
1523 struct Enc *enc;
1524
1525 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1526 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1527 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1528 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1529 CIPHER_ENCRYPT,
1530 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1531 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1532 pvar);
1533 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1534 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1535
1536 pvar->crypt_state.encrypt = cArcfour_encrypt;
1537 break;
1538 }
1539
1540 case SSH2_CIPHER_CAST128_CBC:
1541 case SSH2_CIPHER_CAST128_CTR:
1542 {
1543 struct Enc *enc;
1544
1545 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1546 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1547 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1548 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1549 CIPHER_ENCRYPT,
1550 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1551 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1552 pvar);
1553 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1554 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1555
1556 pvar->crypt_state.encrypt = cCast128_encrypt;
1557 break;
1558 }
1559
1560 case SSH2_CIPHER_CAMELLIA128_CBC:
1561 case SSH2_CIPHER_CAMELLIA192_CBC:
1562 case SSH2_CIPHER_CAMELLIA256_CBC:
1563 case SSH2_CIPHER_CAMELLIA128_CTR:
1564 case SSH2_CIPHER_CAMELLIA192_CTR:
1565 case SSH2_CIPHER_CAMELLIA256_CTR:
1566 {
1567 struct Enc *enc;
1568
1569 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1570 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1571 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1572 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1573 CIPHER_ENCRYPT,
1574 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1575 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1576 pvar);
1577
1578 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1579 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1580
1581 pvar->crypt_state.encrypt = cCamellia_encrypt;
1582 break;
1583 }
1584
1585 case SSH_CIPHER_3DES:{
1586 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1587 pvar->crypt_state.encrypt = c3DES_encrypt;
1588 break;
1589 }
1590 case SSH_CIPHER_IDEA:{
1591 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1592 pvar->crypt_state.encrypt = cIDEA_encrypt;
1593 break;
1594 }
1595 case SSH_CIPHER_DES:{
1596 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1597 pvar->crypt_state.encrypt = cDES_encrypt;
1598 break;
1599 }
1600 case SSH_CIPHER_RC4:{
1601 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1602 encryption_key + 16);
1603 pvar->crypt_state.encrypt = cRC4_encrypt;
1604 break;
1605 }
1606 case SSH_CIPHER_BLOWFISH:{
1607 cBlowfish_init(encryption_key,
1608 &pvar->crypt_state.enc.cBlowfish);
1609 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1610 break;
1611 }
1612 default:
1613 isOK = FALSE;
1614 }
1615 }
1616
1617
1618 if (receiver_flag) {
1619 switch (pvar->crypt_state.receiver_cipher) {
1620 // for SSH2(yutaka)
1621 case SSH2_CIPHER_3DES_CBC:
1622 case SSH2_CIPHER_3DES_CTR:
1623 {
1624 struct Enc *enc;
1625
1626 enc = &pvar->ssh2_keys[MODE_IN].enc;
1627 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1628 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1629 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1630 CIPHER_DECRYPT,
1631 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1632 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1633 pvar);
1634
1635 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1636 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1637
1638 pvar->crypt_state.decrypt = c3DES_decrypt2;
1639 break;
1640 }
1641
1642 // for SSH2(yutaka)
1643 case SSH2_CIPHER_AES128_CBC:
1644 case SSH2_CIPHER_AES192_CBC:
1645 case SSH2_CIPHER_AES256_CBC:
1646 case SSH2_CIPHER_AES128_CTR:
1647 case SSH2_CIPHER_AES192_CTR:
1648 case SSH2_CIPHER_AES256_CTR:
1649 {
1650 struct Enc *enc;
1651
1652 enc = &pvar->ssh2_keys[MODE_IN].enc;
1653 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1654 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1655 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1656 CIPHER_DECRYPT,
1657 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1658 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1659 pvar);
1660
1661 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1662 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1663
1664 pvar->crypt_state.decrypt = cAES128_decrypt;
1665 break;
1666 }
1667
1668 case SSH2_CIPHER_BLOWFISH_CBC:
1669 case SSH2_CIPHER_BLOWFISH_CTR:
1670 {
1671 struct Enc *enc;
1672
1673 enc = &pvar->ssh2_keys[MODE_IN].enc;
1674 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1675 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1676 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1677 CIPHER_DECRYPT,
1678 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1679 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1680 pvar);
1681
1682 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1683 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1684
1685 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1686 break;
1687 }
1688
1689 case SSH2_CIPHER_ARCFOUR:
1690 case SSH2_CIPHER_ARCFOUR128:
1691 case SSH2_CIPHER_ARCFOUR256:
1692 {
1693 struct Enc *enc;
1694
1695 enc = &pvar->ssh2_keys[MODE_IN].enc;
1696 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1697 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1698 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1699 CIPHER_DECRYPT,
1700 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1701 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1702 pvar);
1703
1704 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1705 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1706
1707 pvar->crypt_state.decrypt = cArcfour_decrypt;
1708 break;
1709 }
1710
1711 case SSH2_CIPHER_CAST128_CBC:
1712 case SSH2_CIPHER_CAST128_CTR:
1713 {
1714 struct Enc *enc;
1715
1716 enc = &pvar->ssh2_keys[MODE_IN].enc;
1717 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1718 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1719 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1720 CIPHER_DECRYPT,
1721 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1722 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1723 pvar);
1724
1725 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1726 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1727
1728 pvar->crypt_state.decrypt = cCast128_decrypt;
1729 break;
1730 }
1731
1732 case SSH2_CIPHER_CAMELLIA128_CBC:
1733 case SSH2_CIPHER_CAMELLIA192_CBC:
1734 case SSH2_CIPHER_CAMELLIA256_CBC:
1735 case SSH2_CIPHER_CAMELLIA128_CTR:
1736 case SSH2_CIPHER_CAMELLIA192_CTR:
1737 case SSH2_CIPHER_CAMELLIA256_CTR:
1738 {
1739 struct Enc *enc;
1740
1741 enc = &pvar->ssh2_keys[MODE_IN].enc;
1742 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1743 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1744 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1745 CIPHER_DECRYPT,
1746 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1747 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1748 pvar);
1749
1750 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1751 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1752
1753 pvar->crypt_state.decrypt = cCamellia_decrypt;
1754 break;
1755 }
1756
1757 case SSH_CIPHER_3DES:{
1758 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1759 pvar->crypt_state.decrypt = c3DES_decrypt;
1760 break;
1761 }
1762 case SSH_CIPHER_IDEA:{
1763 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1764 pvar->crypt_state.decrypt = cIDEA_decrypt;
1765 break;
1766 }
1767 case SSH_CIPHER_DES:{
1768 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1769 pvar->crypt_state.decrypt = cDES_decrypt;
1770 break;
1771 }
1772 case SSH_CIPHER_RC4:{
1773 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1774 pvar->crypt_state.decrypt = cRC4_decrypt;
1775 break;
1776 }
1777 case SSH_CIPHER_BLOWFISH:{
1778 cBlowfish_init(decryption_key,
1779 &pvar->crypt_state.dec.cBlowfish);
1780 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1781 break;
1782 }
1783 default:
1784 isOK = FALSE;
1785 }
1786 }
1787
1788
1789 if (!isOK) {
1790 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1791 "No cipher selected!");
1792 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1793 return FALSE;
1794 } else {
1795 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1796 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1797 return TRUE;
1798 }
1799 }
1800
1801 void CRYPT_init(PTInstVar pvar)
1802 {
1803 pvar->crypt_state.encrypt = no_encrypt;
1804 pvar->crypt_state.decrypt = no_encrypt;
1805 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1806 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1807 pvar->crypt_state.server_key.RSA_key = NULL;
1808 pvar->crypt_state.host_key.RSA_key = NULL;
1809
1810 pvar->crypt_state.detect_attack_statics.h = NULL;
1811 pvar->crypt_state.detect_attack_statics.n =
1812 HASH_MINSIZE / HASH_ENTRYSIZE;
1813 }
1814
1815 static char FAR *get_cipher_name(int cipher)
1816 {
1817 switch (cipher) {
1818 case SSH_CIPHER_NONE:
1819 return "None";
1820 case SSH_CIPHER_3DES:
1821 return "3DES (168 key bits)";
1822 case SSH_CIPHER_DES:
1823 return "DES (56 key bits)";
1824 case SSH_CIPHER_IDEA:
1825 return "IDEA (128 key bits)";
1826 case SSH_CIPHER_RC4:
1827 return "RC4 (128 key bits)";
1828 case SSH_CIPHER_BLOWFISH:
1829 return "Blowfish (256 key bits)";
1830
1831 // SSH2
1832 case SSH2_CIPHER_3DES_CBC:
1833 return "3DES-CBC";
1834 case SSH2_CIPHER_AES128_CBC:
1835 return "AES128-CBC";
1836 case SSH2_CIPHER_AES192_CBC:
1837 return "AES192-CBC";
1838 case SSH2_CIPHER_AES256_CBC:
1839 return "AES256-CBC";
1840 case SSH2_CIPHER_BLOWFISH_CBC:
1841 return "Blowfish-CBC";
1842 case SSH2_CIPHER_AES128_CTR:
1843 return "AES128-CTR";
1844 case SSH2_CIPHER_AES192_CTR:
1845 return "AES192-CTR";
1846 case SSH2_CIPHER_AES256_CTR:
1847 return "AES256-CTR";
1848 case SSH2_CIPHER_ARCFOUR:
1849 return "Arcfour";
1850 case SSH2_CIPHER_ARCFOUR128:
1851 return "Arcfour128";
1852 case SSH2_CIPHER_ARCFOUR256:
1853 return "Arcfour256";
1854 case SSH2_CIPHER_CAST128_CBC:
1855 return "CAST-128-CBC";
1856 case SSH2_CIPHER_3DES_CTR:
1857 return "3DES-CTR";
1858 case SSH2_CIPHER_BLOWFISH_CTR:
1859 return "Blowfish-CTR";
1860 case SSH2_CIPHER_CAST128_CTR:
1861 return "CAST-128-CTR";
1862 case SSH2_CIPHER_CAMELLIA128_CBC:
1863 return "Camellia128-CBC";
1864 case SSH2_CIPHER_CAMELLIA192_CBC:
1865 return "Camellia192-CBC";
1866 case SSH2_CIPHER_CAMELLIA256_CBC:
1867 return "Camellia256-CBC";
1868 case SSH2_CIPHER_CAMELLIA128_CTR:
1869 return "Camellia128-CTR";
1870 case SSH2_CIPHER_CAMELLIA192_CTR:
1871 return "Camellia192-CTR";
1872 case SSH2_CIPHER_CAMELLIA256_CTR:
1873 return "Camellia256-CTR";
1874
1875 default:
1876 return "Unknown";
1877 }
1878 }
1879
1880 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1881 {
1882 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1883 "%s to server, %s from server");
1884 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1885 get_cipher_name(pvar->crypt_state.sender_cipher),
1886 get_cipher_name(pvar->crypt_state.receiver_cipher));
1887 }
1888
1889 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1890 {
1891 if (SSHv1(pvar)) {
1892 if (pvar->crypt_state.server_key.RSA_key == NULL
1893 || pvar->crypt_state.host_key.RSA_key == NULL) {
1894 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1895 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1896 } else {
1897 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1898 "%d-bit server key, %d-bit host key");
1899 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1900 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1901 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1902 }
1903 } else { // SSH2
1904 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1905 "%d-bit client key, %d-bit server key");
1906 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1907 pvar->client_key_bits,
1908 pvar->server_key_bits);
1909 }
1910 }
1911
1912 static void destroy_public_key(CRYPTPublicKey * key)
1913 {
1914 if (key->RSA_key != NULL) {
1915 RSA_free(key->RSA_key);
1916 key->RSA_key = NULL;
1917 }
1918 }
1919
1920 void CRYPT_free_public_key(CRYPTPublicKey * key)
1921 {
1922 destroy_public_key(key);
1923 free(key);
1924 }
1925
1926 void CRYPT_end(PTInstVar pvar)
1927 {
1928 destroy_public_key(&pvar->crypt_state.host_key);
1929 destroy_public_key(&pvar->crypt_state.server_key);
1930
1931 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1932 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1933 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1934 free(pvar->crypt_state.detect_attack_statics.h);
1935 }
1936
1937 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1938 sizeof(pvar->crypt_state.sender_cipher_key));
1939 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1940 sizeof(pvar->crypt_state.receiver_cipher_key));
1941 SecureZeroMemory(pvar->crypt_state.server_cookie,
1942 sizeof(pvar->crypt_state.server_cookie));
1943 SecureZeroMemory(pvar->crypt_state.client_cookie,
1944 sizeof(pvar->crypt_state.client_cookie));
1945 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1946 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1947 }
1948
1949 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1950 char FAR * buf, int bytes)
1951 {
1952 unsigned char passphrase_key[16];
1953
1954 MD5(passphrase, strlen(passphrase), passphrase_key);
1955
1956 switch (cipher) {
1957 case SSH_CIPHER_3DES:{
1958 Cipher3DESState state;
1959
1960 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1961 &state.k1);
1962 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1963 &state.k2);
1964 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1965 &state.k3);
1966 memset(state.ivec1, 0, 8);
1967 memset(state.ivec2, 0, 8);
1968 memset(state.ivec3, 0, 8);
1969 DES_ncbc_encrypt(buf, buf, bytes,
1970 &state.k3, &state.ivec3, DES_DECRYPT);
1971 DES_ncbc_encrypt(buf, buf, bytes,
1972 &state.k2, &state.ivec2, DES_ENCRYPT);
1973 DES_ncbc_encrypt(buf, buf, bytes,
1974 &state.k1, &state.ivec1, DES_DECRYPT);
1975 break;
1976 }
1977
1978 case SSH_CIPHER_IDEA:{
1979 CipherIDEAState state;
1980 int num = 0;
1981
1982 cIDEA_init(passphrase_key, &state);
1983 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1984 &num, IDEA_DECRYPT);
1985 break;
1986 }
1987
1988 case SSH_CIPHER_DES:{
1989 CipherDESState state;
1990
1991 cDES_init(passphrase_key, &state);
1992 DES_ncbc_encrypt(buf, buf, bytes,
1993 &state.k, &state.ivec, DES_DECRYPT);
1994 break;
1995 }
1996
1997 case SSH_CIPHER_RC4:{
1998 CipherRC4State state;
1999 int num = 0;
2000
2001 RC4_set_key(&state.k, 16, passphrase_key);
2002 RC4(&state.k, bytes, buf, buf);
2003 break;
2004 }
2005
2006 case SSH_CIPHER_BLOWFISH:{
2007 CipherBlowfishState state;
2008
2009 BF_set_key(&state.k, 16, passphrase_key);
2010 memset(state.ivec, 0, 8);
2011 flip_endianness(buf, bytes);
2012 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
2013 BF_DECRYPT);
2014 flip_endianness(buf, bytes);
2015 break;
2016 }
2017
2018 case SSH_CIPHER_NONE:
2019 break;
2020
2021 default:
2022 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2023 return 0;
2024 }
2025
2026 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
2027 return 1;
2028 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help