mirror of
https://github.com/clearml/dropbear
synced 2025-05-03 19:51:24 +00:00
- Fix various hardcoded uses of SHA1
- rename curves to nistp256 etc - fix svr-auth.c TRACE problem --HG-- branch : ecc
This commit is contained in:
parent
c6bdc810ab
commit
c797c1750c
7
bignum.c
7
bignum.c
@ -60,7 +60,8 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
|
||||
}
|
||||
|
||||
/* hash the ssh representation of the mp_int mp */
|
||||
void sha1_process_mp(hash_state *hs, mp_int *mp) {
|
||||
void hash_process_mp(const struct ltc_hash_descriptor *hash_desc,
|
||||
hash_state *hs, mp_int *mp) {
|
||||
|
||||
int i;
|
||||
buffer * buf;
|
||||
@ -68,8 +69,6 @@ void sha1_process_mp(hash_state *hs, mp_int *mp) {
|
||||
buf = buf_new(512 + 20); /* max buffer is a 4096 bit key,
|
||||
plus header + some leeway*/
|
||||
buf_putmpint(buf, mp);
|
||||
i = buf->pos;
|
||||
buf_setpos(buf, 0);
|
||||
sha1_process(hs, buf_getptr(buf, i), i);
|
||||
hash_desc->process(hs, buf->data, buf->len);
|
||||
buf_free(buf);
|
||||
}
|
||||
|
3
bignum.h
3
bignum.h
@ -30,6 +30,7 @@
|
||||
void m_mp_init(mp_int *mp);
|
||||
void m_mp_init_multi(mp_int *mp, ...);
|
||||
void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
|
||||
void sha1_process_mp(hash_state *hs, mp_int *mp);
|
||||
void hash_process_mp(const struct ltc_hash_descriptor *hash_desc,
|
||||
hash_state *hs, mp_int *mp);
|
||||
|
||||
#endif /* _BIGNUM_H_ */
|
||||
|
@ -169,7 +169,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
|
||||
TRACE(("realsign"))
|
||||
/* We put the signature as well - this contains string(session id), then
|
||||
* the contents of the write payload to this point */
|
||||
sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len);
|
||||
sigbuf = buf_new(4 + ses.session_id->len + ses.writepayload->len);
|
||||
buf_putbufstring(sigbuf, ses.session_id);
|
||||
buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
|
||||
cli_buf_put_sign(ses.writepayload, key, type, sigbuf);
|
||||
|
@ -227,13 +227,13 @@ static struct dropbear_kex kex_dh_group14 = {dh_p_14, DH_P_14_LEN, NULL, &sha1_d
|
||||
|
||||
#ifdef DROPBEAR_ECDH
|
||||
#ifdef DROPBEAR_ECC_256
|
||||
static struct dropbear_kex kex_ecdh_secp256r1 = {NULL, 0, &ecc_curve_secp256r1, &sha256_desc };
|
||||
static struct dropbear_kex kex_ecdh_nistp256 = {NULL, 0, &ecc_curve_nistp256, &sha256_desc };
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_384
|
||||
static struct dropbear_kex kex_ecdh_secp384r1 = {NULL, 0, &ecc_curve_secp384r1, &sha384_desc };
|
||||
static struct dropbear_kex kex_ecdh_nistp384 = {NULL, 0, &ecc_curve_nistp384, &sha384_desc };
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_521
|
||||
static struct dropbear_kex kex_ecdh_secp521r1 = {NULL, 0, &ecc_curve_secp521r1, &sha512_desc };
|
||||
static struct dropbear_kex kex_ecdh_nistp521 = {NULL, 0, &ecc_curve_nistp521, &sha512_desc };
|
||||
#endif
|
||||
#endif // DROPBEAR_ECDH
|
||||
|
||||
@ -241,13 +241,13 @@ static struct dropbear_kex kex_ecdh_secp521r1 = {NULL, 0, &ecc_curve_secp521r1,
|
||||
algo_type sshkex[] = {
|
||||
#ifdef DROPBEAR_ECDH
|
||||
#ifdef DROPBEAR_ECC_256
|
||||
{"ecdh-sha2-secp256r1", 0, &kex_ecdh_secp256r1, 1, NULL},
|
||||
{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_384
|
||||
{"ecdh-sha2-secp384r1", 0, &kex_ecdh_secp384r1, 1, NULL},
|
||||
{"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_521
|
||||
{"ecdh-sha2-secp521r1", 0, &kex_ecdh_secp521r1, 1, NULL},
|
||||
{"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
|
||||
#endif
|
||||
#endif
|
||||
{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
|
||||
|
46
common-kex.c
46
common-kex.c
@ -85,8 +85,8 @@ static void gen_new_zstreams();
|
||||
#endif
|
||||
static void read_kex_algos();
|
||||
/* helper function for gen_new_keys */
|
||||
static void hashkeys(unsigned char *out, int outlen,
|
||||
const hash_state * hs, unsigned const char X);
|
||||
static void hashkeys(unsigned char *out, unsigned int outlen,
|
||||
const hash_state * hs, const unsigned char X);
|
||||
static void finish_kexhashbuf(void);
|
||||
|
||||
|
||||
@ -251,26 +251,28 @@ static void kexinitialise() {
|
||||
* out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated.
|
||||
*
|
||||
* See Section 7.2 of rfc4253 (ssh transport) for details */
|
||||
static void hashkeys(unsigned char *out, int outlen,
|
||||
static void hashkeys(unsigned char *out, unsigned int outlen,
|
||||
const hash_state * hs, const unsigned char X) {
|
||||
|
||||
const struct ltc_hash_descriptor *hashdesc = ses.newkeys->algo_kex->hashdesc;
|
||||
hash_state hs2;
|
||||
int offset;
|
||||
unsigned int offset;
|
||||
unsigned char tmpout[hashdesc->hashsize];
|
||||
|
||||
memcpy(&hs2, hs, sizeof(hash_state));
|
||||
sha1_process(&hs2, &X, 1);
|
||||
sha1_process(&hs2, ses.session_id->data, ses.session_id->len);
|
||||
sha1_done(&hs2, out);
|
||||
for (offset = SHA1_HASH_SIZE;
|
||||
hashdesc->process(&hs2, &X, 1);
|
||||
hashdesc->process(&hs2, ses.session_id->data, ses.session_id->len);
|
||||
hashdesc->done(&hs2, tmpout);
|
||||
memcpy(out, tmpout, MIN(hashdesc->hashsize, outlen));
|
||||
for (offset = hashdesc->hashsize;
|
||||
offset < outlen;
|
||||
offset += SHA1_HASH_SIZE)
|
||||
offset += hashdesc->hashsize)
|
||||
{
|
||||
/* need to extend */
|
||||
unsigned char k2[SHA1_HASH_SIZE];
|
||||
memcpy(&hs2, hs, sizeof(hash_state));
|
||||
sha1_process(&hs2, out, offset);
|
||||
sha1_done(&hs2, k2);
|
||||
memcpy(&out[offset], k2, MIN(outlen - offset, SHA1_HASH_SIZE));
|
||||
hashdesc->process(&hs2, out, offset);
|
||||
hashdesc->done(&hs2, tmpout);
|
||||
memcpy(&out[offset], tmpout, MIN(outlen - offset, hashdesc->hashsize));
|
||||
}
|
||||
}
|
||||
|
||||
@ -292,14 +294,14 @@ void gen_new_keys() {
|
||||
unsigned char *trans_IV, *trans_key, *recv_IV, *recv_key;
|
||||
|
||||
hash_state hs;
|
||||
unsigned int C2S_keysize, S2C_keysize;
|
||||
const struct ltc_hash_descriptor *hashdesc = ses.newkeys->algo_kex->hashdesc;
|
||||
char mactransletter, macrecvletter; /* Client or server specific */
|
||||
|
||||
TRACE(("enter gen_new_keys"))
|
||||
/* the dh_K and hash are the start of all hashes, we make use of that */
|
||||
|
||||
sha1_init(&hs);
|
||||
sha1_process_mp(&hs, ses.dh_K);
|
||||
hashdesc->init(&hs);
|
||||
hash_process_mp(hashdesc, &hs, ses.dh_K);
|
||||
mp_clear(ses.dh_K);
|
||||
m_free(ses.dh_K);
|
||||
sha1_process(&hs, ses.hash->data, ses.hash->len);
|
||||
@ -312,8 +314,6 @@ void gen_new_keys() {
|
||||
recv_IV = S2C_IV;
|
||||
trans_key = C2S_key;
|
||||
recv_key = S2C_key;
|
||||
C2S_keysize = ses.newkeys->trans.algo_crypt->keysize;
|
||||
S2C_keysize = ses.newkeys->recv.algo_crypt->keysize;
|
||||
mactransletter = 'E';
|
||||
macrecvletter = 'F';
|
||||
} else {
|
||||
@ -321,16 +321,14 @@ void gen_new_keys() {
|
||||
recv_IV = C2S_IV;
|
||||
trans_key = S2C_key;
|
||||
recv_key = C2S_key;
|
||||
C2S_keysize = ses.newkeys->recv.algo_crypt->keysize;
|
||||
S2C_keysize = ses.newkeys->trans.algo_crypt->keysize;
|
||||
mactransletter = 'F';
|
||||
macrecvletter = 'E';
|
||||
}
|
||||
|
||||
hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
|
||||
hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
|
||||
hashkeys(C2S_key, C2S_keysize, &hs, 'C');
|
||||
hashkeys(S2C_key, S2C_keysize, &hs, 'D');
|
||||
hashkeys(C2S_IV, sizeof(C2S_IV), &hs, 'A');
|
||||
hashkeys(S2C_IV, sizeof(S2C_IV), &hs, 'B');
|
||||
hashkeys(C2S_key, sizeof(C2S_key), &hs, 'C');
|
||||
hashkeys(S2C_key, sizeof(S2C_key), &hs, 'D');
|
||||
|
||||
if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) {
|
||||
int recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
|
||||
|
14
ecc.c
14
ecc.c
@ -9,24 +9,24 @@
|
||||
// TODO: use raw bytes for the dp rather than the hex strings in libtomcrypt's ecc.c
|
||||
|
||||
#ifdef DROPBEAR_ECC_256
|
||||
const struct dropbear_ecc_curve ecc_curve_secp256r1 = {
|
||||
const struct dropbear_ecc_curve ecc_curve_nistp256 = {
|
||||
.dp = <c_ecc_sets[0],
|
||||
.hash_desc = &sha256_desc,
|
||||
.name = "secp256r1"
|
||||
.name = "nistp256"
|
||||
};
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_384
|
||||
const struct dropbear_ecc_curve ecc_curve_secp384r1 = {
|
||||
const struct dropbear_ecc_curve ecc_curve_nistp384 = {
|
||||
.dp = <c_ecc_sets[1],
|
||||
.hash_desc = &sha384_desc,
|
||||
.name = "secp384r1"
|
||||
.name = "nistp384"
|
||||
};
|
||||
#endif
|
||||
#ifdef DROPBEAR_ECC_521
|
||||
const struct dropbear_ecc_curve ecc_curve_secp521r1 = {
|
||||
const struct dropbear_ecc_curve ecc_curve_nistp521 = {
|
||||
.dp = <c_ecc_sets[2],
|
||||
.hash_desc = &sha512_desc,
|
||||
.name = "secp521r1"
|
||||
.name = "nistp521"
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -35,7 +35,7 @@ static ecc_key * new_ecc_key(void) {
|
||||
key->pubkey.x = m_malloc(sizeof(mp_int));
|
||||
key->pubkey.y = m_malloc(sizeof(mp_int));
|
||||
key->pubkey.z = m_malloc(sizeof(mp_int));
|
||||
key->k = m_malloc(sizeof(mp_init));
|
||||
key->k = m_malloc(sizeof(mp_int));
|
||||
m_mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
|
||||
return key;
|
||||
}
|
||||
|
6
ecc.h
6
ecc.h
@ -14,9 +14,9 @@ struct dropbear_ecc_curve {
|
||||
const char *name;
|
||||
};
|
||||
|
||||
extern const struct dropbear_ecc_curve ecc_curve_secp256r1;
|
||||
extern const struct dropbear_ecc_curve ecc_curve_secp384r1;
|
||||
extern const struct dropbear_ecc_curve ecc_curve_secp521r1;
|
||||
extern const struct dropbear_ecc_curve ecc_curve_nistp256;
|
||||
extern const struct dropbear_ecc_curve ecc_curve_nistp384;
|
||||
extern const struct dropbear_ecc_curve ecc_curve_nistp521;
|
||||
|
||||
// "pubkey" refers to a point, but LTC uses ecc_key structure for both public
|
||||
// and private keys
|
||||
|
@ -332,8 +332,7 @@ void send_msg_userauth_failure(int partial, int incrfail) {
|
||||
buf_putbufstring(ses.writepayload, typebuf);
|
||||
|
||||
TRACE(("auth fail: methods %d, '%.*s'", ses.authstate.authtypes,
|
||||
typebuf->len,
|
||||
buf_getptr(typebuf, typebuf->len)));
|
||||
typebuf->len, typebuf->data))
|
||||
|
||||
buf_free(typebuf);
|
||||
|
||||
|
@ -125,7 +125,7 @@ void svr_auth_pubkey() {
|
||||
|
||||
/* create the data which has been signed - this a string containing
|
||||
* session_id, concatenated with the payload packet up to the signature */
|
||||
signbuf = buf_new(ses.payload->pos + 4 + SHA1_HASH_SIZE);
|
||||
signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len);
|
||||
buf_putbufstring(signbuf, ses.session_id);
|
||||
buf_putbytes(signbuf, ses.payload->data, ses.payload->pos);
|
||||
buf_setpos(signbuf, 0);
|
||||
|
@ -74,8 +74,7 @@
|
||||
#define MD5_HASH_SIZE 16
|
||||
|
||||
#define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
|
||||
#define MAX_IV_LEN 20 /* must be same as max blocksize,
|
||||
and >= SHA1_HASH_SIZE */
|
||||
#define MAX_IV_LEN 20 /* must be same as max blocksize, */
|
||||
|
||||
#if defined(DROPBEAR_SHA2_512_HMAC)
|
||||
#define MAX_MAC_LEN 64
|
||||
|
Loading…
Reference in New Issue
Block a user