Mercurial > dropbear
annotate bignum.c @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
| author | Fedor Brunner <fedor.brunner@azet.sk> |
|---|---|
| date | Fri, 23 Jan 2015 23:00:25 +0800 |
| parents | 7540c0822374 |
| children | 2bb4c662d1c2 |
| rev | line source |
|---|---|
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 /* Contains helper functions for mp_int handling */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "includes.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "dbutil.h" |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 /* wrapper for mp_init, failing fatally on errors (memory allocation) */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 void m_mp_init(mp_int *mp) { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 if (mp_init(mp) != MP_OKAY) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
188
diff
changeset
|
34 dropbear_exit("Mem alloc error"); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 /* simplified duplication of bn_mp_multi's mp_init_multi, but die fatally |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 * on error */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 void m_mp_init_multi(mp_int *mp, ...) |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 mp_int* cur_arg = mp; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 va_list args; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 va_start(args, mp); /* init args to next argument from caller */ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 while (cur_arg != NULL) { |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 if (mp_init(cur_arg) != MP_OKAY) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
188
diff
changeset
|
48 dropbear_exit("Mem alloc error"); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 cur_arg = va_arg(args, mp_int*); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 va_end(args); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 |
|
805
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
55 void m_mp_alloc_init_multi(mp_int **mp, ...) |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
56 { |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
57 mp_int** cur_arg = mp; |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
58 va_list args; |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
59 |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
60 va_start(args, mp); /* init args to next argument from caller */ |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
61 while (cur_arg != NULL) { |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
62 *cur_arg = m_malloc(sizeof(mp_int)); |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
63 if (mp_init(*cur_arg) != MP_OKAY) { |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
64 dropbear_exit("Mem alloc error"); |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
65 } |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
66 cur_arg = va_arg(args, mp_int**); |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
67 } |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
68 va_end(args); |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
69 } |
|
724c3e0c8734
Add m_mp_alloc_init_multi() helper
Matt Johnston <matt@ucc.asn.au>
parents:
762
diff
changeset
|
70 |
|
188
c9483550701b
- refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
71 void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 |
|
188
c9483550701b
- refactored random mp_int generation and byte->mp_int code
Matt Johnston <matt@ucc.asn.au>
parents:
150
diff
changeset
|
73 if (mp_read_unsigned_bin(mp, (unsigned char*)bytes, len) != MP_OKAY) { |
|
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
188
diff
changeset
|
74 dropbear_exit("Mem alloc error"); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 } |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 /* hash the ssh representation of the mp_int mp */ |
|
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
79 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, |
|
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
80 hash_state *hs, mp_int *mp) { |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 buffer * buf; |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 plus header + some leeway*/ |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 buf_putmpint(buf, mp); |
|
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
86 hash_desc->process(hs, buf->data, buf->len); |
|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 buf_free(buf); |
|
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 } |