add mbedtls crypto support

Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems.  It is loosely coupled and has a low memory
footprint.  mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>

Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.

Reviewers: asn, aris

Subscribers: simonsj

Differential Revision: https://bugs.libssh.org/D1

7 files changed, 136 insertions, 0 deletions

diff --git a/include/libssh/bignum.h b/include/libssh/bignum.h
index 71970e3e..32727050 100644
--- a/include/libssh/bignum.h
+++ b/include/libssh/bignum.h
@@ -23,6 +23,7 @@
 
 #include "libssh/libcrypto.h"
 #include "libssh/libgcrypt.h"
+#include "libssh/libmbedcrypto.h"
 
 bignum ssh_make_string_bn(ssh_string string);
 void ssh_make_string_bn_inplace(ssh_string string, bignum bnout);
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index cc54b338..81915e20 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -84,6 +84,8 @@ struct ssh_crypto_struct {
     EC_KEY *ecdh_privkey;
 #elif defined HAVE_GCRYPT_ECC
     gcry_sexp_t ecdh_privkey;
+#elif defined HAVE_LIBMBEDCRYPTO
+    mbedtls_ecp_keypair *ecdh_privkey;
 #endif
     ssh_string ecdh_client_pubkey;
     ssh_string ecdh_server_pubkey;
@@ -135,6 +137,10 @@ struct ssh_cipher_struct {
     struct ssh_aes_key_schedule *aes_key;
     const EVP_CIPHER *cipher;
     EVP_CIPHER_CTX *ctx;
+#elif defined HAVE_LIBMBEDCRYPTO
+    mbedtls_cipher_context_t encrypt_ctx;
+    mbedtls_cipher_context_t decrypt_ctx;
+    mbedtls_cipher_type_t type;
 #endif
     unsigned int keysize; /* bytes of key used. != keylen */
     /* sets the new key for immediate use */
diff --git a/include/libssh/ecdh.h b/include/libssh/ecdh.h
index 9f94d69c..66659b85 100644
--- a/include/libssh/ecdh.h
+++ b/include/libssh/ecdh.h
@@ -37,6 +37,10 @@
 #define HAVE_ECDH 1
 #endif
 
+#ifdef HAVE_LIBMBEDCRYPTO
+#define HAVE_ECDH 1
+#endif
+
 /* Common functions.  */
 int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet);
 
diff --git a/include/libssh/keys.h b/include/libssh/keys.h
index 6f08e070..f25283ae 100644
--- a/include/libssh/keys.h
+++ b/include/libssh/keys.h
@@ -34,6 +34,9 @@ struct ssh_public_key_struct {
 #elif HAVE_LIBCRYPTO
     DSA *dsa_pub;
     RSA *rsa_pub;
+#elif HAVE_LIBMBEDCRYPTO
+    mbedtls_pk_context *rsa_pub;
+    void *dsa_pub;
 #endif
 };
 
@@ -45,6 +48,9 @@ struct ssh_private_key_struct {
 #elif defined HAVE_LIBCRYPTO
     DSA *dsa_priv;
     RSA *rsa_priv;
+#elif HAVE_LIBMBEDCRYPTO
+    mbedtls_pk_context *rsa_priv;
+    void *dsa_priv;
 #endif
 };
 
diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h
new file mode 100644
index 00000000..7cc1bbb0
--- /dev/null
+++ b/include/libssh/libmbedcrypto.h
@@ -0,0 +1,111 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2017 Sartura d.o.o.
+ *
+ * Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#ifndef LIBMBEDCRYPTO_H_
+#define LIBMBEDCRYPTO_H_
+
+#include "config.h"
+
+#ifdef HAVE_LIBMBEDCRYPTO
+
+#include <mbedtls/md.h>
+#include <mbedtls/bignum.h>
+#include <mbedtls/pk.h>
+#include <mbedtls/cipher.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
+
+typedef mbedtls_md_context_t *SHACTX;
+typedef mbedtls_md_context_t *SHA256CTX;
+typedef mbedtls_md_context_t *SHA384CTX;
+typedef mbedtls_md_context_t *SHA512CTX;
+typedef mbedtls_md_context_t *MD5CTX;
+typedef mbedtls_md_context_t *HMACCTX;
+typedef mbedtls_md_context_t *EVPCTX;
+
+#define SHA_DIGEST_LENGTH 20
+#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
+#define MD5_DIGEST_LEN 16
+#define SHA256_DIGEST_LENGTH 32
+#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
+#define SHA384_DIGEST_LENGTH 48
+#define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH
+#define SHA512_DIGEST_LENGTH 64
+#define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH
+
+#ifndef EVP_MAX_MD_SIZE
+#define EVP_MAX_MD_SIZE 64
+#endif
+
+#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
+
+typedef mbedtls_mpi *bignum;
+
+/* Constants for curves */
+#define NID_mbedtls_nistp256 0
+#define NID_mbedtls_nistp384 1
+#define NID_mbedtls_nistp521 2
+
+struct mbedtls_ecdsa_sig {
+    bignum r;
+    bignum s;
+};
+
+bignum ssh_mbedcry_bn_new(void);
+void ssh_mbedcry_bn_free(bignum num);
+char *ssh_mbedcry_bn2num(bignum num, int radix);
+int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom);
+int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
+
+#define bignum_new() ssh_mbedcry_bn_new()
+#define bignum_free(num) ssh_mbedcry_bn_free(num);
+#define bignum_set_word(bn, n) mbedtls_mpi_lset(bn, n) /* TODO fix
+                                                          overflow/underflow */
+#define bignum_bin2bn(data, datalen, bn) mbedtls_mpi_read_binary(bn, data, \
+        datalen)
+#define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10)
+#define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data)
+#define bignum_bn2hex(num) ssh_mbedcry_bn2num(num, 16)
+#define bignum_rand(rnd, bits, top, bottom) ssh_mbedcry_rand(rnd, bits, \
+        top, bottom)
+#define bignum_mod_exp(dest, generator, exp, modulo, ctx) \
+        mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)
+#define bignum_num_bytes(num) mbedtls_mpi_size(num)
+#define bignum_num_bits(num) mbedtls_mpi_bitlen(num)
+#define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit)
+#define bignum_bn2bin(num, ptr) mbedtls_mpi_write_binary(num, ptr, \
+        mbedtls_mpi_size(num))
+#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
+
+mbedtls_entropy_context ssh_mbedtls_entropy;
+mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
+
+void ssh_mbedtls_init(void);
+void ssh_mbedtls_cleanup(void);
+int ssh_mbedtls_random(void *where, int len, int strong);
+
+ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const
+        mbedtls_ecp_point *p);
+
+#endif /* HAVE_LIBMBEDCRYPTO */
+#endif /* LIBMBEDCRYPTO_H_ */
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index e0e30f1a..e078768b 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -48,6 +48,10 @@ struct ssh_key_struct {
     gcry_sexp_t dsa;
     gcry_sexp_t rsa;
     gcry_sexp_t ecdsa;
+#elif HAVE_LIBMBEDCRYPTO
+    mbedtls_pk_context *rsa;
+    mbedtls_ecdsa_context *ecdsa;
+    void *dsa;
 #elif HAVE_LIBCRYPTO
     DSA *dsa;
     RSA *rsa;
@@ -78,6 +82,9 @@ struct ssh_signature_struct {
 # else
     void *ecdsa_sig;
 # endif
+#elif defined HAVE_LIBMBEDCRYPTO
+    ssh_string rsa_sig;
+    struct mbedtls_ecdsa_sig ecdsa_sig;
 #endif
     ed25519_signature *ed25519_sig;
 };
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index cdd72d6d..6b6cf0b1 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -25,6 +25,7 @@
 #include "libssh/libssh.h"
 #include "libssh/libcrypto.h"
 #include "libssh/libgcrypt.h"
+#include "libssh/libmbedcrypto.h"
 
 enum ssh_mac_e {
   SSH_MAC_SHA1=1,