2 * Arcfour (RC4) implementation for PuTTY.
\r
4 * Coded from Schneier.
\r
11 unsigned char i, j, s[256];
\r
14 static void arcfour_block(void *handle, unsigned char *blk, int len)
\r
16 ArcfourContext *ctx = (ArcfourContext *)handle;
\r
18 unsigned char tmp, i, j, *s;
\r
21 i = ctx->i; j = ctx->j;
\r
22 for (k = 0; (int)k < len; k++) {
\r
24 j = (j + s[i]) & 0xff;
\r
25 tmp = s[i]; s[i] = s[j]; s[j] = tmp;
\r
26 blk[k] ^= s[(s[i]+s[j]) & 0xff];
\r
28 ctx->i = i; ctx->j = j;
\r
31 static void arcfour_setkey(ArcfourContext *ctx, unsigned char const *key,
\r
34 unsigned char tmp, k[256], *s;
\r
38 assert(keybytes <= 256);
\r
39 ctx->i = ctx->j = 0;
\r
40 for (i = 0; i < 256; i++) {
\r
42 k[i] = key[i % keybytes];
\r
45 for (i = 0; i < 256; i++) {
\r
46 j = (j + s[i] + k[i]) & 0xff;
\r
47 tmp = s[i]; s[i] = s[j]; s[j] = tmp;
\r
51 /* -- Interface with PuTTY -- */
\r
54 * We don't implement Arcfour in SSH-1 because it's utterly insecure in
\r
55 * several ways. See CERT Vulnerability Notes VU#25309, VU#665372,
\r
58 * We don't implement the "arcfour" algorithm in SSH-2 because it doesn't
\r
59 * stir the cipher state before emitting keystream, and hence is likely
\r
60 * to leak data about the key.
\r
63 static void *arcfour_make_context(void)
\r
65 return snew(ArcfourContext);
\r
68 static void arcfour_free_context(void *handle)
\r
73 static void arcfour_stir(ArcfourContext *ctx)
\r
75 unsigned char *junk = snewn(1536, unsigned char);
\r
76 memset(junk, 0, 1536);
\r
77 arcfour_block(ctx, junk, 1536);
\r
78 smemclr(junk, 1536);
\r
82 static void arcfour128_key(void *handle, unsigned char *key)
\r
84 ArcfourContext *ctx = (ArcfourContext *)handle;
\r
85 arcfour_setkey(ctx, key, 16);
\r
89 static void arcfour256_key(void *handle, unsigned char *key)
\r
91 ArcfourContext *ctx = (ArcfourContext *)handle;
\r
92 arcfour_setkey(ctx, key, 32);
\r
96 static void arcfour_iv(void *handle, unsigned char *key)
\r
101 const struct ssh2_cipher ssh_arcfour128_ssh2 = {
\r
102 arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour128_key,
\r
103 arcfour_block, arcfour_block,
\r
105 1, 128, 0, "Arcfour-128"
\r
108 const struct ssh2_cipher ssh_arcfour256_ssh2 = {
\r
109 arcfour_make_context, arcfour_free_context, arcfour_iv, arcfour256_key,
\r
110 arcfour_block, arcfour_block,
\r
112 1, 256, 0, "Arcfour-256"
\r
115 static const struct ssh2_cipher *const arcfour_list[] = {
\r
116 &ssh_arcfour256_ssh2,
\r
117 &ssh_arcfour128_ssh2,
\r
120 const struct ssh2_ciphers ssh2_arcfour = {
\r
121 sizeof(arcfour_list) / sizeof(*arcfour_list),
\r