summaryrefslogtreecommitdiff
path: root/kexsntrup4591761x25519.c
diff options
context:
space:
mode:
Diffstat (limited to 'kexsntrup4591761x25519.c')
-rw-r--r--kexsntrup4591761x25519.c34
1 files changed, 19 insertions, 15 deletions
diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c
index ffe05f420..d845f3d44 100644
--- a/kexsntrup4591761x25519.c
+++ b/kexsntrup4591761x25519.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: kexsntrup4591761x25519.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ 1/* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2019 Markus Friedl. All rights reserved. 3 * Copyright (c) 2019 Markus Friedl. All rights reserved.
4 * 4 *
@@ -66,11 +66,13 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
66} 66}
67 67
68int 68int
69kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, 69kex_kem_sntrup4591761x25519_enc(struct kex *kex,
70 size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) 70 const struct sshbuf *client_blob, struct sshbuf **server_blobp,
71 struct sshbuf **shared_secretp)
71{ 72{
72 struct sshbuf *server_blob = NULL; 73 struct sshbuf *server_blob = NULL;
73 struct sshbuf *buf = NULL; 74 struct sshbuf *buf = NULL;
75 const u_char *client_pub;
74 u_char *kem_key, *ciphertext, *server_pub; 76 u_char *kem_key, *ciphertext, *server_pub;
75 u_char server_key[CURVE25519_SIZE]; 77 u_char server_key[CURVE25519_SIZE];
76 u_char hash[SSH_DIGEST_MAX_LENGTH]; 78 u_char hash[SSH_DIGEST_MAX_LENGTH];
@@ -80,17 +82,19 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob,
80 *server_blobp = NULL; 82 *server_blobp = NULL;
81 *shared_secretp = NULL; 83 *shared_secretp = NULL;
82 84
83 /* pkblob contains both KEM and ECDH client pubkeys */ 85 /* client_blob contains both KEM and ECDH client pubkeys */
84 need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE; 86 need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
85 if (pklen != need) { 87 if (sshbuf_len(client_blob) != need) {
86 r = SSH_ERR_SIGNATURE_INVALID; 88 r = SSH_ERR_SIGNATURE_INVALID;
87 goto out; 89 goto out;
88 } 90 }
91 client_pub = sshbuf_ptr(client_blob);
89#ifdef DEBUG_KEXECDH 92#ifdef DEBUG_KEXECDH
90 dump_digest("client public key sntrup4591761:", pkblob, 93 dump_digest("client public key sntrup4591761:", client_pub,
91 crypto_kem_sntrup4591761_PUBLICKEYBYTES); 94 crypto_kem_sntrup4591761_PUBLICKEYBYTES);
92 dump_digest("client public key 25519:", 95 dump_digest("client public key 25519:",
93 pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, CURVE25519_SIZE); 96 client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES,
97 CURVE25519_SIZE);
94#endif 98#endif
95 /* allocate buffer for concatenation of KEM key and ECDH shared key */ 99 /* allocate buffer for concatenation of KEM key and ECDH shared key */
96 /* the buffer will be hashed and the result is the shared secret */ 100 /* the buffer will be hashed and the result is the shared secret */
@@ -110,13 +114,13 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob,
110 if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0) 114 if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0)
111 goto out; 115 goto out;
112 /* generate and encrypt KEM key with client key */ 116 /* generate and encrypt KEM key with client key */
113 crypto_kem_sntrup4591761_enc(ciphertext, kem_key, pkblob); 117 crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub);
114 /* generate ECDH key pair, store server pubkey after ciphertext */ 118 /* generate ECDH key pair, store server pubkey after ciphertext */
115 server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; 119 server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
116 kexc25519_keygen(server_key, server_pub); 120 kexc25519_keygen(server_key, server_pub);
117 /* append ECDH shared key */ 121 /* append ECDH shared key */
118 if ((r = kexc25519_shared_key_ext(server_key, 122 client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
119 pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, buf, 1)) < 0) 123 if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0)
120 goto out; 124 goto out;
121 if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0) 125 if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
122 goto out; 126 goto out;
@@ -149,8 +153,8 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob,
149} 153}
150 154
151int 155int
152kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, 156kex_kem_sntrup4591761x25519_dec(struct kex *kex,
153 size_t pklen, struct sshbuf **shared_secretp) 157 const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
154{ 158{
155 struct sshbuf *buf = NULL; 159 struct sshbuf *buf = NULL;
156 u_char *kem_key = NULL; 160 u_char *kem_key = NULL;
@@ -162,12 +166,12 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob,
162 *shared_secretp = NULL; 166 *shared_secretp = NULL;
163 167
164 need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE; 168 need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
165 if (pklen != need) { 169 if (sshbuf_len(server_blob) != need) {
166 r = SSH_ERR_SIGNATURE_INVALID; 170 r = SSH_ERR_SIGNATURE_INVALID;
167 goto out; 171 goto out;
168 } 172 }
169 ciphertext = pkblob; 173 ciphertext = sshbuf_ptr(server_blob);
170 server_pub = pkblob + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; 174 server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
171#ifdef DEBUG_KEXECDH 175#ifdef DEBUG_KEXECDH
172 dump_digest("server cipher text:", ciphertext, 176 dump_digest("server cipher text:", ciphertext,
173 crypto_kem_sntrup4591761_CIPHERTEXTBYTES); 177 crypto_kem_sntrup4591761_CIPHERTEXTBYTES);