aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/libssh/bignum.h1
-rw-r--r--include/libssh/crypto.h6
-rw-r--r--include/libssh/ecdh.h4
-rw-r--r--include/libssh/keys.h6
-rw-r--r--include/libssh/libmbedcrypto.h111
-rw-r--r--include/libssh/pki.h7
-rw-r--r--include/libssh/wrapper.h1
7 files changed, 136 insertions, 0 deletions
diff --git a/include/libssh/bignum.h b/include/libssh/bignum.h
index 71970e3e..32727050 100644
--- a/include/libssh/bignum.h
+++ b/include/libssh/bignum.h
@@ -23,6 +23,7 @@
#include "libssh/libcrypto.h"
#include "libssh/libgcrypt.h"
+#include "libssh/libmbedcrypto.h"
bignum ssh_make_string_bn(ssh_string string);
void ssh_make_string_bn_inplace(ssh_string string, bignum bnout);
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index cc54b338..81915e20 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -84,6 +84,8 @@ struct ssh_crypto_struct {
EC_KEY *ecdh_privkey;
#elif defined HAVE_GCRYPT_ECC
gcry_sexp_t ecdh_privkey;
+#elif defined HAVE_LIBMBEDCRYPTO
+ mbedtls_ecp_keypair *ecdh_privkey;
#endif
ssh_string ecdh_client_pubkey;
ssh_string ecdh_server_pubkey;
@@ -135,6 +137,10 @@ struct ssh_cipher_struct {
struct ssh_aes_key_schedule *aes_key;
const EVP_CIPHER *cipher;
EVP_CIPHER_CTX *ctx;
+#elif defined HAVE_LIBMBEDCRYPTO
+ mbedtls_cipher_context_t encrypt_ctx;
+ mbedtls_cipher_context_t decrypt_ctx;
+ mbedtls_cipher_type_t type;
#endif
unsigned int keysize; /* bytes of key used. != keylen */
/* sets the new key for immediate use */
diff --git a/include/libssh/ecdh.h b/include/libssh/ecdh.h
index 9f94d69c..66659b85 100644
--- a/include/libssh/ecdh.h
+++ b/include/libssh/ecdh.h
@@ -37,6 +37,10 @@
#define HAVE_ECDH 1
#endif
+#ifdef HAVE_LIBMBEDCRYPTO
+#define HAVE_ECDH 1
+#endif
+
/* Common functions. */
int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet);
diff --git a/include/libssh/keys.h b/include/libssh/keys.h
index 6f08e070..f25283ae 100644
--- a/include/libssh/keys.h
+++ b/include/libssh/keys.h
@@ -34,6 +34,9 @@ struct ssh_public_key_struct {
#elif HAVE_LIBCRYPTO
DSA *dsa_pub;
RSA *rsa_pub;
+#elif HAVE_LIBMBEDCRYPTO
+ mbedtls_pk_context *rsa_pub;
+ void *dsa_pub;
#endif
};
@@ -45,6 +48,9 @@ struct ssh_private_key_struct {
#elif defined HAVE_LIBCRYPTO
DSA *dsa_priv;
RSA *rsa_priv;
+#elif HAVE_LIBMBEDCRYPTO
+ mbedtls_pk_context *rsa_priv;
+ void *dsa_priv;
#endif
};
diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h
new file mode 100644
index 00000000..7cc1bbb0
--- /dev/null
+++ b/include/libssh/libmbedcrypto.h
@@ -0,0 +1,111 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2017 Sartura d.o.o.
+ *
+ * Author: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#ifndef LIBMBEDCRYPTO_H_
+#define LIBMBEDCRYPTO_H_
+
+#include "config.h"
+
+#ifdef HAVE_LIBMBEDCRYPTO
+
+#include <mbedtls/md.h>
+#include <mbedtls/bignum.h>
+#include <mbedtls/pk.h>
+#include <mbedtls/cipher.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
+
+typedef mbedtls_md_context_t *SHACTX;
+typedef mbedtls_md_context_t *SHA256CTX;
+typedef mbedtls_md_context_t *SHA384CTX;
+typedef mbedtls_md_context_t *SHA512CTX;
+typedef mbedtls_md_context_t *MD5CTX;
+typedef mbedtls_md_context_t *HMACCTX;
+typedef mbedtls_md_context_t *EVPCTX;
+
+#define SHA_DIGEST_LENGTH 20
+#define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
+#define MD5_DIGEST_LEN 16
+#define SHA256_DIGEST_LENGTH 32
+#define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
+#define SHA384_DIGEST_LENGTH 48
+#define SHA384_DIGEST_LEN SHA384_DIGEST_LENGTH
+#define SHA512_DIGEST_LENGTH 64
+#define SHA512_DIGEST_LEN SHA512_DIGEST_LENGTH
+
+#ifndef EVP_MAX_MD_SIZE
+#define EVP_MAX_MD_SIZE 64
+#endif
+
+#define EVP_DIGEST_LEN EVP_MAX_MD_SIZE
+
+typedef mbedtls_mpi *bignum;
+
+/* Constants for curves */
+#define NID_mbedtls_nistp256 0
+#define NID_mbedtls_nistp384 1
+#define NID_mbedtls_nistp521 2
+
+struct mbedtls_ecdsa_sig {
+ bignum r;
+ bignum s;
+};
+
+bignum ssh_mbedcry_bn_new(void);
+void ssh_mbedcry_bn_free(bignum num);
+char *ssh_mbedcry_bn2num(bignum num, int radix);
+int ssh_mbedcry_rand(bignum rnd, int bits, int top, int bottom);
+int ssh_mbedcry_is_bit_set(bignum num, size_t pos);
+
+#define bignum_new() ssh_mbedcry_bn_new()
+#define bignum_free(num) ssh_mbedcry_bn_free(num);
+#define bignum_set_word(bn, n) mbedtls_mpi_lset(bn, n) /* TODO fix
+ overflow/underflow */
+#define bignum_bin2bn(data, datalen, bn) mbedtls_mpi_read_binary(bn, data, \
+ datalen)
+#define bignum_bn2dec(num) ssh_mbedcry_bn2num(num, 10)
+#define bignum_dec2bn(data, bn) mbedtls_mpi_read_string(bn, 10, data)
+#define bignum_bn2hex(num) ssh_mbedcry_bn2num(num, 16)
+#define bignum_rand(rnd, bits, top, bottom) ssh_mbedcry_rand(rnd, bits, \
+ top, bottom)
+#define bignum_mod_exp(dest, generator, exp, modulo, ctx) \
+ mbedtls_mpi_exp_mod(dest, generator, exp, modulo, NULL)
+#define bignum_num_bytes(num) mbedtls_mpi_size(num)
+#define bignum_num_bits(num) mbedtls_mpi_bitlen(num)
+#define bignum_is_bit_set(num, bit) ssh_mbedcry_is_bit_set(num, bit)
+#define bignum_bn2bin(num, ptr) mbedtls_mpi_write_binary(num, ptr, \
+ mbedtls_mpi_size(num))
+#define bignum_cmp(num1, num2) mbedtls_mpi_cmp_mpi(num1, num2)
+
+mbedtls_entropy_context ssh_mbedtls_entropy;
+mbedtls_ctr_drbg_context ssh_mbedtls_ctr_drbg;
+
+void ssh_mbedtls_init(void);
+void ssh_mbedtls_cleanup(void);
+int ssh_mbedtls_random(void *where, int len, int strong);
+
+ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const
+ mbedtls_ecp_point *p);
+
+#endif /* HAVE_LIBMBEDCRYPTO */
+#endif /* LIBMBEDCRYPTO_H_ */
diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index e0e30f1a..e078768b 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -48,6 +48,10 @@ struct ssh_key_struct {
gcry_sexp_t dsa;
gcry_sexp_t rsa;
gcry_sexp_t ecdsa;
+#elif HAVE_LIBMBEDCRYPTO
+ mbedtls_pk_context *rsa;
+ mbedtls_ecdsa_context *ecdsa;
+ void *dsa;
#elif HAVE_LIBCRYPTO
DSA *dsa;
RSA *rsa;
@@ -78,6 +82,9 @@ struct ssh_signature_struct {
# else
void *ecdsa_sig;
# endif
+#elif defined HAVE_LIBMBEDCRYPTO
+ ssh_string rsa_sig;
+ struct mbedtls_ecdsa_sig ecdsa_sig;
#endif
ed25519_signature *ed25519_sig;
};
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index cdd72d6d..6b6cf0b1 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -25,6 +25,7 @@
#include "libssh/libssh.h"
#include "libssh/libcrypto.h"
#include "libssh/libgcrypt.h"
+#include "libssh/libmbedcrypto.h"
enum ssh_mac_e {
SSH_MAC_SHA1=1,