33#elif defined(HAVE_LIBMBEDCRYPTO)
34#include <mbedtls/gcm.h>
36#include "libssh/wrapper.h"
45#ifdef HAVE_OPENSSL_ECDH_H
46#include <openssl/ecdh.h>
49#include "libssh/ecdh.h"
50#include "libssh/kex.h"
51#include "libssh/curve25519.h"
53#define DIGEST_MAX_LEN 64
55#define AES_GCM_TAGLEN 16
56#define AES_GCM_IVLEN 12
58enum ssh_key_exchange_e {
60 SSH_KEX_DH_GROUP1_SHA1=1,
62 SSH_KEX_DH_GROUP14_SHA1,
67 SSH_KEX_DH_GEX_SHA256,
70 SSH_KEX_ECDH_SHA2_NISTP256,
72 SSH_KEX_ECDH_SHA2_NISTP384,
74 SSH_KEX_ECDH_SHA2_NISTP521,
76 SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
78 SSH_KEX_CURVE25519_SHA256,
80 SSH_KEX_DH_GROUP16_SHA512,
82 SSH_KEX_DH_GROUP18_SHA512,
84 SSH_KEX_DH_GROUP14_SHA256,
89#ifdef WITH_BLOWFISH_CIPHER
101 SSH_AEAD_CHACHA20_POLY1305
106struct ssh_crypto_struct {
107 bignum shared_secret;
108 struct dh_ctx *dh_ctx;
110 size_t dh_pmin;
size_t dh_pn;
size_t dh_pmax;
113#ifdef HAVE_OPENSSL_ECC
114#if OPENSSL_VERSION_NUMBER < 0x30000000L
115 EC_KEY *ecdh_privkey;
117 EVP_PKEY *ecdh_privkey;
119#elif defined HAVE_GCRYPT_ECC
120 gcry_sexp_t ecdh_privkey;
121#elif defined HAVE_LIBMBEDCRYPTO
122 mbedtls_ecp_keypair *ecdh_privkey;
124 ssh_string ecdh_client_pubkey;
125 ssh_string ecdh_server_pubkey;
127#ifdef HAVE_CURVE25519
128 ssh_curve25519_privkey curve25519_privkey;
129 ssh_curve25519_pubkey curve25519_client_pubkey;
130 ssh_curve25519_pubkey curve25519_server_pubkey;
132 ssh_string dh_server_signature;
133 size_t session_id_len;
134 unsigned char *session_id;
136 unsigned char *secret_hash;
137 unsigned char *encryptIV;
138 unsigned char *decryptIV;
139 unsigned char *decryptkey;
140 unsigned char *encryptkey;
141 unsigned char *encryptMAC;
142 unsigned char *decryptMAC;
143 unsigned char hmacbuf[DIGEST_MAX_LEN];
144 struct ssh_cipher_struct *in_cipher, *out_cipher;
145 enum ssh_hmac_e in_hmac, out_hmac;
146 bool in_hmac_etm, out_hmac_etm;
148 ssh_key server_pubkey;
151 int delayed_compress_in;
152 int delayed_compress_out;
153 void *compress_out_ctx;
154 void *compress_in_ctx;
156 struct ssh_kex_struct server_kex;
157 struct ssh_kex_struct client_kex;
158 char *kex_methods[SSH_KEX_METHODS];
159 enum ssh_key_exchange_e kex_type;
160 enum ssh_kdf_digest digest_type;
161 enum ssh_crypto_direction_e used;
164struct ssh_cipher_struct {
166 unsigned int blocksize;
167 enum ssh_cipher_e ciphertype;
168 uint32_t lenfield_blocksize;
171 gcry_cipher_hd_t *key;
172 unsigned char last_iv[AES_GCM_IVLEN];
173#elif defined HAVE_LIBCRYPTO
174 struct ssh_3des_key_schedule *des3_key;
175 struct ssh_aes_key_schedule *aes_key;
176 const EVP_CIPHER *cipher;
178#elif defined HAVE_LIBMBEDCRYPTO
179 mbedtls_cipher_context_t encrypt_ctx;
180 mbedtls_cipher_context_t decrypt_ctx;
181 mbedtls_cipher_type_t type;
183 mbedtls_gcm_context gcm_ctx;
184 unsigned char last_iv[AES_GCM_IVLEN];
187 struct chacha20_poly1305_keysched *chacha20_schedule;
188 unsigned int keysize;
196 int (*set_encrypt_key)(
struct ssh_cipher_struct *cipher,
void *key,
void *IV);
197 int (*set_decrypt_key)(
struct ssh_cipher_struct *cipher,
void *key,
void *IV);
198 void (*encrypt)(
struct ssh_cipher_struct *cipher,
202 void (*decrypt)(
struct ssh_cipher_struct *cipher,
206 void (*aead_encrypt)(
struct ssh_cipher_struct *cipher,
void *in,
void *out,
207 size_t len, uint8_t *mac, uint64_t seq);
208 int (*aead_decrypt_length)(
struct ssh_cipher_struct *cipher,
void *in,
209 uint8_t *out,
size_t len, uint64_t seq);
210 int (*aead_decrypt)(
struct ssh_cipher_struct *cipher,
void *complete_packet, uint8_t *out,
211 size_t encrypted_size, uint64_t seq);
212 void (*cleanup)(
struct ssh_cipher_struct *cipher);
219const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(
void);
220int sshkdf_derive_key(
struct ssh_crypto_struct *crypto,
221 unsigned char *key,
size_t key_len,
222 uint8_t key_type,
unsigned char *output,
223 size_t requested_len);
225int secure_memcmp(
const void *s1,
const void *s2,
size_t n);
226#if defined(HAVE_LIBCRYPTO) && !defined(WITH_PKCS11_PROVIDER)
227ENGINE *pki_get_engine(
void);