From 5996c3824c52425c2d4f3d7cb69f0c9fa81a33b8 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 23 Mar 2013 23:16:06 +0800
Subject: Add ~. and ~^Z handling to exit/suspend dbclient

---
 sysoptions.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sysoptions.h')

diff --git a/sysoptions.h b/sysoptions.h
index 2d93e7b..8c591ea 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -54,6 +54,8 @@
 
 #define _PATH_CP "/bin/cp"
 
+#define DROPBEAR_ESCAPE_CHAR '~'
+
 /* success/failure defines */
 #define DROPBEAR_SUCCESS 0
 #define DROPBEAR_FAILURE -1
-- 
cgit v1.2.3


From 484516da516037d37747319e9b7cff91bffb6a4a Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 31 Mar 2013 23:48:25 +0800
Subject: Send an auth packet straight away, save another roundtrip

This needs a bit of testing to make sure it doesn't have side-effects.
---
 cli-auth.c   | 9 +++++----
 sysoptions.h | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'sysoptions.h')

diff --git a/cli-auth.c b/cli-auth.c
index 321cbf3..7dc101f 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -40,11 +40,12 @@ void cli_authinitialise() {
 
 /* Send a "none" auth request to get available methods */
 void cli_auth_getmethods() {
-
 	TRACE(("enter cli_auth_getmethods"))
-
+#ifdef CLI_IMMEDIATE_AUTH
+	ses.authstate.authtypes = AUTH_TYPE_PUBKEY | AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
+	cli_auth_try();
+#else
 	CHECKCLEARTOWRITE();
-
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
 	buf_putstring(ses.writepayload, cli_opts.username, 
 			strlen(cli_opts.username));
@@ -53,8 +54,8 @@ void cli_auth_getmethods() {
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
 
 	encrypt_packet();
+#endif
 	TRACE(("leave cli_auth_getmethods"))
-
 }
 
 void recv_msg_userauth_banner() {
diff --git a/sysoptions.h b/sysoptions.h
index 8c591ea..6e60294 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -188,6 +188,9 @@
 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
 #endif
 
+/* Send an auth request straight away rather than trying "none" type to get a list */
+#define CLI_IMMEDIATE_AUTH
+
 /* Changing this is inadvisable, it appears to have problems
  * with flushing compressed data */
 #define DROPBEAR_ZLIB_MEM_LEVEL 8
-- 
cgit v1.2.3


From 78fbed8c3eda1d7f3e0ffa41b54cd3c6ae31a0fe Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 3 Apr 2013 00:32:55 +0800
Subject: Don't usually need to recalculate dh_e for the repeated kexdh_init
 packet

--HG--
branch : kexguess
---
 cli-kex.c     | 17 +++++++++++++----
 cli-session.c | 10 +++++++---
 common-algo.c |  2 +-
 session.h     |  1 +
 sysoptions.h  |  5 +++--
 5 files changed, 25 insertions(+), 10 deletions(-)

(limited to 'sysoptions.h')

diff --git a/cli-kex.c b/cli-kex.c
index 833529a..1158aa6 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -43,11 +43,19 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen);
 
 void send_msg_kexdh_init() {
 	TRACE(("send_msg_kexdh_init()"))	
-	cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
-	cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+	if ((cli_ses.dh_e && cli_ses.dh_x 
+				&& cli_ses.dh_val_algo == ses.newkeys->algo_kex)) {
+		TRACE(("reusing existing dh_e from first_kex_packet_follows"))
+	} else {
+		if (!cli_ses.dh_e || !cli_ses.dh_e) {
+			cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
+			cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
+			m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+		}
 
-	gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
+		gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
+		cli_ses.dh_val_algo = ses.newkeys->algo_kex;
+	}
 
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
@@ -99,6 +107,7 @@ void recv_msg_kexdh_reply() {
 	mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
 	m_free(cli_ses.dh_e);
 	m_free(cli_ses.dh_x);
+	cli_ses.dh_val_algo = DROPBEAR_KEX_NONE;
 
 	if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE) 
 			!= DROPBEAR_SUCCESS) {
diff --git a/cli-session.c b/cli-session.c
index 600827f..9e64281 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -182,6 +182,11 @@ static void cli_sessionloop() {
 
 	TRACE2(("enter cli_sessionloop"))
 
+	if (ses.lastpacket == 0) {
+		TRACE2(("exit cli_sessionloop: no real packets yet"))
+		return;
+	}
+
 	if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) {
 		/* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT
 		 * negotiation would have failed. */
@@ -206,10 +211,9 @@ static void cli_sessionloop() {
 		return;
 	}
 
-	/* We should exit if we haven't donefirstkex: we shouldn't reach here
-	 * in normal operation */
 	if (ses.kexstate.donefirstkex == 0) {
-		TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex"))
+		/* We might reach here if we have partial packet reads or have
+		 * received SSG_MSG_IGNORE etc. Just skip it */
 		return;
 	}
 
diff --git a/common-algo.c b/common-algo.c
index 8267852..b698611 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -214,8 +214,8 @@ algo_type sshhostkey[] = {
 };
 
 algo_type sshkex[] = {
-	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
 	{"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL},
+	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
 	{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
 	{NULL, 0, NULL, 0, NULL}
 };
diff --git a/session.h b/session.h
index 33c1539..9bbeac4 100644
--- a/session.h
+++ b/session.h
@@ -241,6 +241,7 @@ typedef enum {
 struct clientsession {
 
 	mp_int *dh_e, *dh_x; /* Used during KEX */
+	int dh_val_algo; /* KEX algorithm corresponding to current dh_e and dh_x */
 	cli_kex_state kex_state; /* Used for progressing KEX */
 	cli_state state; /* Used to progress auth/channelsession etc */
 	unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */
diff --git a/sysoptions.h b/sysoptions.h
index 6e60294..4d648c1 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -61,8 +61,9 @@
 #define DROPBEAR_FAILURE -1
 
 /* various algorithm identifiers */
-#define DROPBEAR_KEX_DH_GROUP1 0
-#define DROPBEAR_KEX_DH_GROUP14 1
+#define DROPBEAR_KEX_NONE 0
+#define DROPBEAR_KEX_DH_GROUP1 1
+#define DROPBEAR_KEX_DH_GROUP14 2
 
 #define DROPBEAR_SIGNKEY_ANY 0
 #define DROPBEAR_SIGNKEY_RSA 1
-- 
cgit v1.2.3


From cbd3d5e3a535111b4cd6736d6aff432a252845d2 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Wed, 3 Apr 2013 00:43:31 +0800
Subject: Put some #ifdef options around first-follows options in case they
 need to be disabled

--HG--
branch : kexguess
---
 cli-session.c | 5 ++++-
 common-algo.c | 2 ++
 common-kex.c  | 4 ++++
 sysoptions.h  | 9 +++++++++
 4 files changed, 19 insertions(+), 1 deletion(-)

(limited to 'sysoptions.h')

diff --git a/cli-session.c b/cli-session.c
index 9e64281..32b7ac7 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -110,11 +110,12 @@ void cli_session(int sock_in, int sock_out) {
 
 }
 
+#ifdef USE_KEX_FIRST_FOLLOWS
 static void cli_send_kex_first_guess() {
 	send_msg_kexdh_init();
 	dropbear_log(LOG_INFO, "kexdh_init guess sent");
-	//cli_ses.kex_state = KEXDH_INIT_SENT;			
 }
+#endif
 
 static void cli_session_init() {
 
@@ -155,7 +156,9 @@ static void cli_session_init() {
 
 	ses.isserver = 0;
 
+#ifdef USE_KEX_FIRST_FOLLOWS
 	ses.send_kex_first_guess = cli_send_kex_first_guess;
+#endif
 
 }
 
diff --git a/common-algo.c b/common-algo.c
index b698611..c74463c 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -216,7 +216,9 @@ algo_type sshhostkey[] = {
 algo_type sshkex[] = {
 	{"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL},
 	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
+#ifdef USE_KEXGUESS2
 	{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
+#endif
 	{NULL, 0, NULL, 0, NULL}
 };
 
diff --git a/common-kex.c b/common-kex.c
index eb1fd7b..6c22600 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -692,7 +692,11 @@ static void read_kex_algos() {
 
 	memset(ses.newkeys, 0x0, sizeof(*ses.newkeys));
 
+#ifdef USE_KEXGUESS2
 	enum kexguess2_used kexguess2 = KEXGUESS2_LOOK;
+#else
+	enum kexguess2_used kexguess2 = KEXGUESS2_NO;
+#endif
 
 	/* kex_algorithms */
 	algo = buf_match_algo(ses.payload, sshkex, &kexguess2, &goodguess);
diff --git a/sysoptions.h b/sysoptions.h
index 4d648c1..22c2a4d 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -23,6 +23,15 @@
 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
 #endif
 
+/* A client should try and send an initial key exchange packet guessing
+ * the algorithm that will match - saves a round trip connecting, has little
+ * overhead if the guess was "wrong". */
+#define USE_KEX_FIRST_FOLLOWS
+/* Use protocol extension to allow "first follows" to succeed more frequently.
+ * This is currently Dropbear-specific but will gracefully fallback when connecting
+ * to other implementations. */
+#define USE_KEXGUESS2
+
 /* Minimum key sizes for DSS and RSA */
 #ifndef MIN_DSS_KEYLEN
 #define MIN_DSS_KEYLEN 512
-- 
cgit v1.2.3