diff options
| author | Simo Sorce <simo@redhat.com> | 2019-03-13 14:20:52 -0400 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2019-04-04 08:00:19 +0200 |
| commit | 30d97979a29953f7094522fd0b6fd031dae0070e (patch) | |
| tree | fc137be280d616281771c33e44ad86db6bfce762 /include/libssh | |
| parent | 2f38af1559691e6151c60533848479e96e8965bb (diff) | |
| download | libssh-30d97979a29953f7094522fd0b6fd031dae0070e.tar.gz libssh-30d97979a29953f7094522fd0b6fd031dae0070e.tar.xz libssh-30d97979a29953f7094522fd0b6fd031dae0070e.zip | |
dh: Confine DH KEX keys handling into fewer functions
In preparation for deferring computation on DH secret material to
crypto library specific backends
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'include/libssh')
| -rw-r--r-- | include/libssh/dh.h | 29 | ||||
| -rw-r--r-- | include/libssh/libcrypto.h | 1 | ||||
| -rw-r--r-- | include/libssh/libgcrypt.h | 1 | ||||
| -rw-r--r-- | include/libssh/libmbedcrypto.h | 1 |
4 files changed, 19 insertions, 13 deletions
diff --git a/include/libssh/dh.h b/include/libssh/dh.h index 2a9be714..fbfce85d 100644 --- a/include/libssh/dh.h +++ b/include/libssh/dh.h @@ -25,24 +25,18 @@ #include "libssh/crypto.h" -struct dh_keypair { - bignum priv_key; - bignum pub_key; -}; +struct dh_ctx; -struct dh_ctx { - struct dh_keypair client; - struct dh_keypair server; - bignum generator; - bignum modulus; -}; +#define DH_CLIENT_KEYPAIR 0 +#define DH_SERVER_KEYPAIR 1 int ssh_dh_init(void); void ssh_dh_finalize(void); int ssh_dh_import_next_pubkey_blob(ssh_session session, ssh_string pubkey_blob); -int ssh_dh_build_k(ssh_session session); +int ssh_dh_compute_shared_secret(struct dh_ctx *ctx, int local, int remote, + bignum *dest); int ssh_client_dh_init(ssh_session session); ssh_key ssh_dh_get_current_server_publickey(ssh_session session); @@ -56,9 +50,18 @@ int ssh_dh_get_next_server_publickey_blob(ssh_session session, void ssh_server_dh_init(ssh_session session); #endif /* WITH_SERVER */ -int ssh_dh_init_common(ssh_session session); +int ssh_dh_init_common(struct ssh_crypto_struct *crypto); void ssh_dh_cleanup(struct ssh_crypto_struct *crypto); -int ssh_dh_generate_secret(ssh_session session, bignum dest); int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet); +int ssh_dh_get_parameters(struct dh_ctx *ctx, + const_bignum *modulus, const_bignum *generator); +int ssh_dh_set_parameters(struct dh_ctx *ctx, + bignum modulus, bignum generator); +int ssh_dh_keypair_gen_keys(struct dh_ctx *ctx, int peer); +int ssh_dh_keypair_get_keys(struct dh_ctx *ctx, int peer, + const_bignum *priv, const_bignum *pub); +int ssh_dh_keypair_set_keys(struct dh_ctx *ctx, int peer, + bignum priv, bignum pub); + #endif /* DH_H_ */ diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h index e9e35ec8..8db7d751 100644 --- a/include/libssh/libcrypto.h +++ b/include/libssh/libcrypto.h @@ -64,6 +64,7 @@ typedef void *EVPCTX; #define BROKEN_AES_CTR #endif typedef BIGNUM* bignum; +typedef const BIGNUM* const_bignum; typedef BN_CTX* bignum_CTX; #define bignum_new() BN_new() diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h index 0d5d6c1b..707fd27a 100644 --- a/include/libssh/libgcrypt.h +++ b/include/libssh/libgcrypt.h @@ -50,6 +50,7 @@ typedef gcry_md_hd_t EVPCTX; #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE typedef gcry_mpi_t bignum; +typedef const struct gcry_mpi *const_bignum; typedef void* bignum_CTX; /* Constants for curves. */ diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h index 0b156fb2..c98a50cf 100644 --- a/include/libssh/libmbedcrypto.h +++ b/include/libssh/libmbedcrypto.h @@ -60,6 +60,7 @@ typedef mbedtls_md_context_t *EVPCTX; #define EVP_DIGEST_LEN EVP_MAX_MD_SIZE typedef mbedtls_mpi *bignum; +typedef const mbedtls_mpi *const_bignum; typedef void* bignum_CTX; /* Constants for curves */ |