Add single-DES support in SSH2

[originally from svn r1396]

ssh.c

@@ -236,15 +236,13 @@ extern void pfd_override_throttle(Socket s, int enable);
 #define OUR_V2_WINSIZE 16384
 
 /*
- * Ciphers for SSH2. We miss out single-DES because it isn't
+ * Ciphers for SSH2.
- * supported; also 3DES and Blowfish are both done differently from
- * SSH1. (3DES uses outer chaining; Blowfish has the opposite
- * endianness and different-sized keys.)
  */
 const static struct ssh2_ciphers *ciphers[] = {
     &ssh2_aes,
     &ssh2_blowfish,
     &ssh2_3des,
+    &ssh2_des,
 };
 
 const static struct ssh_kex *kex_algs[] = {
@@ -3172,7 +3170,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    n_preferred_ciphers++;
 	    break;
 	  case CIPHER_DES:
-	    /* Not supported in SSH2; silently drop */
+	    preferred_ciphers[n_preferred_ciphers] = &ssh2_des;
+	    n_preferred_ciphers++;
 	    break;
 	  case CIPHER_3DES:
 	    preferred_ciphers[n_preferred_ciphers] = &ssh2_3des;

ssh.h

@@ -200,6 +200,7 @@ extern const struct ssh_cipher ssh_3des;
 extern const struct ssh_cipher ssh_des;
 extern const struct ssh_cipher ssh_blowfish_ssh1;
 extern const struct ssh2_ciphers ssh2_3des;
+extern const struct ssh2_ciphers ssh2_des;
 extern const struct ssh2_ciphers ssh2_aes;
 extern const struct ssh2_ciphers ssh2_blowfish;
 extern const struct ssh_kex ssh_diffiehellman;

sshdes.c

@@ -757,6 +757,13 @@ static void des3_cskey(unsigned char *key)
     logevent("Initialised triple-DES client->server encryption");
 }
 
+static void des_cskey(unsigned char *key)
+{
+    des_key_setup(GET_32BIT_MSB_FIRST(key),
+		  GET_32BIT_MSB_FIRST(key + 4), &cskeys[0]);
+    logevent("Initialised single-DES client->server encryption");
+}
+
 static void des3_csiv(unsigned char *key)
 {
     cskeys[0].eiv0 = GET_32BIT_MSB_FIRST(key);
@@ -780,6 +787,13 @@ static void des3_sckey(unsigned char *key)
     logevent("Initialised triple-DES server->client encryption");
 }
 
+static void des_sckey(unsigned char *key)
+{
+    des_key_setup(GET_32BIT_MSB_FIRST(key),
+		  GET_32BIT_MSB_FIRST(key + 4), &sckeys[0]);
+    logevent("Initialised single-DES server->client encryption");
+}
+
 static void des3_sesskey(unsigned char *key)
 {
     des3_cskey(key);
@@ -806,6 +820,16 @@ static void des3_ssh2_decrypt_blk(unsigned char *blk, int len)
     des_cbc3_decrypt(blk, blk, len, sckeys);
 }
 
+static void des_ssh2_encrypt_blk(unsigned char *blk, int len)
+{
+    des_cbc_encrypt(blk, blk, len, cskeys);
+}
+
+static void des_ssh2_decrypt_blk(unsigned char *blk, int len)
+{
+    des_cbc_decrypt(blk, blk, len, sckeys);
+}
+
 void des3_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
 {
     DESContext ourkeys[3];
@@ -839,6 +863,20 @@ static const struct ssh2_cipher ssh_3des_ssh2 = {
     8, 168
 };
 
+/*
+ * Single DES in ssh2. It isn't clear that "des-cbc" is an official
+ * cipher name, but ssh.com support it and apparently aren't the
+ * only people to do so, so we sigh and implement it anyway.
+ */
+static const struct ssh2_cipher ssh_des_ssh2 = {
+    des3_csiv, des_cskey,	       /* iv functions shared with 3des */
+    des3_sciv, des_sckey,
+    des_ssh2_encrypt_blk,
+    des_ssh2_decrypt_blk,
+    "des-cbc",
+    8, 56
+};
+
 static const struct ssh2_cipher *const des3_list[] = {
     &ssh_3des_ssh2
 };
@@ -848,6 +886,15 @@ const struct ssh2_ciphers ssh2_3des = {
     des3_list
 };
 
+static const struct ssh2_cipher *const des_list[] = {
+    &ssh_des_ssh2
+};
+
+const struct ssh2_ciphers ssh2_des = {
+    sizeof(des3_list) / sizeof(*des_list),
+    des_list
+};
+
 const struct ssh_cipher ssh_3des = {
     des3_sesskey,
     des3_encrypt_blk,
@@ -857,9 +904,8 @@ const struct ssh_cipher ssh_3des = {
 
 static void des_sesskey(unsigned char *key)
 {
-    des_key_setup(GET_32BIT_MSB_FIRST(key),
+    des_cskey(key);
-		  GET_32BIT_MSB_FIRST(key + 4), &cskeys[0]);
+    des_sckey(key);
-    logevent("Initialised single-DES encryption");
 }
 
 static void des_encrypt_blk(unsigned char *blk, int len)