[PATCH] curve25519-sha256 at libssh.org key exchange proposal
Aris Adamantiadis
aris at 0xbadc0de.be
Sun Nov 3 01:25:29 EST 2013
> shared_secret should be an mpint/bignum in the hash, since
> this is what the RFC requires for 'K', c.f. the SSH-ECDH RFC:
>
> http://tools.ietf.org/html/rfc5656#section-4
> The elliptic curve public keys (points) that must be transmitted are
> encoded into octet strings before they are transmitted. The
> transformation between elliptic curve points and octet strings is
> specified in Sections 2.3.3 and 2.3.4 of [SEC1]; point compression
> MAY be used. The output of shared key generation is a field element
> xp. The SSH framework requires that the shared key be an integer.
> The conversion between a field element and an integer is specified in
> Section 2.3.9 of [SEC1].
> where [SEC1] == http://www.secg.org/download/aid-780/sec1-v2.pdf
>
>
I think [SEC1] is irrelevant here since Curve25519 is defined somewhere
else. I think the key here is "The SSH framework requires that the
shared key be an integer" which I do not believe to be a MUST, but a
reason enough to keep an mpint.
> so I think we should keep the encodings from the patch...
>
> -m
>
So I think the patch is ready :)
Aris
More information about the openssh-unix-dev
mailing list