Mercurial > dropbear

changeset 511:582cb38e4eb5 insecure-nocrypto

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a) to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 06 Nov 2008 13:16:55 +0000
parents 461c4b1fb35f (diff) b85507ade010 (current diff)
children 0129fd8ccc71
files cli-auth.c common-algo.c common-kex.c libtomcrypt/src/headers/ltc_tommath.h libtomcrypt/src/headers/tommath_class.h libtomcrypt/src/headers/tommath_superclass.h libtomcrypt/src/misc/mpi/is_prime.c libtomcrypt/src/misc/mpi/mpi_to_ltc_error.c libtomcrypt/src/misc/mpi/rand_prime.c libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence.c libtomcrypt/src/pk/dh/dh.c libtomcrypt/src/pk/dh/dh_sys.c libtomcrypt/src/pk/ecc/ecc_sys.c libtomcrypt/src/pk/packet_store_header.c libtomcrypt/src/pk/packet_valid_header.c libtomcrypt/testprof/dh_tests.c libtomcrypt/testprof/test.c libtommath/TODO libtommath/logs/sqr.old options.h
diffstat 4 files changed, 60 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/cli-auth.c	Wed Nov 05 14:14:40 2008 +0000
+++ b/cli-auth.c	Thu Nov 06 13:16:55 2008 +0000
@@ -253,7 +253,10 @@
 #endif
 
 #ifdef ENABLE_CLI_INTERACT_AUTH
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
+	if (ses.keys->trans_algo_crypt->cipherdesc == NULL) {
+		fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
+	}
+	else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
 		if (cli_ses.auth_interact_failed) {
 			finished = 0;
 		} else {
@@ -265,7 +268,10 @@
 #endif
 
 #ifdef ENABLE_CLI_PASSWORD_AUTH
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
+	if (ses.keys->trans_algo_crypt->cipherdesc == NULL) {
+		fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
+	}
+	else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		cli_auth_password();
 		finished = 1;
 		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
--- a/common-algo.c	Wed Nov 05 14:14:40 2008 +0000
+++ b/common-algo.c	Thu Nov 06 13:16:55 2008 +0000
@@ -150,7 +150,10 @@
 #ifdef DROPBEAR_BLOWFISH
 	{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
 #endif
-	{NULL, 0, NULL, 0, NULL}
+#ifdef DROPBEAR_NONE_CIPHER
+	{"none", 0, (void*)&dropbear_nocipher, 1},
+#endif
+	{NULL, 0, NULL, 0}
 };
 
 algo_type sshhashes[] = {
@@ -161,9 +164,12 @@
 	{"hmac-sha1", 0, &dropbear_sha1, 1, NULL},
 #endif
 #ifdef DROPBEAR_MD5_HMAC
-	{"hmac-md5", 0, &dropbear_md5, 1, NULL},
+	{"hmac-md5", 0, (void*)&dropbear_md5, 1},
 #endif
-	{NULL, 0, NULL, 0, NULL}
+#ifdef DROPBEAR_NONE_INTEGRITY
+	{"none", 0, (void*)&dropbear_nohash, 1},
+#endif
+	{NULL, 0, NULL, 0}
 };
 
 algo_type sshcompress[] = {
--- a/common-kex.c	Wed Nov 05 14:14:40 2008 +0000
+++ b/common-kex.c	Thu Nov 06 13:16:55 2008 +0000
@@ -310,13 +310,35 @@
 			ses.newkeys->trans_algo_crypt->keysize, 0, 
 			&ses.newkeys->trans_cipher_state) != CRYPT_OK) {
 		dropbear_exit("crypto error");
+	if (ses.newkeys->recv_algo_crypt->cipherdesc != NULL) {
+		if (cbc_start(
+			find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name),
+				recv_IV, recv_key, 
+				ses.newkeys->recv_algo_crypt->keysize, 0, 
+				&ses.newkeys->recv_symmetric_struct) != CRYPT_OK) {
+			dropbear_exit("crypto error");
+		}
+	}
+
+	if (ses.newkeys->trans_algo_crypt->cipherdesc != NULL) {
+		if (cbc_start(
+			find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name),
+				trans_IV, trans_key, 
+				ses.newkeys->trans_algo_crypt->keysize, 0, 
+				&ses.newkeys->trans_symmetric_struct) != CRYPT_OK) {
+			dropbear_exit("crypto error");
+		}
 	}
 	
 	/* MAC keys */
-	hashkeys(ses.newkeys->transmackey, 
-			ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter);
-	hashkeys(ses.newkeys->recvmackey, 
-			ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter);
+	if (ses.newkeys->trans_algo_mac->hashdesc != NULL) {
+		hashkeys(ses.newkeys->transmackey, 
+				ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter);
+	}
+	if (ses.newkeys->recv_algo_mac->hashdesc != NULL) {
+		hashkeys(ses.newkeys->recvmackey, 
+				ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter);
+	}
 
 #ifndef DISABLE_ZLIB
 	gen_new_zstreams();
--- a/options.h	Wed Nov 05 14:14:40 2008 +0000
+++ b/options.h	Thu Nov 06 13:16:55 2008 +0000
@@ -93,6 +93,17 @@
  * CBC mode against certain attacks. This adds around 1kB to binary 
  * size and is recommended for most cases */
 #define DROPBEAR_ENABLE_CTR_MODE
+/* You can compile with no encryption if you want. In some circumstances
+ * this could be safe securitywise, though make sure you know what
+ * you're doing. Anyone can see everything that goes over the wire, so
+ * the only safe auth method is public key. You'll have to disable all other
+ * ciphers above in the client if you want to use this, or implement cipher
+ * prioritisation in cli-runopts.
+ *
+ * The best way to do things is probably make normal compile of dropbear with
+ * all ciphers including "none" as the server, then recompile a special
+ * "dbclient-insecure" client. */
+#define DROPBEAR_NONE_CIPHER
 
 /* Message Integrity - at least one required.
  * Protocol RFC requires sha1 and recommends sha1-96.
@@ -110,6 +121,12 @@
 #define DROPBEAR_SHA1_96_HMAC
 #define DROPBEAR_MD5_HMAC
 
+/* You can also disable integrity. Don't bother disabling this if you're
+ * still using a cipher, it's relatively cheap. Don't disable this if you're
+ * using 'none' cipher, since it's dead simple to run arbitrary commands
+ * on the remote host. Beware. */
+/*#define DROPBEAR_NONE_INTEGRITY*/
+
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
  * Removing either of these won't save very much space.