From 585c14f36590212e50cded084ea0fa531e43c796 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 6 Jul 1999 19:42:57 +0000 Subject: [PATCH] Add encryption selection, and Blowfish as second option [originally from svn r175] --- putty.h | 1 + ssh.c | 20 ++++++++++++++++++-- ssh.h | 4 ++++ win_res.h | 3 +++ windlg.c | 26 +++++++++++++++++++++++++- 5 files changed, 51 insertions(+), 3 deletions(-) diff --git a/putty.h b/putty.h index 4fed74d8..85c856ce 100644 --- a/putty.h +++ b/putty.h @@ -97,6 +97,7 @@ typedef struct { int close_on_exit; /* SSH options */ int nopty; + enum { CIPHER_3DES, CIPHER_BLOWFISH } cipher; /* Telnet options */ char termtype[32]; char termspeed[32]; diff --git a/ssh.c b/ssh.c index f29f87c4..8f7b7908 100644 --- a/ssh.c +++ b/ssh.c @@ -262,8 +262,11 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) { unsigned char cookie[8]; struct RSAKey servkey, hostkey; struct MD5Context md5c; + unsigned long supported_ciphers_mask; + int cipher_type; extern struct ssh_cipher ssh_3des; + extern struct ssh_cipher ssh_blowfish; crBegin; @@ -283,6 +286,11 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) { j = makekey(pktin.body+8+i, &hostkey, &keystr2); + supported_ciphers_mask = (pktin.body[12+i+j] << 24) | + (pktin.body[13+i+j] << 16) | + (pktin.body[14+i+j] << 8) | + (pktin.body[15+i+j]); + MD5Update(&md5c, keystr2, hostkey.bytes); MD5Update(&md5c, keystr1, servkey.bytes); MD5Update(&md5c, pktin.body, 8); @@ -314,8 +322,15 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) { rsaencrypt(rsabuf, hostkey.bytes, &servkey); } + cipher_type = cfg.cipher == CIPHER_BLOWFISH ? SSH_CIPHER_BLOWFISH : + SSH_CIPHER_3DES; + if ((supported_ciphers_mask & (1 << cipher_type)) == 0) { + c_write("Selected cipher not supported, falling back to 3DES\r\n", 53); + cipher_type = SSH_CIPHER_3DES; + } + s_wrpkt_start(3, len+15); - pktout.body[0] = 3; /* SSH_CIPHER_3DES */ + pktout.body[0] = cipher_type; memcpy(pktout.body+1, cookie, 8); pktout.body[9] = (len*8) >> 8; pktout.body[10] = (len*8) & 0xFF; @@ -326,7 +341,8 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) { free(rsabuf); - cipher = &ssh_3des; + cipher = cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish : + &ssh_3des; cipher->sesskey(session_key); do { crReturnV; } while (!ispkt); diff --git a/ssh.h b/ssh.h index 5c72eeb1..a252ef83 100644 --- a/ssh.h +++ b/ssh.h @@ -1,5 +1,9 @@ #include +#define SSH_CIPHER_IDEA 1 +#define SSH_CIPHER_3DES 3 +#define SSH_CIPHER_BLOWFISH 6 + struct RSAKey { int bits; int bytes; diff --git a/win_res.h b/win_res.h index b50da6ca..a956cfa7 100644 --- a/win_res.h +++ b/win_res.h @@ -96,6 +96,9 @@ #define IDC3_EMRFC 1017 #define IDC3_NOPTY 1018 +#define IDC3_CIPHERSTATIC 1019 +#define IDC3_CIPHER3DES 1020 +#define IDC3_CIPHERBLOWF 1021 #define IDC4_MBSTATIC 1001 #define IDC4_MBWINDOWS 1002 diff --git a/windlg.c b/windlg.c index 757300dc..a1e463ec 100644 --- a/windlg.c +++ b/windlg.c @@ -5,8 +5,8 @@ #include #include -#include "putty.h" #include "ssh.h" +#include "putty.h" #include "win_res.h" #define NPANELS 7 @@ -149,6 +149,8 @@ static void save_settings (char *section, int do_host) { } wpps (sesskey, "UserName", cfg.username); wppi (sesskey, "NoPTY", cfg.nopty); + wpps (sesskey, "Cipher", cfg.cipher == CIPHER_BLOWFISH ? "blowfish" : + "3des"); wppi (sesskey, "RFCEnviron", cfg.rfc_environ); wppi (sesskey, "BackspaceIsDelete", cfg.bksp_is_delete); wppi (sesskey, "RXVTHomeEnd", cfg.rxvt_homeend); @@ -224,6 +226,7 @@ static void load_settings (char *section, int do_host) { } free(p); + RegCloseKey(subkey1); if (do_host) { char prot[10]; @@ -264,6 +267,14 @@ static void load_settings (char *section, int do_host) { } gpps (sesskey, "UserName", "", cfg.username, sizeof(cfg.username)); gppi (sesskey, "NoPTY", 0, &cfg.nopty); + { + char cipher[10]; + gpps (sesskey, "Cipher", "3des", cipher, 10); + if (!strcmp(cipher, "blowfish")) + cfg.cipher = CIPHER_BLOWFISH; + else + cfg.cipher = CIPHER_3DES; + } gppi (sesskey, "RFCEnviron", 0, &cfg.rfc_environ); gppi (sesskey, "BackspaceIsDelete", 1, &cfg.bksp_is_delete); gppi (sesskey, "RXVTHomeEnd", 0, &cfg.rxvt_homeend); @@ -865,6 +876,9 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg, SetDlgItemText (hwnd, IDC3_TTEDIT, cfg.termtype); SetDlgItemText (hwnd, IDC3_LOGEDIT, cfg.username); CheckDlgButton (hwnd, IDC3_NOPTY, cfg.nopty); + CheckRadioButton (hwnd, IDC3_CIPHER3DES, IDC3_CIPHERBLOWF, + cfg.cipher == CIPHER_BLOWFISH ? IDC3_CIPHERBLOWF : + IDC3_CIPHER3DES); break; case WM_COMMAND: switch (LOWORD(wParam)) { @@ -883,6 +897,16 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg, HIWORD(wParam) == BN_DOUBLECLICKED) cfg.nopty = IsDlgButtonChecked (hwnd, IDC3_NOPTY); break; + case IDC3_CIPHER3DES: + case IDC3_CIPHERBLOWF: + if (HIWORD(wParam) == BN_CLICKED || + HIWORD(wParam) == BN_DOUBLECLICKED) { + if (IsDlgButtonChecked (hwnd, IDC3_CIPHER3DES)) + cfg.cipher = CIPHER_3DES; + else if (IsDlgButtonChecked (hwnd, IDC3_CIPHERBLOWF)) + cfg.cipher = CIPHER_BLOWFISH; + } + break; } break; }