<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Péter Szabó</b> <span dir="ltr"><<a href="mailto:ptspts@gmail.com">ptspts@gmail.com</a>></span><br>Date: Thu, Oct 5, 2017 at 5:08 PM<br>Subject: Re: proof-of-concept ed25519 crypto and other additions implemented<br>To: Matt Johnston <<a href="mailto:matt@ucc.asn.au">matt@ucc.asn.au</a>><br><br><br><div dir="ltr">Hi,<br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Wed, Oct 4, 2017 at 4:49 PM, Matt Johnston <span dir="ltr"><<a href="mailto:matt@ucc.asn.au" target="_blank">matt@ucc.asn.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>- Can the patches be made from a fork of the Dropbear tree, with the 2017.75 tag? That will make merging/cherry picking easier <a href="https://github.com/mkj/dropbear/tree/DROPBEAR_2017.75" target="_blank">https://github.com/mkj/<wbr>dropbear/tree/DROPBEAR_2017.75</a><br></div></div></blockquote><div><br></div></span><div>Please see <a href="https://github.com/pts/dropbear-ptscrypto/tree/ptscrypto" target="_blank">https://github.com/pts/<wbr>dropbear-ptscrypto/tree/<wbr>ptscrypto</a>. I hope I've done it correctly. Feel free to skip the irrelevant commints and files (e.g. c.sh and README.txt).</div><span class=""><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>- I don't like the pointer arithmetic <a href="https://github.com/pts/pts-dropbear/blob/4bb002ccad33a5fa55b88b4216586b09881e0d3c/ed25519.c#L70" target="_blank">https://github.com/<wbr>pts/pts-dropbear/blob/4bb002cc<wbr>ad33a5fa55b88b4216586b09881e0d<wbr>3c/ed25519.c#L70</a></div><div><br><span class="m_7118816756960006151gmail-m_1129481286919915546Apple-tab-span" style="white-space:pre-wrap"> </span>if (buf->pos + 83 > buf->len ||<br><span class="m_7118816756960006151gmail-m_1129481286919915546Apple-tab-span" style="white-space:pre-wrap"> </span> 0 != memcmp(buf->data + buf->pos, "\0\0\0\x0bssh-ed255<wbr>19\0\0\0@", 19)<br><span class="m_7118816756960006151gmail-m_1129481286919915546Apple-tab-span" style="white-space:pre-wrap"> </span> ) return DROPBEAR_FAILURE;<br><span class="m_7118816756960006151gmail-m_1129481286919915546Apple-tab-span" style="white-space:pre-wrap"> </span>memcpy(key->spk, buf->data + buf->pos + 19, 64);<br><br></div><div>Instead it should use buf_getstring(), buf_getbufstring(), buf_incrwritepos() etc.</div></div></blockquote><div><br></div></span><div>That's fine for me.</div><div><br></div><div>I don't understand the Dropbear merge process yet. The most convenient option for me would be that someone else does the work of merging and code cleanup, and I'm available for consultation (e.g. explaining my motivations and implementation decisions) in e-mail or over chat if something looks wrong with my code.</div><span class=""><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>- Agree that SHA512 from libtomcrypt should be used instead.</div></div></blockquote><div><br></div></span><div>That's also fine for me.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>- what is the reason for wanting a 8192 bit RSA key.</div></div></blockquote><div><br></div><div>I have a 8192-bit RSA key which I use rarely, but I want to keep for years (decades) in authorized_keys on the server.</div><span class=""><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>I see you mentioned chacha20-poly1305 in the TODO. If you (or anyone else) is going to implement that it would be worth using the upcoming libtomcrypt 1.18 release which supports those. The mode used by OpenSSH may be a bit different though, with a separate cipher for lengths.</div></div></blockquote><div><br></div></span><div>Thanks for the heads up! If I ever start working on it, my plan is to copy the code from tinyssh, to have something which works quickly. I agree that the final implementation should use libtomcrypt.</div></div></div></div>
</div><br></div>