Noratrieb/cluelessh
1
0
Fork 0
mirror of https://github.com/Noratrieb/cluelessh.git synced 2026-01-16 09:25:04 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

p256

Browse source
This commit is contained in:
nora 2024-08-12 18:13:00 +02:00
parent 1cdea4763d
commit 768a1a6633
4 changed files with 179 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ssh-transport/Cargo.toml
View file

@ -7,6 +7,7 @@ edition = "2021"
chacha20 = "0.9.1"
ed25519-dalek = { version = "2.1.1" }
eyre = "0.6.12"
p256 = { version = "0.13.2", features = ["ecdh"] }
poly1305 = "0.8.0"
rand = "0.8.5"
rand_core = "0.6.4"

23
ssh-transport/src/keys.rs
View file

@ -45,6 +45,29 @@ pub const KEX_CURVE_25519_SHA256: KexAlgorithm = KexAlgorithm {
})
},
};
/// <https://datatracker.ietf.org/doc/html/rfc5656>
pub const KEX_ECDH_SHA2_NISTP256: KexAlgorithm = KexAlgorithm {
name: "ecdh-sha2-nistp256",
exchange: |client_public_key, rng| {
let secret = p256::ecdh::EphemeralSecret::random(&mut crate::SshRngRandAdapter(rng));
let server_public_key = p256::EncodedPoint::from(secret.public_key()); // Q_S
let client_public_key =
p256::PublicKey::from_sec1_bytes(client_public_key).map_err(|_| {
crate::client_error!(
"invalid p256 public key length: {}",
client_public_key.len()
)
})?; // Q_C
let shared_secret = secret.diffie_hellman(&client_public_key); // K
Ok(KexAlgorithmOutput {
server_public_key: server_public_key.as_bytes().to_vec(),
shared_secret: shared_secret.raw_secret_bytes().to_vec(),
})
},
};
pub struct AlgorithmNegotiation<T> {
pub supported: Vec<(&'static str, T)>,

4
ssh-transport/src/lib.rs
View file

@ -175,11 +175,13 @@ impl ServerConnection {
}
};
// TODO: support ecdh-sha2-nistp256
let kex_algorithms = AlgorithmNegotiation {
supported: vec![(
keys::KEX_CURVE_25519_SHA256.name,
keys::KEX_CURVE_25519_SHA256,
), (
keys::KEX_ECDH_SHA2_NISTP256.name,
keys::KEX_ECDH_SHA2_NISTP256,
)],
};
let kex_algorithm = kex_algorithms.find(kex.kex_algorithms.0)?;