static void des_cbc3_decrypt(unsigned char *dest, const unsigned char *src,
unsigned int len, DESContext *scheds) {
word32 out[2], iv0, iv1, xL, xR;
unsigned int i;
assert((len & 7) == 0);
iv0 = scheds->div0;
iv1 = scheds->div1;
for (i = 0; i < len; i += 8) {
xL = GET_32BIT_MSB_FIRST(src); src += 4;
xR = GET_32BIT_MSB_FIRST(src); src += 4;
des_decipher(out, xL, xR, &scheds[2]);
des_encipher(out, out[0], out[1], &scheds[1]);
des_decipher(out, out[0], out[1], &scheds[0]);
iv0 ^= out[0];
iv1 ^= out[1];
PUT_32BIT_MSB_FIRST(dest, iv0); dest += 4;
PUT_32BIT_MSB_FIRST(dest, iv1); dest += 4;
iv0 = xL;
iv1 = xR;
}
scheds->div0 = iv0;
scheds->div1 = iv1;
}
void
blowfish_decrypt_cbc(uint8 *blk, int len, BlowfishContext *ctx)
{
uint32 xL,
xR,
out[2],
iv0,
iv1;
Assert((len & 7) == 0);
iv0 = ctx->iv0;
iv1 = ctx->iv1;
while (len > 0)
{
xL = GET_32BIT_MSB_FIRST(blk);
xR = GET_32BIT_MSB_FIRST(blk + 4);
blowfish_decrypt(xL, xR, out, ctx);
iv0 ^= out[0];
iv1 ^= out[1];
PUT_32BIT_MSB_FIRST(blk, iv0);
PUT_32BIT_MSB_FIRST(blk + 4, iv1);
iv0 = xL;
iv1 = xR;
blk += 8;
len -= 8;
}
ctx->iv0 = iv0;
ctx->iv1 = iv1;
}
static void blowfish_msb_sdctr(unsigned char *blk, int len,
BlowfishContext * ctx)
{
word32 b[2], iv0, iv1, tmp;
assert((len & 7) == 0);
iv0 = ctx->iv0;
iv1 = ctx->iv1;
while (len > 0) {
blowfish_encrypt(iv0, iv1, b, ctx);
tmp = GET_32BIT_MSB_FIRST(blk);
PUT_32BIT_MSB_FIRST(blk, tmp ^ b[0]);
tmp = GET_32BIT_MSB_FIRST(blk + 4);
PUT_32BIT_MSB_FIRST(blk + 4, tmp ^ b[1]);
if ((iv1 = (iv1 + 1) & 0xffffffff) == 0)
iv0 = (iv0 + 1) & 0xffffffff;
blk += 8;
len -= 8;
}
ctx->iv0 = iv0;
ctx->iv1 = iv1;
}
bool Des::Encrypt(const char *szInput, char *szOutput)
{
int i = 0, j = 0;
int inlen = strlen(szInput);
int outlen = 0;
srand((unsigned)time(NULL));
des_key_setup(GET_32BIT_MSB_FIRST(key8),
GET_32BIT_MSB_FIRST(key8 + 4), &crkey);
unsigned char dest[MAX_LEN] = {0};
des_cbc_encrypt(dest, (unsigned char *)szInput, inlen, &crkey);
outlen = inlen % 8 ? inlen + 8 - inlen % 8 : inlen;
for(i = 0;i < outlen;i ++)
{
sprintf(szOutput, "%s%c", szOutput, map[dest[i] / 0x10][0]);
for(j = 0;j < (int)strlen(map[dest[i] / 0x10]) - 1;j ++)
sprintf(szOutput, "%s%c", szOutput, rand() % 26 + 0x41);
sprintf(szOutput, "%s%c", szOutput, map[dest[i] % 0x10][0]);
for(j = 0;j < (int)strlen(map[dest[i] % 0x10]) - 1;j ++)
sprintf(szOutput, "%s%c", szOutput, rand() % 26 + 0x41);
}
//memset(key8, 0, 8);
//memset(map, 0, 256);
return true;
}
static void blowfish_msb_encrypt_cbc(unsigned char *blk, int len,
BlowfishContext * ctx)
{
word32 xL, xR, out[2], iv0, iv1;
assert((len & 7) == 0);
iv0 = ctx->iv0;
iv1 = ctx->iv1;
while (len > 0) {
xL = GET_32BIT_MSB_FIRST(blk);
xR = GET_32BIT_MSB_FIRST(blk + 4);
iv0 ^= xL;
iv1 ^= xR;
blowfish_encrypt(iv0, iv1, out, ctx);
iv0 = out[0];
iv1 = out[1];
PUT_32BIT_MSB_FIRST(blk, iv0);
PUT_32BIT_MSB_FIRST(blk + 4, iv1);
blk += 8;
len -= 8;
}
ctx->iv0 = iv0;
ctx->iv1 = iv1;
}
void Des::des_cbc_decrypt(unsigned char *dest, const unsigned char *src, unsigned int len, DESContext *sched)
{
word32 out[2], iv0, iv1, xL, xR;
unsigned int i;
iv0 = sched->div0;
iv1 = sched->div1;
for (i = 0; i < len; i += 8) {
xL = GET_32BIT_MSB_FIRST(src);
src += 4;
xR = GET_32BIT_MSB_FIRST(src);
src += 4;
des_decipher(out, xL, xR, sched);
iv0 ^= out[0];
iv1 ^= out[1];
PUT_32BIT_MSB_FIRST(dest, iv0);
dest += 4;
PUT_32BIT_MSB_FIRST(dest, iv1);
dest += 4;
iv0 = xL;
iv1 = xR;
}
sched->div0 = iv0;
sched->div1 = iv1;
}
/* Functions called by dyncrypt */
void des_set_key(des_context *ctx, CHAR8 key)
{
DESContext *sched = ctx->sched;
word32 kL, kR;
kL = GET_32BIT_MSB_FIRST(key);
kR = GET_32BIT_MSB_FIRST(key+4);
des_key_setup(kL, kR, &sched[0]);
}
void des_decrypt(des_context *ctx, CHAR8 input, CHAR8 output)
{
DESContext *sched = ctx->sched;
word32 out[2], xL, xR;
xL = GET_32BIT_MSB_FIRST(input);
xR = GET_32BIT_MSB_FIRST(input+4);
des_decipher(out, xL, xR, sched);
PUT_32BIT_MSB_FIRST(output, out[0]);
PUT_32BIT_MSB_FIRST(output+4, out[1]);
}
static char *x11_verify(unsigned long peer_ip, int peer_port,
struct X11Auth *auth, char *proto,
unsigned char *data, int dlen)
{
if (strcmp(proto, x11_authnames[auth->fakeproto]) != 0)
return "wrong authentication protocol attempted";
if (auth->fakeproto == X11_MIT) {
if (dlen != auth->fakelen)
return "MIT-MAGIC-COOKIE-1 data was wrong length";
if (memcmp(auth->fakedata, data, dlen) != 0)
return "MIT-MAGIC-COOKIE-1 data did not match";
}
if (auth->fakeproto == X11_XDM) {
unsigned long t;
time_t tim;
int i;
struct XDMSeen *seen, *ret;
if (dlen != 24)
return "XDM-AUTHORIZATION-1 data was wrong length";
if (peer_port == -1)
return "cannot do XDM-AUTHORIZATION-1 without remote address data";
des_decrypt_xdmauth(auth->fakedata+9, data, 24);
if (memcmp(auth->fakedata, data, 8) != 0)
return "XDM-AUTHORIZATION-1 data failed check"; /* cookie wrong */
if (GET_32BIT_MSB_FIRST(data+8) != peer_ip)
return "XDM-AUTHORIZATION-1 data failed check"; /* IP wrong */
if ((int)GET_16BIT_MSB_FIRST(data+12) != peer_port)
return "XDM-AUTHORIZATION-1 data failed check"; /* port wrong */
t = GET_32BIT_MSB_FIRST(data+14);
for (i = 18; i < 24; i++)
if (data[i] != 0) /* zero padding wrong */
return "XDM-AUTHORIZATION-1 data failed check";
tim = time(NULL);
if (abs(t - tim) > XDM_MAXSKEW)
return "XDM-AUTHORIZATION-1 time stamp was too far out";
seen = snew(struct XDMSeen);
seen->time = t;
memcpy(seen->clientid, data+8, 6);
assert(auth->xdmseen != NULL);
ret = add234(auth->xdmseen, seen);
if (ret != seen) {
sfree(seen);
return "XDM-AUTHORIZATION-1 data replayed";
}
/* While we're here, purge entries too old to be replayed. */
for (;;) {
seen = index234(auth->xdmseen, 0);
assert(seen != NULL);
if (t - seen->time <= XDM_MAXSKEW)
break;
sfree(delpos234(auth->xdmseen, 0));
}
}
void des3_set_2keys(des3_context *ctx, CHAR8 k1, CHAR8 k2)
{
DESContext *sched = ctx->sched;
word32 kL, kR;
kL = GET_32BIT_MSB_FIRST(k1);
kR = GET_32BIT_MSB_FIRST(k1+4);
des_key_setup(kL, kR, &sched[0]);
des_key_setup(kL, kR, &sched[2]);
kL = GET_32BIT_MSB_FIRST(k2);
kR = GET_32BIT_MSB_FIRST(k2+4);
des_key_setup(kL, kR, &sched[1]);
}
void
blowfish_decrypt_ecb(uint8 *blk, int len, BlowfishContext *ctx)
{
uint32 xL,
xR,
out[2];
Assert((len & 7) == 0);
while (len > 0)
{
xL = GET_32BIT_MSB_FIRST(blk);
xR = GET_32BIT_MSB_FIRST(blk + 4);
blowfish_decrypt(xL, xR, out, ctx);
PUT_32BIT_MSB_FIRST(blk, out[0]);
PUT_32BIT_MSB_FIRST(blk + 4, out[1]);
blk += 8;
len -= 8;
}
}
static void des_cbc_encrypt(unsigned char *dest, const unsigned char *src,
unsigned int len, DESContext *sched) {
word32 out[2], iv0, iv1;
unsigned int i;
assert((len & 7) == 0);
iv0 = sched->eiv0;
iv1 = sched->eiv1;
for (i = 0; i < len; i += 8) {
iv0 ^= GET_32BIT_MSB_FIRST(src); src += 4;
iv1 ^= GET_32BIT_MSB_FIRST(src); src += 4;
des_encipher(out, iv0, iv1, sched);
iv0 = out[0];
iv1 = out[1];
PUT_32BIT_MSB_FIRST(dest, iv0); dest += 4;
PUT_32BIT_MSB_FIRST(dest, iv1); dest += 4;
}
sched->eiv0 = iv0;
sched->eiv1 = iv1;
}
bool Des::Decrypt(const char *szInput, char *szOutput)
{
int i = 0;
int inlen = strlen(szInput);
int datalen = 0;
if(inlen <= 8 || inlen > 512)
return false;
i = 0;
char src[MAX_LEN] = {0};
while(i < inlen)
{
int len = 0;
int hi = map_index(szInput[i], len);
i += len;
int lo = map_index(szInput[i], len);
i += len;
if(hi == 99 || lo == 99)
return false;
src[datalen++] = hi * 0x10 + lo;
}
des_key_setup(GET_32BIT_MSB_FIRST(key8),
GET_32BIT_MSB_FIRST(key8 + 4), &crkey);
unsigned char dest[256] = {0};
des_cbc_decrypt(dest, (unsigned char *)src, datalen, &crkey);
sprintf(szOutput, "%s", dest);
//memset(key, 0, 8);
//memset(map, 0, 256);
return true;
}
static void des3_sckey(unsigned char *key) {
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key+4), &sckeys[0]);
des_key_setup(GET_32BIT_MSB_FIRST(key+8),
GET_32BIT_MSB_FIRST(key+12), &sckeys[1]);
des_key_setup(GET_32BIT_MSB_FIRST(key+16),
GET_32BIT_MSB_FIRST(key+20), &sckeys[2]);
logevent("Initialised triple-DES server->client encryption");
}
void des3_encrypt_pubkey(unsigned char *key,
unsigned char *blk, int len) {
DESContext ourkeys[3];
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key+4), &ourkeys[0]);
des_key_setup(GET_32BIT_MSB_FIRST(key+8),
GET_32BIT_MSB_FIRST(key+12), &ourkeys[1]);
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key+4), &ourkeys[2]);
des_3cbc_encrypt(blk, blk, len, ourkeys);
}
struct sftp_packet *sftp_recv(void)
{
struct sftp_packet *pkt;
char x[4];
if (!sftp_recvdata(x, 4))
return NULL;
pkt = sftp_recv_prepare(GET_32BIT_MSB_FIRST(x));
if (!sftp_recvdata(pkt->data, pkt->length)) {
sftp_pkt_free(pkt);
return NULL;
}
if (!sftp_recv_finish(pkt)) {
sftp_pkt_free(pkt);
return NULL;
}
return pkt;
}
void
blowfish_setiv(BlowfishContext *ctx, const uint8 *iv)
{
ctx->iv0 = GET_32BIT_MSB_FIRST(iv);
ctx->iv1 = GET_32BIT_MSB_FIRST(iv + 4);
}
static void blowfish_iv(void *handle, unsigned char *key)
{
BlowfishContext *ctx = (BlowfishContext *)handle;
ctx->iv0 = GET_32BIT_MSB_FIRST(key);
ctx->iv1 = GET_32BIT_MSB_FIRST(key + 4);
}
agent_pending_query *agent_query(
strbuf *query, void **out, int *outlen,
void (*callback)(void *, void *, int), void *callback_ctx)
{
HWND hwnd;
char *mapname;
HANDLE filemap;
unsigned char *p, *ret;
int id, retlen;
COPYDATASTRUCT cds;
SECURITY_ATTRIBUTES sa, *psa;
PSECURITY_DESCRIPTOR psd = NULL;
PSID usersid = NULL;
*out = NULL;
*outlen = 0;
if (query->len > AGENT_MAX_MSGLEN)
return NULL; /* query too large */
hwnd = FindWindow("Pageant", "Pageant");
if (!hwnd)
return NULL; /* *out == NULL, so failure */
mapname = dupprintf("PageantRequest%08x", (unsigned)GetCurrentThreadId());
psa = NULL;
#ifndef NO_SECURITY
if (got_advapi()) {
/*
* Make the file mapping we create for communication with
* Pageant owned by the user SID rather than the default. This
* should make communication between processes with slightly
* different contexts more reliable: in particular, command
* prompts launched as administrator should still be able to
* run PSFTPs which refer back to the owning user's
* unprivileged Pageant.
*/
usersid = get_user_sid();
if (usersid) {
psd = (PSECURITY_DESCRIPTOR)
LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psd) {
if (p_InitializeSecurityDescriptor
(psd, SECURITY_DESCRIPTOR_REVISION) &&
p_SetSecurityDescriptorOwner(psd, usersid, false)) {
sa.nLength = sizeof(sa);
sa.bInheritHandle = true;
sa.lpSecurityDescriptor = psd;
psa = &sa;
} else {
LocalFree(psd);
psd = NULL;
}
}
}
}
#endif /* NO_SECURITY */
filemap = CreateFileMapping(INVALID_HANDLE_VALUE, psa, PAGE_READWRITE,
0, AGENT_MAX_MSGLEN, mapname);
if (filemap == NULL || filemap == INVALID_HANDLE_VALUE) {
sfree(mapname);
return NULL; /* *out == NULL, so failure */
}
p = MapViewOfFile(filemap, FILE_MAP_WRITE, 0, 0, 0);
strbuf_finalise_agent_query(query);
memcpy(p, query->s, query->len);
cds.dwData = AGENT_COPYDATA_ID;
cds.cbData = 1 + strlen(mapname);
cds.lpData = mapname;
/*
* The user either passed a null callback (indicating that the
* query is required to be synchronous) or CreateThread failed.
* Either way, we need a synchronous request.
*/
id = SendMessage(hwnd, WM_COPYDATA, (WPARAM) NULL, (LPARAM) &cds);
if (id > 0) {
retlen = 4 + GET_32BIT_MSB_FIRST(p);
ret = snewn(retlen, unsigned char);
if (ret) {
memcpy(ret, p, retlen);
*out = ret;
*outlen = retlen;
}
}
static void des_sesskey(unsigned char *key) {
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key+4), &cskeys[0]);
logevent("Initialised single-DES encryption");
}
static void des3_csiv(unsigned char *key) {
cskeys[0].eiv0 = GET_32BIT_MSB_FIRST(key);
cskeys[0].eiv1 = GET_32BIT_MSB_FIRST(key+4);
}
static void des3_sciv(unsigned char *key) {
sckeys[0].div0 = GET_32BIT_MSB_FIRST(key);
sckeys[0].div1 = GET_32BIT_MSB_FIRST(key+4);
}