changeset 1294:56aba7dedbea

options for disabling "normal" DH
author Matt Johnston <matt@ucc.asn.au>
date Mon, 02 May 2016 23:48:16 +0200
parents dc8f7997f10f
children 750ec4ec4cbe
files algo.h cli-kex.c common-algo.c keyimport.c options.h svr-kex.c sysoptions.h
diffstat 7 files changed, 57 insertions(+), 27 deletions(-) [+]
line wrap: on
line diff
--- a/algo.h	Mon May 02 17:03:55 2016 +0200
+++ b/algo.h	Mon May 02 23:48:16 2016 +0200
@@ -83,9 +83,15 @@
 };
 
 enum dropbear_kex_mode {
+#if DROPBEAR_NORMAL_DH
 	DROPBEAR_KEX_NORMAL_DH,
+#endif
+#ifdef DROPBEAR_ECDH
 	DROPBEAR_KEX_ECDH,
+#endif
+#ifdef DROPBEAR_CURVE25519
 	DROPBEAR_KEX_CURVE25519,
+#endif
 };
 
 struct dropbear_kex {
--- a/cli-kex.c	Mon May 02 17:03:55 2016 +0200
+++ b/cli-kex.c	Mon May 02 23:48:16 2016 +0200
@@ -48,6 +48,7 @@
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.dh_param) {
@@ -58,8 +59,9 @@
 			}
 			buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
 			break;
+#endif
+#ifdef DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.ecdh_param) {
 				if (cli_ses.ecdh_param) {
@@ -68,8 +70,8 @@
 				cli_ses.ecdh_param = gen_kexecdh_param();
 			}
 			buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
+			break;
 #endif
-			break;
 #ifdef DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
@@ -80,8 +82,8 @@
 				cli_ses.curve25519_param = gen_kexcurve25519_param();
 			}
 			buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
+			break;
 #endif
-			break;
 	}
 
 	cli_ses.param_kex_algo = ses.newkeys->algo_kex;
@@ -118,6 +120,7 @@
 	}
 
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			{
 			DEF_MP_INT(dh_f);
@@ -131,15 +134,16 @@
 			mp_clear(&dh_f);
 			}
 			break;
+#endif
+#ifdef DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
 			{
 			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
 			kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
+			break;
 #endif
-			break;
 #ifdef DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			{
@@ -147,8 +151,8 @@
 			kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
+			break;
 #endif
-			break;
 	}
 
 	if (cli_ses.dh_param) {
--- a/common-algo.c	Mon May 02 17:03:55 2016 +0200
+++ b/common-algo.c	Mon May 02 23:48:16 2016 +0200
@@ -251,12 +251,12 @@
 #if DROPBEAR_DH_GROUP1
 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
 #endif
-#if DROPBEAR_DH_GROUP14
+#if DROPBEAR_DH_GROUP14_SHA1
 static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
-#if DROPBEAR_DH_GROUP14_256
+#endif
+#if DROPBEAR_DH_GROUP14_SHA256
 static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
 #endif
-#endif
 #if DROPBEAR_DH_GROUP16
 static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
 #endif
@@ -295,12 +295,12 @@
 	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
-#if DROPBEAR_DH_GROUP14
-#if DROPBEAR_DH_GROUP14_256
+#if DROPBEAR_DH_GROUP14_SHA1
+	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
+#endif
+#if DROPBEAR_DH_GROUP14_SHA256
 	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
 #endif
-	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
-#endif
 #if DROPBEAR_DH_GROUP1
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
 #endif
@@ -349,6 +349,7 @@
 		}
 	}
 	buf_putstring(buf, (const char*)algolist->data, algolist->len);
+	TRACE(("algolist add '%*s'", algolist->len, algolist->data))
 	buf_free(algolist);
 }
 
--- a/keyimport.c	Mon May 02 17:03:55 2016 +0200
+++ b/keyimport.c	Mon May 02 23:48:16 2016 +0200
@@ -36,9 +36,11 @@
 #include "dbutil.h"
 #include "ecc.h"
 
+#ifdef DROPBEAR_ECDSA
 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
+#endif
 
 #define PUT_32BIT(cp, value) do { \
   (cp)[3] = (unsigned char)(value); \
--- a/options.h	Mon May 02 17:03:55 2016 +0200
+++ b/options.h	Mon May 02 23:48:16 2016 +0200
@@ -150,7 +150,7 @@
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
  * code (either ECDSA or ECDH) increases binary size - around 30kB
  * on x86-64 */
-#define DROPBEAR_ECDSA
+//#define DROPBEAR_ECDSA
 
 /* Generate hostkeys as-needed when the first connection using that key type occurs.
    This avoids the need to otherwise run "dropbearkey" and avoids some problems
@@ -169,18 +169,19 @@
 #define DROPBEAR_ECDH
 
 /* Key exchange algorithm.
+ * group14_sha1 - 2048 bit, sha1
+ * group14_sha256 - 2048 bit, sha2-256
+ * group16 - 4096 bit, sha2-512
  * group1 - 1024 bit, sha1
- * group14 - 2048 bit, sha1
- * group14_256 - 2048 bit, sha2-256
- * group16 - 4096 bit, sha2-512
  *
  * group14 is supported by most implementations.
- * group16 provides a greater strength but is slower and increases binary size
- * group1 is necessary if compatibility with Dropbear versions < 0.53 is required
+ * group16 provides a greater strength level but is slower and increases binary size
+ * group1 is too small for security though is necessary if you need 
+     compatibility with some implementations such as Dropbear versions < 0.53
  */ 
 #define DROPBEAR_DH_GROUP1 1
-#define DROPBEAR_DH_GROUP14 1
-#define DROPBEAR_DH_GROUP14_256 1
+#define DROPBEAR_DH_GROUP14_SHA1 1
+#define DROPBEAR_DH_GROUP14_SHA256 1
 #define DROPBEAR_DH_GROUP16 0
 
 /* Control the memory/performance/compression tradeoff for zlib.
--- a/svr-kex.c	Mon May 02 17:03:55 2016 +0200
+++ b/svr-kex.c	Mon May 02 23:48:16 2016 +0200
@@ -54,18 +54,24 @@
 	}
 
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			m_mp_init(&dh_e);
 			if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) {
 				dropbear_exit("Bad kex value");
 			}
 			break;
+#endif
+#ifdef DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
+#endif
+#ifdef DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
+#endif
 #if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519)
 			ecdh_qs = buf_getstringbuf(ses.payload);
+			break;
 #endif
-			break;
 	}
 	if (ses.payload->pos != ses.payload->len) {
 		dropbear_exit("Bad kex value");
@@ -221,6 +227,7 @@
 			ses.newkeys->algo_hostkey);
 
 	switch (ses.newkeys->algo_kex->mode) {
+#ifdef DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			{
 			struct kex_dh_param * dh_param = gen_kexdh_param();
@@ -231,8 +238,9 @@
 			free_kexdh_param(dh_param);
 			}
 			break;
+#endif
+#ifdef DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
 			{
 			struct kex_ecdh_param *ecdh_param = gen_kexecdh_param();
 			kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
@@ -240,18 +248,18 @@
 			buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key);
 			free_kexecdh_param(ecdh_param);
 			}
+			break;
 #endif
-			break;
+#ifdef DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
-#ifdef DROPBEAR_CURVE25519
 			{
 			struct kex_curve25519_param *param = gen_kexcurve25519_param();
 			kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey);
 			buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN);
 			free_kexcurve25519_param(param);
 			}
+			break;
 #endif
-			break;
 	}
 
 	/* calc the signature */
--- a/sysoptions.h	Mon May 02 17:03:55 2016 +0200
+++ b/sysoptions.h	Mon May 02 23:48:16 2016 +0200
@@ -113,7 +113,7 @@
 #define RSA_BLINDING
 
 /* hashes which will be linked and registered */
-#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14
+#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14_SHA256
 #define DROPBEAR_SHA256
 #endif
 #if defined(DROPBEAR_ECC_384)
@@ -127,6 +127,14 @@
 #define DROPBEAR_MD5
 #endif
 
+ #if DROPBEAR_DH_GROUP14_SHA256 || DROPBEAR_DH_GROUP14_SHA1
+ #define DROPBEAR_DH_GROUP14 1
+ #endif
+
+#if DROPBEAR_DH_GROUP1 || DROPBEAR_DH_GROUP14 || DROPBEAR_DH_GROUP16
+#define DROPBEAR_NORMAL_DH 1
+#endif
+
 /* roughly 2x 521 bits */
 #define MAX_ECC_SIZE 140