mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-08 08:58:00 +00:00
b4e1bca2c3
This is a sweeping change applied across the whole code base by a spot of Emacs Lisp. Now, everywhere I declare a vtable filled with function pointers (and the occasional const data member), all the members of the vtable structure are initialised by name using the '.fieldname = value' syntax introduced in C99. We were already using this syntax for a handful of things in the new key-generation progress report system, so it's not new to the code base as a whole. The advantage is that now, when a vtable only declares a subset of the available fields, I can initialise the rest to NULL or zero just by leaving them out. This is most dramatic in a couple of the outlying vtables in things like psocks (which has a ConnectionLayerVtable containing only one non-NULL method), but less dramatically, it means that the new 'flags' field in BackendVtable can be completely left out of every backend definition except for the SUPDUP one which defines it to a nonzero value. Similarly, the test_for_upstream method only used by SSH doesn't have to be mentioned in the rest of the backends; network Plugs for listening sockets don't have to explicitly null out 'receive' and 'sent', and vice versa for 'accepting', and so on. While I'm at it, I've normalised the declarations so they don't use the unnecessarily verbose 'struct' keyword. Also a handful of them weren't const; now they are.
142 lines
3.5 KiB
C
142 lines
3.5 KiB
C
/*
|
|
* Arcfour (RC4) implementation for PuTTY.
|
|
*
|
|
* Coded from Schneier.
|
|
*/
|
|
|
|
#include <assert.h>
|
|
#include "ssh.h"
|
|
|
|
typedef struct {
|
|
unsigned char i, j, s[256];
|
|
ssh_cipher ciph;
|
|
} ArcfourContext;
|
|
|
|
static void arcfour_block(void *handle, void *vblk, int len)
|
|
{
|
|
unsigned char *blk = (unsigned char *)vblk;
|
|
ArcfourContext *ctx = (ArcfourContext *)handle;
|
|
unsigned k;
|
|
unsigned char tmp, i, j, *s;
|
|
|
|
s = ctx->s;
|
|
i = ctx->i; j = ctx->j;
|
|
for (k = 0; (int)k < len; k++) {
|
|
i = (i + 1) & 0xff;
|
|
j = (j + s[i]) & 0xff;
|
|
tmp = s[i]; s[i] = s[j]; s[j] = tmp;
|
|
blk[k] ^= s[(s[i]+s[j]) & 0xff];
|
|
}
|
|
ctx->i = i; ctx->j = j;
|
|
}
|
|
|
|
static void arcfour_setkey(ArcfourContext *ctx, unsigned char const *key,
|
|
unsigned keybytes)
|
|
{
|
|
unsigned char tmp, k[256], *s;
|
|
unsigned i, j;
|
|
|
|
s = ctx->s;
|
|
assert(keybytes <= 256);
|
|
ctx->i = ctx->j = 0;
|
|
for (i = 0; i < 256; i++) {
|
|
s[i] = i;
|
|
k[i] = key[i % keybytes];
|
|
}
|
|
j = 0;
|
|
for (i = 0; i < 256; i++) {
|
|
j = (j + s[i] + k[i]) & 0xff;
|
|
tmp = s[i]; s[i] = s[j]; s[j] = tmp;
|
|
}
|
|
}
|
|
|
|
/* -- Interface with PuTTY -- */
|
|
|
|
/*
|
|
* We don't implement Arcfour in SSH-1 because it's utterly insecure in
|
|
* several ways. See CERT Vulnerability Notes VU#25309, VU#665372,
|
|
* and VU#565052.
|
|
*
|
|
* We don't implement the "arcfour" algorithm in SSH-2 because it doesn't
|
|
* stir the cipher state before emitting keystream, and hence is likely
|
|
* to leak data about the key.
|
|
*/
|
|
|
|
static ssh_cipher *arcfour_new(const ssh_cipheralg *alg)
|
|
{
|
|
ArcfourContext *ctx = snew(ArcfourContext);
|
|
ctx->ciph.vt = alg;
|
|
return &ctx->ciph;
|
|
}
|
|
|
|
static void arcfour_free(ssh_cipher *cipher)
|
|
{
|
|
ArcfourContext *ctx = container_of(cipher, ArcfourContext, ciph);
|
|
smemclr(ctx, sizeof(*ctx));
|
|
sfree(ctx);
|
|
}
|
|
|
|
static void arcfour_stir(ArcfourContext *ctx)
|
|
{
|
|
unsigned char *junk = snewn(1536, unsigned char);
|
|
memset(junk, 0, 1536);
|
|
arcfour_block(ctx, junk, 1536);
|
|
smemclr(junk, 1536);
|
|
sfree(junk);
|
|
}
|
|
|
|
static void arcfour_ssh2_setiv(ssh_cipher *cipher, const void *key)
|
|
{
|
|
/* As a pure stream cipher, Arcfour has no IV separate from the key */
|
|
}
|
|
|
|
static void arcfour_ssh2_setkey(ssh_cipher *cipher, const void *key)
|
|
{
|
|
ArcfourContext *ctx = container_of(cipher, ArcfourContext, ciph);
|
|
arcfour_setkey(ctx, key, ctx->ciph.vt->padded_keybytes);
|
|
arcfour_stir(ctx);
|
|
}
|
|
|
|
static void arcfour_ssh2_block(ssh_cipher *cipher, void *blk, int len)
|
|
{
|
|
ArcfourContext *ctx = container_of(cipher, ArcfourContext, ciph);
|
|
arcfour_block(ctx, blk, len);
|
|
}
|
|
|
|
const ssh_cipheralg ssh_arcfour128_ssh2 = {
|
|
.new = arcfour_new,
|
|
.free = arcfour_free,
|
|
.setiv = arcfour_ssh2_setiv,
|
|
.setkey = arcfour_ssh2_setkey,
|
|
.encrypt = arcfour_ssh2_block,
|
|
.decrypt = arcfour_ssh2_block,
|
|
.ssh2_id = "arcfour128",
|
|
.blksize = 1,
|
|
.real_keybits = 128,
|
|
.padded_keybytes = 16,
|
|
.flags = 0,
|
|
.text_name = "Arcfour-128",
|
|
};
|
|
|
|
const ssh_cipheralg ssh_arcfour256_ssh2 = {
|
|
.new = arcfour_new,
|
|
.free = arcfour_free,
|
|
.setiv = arcfour_ssh2_setiv,
|
|
.setkey = arcfour_ssh2_setkey,
|
|
.encrypt = arcfour_ssh2_block,
|
|
.decrypt = arcfour_ssh2_block,
|
|
.ssh2_id = "arcfour256",
|
|
.blksize = 1,
|
|
.real_keybits = 256,
|
|
.padded_keybytes = 32,
|
|
.flags = 0,
|
|
.text_name = "Arcfour-256",
|
|
};
|
|
|
|
static const ssh_cipheralg *const arcfour_list[] = {
|
|
&ssh_arcfour256_ssh2,
|
|
&ssh_arcfour128_ssh2,
|
|
};
|
|
|
|
const ssh2_ciphers ssh2_arcfour = { lenof(arcfour_list), arcfour_list };
|