comparison common-kex.c @ 848:6c69e7df3621 ecc

curve25519
author Matt Johnston <matt@ucc.asn.au>
date Fri, 08 Nov 2013 23:11:43 +0800
parents 724c3e0c8734
children 7540c0822374
comparison
equal deleted inserted replaced
845:774ad9b112ef 848:6c69e7df3621
688 688
689 Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve); 689 Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve);
690 690
691 ses.dh_K = dropbear_ecc_shared_secret(Q_them, &param->key); 691 ses.dh_K = dropbear_ecc_shared_secret(Q_them, &param->key);
692 692
693 /* From here on, the code needs to work with the _same_ vars on each side, 693 /* Create the remainder of the hash buffer, to generate the exchange hash
694 * not vice-versaing for client/server */ 694 See RFC5656 section 4 page 7 */
695 if (IS_DROPBEAR_CLIENT) { 695 if (IS_DROPBEAR_CLIENT) {
696 Q_C = &param->key; 696 Q_C = &param->key;
697 Q_S = Q_them; 697 Q_S = Q_them;
698 } else { 698 } else {
699 Q_C = Q_them; 699 Q_C = Q_them;
700 Q_S = &param->key; 700 Q_S = &param->key;
701 } 701 }
702 702
703 /* Create the remainder of the hash buffer, to generate the exchange hash */
704 /* K_S, the host key */ 703 /* K_S, the host key */
705 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); 704 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
706 /* Q_C, client's ephemeral public key octet string */ 705 /* Q_C, client's ephemeral public key octet string */
707 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C); 706 buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C);
708 /* Q_S, server's ephemeral public key octet string */ 707 /* Q_S, server's ephemeral public key octet string */
711 buf_putmpint(ses.kexhashbuf, ses.dh_K); 710 buf_putmpint(ses.kexhashbuf, ses.dh_K);
712 711
713 /* calculate the hash H to sign */ 712 /* calculate the hash H to sign */
714 finish_kexhashbuf(); 713 finish_kexhashbuf();
715 } 714 }
716 #endif 715 #endif /* DROPBEAR_ECDH */
716
717 #ifdef DROPBEAR_CURVE25519
718 struct kex_curve25519_param *gen_kexcurve25519_param () {
719 /* Per http://cr.yp.to/ecdh.html */
720 struct kex_curve25519_param *param = m_malloc(sizeof(*param));
721 const unsigned char basepoint[32] = {9};
722
723 genrandom(param->priv, CURVE25519_LEN);
724 param->priv[0] &= 248;
725 param->priv[31] &= 127;
726 param->priv[31] |= 64;
727
728 curve25519_donna(param->pub, param->priv, basepoint);
729
730 return param;
731 }
732
733 void free_kexcurve25519_param(struct kex_curve25519_param *param)
734 {
735 m_burn(param->priv, CURVE25519_LEN);
736 m_free(param);
737 }
738
739 void kexcurve25519_comb_key(struct kex_curve25519_param *param, buffer *buf_pub_them,
740 sign_key *hostkey) {
741 unsigned char* out = m_malloc(CURVE25519_LEN);
742 const unsigned char* Q_C = NULL;
743 const unsigned char* Q_S = NULL;
744
745 if (buf_pub_them->len != CURVE25519_LEN)
746 {
747 dropbear_exit("Bad curve25519");
748 }
749
750 curve25519_donna(out, param->priv, buf_pub_them->data);
751 ses.dh_K = m_malloc(sizeof(*ses.dh_K));
752 m_mp_init(ses.dh_K);
753 bytes_to_mp(ses.dh_K, out, CURVE25519_LEN);
754 m_free(out);
755
756 /* Create the remainder of the hash buffer, to generate the exchange hash.
757 See RFC5656 section 4 page 7 */
758 if (IS_DROPBEAR_CLIENT) {
759 Q_C = param->pub;
760 Q_S = buf_pub_them->data;
761 } else {
762 Q_S = param->pub;
763 Q_C = buf_pub_them->data;
764 }
765
766 /* K_S, the host key */
767 buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
768 /* Q_C, client's ephemeral public key octet string */
769 buf_putstring(ses.kexhashbuf, Q_C, CURVE25519_LEN);
770 /* Q_S, server's ephemeral public key octet string */
771 buf_putstring(ses.kexhashbuf, Q_S, CURVE25519_LEN);
772 /* K, the shared secret */
773 buf_putmpint(ses.kexhashbuf, ses.dh_K);
774
775 /* calculate the hash H to sign */
776 finish_kexhashbuf();
777 }
778 #endif /* DROPBEAR_CURVE25519 */
779
780
717 781
718 static void finish_kexhashbuf(void) { 782 static void finish_kexhashbuf(void) {
719 hash_state hs; 783 hash_state hs;
720 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; 784 const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc;
721 785