libssh  0.10.6
The SSH library
crypto.h
1 /*
2  * This file is part of the SSH Library
3  *
4  * Copyright (c) 2003-2009 by Aris Adamantiadis
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19  */
20 
21 /*
22  * crypto.h is an include file for internal cryptographic structures of libssh
23  */
24 
25 #ifndef _CRYPTO_H_
26 #define _CRYPTO_H_
27 
28 #include <stdbool.h>
29 #include "config.h"
30 
31 #ifdef HAVE_LIBGCRYPT
32 #include <gcrypt.h>
33 #elif defined(HAVE_LIBMBEDCRYPTO)
34 #include <mbedtls/gcm.h>
35 #endif
36 #include "libssh/wrapper.h"
37 
38 #ifdef cbc_encrypt
39 #undef cbc_encrypt
40 #endif
41 #ifdef cbc_decrypt
42 #undef cbc_decrypt
43 #endif
44 
45 #ifdef HAVE_OPENSSL_ECDH_H
46 #include <openssl/ecdh.h>
47 #endif
48 #include "libssh/dh.h"
49 #include "libssh/ecdh.h"
50 #include "libssh/kex.h"
51 #include "libssh/curve25519.h"
52 
53 #define DIGEST_MAX_LEN 64
54 
55 #define AES_GCM_TAGLEN 16
56 #define AES_GCM_IVLEN 12
57 
58 enum ssh_key_exchange_e {
59  /* diffie-hellman-group1-sha1 */
60  SSH_KEX_DH_GROUP1_SHA1=1,
61  /* diffie-hellman-group14-sha1 */
62  SSH_KEX_DH_GROUP14_SHA1,
63 #ifdef WITH_GEX
64  /* diffie-hellman-group-exchange-sha1 */
65  SSH_KEX_DH_GEX_SHA1,
66  /* diffie-hellman-group-exchange-sha256 */
67  SSH_KEX_DH_GEX_SHA256,
68 #endif /* WITH_GEX */
69  /* ecdh-sha2-nistp256 */
70  SSH_KEX_ECDH_SHA2_NISTP256,
71  /* ecdh-sha2-nistp384 */
72  SSH_KEX_ECDH_SHA2_NISTP384,
73  /* ecdh-sha2-nistp521 */
74  SSH_KEX_ECDH_SHA2_NISTP521,
75  /* curve25519-sha256@libssh.org */
76  SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG,
77  /* curve25519-sha256 */
78  SSH_KEX_CURVE25519_SHA256,
79  /* diffie-hellman-group16-sha512 */
80  SSH_KEX_DH_GROUP16_SHA512,
81  /* diffie-hellman-group18-sha512 */
82  SSH_KEX_DH_GROUP18_SHA512,
83  /* diffie-hellman-group14-sha256 */
84  SSH_KEX_DH_GROUP14_SHA256,
85 };
86 
87 enum ssh_cipher_e {
88  SSH_NO_CIPHER=0,
89 #ifdef WITH_BLOWFISH_CIPHER
90  SSH_BLOWFISH_CBC,
91 #endif /* WITH_BLOWFISH_CIPHER */
92  SSH_3DES_CBC,
93  SSH_AES128_CBC,
94  SSH_AES192_CBC,
95  SSH_AES256_CBC,
96  SSH_AES128_CTR,
97  SSH_AES192_CTR,
98  SSH_AES256_CTR,
99  SSH_AEAD_AES128_GCM,
100  SSH_AEAD_AES256_GCM,
101  SSH_AEAD_CHACHA20_POLY1305
102 };
103 
104 struct dh_ctx;
105 
107  bignum shared_secret;
108  struct dh_ctx *dh_ctx;
109 #ifdef WITH_GEX
110  size_t dh_pmin; size_t dh_pn; size_t dh_pmax; /* preferred group parameters */
111 #endif /* WITH_GEX */
112 #ifdef HAVE_ECDH
113 #ifdef HAVE_OPENSSL_ECC
114 /* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys
115  * https://github.com/openssl/openssl/pull/16624
116  * #if OPENSSL_VERSION_NUMBER < 0x30000000L
117  */
118 #if 1
119  EC_KEY *ecdh_privkey;
120 #else
121  EVP_PKEY *ecdh_privkey;
122 #endif /* OPENSSL_VERSION_NUMBER */
123 #elif defined HAVE_GCRYPT_ECC
124  gcry_sexp_t ecdh_privkey;
125 #elif defined HAVE_LIBMBEDCRYPTO
126  mbedtls_ecp_keypair *ecdh_privkey;
127 #endif
128  ssh_string ecdh_client_pubkey;
129  ssh_string ecdh_server_pubkey;
130 #endif
131 #ifdef HAVE_CURVE25519
132  ssh_curve25519_privkey curve25519_privkey;
133  ssh_curve25519_pubkey curve25519_client_pubkey;
134  ssh_curve25519_pubkey curve25519_server_pubkey;
135 #endif
136  ssh_string dh_server_signature; /* information used by dh_handshake. */
137  size_t session_id_len;
138  unsigned char *session_id;
139  size_t digest_len; /* len of the secret hash */
140  unsigned char *secret_hash; /* Secret hash is same as session id until re-kex */
141  unsigned char *encryptIV;
142  unsigned char *decryptIV;
143  unsigned char *decryptkey;
144  unsigned char *encryptkey;
145  unsigned char *encryptMAC;
146  unsigned char *decryptMAC;
147  unsigned char hmacbuf[DIGEST_MAX_LEN];
148  struct ssh_cipher_struct *in_cipher, *out_cipher; /* the cipher structures/objects */
149  enum ssh_hmac_e in_hmac, out_hmac; /* the MAC algorithms used */
150  bool in_hmac_etm, out_hmac_etm; /* Whether EtM mode is used or not */
151 
152  ssh_key server_pubkey;
153  int do_compress_out; /* idem */
154  int do_compress_in; /* don't set them, set the option instead */
155  int delayed_compress_in; /* Use of zlib@openssh.org */
156  int delayed_compress_out;
157  void *compress_out_ctx; /* don't touch it */
158  void *compress_in_ctx; /* really, don't */
159  /* kex sent by server, client, and mutually elected methods */
160  struct ssh_kex_struct server_kex;
161  struct ssh_kex_struct client_kex;
162  char *kex_methods[SSH_KEX_METHODS];
163  enum ssh_key_exchange_e kex_type;
164  enum ssh_kdf_digest digest_type; /* Digest type for session keys derivation */
165  enum ssh_crypto_direction_e used; /* Is this crypto still used for either of directions? */
166 };
167 
169  const char *name; /* ssh name of the algorithm */
170  unsigned int blocksize; /* blocksize of the algo */
171  enum ssh_cipher_e ciphertype;
172  uint32_t lenfield_blocksize; /* blocksize of the packet length field */
173  size_t keylen; /* length of the key structure */
174 #ifdef HAVE_LIBGCRYPT
175  gcry_cipher_hd_t *key;
176  unsigned char last_iv[AES_GCM_IVLEN];
177 #elif defined HAVE_LIBCRYPTO
178  struct ssh_3des_key_schedule *des3_key;
179  struct ssh_aes_key_schedule *aes_key;
180  const EVP_CIPHER *cipher;
181  EVP_CIPHER_CTX *ctx;
182 #elif defined HAVE_LIBMBEDCRYPTO
183  mbedtls_cipher_context_t encrypt_ctx;
184  mbedtls_cipher_context_t decrypt_ctx;
185  mbedtls_cipher_type_t type;
186 #ifdef MBEDTLS_GCM_C
187  mbedtls_gcm_context gcm_ctx;
188  unsigned char last_iv[AES_GCM_IVLEN];
189 #endif /* MBEDTLS_GCM_C */
190 #endif
191  struct chacha20_poly1305_keysched *chacha20_schedule;
192  unsigned int keysize; /* bytes of key used. != keylen */
193  size_t tag_size; /* overhead required for tag */
194  /* Counters for rekeying initialization */
195  uint32_t packets;
196  uint64_t blocks;
197  /* Rekeying limit for the cipher or manually enforced */
198  uint64_t max_blocks;
199  /* sets the new key for immediate use */
200  int (*set_encrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
201  int (*set_decrypt_key)(struct ssh_cipher_struct *cipher, void *key, void *IV);
202  void (*encrypt)(struct ssh_cipher_struct *cipher,
203  void *in,
204  void *out,
205  size_t len);
206  void (*decrypt)(struct ssh_cipher_struct *cipher,
207  void *in,
208  void *out,
209  size_t len);
210  void (*aead_encrypt)(struct ssh_cipher_struct *cipher, void *in, void *out,
211  size_t len, uint8_t *mac, uint64_t seq);
212  int (*aead_decrypt_length)(struct ssh_cipher_struct *cipher, void *in,
213  uint8_t *out, size_t len, uint64_t seq);
214  int (*aead_decrypt)(struct ssh_cipher_struct *cipher, void *complete_packet, uint8_t *out,
215  size_t encrypted_size, uint64_t seq);
216  void (*cleanup)(struct ssh_cipher_struct *cipher);
217 };
218 
219 #ifdef __cplusplus
220 extern "C" {
221 #endif
222 
223 const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
224 int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
225  unsigned char *key, size_t key_len,
226  uint8_t key_type, unsigned char *output,
227  size_t requested_len);
228 
229 int secure_memcmp(const void *s1, const void *s2, size_t n);
230 #ifdef HAVE_LIBCRYPTO
231 ENGINE *pki_get_engine(void);
232 #endif /* HAVE_LIBCRYPTO */
233 
234 #ifdef __cplusplus
235 }
236 #endif
237 
238 #endif /* _CRYPTO_H_ */
ssh_kex_struct
Definition: kex.h:29
ssh_key_struct
Definition: pki.h:54
ssh_crypto_struct
Definition: crypto.h:106
ssh_cipher_struct
Definition: crypto.h:168
dh_ctx
Definition: dh_crypto.c:47
chacha20_poly1305_keysched
Definition: chachapoly.c:31
ssh_string_struct
Definition: string.h:33