From: djm@openbsd.org <djm@openbsd.org>
Date: Tue, 29 Dec 2020 01:02:15 +0000 (+0000)
Subject: upstream: Adapt to replacement of
X-Git-Tag: V_8_5_P1~143
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=659864fe81dbc57eeed3769c462679d83e026640;p=thirdparty%2Fopenssh-portable.git

upstream: Adapt to replacement of

sntrup4591761x25519-sha512@tinyssh.org with
sntrup761x25519-sha512@openssh.com.

Also test sntrup761x25519-sha512@openssh.com in unittests/kex

OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c
---

diff --git a/kexsntrup761x25519.c b/kexsntrup761x25519.c
index 3a241fd41..3d5c6bdf0 100644
--- a/kexsntrup761x25519.c
+++ b/kexsntrup761x25519.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexsntrup4591761x25519.c,v 1.4 2020/12/19 22:09:21 tobhe Exp $ */
+/* $OpenBSD: kexsntrup761x25519.c,v 1.1 2020/12/29 00:59:15 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -38,7 +38,7 @@
 #include "ssherr.h"
 
 int
-kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
+kex_kem_sntrup761x25519_keypair(struct kex *kex)
 {
 	struct sshbuf *buf = NULL;
 	u_char *cp = NULL;
@@ -47,15 +47,15 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
 
 	if ((buf = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
 	if ((r = sshbuf_reserve(buf, need, &cp)) != 0)
 		goto out;
-	crypto_kem_sntrup4591761_keypair(cp, kex->sntrup4591761_client_key);
+	crypto_kem_sntrup761_keypair(cp, kex->sntrup761_client_key);
 #ifdef DEBUG_KEXECDH
-	dump_digest("client public key sntrup4591761:", cp,
-	    crypto_kem_sntrup4591761_PUBLICKEYBYTES);
+	dump_digest("client public key sntrup761:", cp,
+	    crypto_kem_sntrup761_PUBLICKEYBYTES);
 #endif
-	cp += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
+	cp += crypto_kem_sntrup761_PUBLICKEYBYTES;
 	kexc25519_keygen(kex->c25519_client_key, cp);
 #ifdef DEBUG_KEXECDH
 	dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
@@ -68,7 +68,7 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
 }
 
 int
-kex_kem_sntrup4591761x25519_enc(struct kex *kex,
+kex_kem_sntrup761x25519_enc(struct kex *kex,
    const struct sshbuf *client_blob, struct sshbuf **server_blobp,
    struct sshbuf **shared_secretp)
 {
@@ -85,17 +85,17 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
 	*shared_secretp = NULL;
 
 	/* client_blob contains both KEM and ECDH client pubkeys */
-	need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
 	if (sshbuf_len(client_blob) != need) {
 		r = SSH_ERR_SIGNATURE_INVALID;
 		goto out;
 	}
 	client_pub = sshbuf_ptr(client_blob);
 #ifdef DEBUG_KEXECDH
-	dump_digest("client public key sntrup4591761:", client_pub,
-	    crypto_kem_sntrup4591761_PUBLICKEYBYTES);
+	dump_digest("client public key sntrup761:", client_pub,
+	    crypto_kem_sntrup761_PUBLICKEYBYTES);
 	dump_digest("client public key 25519:",
-	    client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES,
+	    client_pub + crypto_kem_sntrup761_PUBLICKEYBYTES,
 	    CURVE25519_SIZE);
 #endif
 	/* allocate buffer for concatenation of KEM key and ECDH shared key */
@@ -104,7 +104,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
+	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
 	    &kem_key)) != 0)
 		goto out;
 	/* allocate space for encrypted KEM key and ECDH pub key */
@@ -112,16 +112,16 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
 	if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0)
 		goto out;
 	/* generate and encrypt KEM key with client key */
-	crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub);
+	crypto_kem_sntrup761_enc(ciphertext, kem_key, client_pub);
 	/* generate ECDH key pair, store server pubkey after ciphertext */
-	server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
+	server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
 	kexc25519_keygen(server_key, server_pub);
 	/* append ECDH shared key */
-	client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
+	client_pub += crypto_kem_sntrup761_PUBLICKEYBYTES;
 	if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0)
 		goto out;
 	if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
@@ -129,7 +129,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
 #ifdef DEBUG_KEXECDH
 	dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE);
 	dump_digest("server cipher text:", ciphertext,
-	    crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
+	    crypto_kem_sntrup761_CIPHERTEXTBYTES);
 	dump_digest("server kem key:", kem_key, sizeof(kem_key));
 	dump_digest("concatenation of KEM key and ECDH shared key:",
 	    sshbuf_ptr(buf), sshbuf_len(buf));
@@ -155,7 +155,7 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex,
 }
 
 int
-kex_kem_sntrup4591761x25519_dec(struct kex *kex,
+kex_kem_sntrup761x25519_dec(struct kex *kex,
     const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
 {
 	struct sshbuf *buf = NULL;
@@ -167,16 +167,16 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex,
 
 	*shared_secretp = NULL;
 
-	need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
 	if (sshbuf_len(server_blob) != need) {
 		r = SSH_ERR_SIGNATURE_INVALID;
 		goto out;
 	}
 	ciphertext = sshbuf_ptr(server_blob);
-	server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
+	server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
 #ifdef DEBUG_KEXECDH
 	dump_digest("server cipher text:", ciphertext,
-	    crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
+	    crypto_kem_sntrup761_CIPHERTEXTBYTES);
 	dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE);
 #endif
 	/* hash concatenation of KEM key and ECDH shared key */
@@ -184,18 +184,18 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex,
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
+	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
 	    &kem_key)) != 0)
 		goto out;
-	decoded = crypto_kem_sntrup4591761_dec(kem_key, ciphertext,
-	    kex->sntrup4591761_client_key);
+	decoded = crypto_kem_sntrup761_dec(kem_key, ciphertext,
+	    kex->sntrup761_client_key);
 	if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub,
 	    buf, 1)) < 0)
 		goto out;
 	if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
 		goto out;
 #ifdef DEBUG_KEXECDH
-	dump_digest("client kem key:", kem_key, crypto_kem_sntrup4591761_BYTES);
+	dump_digest("client kem key:", kem_key, crypto_kem_sntrup761_BYTES);
 	dump_digest("concatenation of KEM key and ECDH shared key:",
 	    sshbuf_ptr(buf), sshbuf_len(buf));
 #endif
diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile
index ede5e2fb4..733558d57 100644
--- a/regress/misc/kexfuzz/Makefile
+++ b/regress/misc/kexfuzz/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.8 2020/04/03 04:07:48 djm Exp $
+#	$OpenBSD: Makefile,v 1.9 2020/12/29 01:02:15 djm Exp $
 
 .include <bsd.own.mk>
 .include <bsd.obj.mk>
@@ -32,8 +32,8 @@ SRCS+=	kexgexs.c
 SRCS+=	kexc25519.c
 SRCS+=	smult_curve25519_ref.c
 SRCS+=	kexgen.c
-SRCS+=	kexsntrup4591761x25519.c
-SRCS+=	sntrup4591761.c
+SRCS+=	kexsntrup761x25519.c
+SRCS+=	sntrup761.c
 
 SRCS+=digest-openssl.c
 #SRCS+=digest-libc.c
diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile
index 1c5d68ce8..bff16ab4e 100644
--- a/regress/unittests/kex/Makefile
+++ b/regress/unittests/kex/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.10 2020/04/06 09:43:56 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.11 2020/12/29 01:02:15 djm Exp $
 
 PROG=test_kex
 SRCS=tests.c test_kex.c
@@ -23,8 +23,8 @@ SRCS+=	kexgexs.c
 SRCS+=	kexc25519.c
 SRCS+=	smult_curve25519_ref.c
 SRCS+=	kexgen.c
-SRCS+=	kexsntrup4591761x25519.c
-SRCS+=	sntrup4591761.c
+SRCS+=	kexsntrup761x25519.c
+SRCS+=	sntrup761.c
 SRCS+=	utf8.c
 
 SRCS+=digest-openssl.c
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index 0e7cd9e07..06bd001ae 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_kex.c,v 1.4 2019/01/21 12:35:20 djm Exp $ */
+/* 	$OpenBSD: test_kex.c,v 1.5 2020/12/29 01:02:15 djm Exp $ */
 /*
  * Regress test KEX
  *
@@ -152,6 +152,7 @@ do_kex_with_key(char *kex, int keytype, int bits)
 #endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
 	server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+	server2->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
 	server2->kex->sign = server->kex->sign;
@@ -201,5 +202,6 @@ kex_tests(void)
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
 	do_kex("diffie-hellman-group1-sha1");
+	do_kex("sntrup761x25519-sha512@openssh.com");
 #endif /* WITH_OPENSSL */
 }