ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 05:17:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,878 Commits 5 Branches 63 Tags 14 MiB
7a53c7f0f4
Commit Graph

95 Commits

Author SHA1 Message Date
Matt Johnston
cda8070898 Remove hmac-md5 entirely 2022-11-10 17:10:16 +08:00
Matt Johnston
6dc029f2cb Remove twofish and remnants of blowfish 
Twofish CTR was never enabled by default and CBC modes are
deprecated
 2022-03-30 10:23:39 +08:00
Matt Johnston
3521b58690 Revert "Don't include sk keys at all in KEX list" 
This reverts git commit f972813ecd.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
 2022-03-24 13:42:08 +08:00
HansH111
193d967123 changed TRACE to DEBUG3 for dbclient 2022-03-19 09:04:18 +00:00
Matt Johnston
a95ca34a10 Fix incorrect algolist TRACE print 2022-02-01 22:12:25 +08:00
Matt Johnston
f972813ecd Don't include sk keys at all in KEX list 2022-01-23 17:29:39 +08:00
egor-duda
5edd2ce32e
Implement server-side support for sk-ecdsa U2F-backed keys (#142) 
* Implement server-side support for sk-ecdsa U2F-backed keys

* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys

* Fix one more potential out-of-bounds read

* Check if nistp256 curve is used in sk-ecdsa-sha2- key

It's the only allowed curve per PROTOCOL.u2f specification

* Implement server-side support for sk-ed25519 FIDO2-backed keys

* Keys with type sk-* make no sense as host keys, so they should be
disabled

* fix typo

* Make sk-ecdsa call buf_ecdsa_verify

This reduces code duplication, the SK code just handles the
different message format.

* Reduce sk specific code

The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey

* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled

* Proper cleanup of sk_app

Co-authored-by: Matt Johnston <matt@codeconstruct.com.au>
 2022-01-22 21:53:04 +08:00
Matt Johnston
b070bcd570 Make "Too many remote algorithms" exit rather than log 
It's fatal anyway, makes logs more concise.
 2020-10-24 19:28:29 +08:00
Matt Johnston
1a208c460b Increase MAX_PROPOSED_ALGO to 50, warn if exceeded 2020-10-23 20:53:58 +08:00
Matt Johnston
6145289e0d Remove blowfish 2020-06-10 23:42:42 +08:00
Matt Johnston
d277f140ba merge rsa-sha256 2020-05-26 00:24:02 +08:00
Vladislav Grishenko
61267f8503
CBC mode cleanup (#95) 
* Fix CBC mode can't be fully disabled

* Fix CBC mode can't be the only mode
 2020-05-25 23:55:13 +08:00
Vladislav Grishenko
d3d0d60076
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93) 
* Add Chacha20-Poly1305 authenticated encryption

* Add general AEAD approach.
* Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and
  poly1305 routines.

Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.

function                                             old     new   delta
chacha_crypt                                           -    1397   +1397
_poly1305_block                                        -     608    +608
poly1305_done                                          -     595    +595
dropbear_chachapoly_crypt                              -     457    +457
.rodata                                            26976   27392    +416
poly1305_process                                       -     290    +290
poly1305_init                                          -     221    +221
chacha_setup                                           -     218    +218
encrypt_packet                                      1068    1270    +202
dropbear_chachapoly_getlength                          -     147    +147
decrypt_packet                                       756     897    +141
chacha_ivctr64                                         -     137    +137
read_packet                                          543     637     +94
dropbear_chachapoly_start                              -      94     +94
read_kex_algos                                       792     880     +88
chacha_keystream                                       -      69     +69
dropbear_mode_chachapoly                               -      48     +48
sshciphers                                           280     320     +40
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_chachapoly_mac                                -      24     +24
dropbear_chachapoly                                    -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0)         Total: 5388 bytes

* Add AES128-GCM and AES256-GCM authenticated encryption

* Add general AES-GCM mode.
* Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using
  LibTomCrypt gcm routines.

AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.

function                                             old     new   delta
gcm_process                                            -    1060   +1060
.rodata                                            26976   27808    +832
gcm_gf_mult                                            -     820    +820
gcm_add_aad                                            -     660    +660
gcm_shift_table                                        -     512    +512
gcm_done                                               -     471    +471
gcm_add_iv                                             -     384    +384
gcm_init                                               -     347    +347
dropbear_gcm_crypt                                     -     309    +309
encrypt_packet                                      1068    1270    +202
decrypt_packet                                       756     897    +141
gcm_reset                                              -     118    +118
read_packet                                          543     637     +94
read_kex_algos                                       792     880     +88
sshciphers                                           280     360     +80
gcm_mult_h                                             -      80     +80
dropbear_gcm_start                                     -      62     +62
dropbear_mode_gcm                                      -      48     +48
dropbear_mode_none                                    24      48     +24
dropbear_mode_ctr                                     24      48     +24
dropbear_mode_cbc                                     24      48     +24
dropbear_ghash                                         -      24     +24
dropbear_gcm_getlength                                 -      24     +24
gen_new_keys                                         848     854      +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0)         Total: 6434 bytes
 2020-05-25 23:50:25 +08:00
Matt Johnston
701d43b859 send and handle SSH_MSG_EXT_INFO only at the correct point 
- other fixes for rsa pubkey auth
- only include ext-info handling when rsa pubkey auth is compiled
 2020-05-24 14:16:58 +08:00
Matt Johnston
331d4a714f Make server send SSH_MSG_EXT_INFO 
Ensure that only valid hostkey algorithms are sent in the first kex guess
 2020-05-21 23:00:22 +08:00
Matt Johnston
5acee497bf ext-info handling for server-sig-algs 
only client side is handled
 2020-05-19 00:31:41 +08:00
Matt Johnston
972d723484 split signkey_type and signature_type for RSA sha1 vs sha256 2020-05-17 23:58:31 +08:00
Matt Johnston
7dc2f36c3e use sigtype where appropriate 2020-04-06 23:18:26 +08:00
Vladislav Grishenko
3d12521735
Add Ed25519 support (#91) 
* Add support for Ed25519 as a public key type

Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.

OpenSSH key import and fuzzer are not supported yet.

Initially inspired by Peter Szabo.

* Add curve25519 and ed25519 fuzzers

* Add import and export of Ed25519 keys
 2020-03-12 00:09:45 +08:00
Matt Johnston
4058574cfa add curve25519-sha256 without @libssh.org 2018-02-20 19:35:26 +08:00
Matt Johnston
f2d86ae7d3 group14-sha256 should be higher than group14-sha1 2018-02-18 22:47:51 +08:00
Matt Johnston
4b021ae6f0 Remove none cipher 2018-02-09 23:40:23 +08:00
Francois Perrad
89e64c631e Pointer parameter could be declared as pointing to const 2017-08-19 17:16:13 +02:00
Matt Johnston
c6e912f9e2 merge 2016.74 2016-07-21 23:38:42 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Matt Johnston
d6daad29fc options for disabling "normal" DH 2016-05-02 23:48:16 +02:00
Matt Johnston
4f5d0756c2 improve algorithm list parsing 2016-07-11 22:40:38 +08:00
Francois Perrad
893d7be5bf const variables 2016-03-16 22:41:19 +08:00
Matt Johnston
fdc61f3ab2 Get rid of group15, move group16 to sha512. 
New groups are disabled by default pending
draft-ietf-curdle-ssh-kex-sha2-02 being finalised
 2016-03-12 16:21:13 +08:00
Matt Johnston
21ed9480d7 add dh group15 and group16, disabled by default 2016-01-15 00:19:11 +08:00
Matt Johnston
09e83ad742 Move dh group constants to a separate file 2016-01-14 21:54:58 +08:00
Matt Johnston
87d2c9c05c diffie-hellman-group14-sha256 2015-12-11 22:12:12 +08:00
Matt Johnston
1a4db21fe4 buf_getstring and buf_putstring now use non-unsigned char* 2015-06-04 23:08:50 +08:00
Matt Johnston
e7ac4c1ab3 Merge pull request #13 from gazoo74/fix-warnings 
Fix warnings
 2015-06-04 22:25:28 +08:00
Matt Johnston
ecd8505218 Disable twofish-ctr by default, add config option 2015-06-03 22:59:59 +08:00
Gaël PORTAY
6b90885d4f Turn Algo_Type's name attribute into const char * 2015-05-05 20:39:14 +02:00
Gaël PORTAY
224b16b247 Fix pointer differ in signess warnings [-Werror=pointer-sign] 2015-05-05 20:39:13 +02:00
Thorsten Horstmann
ab9439519a Fix for old compilers, variable declarations at beginning of functions 
and /**/ comments
 2015-02-24 20:51:18 +08:00
Matt Johnston
02179b1218 merge 2015-02-13 23:15:12 +08:00
Matt Johnston
b6685bf806 twofish ctr modes 2015-02-04 22:12:06 +08:00
Matt Johnston
4de876f259 Keep sha1 default 2015-01-28 22:14:07 +08:00
Matt Johnston
a7a79d569a Disable non-delayed zlib for server 2015-01-28 21:38:27 +08:00
Fedor Brunner
4122cac66b Prefer stronger algorithms in algorithm negotiation. 
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).

Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.

Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.

(github pull request #9)
 2015-01-23 23:00:25 +08:00
Matt Johnston
6cbb23a819 Add config option to disable cbc. Disable twofish by default 2015-01-23 22:37:14 +08:00
Matt Johnston
de1deaf0bd use oldstyle comments 2013-11-14 22:03:30 +08:00
Matt Johnston
e60a84d0ed Various cleanups and fixes for warnings 
--HG--
branch : ecc
 2013-11-12 23:02:32 +08:00
Matt Johnston
0162c116da curve25519 
--HG--
branch : ecc
 2013-11-08 23:11:43 +08:00
Matt Johnston
814ab77538 Default to some larger key sizes 
--HG--
branch : ecc
 2013-10-31 22:49:15 +08:00
Matt Johnston
04518e9e80 merge in HEAD 
--HG--
branch : ecc
 2013-05-21 12:09:35 +08:00
Matt Johnston
95a21c8fd7 ecdsa is working 
--HG--
branch : ecc
 2013-05-03 23:07:48 +08:00