summaryrefslogtreecommitdiffhomepage
path: root/common-kex.c
AgeCommit message (Collapse)Author
2020-05-26merge rsa-sha256Matt Johnston
2020-05-25Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)Vladislav Grishenko
* Add Chacha20-Poly1305 authenticated encryption * Add general AEAD approach. * Add chacha20-poly1305@openssh.com algo using LibTomCrypt chacha and poly1305 routines. Chacha20-Poly1305 is generally faster than AES256 on CPU w/o dedicated AES instructions, having the same key size. Compiling in will add ~5,5kB to binary size on x86-64. function old new delta chacha_crypt - 1397 +1397 _poly1305_block - 608 +608 poly1305_done - 595 +595 dropbear_chachapoly_crypt - 457 +457 .rodata 26976 27392 +416 poly1305_process - 290 +290 poly1305_init - 221 +221 chacha_setup - 218 +218 encrypt_packet 1068 1270 +202 dropbear_chachapoly_getlength - 147 +147 decrypt_packet 756 897 +141 chacha_ivctr64 - 137 +137 read_packet 543 637 +94 dropbear_chachapoly_start - 94 +94 read_kex_algos 792 880 +88 chacha_keystream - 69 +69 dropbear_mode_chachapoly - 48 +48 sshciphers 280 320 +40 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_chachapoly_mac - 24 +24 dropbear_chachapoly - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 5388/0) Total: 5388 bytes * Add AES128-GCM and AES256-GCM authenticated encryption * Add general AES-GCM mode. * Add aes128-gcm@openssh.com and aes256-gcm@openssh.com algo using LibTomCrypt gcm routines. AES-GCM is combination of AES CTR mode and GHASH, slower than AES-CTR on CPU w/o dedicated AES/GHASH instructions therefore disabled by default. Compiling in will add ~6kB to binary size on x86-64. function old new delta gcm_process - 1060 +1060 .rodata 26976 27808 +832 gcm_gf_mult - 820 +820 gcm_add_aad - 660 +660 gcm_shift_table - 512 +512 gcm_done - 471 +471 gcm_add_iv - 384 +384 gcm_init - 347 +347 dropbear_gcm_crypt - 309 +309 encrypt_packet 1068 1270 +202 decrypt_packet 756 897 +141 gcm_reset - 118 +118 read_packet 543 637 +94 read_kex_algos 792 880 +88 sshciphers 280 360 +80 gcm_mult_h - 80 +80 dropbear_gcm_start - 62 +62 dropbear_mode_gcm - 48 +48 dropbear_mode_none 24 48 +24 dropbear_mode_ctr 24 48 +24 dropbear_mode_cbc 24 48 +24 dropbear_ghash - 24 +24 dropbear_gcm_getlength - 24 +24 gen_new_keys 848 854 +6 ------------------------------------------------------------------------------ (add/remove: 14/0 grow/shrink: 10/0 up/down: 6434/0) Total: 6434 bytes
2020-05-24send and handle SSH_MSG_EXT_INFO only at the correct pointMatt Johnston
- other fixes for rsa pubkey auth - only include ext-info handling when rsa pubkey auth is compiled
2020-05-21Make server send SSH_MSG_EXT_INFOMatt Johnston
Ensure that only valid hostkey algorithms are sent in the first kex guess
2020-05-19ext-info handling for server-sig-algsMatt Johnston
only client side is handled
2020-04-06use sigtype where appropriateMatt Johnston
2020-03-12Add Ed25519 support (#91)Vladislav Grishenko
* Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys
2018-03-08avoid leak of ecdh public keyMatt Johnston
2018-02-28- #if not #ifdef for DROPBEAR_FUZZMatt Johnston
- fix some unused variables --HG-- branch : fuzz
2018-02-17merge from mainMatt Johnston
--HG-- branch : fuzz
2018-01-23add fuzzer-preauth_nomathsMatt Johnston
--HG-- branch : fuzz
2017-08-19Pointer parameter could be declared as pointing to constFrancois Perrad
2017-06-14merge from mainMatt Johnston
--HG-- branch : fuzz
2017-06-01fix DEBUG_* conditionFrancois Perrad
2017-05-22zlib can use m_malloc/m_free tooMatt Johnston
--HG-- branch : fuzz
2017-05-20glaring wrapfd problems fixedMatt Johnston
--HG-- branch : fuzz
2017-05-20closer to workingMatt Johnston
--HG-- branch : fuzz
2017-05-18merge main to fuzzMatt Johnston
--HG-- branch : fuzz
2017-05-12copy over some fuzzing code from AFL branchMatt Johnston
--HG-- branch : fuzz
2016-05-04Convert #ifdef to #if, other build changesMatt Johnston
2016-03-16fix empty C prototypesFrancois Perrad
2016-03-15Merge branch '20151231_indent' of https://github.com/fperrad/dropbear into ↵Matt Johnston
fperrad-20151231_indent
2016-01-14Move dh group constants to a separate fileMatt Johnston
2016-01-01more hard tabFrancois Perrad
2015-11-25check for zero K value from curve25519Matt Johnston
2015-06-23check ecc key return, fix null pointer crashMatt Johnston
2015-06-04buf_getstring and buf_putstring now use non-unsigned char*Matt Johnston
2015-05-05Turn sshsession's remoteident attribute into char *Gaël PORTAY
2015-05-05Fix pointer differ in signess warnings [-Werror=pointer-sign]Gaël PORTAY
2015-03-01A bit of a bodge to avoid memcpy if zlib is disabledMatt Johnston
--HG-- branch : nocircbuffer
2015-02-10Tighten validation of DH values. Odds of x==0 being generated areMatt Johnston
improbable, roughly 2**-1023 Regression in 0.49
2015-01-28Disable non-delayed zlib for serverMatt Johnston
2015-01-04clear hash state memory after useMatt Johnston
2014-03-13Add new monotonic_now() wrapper so that timeouts are unaffected byMatt Johnston
system clock changes
2014-02-24Make some debug info conditionalMatt Johnston
2014-01-23requirenext doesn't need two valuesMatt Johnston
2014-01-23Fix failing rekeying when we receive a still-in-flight packetMatt Johnston
2014-01-17DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by defaultMatt Johnston
2013-11-14rename random.h to dbrandom.h since some OSes have a system random.hMatt Johnston
--HG-- rename : random.c => dbrandom.c rename : random.h => dbrandom.h
2013-11-14use oldstyle commentsMatt Johnston
2013-11-14- Some fixes for old compilers like tru64 v4 from Daniel Richard G.Matt Johnston
- Don't warn about blocking random device for prngd
2013-11-12Various cleanups and fixes for warningsMatt Johnston
--HG-- branch : ecc
2013-11-08curve25519Matt Johnston
--HG-- branch : ecc
2013-05-23Add m_mp_alloc_init_multi() helperMatt Johnston
--HG-- branch : ecc
2013-05-21merge in HEADMatt Johnston
--HG-- branch : ecc
2013-04-16Fix build when zlib is disabled, fromMatt Johnston
http://freetz.org/browser/trunk/make/dropbear/patches/350-no_zlib_fix.patch
2013-04-14requirenext fixup for firstkexfollowsMatt Johnston
2013-04-14A bit of work on ecdsa for host/auth keysMatt Johnston
--HG-- branch : ecc
2013-04-11Fix zlib for split newkeysMatt Johnston
2013-04-09start on ecdsa keysMatt Johnston
--HG-- branch : ecc