mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-09 17:38:00 +00:00
Implement my experimental arcfour modes. The 256-bit version is disabled
until I can test it against someone else's implementation. [originally from svn r5633]
This commit is contained in:
Ben Harris
parent
6eec320f0b
commit
09951c6078
2
Recipe
2
Recipe
@ -205,7 +205,7 @@ NONSSH = telnet raw rlogin ldisc pinger
|
||||
# SSH back end (putty, plink, pscp, psftp).
|
||||
SSH = ssh sshcrc sshdes sshmd5 sshrsa sshrand sshsha sshblowf
|
||||
+ sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd
|
||||
+ sshaes sshsh512 sshbn wildcard pinger
|
||||
+ sshaes sshsh512 sshbn wildcard pinger ssharcf
|
||||
WINSSH = SSH winnoise winpgntc
|
||||
UXSSH = SSH uxnoise uxagentc
|
||||
MACSSH = SSH macnoise
|
||||
|
||||
1
config.c
1
config.c
@ -120,6 +120,7 @@ static void cipherlist_handler(union control *ctrl, void *dlg,
|
||||
{ "Blowfish", CIPHER_BLOWFISH },
|
||||
{ "DES", CIPHER_DES },
|
||||
{ "AES (SSH-2 only)", CIPHER_AES },
|
||||
{ "Arcfour (SSH-2 only)", CIPHER_ARCFOUR },
|
||||
{ "-- warn below here --", CIPHER_WARN }
|
||||
};
|
||||
|
||||
|
||||
@ -2127,6 +2127,8 @@ PuTTY currently supports the following algorithms:
|
||||
|
||||
\b \i{AES} (Rijndael) - 256, 192, or 128-bit CBC (SSH-2 only)
|
||||
|
||||
\b \i{Arcfour} (RC4) - 256 or 128-bit stream cipher (SSH-2 only)
|
||||
|
||||
\b \i{Blowfish} - 128-bit CBC
|
||||
|
||||
\b \ii{Triple-DES} - 168-bit CBC
|
||||
|
||||
@ -74,7 +74,7 @@ this, let us know and we'll move it up our priority list.
|
||||
|
||||
This occurs when the SSH server does not offer any ciphers which you
|
||||
have configured PuTTY to consider strong enough. By default, PuTTY
|
||||
puts up this warning only for \ii{single-DES} encryption.
|
||||
puts up this warning only for \ii{single-DES} and \i{Arcfour} encryption.
|
||||
|
||||
See \k{config-ssh-encryption} for more information on this message.
|
||||
|
||||
|
||||
@ -595,6 +595,9 @@ saved sessions from
|
||||
\IM{AES} Advanced Encryption Standard
|
||||
\IM{AES} Rijndael
|
||||
|
||||
\IM{Arcfour} Arcfour
|
||||
\IM{Arcfour} RC4
|
||||
|
||||
\IM{triple-DES} triple-DES
|
||||
|
||||
\IM{single-DES} single-DES
|
||||
|
||||
1
putty.h
1
putty.h
@ -261,6 +261,7 @@ enum {
|
||||
CIPHER_BLOWFISH,
|
||||
CIPHER_AES, /* (SSH-2 only) */
|
||||
CIPHER_DES,
|
||||
CIPHER_ARCFOUR,
|
||||
CIPHER_MAX /* no. ciphers (inc warn) */
|
||||
};
|
||||
|
||||
|
||||
@ -18,6 +18,7 @@ static const struct keyval ciphernames[] = {
|
||||
{ "blowfish", CIPHER_BLOWFISH },
|
||||
{ "3des", CIPHER_3DES },
|
||||
{ "WARN", CIPHER_WARN },
|
||||
{ "arcfour", CIPHER_ARCFOUR },
|
||||
{ "des", CIPHER_DES }
|
||||
};
|
||||
|
||||
|
||||
3
ssh.c
3
ssh.c
@ -4915,6 +4915,9 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
|
||||
case CIPHER_AES:
|
||||
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
|
||||
break;
|
||||
case CIPHER_ARCFOUR:
|
||||
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
|
||||
break;
|
||||
case CIPHER_WARN:
|
||||
/* Flag for later. Don't bother if it's the last in
|
||||
* the list. */
|
||||
|
||||
1
ssh.h
1
ssh.h
@ -233,6 +233,7 @@ extern const struct ssh2_ciphers ssh2_3des;
|
||||
extern const struct ssh2_ciphers ssh2_des;
|
||||
extern const struct ssh2_ciphers ssh2_aes;
|
||||
extern const struct ssh2_ciphers ssh2_blowfish;
|
||||
extern const struct ssh2_ciphers ssh2_arcfour;
|
||||
extern const struct ssh_kex ssh_diffiehellman_group1;
|
||||
extern const struct ssh_kex ssh_diffiehellman_group14;
|
||||
extern const struct ssh_kex ssh_diffiehellman_gex;
|
||||
|
||||
127
ssharcf.c
Normal file
127
ssharcf.c
Normal file
@ -0,0 +1,127 @@
|
||||
/*
|
||||
* Arcfour (RC4) implementation for PuTTY.
|
||||
*
|
||||
* Coded from Schneier.
|
||||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include "ssh.h"
|
||||
|
||||
typedef struct {
|
||||
unsigned char i, j, s[256];
|
||||
} ArcfourContext;
|
||||
|
||||
static void arcfour_block(void *handle, unsigned char *blk, int len)
|
||||
{
|
||||
ArcfourContext *ctx = (ArcfourContext *)handle;
|
||||
unsigned k;
|
||||
unsigned char tmp, i, j, *s;
|
||||
|
||||
s = ctx->s;
|
||||
i = ctx->i; j = ctx->j;
|
||||
for (k = 0; k < len; k++) {
|
||||
i = (i + 1) & 0xff;
|
||||
j = (j + s[i]) & 0xff;
|
||||
tmp = s[i]; s[i] = s[j]; s[j] = tmp;
|
||||
blk[k] ^= s[(s[i]+s[j]) & 0xff];
|
||||
}
|
||||
ctx->i = i; ctx->j = j;
|
||||
}
|
||||
|
||||
static void arcfour_setkey(ArcfourContext *ctx, unsigned char const *key,
|
||||
unsigned keybytes)
|
||||
{
|
||||
unsigned char tmp, k[256], *s;
|
||||
unsigned i, j;
|
||||
|
||||
s = ctx->s;
|
||||
assert(keybytes <= 256);
|
||||
ctx->i = ctx->j = 0;
|
||||
for (i = 0; i < 256; i++) {
|
||||
s[i] = i;
|
||||
k[i] = key[i % keybytes];
|
||||
}
|
||||
j = 0;
|
||||
for (i = 0; i < 256; i++) {
|
||||
j = (j + s[i] + k[i]) & 0xff;
|
||||
tmp = s[i]; s[i] = s[j]; s[j] = tmp;
|
||||
}
|
||||
}
|
||||
|
||||
/* -- Interface with PuTTY -- */
|
||||
|
||||
/*
|
||||
* We don't implement Arcfour in SSH-1 because it's utterly insecure in
|
||||
* several ways. See CERT Vulnerability Notes VU#25309, VU#665372,
|
||||
* and VU#565052.
|
||||
*
|
||||
* We don't implement the "arcfour" algorithm in SSH-2 because it doesn't
|
||||
* stir the cipher state before emitting keystream, and hence is likely
|
||||
* to leak data about the key.
|
||||
*/
|
||||
|
||||
static void *arcfour_make_context(void)
|
||||
{
|
||||
return snew(ArcfourContext);
|
||||
}
|
||||
|
||||
static void arcfour_free_context(void *handle)
|
||||
{
|
||||
sfree(handle);
|
||||
}
|
||||
|
||||
static void arcfour_stir(ArcfourContext *ctx)
|
||||
{
|
||||
unsigned char *junk = snewn(1536, unsigned char);
|
||||
memset(junk, 0, 1536);
|
||||
arcfour_block(ctx, junk, 1536);
|
||||
memset(junk, 0, 1536);
|
||||
sfree(junk);
|
||||
}
|
||||
|
||||
static void arcfour128_key(void *handle, unsigned char *key)
|
||||
{
|
||||
ArcfourContext *ctx = (ArcfourContext *)handle;
|
||||
arcfour_setkey(ctx, key, 16);
|
||||
arcfour_stir(ctx);
|
||||
}
|
||||
|
||||
static void arcfour256_key(void *handle, unsigned char *key)
|
||||
{
|
||||
ArcfourContext *ctx = (ArcfourContext *)handle;
|
||||
arcfour_setkey(ctx, key, 32);
|
||||
arcfour_stir(ctx);
|
||||
}
|
||||
|
||||
static void arcfour_iv(void *handle, unsigned char *key)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
const struct ssh2_cipher ssh_arcfour128_ssh2 = {
|
||||
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key,
|
||||
arcfour_block, arcfour_block,
|
||||
"arcfour128-draft-00@putty.projects.tartarus.org",
|
||||
1, 128, "Arcfour-128"
|
||||
};
|
||||
|
||||
const struct ssh2_cipher ssh_arcfour256_ssh2 = {
|
||||
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key,
|
||||
arcfour_block, arcfour_block,
|
||||
"arcfour256-draft-00@putty.projects.tartarus.org",
|
||||
1, 256, "Arcfour-256"
|
||||
};
|
||||
|
||||
/*
|
||||
* arcfour256-draft-00@putty.projects.tartarus.org is as-yet untested
|
||||
* against any other implementation, and hence is commented out.
|
||||
*/
|
||||
static const struct ssh2_cipher *const arcfour_list[] = {
|
||||
/* &ssh_arcfour256_ssh2, */
|
||||
&ssh_arcfour128_ssh2,
|
||||
};
|
||||
|
||||
const struct ssh2_ciphers ssh2_arcfour = {
|
||||
sizeof(arcfour_list) / sizeof(*arcfour_list),
|
||||
arcfour_list
|
||||
};
|
||||
Loading…
Reference in New Issue
Block a user