[u/mdw/putty] / mscrypto.c

#define _WIN32_WINNT 0x0400
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <wincrypt.h>
#include "ssh.h"

void fatalbox(char *fmt, ...);

static HCRYPTKEY create_des_key(unsigned char *key);


HCRYPTPROV hCryptProv;
HCRYPTKEY hDESKey[2][3] = { {0, 0, 0}, {0, 0, 0} };	/* global for now */


/* use Microsoft Enhanced Cryptographic Service Provider */
#define CSP MS_ENHANCED_PROV


static BYTE PrivateKeyWithExponentOfOne[] = {
    0x07, 0x02, 0x00, 0x00, 0x00, 0xA4, 0x00, 0x00,
    0x52, 0x53, 0x41, 0x32, 0x00, 0x02, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00, 0xAB, 0xEF, 0xFA, 0xC6,
    0x7D, 0xE8, 0xDE, 0xFB, 0x68, 0x38, 0x09, 0x92,
    0xD9, 0x42, 0x7E, 0x6B, 0x89, 0x9E, 0x21, 0xD7,
    0x52, 0x1C, 0x99, 0x3C, 0x17, 0x48, 0x4E, 0x3A,
    0x44, 0x02, 0xF2, 0xFA, 0x74, 0x57, 0xDA, 0xE4,
    0xD3, 0xC0, 0x35, 0x67, 0xFA, 0x6E, 0xDF, 0x78,
    0x4C, 0x75, 0x35, 0x1C, 0xA0, 0x74, 0x49, 0xE3,
    0x20, 0x13, 0x71, 0x35, 0x65, 0xDF, 0x12, 0x20,
    0xF5, 0xF5, 0xF5, 0xC1, 0xED, 0x5C, 0x91, 0x36,
    0x75, 0xB0, 0xA9, 0x9C, 0x04, 0xDB, 0x0C, 0x8C,
    0xBF, 0x99, 0x75, 0x13, 0x7E, 0x87, 0x80, 0x4B,
    0x71, 0x94, 0xB8, 0x00, 0xA0, 0x7D, 0xB7, 0x53,
    0xDD, 0x20, 0x63, 0xEE, 0xF7, 0x83, 0x41, 0xFE,
    0x16, 0xA7, 0x6E, 0xDF, 0x21, 0x7D, 0x76, 0xC0,
    0x85, 0xD5, 0x65, 0x7F, 0x00, 0x23, 0x57, 0x45,
    0x52, 0x02, 0x9D, 0xEA, 0x69, 0xAC, 0x1F, 0xFD,
    0x3F, 0x8C, 0x4A, 0xD0,

    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

    0x64, 0xD5, 0xAA, 0xB1,
    0xA6, 0x03, 0x18, 0x92, 0x03, 0xAA, 0x31, 0x2E,
    0x48, 0x4B, 0x65, 0x20, 0x99, 0xCD, 0xC6, 0x0C,
    0x15, 0x0C, 0xBF, 0x3E, 0xFF, 0x78, 0x95, 0x67,
    0xB1, 0x74, 0x5B, 0x60,

    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};


/* ---------------------------------------------------------*
 * Utility functions                                        *
 * ---------------------------------------------------------*/


int crypto_startup()
{
    if (CryptAcquireContext(&hCryptProv, "Putty", CSP, PROV_RSA_FULL,
			    CRYPT_NEWKEYSET) == 0) {
	if (GetLastError() == NTE_EXISTS) {
	    if (CryptAcquireContext(&hCryptProv, "Putty", CSP,
				    PROV_RSA_FULL, 0) == 0) {
		return FALSE;	       /* failed to acquire context - probably
				        * don't have high encryption installed! */
	    }
	} else
	    return FALSE;	       /* failed to acquire context - probably
				        * don't have high encryption installed! */
    }
    return TRUE;
}


void crypto_wrapup()
{
    int i, j;
    for (i = 0; i < 2; i++) {
	for (j = 0; j < 3; j++) {
	    if (hDESKey[i][j])
		CryptDestroyKey(hDESKey[i][j]);
	    hDESKey[i][j] = 0;
	}
    }
    if (hCryptProv)
	CryptReleaseContext(hCryptProv, 0);
    hCryptProv = 0;
}


/* ---------------------------------------------------------*
 * Random number functions                                  *
 * ---------------------------------------------------------*/

int random_byte(void)
{
    unsigned char b;
    if (!CryptGenRandom(hCryptProv, 1, &b))
	fatalbox("random number generator failure!");
    return b;
}

void random_add_noise(void *noise, int length)
{
    /* do nothing */
}
void random_init(void)
{
    /* do nothing */
}
void random_get_savedata(void **data, int *len)
{
    /* do nothing */
}
void noise_get_heavy(void (*func) (void *, int))
{
    /* do nothing */
}
void noise_get_light(void (*func) (void *, int))
{
    /* do nothing */
}
void noise_ultralight(DWORD data)
{
    /* do nothing */
}
void random_save_seed(void)
{
    /* do nothing */
}


/* ---------------------------------------------------------*
 * MD5 hash functions                                       *
 * ---------------------------------------------------------*/


void MD5Init(struct MD5Context *ctx)
{
    if (!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx->hHash))
	fatalbox("Error during CryptBeginHash!\n");
}


void MD5Update(struct MD5Context *ctx,
	       unsigned char const *buf, unsigned len)
{
    if (CryptHashData(ctx->hHash, buf, len, 0) == 0)
	fatalbox("Error during CryptHashSessionKey!\n");
}


void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
{
    DWORD cb = 16;
    if (CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &cb, 0) == 0)
	fatalbox("Error during CryptGetHashParam!\n");
    if (ctx->hHash)
	CryptDestroyHash(ctx->hHash);
    ctx->hHash = 0;
}


/* ---------------------------------------------------------*
 * RSA public key functions                                 *
 * ---------------------------------------------------------*/

int makekey(unsigned char *data, struct RSAKey *result,
	    unsigned char **keystr)
{

    unsigned char *p = data;
    int i;
    int w, b;

    /* get size (bits) of modulus */
    result->bits = 0;
    for (i = 0; i < 4; i++)
	result->bits = (result->bits << 8) + *p++;

    /* get size (bits) of public exponent */
    w = 0;
    for (i = 0; i < 2; i++)
	w = (w << 8) + *p++;
    b = (w + 7) / 8;		       /* bits -> bytes */

    /* convert exponent to DWORD */
    result->exponent = 0;
    for (i = 0; i < b; i++)
	result->exponent = (result->exponent << 8) + *p++;

    /* get size (bits) of modulus */
    w = 0;
    for (i = 0; i < 2; i++)
	w = (w << 8) + *p++;
    result->bytes = b = (w + 7) / 8;   /* bits -> bytes */

    /* allocate buffer for modulus & copy it */
    result->modulus = malloc(b);
    memcpy(result->modulus, p, b);

    /* update callers pointer */
    if (keystr)
	*keystr = p;		       /* point at key string, second time */

    return (p - data) + b;
}


void rsaencrypt(unsigned char *data, int length, struct RSAKey *rsakey)
{

    int i;
    unsigned char *pKeybuf, *pKeyin;
    HCRYPTKEY hRsaKey;
    PUBLICKEYSTRUC *pBlob;
    RSAPUBKEY *pRPK;
    unsigned char *buf;
    DWORD dlen;
    DWORD bufsize;

    /* allocate buffer for public key blob */
    if ((pBlob = malloc(sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) +
			rsakey->bytes)) == NULL)
	fatalbox("Out of memory");

    /* allocate buffer for message encryption block */
    bufsize = (length + rsakey->bytes) << 1;
    if ((buf = malloc(bufsize)) == NULL)
	fatalbox("Out of memory");

    /* construct public key blob from host public key */
    pKeybuf = ((unsigned char *) pBlob) + sizeof(PUBLICKEYSTRUC) +
	sizeof(RSAPUBKEY);
    pKeyin = ((unsigned char *) rsakey->modulus);
    /* change big endian to little endian */
    for (i = 0; i < rsakey->bytes; i++)
	pKeybuf[i] = pKeyin[rsakey->bytes - i - 1];
    pBlob->bType = PUBLICKEYBLOB;
    pBlob->bVersion = 0x02;
    pBlob->reserved = 0;
    pBlob->aiKeyAlg = CALG_RSA_KEYX;
    pRPK =
	(RSAPUBKEY *) (((unsigned char *) pBlob) + sizeof(PUBLICKEYSTRUC));
    pRPK->magic = 0x31415352;	       /* "RSA1" */
    pRPK->bitlen = rsakey->bits;
    pRPK->pubexp = rsakey->exponent;

    /* import public key blob into key container */
    if (CryptImportKey(hCryptProv, (void *) pBlob,
		       sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) +
		       rsakey->bytes, 0, 0, &hRsaKey) == 0)
	fatalbox("Error importing RSA key!");

    /* copy message into buffer */
    memcpy(buf, data, length);
    dlen = length;

    /* using host public key, encrypt the message */
    if (CryptEncrypt(hRsaKey, 0, TRUE, 0, buf, &dlen, bufsize) == 0)
	fatalbox("Error encrypting using RSA key!");

    /*
     * For some strange reason, Microsoft CryptEncrypt using public
     * key, returns the cyphertext in backwards (little endian)
     * order, so reverse it!
     */
    for (i = 0; i < (int) dlen; i++)
	data[i] = buf[dlen - i - 1];   /* make it big endian */

    CryptDestroyKey(hRsaKey);
    free(buf);
    free(pBlob);

}


int rsastr_len(struct RSAKey *key)
{
    return 2 * (sizeof(DWORD) + key->bytes) + 10;
}


void rsastr_fmt(char *str, struct RSAKey *key)
{

    int len = 0, i;

    sprintf(str + len, "%04x", key->exponent);
    len += strlen(str + len);

    str[len++] = '/';
    for (i = 1; i < key->bytes; i++) {
	sprintf(str + len, "%02x", key->modulus[i]);
	len += strlen(str + len);
    }
    str[len] = '\0';
}


/* ---------------------------------------------------------*
 * DES encryption / decryption functions                    *
 * ---------------------------------------------------------*/


void des3_sesskey(unsigned char *key)
{
    int i, j;
    for (i = 0; i < 2; i++) {
	for (j = 0; j < 3; j++) {
	    hDESKey[i][j] = create_des_key(key + (j * 8));
	}
    }
}


void des3_encrypt_blk(unsigned char *blk, int len)
{

    DWORD dlen;
    dlen = len;

    if (CryptEncrypt(hDESKey[0][0], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
	fatalbox("Error encrypting block!\n");
    if (CryptDecrypt(hDESKey[0][1], 0, FALSE, 0, blk, &dlen) == 0)
	fatalbox("Error encrypting block!\n");
    if (CryptEncrypt(hDESKey[0][2], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
	fatalbox("Error encrypting block!\n");
}


void des3_decrypt_blk(unsigned char *blk, int len)
{
    DWORD dlen;
    dlen = len;

    if (CryptDecrypt(hDESKey[1][2], 0, FALSE, 0, blk, &dlen) == 0)
	fatalbox("Error decrypting block!\n");
    if (CryptEncrypt(hDESKey[1][1], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
	fatalbox("Error decrypting block!\n");
    if (CryptDecrypt(hDESKey[1][0], 0, FALSE, 0, blk, &dlen) == 0)
	fatalbox("Error decrypting block!\n");
}


struct ssh_cipher ssh_3des = {
    des3_sesskey,
    des3_encrypt_blk,
    des3_decrypt_blk
};


void des_sesskey(unsigned char *key)
{
    int i;
    for (i = 0; i < 2; i++) {
	hDESKey[i][0] = create_des_key(key);
    }
}


void des_encrypt_blk(unsigned char *blk, int len)
{
    DWORD dlen;
    dlen = len;
    if (CryptEncrypt(hDESKey[0][0], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
	fatalbox("Error encrypting block!\n");
}


void des_decrypt_blk(unsigned char *blk, int len)
{
    DWORD dlen;
    dlen = len;
    if (CryptDecrypt(hDESKey[1][0], 0, FALSE, 0, blk, &dlen) == 0)
	fatalbox("Error decrypting block!\n");
}

struct ssh_cipher ssh_des = {
    des_sesskey,
    des_encrypt_blk,
    des_decrypt_blk
};


static HCRYPTKEY create_des_key(unsigned char *key)
{

    HCRYPTKEY hSessionKey, hPrivateKey;
    DWORD dlen = 8;
    BLOBHEADER *pbh;
    char buf[sizeof(BLOBHEADER) + sizeof(ALG_ID) + 256];

    /*
     * Need special private key to encrypt session key so we can
     * import session key, since only encrypted session keys can be
     * imported
     */
    if (CryptImportKey(hCryptProv, PrivateKeyWithExponentOfOne,
		       sizeof(PrivateKeyWithExponentOfOne),
		       0, 0, &hPrivateKey) == 0)
	return 0;

    /* now encrypt session key using special private key */
    memcpy(buf + sizeof(BLOBHEADER) + sizeof(ALG_ID), key, 8);
    if (CryptEncrypt(hPrivateKey, 0, TRUE, 0,
		     buf + sizeof(BLOBHEADER) + sizeof(ALG_ID),
		     &dlen, 256) == 0)
	return 0;

    /* build session key blob */
    pbh = (BLOBHEADER *) buf;
    pbh->bType = SIMPLEBLOB;
    pbh->bVersion = 0x02;
    pbh->reserved = 0;
    pbh->aiKeyAlg = CALG_DES;
    *((ALG_ID *) (buf + sizeof(BLOBHEADER))) = CALG_RSA_KEYX;

    /* import session key into key container */
    if (CryptImportKey(hCryptProv, buf,
		       dlen + sizeof(BLOBHEADER) + sizeof(ALG_ID),
		       hPrivateKey, 0, &hSessionKey) == 0)
	return 0;

    if (hPrivateKey)
	CryptDestroyKey(hPrivateKey);

    return hSessionKey;

}
Commit	Line	Data
8f203108	1	#define _WIN32_WINNT 0x0400
	2	#include <windows.h>
	3	#include <stdio.h>
	4	#include <stdlib.h>
	5	#include <wincrypt.h>
	6	#include "ssh.h"
	7
	8	void fatalbox(char *fmt, ...);
	9
	10	static HCRYPTKEY create_des_key(unsigned char *key);
	11
	12
	13	HCRYPTPROV hCryptProv;
32874aea	14	HCRYPTKEY hDESKey[2][3] = { {0, 0, 0}, {0, 0, 0} }; /* global for now */
8f203108	15
	16
	17	/* use Microsoft Enhanced Cryptographic Service Provider */
	18	#define CSP MS_ENHANCED_PROV
	19
	20
32874aea	21	static BYTE PrivateKeyWithExponentOfOne[] = {
8f203108	22	0x07, 0x02, 0x00, 0x00, 0x00, 0xA4, 0x00, 0x00,
	23	0x52, 0x53, 0x41, 0x32, 0x00, 0x02, 0x00, 0x00,
	24	0x01, 0x00, 0x00, 0x00, 0xAB, 0xEF, 0xFA, 0xC6,
	25	0x7D, 0xE8, 0xDE, 0xFB, 0x68, 0x38, 0x09, 0x92,
	26	0xD9, 0x42, 0x7E, 0x6B, 0x89, 0x9E, 0x21, 0xD7,
	27	0x52, 0x1C, 0x99, 0x3C, 0x17, 0x48, 0x4E, 0x3A,
	28	0x44, 0x02, 0xF2, 0xFA, 0x74, 0x57, 0xDA, 0xE4,
	29	0xD3, 0xC0, 0x35, 0x67, 0xFA, 0x6E, 0xDF, 0x78,
	30	0x4C, 0x75, 0x35, 0x1C, 0xA0, 0x74, 0x49, 0xE3,
	31	0x20, 0x13, 0x71, 0x35, 0x65, 0xDF, 0x12, 0x20,
	32	0xF5, 0xF5, 0xF5, 0xC1, 0xED, 0x5C, 0x91, 0x36,
	33	0x75, 0xB0, 0xA9, 0x9C, 0x04, 0xDB, 0x0C, 0x8C,
	34	0xBF, 0x99, 0x75, 0x13, 0x7E, 0x87, 0x80, 0x4B,
	35	0x71, 0x94, 0xB8, 0x00, 0xA0, 0x7D, 0xB7, 0x53,
	36	0xDD, 0x20, 0x63, 0xEE, 0xF7, 0x83, 0x41, 0xFE,
	37	0x16, 0xA7, 0x6E, 0xDF, 0x21, 0x7D, 0x76, 0xC0,
	38	0x85, 0xD5, 0x65, 0x7F, 0x00, 0x23, 0x57, 0x45,
	39	0x52, 0x02, 0x9D, 0xEA, 0x69, 0xAC, 0x1F, 0xFD,
	40	0x3F, 0x8C, 0x4A, 0xD0,
	41
	42	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	43	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	44	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	45	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	46
	47	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	48	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	49	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	50	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	51
	52	0x64, 0xD5, 0xAA, 0xB1,
	53	0xA6, 0x03, 0x18, 0x92, 0x03, 0xAA, 0x31, 0x2E,
	54	0x48, 0x4B, 0x65, 0x20, 0x99, 0xCD, 0xC6, 0x0C,
	55	0x15, 0x0C, 0xBF, 0x3E, 0xFF, 0x78, 0x95, 0x67,
	56	0xB1, 0x74, 0x5B, 0x60,
	57
	58	0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	59	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	60	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	61	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	62	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	63	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	64	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	65	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	66	};
	67
	68
	69
	70	/* ---------------------------------------------------------*
	71	* Utility functions *
	72	* ---------------------------------------------------------*/
	73
	74
32874aea	75	int crypto_startup()
	76	{
	77	if (CryptAcquireContext(&hCryptProv, "Putty", CSP, PROV_RSA_FULL,
	78	CRYPT_NEWKEYSET) == 0) {
	79	if (GetLastError() == NTE_EXISTS) {
	80	if (CryptAcquireContext(&hCryptProv, "Putty", CSP,
	81	PROV_RSA_FULL, 0) == 0) {
	82	return FALSE; /* failed to acquire context - probably
	83	* don't have high encryption installed! */
8f203108	84	}
8f203108	85	} else
32874aea	86	return FALSE; /* failed to acquire context - probably
32874aea	87	* don't have high encryption installed! */
8f203108	88	}
	89	return TRUE;
	90	}
	91
	92
32874aea	93	void crypto_wrapup()
32874aea	94	{
8f203108	95	int i, j;
32874aea	96	for (i = 0; i < 2; i++) {
	97	for (j = 0; j < 3; j++) {
	98	if (hDESKey[i][j])
8f203108	99	CryptDestroyKey(hDESKey[i][j]);
	100	hDESKey[i][j] = 0;
	101	}
	102	}
32874aea	103	if (hCryptProv)
8f203108	104	CryptReleaseContext(hCryptProv, 0);
	105	hCryptProv = 0;
	106	}
	107
	108
	109	/* ---------------------------------------------------------*
	110	* Random number functions *
	111	* ---------------------------------------------------------*/
	112
32874aea	113	int random_byte(void)
32874aea	114	{
8f203108	115	unsigned char b;
32874aea	116	if (!CryptGenRandom(hCryptProv, 1, &b))
8f203108	117	fatalbox("random number generator failure!");
	118	return b;
	119	}
	120
32874aea	121	void random_add_noise(void *noise, int length)
32874aea	122	{
8f203108	123	/* do nothing */
8f203108	124	}
32874aea	125	void random_init(void)
32874aea	126	{
8f203108	127	/* do nothing */
8f203108	128	}
32874aea	129	void random_get_savedata(void *data, int len)
32874aea	130	{
8f203108	131	/* do nothing */
8f203108	132	}
32874aea	133	void noise_get_heavy(void (func) (void , int))
32874aea	134	{
8f203108	135	/* do nothing */
8f203108	136	}
32874aea	137	void noise_get_light(void (func) (void , int))
32874aea	138	{
8f203108	139	/* do nothing */
8f203108	140	}
32874aea	141	void noise_ultralight(DWORD data)
32874aea	142	{
8f203108	143	/* do nothing */
8f203108	144	}
32874aea	145	void random_save_seed(void)
32874aea	146	{
8f203108	147	/* do nothing */
	148	}
	149
	150
	151	/* ---------------------------------------------------------*
	152	* MD5 hash functions *
	153	* ---------------------------------------------------------*/
	154
	155
32874aea	156	void MD5Init(struct MD5Context *ctx)
	157	{
	158	if (!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &ctx->hHash))
8f203108	159	fatalbox("Error during CryptBeginHash!\n");
	160	}
	161
	162
	163	void MD5Update(struct MD5Context *ctx,
32874aea	164	unsigned char const *buf, unsigned len)
	165	{
	166	if (CryptHashData(ctx->hHash, buf, len, 0) == 0)
8f203108	167	fatalbox("Error during CryptHashSessionKey!\n");
	168	}
	169
	170
32874aea	171	void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
32874aea	172	{
8f203108	173	DWORD cb = 16;
32874aea	174	if (CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &cb, 0) == 0)
8f203108	175	fatalbox("Error during CryptGetHashParam!\n");
32874aea	176	if (ctx->hHash)
8f203108	177	CryptDestroyHash(ctx->hHash);
	178	ctx->hHash = 0;
	179	}
	180
	181
	182	/* ---------------------------------------------------------*
	183	* RSA public key functions *
	184	* ---------------------------------------------------------*/
	185
	186	int makekey(unsigned char data, struct RSAKey result,
32874aea	187	unsigned char **keystr)
32874aea	188	{
8f203108	189
	190	unsigned char *p = data;
	191	int i;
	192	int w, b;
	193
	194	/* get size (bits) of modulus */
	195	result->bits = 0;
32874aea	196	for (i = 0; i < 4; i++)
8f203108	197	result->bits = (result->bits << 8) + *p++;
	198
	199	/* get size (bits) of public exponent */
	200	w = 0;
32874aea	201	for (i = 0; i < 2; i++)
8f203108	202	w = (w << 8) + *p++;
32874aea	203	b = (w + 7) / 8; /* bits -> bytes */
8f203108	204
	205	/* convert exponent to DWORD */
	206	result->exponent = 0;
32874aea	207	for (i = 0; i < b; i++)
8f203108	208	result->exponent = (result->exponent << 8) + *p++;
	209
	210	/* get size (bits) of modulus */
	211	w = 0;
32874aea	212	for (i = 0; i < 2; i++)
8f203108	213	w = (w << 8) + *p++;
32874aea	214	result->bytes = b = (w + 7) / 8; /* bits -> bytes */
8f203108	215
	216	/* allocate buffer for modulus & copy it */
	217	result->modulus = malloc(b);
	218	memcpy(result->modulus, p, b);
	219
	220	/* update callers pointer */
32874aea	221	if (keystr)
32874aea	222	keystr = p; / point at key string, second time */
8f203108	223
	224	return (p - data) + b;
	225	}
	226
	227
32874aea	228	void rsaencrypt(unsigned char data, int length, struct RSAKey rsakey)
32874aea	229	{
8f203108	230
	231	int i;
	232	unsigned char pKeybuf, pKeyin;
	233	HCRYPTKEY hRsaKey;
	234	PUBLICKEYSTRUC *pBlob;
	235	RSAPUBKEY *pRPK;
	236	unsigned char *buf;
	237	DWORD dlen;
	238	DWORD bufsize;
	239
	240	/* allocate buffer for public key blob */
32874aea	241	if ((pBlob = malloc(sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) +
32874aea	242	rsakey->bytes)) == NULL)
8f203108	243	fatalbox("Out of memory");
	244
	245	/* allocate buffer for message encryption block */
	246	bufsize = (length + rsakey->bytes) << 1;
32874aea	247	if ((buf = malloc(bufsize)) == NULL)
8f203108	248	fatalbox("Out of memory");
	249
	250	/* construct public key blob from host public key */
32874aea	251	pKeybuf = ((unsigned char *) pBlob) + sizeof(PUBLICKEYSTRUC) +
8f203108	252	sizeof(RSAPUBKEY);
32874aea	253	pKeyin = ((unsigned char *) rsakey->modulus);
8f203108	254	/* change big endian to little endian */
32874aea	255	for (i = 0; i < rsakey->bytes; i++)
32874aea	256	pKeybuf[i] = pKeyin[rsakey->bytes - i - 1];
8f203108	257	pBlob->bType = PUBLICKEYBLOB;
	258	pBlob->bVersion = 0x02;
	259	pBlob->reserved = 0;
	260	pBlob->aiKeyAlg = CALG_RSA_KEYX;
32874aea	261	pRPK =
	262	(RSAPUBKEY ) (((unsigned char ) pBlob) + sizeof(PUBLICKEYSTRUC));
	263	pRPK->magic = 0x31415352; /* "RSA1" */
8f203108	264	pRPK->bitlen = rsakey->bits;
	265	pRPK->pubexp = rsakey->exponent;
	266
	267	/* import public key blob into key container */
32874aea	268	if (CryptImportKey(hCryptProv, (void *) pBlob,
	269	sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) +
	270	rsakey->bytes, 0, 0, &hRsaKey) == 0)
8f203108	271	fatalbox("Error importing RSA key!");
	272
	273	/* copy message into buffer */
	274	memcpy(buf, data, length);
	275	dlen = length;
	276
	277	/* using host public key, encrypt the message */
32874aea	278	if (CryptEncrypt(hRsaKey, 0, TRUE, 0, buf, &dlen, bufsize) == 0)
8f203108	279	fatalbox("Error encrypting using RSA key!");
	280
	281	/*
	282	* For some strange reason, Microsoft CryptEncrypt using public
	283	* key, returns the cyphertext in backwards (little endian)
	284	* order, so reverse it!
	285	*/
32874aea	286	for (i = 0; i < (int) dlen; i++)
32874aea	287	data[i] = buf[dlen - i - 1]; /* make it big endian */
8f203108	288
	289	CryptDestroyKey(hRsaKey);
	290	free(buf);
	291	free(pBlob);
	292
	293	}
	294
	295
32874aea	296	int rsastr_len(struct RSAKey *key)
32874aea	297	{
8f203108	298	return 2 * (sizeof(DWORD) + key->bytes) + 10;
	299	}
	300
	301
32874aea	302	void rsastr_fmt(char str, struct RSAKey key)
32874aea	303	{
8f203108	304
	305	int len = 0, i;
	306
32874aea	307	sprintf(str + len, "%04x", key->exponent);
32874aea	308	len += strlen(str + len);
8f203108	309
8f203108	310	str[len++] = '/';
32874aea	311	for (i = 1; i < key->bytes; i++) {
	312	sprintf(str + len, "%02x", key->modulus[i]);
	313	len += strlen(str + len);
8f203108	314	}
	315	str[len] = '\0';
	316	}
	317
	318
	319
	320	/* ---------------------------------------------------------*
	321	* DES encryption / decryption functions *
	322	* ---------------------------------------------------------*/
	323
	324
32874aea	325	void des3_sesskey(unsigned char *key)
32874aea	326	{
8f203108	327	int i, j;
32874aea	328	for (i = 0; i < 2; i++) {
32874aea	329	for (j = 0; j < 3; j++) {
8f203108	330	hDESKey[i][j] = create_des_key(key + (j * 8));
	331	}
	332	}
	333	}
	334
	335
32874aea	336	void des3_encrypt_blk(unsigned char *blk, int len)
32874aea	337	{
8f203108	338
	339	DWORD dlen;
	340	dlen = len;
	341
32874aea	342	if (CryptEncrypt(hDESKey[0][0], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
8f203108	343	fatalbox("Error encrypting block!\n");
32874aea	344	if (CryptDecrypt(hDESKey[0][1], 0, FALSE, 0, blk, &dlen) == 0)
8f203108	345	fatalbox("Error encrypting block!\n");
32874aea	346	if (CryptEncrypt(hDESKey[0][2], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
8f203108	347	fatalbox("Error encrypting block!\n");
	348	}
	349
	350
32874aea	351	void des3_decrypt_blk(unsigned char *blk, int len)
32874aea	352	{
8f203108	353	DWORD dlen;
	354	dlen = len;
	355
32874aea	356	if (CryptDecrypt(hDESKey[1][2], 0, FALSE, 0, blk, &dlen) == 0)
8f203108	357	fatalbox("Error decrypting block!\n");
32874aea	358	if (CryptEncrypt(hDESKey[1][1], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
8f203108	359	fatalbox("Error decrypting block!\n");
32874aea	360	if (CryptDecrypt(hDESKey[1][0], 0, FALSE, 0, blk, &dlen) == 0)
8f203108	361	fatalbox("Error decrypting block!\n");
	362	}
	363
	364
	365	struct ssh_cipher ssh_3des = {
	366	des3_sesskey,
	367	des3_encrypt_blk,
	368	des3_decrypt_blk
	369	};
	370
	371
32874aea	372	void des_sesskey(unsigned char *key)
32874aea	373	{
8f203108	374	int i;
32874aea	375	for (i = 0; i < 2; i++) {
8f203108	376	hDESKey[i][0] = create_des_key(key);
	377	}
	378	}
	379
	380
32874aea	381	void des_encrypt_blk(unsigned char *blk, int len)
32874aea	382	{
8f203108	383	DWORD dlen;
8f203108	384	dlen = len;
32874aea	385	if (CryptEncrypt(hDESKey[0][0], 0, FALSE, 0, blk, &dlen, len + 8) == 0)
8f203108	386	fatalbox("Error encrypting block!\n");
	387	}
	388
	389
32874aea	390	void des_decrypt_blk(unsigned char *blk, int len)
32874aea	391	{
8f203108	392	DWORD dlen;
8f203108	393	dlen = len;
32874aea	394	if (CryptDecrypt(hDESKey[1][0], 0, FALSE, 0, blk, &dlen) == 0)
8f203108	395	fatalbox("Error decrypting block!\n");
	396	}
	397
	398	struct ssh_cipher ssh_des = {
	399	des_sesskey,
	400	des_encrypt_blk,
	401	des_decrypt_blk
	402	};
	403
	404
32874aea	405	static HCRYPTKEY create_des_key(unsigned char *key)
32874aea	406	{
8f203108	407
	408	HCRYPTKEY hSessionKey, hPrivateKey;
	409	DWORD dlen = 8;
	410	BLOBHEADER *pbh;
	411	char buf[sizeof(BLOBHEADER) + sizeof(ALG_ID) + 256];
	412
	413	/*
	414	* Need special private key to encrypt session key so we can
	415	* import session key, since only encrypted session keys can be
	416	* imported
	417	*/
32874aea	418	if (CryptImportKey(hCryptProv, PrivateKeyWithExponentOfOne,
	419	sizeof(PrivateKeyWithExponentOfOne),
	420	0, 0, &hPrivateKey) == 0)
8f203108	421	return 0;
	422
	423	/* now encrypt session key using special private key */
	424	memcpy(buf + sizeof(BLOBHEADER) + sizeof(ALG_ID), key, 8);
32874aea	425	if (CryptEncrypt(hPrivateKey, 0, TRUE, 0,
	426	buf + sizeof(BLOBHEADER) + sizeof(ALG_ID),
	427	&dlen, 256) == 0)
8f203108	428	return 0;
	429
	430	/* build session key blob */
32874aea	431	pbh = (BLOBHEADER *) buf;
8f203108	432	pbh->bType = SIMPLEBLOB;
	433	pbh->bVersion = 0x02;
	434	pbh->reserved = 0;
	435	pbh->aiKeyAlg = CALG_DES;
32874aea	436	((ALG_ID ) (buf + sizeof(BLOBHEADER))) = CALG_RSA_KEYX;
8f203108	437
8f203108	438	/* import session key into key container */
32874aea	439	if (CryptImportKey(hCryptProv, buf,
	440	dlen + sizeof(BLOBHEADER) + sizeof(ALG_ID),
	441	hPrivateKey, 0, &hSessionKey) == 0)
8f203108	442	return 0;
8f203108	443
32874aea	444	if (hPrivateKey)
8f203108	445	CryptDestroyKey(hPrivateKey);
	446
	447	return hSessionKey;
	448
	449	}