Mercurial > dropbear
comparison common-kex.c @ 1659:d32bcb5c557d
Add Ed25519 support (#91)
* Add support for Ed25519 as a public key type
Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.
OpenSSH key import and fuzzer are not supported yet.
Initially inspired by Peter Szabo.
* Add curve25519 and ed25519 fuzzers
* Add import and export of Ed25519 keys
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Wed, 11 Mar 2020 21:09:45 +0500 |
parents | 0bdbb9ecc403 |
children | 3a97f14c0235 ba6fc7afe1c5 |
comparison
equal
deleted
inserted
replaced
1658:7402218141d4 | 1659:d32bcb5c557d |
---|---|
34 #include "packet.h" | 34 #include "packet.h" |
35 #include "bignum.h" | 35 #include "bignum.h" |
36 #include "dbrandom.h" | 36 #include "dbrandom.h" |
37 #include "runopts.h" | 37 #include "runopts.h" |
38 #include "ecc.h" | 38 #include "ecc.h" |
39 #include "curve25519.h" | |
39 #include "crypto_desc.h" | 40 #include "crypto_desc.h" |
40 | 41 |
41 static void kexinitialise(void); | 42 static void kexinitialise(void); |
42 static void gen_new_keys(void); | 43 static void gen_new_keys(void); |
43 #ifndef DISABLE_ZLIB | 44 #ifndef DISABLE_ZLIB |
701 finish_kexhashbuf(); | 702 finish_kexhashbuf(); |
702 } | 703 } |
703 #endif /* DROPBEAR_ECDH */ | 704 #endif /* DROPBEAR_ECDH */ |
704 | 705 |
705 #if DROPBEAR_CURVE25519 | 706 #if DROPBEAR_CURVE25519 |
706 struct kex_curve25519_param *gen_kexcurve25519_param () { | 707 struct kex_curve25519_param *gen_kexcurve25519_param() { |
707 /* Per http://cr.yp.to/ecdh.html */ | 708 /* Per http://cr.yp.to/ecdh.html */ |
708 struct kex_curve25519_param *param = m_malloc(sizeof(*param)); | 709 struct kex_curve25519_param *param = m_malloc(sizeof(*param)); |
709 const unsigned char basepoint[32] = {9}; | 710 const unsigned char basepoint[32] = {9}; |
710 | 711 |
711 genrandom(param->priv, CURVE25519_LEN); | 712 genrandom(param->priv, CURVE25519_LEN); |
712 param->priv[0] &= 248; | 713 dropbear_curve25519_scalarmult(param->pub, param->priv, basepoint); |
713 param->priv[31] &= 127; | |
714 param->priv[31] |= 64; | |
715 | |
716 curve25519_donna(param->pub, param->priv, basepoint); | |
717 | 714 |
718 return param; | 715 return param; |
719 } | 716 } |
720 | 717 |
721 void free_kexcurve25519_param(struct kex_curve25519_param *param) | 718 void free_kexcurve25519_param(struct kex_curve25519_param *param) { |
722 { | |
723 m_burn(param->priv, CURVE25519_LEN); | 719 m_burn(param->priv, CURVE25519_LEN); |
724 m_free(param); | 720 m_free(param); |
725 } | 721 } |
726 | 722 |
727 void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them, | 723 void kexcurve25519_comb_key(const struct kex_curve25519_param *param, const buffer *buf_pub_them, |
734 if (buf_pub_them->len != CURVE25519_LEN) | 730 if (buf_pub_them->len != CURVE25519_LEN) |
735 { | 731 { |
736 dropbear_exit("Bad curve25519"); | 732 dropbear_exit("Bad curve25519"); |
737 } | 733 } |
738 | 734 |
739 curve25519_donna(out, param->priv, buf_pub_them->data); | 735 dropbear_curve25519_scalarmult(out, param->priv, buf_pub_them->data); |
740 | 736 |
741 if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) { | 737 if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) { |
742 dropbear_exit("Bad curve25519"); | 738 dropbear_exit("Bad curve25519"); |
743 } | 739 } |
744 | 740 |