Add key exchange algorithm curve25519-sha256@libssh.org
dkocher opened this issue · 11 comments
Currently only diffie-hellman-group14-sha1
and diffie-hellman-group1-sha1
is implemented.
Hi David,
Could you link the RFC for the protocol? In both this one and #167? Thx!
Refer also to Specifications implemented by OpenSSH.
@hierynomus @dkocher same point as #167 basically, has there been any progress on this? I looked at the code, but I'm not sure where to start on implementing a new key exchange algorithm myself.
Started work on this on the ed25519 branch
@dkocher I'm not seeming to get it to work yet. Maybe you can have a look at the branch also. Probably missing something very stupid here during the signature verification :(.
Current status is:
net.schmizz.sshj.transport.TransportException: KeyExchange signature verification failed
at net.schmizz.sshj.transport.kex.Curve25519.next(Curve25519.java:126) ~[main/:na]
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:367) ~[main/:na]
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493) ~[main/:na]
SSHD configuration on linux box used:
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
I can reproduce the signature verification failure. Note that when I leave the other HostKey
settings uncommented, there is an issue with selecting the correct host key type and a resulting exception
java.lang.ClassCastException: org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey cannot be cast to net.i2p.crypto.eddsa.EdDSAPublicKey
at net.schmizz.sshj.transport.kex.Curve25519.next(Curve25519.java:108)
at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:367)
at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493)
at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:107)
at net.schmizz.sshj.transport.Decoder.received(Decoder.java:175)
at net.schmizz.sshj.transport.Reader.run(Reader.java:60)
Some additional implementation info...
Nice scheme: https://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
Page on ed25519: http://ed25519.cr.yp.to/software.html
Original ed25519 paper: http://ed25519.cr.yp.to/ed25519-20110926.pdf
Original curve25519 paper: http://cr.yp.to/ecdh/curve25519-20060209.pdf
Sodium: https://labs.opendns.com/2013/03/06/announcing-sodium-a-new-cryptographic-library
@dkocher Can you try it out and see whether it indeed works, verified it locally against a VM, but would be good to have a backup check before releasing into the wild 😄
Tested against SSH-2.0-OpenSSH_6.6.1
.
In that case I'm going to release! Stay tuned for 0.14.0