Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 7003 - (show annotations) (download) (as text)
Mon Dec 18 10:41:10 2017 UTC (6 years, 3 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 41957 byte(s) 
memset() -> SecureZeroMemory()

memset() のままでも大丈夫だと思うけれど、念の為。
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004-2017 TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75
76 static char *get_cipher_name(int cipher);
77
78 static void crc_update(uint32 *a, uint32 b)
79 {
80 b ^= *a;
81 *a = do_crc((unsigned char *) &b, sizeof(b));
82 }
83
84 /* check_crc
85 detects if a block is used in a particular pattern
86 */
87
88 static int check_crc(unsigned char *S, unsigned char *buf,
89 uint32 len, unsigned char *IV)
90 {
91 uint32 crc;
92 unsigned char *c;
93
94 crc = 0;
95 if (IV && !CMP(S, IV)) {
96 crc_update(&crc, 1);
97 crc_update(&crc, 0);
98 }
99 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100 if (!CMP(S, c)) {
101 crc_update(&crc, 1);
102 crc_update(&crc, 0);
103 } else {
104 crc_update(&crc, 0);
105 crc_update(&crc, 0);
106 }
107 }
108
109 return crc == 0;
110 }
111
112
113 /*
114 detect_attack
115 Detects a crc32 compensation attack on a packet
116 */
117 static int detect_attack(CRYPTDetectAttack *statics,
118 unsigned char *buf, uint32 len,
119 unsigned char *IV)
120 {
121 uint32 *h = statics->h;
122 uint32 n = statics->n;
123 uint32 i, j;
124 uint32 l;
125 unsigned char *c;
126 unsigned char *d;
127
128 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129 }
130
131 if (h == NULL) {
132 n = l;
133 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 } else {
135 if (l > n) {
136 n = l;
137 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 }
139 }
140
141 statics->h = h;
142 statics->n = n;
143
144 if (len <= HASH_MINBLOCKS) {
145 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146 if (IV && (!CMP(c, IV))) {
147 if ((check_crc(c, buf, len, IV)))
148 return DEATTACK_DETECTED;
149 else
150 break;
151 }
152 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153 if (!CMP(c, d)) {
154 if ((check_crc(c, buf, len, IV)))
155 return DEATTACK_DETECTED;
156 else
157 break;
158 }
159 }
160 }
161 return (DEATTACK_OK);
162 }
163 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164
165 if (IV) {
166 h[HASH(IV) & (n - 1)] = HASH_IV;
167 }
168
169 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171 i = (i + 1) & (n - 1)) {
172 if (h[i] == HASH_IV) {
173 if (!CMP(c, IV)) {
174 if (check_crc(c, buf, len, IV))
175 return DEATTACK_DETECTED;
176 else
177 break;
178 }
179 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180 if (check_crc(c, buf, len, IV))
181 return DEATTACK_DETECTED;
182 else
183 break;
184 }
185 }
186 h[i] = j;
187 }
188
189 return DEATTACK_OK;
190 }
191
192 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 {
194 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 } else {
197 return FALSE;
198 }
199 }
200
201 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202 {
203 unsigned char *newbuf = NULL;
204 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205 unsigned char lastiv[1];
206 char tmp[80];
207 EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_OUT];
208
209 if (bytes == 0)
210 return TRUE;
211
212 if (bytes % block_size) {
213 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
214 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
215 get_cipher_name(pvar->crypt_state.sender_cipher),
216 bytes, block_size);
217 notify_fatal_error(pvar, tmp, TRUE);
218 return FALSE;
219 }
220
221 if ((newbuf = malloc(bytes)) == NULL)
222 goto err;
223
224 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
225 goto err;
226
227 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
228 goto err;
229
230 if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
231 goto err;
232
233 memcpy(data+aadlen, newbuf, bytes);
234
235 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
236 goto err;
237
238 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
239 goto err;
240
241 free(newbuf);
242
243 return TRUE;
244
245 err:
246 free(newbuf);
247
248 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
249 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
250 get_cipher_name(pvar->crypt_state.sender_cipher));
251 notify_fatal_error(pvar, tmp, TRUE);
252 return FALSE;
253 }
254
255 BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
256 {
257 unsigned char *newbuf = NULL;
258 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
259 unsigned char lastiv[1];
260 char tmp[80];
261 EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_IN];
262
263 if (bytes == 0)
264 return TRUE;
265
266 if (bytes % block_size) {
267 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
268 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
269 get_cipher_name(pvar->crypt_state.receiver_cipher),
270 bytes, block_size);
271 notify_fatal_error(pvar, tmp, TRUE);
272 return FALSE;
273 }
274
275 if ((newbuf = malloc(bytes)) == NULL)
276 goto err;
277
278 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
279 goto err;
280
281 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
282 goto err;
283
284 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
285 goto err;
286
287 if (EVP_Cipher(evp, newbuf, data+aadlen, bytes) < 0)
288 goto err;
289
290 memcpy(data+aadlen, newbuf, bytes);
291 free(newbuf);
292
293 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
294 return FALSE;
295 else
296 return TRUE;
297
298 err:
299 free(newbuf);
300
301 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
302 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
303 get_cipher_name(pvar->crypt_state.receiver_cipher));
304 notify_fatal_error(pvar, tmp, TRUE);
305 return FALSE;
306 }
307
308 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
309 {
310 }
311
312 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
313 {
314 unsigned char *newbuf;
315 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
316 char tmp[80];
317
318 if (bytes == 0)
319 return;
320
321 if (bytes % block_size) {
322 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
323 "%s encrypt error(1): bytes %d (%d)");
324 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
325 get_cipher_name(pvar->crypt_state.sender_cipher),
326 bytes, block_size);
327 notify_fatal_error(pvar, tmp, TRUE);
328 return;
329 }
330
331 if ((newbuf = malloc(bytes)) == NULL)
332 return;
333
334 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
335 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
336 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
337 get_cipher_name(pvar->crypt_state.sender_cipher));
338 notify_fatal_error(pvar, tmp, TRUE);
339 } else {
340 memcpy(buf, newbuf, bytes);
341 }
342
343 free(newbuf);
344 }
345
346 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
347 {
348 unsigned char *newbuf;
349 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
350 char tmp[80];
351
352 if (bytes == 0)
353 return;
354
355 if (bytes % block_size) {
356 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
357 "%s decrypt error(1): bytes %d (%d)");
358 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
359 get_cipher_name(pvar->crypt_state.receiver_cipher),
360 bytes, block_size);
361 notify_fatal_error(pvar, tmp, TRUE);
362 return;
363 }
364
365 if ((newbuf = malloc(bytes)) == NULL)
366 return;
367
368 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
369 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
370 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
371 get_cipher_name(pvar->crypt_state.receiver_cipher));
372 notify_fatal_error(pvar, tmp, TRUE);
373 } else {
374 memcpy(buf, newbuf, bytes);
375 }
376
377 free(newbuf);
378 }
379
380 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
381 {
382 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
383
384 DES_ncbc_encrypt(buf, buf, bytes,
385 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
386 DES_ncbc_encrypt(buf, buf, bytes,
387 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
388 DES_ncbc_encrypt(buf, buf, bytes,
389 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
390 }
391
392 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
393 {
394 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
395
396 DES_ncbc_encrypt(buf, buf, bytes,
397 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
398 DES_ncbc_encrypt(buf, buf, bytes,
399 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
400 DES_ncbc_encrypt(buf, buf, bytes,
401 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
402 }
403
404 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
405 {
406 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
407
408 DES_ncbc_encrypt(buf, buf, bytes,
409 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
410 }
411
412 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
413 {
414 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
415
416 DES_ncbc_encrypt(buf, buf, bytes,
417 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
418 }
419
420 static void flip_endianness(unsigned char *cbuf, int bytes)
421 {
422 uint32 *buf = (uint32 *) cbuf;
423 int count = bytes / 4;
424
425 while (count > 0) {
426 uint32 w = *buf;
427
428 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
429 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
430 count--;
431 buf++;
432 }
433 }
434
435 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
436 {
437 CipherBlowfishState *encryptstate =
438 &pvar->crypt_state.enc.cBlowfish;
439
440 flip_endianness(buf, bytes);
441 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
442 BF_ENCRYPT);
443 flip_endianness(buf, bytes);
444 }
445
446 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
447 {
448 CipherBlowfishState *decryptstate =
449 &pvar->crypt_state.dec.cBlowfish;
450
451 flip_endianness(buf, bytes);
452 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
453 BF_DECRYPT);
454 flip_endianness(buf, bytes);
455 }
456
457 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
458 {
459 RAND_bytes(buf, bytes);
460 }
461
462 void CRYPT_initialize_random_numbers(PTInstVar pvar)
463 {
464 // ����������������������
465 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
466 //RAND_screen();
467 }
468
469 static BIGNUM *get_bignum(unsigned char *bytes)
470 {
471 int bits = get_ushort16_MSBfirst(bytes);
472
473 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
474 }
475
476 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
477 RSA *make_key(PTInstVar pvar,
478 int bits, unsigned char *exp,
479 unsigned char *mod)
480 {
481 RSA *key = RSA_new();
482
483 if (key != NULL) {
484 key->e = get_bignum(exp);
485 key->n = get_bignum(mod);
486 }
487
488 if (key == NULL || key->e == NULL || key->n == NULL) {
489 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
490 "Error setting up RSA keys");
491 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
492
493 if (key != NULL) {
494 if (key->e != NULL) {
495 BN_free(key->e);
496 }
497 if (key->n != NULL) {
498 BN_free(key->n);
499 }
500 RSA_free(key);
501 }
502
503 return NULL;
504 } else {
505 return key;
506 }
507 }
508
509 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
510 {
511 if (SSHv1(pvar)) {
512 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
513 } else {
514 memcpy(pvar->crypt_state.server_cookie, cookie,
515 SSH2_COOKIE_LENGTH);
516 }
517 }
518
519 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
520 {
521 if (SSHv2(pvar)) {
522 memcpy(pvar->crypt_state.client_cookie, cookie,
523 SSH2_COOKIE_LENGTH);
524 }
525 }
526
527 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
528 int bits, unsigned char *exp,
529 unsigned char *mod)
530 {
531 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
532
533 return pvar->crypt_state.server_key.RSA_key != NULL;
534 }
535
536 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
537 int bits, unsigned char *exp,
538 unsigned char *mod)
539 {
540 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
541
542 return pvar->crypt_state.host_key.RSA_key != NULL;
543 }
544
545 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
546 int receiver_ciphers)
547 {
548 int cipher_mask;
549
550 if (SSHv1(pvar)) {
551 cipher_mask = (1 << SSH_CIPHER_DES)
552 | (1 << SSH_CIPHER_3DES)
553 | (1 << SSH_CIPHER_BLOWFISH);
554
555 } else { // for SSH2(yutaka)
556 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
557 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
558 | (1 << SSH2_CIPHER_AES128_CBC)
559 | (1 << SSH2_CIPHER_AES192_CBC)
560 | (1 << SSH2_CIPHER_AES256_CBC)
561 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
562 | (1 << SSH2_CIPHER_AES128_CTR)
563 | (1 << SSH2_CIPHER_AES192_CTR)
564 | (1 << SSH2_CIPHER_AES256_CTR)
565 | (1 << SSH2_CIPHER_ARCFOUR)
566 | (1 << SSH2_CIPHER_ARCFOUR128)
567 | (1 << SSH2_CIPHER_ARCFOUR256)
568 | (1 << SSH2_CIPHER_CAST128_CBC)
569 | (1 << SSH2_CIPHER_3DES_CTR)
570 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
571 | (1 << SSH2_CIPHER_CAST128_CTR)
572 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
573 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
574 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
575 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
576 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
577 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
578 | (1 << SSH2_CIPHER_AES128_GCM)
579 | (1 << SSH2_CIPHER_AES256_GCM)
580 );
581 }
582
583 sender_ciphers &= cipher_mask;
584 receiver_ciphers &= cipher_mask;
585 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
586 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
587
588 if (sender_ciphers == 0) {
589 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
590 "The server does not support any of the TTSSH encryption algorithms.\n"
591 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
592 "The connection will be closed.");
593 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
594 return FALSE;
595 } else if (receiver_ciphers == 0) {
596 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
597 "The server does not support any of the TTSSH encryption algorithms.\n"
598 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
599 "The connection will be closed.");
600 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
601 return FALSE;
602 } else {
603 return TRUE;
604 }
605 }
606
607 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
608 {
609 if (SSHv1(pvar)) {
610 return 8;
611 } else {
612 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
613 // cf. 3DES=8, AES128=16
614 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
615 }
616 }
617
618 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
619 {
620 if (SSHv1(pvar)) {
621 return 8;
622 } else {
623 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
624 // cf. 3DES=8, AES128=16
625 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
626 }
627 }
628
629 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
630 {
631 struct Mac *mac;
632
633 if (SSHv1(pvar)) {
634 return 0;
635
636 } else { // for SSH2(yutaka)
637 mac = &pvar->ssh2_keys[MODE_IN].mac;
638 if (mac == NULL || mac->enabled == 0)
639 return 0;
640
641 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
642 }
643
644 }
645
646 // HMAC������
647 // ���{������ SSH2 �������g�p�������B
648 // (2004.12.17 yutaka)
649 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
650 char *data, int len, char *MAC)
651 {
652 HMAC_CTX c;
653 unsigned char m[EVP_MAX_MD_SIZE];
654 unsigned char b[4];
655 struct Mac *mac;
656
657 mac = &pvar->ssh2_keys[MODE_IN].mac;
658
659 // HMAC�������L���������������A����OK�����������B
660 if (mac == NULL || mac->enabled == 0)
661 return TRUE;
662
663 if (mac->key == NULL) {
664 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
665 goto error;
666 }
667
668 if ((u_int)mac->mac_len > sizeof(m)) {
669 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
670 mac->mac_len, sizeof(m), sequence_number, len);
671 goto error;
672 }
673
674 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
675 set_uint32_MSBfirst(b, sequence_number);
676 HMAC_Update(&c, b, sizeof(b));
677 HMAC_Update(&c, data, len);
678 HMAC_Final(&c, m, NULL);
679 HMAC_cleanup(&c);
680
681 if (memcmp(m, MAC, mac->mac_len)) {
682 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
683 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
684 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
685 goto error;
686 }
687
688 return TRUE;
689
690 error:
691 return FALSE;
692 }
693
694 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
695 {
696 struct Mac *mac;
697
698 if (SSHv2(pvar)) { // for SSH2(yutaka)
699 mac = &pvar->ssh2_keys[MODE_OUT].mac;
700 if (mac == NULL || mac->enabled == 0)
701 return 0;
702
703 return (mac->mac_len);
704 }
705
706 return 0;
707 }
708
709 // for SSH2
710 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
711 char *data, int len, char *MAC)
712 {
713 HMAC_CTX c;
714 static u_char m[EVP_MAX_MD_SIZE];
715 u_char b[4];
716 struct Mac *mac;
717
718 if (SSHv2(pvar)) { // for SSH2(yutaka)
719 mac = &pvar->ssh2_keys[MODE_OUT].mac;
720 if (mac == NULL || mac->enabled == 0)
721 return FALSE;
722
723 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
724 set_uint32_MSBfirst(b, sequence_number);
725 HMAC_Update(&c, b, sizeof(b));
726 HMAC_Update(&c, data, len);
727 HMAC_Final(&c, m, NULL);
728 HMAC_cleanup(&c);
729
730 // 20�o�C�g�������R�s�[
731 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
732 // memcpy(MAC, m, sizeof(m));
733
734 return TRUE;
735 }
736
737 return TRUE;
738
739 }
740
741 static int choose_cipher(PTInstVar pvar, int supported)
742 {
743 int i;
744
745 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
746 int cipher = pvar->session_settings.CipherOrder[i] - '0';
747
748 if (cipher == SSH_CIPHER_NONE) {
749 break;
750 } else if ((supported & (1 << cipher)) != 0) {
751 return cipher;
752 }
753 }
754
755 return SSH_CIPHER_NONE;
756 }
757
758 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
759 {
760 if (SSHv1(pvar)) {
761 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
762 pvar->crypt_state.
763 supported_sender_ciphers);
764 pvar->crypt_state.receiver_cipher =
765 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
766
767 } else { // SSH2(yutaka)
768 if (pvar->ciphers[MODE_OUT] == NULL) {
769 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
770 }
771 else {
772 pvar->crypt_state.sender_cipher = pvar->ciphers[MODE_OUT]->id;
773 }
774 if (pvar->ciphers[MODE_IN] == NULL) {
775 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
776 }
777 else {
778 pvar->crypt_state.receiver_cipher = pvar->ciphers[MODE_IN]->id;
779 }
780 }
781
782 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
783 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
784 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
785 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
786 "To communicate with this server, you will have to enable some more ciphers\n"
787 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
788 "This connection will now close.");
789 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
790 return FALSE;
791 } else {
792 return TRUE;
793 }
794 }
795
796 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
797 {
798 int server_key_bits =
799 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
800 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
801 int server_key_bytes = (server_key_bits + 7) / 8;
802 int host_key_bytes = (host_key_bits + 7) / 8;
803
804 if (server_key_bits < host_key_bits) {
805 return host_key_bytes;
806 } else {
807 return server_key_bytes;
808 }
809 }
810
811 int CRYPT_choose_session_key(PTInstVar pvar,
812 unsigned char *encrypted_key_buf)
813 {
814 int server_key_bits =
815 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
816 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
817 int server_key_bytes = (server_key_bits + 7) / 8;
818 int host_key_bytes = (host_key_bits + 7) / 8;
819 int encrypted_key_bytes;
820 int bit_delta;
821
822 if (server_key_bits < host_key_bits) {
823 encrypted_key_bytes = host_key_bytes;
824 bit_delta = host_key_bits - server_key_bits;
825 } else {
826 encrypted_key_bytes = server_key_bytes;
827 bit_delta = server_key_bits - host_key_bits;
828 }
829
830 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
831 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
832 "Server RSA keys are too weak. A secure connection cannot be established.");
833 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
834 return 0;
835 } else {
836 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
837 for the session ID, rather than the one specified in the RFC */
838 int session_buf_len = server_key_bytes + host_key_bytes + 8;
839 char *session_buf = (char *) malloc(session_buf_len);
840 char session_id[16];
841 int i;
842
843 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
844 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
845 session_buf + host_key_bytes);
846 memcpy(session_buf + server_key_bytes + host_key_bytes,
847 pvar->crypt_state.server_cookie, 8);
848 MD5(session_buf, session_buf_len, session_id);
849
850 free(session_buf);
851
852 RAND_bytes(pvar->crypt_state.sender_cipher_key,
853 SSH_SESSION_KEY_LENGTH);
854 memcpy(pvar->crypt_state.receiver_cipher_key,
855 pvar->crypt_state.sender_cipher_key,
856 SSH_SESSION_KEY_LENGTH);
857
858 memcpy(encrypted_key_buf + encrypted_key_bytes -
859 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
860 SSH_SESSION_KEY_LENGTH);
861 for (i = 0; i < sizeof(session_id); i++) {
862 encrypted_key_buf[encrypted_key_bytes -
863 SSH_SESSION_KEY_LENGTH + i]
864 ^= session_id[i];
865 }
866
867 if (host_key_bits > server_key_bits) {
868 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
869 encrypted_key_buf +
870 encrypted_key_bytes -
871 SSH_SESSION_KEY_LENGTH,
872 encrypted_key_buf +
873 encrypted_key_bytes - server_key_bytes,
874 pvar->crypt_state.server_key.RSA_key,
875 RSA_PKCS1_PADDING) < 0)
876 return 0;
877
878 if (RSA_public_encrypt(server_key_bytes,
879 encrypted_key_buf +
880 encrypted_key_bytes - server_key_bytes,
881 encrypted_key_buf,
882 pvar->crypt_state.host_key.RSA_key,
883 RSA_PKCS1_PADDING) < 0)
884 return 0;
885 } else {
886 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
887 encrypted_key_buf +
888 encrypted_key_bytes -
889 SSH_SESSION_KEY_LENGTH,
890 encrypted_key_buf +
891 encrypted_key_bytes - host_key_bytes,
892 pvar->crypt_state.host_key.RSA_key,
893 RSA_PKCS1_PADDING) < 0)
894 return 0;
895
896 if (RSA_public_encrypt(host_key_bytes,
897 encrypted_key_buf +
898 encrypted_key_bytes - host_key_bytes,
899 encrypted_key_buf,
900 pvar->crypt_state.server_key.RSA_key,
901 RSA_PKCS1_PADDING) < 0)
902 return 0;
903 }
904 }
905
906 return 1;
907 }
908
909 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
910 unsigned char *challenge,
911 int challenge_len,
912 unsigned char *response)
913 {
914 int server_key_bits =
915 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
916 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
917 int server_key_bytes = (server_key_bits + 7) / 8;
918 int host_key_bytes = (host_key_bits + 7) / 8;
919 int session_buf_len = server_key_bytes + host_key_bytes + 8;
920 char *session_buf = (char *) malloc(session_buf_len);
921 char decrypted_challenge[48];
922 int decrypted_challenge_len;
923
924 decrypted_challenge_len =
925 RSA_private_decrypt(challenge_len, challenge, challenge,
926 AUTH_get_cur_cred(pvar)->key_pair->rsa,
927 RSA_PKCS1_PADDING);
928 if (decrypted_challenge_len < 0) {
929 free(session_buf);
930 return 0;
931 }
932 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
933 memcpy(decrypted_challenge,
934 challenge + decrypted_challenge_len -
935 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
936 } else {
937 SecureZeroMemory(decrypted_challenge,
938 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
939 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
940 decrypted_challenge_len, challenge,
941 decrypted_challenge_len);
942 }
943
944 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
945 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
946 session_buf + host_key_bytes);
947 memcpy(session_buf + server_key_bytes + host_key_bytes,
948 pvar->crypt_state.server_cookie, 8);
949 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
950
951 free(session_buf);
952
953 MD5(decrypted_challenge, 48, response);
954
955 return 1;
956 }
957
958 static void c3DES_init(char *session_key, Cipher3DESState *state)
959 {
960 DES_set_key((const_DES_cblock *) session_key, &state->k1);
961 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
962 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
963 SecureZeroMemory(state->ivec1, 8);
964 SecureZeroMemory(state->ivec2, 8);
965 SecureZeroMemory(state->ivec3, 8);
966 }
967
968 static void cDES_init(char *session_key, CipherDESState *state)
969 {
970 DES_set_key((const_DES_cblock *) session_key, &state->k);
971 SecureZeroMemory(state->ivec, 8);
972 }
973
974 static void cBlowfish_init(char *session_key,
975 CipherBlowfishState *state)
976 {
977 BF_set_key(&state->k, 32, session_key);
978 SecureZeroMemory(state->ivec, 8);
979 }
980
981
982 //
983 // SSH2�p�A���S���Y����������
984 //
985 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
986 const u_char *key, u_int keylen,
987 const u_char *iv, u_int ivlen,
988 int encrypt,
989 const EVP_CIPHER *type,
990 int discard_len,
991 unsigned int authlen,
992 PTInstVar pvar)
993 {
994 int klen;
995 char tmp[80];
996 unsigned char *junk = NULL, *discard = NULL;
997
998 EVP_CIPHER_CTX_init(evp);
999 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
1000 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1001 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1002 notify_fatal_error(pvar, tmp, TRUE);
1003 return;
1004 }
1005
1006 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
1007 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1008 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1009 notify_fatal_error(pvar, tmp, TRUE);
1010 return;
1011 }
1012 if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1013 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1014 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1015 notify_fatal_error(pvar, tmp, TRUE);
1016 return;
1017 }
1018 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1019 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1020 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1021 notify_fatal_error(pvar, tmp, TRUE);
1022 return;
1023 }
1024
1025 klen = EVP_CIPHER_CTX_key_length(evp);
1026 if (klen > 0 && keylen != klen) {
1027 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1028 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1029 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1030 notify_fatal_error(pvar, tmp, TRUE);
1031 return;
1032 }
1033 }
1034 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1035 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1036 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1037 notify_fatal_error(pvar, tmp, TRUE);
1038 return;
1039 }
1040
1041 if (discard_len > 0) {
1042 junk = malloc(discard_len);
1043 discard = malloc(discard_len);
1044 if (junk == NULL || discard == NULL ||
1045 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1046 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1047 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1048 notify_fatal_error(pvar, tmp, TRUE);
1049 }
1050 else {
1051 SecureZeroMemory(discard, discard_len);
1052 }
1053 free(junk);
1054 free(discard);
1055 }
1056 }
1057
1058 //
1059 // SSH2�p�A���S���Y�����j��
1060 //
1061 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1062 {
1063 EVP_CIPHER_CTX_cleanup(evp);
1064 }
1065
1066
1067 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1068 {
1069 struct Enc *enc;
1070 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1071 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1072 ssh2_cipher_t *cipher;
1073 BOOL isOK = TRUE;
1074
1075 if (sender_flag) {
1076 if (SSHv1(pvar)) {
1077 switch (pvar->crypt_state.sender_cipher) {
1078 case SSH_CIPHER_3DES:
1079 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1080 pvar->crypt_state.encrypt = c3DES_encrypt;
1081 break;
1082
1083 case SSH_CIPHER_DES:
1084 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1085 pvar->crypt_state.encrypt = cDES_encrypt;
1086 break;
1087
1088 case SSH_CIPHER_BLOWFISH:
1089 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1090 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1091 break;
1092
1093 case SSH_CIPHER_NONE:
1094 case SSH_CIPHER_IDEA:
1095 case SSH_CIPHER_TSS:
1096 case SSH_CIPHER_RC4:
1097 isOK = FALSE;
1098 break;
1099 }
1100 }
1101 else {
1102 // SSH2
1103 cipher = pvar->ciphers[MODE_OUT];
1104 if (cipher) {
1105 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1106 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1107 enc->key, get_cipher_key_len(cipher),
1108 enc->iv, get_cipher_iv_len(cipher),
1109 CIPHER_ENCRYPT,
1110 get_cipher_EVP_CIPHER(cipher),
1111 get_cipher_discard_len(cipher),
1112 get_cipher_auth_len(cipher),
1113 pvar);
1114
1115 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1116 }
1117 else {
1118 isOK = FALSE;
1119 }
1120 }
1121 }
1122
1123 if (receiver_flag) {
1124 if (SSHv1(pvar)) {
1125 switch (pvar->crypt_state.receiver_cipher) {
1126 case SSH_CIPHER_3DES:
1127 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1128 pvar->crypt_state.decrypt = c3DES_decrypt;
1129 break;
1130
1131 case SSH_CIPHER_DES:
1132 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1133 pvar->crypt_state.decrypt = cDES_decrypt;
1134 break;
1135
1136 case SSH_CIPHER_BLOWFISH:
1137 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1138 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1139 break;
1140
1141 case SSH_CIPHER_NONE:
1142 case SSH_CIPHER_IDEA:
1143 case SSH_CIPHER_TSS:
1144 case SSH_CIPHER_RC4:
1145 isOK = FALSE;
1146 break;
1147 }
1148 }
1149 else {
1150 // SSH2
1151 cipher = pvar->ciphers[MODE_IN];
1152 if (cipher) {
1153 enc = &pvar->ssh2_keys[MODE_IN].enc;
1154 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1155 enc->key, get_cipher_key_len(cipher),
1156 enc->iv, get_cipher_iv_len(cipher),
1157 CIPHER_DECRYPT,
1158 get_cipher_EVP_CIPHER(cipher),
1159 get_cipher_discard_len(cipher),
1160 get_cipher_auth_len(cipher),
1161 pvar);
1162
1163 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1164 }
1165 else {
1166 isOK = FALSE;
1167 }
1168 }
1169 }
1170
1171 if (!isOK) {
1172 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1173 "No cipher selected!");
1174 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1175 return FALSE;
1176 } else {
1177 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1178 SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1179 return TRUE;
1180 }
1181 }
1182
1183 void CRYPT_init(PTInstVar pvar)
1184 {
1185 pvar->crypt_state.encrypt = no_encrypt;
1186 pvar->crypt_state.decrypt = no_encrypt;
1187 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1188 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1189 pvar->crypt_state.server_key.RSA_key = NULL;
1190 pvar->crypt_state.host_key.RSA_key = NULL;
1191
1192 pvar->crypt_state.detect_attack_statics.h = NULL;
1193 pvar->crypt_state.detect_attack_statics.n =
1194 HASH_MINSIZE / HASH_ENTRYSIZE;
1195 }
1196
1197 static char *get_cipher_name(int cipher)
1198 {
1199 switch (cipher) {
1200 case SSH_CIPHER_NONE:
1201 return "None";
1202 case SSH_CIPHER_3DES:
1203 return "3DES (168 key bits)";
1204 case SSH_CIPHER_DES:
1205 return "DES (56 key bits)";
1206 case SSH_CIPHER_BLOWFISH:
1207 return "Blowfish (256 key bits)";
1208
1209 // SSH2
1210 case SSH2_CIPHER_3DES_CBC:
1211 return "3des-cbc";
1212 case SSH2_CIPHER_AES128_CBC:
1213 return "aes128-cbc";
1214 case SSH2_CIPHER_AES192_CBC:
1215 return "aes192-cbc";
1216 case SSH2_CIPHER_AES256_CBC:
1217 return "aes256-cbc";
1218 case SSH2_CIPHER_BLOWFISH_CBC:
1219 return "blowfish-cbc";
1220 case SSH2_CIPHER_AES128_CTR:
1221 return "aes128-ctr";
1222 case SSH2_CIPHER_AES192_CTR:
1223 return "aes192-ctr";
1224 case SSH2_CIPHER_AES256_CTR:
1225 return "aes256-ctr";
1226 case SSH2_CIPHER_ARCFOUR:
1227 return "arcfour";
1228 case SSH2_CIPHER_ARCFOUR128:
1229 return "arcfour128";
1230 case SSH2_CIPHER_ARCFOUR256:
1231 return "arcfour256";
1232 case SSH2_CIPHER_CAST128_CBC:
1233 return "cast-128-cbc";
1234 case SSH2_CIPHER_3DES_CTR:
1235 return "3des-ctr";
1236 case SSH2_CIPHER_BLOWFISH_CTR:
1237 return "blowfish-ctr";
1238 case SSH2_CIPHER_CAST128_CTR:
1239 return "cast-128-ctr";
1240 case SSH2_CIPHER_CAMELLIA128_CBC:
1241 return "camellia128-cbc";
1242 case SSH2_CIPHER_CAMELLIA192_CBC:
1243 return "camellia192-cbc";
1244 case SSH2_CIPHER_CAMELLIA256_CBC:
1245 return "camellia256-cbc";
1246 case SSH2_CIPHER_CAMELLIA128_CTR:
1247 return "camellia128-ctr";
1248 case SSH2_CIPHER_CAMELLIA192_CTR:
1249 return "camellia192-ctr";
1250 case SSH2_CIPHER_CAMELLIA256_CTR:
1251 return "camellia256-ctr";
1252 case SSH2_CIPHER_AES128_GCM:
1253 return "aes128-gcm@openssh.com";
1254 case SSH2_CIPHER_AES256_GCM:
1255 return "aes256-gcm@openssh.com";
1256
1257 default:
1258 return "Unknown";
1259 }
1260 }
1261
1262 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1263 {
1264 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1265 "%s to server, %s from server");
1266 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1267 get_cipher_name(pvar->crypt_state.sender_cipher),
1268 get_cipher_name(pvar->crypt_state.receiver_cipher));
1269 }
1270
1271 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1272 {
1273 if (SSHv1(pvar)) {
1274 if (pvar->crypt_state.server_key.RSA_key == NULL
1275 || pvar->crypt_state.host_key.RSA_key == NULL) {
1276 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1277 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1278 } else {
1279 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1280 "%d-bit server key, %d-bit host key");
1281 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1282 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1283 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1284 }
1285 } else { // SSH2
1286 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1287 "%d-bit client key, %d-bit server key");
1288 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1289 pvar->client_key_bits,
1290 pvar->server_key_bits);
1291 }
1292 }
1293
1294 static void destroy_public_key(CRYPTPublicKey * key)
1295 {
1296 if (key->RSA_key != NULL) {
1297 RSA_free(key->RSA_key);
1298 key->RSA_key = NULL;
1299 }
1300 }
1301
1302 void CRYPT_free_public_key(CRYPTPublicKey * key)
1303 {
1304 destroy_public_key(key);
1305 free(key);
1306 }
1307
1308 void CRYPT_end(PTInstVar pvar)
1309 {
1310 destroy_public_key(&pvar->crypt_state.host_key);
1311 destroy_public_key(&pvar->crypt_state.server_key);
1312
1313 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1314 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1315 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1316 free(pvar->crypt_state.detect_attack_statics.h);
1317 }
1318
1319 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1320 sizeof(pvar->crypt_state.sender_cipher_key));
1321 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1322 sizeof(pvar->crypt_state.receiver_cipher_key));
1323 SecureZeroMemory(pvar->crypt_state.server_cookie,
1324 sizeof(pvar->crypt_state.server_cookie));
1325 SecureZeroMemory(pvar->crypt_state.client_cookie,
1326 sizeof(pvar->crypt_state.client_cookie));
1327 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1328 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1329 }
1330
1331 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1332 char *buf, int bytes)
1333 {
1334 unsigned char passphrase_key[16];
1335
1336 MD5(passphrase, strlen(passphrase), passphrase_key);
1337
1338 switch (cipher) {
1339 case SSH_CIPHER_3DES:{
1340 Cipher3DESState state;
1341
1342 DES_set_key((const_DES_cblock *) passphrase_key,
1343 &state.k1);
1344 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1345 &state.k2);
1346 DES_set_key((const_DES_cblock *) passphrase_key,
1347 &state.k3);
1348 SecureZeroMemory(state.ivec1, 8);
1349 SecureZeroMemory(state.ivec2, 8);
1350 SecureZeroMemory(state.ivec3, 8);
1351 DES_ncbc_encrypt(buf, buf, bytes,
1352 &state.k3, &state.ivec3, DES_DECRYPT);
1353 DES_ncbc_encrypt(buf, buf, bytes,
1354 &state.k2, &state.ivec2, DES_ENCRYPT);
1355 DES_ncbc_encrypt(buf, buf, bytes,
1356 &state.k1, &state.ivec1, DES_DECRYPT);
1357 break;
1358 }
1359
1360 case SSH_CIPHER_DES:{
1361 CipherDESState state;
1362
1363 cDES_init(passphrase_key, &state);
1364 DES_ncbc_encrypt(buf, buf, bytes,
1365 &state.k, &state.ivec, DES_DECRYPT);
1366 break;
1367 }
1368
1369 case SSH_CIPHER_BLOWFISH:{
1370 CipherBlowfishState state;
1371
1372 BF_set_key(&state.k, 16, passphrase_key);
1373 SecureZeroMemory(state.ivec, 8);
1374 flip_endianness(buf, bytes);
1375 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1376 BF_DECRYPT);
1377 flip_endianness(buf, bytes);
1378 break;
1379 }
1380
1381 case SSH_CIPHER_NONE:
1382 break;
1383
1384 default:
1385 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1386 return 0;
1387 }
1388
1389 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1390 return 1;
1391 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help