Skip to content

netutils/dropbear: back hmac-sha2-256 with NuttX /dev/crypto#3640

Draft
FelipeMdeO wants to merge 1 commit into
apache:masterfrom
FelipeMdeO:feature/dropbear-nuttx-hmac-sha256
Draft

netutils/dropbear: back hmac-sha2-256 with NuttX /dev/crypto#3640
FelipeMdeO wants to merge 1 commit into
apache:masterfrom
FelipeMdeO:feature/dropbear-nuttx-hmac-sha256

Conversation

@FelipeMdeO

Copy link
Copy Markdown
Contributor

Summary

Replace Dropbear's bundled libtomcrypt HMAC modules with an adapter that
computes the hmac-sha2-256 packet MAC through the NuttX crypto device
(/dev/crypto) using CRYPTO_SHA2_256_HMAC sessions: hmac_init opens the
session with the MAC key, hmac_process feeds data with COP_FLAG_UPDATE
and hmac_done reads the tag and frees the session.

This PR is: espressif/esp-hal-3rdparty#13

The upstream Dropbear hmac_state is reused as-is, so no source patch is
needed: the existing hash field keeps the hash index and the /dev/crypto
session id is stored in the otherwise unused md buffer. The bundled
hmac_init.c/hmac_process.c/hmac_done.c are dropped from the build and
NETUTILS_DROPBEAR depends on CRYPTO_CRYPTODEV and
CRYPTO_CRYPTODEV_SOFTWARE_CRYPTO.

Only the HMAC is offloaded, not the plain SHA-256 hash: Dropbear's key
derivation (hashkeys() in common-kex.c) memcpy-clones a
partially-updated hash_state, which a kernel crypto session cannot
represent, so the SHA-256 descriptor stays on libtomcrypt.

Depends on #3636 (chacha20-poly1305 offload); this PR shares the Dropbear
Kconfig/Makefile/CMakeLists and will be rebased on top once that merges.
Opened as a draft to register the work.

Impact

  • Users: none unless NETUTILS_DROPBEAR is enabled;

Testing

sim:dropbear on the NuttX simulator. Dropbear is started by NSH, a user is
created, and a host OpenSSH client connects forcing hmac-sha2-256 as the
MAC (with aes128-ctr, so the HMAC runs on every packet):

console Board side:

$ ./nuttx
dropbear: listening on port 2222
nsh> useradd admin nuttx2026
nsh> [6] Jun 01 00:00:15 connection from 172.17.0.2:53752
[6] Jun 01 00:00:15 Password auth succeeded for 'admin' from 172.17.0.2:53752
[6] Jun 01 00:00:15 NSH exec started: uname -a; ps

console PC side:

$ ssh -p 2222 -c aes128-ctr -m hmac-sha2-256 admin@10.0.1.2 'uname -a'
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
NuttX  12.6.0-RC1 sim sim

Replace the bundled libtomcrypt HMAC modules with an adapter that
computes the hmac-sha2-256 packet MAC through the NuttX crypto device
using CRYPTO_SHA2_256_HMAC sessions.

NETUTILS_DROPBEAR depends
on CRYPTO_CRYPTODEV and CRYPTO_CRYPTODEV_SOFTWARE_CRYPTO instead of
selecting them.

Signed-off-by: Felipe Moura <moura.fmo@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant