On Sat, 7 Nov 2015, Ross Snider wrote: > Starting by following Damian Miller's commit > 1e1242604eb0fd510fe93f81245c529237ffc513 I have been trying to > understand where precisely to include additional ciphers into my > server and client cipherlists for handshake (this commit is the start > of ed25519 support). > > I have looked at the diff of myproposal.h and also the 25519 > implementation. > > I do not see where the implementation is mapped to the canonical name > string so that it can be included in client code (ssh/sshd.c). > > Does anyone have experience or a tutorial on the various areas of code > that link key exchange, EVP structs and other function pointer, and > the handshake process all together? What algorithms are you referring to? If you mean ciphers, then the name/cipher mapping is done by the ciphers[] array in ciphers.c. If you mean key exchange algorithms, then it's more tricky. The kexalgs[] array in kex.c handles name/number lookup. The client and server need to implement handlers for each side of the key exchange, these are setup in sshconnect2.c:ssh_kex2() (client) and sshd.c:do_ssh2_kex() (server). For each key exchange method, there is one file containing the client side of the exchange, another for the server part and one for shared stuff - usually the exchange hash. For curve25519, these are kexc25519c.c, kexc25519s.c and kexc25519.c respectively. An authenticated key exchange sounds like it might be fairly tricky to implement. What are the keys and how are they managed? What's being authenticated - server->client or both? Also, if the AKE does do client->server authentication, then how does it coexist with the existing authentication system? It would need to work nicely with multiple authentication, etc. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev