Mercurial > dropbear
comparison common-kex.c @ 848:6c69e7df3621 ecc
curve25519
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 08 Nov 2013 23:11:43 +0800 |
parents | 724c3e0c8734 |
children | 7540c0822374 |
comparison
equal
deleted
inserted
replaced
845:774ad9b112ef | 848:6c69e7df3621 |
---|---|
688 | 688 |
689 Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve); | 689 Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve); |
690 | 690 |
691 ses.dh_K = dropbear_ecc_shared_secret(Q_them, ¶m->key); | 691 ses.dh_K = dropbear_ecc_shared_secret(Q_them, ¶m->key); |
692 | 692 |
693 /* From here on, the code needs to work with the _same_ vars on each side, | 693 /* Create the remainder of the hash buffer, to generate the exchange hash |
694 * not vice-versaing for client/server */ | 694 See RFC5656 section 4 page 7 */ |
695 if (IS_DROPBEAR_CLIENT) { | 695 if (IS_DROPBEAR_CLIENT) { |
696 Q_C = ¶m->key; | 696 Q_C = ¶m->key; |
697 Q_S = Q_them; | 697 Q_S = Q_them; |
698 } else { | 698 } else { |
699 Q_C = Q_them; | 699 Q_C = Q_them; |
700 Q_S = ¶m->key; | 700 Q_S = ¶m->key; |
701 } | 701 } |
702 | 702 |
703 /* Create the remainder of the hash buffer, to generate the exchange hash */ | |
704 /* K_S, the host key */ | 703 /* K_S, the host key */ |
705 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); | 704 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); |
706 /* Q_C, client's ephemeral public key octet string */ | 705 /* Q_C, client's ephemeral public key octet string */ |
707 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C); | 706 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C); |
708 /* Q_S, server's ephemeral public key octet string */ | 707 /* Q_S, server's ephemeral public key octet string */ |
711 buf_putmpint(ses.kexhashbuf, ses.dh_K); | 710 buf_putmpint(ses.kexhashbuf, ses.dh_K); |
712 | 711 |
713 /* calculate the hash H to sign */ | 712 /* calculate the hash H to sign */ |
714 finish_kexhashbuf(); | 713 finish_kexhashbuf(); |
715 } | 714 } |
716 #endif | 715 #endif /* DROPBEAR_ECDH */ |
716 | |
717 #ifdef DROPBEAR_CURVE25519 | |
718 struct kex_curve25519_param *gen_kexcurve25519_param () { | |
719 /* Per http://cr.yp.to/ecdh.html */ | |
720 struct kex_curve25519_param *param = m_malloc(sizeof(*param)); | |
721 const unsigned char basepoint[32] = {9}; | |
722 | |
723 genrandom(param->priv, CURVE25519_LEN); | |
724 param->priv[0] &= 248; | |
725 param->priv[31] &= 127; | |
726 param->priv[31] |= 64; | |
727 | |
728 curve25519_donna(param->pub, param->priv, basepoint); | |
729 | |
730 return param; | |
731 } | |
732 | |
733 void free_kexcurve25519_param(struct kex_curve25519_param *param) | |
734 { | |
735 m_burn(param->priv, CURVE25519_LEN); | |
736 m_free(param); | |
737 } | |
738 | |
739 void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them, | |
740 sign_key *hostkey) { | |
741 unsigned char* out = m_malloc(CURVE25519_LEN); | |
742 const unsigned char* Q_C = NULL; | |
743 const unsigned char* Q_S = NULL; | |
744 | |
745 if (buf_pub_them->len != CURVE25519_LEN) | |
746 { | |
747 dropbear_exit("Bad curve25519"); | |
748 } | |
749 | |
750 curve25519_donna(out, param->priv, buf_pub_them->data); | |
751 ses.dh_K = m_malloc(sizeof(*ses.dh_K)); | |
752 m_mp_init(ses.dh_K); | |
753 bytes_to_mp(ses.dh_K, out, CURVE25519_LEN); | |
754 m_free(out); | |
755 | |
756 /* Create the remainder of the hash buffer, to generate the exchange hash. | |
757 See RFC5656 section 4 page 7 */ | |
758 if (IS_DROPBEAR_CLIENT) { | |
759 Q_C = param->pub; | |
760 Q_S = buf_pub_them->data; | |
761 } else { | |
762 Q_S = param->pub; | |
763 Q_C = buf_pub_them->data; | |
764 } | |
765 | |
766 /* K_S, the host key */ | |
767 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); | |
768 /* Q_C, client's ephemeral public key octet string */ | |
769 buf_putstring(ses.kexhashbuf, Q_C, CURVE25519_LEN); | |
770 /* Q_S, server's ephemeral public key octet string */ | |
771 buf_putstring(ses.kexhashbuf, Q_S, CURVE25519_LEN); | |
772 /* K, the shared secret */ | |
773 buf_putmpint(ses.kexhashbuf, ses.dh_K); | |
774 | |
775 /* calculate the hash H to sign */ | |
776 finish_kexhashbuf(); | |
777 } | |
778 #endif /* DROPBEAR_CURVE25519 */ | |
779 | |
780 | |
717 | 781 |
718 static void finish_kexhashbuf(void) { | 782 static void finish_kexhashbuf(void) { |
719 hash_state hs; | 783 hash_state hs; |
720 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; | 784 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; |
721 | 785 |