libssh  0.9.3
The SSH library
crypto.h
1/*
2 * This file is part of the SSH Library
3 *
4 * Copyright (c) 2003-2009 by Aris Adamantiadis
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21/*
22 * crypto.h is an include file for internal cryptographic structures of libssh
23 */
24
25#ifndef _CRYPTO_H_
26#define _CRYPTO_H_
27
28#include <stdbool.h>
29#include "config.h"
30
31#ifdef HAVE_LIBGCRYPT
32#include <gcrypt.h>
33#elif defined(HAVE_LIBMBEDCRYPTO)
34#include <mbedtls/gcm.h>
35#endif
36#include "libssh/wrapper.h"
37
38#ifdef cbc_encrypt
39#undef cbc_encrypt
40#endif
41#ifdef cbc_decrypt
42#undef cbc_decrypt
43#endif
44
45#ifdef HAVE_OPENSSL_ECDH_H
46#include <openssl/ecdh.h>
47#endif
48#include "libssh/dh.h"
49#include "libssh/ecdh.h"
50#include "libssh/kex.h"
51#include "libssh/curve25519.h"
52
53#define DIGEST_MAX_LEN 64
54
55#define AES_GCM_TAGLEN 16
56#define AES_GCM_IVLEN 12
57
58enum ssh_key_exchange_e {
59 /* diffie-hellman-group1-sha1 */
60 SSH_KEX_DH_GROUP1_SHA1=1,
61 /* diffie-hellman-group14-sha1 */
62 SSH_KEX_DH_GROUP14_SHA1,
63#ifdef WITH_GEX
64 /* diffie-hellman-group-exchange-sha1 */
65 SSH_KEX_DH_GEX_SHA1,
66 /* diffie-hellman-group-exchange-sha256 */
67 SSH_KEX_DH_GEX_SHA256,
68#endif /* WITH_GEX */
69 /* ecdh-sha2-nistp256 */
70 SSH_KEX_ECDH_SHA2_NISTP256,
71 /* ecdh-sha2-nistp384 */
72 SSH_KEX_ECDH_SHA2_NISTP384,
73 /* ecdh-sha2-nistp521 */
74 SSH_KEX_ECDH_SHA2_NISTP521,
75 /* curve25519-sha256@libssh.org */
76 SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
77 /* curve25519-sha256 */
78 SSH_KEX_CURVE25519_SHA256,
79 /* diffie-hellman-group16-sha512 */
80 SSH_KEX_DH_GROUP16_SHA512,
81 /* diffie-hellman-group18-sha512 */
82 SSH_KEX_DH_GROUP18_SHA512,
83};
84
85enum ssh_cipher_e {
86 SSH_NO_CIPHER=0,
87#ifdef WITH_BLOWFISH_CIPHER
88 SSH_BLOWFISH_CBC,
89#endif /* WITH_BLOWFISH_CIPHER */
90 SSH_3DES_CBC,
91 SSH_AES128_CBC,
92 SSH_AES192_CBC,
93 SSH_AES256_CBC,
94 SSH_AES128_CTR,
95 SSH_AES192_CTR,
96 SSH_AES256_CTR,
97 SSH_AEAD_AES128_GCM,
98 SSH_AEAD_AES256_GCM,
99 SSH_AEAD_CHACHA20_POLY1305
100};
101
102struct dh_ctx;
103
105 bignum shared_secret;
106 struct dh_ctx *dh_ctx;
107#ifdef WITH_GEX
108 size_t dh_pmin; size_t dh_pn; size_t dh_pmax; /* preferred group parameters */
109#endif /* WITH_GEX */
110#ifdef HAVE_ECDH
111#ifdef HAVE_OPENSSL_ECC
112 EC_KEY *ecdh_privkey;
113#elif defined HAVE_GCRYPT_ECC
114 gcry_sexp_t ecdh_privkey;
115#elif defined HAVE_LIBMBEDCRYPTO
116 mbedtls_ecp_keypair *ecdh_privkey;
117#endif
118 ssh_string ecdh_client_pubkey;
119 ssh_string ecdh_server_pubkey;
120#endif
121#ifdef HAVE_CURVE25519
122 ssh_curve25519_privkey curve25519_privkey;
123 ssh_curve25519_pubkey curve25519_client_pubkey;
124 ssh_curve25519_pubkey curve25519_server_pubkey;
125#endif
126 ssh_string dh_server_signature; /* information used by dh_handshake. */
127 size_t session_id_len;
128 unsigned char *session_id;
129 size_t digest_len; /* len of the secret hash */
130 unsigned char *secret_hash; /* Secret hash is same as session id until re-kex */
131 unsigned char *encryptIV;
132 unsigned char *decryptIV;
133 unsigned char *decryptkey;
134 unsigned char *encryptkey;
135 unsigned char *encryptMAC;
136 unsigned char *decryptMAC;
137 unsigned char hmacbuf[DIGEST_MAX_LEN];
138 struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
139 enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
140 bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */
141
142 ssh_key server_pubkey;
143 int do_compress_out; /* idem */
144 int do_compress_in; /* don't set them, set the option instead */
145 int delayed_compress_in; /* Use of zlib@openssh.org */
146 int delayed_compress_out;
147 void *compress_out_ctx; /* don't touch it */
148 void *compress_in_ctx; /* really, don't */
149 /* kex sent by server, client, and mutually elected methods */
150 struct ssh_kex_struct server_kex;
151 struct ssh_kex_struct client_kex;
152 char *kex_methods[SSH_KEX_METHODS];
153 enum ssh_key_exchange_e kex_type;
154 enum ssh_kdf_digest digest_type; /* Digest type for session keys derivation */
155 enum ssh_crypto_direction_e used; /* Is this crypto still used for either of directions? */
156};
157
159 const char *name; /* ssh name of the algorithm */
160 unsigned int blocksize; /* blocksize of the algo */
161 enum ssh_cipher_e ciphertype;
162 uint32_t lenfield_blocksize; /* blocksize of the packet length field */
163 size_t keylen; /* length of the key structure */
164#ifdef HAVE_LIBGCRYPT
165 gcry_cipher_hd_t *key;
166 unsigned char last_iv[AES_GCM_IVLEN];
167#elif defined HAVE_LIBCRYPTO
168 struct ssh_3des_key_schedule *des3_key;
169 struct ssh_aes_key_schedule *aes_key;
170 const EVP_CIPHER *cipher;
171 EVP_CIPHER_CTX *ctx;
172#elif defined HAVE_LIBMBEDCRYPTO
173 mbedtls_cipher_context_t encrypt_ctx;
174 mbedtls_cipher_context_t decrypt_ctx;
175 mbedtls_cipher_type_t type;
176#ifdef MBEDTLS_GCM_C
177 mbedtls_gcm_context gcm_ctx;
178 unsigned char last_iv[AES_GCM_IVLEN];
179#endif /* MBEDTLS_GCM_C */
180#endif
181 struct chacha20_poly1305_keysched *chacha20_schedule;
182 unsigned int keysize; /* bytes of key used. != keylen */
183 size_t tag_size; /* overhead required for tag */
184 /* Counters for rekeying initialization */
185 uint32_t packets;
186 uint64_t blocks;
187 /* Rekeying limit for the cipher or manually enforced */
188 uint64_t max_blocks;
189 /* sets the new key for immediate use */
190 int (*set_encrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
191 int (*set_decrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
192 void (*encrypt)(struct ssh_cipher_struct *cipher,
193 void *in,
194 void *out,
195 size_t len);
196 void (*decrypt)(struct ssh_cipher_struct *cipher,
197 void *in,
198 void *out,
199 size_t len);
200 void (*aead_encrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
201 size_t len, uint8_t *mac, uint64_t seq);
202 int (*aead_decrypt_length)(struct ssh_cipher_struct *cipher, void *in,
203 uint8_t *out, size_t len, uint64_t seq);
204 int (*aead_decrypt)(struct ssh_cipher_struct *cipher, void *complete_packet, uint8_t *out,
205 size_t encrypted_size, uint64_t seq);
206 void (*cleanup)(struct ssh_cipher_struct *cipher);
207};
208
209const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
210int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
211 unsigned char *key, size_t key_len,
212 int key_type, unsigned char *output,
213 size_t requested_len);
214
215#endif /* _CRYPTO_H_ */
Definition: chachapoly.c:32
Definition: dh_crypto.c:40
Definition: crypto.h:158
Definition: crypto.h:104
Definition: kex.h:29
Definition: pki.h:50
Definition: string.h:29