diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/libssh/bignum.h | 1 | ||||
-rw-r--r-- | include/libssh/crypto.h | 6 | ||||
-rw-r--r-- | include/libssh/ecdh.h | 4 | ||||
-rw-r--r-- | include/libssh/keys.h | 6 | ||||
-rw-r--r-- | include/libssh/libmbedcrypto.h | 111 | ||||
-rw-r--r-- | include/libssh/pki.h | 7 | ||||
-rw-r--r-- | include/libssh/wrapper.h | 1 |
7 files changed, 136 insertions, 0 deletions
diff --git a/include/libssh/bignum.h b/include/libssh/bignum.h index 71970e3e..32727050 100644 --- a/include/libssh/bignum.h +++ b/include/libssh/bignum.h @@ -23,6 +23,7 @@ #include "libssh/libcrypto.h" #include "libssh/libgcrypt.h" +#include "libssh/libmbedcrypto.h" bignum ssh_make_string_bn(ssh_string string); void ssh_make_string_bn_inplace(ssh_string string, bignum bnout); diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h index cc54b338..81915e20 100644 --- a/include/libssh/crypto.h +++ b/include/libssh/crypto.h @@ -84,6 +84,8 @@ struct ssh_crypto_struct { EC_KEY *ecdh_privkey; #elif defined HAVE_GCRYPT_ECC gcry_sexp_t ecdh_privkey; +#elif defined HAVE_LIBMBEDCRYPTO + mbedtls_ecp_keypair *ecdh_privkey; #endif ssh_string ecdh_client_pubkey; ssh_string ecdh_server_pubkey; @@ -135,6 +137,10 @@ struct ssh_cipher_struct { struct ssh_aes_key_schedule *aes_key; const EVP_CIPHER *cipher; EVP_CIPHER_CTX *ctx; +#elif defined HAVE_LIBMBEDCRYPTO + mbedtls_cipher_context_t encrypt_ctx; + mbedtls_cipher_context_t decrypt_ctx; + mbedtls_cipher_type_t type; #endif unsigned int keysize; /* bytes of key used. != keylen */ /* sets the new key for immediate use */ diff --git a/include/libssh/ecdh.h b/include/libssh/ecdh.h index 9f94d69c..66659b85 100644 --- a/include/libssh/ecdh.h +++ b/include/libssh/ecdh.h @@ -37,6 +37,10 @@ #define HAVE_ECDH 1 #endif +#ifdef HAVE_LIBMBEDCRYPTO +#define HAVE_ECDH 1 +#endif + /* Common functions. */ int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet); diff --git a/include/libssh/keys.h b/include/libssh/keys.h index 6f08e070..f25283ae 100644 --- a/include/libssh/keys.h +++ b/include/libssh/keys.h @@ -34,6 +34,9 @@ struct ssh_public_key_struct { #elif HAVE_LIBCRYPTO DSA *dsa_pub; RSA *rsa_pub; +#elif HAVE_LIBMBEDCRYPTO + mbedtls_pk_context *rsa_pub; + void *dsa_pub; #endif }; @@ -45,6 +48,9 @@ struct ssh_private_key_struct { #elif defined HAVE_LIBCRYPTO DSA *dsa_priv; RSA *rsa_priv; +#elif HAVE_LIBMBEDCRYPTO + mbedtls_pk_context *rsa_priv; + void *dsa_priv; #endif }; diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h new file mode 100644 index 00000000..7cc1bbb0 --- /dev/null +++ b/include/libssh/libmbedcrypto.h @@ -0,0 +1,111 @@ +/* + * This file is part of the SSH Library + * + * Copyright (c) 2017 Sartura d.o.o. + * + * Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> + * + * The SSH Library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The SSH Library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the SSH Library; see the file COPYING. If not, write to + * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, + * MA 02111-1307, USA. + */ + +#ifndef LIBMBEDCRYPTO_H_ +#define LIBMBEDCRYPTO_H_ + +#include "config.h" + +#ifdef HAVE_LIBMBEDCRYPTO + +#include <mbedtls/md.h> +#include <mbedtls/bignum.h> +#include <mbedtls/pk.h> +#include <mbedtls/cipher.h> +#include <mbedtls/entropy.h> +#include <mbedtls/ctr_drbg.h> + +typedef mbedtls_md_context_t *SHACTX; +typedef mbedtls_md_context_t *SHA256CTX; +typedef mbedtls_md_context_t *SHA384CTX; +typedef mbedtls_md_context_t *SHA512CTX; +typedef mbedtls_md_context_t *MD5CTX; +typedef mbedtls_md_context_t *HMACCTX; +typedef mbedtls_md_context_t *EVPCTX; + +#define SHA_DIGEST_LENGTH 20 +#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH +#define MD5_DIGEST_LEN 16 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH + +#ifndef EVP_MAX_MD_SIZE +#define EVP_MAX_MD_SIZE 64 +#endif + +#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE + +typedef mbedtls_mpi *bignum; + +/* Constants for curves */ +#define NID_mbedtls_nistp256 0 +#define NID_mbedtls_nistp384 1 +#define NID_mbedtls_nistp521 2 + +struct mbedtls_ecdsa_sig { + bignum r; + bignum s; +}; + +bignum ssh_mbedcry_bn_new(void); +void ssh_mbedcry_bn_free(bignum num); +char *ssh_mbedcry_bn2num(bignum num, int radix); +int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom); +int ssh_mbedcry_is_bit_set(bignum num, size_t pos); + +#define bignum_new() ssh_mbedcry_bn_new() +#define bignum_free(num) ssh_mbedcry_bn_free(num); +#define bignum_set_word(bn, n) mbedtls_mpi_lset(bn, n) /* TODO fix + overflow/underflow */ +#define bignum_bin2bn(data, datalen, bn) mbedtls_mpi_read_binary(bn, data, \ + datalen) +#define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10) +#define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data) +#define bignum_bn2hex(num) ssh_mbedcry_bn2num(num, 16) +#define bignum_rand(rnd, bits, top, bottom) ssh_mbedcry_rand(rnd, bits, \ + top, bottom) +#define bignum_mod_exp(dest, generator, exp, modulo, ctx) \ + mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL) +#define bignum_num_bytes(num) mbedtls_mpi_size(num) +#define bignum_num_bits(num) mbedtls_mpi_bitlen(num) +#define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit) +#define bignum_bn2bin(num, ptr) mbedtls_mpi_write_binary(num, ptr, \ + mbedtls_mpi_size(num)) +#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2) + +mbedtls_entropy_context ssh_mbedtls_entropy; +mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg; + +void ssh_mbedtls_init(void); +void ssh_mbedtls_cleanup(void); +int ssh_mbedtls_random(void *where, int len, int strong); + +ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const + mbedtls_ecp_point *p); + +#endif /* HAVE_LIBMBEDCRYPTO */ +#endif /* LIBMBEDCRYPTO_H_ */ diff --git a/include/libssh/pki.h b/include/libssh/pki.h index e0e30f1a..e078768b 100644 --- a/include/libssh/pki.h +++ b/include/libssh/pki.h @@ -48,6 +48,10 @@ struct ssh_key_struct { gcry_sexp_t dsa; gcry_sexp_t rsa; gcry_sexp_t ecdsa; +#elif HAVE_LIBMBEDCRYPTO + mbedtls_pk_context *rsa; + mbedtls_ecdsa_context *ecdsa; + void *dsa; #elif HAVE_LIBCRYPTO DSA *dsa; RSA *rsa; @@ -78,6 +82,9 @@ struct ssh_signature_struct { # else void *ecdsa_sig; # endif +#elif defined HAVE_LIBMBEDCRYPTO + ssh_string rsa_sig; + struct mbedtls_ecdsa_sig ecdsa_sig; #endif ed25519_signature *ed25519_sig; }; diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h index cdd72d6d..6b6cf0b1 100644 --- a/include/libssh/wrapper.h +++ b/include/libssh/wrapper.h @@ -25,6 +25,7 @@ #include "libssh/libssh.h" #include "libssh/libcrypto.h" #include "libssh/libgcrypt.h" +#include "libssh/libmbedcrypto.h" enum ssh_mac_e { SSH_MAC_SHA1=1, |