From 1632bd4a18be897a35dc2319fd7d5f220c0963d3 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Fri, 23 Sep 2005 16:29:19 +0000 Subject: - a hack for grahame to run dropbear with "none" cipher. DO NOT USE IF YOU DON'T KNOW THE CONSEQUENCES Here is your noose. Use it wisely. --HG-- branch : insecure-nocrypto extra : convert_revision : 88ed2b94d9bfec9a4f661caf592ed01da5eb3b6a --- options.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'options.h') diff --git a/options.h b/options.h index 6285756..86d0518 100644 --- a/options.h +++ b/options.h @@ -65,12 +65,26 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * RFC Draft requires 3DES and recommends AES128 for interoperability. * Including multiple keysize variants the same cipher * (eg AES256 as well as AES128) will result in a minimal size increase.*/ +/* #define DROPBEAR_AES128_CBC #define DROPBEAR_3DES_CBC #define DROPBEAR_AES256_CBC #define DROPBEAR_BLOWFISH_CBC #define DROPBEAR_TWOFISH256_CBC #define DROPBEAR_TWOFISH128_CBC +*/ + +/* You can compile with no encryption if you want. In some circumstances + * this could be safe securitywise, though make sure you know what + * you're doing. Anyone can see everything that goes over the wire, so + * the only safe auth method is public key. You'll have to disable all other + * ciphers above in the client if you want to use this, or implement cipher + * prioritisation in cli-runopts. + * + * The best way to do things is probably make normal compile of dropbear with all + * ciphers including "none" as the server, then recompile a special + * "dbclient-insecure" client. */ +#define DROPBEAR_NONE_CIPHER /* Message Integrity - at least one required. * RFC Draft requires sha1 and recommends sha1-96. @@ -88,6 +102,12 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define DROPBEAR_SHA1_96_HMAC #define DROPBEAR_MD5_HMAC +/* You can also disable integrity. Don't bother disabling this if you're + * still using a cipher, it's relatively cheap. Don't disable this if you're + * using 'none' cipher, since it's dead simple to run arbitrary commands + * on the remote host. Go ahead. Hang yourself with your own rope. */ +/*#define DROPBEAR_NONE_INTEGRITY*/ + /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. * Removing either of these won't save very much space. -- cgit v1.2.3 From 3301bad391f5792e9aa35a01d4e0aa0566fef303 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 2 Oct 2006 06:40:51 +0000 Subject: Comment cleanups --HG-- branch : insecure-nocrypto extra : convert_revision : 0ca38a1cf349f7426ac9de34ebe4c3e3735effab --- options.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'options.h') diff --git a/options.h b/options.h index 61c912c..40dc614 100644 --- a/options.h +++ b/options.h @@ -81,8 +81,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * ciphers above in the client if you want to use this, or implement cipher * prioritisation in cli-runopts. * - * The best way to do things is probably make normal compile of dropbear with all - * ciphers including "none" as the server, then recompile a special + * The best way to do things is probably make normal compile of dropbear with + * all ciphers including "none" as the server, then recompile a special * "dbclient-insecure" client. */ #define DROPBEAR_NONE_CIPHER @@ -105,7 +105,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ /* You can also disable integrity. Don't bother disabling this if you're * still using a cipher, it's relatively cheap. Don't disable this if you're * using 'none' cipher, since it's dead simple to run arbitrary commands - * on the remote host. Go ahead. Hang yourself with your own rope. */ + * on the remote host. Beware. */ /*#define DROPBEAR_NONE_INTEGRITY*/ /* Hostkey/public key algorithms - at least one required, these are used -- cgit v1.2.3 From 1912439526aff3ebb50aaf370b1744ba3d3e8fc5 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 6 Nov 2008 13:33:06 +0000 Subject: Update nocrypto branch to current head --HG-- branch : insecure-nocrypto extra : convert_revision : 9e5e6e33be005d27cd5b3270c574edc45b5c2893 --- common-algo.c | 2 +- common-kex.c | 36 +++++++++++------------------------- options.h | 19 +++++++++++++------ 3 files changed, 25 insertions(+), 32 deletions(-) (limited to 'options.h') diff --git a/common-algo.c b/common-algo.c index 34e9efd..682724e 100644 --- a/common-algo.c +++ b/common-algo.c @@ -151,7 +151,7 @@ algo_type sshciphers[] = { {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, #endif #ifdef DROPBEAR_NONE_CIPHER - {"none", 0, (void*)&dropbear_nocipher, 1}, + {"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none}, #endif {NULL, 0, NULL, 0} }; diff --git a/common-kex.c b/common-kex.c index 479db86..d1503c9 100644 --- a/common-kex.c +++ b/common-kex.c @@ -292,44 +292,30 @@ void gen_new_keys() { hashkeys(C2S_key, C2S_keysize, &hs, 'C'); hashkeys(S2C_key, S2C_keysize, &hs, 'D'); - recv_cipher = find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name); - if (recv_cipher < 0) - dropbear_exit("crypto error"); - if (ses.newkeys->recv_crypt_mode->start(recv_cipher, - recv_IV, recv_key, - ses.newkeys->recv_algo_crypt->keysize, 0, - &ses.newkeys->recv_cipher_state) != CRYPT_OK) { - dropbear_exit("crypto error"); - } - - trans_cipher = find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name); - if (trans_cipher < 0) - dropbear_exit("crypto error"); - if (ses.newkeys->trans_crypt_mode->start(trans_cipher, - trans_IV, trans_key, - ses.newkeys->trans_algo_crypt->keysize, 0, - &ses.newkeys->trans_cipher_state) != CRYPT_OK) { - dropbear_exit("crypto error"); if (ses.newkeys->recv_algo_crypt->cipherdesc != NULL) { - if (cbc_start( - find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name), + recv_cipher = find_cipher(ses.newkeys->recv_algo_crypt->cipherdesc->name); + if (recv_cipher < 0) + dropbear_exit("crypto error"); + if (ses.newkeys->recv_crypt_mode->start(recv_cipher, recv_IV, recv_key, ses.newkeys->recv_algo_crypt->keysize, 0, - &ses.newkeys->recv_symmetric_struct) != CRYPT_OK) { + &ses.newkeys->recv_cipher_state) != CRYPT_OK) { dropbear_exit("crypto error"); } } if (ses.newkeys->trans_algo_crypt->cipherdesc != NULL) { - if (cbc_start( - find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name), + trans_cipher = find_cipher(ses.newkeys->trans_algo_crypt->cipherdesc->name); + if (trans_cipher < 0) + dropbear_exit("crypto error"); + if (ses.newkeys->trans_crypt_mode->start(trans_cipher, trans_IV, trans_key, ses.newkeys->trans_algo_crypt->keysize, 0, - &ses.newkeys->trans_symmetric_struct) != CRYPT_OK) { + &ses.newkeys->trans_cipher_state) != CRYPT_OK) { dropbear_exit("crypto error"); } } - + /* MAC keys */ if (ses.newkeys->trans_algo_mac->hashdesc != NULL) { hashkeys(ses.newkeys->transmackey, diff --git a/options.h b/options.h index 7fd61a4..58204f8 100644 --- a/options.h +++ b/options.h @@ -82,17 +82,15 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * Protocol RFC requires 3DES and recommends AES128 for interoperability. * Including multiple keysize variants the same cipher * (eg AES256 as well as AES128) will result in a minimal size increase.*/ +/* #define DROPBEAR_AES128 #define DROPBEAR_3DES #define DROPBEAR_AES256 #define DROPBEAR_BLOWFISH #define DROPBEAR_TWOFISH256 #define DROPBEAR_TWOFISH128 +*/ -/* Enable "Counter Mode" for ciphers. This is more secure than normal - * CBC mode against certain attacks. This adds around 1kB to binary - * size and is recommended for most cases */ -#define DROPBEAR_ENABLE_CTR_MODE /* You can compile with no encryption if you want. In some circumstances * this could be safe securitywise, though make sure you know what * you're doing. Anyone can see everything that goes over the wire, so @@ -105,6 +103,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * "dbclient-insecure" client. */ #define DROPBEAR_NONE_CIPHER +/* Enable "Counter Mode" for ciphers. This is more secure than normal + * CBC mode against certain attacks. This adds around 1kB to binary + * size and is recommended for most cases */ +#define DROPBEAR_ENABLE_CTR_MODE + /* Message Integrity - at least one required. * Protocol RFC requires sha1 and recommends sha1-96. * sha1-96 may be of use for slow links, as it has a smaller overhead. @@ -117,15 +120,19 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * These hashes are also used for public key fingerprints in logs. * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ +/* #define DROPBEAR_SHA1_HMAC #define DROPBEAR_SHA1_96_HMAC #define DROPBEAR_MD5_HMAC +*/ /* You can also disable integrity. Don't bother disabling this if you're * still using a cipher, it's relatively cheap. Don't disable this if you're * using 'none' cipher, since it's dead simple to run arbitrary commands - * on the remote host. Beware. */ -/*#define DROPBEAR_NONE_INTEGRITY*/ + * on the remote host. Beware. + * Note again, for the client you will have to disable other hashes above + * to use this. */ +#define DROPBEAR_NONE_INTEGRITY /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. -- cgit v1.2.3