libssh 0.12.0
The SSH library
Loading...
Searching...
No Matches
crypto.h
1/*
2 * This file is part of the SSH Library
3 *
4 * Copyright (c) 2003-2009 by Aris Adamantiadis
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21/*
22 * crypto.h is an include file for internal cryptographic structures of libssh
23 */
24
25#ifndef _CRYPTO_H_
26#define _CRYPTO_H_
27
28#include <stdbool.h>
29#include "config.h"
30
31#ifdef HAVE_LIBGCRYPT
32#include <gcrypt.h>
33#elif defined(HAVE_LIBMBEDCRYPTO)
34#include <mbedtls/gcm.h>
35#endif
36#include "libssh/wrapper.h"
37
38#ifdef cbc_encrypt
39#undef cbc_encrypt
40#endif
41#ifdef cbc_decrypt
42#undef cbc_decrypt
43#endif
44
45#ifdef HAVE_OPENSSL_ECDH_H
46#include <openssl/ecdh.h>
47#endif
48#include "libssh/curve25519.h"
49#include "libssh/dh.h"
50#include "libssh/ecdh.h"
51#include "libssh/kex.h"
52#include "libssh/sntrup761.h"
53
54#define DIGEST_MAX_LEN 64
55
56#define AES_GCM_TAGLEN 16
57#define AES_GCM_IVLEN 12
58
59enum ssh_key_exchange_e {
60 /* diffie-hellman-group1-sha1 */
61 SSH_KEX_DH_GROUP1_SHA1 = 1,
62 /* diffie-hellman-group14-sha1 */
63 SSH_KEX_DH_GROUP14_SHA1,
64#ifdef WITH_GEX
65 /* diffie-hellman-group-exchange-sha1 */
66 SSH_KEX_DH_GEX_SHA1,
67 /* diffie-hellman-group-exchange-sha256 */
68 SSH_KEX_DH_GEX_SHA256,
69#endif /* WITH_GEX */
70 /* ecdh-sha2-nistp256 */
71 SSH_KEX_ECDH_SHA2_NISTP256,
72 /* ecdh-sha2-nistp384 */
73 SSH_KEX_ECDH_SHA2_NISTP384,
74 /* ecdh-sha2-nistp521 */
75 SSH_KEX_ECDH_SHA2_NISTP521,
76 /* curve25519-sha256@libssh.org */
77 SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
78 /* curve25519-sha256 */
79 SSH_KEX_CURVE25519_SHA256,
80 /* diffie-hellman-group16-sha512 */
81 SSH_KEX_DH_GROUP16_SHA512,
82 /* diffie-hellman-group18-sha512 */
83 SSH_KEX_DH_GROUP18_SHA512,
84 /* diffie-hellman-group14-sha256 */
85 SSH_KEX_DH_GROUP14_SHA256,
86 /* sntrup761x25519-sha512@openssh.com */
87 SSH_KEX_SNTRUP761X25519_SHA512_OPENSSH_COM,
88 /* sntrup761x25519-sha512 */
89 SSH_KEX_SNTRUP761X25519_SHA512,
90 /* mlkem768x25519-sha256 */
91 SSH_KEX_MLKEM768X25519_SHA256,
92 /* mlkem768nistp256-sha256 */
93 SSH_KEX_MLKEM768NISTP256_SHA256,
94#ifdef HAVE_MLKEM1024
95 /* mlkem1024nistp384-sha384 */
96 SSH_KEX_MLKEM1024NISTP384_SHA384,
97#endif /* HAVE_MLKEM1024 */
98 /* gss-group14-sha256-* */
99 SSH_GSS_KEX_DH_GROUP14_SHA256,
100 /* gss-group16-sha512-* */
101 SSH_GSS_KEX_DH_GROUP16_SHA512,
102 /* gss-nistp256-sha256-* */
103 SSH_GSS_KEX_ECDH_NISTP256_SHA256,
104 /* gss-curve25519-sha256-* */
105 SSH_GSS_KEX_CURVE25519_SHA256,
106};
107
108enum ssh_cipher_e {
109 SSH_NO_CIPHER=0,
110#ifdef HAVE_BLOWFISH
111 SSH_BLOWFISH_CBC,
112#endif /* HAVE_BLOWFISH */
113 SSH_3DES_CBC,
114 SSH_AES128_CBC,
115 SSH_AES192_CBC,
116 SSH_AES256_CBC,
117 SSH_AES128_CTR,
118 SSH_AES192_CTR,
119 SSH_AES256_CTR,
120 SSH_AEAD_AES128_GCM,
121 SSH_AEAD_AES256_GCM,
122 SSH_AEAD_CHACHA20_POLY1305
123};
124
125struct dh_ctx;
126
127struct ssh_crypto_struct {
128 bignum shared_secret;
129 ssh_string hybrid_client_init;
130 ssh_string hybrid_server_reply;
131 ssh_string hybrid_shared_secret;
132 struct dh_ctx *dh_ctx;
133#ifdef WITH_GEX
134 size_t dh_pmin; size_t dh_pn; size_t dh_pmax; /* preferred group parameters */
135#endif /* WITH_GEX */
136#ifdef HAVE_ECDH
137#ifdef HAVE_OPENSSL_ECC
138#if OPENSSL_VERSION_NUMBER < 0x30000000L
139 EC_KEY *ecdh_privkey;
140#else
141 EVP_PKEY *ecdh_privkey;
142#endif /* OPENSSL_VERSION_NUMBER */
143#elif defined HAVE_GCRYPT_ECC
144 gcry_sexp_t ecdh_privkey;
145#elif defined HAVE_LIBMBEDCRYPTO
146 mbedtls_ecp_keypair *ecdh_privkey;
147#endif
148 ssh_string ecdh_client_pubkey;
149 ssh_string ecdh_server_pubkey;
150#endif
151#ifdef HAVE_CURVE25519
152#ifdef HAVE_LIBCRYPTO
153 EVP_PKEY *curve25519_privkey;
154#elif defined(HAVE_GCRYPT_CURVE25519)
155 gcry_sexp_t curve25519_privkey;
156#else
157 ssh_curve25519_privkey curve25519_privkey;
158#endif
159 ssh_curve25519_pubkey curve25519_client_pubkey;
160 ssh_curve25519_pubkey curve25519_server_pubkey;
161#endif
162#ifdef HAVE_OPENSSL_MLKEM
163 EVP_PKEY *mlkem_privkey;
164#else
165 unsigned char *mlkem_privkey;
166 size_t mlkem_privkey_len;
167#endif
168 ssh_string mlkem_client_pubkey;
169 ssh_string mlkem_ciphertext;
170#ifdef HAVE_SNTRUP761
171 ssh_sntrup761_privkey sntrup761_privkey;
172 ssh_sntrup761_pubkey sntrup761_client_pubkey;
173 ssh_sntrup761_ciphertext sntrup761_ciphertext;
174#endif
175 ssh_string dh_server_signature; /* information used by dh_handshake. */
176 size_t session_id_len;
177 unsigned char *session_id;
178 size_t digest_len; /* len of the secret hash */
179 unsigned char *secret_hash; /* Secret hash is same as session id until re-kex */
180 unsigned char *encryptIV;
181 unsigned char *decryptIV;
182 unsigned char *decryptkey;
183 unsigned char *encryptkey;
184 unsigned char *encryptMAC;
185 unsigned char *decryptMAC;
186 unsigned char hmacbuf[DIGEST_MAX_LEN];
187 struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
188 enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
189 bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */
190
191 ssh_key server_pubkey;
192 int do_compress_out; /* idem */
193 int do_compress_in; /* don't set them, set the option instead */
194 int delayed_compress_in; /* Use of zlib@openssh.org */
195 int delayed_compress_out;
196 void *compress_out_ctx; /* don't touch it */
197 void *compress_in_ctx; /* really, don't */
198 /* kex sent by server, client, and mutually elected methods */
199 struct ssh_kex_struct server_kex;
200 struct ssh_kex_struct client_kex;
201 char *kex_methods[SSH_KEX_METHODS];
202 enum ssh_key_exchange_e kex_type;
203 enum ssh_kdf_digest digest_type; /* Digest type for session keys derivation */
204 enum ssh_crypto_direction_e used; /* Is this crypto still used for either of directions? */
205};
206
207struct ssh_cipher_struct {
208 const char *name; /* ssh name of the algorithm */
209 unsigned int blocksize; /* blocksize of the algo */
210 enum ssh_cipher_e ciphertype;
211 uint32_t lenfield_blocksize; /* blocksize of the packet length field */
212 size_t keylen; /* length of the key structure */
213#ifdef HAVE_LIBGCRYPT
214 gcry_cipher_hd_t *key;
215 unsigned char last_iv[AES_GCM_IVLEN];
216#elif defined HAVE_LIBCRYPTO
217 struct ssh_3des_key_schedule *des3_key;
218 struct ssh_aes_key_schedule *aes_key;
219 const EVP_CIPHER *cipher;
220 EVP_CIPHER_CTX *ctx;
221#elif defined HAVE_LIBMBEDCRYPTO
222 mbedtls_cipher_context_t encrypt_ctx;
223 mbedtls_cipher_context_t decrypt_ctx;
224 mbedtls_cipher_type_t type;
225#ifdef MBEDTLS_GCM_C
226 mbedtls_gcm_context gcm_ctx;
227 unsigned char last_iv[AES_GCM_IVLEN];
228#endif /* MBEDTLS_GCM_C */
229#endif
230 struct chacha20_poly1305_keysched *chacha20_schedule;
231 unsigned int keysize; /* bytes of key used. != keylen */
232 size_t tag_size; /* overhead required for tag */
233 /* Counters for rekeying initialization */
234 uint32_t packets;
235 uint64_t blocks;
236 /* Rekeying limit for the cipher or manually enforced */
237 uint64_t max_blocks;
238 /* sets the new key for immediate use */
239 int (*set_encrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
240 int (*set_decrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
241 void (*encrypt)(struct ssh_cipher_struct *cipher,
242 void *in,
243 void *out,
244 size_t len);
245 void (*decrypt)(struct ssh_cipher_struct *cipher,
246 void *in,
247 void *out,
248 size_t len);
249 void (*aead_encrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
250 size_t len, uint8_t *mac, uint64_t seq);
251 int (*aead_decrypt_length)(struct ssh_cipher_struct *cipher, void *in,
252 uint8_t *out, size_t len, uint64_t seq);
253 int (*aead_decrypt)(struct ssh_cipher_struct *cipher, void *complete_packet, uint8_t *out,
254 size_t encrypted_size, uint64_t seq);
255 void (*cleanup)(struct ssh_cipher_struct *cipher);
256};
257
258#ifdef __cplusplus
259extern "C" {
260#endif
261
262const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
263int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
264 unsigned char *key, size_t key_len,
265 uint8_t key_type, unsigned char *output,
266 size_t requested_len);
267
268int secure_memcmp(const void *s1, const void *s2, size_t n);
269
270void compress_cleanup(struct ssh_crypto_struct *crypto);
271
272#ifdef __cplusplus
273}
274#endif
275
276#endif /* _CRYPTO_H_ */