| 1 |
/* Imported from OpenSSH-7.5p1, TeraTerm Project */ |
/* Imported from OpenSSH-7.5p1, TeraTerm Project */ |
| 2 |
|
|
| 3 |
/* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */ |
/* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */ |
| 4 |
/* |
/* |
| 5 |
* Copyright (c) 2003 Markus Friedl. All rights reserved. |
* Copyright (c) 2003 Markus Friedl. All rights reserved. |
| 6 |
* |
* |
| 7 |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
| 8 |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
| 9 |
* copyright notice and this permission notice appear in all copies. |
* copyright notice and this permission notice appear in all copies. |
| 10 |
* |
* |
| 11 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 12 |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 13 |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 14 |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 15 |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 16 |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 17 |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 18 |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 19 |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 20 |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 21 |
*/ |
*/ |
| 22 |
|
|
| 23 |
// #include "includes.h" |
// #include "includes.h" |
| 24 |
|
|
| 25 |
#include <sys/types.h> |
#include <sys/types.h> |
| 26 |
#include <string.h> |
#include <string.h> |
| 27 |
#include <openssl/evp.h> |
#include <openssl/evp.h> |
| 28 |
#include <windows.h> |
#include <windows.h> |
| 29 |
|
|
| 30 |
typedef unsigned int u_int; |
typedef unsigned int u_int; |
| 31 |
typedef unsigned char u_char; |
typedef unsigned char u_char; |
| 32 |
|
|
| 33 |
#include "ssherr.h" |
#include "ssherr.h" |
| 34 |
|
|
| 35 |
/* |
/* |
| 36 |
* This is used by SSH1: |
* This is used by SSH1: |
| 37 |
* |
* |
| 38 |
* What kind of triple DES are these 2 routines? |
* What kind of triple DES are these 2 routines? |
| 39 |
* |
* |
| 40 |
* Why is there a redundant initialization vector? |
* Why is there a redundant initialization vector? |
| 41 |
* |
* |
| 42 |
* If only iv3 was used, then, this would till effect have been |
* If only iv3 was used, then, this would till effect have been |
| 43 |
* outer-cbc. However, there is also a private iv1 == iv2 which |
* outer-cbc. However, there is also a private iv1 == iv2 which |
| 44 |
* perhaps makes differential analysis easier. On the other hand, the |
* perhaps makes differential analysis easier. On the other hand, the |
| 45 |
* private iv1 probably makes the CRC-32 attack ineffective. This is a |
* private iv1 probably makes the CRC-32 attack ineffective. This is a |
| 46 |
* result of that there is no longer any known iv1 to use when |
* result of that there is no longer any known iv1 to use when |
| 47 |
* choosing the X block. |
* choosing the X block. |
| 48 |
*/ |
*/ |
| 49 |
struct ssh1_3des_ctx |
struct ssh1_3des_ctx |
| 50 |
{ |
{ |
| 51 |
EVP_CIPHER_CTX *k1, *k2, *k3; |
EVP_CIPHER_CTX *k1, *k2, *k3; |
| 52 |
}; |
}; |
| 53 |
|
|
| 54 |
const EVP_CIPHER * evp_ssh1_3des(void); |
const EVP_CIPHER * evp_ssh1_3des(void); |
| 55 |
|
|
| 56 |
static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) |
static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) |
| 57 |
{ |
{ |
| 58 |
struct ssh1_3des_ctx *c; |
struct ssh1_3des_ctx *c; |
| 59 |
u_char *k1, *k2, *k3; |
u_char *k1, *k2, *k3; |
| 60 |
|
|
| 61 |
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { |
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { |
| 62 |
if ((c = calloc(1, sizeof(*c))) == NULL) |
if ((c = calloc(1, sizeof(*c))) == NULL) |
| 63 |
return 0; |
return 0; |
| 64 |
EVP_CIPHER_CTX_set_app_data(ctx, c); |
EVP_CIPHER_CTX_set_app_data(ctx, c); |
| 65 |
} |
} |
| 66 |
if (key == NULL) |
if (key == NULL) |
| 67 |
return 1; |
return 1; |
| 68 |
if (enc == -1) |
if (enc == -1) |
| 69 |
enc = EVP_CIPHER_CTX_encrypting(ctx); // ctx->encrypt |
enc = EVP_CIPHER_CTX_encrypting(ctx); // ctx->encrypt |
| 70 |
k1 = k2 = k3 = (u_char *) key; |
k1 = k2 = k3 = (u_char *) key; |
| 71 |
k2 += 8; |
k2 += 8; |
| 72 |
if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { |
if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { |
| 73 |
if (enc) |
if (enc) |
| 74 |
k3 += 16; |
k3 += 16; |
| 75 |
else |
else |
| 76 |
k1 += 16; |
k1 += 16; |
| 77 |
} |
} |
| 78 |
c->k1 = EVP_CIPHER_CTX_new(); |
c->k1 = EVP_CIPHER_CTX_new(); |
| 79 |
c->k2 = EVP_CIPHER_CTX_new(); |
c->k2 = EVP_CIPHER_CTX_new(); |
| 80 |
c->k3 = EVP_CIPHER_CTX_new(); |
c->k3 = EVP_CIPHER_CTX_new(); |
| 81 |
/*** TODO: OPENSSL1.1.1 ERROR CHECK(ticket#39335で処置予定) ***/ |
/*** TODO: OPENSSL1.1.1 ERROR CHECK(ticket#39335で処置予定) ***/ |
| 82 |
if (EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || |
if (EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || |
| 83 |
EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || |
EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || |
| 84 |
EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { |
EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { |
| 85 |
EVP_CIPHER_CTX_free(c->k1); |
EVP_CIPHER_CTX_free(c->k1); |
| 86 |
EVP_CIPHER_CTX_free(c->k2); |
EVP_CIPHER_CTX_free(c->k2); |
| 87 |
EVP_CIPHER_CTX_free(c->k3); |
EVP_CIPHER_CTX_free(c->k3); |
| 88 |
SecureZeroMemory(c, sizeof(*c)); |
SecureZeroMemory(c, sizeof(*c)); |
| 89 |
free(c); |
free(c); |
| 90 |
EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
| 91 |
return 0; |
return 0; |
| 92 |
} |
} |
| 93 |
return 1; |
return 1; |
| 94 |
} |
} |
| 95 |
|
|
| 96 |
static int ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) |
static int ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) |
| 97 |
{ |
{ |
| 98 |
struct ssh1_3des_ctx *c; |
struct ssh1_3des_ctx *c; |
| 99 |
|
|
| 100 |
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { |
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { |
| 101 |
//error("ssh1_3des_cbc: no context"); |
//error("ssh1_3des_cbc: no context"); |
| 102 |
return 0; |
return 0; |
| 103 |
} |
} |
| 104 |
if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 || |
if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 || |
| 105 |
EVP_Cipher(c->k2, dest, dest, len) == 0 || |
EVP_Cipher(c->k2, dest, dest, len) == 0 || |
| 106 |
EVP_Cipher(c->k3, dest, dest, len) == 0) |
EVP_Cipher(c->k3, dest, dest, len) == 0) |
| 107 |
return 0; |
return 0; |
| 108 |
return 1; |
return 1; |
| 109 |
} |
} |
| 110 |
|
|
| 111 |
static int ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) |
static int ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) |
| 112 |
{ |
{ |
| 113 |
struct ssh1_3des_ctx *c; |
struct ssh1_3des_ctx *c; |
| 114 |
|
|
| 115 |
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { |
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { |
| 116 |
EVP_CIPHER_CTX_free(c->k1); |
EVP_CIPHER_CTX_free(c->k1); |
| 117 |
EVP_CIPHER_CTX_free(c->k2); |
EVP_CIPHER_CTX_free(c->k2); |
| 118 |
EVP_CIPHER_CTX_free(c->k3); |
EVP_CIPHER_CTX_free(c->k3); |
| 119 |
SecureZeroMemory(c, sizeof(*c)); |
SecureZeroMemory(c, sizeof(*c)); |
| 120 |
free(c); |
free(c); |
| 121 |
EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
| 122 |
} |
} |
| 123 |
return 1; |
return 1; |
| 124 |
} |
} |
| 125 |
|
|
| 126 |
const EVP_CIPHER *evp_ssh1_3des(void) |
const EVP_CIPHER *evp_ssh1_3des(void) |
| 127 |
{ |
{ |
| 128 |
#ifndef LIBRESSL_VERSION_NUMBER |
#ifndef LIBRESSL_VERSION_NUMBER |
| 129 |
static EVP_CIPHER *p = NULL; |
static EVP_CIPHER *p = NULL; |
| 130 |
|
|
| 131 |
if (p == NULL) { |
if (p == NULL) { |
| 132 |
p = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/16); |
p = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/16); |
| 133 |
/*** TODO: OPENSSL1.1.1 ERROR CHECK(ticket#39335で処置予定) ***/ |
/*** TODO: OPENSSL1.1.1 ERROR CHECK(ticket#39335で処置予定) ***/ |
| 134 |
} |
} |
| 135 |
if (p) { |
if (p) { |
| 136 |
EVP_CIPHER_meth_set_iv_length(p, 0); |
EVP_CIPHER_meth_set_iv_length(p, 0); |
| 137 |
EVP_CIPHER_meth_set_init(p, ssh1_3des_init); |
EVP_CIPHER_meth_set_init(p, ssh1_3des_init); |
| 138 |
EVP_CIPHER_meth_set_cleanup(p, ssh1_3des_cleanup); |
EVP_CIPHER_meth_set_cleanup(p, ssh1_3des_cleanup); |
| 139 |
EVP_CIPHER_meth_set_do_cipher(p, ssh1_3des_cbc); |
EVP_CIPHER_meth_set_do_cipher(p, ssh1_3des_cbc); |
| 140 |
EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH); |
EVP_CIPHER_meth_set_flags(p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH); |
| 141 |
} |
} |
| 142 |
return (p); |
return (p); |
| 143 |
#else |
#else |
| 144 |
static EVP_CIPHER ssh1_3des; |
static EVP_CIPHER ssh1_3des; |
| 145 |
|
|
| 146 |
memset(&ssh1_3des, 0, sizeof(EVP_CIPHER)); |
memset(&ssh1_3des, 0, sizeof(EVP_CIPHER)); |
| 147 |
ssh1_3des.nid = NID_undef; |
ssh1_3des.nid = NID_undef; |
| 148 |
ssh1_3des.block_size = 8; |
ssh1_3des.block_size = 8; |
| 149 |
ssh1_3des.iv_len = 0; |
ssh1_3des.iv_len = 0; |
| 150 |
ssh1_3des.key_len = 16; |
ssh1_3des.key_len = 16; |
| 151 |
ssh1_3des.init = ssh1_3des_init; |
ssh1_3des.init = ssh1_3des_init; |
| 152 |
ssh1_3des.cleanup = ssh1_3des_cleanup; |
ssh1_3des.cleanup = ssh1_3des_cleanup; |
| 153 |
ssh1_3des.do_cipher = ssh1_3des_cbc; |
ssh1_3des.do_cipher = ssh1_3des_cbc; |
| 154 |
ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; |
ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; |
| 155 |
return (&ssh1_3des); |
return (&ssh1_3des); |
| 156 |
#endif |
#endif |
| 157 |
} |
} |
Tera Term
Parent Directory
Revision Log
Patch