# HG changeset patch # User Matt Johnston # Date 1462225696 -7200 # Node ID 56aba7dedbea75282cc3f86856d08f94f43b4fdd # Parent dc8f7997f10fda53bdd5761abbe3d15662ff9a66 options for disabling "normal" DH diff -r dc8f7997f10f -r 56aba7dedbea algo.h --- a/algo.h Mon May 02 17:03:55 2016 +0200 +++ b/algo.h Mon May 02 23:48:16 2016 +0200 @@ -83,9 +83,15 @@ }; enum dropbear_kex_mode { +#if DROPBEAR_NORMAL_DH DROPBEAR_KEX_NORMAL_DH, +#endif +#ifdef DROPBEAR_ECDH DROPBEAR_KEX_ECDH, +#endif +#ifdef DROPBEAR_CURVE25519 DROPBEAR_KEX_CURVE25519, +#endif }; struct dropbear_kex { diff -r dc8f7997f10f -r 56aba7dedbea cli-kex.c --- a/cli-kex.c Mon May 02 17:03:55 2016 +0200 +++ b/cli-kex.c Mon May 02 23:48:16 2016 +0200 @@ -48,6 +48,7 @@ CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); switch (ses.newkeys->algo_kex->mode) { +#if DROPBEAR_NORMAL_DH case DROPBEAR_KEX_NORMAL_DH: if (ses.newkeys->algo_kex != cli_ses.param_kex_algo || !cli_ses.dh_param) { @@ -58,8 +59,9 @@ } buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub); break; +#endif +#ifdef DROPBEAR_ECDH case DROPBEAR_KEX_ECDH: -#ifdef DROPBEAR_ECDH if (ses.newkeys->algo_kex != cli_ses.param_kex_algo || !cli_ses.ecdh_param) { if (cli_ses.ecdh_param) { @@ -68,8 +70,8 @@ cli_ses.ecdh_param = gen_kexecdh_param(); } buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); + break; #endif - break; #ifdef DROPBEAR_CURVE25519 case DROPBEAR_KEX_CURVE25519: if (ses.newkeys->algo_kex != cli_ses.param_kex_algo @@ -80,8 +82,8 @@ cli_ses.curve25519_param = gen_kexcurve25519_param(); } buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN); + break; #endif - break; } cli_ses.param_kex_algo = ses.newkeys->algo_kex; @@ -118,6 +120,7 @@ } switch (ses.newkeys->algo_kex->mode) { +#if DROPBEAR_NORMAL_DH case DROPBEAR_KEX_NORMAL_DH: { DEF_MP_INT(dh_f); @@ -131,15 +134,16 @@ mp_clear(&dh_f); } break; +#endif +#ifdef DROPBEAR_ECDH case DROPBEAR_KEX_ECDH: -#ifdef DROPBEAR_ECDH { buffer *ecdh_qs = buf_getstringbuf(ses.payload); kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey); buf_free(ecdh_qs); } + break; #endif - break; #ifdef DROPBEAR_CURVE25519 case DROPBEAR_KEX_CURVE25519: { @@ -147,8 +151,8 @@ kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey); buf_free(ecdh_qs); } + break; #endif - break; } if (cli_ses.dh_param) { diff -r dc8f7997f10f -r 56aba7dedbea common-algo.c --- a/common-algo.c Mon May 02 17:03:55 2016 +0200 +++ b/common-algo.c Mon May 02 23:48:16 2016 +0200 @@ -251,12 +251,12 @@ #if DROPBEAR_DH_GROUP1 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc }; #endif -#if DROPBEAR_DH_GROUP14 +#if DROPBEAR_DH_GROUP14_SHA1 static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc }; -#if DROPBEAR_DH_GROUP14_256 +#endif +#if DROPBEAR_DH_GROUP14_SHA256 static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc }; #endif -#endif #if DROPBEAR_DH_GROUP16 static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc }; #endif @@ -295,12 +295,12 @@ {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, #endif #endif -#if DROPBEAR_DH_GROUP14 -#if DROPBEAR_DH_GROUP14_256 +#if DROPBEAR_DH_GROUP14_SHA1 + {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL}, +#endif +#if DROPBEAR_DH_GROUP14_SHA256 {"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL}, #endif - {"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL}, -#endif #if DROPBEAR_DH_GROUP1 {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, #endif @@ -349,6 +349,7 @@ } } buf_putstring(buf, (const char*)algolist->data, algolist->len); + TRACE(("algolist add '%*s'", algolist->len, algolist->data)) buf_free(algolist); } diff -r dc8f7997f10f -r 56aba7dedbea keyimport.c --- a/keyimport.c Mon May 02 17:03:55 2016 +0200 +++ b/keyimport.c Mon May 02 23:48:16 2016 +0200 @@ -36,9 +36,11 @@ #include "dbutil.h" #include "ecc.h" +#ifdef DROPBEAR_ECDSA static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}; static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22}; static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23}; +#endif #define PUT_32BIT(cp, value) do { \ (cp)[3] = (unsigned char)(value); \ diff -r dc8f7997f10f -r 56aba7dedbea options.h --- a/options.h Mon May 02 17:03:55 2016 +0200 +++ b/options.h Mon May 02 23:48:16 2016 +0200 @@ -150,7 +150,7 @@ /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC * code (either ECDSA or ECDH) increases binary size - around 30kB * on x86-64 */ -#define DROPBEAR_ECDSA +//#define DROPBEAR_ECDSA /* Generate hostkeys as-needed when the first connection using that key type occurs. This avoids the need to otherwise run "dropbearkey" and avoids some problems @@ -169,18 +169,19 @@ #define DROPBEAR_ECDH /* Key exchange algorithm. + * group14_sha1 - 2048 bit, sha1 + * group14_sha256 - 2048 bit, sha2-256 + * group16 - 4096 bit, sha2-512 * group1 - 1024 bit, sha1 - * group14 - 2048 bit, sha1 - * group14_256 - 2048 bit, sha2-256 - * group16 - 4096 bit, sha2-512 * * group14 is supported by most implementations. - * group16 provides a greater strength but is slower and increases binary size - * group1 is necessary if compatibility with Dropbear versions < 0.53 is required + * group16 provides a greater strength level but is slower and increases binary size + * group1 is too small for security though is necessary if you need + compatibility with some implementations such as Dropbear versions < 0.53 */ #define DROPBEAR_DH_GROUP1 1 -#define DROPBEAR_DH_GROUP14 1 -#define DROPBEAR_DH_GROUP14_256 1 +#define DROPBEAR_DH_GROUP14_SHA1 1 +#define DROPBEAR_DH_GROUP14_SHA256 1 #define DROPBEAR_DH_GROUP16 0 /* Control the memory/performance/compression tradeoff for zlib. diff -r dc8f7997f10f -r 56aba7dedbea svr-kex.c --- a/svr-kex.c Mon May 02 17:03:55 2016 +0200 +++ b/svr-kex.c Mon May 02 23:48:16 2016 +0200 @@ -54,18 +54,24 @@ } switch (ses.newkeys->algo_kex->mode) { +#if DROPBEAR_NORMAL_DH case DROPBEAR_KEX_NORMAL_DH: m_mp_init(&dh_e); if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) { dropbear_exit("Bad kex value"); } break; +#endif +#ifdef DROPBEAR_ECDH case DROPBEAR_KEX_ECDH: +#endif +#ifdef DROPBEAR_CURVE25519 case DROPBEAR_KEX_CURVE25519: +#endif #if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519) ecdh_qs = buf_getstringbuf(ses.payload); + break; #endif - break; } if (ses.payload->pos != ses.payload->len) { dropbear_exit("Bad kex value"); @@ -221,6 +227,7 @@ ses.newkeys->algo_hostkey); switch (ses.newkeys->algo_kex->mode) { +#ifdef DROPBEAR_NORMAL_DH case DROPBEAR_KEX_NORMAL_DH: { struct kex_dh_param * dh_param = gen_kexdh_param(); @@ -231,8 +238,9 @@ free_kexdh_param(dh_param); } break; +#endif +#ifdef DROPBEAR_ECDH case DROPBEAR_KEX_ECDH: -#ifdef DROPBEAR_ECDH { struct kex_ecdh_param *ecdh_param = gen_kexecdh_param(); kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); @@ -240,18 +248,18 @@ buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key); free_kexecdh_param(ecdh_param); } + break; #endif - break; +#ifdef DROPBEAR_CURVE25519 case DROPBEAR_KEX_CURVE25519: -#ifdef DROPBEAR_CURVE25519 { struct kex_curve25519_param *param = gen_kexcurve25519_param(); kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey); buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN); free_kexcurve25519_param(param); } + break; #endif - break; } /* calc the signature */ diff -r dc8f7997f10f -r 56aba7dedbea sysoptions.h --- a/sysoptions.h Mon May 02 17:03:55 2016 +0200 +++ b/sysoptions.h Mon May 02 23:48:16 2016 +0200 @@ -113,7 +113,7 @@ #define RSA_BLINDING /* hashes which will be linked and registered */ -#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14 +#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14_SHA256 #define DROPBEAR_SHA256 #endif #if defined(DROPBEAR_ECC_384) @@ -127,6 +127,14 @@ #define DROPBEAR_MD5 #endif + #if DROPBEAR_DH_GROUP14_SHA256 || DROPBEAR_DH_GROUP14_SHA1 + #define DROPBEAR_DH_GROUP14 1 + #endif + +#if DROPBEAR_DH_GROUP1 || DROPBEAR_DH_GROUP14 || DROPBEAR_DH_GROUP16 +#define DROPBEAR_NORMAL_DH 1 +#endif + /* roughly 2x 521 bits */ #define MAX_ECC_SIZE 140