ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 02:46:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,889 Commits 5 Branches 63 Tags 14 MiB
master
Commit Graph

49 Commits

Author SHA1 Message Date
allegroai
b63e8d8694 sync github July 2024 2024-07-24 03:31:27 +03:00
Matt Johnston
cda8070898 Remove hmac-md5 entirely 2022-11-10 17:10:16 +08:00
Matt Johnston
8b68eb55d9 Make SHA1 optional, implement SHA256 fingerprints 
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
 2022-03-30 11:44:04 +08:00
Matt Johnston
f030618543 Split CPPFLAGS and CFLAGS more carefully 
This has no change to the build, but makes it easier to try
other build tools that only want CPPFLAGS
 2022-03-22 16:17:05 +08:00
Matt Johnston
6145289e0d Remove blowfish 2020-06-10 23:42:42 +08:00
Matt Johnston
d14ebdbf0e avoid zero length array in base64_decode 2020-06-10 23:26:05 +08:00
Matt Johnston
4b305c5721 Merge libtomcrypt v1.18.2 2020-06-10 23:16:13 +08:00
Matt Johnston
615885be01 Fix whitespace changes vs upstream libtomcrypt 2020-06-10 23:01:33 +08:00
Steffen Jaeckel
b4bd23b4d2
Update LibTomMath to 1.2.0 (#84) 
* update C files

* update other files

* update headers

* update makefiles

* remove mp_set/get_double()

* use ltm 1.2.0 API

* update ltm_desc

* use bundled tommath if system-tommath is too old

* XMALLOC etc. were changed to MP_MALLOC etc.
 2020-05-26 23:36:47 +08:00
Vladislav Grishenko
61267f8503
CBC mode cleanup (#95) 
* Fix CBC mode can't be fully disabled

* Fix CBC mode can't be the only mode
 2020-05-25 23:55:13 +08:00
Vladislav Grishenko
d3d0d60076
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) 
* Add Chacha20-Poly1305 authenticated encryption

* Add general AEAD approach.
* Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and
  poly1305 routines.

Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.

function                                             old     new   delta
chacha_crypt                                           -    1397   +1397
_poly1305_block                                        -     608    +608
poly1305_done                                          -     595    +595
dropbear_chachapoly_crypt                              -     457    +457
.rodata                                            26976   27392    +416
poly1305_process                                       -     290    +290
poly1305_init                                          -     221    +221
chacha_setup                                           -     218    +218
encrypt_packet                                      1068    1270    +202
dropbear_chachapoly_getlength                          -     147    +147
decrypt_packet                                       756     897    +141
chacha_ivctr64                                         -     137    +137
read_packet                                          543     637     +94
dropbear_chachapoly_start                              -      94     +94
read_kex_algos                                       792     880     +88
chacha_keystream                                       -      69     +69
dropbear_mode_chachapoly                               -      48     +48
sshciphers                                           280     320     +40
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_chachapoly_mac                                -      24     +24
dropbear_chachapoly                                    -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0)         Total: 5388 bytes

* Add AES128-GCM and AES256-GCM authenticated encryption

* Add general AES-GCM mode.
* Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using
  LibTomCrypt gcm routines.

AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.

function                                             old     new   delta
gcm_process                                            -    1060   +1060
.rodata                                            26976   27808    +832
gcm_gf_mult                                            -     820    +820
gcm_add_aad                                            -     660    +660
gcm_shift_table                                        -     512    +512
gcm_done                                               -     471    +471
gcm_add_iv                                             -     384    +384
gcm_init                                               -     347    +347
dropbear_gcm_crypt                                     -     309    +309
encrypt_packet                                      1068    1270    +202
decrypt_packet                                       756     897    +141
gcm_reset                                              -     118    +118
read_packet                                          543     637     +94
read_kex_algos                                       792     880     +88
sshciphers                                           280     360     +80
gcm_mult_h                                             -      80     +80
dropbear_gcm_start                                     -      62     +62
dropbear_mode_gcm                                      -      48     +48
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_ghash                                         -      24     +24
dropbear_gcm_getlength                                 -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0)         Total: 6434 bytes
 2020-05-25 23:50:25 +08:00
Matt Johnston
e612aec5d9 Attempt to fix m_free for libtomcrypt/libtommath 2018-03-02 00:02:06 +08:00
Matt Johnston
7e8094d53a merge from main 
--HG--
branch : fuzz
 2018-02-17 19:29:51 +08:00
Michael Witten
3ee685ad1c options: Complete the transition to numeric toggles (`#if') 
For the sake of review, this commit alters only the code; the affiliated
comments within the source files also need to be updated, but doing so
now would obscure the operational changes that have been made here.

* All on/off options have been switched to the numeric `#if' variant;
  that is the only way to make this `default_options.h.in' thing work
  in a reasonable manner.

* There is now some very minor compile-time checking of the user's
  choice of options.

* NO_FAST_EXPTMOD doesn't seem to be used, so it has been removed.

* ENABLE_USER_ALGO_LIST was supposed to be renamed DROPBEAR_USER_ALGO_LIST,
  and this commit completes that work.

* DROPBEAR_FUZZ seems to be a relatively new, as-yet undocumented option,
  which was added by the following commit:

    commit 6e0b539e9c
    Author: Matt Johnston <matt@ucc.asn.au>
    Date:   Tue May 23 22:29:21 2017 +0800

        split out checkpubkey_line() separately

  It has now been added to `sysoptions.h' and defined as `0' by default.

* The configuration option `DROPBEAR_PASSWORD_ENV' is no longer listed in
  `default_options.h.in'; it is no longer meant to be set by the user, and
  is instead left to be defined in `sysoptions.h' (where it was already being
  defined) as merely the name of the environment variable in question:

    DROPBEAR_PASSWORD

  To enable or disable use of that environment variable, the user must now
  toggle `DROPBEAR_USE_DROPBEAR_PASSWORD'.

* The sFTP support is now toggled by setting `DROPBEAR_SFTPSERVER', and the
  path of the sFTP server program is set independently through the usual
  SFTPSERVER_PATH.
 2018-02-16 23:13:47 +08:00
Matt Johnston
370d4c7cd5 fix unused variable from merge 2018-02-14 23:09:40 +08:00
Matt Johnston
df66daa26a use parent $CC etc 2018-02-10 18:57:20 +08:00
Matt Johnston
8013009880 pass CFLAGS to LTC_CFLAGS 2018-02-10 00:12:31 +08:00
Matt Johnston
95b99cc86a cast m_burn argument away from volatile 2018-02-10 00:12:22 +08:00
Matt Johnston
a36f182b36 Put Dropbear config in a separate file 
Patch out MECC DER
 2018-02-09 23:35:07 +08:00
Matt Johnston
d8bb6a7816 Fix commenting out 2018-02-09 23:34:48 +08:00
Matt Johnston
57d474e183 add $srcdir as needed 2018-02-09 23:34:03 +08:00
Matt Johnston
c0df3902b7 Update Makefile.in 2018-02-09 22:19:42 +08:00
Matt Johnston
4f2eb1914b Update to libtomcrypt 1.18.1, merged with Dropbear changes 2018-02-09 21:44:05 +08:00
Matt Johnston
597f7eb5e9 merge up to date 
--HG--
branch : fuzz
 2018-01-23 22:46:07 +08:00
Matt Johnston
ba23b823dc fix updates to libtomcrypt/libtommath for out of tree builds 2018-01-23 22:44:18 +08:00
Matt Johnston
6ac5ea2a9f merge from main (libtommath/libtomcrypt/curve25510-donna updates) 
--HG--
branch : fuzz
 2017-06-24 22:51:45 +08:00
Matt Johnston
a79b61517b update to libtomcrypt 1.17 (with Dropbear changes) 2017-06-24 17:50:50 +08:00
Matt Johnston
fb8fb7fed0 add dbmalloc epoch cleanup 
--HG--
branch : fuzz
 2017-05-21 10:54:11 +08:00
Henrik Nordström
9025cd9b72 Support out-of-tree builds usign bundled libtom 
When building out-of-tree we need both source and generated
folders in include paths to find both distributed and generated
headers.
 2016-05-11 12:35:06 +02:00
Matt Johnston
420151dbd9 move m_burn and function attributes to dbhelpers 
use m_burn for libtomcrypt zeromem() too
 2016-03-17 23:21:33 +08:00
Gaël PORTAY
3e91ec07e4 Fix unused but set variable warnings [-Werror=unused-but-set-variable] 2015-05-05 20:39:13 +02:00
Gaël PORTAY
6086851fc1 Fix unused parameters warnings [-Werror=unused-parameter] 2015-05-05 20:39:13 +02:00
Gaël PORTAY
d9d97969a3 Uses abort() instead of raising a SIGABRT signal [-Werror] 
error: ‘noreturn’ function does return [-Werror]

abort() is a noreturn function while raise() is not.

And because crypt_argchk() is flagged as __attribute__(noreturn), abort()
appears to be a better condidate.

This compilation warning has probably been introduced by commit
1809f741cb.
 2015-05-05 20:30:49 +02:00
Matt Johnston
91ef9b2fa9 Avoid malloc in hmac 
--HG--
branch : nocircbuffer
 2015-03-01 14:46:04 +08:00
Matt Johnston
1809f741cb Add more ATTRIB_NORETURN annotations, from Thorsten Horstmann 2015-02-24 22:36:20 +08:00
Matt Johnston
5c87c6a435 A bit of work on ecdsa for host/auth keys 
--HG--
branch : ecc
 2013-04-14 00:50:03 +08:00
Matt Johnston
c6bdc810ab ecc kind of works, needs fixing/testing 
--HG--
branch : ecc
 2013-04-07 01:36:42 +08:00
Matt Johnston
b4bcc60657 More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, 
ses.hash and ses.session_id are now buffers (doesn't compile)

--HG--
branch : ecc
 2013-03-29 00:28:09 +08:00
Matt Johnston
5139bd42f6 Set LTC_SOURCE for proper ltm_desc etc 
--HG--
branch : ecc
 2013-03-29 00:26:46 +08:00
Matt Johnston
74cad1612f more bits on ecc branch 
--HG--
branch : ecc
 2013-03-27 00:38:03 +08:00
Matt Johnston
73e22c115c refactor kexdh code a bit, start working on ecdh etc 
--HG--
branch : ecc
 2013-03-26 01:35:22 +08:00
Matt Johnston
c62e53807f - Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be 
getting keyed incorrectly

--HG--
branch : sha2
 2012-05-10 08:38:37 +08:00
Matt Johnston
f924aa18f2 Define LTC_NO_FILE to avoid hmac_file() etc 
--HG--
extra : convert_revision : b918fd450c1572ce055a6a1fe8c161a495ddec34
 2011-04-07 13:24:41 +00:00
Matt Johnston
511f6555c9 - Add Counter Mode support 
--HG--
extra : convert_revision : 5225162bdf32d70b58b6d3ae375a290326c59f3a
 2008-09-29 13:53:31 +00:00
Matt Johnston
943636c3e1 propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head c1db4398d56c56c6d06ae1e20c1e0d04dbb598ed) 
to branch 'au.asn.ucc.matt.dropbear' (head d26d5eb2837f46b56a33fb0e7573aa0201abd4d5)

--HG--
extra : convert_revision : 7a0ae6de81402591a789486070007238169fafca
 2007-01-11 04:29:08 +00:00
Matt Johnston
5ea605d8de propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head ffd1015238ffcc959f6cd95176d96fcd0945a397) 
to branch 'au.asn.ucc.matt.dropbear' (head 52ccb0ad0587a62bc64aecb939adbb76546aac16)

--HG--
extra : convert_revision : ecd779509ef23a8cdf64888904fc9b31d78aa933
 2007-01-11 03:05:30 +00:00
Matt Johnston
a938f4cfe1 propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 2af22fb4e878750b88f80f90d439b316d229796f) 
to branch 'au.asn.ucc.matt.dropbear' (head 02c413252c90e9de8e03d91e9939dde3029f5c0a)

--HG--
extra : convert_revision : 52ccb0ad0587a62bc64aecb939adbb76546aac16
 2007-01-11 02:41:05 +00:00
Matt Johnston
35bcc463e5 Fix up separate-directory building for libtomcrypt 
Use $CC rather than $LD for linking

--HG--
extra : convert_revision : 31dcd7a22983ef19d6c63248e415e71d292dd0ec
 2006-10-11 16:00:50 +00:00
Matt Johnston
6ae3a09ef3 propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3) 
to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)

--HG--
extra : convert_revision : dc4809882e1b9f2dcd3f8bbe38c74a0a52c39ce4
 2006-03-08 13:23:58 +00:00