Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
apacheGH-525: Fix sntrup761x25519-sha512
Browse files Browse the repository at this point in the history
Because all other KEX algorithms treat the secret resulting from the
key agreement as "mpint", our key agreements all returned the "mpint"
representation of the result of the key agreement.

But sntrup761x25519-sha512 needs the raw 32 bytes of the key agreement
(curve25519-sha256).

Add a flag to XDH that determines whether it returns the raw bytes or
the "mpint" bytes.

Bug: apache#525
tomaswolf committed Jul 11, 2024
1 parent ebc6602 commit 2ad1431
Showing 3 changed files with 11 additions and 8 deletions.
Original file line number Diff line number Diff line change
@@ -253,7 +253,7 @@ public XDH create(Object... params) throws Exception {
if (!GenericUtils.isEmpty(params)) {
throw new IllegalArgumentException("No accepted parameters for " + getName());
}
return new XDH(MontgomeryCurve.x25519) {
return new XDH(MontgomeryCurve.x25519, false) {

@Override
public Digest getHash() throws Exception {
@@ -274,7 +274,7 @@ public XDH create(Object... params) throws Exception {
if (!GenericUtils.isEmpty(params)) {
throw new IllegalArgumentException("No accepted parameters for " + getName());
}
return new XDH(MontgomeryCurve.x25519) {
return new XDH(MontgomeryCurve.x25519, false) {

@Override
public Digest getHash() throws Exception {
@@ -298,7 +298,7 @@ public XDH create(Object... params) throws Exception {
if (!GenericUtils.isEmpty(params)) {
throw new IllegalArgumentException("No accepted parameters for " + getName());
}
return new XDH(MontgomeryCurve.x448) {
return new XDH(MontgomeryCurve.x448, false) {

@Override
public Digest getHash() throws Exception {
@@ -322,7 +322,7 @@ public XDH create(Object... params) throws Exception {
if (!GenericUtils.isEmpty(params)) {
throw new IllegalArgumentException("No accepted parameters for " + getName());
}
return new XDH(MontgomeryCurve.x25519) {
return new XDH(MontgomeryCurve.x25519, true) {

@Override
public KeyEncapsulationMethod getKeyEncapsulation() {
9 changes: 6 additions & 3 deletions sshd-core/src/main/java/org/apache/sshd/common/kex/XDH.java
Original file line number Diff line number Diff line change
@@ -31,11 +31,13 @@
*/
public abstract class XDH extends AbstractDH {

protected MontgomeryCurve curve;
protected final MontgomeryCurve curve;
protected final boolean raw;
protected byte[] f;

public XDH(MontgomeryCurve curve) throws Exception {
public XDH(MontgomeryCurve curve, boolean raw) throws Exception {
this.curve = Objects.requireNonNull(curve, "No MontgomeryCurve provided");
this.raw = raw;
myKeyAgree = curve.createKeyAgreement();
}

@@ -77,6 +79,7 @@ public void putF(Buffer buffer, byte[] f) {
protected byte[] calculateK() throws Exception {
Objects.requireNonNull(f, "Missing 'f' value");
myKeyAgree.doPhase(curve.decode(f), true);
return stripLeadingZeroes(myKeyAgree.generateSecret());
byte[] secret = myKeyAgree.generateSecret();
return raw ? secret : stripLeadingZeroes(secret);
}
}
Original file line number Diff line number Diff line change
@@ -758,7 +758,7 @@ protected byte[] resizeKey(
buffer = new ByteArrayBuffer();
}

buffer.putMPInt(k);
buffer.putBytes(k);
buffer.putRawBytes(h);
buffer.putRawBytes(e);
hash.update(buffer.array(), 0, buffer.available());

0 comments on commit 2ad1431

Please sign in to comment.