From 033b4cef1e52d65786b00df47f57361b96ca4321 Mon Sep 17 00:00:00 2001 From: simon Date: Wed, 6 Sep 2000 09:55:32 +0000 Subject: [PATCH] SSH2 transport layer now enables encryption and MAC successfully for 3DES git-svn-id: svn://svn.tartarus.org/sgt/putty@571 cda61777-01e9-0310-a592-d414129be87e --- ssh.c | 21 +++++++++++++----- sshdes.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- sshsha.c | 29 +++++++++++++++++++++++++ 3 files changed, 118 insertions(+), 7 deletions(-) diff --git a/ssh.c b/ssh.c index 8a483f8b..d327471c 100644 --- a/ssh.c +++ b/ssh.c @@ -88,11 +88,12 @@ enum { PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR }; #define crWaitUntil(c) do { crReturn(0); } while (!(c)) extern struct ssh_cipher ssh_3des; +extern struct ssh_cipher ssh_3des_ssh2; extern struct ssh_cipher ssh_des; extern struct ssh_cipher ssh_blowfish; /* for ssh 2; we miss out single-DES because it isn't supported */ -struct ssh_cipher *ciphers[] = { &ssh_3des, &ssh_blowfish }; +struct ssh_cipher *ciphers[] = { &ssh_3des_ssh2, &ssh_blowfish }; extern struct ssh_kex ssh_diffiehellman; struct ssh_kex *kex_algs[] = { &ssh_diffiehellman }; @@ -408,8 +409,9 @@ next_packet: /* * Check the MAC. */ - if (scmac && !scmac->verify(pktin.data, incoming_sequence++, len+4)) + if (scmac && !scmac->verify(pktin.data, len+4, incoming_sequence)) fatalbox("Incorrect MAC received on packet"); + incoming_sequence++; /* whether or not we MACed */ pktin.savedpos = 6; pktin.type = pktin.data[5]; @@ -1207,7 +1209,7 @@ void ssh2_pkt_addmp(Bignum b) { } void ssh2_pkt_send(void) { int cipherblk, maclen, padding, i; - unsigned long outgoing_sequence = 0; + static unsigned long outgoing_sequence = 0; /* * Add padding. At least four bytes, and must also bring total @@ -1222,8 +1224,9 @@ void ssh2_pkt_send(void) { pktout.data[pktout.length + i] = random_byte(); PUT_32BIT(pktout.data, pktout.length + padding - 4); if (csmac) - csmac->generate(pktout.data, outgoing_sequence++, - pktout.length + padding); + csmac->generate(pktout.data, pktout.length + padding, + outgoing_sequence); + outgoing_sequence++; /* whether or not we MACed */ if (cscipher) cscipher->encrypt(pktout.data, pktout.length + padding); maclen = csmac ? csmac->len : 0; @@ -1584,6 +1587,14 @@ static int do_ssh2_kex(unsigned char *in, int inlen, int ispkt) ssh2_mkkey(K, exchange_hash, 'E', keyspace); csmac->setcskey(keyspace); ssh2_mkkey(K, exchange_hash, 'F', keyspace); scmac->setsckey(keyspace); + /* + * Now we're encrypting. Send a test packet (FIXME). + */ + crWaitUntil(!ispkt); + ssh2_pkt_init(SSH2_MSG_IGNORE); + ssh2_pkt_addstring("oo-er"); + ssh2_pkt_send(); + crWaitUntil(0); crFinish(1); diff --git a/sshdes.c b/sshdes.c index 1c351576..1c82193c 100644 --- a/sshdes.c +++ b/sshdes.c @@ -1,6 +1,10 @@ #include +#include /* FIXME */ +#include /* FIXME */ +#include "putty.h" /* FIXME */ #include "ssh.h" + /* des.c - implementation of DES */ @@ -655,6 +659,30 @@ static void des_3cbc_encrypt(unsigned char *dest, const unsigned char *src, des_cbc_encrypt(dest, src, len, &scheds[2]); } +static void des_cbc3_encrypt(unsigned char *dest, const unsigned char *src, + unsigned int len, DESContext *scheds) { + word32 out[2], iv0, iv1; + unsigned int i; + + assert((len & 7) == 0); + + iv0 = scheds->eiv0; + iv1 = scheds->eiv1; + for (i = 0; i < len; i += 8) { + iv0 ^= GET_32BIT_MSB_FIRST(src); src += 4; + iv1 ^= GET_32BIT_MSB_FIRST(src); src += 4; + des_encipher(out, iv0, iv1, &scheds[0]); + des_decipher(out, out[0], out[1], &scheds[1]); + des_encipher(out, out[0], out[1], &scheds[2]); + iv0 = out[0]; + iv1 = out[1]; + PUT_32BIT_MSB_FIRST(dest, iv0); dest += 4; + PUT_32BIT_MSB_FIRST(dest, iv1); dest += 4; + } + scheds->eiv0 = iv0; + scheds->eiv1 = iv1; +} + static void des_3cbc_decrypt(unsigned char *dest, const unsigned char *src, unsigned int len, DESContext *scheds) { des_cbc_decrypt(dest, src, len, &scheds[2]); @@ -662,6 +690,32 @@ static void des_3cbc_decrypt(unsigned char *dest, const unsigned char *src, des_cbc_decrypt(dest, src, len, &scheds[0]); } +static void des_cbc3_decrypt(unsigned char *dest, const unsigned char *src, + unsigned int len, DESContext *scheds) { + word32 out[2], iv0, iv1, xL, xR; + unsigned int i; + + assert((len & 7) == 0); + + iv0 = scheds->div0; + iv1 = scheds->div1; + for (i = 0; i < len; i += 8) { + xL = GET_32BIT_MSB_FIRST(src); src += 4; + xR = GET_32BIT_MSB_FIRST(src); src += 4; + des_decipher(out, xL, xR, &scheds[2]); + des_encipher(out, out[0], out[1], &scheds[1]); + des_decipher(out, out[0], out[1], &scheds[0]); + iv0 ^= out[0]; + iv1 ^= out[1]; + PUT_32BIT_MSB_FIRST(dest, iv0); dest += 4; + PUT_32BIT_MSB_FIRST(dest, iv1); dest += 4; + iv0 = xL; + iv1 = xR; + } + scheds->div0 = iv0; + scheds->div1 = iv1; +} + static DESContext cskeys[3], sckeys[3]; static void des3_cskey(unsigned char *key) { @@ -707,10 +761,27 @@ static void des3_decrypt_blk(unsigned char *blk, int len) { des_3cbc_decrypt(blk, blk, len, sckeys); } -struct ssh_cipher ssh_3des = { - des3_sesskey, +static void des3_ssh2_encrypt_blk(unsigned char *blk, int len) { + des_cbc3_encrypt(blk, blk, len, cskeys); +} + +static void des3_ssh2_decrypt_blk(unsigned char *blk, int len) { + des_cbc3_decrypt(blk, blk, len, sckeys); +} + +struct ssh_cipher ssh_3des_ssh2 = { + NULL, des3_csiv, des3_cskey, des3_sciv, des3_sckey, + des3_ssh2_encrypt_blk, + des3_ssh2_decrypt_blk, + "3des-cbc", + 8 +}; + +struct ssh_cipher ssh_3des = { + des3_sesskey, + NULL, NULL, NULL, NULL, des3_encrypt_blk, des3_decrypt_blk, "3des-cbc", diff --git a/sshsha.c b/sshsha.c index d47b1be9..7c10a9a7 100644 --- a/sshsha.c +++ b/sshsha.c @@ -1,3 +1,7 @@ +#include /* FIXME */ +#include /* FIXME */ +#include "putty.h" /* FIXME */ + /* * SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is * also used as a `stirring' function for the PuTTY random number @@ -177,6 +181,11 @@ static void sha1_key(SHA_State *s1, SHA_State *s2, unsigned char *key, int len) { unsigned char foo[64]; int i; + {int j; + debug(("Key supplied is:\r\n")); + for (j=0; j