Mercurial > dropbear

comparison common-algo.c @ 910:89555751c489 asm

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge up to 2013.63, improve ASM makefile rules a bit
author Matt Johnston <matt@ucc.asn.au>
date Thu, 27 Feb 2014 21:35:58 +0800
parents 3ca7113936c1 c19acba28590
children
comparison
equal deleted inserted replaced
909:e4b75744acab 910:89555751c489
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24 * SOFTWARE. */ 24 * SOFTWARE. */
25 25
26 #include "includes.h"
26 #include "algo.h" 27 #include "algo.h"
27 #include "session.h" 28 #include "session.h"
28 #include "dbutil.h" 29 #include "dbutil.h"
30 #include "kex.h"
31 #include "ltc_prng.h"
32 #include "ecc.h"
33 #include "crypto_desc.h"
29 34
30 /* This file (algo.c) organises the ciphers which can be used, and is used to 35 /* This file (algo.c) organises the ciphers which can be used, and is used to
31 * decide which ciphers/hashes/compression/signing to use during key exchange*/ 36 * decide which ciphers/hashes/compression/signing to use during key exchange*/
32 37
33 static int void_cipher(const unsigned char* in, unsigned char* out, 38 static int void_cipher(const unsigned char* in, unsigned char* out,
34 unsigned long len, void *cipher_state) { 39 unsigned long len, void* UNUSED(cipher_state)) {
35 if (in != out) { 40 if (in != out) {
36 memmove(out, in, len); 41 memmove(out, in, len);
37 } 42 }
38 return CRYPT_OK; 43 return CRYPT_OK;
39 } 44 }
40 45
41 static int void_start(int cipher, const unsigned char *IV, 46 static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV),
42 const unsigned char *key, 47 const unsigned char* UNUSED(key),
43 int keylen, int num_rounds, void *cipher_state) { 48 int UNUSED(keylen), int UNUSED(num_rounds), void* UNUSED(cipher_state)) {
44 return CRYPT_OK; 49 return CRYPT_OK;
45 } 50 }
46 51
47 /* Mappings for ciphers, parameters are 52 /* Mappings for ciphers, parameters are
48 {&cipher_desc, keysize, blocksize} */ 53 {&cipher_desc, keysize, blocksize} */
49 54
50 /* Remember to add new ciphers/hashes to regciphers/reghashes too */ 55 /* Remember to add new ciphers/hashes to regciphers/reghashes too */
51
52 #ifdef DROPBEAR_AES_ASM
53 extern const struct ltc_cipher_descriptor aes_asm_desc;
54 #define DROPBEAR_AES_DESC (aes_asm_desc)
55 #else
56 #define DROPBEAR_AES_DESC (aes_desc)
57 #endif
58
59 #ifdef DROPBEAR_SHA1_ASM
60 extern const struct ltc_hash_descriptor sha1_asm_desc;
61 #define DROPBEAR_SHA1_DESC (sha1_asm_desc)
62 #else
63 #define DROPBEAR_SHA1_DESC (sha1_desc)
64 #endif
65
66 56
67 #ifdef DROPBEAR_AES256 57 #ifdef DROPBEAR_AES256
68 static const struct dropbear_cipher dropbear_aes256 = 58 static const struct dropbear_cipher dropbear_aes256 =
69 {&DROPBEAR_AES_DESC, 32, 16}; 59 {&DROPBEAR_AES_DESC, 32, 16};
70 #endif 60 #endif
217 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL}, 207 {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
218 {NULL, 0, NULL, 0, NULL} 208 {NULL, 0, NULL, 0, NULL}
219 }; 209 };
220 210
221 algo_type sshhostkey[] = { 211 algo_type sshhostkey[] = {
212 #ifdef DROPBEAR_ECDSA
213 #ifdef DROPBEAR_ECC_256
214 {"ecdsa-sha2-nistp256", DROPBEAR_SIGNKEY_ECDSA_NISTP256, NULL, 1, NULL},
215 #endif
216 #ifdef DROPBEAR_ECC_384
217 {"ecdsa-sha2-nistp384", DROPBEAR_SIGNKEY_ECDSA_NISTP384, NULL, 1, NULL},
218 #endif
219 #ifdef DROPBEAR_ECC_521
220 {"ecdsa-sha2-nistp521", DROPBEAR_SIGNKEY_ECDSA_NISTP521, NULL, 1, NULL},
221 #endif
222 #endif
222 #ifdef DROPBEAR_RSA 223 #ifdef DROPBEAR_RSA
223 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL}, 224 {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL},
224 #endif 225 #endif
225 #ifdef DROPBEAR_DSS 226 #ifdef DROPBEAR_DSS
226 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL}, 227 {"ssh-dss", DROPBEAR_SIGNKEY_DSS, NULL, 1, NULL},
227 #endif 228 #endif
228 {NULL, 0, NULL, 0, NULL} 229 {NULL, 0, NULL, 0, NULL}
229 }; 230 };
230 231
232 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
233 static const struct dropbear_kex kex_dh_group14 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
234
235 /* These can't be const since dropbear_ecc_fill_dp() fills out
236 ecc_curve at runtime */
237 #ifdef DROPBEAR_ECDH
238 #ifdef DROPBEAR_ECC_256
239 static struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
240 #endif
241 #ifdef DROPBEAR_ECC_384
242 static struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
243 #endif
244 #ifdef DROPBEAR_ECC_521
245 static struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
246 #endif
247 #endif /* DROPBEAR_ECDH */
248
249 #ifdef DROPBEAR_CURVE25519
250 /* Referred to directly */
251 static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc };
252 #endif
253
231 algo_type sshkex[] = { 254 algo_type sshkex[] = {
232 {"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL}, 255 #ifdef DROPBEAR_CURVE25519
233 {"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL}, 256 {"[email protected]", 0, &kex_curve25519, 1, NULL},
257 #endif
258 #ifdef DROPBEAR_ECDH
259 #ifdef DROPBEAR_ECC_521
260 {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
261 #endif
262 #ifdef DROPBEAR_ECC_384
263 {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
264 #endif
265 #ifdef DROPBEAR_ECC_256
266 {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
267 #endif
268 #endif
269 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
270 {"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL},
234 #ifdef USE_KEXGUESS2 271 #ifdef USE_KEXGUESS2
235 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL}, 272 {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
236 #endif 273 #endif
237 {NULL, 0, NULL, 0, NULL} 274 {NULL, 0, NULL, 0, NULL}
238 }; 275 };
239
240
241 /* Register the compiled in ciphers.
242 * This should be run before using any of the ciphers/hashes */
243 void crypto_init() {
244
245 const struct ltc_cipher_descriptor *regciphers[] = {
246 #ifdef DROPBEAR_AES
247 &DROPBEAR_AES_DESC,
248 #endif
249 #ifdef DROPBEAR_BLOWFISH
250 &blowfish_desc,
251 #endif
252 #ifdef DROPBEAR_TWOFISH
253 &twofish_desc,
254 #endif
255 #ifdef DROPBEAR_3DES
256 &des3_desc,
257 #endif
258 NULL
259 };
260
261 const struct ltc_hash_descriptor *reghashes[] = {
262 /* we need sha1 for hostkey stuff regardless */
263 &DROPBEAR_SHA1_DESC,
264 #ifdef DROPBEAR_MD5_HMAC
265 &md5_desc,
266 #endif
267 #ifdef DROPBEAR_SHA2_256_HMAC
268 &sha256_desc,
269 #endif
270 #ifdef DROPBEAR_SHA2_512_HMAC
271 &sha512_desc,
272 #endif
273 NULL
274 };
275 int i;
276
277 for (i = 0; regciphers[i] != NULL; i++) {
278 if (register_cipher(regciphers[i]) == -1) {
279 dropbear_exit("Error registering crypto");
280 }
281 }
282
283 for (i = 0; reghashes[i] != NULL; i++) {
284 if (register_hash(reghashes[i]) == -1) {
285 dropbear_exit("Error registering crypto");
286 }
287 }
288 }
289 276
290 /* algolen specifies the length of algo, algos is our local list to match 277 /* algolen specifies the length of algo, algos is our local list to match
291 * against. 278 * against.
292 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE 279 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
293 * otherwise */ 280 * otherwise */
310 297
311 unsigned int i, len; 298 unsigned int i, len;
312 unsigned int donefirst = 0; 299 unsigned int donefirst = 0;
313 buffer *algolist = NULL; 300 buffer *algolist = NULL;
314 301
315 algolist = buf_new(160); 302 algolist = buf_new(200);
316 for (i = 0; localalgos[i].name != NULL; i++) { 303 for (i = 0; localalgos[i].name != NULL; i++) {
317 if (localalgos[i].usable) { 304 if (localalgos[i].usable) {
318 if (donefirst) 305 if (donefirst)
319 buf_putbyte(algolist, ','); 306 buf_putbyte(algolist, ',');
320 donefirst = 1; 307 donefirst = 1;
407 394
408 /* iterate and find the first match */ 395 /* iterate and find the first match */
409 for (i = 0; i < clicount; i++) { 396 for (i = 0; i < clicount; i++) {
410 for (j = 0; j < servcount; j++) { 397 for (j = 0; j < servcount; j++) {
411 if (!(servnames[j] && clinames[i])) { 398 if (!(servnames[j] && clinames[i])) {
412 // unusable algos are NULL 399 /* unusable algos are NULL */
413 continue; 400 continue;
414 } 401 }
415 if (strcmp(servnames[j], clinames[i]) == 0) { 402 if (strcmp(servnames[j], clinames[i]) == 0) {
416 /* set if it was a good guess */ 403 /* set if it was a good guess */
417 if (goodguess && kexguess2) { 404 if (goodguess && kexguess2) {
470 } 457 }
471 } 458 }
472 return 0; 459 return 0;
473 } 460 }
474 461
475 #endif // DROPBEAR_NONE_CIPHER 462 #endif /* DROPBEAR_NONE_CIPHER */
476 463
477 #ifdef ENABLE_USER_ALGO_LIST 464 #ifdef ENABLE_USER_ALGO_LIST
478 465
479 char * 466 char *
480 algolist_string(algo_type algos[]) 467 algolist_string(algo_type algos[])
551 538
552 /* Copy one more as a blank delimiter */ 539 /* Copy one more as a blank delimiter */
553 memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1)); 540 memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1));
554 return num_ret; 541 return num_ret;
555 } 542 }
556 #endif // ENABLE_USER_ALGO_LIST 543 #endif /* ENABLE_USER_ALGO_LIST */