Mercurial > dropbear
comparison common-algo.c @ 546:568638be7203 agent-client
propagate from branch 'au.asn.ucc.matt.dropbear' (head 899a8851a5edf840b2f7925bcc26ffe99dcac54d)
to branch 'au.asn.ucc.matt.dropbear.cli-agent' (head 6bbab8364de17bd9ecb1dee5ffb796e48c0380d2)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 01 Jul 2009 04:16:32 +0000 |
parents | e12c9225acbd |
children | f9b5dc0cba61 |
comparison
equal
deleted
inserted
replaced
500:d588e3ea557a | 546:568638be7203 |
---|---|
27 #include "dbutil.h" | 27 #include "dbutil.h" |
28 | 28 |
29 /* This file (algo.c) organises the ciphers which can be used, and is used to | 29 /* This file (algo.c) organises the ciphers which can be used, and is used to |
30 * decide which ciphers/hashes/compression/signing to use during key exchange*/ | 30 * decide which ciphers/hashes/compression/signing to use during key exchange*/ |
31 | 31 |
32 static int void_cipher(const unsigned char* in, unsigned char* out, | |
33 unsigned long len, void *cipher_state) { | |
34 if (in != out) { | |
35 memmove(out, in, len); | |
36 } | |
37 return CRYPT_OK; | |
38 } | |
39 | |
40 static int void_start(int cipher, const unsigned char *IV, | |
41 const unsigned char *key, | |
42 int keylen, int num_rounds, void *cipher_state) { | |
43 return CRYPT_OK; | |
44 } | |
45 | |
32 /* Mappings for ciphers, parameters are | 46 /* Mappings for ciphers, parameters are |
33 {&cipher_desc, keysize, blocksize} */ | 47 {&cipher_desc, keysize, blocksize} */ |
34 /* NOTE: if keysize > 2*SHA1_HASH_SIZE, code such as hashkeys() | 48 /* NOTE: if keysize > 2*SHA1_HASH_SIZE, code such as hashkeys() |
35 needs revisiting */ | 49 needs revisiting */ |
36 | 50 |
37 #ifdef DROPBEAR_AES256_CBC | 51 #ifdef DROPBEAR_AES256 |
38 static const struct dropbear_cipher dropbear_aes256 = | 52 static const struct dropbear_cipher dropbear_aes256 = |
39 {&aes_desc, 32, 16}; | 53 {&aes_desc, 32, 16}; |
40 #endif | 54 #endif |
41 #ifdef DROPBEAR_AES128_CBC | 55 #ifdef DROPBEAR_AES128 |
42 static const struct dropbear_cipher dropbear_aes128 = | 56 static const struct dropbear_cipher dropbear_aes128 = |
43 {&aes_desc, 16, 16}; | 57 {&aes_desc, 16, 16}; |
44 #endif | 58 #endif |
45 #ifdef DROPBEAR_BLOWFISH_CBC | 59 #ifdef DROPBEAR_BLOWFISH |
46 static const struct dropbear_cipher dropbear_blowfish = | 60 static const struct dropbear_cipher dropbear_blowfish = |
47 {&blowfish_desc, 16, 8}; | 61 {&blowfish_desc, 16, 8}; |
48 #endif | 62 #endif |
49 #ifdef DROPBEAR_TWOFISH256_CBC | 63 #ifdef DROPBEAR_TWOFISH256 |
50 static const struct dropbear_cipher dropbear_twofish256 = | 64 static const struct dropbear_cipher dropbear_twofish256 = |
51 {&twofish_desc, 32, 16}; | 65 {&twofish_desc, 32, 16}; |
52 #endif | 66 #endif |
53 #ifdef DROPBEAR_TWOFISH128_CBC | 67 #ifdef DROPBEAR_TWOFISH128 |
54 static const struct dropbear_cipher dropbear_twofish128 = | 68 static const struct dropbear_cipher dropbear_twofish128 = |
55 {&twofish_desc, 16, 16}; | 69 {&twofish_desc, 16, 16}; |
56 #endif | 70 #endif |
57 #ifdef DROPBEAR_3DES_CBC | 71 #ifdef DROPBEAR_3DES |
58 static const struct dropbear_cipher dropbear_3des = | 72 static const struct dropbear_cipher dropbear_3des = |
59 {&des3_desc, 24, 8}; | 73 {&des3_desc, 24, 8}; |
60 #endif | 74 #endif |
61 | 75 |
62 /* used to indicate no encryption, as defined in rfc2410 */ | 76 /* used to indicate no encryption, as defined in rfc2410 */ |
63 const struct dropbear_cipher dropbear_nocipher = | 77 const struct dropbear_cipher dropbear_nocipher = |
64 {NULL, 16, 8}; | 78 {NULL, 16, 8}; |
65 | 79 |
80 /* A few void* s are required to silence warnings | |
81 * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ | |
82 const struct dropbear_cipher_mode dropbear_mode_cbc = | |
83 {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; | |
84 const struct dropbear_cipher_mode dropbear_mode_none = | |
85 {void_start, void_cipher, void_cipher}; | |
86 #ifdef DROPBEAR_ENABLE_CTR_MODE | |
87 /* a wrapper to make ctr_start and cbc_start look the same */ | |
88 static int dropbear_big_endian_ctr_start(int cipher, | |
89 const unsigned char *IV, | |
90 const unsigned char *key, int keylen, | |
91 int num_rounds, symmetric_CTR *ctr) { | |
92 return ctr_start(cipher, IV, key, keylen, num_rounds, CTR_COUNTER_BIG_ENDIAN, ctr); | |
93 } | |
94 const struct dropbear_cipher_mode dropbear_mode_ctr = | |
95 {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; | |
96 #endif | |
97 | |
66 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. | 98 /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. |
67 {&hash_desc, keysize, hashsize} */ | 99 {&hash_desc, keysize, hashsize} */ |
68 | 100 |
69 #ifdef DROPBEAR_SHA1_HMAC | 101 #ifdef DROPBEAR_SHA1_HMAC |
70 static const struct dropbear_hash dropbear_sha1 = | 102 static const struct dropbear_hash dropbear_sha1 = |
81 | 113 |
82 const struct dropbear_hash dropbear_nohash = | 114 const struct dropbear_hash dropbear_nohash = |
83 {NULL, 16, 0}; /* used initially */ | 115 {NULL, 16, 0}; /* used initially */ |
84 | 116 |
85 | 117 |
86 /* The following map ssh names to internal values */ | 118 /* The following map ssh names to internal values. |
119 * The ordering here is important for the client - the first mode | |
120 * that is also supported by the server will get used. */ | |
87 | 121 |
88 algo_type sshciphers[] = { | 122 algo_type sshciphers[] = { |
89 #ifdef DROPBEAR_AES128_CBC | 123 #ifdef DROPBEAR_ENABLE_CTR_MODE |
90 {"aes128-cbc", 0, (void*)&dropbear_aes128, 1}, | 124 #ifdef DROPBEAR_AES128 |
91 #endif | 125 {"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr}, |
92 #ifdef DROPBEAR_3DES_CBC | 126 #endif |
93 {"3des-cbc", 0, (void*)&dropbear_3des, 1}, | 127 #ifdef DROPBEAR_3DES |
94 #endif | 128 {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr}, |
95 #ifdef DROPBEAR_AES256_CBC | 129 #endif |
96 {"aes256-cbc", 0, (void*)&dropbear_aes256, 1}, | 130 #ifdef DROPBEAR_AES256 |
97 #endif | 131 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, |
98 #ifdef DROPBEAR_TWOFISH256_CBC | 132 #endif |
99 {"twofish256-cbc", 0, (void*)&dropbear_twofish256, 1}, | 133 #endif /* DROPBEAR_ENABLE_CTR_MODE */ |
100 {"twofish-cbc", 0, (void*)&dropbear_twofish256, 1}, | 134 |
101 #endif | 135 /* CBC modes are always enabled */ |
102 #ifdef DROPBEAR_TWOFISH128_CBC | 136 #ifdef DROPBEAR_AES128 |
103 {"twofish128-cbc", 0, (void*)&dropbear_twofish128, 1}, | 137 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, |
104 #endif | 138 #endif |
105 #ifdef DROPBEAR_BLOWFISH_CBC | 139 #ifdef DROPBEAR_3DES |
106 {"blowfish-cbc", 0, (void*)&dropbear_blowfish, 1}, | 140 {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc}, |
107 #endif | 141 #endif |
108 {NULL, 0, NULL, 0} | 142 #ifdef DROPBEAR_AES256 |
143 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, | |
144 #endif | |
145 #ifdef DROPBEAR_TWOFISH256 | |
146 {"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, | |
147 {"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, | |
148 #endif | |
149 #ifdef DROPBEAR_TWOFISH128 | |
150 {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc}, | |
151 #endif | |
152 #ifdef DROPBEAR_BLOWFISH | |
153 {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, | |
154 #endif | |
155 {NULL, 0, NULL, 0, NULL} | |
109 }; | 156 }; |
110 | 157 |
111 algo_type sshhashes[] = { | 158 algo_type sshhashes[] = { |
112 #ifdef DROPBEAR_SHA1_96_HMAC | 159 #ifdef DROPBEAR_SHA1_96_HMAC |
113 {"hmac-sha1-96", 0, (void*)&dropbear_sha1_96, 1}, | 160 {"hmac-sha1-96", 0, &dropbear_sha1_96, 1, NULL}, |
114 #endif | 161 #endif |
115 #ifdef DROPBEAR_SHA1_HMAC | 162 #ifdef DROPBEAR_SHA1_HMAC |
116 {"hmac-sha1", 0, (void*)&dropbear_sha1, 1}, | 163 {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, |
117 #endif | 164 #endif |
118 #ifdef DROPBEAR_MD5_HMAC | 165 #ifdef DROPBEAR_MD5_HMAC |
119 {"hmac-md5", 0, (void*)&dropbear_md5, 1}, | 166 {"hmac-md5", 0, &dropbear_md5, 1, NULL}, |
120 #endif | 167 #endif |
121 {NULL, 0, NULL, 0} | 168 {NULL, 0, NULL, 0, NULL} |
122 }; | 169 }; |
123 | 170 |
124 algo_type sshcompress[] = { | 171 algo_type sshcompress[] = { |
125 #ifndef DISABLE_ZLIB | 172 #ifndef DISABLE_ZLIB |
126 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1}, | 173 {"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL}, |
127 #endif | 174 {"[email protected]", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL}, |
128 {"none", DROPBEAR_COMP_NONE, NULL, 1}, | 175 #endif |
129 {NULL, 0, NULL, 0} | 176 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
177 {NULL, 0, NULL, 0, NULL} | |
130 }; | 178 }; |
131 | 179 |
132 algo_type sshhostkey[] = { | 180 algo_type sshhostkey[] = { |
133 #ifdef DROPBEAR_RSA | 181 #ifdef DROPBEAR_RSA |
134 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1}, | 182 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL}, |
135 #endif | 183 #endif |
136 #ifdef DROPBEAR_DSS | 184 #ifdef DROPBEAR_DSS |
137 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1}, | 185 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL}, |
138 #endif | 186 #endif |
139 {NULL, 0, NULL, 0} | 187 {NULL, 0, NULL, 0, NULL} |
140 }; | 188 }; |
141 | 189 |
142 algo_type sshkex[] = { | 190 algo_type sshkex[] = { |
143 {"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1}, | 191 {"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL}, |
144 {NULL, 0, NULL, 0} | 192 {NULL, 0, NULL, 0, NULL} |
145 }; | 193 }; |
146 | 194 |
147 | 195 |
148 /* Register the compiled in ciphers. | 196 /* Register the compiled in ciphers. |
149 * This should be run before using any of the ciphers/hashes */ | 197 * This should be run before using any of the ciphers/hashes */ |
150 void crypto_init() { | 198 void crypto_init() { |
151 | 199 |
152 const struct ltc_cipher_descriptor *regciphers[] = { | 200 const struct ltc_cipher_descriptor *regciphers[] = { |
153 #ifdef DROPBEAR_AES_CBC | 201 #ifdef DROPBEAR_AES |
154 &aes_desc, | 202 &aes_desc, |
155 #endif | 203 #endif |
156 #ifdef DROPBEAR_BLOWFISH_CBC | 204 #ifdef DROPBEAR_BLOWFISH |
157 &blowfish_desc, | 205 &blowfish_desc, |
158 #endif | 206 #endif |
159 #ifdef DROPBEAR_TWOFISH_CBC | 207 #ifdef DROPBEAR_TWOFISH |
160 &twofish_desc, | 208 &twofish_desc, |
161 #endif | 209 #endif |
162 #ifdef DROPBEAR_3DES_CBC | 210 #ifdef DROPBEAR_3DES |
163 &des3_desc, | 211 &des3_desc, |
164 #endif | 212 #endif |
165 NULL | 213 NULL |
166 }; | 214 }; |
167 | 215 |
213 | 261 |
214 unsigned int i, len; | 262 unsigned int i, len; |
215 unsigned int donefirst = 0; | 263 unsigned int donefirst = 0; |
216 buffer *algolist = NULL; | 264 buffer *algolist = NULL; |
217 | 265 |
218 algolist = buf_new(100); | 266 algolist = buf_new(160); |
219 for (i = 0; localalgos[i].name != NULL; i++) { | 267 for (i = 0; localalgos[i].name != NULL; i++) { |
220 if (localalgos[i].usable) { | 268 if (localalgos[i].usable) { |
221 if (donefirst) | 269 if (donefirst) |
222 buf_putbyte(algolist, ','); | 270 buf_putbyte(algolist, ','); |
223 donefirst = 1; | 271 donefirst = 1; |