Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6982 - (show annotations) (download) (as text)
Sat Nov 25 15:26:31 2017 UTC (6 years, 4 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 37421 byte(s) 
負にならない(なるべきでない)変数、関数を unsigned int に変更
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004-2017 TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75
76 static char *get_cipher_name(int cipher);
77
78 static void crc_update(uint32 *a, uint32 b)
79 {
80 b ^= *a;
81 *a = do_crc((unsigned char *) &b, sizeof(b));
82 }
83
84 /* check_crc
85 detects if a block is used in a particular pattern
86 */
87
88 static int check_crc(unsigned char *S, unsigned char *buf,
89 uint32 len, unsigned char *IV)
90 {
91 uint32 crc;
92 unsigned char *c;
93
94 crc = 0;
95 if (IV && !CMP(S, IV)) {
96 crc_update(&crc, 1);
97 crc_update(&crc, 0);
98 }
99 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100 if (!CMP(S, c)) {
101 crc_update(&crc, 1);
102 crc_update(&crc, 0);
103 } else {
104 crc_update(&crc, 0);
105 crc_update(&crc, 0);
106 }
107 }
108
109 return crc == 0;
110 }
111
112
113 /*
114 detect_attack
115 Detects a crc32 compensation attack on a packet
116 */
117 static int detect_attack(CRYPTDetectAttack *statics,
118 unsigned char *buf, uint32 len,
119 unsigned char *IV)
120 {
121 uint32 *h = statics->h;
122 uint32 n = statics->n;
123 uint32 i, j;
124 uint32 l;
125 unsigned char *c;
126 unsigned char *d;
127
128 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129 }
130
131 if (h == NULL) {
132 n = l;
133 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 } else {
135 if (l > n) {
136 n = l;
137 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 }
139 }
140
141 statics->h = h;
142 statics->n = n;
143
144 if (len <= HASH_MINBLOCKS) {
145 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146 if (IV && (!CMP(c, IV))) {
147 if ((check_crc(c, buf, len, IV)))
148 return DEATTACK_DETECTED;
149 else
150 break;
151 }
152 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153 if (!CMP(c, d)) {
154 if ((check_crc(c, buf, len, IV)))
155 return DEATTACK_DETECTED;
156 else
157 break;
158 }
159 }
160 }
161 return (DEATTACK_OK);
162 }
163 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164
165 if (IV) {
166 h[HASH(IV) & (n - 1)] = HASH_IV;
167 }
168
169 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171 i = (i + 1) & (n - 1)) {
172 if (h[i] == HASH_IV) {
173 if (!CMP(c, IV)) {
174 if (check_crc(c, buf, len, IV))
175 return DEATTACK_DETECTED;
176 else
177 break;
178 }
179 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180 if (check_crc(c, buf, len, IV))
181 return DEATTACK_DETECTED;
182 else
183 break;
184 }
185 }
186 h[i] = j;
187 }
188
189 return DEATTACK_OK;
190 }
191
192 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 {
194 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 } else {
197 return FALSE;
198 }
199 }
200
201 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
202 {
203 }
204
205 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
206 {
207 unsigned char *newbuf;
208 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
209 char tmp[80];
210
211 if (bytes == 0)
212 return;
213
214 if (bytes % block_size) {
215 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
216 "%s encrypt error(1): bytes %d (%d)");
217 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
218 get_cipher_name(pvar->crypt_state.sender_cipher),
219 bytes, block_size);
220 notify_fatal_error(pvar, tmp, TRUE);
221 return;
222 }
223
224 if ((newbuf = malloc(bytes)) == NULL)
225 return;
226
227 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
228 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
229 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
230 get_cipher_name(pvar->crypt_state.sender_cipher));
231 notify_fatal_error(pvar, tmp, TRUE);
232 } else {
233 memcpy(buf, newbuf, bytes);
234 }
235
236 free(newbuf);
237 }
238
239 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
240 {
241 unsigned char *newbuf;
242 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
243 char tmp[80];
244
245 if (bytes == 0)
246 return;
247
248 if (bytes % block_size) {
249 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
250 "%s decrypt error(1): bytes %d (%d)");
251 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
252 get_cipher_name(pvar->crypt_state.receiver_cipher),
253 bytes, block_size);
254 notify_fatal_error(pvar, tmp, TRUE);
255 return;
256 }
257
258 if ((newbuf = malloc(bytes)) == NULL)
259 return;
260
261 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
262 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
263 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
264 get_cipher_name(pvar->crypt_state.receiver_cipher));
265 notify_fatal_error(pvar, tmp, TRUE);
266 } else {
267 memcpy(buf, newbuf, bytes);
268 }
269
270 free(newbuf);
271 }
272
273 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
274 {
275 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
276
277 DES_ncbc_encrypt(buf, buf, bytes,
278 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
279 DES_ncbc_encrypt(buf, buf, bytes,
280 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
281 DES_ncbc_encrypt(buf, buf, bytes,
282 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
283 }
284
285 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
286 {
287 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
288
289 DES_ncbc_encrypt(buf, buf, bytes,
290 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
291 DES_ncbc_encrypt(buf, buf, bytes,
292 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
293 DES_ncbc_encrypt(buf, buf, bytes,
294 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
295 }
296
297 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
298 {
299 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
300
301 DES_ncbc_encrypt(buf, buf, bytes,
302 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
303 }
304
305 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
306 {
307 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
308
309 DES_ncbc_encrypt(buf, buf, bytes,
310 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
311 }
312
313 static void flip_endianness(unsigned char *cbuf, int bytes)
314 {
315 uint32 *buf = (uint32 *) cbuf;
316 int count = bytes / 4;
317
318 while (count > 0) {
319 uint32 w = *buf;
320
321 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
322 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
323 count--;
324 buf++;
325 }
326 }
327
328 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
329 {
330 CipherBlowfishState *encryptstate =
331 &pvar->crypt_state.enc.cBlowfish;
332
333 flip_endianness(buf, bytes);
334 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
335 BF_ENCRYPT);
336 flip_endianness(buf, bytes);
337 }
338
339 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
340 {
341 CipherBlowfishState *decryptstate =
342 &pvar->crypt_state.dec.cBlowfish;
343
344 flip_endianness(buf, bytes);
345 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
346 BF_DECRYPT);
347 flip_endianness(buf, bytes);
348 }
349
350 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
351 {
352 RAND_bytes(buf, bytes);
353 }
354
355 void CRYPT_initialize_random_numbers(PTInstVar pvar)
356 {
357 // ����������������������
358 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
359 //RAND_screen();
360 }
361
362 static BIGNUM *get_bignum(unsigned char *bytes)
363 {
364 int bits = get_ushort16_MSBfirst(bytes);
365
366 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
367 }
368
369 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
370 RSA *make_key(PTInstVar pvar,
371 int bits, unsigned char *exp,
372 unsigned char *mod)
373 {
374 RSA *key = RSA_new();
375
376 if (key != NULL) {
377 key->e = get_bignum(exp);
378 key->n = get_bignum(mod);
379 }
380
381 if (key == NULL || key->e == NULL || key->n == NULL) {
382 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
383 "Error setting up RSA keys");
384 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
385
386 if (key != NULL) {
387 if (key->e != NULL) {
388 BN_free(key->e);
389 }
390 if (key->n != NULL) {
391 BN_free(key->n);
392 }
393 RSA_free(key);
394 }
395
396 return NULL;
397 } else {
398 return key;
399 }
400 }
401
402 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
403 {
404 if (SSHv1(pvar)) {
405 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
406 } else {
407 memcpy(pvar->crypt_state.server_cookie, cookie,
408 SSH2_COOKIE_LENGTH);
409 }
410 }
411
412 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
413 {
414 if (SSHv2(pvar)) {
415 memcpy(pvar->crypt_state.client_cookie, cookie,
416 SSH2_COOKIE_LENGTH);
417 }
418 }
419
420 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
421 int bits, unsigned char *exp,
422 unsigned char *mod)
423 {
424 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
425
426 return pvar->crypt_state.server_key.RSA_key != NULL;
427 }
428
429 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
430 int bits, unsigned char *exp,
431 unsigned char *mod)
432 {
433 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
434
435 return pvar->crypt_state.host_key.RSA_key != NULL;
436 }
437
438 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
439 int receiver_ciphers)
440 {
441 int cipher_mask;
442
443 if (SSHv1(pvar)) {
444 cipher_mask = (1 << SSH_CIPHER_DES)
445 | (1 << SSH_CIPHER_3DES)
446 | (1 << SSH_CIPHER_BLOWFISH);
447
448 } else { // for SSH2(yutaka)
449 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
450 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
451 | (1 << SSH2_CIPHER_AES128_CBC)
452 | (1 << SSH2_CIPHER_AES192_CBC)
453 | (1 << SSH2_CIPHER_AES256_CBC)
454 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
455 | (1 << SSH2_CIPHER_AES128_CTR)
456 | (1 << SSH2_CIPHER_AES192_CTR)
457 | (1 << SSH2_CIPHER_AES256_CTR)
458 | (1 << SSH2_CIPHER_ARCFOUR)
459 | (1 << SSH2_CIPHER_ARCFOUR128)
460 | (1 << SSH2_CIPHER_ARCFOUR256)
461 | (1 << SSH2_CIPHER_CAST128_CBC)
462 | (1 << SSH2_CIPHER_3DES_CTR)
463 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
464 | (1 << SSH2_CIPHER_CAST128_CTR)
465 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
466 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
467 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
468 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
469 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
470 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
471 );
472 }
473
474 sender_ciphers &= cipher_mask;
475 receiver_ciphers &= cipher_mask;
476 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
477 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
478
479 if (sender_ciphers == 0) {
480 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
481 "The server does not support any of the TTSSH encryption algorithms.\n"
482 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
483 "The connection will be closed.");
484 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
485 return FALSE;
486 } else if (receiver_ciphers == 0) {
487 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
488 "The server does not support any of the TTSSH encryption algorithms.\n"
489 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
490 "The connection will be closed.");
491 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492 return FALSE;
493 } else {
494 return TRUE;
495 }
496 }
497
498 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
499 {
500 if (SSHv1(pvar)) {
501 return 8;
502 } else {
503 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
504 // cf. 3DES=8, AES128=16
505 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
506 }
507 }
508
509 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
510 {
511 if (SSHv1(pvar)) {
512 return 8;
513 } else {
514 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
515 // cf. 3DES=8, AES128=16
516 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
517 }
518 }
519
520 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
521 {
522 struct Mac *mac;
523
524 if (SSHv1(pvar)) {
525 return 0;
526
527 } else { // for SSH2(yutaka)
528 mac = &pvar->ssh2_keys[MODE_IN].mac;
529 if (mac == NULL || mac->enabled == 0)
530 return 0;
531
532 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
533 }
534
535 }
536
537 // HMAC������
538 // ���{������ SSH2 �������g�p�������B
539 // (2004.12.17 yutaka)
540 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
541 char *data, int len, char *MAC)
542 {
543 HMAC_CTX c;
544 unsigned char m[EVP_MAX_MD_SIZE];
545 unsigned char b[4];
546 struct Mac *mac;
547
548 mac = &pvar->ssh2_keys[MODE_IN].mac;
549
550 // HMAC�������L���������������A����OK�����������B
551 if (mac == NULL || mac->enabled == 0)
552 return TRUE;
553
554 if (mac->key == NULL) {
555 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
556 goto error;
557 }
558
559 if ((u_int)mac->mac_len > sizeof(m)) {
560 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
561 mac->mac_len, sizeof(m), sequence_number, len);
562 goto error;
563 }
564
565 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
566 set_uint32_MSBfirst(b, sequence_number);
567 HMAC_Update(&c, b, sizeof(b));
568 HMAC_Update(&c, data, len);
569 HMAC_Final(&c, m, NULL);
570 HMAC_cleanup(&c);
571
572 if (memcmp(m, MAC, mac->mac_len)) {
573 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
574 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
575 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
576 goto error;
577 }
578
579 return TRUE;
580
581 error:
582 return FALSE;
583 }
584
585 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
586 {
587 struct Mac *mac;
588
589 if (SSHv2(pvar)) { // for SSH2(yutaka)
590 mac = &pvar->ssh2_keys[MODE_OUT].mac;
591 if (mac == NULL || mac->enabled == 0)
592 return 0;
593
594 return (mac->mac_len);
595 }
596
597 return 0;
598 }
599
600 // for SSH2
601 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
602 char *data, int len, char *MAC)
603 {
604 HMAC_CTX c;
605 static u_char m[EVP_MAX_MD_SIZE];
606 u_char b[4];
607 struct Mac *mac;
608
609 if (SSHv2(pvar)) { // for SSH2(yutaka)
610 mac = &pvar->ssh2_keys[MODE_OUT].mac;
611 if (mac == NULL || mac->enabled == 0)
612 return FALSE;
613
614 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
615 set_uint32_MSBfirst(b, sequence_number);
616 HMAC_Update(&c, b, sizeof(b));
617 HMAC_Update(&c, data, len);
618 HMAC_Final(&c, m, NULL);
619 HMAC_cleanup(&c);
620
621 // 20�o�C�g�������R�s�[
622 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
623 // memcpy(MAC, m, sizeof(m));
624
625 return TRUE;
626 }
627
628 return TRUE;
629
630 }
631
632 static int choose_cipher(PTInstVar pvar, int supported)
633 {
634 int i;
635
636 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
637 int cipher = pvar->session_settings.CipherOrder[i] - '0';
638
639 if (cipher == SSH_CIPHER_NONE) {
640 break;
641 } else if ((supported & (1 << cipher)) != 0) {
642 return cipher;
643 }
644 }
645
646 return SSH_CIPHER_NONE;
647 }
648
649 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
650 {
651 if (SSHv1(pvar)) {
652 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
653 pvar->crypt_state.
654 supported_sender_ciphers);
655 pvar->crypt_state.receiver_cipher =
656 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
657
658 } else { // SSH2(yutaka)
659 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
660 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
661
662 }
663
664 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
665 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
666 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
667 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
668 "To communicate with this server, you will have to enable some more ciphers\n"
669 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
670 "This connection will now close.");
671 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
672 return FALSE;
673 } else {
674 return TRUE;
675 }
676 }
677
678 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
679 {
680 int server_key_bits =
681 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
682 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
683 int server_key_bytes = (server_key_bits + 7) / 8;
684 int host_key_bytes = (host_key_bits + 7) / 8;
685
686 if (server_key_bits < host_key_bits) {
687 return host_key_bytes;
688 } else {
689 return server_key_bytes;
690 }
691 }
692
693 int CRYPT_choose_session_key(PTInstVar pvar,
694 unsigned char *encrypted_key_buf)
695 {
696 int server_key_bits =
697 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
698 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
699 int server_key_bytes = (server_key_bits + 7) / 8;
700 int host_key_bytes = (host_key_bits + 7) / 8;
701 int encrypted_key_bytes;
702 int bit_delta;
703
704 if (server_key_bits < host_key_bits) {
705 encrypted_key_bytes = host_key_bytes;
706 bit_delta = host_key_bits - server_key_bits;
707 } else {
708 encrypted_key_bytes = server_key_bytes;
709 bit_delta = server_key_bits - host_key_bits;
710 }
711
712 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
713 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
714 "Server RSA keys are too weak. A secure connection cannot be established.");
715 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
716 return 0;
717 } else {
718 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
719 for the session ID, rather than the one specified in the RFC */
720 int session_buf_len = server_key_bytes + host_key_bytes + 8;
721 char *session_buf = (char *) malloc(session_buf_len);
722 char session_id[16];
723 int i;
724
725 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
726 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
727 session_buf + host_key_bytes);
728 memcpy(session_buf + server_key_bytes + host_key_bytes,
729 pvar->crypt_state.server_cookie, 8);
730 MD5(session_buf, session_buf_len, session_id);
731
732 free(session_buf);
733
734 RAND_bytes(pvar->crypt_state.sender_cipher_key,
735 SSH_SESSION_KEY_LENGTH);
736 memcpy(pvar->crypt_state.receiver_cipher_key,
737 pvar->crypt_state.sender_cipher_key,
738 SSH_SESSION_KEY_LENGTH);
739
740 memcpy(encrypted_key_buf + encrypted_key_bytes -
741 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
742 SSH_SESSION_KEY_LENGTH);
743 for (i = 0; i < sizeof(session_id); i++) {
744 encrypted_key_buf[encrypted_key_bytes -
745 SSH_SESSION_KEY_LENGTH + i]
746 ^= session_id[i];
747 }
748
749 if (host_key_bits > server_key_bits) {
750 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
751 encrypted_key_buf +
752 encrypted_key_bytes -
753 SSH_SESSION_KEY_LENGTH,
754 encrypted_key_buf +
755 encrypted_key_bytes - server_key_bytes,
756 pvar->crypt_state.server_key.RSA_key,
757 RSA_PKCS1_PADDING) < 0)
758 return 0;
759
760 if (RSA_public_encrypt(server_key_bytes,
761 encrypted_key_buf +
762 encrypted_key_bytes - server_key_bytes,
763 encrypted_key_buf,
764 pvar->crypt_state.host_key.RSA_key,
765 RSA_PKCS1_PADDING) < 0)
766 return 0;
767 } else {
768 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
769 encrypted_key_buf +
770 encrypted_key_bytes -
771 SSH_SESSION_KEY_LENGTH,
772 encrypted_key_buf +
773 encrypted_key_bytes - host_key_bytes,
774 pvar->crypt_state.host_key.RSA_key,
775 RSA_PKCS1_PADDING) < 0)
776 return 0;
777
778 if (RSA_public_encrypt(host_key_bytes,
779 encrypted_key_buf +
780 encrypted_key_bytes - host_key_bytes,
781 encrypted_key_buf,
782 pvar->crypt_state.server_key.RSA_key,
783 RSA_PKCS1_PADDING) < 0)
784 return 0;
785 }
786 }
787
788 return 1;
789 }
790
791 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
792 unsigned char *challenge,
793 int challenge_len,
794 unsigned char *response)
795 {
796 int server_key_bits =
797 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
798 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
799 int server_key_bytes = (server_key_bits + 7) / 8;
800 int host_key_bytes = (host_key_bits + 7) / 8;
801 int session_buf_len = server_key_bytes + host_key_bytes + 8;
802 char *session_buf = (char *) malloc(session_buf_len);
803 char decrypted_challenge[48];
804 int decrypted_challenge_len;
805
806 decrypted_challenge_len =
807 RSA_private_decrypt(challenge_len, challenge, challenge,
808 AUTH_get_cur_cred(pvar)->key_pair->rsa,
809 RSA_PKCS1_PADDING);
810 if (decrypted_challenge_len < 0) {
811 free(session_buf);
812 return 0;
813 }
814 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
815 memcpy(decrypted_challenge,
816 challenge + decrypted_challenge_len -
817 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
818 } else {
819 memset(decrypted_challenge, 0,
820 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
821 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
822 decrypted_challenge_len, challenge,
823 decrypted_challenge_len);
824 }
825
826 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
827 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
828 session_buf + host_key_bytes);
829 memcpy(session_buf + server_key_bytes + host_key_bytes,
830 pvar->crypt_state.server_cookie, 8);
831 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
832
833 free(session_buf);
834
835 MD5(decrypted_challenge, 48, response);
836
837 return 1;
838 }
839
840 static void c3DES_init(char *session_key, Cipher3DESState *state)
841 {
842 DES_set_key((const_DES_cblock *) session_key, &state->k1);
843 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
844 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
845 memset(state->ivec1, 0, 8);
846 memset(state->ivec2, 0, 8);
847 memset(state->ivec3, 0, 8);
848 }
849
850 static void cDES_init(char *session_key, CipherDESState *state)
851 {
852 DES_set_key((const_DES_cblock *) session_key, &state->k);
853 memset(state->ivec, 0, 8);
854 }
855
856 static void cBlowfish_init(char *session_key,
857 CipherBlowfishState *state)
858 {
859 BF_set_key(&state->k, 32, session_key);
860 memset(state->ivec, 0, 8);
861 }
862
863
864 //
865 // SSH2�p�A���S���Y����������
866 //
867 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
868 const u_char *key, u_int keylen,
869 const u_char *iv, u_int ivlen,
870 int encrypt,
871 const EVP_CIPHER *type,
872 int discard_len,
873 PTInstVar pvar)
874 {
875 int klen;
876 char tmp[80];
877 unsigned char *junk = NULL, *discard = NULL;
878
879 EVP_CIPHER_CTX_init(evp);
880 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
881 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
882 "Cipher initialize error(%d)");
883 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
884 notify_fatal_error(pvar, tmp, TRUE);
885 return;
886 }
887
888 klen = EVP_CIPHER_CTX_key_length(evp);
889 if (klen > 0 && keylen != klen) {
890 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
891 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
892 "Cipher initialize error(%d)");
893 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
894 notify_fatal_error(pvar, tmp, TRUE);
895 return;
896 }
897 }
898 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
899 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
900 "Cipher initialize error(%d)");
901 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
902 notify_fatal_error(pvar, tmp, TRUE);
903 return;
904 }
905
906 if (discard_len > 0) {
907 junk = malloc(discard_len);
908 discard = malloc(discard_len);
909 if (junk == NULL || discard == NULL ||
910 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
911 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
912 "Cipher initialize error(%d)");
913 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
914 pvar->ts->UIMsg, 3);
915 notify_fatal_error(pvar, tmp, TRUE);
916 }
917 else {
918 SecureZeroMemory(discard, discard_len);
919 }
920 free(junk);
921 free(discard);
922 }
923 }
924
925 //
926 // SSH2�p�A���S���Y�����j��
927 //
928 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
929 {
930 EVP_CIPHER_CTX_cleanup(evp);
931 }
932
933
934 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
935 {
936 struct Enc *enc;
937 char *encryption_key = pvar->crypt_state.sender_cipher_key;
938 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
939 int cipher;
940 BOOL isOK = TRUE;
941
942 if (sender_flag) {
943 cipher = pvar->crypt_state.sender_cipher;
944 switch (cipher) {
945 case SSH_CIPHER_3DES:
946 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
947 pvar->crypt_state.encrypt = c3DES_encrypt;
948 break;
949
950 case SSH_CIPHER_DES:
951 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
952 pvar->crypt_state.encrypt = cDES_encrypt;
953 break;
954
955 case SSH_CIPHER_BLOWFISH:
956 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
957 pvar->crypt_state.encrypt = cBlowfish_encrypt;
958 break;
959
960 case SSH_CIPHER_NONE:
961 case SSH_CIPHER_IDEA:
962 case SSH_CIPHER_TSS:
963 case SSH_CIPHER_RC4:
964 isOK = FALSE;
965 break;
966
967 default: // SSH2
968 if (cipher <= SSH_CIPHER_MAX) {
969 enc = &pvar->ssh2_keys[MODE_OUT].enc;
970 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
971 enc->key, get_cipher_key_len(cipher),
972 enc->iv, get_cipher_block_size(cipher),
973 CIPHER_ENCRYPT,
974 get_cipher_EVP_CIPHER(cipher),
975 get_cipher_discard_len(cipher),
976 pvar);
977
978 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
979 }
980 else {
981 isOK = FALSE;
982 }
983 break;
984 }
985 }
986
987 if (receiver_flag) {
988 cipher = pvar->crypt_state.receiver_cipher;
989 switch (cipher) {
990 case SSH_CIPHER_3DES:
991 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
992 pvar->crypt_state.decrypt = c3DES_decrypt;
993 break;
994
995 case SSH_CIPHER_DES:
996 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
997 pvar->crypt_state.decrypt = cDES_decrypt;
998 break;
999
1000 case SSH_CIPHER_BLOWFISH:
1001 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1002 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1003 break;
1004
1005 case SSH_CIPHER_NONE:
1006 case SSH_CIPHER_IDEA:
1007 case SSH_CIPHER_TSS:
1008 case SSH_CIPHER_RC4:
1009 isOK = FALSE;
1010 break;
1011
1012 default: // SSH2
1013 if (cipher <= SSH_CIPHER_MAX) {
1014 enc = &pvar->ssh2_keys[MODE_IN].enc;
1015 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1016 enc->key, get_cipher_key_len(cipher),
1017 enc->iv, get_cipher_block_size(cipher),
1018 CIPHER_DECRYPT,
1019 get_cipher_EVP_CIPHER(cipher),
1020 get_cipher_discard_len(cipher),
1021 pvar);
1022
1023 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1024 }
1025 else {
1026 isOK = FALSE;
1027 }
1028 break;
1029 }
1030 }
1031
1032 if (!isOK) {
1033 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1034 "No cipher selected!");
1035 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1036 return FALSE;
1037 } else {
1038 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1039 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1040 return TRUE;
1041 }
1042 }
1043
1044 void CRYPT_init(PTInstVar pvar)
1045 {
1046 pvar->crypt_state.encrypt = no_encrypt;
1047 pvar->crypt_state.decrypt = no_encrypt;
1048 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1049 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1050 pvar->crypt_state.server_key.RSA_key = NULL;
1051 pvar->crypt_state.host_key.RSA_key = NULL;
1052
1053 pvar->crypt_state.detect_attack_statics.h = NULL;
1054 pvar->crypt_state.detect_attack_statics.n =
1055 HASH_MINSIZE / HASH_ENTRYSIZE;
1056 }
1057
1058 static char *get_cipher_name(int cipher)
1059 {
1060 switch (cipher) {
1061 case SSH_CIPHER_NONE:
1062 return "None";
1063 case SSH_CIPHER_3DES:
1064 return "3DES (168 key bits)";
1065 case SSH_CIPHER_DES:
1066 return "DES (56 key bits)";
1067 case SSH_CIPHER_BLOWFISH:
1068 return "Blowfish (256 key bits)";
1069
1070 // SSH2
1071 case SSH2_CIPHER_3DES_CBC:
1072 return "3DES-CBC";
1073 case SSH2_CIPHER_AES128_CBC:
1074 return "AES128-CBC";
1075 case SSH2_CIPHER_AES192_CBC:
1076 return "AES192-CBC";
1077 case SSH2_CIPHER_AES256_CBC:
1078 return "AES256-CBC";
1079 case SSH2_CIPHER_BLOWFISH_CBC:
1080 return "Blowfish-CBC";
1081 case SSH2_CIPHER_AES128_CTR:
1082 return "AES128-CTR";
1083 case SSH2_CIPHER_AES192_CTR:
1084 return "AES192-CTR";
1085 case SSH2_CIPHER_AES256_CTR:
1086 return "AES256-CTR";
1087 case SSH2_CIPHER_ARCFOUR:
1088 return "Arcfour";
1089 case SSH2_CIPHER_ARCFOUR128:
1090 return "Arcfour128";
1091 case SSH2_CIPHER_ARCFOUR256:
1092 return "Arcfour256";
1093 case SSH2_CIPHER_CAST128_CBC:
1094 return "CAST-128-CBC";
1095 case SSH2_CIPHER_3DES_CTR:
1096 return "3DES-CTR";
1097 case SSH2_CIPHER_BLOWFISH_CTR:
1098 return "Blowfish-CTR";
1099 case SSH2_CIPHER_CAST128_CTR:
1100 return "CAST-128-CTR";
1101 case SSH2_CIPHER_CAMELLIA128_CBC:
1102 return "Camellia128-CBC";
1103 case SSH2_CIPHER_CAMELLIA192_CBC:
1104 return "Camellia192-CBC";
1105 case SSH2_CIPHER_CAMELLIA256_CBC:
1106 return "Camellia256-CBC";
1107 case SSH2_CIPHER_CAMELLIA128_CTR:
1108 return "Camellia128-CTR";
1109 case SSH2_CIPHER_CAMELLIA192_CTR:
1110 return "Camellia192-CTR";
1111 case SSH2_CIPHER_CAMELLIA256_CTR:
1112 return "Camellia256-CTR";
1113
1114 default:
1115 return "Unknown";
1116 }
1117 }
1118
1119 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1120 {
1121 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1122 "%s to server, %s from server");
1123 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1124 get_cipher_name(pvar->crypt_state.sender_cipher),
1125 get_cipher_name(pvar->crypt_state.receiver_cipher));
1126 }
1127
1128 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1129 {
1130 if (SSHv1(pvar)) {
1131 if (pvar->crypt_state.server_key.RSA_key == NULL
1132 || pvar->crypt_state.host_key.RSA_key == NULL) {
1133 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1134 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1135 } else {
1136 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1137 "%d-bit server key, %d-bit host key");
1138 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1139 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1140 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1141 }
1142 } else { // SSH2
1143 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1144 "%d-bit client key, %d-bit server key");
1145 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1146 pvar->client_key_bits,
1147 pvar->server_key_bits);
1148 }
1149 }
1150
1151 static void destroy_public_key(CRYPTPublicKey * key)
1152 {
1153 if (key->RSA_key != NULL) {
1154 RSA_free(key->RSA_key);
1155 key->RSA_key = NULL;
1156 }
1157 }
1158
1159 void CRYPT_free_public_key(CRYPTPublicKey * key)
1160 {
1161 destroy_public_key(key);
1162 free(key);
1163 }
1164
1165 void CRYPT_end(PTInstVar pvar)
1166 {
1167 destroy_public_key(&pvar->crypt_state.host_key);
1168 destroy_public_key(&pvar->crypt_state.server_key);
1169
1170 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1171 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1172 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1173 free(pvar->crypt_state.detect_attack_statics.h);
1174 }
1175
1176 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1177 sizeof(pvar->crypt_state.sender_cipher_key));
1178 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1179 sizeof(pvar->crypt_state.receiver_cipher_key));
1180 SecureZeroMemory(pvar->crypt_state.server_cookie,
1181 sizeof(pvar->crypt_state.server_cookie));
1182 SecureZeroMemory(pvar->crypt_state.client_cookie,
1183 sizeof(pvar->crypt_state.client_cookie));
1184 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1185 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1186 }
1187
1188 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1189 char *buf, int bytes)
1190 {
1191 unsigned char passphrase_key[16];
1192
1193 MD5(passphrase, strlen(passphrase), passphrase_key);
1194
1195 switch (cipher) {
1196 case SSH_CIPHER_3DES:{
1197 Cipher3DESState state;
1198
1199 DES_set_key((const_DES_cblock *) passphrase_key,
1200 &state.k1);
1201 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1202 &state.k2);
1203 DES_set_key((const_DES_cblock *) passphrase_key,
1204 &state.k3);
1205 memset(state.ivec1, 0, 8);
1206 memset(state.ivec2, 0, 8);
1207 memset(state.ivec3, 0, 8);
1208 DES_ncbc_encrypt(buf, buf, bytes,
1209 &state.k3, &state.ivec3, DES_DECRYPT);
1210 DES_ncbc_encrypt(buf, buf, bytes,
1211 &state.k2, &state.ivec2, DES_ENCRYPT);
1212 DES_ncbc_encrypt(buf, buf, bytes,
1213 &state.k1, &state.ivec1, DES_DECRYPT);
1214 break;
1215 }
1216
1217 case SSH_CIPHER_DES:{
1218 CipherDESState state;
1219
1220 cDES_init(passphrase_key, &state);
1221 DES_ncbc_encrypt(buf, buf, bytes,
1222 &state.k, &state.ivec, DES_DECRYPT);
1223 break;
1224 }
1225
1226 case SSH_CIPHER_BLOWFISH:{
1227 CipherBlowfishState state;
1228
1229 BF_set_key(&state.k, 16, passphrase_key);
1230 memset(state.ivec, 0, 8);
1231 flip_endianness(buf, bytes);
1232 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1233 BF_DECRYPT);
1234 flip_endianness(buf, bytes);
1235 break;
1236 }
1237
1238 case SSH_CIPHER_NONE:
1239 break;
1240
1241 default:
1242 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1243 return 0;
1244 }
1245
1246 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1247 return 1;
1248 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help