aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2018-06-29 11:40:46 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-06-29 11:41:22 +0200
commitbed60f9b846a850a756db66ece552cb7cc3e1f0d (patch)
treec38c27e1795c7964ab31fb8e8874b29fe8748077 /src
parent10728f85778d30485b7cbd8585b12f7bcc5bf8e1 (diff)
downloadlibssh-bed60f9b846a850a756db66ece552cb7cc3e1f0d.tar.gz
libssh-bed60f9b846a850a756db66ece552cb7cc3e1f0d.tar.xz
libssh-bed60f9b846a850a756db66ece552cb7cc3e1f0d.zip
kex: Enable chacha20-poly1304 KEX with mbedtls
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/CMakeLists.txt8
-rw-r--r--src/kex.c4
-rw-r--r--src/libmbedcrypto.c18
3 files changed, 19 insertions, 11 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 4edc59f4..8d4613ff 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -164,15 +164,9 @@ set(libssh_SRCS
external/ge25519.c
external/poly1305.c
external/sc25519.c
+ chachapoly.c
)
-if (NOT WITH_MBEDTLS)
- set(libssh_SRCS
- ${libssh_SRCS}
- chachapoly.c
- )
-endif (NOT WITH_MBEDTLS)
-
if (WITH_GCRYPT)
set(libssh_SRCS
${libssh_SRCS}
diff --git a/src/kex.c b/src/kex.c
index 8c51566e..00f4e00f 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -95,11 +95,7 @@
#define ECDH ""
#endif
-#ifdef HAVE_CHACHA
#define CHACHA20 "chacha20-poly1305@openssh.com,"
-#else /* HAVE_CHACHA */
-#define CHACHA20
-#endif /* HAVE_CHACHA */
#define KEY_EXCHANGE CURVE25519 ECDH "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
#define KEX_METHODS_SIZE 10
diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
index 6854bd98..216bcdc5 100644
--- a/src/libmbedcrypto.c
+++ b/src/libmbedcrypto.c
@@ -30,6 +30,8 @@
#ifdef HAVE_LIBMBEDCRYPTO
#include <mbedtls/md.h>
+extern const struct ssh_cipher_struct chacha20poly1305_cipher;
+
struct ssh_mac_ctx_struct {
enum ssh_mac_e mac_type;
mbedtls_md_context_t ctx;
@@ -1067,6 +1069,9 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
.decrypt = cipher_decrypt_cbc,
},
{
+ .name = "chacha20-poly1305@openssh.com"
+ },
+ {
.name = NULL,
.blocksize = 0,
.keysize = 0,
@@ -1085,6 +1090,7 @@ struct ssh_cipher_struct *ssh_get_ciphertab(void)
void ssh_mbedtls_init(void)
{
+ size_t i;
int rc;
mbedtls_entropy_init(&ssh_mbedtls_entropy);
@@ -1095,6 +1101,18 @@ void ssh_mbedtls_init(void)
if (rc != 0) {
mbedtls_ctr_drbg_free(&ssh_mbedtls_ctr_drbg);
}
+
+ for (i = 0; ssh_ciphertab[i].name != NULL; i++) {
+ int cmp;
+
+ cmp = strcmp(ssh_ciphertab[i].name, "chacha20-poly1305@openssh.com");
+ if (cmp == 0) {
+ memcpy(&ssh_ciphertab[i],
+ &chacha20poly1305_cipher,
+ sizeof(struct ssh_cipher_struct));
+ break;
+ }
+ }
}
int ssh_mbedtls_random(void *where, int len, int strong)