1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00

Add single-DES support in SSH2

[originally from svn r1396]
This commit is contained in:
Simon Tatham 2001-11-21 23:06:10 +00:00
parent cf2085eeaf
commit b49fde9410
3 changed files with 54 additions and 8 deletions

9
ssh.c
View File

@ -236,15 +236,13 @@ extern void pfd_override_throttle(Socket s, int enable);
#define OUR_V2_WINSIZE 16384
/*
* Ciphers for SSH2. We miss out single-DES because it isn't
* supported; also 3DES and Blowfish are both done differently from
* SSH1. (3DES uses outer chaining; Blowfish has the opposite
* endianness and different-sized keys.)
* Ciphers for SSH2.
*/
const static struct ssh2_ciphers *ciphers[] = {
&ssh2_aes,
&ssh2_blowfish,
&ssh2_3des,
&ssh2_des,
};
const static struct ssh_kex *kex_algs[] = {
@ -3172,7 +3170,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
n_preferred_ciphers++;
break;
case CIPHER_DES:
/* Not supported in SSH2; silently drop */
preferred_ciphers[n_preferred_ciphers] = &ssh2_des;
n_preferred_ciphers++;
break;
case CIPHER_3DES:
preferred_ciphers[n_preferred_ciphers] = &ssh2_3des;

1
ssh.h
View File

@ -200,6 +200,7 @@ extern const struct ssh_cipher ssh_3des;
extern const struct ssh_cipher ssh_des;
extern const struct ssh_cipher ssh_blowfish_ssh1;
extern const struct ssh2_ciphers ssh2_3des;
extern const struct ssh2_ciphers ssh2_des;
extern const struct ssh2_ciphers ssh2_aes;
extern const struct ssh2_ciphers ssh2_blowfish;
extern const struct ssh_kex ssh_diffiehellman;

View File

@ -757,6 +757,13 @@ static void des3_cskey(unsigned char *key)
logevent("Initialised triple-DES client->server encryption");
}
static void des_cskey(unsigned char *key)
{
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key + 4), &cskeys[0]);
logevent("Initialised single-DES client->server encryption");
}
static void des3_csiv(unsigned char *key)
{
cskeys[0].eiv0 = GET_32BIT_MSB_FIRST(key);
@ -780,6 +787,13 @@ static void des3_sckey(unsigned char *key)
logevent("Initialised triple-DES server->client encryption");
}
static void des_sckey(unsigned char *key)
{
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key + 4), &sckeys[0]);
logevent("Initialised single-DES server->client encryption");
}
static void des3_sesskey(unsigned char *key)
{
des3_cskey(key);
@ -806,6 +820,16 @@ static void des3_ssh2_decrypt_blk(unsigned char *blk, int len)
des_cbc3_decrypt(blk, blk, len, sckeys);
}
static void des_ssh2_encrypt_blk(unsigned char *blk, int len)
{
des_cbc_encrypt(blk, blk, len, cskeys);
}
static void des_ssh2_decrypt_blk(unsigned char *blk, int len)
{
des_cbc_decrypt(blk, blk, len, sckeys);
}
void des3_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
{
DESContext ourkeys[3];
@ -839,6 +863,20 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
8, 168
};
/*
* Single DES in ssh2. It isn't clear that "des-cbc" is an official
* cipher name, but ssh.com support it and apparently aren't the
* only people to do so, so we sigh and implement it anyway.
*/
static const struct ssh2_cipher ssh_des_ssh2 = {
des3_csiv, des_cskey, /* iv functions shared with 3des */
des3_sciv, des_sckey,
des_ssh2_encrypt_blk,
des_ssh2_decrypt_blk,
"des-cbc",
8, 56
};
static const struct ssh2_cipher *const des3_list[] = {
&ssh_3des_ssh2
};
@ -848,6 +886,15 @@ const struct ssh2_ciphers ssh2_3des = {
des3_list
};
static const struct ssh2_cipher *const des_list[] = {
&ssh_des_ssh2
};
const struct ssh2_ciphers ssh2_des = {
sizeof(des3_list) / sizeof(*des_list),
des_list
};
const struct ssh_cipher ssh_3des = {
des3_sesskey,
des3_encrypt_blk,
@ -857,9 +904,8 @@ const struct ssh_cipher ssh_3des = {
static void des_sesskey(unsigned char *key)
{
des_key_setup(GET_32BIT_MSB_FIRST(key),
GET_32BIT_MSB_FIRST(key + 4), &cskeys[0]);
logevent("Initialised single-DES encryption");
des_cskey(key);
des_sckey(key);
}
static void des_encrypt_blk(unsigned char *blk, int len)