Commit d6daad29 authored by Matt Johnston's avatar Matt Johnston

options for disabling "normal" DH

parent 4664ce2c
......@@ -83,9 +83,15 @@ struct dropbear_hash {
};
enum dropbear_kex_mode {
#if DROPBEAR_NORMAL_DH
DROPBEAR_KEX_NORMAL_DH,
#endif
#ifdef DROPBEAR_ECDH
DROPBEAR_KEX_ECDH,
#endif
#ifdef DROPBEAR_CURVE25519
DROPBEAR_KEX_CURVE25519,
#endif
};
struct dropbear_kex {
......
......@@ -48,6 +48,7 @@ void send_msg_kexdh_init() {
CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
switch (ses.newkeys->algo_kex->mode) {
#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH:
if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
|| !cli_ses.dh_param) {
......@@ -58,8 +59,9 @@ void send_msg_kexdh_init() {
}
buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
break;
case DROPBEAR_KEX_ECDH:
#endif
#ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
|| !cli_ses.ecdh_param) {
if (cli_ses.ecdh_param) {
......@@ -68,8 +70,8 @@ void send_msg_kexdh_init() {
cli_ses.ecdh_param = gen_kexecdh_param();
}
buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
#endif
break;
#endif
#ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519:
if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
......@@ -80,8 +82,8 @@ void send_msg_kexdh_init() {
cli_ses.curve25519_param = gen_kexcurve25519_param();
}
buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
#endif
break;
#endif
}
cli_ses.param_kex_algo = ses.newkeys->algo_kex;
......@@ -118,6 +120,7 @@ void recv_msg_kexdh_reply() {
}
switch (ses.newkeys->algo_kex->mode) {
#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH:
{
DEF_MP_INT(dh_f);
......@@ -131,15 +134,16 @@ void recv_msg_kexdh_reply() {
mp_clear(&dh_f);
}
break;
case DROPBEAR_KEX_ECDH:
#endif
#ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
{
buffer *ecdh_qs = buf_getstringbuf(ses.payload);
kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
buf_free(ecdh_qs);
}
#endif
break;
#endif
#ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519:
{
......@@ -147,8 +151,8 @@ void recv_msg_kexdh_reply() {
kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
buf_free(ecdh_qs);
}
#endif
break;
#endif
}
if (cli_ses.dh_param) {
......
......@@ -251,11 +251,11 @@ algo_type sshhostkey[] = {
#if DROPBEAR_DH_GROUP1
static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
#endif
#if DROPBEAR_DH_GROUP14
#if DROPBEAR_DH_GROUP14_SHA1
static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
#if DROPBEAR_DH_GROUP14_256
static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
#endif
#if DROPBEAR_DH_GROUP14_SHA256
static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
#endif
#if DROPBEAR_DH_GROUP16
static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
......@@ -295,12 +295,12 @@ algo_type sshkex[] = {
{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
#endif
#endif
#if DROPBEAR_DH_GROUP14
#if DROPBEAR_DH_GROUP14_256
{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
#endif
#if DROPBEAR_DH_GROUP14_SHA1
{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
#endif
#if DROPBEAR_DH_GROUP14_SHA256
{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
#endif
#if DROPBEAR_DH_GROUP1
{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
#endif
......@@ -349,6 +349,7 @@ void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
}
}
buf_putstring(buf, (const char*)algolist->data, algolist->len);
TRACE(("algolist add '%*s'", algolist->len, algolist->data))
buf_free(algolist);
}
......
......@@ -36,9 +36,11 @@
#include "dbutil.h"
#include "ecc.h"
#ifdef DROPBEAR_ECDSA
static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
#endif
#define PUT_32BIT(cp, value) do { \
(cp)[3] = (unsigned char)(value); \
......
......@@ -150,7 +150,7 @@ If you test it please contact the Dropbear author */
/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
* code (either ECDSA or ECDH) increases binary size - around 30kB
* on x86-64 */
#define DROPBEAR_ECDSA
//#define DROPBEAR_ECDSA
/* Generate hostkeys as-needed when the first connection using that key type occurs.
This avoids the need to otherwise run "dropbearkey" and avoids some problems
......@@ -169,18 +169,19 @@ If you test it please contact the Dropbear author */
#define DROPBEAR_ECDH
/* Key exchange algorithm.
* group1 - 1024 bit, sha1
* group14 - 2048 bit, sha1
* group14_256 - 2048 bit, sha2-256
* group14_sha1 - 2048 bit, sha1
* group14_sha256 - 2048 bit, sha2-256
* group16 - 4096 bit, sha2-512
* group1 - 1024 bit, sha1
*
* group14 is supported by most implementations.
* group16 provides a greater strength but is slower and increases binary size
* group1 is necessary if compatibility with Dropbear versions < 0.53 is required
* group16 provides a greater strength level but is slower and increases binary size
* group1 is too small for security though is necessary if you need
compatibility with some implementations such as Dropbear versions < 0.53
*/
#define DROPBEAR_DH_GROUP1 1
#define DROPBEAR_DH_GROUP14 1
#define DROPBEAR_DH_GROUP14_256 1
#define DROPBEAR_DH_GROUP14_SHA1 1
#define DROPBEAR_DH_GROUP14_SHA256 1
#define DROPBEAR_DH_GROUP16 0
/* Control the memory/performance/compression tradeoff for zlib.
......
......@@ -54,18 +54,24 @@ void recv_msg_kexdh_init() {
}
switch (ses.newkeys->algo_kex->mode) {
#if DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH:
m_mp_init(&dh_e);
if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) {
dropbear_exit("Bad kex value");
}
break;
#endif
#ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
#endif
#ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519:
#endif
#if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519)
ecdh_qs = buf_getstringbuf(ses.payload);
#endif
break;
#endif
}
if (ses.payload->pos != ses.payload->len) {
dropbear_exit("Bad kex value");
......@@ -221,6 +227,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
ses.newkeys->algo_hostkey);
switch (ses.newkeys->algo_kex->mode) {
#ifdef DROPBEAR_NORMAL_DH
case DROPBEAR_KEX_NORMAL_DH:
{
struct kex_dh_param * dh_param = gen_kexdh_param();
......@@ -231,8 +238,9 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
free_kexdh_param(dh_param);
}
break;
case DROPBEAR_KEX_ECDH:
#endif
#ifdef DROPBEAR_ECDH
case DROPBEAR_KEX_ECDH:
{
struct kex_ecdh_param *ecdh_param = gen_kexecdh_param();
kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
......@@ -240,18 +248,18 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key);
free_kexecdh_param(ecdh_param);
}
#endif
break;
case DROPBEAR_KEX_CURVE25519:
#endif
#ifdef DROPBEAR_CURVE25519
case DROPBEAR_KEX_CURVE25519:
{
struct kex_curve25519_param *param = gen_kexcurve25519_param();
kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey);
buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN);
free_kexcurve25519_param(param);
}
#endif
break;
#endif
}
/* calc the signature */
......
......@@ -113,7 +113,7 @@
#define RSA_BLINDING
/* hashes which will be linked and registered */
#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14
#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14_SHA256
#define DROPBEAR_SHA256
#endif
#if defined(DROPBEAR_ECC_384)
......@@ -125,6 +125,14 @@
#endif
#if defined(DROPBEAR_MD5_HMAC)
#define DROPBEAR_MD5
#endif
#if DROPBEAR_DH_GROUP14_SHA256 || DROPBEAR_DH_GROUP14_SHA1
#define DROPBEAR_DH_GROUP14 1
#endif
#if DROPBEAR_DH_GROUP1 || DROPBEAR_DH_GROUP14 || DROPBEAR_DH_GROUP16
#define DROPBEAR_NORMAL_DH 1
#endif
/* roughly 2x 521 bits */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment