aboutsummaryrefslogtreecommitdiff
path: root/src/ecdh_crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ecdh_crypto.c')
-rw-r--r--src/ecdh_crypto.c33
1 files changed, 31 insertions, 2 deletions
diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
index e774e560..041e6c0e 100644
--- a/src/ecdh_crypto.c
+++ b/src/ecdh_crypto.c
@@ -36,6 +36,20 @@
#define NISTP521 NID_secp521r1
/** @internal
+ * @brief Map the given key exchange enum value to its curve name.
+ */
+static int ecdh_kex_type_to_curve(enum ssh_key_exchange_e kex_type) {
+ if (kex_type == SSH_KEX_ECDH_SHA2_NISTP256) {
+ return NISTP256;
+ } else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP384) {
+ return NISTP384;
+ } else if (kex_type == SSH_KEX_ECDH_SHA2_NISTP521) {
+ return NISTP521;
+ }
+ return SSH_ERROR;
+}
+
+/** @internal
* @brief Starts ecdh-sha2-nistp256 key exchange
*/
int ssh_client_ecdh_init(ssh_session session){
@@ -43,6 +57,7 @@ int ssh_client_ecdh_init(ssh_session session){
const EC_GROUP *group;
const EC_POINT *pubkey;
ssh_string client_pubkey;
+ int curve;
int len;
int rc;
bignum_CTX ctx = BN_CTX_new();
@@ -53,7 +68,13 @@ int ssh_client_ecdh_init(ssh_session session){
return SSH_ERROR;
}
- key = EC_KEY_new_by_curve_name(NISTP256);
+ curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
+ if (curve == SSH_ERROR) {
+ BN_CTX_free(ctx);
+ return SSH_ERROR;
+ }
+
+ key = EC_KEY_new_by_curve_name(curve);
if (key == NULL) {
BN_CTX_free(ctx);
return SSH_ERROR;
@@ -185,6 +206,7 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){
/* SSH host keys (rsa,dsa,ecdsa) */
ssh_key privkey;
ssh_string sig_blob = NULL;
+ int curve;
int len;
int rc;
@@ -199,7 +221,14 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){
/* Build server's keypair */
ctx = BN_CTX_new();
- ecdh_key = EC_KEY_new_by_curve_name(NISTP256);
+
+ curve = ecdh_kex_type_to_curve(session->next_crypto->kex_type);
+ if (curve == SSH_ERROR) {
+ BN_CTX_free(ctx);
+ return SSH_ERROR;
+ }
+
+ ecdh_key = EC_KEY_new_by_curve_name(curve);
if (ecdh_key == NULL) {
ssh_set_error_oom(session);
BN_CTX_free(ctx);