This month's Index
Subject: diffie-hellman-group-exchange-sha256 key exchange
diffie-hellman-group-exchange-sha256 key exchange
From: Will Cosgrove <will_at_panic.com>
Date: Mon, 12 Jan 2015 16:29:12 -0800
First, kmdhgGPsha1kex_state_t is coded to be specific to sha1. No big deal I thought, I could add a sha256 version. However that leads to key_exchange_state_low_t which is included in key_exchange_state_t. So now we’re duplicating three structs and causing a lot of branching, not so great.
At that point, I decided to change kmdhgGPsha1kex_state_t to support sha256. The following changes were made:
unsigned char h_sig_comp[SHA256_DIGEST_LENGTH]; //SHA1_DIGEST_LENGTH
This isn’t so hot as it hard-codes openssl support instead of using the libssh2_sha1_ctx macro. On the flip side, creating three new structures for a couple calls seems excessive.
Anyone out there have opinions on how to proceed?