Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add [email protected]. #455

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add [email protected]. #455

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions Makefile.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ GSSLIBS=@GSSLIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBFIDO2=@LIBFIDO2@
LIBMCELIECE=@LIBMCELIECE@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
Expand Down Expand Up @@ -110,6 +111,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexgexc.o kexgexs.o \
kexsntrup761x25519.o sntrup761.o kexgen.o \
kexmceliece6688128x25519.o mceliece6688128f.o \
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
sshbuf-io.o

Expand Down Expand Up @@ -204,10 +206,10 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@

ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS)
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS) $(LIBMCELIECE)

sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) $(LIBMCELIECE)

scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
Expand All @@ -231,7 +233,7 @@ ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
$(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) $(CHANNELLIBS)

ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(CHANNELLIBS)
$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(CHANNELLIBS) $(LIBMCELIECE)

sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
Expand Down
35 changes: 35 additions & 0 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1756,6 +1756,37 @@ AC_ARG_WITH([libedit],
fi ]
)

# Check whether user wants libmceliece support
LIBMCELIECE_MSG="no"
AC_ARG_WITH([libmceliece],
[ --with-libmceliece[[=PATH]] Enable libmceliece support.],
[],
[with_libmceliece=yes])
if test "x$with_libmceliece" != "xno" ; then
if test "x$with_libmceliece" != "xyes" ; then
CPPFLAGS="$CPPFLAGS -I${with_libmceliece}/include"
if test -n "${rpath_opt}"; then
LDFLAGS="-L${with_libmceliece}/lib ${rpath_opt}${with_libmceliece}/lib ${LDFLAGS}"
else
LDFLAGS="-L${with_libmceliece}/lib ${LDFLAGS}"
fi
fi
AC_MSG_CHECKING([for libmceliece])
save_LIBS="$LIBS"
LIBS="$LIBS -lmceliece"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <mceliece.h>]],
[[char sk[mceliece6688128f_SECRETKEYBYTES];
char pk[mceliece6688128f_PUBLICKEYBYTES];
mceliece6688128f_keypair (pk, sk);]])],
[ AC_DEFINE([USE_LIBMCELIECE], [1], [Use libmceliece])
LIBMCELIECE_MSG="yes"
LIBMCELIECE="-lmceliece"
AC_SUBST([LIBMCELIECE])
])
LIBS="$save_LIBS"
AC_MSG_RESULT([$LIBMCELIECE_MSG])
fi

AUDIT_MODULE=none
AC_ARG_WITH([audit],
[ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
Expand Down Expand Up @@ -5657,6 +5688,7 @@ echo " Random number source: $RAND_MSG"
echo " Privsep sandbox style: $SANDBOX_STYLE"
echo " PKCS#11 support: $enable_pkcs11"
echo " U2F/FIDO support: $enable_sk"
echo " libmceliece support: $LIBMCELIECE_MSG"

echo ""

Expand All @@ -5675,6 +5707,9 @@ fi
if test ! -z "${SSHDLIBS}"; then
echo " +for sshd: ${SSHDLIBS}"
fi
if test ! -z "${LIBMCELIECE}"; then
echo " +for mceliece: ${LIBMCELIECE}"
fi

echo ""

Expand Down
19 changes: 19 additions & 0 deletions crypto_api.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,4 +53,23 @@ int crypto_kem_sntrup761_dec(unsigned char *k,
const unsigned char *cstr, const unsigned char *sk);
int crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk);

#define crypto_kem_mceliece6688128_PUBLICKEYBYTES 1044992
#define crypto_kem_mceliece6688128_SECRETKEYBYTES 13932
#define crypto_kem_mceliece6688128_CIPHERTEXTBYTES 208
#define crypto_kem_mceliece6688128_BYTES 32

int crypto_kem_mceliece6688128f_enc(unsigned char *c,
unsigned char *key, const unsigned char *pk);
int crypto_kem_mceliece6688128f_dec(unsigned char *key,
const unsigned char *c, const unsigned char *sk);
void crypto_kem_mceliece6688128f_keypair(unsigned char *pk,
unsigned char *sk);

#if USE_MCELIECE6688128X25519 && USE_LIBMCELIECE
# include "mceliece.h"
# define crypto_kem_mceliece6688128f_enc mceliece6688128f_enc
# define crypto_kem_mceliece6688128f_dec mceliece6688128f_dec
# define crypto_kem_mceliece6688128f_keypair mceliece6688128f_keypair
#endif

#endif /* crypto_api_h */
6 changes: 6 additions & 0 deletions defines.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -942,4 +942,10 @@ struct winsize {
#if defined(VARIABLE_LENGTH_ARRAYS) && defined(VARIABLE_DECLARATION_AFTER_CODE)
# define USE_SNTRUP761X25519 1
#endif

/* Enable [email protected]. */
#if defined(USE_LIBMCELIECE) || defined(VARIABLE_LENGTH_ARRAYS)
# define USE_MCELIECE6688128X25519 1
#endif

#endif /* _DEFINES_H */
4 changes: 4 additions & 0 deletions kex.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,10 @@ static const struct kexalg kexalgs[] = {
{ KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
SSH_DIGEST_SHA512 },
#endif
#ifdef USE_MCELIECE6688128X25519
{ KEX_MCELIECE6688128X25519_SHA512, KEX_KEM_MCELIECE6688128X25519_SHA512, 0,
SSH_DIGEST_SHA512 },
#endif
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
{ NULL, 0, -1, -1},
};
Expand Down
11 changes: 11 additions & 0 deletions kex.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@
#define KEX_CURVE25519_SHA256 "curve25519-sha256"
#define KEX_CURVE25519_SHA256_OLD "[email protected]"
#define KEX_SNTRUP761X25519_SHA512 "[email protected]"
#define KEX_MCELIECE6688128X25519_SHA512 "[email protected]"

#define COMP_NONE 0
/* pre-auth compression (COMP_ZLIB) is only supported in the client */
Expand Down Expand Up @@ -102,6 +103,7 @@ enum kex_exchange {
KEX_ECDH_SHA2,
KEX_C25519_SHA256,
KEX_KEM_SNTRUP761X25519_SHA512,
KEX_KEM_MCELIECE6688128X25519_SHA512,
KEX_MAX
};

Expand Down Expand Up @@ -180,6 +182,9 @@ struct kex {
u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES]; /* KEM */
#ifdef USE_MCELIECE6688128X25519
u_char mceliece6688128_client_key[crypto_kem_mceliece6688128_SECRETKEYBYTES]; /* KEM */
#endif
struct sshbuf *client_pub;
};

Expand Down Expand Up @@ -241,6 +246,12 @@ int kex_kem_sntrup761x25519_enc(struct kex *, const struct sshbuf *,
int kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *,
struct sshbuf **);

int kex_kem_mceliece6688128x25519_keypair(struct kex *);
int kex_kem_mceliece6688128x25519_enc(struct kex *, const struct sshbuf *,
struct sshbuf **, struct sshbuf **);
int kex_kem_mceliece6688128x25519_dec(struct kex *, const struct sshbuf *,
struct sshbuf **);

int kex_dh_keygen(struct kex *);
int kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *);

Expand Down
15 changes: 15 additions & 0 deletions kexgen.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,9 @@ kex_gen_client(struct ssh *ssh)
case KEX_KEM_SNTRUP761X25519_SHA512:
r = kex_kem_sntrup761x25519_keypair(kex);
break;
case KEX_KEM_MCELIECE6688128X25519_SHA512:
r = kex_kem_mceliece6688128x25519_keypair(kex);
break;
default:
r = SSH_ERR_INVALID_ARGUMENT;
break;
Expand Down Expand Up @@ -192,6 +195,10 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
r = kex_kem_sntrup761x25519_dec(kex, server_blob,
&shared_secret);
break;
case KEX_KEM_MCELIECE6688128X25519_SHA512:
r = kex_kem_mceliece6688128x25519_dec(kex, server_blob,
&shared_secret);
break;
default:
r = SSH_ERR_INVALID_ARGUMENT;
break;
Expand Down Expand Up @@ -243,6 +250,10 @@ input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key));
explicit_bzero(kex->sntrup761_client_key,
sizeof(kex->sntrup761_client_key));
#ifdef USE_MCELIECE6688128X25519
explicit_bzero(kex->mceliece6688128_client_key,
sizeof(kex->mceliece6688128_client_key));
#endif
sshbuf_free(server_host_key_blob);
free(signature);
sshbuf_free(tmp);
Expand Down Expand Up @@ -310,6 +321,10 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
&server_pubkey, &shared_secret);
break;
case KEX_KEM_MCELIECE6688128X25519_SHA512:
r = kex_kem_mceliece6688128x25519_enc(kex, client_pubkey,
&server_pubkey, &shared_secret);
break;
default:
r = SSH_ERR_INVALID_ARGUMENT;
break;
Expand Down
Loading
Loading