a2add208 |
1 | /* |
2 | * Arcfour (RC4) implementation for PuTTY. |
3 | * |
4 | * Coded from Schneier. |
5 | */ |
6 | |
7 | #include <assert.h> |
8 | #include "ssh.h" |
9 | |
10 | typedef struct { |
11 | unsigned char i, j, s[256]; |
12 | } ArcfourContext; |
13 | |
14 | static void arcfour_block(void *handle, unsigned char *blk, int len) |
15 | { |
16 | ArcfourContext *ctx = (ArcfourContext *)handle; |
17 | unsigned k; |
18 | unsigned char tmp, i, j, *s; |
19 | |
20 | s = ctx->s; |
21 | i = ctx->i; j = ctx->j; |
22 | for (k = 0; k < len; k++) { |
23 | i = (i + 1) & 0xff; |
24 | j = (j + s[i]) & 0xff; |
25 | tmp = s[i]; s[i] = s[j]; s[j] = tmp; |
26 | blk[k] ^= s[(s[i]+s[j]) & 0xff]; |
27 | } |
28 | ctx->i = i; ctx->j = j; |
29 | } |
30 | |
31 | static void arcfour_setkey(ArcfourContext *ctx, unsigned char const *key, |
32 | unsigned keybytes) |
33 | { |
34 | unsigned char tmp, k[256], *s; |
35 | unsigned i, j; |
36 | |
37 | s = ctx->s; |
38 | assert(keybytes <= 256); |
39 | ctx->i = ctx->j = 0; |
40 | for (i = 0; i < 256; i++) { |
41 | s[i] = i; |
42 | k[i] = key[i % keybytes]; |
43 | } |
44 | j = 0; |
45 | for (i = 0; i < 256; i++) { |
46 | j = (j + s[i] + k[i]) & 0xff; |
47 | tmp = s[i]; s[i] = s[j]; s[j] = tmp; |
48 | } |
49 | } |
50 | |
51 | /* -- Interface with PuTTY -- */ |
52 | |
53 | /* |
54 | * We don't implement Arcfour in SSH-1 because it's utterly insecure in |
55 | * several ways. See CERT Vulnerability Notes VU#25309, VU#665372, |
56 | * and VU#565052. |
57 | * |
58 | * We don't implement the "arcfour" algorithm in SSH-2 because it doesn't |
59 | * stir the cipher state before emitting keystream, and hence is likely |
60 | * to leak data about the key. |
61 | */ |
62 | |
63 | static void *arcfour_make_context(void) |
64 | { |
65 | return snew(ArcfourContext); |
66 | } |
67 | |
68 | static void arcfour_free_context(void *handle) |
69 | { |
70 | sfree(handle); |
71 | } |
72 | |
73 | static void arcfour_stir(ArcfourContext *ctx) |
74 | { |
75 | unsigned char *junk = snewn(1536, unsigned char); |
76 | memset(junk, 0, 1536); |
77 | arcfour_block(ctx, junk, 1536); |
78 | memset(junk, 0, 1536); |
79 | sfree(junk); |
80 | } |
81 | |
82 | static void arcfour128_key(void *handle, unsigned char *key) |
83 | { |
84 | ArcfourContext *ctx = (ArcfourContext *)handle; |
85 | arcfour_setkey(ctx, key, 16); |
86 | arcfour_stir(ctx); |
87 | } |
88 | |
89 | static void arcfour256_key(void *handle, unsigned char *key) |
90 | { |
91 | ArcfourContext *ctx = (ArcfourContext *)handle; |
92 | arcfour_setkey(ctx, key, 32); |
93 | arcfour_stir(ctx); |
94 | } |
95 | |
96 | static void arcfour_iv(void *handle, unsigned char *key) |
97 | { |
98 | |
99 | } |
100 | |
101 | const struct ssh2_cipher ssh_arcfour128_ssh2 = { |
102 | arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key, |
103 | arcfour_block, arcfour_block, |
104 | "arcfour128-draft-00@putty.projects.tartarus.org", |
105 | 1, 128, "Arcfour-128" |
106 | }; |
107 | |
108 | const struct ssh2_cipher ssh_arcfour256_ssh2 = { |
109 | arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key, |
110 | arcfour_block, arcfour_block, |
111 | "arcfour256-draft-00@putty.projects.tartarus.org", |
112 | 1, 256, "Arcfour-256" |
113 | }; |
114 | |
a2add208 |
115 | static const struct ssh2_cipher *const arcfour_list[] = { |
ffd835c1 |
116 | &ssh_arcfour256_ssh2, |
a2add208 |
117 | &ssh_arcfour128_ssh2, |
118 | }; |
119 | |
120 | const struct ssh2_ciphers ssh2_arcfour = { |
121 | sizeof(arcfour_list) / sizeof(*arcfour_list), |
122 | arcfour_list |
123 | }; |