diff options
author | Jon Simons <jon@jonsimons.org> | 2017-08-24 18:14:38 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-08-24 18:19:25 +0200 |
commit | 7204d2f48556210e3e6894aebb20db24819a3e86 (patch) | |
tree | 344b3cb22c947b0083aa1eca491278b0e9b12038 /src/dh.c | |
parent | 4c602f225574d0da5833aa7ddf9bffe642046b7b (diff) | |
parent | 6252aab88ae0616e112d7e59a4013e35ac7c42d4 (diff) | |
download | libssh-7204d2f48556210e3e6894aebb20db24819a3e86.tar.gz libssh-7204d2f48556210e3e6894aebb20db24819a3e86.tar.xz libssh-7204d2f48556210e3e6894aebb20db24819a3e86.zip |
ecdh: enable ecdh_sha2_nistp{384,521} kex methods
Summary:
Based on Dirkjan's original patch series here:
* https://www.libssh.org/archive/libssh/2015-08/0000029.html
Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.
Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>
Test Plan:
* Ran pkd tests for libcrypto and libgcrypt builds.
* Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
* Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").
Reviewers: aris, asn
Reviewed By: asn
Tags: #libssh
Differential Revision: https://bugs.libssh.org/D7
Diffstat (limited to 'src/dh.c')
-rw-r--r-- | src/dh.c | 26 |
1 files changed, 25 insertions, 1 deletions
@@ -608,7 +608,9 @@ int ssh_make_sessionid(ssh_session session) { } #ifdef HAVE_ECDH - } else if (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP256) { + } else if ((session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP256) || + (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP384) || + (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP521)) { if (session->next_crypto->ecdh_client_pubkey == NULL || session->next_crypto->ecdh_server_pubkey == NULL) { SSH_LOG(SSH_LOG_WARNING, "ECDH parameted missing"); @@ -670,6 +672,28 @@ int ssh_make_sessionid(ssh_session session) { sha256(ssh_buffer_get(buf), ssh_buffer_get_len(buf), session->next_crypto->secret_hash); break; + case SSH_KEX_ECDH_SHA2_NISTP384: + session->next_crypto->digest_len = SHA384_DIGEST_LENGTH; + session->next_crypto->mac_type = SSH_MAC_SHA384; + session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len); + if (session->next_crypto->secret_hash == NULL) { + ssh_set_error_oom(session); + goto error; + } + sha384(ssh_buffer_get(buf), ssh_buffer_get_len(buf), + session->next_crypto->secret_hash); + break; + case SSH_KEX_ECDH_SHA2_NISTP521: + session->next_crypto->digest_len = SHA512_DIGEST_LENGTH; + session->next_crypto->mac_type = SSH_MAC_SHA512; + session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len); + if (session->next_crypto->secret_hash == NULL) { + ssh_set_error_oom(session); + goto error; + } + sha512(ssh_buffer_get(buf), ssh_buffer_get_len(buf), + session->next_crypto->secret_hash); + break; } /* During the first kex, secret hash and session ID are equal. However, after * a key re-exchange, a new secret hash is calculated. This hash will not replace |