Mercurial > dropbear
view cli-main.c @ 1672:3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
* Add Chacha20-Poly1305 authenticated encryption
* Add general AEAD approach.
* Add [email protected] algo using LibTomCrypt chacha and
poly1305 routines.
Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated
AES instructions, having the same key size.
Compiling in will add ~5,5kB to binary size on x86-64.
function old new delta
chacha_crypt - 1397 +1397
_poly1305_block - 608 +608
poly1305_done - 595 +595
dropbear_chachapoly_crypt - 457 +457
.rodata 26976 27392 +416
poly1305_process - 290 +290
poly1305_init - 221 +221
chacha_setup - 218 +218
encrypt_packet 1068 1270 +202
dropbear_chachapoly_getlength - 147 +147
decrypt_packet 756 897 +141
chacha_ivctr64 - 137 +137
read_packet 543 637 +94
dropbear_chachapoly_start - 94 +94
read_kex_algos 792 880 +88
chacha_keystream - 69 +69
dropbear_mode_chachapoly - 48 +48
sshciphers 280 320 +40
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_chachapoly_mac - 24 +24
dropbear_chachapoly - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes
* Add AES128-GCM and AES256-GCM authenticated encryption
* Add general AES-GCM mode.
* Add [email protected] and [email protected] algo using
LibTomCrypt gcm routines.
AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on
CPU w/o dedicated AES/GHASH instructions therefore disabled by default.
Compiling in will add ~6kB to binary size on x86-64.
function old new delta
gcm_process - 1060 +1060
.rodata 26976 27808 +832
gcm_gf_mult - 820 +820
gcm_add_aad - 660 +660
gcm_shift_table - 512 +512
gcm_done - 471 +471
gcm_add_iv - 384 +384
gcm_init - 347 +347
dropbear_gcm_crypt - 309 +309
encrypt_packet 1068 1270 +202
decrypt_packet 756 897 +141
gcm_reset - 118 +118
read_packet 543 637 +94
read_kex_algos 792 880 +88
sshciphers 280 360 +80
gcm_mult_h - 80 +80
dropbear_gcm_start - 62 +62
dropbear_mode_gcm - 48 +48
dropbear_mode_none 24 48 +24
dropbear_mode_ctr 24 48 +24
dropbear_mode_cbc 24 48 +24
dropbear_ghash - 24 +24
dropbear_gcm_getlength - 24 +24
gen_new_keys 848 854 +6
------------------------------------------------------------------------------
(add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
| author | Vladislav Grishenko <themiron@users.noreply.github.com> |
|---|---|
| date | Mon, 25 May 2020 20:50:25 +0500 |
| parents | 33b872649eb7 |
| children | d5cdc60db08e |
line wrap: on
line source
/* * Dropbear - a SSH2 server * SSH client implementation * * Copyright (c) 2002,2003 Matt Johnston * Copyright (c) 2004 by Mihnea Stoenescu * All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #include "includes.h" #include "dbutil.h" #include "runopts.h" #include "session.h" #include "dbrandom.h" #include "crypto_desc.h" #include "netio.h" static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; static void cli_dropbear_log(int priority, const char* format, va_list param); #if DROPBEAR_CLI_PROXYCMD static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out); static void kill_proxy_sighandler(int signo); #endif #if defined(DBMULTI_dbclient) || !DROPBEAR_MULTI #if defined(DBMULTI_dbclient) && DROPBEAR_MULTI int cli_main(int argc, char ** argv) { #else int main(int argc, char ** argv) { #endif int sock_in, sock_out; struct dropbear_progress_connection *progress = NULL; _dropbear_exit = cli_dropbear_exit; _dropbear_log = cli_dropbear_log; disallow_core(); seedrandom(); crypto_init(); cli_getopts(argc, argv); #ifndef DISABLE_SYSLOG if (opts.usingsyslog) { startsyslog("dbclient"); } #endif TRACE(("user='%s' host='%s' port='%s' bind_address='%s' bind_port='%s'", cli_opts.username, cli_opts.remotehost, cli_opts.remoteport, cli_opts.bind_address, cli_opts.bind_port)) if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { dropbear_exit("signal() error"); } pid_t proxy_cmd_pid = 0; #if DROPBEAR_CLI_PROXYCMD if (cli_opts.proxycmd) { cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid); m_free(cli_opts.proxycmd); if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR || signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR || signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) { dropbear_exit("signal() error"); } } else #endif { progress = connect_remote(cli_opts.remotehost, cli_opts.remoteport, cli_connected, &ses, cli_opts.bind_address, cli_opts.bind_port); sock_in = sock_out = -1; } cli_session(sock_in, sock_out, progress, proxy_cmd_pid); /* not reached */ return -1; } #endif /* DBMULTI stuff */ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) { char exitmsg[150]; char fullmsg[300]; /* Note that exit message must be rendered before session cleanup */ /* Render the formatted exit message */ vsnprintf(exitmsg, sizeof(exitmsg), format, param); /* Add the prefix depending on session/auth state */ if (!ses.init_done) { snprintf(fullmsg, sizeof(fullmsg), "Exited: %s", exitmsg); } else { snprintf(fullmsg, sizeof(fullmsg), "Connection to %s@%s:%s exited: %s", cli_opts.username, cli_opts.remotehost, cli_opts.remoteport, exitmsg); } /* Do the cleanup first, since then the terminal will be reset */ session_cleanup(); /* Avoid printing onwards from terminal cruft */ fprintf(stderr, "\n"); dropbear_log(LOG_INFO, "%s", fullmsg); exit(exitcode); } static void cli_dropbear_log(int priority, const char* format, va_list param) { char printbuf[1024]; vsnprintf(printbuf, sizeof(printbuf), format, param); #ifndef DISABLE_SYSLOG if (opts.usingsyslog) { syslog(priority, "%s", printbuf); } #endif fprintf(stderr, "%s: %s\n", cli_opts.progname, printbuf); fflush(stderr); } static void exec_proxy_cmd(const void *user_data_cmd) { const char *cmd = user_data_cmd; char *usershell; usershell = m_strdup(get_user_shell()); run_shell_command(cmd, ses.maxfd, usershell); dropbear_exit("Failed to run '%s'\n", cmd); } #if DROPBEAR_CLI_PROXYCMD static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) { char * ex_cmd = NULL; size_t ex_cmdlen; int ret; /* File descriptor "-j &3" */ if (*cli_opts.proxycmd == '&') { char *p = cli_opts.proxycmd + 1; int sock = strtoul(p, &p, 10); /* must be a single number, and not stdin/stdout/stderr */ if (sock > 2 && sock < 1024 && *p == '\0') { *sock_in = sock; *sock_out = sock; return; } } /* Normal proxycommand */ /* So that spawn_command knows which shell to run */ fill_passwd(cli_opts.own_user); ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */ ex_cmd = m_malloc(ex_cmdlen); snprintf(ex_cmd, ex_cmdlen, "exec %s", cli_opts.proxycmd); ret = spawn_command(exec_proxy_cmd, ex_cmd, sock_out, sock_in, NULL, pid_out); m_free(ex_cmd); if (ret == DROPBEAR_FAILURE) { dropbear_exit("Failed running proxy command"); *sock_in = *sock_out = -1; } } static void kill_proxy_sighandler(int UNUSED(signo)) { kill_proxy_command(); _exit(1); } #endif /* DROPBEAR_CLI_PROXYCMD */