diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-21 10:35:09 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-01-21 23:13:03 +1100 |
commit | 71e67fff946396caa110a7964da23480757258ff (patch) | |
tree | 07cae7bce377241a7b61195d0810ec91d953685e /kexsntrup4591761x25519.c | |
parent | 4b83e2a2cc0c12e671a77eaba1c1245894f4e884 (diff) | |
download | openssh-git-71e67fff946396caa110a7964da23480757258ff.tar.gz |
upstream: pass values used in KEX hash computation as sshbuf
rather than pointer+len
suggested by me; implemented by markus@ ok me
OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
Diffstat (limited to 'kexsntrup4591761x25519.c')
-rw-r--r-- | kexsntrup4591761x25519.c | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/kexsntrup4591761x25519.c b/kexsntrup4591761x25519.c index ffe05f42..d845f3d4 100644 --- a/kexsntrup4591761x25519.c +++ b/kexsntrup4591761x25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexsntrup4591761x25519.c,v 1.1 2019/01/21 10:20:12 djm Exp $ */ +/* $OpenBSD: kexsntrup4591761x25519.c,v 1.2 2019/01/21 10:35:09 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -66,11 +66,13 @@ kex_kem_sntrup4591761x25519_keypair(struct kex *kex) } int -kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, - size_t pklen, struct sshbuf **server_blobp, struct sshbuf **shared_secretp) +kex_kem_sntrup4591761x25519_enc(struct kex *kex, + const struct sshbuf *client_blob, struct sshbuf **server_blobp, + struct sshbuf **shared_secretp) { struct sshbuf *server_blob = NULL; struct sshbuf *buf = NULL; + const u_char *client_pub; u_char *kem_key, *ciphertext, *server_pub; u_char server_key[CURVE25519_SIZE]; u_char hash[SSH_DIGEST_MAX_LENGTH]; @@ -80,17 +82,19 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, *server_blobp = NULL; *shared_secretp = NULL; - /* pkblob contains both KEM and ECDH client pubkeys */ + /* client_blob contains both KEM and ECDH client pubkeys */ need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE; - if (pklen != need) { + if (sshbuf_len(client_blob) != need) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } + client_pub = sshbuf_ptr(client_blob); #ifdef DEBUG_KEXECDH - dump_digest("client public key sntrup4591761:", pkblob, + dump_digest("client public key sntrup4591761:", client_pub, crypto_kem_sntrup4591761_PUBLICKEYBYTES); dump_digest("client public key 25519:", - pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, CURVE25519_SIZE); + client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES, + CURVE25519_SIZE); #endif /* allocate buffer for concatenation of KEM key and ECDH shared key */ /* the buffer will be hashed and the result is the shared secret */ @@ -110,13 +114,13 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0) goto out; /* generate and encrypt KEM key with client key */ - crypto_kem_sntrup4591761_enc(ciphertext, kem_key, pkblob); + crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub); /* generate ECDH key pair, store server pubkey after ciphertext */ server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; kexc25519_keygen(server_key, server_pub); /* append ECDH shared key */ - if ((r = kexc25519_shared_key_ext(server_key, - pkblob + crypto_kem_sntrup4591761_PUBLICKEYBYTES, buf, 1)) < 0) + client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES; + if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0) goto out; if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0) goto out; @@ -149,8 +153,8 @@ kex_kem_sntrup4591761x25519_enc(struct kex *kex, const u_char *pkblob, } int -kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, - size_t pklen, struct sshbuf **shared_secretp) +kex_kem_sntrup4591761x25519_dec(struct kex *kex, + const struct sshbuf *server_blob, struct sshbuf **shared_secretp) { struct sshbuf *buf = NULL; u_char *kem_key = NULL; @@ -162,12 +166,12 @@ kex_kem_sntrup4591761x25519_dec(struct kex *kex, const u_char *pkblob, *shared_secretp = NULL; need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE; - if (pklen != need) { + if (sshbuf_len(server_blob) != need) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } - ciphertext = pkblob; - server_pub = pkblob + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; + ciphertext = sshbuf_ptr(server_blob); + server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES; #ifdef DEBUG_KEXECDH dump_digest("server cipher text:", ciphertext, crypto_kem_sntrup4591761_CIPHERTEXTBYTES); |