diff options
author | Jon Simons <jon@jonsimons.org> | 2017-08-24 18:14:38 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-08-24 18:18:41 +0200 |
commit | 6252aab88ae0616e112d7e59a4013e35ac7c42d4 (patch) | |
tree | 9719562e6faf028b8fe654c00287ed4aa1f62696 /src/dh.c | |
parent | 74d17a6531517d6fcd5aa0505063a0beb52806e8 (diff) | |
download | libssh-6252aab88ae0616e112d7e59a4013e35ac7c42d4.tar.gz libssh-6252aab88ae0616e112d7e59a4013e35ac7c42d4.tar.xz libssh-6252aab88ae0616e112d7e59a4013e35ac7c42d4.zip |
ecdh: enable ecdh_sha2_nistp{384,521} kex methods
Summary:
Based on Dirkjan's original patch series here:
* https://www.libssh.org/archive/libssh/2015-08/0000029.html
Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.
Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Test Plan:
* Ran pkd tests for libcrypto and libgcrypt builds.
* Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
* Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").
Reviewers: aris, asn
Tags: #libssh
Differential Revision: https://bugs.libssh.org/D7
Diffstat (limited to 'src/dh.c')
-rw-r--r-- | src/dh.c | 26 |
1 files changed, 25 insertions, 1 deletions
@@ -608,7 +608,9 @@ int ssh_make_sessionid(ssh_session session) { } #ifdef HAVE_ECDH - } else if (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP256) { + } else if ((session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP256) || + (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP384) || + (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP521)) { if (session->next_crypto->ecdh_client_pubkey == NULL || session->next_crypto->ecdh_server_pubkey == NULL) { SSH_LOG(SSH_LOG_WARNING, "ECDH parameted missing"); @@ -670,6 +672,28 @@ int ssh_make_sessionid(ssh_session session) { sha256(ssh_buffer_get(buf), ssh_buffer_get_len(buf), session->next_crypto->secret_hash); break; + case SSH_KEX_ECDH_SHA2_NISTP384: + session->next_crypto->digest_len = SHA384_DIGEST_LENGTH; + session->next_crypto->mac_type = SSH_MAC_SHA384; + session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len); + if (session->next_crypto->secret_hash == NULL) { + ssh_set_error_oom(session); + goto error; + } + sha384(ssh_buffer_get(buf), ssh_buffer_get_len(buf), + session->next_crypto->secret_hash); + break; + case SSH_KEX_ECDH_SHA2_NISTP521: + session->next_crypto->digest_len = SHA512_DIGEST_LENGTH; + session->next_crypto->mac_type = SSH_MAC_SHA512; + session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len); + if (session->next_crypto->secret_hash == NULL) { + ssh_set_error_oom(session); + goto error; + } + sha512(ssh_buffer_get(buf), ssh_buffer_get_len(buf), + session->next_crypto->secret_hash); + break; } /* During the first kex, secret hash and session ID are equal. However, after * a key re-exchange, a new secret hash is calculated. This hash will not replace |