Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/trunk/ttssh2/ttxssh/crypt.c

Contents of /trunk/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 10618 - (show annotations) (download) (as text)
Fri Mar 3 15:15:16 2023 UTC (14 months, 3 weeks ago) by zmatsuo
File MIME type: text/x-csrc
File size: 38995 byte(s) 
ttxsshで tttset.UIMsg[] ではなく TInstVar.UIMsg[] を使用するよう修正

- lng(i18n)用文字列領域
- ttxssh 以外は tttset.UIMsg[] を使用しなくなった
  - Unicode(wchar_t)版動的な文字列取得に切り替えた
  - tttset.UIMsg[] は ANSI(char) 文字列
- プラグイン用ワーク内に TInstVar.UIMsg[] を新設した
1 /*
2 * Copyright (c) 1998-2001, Robert O'Callahan
3 * (C) 2004- TeraTerm Project
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #define WINDOWS
31
32 #include "ttxssh.h"
33 #include "util.h"
34
35 #include <openssl/rand.h>
36 #include <openssl/bn.h>
37 #include <openssl/md5.h>
38 #include <openssl/err.h>
39 #include <openssl/des.h>
40 #include <openssl/hmac.h> // for SSH2(yutaka)
41 #include <openssl/dsa.h>
42 #include "cipher.h"
43 #include "ssh.h"
44
45 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
46 #define get_uint32(buf) get_uint32_MSBfirst((buf))
47
48 #define DEATTACK_OK 0
49 #define DEATTACK_DETECTED 1
50
51 /*
52 * $Id: crypt.c,v 1.28 2008-11-23 07:44:05 doda Exp $ Cryptographic attack
53 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
54 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
55 */
56
57 /* SSH Constants */
58 #define SSH_BLOCKSIZE 8
59
60 /* Hashing constants */
61 #define HASH_MINSIZE 8*2048
62 #define HASH_ENTRYSIZE 4
63 #define HASH_FACTOR(x) ((x)*3/2)
64 #define HASH_UNUSEDCHAR 0xff
65 #define HASH_UNUSED 0xffffffff
66 #define HASH_IV 0xfffffffe
67
68 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
69
70 /* Hash function (Input keys are cipher results) */
71 #define HASH(x) get_uint32(x)
72
73 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
74
75 static unsigned char *encbuff = NULL;
76 static unsigned int encbufflen = 0;
77
78 static void crc_update(uint32 *a, uint32 b)
79 {
80 b ^= *a;
81 *a = do_crc((unsigned char *) &b, sizeof(b));
82 }
83
84 /* check_crc
85 detects if a block is used in a particular pattern
86 */
87
88 static int check_crc(unsigned char *S, unsigned char *buf,
89 uint32 len, unsigned char *IV)
90 {
91 uint32 crc;
92 unsigned char *c;
93
94 crc = 0;
95 if (IV && !CMP(S, IV)) {
96 crc_update(&crc, 1);
97 crc_update(&crc, 0);
98 }
99 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
100 if (!CMP(S, c)) {
101 crc_update(&crc, 1);
102 crc_update(&crc, 0);
103 } else {
104 crc_update(&crc, 0);
105 crc_update(&crc, 0);
106 }
107 }
108
109 return crc == 0;
110 }
111
112
113 /*
114 detect_attack
115 Detects a crc32 compensation attack on a packet
116 */
117 static int detect_attack(CRYPTDetectAttack *statics,
118 unsigned char *buf, uint32 len,
119 unsigned char *IV)
120 {
121 uint32 *h = statics->h;
122 uint32 n = statics->n;
123 uint32 i, j;
124 uint32 l;
125 unsigned char *c;
126 unsigned char *d;
127
128 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
129 }
130
131 if (h == NULL) {
132 n = l;
133 h = (uint32 *) malloc(n * HASH_ENTRYSIZE);
134 } else {
135 if (l > n) {
136 n = l;
137 h = (uint32 *) realloc(h, n * HASH_ENTRYSIZE);
138 }
139 }
140
141 statics->h = h;
142 statics->n = n;
143
144 if (len <= HASH_MINBLOCKS) {
145 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
146 if (IV && (!CMP(c, IV))) {
147 if ((check_crc(c, buf, len, IV)))
148 return DEATTACK_DETECTED;
149 else
150 break;
151 }
152 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
153 if (!CMP(c, d)) {
154 if ((check_crc(c, buf, len, IV)))
155 return DEATTACK_DETECTED;
156 else
157 break;
158 }
159 }
160 }
161 return (DEATTACK_OK);
162 }
163 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
164
165 if (IV) {
166 h[HASH(IV) & (n - 1)] = HASH_IV;
167 }
168
169 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
170 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
171 i = (i + 1) & (n - 1)) {
172 if (h[i] == HASH_IV) {
173 if (!CMP(c, IV)) {
174 if (check_crc(c, buf, len, IV))
175 return DEATTACK_DETECTED;
176 else
177 break;
178 }
179 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
180 if (check_crc(c, buf, len, IV))
181 return DEATTACK_DETECTED;
182 else
183 break;
184 }
185 }
186 h[i] = j;
187 }
188
189 return DEATTACK_OK;
190 }
191
192 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char *buf, int bytes)
193 {
194 if (SSHv1(pvar) && pvar->crypt_state.sender_cipher != SSH_CIPHER_NONE) {
195 return detect_attack(&pvar->crypt_state.detect_attack_statics, buf, bytes, NULL) == DEATTACK_DETECTED;
196 } else {
197 return FALSE;
198 }
199 }
200
201 BOOL CRYPT_encrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
202 {
203 unsigned char *newbuff = NULL;
204 unsigned int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
205 unsigned char lastiv[1];
206 char tmp[80];
207 struct sshcipher_ctx *cc = pvar->cc[MODE_OUT];
208 unsigned int newbuff_len = bytes;
209
210 if (bytes == 0)
211 return TRUE;
212
213 if (bytes % block_size) {
214 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar, "%s encrypt error(1): bytes %d (%d)");
215 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
216 get_cipher_name(pvar->crypt_state.sender_cipher),
217 bytes, block_size);
218 notify_fatal_error(pvar, tmp, TRUE);
219 return FALSE;
220 }
221
222 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
223 // chacha20-poly1305 ���� aadlen ��������������
224 // aadlen �� bytes �����X��������������
225 // chachapoly_crypt �������F���f�[�^(AEAD tag)������������
226 newbuff_len += aadlen + authlen;
227 }
228 if (newbuff_len > encbufflen) {
229 if ((newbuff = realloc(encbuff, newbuff_len)) == NULL)
230 goto err;
231 encbuff = newbuff;
232 encbufflen = newbuff_len;
233 }
234
235 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
236 if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.sender_sequence_number,
237 encbuff, data, bytes, aadlen, authlen, 1) != 0) {
238 goto err;
239 }
240 memcpy(data, encbuff, aadlen + bytes + authlen);
241 return TRUE;
242 }
243
244 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
245 goto err;
246
247 if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
248 goto err;
249
250 // AES-GCM ���� aadlen �������������������A��������������������
251 if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
252 goto err;
253
254 memcpy(data+aadlen, encbuff, bytes);
255
256 if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
257 goto err;
258
259 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG, authlen, data+aadlen+bytes))
260 goto err;
261
262 return TRUE;
263
264 err:
265 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
266 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
267 get_cipher_name(pvar->crypt_state.sender_cipher));
268 notify_fatal_error(pvar, tmp, TRUE);
269 return FALSE;
270 }
271
272 BOOL CRYPT_decrypt_aead(PTInstVar pvar, unsigned char *data, unsigned int bytes, unsigned int aadlen, unsigned int authlen)
273 {
274 unsigned char *newbuff = NULL;
275 unsigned int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
276 unsigned char lastiv[1];
277 char tmp[80];
278 struct sshcipher_ctx *cc = pvar->cc[MODE_IN];
279 unsigned int newbuff_len = bytes;
280
281 if (bytes == 0)
282 return TRUE;
283
284 if (bytes % block_size) {
285 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar, "%s decrypt error(1): bytes %d (%d)");
286 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
287 get_cipher_name(pvar->crypt_state.receiver_cipher),
288 bytes, block_size);
289 notify_fatal_error(pvar, tmp, TRUE);
290 return FALSE;
291 }
292
293 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
294 // chacha20-poly1305 ���� aadlen ������������������
295 newbuff_len += aadlen;
296 }
297 if (newbuff_len > encbufflen) {
298 if ((newbuff = realloc(encbuff, newbuff_len)) == NULL)
299 goto err;
300 encbuff = newbuff;
301 encbufflen = newbuff_len;
302 }
303
304 if (cc->cipher->id == SSH2_CIPHER_CHACHAPOLY) {
305 if (chachapoly_crypt(cc->cp_ctx, pvar->ssh_state.receiver_sequence_number,
306 encbuff, data, bytes, aadlen, authlen, 0) != 0) {
307 goto err;
308 }
309 memcpy(data, encbuff, aadlen + bytes);
310 return TRUE;
311 }
312
313 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, 1, lastiv))
314 goto err;
315
316 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG, authlen, data+aadlen+bytes))
317 goto err;
318
319 if (aadlen && !EVP_Cipher(cc->evp, NULL, data, aadlen) < 0)
320 goto err;
321
322 // AES-GCM ���� aadlen �������������������A������������������
323 if (EVP_Cipher(cc->evp, encbuff, data+aadlen, bytes) < 0)
324 goto err;
325
326 memcpy(data+aadlen, encbuff, bytes);
327
328 if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
329 goto err;
330
331 return TRUE;
332
333 err:
334 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
335 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
336 get_cipher_name(pvar->crypt_state.receiver_cipher));
337 notify_fatal_error(pvar, tmp, TRUE);
338 return FALSE;
339 }
340
341 static void no_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
342 {
343 }
344
345 static void crypt_SSH2_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
346 {
347 unsigned char *newbuff;
348 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
349 char tmp[80];
350
351 if (bytes == 0)
352 return;
353
354 if (bytes % block_size) {
355 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR1", pvar,
356 "%s encrypt error(1): bytes %d (%d)");
357 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
358 get_cipher_name(pvar->crypt_state.sender_cipher),
359 bytes, block_size);
360 notify_fatal_error(pvar, tmp, TRUE);
361 return;
362 }
363
364 if (bytes > encbufflen) {
365 if ((newbuff = realloc(encbuff, bytes)) == NULL)
366 return;
367 encbuff = newbuff;
368 encbufflen = bytes;
369 }
370
371 if (EVP_Cipher(pvar->cc[MODE_OUT]->evp, encbuff, buf, bytes) == 0) {
372 UTIL_get_lang_msg("MSG_ENCRYPT_ERROR2", pvar, "%s encrypt error(2)");
373 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
374 get_cipher_name(pvar->crypt_state.sender_cipher));
375 notify_fatal_error(pvar, tmp, TRUE);
376 } else {
377 memcpy(buf, encbuff, bytes);
378 }
379 }
380
381 static void crypt_SSH2_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
382 {
383 unsigned char *newbuff;
384 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
385 char tmp[80];
386
387 if (bytes == 0)
388 return;
389
390 if (bytes % block_size) {
391 UTIL_get_lang_msg("MSG_DECRYPT_ERROR1", pvar,
392 "%s decrypt error(1): bytes %d (%d)");
393 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
394 get_cipher_name(pvar->crypt_state.receiver_cipher),
395 bytes, block_size);
396 notify_fatal_error(pvar, tmp, TRUE);
397 return;
398 }
399
400 if (bytes > encbufflen) {
401 if ((newbuff = malloc(bytes)) == NULL)
402 return;
403 encbuff = newbuff;
404 encbufflen = bytes;
405 }
406
407 if (EVP_Cipher(pvar->cc[MODE_IN]->evp, encbuff, buf, bytes) == 0) {
408 UTIL_get_lang_msg("MSG_DECRYPT_ERROR2", pvar, "%s decrypt error(2)");
409 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->UIMsg,
410 get_cipher_name(pvar->crypt_state.receiver_cipher));
411 notify_fatal_error(pvar, tmp, TRUE);
412 } else {
413 memcpy(buf, encbuff, bytes);
414 }
415 }
416
417 static void c3DES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
418 {
419 Cipher3DESState *encryptstate = &pvar->crypt_state.enc.c3DES;
420
421 DES_ncbc_encrypt(buf, buf, bytes,
422 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
423 DES_ncbc_encrypt(buf, buf, bytes,
424 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
425 DES_ncbc_encrypt(buf, buf, bytes,
426 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
427 }
428
429 static void c3DES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
430 {
431 Cipher3DESState *decryptstate = &pvar->crypt_state.dec.c3DES;
432
433 DES_ncbc_encrypt(buf, buf, bytes,
434 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
435 DES_ncbc_encrypt(buf, buf, bytes,
436 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
437 DES_ncbc_encrypt(buf, buf, bytes,
438 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
439 }
440
441 static void cDES_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
442 {
443 CipherDESState *encryptstate = &pvar->crypt_state.enc.cDES;
444
445 DES_ncbc_encrypt(buf, buf, bytes,
446 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
447 }
448
449 static void cDES_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
450 {
451 CipherDESState *decryptstate = &pvar->crypt_state.dec.cDES;
452
453 DES_ncbc_encrypt(buf, buf, bytes,
454 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
455 }
456
457 static void flip_endianness(unsigned char *cbuf, unsigned int bytes)
458 {
459 uint32 *buf = (uint32 *) cbuf;
460 int count = bytes / 4;
461
462 while (count > 0) {
463 uint32 w = *buf;
464
465 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
466 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
467 count--;
468 buf++;
469 }
470 }
471
472 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
473 {
474 CipherBlowfishState *encryptstate =
475 &pvar->crypt_state.enc.cBlowfish;
476
477 flip_endianness(buf, bytes);
478 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
479 BF_ENCRYPT);
480 flip_endianness(buf, bytes);
481 }
482
483 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
484 {
485 CipherBlowfishState *decryptstate =
486 &pvar->crypt_state.dec.cBlowfish;
487
488 flip_endianness(buf, bytes);
489 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
490 BF_DECRYPT);
491 flip_endianness(buf, bytes);
492 }
493
494 void CRYPT_set_random_data(PTInstVar pvar, unsigned char *buf, unsigned int bytes)
495 {
496 int ret;
497
498 // OpenSSL 1.1.1���g���������AWindowsMe���� RAND_bytes() �������o�����������B
499 logprintf(LOG_LEVEL_VERBOSE, "%s: RAND_bytes call", __FUNCTION__);
500 ret = RAND_bytes(buf, bytes);
501 if (ret < 0) {
502 logprintf(LOG_LEVEL_ERROR, "%s: RAND_bytes error(%d)", __FUNCTION__, ret);
503 }
504 }
505
506 void CRYPT_initialize_random_numbers(PTInstVar pvar)
507 {
508 // ����������������������
509 // http://www.mail-archive.com/openssl-users@openssl.org/msg60484.html
510 //RAND_screen();
511 }
512
513 static BIGNUM *get_bignum(unsigned char *bytes)
514 {
515 int bits = get_ushort16_MSBfirst(bytes);
516
517 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
518 }
519
520 // make_key()�� fingerprint �����������p���������Astatic�������B(2006.3.27 yutaka)
521 RSA *make_key(PTInstVar pvar,
522 int bits, unsigned char *exp,
523 unsigned char *mod)
524 {
525 RSA *key = RSA_new();
526 BIGNUM *e = NULL, *n = NULL;
527
528 if (key != NULL) {
529 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
530 // RSA_set0_key���������������K�v�������B
531 e = get_bignum(exp);
532 n = get_bignum(mod);
533 RSA_set0_key(key, n, e, NULL);
534 }
535
536 if (key == NULL || e == NULL || n == NULL) {
537 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
538 "Error setting up RSA keys");
539 notify_fatal_error(pvar, pvar->UIMsg, TRUE);
540
541 if (key != NULL) {
542 if (e != NULL) {
543 BN_free(e);
544 }
545 if (n != NULL) {
546 BN_free(n);
547 }
548 RSA_free(key);
549 }
550
551 return NULL;
552 } else {
553 return key;
554 }
555 }
556
557 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char *cookie)
558 {
559 if (SSHv1(pvar)) {
560 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
561 } else {
562 memcpy(pvar->crypt_state.server_cookie, cookie,
563 SSH2_COOKIE_LENGTH);
564 }
565 }
566
567 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char *cookie)
568 {
569 if (SSHv2(pvar)) {
570 memcpy(pvar->crypt_state.client_cookie, cookie,
571 SSH2_COOKIE_LENGTH);
572 }
573 }
574
575 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
576 int bits, unsigned char *exp,
577 unsigned char *mod)
578 {
579 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
580
581 return pvar->crypt_state.server_key.RSA_key != NULL;
582 }
583
584 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
585 int bits, unsigned char *exp,
586 unsigned char *mod)
587 {
588 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
589
590 return pvar->crypt_state.host_key.RSA_key != NULL;
591 }
592
593 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
594 int receiver_ciphers)
595 {
596 int cipher_mask;
597
598 if (SSHv2(pvar)) {
599 return TRUE;
600 }
601
602 cipher_mask = (1 << SSH_CIPHER_DES)
603 | (1 << SSH_CIPHER_3DES)
604 | (1 << SSH_CIPHER_BLOWFISH);
605
606 sender_ciphers &= cipher_mask;
607 receiver_ciphers &= cipher_mask;
608 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
609 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
610
611 if (sender_ciphers == 0) {
612 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
613 "The server does not support any of the TTSSH encryption algorithms.\n"
614 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
615 "The connection will be closed.");
616 notify_fatal_error(pvar, pvar->UIMsg, TRUE);
617 return FALSE;
618 } else if (receiver_ciphers == 0) {
619 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
620 "The server does not support any of the TTSSH encryption algorithms.\n"
621 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
622 "The connection will be closed.");
623 notify_fatal_error(pvar, pvar->UIMsg, TRUE);
624 return FALSE;
625 } else {
626 return TRUE;
627 }
628 }
629
630 unsigned int CRYPT_get_decryption_block_size(PTInstVar pvar)
631 {
632 if (SSHv1(pvar)) {
633 return 8;
634 } else {
635 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
636 // cf. 3DES=8, AES128=16
637 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
638 }
639 }
640
641 unsigned int CRYPT_get_encryption_block_size(PTInstVar pvar)
642 {
643 if (SSHv1(pvar)) {
644 return 8;
645 } else {
646 // �p�P�b�g���M���������������A���S���Y�����u���b�N�T�C�Y (2004.11.7 yutaka)
647 // cf. 3DES=8, AES128=16
648 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
649 }
650 }
651
652 unsigned int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
653 {
654 struct Mac *mac;
655
656 if (SSHv1(pvar)) {
657 return 0;
658
659 } else { // for SSH2(yutaka)
660 mac = &pvar->ssh2_keys[MODE_IN].mac;
661 if (mac == NULL || mac->enabled == 0)
662 return 0;
663
664 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
665 }
666
667 }
668
669 // HMAC������
670 // ���{������ SSH2 �������g�p�������B
671 // (2004.12.17 yutaka)
672 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
673 char *data, int len, char *MAC)
674 {
675 HMAC_CTX *c = NULL;
676 unsigned char m[EVP_MAX_MD_SIZE];
677 unsigned char b[4];
678 struct Mac *mac;
679
680 mac = &pvar->ssh2_keys[MODE_IN].mac;
681
682 // HMAC�������L���������������A����OK�����������B
683 if (mac == NULL || mac->enabled == 0)
684 return TRUE;
685
686 if (mac->key == NULL) {
687 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is NULL(seq %lu len %d)", sequence_number, len);
688 goto error;
689 }
690
691 if ((u_int)mac->mac_len > sizeof(m)) {
692 logprintf(LOG_LEVEL_VERBOSE, "HMAC len(%d) is larger than %d bytes(seq %lu len %d)",
693 mac->mac_len, sizeof(m), sequence_number, len);
694 goto error;
695 }
696
697 c = HMAC_CTX_new();
698 if (c == NULL)
699 goto error;
700
701 HMAC_Init_ex(c, mac->key, mac->key_len, mac->md, NULL);
702 set_uint32_MSBfirst(b, sequence_number);
703 HMAC_Update(c, b, sizeof(b));
704 HMAC_Update(c, data, len);
705 HMAC_Final(c, m, NULL);
706 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
707
708 if (memcmp(m, MAC, mac->mac_len)) {
709 logprintf(LOG_LEVEL_VERBOSE, "HMAC key is not matched(seq %lu len %d)", sequence_number, len);
710 logprintf_hexdump(LOG_LEVEL_VERBOSE, m, mac->mac_len, "m:");
711 logprintf_hexdump(LOG_LEVEL_VERBOSE, MAC, mac->mac_len, "MAC:");
712 goto error;
713 }
714
715 HMAC_CTX_free(c);
716
717 return TRUE;
718
719 error:
720 if (c)
721 HMAC_CTX_free(c);
722
723 return FALSE;
724 }
725
726 unsigned int CRYPT_get_sender_MAC_size(PTInstVar pvar)
727 {
728 struct Mac *mac;
729
730 if (SSHv2(pvar)) { // for SSH2(yutaka)
731 mac = &pvar->ssh2_keys[MODE_OUT].mac;
732 if (mac == NULL || mac->enabled == 0)
733 return 0;
734
735 return (mac->mac_len);
736 }
737
738 return 0;
739 }
740
741 // for SSH2
742 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
743 char *data, int len, char *MAC)
744 {
745 HMAC_CTX *c = NULL;
746 static u_char m[EVP_MAX_MD_SIZE];
747 u_char b[4];
748 struct Mac *mac;
749
750 if (SSHv2(pvar)) { // for SSH2(yutaka)
751 mac = &pvar->ssh2_keys[MODE_OUT].mac;
752 if (mac == NULL || mac->enabled == 0)
753 return FALSE;
754
755 c = HMAC_CTX_new();
756 if (c == NULL)
757 return FALSE;
758
759 HMAC_Init_ex(c, mac->key, mac->key_len, mac->md, NULL);
760 set_uint32_MSBfirst(b, sequence_number);
761 HMAC_Update(c, b, sizeof(b));
762 HMAC_Update(c, data, len);
763 HMAC_Final(c, m, NULL);
764 // HMAC_cleanup()��OpenSSL 1.1.0�����������AHMAC_CTX_free()���W���������B
765
766 // 20�o�C�g�������R�s�[
767 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
768 // memcpy(MAC, m, sizeof(m));
769
770 HMAC_CTX_free(c);
771
772 return TRUE;
773 }
774
775 return TRUE;
776
777 }
778
779 static int choose_cipher(PTInstVar pvar, int supported)
780 {
781 int i;
782
783 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
784 int cipher = pvar->session_settings.CipherOrder[i] - '0';
785
786 if (cipher == SSH_CIPHER_NONE) {
787 break;
788 } else if ((supported & (1 << cipher)) != 0) {
789 return cipher;
790 }
791 }
792
793 return SSH_CIPHER_NONE;
794 }
795
796 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
797 {
798 pvar->crypt_state.sender_cipher =
799 choose_cipher(pvar, pvar->crypt_state.supported_sender_ciphers);
800 pvar->crypt_state.receiver_cipher =
801 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
802
803 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
804 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
805 UTIL_get_lang_msg("MSG_CIPHER_NONE_ERROR", pvar,
806 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
807 "To communicate with this server, you will have to enable some more ciphers\n"
808 "in the TTSSH Setup dialog box when you run Tera Term again.\n"
809 "This connection will now close.");
810 notify_fatal_error(pvar, pvar->UIMsg, TRUE);
811 return FALSE;
812 } else {
813 return TRUE;
814 }
815 }
816
817 unsigned int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
818 {
819 int server_key_bits;
820 int host_key_bits;
821 int server_key_bytes;
822 int host_key_bytes;
823 BIGNUM *n;
824
825 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
826 // RSA_get0_key���������������K�v�������B
827 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &n, NULL, NULL);
828 server_key_bits = BN_num_bits(n);
829
830 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &n, NULL, NULL);
831 host_key_bits = BN_num_bits(n);
832
833 server_key_bytes = (server_key_bits + 7) / 8;
834 host_key_bytes = (host_key_bits + 7) / 8;
835
836 if (server_key_bits < host_key_bits) {
837 return host_key_bytes;
838 } else {
839 return server_key_bytes;
840 }
841 }
842
843 int CRYPT_choose_session_key(PTInstVar pvar,
844 unsigned char *encrypted_key_buf)
845 {
846 int server_key_bits;
847 int host_key_bits;
848 int server_key_bytes;
849 int host_key_bytes;
850 int encrypted_key_bytes;
851 int bit_delta;
852 BIGNUM *server_n, *host_n;
853
854 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
855 // RSA_get0_key���������������K�v�������B
856 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
857 server_key_bits = BN_num_bits(server_n);
858
859 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
860 host_key_bits = BN_num_bits(host_n);
861
862 server_key_bytes = (server_key_bits + 7) / 8;
863 host_key_bytes = (host_key_bits + 7) / 8;
864
865 if (server_key_bits < host_key_bits) {
866 encrypted_key_bytes = host_key_bytes;
867 bit_delta = host_key_bits - server_key_bits;
868 } else {
869 encrypted_key_bytes = server_key_bytes;
870 bit_delta = server_key_bits - host_key_bits;
871 }
872
873 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
874 UTIL_get_lang_msg("MSG_RSAKEY_TOOWEAK_ERROR", pvar,
875 "Server RSA keys are too weak. A secure connection cannot be established.");
876 notify_fatal_error(pvar, pvar->UIMsg, TRUE);
877 return 0;
878 } else {
879 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
880 for the session ID, rather than the one specified in the RFC */
881 int session_buf_len = server_key_bytes + host_key_bytes + 8;
882 char *session_buf = (char *) malloc(session_buf_len);
883 char session_id[16];
884 int i;
885
886 BN_bn2bin(host_n, session_buf);
887 BN_bn2bin(server_n,
888 session_buf + host_key_bytes);
889 memcpy(session_buf + server_key_bytes + host_key_bytes,
890 pvar->crypt_state.server_cookie, 8);
891 MD5(session_buf, session_buf_len, session_id);
892
893 free(session_buf);
894
895 RAND_bytes(pvar->crypt_state.sender_cipher_key,
896 SSH_SESSION_KEY_LENGTH);
897 memcpy(pvar->crypt_state.receiver_cipher_key,
898 pvar->crypt_state.sender_cipher_key,
899 SSH_SESSION_KEY_LENGTH);
900
901 memcpy(encrypted_key_buf + encrypted_key_bytes -
902 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
903 SSH_SESSION_KEY_LENGTH);
904 for (i = 0; i < sizeof(session_id); i++) {
905 encrypted_key_buf[encrypted_key_bytes -
906 SSH_SESSION_KEY_LENGTH + i]
907 ^= session_id[i];
908 }
909
910 if (host_key_bits > server_key_bits) {
911 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
912 encrypted_key_buf +
913 encrypted_key_bytes -
914 SSH_SESSION_KEY_LENGTH,
915 encrypted_key_buf +
916 encrypted_key_bytes - server_key_bytes,
917 pvar->crypt_state.server_key.RSA_key,
918 RSA_PKCS1_PADDING) < 0)
919 return 0;
920
921 if (RSA_public_encrypt(server_key_bytes,
922 encrypted_key_buf +
923 encrypted_key_bytes - server_key_bytes,
924 encrypted_key_buf,
925 pvar->crypt_state.host_key.RSA_key,
926 RSA_PKCS1_PADDING) < 0)
927 return 0;
928 } else {
929 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
930 encrypted_key_buf +
931 encrypted_key_bytes -
932 SSH_SESSION_KEY_LENGTH,
933 encrypted_key_buf +
934 encrypted_key_bytes - host_key_bytes,
935 pvar->crypt_state.host_key.RSA_key,
936 RSA_PKCS1_PADDING) < 0)
937 return 0;
938
939 if (RSA_public_encrypt(host_key_bytes,
940 encrypted_key_buf +
941 encrypted_key_bytes - host_key_bytes,
942 encrypted_key_buf,
943 pvar->crypt_state.server_key.RSA_key,
944 RSA_PKCS1_PADDING) < 0)
945 return 0;
946 }
947 }
948
949 return 1;
950 }
951
952 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
953 unsigned char *challenge,
954 int challenge_len,
955 unsigned char *response)
956 {
957 int server_key_bits;
958 int host_key_bits;
959 int server_key_bytes;
960 int host_key_bytes;
961 int session_buf_len;
962 char *session_buf;
963 char decrypted_challenge[48];
964 int decrypted_challenge_len;
965 BIGNUM *server_n, *host_n;
966
967 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
968 // RSA_get0_key���������������K�v�������B
969 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
970 server_key_bits = BN_num_bits(server_n);
971
972 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
973 host_key_bits = BN_num_bits(host_n);
974
975 server_key_bytes = (server_key_bits + 7) / 8;
976 host_key_bytes = (host_key_bits + 7) / 8;
977 session_buf_len = server_key_bytes + host_key_bytes + 8;
978 session_buf = (char FAR *) malloc(session_buf_len);
979
980 decrypted_challenge_len =
981 RSA_private_decrypt(challenge_len, challenge, challenge,
982 AUTH_get_cur_cred(pvar)->key_pair->rsa,
983 RSA_PKCS1_PADDING);
984 if (decrypted_challenge_len < 0) {
985 free(session_buf);
986 return 0;
987 }
988 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
989 memcpy(decrypted_challenge,
990 challenge + decrypted_challenge_len -
991 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
992 } else {
993 SecureZeroMemory(decrypted_challenge,
994 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
995 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
996 decrypted_challenge_len, challenge,
997 decrypted_challenge_len);
998 }
999
1000 BN_bn2bin(host_n, session_buf);
1001 BN_bn2bin(server_n,
1002 session_buf + host_key_bytes);
1003 memcpy(session_buf + server_key_bytes + host_key_bytes,
1004 pvar->crypt_state.server_cookie, 8);
1005 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1006
1007 free(session_buf);
1008
1009 MD5(decrypted_challenge, 48, response);
1010
1011 return 1;
1012 }
1013
1014 static void c3DES_init(char *session_key, Cipher3DESState *state)
1015 {
1016 DES_set_key((const_DES_cblock *) session_key, &state->k1);
1017 DES_set_key((const_DES_cblock *) (session_key + 8), &state->k2);
1018 DES_set_key((const_DES_cblock *) (session_key + 16), &state->k3);
1019 SecureZeroMemory(state->ivec1, 8);
1020 SecureZeroMemory(state->ivec2, 8);
1021 SecureZeroMemory(state->ivec3, 8);
1022 }
1023
1024 static void cDES_init(char *session_key, CipherDESState *state)
1025 {
1026 DES_set_key((const_DES_cblock *) session_key, &state->k);
1027 SecureZeroMemory(state->ivec, 8);
1028 }
1029
1030 static void cBlowfish_init(char *session_key,
1031 CipherBlowfishState *state)
1032 {
1033 BF_set_key(&state->k, 32, session_key);
1034 SecureZeroMemory(state->ivec, 8);
1035 }
1036
1037 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1038 {
1039 struct Enc *enc;
1040 char *encryption_key = pvar->crypt_state.sender_cipher_key;
1041 char *decryption_key = pvar->crypt_state.receiver_cipher_key;
1042 const struct ssh2cipher *cipher;
1043 BOOL isOK = TRUE;
1044
1045 if (sender_flag) {
1046 if (SSHv1(pvar)) {
1047 switch (pvar->crypt_state.sender_cipher) {
1048 case SSH_CIPHER_3DES:
1049 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1050 pvar->crypt_state.encrypt = c3DES_encrypt;
1051 break;
1052
1053 case SSH_CIPHER_DES:
1054 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1055 pvar->crypt_state.encrypt = cDES_encrypt;
1056 break;
1057
1058 case SSH_CIPHER_BLOWFISH:
1059 cBlowfish_init(encryption_key, &pvar->crypt_state.enc.cBlowfish);
1060 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1061 break;
1062
1063 case SSH_CIPHER_NONE:
1064 case SSH_CIPHER_IDEA:
1065 case SSH_CIPHER_TSS:
1066 case SSH_CIPHER_RC4:
1067 isOK = FALSE;
1068 break;
1069 }
1070 }
1071 else {
1072 // SSH2
1073 cipher = pvar->ciphers[MODE_OUT];
1074 if (cipher) {
1075 pvar->crypt_state.sender_cipher = get_cipher_id(pvar->ciphers[MODE_OUT]);
1076 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1077 cipher_init_SSH2(&pvar->cc[MODE_OUT], cipher,
1078 enc->key, enc->key_len,
1079 enc->iv, enc->iv_len,
1080 CIPHER_ENCRYPT,
1081 pvar);
1082 pvar->crypt_state.encrypt = crypt_SSH2_encrypt;
1083 }
1084 else {
1085 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1086 isOK = FALSE;
1087 }
1088 }
1089 }
1090
1091 if (receiver_flag) {
1092 if (SSHv1(pvar)) {
1093 switch (pvar->crypt_state.receiver_cipher) {
1094 case SSH_CIPHER_3DES:
1095 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1096 pvar->crypt_state.decrypt = c3DES_decrypt;
1097 break;
1098
1099 case SSH_CIPHER_DES:
1100 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1101 pvar->crypt_state.decrypt = cDES_decrypt;
1102 break;
1103
1104 case SSH_CIPHER_BLOWFISH:
1105 cBlowfish_init(decryption_key, &pvar->crypt_state.dec.cBlowfish);
1106 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1107 break;
1108
1109 case SSH_CIPHER_NONE:
1110 case SSH_CIPHER_IDEA:
1111 case SSH_CIPHER_TSS:
1112 case SSH_CIPHER_RC4:
1113 isOK = FALSE;
1114 break;
1115 }
1116 }
1117 else {
1118 // SSH2
1119 cipher = pvar->ciphers[MODE_IN];
1120 if (cipher) {
1121 pvar->crypt_state.receiver_cipher = get_cipher_id(pvar->ciphers[MODE_IN]);
1122 enc = &pvar->ssh2_keys[MODE_IN].enc;
1123 cipher_init_SSH2(&pvar->cc[MODE_IN], cipher,
1124 enc->key, enc->key_len,
1125 enc->iv, enc->iv_len,
1126 CIPHER_DECRYPT,
1127 pvar);
1128 pvar->crypt_state.decrypt = crypt_SSH2_decrypt;
1129 }
1130 else {
1131 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1132 isOK = FALSE;
1133 }
1134 }
1135 }
1136
1137 if (!isOK) {
1138 UTIL_get_lang_msg("MSG_CIPHER_NOTSELECTED_ERROR", pvar,
1139 "No cipher selected!");
1140 notify_fatal_error(pvar, pvar->UIMsg, TRUE);
1141 return FALSE;
1142 } else {
1143 SecureZeroMemory(encryption_key, CRYPT_KEY_LENGTH);
1144 SecureZeroMemory(decryption_key, CRYPT_KEY_LENGTH);
1145 return TRUE;
1146 }
1147 }
1148
1149 void CRYPT_init(PTInstVar pvar)
1150 {
1151 pvar->crypt_state.encrypt = no_encrypt;
1152 pvar->crypt_state.decrypt = no_encrypt;
1153 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1154 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1155 pvar->crypt_state.server_key.RSA_key = NULL;
1156 pvar->crypt_state.host_key.RSA_key = NULL;
1157
1158 pvar->crypt_state.detect_attack_statics.h = NULL;
1159 pvar->crypt_state.detect_attack_statics.n =
1160 HASH_MINSIZE / HASH_ENTRYSIZE;
1161 }
1162
1163 void CRYPT_get_cipher_info(PTInstVar pvar, char *dest, int len)
1164 {
1165 UTIL_get_lang_msgU8("DLG_ABOUT_CIPHER_INFO", pvar,
1166 "%s to server, %s from server");
1167 _snprintf_s(dest, len, _TRUNCATE, pvar->UIMsg,
1168 get_cipher_name(pvar->crypt_state.sender_cipher),
1169 get_cipher_name(pvar->crypt_state.receiver_cipher));
1170 }
1171
1172 void CRYPT_get_server_key_info(PTInstVar pvar, char *dest, int len)
1173 {
1174 BIGNUM *server_n, *host_n;
1175
1176 // OpenSSL 1.1.0����RSA�\�����������o�[�������A�N�Z�X�������������A
1177 // RSA_get0_key���������������K�v�������B
1178
1179 if (SSHv1(pvar)) {
1180 if (pvar->crypt_state.server_key.RSA_key == NULL
1181 || pvar->crypt_state.host_key.RSA_key == NULL) {
1182 UTIL_get_lang_msgU8("DLG_ABOUT_KEY_NONE", pvar, "None");
1183 strncpy_s(dest, len, pvar->UIMsg, _TRUNCATE);
1184 } else {
1185 RSA_get0_key(pvar->crypt_state.server_key.RSA_key, &server_n, NULL, NULL);
1186 RSA_get0_key(pvar->crypt_state.host_key.RSA_key, &host_n, NULL, NULL);
1187
1188 UTIL_get_lang_msgU8("DLG_ABOUT_KEY_INFO", pvar,
1189 "%d-bit server key, %d-bit host key");
1190 _snprintf_s(dest, len, _TRUNCATE, pvar->UIMsg,
1191 BN_num_bits(server_n),
1192 BN_num_bits(host_n));
1193 }
1194 } else { // SSH2
1195 UTIL_get_lang_msgU8("DLG_ABOUT_KEY_INFO2", pvar,
1196 "%d-bit client key, %d-bit server key");
1197 _snprintf_s(dest, len, _TRUNCATE, pvar->UIMsg,
1198 pvar->client_key_bits,
1199 pvar->server_key_bits);
1200 }
1201 }
1202
1203 static void destroy_public_key(CRYPTPublicKey * key)
1204 {
1205 if (key->RSA_key != NULL) {
1206 RSA_free(key->RSA_key);
1207 key->RSA_key = NULL;
1208 }
1209 }
1210
1211 void CRYPT_free_public_key(CRYPTPublicKey * key)
1212 {
1213 destroy_public_key(key);
1214 free(key);
1215 }
1216
1217 void CRYPT_end(PTInstVar pvar)
1218 {
1219 free(encbuff);
1220 encbuff = NULL;
1221 encbufflen = 0;
1222
1223 destroy_public_key(&pvar->crypt_state.host_key);
1224 destroy_public_key(&pvar->crypt_state.server_key);
1225
1226 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1227 SecureZeroMemory(pvar->crypt_state.detect_attack_statics.h,
1228 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1229 free(pvar->crypt_state.detect_attack_statics.h);
1230 }
1231
1232 SecureZeroMemory(pvar->crypt_state.sender_cipher_key,
1233 sizeof(pvar->crypt_state.sender_cipher_key));
1234 SecureZeroMemory(pvar->crypt_state.receiver_cipher_key,
1235 sizeof(pvar->crypt_state.receiver_cipher_key));
1236 SecureZeroMemory(pvar->crypt_state.server_cookie,
1237 sizeof(pvar->crypt_state.server_cookie));
1238 SecureZeroMemory(pvar->crypt_state.client_cookie,
1239 sizeof(pvar->crypt_state.client_cookie));
1240 SecureZeroMemory(&pvar->crypt_state.enc, sizeof(pvar->crypt_state.enc));
1241 SecureZeroMemory(&pvar->crypt_state.dec, sizeof(pvar->crypt_state.dec));
1242 }
1243
1244 int CRYPT_passphrase_decrypt(int cipher, char *passphrase,
1245 char *buf, int bytes)
1246 {
1247 unsigned char passphrase_key[16];
1248
1249 MD5(passphrase, strlen(passphrase), passphrase_key);
1250
1251 switch (cipher) {
1252 case SSH_CIPHER_3DES:{
1253 Cipher3DESState state;
1254
1255 DES_set_key((const_DES_cblock *) passphrase_key,
1256 &state.k1);
1257 DES_set_key((const_DES_cblock *) (passphrase_key + 8),
1258 &state.k2);
1259 DES_set_key((const_DES_cblock *) passphrase_key,
1260 &state.k3);
1261 SecureZeroMemory(state.ivec1, 8);
1262 SecureZeroMemory(state.ivec2, 8);
1263 SecureZeroMemory(state.ivec3, 8);
1264 DES_ncbc_encrypt(buf, buf, bytes,
1265 &state.k3, &state.ivec3, DES_DECRYPT);
1266 DES_ncbc_encrypt(buf, buf, bytes,
1267 &state.k2, &state.ivec2, DES_ENCRYPT);
1268 DES_ncbc_encrypt(buf, buf, bytes,
1269 &state.k1, &state.ivec1, DES_DECRYPT);
1270 break;
1271 }
1272
1273 case SSH_CIPHER_DES:{
1274 CipherDESState state;
1275
1276 cDES_init(passphrase_key, &state);
1277 DES_ncbc_encrypt(buf, buf, bytes,
1278 &state.k, &state.ivec, DES_DECRYPT);
1279 break;
1280 }
1281
1282 case SSH_CIPHER_BLOWFISH:{
1283 CipherBlowfishState state;
1284
1285 BF_set_key(&state.k, 16, passphrase_key);
1286 SecureZeroMemory(state.ivec, 8);
1287 flip_endianness(buf, bytes);
1288 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1289 BF_DECRYPT);
1290 flip_endianness(buf, bytes);
1291 break;
1292 }
1293
1294 case SSH_CIPHER_NONE:
1295 break;
1296
1297 default:
1298 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1299 return 0;
1300 }
1301
1302 SecureZeroMemory(passphrase_key, sizeof(passphrase_key));
1303 return 1;
1304 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help