Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 9208 - (show annotations) (download) (as text)
Sat Apr 17 06:15:51 2021 UTC (2 years, 11 months ago) by nmaya
File MIME type: text/x-csrc
File size: 44192 byte(s) 
create a branch for chacha20-poly1305

from 4-stable
planned to merge to 4-stable and trunk
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004- TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75 static unsigned char *encbuff = NULL;
76 static unsigned int encbufflen = 0;
77
78 static char *get_cipher_name(int cipher);
79
80 static void crc_update(uint32 *a, uint32 b)
81 {
82 b ^= *a;
83 *a = do_crc((unsigned char *) &b, sizeof(b));
84 }
85
86 /* check_crc
87 detects if a block is used in a particular pattern
88 */
89
90 static int check_crc(unsigned char *S, unsigned char *buf,
91 uint32 len, unsigned char *IV)
92 {
93 uint32 crc;
94 unsigned char *c;
95
96 crc = 0;
97 if (IV && !CMP(S, IV)) {
98 crc_update(&crc, 1);
99 crc_update(&crc, 0);
100 }
101 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
102 if (!CMP(S, c)) {
103 crc_update(&crc, 1);
104 crc_update(&crc, 0);
105 } else {
106 crc_update(&crc, 0);
107 crc_update(&crc, 0);
108 }
109 }
110
111 return crc == 0;
112 }
113
114
115 /*
116 detect_attack
117 Detects a crc32 compensation attack on a packet
118 */
119 static int detect_attack(CRYPTDetectAttack *statics,
120 unsigned char *buf, uint32 len,
121 unsigned char *IV)
122 {
123 uint32 *h = statics->h;
124 uint32 n = statics->n;
125 uint32 i, j;
126 uint32 l;
127 unsigned char *c;
128 unsigned char *d;
129
130 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
131 }
132
133 if (h == NULL) {
134 n = l;
135 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
136 } else {
137 if (l > n) {
138 n = l;
139 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
140 }
141 }
142
143 statics->h = h;
144 statics->n = n;
145
146 if (len <= HASH_MINBLOCKS) {
147 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
148 if (IV && (!CMP(c, IV))) {
149 if ((check_crc(c, buf, len, IV)))
150 return DEATTACK_DETECTED;
151 else
152 break;
153 }
154 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
155 if (!CMP(c, d)) {
156 if ((check_crc(c, buf, len, IV)))
157 return DEATTACK_DETECTED;
158 else
159 break;
160 }
161 }
162 }
163 return (DEATTACK_OK);
164 }
165 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
166
167 if (IV) {
168 h[HASH(IV) & (n - 1)] = HASH_IV;
169 }
170
171 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
172 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
173 i = (i + 1) & (n - 1)) {
174 if (h[i] == HASH_IV) {
175 if (!CMP(c, IV)) {
176 if (check_crc(c, buf, len, IV))
177 return DEATTACK_DETECTED;
178 else
179 break;
180 }
181 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
182 if (check_crc(c, buf, len, IV))
183 return DEATTACK_DETECTED;
184 else
185 break;
186 }
187 }
188 h[i] = j;
189 }
190
191 return DEATTACK_OK;
192 }
193
194 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
195 {
196 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
197 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
198 } else {
199 return FALSE;
200 }
201 }
202
203 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
204 {
205 unsigned char *newbuff = NULL;
206 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
207 unsigned char lastiv[1];
208 char tmp[80];
209 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_OUT];
210
211 if (bytes == 0)
212 return TRUE;
213
214 if (bytes % block_size) {
215 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
216 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
217 get_cipher_name(pvar->crypt_state.sender_cipher),
218 bytes, block_size);
219 notify_fatal_error(pvar, tmp, TRUE);
220 return FALSE;
221 }
222
223 if (bytes > encbufflen) {
224 if ((newbuff = realloc(encbuff, bytes)) == NULL)
225 goto err;
226 encbuff = newbuff;
227 encbufflen = bytes;
228 }
229
230 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
231 goto err;
232
233 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
234 goto err;
235
236 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
237 goto err;
238
239 memcpy(data+aadlen, encbuff, bytes);
240
241 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
242 goto err;
243
244 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
245 goto err;
246
247 return TRUE;
248
249 err:
250 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
251 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
252 get_cipher_name(pvar->crypt_state.sender_cipher));
253 notify_fatal_error(pvar, tmp, TRUE);
254 return FALSE;
255 }
256
257 BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
258 {
259 unsigned char *newbuff = NULL;
260 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
261 unsigned char lastiv[1];
262 char tmp[80];
263 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_IN];
264
265 if (bytes == 0)
266 return TRUE;
267
268 if (bytes % block_size) {
269 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
270 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
271 get_cipher_name(pvar->crypt_state.receiver_cipher),
272 bytes, block_size);
273 notify_fatal_error(pvar, tmp, TRUE);
274 return FALSE;
275 }
276
277 if (bytes > encbufflen) {
278 if ((newbuff = realloc(encbuff, bytes)) == NULL)
279 goto err;
280 encbuff = newbuff;
281 encbufflen = bytes;
282 }
283
284 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
285 goto err;
286
287 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
288 goto err;
289
290 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
291 goto err;
292
293 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
294 goto err;
295
296 memcpy(data+aadlen, encbuff, bytes);
297
298 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
299 return FALSE;
300 else
301 return TRUE;
302
303 err:
304 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
305 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
306 get_cipher_name(pvar->crypt_state.receiver_cipher));
307 notify_fatal_error(pvar, tmp, TRUE);
308 return FALSE;
309 }
310
311 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
312 {
313 }
314
315 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
316 {
317 unsigned char *newbuff;
318 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
319 char tmp[80];
320
321 if (bytes == 0)
322 return;
323
324 if (bytes % block_size) {
325 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
326 "%s encrypt error(1): bytes %d (%d)");
327 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
328 get_cipher_name(pvar->crypt_state.sender_cipher),
329 bytes, block_size);
330 notify_fatal_error(pvar, tmp, TRUE);
331 return;
332 }
333
334 if (bytes > encbufflen) {
335 if ((newbuff = realloc(encbuff, bytes)) == NULL)
336 return;
337 encbuff = newbuff;
338 encbufflen = bytes;
339 }
340
341 if (EVP_Cipher(pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) {
342 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
343 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
344 get_cipher_name(pvar->crypt_state.sender_cipher));
345 notify_fatal_error(pvar, tmp, TRUE);
346 } else {
347 memcpy(buf, encbuff, bytes);
348 }
349 }
350
351 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
352 {
353 unsigned char *newbuff;
354 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
355 char tmp[80];
356
357 if (bytes == 0)
358 return;
359
360 if (bytes % block_size) {
361 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
362 "%s decrypt error(1): bytes %d (%d)");
363 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
364 get_cipher_name(pvar->crypt_state.receiver_cipher),
365 bytes, block_size);
366 notify_fatal_error(pvar, tmp, TRUE);
367 return;
368 }
369
370 if (bytes > encbufflen) {
371 if ((newbuff = malloc(bytes)) == NULL)
372 return;
373 encbuff = newbuff;
374 encbufflen = bytes;
375 }
376
377 if (EVP_Cipher(pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) {
378 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
380 get_cipher_name(pvar->crypt_state.receiver_cipher));
381 notify_fatal_error(pvar, tmp, TRUE);
382 } else {
383 memcpy(buf, encbuff, bytes);
384 }
385 }
386
387 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
388 {
389 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
390
391 DES_ncbc_encrypt(buf, buf, bytes,
392 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
393 DES_ncbc_encrypt(buf, buf, bytes,
394 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
395 DES_ncbc_encrypt(buf, buf, bytes,
396 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
397 }
398
399 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
400 {
401 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
402
403 DES_ncbc_encrypt(buf, buf, bytes,
404 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
405 DES_ncbc_encrypt(buf, buf, bytes,
406 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
407 DES_ncbc_encrypt(buf, buf, bytes,
408 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
409 }
410
411 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
412 {
413 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
414
415 DES_ncbc_encrypt(buf, buf, bytes,
416 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
417 }
418
419 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
420 {
421 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
422
423 DES_ncbc_encrypt(buf, buf, bytes,
424 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
425 }
426
427 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
428 {
429 uint32 *buf = (uint32 *) cbuf;
430 int count = bytes / 4;
431
432 while (count > 0) {
433 uint32 w = *buf;
434
435 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
436 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
437 count--;
438 buf++;
439 }
440 }
441
442 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
443 {
444 CipherBlowfishState *encryptstate =
445 &pvar->crypt_state.enc.cBlowfish;
446
447 flip_endianness(buf, bytes);
448 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
449 BF_ENCRYPT);
450 flip_endianness(buf, bytes);
451 }
452
453 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
454 {
455 CipherBlowfishState *decryptstate =
456 &pvar->crypt_state.dec.cBlowfish;
457
458 flip_endianness(buf, bytes);
459 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
460 BF_DECRYPT);
461 flip_endianness(buf, bytes);
462 }
463
464 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
465 {
466 int ret;
467
468 // OpenSSL 1.1.1���g���������AWindowsMe���� RAND_bytes() �������o�����������B
469 logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__);
470 ret = RAND_bytes(buf, bytes);
471 if (ret < 0) {
472 logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret);
473 }
474 }
475
476 void CRYPT_initialize_random_numbers(PTInstVar pvar)
477 {
478 // ����������������������
479 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
480 //RAND_screen();
481 }
482
483 static BIGNUM *get_bignum(unsigned char *bytes)
484 {
485 int bits = get_ushort16_MSBfirst(bytes);
486
487 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
488 }
489
490 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
491 RSA *make_key(PTInstVar pvar,
492 int bits, unsigned char *exp,
493 unsigned char *mod)
494 {
495 RSA *key = RSA_new();
496 BIGNUM *e = NULL, *n = NULL;
497
498 if (key != NULL) {
499 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
500 // RSA_set0_key���������������K�v�������B
501 e = get_bignum(exp);
502 n = get_bignum(mod);
503 RSA_set0_key(key, n, e, NULL);
504 }
505
506 if (key == NULL || e == NULL || n == NULL) {
507 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
508 "Error setting up RSA keys");
509 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
510
511 if (key != NULL) {
512 if (e != NULL) {
513 BN_free(e);
514 }
515 if (n != NULL) {
516 BN_free(n);
517 }
518 RSA_free(key);
519 }
520
521 return NULL;
522 } else {
523 return key;
524 }
525 }
526
527 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
528 {
529 if (SSHv1(pvar)) {
530 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
531 } else {
532 memcpy(pvar->crypt_state.server_cookie, cookie,
533 SSH2_COOKIE_LENGTH);
534 }
535 }
536
537 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
538 {
539 if (SSHv2(pvar)) {
540 memcpy(pvar->crypt_state.client_cookie, cookie,
541 SSH2_COOKIE_LENGTH);
542 }
543 }
544
545 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
546 int bits, unsigned char *exp,
547 unsigned char *mod)
548 {
549 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
550
551 return pvar->crypt_state.server_key.RSA_key != NULL;
552 }
553
554 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
555 int bits, unsigned char *exp,
556 unsigned char *mod)
557 {
558 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
559
560 return pvar->crypt_state.host_key.RSA_key != NULL;
561 }
562
563 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
564 int receiver_ciphers)
565 {
566 int cipher_mask;
567
568 if (SSHv1(pvar)) {
569 cipher_mask = (1 << SSH_CIPHER_DES)
570 | (1 << SSH_CIPHER_3DES)
571 | (1 << SSH_CIPHER_BLOWFISH);
572
573 } else { // for SSH2(yutaka)
574 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
575 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
576 | (1 << SSH2_CIPHER_AES128_CBC)
577 | (1 << SSH2_CIPHER_AES192_CBC)
578 | (1 << SSH2_CIPHER_AES256_CBC)
579 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
580 | (1 << SSH2_CIPHER_AES128_CTR)
581 | (1 << SSH2_CIPHER_AES192_CTR)
582 | (1 << SSH2_CIPHER_AES256_CTR)
583 | (1 << SSH2_CIPHER_ARCFOUR)
584 | (1 << SSH2_CIPHER_ARCFOUR128)
585 | (1 << SSH2_CIPHER_ARCFOUR256)
586 | (1 << SSH2_CIPHER_CAST128_CBC)
587 | (1 << SSH2_CIPHER_3DES_CTR)
588 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
589 | (1 << SSH2_CIPHER_CAST128_CTR)
590 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
591 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
592 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
593 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
594 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
595 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
596 | (1 << SSH2_CIPHER_AES128_GCM)
597 | (1 << SSH2_CIPHER_AES256_GCM)
598 );
599 }
600
601 sender_ciphers &= cipher_mask;
602 receiver_ciphers &= cipher_mask;
603 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
604 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
605
606 if (sender_ciphers == 0) {
607 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
608 "The server does not support any of the TTSSH encryption algorithms.\n"
609 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
610 "The connection will be closed.");
611 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
612 return FALSE;
613 } else if (receiver_ciphers == 0) {
614 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
615 "The server does not support any of the TTSSH encryption algorithms.\n"
616 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
617 "The connection will be closed.");
618 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
619 return FALSE;
620 } else {
621 return TRUE;
622 }
623 }
624
625 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
626 {
627 if (SSHv1(pvar)) {
628 return 8;
629 } else {
630 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
631 // cf. 3DES=8, AES128=16
632 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
633 }
634 }
635
636 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
637 {
638 if (SSHv1(pvar)) {
639 return 8;
640 } else {
641 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
642 // cf. 3DES=8, AES128=16
643 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
644 }
645 }
646
647 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
648 {
649 struct Mac *mac;
650
651 if (SSHv1(pvar)) {
652 return 0;
653
654 } else { // for SSH2(yutaka)
655 mac = &pvar->ssh2_keys[MODE_IN].mac;
656 if (mac == NULL || mac->enabled == 0)
657 return 0;
658
659 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
660 }
661
662 }
663
664 // HMAC������
665 // ���{������ SSH2 �������g�p�������B
666 // (2004.12.17 yutaka)
667 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
668 char *data, int len, char *MAC)
669 {
670 HMAC_CTX *c = NULL;
671 unsigned char m[EVP_MAX_MD_SIZE];
672 unsigned char b[4];
673 struct Mac *mac;
674
675 mac = &pvar->ssh2_keys[MODE_IN].mac;
676
677 // HMAC�������L���������������A����OK�����������B
678 if (mac == NULL || mac->enabled == 0)
679 return TRUE;
680
681 if (mac->key == NULL) {
682 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
683 goto error;
684 }
685
686 if ((u_int)mac->mac_len > sizeof(m)) {
687 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
688 mac->mac_len, sizeof(m), sequence_number, len);
689 goto error;
690 }
691
692 c = HMAC_CTX_new();
693 if (c == NULL)
694 goto error;
695
696 HMAC_Init(c, mac->key, mac->key_len, mac->md);
697 set_uint32_MSBfirst(b, sequence_number);
698 HMAC_Update(c, b, sizeof(b));
699 HMAC_Update(c, data, len);
700 HMAC_Final(c, m, NULL);
701 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
702
703 if (memcmp(m, MAC, mac->mac_len)) {
704 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
705 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
706 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
707 goto error;
708 }
709
710 HMAC_CTX_free(c);
711
712 return TRUE;
713
714 error:
715 if (c)
716 HMAC_CTX_free(c);
717
718 return FALSE;
719 }
720
721 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
722 {
723 struct Mac *mac;
724
725 if (SSHv2(pvar)) { // for SSH2(yutaka)
726 mac = &pvar->ssh2_keys[MODE_OUT].mac;
727 if (mac == NULL || mac->enabled == 0)
728 return 0;
729
730 return (mac->mac_len);
731 }
732
733 return 0;
734 }
735
736 // for SSH2
737 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
738 char *data, int len, char *MAC)
739 {
740 HMAC_CTX *c = NULL;
741 static u_char m[EVP_MAX_MD_SIZE];
742 u_char b[4];
743 struct Mac *mac;
744
745 if (SSHv2(pvar)) { // for SSH2(yutaka)
746 mac = &pvar->ssh2_keys[MODE_OUT].mac;
747 if (mac == NULL || mac->enabled == 0)
748 return FALSE;
749
750 c = HMAC_CTX_new();
751 if (c == NULL)
752 return FALSE;
753
754 HMAC_Init(c, mac->key, mac->key_len, mac->md);
755 set_uint32_MSBfirst(b, sequence_number);
756 HMAC_Update(c, b, sizeof(b));
757 HMAC_Update(c, data, len);
758 HMAC_Final(c, m, NULL);
759 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
760
761 // 20�o�C�g�������R�s�[
762 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
763 // memcpy(MAC, m, sizeof(m));
764
765 HMAC_CTX_free(c);
766
767 return TRUE;
768 }
769
770 return TRUE;
771
772 }
773
774 static int choose_cipher(PTInstVar pvar, int supported)
775 {
776 int i;
777
778 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
779 int cipher = pvar->session_settings.CipherOrder[i] - '0';
780
781 if (cipher == SSH_CIPHER_NONE) {
782 break;
783 } else if ((supported & (1 << cipher)) != 0) {
784 return cipher;
785 }
786 }
787
788 return SSH_CIPHER_NONE;
789 }
790
791 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
792 {
793 if (SSHv1(pvar)) {
794 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
795 pvar->crypt_state.
796 supported_sender_ciphers);
797 pvar->crypt_state.receiver_cipher =
798 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
799
800 } else { // SSH2(yutaka)
801 if (pvar->ciphers[MODE_OUT] == NULL) {
802 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
803 }
804 else {
805 pvar->crypt_state.sender_cipher = pvar->ciphers[MODE_OUT]->id;
806 }
807 if (pvar->ciphers[MODE_IN] == NULL) {
808 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
809 }
810 else {
811 pvar->crypt_state.receiver_cipher = pvar->ciphers[MODE_IN]->id;
812 }
813 }
814
815 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
816 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
817 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
818 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
819 "To communicate with this server, you will have to enable some more ciphers\n"
820 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
821 "This connection will now close.");
822 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
823 return FALSE;
824 } else {
825 return TRUE;
826 }
827 }
828
829 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
830 {
831 int server_key_bits;
832 int host_key_bits;
833 int server_key_bytes;
834 int host_key_bytes;
835 BIGNUM *n;
836
837 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
838 // RSA_get0_key���������������K�v�������B
839 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
840 server_key_bits = BN_num_bits(n);
841
842 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
843 host_key_bits = BN_num_bits(n);
844
845 server_key_bytes = (server_key_bits + 7) / 8;
846 host_key_bytes = (host_key_bits + 7) / 8;
847
848 if (server_key_bits < host_key_bits) {
849 return host_key_bytes;
850 } else {
851 return server_key_bytes;
852 }
853 }
854
855 int CRYPT_choose_session_key(PTInstVar pvar,
856 unsigned char *encrypted_key_buf)
857 {
858 int server_key_bits;
859 int host_key_bits;
860 int server_key_bytes;
861 int host_key_bytes;
862 int encrypted_key_bytes;
863 int bit_delta;
864 BIGNUM *server_n, *host_n;
865
866 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
867 // RSA_get0_key���������������K�v�������B
868 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
869 server_key_bits = BN_num_bits(server_n);
870
871 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
872 host_key_bits = BN_num_bits(host_n);
873
874 server_key_bytes = (server_key_bits + 7) / 8;
875 host_key_bytes = (host_key_bits + 7) / 8;
876
877 if (server_key_bits < host_key_bits) {
878 encrypted_key_bytes = host_key_bytes;
879 bit_delta = host_key_bits - server_key_bits;
880 } else {
881 encrypted_key_bytes = server_key_bytes;
882 bit_delta = server_key_bits - host_key_bits;
883 }
884
885 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
886 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
887 "Server RSA keys are too weak. A secure connection cannot be established.");
888 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
889 return 0;
890 } else {
891 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
892 for the session ID, rather than the one specified in the RFC */
893 int session_buf_len = server_key_bytes + host_key_bytes + 8;
894 char *session_buf = (char *) malloc(session_buf_len);
895 char session_id[16];
896 int i;
897
898 BN_bn2bin(host_n, session_buf);
899 BN_bn2bin(server_n,
900 session_buf + host_key_bytes);
901 memcpy(session_buf + server_key_bytes + host_key_bytes,
902 pvar->crypt_state.server_cookie, 8);
903 MD5(session_buf, session_buf_len, session_id);
904
905 free(session_buf);
906
907 RAND_bytes(pvar->crypt_state.sender_cipher_key,
908 SSH_SESSION_KEY_LENGTH);
909 memcpy(pvar->crypt_state.receiver_cipher_key,
910 pvar->crypt_state.sender_cipher_key,
911 SSH_SESSION_KEY_LENGTH);
912
913 memcpy(encrypted_key_buf + encrypted_key_bytes -
914 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
915 SSH_SESSION_KEY_LENGTH);
916 for (i = 0; i < sizeof(session_id); i++) {
917 encrypted_key_buf[encrypted_key_bytes -
918 SSH_SESSION_KEY_LENGTH + i]
919 ^= session_id[i];
920 }
921
922 if (host_key_bits > server_key_bits) {
923 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
924 encrypted_key_buf +
925 encrypted_key_bytes -
926 SSH_SESSION_KEY_LENGTH,
927 encrypted_key_buf +
928 encrypted_key_bytes - server_key_bytes,
929 pvar->crypt_state.server_key.RSA_key,
930 RSA_PKCS1_PADDING) < 0)
931 return 0;
932
933 if (RSA_public_encrypt(server_key_bytes,
934 encrypted_key_buf +
935 encrypted_key_bytes - server_key_bytes,
936 encrypted_key_buf,
937 pvar->crypt_state.host_key.RSA_key,
938 RSA_PKCS1_PADDING) < 0)
939 return 0;
940 } else {
941 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
942 encrypted_key_buf +
943 encrypted_key_bytes -
944 SSH_SESSION_KEY_LENGTH,
945 encrypted_key_buf +
946 encrypted_key_bytes - host_key_bytes,
947 pvar->crypt_state.host_key.RSA_key,
948 RSA_PKCS1_PADDING) < 0)
949 return 0;
950
951 if (RSA_public_encrypt(host_key_bytes,
952 encrypted_key_buf +
953 encrypted_key_bytes - host_key_bytes,
954 encrypted_key_buf,
955 pvar->crypt_state.server_key.RSA_key,
956 RSA_PKCS1_PADDING) < 0)
957 return 0;
958 }
959 }
960
961 return 1;
962 }
963
964 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
965 unsigned char *challenge,
966 int challenge_len,
967 unsigned char *response)
968 {
969 int server_key_bits;
970 int host_key_bits;
971 int server_key_bytes;
972 int host_key_bytes;
973 int session_buf_len;
974 char *session_buf;
975 char decrypted_challenge[48];
976 int decrypted_challenge_len;
977 BIGNUM *server_n, *host_n;
978
979 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
980 // RSA_get0_key���������������K�v�������B
981 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
982 server_key_bits = BN_num_bits(server_n);
983
984 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
985 host_key_bits = BN_num_bits(host_n);
986
987 server_key_bytes = (server_key_bits + 7) / 8;
988 host_key_bytes = (host_key_bits + 7) / 8;
989 session_buf_len = server_key_bytes + host_key_bytes + 8;
990 session_buf = (char FAR *) malloc(session_buf_len);
991
992 decrypted_challenge_len =
993 RSA_private_decrypt(challenge_len, challenge, challenge,
994 AUTH_get_cur_cred(pvar)->key_pair->rsa,
995 RSA_PKCS1_PADDING);
996 if (decrypted_challenge_len < 0) {
997 free(session_buf);
998 return 0;
999 }
1000 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1001 memcpy(decrypted_challenge,
1002 challenge + decrypted_challenge_len -
1003 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1004 } else {
1005 SecureZeroMemory(decrypted_challenge,
1006 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1007 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1008 decrypted_challenge_len, challenge,
1009 decrypted_challenge_len);
1010 }
1011
1012 BN_bn2bin(host_n, session_buf);
1013 BN_bn2bin(server_n,
1014 session_buf + host_key_bytes);
1015 memcpy(session_buf + server_key_bytes + host_key_bytes,
1016 pvar->crypt_state.server_cookie, 8);
1017 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1018
1019 free(session_buf);
1020
1021 MD5(decrypted_challenge, 48, response);
1022
1023 return 1;
1024 }
1025
1026 static void c3DES_init(char *session_key, Cipher3DESState *state)
1027 {
1028 DES_set_key((const_DES_cblock *) session_key, &state->k1);
1029 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
1030 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
1031 SecureZeroMemory(state->ivec1, 8);
1032 SecureZeroMemory(state->ivec2, 8);
1033 SecureZeroMemory(state->ivec3, 8);
1034 }
1035
1036 static void cDES_init(char *session_key, CipherDESState *state)
1037 {
1038 DES_set_key((const_DES_cblock *) session_key, &state->k);
1039 SecureZeroMemory(state->ivec, 8);
1040 }
1041
1042 static void cBlowfish_init(char *session_key,
1043 CipherBlowfishState *state)
1044 {
1045 BF_set_key(&state->k, 32, session_key);
1046 SecureZeroMemory(state->ivec, 8);
1047 }
1048
1049
1050 //
1051 // SSH2�p�A���S���Y����������
1052 //
1053 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1054 const u_char *key, u_int keylen,
1055 const u_char *iv, u_int ivlen,
1056 int encrypt,
1057 const EVP_CIPHER *type,
1058 int discard_len,
1059 unsigned int authlen,
1060 PTInstVar pvar)
1061 {
1062 int klen;
1063 char tmp[80];
1064 unsigned char *junk = NULL, *discard = NULL;
1065
1066 EVP_CIPHER_CTX_init(evp);
1067 if (EVP_CipherInit(evp, type, NULL, NULL, (encrypt == CIPHER_ENCRYPT)) == 0) {
1068 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1069 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1070 notify_fatal_error(pvar, tmp, TRUE);
1071 return;
1072 }
1073
1074 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL)) {
1075 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1076 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1077 notify_fatal_error(pvar, tmp, TRUE);
1078 return;
1079 }
1080 if (EVP_CipherInit(evp, NULL, NULL, (u_char *)iv, -1) == 0) {
1081 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1082 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1083 notify_fatal_error(pvar, tmp, TRUE);
1084 return;
1085 }
1086 if (authlen > 0 && !EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
1087 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1088 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 4);
1089 notify_fatal_error(pvar, tmp, TRUE);
1090 return;
1091 }
1092
1093 klen = EVP_CIPHER_CTX_key_length(evp);
1094 if (klen > 0 && keylen != klen) {
1095 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1096 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1097 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 5);
1098 notify_fatal_error(pvar, tmp, TRUE);
1099 return;
1100 }
1101 }
1102 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1103 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1104 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 6);
1105 notify_fatal_error(pvar, tmp, TRUE);
1106 return;
1107 }
1108
1109 if (discard_len > 0) {
1110 junk = malloc(discard_len);
1111 discard = malloc(discard_len);
1112 if (junk == NULL || discard == NULL ||
1113 EVP_Cipher(evp, discard, junk, discard_len) == 0) {
1114 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
1115 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 7);
1116 notify_fatal_error(pvar, tmp, TRUE);
1117 }
1118 else {
1119 SecureZeroMemory(discard, discard_len);
1120 }
1121 free(junk);
1122 free(discard);
1123 }
1124 }
1125
1126 //
1127 // SSH2�p�A���S���Y�����j��
1128 //
1129 void cipher_cleanup_SSH2(EVP_CIPHER_CTX *evp)
1130 {
1131 EVP_CIPHER_CTX_cleanup(evp);
1132 }
1133
1134
1135 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1136 {
1137 struct Enc *enc;
1138 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1139 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1140 SSH2Cipher *cipher;
1141 BOOL isOK = TRUE;
1142
1143 if (sender_flag) {
1144 if (SSHv1(pvar)) {
1145 switch (pvar->crypt_state.sender_cipher) {
1146 case SSH_CIPHER_3DES:
1147 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1148 pvar->crypt_state.encrypt = c3DES_encrypt;
1149 break;
1150
1151 case SSH_CIPHER_DES:
1152 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1153 pvar->crypt_state.encrypt = cDES_encrypt;
1154 break;
1155
1156 case SSH_CIPHER_BLOWFISH:
1157 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1158 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1159 break;
1160
1161 case SSH_CIPHER_NONE:
1162 case SSH_CIPHER_IDEA:
1163 case SSH_CIPHER_TSS:
1164 case SSH_CIPHER_RC4:
1165 isOK = FALSE;
1166 break;
1167 }
1168 }
1169 else {
1170 // SSH2
1171 cipher = pvar->ciphers[MODE_OUT];
1172 if (cipher) {
1173 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1174 cipher_init_SSH2(pvar->evpcip[MODE_OUT],
1175 enc->key, get_cipher_key_len(cipher),
1176 enc->iv, get_cipher_iv_len(cipher),
1177 CIPHER_ENCRYPT,
1178 get_cipher_EVP_CIPHER(cipher),
1179 get_cipher_discard_len(cipher),
1180 get_cipher_auth_len(cipher),
1181 pvar);
1182
1183 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1184 }
1185 else {
1186 isOK = FALSE;
1187 }
1188 }
1189 }
1190
1191 if (receiver_flag) {
1192 if (SSHv1(pvar)) {
1193 switch (pvar->crypt_state.receiver_cipher) {
1194 case SSH_CIPHER_3DES:
1195 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1196 pvar->crypt_state.decrypt = c3DES_decrypt;
1197 break;
1198
1199 case SSH_CIPHER_DES:
1200 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1201 pvar->crypt_state.decrypt = cDES_decrypt;
1202 break;
1203
1204 case SSH_CIPHER_BLOWFISH:
1205 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1206 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1207 break;
1208
1209 case SSH_CIPHER_NONE:
1210 case SSH_CIPHER_IDEA:
1211 case SSH_CIPHER_TSS:
1212 case SSH_CIPHER_RC4:
1213 isOK = FALSE;
1214 break;
1215 }
1216 }
1217 else {
1218 // SSH2
1219 cipher = pvar->ciphers[MODE_IN];
1220 if (cipher) {
1221 enc = &pvar->ssh2_keys[MODE_IN].enc;
1222 cipher_init_SSH2(pvar->evpcip[MODE_IN],
1223 enc->key, get_cipher_key_len(cipher),
1224 enc->iv, get_cipher_iv_len(cipher),
1225 CIPHER_DECRYPT,
1226 get_cipher_EVP_CIPHER(cipher),
1227 get_cipher_discard_len(cipher),
1228 get_cipher_auth_len(cipher),
1229 pvar);
1230
1231 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1232 }
1233 else {
1234 isOK = FALSE;
1235 }
1236 }
1237 }
1238
1239 if (!isOK) {
1240 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1241 "No cipher selected!");
1242 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1243 return FALSE;
1244 } else {
1245 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1246 SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1247 return TRUE;
1248 }
1249 }
1250
1251 void CRYPT_init(PTInstVar pvar)
1252 {
1253 pvar->crypt_state.encrypt = no_encrypt;
1254 pvar->crypt_state.decrypt = no_encrypt;
1255 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1256 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1257 pvar->crypt_state.server_key.RSA_key = NULL;
1258 pvar->crypt_state.host_key.RSA_key = NULL;
1259
1260 pvar->crypt_state.detect_attack_statics.h = NULL;
1261 pvar->crypt_state.detect_attack_statics.n =
1262 HASH_MINSIZE / HASH_ENTRYSIZE;
1263 }
1264
1265 static char *get_cipher_name(int cipher)
1266 {
1267 switch (cipher) {
1268 case SSH_CIPHER_NONE:
1269 return "None";
1270 case SSH_CIPHER_3DES:
1271 return "3DES (168 key bits)";
1272 case SSH_CIPHER_DES:
1273 return "DES (56 key bits)";
1274 case SSH_CIPHER_BLOWFISH:
1275 return "Blowfish (256 key bits)";
1276
1277 // SSH2
1278 case SSH2_CIPHER_3DES_CBC:
1279 return "3des-cbc";
1280 case SSH2_CIPHER_AES128_CBC:
1281 return "aes128-cbc";
1282 case SSH2_CIPHER_AES192_CBC:
1283 return "aes192-cbc";
1284 case SSH2_CIPHER_AES256_CBC:
1285 return "aes256-cbc";
1286 case SSH2_CIPHER_BLOWFISH_CBC:
1287 return "blowfish-cbc";
1288 case SSH2_CIPHER_AES128_CTR:
1289 return "aes128-ctr";
1290 case SSH2_CIPHER_AES192_CTR:
1291 return "aes192-ctr";
1292 case SSH2_CIPHER_AES256_CTR:
1293 return "aes256-ctr";
1294 case SSH2_CIPHER_ARCFOUR:
1295 return "arcfour";
1296 case SSH2_CIPHER_ARCFOUR128:
1297 return "arcfour128";
1298 case SSH2_CIPHER_ARCFOUR256:
1299 return "arcfour256";
1300 case SSH2_CIPHER_CAST128_CBC:
1301 return "cast-128-cbc";
1302 case SSH2_CIPHER_3DES_CTR:
1303 return "3des-ctr";
1304 case SSH2_CIPHER_BLOWFISH_CTR:
1305 return "blowfish-ctr";
1306 case SSH2_CIPHER_CAST128_CTR:
1307 return "cast-128-ctr";
1308 case SSH2_CIPHER_CAMELLIA128_CBC:
1309 return "camellia128-cbc";
1310 case SSH2_CIPHER_CAMELLIA192_CBC:
1311 return "camellia192-cbc";
1312 case SSH2_CIPHER_CAMELLIA256_CBC:
1313 return "camellia256-cbc";
1314 case SSH2_CIPHER_CAMELLIA128_CTR:
1315 return "camellia128-ctr";
1316 case SSH2_CIPHER_CAMELLIA192_CTR:
1317 return "camellia192-ctr";
1318 case SSH2_CIPHER_CAMELLIA256_CTR:
1319 return "camellia256-ctr";
1320 case SSH2_CIPHER_AES128_GCM:
1321 return "aes128-gcm@openssh.com";
1322 case SSH2_CIPHER_AES256_GCM:
1323 return "aes256-gcm@openssh.com";
1324
1325 default:
1326 return "Unknown";
1327 }
1328 }
1329
1330 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1331 {
1332 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1333 "%s to server, %s from server");
1334 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1335 get_cipher_name(pvar->crypt_state.sender_cipher),
1336 get_cipher_name(pvar->crypt_state.receiver_cipher));
1337 }
1338
1339 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1340 {
1341 BIGNUM *server_n, *host_n;
1342
1343 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1344 // RSA_get0_key���������������K�v�������B
1345
1346 if (SSHv1(pvar)) {
1347 if (pvar->crypt_state.server_key.RSA_key == NULL
1348 || pvar->crypt_state.host_key.RSA_key == NULL) {
1349 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1350 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1351 } else {
1352 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1353 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1354
1355 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1356 "%d-bit server key, %d-bit host key");
1357 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1358 BN_num_bits(server_n),
1359 BN_num_bits(host_n));
1360 }
1361 } else { // SSH2
1362 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1363 "%d-bit client key, %d-bit server key");
1364 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1365 pvar->client_key_bits,
1366 pvar->server_key_bits);
1367 }
1368 }
1369
1370 static void destroy_public_key(CRYPTPublicKey * key)
1371 {
1372 if (key->RSA_key != NULL) {
1373 RSA_free(key->RSA_key);
1374 key->RSA_key = NULL;
1375 }
1376 }
1377
1378 void CRYPT_free_public_key(CRYPTPublicKey * key)
1379 {
1380 destroy_public_key(key);
1381 free(key);
1382 }
1383
1384 void CRYPT_end(PTInstVar pvar)
1385 {
1386 free(encbuff);
1387 encbuff = NULL;
1388 encbufflen = 0;
1389
1390 destroy_public_key(&pvar->crypt_state.host_key);
1391 destroy_public_key(&pvar->crypt_state.server_key);
1392
1393 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1394 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1395 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1396 free(pvar->crypt_state.detect_attack_statics.h);
1397 }
1398
1399 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1400 sizeof(pvar->crypt_state.sender_cipher_key));
1401 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1402 sizeof(pvar->crypt_state.receiver_cipher_key));
1403 SecureZeroMemory(pvar->crypt_state.server_cookie,
1404 sizeof(pvar->crypt_state.server_cookie));
1405 SecureZeroMemory(pvar->crypt_state.client_cookie,
1406 sizeof(pvar->crypt_state.client_cookie));
1407 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1408 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1409 }
1410
1411 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1412 char *buf, int bytes)
1413 {
1414 unsigned char passphrase_key[16];
1415
1416 MD5(passphrase, strlen(passphrase), passphrase_key);
1417
1418 switch (cipher) {
1419 case SSH_CIPHER_3DES:{
1420 Cipher3DESState state;
1421
1422 DES_set_key((const_DES_cblock *) passphrase_key,
1423 &state.k1);
1424 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1425 &state.k2);
1426 DES_set_key((const_DES_cblock *) passphrase_key,
1427 &state.k3);
1428 SecureZeroMemory(state.ivec1, 8);
1429 SecureZeroMemory(state.ivec2, 8);
1430 SecureZeroMemory(state.ivec3, 8);
1431 DES_ncbc_encrypt(buf, buf, bytes,
1432 &state.k3, &state.ivec3, DES_DECRYPT);
1433 DES_ncbc_encrypt(buf, buf, bytes,
1434 &state.k2, &state.ivec2, DES_ENCRYPT);
1435 DES_ncbc_encrypt(buf, buf, bytes,
1436 &state.k1, &state.ivec1, DES_DECRYPT);
1437 break;
1438 }
1439
1440 case SSH_CIPHER_DES:{
1441 CipherDESState state;
1442
1443 cDES_init(passphrase_key, &state);
1444 DES_ncbc_encrypt(buf, buf, bytes,
1445 &state.k, &state.ivec, DES_DECRYPT);
1446 break;
1447 }
1448
1449 case SSH_CIPHER_BLOWFISH:{
1450 CipherBlowfishState state;
1451
1452 BF_set_key(&state.k, 16, passphrase_key);
1453 SecureZeroMemory(state.ivec, 8);
1454 flip_endianness(buf, bytes);
1455 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1456 BF_DECRYPT);
1457 flip_endianness(buf, bytes);
1458 break;
1459 }
1460
1461 case SSH_CIPHER_NONE:
1462 break;
1463
1464 default:
1465 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1466 return 0;
1467 }
1468
1469 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1470 return 1;
1471 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help