- markus@cvs.openbsd.org 2013/11/02 21:59:15
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange (curve25519-sha256@libssh.org);
initial patch from Aris Adamantiadis; ok djm@
diff --git a/kex.h b/kex.h
index 9f1e1ad..0f67f59 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.57 2013/11/02 21:59:15 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -43,6 +43,7 @@
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
+#define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org"
#define COMP_NONE 0
#define COMP_ZLIB 1
@@ -74,6 +75,7 @@
KEX_DH_GEX_SHA1,
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
+ KEX_C25519_SHA256,
KEX_MAX
};
@@ -161,6 +163,8 @@
void kexgex_server(Kex *);
void kexecdh_client(Kex *);
void kexecdh_server(Kex *);
+void kexc25519_client(Kex *);
+void kexc25519_server(Kex *);
void
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
@@ -175,6 +179,19 @@
char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
const BIGNUM *, u_char **, u_int *);
#endif
+void
+kex_c25519_hash(const EVP_MD *, char *, char *, char *, int,
+ char *, int, u_char *, int, const u_char *, const u_char *,
+ const BIGNUM *, u_char **, u_int *);
+
+#define CURVE25519_SIZE 32
+void kexc25519_keygen(u_char[CURVE25519_SIZE], u_char[CURVE25519_SIZE])
+ __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+ __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
+BIGNUM *kexc25519_shared_key(const u_char[CURVE25519_SIZE],
+ const u_char[CURVE25519_SIZE])
+ __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+ __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
void
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);