upstream: use KEM API for vanilla c25519 KEX

OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
author: djm@openbsd.org <djm@openbsd.org> 2019-01-21 10:24:09 +0000
committer: Damien Miller <djm@mindrot.org> 2019-01-21 22:08:04 +1100
commit: 2f6a9ddbbf6ca8623c53c323ff17fb6d68d66970 (patch)
tree: 2fe3ee7094f85e9f834d69c5d609a1b9fe886930 /kexkemc.c
parent: dfd591618cdf2c96727ac0eb65f89cf54af0d97e (diff)
1 files changed, 26 insertions, 4 deletions
diff --git a/kexkemc.c b/kexkemc.c
index 47f15c30c..13f36a116 100644
--- a/kexkemc.c
+++ b/kexkemc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexkemc.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */
+/* $OpenBSD: kexkemc.c,v 1.2 2019/01/21 10:24:09 djm Exp $ */
 /*
 * Copyright (c) 2019 Markus Friedl.  All rights reserved.
 *
@@ -47,7 +47,18 @@ kex_kem_client(struct ssh *ssh)
        struct kex *kex = ssh->kex;
        int r;
-        if ((r = kex_kem_sntrup4591761x25519_keypair(kex)) != 0)
+        switch (kex->kex_type) {
+        case KEX_C25519_SHA256:
+                r = kex_c25519_keypair(kex);
+                break;
+        case KEX_KEM_SNTRUP4591761X25519_SHA512:
+                r = kex_kem_sntrup4591761x25519_keypair(kex);
+                break;
+        default:
+                r = SSH_ERR_INVALID_ARGUMENT;
+                break;
+        }
+        if (r != 0)
                return r;
        if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 ||
            (r = sshpkt_put_stringb(ssh, kex->kem_client_pub)) != 0 ||
@@ -87,8 +98,19 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh)
                goto out;
        /* compute shared secret */
-        if ((r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen,
+        switch (kex->kex_type) {
-            &shared_secret)) != 0)
+        case KEX_C25519_SHA256:
+                r = kex_c25519_dec(kex, server_pubkey, pklen, &shared_secret);
+                break;
+        case KEX_KEM_SNTRUP4591761X25519_SHA512:
+                r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen,
+                    &shared_secret);
+                break;
+        default:
+                r = SSH_ERR_INVALID_ARGUMENT;
+                break;
+        }
+        if (r !=0 )
                goto out;
        /* calc and verify H */
author	djm@openbsd.org <djm@openbsd.org>	2019-01-21 10:24:09 +0000
committer	Damien Miller <djm@mindrot.org>	2019-01-21 22:08:04 +1100
commit	2f6a9ddbbf6ca8623c53c323ff17fb6d68d66970 (patch)
tree	2fe3ee7094f85e9f834d69c5d609a1b9fe886930 /kexkemc.c
parent	dfd591618cdf2c96727ac0eb65f89cf54af0d97e (diff)

diff --git a/kexkemc.c b/kexkemc.c index 47f15c30c..13f36a116 100644 --- a/kexkemc.c +++ b/kexkemc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: kexkemc.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */	1	/* $OpenBSD: kexkemc.c,v 1.2 2019/01/21 10:24:09 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019 Markus Friedl. All rights reserved.	3	* Copyright (c) 2019 Markus Friedl. All rights reserved.
4	*	4	*
@@ -47,7 +47,18 @@ kex_kem_client(struct ssh *ssh)
47	struct kex *kex = ssh->kex;	47	struct kex *kex = ssh->kex;
48	int r;	48	int r;
49		49
50	if ((r = kex_kem_sntrup4591761x25519_keypair(kex)) != 0)	50	switch (kex->kex_type) {
		51	case KEX_C25519_SHA256:
		52	r = kex_c25519_keypair(kex);
		53	break;
		54	case KEX_KEM_SNTRUP4591761X25519_SHA512:
		55	r = kex_kem_sntrup4591761x25519_keypair(kex);
		56	break;
		57	default:
		58	r = SSH_ERR_INVALID_ARGUMENT;
		59	break;
		60	}
		61	if (r != 0)
51	return r;	62	return r;
52	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 \|\|	63	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 \|\|
53	(r = sshpkt_put_stringb(ssh, kex->kem_client_pub)) != 0 \|\|	64	(r = sshpkt_put_stringb(ssh, kex->kem_client_pub)) != 0 \|\|
@@ -87,8 +98,19 @@ input_kex_kem_reply(int type, u_int32_t seq, struct ssh *ssh)
87	goto out;	98	goto out;
88		99
89	/* compute shared secret */	100	/* compute shared secret */
90	if ((r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen,	101	switch (kex->kex_type) {
91	&shared_secret)) != 0)	102	case KEX_C25519_SHA256:
		103	r = kex_c25519_dec(kex, server_pubkey, pklen, &shared_secret);
		104	break;
		105	case KEX_KEM_SNTRUP4591761X25519_SHA512:
		106	r = kex_kem_sntrup4591761x25519_dec(kex, server_pubkey, pklen,
		107	&shared_secret);
		108	break;
		109	default:
		110	r = SSH_ERR_INVALID_ARGUMENT;
		111	break;
		112	}
		113	if (r !=0 )
92	goto out;	114	goto out;
93		115
94	/* calc and verify H */	116	/* calc and verify H */