Aris Adamantiadis
2013-Nov-02 14:25 UTC
Re: [PATCH] curve25519-sha256@libssh.org key exchange proposal
> shared_secret should be an mpint/bignum in the hash, since > this is what the RFC requires for ''K'', c.f. the SSH-ECDH RFC: > > http://tools.ietf.org/html/rfc5656#section-4 > The elliptic curve public keys (points) that must be transmitted are > encoded into octet strings before they are transmitted. The > transformation between elliptic curve points and octet strings is > specified in Sections 2.3.3 and 2.3.4 of [SEC1]; point compression > MAY be used. The output of shared key generation is a field element > xp. The SSH framework requires that the shared key be an integer. > The conversion between a field element and an integer is specified in > Section 2.3.9 of [SEC1]. > where [SEC1] == http://www.secg.org/download/aid-780/sec1-v2.pdf > >I think [SEC1] is irrelevant here since Curve25519 is defined somewhere else. I think the key here is "The SSH framework requires that the shared key be an integer" which I do not believe to be a MUST, but a reason enough to keep an mpint.> so I think we should keep the encodings from the patch... > > -m >So I think the patch is ready :) Aris