diff options
author | markus@openbsd.org <markus@openbsd.org> | 2018-02-23 15:58:37 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-02-26 11:40:41 +1100 |
commit | 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 (patch) | |
tree | 7e96cb41b5234b9d327f7c8f41392f09aed0994e /ssh.c | |
parent | 7d330a1ac02076de98cfc8fda05353d57b603755 (diff) |
upstream: Add experimental support for PQC XMSS keys (Extended
Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
djm@
OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 15 |
1 files changed, 12 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.474 2018/02/23 02:34:33 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1384,7 +1384,7 @@ main(int ac, char **av) | |||
1384 | sensitive_data.keys = NULL; | 1384 | sensitive_data.keys = NULL; |
1385 | sensitive_data.external_keysign = 0; | 1385 | sensitive_data.external_keysign = 0; |
1386 | if (options.hostbased_authentication) { | 1386 | if (options.hostbased_authentication) { |
1387 | sensitive_data.nkeys = 9; | 1387 | sensitive_data.nkeys = 11; |
1388 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, | 1388 | sensitive_data.keys = xcalloc(sensitive_data.nkeys, |
1389 | sizeof(struct sshkey)); /* XXX */ | 1389 | sizeof(struct sshkey)); /* XXX */ |
1390 | for (i = 0; i < sensitive_data.nkeys; i++) | 1390 | for (i = 0; i < sensitive_data.nkeys; i++) |
@@ -1411,6 +1411,10 @@ main(int ac, char **av) | |||
1411 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); | 1411 | _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
1412 | sensitive_data.keys[8] = key_load_private_type(KEY_DSA, | 1412 | sensitive_data.keys[8] = key_load_private_type(KEY_DSA, |
1413 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); | 1413 | _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
1414 | sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS, | ||
1415 | _PATH_HOST_XMSS_KEY_FILE, "", NULL); | ||
1416 | sensitive_data.keys[10] = key_load_private_type(KEY_XMSS, | ||
1417 | _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL); | ||
1414 | PRIV_END; | 1418 | PRIV_END; |
1415 | 1419 | ||
1416 | if (options.hostbased_authentication == 1 && | 1420 | if (options.hostbased_authentication == 1 && |
@@ -1418,7 +1422,8 @@ main(int ac, char **av) | |||
1418 | sensitive_data.keys[5] == NULL && | 1422 | sensitive_data.keys[5] == NULL && |
1419 | sensitive_data.keys[6] == NULL && | 1423 | sensitive_data.keys[6] == NULL && |
1420 | sensitive_data.keys[7] == NULL && | 1424 | sensitive_data.keys[7] == NULL && |
1421 | sensitive_data.keys[8] == NULL) { | 1425 | sensitive_data.keys[8] == NULL && |
1426 | sensitive_data.keys[9] == NULL) { | ||
1422 | #ifdef OPENSSL_HAS_ECC | 1427 | #ifdef OPENSSL_HAS_ECC |
1423 | sensitive_data.keys[1] = key_load_cert( | 1428 | sensitive_data.keys[1] = key_load_cert( |
1424 | _PATH_HOST_ECDSA_KEY_FILE); | 1429 | _PATH_HOST_ECDSA_KEY_FILE); |
@@ -1439,6 +1444,10 @@ main(int ac, char **av) | |||
1439 | _PATH_HOST_RSA_KEY_FILE, NULL); | 1444 | _PATH_HOST_RSA_KEY_FILE, NULL); |
1440 | sensitive_data.keys[8] = key_load_public( | 1445 | sensitive_data.keys[8] = key_load_public( |
1441 | _PATH_HOST_DSA_KEY_FILE, NULL); | 1446 | _PATH_HOST_DSA_KEY_FILE, NULL); |
1447 | sensitive_data.keys[9] = key_load_cert( | ||
1448 | _PATH_HOST_XMSS_KEY_FILE); | ||
1449 | sensitive_data.keys[10] = key_load_public( | ||
1450 | _PATH_HOST_XMSS_KEY_FILE, NULL); | ||
1442 | sensitive_data.external_keysign = 1; | 1451 | sensitive_data.external_keysign = 1; |
1443 | } | 1452 | } |
1444 | } | 1453 | } |