| 1 | /* |
| 2 | * Arcfour (RC4) implementation for PuTTY. |
| 3 | * |
| 4 | * Coded from Schneier. |
| 5 | */ |
| 6 | |
| 7 | #include <assert.h> |
| 8 | #include "ssh.h" |
| 9 | |
| 10 | typedef struct { |
| 11 | unsigned char i, j, s[256]; |
| 12 | } ArcfourContext; |
| 13 | |
| 14 | static void arcfour_block(void *handle, unsigned char *blk, int len) |
| 15 | { |
| 16 | ArcfourContext *ctx = (ArcfourContext *)handle; |
| 17 | unsigned k; |
| 18 | unsigned char tmp, i, j, *s; |
| 19 | |
| 20 | s = ctx->s; |
| 21 | i = ctx->i; j = ctx->j; |
| 22 | for (k = 0; (int)k < len; k++) { |
| 23 | i = (i + 1) & 0xff; |
| 24 | j = (j + s[i]) & 0xff; |
| 25 | tmp = s[i]; s[i] = s[j]; s[j] = tmp; |
| 26 | blk[k] ^= s[(s[i]+s[j]) & 0xff]; |
| 27 | } |
| 28 | ctx->i = i; ctx->j = j; |
| 29 | } |
| 30 | |
| 31 | static void arcfour_setkey(ArcfourContext *ctx, unsigned char const *key, |
| 32 | unsigned keybytes) |
| 33 | { |
| 34 | unsigned char tmp, k[256], *s; |
| 35 | unsigned i, j; |
| 36 | |
| 37 | s = ctx->s; |
| 38 | assert(keybytes <= 256); |
| 39 | ctx->i = ctx->j = 0; |
| 40 | for (i = 0; i < 256; i++) { |
| 41 | s[i] = i; |
| 42 | k[i] = key[i % keybytes]; |
| 43 | } |
| 44 | j = 0; |
| 45 | for (i = 0; i < 256; i++) { |
| 46 | j = (j + s[i] + k[i]) & 0xff; |
| 47 | tmp = s[i]; s[i] = s[j]; s[j] = tmp; |
| 48 | } |
| 49 | } |
| 50 | |
| 51 | /* -- Interface with PuTTY -- */ |
| 52 | |
| 53 | /* |
| 54 | * We don't implement Arcfour in SSH-1 because it's utterly insecure in |
| 55 | * several ways. See CERT Vulnerability Notes VU#25309, VU#665372, |
| 56 | * and VU#565052. |
| 57 | * |
| 58 | * We don't implement the "arcfour" algorithm in SSH-2 because it doesn't |
| 59 | * stir the cipher state before emitting keystream, and hence is likely |
| 60 | * to leak data about the key. |
| 61 | */ |
| 62 | |
| 63 | static void *arcfour_make_context(void) |
| 64 | { |
| 65 | return snew(ArcfourContext); |
| 66 | } |
| 67 | |
| 68 | static void arcfour_free_context(void *handle) |
| 69 | { |
| 70 | sfree(handle); |
| 71 | } |
| 72 | |
| 73 | static void arcfour_stir(ArcfourContext *ctx) |
| 74 | { |
| 75 | unsigned char *junk = snewn(1536, unsigned char); |
| 76 | memset(junk, 0, 1536); |
| 77 | arcfour_block(ctx, junk, 1536); |
| 78 | memset(junk, 0, 1536); |
| 79 | sfree(junk); |
| 80 | } |
| 81 | |
| 82 | static void arcfour128_key(void *handle, unsigned char *key) |
| 83 | { |
| 84 | ArcfourContext *ctx = (ArcfourContext *)handle; |
| 85 | arcfour_setkey(ctx, key, 16); |
| 86 | arcfour_stir(ctx); |
| 87 | } |
| 88 | |
| 89 | static void arcfour256_key(void *handle, unsigned char *key) |
| 90 | { |
| 91 | ArcfourContext *ctx = (ArcfourContext *)handle; |
| 92 | arcfour_setkey(ctx, key, 32); |
| 93 | arcfour_stir(ctx); |
| 94 | } |
| 95 | |
| 96 | static void arcfour_iv(void *handle, unsigned char *key) |
| 97 | { |
| 98 | |
| 99 | } |
| 100 | |
| 101 | const struct ssh2_cipher ssh_arcfour128_ssh2 = { |
| 102 | arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key, |
| 103 | arcfour_block, arcfour_block, |
| 104 | "arcfour128", |
| 105 | 1, 128, 0, "Arcfour-128" |
| 106 | }; |
| 107 | |
| 108 | const struct ssh2_cipher ssh_arcfour256_ssh2 = { |
| 109 | arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key, |
| 110 | arcfour_block, arcfour_block, |
| 111 | "arcfour256", |
| 112 | 1, 256, 0, "Arcfour-256" |
| 113 | }; |
| 114 | |
| 115 | static const struct ssh2_cipher *const arcfour_list[] = { |
| 116 | &ssh_arcfour256_ssh2, |
| 117 | &ssh_arcfour128_ssh2, |
| 118 | }; |
| 119 | |
| 120 | const struct ssh2_ciphers ssh2_arcfour = { |
| 121 | sizeof(arcfour_list) / sizeof(*arcfour_list), |
| 122 | arcfour_list |
| 123 | }; |