X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshblowf.c;h=353116a6604fdc8334d774f4004999e934f9d321;hb=805ef41152db7309987981eb1ba4d914ab6eae6f;hp=0f00a77ba8c6d0ca168f3c237165674232f2c1dd;hpb=a33339b3f13c5c97f3b0abe990adaddf3c5fc04c;p=PuTTY.git

diff --git a/sshblowf.c b/sshblowf.c
index 0f00a77b..353116a6 100644
--- a/sshblowf.c
+++ b/sshblowf.c
@@ -7,15 +7,37 @@
 #include <assert.h>
 #include <stdio.h>
 #include "ssh.h"
+#include "sshblowf.h"
 
-typedef struct {
+struct BlowfishContext {
     word32 S0[256], S1[256], S2[256], S3[256], P[18];
     word32 iv0, iv1;		       /* for CBC mode */
-} BlowfishContext;
+};
 
 /*
  * The Blowfish init data: hex digits of the fractional part of pi.
  * (ie pi as a hex fraction is 3.243F6A8885A308D3...)
+ *
+ * If you have Simon Tatham's 'spigot' exact real calculator
+ * available, or any other method of generating 8336 fractional hex
+ * digits of pi on standard output, you can regenerate these tables
+ * exactly as below using the following Perl script (adjusting the
+ * first line or two if your pi-generator is not spigot).
+
+open my $spig, "spigot -n -B16 -d8336 pi |";
+read $spig, $ignore, 2; # throw away the leading "3."
+for my $name ("parray", "sbox0".."sbox3") {
+    print "static const word32 ${name}[] = {\n";
+    my $len = $name eq "parray" ? 18 : 256;
+    for my $i (1..$len) {
+        read $spig, $word, 8;
+        printf "%s0x%s,", ($i%6==1 ? "    " : " "), uc $word;
+        print "\n" if ($i == $len || $i%6 == 0);
+    }
+    print "};\n\n";
+}
+close $spig;
+
  */
 static const word32 parray[] = {
     0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
@@ -305,6 +327,24 @@ static void blowfish_lsb_encrypt_cbc(unsigned char *blk, int len,
     ctx->iv1 = iv1;
 }
 
+void blowfish_lsb_encrypt_ecb(unsigned char *blk, int len,
+                              BlowfishContext * ctx)
+{
+    word32 xL, xR, out[2];
+
+    assert((len & 7) == 0);
+
+    while (len > 0) {
+	xL = GET_32BIT_LSB_FIRST(blk);
+	xR = GET_32BIT_LSB_FIRST(blk + 4);
+	blowfish_encrypt(xL, xR, out, ctx);
+	PUT_32BIT_LSB_FIRST(blk, out[0]);
+	PUT_32BIT_LSB_FIRST(blk + 4, out[1]);
+	blk += 8;
+	len -= 8;
+    }
+}
+
 static void blowfish_lsb_decrypt_cbc(unsigned char *blk, int len,
 				     BlowfishContext * ctx)
 {
@@ -389,7 +429,6 @@ static void blowfish_msb_decrypt_cbc(unsigned char *blk, int len,
     ctx->iv1 = iv1;
 }
 
-#ifdef ENABLE_BLOWFISH_SSH2_CTR
 static void blowfish_msb_sdctr(unsigned char *blk, int len,
 				     BlowfishContext * ctx)
 {
@@ -415,10 +454,26 @@ static void blowfish_msb_sdctr(unsigned char *blk, int len,
     ctx->iv0 = iv0;
     ctx->iv1 = iv1;
 }
-#endif
 
-static void blowfish_setkey(BlowfishContext * ctx,
-			    const unsigned char *key, short keybytes)
+void blowfish_initkey(BlowfishContext *ctx)
+{
+    int i;
+
+    for (i = 0; i < 18; i++) {
+	ctx->P[i] = parray[i];
+    }
+
+    for (i = 0; i < 256; i++) {
+	ctx->S0[i] = sbox0[i];
+	ctx->S1[i] = sbox1[i];
+	ctx->S2[i] = sbox2[i];
+	ctx->S3[i] = sbox3[i];
+    }
+}
+
+void blowfish_expandkey(BlowfishContext * ctx,
+                        const unsigned char *key, short keybytes,
+                        const unsigned char *salt, short saltbytes)
 {
     word32 *S0 = ctx->S0;
     word32 *S1 = ctx->S1;
@@ -426,10 +481,18 @@ static void blowfish_setkey(BlowfishContext * ctx,
     word32 *S3 = ctx->S3;
     word32 *P = ctx->P;
     word32 str[2];
-    int i;
+    int i, j;
+    int saltpos;
+    unsigned char dummysalt[1];
+
+    saltpos = 0;
+    if (!salt) {
+        saltbytes = 1;
+        salt = dummysalt;
+        dummysalt[0] = 0;
+    }
 
     for (i = 0; i < 18; i++) {
-	P[i] = parray[i];
 	P[i] ^=
 	    ((word32) (unsigned char) (key[(i * 4 + 0) % keybytes])) << 24;
 	P[i] ^=
@@ -439,48 +502,59 @@ static void blowfish_setkey(BlowfishContext * ctx,
 	P[i] ^= ((word32) (unsigned char) (key[(i * 4 + 3) % keybytes]));
     }
 
-    for (i = 0; i < 256; i++) {
-	S0[i] = sbox0[i];
-	S1[i] = sbox1[i];
-	S2[i] = sbox2[i];
-	S3[i] = sbox3[i];
-    }
-
     str[0] = str[1] = 0;
 
     for (i = 0; i < 18; i += 2) {
+        for (j = 0; j < 8; j++)
+            str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
+
 	blowfish_encrypt(str[0], str[1], str, ctx);
 	P[i] = str[0];
 	P[i + 1] = str[1];
     }
 
     for (i = 0; i < 256; i += 2) {
+        for (j = 0; j < 8; j++)
+            str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
 	blowfish_encrypt(str[0], str[1], str, ctx);
 	S0[i] = str[0];
 	S0[i + 1] = str[1];
     }
     for (i = 0; i < 256; i += 2) {
+        for (j = 0; j < 8; j++)
+            str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
 	blowfish_encrypt(str[0], str[1], str, ctx);
 	S1[i] = str[0];
 	S1[i + 1] = str[1];
     }
     for (i = 0; i < 256; i += 2) {
+        for (j = 0; j < 8; j++)
+            str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
 	blowfish_encrypt(str[0], str[1], str, ctx);
 	S2[i] = str[0];
 	S2[i + 1] = str[1];
     }
     for (i = 0; i < 256; i += 2) {
+        for (j = 0; j < 8; j++)
+            str[j/4] ^= ((word32)salt[saltpos++ % saltbytes]) << (24-8*(j%4));
 	blowfish_encrypt(str[0], str[1], str, ctx);
 	S3[i] = str[0];
 	S3[i + 1] = str[1];
     }
 }
 
+static void blowfish_setkey(BlowfishContext *ctx,
+                            const unsigned char *key, short keybytes)
+{
+    blowfish_initkey(ctx);
+    blowfish_expandkey(ctx, key, keybytes, NULL, 0);
+}
+
 /* -- Interface with PuTTY -- */
 
 #define SSH_SESSION_KEY_LENGTH	32
 
-static void *blowfish_make_context(void)
+void *blowfish_make_context(void)
 {
     return snew(BlowfishContext);
 }
@@ -491,7 +565,7 @@ static void *blowfish_ssh1_make_context(void)
     return snewn(2, BlowfishContext);
 }
 
-static void blowfish_free_context(void *handle)
+void blowfish_free_context(void *handle)
 {
     sfree(handle);
 }
@@ -502,13 +576,11 @@ static void blowfish_key(void *handle, unsigned char *key)
     blowfish_setkey(ctx, key, 16);
 }
 
-#ifdef ENABLE_BLOWFISH_SSH2_CTR
 static void blowfish256_key(void *handle, unsigned char *key)
 {
     BlowfishContext *ctx = (BlowfishContext *)handle;
     blowfish_setkey(ctx, key, 32);
 }
-#endif
 
 static void blowfish_iv(void *handle, unsigned char *key)
 {
@@ -554,14 +626,12 @@ static void blowfish_ssh2_decrypt_blk(void *handle, unsigned char *blk,
     blowfish_msb_decrypt_cbc(blk, len, ctx);
 }
 
-#ifdef ENABLE_BLOWFISH_SSH2_CTR
 static void blowfish_ssh2_sdctr(void *handle, unsigned char *blk,
 				      int len)
 {
     BlowfishContext *ctx = (BlowfishContext *)handle;
     blowfish_msb_sdctr(blk, len, ctx);
 }
-#endif
 
 const struct ssh_cipher ssh_blowfish_ssh1 = {
     blowfish_ssh1_make_context, blowfish_free_context, blowfish_sesskey,
@@ -571,30 +641,22 @@ const struct ssh_cipher ssh_blowfish_ssh1 = {
 
 static const struct ssh2_cipher ssh_blowfish_ssh2 = {
     blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish_key,
-    blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk,
+    blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk, NULL, NULL,
     "blowfish-cbc",
-    8, 128, SSH_CIPHER_IS_CBC, "Blowfish-128 CBC"
+    8, 128, 16, SSH_CIPHER_IS_CBC, "Blowfish-128 CBC",
+    NULL
 };
 
-#ifdef ENABLE_BLOWFISH_SSH2_CTR
 static const struct ssh2_cipher ssh_blowfish_ssh2_ctr = {
     blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish256_key,
-    blowfish_ssh2_sdctr, blowfish_ssh2_sdctr,
+    blowfish_ssh2_sdctr, blowfish_ssh2_sdctr, NULL, NULL,
     "blowfish-ctr",
-    8, 256, 0, "Blowfish-256 SDCTR"
+    8, 256, 32, 0, "Blowfish-256 SDCTR",
+    NULL
 };
-#endif
 
-/*
- * "blowfish-ctr" is disabled because it hasn't had any interoperability
- * testing, which is in turn because I couldn't find another implementation
- * to test against.  Once it's been tested, it can be enabled in standard
- * builds.
- */
 static const struct ssh2_cipher *const blowfish_list[] = {
-#ifdef ENABLE_BLOWFISH_SSH2_CTR
     &ssh_blowfish_ssh2_ctr,
-#endif
     &ssh_blowfish_ssh2
 };