From e6aee24a1e3be68417e1ac4ab4a02c65bf9db637 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 28 Apr 2020 11:04:59 +0200
Subject: [PATCH] Add basic support for none cipher and MACs

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 CMakeLists.txt           |  1 +
 DefineOptions.cmake      |  7 ++++++-
 config.h.cmake           |  3 +++
 include/libssh/wrapper.h |  3 ++-
 src/kex.c                | 14 ++++++++++----
 src/libcrypto.c          | 20 ++++++++++++++++++++
 src/libgcrypt.c          | 20 ++++++++++++++++++++
 src/libmbedcrypto.c      | 20 ++++++++++++++++++++
 src/wrapper.c            |  3 +++
 9 files changed, 85 insertions(+), 6 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b3335225..2dc8118f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -228,6 +228,7 @@ message(STATUS "SFTP support: ${WITH_SFTP}")
 message(STATUS "Server support : ${WITH_SERVER}")
 message(STATUS "GSSAPI support : ${WITH_GSSAPI}")
 message(STATUS "GEX support : ${WITH_GEX}")
+message(STATUS "Support insecure none cipher and MAC : ${WITH_INSECURE_NONE}")
 message(STATUS "Pcap debugging support : ${WITH_PCAP}")
 message(STATUS "Build shared library: ${BUILD_SHARED_LIBS}")
 message(STATUS "Unit testing: ${UNIT_TESTING}")
diff --git a/DefineOptions.cmake b/DefineOptions.cmake
index 59e8fb9b..85a30376 100644
--- a/DefineOptions.cmake
+++ b/DefineOptions.cmake
@@ -21,7 +21,8 @@ option(WITH_NACL "Build with libnacl (curve25519)" ON)
 option(WITH_SYMBOL_VERSIONING "Build with symbol versioning" ON)
 option(WITH_ABI_BREAK "Allow ABI break" OFF)
 option(WITH_GEX "Enable DH Group exchange mechanisms" ON)
-option(FUZZ_TESTING "Build with fuzzer for the server" OFF)
+option(WITH_INSECURE_NONE "Enable insecure none cipher and MAC algorithms (not suitable for production!)" OFF)
+option(FUZZ_TESTING "Build with fuzzer for the server and client (automatically enables none cipher!)" OFF)
 option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
 
 if (WITH_ZLIB)
@@ -54,3 +55,7 @@ endif (NOT GLOBAL_BIND_CONFIG)
 if (NOT GLOBAL_CLIENT_CONFIG)
   set(GLOBAL_CLIENT_CONFIG "/etc/ssh/ssh_config")
 endif (NOT GLOBAL_CLIENT_CONFIG)
+
+if (FUZZ_TESTING)
+  set(WITH_INSECURE_NONE ON)
+endif (FUZZ_TESTING)
diff --git a/config.h.cmake b/config.h.cmake
index 5d62438c..e708dd0b 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -269,6 +269,9 @@
 /* Define to 1 if you want to enable DH group exchange algorithms */
 #cmakedefine WITH_GEX 1
 
+/* Define to 1 if you want to enable none cipher and MAC */
+#cmakedefine WITH_INSECURE_NONE 1
+
 /* Define to 1 if you want to enable blowfish cipher support */
 #cmakedefine WITH_BLOWFISH_CIPHER 1
 
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index ba64939b..df6544ee 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -42,7 +42,8 @@ enum ssh_hmac_e {
   SSH_HMAC_SHA512,
   SSH_HMAC_MD5,
   SSH_HMAC_AEAD_POLY1305,
-  SSH_HMAC_AEAD_GCM
+  SSH_HMAC_AEAD_GCM,
+  SSH_HMAC_NONE,
 };
 
 enum ssh_des_e {
diff --git a/src/kex.c b/src/kex.c
index aa817325..dc9d5097 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -125,6 +125,12 @@
 #define DSA_PUBLIC_KEY_ALGORITHMS ""
 #endif
 
+#ifdef WITH_INSECURE_NONE
+#define NONE ",none"
+#else
+#define NONE
+#endif
+
 #define HOSTKEYS "ssh-ed25519," \
                  EC_HOSTKEYS \
                  "rsa-sha2-512," \
@@ -239,10 +245,10 @@ static const char *default_methods[] = {
 static const char *supported_methods[] = {
   KEY_EXCHANGE_SUPPORTED,
   PUBLIC_KEY_ALGORITHMS,
-  CHACHA20 AES BLOWFISH DES_SUPPORTED,
-  CHACHA20 AES BLOWFISH DES_SUPPORTED,
-  "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
-  "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
+  CHACHA20 AES BLOWFISH DES_SUPPORTED NONE,
+  CHACHA20 AES BLOWFISH DES_SUPPORTED NONE,
+  "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1" NONE,
+  "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1" NONE,
   ZLIB,
   ZLIB,
   "",
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 2ad0de83..96abec14 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -1275,6 +1275,17 @@ chacha20_poly1305_aead_encrypt(struct ssh_cipher_struct *cipher,
 }
 #endif /* defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305) */
 
+#ifdef WITH_INSECURE_NONE
+static void
+none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
+           void *in,
+           void *out,
+           size_t len)
+{
+    memcpy(out, in, len);
+}
+#endif /* WITH_INSECURE_NONE */
+
 /*
  * The table of supported ciphers
  */
@@ -1463,6 +1474,15 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .name = "chacha20-poly1305@openssh.com"
 #endif /* defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305) */
   },
+#ifdef WITH_INSECURE_NONE
+  {
+    .name = "none",
+    .blocksize = 8,
+    .keysize = 0,
+    .encrypt = none_crypt,
+    .decrypt = none_crypt,
+  },
+#endif /* WITH_INSECURE_NONE */
   {
     .name = NULL
   }
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 85d47c3f..2383ffa0 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -881,6 +881,17 @@ out:
 }
 #endif /* HAVE_GCRYPT_CHACHA_POLY */
 
+#ifdef WITH_INSECURE_NONE
+static void
+none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
+           void *in,
+           void *out,
+           size_t len)
+{
+    memcpy(out, in, len);
+}
+#endif /* WITH_INSECURE_NONE */
+
 /* the table of supported ciphers */
 static struct ssh_cipher_struct ssh_ciphertab[] = {
 #ifdef WITH_BLOWFISH_CIPHER
@@ -1020,6 +1031,15 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .name = "chacha20-poly1305@openssh.com"
 #endif
   },
+#ifdef WITH_INSECURE_NONE
+  {
+    .name            = "none",
+    .blocksize       = 8,
+    .keysize         = 0,
+    .encrypt         = none_crypt,
+    .decrypt         = none_crypt
+  },
+#endif /* WITH_INSECURE_NONE */
   {
     .name            = NULL,
     .blocksize       = 0,
diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
index 2db0f3ea..ee3fad79 100644
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -1216,6 +1216,17 @@ static void cipher_cleanup(struct ssh_cipher_struct *cipher)
 #endif /* MBEDTLS_GCM_C */
 }
 
+#ifdef WITH_INSECURE_NONE
+static void
+none_crypt(UNUSED_PARAM(struct ssh_cipher_struct *cipher),
+           void *in,
+           void *out,
+           size_t len)
+{
+    memcpy(out, in, len);
+}
+#endif /* WITH_INSECURE_NONE */
+
 static struct ssh_cipher_struct ssh_ciphertab[] = {
 #ifdef WITH_BLOWFISH_CIPHER
     {
@@ -1356,6 +1367,15 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
         .name = "chacha20-poly1305@openssh.com"
 #endif
     },
+#ifdef WITH_INSECURE_NONE
+    {
+        .name = "none",
+        .blocksize = 8,
+        .keysize = 0,
+        .encrypt = none_crypt,
+        .decrypt = none_crypt,
+    },
+#endif /* WITH_INSECURE_NONE */
     {
         .name = NULL,
         .blocksize = 0,
diff --git a/src/wrapper.c b/src/wrapper.c
index 7e57ab5d..d53a61a3 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -66,6 +66,9 @@ static struct ssh_hmac_struct ssh_hmac_tab[] = {
   { "hmac-sha2-256-etm@openssh.com", SSH_HMAC_SHA256,        true  },
   { "hmac-sha2-512-etm@openssh.com", SSH_HMAC_SHA512,        true  },
   { "hmac-md5-etm@openssh.com",      SSH_HMAC_MD5,           true  },
+#ifdef WITH_INSECURE_NONE
+  { "none",                          SSH_HMAC_NONE,          false },
+#endif /* WITH_INSECURE_NONE */
   { NULL,                            0,                      false }
 };