Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/trunk/ttssh2/ttxssh/crypt.c

Contents of /trunk/ttssh2/ttxssh/crypt.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3046 - (show annotations) (download) (as text)
Thu Oct 18 07:56:33 2007 UTC (5 years, 7 months ago) by maya
Original Path: ttssh2/trunk/ttxssh/crypt.c
File MIME type: text/x-csrc
File size: 45049 byte(s) 
暗号化/復号するパケットがブロックサイズの倍数か確認するようにした。
1 /*
2 Copyright (c) 1998-2001, Robert O'Callahan
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #define WINDOWS
30
31 #include "ttxssh.h"
32 #include "util.h"
33
34 #include <openssl/rand.h>
35 #include <openssl/bn.h>
36 #include <openssl/md5.h>
37 #include <openssl/err.h>
38 #include <openssl/des.h>
39 #include <openssl/hmac.h> // for SSH2(yutaka)
40 #include <openssl/dsa.h>
41 #include "cipher.h"
42 #include "ssh.h"
43
44 #define do_crc(buf, len) (~(uint32)crc32(0xFFFFFFFF, (buf), (len)))
45 #define get_uint32(buf) get_uint32_MSBfirst((buf))
46
47 #define DEATTACK_OK 0
48 #define DEATTACK_DETECTED 1
49
50 /*
51 * $Id: crypt.c,v 1.17 2007-10-18 07:56:33 maya Exp $ Cryptographic attack
52 * detector for ssh - source code (C)1998 CORE-SDI, Buenos Aires Argentina
53 * Ariel Futoransky(futo@core-sdi.com) <http://www.core-sdi.com>
54 */
55
56 /* SSH Constants */
57 #define SSH_BLOCKSIZE 8
58
59 /* Hashing constants */
60 #define HASH_MINSIZE 8*2048
61 #define HASH_ENTRYSIZE 4
62 #define HASH_FACTOR(x) ((x)*3/2)
63 #define HASH_UNUSEDCHAR 0xff
64 #define HASH_UNUSED 0xffffffff
65 #define HASH_IV 0xfffffffe
66
67 #define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
68
69 /* Hash function (Input keys are cipher results) */
70 #define HASH(x) get_uint32(x)
71
72 #define CMP(a,b) memcmp(a, b, SSH_BLOCKSIZE)
73
74
75
76 static void crc_update(uint32 FAR * a, uint32 b)
77 {
78 b ^= *a;
79 *a = do_crc((unsigned char FAR *) &b, sizeof(b));
80 }
81
82 /* check_crc
83 detects if a block is used in a particular pattern
84 */
85
86 static int check_crc(unsigned char FAR * S, unsigned char FAR * buf,
87 uint32 len, unsigned char FAR * IV)
88 {
89 uint32 crc;
90 unsigned char FAR *c;
91
92 crc = 0;
93 if (IV && !CMP(S, IV)) {
94 crc_update(&crc, 1);
95 crc_update(&crc, 0);
96 }
97 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
98 if (!CMP(S, c)) {
99 crc_update(&crc, 1);
100 crc_update(&crc, 0);
101 } else {
102 crc_update(&crc, 0);
103 crc_update(&crc, 0);
104 }
105 }
106
107 return crc == 0;
108 }
109
110
111 /*
112 detect_attack
113 Detects a crc32 compensation attack on a packet
114 */
115 static int detect_attack(CRYPTDetectAttack FAR * statics,
116 unsigned char FAR * buf, uint32 len,
117 unsigned char *FAR IV)
118 {
119 uint32 FAR *h = statics->h;
120 uint32 n = statics->n;
121 uint32 i, j;
122 uint32 l;
123 unsigned char FAR *c;
124 unsigned char FAR *d;
125
126 for (l = n; l < HASH_FACTOR(len / SSH_BLOCKSIZE); l = l << 2) {
127 }
128
129 if (h == NULL) {
130 n = l;
131 h = (uint32 FAR *) malloc(n * HASH_ENTRYSIZE);
132 } else {
133 if (l > n) {
134 n = l;
135 h = (uint32 FAR *) realloc(h, n * HASH_ENTRYSIZE);
136 }
137 }
138
139 statics->h = h;
140 statics->n = n;
141
142 if (len <= HASH_MINBLOCKS) {
143 for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
144 if (IV && (!CMP(c, IV))) {
145 if ((check_crc(c, buf, len, IV)))
146 return DEATTACK_DETECTED;
147 else
148 break;
149 }
150 for (d = buf; d < c; d += SSH_BLOCKSIZE) {
151 if (!CMP(c, d)) {
152 if ((check_crc(c, buf, len, IV)))
153 return DEATTACK_DETECTED;
154 else
155 break;
156 }
157 }
158 }
159 return (DEATTACK_OK);
160 }
161 memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
162
163 if (IV) {
164 h[HASH(IV) & (n - 1)] = HASH_IV;
165 }
166
167 for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
168 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
169 i = (i + 1) & (n - 1)) {
170 if (h[i] == HASH_IV) {
171 if (!CMP(c, IV)) {
172 if (check_crc(c, buf, len, IV))
173 return DEATTACK_DETECTED;
174 else
175 break;
176 }
177 } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
178 if (check_crc(c, buf, len, IV))
179 return DEATTACK_DETECTED;
180 else
181 break;
182 }
183 }
184 h[i] = j;
185 }
186
187 return DEATTACK_OK;
188 }
189
190 BOOL CRYPT_detect_attack(PTInstVar pvar, unsigned char FAR * buf,
191 int bytes)
192 {
193 if (SSHv1(pvar)) {
194 switch (pvar->crypt_state.sender_cipher) {
195 case SSH_CIPHER_NONE:
196 return FALSE;
197 case SSH_CIPHER_IDEA:
198 return detect_attack(&pvar->crypt_state.detect_attack_statics,
199 buf, bytes,
200 pvar->crypt_state.dec.cIDEA.ivec) ==
201 DEATTACK_DETECTED;
202 default:
203 return detect_attack(&pvar->crypt_state.detect_attack_statics,
204 buf, bytes, NULL) == DEATTACK_DETECTED;
205 }
206 } else {
207 return FALSE;
208 }
209 }
210
211 static void no_encrypt(PTInstVar pvar, unsigned char FAR * buf, int bytes)
212 {
213 }
214
215
216 // for SSH2(yutaka)
217 // 事前に設定する鍵長が違うだけなので、AES192, AES256 でも
218 // cAES128_encrypt/cAES128_decrypt を使用できる (2007.10.16 maya)
219 static void cAES128_encrypt(PTInstVar pvar, unsigned char FAR * buf,
220 int bytes)
221 {
222 unsigned char *newbuf = malloc(bytes);
223 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
224
225 // 事前復号化により、全ペイロードが復号化されている場合は、0バイトになる。(2004.11.7 yutaka)
226 if (bytes == 0)
227 return;
228
229 if (newbuf == NULL)
230 return;
231
232 if (bytes % block_size) {
233 char tmp[80];
234 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR1", pvar,
235 "AES128 encrypt error(1): bytes %d (%d)");
236 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
237 pvar->ts->UIMsg, bytes, block_size);
238 notify_fatal_error(pvar, tmp);
239 goto error;
240 }
241
242 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
243 UTIL_get_lang_msg("MSG_AES128_ENCRYPT_ERROR2", pvar,
244 "AES128 encrypt error(2)");
245 notify_fatal_error(pvar, pvar->ts->UIMsg);
246 goto error;
247
248 } else {
249 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
250 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, AES128_KEYLEN);
251 // IVはDES関数内で更新されるため、ローカルにコピーしてから使う。
252 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, AES128_IVLEN);
253
254 //debug_print(50, key, 24);
255 //debug_print(51, iv, 8);
256 //debug_print(52, buf, bytes);
257 //debug_print(53, newbuf, bytes);
258
259 memcpy(buf, newbuf, bytes);
260 }
261
262 error:
263 free(newbuf);
264 }
265
266 static void cAES128_decrypt(PTInstVar pvar, unsigned char FAR * buf,
267 int bytes)
268 {
269 unsigned char *newbuf = malloc(bytes);
270 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
271
272 // 事前復号化により、全ペイロードが復号化されている場合は、0バイトになる。(2004.11.7 yutaka)
273 if (bytes == 0)
274 return;
275
276 if (newbuf == NULL)
277 return;
278
279 if (bytes % block_size) {
280 char tmp[80];
281 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR1", pvar,
282 "AES128 decrypt error(1): bytes %d (%d)");
283 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
284 notify_fatal_error(pvar, tmp);
285 goto error;
286 }
287
288 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
289 UTIL_get_lang_msg("MSG_AES128_DECRYPT_ERROR2", pvar,
290 "AES128 decrypt error(2)");
291 notify_fatal_error(pvar, pvar->ts->UIMsg);
292 goto error;
293
294 } else {
295 //unsigned char key[AES128_KEYLEN], iv[AES128_IVLEN];
296 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, AES128_KEYLEN);
297 // IVはDES関数内で更新されるため、ローカルにコピーしてから使う。
298 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, AES128_IVLEN);
299
300 //debug_print(70, key, AES128_KEYLEN);
301 //debug_print(71, iv, AES128_IVLEN);
302 //debug_print(72, buf, bytes);
303 //debug_print(73, newbuf, bytes);
304
305 memcpy(buf, newbuf, bytes);
306 }
307
308 error:
309 free(newbuf);
310 }
311
312
313
314 // for SSH2(yutaka)
315 static void c3DES_CBC_encrypt(PTInstVar pvar, unsigned char FAR * buf,
316 int bytes)
317 {
318 unsigned char *newbuf = malloc(bytes);
319 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
320
321 // 事前復号化により、全ペイロードが復号化されている場合は、0バイトになる。(2004.11.7 yutaka)
322 if (bytes == 0)
323 return;
324
325 if (newbuf == NULL)
326 return;
327
328 if (bytes % block_size) {
329 char tmp[80];
330 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR1", pvar,
331 "3DES-CBC encrypt error(1): bytes %d (%d)");
332 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
333 pvar->ts->UIMsg, bytes, block_size);
334 notify_fatal_error(pvar, tmp);
335 goto error;
336 }
337
338 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
339 UTIL_get_lang_msg("MSG_3DESCBC_ENCRYPT_ERROR2", pvar,
340 "3DES-CBC encrypt error(2)");
341 notify_fatal_error(pvar, pvar->ts->UIMsg);
342 goto error;
343
344 } else {
345 //unsigned char key[24], iv[8];
346 //memcpy(key, pvar->ssh2_keys[MODE_OUT].enc.key, 24);
347 // IVはDES関数内で更新されるため、ローカルにコピーしてから使う。
348 //memcpy(iv, pvar->ssh2_keys[MODE_OUT].enc.iv, 8);
349
350 //debug_print(50, key, 24);
351 //debug_print(51, iv, 8);
352 //debug_print(52, buf, bytes);
353 //debug_print(53, newbuf, bytes);
354
355 memcpy(buf, newbuf, bytes);
356 }
357
358 error:
359 free(newbuf);
360 }
361
362 static void c3DES_CBC_decrypt(PTInstVar pvar, unsigned char FAR * buf,
363 int bytes)
364 {
365 unsigned char *newbuf = malloc(bytes);
366 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
367
368 // 事前復号化により、全ペイロードが復号化されている場合は、0バイトになる。(2004.11.7 yutaka)
369 if (bytes == 0)
370 return;
371
372 if (newbuf == NULL)
373 return;
374
375 if (bytes % block_size) {
376 char tmp[80];
377 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR1", pvar,
378 "3DES-CBC decrypt error(1): bytes %d (%d)");
379 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
380 notify_fatal_error(pvar, tmp);
381 goto error;
382 }
383
384 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
385 UTIL_get_lang_msg("MSG_3DESCBC_DECRYPT_ERROR2", pvar,
386 "3DES-CBC decrypt error(2)");
387 notify_fatal_error(pvar, pvar->ts->UIMsg);
388 goto error;
389
390 } else {
391 //unsigned char key[24], iv[8];
392 //memcpy(key, pvar->ssh2_keys[MODE_IN].enc.key, 24);
393 // IVはDES関数内で更新されるため、ローカルにコピーしてから使う。
394 //memcpy(iv, pvar->ssh2_keys[MODE_IN].enc.iv, 8);
395
396 //debug_print(70, key, 24);
397 //debug_print(71, iv, 8);
398 //debug_print(72, buf, bytes);
399 //debug_print(73, newbuf, bytes);
400
401 memcpy(buf, newbuf, bytes);
402 }
403
404 error:
405 free(newbuf);
406 }
407
408
409 static void cBlowfish_encrypt2(PTInstVar pvar, unsigned char FAR * buf,
410 int bytes)
411 {
412 unsigned char *newbuf = malloc(bytes);
413 int block_size = pvar->ssh2_keys[MODE_OUT].enc.block_size;
414
415 // 事前復号化により、全ペイロードが復号化されている場合は、0バイトになる。(2004.11.7 yutaka)
416 if (bytes == 0)
417 return;
418
419 if (newbuf == NULL)
420 return;
421
422 if (bytes % block_size) {
423 char tmp[80];
424 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR1", pvar,
425 "Blowfish encrypt error(1): bytes %d (%d)");
426 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE,
427 pvar->ts->UIMsg, bytes, block_size);
428 notify_fatal_error(pvar, tmp);
429 goto error;
430 }
431
432 if (EVP_Cipher(&pvar->evpcip[MODE_OUT], newbuf, buf, bytes) == 0) {
433 UTIL_get_lang_msg("MSG_BLOWFISH_ENCRYPT_ERROR2", pvar,
434 "Blowfish encrypt error(2)");
435 notify_fatal_error(pvar, pvar->ts->UIMsg);
436 goto error;
437
438 } else {
439 memcpy(buf, newbuf, bytes);
440
441 }
442
443 error:
444 free(newbuf);
445 }
446
447 static void cBlowfish_decrypt2(PTInstVar pvar, unsigned char FAR * buf,
448 int bytes)
449 {
450 unsigned char *newbuf = malloc(bytes);
451 int block_size = pvar->ssh2_keys[MODE_IN].enc.block_size;
452
453 // 事前復号化により、全ペイロードが復号化されている場合は、0バイトになる。(2004.11.7 yutaka)
454 if (bytes == 0)
455 return;
456
457 if (newbuf == NULL)
458 return;
459
460 if (bytes % block_size) {
461 char tmp[80];
462 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR1", pvar,
463 "Blowfish decrypt error(1): bytes %d (%d)");
464 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, bytes, block_size);
465 notify_fatal_error(pvar, tmp);
466 goto error;
467 }
468
469 if (EVP_Cipher(&pvar->evpcip[MODE_IN], newbuf, buf, bytes) == 0) {
470 UTIL_get_lang_msg("MSG_BLOWFISH_DECRYPT_ERROR2", pvar,
471 "Blowfish decrypt error(2)");
472 notify_fatal_error(pvar, pvar->ts->UIMsg);
473 goto error;
474
475 } else {
476 memcpy(buf, newbuf, bytes);
477
478 }
479
480 error:
481 free(newbuf);
482 }
483
484
485
486 static void c3DES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
487 int bytes)
488 {
489 Cipher3DESState FAR *encryptstate = &pvar->crypt_state.enc.c3DES;
490
491 DES_ncbc_encrypt(buf, buf, bytes,
492 &encryptstate->k1, &encryptstate->ivec1, DES_ENCRYPT);
493 DES_ncbc_encrypt(buf, buf, bytes,
494 &encryptstate->k2, &encryptstate->ivec2, DES_DECRYPT);
495 DES_ncbc_encrypt(buf, buf, bytes,
496 &encryptstate->k3, &encryptstate->ivec3, DES_ENCRYPT);
497 }
498
499 static void c3DES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
500 int bytes)
501 {
502 Cipher3DESState FAR *decryptstate = &pvar->crypt_state.dec.c3DES;
503
504 DES_ncbc_encrypt(buf, buf, bytes,
505 &decryptstate->k3, &decryptstate->ivec3, DES_DECRYPT);
506 DES_ncbc_encrypt(buf, buf, bytes,
507 &decryptstate->k2, &decryptstate->ivec2, DES_ENCRYPT);
508 DES_ncbc_encrypt(buf, buf, bytes,
509 &decryptstate->k1, &decryptstate->ivec1, DES_DECRYPT);
510 }
511
512 static void cDES_encrypt(PTInstVar pvar, unsigned char FAR * buf,
513 int bytes)
514 {
515 CipherDESState FAR *encryptstate = &pvar->crypt_state.enc.cDES;
516
517 DES_ncbc_encrypt(buf, buf, bytes,
518 &encryptstate->k, &encryptstate->ivec, DES_ENCRYPT);
519 }
520
521 static void cDES_decrypt(PTInstVar pvar, unsigned char FAR * buf,
522 int bytes)
523 {
524 CipherDESState FAR *decryptstate = &pvar->crypt_state.dec.cDES;
525
526 DES_ncbc_encrypt(buf, buf, bytes,
527 &decryptstate->k, &decryptstate->ivec, DES_DECRYPT);
528 }
529
530 static void cIDEA_encrypt(PTInstVar pvar, unsigned char FAR * buf,
531 int bytes)
532 {
533 CipherIDEAState FAR *encryptstate = &pvar->crypt_state.enc.cIDEA;
534 int num = 0;
535
536 idea_cfb64_encrypt(buf, buf, bytes, &encryptstate->k,
537 encryptstate->ivec, &num, IDEA_ENCRYPT);
538 }
539
540 static void cIDEA_decrypt(PTInstVar pvar, unsigned char FAR * buf,
541 int bytes)
542 {
543 CipherIDEAState FAR *decryptstate = &pvar->crypt_state.dec.cIDEA;
544 int num = 0;
545
546 idea_cfb64_encrypt(buf, buf, bytes, &decryptstate->k,
547 decryptstate->ivec, &num, IDEA_DECRYPT);
548 }
549
550 static void flip_endianness(unsigned char FAR * cbuf, int bytes)
551 {
552 uint32 FAR *buf = (uint32 FAR *) cbuf;
553 int count = bytes / 4;
554
555 while (count > 0) {
556 uint32 w = *buf;
557
558 *buf = ((w << 24) & 0xFF000000) | ((w << 8) & 0x00FF0000)
559 | ((w >> 8) & 0x0000FF00) | ((w >> 24) & 0x000000FF);
560 count--;
561 buf++;
562 }
563 }
564
565 static void cBlowfish_encrypt(PTInstVar pvar, unsigned char FAR * buf,
566 int bytes)
567 {
568 CipherBlowfishState FAR *encryptstate =
569 &pvar->crypt_state.enc.cBlowfish;
570
571 flip_endianness(buf, bytes);
572 BF_cbc_encrypt(buf, buf, bytes, &encryptstate->k, encryptstate->ivec,
573 BF_ENCRYPT);
574 flip_endianness(buf, bytes);
575 }
576
577 static void cBlowfish_decrypt(PTInstVar pvar, unsigned char FAR * buf,
578 int bytes)
579 {
580 CipherBlowfishState FAR *decryptstate =
581 &pvar->crypt_state.dec.cBlowfish;
582
583 flip_endianness(buf, bytes);
584 BF_cbc_encrypt(buf, buf, bytes, &decryptstate->k, decryptstate->ivec,
585 BF_DECRYPT);
586 flip_endianness(buf, bytes);
587 }
588
589 static void cRC4_encrypt(PTInstVar pvar, unsigned char FAR * buf,
590 int bytes)
591 {
592 CipherRC4State FAR *encryptstate = &pvar->crypt_state.enc.cRC4;
593 int num = 0;
594
595 RC4(&encryptstate->k, bytes, buf, buf);
596 }
597
598 static void cRC4_decrypt(PTInstVar pvar, unsigned char FAR * buf,
599 int bytes)
600 {
601 CipherRC4State FAR *decryptstate = &pvar->crypt_state.dec.cRC4;
602 int num = 0;
603
604 RC4(&decryptstate->k, bytes, buf, buf);
605 }
606
607 void CRYPT_set_random_data(PTInstVar pvar, unsigned char FAR * buf,
608 int bytes)
609 {
610 RAND_bytes(buf, bytes);
611 }
612
613 void CRYPT_initialize_random_numbers(PTInstVar pvar)
614 {
615 RAND_screen();
616 }
617
618 static BIGNUM FAR *get_bignum(unsigned char FAR * bytes)
619 {
620 int bits = get_ushort16_MSBfirst(bytes);
621
622 return BN_bin2bn(bytes + 2, (bits + 7) / 8, NULL);
623 }
624
625 // make_key()を fingerprint 生成でも利用するので、staticを削除。(2006.3.27 yutaka)
626 RSA FAR *make_key(PTInstVar pvar,
627 int bits, unsigned char FAR * exp,
628 unsigned char FAR * mod)
629 {
630 RSA FAR *key = RSA_new();
631
632 if (key != NULL) {
633 key->e = get_bignum(exp);
634 key->n = get_bignum(mod);
635 }
636
637 if (key == NULL || key->e == NULL || key->n == NULL) {
638 UTIL_get_lang_msg("MSG_RSAKEY_SETUP_ERROR", pvar,
639 "Error setting up RSA keys");
640 notify_fatal_error(pvar, pvar->ts->UIMsg);
641
642 if (key != NULL) {
643 if (key->e != NULL) {
644 BN_free(key->e);
645 }
646 if (key->n != NULL) {
647 BN_free(key->n);
648 }
649 RSA_free(key);
650 }
651
652 return NULL;
653 } else {
654 return key;
655 }
656 }
657
658 void CRYPT_set_server_cookie(PTInstVar pvar, unsigned char FAR * cookie)
659 {
660 if (SSHv1(pvar)) {
661 memcpy(pvar->crypt_state.server_cookie, cookie, SSH_COOKIE_LENGTH);
662 } else {
663 memcpy(pvar->crypt_state.server_cookie, cookie,
664 SSH2_COOKIE_LENGTH);
665 }
666 }
667
668 void CRYPT_set_client_cookie(PTInstVar pvar, unsigned char FAR * cookie)
669 {
670 if (SSHv2(pvar)) {
671 memcpy(pvar->crypt_state.client_cookie, cookie,
672 SSH2_COOKIE_LENGTH);
673 }
674 }
675
676 BOOL CRYPT_set_server_RSA_key(PTInstVar pvar,
677 int bits, unsigned char FAR * exp,
678 unsigned char FAR * mod)
679 {
680 pvar->crypt_state.server_key.RSA_key = make_key(pvar, bits, exp, mod);
681
682 return pvar->crypt_state.server_key.RSA_key != NULL;
683 }
684
685 BOOL CRYPT_set_host_RSA_key(PTInstVar pvar,
686 int bits, unsigned char FAR * exp,
687 unsigned char FAR * mod)
688 {
689 pvar->crypt_state.host_key.RSA_key = make_key(pvar, bits, exp, mod);
690
691 return pvar->crypt_state.host_key.RSA_key != NULL;
692 }
693
694 BOOL CRYPT_set_supported_ciphers(PTInstVar pvar, int sender_ciphers,
695 int receiver_ciphers)
696 {
697 int cipher_mask;
698
699 if (SSHv1(pvar)) {
700 cipher_mask = (1 << SSH_CIPHER_DES)
701 | (1 << SSH_CIPHER_3DES)
702 | (1 << SSH_CIPHER_BLOWFISH);
703
704 } else { // for SSH2(yutaka)
705 // SSH2がサポートするデータ通信用アルゴリズム(公開鍵交換用とは別)
706 cipher_mask = (1 << SSH2_CIPHER_3DES_CBC)
707 | (1 << SSH2_CIPHER_AES128)
708 | (1 << SSH2_CIPHER_BLOWFISH)
709 | (1 << SSH2_CIPHER_AES192)
710 | (1 << SSH2_CIPHER_AES256);
711 }
712
713 sender_ciphers &= cipher_mask;
714 receiver_ciphers &= cipher_mask;
715 pvar->crypt_state.supported_sender_ciphers = sender_ciphers;
716 pvar->crypt_state.supported_receiver_ciphers = receiver_ciphers;
717
718 if (sender_ciphers == 0) {
719 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
720 "The server does not support any of the TTSSH encryption algorithms.\n"
721 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
722 "The connection will be closed.");
723 notify_fatal_error(pvar, pvar->ts->UIMsg);
724 return FALSE;
725 } else if (receiver_ciphers == 0) {
726 UTIL_get_lang_msg("MSG_UNAVAILABLE_CIPHERS_ERROR", pvar,
727 "The server does not support any of the TTSSH encryption algorithms.\n"
728 "A secure connection cannot be made in the TTSSH-to-server direction.\n"
729 "The connection will be closed.");
730 notify_fatal_error(pvar, pvar->ts->UIMsg);
731 return FALSE;
732 } else {
733 return TRUE;
734 }
735 }
736
737 int CRYPT_get_decryption_block_size(PTInstVar pvar)
738 {
739 if (SSHv1(pvar)) {
740 return 8;
741 } else {
742 // パケット受信時における復号アルゴリズムのブロックサイズ (2004.11.7 yutaka)
743 // cf. 3DES=8, AES128=16
744 return (pvar->ssh2_keys[MODE_IN].enc.block_size);
745 }
746 }
747
748 int CRYPT_get_encryption_block_size(PTInstVar pvar)
749 {
750 if (SSHv1(pvar)) {
751 return 8;
752 } else {
753 // パケット送信時における暗号アルゴリズムのブロックサイズ (2004.11.7 yutaka)
754 // cf. 3DES=8, AES128=16
755 return (pvar->ssh2_keys[MODE_OUT].enc.block_size);
756 }
757 }
758
759 int CRYPT_get_receiver_MAC_size(PTInstVar pvar)
760 {
761 struct Mac *mac;
762
763 if (SSHv1(pvar)) {
764 return 0;
765
766 } else { // for SSH2(yutaka)
767 mac = &pvar->ssh2_keys[MODE_IN].mac;
768 if (mac == NULL || mac->enabled == 0)
769 return 0;
770
771 return (pvar->ssh2_keys[MODE_IN].mac.mac_len);
772 }
773
774 }
775
776 // HMACの検証
777 // ※本関数は SSH2 でのみ使用される。
778 // (2004.12.17 yutaka)
779 BOOL CRYPT_verify_receiver_MAC(PTInstVar pvar, uint32 sequence_number,
780 char FAR * data, int len, char FAR * MAC)
781 {
782 HMAC_CTX c;
783 unsigned char m[EVP_MAX_MD_SIZE];
784 unsigned char b[4];
785 struct Mac *mac;
786
787 mac = &pvar->ssh2_keys[MODE_IN].mac;
788
789 // HMACがまだ有効でない場合は、検証OKとして返す。
790 if (mac == NULL || mac->enabled == 0)
791 return TRUE;
792
793 if (mac->key == NULL)
794 goto error;
795
796 if ((u_int)mac->mac_len > sizeof(m))
797 goto error;
798
799 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
800 set_uint32_MSBfirst(b, sequence_number);
801 HMAC_Update(&c, b, sizeof(b));
802 HMAC_Update(&c, data, len);
803 HMAC_Final(&c, m, NULL);
804 HMAC_cleanup(&c);
805
806 if (memcmp(m, MAC, mac->mac_len)) {
807 goto error;
808 }
809
810 return TRUE;
811
812 error:
813 return FALSE;
814 }
815
816 int CRYPT_get_sender_MAC_size(PTInstVar pvar)
817 {
818 struct Mac *mac;
819
820 if (SSHv2(pvar)) { // for SSH2(yutaka)
821 mac = &pvar->ssh2_keys[MODE_OUT].mac;
822 if (mac == NULL || mac->enabled == 0)
823 return 0;
824
825 return (mac->mac_len);
826 }
827
828 return 0;
829 }
830
831 // for SSH2
832 BOOL CRYPT_build_sender_MAC(PTInstVar pvar, uint32 sequence_number,
833 char FAR * data, int len, char FAR * MAC)
834 {
835 HMAC_CTX c;
836 static u_char m[EVP_MAX_MD_SIZE];
837 u_char b[4];
838 struct Mac *mac;
839
840 if (SSHv2(pvar)) { // for SSH2(yutaka)
841 mac = &pvar->ssh2_keys[MODE_OUT].mac;
842 if (mac == NULL || mac->enabled == 0)
843 return FALSE;
844
845 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
846 set_uint32_MSBfirst(b, sequence_number);
847 HMAC_Update(&c, b, sizeof(b));
848 HMAC_Update(&c, data, len);
849 HMAC_Final(&c, m, NULL);
850 HMAC_cleanup(&c);
851
852 // 20バイト分だけコピー
853 memcpy(MAC, m, pvar->ssh2_keys[MODE_OUT].mac.mac_len);
854 // memcpy(MAC, m, sizeof(m));
855
856 return TRUE;
857 }
858
859 return TRUE;
860
861 }
862
863 static int choose_cipher(PTInstVar pvar, int supported)
864 {
865 int i;
866
867 for (i = 0; pvar->session_settings.CipherOrder[i] != 0; i++) {
868 int cipher = pvar->session_settings.CipherOrder[i] - '0';
869
870 if (cipher == SSH_CIPHER_NONE) {
871 break;
872 } else if ((supported & (1 << cipher)) != 0) {
873 return cipher;
874 }
875 }
876
877 return SSH_CIPHER_NONE;
878 }
879
880 BOOL CRYPT_choose_ciphers(PTInstVar pvar)
881 {
882 if (SSHv1(pvar)) {
883 pvar->crypt_state.sender_cipher = choose_cipher(pvar,
884 pvar->crypt_state.
885 supported_sender_ciphers);
886 pvar->crypt_state.receiver_cipher =
887 choose_cipher(pvar, pvar->crypt_state.supported_receiver_ciphers);
888
889 } else { // SSH2(yutaka)
890 pvar->crypt_state.sender_cipher = pvar->ctos_cipher;
891 pvar->crypt_state.receiver_cipher =pvar->stoc_cipher;
892
893 }
894
895 if (pvar->crypt_state.sender_cipher == SSH_CIPHER_NONE
896 || pvar->crypt_state.receiver_cipher == SSH_CIPHER_NONE) {
897 UTIL_get_lang_msg("MSG_CHIPHER_NONE_ERROR", pvar,
898 "All the encryption algorithms that this program and the server both understand have been disabled.\n"
899 "To communicate with this server, you will have to enable some more ciphers\n"
900 "in the TTSSH Setup dialog box when you run Teraterm again.\n"
901 "This connection will now close.");
902 notify_fatal_error(pvar, pvar->ts->UIMsg);
903 return FALSE;
904 } else {
905 return TRUE;
906 }
907 }
908
909 int CRYPT_get_encrypted_session_key_len(PTInstVar pvar)
910 {
911 int server_key_bits =
912 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
913 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
914 int server_key_bytes = (server_key_bits + 7) / 8;
915 int host_key_bytes = (host_key_bits + 7) / 8;
916
917 if (server_key_bits < host_key_bits) {
918 return host_key_bytes;
919 } else {
920 return server_key_bytes;
921 }
922 }
923
924 int CRYPT_choose_session_key(PTInstVar pvar,
925 unsigned char FAR * encrypted_key_buf)
926 {
927 int server_key_bits =
928 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
929 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
930 int server_key_bytes = (server_key_bits + 7) / 8;
931 int host_key_bytes = (host_key_bits + 7) / 8;
932 int encrypted_key_bytes;
933 int bit_delta;
934
935 if (server_key_bits < host_key_bits) {
936 encrypted_key_bytes = host_key_bytes;
937 bit_delta = host_key_bits - server_key_bits;
938 } else {
939 encrypted_key_bytes = server_key_bytes;
940 bit_delta = server_key_bits - host_key_bits;
941 }
942
943 if (bit_delta < 128 || server_key_bits < 512 || host_key_bits < 512) {
944 UTIL_get_lang_msg("MSG_RASKEY_TOOWEAK_ERROR", pvar,
945 "Server RSA keys are too weak. A secure connection cannot be established.");
946 notify_fatal_error(pvar, pvar->ts->UIMsg);
947 return 0;
948 } else {
949 /* following Goldberg's code, I'm using MD5(servkey->n || hostkey->n || cookie)
950 for the session ID, rather than the one specified in the RFC */
951 int session_buf_len = server_key_bytes + host_key_bytes + 8;
952 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
953 char session_id[16];
954 int i;
955
956 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
957 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
958 session_buf + host_key_bytes);
959 memcpy(session_buf + server_key_bytes + host_key_bytes,
960 pvar->crypt_state.server_cookie, 8);
961 MD5(session_buf, session_buf_len, session_id);
962
963 free(session_buf);
964
965 RAND_bytes(pvar->crypt_state.sender_cipher_key,
966 SSH_SESSION_KEY_LENGTH);
967 memcpy(pvar->crypt_state.receiver_cipher_key,
968 pvar->crypt_state.sender_cipher_key,
969 SSH_SESSION_KEY_LENGTH);
970
971 memcpy(encrypted_key_buf + encrypted_key_bytes -
972 SSH_SESSION_KEY_LENGTH, pvar->crypt_state.sender_cipher_key,
973 SSH_SESSION_KEY_LENGTH);
974 for (i = 0; i < sizeof(session_id); i++) {
975 encrypted_key_buf[encrypted_key_bytes -
976 SSH_SESSION_KEY_LENGTH + i]
977 ^= session_id[i];
978 }
979
980 if (host_key_bits > server_key_bits) {
981 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
982 encrypted_key_buf +
983 encrypted_key_bytes -
984 SSH_SESSION_KEY_LENGTH,
985 encrypted_key_buf +
986 encrypted_key_bytes - server_key_bytes,
987 pvar->crypt_state.server_key.RSA_key,
988 RSA_PKCS1_PADDING) < 0)
989 return 0;
990
991 if (RSA_public_encrypt(server_key_bytes,
992 encrypted_key_buf +
993 encrypted_key_bytes - server_key_bytes,
994 encrypted_key_buf,
995 pvar->crypt_state.host_key.RSA_key,
996 RSA_PKCS1_PADDING) < 0)
997 return 0;
998 } else {
999 if (RSA_public_encrypt(SSH_SESSION_KEY_LENGTH,
1000 encrypted_key_buf +
1001 encrypted_key_bytes -
1002 SSH_SESSION_KEY_LENGTH,
1003 encrypted_key_buf +
1004 encrypted_key_bytes - host_key_bytes,
1005 pvar->crypt_state.host_key.RSA_key,
1006 RSA_PKCS1_PADDING) < 0)
1007 return 0;
1008
1009 if (RSA_public_encrypt(host_key_bytes,
1010 encrypted_key_buf +
1011 encrypted_key_bytes - host_key_bytes,
1012 encrypted_key_buf,
1013 pvar->crypt_state.server_key.RSA_key,
1014 RSA_PKCS1_PADDING) < 0)
1015 return 0;
1016 }
1017 }
1018
1019 return 1;
1020 }
1021
1022 int CRYPT_generate_RSA_challenge_response(PTInstVar pvar,
1023 unsigned char FAR * challenge,
1024 int challenge_len,
1025 unsigned char FAR * response)
1026 {
1027 int server_key_bits =
1028 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n);
1029 int host_key_bits = BN_num_bits(pvar->crypt_state.host_key.RSA_key->n);
1030 int server_key_bytes = (server_key_bits + 7) / 8;
1031 int host_key_bytes = (host_key_bits + 7) / 8;
1032 int session_buf_len = server_key_bytes + host_key_bytes + 8;
1033 char FAR *session_buf = (char FAR *) malloc(session_buf_len);
1034 char decrypted_challenge[48];
1035 int decrypted_challenge_len;
1036
1037 decrypted_challenge_len =
1038 RSA_private_decrypt(challenge_len, challenge, challenge,
1039 AUTH_get_cur_cred(pvar)->key_pair->RSA_key,
1040 RSA_PKCS1_PADDING);
1041 if (decrypted_challenge_len < 0) {
1042 free(session_buf);
1043 return 0;
1044 }
1045 if (decrypted_challenge_len >= SSH_RSA_CHALLENGE_LENGTH) {
1046 memcpy(decrypted_challenge,
1047 challenge + decrypted_challenge_len -
1048 SSH_RSA_CHALLENGE_LENGTH, SSH_RSA_CHALLENGE_LENGTH);
1049 } else {
1050 memset(decrypted_challenge, 0,
1051 SSH_RSA_CHALLENGE_LENGTH - decrypted_challenge_len);
1052 memcpy(decrypted_challenge + SSH_RSA_CHALLENGE_LENGTH -
1053 decrypted_challenge_len, challenge,
1054 decrypted_challenge_len);
1055 }
1056
1057 BN_bn2bin(pvar->crypt_state.host_key.RSA_key->n, session_buf);
1058 BN_bn2bin(pvar->crypt_state.server_key.RSA_key->n,
1059 session_buf + host_key_bytes);
1060 memcpy(session_buf + server_key_bytes + host_key_bytes,
1061 pvar->crypt_state.server_cookie, 8);
1062 MD5(session_buf, session_buf_len, decrypted_challenge + 32);
1063
1064 free(session_buf);
1065
1066 MD5(decrypted_challenge, 48, response);
1067
1068 return 1;
1069 }
1070
1071 static void c3DES_init(char FAR * session_key, Cipher3DESState FAR * state)
1072 {
1073 DES_set_key((const_DES_cblock FAR *) session_key, &state->k1);
1074 DES_set_key((const_DES_cblock FAR *) (session_key + 8), &state->k2);
1075 DES_set_key((const_DES_cblock FAR *) (session_key + 16), &state->k3);
1076 memset(state->ivec1, 0, 8);
1077 memset(state->ivec2, 0, 8);
1078 memset(state->ivec3, 0, 8);
1079 }
1080
1081 static void cDES_init(char FAR * session_key, CipherDESState FAR * state)
1082 {
1083 DES_set_key((const_des_cblock FAR *) session_key, &state->k);
1084 memset(state->ivec, 0, 8);
1085 }
1086
1087 static void cIDEA_init(char FAR * session_key, CipherIDEAState FAR * state)
1088 {
1089 idea_set_encrypt_key(session_key, &state->k);
1090 memset(state->ivec, 0, 8);
1091 }
1092
1093 static void cBlowfish_init(char FAR * session_key,
1094 CipherBlowfishState FAR * state)
1095 {
1096 BF_set_key(&state->k, 32, session_key);
1097 memset(state->ivec, 0, 8);
1098 }
1099
1100
1101 //
1102 // SSH2用アルゴリズムの初期化
1103 //
1104 // for SSH2(yutaka)
1105 //
1106 void cipher_init_SSH2(EVP_CIPHER_CTX *evp,
1107 const u_char *key, u_int keylen,
1108 const u_char *iv, u_int ivlen,
1109 int encrypt,
1110 const EVP_CIPHER *(*func)(void),
1111 PTInstVar pvar)
1112 {
1113 EVP_CIPHER *type;
1114 int klen;
1115 char tmp[80];
1116
1117 type = (EVP_CIPHER *)func();
1118
1119 EVP_CIPHER_CTX_init(evp);
1120 if (EVP_CipherInit(evp, type, NULL, (u_char *)iv, (encrypt == CIPHER_ENCRYPT)) == 0) {
1121 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1122 "Cipher initialize error(%d)");
1123 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 1);
1124 notify_fatal_error(pvar, tmp);
1125 return;
1126 }
1127
1128 klen = EVP_CIPHER_CTX_key_length(evp);
1129 if (klen > 0 && keylen != klen) {
1130 if (EVP_CIPHER_CTX_set_key_length(evp, keylen) == 0) {
1131 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1132 "Cipher initialize error(%d)");
1133 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 2);
1134 notify_fatal_error(pvar, tmp);
1135 return;
1136 }
1137 }
1138 if (EVP_CipherInit(evp, NULL, (u_char *)key, NULL, -1) == 0) {
1139 UTIL_get_lang_msg("MSG_CIPHER_INIT_ERROR", pvar,
1140 "Cipher initialize error(%d)");
1141 _snprintf_s(tmp, sizeof(tmp), _TRUNCATE, pvar->ts->UIMsg, 3);
1142 notify_fatal_error(pvar, tmp);
1143 return;
1144 }
1145 }
1146
1147
1148 BOOL CRYPT_start_encryption(PTInstVar pvar, int sender_flag, int receiver_flag)
1149 {
1150 char FAR *encryption_key = pvar->crypt_state.sender_cipher_key;
1151 char FAR *decryption_key = pvar->crypt_state.receiver_cipher_key;
1152 BOOL isOK = TRUE;
1153
1154 if (sender_flag) {
1155 switch (pvar->crypt_state.sender_cipher) {
1156 // for SSH2(yutaka)
1157 case SSH2_CIPHER_3DES_CBC:
1158 {
1159 struct Enc *enc;
1160
1161 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1162 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1163 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1164 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1165 CIPHER_ENCRYPT,
1166 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1167 pvar);
1168
1169 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1170 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1171
1172 pvar->crypt_state.encrypt = c3DES_CBC_encrypt;
1173 break;
1174 }
1175
1176 // for SSH2(yutaka)
1177 case SSH2_CIPHER_AES128:
1178 case SSH2_CIPHER_AES192:
1179 case SSH2_CIPHER_AES256:
1180 {
1181 struct Enc *enc;
1182
1183 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1184 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1185 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1186 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1187 CIPHER_ENCRYPT,
1188 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1189 pvar);
1190
1191 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1192 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1193
1194 pvar->crypt_state.encrypt = cAES128_encrypt;
1195 break;
1196 }
1197
1198 case SSH2_CIPHER_BLOWFISH:
1199 {
1200 struct Enc *enc;
1201
1202 enc = &pvar->ssh2_keys[MODE_OUT].enc;
1203 cipher_init_SSH2(&pvar->evpcip[MODE_OUT],
1204 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1205 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1206 CIPHER_ENCRYPT,
1207 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1208 pvar);
1209
1210 //debug_print(10, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1211 //debug_print(11, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1212
1213 pvar->crypt_state.encrypt = cBlowfish_encrypt2;
1214 break;
1215 }
1216
1217 case SSH_CIPHER_3DES:{
1218 c3DES_init(encryption_key, &pvar->crypt_state.enc.c3DES);
1219 pvar->crypt_state.encrypt = c3DES_encrypt;
1220 break;
1221 }
1222 case SSH_CIPHER_IDEA:{
1223 cIDEA_init(encryption_key, &pvar->crypt_state.enc.cIDEA);
1224 pvar->crypt_state.encrypt = cIDEA_encrypt;
1225 break;
1226 }
1227 case SSH_CIPHER_DES:{
1228 cDES_init(encryption_key, &pvar->crypt_state.enc.cDES);
1229 pvar->crypt_state.encrypt = cDES_encrypt;
1230 break;
1231 }
1232 case SSH_CIPHER_RC4:{
1233 RC4_set_key(&pvar->crypt_state.enc.cRC4.k, 16,
1234 encryption_key + 16);
1235 pvar->crypt_state.encrypt = cRC4_encrypt;
1236 break;
1237 }
1238 case SSH_CIPHER_BLOWFISH:{
1239 cBlowfish_init(encryption_key,
1240 &pvar->crypt_state.enc.cBlowfish);
1241 pvar->crypt_state.encrypt = cBlowfish_encrypt;
1242 break;
1243 }
1244 default:
1245 isOK = FALSE;
1246 }
1247 }
1248
1249
1250 if (receiver_flag) {
1251 switch (pvar->crypt_state.receiver_cipher) {
1252 // for SSH2(yutaka)
1253 case SSH2_CIPHER_3DES_CBC:
1254 {
1255 struct Enc *enc;
1256
1257 enc = &pvar->ssh2_keys[MODE_IN].enc;
1258 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1259 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1260 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1261 CIPHER_DECRYPT,
1262 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1263 pvar);
1264
1265 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1266 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1267
1268 pvar->crypt_state.decrypt = c3DES_CBC_decrypt;
1269 break;
1270 }
1271
1272 // for SSH2(yutaka)
1273 case SSH2_CIPHER_AES128:
1274 case SSH2_CIPHER_AES192:
1275 case SSH2_CIPHER_AES256:
1276 {
1277 struct Enc *enc;
1278
1279 enc = &pvar->ssh2_keys[MODE_IN].enc;
1280 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1281 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1282 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1283 CIPHER_DECRYPT,
1284 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1285 pvar);
1286
1287 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1288 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1289
1290 pvar->crypt_state.decrypt = cAES128_decrypt;
1291 break;
1292 }
1293
1294 case SSH2_CIPHER_BLOWFISH:
1295 {
1296 struct Enc *enc;
1297
1298 enc = &pvar->ssh2_keys[MODE_IN].enc;
1299 cipher_init_SSH2(&pvar->evpcip[MODE_IN],
1300 enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher),
1301 enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher),
1302 CIPHER_DECRYPT,
1303 get_cipher_EVP_CIPHER(pvar->crypt_state.sender_cipher),
1304 pvar);
1305
1306 //debug_print(12, enc->key, get_cipher_key_len(pvar->crypt_state.sender_cipher));
1307 //debug_print(13, enc->iv, get_cipher_block_size(pvar->crypt_state.sender_cipher));
1308
1309 pvar->crypt_state.decrypt = cBlowfish_decrypt2;
1310 break;
1311 }
1312
1313 case SSH_CIPHER_3DES:{
1314 c3DES_init(decryption_key, &pvar->crypt_state.dec.c3DES);
1315 pvar->crypt_state.decrypt = c3DES_decrypt;
1316 break;
1317 }
1318 case SSH_CIPHER_IDEA:{
1319 cIDEA_init(decryption_key, &pvar->crypt_state.dec.cIDEA);
1320 pvar->crypt_state.decrypt = cIDEA_decrypt;
1321 break;
1322 }
1323 case SSH_CIPHER_DES:{
1324 cDES_init(decryption_key, &pvar->crypt_state.dec.cDES);
1325 pvar->crypt_state.decrypt = cDES_decrypt;
1326 break;
1327 }
1328 case SSH_CIPHER_RC4:{
1329 RC4_set_key(&pvar->crypt_state.dec.cRC4.k, 16, decryption_key);
1330 pvar->crypt_state.decrypt = cRC4_decrypt;
1331 break;
1332 }
1333 case SSH_CIPHER_BLOWFISH:{
1334 cBlowfish_init(decryption_key,
1335 &pvar->crypt_state.dec.cBlowfish);
1336 pvar->crypt_state.decrypt = cBlowfish_decrypt;
1337 break;
1338 }
1339 default:
1340 isOK = FALSE;
1341 }
1342 }
1343
1344
1345 if (!isOK) {
1346 UTIL_get_lang_msg("MSG_CHPHER_NOTSELECTED_ERROR", pvar,
1347 "No cipher selected!");
1348 notify_fatal_error(pvar, pvar->ts->UIMsg);
1349 return FALSE;
1350 } else {
1351 memset(encryption_key, 0, CRYPT_KEY_LENGTH);
1352 memset(decryption_key, 0, CRYPT_KEY_LENGTH);
1353 return TRUE;
1354 }
1355 }
1356
1357 void CRYPT_init(PTInstVar pvar)
1358 {
1359 pvar->crypt_state.encrypt = no_encrypt;
1360 pvar->crypt_state.decrypt = no_encrypt;
1361 pvar->crypt_state.sender_cipher = SSH_CIPHER_NONE;
1362 pvar->crypt_state.receiver_cipher = SSH_CIPHER_NONE;
1363 pvar->crypt_state.server_key.RSA_key = NULL;
1364 pvar->crypt_state.host_key.RSA_key = NULL;
1365
1366 pvar->crypt_state.detect_attack_statics.h = NULL;
1367 pvar->crypt_state.detect_attack_statics.n =
1368 HASH_MINSIZE / HASH_ENTRYSIZE;
1369 }
1370
1371 static char FAR *get_cipher_name(int cipher)
1372 {
1373 switch (cipher) {
1374 case SSH_CIPHER_NONE:
1375 return "None";
1376 case SSH_CIPHER_3DES:
1377 return "3DES (168 key bits)";
1378 case SSH_CIPHER_DES:
1379 return "DES (56 key bits)";
1380 case SSH_CIPHER_IDEA:
1381 return "IDEA (128 key bits)";
1382 case SSH_CIPHER_RC4:
1383 return "RC4 (128 key bits)";
1384 case SSH_CIPHER_BLOWFISH:
1385 return "Blowfish (256 key bits)";
1386
1387 // SSH2
1388 case SSH2_CIPHER_3DES_CBC:
1389 return "3DES-CBC";
1390 case SSH2_CIPHER_AES128:
1391 return "AES128";
1392 case SSH2_CIPHER_AES192:
1393 return "AES192";
1394 case SSH2_CIPHER_AES256:
1395 return "AES256";
1396 case SSH2_CIPHER_BLOWFISH:
1397 return "Blowfish";
1398
1399 default:
1400 return "Unknown";
1401 }
1402 }
1403
1404 void CRYPT_get_cipher_info(PTInstVar pvar, char FAR * dest, int len)
1405 {
1406 UTIL_get_lang_msg("DLG_ABOUT_CIPHER_INFO", pvar,
1407 "%s to server, %s from server");
1408 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1409 get_cipher_name(pvar->crypt_state.sender_cipher),
1410 get_cipher_name(pvar->crypt_state.receiver_cipher));
1411 }
1412
1413 void CRYPT_get_server_key_info(PTInstVar pvar, char FAR * dest, int len)
1414 {
1415 if (SSHv1(pvar)) {
1416 if (pvar->crypt_state.server_key.RSA_key == NULL
1417 || pvar->crypt_state.host_key.RSA_key == NULL) {
1418 UTIL_get_lang_msg("DLG_ABOUT_KEY_NONE", pvar, "None");
1419 strncpy_s(dest, len, pvar->ts->UIMsg, _TRUNCATE);
1420 } else {
1421 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1422 "%d-bit server key, %d-bit host key");
1423 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1424 BN_num_bits(pvar->crypt_state.server_key.RSA_key->n),
1425 BN_num_bits(pvar->crypt_state.host_key.RSA_key->n));
1426 }
1427 } else { // SSH2
1428 UTIL_get_lang_msg("DLG_ABOUT_KEY_INFO", pvar,
1429 "%d-bit server key, %d-bit host key");
1430 _snprintf_s(dest, len, _TRUNCATE, pvar->ts->UIMsg,
1431 pvar->server_key_bits,
1432 pvar->client_key_bits);
1433 }
1434 }
1435
1436 static void destroy_public_key(CRYPTPublicKey FAR * key)
1437 {
1438 if (key->RSA_key != NULL) {
1439 RSA_free(key->RSA_key);
1440 key->RSA_key = NULL;
1441 }
1442 }
1443
1444 void CRYPT_free_public_key(CRYPTPublicKey FAR * key)
1445 {
1446 destroy_public_key(key);
1447 free(key);
1448 }
1449
1450 void CRYPT_end(PTInstVar pvar)
1451 {
1452 destroy_public_key(&pvar->crypt_state.host_key);
1453 destroy_public_key(&pvar->crypt_state.server_key);
1454
1455 if (pvar->crypt_state.detect_attack_statics.h != NULL) {
1456 memset(pvar->crypt_state.detect_attack_statics.h, 0,
1457 pvar->crypt_state.detect_attack_statics.n * HASH_ENTRYSIZE);
1458 free(pvar->crypt_state.detect_attack_statics.h);
1459 }
1460
1461 memset(pvar->crypt_state.sender_cipher_key, 0,
1462 sizeof(pvar->crypt_state.sender_cipher_key));
1463 memset(pvar->crypt_state.receiver_cipher_key, 0,
1464 sizeof(pvar->crypt_state.receiver_cipher_key));
1465 memset(pvar->crypt_state.server_cookie, 0,
1466 sizeof(pvar->crypt_state.server_cookie));
1467 memset(pvar->crypt_state.client_cookie, 0,
1468 sizeof(pvar->crypt_state.client_cookie));
1469 memset(&pvar->crypt_state.enc, 0, sizeof(pvar->crypt_state.enc));
1470 memset(&pvar->crypt_state.dec, 0, sizeof(pvar->crypt_state.dec));
1471 }
1472
1473 int CRYPT_passphrase_decrypt(int cipher, char FAR * passphrase,
1474 char FAR * buf, int bytes)
1475 {
1476 unsigned char passphrase_key[16];
1477
1478 MD5(passphrase, strlen(passphrase), passphrase_key);
1479
1480 switch (cipher) {
1481 case SSH_CIPHER_3DES:{
1482 Cipher3DESState state;
1483
1484 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1485 &state.k1);
1486 DES_set_key((const_DES_cblock FAR *) (passphrase_key + 8),
1487 &state.k2);
1488 DES_set_key((const_DES_cblock FAR *) passphrase_key,
1489 &state.k3);
1490 memset(state.ivec1, 0, 8);
1491 memset(state.ivec2, 0, 8);
1492 memset(state.ivec3, 0, 8);
1493 DES_ncbc_encrypt(buf, buf, bytes,
1494 &state.k3, &state.ivec3, DES_DECRYPT);
1495 DES_ncbc_encrypt(buf, buf, bytes,
1496 &state.k2, &state.ivec2, DES_ENCRYPT);
1497 DES_ncbc_encrypt(buf, buf, bytes,
1498 &state.k1, &state.ivec1, DES_DECRYPT);
1499 break;
1500 }
1501
1502 case SSH_CIPHER_IDEA:{
1503 CipherIDEAState state;
1504 int num = 0;
1505
1506 cIDEA_init(passphrase_key, &state);
1507 idea_cfb64_encrypt(buf, buf, bytes, &state.k, state.ivec,
1508 &num, IDEA_DECRYPT);
1509 break;
1510 }
1511
1512 case SSH_CIPHER_DES:{
1513 CipherDESState state;
1514
1515 cDES_init(passphrase_key, &state);
1516 DES_ncbc_encrypt(buf, buf, bytes,
1517 &state.k, &state.ivec, DES_DECRYPT);
1518 break;
1519 }
1520
1521 case SSH_CIPHER_RC4:{
1522 CipherRC4State state;
1523 int num = 0;
1524
1525 RC4_set_key(&state.k, 16, passphrase_key);
1526 RC4(&state.k, bytes, buf, buf);
1527 break;
1528 }
1529
1530 case SSH_CIPHER_BLOWFISH:{
1531 CipherBlowfishState state;
1532
1533 BF_set_key(&state.k, 16, passphrase_key);
1534 memset(state.ivec, 0, 8);
1535 flip_endianness(buf, bytes);
1536 BF_cbc_encrypt(buf, buf, bytes, &state.k, state.ivec,
1537 BF_DECRYPT);
1538 flip_endianness(buf, bytes);
1539 break;
1540 }
1541
1542 case SSH_CIPHER_NONE:
1543 break;
1544
1545 default:
1546 memset(passphrase_key, 0, sizeof(passphrase_key));
1547 return 0;
1548 }
1549
1550 memset(passphrase_key, 0, sizeof(passphrase_key));
1551 return 1;
1552 }
1553
1554 void CRYPT_free_key_pair(CRYPTKeyPair FAR * key_pair)
1555 {
1556 if (key_pair->RSA_key != NULL)
1557 RSA_free(key_pair->RSA_key);
1558
1559 if (key_pair->DSA_key != NULL)
1560 DSA_free(key_pair->DSA_key);
1561
1562 free(key_pair);
1563 }
About SourceForge.JP
Find Software
Develop Software
Community
Help
SourceForge.JP is a Japanese version of SourceForge.net. For developments that are not related to Japan, we recommend you to use SourceForge.net.