Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6714 - (show annotations) (download) (as text)
Fri May 12 12:41:49 2017 UTC (6 years, 11 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 59992 byte(s) 
IDEA / RC4(SSH1) 関連のコードを削除。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE) {
195 return FALSE;
196 }
197 else {
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes, NULL) == DEATTACK_DETECTED;
200 }
201 } else {
202 return FALSE;
203 }
204 }
205
206 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
207 {
208 }
209
210
211 // for SSH2(yutaka)
212 // ���O�������������������������������AAES192, AES256 ����
213 // cAES128_encrypt/cAES128_decrypt ���g�p������ (2007.10.16 maya)
214 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
215 int bytes)
216 {
217 unsigned char *newbuf = malloc(bytes);
218 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
219 char tmp[80];
220
221 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
222 if (bytes == 0)
223 goto error;
224
225 if (newbuf == NULL)
226 return;
227
228 if (bytes % block_size) {
229 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
230 "%s encrypt error(1): bytes %d (%d)");
231 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
232 "AES128/192/256", bytes, block_size);
233 notify_fatal_error(pvar, tmp, TRUE);
234 goto error;
235 }
236
237 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
238 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
239 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
240 "AES128/192/256");
241 notify_fatal_error(pvar, tmp, TRUE);
242 goto error;
243
244 } else {
245 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
246 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
247 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
248 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
249
250 //debug_print(50, key, 24);
251 //debug_print(51, iv, 8);
252 //debug_print(52, buf, bytes);
253 //debug_print(53, newbuf, bytes);
254
255 memcpy(buf, newbuf, bytes);
256 }
257
258 error:
259 free(newbuf);
260 }
261
262 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
263 int bytes)
264 {
265 unsigned char *newbuf = malloc(bytes);
266 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
267 char tmp[80];
268
269 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
270 if (bytes == 0)
271 goto error;
272
273 if (newbuf == NULL)
274 return;
275
276 if (bytes % block_size) {
277 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
278 "%s decrypt error(1): bytes %d (%d)");
279 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
280 "AES128/192/256", bytes, block_size);
281 notify_fatal_error(pvar, tmp, TRUE);
282 goto error;
283 }
284
285 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
286 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
287 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
288 "AES128/192/256");
289 notify_fatal_error(pvar, tmp, TRUE);
290 goto error;
291
292 } else {
293 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
294 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
295 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
296 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
297
298 //debug_print(70, key, AES128_KEYLEN);
299 //debug_print(71, iv, AES128_IVLEN);
300 //debug_print(72, buf, bytes);
301 //debug_print(73, newbuf, bytes);
302
303 memcpy(buf, newbuf, bytes);
304 }
305
306 error:
307 free(newbuf);
308 }
309
310
311 // for SSH2(yutaka)
312 static void c3DES_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
313 int bytes)
314 {
315 unsigned char *newbuf = malloc(bytes);
316 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
317 char tmp[80];
318
319 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
320 if (bytes == 0)
321 goto error;
322
323 if (newbuf == NULL)
324 return;
325
326 if (bytes % block_size) {
327 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
328 "%s encrypt error(1): bytes %d (%d)");
329 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
330 "3DES-CBC", bytes, block_size);
331 notify_fatal_error(pvar, tmp, TRUE);
332 goto error;
333 }
334
335 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
336 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
337 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
338 "3DES-CBC");
339 notify_fatal_error(pvar, tmp, TRUE);
340 goto error;
341
342 } else {
343 //unsigned char key[24], iv[8];
344 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
345 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
346 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
347
348 //debug_print(50, key, 24);
349 //debug_print(51, iv, 8);
350 //debug_print(52, buf, bytes);
351 //debug_print(53, newbuf, bytes);
352
353 memcpy(buf, newbuf, bytes);
354 }
355
356 error:
357 free(newbuf);
358 }
359
360 static void c3DES_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
361 int bytes)
362 {
363 unsigned char *newbuf = malloc(bytes);
364 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
365 char tmp[80];
366
367 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
368 if (bytes == 0)
369 goto error;
370
371 if (newbuf == NULL)
372 return;
373
374 if (bytes % block_size) {
375 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
376 "%s decrypt error(1): bytes %d (%d)");
377 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
378 "3DES-CBC", bytes, block_size);
379 notify_fatal_error(pvar, tmp, TRUE);
380 goto error;
381 }
382
383 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
384 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
385 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
386 "3DES-CBC");
387 notify_fatal_error(pvar, tmp, TRUE);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IV��DES���������X�V�����������A���[�J�����R�s�[���������g���B
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414 char tmp[80];
415
416 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
417 if (bytes == 0)
418 goto error;
419
420 if (newbuf == NULL)
421 return;
422
423 if (bytes % block_size) {
424 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
425 "%s encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
427 "Blowfish", bytes, block_size);
428 notify_fatal_error(pvar, tmp, TRUE);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
434 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
435 "Blowfish");
436 notify_fatal_error(pvar, tmp, TRUE);
437 goto error;
438
439 } else {
440 memcpy(buf, newbuf, bytes);
441
442 }
443
444 error:
445 free(newbuf);
446 }
447
448 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
449 int bytes)
450 {
451 unsigned char *newbuf = malloc(bytes);
452 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
453 char tmp[80];
454
455 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
456 if (bytes == 0)
457 goto error;
458
459 if (newbuf == NULL)
460 return;
461
462 if (bytes % block_size) {
463 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
464 "%s decrypt error(1): bytes %d (%d)");
465 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
466 "Blowfish", bytes, block_size);
467 notify_fatal_error(pvar, tmp, TRUE);
468 goto error;
469 }
470
471 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
472 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
473 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
474 "Blowfish");
475 notify_fatal_error(pvar, tmp, TRUE);
476 goto error;
477
478 } else {
479 memcpy(buf, newbuf, bytes);
480
481 }
482
483 error:
484 free(newbuf);
485 }
486
487
488 static void cArcfour_encrypt(PTInstVar pvar, unsigned char FAR * buf,
489 int bytes)
490 {
491 unsigned char *newbuf = malloc(bytes);
492 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
493 char tmp[80];
494
495 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
496 if (bytes == 0)
497 goto error;
498
499 if (newbuf == NULL)
500 return;
501
502 if (bytes % block_size) {
503 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
504 "%s encrypt error(1): bytes %d (%d)");
505 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
506 "Arcfour", bytes, block_size);
507 notify_fatal_error(pvar, tmp, TRUE);
508 goto error;
509 }
510
511 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
512 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
513 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
514 "Arcfour");
515 notify_fatal_error(pvar, tmp, TRUE);
516 goto error;
517
518 } else {
519 memcpy(buf, newbuf, bytes);
520
521 }
522
523 error:
524 free(newbuf);
525 }
526
527 static void cArcfour_decrypt(PTInstVar pvar, unsigned char FAR * buf,
528 int bytes)
529 {
530 unsigned char *newbuf = malloc(bytes);
531 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
532 char tmp[80];
533
534 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
535 if (bytes == 0)
536 goto error;
537
538 if (newbuf == NULL)
539 return;
540
541 if (bytes % block_size) {
542 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
543 "%s decrypt error(1): bytes %d (%d)");
544 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
545 "Arcfour", bytes, block_size);
546 notify_fatal_error(pvar, tmp, TRUE);
547 goto error;
548 }
549
550 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
551 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
552 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
553 "Arcfour");
554 notify_fatal_error(pvar, tmp, TRUE);
555 goto error;
556
557 } else {
558 memcpy(buf, newbuf, bytes);
559
560 }
561
562 error:
563 free(newbuf);
564 }
565
566
567 static void cCast128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
568 int bytes)
569 {
570 unsigned char *newbuf = malloc(bytes);
571 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
572 char tmp[80];
573
574 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
575 if (bytes == 0)
576 goto error;
577
578 if (newbuf == NULL)
579 return;
580
581 if (bytes % block_size) {
582 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
583 "%s encrypt error(1): bytes %d (%d)");
584 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
585 "CAST128", bytes, block_size);
586 notify_fatal_error(pvar, tmp, TRUE);
587 goto error;
588 }
589
590 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
591 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
592 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
593 "CAST128");
594 notify_fatal_error(pvar, tmp, TRUE);
595 goto error;
596
597 } else {
598 memcpy(buf, newbuf, bytes);
599
600 }
601
602 error:
603 free(newbuf);
604 }
605
606 static void cCast128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
607 int bytes)
608 {
609 unsigned char *newbuf = malloc(bytes);
610 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
611 char tmp[80];
612
613 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
614 if (bytes == 0)
615 goto error;
616
617 if (newbuf == NULL)
618 return;
619
620 if (bytes % block_size) {
621 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
622 "%s decrypt error(1): bytes %d (%d)");
623 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
624 "CAST128", bytes, block_size);
625 notify_fatal_error(pvar, tmp, TRUE);
626 goto error;
627 }
628
629 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
630 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
631 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
632 "CAST128");
633 notify_fatal_error(pvar, tmp, TRUE);
634 goto error;
635
636 } else {
637 memcpy(buf, newbuf, bytes);
638
639 }
640
641 error:
642 free(newbuf);
643 }
644
645 static void cCamellia_encrypt(PTInstVar pvar, unsigned char FAR * buf,
646 int bytes)
647 {
648 unsigned char *newbuf = malloc(bytes);
649 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
650 char tmp[80];
651
652 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
653 if (bytes == 0)
654 goto error;
655
656 if (newbuf == NULL)
657 return;
658
659 if (bytes % block_size) {
660 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
661 "%s encrypt error(1): bytes %d (%d)");
662 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
663 "Camellia128/192/256", bytes, block_size);
664 notify_fatal_error(pvar, tmp, TRUE);
665 goto error;
666 }
667
668 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
669 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
670 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
671 "Camellia128/192/256");
672 notify_fatal_error(pvar, tmp, TRUE);
673 goto error;
674
675 } else {
676 memcpy(buf, newbuf, bytes);
677
678 }
679
680 error:
681 free(newbuf);
682 }
683
684 static void cCamellia_decrypt(PTInstVar pvar, unsigned char FAR * buf,
685 int bytes)
686 {
687 unsigned char *newbuf = malloc(bytes);
688 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
689 char tmp[80];
690
691 // ���O�������������A�S�y�C���[�h�������������������������A0�o�C�g�������B(2004.11.7 yutaka)
692 if (bytes == 0)
693 goto error;
694
695 if (newbuf == NULL)
696 return;
697
698 if (bytes % block_size) {
699 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
700 "%s decrypt error(1): bytes %d (%d)");
701 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
702 "Camellia128/192/256", bytes, block_size);
703 notify_fatal_error(pvar, tmp, TRUE);
704 goto error;
705 }
706
707 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
708 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
709 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
710 "Camellia128/192/256");
711 notify_fatal_error(pvar, tmp, TRUE);
712 goto error;
713
714 } else {
715 memcpy(buf, newbuf, bytes);
716
717 }
718
719 error:
720 free(newbuf);
721 }
722
723 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
724 int bytes)
725 {
726 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
727
728 DES_ncbc_encrypt(buf, buf, bytes,
729 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
730 DES_ncbc_encrypt(buf, buf, bytes,
731 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
732 DES_ncbc_encrypt(buf, buf, bytes,
733 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
734 }
735
736 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
737 int bytes)
738 {
739 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
740
741 DES_ncbc_encrypt(buf, buf, bytes,
742 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
743 DES_ncbc_encrypt(buf, buf, bytes,
744 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
745 DES_ncbc_encrypt(buf, buf, bytes,
746 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
747 }
748
749 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
750 int bytes)
751 {
752 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
753
754 DES_ncbc_encrypt(buf, buf, bytes,
755 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
756 }
757
758 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
759 int bytes)
760 {
761 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
762
763 DES_ncbc_encrypt(buf, buf, bytes,
764 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
765 }
766
767 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
768 {
769 uint32 FAR *buf = (uint32 FAR *) cbuf;
770 int count = bytes / 4;
771
772 while (count > 0) {
773 uint32 w = *buf;
774
775 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
776 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
777 count--;
778 buf++;
779 }
780 }
781
782 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
783 int bytes)
784 {
785 CipherBlowfishState FAR *encryptstate =
786 &pvar->crypt_state.enc.cBlowfish;
787
788 flip_endianness(buf, bytes);
789 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
790 BF_ENCRYPT);
791 flip_endianness(buf, bytes);
792 }
793
794 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
795 int bytes)
796 {
797 CipherBlowfishState FAR *decryptstate =
798 &pvar->crypt_state.dec.cBlowfish;
799
800 flip_endianness(buf, bytes);
801 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
802 BF_DECRYPT);
803 flip_endianness(buf, bytes);
804 }
805
806 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
807 int bytes)
808 {
809 RAND_bytes(buf, bytes);
810 }
811
812 void CRYPT_initialize_random_numbers(PTInstVar pvar)
813 {
814 // ����������������������
815 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
816 //RAND_screen();
817 }
818
819 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
820 {
821 int bits = get_ushort16_MSBfirst(bytes);
822
823 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
824 }
825
826 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
827 RSA FAR *make_key(PTInstVar pvar,
828 int bits, unsigned char FAR * exp,
829 unsigned char FAR * mod)
830 {
831 RSA FAR *key = RSA_new();
832
833 if (key != NULL) {
834 key->e = get_bignum(exp);
835 key->n = get_bignum(mod);
836 }
837
838 if (key == NULL || key->e == NULL || key->n == NULL) {
839 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
840 "Error setting up RSA keys");
841 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
842
843 if (key != NULL) {
844 if (key->e != NULL) {
845 BN_free(key->e);
846 }
847 if (key->n != NULL) {
848 BN_free(key->n);
849 }
850 RSA_free(key);
851 }
852
853 return NULL;
854 } else {
855 return key;
856 }
857 }
858
859 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
860 {
861 if (SSHv1(pvar)) {
862 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
863 } else {
864 memcpy(pvar->crypt_state.server_cookie, cookie,
865 SSH2_COOKIE_LENGTH);
866 }
867 }
868
869 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
870 {
871 if (SSHv2(pvar)) {
872 memcpy(pvar->crypt_state.client_cookie, cookie,
873 SSH2_COOKIE_LENGTH);
874 }
875 }
876
877 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
878 int bits, unsigned char FAR * exp,
879 unsigned char FAR * mod)
880 {
881 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
882
883 return pvar->crypt_state.server_key.RSA_key != NULL;
884 }
885
886 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
887 int bits, unsigned char FAR * exp,
888 unsigned char FAR * mod)
889 {
890 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
891
892 return pvar->crypt_state.host_key.RSA_key != NULL;
893 }
894
895 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
896 int receiver_ciphers)
897 {
898 int cipher_mask;
899
900 if (SSHv1(pvar)) {
901 cipher_mask = (1 << SSH_CIPHER_DES)
902 | (1 << SSH_CIPHER_3DES)
903 | (1 << SSH_CIPHER_BLOWFISH);
904
905 } else { // for SSH2(yutaka)
906 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
907 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
908 | (1 << SSH2_CIPHER_AES128_CBC)
909 | (1 << SSH2_CIPHER_AES192_CBC)
910 | (1 << SSH2_CIPHER_AES256_CBC)
911 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
912 | (1 << SSH2_CIPHER_AES128_CTR)
913 | (1 << SSH2_CIPHER_AES192_CTR)
914 | (1 << SSH2_CIPHER_AES256_CTR)
915 | (1 << SSH2_CIPHER_ARCFOUR)
916 | (1 << SSH2_CIPHER_ARCFOUR128)
917 | (1 << SSH2_CIPHER_ARCFOUR256)
918 | (1 << SSH2_CIPHER_CAST128_CBC)
919 | (1 << SSH2_CIPHER_3DES_CTR)
920 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
921 | (1 << SSH2_CIPHER_CAST128_CTR)
922 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
923 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
924 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
925 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
926 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
927 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
928 );
929 }
930
931 sender_ciphers &= cipher_mask;
932 receiver_ciphers &= cipher_mask;
933 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
934 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
935
936 if (sender_ciphers == 0) {
937 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
938 "The server does not support any of the TTSSH encryption algorithms.\n"
939 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
940 "The connection will be closed.");
941 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
942 return FALSE;
943 } else if (receiver_ciphers == 0) {
944 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
945 "The server does not support any of the TTSSH encryption algorithms.\n"
946 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
947 "The connection will be closed.");
948 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
949 return FALSE;
950 } else {
951 return TRUE;
952 }
953 }
954
955 int CRYPT_get_decryption_block_size(PTInstVar pvar)
956 {
957 if (SSHv1(pvar)) {
958 return 8;
959 } else {
960 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
961 // cf. 3DES=8, AES128=16
962 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
963 }
964 }
965
966 int CRYPT_get_encryption_block_size(PTInstVar pvar)
967 {
968 if (SSHv1(pvar)) {
969 return 8;
970 } else {
971 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
972 // cf. 3DES=8, AES128=16
973 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
974 }
975 }
976
977 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
978 {
979 struct Mac *mac;
980
981 if (SSHv1(pvar)) {
982 return 0;
983
984 } else { // for SSH2(yutaka)
985 mac = &pvar->ssh2_keys[MODE_IN].mac;
986 if (mac == NULL || mac->enabled == 0)
987 return 0;
988
989 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
990 }
991
992 }
993
994 // HMAC������
995 // ���{������ SSH2 �������g�p�������B
996 // (2004.12.17 yutaka)
997 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
998 char FAR * data, int len, char FAR * MAC)
999 {
1000 HMAC_CTX c;
1001 unsigned char m[EVP_MAX_MD_SIZE];
1002 unsigned char b[4];
1003 struct Mac *mac;
1004
1005 mac = &pvar->ssh2_keys[MODE_IN].mac;
1006
1007 // HMAC�������L���������������A����OK�����������B
1008 if (mac == NULL || mac->enabled == 0)
1009 return TRUE;
1010
1011 if (mac->key == NULL) {
1012 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
1013 goto error;
1014 }
1015
1016 if ((u_int)mac->mac_len > sizeof(m)) {
1017 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
1018 mac->mac_len, sizeof(m), sequence_number, len);
1019 goto error;
1020 }
1021
1022 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1023 set_uint32_MSBfirst(b, sequence_number);
1024 HMAC_Update(&c, b, sizeof(b));
1025 HMAC_Update(&c, data, len);
1026 HMAC_Final(&c, m, NULL);
1027 HMAC_cleanup(&c);
1028
1029 if (memcmp(m, MAC, mac->mac_len)) {
1030 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
1031 logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
1032 logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
1033 goto error;
1034 }
1035
1036 return TRUE;
1037
1038 error:
1039 return FALSE;
1040 }
1041
1042 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
1043 {
1044 struct Mac *mac;
1045
1046 if (SSHv2(pvar)) { // for SSH2(yutaka)
1047 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1048 if (mac == NULL || mac->enabled == 0)
1049 return 0;
1050
1051 return (mac->mac_len);
1052 }
1053
1054 return 0;
1055 }
1056
1057 // for SSH2
1058 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
1059 char FAR * data, int len, char FAR * MAC)
1060 {
1061 HMAC_CTX c;
1062 static u_char m[EVP_MAX_MD_SIZE];
1063 u_char b[4];
1064 struct Mac *mac;
1065
1066 if (SSHv2(pvar)) { // for SSH2(yutaka)
1067 mac = &pvar->ssh2_keys[MODE_OUT].mac;
1068 if (mac == NULL || mac->enabled == 0)
1069 return FALSE;
1070
1071 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
1072 set_uint32_MSBfirst(b, sequence_number);
1073 HMAC_Update(&c, b, sizeof(b));
1074 HMAC_Update(&c, data, len);
1075 HMAC_Final(&c, m, NULL);
1076 HMAC_cleanup(&c);
1077
1078 // 20�o�C�g�������R�s�[
1079 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
1080 // memcpy(MAC, m, sizeof(m));
1081
1082 return TRUE;
1083 }
1084
1085 return TRUE;
1086
1087 }
1088
1089 static int choose_cipher(PTInstVar pvar, int supported)
1090 {
1091 int i;
1092
1093 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
1094 int cipher = pvar->session_settings.CipherOrder[i] - '0';
1095
1096 if (cipher == SSH_CIPHER_NONE) {
1097 break;
1098 } else if ((supported & (1 << cipher)) != 0) {
1099 return cipher;
1100 }
1101 }
1102
1103 return SSH_CIPHER_NONE;
1104 }
1105
1106 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
1107 {
1108 if (SSHv1(pvar)) {
1109 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
1110 pvar->crypt_state.
1111 supported_sender_ciphers);
1112 pvar->crypt_state.receiver_cipher =
1113 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
1114
1115 } else { // SSH2(yutaka)
1116 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
1117 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
1118
1119 }
1120
1121 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
1122 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
1123 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
1124 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
1125 "To communicate with this server, you will have to enable some more ciphers\n"
1126 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
1127 "This connection will now close.");
1128 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1129 return FALSE;
1130 } else {
1131 return TRUE;
1132 }
1133 }
1134
1135 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
1136 {
1137 int server_key_bits =
1138 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1139 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1140 int server_key_bytes = (server_key_bits + 7) / 8;
1141 int host_key_bytes = (host_key_bits + 7) / 8;
1142
1143 if (server_key_bits < host_key_bits) {
1144 return host_key_bytes;
1145 } else {
1146 return server_key_bytes;
1147 }
1148 }
1149
1150 int CRYPT_choose_session_key(PTInstVar pvar,
1151 unsigned char FAR * encrypted_key_buf)
1152 {
1153 int server_key_bits =
1154 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1155 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1156 int server_key_bytes = (server_key_bits + 7) / 8;
1157 int host_key_bytes = (host_key_bits + 7) / 8;
1158 int encrypted_key_bytes;
1159 int bit_delta;
1160
1161 if (server_key_bits < host_key_bits) {
1162 encrypted_key_bytes = host_key_bytes;
1163 bit_delta = host_key_bits - server_key_bits;
1164 } else {
1165 encrypted_key_bytes = server_key_bytes;
1166 bit_delta = server_key_bits - host_key_bits;
1167 }
1168
1169 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
1170 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
1171 "Server RSA keys are too weak. A secure connection cannot be established.");
1172 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1173 return 0;
1174 } else {
1175 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
1176 for the session ID, rather than the one specified in the RFC */
1177 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1178 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1179 char session_id[16];
1180 int i;
1181
1182 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1183 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1184 session_buf + host_key_bytes);
1185 memcpy(session_buf + server_key_bytes + host_key_bytes,
1186 pvar->crypt_state.server_cookie, 8);
1187 MD5(session_buf, session_buf_len, session_id);
1188
1189 free(session_buf);
1190
1191 RAND_bytes(pvar->crypt_state.sender_cipher_key,
1192 SSH_SESSION_KEY_LENGTH);
1193 memcpy(pvar->crypt_state.receiver_cipher_key,
1194 pvar->crypt_state.sender_cipher_key,
1195 SSH_SESSION_KEY_LENGTH);
1196
1197 memcpy(encrypted_key_buf + encrypted_key_bytes -
1198 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
1199 SSH_SESSION_KEY_LENGTH);
1200 for (i = 0; i < sizeof(session_id); i++) {
1201 encrypted_key_buf[encrypted_key_bytes -
1202 SSH_SESSION_KEY_LENGTH + i]
1203 ^= session_id[i];
1204 }
1205
1206 if (host_key_bits > server_key_bits) {
1207 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1208 encrypted_key_buf +
1209 encrypted_key_bytes -
1210 SSH_SESSION_KEY_LENGTH,
1211 encrypted_key_buf +
1212 encrypted_key_bytes - server_key_bytes,
1213 pvar->crypt_state.server_key.RSA_key,
1214 RSA_PKCS1_PADDING) < 0)
1215 return 0;
1216
1217 if (RSA_public_encrypt(server_key_bytes,
1218 encrypted_key_buf +
1219 encrypted_key_bytes - server_key_bytes,
1220 encrypted_key_buf,
1221 pvar->crypt_state.host_key.RSA_key,
1222 RSA_PKCS1_PADDING) < 0)
1223 return 0;
1224 } else {
1225 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1226 encrypted_key_buf +
1227 encrypted_key_bytes -
1228 SSH_SESSION_KEY_LENGTH,
1229 encrypted_key_buf +
1230 encrypted_key_bytes - host_key_bytes,
1231 pvar->crypt_state.host_key.RSA_key,
1232 RSA_PKCS1_PADDING) < 0)
1233 return 0;
1234
1235 if (RSA_public_encrypt(host_key_bytes,
1236 encrypted_key_buf +
1237 encrypted_key_bytes - host_key_bytes,
1238 encrypted_key_buf,
1239 pvar->crypt_state.server_key.RSA_key,
1240 RSA_PKCS1_PADDING) < 0)
1241 return 0;
1242 }
1243 }
1244
1245 return 1;
1246 }
1247
1248 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1249 unsigned char FAR * challenge,
1250 int challenge_len,
1251 unsigned char FAR * response)
1252 {
1253 int server_key_bits =
1254 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1255 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1256 int server_key_bytes = (server_key_bits + 7) / 8;
1257 int host_key_bytes = (host_key_bits + 7) / 8;
1258 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1259 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1260 char decrypted_challenge[48];
1261 int decrypted_challenge_len;
1262
1263 decrypted_challenge_len =
1264 RSA_private_decrypt(challenge_len, challenge, challenge,
1265 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1266 RSA_PKCS1_PADDING);
1267 if (decrypted_challenge_len < 0) {
1268 free(session_buf);
1269 return 0;
1270 }
1271 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1272 memcpy(decrypted_challenge,
1273 challenge + decrypted_challenge_len -
1274 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1275 } else {
1276 memset(decrypted_challenge, 0,
1277 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1278 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1279 decrypted_challenge_len, challenge,
1280 decrypted_challenge_len);
1281 }
1282
1283 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1284 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1285 session_buf + host_key_bytes);
1286 memcpy(session_buf + server_key_bytes + host_key_bytes,
1287 pvar->crypt_state.server_cookie, 8);
1288 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1289
1290 free(session_buf);
1291
1292 MD5(decrypted_challenge, 48, response);
1293
1294 return 1;
1295 }
1296
1297 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1298 {
1299 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1300 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1301 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1302 memset(state->ivec1, 0, 8);
1303 memset(state->ivec2, 0, 8);
1304 memset(state->ivec3, 0, 8);
1305 }
1306
1307 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1308 {
1309 DES_set_key((const_DES_cblock FAR *) session_key, &state->k);
1310 memset(state->ivec, 0, 8);
1311 }
1312
1313 static void cBlowfish_init(char FAR * session_key,
1314 CipherBlowfishState FAR * state)
1315 {
1316 BF_set_key(&state->k, 32, session_key);
1317 memset(state->ivec, 0, 8);
1318 }
1319
1320
1321 //
1322 // SSH2�p�A���S���Y����������
1323 //
1324 // for SSH2(yutaka)
1325 //
1326 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1327 const u_char *key, u_int keylen,
1328 const u_char *iv, u_int ivlen,
1329 int encrypt,
1330 const EVP_CIPHER *type,
1331 int discard_len,
1332 PTInstVar pvar)
1333 {
1334 int klen;
1335 char tmp[80];
1336 unsigned char *junk = NULL, *discard = NULL;
1337
1338 EVP_CIPHER_CTX_init(evp);
1339 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1340 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1341 "Cipher initialize error(%d)");
1342 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1343 notify_fatal_error(pvar, tmp, TRUE);
1344 return;
1345 }
1346
1347 klen = EVP_CIPHER_CTX_key_length(evp);
1348 if (klen > 0 && keylen != klen) {
1349 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1350 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1351 "Cipher initialize error(%d)");
1352 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1353 notify_fatal_error(pvar, tmp, TRUE);
1354 return;
1355 }
1356 }
1357 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1358 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1359 "Cipher initialize error(%d)");
1360 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1361 notify_fatal_error(pvar, tmp, TRUE);
1362 return;
1363 }
1364
1365 if (discard_len > 0) {
1366 junk = malloc(discard_len);
1367 discard = malloc(discard_len);
1368 if (junk == NULL || discard == NULL ||
1369 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1370 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1371 "Cipher initialize error(%d)");
1372 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
1373 pvar->ts->UIMsg, 3);
1374 notify_fatal_error(pvar, tmp, TRUE);
1375 }
1376 else {
1377 SecureZeroMemory(discard, discard_len);
1378 }
1379 free(junk);
1380 free(discard);
1381 }
1382 }
1383
1384 //
1385 // SSH2�p�A���S���Y�����j��
1386 //
1387 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1388 {
1389 EVP_CIPHER_CTX_cleanup(evp);
1390 }
1391
1392
1393 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1394 {
1395 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1396 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1397 BOOL isOK = TRUE;
1398
1399 if (sender_flag) {
1400 switch (pvar->crypt_state.sender_cipher) {
1401 // for SSH2(yutaka)
1402 case SSH2_CIPHER_3DES_CBC:
1403 case SSH2_CIPHER_3DES_CTR:
1404 {
1405 struct Enc *enc;
1406
1407 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1408 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1409 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1410 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1411 CIPHER_ENCRYPT,
1412 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1413 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1414 pvar);
1415
1416 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1417 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1418
1419 pvar->crypt_state.encrypt = c3DES_encrypt2;
1420 break;
1421 }
1422
1423 // for SSH2(yutaka)
1424 case SSH2_CIPHER_AES128_CBC:
1425 case SSH2_CIPHER_AES192_CBC:
1426 case SSH2_CIPHER_AES256_CBC:
1427 case SSH2_CIPHER_AES128_CTR:
1428 case SSH2_CIPHER_AES192_CTR:
1429 case SSH2_CIPHER_AES256_CTR:
1430 {
1431 struct Enc *enc;
1432
1433 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1434 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1435 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1436 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1437 CIPHER_ENCRYPT,
1438 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1439 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1440 pvar);
1441
1442 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1443 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1444
1445 pvar->crypt_state.encrypt = cAES128_encrypt;
1446 break;
1447 }
1448
1449 case SSH2_CIPHER_BLOWFISH_CBC:
1450 case SSH2_CIPHER_BLOWFISH_CTR:
1451 {
1452 struct Enc *enc;
1453
1454 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1455 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1456 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1457 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1458 CIPHER_ENCRYPT,
1459 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1460 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1461 pvar);
1462
1463 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1464 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1465
1466 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1467 break;
1468 }
1469
1470 case SSH2_CIPHER_ARCFOUR:
1471 case SSH2_CIPHER_ARCFOUR128:
1472 case SSH2_CIPHER_ARCFOUR256:
1473 {
1474 struct Enc *enc;
1475
1476 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1477 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1478 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1479 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1480 CIPHER_ENCRYPT,
1481 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1482 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1483 pvar);
1484 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1485 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1486
1487 pvar->crypt_state.encrypt = cArcfour_encrypt;
1488 break;
1489 }
1490
1491 case SSH2_CIPHER_CAST128_CBC:
1492 case SSH2_CIPHER_CAST128_CTR:
1493 {
1494 struct Enc *enc;
1495
1496 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1497 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1498 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1499 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1500 CIPHER_ENCRYPT,
1501 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1502 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1503 pvar);
1504 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1505 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1506
1507 pvar->crypt_state.encrypt = cCast128_encrypt;
1508 break;
1509 }
1510
1511 case SSH2_CIPHER_CAMELLIA128_CBC:
1512 case SSH2_CIPHER_CAMELLIA192_CBC:
1513 case SSH2_CIPHER_CAMELLIA256_CBC:
1514 case SSH2_CIPHER_CAMELLIA128_CTR:
1515 case SSH2_CIPHER_CAMELLIA192_CTR:
1516 case SSH2_CIPHER_CAMELLIA256_CTR:
1517 {
1518 struct Enc *enc;
1519
1520 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1521 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1522 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1523 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1524 CIPHER_ENCRYPT,
1525 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1526 get_cipher_discard_len(pvar->crypt_state.sender_cipher),
1527 pvar);
1528
1529 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1530 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1531
1532 pvar->crypt_state.encrypt = cCamellia_encrypt;
1533 break;
1534 }
1535
1536 case SSH_CIPHER_3DES:{
1537 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1538 pvar->crypt_state.encrypt = c3DES_encrypt;
1539 break;
1540 }
1541 case SSH_CIPHER_DES:{
1542 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1543 pvar->crypt_state.encrypt = cDES_encrypt;
1544 break;
1545 }
1546 case SSH_CIPHER_BLOWFISH:{
1547 cBlowfish_init(encryption_key,
1548 &pvar->crypt_state.enc.cBlowfish);
1549 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1550 break;
1551 }
1552 default:
1553 isOK = FALSE;
1554 }
1555 }
1556
1557
1558 if (receiver_flag) {
1559 switch (pvar->crypt_state.receiver_cipher) {
1560 // for SSH2(yutaka)
1561 case SSH2_CIPHER_3DES_CBC:
1562 case SSH2_CIPHER_3DES_CTR:
1563 {
1564 struct Enc *enc;
1565
1566 enc = &pvar->ssh2_keys[MODE_IN].enc;
1567 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1568 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1569 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1570 CIPHER_DECRYPT,
1571 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1572 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1573 pvar);
1574
1575 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1576 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1577
1578 pvar->crypt_state.decrypt = c3DES_decrypt2;
1579 break;
1580 }
1581
1582 // for SSH2(yutaka)
1583 case SSH2_CIPHER_AES128_CBC:
1584 case SSH2_CIPHER_AES192_CBC:
1585 case SSH2_CIPHER_AES256_CBC:
1586 case SSH2_CIPHER_AES128_CTR:
1587 case SSH2_CIPHER_AES192_CTR:
1588 case SSH2_CIPHER_AES256_CTR:
1589 {
1590 struct Enc *enc;
1591
1592 enc = &pvar->ssh2_keys[MODE_IN].enc;
1593 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1594 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1595 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1596 CIPHER_DECRYPT,
1597 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1598 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1599 pvar);
1600
1601 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1602 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1603
1604 pvar->crypt_state.decrypt = cAES128_decrypt;
1605 break;
1606 }
1607
1608 case SSH2_CIPHER_BLOWFISH_CBC:
1609 case SSH2_CIPHER_BLOWFISH_CTR:
1610 {
1611 struct Enc *enc;
1612
1613 enc = &pvar->ssh2_keys[MODE_IN].enc;
1614 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1615 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1616 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1617 CIPHER_DECRYPT,
1618 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1619 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1620 pvar);
1621
1622 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1623 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1624
1625 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1626 break;
1627 }
1628
1629 case SSH2_CIPHER_ARCFOUR:
1630 case SSH2_CIPHER_ARCFOUR128:
1631 case SSH2_CIPHER_ARCFOUR256:
1632 {
1633 struct Enc *enc;
1634
1635 enc = &pvar->ssh2_keys[MODE_IN].enc;
1636 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1637 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1638 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1639 CIPHER_DECRYPT,
1640 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1641 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1642 pvar);
1643
1644 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1645 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1646
1647 pvar->crypt_state.decrypt = cArcfour_decrypt;
1648 break;
1649 }
1650
1651 case SSH2_CIPHER_CAST128_CBC:
1652 case SSH2_CIPHER_CAST128_CTR:
1653 {
1654 struct Enc *enc;
1655
1656 enc = &pvar->ssh2_keys[MODE_IN].enc;
1657 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1658 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1659 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1660 CIPHER_DECRYPT,
1661 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1662 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1663 pvar);
1664
1665 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1666 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1667
1668 pvar->crypt_state.decrypt = cCast128_decrypt;
1669 break;
1670 }
1671
1672 case SSH2_CIPHER_CAMELLIA128_CBC:
1673 case SSH2_CIPHER_CAMELLIA192_CBC:
1674 case SSH2_CIPHER_CAMELLIA256_CBC:
1675 case SSH2_CIPHER_CAMELLIA128_CTR:
1676 case SSH2_CIPHER_CAMELLIA192_CTR:
1677 case SSH2_CIPHER_CAMELLIA256_CTR:
1678 {
1679 struct Enc *enc;
1680
1681 enc = &pvar->ssh2_keys[MODE_IN].enc;
1682 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1683 enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher),
1684 enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher),
1685 CIPHER_DECRYPT,
1686 get_cipher_EVP_CIPHER(pvar->crypt_state.receiver_cipher),
1687 get_cipher_discard_len(pvar->crypt_state.receiver_cipher),
1688 pvar);
1689
1690 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.receiver_cipher));
1691 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.receiver_cipher));
1692
1693 pvar->crypt_state.decrypt = cCamellia_decrypt;
1694 break;
1695 }
1696
1697 case SSH_CIPHER_3DES:{
1698 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1699 pvar->crypt_state.decrypt = c3DES_decrypt;
1700 break;
1701 }
1702 case SSH_CIPHER_DES:{
1703 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1704 pvar->crypt_state.decrypt = cDES_decrypt;
1705 break;
1706 }
1707 case SSH_CIPHER_BLOWFISH:{
1708 cBlowfish_init(decryption_key,
1709 &pvar->crypt_state.dec.cBlowfish);
1710 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1711 break;
1712 }
1713 default:
1714 isOK = FALSE;
1715 }
1716 }
1717
1718
1719 if (!isOK) {
1720 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1721 "No cipher selected!");
1722 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1723 return FALSE;
1724 } else {
1725 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1726 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1727 return TRUE;
1728 }
1729 }
1730
1731 void CRYPT_init(PTInstVar pvar)
1732 {
1733 pvar->crypt_state.encrypt = no_encrypt;
1734 pvar->crypt_state.decrypt = no_encrypt;
1735 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1736 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1737 pvar->crypt_state.server_key.RSA_key = NULL;
1738 pvar->crypt_state.host_key.RSA_key = NULL;
1739
1740 pvar->crypt_state.detect_attack_statics.h = NULL;
1741 pvar->crypt_state.detect_attack_statics.n =
1742 HASH_MINSIZE / HASH_ENTRYSIZE;
1743 }
1744
1745 static char FAR *get_cipher_name(int cipher)
1746 {
1747 switch (cipher) {
1748 case SSH_CIPHER_NONE:
1749 return "None";
1750 case SSH_CIPHER_3DES:
1751 return "3DES (168 key bits)";
1752 case SSH_CIPHER_DES:
1753 return "DES (56 key bits)";
1754 case SSH_CIPHER_BLOWFISH:
1755 return "Blowfish (256 key bits)";
1756
1757 // SSH2
1758 case SSH2_CIPHER_3DES_CBC:
1759 return "3DES-CBC";
1760 case SSH2_CIPHER_AES128_CBC:
1761 return "AES128-CBC";
1762 case SSH2_CIPHER_AES192_CBC:
1763 return "AES192-CBC";
1764 case SSH2_CIPHER_AES256_CBC:
1765 return "AES256-CBC";
1766 case SSH2_CIPHER_BLOWFISH_CBC:
1767 return "Blowfish-CBC";
1768 case SSH2_CIPHER_AES128_CTR:
1769 return "AES128-CTR";
1770 case SSH2_CIPHER_AES192_CTR:
1771 return "AES192-CTR";
1772 case SSH2_CIPHER_AES256_CTR:
1773 return "AES256-CTR";
1774 case SSH2_CIPHER_ARCFOUR:
1775 return "Arcfour";
1776 case SSH2_CIPHER_ARCFOUR128:
1777 return "Arcfour128";
1778 case SSH2_CIPHER_ARCFOUR256:
1779 return "Arcfour256";
1780 case SSH2_CIPHER_CAST128_CBC:
1781 return "CAST-128-CBC";
1782 case SSH2_CIPHER_3DES_CTR:
1783 return "3DES-CTR";
1784 case SSH2_CIPHER_BLOWFISH_CTR:
1785 return "Blowfish-CTR";
1786 case SSH2_CIPHER_CAST128_CTR:
1787 return "CAST-128-CTR";
1788 case SSH2_CIPHER_CAMELLIA128_CBC:
1789 return "Camellia128-CBC";
1790 case SSH2_CIPHER_CAMELLIA192_CBC:
1791 return "Camellia192-CBC";
1792 case SSH2_CIPHER_CAMELLIA256_CBC:
1793 return "Camellia256-CBC";
1794 case SSH2_CIPHER_CAMELLIA128_CTR:
1795 return "Camellia128-CTR";
1796 case SSH2_CIPHER_CAMELLIA192_CTR:
1797 return "Camellia192-CTR";
1798 case SSH2_CIPHER_CAMELLIA256_CTR:
1799 return "Camellia256-CTR";
1800
1801 default:
1802 return "Unknown";
1803 }
1804 }
1805
1806 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1807 {
1808 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1809 "%s to server, %s from server");
1810 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1811 get_cipher_name(pvar->crypt_state.sender_cipher),
1812 get_cipher_name(pvar->crypt_state.receiver_cipher));
1813 }
1814
1815 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1816 {
1817 if (SSHv1(pvar)) {
1818 if (pvar->crypt_state.server_key.RSA_key == NULL
1819 || pvar->crypt_state.host_key.RSA_key == NULL) {
1820 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1821 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1822 } else {
1823 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1824 "%d-bit server key, %d-bit host key");
1825 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1826 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1827 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1828 }
1829 } else { // SSH2
1830 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1831 "%d-bit client key, %d-bit server key");
1832 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1833 pvar->client_key_bits,
1834 pvar->server_key_bits);
1835 }
1836 }
1837
1838 static void destroy_public_key(CRYPTPublicKey * key)
1839 {
1840 if (key->RSA_key != NULL) {
1841 RSA_free(key->RSA_key);
1842 key->RSA_key = NULL;
1843 }
1844 }
1845
1846 void CRYPT_free_public_key(CRYPTPublicKey * key)
1847 {
1848 destroy_public_key(key);
1849 free(key);
1850 }
1851
1852 void CRYPT_end(PTInstVar pvar)
1853 {
1854 destroy_public_key(&pvar->crypt_state.host_key);
1855 destroy_public_key(&pvar->crypt_state.server_key);
1856
1857 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1858 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1859 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1860 free(pvar->crypt_state.detect_attack_statics.h);
1861 }
1862
1863 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1864 sizeof(pvar->crypt_state.sender_cipher_key));
1865 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1866 sizeof(pvar->crypt_state.receiver_cipher_key));
1867 SecureZeroMemory(pvar->crypt_state.server_cookie,
1868 sizeof(pvar->crypt_state.server_cookie));
1869 SecureZeroMemory(pvar->crypt_state.client_cookie,
1870 sizeof(pvar->crypt_state.client_cookie));
1871 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1872 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1873 }
1874
1875 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1876 char FAR * buf, int bytes)
1877 {
1878 unsigned char passphrase_key[16];
1879
1880 MD5(passphrase, strlen(passphrase), passphrase_key);
1881
1882 switch (cipher) {
1883 case SSH_CIPHER_3DES:{
1884 Cipher3DESState state;
1885
1886 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1887 &state.k1);
1888 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1889 &state.k2);
1890 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1891 &state.k3);
1892 memset(state.ivec1, 0, 8);
1893 memset(state.ivec2, 0, 8);
1894 memset(state.ivec3, 0, 8);
1895 DES_ncbc_encrypt(buf, buf, bytes,
1896 &state.k3, &state.ivec3, DES_DECRYPT);
1897 DES_ncbc_encrypt(buf, buf, bytes,
1898 &state.k2, &state.ivec2, DES_ENCRYPT);
1899 DES_ncbc_encrypt(buf, buf, bytes,
1900 &state.k1, &state.ivec1, DES_DECRYPT);
1901 break;
1902 }
1903
1904 case SSH_CIPHER_DES:{
1905 CipherDESState state;
1906
1907 cDES_init(passphrase_key, &state);
1908 DES_ncbc_encrypt(buf, buf, bytes,
1909 &state.k, &state.ivec, DES_DECRYPT);
1910 break;
1911 }
1912
1913 case SSH_CIPHER_BLOWFISH:{
1914 CipherBlowfishState state;
1915
1916 BF_set_key(&state.k, 16, passphrase_key);
1917 memset(state.ivec, 0, 8);
1918 flip_endianness(buf, bytes);
1919 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1920 BF_DECRYPT);
1921 flip_endianness(buf, bytes);
1922 break;
1923 }
1924
1925 case SSH_CIPHER_NONE:
1926 break;
1927
1928 default:
1929 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1930 return 0;
1931 }
1932
1933 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1934 return 1;
1935 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help