← Back to branch summary

~ubuntu-branches/ubuntu/vivid/dropbear/vivid-proposed

« back to all changes in this revision

Viewing changes to common-algo.c

  • Committer: Package Import Robot
  • Author(s): Mattia Rizzolo
  • Date: 2014-08-12 11:04:21 UTC
  • mfrom: (14.1.10 sid)
  • Revision ID: package-import@ubuntu.com-20140812110421-4s76v0605k6uuvxv
Tags: 2014.65-1ubuntu1
https://launchpad.net/bugs/1355670
* Merge from Debian unstable. (LP: #1355670) Remaining changes:
  + debian/initramfs/premount-devpts, debian/rules: drop the script, this is
    handled by initramfs-tools.
  + debian/initramfs/dropbear-hook: do not install dropbear in the initramfs
    if there's no uncommented line in /etc/crypttab.
  + debian/initramfs/premout-dropbear: fix so that the network configuration
    happens before dropbear takes hold of the network card.

Show diffs side-by-side

added added

removed removed

Lines of Context:
common-algo.c
23
23
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24
24
 * SOFTWARE. */
25
25
 
 
26
#include "includes.h"
26
27
#include "algo.h"
27
28
#include "session.h"
28
29
#include "dbutil.h"
 
30
#include "kex.h"
 
31
#include "ltc_prng.h"
 
32
#include "ecc.h"
29
33
 
30
34
/* This file (algo.c) organises the ciphers which can be used, and is used to
31
35
 * decide which ciphers/hashes/compression/signing to use during key exchange*/
32
36
 
33
37
static int void_cipher(const unsigned char* in, unsigned char* out,
34
 
                unsigned long len, void *cipher_state) {
 
38
                unsigned long len, void* UNUSED(cipher_state)) {
35
39
        if (in != out) {
36
40
                memmove(out, in, len);
37
41
        }
38
42
        return CRYPT_OK;
39
43
}
40
44
 
41
 
static int void_start(int cipher, const unsigned char *IV, 
42
 
                        const unsigned char *key, 
43
 
                        int keylen, int num_rounds, void *cipher_state) {
 
45
static int void_start(int UNUSED(cipher), const unsigned char* UNUSED(IV), 
 
46
                        const unsigned char* UNUSED(key), 
 
47
                        int UNUSED(keylen), int UNUSED(num_rounds), void* UNUSED(cipher_state)) {
44
48
        return CRYPT_OK;
45
49
}
46
50
 
204
208
};
205
209
 
206
210
algo_type sshhostkey[] = {
 
211
#ifdef DROPBEAR_ECDSA
 
212
#ifdef DROPBEAR_ECC_256
 
213
        {"ecdsa-sha2-nistp256", DROPBEAR_SIGNKEY_ECDSA_NISTP256, NULL, 1, NULL},
 
214
#endif
 
215
#ifdef DROPBEAR_ECC_384
 
216
        {"ecdsa-sha2-nistp384", DROPBEAR_SIGNKEY_ECDSA_NISTP384, NULL, 1, NULL},
 
217
#endif
 
218
#ifdef DROPBEAR_ECC_521
 
219
        {"ecdsa-sha2-nistp521", DROPBEAR_SIGNKEY_ECDSA_NISTP521, NULL, 1, NULL},
 
220
#endif
 
221
#endif
207
222
#ifdef DROPBEAR_RSA
208
223
        {"ssh-rsa", DROPBEAR_SIGNKEY_RSA, NULL, 1, NULL},
209
224
#endif
213
228
        {NULL, 0, NULL, 0, NULL}
214
229
};
215
230
 
 
231
static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
 
232
static const struct dropbear_kex kex_dh_group14 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
 
233
 
 
234
/* These can't be const since dropbear_ecc_fill_dp() fills out
 
235
 ecc_curve at runtime */
 
236
#ifdef DROPBEAR_ECDH
 
237
#ifdef DROPBEAR_ECC_256
 
238
static struct dropbear_kex kex_ecdh_nistp256 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp256, &sha256_desc };
 
239
#endif
 
240
#ifdef DROPBEAR_ECC_384
 
241
static struct dropbear_kex kex_ecdh_nistp384 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp384, &sha384_desc };
 
242
#endif
 
243
#ifdef DROPBEAR_ECC_521
 
244
static struct dropbear_kex kex_ecdh_nistp521 = {DROPBEAR_KEX_ECDH, NULL, 0, &ecc_curve_nistp521, &sha512_desc };
 
245
#endif
 
246
#endif /* DROPBEAR_ECDH */
 
247
 
 
248
#ifdef DROPBEAR_CURVE25519
 
249
/* Referred to directly */
 
250
static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL, 0, NULL, &sha256_desc };
 
251
#endif
 
252
 
216
253
algo_type sshkex[] = {
217
 
        {"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
218
 
        {"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL},
 
254
#ifdef DROPBEAR_CURVE25519
 
255
        {"curve25519-sha256@libssh.org", 0, &kex_curve25519, 1, NULL},
 
256
#endif
 
257
#ifdef DROPBEAR_ECDH
 
258
#ifdef DROPBEAR_ECC_521
 
259
        {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
 
260
#endif
 
261
#ifdef DROPBEAR_ECC_384
 
262
        {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
 
263
#endif
 
264
#ifdef DROPBEAR_ECC_256
 
265
        {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 
266
#endif
 
267
#endif
 
268
        {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
 
269
        {"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL},
219
270
#ifdef USE_KEXGUESS2
220
271
        {KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
221
272
#endif
222
273
        {NULL, 0, NULL, 0, NULL}
223
274
};
224
275
 
225
 
 
226
 
/* Register the compiled in ciphers.
227
 
 * This should be run before using any of the ciphers/hashes */
228
 
void crypto_init() {
229
 
 
230
 
        const struct ltc_cipher_descriptor *regciphers[] = {
231
 
#ifdef DROPBEAR_AES
232
 
                &aes_desc,
233
 
#endif
234
 
#ifdef DROPBEAR_BLOWFISH
235
 
                &blowfish_desc,
236
 
#endif
237
 
#ifdef DROPBEAR_TWOFISH
238
 
                &twofish_desc,
239
 
#endif
240
 
#ifdef DROPBEAR_3DES
241
 
                &des3_desc,
242
 
#endif
243
 
                NULL
244
 
        };
245
 
 
246
 
        const struct ltc_hash_descriptor *reghashes[] = {
247
 
                /* we need sha1 for hostkey stuff regardless */
248
 
                &sha1_desc,
249
 
#ifdef DROPBEAR_MD5_HMAC
250
 
                &md5_desc,
251
 
#endif
252
 
#ifdef DROPBEAR_SHA2_256_HMAC
253
 
                &sha256_desc,
254
 
#endif
255
 
#ifdef DROPBEAR_SHA2_512_HMAC
256
 
                &sha512_desc,
257
 
#endif
258
 
                NULL
259
 
        };      
260
 
        int i;
261
 
        
262
 
        for (i = 0; regciphers[i] != NULL; i++) {
263
 
                if (register_cipher(regciphers[i]) == -1) {
264
 
                        dropbear_exit("Error registering crypto");
265
 
                }
266
 
        }
267
 
 
268
 
        for (i = 0; reghashes[i] != NULL; i++) {
269
 
                if (register_hash(reghashes[i]) == -1) {
270
 
                        dropbear_exit("Error registering crypto");
271
 
                }
272
 
        }
273
 
}
274
 
 
275
276
/* algolen specifies the length of algo, algos is our local list to match
276
277
 * against.
277
278
 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
297
298
        unsigned int donefirst = 0;
298
299
        buffer *algolist = NULL;
299
300
 
300
 
        algolist = buf_new(160);
 
301
        algolist = buf_new(200);
301
302
        for (i = 0; localalgos[i].name != NULL; i++) {
302
303
                if (localalgos[i].usable) {
303
304
                        if (donefirst)
394
395
        for (i = 0; i < clicount; i++) {
395
396
                for (j = 0; j < servcount; j++) {
396
397
                        if (!(servnames[j] && clinames[i])) {
397
 
                                // unusable algos are NULL
 
398
                                /* unusable algos are NULL */
398
399
                                continue;
399
400
                        }
400
401
                        if (strcmp(servnames[j], clinames[i]) == 0) {
457
458
        return 0;
458
459
}
459
460
 
460
 
#endif // DROPBEAR_NONE_CIPHER
 
461
#endif /* DROPBEAR_NONE_CIPHER */
461
462
 
462
463
#ifdef ENABLE_USER_ALGO_LIST
463
464
 
538
539
        memcpy(algos, new_algos, sizeof(*new_algos) * (num_ret+1));
539
540
        return num_ret;
540
541
}
541
 
#endif // ENABLE_USER_ALGO_LIST
 
542
#endif /* ENABLE_USER_ALGO_LIST */