Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/trunk/ttssh2/ttxssh/cipher.c

Annotation of /trunk/ttssh2/ttxssh/cipher.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 10648 - (hide annotations) (download) (as text)
Tue Mar 28 14:12:32 2023 UTC (12 months, 2 weeks ago) by nmaya
File MIME type: text/x-csrc
File size: 21844 byte(s) 
EVP_CIPHER 構造体を用いる場合と、EVP_CIPHER_meth_new() 関数を用いる場合の条件分岐を整理

LibreSSL 3.5.0-3.7.0 は EVP_CIPHER 構造体も EVP_CIPHER_meth_new() 関数も使えない

ticket #45656, #43469, wiki:暗号ライブラリ
1 nmaya 9210 /*
2     * Copyright (c) 1998-2001, Robert O'Callahan
3     * (C) 2004- TeraTerm Project
4     * All rights reserved.
5     *
6     * Redistribution and use in source and binary forms, with or without
7     * modification, are permitted provided that the following conditions
8     * are met:
9     *
10     * 1. Redistributions of source code must retain the above copyright
11     * notice, this list of conditions and the following disclaimer.
12     * 2. Redistributions in binary form must reproduce the above copyright
13     * notice, this list of conditions and the following disclaimer in the
14     * documentation and/or other materials provided with the distribution.
15     * 3. The name of the author may not be used to endorse or promote products
16     * derived from this software without specific prior written permission.
17     *
18     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19     * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21     * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22     * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23     * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28     */
29    
30     #include "ttxssh.h"
31     #include "ssh.h"
32     #include "ssherr.h"
33     #include "cipher.h"
34     #include "kex.h"
35    
36     #include <openssl/evp.h>
37    
38 nmaya 9255 #include "codeconv.h"
39    
40 zmatsuo 10529 #include "cipher-3des1.h"
41     #include "cipher-ctr.h"
42 nmaya 9210
43     static const struct ssh2cipher ssh2_ciphers[] = {
44     {SSH2_CIPHER_3DES_CBC, "3des-cbc", 8, 24, 0, 0, 0, EVP_des_ede3_cbc}, // RFC4253
45     {SSH2_CIPHER_AES128_CBC, "aes128-cbc", 16, 16, 0, 0, 0, EVP_aes_128_cbc}, // RFC4253
46     {SSH2_CIPHER_AES192_CBC, "aes192-cbc", 16, 24, 0, 0, 0, EVP_aes_192_cbc}, // RFC4253
47     {SSH2_CIPHER_AES256_CBC, "aes256-cbc", 16, 32, 0, 0, 0, EVP_aes_256_cbc}, // RFC4253
48     {SSH2_CIPHER_BLOWFISH_CBC, "blowfish-cbc", 8, 16, 0, 0, 0, EVP_bf_cbc}, // RFC4253
49 nmaya 9693 {SSH2_CIPHER_AES128_CTR, "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr}, // RFC4344
50     {SSH2_CIPHER_AES192_CTR, "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr}, // RFC4344
51     {SSH2_CIPHER_AES256_CTR, "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr}, // RFC4344
52 nmaya 9210 {SSH2_CIPHER_ARCFOUR, "arcfour", 8, 16, 0, 0, 0, EVP_rc4}, // RFC4253
53     {SSH2_CIPHER_ARCFOUR128, "arcfour128", 8, 16, 1536, 0, 0, EVP_rc4}, // RFC4345
54     {SSH2_CIPHER_ARCFOUR256, "arcfour256", 8, 32, 1536, 0, 0, EVP_rc4}, // RFC4345
55     {SSH2_CIPHER_CAST128_CBC, "cast128-cbc", 8, 16, 0, 0, 0, EVP_cast5_cbc}, // RFC4253
56     {SSH2_CIPHER_3DES_CTR, "3des-ctr", 8, 24, 0, 0, 0, evp_des3_ctr}, // RFC4344
57     {SSH2_CIPHER_BLOWFISH_CTR, "blowfish-ctr", 8, 32, 0, 0, 0, evp_bf_ctr}, // RFC4344
58     {SSH2_CIPHER_CAST128_CTR, "cast128-ctr", 8, 16, 0, 0, 0, evp_cast5_ctr}, // RFC4344
59     {SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc", 16, 16, 0, 0, 0, EVP_camellia_128_cbc}, // draft-kanno-secsh-camellia-02
60     {SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc", 16, 24, 0, 0, 0, EVP_camellia_192_cbc}, // draft-kanno-secsh-camellia-02
61     {SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc", 16, 32, 0, 0, 0, EVP_camellia_256_cbc}, // draft-kanno-secsh-camellia-02
62 nmaya 9694 #ifndef LIBRESSL_VERSION_NUMBER
63 nmaya 9693 {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr", 16, 16, 0, 0, 0, EVP_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
64     {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr", 16, 24, 0, 0, 0, EVP_camellia_192_ctr}, // draft-kanno-secsh-camellia-02
65     {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr", 16, 32, 0, 0, 0, EVP_camellia_256_ctr}, // draft-kanno-secsh-camellia-02
66 nmaya 9694 #else
67     {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr", 16, 16, 0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
68     {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr", 16, 24, 0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
69     {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr", 16, 32, 0, 0, 0, evp_camellia_128_ctr}, // draft-kanno-secsh-camellia-02
70     #endif
71 nmaya 9210 #ifdef WITH_CAMELLIA_PRIVATE
72     {SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc@openssh.org", 16, 16, 0, 0, 0, EVP_camellia_128_cbc},
73     {SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc@openssh.org", 16, 24, 0, 0, 0, EVP_camellia_192_cbc},
74     {SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc@openssh.org", 16, 32, 0, 0, 0, EVP_camellia_256_cbc},
75     {SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr@openssh.org", 16, 16, 0, 0, 0, evp_camellia_128_ctr},
76     {SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr@openssh.org", 16, 24, 0, 0, 0, evp_camellia_128_ctr},
77     {SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr@openssh.org", 16, 32, 0, 0, 0, evp_camellia_128_ctr},
78     #endif // WITH_CAMELLIA_PRIVATE
79     {SSH2_CIPHER_AES128_GCM, "aes128-gcm@openssh.com", 16, 16, 0, 12, 16, EVP_aes_128_gcm}, // not RFC5647, PROTOCOL of OpenSSH
80     {SSH2_CIPHER_AES256_GCM, "aes256-gcm@openssh.com", 16, 32, 0, 12, 16, EVP_aes_256_gcm}, // not RFC5647, PROTOCOL of OpenSSH
81 nmaya 9255 {SSH2_CIPHER_CHACHAPOLY, "chacha20-poly1305@openssh.com", 8, 64, 0, 0, 16, EVP_enc_null},
82     {SSH_CIPHER_NONE, "none", 8, 0, 0, 0, 0, EVP_enc_null}, // for no passphrase key file
83     {SSH_CIPHER_3DES, "3des", 8, 16, 0, 0, 0, evp_ssh1_3des}, // for RSA1 key file
84 nmaya 9210 };
85    
86    
87     int get_cipher_id(const struct ssh2cipher *cipher)
88     {
89     if (cipher) {
90     return cipher->id;
91     }
92     else {
93     return 0;
94     }
95     }
96    
97     u_int get_cipher_block_size(const struct ssh2cipher *cipher)
98     {
99     u_int blocksize = 0;
100 zmatsuo 10529
101 nmaya 9210 if (cipher) {
102     blocksize = cipher->block_size;
103     }
104    
105     return max(blocksize, 8);
106     }
107    
108     u_int get_cipher_key_len(const struct ssh2cipher *cipher)
109     {
110     if (cipher) {
111     return cipher->key_len;
112     }
113     else {
114     return 0;
115     }
116     }
117    
118     u_int get_cipher_discard_len(const struct ssh2cipher *cipher)
119     {
120     if (cipher) {
121     return cipher->discard_len;
122     }
123     else {
124     return 0;
125     }
126     }
127    
128     u_int get_cipher_iv_len(const struct ssh2cipher *cipher)
129     {
130     if (cipher) {
131 nmaya 9255 if (cipher->iv_len != 0 || cipher->id == SSH2_CIPHER_CHACHAPOLY) {
132 nmaya 9210 return cipher->iv_len;
133     }
134     else {
135     return cipher->block_size;
136     }
137     }
138     else {
139     return 8; // block_size
140     }
141     }
142    
143     u_int get_cipher_auth_len(const struct ssh2cipher *cipher)
144     {
145     if (cipher) {
146     return cipher->auth_len;
147     }
148     else {
149     return 0;
150     }
151     }
152    
153     const EVP_CIPHER *get_cipher_EVP_CIPHER(const struct ssh2cipher *cipher)
154     {
155     if (cipher) {
156     return cipher->func();
157     }
158     else {
159     return EVP_enc_null();
160     }
161     }
162    
163     char *get_cipher_string(const struct ssh2cipher *cipher)
164     {
165     if (cipher) {
166     return cipher->name;
167     }
168     else {
169     return "unknown";
170     }
171     }
172    
173     // �����A���S���Y�����������������B
174     const struct ssh2cipher *get_cipher_by_name(char *name)
175     {
176     const struct ssh2cipher *ptr = ssh2_ciphers;
177    
178     if (name == NULL || name[0] == '\0')
179     return NULL;
180    
181     while (ptr->name != NULL) {
182     if (strcmp(ptr->name, name) == 0) {
183     return ptr;
184     }
185     ptr++;
186     }
187    
188     // not found.
189     return NULL;
190     }
191    
192     // �\����
193     char *get_cipher_name(int cipher_id)
194     {
195     switch (cipher_id) {
196     case SSH_CIPHER_NONE:
197     return "None";
198     case SSH_CIPHER_3DES:
199     return "3DES (168 key bits)";
200     case SSH_CIPHER_DES:
201     return "DES (56 key bits)";
202     case SSH_CIPHER_BLOWFISH:
203     return "Blowfish (256 key bits)";
204    
205 zmatsuo 10529 // SSH2
206 nmaya 9210 case SSH2_CIPHER_3DES_CBC:
207     return "3des-cbc";
208     case SSH2_CIPHER_AES128_CBC:
209     return "aes128-cbc";
210     case SSH2_CIPHER_AES192_CBC:
211     return "aes192-cbc";
212     case SSH2_CIPHER_AES256_CBC:
213     return "aes256-cbc";
214     case SSH2_CIPHER_BLOWFISH_CBC:
215     return "blowfish-cbc";
216     case SSH2_CIPHER_AES128_CTR:
217     return "aes128-ctr";
218     case SSH2_CIPHER_AES192_CTR:
219     return "aes192-ctr";
220     case SSH2_CIPHER_AES256_CTR:
221     return "aes256-ctr";
222     case SSH2_CIPHER_ARCFOUR:
223     return "arcfour";
224     case SSH2_CIPHER_ARCFOUR128:
225     return "arcfour128";
226     case SSH2_CIPHER_ARCFOUR256:
227     return "arcfour256";
228     case SSH2_CIPHER_CAST128_CBC:
229     return "cast-128-cbc";
230     case SSH2_CIPHER_3DES_CTR:
231     return "3des-ctr";
232     case SSH2_CIPHER_BLOWFISH_CTR:
233     return "blowfish-ctr";
234     case SSH2_CIPHER_CAST128_CTR:
235     return "cast-128-ctr";
236     case SSH2_CIPHER_CAMELLIA128_CBC:
237     return "camellia128-cbc";
238     case SSH2_CIPHER_CAMELLIA192_CBC:
239     return "camellia192-cbc";
240     case SSH2_CIPHER_CAMELLIA256_CBC:
241     return "camellia256-cbc";
242     case SSH2_CIPHER_CAMELLIA128_CTR:
243     return "camellia128-ctr";
244     case SSH2_CIPHER_CAMELLIA192_CTR:
245     return "camellia192-ctr";
246     case SSH2_CIPHER_CAMELLIA256_CTR:
247     return "camellia256-ctr";
248     case SSH2_CIPHER_AES128_GCM:
249     return "aes128-gcm@openssh.com";
250     case SSH2_CIPHER_AES256_GCM:
251     return "aes256-gcm@openssh.com";
252 nmaya 9255 case SSH2_CIPHER_CHACHAPOLY:
253     return "chacha20-poly1305@openssh.com(SSH2)";
254 nmaya 9210
255     default:
256     return "Unknown";
257     }
258     }
259    
260     // ���X�g�{�b�N�X�\����
261 nmaya 9255 wchar_t *get_listbox_cipher_nameW(int cipher_id, PTInstVar pvar)
262 nmaya 9210 {
263 nmaya 9255 typedef struct {
264     int no;
265     const char *nameA;
266     } list_t;
267     static const list_t list[] = {
268     { SSH_CIPHER_3DES, "3DES(SSH1)" },
269     { SSH_CIPHER_DES, "DES(SSH1)" },
270     { SSH_CIPHER_BLOWFISH, "Blowfish(SSH1)" },
271     { SSH2_CIPHER_AES128_CBC, "aes128-cbc(SSH2)" },
272     { SSH2_CIPHER_AES192_CBC, "aes192-cbc(SSH2)" },
273     { SSH2_CIPHER_AES256_CBC, "aes256-cbc(SSH2)" },
274     { SSH2_CIPHER_3DES_CBC, "3des-cbc(SSH2)" },
275     { SSH2_CIPHER_BLOWFISH_CBC, "blowfish-cbc(SSH2)" },
276     { SSH2_CIPHER_AES128_CTR, "aes128-ctr(SSH2)" },
277     { SSH2_CIPHER_AES192_CTR, "aes192-ctr(SSH2)" },
278     { SSH2_CIPHER_AES256_CTR, "aes256-ctr(SSH2)" },
279     { SSH2_CIPHER_ARCFOUR, "arcfour(SSH2)" },
280     { SSH2_CIPHER_ARCFOUR128, "arcfour128(SSH2)" },
281     { SSH2_CIPHER_ARCFOUR256, "arcfour256(SSH2)" },
282     { SSH2_CIPHER_CAST128_CBC, "cast128-cbc(SSH2)" },
283     { SSH2_CIPHER_3DES_CTR, "3des-ctr(SSH2)" },
284     { SSH2_CIPHER_BLOWFISH_CTR, "blowfish-ctr(SSH2)" },
285     { SSH2_CIPHER_CAST128_CTR, "cast128-ctr(SSH2)" },
286     { SSH2_CIPHER_CAMELLIA128_CBC, "camellia128-cbc(SSH2)" },
287     { SSH2_CIPHER_CAMELLIA192_CBC, "camellia192-cbc(SSH2)" },
288     { SSH2_CIPHER_CAMELLIA256_CBC, "camellia256-cbc(SSH2)" },
289     { SSH2_CIPHER_CAMELLIA128_CTR, "camellia128-ctr(SSH2)" },
290     { SSH2_CIPHER_CAMELLIA192_CTR, "camellia192-ctr(SSH2)" },
291     { SSH2_CIPHER_CAMELLIA256_CTR, "camellia256-ctr(SSH2)" },
292     { SSH2_CIPHER_AES128_GCM, "aes128-gcm@openssh.com(SSH2)" },
293     { SSH2_CIPHER_AES256_GCM, "aes256-gcm@openssh.com(SSH2)" },
294     { SSH2_CIPHER_CHACHAPOLY, "chacha20-poly1305@openssh.com(SSH2)" },
295     };
296     int i;
297     const list_t *p = list;
298 nmaya 9210
299 nmaya 9255 if (cipher_id == SSH_CIPHER_NONE) {
300     wchar_t uimsg[MAX_UIMSG];
301     UTIL_get_lang_msgW("DLG_SSHSETUP_CIPHER_BORDER", pvar,
302     L"<ciphers below this line are disabled>", uimsg);
303     return _wcsdup(uimsg);
304 nmaya 9210 }
305 nmaya 9255 for (i = 0; i < _countof(list); p++,i++) {
306     if (p->no == cipher_id) {
307     return ToWcharA(p->nameA);
308     }
309     }
310     return NULL;
311 nmaya 9210 }
312    
313     /*
314     * Remove unsupported cipher or duplicated cipher.
315     * Add unspecified ciphers at the end of list.
316     */
317     void normalize_cipher_order(char *buf)
318     {
319     /* SSH_CIPHER_NONE means that all ciphers below that one are disabled.
320     We *never* allow no encryption. */
321     static char default_strings[] = {
322     SSH2_CIPHER_AES256_GCM,
323 nmaya 10648 #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER <= 0x3040300fL || LIBRESSL_VERSION_NUMBER >= 0x3070100fL
324 nmaya 9210 SSH2_CIPHER_CAMELLIA256_CTR,
325 nmaya 10648 #endif
326 nmaya 9255 SSH2_CIPHER_CHACHAPOLY,
327 nmaya 9210 SSH2_CIPHER_AES256_CTR,
328     SSH2_CIPHER_CAMELLIA256_CBC,
329     SSH2_CIPHER_AES256_CBC,
330 nmaya 10648 #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER <= 0x3040300fL || LIBRESSL_VERSION_NUMBER >= 0x3070100fL
331 nmaya 9210 SSH2_CIPHER_CAMELLIA192_CTR,
332 nmaya 10648 #endif
333 nmaya 9210 SSH2_CIPHER_AES192_CTR,
334     SSH2_CIPHER_CAMELLIA192_CBC,
335     SSH2_CIPHER_AES192_CBC,
336     SSH2_CIPHER_AES128_GCM,
337 nmaya 10648 #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER <= 0x3040300fL || LIBRESSL_VERSION_NUMBER >= 0x3070100fL
338 nmaya 9210 SSH2_CIPHER_CAMELLIA128_CTR,
339 nmaya 10648 #endif
340 nmaya 9210 SSH2_CIPHER_AES128_CTR,
341     SSH2_CIPHER_CAMELLIA128_CBC,
342     SSH2_CIPHER_AES128_CBC,
343 nmaya 10648 #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER <= 0x3040300fL || LIBRESSL_VERSION_NUMBER >= 0x3070100fL
344 nmaya 9210 SSH2_CIPHER_3DES_CTR,
345 nmaya 9693 #endif
346 nmaya 9210 SSH2_CIPHER_3DES_CBC,
347 nmaya 10648 #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER <= 0x3040300fL || LIBRESSL_VERSION_NUMBER >= 0x3070100fL
348 nmaya 9210 SSH2_CIPHER_BLOWFISH_CTR,
349 nmaya 10647 #endif
350 nmaya 9210 SSH2_CIPHER_BLOWFISH_CBC,
351 nmaya 10648 #if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER <= 0x3040300fL || LIBRESSL_VERSION_NUMBER >= 0x3070100fL
352 nmaya 9210 SSH2_CIPHER_CAST128_CTR,
353 nmaya 10647 #endif
354 nmaya 9210 SSH2_CIPHER_CAST128_CBC,
355     SSH_CIPHER_3DES,
356     SSH_CIPHER_NONE,
357     SSH2_CIPHER_ARCFOUR256,
358     SSH2_CIPHER_ARCFOUR128,
359     SSH2_CIPHER_ARCFOUR,
360     SSH_CIPHER_BLOWFISH,
361     SSH_CIPHER_DES,
362 nmaya 10648 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER > 0x3040300fL && LIBRESSL_VERSION_NUMBER < 0x3070100fL
363     0, 0, 0, // Dummy for SSH2_CIPHER_CAMELLIA256_CTR, SSH2_CIPHER_CAMELLIA192_CTR, SSH2_CIPHER_CAMELLIA128_CTR
364 nmaya 10647 0, 0, 0, // Dummy for SSH2_CIPHER_3DES_CTR, SSH2_CIPHER_BLOWFISH_CTR, SSH2_CIPHER_CAST128_CTR
365 nmaya 9693 #endif
366 nmaya 9210 0, 0, 0 // Dummy for SSH_CIPHER_IDEA, SSH_CIPHER_TSS, SSH_CIPHER_RC4
367     };
368    
369     normalize_generic_order(buf, default_strings, NUM_ELEM(default_strings));
370     }
371    
372     const struct ssh2cipher *choose_SSH2_cipher_algorithm(char *server_proposal, char *my_proposal)
373     {
374     char str_cipher[32];
375     const struct ssh2cipher *ptr = ssh2_ciphers;
376    
377     choose_SSH2_proposal(server_proposal, my_proposal, str_cipher, sizeof(str_cipher));
378     return get_cipher_by_name(str_cipher);
379     }
380    
381     void SSH2_update_cipher_myproposal(PTInstVar pvar)
382     {
383     static char buf[512]; // TODO: malloc()��������
384     int cipher;
385     int len, i;
386     char *c_str;
387    
388     // ���M�������������������������A�O�������B(2006.6.26 maya)
389     if (pvar->socket != INVALID_SOCKET) {
390     return;
391     }
392    
393     // �����A���S���Y���D���������������Amyproposal[]�������������B(2004.11.6 yutaka)
394     buf[0] = '\0';
395     for (i = 0 ; pvar->settings.CipherOrder[i] != 0 ; i++) {
396     cipher = pvar->settings.CipherOrder[i] - '0';
397     if (cipher == 0) // disabled line
398     break;
399     switch (cipher) {
400     case SSH2_CIPHER_3DES_CBC:
401     c_str = "3des-cbc,";
402     break;
403     case SSH2_CIPHER_3DES_CTR:
404     c_str = "3des-ctr,";
405     break;
406     case SSH2_CIPHER_BLOWFISH_CBC:
407     c_str = "blowfish-cbc,";
408     break;
409     case SSH2_CIPHER_BLOWFISH_CTR:
410     c_str = "blowfish-ctr,";
411     break;
412     case SSH2_CIPHER_AES128_CBC:
413     c_str = "aes128-cbc,";
414     break;
415     case SSH2_CIPHER_AES192_CBC:
416     c_str = "aes192-cbc,";
417     break;
418     case SSH2_CIPHER_AES256_CBC:
419     c_str = "aes256-cbc,";
420     break;
421     case SSH2_CIPHER_AES128_CTR:
422     c_str = "aes128-ctr,";
423     break;
424     case SSH2_CIPHER_AES192_CTR:
425     c_str = "aes192-ctr,";
426     break;
427     case SSH2_CIPHER_AES256_CTR:
428     c_str = "aes256-ctr,";
429     break;
430     case SSH2_CIPHER_ARCFOUR:
431     c_str = "arcfour,";
432     break;
433     case SSH2_CIPHER_ARCFOUR128:
434     c_str = "arcfour128,";
435     break;
436     case SSH2_CIPHER_ARCFOUR256:
437     c_str = "arcfour256,";
438     break;
439     case SSH2_CIPHER_CAST128_CBC:
440     c_str = "cast128-cbc,";
441     break;
442     case SSH2_CIPHER_CAST128_CTR:
443     c_str = "cast128-ctr,";
444     break;
445     #ifdef WITH_CAMELLIA_PRIVATE
446     case SSH2_CIPHER_CAMELLIA128_CBC:
447     c_str = "camellia128-cbc,camellia128-cbc@openssh.org,";
448     break;
449     case SSH2_CIPHER_CAMELLIA192_CBC:
450     c_str = "camellia192-cbc,camellia192-cbc@openssh.org,";
451     break;
452     case SSH2_CIPHER_CAMELLIA256_CBC:
453     c_str = "camellia256-cbc,camellia256-cbc@openssh.org,";
454     break;
455     case SSH2_CIPHER_CAMELLIA128_CTR:
456     c_str = "camellia128-ctr,camellia128-ctr@openssh.org,";
457     break;
458     case SSH2_CIPHER_CAMELLIA192_CTR:
459     c_str = "camellia192-ctr,camellia192-ctr@openssh.org,";
460     break;
461     case SSH2_CIPHER_CAMELLIA256_CTR:
462     c_str = "camellia256-ctr,camellia256-ctr@openssh.org,";
463     break;
464     #endif // WITH_CAMELLIA_PRIVATE
465     case SSH2_CIPHER_CAMELLIA128_CBC:
466     c_str = "camellia128-cbc,";
467     break;
468     case SSH2_CIPHER_CAMELLIA192_CBC:
469     c_str = "camellia192-cbc,";
470     break;
471     case SSH2_CIPHER_CAMELLIA256_CBC:
472     c_str = "camellia256-cbc,";
473     break;
474     case SSH2_CIPHER_CAMELLIA128_CTR:
475     c_str = "camellia128-ctr,";
476     break;
477     case SSH2_CIPHER_CAMELLIA192_CTR:
478     c_str = "camellia192-ctr,";
479     break;
480     case SSH2_CIPHER_CAMELLIA256_CTR:
481     c_str = "camellia256-ctr,";
482     break;
483     case SSH2_CIPHER_AES128_GCM:
484     c_str = "aes128-gcm@openssh.com,";
485     break;
486     case SSH2_CIPHER_AES256_GCM:
487     c_str = "aes256-gcm@openssh.com,";
488     break;
489 nmaya 9255 case SSH2_CIPHER_CHACHAPOLY:
490     c_str = "chacha20-poly1305@openssh.com,";
491     break;
492 nmaya 9210 default:
493     continue;
494     }
495     strncat_s(buf, sizeof(buf), c_str, _TRUNCATE);
496     }
497     len = strlen(buf);
498     if (len > 0)
499     buf[len - 1] = '\0'; // get rid of comma
500     myproposal[PROPOSAL_ENC_ALGS_CTOS] = buf; // Client To Server
501     myproposal[PROPOSAL_ENC_ALGS_STOC] = buf; // Server To Client
502     }
503    
504    
505     //
506     // SSH2�p�A���S���Y����������
507     //
508 nmaya 9255 int cipher_init_SSH2(
509     struct sshcipher_ctx **ccp, const struct ssh2cipher *cipher,
510     const u_char *key, u_int keylen,
511     const u_char *iv, u_int ivlen,
512     int do_encrypt,
513     PTInstVar pvar)
514 nmaya 9210 {
515 nmaya 9255 struct sshcipher_ctx *cc = NULL;
516     int ret = SSH_ERR_INTERNAL_ERROR;
517     const EVP_CIPHER *type;
518 nmaya 9210 int klen;
519     unsigned char *junk = NULL, *discard = NULL;
520     char tmp[80];
521    
522 nmaya 9255 *ccp = NULL;
523     if ((cc = calloc(sizeof(*cc), 1)) == NULL) {
524 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
525 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 1);
526 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
527 nmaya 9255 return SSH_ERR_ALLOC_FAIL;
528 nmaya 9210 }
529 nmaya 9255
530     if (keylen < cipher->key_len) {
531 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
532 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 2);
533 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
534 nmaya 9255 ret = SSH_ERR_INVALID_ARGUMENT;
535     goto out;
536 nmaya 9210 }
537 nmaya 9255 if (iv != NULL && ivlen < get_cipher_iv_len(cipher)) {
538     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
539 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 3);
540 nmaya 9255 notify_fatal_error(pvar, tmp, TRUE);
541     ret = SSH_ERR_INVALID_ARGUMENT;
542     goto out;
543     }
544    
545     cc->cipher = cipher;
546     if (cipher->id == SSH2_CIPHER_CHACHAPOLY) {
547     cc->cp_ctx = chachapoly_new(key, keylen);
548     ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT;
549     if (ret == SSH_ERR_INVALID_ARGUMENT) {
550     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
551 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 4);
552 nmaya 9255 notify_fatal_error(pvar, tmp, TRUE);
553     }
554     goto out;
555     }
556     type = (*cipher->func)();
557     if ((cc->evp = EVP_CIPHER_CTX_new()) == NULL) {
558     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
559 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 5);
560 nmaya 9255 notify_fatal_error(pvar, tmp, TRUE);
561     ret = SSH_ERR_ALLOC_FAIL;
562     goto out;
563     }
564     if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, (do_encrypt == CIPHER_ENCRYPT)) == 0) {
565     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
566 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 6);
567 nmaya 9255 notify_fatal_error(pvar, tmp, TRUE);
568     ret = SSH_ERR_LIBCRYPTO_ERROR;
569     goto out;
570     }
571     if (get_cipher_auth_len(cipher) &&
572     !EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED, -1, (u_char *)iv)) {
573     UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
574 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 7);
575 nmaya 9255 notify_fatal_error(pvar, tmp, TRUE);
576     ret = SSH_ERR_LIBCRYPTO_ERROR;
577     goto out;
578     }
579     klen = EVP_CIPHER_CTX_key_length(cc->evp);
580 nmaya 9210 if (klen > 0 && keylen != (u_int)klen) {
581 nmaya 9255 if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
582 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
583 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 8);
584 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
585 nmaya 9255 ret = SSH_ERR_LIBCRYPTO_ERROR;
586     goto out;
587 nmaya 9210 }
588     }
589 nmaya 9255 if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
590 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
591 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 9);
592 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
593 nmaya 9255 ret = SSH_ERR_LIBCRYPTO_ERROR;
594     goto out;
595 nmaya 9210 }
596    
597 nmaya 9255 if (cipher->discard_len > 0) {
598     junk = malloc(cipher->discard_len);
599     discard = malloc(cipher->discard_len);
600 nmaya 9210 if (junk == NULL || discard == NULL ||
601 nmaya 9255 EVP_Cipher(cc->evp, discard, junk, cipher->discard_len) == 0) {
602 nmaya 9210 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar, "Cipher initialize error(%d)");
603 zmatsuo 10618 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg, 10);
604 nmaya 9210 notify_fatal_error(pvar, tmp, TRUE);
605     }
606     else {
607 nmaya 9255 SecureZeroMemory(discard, cipher->discard_len);
608 nmaya 9210 }
609     free(junk);
610     free(discard);
611     }
612 nmaya 9255 ret = 0;
613    
614     out:
615     if (ret == 0) {
616     *ccp = cc;
617     }
618     else {
619     if (cc != NULL) {
620     EVP_CIPHER_CTX_free(cc->evp);
621     SecureZeroMemory(cc, sizeof(*cc));
622     }
623     }
624     return ret;
625 nmaya 9210 }
626    
627     //
628     // SSH2�p�A���S���Y�����j��
629     ///
630 nmaya 9255 void cipher_free_SSH2(struct sshcipher_ctx *cc)
631 nmaya 9210 {
632 nmaya 9255 if (cc == NULL)
633     return;
634     if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
635     chachapoly_free(cc->cp_ctx);
636     cc->cp_ctx = NULL;
637     }
638     EVP_CIPHER_CTX_free(cc->evp);
639     cc->evp = NULL;
640     SecureZeroMemory(cc, sizeof(*cc));
641 nmaya 9210 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help