Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6801 - (show annotations) (download) (as text)
Tue Jun 13 10:30:12 2017 UTC (6 years, 9 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 37426 byte(s) 
eliminate FAR keyword.
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75 static char *get_cipher_name(int cipher);
76
77 static void crc_update(uint32 *a, uint32 b)
78 {
79 b ^= *a;
80 *a = do_crc((unsigned char *) &b, sizeof(b));
81 }
82
83 /* check_crc
84 detects if a block is used in a particular pattern
85 */
86
87 static int check_crc(unsigned char *S, unsigned char *buf,
88 uint32 len, unsigned char *IV)
89 {
90 uint32 crc;
91 unsigned char *c;
92
93 crc = 0;
94 if (IV && !CMP(S, IV)) {
95 crc_update(&crc, 1);
96 crc_update(&crc, 0);
97 }
98 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
99 if (!CMP(S, c)) {
100 crc_update(&crc, 1);
101 crc_update(&crc, 0);
102 } else {
103 crc_update(&crc, 0);
104 crc_update(&crc, 0);
105 }
106 }
107
108 return crc == 0;
109 }
110
111
112 /*
113 detect_attack
114 Detects a crc32 compensation attack on a packet
115 */
116 static int detect_attack(CRYPTDetectAttack *statics,
117 unsigned char *buf, uint32 len,
118 unsigned char *IV)
119 {
120 uint32 *h = statics->h;
121 uint32 n = statics->n;
122 uint32 i, j;
123 uint32 l;
124 unsigned char *c;
125 unsigned char *d;
126
127 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
128 }
129
130 if (h == NULL) {
131 n = l;
132 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
133 } else {
134 if (l > n) {
135 n = l;
136 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
137 }
138 }
139
140 statics->h = h;
141 statics->n = n;
142
143 if (len <= HASH_MINBLOCKS) {
144 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
145 if (IV && (!CMP(c, IV))) {
146 if ((check_crc(c, buf, len, IV)))
147 return DEATTACK_DETECTED;
148 else
149 break;
150 }
151 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
152 if (!CMP(c, d)) {
153 if ((check_crc(c, buf, len, IV)))
154 return DEATTACK_DETECTED;
155 else
156 break;
157 }
158 }
159 }
160 return (DEATTACK_OK);
161 }
162 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
163
164 if (IV) {
165 h[HASH(IV) & (n - 1)] = HASH_IV;
166 }
167
168 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
169 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
170 i = (i + 1) & (n - 1)) {
171 if (h[i] == HASH_IV) {
172 if (!CMP(c, IV)) {
173 if (check_crc(c, buf, len, IV))
174 return DEATTACK_DETECTED;
175 else
176 break;
177 }
178 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
179 if (check_crc(c, buf, len, IV))
180 return DEATTACK_DETECTED;
181 else
182 break;
183 }
184 }
185 h[i] = j;
186 }
187
188 return DEATTACK_OK;
189 }
190
191 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf,
192 int bytes)
193 {
194 if (SSHv1(pvar)) {
195 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE) {
196 return FALSE;
197 }
198 else {
199 return detect_attack(&pvar->crypt_state.detect_attack_statics,
200 buf, bytes, NULL) == DEATTACK_DETECTED;
201 }
202 } else {
203 return FALSE;
204 }
205 }
206
207 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
208 {
209 }
210
211 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
212 {
213 unsigned char *newbuf;
214 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
215 char tmp[80];
216
217 if (bytes == 0)
218 return;
219
220 if (bytes % block_size) {
221 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
222 "%s encrypt error(1): bytes %d (%d)");
223 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
224 get_cipher_name(pvar->crypt_state.sender_cipher),
225 bytes, block_size);
226 notify_fatal_error(pvar, tmp, TRUE);
227 return;
228 }
229
230 if ((newbuf = malloc(bytes)) == NULL)
231 return;
232
233 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
234 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
235 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
236 get_cipher_name(pvar->crypt_state.sender_cipher));
237 notify_fatal_error(pvar, tmp, TRUE);
238 } else {
239 memcpy(buf, newbuf, bytes);
240 }
241
242 free(newbuf);
243 }
244
245 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
246 {
247 unsigned char *newbuf;
248 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
249 char tmp[80];
250
251 if (bytes == 0)
252 return;
253
254 if (bytes % block_size) {
255 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
256 "%s decrypt error(1): bytes %d (%d)");
257 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
258 get_cipher_name(pvar->crypt_state.receiver_cipher),
259 bytes, block_size);
260 notify_fatal_error(pvar, tmp, TRUE);
261 return;
262 }
263
264 if ((newbuf = malloc(bytes)) == NULL)
265 return;
266
267 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
268 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
269 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
270 get_cipher_name(pvar->crypt_state.receiver_cipher));
271 notify_fatal_error(pvar, tmp, TRUE);
272 } else {
273 memcpy(buf, newbuf, bytes);
274 }
275
276 free(newbuf);
277 }
278
279 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
280 {
281 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
282
283 DES_ncbc_encrypt(buf, buf, bytes,
284 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
285 DES_ncbc_encrypt(buf, buf, bytes,
286 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
287 DES_ncbc_encrypt(buf, buf, bytes,
288 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
289 }
290
291 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
292 {
293 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
294
295 DES_ncbc_encrypt(buf, buf, bytes,
296 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
297 DES_ncbc_encrypt(buf, buf, bytes,
298 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
299 DES_ncbc_encrypt(buf, buf, bytes,
300 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
301 }
302
303 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
304 {
305 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
306
307 DES_ncbc_encrypt(buf, buf, bytes,
308 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
309 }
310
311 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
312 {
313 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
314
315 DES_ncbc_encrypt(buf, buf, bytes,
316 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
317 }
318
319 static void flip_endianness(unsigned char *cbuf, int bytes)
320 {
321 uint32 *buf = (uint32 *) cbuf;
322 int count = bytes / 4;
323
324 while (count > 0) {
325 uint32 w = *buf;
326
327 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
328 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
329 count--;
330 buf++;
331 }
332 }
333
334 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
335 {
336 CipherBlowfishState *encryptstate =
337 &pvar->crypt_state.enc.cBlowfish;
338
339 flip_endianness(buf, bytes);
340 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
341 BF_ENCRYPT);
342 flip_endianness(buf, bytes);
343 }
344
345 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
346 {
347 CipherBlowfishState *decryptstate =
348 &pvar->crypt_state.dec.cBlowfish;
349
350 flip_endianness(buf, bytes);
351 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
352 BF_DECRYPT);
353 flip_endianness(buf, bytes);
354 }
355
356 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
357 {
358 RAND_bytes(buf, bytes);
359 }
360
361 void CRYPT_initialize_random_numbers(PTInstVar pvar)
362 {
363 // ����������������������
364 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
365 //RAND_screen();
366 }
367
368 static BIGNUM *get_bignum(unsigned char *bytes)
369 {
370 int bits = get_ushort16_MSBfirst(bytes);
371
372 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
373 }
374
375 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
376 RSA *make_key(PTInstVar pvar,
377 int bits, unsigned char *exp,
378 unsigned char *mod)
379 {
380 RSA *key = RSA_new();
381
382 if (key != NULL) {
383 key->e = get_bignum(exp);
384 key->n = get_bignum(mod);
385 }
386
387 if (key == NULL || key->e == NULL || key->n == NULL) {
388 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
389 "Error setting up RSA keys");
390 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
391
392 if (key != NULL) {
393 if (key->e != NULL) {
394 BN_free(key->e);
395 }
396 if (key->n != NULL) {
397 BN_free(key->n);
398 }
399 RSA_free(key);
400 }
401
402 return NULL;
403 } else {
404 return key;
405 }
406 }
407
408 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
409 {
410 if (SSHv1(pvar)) {
411 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
412 } else {
413 memcpy(pvar->crypt_state.server_cookie, cookie,
414 SSH2_COOKIE_LENGTH);
415 }
416 }
417
418 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
419 {
420 if (SSHv2(pvar)) {
421 memcpy(pvar->crypt_state.client_cookie, cookie,
422 SSH2_COOKIE_LENGTH);
423 }
424 }
425
426 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
427 int bits, unsigned char *exp,
428 unsigned char *mod)
429 {
430 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
431
432 return pvar->crypt_state.server_key.RSA_key != NULL;
433 }
434
435 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
436 int bits, unsigned char *exp,
437 unsigned char *mod)
438 {
439 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
440
441 return pvar->crypt_state.host_key.RSA_key != NULL;
442 }
443
444 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
445 int receiver_ciphers)
446 {
447 int cipher_mask;
448
449 if (SSHv1(pvar)) {
450 cipher_mask = (1 << SSH_CIPHER_DES)
451 | (1 << SSH_CIPHER_3DES)
452 | (1 << SSH_CIPHER_BLOWFISH);
453
454 } else { // for SSH2(yutaka)
455 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
456 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
457 | (1 << SSH2_CIPHER_AES128_CBC)
458 | (1 << SSH2_CIPHER_AES192_CBC)
459 | (1 << SSH2_CIPHER_AES256_CBC)
460 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
461 | (1 << SSH2_CIPHER_AES128_CTR)
462 | (1 << SSH2_CIPHER_AES192_CTR)
463 | (1 << SSH2_CIPHER_AES256_CTR)
464 | (1 << SSH2_CIPHER_ARCFOUR)
465 | (1 << SSH2_CIPHER_ARCFOUR128)
466 | (1 << SSH2_CIPHER_ARCFOUR256)
467 | (1 << SSH2_CIPHER_CAST128_CBC)
468 | (1 << SSH2_CIPHER_3DES_CTR)
469 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
470 | (1 << SSH2_CIPHER_CAST128_CTR)
471 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
472 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
473 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
474 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
475 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
476 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
477 );
478 }
479
480 sender_ciphers &= cipher_mask;
481 receiver_ciphers &= cipher_mask;
482 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
483 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
484
485 if (sender_ciphers == 0) {
486 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
487 "The server does not support any of the TTSSH encryption algorithms.\n"
488 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
489 "The connection will be closed.");
490 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
491 return FALSE;
492 } else if (receiver_ciphers == 0) {
493 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
494 "The server does not support any of the TTSSH encryption algorithms.\n"
495 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
496 "The connection will be closed.");
497 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
498 return FALSE;
499 } else {
500 return TRUE;
501 }
502 }
503
504 int CRYPT_get_decryption_block_size(PTInstVar pvar)
505 {
506 if (SSHv1(pvar)) {
507 return 8;
508 } else {
509 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
510 // cf. 3DES=8, AES128=16
511 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
512 }
513 }
514
515 int CRYPT_get_encryption_block_size(PTInstVar pvar)
516 {
517 if (SSHv1(pvar)) {
518 return 8;
519 } else {
520 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
521 // cf. 3DES=8, AES128=16
522 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
523 }
524 }
525
526 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
527 {
528 struct Mac *mac;
529
530 if (SSHv1(pvar)) {
531 return 0;
532
533 } else { // for SSH2(yutaka)
534 mac = &pvar->ssh2_keys[MODE_IN].mac;
535 if (mac == NULL || mac->enabled == 0)
536 return 0;
537
538 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
539 }
540
541 }
542
543 // HMAC������
544 // ���{������ SSH2 �������g�p�������B
545 // (2004.12.17 yutaka)
546 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
547 char *data, int len, char *MAC)
548 {
549 HMAC_CTX c;
550 unsigned char m[EVP_MAX_MD_SIZE];
551 unsigned char b[4];
552 struct Mac *mac;
553
554 mac = &pvar->ssh2_keys[MODE_IN].mac;
555
556 // HMAC�������L���������������A����OK�����������B
557 if (mac == NULL || mac->enabled == 0)
558 return TRUE;
559
560 if (mac->key == NULL) {
561 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
562 goto error;
563 }
564
565 if ((u_int)mac->mac_len > sizeof(m)) {
566 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
567 mac->mac_len, sizeof(m), sequence_number, len);
568 goto error;
569 }
570
571 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
572 set_uint32_MSBfirst(b, sequence_number);
573 HMAC_Update(&c, b, sizeof(b));
574 HMAC_Update(&c, data, len);
575 HMAC_Final(&c, m, NULL);
576 HMAC_cleanup(&c);
577
578 if (memcmp(m, MAC, mac->mac_len)) {
579 logprintf(pvar, LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
580 logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
581 logprintf_hexdump(pvar, LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
582 goto error;
583 }
584
585 return TRUE;
586
587 error:
588 return FALSE;
589 }
590
591 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
592 {
593 struct Mac *mac;
594
595 if (SSHv2(pvar)) { // for SSH2(yutaka)
596 mac = &pvar->ssh2_keys[MODE_OUT].mac;
597 if (mac == NULL || mac->enabled == 0)
598 return 0;
599
600 return (mac->mac_len);
601 }
602
603 return 0;
604 }
605
606 // for SSH2
607 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
608 char *data, int len, char *MAC)
609 {
610 HMAC_CTX c;
611 static u_char m[EVP_MAX_MD_SIZE];
612 u_char b[4];
613 struct Mac *mac;
614
615 if (SSHv2(pvar)) { // for SSH2(yutaka)
616 mac = &pvar->ssh2_keys[MODE_OUT].mac;
617 if (mac == NULL || mac->enabled == 0)
618 return FALSE;
619
620 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
621 set_uint32_MSBfirst(b, sequence_number);
622 HMAC_Update(&c, b, sizeof(b));
623 HMAC_Update(&c, data, len);
624 HMAC_Final(&c, m, NULL);
625 HMAC_cleanup(&c);
626
627 // 20�o�C�g�������R�s�[
628 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
629 // memcpy(MAC, m, sizeof(m));
630
631 return TRUE;
632 }
633
634 return TRUE;
635
636 }
637
638 static int choose_cipher(PTInstVar pvar, int supported)
639 {
640 int i;
641
642 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
643 int cipher = pvar->session_settings.CipherOrder[i] - '0';
644
645 if (cipher == SSH_CIPHER_NONE) {
646 break;
647 } else if ((supported & (1 << cipher)) != 0) {
648 return cipher;
649 }
650 }
651
652 return SSH_CIPHER_NONE;
653 }
654
655 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
656 {
657 if (SSHv1(pvar)) {
658 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
659 pvar->crypt_state.
660 supported_sender_ciphers);
661 pvar->crypt_state.receiver_cipher =
662 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
663
664 } else { // SSH2(yutaka)
665 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
666 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
667
668 }
669
670 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
671 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
672 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
673 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
674 "To communicate with this server, you will have to enable some more ciphers\n"
675 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
676 "This connection will now close.");
677 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
678 return FALSE;
679 } else {
680 return TRUE;
681 }
682 }
683
684 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
685 {
686 int server_key_bits =
687 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
688 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
689 int server_key_bytes = (server_key_bits + 7) / 8;
690 int host_key_bytes = (host_key_bits + 7) / 8;
691
692 if (server_key_bits < host_key_bits) {
693 return host_key_bytes;
694 } else {
695 return server_key_bytes;
696 }
697 }
698
699 int CRYPT_choose_session_key(PTInstVar pvar,
700 unsigned char *encrypted_key_buf)
701 {
702 int server_key_bits =
703 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
704 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
705 int server_key_bytes = (server_key_bits + 7) / 8;
706 int host_key_bytes = (host_key_bits + 7) / 8;
707 int encrypted_key_bytes;
708 int bit_delta;
709
710 if (server_key_bits < host_key_bits) {
711 encrypted_key_bytes = host_key_bytes;
712 bit_delta = host_key_bits - server_key_bits;
713 } else {
714 encrypted_key_bytes = server_key_bytes;
715 bit_delta = server_key_bits - host_key_bits;
716 }
717
718 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
719 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
720 "Server RSA keys are too weak. A secure connection cannot be established.");
721 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
722 return 0;
723 } else {
724 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
725 for the session ID, rather than the one specified in the RFC */
726 int session_buf_len = server_key_bytes + host_key_bytes + 8;
727 char *session_buf = (char *) malloc(session_buf_len);
728 char session_id[16];
729 int i;
730
731 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
732 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
733 session_buf + host_key_bytes);
734 memcpy(session_buf + server_key_bytes + host_key_bytes,
735 pvar->crypt_state.server_cookie, 8);
736 MD5(session_buf, session_buf_len, session_id);
737
738 free(session_buf);
739
740 RAND_bytes(pvar->crypt_state.sender_cipher_key,
741 SSH_SESSION_KEY_LENGTH);
742 memcpy(pvar->crypt_state.receiver_cipher_key,
743 pvar->crypt_state.sender_cipher_key,
744 SSH_SESSION_KEY_LENGTH);
745
746 memcpy(encrypted_key_buf + encrypted_key_bytes -
747 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
748 SSH_SESSION_KEY_LENGTH);
749 for (i = 0; i < sizeof(session_id); i++) {
750 encrypted_key_buf[encrypted_key_bytes -
751 SSH_SESSION_KEY_LENGTH + i]
752 ^= session_id[i];
753 }
754
755 if (host_key_bits > server_key_bits) {
756 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
757 encrypted_key_buf +
758 encrypted_key_bytes -
759 SSH_SESSION_KEY_LENGTH,
760 encrypted_key_buf +
761 encrypted_key_bytes - server_key_bytes,
762 pvar->crypt_state.server_key.RSA_key,
763 RSA_PKCS1_PADDING) < 0)
764 return 0;
765
766 if (RSA_public_encrypt(server_key_bytes,
767 encrypted_key_buf +
768 encrypted_key_bytes - server_key_bytes,
769 encrypted_key_buf,
770 pvar->crypt_state.host_key.RSA_key,
771 RSA_PKCS1_PADDING) < 0)
772 return 0;
773 } else {
774 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
775 encrypted_key_buf +
776 encrypted_key_bytes -
777 SSH_SESSION_KEY_LENGTH,
778 encrypted_key_buf +
779 encrypted_key_bytes - host_key_bytes,
780 pvar->crypt_state.host_key.RSA_key,
781 RSA_PKCS1_PADDING) < 0)
782 return 0;
783
784 if (RSA_public_encrypt(host_key_bytes,
785 encrypted_key_buf +
786 encrypted_key_bytes - host_key_bytes,
787 encrypted_key_buf,
788 pvar->crypt_state.server_key.RSA_key,
789 RSA_PKCS1_PADDING) < 0)
790 return 0;
791 }
792 }
793
794 return 1;
795 }
796
797 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
798 unsigned char *challenge,
799 int challenge_len,
800 unsigned char *response)
801 {
802 int server_key_bits =
803 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
804 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
805 int server_key_bytes = (server_key_bits + 7) / 8;
806 int host_key_bytes = (host_key_bits + 7) / 8;
807 int session_buf_len = server_key_bytes + host_key_bytes + 8;
808 char *session_buf = (char *) malloc(session_buf_len);
809 char decrypted_challenge[48];
810 int decrypted_challenge_len;
811
812 decrypted_challenge_len =
813 RSA_private_decrypt(challenge_len, challenge, challenge,
814 AUTH_get_cur_cred(pvar)->key_pair->rsa,
815 RSA_PKCS1_PADDING);
816 if (decrypted_challenge_len < 0) {
817 free(session_buf);
818 return 0;
819 }
820 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
821 memcpy(decrypted_challenge,
822 challenge + decrypted_challenge_len -
823 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
824 } else {
825 memset(decrypted_challenge, 0,
826 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
827 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
828 decrypted_challenge_len, challenge,
829 decrypted_challenge_len);
830 }
831
832 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
833 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
834 session_buf + host_key_bytes);
835 memcpy(session_buf + server_key_bytes + host_key_bytes,
836 pvar->crypt_state.server_cookie, 8);
837 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
838
839 free(session_buf);
840
841 MD5(decrypted_challenge, 48, response);
842
843 return 1;
844 }
845
846 static void c3DES_init(char *session_key, Cipher3DESState *state)
847 {
848 DES_set_key((const_DES_cblock *) session_key, &state->k1);
849 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
850 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
851 memset(state->ivec1, 0, 8);
852 memset(state->ivec2, 0, 8);
853 memset(state->ivec3, 0, 8);
854 }
855
856 static void cDES_init(char *session_key, CipherDESState *state)
857 {
858 DES_set_key((const_DES_cblock *) session_key, &state->k);
859 memset(state->ivec, 0, 8);
860 }
861
862 static void cBlowfish_init(char *session_key,
863 CipherBlowfishState *state)
864 {
865 BF_set_key(&state->k, 32, session_key);
866 memset(state->ivec, 0, 8);
867 }
868
869
870 //
871 // SSH2�p�A���S���Y����������
872 //
873 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
874 const u_char *key, u_int keylen,
875 const u_char *iv, u_int ivlen,
876 int encrypt,
877 const EVP_CIPHER *type,
878 int discard_len,
879 PTInstVar pvar)
880 {
881 int klen;
882 char tmp[80];
883 unsigned char *junk = NULL, *discard = NULL;
884
885 EVP_CIPHER_CTX_init(evp);
886 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
887 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
888 "Cipher initialize error(%d)");
889 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
890 notify_fatal_error(pvar, tmp, TRUE);
891 return;
892 }
893
894 klen = EVP_CIPHER_CTX_key_length(evp);
895 if (klen > 0 && keylen != klen) {
896 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
897 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
898 "Cipher initialize error(%d)");
899 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
900 notify_fatal_error(pvar, tmp, TRUE);
901 return;
902 }
903 }
904 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
905 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
906 "Cipher initialize error(%d)");
907 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
908 notify_fatal_error(pvar, tmp, TRUE);
909 return;
910 }
911
912 if (discard_len > 0) {
913 junk = malloc(discard_len);
914 discard = malloc(discard_len);
915 if (junk == NULL || discard == NULL ||
916 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
917 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
918 "Cipher initialize error(%d)");
919 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
920 pvar->ts->UIMsg, 3);
921 notify_fatal_error(pvar, tmp, TRUE);
922 }
923 else {
924 SecureZeroMemory(discard, discard_len);
925 }
926 free(junk);
927 free(discard);
928 }
929 }
930
931 //
932 // SSH2�p�A���S���Y�����j��
933 //
934 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
935 {
936 EVP_CIPHER_CTX_cleanup(evp);
937 }
938
939
940 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
941 {
942 struct Enc *enc;
943 char *encryption_key = pvar->crypt_state.sender_cipher_key;
944 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
945 int cipher;
946 BOOL isOK = TRUE;
947
948 if (sender_flag) {
949 cipher = pvar->crypt_state.sender_cipher;
950 switch (cipher) {
951 case SSH_CIPHER_3DES:
952 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
953 pvar->crypt_state.encrypt = c3DES_encrypt;
954 break;
955
956 case SSH_CIPHER_DES:
957 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
958 pvar->crypt_state.encrypt = cDES_encrypt;
959 break;
960
961 case SSH_CIPHER_BLOWFISH:
962 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
963 pvar->crypt_state.encrypt = cBlowfish_encrypt;
964 break;
965
966 case SSH_CIPHER_NONE:
967 case SSH_CIPHER_IDEA:
968 case SSH_CIPHER_TSS:
969 case SSH_CIPHER_RC4:
970 isOK = FALSE;
971 break;
972
973 default: // SSH2
974 if (cipher <= SSH_CIPHER_MAX) {
975 enc = &pvar->ssh2_keys[MODE_OUT].enc;
976 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
977 enc->key, get_cipher_key_len(cipher),
978 enc->iv, get_cipher_block_size(cipher),
979 CIPHER_ENCRYPT,
980 get_cipher_EVP_CIPHER(cipher),
981 get_cipher_discard_len(cipher),
982 pvar);
983
984 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
985 }
986 else {
987 isOK = FALSE;
988 }
989 break;
990 }
991 }
992
993 if (receiver_flag) {
994 cipher = pvar->crypt_state.receiver_cipher;
995 switch (cipher) {
996 case SSH_CIPHER_3DES:
997 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
998 pvar->crypt_state.decrypt = c3DES_decrypt;
999 break;
1000
1001 case SSH_CIPHER_DES:
1002 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1003 pvar->crypt_state.decrypt = cDES_decrypt;
1004 break;
1005
1006 case SSH_CIPHER_BLOWFISH:
1007 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1008 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1009 break;
1010
1011 case SSH_CIPHER_NONE:
1012 case SSH_CIPHER_IDEA:
1013 case SSH_CIPHER_TSS:
1014 case SSH_CIPHER_RC4:
1015 isOK = FALSE;
1016 break;
1017
1018 default: // SSH2
1019 if (cipher <= SSH_CIPHER_MAX) {
1020 enc = &pvar->ssh2_keys[MODE_IN].enc;
1021 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1022 enc->key, get_cipher_key_len(cipher),
1023 enc->iv, get_cipher_block_size(cipher),
1024 CIPHER_DECRYPT,
1025 get_cipher_EVP_CIPHER(cipher),
1026 get_cipher_discard_len(cipher),
1027 pvar);
1028
1029 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1030 }
1031 else {
1032 isOK = FALSE;
1033 }
1034 break;
1035 }
1036 }
1037
1038 if (!isOK) {
1039 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1040 "No cipher selected!");
1041 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1042 return FALSE;
1043 } else {
1044 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1045 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1046 return TRUE;
1047 }
1048 }
1049
1050 void CRYPT_init(PTInstVar pvar)
1051 {
1052 pvar->crypt_state.encrypt = no_encrypt;
1053 pvar->crypt_state.decrypt = no_encrypt;
1054 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1055 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1056 pvar->crypt_state.server_key.RSA_key = NULL;
1057 pvar->crypt_state.host_key.RSA_key = NULL;
1058
1059 pvar->crypt_state.detect_attack_statics.h = NULL;
1060 pvar->crypt_state.detect_attack_statics.n =
1061 HASH_MINSIZE / HASH_ENTRYSIZE;
1062 }
1063
1064 static char *get_cipher_name(int cipher)
1065 {
1066 switch (cipher) {
1067 case SSH_CIPHER_NONE:
1068 return "None";
1069 case SSH_CIPHER_3DES:
1070 return "3DES (168 key bits)";
1071 case SSH_CIPHER_DES:
1072 return "DES (56 key bits)";
1073 case SSH_CIPHER_BLOWFISH:
1074 return "Blowfish (256 key bits)";
1075
1076 // SSH2
1077 case SSH2_CIPHER_3DES_CBC:
1078 return "3DES-CBC";
1079 case SSH2_CIPHER_AES128_CBC:
1080 return "AES128-CBC";
1081 case SSH2_CIPHER_AES192_CBC:
1082 return "AES192-CBC";
1083 case SSH2_CIPHER_AES256_CBC:
1084 return "AES256-CBC";
1085 case SSH2_CIPHER_BLOWFISH_CBC:
1086 return "Blowfish-CBC";
1087 case SSH2_CIPHER_AES128_CTR:
1088 return "AES128-CTR";
1089 case SSH2_CIPHER_AES192_CTR:
1090 return "AES192-CTR";
1091 case SSH2_CIPHER_AES256_CTR:
1092 return "AES256-CTR";
1093 case SSH2_CIPHER_ARCFOUR:
1094 return "Arcfour";
1095 case SSH2_CIPHER_ARCFOUR128:
1096 return "Arcfour128";
1097 case SSH2_CIPHER_ARCFOUR256:
1098 return "Arcfour256";
1099 case SSH2_CIPHER_CAST128_CBC:
1100 return "CAST-128-CBC";
1101 case SSH2_CIPHER_3DES_CTR:
1102 return "3DES-CTR";
1103 case SSH2_CIPHER_BLOWFISH_CTR:
1104 return "Blowfish-CTR";
1105 case SSH2_CIPHER_CAST128_CTR:
1106 return "CAST-128-CTR";
1107 case SSH2_CIPHER_CAMELLIA128_CBC:
1108 return "Camellia128-CBC";
1109 case SSH2_CIPHER_CAMELLIA192_CBC:
1110 return "Camellia192-CBC";
1111 case SSH2_CIPHER_CAMELLIA256_CBC:
1112 return "Camellia256-CBC";
1113 case SSH2_CIPHER_CAMELLIA128_CTR:
1114 return "Camellia128-CTR";
1115 case SSH2_CIPHER_CAMELLIA192_CTR:
1116 return "Camellia192-CTR";
1117 case SSH2_CIPHER_CAMELLIA256_CTR:
1118 return "Camellia256-CTR";
1119
1120 default:
1121 return "Unknown";
1122 }
1123 }
1124
1125 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1126 {
1127 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1128 "%s to server, %s from server");
1129 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1130 get_cipher_name(pvar->crypt_state.sender_cipher),
1131 get_cipher_name(pvar->crypt_state.receiver_cipher));
1132 }
1133
1134 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1135 {
1136 if (SSHv1(pvar)) {
1137 if (pvar->crypt_state.server_key.RSA_key == NULL
1138 || pvar->crypt_state.host_key.RSA_key == NULL) {
1139 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1140 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1141 } else {
1142 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1143 "%d-bit server key, %d-bit host key");
1144 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1145 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1146 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1147 }
1148 } else { // SSH2
1149 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1150 "%d-bit client key, %d-bit server key");
1151 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1152 pvar->client_key_bits,
1153 pvar->server_key_bits);
1154 }
1155 }
1156
1157 static void destroy_public_key(CRYPTPublicKey * key)
1158 {
1159 if (key->RSA_key != NULL) {
1160 RSA_free(key->RSA_key);
1161 key->RSA_key = NULL;
1162 }
1163 }
1164
1165 void CRYPT_free_public_key(CRYPTPublicKey * key)
1166 {
1167 destroy_public_key(key);
1168 free(key);
1169 }
1170
1171 void CRYPT_end(PTInstVar pvar)
1172 {
1173 destroy_public_key(&pvar->crypt_state.host_key);
1174 destroy_public_key(&pvar->crypt_state.server_key);
1175
1176 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1177 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1178 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1179 free(pvar->crypt_state.detect_attack_statics.h);
1180 }
1181
1182 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1183 sizeof(pvar->crypt_state.sender_cipher_key));
1184 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1185 sizeof(pvar->crypt_state.receiver_cipher_key));
1186 SecureZeroMemory(pvar->crypt_state.server_cookie,
1187 sizeof(pvar->crypt_state.server_cookie));
1188 SecureZeroMemory(pvar->crypt_state.client_cookie,
1189 sizeof(pvar->crypt_state.client_cookie));
1190 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1191 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1192 }
1193
1194 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1195 char *buf, int bytes)
1196 {
1197 unsigned char passphrase_key[16];
1198
1199 MD5(passphrase, strlen(passphrase), passphrase_key);
1200
1201 switch (cipher) {
1202 case SSH_CIPHER_3DES:{
1203 Cipher3DESState state;
1204
1205 DES_set_key((const_DES_cblock *) passphrase_key,
1206 &state.k1);
1207 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1208 &state.k2);
1209 DES_set_key((const_DES_cblock *) passphrase_key,
1210 &state.k3);
1211 memset(state.ivec1, 0, 8);
1212 memset(state.ivec2, 0, 8);
1213 memset(state.ivec3, 0, 8);
1214 DES_ncbc_encrypt(buf, buf, bytes,
1215 &state.k3, &state.ivec3, DES_DECRYPT);
1216 DES_ncbc_encrypt(buf, buf, bytes,
1217 &state.k2, &state.ivec2, DES_ENCRYPT);
1218 DES_ncbc_encrypt(buf, buf, bytes,
1219 &state.k1, &state.ivec1, DES_DECRYPT);
1220 break;
1221 }
1222
1223 case SSH_CIPHER_DES:{
1224 CipherDESState state;
1225
1226 cDES_init(passphrase_key, &state);
1227 DES_ncbc_encrypt(buf, buf, bytes,
1228 &state.k, &state.ivec, DES_DECRYPT);
1229 break;
1230 }
1231
1232 case SSH_CIPHER_BLOWFISH:{
1233 CipherBlowfishState state;
1234
1235 BF_set_key(&state.k, 16, passphrase_key);
1236 memset(state.ivec, 0, 8);
1237 flip_endianness(buf, bytes);
1238 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1239 BF_DECRYPT);
1240 flip_endianness(buf, bytes);
1241 break;
1242 }
1243
1244 case SSH_CIPHER_NONE:
1245 break;
1246
1247 default:
1248 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1249 return 0;
1250 }
1251
1252 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1253 return 1;
1254 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help