diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 10:20:12 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2019-01-21 22:07:02 +1100 |
| commit | dfd591618cdf2c96727ac0eb65f89cf54af0d97e (patch) | |
| tree | 59700563da0dc6f1de649394ffb4c787710eda5a /kex.c | |
| parent | b1b2ff4ed559051d1035419f8f236275fa66d5d6 (diff) | |
upstream: Add support for a PQC KEX/KEM:
sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
enabled by default.
introduce KEM API; a simplified framework for DH-ish KEX methods.
from markus@ feedback & ok djm@
OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
Diffstat (limited to 'kex.c')
| -rw-r--r-- | kex.c | 7 |
1 files changed, 5 insertions, 2 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.146 2019/01/21 10:07:22 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.147 2019/01/21 10:20:12 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -108,6 +108,8 @@ static const struct kexalg kexalgs[] = { | |||
| 108 | #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) | 108 | #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) |
| 109 | { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, | 109 | { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, |
| 110 | { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, | 110 | { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, |
| 111 | { KEX_SNTRUP4591761X25519_SHA512, KEX_KEM_SNTRUP4591761X25519_SHA512, 0, | ||
| 112 | SSH_DIGEST_SHA512 }, | ||
| 111 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ | 113 | #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ |
| 112 | { NULL, -1, -1, -1}, | 114 | { NULL, -1, -1, -1}, |
| 113 | }; | 115 | }; |
| @@ -653,6 +655,7 @@ kex_free(struct kex *kex) | |||
| 653 | sshbuf_free(kex->my); | 655 | sshbuf_free(kex->my); |
| 654 | sshbuf_free(kex->client_version); | 656 | sshbuf_free(kex->client_version); |
| 655 | sshbuf_free(kex->server_version); | 657 | sshbuf_free(kex->server_version); |
| 658 | sshbuf_free(kex->kem_client_pub); | ||
| 656 | free(kex->session_id); | 659 | free(kex->session_id); |
| 657 | free(kex->failed_choice); | 660 | free(kex->failed_choice); |
| 658 | free(kex->hostkey_alg); | 661 | free(kex->hostkey_alg); |
| @@ -1089,7 +1092,7 @@ kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key) | |||
| 1089 | 1092 | ||
| 1090 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) | 1093 | #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH) |
| 1091 | void | 1094 | void |
| 1092 | dump_digest(char *msg, u_char *digest, int len) | 1095 | dump_digest(const char *msg, const u_char *digest, int len) |
| 1093 | { | 1096 | { |
| 1094 | fprintf(stderr, "%s\n", msg); | 1097 | fprintf(stderr, "%s\n", msg); |
| 1095 | sshbuf_dump_data(digest, len, stderr); | 1098 | sshbuf_dump_data(digest, len, stderr); |