curve25519

--HG--
branch : ecc

1 files changed, 67 insertions, 30 deletions

diff --git a/cli-kex.c b/cli-kex.c
index 0cc730c..7d94b0e 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -47,27 +47,43 @@ void send_msg_kexdh_init() {
 
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
-	if (IS_NORMAL_DH(ses.newkeys->algo_kex)) {
-		if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
-			|| !cli_ses.dh_param) {
-			if (cli_ses.dh_param) {
-				free_kexdh_param(cli_ses.dh_param);
+	switch (ses.newkeys->algo_kex->mode) {
+		case DROPBEAR_KEX_NORMAL_DH:
+			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
+				|| !cli_ses.dh_param) {
+				if (cli_ses.dh_param) {
+					free_kexdh_param(cli_ses.dh_param);
+				}
+				cli_ses.dh_param = gen_kexdh_param();
 			}
-			cli_ses.dh_param = gen_kexdh_param();
-		}
-		buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
-	} else {
+			buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
+			break;
+		case DROPBEAR_KEX_ECDH:
 #ifdef DROPBEAR_ECDH
-		if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
-			|| !cli_ses.ecdh_param) {
-			if (cli_ses.ecdh_param) {
-				free_kexecdh_param(cli_ses.ecdh_param);
+			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
+				|| !cli_ses.ecdh_param) {
+				if (cli_ses.ecdh_param) {
+					free_kexecdh_param(cli_ses.ecdh_param);
+				}
+				cli_ses.ecdh_param = gen_kexecdh_param();
 			}
-			cli_ses.ecdh_param = gen_kexecdh_param();
-		}
-		buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
+			buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
 #endif
+			break;
+#ifdef DROPBEAR_CURVE25519
+		case DROPBEAR_KEX_CURVE25519:
+			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
+				|| !cli_ses.curve25519_param) {
+				if (cli_ses.curve25519_param) {
+					free_kexcurve25519_param(cli_ses.curve25519_param);
+				}
+				cli_ses.curve25519_param = gen_kexcurve25519_param();
+			}
+			buf_putstring(ses.writepayload, cli_ses.curve25519_param->priv, CURVE25519_LEN);
+#endif
+			break;
 	}
+
 	cli_ses.param_kex_algo = ses.newkeys->algo_kex;
 	encrypt_packet();
 	ses.requirenext[0] = SSH_MSG_KEXDH_REPLY;
@@ -103,23 +119,38 @@ void recv_msg_kexdh_reply() {
 		dropbear_exit("Bad KEX packet");
 	}
 
-	if (IS_NORMAL_DH(ses.newkeys->algo_kex)) {
-		// Normal diffie-hellman
-		DEF_MP_INT(dh_f);
-		m_mp_init(&dh_f);
-		if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
-			TRACE(("failed getting mpint"))
-			dropbear_exit("Bad KEX packet");
-		}
+	switch (ses.newkeys->algo_kex->mode) {
+		case DROPBEAR_KEX_NORMAL_DH:
+			{
+			DEF_MP_INT(dh_f);
+			m_mp_init(&dh_f);
+			if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
+				TRACE(("failed getting mpint"))
+				dropbear_exit("Bad KEX packet");
+			}
 
-		kexdh_comb_key(cli_ses.dh_param, &dh_f, hostkey);
-		mp_clear(&dh_f);
-	} else {
+			kexdh_comb_key(cli_ses.dh_param, &dh_f, hostkey);
+			mp_clear(&dh_f);
+			}
+			break;
+		case DROPBEAR_KEX_ECDH:
 #ifdef DROPBEAR_ECDH
-		buffer *ecdh_qs = buf_getstringbuf(ses.payload);
-		kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
-		buf_free(ecdh_qs);
+			{
+			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
+			kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
+			buf_free(ecdh_qs);
+			}
+#endif
+			break;
+#ifdef DROPBEAR_CURVE25519
+		case DROPBEAR_KEX_CURVE25519:
+			{
+			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
+			kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
+			buf_free(ecdh_qs);
+			}
 #endif
+			break;
 	}
 
 	if (cli_ses.dh_param) {
@@ -132,6 +163,12 @@ void recv_msg_kexdh_reply() {
 		cli_ses.ecdh_param = NULL;
 	}
 #endif
+#ifdef DROPBEAR_CURVE25519
+	if (cli_ses.curve25519_param) {
+		free_kexcurve25519_param(cli_ses.curve25519_param);
+		cli_ses.curve25519_param = NULL;
+	}
+#endif
 
 	cli_ses.param_kex_algo = NULL;
 	if (buf_verify(ses.payload, hostkey, ses.hash) != DROPBEAR_SUCCESS) {