Get rid of group15, move group16 to sha512.

New groups are disabled by default pending
draft-ietf-curdle-ssh-kex-sha2-02 being finalised
This commit is contained in:
Matt Johnston 2016-03-12 16:21:13 +08:00
parent a991d3b56b
commit fdc61f3ab2
5 changed files with 43 additions and 66 deletions

View File

@ -248,14 +248,17 @@ algo_type sshhostkey[] = {
{NULL, 0, NULL, 0, NULL} {NULL, 0, NULL, 0, NULL}
}; };
#if DROPBEAR_DH_GROUP1
static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc }; static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
#ifdef DROPBEAR_DH_GROUP15
static const struct dropbear_kex kex_dh_group15_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_15, DH_P_15_LEN, NULL, &sha256_desc };
#endif #endif
#ifdef DROPBEAR_DH_GROUP16 #if DROPBEAR_DH_GROUP14
static const struct dropbear_kex kex_dh_group16_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha256_desc }; static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
#if DROPBEAR_DH_GROUP14_256
static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
#endif
#endif
#if DROPBEAR_DH_GROUP16
static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
#endif #endif
/* These can't be const since dropbear_ecc_fill_dp() fills out /* These can't be const since dropbear_ecc_fill_dp() fills out
@ -292,14 +295,17 @@ algo_type sshkex[] = {
{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
#endif #endif
#endif #endif
#if DROPBEAR_DH_GROUP14
#if DROPBEAR_DH_GROUP14_256
{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL}, {"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
#ifdef DROPBEAR_DH_GROUP15
{"diffie-hellman-group15-sha256", 0, &kex_dh_group15_sha256, 1, NULL},
#endif #endif
#ifdef DROPBEAR_DH_GROUP16 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
{"diffie-hellman-group16-sha256", 0, &kex_dh_group16_sha256, 1, NULL}, #endif
#if DROPBEAR_DH_GROUP1
{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
#endif
#if DROPBEAR_DH_GROUP16
{"diffie-hellman-group16-sha512", 0, &kex_dh_group16_sha512, 1, NULL},
#endif #endif
#ifdef USE_KEXGUESS2 #ifdef USE_KEXGUESS2
{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},

View File

@ -1,6 +1,7 @@
#include "options.h" #include "options.h"
#include "dh_groups.h" #include "dh_groups.h"
#if DROPBEAR_DH_GROUP1
/* diffie-hellman-group1-sha1 value for p */ /* diffie-hellman-group1-sha1 value for p */
const unsigned char dh_p_1[DH_P_1_LEN] = { const unsigned char dh_p_1[DH_P_1_LEN] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
@ -14,7 +15,9 @@ const unsigned char dh_p_1[DH_P_1_LEN] = {
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
#endif /* DROPBEAR_DH_GROUP1 */
#if DROPBEAR_DH_GROUP14
/* diffie-hellman-group14-sha1 value for p */ /* diffie-hellman-group14-sha1 value for p */
const unsigned char dh_p_14[DH_P_14_LEN] = { const unsigned char dh_p_14[DH_P_14_LEN] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
@ -39,46 +42,9 @@ const unsigned char dh_p_14[DH_P_14_LEN] = {
0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF}; 0xFF, 0xFF, 0xFF, 0xFF};
#endif /* DROPBEAR_DH_GROUP14 */
#ifdef DROPBEAR_DH_GROUP15 #if DROPBEAR_DH_GROUP16
/* diffie-hellman-group15-sha256 value for p */
const unsigned char dh_p_15[DH_P_15_LEN] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
#endif /* DROPBEAR_DH_GROUP15 */
#ifdef DROPBEAR_DH_GROUP16
/* diffie-hellman-group16-256 value for p */ /* diffie-hellman-group16-256 value for p */
const unsigned char dh_p_16[DH_P_16_LEN] = { const unsigned char dh_p_16[DH_P_16_LEN] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21,
@ -123,6 +89,6 @@ const unsigned char dh_p_16[DH_P_16_LEN] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
#endif /* DROPBEAR_DH_GROUP16 */ #endif /* DROPBEAR_DH_GROUP16 */
/* Same for group1 and group14 */ /* Same for all groups */
const int DH_G_VAL = 2; const int DH_G_VAL = 2;

View File

@ -2,17 +2,17 @@
#define DROPBEAR_DH_GROUPS_H #define DROPBEAR_DH_GROUPS_H
#include "options.h" #include "options.h"
#if DROPBEAR_DH_GROUP1
#define DH_P_1_LEN 128 #define DH_P_1_LEN 128
extern const unsigned char dh_p_1[DH_P_1_LEN]; extern const unsigned char dh_p_1[DH_P_1_LEN];
#define DH_P_14_LEN 256
extern const unsigned char dh_p_14[DH_P_14_LEN];
#ifdef DROPBEAR_DH_GROUP15
#define DH_P_15_LEN 384
extern const unsigned char dh_p_15[DH_P_15_LEN];
#endif #endif
#ifdef DROPBEAR_DH_GROUP16 #if DROPBEAR_DH_GROUP14
#define DH_P_14_LEN 256
extern const unsigned char dh_p_14[DH_P_14_LEN];
#endif
#if DROPBEAR_DH_GROUP16
#define DH_P_16_LEN 512 #define DH_P_16_LEN 512
extern const unsigned char dh_p_16[DH_P_16_LEN]; extern const unsigned char dh_p_16[DH_P_16_LEN];
#endif #endif

View File

@ -152,11 +152,6 @@ If you test it please contact the Dropbear author */
* on x86-64 */ * on x86-64 */
#define DROPBEAR_ECDSA #define DROPBEAR_ECDSA
/* These larger DH groups (3072 and 4096 bit respectively) add to binary size
and may be significantly slower. Usually ECDH or curve25519 will be a better option */
/*#define DROPBEAR_DH_GROUP15*/
/*#define DROPBEAR_DH_GROUP16*/
/* Generate hostkeys as-needed when the first connection using that key type occurs. /* Generate hostkeys as-needed when the first connection using that key type occurs.
This avoids the need to otherwise run "dropbearkey" and avoids some problems This avoids the need to otherwise run "dropbearkey" and avoids some problems
with badly seeded /dev/urandom when systems first boot. with badly seeded /dev/urandom when systems first boot.
@ -173,6 +168,11 @@ If you test it please contact the Dropbear author */
* ECDSA above */ * ECDSA above */
#define DROPBEAR_ECDH #define DROPBEAR_ECDH
/* Group14 (2048 bit) is recommended. Group1 is less secure (1024 bit) though
is the only option for interoperability with some older SSH programs */
#define DROPBEAR_DH_GROUP1 1
#define DROPBEAR_DH_GROUP14 1
/* Control the memory/performance/compression tradeoff for zlib. /* Control the memory/performance/compression tradeoff for zlib.
* Set windowBits=8 for least memory usage, see your system's * Set windowBits=8 for least memory usage, see your system's
* zlib.h for full details. * zlib.h for full details.

View File

@ -113,20 +113,25 @@
#define RSA_BLINDING #define RSA_BLINDING
/* hashes which will be linked and registered */ /* hashes which will be linked and registered */
#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) #if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14
#define DROPBEAR_SHA256 #define DROPBEAR_SHA256
#endif #endif
#if defined(DROPBEAR_ECC_384) #if defined(DROPBEAR_ECC_384)
#define DROPBEAR_SHA384 #define DROPBEAR_SHA384
#endif #endif
/* LTC SHA384 depends on SHA512 */ /* LTC SHA384 depends on SHA512 */
#if defined(DROPBEAR_SHA2_512_HMAC) || defined(DROPBEAR_ECC_521) || defined(DROPBEAR_ECC_384) #if defined(DROPBEAR_SHA2_512_HMAC) || defined(DROPBEAR_ECC_521) || defined(DROPBEAR_ECC_384) || DROPBEAR_DH_GROUP16
#define DROPBEAR_SHA512 #define DROPBEAR_SHA512
#endif #endif
#if defined(DROPBEAR_MD5_HMAC) #if defined(DROPBEAR_MD5_HMAC)
#define DROPBEAR_MD5 #define DROPBEAR_MD5
#endif #endif
/* These are disabled in Dropbear 2016.73 by default since the spec
draft-ietf-curdle-ssh-kex-sha2-02 is under development. */
#define DROPBEAR_DH_GROUP14_256 0
#define DROPBEAR_DH_GROUP16 0
/* roughly 2x 521 bits */ /* roughly 2x 521 bits */
#define MAX_ECC_SIZE 140 #define MAX_ECC_SIZE 140