mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-09 17:38:00 +00:00
7babe66a83
This is a cleanup I started to notice a need for during the BinarySink work. It removes a lot of faffing about casting things to char * or unsigned char * so that some API will accept them, even though lots of such APIs really take a plain 'block of raw binary data' argument and don't care what C thinks the signedness of that data might be - they may well reinterpret it back and forth internally. So I've tried to arrange for all the function call APIs that ought to have a void * (or const void *) to have one, and those that need to do pointer arithmetic on the parameter internally can cast it back at the top of the function. That saves endless ad-hoc casts at the call sites.
127 lines
2.8 KiB
C
127 lines
2.8 KiB
C
/*
|
|
* Arcfour (RC4) implementation for PuTTY.
|
|
*
|
|
* Coded from Schneier.
|
|
*/
|
|
|
|
#include <assert.h>
|
|
#include "ssh.h"
|
|
|
|
typedef struct {
|
|
unsigned char i, j, s[256];
|
|
} ArcfourContext;
|
|
|
|
static void arcfour_block(void *handle, void *vblk, int len)
|
|
{
|
|
unsigned char *blk = (unsigned char *)vblk;
|
|
ArcfourContext *ctx = (ArcfourContext *)handle;
|
|
unsigned k;
|
|
unsigned char tmp, i, j, *s;
|
|
|
|
s = ctx->s;
|
|
i = ctx->i; j = ctx->j;
|
|
for (k = 0; (int)k < len; k++) {
|
|
i = (i + 1) & 0xff;
|
|
j = (j + s[i]) & 0xff;
|
|
tmp = s[i]; s[i] = s[j]; s[j] = tmp;
|
|
blk[k] ^= s[(s[i]+s[j]) & 0xff];
|
|
}
|
|
ctx->i = i; ctx->j = j;
|
|
}
|
|
|
|
static void arcfour_setkey(ArcfourContext *ctx, unsigned char const *key,
|
|
unsigned keybytes)
|
|
{
|
|
unsigned char tmp, k[256], *s;
|
|
unsigned i, j;
|
|
|
|
s = ctx->s;
|
|
assert(keybytes <= 256);
|
|
ctx->i = ctx->j = 0;
|
|
for (i = 0; i < 256; i++) {
|
|
s[i] = i;
|
|
k[i] = key[i % keybytes];
|
|
}
|
|
j = 0;
|
|
for (i = 0; i < 256; i++) {
|
|
j = (j + s[i] + k[i]) & 0xff;
|
|
tmp = s[i]; s[i] = s[j]; s[j] = tmp;
|
|
}
|
|
}
|
|
|
|
/* -- Interface with PuTTY -- */
|
|
|
|
/*
|
|
* We don't implement Arcfour in SSH-1 because it's utterly insecure in
|
|
* several ways. See CERT Vulnerability Notes VU#25309, VU#665372,
|
|
* and VU#565052.
|
|
*
|
|
* We don't implement the "arcfour" algorithm in SSH-2 because it doesn't
|
|
* stir the cipher state before emitting keystream, and hence is likely
|
|
* to leak data about the key.
|
|
*/
|
|
|
|
static void *arcfour_make_context(void)
|
|
{
|
|
return snew(ArcfourContext);
|
|
}
|
|
|
|
static void arcfour_free_context(void *handle)
|
|
{
|
|
sfree(handle);
|
|
}
|
|
|
|
static void arcfour_stir(ArcfourContext *ctx)
|
|
{
|
|
unsigned char *junk = snewn(1536, unsigned char);
|
|
memset(junk, 0, 1536);
|
|
arcfour_block(ctx, junk, 1536);
|
|
smemclr(junk, 1536);
|
|
sfree(junk);
|
|
}
|
|
|
|
static void arcfour128_key(void *handle, const void *key)
|
|
{
|
|
ArcfourContext *ctx = (ArcfourContext *)handle;
|
|
arcfour_setkey(ctx, key, 16);
|
|
arcfour_stir(ctx);
|
|
}
|
|
|
|
static void arcfour256_key(void *handle, const void *key)
|
|
{
|
|
ArcfourContext *ctx = (ArcfourContext *)handle;
|
|
arcfour_setkey(ctx, key, 32);
|
|
arcfour_stir(ctx);
|
|
}
|
|
|
|
static void arcfour_iv(void *handle, const void *iv)
|
|
{
|
|
|
|
}
|
|
|
|
const struct ssh2_cipher ssh_arcfour128_ssh2 = {
|
|
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key,
|
|
arcfour_block, arcfour_block, NULL, NULL,
|
|
"arcfour128",
|
|
1, 128, 16, 0, "Arcfour-128",
|
|
NULL
|
|
};
|
|
|
|
const struct ssh2_cipher ssh_arcfour256_ssh2 = {
|
|
arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key,
|
|
arcfour_block, arcfour_block, NULL, NULL,
|
|
"arcfour256",
|
|
1, 256, 32, 0, "Arcfour-256",
|
|
NULL
|
|
};
|
|
|
|
static const struct ssh2_cipher *const arcfour_list[] = {
|
|
&ssh_arcfour256_ssh2,
|
|
&ssh_arcfour128_ssh2,
|
|
};
|
|
|
|
const struct ssh2_ciphers ssh2_arcfour = {
|
|
sizeof(arcfour_list) / sizeof(*arcfour_list),
|
|
arcfour_list
|
|
};
|