From d9760d08650c2d250a4a3f8e988446f5403a5727 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Fri, 23 Sep 2005 16:29:19 +0000 Subject: - a hack for grahame to run dropbear with "none" cipher. DO NOT USE IF YOU DON'T KNOW THE CONSEQUENCES Here is your noose. Use it wisely. --- cli-auth.c | 10 ++++++++-- common-algo.c | 6 ++++++ common-kex.c | 40 ++++++++++++++++++++++++---------------- options.h | 20 ++++++++++++++++++++ 4 files changed, 58 insertions(+), 18 deletions(-) diff --git a/cli-auth.c b/cli-auth.c index 6a6d53a..c9aace1 100644 --- a/cli-auth.c +++ b/cli-auth.c @@ -251,7 +251,10 @@ void cli_auth_try() { #endif #ifdef ENABLE_CLI_INTERACT_AUTH - if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { + if (ses.keys->trans_algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); + } + else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { if (cli_ses.auth_interact_failed) { finished = 0; } else { @@ -263,7 +266,10 @@ void cli_auth_try() { #endif #ifdef ENABLE_CLI_PASSWORD_AUTH - if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { + if (ses.keys->trans_algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); + } + else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { cli_auth_password(); finished = 1; cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; diff --git a/common-algo.c b/common-algo.c index 6ce1a37..8282360 100644 --- a/common-algo.c +++ b/common-algo.c @@ -102,6 +102,9 @@ algo_type sshciphers[] = { #endif #ifdef DROPBEAR_BLOWFISH_CBC {"blowfish-cbc", 0, (void*)&dropbear_blowfish, 1}, +#endif +#ifdef DROPBEAR_NONE_CIPHER + {"none", 0, (void*)&dropbear_nocipher, 1}, #endif {NULL, 0, NULL, 0} }; @@ -115,6 +118,9 @@ algo_type sshhashes[] = { #endif #ifdef DROPBEAR_MD5_HMAC {"hmac-md5", 0, (void*)&dropbear_md5, 1}, +#endif +#ifdef DROPBEAR_NONE_INTEGRITY + {"none", 0, (void*)&dropbear_nohash, 1}, #endif {NULL, 0, NULL, 0} }; diff --git a/common-kex.c b/common-kex.c index f325329..ac48699 100644 --- a/common-kex.c +++ b/common-kex.c @@ -298,27 +298,35 @@ void gen_new_keys() { hashkeys(C2S_key, C2S_keysize, &hs, 'C'); hashkeys(S2C_key, S2C_keysize, &hs, 'D'); - if (cbc_start( - find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name), - recv_IV, recv_key, - ses.newkeys->recv_algo_crypt->keysize, 0, - &ses.newkeys->recv_symmetric_struct) != CRYPT_OK) { - dropbear_exit("crypto error"); + if (ses.newkeys->recv_algo_crypt->cipherdesc != NULL) { + if (cbc_start( + find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name), + recv_IV, recv_key, + ses.newkeys->recv_algo_crypt->keysize, 0, + &ses.newkeys->recv_symmetric_struct) != CRYPT_OK) { + dropbear_exit("crypto error"); + } } - if (cbc_start( - find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name), - trans_IV, trans_key, - ses.newkeys->trans_algo_crypt->keysize, 0, - &ses.newkeys->trans_symmetric_struct) != CRYPT_OK) { - dropbear_exit("crypto error"); + if (ses.newkeys->trans_algo_crypt->cipherdesc != NULL) { + if (cbc_start( + find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name), + trans_IV, trans_key, + ses.newkeys->trans_algo_crypt->keysize, 0, + &ses.newkeys->trans_symmetric_struct) != CRYPT_OK) { + dropbear_exit("crypto error"); + } } /* MAC keys */ - hashkeys(ses.newkeys->transmackey, - ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter); - hashkeys(ses.newkeys->recvmackey, - ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter); + if (ses.newkeys->trans_algo_mac->hashdesc != NULL) { + hashkeys(ses.newkeys->transmackey, + ses.newkeys->trans_algo_mac->keysize, &hs, mactransletter); + } + if (ses.newkeys->recv_algo_mac->hashdesc != NULL) { + hashkeys(ses.newkeys->recvmackey, + ses.newkeys->recv_algo_mac->keysize, &hs, macrecvletter); + } #ifndef DISABLE_ZLIB gen_new_zstreams(); diff --git a/options.h b/options.h index 6285756..86d0518 100644 --- a/options.h +++ b/options.h @@ -65,12 +65,26 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * RFC Draft requires 3DES and recommends AES128 for interoperability. * Including multiple keysize variants the same cipher * (eg AES256 as well as AES128) will result in a minimal size increase.*/ +/* #define DROPBEAR_AES128_CBC #define DROPBEAR_3DES_CBC #define DROPBEAR_AES256_CBC #define DROPBEAR_BLOWFISH_CBC #define DROPBEAR_TWOFISH256_CBC #define DROPBEAR_TWOFISH128_CBC +*/ + +/* You can compile with no encryption if you want. In some circumstances + * this could be safe securitywise, though make sure you know what + * you're doing. Anyone can see everything that goes over the wire, so + * the only safe auth method is public key. You'll have to disable all other + * ciphers above in the client if you want to use this, or implement cipher + * prioritisation in cli-runopts. + * + * The best way to do things is probably make normal compile of dropbear with all + * ciphers including "none" as the server, then recompile a special + * "dbclient-insecure" client. */ +#define DROPBEAR_NONE_CIPHER /* Message Integrity - at least one required. * RFC Draft requires sha1 and recommends sha1-96. @@ -88,6 +102,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define DROPBEAR_SHA1_96_HMAC #define DROPBEAR_MD5_HMAC +/* You can also disable integrity. Don't bother disabling this if you're + * still using a cipher, it's relatively cheap. Don't disable this if you're + * using 'none' cipher, since it's dead simple to run arbitrary commands + * on the remote host. Go ahead. Hang yourself with your own rope. */ +/*#define DROPBEAR_NONE_INTEGRITY*/ + /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. * Removing either of these won't save very much space. -- cgit v1.2.1