Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 9210 - (show annotations) (download) (as text)
Sat Apr 17 08:36:59 2021 UTC (2 years, 10 months ago) by nmaya
File MIME type: text/x-csrc
File size: 39694 byte(s) 
ファイルを分割・コードを移動・関数名を整理・新しい OpenSSH からインポート

- OpenSSH からインポート
  cipher-3des1.c from OpenSSH-7.5p1
  ssherr.c from OpenSSH-8.5p1
  ssherr.h from OpenSSH-8.5p1
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004- TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75 static unsigned char *encbuff = NULL;
76 static unsigned int encbufflen = 0;
77
78 static void crc_update(uint32 *a, uint32 b)
79 {
80 b ^= *a;
81 *a = do_crc((unsigned char *) &b, sizeof(b));
82 }
83
84 /* check_crc
85 detects if a block is used in a particular pattern
86 */
87
88 static int check_crc(unsigned char *S, unsigned char *buf,
89 uint32 len, unsigned char *IV)
90 {
91 uint32 crc;
92 unsigned char *c;
93
94 crc = 0;
95 if (IV && !CMP(S, IV)) {
96 crc_update(&crc, 1);
97 crc_update(&crc, 0);
98 }
99 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100 if (!CMP(S, c)) {
101 crc_update(&crc, 1);
102 crc_update(&crc, 0);
103 } else {
104 crc_update(&crc, 0);
105 crc_update(&crc, 0);
106 }
107 }
108
109 return crc == 0;
110 }
111
112
113 /*
114 detect_attack
115 Detects a crc32 compensation attack on a packet
116 */
117 static int detect_attack(CRYPTDetectAttack *statics,
118 unsigned char *buf, uint32 len,
119 unsigned char *IV)
120 {
121 uint32 *h = statics->h;
122 uint32 n = statics->n;
123 uint32 i, j;
124 uint32 l;
125 unsigned char *c;
126 unsigned char *d;
127
128 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129 }
130
131 if (h == NULL) {
132 n = l;
133 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 } else {
135 if (l > n) {
136 n = l;
137 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 }
139 }
140
141 statics->h = h;
142 statics->n = n;
143
144 if (len <= HASH_MINBLOCKS) {
145 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146 if (IV && (!CMP(c, IV))) {
147 if ((check_crc(c, buf, len, IV)))
148 return DEATTACK_DETECTED;
149 else
150 break;
151 }
152 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153 if (!CMP(c, d)) {
154 if ((check_crc(c, buf, len, IV)))
155 return DEATTACK_DETECTED;
156 else
157 break;
158 }
159 }
160 }
161 return (DEATTACK_OK);
162 }
163 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164
165 if (IV) {
166 h[HASH(IV) & (n - 1)] = HASH_IV;
167 }
168
169 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171 i = (i + 1) & (n - 1)) {
172 if (h[i] == HASH_IV) {
173 if (!CMP(c, IV)) {
174 if (check_crc(c, buf, len, IV))
175 return DEATTACK_DETECTED;
176 else
177 break;
178 }
179 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180 if (check_crc(c, buf, len, IV))
181 return DEATTACK_DETECTED;
182 else
183 break;
184 }
185 }
186 h[i] = j;
187 }
188
189 return DEATTACK_OK;
190 }
191
192 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 {
194 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 } else {
197 return FALSE;
198 }
199 }
200
201 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202 {
203 unsigned char *newbuff = NULL;
204 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205 unsigned char lastiv[1];
206 char tmp[80];
207 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_OUT];
208
209 if (bytes == 0)
210 return TRUE;
211
212 if (bytes % block_size) {
213 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
214 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
215 get_cipher_name(pvar->crypt_state.sender_cipher),
216 bytes, block_size);
217 notify_fatal_error(pvar, tmp, TRUE);
218 return FALSE;
219 }
220
221 if (bytes > encbufflen) {
222 if ((newbuff = realloc(encbuff, bytes)) == NULL)
223 goto err;
224 encbuff = newbuff;
225 encbufflen = bytes;
226 }
227
228 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
229 goto err;
230
231 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
232 goto err;
233
234 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
235 goto err;
236
237 memcpy(data+aadlen, encbuff, bytes);
238
239 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
240 goto err;
241
242 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
243 goto err;
244
245 return TRUE;
246
247 err:
248 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
249 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
250 get_cipher_name(pvar->crypt_state.sender_cipher));
251 notify_fatal_error(pvar, tmp, TRUE);
252 return FALSE;
253 }
254
255 BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
256 {
257 unsigned char *newbuff = NULL;
258 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
259 unsigned char lastiv[1];
260 char tmp[80];
261 EVP_CIPHER_CTX *evp = pvar->evpcip[MODE_IN];
262
263 if (bytes == 0)
264 return TRUE;
265
266 if (bytes % block_size) {
267 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
268 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
269 get_cipher_name(pvar->crypt_state.receiver_cipher),
270 bytes, block_size);
271 notify_fatal_error(pvar, tmp, TRUE);
272 return FALSE;
273 }
274
275 if (bytes > encbufflen) {
276 if ((newbuff = realloc(encbuff, bytes)) == NULL)
277 goto err;
278 encbuff = newbuff;
279 encbufflen = bytes;
280 }
281
282 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
283 goto err;
284
285 if (!EVP_CIPHER_CTX_ctrl(evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
286 goto err;
287
288 if (aadlen && !EVP_Cipher(evp, NULL, data, aadlen) < 0)
289 goto err;
290
291 if (EVP_Cipher(evp, encbuff, data+aadlen, bytes) < 0)
292 goto err;
293
294 memcpy(data+aadlen, encbuff, bytes);
295
296 if (EVP_Cipher(evp, NULL, NULL, 0) < 0)
297 goto err;
298
299 return TRUE;
300
301 err:
302 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
303 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
304 get_cipher_name(pvar->crypt_state.receiver_cipher));
305 notify_fatal_error(pvar, tmp, TRUE);
306 return FALSE;
307 }
308
309 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
310 {
311 }
312
313 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
314 {
315 unsigned char *newbuff;
316 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
317 char tmp[80];
318
319 if (bytes == 0)
320 return;
321
322 if (bytes % block_size) {
323 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
324 "%s encrypt error(1): bytes %d (%d)");
325 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
326 get_cipher_name(pvar->crypt_state.sender_cipher),
327 bytes, block_size);
328 notify_fatal_error(pvar, tmp, TRUE);
329 return;
330 }
331
332 if (bytes > encbufflen) {
333 if ((newbuff = realloc(encbuff, bytes)) == NULL)
334 return;
335 encbuff = newbuff;
336 encbufflen = bytes;
337 }
338
339 if (EVP_Cipher(pvar->evpcip[MODE_OUT], encbuff, buf, bytes) == 0) {
340 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
341 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
342 get_cipher_name(pvar->crypt_state.sender_cipher));
343 notify_fatal_error(pvar, tmp, TRUE);
344 } else {
345 memcpy(buf, encbuff, bytes);
346 }
347 }
348
349 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
350 {
351 unsigned char *newbuff;
352 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
353 char tmp[80];
354
355 if (bytes == 0)
356 return;
357
358 if (bytes % block_size) {
359 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
360 "%s decrypt error(1): bytes %d (%d)");
361 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
362 get_cipher_name(pvar->crypt_state.receiver_cipher),
363 bytes, block_size);
364 notify_fatal_error(pvar, tmp, TRUE);
365 return;
366 }
367
368 if (bytes > encbufflen) {
369 if ((newbuff = malloc(bytes)) == NULL)
370 return;
371 encbuff = newbuff;
372 encbufflen = bytes;
373 }
374
375 if (EVP_Cipher(pvar->evpcip[MODE_IN], encbuff, buf, bytes) == 0) {
376 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
377 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
378 get_cipher_name(pvar->crypt_state.receiver_cipher));
379 notify_fatal_error(pvar, tmp, TRUE);
380 } else {
381 memcpy(buf, encbuff, bytes);
382 }
383 }
384
385 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
386 {
387 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
388
389 DES_ncbc_encrypt(buf, buf, bytes,
390 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
391 DES_ncbc_encrypt(buf, buf, bytes,
392 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
393 DES_ncbc_encrypt(buf, buf, bytes,
394 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
395 }
396
397 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
398 {
399 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
400
401 DES_ncbc_encrypt(buf, buf, bytes,
402 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
403 DES_ncbc_encrypt(buf, buf, bytes,
404 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
405 DES_ncbc_encrypt(buf, buf, bytes,
406 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
407 }
408
409 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
410 {
411 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
412
413 DES_ncbc_encrypt(buf, buf, bytes,
414 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
415 }
416
417 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
418 {
419 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
420
421 DES_ncbc_encrypt(buf, buf, bytes,
422 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
423 }
424
425 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
426 {
427 uint32 *buf = (uint32 *) cbuf;
428 int count = bytes / 4;
429
430 while (count > 0) {
431 uint32 w = *buf;
432
433 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
434 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
435 count--;
436 buf++;
437 }
438 }
439
440 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
441 {
442 CipherBlowfishState *encryptstate =
443 &pvar->crypt_state.enc.cBlowfish;
444
445 flip_endianness(buf, bytes);
446 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
447 BF_ENCRYPT);
448 flip_endianness(buf, bytes);
449 }
450
451 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
452 {
453 CipherBlowfishState *decryptstate =
454 &pvar->crypt_state.dec.cBlowfish;
455
456 flip_endianness(buf, bytes);
457 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
458 BF_DECRYPT);
459 flip_endianness(buf, bytes);
460 }
461
462 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
463 {
464 int ret;
465
466 // OpenSSL 1.1.1���g���������AWindowsMe���� RAND_bytes() �������o�����������B
467 logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__);
468 ret = RAND_bytes(buf, bytes);
469 if (ret < 0) {
470 logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret);
471 }
472 }
473
474 void CRYPT_initialize_random_numbers(PTInstVar pvar)
475 {
476 // ����������������������
477 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
478 //RAND_screen();
479 }
480
481 static BIGNUM *get_bignum(unsigned char *bytes)
482 {
483 int bits = get_ushort16_MSBfirst(bytes);
484
485 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
486 }
487
488 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
489 RSA *make_key(PTInstVar pvar,
490 int bits, unsigned char *exp,
491 unsigned char *mod)
492 {
493 RSA *key = RSA_new();
494 BIGNUM *e = NULL, *n = NULL;
495
496 if (key != NULL) {
497 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
498 // RSA_set0_key���������������K�v�������B
499 e = get_bignum(exp);
500 n = get_bignum(mod);
501 RSA_set0_key(key, n, e, NULL);
502 }
503
504 if (key == NULL || e == NULL || n == NULL) {
505 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
506 "Error setting up RSA keys");
507 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
508
509 if (key != NULL) {
510 if (e != NULL) {
511 BN_free(e);
512 }
513 if (n != NULL) {
514 BN_free(n);
515 }
516 RSA_free(key);
517 }
518
519 return NULL;
520 } else {
521 return key;
522 }
523 }
524
525 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
526 {
527 if (SSHv1(pvar)) {
528 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
529 } else {
530 memcpy(pvar->crypt_state.server_cookie, cookie,
531 SSH2_COOKIE_LENGTH);
532 }
533 }
534
535 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
536 {
537 if (SSHv2(pvar)) {
538 memcpy(pvar->crypt_state.client_cookie, cookie,
539 SSH2_COOKIE_LENGTH);
540 }
541 }
542
543 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
544 int bits, unsigned char *exp,
545 unsigned char *mod)
546 {
547 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
548
549 return pvar->crypt_state.server_key.RSA_key != NULL;
550 }
551
552 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
553 int bits, unsigned char *exp,
554 unsigned char *mod)
555 {
556 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
557
558 return pvar->crypt_state.host_key.RSA_key != NULL;
559 }
560
561 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
562 int receiver_ciphers)
563 {
564 int cipher_mask;
565
566 if (SSHv1(pvar)) {
567 cipher_mask = (1 << SSH_CIPHER_DES)
568 | (1 << SSH_CIPHER_3DES)
569 | (1 << SSH_CIPHER_BLOWFISH);
570
571 } else { // for SSH2(yutaka)
572 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
573 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
574 | (1 << SSH2_CIPHER_AES128_CBC)
575 | (1 << SSH2_CIPHER_AES192_CBC)
576 | (1 << SSH2_CIPHER_AES256_CBC)
577 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
578 | (1 << SSH2_CIPHER_AES128_CTR)
579 | (1 << SSH2_CIPHER_AES192_CTR)
580 | (1 << SSH2_CIPHER_AES256_CTR)
581 | (1 << SSH2_CIPHER_ARCFOUR)
582 | (1 << SSH2_CIPHER_ARCFOUR128)
583 | (1 << SSH2_CIPHER_ARCFOUR256)
584 | (1 << SSH2_CIPHER_CAST128_CBC)
585 | (1 << SSH2_CIPHER_3DES_CTR)
586 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
587 | (1 << SSH2_CIPHER_CAST128_CTR)
588 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
589 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
590 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
591 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
592 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
593 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
594 | (1 << SSH2_CIPHER_AES128_GCM)
595 | (1 << SSH2_CIPHER_AES256_GCM)
596 );
597 }
598
599 sender_ciphers &= cipher_mask;
600 receiver_ciphers &= cipher_mask;
601 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
602 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
603
604 if (sender_ciphers == 0) {
605 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
606 "The server does not support any of the TTSSH encryption algorithms.\n"
607 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
608 "The connection will be closed.");
609 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
610 return FALSE;
611 } else if (receiver_ciphers == 0) {
612 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
613 "The server does not support any of the TTSSH encryption algorithms.\n"
614 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
615 "The connection will be closed.");
616 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
617 return FALSE;
618 } else {
619 return TRUE;
620 }
621 }
622
623 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
624 {
625 if (SSHv1(pvar)) {
626 return 8;
627 } else {
628 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
629 // cf. 3DES=8, AES128=16
630 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
631 }
632 }
633
634 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
635 {
636 if (SSHv1(pvar)) {
637 return 8;
638 } else {
639 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
640 // cf. 3DES=8, AES128=16
641 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
642 }
643 }
644
645 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
646 {
647 struct Mac *mac;
648
649 if (SSHv1(pvar)) {
650 return 0;
651
652 } else { // for SSH2(yutaka)
653 mac = &pvar->ssh2_keys[MODE_IN].mac;
654 if (mac == NULL || mac->enabled == 0)
655 return 0;
656
657 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
658 }
659
660 }
661
662 // HMAC������
663 // ���{������ SSH2 �������g�p�������B
664 // (2004.12.17 yutaka)
665 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
666 char *data, int len, char *MAC)
667 {
668 HMAC_CTX *c = NULL;
669 unsigned char m[EVP_MAX_MD_SIZE];
670 unsigned char b[4];
671 struct Mac *mac;
672
673 mac = &pvar->ssh2_keys[MODE_IN].mac;
674
675 // HMAC�������L���������������A����OK�����������B
676 if (mac == NULL || mac->enabled == 0)
677 return TRUE;
678
679 if (mac->key == NULL) {
680 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
681 goto error;
682 }
683
684 if ((u_int)mac->mac_len > sizeof(m)) {
685 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
686 mac->mac_len, sizeof(m), sequence_number, len);
687 goto error;
688 }
689
690 c = HMAC_CTX_new();
691 if (c == NULL)
692 goto error;
693
694 HMAC_Init(c, mac->key, mac->key_len, mac->md);
695 set_uint32_MSBfirst(b, sequence_number);
696 HMAC_Update(c, b, sizeof(b));
697 HMAC_Update(c, data, len);
698 HMAC_Final(c, m, NULL);
699 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
700
701 if (memcmp(m, MAC, mac->mac_len)) {
702 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
703 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
704 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
705 goto error;
706 }
707
708 HMAC_CTX_free(c);
709
710 return TRUE;
711
712 error:
713 if (c)
714 HMAC_CTX_free(c);
715
716 return FALSE;
717 }
718
719 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
720 {
721 struct Mac *mac;
722
723 if (SSHv2(pvar)) { // for SSH2(yutaka)
724 mac = &pvar->ssh2_keys[MODE_OUT].mac;
725 if (mac == NULL || mac->enabled == 0)
726 return 0;
727
728 return (mac->mac_len);
729 }
730
731 return 0;
732 }
733
734 // for SSH2
735 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
736 char *data, int len, char *MAC)
737 {
738 HMAC_CTX *c = NULL;
739 static u_char m[EVP_MAX_MD_SIZE];
740 u_char b[4];
741 struct Mac *mac;
742
743 if (SSHv2(pvar)) { // for SSH2(yutaka)
744 mac = &pvar->ssh2_keys[MODE_OUT].mac;
745 if (mac == NULL || mac->enabled == 0)
746 return FALSE;
747
748 c = HMAC_CTX_new();
749 if (c == NULL)
750 return FALSE;
751
752 HMAC_Init(c, mac->key, mac->key_len, mac->md);
753 set_uint32_MSBfirst(b, sequence_number);
754 HMAC_Update(c, b, sizeof(b));
755 HMAC_Update(c, data, len);
756 HMAC_Final(c, m, NULL);
757 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
758
759 // 20�o�C�g�������R�s�[
760 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
761 // memcpy(MAC, m, sizeof(m));
762
763 HMAC_CTX_free(c);
764
765 return TRUE;
766 }
767
768 return TRUE;
769
770 }
771
772 static int choose_cipher(PTInstVar pvar, int supported)
773 {
774 int i;
775
776 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
777 int cipher = pvar->session_settings.CipherOrder[i] - '0';
778
779 if (cipher == SSH_CIPHER_NONE) {
780 break;
781 } else if ((supported & (1 << cipher)) != 0) {
782 return cipher;
783 }
784 }
785
786 return SSH_CIPHER_NONE;
787 }
788
789 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
790 {
791 if (SSHv1(pvar)) {
792 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
793 pvar->crypt_state.
794 supported_sender_ciphers);
795 pvar->crypt_state.receiver_cipher =
796 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
797
798 } else { // SSH2(yutaka)
799 if (pvar->ciphers[MODE_OUT] == NULL) {
800 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
801 }
802 else {
803 pvar->crypt_state.sender_cipher = get_cipher_id(pvar->ciphers[MODE_OUT]);
804 }
805 if (pvar->ciphers[MODE_IN] == NULL) {
806 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
807 }
808 else {
809 pvar->crypt_state.receiver_cipher = get_cipher_id(pvar->ciphers[MODE_IN]);
810 }
811 }
812
813 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
814 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
815 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
816 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
817 "To communicate with this server, you will have to enable some more ciphers\n"
818 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
819 "This connection will now close.");
820 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
821 return FALSE;
822 } else {
823 return TRUE;
824 }
825 }
826
827 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
828 {
829 int server_key_bits;
830 int host_key_bits;
831 int server_key_bytes;
832 int host_key_bytes;
833 BIGNUM *n;
834
835 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
836 // RSA_get0_key���������������K�v�������B
837 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
838 server_key_bits = BN_num_bits(n);
839
840 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
841 host_key_bits = BN_num_bits(n);
842
843 server_key_bytes = (server_key_bits + 7) / 8;
844 host_key_bytes = (host_key_bits + 7) / 8;
845
846 if (server_key_bits < host_key_bits) {
847 return host_key_bytes;
848 } else {
849 return server_key_bytes;
850 }
851 }
852
853 int CRYPT_choose_session_key(PTInstVar pvar,
854 unsigned char *encrypted_key_buf)
855 {
856 int server_key_bits;
857 int host_key_bits;
858 int server_key_bytes;
859 int host_key_bytes;
860 int encrypted_key_bytes;
861 int bit_delta;
862 BIGNUM *server_n, *host_n;
863
864 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
865 // RSA_get0_key���������������K�v�������B
866 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
867 server_key_bits = BN_num_bits(server_n);
868
869 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
870 host_key_bits = BN_num_bits(host_n);
871
872 server_key_bytes = (server_key_bits + 7) / 8;
873 host_key_bytes = (host_key_bits + 7) / 8;
874
875 if (server_key_bits < host_key_bits) {
876 encrypted_key_bytes = host_key_bytes;
877 bit_delta = host_key_bits - server_key_bits;
878 } else {
879 encrypted_key_bytes = server_key_bytes;
880 bit_delta = server_key_bits - host_key_bits;
881 }
882
883 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
884 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
885 "Server RSA keys are too weak. A secure connection cannot be established.");
886 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
887 return 0;
888 } else {
889 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
890 for the session ID, rather than the one specified in the RFC */
891 int session_buf_len = server_key_bytes + host_key_bytes + 8;
892 char *session_buf = (char *) malloc(session_buf_len);
893 char session_id[16];
894 int i;
895
896 BN_bn2bin(host_n, session_buf);
897 BN_bn2bin(server_n,
898 session_buf + host_key_bytes);
899 memcpy(session_buf + server_key_bytes + host_key_bytes,
900 pvar->crypt_state.server_cookie, 8);
901 MD5(session_buf, session_buf_len, session_id);
902
903 free(session_buf);
904
905 RAND_bytes(pvar->crypt_state.sender_cipher_key,
906 SSH_SESSION_KEY_LENGTH);
907 memcpy(pvar->crypt_state.receiver_cipher_key,
908 pvar->crypt_state.sender_cipher_key,
909 SSH_SESSION_KEY_LENGTH);
910
911 memcpy(encrypted_key_buf + encrypted_key_bytes -
912 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
913 SSH_SESSION_KEY_LENGTH);
914 for (i = 0; i < sizeof(session_id); i++) {
915 encrypted_key_buf[encrypted_key_bytes -
916 SSH_SESSION_KEY_LENGTH + i]
917 ^= session_id[i];
918 }
919
920 if (host_key_bits > server_key_bits) {
921 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
922 encrypted_key_buf +
923 encrypted_key_bytes -
924 SSH_SESSION_KEY_LENGTH,
925 encrypted_key_buf +
926 encrypted_key_bytes - server_key_bytes,
927 pvar->crypt_state.server_key.RSA_key,
928 RSA_PKCS1_PADDING) < 0)
929 return 0;
930
931 if (RSA_public_encrypt(server_key_bytes,
932 encrypted_key_buf +
933 encrypted_key_bytes - server_key_bytes,
934 encrypted_key_buf,
935 pvar->crypt_state.host_key.RSA_key,
936 RSA_PKCS1_PADDING) < 0)
937 return 0;
938 } else {
939 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
940 encrypted_key_buf +
941 encrypted_key_bytes -
942 SSH_SESSION_KEY_LENGTH,
943 encrypted_key_buf +
944 encrypted_key_bytes - host_key_bytes,
945 pvar->crypt_state.host_key.RSA_key,
946 RSA_PKCS1_PADDING) < 0)
947 return 0;
948
949 if (RSA_public_encrypt(host_key_bytes,
950 encrypted_key_buf +
951 encrypted_key_bytes - host_key_bytes,
952 encrypted_key_buf,
953 pvar->crypt_state.server_key.RSA_key,
954 RSA_PKCS1_PADDING) < 0)
955 return 0;
956 }
957 }
958
959 return 1;
960 }
961
962 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
963 unsigned char *challenge,
964 int challenge_len,
965 unsigned char *response)
966 {
967 int server_key_bits;
968 int host_key_bits;
969 int server_key_bytes;
970 int host_key_bytes;
971 int session_buf_len;
972 char *session_buf;
973 char decrypted_challenge[48];
974 int decrypted_challenge_len;
975 BIGNUM *server_n, *host_n;
976
977 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
978 // RSA_get0_key���������������K�v�������B
979 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
980 server_key_bits = BN_num_bits(server_n);
981
982 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
983 host_key_bits = BN_num_bits(host_n);
984
985 server_key_bytes = (server_key_bits + 7) / 8;
986 host_key_bytes = (host_key_bits + 7) / 8;
987 session_buf_len = server_key_bytes + host_key_bytes + 8;
988 session_buf = (char FAR *) malloc(session_buf_len);
989
990 decrypted_challenge_len =
991 RSA_private_decrypt(challenge_len, challenge, challenge,
992 AUTH_get_cur_cred(pvar)->key_pair->rsa,
993 RSA_PKCS1_PADDING);
994 if (decrypted_challenge_len < 0) {
995 free(session_buf);
996 return 0;
997 }
998 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
999 memcpy(decrypted_challenge,
1000 challenge + decrypted_challenge_len -
1001 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1002 } else {
1003 SecureZeroMemory(decrypted_challenge,
1004 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1005 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1006 decrypted_challenge_len, challenge,
1007 decrypted_challenge_len);
1008 }
1009
1010 BN_bn2bin(host_n, session_buf);
1011 BN_bn2bin(server_n,
1012 session_buf + host_key_bytes);
1013 memcpy(session_buf + server_key_bytes + host_key_bytes,
1014 pvar->crypt_state.server_cookie, 8);
1015 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1016
1017 free(session_buf);
1018
1019 MD5(decrypted_challenge, 48, response);
1020
1021 return 1;
1022 }
1023
1024 static void c3DES_init(char *session_key, Cipher3DESState *state)
1025 {
1026 DES_set_key((const_DES_cblock *) session_key, &state->k1);
1027 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
1028 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
1029 SecureZeroMemory(state->ivec1, 8);
1030 SecureZeroMemory(state->ivec2, 8);
1031 SecureZeroMemory(state->ivec3, 8);
1032 }
1033
1034 static void cDES_init(char *session_key, CipherDESState *state)
1035 {
1036 DES_set_key((const_DES_cblock *) session_key, &state->k);
1037 SecureZeroMemory(state->ivec, 8);
1038 }
1039
1040 static void cBlowfish_init(char *session_key,
1041 CipherBlowfishState *state)
1042 {
1043 BF_set_key(&state->k, 32, session_key);
1044 SecureZeroMemory(state->ivec, 8);
1045 }
1046
1047 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1048 {
1049 struct Enc *enc;
1050 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1051 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1052 const struct ssh2cipher *cipher;
1053 BOOL isOK = TRUE;
1054
1055 if (sender_flag) {
1056 if (SSHv1(pvar)) {
1057 switch (pvar->crypt_state.sender_cipher) {
1058 case SSH_CIPHER_3DES:
1059 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1060 pvar->crypt_state.encrypt = c3DES_encrypt;
1061 break;
1062
1063 case SSH_CIPHER_DES:
1064 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1065 pvar->crypt_state.encrypt = cDES_encrypt;
1066 break;
1067
1068 case SSH_CIPHER_BLOWFISH:
1069 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1070 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1071 break;
1072
1073 case SSH_CIPHER_NONE:
1074 case SSH_CIPHER_IDEA:
1075 case SSH_CIPHER_TSS:
1076 case SSH_CIPHER_RC4:
1077 isOK = FALSE;
1078 break;
1079 }
1080 }
1081 else {
1082 // SSH2
1083 cipher = pvar->ciphers[MODE_OUT];
1084 if (cipher) {
1085 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1086 cipher_init_SSH2(pvar->evpcip[MODE_OUT],
1087 enc->key, get_cipher_key_len(cipher),
1088 enc->iv, get_cipher_iv_len(cipher),
1089 CIPHER_ENCRYPT,
1090 get_cipher_EVP_CIPHER(cipher),
1091 get_cipher_discard_len(cipher),
1092 get_cipher_auth_len(cipher),
1093 pvar);
1094
1095 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1096 }
1097 else {
1098 isOK = FALSE;
1099 }
1100 }
1101 }
1102
1103 if (receiver_flag) {
1104 if (SSHv1(pvar)) {
1105 switch (pvar->crypt_state.receiver_cipher) {
1106 case SSH_CIPHER_3DES:
1107 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1108 pvar->crypt_state.decrypt = c3DES_decrypt;
1109 break;
1110
1111 case SSH_CIPHER_DES:
1112 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1113 pvar->crypt_state.decrypt = cDES_decrypt;
1114 break;
1115
1116 case SSH_CIPHER_BLOWFISH:
1117 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1118 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1119 break;
1120
1121 case SSH_CIPHER_NONE:
1122 case SSH_CIPHER_IDEA:
1123 case SSH_CIPHER_TSS:
1124 case SSH_CIPHER_RC4:
1125 isOK = FALSE;
1126 break;
1127 }
1128 }
1129 else {
1130 // SSH2
1131 cipher = pvar->ciphers[MODE_IN];
1132 if (cipher) {
1133 enc = &pvar->ssh2_keys[MODE_IN].enc;
1134 cipher_init_SSH2(pvar->evpcip[MODE_IN],
1135 enc->key, get_cipher_key_len(cipher),
1136 enc->iv, get_cipher_iv_len(cipher),
1137 CIPHER_DECRYPT,
1138 get_cipher_EVP_CIPHER(cipher),
1139 get_cipher_discard_len(cipher),
1140 get_cipher_auth_len(cipher),
1141 pvar);
1142
1143 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1144 }
1145 else {
1146 isOK = FALSE;
1147 }
1148 }
1149 }
1150
1151 if (!isOK) {
1152 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1153 "No cipher selected!");
1154 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1155 return FALSE;
1156 } else {
1157 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1158 SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1159 return TRUE;
1160 }
1161 }
1162
1163 void CRYPT_init(PTInstVar pvar)
1164 {
1165 pvar->crypt_state.encrypt = no_encrypt;
1166 pvar->crypt_state.decrypt = no_encrypt;
1167 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1168 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1169 pvar->crypt_state.server_key.RSA_key = NULL;
1170 pvar->crypt_state.host_key.RSA_key = NULL;
1171
1172 pvar->crypt_state.detect_attack_statics.h = NULL;
1173 pvar->crypt_state.detect_attack_statics.n =
1174 HASH_MINSIZE / HASH_ENTRYSIZE;
1175 }
1176
1177 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1178 {
1179 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1180 "%s to server, %s from server");
1181 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1182 get_cipher_name(pvar->crypt_state.sender_cipher),
1183 get_cipher_name(pvar->crypt_state.receiver_cipher));
1184 }
1185
1186 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1187 {
1188 BIGNUM *server_n, *host_n;
1189
1190 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1191 // RSA_get0_key���������������K�v�������B
1192
1193 if (SSHv1(pvar)) {
1194 if (pvar->crypt_state.server_key.RSA_key == NULL
1195 || pvar->crypt_state.host_key.RSA_key == NULL) {
1196 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1197 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1198 } else {
1199 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1200 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1201
1202 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1203 "%d-bit server key, %d-bit host key");
1204 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1205 BN_num_bits(server_n),
1206 BN_num_bits(host_n));
1207 }
1208 } else { // SSH2
1209 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1210 "%d-bit client key, %d-bit server key");
1211 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1212 pvar->client_key_bits,
1213 pvar->server_key_bits);
1214 }
1215 }
1216
1217 static void destroy_public_key(CRYPTPublicKey * key)
1218 {
1219 if (key->RSA_key != NULL) {
1220 RSA_free(key->RSA_key);
1221 key->RSA_key = NULL;
1222 }
1223 }
1224
1225 void CRYPT_free_public_key(CRYPTPublicKey * key)
1226 {
1227 destroy_public_key(key);
1228 free(key);
1229 }
1230
1231 void CRYPT_end(PTInstVar pvar)
1232 {
1233 free(encbuff);
1234 encbuff = NULL;
1235 encbufflen = 0;
1236
1237 destroy_public_key(&pvar->crypt_state.host_key);
1238 destroy_public_key(&pvar->crypt_state.server_key);
1239
1240 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1241 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1242 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1243 free(pvar->crypt_state.detect_attack_statics.h);
1244 }
1245
1246 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1247 sizeof(pvar->crypt_state.sender_cipher_key));
1248 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1249 sizeof(pvar->crypt_state.receiver_cipher_key));
1250 SecureZeroMemory(pvar->crypt_state.server_cookie,
1251 sizeof(pvar->crypt_state.server_cookie));
1252 SecureZeroMemory(pvar->crypt_state.client_cookie,
1253 sizeof(pvar->crypt_state.client_cookie));
1254 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1255 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1256 }
1257
1258 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1259 char *buf, int bytes)
1260 {
1261 unsigned char passphrase_key[16];
1262
1263 MD5(passphrase, strlen(passphrase), passphrase_key);
1264
1265 switch (cipher) {
1266 case SSH_CIPHER_3DES:{
1267 Cipher3DESState state;
1268
1269 DES_set_key((const_DES_cblock *) passphrase_key,
1270 &state.k1);
1271 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1272 &state.k2);
1273 DES_set_key((const_DES_cblock *) passphrase_key,
1274 &state.k3);
1275 SecureZeroMemory(state.ivec1, 8);
1276 SecureZeroMemory(state.ivec2, 8);
1277 SecureZeroMemory(state.ivec3, 8);
1278 DES_ncbc_encrypt(buf, buf, bytes,
1279 &state.k3, &state.ivec3, DES_DECRYPT);
1280 DES_ncbc_encrypt(buf, buf, bytes,
1281 &state.k2, &state.ivec2, DES_ENCRYPT);
1282 DES_ncbc_encrypt(buf, buf, bytes,
1283 &state.k1, &state.ivec1, DES_DECRYPT);
1284 break;
1285 }
1286
1287 case SSH_CIPHER_DES:{
1288 CipherDESState state;
1289
1290 cDES_init(passphrase_key, &state);
1291 DES_ncbc_encrypt(buf, buf, bytes,
1292 &state.k, &state.ivec, DES_DECRYPT);
1293 break;
1294 }
1295
1296 case SSH_CIPHER_BLOWFISH:{
1297 CipherBlowfishState state;
1298
1299 BF_set_key(&state.k, 16, passphrase_key);
1300 SecureZeroMemory(state.ivec, 8);
1301 flip_endianness(buf, bytes);
1302 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1303 BF_DECRYPT);
1304 flip_endianness(buf, bytes);
1305 break;
1306 }
1307
1308 case SSH_CIPHER_NONE:
1309 break;
1310
1311 default:
1312 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1313 return 0;
1314 }
1315
1316 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1317 return 1;
1318 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help