diff options
author | Matt Johnston <matt@ucc.asn.au> | 2008-11-06 13:16:55 +0000 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2008-11-06 13:16:55 +0000 |
commit | b668b98b8cb2040e59c71c4923af6d804ba7d425 (patch) | |
tree | df044012cc8a0c94635a4469c3078d0e14497c3d | |
parent | 1b54cad5acb03cb40e8910de0f4d152130a6a33e (diff) | |
parent | ede51d0fd62347cdad210f4ed325a69a88969235 (diff) | |
download | dropbear-b668b98b8cb2040e59c71c4923af6d804ba7d425.tar.gz |
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
-rw-r--r-- | cli-auth.c | 10 | ||||
-rw-r--r-- | common-algo.c | 12 | ||||
-rw-r--r-- | common-kex.c | 30 | ||||
-rw-r--r-- | options.h | 17 |
4 files changed, 60 insertions, 9 deletions
@@ -253,7 +253,10 @@ void cli_auth_try() { #endif #ifdef ENABLE_CLI_INTERACT_AUTH - if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { + if (ses.keys->trans_algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); + } + else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { if (cli_ses.auth_interact_failed) { finished = 0; } else { @@ -265,7 +268,10 @@ void cli_auth_try() { #endif #ifdef ENABLE_CLI_PASSWORD_AUTH - if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { + if (ses.keys->trans_algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); + } + else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { cli_auth_password(); finished = 1; cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; diff --git a/common-algo.c b/common-algo.c index 8863367..34e9efd 100644 --- a/common-algo.c +++ b/common-algo.c @@ -150,7 +150,10 @@ algo_type sshciphers[] = { #ifdef DROPBEAR_BLOWFISH {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, #endif - {NULL, 0, NULL, 0, NULL} +#ifdef DROPBEAR_NONE_CIPHER + {"none", 0, (void*)&dropbear_nocipher, 1}, +#endif + {NULL, 0, NULL, 0} }; algo_type sshhashes[] = { @@ -161,9 +164,12 @@ algo_type sshhashes[] = { {"hmac-sha1", 0, &dropbear_sha1, 1, NULL}, #endif #ifdef DROPBEAR_MD5_HMAC - {"hmac-md5", 0, &dropbear_md5, 1, NULL}, + {"hmac-md5", 0, (void*)&dropbear_md5, 1}, #endif - {NULL, 0, NULL, 0, NULL} +#ifdef DROPBEAR_NONE_INTEGRITY + {"none", 0, (void*)&dropbear_nohash, 1}, +#endif + {NULL, 0, NULL, 0} }; algo_type sshcompress[] = { diff --git a/common-kex.c b/common-kex.c index c62516c..479db86 100644 --- a/common-kex.c +++ b/common-kex.c @@ -310,13 +310,35 @@ void gen_new_keys() { ses.newkeys->trans_algo_crypt->keysize, 0, &ses.newkeys->trans_cipher_state) != CRYPT_OK) { dropbear_exit("crypto error"); + if (ses.newkeys->recv_algo_crypt->cipherdesc != NULL) { + if (cbc_start( + find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name), + recv_IV, recv_key, + ses.newkeys->recv_algo_crypt->keysize, 0, + &ses.newkeys->recv_symmetric_struct) != CRYPT_OK) { + dropbear_exit("crypto error"); + } + } + + if (ses.newkeys->trans_algo_crypt->cipherdesc != NULL) { + if (cbc_start( + find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name), + trans_IV, trans_key, + ses.newkeys->trans_algo_crypt->keysize, 0, + &ses.newkeys->trans_symmetric_struct) != CRYPT_OK) { + dropbear_exit("crypto error"); + } } /* MAC keys */ - hashkeys(ses.newkeys->transmackey, - ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter); - hashkeys(ses.newkeys->recvmackey, - ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter); + if (ses.newkeys->trans_algo_mac->hashdesc != NULL) { + hashkeys(ses.newkeys->transmackey, + ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter); + } + if (ses.newkeys->recv_algo_mac->hashdesc != NULL) { + hashkeys(ses.newkeys->recvmackey, + ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter); + } #ifndef DISABLE_ZLIB gen_new_zstreams(); @@ -93,6 +93,17 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * CBC mode against certain attacks. This adds around 1kB to binary * size and is recommended for most cases */ #define DROPBEAR_ENABLE_CTR_MODE +/* You can compile with no encryption if you want. In some circumstances + * this could be safe securitywise, though make sure you know what + * you're doing. Anyone can see everything that goes over the wire, so + * the only safe auth method is public key. You'll have to disable all other + * ciphers above in the client if you want to use this, or implement cipher + * prioritisation in cli-runopts. + * + * The best way to do things is probably make normal compile of dropbear with + * all ciphers including "none" as the server, then recompile a special + * "dbclient-insecure" client. */ +#define DROPBEAR_NONE_CIPHER /* Message Integrity - at least one required. * Protocol RFC requires sha1 and recommends sha1-96. @@ -110,6 +121,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define DROPBEAR_SHA1_96_HMAC #define DROPBEAR_MD5_HMAC +/* You can also disable integrity. Don't bother disabling this if you're + * still using a cipher, it's relatively cheap. Don't disable this if you're + * using 'none' cipher, since it's dead simple to run arbitrary commands + * on the remote host. Beware. */ +/*#define DROPBEAR_NONE_INTEGRITY*/ + /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. * Removing either of these won't save very much space. |