-/* no encryption */
-void
-none_setkey(CipherContext *cc, const u_char *key, u_int keylen)
-{
-}
-void
-none_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
-{
-}
-void
-none_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
-{
- memcpy(dest, src, len);
-}
-
-/* DES */
-void
-des_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
-{
- static int dowarn = 1;
- if (dowarn) {
- error("Warning: use of DES is strongly discouraged "
- "due to cryptographic weaknesses");
- dowarn = 0;
- }
- des_set_key((void *)key, cc->u.des.key);
-}
-void
-des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
-{
- memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv));
-}
-void
-des_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
-{
- des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
- DES_ENCRYPT);
-}
-void
-des_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
-{
- des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
- DES_DECRYPT);
-}
-
-/* 3DES */
-void
-des3_setkey(CipherContext *cc, const u_char *key, u_int keylen)
-{
- des_set_key((void *) key, cc->u.des3.key1);
- des_set_key((void *) (key+8), cc->u.des3.key2);
- des_set_key((void *) (key+16), cc->u.des3.key3);
-}
-void
-des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
-{
- memset(cc->u.des3.iv2, 0, sizeof(cc->u.des3.iv2));
- memset(cc->u.des3.iv3, 0, sizeof(cc->u.des3.iv3));
- if (iv == NULL)
- return;
- memcpy(cc->u.des3.iv3, (char *)iv, 8);
-}
-void
-des3_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
-{
- des_ede3_cbc_encrypt(src, dest, len,
- cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
- &cc->u.des3.iv3, DES_ENCRYPT);
-}
-void
-des3_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
-{
- des_ede3_cbc_encrypt(src, dest, len,
- cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
- &cc->u.des3.iv3, DES_DECRYPT);
-}
-
-/*
- * This is used by SSH1:
- *
- * What kind of triple DES are these 2 routines?
- *
- * Why is there a redundant initialization vector?
- *
- * If only iv3 was used, then, this would till effect have been
- * outer-cbc. However, there is also a private iv1 == iv2 which
- * perhaps makes differential analysis easier. On the other hand, the
- * private iv1 probably makes the CRC-32 attack ineffective. This is a
- * result of that there is no longer any known iv1 to use when
- * choosing the X block.
- */
-void
-des3_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
-{
- des_set_key((void *) key, cc->u.des3.key1);
- des_set_key((void *) (key+8), cc->u.des3.key2);
- if (keylen <= 16)
- des_set_key((void *) key, cc->u.des3.key3);
- else
- des_set_key((void *) (key+16), cc->u.des3.key3);
-}
-void
-des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
-{
- des_cblock iv1;
- des_cblock *iv2 = &cc->u.des3.iv2;
- des_cblock *iv3 = &cc->u.des3.iv3;
-
- memcpy(&iv1, iv2, 8);
-
- des_cbc_encrypt(src, dest, len, cc->u.des3.key1, &iv1, DES_ENCRYPT);
- memcpy(&iv1, dest + len - 8, 8);
-
- des_cbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_DECRYPT);
- memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */
-
- des_cbc_encrypt(dest, dest, len, cc->u.des3.key3, iv3, DES_ENCRYPT);
- memcpy(iv3, dest + len - 8, 8);
-}
-void
-des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
-{
- des_cblock iv1;
- des_cblock *iv2 = &cc->u.des3.iv2;
- des_cblock *iv3 = &cc->u.des3.iv3;
-
- memcpy(&iv1, iv2, 8);
-
- des_cbc_encrypt(src, dest, len, cc->u.des3.key3, iv3, DES_DECRYPT);
- memcpy(iv3, src + len - 8, 8);
-
- des_cbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_ENCRYPT);
- memcpy(iv2, dest + len - 8, 8);
-
- des_cbc_encrypt(dest, dest, len, cc->u.des3.key1, &iv1, DES_DECRYPT);
- /* memcpy(&iv1, iv2, 8); */
- /* Note how iv1 == iv2 on entry and exit. */
-}
-
-/* Blowfish */
-void
-blowfish_setkey(CipherContext *cc, const u_char *key, u_int keylen)
-{
- BF_set_key(&cc->u.bf.key, keylen, (unsigned char *)key);
-}
-void
-blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
-{
- if (iv == NULL)
- memset(cc->u.bf.iv, 0, 8);
- else
- memcpy(cc->u.bf.iv, (char *)iv, 8);
-}
-void
-blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
-{
- BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
- BF_ENCRYPT);
-}
-void
-blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
-{
- BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
- BF_DECRYPT);
-}
-
-/*
- * SSH1 uses a variation on Blowfish, all bytes must be swapped before
- * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
- */
-static void
-swap_bytes(const unsigned char *src, unsigned char *dst_, int n)
-{
- /* dst must be properly aligned. */
- u_int32_t *dst = (u_int32_t *) dst_;
- union {
- u_int32_t i;
- char c[4];
- } t;
-
- /* Process 8 bytes every lap. */
- for (n = n / 8; n > 0; n--) {
- t.c[3] = *src++;
- t.c[2] = *src++;
- t.c[1] = *src++;
- t.c[0] = *src++;
- *dst++ = t.i;
-
- t.c[3] = *src++;
- t.c[2] = *src++;
- t.c[1] = *src++;
- t.c[0] = *src++;
- *dst++ = t.i;
- }
-}
-
-void
-blowfish_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
-{
- swap_bytes(src, dest, len);
- BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
- BF_ENCRYPT);
- swap_bytes(dest, dest, len);
-}
-void
-blowfish_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
-{
- swap_bytes(src, dest, len);
- BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
- BF_DECRYPT);
- swap_bytes(dest, dest, len);
-}