1
1
Граф коммитов

3838 Коммитов

Автор SHA1 Сообщение Дата
Andreas Schneider
649a7490a6 gitlab: Do not build with SSHv1 support
This will be removed soon.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 18:00:47 +02:00
Jon Simons
c089b700c6 chacha: fix build for mbedTLS
Fix the build for mbedTLS:
 * set HAVE_CHACHA for non-mbedTLS builds
 * only compile chachapoly.c when HAVE_CHACHA
 * use empty CHACHA20 in src/kex.c unless HAVE_CHACHA

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
c8d6445d44 packet_crypt: remove set_decrypt_key upon ssh_packet_decrypt_len
In 06b9901e64, invocations of `set_decrypt_key`
and `set_encrypt_key` were moved into the `ssh_packet_newkeys` callback, away
from the packet decrypt and encrypt functions.

Remove the extra `set_decrypt_key` for the case that an `aead_decrypt_length`
is not NULL.  At this time, only the chacha20-poly1305@openssh.com cipher
is affected by this change.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
d4a4ce4d44 chacha: use a cipher cleanup callback
With this change there is less code specific to the
chacha20-poly1305 cipher found in src/wrapper.c.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
7a2624dee4 packet_crypt: fix unused variable compiler warning
The local `rc` variable here is never set.  Fix a warning that is
emitted due to `-Wunused-variable`.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
f827833d82 tests: fix torture_packet.c test_data
Make the `test_data` larger so that tests do not read beyond
its length.  Observed in testing with an `-fsanitize=address`
build locally.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
6f38e0b771 pkd: move chacha20-poly1305@openssh.com tests to OPENSSHONLY section
Dropbear does not currently implement the 'chacha20-poly1305@openssh.com'
cipher, so move it into the OPENSSHONLY suite.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Jon Simons
622ff855f5 pkd: add passes for chacha20-poly1305@openssh.com cipher
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Alberto Aguirre
26734a547a torture_packet: Set encryption/decryption keys
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Alberto Aguirre
1ece5a849c packet_crypt: Avoid setting keys every time
Avoid setting keys on every packet decrypt or encrypt operation.

Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
23accdde1a tests: send more packets of various sizes
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
321ec2cb1c tests: packet encryption unit testing
That code is really ugly, but it wasn't meant to be modular at all in the
first place.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
27711f6a4c tests: test for chacha20-poly1305@openssh.com
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
238202d380 libgcrypt: make it compatible with chacha20
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
8a735d5eb7 chacha: packet decryption
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
d038c4dee7 chacha: packet encryption
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
ebd76bf347 cmake: detect "bounded" compiler attribute
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Aris Adamantiadis
acc1ade74a external: Add ChaCha and Poly1305 implementations from OpenSSH
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Andreas Schneider
72e4500da9 gitlab: Disable SSHv1 support
This will be removed soon.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:06:30 +02:00
Andreas Schneider
c4f3bf4ffa torture: Remove unused variable
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 09:05:58 +02:00
Andreas Schneider
c563ed636a Remove vim modelines from all files
If you want modelines use my vim plugin:
https://github.com/cryptomilk/git-modeline.vim

git config --add vim.modeline "ts=4 sw=4 et"

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 08:41:08 +02:00
Andreas Schneider
f3de2974a9 tests: Disable ssh_is_ipaddr("255.255.255") on Win32
Till we get the issue fixed in Wine.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 08:36:54 +02:00
Andreas Schneider
1b8ce5a6ed tests: Workaround for a Wine bug
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-28 08:27:08 +02:00
Jon Simons
deb7630c67 pkd: log but ignore ungraceful client disconnects
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:38:35 -07:00
Jon Simons
cbd9569b99 pkd: move hmac-sha2-256 to OpenSSH-only lists
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:52:32 -07:00
Jon Simons
a45a04ff4d pkd: omit -v for dbclient by default
The `-v` is only recognized by `dbclient` when dropbear is built
in its DEBUG_TRACE mode.  Omit that flag by default to avoid a
warning log emitted to stderr.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:57 -07:00
Jon Simons
7aa496d844 pkd: remove blowfish-cbc cipher passes
Support for the `blowfish-cbc` cipher has been removed from OpenSSH
as of version 7.6.  Remove this cipher from the pkd tests so that
the tests will pass together with a modern OpenSSH client.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:51 -07:00
Jon Simons
bf10a66b5d pkd: emit error message for OpenSSH clients < 7.0
Emit a friendly error message for OpenSSH clients older than
7.0.  Some of the recent pkd changes now require a modern
client to support some newer config options.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:43 -07:00
Jon Simons
adc817cf13 pkd: specify PubkeyAcceptedTypes for OpenSSH client
As of OpenSSH 6.9, support for `ssh-dss` user keys is disabled by default
at runtime.  Specify an explicit `-o PubkeyAcceptedKeyTYpes` in the pkd
tests to explicitly enable each user key type being tested, including
`ssh-dss`.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:37 -07:00
Jon Simons
787a649390 pkd: specify HostKeyAlgorithms for OpenSSH client
As of OpenSSH 6.9, support for `ssh-dss` host keys is disabled by default
at runtime.  Specify an explicit `-o HostKeyAlgorithms` in the pkd tests
to explicitly enable each host key type being tested, including `ssh-dss`.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:42:33 -07:00
Jon Simons
54690e6cdd pkd: run with SOCKET_WRAPPER_LIBRARY
Use the socket_wrapper preload shim when running the `pkd_hello`
test with `make test`.  The end goal here is to get this test
running alongside normal tests in regular CI.  Changes to do
this:

 * Configure PKD_ENVIRONMENT for the `pkd_hello_i1` test in the
   CMakeLists.txt file.

 * Add a `--socket-wrapper-dir|-w` flag that is used to opt-in to
   initializing a SOCKET_WRAPPER_DIR as expected by the socket_wrapper
   library.

   A runtime flag is used here to make it easy to run `pkd_hello`
   with the socket_wrapper library while avoiding a hard dependency.

Testing done: observed socker_wrapper in effect with `strace`;
running `make test` uses the wrapper correctly on my local
machine.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:41:10 -07:00
Jon Simons
4e3fb81172 pkd: add_test pkd_hello_i1 for make test
Add an entry for a `pkd_hello_i1` test which runs one iteration
through each of the pkd algorithm combinations.

Testing done: now `make test` will run `pkd_hello -i1` which
completes in ~25 seconds on my local machine.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 19:41:02 -07:00
Jon Simons
6273c409e3 pkd: fix missing config.h #include
Ensure to include config.h so that the `HAVE_DSA` value is properly set
when building the pkd tests.

Introduced with 778652460f,

Testing done: with this change, the `pkd_hello` test is passing on an
OpenSSL 1.1.0 build for me.  Previously it would fail pubkey exchange
early on for DSA- and ECDSA-type host keys.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:36 +02:00
Jon Simons
7798d39187 dh: fix two leaks in ssh_get_pubkey_hash
Fix two memory leaks in `ssh_get_pubkey_hash` for some error paths.
The local `h` buffer and `ctx` MD5 context each must be free'd for
the SSH_ERROR cases.

Introduced with 16217454d5.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:34 +02:00
Jon Simons
58ef1e96b8 dh: fix ssh_get_pubkey_hash indentation
Fix `ssh_get_pubkey_hash` indentation to use softabs
with 4 spaces.  No change in behavior.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:32 +02:00
Jon Simons
732818ebb2 tests: fix -Wunused-function warning in torture_pki_ecdsa.c
Wrap some function definitions with `HAVE_LIBCRYPTO` ifdefs to
match their usages in `torture_run_tests`.

Fixes this warning I observe when building locally:

    torture_pki_ecdsa.c:341:13: warning:
         ‘torture_pki_ecdsa_write_privkey’ defined but not used
         [-Wunused-function]

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:30 +02:00
Jon Simons
448de134ac ecdh: fix SSH_MSG_KEXDH_REPLY for mbedTLS
Ensure to provide the `ssh_string` pubkey blob to the buffer packing
routine when computing the SSH_MSG_KEXDH_REPLY message, rather than
the new `ssh_key` type.

Introduced with 16217454d5.

Testing done: with this change, the `pkd_hello` test is passing on a
mbedTLS build for me.  Previously it would segfault during pubkey
exchange with "ecdh-sha2-nistp256".

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:28 +02:00
Jon Simons
fd3d8d6496 ecdh: fix SSH_MSG_KEXDH_REPLY for libgcrypt
Ensure to provide the `ssh_string` pubkey blob to the buffer packing
routine when computing the SSH_MSG_KEXDH_REPLY message, rather than
the new `ssh_key` type.

Introduced with 16217454d5.

Testing done: with this change, the `pkd_hello` test is passing on a
libgcrypt build for me.  Previously it would segfault during pubkey
exchange with "ecdh-sha2-nistp256".

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:26 +02:00
Jon Simons
0b90ab102e ecdh: fix SSH_MSG_KEXDH_REPLY for libcrypto
Ensure to provide the `ssh_string` pubkey blob to the buffer packing
routine when computing the SSH_MSG_KEXDH_REPLY message, rather than
the new `ssh_key` type.

Introduced with 16217454d5.

Testing done: with this change, `pkd_hello` test is passing on an
OpenSSL 1.1.0 build for me.  Previously it would segfault during
pubkey exchange with "ecdh-sha2-nistp256".

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:25:24 +02:00
Anderson Toshiyuki Sasaki
cd3170fcb1 gitlab: Use wine to run tests built for Windows
When building in a cross-compiling environment, use wine to run the
tests.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:23:12 +02:00
Anderson Toshiyuki Sasaki
9eaf55898e cmake: Added executable exension on test binaries
This is necessary when building the tests for Windows.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 21:20:26 +02:00
Andreas Schneider
10e1e396fc gitlab: Add build with mbedtls
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 12:01:54 +02:00
Andreas Schneider
c1db283c39 gitlab: Enable build with libgcrypt
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 12:01:51 +02:00
Andreas Schneider
6c97122120 torture: Don't exclude filter mechanism on Windows
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 10:51:45 +02:00
Andreas Schneider
0dd33d8ed1 torture: Don't include sys/socket.h on Windows
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 10:44:31 +02:00
Andreas Schneider
0db12d7f75 gitlab: Don't error out if obj exists
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 10:16:45 +02:00
Anderson Toshiyuki Sasaki
c1d8ba47dd gitlab: Added builds for Windows using MinGW
Only the unit tests are run.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 09:45:35 +02:00
Andreas Schneider
dc4cc08c3a gitlab: Use obj dir for building
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 09:45:35 +02:00
Andreas Schneider
e880cafed0 tests: Call ssh_session_is_known_server()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 09:45:35 +02:00
Andreas Schneider
1ae014f52a dh: Fix reference to ssh_session_update_known_hosts()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-27 09:45:35 +02:00