Mercurial > dropbear

view libtomcrypt/src/headers/tomcrypt_dropbear.h @ 1790:42745af83b7d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Introduce extra delay before closing unauthenticated sessions To make it harder for attackers, introduce a delay to keep an unauthenticated session open a bit longer, thus blocking a connection slot until after the delay. Without this, while there is a limit on the amount of attempts an attacker can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt is still short and thus for each of the allowed parallel attempts many attempts can be chained one after the other. The attempt rate is then: "MAX_UNAUTH_PER_IP / <process time of one attempt>". With the delay, this rate becomes: "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
author Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date Wed, 15 Feb 2017 13:53:04 +0100
parents c2c0f43ff827
children 3f4cdf839a1a
line wrap: on
line source

/* compile options depend on Dropbear options.h */
#include "options.h"

/* Dropbear config */

#define LTC_NOTHING

/* Use small code where possible */
#if DROPBEAR_SMALL_CODE
#define LTC_SMALL_CODE
#endif

/* Fewer entries needed */
#define TAB_SIZE      5

#if DROPBEAR_AES
#define LTC_RIJNDAEL
#endif
/* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format
 * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */
#if DROPBEAR_TWOFISH
#define LTC_TWOFISH
#define LTC_TWOFISH_SMALL
#endif

#if DROPBEAR_3DES
#define LTC_DES
#endif

#if DROPBEAR_ENABLE_CBC_MODE
#define LTC_CBC_MODE
#endif

#if DROPBEAR_ENABLE_CTR_MODE
#define LTC_CTR_MODE
#endif

#if DROPBEAR_ENABLE_GCM_MODE
#define LTC_GCM_MODE
#endif

#if DROPBEAR_CHACHA20POLY1305
#define LTC_CHACHA
#define LTC_POLY1305
#endif

#if DROPBEAR_SHA512
#define LTC_SHA512
#endif

#if DROPBEAR_SHA384
#define LTC_SHA384
#endif

#if DROPBEAR_SHA256
#define LTC_SHA256
#endif

#define LTC_SHA1

#if DROPBEAR_MD5
#define LTC_MD5
#endif

/* ECC */
#if DROPBEAR_ECC
#define LTC_MECC
#define LTM_DESC

/* use Shamir's trick for point mul (speeds up signature verification) */
#define LTC_ECC_SHAMIR

#if DROPBEAR_ECC_256
#define LTC_ECC256
#endif
#if DROPBEAR_ECC_384
#define LTC_ECC384
#endif
#if DROPBEAR_ECC_521
#define LTC_ECC521
#endif

#endif /* DROPBEAR_ECC */

#define LTC_HMAC
#define LTC_HASH_HELPERS

#define LTC_NO_TEST

#define LTC_BASE64

/* end Dropbear config */