annotate common-runopts.c @ 840:5128e525c8fa ecc

Default to some larger key sizes
author Matt Johnston <matt@ucc.asn.au>
date Thu, 31 Oct 2013 22:49:15 +0800
parents e22d5f5f6e37
children d4ce5269a439
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 #include "includes.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "runopts.h"
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
27 #include "signkey.h"
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
28 #include "buffer.h"
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
29 #include "dbutil.h"
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
30 #include "auth.h"
682
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
31 #include "algo.h"
687
167fdc091c05 Improve RNG seeding.
Matt Johnston <matt@ucc.asn.au>
parents: 682
diff changeset
32 #include "random.h"
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 runopts opts; /* GLOBAL */
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
35
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
36 /* returns success or failure, and the keytype in *type. If we want
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
37 * to restrict the type, type can contain a type to return */
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
38 int readhostkey(const char * filename, sign_key * hostkey, int *type) {
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
39
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
40 int ret = DROPBEAR_FAILURE;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
41 buffer *buf;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
42
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
43 buf = buf_new(MAX_PRIVKEY_SIZE);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
44
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
45 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
46 goto out;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
47 }
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
48 buf_setpos(buf, 0);
687
167fdc091c05 Improve RNG seeding.
Matt Johnston <matt@ucc.asn.au>
parents: 682
diff changeset
49
167fdc091c05 Improve RNG seeding.
Matt Johnston <matt@ucc.asn.au>
parents: 682
diff changeset
50 addrandom(buf_getptr(buf, buf->len), buf->len);
167fdc091c05 Improve RNG seeding.
Matt Johnston <matt@ucc.asn.au>
parents: 682
diff changeset
51
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
52 if (buf_get_priv_key(buf, hostkey, type) == DROPBEAR_FAILURE) {
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
53 goto out;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
54 }
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
55
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
56 ret = DROPBEAR_SUCCESS;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
57 out:
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
58
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
59 buf_burn(buf);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
60 buf_free(buf);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
61 return ret;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
62 }
682
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
63
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
64 #ifdef ENABLE_USER_ALGO_LIST
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
65 void
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
66 parse_ciphers_macs()
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
67 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
68 if (opts.cipher_list)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
69 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
70 if (strcmp(opts.cipher_list, "help") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
71 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
72 char *ciphers = algolist_string(sshciphers);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
73 dropbear_log(LOG_INFO, "Available ciphers:\n%s\n", ciphers);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
74 m_free(ciphers);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
75 dropbear_exit(".");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
76 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
77
713
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
78 if (strcmp(opts.cipher_list, "none") == 0)
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
79 {
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
80 /* Encryption is required during authentication */
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
81 opts.cipher_list = "none,aes128-ctr";
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
82 }
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
83
682
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
84 if (check_user_algos(opts.cipher_list, sshciphers, "cipher") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
85 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
86 dropbear_exit("No valid ciphers specified for '-c'");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
87 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
88 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
89
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
90 if (opts.mac_list)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
91 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
92 if (strcmp(opts.mac_list, "help") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
93 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
94 char *macs = algolist_string(sshhashes);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
95 dropbear_log(LOG_INFO, "Available MACs:\n%s\n", macs);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
96 m_free(macs);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
97 dropbear_exit(".");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
98 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
99
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
100 if (check_user_algos(opts.mac_list, sshhashes, "MAC") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
101 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
102 dropbear_exit("No valid MACs specified for '-m'");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
103 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
104 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
105 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
106 #endif
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
107