kex: implement curve25519-sha256@libssh.org

2025-08-07 08:02:55 +03:00 · 2013-09-21 23:34:50 +02:00
parent 391bd88355
commit 666db37e21
9 changed files with 404 additions and 6 deletions
--- a/src/kex.c
+++ b/src/kex.c
@@ -34,6 +34,7 @@
 #include "libssh/session.h"
 #include "libssh/ssh2.h"
 #include "libssh/string.h"
+#include "libssh/curve25519.h"

 #ifdef HAVE_LIBGCRYPT
 # define BLOWFISH "blowfish-cbc,"
@@ -63,14 +64,21 @@
 #define ZLIB "none"
 #endif

-#ifdef HAVE_ECDH
-#define KEY_EXCHANGE "ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
-#define HOSTKEYS "ecdsa-sha2-nistp256,ssh-rsa,ssh-dss"
+#ifdef HAVE_CURVE25519
+#define CURVE25519 "curve25519-sha256@libssh.org,"
 #else
-#define KEY_EXCHANGE "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
-#define HOSTKEYS "ssh-rsa,ssh-dss"
+#define CURVE25519 ""
 #endif

+#ifdef HAVE_ECDH
+#define ECDH "ecdh-sha2-nistp256,"
+#define HOSTKEYS "ecdsa-sha2-nistp256,ssh-rsa,ssh-dss"
+#else
+#define HOSTKEYS "ssh-rsa,ssh-dss"
+#define ECDH ""
+#endif
+
+#define KEY_EXCHANGE CURVE25519 ECDH "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
 #define KEX_METHODS_SIZE 10

 /* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */
@@ -412,6 +420,8 @@ int ssh_kex_select_methods (ssh_session session){
      session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA1;
    } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){
      session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP256;
+    } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256@libssh.org") == 0){
+      session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG;
    }

    return SSH_OK;