| 774 |
return pvar->ssh_state.payload[-1]; |
return pvar->ssh_state.payload[-1]; |
| 775 |
} |
} |
| 776 |
|
|
| 777 |
static int prep_packet_ssh2(PTInstVar pvar, char *data, int len, int padding) |
static int prep_packet_ssh2(PTInstVar pvar, char *data, int len, int padding, int etm) |
| 778 |
{ |
{ |
|
int already_decrypted = get_predecryption_amount(pvar); |
|
|
|
|
| 779 |
pvar->ssh_state.payload = data + 4; |
pvar->ssh_state.payload = data + 4; |
| 780 |
pvar->ssh_state.payloadlen = len; |
pvar->ssh_state.payloadlen = len; |
| 781 |
|
|
| 782 |
CRYPT_decrypt(pvar, data + already_decrypted, (4 + len) - already_decrypted); |
if (etm) { |
| 783 |
|
if (!CRYPT_verify_receiver_MAC(pvar, pvar->ssh_state.receiver_sequence_number, data, len + 4, data + len + 4)) { |
| 784 |
|
UTIL_get_lang_msg("MSG_SSH_CORRUPTDATA_ERROR", pvar, "Detected corrupted data; connection terminating."); |
| 785 |
|
notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE); |
| 786 |
|
return SSH_MSG_NONE; |
| 787 |
|
} |
| 788 |
|
|
| 789 |
if (!CRYPT_verify_receiver_MAC(pvar, pvar->ssh_state.receiver_sequence_number, data, len + 4, data + len + 4)) { |
CRYPT_decrypt(pvar, data + 4, len); |
| 790 |
UTIL_get_lang_msg("MSG_SSH_CORRUPTDATA_ERROR", pvar, "Detected corrupted data; connection terminating."); |
padding = (unsigned int) data[4]; |
| 791 |
notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE); |
} |
| 792 |
return SSH_MSG_NONE; |
else { |
| 793 |
|
int already_decrypted = get_predecryption_amount(pvar); |
| 794 |
|
|
| 795 |
|
CRYPT_decrypt(pvar, data + already_decrypted, (4 + len) - already_decrypted); |
| 796 |
|
|
| 797 |
|
if (!CRYPT_verify_receiver_MAC(pvar, pvar->ssh_state.receiver_sequence_number, data, len + 4, data + len + 4)) { |
| 798 |
|
UTIL_get_lang_msg("MSG_SSH_CORRUPTDATA_ERROR", pvar, "Detected corrupted data; connection terminating."); |
| 799 |
|
notify_fatal_error(pvar, pvar->ts->UIMsg, TRUE); |
| 800 |
|
return SSH_MSG_NONE; |
| 801 |
|
} |
| 802 |
} |
} |
| 803 |
|
|
| 804 |
pvar->ssh_state.payload++; |
pvar->ssh_state.payload++; |
| 1001 |
unsigned int encryption_size; |
unsigned int encryption_size; |
| 1002 |
unsigned int padding; |
unsigned int padding; |
| 1003 |
BOOL ret; |
BOOL ret; |
| 1004 |
|
struct Mac *mac = &pvar->ssh2_keys[MODE_OUT].mac; |
| 1005 |
|
int aadlen = 0; |
| 1006 |
|
|
| 1007 |
/* |
/* |
| 1008 |
データ構造 |
データ構造 |
| 1055 |
block_size = 8; |
block_size = 8; |
| 1056 |
} |
} |
| 1057 |
|
|
| 1058 |
encryption_size = 4 + 1 + len; |
if (mac && mac->etm) { |
| 1059 |
|
aadlen = 4; |
| 1060 |
|
} |
| 1061 |
|
|
| 1062 |
|
encryption_size = 4 - aadlen + 1 + len; |
| 1063 |
padding = block_size - (encryption_size % block_size); |
padding = block_size - (encryption_size % block_size); |
| 1064 |
if (padding < 4) |
if (padding < 4) |
| 1065 |
padding += block_size; |
padding += block_size; |
| 1066 |
encryption_size += padding; |
encryption_size += padding; |
| 1067 |
set_uint32(data, encryption_size - 4); |
set_uint32(data, encryption_size - 4 + aadlen); |
| 1068 |
data[4] = (unsigned char) padding; |
data[4] = (unsigned char) padding; |
| 1069 |
data_length = encryption_size + CRYPT_get_sender_MAC_size(pvar); |
data_length = encryption_size; |
| 1070 |
if (msg) { |
if (msg) { |
| 1071 |
// パケット圧縮の場合、バッファを拡張する。(2011.6.10 yutaka) |
// パケット圧縮の場合、バッファを拡張する。(2011.6.10 yutaka) |
| 1072 |
buffer_append_space(msg, padding + EVP_MAX_MD_SIZE); |
buffer_append_space(msg, padding + EVP_MAX_MD_SIZE); |
| 1076 |
|
|
| 1077 |
//if (pvar->ssh_state.outbuflen <= 7 + data_length) *(int *)0 = 0; |
//if (pvar->ssh_state.outbuflen <= 7 + data_length) *(int *)0 = 0; |
| 1078 |
CRYPT_set_random_data(pvar, data + 5 + len, padding); |
CRYPT_set_random_data(pvar, data + 5 + len, padding); |
| 1079 |
ret = CRYPT_build_sender_MAC(pvar, |
|
| 1080 |
pvar->ssh_state.sender_sequence_number, |
if (aadlen == 0) { |
| 1081 |
data, encryption_size, |
ret = CRYPT_build_sender_MAC(pvar, pvar->ssh_state.sender_sequence_number, |
| 1082 |
data + encryption_size); |
data, encryption_size, data + encryption_size); |
| 1083 |
if (ret == FALSE) { // MACがまだ設定されていない場合 |
if (ret) { |
| 1084 |
data_length = encryption_size; |
data_length += CRYPT_get_sender_MAC_size(pvar); |
| 1085 |
|
// data[encryption_size + 5] = 0; |
| 1086 |
|
} |
| 1087 |
} |
} |
| 1088 |
|
|
| 1089 |
// パケットを暗号化する。MAC以降は暗号化対象外。 |
// パケットを暗号化する。MAC以降は暗号化対象外。 |
| 1090 |
CRYPT_encrypt(pvar, data, encryption_size); |
CRYPT_encrypt(pvar, data + aadlen, encryption_size); |
| 1091 |
|
|
| 1092 |
|
if (aadlen) { |
| 1093 |
|
int maclen; |
| 1094 |
|
encryption_size += aadlen; |
| 1095 |
|
ret = CRYPT_build_sender_MAC(pvar, pvar->ssh_state.sender_sequence_number, |
| 1096 |
|
data, encryption_size, data + encryption_size); |
| 1097 |
|
if (ret) { |
| 1098 |
|
maclen = CRYPT_get_sender_MAC_size(pvar); |
| 1099 |
|
data_length = encryption_size + maclen; |
| 1100 |
|
} |
| 1101 |
|
logprintf(LOG_LEVEL_ERROR, __FUNCTION__ |
| 1102 |
|
": EtM test. aadlen:%d, enclen:%d, pad:%d, datalen:%d, maclen:%d", |
| 1103 |
|
aadlen, encryption_size, padding, data_length, maclen); |
| 1104 |
|
} |
| 1105 |
|
|
| 1106 |
} |
} |
| 1107 |
|
|
| 1108 |
send_packet_blocking(pvar, data, data_length); |
send_packet_blocking(pvar, data, data_length); |
| 2070 |
} |
} |
| 2071 |
} |
} |
| 2072 |
|
|
|
|
|
| 2073 |
void SSH_handle_packet1(PTInstVar pvar, char *data, int len, int padding) |
void SSH_handle_packet1(PTInstVar pvar, char *data, int len, int padding) |
| 2074 |
{ |
{ |
| 2075 |
unsigned char message = prep_packet_ssh1(pvar, data, len, padding); |
unsigned char message = prep_packet_ssh1(pvar, data, len, padding); |
| 2093 |
} |
} |
| 2094 |
} |
} |
| 2095 |
|
|
| 2096 |
void SSH_handle_packet2(PTInstVar pvar, char *data, int len, int padding) |
void SSH_handle_packet2(PTInstVar pvar, char *data, int len, int padding, int etm) |
| 2097 |
{ |
{ |
| 2098 |
unsigned char message = prep_packet_ssh2(pvar, data, len, padding); |
unsigned char message = prep_packet_ssh2(pvar, data, len, padding, etm); |
| 2099 |
|
|
| 2100 |
// SSHのメッセージタイプをチェック |
// SSHのメッセージタイプをチェック |
| 2101 |
if (message != SSH_MSG_NONE) { |
if (message != SSH_MSG_NONE) { |
| 4202 |
return bits; |
return bits; |
| 4203 |
} |
} |
| 4204 |
|
|
| 4205 |
|
int get_ssh2_mac_etm(hmac_type type) |
| 4206 |
|
{ |
| 4207 |
|
ssh2_mac_t *ptr = ssh2_macs; |
| 4208 |
|
int etm; |
| 4209 |
|
|
| 4210 |
|
while (ptr->name != NULL) { |
| 4211 |
|
if (type == ptr->type) { |
| 4212 |
|
etm = ptr->etm; |
| 4213 |
|
break; |
| 4214 |
|
} |
| 4215 |
|
ptr++; |
| 4216 |
|
} |
| 4217 |
|
return etm; |
| 4218 |
|
} |
| 4219 |
|
|
| 4220 |
char* get_ssh2_comp_name(compression_type type) |
char* get_ssh2_comp_name(compression_type type) |
| 4221 |
{ |
{ |
| 4222 |
ssh2_comp_t *ptr = ssh2_comps; |
ssh2_comp_t *ptr = ssh2_comps; |
| 4750 |
if (get_ssh2_mac_truncatebits(val) != 0) { |
if (get_ssh2_mac_truncatebits(val) != 0) { |
| 4751 |
current_keys[mode].mac.mac_len = get_ssh2_mac_truncatebits(val) / 8; |
current_keys[mode].mac.mac_len = get_ssh2_mac_truncatebits(val) / 8; |
| 4752 |
} |
} |
| 4753 |
|
current_keys[mode].mac.etm = get_ssh2_mac_etm(val); |
| 4754 |
|
|
| 4755 |
// キーサイズとブロックサイズもここで設定しておく (2004.11.7 yutaka) |
// キーサイズとブロックサイズもここで設定しておく (2004.11.7 yutaka) |
| 4756 |
if (ctos == 1) { |
if (ctos == 1) { |
Tera Term
Parent Directory
Revision Log
Patch