Update insecure-nocrypto to current head

author: Matt Johnston <matt@ucc.asn.au> 2012-05-16 22:54:51 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2012-05-16 22:54:51 +0800
commit: a4ad4f5b3b80d35e956074ef272c007c5a0563f9 (patch)
tree: dfacc591990e9b638ddaf872c37f5a74cf8e08db
parent: 45a3e542b448f44077a52cc25321fc143251158f (diff)
parent: fffc10a0ddccae5976c9886dc2c376f3216c5e67 (diff)
download: dropbear-a4ad4f5b3b80d35e956074ef272c007c5a0563f9.tar.gz
4 files changed, 65 insertions, 28 deletions
diff --git a/cli-auth.c b/cli-auth.c
index cfcf134..b4baf9f 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -257,7 +257,10 @@ void cli_auth_try() {
 #endif
 
 #ifdef ENABLE_CLI_INTERACT_AUTH
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
+	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+		fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
+	}
+	else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
 		if (cli_ses.auth_interact_failed) {
 			finished = 0;
 		} else {
@@ -269,7 +272,10 @@ void cli_auth_try() {
 #endif
 
 #ifdef ENABLE_CLI_PASSWORD_AUTH
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
+	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+		fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
+	}
+	else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		cli_auth_password();
 		finished = 1;
 		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
diff --git a/common-algo.c b/common-algo.c
index e65bd18..4383bca 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -160,6 +160,9 @@ algo_type sshciphers[] = {
 #ifdef DROPBEAR_BLOWFISH
 	{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
 #endif
+#ifdef DROPBEAR_NONE_CIPHER
+	{"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none},
+#endif
 	{NULL, 0, NULL, 0, NULL}
 };
 
@@ -177,7 +180,10 @@ algo_type sshhashes[] = {
 	{"hmac-sha1", 0, &dropbear_sha1, 1, NULL},
 #endif
 #ifdef DROPBEAR_MD5_HMAC
-	{"hmac-md5", 0, &dropbear_md5, 1, NULL},
+	{"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
+#endif
+#ifdef DROPBEAR_NONE_INTEGRITY
+	{"none", 0, (void*)&dropbear_nohash, 1, NULL},
 #endif
 	{NULL, 0, NULL, 0, NULL}
 };
diff --git a/common-kex.c b/common-kex.c
index c53fdf8..bf39ca9 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -293,7 +293,6 @@ void gen_new_keys() {
 	hash_state hs;
 	unsigned int C2S_keysize, S2C_keysize;
 	char mactransletter, macrecvletter; /* Client or server specific */
-	int recv_cipher = 0, trans_cipher = 0;
 
 	TRACE(("enter gen_new_keys"))
 	/* the dh_K and hash are the start of all hashes, we make use of that */
@@ -330,31 +329,39 @@ void gen_new_keys() {
 	hashkeys(C2S_key, C2S_keysize, &hs, 'C');
 	hashkeys(S2C_key, S2C_keysize, &hs, 'D');
 
-	recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
-	if (recv_cipher < 0)
-	    dropbear_exit("Crypto error");
-	if (ses.newkeys->recv.crypt_mode->start(recv_cipher, 
-			recv_IV, recv_key, 
-			ses.newkeys->recv.algo_crypt->keysize, 0, 
-			&ses.newkeys->recv.cipher_state) != CRYPT_OK) {
-		dropbear_exit("Crypto error");
-	}
-
-	trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
-	if (trans_cipher < 0)
-	    dropbear_exit("Crypto error");
-	if (ses.newkeys->trans.crypt_mode->start(trans_cipher, 
-			trans_IV, trans_key, 
-			ses.newkeys->trans.algo_crypt->keysize, 0, 
-			&ses.newkeys->trans.cipher_state) != CRYPT_OK) {
-		dropbear_exit("Crypto error");
+	if (ses.newkeys->recv.algo_crypt->cipherdesc != NULL) {
+		int recv_cipher = find_cipher(ses.newkeys->recv.algo_crypt->cipherdesc->name);
+		if (recv_cipher < 0)
+			dropbear_exit("Crypto error");
+		if (ses.newkeys->recv.crypt_mode->start(recv_cipher, 
+				recv_IV, recv_key, 
+				ses.newkeys->recv.algo_crypt->keysize, 0, 
+				&ses.newkeys->recv.cipher_state) != CRYPT_OK) {
+			dropbear_exit("Crypto error");
+		}
 	}
-	
+
+	if (ses.newkeys->trans.algo_crypt->cipherdesc != NULL) {
+		int trans_cipher = find_cipher(ses.newkeys->trans.algo_crypt->cipherdesc->name);
+		if (trans_cipher < 0)
+			dropbear_exit("Crypto error");
+		if (ses.newkeys->trans.crypt_mode->start(trans_cipher, 
+				trans_IV, trans_key, 
+				ses.newkeys->trans.algo_crypt->keysize, 0, 
+				&ses.newkeys->trans.cipher_state) != CRYPT_OK) {
+			dropbear_exit("Crypto error");
+		}
+	}
+
 	/* MAC keys */
-	hashkeys(ses.newkeys->trans.mackey, 
-			ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter);
-	hashkeys(ses.newkeys->recv.mackey, 
-			ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter);
+	if (ses.newkeys->trans.algo_mac->hashdesc != NULL) {
+		hashkeys(ses.newkeys->trans.mackey, 
+				ses.newkeys->trans.algo_mac->keysize, &hs, mactransletter);
+	}
+	if (ses.newkeys->recv.algo_mac->hashdesc != NULL) {
+		hashkeys(ses.newkeys->recv.mackey, 
+				ses.newkeys->recv.algo_mac->keysize, &hs, macrecvletter);
+	}
 	ses.newkeys->trans.hash_index = find_hash(ses.newkeys->trans.algo_mac->hashdesc->name),
 	ses.newkeys->recv.hash_index = find_hash(ses.newkeys->recv.algo_mac->hashdesc->name),
 
diff --git a/options.h b/options.h
index a2848a5..2350b6b 100644
--- a/options.h
+++ b/options.h
@@ -97,6 +97,18 @@ much traffic. */
  * size and is recommended for most cases */
 #define DROPBEAR_ENABLE_CTR_MODE
 
+/* You can compile with no encryption if you want. In some circumstances
+ * this could be safe security-wise, though make sure you know what
+ * you're doing. Anyone can see everything that goes over the wire, so
+ * the only safe auth method is public key. You'll have to disable all other
+ * ciphers above in the client if you want to use this, or implement cipher
+ * prioritisation in cli-runopts.
+ *
+ * The best way to do things is probably make normal compile of dropbear with
+ * all ciphers including "none" as the server, then recompile a special
+ * "dbclient-insecure" client. */
+/* #define DROPBEAR_NONE_CIPHER */
+
 /* Message Integrity - at least one required.
  * Protocol RFC requires sha1 and recommends sha1-96.
  * sha1-96 is of use for slow links as it has a smaller overhead.
@@ -109,13 +121,19 @@ much traffic. */
  * These hashes are also used for public key fingerprints in logs.
  * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
  * which are not the standard form. */
-
 #define DROPBEAR_SHA1_HMAC
 #define DROPBEAR_SHA1_96_HMAC
 /*#define DROPBEAR_SHA2_256_HMAC*/
 /*#define DROPBEAR_SHA2_512_HMAC*/
 #define DROPBEAR_MD5_HMAC
 
+/* You can also disable integrity. Don't bother disabling this if you're
+ * still using a cipher, it's relatively cheap. If you disable this it's dead
+ * simple to run arbitrary commands on the remote host. Beware.
+ * Note again, for the client you will have to disable other hashes above
+ * to use this. */
+/* #define DROPBEAR_NONE_INTEGRITY */
+
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
  * Removing either of these won't save very much space.
author	Matt Johnston <matt@ucc.asn.au>	2012-05-16 22:54:51 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2012-05-16 22:54:51 +0800
commit	a4ad4f5b3b80d35e956074ef272c007c5a0563f9 (patch)
tree	dfacc591990e9b638ddaf872c37f5a74cf8e08db
parent	45a3e542b448f44077a52cc25321fc143251158f (diff)
parent	fffc10a0ddccae5976c9886dc2c376f3216c5e67 (diff)
download	dropbear-a4ad4f5b3b80d35e956074ef272c007c5a0563f9.tar.gz