# HG changeset patch # User Matt Johnston # Date 1125421137 0 # Node ID 5e4110bb753a8e471b2f1d5c16104e5356820135 # Parent ad1b24e39bf38851c8abc8ce254c46619d8731cb - Fixed twofish algorithm naming so it actually works. - Added support for aes256, twofish256 and sha1-96 - Fixed some debugging statements diff -r ad1b24e39bf3 -r 5e4110bb753a common-algo.c --- a/common-algo.c Wed Aug 24 16:43:29 2005 +0000 +++ b/common-algo.c Tue Aug 30 16:58:57 2005 +0000 @@ -32,6 +32,10 @@ /* Mappings for ciphers, parameters are {&cipher_desc, keysize, blocksize} */ +#ifdef DROPBEAR_AES256_CBC +static const struct dropbear_cipher dropbear_aes256 = + {&aes_desc, 32, 16}; +#endif #ifdef DROPBEAR_AES128_CBC static const struct dropbear_cipher dropbear_aes128 = {&aes_desc, 16, 16}; @@ -40,6 +44,10 @@ static const struct dropbear_cipher dropbear_blowfish = {&blowfish_desc, 16, 8}; #endif +#ifdef DROPBEAR_TWOFISH256_CBC +static const struct dropbear_cipher dropbear_twofish256 = + {&twofish_desc, 32, 16}; +#endif #ifdef DROPBEAR_TWOFISH128_CBC static const struct dropbear_cipher dropbear_twofish128 = {&twofish_desc, 16, 16}; @@ -60,6 +68,10 @@ static const struct dropbear_hash dropbear_sha1 = {&sha1_desc, 20, 20}; #endif +#ifdef DROPBEAR_SHA1_96_HMAC +static const struct dropbear_hash dropbear_sha1_96 = + {&sha1_desc, 20, 12}; +#endif #ifdef DROPBEAR_MD5_HMAC static const struct dropbear_hash dropbear_md5 = {&md5_desc, 16, 16}; @@ -75,19 +87,28 @@ #ifdef DROPBEAR_AES128_CBC {"aes128-cbc", 0, (void*)&dropbear_aes128, 1}, #endif +#ifdef DROPBEAR_3DES_CBC + {"3des-cbc", 0, (void*)&dropbear_3des, 1}, +#endif +#ifdef DROPBEAR_AES256_CBC + {"aes256-cbc", 0, (void*)&dropbear_aes256, 1}, +#endif #ifdef DROPBEAR_BLOWFISH_CBC {"blowfish-cbc", 0, (void*)&dropbear_blowfish, 1}, #endif -#ifdef DROPBEAR_TWOFISH128_CBC - {"twofish-cbc", 0, (void*)&dropbear_twofish128, 1}, +#ifdef DROPBEAR_TWOFISH256_CBC + {"twofish256-cbc", 0, (void*)&dropbear_twofish256, 1}, #endif -#ifdef DROPBEAR_3DES_CBC - {"3des-cbc", 0, (void*)&dropbear_3des, 1}, +#ifdef DROPBEAR_TWOFISH128_CBC + {"twofish128-cbc", 0, (void*)&dropbear_twofish128, 1}, #endif {NULL, 0, NULL, 0} }; algo_type sshhashes[] = { +#ifdef DROPBEAR_SHA1_96_HMAC + {"hmac-sha1-96", 0, (void*)&dropbear_sha1_96, 1}, +#endif #ifdef DROPBEAR_SHA1_HMAC {"hmac-sha1", 0, (void*)&dropbear_sha1, 1}, #endif diff -r ad1b24e39bf3 -r 5e4110bb753a common-kex.c --- a/common-kex.c Wed Aug 24 16:43:29 2005 +0000 +++ b/common-kex.c Tue Aug 30 16:58:57 2005 +0000 @@ -622,7 +622,7 @@ erralgo = "enc c->s"; goto error; } - TRACE(("c2s is %s", c2s_cipher_algo->name)) + TRACE(("enc c2s is %s", c2s_cipher_algo->name)) /* encryption_algorithms_server_to_client */ s2c_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess); @@ -630,7 +630,7 @@ erralgo = "enc s->c"; goto error; } - TRACE(("s2c is %s", s2c_cipher_algo->name)) + TRACE(("enc s2c is %s", s2c_cipher_algo->name)) /* mac_algorithms_client_to_server */ c2s_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess); @@ -638,6 +638,7 @@ erralgo = "mac c->s"; goto error; } + TRACE(("hash c2s is %s", c2s_hash_algo->name)) /* mac_algorithms_server_to_client */ s2c_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess); @@ -645,6 +646,7 @@ erralgo = "mac s->c"; goto error; } + TRACE(("hash s2c is %s", s2c_hash_algo->name)) /* compression_algorithms_client_to_server */ c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); @@ -652,6 +654,7 @@ erralgo = "comp c->s"; goto error; } + TRACE(("hash c2s is %s", c2s_comp_algo->name)) /* compression_algorithms_server_to_client */ s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess); @@ -659,6 +662,7 @@ erralgo = "comp s->c"; goto error; } + TRACE(("hash s2c is %s", s2c_comp_algo->name)) /* languages_client_to_server */ buf_eatstring(ses.payload); @@ -701,13 +705,6 @@ ses.newkeys->trans_algo_comp = s2c_comp_algo->val; } - TRACE(("enc algo recv %s", algo->name)) - TRACE(("enc algo trans %s", algo->name)) - TRACE(("mac algo recv %s", algo->name)) - TRACE(("mac algo trans %s", algo->name)) - TRACE(("comp algo recv %s", algo->name)) - TRACE(("comp algo trans %s", algo->name)) - /* reserved for future extensions */ buf_getint(ses.payload); return; diff -r ad1b24e39bf3 -r 5e4110bb753a options.h --- a/options.h Wed Aug 24 16:43:29 2005 +0000 +++ b/options.h Tue Aug 30 16:58:57 2005 +0000 @@ -62,25 +62,30 @@ #define ENABLE_AGENTFWD /* Encryption - at least one required. - * RFC Draft requires 3DES, and recommends Blowfish, AES128 & Twofish128 */ + * RFC Draft requires 3DES and recommends AES128 for interoperability. + * Including multiple keysize variants the same cipher + * (eg AES256 as well as AES128) will result in a minimal size increase.*/ #define DROPBEAR_AES128_CBC -#define DROPBEAR_BLOWFISH_CBC -#define DROPBEAR_TWOFISH128_CBC #define DROPBEAR_3DES_CBC +#define DROPBEAR_AES256_CBC +#define DROPBEAR_BLOWFISH_CBC +#define DROPBEAR_TWOFISH256_CBC +#define DROPBEAR_TWOFISH128_CBC -/* Integrity - at least one required. - * RFC Draft requires sha1-hmac, and recommends md5-hmac. +/* Message Integrity - at least one required. + * RFC Draft requires sha1 and recommends sha1-96. + * sha1-96 may be of use for slow links, as it has a smaller overhead. * - * Note: there's no point disabling sha1 to save space, since it's used in the + * Note: there's no point disabling sha1 to save space, since it's used * for the random number generator and public-key cryptography anyway. * Disabling it here will just stop it from being used as the integrity portion * of the ssh protocol. * - * These are also used for key fingerprints in logs (when pubkey auth is used), - * MD5 fingerprints are printed if available, however SHA1 fingerprints will be - * generated otherwise. This isn't exactly optimal, although SHA1 fingerprints - * are not too hard to create from pubkeys if required. */ + * These hashes are also used for public key fingerprints in logs. + * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, + * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC +#define DROPBEAR_SHA1_96_HMAC #define DROPBEAR_MD5_HMAC /* Hostkey/public key algorithms - at least one required, these are used @@ -310,6 +315,14 @@ #define DROPBEAR_MAX_CLI_PASS 1024 +#if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC) +#define DROPBEAR_AES_CBC +#endif + +#if defined(DROPBEAR_TWOFISH256_CBC) || defined(DROPBEAR_TWOFISH128_CBC) +#define DROPBEAR_TWOFISH_CBC +#endif + #ifndef ENABLE_X11FWD #define DISABLE_X11FWD #endif diff -r ad1b24e39bf3 -r 5e4110bb753a packet.c --- a/packet.c Wed Aug 24 16:43:29 2005 +0000 +++ b/packet.c Tue Aug 30 16:58:57 2005 +0000 @@ -215,7 +215,7 @@ if ((len > MAX_PACKET_LEN) || (len < MIN_PACKET_LEN + macsize) || ((len - macsize) % blocksize != 0)) { - dropbear_exit("bad packet size"); + dropbear_exit("bad packet size %d", len); } buf_resize(ses.readbuf, len); @@ -314,14 +314,13 @@ * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ static int checkmac(buffer* macbuf, buffer* sourcebuf) { - unsigned char macsize; + unsigned int macsize; hmac_state hmac; unsigned char tempbuf[MAX_MAC_LEN]; - unsigned long hashsize; - int len; + unsigned long bufsize; + unsigned int len; macsize = ses.keys->recv_algo_mac->hashsize; - if (macsize == 0) { return DROPBEAR_SUCCESS; } @@ -347,8 +346,8 @@ dropbear_exit("HMAC error"); } - hashsize = sizeof(tempbuf); - if (hmac_done(&hmac, tempbuf, &hashsize) != CRYPT_OK) { + bufsize = sizeof(tempbuf); + if (hmac_done(&hmac, tempbuf, &bufsize) != CRYPT_OK) { dropbear_exit("HMAC error"); } @@ -524,15 +523,15 @@ /* Create the packet mac, and append H(seqno|clearbuf) to the output */ static void writemac(buffer * outputbuffer, buffer * clearwritebuf) { - int macsize; + unsigned int macsize; unsigned char seqbuf[4]; - unsigned long hashsize; + unsigned char tempbuf[MAX_MAC_LEN]; + unsigned long bufsize; hmac_state hmac; TRACE(("enter writemac")) - macsize = ses.keys->trans_algo_mac->hashsize; - + macsize = ses.keys->recv_algo_mac->hashsize; if (macsize > 0) { /* calculate the mac */ if (hmac_init(&hmac, @@ -557,12 +556,12 @@ dropbear_exit("HMAC error"); } - hashsize = macsize; - if (hmac_done(&hmac, buf_getwriteptr(outputbuffer, macsize), &hashsize) + bufsize = sizeof(tempbuf); + if (hmac_done(&hmac, tempbuf, &bufsize) != CRYPT_OK) { dropbear_exit("HMAC error"); } - buf_incrwritepos(outputbuffer, macsize); + buf_putbytes(outputbuffer, tempbuf, macsize); } TRACE(("leave writemac")) }