sshd: DES in SSH1 ?

Sunil K. Vallamkonda sunil at redback.com
Wed Jan 10 06:12:51 EST 2001 

I figure you were referring to:
cipher_mask1() in cipher.c .

I find that more functions need to 
be changed to add DES/sshd/SSH1 support. 
Please let me know if
below looks okay and if I missed any others.

1) I see that cipher_set_key(..) 
may need to be changed to have case for
DES as:
--------
        case SSH_CIPHER_DES:
        case SSH_CIPHER_3DES:
                /*
                 * Note: the least significant bit of each byte of key is
                 * parity, and must be ignored by the implementation.  16
                 * bytes of key are used (first and last keys are the
same).
                 */
                if (keylen < 16)
                        error("Key length %d is insufficient for 3DES.",
keylen)
;
                des_set_key((void *) padded, context->u.des3.key1);
-------

Is above okay - same key len etc. for DES as 3DES ?


2) In cipher_set_key_iv(..)  - cipher.c:
--------
        case SSH_CIPHER_DES:
        case SSH_CIPHER_3DES:
        case SSH_CIPHER_BLOWFISH:
                fatal("cipher_set_key_iv: illegal cipher: %s",
cipher_name(ciphe
r));
                break;
-------

3) In cipher_encrypt(..) and cipher_decrypt(..) - cipher.c:
   what is the routine/macros to encrypt/decrypt using DES ?

4) In SSH_3CBC_DECRYPT(..) in cipher.c:
   If I modify as:

--
SSH_3CBC_ENCRYPT(...) function definition and

SSH_3CBC_DECRYPT(des_key_schedule ks1,
                 des_key_schedule ks2, des_cblock * iv2,
                 des_key_schedule ks3, des_cblock * iv3,
                 unsigned char *dest, unsigned char *src,
                 unsigned int len)
{                                                                            
        des_cblock iv1;

        memcpy(&iv1, iv2, 8);
                   // for decrypt
        des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
                   // OR  - for encrypt
        des_cbc_encrypt(src, dest, len, ks3, iv3, DES_ENCRYPT);

        memcpy(iv3, src + len - 8, 8);                                      
}
--

Would this suffice for DES encrypt and decrypt - sshd/SSH1 ?


Does openSSH archive have an older version of cipher.c which has
DES support for SSH1 - that I could retrieve and use as example ?


Thank you.


On Tue, 9 Jan 2001, Markus Friedl wrote:

> change the definition of cipher_mask_ssh1(), but it's not
> recommended.
> 
> On Mon, Jan 08, 2001 at 06:13:12PM -0800, Sunil K. Vallamkonda wrote:
> > 
> > I see that commercial SSH version it is possible to
> > run sshd in SSH1 using DES (i.e, accepting SSH-DES clients).
> > I understand from Damien Miller that
> > Cisco routers also run in only SSH1 DES mode.
> > 
> > Is it possible in openSSH to configure sshd (compile-time/runtime)
> > to run sshd in SSH1 or SSH2 mode and accept SSH1 or SSH2 DES clients ?
> > [I would like to be able to run sshd in SSH1/DES mode ]
> > 
> > 
> > Is there a patch or another version that I can use (to be able to
> > run openSSH sshd to accept SSH-DES clients in SSH1 ?  If not any pointers/
> > suggestions to code changes that I should be make to achieve above ?
> > 
> > Thank you.
> > 
> > 
> > 
> > 
>

More information about the openssh-unix-dev mailing list