Add key exchange algorithm curve25519-sha256@libssh.org

Question

Add key exchange algorithm curve25519-sha256@libssh.org

dkocher opened this issue 9 years ago · comments

David Kocher commented 9 years ago

Currently only diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1 is implemented.

Jeroen van Erp · Answer 1 · Tue Jan 27 2015 18:28:49 GMT+0800 (China Standard Time)

Hi David,

Could you link the RFC for the protocol? In both this one and #167? Thx!

David Kocher · Answer 2 · Tue Jan 27 2015 18:36:06 GMT+0800 (China Standard Time)

curve25519-sha256@libssh.org key exchange method

David Kocher · Answer 3 · Tue Jan 27 2015 18:36:47 GMT+0800 (China Standard Time)

Refer also to Specifications implemented by OpenSSH.

Andrew Donald Kennedy · Answer 4 · Sat May 09 2015 06:41:03 GMT+0800 (China Standard Time)

@hierynomus @dkocher same point as #167 basically, has there been any progress on this? I looked at the code, but I'm not sure where to start on implementing a new key exchange algorithm myself.

Jeroen van Erp · Answer 5 · Thu Jun 25 2015 19:30:29 GMT+0800 (China Standard Time)

Started work on this on the ed25519 branch

Jeroen van Erp · Answer 6 · Wed Jul 08 2015 18:47:58 GMT+0800 (China Standard Time)

@dkocher I'm not seeming to get it to work yet. Maybe you can have a look at the branch also. Probably missing something very stupid here during the signature verification :(.

Current status is:

net.schmizz.sshj.transport.TransportException: KeyExchange signature verification failed
    at net.schmizz.sshj.transport.kex.Curve25519.next(Curve25519.java:126) ~[main/:na]
    at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:367) ~[main/:na]
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493) ~[main/:na]

SSHD configuration on linux box used:

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

David Kocher · Answer 7 · Fri Jul 31 2015 19:46:57 GMT+0800 (China Standard Time)

I can reproduce the signature verification failure. Note that when I leave the other HostKey settings uncommented, there is an issue with selecting the correct host key type and a resulting exception

java.lang.ClassCastException: org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey cannot be cast to net.i2p.crypto.eddsa.EdDSAPublicKey
    at net.schmizz.sshj.transport.kex.Curve25519.next(Curve25519.java:108)
    at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:367)
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493)
    at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:107)
    at net.schmizz.sshj.transport.Decoder.received(Decoder.java:175)
    at net.schmizz.sshj.transport.Reader.run(Reader.java:60)

Jeroen van Erp · Answer 8 · Fri Oct 16 2015 16:37:35 GMT+0800 (China Standard Time)

Some additional implementation info...

Nice scheme: https://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
Page on ed25519: http://ed25519.cr.yp.to/software.html
Original ed25519 paper: http://ed25519.cr.yp.to/ed25519-20110926.pdf
Original curve25519 paper: http://cr.yp.to/ecdh/curve25519-20060209.pdf
Sodium: https://labs.opendns.com/2013/03/06/announcing-sodium-a-new-cryptographic-library

Jeroen van Erp · Answer 9 · Tue Nov 03 2015 23:21:35 GMT+0800 (China Standard Time)

@dkocher Can you try it out and see whether it indeed works, verified it locally against a VM, but would be good to have a backup check before releasing into the wild 😄

David Kocher · Answer 10 · Wed Nov 04 2015 16:11:23 GMT+0800 (China Standard Time)

Tested against SSH-2.0-OpenSSH_6.6.1.

Jeroen van Erp · Answer 11 · Wed Nov 04 2015 16:28:26 GMT+0800 (China Standard Time)

In that case I'm going to release! Stay tuned for 0.14.0