Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Matt Johnston
dropbear
Commits
74cad161
Commit
74cad161
authored
Mar 27, 2013
by
Matt Johnston
Browse files
more bits on ecc branch
--HG-- branch : ecc
parent
73e22c11
Changes
11
Hide whitespace changes
Inline
Side-by-side
Makefile.in
View file @
74cad161
...
...
@@ -26,7 +26,7 @@ COMMONOBJS=dbutil.o buffer.o \
dss.o bignum.o
\
signkey.o rsa.o random.o
\
queue.o
\
atomicio.o compat.o
fake-rfc2553.o ltc_prng.o ecc.o
atomicio.o compat.o fake-rfc2553.o ltc_prng.o ecc.o
SVROBJS
=
svr-kex.o svr-algo.o svr-auth.o sshpty.o
\
svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o
\
...
...
algo.h
View file @
74cad161
...
...
@@ -79,6 +79,20 @@ struct dropbear_hash {
unsigned
char
hashsize
;
};
struct
dropbear_kex
{
// "normal" DH KEX
unsigned
char
*
dh_p_bytes
;
int
dh_p_len
;
// elliptic curve DH KEX
#ifdef DROPBEAR_ECDH
const
struct
dropbear_ecc_curve
*
ecc_curve
;
#endif
// both
const
struct
ltc_hash_descriptor
*
hashdesc
;
};
void
crypto_init
();
int
have_algo
(
char
*
algo
,
size_t
algolen
,
algo_type
algos
[]);
void
buf_put_algolist
(
buffer
*
buf
,
algo_type
localalgos
[]);
...
...
@@ -94,14 +108,16 @@ int check_user_algos(const char* user_algo_list, algo_type * algos,
char
*
algolist_string
(
algo_type
algos
[]);
#endif
enum
{
enum
kex_type
{
DROPBEAR_KEX_DH_GROUP1
,
DROPBEAR_KEX_DH_GROUP14
,
DROPBEAR_KEX_ECDH_SECP256R1
,
DROPBEAR_KEX_ECDH_SECP384R1
,
DROPBEAR_KEX_ECDH_SECP521R1
,
};
#ifdef DROPBEAR_ECDH
#define IS_NORMAL_DH(algo) ((algo)
== DROPBEAR_KEX_DH_GROUP1 || (algo) == DROPBEAR_KEX_DH_GROUP14
)
#define IS_NORMAL_DH(algo) ((algo)
->dh_p_bytes != NULL
)
#else
#define IS_NORMAL_DH(algo) 1
#endif
...
...
cli-kex.c
View file @
74cad161
...
...
@@ -49,7 +49,7 @@ void send_msg_kexdh_init() {
buf_putmpint
(
ses
.
writepayload
,
&
cli_ses
.
dh_param
->
pub
);
}
else
{
#ifdef DROPBEAR_ECDH
cli_ses
.
ecdh_param
=
cli_ses
.
ecdh_param
=
gen_kexecdh_param
();
#endif
}
encrypt_packet
();
...
...
common-algo.c
View file @
74cad161
...
...
@@ -212,10 +212,36 @@ algo_type sshhostkey[] = {
{
NULL
,
0
,
NULL
,
0
,
NULL
}
};
static
struct
dropbear_kex
kex_dh_group1
{
dh_p_1
,
DH_P_1_LEN
,
NULL
,
sha1_desc
};
static
struct
dropbear_kex
kex_dh_group14
{
dh_p_14
,
DH_P_14_LEN
,
NULL
,
sha1_desc
};
#ifdef DROPBEAR_ECC_DH
#ifdef DROPBEAR_ECC_256
static
struct
dropbear_kex
kex_ecdh_secp256r1
{
NULL
,
0
,
&
ecc_curve_secp256r1
,
sha256_desc
};
#endif
#ifdef DROPBEAR_ECC_384
static
struct
dropbear_kex
kex_ecdh_secp384r1
{
NULL
,
0
,
&
ecc_curve_secp384r1
,
sha384_desc
};
#endif
#ifdef DROPBEAR_ECC_521
static
struct
dropbear_kex
kex_ecdh_secp521r1
{
NULL
,
0
,
&
ecc_curve_secp521r1
,
sha512_desc
};
#endif
#endif // DROPBEAR_ECC_DH
algo_type
sshkex
[]
=
{
// {"ecdh-sha2-secp256r1", DROPBEAR_KEX_ECDH_SECP256R1, NULL, 1, NULL},
{
"diffie-hellman-group1-sha1"
,
DROPBEAR_KEX_DH_GROUP1
,
NULL
,
1
,
NULL
},
{
"diffie-hellman-group14-sha1"
,
DROPBEAR_KEX_DH_GROUP14
,
NULL
,
1
,
NULL
},
#ifdef DROPBEAR_ECC_DH
#ifdef DROPBEAR_ECC_256
{
"ecdh-sha2-secp256r1"
,
0
,
&
kex_ecdh_descp256r1
,
1
,
NULL
},
#endif
#ifdef DROPBEAR_ECC_384
{
"ecdh-sha2-secp384r1"
,
0
,
&
kex_ecdh_descp384r1
,
1
,
NULL
},
#endif
#ifdef DROPBEAR_ECC_521
{
"ecdh-sha2-secp521r1"
,
0
,
&
kex_ecdh_descp521r1
,
1
,
NULL
},
#endif
#endif
{
"diffie-hellman-group1-sha1"
,
0
,
&
kex_dh_group1
,
1
,
NULL
},
{
"diffie-hellman-group14-sha1"
,
0
,
&
kex_dh_group14
,
1
,
NULL
},
{
NULL
,
0
,
NULL
,
0
,
NULL
}
};
...
...
common-kex.c
View file @
74cad161
...
...
@@ -36,8 +36,7 @@
#include "runopts.h"
/* diffie-hellman-group1-sha1 value for p */
#define DH_P_1_LEN 128
static
const
unsigned
char
dh_p_1
[
DH_P_1_LEN
]
=
{
const
unsigned
char
dh_p_1
[
DH_P_1_LEN
]
=
{
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xC9
,
0x0F
,
0xDA
,
0xA2
,
0x21
,
0x68
,
0xC2
,
0x34
,
0xC4
,
0xC6
,
0x62
,
0x8B
,
0x80
,
0xDC
,
0x1C
,
0xD1
,
0x29
,
0x02
,
0x4E
,
0x08
,
0x8A
,
0x67
,
0xCC
,
0x74
,
0x02
,
0x0B
,
0xBE
,
0xA6
,
...
...
@@ -51,8 +50,7 @@ static const unsigned char dh_p_1[DH_P_1_LEN] = {
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
};
/* diffie-hellman-group14-sha1 value for p */
#define DH_P_14_LEN 256
static
const
unsigned
char
dh_p_14
[
DH_P_14_LEN
]
=
{
const
unsigned
char
dh_p_14
[
DH_P_14_LEN
]
=
{
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xFF
,
0xC9
,
0x0F
,
0xDA
,
0xA2
,
0x21
,
0x68
,
0xC2
,
0x34
,
0xC4
,
0xC6
,
0x62
,
0x8B
,
0x80
,
0xDC
,
0x1C
,
0xD1
,
0x29
,
0x02
,
0x4E
,
0x08
,
0x8A
,
0x67
,
0xCC
,
0x74
,
0x02
,
0x0B
,
0xBE
,
0xA6
,
...
...
@@ -536,14 +534,8 @@ void recv_msg_kexinit() {
static
void
load_dh_p
(
mp_int
*
dh_p
)
{
switch
(
ses
.
newkeys
->
algo_kex
)
{
case
DROPBEAR_KEX_DH_GROUP1
:
bytes_to_mp
(
dh_p
,
dh_p_1
,
DH_P_1_LEN
);
break
;
case
DROPBEAR_KEX_DH_GROUP14
:
bytes_to_mp
(
dh_p
,
dh_p_14
,
DH_P_14_LEN
);
break
;
}
bytes_to_mp
(
dh_p
,
ses
.
newkeys
->
algo_kex
->
dh_p_bytes
,
ses
.
newkeys
->
algo_kex
->
dh_p_len
);
}
/* Initialises and generate one side of the diffie-hellman key exchange values.
...
...
@@ -667,11 +659,84 @@ void kexdh_comb_key(struct kex_dh_param *param, mp_int *dh_pub_them,
#ifdef DROPBEAR_ECDH
struct
kex_ecdh_param
*
gen_kexecdh_param
()
{
struct
kex_ecdh_param
*
param
=
m_malloc
(
sizeof
(
*
param
));
if
(
ecc_make_key_ex
(
NULL
,
dropbear_ltc_prng
,
&
param
->
key
if
(
ecc_make_key_ex
(
NULL
,
dropbear_ltc_prng
,
&
param
->
key
,
ses
.
newkeys
->
algo_kex
->
ecc_curve
)
!=
CRYPT_OK
)
{
dropbear_exit
(
"ECC error"
)
}
return
param
;
}
void
free_kexecdh_param
(
struct
kex_ecdh_param
*
param
)
{
ecc_free
(
&
param
->
key
);
m_free
(
param
);
}
void
free_kexecdh_param
(
struct
kex_ecdh_param
*
param
);
void
kexecdh_comb_key
(
struct
kex_ecdh_param
*
param
,
buffer
*
pub_them
,
sign_key
*
hostkey
);
sign_key
*
hostkey
)
{
hash_state
hs
;
// public keys from client and server
ecc_key
*
Q_C
,
*
Q_S
,
*
Q_them
;
// XXX load Q_them
ses
.
dh_K
=
dropbear_ecc_shared_secret
()
/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
if
(
mp_cmp
(
dh_pub_them
,
&
dh_p
)
!=
MP_LT
||
mp_cmp_d
(
dh_pub_them
,
0
)
!=
MP_GT
)
{
dropbear_exit
(
"Diffie-Hellman error"
);
}
/* K = e^y mod p = f^x mod p */
ses
.
dh_K
=
(
mp_int
*
)
m_malloc
(
sizeof
(
mp_int
));
m_mp_init
(
ses
.
dh_K
);
if
(
mp_exptmod
(
dh_pub_them
,
&
param
->
priv
,
&
dh_p
,
ses
.
dh_K
)
!=
MP_OKAY
)
{
dropbear_exit
(
"Diffie-Hellman error"
);
}
/* clear no longer needed vars */
mp_clear_multi
(
&
dh_p
,
NULL
);
/* From here on, the code needs to work with the _same_ vars on each side,
* not vice-versaing for client/server */
if
(
IS_DROPBEAR_CLIENT
)
{
dh_e
=
&
param
->
pub
;
dh_f
=
dh_pub_them
;
}
else
{
dh_e
=
dh_pub_them
;
dh_f
=
&
param
->
pub
;
}
/* Create the remainder of the hash buffer, to generate the exchange hash */
/* K_S, the host key */
buf_put_pub_key
(
ses
.
kexhashbuf
,
hostkey
,
ses
.
newkeys
->
algo_hostkey
);
/* e, exchange value sent by the client */
buf_putmpint
(
ses
.
kexhashbuf
,
dh_e
);
/* f, exchange value sent by the server */
buf_putmpint
(
ses
.
kexhashbuf
,
dh_f
);
/* K, the shared secret */
buf_putmpint
(
ses
.
kexhashbuf
,
ses
.
dh_K
);
/* calculate the hash H to sign */
sha1_init
(
&
hs
);
buf_setpos
(
ses
.
kexhashbuf
,
0
);
sha1_process
(
&
hs
,
buf_getptr
(
ses
.
kexhashbuf
,
ses
.
kexhashbuf
->
len
),
ses
.
kexhashbuf
->
len
);
sha1_done
(
&
hs
,
ses
.
hash
);
buf_burn
(
ses
.
kexhashbuf
);
buf_free
(
ses
.
kexhashbuf
);
ses
.
kexhashbuf
=
NULL
;
/* first time around, we set the session_id to H */
if
(
ses
.
session_id
==
NULL
)
{
/* create the session_id, this never needs freeing */
ses
.
session_id
=
(
unsigned
char
*
)
m_malloc
(
SHA1_HASH_SIZE
);
memcpy
(
ses
.
session_id
,
ses
.
hash
,
SHA1_HASH_SIZE
);
}
}
#endif
/* read the other side's algo list. buf_match_algo is a callback to match
...
...
@@ -707,7 +772,7 @@ static void read_kex_algos() {
goto
error
;
}
TRACE
((
"kex algo %s"
,
algo
->
name
))
ses
.
newkeys
->
algo_kex
=
algo
->
val
;
ses
.
newkeys
->
algo_kex
=
algo
->
data
;
/* server_host_key_algorithms */
algo
=
ses
.
buf_match_algo
(
ses
.
payload
,
sshhostkey
,
&
goodguess
);
...
...
ecc.c
View file @
74cad161
#include "includes.h"
#include "options.h"
#include "ecc.h"
#ifdef DROPBEAR_ECC
#ifdef DROPBEAR_ECC_256
const
struct
ecc_curve_secp256r1
{
.
ltc_set
=
&
ltc_ecc_sets
[
0
],
.
hash_desc
=
sha256_desc
,
.
name
=
"secp256r1"
};
#endif
#ifdef DROPBEAR_ECC_384
const
struct
ecc_curve_secp384r1
{
.
ltc_set
=
&
ltc_ecc_sets
[
1
],
.
hash_desc
=
sha384_desc
,
.
name
=
"secp384r1"
};
#endif
#ifdef DROPBEAR_ECC_256
const
struct
ecc_curve_secp256r1
{
.
ltc_set
=
&
ltc_ecc_sets
[
0
],
.
hash_desc
=
sha256_desc
,
.
name
=
"secp256r1"
};
#endif
void
buf_put_ecc_key_string
(
buffer
*
buf
,
ecc_key
*
key
)
{
// XXX point compression
int
len
=
key
->
dp
->
size
*
2
+
1
;
buf_putint
(
len
);
int
err
=
ecc_ansi_x963_export
(
key
,
buf_getwriteptr
(
buf
,
len
),
&
len
);
...
...
@@ -13,5 +44,71 @@ void buf_put_ecc_key_string(buffer *buf, ecc_key *key) {
int
buf_get_ecc_key_string
(
buffer
*
buf
,
ecc_key
*
key
)
{
}
// a modified version of libtomcrypt's "ecc_shared_secret" to output
// a mp_int instead.
mp_int
*
dropbear_ecc_shared_secret
(
ecc_key
*
public_key
,
ecc_key
*
private_key
)
{
ecc_point
*
result
=
NULL
mp_int
*
prime
=
NULL
,
*
shared_secret
=
NULL
;
int
ret
=
DROPBEAR_FAILURE
;
/* type valid? */
if
(
private_key
->
type
!=
PK_PRIVATE
)
{
goto
done
;
}
if
(
private_key
->
dp
!=
public_key
->
dp
)
{
goto
done
;
}
#if 0
// XXX - possibly not neccessary tests?
if (ltc_ecc_is_valid_idx(private_key->idx) == 0 || ltc_ecc_is_valid_idx(public_key->idx) == 0) {
goto done;
}
if (XSTRCMP(private_key->dp->name, public_key->dp->name) != 0) {
goto done;
}
#endif
/* make new point */
result
=
ltc_ecc_new_point
();
if
(
result
==
NULL
)
{
goto
done
;
}
prime
=
m_malloc
(
sizeof
(
*
prime
));
m_mp_init
(
prime
);
if
(
mp_read_radix
(
prime
,
(
char
*
)
private_key
->
dp
->
prime
,
16
)
!=
CRYPT_OK
)
{
goto
done
;
}
if
(
ltc_mp
.
ecc_ptmul
(
private_key
->
k
,
&
public_key
->
pubkey
,
result
,
prime
,
1
)
!=
CRYPT_OK
)
{
goto
done
;
}
err
=
DROPBEAR_SUCCESS
;
done:
if
(
err
==
DROPBEAR_SUCCESS
)
{
shared_secret
=
prime
;
prime
=
NULL
;
}
if
(
prime
)
{
mp_clear
(
prime
);
m_free
(
prime
);
}
ltc_ecc_del_point
(
result
);
if
(
err
==
DROPBEAR_FAILURE
)
{
dropbear_exit
(
"ECC error"
);
}
return
shared_secret
;
return
err
;
}
}
#endif
ecc.h
0 → 100644
View file @
74cad161
#ifndef _DROPBEAR_ECC_H
#define _DROPBEAR_ECC_H
#include "includes.h"
#include "options.h"
#include "buffer.h"
#ifdef DROPBEAR_ECC
struct
dropbear_ecc_curve
{
const
ltc_ecc_set_type
*
ltc_set
;
const
struct
ltc_hash_descriptor
*
hash_desc
;
const
char
*
name
;
};
extern
const
struct
dropbear_ecc_curve
ecc_curve_secp256r1
;
extern
const
struct
dropbear_ecc_curve
ecc_curve_secp384r1
;
extern
const
struct
dropbear_ecc_curve
ecc_curve_secp521r1
;
// "pubkey" refers to a point, but LTC uses ecc_key structure for both public
// and private keys
void
buf_put_ecc_pubkey_string
(
buffer
*
buf
,
ecc_key
*
key
);
int
buf_get_ecc_pubkey_string
(
buffer
*
buf
,
ecc_key
*
key
);
int
buf_get_ecc_privkey_string
(
buffer
*
buf
,
ecc_key
*
key
);
mp_int
*
dropbear_ecc_shared_secret
(
ecc_key
*
pub_key
,
ecc_key
*
priv_key
);
const
ltc_ecc_set_type
*
get_ecc_curve
(
enum
kex_type
type
);
#endif
#endif // _DROPBEAR_ECC_H
\ No newline at end of file
kex.h
View file @
74cad161
...
...
@@ -73,6 +73,11 @@ struct KEXState {
};
#define DH_P_1_LEN 128
extern
const
const
unsigned
char
dh_p_1
[
DH_P_1_LEN
];
#define DH_P_14_LEN 256
const
unsigned
char
dh_p_14
[
DH_P_14_LEN
]
=
{
struct
kex_dh_param
{
mp_int
pub
;
mp_int
priv
;
...
...
libtomcrypt/src/headers/tomcrypt_custom.h
View file @
74cad161
...
...
@@ -134,12 +134,18 @@
#define LTC_HMAC
#ifdef DROPBEAR_EC
DH
#ifdef DROPBEAR_EC
C
#define MECC
#ifdef DROPBEAR_ECC_256
#define ECC256
#endif
#ifdef DROPBEAR_ECC_384
#define ECC384
#endif
#ifdef DROPBEAR_ECC_521
#define ECC521
#endif
#endif
/* Various tidbits of modern neatoness */
#define BASE64
...
...
session.h
View file @
74cad161
...
...
@@ -86,7 +86,7 @@ struct key_context {
struct
key_context_directional
recv
;
struct
key_context_directional
trans
;
int
algo_kex
;
const
struct
dropbear_kex
*
algo_kex
;
int
algo_hostkey
;
int
allow_compress
;
/* whether compression has started (useful in
...
...
sysoptions.h
View file @
74cad161
...
...
@@ -93,6 +93,13 @@
#define DROPBEAR_ECC
#endif
#ifdef DROPBEAR_ECC
#define DROPBEAR_ECC_256
#define DROPBEAR_ECC_384
#define DROPBEAR_ECC_521
#endif
// roughly 2x 521 bits
#define MAX_ECC_SIZE 140
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment