diff options
Diffstat (limited to 'kexsntrup4591761x25519.c')
-rw-r--r-- | kexsntrup4591761x25519.c | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c index ffe05f420..d845f3d44 100644 --- a/kexsntrup4591761x25519.c +++ b/kexsntrup4591761x25519.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexsntrup4591761x25519.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ | 1 | /* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2019 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -66,11 +66,13 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex) | |||
66 | } | 66 | } |
67 | 67 | ||
68 | int | 68 | int |
69 | kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, | 69 | kex_kem_sntrup4591761x25519_enc(struct kex *kex, |
70 | size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) | 70 | const struct sshbuf *client_blob, struct sshbuf **server_blobp, |
71 | struct sshbuf **shared_secretp) | ||
71 | { | 72 | { |
72 | struct sshbuf *server_blob = NULL; | 73 | struct sshbuf *server_blob = NULL; |
73 | struct sshbuf *buf = NULL; | 74 | struct sshbuf *buf = NULL; |
75 | const u_char *client_pub; | ||
74 | u_char *kem_key, *ciphertext, *server_pub; | 76 | u_char *kem_key, *ciphertext, *server_pub; |
75 | u_char server_key[CURVE25519_SIZE]; | 77 | u_char server_key[CURVE25519_SIZE]; |
76 | u_char hash[SSH_DIGEST_MAX_LENGTH]; | 78 | u_char hash[SSH_DIGEST_MAX_LENGTH]; |
@@ -80,17 +82,19 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, | |||
80 | *server_blobp = NULL; | 82 | *server_blobp = NULL; |
81 | *shared_secretp = NULL; | 83 | *shared_secretp = NULL; |
82 | 84 | ||
83 | /* pkblob contains both KEM and ECDH client pubkeys */ | 85 | /* client_blob contains both KEM and ECDH client pubkeys */ |
84 | need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE; | 86 | need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE; |
85 | if (pklen != need) { | 87 | if (sshbuf_len(client_blob) != need) { |
86 | r = SSH_ERR_SIGNATURE_INVALID; | 88 | r = SSH_ERR_SIGNATURE_INVALID; |
87 | goto out; | 89 | goto out; |
88 | } | 90 | } |
91 | client_pub = sshbuf_ptr(client_blob); | ||
89 | #ifdef DEBUG_KEXECDH | 92 | #ifdef DEBUG_KEXECDH |
90 | dump_digest("client public key sntrup4591761:", pkblob, | 93 | dump_digest("client public key sntrup4591761:", client_pub, |
91 | crypto_kem_sntrup4591761_PUBLICKEYBYTES); | 94 | crypto_kem_sntrup4591761_PUBLICKEYBYTES); |
92 | dump_digest("client public key 25519:", | 95 | dump_digest("client public key 25519:", |
93 | pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, CURVE25519_SIZE); | 96 | client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES, |
97 | CURVE25519_SIZE); | ||
94 | #endif | 98 | #endif |
95 | /* allocate buffer for concatenation of KEM key and ECDH shared key */ | 99 | /* allocate buffer for concatenation of KEM key and ECDH shared key */ |
96 | /* the buffer will be hashed and the result is the shared secret */ | 100 | /* the buffer will be hashed and the result is the shared secret */ |
@@ -110,13 +114,13 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, | |||
110 | if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0) | 114 | if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0) |
111 | goto out; | 115 | goto out; |
112 | /* generate and encrypt KEM key with client key */ | 116 | /* generate and encrypt KEM key with client key */ |
113 | crypto_kem_sntrup4591761_enc(ciphertext, kem_key, pkblob); | 117 | crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub); |
114 | /* generate ECDH key pair, store server pubkey after ciphertext */ | 118 | /* generate ECDH key pair, store server pubkey after ciphertext */ |
115 | server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; | 119 | server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; |
116 | kexc25519_keygen(server_key, server_pub); | 120 | kexc25519_keygen(server_key, server_pub); |
117 | /* append ECDH shared key */ | 121 | /* append ECDH shared key */ |
118 | if ((r = kexc25519_shared_key_ext(server_key, | 122 | client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES; |
119 | pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, buf, 1)) < 0) | 123 | if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0) |
120 | goto out; | 124 | goto out; |
121 | if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0) | 125 | if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0) |
122 | goto out; | 126 | goto out; |
@@ -149,8 +153,8 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, | |||
149 | } | 153 | } |
150 | 154 | ||
151 | int | 155 | int |
152 | kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, | 156 | kex_kem_sntrup4591761x25519_dec(struct kex *kex, |
153 | size_t pklen, struct sshbuf **shared_secretp) | 157 | const struct sshbuf *server_blob, struct sshbuf **shared_secretp) |
154 | { | 158 | { |
155 | struct sshbuf *buf = NULL; | 159 | struct sshbuf *buf = NULL; |
156 | u_char *kem_key = NULL; | 160 | u_char *kem_key = NULL; |
@@ -162,12 +166,12 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, | |||
162 | *shared_secretp = NULL; | 166 | *shared_secretp = NULL; |
163 | 167 | ||
164 | need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE; | 168 | need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE; |
165 | if (pklen != need) { | 169 | if (sshbuf_len(server_blob) != need) { |
166 | r = SSH_ERR_SIGNATURE_INVALID; | 170 | r = SSH_ERR_SIGNATURE_INVALID; |
167 | goto out; | 171 | goto out; |
168 | } | 172 | } |
169 | ciphertext = pkblob; | 173 | ciphertext = sshbuf_ptr(server_blob); |
170 | server_pub = pkblob + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; | 174 | server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; |
171 | #ifdef DEBUG_KEXECDH | 175 | #ifdef DEBUG_KEXECDH |
172 | dump_digest("server cipher text:", ciphertext, | 176 | dump_digest("server cipher text:", ciphertext, |
173 | crypto_kem_sntrup4591761_CIPHERTEXTBYTES); | 177 | crypto_kem_sntrup4591761_CIPHERTEXTBYTES); |