logevent("Initialised triple-DES client->server encryption");
}
+static void des_cskey(unsigned char *key)
+{
+ des_key_setup(GET_32BIT_MSB_FIRST(key),
+ GET_32BIT_MSB_FIRST(key + 4), &cskeys[0]);
+ logevent("Initialised single-DES client->server encryption");
+}
+
static void des3_csiv(unsigned char *key)
{
cskeys[0].eiv0 = GET_32BIT_MSB_FIRST(key);
logevent("Initialised triple-DES server->client encryption");
}
+static void des_sckey(unsigned char *key)
+{
+ des_key_setup(GET_32BIT_MSB_FIRST(key),
+ GET_32BIT_MSB_FIRST(key + 4), &sckeys[0]);
+ logevent("Initialised single-DES server->client encryption");
+}
+
static void des3_sesskey(unsigned char *key)
{
des3_cskey(key);
des_cbc3_decrypt(blk, blk, len, sckeys);
}
+static void des_ssh2_encrypt_blk(unsigned char *blk, int len)
+{
+ des_cbc_encrypt(blk, blk, len, cskeys);
+}
+
+static void des_ssh2_decrypt_blk(unsigned char *blk, int len)
+{
+ des_cbc_decrypt(blk, blk, len, sckeys);
+}
+
void des3_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
{
DESContext ourkeys[3];
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key + 4), &ourkeys[2]);
des_3cbc_decrypt(blk, blk, len, ourkeys);
+ memset(ourkeys, 0, sizeof(ourkeys));
}
void des3_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key + 4), &ourkeys[2]);
des_3cbc_encrypt(blk, blk, len, ourkeys);
+ memset(ourkeys, 0, sizeof(ourkeys));
+}
+
+void des3_decrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
+ unsigned char *blk, int len)
+{
+ DESContext ourkeys[3];
+ des_key_setup(GET_32BIT_MSB_FIRST(key),
+ GET_32BIT_MSB_FIRST(key + 4), &ourkeys[0]);
+ des_key_setup(GET_32BIT_MSB_FIRST(key + 8),
+ GET_32BIT_MSB_FIRST(key + 12), &ourkeys[1]);
+ des_key_setup(GET_32BIT_MSB_FIRST(key + 16),
+ GET_32BIT_MSB_FIRST(key + 20), &ourkeys[2]);
+ ourkeys[0].div0 = GET_32BIT_MSB_FIRST(iv);
+ ourkeys[0].div1 = GET_32BIT_MSB_FIRST(iv+4);
+ des_cbc3_decrypt(blk, blk, len, ourkeys);
+ memset(ourkeys, 0, sizeof(ourkeys));
+}
+
+void des3_encrypt_pubkey_ossh(unsigned char *key, unsigned char *iv,
+ unsigned char *blk, int len)
+{
+ DESContext ourkeys[3];
+ des_key_setup(GET_32BIT_MSB_FIRST(key),
+ GET_32BIT_MSB_FIRST(key + 4), &ourkeys[0]);
+ des_key_setup(GET_32BIT_MSB_FIRST(key + 8),
+ GET_32BIT_MSB_FIRST(key + 12), &ourkeys[1]);
+ des_key_setup(GET_32BIT_MSB_FIRST(key + 16),
+ GET_32BIT_MSB_FIRST(key + 20), &ourkeys[2]);
+ ourkeys[0].eiv0 = GET_32BIT_MSB_FIRST(iv);
+ ourkeys[0].eiv1 = GET_32BIT_MSB_FIRST(iv+4);
+ des_cbc3_encrypt(blk, blk, len, ourkeys);
+ memset(ourkeys, 0, sizeof(ourkeys));
}
static const struct ssh2_cipher ssh_3des_ssh2 = {
8, 168
};
+/*
+ * Single DES in ssh2. It isn't clear that "des-cbc" is an official
+ * cipher name, but ssh.com support it and apparently aren't the
+ * only people to do so, so we sigh and implement it anyway.
+ */
+static const struct ssh2_cipher ssh_des_ssh2 = {
+ des3_csiv, des_cskey, /* iv functions shared with 3des */
+ des3_sciv, des_sckey,
+ des_ssh2_encrypt_blk,
+ des_ssh2_decrypt_blk,
+ "des-cbc",
+ 8, 56
+};
+
static const struct ssh2_cipher *const des3_list[] = {
&ssh_3des_ssh2
};
des3_list
};
+static const struct ssh2_cipher *const des_list[] = {
+ &ssh_des_ssh2
+};
+
+const struct ssh2_ciphers ssh2_des = {
+ sizeof(des3_list) / sizeof(*des_list),
+ des_list
+};
+
const struct ssh_cipher ssh_3des = {
des3_sesskey,
des3_encrypt_blk,
static void des_sesskey(unsigned char *key)
{
- des_key_setup(GET_32BIT_MSB_FIRST(key),
- GET_32BIT_MSB_FIRST(key + 4), &cskeys[0]);
- logevent("Initialised single-DES encryption");
+ des_cskey(key);
+ des_sckey(key);
}
static void des_encrypt_blk(unsigned char *blk, int len)