changeset 850:7507b174bba0 ecc

- Make curve25519 work after fixing a typo, interoperates with OpenSSH - comment on ecc binary size effects
author Matt Johnston <matt@ucc.asn.au>
date Sat, 09 Nov 2013 00:02:26 +0800
parents 754d7bee1068
children c1c1b43f78c2
files cli-kex.c options.h svr-kex.c sysoptions.h
diffstat 4 files changed, 17 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/cli-kex.c	Fri Nov 08 23:32:13 2013 +0800
+++ b/cli-kex.c	Sat Nov 09 00:02:26 2013 +0800
@@ -79,7 +79,7 @@
 				}
 				cli_ses.curve25519_param = gen_kexcurve25519_param();
 			}
-			buf_putstring(ses.writepayload, cli_ses.curve25519_param->priv, CURVE25519_LEN);
+			buf_putstring(ses.writepayload, cli_ses.curve25519_param->pub, CURVE25519_LEN);
 #endif
 			break;
 	}
--- a/options.h	Fri Nov 08 23:32:13 2013 +0800
+++ b/options.h	Sat Nov 09 00:02:26 2013 +0800
@@ -138,22 +138,24 @@
  * SSH2 RFC Draft requires dss, recommends rsa */
 #define DROPBEAR_RSA
 #define DROPBEAR_DSS
+/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
+ * code (either ECDSA or ECDH) increases binary size - around 30kB
+ * on x86-64 */
 #define DROPBEAR_ECDSA
 
 /* Generate hostkeys as-needed when the first connection using that key type occurs.
    This avoids the need to otherwise run "dropbearkey" and avoids some problems
-   with badly seeded random devices when systems first boot.
+   with badly seeded /dev/urandom when systems first boot.
    This also requires a runtime flag "-R". */
 #define DROPBEAR_DELAY_HOSTKEY
 
+/* Enable Curve25519 for key exchange. This is another elliptic
+ * curve method with good security properties. Increases binary size
+ * by ~10kB on x86-64 */
 #define DROPBEAR_CURVE25519
 
-/* RSA can be vulnerable to timing attacks which use the time required for
- * signing to guess the private key. Blinding avoids this attack, though makes
- * signing operations slightly slower. */
-#define RSA_BLINDING
-
-/* Enable elliptic curve Diffie Hellman key exchange */
+/* Enable elliptic curve Diffie Hellman key exchange, see note about
+ * ECDSA above */
 #define DROPBEAR_ECDH
 
 /* Control the memory/performance/compression tradeoff for zlib.
--- a/svr-kex.c	Fri Nov 08 23:32:13 2013 +0800
+++ b/svr-kex.c	Sat Nov 09 00:02:26 2013 +0800
@@ -213,7 +213,7 @@
 			{
 			struct kex_curve25519_param *param = gen_kexcurve25519_param();
 			kexcurve25519_comb_key(param, ecdh_qs, svr_opts.hostkey);
-			buf_putstring(ses.writepayload, param->priv, CURVE25519_LEN);
+			buf_putstring(ses.writepayload, param->pub, CURVE25519_LEN);
 			free_kexcurve25519_param(param);
 			}
 #endif
--- a/sysoptions.h	Fri Nov 08 23:32:13 2013 +0800
+++ b/sysoptions.h	Sat Nov 09 00:02:26 2013 +0800
@@ -104,8 +104,13 @@
 #define DROPBEAR_LTC_PRNG
 #endif
 
+/* RSA can be vulnerable to timing attacks which use the time required for
+ * signing to guess the private key. Blinding avoids this attack, though makes
+ * signing operations slightly slower. */
+#define RSA_BLINDING
+
 /* hashes which will be linked and registered */
-#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256)
+#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256) || defined(DROPBEAR_CURVE25519)
 #define DROPBEAR_SHA256
 #endif
 #if defined(DROPBEAR_ECC_384)