djm at mindrot
Aug 30, 2012, 4:49 PM
Post #2 of 3
On Thu, 30 Aug 2012, Eric Ferguson wrote:
> Hi everyone.
> I'm currently running through FIPS validation, and this year CAVP
> requires KDF tests for SSH. I'm running OpenSSH v5.6p1 and I see that
> the 6 keys that I need are derived in kex_derived_keys in kex.c.
> However, I don't yet see any way for me to access this function from an
> existing command line tool, being able to pass in K, H, and the
> session_id from the test vector. Is my only option to build a custom
> executable, linking in key derivation function I need, or am I missing
No, there is definitely no way to invoke the KEX KDF from the shell. You'll
have to make you own executable.
In the future, we hope to make bits like this available in a more friendly
library form but I don't think we will ever expose them via a command
interface directly. If there are specific tests that need to be done then
I'd certainly consider adding them as unit tests though.
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot