kex: implement curve25519-sha256@libssh.org

1 files changed, 12 insertions, 2 deletions

diff --git a/src/kex.c b/src/kex.c
index 4de5a65..7cd404f 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -34,6 +34,7 @@
 #include "libssh/session.h"
 #include "libssh/ssh2.h"
 #include "libssh/string.h"
+#include "libssh/curve25519.h"
 
 #ifdef HAVE_LIBGCRYPT
 # define BLOWFISH "blowfish-cbc,"
@@ -63,14 +64,21 @@
 #define ZLIB "none"
 #endif
 
+#ifdef HAVE_CURVE25519
+#define CURVE25519 "curve25519-sha256@libssh.org,"
+#else
+#define CURVE25519 ""
+#endif
+
 #ifdef HAVE_ECDH
-#define KEY_EXCHANGE "ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
+#define ECDH "ecdh-sha2-nistp256,"
 #define HOSTKEYS "ecdsa-sha2-nistp256,ssh-rsa,ssh-dss"
 #else
-#define KEY_EXCHANGE "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
 #define HOSTKEYS "ssh-rsa,ssh-dss"
+#define ECDH ""
 #endif
 
+#define KEY_EXCHANGE CURVE25519 ECDH "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
 #define KEX_METHODS_SIZE 10
 
 /* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */
@@ -412,6 +420,8 @@ int ssh_kex_select_methods (ssh_session session){
       session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA1;
     } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){
       session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP256;
+    } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "curve25519-sha256@libssh.org") == 0){
+      session->next_crypto->kex_type=SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG;
     }
 
     return SSH_OK;