diff options
| author | Damien Miller <djm@mindrot.org> | 2013-11-04 08:26:52 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-11-04 08:26:52 +1100 |
| commit | 1e1242604eb0fd510fe93f81245c529237ffc513 (patch) | |
| tree | d15eb5e9442cd3d812d6ade20775864f1600825a /kex.h | |
| parent | d2252c79191d069372ed6effce7c7a2de93448cd (diff) | |
- markus@cvs.openbsd.org 2013/11/02 21:59:15
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange (curve25519-sha256@libssh.org);
initial patch from Aris Adamantiadis; ok djm@
Diffstat (limited to 'kex.h')
| -rw-r--r-- | kex.h | 19 |
1 files changed, 18 insertions, 1 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.57 2013/11/02 21:59:15 markus Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -43,6 +43,7 @@ | |||
| 43 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" | 43 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" |
| 44 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" | 44 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
| 45 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" | 45 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" |
| 46 | #define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" | ||
| 46 | 47 | ||
| 47 | #define COMP_NONE 0 | 48 | #define COMP_NONE 0 |
| 48 | #define COMP_ZLIB 1 | 49 | #define COMP_ZLIB 1 |
| @@ -74,6 +75,7 @@ enum kex_exchange { | |||
| 74 | KEX_DH_GEX_SHA1, | 75 | KEX_DH_GEX_SHA1, |
| 75 | KEX_DH_GEX_SHA256, | 76 | KEX_DH_GEX_SHA256, |
| 76 | KEX_ECDH_SHA2, | 77 | KEX_ECDH_SHA2, |
| 78 | KEX_C25519_SHA256, | ||
| 77 | KEX_MAX | 79 | KEX_MAX |
| 78 | }; | 80 | }; |
| 79 | 81 | ||
| @@ -161,6 +163,8 @@ void kexgex_client(Kex *); | |||
| 161 | void kexgex_server(Kex *); | 163 | void kexgex_server(Kex *); |
| 162 | void kexecdh_client(Kex *); | 164 | void kexecdh_client(Kex *); |
| 163 | void kexecdh_server(Kex *); | 165 | void kexecdh_server(Kex *); |
| 166 | void kexc25519_client(Kex *); | ||
| 167 | void kexc25519_server(Kex *); | ||
| 164 | 168 | ||
| 165 | void | 169 | void |
| 166 | kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, | 170 | kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, |
| @@ -175,6 +179,19 @@ kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, | |||
| 175 | char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, | 179 | char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, |
| 176 | const BIGNUM *, u_char **, u_int *); | 180 | const BIGNUM *, u_char **, u_int *); |
| 177 | #endif | 181 | #endif |
| 182 | void | ||
| 183 | kex_c25519_hash(const EVP_MD *, char *, char *, char *, int, | ||
| 184 | char *, int, u_char *, int, const u_char *, const u_char *, | ||
| 185 | const BIGNUM *, u_char **, u_int *); | ||
| 186 | |||
| 187 | #define CURVE25519_SIZE 32 | ||
| 188 | void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE]) | ||
| 189 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | ||
| 190 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | ||
| 191 | BIGNUM *kexc25519_shared_key(const u_char[CURVE25519_SIZE], | ||
| 192 | const u_char[CURVE25519_SIZE]) | ||
| 193 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | ||
| 194 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | ||
| 178 | 195 | ||
| 179 | void | 196 | void |
| 180 | derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); | 197 | derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); |