options for disabling "normal" DH

author: Matt Johnston <matt@ucc.asn.au> 2016-05-02 23:48:16 +0200
committer: Matt Johnston <matt@ucc.asn.au> 2016-05-02 23:48:16 +0200
commit: d6daad29fcfc20295473bf7e6a96f3016282e9e6 (patch)
tree: 5ac3e533fca2a1141509e16de6f73e2905e45e23
parent: 4664ce2c35e69ff79949eff178be1720bf288ddc (diff)
7 files changed, 57 insertions, 27 deletions
diff --git a/algo.h b/algo.h
index 49c4f41..17b0072 100644
--- a/algo.h
+++ b/algo.h
@@ -83,9 +83,15 @@ struct dropbear_hash {
 };
 
 enum dropbear_kex_mode {
+#if DROPBEAR_NORMAL_DH
 	DROPBEAR_KEX_NORMAL_DH,
+#endif
+#ifdef DROPBEAR_ECDH
 	DROPBEAR_KEX_ECDH,
+#endif
+#ifdef DROPBEAR_CURVE25519
 	DROPBEAR_KEX_CURVE25519,
+#endif
 };
 
 struct dropbear_kex {
diff --git a/cli-kex.c b/cli-kex.c
index 936b95c..8f8fb2a 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -48,6 +48,7 @@ void send_msg_kexdh_init() {
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.dh_param) {
@@ -58,8 +59,9 @@ void send_msg_kexdh_init() {
 			}
 			buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
 			break;
-		case DROPBEAR_KEX_ECDH:
+#endif
 #ifdef DROPBEAR_ECDH
+		case DROPBEAR_KEX_ECDH:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.ecdh_param) {
 				if (cli_ses.ecdh_param) {
@@ -68,8 +70,8 @@ void send_msg_kexdh_init() {
 				cli_ses.ecdh_param = gen_kexecdh_param();
 			}
 			buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
-#endif
 			break;
+#endif
 #ifdef DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
@@ -80,8 +82,8 @@ void send_msg_kexdh_init() {
 				cli_ses.curve25519_param = gen_kexcurve25519_param();
 			}
 			buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
-#endif
 			break;
+#endif
 	}
 
 	cli_ses.param_kex_algo = ses.newkeys->algo_kex;
@@ -118,6 +120,7 @@ void recv_msg_kexdh_reply() {
 	}
 
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			{
 			DEF_MP_INT(dh_f);
@@ -131,15 +134,16 @@ void recv_msg_kexdh_reply() {
 			mp_clear(&dh_f);
 			}
 			break;
-		case DROPBEAR_KEX_ECDH:
+#endif
 #ifdef DROPBEAR_ECDH
+		case DROPBEAR_KEX_ECDH:
 			{
 			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
 			kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
-#endif
 			break;
+#endif
 #ifdef DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			{
@@ -147,8 +151,8 @@ void recv_msg_kexdh_reply() {
 			kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
-#endif
 			break;
+#endif
 	}
 
 	if (cli_ses.dh_param) {
diff --git a/common-algo.c b/common-algo.c
index 10d60c9..eb0b1e1 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -251,11 +251,11 @@ algo_type sshhostkey[] = {
 #if DROPBEAR_DH_GROUP1
 static const struct dropbear_kex kex_dh_group1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
 #endif
-#if DROPBEAR_DH_GROUP14
+#if DROPBEAR_DH_GROUP14_SHA1
 static const struct dropbear_kex kex_dh_group14_sha1 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
-#if DROPBEAR_DH_GROUP14_256
-static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
 #endif
+#if DROPBEAR_DH_GROUP14_SHA256
+static const struct dropbear_kex kex_dh_group14_sha256 = {DROPBEAR_KEX_NORMAL_DH, dh_p_14, DH_P_14_LEN, NULL, &sha256_desc };
 #endif
 #if DROPBEAR_DH_GROUP16
 static const struct dropbear_kex kex_dh_group16_sha512 = {DROPBEAR_KEX_NORMAL_DH, dh_p_16, DH_P_16_LEN, NULL, &sha512_desc };
@@ -295,12 +295,12 @@ algo_type sshkex[] = {
 	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
-#if DROPBEAR_DH_GROUP14
-#if DROPBEAR_DH_GROUP14_256
-	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
-#endif
+#if DROPBEAR_DH_GROUP14_SHA1
 	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
 #endif
+#if DROPBEAR_DH_GROUP14_SHA256
+	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
+#endif
 #if DROPBEAR_DH_GROUP1
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
 #endif
@@ -349,6 +349,7 @@ void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
 		}
 	}
 	buf_putstring(buf, (const char*)algolist->data, algolist->len);
+	TRACE(("algolist add '%*s'", algolist->len, algolist->data))
 	buf_free(algolist);
 }
 
diff --git a/keyimport.c b/keyimport.c
index 66a6df7..f7e4c8e 100644
--- a/keyimport.c
+++ b/keyimport.c
@@ -36,9 +36,11 @@
 #include "dbutil.h"
 #include "ecc.h"
 
+#ifdef DROPBEAR_ECDSA
 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
+#endif
 
 #define PUT_32BIT(cp, value) do { \
   (cp)[3] = (unsigned char)(value); \
diff --git a/options.h b/options.h
index 89b68be..6ddc130 100644
--- a/options.h
+++ b/options.h
@@ -150,7 +150,7 @@ If you test it please contact the Dropbear author */
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
  * code (either ECDSA or ECDH) increases binary size - around 30kB
  * on x86-64 */
-#define DROPBEAR_ECDSA
+//#define DROPBEAR_ECDSA
 
 /* Generate hostkeys as-needed when the first connection using that key type occurs.
    This avoids the need to otherwise run "dropbearkey" and avoids some problems
@@ -169,18 +169,19 @@ If you test it please contact the Dropbear author */
 #define DROPBEAR_ECDH
 
 /* Key exchange algorithm.
- * group1 - 1024 bit, sha1
- * group14 - 2048 bit, sha1
- * group14_256 - 2048 bit, sha2-256
+ * group14_sha1 - 2048 bit, sha1
+ * group14_sha256 - 2048 bit, sha2-256
  * group16 - 4096 bit, sha2-512
+ * group1 - 1024 bit, sha1
  *
  * group14 is supported by most implementations.
- * group16 provides a greater strength but is slower and increases binary size
- * group1 is necessary if compatibility with Dropbear versions < 0.53 is required
+ * group16 provides a greater strength level but is slower and increases binary size
+ * group1 is too small for security though is necessary if you need 
+     compatibility with some implementations such as Dropbear versions < 0.53
  */ 
 #define DROPBEAR_DH_GROUP1 1
-#define DROPBEAR_DH_GROUP14 1
-#define DROPBEAR_DH_GROUP14_256 1
+#define DROPBEAR_DH_GROUP14_SHA1 1
+#define DROPBEAR_DH_GROUP14_SHA256 1
 #define DROPBEAR_DH_GROUP16 0
 
 /* Control the memory/performance/compression tradeoff for zlib.
diff --git a/svr-kex.c b/svr-kex.c
index f3828aa..dae0212 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -54,18 +54,24 @@ void recv_msg_kexdh_init() {
 	}
 
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			m_mp_init(&dh_e);
 			if (buf_getmpint(ses.payload, &dh_e) != DROPBEAR_SUCCESS) {
 				dropbear_exit("Bad kex value");
 			}
 			break;
+#endif
+#ifdef DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
+#endif
+#ifdef DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
+#endif
 #if defined(DROPBEAR_ECDH) || defined(DROPBEAR_CURVE25519)
 			ecdh_qs = buf_getstringbuf(ses.payload);
-#endif
 			break;
+#endif
 	}
 	if (ses.payload->pos != ses.payload->len) {
 		dropbear_exit("Bad kex value");
@@ -221,6 +227,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
 			ses.newkeys->algo_hostkey);
 
 	switch (ses.newkeys->algo_kex->mode) {
+#ifdef DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			{
 			struct kex_dh_param * dh_param = gen_kexdh_param();
@@ -231,8 +238,9 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
 			free_kexdh_param(dh_param);
 			}
 			break;
-		case DROPBEAR_KEX_ECDH:
+#endif
 #ifdef DROPBEAR_ECDH
+		case DROPBEAR_KEX_ECDH:
 			{
 			struct kex_ecdh_param *ecdh_param = gen_kexecdh_param();
 			kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
@@ -240,18 +248,18 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) {
 			buf_put_ecc_raw_pubkey_string(ses.writepayload, &ecdh_param->key);
 			free_kexecdh_param(ecdh_param);
 			}
-#endif
 			break;
-		case DROPBEAR_KEX_CURVE25519:
+#endif
 #ifdef DROPBEAR_CURVE25519
+		case DROPBEAR_KEX_CURVE25519:
 			{
 			struct kex_curve25519_param *param = gen_kexcurve25519_param();
 			kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey);
 			buf_putstring(ses.writepayload, (const char*)param->pub, CURVE25519_LEN);
 			free_kexcurve25519_param(param);
 			}
-#endif
 			break;
+#endif
 	}
 
 	/* calc the signature */
diff --git a/sysoptions.h b/sysoptions.h
index 6bebce9..08b2a31 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -113,7 +113,7 @@
 #define RSA_BLINDING
 
 /* hashes which will be linked and registered */
-#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14
+#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519) || DROPBEAR_DH_GROUP14_SHA256
 #define DROPBEAR_SHA256
 #endif
 #if defined(DROPBEAR_ECC_384)
@@ -127,6 +127,14 @@
 #define DROPBEAR_MD5
 #endif
 
+ #if DROPBEAR_DH_GROUP14_SHA256 || DROPBEAR_DH_GROUP14_SHA1
+ #define DROPBEAR_DH_GROUP14 1
+ #endif
+
+#if DROPBEAR_DH_GROUP1 || DROPBEAR_DH_GROUP14 || DROPBEAR_DH_GROUP16
+#define DROPBEAR_NORMAL_DH 1
+#endif
+
 /* roughly 2x 521 bits */
 #define MAX_ECC_SIZE 140
author	Matt Johnston <matt@ucc.asn.au>	2016-05-02 23:48:16 +0200
committer	Matt Johnston <matt@ucc.asn.au>	2016-05-02 23:48:16 +0200
commit	d6daad29fcfc20295473bf7e6a96f3016282e9e6 (patch)
tree	5ac3e533fca2a1141509e16de6f73e2905e45e23
parent	4664ce2c35e69ff79949eff178be1720bf288ddc (diff)