# HG changeset patch # User Matt Johnston # Date 1337180091 -28800 # Node ID a4b7627b315700e7aa4f0cdd2200e206397deb8d # Parent bd4b5d7886e5ecc4bbebd246e2b35f1e5406168d# Parent 0129fd8ccc71d7ba55fcd73c9ee2c8d02d387b33 Update insecure-nocrypto to current head diff -r bd4b5d7886e5 -r a4b7627b3157 cli-auth.c --- a/cli-auth.c Wed May 16 21:56:50 2012 +0800 +++ b/cli-auth.c Wed May 16 22:54:51 2012 +0800 @@ -257,7 +257,10 @@ #endif #ifdef ENABLE_CLI_INTERACT_AUTH - if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { + if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); + } + else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { if (cli_ses.auth_interact_failed) { finished = 0; } else { @@ -269,7 +272,10 @@ #endif #ifdef ENABLE_CLI_PASSWORD_AUTH - if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { + if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); + } + else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { cli_auth_password(); finished = 1; cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; diff -r bd4b5d7886e5 -r a4b7627b3157 common-algo.c --- a/common-algo.c Wed May 16 21:56:50 2012 +0800 +++ b/common-algo.c Wed May 16 22:54:51 2012 +0800 @@ -160,6 +160,9 @@ #ifdef DROPBEAR_BLOWFISH {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, #endif +#ifdef DROPBEAR_NONE_CIPHER + {"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none}, +#endif {NULL, 0, NULL, 0, NULL} }; @@ -177,7 +180,10 @@ {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, #endif #ifdef DROPBEAR_MD5_HMAC - {"hmac-md5", 0, &dropbear_md5, 1, NULL}, + {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL}, +#endif +#ifdef DROPBEAR_NONE_INTEGRITY + {"none", 0, (void*)&dropbear_nohash, 1, NULL}, #endif {NULL, 0, NULL, 0, NULL} }; diff -r bd4b5d7886e5 -r a4b7627b3157 common-kex.c --- a/common-kex.c Wed May 16 21:56:50 2012 +0800 +++ b/common-kex.c Wed May 16 22:54:51 2012 +0800 @@ -293,7 +293,6 @@ hash_state hs; unsigned int C2S_keysize, S2C_keysize; char mactransletter, macrecvletter; /* Client or server specific */ - int recv_cipher = 0, trans_cipher = 0; TRACE(("enter gen_new_keys")) /* the dh_K and hash are the start of all hashes, we make use of that */ @@ -330,31 +329,39 @@ hashkeys(C2S_key, C2S_keysize, &hs, 'C'); hashkeys(S2C_key, S2C_keysize, &hs, 'D'); - recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name); - if (recv_cipher < 0) - dropbear_exit("Crypto error"); - if (ses.newkeys->recv.crypt_mode->start(recv_cipher, - recv_IV, recv_key, - ses.newkeys->recv.algo_crypt->keysize, 0, - &ses.newkeys->recv.cipher_state) != CRYPT_OK) { - dropbear_exit("Crypto error"); + if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) { + int recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name); + if (recv_cipher < 0) + dropbear_exit("Crypto error"); + if (ses.newkeys->recv.crypt_mode->start(recv_cipher, + recv_IV, recv_key, + ses.newkeys->recv.algo_crypt->keysize, 0, + &ses.newkeys->recv.cipher_state) != CRYPT_OK) { + dropbear_exit("Crypto error"); + } } - trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name); - if (trans_cipher < 0) - dropbear_exit("Crypto error"); - if (ses.newkeys->trans.crypt_mode->start(trans_cipher, - trans_IV, trans_key, - ses.newkeys->trans.algo_crypt->keysize, 0, - &ses.newkeys->trans.cipher_state) != CRYPT_OK) { - dropbear_exit("Crypto error"); + if (ses.newkeys->trans.algo_crypt->cipherdesc != NULL) { + int trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name); + if (trans_cipher < 0) + dropbear_exit("Crypto error"); + if (ses.newkeys->trans.crypt_mode->start(trans_cipher, + trans_IV, trans_key, + ses.newkeys->trans.algo_crypt->keysize, 0, + &ses.newkeys->trans.cipher_state) != CRYPT_OK) { + dropbear_exit("Crypto error"); + } } - + /* MAC keys */ - hashkeys(ses.newkeys->trans.mackey, - ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter); - hashkeys(ses.newkeys->recv.mackey, - ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter); + if (ses.newkeys->trans.algo_mac->hashdesc != NULL) { + hashkeys(ses.newkeys->trans.mackey, + ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter); + } + if (ses.newkeys->recv.algo_mac->hashdesc != NULL) { + hashkeys(ses.newkeys->recv.mackey, + ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter); + } ses.newkeys->trans.hash_index = find_hash(ses.newkeys->trans.algo_mac->hashdesc->name), ses.newkeys->recv.hash_index = find_hash(ses.newkeys->recv.algo_mac->hashdesc->name), diff -r bd4b5d7886e5 -r a4b7627b3157 options.h --- a/options.h Wed May 16 21:56:50 2012 +0800 +++ b/options.h Wed May 16 22:54:51 2012 +0800 @@ -97,6 +97,18 @@ * size and is recommended for most cases */ #define DROPBEAR_ENABLE_CTR_MODE +/* You can compile with no encryption if you want. In some circumstances + * this could be safe security-wise, though make sure you know what + * you're doing. Anyone can see everything that goes over the wire, so + * the only safe auth method is public key. You'll have to disable all other + * ciphers above in the client if you want to use this, or implement cipher + * prioritisation in cli-runopts. + * + * The best way to do things is probably make normal compile of dropbear with + * all ciphers including "none" as the server, then recompile a special + * "dbclient-insecure" client. */ +/* #define DROPBEAR_NONE_CIPHER */ + /* Message Integrity - at least one required. * Protocol RFC requires sha1 and recommends sha1-96. * sha1-96 is of use for slow links as it has a smaller overhead. @@ -109,13 +121,19 @@ * These hashes are also used for public key fingerprints in logs. * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ - #define DROPBEAR_SHA1_HMAC #define DROPBEAR_SHA1_96_HMAC /*#define DROPBEAR_SHA2_256_HMAC*/ /*#define DROPBEAR_SHA2_512_HMAC*/ #define DROPBEAR_MD5_HMAC +/* You can also disable integrity. Don't bother disabling this if you're + * still using a cipher, it's relatively cheap. If you disable this it's dead + * simple to run arbitrary commands on the remote host. Beware. + * Note again, for the client you will have to disable other hashes above + * to use this. */ +/* #define DROPBEAR_NONE_INTEGRITY */ + /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. * Removing either of these won't save very much space.