ecdh: enable ecdh_sha2_nistp{384,521} kex methods

Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2025-11-30 13:01:23 +03:00 · 2017-08-24 18:14:38 +02:00
parent 74d17a6531
commit 6252aab88a
11 changed files with 184 additions and 12 deletions
--- a/src/dh.c
+++ b/src/dh.c
@@ -608,7 +608,9 @@ int ssh_make_sessionid(ssh_session session) {
        }

 #ifdef HAVE_ECDH
-    } else if (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP256) {
+    } else if ((session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP256) ||
+               (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP384) ||
+               (session->next_crypto->kex_type == SSH_KEX_ECDH_SHA2_NISTP521)) {
        if (session->next_crypto->ecdh_client_pubkey == NULL ||
            session->next_crypto->ecdh_server_pubkey == NULL) {
            SSH_LOG(SSH_LOG_WARNING, "ECDH parameted missing");
@@ -670,6 +672,28 @@ int ssh_make_sessionid(ssh_session session) {
        sha256(ssh_buffer_get(buf), ssh_buffer_get_len(buf),
                                     session->next_crypto->secret_hash);
        break;
+    case SSH_KEX_ECDH_SHA2_NISTP384:
+        session->next_crypto->digest_len = SHA384_DIGEST_LENGTH;
+        session->next_crypto->mac_type = SSH_MAC_SHA384;
+        session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len);
+        if (session->next_crypto->secret_hash == NULL) {
+            ssh_set_error_oom(session);
+            goto error;
+        }
+        sha384(ssh_buffer_get(buf), ssh_buffer_get_len(buf),
+                                     session->next_crypto->secret_hash);
+        break;
+    case SSH_KEX_ECDH_SHA2_NISTP521:
+        session->next_crypto->digest_len = SHA512_DIGEST_LENGTH;
+        session->next_crypto->mac_type = SSH_MAC_SHA512;
+        session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len);
+        if (session->next_crypto->secret_hash == NULL) {
+            ssh_set_error_oom(session);
+            goto error;
+        }
+        sha512(ssh_buffer_get(buf), ssh_buffer_get_len(buf),
+                                     session->next_crypto->secret_hash);
+        break;
    }
    /* During the first kex, secret hash and session ID are equal. However, after
     * a key re-exchange, a new secret hash is calculated. This hash will not replace