4.2 Key-exchange algorithms

Modules of this type implement more than a simple algorithm. A key-exchange module needs to provide both the crypto used to establish a shared secret and the associated part of the ssh2 protocol.

This section briefly lists key-exchange algorithms that are supported by modules provided along with the library.

Key-exchange related declarations can be found in assh/assh_kex.h.

Prime field Diffie-Hellman [link] 

The following algorithms rely on diffie-hellman over a prime field, as specified in rfc4253:

  • diffie-hellman-group1-sha1 (1024 bits prime),

  • diffie-hellman-group14-sha1 (2048 bits prime).

  • diffie-hellman-group14-sha256 (2048 bits prime).

There are additional such algorithms with larger primes, specified in [18]:

  • diffie-hellman-group15-sha512 (3072 bits prime).

  • diffie-hellman-group16-sha512 (4096 bits prime).

  • diffie-hellman-group17-sha512 (6144 bits prime).

  • diffie-hellman-group18-sha512 (8192 bits prime).

Prime field Diffie-Hellman with group exchange [link] 

The following algorithms rely on diffie-hellman over a prime field as specified in rfc4419. The groups used are not fixed but provided by the server:

  • diffie-hellman-group-exchange-sha1,

  • diffie-hellman-group-exchange-sha256.

Because matching security of the selected cipher algorithm with the DH group size is not straightforward, different choices are available, based on estimates provided in rfc3526 and rfc3766. The size of the group offered by the server depends on the retained variant of the DH algorithm as well as the size of the symmetric key used by the cipher algorithm.

RSA encrypted secret [link] 

These key-exchange methods rely on RSA encrypted secret as specified in rfc4432:

  • rsa1024-sha1,

  • rsa2048-sha256.

They require an RSA key on the server side. If no key is loaded for that purpose, an ephemeral key is created automatically.

Montgomery curves Diffie-Hellman [link] 

These are diffie-hellman algorithms based on montgomery elliptic curves as proposed in [23]. The protocol part for ssh2 is specified in [30].

Two additional sets of curve parameters proposed in [19] and [20] with larger key sizes are implemented as libassh extensions:

  • curve25519-sha256@libssh.org,

  • m383-sha384@libassh.org,

  • m511-sha512@libassh.org.

In addition to the builtin implementation, a libsodium based implementation of curve25519-sha256@libssh.org is also provided.

Weierstrass curves Diffie-Hellman [link] 

These are diffie-hellman algorithms based on weierstrass elliptic curves as proposed in rfc5656. The three NIST curves required by the rfc are implemented.

  • ecdh-sha2-nistp256,

  • ecdh-sha2-nistp384,

  • ecdh-sha2-nistp521

Valid XHTML 1.0 StrictGenerated by diaxen on Sun Oct 25 23:30:45 2020 using MkDoc