Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6841 - (show annotations) (download) (as text)
Tue Jul 4 15:02:28 2017 UTC (6 years, 9 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 37473 byte(s) 
TeraTerm Project としてのライセンス表記を追加

・Tera Term 本体分を横 80 桁に収まるように改行位置を調整
・ttssh 関連の分を追加
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004-2017 TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75
76 static char *get_cipher_name(int cipher);
77
78 static void crc_update(uint32 *a, uint32 b)
79 {
80 b ^= *a;
81 *a = do_crc((unsigned char *) &b, sizeof(b));
82 }
83
84 /* check_crc
85 detects if a block is used in a particular pattern
86 */
87
88 static int check_crc(unsigned char *S, unsigned char *buf,
89 uint32 len, unsigned char *IV)
90 {
91 uint32 crc;
92 unsigned char *c;
93
94 crc = 0;
95 if (IV && !CMP(S, IV)) {
96 crc_update(&crc, 1);
97 crc_update(&crc, 0);
98 }
99 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100 if (!CMP(S, c)) {
101 crc_update(&crc, 1);
102 crc_update(&crc, 0);
103 } else {
104 crc_update(&crc, 0);
105 crc_update(&crc, 0);
106 }
107 }
108
109 return crc == 0;
110 }
111
112
113 /*
114 detect_attack
115 Detects a crc32 compensation attack on a packet
116 */
117 static int detect_attack(CRYPTDetectAttack *statics,
118 unsigned char *buf, uint32 len,
119 unsigned char *IV)
120 {
121 uint32 *h = statics->h;
122 uint32 n = statics->n;
123 uint32 i, j;
124 uint32 l;
125 unsigned char *c;
126 unsigned char *d;
127
128 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129 }
130
131 if (h == NULL) {
132 n = l;
133 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 } else {
135 if (l > n) {
136 n = l;
137 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 }
139 }
140
141 statics->h = h;
142 statics->n = n;
143
144 if (len <= HASH_MINBLOCKS) {
145 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146 if (IV && (!CMP(c, IV))) {
147 if ((check_crc(c, buf, len, IV)))
148 return DEATTACK_DETECTED;
149 else
150 break;
151 }
152 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153 if (!CMP(c, d)) {
154 if ((check_crc(c, buf, len, IV)))
155 return DEATTACK_DETECTED;
156 else
157 break;
158 }
159 }
160 }
161 return (DEATTACK_OK);
162 }
163 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164
165 if (IV) {
166 h[HASH(IV) & (n - 1)] = HASH_IV;
167 }
168
169 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171 i = (i + 1) & (n - 1)) {
172 if (h[i] == HASH_IV) {
173 if (!CMP(c, IV)) {
174 if (check_crc(c, buf, len, IV))
175 return DEATTACK_DETECTED;
176 else
177 break;
178 }
179 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180 if (check_crc(c, buf, len, IV))
181 return DEATTACK_DETECTED;
182 else
183 break;
184 }
185 }
186 h[i] = j;
187 }
188
189 return DEATTACK_OK;
190 }
191
192 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf,
193 int bytes)
194 {
195 if (SSHv1(pvar)) {
196 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE) {
197 return FALSE;
198 }
199 else {
200 return detect_attack(&pvar->crypt_state.detect_attack_statics,
201 buf, bytes, NULL) == DEATTACK_DETECTED;
202 }
203 } else {
204 return FALSE;
205 }
206 }
207
208 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
209 {
210 }
211
212 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
213 {
214 unsigned char *newbuf;
215 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
216 char tmp[80];
217
218 if (bytes == 0)
219 return;
220
221 if (bytes % block_size) {
222 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
223 "%s encrypt error(1): bytes %d (%d)");
224 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
225 get_cipher_name(pvar->crypt_state.sender_cipher),
226 bytes, block_size);
227 notify_fatal_error(pvar, tmp, TRUE);
228 return;
229 }
230
231 if ((newbuf = malloc(bytes)) == NULL)
232 return;
233
234 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
235 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
237 get_cipher_name(pvar->crypt_state.sender_cipher));
238 notify_fatal_error(pvar, tmp, TRUE);
239 } else {
240 memcpy(buf, newbuf, bytes);
241 }
242
243 free(newbuf);
244 }
245
246 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
247 {
248 unsigned char *newbuf;
249 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
250 char tmp[80];
251
252 if (bytes == 0)
253 return;
254
255 if (bytes % block_size) {
256 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
257 "%s decrypt error(1): bytes %d (%d)");
258 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
259 get_cipher_name(pvar->crypt_state.receiver_cipher),
260 bytes, block_size);
261 notify_fatal_error(pvar, tmp, TRUE);
262 return;
263 }
264
265 if ((newbuf = malloc(bytes)) == NULL)
266 return;
267
268 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
269 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
270 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
271 get_cipher_name(pvar->crypt_state.receiver_cipher));
272 notify_fatal_error(pvar, tmp, TRUE);
273 } else {
274 memcpy(buf, newbuf, bytes);
275 }
276
277 free(newbuf);
278 }
279
280 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
281 {
282 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
283
284 DES_ncbc_encrypt(buf, buf, bytes,
285 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
286 DES_ncbc_encrypt(buf, buf, bytes,
287 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
288 DES_ncbc_encrypt(buf, buf, bytes,
289 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
290 }
291
292 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
293 {
294 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
295
296 DES_ncbc_encrypt(buf, buf, bytes,
297 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
298 DES_ncbc_encrypt(buf, buf, bytes,
299 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
300 DES_ncbc_encrypt(buf, buf, bytes,
301 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
302 }
303
304 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
305 {
306 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
307
308 DES_ncbc_encrypt(buf, buf, bytes,
309 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
310 }
311
312 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
313 {
314 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
315
316 DES_ncbc_encrypt(buf, buf, bytes,
317 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
318 }
319
320 static void flip_endianness(unsigned char *cbuf, int bytes)
321 {
322 uint32 *buf = (uint32 *) cbuf;
323 int count = bytes / 4;
324
325 while (count > 0) {
326 uint32 w = *buf;
327
328 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
329 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
330 count--;
331 buf++;
332 }
333 }
334
335 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
336 {
337 CipherBlowfishState *encryptstate =
338 &pvar->crypt_state.enc.cBlowfish;
339
340 flip_endianness(buf, bytes);
341 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
342 BF_ENCRYPT);
343 flip_endianness(buf, bytes);
344 }
345
346 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
347 {
348 CipherBlowfishState *decryptstate =
349 &pvar->crypt_state.dec.cBlowfish;
350
351 flip_endianness(buf, bytes);
352 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
353 BF_DECRYPT);
354 flip_endianness(buf, bytes);
355 }
356
357 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
358 {
359 RAND_bytes(buf, bytes);
360 }
361
362 void CRYPT_initialize_random_numbers(PTInstVar pvar)
363 {
364 // ����������������������
365 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
366 //RAND_screen();
367 }
368
369 static BIGNUM *get_bignum(unsigned char *bytes)
370 {
371 int bits = get_ushort16_MSBfirst(bytes);
372
373 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
374 }
375
376 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
377 RSA *make_key(PTInstVar pvar,
378 int bits, unsigned char *exp,
379 unsigned char *mod)
380 {
381 RSA *key = RSA_new();
382
383 if (key != NULL) {
384 key->e = get_bignum(exp);
385 key->n = get_bignum(mod);
386 }
387
388 if (key == NULL || key->e == NULL || key->n == NULL) {
389 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
390 "Error setting up RSA keys");
391 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
392
393 if (key != NULL) {
394 if (key->e != NULL) {
395 BN_free(key->e);
396 }
397 if (key->n != NULL) {
398 BN_free(key->n);
399 }
400 RSA_free(key);
401 }
402
403 return NULL;
404 } else {
405 return key;
406 }
407 }
408
409 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
410 {
411 if (SSHv1(pvar)) {
412 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
413 } else {
414 memcpy(pvar->crypt_state.server_cookie, cookie,
415 SSH2_COOKIE_LENGTH);
416 }
417 }
418
419 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
420 {
421 if (SSHv2(pvar)) {
422 memcpy(pvar->crypt_state.client_cookie, cookie,
423 SSH2_COOKIE_LENGTH);
424 }
425 }
426
427 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
428 int bits, unsigned char *exp,
429 unsigned char *mod)
430 {
431 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
432
433 return pvar->crypt_state.server_key.RSA_key != NULL;
434 }
435
436 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
437 int bits, unsigned char *exp,
438 unsigned char *mod)
439 {
440 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
441
442 return pvar->crypt_state.host_key.RSA_key != NULL;
443 }
444
445 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
446 int receiver_ciphers)
447 {
448 int cipher_mask;
449
450 if (SSHv1(pvar)) {
451 cipher_mask = (1 << SSH_CIPHER_DES)
452 | (1 << SSH_CIPHER_3DES)
453 | (1 << SSH_CIPHER_BLOWFISH);
454
455 } else { // for SSH2(yutaka)
456 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
457 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
458 | (1 << SSH2_CIPHER_AES128_CBC)
459 | (1 << SSH2_CIPHER_AES192_CBC)
460 | (1 << SSH2_CIPHER_AES256_CBC)
461 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
462 | (1 << SSH2_CIPHER_AES128_CTR)
463 | (1 << SSH2_CIPHER_AES192_CTR)
464 | (1 << SSH2_CIPHER_AES256_CTR)
465 | (1 << SSH2_CIPHER_ARCFOUR)
466 | (1 << SSH2_CIPHER_ARCFOUR128)
467 | (1 << SSH2_CIPHER_ARCFOUR256)
468 | (1 << SSH2_CIPHER_CAST128_CBC)
469 | (1 << SSH2_CIPHER_3DES_CTR)
470 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
471 | (1 << SSH2_CIPHER_CAST128_CTR)
472 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
473 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
474 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
475 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
476 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
477 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
478 );
479 }
480
481 sender_ciphers &= cipher_mask;
482 receiver_ciphers &= cipher_mask;
483 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
484 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
485
486 if (sender_ciphers == 0) {
487 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
488 "The server does not support any of the TTSSH encryption algorithms.\n"
489 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
490 "The connection will be closed.");
491 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492 return FALSE;
493 } else if (receiver_ciphers == 0) {
494 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
495 "The server does not support any of the TTSSH encryption algorithms.\n"
496 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
497 "The connection will be closed.");
498 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
499 return FALSE;
500 } else {
501 return TRUE;
502 }
503 }
504
505 int CRYPT_get_decryption_block_size(PTInstVar pvar)
506 {
507 if (SSHv1(pvar)) {
508 return 8;
509 } else {
510 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
511 // cf. 3DES=8, AES128=16
512 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
513 }
514 }
515
516 int CRYPT_get_encryption_block_size(PTInstVar pvar)
517 {
518 if (SSHv1(pvar)) {
519 return 8;
520 } else {
521 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
522 // cf. 3DES=8, AES128=16
523 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
524 }
525 }
526
527 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
528 {
529 struct Mac *mac;
530
531 if (SSHv1(pvar)) {
532 return 0;
533
534 } else { // for SSH2(yutaka)
535 mac = &pvar->ssh2_keys[MODE_IN].mac;
536 if (mac == NULL || mac->enabled == 0)
537 return 0;
538
539 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
540 }
541
542 }
543
544 // HMAC������
545 // ���{������ SSH2 �������g�p�������B
546 // (2004.12.17 yutaka)
547 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
548 char *data, int len, char *MAC)
549 {
550 HMAC_CTX c;
551 unsigned char m[EVP_MAX_MD_SIZE];
552 unsigned char b[4];
553 struct Mac *mac;
554
555 mac = &pvar->ssh2_keys[MODE_IN].mac;
556
557 // HMAC�������L���������������A����OK�����������B
558 if (mac == NULL || mac->enabled == 0)
559 return TRUE;
560
561 if (mac->key == NULL) {
562 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
563 goto error;
564 }
565
566 if ((u_int)mac->mac_len > sizeof(m)) {
567 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
568 mac->mac_len, sizeof(m), sequence_number, len);
569 goto error;
570 }
571
572 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
573 set_uint32_MSBfirst(b, sequence_number);
574 HMAC_Update(&c, b, sizeof(b));
575 HMAC_Update(&c, data, len);
576 HMAC_Final(&c, m, NULL);
577 HMAC_cleanup(&c);
578
579 if (memcmp(m, MAC, mac->mac_len)) {
580 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
581 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
582 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
583 goto error;
584 }
585
586 return TRUE;
587
588 error:
589 return FALSE;
590 }
591
592 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
593 {
594 struct Mac *mac;
595
596 if (SSHv2(pvar)) { // for SSH2(yutaka)
597 mac = &pvar->ssh2_keys[MODE_OUT].mac;
598 if (mac == NULL || mac->enabled == 0)
599 return 0;
600
601 return (mac->mac_len);
602 }
603
604 return 0;
605 }
606
607 // for SSH2
608 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
609 char *data, int len, char *MAC)
610 {
611 HMAC_CTX c;
612 static u_char m[EVP_MAX_MD_SIZE];
613 u_char b[4];
614 struct Mac *mac;
615
616 if (SSHv2(pvar)) { // for SSH2(yutaka)
617 mac = &pvar->ssh2_keys[MODE_OUT].mac;
618 if (mac == NULL || mac->enabled == 0)
619 return FALSE;
620
621 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
622 set_uint32_MSBfirst(b, sequence_number);
623 HMAC_Update(&c, b, sizeof(b));
624 HMAC_Update(&c, data, len);
625 HMAC_Final(&c, m, NULL);
626 HMAC_cleanup(&c);
627
628 // 20�o�C�g�������R�s�[
629 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
630 // memcpy(MAC, m, sizeof(m));
631
632 return TRUE;
633 }
634
635 return TRUE;
636
637 }
638
639 static int choose_cipher(PTInstVar pvar, int supported)
640 {
641 int i;
642
643 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
644 int cipher = pvar->session_settings.CipherOrder[i] - '0';
645
646 if (cipher == SSH_CIPHER_NONE) {
647 break;
648 } else if ((supported & (1 << cipher)) != 0) {
649 return cipher;
650 }
651 }
652
653 return SSH_CIPHER_NONE;
654 }
655
656 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
657 {
658 if (SSHv1(pvar)) {
659 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
660 pvar->crypt_state.
661 supported_sender_ciphers);
662 pvar->crypt_state.receiver_cipher =
663 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
664
665 } else { // SSH2(yutaka)
666 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
667 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
668
669 }
670
671 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
672 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
673 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
674 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
675 "To communicate with this server, you will have to enable some more ciphers\n"
676 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
677 "This connection will now close.");
678 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
679 return FALSE;
680 } else {
681 return TRUE;
682 }
683 }
684
685 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
686 {
687 int server_key_bits =
688 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
689 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
690 int server_key_bytes = (server_key_bits + 7) / 8;
691 int host_key_bytes = (host_key_bits + 7) / 8;
692
693 if (server_key_bits < host_key_bits) {
694 return host_key_bytes;
695 } else {
696 return server_key_bytes;
697 }
698 }
699
700 int CRYPT_choose_session_key(PTInstVar pvar,
701 unsigned char *encrypted_key_buf)
702 {
703 int server_key_bits =
704 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
705 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
706 int server_key_bytes = (server_key_bits + 7) / 8;
707 int host_key_bytes = (host_key_bits + 7) / 8;
708 int encrypted_key_bytes;
709 int bit_delta;
710
711 if (server_key_bits < host_key_bits) {
712 encrypted_key_bytes = host_key_bytes;
713 bit_delta = host_key_bits - server_key_bits;
714 } else {
715 encrypted_key_bytes = server_key_bytes;
716 bit_delta = server_key_bits - host_key_bits;
717 }
718
719 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
720 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
721 "Server RSA keys are too weak. A secure connection cannot be established.");
722 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
723 return 0;
724 } else {
725 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
726 for the session ID, rather than the one specified in the RFC */
727 int session_buf_len = server_key_bytes + host_key_bytes + 8;
728 char *session_buf = (char *) malloc(session_buf_len);
729 char session_id[16];
730 int i;
731
732 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
733 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
734 session_buf + host_key_bytes);
735 memcpy(session_buf + server_key_bytes + host_key_bytes,
736 pvar->crypt_state.server_cookie, 8);
737 MD5(session_buf, session_buf_len, session_id);
738
739 free(session_buf);
740
741 RAND_bytes(pvar->crypt_state.sender_cipher_key,
742 SSH_SESSION_KEY_LENGTH);
743 memcpy(pvar->crypt_state.receiver_cipher_key,
744 pvar->crypt_state.sender_cipher_key,
745 SSH_SESSION_KEY_LENGTH);
746
747 memcpy(encrypted_key_buf + encrypted_key_bytes -
748 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
749 SSH_SESSION_KEY_LENGTH);
750 for (i = 0; i < sizeof(session_id); i++) {
751 encrypted_key_buf[encrypted_key_bytes -
752 SSH_SESSION_KEY_LENGTH + i]
753 ^= session_id[i];
754 }
755
756 if (host_key_bits > server_key_bits) {
757 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
758 encrypted_key_buf +
759 encrypted_key_bytes -
760 SSH_SESSION_KEY_LENGTH,
761 encrypted_key_buf +
762 encrypted_key_bytes - server_key_bytes,
763 pvar->crypt_state.server_key.RSA_key,
764 RSA_PKCS1_PADDING) < 0)
765 return 0;
766
767 if (RSA_public_encrypt(server_key_bytes,
768 encrypted_key_buf +
769 encrypted_key_bytes - server_key_bytes,
770 encrypted_key_buf,
771 pvar->crypt_state.host_key.RSA_key,
772 RSA_PKCS1_PADDING) < 0)
773 return 0;
774 } else {
775 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
776 encrypted_key_buf +
777 encrypted_key_bytes -
778 SSH_SESSION_KEY_LENGTH,
779 encrypted_key_buf +
780 encrypted_key_bytes - host_key_bytes,
781 pvar->crypt_state.host_key.RSA_key,
782 RSA_PKCS1_PADDING) < 0)
783 return 0;
784
785 if (RSA_public_encrypt(host_key_bytes,
786 encrypted_key_buf +
787 encrypted_key_bytes - host_key_bytes,
788 encrypted_key_buf,
789 pvar->crypt_state.server_key.RSA_key,
790 RSA_PKCS1_PADDING) < 0)
791 return 0;
792 }
793 }
794
795 return 1;
796 }
797
798 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
799 unsigned char *challenge,
800 int challenge_len,
801 unsigned char *response)
802 {
803 int server_key_bits =
804 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
805 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
806 int server_key_bytes = (server_key_bits + 7) / 8;
807 int host_key_bytes = (host_key_bits + 7) / 8;
808 int session_buf_len = server_key_bytes + host_key_bytes + 8;
809 char *session_buf = (char *) malloc(session_buf_len);
810 char decrypted_challenge[48];
811 int decrypted_challenge_len;
812
813 decrypted_challenge_len =
814 RSA_private_decrypt(challenge_len, challenge, challenge,
815 AUTH_get_cur_cred(pvar)->key_pair->rsa,
816 RSA_PKCS1_PADDING);
817 if (decrypted_challenge_len < 0) {
818 free(session_buf);
819 return 0;
820 }
821 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
822 memcpy(decrypted_challenge,
823 challenge + decrypted_challenge_len -
824 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
825 } else {
826 memset(decrypted_challenge, 0,
827 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
828 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
829 decrypted_challenge_len, challenge,
830 decrypted_challenge_len);
831 }
832
833 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
834 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
835 session_buf + host_key_bytes);
836 memcpy(session_buf + server_key_bytes + host_key_bytes,
837 pvar->crypt_state.server_cookie, 8);
838 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
839
840 free(session_buf);
841
842 MD5(decrypted_challenge, 48, response);
843
844 return 1;
845 }
846
847 static void c3DES_init(char *session_key, Cipher3DESState *state)
848 {
849 DES_set_key((const_DES_cblock *) session_key, &state->k1);
850 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
851 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
852 memset(state->ivec1, 0, 8);
853 memset(state->ivec2, 0, 8);
854 memset(state->ivec3, 0, 8);
855 }
856
857 static void cDES_init(char *session_key, CipherDESState *state)
858 {
859 DES_set_key((const_DES_cblock *) session_key, &state->k);
860 memset(state->ivec, 0, 8);
861 }
862
863 static void cBlowfish_init(char *session_key,
864 CipherBlowfishState *state)
865 {
866 BF_set_key(&state->k, 32, session_key);
867 memset(state->ivec, 0, 8);
868 }
869
870
871 //
872 // SSH2�p�A���S���Y����������
873 //
874 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
875 const u_char *key, u_int keylen,
876 const u_char *iv, u_int ivlen,
877 int encrypt,
878 const EVP_CIPHER *type,
879 int discard_len,
880 PTInstVar pvar)
881 {
882 int klen;
883 char tmp[80];
884 unsigned char *junk = NULL, *discard = NULL;
885
886 EVP_CIPHER_CTX_init(evp);
887 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
888 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
889 "Cipher initialize error(%d)");
890 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
891 notify_fatal_error(pvar, tmp, TRUE);
892 return;
893 }
894
895 klen = EVP_CIPHER_CTX_key_length(evp);
896 if (klen > 0 && keylen != klen) {
897 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
898 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
899 "Cipher initialize error(%d)");
900 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
901 notify_fatal_error(pvar, tmp, TRUE);
902 return;
903 }
904 }
905 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
906 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
907 "Cipher initialize error(%d)");
908 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
909 notify_fatal_error(pvar, tmp, TRUE);
910 return;
911 }
912
913 if (discard_len > 0) {
914 junk = malloc(discard_len);
915 discard = malloc(discard_len);
916 if (junk == NULL || discard == NULL ||
917 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
918 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
919 "Cipher initialize error(%d)");
920 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
921 pvar->ts->UIMsg, 3);
922 notify_fatal_error(pvar, tmp, TRUE);
923 }
924 else {
925 SecureZeroMemory(discard, discard_len);
926 }
927 free(junk);
928 free(discard);
929 }
930 }
931
932 //
933 // SSH2�p�A���S���Y�����j��
934 //
935 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
936 {
937 EVP_CIPHER_CTX_cleanup(evp);
938 }
939
940
941 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
942 {
943 struct Enc *enc;
944 char *encryption_key = pvar->crypt_state.sender_cipher_key;
945 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
946 int cipher;
947 BOOL isOK = TRUE;
948
949 if (sender_flag) {
950 cipher = pvar->crypt_state.sender_cipher;
951 switch (cipher) {
952 case SSH_CIPHER_3DES:
953 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
954 pvar->crypt_state.encrypt = c3DES_encrypt;
955 break;
956
957 case SSH_CIPHER_DES:
958 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
959 pvar->crypt_state.encrypt = cDES_encrypt;
960 break;
961
962 case SSH_CIPHER_BLOWFISH:
963 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
964 pvar->crypt_state.encrypt = cBlowfish_encrypt;
965 break;
966
967 case SSH_CIPHER_NONE:
968 case SSH_CIPHER_IDEA:
969 case SSH_CIPHER_TSS:
970 case SSH_CIPHER_RC4:
971 isOK = FALSE;
972 break;
973
974 default: // SSH2
975 if (cipher <= SSH_CIPHER_MAX) {
976 enc = &pvar->ssh2_keys[MODE_OUT].enc;
977 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
978 enc->key, get_cipher_key_len(cipher),
979 enc->iv, get_cipher_block_size(cipher),
980 CIPHER_ENCRYPT,
981 get_cipher_EVP_CIPHER(cipher),
982 get_cipher_discard_len(cipher),
983 pvar);
984
985 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
986 }
987 else {
988 isOK = FALSE;
989 }
990 break;
991 }
992 }
993
994 if (receiver_flag) {
995 cipher = pvar->crypt_state.receiver_cipher;
996 switch (cipher) {
997 case SSH_CIPHER_3DES:
998 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
999 pvar->crypt_state.decrypt = c3DES_decrypt;
1000 break;
1001
1002 case SSH_CIPHER_DES:
1003 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1004 pvar->crypt_state.decrypt = cDES_decrypt;
1005 break;
1006
1007 case SSH_CIPHER_BLOWFISH:
1008 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1009 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1010 break;
1011
1012 case SSH_CIPHER_NONE:
1013 case SSH_CIPHER_IDEA:
1014 case SSH_CIPHER_TSS:
1015 case SSH_CIPHER_RC4:
1016 isOK = FALSE;
1017 break;
1018
1019 default: // SSH2
1020 if (cipher <= SSH_CIPHER_MAX) {
1021 enc = &pvar->ssh2_keys[MODE_IN].enc;
1022 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1023 enc->key, get_cipher_key_len(cipher),
1024 enc->iv, get_cipher_block_size(cipher),
1025 CIPHER_DECRYPT,
1026 get_cipher_EVP_CIPHER(cipher),
1027 get_cipher_discard_len(cipher),
1028 pvar);
1029
1030 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1031 }
1032 else {
1033 isOK = FALSE;
1034 }
1035 break;
1036 }
1037 }
1038
1039 if (!isOK) {
1040 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1041 "No cipher selected!");
1042 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1043 return FALSE;
1044 } else {
1045 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1046 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1047 return TRUE;
1048 }
1049 }
1050
1051 void CRYPT_init(PTInstVar pvar)
1052 {
1053 pvar->crypt_state.encrypt = no_encrypt;
1054 pvar->crypt_state.decrypt = no_encrypt;
1055 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1056 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1057 pvar->crypt_state.server_key.RSA_key = NULL;
1058 pvar->crypt_state.host_key.RSA_key = NULL;
1059
1060 pvar->crypt_state.detect_attack_statics.h = NULL;
1061 pvar->crypt_state.detect_attack_statics.n =
1062 HASH_MINSIZE / HASH_ENTRYSIZE;
1063 }
1064
1065 static char *get_cipher_name(int cipher)
1066 {
1067 switch (cipher) {
1068 case SSH_CIPHER_NONE:
1069 return "None";
1070 case SSH_CIPHER_3DES:
1071 return "3DES (168 key bits)";
1072 case SSH_CIPHER_DES:
1073 return "DES (56 key bits)";
1074 case SSH_CIPHER_BLOWFISH:
1075 return "Blowfish (256 key bits)";
1076
1077 // SSH2
1078 case SSH2_CIPHER_3DES_CBC:
1079 return "3DES-CBC";
1080 case SSH2_CIPHER_AES128_CBC:
1081 return "AES128-CBC";
1082 case SSH2_CIPHER_AES192_CBC:
1083 return "AES192-CBC";
1084 case SSH2_CIPHER_AES256_CBC:
1085 return "AES256-CBC";
1086 case SSH2_CIPHER_BLOWFISH_CBC:
1087 return "Blowfish-CBC";
1088 case SSH2_CIPHER_AES128_CTR:
1089 return "AES128-CTR";
1090 case SSH2_CIPHER_AES192_CTR:
1091 return "AES192-CTR";
1092 case SSH2_CIPHER_AES256_CTR:
1093 return "AES256-CTR";
1094 case SSH2_CIPHER_ARCFOUR:
1095 return "Arcfour";
1096 case SSH2_CIPHER_ARCFOUR128:
1097 return "Arcfour128";
1098 case SSH2_CIPHER_ARCFOUR256:
1099 return "Arcfour256";
1100 case SSH2_CIPHER_CAST128_CBC:
1101 return "CAST-128-CBC";
1102 case SSH2_CIPHER_3DES_CTR:
1103 return "3DES-CTR";
1104 case SSH2_CIPHER_BLOWFISH_CTR:
1105 return "Blowfish-CTR";
1106 case SSH2_CIPHER_CAST128_CTR:
1107 return "CAST-128-CTR";
1108 case SSH2_CIPHER_CAMELLIA128_CBC:
1109 return "Camellia128-CBC";
1110 case SSH2_CIPHER_CAMELLIA192_CBC:
1111 return "Camellia192-CBC";
1112 case SSH2_CIPHER_CAMELLIA256_CBC:
1113 return "Camellia256-CBC";
1114 case SSH2_CIPHER_CAMELLIA128_CTR:
1115 return "Camellia128-CTR";
1116 case SSH2_CIPHER_CAMELLIA192_CTR:
1117 return "Camellia192-CTR";
1118 case SSH2_CIPHER_CAMELLIA256_CTR:
1119 return "Camellia256-CTR";
1120
1121 default:
1122 return "Unknown";
1123 }
1124 }
1125
1126 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1127 {
1128 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1129 "%s to server, %s from server");
1130 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1131 get_cipher_name(pvar->crypt_state.sender_cipher),
1132 get_cipher_name(pvar->crypt_state.receiver_cipher));
1133 }
1134
1135 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1136 {
1137 if (SSHv1(pvar)) {
1138 if (pvar->crypt_state.server_key.RSA_key == NULL
1139 || pvar->crypt_state.host_key.RSA_key == NULL) {
1140 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1141 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1142 } else {
1143 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1144 "%d-bit server key, %d-bit host key");
1145 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1146 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1147 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1148 }
1149 } else { // SSH2
1150 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1151 "%d-bit client key, %d-bit server key");
1152 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1153 pvar->client_key_bits,
1154 pvar->server_key_bits);
1155 }
1156 }
1157
1158 static void destroy_public_key(CRYPTPublicKey * key)
1159 {
1160 if (key->RSA_key != NULL) {
1161 RSA_free(key->RSA_key);
1162 key->RSA_key = NULL;
1163 }
1164 }
1165
1166 void CRYPT_free_public_key(CRYPTPublicKey * key)
1167 {
1168 destroy_public_key(key);
1169 free(key);
1170 }
1171
1172 void CRYPT_end(PTInstVar pvar)
1173 {
1174 destroy_public_key(&pvar->crypt_state.host_key);
1175 destroy_public_key(&pvar->crypt_state.server_key);
1176
1177 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1178 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1179 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1180 free(pvar->crypt_state.detect_attack_statics.h);
1181 }
1182
1183 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1184 sizeof(pvar->crypt_state.sender_cipher_key));
1185 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1186 sizeof(pvar->crypt_state.receiver_cipher_key));
1187 SecureZeroMemory(pvar->crypt_state.server_cookie,
1188 sizeof(pvar->crypt_state.server_cookie));
1189 SecureZeroMemory(pvar->crypt_state.client_cookie,
1190 sizeof(pvar->crypt_state.client_cookie));
1191 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1192 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1193 }
1194
1195 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1196 char *buf, int bytes)
1197 {
1198 unsigned char passphrase_key[16];
1199
1200 MD5(passphrase, strlen(passphrase), passphrase_key);
1201
1202 switch (cipher) {
1203 case SSH_CIPHER_3DES:{
1204 Cipher3DESState state;
1205
1206 DES_set_key((const_DES_cblock *) passphrase_key,
1207 &state.k1);
1208 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1209 &state.k2);
1210 DES_set_key((const_DES_cblock *) passphrase_key,
1211 &state.k3);
1212 memset(state.ivec1, 0, 8);
1213 memset(state.ivec2, 0, 8);
1214 memset(state.ivec3, 0, 8);
1215 DES_ncbc_encrypt(buf, buf, bytes,
1216 &state.k3, &state.ivec3, DES_DECRYPT);
1217 DES_ncbc_encrypt(buf, buf, bytes,
1218 &state.k2, &state.ivec2, DES_ENCRYPT);
1219 DES_ncbc_encrypt(buf, buf, bytes,
1220 &state.k1, &state.ivec1, DES_DECRYPT);
1221 break;
1222 }
1223
1224 case SSH_CIPHER_DES:{
1225 CipherDESState state;
1226
1227 cDES_init(passphrase_key, &state);
1228 DES_ncbc_encrypt(buf, buf, bytes,
1229 &state.k, &state.ivec, DES_DECRYPT);
1230 break;
1231 }
1232
1233 case SSH_CIPHER_BLOWFISH:{
1234 CipherBlowfishState state;
1235
1236 BF_set_key(&state.k, 16, passphrase_key);
1237 memset(state.ivec, 0, 8);
1238 flip_endianness(buf, bytes);
1239 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1240 BF_DECRYPT);
1241 flip_endianness(buf, bytes);
1242 break;
1243 }
1244
1245 case SSH_CIPHER_NONE:
1246 break;
1247
1248 default:
1249 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1250 return 0;
1251 }
1252
1253 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1254 return 1;
1255 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help