upstream: Adapt to replacement of
sntrup4591761x25519-sha512@tinyssh.org with sntrup761x25519-sha512@openssh.com. Also test sntrup761x25519-sha512@openssh.com in unittests/kex OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
2c71cec020
commit
659864fe81
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: kexsntrup4591761x25519.c,v 1.4 2020/12/19 22:09:21 tobhe Exp $ */
|
||||
/* $OpenBSD: kexsntrup761x25519.c,v 1.1 2020/12/29 00:59:15 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
|
@ -38,7 +38,7 @@
|
|||
#include "ssherr.h"
|
||||
|
||||
int
|
||||
kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
|
||||
kex_kem_sntrup761x25519_keypair(struct kex *kex)
|
||||
{
|
||||
struct sshbuf *buf = NULL;
|
||||
u_char *cp = NULL;
|
||||
|
|
@ -47,15 +47,15 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
|
|||
|
||||
if ((buf = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
if ((r = sshbuf_reserve(buf, need, &cp)) != 0)
|
||||
goto out;
|
||||
crypto_kem_sntrup4591761_keypair(cp, kex->sntrup4591761_client_key);
|
||||
crypto_kem_sntrup761_keypair(cp, kex->sntrup761_client_key);
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client public key sntrup4591761:", cp,
|
||||
crypto_kem_sntrup4591761_PUBLICKEYBYTES);
|
||||
dump_digest("client public key sntrup761:", cp,
|
||||
crypto_kem_sntrup761_PUBLICKEYBYTES);
|
||||
#endif
|
||||
cp += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
|
||||
cp += crypto_kem_sntrup761_PUBLICKEYBYTES;
|
||||
kexc25519_keygen(kex->c25519_client_key, cp);
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
|
||||
|
|
@ -68,7 +68,7 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
|
|||
}
|
||||
|
||||
int
|
||||
kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
||||
kex_kem_sntrup761x25519_enc(struct kex *kex,
|
||||
const struct sshbuf *client_blob, struct sshbuf **server_blobp,
|
||||
struct sshbuf **shared_secretp)
|
||||
{
|
||||
|
|
@ -85,17 +85,17 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
*shared_secretp = NULL;
|
||||
|
||||
/* client_blob contains both KEM and ECDH client pubkeys */
|
||||
need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
|
||||
if (sshbuf_len(client_blob) != need) {
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
goto out;
|
||||
}
|
||||
client_pub = sshbuf_ptr(client_blob);
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client public key sntrup4591761:", client_pub,
|
||||
crypto_kem_sntrup4591761_PUBLICKEYBYTES);
|
||||
dump_digest("client public key sntrup761:", client_pub,
|
||||
crypto_kem_sntrup761_PUBLICKEYBYTES);
|
||||
dump_digest("client public key 25519:",
|
||||
client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES,
|
||||
client_pub + crypto_kem_sntrup761_PUBLICKEYBYTES,
|
||||
CURVE25519_SIZE);
|
||||
#endif
|
||||
/* allocate buffer for concatenation of KEM key and ECDH shared key */
|
||||
|
|
@ -104,7 +104,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
|
||||
&kem_key)) != 0)
|
||||
goto out;
|
||||
/* allocate space for encrypted KEM key and ECDH pub key */
|
||||
|
|
@ -112,16 +112,16 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0)
|
||||
goto out;
|
||||
/* generate and encrypt KEM key with client key */
|
||||
crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub);
|
||||
crypto_kem_sntrup761_enc(ciphertext, kem_key, client_pub);
|
||||
/* generate ECDH key pair, store server pubkey after ciphertext */
|
||||
server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
|
||||
server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
|
||||
kexc25519_keygen(server_key, server_pub);
|
||||
/* append ECDH shared key */
|
||||
client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
|
||||
client_pub += crypto_kem_sntrup761_PUBLICKEYBYTES;
|
||||
if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0)
|
||||
goto out;
|
||||
if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
|
||||
|
|
@ -129,7 +129,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE);
|
||||
dump_digest("server cipher text:", ciphertext,
|
||||
crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
|
||||
crypto_kem_sntrup761_CIPHERTEXTBYTES);
|
||||
dump_digest("server kem key:", kem_key, sizeof(kem_key));
|
||||
dump_digest("concatenation of KEM key and ECDH shared key:",
|
||||
sshbuf_ptr(buf), sshbuf_len(buf));
|
||||
|
|
@ -155,7 +155,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
|
|||
}
|
||||
|
||||
int
|
||||
kex_kem_sntrup4591761x25519_dec(struct kex *kex,
|
||||
kex_kem_sntrup761x25519_dec(struct kex *kex,
|
||||
const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
|
||||
{
|
||||
struct sshbuf *buf = NULL;
|
||||
|
|
@ -167,16 +167,16 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex,
|
|||
|
||||
*shared_secretp = NULL;
|
||||
|
||||
need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
|
||||
if (sshbuf_len(server_blob) != need) {
|
||||
r = SSH_ERR_SIGNATURE_INVALID;
|
||||
goto out;
|
||||
}
|
||||
ciphertext = sshbuf_ptr(server_blob);
|
||||
server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
|
||||
server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("server cipher text:", ciphertext,
|
||||
crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
|
||||
crypto_kem_sntrup761_CIPHERTEXTBYTES);
|
||||
dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE);
|
||||
#endif
|
||||
/* hash concatenation of KEM key and ECDH shared key */
|
||||
|
|
@ -184,18 +184,18 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex,
|
|||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
|
||||
if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
|
||||
&kem_key)) != 0)
|
||||
goto out;
|
||||
decoded = crypto_kem_sntrup4591761_dec(kem_key, ciphertext,
|
||||
kex->sntrup4591761_client_key);
|
||||
decoded = crypto_kem_sntrup761_dec(kem_key, ciphertext,
|
||||
kex->sntrup761_client_key);
|
||||
if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub,
|
||||
buf, 1)) < 0)
|
||||
goto out;
|
||||
if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
|
||||
goto out;
|
||||
#ifdef DEBUG_KEXECDH
|
||||
dump_digest("client kem key:", kem_key, crypto_kem_sntrup4591761_BYTES);
|
||||
dump_digest("client kem key:", kem_key, crypto_kem_sntrup761_BYTES);
|
||||
dump_digest("concatenation of KEM key and ECDH shared key:",
|
||||
sshbuf_ptr(buf), sshbuf_len(buf));
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.8 2020/04/03 04:07:48 djm Exp $
|
||||
# $OpenBSD: Makefile,v 1.9 2020/12/29 01:02:15 djm Exp $
|
||||
|
||||
.include <bsd.own.mk>
|
||||
.include <bsd.obj.mk>
|
||||
|
|
@ -32,8 +32,8 @@ SRCS+= kexgexs.c
|
|||
SRCS+= kexc25519.c
|
||||
SRCS+= smult_curve25519_ref.c
|
||||
SRCS+= kexgen.c
|
||||
SRCS+= kexsntrup4591761x25519.c
|
||||
SRCS+= sntrup4591761.c
|
||||
SRCS+= kexsntrup761x25519.c
|
||||
SRCS+= sntrup761.c
|
||||
|
||||
SRCS+=digest-openssl.c
|
||||
#SRCS+=digest-libc.c
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.10 2020/04/06 09:43:56 dtucker Exp $
|
||||
# $OpenBSD: Makefile,v 1.11 2020/12/29 01:02:15 djm Exp $
|
||||
|
||||
PROG=test_kex
|
||||
SRCS=tests.c test_kex.c
|
||||
|
|
@ -23,8 +23,8 @@ SRCS+= kexgexs.c
|
|||
SRCS+= kexc25519.c
|
||||
SRCS+= smult_curve25519_ref.c
|
||||
SRCS+= kexgen.c
|
||||
SRCS+= kexsntrup4591761x25519.c
|
||||
SRCS+= sntrup4591761.c
|
||||
SRCS+= kexsntrup761x25519.c
|
||||
SRCS+= sntrup761.c
|
||||
SRCS+= utf8.c
|
||||
|
||||
SRCS+=digest-openssl.c
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: test_kex.c,v 1.4 2019/01/21 12:35:20 djm Exp $ */
|
||||
/* $OpenBSD: test_kex.c,v 1.5 2020/12/29 01:02:15 djm Exp $ */
|
||||
/*
|
||||
* Regress test KEX
|
||||
*
|
||||
|
|
@ -152,6 +152,7 @@ do_kex_with_key(char *kex, int keytype, int bits)
|
|||
#endif /* OPENSSL_HAS_ECC */
|
||||
#endif /* WITH_OPENSSL */
|
||||
server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
|
||||
server2->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
|
||||
server2->kex->load_host_public_key = server->kex->load_host_public_key;
|
||||
server2->kex->load_host_private_key = server->kex->load_host_private_key;
|
||||
server2->kex->sign = server->kex->sign;
|
||||
|
|
@ -201,5 +202,6 @@ kex_tests(void)
|
|||
do_kex("diffie-hellman-group-exchange-sha1");
|
||||
do_kex("diffie-hellman-group14-sha1");
|
||||
do_kex("diffie-hellman-group1-sha1");
|
||||
do_kex("sntrup761x25519-sha512@openssh.com");
|
||||
#endif /* WITH_OPENSSL */
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue