Mercurial > dropbear
changeset 762:a78a38e402d1 ecc
- Fix various hardcoded uses of SHA1
- rename curves to nistp256 etc
- fix svr-auth.c TRACE problem
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 08 Apr 2013 00:10:57 +0800 |
parents | ac2158e3e403 |
children | f744321ac048 |
files | bignum.c bignum.h cli-authpubkey.c common-algo.c common-kex.c ecc.c ecc.h svr-auth.c svr-authpubkey.c sysoptions.h |
diffstat | 10 files changed, 47 insertions(+), 51 deletions(-) [+] |
line wrap: on
line diff
--- a/bignum.c Sun Apr 07 01:36:42 2013 +0800 +++ b/bignum.c Mon Apr 08 00:10:57 2013 +0800 @@ -60,7 +60,8 @@ } /* hash the ssh representation of the mp_int mp */ -void sha1_process_mp(hash_state *hs, mp_int *mp) { +void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, + hash_state *hs, mp_int *mp) { int i; buffer * buf; @@ -68,8 +69,6 @@ buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, plus header + some leeway*/ buf_putmpint(buf, mp); - i = buf->pos; - buf_setpos(buf, 0); - sha1_process(hs, buf_getptr(buf, i), i); + hash_desc->process(hs, buf->data, buf->len); buf_free(buf); }
--- a/bignum.h Sun Apr 07 01:36:42 2013 +0800 +++ b/bignum.h Mon Apr 08 00:10:57 2013 +0800 @@ -30,6 +30,7 @@ void m_mp_init(mp_int *mp); void m_mp_init_multi(mp_int *mp, ...); void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len); -void sha1_process_mp(hash_state *hs, mp_int *mp); +void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, + hash_state *hs, mp_int *mp); #endif /* _BIGNUM_H_ */
--- a/cli-authpubkey.c Sun Apr 07 01:36:42 2013 +0800 +++ b/cli-authpubkey.c Mon Apr 08 00:10:57 2013 +0800 @@ -169,7 +169,7 @@ TRACE(("realsign")) /* We put the signature as well - this contains string(session id), then * the contents of the write payload to this point */ - sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len); + sigbuf = buf_new(4 + ses.session_id->len + ses.writepayload->len); buf_putbufstring(sigbuf, ses.session_id); buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len); cli_buf_put_sign(ses.writepayload, key, type, sigbuf);
--- a/common-algo.c Sun Apr 07 01:36:42 2013 +0800 +++ b/common-algo.c Mon Apr 08 00:10:57 2013 +0800 @@ -227,13 +227,13 @@ #ifdef DROPBEAR_ECDH #ifdef DROPBEAR_ECC_256 -static struct dropbear_kex kex_ecdh_secp256r1 = {NULL, 0, &ecc_curve_secp256r1, &sha256_desc }; +static struct dropbear_kex kex_ecdh_nistp256 = {NULL, 0, &ecc_curve_nistp256, &sha256_desc }; #endif #ifdef DROPBEAR_ECC_384 -static struct dropbear_kex kex_ecdh_secp384r1 = {NULL, 0, &ecc_curve_secp384r1, &sha384_desc }; +static struct dropbear_kex kex_ecdh_nistp384 = {NULL, 0, &ecc_curve_nistp384, &sha384_desc }; #endif #ifdef DROPBEAR_ECC_521 -static struct dropbear_kex kex_ecdh_secp521r1 = {NULL, 0, &ecc_curve_secp521r1, &sha512_desc }; +static struct dropbear_kex kex_ecdh_nistp521 = {NULL, 0, &ecc_curve_nistp521, &sha512_desc }; #endif #endif // DROPBEAR_ECDH @@ -241,13 +241,13 @@ algo_type sshkex[] = { #ifdef DROPBEAR_ECDH #ifdef DROPBEAR_ECC_256 - {"ecdh-sha2-secp256r1", 0, &kex_ecdh_secp256r1, 1, NULL}, + {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, #endif #ifdef DROPBEAR_ECC_384 - {"ecdh-sha2-secp384r1", 0, &kex_ecdh_secp384r1, 1, NULL}, + {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL}, #endif #ifdef DROPBEAR_ECC_521 - {"ecdh-sha2-secp521r1", 0, &kex_ecdh_secp521r1, 1, NULL}, + {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL}, #endif #endif {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
--- a/common-kex.c Sun Apr 07 01:36:42 2013 +0800 +++ b/common-kex.c Mon Apr 08 00:10:57 2013 +0800 @@ -85,8 +85,8 @@ #endif static void read_kex_algos(); /* helper function for gen_new_keys */ -static void hashkeys(unsigned char *out, int outlen, - const hash_state * hs, unsigned const char X); +static void hashkeys(unsigned char *out, unsigned int outlen, + const hash_state * hs, const unsigned char X); static void finish_kexhashbuf(void); @@ -251,26 +251,28 @@ * out must have at least min(SHA1_HASH_SIZE, outlen) bytes allocated. * * See Section 7.2 of rfc4253 (ssh transport) for details */ -static void hashkeys(unsigned char *out, int outlen, +static void hashkeys(unsigned char *out, unsigned int outlen, const hash_state * hs, const unsigned char X) { + const struct ltc_hash_descriptor *hashdesc = ses.newkeys->algo_kex->hashdesc; hash_state hs2; - int offset; + unsigned int offset; + unsigned char tmpout[hashdesc->hashsize]; memcpy(&hs2, hs, sizeof(hash_state)); - sha1_process(&hs2, &X, 1); - sha1_process(&hs2, ses.session_id->data, ses.session_id->len); - sha1_done(&hs2, out); - for (offset = SHA1_HASH_SIZE; + hashdesc->process(&hs2, &X, 1); + hashdesc->process(&hs2, ses.session_id->data, ses.session_id->len); + hashdesc->done(&hs2, tmpout); + memcpy(out, tmpout, MIN(hashdesc->hashsize, outlen)); + for (offset = hashdesc->hashsize; offset < outlen; - offset += SHA1_HASH_SIZE) + offset += hashdesc->hashsize) { /* need to extend */ - unsigned char k2[SHA1_HASH_SIZE]; memcpy(&hs2, hs, sizeof(hash_state)); - sha1_process(&hs2, out, offset); - sha1_done(&hs2, k2); - memcpy(&out[offset], k2, MIN(outlen - offset, SHA1_HASH_SIZE)); + hashdesc->process(&hs2, out, offset); + hashdesc->done(&hs2, tmpout); + memcpy(&out[offset], tmpout, MIN(outlen - offset, hashdesc->hashsize)); } } @@ -292,14 +294,14 @@ unsigned char *trans_IV, *trans_key, *recv_IV, *recv_key; hash_state hs; - unsigned int C2S_keysize, S2C_keysize; + const struct ltc_hash_descriptor *hashdesc = ses.newkeys->algo_kex->hashdesc; char mactransletter, macrecvletter; /* Client or server specific */ TRACE(("enter gen_new_keys")) /* the dh_K and hash are the start of all hashes, we make use of that */ - sha1_init(&hs); - sha1_process_mp(&hs, ses.dh_K); + hashdesc->init(&hs); + hash_process_mp(hashdesc, &hs, ses.dh_K); mp_clear(ses.dh_K); m_free(ses.dh_K); sha1_process(&hs, ses.hash->data, ses.hash->len); @@ -312,8 +314,6 @@ recv_IV = S2C_IV; trans_key = C2S_key; recv_key = S2C_key; - C2S_keysize = ses.newkeys->trans.algo_crypt->keysize; - S2C_keysize = ses.newkeys->recv.algo_crypt->keysize; mactransletter = 'E'; macrecvletter = 'F'; } else { @@ -321,16 +321,14 @@ recv_IV = C2S_IV; trans_key = S2C_key; recv_key = C2S_key; - C2S_keysize = ses.newkeys->recv.algo_crypt->keysize; - S2C_keysize = ses.newkeys->trans.algo_crypt->keysize; mactransletter = 'F'; macrecvletter = 'E'; } - hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A'); - hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B'); - hashkeys(C2S_key, C2S_keysize, &hs, 'C'); - hashkeys(S2C_key, S2C_keysize, &hs, 'D'); + hashkeys(C2S_IV, sizeof(C2S_IV), &hs, 'A'); + hashkeys(S2C_IV, sizeof(S2C_IV), &hs, 'B'); + hashkeys(C2S_key, sizeof(C2S_key), &hs, 'C'); + hashkeys(S2C_key, sizeof(S2C_key), &hs, 'D'); if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) { int recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
--- a/ecc.c Sun Apr 07 01:36:42 2013 +0800 +++ b/ecc.c Mon Apr 08 00:10:57 2013 +0800 @@ -9,24 +9,24 @@ // TODO: use raw bytes for the dp rather than the hex strings in libtomcrypt's ecc.c #ifdef DROPBEAR_ECC_256 -const struct dropbear_ecc_curve ecc_curve_secp256r1 = { +const struct dropbear_ecc_curve ecc_curve_nistp256 = { .dp = <c_ecc_sets[0], .hash_desc = &sha256_desc, - .name = "secp256r1" + .name = "nistp256" }; #endif #ifdef DROPBEAR_ECC_384 -const struct dropbear_ecc_curve ecc_curve_secp384r1 = { +const struct dropbear_ecc_curve ecc_curve_nistp384 = { .dp = <c_ecc_sets[1], .hash_desc = &sha384_desc, - .name = "secp384r1" + .name = "nistp384" }; #endif #ifdef DROPBEAR_ECC_521 -const struct dropbear_ecc_curve ecc_curve_secp521r1 = { +const struct dropbear_ecc_curve ecc_curve_nistp521 = { .dp = <c_ecc_sets[2], .hash_desc = &sha512_desc, - .name = "secp521r1" + .name = "nistp521" }; #endif @@ -35,7 +35,7 @@ key->pubkey.x = m_malloc(sizeof(mp_int)); key->pubkey.y = m_malloc(sizeof(mp_int)); key->pubkey.z = m_malloc(sizeof(mp_int)); - key->k = m_malloc(sizeof(mp_init)); + key->k = m_malloc(sizeof(mp_int)); m_mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); return key; }
--- a/ecc.h Sun Apr 07 01:36:42 2013 +0800 +++ b/ecc.h Mon Apr 08 00:10:57 2013 +0800 @@ -14,9 +14,9 @@ const char *name; }; -extern const struct dropbear_ecc_curve ecc_curve_secp256r1; -extern const struct dropbear_ecc_curve ecc_curve_secp384r1; -extern const struct dropbear_ecc_curve ecc_curve_secp521r1; +extern const struct dropbear_ecc_curve ecc_curve_nistp256; +extern const struct dropbear_ecc_curve ecc_curve_nistp384; +extern const struct dropbear_ecc_curve ecc_curve_nistp521; // "pubkey" refers to a point, but LTC uses ecc_key structure for both public // and private keys
--- a/svr-auth.c Sun Apr 07 01:36:42 2013 +0800 +++ b/svr-auth.c Mon Apr 08 00:10:57 2013 +0800 @@ -332,8 +332,7 @@ buf_putbufstring(ses.writepayload, typebuf); TRACE(("auth fail: methods %d, '%.*s'", ses.authstate.authtypes, - typebuf->len, - buf_getptr(typebuf, typebuf->len))); + typebuf->len, typebuf->data)) buf_free(typebuf);
--- a/svr-authpubkey.c Sun Apr 07 01:36:42 2013 +0800 +++ b/svr-authpubkey.c Mon Apr 08 00:10:57 2013 +0800 @@ -125,7 +125,7 @@ /* create the data which has been signed - this a string containing * session_id, concatenated with the payload packet up to the signature */ - signbuf = buf_new(ses.payload->pos + 4 + SHA1_HASH_SIZE); + signbuf = buf_new(ses.payload->pos + 4 + ses.session_id->len); buf_putbufstring(signbuf, ses.session_id); buf_putbytes(signbuf, ses.payload->data, ses.payload->pos); buf_setpos(signbuf, 0);
--- a/sysoptions.h Sun Apr 07 01:36:42 2013 +0800 +++ b/sysoptions.h Mon Apr 08 00:10:57 2013 +0800 @@ -74,8 +74,7 @@ #define MD5_HASH_SIZE 16 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ -#define MAX_IV_LEN 20 /* must be same as max blocksize, - and >= SHA1_HASH_SIZE */ +#define MAX_IV_LEN 20 /* must be same as max blocksize, */ #if defined(DROPBEAR_SHA2_512_HMAC) #define MAX_MAC_LEN 64