Mercurial > dropbear
comparison common-algo.c @ 285:1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 08 Mar 2006 13:23:58 +0000 |
parents | 89ace56293f6 |
children | 64abb124763d 0e69e948caba |
comparison
equal
deleted
inserted
replaced
281:997e6f7dc01e | 285:1b9e69c058d2 |
---|---|
1 /* | |
2 * Dropbear SSH | |
3 * | |
4 * Copyright (c) 2002,2003 Matt Johnston | |
5 * Copyright (c) 2004 by Mihnea Stoenescu | |
6 * All rights reserved. | |
7 * | |
8 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
9 * of this software and associated documentation files (the "Software"), to deal | |
10 * in the Software without restriction, including without limitation the rights | |
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
12 * copies of the Software, and to permit persons to whom the Software is | |
13 * furnished to do so, subject to the following conditions: | |
14 * | |
15 * The above copyright notice and this permission notice shall be included in | |
16 * all copies or substantial portions of the Software. | |
17 * | |
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
24 * SOFTWARE. */ | |
25 | |
26 #include "algo.h" | |
27 #include "dbutil.h" | |
28 | |
29 /* This file (algo.c) organises the ciphers which can be used, and is used to | |
30 * decide which ciphers/hashes/compression/signing to use during key exchange*/ | |
31 | |
32 /* Mappings for ciphers, parameters are | |
33 {&cipher_desc, keysize, blocksize} */ | |
34 | |
35 #ifdef DROPBEAR_AES256_CBC | |
36 static const struct dropbear_cipher dropbear_aes256 = | |
37 {&aes_desc, 32, 16}; | |
38 #endif | |
39 #ifdef DROPBEAR_AES128_CBC | |
40 static const struct dropbear_cipher dropbear_aes128 = | |
41 {&aes_desc, 16, 16}; | |
42 #endif | |
43 #ifdef DROPBEAR_BLOWFISH_CBC | |
44 static const struct dropbear_cipher dropbear_blowfish = | |
45 {&blowfish_desc, 16, 8}; | |
46 #endif | |
47 #ifdef DROPBEAR_TWOFISH256_CBC | |
48 static const struct dropbear_cipher dropbear_twofish256 = | |
49 {&twofish_desc, 32, 16}; | |
50 #endif | |
51 #ifdef DROPBEAR_TWOFISH128_CBC | |
52 static const struct dropbear_cipher dropbear_twofish128 = | |
53 {&twofish_desc, 16, 16}; | |
54 #endif | |
55 #ifdef DROPBEAR_3DES_CBC | |
56 static const struct dropbear_cipher dropbear_3des = | |
57 {&des3_desc, 24, 8}; | |
58 #endif | |
59 | |
60 /* used to indicate no encryption, as defined in rfc2410 */ | |
61 const struct dropbear_cipher dropbear_nocipher = | |
62 {NULL, 16, 8}; | |
63 | |
64 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. | |
65 {&hash_desc, keysize, hashsize} */ | |
66 | |
67 #ifdef DROPBEAR_SHA1_HMAC | |
68 static const struct dropbear_hash dropbear_sha1 = | |
69 {&sha1_desc, 20, 20}; | |
70 #endif | |
71 #ifdef DROPBEAR_SHA1_96_HMAC | |
72 static const struct dropbear_hash dropbear_sha1_96 = | |
73 {&sha1_desc, 20, 12}; | |
74 #endif | |
75 #ifdef DROPBEAR_MD5_HMAC | |
76 static const struct dropbear_hash dropbear_md5 = | |
77 {&md5_desc, 16, 16}; | |
78 #endif | |
79 | |
80 const struct dropbear_hash dropbear_nohash = | |
81 {NULL, 16, 0}; /* used initially */ | |
82 | |
83 | |
84 /* The following map ssh names to internal values */ | |
85 | |
86 algo_type sshciphers[] = { | |
87 #ifdef DROPBEAR_AES128_CBC | |
88 {"aes128-cbc", 0, (void*)&dropbear_aes128, 1}, | |
89 #endif | |
90 #ifdef DROPBEAR_3DES_CBC | |
91 {"3des-cbc", 0, (void*)&dropbear_3des, 1}, | |
92 #endif | |
93 #ifdef DROPBEAR_AES256_CBC | |
94 {"aes256-cbc", 0, (void*)&dropbear_aes256, 1}, | |
95 #endif | |
96 #ifdef DROPBEAR_TWOFISH256_CBC | |
97 {"twofish256-cbc", 0, (void*)&dropbear_twofish256, 1}, | |
98 {"twofish-cbc", 0, (void*)&dropbear_twofish256, 1}, | |
99 #endif | |
100 #ifdef DROPBEAR_TWOFISH128_CBC | |
101 {"twofish128-cbc", 0, (void*)&dropbear_twofish128, 1}, | |
102 #endif | |
103 #ifdef DROPBEAR_BLOWFISH_CBC | |
104 {"blowfish-cbc", 0, (void*)&dropbear_blowfish, 1}, | |
105 #endif | |
106 {NULL, 0, NULL, 0} | |
107 }; | |
108 | |
109 algo_type sshhashes[] = { | |
110 #ifdef DROPBEAR_SHA1_96_HMAC | |
111 {"hmac-sha1-96", 0, (void*)&dropbear_sha1_96, 1}, | |
112 #endif | |
113 #ifdef DROPBEAR_SHA1_HMAC | |
114 {"hmac-sha1", 0, (void*)&dropbear_sha1, 1}, | |
115 #endif | |
116 #ifdef DROPBEAR_MD5_HMAC | |
117 {"hmac-md5", 0, (void*)&dropbear_md5, 1}, | |
118 #endif | |
119 {NULL, 0, NULL, 0} | |
120 }; | |
121 | |
122 algo_type sshcompress[] = { | |
123 #ifndef DISABLE_ZLIB | |
124 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1}, | |
125 #endif | |
126 {"none", DROPBEAR_COMP_NONE, NULL, 1}, | |
127 {NULL, 0, NULL, 0} | |
128 }; | |
129 | |
130 algo_type sshhostkey[] = { | |
131 #ifdef DROPBEAR_RSA | |
132 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1}, | |
133 #endif | |
134 #ifdef DROPBEAR_DSS | |
135 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1}, | |
136 #endif | |
137 {NULL, 0, NULL, 0} | |
138 }; | |
139 | |
140 algo_type sshkex[] = { | |
141 {"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1}, | |
142 {NULL, 0, NULL, 0} | |
143 }; | |
144 | |
145 | |
146 /* Register the compiled in ciphers. | |
147 * This should be run before using any of the ciphers/hashes */ | |
148 void crypto_init() { | |
149 | |
150 const struct ltc_cipher_descriptor *regciphers[] = { | |
151 #ifdef DROPBEAR_AES_CBC | |
152 &aes_desc, | |
153 #endif | |
154 #ifdef DROPBEAR_BLOWFISH_CBC | |
155 &blowfish_desc, | |
156 #endif | |
157 #ifdef DROPBEAR_TWOFISH_CBC | |
158 &twofish_desc, | |
159 #endif | |
160 #ifdef DROPBEAR_3DES_CBC | |
161 &des3_desc, | |
162 #endif | |
163 NULL | |
164 }; | |
165 | |
166 const struct ltc_hash_descriptor *reghashes[] = { | |
167 /* we need sha1 for hostkey stuff regardless */ | |
168 &sha1_desc, | |
169 #ifdef DROPBEAR_MD5_HMAC | |
170 &md5_desc, | |
171 #endif | |
172 NULL | |
173 }; | |
174 int i; | |
175 | |
176 for (i = 0; regciphers[i] != NULL; i++) { | |
177 if (register_cipher(regciphers[i]) == -1) { | |
178 dropbear_exit("error registering crypto"); | |
179 } | |
180 } | |
181 | |
182 for (i = 0; reghashes[i] != NULL; i++) { | |
183 if (register_hash(reghashes[i]) == -1) { | |
184 dropbear_exit("error registering crypto"); | |
185 } | |
186 } | |
187 } | |
188 | |
189 /* algolen specifies the length of algo, algos is our local list to match | |
190 * against. | |
191 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE | |
192 * otherwise */ | |
193 int have_algo(char* algo, size_t algolen, algo_type algos[]) { | |
194 | |
195 int i; | |
196 | |
197 for (i = 0; algos[i].name != NULL; i++) { | |
198 if (strlen(algos[i].name) == algolen | |
199 && (strncmp(algos[i].name, algo, algolen) == 0)) { | |
200 return DROPBEAR_SUCCESS; | |
201 } | |
202 } | |
203 | |
204 return DROPBEAR_FAILURE; | |
205 } | |
206 | |
207 | |
208 | |
209 /* Output a comma separated list of algorithms to a buffer */ | |
210 void buf_put_algolist(buffer * buf, algo_type localalgos[]) { | |
211 | |
212 unsigned int i, len; | |
213 unsigned int donefirst = 0; | |
214 buffer *algolist = NULL; | |
215 | |
216 algolist = buf_new(100); | |
217 for (i = 0; localalgos[i].name != NULL; i++) { | |
218 if (localalgos[i].usable) { | |
219 if (donefirst) | |
220 buf_putbyte(algolist, ','); | |
221 donefirst = 1; | |
222 len = strlen(localalgos[i].name); | |
223 buf_putbytes(algolist, localalgos[i].name, len); | |
224 } | |
225 } | |
226 buf_putstring(buf, algolist->data, algolist->len); | |
227 buf_free(algolist); | |
228 } |