Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 6988 - (show annotations) (download) (as text)
Tue Nov 28 01:18:22 2017 UTC (6 years, 4 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41526 byte(s) 
SSH2 暗号方式を小文字に統一
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004-2017 TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75
76 static char *get_cipher_name(int cipher);
77
78 static void crc_update(uint32 *a, uint32 b)
79 {
80 b ^= *a;
81 *a = do_crc((unsigned char *) &b, sizeof(b));
82 }
83
84 /* check_crc
85 detects if a block is used in a particular pattern
86 */
87
88 static int check_crc(unsigned char *S, unsigned char *buf,
89 uint32 len, unsigned char *IV)
90 {
91 uint32 crc;
92 unsigned char *c;
93
94 crc = 0;
95 if (IV && !CMP(S, IV)) {
96 crc_update(&crc, 1);
97 crc_update(&crc, 0);
98 }
99 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100 if (!CMP(S, c)) {
101 crc_update(&crc, 1);
102 crc_update(&crc, 0);
103 } else {
104 crc_update(&crc, 0);
105 crc_update(&crc, 0);
106 }
107 }
108
109 return crc == 0;
110 }
111
112
113 /*
114 detect_attack
115 Detects a crc32 compensation attack on a packet
116 */
117 static int detect_attack(CRYPTDetectAttack *statics,
118 unsigned char *buf, uint32 len,
119 unsigned char *IV)
120 {
121 uint32 *h = statics->h;
122 uint32 n = statics->n;
123 uint32 i, j;
124 uint32 l;
125 unsigned char *c;
126 unsigned char *d;
127
128 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129 }
130
131 if (h == NULL) {
132 n = l;
133 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 } else {
135 if (l > n) {
136 n = l;
137 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 }
139 }
140
141 statics->h = h;
142 statics->n = n;
143
144 if (len <= HASH_MINBLOCKS) {
145 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146 if (IV && (!CMP(c, IV))) {
147 if ((check_crc(c, buf, len, IV)))
148 return DEATTACK_DETECTED;
149 else
150 break;
151 }
152 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153 if (!CMP(c, d)) {
154 if ((check_crc(c, buf, len, IV)))
155 return DEATTACK_DETECTED;
156 else
157 break;
158 }
159 }
160 }
161 return (DEATTACK_OK);
162 }
163 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164
165 if (IV) {
166 h[HASH(IV) & (n - 1)] = HASH_IV;
167 }
168
169 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171 i = (i + 1) & (n - 1)) {
172 if (h[i] == HASH_IV) {
173 if (!CMP(c, IV)) {
174 if (check_crc(c, buf, len, IV))
175 return DEATTACK_DETECTED;
176 else
177 break;
178 }
179 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180 if (check_crc(c, buf, len, IV))
181 return DEATTACK_DETECTED;
182 else
183 break;
184 }
185 }
186 h[i] = j;
187 }
188
189 return DEATTACK_OK;
190 }
191
192 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 {
194 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 } else {
197 return FALSE;
198 }
199 }
200
201 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202 {
203 unsigned char *newbuf = NULL;
204 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205 unsigned char lastiv[1];
206 char tmp[80];
207 EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_OUT];
208
209 if (bytes == 0)
210 return TRUE;
211
212 if (bytes % block_size) {
213 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
214 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
215 get_cipher_name(pvar->crypt_state.sender_cipher),
216 bytes, block_size);
217 notify_fatal_error(pvar, tmp, TRUE);
218 return FALSE;
219 }
220
221 if ((newbuf = malloc(bytes)) == NULL)
222 goto err;
223
224 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
225 goto err;
226
227 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
228 goto err;
229
230 if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
231 goto err;
232
233 memcpy(data+aadlen, newbuf, bytes);
234
235 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
236 goto err;
237
238 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
239 goto err;
240
241 free(newbuf);
242
243 return TRUE;
244
245 err:
246 free(newbuf);
247
248 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
249 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
250 get_cipher_name(pvar->crypt_state.sender_cipher));
251 notify_fatal_error(pvar, tmp, TRUE);
252 return FALSE;
253 }
254
255 BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
256 {
257 unsigned char *newbuf = NULL;
258 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
259 unsigned char lastiv[1];
260 char tmp[80];
261 EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_IN];
262
263 if (bytes == 0)
264 return TRUE;
265
266 if (bytes % block_size) {
267 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
268 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
269 get_cipher_name(pvar->crypt_state.receiver_cipher),
270 bytes, block_size);
271 notify_fatal_error(pvar, tmp, TRUE);
272 return FALSE;
273 }
274
275 if ((newbuf = malloc(bytes)) == NULL)
276 goto err;
277
278 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
279 goto err;
280
281 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
282 goto err;
283
284 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
285 goto err;
286
287 if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
288 goto err;
289
290 memcpy(data+aadlen, newbuf, bytes);
291 free(newbuf);
292
293 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
294 return FALSE;
295 else
296 return TRUE;
297
298 err:
299 free(newbuf);
300
301 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
302 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
303 get_cipher_name(pvar->crypt_state.receiver_cipher));
304 notify_fatal_error(pvar, tmp, TRUE);
305 return FALSE;
306 }
307
308 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
309 {
310 }
311
312 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
313 {
314 unsigned char *newbuf;
315 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
316 char tmp[80];
317
318 if (bytes == 0)
319 return;
320
321 if (bytes % block_size) {
322 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
323 "%s encrypt error(1): bytes %d (%d)");
324 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
325 get_cipher_name(pvar->crypt_state.sender_cipher),
326 bytes, block_size);
327 notify_fatal_error(pvar, tmp, TRUE);
328 return;
329 }
330
331 if ((newbuf = malloc(bytes)) == NULL)
332 return;
333
334 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
335 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
336 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
337 get_cipher_name(pvar->crypt_state.sender_cipher));
338 notify_fatal_error(pvar, tmp, TRUE);
339 } else {
340 memcpy(buf, newbuf, bytes);
341 }
342
343 free(newbuf);
344 }
345
346 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
347 {
348 unsigned char *newbuf;
349 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
350 char tmp[80];
351
352 if (bytes == 0)
353 return;
354
355 if (bytes % block_size) {
356 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
357 "%s decrypt error(1): bytes %d (%d)");
358 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
359 get_cipher_name(pvar->crypt_state.receiver_cipher),
360 bytes, block_size);
361 notify_fatal_error(pvar, tmp, TRUE);
362 return;
363 }
364
365 if ((newbuf = malloc(bytes)) == NULL)
366 return;
367
368 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
369 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
370 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
371 get_cipher_name(pvar->crypt_state.receiver_cipher));
372 notify_fatal_error(pvar, tmp, TRUE);
373 } else {
374 memcpy(buf, newbuf, bytes);
375 }
376
377 free(newbuf);
378 }
379
380 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
381 {
382 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
383
384 DES_ncbc_encrypt(buf, buf, bytes,
385 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
386 DES_ncbc_encrypt(buf, buf, bytes,
387 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
388 DES_ncbc_encrypt(buf, buf, bytes,
389 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
390 }
391
392 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
393 {
394 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
395
396 DES_ncbc_encrypt(buf, buf, bytes,
397 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
398 DES_ncbc_encrypt(buf, buf, bytes,
399 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
400 DES_ncbc_encrypt(buf, buf, bytes,
401 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
402 }
403
404 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
405 {
406 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
407
408 DES_ncbc_encrypt(buf, buf, bytes,
409 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
410 }
411
412 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
413 {
414 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
415
416 DES_ncbc_encrypt(buf, buf, bytes,
417 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
418 }
419
420 static void flip_endianness(unsigned char *cbuf, int bytes)
421 {
422 uint32 *buf = (uint32 *) cbuf;
423 int count = bytes / 4;
424
425 while (count > 0) {
426 uint32 w = *buf;
427
428 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
429 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
430 count--;
431 buf++;
432 }
433 }
434
435 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
436 {
437 CipherBlowfishState *encryptstate =
438 &pvar->crypt_state.enc.cBlowfish;
439
440 flip_endianness(buf, bytes);
441 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
442 BF_ENCRYPT);
443 flip_endianness(buf, bytes);
444 }
445
446 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
447 {
448 CipherBlowfishState *decryptstate =
449 &pvar->crypt_state.dec.cBlowfish;
450
451 flip_endianness(buf, bytes);
452 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
453 BF_DECRYPT);
454 flip_endianness(buf, bytes);
455 }
456
457 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
458 {
459 RAND_bytes(buf, bytes);
460 }
461
462 void CRYPT_initialize_random_numbers(PTInstVar pvar)
463 {
464 // ����������������������
465 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
466 //RAND_screen();
467 }
468
469 static BIGNUM *get_bignum(unsigned char *bytes)
470 {
471 int bits = get_ushort16_MSBfirst(bytes);
472
473 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
474 }
475
476 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
477 RSA *make_key(PTInstVar pvar,
478 int bits, unsigned char *exp,
479 unsigned char *mod)
480 {
481 RSA *key = RSA_new();
482
483 if (key != NULL) {
484 key->e = get_bignum(exp);
485 key->n = get_bignum(mod);
486 }
487
488 if (key == NULL || key->e == NULL || key->n == NULL) {
489 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
490 "Error setting up RSA keys");
491 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492
493 if (key != NULL) {
494 if (key->e != NULL) {
495 BN_free(key->e);
496 }
497 if (key->n != NULL) {
498 BN_free(key->n);
499 }
500 RSA_free(key);
501 }
502
503 return NULL;
504 } else {
505 return key;
506 }
507 }
508
509 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
510 {
511 if (SSHv1(pvar)) {
512 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
513 } else {
514 memcpy(pvar->crypt_state.server_cookie, cookie,
515 SSH2_COOKIE_LENGTH);
516 }
517 }
518
519 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
520 {
521 if (SSHv2(pvar)) {
522 memcpy(pvar->crypt_state.client_cookie, cookie,
523 SSH2_COOKIE_LENGTH);
524 }
525 }
526
527 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
528 int bits, unsigned char *exp,
529 unsigned char *mod)
530 {
531 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
532
533 return pvar->crypt_state.server_key.RSA_key != NULL;
534 }
535
536 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
537 int bits, unsigned char *exp,
538 unsigned char *mod)
539 {
540 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
541
542 return pvar->crypt_state.host_key.RSA_key != NULL;
543 }
544
545 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
546 int receiver_ciphers)
547 {
548 int cipher_mask;
549
550 if (SSHv1(pvar)) {
551 cipher_mask = (1 << SSH_CIPHER_DES)
552 | (1 << SSH_CIPHER_3DES)
553 | (1 << SSH_CIPHER_BLOWFISH);
554
555 } else { // for SSH2(yutaka)
556 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
557 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
558 | (1 << SSH2_CIPHER_AES128_CBC)
559 | (1 << SSH2_CIPHER_AES192_CBC)
560 | (1 << SSH2_CIPHER_AES256_CBC)
561 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
562 | (1 << SSH2_CIPHER_AES128_CTR)
563 | (1 << SSH2_CIPHER_AES192_CTR)
564 | (1 << SSH2_CIPHER_AES256_CTR)
565 | (1 << SSH2_CIPHER_ARCFOUR)
566 | (1 << SSH2_CIPHER_ARCFOUR128)
567 | (1 << SSH2_CIPHER_ARCFOUR256)
568 | (1 << SSH2_CIPHER_CAST128_CBC)
569 | (1 << SSH2_CIPHER_3DES_CTR)
570 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
571 | (1 << SSH2_CIPHER_CAST128_CTR)
572 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
573 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
574 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
575 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
576 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
577 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
578 | (1 << SSH2_CIPHER_AES128_GCM)
579 | (1 << SSH2_CIPHER_AES256_GCM)
580 );
581 }
582
583 sender_ciphers &= cipher_mask;
584 receiver_ciphers &= cipher_mask;
585 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
586 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
587
588 if (sender_ciphers == 0) {
589 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
590 "The server does not support any of the TTSSH encryption algorithms.\n"
591 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
592 "The connection will be closed.");
593 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
594 return FALSE;
595 } else if (receiver_ciphers == 0) {
596 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
597 "The server does not support any of the TTSSH encryption algorithms.\n"
598 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
599 "The connection will be closed.");
600 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
601 return FALSE;
602 } else {
603 return TRUE;
604 }
605 }
606
607 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
608 {
609 if (SSHv1(pvar)) {
610 return 8;
611 } else {
612 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
613 // cf. 3DES=8, AES128=16
614 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
615 }
616 }
617
618 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
619 {
620 if (SSHv1(pvar)) {
621 return 8;
622 } else {
623 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
624 // cf. 3DES=8, AES128=16
625 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
626 }
627 }
628
629 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
630 {
631 struct Mac *mac;
632
633 if (SSHv1(pvar)) {
634 return 0;
635
636 } else { // for SSH2(yutaka)
637 mac = &pvar->ssh2_keys[MODE_IN].mac;
638 if (mac == NULL || mac->enabled == 0)
639 return 0;
640
641 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
642 }
643
644 }
645
646 // HMAC������
647 // ���{������ SSH2 �������g�p�������B
648 // (2004.12.17 yutaka)
649 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
650 char *data, int len, char *MAC)
651 {
652 HMAC_CTX c;
653 unsigned char m[EVP_MAX_MD_SIZE];
654 unsigned char b[4];
655 struct Mac *mac;
656
657 mac = &pvar->ssh2_keys[MODE_IN].mac;
658
659 // HMAC�������L���������������A����OK�����������B
660 if (mac == NULL || mac->enabled == 0)
661 return TRUE;
662
663 if (mac->key == NULL) {
664 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
665 goto error;
666 }
667
668 if ((u_int)mac->mac_len > sizeof(m)) {
669 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
670 mac->mac_len, sizeof(m), sequence_number, len);
671 goto error;
672 }
673
674 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
675 set_uint32_MSBfirst(b, sequence_number);
676 HMAC_Update(&c, b, sizeof(b));
677 HMAC_Update(&c, data, len);
678 HMAC_Final(&c, m, NULL);
679 HMAC_cleanup(&c);
680
681 if (memcmp(m, MAC, mac->mac_len)) {
682 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
683 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
684 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
685 goto error;
686 }
687
688 return TRUE;
689
690 error:
691 return FALSE;
692 }
693
694 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
695 {
696 struct Mac *mac;
697
698 if (SSHv2(pvar)) { // for SSH2(yutaka)
699 mac = &pvar->ssh2_keys[MODE_OUT].mac;
700 if (mac == NULL || mac->enabled == 0)
701 return 0;
702
703 return (mac->mac_len);
704 }
705
706 return 0;
707 }
708
709 // for SSH2
710 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
711 char *data, int len, char *MAC)
712 {
713 HMAC_CTX c;
714 static u_char m[EVP_MAX_MD_SIZE];
715 u_char b[4];
716 struct Mac *mac;
717
718 if (SSHv2(pvar)) { // for SSH2(yutaka)
719 mac = &pvar->ssh2_keys[MODE_OUT].mac;
720 if (mac == NULL || mac->enabled == 0)
721 return FALSE;
722
723 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
724 set_uint32_MSBfirst(b, sequence_number);
725 HMAC_Update(&c, b, sizeof(b));
726 HMAC_Update(&c, data, len);
727 HMAC_Final(&c, m, NULL);
728 HMAC_cleanup(&c);
729
730 // 20�o�C�g�������R�s�[
731 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
732 // memcpy(MAC, m, sizeof(m));
733
734 return TRUE;
735 }
736
737 return TRUE;
738
739 }
740
741 static int choose_cipher(PTInstVar pvar, int supported)
742 {
743 int i;
744
745 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
746 int cipher = pvar->session_settings.CipherOrder[i] - '0';
747
748 if (cipher == SSH_CIPHER_NONE) {
749 break;
750 } else if ((supported & (1 << cipher)) != 0) {
751 return cipher;
752 }
753 }
754
755 return SSH_CIPHER_NONE;
756 }
757
758 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
759 {
760 if (SSHv1(pvar)) {
761 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
762 pvar->crypt_state.
763 supported_sender_ciphers);
764 pvar->crypt_state.receiver_cipher =
765 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
766
767 } else { // SSH2(yutaka)
768 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
769 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
770
771 }
772
773 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
774 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
775 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
776 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
777 "To communicate with this server, you will have to enable some more ciphers\n"
778 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
779 "This connection will now close.");
780 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
781 return FALSE;
782 } else {
783 return TRUE;
784 }
785 }
786
787 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
788 {
789 int server_key_bits =
790 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
791 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
792 int server_key_bytes = (server_key_bits + 7) / 8;
793 int host_key_bytes = (host_key_bits + 7) / 8;
794
795 if (server_key_bits < host_key_bits) {
796 return host_key_bytes;
797 } else {
798 return server_key_bytes;
799 }
800 }
801
802 int CRYPT_choose_session_key(PTInstVar pvar,
803 unsigned char *encrypted_key_buf)
804 {
805 int server_key_bits =
806 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
807 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
808 int server_key_bytes = (server_key_bits + 7) / 8;
809 int host_key_bytes = (host_key_bits + 7) / 8;
810 int encrypted_key_bytes;
811 int bit_delta;
812
813 if (server_key_bits < host_key_bits) {
814 encrypted_key_bytes = host_key_bytes;
815 bit_delta = host_key_bits - server_key_bits;
816 } else {
817 encrypted_key_bytes = server_key_bytes;
818 bit_delta = server_key_bits - host_key_bits;
819 }
820
821 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
822 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
823 "Server RSA keys are too weak. A secure connection cannot be established.");
824 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
825 return 0;
826 } else {
827 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
828 for the session ID, rather than the one specified in the RFC */
829 int session_buf_len = server_key_bytes + host_key_bytes + 8;
830 char *session_buf = (char *) malloc(session_buf_len);
831 char session_id[16];
832 int i;
833
834 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
835 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
836 session_buf + host_key_bytes);
837 memcpy(session_buf + server_key_bytes + host_key_bytes,
838 pvar->crypt_state.server_cookie, 8);
839 MD5(session_buf, session_buf_len, session_id);
840
841 free(session_buf);
842
843 RAND_bytes(pvar->crypt_state.sender_cipher_key,
844 SSH_SESSION_KEY_LENGTH);
845 memcpy(pvar->crypt_state.receiver_cipher_key,
846 pvar->crypt_state.sender_cipher_key,
847 SSH_SESSION_KEY_LENGTH);
848
849 memcpy(encrypted_key_buf + encrypted_key_bytes -
850 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
851 SSH_SESSION_KEY_LENGTH);
852 for (i = 0; i < sizeof(session_id); i++) {
853 encrypted_key_buf[encrypted_key_bytes -
854 SSH_SESSION_KEY_LENGTH + i]
855 ^= session_id[i];
856 }
857
858 if (host_key_bits > server_key_bits) {
859 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
860 encrypted_key_buf +
861 encrypted_key_bytes -
862 SSH_SESSION_KEY_LENGTH,
863 encrypted_key_buf +
864 encrypted_key_bytes - server_key_bytes,
865 pvar->crypt_state.server_key.RSA_key,
866 RSA_PKCS1_PADDING) < 0)
867 return 0;
868
869 if (RSA_public_encrypt(server_key_bytes,
870 encrypted_key_buf +
871 encrypted_key_bytes - server_key_bytes,
872 encrypted_key_buf,
873 pvar->crypt_state.host_key.RSA_key,
874 RSA_PKCS1_PADDING) < 0)
875 return 0;
876 } else {
877 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
878 encrypted_key_buf +
879 encrypted_key_bytes -
880 SSH_SESSION_KEY_LENGTH,
881 encrypted_key_buf +
882 encrypted_key_bytes - host_key_bytes,
883 pvar->crypt_state.host_key.RSA_key,
884 RSA_PKCS1_PADDING) < 0)
885 return 0;
886
887 if (RSA_public_encrypt(host_key_bytes,
888 encrypted_key_buf +
889 encrypted_key_bytes - host_key_bytes,
890 encrypted_key_buf,
891 pvar->crypt_state.server_key.RSA_key,
892 RSA_PKCS1_PADDING) < 0)
893 return 0;
894 }
895 }
896
897 return 1;
898 }
899
900 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
901 unsigned char *challenge,
902 int challenge_len,
903 unsigned char *response)
904 {
905 int server_key_bits =
906 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
907 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
908 int server_key_bytes = (server_key_bits + 7) / 8;
909 int host_key_bytes = (host_key_bits + 7) / 8;
910 int session_buf_len = server_key_bytes + host_key_bytes + 8;
911 char *session_buf = (char *) malloc(session_buf_len);
912 char decrypted_challenge[48];
913 int decrypted_challenge_len;
914
915 decrypted_challenge_len =
916 RSA_private_decrypt(challenge_len, challenge, challenge,
917 AUTH_get_cur_cred(pvar)->key_pair->rsa,
918 RSA_PKCS1_PADDING);
919 if (decrypted_challenge_len < 0) {
920 free(session_buf);
921 return 0;
922 }
923 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
924 memcpy(decrypted_challenge,
925 challenge + decrypted_challenge_len -
926 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
927 } else {
928 memset(decrypted_challenge, 0,
929 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
930 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
931 decrypted_challenge_len, challenge,
932 decrypted_challenge_len);
933 }
934
935 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
936 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
937 session_buf + host_key_bytes);
938 memcpy(session_buf + server_key_bytes + host_key_bytes,
939 pvar->crypt_state.server_cookie, 8);
940 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
941
942 free(session_buf);
943
944 MD5(decrypted_challenge, 48, response);
945
946 return 1;
947 }
948
949 static void c3DES_init(char *session_key, Cipher3DESState *state)
950 {
951 DES_set_key((const_DES_cblock *) session_key, &state->k1);
952 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
953 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
954 memset(state->ivec1, 0, 8);
955 memset(state->ivec2, 0, 8);
956 memset(state->ivec3, 0, 8);
957 }
958
959 static void cDES_init(char *session_key, CipherDESState *state)
960 {
961 DES_set_key((const_DES_cblock *) session_key, &state->k);
962 memset(state->ivec, 0, 8);
963 }
964
965 static void cBlowfish_init(char *session_key,
966 CipherBlowfishState *state)
967 {
968 BF_set_key(&state->k, 32, session_key);
969 memset(state->ivec, 0, 8);
970 }
971
972
973 //
974 // SSH2�p�A���S���Y����������
975 //
976 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
977 const u_char *key, u_int keylen,
978 const u_char *iv, u_int ivlen,
979 int encrypt,
980 const EVP_CIPHER *type,
981 int discard_len,
982 unsigned int authlen,
983 PTInstVar pvar)
984 {
985 int klen;
986 char tmp[80];
987 unsigned char *junk = NULL, *discard = NULL;
988
989 EVP_CIPHER_CTX_init(evp);
990 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
991 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
992 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
993 notify_fatal_error(pvar, tmp, TRUE);
994 return;
995 }
996
997 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
998 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
999 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1000 notify_fatal_error(pvar, tmp, TRUE);
1001 return;
1002 }
1003 if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1004 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1005 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1006 notify_fatal_error(pvar, tmp, TRUE);
1007 return;
1008 }
1009 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1010 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1011 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1012 notify_fatal_error(pvar, tmp, TRUE);
1013 return;
1014 }
1015
1016 klen = EVP_CIPHER_CTX_key_length(evp);
1017 if (klen > 0 && keylen != klen) {
1018 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1019 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1020 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1021 notify_fatal_error(pvar, tmp, TRUE);
1022 return;
1023 }
1024 }
1025 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1026 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1027 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1028 notify_fatal_error(pvar, tmp, TRUE);
1029 return;
1030 }
1031
1032 if (discard_len > 0) {
1033 junk = malloc(discard_len);
1034 discard = malloc(discard_len);
1035 if (junk == NULL || discard == NULL ||
1036 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1037 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1038 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1039 notify_fatal_error(pvar, tmp, TRUE);
1040 }
1041 else {
1042 SecureZeroMemory(discard, discard_len);
1043 }
1044 free(junk);
1045 free(discard);
1046 }
1047 }
1048
1049 //
1050 // SSH2�p�A���S���Y�����j��
1051 //
1052 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1053 {
1054 EVP_CIPHER_CTX_cleanup(evp);
1055 }
1056
1057
1058 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1059 {
1060 struct Enc *enc;
1061 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1062 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1063 int cipher;
1064 BOOL isOK = TRUE;
1065
1066 if (sender_flag) {
1067 cipher = pvar->crypt_state.sender_cipher;
1068 switch (cipher) {
1069 case SSH_CIPHER_3DES:
1070 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1071 pvar->crypt_state.encrypt = c3DES_encrypt;
1072 break;
1073
1074 case SSH_CIPHER_DES:
1075 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1076 pvar->crypt_state.encrypt = cDES_encrypt;
1077 break;
1078
1079 case SSH_CIPHER_BLOWFISH:
1080 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1081 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1082 break;
1083
1084 case SSH_CIPHER_NONE:
1085 case SSH_CIPHER_IDEA:
1086 case SSH_CIPHER_TSS:
1087 case SSH_CIPHER_RC4:
1088 isOK = FALSE;
1089 break;
1090
1091 default: // SSH2
1092 if (cipher <= SSH_CIPHER_MAX) {
1093 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1094 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1095 enc->key, get_cipher_key_len(cipher),
1096 enc->iv, get_cipher_iv_len(cipher),
1097 CIPHER_ENCRYPT,
1098 get_cipher_EVP_CIPHER(cipher),
1099 get_cipher_discard_len(cipher),
1100 get_cipher_auth_len(cipher),
1101 pvar);
1102
1103 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1104 }
1105 else {
1106 isOK = FALSE;
1107 }
1108 break;
1109 }
1110 }
1111
1112 if (receiver_flag) {
1113 cipher = pvar->crypt_state.receiver_cipher;
1114 switch (cipher) {
1115 case SSH_CIPHER_3DES:
1116 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1117 pvar->crypt_state.decrypt = c3DES_decrypt;
1118 break;
1119
1120 case SSH_CIPHER_DES:
1121 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1122 pvar->crypt_state.decrypt = cDES_decrypt;
1123 break;
1124
1125 case SSH_CIPHER_BLOWFISH:
1126 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1127 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1128 break;
1129
1130 case SSH_CIPHER_NONE:
1131 case SSH_CIPHER_IDEA:
1132 case SSH_CIPHER_TSS:
1133 case SSH_CIPHER_RC4:
1134 isOK = FALSE;
1135 break;
1136
1137 default: // SSH2
1138 if (cipher <= SSH_CIPHER_MAX) {
1139 enc = &pvar->ssh2_keys[MODE_IN].enc;
1140 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1141 enc->key, get_cipher_key_len(cipher),
1142 enc->iv, get_cipher_iv_len(cipher),
1143 CIPHER_DECRYPT,
1144 get_cipher_EVP_CIPHER(cipher),
1145 get_cipher_discard_len(cipher),
1146 get_cipher_auth_len(cipher),
1147 pvar);
1148
1149 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1150 }
1151 else {
1152 isOK = FALSE;
1153 }
1154 break;
1155 }
1156 }
1157
1158 if (!isOK) {
1159 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1160 "No cipher selected!");
1161 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1162 return FALSE;
1163 } else {
1164 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1165 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1166 return TRUE;
1167 }
1168 }
1169
1170 void CRYPT_init(PTInstVar pvar)
1171 {
1172 pvar->crypt_state.encrypt = no_encrypt;
1173 pvar->crypt_state.decrypt = no_encrypt;
1174 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1175 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1176 pvar->crypt_state.server_key.RSA_key = NULL;
1177 pvar->crypt_state.host_key.RSA_key = NULL;
1178
1179 pvar->crypt_state.detect_attack_statics.h = NULL;
1180 pvar->crypt_state.detect_attack_statics.n =
1181 HASH_MINSIZE / HASH_ENTRYSIZE;
1182 }
1183
1184 static char *get_cipher_name(int cipher)
1185 {
1186 switch (cipher) {
1187 case SSH_CIPHER_NONE:
1188 return "None";
1189 case SSH_CIPHER_3DES:
1190 return "3DES (168 key bits)";
1191 case SSH_CIPHER_DES:
1192 return "DES (56 key bits)";
1193 case SSH_CIPHER_BLOWFISH:
1194 return "Blowfish (256 key bits)";
1195
1196 // SSH2
1197 case SSH2_CIPHER_3DES_CBC:
1198 return "3des-cbc";
1199 case SSH2_CIPHER_AES128_CBC:
1200 return "aes128-cbc";
1201 case SSH2_CIPHER_AES192_CBC:
1202 return "aes192-cbc";
1203 case SSH2_CIPHER_AES256_CBC:
1204 return "aes256-cbc";
1205 case SSH2_CIPHER_BLOWFISH_CBC:
1206 return "blowfish-cbc";
1207 case SSH2_CIPHER_AES128_CTR:
1208 return "aes128-ctr";
1209 case SSH2_CIPHER_AES192_CTR:
1210 return "aes192-ctr";
1211 case SSH2_CIPHER_AES256_CTR:
1212 return "aes256-ctr";
1213 case SSH2_CIPHER_ARCFOUR:
1214 return "arcfour";
1215 case SSH2_CIPHER_ARCFOUR128:
1216 return "arcfour128";
1217 case SSH2_CIPHER_ARCFOUR256:
1218 return "arcfour256";
1219 case SSH2_CIPHER_CAST128_CBC:
1220 return "cast-128-cbc";
1221 case SSH2_CIPHER_3DES_CTR:
1222 return "3des-ctr";
1223 case SSH2_CIPHER_BLOWFISH_CTR:
1224 return "blowfish-ctr";
1225 case SSH2_CIPHER_CAST128_CTR:
1226 return "cast-128-ctr";
1227 case SSH2_CIPHER_CAMELLIA128_CBC:
1228 return "camellia128-cbc";
1229 case SSH2_CIPHER_CAMELLIA192_CBC:
1230 return "camellia192-cbc";
1231 case SSH2_CIPHER_CAMELLIA256_CBC:
1232 return "camellia256-cbc";
1233 case SSH2_CIPHER_CAMELLIA128_CTR:
1234 return "camellia128-ctr";
1235 case SSH2_CIPHER_CAMELLIA192_CTR:
1236 return "camellia192-ctr";
1237 case SSH2_CIPHER_CAMELLIA256_CTR:
1238 return "camellia256-ctr";
1239 case SSH2_CIPHER_AES128_GCM:
1240 return "aes128-gcm@openssh.com";
1241 case SSH2_CIPHER_AES256_GCM:
1242 return "aes256-gcm@openssh.com";
1243
1244 default:
1245 return "Unknown";
1246 }
1247 }
1248
1249 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1250 {
1251 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1252 "%s to server, %s from server");
1253 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1254 get_cipher_name(pvar->crypt_state.sender_cipher),
1255 get_cipher_name(pvar->crypt_state.receiver_cipher));
1256 }
1257
1258 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1259 {
1260 if (SSHv1(pvar)) {
1261 if (pvar->crypt_state.server_key.RSA_key == NULL
1262 || pvar->crypt_state.host_key.RSA_key == NULL) {
1263 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1264 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1265 } else {
1266 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1267 "%d-bit server key, %d-bit host key");
1268 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1269 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1270 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1271 }
1272 } else { // SSH2
1273 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1274 "%d-bit client key, %d-bit server key");
1275 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1276 pvar->client_key_bits,
1277 pvar->server_key_bits);
1278 }
1279 }
1280
1281 static void destroy_public_key(CRYPTPublicKey * key)
1282 {
1283 if (key->RSA_key != NULL) {
1284 RSA_free(key->RSA_key);
1285 key->RSA_key = NULL;
1286 }
1287 }
1288
1289 void CRYPT_free_public_key(CRYPTPublicKey * key)
1290 {
1291 destroy_public_key(key);
1292 free(key);
1293 }
1294
1295 void CRYPT_end(PTInstVar pvar)
1296 {
1297 destroy_public_key(&pvar->crypt_state.host_key);
1298 destroy_public_key(&pvar->crypt_state.server_key);
1299
1300 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1301 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1302 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1303 free(pvar->crypt_state.detect_attack_statics.h);
1304 }
1305
1306 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1307 sizeof(pvar->crypt_state.sender_cipher_key));
1308 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1309 sizeof(pvar->crypt_state.receiver_cipher_key));
1310 SecureZeroMemory(pvar->crypt_state.server_cookie,
1311 sizeof(pvar->crypt_state.server_cookie));
1312 SecureZeroMemory(pvar->crypt_state.client_cookie,
1313 sizeof(pvar->crypt_state.client_cookie));
1314 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1315 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1316 }
1317
1318 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1319 char *buf, int bytes)
1320 {
1321 unsigned char passphrase_key[16];
1322
1323 MD5(passphrase, strlen(passphrase), passphrase_key);
1324
1325 switch (cipher) {
1326 case SSH_CIPHER_3DES:{
1327 Cipher3DESState state;
1328
1329 DES_set_key((const_DES_cblock *) passphrase_key,
1330 &state.k1);
1331 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1332 &state.k2);
1333 DES_set_key((const_DES_cblock *) passphrase_key,
1334 &state.k3);
1335 memset(state.ivec1, 0, 8);
1336 memset(state.ivec2, 0, 8);
1337 memset(state.ivec3, 0, 8);
1338 DES_ncbc_encrypt(buf, buf, bytes,
1339 &state.k3, &state.ivec3, DES_DECRYPT);
1340 DES_ncbc_encrypt(buf, buf, bytes,
1341 &state.k2, &state.ivec2, DES_ENCRYPT);
1342 DES_ncbc_encrypt(buf, buf, bytes,
1343 &state.k1, &state.ivec1, DES_DECRYPT);
1344 break;
1345 }
1346
1347 case SSH_CIPHER_DES:{
1348 CipherDESState state;
1349
1350 cDES_init(passphrase_key, &state);
1351 DES_ncbc_encrypt(buf, buf, bytes,
1352 &state.k, &state.ivec, DES_DECRYPT);
1353 break;
1354 }
1355
1356 case SSH_CIPHER_BLOWFISH:{
1357 CipherBlowfishState state;
1358
1359 BF_set_key(&state.k, 16, passphrase_key);
1360 memset(state.ivec, 0, 8);
1361 flip_endianness(buf, bytes);
1362 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1363 BF_DECRYPT);
1364 flip_endianness(buf, bytes);
1365 break;
1366 }
1367
1368 case SSH_CIPHER_NONE:
1369 break;
1370
1371 default:
1372 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1373 return 0;
1374 }
1375
1376 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1377 return 1;
1378 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help