Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 7133 - (show annotations) (download) (as text)
Thu Jun 14 10:57:13 2018 UTC (5 years, 9 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 42341 byte(s) 
encrypt/decrypt 用のバッファを毎回 malloc/free するのではなく使いまわすようにした。

多少は軽く(高速に)なるのを期待したが、あまり(ほとんど)効果は出なかった。
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004-2017 TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75 static unsigned char *encbuff = NULL;
76 static unsigned int encbufflen = 0;
77
78 static char *get_cipher_name(int cipher);
79
80 static void crc_update(uint32 *a, uint32 b)
81 {
82 b ^= *a;
83 *a = do_crc((unsigned char *) &b, sizeof(b));
84 }
85
86 /* check_crc
87 detects if a block is used in a particular pattern
88 */
89
90 static int check_crc(unsigned char *S, unsigned char *buf,
91 uint32 len, unsigned char *IV)
92 {
93 uint32 crc;
94 unsigned char *c;
95
96 crc = 0;
97 if (IV && !CMP(S, IV)) {
98 crc_update(&crc, 1);
99 crc_update(&crc, 0);
100 }
101 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
102 if (!CMP(S, c)) {
103 crc_update(&crc, 1);
104 crc_update(&crc, 0);
105 } else {
106 crc_update(&crc, 0);
107 crc_update(&crc, 0);
108 }
109 }
110
111 return crc == 0;
112 }
113
114
115 /*
116 detect_attack
117 Detects a crc32 compensation attack on a packet
118 */
119 static int detect_attack(CRYPTDetectAttack *statics,
120 unsigned char *buf, uint32 len,
121 unsigned char *IV)
122 {
123 uint32 *h = statics->h;
124 uint32 n = statics->n;
125 uint32 i, j;
126 uint32 l;
127 unsigned char *c;
128 unsigned char *d;
129
130 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
131 }
132
133 if (h == NULL) {
134 n = l;
135 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
136 } else {
137 if (l > n) {
138 n = l;
139 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
140 }
141 }
142
143 statics->h = h;
144 statics->n = n;
145
146 if (len <= HASH_MINBLOCKS) {
147 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
148 if (IV && (!CMP(c, IV))) {
149 if ((check_crc(c, buf, len, IV)))
150 return DEATTACK_DETECTED;
151 else
152 break;
153 }
154 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
155 if (!CMP(c, d)) {
156 if ((check_crc(c, buf, len, IV)))
157 return DEATTACK_DETECTED;
158 else
159 break;
160 }
161 }
162 }
163 return (DEATTACK_OK);
164 }
165 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
166
167 if (IV) {
168 h[HASH(IV) & (n - 1)] = HASH_IV;
169 }
170
171 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
172 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
173 i = (i + 1) & (n - 1)) {
174 if (h[i] == HASH_IV) {
175 if (!CMP(c, IV)) {
176 if (check_crc(c, buf, len, IV))
177 return DEATTACK_DETECTED;
178 else
179 break;
180 }
181 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
182 if (check_crc(c, buf, len, IV))
183 return DEATTACK_DETECTED;
184 else
185 break;
186 }
187 }
188 h[i] = j;
189 }
190
191 return DEATTACK_OK;
192 }
193
194 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
195 {
196 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
197 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
198 } else {
199 return FALSE;
200 }
201 }
202
203 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
204 {
205 unsigned char *newbuff = NULL;
206 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
207 unsigned char lastiv[1];
208 char tmp[80];
209 EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_OUT];
210
211 if (bytes == 0)
212 return TRUE;
213
214 if (bytes % block_size) {
215 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
216 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
217 get_cipher_name(pvar->crypt_state.sender_cipher),
218 bytes, block_size);
219 notify_fatal_error(pvar, tmp, TRUE);
220 return FALSE;
221 }
222
223 if (bytes > encbufflen) {
224 if ((newbuff = realloc(encbuff, bytes)) == NULL)
225 goto err;
226 encbuff = newbuff;
227 encbufflen = bytes;
228 }
229
230 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
231 goto err;
232
233 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
234 goto err;
235
236 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
237 goto err;
238
239 memcpy(data+aadlen, encbuff, bytes);
240
241 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
242 goto err;
243
244 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
245 goto err;
246
247 return TRUE;
248
249 err:
250 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
251 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
252 get_cipher_name(pvar->crypt_state.sender_cipher));
253 notify_fatal_error(pvar, tmp, TRUE);
254 return FALSE;
255 }
256
257 BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
258 {
259 unsigned char *newbuff = NULL;
260 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
261 unsigned char lastiv[1];
262 char tmp[80];
263 EVP_CIPHER_CTX *evp = &pvar->evpcip[MODE_IN];
264
265 if (bytes == 0)
266 return TRUE;
267
268 if (bytes % block_size) {
269 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
270 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
271 get_cipher_name(pvar->crypt_state.receiver_cipher),
272 bytes, block_size);
273 notify_fatal_error(pvar, tmp, TRUE);
274 return FALSE;
275 }
276
277 if (bytes > encbufflen) {
278 if ((newbuff = realloc(encbuff, bytes)) == NULL)
279 goto err;
280 encbuff = newbuff;
281 encbufflen = bytes;
282 }
283
284 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
285 goto err;
286
287 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
288 goto err;
289
290 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
291 goto err;
292
293 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
294 goto err;
295
296 memcpy(data+aadlen, encbuff, bytes);
297
298 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
299 return FALSE;
300 else
301 return TRUE;
302
303 err:
304 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
305 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
306 get_cipher_name(pvar->crypt_state.receiver_cipher));
307 notify_fatal_error(pvar, tmp, TRUE);
308 return FALSE;
309 }
310
311 static void no_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
312 {
313 }
314
315 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
316 {
317 unsigned char *newbuff;
318 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
319 char tmp[80];
320
321 if (bytes == 0)
322 return;
323
324 if (bytes % block_size) {
325 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
326 "%s encrypt error(1): bytes %d (%d)");
327 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
328 get_cipher_name(pvar->crypt_state.sender_cipher),
329 bytes, block_size);
330 notify_fatal_error(pvar, tmp, TRUE);
331 return;
332 }
333
334 if (bytes > encbufflen) {
335 if ((newbuff = realloc(encbuff, bytes)) == NULL)
336 return;
337 encbuff = newbuff;
338 encbufflen = bytes;
339 }
340
341 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) {
342 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
343 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
344 get_cipher_name(pvar->crypt_state.sender_cipher));
345 notify_fatal_error(pvar, tmp, TRUE);
346 } else {
347 memcpy(buf, encbuff, bytes);
348 }
349 }
350
351 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
352 {
353 unsigned char *newbuff;
354 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
355 char tmp[80];
356
357 if (bytes == 0)
358 return;
359
360 if (bytes % block_size) {
361 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
362 "%s decrypt error(1): bytes %d (%d)");
363 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
364 get_cipher_name(pvar->crypt_state.receiver_cipher),
365 bytes, block_size);
366 notify_fatal_error(pvar, tmp, TRUE);
367 return;
368 }
369
370 if (bytes > encbufflen) {
371 if ((newbuff = malloc(bytes)) == NULL)
372 return;
373 encbuff = newbuff;
374 encbufflen = bytes;
375 }
376
377 if (EVP_Cipher(&pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) {
378 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
380 get_cipher_name(pvar->crypt_state.receiver_cipher));
381 notify_fatal_error(pvar, tmp, TRUE);
382 } else {
383 memcpy(buf, encbuff, bytes);
384 }
385 }
386
387 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
388 {
389 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
390
391 DES_ncbc_encrypt(buf, buf, bytes,
392 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
393 DES_ncbc_encrypt(buf, buf, bytes,
394 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
395 DES_ncbc_encrypt(buf, buf, bytes,
396 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
397 }
398
399 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
400 {
401 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
402
403 DES_ncbc_encrypt(buf, buf, bytes,
404 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
405 DES_ncbc_encrypt(buf, buf, bytes,
406 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
407 DES_ncbc_encrypt(buf, buf, bytes,
408 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
409 }
410
411 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
412 {
413 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
414
415 DES_ncbc_encrypt(buf, buf, bytes,
416 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
417 }
418
419 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
420 {
421 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
422
423 DES_ncbc_encrypt(buf, buf, bytes,
424 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
425 }
426
427 static void flip_endianness(unsigned char *cbuf, int bytes)
428 {
429 uint32 *buf = (uint32 *) cbuf;
430 int count = bytes / 4;
431
432 while (count > 0) {
433 uint32 w = *buf;
434
435 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
436 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
437 count--;
438 buf++;
439 }
440 }
441
442 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, int bytes)
443 {
444 CipherBlowfishState *encryptstate =
445 &pvar->crypt_state.enc.cBlowfish;
446
447 flip_endianness(buf, bytes);
448 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
449 BF_ENCRYPT);
450 flip_endianness(buf, bytes);
451 }
452
453 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, int bytes)
454 {
455 CipherBlowfishState *decryptstate =
456 &pvar->crypt_state.dec.cBlowfish;
457
458 flip_endianness(buf, bytes);
459 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
460 BF_DECRYPT);
461 flip_endianness(buf, bytes);
462 }
463
464 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, int bytes)
465 {
466 RAND_bytes(buf, bytes);
467 }
468
469 void CRYPT_initialize_random_numbers(PTInstVar pvar)
470 {
471 // ����������������������
472 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
473 //RAND_screen();
474 }
475
476 static BIGNUM *get_bignum(unsigned char *bytes)
477 {
478 int bits = get_ushort16_MSBfirst(bytes);
479
480 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
481 }
482
483 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
484 RSA *make_key(PTInstVar pvar,
485 int bits, unsigned char *exp,
486 unsigned char *mod)
487 {
488 RSA *key = RSA_new();
489
490 if (key != NULL) {
491 key->e = get_bignum(exp);
492 key->n = get_bignum(mod);
493 }
494
495 if (key == NULL || key->e == NULL || key->n == NULL) {
496 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
497 "Error setting up RSA keys");
498 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
499
500 if (key != NULL) {
501 if (key->e != NULL) {
502 BN_free(key->e);
503 }
504 if (key->n != NULL) {
505 BN_free(key->n);
506 }
507 RSA_free(key);
508 }
509
510 return NULL;
511 } else {
512 return key;
513 }
514 }
515
516 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
517 {
518 if (SSHv1(pvar)) {
519 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
520 } else {
521 memcpy(pvar->crypt_state.server_cookie, cookie,
522 SSH2_COOKIE_LENGTH);
523 }
524 }
525
526 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
527 {
528 if (SSHv2(pvar)) {
529 memcpy(pvar->crypt_state.client_cookie, cookie,
530 SSH2_COOKIE_LENGTH);
531 }
532 }
533
534 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
535 int bits, unsigned char *exp,
536 unsigned char *mod)
537 {
538 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
539
540 return pvar->crypt_state.server_key.RSA_key != NULL;
541 }
542
543 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
544 int bits, unsigned char *exp,
545 unsigned char *mod)
546 {
547 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
548
549 return pvar->crypt_state.host_key.RSA_key != NULL;
550 }
551
552 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
553 int receiver_ciphers)
554 {
555 int cipher_mask;
556
557 if (SSHv1(pvar)) {
558 cipher_mask = (1 << SSH_CIPHER_DES)
559 | (1 << SSH_CIPHER_3DES)
560 | (1 << SSH_CIPHER_BLOWFISH);
561
562 } else { // for SSH2(yutaka)
563 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
564 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
565 | (1 << SSH2_CIPHER_AES128_CBC)
566 | (1 << SSH2_CIPHER_AES192_CBC)
567 | (1 << SSH2_CIPHER_AES256_CBC)
568 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
569 | (1 << SSH2_CIPHER_AES128_CTR)
570 | (1 << SSH2_CIPHER_AES192_CTR)
571 | (1 << SSH2_CIPHER_AES256_CTR)
572 | (1 << SSH2_CIPHER_ARCFOUR)
573 | (1 << SSH2_CIPHER_ARCFOUR128)
574 | (1 << SSH2_CIPHER_ARCFOUR256)
575 | (1 << SSH2_CIPHER_CAST128_CBC)
576 | (1 << SSH2_CIPHER_3DES_CTR)
577 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
578 | (1 << SSH2_CIPHER_CAST128_CTR)
579 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
580 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
581 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
582 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
583 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
584 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
585 | (1 << SSH2_CIPHER_AES128_GCM)
586 | (1 << SSH2_CIPHER_AES256_GCM)
587 );
588 }
589
590 sender_ciphers &= cipher_mask;
591 receiver_ciphers &= cipher_mask;
592 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
593 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
594
595 if (sender_ciphers == 0) {
596 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
597 "The server does not support any of the TTSSH encryption algorithms.\n"
598 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
599 "The connection will be closed.");
600 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
601 return FALSE;
602 } else if (receiver_ciphers == 0) {
603 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
604 "The server does not support any of the TTSSH encryption algorithms.\n"
605 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
606 "The connection will be closed.");
607 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
608 return FALSE;
609 } else {
610 return TRUE;
611 }
612 }
613
614 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
615 {
616 if (SSHv1(pvar)) {
617 return 8;
618 } else {
619 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
620 // cf. 3DES=8, AES128=16
621 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
622 }
623 }
624
625 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
626 {
627 if (SSHv1(pvar)) {
628 return 8;
629 } else {
630 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
631 // cf. 3DES=8, AES128=16
632 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
633 }
634 }
635
636 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
637 {
638 struct Mac *mac;
639
640 if (SSHv1(pvar)) {
641 return 0;
642
643 } else { // for SSH2(yutaka)
644 mac = &pvar->ssh2_keys[MODE_IN].mac;
645 if (mac == NULL || mac->enabled == 0)
646 return 0;
647
648 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
649 }
650
651 }
652
653 // HMAC������
654 // ���{������ SSH2 �������g�p�������B
655 // (2004.12.17 yutaka)
656 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
657 char *data, int len, char *MAC)
658 {
659 HMAC_CTX c;
660 unsigned char m[EVP_MAX_MD_SIZE];
661 unsigned char b[4];
662 struct Mac *mac;
663
664 mac = &pvar->ssh2_keys[MODE_IN].mac;
665
666 // HMAC�������L���������������A����OK�����������B
667 if (mac == NULL || mac->enabled == 0)
668 return TRUE;
669
670 if (mac->key == NULL) {
671 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
672 goto error;
673 }
674
675 if ((u_int)mac->mac_len > sizeof(m)) {
676 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
677 mac->mac_len, sizeof(m), sequence_number, len);
678 goto error;
679 }
680
681 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
682 set_uint32_MSBfirst(b, sequence_number);
683 HMAC_Update(&c, b, sizeof(b));
684 HMAC_Update(&c, data, len);
685 HMAC_Final(&c, m, NULL);
686 HMAC_cleanup(&c);
687
688 if (memcmp(m, MAC, mac->mac_len)) {
689 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
690 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
691 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
692 goto error;
693 }
694
695 return TRUE;
696
697 error:
698 return FALSE;
699 }
700
701 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
702 {
703 struct Mac *mac;
704
705 if (SSHv2(pvar)) { // for SSH2(yutaka)
706 mac = &pvar->ssh2_keys[MODE_OUT].mac;
707 if (mac == NULL || mac->enabled == 0)
708 return 0;
709
710 return (mac->mac_len);
711 }
712
713 return 0;
714 }
715
716 // for SSH2
717 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
718 char *data, int len, char *MAC)
719 {
720 HMAC_CTX c;
721 static u_char m[EVP_MAX_MD_SIZE];
722 u_char b[4];
723 struct Mac *mac;
724
725 if (SSHv2(pvar)) { // for SSH2(yutaka)
726 mac = &pvar->ssh2_keys[MODE_OUT].mac;
727 if (mac == NULL || mac->enabled == 0)
728 return FALSE;
729
730 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
731 set_uint32_MSBfirst(b, sequence_number);
732 HMAC_Update(&c, b, sizeof(b));
733 HMAC_Update(&c, data, len);
734 HMAC_Final(&c, m, NULL);
735 HMAC_cleanup(&c);
736
737 // 20�o�C�g�������R�s�[
738 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
739 // memcpy(MAC, m, sizeof(m));
740
741 return TRUE;
742 }
743
744 return TRUE;
745
746 }
747
748 static int choose_cipher(PTInstVar pvar, int supported)
749 {
750 int i;
751
752 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
753 int cipher = pvar->session_settings.CipherOrder[i] - '0';
754
755 if (cipher == SSH_CIPHER_NONE) {
756 break;
757 } else if ((supported & (1 << cipher)) != 0) {
758 return cipher;
759 }
760 }
761
762 return SSH_CIPHER_NONE;
763 }
764
765 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
766 {
767 if (SSHv1(pvar)) {
768 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
769 pvar->crypt_state.
770 supported_sender_ciphers);
771 pvar->crypt_state.receiver_cipher =
772 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
773
774 } else { // SSH2(yutaka)
775 if (pvar->ciphers[MODE_OUT] == NULL) {
776 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
777 }
778 else {
779 pvar->crypt_state.sender_cipher = pvar->ciphers[MODE_OUT]->id;
780 }
781 if (pvar->ciphers[MODE_IN] == NULL) {
782 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
783 }
784 else {
785 pvar->crypt_state.receiver_cipher = pvar->ciphers[MODE_IN]->id;
786 }
787 }
788
789 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
790 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
791 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
792 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
793 "To communicate with this server, you will have to enable some more ciphers\n"
794 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
795 "This connection will now close.");
796 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
797 return FALSE;
798 } else {
799 return TRUE;
800 }
801 }
802
803 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
804 {
805 int server_key_bits =
806 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
807 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
808 int server_key_bytes = (server_key_bits + 7) / 8;
809 int host_key_bytes = (host_key_bits + 7) / 8;
810
811 if (server_key_bits < host_key_bits) {
812 return host_key_bytes;
813 } else {
814 return server_key_bytes;
815 }
816 }
817
818 int CRYPT_choose_session_key(PTInstVar pvar,
819 unsigned char *encrypted_key_buf)
820 {
821 int server_key_bits =
822 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
823 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
824 int server_key_bytes = (server_key_bits + 7) / 8;
825 int host_key_bytes = (host_key_bits + 7) / 8;
826 int encrypted_key_bytes;
827 int bit_delta;
828
829 if (server_key_bits < host_key_bits) {
830 encrypted_key_bytes = host_key_bytes;
831 bit_delta = host_key_bits - server_key_bits;
832 } else {
833 encrypted_key_bytes = server_key_bytes;
834 bit_delta = server_key_bits - host_key_bits;
835 }
836
837 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
838 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
839 "Server RSA keys are too weak. A secure connection cannot be established.");
840 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
841 return 0;
842 } else {
843 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
844 for the session ID, rather than the one specified in the RFC */
845 int session_buf_len = server_key_bytes + host_key_bytes + 8;
846 char *session_buf = (char *) malloc(session_buf_len);
847 char session_id[16];
848 int i;
849
850 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
851 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
852 session_buf + host_key_bytes);
853 memcpy(session_buf + server_key_bytes + host_key_bytes,
854 pvar->crypt_state.server_cookie, 8);
855 MD5(session_buf, session_buf_len, session_id);
856
857 free(session_buf);
858
859 RAND_bytes(pvar->crypt_state.sender_cipher_key,
860 SSH_SESSION_KEY_LENGTH);
861 memcpy(pvar->crypt_state.receiver_cipher_key,
862 pvar->crypt_state.sender_cipher_key,
863 SSH_SESSION_KEY_LENGTH);
864
865 memcpy(encrypted_key_buf + encrypted_key_bytes -
866 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
867 SSH_SESSION_KEY_LENGTH);
868 for (i = 0; i < sizeof(session_id); i++) {
869 encrypted_key_buf[encrypted_key_bytes -
870 SSH_SESSION_KEY_LENGTH + i]
871 ^= session_id[i];
872 }
873
874 if (host_key_bits > server_key_bits) {
875 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
876 encrypted_key_buf +
877 encrypted_key_bytes -
878 SSH_SESSION_KEY_LENGTH,
879 encrypted_key_buf +
880 encrypted_key_bytes - server_key_bytes,
881 pvar->crypt_state.server_key.RSA_key,
882 RSA_PKCS1_PADDING) < 0)
883 return 0;
884
885 if (RSA_public_encrypt(server_key_bytes,
886 encrypted_key_buf +
887 encrypted_key_bytes - server_key_bytes,
888 encrypted_key_buf,
889 pvar->crypt_state.host_key.RSA_key,
890 RSA_PKCS1_PADDING) < 0)
891 return 0;
892 } else {
893 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
894 encrypted_key_buf +
895 encrypted_key_bytes -
896 SSH_SESSION_KEY_LENGTH,
897 encrypted_key_buf +
898 encrypted_key_bytes - host_key_bytes,
899 pvar->crypt_state.host_key.RSA_key,
900 RSA_PKCS1_PADDING) < 0)
901 return 0;
902
903 if (RSA_public_encrypt(host_key_bytes,
904 encrypted_key_buf +
905 encrypted_key_bytes - host_key_bytes,
906 encrypted_key_buf,
907 pvar->crypt_state.server_key.RSA_key,
908 RSA_PKCS1_PADDING) < 0)
909 return 0;
910 }
911 }
912
913 return 1;
914 }
915
916 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
917 unsigned char *challenge,
918 int challenge_len,
919 unsigned char *response)
920 {
921 int server_key_bits =
922 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
923 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
924 int server_key_bytes = (server_key_bits + 7) / 8;
925 int host_key_bytes = (host_key_bits + 7) / 8;
926 int session_buf_len = server_key_bytes + host_key_bytes + 8;
927 char *session_buf = (char *) malloc(session_buf_len);
928 char decrypted_challenge[48];
929 int decrypted_challenge_len;
930
931 decrypted_challenge_len =
932 RSA_private_decrypt(challenge_len, challenge, challenge,
933 AUTH_get_cur_cred(pvar)->key_pair->rsa,
934 RSA_PKCS1_PADDING);
935 if (decrypted_challenge_len < 0) {
936 free(session_buf);
937 return 0;
938 }
939 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
940 memcpy(decrypted_challenge,
941 challenge + decrypted_challenge_len -
942 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
943 } else {
944 SecureZeroMemory(decrypted_challenge,
945 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
946 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
947 decrypted_challenge_len, challenge,
948 decrypted_challenge_len);
949 }
950
951 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
952 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
953 session_buf + host_key_bytes);
954 memcpy(session_buf + server_key_bytes + host_key_bytes,
955 pvar->crypt_state.server_cookie, 8);
956 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
957
958 free(session_buf);
959
960 MD5(decrypted_challenge, 48, response);
961
962 return 1;
963 }
964
965 static void c3DES_init(char *session_key, Cipher3DESState *state)
966 {
967 DES_set_key((const_DES_cblock *) session_key, &state->k1);
968 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
969 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
970 SecureZeroMemory(state->ivec1, 8);
971 SecureZeroMemory(state->ivec2, 8);
972 SecureZeroMemory(state->ivec3, 8);
973 }
974
975 static void cDES_init(char *session_key, CipherDESState *state)
976 {
977 DES_set_key((const_DES_cblock *) session_key, &state->k);
978 SecureZeroMemory(state->ivec, 8);
979 }
980
981 static void cBlowfish_init(char *session_key,
982 CipherBlowfishState *state)
983 {
984 BF_set_key(&state->k, 32, session_key);
985 SecureZeroMemory(state->ivec, 8);
986 }
987
988
989 //
990 // SSH2�p�A���S���Y����������
991 //
992 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
993 const u_char *key, u_int keylen,
994 const u_char *iv, u_int ivlen,
995 int encrypt,
996 const EVP_CIPHER *type,
997 int discard_len,
998 unsigned int authlen,
999 PTInstVar pvar)
1000 {
1001 int klen;
1002 char tmp[80];
1003 unsigned char *junk = NULL, *discard = NULL;
1004
1005 EVP_CIPHER_CTX_init(evp);
1006 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
1007 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1008 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1009 notify_fatal_error(pvar, tmp, TRUE);
1010 return;
1011 }
1012
1013 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
1014 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1015 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1016 notify_fatal_error(pvar, tmp, TRUE);
1017 return;
1018 }
1019 if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1020 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1021 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1022 notify_fatal_error(pvar, tmp, TRUE);
1023 return;
1024 }
1025 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1026 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1027 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1028 notify_fatal_error(pvar, tmp, TRUE);
1029 return;
1030 }
1031
1032 klen = EVP_CIPHER_CTX_key_length(evp);
1033 if (klen > 0 && keylen != klen) {
1034 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1035 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1036 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1037 notify_fatal_error(pvar, tmp, TRUE);
1038 return;
1039 }
1040 }
1041 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1042 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1043 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1044 notify_fatal_error(pvar, tmp, TRUE);
1045 return;
1046 }
1047
1048 if (discard_len > 0) {
1049 junk = malloc(discard_len);
1050 discard = malloc(discard_len);
1051 if (junk == NULL || discard == NULL ||
1052 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1053 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1054 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1055 notify_fatal_error(pvar, tmp, TRUE);
1056 }
1057 else {
1058 SecureZeroMemory(discard, discard_len);
1059 }
1060 free(junk);
1061 free(discard);
1062 }
1063 }
1064
1065 //
1066 // SSH2�p�A���S���Y�����j��
1067 //
1068 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1069 {
1070 EVP_CIPHER_CTX_cleanup(evp);
1071 }
1072
1073
1074 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1075 {
1076 struct Enc *enc;
1077 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1078 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1079 SSH2Cipher *cipher;
1080 BOOL isOK = TRUE;
1081
1082 if (sender_flag) {
1083 if (SSHv1(pvar)) {
1084 switch (pvar->crypt_state.sender_cipher) {
1085 case SSH_CIPHER_3DES:
1086 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1087 pvar->crypt_state.encrypt = c3DES_encrypt;
1088 break;
1089
1090 case SSH_CIPHER_DES:
1091 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1092 pvar->crypt_state.encrypt = cDES_encrypt;
1093 break;
1094
1095 case SSH_CIPHER_BLOWFISH:
1096 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1097 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1098 break;
1099
1100 case SSH_CIPHER_NONE:
1101 case SSH_CIPHER_IDEA:
1102 case SSH_CIPHER_TSS:
1103 case SSH_CIPHER_RC4:
1104 isOK = FALSE;
1105 break;
1106 }
1107 }
1108 else {
1109 // SSH2
1110 cipher = pvar->ciphers[MODE_OUT];
1111 if (cipher) {
1112 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1113 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1114 enc->key, get_cipher_key_len(cipher),
1115 enc->iv, get_cipher_iv_len(cipher),
1116 CIPHER_ENCRYPT,
1117 get_cipher_EVP_CIPHER(cipher),
1118 get_cipher_discard_len(cipher),
1119 get_cipher_auth_len(cipher),
1120 pvar);
1121
1122 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1123 }
1124 else {
1125 isOK = FALSE;
1126 }
1127 }
1128 }
1129
1130 if (receiver_flag) {
1131 if (SSHv1(pvar)) {
1132 switch (pvar->crypt_state.receiver_cipher) {
1133 case SSH_CIPHER_3DES:
1134 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1135 pvar->crypt_state.decrypt = c3DES_decrypt;
1136 break;
1137
1138 case SSH_CIPHER_DES:
1139 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1140 pvar->crypt_state.decrypt = cDES_decrypt;
1141 break;
1142
1143 case SSH_CIPHER_BLOWFISH:
1144 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1145 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1146 break;
1147
1148 case SSH_CIPHER_NONE:
1149 case SSH_CIPHER_IDEA:
1150 case SSH_CIPHER_TSS:
1151 case SSH_CIPHER_RC4:
1152 isOK = FALSE;
1153 break;
1154 }
1155 }
1156 else {
1157 // SSH2
1158 cipher = pvar->ciphers[MODE_IN];
1159 if (cipher) {
1160 enc = &pvar->ssh2_keys[MODE_IN].enc;
1161 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1162 enc->key, get_cipher_key_len(cipher),
1163 enc->iv, get_cipher_iv_len(cipher),
1164 CIPHER_DECRYPT,
1165 get_cipher_EVP_CIPHER(cipher),
1166 get_cipher_discard_len(cipher),
1167 get_cipher_auth_len(cipher),
1168 pvar);
1169
1170 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1171 }
1172 else {
1173 isOK = FALSE;
1174 }
1175 }
1176 }
1177
1178 if (!isOK) {
1179 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1180 "No cipher selected!");
1181 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1182 return FALSE;
1183 } else {
1184 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1185 SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1186 return TRUE;
1187 }
1188 }
1189
1190 void CRYPT_init(PTInstVar pvar)
1191 {
1192 pvar->crypt_state.encrypt = no_encrypt;
1193 pvar->crypt_state.decrypt = no_encrypt;
1194 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1195 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1196 pvar->crypt_state.server_key.RSA_key = NULL;
1197 pvar->crypt_state.host_key.RSA_key = NULL;
1198
1199 pvar->crypt_state.detect_attack_statics.h = NULL;
1200 pvar->crypt_state.detect_attack_statics.n =
1201 HASH_MINSIZE / HASH_ENTRYSIZE;
1202 }
1203
1204 static char *get_cipher_name(int cipher)
1205 {
1206 switch (cipher) {
1207 case SSH_CIPHER_NONE:
1208 return "None";
1209 case SSH_CIPHER_3DES:
1210 return "3DES (168 key bits)";
1211 case SSH_CIPHER_DES:
1212 return "DES (56 key bits)";
1213 case SSH_CIPHER_BLOWFISH:
1214 return "Blowfish (256 key bits)";
1215
1216 // SSH2
1217 case SSH2_CIPHER_3DES_CBC:
1218 return "3des-cbc";
1219 case SSH2_CIPHER_AES128_CBC:
1220 return "aes128-cbc";
1221 case SSH2_CIPHER_AES192_CBC:
1222 return "aes192-cbc";
1223 case SSH2_CIPHER_AES256_CBC:
1224 return "aes256-cbc";
1225 case SSH2_CIPHER_BLOWFISH_CBC:
1226 return "blowfish-cbc";
1227 case SSH2_CIPHER_AES128_CTR:
1228 return "aes128-ctr";
1229 case SSH2_CIPHER_AES192_CTR:
1230 return "aes192-ctr";
1231 case SSH2_CIPHER_AES256_CTR:
1232 return "aes256-ctr";
1233 case SSH2_CIPHER_ARCFOUR:
1234 return "arcfour";
1235 case SSH2_CIPHER_ARCFOUR128:
1236 return "arcfour128";
1237 case SSH2_CIPHER_ARCFOUR256:
1238 return "arcfour256";
1239 case SSH2_CIPHER_CAST128_CBC:
1240 return "cast-128-cbc";
1241 case SSH2_CIPHER_3DES_CTR:
1242 return "3des-ctr";
1243 case SSH2_CIPHER_BLOWFISH_CTR:
1244 return "blowfish-ctr";
1245 case SSH2_CIPHER_CAST128_CTR:
1246 return "cast-128-ctr";
1247 case SSH2_CIPHER_CAMELLIA128_CBC:
1248 return "camellia128-cbc";
1249 case SSH2_CIPHER_CAMELLIA192_CBC:
1250 return "camellia192-cbc";
1251 case SSH2_CIPHER_CAMELLIA256_CBC:
1252 return "camellia256-cbc";
1253 case SSH2_CIPHER_CAMELLIA128_CTR:
1254 return "camellia128-ctr";
1255 case SSH2_CIPHER_CAMELLIA192_CTR:
1256 return "camellia192-ctr";
1257 case SSH2_CIPHER_CAMELLIA256_CTR:
1258 return "camellia256-ctr";
1259 case SSH2_CIPHER_AES128_GCM:
1260 return "aes128-gcm@openssh.com";
1261 case SSH2_CIPHER_AES256_GCM:
1262 return "aes256-gcm@openssh.com";
1263
1264 default:
1265 return "Unknown";
1266 }
1267 }
1268
1269 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1270 {
1271 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1272 "%s to server, %s from server");
1273 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1274 get_cipher_name(pvar->crypt_state.sender_cipher),
1275 get_cipher_name(pvar->crypt_state.receiver_cipher));
1276 }
1277
1278 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1279 {
1280 if (SSHv1(pvar)) {
1281 if (pvar->crypt_state.server_key.RSA_key == NULL
1282 || pvar->crypt_state.host_key.RSA_key == NULL) {
1283 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1284 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1285 } else {
1286 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1287 "%d-bit server key, %d-bit host key");
1288 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1289 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1290 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1291 }
1292 } else { // SSH2
1293 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1294 "%d-bit client key, %d-bit server key");
1295 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1296 pvar->client_key_bits,
1297 pvar->server_key_bits);
1298 }
1299 }
1300
1301 static void destroy_public_key(CRYPTPublicKey * key)
1302 {
1303 if (key->RSA_key != NULL) {
1304 RSA_free(key->RSA_key);
1305 key->RSA_key = NULL;
1306 }
1307 }
1308
1309 void CRYPT_free_public_key(CRYPTPublicKey * key)
1310 {
1311 destroy_public_key(key);
1312 free(key);
1313 }
1314
1315 void CRYPT_end(PTInstVar pvar)
1316 {
1317 free(encbuff);
1318 encbuff = NULL;
1319 encbufflen = 0;
1320
1321 destroy_public_key(&pvar->crypt_state.host_key);
1322 destroy_public_key(&pvar->crypt_state.server_key);
1323
1324 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1325 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1326 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1327 free(pvar->crypt_state.detect_attack_statics.h);
1328 }
1329
1330 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1331 sizeof(pvar->crypt_state.sender_cipher_key));
1332 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1333 sizeof(pvar->crypt_state.receiver_cipher_key));
1334 SecureZeroMemory(pvar->crypt_state.server_cookie,
1335 sizeof(pvar->crypt_state.server_cookie));
1336 SecureZeroMemory(pvar->crypt_state.client_cookie,
1337 sizeof(pvar->crypt_state.client_cookie));
1338 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1339 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1340 }
1341
1342 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1343 char *buf, int bytes)
1344 {
1345 unsigned char passphrase_key[16];
1346
1347 MD5(passphrase, strlen(passphrase), passphrase_key);
1348
1349 switch (cipher) {
1350 case SSH_CIPHER_3DES:{
1351 Cipher3DESState state;
1352
1353 DES_set_key((const_DES_cblock *) passphrase_key,
1354 &state.k1);
1355 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1356 &state.k2);
1357 DES_set_key((const_DES_cblock *) passphrase_key,
1358 &state.k3);
1359 SecureZeroMemory(state.ivec1, 8);
1360 SecureZeroMemory(state.ivec2, 8);
1361 SecureZeroMemory(state.ivec3, 8);
1362 DES_ncbc_encrypt(buf, buf, bytes,
1363 &state.k3, &state.ivec3, DES_DECRYPT);
1364 DES_ncbc_encrypt(buf, buf, bytes,
1365 &state.k2, &state.ivec2, DES_ENCRYPT);
1366 DES_ncbc_encrypt(buf, buf, bytes,
1367 &state.k1, &state.ivec1, DES_DECRYPT);
1368 break;
1369 }
1370
1371 case SSH_CIPHER_DES:{
1372 CipherDESState state;
1373
1374 cDES_init(passphrase_key, &state);
1375 DES_ncbc_encrypt(buf, buf, bytes,
1376 &state.k, &state.ivec, DES_DECRYPT);
1377 break;
1378 }
1379
1380 case SSH_CIPHER_BLOWFISH:{
1381 CipherBlowfishState state;
1382
1383 BF_set_key(&state.k, 16, passphrase_key);
1384 SecureZeroMemory(state.ivec, 8);
1385 flip_endianness(buf, bytes);
1386 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1387 BF_DECRYPT);
1388 flip_endianness(buf, bytes);
1389 break;
1390 }
1391
1392 case SSH_CIPHER_NONE:
1393 break;
1394
1395 default:
1396 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1397 return 0;
1398 }
1399
1400 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1401 return 1;
1402 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help