sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexgexc.o kexgexs.o \
- sntrup4591761.o kexsntrup4591761x25519.o kexkemc.o kexkems.o \
+ sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
platform-pledge.o platform-tracing.o platform-misc.o
-/* $OpenBSD: kex.c,v 1.148 2019/01/21 10:33:49 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.149 2019/01/21 10:40:11 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
sshbuf_free(kex->my);
sshbuf_free(kex->client_version);
sshbuf_free(kex->server_version);
- sshbuf_free(kex->kem_client_pub);
+ sshbuf_free(kex->client_pub);
free(kex->session_id);
free(kex->failed_choice);
free(kex->hostkey_alg);
-/* $OpenBSD: kex.h,v 1.104 2019/01/21 10:35:09 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.106 2019/01/21 10:40:11 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */
- struct sshbuf *kem_client_pub; /* KEM */
+ struct sshbuf *client_pub;
};
int kex_names_valid(const char *);
int kex_send_newkeys(struct ssh *);
int kex_start_rekex(struct ssh *);
-int kexdh_client(struct ssh *);
-int kexdh_server(struct ssh *);
int kexgex_client(struct ssh *);
int kexgex_server(struct ssh *);
-int kexecdh_client(struct ssh *);
-int kexecdh_server(struct ssh *);
-int kexc25519_client(struct ssh *);
-int kexc25519_server(struct ssh *);
-int kex_kem_client(struct ssh *);
-int kex_kem_server(struct ssh *);
+int kex_gen_client(struct ssh *);
+int kex_gen_server(struct ssh *);
int kex_dh_keypair(struct kex *);
int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
const BIGNUM *, const u_char *, size_t,
u_char *, size_t *);
-int kex_c25519_hash(int, const struct sshbuf *, const struct sshbuf *,
- const u_char *, size_t, const u_char *, size_t,
- const u_char *, size_t, const struct sshbuf *, const struct sshbuf *,
- const struct sshbuf *, u_char *, size_t *);
-
void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-/* $OpenBSD: kexc25519.c,v 1.15 2019/01/21 10:35:09 djm Exp $ */
+/* $OpenBSD: kexc25519.c,v 1.17 2019/01/21 10:40:11 djm Exp $ */
/*
* Copyright (c) 2019 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
return kexc25519_shared_key_ext(key, pub, out, 0);
}
-int
-kex_c25519_hash(
- int hash_alg,
- const struct sshbuf *client_version,
- const struct sshbuf *server_version,
- const u_char *ckexinit, size_t ckexinitlen,
- const u_char *skexinit, size_t skexinitlen,
- const u_char *serverhostkeyblob, size_t sbloblen,
- const struct sshbuf *client_pub,
- const struct sshbuf *server_pub,
- const struct sshbuf *shared_secret,
- u_char *hash, size_t *hashlen)
-{
- struct sshbuf *b;
- int r;
-
- if (*hashlen < ssh_digest_bytes(hash_alg))
- return SSH_ERR_INVALID_ARGUMENT;
- if ((b = sshbuf_new()) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- if ((r = sshbuf_put_stringb(b, client_version)) != 0 ||
- (r = sshbuf_put_stringb(b, server_version)) != 0 ||
- /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
- (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 ||
- (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
- (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 ||
- (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 ||
- (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
- (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 ||
- (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 ||
- (r = sshbuf_put_stringb(b, client_pub)) != 0 ||
- (r = sshbuf_put_stringb(b, server_pub)) != 0 ||
- (r = sshbuf_putb(b, shared_secret)) != 0) {
- sshbuf_free(b);
- return r;
- }
-#ifdef DEBUG_KEX
- sshbuf_dump(b, stderr);
-#endif
- if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
- sshbuf_free(b);
- return SSH_ERR_LIBCRYPTO_ERROR;
- }
- sshbuf_free(b);
- *hashlen = ssh_digest_bytes(hash_alg);
-#ifdef DEBUG_KEX
- dump_digest("hash", hash, *hashlen);
-#endif
- return 0;
-}
-
int
kex_c25519_keypair(struct kex *kex)
{
#ifdef DEBUG_KEXECDH
dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
#endif
- kex->kem_client_pub = buf;
+ kex->client_pub = buf;
buf = NULL;
out:
sshbuf_free(buf);
-/* $OpenBSD: kexdh.c,v 1.31 2019/01/21 10:35:09 djm Exp $ */
+/* $OpenBSD: kexdh.c,v 1.32 2019/01/21 10:40:11 djm Exp $ */
/*
* Copyright (c) 2019 Markus Friedl. All rights reserved.
*
BN_print_fp(stderr, pub_key);
fprintf(stderr, "\n");
#endif
- kex->kem_client_pub = buf;
+ kex->client_pub = buf;
buf = NULL;
out:
sshbuf_free(buf);
-/* $OpenBSD: kexecdh.c,v 1.9 2019/01/21 10:35:09 djm Exp $ */
+/* $OpenBSD: kexecdh.c,v 1.10 2019/01/21 10:40:11 djm Exp $ */
/*
* Copyright (c) 2010 Damien Miller. All rights reserved.
* Copyright (c) 2019 Markus Friedl. All rights reserved.
kex->ec_client_key = client_key;
kex->ec_group = group;
client_key = NULL; /* owned by the kex */
- kex->kem_client_pub = buf;
+ kex->client_pub = buf;
buf = NULL;
out:
EC_KEY_free(client_key);
-/* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */
+/* $OpenBSD: kexsntrup4591761x25519.c,v 1.3 2019/01/21 10:40:11 djm Exp $ */
/*
* Copyright (c) 2019 Markus Friedl. All rights reserved.
*
#ifdef DEBUG_KEXECDH
dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
#endif
- kex->kem_client_pub = buf;
+ kex->client_pub = buf;
buf = NULL;
out:
sshbuf_free(buf);
-/* $OpenBSD: monitor.c,v 1.196 2019/01/21 10:29:56 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.197 2019/01/21 10:38:54 djm Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
if ((kex = ssh->kex) != NULL) {
/* XXX set callbacks */
#ifdef WITH_OPENSSL
- kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server;
- kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server;
- kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server;
- kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server;
- kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server;
+ kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+ kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+ kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+ kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+ kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
# ifdef OPENSSL_HAS_ECC
- kex->kex[KEX_ECDH_SHA2] = kex_kem_server;
+ kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
# endif
#endif /* WITH_OPENSSL */
- kex->kex[KEX_C25519_SHA256] = kex_kem_server;
- kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server;
+ kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+ kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
-/* $OpenBSD: ssh-keyscan.c,v 1.124 2019/01/21 10:29:56 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.125 2019/01/21 10:38:54 djm Exp $ */
/*
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
exit(1);
}
#ifdef WITH_OPENSSL
- c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client;
- c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client;
- c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client;
- c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client;
- c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client;
+ c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
+ c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
+ c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
+ c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
+ c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
# ifdef OPENSSL_HAS_ECC
- c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client;
+ c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
# endif
#endif
- c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client;
- c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client;
+ c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
+ c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
/*
* do the key-exchange until an error occurs or until
-/* $OpenBSD: ssh_api.c,v 1.14 2019/01/21 10:29:56 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.15 2019/01/21 10:38:54 djm Exp $ */
/*
* Copyright (c) 2012 Markus Friedl. All rights reserved.
*
ssh->kex->server = is_server;
if (is_server) {
#ifdef WITH_OPENSSL
- ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server;
- ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server;
- ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server;
- ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server;
- ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server;
+ ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+ ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+ ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+ ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+ ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
# ifdef OPENSSL_HAS_ECC
- ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_server;
+ ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
# endif
#endif /* WITH_OPENSSL */
- ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_server;
- ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server;
+ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+ ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
ssh->kex->load_host_public_key=&_ssh_host_public_key;
ssh->kex->load_host_private_key=&_ssh_host_private_key;
ssh->kex->sign=&_ssh_host_key_sign;
} else {
#ifdef WITH_OPENSSL
- ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client;
+ ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
# ifdef OPENSSL_HAS_ECC
- ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client;
+ ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
# endif
#endif /* WITH_OPENSSL */
- ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client;
- ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client;
+ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
+ ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
ssh->kex->verify_host_key =&_ssh_verify_host_key;
}
*sshp = ssh;
-/* $OpenBSD: sshconnect2.c,v 1.300 2019/01/21 10:29:56 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.301 2019/01/21 10:38:54 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
if ((r = kex_setup(ssh, myproposal)) != 0)
fatal("kex_setup: %s", ssh_err(r));
#ifdef WITH_OPENSSL
- ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_client;
- ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_client;
+ ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
+ ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
# ifdef OPENSSL_HAS_ECC
- ssh->kex->kex[KEX_ECDH_SHA2] = kex_kem_client;
+ ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
# endif
#endif
- ssh->kex->kex[KEX_C25519_SHA256] = kex_kem_client;
- ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_client;
+ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
+ ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
ssh->kex->verify_host_key=&verify_host_key_callback;
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
-/* $OpenBSD: sshd.c,v 1.531 2019/01/21 10:29:56 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.532 2019/01/21 10:38:54 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
fatal("kex_setup: %s", ssh_err(r));
kex = ssh->kex;
#ifdef WITH_OPENSSL
- kex->kex[KEX_DH_GRP1_SHA1] = kex_kem_server;
- kex->kex[KEX_DH_GRP14_SHA1] = kex_kem_server;
- kex->kex[KEX_DH_GRP14_SHA256] = kex_kem_server;
- kex->kex[KEX_DH_GRP16_SHA512] = kex_kem_server;
- kex->kex[KEX_DH_GRP18_SHA512] = kex_kem_server;
+ kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+ kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+ kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+ kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+ kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
# ifdef OPENSSL_HAS_ECC
- kex->kex[KEX_ECDH_SHA2] = kex_kem_server;
+ kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
# endif
#endif
- kex->kex[KEX_C25519_SHA256] = kex_kem_server;
- kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_kem_server;
+ kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+ kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
projects / thirdparty / openssh-portable.git / commitdiff
