#include <assert.h>
#include <stdio.h>
#include "ssh.h"
+#include "sshblowf.h"
-typedef struct {
+struct BlowfishContext {
word32 S0[256], S1[256], S2[256], S3[256], P[18];
word32 iv0, iv1; /* for CBC mode */
-} BlowfishContext;
-
-#define GET_32BIT_LSB_FIRST(cp) \
- (((unsigned long)(unsigned char)(cp)[0]) | \
- ((unsigned long)(unsigned char)(cp)[1] << 8) | \
- ((unsigned long)(unsigned char)(cp)[2] << 16) | \
- ((unsigned long)(unsigned char)(cp)[3] << 24))
-
-#define PUT_32BIT_LSB_FIRST(cp, value) do { \
- (cp)[0] = (value); \
- (cp)[1] = (value) >> 8; \
- (cp)[2] = (value) >> 16; \
- (cp)[3] = (value) >> 24; } while (0)
-
-#define GET_32BIT_MSB_FIRST(cp) \
- (((unsigned long)(unsigned char)(cp)[0] << 24) | \
- ((unsigned long)(unsigned char)(cp)[1] << 16) | \
- ((unsigned long)(unsigned char)(cp)[2] << 8) | \
- ((unsigned long)(unsigned char)(cp)[3]))
-
-#define PUT_32BIT_MSB_FIRST(cp, value) do { \
- (cp)[0] = (value) >> 24; \
- (cp)[1] = (value) >> 16; \
- (cp)[2] = (value) >> 8; \
- (cp)[3] = (value); } while (0)
+};
/*
* The Blowfish init data: hex digits of the fractional part of pi.
* (ie pi as a hex fraction is 3.243F6A8885A308D3...)
+ *
+ * If you have Simon Tatham's 'spigot' exact real calculator
+ * available, or any other method of generating 8336 fractional hex
+ * digits of pi on standard output, you can regenerate these tables
+ * exactly as below using the following Perl script (adjusting the
+ * first line or two if your pi-generator is not spigot).
+
+open my $spig, "spigot -n -B16 -d8336 pi |";
+read $spig, $ignore, 2; # throw away the leading "3."
+for my $name ("parray", "sbox0".."sbox3") {
+ print "static const word32 ${name}[] = {\n";
+ my $len = $name eq "parray" ? 18 : 256;
+ for my $i (1..$len) {
+ read $spig, $word, 8;
+ printf "%s0x%s,", ($i%6==1 ? " " : " "), uc $word;
+ print "\n" if ($i == $len || $i%6 == 0);
+ }
+ print "};\n\n";
+}
+close $spig;
+
*/
static const word32 parray[] = {
0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
ctx->iv1 = iv1;
}
+void blowfish_lsb_encrypt_ecb(unsigned char *blk, int len,
+ BlowfishContext * ctx)
+{
+ word32 xL, xR, out[2];
+
+ assert((len & 7) == 0);
+
+ while (len > 0) {
+ xL = GET_32BIT_LSB_FIRST(blk);
+ xR = GET_32BIT_LSB_FIRST(blk + 4);
+ blowfish_encrypt(xL, xR, out, ctx);
+ PUT_32BIT_LSB_FIRST(blk, out[0]);
+ PUT_32BIT_LSB_FIRST(blk + 4, out[1]);
+ blk += 8;
+ len -= 8;
+ }
+}
+
static void blowfish_lsb_decrypt_cbc(unsigned char *blk, int len,
BlowfishContext * ctx)
{
ctx->iv1 = iv1;
}
-static void blowfish_setkey(BlowfishContext * ctx,
- const unsigned char *key, short keybytes)
+static void blowfish_msb_sdctr(unsigned char *blk, int len,
+ BlowfishContext * ctx)
+{
+ word32 b[2], iv0, iv1, tmp;
+
+ assert((len & 7) == 0);
+
+ iv0 = ctx->iv0;
+ iv1 = ctx->iv1;
+
+ while (len > 0) {
+ blowfish_encrypt(iv0, iv1, b, ctx);
+ tmp = GET_32BIT_MSB_FIRST(blk);
+ PUT_32BIT_MSB_FIRST(blk, tmp ^ b[0]);
+ tmp = GET_32BIT_MSB_FIRST(blk + 4);
+ PUT_32BIT_MSB_FIRST(blk + 4, tmp ^ b[1]);
+ if ((iv1 = (iv1 + 1) & 0xffffffff) == 0)
+ iv0 = (iv0 + 1) & 0xffffffff;
+ blk += 8;
+ len -= 8;
+ }
+
+ ctx->iv0 = iv0;
+ ctx->iv1 = iv1;
+}
+
+void blowfish_initkey(BlowfishContext *ctx)
+{
+ int i;
+
+ for (i = 0; i < 18; i++) {
+ ctx->P[i] = parray[i];
+ }
+
+ for (i = 0; i < 256; i++) {
+ ctx->S0[i] = sbox0[i];
+ ctx->S1[i] = sbox1[i];
+ ctx->S2[i] = sbox2[i];
+ ctx->S3[i] = sbox3[i];
+ }
+}
+
+void blowfish_expandkey(BlowfishContext * ctx,
+ const unsigned char *key, short keybytes,
+ const unsigned char *salt, short saltbytes)
{
word32 *S0 = ctx->S0;
word32 *S1 = ctx->S1;
word32 *S3 = ctx->S3;
word32 *P = ctx->P;
word32 str[2];
- int i;
+ int i, j;
+ int saltpos;
+ unsigned char dummysalt[1];
+
+ saltpos = 0;
+ if (!salt) {
+ saltbytes = 1;
+ salt = dummysalt;
+ dummysalt[0] = 0;
+ }
for (i = 0; i < 18; i++) {
- P[i] = parray[i];
P[i] ^=
((word32) (unsigned char) (key[(i * 4 + 0) % keybytes])) << 24;
P[i] ^=
P[i] ^= ((word32) (unsigned char) (key[(i * 4 + 3) % keybytes]));
}
- for (i = 0; i < 256; i++) {
- S0[i] = sbox0[i];
- S1[i] = sbox1[i];
- S2[i] = sbox2[i];
- S3[i] = sbox3[i];
- }
-
str[0] = str[1] = 0;
for (i = 0; i < 18; i += 2) {
+ for (j = 0; j < 8; j++)
+ str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
+
blowfish_encrypt(str[0], str[1], str, ctx);
P[i] = str[0];
P[i + 1] = str[1];
}
for (i = 0; i < 256; i += 2) {
+ for (j = 0; j < 8; j++)
+ str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
blowfish_encrypt(str[0], str[1], str, ctx);
S0[i] = str[0];
S0[i + 1] = str[1];
}
for (i = 0; i < 256; i += 2) {
+ for (j = 0; j < 8; j++)
+ str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
blowfish_encrypt(str[0], str[1], str, ctx);
S1[i] = str[0];
S1[i + 1] = str[1];
}
for (i = 0; i < 256; i += 2) {
+ for (j = 0; j < 8; j++)
+ str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
blowfish_encrypt(str[0], str[1], str, ctx);
S2[i] = str[0];
S2[i + 1] = str[1];
}
for (i = 0; i < 256; i += 2) {
+ for (j = 0; j < 8; j++)
+ str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
blowfish_encrypt(str[0], str[1], str, ctx);
S3[i] = str[0];
S3[i + 1] = str[1];
}
}
+static void blowfish_setkey(BlowfishContext *ctx,
+ const unsigned char *key, short keybytes)
+{
+ blowfish_initkey(ctx);
+ blowfish_expandkey(ctx, key, keybytes, NULL, 0);
+}
+
/* -- Interface with PuTTY -- */
#define SSH_SESSION_KEY_LENGTH 32
-static void *blowfish_make_context(void)
+void *blowfish_make_context(void)
{
return snew(BlowfishContext);
}
static void *blowfish_ssh1_make_context(void)
{
- /* In SSH1, need one key for each direction */
+ /* In SSH-1, need one key for each direction */
return snewn(2, BlowfishContext);
}
-static void blowfish_free_context(void *handle)
+void blowfish_free_context(void *handle)
{
sfree(handle);
}
blowfish_setkey(ctx, key, 16);
}
+static void blowfish256_key(void *handle, unsigned char *key)
+{
+ BlowfishContext *ctx = (BlowfishContext *)handle;
+ blowfish_setkey(ctx, key, 32);
+}
+
static void blowfish_iv(void *handle, unsigned char *key)
{
BlowfishContext *ctx = (BlowfishContext *)handle;
blowfish_msb_decrypt_cbc(blk, len, ctx);
}
+static void blowfish_ssh2_sdctr(void *handle, unsigned char *blk,
+ int len)
+{
+ BlowfishContext *ctx = (BlowfishContext *)handle;
+ blowfish_msb_sdctr(blk, len, ctx);
+}
+
const struct ssh_cipher ssh_blowfish_ssh1 = {
blowfish_ssh1_make_context, blowfish_free_context, blowfish_sesskey,
blowfish_ssh1_encrypt_blk, blowfish_ssh1_decrypt_blk,
- 8, "Blowfish"
+ 8, "Blowfish-128 CBC"
};
static const struct ssh2_cipher ssh_blowfish_ssh2 = {
blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish_key,
- blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk,
+ blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk, NULL, NULL,
"blowfish-cbc",
- 8, 128, "Blowfish"
+ 8, 128, 16, SSH_CIPHER_IS_CBC, "Blowfish-128 CBC",
+ NULL
+};
+
+static const struct ssh2_cipher ssh_blowfish_ssh2_ctr = {
+ blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish256_key,
+ blowfish_ssh2_sdctr, blowfish_ssh2_sdctr, NULL, NULL,
+ "blowfish-ctr",
+ 8, 256, 32, 0, "Blowfish-256 SDCTR",
+ NULL
};
static const struct ssh2_cipher *const blowfish_list[] = {
+ &ssh_blowfish_ssh2_ctr,
&ssh_blowfish_ssh2
};