Mercurial > dropbear
annotate common-algo.c @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 13:42:08 +0800 |
parents | 6cb6e81ca765 |
children | 13cb8cc1b0e4 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
2 * Dropbear SSH |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
74
e3adf4cf5465
License boilerplate etc, add Mihnea as an author to some of the files
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
5 * Copyright (c) 2004 by Mihnea Stoenescu |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
26 #include "includes.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "algo.h" |
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
28 #include "session.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "dbutil.h" |
1224
82e2037d34ea
Move dh group constants to a separate file
Matt Johnston <matt@ucc.asn.au>
parents:
1204
diff
changeset
|
30 #include "dh_groups.h" |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
31 #include "ltc_prng.h" |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
32 #include "ecc.h" |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
33 #include "gcm.h" |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
34 #include "chachapoly.h" |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
35 #include "ssh.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 /* This file (algo.c) organises the ciphers which can be used, and is used to |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 * decide which ciphers/hashes/compression/signing to use during key exchange*/ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
502 | 40 static int void_cipher(const unsigned char* in, unsigned char* out, |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
41 unsigned long len, void* UNUSED(cipher_state)) { |
543
e12c9225acbd
- Don't memcpy() in place with void_encrypt
Matt Johnston <matt@ucc.asn.au>
parents:
503
diff
changeset
|
42 if (in != out) { |
e12c9225acbd
- Don't memcpy() in place with void_encrypt
Matt Johnston <matt@ucc.asn.au>
parents:
503
diff
changeset
|
43 memmove(out, in, len); |
e12c9225acbd
- Don't memcpy() in place with void_encrypt
Matt Johnston <matt@ucc.asn.au>
parents:
503
diff
changeset
|
44 } |
502 | 45 return CRYPT_OK; |
46 } | |
47 | |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
48 static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV), |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
49 const unsigned char* UNUSED(key), |
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
50 int UNUSED(keylen), int UNUSED(num_rounds), void* UNUSED(cipher_state)) { |
502 | 51 return CRYPT_OK; |
52 } | |
53 | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 /* Mappings for ciphers, parameters are |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 {&cipher_desc, keysize, blocksize} */ |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
56 |
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
57 /* Remember to add new ciphers/hashes to regciphers/reghashes too */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
59 #if DROPBEAR_AES256 |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
60 static const struct dropbear_cipher dropbear_aes256 = |
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
61 {&aes_desc, 32, 16}; |
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
62 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
63 #if DROPBEAR_AES128 |
227 | 64 static const struct dropbear_cipher dropbear_aes128 = |
150
82fcf3185616
Cleaning out various dead wood found with -dead_strip
Matt Johnston <matt@ucc.asn.au>
parents:
74
diff
changeset
|
65 {&aes_desc, 16, 16}; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
67 #if DROPBEAR_TWOFISH256 |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
68 static const struct dropbear_cipher dropbear_twofish256 = |
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
69 {&twofish_desc, 32, 16}; |
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
70 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
71 #if DROPBEAR_TWOFISH128 |
227 | 72 static const struct dropbear_cipher dropbear_twofish128 = |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 {&twofish_desc, 16, 16}; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
75 #if DROPBEAR_3DES |
227 | 76 static const struct dropbear_cipher dropbear_3des = |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 {&des3_desc, 24, 8}; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 /* used to indicate no encryption, as defined in rfc2410 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 const struct dropbear_cipher dropbear_nocipher = |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 {NULL, 16, 8}; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 |
502 | 84 /* A few void* s are required to silence warnings |
85 * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
86 #if DROPBEAR_ENABLE_CBC_MODE |
502 | 87 const struct dropbear_cipher_mode dropbear_mode_cbc = |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
88 {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt, NULL, NULL, NULL}; |
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1019
diff
changeset
|
89 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
992
731f624af902
Add config option to disable cbc. Disable twofish by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
90 |
502 | 91 const struct dropbear_cipher_mode dropbear_mode_none = |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
92 {void_start, void_cipher, void_cipher, NULL, NULL, NULL}; |
992
731f624af902
Add config option to disable cbc. Disable twofish by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
93 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
94 #if DROPBEAR_ENABLE_CTR_MODE |
502 | 95 /* a wrapper to make ctr_start and cbc_start look the same */ |
96 static int dropbear_big_endian_ctr_start(int cipher, | |
97 const unsigned char *IV, | |
98 const unsigned char *key, int keylen, | |
99 int num_rounds, symmetric_CTR *ctr) { | |
100 return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr); | |
101 } | |
102 const struct dropbear_cipher_mode dropbear_mode_ctr = | |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
103 {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt, NULL, NULL, NULL}; |
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1019
diff
changeset
|
104 #endif /* DROPBEAR_ENABLE_CTR_MODE */ |
502 | 105 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 {&hash_desc, keysize, hashsize} */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
109 #if DROPBEAR_SHA1_HMAC |
227 | 110 static const struct dropbear_hash dropbear_sha1 = |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 {&sha1_desc, 20, 20}; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
113 #if DROPBEAR_SHA1_96_HMAC |
228
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
114 static const struct dropbear_hash dropbear_sha1_96 = |
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
115 {&sha1_desc, 20, 12}; |
5e4110bb753a
- Fixed twofish algorithm naming so it actually works.
Matt Johnston <matt@ucc.asn.au>
parents:
227
diff
changeset
|
116 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
117 #if DROPBEAR_SHA2_256_HMAC |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
118 static const struct dropbear_hash dropbear_sha2_256 = |
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
119 {&sha256_desc, 32, 32}; |
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
120 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
121 #if DROPBEAR_SHA2_512_HMAC |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
122 static const struct dropbear_hash dropbear_sha2_512 = |
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
123 {&sha512_desc, 64, 64}; |
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
124 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
125 #if DROPBEAR_MD5_HMAC |
227 | 126 static const struct dropbear_hash dropbear_md5 = |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 {&md5_desc, 16, 16}; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 const struct dropbear_hash dropbear_nohash = |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 {NULL, 16, 0}; /* used initially */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 |
502 | 134 /* The following map ssh names to internal values. |
135 * The ordering here is important for the client - the first mode | |
136 * that is also supported by the server will get used. */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 algo_type sshciphers[] = { |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
139 #if DROPBEAR_CHACHA20POLY1305 |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
140 {"[email protected]", 0, &dropbear_chachapoly, 1, &dropbear_mode_chachapoly}, |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
141 #endif |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
142 |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
143 #if DROPBEAR_ENABLE_GCM_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
144 #if DROPBEAR_AES128 |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
145 {"[email protected]", 0, &dropbear_aes128, 1, &dropbear_mode_gcm}, |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
146 #endif |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
147 #if DROPBEAR_AES256 |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
148 {"[email protected]", 0, &dropbear_aes256, 1, &dropbear_mode_gcm}, |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
149 #endif |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
150 #endif /* DROPBEAR_ENABLE_GCM_MODE */ |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
151 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
152 #if DROPBEAR_ENABLE_CTR_MODE |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
153 #if DROPBEAR_AES128 |
502 | 154 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, |
155 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
156 #if DROPBEAR_AES256 |
502 | 157 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, |
158 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
159 #if DROPBEAR_TWOFISH_CTR |
1087
1e486f368ec3
Disable twofish-ctr by default, add config option
Matt Johnston <matt@ucc.asn.au>
parents:
1038
diff
changeset
|
160 /* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
161 #if DROPBEAR_TWOFISH256 |
1012 | 162 {"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr}, |
163 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
164 #if DROPBEAR_TWOFISH128 |
1012 | 165 {"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr}, |
166 #endif | |
1087
1e486f368ec3
Disable twofish-ctr by default, add config option
Matt Johnston <matt@ucc.asn.au>
parents:
1038
diff
changeset
|
167 #endif /* DROPBEAR_TWOFISH_CTR */ |
502 | 168 #endif /* DROPBEAR_ENABLE_CTR_MODE */ |
169 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
170 #if DROPBEAR_ENABLE_CBC_MODE |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
171 #if DROPBEAR_AES128 |
502 | 172 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, |
173 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
174 #if DROPBEAR_AES256 |
502 | 175 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, |
235
c3dbd3e1a8ce
Change the preferred algorithm order
Matt Johnston <matt@ucc.asn.au>
parents:
234
diff
changeset
|
176 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
177 #if DROPBEAR_TWOFISH256 |
502 | 178 {"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, |
179 {"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, | |
235
c3dbd3e1a8ce
Change the preferred algorithm order
Matt Johnston <matt@ucc.asn.au>
parents:
234
diff
changeset
|
180 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
181 #if DROPBEAR_TWOFISH128 |
502 | 182 {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc}, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 #endif |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
184 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
185 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
186 #if DROPBEAR_3DES |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
187 #if DROPBEAR_ENABLE_CTR_MODE |
994
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
188 {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr}, |
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
189 #endif |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
190 #if DROPBEAR_ENABLE_CBC_MODE |
994
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
191 {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc}, |
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
192 #endif |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
193 #endif /* DROPBEAR_3DES */ |
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
194 |
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
195 #if DROPBEAR_ENABLE_CBC_MODE |
992
731f624af902
Add config option to disable cbc. Disable twofish by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
196 #endif /* DROPBEAR_ENABLE_CBC_MODE */ |
502 | 197 {NULL, 0, NULL, 0, NULL} |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 algo_type sshhashes[] = { |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
201 #if DROPBEAR_SHA1_96_HMAC |
1017 | 202 {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, |
203 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
204 #if DROPBEAR_SHA1_HMAC |
1017 | 205 {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, |
206 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
207 #if DROPBEAR_SHA2_256_HMAC |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
208 {"hmac-sha2-256", 0, &dropbear_sha2_256, 1, NULL}, |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
209 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
210 #if DROPBEAR_SHA2_512_HMAC |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
211 {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
212 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
213 #if DROPBEAR_MD5_HMAC |
681
a4b7627b3157
Update insecure-nocrypto to current head
Matt Johnston <matt@ucc.asn.au>
diff
changeset
|
214 {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL}, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 #endif |
502 | 216 {NULL, 0, NULL, 0, NULL} |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 #ifndef DISABLE_ZLIB |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
220 algo_type ssh_compress[] = { |
994
5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Fedor Brunner <fedor.brunner@azet.sk>
parents:
992
diff
changeset
|
221 {"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, |
502 | 222 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
223 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
224 {NULL, 0, NULL, 0, NULL} |
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
225 }; |
996
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
226 |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
227 algo_type ssh_delaycompress[] = { |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
228 {"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
229 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
230 {NULL, 0, NULL, 0, NULL} |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
994
diff
changeset
|
231 }; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 #endif |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
233 |
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
543
diff
changeset
|
234 algo_type ssh_nocompress[] = { |
502 | 235 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
236 {NULL, 0, NULL, 0, NULL} | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
239 algo_type sigalgs[] = { |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1527
diff
changeset
|
240 #if DROPBEAR_ED25519 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
241 {"ssh-ed25519", DROPBEAR_SIGNATURE_ED25519, NULL, 1, NULL}, |
1902
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
242 #if DROPBEAR_SK_ED25519 |
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
243 {"[email protected]", DROPBEAR_SIGNATURE_SK_ED25519, NULL, 1, NULL}, |
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
244 #endif |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1527
diff
changeset
|
245 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
246 #if DROPBEAR_ECDSA |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
247 #if DROPBEAR_ECC_256 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
248 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNATURE_ECDSA_NISTP256, NULL, 1, NULL}, |
795 | 249 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
250 #if DROPBEAR_ECC_384 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
251 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNATURE_ECDSA_NISTP384, NULL, 1, NULL}, |
795 | 252 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
253 #if DROPBEAR_ECC_521 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
254 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNATURE_ECDSA_NISTP521, NULL, 1, NULL}, |
795 | 255 #endif |
1902
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
256 #if DROPBEAR_SK_ECDSA |
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
257 {"[email protected]", DROPBEAR_SIGNATURE_SK_ECDSA_NISTP256, NULL, 1, NULL}, |
4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
Matt Johnston <matt@ucc.asn.au>
parents:
1896
diff
changeset
|
258 #endif |
795 | 259 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
260 #if DROPBEAR_RSA |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
261 #if DROPBEAR_RSA_SHA256 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
262 {"rsa-sha2-256", DROPBEAR_SIGNATURE_RSA_SHA256, NULL, 1, NULL}, |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
263 #endif |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
264 #if DROPBEAR_RSA_SHA1 |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
265 {"ssh-rsa", DROPBEAR_SIGNATURE_RSA_SHA1, NULL, 1, NULL}, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 #endif |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
267 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
268 #if DROPBEAR_DSS |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
269 {"ssh-dss", DROPBEAR_SIGNATURE_DSS, NULL, 1, NULL}, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
270 #endif |
502 | 271 {NULL, 0, NULL, 0, NULL} |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 |
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
274 #if DROPBEAR_DH_GROUP1 |
848 | 275 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc }; |
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
276 #endif |
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
277 #if DROPBEAR_DH_GROUP14_SHA1 |
1204
d2f9ef67af15
diffie-hellman-group14-sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1124
diff
changeset
|
278 static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc }; |
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
279 #endif |
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
280 #if DROPBEAR_DH_GROUP14_SHA256 |
1204
d2f9ef67af15
diffie-hellman-group14-sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1124
diff
changeset
|
281 static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc }; |
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
282 #endif |
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
283 #if DROPBEAR_DH_GROUP16 |
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
284 static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc }; |
1225
6a7938ba004a
add dh group15 and group16, disabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
1224
diff
changeset
|
285 #endif |
756 | 286 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
287 #if DROPBEAR_ECDH |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
288 #if DROPBEAR_ECC_256 |
1273
139935236c72
const variables
Francois Perrad <francois.perrad@gadz.org>
parents:
1248
diff
changeset
|
289 static const struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc }; |
756 | 290 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
291 #if DROPBEAR_ECC_384 |
1273
139935236c72
const variables
Francois Perrad <francois.perrad@gadz.org>
parents:
1248
diff
changeset
|
292 static const struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc }; |
756 | 293 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
294 #if DROPBEAR_ECC_521 |
1273
139935236c72
const variables
Francois Perrad <francois.perrad@gadz.org>
parents:
1248
diff
changeset
|
295 static const struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc }; |
756 | 296 #endif |
848 | 297 #endif /* DROPBEAR_ECDH */ |
756 | 298 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
299 #if DROPBEAR_CURVE25519 |
848 | 300 /* Referred to directly */ |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
848
diff
changeset
|
301 static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc }; |
848 | 302 #endif |
756 | 303 |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
304 /* data == NULL for non-kex algorithm identifiers */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
305 algo_type sshkex[] = { |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
306 #if DROPBEAR_CURVE25519 |
1527
049b28f4be4a
add curve25519-sha256 without @libssh.org
Matt Johnston <matt@ucc.asn.au>
parents:
1518
diff
changeset
|
307 {"curve25519-sha256", 0, &kex_curve25519, 1, NULL}, |
848 | 308 {"[email protected]", 0, &kex_curve25519, 1, NULL}, |
309 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
310 #if DROPBEAR_ECDH |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
311 #if DROPBEAR_ECC_521 |
840
5128e525c8fa
Default to some larger key sizes
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
312 {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL}, |
756 | 313 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
314 #if DROPBEAR_ECC_384 |
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
315 {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL}, |
756 | 316 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
317 #if DROPBEAR_ECC_256 |
840
5128e525c8fa
Default to some larger key sizes
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
318 {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, |
756 | 319 #endif |
320 #endif | |
1518
b222c027a733
group14-sha256 should be higher than group14-sha1
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
321 #if DROPBEAR_DH_GROUP14_SHA256 |
b222c027a733
group14-sha256 should be higher than group14-sha1
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
322 {"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL}, |
b222c027a733
group14-sha256 should be higher than group14-sha1
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
323 #endif |
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
324 #if DROPBEAR_DH_GROUP14_SHA1 |
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
325 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL}, |
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
326 #endif |
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
327 #if DROPBEAR_DH_GROUP1 |
756 | 328 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, |
1225
6a7938ba004a
add dh group15 and group16, disabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
1224
diff
changeset
|
329 #endif |
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
330 #if DROPBEAR_DH_GROUP16 |
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1225
diff
changeset
|
331 {"diffie-hellman-group16-sha512", 0, &kex_dh_group16_sha512, 1, NULL}, |
1225
6a7938ba004a
add dh group15 and group16, disabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
1224
diff
changeset
|
332 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
333 #if DROPBEAR_KEXGUESS2 |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
334 {KEXGUESS2_ALGO_NAME, 0, NULL, 1, NULL}, |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
335 #endif |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
336 #if DROPBEAR_EXT_INFO |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
337 #if DROPBEAR_CLIENT |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
338 /* Set unusable by svr_algos_initialise() */ |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
339 {SSH_EXT_INFO_C, 0, NULL, 1, NULL}, |
746
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
340 #endif |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
341 #endif |
502 | 342 {NULL, 0, NULL, 0, NULL} |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
344 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 /* Output a comma separated list of algorithms to a buffer */ |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
346 void buf_put_algolist_all(buffer * buf, const algo_type localalgos[], int useall) { |
238
e923801a7678
use a buffer rather than raw char array for creating
Matt Johnston <matt@ucc.asn.au>
parents:
237
diff
changeset
|
347 unsigned int i, len; |
e923801a7678
use a buffer rather than raw char array for creating
Matt Johnston <matt@ucc.asn.au>
parents:
237
diff
changeset
|
348 unsigned int donefirst = 0; |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
349 unsigned int startpos; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
350 |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
351 startpos = buf->pos; |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
352 /* Placeholder for length */ |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
353 buf_putint(buf, 0); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
354 for (i = 0; localalgos[i].name != NULL; i++) { |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
355 if (localalgos[i].usable || useall) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
356 if (donefirst) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
357 buf_putbyte(buf, ','); |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
358 } |
238
e923801a7678
use a buffer rather than raw char array for creating
Matt Johnston <matt@ucc.asn.au>
parents:
237
diff
changeset
|
359 donefirst = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
360 len = strlen(localalgos[i].name); |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
361 buf_putbytes(buf, (const unsigned char *) localalgos[i].name, len); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
362 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
363 } |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
364 /* Fill out the length */ |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
365 len = buf->pos - startpos - 4; |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
366 buf_setpos(buf, startpos); |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
367 buf_putint(buf, len); |
1869
d7247462fa0d
Fix incorrect algolist TRACE print
Matt Johnston <matt@ucc.asn.au>
parents:
1856
diff
changeset
|
368 TRACE(("algolist add %d '%.*s'", len, len, buf_getptr(buf, len))) |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
369 buf_incrwritepos(buf, len); |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
370 } |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
371 |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
372 void buf_put_algolist(buffer * buf, const algo_type localalgos[]) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
373 buf_put_algolist_all(buf, localalgos, 0); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
374 } |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
375 |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
376 /* returns a list of pointers into algolist, of null-terminated names. |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
377 ret_list should be passed in with space for *ret_count elements, |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
378 on return *ret_count has the number of names filled. |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
379 algolist is modified. */ |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
380 static void get_algolist(char* algolist, unsigned int algolist_len, |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
381 const char* *ret_list, unsigned int *ret_count) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
382 unsigned int max_count = *ret_count; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
383 unsigned int i; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
384 |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
385 if (*ret_count == 0) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
386 return; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
387 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
388 if (algolist_len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
389 *ret_count = 0; |
1753
7c0fcd19e492
Increase MAX_PROPOSED_ALGO to 50, warn if exceeded
Matt Johnston <matt@ucc.asn.au>
parents:
1713
diff
changeset
|
390 } |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
391 |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
392 /* ret_list will contain a list of the strings parsed out. |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
393 We will have at least one string (even if it's just "") */ |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
394 ret_list[0] = algolist; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
395 *ret_count = 1; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
396 for (i = 0; i < algolist_len; i++) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
397 if (algolist[i] == '\0') { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
398 /* someone is trying something strange */ |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
399 *ret_count = 0; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
400 return; |
1753
7c0fcd19e492
Increase MAX_PROPOSED_ALGO to 50, warn if exceeded
Matt Johnston <matt@ucc.asn.au>
parents:
1713
diff
changeset
|
401 } |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
402 |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
403 if (algolist[i] == ',') { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
404 if (*ret_count >= max_count) { |
1755
9efceb851bea
Make "Too many remote algorithms" exit rather than log
Matt Johnston <matt@ucc.asn.au>
parents:
1753
diff
changeset
|
405 dropbear_exit("Too many remote algorithms"); |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
406 *ret_count = 0; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
407 return; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
408 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
409 algolist[i] = '\0'; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
410 ret_list[*ret_count] = &algolist[i+1]; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
411 (*ret_count)++; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
412 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
413 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
414 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
415 |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
416 /* Return DROPBEAR_SUCCESS if the namelist contains algo, |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
417 DROPBEAR_FAILURE otherwise. buf position is not incremented. */ |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
418 int buf_has_algo(buffer *buf, const char *algo) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
419 unsigned char* algolist = NULL; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
420 unsigned int orig_pos = buf->pos; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
421 unsigned int len, remotecount, i; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
422 const char *remotenames[MAX_PROPOSED_ALGO]; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
423 int ret = DROPBEAR_FAILURE; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
424 |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
425 algolist = buf_getstring(buf, &len); |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
426 remotecount = MAX_PROPOSED_ALGO; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
427 get_algolist(algolist, len, remotenames, &remotecount); |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
428 for (i = 0; i < remotecount; i++) |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
429 { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
430 if (strcmp(remotenames[i], algo) == 0) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
431 ret = DROPBEAR_SUCCESS; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
432 break; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
433 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
434 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
435 if (algolist) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
436 m_free(algolist); |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
437 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
438 buf_setpos(buf, orig_pos); |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
439 return ret; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
440 } |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
441 |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
442 algo_type * first_usable_algo(algo_type algos[]) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
443 int i; |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
444 for (i = 0; algos[i].name != NULL; i++) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
445 if (algos[i].usable) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
446 return &algos[i]; |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
447 } |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
448 } |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
449 return NULL; |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
450 } |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
451 |
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
452 /* match the first algorithm in the comma-separated list in buf which is |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
453 * also in localalgos[], or return NULL on failure. |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
454 * (*goodguess) is set to 1 if the preferred client/server algos match, |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
455 * 0 otherwise. This is used for checking if the kexalgo/hostkeyalgos are |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
456 * guessed correctly */ |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
457 algo_type * buf_match_algo(buffer* buf, algo_type localalgos[], |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
458 int kexguess2, int *goodguess) { |
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
459 char * algolist = NULL; |
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
460 const char *remotenames[MAX_PROPOSED_ALGO], *localnames[MAX_PROPOSED_ALGO]; |
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
461 unsigned int len; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
462 unsigned int remotecount, localcount, clicount, servcount, i, j; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
463 algo_type * ret = NULL; |
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
464 const char **clinames, **servnames; |
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
465 |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
466 if (goodguess) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
467 *goodguess = 0; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
468 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
469 |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
470 /* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */ |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
471 algolist = buf_getstring(buf, &len); |
1896
6cb6e81ca765
changed TRACE to DEBUG3 for dbclient
HansH111 <hans@atbas.org>
parents:
1869
diff
changeset
|
472 DEBUG3(("buf_match_algo: %s", algolist)) |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
473 remotecount = MAX_PROPOSED_ALGO; |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
474 get_algolist(algolist, len, remotenames, &remotecount); |
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
475 |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
476 for (i = 0; localalgos[i].name != NULL; i++) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
477 if (localalgos[i].usable) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
478 localnames[i] = localalgos[i].name; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
479 } else { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
480 localnames[i] = NULL; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
481 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
482 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
483 localcount = i; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
484 |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
485 if (IS_DROPBEAR_SERVER) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
486 clinames = remotenames; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
487 clicount = remotecount; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
488 servnames = localnames; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
489 servcount = localcount; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
490 } else { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
491 clinames = localnames; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
492 clicount = localcount; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
493 servnames = remotenames; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
494 servcount = remotecount; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
495 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
496 |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
497 /* iterate and find the first match */ |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
498 for (i = 0; i < clicount; i++) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
499 for (j = 0; j < servcount; j++) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
500 if (!(servnames[j] && clinames[i])) { |
857 | 501 /* unusable algos are NULL */ |
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
502 continue; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
503 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
504 if (strcmp(servnames[j], clinames[i]) == 0) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
505 /* set if it was a good guess */ |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
506 if (goodguess != NULL) { |
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
507 if (kexguess2) { |
741
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
508 if (i == 0) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
509 *goodguess = 1; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
510 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
511 } else { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
512 if (i == 0 && j == 0) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
513 *goodguess = 1; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
514 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
515 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
516 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
517 /* set the algo to return */ |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
518 if (IS_DROPBEAR_SERVER) { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
519 ret = &localalgos[j]; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
520 } else { |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
521 ret = &localalgos[i]; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
522 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
523 goto out; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
524 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
525 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
526 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
527 |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
528 out: |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
529 m_free(algolist); |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
530 return ret; |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
531 } |
eafdf8b363f5
Get rid of client/server specific buf_match_algo, use single
Matt Johnston <matt@ucc.asn.au>
parents:
740
diff
changeset
|
532 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
533 #if DROPBEAR_USER_ALGO_LIST |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
534 |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
535 char * |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1316
diff
changeset
|
536 algolist_string(const algo_type algos[]) |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
537 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
538 char *ret_list; |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
539 buffer *b = buf_new(200); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
540 buf_put_algolist(b, algos); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
541 buf_setpos(b, b->len); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
542 buf_putbyte(b, '\0'); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
543 buf_setpos(b, 4); |
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1038
diff
changeset
|
544 ret_list = m_strdup((const char *) buf_getptr(b, b->len - b->pos)); |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
545 buf_free(b); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
546 return ret_list; |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
547 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
548 |
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
549 static algo_type* |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
550 check_algo(const char* algo_name, algo_type *algos) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
551 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
552 algo_type *a; |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
553 for (a = algos; a->name != NULL; a++) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
554 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
555 if (strcmp(a->name, algo_name) == 0) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
556 { |
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
557 return a; |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
558 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
559 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
560 |
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
561 return NULL; |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
562 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
563 |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
564 /* Checks a user provided comma-separated algorithm list for available |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
565 * options. Any that are not acceptable are removed in-place. Returns the |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
566 * number of valid algorithms. */ |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
567 int |
683
63f8d6c469cf
ENABLE_USER_ALGO_LIST should work for the client
Matt Johnston <matt@ucc.asn.au>
parents:
682
diff
changeset
|
568 check_user_algos(const char* user_algo_list, algo_type * algos, |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
569 const char *algo_desc) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
570 { |
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
571 algo_type new_algos[MAX_PROPOSED_ALGO+1]; |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
572 char *work_list = m_strdup(user_algo_list); |
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
573 char *start = work_list; |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
574 char *c; |
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
575 int n; |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
576 /* So we can iterate and look for null terminator */ |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
577 memset(new_algos, 0x0, sizeof(new_algos)); |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
578 for (c = work_list, n = 0; ; c++) |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
579 { |
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
580 char oc = *c; |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
581 if (n >= MAX_PROPOSED_ALGO) { |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
582 dropbear_exit("Too many algorithms '%s'", user_algo_list); |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
583 } |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
584 if (*c == ',' || *c == '\0') { |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
585 algo_type *match_algo = NULL; |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
586 *c = '\0'; |
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
587 match_algo = check_algo(start, algos); |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
588 if (match_algo) { |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
589 if (check_algo(start, new_algos)) { |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
590 TRACE(("Skip repeated algorithm '%s'", start)) |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
591 } else { |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
592 new_algos[n] = *match_algo; |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
593 n++; |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
594 } |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
595 } else { |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
596 dropbear_log(LOG_WARNING, "This Dropbear program does not support '%s' %s algorithm", start, algo_desc); |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
597 } |
686
983a817f8e41
- Only request "none" cipher after auth has succeeded
Matt Johnston <matt@ucc.asn.au>
parents:
684
diff
changeset
|
598 c++; |
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
599 start = c; |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
600 } |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
601 if (oc == '\0') { |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
602 break; |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
603 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
604 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
605 m_free(work_list); |
1303
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
606 /* n+1 to include a null terminator */ |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
607 memcpy(algos, new_algos, sizeof(*new_algos) * (n+1)); |
eed9376a4ad6
improve algorithm list parsing
Matt Johnston <matt@ucc.asn.au>
parents:
1273
diff
changeset
|
608 return n; |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
595
diff
changeset
|
609 } |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
610 #endif /* DROPBEAR_USER_ALGO_LIST */ |