diff options
author | Tilo Eckert <tilo.eckert@flam.de> | 2018-06-25 13:01:57 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-06-29 15:57:11 +0200 |
commit | e60cb2ee10d052c32fc6f2169fb5a34100374c0d (patch) | |
tree | 5dc9105754d9e07593a9ec229012c742ff2097d6 | |
parent | da0f36047894bb98a547269c648a9119a70c5457 (diff) | |
download | libssh-e60cb2ee10d052c32fc6f2169fb5a34100374c0d.tar.gz libssh-e60cb2ee10d052c32fc6f2169fb5a34100374c0d.tar.xz libssh-e60cb2ee10d052c32fc6f2169fb5a34100374c0d.zip |
kex: add curve25519-sha256 as alias for curve25519-sha256@libssh.org
see: https://tools.ietf.org/id/draft-ietf-curdle-ssh-curves-07.html
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | doc/mainpage.dox | 2 | ||||
-rw-r--r-- | include/libssh/crypto.h | 4 | ||||
-rw-r--r-- | src/client.c | 1 | ||||
-rw-r--r-- | src/curve25519.c | 4 | ||||
-rw-r--r-- | src/dh.c | 4 | ||||
-rw-r--r-- | src/kex.c | 4 | ||||
-rw-r--r-- | src/packet_cb.c | 1 | ||||
-rw-r--r-- | src/server.c | 1 | ||||
-rw-r--r-- | src/session.c | 2 |
9 files changed, 17 insertions, 6 deletions
diff --git a/doc/mainpage.dox b/doc/mainpage.dox index 1b86baa9..a65caf9b 100644 --- a/doc/mainpage.dox +++ b/doc/mainpage.dox @@ -19,7 +19,7 @@ the interesting functions as you go. The libssh library provides: - - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1 + - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1 - <strong>Hostkey Types</strong>: <i>ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521</i>, ssh-dss, ssh-rsa - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, none - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h index f0d09342..d85b74da 100644 --- a/include/libssh/crypto.h +++ b/include/libssh/crypto.h @@ -60,7 +60,9 @@ enum ssh_key_exchange_e { /* ecdh-sha2-nistp521 */ SSH_KEX_ECDH_SHA2_NISTP521, /* curve25519-sha256@libssh.org */ - SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG + SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG, + /* curve25519-sha256 */ + SSH_KEX_CURVE25519_SHA256 }; enum ssh_cipher_e { diff --git a/src/client.c b/src/client.c index 66aad23e..f22cb055 100644 --- a/src/client.c +++ b/src/client.c @@ -260,6 +260,7 @@ static int dh_handshake(ssh_session session) { break; #endif #ifdef HAVE_CURVE25519 + case SSH_KEX_CURVE25519_SHA256: case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: rc = ssh_client_curve25519_init(session); break; diff --git a/src/curve25519.c b/src/curve25519.c index 8e08f512..42b3b64e 100644 --- a/src/curve25519.c +++ b/src/curve25519.c @@ -1,6 +1,6 @@ /* * curve25519.c - Curve25519 ECDH functions for key exchange - * curve25519-sha256@libssh.org + * curve25519-sha256@libssh.org and curve25519-sha256 * * This file is part of the SSH Library * @@ -40,7 +40,7 @@ #include "libssh/bignum.h" /** @internal - * @brief Starts curve25519-sha256@libssh.org key exchange + * @brief Starts curve25519-sha256@libssh.org / curve25519-sha256 key exchange */ int ssh_client_curve25519_init(ssh_session session){ int rc; @@ -686,7 +686,8 @@ int ssh_make_sessionid(ssh_session session) { } #endif #ifdef HAVE_CURVE25519 - } else if (session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG) { + } else if ((session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256) || + (session->next_crypto->kex_type == SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG)) { rc = ssh_buffer_pack(buf, "dPdP", CURVE25519_PUBKEY_SIZE, @@ -722,6 +723,7 @@ int ssh_make_sessionid(ssh_session session) { session->next_crypto->secret_hash); break; case SSH_KEX_ECDH_SHA2_NISTP256: + case SSH_KEX_CURVE25519_SHA256: case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: session->next_crypto->digest_len = SHA256_DIGEST_LENGTH; session->next_crypto->mac_type = SSH_MAC_SHA256; @@ -78,7 +78,7 @@ #endif #ifdef HAVE_CURVE25519 -#define CURVE25519 "curve25519-sha256@libssh.org," +#define CURVE25519 "curve25519-sha256,curve25519-sha256@libssh.org," #else #define CURVE25519 "" #endif @@ -673,6 +673,8 @@ int ssh_kex_select_methods (ssh_session session){ session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP521; } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256@libssh.org") == 0){ session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG; + } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256") == 0){ + session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256; } SSH_LOG(SSH_LOG_INFO, "Negotiated %s,%s,%s,%s,%s,%s,%s,%s,%s,%s", session->next_crypto->kex_methods[SSH_KEX], diff --git a/src/packet_cb.c b/src/packet_cb.c index 2009d752..2c8d9935 100644 --- a/src/packet_cb.c +++ b/src/packet_cb.c @@ -116,6 +116,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){ break; #endif #ifdef HAVE_CURVE25519 + case SSH_KEX_CURVE25519_SHA256: case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: rc = ssh_client_curve25519_reply(session, packet); break; diff --git a/src/server.c b/src/server.c index a94cd9b7..62c73eeb 100644 --- a/src/server.c +++ b/src/server.c @@ -221,6 +221,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){ break; #endif #ifdef HAVE_CURVE25519 + case SSH_KEX_CURVE25519_SHA256: case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: rc = ssh_server_curve25519_init(session, packet); break; diff --git a/src/session.c b/src/session.c index b3d50182..272b3428 100644 --- a/src/session.c +++ b/src/session.c @@ -356,6 +356,8 @@ const char* ssh_get_kex_algo(ssh_session session) { return "ecdh-sha2-nistp384"; case SSH_KEX_ECDH_SHA2_NISTP521: return "ecdh-sha2-nistp521"; + case SSH_KEX_CURVE25519_SHA256: + return "curve25519-sha256"; case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: return "curve25519-sha256@libssh.org"; default: |