Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 9217 - (show annotations) (download) (as text)
Sun Apr 25 02:18:41 2021 UTC (2 years, 10 months ago) by nmaya
File MIME type: text/x-csrc
File size: 40618 byte(s) 
SSH2 暗号化方式 chacha20-poly1305@openssh.com をサポート
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004- TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75 static unsigned char *encbuff = NULL;
76 static unsigned int encbufflen = 0;
77
78 static void crc_update(uint32 *a, uint32 b)
79 {
80 b ^= *a;
81 *a = do_crc((unsigned char *) &b, sizeof(b));
82 }
83
84 /* check_crc
85 detects if a block is used in a particular pattern
86 */
87
88 static int check_crc(unsigned char *S, unsigned char *buf,
89 uint32 len, unsigned char *IV)
90 {
91 uint32 crc;
92 unsigned char *c;
93
94 crc = 0;
95 if (IV && !CMP(S, IV)) {
96 crc_update(&crc, 1);
97 crc_update(&crc, 0);
98 }
99 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100 if (!CMP(S, c)) {
101 crc_update(&crc, 1);
102 crc_update(&crc, 0);
103 } else {
104 crc_update(&crc, 0);
105 crc_update(&crc, 0);
106 }
107 }
108
109 return crc == 0;
110 }
111
112
113 /*
114 detect_attack
115 Detects a crc32 compensation attack on a packet
116 */
117 static int detect_attack(CRYPTDetectAttack *statics,
118 unsigned char *buf, uint32 len,
119 unsigned char *IV)
120 {
121 uint32 *h = statics->h;
122 uint32 n = statics->n;
123 uint32 i, j;
124 uint32 l;
125 unsigned char *c;
126 unsigned char *d;
127
128 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129 }
130
131 if (h == NULL) {
132 n = l;
133 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 } else {
135 if (l > n) {
136 n = l;
137 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 }
139 }
140
141 statics->h = h;
142 statics->n = n;
143
144 if (len <= HASH_MINBLOCKS) {
145 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146 if (IV && (!CMP(c, IV))) {
147 if ((check_crc(c, buf, len, IV)))
148 return DEATTACK_DETECTED;
149 else
150 break;
151 }
152 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153 if (!CMP(c, d)) {
154 if ((check_crc(c, buf, len, IV)))
155 return DEATTACK_DETECTED;
156 else
157 break;
158 }
159 }
160 }
161 return (DEATTACK_OK);
162 }
163 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164
165 if (IV) {
166 h[HASH(IV) & (n - 1)] = HASH_IV;
167 }
168
169 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171 i = (i + 1) & (n - 1)) {
172 if (h[i] == HASH_IV) {
173 if (!CMP(c, IV)) {
174 if (check_crc(c, buf, len, IV))
175 return DEATTACK_DETECTED;
176 else
177 break;
178 }
179 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180 if (check_crc(c, buf, len, IV))
181 return DEATTACK_DETECTED;
182 else
183 break;
184 }
185 }
186 h[i] = j;
187 }
188
189 return DEATTACK_OK;
190 }
191
192 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 {
194 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 } else {
197 return FALSE;
198 }
199 }
200
201 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202 {
203 unsigned char *newbuff = NULL;
204 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205 unsigned char lastiv[1];
206 char tmp[80];
207 struct sshcipher_ctx *cc = pvar->cc[MODE_OUT];
208 unsigned int newbuff_len = bytes;
209
210 if (bytes == 0)
211 return TRUE;
212
213 if (bytes % block_size) {
214 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
215 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
216 get_cipher_name(pvar->crypt_state.sender_cipher),
217 bytes, block_size);
218 notify_fatal_error(pvar, tmp, TRUE);
219 return FALSE;
220 }
221
222 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
223 // chacha20-poly1305 ���� aadlen ��������������
224 // aadlen �� bytes �����X��������������
225 // chachapoly_crypt �������F���f�[�^(AEAD tag)������������
226 newbuff_len += aadlen + authlen;
227 }
228 if (newbuff_len > encbufflen) {
229 if ((newbuff = realloc(encbuff, newbuff_len)) == NULL)
230 goto err;
231 encbuff = newbuff;
232 encbufflen = newbuff_len;
233 }
234
235 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
236 if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.sender_sequence_number,
237 encbuff, data, bytes, aadlen, authlen, 1) != 0) {
238 goto err;
239 }
240 memcpy(data, encbuff, aadlen + bytes + authlen);
241 return TRUE;
242 }
243
244 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
245 goto err;
246
247 if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
248 goto err;
249
250 // AES-GCM ���� aadlen �������������������A��������������������
251 if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
252 goto err;
253
254 memcpy(data+aadlen, encbuff, bytes);
255
256 if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
257 goto err;
258
259 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
260 goto err;
261
262 return TRUE;
263
264 err:
265 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
266 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
267 get_cipher_name(pvar->crypt_state.sender_cipher));
268 notify_fatal_error(pvar, tmp, TRUE);
269 return FALSE;
270 }
271
272 BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
273 {
274 unsigned char *newbuff = NULL;
275 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
276 unsigned char lastiv[1];
277 char tmp[80];
278 struct sshcipher_ctx *cc = pvar->cc[MODE_IN];
279 unsigned int newbuff_len = bytes;
280
281 if (bytes == 0)
282 return TRUE;
283
284 if (bytes % block_size) {
285 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
286 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
287 get_cipher_name(pvar->crypt_state.receiver_cipher),
288 bytes, block_size);
289 notify_fatal_error(pvar, tmp, TRUE);
290 return FALSE;
291 }
292
293 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
294 // chacha20-poly1305 ���� aadlen ������������������
295 newbuff_len += aadlen;
296 }
297 if (newbuff_len > encbufflen) {
298 if ((newbuff = realloc(encbuff, newbuff_len)) == NULL)
299 goto err;
300 encbuff = newbuff;
301 encbufflen = newbuff_len;
302 }
303
304 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
305 if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.receiver_sequence_number,
306 encbuff, data, bytes, aadlen, authlen, 0) != 0) {
307 goto err;
308 }
309 memcpy(data, encbuff, aadlen + bytes);
310 return TRUE;
311 }
312
313 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
314 goto err;
315
316 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
317 goto err;
318
319 if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
320 goto err;
321
322 // AES-GCM ���� aadlen �������������������A������������������
323 if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
324 goto err;
325
326 memcpy(data+aadlen, encbuff, bytes);
327
328 if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
329 goto err;
330
331 return TRUE;
332
333 err:
334 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
335 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
336 get_cipher_name(pvar->crypt_state.receiver_cipher));
337 notify_fatal_error(pvar, tmp, TRUE);
338 return FALSE;
339 }
340
341 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
342 {
343 }
344
345 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
346 {
347 unsigned char *newbuff;
348 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
349 char tmp[80];
350
351 if (bytes == 0)
352 return;
353
354 if (bytes % block_size) {
355 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
356 "%s encrypt error(1): bytes %d (%d)");
357 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
358 get_cipher_name(pvar->crypt_state.sender_cipher),
359 bytes, block_size);
360 notify_fatal_error(pvar, tmp, TRUE);
361 return;
362 }
363
364 if (bytes > encbufflen) {
365 if ((newbuff = realloc(encbuff, bytes)) == NULL)
366 return;
367 encbuff = newbuff;
368 encbufflen = bytes;
369 }
370
371 if (EVP_Cipher(pvar->cc[MODE_OUT]->evp, encbuff, buf, bytes) == 0) {
372 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
373 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
374 get_cipher_name(pvar->crypt_state.sender_cipher));
375 notify_fatal_error(pvar, tmp, TRUE);
376 } else {
377 memcpy(buf, encbuff, bytes);
378 }
379 }
380
381 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
382 {
383 unsigned char *newbuff;
384 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
385 char tmp[80];
386
387 if (bytes == 0)
388 return;
389
390 if (bytes % block_size) {
391 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
392 "%s decrypt error(1): bytes %d (%d)");
393 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
394 get_cipher_name(pvar->crypt_state.receiver_cipher),
395 bytes, block_size);
396 notify_fatal_error(pvar, tmp, TRUE);
397 return;
398 }
399
400 if (bytes > encbufflen) {
401 if ((newbuff = malloc(bytes)) == NULL)
402 return;
403 encbuff = newbuff;
404 encbufflen = bytes;
405 }
406
407 if (EVP_Cipher(pvar->cc[MODE_IN]->evp, encbuff, buf, bytes) == 0) {
408 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
409 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg,
410 get_cipher_name(pvar->crypt_state.receiver_cipher));
411 notify_fatal_error(pvar, tmp, TRUE);
412 } else {
413 memcpy(buf, encbuff, bytes);
414 }
415 }
416
417 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
418 {
419 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
420
421 DES_ncbc_encrypt(buf, buf, bytes,
422 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
423 DES_ncbc_encrypt(buf, buf, bytes,
424 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
425 DES_ncbc_encrypt(buf, buf, bytes,
426 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
427 }
428
429 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
430 {
431 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
432
433 DES_ncbc_encrypt(buf, buf, bytes,
434 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
435 DES_ncbc_encrypt(buf, buf, bytes,
436 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
437 DES_ncbc_encrypt(buf, buf, bytes,
438 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
439 }
440
441 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
442 {
443 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
444
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
447 }
448
449 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
450 {
451 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
452
453 DES_ncbc_encrypt(buf, buf, bytes,
454 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
455 }
456
457 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
458 {
459 uint32 *buf = (uint32 *) cbuf;
460 int count = bytes / 4;
461
462 while (count > 0) {
463 uint32 w = *buf;
464
465 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
466 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
467 count--;
468 buf++;
469 }
470 }
471
472 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
473 {
474 CipherBlowfishState *encryptstate =
475 &pvar->crypt_state.enc.cBlowfish;
476
477 flip_endianness(buf, bytes);
478 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
479 BF_ENCRYPT);
480 flip_endianness(buf, bytes);
481 }
482
483 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
484 {
485 CipherBlowfishState *decryptstate =
486 &pvar->crypt_state.dec.cBlowfish;
487
488 flip_endianness(buf, bytes);
489 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
490 BF_DECRYPT);
491 flip_endianness(buf, bytes);
492 }
493
494 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
495 {
496 int ret;
497
498 // OpenSSL 1.1.1���g���������AWindowsMe���� RAND_bytes() �������o�����������B
499 logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__);
500 ret = RAND_bytes(buf, bytes);
501 if (ret < 0) {
502 logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret);
503 }
504 }
505
506 void CRYPT_initialize_random_numbers(PTInstVar pvar)
507 {
508 // ����������������������
509 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
510 //RAND_screen();
511 }
512
513 static BIGNUM *get_bignum(unsigned char *bytes)
514 {
515 int bits = get_ushort16_MSBfirst(bytes);
516
517 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
518 }
519
520 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
521 RSA *make_key(PTInstVar pvar,
522 int bits, unsigned char *exp,
523 unsigned char *mod)
524 {
525 RSA *key = RSA_new();
526 BIGNUM *e = NULL, *n = NULL;
527
528 if (key != NULL) {
529 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
530 // RSA_set0_key���������������K�v�������B
531 e = get_bignum(exp);
532 n = get_bignum(mod);
533 RSA_set0_key(key, n, e, NULL);
534 }
535
536 if (key == NULL || e == NULL || n == NULL) {
537 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
538 "Error setting up RSA keys");
539 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
540
541 if (key != NULL) {
542 if (e != NULL) {
543 BN_free(e);
544 }
545 if (n != NULL) {
546 BN_free(n);
547 }
548 RSA_free(key);
549 }
550
551 return NULL;
552 } else {
553 return key;
554 }
555 }
556
557 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
558 {
559 if (SSHv1(pvar)) {
560 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
561 } else {
562 memcpy(pvar->crypt_state.server_cookie, cookie,
563 SSH2_COOKIE_LENGTH);
564 }
565 }
566
567 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
568 {
569 if (SSHv2(pvar)) {
570 memcpy(pvar->crypt_state.client_cookie, cookie,
571 SSH2_COOKIE_LENGTH);
572 }
573 }
574
575 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
576 int bits, unsigned char *exp,
577 unsigned char *mod)
578 {
579 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
580
581 return pvar->crypt_state.server_key.RSA_key != NULL;
582 }
583
584 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
585 int bits, unsigned char *exp,
586 unsigned char *mod)
587 {
588 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
589
590 return pvar->crypt_state.host_key.RSA_key != NULL;
591 }
592
593 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
594 int receiver_ciphers)
595 {
596 int cipher_mask;
597
598 if (SSHv1(pvar)) {
599 cipher_mask = (1 << SSH_CIPHER_DES)
600 | (1 << SSH_CIPHER_3DES)
601 | (1 << SSH_CIPHER_BLOWFISH);
602
603 } else { // for SSH2(yutaka)
604 // SSH2���T�|�[�g�����f�[�^���M�p�A���S���Y���i���J�������p�������j
605 cipher_mask =((1 << SSH2_CIPHER_3DES_CBC)
606 | (1 << SSH2_CIPHER_AES128_CBC)
607 | (1 << SSH2_CIPHER_AES192_CBC)
608 | (1 << SSH2_CIPHER_AES256_CBC)
609 | (1 << SSH2_CIPHER_BLOWFISH_CBC)
610 | (1 << SSH2_CIPHER_AES128_CTR)
611 | (1 << SSH2_CIPHER_AES192_CTR)
612 | (1 << SSH2_CIPHER_AES256_CTR)
613 | (1 << SSH2_CIPHER_ARCFOUR)
614 | (1 << SSH2_CIPHER_ARCFOUR128)
615 | (1 << SSH2_CIPHER_ARCFOUR256)
616 | (1 << SSH2_CIPHER_CAST128_CBC)
617 | (1 << SSH2_CIPHER_3DES_CTR)
618 | (1 << SSH2_CIPHER_BLOWFISH_CTR)
619 | (1 << SSH2_CIPHER_CAST128_CTR)
620 | (1 << SSH2_CIPHER_CAMELLIA128_CBC)
621 | (1 << SSH2_CIPHER_CAMELLIA192_CBC)
622 | (1 << SSH2_CIPHER_CAMELLIA256_CBC)
623 | (1 << SSH2_CIPHER_CAMELLIA128_CTR)
624 | (1 << SSH2_CIPHER_CAMELLIA192_CTR)
625 | (1 << SSH2_CIPHER_CAMELLIA256_CTR)
626 | (1 << SSH2_CIPHER_AES128_GCM)
627 | (1 << SSH2_CIPHER_AES256_GCM)
628 | (1 << SSH2_CIPHER_CHACHAPOLY)
629 );
630 }
631
632 sender_ciphers &= cipher_mask;
633 receiver_ciphers &= cipher_mask;
634 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
635 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
636
637 if (sender_ciphers == 0) {
638 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
639 "The server does not support any of the TTSSH encryption algorithms.\n"
640 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
641 "The connection will be closed.");
642 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
643 return FALSE;
644 } else if (receiver_ciphers == 0) {
645 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
646 "The server does not support any of the TTSSH encryption algorithms.\n"
647 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
648 "The connection will be closed.");
649 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
650 return FALSE;
651 } else {
652 return TRUE;
653 }
654 }
655
656 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
657 {
658 if (SSHv1(pvar)) {
659 return 8;
660 } else {
661 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
662 // cf. 3DES=8, AES128=16
663 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
664 }
665 }
666
667 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
668 {
669 if (SSHv1(pvar)) {
670 return 8;
671 } else {
672 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
673 // cf. 3DES=8, AES128=16
674 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
675 }
676 }
677
678 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
679 {
680 struct Mac *mac;
681
682 if (SSHv1(pvar)) {
683 return 0;
684
685 } else { // for SSH2(yutaka)
686 mac = &pvar->ssh2_keys[MODE_IN].mac;
687 if (mac == NULL || mac->enabled == 0)
688 return 0;
689
690 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
691 }
692
693 }
694
695 // HMAC������
696 // ���{������ SSH2 �������g�p�������B
697 // (2004.12.17 yutaka)
698 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
699 char *data, int len, char *MAC)
700 {
701 HMAC_CTX *c = NULL;
702 unsigned char m[EVP_MAX_MD_SIZE];
703 unsigned char b[4];
704 struct Mac *mac;
705
706 mac = &pvar->ssh2_keys[MODE_IN].mac;
707
708 // HMAC�������L���������������A����OK�����������B
709 if (mac == NULL || mac->enabled == 0)
710 return TRUE;
711
712 if (mac->key == NULL) {
713 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
714 goto error;
715 }
716
717 if ((u_int)mac->mac_len > sizeof(m)) {
718 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
719 mac->mac_len, sizeof(m), sequence_number, len);
720 goto error;
721 }
722
723 c = HMAC_CTX_new();
724 if (c == NULL)
725 goto error;
726
727 HMAC_Init(c, mac->key, mac->key_len, mac->md);
728 set_uint32_MSBfirst(b, sequence_number);
729 HMAC_Update(c, b, sizeof(b));
730 HMAC_Update(c, data, len);
731 HMAC_Final(c, m, NULL);
732 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
733
734 if (memcmp(m, MAC, mac->mac_len)) {
735 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
736 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
737 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
738 goto error;
739 }
740
741 HMAC_CTX_free(c);
742
743 return TRUE;
744
745 error:
746 if (c)
747 HMAC_CTX_free(c);
748
749 return FALSE;
750 }
751
752 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
753 {
754 struct Mac *mac;
755
756 if (SSHv2(pvar)) { // for SSH2(yutaka)
757 mac = &pvar->ssh2_keys[MODE_OUT].mac;
758 if (mac == NULL || mac->enabled == 0)
759 return 0;
760
761 return (mac->mac_len);
762 }
763
764 return 0;
765 }
766
767 // for SSH2
768 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
769 char *data, int len, char *MAC)
770 {
771 HMAC_CTX *c = NULL;
772 static u_char m[EVP_MAX_MD_SIZE];
773 u_char b[4];
774 struct Mac *mac;
775
776 if (SSHv2(pvar)) { // for SSH2(yutaka)
777 mac = &pvar->ssh2_keys[MODE_OUT].mac;
778 if (mac == NULL || mac->enabled == 0)
779 return FALSE;
780
781 c = HMAC_CTX_new();
782 if (c == NULL)
783 return FALSE;
784
785 HMAC_Init(c, mac->key, mac->key_len, mac->md);
786 set_uint32_MSBfirst(b, sequence_number);
787 HMAC_Update(c, b, sizeof(b));
788 HMAC_Update(c, data, len);
789 HMAC_Final(c, m, NULL);
790 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
791
792 // 20�o�C�g�������R�s�[
793 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
794 // memcpy(MAC, m, sizeof(m));
795
796 HMAC_CTX_free(c);
797
798 return TRUE;
799 }
800
801 return TRUE;
802
803 }
804
805 static int choose_cipher(PTInstVar pvar, int supported)
806 {
807 int i;
808
809 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
810 int cipher = pvar->session_settings.CipherOrder[i] - '0';
811
812 if (cipher == SSH_CIPHER_NONE) {
813 break;
814 } else if ((supported & (1 << cipher)) != 0) {
815 return cipher;
816 }
817 }
818
819 return SSH_CIPHER_NONE;
820 }
821
822 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
823 {
824 if (SSHv1(pvar)) {
825 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
826 pvar->crypt_state.
827 supported_sender_ciphers);
828 pvar->crypt_state.receiver_cipher =
829 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
830
831 } else { // SSH2(yutaka)
832 if (pvar->ciphers[MODE_OUT] == NULL) {
833 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
834 }
835 else {
836 pvar->crypt_state.sender_cipher = get_cipher_id(pvar->ciphers[MODE_OUT]);
837 }
838 if (pvar->ciphers[MODE_IN] == NULL) {
839 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
840 }
841 else {
842 pvar->crypt_state.receiver_cipher = get_cipher_id(pvar->ciphers[MODE_IN]);
843 }
844 }
845
846 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
847 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
848 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
849 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
850 "To communicate with this server, you will have to enable some more ciphers\n"
851 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
852 "This connection will now close.");
853 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
854 return FALSE;
855 } else {
856 return TRUE;
857 }
858 }
859
860 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
861 {
862 int server_key_bits;
863 int host_key_bits;
864 int server_key_bytes;
865 int host_key_bytes;
866 BIGNUM *n;
867
868 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
869 // RSA_get0_key���������������K�v�������B
870 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
871 server_key_bits = BN_num_bits(n);
872
873 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
874 host_key_bits = BN_num_bits(n);
875
876 server_key_bytes = (server_key_bits + 7) / 8;
877 host_key_bytes = (host_key_bits + 7) / 8;
878
879 if (server_key_bits < host_key_bits) {
880 return host_key_bytes;
881 } else {
882 return server_key_bytes;
883 }
884 }
885
886 int CRYPT_choose_session_key(PTInstVar pvar,
887 unsigned char *encrypted_key_buf)
888 {
889 int server_key_bits;
890 int host_key_bits;
891 int server_key_bytes;
892 int host_key_bytes;
893 int encrypted_key_bytes;
894 int bit_delta;
895 BIGNUM *server_n, *host_n;
896
897 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
898 // RSA_get0_key���������������K�v�������B
899 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
900 server_key_bits = BN_num_bits(server_n);
901
902 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
903 host_key_bits = BN_num_bits(host_n);
904
905 server_key_bytes = (server_key_bits + 7) / 8;
906 host_key_bytes = (host_key_bits + 7) / 8;
907
908 if (server_key_bits < host_key_bits) {
909 encrypted_key_bytes = host_key_bytes;
910 bit_delta = host_key_bits - server_key_bits;
911 } else {
912 encrypted_key_bytes = server_key_bytes;
913 bit_delta = server_key_bits - host_key_bits;
914 }
915
916 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
917 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
918 "Server RSA keys are too weak. A secure connection cannot be established.");
919 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
920 return 0;
921 } else {
922 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
923 for the session ID, rather than the one specified in the RFC */
924 int session_buf_len = server_key_bytes + host_key_bytes + 8;
925 char *session_buf = (char *) malloc(session_buf_len);
926 char session_id[16];
927 int i;
928
929 BN_bn2bin(host_n, session_buf);
930 BN_bn2bin(server_n,
931 session_buf + host_key_bytes);
932 memcpy(session_buf + server_key_bytes + host_key_bytes,
933 pvar->crypt_state.server_cookie, 8);
934 MD5(session_buf, session_buf_len, session_id);
935
936 free(session_buf);
937
938 RAND_bytes(pvar->crypt_state.sender_cipher_key,
939 SSH_SESSION_KEY_LENGTH);
940 memcpy(pvar->crypt_state.receiver_cipher_key,
941 pvar->crypt_state.sender_cipher_key,
942 SSH_SESSION_KEY_LENGTH);
943
944 memcpy(encrypted_key_buf + encrypted_key_bytes -
945 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
946 SSH_SESSION_KEY_LENGTH);
947 for (i = 0; i < sizeof(session_id); i++) {
948 encrypted_key_buf[encrypted_key_bytes -
949 SSH_SESSION_KEY_LENGTH + i]
950 ^= session_id[i];
951 }
952
953 if (host_key_bits > server_key_bits) {
954 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
955 encrypted_key_buf +
956 encrypted_key_bytes -
957 SSH_SESSION_KEY_LENGTH,
958 encrypted_key_buf +
959 encrypted_key_bytes - server_key_bytes,
960 pvar->crypt_state.server_key.RSA_key,
961 RSA_PKCS1_PADDING) < 0)
962 return 0;
963
964 if (RSA_public_encrypt(server_key_bytes,
965 encrypted_key_buf +
966 encrypted_key_bytes - server_key_bytes,
967 encrypted_key_buf,
968 pvar->crypt_state.host_key.RSA_key,
969 RSA_PKCS1_PADDING) < 0)
970 return 0;
971 } else {
972 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
973 encrypted_key_buf +
974 encrypted_key_bytes -
975 SSH_SESSION_KEY_LENGTH,
976 encrypted_key_buf +
977 encrypted_key_bytes - host_key_bytes,
978 pvar->crypt_state.host_key.RSA_key,
979 RSA_PKCS1_PADDING) < 0)
980 return 0;
981
982 if (RSA_public_encrypt(host_key_bytes,
983 encrypted_key_buf +
984 encrypted_key_bytes - host_key_bytes,
985 encrypted_key_buf,
986 pvar->crypt_state.server_key.RSA_key,
987 RSA_PKCS1_PADDING) < 0)
988 return 0;
989 }
990 }
991
992 return 1;
993 }
994
995 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
996 unsigned char *challenge,
997 int challenge_len,
998 unsigned char *response)
999 {
1000 int server_key_bits;
1001 int host_key_bits;
1002 int server_key_bytes;
1003 int host_key_bytes;
1004 int session_buf_len;
1005 char *session_buf;
1006 char decrypted_challenge[48];
1007 int decrypted_challenge_len;
1008 BIGNUM *server_n, *host_n;
1009
1010 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1011 // RSA_get0_key���������������K�v�������B
1012 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1013 server_key_bits = BN_num_bits(server_n);
1014
1015 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1016 host_key_bits = BN_num_bits(host_n);
1017
1018 server_key_bytes = (server_key_bits + 7) / 8;
1019 host_key_bytes = (host_key_bits + 7) / 8;
1020 session_buf_len = server_key_bytes + host_key_bytes + 8;
1021 session_buf = (char FAR *) malloc(session_buf_len);
1022
1023 decrypted_challenge_len =
1024 RSA_private_decrypt(challenge_len, challenge, challenge,
1025 AUTH_get_cur_cred(pvar)->key_pair->rsa,
1026 RSA_PKCS1_PADDING);
1027 if (decrypted_challenge_len < 0) {
1028 free(session_buf);
1029 return 0;
1030 }
1031 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1032 memcpy(decrypted_challenge,
1033 challenge + decrypted_challenge_len -
1034 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1035 } else {
1036 SecureZeroMemory(decrypted_challenge,
1037 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1038 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1039 decrypted_challenge_len, challenge,
1040 decrypted_challenge_len);
1041 }
1042
1043 BN_bn2bin(host_n, session_buf);
1044 BN_bn2bin(server_n,
1045 session_buf + host_key_bytes);
1046 memcpy(session_buf + server_key_bytes + host_key_bytes,
1047 pvar->crypt_state.server_cookie, 8);
1048 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1049
1050 free(session_buf);
1051
1052 MD5(decrypted_challenge, 48, response);
1053
1054 return 1;
1055 }
1056
1057 static void c3DES_init(char *session_key, Cipher3DESState *state)
1058 {
1059 DES_set_key((const_DES_cblock *) session_key, &state->k1);
1060 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
1061 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
1062 SecureZeroMemory(state->ivec1, 8);
1063 SecureZeroMemory(state->ivec2, 8);
1064 SecureZeroMemory(state->ivec3, 8);
1065 }
1066
1067 static void cDES_init(char *session_key, CipherDESState *state)
1068 {
1069 DES_set_key((const_DES_cblock *) session_key, &state->k);
1070 SecureZeroMemory(state->ivec, 8);
1071 }
1072
1073 static void cBlowfish_init(char *session_key,
1074 CipherBlowfishState *state)
1075 {
1076 BF_set_key(&state->k, 32, session_key);
1077 SecureZeroMemory(state->ivec, 8);
1078 }
1079
1080 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1081 {
1082 struct Enc *enc;
1083 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1084 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1085 const struct ssh2cipher *cipher;
1086 BOOL isOK = TRUE;
1087
1088 if (sender_flag) {
1089 if (SSHv1(pvar)) {
1090 switch (pvar->crypt_state.sender_cipher) {
1091 case SSH_CIPHER_3DES:
1092 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1093 pvar->crypt_state.encrypt = c3DES_encrypt;
1094 break;
1095
1096 case SSH_CIPHER_DES:
1097 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1098 pvar->crypt_state.encrypt = cDES_encrypt;
1099 break;
1100
1101 case SSH_CIPHER_BLOWFISH:
1102 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1103 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1104 break;
1105
1106 case SSH_CIPHER_NONE:
1107 case SSH_CIPHER_IDEA:
1108 case SSH_CIPHER_TSS:
1109 case SSH_CIPHER_RC4:
1110 isOK = FALSE;
1111 break;
1112 }
1113 }
1114 else {
1115 // SSH2
1116 cipher = pvar->ciphers[MODE_OUT];
1117 if (cipher) {
1118 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1119 cipher_init_SSH2(&pvar->cc[MODE_OUT], cipher,
1120 enc->key, enc->key_len,
1121 enc->iv, enc->iv_len,
1122 CIPHER_ENCRYPT,
1123 pvar);
1124 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1125 }
1126 else {
1127 isOK = FALSE;
1128 }
1129 }
1130 }
1131
1132 if (receiver_flag) {
1133 if (SSHv1(pvar)) {
1134 switch (pvar->crypt_state.receiver_cipher) {
1135 case SSH_CIPHER_3DES:
1136 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1137 pvar->crypt_state.decrypt = c3DES_decrypt;
1138 break;
1139
1140 case SSH_CIPHER_DES:
1141 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1142 pvar->crypt_state.decrypt = cDES_decrypt;
1143 break;
1144
1145 case SSH_CIPHER_BLOWFISH:
1146 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1147 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1148 break;
1149
1150 case SSH_CIPHER_NONE:
1151 case SSH_CIPHER_IDEA:
1152 case SSH_CIPHER_TSS:
1153 case SSH_CIPHER_RC4:
1154 isOK = FALSE;
1155 break;
1156 }
1157 }
1158 else {
1159 // SSH2
1160 cipher = pvar->ciphers[MODE_IN];
1161 if (cipher) {
1162 enc = &pvar->ssh2_keys[MODE_IN].enc;
1163 cipher_init_SSH2(&pvar->cc[MODE_IN], cipher,
1164 enc->key, enc->key_len,
1165 enc->iv, enc->iv_len,
1166 CIPHER_DECRYPT,
1167 pvar);
1168 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1169 }
1170 else {
1171 isOK = FALSE;
1172 }
1173 }
1174 }
1175
1176 if (!isOK) {
1177 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1178 "No cipher selected!");
1179 notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE);
1180 return FALSE;
1181 } else {
1182 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1183 SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1184 return TRUE;
1185 }
1186 }
1187
1188 void CRYPT_init(PTInstVar pvar)
1189 {
1190 pvar->crypt_state.encrypt = no_encrypt;
1191 pvar->crypt_state.decrypt = no_encrypt;
1192 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1193 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1194 pvar->crypt_state.server_key.RSA_key = NULL;
1195 pvar->crypt_state.host_key.RSA_key = NULL;
1196
1197 pvar->crypt_state.detect_attack_statics.h = NULL;
1198 pvar->crypt_state.detect_attack_statics.n =
1199 HASH_MINSIZE / HASH_ENTRYSIZE;
1200 }
1201
1202 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1203 {
1204 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1205 "%s to server, %s from server");
1206 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1207 get_cipher_name(pvar->crypt_state.sender_cipher),
1208 get_cipher_name(pvar->crypt_state.receiver_cipher));
1209 }
1210
1211 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1212 {
1213 BIGNUM *server_n, *host_n;
1214
1215 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1216 // RSA_get0_key���������������K�v�������B
1217
1218 if (SSHv1(pvar)) {
1219 if (pvar->crypt_state.server_key.RSA_key == NULL
1220 || pvar->crypt_state.host_key.RSA_key == NULL) {
1221 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1222 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1223 } else {
1224 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1225 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1226
1227 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1228 "%d-bit server key, %d-bit host key");
1229 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1230 BN_num_bits(server_n),
1231 BN_num_bits(host_n));
1232 }
1233 } else { // SSH2
1234 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO2", pvar,
1235 "%d-bit client key, %d-bit server key");
1236 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1237 pvar->client_key_bits,
1238 pvar->server_key_bits);
1239 }
1240 }
1241
1242 static void destroy_public_key(CRYPTPublicKey * key)
1243 {
1244 if (key->RSA_key != NULL) {
1245 RSA_free(key->RSA_key);
1246 key->RSA_key = NULL;
1247 }
1248 }
1249
1250 void CRYPT_free_public_key(CRYPTPublicKey * key)
1251 {
1252 destroy_public_key(key);
1253 free(key);
1254 }
1255
1256 void CRYPT_end(PTInstVar pvar)
1257 {
1258 free(encbuff);
1259 encbuff = NULL;
1260 encbufflen = 0;
1261
1262 destroy_public_key(&pvar->crypt_state.host_key);
1263 destroy_public_key(&pvar->crypt_state.server_key);
1264
1265 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1266 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1267 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1268 free(pvar->crypt_state.detect_attack_statics.h);
1269 }
1270
1271 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1272 sizeof(pvar->crypt_state.sender_cipher_key));
1273 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1274 sizeof(pvar->crypt_state.receiver_cipher_key));
1275 SecureZeroMemory(pvar->crypt_state.server_cookie,
1276 sizeof(pvar->crypt_state.server_cookie));
1277 SecureZeroMemory(pvar->crypt_state.client_cookie,
1278 sizeof(pvar->crypt_state.client_cookie));
1279 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1280 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1281 }
1282
1283 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1284 char *buf, int bytes)
1285 {
1286 unsigned char passphrase_key[16];
1287
1288 MD5(passphrase, strlen(passphrase), passphrase_key);
1289
1290 switch (cipher) {
1291 case SSH_CIPHER_3DES:{
1292 Cipher3DESState state;
1293
1294 DES_set_key((const_DES_cblock *) passphrase_key,
1295 &state.k1);
1296 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1297 &state.k2);
1298 DES_set_key((const_DES_cblock *) passphrase_key,
1299 &state.k3);
1300 SecureZeroMemory(state.ivec1, 8);
1301 SecureZeroMemory(state.ivec2, 8);
1302 SecureZeroMemory(state.ivec3, 8);
1303 DES_ncbc_encrypt(buf, buf, bytes,
1304 &state.k3, &state.ivec3, DES_DECRYPT);
1305 DES_ncbc_encrypt(buf, buf, bytes,
1306 &state.k2, &state.ivec2, DES_ENCRYPT);
1307 DES_ncbc_encrypt(buf, buf, bytes,
1308 &state.k1, &state.ivec1, DES_DECRYPT);
1309 break;
1310 }
1311
1312 case SSH_CIPHER_DES:{
1313 CipherDESState state;
1314
1315 cDES_init(passphrase_key, &state);
1316 DES_ncbc_encrypt(buf, buf, bytes,
1317 &state.k, &state.ivec, DES_DECRYPT);
1318 break;
1319 }
1320
1321 case SSH_CIPHER_BLOWFISH:{
1322 CipherBlowfishState state;
1323
1324 BF_set_key(&state.k, 16, passphrase_key);
1325 SecureZeroMemory(state.ivec, 8);
1326 flip_endianness(buf, bytes);
1327 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1328 BF_DECRYPT);
1329 flip_endianness(buf, bytes);
1330 break;
1331 }
1332
1333 case SSH_CIPHER_NONE:
1334 break;
1335
1336 default:
1337 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1338 return 0;
1339 }
1340
1341 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1342 return 1;
1343 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help