Add ssh2 support for aes-ctr cipher (sizes 128, 192, 256) for interoperability
with more modern hosts which are configured to remove aes-cbc mode.

This patch depends on patch aes-ctr which corrects a flaw in the libsec.a
implementation of aes-ctr.

Reference: /n/sources/patch/ssh2-aes-ctr
Date: Mon Apr  9 15:42:11 CES 2018
Signed-off-by: miller@hamnavoe.com

--- /sys/src/cmd/ssh2/netssh.h	Mon Apr  9 15:36:31 2018
+++ /sys/src/cmd/ssh2/netssh.h	Mon Apr  9 15:36:28 2018
@@ -318,6 +318,7 @@
 };
 
 extern Cipher cipheraes128, cipheraes192, cipheraes256;
+extern Cipher cipheraes128ctr, cipheraes192ctr, cipheraes256ctr;
 extern Cipher cipherblowfish, cipher3des, cipherrc4;
 extern int debug;
 extern int sshkeychan[];
--- /sys/src/cmd/ssh2/netssh.c	Mon Apr  9 15:36:41 2018
+++ /sys/src/cmd/ssh2/netssh.c	Mon Apr  9 15:36:34 2018
@@ -35,6 +35,9 @@
 	&cipheraes128,
 	&cipheraes192,
 	&cipheraes256,
+	&cipheraes128ctr,
+	&cipheraes192ctr,
+	&cipheraes256ctr,
 //	&cipherblowfish,
 	&cipher3des,
 	&cipherrc4,
--- /sys/src/cmd/ssh2/cipheraes.c	Mon Apr  9 15:36:44 2018
+++ /sys/src/cmd/ssh2/cipheraes.c	Mon Apr  9 15:36:42 2018
@@ -57,6 +57,16 @@
 }
 
 static void
+encryptaesctr(CipherState *cs, uchar *buf, int nbuf)
+{
+	if(cs->state.setup != 0xcafebabe || cs->state.rounds > AESmaxrounds)
+		return;
+	qlock(&aeslock);
+	aesCTRencrypt(buf, nbuf, &cs->state);
+	qunlock(&aeslock);
+}
+
+static void
 decryptaes(CipherState *cs, uchar *buf, int nbuf)
 {
 	if(cs->state.setup != 0xcafebabe || cs->state.rounds > AESmaxrounds)
@@ -66,6 +76,16 @@
 	qunlock(&aeslock);
 }
 
+static void
+decryptaesctr(CipherState *cs, uchar *buf, int nbuf)
+{
+	if(cs->state.setup != 0xcafebabe || cs->state.rounds > AESmaxrounds)
+		return;
+	qlock(&aeslock);
+	aesCTRdecrypt(buf, nbuf, &cs->state);
+	qunlock(&aeslock);
+}
+
 Cipher cipheraes128 = {
 	"aes128-cbc",
 	AESbsize,
@@ -74,6 +94,14 @@
 	decryptaes,
 };
 
+Cipher cipheraes128ctr = {
+	"aes128-ctr",
+	AESbsize,
+	initaes128,
+	encryptaesctr,
+	decryptaesctr,
+};
+
 Cipher cipheraes192 = {
 	"aes192-cbc",
 	AESbsize,
@@ -82,10 +110,26 @@
 	decryptaes,
 };
 
+Cipher cipheraes192ctr = {
+	"aes192-ctr",
+	AESbsize,
+	initaes192,
+	encryptaesctr,
+	decryptaesctr,
+};
+
 Cipher cipheraes256 = {
 	"aes256-cbc",
 	AESbsize,
 	initaes256,
 	encryptaes,
 	decryptaes,
+};
+
+Cipher cipheraes256ctr = {
+	"aes256-ctr",
+	AESbsize,
+	initaes256,
+	encryptaesctr,
+	decryptaesctr,
 };