Add support for ECDH key exchange #41
Comments
|
Slightly off-thread: Will Cosgrove worked on diffie-hellman-group-exchange-sha256 support back in January: |
|
This is getting somewhat urgent. libssh2 only supports the following key exchange protocols: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 But OpenSSH now disables diffie-hellman-group1-sha1 by default, and SHA1 in general is considered broken so the rest of libssh2's key exchange protocols are bound to follow suite. Indeed some SSH hardening guides recommend only supporting curve25519-sha256@libssh.org and diffie-hellman-group-exchange-sha256, neither of which libssh2 supports. |
|
We accept pull requests as well as good old patches mailed to the mailing list. |
|
done! |
|
I have ECDH using OpenSSL support done on a private fork; I just need some time to merge it back into master and create a pull request. |
|
I am also looking for ECDH support in libssh2. Hope you find the time to merge back your changes :-) |
|
Any news on this, @willco007? :) |
|
@ehamberg Thanks for the reminder. I finally shipped the project I've been working on and will have some time in the coming weeks to get my changes into a pull request. I've been continuing to work on my private fork. I've recently added OpenSSH key file format support. At this point I have diverged quite a bit from the official release (ECDHA, ED25519, ETM support, OpenSSH keys). The problems are:
|
|
I've implemented ECDH nistp384 on my local sandbox. I have tested this against openssh 7.3p1. Mine too works only with openssl. I can review the ECDH code. I've never used gcrypt etc , so I won't be of much help |
|
@prem-nm great! I'm merging my changes now and will let you know when I submit the pull request. |
Only supported using OpenSSL backend at the moment
|
@prem-nm have you had a chance to look over/try my pull request? |
|
@willco007 , I had a look and I have commented. Good job ! |
This commit lands full ECDSA key support when using the OpenSSL backend. Which includes: New KEX methods: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 Can now read OpenSSL formatted ECDSA key files. Now supports known host keys of type ecdsa-sha2-nistp256. New curve types: NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1 Default host key preferred ordering is now nistp256, nistp384, nistp521, rsa, dss. Ref: #41 Closes #206
|
ECDSA support has been merged in, closing. |
This commit lands full ECDSA key support when using the OpenSSL backend. Which includes: New KEX methods: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 Can now read OpenSSL formatted ECDSA key files. Now supports known host keys of type ecdsa-sha2-nistp256. New curve types: NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1 Default host key preferred ordering is now nistp256, nistp384, nistp521, rsa, dss. Ref: libssh2#41 Closes libssh2#206
This commit lands full ECDSA key support when using the OpenSSL backend. Which includes: New KEX methods: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 Can now read OpenSSL formatted ECDSA key files. Now supports known host keys of type ecdsa-sha2-nistp256. New curve types: NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1 Default host key preferred ordering is now nistp256, nistp384, nistp521, rsa, dss. Ref: libssh2#41 Closes libssh2#206
ECDH key exchange is faster than regular Diffie-Hellman with equivalent levels of security. It's been supported for some time in OpenSSH. It also uses longer session hashes, resulting in harder-to-guess key material. It would be nice if libssh2 supported this as well.
The NIST curves can probably be trivially implemented with OpenSSL and libgcrypt, but using curve25519-sha256@libssh.org would probably require custom code in libssh2.
The text was updated successfully, but these errors were encountered: