diff options
author | Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> | 2017-12-28 11:10:43 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-12-28 11:17:39 +0100 |
commit | 778652460f7cceb3e760964a890ffd99ec8230e7 (patch) | |
tree | b30fca5918cc4f88abcba9e12146c6fe5db11ad1 /src/dh.c | |
parent | 5c3b1ee0a427e3a6a0b2ba0862fd9d2c4c25d736 (diff) | |
download | libssh-778652460f7cceb3e760964a890ffd99ec8230e7.tar.gz libssh-778652460f7cceb3e760964a890ffd99ec8230e7.tar.xz libssh-778652460f7cceb3e760964a890ffd99ec8230e7.zip |
add mbedtls crypto support
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
Diffstat (limited to 'src/dh.c')
-rw-r--r-- | src/dh.c | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -143,6 +143,8 @@ int ssh_get_random(void *where, int len, int strong){ return RAND_pseudo_bytes(where,len); } # endif /* OPENSSL_VERSION_NUMBER */ +#elif defined HAVE_LIBMBEDCRYPTO + return ssh_mbedtls_random(where, len, strong); #endif /* never reached */ @@ -162,6 +164,8 @@ int ssh_crypto_init(void) { gcry_control(GCRYCTL_INIT_SECMEM, 4096); gcry_control(GCRYCTL_INITIALIZATION_FINISHED,0); } +#elif HAVE_LIBMBEDCRYPTO + ssh_mbedtls_init(); #endif g = bignum_new(); @@ -206,7 +210,12 @@ int ssh_crypto_init(void) { bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14); OpenSSL_add_all_algorithms(); +#elif defined HAVE_LIBMBEDCRYPTO + p_group1 = bignum_new(); + bignum_bin2bn(p_group1_value, P_GROUP1_LEN, p_group1); + p_group14 = bignum_new(); + bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14); #endif ssh_crypto_initialized = 1; @@ -228,6 +237,8 @@ void ssh_crypto_finalize(void) { #elif defined HAVE_LIBCRYPTO EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); +#elif defined HAVE_LIBMBEDTLS + ssh_mbedtls_cleanup(); #endif ssh_crypto_initialized=0; } @@ -249,6 +260,8 @@ int ssh_dh_generate_x(ssh_session session) { bignum_rand(session->next_crypto->x, keysize); #elif defined HAVE_LIBCRYPTO bignum_rand(session->next_crypto->x, keysize, -1, 0); +#elif defined HAVE_LIBMBEDCRYPTO + bignum_rand(session->next_crypto->x, keysize, -1, 0); #endif /* not harder than this */ @@ -276,6 +289,8 @@ int ssh_dh_generate_y(ssh_session session) { bignum_rand(session->next_crypto->y, keysize); #elif defined HAVE_LIBCRYPTO bignum_rand(session->next_crypto->y, keysize, -1, 0); +#elif defined HAVE_LIBMBEDCRYPTO + bignum_rand(session->next_crypto->y, keysize, -1, 0); #endif /* not harder than this */ @@ -309,6 +324,9 @@ int ssh_dh_generate_e(ssh_session session) { #elif defined HAVE_LIBCRYPTO bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x, select_p(session->next_crypto->kex_type), ctx); +#elif defined HAVE_LIBMBEDCRYPTO + bignum_mod_exp(session->next_crypto->e, g, session->next_crypto->x, + select_p(session->next_crypto->kex_type), NULL); #endif #ifdef DEBUG_CRYPTO @@ -344,6 +362,9 @@ int ssh_dh_generate_f(ssh_session session) { #elif defined HAVE_LIBCRYPTO bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y, select_p(session->next_crypto->kex_type), ctx); +#elif defined HAVE_LIBMBEDCRYPTO + bignum_mod_exp(session->next_crypto->f, g, session->next_crypto->y, + select_p(session->next_crypto->kex_type), NULL); #endif #ifdef DEBUG_CRYPTO @@ -430,6 +451,14 @@ int ssh_dh_build_k(ssh_session session) { bignum_mod_exp(session->next_crypto->k, session->next_crypto->e, session->next_crypto->y, select_p(session->next_crypto->kex_type), ctx); } +#elif defined HAVE_LIBMBEDCRYPTO + if (session->client) { + bignum_mod_exp(session->next_crypto->k, session->next_crypto->f, + session->next_crypto->x, select_p(session->next_crypto->kex_type), NULL); + } else { + bignum_mod_exp(session->next_crypto->k, session->next_crypto->e, + session->next_crypto->y, select_p(session->next_crypto->kex_type), NULL); + } #endif #ifdef DEBUG_CRYPTO |