ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 05:17:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,855 Commits 5 Branches 63 Tags 14 MiB
54a90ddac5
Commit Graph

79 Commits

Author SHA1 Message Date
Matt Johnston
f7d306e963 Fix decompression size check 
Dropbear's decompression could erroneously exit with
"bad packet, oversized decompressed"
for a valid 32768 byte decompressed payload (an off-by-one error).
It could be triggered particularly with larger SSH window sizes.

This change also simplifies the function by allocating a
single 32kB buffer rather than incrementally increasing the size.
 2022-10-25 21:17:56 +08:00
Matt Johnston
1a7b944917 Load password and key for client fuzzer. 
Add fuzz_dump()
 2020-10-20 23:34:38 +08:00
Vladislav Grishenko
d3d0d60076
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) 
* Add Chacha20-Poly1305 authenticated encryption

* Add general AEAD approach.
* Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and
  poly1305 routines.

Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.

function                                             old     new   delta
chacha_crypt                                           -    1397   +1397
_poly1305_block                                        -     608    +608
poly1305_done                                          -     595    +595
dropbear_chachapoly_crypt                              -     457    +457
.rodata                                            26976   27392    +416
poly1305_process                                       -     290    +290
poly1305_init                                          -     221    +221
chacha_setup                                           -     218    +218
encrypt_packet                                      1068    1270    +202
dropbear_chachapoly_getlength                          -     147    +147
decrypt_packet                                       756     897    +141
chacha_ivctr64                                         -     137    +137
read_packet                                          543     637     +94
dropbear_chachapoly_start                              -      94     +94
read_kex_algos                                       792     880     +88
chacha_keystream                                       -      69     +69
dropbear_mode_chachapoly                               -      48     +48
sshciphers                                           280     320     +40
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_chachapoly_mac                                -      24     +24
dropbear_chachapoly                                    -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0)         Total: 5388 bytes

* Add AES128-GCM and AES256-GCM authenticated encryption

* Add general AES-GCM mode.
* Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using
  LibTomCrypt gcm routines.

AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.

function                                             old     new   delta
gcm_process                                            -    1060   +1060
.rodata                                            26976   27808    +832
gcm_gf_mult                                            -     820    +820
gcm_add_aad                                            -     660    +660
gcm_shift_table                                        -     512    +512
gcm_done                                               -     471    +471
gcm_add_iv                                             -     384    +384
gcm_init                                               -     347    +347
dropbear_gcm_crypt                                     -     309    +309
encrypt_packet                                      1068    1270    +202
decrypt_packet                                       756     897    +141
gcm_reset                                              -     118    +118
read_packet                                          543     637     +94
read_kex_algos                                       792     880     +88
sshciphers                                           280     360     +80
gcm_mult_h                                             -      80     +80
dropbear_gcm_start                                     -      62     +62
dropbear_mode_gcm                                      -      48     +48
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_ghash                                         -      24     +24
dropbear_gcm_getlength                                 -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0)         Total: 6434 bytes
 2020-05-25 23:50:25 +08:00
Konstantin Demin
2fd3b9f560 packet: remove stale comment about "packet_type" (#63) 
clean up after 7f15910541

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
 2019-03-20 22:33:15 +08:00
Matt Johnston
892c5fc1c8 Merge writev #include fix 2018-08-26 22:26:42 +08:00
Matt Johnston
e7504b3311 make writev #include consistent for variable declarations too 2018-08-23 23:59:24 +08:00
Matt Johnston
4fd3160179 fix uninitialised memory in fuzzer codepath 2018-03-06 22:02:19 +08:00
Matt Johnston
7f15910541 get rid of unused packet_type in encrypted write queue 2018-03-04 14:57:18 +08:00
Matt Johnston
5f2447edbb Fix to be able to compile normal(ish) binaries with --enable-fuzz 
--HG--
branch : fuzz
 2018-02-28 22:02:12 +08:00
Matt Johnston
c658b275fd - #if not #ifdef for DROPBEAR_FUZZ 
- fix some unused variables

--HG--
branch : fuzz
 2018-02-28 21:40:08 +08:00
Matt Johnston
7e8094d53a merge from main 
--HG--
branch : fuzz
 2018-02-17 19:29:51 +08:00
Matt Johnston
1a37d7aa48 Removed commented out code 2018-02-11 23:03:31 +08:00
Francois Perrad
89e64c631e Pointer parameter could be declared as pointing to const 2017-08-19 17:16:13 +02:00
Matt Johnston
723ec19eed fix checkmac always failing pre-kex 
--HG--
branch : fuzz
 2017-06-11 21:39:40 +08:00
Matt Johnston
fdc6f32392 closer to working 
--HG--
branch : fuzz
 2017-05-20 13:23:16 +08:00
Matt Johnston
fb719e3d0b fuzz harness 
--HG--
branch : fuzz
 2017-05-13 22:50:54 +08:00
Matt Johnston
9f24cdf74c copy over some fuzzing code from AFL branch 
--HG--
branch : fuzz
 2017-05-12 23:14:54 +08:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Francois Perrad
9bda22e702 more hard tab 2016-01-01 15:02:09 +01:00
Francois Perrad
23ac7f56fa refactor indentation with hard tab 2015-12-31 16:00:23 +01:00
Matt Johnston
19e1afbd1c Fix no-writev fallback 2015-05-02 22:47:25 +08:00
Matt Johnston
275611fbaa Make main socket nonblocking. Limit writequeue size. 2015-03-20 23:36:42 +08:00
Matt Johnston
20f9683ae0 avoid malloc for iovec 2015-03-20 22:53:32 +08:00
Matt Johnston
f367273549 allocate buffer and data in a single allocation 
--HG--
branch : nocircbuffer
 2015-03-01 21:16:09 +08:00
Matt Johnston
579463933b A bit of a bodge to avoid memcpy if zlib is disabled 
--HG--
branch : nocircbuffer
 2015-03-01 00:57:21 +08:00
Matt Johnston
364a53577e Move generic network routines to netio.c 
--HG--
branch : fastopen
 2015-02-20 23:16:38 +08:00
Matt Johnston
76a3eb393c In theory TFO should work. Needs platform cleanup and testing 
--HG--
branch : fastopen
 2015-02-19 00:32:00 +08:00
Matt Johnston
5f0cc969a0 generalise write iovec handling 
--HG--
branch : fastopen
 2015-02-18 23:02:49 +08:00
Matt Johnston
755c1458f0 async connections working 
--HG--
branch : fastopen
 2015-02-18 22:46:15 +08:00
Matt Johnston
8795d733ec work in progress for async connect 
--HG--
branch : fastopen
 2015-02-18 00:05:27 +08:00
Fedor Brunner
7b2c42aa75 Integrity error (bad packet size %u) negative length 
When corrupted packet is received negative length of packet is
    displayed.
    (re-apply of pull request #8)
 2015-01-23 22:21:06 +08:00
Matt Johnston
628a3f5cca Test for EAGAIN too 2014-08-06 21:55:43 +08:00
Matt Johnston
c884e5000e Make -K keepalive behave like OpenSSH's ServerAliveInterval 2014-07-09 00:15:20 +08:00
Matt Johnston
2a1d28ea3a Be more careful in case a platform doesn't define UIO_MAXIOV nor IOV_MAX 2014-05-20 21:21:02 +08:00
Ronny Meeus
0e0ff51582 Limit size of the iovect passed to writev in packet.c 2014-05-20 21:18:48 +08:00
Ronny Meeus
cd700aaf6e Print errno information in write_packet 2014-05-20 20:56:59 +08:00
Matt Johnston
e767bbb41f Add new monotonic_now() wrapper so that timeouts are unaffected by 
system clock changes
 2014-03-13 23:50:09 +08:00
Yousong Zhou
5baa10a6b6 Use AUTH_TIMEOUT only before authdone != 1. 
While at it, fix a few indentations and typo.
 2014-03-13 16:28:16 +08:00
Matt Johnston
bb7934bf04 A few fixes for cases where compression increases payload sizes, and 
be more precise about maximum channel sizes
 2014-02-22 18:02:09 +08:00
Matt Johnston
cbe63bbabe rename random.h to dbrandom.h since some OSes have a system random.h 
--HG--
rename : random.c => dbrandom.c
rename : random.h => dbrandom.h
 2013-11-14 22:05:47 +08:00
Matt Johnston
de1deaf0bd use oldstyle comments 2013-11-14 22:03:30 +08:00
Matt Johnston
d1dec41f76 Constant time memcmp for the hmac and password crypt 2013-10-03 22:25:30 +08:00
Matt Johnston
49263b5314 Limit decompressed size 2013-05-08 23:23:14 +08:00
Matt Johnston
7f42096d0f Take transmit and receive keys into use separately 2013-04-04 00:18:50 +08:00
Matt Johnston
e2c813df4d Fix MAC bug which would prevent asymmetric hashes 2013-04-03 23:54:58 +08:00
Matt Johnston
90cf7f012c Move the more verbose TRACE() statements into TRACE2() 2013-04-01 00:07:26 +08:00
Matt Johnston
f6b304250b Try using writev() for writing packets out to tcp 2013-03-31 23:15:35 +08:00
Matt Johnston
34f9b2a8f7 Fix "-m none" case where an entire packet fits in a block and can be 
read by read_packet_init()
 2013-03-20 23:13:19 +08:00
Matt Johnston
2bcb60fe56 Fix case where "-K 1" would cause a SSH_MSG_IGNORE packet to be sent 
with the wrong encryption key ("bad packet length" symptom) while
key exchange was happening.

--HG--
extra : convert_revision : f7d27ec094c4aba2a4289c523c722fcb3c3f58ca
 2011-06-07 11:55:44 +00:00
Matt Johnston
d634b502cf - Don't allow setting memLevel since that doesn't work properly 
- Better handling of the case where compressing makes the data
larger (possibly only happens when memLevel is adjusted, but better
to be safe)

--HG--
extra : convert_revision : b31879a384d3bf8cbcbe2ed731d7d79d49799b1d
 2011-02-28 13:51:27 +00:00