ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 02:46:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,872 Commits 5 Branches 63 Tags 14 MiB
6fa49f98c5
Commit Graph

110 Commits

Author SHA1 Message Date
Matt Johnston
8b68eb55d9 Make SHA1 optional, implement SHA256 fingerprints 
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
 2022-03-30 11:44:04 +08:00
Matt Johnston
cb9a00951f Use buf_burn_free() instead of two calls 2022-03-29 23:47:30 +08:00
HansH111
94b693b43c changed TRACE to DEBUG2 for dbclient 2022-03-19 09:03:51 +00:00
Matt Johnston
5567c238a7 Disallow extra kexinit messages 
--HG--
branch : fuzz
 2020-10-18 22:17:54 +08:00
Vladislav Grishenko
413eaf1ba1
Allow DH to be completely disabled (#97) 
Reduces binary size by ~2kB by default and by 21kB with no other
libtommath functions users, ex. with curve25519 kex and ed25519
key only.
 2020-05-28 23:01:48 +08:00
Matt Johnston
a015cc7594 Fix indentation and add braces 2020-05-28 22:55:49 +08:00
Steffen Jaeckel
b4bd23b4d2
Update LibTomMath to 1.2.0 (#84) 
* update C files

* update other files

* update headers

* update makefiles

* remove mp_set/get_double()

* use ltm 1.2.0 API

* update ltm_desc

* use bundled tommath if system-tommath is too old

* XMALLOC etc. were changed to MP_MALLOC etc.
 2020-05-26 23:36:47 +08:00
Matt Johnston
d277f140ba merge rsa-sha256 2020-05-26 00:24:02 +08:00
Vladislav Grishenko
d3d0d60076
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) 
* Add Chacha20-Poly1305 authenticated encryption

* Add general AEAD approach.
* Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and
  poly1305 routines.

Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.

function                                             old     new   delta
chacha_crypt                                           -    1397   +1397
_poly1305_block                                        -     608    +608
poly1305_done                                          -     595    +595
dropbear_chachapoly_crypt                              -     457    +457
.rodata                                            26976   27392    +416
poly1305_process                                       -     290    +290
poly1305_init                                          -     221    +221
chacha_setup                                           -     218    +218
encrypt_packet                                      1068    1270    +202
dropbear_chachapoly_getlength                          -     147    +147
decrypt_packet                                       756     897    +141
chacha_ivctr64                                         -     137    +137
read_packet                                          543     637     +94
dropbear_chachapoly_start                              -      94     +94
read_kex_algos                                       792     880     +88
chacha_keystream                                       -      69     +69
dropbear_mode_chachapoly                               -      48     +48
sshciphers                                           280     320     +40
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_chachapoly_mac                                -      24     +24
dropbear_chachapoly                                    -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0)         Total: 5388 bytes

* Add AES128-GCM and AES256-GCM authenticated encryption

* Add general AES-GCM mode.
* Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using
  LibTomCrypt gcm routines.

AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.

function                                             old     new   delta
gcm_process                                            -    1060   +1060
.rodata                                            26976   27808    +832
gcm_gf_mult                                            -     820    +820
gcm_add_aad                                            -     660    +660
gcm_shift_table                                        -     512    +512
gcm_done                                               -     471    +471
gcm_add_iv                                             -     384    +384
gcm_init                                               -     347    +347
dropbear_gcm_crypt                                     -     309    +309
encrypt_packet                                      1068    1270    +202
decrypt_packet                                       756     897    +141
gcm_reset                                              -     118    +118
read_packet                                          543     637     +94
read_kex_algos                                       792     880     +88
sshciphers                                           280     360     +80
gcm_mult_h                                             -      80     +80
dropbear_gcm_start                                     -      62     +62
dropbear_mode_gcm                                      -      48     +48
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_ghash                                         -      24     +24
dropbear_gcm_getlength                                 -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0)         Total: 6434 bytes
 2020-05-25 23:50:25 +08:00
Matt Johnston
701d43b859 send and handle SSH_MSG_EXT_INFO only at the correct point 
- other fixes for rsa pubkey auth
- only include ext-info handling when rsa pubkey auth is compiled
 2020-05-24 14:16:58 +08:00
Matt Johnston
331d4a714f Make server send SSH_MSG_EXT_INFO 
Ensure that only valid hostkey algorithms are sent in the first kex guess
 2020-05-21 23:00:22 +08:00
Matt Johnston
5acee497bf ext-info handling for server-sig-algs 
only client side is handled
 2020-05-19 00:31:41 +08:00
Matt Johnston
7dc2f36c3e use sigtype where appropriate 2020-04-06 23:18:26 +08:00
Vladislav Grishenko
3d12521735
Add Ed25519 support (#91) 
* Add support for Ed25519 as a public key type

Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.

OpenSSH key import and fuzzer are not supported yet.

Initially inspired by Peter Szabo.

* Add curve25519 and ed25519 fuzzers

* Add import and export of Ed25519 keys
 2020-03-12 00:09:45 +08:00
Matt Johnston
38c9408cf8 avoid leak of ecdh public key 2018-03-08 23:51:33 +08:00
Matt Johnston
c658b275fd - #if not #ifdef for DROPBEAR_FUZZ 
- fix some unused variables

--HG--
branch : fuzz
 2018-02-28 21:40:08 +08:00
Matt Johnston
7e8094d53a merge from main 
--HG--
branch : fuzz
 2018-02-17 19:29:51 +08:00
Matt Johnston
89bdf3b0b9 add fuzzer-preauth_nomaths 
--HG--
branch : fuzz
 2018-01-23 23:05:47 +08:00
Francois Perrad
89e64c631e Pointer parameter could be declared as pointing to const 2017-08-19 17:16:13 +02:00
Matt Johnston
88ce30beb6 merge from main 
--HG--
branch : fuzz
 2017-06-14 23:31:42 +08:00
Francois Perrad
9dcb04a1e0 fix DEBUG_* condition 2017-06-01 19:10:37 +02:00
Matt Johnston
114438e669 zlib can use m_malloc/m_free too 
--HG--
branch : fuzz
 2017-05-22 22:09:26 +08:00
Matt Johnston
c169423051 glaring wrapfd problems fixed 
--HG--
branch : fuzz
 2017-05-20 22:47:19 +08:00
Matt Johnston
fdc6f32392 closer to working 
--HG--
branch : fuzz
 2017-05-20 13:23:16 +08:00
Matt Johnston
4dae8edb76 merge main to fuzz 
--HG--
branch : fuzz
 2017-05-18 23:45:10 +08:00
Matt Johnston
9f24cdf74c copy over some fuzzing code from AFL branch 
--HG--
branch : fuzz
 2017-05-12 23:14:54 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Matt Johnston
645b254173 Merge branch '20151231_indent' of https://github.com/fperrad/dropbear into fperrad-20151231_indent 2016-03-15 21:41:06 +08:00
Matt Johnston
09e83ad742 Move dh group constants to a separate file 2016-01-14 21:54:58 +08:00
Francois Perrad
9bda22e702 more hard tab 2016-01-01 15:02:09 +01:00
Matt Johnston
2293e3d105 check for zero K value from curve25519 2015-11-25 22:15:59 +08:00
Matt Johnston
839e023ed8 check ecc key return, fix null pointer crash 2015-06-23 21:48:13 +08:00
Matt Johnston
1a4db21fe4 buf_getstring and buf_putstring now use non-unsigned char* 2015-06-04 23:08:50 +08:00
Gaël PORTAY
947d2697cf Turn sshsession's remoteident attribute into char * 2015-05-05 20:39:14 +02:00
Gaël PORTAY
224b16b247 Fix pointer differ in signess warnings [-Werror=pointer-sign] 2015-05-05 20:39:13 +02:00
Matt Johnston
579463933b A bit of a bodge to avoid memcpy if zlib is disabled 
--HG--
branch : nocircbuffer
 2015-03-01 00:57:21 +08:00
Matt Johnston
c44a78a2e6 Tighten validation of DH values. Odds of x==0 being generated are 
improbable, roughly 2**-1023
Regression in 0.49
 2015-02-10 21:46:19 +08:00
Matt Johnston
a7a79d569a Disable non-delayed zlib for server 2015-01-28 21:38:27 +08:00
Matt Johnston
b24984deb3 clear hash state memory after use 2015-01-04 23:10:59 +08:00
Matt Johnston
e767bbb41f Add new monotonic_now() wrapper so that timeouts are unaffected by 
system clock changes
 2014-03-13 23:50:09 +08:00
Matt Johnston
12e7d570a2 Make some debug info conditional 2014-02-24 20:53:32 +08:00
Matt Johnston
55a0c5068f requirenext doesn't need two values 2014-01-23 22:25:52 +08:00
Matt Johnston
8128b15e41 Fix failing rekeying when we receive a still-in-flight packet 2014-01-23 21:56:35 +08:00
Matt Johnston
61cecbb337 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default 2014-01-17 21:39:27 +08:00
Matt Johnston
cbe63bbabe rename random.h to dbrandom.h since some OSes have a system random.h 
--HG--
rename : random.c => dbrandom.c
rename : random.h => dbrandom.h
 2013-11-14 22:05:47 +08:00
Matt Johnston
de1deaf0bd use oldstyle comments 2013-11-14 22:03:30 +08:00
Matt Johnston
a65f84db38 - Some fixes for old compilers like tru64 v4 from Daniel Richard G. 
- Don't warn about blocking random device for prngd
 2013-11-14 21:36:45 +08:00
Matt Johnston
e60a84d0ed Various cleanups and fixes for warnings 
--HG--
branch : ecc
 2013-11-12 23:02:32 +08:00
Matt Johnston
0162c116da curve25519 
--HG--
branch : ecc
 2013-11-08 23:11:43 +08:00