Mercurial > dropbear
annotate common-algo.c @ 1930:299f4f19ba19
Add /usr/sbin and /sbin to default root PATH
When dropbear is used in a very restricted environment (such as in a
initrd), the default user shell is often also very restricted
and doesn't take care of setting the PATH so the user ends up
with the PATH set by dropbear. Unfortunately, dropbear always
sets "/usr/bin:/bin" as default PATH even for the root user
which should have /usr/sbin and /sbin too.
For a concrete instance of this problem, see the "Remote Unlocking"
section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/
It speaks of a bug in the initramfs script because it's written "blkid"
instead of "/sbin/blkid"... this is just because the scripts from the
initramfs do not expect to have a PATH without the sbin directories and
because dropbear is not setting the PATH appropriately for the root user.
I'm thus suggesting to use the attached patch to fix this misbehaviour (I
did not test it, but it's easy enough). It might seem anecdotic but
multiple Kali users have been bitten by this.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
| author | Raphael Hertzog <hertzog@debian.org> |
|---|---|
| date | Mon, 09 Jul 2018 16:27:53 +0200 |
| parents | 13cb8cc1b0e4 |
| children |
| rev | line source |
|---|---|
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
2 * Dropbear SSH |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
|
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * All rights reserved. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * all copies or substantial portions of the Software. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * SOFTWARE. */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 |
|
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
26 #include "includes.h" |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "algo.h" |
|
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
28 #include "session.h" |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "dbutil.h" |
|
1224
82e2037d34ea
Move dh group constants to a separate file
Matt Johnston <matt@ucc.asn.au>
parents:
1204
diff
changeset
|
30 #include "dh_groups.h" |
|
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
31 #include "ltc_prng.h" |
|
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
32 #include "ecc.h" |
|
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
33 #include "gcm.h" |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
34 #include "chachapoly.h" |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
35 #include "ssh.h" |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 /* This file (algo.c) organises the ciphers which can be used, and is used to |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 * decide which ciphers/hashes/compression/signing to use during key exchange*/ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
| 502 | 40 static int void_cipher(const unsigned char* in, unsigned char* out, |
|
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
41 unsigned long len, void* UNUSED(cipher_state)) { |
|
543
e12c9225acbd
- Don't memcpy() in place with void_encrypt
Matt Johnston <matt@ucc.asn.au>
parents:
503
diff
changeset
|
42 if (in != out) { |
|
e12c9225acbd
- Don't memcpy() in place with void_encrypt
Matt Johnston <matt@ucc.asn.au>
parents:
503
diff
changeset
|
43 memmove(out, in, len); |
|
e12c9225acbd
- Don't memcpy() in place with void_encrypt
Matt Johnston <matt@ucc.asn.au>
parents:
503
diff
changeset
|
44 } |
| 502 | 45 return CRYPT_OK; |
| 46 } | |
| 47 | |
|
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
48 static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV), |
|
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
49 const unsigned char* UNUSED(key), |
|
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
50 int UNUSED(keylen), int UNUSED(num_rounds), void* UNUSED(cipher_state)) { |
| 502 | 51 return CRYPT_OK; |
| 52 } | |
| 53 | |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 /* Mappings for ciphers, parameters are |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 {&cipher_desc, keysize, blocksize} */ |
|
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
56 |
|
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
57 /* Remember to add new ciphers/hashes to regciphers/reghashes too */ |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
59 #if DROPBEAR_AES256 |
|
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
60 static const struct dropbear_cipher dropbear_aes256 = |
|
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
61 {&aes_desc, 32, 16}; |
|
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
62 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
63 #if DROPBEAR_AES128 |
| 227 | 64 static const struct dropbear_cipher dropbear_aes128 = |
|
150
82fcf3185616
Cleaning out various dead wood found with -dead_strip
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
65 {&aes_desc, 16, 16}; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
67 #if DROPBEAR_3DES |
| 227 | 68 static const struct dropbear_cipher dropbear_3des = |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 {&des3_desc, 24, 8}; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 #endif |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 /* used to indicate no encryption, as defined in rfc2410 */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 const struct dropbear_cipher dropbear_nocipher = |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 {NULL, 16, 8}; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 |
| 502 | 76 /* A few void* s are required to silence warnings |
| 77 * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
78 #if DROPBEAR_ENABLE_CBC_MODE |
| 502 | 79 const struct dropbear_cipher_mode dropbear_mode_cbc = |
|
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
80 {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt, NULL, NULL, NULL}; |
|
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1019
diff
changeset
|
81 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
|
992
731f624af902
Add config option to disable cbc. Disable twofish by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
82 |
| 502 | 83 const struct dropbear_cipher_mode dropbear_mode_none = |
|
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
84 {void_start, void_cipher, void_cipher, NULL, NULL, NULL}; |
|
992
731f624af902
Add config option to disable cbc. Disable twofish by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
85 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
86 #if DROPBEAR_ENABLE_CTR_MODE |
| 502 | 87 /* a wrapper to make ctr_start and cbc_start look the same */ |
| 88 static int dropbear_big_endian_ctr_start(int cipher, | |
| 89 const unsigned char *IV, | |
| 90 const unsigned char *key, int keylen, | |
| 91 int num_rounds, symmetric_CTR *ctr) { | |
| 92 return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr); | |
| 93 } | |
| 94 const struct dropbear_cipher_mode dropbear_mode_ctr = | |
|
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
95 {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt, NULL, NULL, NULL}; |
|
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1019
diff
changeset
|
96 #endif /* DROPBEAR_ENABLE_CTR_MODE */ |
| 502 | 97 |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 {&hash_desc, keysize, hashsize} */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
101 #if DROPBEAR_SHA1_HMAC |
| 227 | 102 static const struct dropbear_hash dropbear_sha1 = |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 {&sha1_desc, 20, 20}; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
105 #if DROPBEAR_SHA1_96_HMAC |
|
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
106 static const struct dropbear_hash dropbear_sha1_96 = |
|
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
107 {&sha1_desc, 20, 12}; |
|
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
108 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
109 #if DROPBEAR_SHA2_256_HMAC |
|
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
110 static const struct dropbear_hash dropbear_sha2_256 = |
|
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
111 {&sha256_desc, 32, 32}; |
|
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
112 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
113 #if DROPBEAR_SHA2_512_HMAC |
|
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
114 static const struct dropbear_hash dropbear_sha2_512 = |
|
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
115 {&sha512_desc, 64, 64}; |
|
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
116 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
117 #if DROPBEAR_MD5_HMAC |
| 227 | 118 static const struct dropbear_hash dropbear_md5 = |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 {&md5_desc, 16, 16}; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 #endif |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 const struct dropbear_hash dropbear_nohash = |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 {NULL, 16, 0}; /* used initially */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 |
| 502 | 126 /* The following map ssh names to internal values. |
| 127 * The ordering here is important for the client - the first mode | |
| 128 * that is also supported by the server will get used. */ | |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 algo_type sshciphers[] = { |
|
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
131 #if DROPBEAR_CHACHA20POLY1305 |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
132 {"[email protected]", 0, &dropbear_chachapoly, 1, &dropbear_mode_chachapoly}, |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
133 #endif |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
134 |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
135 #if DROPBEAR_ENABLE_GCM_MODE |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
136 #if DROPBEAR_AES128 |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
137 {"[email protected]", 0, &dropbear_aes128, 1, &dropbear_mode_gcm}, |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
138 #endif |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
139 #if DROPBEAR_AES256 |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
140 {"[email protected]", 0, &dropbear_aes256, 1, &dropbear_mode_gcm}, |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
141 #endif |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
142 #endif /* DROPBEAR_ENABLE_GCM_MODE */ |
|
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
143 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
144 #if DROPBEAR_ENABLE_CTR_MODE |
|
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
145 #if DROPBEAR_AES128 |
| 502 | 146 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, |
| 147 #endif | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
148 #if DROPBEAR_AES256 |
| 502 | 149 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, |
| 150 #endif | |
| 151 #endif /* DROPBEAR_ENABLE_CTR_MODE */ | |
| 152 | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
153 #if DROPBEAR_ENABLE_CBC_MODE |
|
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
154 #if DROPBEAR_AES128 |
| 502 | 155 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, |
| 156 #endif | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
157 #if DROPBEAR_AES256 |
| 502 | 158 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, |
|
235
c3dbd3e1a8ce
Change the preferred algorithm order
Matt Johnston <matt@ucc.asn.au>
parents:
234
diff
changeset
|
159 #endif |
|
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
160 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
|
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
161 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
162 #if DROPBEAR_3DES |
|
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
163 #if DROPBEAR_ENABLE_CTR_MODE |
|
994
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
164 {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr}, |
|
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
165 #endif |
|
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
166 #if DROPBEAR_ENABLE_CBC_MODE |
|
994
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
167 {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc}, |
|
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
168 #endif |
|
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
169 #endif /* DROPBEAR_3DES */ |
|
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
170 |
|
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
171 #if DROPBEAR_ENABLE_CBC_MODE |
|
992
731f624af902
Add config option to disable cbc. Disable twofish by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
172 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
| 502 | 173 {NULL, 0, NULL, 0, NULL} |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 }; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 algo_type sshhashes[] = { |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
177 #if DROPBEAR_SHA1_96_HMAC |
| 1017 | 178 {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, |
| 179 #endif | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
180 #if DROPBEAR_SHA1_HMAC |
| 1017 | 181 {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, |
| 182 #endif | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
183 #if DROPBEAR_SHA2_256_HMAC |
|
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
184 {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, |
|
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
185 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
186 #if DROPBEAR_SHA2_512_HMAC |
|
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
187 {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, |
|
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
188 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
189 #if DROPBEAR_MD5_HMAC |
|
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
190 {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL}, |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 #endif |
| 502 | 192 {NULL, 0, NULL, 0, NULL} |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 }; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 #ifndef DISABLE_ZLIB |
|
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
196 algo_type ssh_compress[] = { |
|
994
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
197 {"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, |
| 502 | 198 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, |
|
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
199 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
|
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
200 {NULL, 0, NULL, 0, NULL} |
|
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
201 }; |
|
996
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
202 |
|
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
203 algo_type ssh_delaycompress[] = { |
|
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
204 {"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, |
|
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
205 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
|
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
206 {NULL, 0, NULL, 0, NULL} |
|
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
207 }; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 #endif |
|
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
209 |
|
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
210 algo_type ssh_nocompress[] = { |
| 502 | 211 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
| 212 {NULL, 0, NULL, 0, NULL} | |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 }; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
215 algo_type sigalgs[] = { |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1527
diff
changeset
|
216 #if DROPBEAR_ED25519 |
|
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
217 {"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL}, |
|
1902
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
218 #if DROPBEAR_SK_ED25519 |
|
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
219 {"[email protected]", DROPBEAR_SIGNATURE_SK_ED25519, NULL, 1, NULL}, |
|
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
220 #endif |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1527
diff
changeset
|
221 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
222 #if DROPBEAR_ECDSA |
|
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
223 #if DROPBEAR_ECC_256 |
|
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
224 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNATURE_ECDSA_NISTP256, NULL, 1, NULL}, |
| 795 | 225 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
226 #if DROPBEAR_ECC_384 |
|
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
227 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNATURE_ECDSA_NISTP384, NULL, 1, NULL}, |
| 795 | 228 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
229 #if DROPBEAR_ECC_521 |
|
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
230 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL}, |
| 795 | 231 #endif |
|
1902
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
232 #if DROPBEAR_SK_ECDSA |
|
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
233 {"[email protected]", DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256, NULL, 1, NULL}, |
|
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
234 #endif |
| 795 | 235 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
236 #if DROPBEAR_RSA |
|
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
237 #if DROPBEAR_RSA_SHA256 |
|
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
238 {"rsa-sha2-256", DROPBEAR_SIGNATURE_RSA_SHA256, NULL, 1, NULL}, |
|
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
239 #endif |
|
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
240 #if DROPBEAR_RSA_SHA1 |
|
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
241 {"ssh-rsa", DROPBEAR_SIGNATURE_RSA_SHA1, NULL, 1, NULL}, |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 #endif |
|
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
243 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
244 #if DROPBEAR_DSS |
|
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
245 {"ssh-dss", DROPBEAR_SIGNATURE_DSS, NULL, 1, NULL}, |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 #endif |
| 502 | 247 {NULL, 0, NULL, 0, NULL} |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 }; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 |
|
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
250 #if DROPBEAR_DH_GROUP1 |
| 848 | 251 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc }; |
|
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
252 #endif |
|
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
253 #if DROPBEAR_DH_GROUP14_SHA1 |
|
1204
d2f9ef67af15
diffie-hellman-group14-sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1124
diff
changeset
|
254 static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc }; |
|
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
255 #endif |
|
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
256 #if DROPBEAR_DH_GROUP14_SHA256 |
|
1204
d2f9ef67af15
diffie-hellman-group14-sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1124
diff
changeset
|
257 static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc }; |
|
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
258 #endif |
|
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
259 #if DROPBEAR_DH_GROUP16 |
|
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
260 static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc }; |
|
1225
6a7938ba004a
add dh group15 and group16, disabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
1224
diff
changeset
|
261 #endif |
| 756 | 262 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
263 #if DROPBEAR_ECDH |
|
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
264 #if DROPBEAR_ECC_256 |
|
1273
139935236c72
const variables
Francois Perrad <francois.perrad@gadz.org>
parents:
1248
diff
changeset
|
265 static const struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc }; |
| 756 | 266 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
267 #if DROPBEAR_ECC_384 |
|
1273
139935236c72
const variables
Francois Perrad <francois.perrad@gadz.org>
parents:
1248
diff
changeset
|
268 static const struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc }; |
| 756 | 269 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
270 #if DROPBEAR_ECC_521 |
|
1273
139935236c72
const variables
Francois Perrad <francois.perrad@gadz.org>
parents:
1248
diff
changeset
|
271 static const struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc }; |
| 756 | 272 #endif |
| 848 | 273 #endif /* DROPBEAR_ECDH */ |
| 756 | 274 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
275 #if DROPBEAR_CURVE25519 |
| 848 | 276 /* Referred to directly */ |
|
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
848
diff
changeset
|
277 static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc }; |
| 848 | 278 #endif |
| 756 | 279 |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
280 /* data == NULL for non-kex algorithm identifiers */ |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
281 algo_type sshkex[] = { |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
282 #if DROPBEAR_CURVE25519 |
|
1527
049b28f4be4a
add curve25519-sha256 without @libssh.org
Matt Johnston <matt@ucc.asn.au>
parents:
1518
diff
changeset
|
283 {"curve25519-sha256", 0, &kex_curve25519, 1, NULL}, |
| 848 | 284 {"[email protected]", 0, &kex_curve25519, 1, NULL}, |
| 285 #endif | |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
286 #if DROPBEAR_ECDH |
|
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
287 #if DROPBEAR_ECC_521 |
|
840
5128e525c8fa
Default to some larger key sizes
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
288 {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL}, |
| 756 | 289 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
290 #if DROPBEAR_ECC_384 |
|
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
291 {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL}, |
| 756 | 292 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
293 #if DROPBEAR_ECC_256 |
|
840
5128e525c8fa
Default to some larger key sizes
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
294 {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, |
| 756 | 295 #endif |
| 296 #endif | |
|
1518
b222c027a733
group14-sha256 should be higher than group14-sha1
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
297 #if DROPBEAR_DH_GROUP14_SHA256 |
|
b222c027a733
group14-sha256 should be higher than group14-sha1
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
298 {"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL}, |
|
b222c027a733
group14-sha256 should be higher than group14-sha1
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
299 #endif |
|
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
300 #if DROPBEAR_DH_GROUP14_SHA1 |
|
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
301 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL}, |
|
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
302 #endif |
|
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
303 #if DROPBEAR_DH_GROUP1 |
| 756 | 304 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, |
|
1225
6a7938ba004a
add dh group15 and group16, disabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
1224
diff
changeset
|
305 #endif |
|
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
306 #if DROPBEAR_DH_GROUP16 |
|
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
307 {"diffie-hellman-group16-sha512", 0, &kex_dh_group16_sha512, 1, NULL}, |
|
1225
6a7938ba004a
add dh group15 and group16, disabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
1224
diff
changeset
|
308 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
309 #if DROPBEAR_KEXGUESS2 |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
310 {KEXGUESS2_ALGO_NAME, 0, NULL, 1, NULL}, |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
311 #endif |
|
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
312 #if DROPBEAR_EXT_INFO |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
313 #if DROPBEAR_CLIENT |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
314 /* Set unusable by svr_algos_initialise() */ |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
315 {SSH_EXT_INFO_C, 0, NULL, 1, NULL}, |
|
746
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
316 #endif |
|
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
317 #endif |
| 502 | 318 {NULL, 0, NULL, 0, NULL} |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
319 }; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
321 /* Output a comma separated list of algorithms to a buffer */ |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
322 void buf_put_algolist_all(buffer * buf, const algo_type localalgos[], int useall) { |
|
238
e923801a7678
use a buffer rather than raw char array for creating
Matt Johnston <matt@ucc.asn.au>
parents:
237
diff
changeset
|
323 unsigned int i, len; |
|
e923801a7678
use a buffer rather than raw char array for creating
Matt Johnston <matt@ucc.asn.au>
parents:
237
diff
changeset
|
324 unsigned int donefirst = 0; |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
325 unsigned int startpos; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
326 |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
327 startpos = buf->pos; |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
328 /* Placeholder for length */ |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
329 buf_putint(buf, 0); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
330 for (i = 0; localalgos[i].name != NULL; i++) { |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
331 if (localalgos[i].usable || useall) { |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
332 if (donefirst) { |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
333 buf_putbyte(buf, ','); |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
334 } |
|
238
e923801a7678
use a buffer rather than raw char array for creating
Matt Johnston <matt@ucc.asn.au>
parents:
237
diff
changeset
|
335 donefirst = 1; |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 len = strlen(localalgos[i].name); |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
337 buf_putbytes(buf, (const unsigned char *) localalgos[i].name, len); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
339 } |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
340 /* Fill out the length */ |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
341 len = buf->pos - startpos - 4; |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
342 buf_setpos(buf, startpos); |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
343 buf_putint(buf, len); |
|
1869
d7247462fa0d
Fix incorrect algolist TRACE print
Matt Johnston <matt@ucc.asn.au>
parents:
1856
diff
changeset
|
344 TRACE(("algolist add %d '%.*s'", len, len, buf_getptr(buf, len))) |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
345 buf_incrwritepos(buf, len); |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
346 } |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
347 |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
348 void buf_put_algolist(buffer * buf, const algo_type localalgos[]) { |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
349 buf_put_algolist_all(buf, localalgos, 0); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
350 } |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
351 |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
352 /* returns a list of pointers into algolist, of null-terminated names. |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
353 ret_list should be passed in with space for *ret_count elements, |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
354 on return *ret_count has the number of names filled. |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
355 algolist is modified. */ |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
356 static void get_algolist(char* algolist, unsigned int algolist_len, |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
357 const char* *ret_list, unsigned int *ret_count) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
358 unsigned int max_count = *ret_count; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
359 unsigned int i; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
360 |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
361 if (*ret_count == 0) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
362 return; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
363 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
364 if (algolist_len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
365 *ret_count = 0; |
|
1753
7c0fcd19e492
Increase MAX_PROPOSED_ALGO to 50, warn if exceeded
Matt Johnston <matt@ucc.asn.au>
parents:
1713
diff
changeset
|
366 } |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
367 |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
368 /* ret_list will contain a list of the strings parsed out. |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
369 We will have at least one string (even if it's just "") */ |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
370 ret_list[0] = algolist; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
371 *ret_count = 1; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
372 for (i = 0; i < algolist_len; i++) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
373 if (algolist[i] == '\0') { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
374 /* someone is trying something strange */ |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
375 *ret_count = 0; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
376 return; |
|
1753
7c0fcd19e492
Increase MAX_PROPOSED_ALGO to 50, warn if exceeded
Matt Johnston <matt@ucc.asn.au>
parents:
1713
diff
changeset
|
377 } |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
378 |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
379 if (algolist[i] == ',') { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
380 if (*ret_count >= max_count) { |
|
1755
9efceb851bea
Make "Too many remote algorithms" exit rather than log
Matt Johnston <matt@ucc.asn.au>
parents:
1753
diff
changeset
|
381 dropbear_exit("Too many remote algorithms"); |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
382 *ret_count = 0; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
383 return; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
384 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
385 algolist[i] = '\0'; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
386 ret_list[*ret_count] = &algolist[i+1]; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
387 (*ret_count)++; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
388 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
389 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
390 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
391 |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
392 /* Return DROPBEAR_SUCCESS if the namelist contains algo, |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
393 DROPBEAR_FAILURE otherwise. buf position is not incremented. */ |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
394 int buf_has_algo(buffer *buf, const char *algo) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
395 unsigned char* algolist = NULL; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
396 unsigned int orig_pos = buf->pos; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
397 unsigned int len, remotecount, i; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
398 const char *remotenames[MAX_PROPOSED_ALGO]; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
399 int ret = DROPBEAR_FAILURE; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
400 |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
401 algolist = buf_getstring(buf, &len); |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
402 remotecount = MAX_PROPOSED_ALGO; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
403 get_algolist(algolist, len, remotenames, &remotecount); |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
404 for (i = 0; i < remotecount; i++) |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
405 { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
406 if (strcmp(remotenames[i], algo) == 0) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
407 ret = DROPBEAR_SUCCESS; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
408 break; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
409 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
410 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
411 if (algolist) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
412 m_free(algolist); |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
413 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
414 buf_setpos(buf, orig_pos); |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
415 return ret; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
416 } |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
417 |
|
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
418 algo_type * first_usable_algo(algo_type algos[]) { |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
419 int i; |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
420 for (i = 0; algos[i].name != NULL; i++) { |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
421 if (algos[i].usable) { |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
422 return &algos[i]; |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
423 } |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
424 } |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
425 return NULL; |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
426 } |
|
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
427 |
|
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
428 /* match the first algorithm in the comma-separated list in buf which is |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
429 * also in localalgos[], or return NULL on failure. |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
430 * (*goodguess) is set to 1 if the preferred client/server algos match, |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
431 * 0 otherwise. This is used for checking if the kexalgo/hostkeyalgos are |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
432 * guessed correctly */ |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
433 algo_type * buf_match_algo(buffer* buf, algo_type localalgos[], |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
434 int kexguess2, int *goodguess) { |
|
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
435 char * algolist = NULL; |
|
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
436 const char *remotenames[MAX_PROPOSED_ALGO], *localnames[MAX_PROPOSED_ALGO]; |
|
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
437 unsigned int len; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
438 unsigned int remotecount, localcount, clicount, servcount, i, j; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
439 algo_type * ret = NULL; |
|
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
440 const char **clinames, **servnames; |
|
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
441 |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
442 if (goodguess) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
443 *goodguess = 0; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
444 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
445 |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
446 /* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */ |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
447 algolist = buf_getstring(buf, &len); |
|
1896
6cb6e81ca765
changed TRACE to DEBUG3 for dbclient
HansH111 <hans@atbas.org>
parents:
1869
diff
changeset
|
448 DEBUG3(("buf_match_algo: %s", algolist)) |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
449 remotecount = MAX_PROPOSED_ALGO; |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
450 get_algolist(algolist, len, remotenames, &remotecount); |
|
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
451 |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
452 for (i = 0; localalgos[i].name != NULL; i++) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
453 if (localalgos[i].usable) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
454 localnames[i] = localalgos[i].name; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
455 } else { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
456 localnames[i] = NULL; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
457 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
458 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
459 localcount = i; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
460 |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
461 if (IS_DROPBEAR_SERVER) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
462 clinames = remotenames; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
463 clicount = remotecount; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
464 servnames = localnames; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
465 servcount = localcount; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
466 } else { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
467 clinames = localnames; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
468 clicount = localcount; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
469 servnames = remotenames; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
470 servcount = remotecount; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
471 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
472 |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
473 /* iterate and find the first match */ |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
474 for (i = 0; i < clicount; i++) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
475 for (j = 0; j < servcount; j++) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
476 if (!(servnames[j] && clinames[i])) { |
| 857 | 477 /* unusable algos are NULL */ |
|
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
478 continue; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
479 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
480 if (strcmp(servnames[j], clinames[i]) == 0) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
481 /* set if it was a good guess */ |
|
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
482 if (goodguess != NULL) { |
|
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
483 if (kexguess2) { |
|
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
484 if (i == 0) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
485 *goodguess = 1; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
486 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
487 } else { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
488 if (i == 0 && j == 0) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
489 *goodguess = 1; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
490 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
491 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
492 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
493 /* set the algo to return */ |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
494 if (IS_DROPBEAR_SERVER) { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
495 ret = &localalgos[j]; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
496 } else { |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
497 ret = &localalgos[i]; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
498 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
499 goto out; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
500 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
501 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
502 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
503 |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
504 out: |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
505 m_free(algolist); |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
506 return ret; |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
507 } |
|
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
508 |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
509 #if DROPBEAR_USER_ALGO_LIST |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
510 |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
511 char * |
|
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1316
diff
changeset
|
512 algolist_string(const algo_type algos[]) |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
513 { |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
514 char *ret_list; |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
515 buffer *b = buf_new(200); |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
516 buf_put_algolist(b, algos); |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
517 buf_setpos(b, b->len); |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
518 buf_putbyte(b, '\0'); |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
519 buf_setpos(b, 4); |
|
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
520 ret_list = m_strdup((const char *) buf_getptr(b, b->len - b->pos)); |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
521 buf_free(b); |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
522 return ret_list; |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
523 } |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
524 |
|
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
525 static algo_type* |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
526 check_algo(const char* algo_name, algo_type *algos) |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
527 { |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
528 algo_type *a; |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
529 for (a = algos; a->name != NULL; a++) |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
530 { |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
531 if (strcmp(a->name, algo_name) == 0) |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
532 { |
|
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
533 return a; |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
534 } |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
535 } |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
536 |
|
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
537 return NULL; |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
538 } |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
539 |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
540 /* Checks a user provided comma-separated algorithm list for available |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
541 * options. Any that are not acceptable are removed in-place. Returns the |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
542 * number of valid algorithms. */ |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
543 int |
|
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
544 check_user_algos(const char* user_algo_list, algo_type * algos, |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
545 const char *algo_desc) |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
546 { |
|
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
547 algo_type new_algos[MAX_PROPOSED_ALGO+1]; |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
548 char *work_list = m_strdup(user_algo_list); |
|
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
549 char *start = work_list; |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
550 char *c; |
|
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
551 int n; |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
552 /* So we can iterate and look for null terminator */ |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
553 memset(new_algos, 0x0, sizeof(new_algos)); |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
554 for (c = work_list, n = 0; ; c++) |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
555 { |
|
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
556 char oc = *c; |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
557 if (n >= MAX_PROPOSED_ALGO) { |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
558 dropbear_exit("Too many algorithms '%s'", user_algo_list); |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
559 } |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
560 if (*c == ',' || *c == '\0') { |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
561 algo_type *match_algo = NULL; |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
562 *c = '\0'; |
|
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
563 match_algo = check_algo(start, algos); |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
564 if (match_algo) { |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
565 if (check_algo(start, new_algos)) { |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
566 TRACE(("Skip repeated algorithm '%s'", start)) |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
567 } else { |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
568 new_algos[n] = *match_algo; |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
569 n++; |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
570 } |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
571 } else { |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
572 dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", start, algo_desc); |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
573 } |
|
686
983a817f8e41
- Only request "none" cipher after auth has succeeded
Matt Johnston <matt@ucc.asn.au>
parents:
684
diff
changeset
|
574 c++; |
|
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
575 start = c; |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
576 } |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
577 if (oc == '\0') { |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
578 break; |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
579 } |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
580 } |
|
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
581 m_free(work_list); |
|
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
582 /* n+1 to include a null terminator */ |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
583 memcpy(algos, new_algos, sizeof(*new_algos) * (n+1)); |
|
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
584 return n; |
|
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
585 } |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
586 #endif /* DROPBEAR_USER_ALGO_LIST */ |