Skip to content

Commit 53cc859

Browse files
tgauthtgauth
authored
Merge pull request #799 from tgauth/enable-sntrup761
enable sntrup761x25519-sha512@openssh.com
2 parents b0a5928 + e10a3d5 commit 53cc859

File tree

3 files changed

+56
-12
lines changed

3 files changed

+56
-12
lines changed

contrib/win32/openssh/config.h.vs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1768,7 +1768,10 @@
17681768
#define HAVE_EVP_MD_CTX_NEW 1
17691769
#define HAVE_EVP_MD_CTX_FREE 1
17701770

1771+
/* Definition to enable sntrup761-x25519 */
1772+
#define USE_SNTRUP761X25519 1
1773+
17711774
/* Definitions to enable mlkem768-x25519 */
17721775
#define USE_MLKEM768X25519 1
17731776
#define HAVE_DECL_HTOLE64 0
1774-
#define HAVE_DECL_LE64TOH 0
1777+
#define HAVE_DECL_LE64TOH 0

myproposal.h

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,6 @@
2424
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2525
*/
2626

27-
#ifdef WINDOWS
28-
// these should be in the same order as upstream, without the ones we don't support
29-
#define KEX_SERVER_KEX \
30-
"mlkem768x25519-sha256," \
31-
"curve25519-sha256," \
32-
"curve25519-sha256@libssh.org," \
33-
"ecdh-sha2-nistp256," \
34-
"ecdh-sha2-nistp384," \
35-
"ecdh-sha2-nistp521,"
36-
#else
3727
#define KEX_SERVER_KEX \
3828
"mlkem768x25519-sha256," \
3929
"sntrup761x25519-sha512," \
@@ -43,7 +33,6 @@
4333
"ecdh-sha2-nistp256," \
4434
"ecdh-sha2-nistp384," \
4535
"ecdh-sha2-nistp521"
46-
#endif
4736

4837
#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \
4938
"diffie-hellman-group-exchange-sha256," \

sntrup761.c

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,10 @@
1616
#include <string.h>
1717
#include "crypto_api.h"
1818

19+
#ifdef WINDOWS
20+
#include "xmalloc.h"
21+
#endif /* WINDOWS */
22+
1923
#define crypto_declassify(x, y) do {} while (0)
2024

2125
#define int8 crypto_int8
@@ -1753,8 +1757,18 @@ static void Encode(unsigned char *out, const uint16_t *R, const uint16_t *M, lon
17531757
m = (m + 255) >> 8;
17541758
}
17551759
}
1760+
#ifdef WINDOWS
1761+
uint16_t *R2 = NULL, *M2 = NULL;
1762+
size_t MR_len = 0;
1763+
#endif /* WINDOWS */
17561764
if (len > 1) {
1765+
#ifdef WINDOWS
1766+
MR_len = (len + 1) / 2;
1767+
R2 = xcalloc(MR_len, sizeof(*R2));
1768+
M2 = xcalloc(MR_len, sizeof(*M2));
1769+
#else
17571770
uint16_t R2[(len + 1) / 2], M2[(len + 1) / 2];
1771+
#endif /* WINDOWS */
17581772
long long i;
17591773
for (i = 0; i < len - 1; i += 2) {
17601774
uint32_t m0 = M[i];
@@ -1774,6 +1788,10 @@ static void Encode(unsigned char *out, const uint16_t *R, const uint16_t *M, lon
17741788
}
17751789
Encode(out, R2, M2, (len + 1) / 2);
17761790
}
1791+
#ifdef WINDOWS
1792+
freezero(R2, MR_len * sizeof(*R2));
1793+
freezero(M2, MR_len * sizeof(*M2));
1794+
#endif /* WINDOWS */
17771795
}
17781796

17791797
static void Decode(uint16_t *out, const unsigned char *S, const uint16_t *M, long long len) {
@@ -1785,9 +1803,23 @@ static void Decode(uint16_t *out, const unsigned char *S, const uint16_t *M, lon
17851803
else
17861804
*out = uint32_mod_uint14(S[0] + (((uint16_t)S[1]) << 8), M[0]);
17871805
}
1806+
#ifdef WINDOWS
1807+
uint16_t *R2 = NULL, *M2 = NULL, *bottomr = NULL;
1808+
uint32_t *bottomt = NULL;
1809+
size_t MR_len = 0, bottom_len = 0;
1810+
#endif /* WINDOWS */
17881811
if (len > 1) {
1812+
#ifdef WINDOWS
1813+
MR_len = (len + 1) / 2;
1814+
bottom_len = len / 2;
1815+
R2 = xcalloc(MR_len, sizeof(*R2));
1816+
M2 = xcalloc(MR_len, sizeof(*M2));
1817+
bottomr = xcalloc(bottom_len, sizeof(*bottomr));
1818+
bottomt = xcalloc(bottom_len, sizeof(*bottomt));
1819+
#else
17891820
uint16_t R2[(len + 1) / 2], M2[(len + 1) / 2], bottomr[len / 2];
17901821
uint32_t bottomt[len / 2];
1822+
#endif /* WINDOWS */
17911823
long long i;
17921824
for (i = 0; i < len - 1; i += 2) {
17931825
uint32_t m = M[i] * (uint32_t)M[i + 1];
@@ -1820,6 +1852,12 @@ static void Decode(uint16_t *out, const unsigned char *S, const uint16_t *M, lon
18201852
}
18211853
if (i < len) *out++ = R2[i / 2];
18221854
}
1855+
#ifdef WINDOWS
1856+
freezero(R2, MR_len * sizeof(*R2));
1857+
freezero(M2, MR_len * sizeof(*M2));
1858+
freezero(bottomr, bottom_len * sizeof(*bottomr));
1859+
freezero(bottomt, bottom_len * sizeof(*bottomt));
1860+
#endif /* WINDOWS */
18231861
}
18241862

18251863
static void R3_fromRq(small *out, const Fq *r) {
@@ -1952,13 +1990,27 @@ static void Short_fromlist(small *out, const uint32_t *in) {
19521990
for (i = 0; i < p; ++i) out[i] = (L[i] & 3) - 1;
19531991
}
19541992

1993+
/* ----- underlying hash function */
1994+
1995+
#define Hash_bytes 32
1996+
1997+
/* e.g., b = 0 means out = Hash0(in) */
19551998
static void Hash_prefix(unsigned char *out, int b, const unsigned char *in, int inlen) {
1999+
#ifdef WINDOWS
2000+
unsigned char* x;
2001+
x = xcalloc(inlen + 1, sizeof(*x));
2002+
unsigned char h[64];
2003+
#else
19562004
unsigned char x[inlen + 1], h[64];
2005+
#endif /* WINDOWS */
19572006
int i;
19582007
x[0] = b;
19592008
for (i = 0; i < inlen; ++i) x[i + 1] = in[i];
19602009
crypto_hash_sha512(h, x, inlen + 1);
19612010
for (i = 0; i < 32; ++i) out[i] = h[i];
2011+
#ifdef WINDOWS
2012+
freezero(x, (inlen + 1) * sizeof(*x));
2013+
#endif /* WINDOWS */
19622014
}
19632015

19642016
static uint32_t urandom32(void) {

0 commit comments

Comments
 (0)