ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-04 03:36:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

options for disabling "normal" DH

Browse Source
This commit is contained in:
Matt Johnston 2016-05-02 23:48:16 +02:00
parent 4664ce2c35
commit d6daad29fc
7 changed files with 57 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
algo.h
View File

@ -83,9 +83,15 @@ struct dropbear_hash {
}; };
enum dropbear_kex_mode { enum dropbear_kex_mode {
#if DROPBEAR_NORMAL_DH
DROPBEAR_KEX_NORMAL_DH, DROPBEAR_KEX_NORMAL_DH,
#endif
#ifdef DROPBEAR_ECDH
DROPBEAR_KEX_ECDH, DROPBEAR_KEX_ECDH,
#endif
#ifdef DROPBEAR_CURVE25519
DROPBEAR_KEX_CURVE25519, DROPBEAR_KEX_CURVE25519,
#endif
}; };
struct dropbear_kex { struct dropbear_kex {

16
cli-kex.c
View File

@ -48,6 +48,7 @@ void send_msg_kexdh_init() {
CHECKCLEARTOWRITE(); CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
switch (ses.newkeys->algo_kex->mode) { switch (ses.newkeys->algo_kex->mode) {
#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH: case DROPBEAR_KEX_NORMAL_DH:
if (ses.newkeys->algo_kex != cli_ses.param_kex_algo if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
|| !cli_ses.dh_param) { || !cli_ses.dh_param) {
@ -58,8 +59,9 @@ void send_msg_kexdh_init() {
} }
buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub); buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
break; break;
case DROPBEAR_KEX_ECDH: #endif
#ifdef DROPBEAR_ECDH #ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
if (ses.newkeys->algo_kex != cli_ses.param_kex_algo if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
|| !cli_ses.ecdh_param) { || !cli_ses.ecdh_param) {
if (cli_ses.ecdh_param) { if (cli_ses.ecdh_param) {
@ -68,8 +70,8 @@ void send_msg_kexdh_init() {
cli_ses.ecdh_param = gen_kexecdh_param(); cli_ses.ecdh_param = gen_kexecdh_param();
} }
buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
#endif
break; break;
#endif
#ifdef DROPBEAR_CURVE25519 #ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519: case DROPBEAR_KEX_CURVE25519:
if (ses.newkeys->algo_kex != cli_ses.param_kex_algo if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
@ -80,8 +82,8 @@ void send_msg_kexdh_init() {
cli_ses.curve25519_param = gen_kexcurve25519_param(); cli_ses.curve25519_param = gen_kexcurve25519_param();
} }
buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN); buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
#endif
break; break;
#endif
} }
cli_ses.param_kex_algo = ses.newkeys->algo_kex; cli_ses.param_kex_algo = ses.newkeys->algo_kex;
@ -118,6 +120,7 @@ void recv_msg_kexdh_reply() {
} }
switch (ses.newkeys->algo_kex->mode) { switch (ses.newkeys->algo_kex->mode) {
#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH: case DROPBEAR_KEX_NORMAL_DH:
{ {
DEF_MP_INT(dh_f); DEF_MP_INT(dh_f);
@ -131,15 +134,16 @@ void recv_msg_kexdh_reply() {
mp_clear(&dh_f); mp_clear(&dh_f);
} }
break; break;
case DROPBEAR_KEX_ECDH: #endif
#ifdef DROPBEAR_ECDH #ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
{ {
buffer *ecdh_qs = buf_getstringbuf(ses.payload); buffer *ecdh_qs = buf_getstringbuf(ses.payload);
kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey); kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
buf_free(ecdh_qs); buf_free(ecdh_qs);
} }
#endif
break; break;
#endif
#ifdef DROPBEAR_CURVE25519 #ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519: case DROPBEAR_KEX_CURVE25519:
{ {
@ -147,8 +151,8 @@ void recv_msg_kexdh_reply() {
kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey); kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
buf_free(ecdh_qs); buf_free(ecdh_qs);
} }
#endif
break; break;
#endif
} }
if (cli_ses.dh_param) { if (cli_ses.dh_param) {

15
common-algo.c
View File

@ -251,11 +251,11 @@ algo_type sshhostkey[] = {
#if DROPBEAR_DH_GROUP1 #if DROPBEAR_DH_GROUP1
static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc }; static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
#endif #endif
#if DROPBEAR_DH_GROUP14 #if DROPBEAR_DH_GROUP14_SHA1
static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc }; static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
#if DROPBEAR_DH_GROUP14_256
static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
#endif #endif
#if DROPBEAR_DH_GROUP14_SHA256
static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
#endif #endif
#if DROPBEAR_DH_GROUP16 #if DROPBEAR_DH_GROUP16
static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc }; static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
@ -295,12 +295,12 @@ algo_type sshkex[] = {
{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
#endif #endif
#endif #endif
#if DROPBEAR_DH_GROUP14 #if DROPBEAR_DH_GROUP14_SHA1
#if DROPBEAR_DH_GROUP14_256
{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
#endif
{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL}, {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
#endif #endif
#if DROPBEAR_DH_GROUP14_SHA256
{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
#endif
#if DROPBEAR_DH_GROUP1 #if DROPBEAR_DH_GROUP1
{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
#endif #endif
@ -349,6 +349,7 @@ void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
} }
} }
buf_putstring(buf, (const char*)algolist->data, algolist->len); buf_putstring(buf, (const char*)algolist->data, algolist->len);
TRACE(("algolist add '%*s'", algolist->len, algolist->data))
buf_free(algolist); buf_free(algolist);
} }

2
keyimport.c
View File

@ -36,9 +36,11 @@
#include "dbutil.h" #include "dbutil.h"
#include "ecc.h" #include "ecc.h"
#ifdef DROPBEAR_ECDSA
static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}; static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22}; static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23}; static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
#endif
#define PUT_32BIT(cp, value) do { \ #define PUT_32BIT(cp, value) do { \
(cp)[3] = (unsigned char)(value); \ (cp)[3] = (unsigned char)(value); \

17
options.h
View File

@ -150,7 +150,7 @@ If you test it please contact the Dropbear author */
/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
* code (either ECDSA or ECDH) increases binary size - around 30kB * code (either ECDSA or ECDH) increases binary size - around 30kB
* on x86-64 */ * on x86-64 */
#define DROPBEAR_ECDSA //#define DROPBEAR_ECDSA
/* Generate hostkeys as-needed when the first connection using that key type occurs. /* Generate hostkeys as-needed when the first connection using that key type occurs.
This avoids the need to otherwise run "dropbearkey" and avoids some problems This avoids the need to otherwise run "dropbearkey" and avoids some problems
@ -169,18 +169,19 @@ If you test it please contact the Dropbear author */
#define DROPBEAR_ECDH #define DROPBEAR_ECDH
/* Key exchange algorithm. /* Key exchange algorithm.
* group1 - 1024 bit, sha1 * group14_sha1 - 2048 bit, sha1
* group14 - 2048 bit, sha1 * group14_sha256 - 2048 bit, sha2-256
* group14_256 - 2048 bit, sha2-256
* group16 - 4096 bit, sha2-512 * group16 - 4096 bit, sha2-512
* group1 - 1024 bit, sha1
* *
* group14 is supported by most implementations. * group14 is supported by most implementations.
* group16 provides a greater strength but is slower and increases binary size * group16 provides a greater strength level but is slower and increases binary size
* group1 is necessary if compatibility with Dropbear versions < 0.53 is required * group1 is too small for security though is necessary if you need
compatibility with some implementations such as Dropbear versions < 0.53
*/ */
#define DROPBEAR_DH_GROUP1 1 #define DROPBEAR_DH_GROUP1 1
#define DROPBEAR_DH_GROUP14 1 #define DROPBEAR_DH_GROUP14_SHA1 1
#define DROPBEAR_DH_GROUP14_256 1 #define DROPBEAR_DH_GROUP14_SHA256 1
#define DROPBEAR_DH_GROUP16 0 #define DROPBEAR_DH_GROUP16 0
/* Control the memory/performance/compression tradeoff for zlib. /* Control the memory/performance/compression tradeoff for zlib.

18
svr-kex.c
View File

@ -54,18 +54,24 @@ void recv_msg_kexdh_init() {
} }
switch (ses.newkeys->algo_kex->mode) { switch (ses.newkeys->algo_kex->mode) {
#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH: case DROPBEAR_KEX_NORMAL_DH:
m_mp_init(&dh_e); m_mp_init(&dh_e);
if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) { if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) {
dropbear_exit("Bad kex value"); dropbear_exit("Bad kex value");
} }
break; break;
#endif
#ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH: case DROPBEAR_KEX_ECDH:
#endif
#ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519: case DROPBEAR_KEX_CURVE25519:
#endif
#if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519) #if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519)
ecdh_qs = buf_getstringbuf(ses.payload); ecdh_qs = buf_getstringbuf(ses.payload);
#endif
break; break;
#endif
} }
if (ses.payload->pos != ses.payload->len) { if (ses.payload->pos != ses.payload->len) {
dropbear_exit("Bad kex value"); dropbear_exit("Bad kex value");
@ -221,6 +227,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
ses.newkeys->algo_hostkey); ses.newkeys->algo_hostkey);
switch (ses.newkeys->algo_kex->mode) { switch (ses.newkeys->algo_kex->mode) {
#ifdef DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH: case DROPBEAR_KEX_NORMAL_DH:
{ {
struct kex_dh_param * dh_param = gen_kexdh_param(); struct kex_dh_param * dh_param = gen_kexdh_param();
@ -231,8 +238,9 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
free_kexdh_param(dh_param); free_kexdh_param(dh_param);
} }
break; break;
case DROPBEAR_KEX_ECDH: #endif
#ifdef DROPBEAR_ECDH #ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
{ {
struct kex_ecdh_param *ecdh_param = gen_kexecdh_param(); struct kex_ecdh_param *ecdh_param = gen_kexecdh_param();
kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
@ -240,18 +248,18 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key); buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key);
free_kexecdh_param(ecdh_param); free_kexecdh_param(ecdh_param);
} }
#endif
break; break;
case DROPBEAR_KEX_CURVE25519: #endif
#ifdef DROPBEAR_CURVE25519 #ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519:
{ {
struct kex_curve25519_param *param = gen_kexcurve25519_param(); struct kex_curve25519_param *param = gen_kexcurve25519_param();
kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey); kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey);
buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN); buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN);
free_kexcurve25519_param(param); free_kexcurve25519_param(param);
} }
#endif
break; break;
#endif
} }
/* calc the signature */ /* calc the signature */

10
sysoptions.h
View File

@ -113,7 +113,7 @@
#define RSA_BLINDING #define RSA_BLINDING
/* hashes which will be linked and registered */ /* hashes which will be linked and registered */
#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14 #if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14_SHA256
#define DROPBEAR_SHA256 #define DROPBEAR_SHA256
#endif #endif
#if defined(DROPBEAR_ECC_384) #if defined(DROPBEAR_ECC_384)
@ -125,6 +125,14 @@
#endif #endif
#if defined(DROPBEAR_MD5_HMAC) #if defined(DROPBEAR_MD5_HMAC)
#define DROPBEAR_MD5 #define DROPBEAR_MD5
#endif
#if DROPBEAR_DH_GROUP14_SHA256 || DROPBEAR_DH_GROUP14_SHA1
#define DROPBEAR_DH_GROUP14 1
#endif
#if DROPBEAR_DH_GROUP1 || DROPBEAR_DH_GROUP14 || DROPBEAR_DH_GROUP16
#define DROPBEAR_NORMAL_DH 1
#endif #endif
/* roughly 2x 521 bits */ /* roughly 2x 521 bits */