kex: add curve25519-sha256 as alias for curve25519-sha256@libssh.org

see: https://tools.ietf.org/id/draft-ietf-curdle-ssh-curves-07.html

Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

9 files changed, 17 insertions, 6 deletions

diff --git a/doc/mainpage.dox b/doc/mainpage.dox
index 1b86baa9..a65caf9b 100644
--- a/doc/mainpage.dox
+++ b/doc/mainpage.dox
@@ -19,7 +19,7 @@ the interesting functions as you go.
 
 The libssh library provides:
 
- - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
+ - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
  - <strong>Hostkey Types</strong>: <i>ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521</i>, ssh-dss, ssh-rsa
  - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, none
  - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index f0d09342..d85b74da 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -60,7 +60,9 @@ enum ssh_key_exchange_e {
   /* ecdh-sha2-nistp521 */
   SSH_KEX_ECDH_SHA2_NISTP521,
   /* curve25519-sha256@libssh.org */
-  SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG
+  SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
+  /* curve25519-sha256 */
+  SSH_KEX_CURVE25519_SHA256
 };
 
 enum ssh_cipher_e {
diff --git a/src/client.c b/src/client.c
index 66aad23e..f22cb055 100644
--- a/src/client.c
+++ b/src/client.c
@@ -260,6 +260,7 @@ static int dh_handshake(ssh_session session) {
           break;
 #endif
 #ifdef HAVE_CURVE25519
+        case SSH_KEX_CURVE25519_SHA256:
         case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
           rc = ssh_client_curve25519_init(session);
           break;
diff --git a/src/curve25519.c b/src/curve25519.c
index 8e08f512..42b3b64e 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -1,6 +1,6 @@
 /*
  * curve25519.c - Curve25519 ECDH functions for key exchange
- * curve25519-sha256@libssh.org
+ * curve25519-sha256@libssh.org and curve25519-sha256
  *
  * This file is part of the SSH Library
  *
@@ -40,7 +40,7 @@
 #include "libssh/bignum.h"
 
 /** @internal
- * @brief Starts curve25519-sha256@libssh.org key exchange
+ * @brief Starts curve25519-sha256@libssh.org / curve25519-sha256 key exchange
  */
 int ssh_client_curve25519_init(ssh_session session){
   int rc;
diff --git a/src/dh.c b/src/dh.c
index f485617b..f4601868 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -686,7 +686,8 @@ int ssh_make_sessionid(ssh_session session) {
         }
 #endif
 #ifdef HAVE_CURVE25519
-    } else if (session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG) {
+    } else if ((session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256) ||
+               (session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG)) {
         rc = ssh_buffer_pack(buf,
                              "dPdP",
                              CURVE25519_PUBKEY_SIZE,
@@ -722,6 +723,7 @@ int ssh_make_sessionid(ssh_session session) {
                                    session->next_crypto->secret_hash);
         break;
     case SSH_KEX_ECDH_SHA2_NISTP256:
+    case SSH_KEX_CURVE25519_SHA256:
     case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
         session->next_crypto->digest_len = SHA256_DIGEST_LENGTH;
         session->next_crypto->mac_type = SSH_MAC_SHA256;
diff --git a/src/kex.c b/src/kex.c
index 6c5ba172..6eee6c27 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -78,7 +78,7 @@
 #endif
 
 #ifdef HAVE_CURVE25519
-#define CURVE25519 "curve25519-sha256@libssh.org,"
+#define CURVE25519 "curve25519-sha256,curve25519-sha256@libssh.org,"
 #else
 #define CURVE25519 ""
 #endif
@@ -673,6 +673,8 @@ int ssh_kex_select_methods (ssh_session session){
       session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP521;
     } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256@libssh.org") == 0){
       session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG;
+    } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256") == 0){
+      session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256;
     }
     SSH_LOG(SSH_LOG_INFO, "Negotiated %s,%s,%s,%s,%s,%s,%s,%s,%s,%s",
             session->next_crypto->kex_methods[SSH_KEX],
diff --git a/src/packet_cb.c b/src/packet_cb.c
index 2009d752..2c8d9935 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -116,6 +116,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){
       break;
 #endif
 #ifdef HAVE_CURVE25519
+    case SSH_KEX_CURVE25519_SHA256:
     case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
       rc = ssh_client_curve25519_reply(session, packet);
       break;
diff --git a/src/server.c b/src/server.c
index a94cd9b7..62c73eeb 100644
--- a/src/server.c
+++ b/src/server.c
@@ -221,6 +221,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){
         break;
   #endif
   #ifdef HAVE_CURVE25519
+      case SSH_KEX_CURVE25519_SHA256:
       case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
     	rc = ssh_server_curve25519_init(session, packet);
     	break;
diff --git a/src/session.c b/src/session.c
index b3d50182..272b3428 100644
--- a/src/session.c
+++ b/src/session.c
@@ -356,6 +356,8 @@ const char* ssh_get_kex_algo(ssh_session session) {
             return "ecdh-sha2-nistp384";
         case SSH_KEX_ECDH_SHA2_NISTP521:
             return "ecdh-sha2-nistp521";
+        case SSH_KEX_CURVE25519_SHA256:
+           return "curve25519-sha256";
         case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
             return "curve25519-sha256@libssh.org";
         default: