Add encryption selection, and Blowfish as second option

git-svn-id: svn://svn.tartarus.org/sgt/putty@175 cda61777-01e9-0310-a592-d414129be87e

diff --git a/putty.h b/putty.h
index 4fed74d..85c856c 100644 (file)
--- a/putty.h
+++ b/putty.h
@@ -97,6 +97,7 @@ typedef struct {
     int close_on_exit;
     /* SSH options */
     int nopty;
+    enum { CIPHER_3DES, CIPHER_BLOWFISH } cipher;
     /* Telnet options */
     char termtype[32];
     char termspeed[32];

diff --git a/ssh.c b/ssh.c
index f29f87c..8f7b790 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -262,8 +262,11 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
     unsigned char cookie[8];
     struct RSAKey servkey, hostkey;
     struct MD5Context md5c;
+    unsigned long supported_ciphers_mask;
+    int cipher_type;
 
     extern struct ssh_cipher ssh_3des;
+    extern struct ssh_cipher ssh_blowfish;
 
     crBegin;
 
@@ -283,6 +286,11 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 
     j = makekey(pktin.body+8+i, &hostkey, &keystr2);
 
+    supported_ciphers_mask = (pktin.body[12+i+j] << 24) |
+                             (pktin.body[13+i+j] << 16) |
+                             (pktin.body[14+i+j] << 8) |
+                             (pktin.body[15+i+j]);
+
     MD5Update(&md5c, keystr2, hostkey.bytes);
     MD5Update(&md5c, keystr1, servkey.bytes);
     MD5Update(&md5c, pktin.body, 8);
@@ -314,8 +322,15 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
        rsaencrypt(rsabuf, hostkey.bytes, &servkey);
     }
 
+    cipher_type = cfg.cipher == CIPHER_BLOWFISH ? SSH_CIPHER_BLOWFISH :
+                  SSH_CIPHER_3DES;
+    if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
+       c_write("Selected cipher not supported, falling back to 3DES\r\n", 53);
+       cipher_type = SSH_CIPHER_3DES;
+    }
+
     s_wrpkt_start(3, len+15);
-    pktout.body[0] = 3;                       /* SSH_CIPHER_3DES */
+    pktout.body[0] = cipher_type;
     memcpy(pktout.body+1, cookie, 8);
     pktout.body[9] = (len*8) >> 8;
     pktout.body[10] = (len*8) & 0xFF;
@@ -326,7 +341,8 @@ static void ssh_protocol(unsigned char *in, int inlen, int ispkt) {
 
     free(rsabuf);
 
-    cipher = &ssh_3des;
+    cipher = cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish :
+             &ssh_3des;
     cipher->sesskey(session_key);
 
     do { crReturnV; } while (!ispkt);

diff --git a/ssh.h b/ssh.h
index 5c72eeb..a252ef8 100644 (file)
--- a/ssh.h
+++ b/ssh.h
@@ -1,5 +1,9 @@
 #include <string.h>
 
+#define SSH_CIPHER_IDEA                1
+#define SSH_CIPHER_3DES                3
+#define SSH_CIPHER_BLOWFISH    6
+
 struct RSAKey {
     int bits;
     int bytes;

diff --git a/win_res.h b/win_res.h
index b50da6c..a956cfa 100644 (file)
--- a/win_res.h
+++ b/win_res.h
@@ -96,6 +96,9 @@
 #define IDC3_EMRFC      1017
 
 #define IDC3_NOPTY      1018
+#define IDC3_CIPHERSTATIC 1019
+#define IDC3_CIPHER3DES        1020
+#define IDC3_CIPHERBLOWF 1021
 
 #define IDC4_MBSTATIC   1001
 #define IDC4_MBWINDOWS  1002

diff --git a/windlg.c b/windlg.c
index 757300d..a1e463e 100644 (file)
--- a/windlg.c
+++ b/windlg.c
@@ -5,8 +5,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "putty.h"
 #include "ssh.h"
+#include "putty.h"
 #include "win_res.h"
 
 #define NPANELS 7
@@ -149,6 +149,8 @@ static void save_settings (char *section, int do_host) {
     }
     wpps (sesskey, "UserName", cfg.username);
     wppi (sesskey, "NoPTY", cfg.nopty);
+    wpps (sesskey, "Cipher", cfg.cipher == CIPHER_BLOWFISH ? "blowfish" :
+                             "3des");
     wppi (sesskey, "RFCEnviron", cfg.rfc_environ);
     wppi (sesskey, "BackspaceIsDelete", cfg.bksp_is_delete);
     wppi (sesskey, "RXVTHomeEnd", cfg.rxvt_homeend);
@@ -224,6 +226,7 @@ static void load_settings (char *section, int do_host) {
     }
 
     free(p);
+    RegCloseKey(subkey1);
 
     if (do_host) {
        char prot[10];
@@ -264,6 +267,14 @@ static void load_settings (char *section, int do_host) {
     }
     gpps (sesskey, "UserName", "", cfg.username, sizeof(cfg.username));
     gppi (sesskey, "NoPTY", 0, &cfg.nopty);
+    {
+       char cipher[10];
+       gpps (sesskey, "Cipher", "3des", cipher, 10);
+       if (!strcmp(cipher, "blowfish"))
+           cfg.cipher = CIPHER_BLOWFISH;
+       else
+           cfg.cipher = CIPHER_3DES;
+    }
     gppi (sesskey, "RFCEnviron", 0, &cfg.rfc_environ);
     gppi (sesskey, "BackspaceIsDelete", 1, &cfg.bksp_is_delete);
     gppi (sesskey, "RXVTHomeEnd", 0, &cfg.rxvt_homeend);
@@ -865,6 +876,9 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg,
        SetDlgItemText (hwnd, IDC3_TTEDIT, cfg.termtype);
        SetDlgItemText (hwnd, IDC3_LOGEDIT, cfg.username);
        CheckDlgButton (hwnd, IDC3_NOPTY, cfg.nopty);
+       CheckRadioButton (hwnd, IDC3_CIPHER3DES, IDC3_CIPHERBLOWF,
+                         cfg.cipher == CIPHER_BLOWFISH ? IDC3_CIPHERBLOWF :
+                         IDC3_CIPHER3DES);
        break;
       case WM_COMMAND:
        switch (LOWORD(wParam)) {
@@ -883,6 +897,16 @@ static int CALLBACK SshProc (HWND hwnd, UINT msg,
                HIWORD(wParam) == BN_DOUBLECLICKED)
                cfg.nopty = IsDlgButtonChecked (hwnd, IDC3_NOPTY);
            break;
+         case IDC3_CIPHER3DES:
+         case IDC3_CIPHERBLOWF:
+           if (HIWORD(wParam) == BN_CLICKED ||
+               HIWORD(wParam) == BN_DOUBLECLICKED) {
+               if (IsDlgButtonChecked (hwnd, IDC3_CIPHER3DES))
+                   cfg.cipher = CIPHER_3DES;
+               else if (IsDlgButtonChecked (hwnd, IDC3_CIPHERBLOWF))
+                   cfg.cipher = CIPHER_BLOWFISH;
+           }
+           break;
        }
        break;
     }