nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity

Second attempt. Can successfully decrypt the _first block_ of a packet.

Browse Source 
[originally from svn r570]
This commit is contained in:
Simon Tatham 2000-09-05 16:23:36 +00:00
parent 35205e5cb7
commit 36a499a7f1
5 changed files with 169 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
ssh.c
View File

@ -104,11 +104,11 @@ extern struct ssh_mac ssh_sha1;
SHA_State exhash; SHA_State exhash;
static void nullmac_sesskey(unsigned char *key, int len) { } static void nullmac_key(unsigned char *key) { }
static void nullmac_generate(unsigned char *blk, int len, unsigned long seq) { } static void nullmac_generate(unsigned char *blk, int len, unsigned long seq) { }
static int nullmac_verify(unsigned char *blk, int len, unsigned long seq) { return 1; } static int nullmac_verify(unsigned char *blk, int len, unsigned long seq) { return 1; }
struct ssh_mac ssh_mac_none = { struct ssh_mac ssh_mac_none = {
nullmac_sesskey, nullmac_generate, nullmac_verify, "none", 0 nullmac_key, nullmac_key, nullmac_generate, nullmac_verify, "none", 0
}; };
struct ssh_mac *macs[] = { &ssh_sha1, &ssh_mac_none }; struct ssh_mac *macs[] = { &ssh_sha1, &ssh_mac_none };
@ -346,8 +346,16 @@ next_packet:
/* FIXME */ /* FIXME */
} }
#endif #endif
debug(("Got initblk:"));
for (i = 0; i < cipherblk; i++)
debug((" %02x", (unsigned char)pktin.data[i]));
debug(("\r\n"));
if (sccipher) if (sccipher)
sccipher->decrypt(pktin.data, cipherblk); sccipher->decrypt(pktin.data, cipherblk);
debug(("Decrypted initblk:"));
for (i = 0; i < cipherblk; i++)
debug((" %02x", (unsigned char)pktin.data[i]));
debug(("\r\n"));
/* /*
* Now get the length and padding figures. * Now get the length and padding figures.
@ -392,6 +400,11 @@ next_packet:
if (sccipher) if (sccipher)
sccipher->decrypt(pktin.data + cipherblk, packetlen - cipherblk); sccipher->decrypt(pktin.data + cipherblk, packetlen - cipherblk);
debug(("Got packet len=%d pad=%d\r\n", len, pad));
for (i = 0; i < packetlen; i++)
debug((" %02x", (unsigned char)pktin.data[i]));
debug(("\r\n"));
/* /*
* Check the MAC. * Check the MAC.
*/ */
@ -400,12 +413,6 @@ next_packet:
pktin.savedpos = 6; pktin.savedpos = 6;
pktin.type = pktin.data[5]; pktin.type = pktin.data[5];
#if 0
debug(("Got packet len=%d pad=%d\r\n", len, pad));
for (i = 0; i < payload; i++)
debug((" %02x", (unsigned char)pktin.data[i]));
debug(("\r\n"));
#endif
/* /*
* FIXME: handle IGNORE and DEBUG messages. * FIXME: handle IGNORE and DEBUG messages.
@ -1310,6 +1317,26 @@ int in_commasep_string(char *needle, char *haystack, int haylen) {
} }
} }
/*
* SSH2 key creation method.
*/
void ssh2_mkkey(Bignum K, char *H, char chr, char *keyspace) {
SHA_State s;
/* First 20 bytes. */
SHA_Init(&s);
sha_mpint(&s, K);
SHA_Bytes(&s, H, 20);
SHA_Bytes(&s, &chr, 1);
SHA_Bytes(&s, H, 20);
SHA_Final(&s, keyspace);
/* Next 20 bytes. */
SHA_Init(&s);
sha_mpint(&s, K);
SHA_Bytes(&s, H, 20);
SHA_Bytes(&s, keyspace, 20);
SHA_Final(&s, keyspace+20);
}
/* /*
* Handle the SSH2 key exchange phase. * Handle the SSH2 key exchange phase.
*/ */
@ -1327,6 +1354,7 @@ static int do_ssh2_kex(unsigned char *in, int inlen, int ispkt)
static char *hostkeydata, *sigdata; static char *hostkeydata, *sigdata;
static int hostkeylen, siglen; static int hostkeylen, siglen;
static unsigned char exchange_hash[20]; static unsigned char exchange_hash[20];
static unsigned char keyspace[40];
crBegin; crBegin;
@ -1519,9 +1547,43 @@ static int do_ssh2_kex(unsigned char *in, int inlen, int ispkt)
debug(("\r\n")); debug(("\r\n"));
/* /*
* FIXME: verify hostkeydata and sigdata. * FIXME: verify host key. This bit will be moderately
* unpleasant, because of having to rewrite it to work
* alongside the old scheme.
*/ */
/*
* FIXME: verify signature of exchange hash.
*/
/*
* Send SSH2_MSG_NEWKEYS. Expect it from server.
*/
ssh2_pkt_init(SSH2_MSG_NEWKEYS);
ssh2_pkt_send();
crWaitUntil(ispkt);
if (pktin.type != SSH2_MSG_NEWKEYS)
fatalbox("expected new-keys packet from server");
/*
* Create and initialise session keys.
*/
cscipher = cscipher_tobe;
sccipher = sccipher_tobe;
csmac = csmac_tobe;
scmac = scmac_tobe;
cscomp = cscomp_tobe;
sccomp = sccomp_tobe;
/*
* Set IVs after keys.
*/
ssh2_mkkey(K, exchange_hash, 'C', keyspace); cscipher->setcskey(keyspace);
ssh2_mkkey(K, exchange_hash, 'D', keyspace); cscipher->setsckey(keyspace);
ssh2_mkkey(K, exchange_hash, 'A', keyspace); cscipher->setcsiv(keyspace);
ssh2_mkkey(K, exchange_hash, 'B', keyspace); sccipher->setsciv(keyspace);
ssh2_mkkey(K, exchange_hash, 'E', keyspace); csmac->setcskey(keyspace);
ssh2_mkkey(K, exchange_hash, 'F', keyspace); scmac->setsckey(keyspace);
crWaitUntil(0); crWaitUntil(0);
crFinish(1); crFinish(1);

9
ssh.h
View File

@ -73,7 +73,11 @@ void SHA_Bytes(SHA_State *s, void *p, int len);
void SHA_Final(SHA_State *s, unsigned char *output); void SHA_Final(SHA_State *s, unsigned char *output);
struct ssh_cipher { struct ssh_cipher {
void (*sesskey)(unsigned char *key); void (*sesskey)(unsigned char *key); /* for ssh 1 */
void (*setcsiv)(unsigned char *key); /* for ssh 2 */
void (*setcskey)(unsigned char *key); /* for ssh 2 */
void (*setsciv)(unsigned char *key); /* for ssh 2 */
void (*setsckey)(unsigned char *key); /* for ssh 2 */
void (*encrypt)(unsigned char *blk, int len); void (*encrypt)(unsigned char *blk, int len);
void (*decrypt)(unsigned char *blk, int len); void (*decrypt)(unsigned char *blk, int len);
char *name; char *name;
@ -81,7 +85,8 @@ struct ssh_cipher {
}; };
struct ssh_mac { struct ssh_mac {
void (*sesskey)(unsigned char *key, int len); void (*setcskey)(unsigned char *key);
void (*setsckey)(unsigned char *key);
void (*generate)(unsigned char *blk, int len, unsigned long seq); void (*generate)(unsigned char *blk, int len, unsigned long seq);
int (*verify)(unsigned char *blk, int len, unsigned long seq); int (*verify)(unsigned char *blk, int len, unsigned long seq);
char *name; char *name;

26
sshblowf.c
View File

@ -392,6 +392,30 @@ static void blowfish_setkey(BlowfishContext *ctx,
#define SSH_SESSION_KEY_LENGTH 32 #define SSH_SESSION_KEY_LENGTH 32
static BlowfishContext ectx, dctx; static BlowfishContext ectx, dctx;
static void blowfish_cskey(unsigned char *key)
{
blowfish_setkey(&ectx, key, 16);
logevent("Initialised Blowfish client->server encryption");
}
static void blowfish_sckey(unsigned char *key)
{
blowfish_setkey(&dctx, key, 16);
logevent("Initialised Blowfish server->client encryption");
}
static void blowfish_csiv(unsigned char *key)
{
ectx.iv0 = GET_32BIT_LSB_FIRST(key);
ectx.iv1 = GET_32BIT_LSB_FIRST(key+4);
}
static void blowfish_sciv(unsigned char *key)
{
dctx.iv0 = GET_32BIT_LSB_FIRST(key);
dctx.iv1 = GET_32BIT_LSB_FIRST(key+4);
}
static void blowfish_sesskey(unsigned char *key) static void blowfish_sesskey(unsigned char *key)
{ {
blowfish_setkey(&ectx, key, SSH_SESSION_KEY_LENGTH); blowfish_setkey(&ectx, key, SSH_SESSION_KEY_LENGTH);
@ -413,6 +437,8 @@ static void blowfish_decrypt_blk(unsigned char *blk, int len)
struct ssh_cipher ssh_blowfish = { struct ssh_cipher ssh_blowfish = {
blowfish_sesskey, blowfish_sesskey,
blowfish_csiv, blowfish_cskey,
blowfish_sciv, blowfish_sckey,
blowfish_encrypt_blk, blowfish_encrypt_blk,
blowfish_decrypt_blk, blowfish_decrypt_blk,
"blowfish-cbc", "blowfish-cbc",

54
sshdes.c
View File

@ -662,28 +662,55 @@ static void des_3cbc_decrypt(unsigned char *dest, const unsigned char *src,
des_cbc_decrypt(dest, src, len, &scheds[0]); des_cbc_decrypt(dest, src, len, &scheds[0]);
} }
static DESContext keys[3]; static DESContext cskeys[3], sckeys[3];
static void des3_cskey(unsigned char *key) {
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key+4), &cskeys[0]);
des_key_setup(GET_32BIT_MSB_FIRST(key+8),
GET_32BIT_MSB_FIRST(key+12), &cskeys[1]);
des_key_setup(GET_32BIT_MSB_FIRST(key+16),
GET_32BIT_MSB_FIRST(key+20), &cskeys[2]);
logevent("Initialised triple-DES client->server encryption");
}
static void des3_csiv(unsigned char *key) {
cskeys[0].eiv0 = GET_32BIT_MSB_FIRST(key);
cskeys[0].eiv1 = GET_32BIT_MSB_FIRST(key+4);
}
static void des3_sciv(unsigned char *key) {
sckeys[0].div0 = GET_32BIT_MSB_FIRST(key);
sckeys[0].div1 = GET_32BIT_MSB_FIRST(key+4);
}
static void des3_sckey(unsigned char *key) {
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key+4), &sckeys[0]);
des_key_setup(GET_32BIT_MSB_FIRST(key+8),
GET_32BIT_MSB_FIRST(key+12), &sckeys[1]);
des_key_setup(GET_32BIT_MSB_FIRST(key+16),
GET_32BIT_MSB_FIRST(key+20), &sckeys[2]);
logevent("Initialised triple-DES server->client encryption");
}
static void des3_sesskey(unsigned char *key) { static void des3_sesskey(unsigned char *key) {
des_key_setup(GET_32BIT_MSB_FIRST(key), des3_cskey(key);
GET_32BIT_MSB_FIRST(key+4), &keys[0]); des3_sckey(key);
des_key_setup(GET_32BIT_MSB_FIRST(key+8),
GET_32BIT_MSB_FIRST(key+12), &keys[1]);
des_key_setup(GET_32BIT_MSB_FIRST(key+16),
GET_32BIT_MSB_FIRST(key+20), &keys[2]);
logevent("Initialised triple-DES encryption");
} }
static void des3_encrypt_blk(unsigned char *blk, int len) { static void des3_encrypt_blk(unsigned char *blk, int len) {
des_3cbc_encrypt(blk, blk, len, keys); des_3cbc_encrypt(blk, blk, len, cskeys);
} }
static void des3_decrypt_blk(unsigned char *blk, int len) { static void des3_decrypt_blk(unsigned char *blk, int len) {
des_3cbc_decrypt(blk, blk, len, keys); des_3cbc_decrypt(blk, blk, len, sckeys);
} }
struct ssh_cipher ssh_3des = { struct ssh_cipher ssh_3des = {
des3_sesskey, des3_sesskey,
des3_csiv, des3_cskey,
des3_sciv, des3_sckey,
des3_encrypt_blk, des3_encrypt_blk,
des3_decrypt_blk, des3_decrypt_blk,
"3des-cbc", "3des-cbc",
@ -692,20 +719,21 @@ struct ssh_cipher ssh_3des = {
static void des_sesskey(unsigned char *key) { static void des_sesskey(unsigned char *key) {
des_key_setup(GET_32BIT_MSB_FIRST(key), des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key+4), &keys[0]); GET_32BIT_MSB_FIRST(key+4), &cskeys[0]);
logevent("Initialised single-DES encryption"); logevent("Initialised single-DES encryption");
} }
static void des_encrypt_blk(unsigned char *blk, int len) { static void des_encrypt_blk(unsigned char *blk, int len) {
des_cbc_encrypt(blk, blk, len, keys); des_cbc_encrypt(blk, blk, len, cskeys);
} }
static void des_decrypt_blk(unsigned char *blk, int len) { static void des_decrypt_blk(unsigned char *blk, int len) {
des_cbc_decrypt(blk, blk, len, keys); des_cbc_decrypt(blk, blk, len, cskeys);
} }
struct ssh_cipher ssh_des = { struct ssh_cipher ssh_des = {
des_sesskey, des_sesskey,
NULL, NULL, NULL, NULL, /* SSH 2 bits - unused */
des_encrypt_blk, des_encrypt_blk,
des_decrypt_blk, des_decrypt_blk,
"des-cbc", /* should never be used - not a valid cipher in ssh2 */ "des-cbc", /* should never be used - not a valid cipher in ssh2 */

35
sshsha.c
View File

@ -170,28 +170,39 @@ void SHA_Simple(void *p, int len, unsigned char *output) {
* HMAC wrapper on it. * HMAC wrapper on it.
*/ */
static SHA_State sha1_mac_s1, sha1_mac_s2; static SHA_State sha1_cs_mac_s1, sha1_cs_mac_s2;
static SHA_State sha1_sc_mac_s1, sha1_sc_mac_s2;
static void sha1_sesskey(unsigned char *key, int len) { static void sha1_key(SHA_State *s1, SHA_State *s2,
unsigned char *key, int len) {
unsigned char foo[64]; unsigned char foo[64];
int i; int i;
memset(foo, 0x36, 64); memset(foo, 0x36, 64);
for (i = 0; i < len && i < 64; i++) for (i = 0; i < len && i < 64; i++)
foo[i] ^= key[i]; foo[i] ^= key[i];
SHA_Init(&sha1_mac_s1); SHA_Init(s1);
SHA_Bytes(&sha1_mac_s1, foo, 64); SHA_Bytes(s1, foo, 64);
memset(foo, 0x5C, 64); memset(foo, 0x5C, 64);
for (i = 0; i < len && i < 64; i++) for (i = 0; i < len && i < 64; i++)
foo[i] ^= key[i]; foo[i] ^= key[i];
SHA_Init(&sha1_mac_s2); SHA_Init(s2);
SHA_Bytes(&sha1_mac_s2, foo, 64); SHA_Bytes(s2, foo, 64);
memset(foo, 0, 64); /* burn the evidence */ memset(foo, 0, 64); /* burn the evidence */
} }
static void sha1_do_hmac(unsigned char *blk, int len, unsigned long seq, static void sha1_cskey(unsigned char *key) {
sha1_key(&sha1_cs_mac_s1, &sha1_cs_mac_s2, key, 20);
}
static void sha1_sckey(unsigned char *key) {
sha1_key(&sha1_sc_mac_s1, &sha1_sc_mac_s2, key, 20);
}
static void sha1_do_hmac(SHA_State *s1, SHA_State *s2,
unsigned char *blk, int len, unsigned long seq,
unsigned char *hmac) { unsigned char *hmac) {
SHA_State s; SHA_State s;
unsigned char intermediate[20]; unsigned char intermediate[20];
@ -201,27 +212,27 @@ static void sha1_do_hmac(unsigned char *blk, int len, unsigned long seq,
intermediate[2] = (unsigned char)((seq >> 8) & 0xFF); intermediate[2] = (unsigned char)((seq >> 8) & 0xFF);
intermediate[3] = (unsigned char)((seq ) & 0xFF); intermediate[3] = (unsigned char)((seq ) & 0xFF);
s = sha1_mac_s1; /* structure copy */ s = *s1; /* structure copy */
SHA_Bytes(&s, intermediate, 4); SHA_Bytes(&s, intermediate, 4);
SHA_Bytes(&s, blk, len); SHA_Bytes(&s, blk, len);
SHA_Final(&s, intermediate); SHA_Final(&s, intermediate);
s = sha1_mac_s2; /* structure copy */ s = *s2; /* structure copy */
SHA_Bytes(&s, intermediate, 20); SHA_Bytes(&s, intermediate, 20);
SHA_Final(&s, hmac); SHA_Final(&s, hmac);
} }
static void sha1_generate(unsigned char *blk, int len, unsigned long seq) { static void sha1_generate(unsigned char *blk, int len, unsigned long seq) {
sha1_do_hmac(blk, len, seq, blk+len); sha1_do_hmac(&sha1_cs_mac_s1, &sha1_cs_mac_s2, blk, len, seq, blk+len);
} }
static int sha1_verify(unsigned char *blk, int len, unsigned long seq) { static int sha1_verify(unsigned char *blk, int len, unsigned long seq) {
unsigned char correct[20]; unsigned char correct[20];
sha1_do_hmac(blk, len, seq, correct); sha1_do_hmac(&sha1_sc_mac_s1, &sha1_sc_mac_s2, blk, len, seq, correct);
return !memcmp(correct, blk+len, 20); return !memcmp(correct, blk+len, 20);
} }
struct ssh_mac ssh_sha1 = { struct ssh_mac ssh_sha1 = {
sha1_sesskey, sha1_cskey, sha1_sckey,
sha1_generate, sha1_generate,
sha1_verify, sha1_verify,
"hmac-sha1", "hmac-sha1",