Mercurial > dropbear
comparison common-algo.c @ 910:89555751c489 asm
merge up to 2013.63, improve ASM makefile rules a bit
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 27 Feb 2014 21:35:58 +0800 |
parents | 3ca7113936c1 c19acba28590 |
children |
comparison
equal
deleted
inserted
replaced
909:e4b75744acab | 910:89555751c489 |
---|---|
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | 21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
24 * SOFTWARE. */ | 24 * SOFTWARE. */ |
25 | 25 |
26 #include "includes.h" | |
26 #include "algo.h" | 27 #include "algo.h" |
27 #include "session.h" | 28 #include "session.h" |
28 #include "dbutil.h" | 29 #include "dbutil.h" |
30 #include "kex.h" | |
31 #include "ltc_prng.h" | |
32 #include "ecc.h" | |
33 #include "crypto_desc.h" | |
29 | 34 |
30 /* This file (algo.c) organises the ciphers which can be used, and is used to | 35 /* This file (algo.c) organises the ciphers which can be used, and is used to |
31 * decide which ciphers/hashes/compression/signing to use during key exchange*/ | 36 * decide which ciphers/hashes/compression/signing to use during key exchange*/ |
32 | 37 |
33 static int void_cipher(const unsigned char* in, unsigned char* out, | 38 static int void_cipher(const unsigned char* in, unsigned char* out, |
34 unsigned long len, void *cipher_state) { | 39 unsigned long len, void* UNUSED(cipher_state)) { |
35 if (in != out) { | 40 if (in != out) { |
36 memmove(out, in, len); | 41 memmove(out, in, len); |
37 } | 42 } |
38 return CRYPT_OK; | 43 return CRYPT_OK; |
39 } | 44 } |
40 | 45 |
41 static int void_start(int cipher, const unsigned char *IV, | 46 static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV), |
42 const unsigned char *key, | 47 const unsigned char* UNUSED(key), |
43 int keylen, int num_rounds, void *cipher_state) { | 48 int UNUSED(keylen), int UNUSED(num_rounds), void* UNUSED(cipher_state)) { |
44 return CRYPT_OK; | 49 return CRYPT_OK; |
45 } | 50 } |
46 | 51 |
47 /* Mappings for ciphers, parameters are | 52 /* Mappings for ciphers, parameters are |
48 {&cipher_desc, keysize, blocksize} */ | 53 {&cipher_desc, keysize, blocksize} */ |
49 | 54 |
50 /* Remember to add new ciphers/hashes to regciphers/reghashes too */ | 55 /* Remember to add new ciphers/hashes to regciphers/reghashes too */ |
51 | |
52 #ifdef DROPBEAR_AES_ASM | |
53 extern const struct ltc_cipher_descriptor aes_asm_desc; | |
54 #define DROPBEAR_AES_DESC (aes_asm_desc) | |
55 #else | |
56 #define DROPBEAR_AES_DESC (aes_desc) | |
57 #endif | |
58 | |
59 #ifdef DROPBEAR_SHA1_ASM | |
60 extern const struct ltc_hash_descriptor sha1_asm_desc; | |
61 #define DROPBEAR_SHA1_DESC (sha1_asm_desc) | |
62 #else | |
63 #define DROPBEAR_SHA1_DESC (sha1_desc) | |
64 #endif | |
65 | |
66 | 56 |
67 #ifdef DROPBEAR_AES256 | 57 #ifdef DROPBEAR_AES256 |
68 static const struct dropbear_cipher dropbear_aes256 = | 58 static const struct dropbear_cipher dropbear_aes256 = |
69 {&DROPBEAR_AES_DESC, 32, 16}; | 59 {&DROPBEAR_AES_DESC, 32, 16}; |
70 #endif | 60 #endif |
217 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, | 207 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, |
218 {NULL, 0, NULL, 0, NULL} | 208 {NULL, 0, NULL, 0, NULL} |
219 }; | 209 }; |
220 | 210 |
221 algo_type sshhostkey[] = { | 211 algo_type sshhostkey[] = { |
212 #ifdef DROPBEAR_ECDSA | |
213 #ifdef DROPBEAR_ECC_256 | |
214 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNKEY_ECDSA_NISTP256, NULL, 1, NULL}, | |
215 #endif | |
216 #ifdef DROPBEAR_ECC_384 | |
217 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNKEY_ECDSA_NISTP384, NULL, 1, NULL}, | |
218 #endif | |
219 #ifdef DROPBEAR_ECC_521 | |
220 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNKEY_ECDSA_NISTP521, NULL, 1, NULL}, | |
221 #endif | |
222 #endif | |
222 #ifdef DROPBEAR_RSA | 223 #ifdef DROPBEAR_RSA |
223 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL}, | 224 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL}, |
224 #endif | 225 #endif |
225 #ifdef DROPBEAR_DSS | 226 #ifdef DROPBEAR_DSS |
226 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL}, | 227 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL}, |
227 #endif | 228 #endif |
228 {NULL, 0, NULL, 0, NULL} | 229 {NULL, 0, NULL, 0, NULL} |
229 }; | 230 }; |
230 | 231 |
232 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc }; | |
233 static const struct dropbear_kex kex_dh_group14 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc }; | |
234 | |
235 /* These can't be const since dropbear_ecc_fill_dp() fills out | |
236 ecc_curve at runtime */ | |
237 #ifdef DROPBEAR_ECDH | |
238 #ifdef DROPBEAR_ECC_256 | |
239 static struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc }; | |
240 #endif | |
241 #ifdef DROPBEAR_ECC_384 | |
242 static struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc }; | |
243 #endif | |
244 #ifdef DROPBEAR_ECC_521 | |
245 static struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc }; | |
246 #endif | |
247 #endif /* DROPBEAR_ECDH */ | |
248 | |
249 #ifdef DROPBEAR_CURVE25519 | |
250 /* Referred to directly */ | |
251 static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc }; | |
252 #endif | |
253 | |
231 algo_type sshkex[] = { | 254 algo_type sshkex[] = { |
232 {"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL}, | 255 #ifdef DROPBEAR_CURVE25519 |
233 {"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL}, | 256 {"[email protected]", 0, &kex_curve25519, 1, NULL}, |
257 #endif | |
258 #ifdef DROPBEAR_ECDH | |
259 #ifdef DROPBEAR_ECC_521 | |
260 {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL}, | |
261 #endif | |
262 #ifdef DROPBEAR_ECC_384 | |
263 {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL}, | |
264 #endif | |
265 #ifdef DROPBEAR_ECC_256 | |
266 {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, | |
267 #endif | |
268 #endif | |
269 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, | |
270 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL}, | |
234 #ifdef USE_KEXGUESS2 | 271 #ifdef USE_KEXGUESS2 |
235 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, | 272 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, |
236 #endif | 273 #endif |
237 {NULL, 0, NULL, 0, NULL} | 274 {NULL, 0, NULL, 0, NULL} |
238 }; | 275 }; |
239 | |
240 | |
241 /* Register the compiled in ciphers. | |
242 * This should be run before using any of the ciphers/hashes */ | |
243 void crypto_init() { | |
244 | |
245 const struct ltc_cipher_descriptor *regciphers[] = { | |
246 #ifdef DROPBEAR_AES | |
247 &DROPBEAR_AES_DESC, | |
248 #endif | |
249 #ifdef DROPBEAR_BLOWFISH | |
250 &blowfish_desc, | |
251 #endif | |
252 #ifdef DROPBEAR_TWOFISH | |
253 &twofish_desc, | |
254 #endif | |
255 #ifdef DROPBEAR_3DES | |
256 &des3_desc, | |
257 #endif | |
258 NULL | |
259 }; | |
260 | |
261 const struct ltc_hash_descriptor *reghashes[] = { | |
262 /* we need sha1 for hostkey stuff regardless */ | |
263 &DROPBEAR_SHA1_DESC, | |
264 #ifdef DROPBEAR_MD5_HMAC | |
265 &md5_desc, | |
266 #endif | |
267 #ifdef DROPBEAR_SHA2_256_HMAC | |
268 &sha256_desc, | |
269 #endif | |
270 #ifdef DROPBEAR_SHA2_512_HMAC | |
271 &sha512_desc, | |
272 #endif | |
273 NULL | |
274 }; | |
275 int i; | |
276 | |
277 for (i = 0; regciphers[i] != NULL; i++) { | |
278 if (register_cipher(regciphers[i]) == -1) { | |
279 dropbear_exit("Error registering crypto"); | |
280 } | |
281 } | |
282 | |
283 for (i = 0; reghashes[i] != NULL; i++) { | |
284 if (register_hash(reghashes[i]) == -1) { | |
285 dropbear_exit("Error registering crypto"); | |
286 } | |
287 } | |
288 } | |
289 | 276 |
290 /* algolen specifies the length of algo, algos is our local list to match | 277 /* algolen specifies the length of algo, algos is our local list to match |
291 * against. | 278 * against. |
292 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE | 279 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE |
293 * otherwise */ | 280 * otherwise */ |
310 | 297 |
311 unsigned int i, len; | 298 unsigned int i, len; |
312 unsigned int donefirst = 0; | 299 unsigned int donefirst = 0; |
313 buffer *algolist = NULL; | 300 buffer *algolist = NULL; |
314 | 301 |
315 algolist = buf_new(160); | 302 algolist = buf_new(200); |
316 for (i = 0; localalgos[i].name != NULL; i++) { | 303 for (i = 0; localalgos[i].name != NULL; i++) { |
317 if (localalgos[i].usable) { | 304 if (localalgos[i].usable) { |
318 if (donefirst) | 305 if (donefirst) |
319 buf_putbyte(algolist, ','); | 306 buf_putbyte(algolist, ','); |
320 donefirst = 1; | 307 donefirst = 1; |
407 | 394 |
408 /* iterate and find the first match */ | 395 /* iterate and find the first match */ |
409 for (i = 0; i < clicount; i++) { | 396 for (i = 0; i < clicount; i++) { |
410 for (j = 0; j < servcount; j++) { | 397 for (j = 0; j < servcount; j++) { |
411 if (!(servnames[j] && clinames[i])) { | 398 if (!(servnames[j] && clinames[i])) { |
412 // unusable algos are NULL | 399 /* unusable algos are NULL */ |
413 continue; | 400 continue; |
414 } | 401 } |
415 if (strcmp(servnames[j], clinames[i]) == 0) { | 402 if (strcmp(servnames[j], clinames[i]) == 0) { |
416 /* set if it was a good guess */ | 403 /* set if it was a good guess */ |
417 if (goodguess && kexguess2) { | 404 if (goodguess && kexguess2) { |
470 } | 457 } |
471 } | 458 } |
472 return 0; | 459 return 0; |
473 } | 460 } |
474 | 461 |
475 #endif // DROPBEAR_NONE_CIPHER | 462 #endif /* DROPBEAR_NONE_CIPHER */ |
476 | 463 |
477 #ifdef ENABLE_USER_ALGO_LIST | 464 #ifdef ENABLE_USER_ALGO_LIST |
478 | 465 |
479 char * | 466 char * |
480 algolist_string(algo_type algos[]) | 467 algolist_string(algo_type algos[]) |
551 | 538 |
552 /* Copy one more as a blank delimiter */ | 539 /* Copy one more as a blank delimiter */ |
553 memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1)); | 540 memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1)); |
554 return num_ret; | 541 return num_ret; |
555 } | 542 } |
556 #endif // ENABLE_USER_ALGO_LIST | 543 #endif /* ENABLE_USER_ALGO_LIST */ |